Re: rkhunter?

[Michael D. Setzer II via users]

On 12 May 2026 at 22:47, John Horne wrote:

Subject:                Re: rkhunter?
From:                   John Horne <jhtree...@gmail.com>
To:                     Community support for Fedora users 
<users@lists.fedoraproject.org>
Date sent:              Tue, 12 May 2026 22:47:43 +0100
Send reply to:          Community support for Fedora users 
<users@lists.fedoraproject.org>

> On Tue, 2026-05-12 at 06:33 +0200, Marco Moock wrote:
> > Am 12.05.26 um 05:03 schrieb Robert Moskowitz via users:
> > 
> > > Warning: The command '/usr/bin/egrep' has been replaced by a script:
> > > +/usr/bin/egrep: a /usr/bin/sh script, ASCII text executable
> > This has been done to reduce the amount of work, as commands like fgrep 
> > or egrep are just "short" for grep -E grep -F.
> > 
> You could use rkhunter version 1.4.7 on Sourceforge. It dates from 2022, and
> includes fixes for egrep/grep/awk/sed commands.
> 
> When the project changed hands this is the version that should have been made
> available (probably as version 1.4.8), not the basic version 1.4.6 found on
> sourceforge.

I can find no 1.4.7 or 1.4.8? Only the 1.46.
Downloaded it and compared rkhunger file it has to the one fedora 
43 installs.

1c1
< #!/bin/sh
> #!/usr/bin/sh
73c73
< if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then
> if [ -n "`echo \"$*\" | grep '\--debug'`" ]; then
184c184,185
< if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; 
then
> # fedora always uses POSIX grep and set an alias here for 
depreciated egrep too
> #if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; 
then
186c187,188
< fi
>       alias egrep='grep -E'
> #fi
6692c6694
<                                               if [ -n "`echo \"$FNAME\" | 
grep '^\/usr\/'`" ]; then
>                                               if [ -n "`echo \"$FNAME\" | 
> grep '^/usr/'`" ]; then
8373,8375c8375
<                    /lib64/libslr.so
<                    /lib/tls/libkeyutils.so.1
<                    /lib64/tls/libkeyutils.so.1"
>                    /lib64/libslr.so"
8683,8684c8683
<       LION_FILES="/bin/in.telnetd
<                   /bin/mjy
>       LION_FILES="/bin/mjy
9590c9589
<                   sshd:+\\$.*\\$\!.*\!\!\\$:Backdoored SSH daemon installed
>                   sshd:+\\$.*\\$!.*!!\\$:Backdoored SSH daemon installed
9765,9768d9763
<                 file:/lib/libkeyutils.so.1.9:Sniffer component
<                 file:/lib64/libkeyutils.so.1.9:Sniffer component
<                 file:/usr/lib/libkeyutils.so.1.9:Sniffer component
<                 file:/usr/lib64/libkeyutils.so.1.9:Sniffer component
9959d9953
<                        libkeyutils.so.1.9:Spam tool component
11013c11007
<                                                       if [ -n "`echo 
\"${FNAME}\" | grep '^\/usr\/'`" ]; then
>                                                       if [ -n "`echo 
> \"${FNAME}\" | grep '^/usr/'`" ]; then
17388a17383,17388
>                       if [ -d "${SSH_CONFIG_FILE}.d" ];then
>                               SSH_CONFIG_FILE="${SSH_CONFIG_FILE} 
> ${SSH_CONFIG_FILE}.d/*"
>                       else
>                               :
>                       fi
> 
17406c17406
<                       RKHTMPVAR=`grep -i '^[  ]*PermitRootLogin[      =]' 
"${SSH_CONFIG_FILE}" 2>/dev/null | tail ${TAIL_OPT}1`
>                       RKHTMPVAR=`grep -ih '^[         ]*PermitRootLogin[      
> =]' 
${SSH_CONFIG_FILE} 2>/dev/null | tail ${TAIL_OPT}1`
17437c17437
<                       RKHTMPVAR=`grep -i '^[  ]*Protocol[     =]' 
"${SSH_CONFIG_FILE}" 2>/dev/null | tail ${TAIL_OPT}1`
>                       RKHTMPVAR=`grep -i '^[  ]*Protocol[     =]' 
${SSH_CONFIG_FILE} 2>/dev/null | tail ${TAIL_OPT}1`
17477c17477
<                       RKHTMPVAR=`grep -i '^[  ]*AuthorizedKeysFile[   =]' 
"${SSH_CONFIG_FILE}" 2>/dev/null | tail ${TAIL_OPT}1`
>                       RKHTMPVAR=`grep -i '^[  ]*AuthorizedKeysFile[   =]' 
${SSH_CONFIG_FILE} 2>/dev/null | tail ${TAIL_OPT}1`
17617c17617
<                       SYSLOG_CONFIG_FILE="/etc/syslog.conf /etc/rsyslog.conf 
/etc/syslog-ng/syslog-ng.conf /etc/systemd/journald.conf 
/etc/systemd/systemd-journald.conf"
>                       SYSLOG_CONFIG_FILE="/etc/syslog.conf /etc/rsyslog.conf 
/etc/syslog-ng/syslog-ng.conf /etc/systemd/journald.conf 
/etc/systemd/systemd-journald.conf /usr/lib/systemd/journald.conf"

So not clear how these difference effect it?
If 1.47 and/or 1.48 did exist, they don't seem to show up at the 
moment. If someone has a working link?





> 
> 
> John.
> -- 
> _______________________________________________
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://forge.fedoraproject.org/infra/tickets/issues/new



+------------------------------------------------------------+
 Michael D. Setzer II - Computer Science Instructor (Retired)     
 mailto:mi...@guam.net                            
 mailto:msetze...@gmail.com
 mailto:msetze...@gmx.com
 Guam - Where America's Day Begins                        
 G4L Disk Imaging Project maintainer 
 https://sourceforge.net/projects/g4l/ 
+------------------------------------------------------------+



-- 
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new