diff options
Diffstat (limited to 'app-forensics')
-rw-r--r-- | app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch | 735 | ||||
-rw-r--r-- | app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild | 64 |
2 files changed, 799 insertions, 0 deletions
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch new file mode 100644 index 000000000000..ae1ae9feb05c --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch @@ -0,0 +1,735 @@ +https://sourceforge.net/p/rkhunter/bugs/176/ +https://bugs.gentoo.org/895176 + +--- a/rkhunter ++++ b/rkhunter +@@ -70,7 +70,7 @@ + # we exec to log everything to the debug file. + # + +-if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then ++if [ -n "`echo \"$*\" | grep -- '--debug'`" ]; then + RKHDEBUGFILE="" + RKHDEBUGBASE="/tmp/rkhunter-debug" + +@@ -181,7 +181,7 @@ + # used. If it is, then some typical grep tests will fail. + # + +-if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; then ++if [ "`echo \"rkh-grep-test\" | grep '^+'`" = "rkh-grep-test" ]; then + alias grep='grep -E' + fi + +@@ -948,9 +948,9 @@ + # + + if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then +- RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*]'` ++ RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*]'` + else +- RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*{}]'` ++ RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*{}]'` + fi + + if [ -n "${RKHTMPVAR}" ]; then +@@ -989,7 +989,7 @@ + # The code is left here since we may need something very similar for overloaded options. + # overloaded options - ALLOWPROCDELFILE PORT_PATH_WHITELIST RTKT_FILE_WHITELIST + # if [ "${OPT_NAME}" = "BINDIR" ]; then +-# if [ -n "`echo \"${FNAME}\" | grep '^\+'`" ]; then ++# if [ -n "`echo \"${FNAME}\" | grep '^+'`" ]; then + # FNAME=`echo "${FNAME}" | cut -c2-` + # fi + # fi +@@ -1000,7 +1000,7 @@ + # Also check that '/' has not been set. + # + +- if [ -n "`echo \"${FNAME}\" | egrep '(^[./]*$)|[;&]|/\.\./'`" ]; then ++ if [ -n "`echo \"${FNAME}\" | grep -E '(^[./]*$)|[;&]|/\.\./'`" ]; then + ERRCODE=1 + + echo "Invalid ${OPT_NAME} configuration option: Invalid pathname: ${FNAME}" +@@ -1134,7 +1134,7 @@ + # + + if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then +- if [ -n "`echo \"${FNAME}\" | egrep '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then ++ if [ -n "`echo \"${FNAME}\" | grep -E '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then + continue + fi + fi +@@ -2522,7 +2522,7 @@ + PREPEND_PATHS="" + + for DIR in ${BINPATHS}; do +- if [ -n "`echo ${DIR} | grep '^\+'`" ]; then ++ if [ -n "`echo ${DIR} | grep '^+'`" ]; then + DIR=`echo ${DIR} | cut -c2-` + PREPEND_PATHS="${PREPEND_PATHS} ${DIR}" + fi +@@ -2532,7 +2532,7 @@ + + + for DIR in ${PREPEND_PATHS} ${RKHROOTPATH} ${BINPATHS}; do +- if [ -n "`echo ${DIR} | grep '^\+'`" ]; then ++ if [ -n "`echo ${DIR} | grep '^+'`" ]; then + # These will already be in PREPEND_PATHS. + continue + elif [ -z "`echo ${DIR} | grep '^/'`" ]; then +@@ -3848,7 +3848,7 @@ + # + + for RKHTMPVAR2 in ${RKHTMPVAR}; do +- if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then ++ if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then + PROTO=`echo ${RKHTMPVAR2} | cut -d: -f1 | tr '[:lower:]' '[:upper:]'` + PORT=`echo ${RKHTMPVAR2} | cut -d: -f2` + +@@ -3899,7 +3899,7 @@ + PROTO="" + + # Dig out the protocol and port number, if present. +- if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then ++ if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then + PROTO=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([a-zA-Z]*\):[1-9][0-9]*$/\1/'` + PORT=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([1-9][0-9]*\)$/\1/'` + +@@ -4839,7 +4839,7 @@ + fi + fi + +- if [ -n "`echo \"${HASH_FUNC}\" | egrep -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then ++ if [ -n "`echo \"${HASH_FUNC}\" | grep -E -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then + HASH_FUNC=`echo "${HASH_FUNC}" | tr '[:lower:]' '[:upper:]'` + fi + +@@ -6412,7 +6412,7 @@ + OSNAME="${OSNAME} `sw_vers 2>/dev/null | grep '^ProductVersion:' | sed -e 's/ProductVersion:[ ]*//'`" + # OSNAME="${OSNAME} `sysctl kern.version 2>/dev/null | sed -e 's/^kern.version = //' | cut -d: -f1`" + +- if [ -n "`sysctl -a 2>/dev/null | egrep '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then ++ if [ -n "`sysctl -a 2>/dev/null | grep -E '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then + OSNAME="${OSNAME} (64-bit capable)" + fi + ;; +@@ -6708,7 +6708,7 @@ + # this is what RPM does). + # + +- RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | egrep ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1` ++ RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | grep -E ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1` + + test -z "${RPM_QUERY_RESULT}" && RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | tail ${TAIL_OPT}1` + +@@ -6883,7 +6883,7 @@ + if [ -n "${PKGNAME}" ]; then + if [ -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then + FILNAM=`echo "${FNAME}" | sed -e 's:^/::; s:\.:\\\.:g'` +- SYSHASH=`egrep "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1` ++ SYSHASH=`grep -E "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1` + test -n "${SYSHASH}" && FILE_IS_PKGD=1 + fi + fi +@@ -6925,7 +6925,7 @@ + SYSHASH="" + RKHTMPVAR=`${HASH_CMD} "${FNAME}" 2>&1` + +- if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then ++ if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then + DEPENDENCY_ERR=1 + RKHTMPVAR=`echo "${RKHTMPVAR}" | tr '\n' ':' | sed -e 's/:$//'` + else +@@ -7311,13 +7311,13 @@ + + case $MIRRORS_MODE in + 0) +- MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` ++ MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` + ;; + 1) +- MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` ++ MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` + ;; + 2) +- MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` ++ MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` + ;; + esac + +@@ -7337,13 +7337,13 @@ + + case $MIRRORS_MODE in + 0) +- MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` ++ MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` + ;; + 1) +- MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` ++ MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` + ;; + 2) +- MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` ++ MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` + ;; + esac + +@@ -7370,7 +7370,7 @@ + # Next get the remaining mirrors. + # + +- OTHERMIRRORS=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"` ++ OTHERMIRRORS=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"` + + + # +@@ -7459,13 +7459,13 @@ + + case $MIRRORS_MODE in + 0) +- MIRROR_COUNT=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` ++ MIRROR_COUNT=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` + ;; + 1) +- MIRROR_COUNT=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` ++ MIRROR_COUNT=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` + ;; + 2) +- MIRROR_COUNT=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` ++ MIRROR_COUNT=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` + ;; + esac + +@@ -7991,7 +7991,7 @@ + # Now check to see if any unknown options have been configured. + # + +- RKHTMPVAR=`egrep -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}` ++ RKHTMPVAR=`grep -E -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}` + + IFS=$IFSNL + +@@ -9587,7 +9587,7 @@ + rpc.nfsd:tcp.log:Sniffer installed + sshd:/dev/ptyxx:OpenBSD Rootkit + sshd:/.config:SHV4 Rootkit +- sshd:+\\$.