Project

General

Profile

Actions

Bug #15744

closed

Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``

Added by Bill Meeks 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Suricata
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
24.11
Affected Version:
2.7.x
Affected Plus Version:
24.03
Affected Architecture:
All

Description

There is a PHP code logic error when testing the value of the "enable_log_mgmt" config parameter in the Suricata package. By default, upon initial install, the LOGS MGMT feature is disabled. It is left up to the admin to decide whether or not to enable the feature. While there is a good argument to make for default enabling the feature, I've felt it better to leave the feature default disabled in the event a user does not want log data automatically cleaned up without their explict intervention.

The code logic error is on line 36 of the file /usr/local/www/suricata/suricata_logs_mgmt.php :

// Grab saved settings from configuration
$pconfig['enable_log_mgmt'] = config_get_path('installedpackages/suricata/config/0/enable_log_mgmt') == 'off' ? 'off' : 'on';

That line should instead read as follows:

// Grab saved settings from configuration
$pconfig['enable_log_mgmt'] = config_get_path('installedpackages/suricata/config/0/enable_log_mgmt') == 'on' ? 'on' : 'off';

On a green-field install the parameter "enable_log_mgmt" will be uninitialized. The test for "off" in the current code will thus evaluate to FALSE resulting in the variable being initialized to "on" when the LOGS MGMT tab page is rendered. Instead, an explict test for "on" should be done, and if false, the variable should be initialized to "off".

Actions

Also available in: Atom PDF