From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 25 22:25:02 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4136716D027 for ; Thu, 25 May 2006 22:20:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E34F643D48 for ; Thu, 25 May 2006 22:20:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4PMKO0s085898 for ; Thu, 25 May 2006 22:20:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4PMKOvV085897; Thu, 25 May 2006 22:20:24 GMT (envelope-from gnats) Date: Thu, 25 May 2006 22:20:24 GMT Message-Id: <200605252220.k4PMKOvV085897@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: Paul Schmehl Cc: Subject: Re: ports/95018: new port: security/sguil-sensor X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2006 22:25:07 -0000 The following reply was made to PR ports/95018; it has been noted by GNATS. From: Paul Schmehl To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/95018: new port: security/sguil-sensor Date: Thu, 25 May 2006 17:11:08 -0500 This is a cryptographically signed message in MIME format. --------------ms020508060208050307060402 Content-Type: multipart/mixed; boundary="------------000108000900080104010504" This is a multi-part message in MIME format. --------------000108000900080104010504 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm attaching a shar file for the port. -- Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --------------000108000900080104010504 Content-Type: text/plain; name="sguil-sensor.shar" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="sguil-sensor.shar" # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # Makefile # distinfo # files/log_packets.conf # files/patch-log_packets.sh # files/patch-sensor_agent.tcl # files/pkg-message.in # files/sensor_agent.sh.in # pkg-descr # pkg-plist # echo x - Makefile sed 's/^X//' >Makefile << 'END-of-Makefile' X# New ports collection makefile for: sguil-sensor X# Date created: 23 Mar 2006 X# Whom: Paul Schmehl X# X# $FreeBSD$ X# X XPORTNAME= sguil-sensor XPORTVERSION= 0.6.1 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE} XMASTER_SITE_SUBDIR= sguil X XMAINTAINER= pauls@utdallas.edu XCOMMENT= Squil is a network security management program X XRUN_DEPENDS= snort:${PORTSDIR}/security/snort \ X barnyard:${PORTSDIR}/security/barnyard-sguil6 XLIB_DEPENDS= tclx83:${PORTSDIR}/lang/tclX X XOPTIONS= SANCP "Include sancp support" off \ X TLS "Include openssl support" off X XNO_BUILD= yes XUSE_RC_SUBR= sensor_agent.sh XTCLSH_CMD?= tclsh8.4 XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION} XSUB_LIST= SGUILDIR=${SGUILDIR} XSUB_FILES= pkg-message sensor_agent.sh XPLIST_SUB= SGUILDIR=${SGUILDIR} XSGUILDIR?= sguil-sensor X XPORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \ X OPENSSL.README TODO UPGRADE USAGE sguildb.dia X X.include X XWITH_PCRE= true X X.if defined(WITH_SANCP) XRUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp X.endif X X.if defined(WITH_TLS) XLIB_DEPENDS+= tls:${PORTSDIR}/devel/tcltls X.endif X Xpost-patch: X.for f in sensor_agent.tcl X @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \ X ${WRKSRC}/sensor/${f} X.endfor X Xdo-install: X @${MKDIR} ${PREFIX}/bin/${SGUILDIR} X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl \ X ${PREFIX}/bin/${SGUILDIR}/sensor_agent.tcl X.for f in log_packets.sh X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ X ${PREFIX}/bin/${SGUILDIR}/${f} X.endfor X.for f in sensor_agent.conf X ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ X ${PREFIX}/etc/${f}-sample X.endfor X.for f in log_packets.conf X ${INSTALL_DATA} ${FILESDIR}/${f} \ X ${PREFIX}/etc/${f}-sample X.endfor X.if defined(WITH_SANCP) X.for f in sancp.conf X ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ X ${PREFIX}/etc/${f}-sample X.endfor X.endif X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X cd ${WRKSRC}/doc && ${INSTALL_DATA} \ X ${PORTDOCS} ${DOCSDIR} X.endif X @${CAT} ${PKGMESSAGE} X X.include END-of-Makefile echo x - distinfo sed 's/^X//' >distinfo << 'END-of-distinfo' XMD5 (sguil-sensor-0.6.1.tar.gz) = 62be71b0aa41ccacb7872839dc4bf5ad XSHA256 (sguil-sensor-0.6.1.tar.gz) = b1da0fffeaecd69b9d8eeeb27025fdc3493a2eabfec8ed4153f688f11ee226eb XSIZE (sguil-sensor-0.6.1.tar.gz) = 103441 END-of-distinfo echo x - files/log_packets.conf sed 's/^X//' >files/log_packets.conf << 'END-of-files/log_packets.conf' X# Conf file for the log_packets script X# Make sure you verify the location of X# each of the binaries on your OS X XHOSTNAME="myhost" X# Path to snort binary XSNORT_PATH="/usr/local/bin/snort" X# Directory to log pcap data to (date dirs will be created in here) X# Note: The path $HOSTNAME/dailylogs, will be appended to this. XLOG_DIR="/snort_data" X# Percentage of disk to try and maintain XMAX_DISK_USE=90 X# Interface to 'listen' to. XINTERFACE="eth0" X# Other options to use when starting snort X#OPTIONS="-u sguil -g sguil -m 122" X# Where to store the pid XPIDFILE="/var/run/snort_log-${HOSTNAME}.pid" X# How do we run ps XPS="ps awx" X# Where is grep XGREP="/usr/bin/grep" X#Add BPFs here. X#The below is an example of a filter for ignoring outbound HTTP from my network X# to the world. X#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' X X#Some installs may need these X#LD_LIBRARY_PATH=/usr/local/lib/mysql X#export LD_LIBRARY_PATH END-of-files/log_packets.conf echo x - files/patch-log_packets.sh sed 's/^X//' >files/patch-log_packets.sh << 'END-of-files/patch-log_packets.sh' X--- sensor/log_packets.sh.orig Fri Mar 24 13:12:18 2006 X+++ sensor/log_packets.sh Mon Mar 27 17:22:54 2006 X@@ -23,37 +23,16 @@ X ############################################################## X X X-# Edit these for your setup X+# You shouldn't need to edit anything in this script X X-# Sensors hostname. X-# Note: If running multiple snort instances, then this must be different X-# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) X-HOSTNAME="myhost" X-# Path to snort binary X-SNORT_PATH="/usr/local/bin/snort" X-# Directory to log pcap data to (date dirs will be created in here) X-# Note: The path $HOSTNAME/dailylogs, will be appended to this. X-LOG_DIR="/snort_data" X-# Percentage of disk to try and maintain X-MAX_DISK_USE=90 X-# Interface to 'listen' to. X-INTERFACE="eth0" X-# Other options to use when starting snort