Another interesting bit with rkhunter seems to be this that also started with F38:
# rkhunter -c --rwo --sk --nomow
grep: warning: + at start of expression
Looking through the non-shortened output, it appears this happens in this part:
Checking application versions...
grep: warning: + at start of expression
Checking version of GnuPG [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of OpenSSH [ OK ]
rhkunter log doesn’t show any issue though:
[09:14:05] Info: Starting test name 'apps'
[09:14:05] Checking application versions...
[09:14:05] Info: Application 'exim' not found.
[09:14:05] Checking version of GnuPG [ OK ]
[09:14:05] Info: Application 'gpg' version '2.4.0' found.
[09:14:05] Info: Application 'httpd' not found.
[09:14:05] Info: Application 'named' not found.
[09:14:05] Checking version of OpenSSL [ OK ]
[09:14:05] Info: Application 'openssl' version '3.0.8' found.
[09:14:05] Checking version of PHP [ OK ]
[09:14:05] Info: Application 'php' version '8.2.6' found.
[09:14:05] Info: Application 'procmail' not found.
[09:14:05] Info: Application 'proftpd' not found.
[09:14:05] Checking version of OpenSSH [ OK ]
[09:14:05] Info: Application 'sshd' version '9.0,' found.
[09:14:05] Info: Applications checked: 4 out of 9
No customizations done in /etc/rkhunter.conf that could be the cause for and all + character parameters are quoted there.