*\\$\!.*\!\!\\$:Backdoored SSH daemon installed ++ sshd:+\\$.*\\$!.*!!\\$:Backdoored SSH daemon installed + sshd:backdoor.h:Trojaned SSH daemon + sshd:backdoor_active:Trojaned SSH daemon + sshd:magic_pass_active:Trojaned SSH daemon +@@ -10712,7 +10712,7 @@ + done + + +- if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'libsafe|missing|empty'`" ]; then ++ if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'libsafe|missing|empty'`" ]; then + display --to LOG --type WARNING --nl PROPUPD_WARN + fi + +@@ -10964,7 +10964,7 @@ + + FILE_IS_PKGD=1 + +- PKGNAME=`echo "${PKGNAME_ARCH}" | egrep '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1` ++ PKGNAME=`echo "${PKGNAME_ARCH}" | grep -E '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1` + + test -z "${PKGNAME}" && PKGNAME=`echo "${PKGNAME_ARCH}" | tail ${TAIL_OPT}1` + +@@ -11163,7 +11163,7 @@ + if [ -n "${PKGNAME}" -a -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then + FNGREP=`echo "${FNAMEGREP}" | sed -e 's:^/::'` + +- SYSHASH=`egrep "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1` ++ SYSHASH=`grep -E "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1` + + if [ -n "${SYSHASH}" ]; then + FILE_IS_PKGD=1 +@@ -11172,7 +11172,7 @@ + if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then + PKGMGR_VERIFY_RESULT="5" + +- if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then ++ if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then + DEPENDENCY_ERR=1 + fi + fi +@@ -11221,7 +11221,7 @@ + if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then + PKGMGR_VERIFY_RESULT="5" + +- if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then ++ if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then + DEPENDENCY_ERR=1 + fi + fi +@@ -11252,7 +11252,7 @@ + if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then + PKGMGR_VERIFY_RESULT="5" + +- if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then ++ if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then + DEPENDENCY_ERR=1 + fi + fi +@@ -11295,7 +11295,7 @@ + fi + fi + +- if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep '5|(^..\?)'`" ]; then ++ if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E '5|(^..\?)'`" ]; then + HASH_TEST_PASSED=1 + else + TEST_RESULT="${TEST_RESULT} verify:hashchanged" +@@ -11349,7 +11349,7 @@ + SYSHASH=`${HASH_CMD} "${FNAME}" 2>/dev/null | cut -d' ' -f $HASH_FLD_IDX` + + if [ -z "${SYSHASH}" ]; then +- if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then ++ if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then + if [ "${RKHHASH}" = "ignore-prelink-dep-err" ]; then + SYSHASH="${RKHHASH}" + display --to LOG --type INFO FILE_PROP_IGNORE_PRELINK_DEP_ERR "`name2text \"${FNAME}\"`" +@@ -11445,7 +11445,7 @@ + # + + if [ $FILE_IS_PKGD -eq 1 ]; then +- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged" ++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged" + else + RKH_CC2=`expr $RKH_CC + 2` + +@@ -11465,7 +11465,7 @@ + # + + if [ $FILE_IS_PKGD -eq 1 ]; then +- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged" ++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged" + else + RKH_CC2=`expr $RKH_CC + 3` + +@@ -11485,7 +11485,7 @@ + # + + if [ $FILE_IS_PKGD -eq 1 ]; then +- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged" ++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged" + else + RKH_CC2=`expr $RKH_CC + 4` + +@@ -11525,7 +11525,7 @@ + # + + if [ $FILE_IS_PKGD -eq 1 ]; then +- if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'S|(^\?)'