Not sure if the following belongs in this category ( or even if Manjaro is responsible for this):
krb5 package installs 2 man pages in
/usr/share/man/man5 as a
. file, which somewhat obfuscates its location. The file name in full is
.k5login.5.gz. While it is understandable the reasoning behind this file naming convention was chosen (since both man pages cover the relevent
. files that can be found in a
$HOME directory) it still seems to me ill advised since it would not listed on a cursory
ls of the directory in question. (Nor am I sure I would have had the sense to pre-pend the
. were I looking for these man pages. I only noticed this after running
rkhunter on the system.
That being said, these files are not malicious whatsoever. They are legitimate man pages.
Another thing of note:
egrep found in
/usr/bin are scripts apparently. While innocuous, I could see this providing a security weakness (albeit, one not likely to be exploited). Wouldn’t it be better served as an alias? (this is from the