* [gentoo-commits] repo/gentoo:master commit in: app-forensics/rkhunter/files/, app-forensics/rkhunter/
@ 2018-03-17 23:54 Michael Palimaka
0 siblings, 0 replies; 2+ messages in thread
From: Michael Palimaka @ 2018-03-17 23:54 UTC (permalink / raw
To: gentoo-commits
commit: 61e995b755727e286d140d8d721340959c434b6c
Author: Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 17 23:52:36 2018 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Sat Mar 17 23:53:43 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61e995b7
app-forensics/rkhunter: version bump 1.4.6
Also, add a patch to disable insecure file downloads.
Bug: https://bugs.gentoo.org/623150
Closes: https://bugs.gentoo.org/645454
Closes: https://bugs.gentoo.org/648470
Package-Manager: Portage-2.3.24, Repoman-2.3.6
app-forensics/rkhunter/Manifest | 1 +
.../rkhunter/files/rkhunter-1.4.6-conf.patch | 38 +++++++++++++
.../files/rkhunter-1.4.6-no-insecure-web.patch | 46 ++++++++++++++++
app-forensics/rkhunter/rkhunter-1.4.6.ebuild | 63 ++++++++++++++++++++++
4 files changed, 148 insertions(+)
diff --git a/app-forensics/rkhunter/Manifest b/app-forensics/rkhunter/Manifest
index 6b908c6c489..5fa0e6267d2 100644
--- a/app-forensics/rkhunter/Manifest
+++ b/app-forensics/rkhunter/Manifest
@@ -1,2 +1,3 @@
DIST rkhunter-1.4.2.tar.gz 277707 BLAKE2B 97968801ce5dccefc7d5eb246fd8031091447b9090c5bc9b958ea64835c47661d1f40b5a6352e0c92608a514f237ac2946a7f84498915418581a71d16b497f61 SHA512 a4e45caaaf5b8262619ebb890784c75c4e30db4c6c0eba305f86d419142b4796c95bc55fe8846dce8d58bc7636bdb365a4a8c41707f64d4d81373687c5a3b0d4
DIST rkhunter-1.4.4.tar.gz 297626 BLAKE2B 9d9a50e3541817d8dfec6c76665ae84b92f49ed3128244cb5359f2149203ccdc7cdaa05db3da87f6aa6ee79fa84491f40cdc3443d77359b64c23947cb685516e SHA512 87e9c617220765678cc4519eee27d1d56185c3a7fb1d6338c8fb984ac4f5176c31bb54b69e1de615d66a0cf1e72b672e66b368e37851a459def69463cbb8661e
+DIST rkhunter-1.4.6.tar.gz 302137 BLAKE2B 89c61386b57f743f4205f8c826eaa8a9dc9a0d413ac47efb26b6f93d8d642f619f35b7a4c021521b662547c02a16071b8980d158cfb9e081a64870558dbaeff0 SHA512 c51a21b6b66ed1f73a19d8ce04eaba35999eefcb666acc824989c3bf53ac56d24a33ac4fec290be942e33fe24674406b371eafff73f7e697b9e03ec031b37216
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch
new file mode 100644
index 00000000000..5642436ed41
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch
@@ -0,0 +1,38 @@
+
+--- a/rkhunter.conf
++++ b/rkhunter.conf
+@@ -72,6 +72,7 @@
+ # to use.
+ #
+
++INSTALLDIR=/usr
+
+ #
+ # If this option is set to '1', it specifies that the mirrors file
+@@ -154,7 +155,7 @@
+ # subsequently commented out or removed, then the program will assume a
+ # default directory beneath the installation directory.
+ #
+-#TMPDIR=/var/lib/rkhunter/tmp
++TMPDIR=/var/lib/rkhunter
+
+ #
+ # This option specifies the database directory to use.
+@@ -163,7 +164,7 @@
+ # subsequently commented out or removed, then the program will assume a
+ # default directory beneath the installation directory.
+ #
+-#DBDIR=/var/lib/rkhunter/db
++DBDIR=/var/lib/rkhunter/db
+
+ #
+ # This option specifies the script directory to use.
+@@ -171,7 +172,7 @@
+ # The installer program will set the default directory. If this default is
+ # subsequently commented out or removed, then the program will not run.
+ #
+-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
++SCRIPTDIR=/usr/lib/rkhunter/scripts
+
+ #
+ # This option can be used to modify the command directory list used by rkhunter
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch
new file mode 100644
index 00000000000..ed3b68c669b
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch
@@ -0,0 +1,46 @@
+Disable insecure web operations (CVE-2017-7480).
