From 3f183f5f0da46e0b9eebc9e149fd3d36f8f1d839 Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Sun, 30 Aug 2009 23:48:40 +0000
Subject: Support enforcing file permissions in periodic msec runs

---
 cron-sh/scripts/01_files.sh | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'cron-sh/scripts')

diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index a38a874..b9940ed 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -237,11 +237,16 @@ fi
 fi # End of CHECK_USER_FILES
 
 # now check default permissions
-if [[ ${CHECK_PERMS} == yes ]]; then
+if [[ ${CHECK_PERMS} == yes || ${CHECK_PERMS} == enforce ]]; then
+        if [[ ${CHECK_PERMS} == enforce ]]; then
+                MSECPERMS_PARAMS="-e"
+        else
+                MSECPERMS_PARAMS=""
+        fi
         # running msec_perms
-        /usr/sbin/msecperms > ${MSEC_TMP} 2>&1
+        /usr/sbin/msecperms $MSECPERMS_PARAMS > ${MSEC_TMP} 2>&1
         if [[ -s ${MSEC_TMP} ]]; then
-                printf "\nPermissions changes on system files:\n" >> ${SECURITY}
+                printf "\nPermissions changes on files watched by msec:\n" >> ${SECURITY}
                 cat ${MSEC_TMP} | sed -e 's/WARNING: //g' >> ${SECURITY}
         fi
 fi
-- 
cgit v1.2.1