From agilmore2 at gmail.com Thu Aug 20 11:34:40 2015
Content-Type: multipart/mixed; boundary="===============3998087288448806859=="
MIME-Version: 1.0
From: Andrew Gilmore <agilmore2 at gmail.com>
To: scap-security-guide at lists.fedorahosted.org
Subject: Re: Suggestion on the 'Ensure All Files Are Owned...' items
Date: Tue, 23 Jul 2013 14:31:18 -0600
Message-ID: <CAD1s7uyOC=yOnK2KHBiRoJ01HE+Csoiqrw11irUqVTdRAKvddQ@mail.gmail.com>
In-Reply-To: 51EEDDE4.80800@eclipse.ncsc.mil

--===============3998087288448806859==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

I, along with Robert, assumed that the test was using some sort of find(1)
invocation. It appears not to be, although this OVAL is pretty opaque to me.

When I see the current check failing against my system, I then run a find
command, and the only output is complaints about /proc entries. I then
assumed that this output was why the check was failing.

I can confirm that this check does fail against my system, or at least that
testcheck returns false. The results file points at /.autofsck and
/.readahead_collect, which doesn't make sense at all.

This is one of the more frustrating false positives that I have.

Andrew



On Tue, Jul 23, 2013 at 1:47 PM, Maura Dailey <maura(a)eclipse.ncsc.mil>wro=
te:

>  Just an aside, I did some poking around, and it is possible to eliminate
> directories from the search. I looked at the USGCB stuffs and here's what=
 I
> put together for file_permissions_unowned.xml in OVAL to eliminate /proc.=
 I
> can do the same for the group id version. To add more exclusions, add an
> '|' after proc, and type in another directory path. It doesn't seem to ca=
re
> if you escape the forward slashes, but I left that in just in case the
> behavior changes later.
>
> If anyone does figure out how to query PAM or nslcd/nscd for network user
> ids, I think you can add it as an extra filter option to the
> file_permissions_unowned_object.
>
> Please note, I have not gotten a single failure with this check against
> /proc. I get thousands of failures on my workstation, since I have large
> git repositories checked out to directories owned by my network account on
> the root hard drive.
>
> <def-group>
>   <definition class=3D"compliance" id=3D"file_permissions_unowned" versio=
n=3D"1">
>     <metadata>
>       <title>Find files unowned by a user</title>
>       <affected family=3D"unix">
>         <platform>Red Hat Enterprise Linux 6</platform>
>       </affected>
>       <description>All files should be owned by a user</description>
>     </metadata>
>     <criteria>
>       <criterion comment=3D"Check all files and make sure they are owned =
by
> a user" test_ref=3D"file_permissions_unowned_test" />
>     </criteria>
>   </definition>
>
>   <unix:file_state id=3D"file_permissions_unowned_userid_list_match"
> version=3D"1">
>     <unix:user_id var_check=3D"at least one"
> var_ref=3D"file_permissions_unowned_userid_list" datatype=3D"int" />
>   </unix:file_state>
>
>   <local_variable id=3D"file_permissions_unowned_userid_list" comment=3D"=
List
> of valid user ids" datatype=3D"int" version=3D"1">
>     <object_component item_field=3D"subexpression"
> object_ref=3D"file_permissions_unowned_userid_list_object" />
>   </local_variable>
>
>   <ind:textfilecontent54_object
> id=3D"file_permissions_unowned_userid_list_object" version=3D"1">
>     <ind:filepath>/etc/passwd</ind:filepath>
>     <ind:pattern operation=3D"pattern
> match">^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$</ind:pattern>
>     <ind:instance operation=3D"greater than or equal"
> datatype=3D"int">1</ind:instance>
>   </ind:textfilecontent54_object>
>
>   <unix:file_object comment=3D"all local files"
> id=3D"file_permissions_unowned_object" version=3D"1">
>     <unix:behaviors recurse=3D"symlinks and directories"
> recurse_direction=3D"down" recurse_file_system=3D"local" />
>     <unix:filepath operation=3D"pattern match">^(?!\/proc)/</unix:filepat=
h>
>     <filter
> action=3D"exclude">file_permissions_unowned_userid_list_match</filter>
>   </unix:file_object>
>
>   <unix:file_test check=3D"all" check_existence=3D"none_exist" comment=3D=
"Check
> user ids on all files on the system" id=3D"file_permissions_unowned_test"
> version=3D"1">
>     <unix:object object_ref=3D"file_permissions_unowned_object" />
>   </unix:file_test>
> </def-group>
>
> - Maura Dailey
>
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
>
>