`" ]; then ++ if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'S|(^\?)'`" ]; then + SIZE_TEST_PASSED=1 + else + TEST_RESULT="${TEST_RESULT} verify:sizechanged" +@@ -11553,7 +11553,7 @@ + # + + if [ $FILE_IS_PKGD -eq 1 ]; then +- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged" ++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged" + elif [ $PRELINKED -eq 0 -o $FILE_IS_PKGD -eq 0 ]; then + RKH_CC2=`expr $RKH_CC + 6` + +@@ -11574,7 +11574,7 @@ + + if [ -h "${FNAME}" ]; then + if [ $FILE_IS_PKGD -eq 1 ]; then +- if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'L|(^....\?)'`" ]; then ++ if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'L|(^....\?)'`" ]; then + if [ $HAVE_READLINK -eq 1 ]; then + # Check the link target to see if it is whitelisted. + +@@ -11720,7 +11720,7 @@ + RKHTMPVAR=`${LSATTR_CMD} "${FNAME}" 2>&1 | cut -d' ' -f1 | grep 'i'` + fi + else +- RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | egrep 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'` ++ RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | grep -E 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'` + fi + + # +@@ -11768,9 +11768,9 @@ + test -n "${BASENAME_CMD}" && RKHTMPVAR=`${BASENAME_CMD} "${FNAME}"` || RKHTMPVAR=`echo "${FNAME}" | sed -e 's:^.*/::'` + + if [ "${RKHTMPVAR}" = "rkhunter" ]; then +- SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i -v '(shell|/bin/sh) script( |,|$)'` ++ SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i -v '(shell|/bin/sh) script( |,|$)'` + else +- SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i ' script( |,|$)'` ++ SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i ' script( |,|$)'` + fi + + test -n "${SYSSCRIPT}" && TEST_RESULT="${TEST_RESULT} script" +@@ -12256,7 +12256,7 @@ + # Adding "text" to the egrep below widens scope at the expense of more false-positives and extending running time. + # + +- if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | egrep -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then ++ if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | grep -E -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then + FOUND=1 + SUSPSCAN_NUM=1; SUSPSCAN_SCORE=0; SUSPSCAN_HITCOUNT=0 + SUSPSCAN_STRINGS="" +@@ -13151,7 +13151,7 @@ + FOUND=0 + + if [ -n "${KSYMS_FILE}" ]; then +- egrep -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1 ++ grep -E -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1 + fi + + if [ $FOUND -eq 0 ]; then +@@ -14061,7 +14061,7 @@ + + FNAMEGREP=`echo "${FNAMEGREP}" | sed -e 's/^|//;'` + +- if [ -n "`echo \"${FNAME}\" | egrep \"^(${FNAMEGREP})$\"`" ]; then ++ if [ -n "`echo \"${FNAME}\" | grep -E \"^(${FNAMEGREP})$\"`" ]; then + PROCWHITELISTED=1 + fi + else +@@ -14174,7 +14174,7 @@ + RKHLSOF_FILE="${TEMPFILE}" + touch "${RKHLSOF_FILE}" + +- ${LSOF_CMD} -wnlP +c 0 2>&1 | egrep -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}" ++ ${LSOF_CMD} -wnlP +c 0 2>&1 | grep -E -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}" + + # + # Now loop through the known suspicious filenames, +@@ -14376,7 +14376,7 @@ + ROOTKIT_COUNT=`expr $ROOTKIT_COUNT + 1` + + SEEN=1 +- FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'` ++ FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | grep -E -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'` + + if [ -z "${FOUND_PROCS}" ]; then + # Nothing found. +@@ -14957,7 +14957,7 @@ + IFS=$IFSNL + + # Get the default enabled services. +- for LINE in `egrep '^[ ]*enabled[ ]*\+?