From 13f9b65dec5018f4c07bf4b918f65801de1ae90d Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Tue, 6 Jan 2009 23:53:26 +0000
Subject: Non-interactive permissions checking.

---
 cron-sh/security_check.sh |  1 +
 src/msec/libmsec.py       | 12 +++++++++---
 src/msec/msecperms.py     |  3 ++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 2062902..f5b32fd 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -56,6 +56,7 @@ fi
 
 if [[ ${CHECK_PERMS} == yes ]]; then
 	# running msec_perms
+	printf "\tChecking permissions on system files"
 fi
 
 if [[ ${CHECK_USER_FILES} == yes ]]; then
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 1083904..b3dc283 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1651,28 +1651,34 @@ class PERMS:
                 force = True
 
             if newuser != None:
-                self.log.info(_("Enforcing user on %s to %s") % (file, self.get_user_name(newuser)))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing user on %s to %s") % (file, self.get_user_name(newuser)))
                     try:
                         os.chown(file, newuser, -1)
                     except:
                         self.log.error(_("Error changing user on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad owner of %s: should be %s") % (file, self.get_user_name(newuser)))
             if newgroup != None:
-                self.log.info(_("Enforcing group on %s to %s") % (file, self.get_group_name(newgroup)))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing group on %s to %s") % (file, self.get_group_name(newgroup)))
                     try:
                         os.chown(file, -1, newgroup)
                     except:
                         self.log.error(_("Error changing group on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad group of %s: should be %s") % (file, self.get_group_name(newgroup)))
             # permissions should be last, as chown resets them
             # on suid files
             if newperm != None:
-                self.log.info(_("Enforcing permissions on %s to %o") % (file, newperm))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing permissions on %s to %o") % (file, newperm))
                     try:
                         os.chmod(file, newperm)
                     except:
                         self.log.error(_("Error changing permissions on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad permissions of %s: should be %o") % (file, newperm))
 
 
     def check_perms(self, perms):
diff --git a/src/msec/msecperms.py b/src/msec/msecperms.py
index a0f1676..3cba97e 100755
--- a/src/msec/msecperms.py
+++ b/src/msec/msecperms.py
@@ -119,7 +119,8 @@ if __name__ == "__main__":
         # logs to file and to terminal
         log = Log(log_path=config.SECURITYLOG, interactive=True, log_syslog=False, log_level=log_level)
     else:
-        log = Log(log_path=config.SECURITYLOG, interactive=False, log_level=log_level)
+        log_level = logging.WARN
+        log = Log(log_path=config.SECURITYLOG, interactive=True, log_syslog=False, log_level=log_level)
 
     # loading permissions
     permconf = config.PermConfig(log, config=config.PERMCONF)
-- 
cgit v1.2.1