+
+Bug: https://bugs.gentoo.org/623150
+
+--- a/rkhunter
++++ b/rkhunter
+@@ -19462,7 +19462,7 @@
+ #
+
+ echo $ECHOOPT ""
+- echo $ECHOOPT "Usage: rkhunter {--check | --unlock | --update | --versioncheck |"
++ echo $ECHOOPT "Usage: rkhunter {--check | --unlock |"
+ echo $ECHOOPT " --propupd [{filename | directory | package name},...] |"
+ echo $ECHOOPT " --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |"
+ echo $ECHOOPT " --config-check | --version | --help} [options]"
+@@ -19518,10 +19518,8 @@
+ echo $ECHOOPT " (Default level is $SYSLOG_DFLT_PRIO)"
+ echo $ECHOOPT " --tmpdir <directory> Use the specified temporary directory"
+ echo $ECHOOPT " --unlock Unlock (remove) the lock file"
+- echo $ECHOOPT " --update Check for updates to database files"
+ echo $ECHOOPT " --vl, --verbose-logging Use verbose logging (on by default)"
+ echo $ECHOOPT " -V, --version Display the version number, then exit"
+- echo $ECHOOPT " --versioncheck Check for latest version of program"
+ echo $ECHOOPT " -x, --autox Automatically detect if X is in use"
+ echo $ECHOOPT " -X, --no-autox Do not automatically detect if X is in use"
+ echo $ECHOOPT ""
+@@ -20396,9 +20394,6 @@
+ --unlock)
+ UNLOCK=1
+ ;;
+- --update)
+- UPDATE=1
+- ;;
+ --vl | --verboselogging | --verbose-logging)
+ VERBOSE_LOGGING=1
+ ;;
+@@ -20407,9 +20402,6 @@
+ echo "${PROGRAM_blurb}"
+ exit 0
+ ;;
+- --versioncheck | --version-check)
+- VERSIONCHECK=1
+- ;;
+ -x | --autox)
+ AUTO_X_OPT=1
+ AUTO_X_DTCT=1
diff --git a/app-forensics/rkhunter/rkhunter-1.4.6.ebuild b/app-forensics/rkhunter/rkhunter-1.4.6.ebuild
new file mode 100644
index 00000000000..149c587a14b
--- /dev/null
+++ b/app-forensics/rkhunter/rkhunter-1.4.6.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit bash-completion-r1
+
+DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers"
+HOMEPAGE="http://rkhunter.sf.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~mips ~ppc ~x86"
+IUSE=""
+
+RDEPEND="
+ app-shells/bash
+ dev-lang/perl
+ sys-process/lsof[rpc]
+"
+
+S="${WORKDIR}/${P}/files"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.4.6-conf.patch"
+ "${FILESDIR}/${PN}-1.4.6-no-insecure-web.patch"
+)
+
+src_install() {
+ # rkhunter requires to be root
+ dosbin ${PN}
+
+ insinto /etc
+ doins ${PN}.conf
+
+ exeinto /usr/lib/${PN}/scripts
+ doexe *.pl
+
+ insinto /var/lib/${PN}/db
+ doins *.dat
+
+ insinto /var/lib/${PN}/db/i18n
+ doins i18n/*
+
+ doman ${PN}.8
+ dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README
+
+ exeinto /etc/cron.daily
+ newexe "${FILESDIR}/${PN}-1.3.cron" ${PN}
+
+ newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN}
+}
+
+pkg_postinst() {
+ elog "A cron script has been installed to /etc/cron.daily/rkhunter."
+ elog "To enable it, edit /etc/cron.daily/rkhunter and follow the"
+ elog "directions."
+ elog "If you want ${PN} to send mail, you will need to install"
+ elog "virtual/mailx or alter the EMAIL_CMD variable in the"
+ elog "cron script and possibly the MAIL_CMD variable in the"
+ elog "${PN}.conf file to use another mail client."
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-forensics/rkhunter/files/, app-forensics/rkhunter/
@ 2023-03-14 2:00 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2023-03-14 2:00 UTC (permalink / raw
To: gentoo-commits
commit: b3e55a7602c27f57bc63effb38b4b7716e1ad738
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 14 00:42:21 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Mar 14 01:59:49 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3e55a76
app-forensics/rkhunter: fix warnings w/ grep-3.8
Closes: https://bugs.gentoo.org/895176
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../rkhunter/files/rkhunter-1.4.6-grep-3.8.patch | 735 +++++++++++++++++++++
app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild | 64 ++
2 files changed, 799 insertions(+)
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch
new file mode 100644
index 000000000000..ae1ae9feb05c
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-grep-3.8.patch
@@ -0,0 +1,735 @@
+https://sourceforge.net/p/rkhunter/bugs/176/
+https://bugs.gentoo.org/895176
+
+--- a/rkhunter
++++ b/rkhunter
+@@ -70,7 +70,7 @@
+ # we exec to log everything to the debug file.
+ #
+
+-if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then
++if [ -n "`echo \"$*\" | grep -- '--debug'`" ]; then
+ RKHDEBUGFILE=""
+ RKHDEBUGBASE="/tmp/rkhunter-debug"
+
+@@ -181,7 +181,7 @@
+ # used. If it is, then some typical grep tests will fail.
+ #
+
+-if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; then
++if [ "`echo \"rkh-grep-test\" | grep '^+'`" = "rkh-grep-test" ]; then
+ alias grep='grep -E'
+ fi
+
+@@ -948,9 +948,9 @@
+ #
+
+ if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then
+- RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*]'`
++ RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*]'`
+ else
+- RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*{}]'`
++ RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*{}]'`
+ fi
+
+ if [ -n "${RKHTMPVAR}" ]; then
+@@ -989,7 +989,7 @@
+ # The code is left here since we may need something very similar for overloaded options.
