Grep warning when running rkhunter

Another interesting bit with rkhunter seems to be this that also started with F38:

# rkhunter -c --rwo --sk --nomow
grep: warning: + at start of expression

Looking through the non-shortened output, it appears this happens in this part:

Checking application versions...

grep: warning: + at start of expression
    Checking version of GnuPG                                [ OK ]
    Checking version of OpenSSL                              [ OK ]
    Checking version of PHP                                  [ OK ]
    Checking version of OpenSSH                              [ OK ]

rhkunter log doesn’t show any issue though:

[09:14:05] Info: Starting test name 'apps'
[09:14:05] Checking application versions...
[09:14:05] Info: Application 'exim' not found.
[09:14:05]   Checking version of GnuPG                       [ OK ]
[09:14:05] Info: Application 'gpg' version '2.4.0' found.
[09:14:05] Info: Application 'httpd' not found.
[09:14:05] Info: Application 'named' not found.
[09:14:05]   Checking version of OpenSSL                     [ OK ]
[09:14:05] Info: Application 'openssl' version '3.0.8' found.
[09:14:05]   Checking version of PHP                         [ OK ]
[09:14:05] Info: Application 'php' version '8.2.6' found.
[09:14:05] Info: Application 'procmail' not found.
[09:14:05] Info: Application 'proftpd' not found.
[09:14:05]   Checking version of OpenSSH                     [ OK ]
[09:14:05] Info: Application 'sshd' version '9.0,' found.
[09:14:05] Info: Applications checked: 4 out of 9

No customizations done in /etc/rkhunter.conf that could be the cause for and all + character parameters are quoted there.

Upstream bug: Rootkit Hunter / Bugs / #176 Warning messages since grep has been updgraded to 3.8

I haven’t looked in detail, but there were some patches related to grep in the Fedora package already. If there are still problems with the latest packaged version 1.4.6-21.fc38 then you should file a bug on the package.

2 Likes