--===============3998087288448806859==
Content-Type: text/html
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.html"

PGRpdiBkaXI9Imx0ciI+PGRpdj48YnI+PC9kaXY+SSwgYWxvbmcgd2l0aCBSb2JlcnQsIGFzc3Vt
ZWQgdGhhdCB0aGUgdGVzdCB3YXMgdXNpbmcgc29tZSBzb3J0IG9mIGZpbmQoMSkgaW52b2NhdGlv
bi4gSXQgYXBwZWFycyBub3QgdG8gYmUsIGFsdGhvdWdoIHRoaXMgT1ZBTCBpcyBwcmV0dHkgb3Bh
cXVlIHRvIG1lLjxkaXY+PGJyPjwvZGl2PjxkaXYgc3R5bGU+V2hlbiBJIHNlZSB0aGUgY3VycmVu
dCBjaGVjayBmYWlsaW5nIGFnYWluc3QgbXkgc3lzdGVtLCBJIHRoZW4gcnVuIGEgZmluZCBjb21t
YW5kLCBhbmQgdGhlIG9ubHkgb3V0cHV0IGlzIGNvbXBsYWludHMgYWJvdXQgL3Byb2MgZW50cmll
cy4gSSB0aGVuIGFzc3VtZWQgdGhhdCB0aGlzIG91dHB1dCB3YXMgd2h5IHRoZSBjaGVjayB3YXMg
ZmFpbGluZy48L2Rpdj4KCjxkaXYgc3R5bGU+PGJyPjwvZGl2PjxkaXYgc3R5bGU+SSBjYW4gY29u
ZmlybSB0aGF0IHRoaXMgY2hlY2sgZG9lcyBmYWlsIGFnYWluc3QgbXkgc3lzdGVtLCBvciBhdCBs
ZWFzdCB0aGF0IHRlc3RjaGVjayByZXR1cm5zIGZhbHNlLiBUaGUgcmVzdWx0cyBmaWxlIHBvaW50
cyBhdCAvLmF1dG9mc2NrIGFuZCAvLnJlYWRhaGVhZF9jb2xsZWN0LCB3aGljaCBkb2VzbiYjMzk7
dCBtYWtlIHNlbnNlIGF0IGFsbC48L2Rpdj4KCjxkaXYgc3R5bGU+PGJyPjwvZGl2PjxkaXYgc3R5
bGU+VGhpcyBpcyBvbmUgb2YgdGhlIG1vcmUgZnJ1c3RyYXRpbmcgZmFsc2UgcG9zaXRpdmVzIHRo
YXQgSSBoYXZlLjwvZGl2PjxkaXYgc3R5bGU+PGJyPjwvZGl2PjxkaXYgc3R5bGU+QW5kcmV3PC9k
aXY+PGRpdiBzdHlsZT48YnI+PC9kaXY+PGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPjxicj48YnI+
PGRpdiBjbGFzcz0iZ21haWxfcXVvdGUiPgoKT24gVHVlLCBKdWwgMjMsIDIwMTMgYXQgMTo0NyBQ
TSwgTWF1cmEgRGFpbGV5IDxzcGFuIGRpcj0ibHRyIj4mbHQ7PGEgaHJlZj0ibWFpbHRvOm1hdXJh
QGVjbGlwc2UubmNzYy5taWwiIHRhcmdldD0iX2JsYW5rIj5tYXVyYUBlY2xpcHNlLm5jc2MubWls
PC9hPiZndDs8L3NwYW4+IHdyb3RlOjxicj48YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUi
IHN0eWxlPSJtYXJnaW46MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRk
aW5nLWxlZnQ6MWV4Ij4KCgogIAogICAgCiAgCiAgPGRpdiBiZ2NvbG9yPSIjRkZGRkZGIiB0ZXh0
PSIjMDAwMDAwIj4KICAgIEp1c3QgYW4gYXNpZGUsIEkgZGlkIHNvbWUgcG9raW5nIGFyb3VuZCwg
YW5kIGl0IGlzIHBvc3NpYmxlIHRvCiAgICBlbGltaW5hdGUgZGlyZWN0b3JpZXMgZnJvbSB0aGUg