+ # overloaded options - ALLOWPROCDELFILE PORT_PATH_WHITELIST RTKT_FILE_WHITELIST
+ # if [ "${OPT_NAME}" = "BINDIR" ]; then
+-# if [ -n "`echo \"${FNAME}\" | grep '^\+'`" ]; then
++# if [ -n "`echo \"${FNAME}\" | grep '^+'`" ]; then
+ # FNAME=`echo "${FNAME}" | cut -c2-`
+ # fi
+ # fi
+@@ -1000,7 +1000,7 @@
+ # Also check that '/' has not been set.
+ #
+
+- if [ -n "`echo \"${FNAME}\" | egrep '(^[./]*$)|[;&]|/\.\./'`" ]; then
++ if [ -n "`echo \"${FNAME}\" | grep -E '(^[./]*$)|[;&]|/\.\./'`" ]; then
+ ERRCODE=1
+
+ echo "Invalid ${OPT_NAME} configuration option: Invalid pathname: ${FNAME}"
+@@ -1134,7 +1134,7 @@
+ #
+
+ if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then
+- if [ -n "`echo \"${FNAME}\" | egrep '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then
++ if [ -n "`echo \"${FNAME}\" | grep -E '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then
+ continue
+ fi
+ fi
+@@ -2522,7 +2522,7 @@
+ PREPEND_PATHS=""
+
+ for DIR in ${BINPATHS}; do
+- if [ -n "`echo ${DIR} | grep '^\+'`" ]; then
++ if [ -n "`echo ${DIR} | grep '^+'`" ]; then
+ DIR=`echo ${DIR} | cut -c2-`
+ PREPEND_PATHS="${PREPEND_PATHS} ${DIR}"
+ fi
+@@ -2532,7 +2532,7 @@
+
+
+ for DIR in ${PREPEND_PATHS} ${RKHROOTPATH} ${BINPATHS}; do
+- if [ -n "`echo ${DIR} | grep '^\+'`" ]; then
++ if [ -n "`echo ${DIR} | grep '^+'`" ]; then
+ # These will already be in PREPEND_PATHS.
+ continue
+ elif [ -z "`echo ${DIR} | grep '^/'`" ]; then
+@@ -3848,7 +3848,7 @@
+ #
+
+ for RKHTMPVAR2 in ${RKHTMPVAR}; do
+- if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then
++ if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then
+ PROTO=`echo ${RKHTMPVAR2} | cut -d: -f1 | tr '[:lower:]' '[:upper:]'`
+ PORT=`echo ${RKHTMPVAR2} | cut -d: -f2`
+
+@@ -3899,7 +3899,7 @@
+ PROTO=""
+
+ # Dig out the protocol and port number, if present.
+- if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then
++ if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then
+ PROTO=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([a-zA-Z]*\):[1-9][0-9]*$/\1/'`
+ PORT=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([1-9][0-9]*\)$/\1/'`
+
+@@ -4839,7 +4839,7 @@
+ fi
+ fi
+
+- if [ -n "`echo \"${HASH_FUNC}\" | egrep -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then
++ if [ -n "`echo \"${HASH_FUNC}\" | grep -E -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then
+ HASH_FUNC=`echo "${HASH_FUNC}" | tr '[:lower:]' '[:upper:]'`
+ fi
+
+@@ -6412,7 +6412,7 @@
+ OSNAME="${OSNAME} `sw_vers 2>/dev/null | grep '^ProductVersion:' | sed -e 's/ProductVersion:[ ]*//'`"
+ # OSNAME="${OSNAME} `sysctl kern.version 2>/dev/null | sed -e 's/^kern.version = //' | cut -d: -f1`"
+
+- if [ -n "`sysctl -a 2>/dev/null | egrep '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then
++ if [ -n "`sysctl -a 2>/dev/null | grep -E '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then
+ OSNAME="${OSNAME} (64-bit capable)"
+ fi
+ ;;
+@@ -6708,7 +6708,7 @@
+ # this is what RPM does).
+ #
+
+- RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | egrep ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1`
++ RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | grep -E ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1`
+
+ test -z "${RPM_QUERY_RESULT}" && RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | tail ${TAIL_OPT}1`
+
+@@ -6883,7 +6883,7 @@
+ if [ -n "${PKGNAME}" ]; then
+ if [ -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then
+ FILNAM=`echo "${FNAME}" | sed -e 's:^/::; s:\.:\\\.:g'`
+- SYSHASH=`egrep "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1`
++ SYSHASH=`grep -E "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1`
+ test -n "${SYSHASH}" && FILE_IS_PKGD=1
+ fi
+ fi
+@@ -6925,7 +6925,7 @@
+ SYSHASH=""
+ RKHTMPVAR=`${HASH_CMD} "${FNAME}" 2>&1`
+
+- if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
++ if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
+ DEPENDENCY_ERR=1
+ RKHTMPVAR=`echo "${RKHTMPVAR}" | tr '\n' ':' | sed -e 's/:$//'`
+ else
+@@ -7311,13 +7311,13 @@
+
+ case $MIRRORS_MODE in
+ 0)
+- MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
++ MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
+ ;;
+ 1)
+- MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
++ MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
+ ;;
+ 2)
+- MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
++ MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1`
+ ;;
+ esac
+
+@@ -7337,13 +7337,13 @@
+
+ case $MIRRORS_MODE in
+ 0)
+- MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
++ MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
+ ;;
+ 1)
+- MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
++ MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
+ ;;
+ 2)
+- MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
++ MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-`
+ ;;
+ esac
+
+@@ -7370,7 +7370,7 @@
+ # Next get the remaining mirrors.