X-#OPTIONS="-u sguil -g sguil -m 122" X-# Where to store the pid X-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" X-# How do we run ps X-PS="ps awx" X-# Where is grep X-GREP="/usr/bin/grep" X-#Add BPFs here. X-#The below is an example of a filter for ignoring outbound HTTP from my network X-# to the world. X-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' X- X-#Some installs may need these X-#LD_LIBRARY_PATH=/usr/local/lib/mysql X-#export LD_LIBRARY_PATH X+CONF=/path/to/log_packets.conf X+if [ -r ${CONF} ]; then X+ . ${CONF} X+else X+ echo "Your conf file is either missing or the path " X+ echo "in the log_packets.sh script is incorrect." X+ exit 1 X+fi X X TZ=GMT X export TZ END-of-files/patch-log_packets.sh echo x - files/patch-sensor_agent.tcl sed 's/^X//' >files/patch-sensor_agent.tcl << 'END-of-files/patch-sensor_agent.tcl' X--- sensor/sensor_agent.tcl.orig Mon Mar 20 20:38:18 2006 X+++ sensor/sensor_agent.tcl Mon Mar 20 20:40:06 2006 X@@ -1005,16 +1005,16 @@ X } X } X # Parse the config file here X-# Default location is /etc/sensor_agent.conf or pwd X+# Default location is /usr/local/etc/sensor_agent.conf or pwd X if { ![info exists CONF_FILE] } { X # No conf file specified check the defaults X- if { [file exists /etc/sensor_agent.conf] } { X- set CONF_FILE /etc/sensor_agent.conf X+ if { [file exists /usr/local/etc/sensor_agent.conf] } { X+ set CONF_FILE /usr/local/etc/sensor_agent.conf X } elseif { [file exists ./sensor_agent.conf] } { X set CONF_FILE ./sensor_agent.conf X } else { X puts "Couldn't determine where the sensor_agent.tcl config file is" X- puts "Looked for /etc/sensor_agent.conf and ./sensor_agent.conf." X+ puts "Looked for /usr/local/etc/sensor_agent.conf and ./sensor_agent.conf." X DisplayUsage $argv0 X } X } END-of-files/patch-sensor_agent.tcl echo x - files/pkg-message.in sed 's/^X//' >files/pkg-message.in << 'END-of-files/pkg-message.in' X *********************************** X * !!!!!!!!!!! WARNING !!!!!!!!!!! * X *********************************** X XIf you already had barnyard installed, this port will NOT deinstall Xit and install the barnyard-sguil6 port instead. You will need to Xdeinstall the barnyard port and install the barnyard-sguil6 port yourself Xinstead. This port WILL NOT WORK without the barnyard-sguil6 port!! X XYou MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/) Xto fit your configuration before running the log_packets.sh script. XSee the %%DOCSDIR%%/INSTALL doc for details on the Xconfiguration and for croning the script. X XWARNING!!! Sguil et al will fill up your /tmp directory very Xquickly. You should probably configure sguil et al to log to Xanother partition/location (e.g. /nsm/tmp/). X XYou must ALSO edit the sensor_agent.conf file (located in X%%PREFIX%%/etc/) to reflect your configuration before Xstarting the sensor_agent. X XIf you chose to run sancp, and you already had a sancp.conf file in X%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one. XThe new sancp.conf-sample file contains the settings for squil. XIf you still want to maintain the customized sancp.conf file, then copy Xthe new sancp.conf-sample file to sguild-sancp.conf (for example) and Xadd sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. END-of-files/pkg-message.in echo x - files/sensor_agent.sh.in sed 's/^X//' >files/sensor_agent.sh.in << 'END-of-files/sensor_agent.sh.in' X#!