From shawn at redhat.com Thu Aug 20 11:37:16 2015 Content-Type: multipart/mixed; boundary="===============1865391701170941135==" MIME-Version: 1.0 From: Shawn Wells To: scap-security-guide at lists.fedorahosted.org Subject: Re: [PATCH] Added SNMP related OVAL checks Date: Thu, 26 Jun 2014 14:47:11 -0400 Message-ID: <53AC6AAF.8060309@redhat.com> In-Reply-To: C7186DBD48E6CB46B7BF485A165480518DF49A@PTPTVDEX01.PTPortugal.corpPT.com --===============1865391701170941135== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 6/24/14, 6:23 AM, Rui Pedro Bernardino wrote: > This patch add two new checks for SNMP related rules. Minor rule descript= ion changes regarding how to disable v1 and v2c. > > Signed-off-by: Rui Bernardino > --- > RHEL/6/input/checks/snmpd_not_default_password.xml | 25 +++++++++++++= +++++++ > RHEL/6/input/checks/snmpd_use_newer_protocol.xml | 25 +++++++++++++= +++++++ > RHEL/6/input/services/snmp.xml | 6 +++- > 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 R= HEL/6/input/checks/snmpd_not_default_password.xml > create mode 100644 RHEL/6/input/checks/snmpd_use_newer_protocol.xml > > diff --git a/RHEL/6/input/checks/snmpd_not_default_password.xml b/RHEL/6/= input/checks/snmpd_not_default_password.xml > new file mode 100644 > index 0000000..2e2f0c6 > --- /dev/null > +++ b/RHEL/6/input/checks/snmpd_not_default_password.xml > @@ -0,0 +1,25 @@ > + > + > + > + SNMP default communities disabled > + > + Red Hat Enterprise Linux 6 > + > + SNMP default communities must be removed > + > + > + > + > + > + > + > + > + + comment=3D"Check SNMP communities" id=3D"snmp_default_communities" vers= ion=3D"1"> > + /etc/snmp/ > + snmpd.conf > + ^\s*(com2sec|rocommunity|rw= community|createUser).*(public|private) > + 1 > + > + > + > diff --git a/RHEL/6/input/checks/snmpd_use_newer_protocol.xml b/RHEL/6/in= put/checks/snmpd_use_newer_protocol.xml > new file mode 100644 > index 0000000..7cd2d8f > --- /dev/null > +++ b/RHEL/6/input/checks/snmpd_use_newer_protocol.xml > @@ -0,0 +1,25 @@ > + > + > + > + SNMP version 1 and 2c disabled > + > + Red Hat Enterprise Linux 6 > + > + SNMP version 1 and 2c must not be unabled > + > + > + > + > + > + > + > + > + + comment=3D"Check SNMP versions" id=3D"snmp_versions_validate" version= =3D"1"> > + /etc/snmp/ > + snmpd.conf > + ^[\s]*(com2sec|rocommunity|= rwcommunity) > + 1 > + > + > + > diff --git a/RHEL/6/input/services/snmp.xml b/RHEL/6/input/services/snmp.