+ #
+
+- OTHERMIRRORS=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"`
++ OTHERMIRRORS=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"`
+
+
+ #
+@@ -7459,13 +7459,13 @@
+
+ case $MIRRORS_MODE in
+ 0)
+- MIRROR_COUNT=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
++ MIRROR_COUNT=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
+ ;;
+ 1)
+- MIRROR_COUNT=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
++ MIRROR_COUNT=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
+ ;;
+ 2)
+- MIRROR_COUNT=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
++ MIRROR_COUNT=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '`
+ ;;
+ esac
+
+@@ -7991,7 +7991,7 @@
+ # Now check to see if any unknown options have been configured.
+ #
+
+- RKHTMPVAR=`egrep -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}`
++ RKHTMPVAR=`grep -E -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}`
+
+ IFS=$IFSNL
+
+@@ -9587,7 +9587,7 @@
+ rpc.nfsd:tcp.log:Sniffer installed
+ sshd:/dev/ptyxx:OpenBSD Rootkit
+ sshd:/.config:SHV4 Rootkit
+- sshd:+\\$.*\\$\!.*\!\!\\$:Backdoored SSH daemon installed
++ sshd:+\\$.*\\$!.*!!\\$:Backdoored SSH daemon installed
+ sshd:backdoor.h:Trojaned SSH daemon
+ sshd:backdoor_active:Trojaned SSH daemon
+ sshd:magic_pass_active:Trojaned SSH daemon
+@@ -10712,7 +10712,7 @@
+ done
+
+
+- if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'libsafe|missing|empty'`" ]; then
++ if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'libsafe|missing|empty'`" ]; then
+ display --to LOG --type WARNING --nl PROPUPD_WARN
+ fi
+
+@@ -10964,7 +10964,7 @@
+
+ FILE_IS_PKGD=1
+
+- PKGNAME=`echo "${PKGNAME_ARCH}" | egrep '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1`
++ PKGNAME=`echo "${PKGNAME_ARCH}" | grep -E '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1`
+
+ test -z "${PKGNAME}" && PKGNAME=`echo "${PKGNAME_ARCH}" | tail ${TAIL_OPT}1`
+
+@@ -11163,7 +11163,7 @@
+ if [ -n "${PKGNAME}" -a -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then
+ FNGREP=`echo "${FNAMEGREP}" | sed -e 's:^/::'`
+
+- SYSHASH=`egrep "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1`
++ SYSHASH=`grep -E "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1`
+
+ if [ -n "${SYSHASH}" ]; then
+ FILE_IS_PKGD=1
+@@ -11172,7 +11172,7 @@
+ if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then
+ PKGMGR_VERIFY_RESULT="5"
+
+- if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
++ if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
+ DEPENDENCY_ERR=1
+ fi
+ fi
+@@ -11221,7 +11221,7 @@
+ if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then
+ PKGMGR_VERIFY_RESULT="5"
+
+- if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
++ if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
+ DEPENDENCY_ERR=1
+ fi
+ fi
+@@ -11252,7 +11252,7 @@
+ if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then
+ PKGMGR_VERIFY_RESULT="5"
+
+- if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
++ if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
+ DEPENDENCY_ERR=1
+ fi
+ fi
+@@ -11295,7 +11295,7 @@
+ fi
+ fi
+
+- if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep '5|(^..\?)'`" ]; then
++ if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E '5|(^..\?)'`" ]; then
+ HASH_TEST_PASSED=1
+ else
+ TEST_RESULT="${TEST_RESULT} verify:hashchanged"
+@@ -11349,7 +11349,7 @@
+ SYSHASH=`${HASH_CMD} "${FNAME}" 2>/dev/null | cut -d' ' -f $HASH_FLD_IDX`
+
+ if [ -z "${SYSHASH}" ]; then
+- if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
++ if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then
+ if [ "${RKHHASH}" = "ignore-prelink-dep-err" ]; then
+ SYSHASH="${RKHHASH}"
+ display --to LOG --type INFO FILE_PROP_IGNORE_PRELINK_DEP_ERR "`name2text \"${FNAME}\"`"
+@@ -11445,7 +11445,7 @@
+ #
+
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged"
++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged"
+ else
+ RKH_CC2=`expr $RKH_CC + 2`
+
+@@ -11465,7 +11465,7 @@
+ #
+
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged"
++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged"
+ else
+ RKH_CC2=`expr $RKH_CC + 3`
+
+@@ -11485,7 +11485,7 @@
+ #
+
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged"
++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged"
+ else
+ RKH_CC2=`expr $RKH_CC + 4`
+
+@@ -11525,7 +11525,7 @@
+ #
+
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'S|(^\?)'`" ]; then
++ if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'S|(^\?)'`" ]; then
+ SIZE_TEST_PASSED=1
+ else
+ TEST_RESULT="${TEST_RESULT} verify:sizechanged"
+@@ -11553,7 +11553,7 @@
+ #
+
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- echo "${PKGMGR_VERIFY_RESULT}" | egrep 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged"
++ echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged"
+ elif [ $PRELINKED -eq 0 -o $FILE_IS_PKGD -eq 0 ]; then
+ RKH_CC2=`expr $RKH_CC + 6`
+
+@@ -11574,7 +11574,7 @@
+
+ if [ -h "${FNAME}" ]; then
+ if [ $FILE_IS_PKGD -eq 1 ]; then
+- if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'L|(^....\?)'`" ]; then
++ if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'L|(^....\?)'`" ]; then
+ if [ $HAVE_READLINK -eq 1 ]; then
+ # Check the link target to see if it is whitelisted.
