You are not logged in.

Pages: 1

#1 2014-11-28 16:50:09

MrWeatherbee
Member
Registered: 2007-08-01
Posts: 277

RKHunter / GREP 2.21 Issue

In the past couple of days, I noticed some error messages in my 'fcron' outupt related to 'rkhunter' (v1.4.2-1):

/usr/bin/rkhunter: line 7439: [: too many arguments

Following up on the messages, I found this at Line 7439 in '/usr/bin/rkhunter':

if [ $PROG_VERS -lt $LATEST_VERS ]; then

By adding some debugging lines to the code, I found that $PROG_VERS should be the version number extracted (using grep) from the first line of each of the files located in '/var/lib/rkhunter/db/i18n/'.

This works fine with grep 2.20, as the output is (using /var/lib/rkhunter/db/i18n/zh as the example):

2009091601

However, after the upgrade to grep v2.21, the contents of the variable, $PROG_VERS' is (using /var/lib/rkhunter/db/i18n/zh as the example):

Binary file /var/lib/rkhunter/db/i18n/zh matches

thus producing the 'too many arguments' error.

Searching through the 'rkhunter' code, I noticed that the developers provided a 'grep' option (empty by default) at lines 18470-18471:

# Does 'grep' need an extra option to check binary files?
GREP_OPT=""

Just below that code, the  developers provide individual 'GREP_OPT' settings for various OS types (Lines 18473 - 18498):

# Set the O/S type if necessary.
BSDOS=0
SUNOS=0
IRIXOS=0
MACOSX=0
LINUXOS=0

case "${OPERATING_SYSTEM}" in
Linux)
	LINUXOS=1
	;;
*BSD|DragonFly)
	BSDOS=1
	HASH_FLD_IDX=4
	GREP_OPT="-a"
	;;
SunOS)
	SUNOS=1
	;;
IRIX*)
	IRIXOS=1
	;;
Darwin)
	MACOSX=1
	;;
esac

Note that BSD is set to:

GREP_OPT="-a"

while the Linux case is not set at all.

Adding 'GREP_OPT="-a"' to the Linux case as shown below:

Linux)
	LINUXOS=1
	GREP_OPT="-a"
    ;;

fixes the issue and the error messages are no longer presented.

Digging further, the error only occured when 'rkhunter' called 'grep' against these two of its files in the directory:

/var/lib/rkhunter/db/i18n/tr
/var/lib/rkhunter/db/i18n/zh

All other files in the directory were properly grep'd.

The only difference between the two problematic files and the others in the directory is that the former are ISO-8859 text while the latter are ASCII text.

By the way, testing 'grep' from the command line against the aforementioned files (i.e., not testing indirectly via 'rkhunter') and testing other similarly encoded, randomly chosen files produces the same results as outlined above.

So, what changed in 'grep' between v2.20 and 2.21 that now causes grepping certain text encodings to require the '-a' (treat binary as text) option, whereas before they were treated as text without the option? Is this a bug, or a bug-fix (i.e., should gnu 'grep' always have been working this way for these types of files)? Or, is it just a random desire to change the behavior of gnu 'grep'? smile

Note - when searching for related issues, I found that one user had reported a similar bug/issue with 'grep', but he claims that 'grep' is apparently treating all his files as binary, rather than just specific encodings. Perhaps he only tested / only uses problematic encodings?

https://bugs.archlinux.org/task/42940

Last edited by MrWeatherbee (2014-11-28 16:52:10)

Offline

#2 2014-12-11 01:21:27

dfunk
Member
Registered: 2014-12-11
Posts: 4

Re: RKHunter / GREP 2.21 Issue

Thanks for your informative post.
It appears this is now normal grep behaviour from 2.21:

If a file contains data improperly encoded for the current locale,
  and this is discovered before any of the file's contents are output,
  grep now treats the file as binary.

grep-2.21 released

So I'd say this is an rkhutner bug.

Offline

Pages: 1

Board footer

Powered by FluxBB