= xml index 0e4f8b3..edc584f 100644 > --- a/RHEL/6/input/services/snmp.xml > +++ b/RHEL/6/input/services/snmp.xml > @@ -70,13 +70,13 @@ stations > Conf= igure SNMP Service to Use Only SNMPv3 or Newer -Edi= t /etc/snmp/snmpd.conf, removing any references to v1, v2c, or com2sec. > +Edit /etc/snmp/snmpd.conf, removing any references to rocom= munity, rwcommunity, or com2sec. > Upon doing that, restart the SNMP service: > 
# service snmpd restart
> > > To ensure only SNMPv3 or newer is used, run the following command: > -
# grep 'v1\|v2c\|com2sec' /etc/snmp/snmpd.conf | grep -v "^#"
> +
# grep 'rocommunity\|rwcommunity\|com2sec' /etc/snmp/snmpd.conf |
> +grep -v "^#"
> There should be no output. > > > @@ -84,6 +84,7 @@ Earlier versions of SNMP are considered insecure, as th= ey potentially allow unauthorized access to detailed system management inf= ormation. > > > + > > = > @@ -103,6 = +104,7 @@ Presence of the default SNMP password enables querying of differe= nt system aspects and could result in unauthorized knowledge of the system. > > > + > > > = > -- > 1.7.1 Good catch on the regex values. Had to doublcheck the docs on = rocommunity/rwcommunity: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux= /6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Configuring.= html Convert ind:file & ind:filename to ind:filepath.... e.g. = /etc/snmp/snmpd.conf and resubmit --===============1865391701170941135== Content-Type: text/html MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.html" PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRG LTgiIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSI+CiAgPC9oZWFkPgogIDxib2R5IGJnY29sb3I9 IiNGRkZGRkYiIHRleHQ9IiMwMDAwMDAiPgogICAgPGJyPgogICAgPGRpdiBjbGFzcz0ibW96LWNp dGUtcHJlZml4Ij5PbiA2LzI0LzE0LCA2OjIzIEFNLCBSdWkgUGVkcm8KICAgICAgQmVybmFyZGlu byB3cm90ZTo8YnI+CiAgICA8L2Rpdj4KICAgIDxibG9ja3F1b3RlCmNpdGU9Im1pZDpDNzE4NkRC RDQ4RTZDQjQ2QjdCRjQ4NUExNjU0ODA1MThERjQ5QUBQVFBUVkRFWDAxLlBUUG9ydHVnYWwuY29y cFBULmNvbSIKICAgICAgdHlwZT0iY2l0ZSI+CiAgICAgIDxkaXYgY2xhc3M9Im1vei10ZXh0LXBs YWluIiB3cmFwPSJ0cnVlIiBncmFwaGljYWwtcXVvdGU9InRydWUiCiAgICAgICAgc3R5bGU9ImZv bnQtZmFtaWx5OiAtbW96LWZpeGVkOyBmb250LXNpemU6IDEycHg7IgogICAgICAgIGxhbmc9Ingt