3 files changed, 40 insertions, 10 deletions

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 1441c49..8e14c73 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -146,6 +146,18 @@ fi
 
 ### rpm database
 if [[ ${RPM_CHECK} == yes ]]; then
+    if [[ -f ${RPM_QA_YESTERDAY} ]]; then
+	diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
+	if [ -s ${RPM_QA_DIFF} ]; then
+	    printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${TMP}
+	    grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
+		printf "\t\t-   added package : ${file}\n"
+	    done >> ${TMP}
+	    grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
+		printf "\t\t- removed package : ${file}\n"
+	    done >> ${TMP}
+	fi
+    fi
     if [[ -f ${RPM_VA_YESTERDAY} ]]; then
 	diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF}
 	if [ -s ${RPM_VA_DIFF} ]; then
@@ -158,15 +170,15 @@ if [[ ${RPM_CHECK} == yes ]]; then
 	    done >> ${TMP}
 	fi
     fi
-    if [[ -f ${RPM_QA_YESTERDAY} ]]; then
-	diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
-	if [ -s ${RPM_QA_DIFF} ]; then
-	    printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${TMP}
-	    grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
-		printf "\t\t-   added package : ${file}\n"
+    if [[ -f ${RPM_VA_CONFIG_YESTERDAY} ]]; then
+	diff -u ${RPM_VA_CONFIG_YESTERDAY} ${RPM_VA_CONFIG_TODAY} > ${RPM_VA_CONFIG_DIFF}
+	if [ -s ${RPM_VA_CONFIG_DIFF} ]; then
+	    printf "\nSecurity Warning: These config files belonging to packages have changed of status on the system :\n" >> ${TMP}
+	    grep '^+' ${RPM_VA_CONFIG_DIFF} | grep -vw "^+++ " | sed 's|^.||' | while read file; do
+		printf "\t\t-   newly modified : ${file}\n"
 	    done >> ${TMP}
-	    grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
-		printf "\t\t- removed package : ${file}\n"
+	    grep '^-' ${RPM_VA_CONFIG_DIFF} | grep -vw "^--- " | sed 's|^.||' | while read file; do
+		printf "\t\t- no more modified : ${file}\n"
 	    done >> ${TMP}
 	fi
     fi
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 764bcc0..1c2dfec 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -43,6 +43,9 @@ UNOWNED_GROUP_DIFF="/var/log/security/unowned_group.diff"
 export RPM_VA_TODAY="/var/log/security/rpm-va.today"
 RPM_VA_YESTERDAY="/var/log/security/rpm-va.yesterday"
 RPM_VA_DIFF="/var/log/security/rpm-va.diff"
+export RPM_VA_CONFIG_TODAY="/var/log/security/rpm-va-config.today"
+RPM_VA_CONFIG_YESTERDAY="/var/log/security/rpm-va-config.yesterday"
+RPM_VA_CONFIG_DIFF="/var/log/security/rpm-va-config.diff"
 export RPM_QA_TODAY="/var/log/security/rpm-qa.today"
 RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
 RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
@@ -94,6 +97,10 @@ if [[ -f ${RPM_VA_TODAY} ]]; then
     mv -f ${RPM_VA_TODAY} ${RPM_VA_YESTERDAY}
 fi
 
+if [[ -f ${RPM_VA_CONFIG_TODAY} ]]; then
+    mv -f ${RPM_VA_CONFIG_TODAY} ${RPM_VA_CONFIG_YESTERDAY}
+fi
+
 if [[ -f ${RPM_QA_TODAY} ]]; then
     mv -f ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY}
 fi
@@ -147,8 +154,12 @@ if [[ ${RPM_CHECK} == yes ]]; then
     fi
     
     rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY}
-    
-    nice --adjustment=+19 rpm -V `cut -f 1  < ${RPM_QA_TODAY} | grep -v '^dev-[0-9]'` | grep '^..5' | sed 's/...........//' | sort > ${RPM_VA_TODAY}
+
+    rm -f ${RPM_VA_TODAY}.tmp
+    nice --adjustment=+19 rpm -V `cut -f 1  < ${RPM_QA_TODAY} | grep -v '^dev-[0-9]'` | grep '^..5' | sort > ${RPM_VA_TODAY}.tmp
+    grep -v '^.........c.'  ${RPM_VA_TODAY}.tmp | sed 's/^...........//' | sort > ${RPM_VA_TODAY}
+    grep '^.........c.'  ${RPM_VA_TODAY}.tmp | sed 's/^...........//' | sort > ${RPM_VA_CONFIG_TODAY}
+    rm -f ${RPM_VA_TODAY}.tmp
 fi
 
 ### chkrootkit checks
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index dcdbfc4..2ed31aa 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -260,6 +260,13 @@ if [[ ${RPM_CHECK} == yes ]]; then
 	    printf "\t\t- $f\n"
         done >> ${SECURITY}
     fi
+
+    if [[ -s ${RPM_VA_CONFIG_TODAY} ]]; then
+	printf "\nSecurity Warning: These config files belonging to packages are modified on the system :\n" >> ${SECURITY}
+	cat ${RPM_VA_CONFIG_TODAY} | while read f; do
+	    printf "\t\t- $f\n"
+        done >> ${SECURITY}
+    fi
 fi
 
 ### chkrootkit checks