/bin/sh X# X X# PROVIDE: sensor_agent X# REQUIRE: DAEMON X# KEYWORD: FreeBSD shutdown X X# Add the following lines to /etc/rc.conf to enable sensor_agent: X# sensor_agent_enable (bool): Set to YES to enable sensor_agent X# Default: NO X# sensor_agent_flags (str): Extra flags passed to sensor_agent X# Default: -D X# sensor_agent_conf (str): Sensor_agent configuration file X# Default: %%PREFIX%%/etc/sensor_agent.conf X# X X. %%RC_SUBR%% X Xname="sensor_agent" Xrcvar=`set_rcvar` Xcommand="%%PREFIX%%/bin/%%SGUILDIR%%/sensor_agent.tcl" Xprocname="%%PREFIX%%/bin/tclsh8.4" Xcheck_process="${command} /bin/sh" Xstop_cmd="sensor_agent_stop" X X[ -z "$sensor_agent_enable" ] && sensor_agent_enable="NO" X[ -z "$sensor_agent_conf" ] && sensor_agent_conf="%%PREFIX%%/etc/sensor_agent.conf" X[ -z "$sensor_agent_flags" ] && sensor_agent_flags="-D" X X[ -n "$sensor_agent_conf" ] && sensor_agent_flags="$sensor_agent_flags -c $sensor_agent_conf" X Xsensor_agent_stop() { X if [ -z "${rc_pid}" ]; then X echo "${name} not running?" X else X echo "Stopping ${name}" X kill ${sig_stop} ${rc_pid} X wait_for_pids ${rc_pid} X if [ -f "/var/run/${name}.pid" ]; then X `rm -f /var/run/${name}.pid` X fi X fi X} X Xload_rc_config $name Xrun_rc_command "$1" END-of-files/sensor_agent.sh.in echo x - pkg-descr sed 's/^X//' >pkg-descr << 'END-of-pkg-descr' XSguil (pronounced "sgweel") is a graphical interface to snort X(www.snort.org), an open source intrusion detection system. XThe actual interface and GUI server are written in tcl/tk X(www.tcl.tk). Sguil also relies on other open source software Xin order to function properly. X XThe sensor list includes security/barnyard, security/snort, Xsecurity/sancp, tcpdump (a part of the OS) and devel/tcltls as Xwell as lang/tcl84 and lang/tclX. Care has been taken to ensure Xthat everything you need to build a working sguil operation is Xin the FreeBSD ports system or part of the OS already. X XSguil currently functions as an analysis interface and has Xno snort sensor or rule management capabilities. X XWWW: http://sguil.sourceforge.net/index.php Xpauls@utdallas.edu END-of-pkg-descr echo x - pkg-plist sed 's/^X//' >pkg-plist << 'END-of-pkg-plist' Xbin/%%SGUILDIR%%/log_packets.sh Xbin/%%SGUILDIR%%/sensor_agent.tcl Xetc/log_packets.conf-sample X@unexec if [ -f %D/etc/sancp.conf-sample ]; then rm %D/etc/sancp.conf-sample; fi; X@dirrm bin/%%SGUILDIR%% END-of-pkg-plist exit --------------000108000900080104010504-- --------------ms020508060208050307060402 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOyjCC A9gwggNBoAMCAQICEEHsHz2nFAeWxPbVDN3RD2UwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJs aWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykg MTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTk5MDMzMTAwMDAwMFoXDTA5MDMzMDIzNTk1 OVowgeoxJzAlBgNVBAoTHlRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIgQ0Eg