dW5pY29kZSI+CiAgICAgICAgPHByZSB3cmFwPSIiPlRoaXMgcGF0Y2ggYWRkIHR3byBuZXcgY2hl Y2tzIGZvciBTTk1QIHJlbGF0ZWQgcnVsZXMuIE1pbm9yIHJ1bGUgZGVzY3JpcHRpb24gY2hhbmdl cyByZWdhcmRpbmcgaG93IHRvIGRpc2FibGUgdjEgYW5kIHYyYy4KClNpZ25lZC1vZmYtYnk6IFJ1 aSBCZXJuYXJkaW5vIDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgY2xhc3M9Im1vei10eHQtbGlu ay1yZmMyMzk2RSIgaHJlZj0ibWFpbHRvOnJ1aS1wLWJlcm5hcmRpbm9AdGVsZWNvbS5wdCI+Jmx0 O3J1aS1wLWJlcm5hcmRpbm9AdGVsZWNvbS5wdCZndDs8L2E+Ci0tLQogUkhFTC82L2lucHV0L2No ZWNrcy9zbm1wZF9ub3RfZGVmYXVsdF9wYXNzd29yZC54bWwgfCAgIDI1ICsrKysrKysrKysrKysr KysrKysrCiBSSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX3VzZV9uZXdlcl9wcm90b2NvbC54bWwg ICB8ICAgMjUgKysrKysrKysrKysrKysrKysrKysKIFJIRUwvNi9pbnB1dC9zZXJ2aWNlcy9zbm1w LnhtbCAgICAgICAgICAgICAgICAgICAgIHwgICAgNiArKystCiAzIGZpbGVzIGNoYW5nZWQsIDU0 IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pICBjcmVhdGUgbW9kZSAxMDA2NDQgUkhFTC82 L2lucHV0L2NoZWNrcy9zbm1wZF9ub3RfZGVmYXVsdF9wYXNzd29yZC54bWwKIGNyZWF0ZSBtb2Rl IDEwMDY0NCBSSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX3VzZV9uZXdlcl9wcm90b2NvbC54bWwK CmRpZmYgLS1naXQgYS9SSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX25vdF9kZWZhdWx0X3Bhc3N3 b3JkLnhtbCBiL1JIRUwvNi9pbnB1dC9jaGVja3Mvc25tcGRfbm90X2RlZmF1bHRfcGFzc3dvcmQu eG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjJlMmYwYzYKLS0tIC9kZXYv bnVsbAorKysgYi9SSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX25vdF9kZWZhdWx0X3Bhc3N3b3Jk LnhtbApAQCAtMCwwICsxLDI1IEBACismbHQ7ZGVmLWdyb3VwJmd0OworICAmbHQ7ZGVmaW5pdGlv biBjbGFzcz0iY29tcGxpYW5jZSIgaWQ9InNubXBkX25vdF9kZWZhdWx0X3Bhc3N3b3JkIiB2ZXJz aW9uPSIxIiZndDsKKyAgICAmbHQ7bWV0YWRhdGEmZ3Q7CisgICAgICAmbHQ7dGl0bGUmZ3Q7U05N UCBkZWZhdWx0IGNvbW11bml0aWVzIGRpc2FibGVkJmx0Oy90aXRsZSZndDsKKyAgICAgICZsdDth ZmZlY3RlZCBmYW1pbHk9InVuaXgiJmd0OworICAgICAgICAmbHQ7cGxhdGZvcm0mZ3Q7UmVkIEhh dCBFbnRlcnByaXNlIExpbnV4IDYmbHQ7L3BsYXRmb3JtJmd0OworICAgICAgJmx0Oy9hZmZlY3Rl ZCZndDsKKyAgICAgICZsdDtkZXNjcmlwdGlvbiZndDtTTk1QIGRlZmF1bHQgY29tbXVuaXRpZXMg bXVzdCBiZSByZW1vdmVkJmx0Oy9kZXNjcmlwdGlvbiZndDsKKyAgICAmbHQ7L21ldGFkYXRhJmd0 OworICAgICZsdDtjcml0ZXJpYSBvcGVyYXRvcj0iQU5EIiZndDsKKyAgICAgICZsdDtjcml0ZXJp b24gY29tbWVudD0ic25tcCBjb21tdW5pdGllcyIgdGVzdF9yZWY9InNubXBfZGVmYXVsdF9jb21t dW5pdGllc190ZXN0IiAvJmd0OyAKKyAgICAmbHQ7L2NyaXRlcmlhJmd0OworICAmbHQ7L2RlZmlu