Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On Monday 26 Jan 2015 22:53:53 Neil Bothwick wrote:
On Mon, 26 Jan 2015 11:27:05 -0500, Alec Ten Harmsel wrote:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command
'/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep
[ Warning ] [03:10:45] Warning: The command '/bin/egrep' has been
replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep
[ Warning ] [03:10:45] Warning: The command '/bin/fgrep' has been
replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
Upstream changed egrep and fgrep from binaries to shell scripts.
This happened a while ago on testing portage but the version with the
change only hit stable at the weekend.
You can tell rkhunter to ignore them.
% grep grep /etc/rkhunter.conf.local
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
I've also been getting the same warning for:
Warning: The command '/usr/bin/ldd' has been replaced by a script:
/usr/bin/ldd: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script:
/usr/bin/whatis: POSIX shell script, ASCII text executable
Should I treat them the same?
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On Sat, 31 Jan 2015 12:17:47 +, Mick wrote: You can tell rkhunter to ignore them. % grep grep /etc/rkhunter.conf.local SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep I've also been getting the same warning for: Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script, ASCII text executable Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script, ASCII text executable Should I treat them the same? I do, here's my full list of whitelisted scripts % grep SCRIPT /etc/rkhunter.conf.local SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/whatis SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep Check that the files are as installed by portage, using something like qcheck, before you whitelist anything. -- Neil Bothwick A wok is what you throw at a wabbit. pgp2YDFHmx14X.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On 1/26/2015 5:53 PM, Neil Bothwick n...@digimed.co.uk wrote: On Mon, 26 Jan 2015 11:27:05 -0500, Alec Ten Harmsel wrote: script: /bin/fgrep: POSIX shell script, ASCII text executable Anyone know if this is due to something changing in Gentoo? Upstream changed egrep and fgrep from binaries to shell scripts. This happened a while ago on testing portage but the version with the change only hit stable at the weekend. You can tell rkhunter to ignore them. % grep grep /etc/rkhunter.conf.local SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep Perfect, thanks Alec/Neil, problem solved... :)
[gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
Hello all,
Been on rkhunter 1.4.2 for a while, no changes made to its config file,
been running nightly for years without these warnings...
I recently did some Gentoo updates after almost 2 months of no updates
(was out of town), and now, even after running --propupd, I continue to
get these warnings:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep [ Warning ]
[03:10:45] Warning: The command '/bin/egrep' has been replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep [ Warning ]
[03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On Mon, Jan 26, 2015 at 6:21 PM, Tanstaafl tansta...@libertytrek.org
wrote:
Hello all,
Been on rkhunter 1.4.2 for a while, no changes made to its config file,
been running nightly for years without these warnings...
I recently did some Gentoo updates after almost 2 months of no updates
(was out of town), and now, even after running --propupd, I continue to
get these warnings:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep [ Warning ]
[03:10:45] Warning: The command '/bin/egrep' has been replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep [ Warning ]
[03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
As stated in the previous response to your original thread, /bin/[ef]grep
come with the grep package:
file `equery -q f grep|grep /bin/`
/bin/egrep: POSIX shell script, ASCII text executable
/bin/fgrep: POSIX shell script, ASCII text executable
/bin/grep: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.16,
stripped
The shell scripts in question call the grep binary with the flags shown
below:
grep exec /bin/[ef]grep
/bin/egrep:exec $grep -E $@
/bin/fgrep:exec $grep -F $@
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On Mon, Jan 26, 2015 at 11:21 AM, Tanstaafl tansta...@libertytrek.org wrote:
Hello all,
Been on rkhunter 1.4.2 for a while, no changes made to its config file,
been running nightly for years without these warnings...
I recently did some Gentoo updates after almost 2 months of no updates
(was out of town), and now, even after running --propupd, I continue to
get these warnings:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep [ Warning ]
[03:10:45] Warning: The command '/bin/egrep' has been replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep [ Warning ]
[03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
Well, for the 'not updated recently enough' baseline:
~ $ eix grep -I
[I] sys-apps/grep
Available versions: 2.16 ~2.20 ~2.20-r1 ~2.21 {nls pcre static}
Installed versions: 2.16(20:37:55 04/11/14)(nls pcre -static)
Homepage:http://www.gnu.org/software/grep/
Description: GNU regular expression matcher
~ $ file /bin/*grep
/bin/egrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/fgrep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
/bin/grep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root 208096 Apr 11 2014 /bin/egrep
-rwxr-xr-x 1 root root 105472 Apr 11 2014 /bin/fgrep
-rwxr-xr-x 1 root root 212256 Apr 11 2014 /bin/grep
-
And after a quick update:
~ $ eix grep -I
[I] sys-apps/grep
Available versions: 2.16 ~2.20 ~2.20-r1 ~2.21 2.21-r1 {nls pcre static}
Installed versions: 2.21-r1(11:28:57 01/26/15)(nls pcre -static)
Homepage:http://www.gnu.org/software/grep/
Description: GNU regular expression matcher
~ $ file /bin/*grep
/bin/egrep: POSIX shell script, ASCII text executable
/bin/fgrep: POSIX shell script, ASCII text executable
/bin/grep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.16, stripped
~ $ ls -l /bin/*grep
-rwxr-xr-x 1 root root158 Jan 26 11:28 /bin/egrep
-rwxr-xr-x 1 root root158 Jan 26 11:28 /bin/fgrep
-rwxr-xr-x 1 root root 154856 Jan 26 11:28 /bin/grep
--
Poison [BLX]
Joshua M. Murphy
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On 01/26/2015 11:21 AM, Tanstaafl wrote:
Hello all,
Been on rkhunter 1.4.2 for a while, no changes made to its config file,
been running nightly for years without these warnings...
I recently did some Gentoo updates after almost 2 months of no updates
(was out of town), and now, even after running --propupd, I continue to
get these warnings:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command '/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep [ Warning ]
[03:10:45] Warning: The command '/bin/egrep' has been replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep [ Warning ]
[03:10:45] Warning: The command '/bin/fgrep' has been replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
Upstream changed egrep and fgrep from binaries to shell scripts.
Alec
Re: [gentoo-user] Rkhunter now showing Warnings for two files: /bin/egrep fgrep
On Mon, 26 Jan 2015 11:27:05 -0500, Alec Ten Harmsel wrote:
# grep Warning /var/log/rkhunter.log
[03:10:32] Info: Emailing warnings to 'root' using command
'/bin/mail
-s [rkhunter] Warnings found for ${HOST_NAME}'
[03:10:45] /bin/egrep
[ Warning ] [03:10:45] Warning: The command '/bin/egrep' has been
replaced by a
script: /bin/egrep: POSIX shell script, ASCII text executable
[03:10:45] /bin/fgrep
[ Warning ] [03:10:45] Warning: The command '/bin/fgrep' has been
replaced by a
script: /bin/fgrep: POSIX shell script, ASCII text executable
Anyone know if this is due to something changing in Gentoo?
Upstream changed egrep and fgrep from binaries to shell scripts.
This happened a while ago on testing portage but the version with the
change only hit stable at the weekend.
You can tell rkhunter to ignore them.
% grep grep /etc/rkhunter.conf.local
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
--
Neil Bothwick
I work with User-Surly Software.
pgpSfZw308uis.pgp
Description: OpenPGP digital signature