LSBPblNpdGUgSW5kaXZpZHVhbCBTdWJzY3JpYmVyMS0wKwYDVQQDEyRUaGUgVW5pdmVyc2l0 eSBvZiBUZXhhcyBhdCBEYWxsYXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/q 74frHgrBAPkiEcHRwczbetq+NtJwYDBg5RngUy819MmoKQXW3j2d8waaZH2+0YdUeJv/onjx +4erw/yHTMJJQQ3hwNKl1/x+/0JRTnTzAdVoc6VdBDH45iklY6gjmkRqgYsPsDnx79tGWMO6 uM9L83rBokmVgyNDupsajzKFAgMBAAGjgaUwgaIwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMT EVByaXZhdGVMYWJlbDEtMTQwMBEGCWCGSAGG+EIBAQQEAwIBBjBEBgNVHSAEPTA7MDkGC2CG SAGG+EUBBwEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9SUEEw DwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEFBQADgYEAUwm13LK2 idEgUIPJOHncyAiySb+4U4Nvisyy5Hp8/KPoD19hXl+XBJUSWtKVASLxvO3xVLZUplQYoZ1U vAZpBMcCITeigjmIp6ygn+iDGV2SSDkaWYIkIEO8hpUS3IN04ebjE75qpIcAMTEjByWbr7os UZEOWaajF4jStM5UFxwwggVzMIIE3KADAgECAhAhQ2wPNrJWs2gXrRmRcAj6MA0GCSqGSIb3 DQEBBAUAMIHqMScwJQYDVQQKEx5UaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBTeXN0ZW0xHzAd BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBh dCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTk5MTIwMAYDVQQLEylDbGFzcyAy IENBIC0gT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEtMCsGA1UEAxMkVGhlIFVuaXZl cnNpdHkgb2YgVGV4YXMgYXQgRGFsbGFzIENBMB4XDTA1MDgxMDAwMDAwMFoXDTA2MDgxMDIz NTk1OVowgfQxJzAlBgNVBAoUHlRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEtMCsG A1UECxQkVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgYXQgRGFsbGFzIENBMUYwRAYDVQQLEz13 d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29ycC4gYnkgUmVmLixMSUFCLkxU RChjKTk5MRgwFgYDVQQLFA9NYWlsIFN0b3AgLSBVVEQxFTATBgNVBAMTDFBhdWwgU2NobWVo bDEhMB8GCSqGSIb3DQEJARYScGF1bHNAdXRkYWxsYXMuZWR1MIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDEoeaWOSJTLA4v6OJEuCfJukxz2ljvM2G7CovCFsCYK7FnYSzTjFAk8Vhe +STjF4ehWIMnyGzWHYP6Vude2sWSxsXvUANOsjNKeWZ5rSjFS52u+1JU2IiIiwISnlAmOKC9 eqXGq7iIPz35w3VbpxPeGe6GWK4ZfexTKSQtfPYfSQIDAQABo4ICDDCCAggwCQYDVR0TBAIw ADAdBgNVHREEFjAUgRJwYXVsc0B1dGRhbGxhcy5lZHUwggEkBgNVHSAEggEbMIIBFzCCARMG C2CGSAGG+EUBBwEGMIIBAjArBggrBgEFBQcCARYfaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t L3JwYS1rcjCB0gYIKwYBBQUHAgIwgcUagcJOT1RJQ0U6IFByaXZhdGUga2V5IG1heSBiZSBy ZWNvdmVyZWQgYnkgVmVyaVNpZ24ncyBjdXN0b21lciB3aG8gbWF5IGJlIGFibGUgdG8gZGVj cnlwdCBtZXNzYWdlcyB5b3Ugc2VuZCB0byBjZXJ0aWZpY2F0ZSBob2xkZXIuICBVc2UgaXMg c3ViamVjdCB0byB0ZXJtcyBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyIChj KTk5LjARBglghkgBhvhCAQEEBAMCB4AwdQYDVR0fBG4wbDBqoGigZoZkaHR0cDovL29uc2l0 ZWNybC52ZXJpc2lnbi5jb20vVGhlVW5pdmVyc2l0eW9mVGV4YXNTeXN0ZW1UaGVVbml2ZXJz aXR5b2ZUZXhhc2F0RGFsbGFzQ0EvTGF0ZXN0Q1JMLmNybDALBgNVHQ8EBAMCB4AwHQYDVR0l BBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBAUAA4GBAEHYOgkUsyvG/DYG FAKSJ+IqUY4NVstEHCKHim3Cckq0Chxf+yRQB4tvOrwPTFAHlMgqJKr4yVXEvwJmhAvJtO/V nYex/brnBVky3UI288HXzk7439zbvmmczLZmOhsR3A3TnKHX9vdTmJ7sxWExDszRQntTfoUY cQihaFVOqZ9sMIIFczCCBNygAwIBAgIQPzPhdzYQCWxtZCkhSwOckTANBgkqhkiG9w0BAQQF ADCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgU3lzdGVtMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0 cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAGA1UECxMpQ2xhc3MgMiBDQSAt IE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRoZSBVbml2ZXJzaXR5 