+
+@@ -11720,7 +11720,7 @@
+ RKHTMPVAR=`${LSATTR_CMD} "${FNAME}" 2>&1 | cut -d' ' -f1 | grep 'i'`
+ fi
+ else
+- RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | egrep 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'`
++ RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | grep -E 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'`
+ fi
+
+ #
+@@ -11768,9 +11768,9 @@
+ test -n "${BASENAME_CMD}" && RKHTMPVAR=`${BASENAME_CMD} "${FNAME}"` || RKHTMPVAR=`echo "${FNAME}" | sed -e 's:^.*/::'`
+
+ if [ "${RKHTMPVAR}" = "rkhunter" ]; then
+- SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i -v '(shell|/bin/sh) script( |,|$)'`
++ SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i -v '(shell|/bin/sh) script( |,|$)'`
+ else
+- SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i ' script( |,|$)'`
++ SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i ' script( |,|$)'`
+ fi
+
+ test -n "${SYSSCRIPT}" && TEST_RESULT="${TEST_RESULT} script"
+@@ -12256,7 +12256,7 @@
+ # Adding "text" to the egrep below widens scope at the expense of more false-positives and extending running time.
+ #
+
+- if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | egrep -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then
++ if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | grep -E -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then
+ FOUND=1
+ SUSPSCAN_NUM=1; SUSPSCAN_SCORE=0; SUSPSCAN_HITCOUNT=0
+ SUSPSCAN_STRINGS=""
+@@ -13151,7 +13151,7 @@
+ FOUND=0
+
+ if [ -n "${KSYMS_FILE}" ]; then
+- egrep -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1
++ grep -E -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1
+ fi
+
+ if [ $FOUND -eq 0 ]; then
+@@ -14061,7 +14061,7 @@
+
+ FNAMEGREP=`echo "${FNAMEGREP}" | sed -e 's/^|//;'`
+
+- if [ -n "`echo \"${FNAME}\" | egrep \"^(${FNAMEGREP})$\"`" ]; then
++ if [ -n "`echo \"${FNAME}\" | grep -E \"^(${FNAMEGREP})$\"`" ]; then
+ PROCWHITELISTED=1
+ fi
+ else
+@@ -14174,7 +14174,7 @@
+ RKHLSOF_FILE="${TEMPFILE}"
+ touch "${RKHLSOF_FILE}"
+
+- ${LSOF_CMD} -wnlP +c 0 2>&1 | egrep -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}"
++ ${LSOF_CMD} -wnlP +c 0 2>&1 | grep -E -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}"
+
+ #
+ # Now loop through the known suspicious filenames,
+@@ -14376,7 +14376,7 @@
+ ROOTKIT_COUNT=`expr $ROOTKIT_COUNT + 1`
+
+ SEEN=1
+- FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'`
++ FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | grep -E -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'`
+
+ if [ -z "${FOUND_PROCS}" ]; then
+ # Nothing found.
+@@ -14957,7 +14957,7 @@
+ IFS=$IFSNL
+
+ # Get the default enabled services.
+- for LINE in `egrep '^[ ]*enabled[ ]*\+?=' "${FILENAME}"`; do
++ for LINE in `grep -E '^[ ]*enabled[ ]*+?=' "${FILENAME}"`; do
+ SEEN=1
+
+ RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '`
+@@ -14975,7 +14975,7 @@
+
+
+ # Get the default disabled services.
+- for LINE in `egrep '^[ ]*disabled[ ]*\+?=' "${FILENAME}"`; do
++ for LINE in `grep -E '^[ ]*disabled[ ]*+?=' "${FILENAME}"`; do
+ RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '`
+
+ XINETD_DFLTS_DISABLED="${XINETD_DFLTS_DISABLED} ${RKHTMPVAR}"
+@@ -15024,14 +15024,14 @@
+ #
+
+ if [ -n "${XINETD_DFLTS_ENABLED}" ]; then
+- if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | egrep \"${SVCID}\"`" ]; then
+- if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then
++ if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | grep -E \"${SVCID}\"`" ]; then
++ if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then
+ SEEN=1
+ IFS=$IFSNL
+ break
+ fi
+ fi
+- elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then
++ elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then
+ :
+ elif [ -z "`echo $DATA | grep 'disable = yes'`" ]; then
+ SEEN=1
+@@ -15368,7 +15368,7 @@
+ test -f "${DIR}/mod_rootme2.so" && FOUNDFILES="${FOUNDFILES} ${DIR}/mod_rootme2.so"
+
+ if [ -f "${DIR}/httpd.conf" ]; then
+- if [ -n "`egrep 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then
++ if [ -n "`grep -E 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then
+ FOUNDFILES="${FOUNDFILES} ${DIR}/httpd.conf"
+ fi
+ fi
+@@ -15671,7 +15671,7 @@
+ ${FIND_CMD} "${LKM_PATH}" -type f -a \( -name "*.o" -o -name "*.ko" -o -name "*.ko.xz" \) >"${TEMPFILE}" 2>/dev/null
+
+ for RKHTMPVAR in ${LKM_NAMES}; do
+- if [ -n "`egrep \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then
++ if [ -n "`grep -E \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then
+ FOUND=1
+ FOUNDFILES="${FOUNDFILES} ${RKHTMPVAR}"
+ fi
+@@ -15821,10 +15821,10 @@
+ if [ -n "`echo \"${LSOFLINE}\" | grep \" ${PROTO} \*:${PORT} \"`" ]; then
+ # Process listening for connections from anywhere.
+ PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'`
+- elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then
++ elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then
+ # Established or listening process using IPv4 address.
+ PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'`
+- elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then
++ elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then
+ # Established or listening process using IPv6 address.
+ PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'`
+ else
+@@ -15886,7 +15886,7 @@
+ if [ "${PROTO}" = "UDP" ]; then
+ FOUND=`${NETSTAT_CMD} -an | grep -i "^udp.*\.${PORT} " | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"`
+ elif [ "${PROTO}" = "TCP" ]; then
+- FOUND=`${NETSTAT_CMD} -an | egrep -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"`
++ FOUND=`${NETSTAT_CMD} -an | grep -E -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"`
+ fi
+ ;;
+ SunOS)
+@@ -15897,10 +15897,10 @@
+ FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^UDP: IPv6/, /^$/ { print $1 }' | grep "\.${PORT}$"`
+ fi
+ elif [ "${PROTO}" = "TCP" ]; then
+- FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"`
++ FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"`
+
+ if [ -z "${FOUND}" ]; then
+- FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"`
++ FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"`
+ fi
+ fi
+ ;;
+@@ -16435,7 +16435,7 @@
+ WHITEPROC=""
+ BLACKPROC=""
+
+- LIBPCAPRES=`egrep -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1`
++ LIBPCAPRES=`grep -E -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1`
+
+ if [ -n "${LIBPCAPRES}" ]; then
+ ALLOWPROCLISTENERS=""
+@@ -16451,7 +16451,7 @@
+
+ INODE_LIST=""
+
+- for INODE in `egrep -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do
++ for INODE in `grep -E -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do
+ INODE_LIST="${INODE_LIST}|$INODE"
+ done
+
+@@ -16459,7 +16459,7 @@
+ test -z "${INODE_LIST}" && INODE_LIST="RKHunterPktCapture"
+
+
+- for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | egrep "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do
++ for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | grep -E "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do
+ NAME=""
+
+ if [ -h "/proc/$PID/exe" -a $HAVE_READLINK -eq 1 ]; then
+@@ -16677,7 +16677,7 @@
+ RKHTMPVAR=`grep "${STRING}" "${FNAME}"`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+- test -z "`echo \"${RKHTMPVAR}\" | egrep -v '^[ ]*#'`" && continue
++ test -z "`echo \"${RKHTMPVAR}\" | grep -E -v '^[ ]*#'`" && continue
+
+ if [ -n "`echo \"${RTKT_FILE_WHITELIST}\" | grep \"^${FNAMEGREP}:${STRING}$\"`" ]; then
+ if [ $VERBOSE_LOGGING -eq 1 ]; then
+@@ -16951,7 +16951,7 @@
+ if [ -n "${DSCL_CMD}" ]; then
+ display --to LOG --type INFO FOUND_CMD 'dscl' "${DSCL_CMD}"
+
+- RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | egrep '^[^ )]' | cut -d' ' -f1`
++ RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | grep -E '^[^ )]' | cut -d' ' -f1`
+ else
+ display --to LOG --type INFO NOT_FOUND_CMD 'dscl'
+ fi
+@@ -17526,7 +17526,7 @@
+
+ test $SUNOS -eq 1 -o $IRIXOS -eq 1 && PS_ARGS="-ef"
+
+- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep '(syslogd|syslog-ng)( |$)' | grep -v 'egrep'`
++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E '(syslogd|syslog-ng)( |$)' | grep -v 'grep'`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+ SYSLOG_SEEN=1
+@@ -17546,7 +17546,7 @@
+ TITLE_SHOWN=1
+ fi
+
+- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'systemd-journald( |$)' | grep -v 'egrep'`
++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'systemd-journald( |$)' | grep -v 'grep'`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+ SYSTEMD_SEEN=1
+@@ -17562,7 +17562,7 @@
+ TITLE_SHOWN=1
+ fi
+
+- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'metalog( |$)' | grep -v 'egrep'`
++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'metalog( |$)' | grep -v 'grep'`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+ METALOG_SEEN=1
+@@ -17578,7 +17578,7 @@
+ TITLE_SHOWN=1
+ fi
+
+- RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'socklog( |$)' | grep -v 'egrep'`
++ RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'socklog( |$)' | grep -v 'grep'`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+ SOCKLOG_SEEN=1
+@@ -17639,7 +17639,7 @@
+ RKHTMPVAR="an"
+ elif [ -n "`echo \"${FNAME}\" | grep '/syslog-ng\.conf$'`" ]; then
+ FTYPE="syslog-ng"
+- elif [ -n "`echo \"${FNAME}\" | egrep '/(systemd-)?journald\.conf$'`" ]; then
++ elif [ -n "`echo \"${FNAME}\" | grep -E '/(systemd-)?journald\.conf$'`" ]; then
+ FTYPE="systemd"
+ else
+ FTYPE="syslog"
+@@ -17657,15 +17657,15 @@
+ if [ "${FTYPE}" != "systemd" ]; then
+ RKHTMPVAR=""
+
+- if [ -n "`echo \"${FNAME}\" | egrep '/r?syslog\.conf$'`" ]; then
+- RKHTMPVAR=`egrep -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | egrep -i -v '(@|:omrelp:)127\.'`
++ if [ -n "`echo \"${FNAME}\" | grep -E '/r?syslog\.conf$'`" ]; then
++ RKHTMPVAR=`grep -E -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | grep -E -i -v '(@|:omrelp:)127\.'`
+ else
+ #
+ # For syslog-ng we must look for a destination
+ # block which uses TCP or UDP.