c2VhcmNoLiBJIGxvb2tlZCBhdCB0aGUgVVNHQ0Igc3R1ZmZzCiAgICBhbmQgaGVyZSYjMzk7cyB3
aGF0IEkgcHV0IHRvZ2V0aGVyIGZvciBmaWxlX3Blcm1pc3Npb25zX3Vub3duZWQueG1sIGluCiAg
ICBPVkFMIHRvIGVsaW1pbmF0ZSAvcHJvYy4gSSBjYW4gZG8gdGhlIHNhbWUgZm9yIHRoZSBncm91
cCBpZCB2ZXJzaW9uLgogICAgVG8gYWRkIG1vcmUgZXhjbHVzaW9ucywgYWRkIGFuICYjMzk7fCYj
Mzk7IGFmdGVyIHByb2MsIGFuZCB0eXBlIGluIGFub3RoZXIKICAgIGRpcmVjdG9yeSBwYXRoLiBJ
dCBkb2VzbiYjMzk7dCBzZWVtIHRvIGNhcmUgaWYgeW91IGVzY2FwZSB0aGUgZm9yd2FyZAogICAg
c2xhc2hlcywgYnV0IEkgbGVmdCB0aGF0IGluIGp1c3QgaW4gY2FzZSB0aGUgYmVoYXZpb3IgY2hh
bmdlcyBsYXRlci48YnI+CiAgICA8YnI+CiAgICBJZiBhbnlvbmUgZG9lcyBmaWd1cmUgb3V0IGhv
dyB0byBxdWVyeSBQQU0gb3IgbnNsY2QvbnNjZCBmb3IgbmV0d29yawogICAgdXNlciBpZHMsIEkg
dGhpbmsgeW91IGNhbiBhZGQgaXQgYXMgYW4gZXh0cmEgZmlsdGVyIG9wdGlvbiB0byB0aGUKICAg
IGZpbGVfcGVybWlzc2lvbnNfdW5vd25lZF9vYmplY3QuPGJyPgogICAgPGJyPgogICAgUGxlYXNl
IG5vdGUsIEkgaGF2ZSBub3QgZ290dGVuIGEgc2luZ2xlIGZhaWx1cmUgd2l0aCB0aGlzIGNoZWNr
CiAgICBhZ2FpbnN0IC9wcm9jLiBJIGdldCB0aG91c2FuZHMgb2YgZmFpbHVyZXMgb24gbXkgd29y
a3N0YXRpb24sIHNpbmNlCiAgICBJIGhhdmUgbGFyZ2UgZ2l0IHJlcG9zaXRvcmllcyBjaGVja2Vk
IG91dCB0byBkaXJlY3RvcmllcyBvd25lZCBieSBteQogICAgbmV0d29yayBhY2NvdW50IG9uIHRo
ZSByb290IGhhcmQgZHJpdmUuPGJyPgogICAgPGJyPgogICAgPGNvZGU+Jmx0O2RlZi1ncm91cCZn
dDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqAgJmx0O2RlZmluaXRpb24gY2xh
c3M9JnF1b3Q7Y29tcGxpYW5jZSZxdW90OwogICAgICBpZD0mcXVvdDtmaWxlX3Blcm1pc3Npb25z
X3Vub3duZWQmcXVvdDsgdmVyc2lvbj0mcXVvdDsxJnF1b3Q7Jmd0OzwvY29kZT48Y29kZT48YnI+
CiAgICA8L2NvZGU+PGNvZGU+oKCgICZsdDttZXRhZGF0YSZndDs8L2NvZGU+PGNvZGU+PGJyPgog
ICAgPC9jb2RlPjxjb2RlPqCgoKCgICZsdDt0aXRsZSZndDtGaW5kIGZpbGVzIHVub3duZWQgYnkg
YQogICAgICB1c2VyJmx0Oy90aXRsZSZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxj
b2RlPqCgoKCgICZsdDthZmZlY3RlZCBmYW1pbHk9JnF1b3Q7dW5peCZxdW90OyZndDs8L2NvZGU+
PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoKCgoKAgJmx0O3BsYXRmb3JtJmd0O1JlZCBI
