On Mon, Oct 05, 2015 at 02:42:05AM +0100, John Horne wrote: > So I would suspect that either the 'ls' or 'egrep' command are always > setting the colour.
Ah, that's it. I'm running rkhunter from my interactive shell, and apparently rkhunter is not calling /bin/ls directly, but rather is relying on my shell's "ls" alias. egrep is not aliased. In my tcsh shell, 'ls' is aliased to 'ls-F -Ahs' (ls-F being a tcsh builtin which invokes /bin/ls -F), and I have the 'color' shell variable set. This particular combination, on BSD, results in the shell invoking '/bin/ls -F -G -Ahs'. In BSD's /bin/ls, the -A ensures '.' and '..' are included, and the -G causes the addition of ANSI color codes defined in the LSCOLORS environment variable. On systems with GNU /bin/ls, --color=auto would be passed instead of -G. (And if I were to alias 'ls' to just 'ls-F', tcsh would not pass a color flag to /bin/ls at all; it would instead color the plain ls output using definitions in a tcsh-specific LS_COLORS variable!) So here's the output of 'ls -ld /usr/.* | cat -vet': 2 drwxr-xr-x 22 root wheel 512B Aug 28 2013 ^[[1m^[[36m/usr/.^[[39;49m^[[m/$ 2 drwxr-xr-x 21 root wheel 1.0k Sep 3 17:29 ^[[1m^[[36m/usr/..^[[39;49m^[[m/$ 2 drwxrwxr-x 2 root operator 512B Aug 23 19:24 ^[[1m^[[36m/usr/.snap^[[39;49m^[[m/$ ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