+ #
+
+- RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | egrep -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | egrep -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'`
++ RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | grep -E -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | grep -E -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'`
+ fi
+
+ if [ -n "${RKHTMPVAR}" ]; then
+@@ -17681,7 +17681,7 @@
+ # that the warnings are shown before anything else.
+ #
+
+- if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then
++ if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then
+ display --to SCREEN+LOG --type PLAIN --result WARNING --color RED --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_FILE
+ display --to LOG --type WARNING SYSTEM_CONFIGS_SYSLOG_NO_FILE 'syslog'
+ elif [ $SYSTEMD_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep ' systemd '`" ]; then
+@@ -17697,7 +17697,7 @@
+ # We only display the remote logging result if a configuration file was found.
+ #
+
+- if [ -n "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then
++ if [ -n "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then
+ if [ $ALLOW_SYSLOG_REMOTE_LOGGING -eq 1 ]; then
+ display --to SCREEN+LOG --type PLAIN --result ALLOWED --color GREEN --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_SYSLOG_REMOTE
+ elif [ $REM_LOGGING_FOUND -eq 0 ]; then
+@@ -17734,7 +17734,7 @@
+ FTYPE=`echo "${FTYPE}" | tail ${TAIL_OPT}1`
+ fi
+
+- if [ -z "`echo \"${FTYPE}\" | egrep -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then
++ if [ -z "`echo \"${FTYPE}\" | grep -E -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then
+ return
+ fi
+
+@@ -17832,7 +17832,7 @@
+ RKHTMPVAR=`find_cmd mount`
+
+ if [ -n "${RKHTMPVAR}" ]; then
+- test -n "`${RKHTMPVAR} 2>/dev/null | egrep '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1
++ test -n "`${RKHTMPVAR} 2>/dev/null | grep -E '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1
+ else
+ display --to LOG --type INFO NOT_FOUND_CMD 'mount'
+ fi
+@@ -17930,7 +17930,7 @@
+
+ for DIR in ${SHORTSEARCHDIRS}; do
+ if [ -d "${DIR}" ]; then
+- RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | egrep -v '/\.\.?$'`
++ RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | grep -E -v '/\.\.?$'`
+ test -n "${RKHTMPVAR}" && LOOKINDIRS="${LOOKINDIRS}
+ ${RKHTMPVAR}"
+ fi
+@@ -17972,7 +17972,7 @@
+
+ FTYPE=`${FILE_CMD} "${FNAME}" 2>&1 | ${AWK_CMD} -F':' '{ print $NF }' | cut -c2-`
+
+- test -n "`echo \"${FTYPE}\" | egrep 'character special|block special|empty'`" && continue
++ test -n "`echo \"${FTYPE}\" | grep -E 'character special|block special|empty'`" && continue
+
+ FNAMEGREP=`echo "${FNAME}" | sed -e 's/\([.$*?\\]\)/\\\\\1/g; s/\[/\\\\[/g; s/\]/\\\\]/g'`
+
+@@ -18313,7 +18313,7 @@
+ ;;
+ named)
+ WHOLE_VERSION=`${APP_CMD_FOUND} -v 2>/dev/null`
+- VERSION=`echo "${WHOLE_VERSION}" | egrep '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'`
++ VERSION=`echo "${WHOLE_VERSION}" | grep -E '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'`
+
+ if [ -n "`echo \"${VERSION}\" | grep '^[^-]*\.[0-9][0-9]*-P[^-]*-'`" ]; then
+ VERSION=`echo "${VERSION}" | cut -d'-' -f1-2`
+@@ -18377,7 +18377,7 @@
+ if [ -n "`echo \"${APP_WHITELIST}\" | grep -i \" ${APPLICATION}:${RKHTMPVAR} \"`" ]; then
+ APP_RESULTS="${APP_RESULTS}
+ ${APPLICATION}%${APPLICATION_DESC}%${VERSION}%-1"
+- elif [ -n "`egrep -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then
++ elif [ -n "`grep -E -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then
+ APPS_FAILED_COUNT=`expr ${APPS_FAILED_COUNT} + 1`
+
+ APP_RESULTS="${APP_RESULTS}
+@@ -19462,7 +19462,7 @@
+ #
+
+ echo $ECHOOPT ""
+- echo $ECHOOPT "Usage: rkhunter {--check | --unlock |"
++ echo $ECHOOPT "Usage: rkhunter {--check | --unlock | --update | --versioncheck |"
+ echo $ECHOOPT " --propupd [{filename | directory | package name},...] |"
+ echo $ECHOOPT " --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |"
+ echo $ECHOOPT " --config-check | --version | --help} [options]"
+@@ -19791,8 +19791,8 @@
+ # required commands are tested early on using just the root PATH. Then
+ # BINDIR is checked, and finally the rest of the commands are then
+ # checked using the new PATH from BINDIR.
