# HG changeset patch
# User Michiel Broek <mbroek@mbse.eu>
# Date 1361126964 -3600
# Node ID c4a1470ab59d6c42c5bf1f7988650aa0d0a6eef9
# Parent  59e07bba67ccac6dd864630b24efc0db9206bf1d
Logs check's only yesterdays events, better mailbox check

diff -r 59e07bba67cc -r c4a1470ab59d cron.daily/security
--- a/cron.daily/security	Thu Dec 06 15:08:01 2012 +0100
+++ b/cron.daily/security	Sun Feb 17 19:49:24 2013 +0100
@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 #############################################################################
-# Copyright (C) 2005-2009
+# Copyright (C) 2005-2013
 #   
-# Michiel Broek               <mbse@mbse.dds.nl>
+# Michiel Broek               <mbse at mbse.eu>
 # Beekmansbos 10
 # 1971 BV IJmuiden
 # the Netherlands
@@ -25,7 +25,7 @@
 # Software Foundation, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
 #############################################################################
 
-VERSION=0.15
+VERSION=0.16
 export PATH=/bin:/usr/bin:/sbin:/usr/sbin
 umask 077
 LANG=C; export LANG
diff -r 59e07bba67cc -r c4a1470ab59d security.d/chk_logs
--- a/security.d/chk_logs	Thu Dec 06 15:08:01 2012 +0100
+++ b/security.d/chk_logs	Sun Feb 17 19:49:24 2013 +0100
@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 #############################################################################
-# Copyright (C) 2005-2012
+# Copyright (C) 2005-2013
 #   
-# Michiel Broek               <mbse@mbse.dds.nl>
+# Michiel Broek               <mbse at mbse.eu>
 # the Netherlands
 #
 # This file is part of SlackSecCheckScripts.
@@ -41,15 +41,16 @@
 
 TMP2=secure1.$$
 OUTPUT=secure4.$$
+YESTER=$(date '+%b %d' -d yesterday)
 
-egrep ' useradd\[' /var/log/secure > $TMP2
-egrep ' userdel\[' /var/log/secure >> $TMP2
-egrep ' usermod\[' /var/log/secure >> $TMP2
-egrep ' groupadd\[' /var/log/secure >> $TMP2
-egrep ' groupdel\[' /var/log/secure >> $TMP2
-egrep ' groupmod\[' /var/log/secure >> $TMP2
-egrep ' passwd\[' /var/log/secure >> $TMP2
-egrep ' sudo:' /var/log/messages >> $TMP2
+grep -e ' useradd\[' /var/log/secure | grep -e "${YESTER}" > $TMP2
+grep -e ' userdel\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' usermod\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' groupadd\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' groupdel\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' groupmod\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' passwd\[' /var/log/secure | grep -e "${YESTER}" >> $TMP2
+grep -e ' sudo:' /var/log/messages | grep -e "${YESTER}" >> $TMP2
 
 cat $TMP2 | sort > $OUTPUT
 
diff -r 59e07bba67cc -r c4a1470ab59d security.d/chk_mailbox
--- a/security.d/chk_mailbox	Thu Dec 06 15:08:01 2012 +0100
+++ b/security.d/chk_mailbox	Sun Feb 17 19:49:24 2013 +0100
@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 #############################################################################
-# Copyright (C) 2005-2012
+# Copyright (C) 2005-2013
 #   
-# Michiel Broek               <mbse@mbse.eu>
+# Michiel Broek               <mbse at mbse.eu>
 # the Netherlands
 #
 # This file is part of SlackSecCheckScripts.
@@ -44,7 +44,7 @@
 
 # Mailboxes should be owned by user and unreadable.
 #
-/bin/ls -l /var/spool/mail | \
+/bin/ls -l /var/spool/mail | grep -v ^d | \
 awk '   NR == 1 { next; }
     $3 != $9 {
 	printf "\tUser %s mailbox is owned by %s.\n", $9, $3