aXRpb24mZ3Q7CisKKyAgJmx0O2luZDp0ZXh0ZmlsZWNvbnRlbnQ1NF90ZXN0IGNoZWNrPSJhbGwi IGNoZWNrX2V4aXN0ZW5jZT0ibm9uZV9leGlzdCIgY29tbWVudD0iQ2hlY2sgc25tcGQgY29uZmln dXJhdGlvbiIgaWQ9InNubXBfZGVmYXVsdF9jb21tdW5pdGllc190ZXN0IiB2ZXJzaW9uPSIxIiZn dDsKKyAgICAmbHQ7aW5kOm9iamVjdCBvYmplY3RfcmVmPSJzbm1wX2RlZmF1bHRfY29tbXVuaXRp ZXMiIC8mZ3Q7ICAKKyAmbHQ7L2luZDp0ZXh0ZmlsZWNvbnRlbnQ1NF90ZXN0Jmd0OyAgJmx0O2lu ZDp0ZXh0ZmlsZWNvbnRlbnQ1NF9vYmplY3QgCisgY29tbWVudD0iQ2hlY2sgU05NUCBjb21tdW5p dGllcyIgaWQ9InNubXBfZGVmYXVsdF9jb21tdW5pdGllcyIgdmVyc2lvbj0iMSImZ3Q7CisgICAg Jmx0O2luZDpwYXRoJmd0OzxpIGNsYXNzPSJtb3otdHh0LXNsYXNoIj48c3BhbiBjbGFzcz0ibW96 LXR4dC10YWciPi88L3NwYW4+ZXRjL3NubXA8c3BhbiBjbGFzcz0ibW96LXR4dC10YWciPi88L3Nw YW4+PC9pPiZsdDsvaW5kOnBhdGgmZ3Q7CisgICAgJmx0O2luZDpmaWxlbmFtZSZndDtzbm1wZC5j b25mJmx0Oy9pbmQ6ZmlsZW5hbWUmZ3Q7CisgICAgJmx0O2luZDpwYXR0ZXJuIG9wZXJhdGlvbj0i cGF0dGVybiBtYXRjaCImZ3Q7XlxzKihjb20yc2VjfHJvY29tbXVuaXR5fHJ3Y29tbXVuaXR5fGNy ZWF0ZVVzZXIpLioocHVibGljfHByaXZhdGUpJmx0Oy9pbmQ6cGF0dGVybiZndDsKKyAgICAmbHQ7 aW5kOmluc3RhbmNlIGRhdGF0eXBlPSJpbnQiJmd0OzEmbHQ7L2luZDppbnN0YW5jZSZndDsgIAor ICZsdDsvaW5kOnRleHRmaWxlY29udGVudDU0X29iamVjdCZndDsKKworJmx0Oy9kZWYtZ3JvdXAm Z3Q7CmRpZmYgLS1naXQgYS9SSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX3VzZV9uZXdlcl9wcm90 b2NvbC54bWwgYi9SSEVMLzYvaW5wdXQvY2hlY2tzL3NubXBkX3VzZV9uZXdlcl9wcm90b2NvbC54 bWwKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uN2NkMmQ4ZgotLS0gL2Rldi9u dWxsCisrKyBiL1JIRUwvNi9pbnB1dC9jaGVja3Mvc25tcGRfdXNlX25ld2VyX3Byb3RvY29sLnht bApAQCAtMCwwICsxLDI1IEBACismbHQ7ZGVmLWdyb3VwJmd0OworICAmbHQ7ZGVmaW5pdGlvbiBj bGFzcz0iY29tcGxpYW5jZSIgaWQ9InNubXBkX3VzZV9uZXdlcl9wcm90b2NvbCIgdmVyc2lvbj0i MSImZ3Q7CisgICAgJmx0O21ldGFkYXRhJmd0OworICAgICAgJmx0O3RpdGxlJmd0O1NOTVAgdmVy c2lvbiAxIGFuZCAyYyBkaXNhYmxlZCZsdDsvdGl0bGUmZ3Q7CisgICAgICAmbHQ7YWZmZWN0ZWQg ZmFtaWx5PSJ1bml4IiZndDsKKyAgICAgICAgJmx0O3BsYXRmb3JtJmd0O1JlZCBIYXQgRW50ZXJw cmlzZSBMaW51eCA2Jmx0Oy9wbGF0Zm9ybSZndDsKKyAgICAgICZsdDsvYWZmZWN0ZWQmZ3Q7Cisg ICAgICAmbHQ7ZGVzY3JpcHRpb24mZ3Q7U05NUCB2ZXJzaW9uIDEgYW5kIDJjIG11c3Qgbm90IGJl IHVuYWJsZWQmbHQ7L2Rlc2NyaXB0aW9uJmd0OworICAgICZsdDsvbWV0YWRhdGEmZ3Q7CisgICAg Jmx0O2NyaXRlcmlhJmd0OworICAgICAgJmx0O2NyaXRlcmlvbiBjb21tZW50PSJzbm1wIHZlcnNp b24gY2hlY2siIHRlc3RfcmVmPSJzbm1wX3ZlcnNpb25zX3Rlc3QiIC8mZ3Q7IAorICAgICZsdDsv Y3JpdGVyaWEmZ3Q7CisgICZsdDsvZGVmaW5pdGlvbiZndDsKKworICAmbHQ7aW5kOnRleHRmaWxl