IG9mIFRleGFzIGF0IERhbGxhcyBDQTAeFw0wNTA4MTAwMDAwMDBaFw0wNjA4MTAyMzU5NTla MIH0MScwJQYDVQQKFB5UaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBTeXN0ZW0xLTArBgNVBAsU JFRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQTFGMEQGA1UECxM9d3d3LnZl cmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5 OTEYMBYGA1UECxQPTWFpbCBTdG9wIC0gVVREMRUwEwYDVQQDEwxQYXVsIFNjaG1laGwxITAf BgkqhkiG9w0BCQEWEnBhdWxzQHV0ZGFsbGFzLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEA3kw5bRGnSgWiYrAFsDKH4M+0r3YOazqaJ+NCzHzSYci2dgE2thVNAGe9i4xLBL8I ZX7i5HkR6mTit9/ovF/SUCft+2UapqYEu1sLPKuqEHfA2p8c5mjkJHnUYz2KR+4Z1UtvmTmN NwdaWfWfCzL/stJfR/qpNNqZLaDpBiytj4ECAwEAAaOCAgwwggIIMAkGA1UdEwQCMAAwHQYD VR0RBBYwFIEScGF1bHNAdXRkYWxsYXMuZWR1MIIBJAYDVR0gBIIBGzCCARcwggETBgtghkgB hvhFAQcBBjCCAQIwKwYIKwYBBQUHAgEWH2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEt a3IwgdIGCCsGAQUFBwICMIHFGoHCTk9USUNFOiBQcml2YXRlIGtleSBtYXkgYmUgcmVjb3Zl cmVkIGJ5IFZlcmlTaWduJ3MgY3VzdG9tZXIgd2hvIG1heSBiZSBhYmxlIHRvIGRlY3J5cHQg bWVzc2FnZXMgeW91IHNlbmQgdG8gY2VydGlmaWNhdGUgaG9sZGVyLiAgVXNlIGlzIHN1Ympl Y3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OS4w EQYJYIZIAYb4QgEBBAQDAgeAMHUGA1UdHwRuMGwwaqBooGaGZGh0dHA6Ly9vbnNpdGVjcmwu dmVyaXNpZ24uY29tL1RoZVVuaXZlcnNpdHlvZlRleGFzU3lzdGVtVGhlVW5pdmVyc2l0eW9m VGV4YXNhdERhbGxhc0NBL0xhdGVzdENSTC5jcmwwCwYDVR0PBAQDAgUgMB0GA1UdJQQWMBQG CCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOBgQArtwI07378ACzBYQlXjg4u 4Ex2FlHoY3C5cWuTkXyzqJyU2ttpgxzzMTjYgqNeHdA3I360rCDSp/LCuNKhLQ9PdU/9LcU3 duD6KJU3cG4UrmfUXecXFdWj2wnp0Pkiq6YoSPQQ946dpq1BvWxE2W8J9f09tuR3Jjfgf1ST +qMgwTGCBIcwggSDAgEBMIH/MIHqMScwJQYDVQQKEx5UaGUgVW5pdmVyc2l0eSBvZiBUZXhh cyBTeXN0ZW0xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRl cm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTk5MTIwMAYD VQQLEylDbGFzcyAyIENBIC0gT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEtMCsGA1UE AxMkVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgYXQgRGFsbGFzIENBAhAhQ2wPNrJWs2gXrRmR cAj6MAkGBSsOAwIaBQCgggLdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN AQkFMQ8XDTA2MDUyNTIyMTEwOFowIwYJKoZIhvcNAQkEMRYEFN+48A83E3lAfDv5XlBfhpZN yU6DMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIIBEQYJKwYBBAGCNxAEMYIBAjCB /zCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgU3lzdGVtMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0 cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAGA1UECxMpQ2xhc3MgMiBDQSAt IE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRoZSBVbml2ZXJzaXR5 IG9mIFRleGFzIGF0IERhbGxhcyBDQQIQPzPhdzYQCWxtZCkhSwOckTCCARMGCyqGSIb3DQEJ EAILMYIBAqCB/zCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgU3lzdGVt MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1 c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAGA1UECxMpQ2xh c3MgMiBDQSAtIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRoZSBV bml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQQIQPzPhdzYQCWxtZCkhSwOckTANBgkq hkiG9w0BAQEFAASBgEtO2dCdNOqG27R/3EmLv/g3UT5O+NB/adwHb86AUn327oMQZgGVTM1D MkrX9f3/QKXrzIHlM3kek9IE4olwP5dJOdpV6opXip0EtwoMS2rReVpeitdba1EhylX4C4DH UPBwbAEBPMWDw32PiADxbh3yn9cg2vtxRLdByLqTmW1iAAAAAAAA --------------ms020508060208050307060402--