On Sun, 2015-10-04 at 05:04 -0600, Mike Brown wrote: > > # portmaster -d security/rkhunter > # rkhunter --propupd > # rkhunter --update > # rkhunter --enable filesystem --check > > Problem: The following warnings were produced in the log: > How did the check look on the screen? Did the output lines appear correct or not?
> [04:04:55] Warning: Hidden directory found: > ?[1m?[38;5;6m/etc/..?[39;49m?[m: cannot open > `^[[1m^[[38;5;6m/etc/..^[[39;49m^[[m' (No such file or directory) > > 1. These warnings should not have been produced. > . and .. in /usr and /etc should not be cause for concern. > > 2. When written to the log, the ANSI color codes should not be > included. > Typically both of these do not occur. Your debug info shows some problem going on, but I am a bit lost as to why: ============= + [ -d /usr ] + egrep -v '/\.\.?$' + ls -1d /usr/. /usr/.. + RKHTMPVAR='[1m[38;5;6m/usr/.[39;49m[m [1m[38;5;6m/usr/..[39;49m[m' ============= The lines of code here are: ============ if [ -d "${DIR}" ]; then RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | egrep -v '/\.\.?$'` ============ So on your BSD system running: ls -ld /usr/.* | egrep -v '/\.\.?$' sets RKHTMPVAR to contain the colour codes. That really doesn't make much sense. Can you run the 'ls -ld ... | egrep ...' command from a terminal and see what happens. If that runs okay (it should produce no output), then try running it and assigning the output to a variable - that is, from a terminal run the RKHTMPVAR= command sequence above. Then echo the $RKHTMPVAR variable to see what is shown. Again, if it works correctly, then nothing but a blank line will be shown. Thanks, John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users