=' "${FILENAME}"`; do ++ for LINE in `grep -E '^[ ]*enabled[ ]*+?=' "${FILENAME}"`; do + SEEN=1 + + RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` +@@ -14975,7 +14975,7 @@ + + + # Get the default disabled services. +- for LINE in `egrep '^[ ]*disabled[ ]*\+?=' "${FILENAME}"`; do ++ for LINE in `grep -E '^[ ]*disabled[ ]*+?=' "${FILENAME}"`; do + RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` + + XINETD_DFLTS_DISABLED="${XINETD_DFLTS_DISABLED} ${RKHTMPVAR}" +@@ -15024,14 +15024,14 @@ + # + + if [ -n "${XINETD_DFLTS_ENABLED}" ]; then +- if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | egrep \"${SVCID}\"`" ]; then +- if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then ++ if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | grep -E \"${SVCID}\"`" ]; then ++ if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then + SEEN=1 + IFS=$IFSNL + break + fi + fi +- elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then ++ elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then + : + elif [ -z "`echo $DATA | grep 'disable = yes'`" ]; then + SEEN=1 +@@ -15368,7 +15368,7 @@ + test -f "${DIR}/mod_rootme2.so" && FOUNDFILES="${FOUNDFILES} ${DIR}/mod_rootme2.so" + + if [ -f "${DIR}/httpd.conf" ]; then +- if [ -n "`egrep 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then ++ if [ -n "`grep -E 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then + FOUNDFILES="${FOUNDFILES} ${DIR}/httpd.conf" + fi + fi +@@ -15671,7 +15671,7 @@ + ${FIND_CMD} "${LKM_PATH}" -type f -a \( -name "*.o" -o -name "*.ko" -o -name "*.ko.xz" \) >"${TEMPFILE}" 2>/dev/null + + for RKHTMPVAR in ${LKM_NAMES}; do +- if [ -n "`egrep \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then ++ if [ -n "`grep -E \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then + FOUND=1 + FOUNDFILES="${FOUNDFILES} ${RKHTMPVAR}" + fi +@@ -15821,10 +15821,10 @@ + if [ -n "`echo \"${LSOFLINE}\" | grep \" ${PROTO} \*:${PORT} \"`" ]; then + # Process listening for connections from anywhere. + PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` +- elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then ++ elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then + # Established or listening process using IPv4 address. + PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` +- elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then ++ elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then + # Established or listening process using IPv6 address. + PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` + else +@@ -15886,7 +15886,7 @@ + if [ "${PROTO}" = "UDP" ]; then + FOUND=`${NETSTAT_CMD} -an | grep -i "^udp.*\.${PORT} " | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` + elif [ "${PROTO}" = "TCP" ]; then +- FOUND=`${NETSTAT_CMD} -an | egrep -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` ++ FOUND=`${NETSTAT_CMD} -an | grep -E -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` + fi + ;; + SunOS) +@@ -15897,10 +15897,10 @@ + FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^UDP: IPv6/, /^$/ { print $1 }' | grep "\.${PORT}$"` + fi + elif [ "${PROTO}" = "TCP" ]; then +- FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` ++ FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` + + if [ -z "${FOUND}" ]; then +- FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` ++ FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` + fi + fi + ;; +@@ -16435,7 +16435,7 @@ + WHITEPROC="" + BLACKPROC="" + +- LIBPCAPRES=`egrep -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1` ++ LIBPCAPRES=`grep -E -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1` + + if [ -n "${LIBPCAPRES}" ]; then + ALLOWPROCLISTENERS="" +@@ -16451,7 +16451,7 @@ + + INODE_LIST="" + +- for INODE in `egrep -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do ++ for INODE in `grep -E -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do + INODE_LIST="${INODE_LIST}|$INODE" + done + +@@ -16459,7 +16459,7 @@ + test -z "${INODE_LIST}" && INODE_LIST="RKHunterPktCapture" + + +- for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | egrep "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do ++ for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | grep -E "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do + NAME="" + + if [ -h "/proc/$PID/exe" -a $HAVE_READLINK -eq 1 ]; then +@@ -16677,7 +16677,7 @@ + RKHTMPVAR=`grep "${STRING}" "${FNAME}"` + + if [ -n "${RKHTMPVAR}" ]; then +- test -z "`echo \"${RKHTMPVAR}\" | egrep -v '^[ ]*#'`" && continue ++ test -z "`echo \"${RKHTMPVAR}\" | grep -E -v '^[ ]*#'`" && continue + + if [ -n "`echo \"${RTKT_FILE_WHITELIST}\" | grep \"^${FNAMEGREP}:${STRING}$\"`" ]; then + if [ $VERBOSE_LOGGING -eq 1 ]; then +@@ -16951,7 +16951,7 @@ + if [ -n "${DSCL_CMD}" ]; then + display --to LOG --type INFO FOUND_CMD 'dscl' "${DSCL_CMD}" + +- RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | egrep '^[^ )]' | cut -d' ' -f1` ++ RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | grep -E '^[^ )]' | cut -d' ' -f1` + else + display --to LOG --type INFO NOT_FOUND_CMD 'dscl' + fi +@@ -17526,7 +17526,7 @@ + + test $SUNOS -eq 1 -o $IRIXOS -eq 1 && PS_ARGS="-ef" + +- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep '(syslogd|syslog-ng)( |$)' | grep -v 'egrep'` ++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E '(syslogd|syslog-ng)( |$)' | grep -v 'grep'` + + if [ -n "${RKHTMPVAR}" ]; then + SYSLOG_SEEN=1 +@@ -17546,7 +17546,7 @@ + TITLE_SHOWN=1 + fi + +- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'systemd-journald( |$)' | grep -v 'egrep'` ++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'systemd-journald( |$)' | grep -v 'grep'` + + if [ -n "${RKHTMPVAR}" ]; then + SYSTEMD_SEEN=1 +@@ -17562,7 +17562,7 @@ + TITLE_SHOWN=1 + fi + +- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'metalog( |$)' | grep -v 'egrep'` ++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'metalog( |$)' | grep -v 'grep'` + + if [ -n "${RKHTMPVAR}" ]; then + METALOG_SEEN=1 +@@ -17578,7 +17578,7 @@ + TITLE_SHOWN=1 + fi + +- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'socklog( |$)' | grep -v 'egrep'` ++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'socklog( |$)' | grep -v 'grep'` + + if [ -n "${RKHTMPVAR}" ]; then + SOCKLOG_SEEN=1 +@@ -17639,7 +17639,7 @@ + RKHTMPVAR="an" + elif [ -n "`echo \"${FNAME}\" | grep '/syslog-ng\.conf$'`" ]; then + FTYPE="syslog-ng" +- elif [ -n "`echo \"${FNAME}\" | egrep '/(systemd-)?journald\.conf$'`" ]; then ++ elif [ -n "`echo \"${FNAME}\" | grep -E '/(systemd-)?journald\.conf$'`" ]; then + FTYPE="systemd" + else + FTYPE="syslog" +@@ -17657,15 +17657,15 @@ + if [ "${FTYPE}" != "systemd" ]; then + RKHTMPVAR="" + +- if [ -n "`echo \"${FNAME}\" | egrep '/r?syslog\.conf$'`" ]; then +- RKHTMPVAR=`egrep -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | egrep -i -v '(@|:omrelp:)127\.'` ++ if [ -n "`echo \"${FNAME}\" | grep -E '/r?syslog\.conf$'`" ]; then ++ RKHTMPVAR=`grep -E -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | grep -E -i -v '(@|:omrelp:)127\.'