Bug #15744
closed
Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``
0%
Description
There is a PHP code logic error when testing the value of the "enable_log_mgmt" config parameter in the Suricata package. By default, upon initial install, the LOGS MGMT feature is disabled. It is left up to the admin to decide whether or not to enable the feature. While there is a good argument to make for default enabling the feature, I've felt it better to leave the feature default disabled in the event a user does not want log data automatically cleaned up without their explict intervention.
The code logic error is on line 36 of the file /usr/local/www/suricata/suricata_logs_mgmt.php :
// Grab saved settings from configuration
$pconfig['enable_log_mgmt'] = config_get_path('installedpackages/suricata/config/0/enable_log_mgmt') == 'off' ? 'off' : 'on';
That line should instead read as follows:
// Grab saved settings from configuration
$pconfig['enable_log_mgmt'] = config_get_path('installedpackages/suricata/config/0/enable_log_mgmt') == 'on' ? 'on' : 'off';
On a green-field install the parameter "enable_log_mgmt" will be uninitialized. The test for "off" in the current code will thus evaluate to FALSE resulting in the variable being initialized to "on" when the LOGS MGMT tab page is rendered. Instead, an explict test for "on" should be done, and if false, the variable should be initialized to "off".
Updated by 
Updated by 
Updated by