I was going to file this as a bug report on SourceForge, but there's a stern warning there to discuss here first, so here goes. Maybe I am doing something wrong.
On FreeBSD 8.4-RELEASE (i386) and 10.2-STABLE (armv6), I installed and ran Rootkit Hunter 1.4.2. The filesystem check has a problem: # portmaster -d security/rkhunter # rkhunter --propupd # rkhunter --update # rkhunter --enable filesystem --check Problem: The following warnings were produced in the log: [04:04:54] Warning: Hidden directory found: ?[1m?[38;5;6m/usr/.?[39;49m?[m: cannot open `^[[1m^[[38;5;6m/usr/.^[[39;49m^[[m' (No such file or directory) [04:04:54] Warning: Hidden directory found: ?[1m?[38;5;6m/usr/..?[39;49m?[m: cannot open `^[[1m^[[38;5;6m/usr/..^[[39;49m^[[m' (No such file or directory) [04:04:55] Warning: Hidden directory found: ?[1m?[38;5;6m/etc/.?[39;49m?[m: cannot open `^[[1m^[[38;5;6m/etc/.^[[39;49m^[[m' (No such file or directory) [04:04:55] Warning: Hidden directory found: ?[1m?[38;5;6m/etc/..?[39;49m?[m: cannot open `^[[1m^[[38;5;6m/etc/..^[[39;49m^[[m' (No such file or directory) 1. These warnings should not have been produced. . and .. in /usr and /etc should not be cause for concern. 2. When written to the log, the ANSI color codes should not be included. On each line, the first color message (right after 'found: ') is exactly as shown above, with the question marks, not actually displaying in color when the log is viewed. But the second color message (after 'cannot open') does display in color; I am showing them here with the help of 'cat -v', which has converted the escape characters to '^['. I can consistently reproduce this. Debug output is here: http://pastebin.com/MPCh9pvj Let me know if you need any more info. ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