` + else + # + # For syslog-ng we must look for a destination + # block which uses TCP or UDP. + # + +- RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | egrep -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | egrep -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'` ++ RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | grep -E -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | grep -E -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'` + fi + + if [ -n "${RKHTMPVAR}" ]; then +@@ -17681,7 +17681,7 @@ + # that the warnings are shown before anything else. + # + +- if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then ++ if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then + display --to SCREEN+LOG --type PLAIN --result WARNING --color RED --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_FILE + display --to LOG --type WARNING SYSTEM_CONFIGS_SYSLOG_NO_FILE 'syslog' + elif [ $SYSTEMD_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep ' systemd '`" ]; then +@@ -17697,7 +17697,7 @@ + # We only display the remote logging result if a configuration file was found. + # + +- if [ -n "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then ++ if [ -n "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then + if [ $ALLOW_SYSLOG_REMOTE_LOGGING -eq 1 ]; then + display --to SCREEN+LOG --type PLAIN --result ALLOWED --color GREEN --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_SYSLOG_REMOTE + elif [ $REM_LOGGING_FOUND -eq 0 ]; then +@@ -17734,7 +17734,7 @@ + FTYPE=`echo "${FTYPE}" | tail ${TAIL_OPT}1` + fi + +- if [ -z "`echo \"${FTYPE}\" | egrep -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then ++ if [ -z "`echo \"${FTYPE}\" | grep -E -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then + return + fi + +@@ -17832,7 +17832,7 @@ + RKHTMPVAR=`find_cmd mount` + + if [ -n "${RKHTMPVAR}" ]; then +- test -n "`${RKHTMPVAR} 2>/dev/null | egrep '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1 ++ test -n "`${RKHTMPVAR} 2>/dev/null | grep -E '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1 + else + display --to LOG --type INFO NOT_FOUND_CMD 'mount' + fi +@@ -17930,7 +17930,7 @@ + + for DIR in ${SHORTSEARCHDIRS}; do + if [ -d "${DIR}" ]; then +- RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | egrep -v '/\.\.?$'` ++ RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | grep -E -v '/\.\.?$'` + test -n "${RKHTMPVAR}" && LOOKINDIRS="${LOOKINDIRS} + ${RKHTMPVAR}" + fi +@@ -17972,7 +17972,7 @@ + + FTYPE=`${FILE_CMD} "${FNAME}" 2>&1 | ${AWK_CMD} -F':' '{ print $NF }' | cut -c2-` + +- test -n "`echo \"${FTYPE}\" | egrep 'character special|block special|empty'`" && continue ++ test -n "`echo \"${FTYPE}\" | grep -E 'character special|block special|empty'`" && continue + + FNAMEGREP=`echo "${FNAME}" | sed -e 's/\([.$*?\\]\)/\\\\\1/g; s/\[/\\\\[/g; s/\]/\\\\]/g'` + +@@ -18313,7 +18313,7 @@ + ;; + named) + WHOLE_VERSION=`${APP_CMD_FOUND} -v 2>/dev/null` +- VERSION=`echo "${WHOLE_VERSION}" | egrep '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'` ++ VERSION=`echo "${WHOLE_VERSION}" | grep -E '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'` + + if [ -n "`echo \"${VERSION}\" | grep '^[^-]*\.[0-9][0-9]*-P[^-]*-'`" ]; then + VERSION=`echo "${VERSION}" | cut -d'-' -f1-2` +@@ -18377,7 +18377,7 @@ + if [ -n "`echo \"${APP_WHITELIST}\" | grep -i \" ${APPLICATION}:${RKHTMPVAR} \"`" ]; then + APP_RESULTS="${APP_RESULTS} + ${APPLICATION}%${APPLICATION_DESC}%${VERSION}%-1" +- elif [ -n "`egrep -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then ++ elif [ -n "`grep -E -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then + APPS_FAILED_COUNT=`expr ${APPS_FAILED_COUNT} + 1` + + APP_RESULTS="${APP_RESULTS} +@@ -19462,7 +19462,7 @@ + # + + echo $ECHOOPT "" +- echo $ECHOOPT "Usage: rkhunter {--check | --unlock |" ++ echo $ECHOOPT "Usage: rkhunter {--check | --unlock | --update | --versioncheck |" + echo $ECHOOPT " --propupd [{filename | directory | package name},...] |" + echo $ECHOOPT " --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |" + echo $ECHOOPT " --config-check | --version | --help} [options]" +@@ -19791,8 +19791,8 @@ + # required commands are tested early on using just the root PATH. Then + # BINDIR is checked, and finally the rest of the commands are then + # checked using the new PATH from BINDIR. +-ABSOLUTELY_REQUIRED_CMDS="cut egrep grep sed tail tr" +-REQCMDS="awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail touch tr uname uniq wc" ++ABSOLUTELY_REQUIRED_CMDS="cut grep sed tail tr" ++REQCMDS="awk cat chmod chown cp cut date grep head ls mv sed sort tail touch tr uname uniq wc" + + # This will be set to a list of commands that have been disabled. + DISABLED_CMDS="" +@@ -20896,10 +20896,10 @@ + # + + if [ -z "${PRELINK_HASH}" ]; then +- if [ -z "`echo \"${HASH_FUNC}\" | egrep '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then ++ if [ -z "`echo \"${HASH_FUNC}\" | grep -E '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then + RKHTMPVAR=`echo "${HASH_FUNC}" | cut -d' ' -f1` + +- if [ -z "`echo ${RKHTMPVAR} | egrep -i 'sha1|md5'`" ]; then ++ if [ -z "`echo ${RKHTMPVAR} | grep -E -i 'sha1|md5'`" ]; then + if [ $HASH_OPT -eq 1 ]; then + echo "This system uses prelinking, but the '--hash' option (${HASH_FUNC}) does not look like SHA1 or MD5." + else +@@ -21007,7 +21007,7 @@ + # + IFS=$IFSNL + +-for LINE in `egrep '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do ++for LINE in `grep -E '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do + TYPE=`echo "${LINE}" | cut -d: -f1` + + if [ "${LANGUAGE}" != "en" ]; then +@@ -21212,7 +21212,7 @@ + fi + elif [ -n "${PRELINK_HASH}" ]; then + display --to LOG --type INFO HASH_FUNC_PRELINK "${PRELINK_HASH}" +- elif [ -z "`echo \"${HASH_FUNC}\" | egrep -i 'sha1|md5'`" ]; then ++ elif [ -z "`echo \"${HASH_FUNC}\" | grep -E -i 'sha1|md5'`" ]; then + SKIP_HASH_MSG=1 + else + display --to LOG --type INFO HASH_FUNC "${HASH_FUNC}" + diff --git a/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild b/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild new file mode 100644 index 000000000000..84bbbe851de2 --- /dev/null +++ b/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 + +DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers" +HOMEPAGE="http://rkhunter.sf.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~mips ~ppc ~x86" +IUSE="" + +RDEPEND=" + app-shells/bash + dev-lang/perl + sys-process/lsof[rpc] +" + +S="${WORKDIR}/${P}/files" + +PATCHES=( + "${FILESDIR}/${PN}-1.4.6-conf.patch" + "${FILESDIR}/${PN}-1.4.6-no-insecure-web.patch" + "${FILESDIR}/${PN}-1.4.6-grep-3.8.patch" +) + +src_install() { + # rkhunter requires to be root + dosbin ${PN} + + insinto /etc + doins ${PN}.conf + + exeinto /usr/lib/${PN}/scripts + doexe *.pl + + insinto /var/lib/${PN}/db + doins *.dat + + insinto /var/lib/${PN}/db/i18n + doins i18n/* + + doman ${PN}.8 + dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README + + exeinto /etc/cron.daily + newexe "${FILESDIR}/${PN}-1.4.cron" ${PN} + + newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN} +} + +pkg_postinst() { + elog "A cron script has been installed to /etc/cron.daily/rkhunter." + elog "To enable it, edit /etc/cron.daily/rkhunter and follow the" + elog "directions." + elog "If you want ${PN} to send mail, you will need to install" + elog "virtual/mailx or alter the EMAIL_CMD variable in the" + elog "cron script and possibly the MAIL_CMD variable in the" + elog "${PN}.conf file to use another mail client." +} |