YXQgRW50ZXJwcmlzZSBMaW51eAogICAgICA2Jmx0Oy9wbGF0Zm9ybSZndDs8L2NvZGU+PGNvZGU+
PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoKCgICZsdDsvYWZmZWN0ZWQmZ3Q7PC9jb2RlPjxjb2Rl
Pjxicj4KICAgIDwvY29kZT48Y29kZT6goKCgoCAmbHQ7ZGVzY3JpcHRpb24mZ3Q7QWxsIGZpbGVz
IHNob3VsZCBiZSBvd25lZCBieSBhCiAgICAgIHVzZXImbHQ7L2Rlc2NyaXB0aW9uJmd0OzwvY29k
ZT48Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+oKCgICZsdDsvbWV0YWRhdGEmZ3Q7PC9jb2Rl
Pjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6goKAgJmx0O2NyaXRlcmlhJmd0OzwvY29kZT48
Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+oKCgoKAgJmx0O2NyaXRlcmlvbiBjb21tZW50PSZx
dW90O0NoZWNrIGFsbCBmaWxlcyBhbmQgbWFrZQogICAgICBzdXJlIHRoZXkgYXJlIG93bmVkIGJ5
IGEgdXNlciZxdW90OwogICAgICB0ZXN0X3JlZj0mcXVvdDtmaWxlX3Blcm1pc3Npb25zX3Vub3du
ZWRfdGVzdCZxdW90OyAvJmd0OzwvY29kZT48Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+oKCg
ICZsdDsvY3JpdGVyaWEmZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6gICZs
dDsvZGVmaW5pdGlvbiZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPjxicj4K
ICAgIDwvY29kZT48Y29kZT6gICZsdDt1bml4OmZpbGVfc3RhdGUKICAgICAgaWQ9JnF1b3Q7Zmls
ZV9wZXJtaXNzaW9uc191bm93bmVkX3VzZXJpZF9saXN0X21hdGNoJnF1b3Q7IHZlcnNpb249JnF1
b3Q7MSZxdW90OyZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoCAmbHQ7
dW5peDp1c2VyX2lkIHZhcl9jaGVjaz0mcXVvdDthdCBsZWFzdCBvbmUmcXVvdDsKICAgICAgdmFy
X3JlZj0mcXVvdDtmaWxlX3Blcm1pc3Npb25zX3Vub3duZWRfdXNlcmlkX2xpc3QmcXVvdDsgZGF0
YXR5cGU9JnF1b3Q7aW50JnF1b3Q7CiAgICAgIC8mZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwv
Y29kZT48Y29kZT6gICZsdDsvdW5peDpmaWxlX3N0YXRlJmd0OzwvY29kZT48Y29kZT48YnI+CiAg
ICA8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqAgJmx0O2xvY2FsX3ZhcmlhYmxl
CiAgICAgIGlkPSZxdW90O2ZpbGVfcGVybWlzc2lvbnNfdW5vd25lZF91c2VyaWRfbGlzdCZxdW90
OyBjb21tZW50PSZxdW90O0xpc3Qgb2YgdmFsaWQKICAgICAgdXNlciBpZHMmcXVvdDsgZGF0YXR5
cGU9JnF1b3Q7aW50JnF1b3Q7IHZlcnNpb249JnF1b3Q7MSZxdW90OyZndDs8L2NvZGU+PGNvZGU+
PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoCAmbHQ7b2JqZWN0X2NvbXBvbmVudCBpdGVtX2ZpZWxk
PSZxdW90O3N1YmV4cHJlc3Npb24mcXVvdDsKICAgICAgb2JqZWN0X3JlZj0mcXVvdDtmaWxlX3Bl
cm1pc3Npb25zX3Vub3duZWRfdXNlcmlkX2xpc3Rfb2JqZWN0JnF1b3Q7IC8mZ3Q7PC9jb2RlPjxj
b2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6gICZsdDsvbG9jYWxfdmFyaWFibGUmZ3Q7PC9jb2Rl
Pjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+oCAmbHQ7
aW5kOnRleHRmaWxlY29udGVudDU0X29iamVjdAogICAgICBpZD0mcXVvdDtmaWxlX3Blcm1pc3Np
b25zX3Vub3duZWRfdXNlcmlkX2xpc3Rfb2JqZWN0JnF1b3Q7IHZlcnNpb249JnF1b3Q7MSZxdW90
OyZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoAogICAgICAmbHQ7aW5k
OmZpbGVwYXRoJmd0Oy9ldGMvcGFzc3dkJmx0Oy9pbmQ6ZmlsZXBhdGgmZ3Q7PC9jb2RlPjxjb2Rl
Pjxicj4KICAgIDwvY29kZT48Y29kZT6goKAgJmx0O2luZDpwYXR0ZXJuIG9wZXJhdGlvbj0mcXVv
dDtwYXR0ZXJuCm1hdGNoJnF1b3Q7Jmd0O15bXjpdKzpbXjpdKzooW1xkXSspOltcZF0rOlteOl0q
OlteOl0rOlteOl0qJCZsdDsvaW5kOnBhdHRlcm4mZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwv
Y29kZT48Y29kZT6goKAgJmx0O2luZDppbnN0YW5jZSBvcGVyYXRpb249JnF1b3Q7Z3JlYXRlciB0
aGFuIG9yIGVxdWFsJnF1b3Q7CiAgICAgIGRhdGF0eXBlPSZxdW90O2ludCZxdW90OyZndDsxJmx0
Oy9pbmQ6aW5zdGFuY2UmZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6gICZs
dDsvaW5kOnRleHRmaWxlY29udGVudDU0X29iamVjdCZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAg
PC9jb2RlPjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6gICZsdDt1bml4OmZpbGVfb2JqZWN0
IGNvbW1lbnQ9JnF1b3Q7YWxsIGxvY2FsIGZpbGVzJnF1b3Q7CiAgICAgIGlkPSZxdW90O2ZpbGVf
cGVybWlzc2lvbnNfdW5vd25lZF9vYmplY3QmcXVvdDsgdmVyc2lvbj0mcXVvdDsxJnF1b3Q7Jmd0
OzwvY29kZT48Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+oKCgICZsdDt1bml4OmJlaGF2aW9y
cyByZWN1cnNlPSZxdW90O3N5bWxpbmtzIGFuZAogICAgICBkaXJlY3RvcmllcyZxdW90OyByZWN1
cnNlX2RpcmVjdGlvbj0mcXVvdDtkb3duJnF1b3Q7IHJlY3Vyc2VfZmlsZV9zeXN0ZW09JnF1b3Q7
bG9jYWwmcXVvdDsKICAgICAgLyZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2Rl