Y29udGVudDU0X3Rlc3QgY2hlY2s9ImFsbCIgY2hlY2tfZXhpc3RlbmNlPSJub25lX2V4aXN0IiBj b21tZW50PSJDaGVjayBzbm1wZCBjb25maWd1cmF0aW9uIiBpZD0ic25tcF92ZXJzaW9uc190ZXN0 IiB2ZXJzaW9uPSIxIiZndDsKKyAgICAmbHQ7aW5kOm9iamVjdCBvYmplY3RfcmVmPSJzbm1wX3Zl cnNpb25zX3ZhbGlkYXRlIiAvJmd0OyAgCisgJmx0Oy9pbmQ6dGV4dGZpbGVjb250ZW50NTRfdGVz dCZndDsgICZsdDtpbmQ6dGV4dGZpbGVjb250ZW50NTRfb2JqZWN0IAorIGNvbW1lbnQ9IkNoZWNr IFNOTVAgdmVyc2lvbnMiIGlkPSJzbm1wX3ZlcnNpb25zX3ZhbGlkYXRlIiB2ZXJzaW9uPSIxIiZn dDsKKyAgICAmbHQ7aW5kOnBhdGgmZ3Q7PGkgY2xhc3M9Im1vei10eHQtc2xhc2giPjxzcGFuIGNs YXNzPSJtb3otdHh0LXRhZyI+Lzwvc3Bhbj5ldGMvc25tcDxzcGFuIGNsYXNzPSJtb3otdHh0LXRh ZyI+Lzwvc3Bhbj48L2k+Jmx0Oy9pbmQ6cGF0aCZndDsKKyAgICAmbHQ7aW5kOmZpbGVuYW1lJmd0 O3NubXBkLmNvbmYmbHQ7L2luZDpmaWxlbmFtZSZndDsKKyAgICAmbHQ7aW5kOnBhdHRlcm4gb3Bl cmF0aW9uPSJwYXR0ZXJuIG1hdGNoIiZndDteW1xzXSooY29tMnNlY3xyb2NvbW11bml0eXxyd2Nv bW11bml0eSkmbHQ7L2luZDpwYXR0ZXJuJmd0OworICAgICZsdDtpbmQ6aW5zdGFuY2UgZGF0YXR5 cGU9ImludCImZ3Q7MSZsdDsvaW5kOmluc3RhbmNlJmd0OyAgCisgJmx0Oy9pbmQ6dGV4dGZpbGVj b250ZW50NTRfb2JqZWN0Jmd0OworCismbHQ7L2RlZi1ncm91cCZndDsKZGlmZiAtLWdpdCBhL1JI RUwvNi9pbnB1dC9zZXJ2aWNlcy9zbm1wLnhtbCBiL1JIRUwvNi9pbnB1dC9zZXJ2aWNlcy9zbm1w LnhtbCBpbmRleCAwZTRmOGIzLi5lZGM1ODRmIDEwMDY0NAotLS0gYS9SSEVMLzYvaW5wdXQvc2Vy dmljZXMvc25tcC54bWwKKysrIGIvUkhFTC82L2lucHV0L3NlcnZpY2VzL3NubXAueG1sCkBAIC03 MCwxMyArNzAsMTMgQEAgc3RhdGlvbnMmbHQ7L2xpJmd0OwogJmx0O1J1bGUgaWQ9InNubXBkX3Vz ZV9uZXdlcl9wcm90b2NvbCIgc2V2ZXJpdHk9Im1lZGl1bSImZ3Q7ICAmbHQ7dGl0bGUmZ3Q7Q29u ZmlndXJlIFNOTVAgU2VydmljZSB0byBVc2UgT25seSBTTk1QdjMgb3IgTmV3ZXIgJmx0Oy90aXRs ZSZndDsgICZsdDtkZXNjcmlwdGlvbiZndDsgLUVkaXQgJmx0O3R0Jmd0Oy9ldGMvc25tcC9zbm1w ZC5jb25mJmx0Oy90dCZndDssIHJlbW92aW5nIGFueSByZWZlcmVuY2VzIHRvICZsdDt0dCZndDt2 MSZsdDsvdHQmZ3Q7LCAmbHQ7dHQmZ3Q7djJjJmx0Oy90dCZndDssIG9yICZsdDt0dCZndDtjb20y c2VjJmx0Oy90dCZndDsuICAKK0VkaXQgJmx0O3R0Jmd0Oy9ldGMvc25tcC9zbm1wZC5jb25mJmx0 Oy90dCZndDssIHJlbW92aW5nIGFueSByZWZlcmVuY2VzIHRvICZsdDt0dCZndDtyb2NvbW11bml0 eSZsdDsvdHQmZ3Q7LCAmbHQ7dHQmZ3Q7cndjb21tdW5pdHkmbHQ7L3R0Jmd0Oywgb3IgJmx0O3R0 Jmd0O2NvbTJzZWMmbHQ7L3R0Jmd0Oy4gIAogVXBvbiBkb2luZyB0aGF0LCByZXN0YXJ0IHRoZSBT Tk1QIHNlcnZpY2U6CiAmbHQ7cHJlJmd0OyMgc2VydmljZSBzbm1wZCByZXN0YXJ0Jmx0Oy9wcmUm Z3Q7CiAmbHQ7L2Rlc2NyaXB0aW9uJmd0OwogJmx0O29jaWwgY2xhdXNlPSJ0aGVyZSBpcyBvdXRw