3 files changed, 12 insertions, 4 deletions

diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 2062902..f5b32fd 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -56,6 +56,7 @@ fi
 
 if [[ ${CHECK_PERMS} == yes ]]; then
 	# running msec_perms
+	printf "\tChecking permissions on system files"
 fi
 
 if [[ ${CHECK_USER_FILES} == yes ]]; then
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 1083904..b3dc283 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1651,28 +1651,34 @@ class PERMS:
                 force = True
 
             if newuser != None:
-                self.log.info(_("Enforcing user on %s to %s") % (file, self.get_user_name(newuser)))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing user on %s to %s") % (file, self.get_user_name(newuser)))
                     try:
                         os.chown(file, newuser, -1)
                     except:
                         self.log.error(_("Error changing user on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad owner of %s: should be %s") % (file, self.get_user_name(newuser)))
             if newgroup != None:
-                self.log.info(_("Enforcing group on %s to %s") % (file, self.get_group_name(newgroup)))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing group on %s to %s") % (file, self.get_group_name(newgroup)))
                     try:
                         os.chown(file, -1, newgroup)
                     except:
                         self.log.error(_("Error changing group on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad group of %s: should be %s") % (file, self.get_group_name(newgroup)))
             # permissions should be last, as chown resets them
             # on suid files
             if newperm != None:
-                self.log.info(_("Enforcing permissions on %s to %o") % (file, newperm))
                 if force and really_commit:
+                    self.log.warn(_("Enforcing permissions on %s to %o") % (file, newperm))
                     try:
                         os.chmod(file, newperm)
                     except:
                         self.log.error(_("Error changing permissions on %s: %s") % (file, sys.exc_value))
+                else:
+                    self.log.warn(_("Bad permissions of %s: should be %o") % (file, newperm))
 
 
     def check_perms(self, perms):
diff --git a/src/msec/msecperms.py b/src/msec/msecperms.py
index a0f1676..3cba97e 100755
--- a/src/msec/msecperms.py
+++ b/src/msec/msecperms.py
@@ -119,7 +119,8 @@ if __name__ == "__main__":
         # logs to file and to terminal
         log = Log(log_path=config.SECURITYLOG, interactive=True, log_syslog=False, log_level=log_level)
     else:
-        log = Log(log_path=config.SECURITYLOG, interactive=False, log_level=log_level)
+        log_level = logging.WARN
+        log = Log(log_path=config.SECURITYLOG, interactive=True, log_syslog=False, log_level=log_level)
 
     # loading permissions
     permconf = config.PermConfig(log, config=config.PERMCONF)