PqCgoCAmbHQ7dW5peDpmaWxlcGF0aCBvcGVyYXRpb249JnF1b3Q7cGF0dGVybgogICAgICBtYXRj
aCZxdW90OyZndDteKD8hXC9wcm9jKS8mbHQ7L3VuaXg6ZmlsZXBhdGgmZ3Q7PC9jb2RlPjxjb2Rl
Pjxicj4KICAgIDwvY29kZT48Y29kZT6goKAgJmx0O2ZpbHRlcgphY3Rpb249JnF1b3Q7ZXhjbHVk
ZSZxdW90OyZndDtmaWxlX3Blcm1pc3Npb25zX3Vub3duZWRfdXNlcmlkX2xpc3RfbWF0Y2gmbHQ7
L2ZpbHRlciZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqAgJmx0Oy91bml4
OmZpbGVfb2JqZWN0Jmd0OzwvY29kZT48Y29kZT48YnI+CiAgICA8L2NvZGU+PGNvZGU+PGJyPgog
ICAgPC9jb2RlPjxjb2RlPqAgJmx0O3VuaXg6ZmlsZV90ZXN0IGNoZWNrPSZxdW90O2FsbCZxdW90
OwogICAgICBjaGVja19leGlzdGVuY2U9JnF1b3Q7bm9uZV9leGlzdCZxdW90OyBjb21tZW50PSZx
dW90O0NoZWNrIHVzZXIgaWRzIG9uIGFsbCBmaWxlcwogICAgICBvbiB0aGUgc3lzdGVtJnF1b3Q7
IGlkPSZxdW90O2ZpbGVfcGVybWlzc2lvbnNfdW5vd25lZF90ZXN0JnF1b3Q7IHZlcnNpb249JnF1
b3Q7MSZxdW90OyZndDs8L2NvZGU+PGNvZGU+PGJyPgogICAgPC9jb2RlPjxjb2RlPqCgoCAmbHQ7
dW5peDpvYmplY3QKICAgICAgb2JqZWN0X3JlZj0mcXVvdDtmaWxlX3Blcm1pc3Npb25zX3Vub3du
ZWRfb2JqZWN0JnF1b3Q7IC8mZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29kZT6g
ICZsdDsvdW5peDpmaWxlX3Rlc3QmZ3Q7PC9jb2RlPjxjb2RlPjxicj4KICAgIDwvY29kZT48Y29k
ZT4mbHQ7L2RlZi1ncm91cCZndDs8L2NvZGU+PHNwYW4gY2xhc3M9IkhPRW5aYiI+PGZvbnQgY29s
b3I9IiM4ODg4ODgiPjxicj4KICAgIDxicj4KICAgIC0gTWF1cmEgRGFpbGV5PGJyPgogIDwvZm9u
dD48L3NwYW4+PC9kaXY+Cgo8YnI+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX188YnI+CnNjYXAtc2VjdXJpdHktZ3VpZGUgbWFpbGluZyBsaXN0PGJyPgo8YSBo
cmVmPSJtYWlsdG86c2NhcC1zZWN1cml0eS1ndWlkZUBsaXN0cy5mZWRvcmFob3N0ZWQub3JnIj5z
Y2FwLXNlY3VyaXR5LWd1aWRlQGxpc3RzLmZlZG9yYWhvc3RlZC5vcmc8L2E+PGJyPgo8YSBocmVm
PSJodHRwczovL2xpc3RzLmZlZG9yYWhvc3RlZC5vcmcvbWFpbG1hbi9saXN0aW5mby9zY2FwLXNl
Y3VyaXR5LWd1aWRlIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9saXN0cy5mZWRvcmFob3N0ZWQu
b3JnL21haWxtYW4vbGlzdGluZm8vc2NhcC1zZWN1cml0eS1ndWlkZTwvYT48YnI+Cjxicj48L2Js
b2NrcXVvdGU+PC9kaXY+PGJyPjwvZGl2PjwvZGl2Pgo=

--===============3998087288448806859==--