dXQiJmd0OwogVG8gZW5zdXJlIG9ubHkgU05NUHYzIG9yIG5ld2VyIGlzIHVzZWQsIHJ1biB0aGUg Zm9sbG93aW5nIGNvbW1hbmQ6Ci0mbHQ7cHJlJmd0OyMgZ3JlcCAndjFcfHYyY1x8Y29tMnNlYycg L2V0Yy9zbm1wL3NubXBkLmNvbmYgfCBncmVwIC12ICJeIyImbHQ7L3ByZSZndDsKKyZsdDtwcmUm Z3Q7IyBncmVwICdyb2NvbW11bml0eVx8cndjb21tdW5pdHlcfGNvbTJzZWMnIC9ldGMvc25tcC9z bm1wZC5jb25mIHwgCitncmVwIC12ICJeIyImbHQ7L3ByZSZndDsKIFRoZXJlIHNob3VsZCBiZSBu byBvdXRwdXQuCiAmbHQ7L29jaWwmZ3Q7CiAmbHQ7cmF0aW9uYWxlJmd0OwpAQCAtODQsNiArODQs NyBAQCBFYXJsaWVyIHZlcnNpb25zIG9mIFNOTVAgYXJlIGNvbnNpZGVyZWQgaW5zZWN1cmUsIGFz IHRoZXkgcG90ZW50aWFsbHkgYWxsb3cgIHVuYXV0aG9yaXplZCBhY2Nlc3MgdG8gZGV0YWlsZWQg c3lzdGVtIG1hbmFnZW1lbnQgaW5mb3JtYXRpb24uCiAmbHQ7L3JhdGlvbmFsZSZndDsKICZsdDtp ZGVudCBjY2U9IjI3MzY1LTYiLyZndDsKKyZsdDtvdmFsIGlkPSJzbm1wZF91c2VfbmV3ZXJfcHJv dG9jb2wiIC8mZ3Q7CiAmbHQ7L1J1bGUmZ3Q7CiAKICZsdDtSdWxlIGlkPSJzbm1wZF9ub3RfZGVm YXVsdF9wYXNzd29yZCIgc2V2ZXJpdHk9Im1lZGl1bSImZ3Q7IEBAIC0xMDMsNiArMTA0LDcgQEAg UHJlc2VuY2Ugb2YgdGhlIGRlZmF1bHQgU05NUCBwYXNzd29yZCBlbmFibGVzIHF1ZXJ5aW5nIG9m IGRpZmZlcmVudCBzeXN0ZW0gIGFzcGVjdHMgYW5kIGNvdWxkIHJlc3VsdCBpbiB1bmF1dGhvcml6 ZWQga25vd2xlZGdlIG9mIHRoZSBzeXN0ZW0uCiAmbHQ7L3JhdGlvbmFsZSZndDsKICZsdDtpZGVu dCBjY2U9IjI3NTkzLTMiLyZndDsKKyZsdDtvdmFsIGlkPSJzbm1wZF9ub3RfZGVmYXVsdF9wYXNz d29yZCIgLyZndDsKICZsdDt0ZXN0ZWQgYnk9Ik1BTiIgb249IjIwMTIxMjE0Ii8mZ3Q7CiAmbHQ7 L1J1bGUmZ3Q7CiAKLS0KMS43LjE8L3ByZT4KICAgICAgPC9kaXY+CiAgICA8L2Jsb2NrcXVvdGU+ CiAgICA8YnI+CiAgICBHb29kIGNhdGNoIG9uIHRoZSByZWdleCB2YWx1ZXMuIEhhZCB0byBkb3Vi bGNoZWNrIHRoZSBkb2NzIG9uCiAgICByb2NvbW11bml0eS9yd2NvbW11bml0eTo8YnI+CjxhIGNs YXNzPSJtb3otdHh0LWxpbmstZnJlZXRleHQiIGhyZWY9Imh0dHBzOi8vYWNjZXNzLnJlZGhhdC5j b20vc2l0ZS9kb2N1bWVudGF0aW9uL2VuLVVTL1JlZF9IYXRfRW50ZXJwcmlzZV9MaW51eC82L2h0 bWwvRGVwbG95bWVudF9HdWlkZS9zZWN0LVN5c3RlbV9Nb25pdG9yaW5nX1Rvb2xzLU5ldC1TTk1Q LUNvbmZpZ3VyaW5nLmh0bWwiPmh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZS9kb2N1bWVu dGF0aW9uL2VuLVVTL1JlZF9IYXRfRW50ZXJwcmlzZV9MaW51eC82L2h0bWwvRGVwbG95bWVudF9H dWlkZS9zZWN0LVN5c3RlbV9Nb25pdG9yaW5nX1Rvb2xzLU5ldC1TTk1QLUNvbmZpZ3VyaW5nLmh0 bWw8L2E+PGJyPgogICAgPGJyPgogICAgQ29udmVydCBpbmQ6ZmlsZSAmYW1wOyBpbmQ6ZmlsZW5h bWUgdG8gaW5kOmZpbGVwYXRoLi4uLiBlLmcuCiAgICAmbHQ7aW5kOmZpbGVwYXRoJmd0Oy9ldGMv c25tcC9zbm1wZC5jb25mJmx0Oy9pbmQ6ZmlsZXBhdGgmZ3Q7IGFuZAogICAgcmVzdWJtaXQ8YnI+ CiAgICA8YnI+CiAgICA8YnI+CiAgPC9ib2R5Pgo8L2h0bWw+Cg== --===============1865391701170941135==--