wrong check of REMOTE_HOST in 4.2.1.6_remote_syslog-ng_acl.sh

Question

wrong check of REMOTE_HOST in 4.2.1.6_remote_syslog-ng_acl.sh

sblaisot opened this issue 3 years ago · 0 comments

4.2.1.6_remote_syslog-ng_acl.sh uses a config variable REMOTE_HOST to define if currently tested host is a syslog server or not.

Default configuration for this script defines REMOTE_HOST to "false" in this line and this script tests if system is a syslog server with if [[ "$REMOTE_HOST" ]]; then.

However, REMOTE_HOST being a non-empty string (here "false") this check is always true even if REMOTE_HOST is set to "false".

IMHO, either REMOTE_HOST should be set to empty string if host is not a syslog server or check_config() should empty REMOTE_HOST variable if its value is false.

Default configuration with value false and script working as if it has been set to true is dangerous from a security point of view by validating non-compliant systems