+-ABSOLUTELY_REQUIRED_CMDS="cut egrep grep sed tail tr"
+-REQCMDS="awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail touch tr uname uniq wc"
++ABSOLUTELY_REQUIRED_CMDS="cut grep sed tail tr"
++REQCMDS="awk cat chmod chown cp cut date grep head ls mv sed sort tail touch tr uname uniq wc"
+
+ # This will be set to a list of commands that have been disabled.
+ DISABLED_CMDS=""
+@@ -20896,10 +20896,10 @@
+ #
+
+ if [ -z "${PRELINK_HASH}" ]; then
+- if [ -z "`echo \"${HASH_FUNC}\" | egrep '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then
++ if [ -z "`echo \"${HASH_FUNC}\" | grep -E '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then
+ RKHTMPVAR=`echo "${HASH_FUNC}" | cut -d' ' -f1`
+
+- if [ -z "`echo ${RKHTMPVAR} | egrep -i 'sha1|md5'`" ]; then
++ if [ -z "`echo ${RKHTMPVAR} | grep -E -i 'sha1|md5'`" ]; then
+ if [ $HASH_OPT -eq 1 ]; then
+ echo "This system uses prelinking, but the '--hash' option (${HASH_FUNC}) does not look like SHA1 or MD5."
+ else
+@@ -21007,7 +21007,7 @@
+ #
+ IFS=$IFSNL
+
+-for LINE in `egrep '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do
++for LINE in `grep -E '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do
+ TYPE=`echo "${LINE}" | cut -d: -f1`
+
+ if [ "${LANGUAGE}" != "en" ]; then
+@@ -21212,7 +21212,7 @@
+ fi
+ elif [ -n "${PRELINK_HASH}" ]; then
+ display --to LOG --type INFO HASH_FUNC_PRELINK "${PRELINK_HASH}"
+- elif [ -z "`echo \"${HASH_FUNC}\" | egrep -i 'sha1|md5'`" ]; then
++ elif [ -z "`echo \"${HASH_FUNC}\" | grep -E -i 'sha1|md5'`" ]; then
+ SKIP_HASH_MSG=1
+ else
+ display --to LOG --type INFO HASH_FUNC "${HASH_FUNC}"
+
diff --git a/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild b/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild
new file mode 100644
index 000000000000..84bbbe851de2
--- /dev/null
+++ b/app-forensics/rkhunter/rkhunter-1.4.6-r2.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1
+
+DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers"
+HOMEPAGE="http://rkhunter.sf.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~mips ~ppc ~x86"
+IUSE=""
+
+RDEPEND="
+ app-shells/bash
+ dev-lang/perl
+ sys-process/lsof[rpc]
+"
+
+S="${WORKDIR}/${P}/files"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.4.6-conf.patch"
+ "${FILESDIR}/${PN}-1.4.6-no-insecure-web.patch"
+ "${FILESDIR}/${PN}-1.4.6-grep-3.8.patch"
+)
+
+src_install() {
+ # rkhunter requires to be root
+ dosbin ${PN}
+
+ insinto /etc
+ doins ${PN}.conf
+
+ exeinto /usr/lib/${PN}/scripts
+ doexe *.pl
+
+ insinto /var/lib/${PN}/db
+ doins *.dat
+
+ insinto /var/lib/${PN}/db/i18n
+ doins i18n/*
+
+ doman ${PN}.8
+ dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README
+
+ exeinto /etc/cron.daily
+ newexe "${FILESDIR}/${PN}-1.4.cron" ${PN}
+
+ newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN}
+}
+
+pkg_postinst() {
+ elog "A cron script has been installed to /etc/cron.daily/rkhunter."
+ elog "To enable it, edit /etc/cron.daily/rkhunter and follow the"
+ elog "directions."
+ elog "If you want ${PN} to send mail, you will need to install"
+ elog "virtual/mailx or alter the EMAIL_CMD variable in the"
+ elog "cron script and possibly the MAIL_CMD variable in the"
+ elog "${PN}.conf file to use another mail client."
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-14 2:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-14 2:00 [gentoo-commits] repo/gentoo:master commit in: app-forensics/rkhunter/files/, app-forensics/rkhunter/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2018-03-17 23:54 Michael Palimaka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox