From 97a2d91d15f85767c85a51e23f881c48a7a37fd3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 12:14:30 -0400 Subject: [PATCH 001/270] Re-arrange whiptail screens --- salt/elasticsearch/files/elasticsearch.yml | 7 +- setup/so-whiptail | 477 +++++++++++---------- 2 files changed, 250 insertions(+), 234 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index acad465d1..40f708057 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,5 +42,10 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} -node.name: {{ ESCLUSTERNAME }} +node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m +{%- if salt['pillar.get']('elasticsearch:true_cluster') %} + {%- if grains.role == 'so-manager' %} +node.roles: [ master ] + {%- endif %} +{%- endif %} diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..78e66285b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -31,24 +31,6 @@ whiptail_airgap() { whiptail_check_exitstatus $exitstatus } -whiptail_basic_zeek() { - - [ -n "$TESTING" ] && return - - if [[ $is_smooshed ]]; then - local PROCS=$(expr $lb_procs / 2) - if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi - else - local PROCS=$lb_procs - fi - - BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_basic_suri() { [ -n "$TESTING" ] && return @@ -68,15 +50,10 @@ whiptail_basic_suri() { } -whiptail_zeek_pins() { +whiptail_basic_zeek() { [ -n "$TESTING" ] && return - local cpu_core_list_whiptail=() - for item in "${cpu_core_list[@]}"; do - cpu_core_list_whiptail+=("$item" "OFF") - done - if [[ $is_smooshed ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi @@ -84,65 +61,11 @@ whiptail_zeek_pins() { local PROCS=$lb_procs fi - ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - - IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" -} - -whiptail_zeek_version() { - - [ -n "$TESTING" ] && return - - ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ - "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus - -} - -whiptail_sensor_nics() { - - [ -n "$TESTING" ] && return - - filter_unused_nics - - if [[ $is_ec2 ]]; then - local menu_text="Please select NIC for the Monitor Interface:" - local list_type="radiolist" - else - local menu_text="Please add NICs to the Monitor Interface:" - local list_type="checklist" - fi - - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - while [ -z "$BNICS" ] - do - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - - BNICS=$(echo "$BNICS" | tr -d '"') - - IFS=' ' read -ra BNICS <<< "$BNICS" - - for bond_nic in "${BNICS[@]}"; do - if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then - whiptail \ - --title "Security Onion Setup" \ - --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ - 8 75 - exit - fi - done } whiptail_bond_nics_mtu() { @@ -184,6 +107,13 @@ whiptail_check_exitstatus() { esac } +whiptail_components_adv_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 +} + whiptail_create_admin_user() { [ -n "$TESTING" ] && return @@ -291,13 +221,6 @@ whiptail_create_web_user() { whiptail_check_exitstatus $exitstatus } -whiptail_invalid_user_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 -} - whiptail_create_web_user_password1() { [ -n "$TESTING" ] && return @@ -321,72 +244,6 @@ whiptail_create_web_user_password2() { } -whiptail_fleet_custom_hostname() { - - [ -n "$TESTING" ] && return - - FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ - "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_requirements_error() { - - local requirement_needed=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" \ - --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_storage_requirements() { - local mount=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - read -r -d '' message <<- EOM - Free space on mount point '${mount}' is currently ${current_val}. - - You need ${needed_val} to meet minimum requirements. - - Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. - - Press YES to continue anyway, or press NO to cancel. - EOM - - whiptail \ - --title "Security Onion Setup" \ - --yesno "$message" \ - 14 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_invalid_pass_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 -} - -whiptail_invalid_pass_characters_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 -} - whiptail_cur_close_days() { [ -n "$TESTING" ] && return @@ -502,11 +359,26 @@ whiptail_eval_adv() { whiptail_check_exitstatus $exitstatus } -whiptail_components_adv_warning() { +whiptail_fleet_custom_hostname() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 + FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ + "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_gauge_post_setup() { + + if [ -n "$TESTING" ]; then + cat >> $setup_log 2>&1 + else + local msg=$1 + + whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 + fi } whiptail_helix_apikey() { @@ -594,6 +466,27 @@ whiptail_install_type() { export install_type } +whiptail_invalid_pass_characters_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 +} + +whiptail_invalid_pass_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 +} + +whiptail_invalid_user_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 +} + whiptail_log_size_limit() { [ -n "$TESTING" ] && return @@ -608,6 +501,17 @@ whiptail_log_size_limit() { } +whiptail_make_changes() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_management_interface_dns() { [ -n "$TESTING" ] && return @@ -672,43 +576,6 @@ whiptail_management_nic() { } -whiptail_nids() { - - [ -n "$TESTING" ] && return - - NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ - "Suricata" "Suricata" ON \ - "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_oinkcode() { - - [ -n "$TESTING" ] && return - - OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_make_changes() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - whiptail_management_server() { [ -n "$TESTING" ] && return @@ -756,6 +623,17 @@ whiptail_manager_adv() { } +# Ask if you want to do true clustering +whiptail_manager_adv_escluster(){ + + [ -n "$TESTING" ] && return + + MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + # Ask which additional components to install whiptail_manager_adv_service_zeeklogs() { @@ -810,6 +688,54 @@ whiptail_manager_adv_service_zeeklogs() { } +whiptail_manager_updates() { + + [ -n "$TESTING" ] && return + + local update_string + update_string=$(whiptail --title "Security Onion Setup" --radiolist \ + "How would you like to download OS package updates for your grid?" 20 75 4 \ + "MANAGER" "Manager node is proxy for updates" ON \ + "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + case "$update_string" in + 'MANAGER') + export MANAGERUPDATES='1' + ;; + *) + export MANAGERUPDATES='0' + ;; + esac + +} + +whiptail_manager_updates_warning() { + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup"\ + --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ + 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_nids() { + + [ -n "$TESTING" ] && return + + NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ + "Suricata" "Suricata" ON \ + "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_network_notice() { [ -n "$TESTING" ] && return @@ -895,6 +821,18 @@ whiptail_node_ls_input_threads() { } +whiptail_oinkcode() { + + [ -n "$TESTING" ] && return + + OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + #TODO: helper function to display error message or exit if batch mode # exit_if_batch <"Error string"> @@ -1049,6 +987,21 @@ whiptail_patch_schedule_select_hours() { } +whiptail_requirements_error() { + + local requirement_needed=$1 + local current_val=$2 + local needed_val=$3 + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" \ + --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_rule_setup() { [ -n "$TESTING" ] && return @@ -1080,6 +1033,46 @@ whiptail_sensor_config() { } +whiptail_sensor_nics() { + + [ -n "$TESTING" ] && return + + filter_unused_nics + + if [[ $is_ec2 ]]; then + local menu_text="Please select NIC for the Monitor Interface:" + local list_type="radiolist" + else + local menu_text="Please add NICs to the Monitor Interface:" + local list_type="checklist" + fi + + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + while [ -z "$BNICS" ] + do + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + done + + BNICS=$(echo "$BNICS" | tr -d '"') + + IFS=' ' read -ra BNICS <<< "$BNICS" + + for bond_nic in "${BNICS[@]}"; do + if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then + whiptail \ + --title "Security Onion Setup" \ + --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ + 8 75 + exit + fi + done +} + whiptail_set_hostname() { [ -n "$TESTING" ] && return @@ -1200,15 +1193,30 @@ whiptail_so_allow() { fi } -whiptail_gauge_post_setup() { +whiptail_storage_requirements() { + local mount=$1 + local current_val=$2 + local needed_val=$3 - if [ -n "$TESTING" ]; then - cat >> $setup_log 2>&1 - else - local msg=$1 + [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 - fi + read -r -d '' message <<- EOM + Free space on mount point '${mount}' is currently ${current_val}. + + You need ${needed_val} to meet minimum requirements. + + Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. + + Press YES to continue anyway, or press NO to cancel. + EOM + + whiptail \ + --title "Security Onion Setup" \ + --yesno "$message" \ + 14 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_strelka_rules() { @@ -1251,40 +1259,6 @@ whiptail_suricata_pins() { } -whiptail_manager_updates() { - - [ -n "$TESTING" ] && return - - local update_string - update_string=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download OS package updates for your grid?" 20 75 4 \ - "MANAGER" "Manager node is proxy for updates" ON \ - "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - case "$update_string" in - 'MANAGER') - export MANAGERUPDATES='1' - ;; - *) - export MANAGERUPDATES='0' - ;; - esac - -} - -whiptail_manager_updates_warning() { - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup"\ - --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ - 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_node_updates() { [ -n "$TESTING" ] && return @@ -1322,3 +1296,40 @@ whiptail_you_sure() { return $exitstatus } + +whiptail_zeek_pins() { + + [ -n "$TESTING" ] && return + + local cpu_core_list_whiptail=() + for item in "${cpu_core_list[@]}"; do + cpu_core_list_whiptail+=("$item" "OFF") + done + + if [[ $is_smooshed ]]; then + local PROCS=$(expr $lb_procs / 2) + if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi + else + local PROCS=$lb_procs + fi + + ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') + + IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" +} + +whiptail_zeek_version() { + + [ -n "$TESTING" ] && return + + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ + "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} From bab6b151ff9f0fbf58e9ecb36c4d3adac3824959 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:07:22 -0400 Subject: [PATCH 002/270] Add cluster whiptail questions --- setup/so-setup | 3 +++ setup/so-whiptail | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..e9ad3a281 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,6 +320,9 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + whiptail_manager_adv_escluster + fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported # whiptail_nids diff --git a/setup/so-whiptail b/setup/so-whiptail index 78e66285b..437b2192c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -631,7 +631,19 @@ whiptail_manager_adv_escluster(){ MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) local exitstatus=$? - whiptail_check_exitstatus $exitstatus + + if [[ $exitstatus == 0 ]]; then + whiptail_manager_adv_escluster_name + fi +} + +# Get a cluster name +whiptail_manager_adv_escluster_name(){ + + [ -n "$TESTING" ] && return + + ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3) } # Ask which additional components to install From bbb825a2079423d87796c3a68c201ed2f256f4c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:33:40 -0400 Subject: [PATCH 003/270] Add cluster whiptail questions --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e9ad3a281..cad7fea6a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then whiptail_manager_adv_escluster fi whiptail_zeek_version From f893cf203f37be8dc6dd35e00237ec78a2dc92cc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:38:17 -0400 Subject: [PATCH 004/270] Change whiptail logic --- setup/so-setup | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index cad7fea6a..93a63a758 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,8 +320,10 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then - whiptail_manager_adv_escluster + if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + whiptail_manager_adv_escluster + fi fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported From c22e8c08a6074a786726170752f1b57a7357f0e5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:22 -0400 Subject: [PATCH 005/270] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 93a63a758..74ff6c0b8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$MANAGERADV" = 'ADVANCED' ]; then if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi From c538e5f85b9ea83eb8d48ece5356e87d70571ead Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:56 -0400 Subject: [PATCH 006/270] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 74ff6c0b8..ab0d809a1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -321,7 +321,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv if [ "$MANAGERADV" = 'ADVANCED' ]; then - if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi fi From 6f703fad259775cffd67fdddf44fc884f2d93143 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:44:43 -0400 Subject: [PATCH 007/270] Change whiptail logic --- setup/so-whiptail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 437b2192c..302fb96e6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -628,7 +628,8 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return - MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + whiptail --title "Security Onion Setup" --yesno \ + "Do you want to set up a traditional ES cluster?" 8 75 local exitstatus=$? From 23bc5e303e873372f12ad51ca2d02d05b52be64c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:52:43 -0400 Subject: [PATCH 008/270] Add clustering to ES function --- setup/so-functions | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 06f103cfc..dc2a9e7fd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,14 +1200,19 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - " true_cluster: False"\ - " true_cluster_name: 'so'"\ + if [ -z "$ESCLUSTERNAME" ]; then + " true_cluster: False" + " true_cluster_name: 'so'" + else + " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" + fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ - " cluster_routing_allocation_disk_watermark_low: '95%'"\ - " cluster_routing_allocation_disk_watermark_high: '98%'"\ - " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ + " cluster_routing_allocation_disk_watermark_low: '95%'"\ + " cluster_routing_allocation_disk_watermark_high: '98%'"\ + " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ From 7e0063d47467b184f7b3dc81db166582a810cdb9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:55:11 -0400 Subject: [PATCH 009/270] Fix pillar syntax --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index dc2a9e7fd..d134a8ac8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,11 +1201,11 @@ manager_global() { "elasticsearch:"\ " replicas: 0"\ if [ -z "$ESCLUSTERNAME" ]; then - " true_cluster: False" - " true_cluster_name: 'so'" + printf " true_cluster: False" + " true_cluster_name: 'so'" else - " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ From 4e1bff2231799b951d7495bc722227d48a392edf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:56:13 -0400 Subject: [PATCH 010/270] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index d134a8ac8..fab24b2f2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,7 +1200,7 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [ -z "$ESCLUSTERNAME" ]; then + if [[ -z "$ESCLUSTERNAME" ]]; then printf " true_cluster: False" " true_cluster_name: 'so'" else From 55b6f5ce996bdb126451f4fde21703e451b5e976 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:02:26 -0400 Subject: [PATCH 011/270] Fix pillar syntax --- setup/so-functions | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fab24b2f2..cb7e447ea 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,13 +1200,14 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [[ -z "$ESCLUSTERNAME" ]]; then - printf " true_cluster: False" - " true_cluster_name: 'so'" + if [ -n "$ESCLUSTERNAME" ]; then + printf " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'"\ else - printf " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: False"\ + " true_cluster_name: 'so'"\ fi + " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 3cb419174af91ddc1f0148a8eb3943ddbeae48c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:04:06 -0400 Subject: [PATCH 012/270] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index cb7e447ea..cae48c777 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,7 +1199,7 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0"\ + " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then printf " true_cluster: True"\ " true_cluster_name: '$ESCLUSTERNAME'"\ From 722f2b3913cca624520ce230c9ad163d1ba5337e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:08:06 -0400 Subject: [PATCH 013/270] Fix pillar syntax --- setup/so-functions | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index cae48c777..0c2bc804d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,13 +1201,15 @@ manager_global() { "elasticsearch:"\ " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then - printf " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'"\ + printf '%s\n'\ + " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'" else - printf " true_cluster: False"\ - " true_cluster_name: 'so'"\ + printf '%s\n'\ + " true_cluster: False"\ + " true_cluster_name: 'so'" fi - + printf '%s\n'\ " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 87adbb5f819b4864062800d06886226b604942ff Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:20:33 -0400 Subject: [PATCH 014/270] printf issues --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0c2bc804d..9ded48ddf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,15 +1199,15 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0" + " replicas: 0" >> "$global_pillar" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'" + " true_cluster_name: '$ESCLUSTERNAME'" >> "$global_pillar" else printf '%s\n'\ " true_cluster: False"\ - " true_cluster_name: 'so'" + " true_cluster_name: 'so'" >> "$global_pillar" fi printf '%s\n'\ " discovery_nodes: 1"\ From 57d8f2542212230740ed33ee4a9c84ee31f0f5e0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 16:44:14 -0400 Subject: [PATCH 015/270] Create master node role in ES --- salt/elasticsearch/files/elasticsearch.yml | 11 ++++------- setup/so-functions | 11 +++++++++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 40f708057..b5d0b0293 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,11 +1,8 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or salt['pillar.get']('elasticsearch:true_cluster') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %} -{%- else %} {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- endif %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} -{% set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -44,7 +41,7 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m -{%- if salt['pillar.get']('elasticsearch:true_cluster') %} +{%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} node.roles: [ master ] {%- endif %} diff --git a/setup/so-functions b/setup/so-functions index 9ded48ddf..3566d0d5e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1331,8 +1331,15 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'"\ - " esclustername: {{ grains.host }}"\ + " esheap: '$NODE_ES_HEAP_SIZE'" + if [ -n "$ESCLUSTERNAME" ]; then + printf '%s\n'\ + " esclustername: $ESCLUSTERNAME" + else + printf '%s\n'\ + " esclustername: {{ grains.host }}" + fi + printf '%s\n'\ " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ From 6359e03ba6ee8c1203d718505f664eb410efcc2d Mon Sep 17 00:00:00 2001 From: jtgreen-cse <67059096+jtgreen-cse@users.noreply.github.com> Date: Thu, 29 Oct 2020 15:03:13 -0400 Subject: [PATCH 016/270] fix for Windows events via osquery This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES. --- salt/elasticsearch/files/ingest/osquery.query_result | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/files/ingest/osquery.query_result b/salt/elasticsearch/files/ingest/osquery.query_result index 3a6ed15a3..67a0b39f8 100644 --- a/salt/elasticsearch/files/ingest/osquery.query_result +++ b/salt/elasticsearch/files/ingest/osquery.query_result @@ -6,7 +6,7 @@ { "gsub": { "field": "message2.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "", "ignore_missing": true } }, { "rename": { "if": "ctx.message2.columns?.eventid != null", "field": "message2.columns", "target_field": "winlog", "ignore_missing": true } }, { "json": { "field": "winlog.data", "target_field": "temp", "ignore_failure": true } }, - { "rename": { "field": "temp.Data", "target_field": "winlog.event_data", "ignore_missing": true } }, + { "rename": { "field": "temp.EventData", "target_field": "winlog.event_data", "ignore_missing": true } }, { "rename": { "field": "winlog.source", "target_field": "winlog.channel", "ignore_missing": true } }, { "rename": { "field": "winlog.eventid", "target_field": "winlog.event_id", "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, @@ -22,4 +22,4 @@ { "set": { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false} }, { "pipeline": { "name": "common" } } ] -} \ No newline at end of file +} From ac3b5e4f1b1f4fb13817299989b39c6d5027af59 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 19 Nov 2020 09:48:56 -0500 Subject: [PATCH 017/270] [fix] Remove echo redirect at beginning of install --- setup/so-functions | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 8254b2819..f13a183f2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -709,7 +709,8 @@ detect_os() { exit 1 fi - echo "Installing required packages to run installer..." >> "$setup_log" 2>&1 + # Print message to stdout so the user knows setup is doing something + echo "Installing required packages to run installer..." # Install bind-utils so the host command exists if [[ ! $is_iso ]]; then if ! command -v host > /dev/null 2>&1; then @@ -743,6 +744,7 @@ detect_os() { exit 1 fi + # Print message to stdout so the user knows setup is doing something echo "Installing required packages to run installer..." # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then From 9fb8a6d48298c607c23dcef9740bb30fad555134 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 19 Nov 2020 16:53:34 -0500 Subject: [PATCH 018/270] Increment version to 2.3.20 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 506c62f67..69484413e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.10 \ No newline at end of file +2.3.20 \ No newline at end of file From 79ec1de83a8d1b853d5c1293afb7632ec2986e77 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 09:56:48 -0500 Subject: [PATCH 019/270] [fix] Add exit check for static ip whiptail menus Fixes #1992 --- setup/so-whiptail | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 07e534c0f..bf40a99dd 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -697,6 +697,8 @@ whiptail_management_interface_dns() { MDNS=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your DNS servers separated by a space:" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_dns_search() { @@ -706,6 +708,8 @@ whiptail_management_interface_dns_search() { MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your DNS search domain:" 10 60 searchdomain.local 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_gateway() { @@ -715,6 +719,8 @@ whiptail_management_interface_gateway() { MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your gateway:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_ip() { @@ -724,6 +730,8 @@ whiptail_management_interface_ip() { MIP=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_mask() { @@ -733,6 +741,8 @@ whiptail_management_interface_mask() { MMASK=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_nic() { From e62b52da1b39c360493703ba4ad19159a766fac0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 09:58:07 -0500 Subject: [PATCH 020/270] [fix] Add condition to zeek state during setup for ZEEKVERSION Fixes #1990 --- setup/so-setup | 8 +++++--- setup/so-whiptail | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index e1550ff03..22e429ad4 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -639,12 +639,14 @@ fi salt-call state.apply -l info pcap >> $setup_log 2>&1 fi - if [[ $is_sensor || $is_import ]]; then + if [[ $is_sensor || $is_import || $is_helix ]]; then set_progress_str 66 "$(print_salt_state_apply 'suricata')" salt-call state.apply -l info suricata >> $setup_log 2>&1 - set_progress_str 67 "$(print_salt_state_apply 'zeek')" - salt-call state.apply -l info zeek >> $setup_log 2>&1 + if [[ $ZEEKVERSION == 'ZEEK' ]]; then + set_progress_str 67 "$(print_salt_state_apply 'zeek')" + salt-call state.apply -l info zeek >> $setup_log 2>&1 + fi fi if [[ $is_node ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index bf40a99dd..11d968910 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -97,7 +97,8 @@ whiptail_zeek_version() { [ -n "$TESTING" ] && return - ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 \ + "ZEEK" "Zeek (formerly known as Bro)" ON \ "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) local exitstatus=$? From 9d837f7b45f3b2c4561acf5f5c572e1c73531b9f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 10:09:14 -0500 Subject: [PATCH 021/270] [fix] Reload sshd if config changes are made Fixes #1976 --- salt/common/tools/sbin/so-ssh-harden | 75 ++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 16 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 2f78a7af8..1cfdc482d 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -3,47 +3,90 @@ . /usr/sbin/so-common if [[ $1 =~ ^(q|--quiet) ]]; then - quiet=true + quiet=true fi +before= +after= +reload_required=false + print_sshd_t() { - local string=$1 - local state=$2 - echo "${state}:" - sshd -T | grep "^${string}" + local string=$1 + local state=$2 + echo "${state}:" + + local grep_out + grep_out=$(sshd -T | grep "^${string}") + + if [[ $state == "Before" ]]; then + before=$grep_out + else + after=$grep_out + fi + + echo $grep_out +} + +print_msg() { + local msg=$1 + + printf "%s\n" \ + "----" + "$msg" + "----" + "" } if ! [[ $quiet ]]; then print_sshd_t "ciphers" "Before"; fi sshd -T | grep "^ciphers" | sed -e "s/\(3des-cbc\|aes128-cbc\|aes192-cbc\|aes256-cbc\|arcfour\|arcfour128\|arcfour256\|blowfish-cbc\|cast128-cbc\|rijndael-cbc@lysator.liu.se\)\,\?//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "ciphers" "After" - echo "" + print_sshd_t "ciphers" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "kexalgorithms" "Before"; fi sshd -T | grep "^kexalgorithms" | sed -e "s/\(diffie-hellman-group14-sha1\|ecdh-sha2-nistp256\|diffie-hellman-group-exchange-sha256\|diffie-hellman-group1-sha1\|diffie-hellman-group-exchange-sha1\|ecdh-sha2-nistp521\|ecdh-sha2-nistp384\)\,\?//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "kexalgorithms" "After" - echo "" + print_sshd_t "kexalgorithms" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "macs" "Before"; fi sshd -T | grep "^macs" | sed -e "s/\(hmac-sha2-512,\|umac-128@openssh.com,\|hmac-sha2-256,\|umac-64@openssh.com,\|hmac-sha1,\|hmac-sha1-etm@openssh.com,\|umac-64-etm@openssh.com,\|hmac-sha1\)//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "macs" "After" - echo "" + print_sshd_t "macs" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "hostkeyalgorithms" "Before"; fi sshd -T | grep "^hostkeyalgorithms" | sed "s|ecdsa-sha2-nistp256,||g" | sed "s|ssh-rsa,||g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "hostkeyalgorithms" "After" - echo "" + print_sshd_t "hostkeyalgorithms" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true +fi + +if [[ $reload_required == true ]]; then + print_msg "Reloading sshd to load config changes..." + systemctl reload sshd fi {% if grains['os'] != 'CentOS' %} -echo "----" -echo "[ WARNING ] Any new ssh sessions will need to remove and reaccept the ECDSA key for this server before reconnecting." -echo "----" +print_msg "[ WARNING ] Any new ssh sessions will need to remove and reaccept the ECDSA key for this server before reconnecting." {% endif %} From 1a11c24f0304ccaf764db921aed0154d977d164a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 11:13:40 -0500 Subject: [PATCH 022/270] [fix] Add newline escapes to so-ssh-harden --- salt/common/tools/sbin/so-ssh-harden | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 1cfdc482d..531c64cfd 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -31,9 +31,9 @@ print_msg() { local msg=$1 printf "%s\n" \ - "----" - "$msg" - "----" + "----" \ + "$msg" \ + "----" \ "" } From 2e6be747d92f303f2f606072f83787647778a545 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 11:18:40 -0500 Subject: [PATCH 023/270] [fix] Fixes for quiet flag in so-ssh-harden --- salt/common/tools/sbin/so-ssh-harden | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 531c64cfd..1fd7d58d9 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -2,7 +2,7 @@ . /usr/sbin/so-common -if [[ $1 =~ ^(q|--quiet) ]]; then +if [[ $1 =~ ^(-q|--quiet) ]]; then quiet=true fi @@ -29,12 +29,13 @@ print_sshd_t() { print_msg() { local msg=$1 - + if ! [[ $quiet ]]; then printf "%s\n" \ "----" \ "$msg" \ "----" \ "" + fi } if ! [[ $quiet ]]; then print_sshd_t "ciphers" "Before"; fi From f074179656d6f39eed0f767f687a6de010af2646 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 14:13:44 -0500 Subject: [PATCH 024/270] Correct so-import-pcap wrapping; add so-pcap-import alias for so-import-pcap; prompt to reboot after changing IP address on manager; ensure all tools have exec bit set --- salt/common/tools/sbin/so-import-pcap | 3 +-- salt/common/tools/sbin/so-ip-update | 6 +++--- salt/common/tools/sbin/so-playbook-reset | 0 salt/common/tools/sbin/so-ssh-harden | 0 salt/common/tools/sbin/so-wazuh-user-add | 0 salt/common/tools/sbin/so-wazuh-user-passwd | 0 salt/common/tools/sbin/so-wazuh-user-remove | 0 7 files changed, 4 insertions(+), 5 deletions(-) mode change 100644 => 100755 salt/common/tools/sbin/so-ip-update mode change 100644 => 100755 salt/common/tools/sbin/so-playbook-reset mode change 100644 => 100755 salt/common/tools/sbin/so-ssh-harden mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-add mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-passwd mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-remove diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index f10f5fad9..2dc5b0504 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -27,8 +27,7 @@ function usage { cat << EOF Usage: $0 [pcap-file-2] [pcap-file-N] -Imports one or more PCAP files onto a sensor node. The PCAP traffic will be analyzed and -made available for review in the Security Onion toolset. +Imports one or more PCAP files onto a sensor node. The PCAP traffic will be analyzed and made available for review in the Security Onion toolset. EOF } diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update old mode 100644 new mode 100755 index 7321a5587..8ab012ccf --- a/salt/common/tools/sbin/so-ip-update +++ b/salt/common/tools/sbin/so-ip-update @@ -50,9 +50,9 @@ if [ "$CONTINUE" == "y" ]; then echo "The IP has been changed from $OLD_IP to $NEW_IP." - if [ -z "$SKIP_STATE_APPLY" ]; then - echo "Re-applying salt states." - salt-call state.highstate queue=True + read -n 1 -p "The system must reboot to ensure all services have restarted with the new configuration. Reboot now? (y/N)" CONTINUE + if [ "$CONTINUE" == "y" ]; then + reboot fi else echo "Exiting without changes." diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-add b/salt/common/tools/sbin/so-wazuh-user-add old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-passwd b/salt/common/tools/sbin/so-wazuh-user-passwd old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-remove b/salt/common/tools/sbin/so-wazuh-user-remove old mode 100644 new mode 100755 From bc40a2bfc5d36e1a3a2dd82fa9fe5cfcfb60776b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 14:13:57 -0500 Subject: [PATCH 025/270] Correct so-import-pcap wrapping; add so-pcap-import alias for so-import-pcap; prompt to reboot after changing IP address on manager; ensure all tools have exec bit set --- salt/common/tools/sbin/so-pcap-import | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100755 salt/common/tools/sbin/so-pcap-import diff --git a/salt/common/tools/sbin/so-pcap-import b/salt/common/tools/sbin/so-pcap-import new file mode 100755 index 000000000..667bf064e --- /dev/null +++ b/salt/common/tools/sbin/so-pcap-import @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +$(dirname $0)/so-import-pcap $@ From 78f5727f6f493511f747ac3601b497e66bab580d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 15:16:07 -0500 Subject: [PATCH 026/270] Improve so-ip-update prompts --- salt/common/tools/sbin/so-ip-update | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update index 8ab012ccf..9976a42e8 100755 --- a/salt/common/tools/sbin/so-ip-update +++ b/salt/common/tools/sbin/so-ip-update @@ -39,6 +39,7 @@ fi echo "About to change old IP $OLD_IP to new IP $NEW_IP." +echo read -n 1 -p "Would you like to continue? (y/N) " CONTINUE echo @@ -50,7 +51,10 @@ if [ "$CONTINUE" == "y" ]; then echo "The IP has been changed from $OLD_IP to $NEW_IP." + echo read -n 1 -p "The system must reboot to ensure all services have restarted with the new configuration. Reboot now? (y/N)" CONTINUE + echo + if [ "$CONTINUE" == "y" ]; then reboot fi From bafefb980b4768be0feda40a4ae1f7a62f8bf12b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 23 Nov 2020 10:45:52 -0500 Subject: [PATCH 027/270] Update so-elastalert-test script for compatibility with SO 2.3 --- salt/common/tools/sbin/so-elastalert-test | 135 +++++++++++----------- 1 file changed, 66 insertions(+), 69 deletions(-) diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test index ccb823168..4e59aacb3 100755 --- a/salt/common/tools/sbin/so-elastalert-test +++ b/salt/common/tools/sbin/so-elastalert-test @@ -19,8 +19,7 @@ # # Purpose: This script will allow you to test your elastalert rule without entering the Docker container. -. /usr/sbin/so-elastic-common - +HOST_RULE_DIR=/opt/so/rules/elastalert OPTIONS="" SKIP=0 RESULTS_TO_LOG="n" @@ -29,111 +28,109 @@ FILE_SAVE_LOCATION="" usage() { -cat < Write results to specified log file - -o '' Specify Elastalert options ( Ex. --schema-only , --count-only, --days N ) - -r Specify path/name of rule to test + -h This message + -a Trigger real alerts instead of the debug alert + -l Write results to specified log file + -o '' Specify Elastalert options ( Ex. --schema-only , --count-only, --days N ) + -r Specify filename of rule to test (must exist in $HOST_RULE_DIR; do not include path) EOF } while getopts "hal:o:r:" OPTION do - case $OPTION in - h) - usage - exit 0 - ;; - a) - OPTIONS="--alert" - ;; - l) - RESULTS_TO_LOG="y" - FILE_SAVE_LOCATION=$OPTARG - ;; - - o) - OPTIONS=$OPTARG - ;; - - r) - RULE_NAME=$OPTARG - SKIP=1 - ;; - *) - usage - exit 0 - ;; - esac + case $OPTION in + h) + usage + exit 0 + ;; + a) + OPTIONS="--alert" + ;; + l) + RESULTS_TO_LOG="y" + FILE_SAVE_LOCATION=$OPTARG + ;; + o) + OPTIONS=$OPTARG + ;; + r) + RULE_NAME=$OPTARG + SKIP=1 + ;; + *) + usage + exit 0 + ;; + esac done docker_exec(){ - if [ ${RESULTS_TO_LOG,,} = "y" ] ; then - docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" > $FILE_SAVE_LOCATION + CMD="docker exec -it so-elastalert elastalert-test-rule /opt/elastalert/rules/$RULE_NAME --config /opt/config/elastalert_config.yaml $OPTIONS" + if [ "${RESULTS_TO_LOG,,}" = "y" ] ; then + $CMD > "$FILE_SAVE_LOCATION" else - docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" + $CMD fi } rule_prompt(){ - CURRENT_RULES=$(find /opt/so/rules/elastalert -name "*.yaml") - echo - echo "This script will allow you to test an Elastalert rule." - echo - echo "Below is a list of active Elastalert rules:" - echo + CURRENT_RULES=$(cd "$HOST_RULE_DIR" && find . -type f \( -name "*.yaml" -o -name "*.yml" \) | sed -e 's/^\.\///') + if [ -z "$CURRENT_RULES" ]; then + echo "There are no rules available to test. Rule files must be placed in the $HOST_RULE_DIR directory." + exit 1 + fi + echo + echo "This script will allow you to test an Elastalert rule." + echo + echo "Below is a list of available Elastalert rules:" + echo echo "-----------------------------------" - echo - echo "$CURRENT_RULES" - echo + echo + echo "$CURRENT_RULES" + echo echo "-----------------------------------" - echo - echo "Note: To test a rule it must be accessible by the Elastalert Docker container." - echo - echo "Make sure to swap the local path (/opt/so/rules/elastalert/) for the docker path (/etc/elastalert/rules/)" - echo "Example: /opt/so/rules/elastalert/nids2hive.yaml would be /etc/elastalert/rules/nids2hive.yaml" - echo - while [ -z $RULE_NAME ]; do - echo "Please enter the file path and rule name you want to test." - read -e RULE_NAME + echo + while [ -z "$RULE_NAME" ]; do + read -p "Please enter the rule filename you want to test (filename only, no path): " -e RULE_NAME done } log_save_prompt(){ RESULTS_TO_LOG="" - while [ -z $RESULTS_TO_LOG ]; do - echo "The results can be rather long. Would you like to write the results to a file? (Y/N)" - read RESULTS_TO_LOG - done + read -p "The results can be rather long. Would you like to write the results to a file? (y/N) " -e RESULTS_TO_LOG } log_path_prompt(){ - while [ -z $FILE_SAVE_LOCATION ]; do - echo "Please enter the file path and file name." - read -e FILE_SAVE_LOCATION - done + while [ -z "$FILE_SAVE_LOCATION" ]; do + read -p "Please enter the log file path and file name: " -e FILE_SAVE_LOCATION + done echo "Depending on the rule this may take a while." } if [ $SKIP -eq 0 ]; then rule_prompt log_save_prompt - if [ ${RESULTS_TO_LOG,,} = "y" ] ; then - log_path_prompt - fi + if [ "${RESULTS_TO_LOG,,}" = "y" ] ; then + log_path_prompt + fi fi -docker_exec +echo -if [ $? -eq 0 ]; then +docker_exec +RESULT=$? + +echo + +if [ $RESULT -eq 0 ]; then echo "Test completed successfully!" else - echo "Something went wrong..." + echo "Test failed." fi echo \ No newline at end of file From 1e32a01657306619de7e9e79c1b94a20428d1ec0 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 23 Nov 2020 18:36:19 -0500 Subject: [PATCH 028/270] Create symlink before registration otherwise registration script can't save it's state (.log) file into the conf subdir; add more logging output to track down registration failures --- salt/wazuh/files/agent/wazuh-register-agent | 3 ++- salt/wazuh/init.sls | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index 6762f023d..da4870e47 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -55,8 +55,9 @@ register_agent() { # Adding agent and getting Id from manager echo "" echo "Adding agent:" - echo "curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" + echo "Executing: curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP -L $PROTOCOL://$API_IP:$API_PORT/agents) + echo "Result: $API_RESULT" echo -e $API_RESULT | grep -q "\"error\":0" 2>&1 if [ "$?" != "0" ]; then diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index e8e40c720..19afa48d7 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -128,15 +128,15 @@ whitelistmanager: - name: /usr/sbin/wazuh-manager-whitelist - cwd: / +/opt/so/conf/wazuh: + file.symlink: + - target: /nsm/wazuh/etc + wazuhagentservice: service.running: - name: wazuh-agent - enable: True -/opt/so/conf/wazuh: - file.symlink: - - target: /nsm/wazuh/etc - hidsruledir: file.directory: - name: /opt/so/rules/hids From 65334d15ea1cf806b2482ace2d511370053f55a8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Nov 2020 09:33:38 -0500 Subject: [PATCH 029/270] https://github.com/Security-Onion-Solutions/securityonion/issues/2040 --- salt/pcap/init.sls | 42 ------------------- salt/{pcap => sensoroni}/files/sensoroni.json | 5 ++- salt/sensoroni/init.sls | 41 ++++++++++++++++++ salt/top.sls | 1 + setup/so-functions | 13 +++++- setup/so-setup | 1 + 6 files changed, 59 insertions(+), 44 deletions(-) rename salt/{pcap => sensoroni}/files/sensoroni.json (76%) create mode 100644 salt/sensoroni/init.sls diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 5a13c1231..e98bbecf5 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -45,13 +45,6 @@ stenoconfdir: - group: 939 - makedirs: True -sensoroniconfdir: - file.directory: - - name: /opt/so/conf/sensoroni - - user: 939 - - group: 939 - - makedirs: True - {% if BPF_STENO %} {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" "),cwd='/root') %} {% if BPF_CALC['stderr'] == "" %} @@ -77,15 +70,6 @@ stenoconf: - defaults: BPF_COMPILED: "{{ BPF_COMPILED }}" -sensoroniagentconf: - file.managed: - - name: /opt/so/conf/sensoroni/sensoroni.json - - source: salt://pcap/files/sensoroni.json - - user: 939 - - group: 939 - - mode: 600 - - template: jinja - stenoca: file.directory: - name: /opt/so/conf/steno/certs @@ -127,13 +111,6 @@ stenolog: - group: 941 - makedirs: True -sensoronilog: - file.directory: - - name: /opt/so/log/sensoroni - - user: 939 - - group: 939 - - makedirs: True - so-steno: docker_container.{{ STENOOPTIONS.status }}: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} @@ -170,25 +147,6 @@ so-steno_so-status.disabled: - regex: ^so-steno$ {% endif %} -so-sensoroni: - docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} - - network_mode: host - - binds: - - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw - - /nsm/pcap:/nsm/pcap:rw - - /nsm/import:/nsm/import:rw - - /nsm/pcapout:/nsm/pcapout:rw - - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro - - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw - - watch: - - file: /opt/so/conf/sensoroni/sensoroni.json - -append_so-sensoroni_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-sensoroni - {% else %} pcap_state_not_allowed: diff --git a/salt/pcap/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json similarity index 76% rename from salt/pcap/files/sensoroni.json rename to salt/sensoroni/files/sensoroni.json index 8a9027bd0..f7c1edc25 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,6 +1,7 @@ {%- set URLBASE = salt['pillar.get']('global:url_base') %} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} -{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%} +{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%} +{%- set STENOENABLED = salt['pillar.get']('steno:enabled', False) %} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", @@ -13,11 +14,13 @@ "statickeyauth": { "apiKey": "{{ SENSORONIKEY }}" }, +{%- if STENOENABLED %} "stenoquery": { "executablePath": "/opt/sensoroni/scripts/stenoquery.sh", "pcapInputPath": "/nsm/pcap", "pcapOutputPath": "/nsm/pcapout" } +{%- endif %} } } } diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls new file mode 100644 index 000000000..3268e86fd --- /dev/null +++ b/salt/sensoroni/init.sls @@ -0,0 +1,41 @@ +sensoroniconfdir: + file.directory: + - name: /opt/so/conf/sensoroni + - user: 939 + - group: 939 + - makedirs: True + +sensoroniagentconf: + file.managed: + - name: /opt/so/conf/sensoroni/sensoroni.json + - source: salt://sensoroni/files/sensoroni.json + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + +sensoronilog: + file.directory: + - name: /opt/so/log/sensoroni + - user: 939 + - group: 939 + - makedirs: True + +so-sensoroni: + docker_container.running: + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} + - network_mode: host + - binds: + - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw + - /nsm/pcap:/nsm/pcap:rw + - /nsm/import:/nsm/import:rw + - /nsm/pcapout:/nsm/pcapout:rw + - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro + - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw + - watch: + - file: /opt/so/conf/sensoroni/sensoroni.json + +append_so-sensoroni_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-sensoroni \ No newline at end of file diff --git a/salt/top.sls b/salt/top.sls index bbd2a862d..9d41481fe 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -44,6 +44,7 @@ base: - patch.os.schedule - motd - salt.minion-check + - sensoroni - salt.lasthighstate '*_helix and G@saltversion:{{saltversion}}': diff --git a/setup/so-functions b/setup/so-functions index f13a183f2..4ba639fa5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1166,7 +1166,7 @@ manager_global() { " managerupdate: $MANAGERUPDATES"\ " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ - "pcap:"\ + "sensoroni:"\ " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ @@ -1968,6 +1968,17 @@ set_updates() { fi } +steno_pillar() { + + local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls + + # Create the stenographer pillar + printf '%s\n'\ + "steno:"\ + " enabled: True" >> "$pillar_file" + +} + mark_version() { # Drop a file with the current version echo "$SOVERSION" > /etc/soversion diff --git a/setup/so-setup b/setup/so-setup index 22e429ad4..a064de623 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -511,6 +511,7 @@ fi if [[ $is_sensor || $is_helix || $is_import ]]; then set_progress_str 4 'Generating sensor pillar' sensor_pillar >> $setup_log 2>&1 + steno_pillar >> $setup_log fi set_progress_str 5 'Installing Salt and dependencies' From 4dfd49ef393c97da2211bead39952f4f88d7c921 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Nov 2020 10:11:28 -0500 Subject: [PATCH 030/270] add vars https://github.com/Security-Onion-Solutions/securityonion/issues/2040 --- salt/sensoroni/init.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls index 3268e86fd..a55049c06 100644 --- a/salt/sensoroni/init.sls +++ b/salt/sensoroni/init.sls @@ -1,3 +1,7 @@ +{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} +{% set MANAGER = salt['grains.get']('master') %} + sensoroniconfdir: file.directory: - name: /opt/so/conf/sensoroni From e2ee0db727e68b86113694dafd40c83b398aa56c Mon Sep 17 00:00:00 2001 From: OmerTirosh <74374518+OmerTirosh@users.noreply.github.com> Date: Tue, 24 Nov 2020 17:21:47 +0200 Subject: [PATCH 031/270] Ignore failure for rename processor Ignore failure for winlog.event_data.SubjectUserName rename processor. For some event ids (for example 4688), this field already been added in winlogbeat JS processor. Therefor, elastic throw [user.name] already exists error. --- salt/elasticsearch/files/ingest/win.eventlogs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/files/ingest/win.eventlogs b/salt/elasticsearch/files/ingest/win.eventlogs index f7f9d6bac..3137e6bb5 100644 --- a/salt/elasticsearch/files/ingest/win.eventlogs +++ b/salt/elasticsearch/files/ingest/win.eventlogs @@ -6,7 +6,7 @@ { "set": { "if": "ctx.winlog?.computer_name != null", "field": "observer.name", "value": "{{winlog.computer_name}}", "override": true } }, { "set": { "field": "event.code", "value": "{{winlog.event_id}}", "override": true } }, { "set": { "field": "event.category", "value": "host", "override": true } }, - { "rename": { "field": "winlog.event_data.SubjectUserName", "target_field": "user.name", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.SubjectUserName", "target_field": "user.name", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.User", "target_field": "user.name", "ignore_missing": true } } ] -} \ No newline at end of file +} From e3a41c2a944370725c4baac95e102123d0d2db51 Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 24 Nov 2020 11:20:09 -0500 Subject: [PATCH 032/270] Changes for ES7 elasticsearch.yml --- salt/thehive/etc/es/elasticsearch.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 7f268a671..3465ec7dc 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -4,6 +4,8 @@ discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true +discovery.type: single-node +script.allowed_types: inline transport.bind_host: 0.0.0.0 transport.publish_host: 0.0.0.0 transport.publish_port: 9500 @@ -11,6 +13,5 @@ http.host: 0.0.0.0 http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 -thread_pool.index.queue_size: 100000 thread_pool.search.queue_size: 100000 -thread_pool.bulk.queue_size: 100000 +thread_pool.write.queue_size: 10000 From 995a37743284c8b8f32079ad7f309229a0ff8698 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Nov 2020 11:31:41 -0500 Subject: [PATCH 033/270] squigly comma if steno enabled https://github.com/Security-Onion-Solutions/securityonion/issues/2040 --- salt/sensoroni/files/sensoroni.json | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index f7c1edc25..ee46b5937 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,7 +1,7 @@ -{%- set URLBASE = salt['pillar.get']('global:url_base') %} -{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} -{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%} -{%- set STENOENABLED = salt['pillar.get']('steno:enabled', False) %} +{% set URLBASE = salt['pillar.get']('global:url_base') -%} +{% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} +{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%} +{% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", @@ -13,13 +13,15 @@ "importer": {}, "statickeyauth": { "apiKey": "{{ SENSORONIKEY }}" - }, -{%- if STENOENABLED %} +{%- if STENOENABLED %} + }, "stenoquery": { "executablePath": "/opt/sensoroni/scripts/stenoquery.sh", "pcapInputPath": "/nsm/pcap", "pcapOutputPath": "/nsm/pcapout" } +{%- else %} + } {%- endif %} } } From fe2662cab82e37fbddf7ee887c0433fae0d5e6c5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Nov 2020 11:42:03 -0500 Subject: [PATCH 034/270] dont enable steno pillar on import node https://github.com/Security-Onion-Solutions/securityonion/issues/2040 --- setup/so-setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index a064de623..0dfbef58a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -511,7 +511,9 @@ fi if [[ $is_sensor || $is_helix || $is_import ]]; then set_progress_str 4 'Generating sensor pillar' sensor_pillar >> $setup_log 2>&1 - steno_pillar >> $setup_log + if [[ $is_sensor || $is_helix ]]; then + steno_pillar >> $setup_log + fi fi set_progress_str 5 'Installing Salt and dependencies' From eb2364b926346dcf9cf3018ffc226592226833af Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 24 Nov 2020 11:49:08 -0500 Subject: [PATCH 035/270] Changes for ES7 --- salt/thehive/init.sls | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index e695c237f..c89017dda 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -89,14 +89,6 @@ so-thehive-es: - /opt/so/conf/thehive/etc/es/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/log/thehive:/var/log/elasticsearch:rw - environment: - - http.host=0.0.0.0 - - http.port=9400 - - transport.tcp.port=9500 - - transport.host=0.0.0.0 - - cluster.name=thehive - - thread_pool.index.queue_size=100000 - - thread_pool.search.queue_size=100000 - - thread_pool.bulk.queue_size=100000 - ES_JAVA_OPTS=-Xms512m -Xmx512m - port_bindings: - 0.0.0.0:9400:9400 @@ -164,4 +156,4 @@ thehive_state_not_allowed: test.fail_without_changes: - name: thehive_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From 35653d2e66f63f1dd029e3ee7f2d2f77ebf80d82 Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 24 Nov 2020 11:51:19 -0500 Subject: [PATCH 036/270] Changes for ES7 --- salt/thehive/etc/es/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 3465ec7dc..1f1518299 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -1,4 +1,4 @@ -cluster.name: "thehive" +cluster.name: thehive network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. From 39bf60feb7f26ba8b9e7b484ee80bbb2653c613c Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 24 Nov 2020 11:52:20 -0500 Subject: [PATCH 037/270] Add digit --- salt/thehive/etc/es/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 1f1518299..8abeb2d93 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -14,4 +14,4 @@ http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 thread_pool.search.queue_size: 100000 -thread_pool.write.queue_size: 10000 +thread_pool.write.queue_size: 100000 From ea9bbfd1aa040910fdd11bd46823c76a59d77c81 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Nov 2020 13:53:16 -0500 Subject: [PATCH 038/270] Improve wazuh agent registration with retry logic to wait for manager to become ready --- salt/wazuh/files/agent/wazuh-register-agent | 63 +++++++++++++++------ salt/wazuh/init.sls | 10 ++-- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index da4870e47..895fbd5d1 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -57,32 +57,56 @@ register_agent() { echo "Adding agent:" echo "Executing: curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP -L $PROTOCOL://$API_IP:$API_PORT/agents) - echo "Result: $API_RESULT" - echo -e $API_RESULT | grep -q "\"error\":0" 2>&1 + # Get agent id and key + AGENT_ID=$(echo "$API_RESULT" | jq -er ".data.id") + GOT_ID=$? + AGENT_KEY=$(echo "$API_RESULT" | jq -er ".data.key") + GOT_KEY=$? - if [ "$?" != "0" ]; then - echo -e $API_RESULT | sed -rn 's/.*"message":"(.+)".*/\1/p' + if [[ -z "$AGENT_ID" || -z "$AGENT_KEY" || $GOT_ID -ne 0 || $GOT_KEY -ne 0 ]]; then + echo "Failed Result: $API_RESULT" + return 1 else - # Get agent id and agent key - AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1) - AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1) - echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added." echo "Key for agent '$AGENT_ID' received." # Importing key echo "" echo "Importing authentication key:" - echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY + echo "y" | /var/ossec/bin/manage_agents -i '$AGENT_KEY' # Restarting agent echo "" echo "Restarting:" echo "" /var/ossec/bin/ossec-control restart + return 0 fi } +wait_for_manager() { + echo "Waiting for Wazuh manager to become ready..." + + maxAttempts=$1 + attempts=0 + while [[ $attempts -lt $maxAttempts ]]; do + attempts=$((attempts+1)) + AGENTS_OUTPUT=$(curl -s -u $USER:"$PASSWORD" -k -X GET -L $PROTOCOL://$API_IP:$API_PORT/agents) + MANAGER_STATUS=$(echo "$AGENTS_OUTPUT" | jq -r ".data.items[0].status") + if [ "$MANAGER_STATUS" == "Active" ]; then + echo "Wazuh manager is active, ready to proceed." + return 0 + else + echo "Received non-Active status response: " + echo "$AGENTS_OUTPUT" + echo + echo "Manager is not ready after attempt $attempts of $maxAttempts, sleeping for 30 seconds." + sleep 30 + fi + done + return 1 +} + remove_agent() { echo "Found: $AGENT_ID" echo "Removing previous registration for '$AGENT_NAME' using ID: $AGENT_ID ..." @@ -141,11 +165,18 @@ if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then echo "Agent $AGENT_ID already registered!" exit 0 else - echo "Waiting before registering agent..." - sleep 30s - register_agent - cleanup_creds - echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log - exit 0 + retries=30 + if wait_for_manager $retries; then + if register_agent; then + cleanup_creds + echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log + exit 0 + else + echo "ERROR: Failed to register agent" + fi + else + echo "ERROR: Wazuh manager did not become ready after $retries attempts; unable to proceed with registration" + fi fi -#remove_agent + +exit 1 diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 19afa48d7..d78d7908a 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -71,7 +71,7 @@ wazuhagentconf: wazuhdir: file.directory: - - name: /nsm/wazuh + - name: /nsm/wazuh/etc - user: 945 - group: 945 - makedirs: True @@ -115,6 +115,10 @@ append_so-wazuh_so-status.conf: - name: /opt/so/conf/so-status/so-status.conf - text: so-wazuh +/opt/so/conf/wazuh: + file.symlink: + - target: /nsm/wazuh/etc + # Register the agent registertheagent: cmd.run: @@ -128,10 +132,6 @@ whitelistmanager: - name: /usr/sbin/wazuh-manager-whitelist - cwd: / -/opt/so/conf/wazuh: - file.symlink: - - target: /nsm/wazuh/etc - wazuhagentservice: service.running: - name: wazuh-agent From 8864428a00da668e27e140d5b736a4a99b37be72 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Nov 2020 15:45:40 -0500 Subject: [PATCH 039/270] Ensure setup output is redirected to logfile --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 0dfbef58a..a8e08b7da 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -692,7 +692,7 @@ fi if [[ "$OSQUERY" = 1 ]]; then set_progress_str 75 "$(print_salt_state_apply 'fleet')" - salt-call state.apply fleet.event_enable-fleet # enable fleet in the global pillar + salt-call state.apply fleet.event_enable-fleet >> $setup_log 2>&1 # enable fleet in the global pillar salt-call state.apply -l info fleet >> $setup_log 2>&1 set_progress_str 76 "$(print_salt_state_apply 'redis')" From e1147398cc9c59977217551857c9fb3534b04071 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Nov 2020 15:48:46 -0500 Subject: [PATCH 040/270] Ensure /nsm/wazuh is owned by ossec --- salt/wazuh/init.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index d78d7908a..25f1c0eb8 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -70,6 +70,13 @@ wazuhagentconf: - template: jinja wazuhdir: + file.directory: + - name: /nsm/wazuh + - user: 945 + - group: 945 + - makedirs: True + +wazuhetcdir: file.directory: - name: /nsm/wazuh/etc - user: 945 From d20560385feb092f8d7e1f24a1033dc0db407516 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Nov 2020 16:50:46 -0500 Subject: [PATCH 041/270] Remove /nsm/wazuh/etc subdir state since confirmed the Wazuh docker container itself --- salt/wazuh/init.sls | 7 ------- 1 file changed, 7 deletions(-) diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 25f1c0eb8..99f16cb8a 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -76,13 +76,6 @@ wazuhdir: - group: 945 - makedirs: True -wazuhetcdir: - file.directory: - - name: /nsm/wazuh/etc - - user: 945 - - group: 945 - - makedirs: True - # Wazuh agent registration script wazuhagentregister: file.managed: From 7fb264b4fecacbc1328157f439ecde8833814e2a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 24 Nov 2020 17:17:50 -0500 Subject: [PATCH 042/270] Use double quotes around agent key to ensure interpolation --- salt/wazuh/files/agent/wazuh-register-agent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index 895fbd5d1..ca130ae90 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -73,7 +73,7 @@ register_agent() { # Importing key echo "" echo "Importing authentication key:" - echo "y" | /var/ossec/bin/manage_agents -i '$AGENT_KEY' + echo "y" | /var/ossec/bin/manage_agents -i "$AGENT_KEY" # Restarting agent echo "" From 8f9081618ff9d20dee925ee10ea1d7d12170fe26 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 25 Nov 2020 11:11:46 -0500 Subject: [PATCH 043/270] Add role to sensoroni.json file --- salt/sensoroni/files/sensoroni.json | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index ee46b5937..8d10323af 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -6,6 +6,7 @@ "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", "agent": { + "role": "{{ grains.role }}" "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, "serverUrl": "https://{{ URLBASE }}/sensoroniagents", "verifyCert": false, From 979f171828d234a9c52390ba583a8920e6162f2a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 25 Nov 2020 12:29:45 -0500 Subject: [PATCH 044/270] Add missing comma to sensoroni.json --- salt/sensoroni/files/sensoroni.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index 8d10323af..cc5be34ea 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -6,7 +6,7 @@ "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", "agent": { - "role": "{{ grains.role }}" + "role": "{{ grains.role }}", "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, "serverUrl": "https://{{ URLBASE }}/sensoroniagents", "verifyCert": false, From 38afd67108c2c0ec7894125e1f13f09a67529a4c Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 25 Nov 2020 14:08:30 -0500 Subject: [PATCH 045/270] Fleet standalone fix --- salt/_modules/so.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index e75c90ec8..ff3cf27b2 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -17,7 +17,7 @@ def mysql_conn(retry): log.error(e) return False - mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) + mainint = __salt__['pillar.get']('host:mainint') mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] mysql_up = False From 19b36f04680308646c5fb8c1ceee4f5f182d3116 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 27 Nov 2020 11:43:51 -0500 Subject: [PATCH 046/270] Fleet standalone redirect fix --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index e65979f92..3ba1576a1 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -98,7 +98,7 @@ http { {%- if role == 'fleet' %} server { listen 443 ssl http2; - server_name {{ url_base }}; + server_name {{ main_ip }}; root /opt/socore/html; index index.html; From f52c30bff526b35ac8f2b0353ff12683d2e7966d Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 27 Nov 2020 13:58:41 -0500 Subject: [PATCH 047/270] Fix Fleet setup errors --- setup/so-setup | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index a8e08b7da..d83411b58 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -692,7 +692,6 @@ fi if [[ "$OSQUERY" = 1 ]]; then set_progress_str 75 "$(print_salt_state_apply 'fleet')" - salt-call state.apply fleet.event_enable-fleet >> $setup_log 2>&1 # enable fleet in the global pillar salt-call state.apply -l info fleet >> $setup_log 2>&1 set_progress_str 76 "$(print_salt_state_apply 'redis')" From 65d8005629ae9001eb1e60b35e8829aa5b486483 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 30 Nov 2020 10:32:39 -0500 Subject: [PATCH 048/270] Fleet standalone - fix event --- salt/common/tools/sbin/so-fleet-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup index 21aebc966..b481ceb59 100755 --- a/salt/common/tools/sbin/so-fleet-setup +++ b/salt/common/tools/sbin/so-fleet-setup @@ -28,6 +28,7 @@ docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf # Enable Fleet echo "Enabling Fleet..." +sleep 5 salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log salt-call state.apply nginx queue=True >> /root/fleet-setup.log From 040b43527820b5ecb6b64bb5f969a9d2d2709df5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 30 Nov 2020 11:09:06 -0500 Subject: [PATCH 049/270] [refactor] Fail mysql_conn if the mainint has > 1 ip address --- salt/_modules/so.py | 61 ++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index ff3cf27b2..8657722e2 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -18,34 +18,43 @@ def mysql_conn(retry): return False mainint = __salt__['pillar.get']('host:mainint') - mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] + ip_arr = __salt__['grains.get']('ip_interfaces').get(mainint) mysql_up = False - for i in range(0, retry): - log.debug(f'Connection attempt {i+1}') - try: - db = _mysql.connect( - host=mainip, - user='root', - passwd=__salt__['pillar.get']('secrets:mysql') - ) - log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.') - - db.query("""SELECT 1;""") - log.debug(f'Successfully completed query against MySQL server on {mainip}') - - db.close() - mysql_up = True - break - except _mysql.OperationalError as e: - log.debug(e) - except Exception as e: - log.error('Unexpected error occured.') - log.error(e) - break - sleep(1) - if not mysql_up: - log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + if len(ip_arr) == 1: + mainip = ip_arr[0] + + for i in range(0, retry): + log.debug(f'Connection attempt {i+1}') + try: + db = _mysql.connect( + host=mainip, + user='root', + passwd=__salt__['pillar.get']('secrets:mysql') + ) + log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.') + + db.query("""SELECT 1;""") + log.debug(f'Successfully completed query against MySQL server on {mainip}') + + db.close() + mysql_up = True + break + except _mysql.OperationalError as e: + log.debug(e) + except Exception as e: + log.error('Unexpected error occured.') + log.error(e) + break + sleep(1) + + if not mysql_up: + log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + else: + log.error(f'Main interface {mainint} has more than one IP address assigned to it, which is not supported.') + log.debug(f'{mainint}:') + for addr in ip_arr: + log.debug(f' - {addr}') return mysql_up \ No newline at end of file From ec81e8565fd1dc487577b4db1eb18b3b3e0df5d1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 30 Nov 2020 11:32:28 -0500 Subject: [PATCH 050/270] [fix] Add safety logic to retry var in mysql_conn --- salt/_modules/so.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 8657722e2..fb61f3460 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -25,6 +25,10 @@ def mysql_conn(retry): if len(ip_arr) == 1: mainip = ip_arr[0] + if not(retry >= 1): + log.debug('`retry` set to value below 1, resetting it to 1 to prevent errors.') + retry = 1 + for i in range(0, retry): log.debug(f'Connection attempt {i+1}') try: From 8964444eebecf65c1a35a0c607fbb3024866a218 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 30 Nov 2020 11:32:43 -0500 Subject: [PATCH 051/270] [fix] Correct count print in mysql_conn --- salt/_modules/so.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index fb61f3460..bbbbe4ea8 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -37,7 +37,7 @@ def mysql_conn(retry): user='root', passwd=__salt__['pillar.get']('secrets:mysql') ) - log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.') + log.debug(f'Connected to MySQL server on {mainip} after {i+1} attempts.') db.query("""SELECT 1;""") log.debug(f'Successfully completed query against MySQL server on {mainip}') From 5d2acf40117554eafa58d6d416745568de730a15 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 30 Nov 2020 12:06:02 -0500 Subject: [PATCH 052/270] Fix Fleet setup errors --- salt/fleet/event_enable-fleet.sls | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls index 34b031685..d09749a55 100644 --- a/salt/fleet/event_enable-fleet.sls +++ b/salt/fleet/event_enable-fleet.sls @@ -1,10 +1,4 @@ -{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} -{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} -{% if FLEETNODE or FLEETMANAGER %} - {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} -{% else %} - {% set ENROLLSECRET = '' %} -{% endif %} +{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} {% set MAININT = salt['pillar.get']('host:mainint') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} From 8a8885e14f439579d360e638d1c53130b0c42457 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 30 Nov 2020 16:53:02 -0500 Subject: [PATCH 053/270] [feat] Verify that main ip = mngmt ip * Add a check to check whether the src ip in the routing table is also the ip assigned to the management nic --- setup/so-functions | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 4ba639fa5..e685d6940 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1710,6 +1710,17 @@ set_network_dev_status_list() { set_main_ip() { MAINIP=$(ip route get 1 | awk '{print $7;exit}') + MNIC_IP=$(ip a s "$MNIC" | grep -oE 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d' ' -f) + + if [[ $MAINIP != $MNIC_IP ]]; then + read -r -d '' message <<- EOM + The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). + + This is not a supported configuration, please remediate and rerun setup. + EOM + whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 + exit 1 + fi } # Add /usr/sbin to everyone's path From e7a927188b081e1c3b7ee6faaae5de48171d4e09 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 30 Nov 2020 17:28:11 -0500 Subject: [PATCH 054/270] Fleet Fixes - mysql race condition --- salt/common/tools/sbin/so-fleet-setup | 7 +++---- salt/fleet/event_enable-fleet.sls | 4 +--- salt/fleet/event_update-enroll-secret.sls | 7 +++++++ salt/reactor/fleet.sls | 19 ++++++++++++------- setup/so-setup | 3 +++ 5 files changed, 26 insertions(+), 14 deletions(-) create mode 100644 salt/fleet/event_update-enroll-secret.sls diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup index b481ceb59..3e9fb1d74 100755 --- a/salt/common/tools/sbin/so-fleet-setup +++ b/salt/common/tools/sbin/so-fleet-setup @@ -26,10 +26,9 @@ docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/pac docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf -# Enable Fleet -echo "Enabling Fleet..." -sleep 5 -salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log +# Update the Enroll Secret +echo "Updating the Enroll Secret..." +salt-call state.apply fleet.event_update-enroll-secret queue=True >> /root/fleet-setup.log salt-call state.apply nginx queue=True >> /root/fleet-setup.log # Generate osquery install packages diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls index d09749a55..52a15269c 100644 --- a/salt/fleet/event_enable-fleet.sls +++ b/salt/fleet/event_enable-fleet.sls @@ -1,4 +1,3 @@ -{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} {% set MAININT = salt['pillar.get']('host:mainint') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} @@ -8,5 +7,4 @@ so/fleet: action: 'enablefleet' hostname: {{ grains.host }} mainip: {{ MAINIP }} - role: {{ grains.role }} - enroll-secret: {{ ENROLLSECRET }} \ No newline at end of file + role: {{ grains.role }} \ No newline at end of file diff --git a/salt/fleet/event_update-enroll-secret.sls b/salt/fleet/event_update-enroll-secret.sls new file mode 100644 index 000000000..609020247 --- /dev/null +++ b/salt/fleet/event_update-enroll-secret.sls @@ -0,0 +1,7 @@ +{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} + +so/fleet: + event.send: + - data: + action: 'update-enrollsecret' + enroll-secret: {{ ENROLLSECRET }} \ No newline at end of file diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index a4226b027..bc2131427 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -17,7 +17,6 @@ def run(): if ACTION == 'enablefleet': logging.info('so/fleet enablefleet reactor') - ESECRET = data['data']['enroll-secret'] MAINIP = data['data']['mainip'] ROLE = data['data']['role'] HOSTNAME = data['data']['hostname'] @@ -30,12 +29,6 @@ def run(): line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip()) print(line) - # Update the enroll secret in the secrets pillar - if ESECRET != "": - for line in fileinput.input(SECRETSFILE, inplace=True): - line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip()) - print(line) - # Update the Fleet host in the static pillar for line in fileinput.input(STATICFILE, inplace=True): line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip()) @@ -46,6 +39,18 @@ def run(): line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip()) print(line) + if ACTION == 'update-enrollsecret': + logging.info('so/fleet update-enrollsecret reactor') + + ESECRET = data['data']['enroll-secret'] + + # Update the enroll secret in the secrets pillar + if ESECRET != "": + for line in fileinput.input(SECRETSFILE, inplace=True): + line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip()) + print(line) + + if ACTION == 'genpackages': logging.info('so/fleet genpackages reactor') diff --git a/setup/so-setup b/setup/so-setup index d83411b58..77c579cfc 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -691,6 +691,9 @@ fi if [[ "$OSQUERY" = 1 ]]; then + set_progress_str 75 "$(print_salt_state_apply 'fleet.event_enable-fleet')" + salt-call state.apply -l info fleet.event_enable-fleet >> $setup_log 2>&1 + set_progress_str 75 "$(print_salt_state_apply 'fleet')" salt-call state.apply -l info fleet >> $setup_log 2>&1 From 9517cb2a582cc9897363f35216b8db04bac5f2a5 Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 1 Dec 2020 11:25:51 -0500 Subject: [PATCH 055/270] Remove ScanMmbot --- salt/strelka/files/backend/backend.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/salt/strelka/files/backend/backend.yaml b/salt/strelka/files/backend/backend.yaml index 53c29e3fa..b71e8ac74 100644 --- a/salt/strelka/files/backend/backend.yaml +++ b/salt/strelka/files/backend/backend.yaml @@ -215,14 +215,6 @@ scanners: priority: 5 options: tmp_directory: '/dev/shm/' - 'ScanMmbot': - - positive: - flavors: - - 'vb_file' - - 'vbscript' - priority: 5 - options: - server: 'strelka_mmrpc_1:33907' 'ScanOcr': - positive: flavors: From c2e7e425092ae6b262040dd3fc9c8c2352e04c1f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Dec 2020 15:36:05 -0500 Subject: [PATCH 056/270] [fix] Don't SIGKILL salt services + disable highstate schedule --- setup/so-functions | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4ba639fa5..b3986c826 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1384,8 +1384,13 @@ reinstall_init() { info "Putting system in state to run setup again" { - # Kill any salt processes - pkill -9 -ef /usr/bin/salt + # Disable all scheduled jobs + if command -v salt-call &> /dev/null; then + salt-call schedule.disable + fi + + # Kill any salt processes (safely) + systemctl stop salt-* # Remove all salt configs rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/* From 141d7a35c9f161a20dcd0bd79d93ac6e51a3a9a4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 1 Dec 2020 15:38:09 -0500 Subject: [PATCH 057/270] if true cluster enabled allow search nodes to talk to each other https://github.com/Security-Onion-Solutions/securityonion/issues/2079 --- salt/firewall/assigned_hostgroups.map.yaml | 27 ++++++++++++++++++++++ setup/so-functions | 2 +- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index cb2de370c..30a6117aa 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -1,6 +1,7 @@ {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% import_yaml 'firewall/portgroups.yaml' as portgroups %} {% set portgroups = portgroups.firewall.aliases.ports %} +{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} role: eval: @@ -42,6 +43,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -135,6 +141,12 @@ role: - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} + - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.syslog}} @@ -219,6 +231,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -303,6 +320,11 @@ role: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} + heavy_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.minio }} + - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} @@ -425,6 +447,11 @@ role: elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} + {% if TRUE_CLUSTER %} + search_node: + portgroups: + - {{ portgroups.elasticsearch_node }} + {% endif %} self: portgroups: - {{ portgroups.syslog}} diff --git a/setup/so-functions b/setup/so-functions index 4ba639fa5..3cf268869 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1883,7 +1883,7 @@ set_initial_firewall_policy() { ;; 'HEAVYNODE') ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP" - ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP" + ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost heavy_node "$MAINIP" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" ;; From 81b86bf7f2c04ace34514b7cb656a5b77838481d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 1 Dec 2020 16:04:46 -0500 Subject: [PATCH 058/270] Switch PCAP quick actions to support alternative lookup link when a single event ID is not available --- salt/soc/files/soc/alerts.actions.json | 2 +- salt/soc/files/soc/hunt.actions.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json index b825c0131..e453a84b7 100644 --- a/salt/soc/files/soc/alerts.actions.json +++ b/salt/soc/files/soc/alerts.actions.json @@ -1,6 +1,6 @@ [ { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } ] \ No newline at end of file diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json index b825c0131..e453a84b7 100644 --- a/salt/soc/files/soc/hunt.actions.json +++ b/salt/soc/files/soc/hunt.actions.json @@ -1,6 +1,6 @@ [ { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } ] \ No newline at end of file From b7bc8db3b2228e4dba288217c990507ea54bb518 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 1 Dec 2020 17:37:44 -0500 Subject: [PATCH 059/270] Modify PCAP quick action to work off of network community ID; Add new Correlate quick action --- salt/soc/files/soc/alerts.actions.json | 31 ++++++++++++++++++++++---- salt/soc/files/soc/hunt.actions.json | 31 ++++++++++++++++++++++---- 2 files changed, 54 insertions(+), 8 deletions(-) diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json index e453a84b7..46c4ea68d 100644 --- a/salt/soc/files/soc/alerts.actions.json +++ b/salt/soc/files/soc/alerts.actions.json @@ -1,6 +1,29 @@ [ - { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, - { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", + "links": [ + "/#/hunt?q=\"{value}\" | groupby event.module event.dataset" + ]}, + { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "", + "links": [ + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset" + ]}, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "", + "links": [ + "/joblookup?esid={:soc_id}", + "/joblookup?ncid={:network.community_id}" + ]}, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", + "links": [ + "https://www.google.com/search?q={value}" + ]}, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", + "links": [ + "https://www.virustotal.com/gui/search/{value}" + ]} ] \ No newline at end of file diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json index e453a84b7..46c4ea68d 100644 --- a/salt/soc/files/soc/hunt.actions.json +++ b/salt/soc/files/soc/hunt.actions.json @@ -1,6 +1,29 @@ [ - { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "links": ["/joblookup?esid={:soc_id}", "/joblookup?ncid={:network.community_id}"], "target": "" }, - { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", + "links": [ + "/#/hunt?q=\"{value}\" | groupby event.module event.dataset" + ]}, + { "name": "actionCorrelate", "description": "actionCorrelateHelp", "icon": "fab fa-searchengin", "target": "", + "links": [ + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" OR \"{:network.community_id}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.fuid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:log.id.uid}\" | groupby event.module event.dataset", + "/#/hunt?q=\"{:network.community_id}\" | groupby event.module event.dataset" + ]}, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "target": "", + "links": [ + "/joblookup?esid={:soc_id}", + "/joblookup?ncid={:network.community_id}" + ]}, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", + "links": [ + "https://www.google.com/search?q={value}" + ]}, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", + "links": [ + "https://www.virustotal.com/gui/search/{value}" + ]} ] \ No newline at end of file From 38028a543a92f6e88bba7221c6149b702ea45fb5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Dec 2020 21:18:24 -0500 Subject: [PATCH 060/270] [feat] Add timeout for salt services to stop during reinstall init --- setup/so-functions | 25 ++++++++++++++++++++++++- setup/so-whiptail | 13 +++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index b3986c826..8c06888f6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1382,6 +1382,12 @@ reserve_group_ids() { reinstall_init() { info "Putting system in state to run setup again" + + local salt_services=( + "salt-master" + "salt-minion" + ) + local service_retry_count=20 { # Disable all scheduled jobs @@ -1390,7 +1396,24 @@ reinstall_init() { fi # Kill any salt processes (safely) - systemctl stop salt-* + for service in "${salt_services[@]}"; do + # Stop the service in the background so we can exit after a certain amount of time + systemctl stop "$service" & + local pid=$! + + local count=0 + while ! (check_service_status "$service"); do + if [ count > $service_retry_count ]; then + echo "Could not stop $service after 1 minute, exiting setup." + + # Stop the systemctl process trying to kill the service, show user a message, then exit setup + kill -9 $pid + whiptail_service_stop_failed "$service" + fi + sleep 5 + ((count++)) + done + done # Remove all salt configs rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/* diff --git a/setup/so-whiptail b/setup/so-whiptail index 11d968910..a41e61f94 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1175,6 +1175,19 @@ whiptail_sensor_config() { } +whiptail_service_stop_failed() { + local service=$1 + + read -r -d '' message <<- EOM + The ${service} service could not be stopped. Please stop it manually and then re-run setup. + + Press ENTER to exit the installer. + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 + exit 1 +} + whiptail_set_hostname() { [ -n "$TESTING" ] && return From 2d6feea5c5ff696b50bb6f03862ddcd40c96bb26 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Dec 2020 21:21:32 -0500 Subject: [PATCH 061/270] [fix] Syntax fixes --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 8c06888f6..863b09a18 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1403,7 +1403,7 @@ reinstall_init() { local count=0 while ! (check_service_status "$service"); do - if [ count > $service_retry_count ]; then + if [[ $count > $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." # Stop the systemctl process trying to kill the service, show user a message, then exit setup From 4b5b936abb6f311303fcb956d0eb9e87662a3921 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Dec 2020 21:40:41 -0500 Subject: [PATCH 062/270] [fix] echo -> return --- setup/so-functions | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 863b09a18..d4acd8a75 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -251,19 +251,19 @@ check_pass_match() { fi } +# False if stopped, true if running check_service_status() { local service_name=$1 echo "Checking service $service_name status" >> "$setup_log" 2>&1 systemctl status $service_name > /dev/null 2>&1 local status=$? - #true if there is an issue with the service false if it is running properly if [ $status -gt 0 ]; then echo "$service_name is not running" >> "$setup_log" 2>&1 - echo 1; + return 1; else echo "$service_name is running" >> "$setup_log" 2>&1 - echo 0; + return 0; fi } @@ -1402,7 +1402,7 @@ reinstall_init() { local pid=$! local count=0 - while ! (check_service_status "$service"); do + while check_service_status "$service"; do if [[ $count > $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." @@ -1639,7 +1639,7 @@ salt_checkin() { echo "Stopping service $service" >> "$setup_log" 2>&1 systemctl stop "$service" >> "$setup_log" 2>&1 LOOP_COUNT=0 - while ! (( $(check_service_status $service) )); do + while check_service_status "$service"; do echo "$service still running" >> "$setup_log" 2>&1 if [ $LOOP_COUNT -gt 60 ]; then echo "$service could not be stopped in 60 seconds, exiting" >> "$setup_log" 2>&1 @@ -1656,7 +1656,7 @@ salt_checkin() { echo "Starting service $service" >> "$setup_log" 2>&1 systemctl start "$service" >> "$setup_log" 2>&1 LOOP_COUNT=0 - while (( $(check_service_status $service) )); do + while ! (check_service_status "$service"); do echo "$service still not running" >> "$setup_log" 2>&1 if [ $LOOP_COUNT -gt 60 ]; then echo "$service could not be started in 60 seconds, exiting" >> "$setup_log" 2>&1 From 2d4fe5829913481b3f0f39cae74f0e0f7d17b0bd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 1 Dec 2020 21:43:38 -0500 Subject: [PATCH 063/270] [fix] Also kill currently running jobs --- setup/so-functions | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d4acd8a75..a54153077 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1390,9 +1390,12 @@ reinstall_init() { local service_retry_count=20 { - # Disable all scheduled jobs if command -v salt-call &> /dev/null; then - salt-call schedule.disable + # Disable scheduled jobs so highstate doesn't start running during the install + salt-call -l info schedule.disable + + # Kill any currently running salt jobs, also to prevent issues with highstate. + salt-call -l info saltutil.kill_all_jobs fi # Kill any salt processes (safely) From c819729cd65b2da9ae7e0dfa84ae2c4ad100e2c5 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 2 Dec 2020 13:17:19 -0500 Subject: [PATCH 064/270] Don't use max_files or time_to_live for shutdown params --- salt/strelka/files/backend/backend.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/strelka/files/backend/backend.yaml b/salt/strelka/files/backend/backend.yaml index b71e8ac74..db6ce0560 100644 --- a/salt/strelka/files/backend/backend.yaml +++ b/salt/strelka/files/backend/backend.yaml @@ -6,8 +6,8 @@ {%- endif -%} logging_cfg: '/etc/strelka/logging.yaml' limits: - max_files: 5000 - time_to_live: 900 + max_files: 0 + time_to_live: 0 max_depth: 15 distribution: 600 scanner: 150 From 467f9923b07f3ee6e3a2008f673e10f0a3b40726 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 13:19:34 -0500 Subject: [PATCH 065/270] [refactor] Add trap to handle script exits, change what files are deleted in /etc/salt/ --- setup/so-functions | 78 ++++++++++++++++++---------------------------- setup/so-setup | 14 ++++++++- setup/so-whiptail | 13 -------- 3 files changed, 44 insertions(+), 61 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a54153077..9cf01d74c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -273,12 +273,11 @@ check_salt_master_status() { salt-call saltutil.kill_all_jobs > /dev/null 2>&1 salt-call state.show_top > /dev/null 2>&1 local status=$? - #true if there is an issue talking to salt master if [ $status -gt 0 ]; then - echo 1; + return 1; else echo "Can talk to salt master" >> "$setup_log" 2>&1 - echo 0; + return 0; fi } @@ -287,12 +286,11 @@ check_salt_minion_status() { echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 salt "$MINION_ID" test.ping >> "$setup_log" 2>&1 local status=$? - #true if there is an issue getting a job response from the minion if [ $status -gt 0 ]; then - echo 1; + return 1; else echo "Received job response from salt minion" >> "$setup_log" 2>&1 - echo 0; + return 0; fi } @@ -1391,7 +1389,7 @@ reinstall_init() { { if command -v salt-call &> /dev/null; then - # Disable scheduled jobs so highstate doesn't start running during the install + # Disable schedule so highstate doesn't start running during the install salt-call -l info schedule.disable # Kill any currently running salt jobs, also to prevent issues with highstate. @@ -1406,12 +1404,12 @@ reinstall_init() { local count=0 while check_service_status "$service"; do - if [[ $count > $service_retry_count ]]; then + if [[ $count -gt $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." # Stop the systemctl process trying to kill the service, show user a message, then exit setup kill -9 $pid - whiptail_service_stop_failed "$service" + kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 5 ((count++)) @@ -1419,7 +1417,7 @@ reinstall_init() { done # Remove all salt configs - rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/* + rm -rf /etc/salt/grains /etc/salt/minion /etc/salt/pki/* if command -v docker &> /dev/null; then # Stop and remove all so-* containers so files can be changed with more safety @@ -1440,7 +1438,7 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - } >> $setup_log 2>&1 + } >> "$setup_log" 2>&1 } backup_dir() { @@ -1637,61 +1635,47 @@ salt_checkin() { "salt-master" \ "salt-minion" ) - local LOOP_COUNT=0 - for service in "${SALT_SERVICES[@]}"; do - echo "Stopping service $service" >> "$setup_log" 2>&1 - systemctl stop "$service" >> "$setup_log" 2>&1 - LOOP_COUNT=0 - while check_service_status "$service"; do - echo "$service still running" >> "$setup_log" 2>&1 - if [ $LOOP_COUNT -gt 60 ]; then - echo "$service could not be stopped in 60 seconds, exiting" >> "$setup_log" 2>&1 - exit 1 - fi - sleep 1; - ((LOOP_COUNT+=1)) - done - done - - sleep 5; + local count=0 for service in "${SALT_SERVICES[@]}"; do - echo "Starting service $service" >> "$setup_log" 2>&1 - systemctl start "$service" >> "$setup_log" 2>&1 - LOOP_COUNT=0 + { + echo "Restarting service $service" + systemctl restart "$service" & + local pid=$! + } >> "$setup_log" 2>&1 + + count=0 while ! (check_service_status "$service"); do echo "$service still not running" >> "$setup_log" 2>&1 - if [ $LOOP_COUNT -gt 60 ]; then - echo "$service could not be started in 60 seconds, exiting" >> "$setup_log" 2>&1 - exit 1 + if [ $count -gt 120 ]; then + echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 + kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; - ((LOOP_COUNT+=1)) + ((count++)) done done - sleep 5; - - LOOP_COUNT=0 - while (( $(check_salt_master_status) )); do + count=0 + while ! (check_salt_master_status); do echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 - if [ $LOOP_COUNT -gt 30 ]; then + if [ $count -gt 30 ]; then echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 - exit 1 + kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; - ((LOOP_COUNT+=1)) + ((count++)) done - LOOP_COUNT=0 - while (( $(check_salt_minion_status) )); do + count=0 + while ! (check_salt_minion_status); do echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 - if [ $LOOP_COUNT -gt 30 ]; then + if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 - exit 1 + kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; - ((LOOP_COUNT+=1)) + ((count++)) done echo " Confirming existence of the CA certificate" diff --git a/setup/so-setup b/setup/so-setup index 77c579cfc..2a6b4e925 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -483,6 +483,18 @@ if [[ $is_minion || $is_import ]]; then [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 fi + +# Exit parent script if +trap 'catch $? $LINENO' SIGSOKILL + +catch() { + if [ "$1" != 0 ]; then + info "Fatal error occurred at $2 in so-setup, failing setup." + whiptail_setup_failed + exit + fi +} + # Begin install { # Set initial percentage to 0 @@ -583,7 +595,7 @@ fi if [[ $is_minion ]]; then set_progress_str 22 'Checking if the Salt Minion needs to be updated' - salt-call state.apply salt.minion -l info >> $setup_log 2>&1 + salt-call state.apply -l info salt.minion >> $setup_log 2>&1 fi set_progress_str 23 'Generating CA and checking in' diff --git a/setup/so-whiptail b/setup/so-whiptail index a41e61f94..11d968910 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1175,19 +1175,6 @@ whiptail_sensor_config() { } -whiptail_service_stop_failed() { - local service=$1 - - read -r -d '' message <<- EOM - The ${service} service could not be stopped. Please stop it manually and then re-run setup. - - Press ENTER to exit the installer. - EOM - - whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 - exit 1 -} - whiptail_set_hostname() { [ -n "$TESTING" ] && return From 8fe43d6d5642116e03f77308e4dedee4e41bdc61 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 13:35:57 -0500 Subject: [PATCH 066/270] [fix] Print WARNING instead of ERROR if minion is not responding initially --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 9cf01d74c..98fd50bf3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -284,7 +284,7 @@ check_salt_master_status() { check_salt_minion_status() { echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 - salt "$MINION_ID" test.ping >> "$setup_log" 2>&1 + salt "$MINION_ID" test.ping | sed 's/ERROR/WARNING/' >> "$setup_log" 2>&1 local status=$? if [ $status -gt 0 ]; then return 1; From cc5d54764a05493eb250bddfbe27e8acba942386 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 13:54:02 -0500 Subject: [PATCH 067/270] [fix] sed masks command return code, remove --- setup/so-functions | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 98fd50bf3..4772f3707 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -274,9 +274,10 @@ check_salt_master_status() { salt-call state.show_top > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then + echo " Could not talk to salt master" >> "$setup_log" 2>&1 return 1; else - echo "Can talk to salt master" >> "$setup_log" 2>&1 + echo " Can talk to salt master" >> "$setup_log" 2>&1 return 0; fi @@ -284,15 +285,15 @@ check_salt_master_status() { check_salt_minion_status() { echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 - salt "$MINION_ID" test.ping | sed 's/ERROR/WARNING/' >> "$setup_log" 2>&1 + salt "$MINION_ID" test.ping > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then + echo " Minion did not respond" >> "$setup_log" 2>&1 return 1; else - echo "Received job response from salt minion" >> "$setup_log" 2>&1 + echo " Received job response from salt minion" >> "$setup_log" 2>&1 return 0; fi - } check_soremote_pass() { From fc7fe235905a6346d921095e460d43797e27e7c7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 14:06:50 -0500 Subject: [PATCH 068/270] [fix] Correct signal naming --- setup/so-functions | 8 ++++---- setup/so-setup | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4772f3707..6aa30f89c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1410,7 +1410,7 @@ reinstall_init() { # Stop the systemctl process trying to kill the service, show user a message, then exit setup kill -9 $pid - kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 5 ((count++)) @@ -1650,7 +1650,7 @@ salt_checkin() { echo "$service still not running" >> "$setup_log" 2>&1 if [ $count -gt 120 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 - kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; ((count++)) @@ -1662,7 +1662,7 @@ salt_checkin() { echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; ((count++)) @@ -1673,7 +1673,7 @@ salt_checkin() { echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGSOKILL "$(ps --pid $$ -oppid=)"; exit 1 + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 1; ((count++)) diff --git a/setup/so-setup b/setup/so-setup index 2a6b4e925..79ba916a9 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -485,7 +485,7 @@ fi # Exit parent script if -trap 'catch $? $LINENO' SIGSOKILL +trap 'catch $? $LINENO' SIGUSR1 catch() { if [ "$1" != 0 ]; then From d004263b71179c323b95421734b7b71fbc24e5db Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 14:33:22 -0500 Subject: [PATCH 069/270] Add Elastic Clustering --- pillar/top.sls | 1 + salt/elasticsearch/files/elasticsearch.yml | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pillar/top.sls b/pillar/top.sls index 77db6fe60..627fed80b 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -82,6 +82,7 @@ base: - elasticsearch.search - global - minions.{{ grains.id }} + - data.nodestab '*_import': - zeeklogs diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b5d0b0293..a7a6ad34a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -43,6 +43,14 @@ node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} -node.roles: [ master ] + {%- if salt['pillar.get']('nodestab', {}) %} +node.roles: [ master, remote_cluster_client ] + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] {%- endif %} +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} {%- endif %} From 3e322c38eb4559e8f3ccf34f321e47175c4d00ad Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 15:33:35 -0500 Subject: [PATCH 070/270] Fix config for single cluster mode --- salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index a7a6ad34a..b4ea86d5a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,8 +1,12 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip') %} {%- set FEATURES = salt['pillar.get']('elastic:features', False) %} {%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{%- if TRUECLUSTER is sameas true %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name') %} +{%- else %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %} +{%- endif %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -45,12 +49,16 @@ script.max_compilations_rate: 1000/1m {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} node.roles: [ master, remote_cluster_client ] - {%- endif %} - {%- else %} -node.roles: [ data, ingest, ml ] - {%- endif %} discovery.seed_hosts: - {{ grains.master }} cluster.initial_master_nodes: - {{ grains.master }} + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} + {%- endif %} {%- endif %} From cf0ec2f78f717056daf6573778a5ce726e24b83b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 2 Dec 2020 16:38:33 -0500 Subject: [PATCH 071/270] Default to the node's primary IP for the description field --- salt/sensoroni/files/sensoroni.json | 4 +++- setup/so-functions | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index cc5be34ea..b9275239a 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,12 +1,14 @@ {% set URLBASE = salt['pillar.get']('global:url_base') -%} +{% set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') -%} {% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} -{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%} +{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%} {% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", "agent": { "role": "{{ grains.role }}", + "description": "{{ DESCRIPTION }}", "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, "serverUrl": "https://{{ URLBASE }}/sensoroniagents", "verifyCert": false, diff --git a/setup/so-functions b/setup/so-functions index 3cf268869..816834fb8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1104,10 +1104,10 @@ manager_pillar() { manager_global() { local global_pillar="$local_salt_dir/pillar/global.sls" - if [ -z "$SENSOR_CHECKIN_INTERVAL_MS" ]; then - SENSOR_CHECKIN_INTERVAL_MS=10000 + if [ -z "$NODE_CHECKIN_INTERVAL_MS" ]; then + NODE_CHECKIN_INTERVAL_MS=10000 if [ "$install_type" = 'EVAL' ] || [ "$install_type" = 'STANDALONE' ] || [ "$install_type" = 'IMPORT' ]; then - SENSOR_CHECKIN_INTERVAL_MS=1000 + NODE_CHECKIN_INTERVAL_MS=1000 fi fi @@ -1167,7 +1167,8 @@ manager_global() { " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ "sensoroni:"\ - " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ + " node_description: '$MAINIP'"\ + " node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ " rules: 1"\ From 9c919f3c925b0fb878e8b245743d18cd7fb70228 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 17:07:49 -0500 Subject: [PATCH 072/270] [reafactor] systemctl stop -> kill --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 6aa30f89c..4103f0988 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1400,7 +1400,7 @@ reinstall_init() { # Kill any salt processes (safely) for service in "${salt_services[@]}"; do # Stop the service in the background so we can exit after a certain amount of time - systemctl stop "$service" & + systemctl kill "$service" & local pid=$! local count=0 From f96365baba9c62cb66de67f3e291790e80340359 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 3 Dec 2020 14:17:32 +0000 Subject: [PATCH 073/270] Add intial grouped Elastic start/stop/restart scripts --- salt/common/tools/sbin/so-elastic-restart | 43 +++++++++++++++++++++++ salt/common/tools/sbin/so-elastic-start | 43 +++++++++++++++++++++++ salt/common/tools/sbin/so-elastic-stop | 43 +++++++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 salt/common/tools/sbin/so-elastic-restart create mode 100644 salt/common/tools/sbin/so-elastic-start create mode 100644 salt/common/tools/sbin/so-elastic-stop diff --git a/salt/common/tools/sbin/so-elastic-restart b/salt/common/tools/sbin/so-elastic-restart new file mode 100644 index 000000000..0e3c5937d --- /dev/null +++ b/salt/common/tools/sbin/so-elastic-restart @@ -0,0 +1,43 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-import']%} +/usr/sbin/so-restart elasticsearch $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-restart kibana $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-restart logstash $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-sensor']%} +/usr/sbin/so-restart filebeat $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-restart curator $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-restart elastalert $1 +{%- endif %} diff --git a/salt/common/tools/sbin/so-elastic-start b/salt/common/tools/sbin/so-elastic-start new file mode 100644 index 000000000..51657ff54 --- /dev/null +++ b/salt/common/tools/sbin/so-elastic-start @@ -0,0 +1,43 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-import']%} +/usr/sbin/so-start elasticsearch $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-start kibana $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-start logstash $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-sensor']%} +/usr/sbin/so-start filebeat $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-start curator $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-start elastalert $1 +{%- endif %} diff --git a/salt/common/tools/sbin/so-elastic-stop b/salt/common/tools/sbin/so-elastic-stop new file mode 100644 index 000000000..2f6c46082 --- /dev/null +++ b/salt/common/tools/sbin/so-elastic-stop @@ -0,0 +1,43 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-import']%} +/usr/sbin/so-stop elasticsearch $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-stop kibana $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-stop logstash $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node', 'so-sensor']%} +/usr/sbin/so-stop filebeat $1 +{%- endif %} + +{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-node']%} +/usr/sbin/so-stop curator $1 +{%- endif %} + +{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-stop elastalert $1 +{%- endif %} From 4ce3ec75826ed8b47c7faa498878031cc6749402 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 3 Dec 2020 14:18:22 +0000 Subject: [PATCH 074/270] Make scripts executable --- salt/common/tools/sbin/so-elastic-restart | 0 salt/common/tools/sbin/so-elastic-start | 0 salt/common/tools/sbin/so-elastic-stop | 0 salt/common/tools/sbin/so-salt-minion-check | 0 4 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 salt/common/tools/sbin/so-elastic-restart mode change 100644 => 100755 salt/common/tools/sbin/so-elastic-start mode change 100644 => 100755 salt/common/tools/sbin/so-elastic-stop mode change 100644 => 100755 salt/common/tools/sbin/so-salt-minion-check diff --git a/salt/common/tools/sbin/so-elastic-restart b/salt/common/tools/sbin/so-elastic-restart old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elastic-start b/salt/common/tools/sbin/so-elastic-start old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elastic-stop b/salt/common/tools/sbin/so-elastic-stop old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check old mode 100644 new mode 100755 From 95570976a81d9bd0ddeb2d8d33e0431c4adbd8e6 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 3 Dec 2020 09:29:44 -0500 Subject: [PATCH 075/270] Add indices.query.bool.max_clause_count to allow for wildcard searches targeting more than 1024 fields --- salt/elasticsearch/files/elasticsearch.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index acad465d1..18d1c9c81 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -44,3 +44,4 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ ESCLUSTERNAME }} script.max_compilations_rate: 1000/1m +indices.query.bool.max_clause_count: 1500 From 786665d8cf5b624384b4095037b24cbd22ee77f1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 10:18:44 -0500 Subject: [PATCH 076/270] [fix] Correct logic for service check + bash trap --- setup/so-functions | 2 +- setup/so-setup | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4103f0988..76e579765 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1404,7 +1404,7 @@ reinstall_init() { local pid=$! local count=0 - while check_service_status "$service"; do + while ! (check_service_status "$service"); do if [[ $count -gt $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." diff --git a/setup/so-setup b/setup/so-setup index 79ba916a9..924bdf307 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -485,14 +485,12 @@ fi # Exit parent script if -trap 'catch $? $LINENO' SIGUSR1 +trap 'catch $LINENO' SIGUSR1 catch() { - if [ "$1" != 0 ]; then - info "Fatal error occurred at $2 in so-setup, failing setup." - whiptail_setup_failed - exit - fi + info "Fatal error occurred at $2 in so-setup, failing setup." + whiptail_setup_failed + exit } # Begin install From f410c451cd35162ed3948ad66e11ab6d0f8fcd53 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 10:31:45 -0500 Subject: [PATCH 077/270] [fix] kill -> stop, add indent to service check, revert incorrect logic --- setup/so-functions | 8 ++++---- setup/so-setup | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 76e579765..767ca6288 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -259,10 +259,10 @@ check_service_status() { systemctl status $service_name > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then - echo "$service_name is not running" >> "$setup_log" 2>&1 + echo " $service_name is not running" >> "$setup_log" 2>&1 return 1; else - echo "$service_name is running" >> "$setup_log" 2>&1 + echo " $service_name is running" >> "$setup_log" 2>&1 return 0; fi @@ -1400,11 +1400,11 @@ reinstall_init() { # Kill any salt processes (safely) for service in "${salt_services[@]}"; do # Stop the service in the background so we can exit after a certain amount of time - systemctl kill "$service" & + systemctl stop "$service" & local pid=$! local count=0 - while ! (check_service_status "$service"); do + while check_service_status "$service"; do if [[ $count -gt $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." diff --git a/setup/so-setup b/setup/so-setup index 924bdf307..3bec2bb87 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -499,11 +499,11 @@ catch() { export percentage=0 set_path - if [[ $is_manager && $is_airgap ]]; then - info "Creating airgap repo" - create_repo >> $setup_log 2>&1 + if [[ $is_manager && $is_airgap ]]; then + info "Creating airgap repo" + create_repo >> $setup_log 2>&1 airgap_rules >> $setup_log 2>&1 - fi + fi if [[ $is_minion ]]; then set_progress_str 1 'Configuring firewall' From 94253e92a65e4b130f55a362115ea3ca2009de66 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Dec 2020 10:38:18 -0500 Subject: [PATCH 078/270] Adjust the elasticsearch config --- salt/elasticsearch/files/elasticsearch.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b4ea86d5a..1d3afb49a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -13,7 +13,7 @@ network.host: 0.0.0.0 # minimum_master_nodes need to be explicitly set when bound on a public IP # set to 1 to allow single node clusters # Details: https://github.com/elastic/elasticsearch/pull/17288 -discovery.zen.minimum_master_nodes: 1 +#discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true @@ -38,9 +38,9 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.http.ssl.client_authentication: none #xpack.security.authc: # anonymous: -# username: anonymous_user -# roles: superuser -# authz_exception: true +# username: anonymous_user +# roles: superuser +# authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} @@ -48,17 +48,16 @@ script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} -node.roles: [ master, remote_cluster_client ] +node.roles: [ master, data, remote_cluster_client ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }} + {%- endfor %} {%- endif %} {%- else %} node.roles: [ data, ingest, ml ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} {%- endif %} -{%- endif %} +{%- endif %} \ No newline at end of file From 967111decc4b59fda561620fb7c6a2cafbed693c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 3 Dec 2020 11:24:38 -0500 Subject: [PATCH 079/270] Add node address to sensoroni pillar --- salt/sensoroni/files/sensoroni.json | 2 ++ setup/so-functions | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index b9275239a..55b928ef0 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,5 +1,6 @@ {% set URLBASE = salt['pillar.get']('global:url_base') -%} {% set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') -%} +{% set ADDRESS = salt['pillar.get']('sensoroni:node_address') -%} {% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} {% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%} {% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%} @@ -9,6 +10,7 @@ "agent": { "role": "{{ grains.role }}", "description": "{{ DESCRIPTION }}", + "address": "{{ ADDRESS }}", "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, "serverUrl": "https://{{ URLBASE }}/sensoroniagents", "verifyCert": false, diff --git a/setup/so-functions b/setup/so-functions index 816834fb8..4821605f7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1167,7 +1167,8 @@ manager_global() { " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ "sensoroni:"\ - " node_description: '$MAINIP'"\ + " node_address: '$MAINIP'"\ + " node_description: '$NODE_DESCRIPTION'"\ " node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ From ddcf5dec5bdef24ad43184a9517eddf3f46b0d58 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 13:59:25 -0500 Subject: [PATCH 080/270] [refactor] Run all changes inside whiptail progress, use grep -q --- setup/so-functions | 4 +- setup/so-setup | 117 +++++++++++++++++++++++---------------------- 2 files changed, 62 insertions(+), 59 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 767ca6288..8c23441ed 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -766,12 +766,12 @@ detect_os() { disable_auto_start() { - if crontab -l -u $INSTALLUSERNAME 2>&1 | grep so-setup > /dev/null 2>&1; then + if crontab -l -u $INSTALLUSERNAME 2>&1 | grep -q so-setup; then # Remove the automated setup script from crontab, if it exists logCmd "crontab -u $INSTALLUSERNAME -r" fi - if grep so-setup /home/$INSTALLUSERNAME/.bash_profile > /dev/null 2>&1; then + if grep -q so-setup /home/$INSTALLUSERNAME/.bash_profile; then # Truncate last line of the bash profile info "Removing auto-run of setup from bash profile" sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index 3bec2bb87..73363959c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -428,63 +428,7 @@ whiptail_make_changes # From here on changes will be made. echo "1" > /root/accept_changes -if [[ $is_reinstall ]]; then - reinstall_init -fi - -if [[ -n "$TURBO" ]]; then - use_turbo_proxy -fi - -if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works - set_hostname - set_management_interface -fi - -disable_ipv6 -disable_auto_start - -if [[ "$setup_type" != 'iso' ]]; then - set_hostname -fi - -if [[ $is_minion ]]; then - add_mngr_ip_to_hosts -fi - -{ - mark_version; - clear_manager; -} >> $setup_log 2>&1 - - -if [[ $is_manager || $is_import ]]; then - { - generate_passwords; - secrets_pillar; - add_socore_user_manager; - } >> $setup_log 2>&1 -fi - -if [[ $is_manager && ! $is_eval ]]; then - add_soremote_user_manager >> $setup_log 2>&1 -fi - -{ - set_main_ip; - set_redirect; -} >> $setup_log 2>&1 - -host_pillar >> $setup_log 2>&1 - -if [[ $is_minion || $is_import ]]; then - set_updates >> $setup_log 2>&1 - [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 -fi - - -# Exit parent script if +# Set up handler for setup to exit early (use `kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1` in child scripts) trap 'catch $LINENO' SIGUSR1 catch() { @@ -497,8 +441,67 @@ catch() { { # Set initial percentage to 0 export percentage=0 + + # Show initial progress message + set_progress_str 0 'Running initial configuration steps' + set_path + if [[ $is_reinstall ]]; then + reinstall_init + fi + + if [[ -n "$TURBO" ]]; then + use_turbo_proxy + fi + + if [[ "$setup_type" == 'iso' ]]; then + # Init networking so rest of install works + set_hostname >> $setup_log 2>&1 + set_management_interface + fi + + disable_ipv6 + disable_auto_start + + if [[ "$setup_type" != 'iso' ]]; then + set_hostname >> $setup_log 2>&1 + fi + + if [[ $is_minion ]]; then + add_mngr_ip_to_hosts + fi + + { + mark_version; + clear_manager; + } >> $setup_log 2>&1 + + + if [[ $is_manager || $is_import ]]; then + { + generate_passwords; + secrets_pillar; + add_socore_user_manager; + } >> $setup_log 2>&1 + fi + + if [[ $is_manager && ! $is_eval ]]; then + add_soremote_user_manager >> $setup_log 2>&1 + fi + + { + set_main_ip; + set_redirect; + } >> $setup_log 2>&1 + + host_pillar >> $setup_log 2>&1 + + if [[ $is_minion || $is_import ]]; then + set_updates >> $setup_log 2>&1 + [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + fi + if [[ $is_manager && $is_airgap ]]; then info "Creating airgap repo" create_repo >> $setup_log 2>&1 From af8295a65130894f1b8984c3097864548ffb7c87 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 2 Dec 2020 17:07:49 -0500 Subject: [PATCH 081/270] [reafactor] systemctl stop -> kill --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 6aa30f89c..4103f0988 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1400,7 +1400,7 @@ reinstall_init() { # Kill any salt processes (safely) for service in "${salt_services[@]}"; do # Stop the service in the background so we can exit after a certain amount of time - systemctl stop "$service" & + systemctl kill "$service" & local pid=$! local count=0 From 76fff28dfa5a85f217435e7cec3018e1915b9876 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 10:18:44 -0500 Subject: [PATCH 082/270] [fix] Correct logic for service check + bash trap --- setup/so-functions | 2 +- setup/so-setup | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4103f0988..76e579765 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1404,7 +1404,7 @@ reinstall_init() { local pid=$! local count=0 - while check_service_status "$service"; do + while ! (check_service_status "$service"); do if [[ $count -gt $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." diff --git a/setup/so-setup b/setup/so-setup index 79ba916a9..924bdf307 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -485,14 +485,12 @@ fi # Exit parent script if -trap 'catch $? $LINENO' SIGUSR1 +trap 'catch $LINENO' SIGUSR1 catch() { - if [ "$1" != 0 ]; then - info "Fatal error occurred at $2 in so-setup, failing setup." - whiptail_setup_failed - exit - fi + info "Fatal error occurred at $2 in so-setup, failing setup." + whiptail_setup_failed + exit } # Begin install From 2c208ec943a8fc45f912731076009c99bf19503a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 10:31:45 -0500 Subject: [PATCH 083/270] [fix] kill -> stop, add indent to service check, revert incorrect logic --- setup/so-functions | 8 ++++---- setup/so-setup | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 76e579765..767ca6288 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -259,10 +259,10 @@ check_service_status() { systemctl status $service_name > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then - echo "$service_name is not running" >> "$setup_log" 2>&1 + echo " $service_name is not running" >> "$setup_log" 2>&1 return 1; else - echo "$service_name is running" >> "$setup_log" 2>&1 + echo " $service_name is running" >> "$setup_log" 2>&1 return 0; fi @@ -1400,11 +1400,11 @@ reinstall_init() { # Kill any salt processes (safely) for service in "${salt_services[@]}"; do # Stop the service in the background so we can exit after a certain amount of time - systemctl kill "$service" & + systemctl stop "$service" & local pid=$! local count=0 - while ! (check_service_status "$service"); do + while check_service_status "$service"; do if [[ $count -gt $service_retry_count ]]; then echo "Could not stop $service after 1 minute, exiting setup." diff --git a/setup/so-setup b/setup/so-setup index 924bdf307..3bec2bb87 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -499,11 +499,11 @@ catch() { export percentage=0 set_path - if [[ $is_manager && $is_airgap ]]; then - info "Creating airgap repo" - create_repo >> $setup_log 2>&1 + if [[ $is_manager && $is_airgap ]]; then + info "Creating airgap repo" + create_repo >> $setup_log 2>&1 airgap_rules >> $setup_log 2>&1 - fi + fi if [[ $is_minion ]]; then set_progress_str 1 'Configuring firewall' From 80ce8b5e41c6573bde3de15ef636ecc8f26c1d81 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 13:59:25 -0500 Subject: [PATCH 084/270] [refactor] Run all changes inside whiptail progress, use grep -q --- setup/so-functions | 4 +- setup/so-setup | 117 +++++++++++++++++++++++---------------------- 2 files changed, 62 insertions(+), 59 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 767ca6288..8c23441ed 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -766,12 +766,12 @@ detect_os() { disable_auto_start() { - if crontab -l -u $INSTALLUSERNAME 2>&1 | grep so-setup > /dev/null 2>&1; then + if crontab -l -u $INSTALLUSERNAME 2>&1 | grep -q so-setup; then # Remove the automated setup script from crontab, if it exists logCmd "crontab -u $INSTALLUSERNAME -r" fi - if grep so-setup /home/$INSTALLUSERNAME/.bash_profile > /dev/null 2>&1; then + if grep -q so-setup /home/$INSTALLUSERNAME/.bash_profile; then # Truncate last line of the bash profile info "Removing auto-run of setup from bash profile" sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index 3bec2bb87..73363959c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -428,63 +428,7 @@ whiptail_make_changes # From here on changes will be made. echo "1" > /root/accept_changes -if [[ $is_reinstall ]]; then - reinstall_init -fi - -if [[ -n "$TURBO" ]]; then - use_turbo_proxy -fi - -if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works - set_hostname - set_management_interface -fi - -disable_ipv6 -disable_auto_start - -if [[ "$setup_type" != 'iso' ]]; then - set_hostname -fi - -if [[ $is_minion ]]; then - add_mngr_ip_to_hosts -fi - -{ - mark_version; - clear_manager; -} >> $setup_log 2>&1 - - -if [[ $is_manager || $is_import ]]; then - { - generate_passwords; - secrets_pillar; - add_socore_user_manager; - } >> $setup_log 2>&1 -fi - -if [[ $is_manager && ! $is_eval ]]; then - add_soremote_user_manager >> $setup_log 2>&1 -fi - -{ - set_main_ip; - set_redirect; -} >> $setup_log 2>&1 - -host_pillar >> $setup_log 2>&1 - -if [[ $is_minion || $is_import ]]; then - set_updates >> $setup_log 2>&1 - [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 -fi - - -# Exit parent script if +# Set up handler for setup to exit early (use `kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1` in child scripts) trap 'catch $LINENO' SIGUSR1 catch() { @@ -497,8 +441,67 @@ catch() { { # Set initial percentage to 0 export percentage=0 + + # Show initial progress message + set_progress_str 0 'Running initial configuration steps' + set_path + if [[ $is_reinstall ]]; then + reinstall_init + fi + + if [[ -n "$TURBO" ]]; then + use_turbo_proxy + fi + + if [[ "$setup_type" == 'iso' ]]; then + # Init networking so rest of install works + set_hostname >> $setup_log 2>&1 + set_management_interface + fi + + disable_ipv6 + disable_auto_start + + if [[ "$setup_type" != 'iso' ]]; then + set_hostname >> $setup_log 2>&1 + fi + + if [[ $is_minion ]]; then + add_mngr_ip_to_hosts + fi + + { + mark_version; + clear_manager; + } >> $setup_log 2>&1 + + + if [[ $is_manager || $is_import ]]; then + { + generate_passwords; + secrets_pillar; + add_socore_user_manager; + } >> $setup_log 2>&1 + fi + + if [[ $is_manager && ! $is_eval ]]; then + add_soremote_user_manager >> $setup_log 2>&1 + fi + + { + set_main_ip; + set_redirect; + } >> $setup_log 2>&1 + + host_pillar >> $setup_log 2>&1 + + if [[ $is_minion || $is_import ]]; then + set_updates >> $setup_log 2>&1 + [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + fi + if [[ $is_manager && $is_airgap ]]; then info "Creating airgap repo" create_repo >> $setup_log 2>&1 From 3049718660d92d39492f2cac6433be6b8961d5fc Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 14:42:13 -0500 Subject: [PATCH 085/270] [fix] Kill + start salt-minion if it isn't responding --- setup/so-functions | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 8c23441ed..b42e03bb7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1382,10 +1382,12 @@ reserve_group_ids() { reinstall_init() { info "Putting system in state to run setup again" - local salt_services=( - "salt-master" - "salt-minion" - ) + if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then + local salt_services=( "salt-master" "salt-minion" ) + else + local salt_services=( "salt-minion" ) + fi + local service_retry_count=20 { @@ -1412,6 +1414,7 @@ reinstall_init() { kill -9 $pid kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi + sleep 5 ((count++)) done @@ -1671,6 +1674,8 @@ salt_checkin() { count=0 while ! (check_salt_minion_status); do echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 + systemctl kill salt-minion + systemctl start salt-minion if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 From b5bfad07dc3c53d6ebe301b29ef33f29437cc1ba Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 14:55:23 -0500 Subject: [PATCH 086/270] [fix] kill/start after if statement --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b42e03bb7..30399170f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1674,12 +1674,12 @@ salt_checkin() { count=0 while ! (check_salt_minion_status); do echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 - systemctl kill salt-minion - systemctl start salt-minion if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi + systemctl kill salt-minion + systemctl start salt-minion sleep 1; ((count++)) done From ac85cbc3f19516901249dcd7902323896cd377fa Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:10:41 -0500 Subject: [PATCH 087/270] [fix] Move set_redirect out of sub-shell --- setup/so-setup | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 73363959c..8dcce0e9b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -437,6 +437,12 @@ catch() { exit } +# This block sets REDIRECTIT which is used by a function outside the below subshell +{ + set_main_ip; + set_redirect; +} >> $setup_log 2>&1 + # Begin install { # Set initial percentage to 0 @@ -490,11 +496,6 @@ catch() { add_soremote_user_manager >> $setup_log 2>&1 fi - { - set_main_ip; - set_redirect; - } >> $setup_log 2>&1 - host_pillar >> $setup_log 2>&1 if [[ $is_minion || $is_import ]]; then From ebade0a5a6a6083ddba30080b336122f0d0ddb64 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:20:33 -0500 Subject: [PATCH 088/270] [fix] Also kill+start while trying to restart service initially --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 30399170f..e17fa23ce 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,7 +1650,8 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do - echo "$service still not running" >> "$setup_log" 2>&1 + systemctl kill "$service" + systemctl start "$service" if [ $count -gt 120 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 From 660c768f8f9a4c5ee33ad6f1f1c9fe7f9853580c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:26:59 -0500 Subject: [PATCH 089/270] Only kill+start on final loop and increase time between status checks --- setup/so-functions | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e17fa23ce..d6c309431 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,13 +1650,16 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do - systemctl kill "$service" - systemctl start "$service" - if [ $count -gt 120 ]; then + if [ $count -eq 12 ]; then + systemctl kill "$service" + systemctl start "$service" + fi + + if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi - sleep 1; + sleep 10; ((count++)) done done From 3273a6366235bc7a7f26f88e4c55f1b6a1aaf7eb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:35:50 -0500 Subject: [PATCH 090/270] [fix] kill old restart pid and assign new pid for start --- setup/so-functions | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d6c309431..67cbb7c24 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,13 +1650,19 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do + # On final loop, kill the pid trying to restart service and try to manually kill then start it if [ $count -eq 12 ]; then - systemctl kill "$service" - systemctl start "$service" + { + kill -9 "$pid" + systemctl kill "$service" + systemctl start "$service" & + local pid=$! + } >> "$setup_log" 2>&1 fi if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 + kill -9 "$pid" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 10; From 2e516629f9fdf1e853e416cb8f809c2644363555 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 14:42:13 -0500 Subject: [PATCH 091/270] [fix] Kill + start salt-minion if it isn't responding --- setup/so-functions | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 8c23441ed..b42e03bb7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1382,10 +1382,12 @@ reserve_group_ids() { reinstall_init() { info "Putting system in state to run setup again" - local salt_services=( - "salt-master" - "salt-minion" - ) + if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then + local salt_services=( "salt-master" "salt-minion" ) + else + local salt_services=( "salt-minion" ) + fi + local service_retry_count=20 { @@ -1412,6 +1414,7 @@ reinstall_init() { kill -9 $pid kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi + sleep 5 ((count++)) done @@ -1671,6 +1674,8 @@ salt_checkin() { count=0 while ! (check_salt_minion_status); do echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 + systemctl kill salt-minion + systemctl start salt-minion if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 From 916db4acec020ce92aeb918b3821a1fe40b26fd5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 14:55:23 -0500 Subject: [PATCH 092/270] [fix] kill/start after if statement --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b42e03bb7..30399170f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1674,12 +1674,12 @@ salt_checkin() { count=0 while ! (check_salt_minion_status); do echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 - systemctl kill salt-minion - systemctl start salt-minion if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi + systemctl kill salt-minion + systemctl start salt-minion sleep 1; ((count++)) done From 39dce13cf6d061748975b5ce860479cdc798a322 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:10:41 -0500 Subject: [PATCH 093/270] [fix] Move set_redirect out of sub-shell --- setup/so-setup | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 73363959c..8dcce0e9b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -437,6 +437,12 @@ catch() { exit } +# This block sets REDIRECTIT which is used by a function outside the below subshell +{ + set_main_ip; + set_redirect; +} >> $setup_log 2>&1 + # Begin install { # Set initial percentage to 0 @@ -490,11 +496,6 @@ catch() { add_soremote_user_manager >> $setup_log 2>&1 fi - { - set_main_ip; - set_redirect; - } >> $setup_log 2>&1 - host_pillar >> $setup_log 2>&1 if [[ $is_minion || $is_import ]]; then From 7458313d3d5c324cf2ed8c110f194a7e38362e9c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:20:33 -0500 Subject: [PATCH 094/270] [fix] Also kill+start while trying to restart service initially --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 30399170f..e17fa23ce 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,7 +1650,8 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do - echo "$service still not running" >> "$setup_log" 2>&1 + systemctl kill "$service" + systemctl start "$service" if [ $count -gt 120 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 From ff1cfb578f87ced958a3fb719fea534558cf481d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:26:59 -0500 Subject: [PATCH 095/270] Only kill+start on final loop and increase time between status checks --- setup/so-functions | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e17fa23ce..d6c309431 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,13 +1650,16 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do - systemctl kill "$service" - systemctl start "$service" - if [ $count -gt 120 ]; then + if [ $count -eq 12 ]; then + systemctl kill "$service" + systemctl start "$service" + fi + + if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi - sleep 1; + sleep 10; ((count++)) done done From 7b43c2955e2c550caf7154f8325d297a956673b4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 3 Dec 2020 15:35:50 -0500 Subject: [PATCH 096/270] [fix] kill old restart pid and assign new pid for start --- setup/so-functions | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d6c309431..67cbb7c24 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1650,13 +1650,19 @@ salt_checkin() { count=0 while ! (check_service_status "$service"); do + # On final loop, kill the pid trying to restart service and try to manually kill then start it if [ $count -eq 12 ]; then - systemctl kill "$service" - systemctl start "$service" + { + kill -9 "$pid" + systemctl kill "$service" + systemctl start "$service" & + local pid=$! + } >> "$setup_log" 2>&1 fi if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 + kill -9 "$pid" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi sleep 10; From fca50660a26864a65381312acc561b34f3c8ade1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 4 Dec 2020 09:33:28 -0500 Subject: [PATCH 097/270] [fix] Trap argument off by one --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 8dcce0e9b..1ea238a38 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -432,7 +432,7 @@ echo "1" > /root/accept_changes trap 'catch $LINENO' SIGUSR1 catch() { - info "Fatal error occurred at $2 in so-setup, failing setup." + info "Fatal error occurred at $1 in so-setup, failing setup." whiptail_setup_failed exit } From 134d9bc89a26ee00c23162c3fe031612888eee28 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sun, 6 Dec 2020 17:08:11 -0500 Subject: [PATCH 098/270] so-suricata-testrule initial commit --- salt/common/tools/sbin/so-suricata-testrule | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 salt/common/tools/sbin/so-suricata-testrule diff --git a/salt/common/tools/sbin/so-suricata-testrule b/salt/common/tools/sbin/so-suricata-testrule new file mode 100644 index 000000000..645a0368b --- /dev/null +++ b/salt/common/tools/sbin/so-suricata-testrule @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +{%- set MANAGER = salt['grains.get']('master') %} +{%- set VERSION = salt['pillar.get']('global:soversion') %} +{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} + +TESTRULE=$1 +TESTPCAP=$2 + +. /usr/sbin/so-common + +echo "" +echo "===============" +echo "Running all.rules and $TESTRULE against the following pcap: $TESTPCAP" +echo "" +sleep 3 + +cp /opt/so/conf/suricata/rules/all.rules /tmp/nids-testing/rules/all.rules +cat $TESTRULE >> /tmp/nids-testing/rules/all.rules + +rm -rf /tmp/nids-testing/output +mkdir -p /tmp/nids-testing/output +chown suricata:socore /tmp/nids-testing/output +mkdir -p /tmp/nids-testing/rules + + +echo "==== Begin Suricata Output ===" + + docker run --rm \ + -v /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro \ + -v /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro \ + -v /tmp/nids-testing/rules:/etc/suricata/rules:ro \ + -v "$TESTPCAP:/input.pcap:ro" \ + -v /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro \ + -v /tmp/nids-testing/output/:/nsm/:rw \ + {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} \ + --runmode single -v -k none -r /input.pcap -l /tmp --init-errors-fatal +echo "==== End Suricata Output ===" + +echo "" +echo "If any alerts hit, they will be displayed below:" +echo "" + +cat /tmp/nids-testing/output/* | jq + +echo "" +echo "End so-suricata-testrule" +echo "===============" +echo "" From 3136c6678030d0626bea2835fc32d26d098dc6fa Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 08:50:53 -0500 Subject: [PATCH 099/270] [fix] Bring back network setup before setting MAINIP var --- setup/so-setup | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 1ea238a38..8ee236bf1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -437,6 +437,26 @@ catch() { exit } +# Init networking so rest of install works +if [[ -n "$TURBO" ]]; then + use_turbo_proxy +fi + +if [[ "$setup_type" == 'iso' ]]; then + set_hostname >> $setup_log 2>&1 + set_management_interface +fi + +disable_ipv6 + +if [[ "$setup_type" != 'iso' ]]; then + set_hostname >> $setup_log 2>&1 +fi + +if [[ $is_minion ]]; then + add_mngr_ip_to_hosts +fi + # This block sets REDIRECTIT which is used by a function outside the below subshell { set_main_ip; @@ -457,27 +477,8 @@ catch() { reinstall_init fi - if [[ -n "$TURBO" ]]; then - use_turbo_proxy - fi - - if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works - set_hostname >> $setup_log 2>&1 - set_management_interface - fi - - disable_ipv6 disable_auto_start - if [[ "$setup_type" != 'iso' ]]; then - set_hostname >> $setup_log 2>&1 - fi - - if [[ $is_minion ]]; then - add_mngr_ip_to_hosts - fi - { mark_version; clear_manager; From 4fe2de2637acbbf0ae6bab8ccaa413f6e7b79ea9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 7 Dec 2020 10:47:20 -0500 Subject: [PATCH 100/270] upgrade docker https://github.com/Security-Onion-Solutions/securityonion/issues/2188 --- salt/common/init.sls | 6 ++++-- setup/so-functions | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index cf791cfa2..02bc4d1fa 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -111,7 +111,8 @@ heldpackages: pkg.installed: - pkgs: - containerd.io: 1.2.13-2 - - docker-ce: 5:19.03.12~3-0~ubuntu-bionic + - docker-ce: 5:19.03.14~3-0~ubuntu-bionic + - docker-ce-cli: 5:19.03.14~3-0~ubuntu-bionic - hold: True - update_holds: True @@ -147,7 +148,8 @@ heldpackages: pkg.installed: - pkgs: - containerd.io: 1.2.13-3.2.el7 - - docker-ce: 3:19.03.12-3.el7 + - docker-ce: 3:19.03.14-3.el7 + - docker-ce-cli: 3:19.03.14-3.el7 - hold: True - update_holds: True {% endif %} diff --git a/setup/so-functions b/setup/so-functions index e8360c671..c1330bf43 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -821,9 +821,9 @@ docker_install() { yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo; fi if [[ ! $is_iso ]]; then - yum -y install docker-ce-19.03.12-3.el7 containerd.io-1.2.13-3.2.el7; + yum -y install docker-ce-19.03.14-3.el7 containerd.io-1.2.13-3.2.el7; fi - yum versionlock docker-ce-19.03.12-3.el7; + yum versionlock docker-ce-19.03.14-3.el7; yum versionlock containerd.io-1.2.13-3.2.el7 } >> "$setup_log" 2>&1 From 38324c226eb850662c484b7aeede8f8feeb82bc8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 10:58:58 -0500 Subject: [PATCH 101/270] [fix] Don't let grep output message on file not found --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index e8360c671..daeb917a0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -771,7 +771,7 @@ disable_auto_start() { logCmd "crontab -u $INSTALLUSERNAME -r" fi - if grep -q so-setup /home/$INSTALLUSERNAME/.bash_profile; then + if grep -s -q so-setup /home/$INSTALLUSERNAME/.bash_profile; then # Truncate last line of the bash profile info "Removing auto-run of setup from bash profile" sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 From 19d27c7d682a8f0cb0636ad3e4dea375963653ee Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 7 Dec 2020 11:50:47 -0500 Subject: [PATCH 102/270] remove docker-ce-cli from common state --- salt/common/init.sls | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 02bc4d1fa..1192923b7 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -112,7 +112,6 @@ heldpackages: - pkgs: - containerd.io: 1.2.13-2 - docker-ce: 5:19.03.14~3-0~ubuntu-bionic - - docker-ce-cli: 5:19.03.14~3-0~ubuntu-bionic - hold: True - update_holds: True @@ -149,7 +148,6 @@ heldpackages: - pkgs: - containerd.io: 1.2.13-3.2.el7 - docker-ce: 3:19.03.14-3.el7 - - docker-ce-cli: 3:19.03.14-3.el7 - hold: True - update_holds: True {% endif %} From 8ea088c3fc0eb55416956342150beecb840f00bf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 7 Dec 2020 14:09:41 -0500 Subject: [PATCH 103/270] Restart Elastic on addition of node. --- pillar/data/addtotab.sh | 5 +++-- salt/elasticsearch/init.sls | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index ac3d913a5..b4c80e6fe 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -54,7 +54,8 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then salt-call state.apply utility queue=True fi fi -#if [ $TYPE == 'nodestab' ]; then +if [ $TYPE == 'nodestab' ]; then + salt-call state.apply elasticseach # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls -#fi +fi diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 0b28ee6d1..7f3a7af56 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,12 +189,10 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - {{ grains.host }}:{{ NODEIP }} - {%- if ismanager %} {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + {%- endfor %} {%- endif %} - environment: - discovery.type=single-node From 6fc3232637663c95b442f93215ad8a41bfc7c987 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 14:16:06 -0500 Subject: [PATCH 104/270] [fix] Set INSTALLUSERNAME to the user running the script Resolves #2243 --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index bd16f9cd2..38077269f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1321,7 +1321,7 @@ elasticsearch_pillar() { parse_install_username() { # parse out the install username so things copy correctly - INSTALLUSERNAME=$(pwd | sed -E 's/\// /g' | awk '{ print $2 }') + INSTALLUSERNAME=${SUDO_USER:-${USER}} } patch_pillar() { From 08ab36927d91063f4981162c15a8d610e73e4f3d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 14:16:54 -0500 Subject: [PATCH 105/270] [refactor] Kill parent script on exit --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 38077269f..dffc52b4f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1752,7 +1752,7 @@ set_main_ip() { This is not a supported configuration, please remediate and rerun setup. EOM whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 - exit 1 + kill -SIGKILL "$(ps --pid $$ -oppid=)"; exit 1 fi } From d88364c9fde41a6a3199bcc2e23ed3447c47aeeb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 14:18:01 -0500 Subject: [PATCH 106/270] [feat] Create error log for easy copy/paste Resolves #2165 --- setup/so-setup | 18 +++++++++--------- setup/so-variables | 3 +++ setup/so-whiptail | 15 ++++++++++++++- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 8ee236bf1..4260f813e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -59,6 +59,7 @@ if [[ -f /root/accept_changes ]]; then # Move last setup log to backup mv "$setup_log" "$setup_log.bak" + mv "$error_log" "$error_log.bak" fi # Begin Installation pre-processing @@ -72,14 +73,6 @@ analyze_system automated=no function progress() { local title='Security Onion Install' - if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then - if [[ -s /var/spool/mail/root ]]; then - echo '[ ERROR ] /var/spool/mail/root grew unexpectedly' >> $setup_log 2>&1 - fi - - export SO_ERROR=1 - title="Error found, please check $setup_log" - fi if [ $automated == no ]; then whiptail --title "$title" --gauge 'Please wait while installing...' 6 60 0 # append to text @@ -433,6 +426,7 @@ trap 'catch $LINENO' SIGUSR1 catch() { info "Fatal error occurred at $1 in so-setup, failing setup." + grep --color=never "ERROR" "$setup_log" > "$error_log" whiptail_setup_failed exit } @@ -780,12 +774,18 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') if [[ $success != 0 ]]; then SO_ERROR=1; fi # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox -if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi +if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then + SO_ERROR=1 + + grep --color=never "ERROR" "$setup_log" > "$error_log" +fi if [[ -n $SO_ERROR ]]; then echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1 + SKIP_REBOOT=1 whiptail_setup_failed + else echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1 { diff --git a/setup/so-variables b/setup/so-variables index 83b9b4325..2223fe106 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -21,6 +21,9 @@ export node_es_port setup_log="/root/sosetup.log" export setup_log +error_log="/root/errors.log" +export error_log + filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_root diff --git a/setup/so-whiptail b/setup/so-whiptail index 11d968910..444260907 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1259,7 +1259,20 @@ whiptail_setup_failed() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Ok to exit." 8 75 + local check_err_msg + local height + + [ -f "$error_log" ] && check_err_msg="A summary of errors can be found in $error_log.\n" + + if [[ -n $check_err_msg ]]; then height=11; else height=10; fi + + read -r -d '' message <<- EOM + Install had a problem. Please see $setup_log for details.\n + $check_err_msg + Press Ok to exit. + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" $height 75 } whiptail_shard_count() { From 64dc9f8d4e319ab71ef80b97eb5e5f39fab19104 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 7 Dec 2020 14:40:32 -0500 Subject: [PATCH 107/270] [fix] Only list ipv4 addresses when checking mysql --- salt/_modules/so.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index bbbbe4ea8..037b7da00 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -18,7 +18,7 @@ def mysql_conn(retry): return False mainint = __salt__['pillar.get']('host:mainint') - ip_arr = __salt__['grains.get']('ip_interfaces').get(mainint) + ip_arr = __salt__['grains.get']('ip4_interfaces').get(mainint) mysql_up = False From 8915e492889493300124637554dcee01d6f7188e Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 7 Dec 2020 22:28:58 -0500 Subject: [PATCH 108/270] Initial support - Playbook Overrides --- salt/playbook/files/playbook_db_init.sql | 90 +- .../playbook/files/playbook_db_migrations.sql | 1762 +++++++++++++++++ salt/playbook/init.sls | 2 +- 3 files changed, 1799 insertions(+), 55 deletions(-) create mode 100644 salt/playbook/files/playbook_db_migrations.sql diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index 7a3b4da68..7da93bae8 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -356,7 +356,7 @@ CREATE TABLE `custom_fields` ( `description` text, PRIMARY KEY (`id`), KEY `index_custom_fields_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=41 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -365,7 +365,7 @@ CREATE TABLE `custom_fields` ( LOCK TABLES `custom_fields` WRITE; /*!40000 ALTER TABLE `custom_fields` DISABLE KEYS */; -INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,14,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,17,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,12,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,21,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''); +INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,17,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,14,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,12,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,21,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,22,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,23,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''),(27,'IssueCustomField','Sigma File','string',NULL,'',NULL,NULL,0,0,0,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Location of Sigma file in /SOCtopus'),(28,'IssueCustomField','Sigma URL','string',NULL,'',NULL,NULL,0,0,0,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\n','Location of Sigma file in Security Onion repository'),(29,'IssueCustomField','Email Notifications','bool',NULL,'',NULL,NULL,1,0,1,25,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','When enabled, all alerts will be logged in SOC Alerts and also emailed to the target email address. To configure email options, go to \"jump to a project\" in the top right and type Options. Configure SMTP Settings.'),(30,'IssueCustomField','Auto Update Sigma','bool',NULL,'',NULL,NULL,1,0,1,26,0,'1',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Automatically updating a sigma will be a scheduled task that removes any custom configuration done to the sigma. If you want to customize (ie. add exclusions), automatic updating must be disabled. '),(31,'IssueCustomField','Update Available','bool',NULL,'',NULL,NULL,1,0,1,27,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','The update available field notifies you that a sigma has been updated in the public repo. If a rule doesn\'t automatically update, this field will let you know to either enable automatic updates or manually review the rule changes in the repo. Set this value back to No to ignore the rule notification.'),(32,'IssueCustomField','Alert Email Address','string',NULL,'',NULL,NULL,0,0,0,28,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Destination address for email alerts'),(33,'IssueCustomField','Alert From Email Address','string',NULL,'',NULL,NULL,0,0,0,29,0,'alerts@localhost.local',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Source address for email alerts'),(34,'IssueCustomField','SMTP Server','string',NULL,'',NULL,NULL,0,0,0,30,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','IP Address/Name of destination SMTP Server'),(35,'IssueCustomField','SMTP Port','int',NULL,'',NULL,NULL,0,0,0,31,0,'25',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\n','Destination port of SMTP Server'),(36,'IssueCustomField','SMTP TLS Enabled','bool',NULL,'',NULL,NULL,1,0,0,32,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Enable if SMTP server is requires TLS'),(37,'IssueCustomField','Backup Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,33,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Backup custom community sigmas and internal sigmas to /SOCtopus/custom/backup'),(38,'IssueCustomField','Import Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,34,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Import custom rules from /SOCtopus/custom/import'),(39,'IssueCustomField','Clear Update Status (all)','bool',NULL,'',NULL,NULL,1,0,0,35,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Reset \"Update Available\" status on all rules'),(40,'IssueCustomField','Disable Playbook Alerts','bool',NULL,'',NULL,NULL,1,0,1,24,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Playbook will not generate any alerts for this Play'); /*!40000 ALTER TABLE `custom_fields` ENABLE KEYS */; UNLOCK TABLES; @@ -389,6 +389,7 @@ CREATE TABLE `custom_fields_projects` ( LOCK TABLES `custom_fields_projects` WRITE; /*!40000 ALTER TABLE `custom_fields_projects` DISABLE KEYS */; +INSERT INTO `custom_fields_projects` VALUES (27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,2),(38,2),(39,2),(40,1); /*!40000 ALTER TABLE `custom_fields_projects` ENABLE KEYS */; UNLOCK TABLES; @@ -435,7 +436,7 @@ CREATE TABLE `custom_fields_trackers` ( LOCK TABLES `custom_fields_trackers` WRITE; /*!40000 ALTER TABLE `custom_fields_trackers` DISABLE KEYS */; -INSERT INTO `custom_fields_trackers` VALUES (1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1); +INSERT INTO `custom_fields_trackers` VALUES (1,1),(1,2),(1,3),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1),(27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,3),(38,3),(39,3),(40,1); /*!40000 ALTER TABLE `custom_fields_trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -455,7 +456,7 @@ CREATE TABLE `custom_values` ( PRIMARY KEY (`id`), KEY `custom_values_customized` (`customized_type`,`customized_id`), KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=145325 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=186336 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -464,6 +465,7 @@ CREATE TABLE `custom_values` ( LOCK TABLES `custom_values` WRITE; /*!40000 ALTER TABLE `custom_values` DISABLE KEYS */; +INSERT INTO `custom_values` VALUES (170104,'Issue',995,1,'Sigma Options'),(170105,'Issue',995,37,'1'),(170106,'Issue',995,38,'0'),(170107,'Issue',995,39,'0'); /*!40000 ALTER TABLE `custom_values` ENABLE KEYS */; UNLOCK TABLES; @@ -514,7 +516,7 @@ CREATE TABLE `email_addresses` ( `updated_on` datetime NOT NULL, PRIMARY KEY (`id`), KEY `index_email_addresses_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -523,7 +525,7 @@ CREATE TABLE `email_addresses` ( LOCK TABLES `email_addresses` WRITE; /*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'); +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); /*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; UNLOCK TABLES; @@ -540,7 +542,7 @@ CREATE TABLE `enabled_modules` ( `name` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `enabled_modules_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -549,7 +551,7 @@ CREATE TABLE `enabled_modules` ( LOCK TABLES `enabled_modules` WRITE; /*!40000 ALTER TABLE `enabled_modules` DISABLE KEYS */; -INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'); +INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'),(3,2,'sigma_editor'),(4,2,'issue_tracking'); /*!40000 ALTER TABLE `enabled_modules` ENABLE KEYS */; UNLOCK TABLES; @@ -606,7 +608,7 @@ CREATE TABLE `groups_users` ( LOCK TABLES `groups_users` WRITE; /*!40000 ALTER TABLE `groups_users` DISABLE KEYS */; -INSERT INTO `groups_users` VALUES (7,1); +INSERT INTO `groups_users` VALUES (6,10),(7,1); /*!40000 ALTER TABLE `groups_users` ENABLE KEYS */; UNLOCK TABLES; @@ -797,7 +799,7 @@ CREATE TABLE `issues` ( KEY `index_issues_on_created_on` (`created_on`), KEY `index_issues_on_root_id_and_lft_and_rgt` (`root_id`,`lft`,`rgt`), KEY `index_issues_on_parent_id` (`parent_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=996 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -806,6 +808,7 @@ CREATE TABLE `issues` ( LOCK TABLES `issues` WRITE; /*!40000 ALTER TABLE `issues` DISABLE KEYS */; +INSERT INTO `issues` VALUES (995,3,2,'Sigma Options',NULL,NULL,NULL,2,NULL,1,NULL,1,0,'2020-11-23 15:17:38','2020-11-23 15:17:38',NULL,0,NULL,NULL,995,1,2,0,NULL); /*!40000 ALTER TABLE `issues` ENABLE KEYS */; UNLOCK TABLES; @@ -825,7 +828,7 @@ CREATE TABLE `journal_details` ( `value` longtext, PRIMARY KEY (`id`), KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=792 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=456 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -857,7 +860,7 @@ CREATE TABLE `journals` ( KEY `index_journals_on_user_id` (`user_id`), KEY `index_journals_on_journalized_id` (`journalized_id`), KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=9502 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=11351 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -885,7 +888,7 @@ CREATE TABLE `member_roles` ( KEY `index_member_roles_on_member_id` (`member_id`), KEY `index_member_roles_on_role_id` (`role_id`), KEY `index_member_roles_on_inherited_from` (`inherited_from`) -) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -894,7 +897,7 @@ CREATE TABLE `member_roles` ( LOCK TABLES `member_roles` WRITE; /*!40000 ALTER TABLE `member_roles` DISABLE KEYS */; -INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3); +INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3),(8,8,5,1),(9,9,3,NULL),(10,9,4,NULL),(11,9,5,NULL),(12,10,3,NULL),(13,10,4,NULL),(14,10,5,NULL),(15,11,3,NULL),(16,10,3,15),(17,11,4,NULL),(18,10,4,17),(19,11,5,NULL),(20,10,5,19); /*!40000 ALTER TABLE `member_roles` ENABLE KEYS */; UNLOCK TABLES; @@ -915,7 +918,7 @@ CREATE TABLE `members` ( UNIQUE KEY `index_members_on_user_id_and_project_id` (`user_id`,`project_id`), KEY `index_members_on_user_id` (`user_id`), KEY `index_members_on_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -924,7 +927,7 @@ CREATE TABLE `members` ( LOCK TABLES `members` WRITE; /*!40000 ALTER TABLE `members` DISABLE KEYS */; -INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0); +INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0),(8,10,1,'2020-11-21 22:14:13',0),(9,1,2,'2020-11-22 20:49:47',0),(10,10,2,'2020-11-22 20:49:47',0),(11,6,2,'2020-11-22 20:49:47',0); /*!40000 ALTER TABLE `members` ENABLE KEYS */; UNLOCK TABLES; @@ -1077,7 +1080,7 @@ CREATE TABLE `projects` ( PRIMARY KEY (`id`), KEY `index_projects_on_lft` (`lft`), KEY `index_projects_on_rgt` (`rgt`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1086,7 +1089,7 @@ CREATE TABLE `projects` ( LOCK TABLES `projects` WRITE; /*!40000 ALTER TABLE `projects` DISABLE KEYS */; -INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL); +INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL),(2,'Options','','',1,NULL,'2020-11-22 20:49:17','2020-11-22 20:49:17','options',1,3,4,0,NULL,NULL); /*!40000 ALTER TABLE `projects` ENABLE KEYS */; UNLOCK TABLES; @@ -1111,7 +1114,7 @@ CREATE TABLE `projects_trackers` ( LOCK TABLES `projects_trackers` WRITE; /*!40000 ALTER TABLE `projects_trackers` DISABLE KEYS */; -INSERT INTO `projects_trackers` VALUES (1,1); +INSERT INTO `projects_trackers` VALUES (1,1),(2,2),(2,3); /*!40000 ALTER TABLE `projects_trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -1310,7 +1313,7 @@ CREATE TABLE `settings` ( LOCK TABLES `settings` WRITE; /*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.135:7000/playbook/sigmac\ncreate_url: http://10.66.166.135:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); +INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.121:7000/playbook/sigmac\ncreate_url: http://10.66.166.121:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); /*!40000 ALTER TABLE `settings` ENABLE KEYS */; UNLOCK TABLES; @@ -1371,7 +1374,7 @@ CREATE TABLE `tokens` ( PRIMARY KEY (`id`), UNIQUE KEY `tokens_value` (`value`), KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=67 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1380,19 +1383,7 @@ CREATE TABLE `tokens` ( LOCK TABLES `tokens` WRITE; /*!40000 ALTER TABLE `tokens` DISABLE KEYS */; -INSERT INTO `tokens` - VALUES - (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'), - (4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'), - (5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'), - (9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'), - (19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'), - (20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'), - (23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'), - (46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'), - (59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'), - (61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'), - (62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'); +INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'),(61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'),(62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'),(67,10,'api','a92a42f4fbbb23e713adc4f57091129457f6acfe','2020-11-21 22:14:13','2020-11-21 22:14:13'),(71,1,'session','3bcc8d4d9b8a5dda138da6f2f346bb2503b1ec9d','2020-12-08 03:01:36','2020-12-08 03:02:48'); /*!40000 ALTER TABLE `tokens` ENABLE KEYS */; UNLOCK TABLES; @@ -1413,7 +1404,7 @@ CREATE TABLE `trackers` ( `fields_bits` int(11) DEFAULT '0', `default_status_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1422,7 +1413,7 @@ CREATE TABLE `trackers` ( LOCK TABLES `trackers` WRITE; /*!40000 ALTER TABLE `trackers` DISABLE KEYS */; -INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2); +INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2),(2,'Email Options','',0,2,1,511,2),(3,'Sigma Options','',0,3,1,511,2); /*!40000 ALTER TABLE `trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -1441,7 +1432,7 @@ CREATE TABLE `user_preferences` ( `time_zone` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`), KEY `index_user_preferences_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1450,7 +1441,7 @@ CREATE TABLE `user_preferences` ( LOCK TABLES `user_preferences` WRITE; /*!40000 ALTER TABLE `user_preferences` DISABLE KEYS */; -INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); +INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1,2\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''),(4,10,'---\n:no_self_notified: true\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); /*!40000 ALTER TABLE `user_preferences` ENABLE KEYS */; UNLOCK TABLES; @@ -1484,7 +1475,7 @@ CREATE TABLE `users` ( KEY `index_users_on_id_and_type` (`id`,`type`), KEY `index_users_on_auth_source_id` (`auth_source_id`), KEY `index_users_on_type` (`type`) -) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1493,16 +1484,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` - VALUES - (1,'admin','ADMIN_HASH','Admin','Admin',1,1,'2020-08-17 18:03:20','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','ADMIN_SALT',0,'2020-04-26 13:10:27'), - (2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL), - (3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL), - (4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL), - (5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL), - (6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL), - (7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL) -; +INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; @@ -1579,7 +1561,7 @@ CREATE TABLE `webhooks` ( `url` varchar(255) DEFAULT NULL, `project_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1588,7 +1570,7 @@ CREATE TABLE `webhooks` ( LOCK TABLES `webhooks` WRITE; /*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; -INSERT INTO `webhooks` VALUES (1,'http://10.66.166.135:7000/playbook/webhook',1); +INSERT INTO `webhooks` VALUES (1,'http://10.66.166.121:7000/playbook/webhook',1),(2,'http://10.66.166.121:7000/playbook/webhook',2); /*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; UNLOCK TABLES; @@ -1763,7 +1745,7 @@ CREATE TABLE `workflows` ( KEY `index_workflows_on_role_id` (`role_id`), KEY `index_workflows_on_new_status_id` (`new_status_id`), KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=652 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=767 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1772,7 +1754,7 @@ CREATE TABLE `workflows` ( LOCK TABLES `workflows` WRITE; /*!40000 ALTER TABLE `workflows` DISABLE KEYS */; -INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(537,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(538,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(539,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(540,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(541,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(542,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(543,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(544,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(545,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(546,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(547,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(548,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(549,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(550,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(551,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(552,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(553,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(554,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(555,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(556,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(557,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(558,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(559,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(560,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(561,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(562,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(563,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(564,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(565,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(566,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(567,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(568,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(569,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(570,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(571,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(572,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(573,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(574,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(575,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(576,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(577,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(578,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(579,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(580,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(581,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(582,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(583,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(584,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(585,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(586,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(587,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(588,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(589,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(590,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(591,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(592,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(593,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(594,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(595,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(596,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(597,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(598,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(599,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(600,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(601,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(602,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(603,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(604,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(605,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(606,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(607,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(608,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(609,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(610,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(611,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(612,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(613,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(614,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(615,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(616,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(617,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(618,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(619,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(620,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(621,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(622,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(623,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(624,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(625,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(626,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(627,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(628,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(629,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(630,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(631,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(632,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(633,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(634,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(635,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(636,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(637,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(638,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(639,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(640,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(641,1,6,0,2,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL); +INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL),(652,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(653,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(654,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(655,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(656,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(657,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(658,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(659,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(660,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(661,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(662,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(663,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(664,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(665,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(666,1,2,0,2,0,0,'WorkflowPermission','27','readonly'),(667,1,2,0,2,0,0,'WorkflowPermission','28','readonly'),(668,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(669,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(670,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(671,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(672,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(673,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(674,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(675,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(676,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(677,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(678,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(679,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(680,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(681,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(682,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(683,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(684,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(685,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(686,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(687,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(688,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(689,1,3,0,2,0,0,'WorkflowPermission','27','readonly'),(690,1,3,0,2,0,0,'WorkflowPermission','28','readonly'),(691,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(692,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(693,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(694,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(695,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(696,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(697,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(698,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(699,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(700,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(701,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(702,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(703,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(704,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(705,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(706,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(707,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(708,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(709,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(710,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(711,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(712,1,4,0,2,0,0,'WorkflowPermission','27','readonly'),(713,1,4,0,2,0,0,'WorkflowPermission','28','readonly'),(714,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(715,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(716,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(717,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(718,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(719,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(720,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(721,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(722,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(723,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(724,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(725,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(726,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(727,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(728,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(729,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(730,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(731,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(732,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(733,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(734,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(735,1,5,0,2,0,0,'WorkflowPermission','27','readonly'),(736,1,5,0,2,0,0,'WorkflowPermission','28','readonly'),(737,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(738,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(739,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(740,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(741,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(742,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(743,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(744,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(745,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(746,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(747,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(748,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(749,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(750,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(751,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(752,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(753,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(754,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(755,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(756,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(757,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(758,1,6,0,2,0,0,'WorkflowPermission','27','readonly'),(759,1,6,0,2,0,0,'WorkflowPermission','28','readonly'),(760,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(761,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(762,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(763,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(764,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(765,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(766,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); /*!40000 ALTER TABLE `workflows` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -1785,4 +1767,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2020-08-17 18:06:56 +-- Dump completed on 2020-12-08 3:05:36 diff --git a/salt/playbook/files/playbook_db_migrations.sql b/salt/playbook/files/playbook_db_migrations.sql new file mode 100644 index 000000000..e06d921f4 --- /dev/null +++ b/salt/playbook/files/playbook_db_migrations.sql @@ -0,0 +1,1762 @@ +-- MySQL dump 10.13 Distrib 5.7.24, for Linux (x86_64) +-- +-- Host: localhost Database: playbook +-- ------------------------------------------------------ +-- Server version 5.7.24 + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `ar_internal_metadata` +-- + +-- `ar_internal_metadata`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `ar_internal_metadata` ( + `key` varchar(255) NOT NULL, + `value` varchar(255) DEFAULT NULL, + `created_at` datetime NOT NULL, + `updated_at` datetime NOT NULL, + PRIMARY KEY (`key`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `ar_internal_metadata` +-- + +LOCK TABLES `ar_internal_metadata` WRITE; +/*!40000 ALTER TABLE `ar_internal_metadata` DISABLE KEYS */; +INSERT INTO `ar_internal_metadata` VALUES ('environment','production','2020-04-26 13:08:38','2020-04-26 13:08:38'); +/*!40000 ALTER TABLE `ar_internal_metadata` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `attachments` +-- + +-- `attachments`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `attachments` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `container_id` int(11) DEFAULT NULL, + `container_type` varchar(30) DEFAULT NULL, + `filename` varchar(255) NOT NULL DEFAULT '', + `disk_filename` varchar(255) NOT NULL DEFAULT '', + `filesize` bigint(20) NOT NULL DEFAULT '0', + `content_type` varchar(255) DEFAULT '', + `digest` varchar(64) NOT NULL DEFAULT '', + `downloads` int(11) NOT NULL DEFAULT '0', + `author_id` int(11) NOT NULL DEFAULT '0', + `created_on` timestamp NULL DEFAULT NULL, + `description` varchar(255) DEFAULT NULL, + `disk_directory` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_attachments_on_author_id` (`author_id`), + KEY `index_attachments_on_created_on` (`created_on`), + KEY `index_attachments_on_container_id_and_container_type` (`container_id`,`container_type`), + KEY `index_attachments_on_disk_filename` (`disk_filename`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `attachments` +-- + +LOCK TABLES `attachments` WRITE; +/*!40000 ALTER TABLE `attachments` DISABLE KEYS */; +/*!40000 ALTER TABLE `attachments` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `auth_sources` +-- + +-- `auth_sources`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `auth_sources` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `type` varchar(30) NOT NULL DEFAULT '', + `name` varchar(60) NOT NULL DEFAULT '', + `host` varchar(60) DEFAULT NULL, + `port` int(11) DEFAULT NULL, + `account` varchar(255) DEFAULT NULL, + `account_password` varchar(255) DEFAULT '', + `base_dn` varchar(255) DEFAULT NULL, + `attr_login` varchar(30) DEFAULT NULL, + `attr_firstname` varchar(30) DEFAULT NULL, + `attr_lastname` varchar(30) DEFAULT NULL, + `attr_mail` varchar(30) DEFAULT NULL, + `onthefly_register` tinyint(1) NOT NULL DEFAULT '0', + `tls` tinyint(1) NOT NULL DEFAULT '0', + `filter` text, + `timeout` int(11) DEFAULT NULL, + `verify_peer` tinyint(1) NOT NULL DEFAULT '1', + PRIMARY KEY (`id`), + KEY `index_auth_sources_on_id_and_type` (`id`,`type`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `auth_sources` +-- + +LOCK TABLES `auth_sources` WRITE; +/*!40000 ALTER TABLE `auth_sources` DISABLE KEYS */; +/*!40000 ALTER TABLE `auth_sources` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `boards` +-- + +-- `boards`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `boards` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL, + `name` varchar(255) NOT NULL DEFAULT '', + `description` varchar(255) DEFAULT NULL, + `position` int(11) DEFAULT NULL, + `topics_count` int(11) NOT NULL DEFAULT '0', + `messages_count` int(11) NOT NULL DEFAULT '0', + `last_message_id` int(11) DEFAULT NULL, + `parent_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `boards_project_id` (`project_id`), + KEY `index_boards_on_last_message_id` (`last_message_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `boards` +-- + +LOCK TABLES `boards` WRITE; +/*!40000 ALTER TABLE `boards` DISABLE KEYS */; +/*!40000 ALTER TABLE `boards` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `changes` +-- + +-- `changes`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `changes` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `changeset_id` int(11) NOT NULL, + `action` varchar(1) NOT NULL DEFAULT '', + `path` text NOT NULL, + `from_path` text, + `from_revision` varchar(255) DEFAULT NULL, + `revision` varchar(255) DEFAULT NULL, + `branch` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `changesets_changeset_id` (`changeset_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `changes` +-- + +LOCK TABLES `changes` WRITE; +/*!40000 ALTER TABLE `changes` DISABLE KEYS */; +/*!40000 ALTER TABLE `changes` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `changeset_parents` +-- + +-- `changeset_parents`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `changeset_parents` ( + `changeset_id` int(11) NOT NULL, + `parent_id` int(11) NOT NULL, + KEY `changeset_parents_changeset_ids` (`changeset_id`), + KEY `changeset_parents_parent_ids` (`parent_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `changeset_parents` +-- + +LOCK TABLES `changeset_parents` WRITE; +/*!40000 ALTER TABLE `changeset_parents` DISABLE KEYS */; +/*!40000 ALTER TABLE `changeset_parents` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `changesets` +-- + +-- `changesets`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `changesets` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `repository_id` int(11) NOT NULL, + `revision` varchar(255) NOT NULL, + `committer` varchar(255) DEFAULT NULL, + `committed_on` datetime NOT NULL, + `comments` longtext, + `commit_date` date DEFAULT NULL, + `scmid` varchar(255) DEFAULT NULL, + `user_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `changesets_repos_rev` (`repository_id`,`revision`), + KEY `index_changesets_on_user_id` (`user_id`), + KEY `index_changesets_on_repository_id` (`repository_id`), + KEY `index_changesets_on_committed_on` (`committed_on`), + KEY `changesets_repos_scmid` (`repository_id`,`scmid`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `changesets` +-- + +LOCK TABLES `changesets` WRITE; +/*!40000 ALTER TABLE `changesets` DISABLE KEYS */; +/*!40000 ALTER TABLE `changesets` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `changesets_issues` +-- + +-- `changesets_issues`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `changesets_issues` ( + `changeset_id` int(11) NOT NULL, + `issue_id` int(11) NOT NULL, + UNIQUE KEY `changesets_issues_ids` (`changeset_id`,`issue_id`), + KEY `index_changesets_issues_on_issue_id` (`issue_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `changesets_issues` +-- + +LOCK TABLES `changesets_issues` WRITE; +/*!40000 ALTER TABLE `changesets_issues` DISABLE KEYS */; +/*!40000 ALTER TABLE `changesets_issues` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `comments` +-- + +-- `comments`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `comments` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `commented_type` varchar(30) NOT NULL DEFAULT '', + `commented_id` int(11) NOT NULL DEFAULT '0', + `author_id` int(11) NOT NULL DEFAULT '0', + `content` text, + `created_on` datetime NOT NULL, + `updated_on` datetime NOT NULL, + PRIMARY KEY (`id`), + KEY `index_comments_on_commented_id_and_commented_type` (`commented_id`,`commented_type`), + KEY `index_comments_on_author_id` (`author_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `comments` +-- + +LOCK TABLES `comments` WRITE; +/*!40000 ALTER TABLE `comments` DISABLE KEYS */; +/*!40000 ALTER TABLE `comments` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_field_enumerations` +-- + +-- `custom_field_enumerations`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_field_enumerations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `custom_field_id` int(11) NOT NULL, + `name` varchar(255) NOT NULL, + `active` tinyint(1) NOT NULL DEFAULT '1', + `position` int(11) NOT NULL DEFAULT '1', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_field_enumerations` +-- + +LOCK TABLES `custom_field_enumerations` WRITE; +/*!40000 ALTER TABLE `custom_field_enumerations` DISABLE KEYS */; +/*!40000 ALTER TABLE `custom_field_enumerations` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_fields` +-- + +-- `custom_fields`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_fields` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `type` varchar(30) NOT NULL DEFAULT '', + `name` varchar(30) NOT NULL DEFAULT '', + `field_format` varchar(30) NOT NULL DEFAULT '', + `possible_values` text, + `regexp` varchar(255) DEFAULT '', + `min_length` int(11) DEFAULT NULL, + `max_length` int(11) DEFAULT NULL, + `is_required` tinyint(1) NOT NULL DEFAULT '0', + `is_for_all` tinyint(1) NOT NULL DEFAULT '0', + `is_filter` tinyint(1) NOT NULL DEFAULT '0', + `position` int(11) DEFAULT NULL, + `searchable` tinyint(1) DEFAULT '0', + `default_value` text, + `editable` tinyint(1) DEFAULT '1', + `visible` tinyint(1) NOT NULL DEFAULT '1', + `multiple` tinyint(1) DEFAULT '0', + `format_store` text, + `description` text, + PRIMARY KEY (`id`), + KEY `index_custom_fields_on_id_and_type` (`id`,`type`) +) ENGINE=InnoDB AUTO_INCREMENT=41 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_fields` +-- + +LOCK TABLES `custom_fields` WRITE; +/*!40000 ALTER TABLE `custom_fields` DISABLE KEYS */; +INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,17,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,14,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,12,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,21,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,22,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,23,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''),(27,'IssueCustomField','Sigma File','string',NULL,'',NULL,NULL,0,0,0,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Location of Sigma file in /SOCtopus'),(28,'IssueCustomField','Sigma URL','string',NULL,'',NULL,NULL,0,0,0,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\n','Location of Sigma file in Security Onion repository'),(29,'IssueCustomField','Email Notifications','bool',NULL,'',NULL,NULL,1,0,1,25,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','When enabled, all alerts will be logged in SOC Alerts and also emailed to the target email address. To configure email options, go to \"jump to a project\" in the top right and type Options. Configure SMTP Settings.'),(30,'IssueCustomField','Auto Update Sigma','bool',NULL,'',NULL,NULL,1,0,1,26,0,'1',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Automatically updating a sigma will be a scheduled task that removes any custom configuration done to the sigma. If you want to customize (ie. add exclusions), automatic updating must be disabled. '),(31,'IssueCustomField','Update Available','bool',NULL,'',NULL,NULL,1,0,1,27,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','The update available field notifies you that a sigma has been updated in the public repo. If a rule doesn\'t automatically update, this field will let you know to either enable automatic updates or manually review the rule changes in the repo. Set this value back to No to ignore the rule notification.'),(32,'IssueCustomField','Alert Email Address','string',NULL,'',NULL,NULL,0,0,0,28,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Destination address for email alerts'),(33,'IssueCustomField','Alert From Email Address','string',NULL,'',NULL,NULL,0,0,0,29,0,'alerts@localhost.local',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Source address for email alerts'),(34,'IssueCustomField','SMTP Server','string',NULL,'',NULL,NULL,0,0,0,30,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','IP Address/Name of destination SMTP Server'),(35,'IssueCustomField','SMTP Port','int',NULL,'',NULL,NULL,0,0,0,31,0,'25',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\n','Destination port of SMTP Server'),(36,'IssueCustomField','SMTP TLS Enabled','bool',NULL,'',NULL,NULL,1,0,0,32,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Enable if SMTP server is requires TLS'),(37,'IssueCustomField','Backup Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,33,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Backup custom community sigmas and internal sigmas to /SOCtopus/custom/backup'),(38,'IssueCustomField','Import Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,34,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Import custom rules from /SOCtopus/custom/import'),(39,'IssueCustomField','Clear Update Status (all)','bool',NULL,'',NULL,NULL,1,0,0,35,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Reset \"Update Available\" status on all rules'),(40,'IssueCustomField','Disable Playbook Alerts','bool',NULL,'',NULL,NULL,1,0,1,24,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Playbook will not generate any alerts for this Play'); +/*!40000 ALTER TABLE `custom_fields` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_fields_projects` +-- + +-- `custom_fields_projects`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_fields_projects` ( + `custom_field_id` int(11) NOT NULL DEFAULT '0', + `project_id` int(11) NOT NULL DEFAULT '0', + UNIQUE KEY `index_custom_fields_projects_on_custom_field_id_and_project_id` (`custom_field_id`,`project_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_fields_projects` +-- + +LOCK TABLES `custom_fields_projects` WRITE; +/*!40000 ALTER TABLE `custom_fields_projects` DISABLE KEYS */; +INSERT INTO `custom_fields_projects` VALUES (27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,2),(38,2),(39,2),(40,1); +/*!40000 ALTER TABLE `custom_fields_projects` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_fields_roles` +-- + +-- `custom_fields_roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_fields_roles` ( + `custom_field_id` int(11) NOT NULL, + `role_id` int(11) NOT NULL, + UNIQUE KEY `custom_fields_roles_ids` (`custom_field_id`,`role_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_fields_roles` +-- + +LOCK TABLES `custom_fields_roles` WRITE; +/*!40000 ALTER TABLE `custom_fields_roles` DISABLE KEYS */; +/*!40000 ALTER TABLE `custom_fields_roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_fields_trackers` +-- + +-- `custom_fields_trackers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_fields_trackers` ( + `custom_field_id` int(11) NOT NULL DEFAULT '0', + `tracker_id` int(11) NOT NULL DEFAULT '0', + UNIQUE KEY `index_custom_fields_trackers_on_custom_field_id_and_tracker_id` (`custom_field_id`,`tracker_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_fields_trackers` +-- + +LOCK TABLES `custom_fields_trackers` WRITE; +/*!40000 ALTER TABLE `custom_fields_trackers` DISABLE KEYS */; +INSERT INTO `custom_fields_trackers` VALUES (1,1),(1,2),(1,3),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1),(27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,3),(38,3),(39,3),(40,1); +/*!40000 ALTER TABLE `custom_fields_trackers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `custom_values` +-- + +-- `custom_values`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `custom_values` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `customized_type` varchar(30) NOT NULL DEFAULT '', + `customized_id` int(11) NOT NULL DEFAULT '0', + `custom_field_id` int(11) NOT NULL DEFAULT '0', + `value` longtext, + PRIMARY KEY (`id`), + KEY `custom_values_customized` (`customized_type`,`customized_id`), + KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) +) ENGINE=InnoDB AUTO_INCREMENT=186336 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `custom_values` +-- + +LOCK TABLES `custom_values` WRITE; +/*!40000 ALTER TABLE `custom_values` DISABLE KEYS */; +INSERT INTO `custom_values` VALUES (170104,'Issue',995,1,'Sigma Options'),(170105,'Issue',995,37,'1'),(170106,'Issue',995,38,'0'),(170107,'Issue',995,39,'0'); +/*!40000 ALTER TABLE `custom_values` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `documents` +-- + +-- `documents`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `documents` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL DEFAULT '0', + `category_id` int(11) NOT NULL DEFAULT '0', + `title` varchar(255) NOT NULL DEFAULT '', + `description` text, + `created_on` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `documents_project_id` (`project_id`), + KEY `index_documents_on_category_id` (`category_id`), + KEY `index_documents_on_created_on` (`created_on`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `documents` +-- + +LOCK TABLES `documents` WRITE; +/*!40000 ALTER TABLE `documents` DISABLE KEYS */; +/*!40000 ALTER TABLE `documents` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `email_addresses` +-- + +-- `email_addresses`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `email_addresses` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL, + `address` varchar(255) NOT NULL, + `is_default` tinyint(1) NOT NULL DEFAULT '0', + `notify` tinyint(1) NOT NULL DEFAULT '1', + `created_on` datetime NOT NULL, + `updated_on` datetime NOT NULL, + PRIMARY KEY (`id`), + KEY `index_email_addresses_on_user_id` (`user_id`) +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `email_addresses` +-- + +LOCK TABLES `email_addresses` WRITE; +/*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); +/*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `enabled_modules` +-- + +-- `enabled_modules`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `enabled_modules` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) DEFAULT NULL, + `name` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + KEY `enabled_modules_project_id` (`project_id`) +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `enabled_modules` +-- + +LOCK TABLES `enabled_modules` WRITE; +/*!40000 ALTER TABLE `enabled_modules` DISABLE KEYS */; +INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'),(3,2,'sigma_editor'),(4,2,'issue_tracking'); +/*!40000 ALTER TABLE `enabled_modules` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `enumerations` +-- + +-- `enumerations`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `enumerations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(30) NOT NULL DEFAULT '', + `position` int(11) DEFAULT NULL, + `is_default` tinyint(1) NOT NULL DEFAULT '0', + `type` varchar(255) DEFAULT NULL, + `active` tinyint(1) NOT NULL DEFAULT '1', + `project_id` int(11) DEFAULT NULL, + `parent_id` int(11) DEFAULT NULL, + `position_name` varchar(30) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_enumerations_on_project_id` (`project_id`), + KEY `index_enumerations_on_id_and_type` (`id`,`type`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `enumerations` +-- + +LOCK TABLES `enumerations` WRITE; +/*!40000 ALTER TABLE `enumerations` DISABLE KEYS */; +INSERT INTO `enumerations` VALUES (1,'Normal',1,1,'IssuePriority',1,NULL,NULL,'default'); +/*!40000 ALTER TABLE `enumerations` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `groups_users` +-- + +-- `groups_users`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `groups_users` ( + `group_id` int(11) NOT NULL, + `user_id` int(11) NOT NULL, + UNIQUE KEY `groups_users_ids` (`group_id`,`user_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `groups_users` +-- + +LOCK TABLES `groups_users` WRITE; +/*!40000 ALTER TABLE `groups_users` DISABLE KEYS */; +INSERT INTO `groups_users` VALUES (6,10),(7,1); +/*!40000 ALTER TABLE `groups_users` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `import_items` +-- + +-- `import_items`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `import_items` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `import_id` int(11) NOT NULL, + `position` int(11) NOT NULL, + `obj_id` int(11) DEFAULT NULL, + `message` text, + `unique_id` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_import_items_on_import_id_and_unique_id` (`import_id`,`unique_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `import_items` +-- + +LOCK TABLES `import_items` WRITE; +/*!40000 ALTER TABLE `import_items` DISABLE KEYS */; +/*!40000 ALTER TABLE `import_items` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `imports` +-- + +-- `imports`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `imports` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `type` varchar(255) DEFAULT NULL, + `user_id` int(11) NOT NULL, + `filename` varchar(255) DEFAULT NULL, + `settings` text, + `total_items` int(11) DEFAULT NULL, + `finished` tinyint(1) NOT NULL DEFAULT '0', + `created_at` datetime NOT NULL, + `updated_at` datetime NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `imports` +-- + +LOCK TABLES `imports` WRITE; +/*!40000 ALTER TABLE `imports` DISABLE KEYS */; +/*!40000 ALTER TABLE `imports` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `issue_categories` +-- + +-- `issue_categories`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `issue_categories` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL DEFAULT '0', + `name` varchar(60) NOT NULL DEFAULT '', + `assigned_to_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `issue_categories_project_id` (`project_id`), + KEY `index_issue_categories_on_assigned_to_id` (`assigned_to_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `issue_categories` +-- + +LOCK TABLES `issue_categories` WRITE; +/*!40000 ALTER TABLE `issue_categories` DISABLE KEYS */; +/*!40000 ALTER TABLE `issue_categories` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `issue_relations` +-- + +-- `issue_relations`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `issue_relations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `issue_from_id` int(11) NOT NULL, + `issue_to_id` int(11) NOT NULL, + `relation_type` varchar(255) NOT NULL DEFAULT '', + `delay` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `index_issue_relations_on_issue_from_id_and_issue_to_id` (`issue_from_id`,`issue_to_id`), + KEY `index_issue_relations_on_issue_from_id` (`issue_from_id`), + KEY `index_issue_relations_on_issue_to_id` (`issue_to_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `issue_relations` +-- + +LOCK TABLES `issue_relations` WRITE; +/*!40000 ALTER TABLE `issue_relations` DISABLE KEYS */; +/*!40000 ALTER TABLE `issue_relations` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `issue_statuses` +-- + +-- `issue_statuses`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `issue_statuses` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(30) NOT NULL DEFAULT '', + `is_closed` tinyint(1) NOT NULL DEFAULT '0', + `position` int(11) DEFAULT NULL, + `default_done_ratio` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_issue_statuses_on_position` (`position`), + KEY `index_issue_statuses_on_is_closed` (`is_closed`) +) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `issue_statuses` +-- + +LOCK TABLES `issue_statuses` WRITE; +/*!40000 ALTER TABLE `issue_statuses` DISABLE KEYS */; +INSERT INTO `issue_statuses` VALUES (2,'Draft',0,1,NULL),(3,'Active',0,2,NULL),(4,'Inactive',0,3,NULL),(5,'Archived',0,4,NULL),(6,'Disabled',0,5,NULL); +/*!40000 ALTER TABLE `issue_statuses` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `issues` +-- + +-- `issues`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `issues` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `tracker_id` int(11) NOT NULL, + `project_id` int(11) NOT NULL, + `subject` varchar(255) NOT NULL DEFAULT '', + `description` longtext, + `due_date` date DEFAULT NULL, + `category_id` int(11) DEFAULT NULL, + `status_id` int(11) NOT NULL, + `assigned_to_id` int(11) DEFAULT NULL, + `priority_id` int(11) NOT NULL, + `fixed_version_id` int(11) DEFAULT NULL, + `author_id` int(11) NOT NULL, + `lock_version` int(11) NOT NULL DEFAULT '0', + `created_on` timestamp NULL DEFAULT NULL, + `updated_on` timestamp NULL DEFAULT NULL, + `start_date` date DEFAULT NULL, + `done_ratio` int(11) NOT NULL DEFAULT '0', + `estimated_hours` float DEFAULT NULL, + `parent_id` int(11) DEFAULT NULL, + `root_id` int(11) DEFAULT NULL, + `lft` int(11) DEFAULT NULL, + `rgt` int(11) DEFAULT NULL, + `is_private` tinyint(1) NOT NULL DEFAULT '0', + `closed_on` datetime DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `issues_project_id` (`project_id`), + KEY `index_issues_on_status_id` (`status_id`), + KEY `index_issues_on_category_id` (`category_id`), + KEY `index_issues_on_assigned_to_id` (`assigned_to_id`), + KEY `index_issues_on_fixed_version_id` (`fixed_version_id`), + KEY `index_issues_on_tracker_id` (`tracker_id`), + KEY `index_issues_on_priority_id` (`priority_id`), + KEY `index_issues_on_author_id` (`author_id`), + KEY `index_issues_on_created_on` (`created_on`), + KEY `index_issues_on_root_id_and_lft_and_rgt` (`root_id`,`lft`,`rgt`), + KEY `index_issues_on_parent_id` (`parent_id`) +) ENGINE=InnoDB AUTO_INCREMENT=996 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `issues` +-- + +LOCK TABLES `issues` WRITE; +/*!40000 ALTER TABLE `issues` DISABLE KEYS */; +INSERT INTO `issues` VALUES (995,3,2,'Sigma Options',NULL,NULL,NULL,2,NULL,1,NULL,1,0,'2020-11-23 15:17:38','2020-11-23 15:17:38',NULL,0,NULL,NULL,995,1,2,0,NULL); +/*!40000 ALTER TABLE `issues` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `journal_details` +-- + +-- `journal_details`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `journal_details` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `journal_id` int(11) NOT NULL DEFAULT '0', + `property` varchar(30) NOT NULL DEFAULT '', + `prop_key` varchar(30) NOT NULL DEFAULT '', + `old_value` longtext, + `value` longtext, + PRIMARY KEY (`id`), + KEY `journal_details_journal_id` (`journal_id`) +) ENGINE=InnoDB AUTO_INCREMENT=456 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `journal_details` +-- + +LOCK TABLES `journal_details` WRITE; +/*!40000 ALTER TABLE `journal_details` DISABLE KEYS */; +/*!40000 ALTER TABLE `journal_details` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `journals` +-- + +-- `journals`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `journals` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `journalized_id` int(11) NOT NULL DEFAULT '0', + `journalized_type` varchar(30) NOT NULL DEFAULT '', + `user_id` int(11) NOT NULL DEFAULT '0', + `notes` longtext, + `created_on` datetime NOT NULL, + `private_notes` tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + KEY `journals_journalized_id` (`journalized_id`,`journalized_type`), + KEY `index_journals_on_user_id` (`user_id`), + KEY `index_journals_on_journalized_id` (`journalized_id`), + KEY `index_journals_on_created_on` (`created_on`) +) ENGINE=InnoDB AUTO_INCREMENT=11351 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `journals` +-- + +LOCK TABLES `journals` WRITE; +/*!40000 ALTER TABLE `journals` DISABLE KEYS */; +/*!40000 ALTER TABLE `journals` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `member_roles` +-- + +-- `member_roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `member_roles` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `member_id` int(11) NOT NULL, + `role_id` int(11) NOT NULL, + `inherited_from` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_member_roles_on_member_id` (`member_id`), + KEY `index_member_roles_on_role_id` (`role_id`), + KEY `index_member_roles_on_inherited_from` (`inherited_from`) +) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `member_roles` +-- + +LOCK TABLES `member_roles` WRITE; +/*!40000 ALTER TABLE `member_roles` DISABLE KEYS */; +INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3),(8,8,5,1),(9,9,3,NULL),(10,9,4,NULL),(11,9,5,NULL),(12,10,3,NULL),(13,10,4,NULL),(14,10,5,NULL),(15,11,3,NULL),(16,10,3,15),(17,11,4,NULL),(18,10,4,17),(19,11,5,NULL),(20,10,5,19); +/*!40000 ALTER TABLE `member_roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `members` +-- + +-- `members`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `members` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL DEFAULT '0', + `project_id` int(11) NOT NULL DEFAULT '0', + `created_on` timestamp NULL DEFAULT NULL, + `mail_notification` tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + UNIQUE KEY `index_members_on_user_id_and_project_id` (`user_id`,`project_id`), + KEY `index_members_on_user_id` (`user_id`), + KEY `index_members_on_project_id` (`project_id`) +) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `members` +-- + +LOCK TABLES `members` WRITE; +/*!40000 ALTER TABLE `members` DISABLE KEYS */; +INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0),(8,10,1,'2020-11-21 22:14:13',0),(9,1,2,'2020-11-22 20:49:47',0),(10,10,2,'2020-11-22 20:49:47',0),(11,6,2,'2020-11-22 20:49:47',0); +/*!40000 ALTER TABLE `members` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `messages` +-- + +-- `messages`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `messages` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `board_id` int(11) NOT NULL, + `parent_id` int(11) DEFAULT NULL, + `subject` varchar(255) NOT NULL DEFAULT '', + `content` text, + `author_id` int(11) DEFAULT NULL, + `replies_count` int(11) NOT NULL DEFAULT '0', + `last_reply_id` int(11) DEFAULT NULL, + `created_on` datetime NOT NULL, + `updated_on` datetime NOT NULL, + `locked` tinyint(1) DEFAULT '0', + `sticky` int(11) DEFAULT '0', + PRIMARY KEY (`id`), + KEY `messages_board_id` (`board_id`), + KEY `messages_parent_id` (`parent_id`), + KEY `index_messages_on_last_reply_id` (`last_reply_id`), + KEY `index_messages_on_author_id` (`author_id`), + KEY `index_messages_on_created_on` (`created_on`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `messages` +-- + +LOCK TABLES `messages` WRITE; +/*!40000 ALTER TABLE `messages` DISABLE KEYS */; +/*!40000 ALTER TABLE `messages` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `news` +-- + +-- `news`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `news` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) DEFAULT NULL, + `title` varchar(60) NOT NULL DEFAULT '', + `summary` varchar(255) DEFAULT '', + `description` text, + `author_id` int(11) NOT NULL DEFAULT '0', + `created_on` timestamp NULL DEFAULT NULL, + `comments_count` int(11) NOT NULL DEFAULT '0', + PRIMARY KEY (`id`), + KEY `news_project_id` (`project_id`), + KEY `index_news_on_author_id` (`author_id`), + KEY `index_news_on_created_on` (`created_on`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `news` +-- + +LOCK TABLES `news` WRITE; +/*!40000 ALTER TABLE `news` DISABLE KEYS */; +/*!40000 ALTER TABLE `news` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `open_id_authentication_associations` +-- + +-- `open_id_authentication_associations`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `open_id_authentication_associations` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `issued` int(11) DEFAULT NULL, + `lifetime` int(11) DEFAULT NULL, + `handle` varchar(255) DEFAULT NULL, + `assoc_type` varchar(255) DEFAULT NULL, + `server_url` blob, + `secret` blob, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `open_id_authentication_associations` +-- + +LOCK TABLES `open_id_authentication_associations` WRITE; +/*!40000 ALTER TABLE `open_id_authentication_associations` DISABLE KEYS */; +/*!40000 ALTER TABLE `open_id_authentication_associations` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `open_id_authentication_nonces` +-- + +-- `open_id_authentication_nonces`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `open_id_authentication_nonces` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `timestamp` int(11) NOT NULL, + `server_url` varchar(255) DEFAULT NULL, + `salt` varchar(255) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `open_id_authentication_nonces` +-- + +LOCK TABLES `open_id_authentication_nonces` WRITE; +/*!40000 ALTER TABLE `open_id_authentication_nonces` DISABLE KEYS */; +/*!40000 ALTER TABLE `open_id_authentication_nonces` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `projects` +-- + +-- `projects`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `projects` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL DEFAULT '', + `description` text, + `homepage` varchar(255) DEFAULT '', + `is_public` tinyint(1) NOT NULL DEFAULT '1', + `parent_id` int(11) DEFAULT NULL, + `created_on` timestamp NULL DEFAULT NULL, + `updated_on` timestamp NULL DEFAULT NULL, + `identifier` varchar(255) DEFAULT NULL, + `status` int(11) NOT NULL DEFAULT '1', + `lft` int(11) DEFAULT NULL, + `rgt` int(11) DEFAULT NULL, + `inherit_members` tinyint(1) NOT NULL DEFAULT '0', + `default_version_id` int(11) DEFAULT NULL, + `default_assigned_to_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_projects_on_lft` (`lft`), + KEY `index_projects_on_rgt` (`rgt`) +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `projects` +-- + +LOCK TABLES `projects` WRITE; +/*!40000 ALTER TABLE `projects` DISABLE KEYS */; +INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL),(2,'Options','','',1,NULL,'2020-11-22 20:49:17','2020-11-22 20:49:17','options',1,3,4,0,NULL,NULL); +/*!40000 ALTER TABLE `projects` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `projects_trackers` +-- + +-- `projects_trackers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `projects_trackers` ( + `project_id` int(11) NOT NULL DEFAULT '0', + `tracker_id` int(11) NOT NULL DEFAULT '0', + UNIQUE KEY `projects_trackers_unique` (`project_id`,`tracker_id`), + KEY `projects_trackers_project_id` (`project_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `projects_trackers` +-- + +LOCK TABLES `projects_trackers` WRITE; +/*!40000 ALTER TABLE `projects_trackers` DISABLE KEYS */; +INSERT INTO `projects_trackers` VALUES (1,1),(2,2),(2,3); +/*!40000 ALTER TABLE `projects_trackers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `queries` +-- + +-- `queries`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `queries` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) DEFAULT NULL, + `name` varchar(255) NOT NULL DEFAULT '', + `filters` text, + `user_id` int(11) NOT NULL DEFAULT '0', + `column_names` text, + `sort_criteria` text, + `group_by` varchar(255) DEFAULT NULL, + `type` varchar(255) DEFAULT NULL, + `visibility` int(11) DEFAULT '0', + `options` text, + PRIMARY KEY (`id`), + KEY `index_queries_on_project_id` (`project_id`), + KEY `index_queries_on_user_id` (`user_id`) +) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `queries` +-- + +LOCK TABLES `queries` WRITE; +/*!40000 ALTER TABLE `queries` DISABLE KEYS */; +INSERT INTO `queries` VALUES (3,1,'All Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(4,NULL,'Inactive Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'4\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(5,NULL,'Draft Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'2\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(6,NULL,'Playbook - Community Sigma','---\ncf_13:\n :operator: \"=\"\n :values:\n - community\n',1,'---\n- :status\n- :cf_10\n- :cf_18\n- :cf_19\n- :cf_20\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(8,NULL,'Playbook - Internal','---\ncf_13:\n :operator: \"=\"\n :values:\n - Internal\n',1,'---\n- :status\n- :cf_10\n- :cf_14\n- :cf_16\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(9,NULL,'Active Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\nstatus_id:\n :operator: \"=\"\n :values:\n - \'3\'\n',1,'---\n- :status\n- :cf_10\n- :cf_13\n- :cf_18\n- :cf_19\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'); +/*!40000 ALTER TABLE `queries` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `queries_roles` +-- + +-- `queries_roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `queries_roles` ( + `query_id` int(11) NOT NULL, + `role_id` int(11) NOT NULL, + UNIQUE KEY `queries_roles_ids` (`query_id`,`role_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `queries_roles` +-- + +LOCK TABLES `queries_roles` WRITE; +/*!40000 ALTER TABLE `queries_roles` DISABLE KEYS */; +/*!40000 ALTER TABLE `queries_roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `repositories` +-- + +-- `repositories`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `repositories` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL DEFAULT '0', + `url` varchar(255) NOT NULL DEFAULT '', + `login` varchar(60) DEFAULT '', + `password` varchar(255) DEFAULT '', + `root_url` varchar(255) DEFAULT '', + `type` varchar(255) DEFAULT NULL, + `path_encoding` varchar(64) DEFAULT NULL, + `log_encoding` varchar(64) DEFAULT NULL, + `extra_info` longtext, + `identifier` varchar(255) DEFAULT NULL, + `is_default` tinyint(1) DEFAULT '0', + `created_on` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_repositories_on_project_id` (`project_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `repositories` +-- + +LOCK TABLES `repositories` WRITE; +/*!40000 ALTER TABLE `repositories` DISABLE KEYS */; +/*!40000 ALTER TABLE `repositories` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `roles` +-- + +-- `roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `roles` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL DEFAULT '', + `position` int(11) DEFAULT NULL, + `assignable` tinyint(1) DEFAULT '1', + `builtin` int(11) NOT NULL DEFAULT '0', + `permissions` text, + `issues_visibility` varchar(30) NOT NULL DEFAULT 'default', + `users_visibility` varchar(30) NOT NULL DEFAULT 'all', + `time_entries_visibility` varchar(30) NOT NULL DEFAULT 'all', + `all_roles_managed` tinyint(1) NOT NULL DEFAULT '1', + `settings` text, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `roles` +-- + +LOCK TABLES `roles` WRITE; +/*!40000 ALTER TABLE `roles` DISABLE KEYS */; +INSERT INTO `roles` VALUES (1,'Non member',0,1,1,NULL,'default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'0\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(2,'Anonymous',0,1,2,'---\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(3,'Security-Analyst',1,0,0,'---\n- :save_queries\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :sigma_editor\n','all','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(4,'SuperAdmin',2,0,0,'---\n- :add_project\n- :edit_project\n- :close_project\n- :select_project_modules\n- :manage_members\n- :manage_versions\n- :add_subprojects\n- :manage_public_queries\n- :save_queries\n- :manage_hook\n- :view_messages\n- :add_messages\n- :edit_messages\n- :edit_own_messages\n- :delete_messages\n- :delete_own_messages\n- :manage_boards\n- :view_calendar\n- :view_documents\n- :add_documents\n- :edit_documents\n- :delete_documents\n- :view_files\n- :manage_files\n- :view_gantt\n- :view_issues\n- :edit_issues\n- :edit_own_issues\n- :copy_issues\n- :manage_issue_relations\n- :manage_subtasks\n- :set_issues_private\n- :set_own_issues_private\n- :add_issue_notes\n- :edit_issue_notes\n- :edit_own_issue_notes\n- :view_private_notes\n- :set_notes_private\n- :delete_issues\n- :view_issue_watchers\n- :add_issue_watchers\n- :delete_issue_watchers\n- :import_issues\n- :manage_categories\n- :view_news\n- :manage_news\n- :comment_news\n- :view_changesets\n- :browse_repository\n- :commit_access\n- :manage_related_issues\n- :manage_repository\n- :sigma_editor\n- :view_time_entries\n- :log_time\n- :edit_time_entries\n- :edit_own_time_entries\n- :manage_project_activities\n- :log_time_for_other_users\n- :import_time_entries\n- :view_wiki_pages\n- :view_wiki_edits\n- :export_wiki_pages\n- :edit_wiki_pages\n- :rename_wiki_pages\n- :delete_wiki_pages\n- :delete_wiki_pages_attachments\n- :protect_wiki_pages\n- :manage_wiki\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(5,'Automation',3,0,0,'---\n- :view_issues\n- :add_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :import_issues\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'); +/*!40000 ALTER TABLE `roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `roles_managed_roles` +-- + +-- `roles_managed_roles`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `roles_managed_roles` ( + `role_id` int(11) NOT NULL, + `managed_role_id` int(11) NOT NULL, + UNIQUE KEY `index_roles_managed_roles_on_role_id_and_managed_role_id` (`role_id`,`managed_role_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `roles_managed_roles` +-- + +LOCK TABLES `roles_managed_roles` WRITE; +/*!40000 ALTER TABLE `roles_managed_roles` DISABLE KEYS */; +/*!40000 ALTER TABLE `roles_managed_roles` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `schema_migrations` +-- + +-- `schema_migrations`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `schema_migrations` ( + `version` varchar(255) NOT NULL, + PRIMARY KEY (`version`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `schema_migrations` +-- + +LOCK TABLES `schema_migrations` WRITE; +/*!40000 ALTER TABLE `schema_migrations` DISABLE KEYS */; +INSERT INTO `schema_migrations` VALUES ('1'),('1-redmine_webhook'),('10'),('100'),('101'),('102'),('103'),('104'),('105'),('106'),('107'),('108'),('11'),('12'),('13'),('14'),('15'),('16'),('17'),('18'),('19'),('2'),('20'),('20090214190337'),('20090312172426'),('20090312194159'),('20090318181151'),('20090323224724'),('20090401221305'),('20090401231134'),('20090403001910'),('20090406161854'),('20090425161243'),('20090503121501'),('20090503121505'),('20090503121510'),('20090614091200'),('20090704172350'),('20090704172355'),('20090704172358'),('20091010093521'),('20091017212227'),('20091017212457'),('20091017212644'),('20091017212938'),('20091017213027'),('20091017213113'),('20091017213151'),('20091017213228'),('20091017213257'),('20091017213332'),('20091017213444'),('20091017213536'),('20091017213642'),('20091017213716'),('20091017213757'),('20091017213835'),('20091017213910'),('20091017214015'),('20091017214107'),('20091017214136'),('20091017214236'),('20091017214308'),('20091017214336'),('20091017214406'),('20091017214440'),('20091017214519'),('20091017214611'),('20091017214644'),('20091017214720'),('20091017214750'),('20091025163651'),('20091108092559'),('20091114105931'),('20091123212029'),('20091205124427'),('20091220183509'),('20091220183727'),('20091220184736'),('20091225164732'),('20091227112908'),('20100129193402'),('20100129193813'),('20100221100219'),('20100313132032'),('20100313171051'),('20100705164950'),('20100819172912'),('20101104182107'),('20101107130441'),('20101114115114'),('20101114115359'),('20110220160626'),('20110223180944'),('20110223180953'),('20110224000000'),('20110226120112'),('20110226120132'),('20110227125750'),('20110228000000'),('20110228000100'),('20110401192910'),('20110408103312'),('20110412065600'),('20110511000000'),('20110902000000'),('20111201201315'),('20120115143024'),('20120115143100'),('20120115143126'),('20120127174243'),('20120205111326'),('20120223110929'),('20120301153455'),('20120422150750'),('20120705074331'),('20120707064544'),('20120714122000'),('20120714122100'),('20120714122200'),('20120731164049'),('20120930112914'),('20121026002032'),('20121026003537'),('20121209123234'),('20121209123358'),('20121213084931'),('20130110122628'),('20130201184705'),('20130202090625'),('20130207175206'),('20130207181455'),('20130215073721'),('20130215111127'),('20130215111141'),('20130217094251'),('20130602092539'),('20130710182539'),('20130713104233'),('20130713111657'),('20130729070143'),('20130911193200'),('20131004113137'),('20131005100610'),('20131124175346'),('20131210180802'),('20131214094309'),('20131215104612'),('20131218183023'),('20140228130325'),('20140903143914'),('20140920094058'),('20141029181752'),('20141029181824'),('20141109112308'),('20141122124142'),('20150113194759'),('20150113211532'),('20150113213922'),('20150113213955'),('20150208105930'),('20150510083747'),('20150525103953'),('20150526183158'),('20150528084820'),('20150528092912'),('20150528093249'),('20150725112753'),('20150730122707'),('20150730122735'),('20150921204850'),('20150921210243'),('20151020182334'),('20151020182731'),('20151021184614'),('20151021185456'),('20151021190616'),('20151024082034'),('20151025072118'),('20151031095005'),('20160404080304'),('20160416072926'),('20160529063352'),('20161001122012'),('20161002133421'),('20161010081301'),('20161010081528'),('20161010081600'),('20161126094932'),('20161220091118'),('20170207050700'),('20170302015225'),('20170309214320'),('20170320051650'),('20170418090031'),('20170419144536'),('20170723112801'),('20180501132547'),('20180913072918'),('20180923082945'),('20180923091603'),('20190315094151'),('20190315102101'),('20190510070108'),('20190620135549'),('21'),('22'),('23'),('24'),('25'),('26'),('27'),('28'),('29'),('3'),('30'),('31'),('32'),('33'),('34'),('35'),('36'),('37'),('38'),('39'),('4'),('40'),('41'),('42'),('43'),('44'),('45'),('46'),('47'),('48'),('49'),('5'),('50'),('51'),('52'),('53'),('54'),('55'),('56'),('57'),('58'),('59'),('6'),('60'),('61'),('62'),('63'),('64'),('65'),('66'),('67'),('68'),('69'),('7'),('70'),('71'),('72'),('73'),('74'),('75'),('76'),('77'),('78'),('79'),('8'),('80'),('81'),('82'),('83'),('84'),('85'),('86'),('87'),('88'),('89'),('9'),('90'),('91'),('92'),('93'),('94'),('95'),('96'),('97'),('98'),('99'); +/*!40000 ALTER TABLE `schema_migrations` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `settings` +-- + +-- `settings`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `settings` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL DEFAULT '', + `value` text, + `updated_on` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_settings_on_name` (`name`) +) ENGINE=InnoDB AUTO_INCREMENT=71 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `settings` +-- + +LOCK TABLES `settings` WRITE; +/*!40000 ALTER TABLE `settings` DISABLE KEYS */; +INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.121:7000/playbook/sigmac\ncreate_url: http://10.66.166.121:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); +/*!40000 ALTER TABLE `settings` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `time_entries` +-- + +-- `time_entries`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `time_entries` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL, + `author_id` int(11) DEFAULT NULL, + `user_id` int(11) NOT NULL, + `issue_id` int(11) DEFAULT NULL, + `hours` float NOT NULL, + `comments` varchar(1024) DEFAULT NULL, + `activity_id` int(11) NOT NULL, + `spent_on` date NOT NULL, + `tyear` int(11) NOT NULL, + `tmonth` int(11) NOT NULL, + `tweek` int(11) NOT NULL, + `created_on` datetime NOT NULL, + `updated_on` datetime NOT NULL, + PRIMARY KEY (`id`), + KEY `time_entries_project_id` (`project_id`), + KEY `time_entries_issue_id` (`issue_id`), + KEY `index_time_entries_on_activity_id` (`activity_id`), + KEY `index_time_entries_on_user_id` (`user_id`), + KEY `index_time_entries_on_created_on` (`created_on`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `time_entries` +-- + +LOCK TABLES `time_entries` WRITE; +/*!40000 ALTER TABLE `time_entries` DISABLE KEYS */; +/*!40000 ALTER TABLE `time_entries` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `tokens` +-- + +-- `tokens`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `tokens` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL DEFAULT '0', + `action` varchar(30) NOT NULL DEFAULT '', + `value` varchar(40) NOT NULL DEFAULT '', + `created_on` datetime NOT NULL, + `updated_on` timestamp NULL DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `tokens_value` (`value`), + KEY `index_tokens_on_user_id` (`user_id`) +) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `tokens` +-- + +LOCK TABLES `tokens` WRITE; +/*!40000 ALTER TABLE `tokens` DISABLE KEYS */; +INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'),(61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'),(62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'),(67,10,'api','a92a42f4fbbb23e713adc4f57091129457f6acfe','2020-11-21 22:14:13','2020-11-21 22:14:13'),(71,1,'session','3bcc8d4d9b8a5dda138da6f2f346bb2503b1ec9d','2020-12-08 03:01:36','2020-12-08 03:02:48'); +/*!40000 ALTER TABLE `tokens` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `trackers` +-- + +-- `trackers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `trackers` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(30) NOT NULL DEFAULT '', + `description` varchar(255) DEFAULT NULL, + `is_in_chlog` tinyint(1) NOT NULL DEFAULT '0', + `position` int(11) DEFAULT NULL, + `is_in_roadmap` tinyint(1) NOT NULL DEFAULT '1', + `fields_bits` int(11) DEFAULT '0', + `default_status_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `trackers` +-- + +LOCK TABLES `trackers` WRITE; +/*!40000 ALTER TABLE `trackers` DISABLE KEYS */; +INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2),(2,'Email Options','',0,2,1,511,2),(3,'Sigma Options','',0,3,1,511,2); +/*!40000 ALTER TABLE `trackers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `user_preferences` +-- + +-- `user_preferences`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `user_preferences` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL DEFAULT '0', + `others` text, + `hide_mail` tinyint(1) DEFAULT '1', + `time_zone` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_user_preferences_on_user_id` (`user_id`) +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `user_preferences` +-- + +LOCK TABLES `user_preferences` WRITE; +/*!40000 ALTER TABLE `user_preferences` DISABLE KEYS */; +INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1,2\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''),(4,10,'---\n:no_self_notified: true\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); +/*!40000 ALTER TABLE `user_preferences` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `users` +-- + +-- `users`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `login` varchar(255) NOT NULL DEFAULT '', + `hashed_password` varchar(40) NOT NULL DEFAULT '', + `firstname` varchar(30) NOT NULL DEFAULT '', + `lastname` varchar(255) NOT NULL DEFAULT '', + `admin` tinyint(1) NOT NULL DEFAULT '0', + `status` int(11) NOT NULL DEFAULT '1', + `last_login_on` datetime DEFAULT NULL, + `language` varchar(5) DEFAULT '', + `auth_source_id` int(11) DEFAULT NULL, + `created_on` timestamp NULL DEFAULT NULL, + `updated_on` timestamp NULL DEFAULT NULL, + `type` varchar(255) DEFAULT NULL, + `identity_url` varchar(255) DEFAULT NULL, + `mail_notification` varchar(255) NOT NULL DEFAULT '', + `salt` varchar(64) DEFAULT NULL, + `must_change_passwd` tinyint(1) NOT NULL DEFAULT '0', + `passwd_changed_on` datetime DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_users_on_id_and_type` (`id`,`type`), + KEY `index_users_on_auth_source_id` (`auth_source_id`), + KEY `index_users_on_type` (`type`) +) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `users` +-- + +LOCK TABLES `users` WRITE; +/*!40000 ALTER TABLE `users` DISABLE KEYS */; +INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); +/*!40000 ALTER TABLE `users` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `versions` +-- + +-- `versions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `versions` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL DEFAULT '0', + `name` varchar(255) NOT NULL DEFAULT '', + `description` varchar(255) DEFAULT '', + `effective_date` date DEFAULT NULL, + `created_on` timestamp NULL DEFAULT NULL, + `updated_on` timestamp NULL DEFAULT NULL, + `wiki_page_title` varchar(255) DEFAULT NULL, + `status` varchar(255) DEFAULT 'open', + `sharing` varchar(255) NOT NULL DEFAULT 'none', + PRIMARY KEY (`id`), + KEY `versions_project_id` (`project_id`), + KEY `index_versions_on_sharing` (`sharing`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `versions` +-- + +LOCK TABLES `versions` WRITE; +/*!40000 ALTER TABLE `versions` DISABLE KEYS */; +/*!40000 ALTER TABLE `versions` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `watchers` +-- + +-- `watchers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `watchers` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `watchable_type` varchar(255) NOT NULL DEFAULT '', + `watchable_id` int(11) NOT NULL DEFAULT '0', + `user_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `watchers_user_id_type` (`user_id`,`watchable_type`), + KEY `index_watchers_on_user_id` (`user_id`), + KEY `index_watchers_on_watchable_id_and_watchable_type` (`watchable_id`,`watchable_type`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `watchers` +-- + +LOCK TABLES `watchers` WRITE; +/*!40000 ALTER TABLE `watchers` DISABLE KEYS */; +/*!40000 ALTER TABLE `watchers` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `webhooks` +-- + +-- `webhooks`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `webhooks` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `url` varchar(255) DEFAULT NULL, + `project_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `webhooks` +-- + +LOCK TABLES `webhooks` WRITE; +/*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; +INSERT INTO `webhooks` VALUES (1,'http://10.66.166.121:7000/playbook/webhook',1),(2,'http://10.66.166.121:7000/playbook/webhook',2); +/*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `wiki_content_versions` +-- + +-- `wiki_content_versions`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `wiki_content_versions` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `wiki_content_id` int(11) NOT NULL, + `page_id` int(11) NOT NULL, + `author_id` int(11) DEFAULT NULL, + `data` longblob, + `compression` varchar(6) DEFAULT '', + `comments` varchar(1024) DEFAULT '', + `updated_on` datetime NOT NULL, + `version` int(11) NOT NULL, + PRIMARY KEY (`id`), + KEY `wiki_content_versions_wcid` (`wiki_content_id`), + KEY `index_wiki_content_versions_on_updated_on` (`updated_on`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wiki_content_versions` +-- + +LOCK TABLES `wiki_content_versions` WRITE; +/*!40000 ALTER TABLE `wiki_content_versions` DISABLE KEYS */; +/*!40000 ALTER TABLE `wiki_content_versions` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `wiki_contents` +-- + +-- `wiki_contents`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `wiki_contents` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `page_id` int(11) NOT NULL, + `author_id` int(11) DEFAULT NULL, + `text` longtext, + `comments` varchar(1024) DEFAULT '', + `updated_on` datetime NOT NULL, + `version` int(11) NOT NULL, + PRIMARY KEY (`id`), + KEY `wiki_contents_page_id` (`page_id`), + KEY `index_wiki_contents_on_author_id` (`author_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wiki_contents` +-- + +LOCK TABLES `wiki_contents` WRITE; +/*!40000 ALTER TABLE `wiki_contents` DISABLE KEYS */; +/*!40000 ALTER TABLE `wiki_contents` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `wiki_pages` +-- + +-- `wiki_pages`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `wiki_pages` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `wiki_id` int(11) NOT NULL, + `title` varchar(255) NOT NULL, + `created_on` datetime NOT NULL, + `protected` tinyint(1) NOT NULL DEFAULT '0', + `parent_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `wiki_pages_wiki_id_title` (`wiki_id`,`title`), + KEY `index_wiki_pages_on_wiki_id` (`wiki_id`), + KEY `index_wiki_pages_on_parent_id` (`parent_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wiki_pages` +-- + +LOCK TABLES `wiki_pages` WRITE; +/*!40000 ALTER TABLE `wiki_pages` DISABLE KEYS */; +/*!40000 ALTER TABLE `wiki_pages` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `wiki_redirects` +-- + +-- `wiki_redirects`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `wiki_redirects` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `wiki_id` int(11) NOT NULL, + `title` varchar(255) DEFAULT NULL, + `redirects_to` varchar(255) DEFAULT NULL, + `created_on` datetime NOT NULL, + `redirects_to_wiki_id` int(11) NOT NULL, + PRIMARY KEY (`id`), + KEY `wiki_redirects_wiki_id_title` (`wiki_id`,`title`), + KEY `index_wiki_redirects_on_wiki_id` (`wiki_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wiki_redirects` +-- + +LOCK TABLES `wiki_redirects` WRITE; +/*!40000 ALTER TABLE `wiki_redirects` DISABLE KEYS */; +/*!40000 ALTER TABLE `wiki_redirects` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `wikis` +-- + +-- `wikis`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `wikis` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `project_id` int(11) NOT NULL, + `start_page` varchar(255) NOT NULL, + `status` int(11) NOT NULL DEFAULT '1', + PRIMARY KEY (`id`), + KEY `wikis_project_id` (`project_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wikis` +-- + +LOCK TABLES `wikis` WRITE; +/*!40000 ALTER TABLE `wikis` DISABLE KEYS */; +/*!40000 ALTER TABLE `wikis` ENABLE KEYS */; +UNLOCK TABLES; + +-- +-- Table structure for table `workflows` +-- + +-- `workflows`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE IF NOT EXISTS `workflows` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `tracker_id` int(11) NOT NULL DEFAULT '0', + `old_status_id` int(11) NOT NULL DEFAULT '0', + `new_status_id` int(11) NOT NULL DEFAULT '0', + `role_id` int(11) NOT NULL DEFAULT '0', + `assignee` tinyint(1) NOT NULL DEFAULT '0', + `author` tinyint(1) NOT NULL DEFAULT '0', + `type` varchar(30) DEFAULT NULL, + `field_name` varchar(30) DEFAULT NULL, + `rule` varchar(30) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `wkfs_role_tracker_old_status` (`role_id`,`tracker_id`,`old_status_id`), + KEY `index_workflows_on_old_status_id` (`old_status_id`), + KEY `index_workflows_on_role_id` (`role_id`), + KEY `index_workflows_on_new_status_id` (`new_status_id`), + KEY `index_workflows_on_tracker_id` (`tracker_id`) +) ENGINE=InnoDB AUTO_INCREMENT=767 DEFAULT CHARSET=latin1; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `workflows` +-- + +LOCK TABLES `workflows` WRITE; +/*!40000 ALTER TABLE `workflows` DISABLE KEYS */; +INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL),(652,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(653,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(654,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(655,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(656,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(657,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(658,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(659,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(660,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(661,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(662,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(663,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(664,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(665,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(666,1,2,0,2,0,0,'WorkflowPermission','27','readonly'),(667,1,2,0,2,0,0,'WorkflowPermission','28','readonly'),(668,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(669,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(670,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(671,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(672,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(673,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(674,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(675,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(676,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(677,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(678,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(679,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(680,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(681,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(682,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(683,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(684,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(685,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(686,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(687,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(688,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(689,1,3,0,2,0,0,'WorkflowPermission','27','readonly'),(690,1,3,0,2,0,0,'WorkflowPermission','28','readonly'),(691,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(692,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(693,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(694,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(695,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(696,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(697,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(698,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(699,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(700,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(701,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(702,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(703,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(704,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(705,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(706,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(707,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(708,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(709,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(710,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(711,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(712,1,4,0,2,0,0,'WorkflowPermission','27','readonly'),(713,1,4,0,2,0,0,'WorkflowPermission','28','readonly'),(714,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(715,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(716,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(717,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(718,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(719,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(720,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(721,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(722,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(723,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(724,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(725,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(726,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(727,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(728,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(729,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(730,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(731,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(732,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(733,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(734,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(735,1,5,0,2,0,0,'WorkflowPermission','27','readonly'),(736,1,5,0,2,0,0,'WorkflowPermission','28','readonly'),(737,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(738,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(739,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(740,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(741,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(742,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(743,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(744,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(745,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(746,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(747,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(748,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(749,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(750,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(751,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(752,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(753,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(754,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(755,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(756,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(757,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(758,1,6,0,2,0,0,'WorkflowPermission','27','readonly'),(759,1,6,0,2,0,0,'WorkflowPermission','28','readonly'),(760,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(761,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(762,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(763,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(764,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(765,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(766,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); +/*!40000 ALTER TABLE `workflows` ENABLE KEYS */; +UNLOCK TABLES; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2020-12-08 3:09:49 diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index dca898eec..89ec36404 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -38,7 +38,7 @@ query_playbookdbuser_grants: query_updatwebhooks: mysql_query.run: - database: playbook - - query: "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id = 1" + - query: "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id in (1,2)" - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root From 5d955bcdb716669aca66b98eb7961762cf9116fd Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 8 Dec 2020 09:22:14 -0500 Subject: [PATCH 109/270] Enable new SoStatus module in SOC for managing grid status --- salt/soc/files/soc/soc.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 5bb348309..bda2df431 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -43,6 +43,10 @@ "password": "", "verifyCert": false }, + "sostatus": { + "refreshIntervalMs": 30000, + "offlineThresholdMs": 60000 + }, {% if THEHIVEKEY != '' %} "thehive": { "hostUrl": "http://{{ MANAGERIP }}:9000/thehive", From 35be785f7a6b61c6345198c528c4849496681649 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 8 Dec 2020 10:35:50 -0500 Subject: [PATCH 110/270] Playbook db updates --- salt/common/tools/sbin/so-playbook-reset | 2 +- salt/playbook/files/playbook_db_init.sql | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset index f07df2142..c949bccc3 100755 --- a/salt/common/tools/sbin/so-playbook-reset +++ b/salt/common/tools/sbin/so-playbook-reset @@ -22,5 +22,5 @@ salt-call state.apply playbook.db_init,playbook,playbook.automation_user_create /usr/sbin/so-soctopus-restart echo "Importing Plays - this will take some time...." -wait 5 +sleep 5 /usr/sbin/so-playbook-ruleupdate \ No newline at end of file diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index 7da93bae8..7fe2329c5 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -525,7 +525,7 @@ CREATE TABLE `email_addresses` ( LOCK TABLES `email_addresses` WRITE; /*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'); /*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; UNLOCK TABLES; @@ -1484,7 +1484,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); +INSERT INTO `users` VALUES (1,'admin','ADMIN_HASH','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','ADMIN_SALT',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; From d6fa739c608095fc7a5d717ab403cec17a42e3ba Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 8 Dec 2020 11:17:47 -0500 Subject: [PATCH 111/270] Adding queue=True --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index b4c80e6fe..0029f5492 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach + salt-call state.apply elasticseach queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From 997e2735e3a119b83945af9fd0c4b687360863cb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 13:59:42 -0500 Subject: [PATCH 112/270] [refactor] Press -> select --- setup/so-whiptail | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 444260907..5bc84eecf 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -345,7 +345,7 @@ whiptail_requirements_error() { if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then whiptail --title "Security Onion Setup" \ - --msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press OK to exit setup and reconfigure the machine." 10 75 + --msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75 # Same as whiptail_cancel, but changed the wording to exit instead of cancel. whiptail --title "Security Onion Setup" --msgbox "Exiting Setup. No changes have been made." 8 75 @@ -359,7 +359,7 @@ whiptail_requirements_error() { exit else whiptail --title "Security Onion Setup" \ - --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 + --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -380,7 +380,7 @@ whiptail_storage_requirements() { Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. - Press YES to continue anyway, or press NO to cancel. + Select YES to continue anyway, or select NO to cancel. EOM whiptail \ @@ -441,7 +441,7 @@ whiptail_dhcp_warn() { [ -n "$TESTING" ] && return if [[ $setup_type == "iso" ]]; then - local interaction_text="Press YES to keep DHCP or NO to go back." + local interaction_text="Select YES to keep DHCP or NO to go back." local window_type="yesno" else local interaction_text="Press ENTER to continue." @@ -795,7 +795,7 @@ whiptail_make_changes() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 + whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please select YES to make changes or NO to cancel." 8 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -909,7 +909,7 @@ whiptail_network_notice() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Press YES to continue." 8 75 + whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus From 65d994a2f8ec2a0f784ef198855978d58c14dc65 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 14:02:45 -0500 Subject: [PATCH 113/270] [feat] Generate gzipped tarball of repo during setup and soup --- salt/common/tools/sbin/soup | 9 +++++++++ setup/so-functions | 4 ++++ setup/so-setup | 7 ++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 27439a137..da534281e 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -155,6 +155,13 @@ copy_new_files() { cd /tmp } +generate_and_clean_tarballs() { + local new_version + new_version=$(cat $UPDATE_DIR/VERSION) + tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR" + find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \; +} + highstate() { # Run a highstate. salt-call state.highstate -l info queue=True @@ -417,6 +424,8 @@ else echo "Cloning Security Onion github repo into $UPDATE_DIR." clone_to_tmp fi +echo "Generating new repo archive" +generate_and_clean_tarballs if [ -f /usr/sbin/so-image-common ]; then . /usr/sbin/so-image-common else diff --git a/setup/so-functions b/setup/so-functions index dffc52b4f..a95fe55b1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -972,6 +972,10 @@ generate_passwords(){ KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) } +generate_repo_tarball() { + tar -czf /opt/so/repo/"$SOVERSION".tar.gz ../. +} + get_redirect() { whiptail_set_redirect if [ "$REDIRECTINFO" = "OTHER" ]; then diff --git a/setup/so-setup b/setup/so-setup index 4260f813e..b60b99eca 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -791,10 +791,15 @@ else { export percentage=95 # set to last percentage used in previous subshell if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then - set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" + set_progress_str 97 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi + if [[ $is_manager ]]; then + set_progress_str 98 "Generating archive for setup directory" + generate_repo_tarball + fi + if [[ $THEHIVE == 1 ]]; then set_progress_str 99 'Waiting for TheHive to start up' check_hive_init >> $setup_log 2>&1 From 4210d25fae1235a70792d95d73fac7da7fc6c4e9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 14:03:21 -0500 Subject: [PATCH 114/270] [feat] Init network + soremote key early --- setup/so-setup | 48 ++++++++++++++++++++++++----------------------- setup/so-whiptail | 16 ++++++++++++++++ 2 files changed, 41 insertions(+), 23 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index b60b99eca..f9ae6fe50 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -205,13 +205,11 @@ fi # Check if this is an airgap install -if [[ $is_manager ]]; then - if [[ $is_iso ]]; then - whiptail_airgap - if [[ "$INTERWEBS" == 'AIRGAP' ]]; then - is_airgap=true - fi - fi +if [[ $is_manager && $is_iso ]]; then + whiptail_airgap + if [[ "$INTERWEBS" == 'AIRGAP' ]]; then + is_airgap=true + fi fi if [[ $is_manager && $is_sensor ]]; then @@ -226,10 +224,6 @@ elif [[ $is_import ]]; then check_requirements "import" fi -if [[ ! $is_import ]]; then - whiptail_patch_schedule -fi - case "$setup_type" in 'iso') whiptail_set_hostname @@ -243,8 +237,6 @@ case "$setup_type" in whiptail_management_interface_dns whiptail_management_interface_dns_search fi - - #collect_adminuser_inputs ;; 'network') whiptail_network_notice @@ -254,6 +246,22 @@ case "$setup_type" in ;; esac +if [[ $is_minion ]]; then + whiptail_management_server +fi + +whiptail_management_interface_setup + +if [[ "$setup_type" == 'iso' ]]; then + # Init networking so rest of install works + set_hostname + set_management_interface +fi + +if [[ $is_minion || $is_import ]]; then + [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 +fi + short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}') MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]') @@ -320,6 +328,10 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then calculate_useable_cores fi +if [[ ! $is_import ]]; then + whiptail_patch_schedule +fi + whiptail_homenet_manager whiptail_dockernet_check @@ -365,10 +377,6 @@ if [[ $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! fi fi -if [[ $is_minion ]]; then - whiptail_management_server -fi - if [[ $is_distmanager ]]; then collect_soremote_inputs fi @@ -436,11 +444,6 @@ if [[ -n "$TURBO" ]]; then use_turbo_proxy fi -if [[ "$setup_type" == 'iso' ]]; then - set_hostname >> $setup_log 2>&1 - set_management_interface -fi - disable_ipv6 if [[ "$setup_type" != 'iso' ]]; then @@ -495,7 +498,6 @@ fi if [[ $is_minion || $is_import ]]; then set_updates >> $setup_log 2>&1 - [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 fi if [[ $is_manager && $is_airgap ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 5bc84eecf..edbc19c0b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -765,6 +765,22 @@ whiptail_management_nic() { } +whiptail_management_interface_setup() { + [ -n "$TESTING" ] && return + + local minion_msg + + if [[ $is_minion || $is_import ]]; then + minion_msg=" and copy the ssh key for soremote to the manager" + else + minion_msg="" + fi + + whiptail --title "Security Onion Setup" --yesno "Setup will now initialize networking$minion_msg. Select YES to continue or NO to cancel." 8 75 + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_nids() { [ -n "$TESTING" ] && return From 4899ea23f882eaa900af5286e1790c8013dd37a1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 14:03:59 -0500 Subject: [PATCH 115/270] [fix] Put conditions in install_cleanup function --- setup/so-functions | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a95fe55b1..fd7a02858 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1011,18 +1011,22 @@ host_pillar() { } install_cleanup() { - echo "Installer removing the following files:" - ls -lR "$temp_install_dir" + if [ -f "$temp_install_dir" ]; then + echo "Installer removing the following files:" + ls -lR "$temp_install_dir" - # Clean up after ourselves - rm -rf "$temp_install_dir" + # Clean up after ourselves + rm -rf "$temp_install_dir" + fi # All cleanup prior to this statement must be compatible with automated testing. Cleanup # that will disrupt automated tests should be placed beneath this statement. [ -n "$TESTING" ] && return # If Mysql is running stop it - /usr/sbin/so-mysql-stop + if docker ps --format "{{.Names}}" 2>&1 | grep -q "so-mysql"; then + /usr/sbin/so-mysql-stop + fi if [[ $setup_type == 'iso' ]]; then info "Removing so-setup permission entry from sudoers file" From b41ba1ea3ce2b951213d6cbd0d178ce6ee4ba66a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 15:29:04 -0500 Subject: [PATCH 116/270] [feat] Compare setup version to manager, dl tarball + exec on mismatch --- setup/so-functions | 20 +++++++ setup/so-setup | 132 ++++++++++++++++++++++++++------------------- 2 files changed, 97 insertions(+), 55 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fd7a02858..5375d725c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -518,6 +518,14 @@ check_requirements() { fi } +compare_versions() { + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) + export manager_ver + + [[ "$manager_ver" == "$SOVERSION" ]] + return +} + configure_network_sensor() { echo "Setting up sensor interface" >> "$setup_log" 2>&1 local nic_error=0 @@ -913,6 +921,18 @@ docker_seed_registry() { } +download_repo_tarball() { + scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/new_setup + + # Fail if the file doesn't download + if ! [ -f /root/new_setup/"$manager_ver".tar.gz ]; then + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + fi + + tar -xzf /root/new_setup/"$manager_ver".tar.gz -C /root/new_setup/securityonion + rm -rf /root/new_setup/"$manager_ver".tar.gz +} + fireeye_pillar() { local fireeye_pillar_path=$local_salt_dir/pillar/fireeye diff --git a/setup/so-setup b/setup/so-setup index f9ae6fe50..8ea110e96 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -54,6 +54,10 @@ while [[ $# -gt 0 ]]; do esac done +if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then + exec bash /root/manager_setup/securityonion/setup/so-setup "$@" +fi + if [[ -f /root/accept_changes ]]; then is_reinstall=true @@ -62,13 +66,16 @@ if [[ -f /root/accept_changes ]]; then mv "$error_log" "$error_log.bak" fi -# Begin Installation pre-processing -parse_install_username -title "Initializing Setup" -info "Installing as the $INSTALLUSERNAME user" +if ! [ -f /root/install_opt ]; then + # Begin Installation pre-processing + parse_install_username -analyze_system + title "Initializing Setup" + info "Installing as the $INSTALLUSERNAME user" + + analyze_system +fi automated=no function progress() { @@ -145,14 +152,18 @@ if [ "$automated" == no ]; then fi fi -if (whiptail_you_sure); then - true -else - echo "User cancelled setup." | tee $setup_log - whiptail_cancel -fi +if ! [ -f /root/install_opt ]; then + if (whiptail_you_sure); then + true + else + echo "User cancelled setup." | tee "$setup_log" + whiptail_cancel + fi -whiptail_install_type + whiptail_install_type +else + install_type=$(cat /root/install_opt) +fi if [ "$install_type" = 'EVAL' ]; then is_node=true @@ -204,7 +215,6 @@ if [[ "$setup_type" == 'iso' ]]; then fi # Check if this is an airgap install - if [[ $is_manager && $is_iso ]]; then whiptail_airgap if [[ "$INTERWEBS" == 'AIRGAP' ]]; then @@ -212,54 +222,66 @@ if [[ $is_manager && $is_iso ]]; then fi fi -if [[ $is_manager && $is_sensor ]]; then - check_requirements "standalone" -elif [[ $is_fleet_standalone ]]; then - check_requirements "dist" "fleet" -elif [[ $is_sensor && ! $is_eval ]]; then - check_requirements "dist" "sensor" -elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then - check_requirements "dist" -elif [[ $is_import ]]; then - check_requirements "import" -fi +if ! [ -f /root/install_opt ]; then + if [[ $is_manager && $is_sensor ]]; then + check_requirements "standalone" + elif [[ $is_fleet_standalone ]]; then + check_requirements "dist" "fleet" + elif [[ $is_sensor && ! $is_eval ]]; then + check_requirements "dist" "sensor" + elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then + check_requirements "dist" + elif [[ $is_import ]]; then + check_requirements "import" + fi -case "$setup_type" in - 'iso') - whiptail_set_hostname - whiptail_management_nic - whiptail_dhcp_or_static + case "$setup_type" in + 'iso') + whiptail_set_hostname + whiptail_management_nic + whiptail_dhcp_or_static - if [ "$address_type" != 'DHCP' ]; then - whiptail_management_interface_ip - whiptail_management_interface_mask - whiptail_management_interface_gateway - whiptail_management_interface_dns - whiptail_management_interface_dns_search - fi - ;; - 'network') - whiptail_network_notice - whiptail_dhcp_warn - whiptail_set_hostname - whiptail_management_nic - ;; -esac + if [ "$address_type" != 'DHCP' ]; then + whiptail_management_interface_ip + whiptail_management_interface_mask + whiptail_management_interface_gateway + whiptail_management_interface_dns + whiptail_management_interface_dns_search + fi + ;; + 'network') + whiptail_network_notice + whiptail_dhcp_warn + whiptail_set_hostname + whiptail_management_nic + ;; + esac -if [[ $is_minion ]]; then - whiptail_management_server -fi + if [[ $is_minion ]]; then + whiptail_management_server + fi -whiptail_management_interface_setup + whiptail_management_interface_setup -if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works - set_hostname - set_management_interface -fi + if [[ "$setup_type" == 'iso' ]]; then + # Init networking so rest of install works + set_hostname + set_management_interface + fi -if [[ $is_minion || $is_import ]]; then - [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + if [[ $is_minion ]]; then + [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + fi + + if [[ $is_minion ]] && ! (compare_versions); then + info "Installer version mismatch, downloading correct version from manager" + echo "$install_type" > /root/install_opt + download_repo_tarball >> "$setup_log" 2>&1 + exec bash /root/manager_setup/securityonion/setup/so-setup "$@" + fi + +else + rm -rf /root/install_opt >> "$setup_log" 2>&1 fi short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}') From 813fe77582e98c56d3d4d41f801eb43861995f09 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 15:29:31 -0500 Subject: [PATCH 117/270] [feat] Run so-analyst-install after network init --- setup/so-setup | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 8ea110e96..17118800a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -204,9 +204,7 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then elif [ "$install_type" = 'IMPORT' ]; then is_import=true elif [ "$install_type" = 'ANALYST' ]; then - cd .. || exit 255 - ./so-analyst-install - exit 0 + is_analyst=true fi # Say yes to the dress if its an ISO install @@ -280,6 +278,11 @@ if ! [ -f /root/install_opt ]; then exec bash /root/manager_setup/securityonion/setup/so-setup "$@" fi + if [[ $is_analyst ]]; then + cd .. || exit 255 + exec bash so-analyst-install + fi + else rm -rf /root/install_opt >> "$setup_log" 2>&1 fi From a8f1ec37a3ff87cc4c2073be1e43ce942a96d1da Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 15:29:48 -0500 Subject: [PATCH 118/270] [refactor] Remove is_smooshed var --- setup/so-setup | 2 -- setup/so-whiptail | 14 +++++++------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 17118800a..d0efafc07 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -176,7 +176,6 @@ elif [ "$install_type" = 'STANDALONE' ]; then is_distmanager=true is_node=true is_sensor=true - is_smooshed=true elif [ "$install_type" = 'MANAGERSEARCH' ]; then is_manager=true is_distmanager=true @@ -194,7 +193,6 @@ elif [ "$install_type" = 'HEAVYNODE' ]; then is_node=true is_minion=true is_sensor=true - is_smooshed=true elif [ "$install_type" = 'FLEET' ]; then is_minion=true is_fleet_standalone=true diff --git a/setup/so-whiptail b/setup/so-whiptail index edbc19c0b..fdf318e06 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -35,7 +35,7 @@ whiptail_basic_zeek() { [ -n "$TESTING" ] && return - if [[ $is_smooshed ]]; then + if [[ $is_node && $is_sensor && ! $is_eval ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else @@ -53,7 +53,7 @@ whiptail_basic_suri() { [ -n "$TESTING" ] && return - if [[ $is_smooshed ]]; then + if [[ $is_node && $is_sensor && ! $is_eval ]];; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else @@ -77,7 +77,7 @@ whiptail_zeek_pins() { cpu_core_list_whiptail+=("$item" "OFF") done - if [[ $is_smooshed ]]; then + if [[ $is_node && $is_sensor && ! $is_eval ]];; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else @@ -1354,11 +1354,11 @@ whiptail_suricata_pins() { readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${ZEEKPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')" local filtered_core_str=() - for item in "${filtered_core_list[@]}"; do - filtered_core_str+=("$item" "") - done + for item in "${filtered_core_list[@]}"; do + filtered_core_str+=("$item" "") + done - if [[ $is_smooshed ]]; then + if [[ $is_node && $is_sensor && ! $is_eval ]];; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else From 6ceecbd524becb75f4d10d9390848b0cd29920e7 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 09:42:03 -0500 Subject: [PATCH 119/270] Fixing some elasticsearch logic --- salt/elasticsearch/init.sls | 27 ++++++++++++++------------- salt/utility/bin/crossthestreams | 13 +++++++------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 7f3a7af56..2e2e4d3f4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -21,22 +21,22 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} - -{%- if FEATURES is sameas true %} +{% if FEATURES is sameas true %} {% set FEATUREZ = "-features" %} {% else %} {% set FEATUREZ = '' %} {% endif %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} - {% set esclustername = salt['pillar.get']('manager:esclustername', '') %} - {% set esheap = salt['pillar.get']('manager:esheap', '') %} + {% set esclustername = salt['pillar.get']('manager:esclustername') %} + {% set esheap = salt['pillar.get']('manager:esheap') %} {% set ismanager = True %} {% elif grains['role'] in ['so-node','so-heavynode'] %} - {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %} - {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %} + {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} + {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} {% endif %} @@ -188,14 +188,15 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - extra_hosts: - - {{ grains.host }}:{{ NODEIP }} - {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + - "{{ grains.host }}:{{ NODEIP }}" + {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" + {% endfor %} + {% endif %} - environment: + {% if TRUECLUSTER is sameas false %} - discovery.type=single-node + {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} ulimits: - memlock=-1:-1 diff --git a/salt/utility/bin/crossthestreams b/salt/utility/bin/crossthestreams index 6998c7669..490c7b548 100644 --- a/salt/utility/bin/crossthestreams +++ b/salt/utility/bin/crossthestreams @@ -1,8 +1,8 @@ #!/bin/bash {% set ES = salt['pillar.get']('manager:mainip', '') %} -{%- set MANAGER = salt['grains.get']('master') %} +{% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} - +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} # Wait for ElasticSearch to come up, so that we can query for version infromation echo -n "Waiting for ElasticSearch..." @@ -34,9 +34,10 @@ echo "Applying cross cluster search config..." -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MANAGER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}" # Add all the search nodes to cross cluster searching. - -{%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} +{%- if TRUECLUSTER is sameas false %} + {%- if salt['pillar.get']('nodestab', {}) %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} curl -XPUT -L http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}' - {%- endfor %} + {%- endfor %} + {%- endif %} {%- endif %} From 652c4d49c90494ce80349fa5c212fe4e2a7ad1d2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 09:47:10 -0500 Subject: [PATCH 120/270] [fix] Remove extra semicolon --- setup/so-whiptail | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index fdf318e06..68734c1c5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -53,7 +53,7 @@ whiptail_basic_suri() { [ -n "$TESTING" ] && return - if [[ $is_node && $is_sensor && ! $is_eval ]];; then + if [[ $is_node && $is_sensor && ! $is_eval ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else @@ -77,7 +77,7 @@ whiptail_zeek_pins() { cpu_core_list_whiptail+=("$item" "OFF") done - if [[ $is_node && $is_sensor && ! $is_eval ]];; then + if [[ $is_node && $is_sensor && ! $is_eval ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else @@ -1358,7 +1358,7 @@ whiptail_suricata_pins() { filtered_core_str+=("$item" "") done - if [[ $is_node && $is_sensor && ! $is_eval ]];; then + if [[ $is_node && $is_sensor && ! $is_eval ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi else From 950c05e53da9719259909b6f209a6fe486d09469 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 09:50:30 -0500 Subject: [PATCH 121/270] [fix] Only move error log if present --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index d0efafc07..5109365da 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -63,7 +63,7 @@ if [[ -f /root/accept_changes ]]; then # Move last setup log to backup mv "$setup_log" "$setup_log.bak" - mv "$error_log" "$error_log.bak" + [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" fi From 51650147ef1b398d8841512531f08a036bc54d0d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 09:59:44 -0500 Subject: [PATCH 122/270] [fix] Only show network init message if valid --- setup/so-setup | 4 +++- setup/so-whiptail | 15 ++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 5109365da..fe11d5361 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -257,7 +257,9 @@ if ! [ -f /root/install_opt ]; then whiptail_management_server fi - whiptail_management_interface_setup + if [[ $is_minion || $is_iso ]]; then + whiptail_management_interface_setup + fi if [[ "$setup_type" == 'iso' ]]; then # Init networking so rest of install works diff --git a/setup/so-whiptail b/setup/so-whiptail index 68734c1c5..a37340764 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -769,14 +769,23 @@ whiptail_management_interface_setup() { [ -n "$TESTING" ] && return local minion_msg + local msg - if [[ $is_minion || $is_import ]]; then - minion_msg=" and copy the ssh key for soremote to the manager" + if [[ $is_minion ]]; then + minion_msg="copy the ssh key for soremote to the manager" else minion_msg="" fi - whiptail --title "Security Onion Setup" --yesno "Setup will now initialize networking$minion_msg. Select YES to continue or NO to cancel." 8 75 + if [[ $is_iso ]]; then + if [[ $minion_msg != "" ]]; then + msg="initialize networking and $minion_msg" + else + msg="initialize networking" + fi + fi + + whiptail --title "Security Onion Setup" --yesno "Setup will now $msg. Select YES to continue or NO to cancel." 8 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus } From f3ce2fc71e91b1027956fff51bebafcf6acdc176 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 10:06:02 -0500 Subject: [PATCH 123/270] [fix] new_setup -> manager_setup --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 5375d725c..83fed9c66 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -922,15 +922,15 @@ docker_seed_registry() { } download_repo_tarball() { - scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/new_setup + scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup # Fail if the file doesn't download - if ! [ -f /root/new_setup/"$manager_ver".tar.gz ]; then + if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi - tar -xzf /root/new_setup/"$manager_ver".tar.gz -C /root/new_setup/securityonion - rm -rf /root/new_setup/"$manager_ver".tar.gz + tar -xzf /root/manager_setup/"$manager_ver".tar.gz -C /root/manager_setup/securityonion + rm -rf /root/manager_setup/"$manager_ver".tar.gz } fireeye_pillar() { From 795cacecf3c26fca5329b60afc66f2a0fa39822d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 10:06:14 -0500 Subject: [PATCH 124/270] [fix] Fix cut command options --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 83fed9c66..d143a79ff 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1771,7 +1771,7 @@ set_network_dev_status_list() { set_main_ip() { MAINIP=$(ip route get 1 | awk '{print $7;exit}') - MNIC_IP=$(ip a s "$MNIC" | grep -oE 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d' ' -f) + MNIC_IP=$(ip a s "$MNIC" | grep -oE 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d' ' -f2) if [[ $MAINIP != $MNIC_IP ]]; then read -r -d '' message <<- EOM From 223856c0b9d226a80817f54da42833657164064b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 10:16:42 -0500 Subject: [PATCH 125/270] [fix] Don't redirect whiptail message, use SIGINT instead of SIGKILL --- setup/so-functions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d143a79ff..cd9b63ce2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1772,15 +1772,17 @@ set_network_dev_status_list() { set_main_ip() { MAINIP=$(ip route get 1 | awk '{print $7;exit}') MNIC_IP=$(ip a s "$MNIC" | grep -oE 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d' ' -f2) +} - if [[ $MAINIP != $MNIC_IP ]]; then +compare_main_nic_ip() { + if [[ "$MAINIP" != "$MNIC_IP" ]]; then read -r -d '' message <<- EOM The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). This is not a supported configuration, please remediate and rerun setup. EOM whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 - kill -SIGKILL "$(ps --pid $$ -oppid=)"; exit 1 + kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 fi } From 6b479c5a89ffbeaa228d743d183c9e13ed4be38a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:10:00 -0500 Subject: [PATCH 126/270] pillarize grafana https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 8 ++++++++ salt/grafana/etc/grafana.ini | 1 + salt/grafana/etc/grafana.ini.jinja | 12 ++++++++++++ salt/grafana/init.sls | 31 ++++++++++++++++++++++++++---- 4 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 salt/grafana/defaults.yaml create mode 100644 salt/grafana/etc/grafana.ini.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml new file mode 100644 index 000000000..0fde48a24 --- /dev/null +++ b/salt/grafana/defaults.yaml @@ -0,0 +1,8 @@ +grafana: + config: + server: + root_url: "%(protocol)s://%(domain)s/grafana/" + auth.anonymous: + enabled: true + org_name: Main Org. + org_role: Viewer \ No newline at end of file diff --git a/salt/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini index 3486ff241..6056396fc 100644 --- a/salt/grafana/etc/grafana.ini +++ b/salt/grafana/etc/grafana.ini @@ -307,6 +307,7 @@ org_role = Viewer ;allow_sign_up = true #################################### SMTP / Emailing ########################## + [smtp] ;enabled = false ;host = localhost:25 diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja new file mode 100644 index 000000000..9269aec70 --- /dev/null +++ b/salt/grafana/etc/grafana.ini.jinja @@ -0,0 +1,12 @@ +{%- macro write_config_line(cfg) %} + {%- for k,v in cfg.items() -%} +{{ k }} = {{ v }} + {% endfor %} +{%- endmacro %} + +{{ write_config_line(config.get("default", {})) }} + {% for header, cfg in config.items() %} + {%- if section == "default" %}{% continue %}{% endif %} +[{{ header }}] +{{ write_config_line(cfg) }} +{% endfor %} \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 8fe88f354..4cb8fc83a 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -9,6 +9,10 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %} +{% import_yaml 'grafana/defaults.yaml' as default_settings %} +{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %} + + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} # Grafana all the things @@ -75,13 +79,32 @@ grafanadashsndir: - group: 939 - makedirs: True -grafanaconf: - file.recurse: - - name: /opt/so/conf/grafana/etc +grafana-dashboard-config: + file.managed: + - name: /opt/so/conf/grafana/etc/dashboards/dashboard.yml - user: 939 - group: 939 - template: jinja - - source: salt://grafana/etc + - source: salt://grafana/etc/dashboards/dashboard.yml + +grafana-datasources-config: + file.recurse: + - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml + - user: 939 + - group: 939 + - template: jinja + - source: salt://grafana/etc/datasources/influxdb.yaml + +grafana-config: + file.recurse: + - name: /opt/so/conf/grafana/etc/grafana.ini + - user: 939 + - group: 939 + - template: jinja + - source: salt://grafana/etc/grafana.ini.jinja + - context: + config: {{ GRAFANA_SETTINGS.config|json }} + {% if salt['pillar.get']('managertab', False) %} {% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %} From e983322a182c2e9e89e06c4202df0e3da80144d2 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 11:31:22 -0500 Subject: [PATCH 127/270] Fix elastic if statement --- salt/elasticsearch/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 2e2e4d3f4..80876aec4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,6 +189,7 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - "{{ grains.host }}:{{ NODEIP }}" + {% if salt['pillar.get']('nodestab', {}) %} {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" {% endfor %} From 282b4090ce3768c8ffdff5b5e2bf0babc5ec3e6d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 11:51:07 -0500 Subject: [PATCH 128/270] [fix] Actually call nic comparison function, redirect tarball gen to setup_log --- setup/so-setup | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index fe11d5361..5b751d124 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -480,10 +480,9 @@ if [[ $is_minion ]]; then fi # This block sets REDIRECTIT which is used by a function outside the below subshell -{ - set_main_ip; - set_redirect; -} >> $setup_log 2>&1 + set_main_ip >> $setup_log 2>&1 + compare_main_nic_ip + set_redirect >> $setup_log 2>&1 # Begin install { @@ -824,7 +823,7 @@ else if [[ $is_manager ]]; then set_progress_str 98 "Generating archive for setup directory" - generate_repo_tarball + generate_repo_tarball >> "$setup_log" 2>&1 fi if [[ $THEHIVE == 1 ]]; then @@ -837,6 +836,6 @@ else echo "Post-installation steps have completed." >> $setup_log 2>&1 fi -install_cleanup >> $setup_log 2>&1 +install_cleanup >> "$setup_log" 2>&1 if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi From 75ea648cf9510f6874b54b82f1f7052c37e16fa6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:57:28 -0500 Subject: [PATCH 129/270] change to file.managed https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 4cb8fc83a..fd07fdaf1 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -88,7 +88,7 @@ grafana-dashboard-config: - source: salt://grafana/etc/dashboards/dashboard.yml grafana-datasources-config: - file.recurse: + file.managed: - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml - user: 939 - group: 939 @@ -96,7 +96,7 @@ grafana-datasources-config: - source: salt://grafana/etc/datasources/influxdb.yaml grafana-config: - file.recurse: + file.managed: - name: /opt/so/conf/grafana/etc/grafana.ini - user: 939 - group: 939 From c5c053d24a72126708f624d13787890456c236e1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:59:06 -0500 Subject: [PATCH 130/270] change to header --- salt/grafana/etc/grafana.ini.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja index 9269aec70..80e216de7 100644 --- a/salt/grafana/etc/grafana.ini.jinja +++ b/salt/grafana/etc/grafana.ini.jinja @@ -6,7 +6,7 @@ {{ write_config_line(config.get("default", {})) }} {% for header, cfg in config.items() %} - {%- if section == "default" %}{% continue %}{% endif %} + {%- if header == "default" %}{% continue %}{% endif %} [{{ header }}] {{ write_config_line(cfg) }} {% endfor %} \ No newline at end of file From 987008811c837707170e7ca33c1a28fb18b6a229 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 12:47:35 -0500 Subject: [PATCH 131/270] [fix] Make repo directory before using it --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index cd9b63ce2..d98b6c82c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -993,6 +993,7 @@ generate_passwords(){ } generate_repo_tarball() { + mkdir /opt/so/repo tar -czf /opt/so/repo/"$SOVERSION".tar.gz ../. } From a2e48f91b2f73e3e58672ac1589fb2f1a0bfa0ae Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 9 Dec 2020 13:13:51 -0500 Subject: [PATCH 132/270] [fix] Add manager to hosts before attempting ssh --- setup/so-setup | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 5b751d124..5334b49f2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -261,12 +261,21 @@ if ! [ -f /root/install_opt ]; then whiptail_management_interface_setup fi + # Init networking so rest of install works + disable_ipv6 if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works set_hostname set_management_interface fi + if [[ -n "$TURBO" ]]; then + use_turbo_proxy + fi + + if [[ $is_minion ]]; then + add_mngr_ip_to_hosts + fi + if [[ $is_minion ]]; then [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 fi @@ -464,25 +473,10 @@ catch() { exit } -# Init networking so rest of install works -if [[ -n "$TURBO" ]]; then - use_turbo_proxy -fi - -disable_ipv6 - -if [[ "$setup_type" != 'iso' ]]; then - set_hostname >> $setup_log 2>&1 -fi - -if [[ $is_minion ]]; then - add_mngr_ip_to_hosts -fi - # This block sets REDIRECTIT which is used by a function outside the below subshell - set_main_ip >> $setup_log 2>&1 - compare_main_nic_ip - set_redirect >> $setup_log 2>&1 +set_main_ip >> $setup_log 2>&1 +compare_main_nic_ip +set_redirect >> $setup_log 2>&1 # Begin install { From 617ed2a7c270241c02a2790984970f7e57e47722 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 14:06:54 -0500 Subject: [PATCH 133/270] add a place to place files referenced in the config https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 20 +++++++++++++++++++- salt/grafana/init.sls | 12 +++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 0fde48a24..ebdd6cb67 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -5,4 +5,22 @@ grafana: auth.anonymous: enabled: true org_name: Main Org. - org_role: Viewer \ No newline at end of file + org_role: Viewer + smtp: + enabled: false + host: localhost:25 + user: myuser + # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" + password: mypassword + cert_file: /etc/grafana/config/files/smtp_cert_file.crt + key_file: /etc/grafana/config/files/smtp_key_file.key + skip_verify: false + from_address: admin@grafana.localhost + from_name: Grafana + ehlo_identity: dashboard.example.com +# auth.ldap: +# enabled: false +# config_file: /etc/grafana/config/files/ldap.toml +# allow_sign_up: true +# enterprise: +# license_path: /opt/so/conf/grafana/etc/files/license.jwt \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index fd07fdaf1..ec4e02e7e 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -10,7 +10,7 @@ {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %} {% import_yaml 'grafana/defaults.yaml' as default_settings %} -{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %} +{% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} @@ -104,6 +104,15 @@ grafana-config: - source: salt://grafana/etc/grafana.ini.jinja - context: config: {{ GRAFANA_SETTINGS.config|json }} + +# these are the files that are referenced inside the config such as smtp:cert_file, smtp:cert_key, auth.ldap:config_file, enterprise:license_path +grafana-config-files: + file.recurse: + - name: /opt/so/conf/grafana/etc/files + - user: 939 + - group: 939 + - source: salt://grafana/etc/files + - makedirs: True {% if salt['pillar.get']('managertab', False) %} @@ -252,6 +261,7 @@ so-grafana: - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw + - /opt/so/conf/grafana/etc/files:/etc/grafana/config/files:ro - environment: - GF_SECURITY_ADMIN_PASSWORD={{ ADMINPASS }} - port_bindings: From c320efe7e412f218406206397da944badef13c67 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 14:33:19 -0500 Subject: [PATCH 134/270] fix whitespace https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/grafana.ini.jinja | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja index 80e216de7..f2309056d 100644 --- a/salt/grafana/etc/grafana.ini.jinja +++ b/salt/grafana/etc/grafana.ini.jinja @@ -1,12 +1,12 @@ {%- macro write_config_line(cfg) %} - {%- for k,v in cfg.items() -%} +{%- for k,v in cfg.items() -%} {{ k }} = {{ v }} - {% endfor %} +{% endfor %} {%- endmacro %} {{ write_config_line(config.get("default", {})) }} - {% for header, cfg in config.items() %} - {%- if header == "default" %}{% continue %}{% endif %} +{% for header, cfg in config.items() %} +{%- if header == "default" %}{% continue %}{% endif %} [{{ header }}] {{ write_config_line(cfg) }} -{% endfor %} \ No newline at end of file +{% endfor %} \ No newline at end of file From 0a48f7d5dcf48fddceac434d310bfca61ef492c6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 15:22:09 -0500 Subject: [PATCH 135/270] Simplify logic --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 80876aec4..3e0bac708 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -195,7 +195,7 @@ so-elasticsearch: {% endfor %} {% endif %} - environment: - {% if TRUECLUSTER is sameas false %} + {% if TRUECLUSTER is sameas false or (TRUECLUSTER is sameas true and not salt['pillar.get']('nodestab', {})) %} - discovery.type=single-node {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} From e05da4efc248c12f849fd06aa253abe0d5b6577f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 15:53:01 -0500 Subject: [PATCH 136/270] remove odl grafana.ini file https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/grafana.ini | 483 ----------------------------------- 1 file changed, 483 deletions(-) delete mode 100644 salt/grafana/etc/grafana.ini diff --git a/salt/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini deleted file mode 100644 index 6056396fc..000000000 --- a/salt/grafana/etc/grafana.ini +++ /dev/null @@ -1,483 +0,0 @@ -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -;data = /var/lib/grafana - -# Temporary files in `data` directory older than given duration will be removed -;temp_data_lifetime = 24h - -# Directory where grafana can store logs -;logs = /var/log/grafana - -# Directory where grafana will automatically scan and look for plugins -;plugins = /var/lib/grafana/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -;provisioning = conf/provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, socket) -;protocol = http - -# The ip address to bind to, empty will bind to all interfaces -;http_addr = - -# The http port to use -;http_port = 3000 - -# The public facing domain name used to access grafana from a browser -;domain = localhost - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -root_url = %(protocol)s://%(domain)s/grafana/ - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -;cert_file = -;cert_key = - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -;type = sqlite3 -;host = 127.0.0.1:3306 -;name = grafana -;user = root -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -;password = - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -log_queries = - -#################################### Session #################################### -[session] -# Either "memory", "file", "redis", "mysql", "postgres", default is "file" -;provider = file - -# Provider config options -# memory: not have any config yet -# file: session dir path, is relative to grafana data_path -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` -# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` -# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable -;provider_config = sessions - -# Session cookie name -;cookie_name = grafana_sess - -# If you use session in https only, default is false -;cookie_secure = false - -# Session life time, default is 86400 -;session_life_time = 86400 - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -;check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -#################################### Security #################################### -[security] -# default admin user, created on startup -;admin_user = admin - -# default admin password, can be changed before first start of grafana, or in profile settings -;admin_password = admin - -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# Auto-login remember days -;login_remember_days = 7 -;cookie_username = grafana_user -;cookie_remember_name = grafana_remember - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -#################################### Snapshots ########################### -[snapshots] -# snapshot sharing options -;external_enabled = true -;external_snapshot_url = https://snapshots-origin.raintank.io -;external_snapshot_name = Publish to snapshot.raintank.io - -# remove expired snapshot -;snapshot_remove_expired = true - -#################################### Dashboards History ################## -[dashboards] -# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 -;versions_to_keep = 20 - -#################################### Users ############################### -[users] -# disable user signup / registration -;allow_sign_up = true - -# Allow non admin users to create organizations -;allow_org_create = true - -# Set to true to automatically assign new users to the default organization (id 1) -;auto_assign_org = true - -# Default role new users will be automatically assigned (if disabled above is set to true) -;auto_assign_org_role = Viewer - -# Background text for the user field on the login page -;login_hint = email or username - -# Default UI theme ("dark" or "light") -;default_theme = dark - -# External user management, these options affect the organization users view -;external_manage_link_url = -;external_manage_link_name = -;external_manage_info = - -# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. -;viewers_can_edit = false - -[auth] -# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false -;disable_login_form = false - -# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false -;disable_signout_menu = false - -# URL to redirect the user to after sign out -;signout_redirect_url = - -#################################### Anonymous Auth ########################## -[auth.anonymous] -# enable anonymous access -enabled = true - -# specify organization name that should be used for unauthenticated users -org_name = Main Org. - -# specify role for unauthenticated users -org_role = Viewer - -#################################### Github Auth ########################## -[auth.github] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://github.com/login/oauth/authorize -;token_url = https://github.com/login/oauth/access_token -;api_url = https://api.github.com/user -;team_ids = -;allowed_organizations = - -#################################### Google Auth ########################## -[auth.google] -;enabled = false -;allow_sign_up = true -;client_id = some_client_id -;client_secret = some_client_secret -;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email -;auth_url = https://accounts.google.com/o/oauth2/auth -;token_url = https://accounts.google.com/o/oauth2/token -;api_url = https://www.googleapis.com/oauth2/v1/userinfo -;allowed_domains = - -#################################### Generic OAuth ########################## -[auth.generic_oauth] -;enabled = false -;name = OAuth -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://foo.bar/login/oauth/authorize -;token_url = https://foo.bar/login/oauth/access_token -;api_url = https://foo.bar/user -;team_ids = -;allowed_organizations = -;tls_skip_verify_insecure = false -;tls_client_cert = -;tls_client_key = -;tls_client_ca = - -#################################### Grafana.com Auth #################### -[auth.grafana_com] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email -;allowed_organizations = - -#################################### Auth Proxy ########################## -[auth.proxy] -;enabled = false -;header_name = X-WEBAUTH-USER -;header_property = username -;auto_sign_up = true -;ldap_sync_ttl = 60 -;whitelist = 192.168.1.1, 192.168.2.1 -;headers = Email:X-User-Email, Name:X-User-Name - -#################################### Basic Auth ########################## -[auth.basic] -;enabled = true - -#################################### Auth LDAP ########################## -[auth.ldap] -;enabled = false -;config_file = /etc/grafana/ldap.toml -;allow_sign_up = true - -#################################### SMTP / Emailing ########################## - -[smtp] -;enabled = false -;host = localhost:25 -;user = -# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" -;password = -;cert_file = -;key_file = -;skip_verify = false -;from_address = admin@grafana.localhost -;from_name = Grafana -# EHLO identity in SMTP dialog (defaults to instance_name) -;ehlo_identity = dashboard.example.com - -[emails] -;welcome_email_on_sign_up = false - -#################################### Logging ########################## -[log] -# Either "console", "file", "syslog". Default is console and file -# Use space to separate multiple modes, e.g. "console file" -;mode = console file - -# Either "debug", "info", "warn", "error", "critical", default is "info" -;level = info - -# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug -;filters = - -# For "console" mode only -[log.console] -;level = - -# log line format, valid options are text, console and json -;format = console - -# For "file" mode only -[log.file] -;level = - -# log line format, valid options are text, console and json -;format = text - -# This enables automated log rotate(switch of following options), default is true -;log_rotate = true - -# Max line number of single file, default is 1000000 -;max_lines = 1000000 - -# Max size shift of single file, default is 28 means 1 << 28, 256MB -;max_size_shift = 28 - -# Segment log daily, default is true -;daily_rotate = true - -# Expired days of log file(delete after max days), default is 7 -;max_days = 7 - -[log.syslog] -;level = - -# log line format, valid options are text, console and json -;format = text - -# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. -;network = -;address = - -# Syslog facility. user, daemon and local0 through local7 are valid. -;facility = - -# Syslog tag. By default, the process' argv[0] is used. -;tag = - -#################################### Alerting ############################ -[alerting] -# Disable alerting engine & UI features -;enabled = true -# Makes it possible to turn off alert rule execution but alerting UI is visible -;execute_alerts = true - -# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state) -;error_or_timeout = alerting - -# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok) -;nodata_or_nullvalues = no_data - -# Alert notifications can include images, but rendering many images at the same time can overload the server -# This limit will protect the server from render overloading and make sure notifications are sent out quickly -;concurrent_render_limit = 5 - -#################################### Explore ############################# -[explore] -# Enable the Explore section -;enabled = false - -#################################### Internal Grafana Metrics ########################## -# Metrics available at HTTP API Url /metrics -[metrics] -# Disable / Enable internal metrics -;enabled = true - -# Publish interval -;interval_seconds = 10 - -# Send internal metrics to Graphite -[metrics.graphite] -# Enable by setting the address setting (ex localhost:2003) -;address = -;prefix = prod.grafana.%(instance_name)s. - -#################################### Distributed tracing ############ -[tracing.jaeger] -# Enable by setting the address sending traces to jaeger (ex localhost:6831) -;address = localhost:6831 -# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) -;always_included_tag = tag1:value1 -# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote -;sampler_type = const -# jaeger samplerconfig param -# for "const" sampler, 0 or 1 for always false/true respectively -# for "probabilistic" sampler, a probability between 0 and 1 -# for "rateLimiting" sampler, the number of spans per second -# for "remote" sampler, param is the same as for "probabilistic" -# and indicates the initial sampling rate before the actual one -# is received from the mothership -;sampler_param = 1 - -#################################### Grafana.com integration ########################## -# Url used to import dashboards directly from Grafana.com -[grafana_com] -;url = https://grafana.com - -#################################### External image storage ########################## -[external_image_storage] -# Used for uploading images to public servers so they can be included in slack/email messages. -# you can choose between (s3, webdav, gcs, azure_blob, local) -;provider = - -[external_image_storage.s3] -;bucket = -;region = -;path = -;access_key = -;secret_key = - -[external_image_storage.webdav] -;url = -;public_url = -;username = -;password = - -[external_image_storage.gcs] -;key_file = -;bucket = -;path = - -[external_image_storage.azure_blob] -;account_name = -;account_key = -;container_name = - -[external_image_storage.local] -# does not require any configuration - -[rendering] -# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer -;server_url = -;callback_url = - -[enterprise] -# Path to a valid Grafana Enterprise license.jwt file -;license_path = From 8db79ae852fa8ff2ad3c40f64636ebdb7cda7b5c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 16:01:09 -0500 Subject: [PATCH 137/270] comment out some defaults file https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index ebdd6cb67..13a2f62f0 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -8,16 +8,16 @@ grafana: org_role: Viewer smtp: enabled: false - host: localhost:25 - user: myuser +# host: localhost:25 +# user: myuser # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" - password: mypassword - cert_file: /etc/grafana/config/files/smtp_cert_file.crt - key_file: /etc/grafana/config/files/smtp_key_file.key - skip_verify: false +# password: mypassword +# cert_file: /etc/grafana/config/files/smtp_cert_file.crt +# key_file: /etc/grafana/config/files/smtp_key_file.key +# skip_verify: false from_address: admin@grafana.localhost from_name: Grafana - ehlo_identity: dashboard.example.com +# ehlo_identity: dashboard.example.com # auth.ldap: # enabled: false # config_file: /etc/grafana/config/files/ldap.toml From 101ddd18a529811b49e5d9ecac6aac8f56bb11bc Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:08:09 -0500 Subject: [PATCH 138/270] Fix print statments --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e772a99c5..6a6f42dc7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1309,13 +1309,13 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'" + " esheap: '$NODE_ES_HEAP_SIZE'" >> "$pillar_file" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ - " esclustername: $ESCLUSTERNAME" + " esclustername: $ESCLUSTERNAME" >> "$pillar_file" else printf '%s\n'\ - " esclustername: {{ grains.host }}" + " esclustername: {{ grains.host }}" >> "$pillar_file" fi printf '%s\n'\ " node_type: '$NODETYPE'"\ From af15f0eb38e9bd39ec7fed5e7cda826ec5e09643 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:23:38 -0500 Subject: [PATCH 139/270] remove ml node.role --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index eee129cf9..0cadaf44c 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -56,7 +56,7 @@ discovery.seed_hosts: {%- endfor %} {%- endif %} {%- else %} -node.roles: [ data, ingest, ml ] +node.roles: [ data, ingest ] discovery.seed_hosts: - {{ grains.master }} {%- endif %} From ea1bd63f609a8d414f0111909e533a1046662e41 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 16:59:38 -0500 Subject: [PATCH 140/270] makedirs and place readme file for grafana https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/files/readme.txt | 1 + salt/grafana/init.sls | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 salt/grafana/etc/files/readme.txt diff --git a/salt/grafana/etc/files/readme.txt b/salt/grafana/etc/files/readme.txt new file mode 100644 index 000000000..c78e8687c --- /dev/null +++ b/salt/grafana/etc/files/readme.txt @@ -0,0 +1 @@ +For files that are referenced inside the Grafana config, place them in /opt/so/saltstack/local/salt/grafana/etc/files/. This would include keys used for smtp or a Grafana enterprise license file. \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index ec4e02e7e..9c596ca98 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -86,6 +86,8 @@ grafana-dashboard-config: - group: 939 - template: jinja - source: salt://grafana/etc/dashboards/dashboard.yml + - makedirs: True + grafana-datasources-config: file.managed: @@ -94,6 +96,7 @@ grafana-datasources-config: - group: 939 - template: jinja - source: salt://grafana/etc/datasources/influxdb.yaml + - makedirs: True grafana-config: file.managed: From 0b2e2739bda26b12bdd69bf30b6d9f2678ce9849 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 9 Dec 2020 17:05:11 -0500 Subject: [PATCH 141/270] Expand STRELKARULES --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 8ee236bf1..1b54241bd 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -741,7 +741,7 @@ fi set_progress_str 81 "$(print_salt_state_apply 'strelka')" salt-call state.apply -l info strelka >> $setup_log 2>&1 fi - if [[ $STRELKARULES == 1 ]]; then + if [[ "$STRELKARULES" == 1 ]]; then /usr/sbin/so-yara-update >> $setup_log 2>&1 fi fi From f68972255961c6cd74f83274b8f2250eae6d1041 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 10 Dec 2020 14:14:50 +0000 Subject: [PATCH 142/270] Add initial suricata.ftp_data pipeline --- salt/elasticsearch/files/ingest/suricata.ftp_data | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 salt/elasticsearch/files/ingest/suricata.ftp_data diff --git a/salt/elasticsearch/files/ingest/suricata.ftp_data b/salt/elasticsearch/files/ingest/suricata.ftp_data new file mode 100644 index 000000000..2867fbab0 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.ftp_data @@ -0,0 +1,10 @@ +{ + "description" : "suricata.ftp_data", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "rename": { "field": "message2.ftp_data.command", "target_field": "ftp.command", "ignore_missing": true } }, + { "rename": { "field": "message2.ftp_data.filename","target_field": "ftp.argument", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} From 379f1d98d89c38041b5230cebe9cbaeac837f66e Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 09:15:17 -0500 Subject: [PATCH 143/270] fix addtotab --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index 0029f5492..271558295 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach queue=True + salt-call state.apply elasticsearch queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From 45faa7fda4bcfdc230b12ce67837f64984ab4e00 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 10 Dec 2020 14:30:29 +0000 Subject: [PATCH 144/270] Add ability to supply an arg, for example overriding 15 min limit --- salt/common/tools/sbin/so-rule-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-rule-update b/salt/common/tools/sbin/so-rule-update index ee6ac37df..397719d61 100755 --- a/salt/common/tools/sbin/so-rule-update +++ b/salt/common/tools/sbin/so-rule-update @@ -10,4 +10,4 @@ got_root() { } got_root -docker exec so-idstools /bin/bash -c 'cd /opt/so/idstools/etc && idstools-rulecat' +docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat $1" From 86313796a5fa569c82fc8bdbb16e18d744dd55be Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 11:00:52 -0500 Subject: [PATCH 145/270] [fix] Set manager_ver in download function --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d98b6c82c..b03a96c97 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -519,8 +519,7 @@ check_requirements() { } compare_versions() { - manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) - export manager_ver + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo cat /etc/soversion) [[ "$manager_ver" == "$SOVERSION" ]] return @@ -922,6 +921,7 @@ docker_seed_registry() { } download_repo_tarball() { + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo cat /etc/soversion) scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup # Fail if the file doesn't download From d9d7f49b96812ca836c9d6506fe841797a638215 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:09:38 -0500 Subject: [PATCH 146/270] Adjust elasticsearch.yml --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 0cadaf44c..3472b24db 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,7 +42,6 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # roles: superuser # authz_exception: true {%- endif %} -node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} @@ -57,6 +56,7 @@ discovery.seed_hosts: {%- endif %} {%- else %} node.roles: [ data, ingest ] +node.attr.box_type: {{ NODE_ROUTE_TYPE }} discovery.seed_hosts: - {{ grains.master }} {%- endif %} From 42833b2086725f0da36e1f07d9fab3c90ecd5248 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:14:32 -0500 Subject: [PATCH 147/270] Make non clustered node attributes --- salt/elasticsearch/files/elasticsearch.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 3472b24db..1ad65c43f 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -61,4 +61,7 @@ discovery.seed_hosts: - {{ grains.master }} {%- endif %} {%- endif %} +{%- if TRUECLUSTER is sameas false %} +node.attr.box_type: {{ NODE_ROUTE_TYPE }} +{%- endif %} indices.query.bool.max_clause_count: 1500 From 4ee944448f4089624cffa35091a6ae45d045f332 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 10 Dec 2020 12:05:57 -0500 Subject: [PATCH 148/270] remove $Interval template var since alerts cant be crated when it is used https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 76 +++++++++---------- salt/grafana/dashboards/manager/manager.json | 74 +++++++++--------- .../managersearch/managersearch.json | 70 ++++++++--------- .../dashboards/search_nodes/searchnode.json | 70 ++++++++--------- .../dashboards/sensor_nodes/sensor.json | 76 +++++++++---------- .../dashboards/standalone/standalone.json | 76 +++++++++---------- 6 files changed, 221 insertions(+), 221 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index c9f3bced4..fdd4b6b00 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -175,7 +175,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -416,7 +416,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -556,7 +556,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -696,7 +696,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -843,7 +843,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -957,7 +957,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1059,7 +1059,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1204,7 +1204,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1349,7 +1349,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1494,7 +1494,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1652,7 +1652,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1702,7 +1702,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1752,7 +1752,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1802,7 +1802,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1852,7 +1852,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1902,7 +1902,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2182,7 +2182,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2321,7 +2321,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2460,7 +2460,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2620,7 +2620,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2725,7 +2725,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2964,7 +2964,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3118,7 +3118,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3162,7 +3162,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3206,7 +3206,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3352,7 +3352,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3395,7 +3395,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3438,7 +3438,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3481,7 +3481,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3622,7 +3622,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3783,7 +3783,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3827,7 +3827,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3870,7 +3870,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4006,7 +4006,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4054,7 +4054,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4200,7 +4200,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4264,7 +4264,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4422,7 +4422,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index c5c09ae0e..35f3690f2 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -71,7 +71,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -260,7 +260,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -400,7 +400,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -540,7 +540,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -683,7 +683,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -793,7 +793,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -888,7 +888,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1028,7 +1028,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1168,7 +1168,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1308,7 +1308,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1454,7 +1454,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1504,7 +1504,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1554,7 +1554,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1604,7 +1604,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1654,7 +1654,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1704,7 +1704,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1846,7 +1846,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1910,7 +1910,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2286,7 +2286,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2330,7 +2330,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2374,7 +2374,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2510,7 +2510,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2574,7 +2574,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2734,7 +2734,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2777,7 +2777,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2820,7 +2820,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2863,7 +2863,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2997,7 +2997,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3041,7 +3041,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3084,7 +3084,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3219,7 +3219,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3283,7 +3283,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3434,7 +3434,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3481,7 +3481,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3616,7 +3616,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3751,7 +3751,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3815,7 +3815,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index 838a37426..b2b859803 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -82,7 +82,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -269,7 +269,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -689,7 +689,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -800,7 +800,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1034,7 +1034,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1458,7 +1458,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1508,7 +1508,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1558,7 +1558,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1608,7 +1608,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1658,7 +1658,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1708,7 +1708,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1850,7 +1850,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1914,7 +1914,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2062,7 +2062,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2190,7 +2190,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2373,7 +2373,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2417,7 +2417,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2461,7 +2461,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2597,7 +2597,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2661,7 +2661,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2809,7 +2809,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2937,7 +2937,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3072,7 +3072,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3116,7 +3116,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3159,7 +3159,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3495,7 +3495,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3627,7 +3627,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4005,7 +4005,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4135,7 +4135,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4182,7 +4182,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4313,7 +4313,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4453,7 +4453,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4496,7 +4496,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4539,7 +4539,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4582,7 +4582,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json index a7170d276..fd063b163 100644 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ b/salt/grafana/dashboards/search_nodes/searchnode.json @@ -81,7 +81,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -268,7 +268,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -408,7 +408,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -548,7 +548,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -676,7 +676,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -818,7 +818,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -883,7 +883,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1024,7 +1024,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1152,7 +1152,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1280,7 +1280,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1408,7 +1408,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1548,7 +1548,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1598,7 +1598,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1648,7 +1648,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1698,7 +1698,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1748,7 +1748,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1798,7 +1798,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1976,7 +1976,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2106,7 +2106,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2153,7 +2153,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2340,7 +2340,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2384,7 +2384,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2428,7 +2428,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2568,7 +2568,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2611,7 +2611,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2654,7 +2654,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2697,7 +2697,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2832,7 +2832,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2896,7 +2896,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3051,7 +3051,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3095,7 +3095,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3138,7 +3138,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3269,7 +3269,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3404,7 +3404,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3468,7 +3468,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 048bb5a34..0b89f030a 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -174,7 +174,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -414,7 +414,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -553,7 +553,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -692,7 +692,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -838,7 +838,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -952,7 +952,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1067,7 +1067,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1162,7 +1162,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1307,7 +1307,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1452,7 +1452,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1609,7 +1609,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1659,7 +1659,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1709,7 +1709,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1759,7 +1759,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1809,7 +1809,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1859,7 +1859,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1999,7 +1999,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2132,7 +2132,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2271,7 +2271,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2410,7 +2410,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2553,7 +2553,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2786,7 +2786,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2850,7 +2850,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3016,7 +3016,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3059,7 +3059,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3102,7 +3102,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3145,7 +3145,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3281,7 +3281,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3329,7 +3329,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3475,7 +3475,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3685,7 +3685,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3729,7 +3729,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3773,7 +3773,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3914,7 +3914,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3958,7 +3958,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4001,7 +4001,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4142,7 +4142,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4206,7 +4206,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 3bab1ff5f..d1ed7e05c 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -86,7 +86,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -284,7 +284,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -574,7 +574,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -714,7 +714,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -861,7 +861,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -975,7 +975,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1366,7 +1366,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1511,7 +1511,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1669,7 +1669,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1719,7 +1719,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1769,7 +1769,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1819,7 +1819,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1869,7 +1869,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1919,7 +1919,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2067,7 +2067,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2131,7 +2131,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2285,7 +2285,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2424,7 +2424,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2621,7 +2621,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2665,7 +2665,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2709,7 +2709,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2851,7 +2851,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3111,7 +3111,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3215,7 +3215,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3259,7 +3259,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3302,7 +3302,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3648,7 +3648,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3794,7 +3794,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3937,7 +3937,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4550,7 +4550,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5172,7 +5172,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5220,7 +5220,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5378,7 +5378,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5483,7 +5483,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5912,7 +5912,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5955,7 +5955,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5998,7 +5998,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -6041,7 +6041,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, From 21e107f2e8c667bea24d23b79432b8f965690123 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 13:13:45 -0500 Subject: [PATCH 149/270] [fix] Remove sudo from version check, only remove known_hosts entry if exists --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b03a96c97..bedbb43b5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -519,7 +519,7 @@ check_requirements() { } compare_versions() { - manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo cat /etc/soversion) + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) [[ "$manager_ver" == "$SOVERSION" ]] return @@ -660,7 +660,7 @@ copy_ssh_key() { chown -R "$SUDO_USER":"$SUDO_USER" /root/.ssh echo "Removing old entry for manager from known_hosts if it exists" - sed -i "/${MSRV}/d" /root/.ssh/known_hosts + grep -q "$MSRV" /root/.ssh/known_hosts && sed -i "/${MSRV}/d" /root/.ssh/known_hosts echo "Copying the SSH key to the manager" #Copy the key over to the manager @@ -921,7 +921,7 @@ docker_seed_registry() { } download_repo_tarball() { - manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo cat /etc/soversion) + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup # Fail if the file doesn't download From 830211975655c54bb9955c40c89e45a6751549f2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 13:26:19 -0500 Subject: [PATCH 150/270] [fix] Don't redirect entire download function to setup log --- setup/so-functions | 21 +++++++++++++++++---- setup/so-setup | 2 +- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index bedbb43b5..a87a36b55 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -521,6 +521,11 @@ check_requirements() { compare_versions() { manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) + if [[ $manager_ver == "" ]]; then + echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee "$setup_log" + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + fi + [[ "$manager_ver" == "$SOVERSION" ]] return } @@ -921,16 +926,24 @@ docker_seed_registry() { } download_repo_tarball() { - manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) - scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup + { + local manager_ver + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) + scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup + } >> "$setup_log" 2>&1 + # Fail if the file doesn't download if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then + local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." + echo "$message" | tee "$setup_log" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi - tar -xzf /root/manager_setup/"$manager_ver".tar.gz -C /root/manager_setup/securityonion - rm -rf /root/manager_setup/"$manager_ver".tar.gz + { + tar -xzf /root/manager_setup/"$manager_ver".tar.gz -C /root/manager_setup/securityonion + rm -rf /root/manager_setup/"$manager_ver".tar.gz + } >> "$setup_log" 2>&1 } fireeye_pillar() { diff --git a/setup/so-setup b/setup/so-setup index 5334b49f2..7bf768791 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -283,7 +283,7 @@ if ! [ -f /root/install_opt ]; then if [[ $is_minion ]] && ! (compare_versions); then info "Installer version mismatch, downloading correct version from manager" echo "$install_type" > /root/install_opt - download_repo_tarball >> "$setup_log" 2>&1 + download_repo_tarball exec bash /root/manager_setup/securityonion/setup/so-setup "$@" fi From bc6a0c1e6f4590e90f6d37a72133c8b61c0af247 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 13:54:41 -0500 Subject: [PATCH 151/270] [fix] Add missing append flags to tee --- setup/so-functions | 6 +++--- setup/so-setup | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a87a36b55..311b82225 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -522,7 +522,7 @@ compare_versions() { manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) if [[ $manager_ver == "" ]]; then - echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee "$setup_log" + echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi @@ -936,7 +936,7 @@ download_repo_tarball() { # Fail if the file doesn't download if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." - echo "$message" | tee "$setup_log" + echo "$message" | tee -a "$setup_log" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi @@ -1655,7 +1655,7 @@ saltify() { apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" - ;; + ;; esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' diff --git a/setup/so-setup b/setup/so-setup index 7bf768791..292cbf6f4 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -115,7 +115,7 @@ case "$setup_type" in echo "Beginning Security Onion $setup_type install" >> $setup_log 2>&1 ;; *) - echo "Invalid install type, must be 'iso' or 'network'" | tee $setup_log + echo "Invalid install type, must be 'iso' or 'network'" | tee -a $setup_log exit 1 ;; esac @@ -156,7 +156,7 @@ if ! [ -f /root/install_opt ]; then if (whiptail_you_sure); then true else - echo "User cancelled setup." | tee "$setup_log" + echo "User cancelled setup." | tee -a "$setup_log" whiptail_cancel fi From 1f1cfde3acd4a82bdcceb9d33b44f630809e4b44 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 14:03:54 -0500 Subject: [PATCH 152/270] [fix] Make directory for new setup download --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 311b82225..890b1e8e0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -929,6 +929,7 @@ download_repo_tarball() { { local manager_ver manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) + mkdir -p /root/manager_setup scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup } >> "$setup_log" 2>&1 From 58bcc79c542961c2d3144865c29ddabeb92116de Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 14:17:47 -0500 Subject: [PATCH 153/270] [fix] Create full dir structure, rm /root/install_opt on failure --- setup/so-functions | 5 +++-- setup/so-whiptail | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 890b1e8e0..aef409397 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -522,6 +522,7 @@ compare_versions() { manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) if [[ $manager_ver == "" ]]; then + rm /root/install_opt echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi @@ -926,16 +927,16 @@ docker_seed_registry() { } download_repo_tarball() { + mkdir -p /root/manager_setup/securityonion { local manager_ver manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) - mkdir -p /root/manager_setup scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup } >> "$setup_log" 2>&1 - # Fail if the file doesn't download if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then + rm /root/install_opt local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." echo "$message" | tee -a "$setup_log" kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 diff --git a/setup/so-whiptail b/setup/so-whiptail index a37340764..922f47b5e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -783,6 +783,8 @@ whiptail_management_interface_setup() { else msg="initialize networking" fi + else + msg=$minion_msg fi whiptail --title "Security Onion Setup" --yesno "Setup will now $msg. Select YES to continue or NO to cancel." 8 75 From ab856532e641aafabc6cad82a7af6ed089db4e8b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 14:20:48 -0500 Subject: [PATCH 154/270] [fix] Show airgap option on import install --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 292cbf6f4..e175a834d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -211,7 +211,7 @@ if [[ "$setup_type" == 'iso' ]]; then fi # Check if this is an airgap install -if [[ $is_manager && $is_iso ]]; then +if [[ ( $is_manager || $is_import ) && $is_iso ]]; then whiptail_airgap if [[ "$INTERWEBS" == 'AIRGAP' ]]; then is_airgap=true From 5c4103681cb9c135f2c0856163497d680d85fb35 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 14:45:24 -0500 Subject: [PATCH 155/270] [fix] Save original argument array to use later --- setup/so-setup | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index e175a834d..96322b983 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -22,6 +22,9 @@ if [ "$uid" -ne 0 ]; then exit 1 fi +# Save the original argument array since we modify it +readarraay -t original_args <<< "$@" + cd "$(dirname "$0")" || exit 255 source ./so-functions @@ -55,7 +58,7 @@ while [[ $# -gt 0 ]]; do done if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then - exec bash /root/manager_setup/securityonion/setup/so-setup "$@" + exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" fi if [[ -f /root/accept_changes ]]; then @@ -284,7 +287,7 @@ if ! [ -f /root/install_opt ]; then info "Installer version mismatch, downloading correct version from manager" echo "$install_type" > /root/install_opt download_repo_tarball - exec bash /root/manager_setup/securityonion/setup/so-setup "$@" + exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" fi if [[ $is_analyst ]]; then From 25f2075e2234949741d01da0954c6f4e92fe2a57 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 15:01:10 -0500 Subject: [PATCH 156/270] [fix] Revert bad change to whiptail_basic_zeek --- setup/so-whiptail | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index ebc515782..7b105bb8e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -61,13 +61,11 @@ whiptail_basic_zeek() { local PROCS=$lb_procs fi - ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) + local exitstatus=$? whiptail_check_exitstatus $exitstatus - - ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - - IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" } whiptail_zeek_version() { From 733f5a50215b2be5cda51b785fb25909019aa823 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 10 Dec 2020 15:17:22 -0500 Subject: [PATCH 157/270] allowUiUpdates to dashboards to allow for alert creation on stock dashboards issue/1175 --- salt/grafana/etc/dashboards/dashboard.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml index 72f77f845..b00dadc04 100644 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ b/salt/grafana/etc/dashboards/dashboard.yml @@ -8,6 +8,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/manager - name: 'Manager Search' @@ -15,6 +16,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/managersearch - name: 'Sensor Nodes' @@ -22,6 +24,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/sensor_nodes - name: 'Search Nodes' @@ -29,6 +32,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/search_nodes - name: 'Standalone' @@ -36,6 +40,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/standalone {%- else %} @@ -44,6 +49,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/eval {% endif %} From b6a0e692c67ed3bbd3f21953aa8faac442bd1209 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 11 Dec 2020 09:38:35 -0500 Subject: [PATCH 158/270] [refactor] Use command -v for netplan check --- setup/so-functions | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index aef409397..9e35c5958 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1324,12 +1324,10 @@ network_setup() { disable_misc_network_features; echo "... Setting ONBOOT for management interface"; - if ! netplan > /dev/null 2>&1; then - nmcli con mod "$MNIC" connection.autoconnect "yes"; - fi + command -v netplan &> /dev/null || nmcli con mod "$MNIC" connection.autoconnect "yes" - echo "... Copying 99-so-checksum-offload-disable"; - cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ; + echo "... Copying 99-so-checksum-offload-disable"; + cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ; echo "... Modifying 99-so-checksum-offload-disable"; sed -i "s/\$MNIC/${MNIC}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable; From 3c7a8fe92f79af476b07827ae6c900727a65cfb0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 11 Dec 2020 09:39:00 -0500 Subject: [PATCH 159/270] [fix] Don't cd in so-variables --- setup/so-variables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-variables b/setup/so-variables index 2223fe106..266dba11e 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -62,5 +62,5 @@ mkdir -p "$default_salt_dir" export local_salt_dir=/opt/so/saltstack/local mkdir -p "$local_salt_dir" -SCRIPTDIR=$(cd "$(dirname "$0")" && pwd) +SCRIPTDIR=$(pwd) export SCRIPTDIR From 870cc6b79b929884a252540a8f803da8f6826bae Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 11 Dec 2020 09:39:22 -0500 Subject: [PATCH 160/270] [fix][typo] readaraay -> readarray --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 96322b983..43c9f36a6 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -23,7 +23,7 @@ if [ "$uid" -ne 0 ]; then fi # Save the original argument array since we modify it -readarraay -t original_args <<< "$@" +readarray -t original_args <<< "$@" cd "$(dirname "$0")" || exit 255 From 14f28e38be8b4420cd4e8e53eb9de4bb434d9071 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 10:04:38 -0500 Subject: [PATCH 161/270] Ensure so-yara-updata script is logging to a file during cron job execution --- salt/common/tools/sbin/so-yara-update | 21 ++++++++++++--------- salt/manager/init.sls | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index 9d7b3fcdf..7a8f98bf7 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -27,6 +27,7 @@ updatecounter=0 {% if ISAIRGAP is sameas true %} +echo "Updating rules in airgap mode..." clone_dir="/nsm/repo/rules/strelka" repo_name="signature-base" @@ -73,20 +74,22 @@ done echo "Done!" - if [ "$newcounter" -gt 0 ];then - echo "$newcounter new rules added." - fi +if [ "$newcounter" -gt 0 ];then + echo "$newcounter new rules added." +fi - if [ "$updatecounter" -gt 0 ];then - echo "$updatecounter rules updated." - fi +if [ "$updatecounter" -gt 0 ];then + echo "$updatecounter rules updated." +fi - if [ "$deletecounter" -gt 0 ];then - echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." - fi +if [ "$deletecounter" -gt 0 ];then + echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." +fi {% else %} +echo "Starting to update rules..." + gh_status=$(curl -s -o /dev/null -w "%{http_code}" http://github.com) clone_dir="/tmp" if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then diff --git a/salt/manager/init.sls b/salt/manager/init.sls index b506d06bf..4136b276d 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -91,7 +91,7 @@ append_so-aptcacherng_so-status.conf: strelka_yara_update: cron.present: - user: root - - name: '/usr/sbin/so-yara-update > /dev/null 2>&1' + - name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1' - hour: '7' - minute: '1' {% else %} From 0915ae30e4d86b55db4353e00d705d2261e1fead Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 10:08:10 -0500 Subject: [PATCH 162/270] Add timestamps to so-yara-update output --- salt/common/tools/sbin/so-yara-update | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index 7a8f98bf7..a2a633957 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -16,6 +16,8 @@ # along with this program. If not, see . {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} +echo "Starting to check for yara rule updates at $(date)..." + output_dir="/opt/so/saltstack/default/salt/strelka/rules" mkdir -p $output_dir repos="$output_dir/repos.txt" @@ -27,7 +29,7 @@ updatecounter=0 {% if ISAIRGAP is sameas true %} -echo "Updating rules in airgap mode..." +echo "Airgap mode enabled." clone_dir="/nsm/repo/rules/strelka" repo_name="signature-base" @@ -88,8 +90,6 @@ fi {% else %} -echo "Starting to update rules..." - gh_status=$(curl -s -o /dev/null -w "%{http_code}" http://github.com) clone_dir="/tmp" if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then @@ -165,4 +165,6 @@ else echo "No connectivity to Github...exiting..." exit 1 fi -{%- endif -%} \ No newline at end of file +{%- endif -%} + +echo "Finished rule updates at $(date)..." From 75c5abef30f2ece33266768791a5f08d419370e4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 11 Dec 2020 10:16:00 -0500 Subject: [PATCH 163/270] [fix] Add all selected options to install_opts --- setup/so-setup | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 43c9f36a6..087e05172 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -165,7 +165,7 @@ if ! [ -f /root/install_opt ]; then whiptail_install_type else - install_type=$(cat /root/install_opt) + source /root/install_opt fi if [ "$install_type" = 'EVAL' ]; then @@ -285,7 +285,12 @@ if ! [ -f /root/install_opt ]; then if [[ $is_minion ]] && ! (compare_versions); then info "Installer version mismatch, downloading correct version from manager" - echo "$install_type" > /root/install_opt + printf '%s\n' \ + "install_type=$install_type" \ + "MNIC=$MNIC" \ + "HOSTNAME=$HOSTNAME" \ + "MSRV=$MSRV"\ + "MSRVIP=$MSRVIP" > /root/install_opt download_repo_tarball exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" fi @@ -388,9 +393,9 @@ if [[ $is_manager && ! $is_eval ]]; then whiptail_oinkcode fi - if [[ "$STRELKA" == 1 ]]; then - STRELKARULES=1 - fi + if [[ "$STRELKA" = 1 ]]; then + STRELKARULES=1 + fi if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then whiptail_manager_adv_service_zeeklogs @@ -758,7 +763,7 @@ set_redirect >> $setup_log 2>&1 set_progress_str 81 "$(print_salt_state_apply 'strelka')" salt-call state.apply -l info strelka >> $setup_log 2>&1 fi - if [[ $STRELKARULES == 1 ]]; then + if [[ "$STRELKARULES" = 1 ]]; then /usr/sbin/so-yara-update >> $setup_log 2>&1 fi fi From e0e38ac37fc9bff540ec93c6a12578ca51e0b61e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 10:39:25 -0500 Subject: [PATCH 164/270] update standlone dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../dashboards/standalone/standalone.json | 473 ++++++++++++------ salt/grafana/defaults.yaml | 2 +- 2 files changed, 322 insertions(+), 153 deletions(-) diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index d1ed7e05c..311015151 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -21,23 +21,13 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, + "unit": "percent", "min": 0, - "nullValueMode": "connected", + "max": 100, "thresholds": { "mode": "absolute", "steps": [ @@ -55,7 +45,16 @@ } ] }, - "unit": "percent" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -68,18 +67,9 @@ "id": 2, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -134,11 +124,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -796,68 +855,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -881,7 +926,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -906,72 +951,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -995,7 +1066,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -1020,8 +1091,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, @@ -3045,24 +3156,14 @@ "type": "stat" }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": null, + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -3080,7 +3181,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -3093,18 +3203,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -3147,13 +3248,81 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], + "title": "{{ SERVERNAME }} - PCAP Retention", + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false }, { "aliasColors": { diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 13a2f62f0..171f679e3 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -10,7 +10,7 @@ grafana: enabled: false # host: localhost:25 # user: myuser - # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" + # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""' # password: mypassword # cert_file: /etc/grafana/config/files/smtp_cert_file.crt # key_file: /etc/grafana/config/files/smtp_key_file.key From 33fde42dbce65d38a51bdba75ac8b11fe06e3162 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 10:42:30 -0500 Subject: [PATCH 165/270] dont show legend on pcap retention panel --- salt/grafana/dashboards/standalone/standalone.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 311015151..40ad57237 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -3294,7 +3294,7 @@ "spaceLength": 10, "pointradius": 2, "legend": { - "show": true, + "show": false, "values": false, "min": false, "max": false, From db276d902026584488a5e20d3d95539cf7ba377f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 11 Dec 2020 11:02:27 -0500 Subject: [PATCH 166/270] [fix] Always set hostname --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 087e05172..d45f400a1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -266,8 +266,8 @@ if ! [ -f /root/install_opt ]; then # Init networking so rest of install works disable_ipv6 + set_hostname if [[ "$setup_type" == 'iso' ]]; then - set_hostname set_management_interface fi From 2fc151d92350ba01da9bed6b69c588aef11e9aa5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:34:08 -0500 Subject: [PATCH 167/270] update eval dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 365 ++++++++++++++++--------- 1 file changed, 239 insertions(+), 126 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index fdd4b6b00..b674a4173 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -778,68 +778,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -863,7 +849,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -888,72 +874,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -977,7 +989,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -1002,8 +1014,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, @@ -2897,25 +2949,18 @@ "title": "Zeek Restarts via Healthcheck", "type": "stat" }, + + + { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": , + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -2933,7 +2978,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -2946,18 +3000,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -3000,13 +3045,81 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], + "title": "{{ SERVERNAME }} - PCAP Retention", + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false }, { "aliasColors": { From 5a95181b2b09150d7cb168af8c284c74364d4534 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:36:19 -0500 Subject: [PATCH 168/270] update eval version 1 https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index b674a4173..449233508 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -4735,5 +4735,5 @@ "timezone": "browser", "title": "Evaluation Mode - {{ SERVERNAME }} Overview", "uid": "{{ UID }}", - "version": 6 + "version": 1 } From 6eb64227ae52777c3cc52f9c6d06c513d7f2efa9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:44:21 -0500 Subject: [PATCH 169/270] update manager dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/manager/manager.json | 260 ++++++++++++------- 1 file changed, 160 insertions(+), 100 deletions(-) diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index 35f3690f2..d0d55243f 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -622,64 +622,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -703,7 +693,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -728,68 +718,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -813,7 +833,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -838,8 +858,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, From 0a77a28e066a0f67b9eb451a40444fe0d7609cd3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:51:42 -0500 Subject: [PATCH 170/270] guage to graph cor cpu on manager and eval https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 135 ++++++++++++++--- salt/grafana/dashboards/manager/manager.json | 145 ++++++++++++++----- 2 files changed, 220 insertions(+), 60 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 449233508..63f88de19 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -24,18 +24,36 @@ "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [], + "unit": "percent", + "min": 0, + "max": 100, "thresholds": { "mode": "absolute", "steps": [ { - "color": "rgb(255, 255, 255)", + "color": "rgba(50, 172, 45, 0.97)", "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -45,23 +63,15 @@ "x": 0, "y": 0 }, - "id": 39, + "id": 2, + "links": [], "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - } + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { + "dsType": "influxdb", "groupBy": [ { "params": [ @@ -76,7 +86,7 @@ "type": "fill" } ], - "measurement": "system", + "measurement": "cpu", "orderByTime": "ASC", "policy": "default", "refId": "A", @@ -85,13 +95,19 @@ [ { "params": [ - "uptime" + "usage_idle" ], "type": "field" }, { "params": [], - "type": "last" + "type": "mean" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" } ] ], @@ -100,14 +116,87 @@ "key": "host", "operator": "=", "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], + "title": "{{ SERVERNAME }} - CPU", + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "cacheTimeout": null, diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index d0d55243f..9a498a34f 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -20,8 +20,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -31,40 +66,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [], - "max": 100, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "orange", - "value": 60 - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "auto", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -119,13 +123,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], + "title": "{{ SERVERNAME }} - CPU", + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", From e3335a310620abefdefaa2c139a52469f4ec3f6d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:00:02 -0500 Subject: [PATCH 171/270] update managersearch dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../managersearch/managersearch.json | 416 +++++++++++------- 1 file changed, 269 insertions(+), 147 deletions(-) diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index b2b859803..a852d8c0a 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -21,8 +21,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -32,50 +67,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -130,11 +124,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -628,64 +691,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.7.3", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -709,7 +762,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -734,69 +787,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.7.3", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -820,7 +902,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -845,8 +927,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, From c88a1a943d24ddbdba1286b5f48752388295dd57 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:21:16 -0500 Subject: [PATCH 172/270] update search and sensor node dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../dashboards/search_nodes/searchnode.json | 416 +++++++++------ .../dashboards/sensor_nodes/sensor.json | 475 ++++++++++++------ 2 files changed, 592 insertions(+), 299 deletions(-) diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json index fd063b163..72ebe768a 100644 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ b/salt/grafana/dashboards/search_nodes/searchnode.json @@ -20,8 +20,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -31,50 +66,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -129,11 +123,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -757,64 +820,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -838,7 +891,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -863,23 +916,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", - "cacheTimeout": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -903,7 +1031,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -928,54 +1056,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge", - "options": { - "showThresholdMarkers": true, - "showThresholdLabels": false, - "fieldOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "mappings": [ - { - "op": "=", - "text": "N/A", - "value": "null", - "id": 0, - "type": 1 - } - ], - "unit": "bytes", - "nullValueMode": "connected", - "min": 0, - "max": "{{ NSMFS}}", - "decimals": 2 - }, - "overrides": [] - }, - "orientation": "horizontal" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" }, - "pluginVersion": "6.6.2" + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 0b89f030a..f8ba531a0 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -109,23 +109,13 @@ "type": "stat" }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, + "unit": "percent", "min": 0, - "nullValueMode": "connected", + "max": 100, "thresholds": { "mode": "absolute", "steps": [ @@ -143,7 +133,16 @@ } ] }, - "unit": "percent" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -156,18 +155,9 @@ "id": 2, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -222,11 +212,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "aliasColors": {}, @@ -773,68 +832,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -858,7 +903,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -883,72 +928,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -972,7 +1043,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -997,28 +1068,58 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": , + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -1036,7 +1137,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -1049,18 +1159,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -1103,12 +1204,82 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" - }, + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false + }, { "aliasColors": {}, "bars": false, From d877fac786b5d945d6ccc56c06c5de6bf4c373dc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:28:43 -0500 Subject: [PATCH 173/270] add null for max graph value https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 2 +- salt/grafana/dashboards/sensor_nodes/sensor.json | 2 +- salt/grafana/dashboards/standalone/standalone.json | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 63f88de19..ee94504d1 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -3048,7 +3048,7 @@ "custom": {}, "unit": "s", "min": 0, - "max": , + "max": null, "decimals": 2, "thresholds": { "mode": "absolute", diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index f8ba531a0..9136a7838 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -1118,7 +1118,7 @@ "custom": {}, "unit": "s", "min": 0, - "max": , + "max": null, "decimals": 2, "thresholds": { "mode": "absolute", diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 40ad57237..079578a38 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -199,6 +199,9 @@ "thresholds": [], "timeRegions": [] }, + + + { "datasource": "InfluxDB", "fieldConfig": { From eb735c72895459eca36b397458548a8d931dce66 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 13:22:13 -0500 Subject: [PATCH 174/270] Replace duplicate random generator with common function --- salt/common/tools/sbin/so-common | 5 ++++ salt/common/tools/sbin/soup | 8 +++---- salt/playbook/files/playbook_db_init.sh | 3 ++- setup/so-functions | 32 ++++++++++++------------- setup/so-variables | 2 +- 5 files changed, 28 insertions(+), 22 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 1dfa22a5f..6c7989c3d 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -135,3 +135,8 @@ fail() { echo "Exiting." exit 1 } + +get_random_value() { + length=${1:-20} + head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1 +} \ No newline at end of file diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 27439a137..ca840de59 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -212,8 +212,8 @@ rc1_to_rc2() { sed -i "/^global:/a \\$line" /opt/so/saltstack/local/pillar/global.sls; # Adding play values to the global.sls - local HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - local CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + local HIVEPLAYSECRET=$(get_random_value) + local CORTEXPLAYSECRET=$(get_random_value) sed -i "/^global:/a \\ hiveplaysecret: $HIVEPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^global:/a \\ cortexplaysecret: $CORTEXPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; @@ -275,8 +275,8 @@ rc3_to_2.3.0() { sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls { - echo "playbook_admin: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" - echo "playbook_automation: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" + echo "playbook_admin: $(get_random_value)" + echo "playbook_automation: $(get_random_value)" } >> /opt/so/saltstack/local/pillar/secrets.sls } diff --git a/salt/playbook/files/playbook_db_init.sh b/salt/playbook/files/playbook_db_init.sh index bd4f7abae..94aef0a44 100644 --- a/salt/playbook/files/playbook_db_init.sh +++ b/salt/playbook/files/playbook_db_init.sh @@ -1,11 +1,12 @@ #!/bin/bash # {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) %} +. /usr/sbin/so-common default_salt_dir=/opt/so/saltstack/default # Generate salt + hash for admin user -admin_salt=$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 32 | head -n 1) +admin_salt=$(get_random_value 32) admin_stage1_hash=$(echo -n '{{ admin_pass }}' | sha1sum | awk '{print $1}') admin_hash=$(echo -n "${admin_salt}${admin_stage1_hash}" | sha1sum | awk '{print $1}') sed -i "s/ADMIN_HASH/${admin_hash}/g" $default_salt_dir/salt/playbook/files/playbook_db_init.sql diff --git a/setup/so-functions b/setup/so-functions index 6a6f42dc7..66450a6bb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -954,22 +954,22 @@ fleet_pillar() { generate_passwords(){ # Generate Random Passwords for Things - MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKDBPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKADMINPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKAUTOMATIONPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - GRAFANAPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + MYSQLPASS=$(get_random_value) + PLAYBOOKDBPASS=$(get_random_value) + PLAYBOOKADMINPASS=$(get_random_value) + PLAYBOOKAUTOMATIONPASS=$(get_random_value) + FLEETPASS=$(get_random_value) + FLEETJWT=$(get_random_value) + GRAFANAPASS=$(get_random_value) if [[ "$THEHIVE" == "1" ]]; then - HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + HIVEKEY=$(get_random_value) + HIVEPLAYSECRET=$(get_random_value) + CORTEXKEY=$(get_random_value) + CORTEXORGUSERKEY=$(get_random_value) + CORTEXPLAYSECRET=$(get_random_value) fi - SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + SENSORONIKEY=$(get_random_value) + KRATOSKEY=$(get_random_value) } get_redirect() { @@ -1272,8 +1272,8 @@ minio_generate_keys() { local charSet="[:graph:]" - ACCESS_KEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - ACCESS_SECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 40 | head -n 1) + ACCESS_KEY=$(get_random_value) + ACCESS_SECRET=$(get_random_value 40) } diff --git a/setup/so-variables b/setup/so-variables index 83b9b4325..17441dca0 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -12,7 +12,7 @@ export num_cpu_cores readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')" export cpu_core_list -random_uid=$( Date: Fri, 11 Dec 2020 14:26:32 -0500 Subject: [PATCH 175/270] merge pillar with the defaults https://github.com/Security-Onion-Solutions/securityonion/issues/2319 --- salt/zeek/policy/securityonion/file-extraction/extract.zeek | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek index 6f59ed447..e23c44a92 100644 --- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek +++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek @@ -1,4 +1,5 @@ -{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek with context %} +{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default %} +{%- set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) %} # Directory to stage Zeek extracted files before processing redef FileExtract::prefix = "/nsm/zeek/extracted/"; # Set a limit to the file size From 09b3a4a0ddeef798c93b720ea51265ea65b31fae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 14:35:06 -0500 Subject: [PATCH 176/270] merge pillar with the defaults https://github.com/Security-Onion-Solutions/securityonion/issues/2319 --- salt/zeek/policy/securityonion/file-extraction/extract.zeek | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek index e23c44a92..e5b7db864 100644 --- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek +++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek @@ -1,5 +1,5 @@ -{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default %} -{%- set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) %} +{% import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default -%} +{% set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) -%} # Directory to stage Zeek extracted files before processing redef FileExtract::prefix = "/nsm/zeek/extracted/"; # Set a limit to the file size @@ -7,7 +7,7 @@ redef FileExtract::default_limit = 9000000; # These are the mimetypes we want to rip off the networks export { global _mime_whitelist: table[string] of string = { - {%- for li in zeek.zeek.policy.file_extraction %} + {%- for li in zeek.policy.file_extraction %} {%- if not loop.last %} {%- for k,v in li.items() %} ["{{ k }}"] = "{{ v }}", From bb61c1f7459e8286be926d887c504bd78f90ee75 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 15:33:27 -0500 Subject: [PATCH 177/270] Cleanup bash imports/sources, function definitions, and variables --- setup/so-common-functions | 52 -------------------------------------- setup/so-functions | 53 +++++++++++++++++++++++++++++++++------ setup/so-setup | 12 ++++++++- setup/so-variables | 2 ++ setup/so-whiptail | 3 --- 5 files changed, 59 insertions(+), 63 deletions(-) delete mode 100644 setup/so-common-functions diff --git a/setup/so-common-functions b/setup/so-common-functions deleted file mode 100644 index 8bdf09374..000000000 --- a/setup/so-common-functions +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -source ./so-variables -source ../salt/common/tools/sbin/so-common -source ../salt/common/tools/sbin/so-image-common - -# Helper functions - -filter_unused_nics() { - - if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi - - # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string - if [[ $BNICS ]]; then - grep_string="$grep_string" - for BONDNIC in "${BNICS[@]}"; do - grep_string="$grep_string\|$BONDNIC" - done - fi - - # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use) - filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') - readarray -t filtered_nics <<< "$filtered_nics" - - nic_list=() - for nic in "${filtered_nics[@]}"; do - case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in - 1) - nic_list+=("$nic" "Link UP " "OFF") - ;; - 0) - nic_list+=("$nic" "Link DOWN " "OFF") - ;; - *) - nic_list+=("$nic" "Link UNKNOWN " "OFF") - ;; - esac - done - - export nic_list -} - -calculate_useable_cores() { - - # Calculate reasonable core usage - local cores_for_zeek=$(( (num_cpu_cores/2) - 1 )) - local lb_procs_round - lb_procs_round=$(printf "%.0f\n" $cores_for_zeek) - - if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi - export lb_procs -} diff --git a/setup/so-functions b/setup/so-functions index 66450a6bb..9f90138f3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -15,13 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -source ./so-whiptail -source ./so-variables -source ./so-common-functions - -CONTAINER_REGISTRY=quay.io - -SOVERSION=$(cat ../VERSION) +# README - DO NOT DEFINE GLOBAL VARIABLES IN THIS FILE. Instead use so-variables. log() { msg=$1 @@ -48,6 +42,51 @@ logCmd() { $cmd >> "$setup_log" 2>&1 } +filter_unused_nics() { + + if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi + + # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string + if [[ $BNICS ]]; then + grep_string="$grep_string" + for BONDNIC in "${BNICS[@]}"; do + grep_string="$grep_string\|$BONDNIC" + done + fi + + # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use) + filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') + readarray -t filtered_nics <<< "$filtered_nics" + + nic_list=() + for nic in "${filtered_nics[@]}"; do + case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in + 1) + nic_list+=("$nic" "Link UP " "OFF") + ;; + 0) + nic_list+=("$nic" "Link DOWN " "OFF") + ;; + *) + nic_list+=("$nic" "Link UNKNOWN " "OFF") + ;; + esac + done + + export nic_list +} + +calculate_useable_cores() { + + # Calculate reasonable core usage + local cores_for_zeek=$(( (num_cpu_cores/2) - 1 )) + local lb_procs_round + lb_procs_round=$(printf "%.0f\n" $cores_for_zeek) + + if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi + export lb_procs +} + airgap_rules() { # Copy the rules for suricata if using Airgap mkdir -p /nsm/repo/rules diff --git a/setup/so-setup b/setup/so-setup index ccfa87a59..1a821d405 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -24,9 +24,19 @@ fi cd "$(dirname "$0")" || exit 255 +# Source the generic function libraries that are also used by the product after +# setup. These functions are intended to be reusable outside of the setup process. +source ../salt/common/tools/sbin/so-common +source ../salt/common/tools/sbin/so-image-common + +# Setup bash functionality is divided into functions and user-facing prompts. +# Do not attempt to re-use any of this functionality outside of setup. Instead, +# if needed, migrated generic functions into so-common. source ./so-functions -source ./so-common-functions source ./so-whiptail + +# Finally, source the default variable definitions, which require availability of +# functions source above. source ./so-variables # Parse command line arguments diff --git a/setup/so-variables b/setup/so-variables index 17441dca0..09e0ebc46 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -1,5 +1,7 @@ #!/bin/bash +SOVERSION=$(cat ../VERSION) + total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//') export total_mem diff --git a/setup/so-whiptail b/setup/so-whiptail index 7b105bb8e..791cceb76 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -15,9 +15,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -source ./so-variables -source ./so-common-functions - whiptail_airgap() { [ -n "$TESTING" ] && return From 42c8f1e325cdf32341380f59bfdbceb29f9c6d64 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 15:34:16 -0500 Subject: [PATCH 178/270] Use eth0/eth1 instead of ens5/ens6 in AWS --- setup/automation/aws_standalone_defaults | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/automation/aws_standalone_defaults b/setup/automation/aws_standalone_defaults index 25d3da0e0..5354c7950 100644 --- a/setup/automation/aws_standalone_defaults +++ b/setup/automation/aws_standalone_defaults @@ -26,7 +26,7 @@ ALLOW_ROLE=a BASICZEEK=7 BASICSURI=7 # BLOGS= -BNICS=ens6 +BNICS=eth0 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC @@ -46,7 +46,7 @@ MANAGERUPDATES=1 # MGATEWAY= # MIP= # MMASK= -MNIC=ens5 +MNIC=eth1 # MSEARCH= # MSRV= # MTU= From 66495e6bae63b1c93c00b30b3db0f161afe22626 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 11 Dec 2020 17:38:42 -0500 Subject: [PATCH 179/270] Swap localhost for 127.0.0.1 --- salt/common/tools/sbin/so-fleet-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup index 21aebc966..96644576f 100755 --- a/salt/common/tools/sbin/so-fleet-setup +++ b/salt/common/tools/sbin/so-fleet-setup @@ -15,8 +15,8 @@ if [ ! "$(docker ps -q -f name=so-fleet)" ]; then salt-call state.apply redis queue=True >> /root/fleet-setup.log fi -docker exec so-fleet fleetctl config set --address https://localhost:8080 --tls-skip-verify --url-prefix /fleet -docker exec -it so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://localhost:8080/fleet)" != "301" ]]; do sleep 5; done' +docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet +docker exec -it so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done' docker exec so-fleet fleetctl setup --email $1 --password $2 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml From c5a35975642d3b5cbafad1e102af8c653aa71a9b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 21:57:56 -0500 Subject: [PATCH 180/270] Swap AWS interfaces --- setup/automation/aws_standalone_defaults | 4 ++-- setup/so-setup | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/automation/aws_standalone_defaults b/setup/automation/aws_standalone_defaults index 5354c7950..8e34320e0 100644 --- a/setup/automation/aws_standalone_defaults +++ b/setup/automation/aws_standalone_defaults @@ -26,7 +26,7 @@ ALLOW_ROLE=a BASICZEEK=7 BASICSURI=7 # BLOGS= -BNICS=eth0 +BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC @@ -46,7 +46,7 @@ MANAGERUPDATES=1 # MGATEWAY= # MIP= # MMASK= -MNIC=eth1 +MNIC=eth0 # MSEARCH= # MSRV= # MTU= diff --git a/setup/so-setup b/setup/so-setup index 1a821d405..73e66d058 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -36,7 +36,7 @@ source ./so-functions source ./so-whiptail # Finally, source the default variable definitions, which require availability of -# functions source above. +# functions sourced above. source ./so-variables # Parse command line arguments From fd7fe72b2ad8f1d81f398f158ae1e71446773be1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 23:29:59 -0500 Subject: [PATCH 181/270] Correct default address pool base value --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 9f90138f3..3ff66be30 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -910,7 +910,7 @@ docker_registry() { " \"bip\": \"$DNETBIP\","\ " \"default-address-pools\": ["\ " {"\ - " \"base\" : \"$DOCKERNET\","\ + " \"base\" : \"$DOCKERNET/24\","\ " \"size\" : 24"\ " }"\ " ]"\ From 85aac4ad759842d9f7ad56ac1a496a5c3cf57815 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 12 Dec 2020 09:22:08 -0500 Subject: [PATCH 182/270] Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 --- salt/elasticsearch/files/ingest/ossec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/ossec b/salt/elasticsearch/files/ingest/ossec index deb34168c..99b51c673 100644 --- a/salt/elasticsearch/files/ingest/ossec +++ b/salt/elasticsearch/files/ingest/ossec @@ -63,7 +63,7 @@ { "rename": { "field": "fields.module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, - { "set": { "if": "ctx.containsKey('rule') && ctx.rule != null", "field": "event.dataset", "value": "alert", "override": true } }, + { "set": { "if": "ctx.containsKey('rule.name') && ctx.rule.name != null", "field": "event.dataset", "value": "alert", "override": true } }, { "pipeline": { "name": "common" } } ] } From 8faf80a03bb12a667c5c6414dcf3ab272afe8d75 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sat, 12 Dec 2020 10:07:23 -0500 Subject: [PATCH 183/270] Revert "Playbook db updates" This reverts commit 35be785f7a6b61c6345198c528c4849496681649. --- salt/common/tools/sbin/so-playbook-reset | 2 +- salt/playbook/files/playbook_db_init.sql | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset index c949bccc3..f07df2142 100755 --- a/salt/common/tools/sbin/so-playbook-reset +++ b/salt/common/tools/sbin/so-playbook-reset @@ -22,5 +22,5 @@ salt-call state.apply playbook.db_init,playbook,playbook.automation_user_create /usr/sbin/so-soctopus-restart echo "Importing Plays - this will take some time...." -sleep 5 +wait 5 /usr/sbin/so-playbook-ruleupdate \ No newline at end of file diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index 7fe2329c5..7da93bae8 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -525,7 +525,7 @@ CREATE TABLE `email_addresses` ( LOCK TABLES `email_addresses` WRITE; /*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'); +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); /*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; UNLOCK TABLES; @@ -1484,7 +1484,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','ADMIN_HASH','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','ADMIN_SALT',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL); +INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; From 73d23e6d17a7ab0d8d61a2c1d17a8c1641dc95b1 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sat, 12 Dec 2020 10:07:30 -0500 Subject: [PATCH 184/270] Revert "Initial support - Playbook Overrides" This reverts commit 8915e492889493300124637554dcee01d6f7188e. --- salt/playbook/files/playbook_db_init.sql | 90 +- .../playbook/files/playbook_db_migrations.sql | 1762 ----------------- salt/playbook/init.sls | 2 +- 3 files changed, 55 insertions(+), 1799 deletions(-) delete mode 100644 salt/playbook/files/playbook_db_migrations.sql diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index 7da93bae8..7a3b4da68 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -356,7 +356,7 @@ CREATE TABLE `custom_fields` ( `description` text, PRIMARY KEY (`id`), KEY `index_custom_fields_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=41 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -365,7 +365,7 @@ CREATE TABLE `custom_fields` ( LOCK TABLES `custom_fields` WRITE; /*!40000 ALTER TABLE `custom_fields` DISABLE KEYS */; -INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,17,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,14,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,12,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,21,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,22,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,23,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''),(27,'IssueCustomField','Sigma File','string',NULL,'',NULL,NULL,0,0,0,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Location of Sigma file in /SOCtopus'),(28,'IssueCustomField','Sigma URL','string',NULL,'',NULL,NULL,0,0,0,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\n','Location of Sigma file in Security Onion repository'),(29,'IssueCustomField','Email Notifications','bool',NULL,'',NULL,NULL,1,0,1,25,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','When enabled, all alerts will be logged in SOC Alerts and also emailed to the target email address. To configure email options, go to \"jump to a project\" in the top right and type Options. Configure SMTP Settings.'),(30,'IssueCustomField','Auto Update Sigma','bool',NULL,'',NULL,NULL,1,0,1,26,0,'1',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Automatically updating a sigma will be a scheduled task that removes any custom configuration done to the sigma. If you want to customize (ie. add exclusions), automatic updating must be disabled. '),(31,'IssueCustomField','Update Available','bool',NULL,'',NULL,NULL,1,0,1,27,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','The update available field notifies you that a sigma has been updated in the public repo. If a rule doesn\'t automatically update, this field will let you know to either enable automatic updates or manually review the rule changes in the repo. Set this value back to No to ignore the rule notification.'),(32,'IssueCustomField','Alert Email Address','string',NULL,'',NULL,NULL,0,0,0,28,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Destination address for email alerts'),(33,'IssueCustomField','Alert From Email Address','string',NULL,'',NULL,NULL,0,0,0,29,0,'alerts@localhost.local',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Source address for email alerts'),(34,'IssueCustomField','SMTP Server','string',NULL,'',NULL,NULL,0,0,0,30,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','IP Address/Name of destination SMTP Server'),(35,'IssueCustomField','SMTP Port','int',NULL,'',NULL,NULL,0,0,0,31,0,'25',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\n','Destination port of SMTP Server'),(36,'IssueCustomField','SMTP TLS Enabled','bool',NULL,'',NULL,NULL,1,0,0,32,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Enable if SMTP server is requires TLS'),(37,'IssueCustomField','Backup Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,33,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Backup custom community sigmas and internal sigmas to /SOCtopus/custom/backup'),(38,'IssueCustomField','Import Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,34,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Import custom rules from /SOCtopus/custom/import'),(39,'IssueCustomField','Clear Update Status (all)','bool',NULL,'',NULL,NULL,1,0,0,35,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Reset \"Update Available\" status on all rules'),(40,'IssueCustomField','Disable Playbook Alerts','bool',NULL,'',NULL,NULL,1,0,1,24,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Playbook will not generate any alerts for this Play'); +INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,14,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,17,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,12,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,21,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''); /*!40000 ALTER TABLE `custom_fields` ENABLE KEYS */; UNLOCK TABLES; @@ -389,7 +389,6 @@ CREATE TABLE `custom_fields_projects` ( LOCK TABLES `custom_fields_projects` WRITE; /*!40000 ALTER TABLE `custom_fields_projects` DISABLE KEYS */; -INSERT INTO `custom_fields_projects` VALUES (27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,2),(38,2),(39,2),(40,1); /*!40000 ALTER TABLE `custom_fields_projects` ENABLE KEYS */; UNLOCK TABLES; @@ -436,7 +435,7 @@ CREATE TABLE `custom_fields_trackers` ( LOCK TABLES `custom_fields_trackers` WRITE; /*!40000 ALTER TABLE `custom_fields_trackers` DISABLE KEYS */; -INSERT INTO `custom_fields_trackers` VALUES (1,1),(1,2),(1,3),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1),(27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,3),(38,3),(39,3),(40,1); +INSERT INTO `custom_fields_trackers` VALUES (1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1); /*!40000 ALTER TABLE `custom_fields_trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -456,7 +455,7 @@ CREATE TABLE `custom_values` ( PRIMARY KEY (`id`), KEY `custom_values_customized` (`customized_type`,`customized_id`), KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=186336 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=145325 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -465,7 +464,6 @@ CREATE TABLE `custom_values` ( LOCK TABLES `custom_values` WRITE; /*!40000 ALTER TABLE `custom_values` DISABLE KEYS */; -INSERT INTO `custom_values` VALUES (170104,'Issue',995,1,'Sigma Options'),(170105,'Issue',995,37,'1'),(170106,'Issue',995,38,'0'),(170107,'Issue',995,39,'0'); /*!40000 ALTER TABLE `custom_values` ENABLE KEYS */; UNLOCK TABLES; @@ -516,7 +514,7 @@ CREATE TABLE `email_addresses` ( `updated_on` datetime NOT NULL, PRIMARY KEY (`id`), KEY `index_email_addresses_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -525,7 +523,7 @@ CREATE TABLE `email_addresses` ( LOCK TABLES `email_addresses` WRITE; /*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'); /*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; UNLOCK TABLES; @@ -542,7 +540,7 @@ CREATE TABLE `enabled_modules` ( `name` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `enabled_modules_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -551,7 +549,7 @@ CREATE TABLE `enabled_modules` ( LOCK TABLES `enabled_modules` WRITE; /*!40000 ALTER TABLE `enabled_modules` DISABLE KEYS */; -INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'),(3,2,'sigma_editor'),(4,2,'issue_tracking'); +INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'); /*!40000 ALTER TABLE `enabled_modules` ENABLE KEYS */; UNLOCK TABLES; @@ -608,7 +606,7 @@ CREATE TABLE `groups_users` ( LOCK TABLES `groups_users` WRITE; /*!40000 ALTER TABLE `groups_users` DISABLE KEYS */; -INSERT INTO `groups_users` VALUES (6,10),(7,1); +INSERT INTO `groups_users` VALUES (7,1); /*!40000 ALTER TABLE `groups_users` ENABLE KEYS */; UNLOCK TABLES; @@ -799,7 +797,7 @@ CREATE TABLE `issues` ( KEY `index_issues_on_created_on` (`created_on`), KEY `index_issues_on_root_id_and_lft_and_rgt` (`root_id`,`lft`,`rgt`), KEY `index_issues_on_parent_id` (`parent_id`) -) ENGINE=InnoDB AUTO_INCREMENT=996 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -808,7 +806,6 @@ CREATE TABLE `issues` ( LOCK TABLES `issues` WRITE; /*!40000 ALTER TABLE `issues` DISABLE KEYS */; -INSERT INTO `issues` VALUES (995,3,2,'Sigma Options',NULL,NULL,NULL,2,NULL,1,NULL,1,0,'2020-11-23 15:17:38','2020-11-23 15:17:38',NULL,0,NULL,NULL,995,1,2,0,NULL); /*!40000 ALTER TABLE `issues` ENABLE KEYS */; UNLOCK TABLES; @@ -828,7 +825,7 @@ CREATE TABLE `journal_details` ( `value` longtext, PRIMARY KEY (`id`), KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=456 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=792 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -860,7 +857,7 @@ CREATE TABLE `journals` ( KEY `index_journals_on_user_id` (`user_id`), KEY `index_journals_on_journalized_id` (`journalized_id`), KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=11351 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=9502 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -888,7 +885,7 @@ CREATE TABLE `member_roles` ( KEY `index_member_roles_on_member_id` (`member_id`), KEY `index_member_roles_on_role_id` (`role_id`), KEY `index_member_roles_on_inherited_from` (`inherited_from`) -) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -897,7 +894,7 @@ CREATE TABLE `member_roles` ( LOCK TABLES `member_roles` WRITE; /*!40000 ALTER TABLE `member_roles` DISABLE KEYS */; -INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3),(8,8,5,1),(9,9,3,NULL),(10,9,4,NULL),(11,9,5,NULL),(12,10,3,NULL),(13,10,4,NULL),(14,10,5,NULL),(15,11,3,NULL),(16,10,3,15),(17,11,4,NULL),(18,10,4,17),(19,11,5,NULL),(20,10,5,19); +INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3); /*!40000 ALTER TABLE `member_roles` ENABLE KEYS */; UNLOCK TABLES; @@ -918,7 +915,7 @@ CREATE TABLE `members` ( UNIQUE KEY `index_members_on_user_id_and_project_id` (`user_id`,`project_id`), KEY `index_members_on_user_id` (`user_id`), KEY `index_members_on_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -927,7 +924,7 @@ CREATE TABLE `members` ( LOCK TABLES `members` WRITE; /*!40000 ALTER TABLE `members` DISABLE KEYS */; -INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0),(8,10,1,'2020-11-21 22:14:13',0),(9,1,2,'2020-11-22 20:49:47',0),(10,10,2,'2020-11-22 20:49:47',0),(11,6,2,'2020-11-22 20:49:47',0); +INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0); /*!40000 ALTER TABLE `members` ENABLE KEYS */; UNLOCK TABLES; @@ -1080,7 +1077,7 @@ CREATE TABLE `projects` ( PRIMARY KEY (`id`), KEY `index_projects_on_lft` (`lft`), KEY `index_projects_on_rgt` (`rgt`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1089,7 +1086,7 @@ CREATE TABLE `projects` ( LOCK TABLES `projects` WRITE; /*!40000 ALTER TABLE `projects` DISABLE KEYS */; -INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL),(2,'Options','','',1,NULL,'2020-11-22 20:49:17','2020-11-22 20:49:17','options',1,3,4,0,NULL,NULL); +INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL); /*!40000 ALTER TABLE `projects` ENABLE KEYS */; UNLOCK TABLES; @@ -1114,7 +1111,7 @@ CREATE TABLE `projects_trackers` ( LOCK TABLES `projects_trackers` WRITE; /*!40000 ALTER TABLE `projects_trackers` DISABLE KEYS */; -INSERT INTO `projects_trackers` VALUES (1,1),(2,2),(2,3); +INSERT INTO `projects_trackers` VALUES (1,1); /*!40000 ALTER TABLE `projects_trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -1313,7 +1310,7 @@ CREATE TABLE `settings` ( LOCK TABLES `settings` WRITE; /*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.121:7000/playbook/sigmac\ncreate_url: http://10.66.166.121:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); +INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.135:7000/playbook/sigmac\ncreate_url: http://10.66.166.135:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); /*!40000 ALTER TABLE `settings` ENABLE KEYS */; UNLOCK TABLES; @@ -1374,7 +1371,7 @@ CREATE TABLE `tokens` ( PRIMARY KEY (`id`), UNIQUE KEY `tokens_value` (`value`), KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=67 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1383,7 +1380,19 @@ CREATE TABLE `tokens` ( LOCK TABLES `tokens` WRITE; /*!40000 ALTER TABLE `tokens` DISABLE KEYS */; -INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'),(61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'),(62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'),(67,10,'api','a92a42f4fbbb23e713adc4f57091129457f6acfe','2020-11-21 22:14:13','2020-11-21 22:14:13'),(71,1,'session','3bcc8d4d9b8a5dda138da6f2f346bb2503b1ec9d','2020-12-08 03:01:36','2020-12-08 03:02:48'); +INSERT INTO `tokens` + VALUES + (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'), + (4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'), + (5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'), + (9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'), + (19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'), + (20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'), + (23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'), + (46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'), + (59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'), + (61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'), + (62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'); /*!40000 ALTER TABLE `tokens` ENABLE KEYS */; UNLOCK TABLES; @@ -1404,7 +1413,7 @@ CREATE TABLE `trackers` ( `fields_bits` int(11) DEFAULT '0', `default_status_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1413,7 +1422,7 @@ CREATE TABLE `trackers` ( LOCK TABLES `trackers` WRITE; /*!40000 ALTER TABLE `trackers` DISABLE KEYS */; -INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2),(2,'Email Options','',0,2,1,511,2),(3,'Sigma Options','',0,3,1,511,2); +INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2); /*!40000 ALTER TABLE `trackers` ENABLE KEYS */; UNLOCK TABLES; @@ -1432,7 +1441,7 @@ CREATE TABLE `user_preferences` ( `time_zone` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`), KEY `index_user_preferences_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1441,7 +1450,7 @@ CREATE TABLE `user_preferences` ( LOCK TABLES `user_preferences` WRITE; /*!40000 ALTER TABLE `user_preferences` DISABLE KEYS */; -INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1,2\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''),(4,10,'---\n:no_self_notified: true\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); +INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); /*!40000 ALTER TABLE `user_preferences` ENABLE KEYS */; UNLOCK TABLES; @@ -1475,7 +1484,7 @@ CREATE TABLE `users` ( KEY `index_users_on_id_and_type` (`id`,`type`), KEY `index_users_on_auth_source_id` (`auth_source_id`), KEY `index_users_on_type` (`type`) -) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1484,7 +1493,16 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); +INSERT INTO `users` + VALUES + (1,'admin','ADMIN_HASH','Admin','Admin',1,1,'2020-08-17 18:03:20','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','ADMIN_SALT',0,'2020-04-26 13:10:27'), + (2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL), + (3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL), + (4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL), + (5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL), + (6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL), + (7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL) +; /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; @@ -1561,7 +1579,7 @@ CREATE TABLE `webhooks` ( `url` varchar(255) DEFAULT NULL, `project_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1570,7 +1588,7 @@ CREATE TABLE `webhooks` ( LOCK TABLES `webhooks` WRITE; /*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; -INSERT INTO `webhooks` VALUES (1,'http://10.66.166.121:7000/playbook/webhook',1),(2,'http://10.66.166.121:7000/playbook/webhook',2); +INSERT INTO `webhooks` VALUES (1,'http://10.66.166.135:7000/playbook/webhook',1); /*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; UNLOCK TABLES; @@ -1745,7 +1763,7 @@ CREATE TABLE `workflows` ( KEY `index_workflows_on_role_id` (`role_id`), KEY `index_workflows_on_new_status_id` (`new_status_id`), KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=767 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=652 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1754,7 +1772,7 @@ CREATE TABLE `workflows` ( LOCK TABLES `workflows` WRITE; /*!40000 ALTER TABLE `workflows` DISABLE KEYS */; -INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL),(652,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(653,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(654,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(655,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(656,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(657,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(658,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(659,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(660,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(661,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(662,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(663,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(664,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(665,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(666,1,2,0,2,0,0,'WorkflowPermission','27','readonly'),(667,1,2,0,2,0,0,'WorkflowPermission','28','readonly'),(668,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(669,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(670,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(671,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(672,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(673,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(674,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(675,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(676,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(677,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(678,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(679,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(680,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(681,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(682,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(683,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(684,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(685,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(686,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(687,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(688,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(689,1,3,0,2,0,0,'WorkflowPermission','27','readonly'),(690,1,3,0,2,0,0,'WorkflowPermission','28','readonly'),(691,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(692,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(693,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(694,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(695,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(696,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(697,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(698,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(699,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(700,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(701,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(702,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(703,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(704,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(705,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(706,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(707,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(708,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(709,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(710,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(711,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(712,1,4,0,2,0,0,'WorkflowPermission','27','readonly'),(713,1,4,0,2,0,0,'WorkflowPermission','28','readonly'),(714,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(715,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(716,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(717,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(718,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(719,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(720,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(721,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(722,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(723,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(724,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(725,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(726,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(727,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(728,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(729,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(730,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(731,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(732,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(733,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(734,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(735,1,5,0,2,0,0,'WorkflowPermission','27','readonly'),(736,1,5,0,2,0,0,'WorkflowPermission','28','readonly'),(737,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(738,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(739,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(740,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(741,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(742,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(743,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(744,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(745,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(746,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(747,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(748,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(749,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(750,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(751,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(752,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(753,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(754,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(755,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(756,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(757,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(758,1,6,0,2,0,0,'WorkflowPermission','27','readonly'),(759,1,6,0,2,0,0,'WorkflowPermission','28','readonly'),(760,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(761,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(762,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(763,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(764,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(765,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(766,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); +INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(537,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(538,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(539,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(540,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(541,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(542,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(543,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(544,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(545,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(546,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(547,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(548,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(549,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(550,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(551,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(552,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(553,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(554,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(555,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(556,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(557,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(558,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(559,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(560,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(561,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(562,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(563,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(564,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(565,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(566,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(567,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(568,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(569,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(570,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(571,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(572,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(573,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(574,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(575,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(576,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(577,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(578,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(579,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(580,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(581,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(582,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(583,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(584,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(585,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(586,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(587,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(588,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(589,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(590,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(591,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(592,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(593,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(594,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(595,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(596,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(597,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(598,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(599,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(600,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(601,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(602,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(603,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(604,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(605,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(606,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(607,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(608,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(609,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(610,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(611,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(612,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(613,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(614,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(615,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(616,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(617,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(618,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(619,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(620,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(621,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(622,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(623,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(624,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(625,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(626,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(627,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(628,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(629,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(630,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(631,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(632,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(633,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(634,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(635,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(636,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(637,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(638,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(639,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(640,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(641,1,6,0,2,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL); /*!40000 ALTER TABLE `workflows` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -1767,4 +1785,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2020-12-08 3:05:36 +-- Dump completed on 2020-08-17 18:06:56 diff --git a/salt/playbook/files/playbook_db_migrations.sql b/salt/playbook/files/playbook_db_migrations.sql deleted file mode 100644 index e06d921f4..000000000 --- a/salt/playbook/files/playbook_db_migrations.sql +++ /dev/null @@ -1,1762 +0,0 @@ --- MySQL dump 10.13 Distrib 5.7.24, for Linux (x86_64) --- --- Host: localhost Database: playbook --- ------------------------------------------------------ --- Server version 5.7.24 - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8 */; -/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; -/*!40103 SET TIME_ZONE='+00:00' */; -/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; -/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; -/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; -/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; - --- --- Table structure for table `ar_internal_metadata` --- - --- `ar_internal_metadata`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `ar_internal_metadata` ( - `key` varchar(255) NOT NULL, - `value` varchar(255) DEFAULT NULL, - `created_at` datetime NOT NULL, - `updated_at` datetime NOT NULL, - PRIMARY KEY (`key`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `ar_internal_metadata` --- - -LOCK TABLES `ar_internal_metadata` WRITE; -/*!40000 ALTER TABLE `ar_internal_metadata` DISABLE KEYS */; -INSERT INTO `ar_internal_metadata` VALUES ('environment','production','2020-04-26 13:08:38','2020-04-26 13:08:38'); -/*!40000 ALTER TABLE `ar_internal_metadata` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `attachments` --- - --- `attachments`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `attachments` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `container_id` int(11) DEFAULT NULL, - `container_type` varchar(30) DEFAULT NULL, - `filename` varchar(255) NOT NULL DEFAULT '', - `disk_filename` varchar(255) NOT NULL DEFAULT '', - `filesize` bigint(20) NOT NULL DEFAULT '0', - `content_type` varchar(255) DEFAULT '', - `digest` varchar(64) NOT NULL DEFAULT '', - `downloads` int(11) NOT NULL DEFAULT '0', - `author_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `description` varchar(255) DEFAULT NULL, - `disk_directory` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_attachments_on_author_id` (`author_id`), - KEY `index_attachments_on_created_on` (`created_on`), - KEY `index_attachments_on_container_id_and_container_type` (`container_id`,`container_type`), - KEY `index_attachments_on_disk_filename` (`disk_filename`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `attachments` --- - -LOCK TABLES `attachments` WRITE; -/*!40000 ALTER TABLE `attachments` DISABLE KEYS */; -/*!40000 ALTER TABLE `attachments` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `auth_sources` --- - --- `auth_sources`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `auth_sources` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(30) NOT NULL DEFAULT '', - `name` varchar(60) NOT NULL DEFAULT '', - `host` varchar(60) DEFAULT NULL, - `port` int(11) DEFAULT NULL, - `account` varchar(255) DEFAULT NULL, - `account_password` varchar(255) DEFAULT '', - `base_dn` varchar(255) DEFAULT NULL, - `attr_login` varchar(30) DEFAULT NULL, - `attr_firstname` varchar(30) DEFAULT NULL, - `attr_lastname` varchar(30) DEFAULT NULL, - `attr_mail` varchar(30) DEFAULT NULL, - `onthefly_register` tinyint(1) NOT NULL DEFAULT '0', - `tls` tinyint(1) NOT NULL DEFAULT '0', - `filter` text, - `timeout` int(11) DEFAULT NULL, - `verify_peer` tinyint(1) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`), - KEY `index_auth_sources_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `auth_sources` --- - -LOCK TABLES `auth_sources` WRITE; -/*!40000 ALTER TABLE `auth_sources` DISABLE KEYS */; -/*!40000 ALTER TABLE `auth_sources` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `boards` --- - --- `boards`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `boards` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `name` varchar(255) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT NULL, - `position` int(11) DEFAULT NULL, - `topics_count` int(11) NOT NULL DEFAULT '0', - `messages_count` int(11) NOT NULL DEFAULT '0', - `last_message_id` int(11) DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `boards_project_id` (`project_id`), - KEY `index_boards_on_last_message_id` (`last_message_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `boards` --- - -LOCK TABLES `boards` WRITE; -/*!40000 ALTER TABLE `boards` DISABLE KEYS */; -/*!40000 ALTER TABLE `boards` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `changes` --- - --- `changes`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `changes` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `changeset_id` int(11) NOT NULL, - `action` varchar(1) NOT NULL DEFAULT '', - `path` text NOT NULL, - `from_path` text, - `from_revision` varchar(255) DEFAULT NULL, - `revision` varchar(255) DEFAULT NULL, - `branch` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `changesets_changeset_id` (`changeset_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `changes` --- - -LOCK TABLES `changes` WRITE; -/*!40000 ALTER TABLE `changes` DISABLE KEYS */; -/*!40000 ALTER TABLE `changes` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `changeset_parents` --- - --- `changeset_parents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `changeset_parents` ( - `changeset_id` int(11) NOT NULL, - `parent_id` int(11) NOT NULL, - KEY `changeset_parents_changeset_ids` (`changeset_id`), - KEY `changeset_parents_parent_ids` (`parent_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `changeset_parents` --- - -LOCK TABLES `changeset_parents` WRITE; -/*!40000 ALTER TABLE `changeset_parents` DISABLE KEYS */; -/*!40000 ALTER TABLE `changeset_parents` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `changesets` --- - --- `changesets`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `changesets` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `repository_id` int(11) NOT NULL, - `revision` varchar(255) NOT NULL, - `committer` varchar(255) DEFAULT NULL, - `committed_on` datetime NOT NULL, - `comments` longtext, - `commit_date` date DEFAULT NULL, - `scmid` varchar(255) DEFAULT NULL, - `user_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `changesets_repos_rev` (`repository_id`,`revision`), - KEY `index_changesets_on_user_id` (`user_id`), - KEY `index_changesets_on_repository_id` (`repository_id`), - KEY `index_changesets_on_committed_on` (`committed_on`), - KEY `changesets_repos_scmid` (`repository_id`,`scmid`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `changesets` --- - -LOCK TABLES `changesets` WRITE; -/*!40000 ALTER TABLE `changesets` DISABLE KEYS */; -/*!40000 ALTER TABLE `changesets` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `changesets_issues` --- - --- `changesets_issues`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `changesets_issues` ( - `changeset_id` int(11) NOT NULL, - `issue_id` int(11) NOT NULL, - UNIQUE KEY `changesets_issues_ids` (`changeset_id`,`issue_id`), - KEY `index_changesets_issues_on_issue_id` (`issue_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `changesets_issues` --- - -LOCK TABLES `changesets_issues` WRITE; -/*!40000 ALTER TABLE `changesets_issues` DISABLE KEYS */; -/*!40000 ALTER TABLE `changesets_issues` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `comments` --- - --- `comments`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `comments` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `commented_type` varchar(30) NOT NULL DEFAULT '', - `commented_id` int(11) NOT NULL DEFAULT '0', - `author_id` int(11) NOT NULL DEFAULT '0', - `content` text, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `index_comments_on_commented_id_and_commented_type` (`commented_id`,`commented_type`), - KEY `index_comments_on_author_id` (`author_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `comments` --- - -LOCK TABLES `comments` WRITE; -/*!40000 ALTER TABLE `comments` DISABLE KEYS */; -/*!40000 ALTER TABLE `comments` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_field_enumerations` --- - --- `custom_field_enumerations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_field_enumerations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `custom_field_id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `active` tinyint(1) NOT NULL DEFAULT '1', - `position` int(11) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_field_enumerations` --- - -LOCK TABLES `custom_field_enumerations` WRITE; -/*!40000 ALTER TABLE `custom_field_enumerations` DISABLE KEYS */; -/*!40000 ALTER TABLE `custom_field_enumerations` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_fields` --- - --- `custom_fields`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_fields` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(30) NOT NULL DEFAULT '', - `name` varchar(30) NOT NULL DEFAULT '', - `field_format` varchar(30) NOT NULL DEFAULT '', - `possible_values` text, - `regexp` varchar(255) DEFAULT '', - `min_length` int(11) DEFAULT NULL, - `max_length` int(11) DEFAULT NULL, - `is_required` tinyint(1) NOT NULL DEFAULT '0', - `is_for_all` tinyint(1) NOT NULL DEFAULT '0', - `is_filter` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `searchable` tinyint(1) DEFAULT '0', - `default_value` text, - `editable` tinyint(1) DEFAULT '1', - `visible` tinyint(1) NOT NULL DEFAULT '1', - `multiple` tinyint(1) DEFAULT '0', - `format_store` text, - `description` text, - PRIMARY KEY (`id`), - KEY `index_custom_fields_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=41 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_fields` --- - -LOCK TABLES `custom_fields` WRITE; -/*!40000 ALTER TABLE `custom_fields` DISABLE KEYS */; -INSERT INTO `custom_fields` VALUES (1,'IssueCustomField','Title','string',NULL,'',NULL,NULL,0,1,1,1,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(2,'IssueCustomField','Author','string',NULL,'',NULL,NULL,0,1,1,2,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(3,'IssueCustomField','Objective','text',NULL,'',NULL,NULL,0,1,1,16,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nfull_width_layout: \'1\'\n',''),(4,'IssueCustomField','Operational Notes','text',NULL,'',NULL,NULL,0,1,0,17,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(5,'IssueCustomField','Result Analysis','text',NULL,'',NULL,NULL,0,1,0,18,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(6,'IssueCustomField','ElastAlert Config','text',NULL,'',NULL,NULL,0,1,0,19,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(7,'IssueCustomField','HiveID','string',NULL,'',NULL,NULL,0,1,1,15,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(8,'IssueCustomField','References','text',NULL,'',NULL,NULL,0,1,0,6,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'0\'\n',''),(9,'IssueCustomField','Sigma','text',NULL,'',NULL,NULL,0,1,0,20,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(10,'IssueCustomField','Level','list','---\n- low\n- medium\n- high\n- critical\n','',NULL,NULL,0,1,1,3,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(11,'IssueCustomField','PlayID','string',NULL,'',NULL,NULL,0,1,1,8,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(12,'IssueCustomField','Rule ID','string',NULL,'',NULL,NULL,0,1,1,9,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(13,'IssueCustomField','Playbook','list','---\n- Internal\n- imported\n- community\n','',NULL,NULL,0,1,1,4,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(15,'IssueCustomField','ATT&CK Technique','list','---\n- T1001\n- T1002\n- T1003\n- T1004\n- T1005\n- T1006\n- T1007\n- T1008\n- T1009\n- T1010\n- T1011\n- T1012\n- T1013\n- T1014\n- T1015\n- T1016\n- T1017\n- T1018\n- T1019\n- T1020\n- T1021\n- T1022\n- T1023\n- T1024\n- T1025\n- T1026\n- T1027\n- T1028\n- T1029\n- T1030\n- T1031\n- T1032\n- T1033\n- T1034\n- T1035\n- T1036\n- T1037\n- T1038\n- T1039\n- T1040\n- T1041\n- T1042\n- T1043\n- T1044\n- T1045\n- T1046\n- T1047\n- T1048\n- T1049\n- T1050\n- T1051\n- T1052\n- T1053\n- T1054\n- T1055\n- T1056\n- T1057\n- T1058\n- T1059\n- T1060\n- T1061\n- T1062\n- T1063\n- T1064\n- T1065\n- T1066\n- T1067\n- T1068\n- T1069\n- T1070\n- T1071\n- T1072\n- T1073\n- T1074\n- T1075\n- T1076\n- T1077\n- T1078\n- T1079\n- T1080\n- T1081\n- T1082\n- T1083\n- T1084\n- T1085\n- T1086\n- T1087\n- T1088\n- T1089\n- T1090\n- T1091\n- T1092\n- T1093\n- T1094\n- T1095\n- T1096\n- T1097\n- T1098\n- T1099\n- T1100\n- T1101\n- T1102\n- T1103\n- T1104\n- T1105\n- T1106\n- T1107\n- T1108\n- T1109\n- T1110\n- T1111\n- T1112\n- T1113\n- T1114\n- T1115\n- T1116\n- T1117\n- T1118\n- T1119\n- T1120\n- T1121\n- T1122\n- T1123\n- T1124\n- T1125\n- T1126\n- T1127\n- T1128\n- T1129\n- T1130\n- T1131\n- T1132\n- T1133\n- T1134\n- T1135\n- T1136\n- T1137\n- T1138\n- T1139\n- T1140\n- T1141\n- T1142\n- T1143\n- T1144\n- T1145\n- T1146\n- T1147\n- T1148\n- T1149\n- T1150\n- T1151\n- T1152\n- T1153\n- T1154\n- T1155\n- T1156\n- T1157\n- T1158\n- T1159\n- T1160\n- T1161\n- T1162\n- T1163\n- T1164\n- T1165\n- T1166\n- T1167\n- T1168\n- T1169\n- T1170\n- T1171\n- T1172\n- T1173\n- T1174\n- T1175\n- T1176\n- T1177\n- T1178\n- T1179\n- T1180\n- T1181\n- T1182\n- T1183\n- T1184\n- T1185\n- T1186\n- T1187\n- T1188\n- T1189\n- T1190\n- T1191\n- T1192\n- T1193\n- T1194\n- T1195\n- T1196\n- T1197\n- T1198\n- T1199\n- T1200\n- T1201\n- T1202\n- T1203\n- T1204\n- T1205\n- T1206\n- T1207\n- T1208\n- T1209\n- T1210\n- T1211\n- T1212\n- T1213\n- T1214\n- T1215\n- T1216\n- T1217\n- T1218\n- T1219\n- T1220\n- T1221\n- T1222\n- T1223\n- T1480\n- T1482\n- T1483\n- T1484\n- T1485\n- T1486\n- T1487\n- T1488\n- T1489\n- T1490\n- T1491\n- T1492\n- T1493\n- T1494\n- T1495\n- T1496\n- T1497\n- T1498\n- T1499\n- T1500\n- T1501\n- T1502\n- T1503\n- T1504\n- T1505\n- T1506\n- T1514\n- T1518\n- T1519\n- T1522\n- T1525\n- T1526\n- T1527\n- T1528\n- T1529\n- T1530\n- T1531\n- T1534\n- T1535\n- T1536\n- T1537\n- T1538\n- T1539\n- T1540\n- T1541\n- T1542\n- T1543\n- T1544\n- T1545\n- T1546\n- T1547\n- T1548\n- T1549\n- T1550\n- T1551\n- T1552\n- T1553\n- T1554\n- T1555\n- T1556\n- T1557\n- T1558\n- T1559\n- T1560\n- T1561\n- T1562\n- T1563\n- T1564\n- T1565\n- T1566\n- T1567\n- T1568\n- T1569\n- T1570\n- T1571\n- T1572\n- T1573\n- T1574\n- T1575\n- T1576\n- T1577\n- T1578\n- T1579\n- T1580\n- T1581\n- T1582\n- T1583\n- T1584\n- T1585\n- T1586\n- T1587\n- T1588\n- T1589\n- T1590\n- T1591\n- T1592\n- T1593\n- T1594\n- T1595\n- T1596\n- T1597\n- T1598\n- T1599\n- T1600\n- T1601\n- T1602\n- T1603\n- T1604\n- T1605\n- T1606\n- T1607\n- T1608\n- T1609\n- T1610\n- T1611\n- T1612\n- T1613\n- T1614\n- T1615\n- T1616\n- T1617\n- T1618\n- T1619\n- T1620\n- T1621\n- T1622\n- T1623\n- T1624\n- T1625\n- T1626\n- T1627\n- T1628\n- T1629\n- T1630\n- T1631\n- T1632\n- T1633\n- T1634\n- T1635\n- T1636\n- T1637\n- T1638\n- T1639\n- T1640\n- T1641\n- T1642\n- T1643\n- T1644\n- T1645\n- T1646\n- T1647\n- T1648\n- T1649\n- T1650\n- T1651\n- T1652\n- T1653\n- T1654\n- T1655\n- T1656\n- T1657\n- T1658\n- T1659\n- T1660\n- T1661\n- T1662\n- T1663\n- T1664\n- T1665\n- T1666\n- T1667\n- T1668\n- T1669\n- T1670\n- T1671\n- T1672\n- T1673\n- T1674\n- T1675\n- T1676\n- T1677\n- T1678\n- T1679\n- T1680\n- T1681\n- T1682\n- T1683\n- T1684\n- T1685\n- T1686\n- T1687\n- T1688\n- T1689\n- T1690\n- T1691\n- T1692\n- T1693\n- T1694\n- T1695\n- T1696\n- T1697\n- T1698\n- T1699\n- T1700\n- T1701\n- T1702\n- T1703\n- T1704\n- T1705\n- T1706\n- T1707\n- T1708\n- T1709\n- T1710\n- T1711\n- T1712\n- T1713\n- T1714\n- T1715\n- T1716\n- T1717\n- T1718\n- T1719\n- T1720\n- T1721\n- T1722\n- T1723\n- T1724\n- T1725\n- T1726\n- T1727\n- T1728\n- T1729\n- T1730\n- T1731\n- T1732\n- T1733\n- T1734\n- T1735\n- T1736\n- T1737\n- T1738\n- T1739\n- T1740\n- T1741\n- T1742\n- T1743\n- T1744\n- T1745\n- T1746\n- T1747\n- T1748\n- T1749\n- T1750\n- T1751\n- T1752\n','',NULL,NULL,0,1,1,7,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://attack.mitre.org/techniques/%value%\nedit_tag_style: \'\'\n',''),(17,'IssueCustomField','Case Analyzers','list','---\n- Urlscan_io_Search - ip,domain,hash,url\n- CERTatPassiveDNS - domain,fqdn,ip\n','',NULL,NULL,0,1,1,14,1,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(18,'IssueCustomField','Ruleset','string',NULL,'',NULL,NULL,0,1,1,12,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(19,'IssueCustomField','Group','string',NULL,'',NULL,NULL,0,1,1,13,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(20,'IssueCustomField','Product','string',NULL,'',NULL,NULL,0,1,1,5,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n',''),(21,'IssueCustomField','Target Log','text',NULL,'',NULL,NULL,0,1,0,21,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\nfull_width_layout: \'1\'\n',''),(22,'IssueCustomField','Unit Test','list','---\n- Passed\n- Failed\n','',NULL,NULL,0,1,1,22,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n',''),(26,'IssueCustomField','License','list','---\n- Apache-2.0\n- BSD-2-Clause\n- BSD-3-Clause\n- CC0-1.0\n- CC-PDDC\n- DRL-1.0\n- LGPL-3.0-only\n- MIT License\n- GPL-2.0-only\n- GPL-3.0-only\n','',NULL,NULL,0,1,0,23,0,'',1,1,1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: https://spdx.org/licenses/%value%.html\nedit_tag_style: \'\'\n',''),(27,'IssueCustomField','Sigma File','string',NULL,'',NULL,NULL,0,0,0,10,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Location of Sigma file in /SOCtopus'),(28,'IssueCustomField','Sigma URL','string',NULL,'',NULL,NULL,0,0,0,11,1,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: full\n','Location of Sigma file in Security Onion repository'),(29,'IssueCustomField','Email Notifications','bool',NULL,'',NULL,NULL,1,0,1,25,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','When enabled, all alerts will be logged in SOC Alerts and also emailed to the target email address. To configure email options, go to \"jump to a project\" in the top right and type Options. Configure SMTP Settings.'),(30,'IssueCustomField','Auto Update Sigma','bool',NULL,'',NULL,NULL,1,0,1,26,0,'1',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Automatically updating a sigma will be a scheduled task that removes any custom configuration done to the sigma. If you want to customize (ie. add exclusions), automatic updating must be disabled. '),(31,'IssueCustomField','Update Available','bool',NULL,'',NULL,NULL,1,0,1,27,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','The update available field notifies you that a sigma has been updated in the public repo. If a rule doesn\'t automatically update, this field will let you know to either enable automatic updates or manually review the rule changes in the repo. Set this value back to No to ignore the rule notification.'),(32,'IssueCustomField','Alert Email Address','string',NULL,'',NULL,NULL,0,0,0,28,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Destination address for email alerts'),(33,'IssueCustomField','Alert From Email Address','string',NULL,'',NULL,NULL,0,0,0,29,0,'alerts@localhost.local',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','Source address for email alerts'),(34,'IssueCustomField','SMTP Server','string',NULL,'',NULL,NULL,0,0,0,30,0,'',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\ntext_formatting: \'\'\nurl_pattern: \'\'\n','IP Address/Name of destination SMTP Server'),(35,'IssueCustomField','SMTP Port','int',NULL,'',NULL,NULL,0,0,0,31,0,'25',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\n','Destination port of SMTP Server'),(36,'IssueCustomField','SMTP TLS Enabled','bool',NULL,'',NULL,NULL,1,0,0,32,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Enable if SMTP server is requires TLS'),(37,'IssueCustomField','Backup Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,33,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Backup custom community sigmas and internal sigmas to /SOCtopus/custom/backup'),(38,'IssueCustomField','Import Custom Sigmas','bool',NULL,'',NULL,NULL,1,0,0,34,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Import custom rules from /SOCtopus/custom/import'),(39,'IssueCustomField','Clear Update Status (all)','bool',NULL,'',NULL,NULL,1,0,0,35,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: \'\'\n','Reset \"Update Available\" status on all rules'),(40,'IssueCustomField','Disable Playbook Alerts','bool',NULL,'',NULL,NULL,1,0,1,24,0,'0',1,1,0,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nurl_pattern: \'\'\nedit_tag_style: check_box\n','Playbook will not generate any alerts for this Play'); -/*!40000 ALTER TABLE `custom_fields` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_fields_projects` --- - --- `custom_fields_projects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_fields_projects` ( - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `project_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `index_custom_fields_projects_on_custom_field_id_and_project_id` (`custom_field_id`,`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_fields_projects` --- - -LOCK TABLES `custom_fields_projects` WRITE; -/*!40000 ALTER TABLE `custom_fields_projects` DISABLE KEYS */; -INSERT INTO `custom_fields_projects` VALUES (27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,2),(38,2),(39,2),(40,1); -/*!40000 ALTER TABLE `custom_fields_projects` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_fields_roles` --- - --- `custom_fields_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_fields_roles` ( - `custom_field_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - UNIQUE KEY `custom_fields_roles_ids` (`custom_field_id`,`role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_fields_roles` --- - -LOCK TABLES `custom_fields_roles` WRITE; -/*!40000 ALTER TABLE `custom_fields_roles` DISABLE KEYS */; -/*!40000 ALTER TABLE `custom_fields_roles` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_fields_trackers` --- - --- `custom_fields_trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_fields_trackers` ( - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `tracker_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `index_custom_fields_trackers_on_custom_field_id_and_tracker_id` (`custom_field_id`,`tracker_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_fields_trackers` --- - -LOCK TABLES `custom_fields_trackers` WRITE; -/*!40000 ALTER TABLE `custom_fields_trackers` DISABLE KEYS */; -INSERT INTO `custom_fields_trackers` VALUES (1,1),(1,2),(1,3),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1),(10,1),(11,1),(12,1),(13,1),(15,1),(17,1),(18,1),(19,1),(20,1),(21,1),(22,1),(26,1),(27,1),(28,1),(29,1),(30,1),(31,1),(32,2),(33,2),(34,2),(35,2),(36,2),(37,3),(38,3),(39,3),(40,1); -/*!40000 ALTER TABLE `custom_fields_trackers` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `custom_values` --- - --- `custom_values`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `custom_values` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `customized_type` varchar(30) NOT NULL DEFAULT '', - `customized_id` int(11) NOT NULL DEFAULT '0', - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `value` longtext, - PRIMARY KEY (`id`), - KEY `custom_values_customized` (`customized_type`,`customized_id`), - KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=186336 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `custom_values` --- - -LOCK TABLES `custom_values` WRITE; -/*!40000 ALTER TABLE `custom_values` DISABLE KEYS */; -INSERT INTO `custom_values` VALUES (170104,'Issue',995,1,'Sigma Options'),(170105,'Issue',995,37,'1'),(170106,'Issue',995,38,'0'),(170107,'Issue',995,39,'0'); -/*!40000 ALTER TABLE `custom_values` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `documents` --- - --- `documents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `documents` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `category_id` int(11) NOT NULL DEFAULT '0', - `title` varchar(255) NOT NULL DEFAULT '', - `description` text, - `created_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `documents_project_id` (`project_id`), - KEY `index_documents_on_category_id` (`category_id`), - KEY `index_documents_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `documents` --- - -LOCK TABLES `documents` WRITE; -/*!40000 ALTER TABLE `documents` DISABLE KEYS */; -/*!40000 ALTER TABLE `documents` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `email_addresses` --- - --- `email_addresses`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `email_addresses` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL, - `address` varchar(255) NOT NULL, - `is_default` tinyint(1) NOT NULL DEFAULT '0', - `notify` tinyint(1) NOT NULL DEFAULT '1', - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `index_email_addresses_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `email_addresses` --- - -LOCK TABLES `email_addresses` WRITE; -/*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'),(4,10,'automation2@localhost.local',1,1,'2020-11-21 22:14:13','2020-11-21 22:14:13'); -/*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `enabled_modules` --- - --- `enabled_modules`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `enabled_modules` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `name` varchar(255) NOT NULL, - PRIMARY KEY (`id`), - KEY `enabled_modules_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `enabled_modules` --- - -LOCK TABLES `enabled_modules` WRITE; -/*!40000 ALTER TABLE `enabled_modules` DISABLE KEYS */; -INSERT INTO `enabled_modules` VALUES (1,1,'sigma_editor'),(2,1,'issue_tracking'),(3,2,'sigma_editor'),(4,2,'issue_tracking'); -/*!40000 ALTER TABLE `enabled_modules` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `enumerations` --- - --- `enumerations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `enumerations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `position` int(11) DEFAULT NULL, - `is_default` tinyint(1) NOT NULL DEFAULT '0', - `type` varchar(255) DEFAULT NULL, - `active` tinyint(1) NOT NULL DEFAULT '1', - `project_id` int(11) DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - `position_name` varchar(30) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_enumerations_on_project_id` (`project_id`), - KEY `index_enumerations_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `enumerations` --- - -LOCK TABLES `enumerations` WRITE; -/*!40000 ALTER TABLE `enumerations` DISABLE KEYS */; -INSERT INTO `enumerations` VALUES (1,'Normal',1,1,'IssuePriority',1,NULL,NULL,'default'); -/*!40000 ALTER TABLE `enumerations` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `groups_users` --- - --- `groups_users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `groups_users` ( - `group_id` int(11) NOT NULL, - `user_id` int(11) NOT NULL, - UNIQUE KEY `groups_users_ids` (`group_id`,`user_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `groups_users` --- - -LOCK TABLES `groups_users` WRITE; -/*!40000 ALTER TABLE `groups_users` DISABLE KEYS */; -INSERT INTO `groups_users` VALUES (6,10),(7,1); -/*!40000 ALTER TABLE `groups_users` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `import_items` --- - --- `import_items`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `import_items` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `import_id` int(11) NOT NULL, - `position` int(11) NOT NULL, - `obj_id` int(11) DEFAULT NULL, - `message` text, - `unique_id` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_import_items_on_import_id_and_unique_id` (`import_id`,`unique_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `import_items` --- - -LOCK TABLES `import_items` WRITE; -/*!40000 ALTER TABLE `import_items` DISABLE KEYS */; -/*!40000 ALTER TABLE `import_items` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `imports` --- - --- `imports`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `imports` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(255) DEFAULT NULL, - `user_id` int(11) NOT NULL, - `filename` varchar(255) DEFAULT NULL, - `settings` text, - `total_items` int(11) DEFAULT NULL, - `finished` tinyint(1) NOT NULL DEFAULT '0', - `created_at` datetime NOT NULL, - `updated_at` datetime NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `imports` --- - -LOCK TABLES `imports` WRITE; -/*!40000 ALTER TABLE `imports` DISABLE KEYS */; -/*!40000 ALTER TABLE `imports` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `issue_categories` --- - --- `issue_categories`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `issue_categories` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `name` varchar(60) NOT NULL DEFAULT '', - `assigned_to_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `issue_categories_project_id` (`project_id`), - KEY `index_issue_categories_on_assigned_to_id` (`assigned_to_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `issue_categories` --- - -LOCK TABLES `issue_categories` WRITE; -/*!40000 ALTER TABLE `issue_categories` DISABLE KEYS */; -/*!40000 ALTER TABLE `issue_categories` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `issue_relations` --- - --- `issue_relations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `issue_relations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `issue_from_id` int(11) NOT NULL, - `issue_to_id` int(11) NOT NULL, - `relation_type` varchar(255) NOT NULL DEFAULT '', - `delay` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `index_issue_relations_on_issue_from_id_and_issue_to_id` (`issue_from_id`,`issue_to_id`), - KEY `index_issue_relations_on_issue_from_id` (`issue_from_id`), - KEY `index_issue_relations_on_issue_to_id` (`issue_to_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `issue_relations` --- - -LOCK TABLES `issue_relations` WRITE; -/*!40000 ALTER TABLE `issue_relations` DISABLE KEYS */; -/*!40000 ALTER TABLE `issue_relations` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `issue_statuses` --- - --- `issue_statuses`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `issue_statuses` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `is_closed` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `default_done_ratio` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_issue_statuses_on_position` (`position`), - KEY `index_issue_statuses_on_is_closed` (`is_closed`) -) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `issue_statuses` --- - -LOCK TABLES `issue_statuses` WRITE; -/*!40000 ALTER TABLE `issue_statuses` DISABLE KEYS */; -INSERT INTO `issue_statuses` VALUES (2,'Draft',0,1,NULL),(3,'Active',0,2,NULL),(4,'Inactive',0,3,NULL),(5,'Archived',0,4,NULL),(6,'Disabled',0,5,NULL); -/*!40000 ALTER TABLE `issue_statuses` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `issues` --- - --- `issues`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `issues` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `tracker_id` int(11) NOT NULL, - `project_id` int(11) NOT NULL, - `subject` varchar(255) NOT NULL DEFAULT '', - `description` longtext, - `due_date` date DEFAULT NULL, - `category_id` int(11) DEFAULT NULL, - `status_id` int(11) NOT NULL, - `assigned_to_id` int(11) DEFAULT NULL, - `priority_id` int(11) NOT NULL, - `fixed_version_id` int(11) DEFAULT NULL, - `author_id` int(11) NOT NULL, - `lock_version` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `start_date` date DEFAULT NULL, - `done_ratio` int(11) NOT NULL DEFAULT '0', - `estimated_hours` float DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - `root_id` int(11) DEFAULT NULL, - `lft` int(11) DEFAULT NULL, - `rgt` int(11) DEFAULT NULL, - `is_private` tinyint(1) NOT NULL DEFAULT '0', - `closed_on` datetime DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `issues_project_id` (`project_id`), - KEY `index_issues_on_status_id` (`status_id`), - KEY `index_issues_on_category_id` (`category_id`), - KEY `index_issues_on_assigned_to_id` (`assigned_to_id`), - KEY `index_issues_on_fixed_version_id` (`fixed_version_id`), - KEY `index_issues_on_tracker_id` (`tracker_id`), - KEY `index_issues_on_priority_id` (`priority_id`), - KEY `index_issues_on_author_id` (`author_id`), - KEY `index_issues_on_created_on` (`created_on`), - KEY `index_issues_on_root_id_and_lft_and_rgt` (`root_id`,`lft`,`rgt`), - KEY `index_issues_on_parent_id` (`parent_id`) -) ENGINE=InnoDB AUTO_INCREMENT=996 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `issues` --- - -LOCK TABLES `issues` WRITE; -/*!40000 ALTER TABLE `issues` DISABLE KEYS */; -INSERT INTO `issues` VALUES (995,3,2,'Sigma Options',NULL,NULL,NULL,2,NULL,1,NULL,1,0,'2020-11-23 15:17:38','2020-11-23 15:17:38',NULL,0,NULL,NULL,995,1,2,0,NULL); -/*!40000 ALTER TABLE `issues` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `journal_details` --- - --- `journal_details`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `journal_details` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `journal_id` int(11) NOT NULL DEFAULT '0', - `property` varchar(30) NOT NULL DEFAULT '', - `prop_key` varchar(30) NOT NULL DEFAULT '', - `old_value` longtext, - `value` longtext, - PRIMARY KEY (`id`), - KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=456 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `journal_details` --- - -LOCK TABLES `journal_details` WRITE; -/*!40000 ALTER TABLE `journal_details` DISABLE KEYS */; -/*!40000 ALTER TABLE `journal_details` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `journals` --- - --- `journals`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `journals` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `journalized_id` int(11) NOT NULL DEFAULT '0', - `journalized_type` varchar(30) NOT NULL DEFAULT '', - `user_id` int(11) NOT NULL DEFAULT '0', - `notes` longtext, - `created_on` datetime NOT NULL, - `private_notes` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `journals_journalized_id` (`journalized_id`,`journalized_type`), - KEY `index_journals_on_user_id` (`user_id`), - KEY `index_journals_on_journalized_id` (`journalized_id`), - KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=11351 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `journals` --- - -LOCK TABLES `journals` WRITE; -/*!40000 ALTER TABLE `journals` DISABLE KEYS */; -/*!40000 ALTER TABLE `journals` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `member_roles` --- - --- `member_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `member_roles` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `member_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - `inherited_from` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_member_roles_on_member_id` (`member_id`), - KEY `index_member_roles_on_role_id` (`role_id`), - KEY `index_member_roles_on_inherited_from` (`inherited_from`) -) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `member_roles` --- - -LOCK TABLES `member_roles` WRITE; -/*!40000 ALTER TABLE `member_roles` DISABLE KEYS */; -INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3),(8,8,5,1),(9,9,3,NULL),(10,9,4,NULL),(11,9,5,NULL),(12,10,3,NULL),(13,10,4,NULL),(14,10,5,NULL),(15,11,3,NULL),(16,10,3,15),(17,11,4,NULL),(18,10,4,17),(19,11,5,NULL),(20,10,5,19); -/*!40000 ALTER TABLE `member_roles` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `members` --- - --- `members`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `members` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `project_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `mail_notification` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - UNIQUE KEY `index_members_on_user_id_and_project_id` (`user_id`,`project_id`), - KEY `index_members_on_user_id` (`user_id`), - KEY `index_members_on_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `members` --- - -LOCK TABLES `members` WRITE; -/*!40000 ALTER TABLE `members` DISABLE KEYS */; -INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0),(8,10,1,'2020-11-21 22:14:13',0),(9,1,2,'2020-11-22 20:49:47',0),(10,10,2,'2020-11-22 20:49:47',0),(11,6,2,'2020-11-22 20:49:47',0); -/*!40000 ALTER TABLE `members` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `messages` --- - --- `messages`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `messages` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `board_id` int(11) NOT NULL, - `parent_id` int(11) DEFAULT NULL, - `subject` varchar(255) NOT NULL DEFAULT '', - `content` text, - `author_id` int(11) DEFAULT NULL, - `replies_count` int(11) NOT NULL DEFAULT '0', - `last_reply_id` int(11) DEFAULT NULL, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - `locked` tinyint(1) DEFAULT '0', - `sticky` int(11) DEFAULT '0', - PRIMARY KEY (`id`), - KEY `messages_board_id` (`board_id`), - KEY `messages_parent_id` (`parent_id`), - KEY `index_messages_on_last_reply_id` (`last_reply_id`), - KEY `index_messages_on_author_id` (`author_id`), - KEY `index_messages_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `messages` --- - -LOCK TABLES `messages` WRITE; -/*!40000 ALTER TABLE `messages` DISABLE KEYS */; -/*!40000 ALTER TABLE `messages` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `news` --- - --- `news`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `news` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `title` varchar(60) NOT NULL DEFAULT '', - `summary` varchar(255) DEFAULT '', - `description` text, - `author_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `comments_count` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `news_project_id` (`project_id`), - KEY `index_news_on_author_id` (`author_id`), - KEY `index_news_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `news` --- - -LOCK TABLES `news` WRITE; -/*!40000 ALTER TABLE `news` DISABLE KEYS */; -/*!40000 ALTER TABLE `news` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `open_id_authentication_associations` --- - --- `open_id_authentication_associations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `open_id_authentication_associations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `issued` int(11) DEFAULT NULL, - `lifetime` int(11) DEFAULT NULL, - `handle` varchar(255) DEFAULT NULL, - `assoc_type` varchar(255) DEFAULT NULL, - `server_url` blob, - `secret` blob, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `open_id_authentication_associations` --- - -LOCK TABLES `open_id_authentication_associations` WRITE; -/*!40000 ALTER TABLE `open_id_authentication_associations` DISABLE KEYS */; -/*!40000 ALTER TABLE `open_id_authentication_associations` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `open_id_authentication_nonces` --- - --- `open_id_authentication_nonces`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `open_id_authentication_nonces` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `timestamp` int(11) NOT NULL, - `server_url` varchar(255) DEFAULT NULL, - `salt` varchar(255) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `open_id_authentication_nonces` --- - -LOCK TABLES `open_id_authentication_nonces` WRITE; -/*!40000 ALTER TABLE `open_id_authentication_nonces` DISABLE KEYS */; -/*!40000 ALTER TABLE `open_id_authentication_nonces` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `projects` --- - --- `projects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `projects` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `description` text, - `homepage` varchar(255) DEFAULT '', - `is_public` tinyint(1) NOT NULL DEFAULT '1', - `parent_id` int(11) DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `identifier` varchar(255) DEFAULT NULL, - `status` int(11) NOT NULL DEFAULT '1', - `lft` int(11) DEFAULT NULL, - `rgt` int(11) DEFAULT NULL, - `inherit_members` tinyint(1) NOT NULL DEFAULT '0', - `default_version_id` int(11) DEFAULT NULL, - `default_assigned_to_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_projects_on_lft` (`lft`), - KEY `index_projects_on_rgt` (`rgt`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `projects` --- - -LOCK TABLES `projects` WRITE; -/*!40000 ALTER TABLE `projects` DISABLE KEYS */; -INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL),(2,'Options','','',1,NULL,'2020-11-22 20:49:17','2020-11-22 20:49:17','options',1,3,4,0,NULL,NULL); -/*!40000 ALTER TABLE `projects` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `projects_trackers` --- - --- `projects_trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `projects_trackers` ( - `project_id` int(11) NOT NULL DEFAULT '0', - `tracker_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `projects_trackers_unique` (`project_id`,`tracker_id`), - KEY `projects_trackers_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `projects_trackers` --- - -LOCK TABLES `projects_trackers` WRITE; -/*!40000 ALTER TABLE `projects_trackers` DISABLE KEYS */; -INSERT INTO `projects_trackers` VALUES (1,1),(2,2),(2,3); -/*!40000 ALTER TABLE `projects_trackers` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `queries` --- - --- `queries`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `queries` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `name` varchar(255) NOT NULL DEFAULT '', - `filters` text, - `user_id` int(11) NOT NULL DEFAULT '0', - `column_names` text, - `sort_criteria` text, - `group_by` varchar(255) DEFAULT NULL, - `type` varchar(255) DEFAULT NULL, - `visibility` int(11) DEFAULT '0', - `options` text, - PRIMARY KEY (`id`), - KEY `index_queries_on_project_id` (`project_id`), - KEY `index_queries_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `queries` --- - -LOCK TABLES `queries` WRITE; -/*!40000 ALTER TABLE `queries` DISABLE KEYS */; -INSERT INTO `queries` VALUES (3,1,'All Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(4,NULL,'Inactive Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'4\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(5,NULL,'Draft Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'2\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(6,NULL,'Playbook - Community Sigma','---\ncf_13:\n :operator: \"=\"\n :values:\n - community\n',1,'---\n- :status\n- :cf_10\n- :cf_18\n- :cf_19\n- :cf_20\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(8,NULL,'Playbook - Internal','---\ncf_13:\n :operator: \"=\"\n :values:\n - Internal\n',1,'---\n- :status\n- :cf_10\n- :cf_14\n- :cf_16\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(9,NULL,'Active Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\nstatus_id:\n :operator: \"=\"\n :values:\n - \'3\'\n',1,'---\n- :status\n- :cf_10\n- :cf_13\n- :cf_18\n- :cf_19\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'); -/*!40000 ALTER TABLE `queries` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `queries_roles` --- - --- `queries_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `queries_roles` ( - `query_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - UNIQUE KEY `queries_roles_ids` (`query_id`,`role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `queries_roles` --- - -LOCK TABLES `queries_roles` WRITE; -/*!40000 ALTER TABLE `queries_roles` DISABLE KEYS */; -/*!40000 ALTER TABLE `queries_roles` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `repositories` --- - --- `repositories`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `repositories` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `url` varchar(255) NOT NULL DEFAULT '', - `login` varchar(60) DEFAULT '', - `password` varchar(255) DEFAULT '', - `root_url` varchar(255) DEFAULT '', - `type` varchar(255) DEFAULT NULL, - `path_encoding` varchar(64) DEFAULT NULL, - `log_encoding` varchar(64) DEFAULT NULL, - `extra_info` longtext, - `identifier` varchar(255) DEFAULT NULL, - `is_default` tinyint(1) DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_repositories_on_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `repositories` --- - -LOCK TABLES `repositories` WRITE; -/*!40000 ALTER TABLE `repositories` DISABLE KEYS */; -/*!40000 ALTER TABLE `repositories` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `roles` --- - --- `roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `roles` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `position` int(11) DEFAULT NULL, - `assignable` tinyint(1) DEFAULT '1', - `builtin` int(11) NOT NULL DEFAULT '0', - `permissions` text, - `issues_visibility` varchar(30) NOT NULL DEFAULT 'default', - `users_visibility` varchar(30) NOT NULL DEFAULT 'all', - `time_entries_visibility` varchar(30) NOT NULL DEFAULT 'all', - `all_roles_managed` tinyint(1) NOT NULL DEFAULT '1', - `settings` text, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `roles` --- - -LOCK TABLES `roles` WRITE; -/*!40000 ALTER TABLE `roles` DISABLE KEYS */; -INSERT INTO `roles` VALUES (1,'Non member',0,1,1,NULL,'default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'0\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(2,'Anonymous',0,1,2,'---\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(3,'Security-Analyst',1,0,0,'---\n- :save_queries\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :sigma_editor\n','all','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(4,'SuperAdmin',2,0,0,'---\n- :add_project\n- :edit_project\n- :close_project\n- :select_project_modules\n- :manage_members\n- :manage_versions\n- :add_subprojects\n- :manage_public_queries\n- :save_queries\n- :manage_hook\n- :view_messages\n- :add_messages\n- :edit_messages\n- :edit_own_messages\n- :delete_messages\n- :delete_own_messages\n- :manage_boards\n- :view_calendar\n- :view_documents\n- :add_documents\n- :edit_documents\n- :delete_documents\n- :view_files\n- :manage_files\n- :view_gantt\n- :view_issues\n- :edit_issues\n- :edit_own_issues\n- :copy_issues\n- :manage_issue_relations\n- :manage_subtasks\n- :set_issues_private\n- :set_own_issues_private\n- :add_issue_notes\n- :edit_issue_notes\n- :edit_own_issue_notes\n- :view_private_notes\n- :set_notes_private\n- :delete_issues\n- :view_issue_watchers\n- :add_issue_watchers\n- :delete_issue_watchers\n- :import_issues\n- :manage_categories\n- :view_news\n- :manage_news\n- :comment_news\n- :view_changesets\n- :browse_repository\n- :commit_access\n- :manage_related_issues\n- :manage_repository\n- :sigma_editor\n- :view_time_entries\n- :log_time\n- :edit_time_entries\n- :edit_own_time_entries\n- :manage_project_activities\n- :log_time_for_other_users\n- :import_time_entries\n- :view_wiki_pages\n- :view_wiki_edits\n- :export_wiki_pages\n- :edit_wiki_pages\n- :rename_wiki_pages\n- :delete_wiki_pages\n- :delete_wiki_pages_attachments\n- :protect_wiki_pages\n- :manage_wiki\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(5,'Automation',3,0,0,'---\n- :view_issues\n- :add_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :import_issues\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'); -/*!40000 ALTER TABLE `roles` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `roles_managed_roles` --- - --- `roles_managed_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `roles_managed_roles` ( - `role_id` int(11) NOT NULL, - `managed_role_id` int(11) NOT NULL, - UNIQUE KEY `index_roles_managed_roles_on_role_id_and_managed_role_id` (`role_id`,`managed_role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `roles_managed_roles` --- - -LOCK TABLES `roles_managed_roles` WRITE; -/*!40000 ALTER TABLE `roles_managed_roles` DISABLE KEYS */; -/*!40000 ALTER TABLE `roles_managed_roles` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `schema_migrations` --- - --- `schema_migrations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `schema_migrations` ( - `version` varchar(255) NOT NULL, - PRIMARY KEY (`version`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `schema_migrations` --- - -LOCK TABLES `schema_migrations` WRITE; -/*!40000 ALTER TABLE `schema_migrations` DISABLE KEYS */; -INSERT INTO `schema_migrations` VALUES ('1'),('1-redmine_webhook'),('10'),('100'),('101'),('102'),('103'),('104'),('105'),('106'),('107'),('108'),('11'),('12'),('13'),('14'),('15'),('16'),('17'),('18'),('19'),('2'),('20'),('20090214190337'),('20090312172426'),('20090312194159'),('20090318181151'),('20090323224724'),('20090401221305'),('20090401231134'),('20090403001910'),('20090406161854'),('20090425161243'),('20090503121501'),('20090503121505'),('20090503121510'),('20090614091200'),('20090704172350'),('20090704172355'),('20090704172358'),('20091010093521'),('20091017212227'),('20091017212457'),('20091017212644'),('20091017212938'),('20091017213027'),('20091017213113'),('20091017213151'),('20091017213228'),('20091017213257'),('20091017213332'),('20091017213444'),('20091017213536'),('20091017213642'),('20091017213716'),('20091017213757'),('20091017213835'),('20091017213910'),('20091017214015'),('20091017214107'),('20091017214136'),('20091017214236'),('20091017214308'),('20091017214336'),('20091017214406'),('20091017214440'),('20091017214519'),('20091017214611'),('20091017214644'),('20091017214720'),('20091017214750'),('20091025163651'),('20091108092559'),('20091114105931'),('20091123212029'),('20091205124427'),('20091220183509'),('20091220183727'),('20091220184736'),('20091225164732'),('20091227112908'),('20100129193402'),('20100129193813'),('20100221100219'),('20100313132032'),('20100313171051'),('20100705164950'),('20100819172912'),('20101104182107'),('20101107130441'),('20101114115114'),('20101114115359'),('20110220160626'),('20110223180944'),('20110223180953'),('20110224000000'),('20110226120112'),('20110226120132'),('20110227125750'),('20110228000000'),('20110228000100'),('20110401192910'),('20110408103312'),('20110412065600'),('20110511000000'),('20110902000000'),('20111201201315'),('20120115143024'),('20120115143100'),('20120115143126'),('20120127174243'),('20120205111326'),('20120223110929'),('20120301153455'),('20120422150750'),('20120705074331'),('20120707064544'),('20120714122000'),('20120714122100'),('20120714122200'),('20120731164049'),('20120930112914'),('20121026002032'),('20121026003537'),('20121209123234'),('20121209123358'),('20121213084931'),('20130110122628'),('20130201184705'),('20130202090625'),('20130207175206'),('20130207181455'),('20130215073721'),('20130215111127'),('20130215111141'),('20130217094251'),('20130602092539'),('20130710182539'),('20130713104233'),('20130713111657'),('20130729070143'),('20130911193200'),('20131004113137'),('20131005100610'),('20131124175346'),('20131210180802'),('20131214094309'),('20131215104612'),('20131218183023'),('20140228130325'),('20140903143914'),('20140920094058'),('20141029181752'),('20141029181824'),('20141109112308'),('20141122124142'),('20150113194759'),('20150113211532'),('20150113213922'),('20150113213955'),('20150208105930'),('20150510083747'),('20150525103953'),('20150526183158'),('20150528084820'),('20150528092912'),('20150528093249'),('20150725112753'),('20150730122707'),('20150730122735'),('20150921204850'),('20150921210243'),('20151020182334'),('20151020182731'),('20151021184614'),('20151021185456'),('20151021190616'),('20151024082034'),('20151025072118'),('20151031095005'),('20160404080304'),('20160416072926'),('20160529063352'),('20161001122012'),('20161002133421'),('20161010081301'),('20161010081528'),('20161010081600'),('20161126094932'),('20161220091118'),('20170207050700'),('20170302015225'),('20170309214320'),('20170320051650'),('20170418090031'),('20170419144536'),('20170723112801'),('20180501132547'),('20180913072918'),('20180923082945'),('20180923091603'),('20190315094151'),('20190315102101'),('20190510070108'),('20190620135549'),('21'),('22'),('23'),('24'),('25'),('26'),('27'),('28'),('29'),('3'),('30'),('31'),('32'),('33'),('34'),('35'),('36'),('37'),('38'),('39'),('4'),('40'),('41'),('42'),('43'),('44'),('45'),('46'),('47'),('48'),('49'),('5'),('50'),('51'),('52'),('53'),('54'),('55'),('56'),('57'),('58'),('59'),('6'),('60'),('61'),('62'),('63'),('64'),('65'),('66'),('67'),('68'),('69'),('7'),('70'),('71'),('72'),('73'),('74'),('75'),('76'),('77'),('78'),('79'),('8'),('80'),('81'),('82'),('83'),('84'),('85'),('86'),('87'),('88'),('89'),('9'),('90'),('91'),('92'),('93'),('94'),('95'),('96'),('97'),('98'),('99'); -/*!40000 ALTER TABLE `schema_migrations` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `settings` --- - --- `settings`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `settings` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `value` text, - `updated_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_settings_on_name` (`name`) -) ENGINE=InnoDB AUTO_INCREMENT=71 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `settings` --- - -LOCK TABLES `settings` WRITE; -/*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.121:7000/playbook/sigmac\ncreate_url: http://10.66.166.121:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); -/*!40000 ALTER TABLE `settings` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `time_entries` --- - --- `time_entries`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `time_entries` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `user_id` int(11) NOT NULL, - `issue_id` int(11) DEFAULT NULL, - `hours` float NOT NULL, - `comments` varchar(1024) DEFAULT NULL, - `activity_id` int(11) NOT NULL, - `spent_on` date NOT NULL, - `tyear` int(11) NOT NULL, - `tmonth` int(11) NOT NULL, - `tweek` int(11) NOT NULL, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `time_entries_project_id` (`project_id`), - KEY `time_entries_issue_id` (`issue_id`), - KEY `index_time_entries_on_activity_id` (`activity_id`), - KEY `index_time_entries_on_user_id` (`user_id`), - KEY `index_time_entries_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `time_entries` --- - -LOCK TABLES `time_entries` WRITE; -/*!40000 ALTER TABLE `time_entries` DISABLE KEYS */; -/*!40000 ALTER TABLE `time_entries` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `tokens` --- - --- `tokens`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `tokens` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `action` varchar(30) NOT NULL DEFAULT '', - `value` varchar(40) NOT NULL DEFAULT '', - `created_on` datetime NOT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `tokens_value` (`value`), - KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `tokens` --- - -LOCK TABLES `tokens` WRITE; -/*!40000 ALTER TABLE `tokens` DISABLE KEYS */; -INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'),(61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'),(62,1,'session','d29acdcd0b8e4ebf78ef8f696d3e76df7e2ab2ac','2020-08-17 14:51:59','2020-08-17 14:53:22'),(67,10,'api','a92a42f4fbbb23e713adc4f57091129457f6acfe','2020-11-21 22:14:13','2020-11-21 22:14:13'),(71,1,'session','3bcc8d4d9b8a5dda138da6f2f346bb2503b1ec9d','2020-12-08 03:01:36','2020-12-08 03:02:48'); -/*!40000 ALTER TABLE `tokens` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `trackers` --- - --- `trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `trackers` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT NULL, - `is_in_chlog` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `is_in_roadmap` tinyint(1) NOT NULL DEFAULT '1', - `fields_bits` int(11) DEFAULT '0', - `default_status_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `trackers` --- - -LOCK TABLES `trackers` WRITE; -/*!40000 ALTER TABLE `trackers` DISABLE KEYS */; -INSERT INTO `trackers` VALUES (1,'Play','',0,1,0,255,2),(2,'Email Options','',0,2,1,511,2),(3,'Sigma Options','',0,3,1,511,2); -/*!40000 ALTER TABLE `trackers` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `user_preferences` --- - --- `user_preferences`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `user_preferences` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `others` text, - `hide_mail` tinyint(1) DEFAULT '1', - `time_zone` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_user_preferences_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `user_preferences` --- - -LOCK TABLES `user_preferences` WRITE; -/*!40000 ALTER TABLE `user_preferences` DISABLE KEYS */; -INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1,2\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''),(4,10,'---\n:no_self_notified: true\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); -/*!40000 ALTER TABLE `user_preferences` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `users` --- - --- `users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `users` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `login` varchar(255) NOT NULL DEFAULT '', - `hashed_password` varchar(40) NOT NULL DEFAULT '', - `firstname` varchar(30) NOT NULL DEFAULT '', - `lastname` varchar(255) NOT NULL DEFAULT '', - `admin` tinyint(1) NOT NULL DEFAULT '0', - `status` int(11) NOT NULL DEFAULT '1', - `last_login_on` datetime DEFAULT NULL, - `language` varchar(5) DEFAULT '', - `auth_source_id` int(11) DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `type` varchar(255) DEFAULT NULL, - `identity_url` varchar(255) DEFAULT NULL, - `mail_notification` varchar(255) NOT NULL DEFAULT '', - `salt` varchar(64) DEFAULT NULL, - `must_change_passwd` tinyint(1) NOT NULL DEFAULT '0', - `passwd_changed_on` datetime DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_users_on_id_and_type` (`id`,`type`), - KEY `index_users_on_auth_source_id` (`auth_source_id`), - KEY `index_users_on_type` (`type`) -) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `users` --- - -LOCK TABLES `users` WRITE; -/*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','27193748a2fc174c339e7c22292bccb882f6f756','Admin','Admin',1,1,'2020-12-08 03:01:36','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5exVbsSixI1ub0aOGSRyctmB4EMwk7v2',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(10,'automation','05af6545acc48ea85bf4b002e560b702b727c9f8','SecOps','Automation',0,1,NULL,'en',NULL,'2020-11-21 22:14:13','2020-11-21 22:14:13','User',NULL,'only_my_events','8e99dd319cef62d18e80bb9f29cc1ce8',0,'2020-11-21 22:14:13'); -/*!40000 ALTER TABLE `users` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `versions` --- - --- `versions`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `versions` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `name` varchar(255) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT '', - `effective_date` date DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `wiki_page_title` varchar(255) DEFAULT NULL, - `status` varchar(255) DEFAULT 'open', - `sharing` varchar(255) NOT NULL DEFAULT 'none', - PRIMARY KEY (`id`), - KEY `versions_project_id` (`project_id`), - KEY `index_versions_on_sharing` (`sharing`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `versions` --- - -LOCK TABLES `versions` WRITE; -/*!40000 ALTER TABLE `versions` DISABLE KEYS */; -/*!40000 ALTER TABLE `versions` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `watchers` --- - --- `watchers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `watchers` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `watchable_type` varchar(255) NOT NULL DEFAULT '', - `watchable_id` int(11) NOT NULL DEFAULT '0', - `user_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `watchers_user_id_type` (`user_id`,`watchable_type`), - KEY `index_watchers_on_user_id` (`user_id`), - KEY `index_watchers_on_watchable_id_and_watchable_type` (`watchable_id`,`watchable_type`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `watchers` --- - -LOCK TABLES `watchers` WRITE; -/*!40000 ALTER TABLE `watchers` DISABLE KEYS */; -/*!40000 ALTER TABLE `watchers` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `webhooks` --- - --- `webhooks`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `webhooks` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `url` varchar(255) DEFAULT NULL, - `project_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `webhooks` --- - -LOCK TABLES `webhooks` WRITE; -/*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; -INSERT INTO `webhooks` VALUES (1,'http://10.66.166.121:7000/playbook/webhook',1),(2,'http://10.66.166.121:7000/playbook/webhook',2); -/*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `wiki_content_versions` --- - --- `wiki_content_versions`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `wiki_content_versions` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_content_id` int(11) NOT NULL, - `page_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `data` longblob, - `compression` varchar(6) DEFAULT '', - `comments` varchar(1024) DEFAULT '', - `updated_on` datetime NOT NULL, - `version` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_content_versions_wcid` (`wiki_content_id`), - KEY `index_wiki_content_versions_on_updated_on` (`updated_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `wiki_content_versions` --- - -LOCK TABLES `wiki_content_versions` WRITE; -/*!40000 ALTER TABLE `wiki_content_versions` DISABLE KEYS */; -/*!40000 ALTER TABLE `wiki_content_versions` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `wiki_contents` --- - --- `wiki_contents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `wiki_contents` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `page_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `text` longtext, - `comments` varchar(1024) DEFAULT '', - `updated_on` datetime NOT NULL, - `version` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_contents_page_id` (`page_id`), - KEY `index_wiki_contents_on_author_id` (`author_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `wiki_contents` --- - -LOCK TABLES `wiki_contents` WRITE; -/*!40000 ALTER TABLE `wiki_contents` DISABLE KEYS */; -/*!40000 ALTER TABLE `wiki_contents` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `wiki_pages` --- - --- `wiki_pages`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `wiki_pages` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_id` int(11) NOT NULL, - `title` varchar(255) NOT NULL, - `created_on` datetime NOT NULL, - `protected` tinyint(1) NOT NULL DEFAULT '0', - `parent_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `wiki_pages_wiki_id_title` (`wiki_id`,`title`), - KEY `index_wiki_pages_on_wiki_id` (`wiki_id`), - KEY `index_wiki_pages_on_parent_id` (`parent_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `wiki_pages` --- - -LOCK TABLES `wiki_pages` WRITE; -/*!40000 ALTER TABLE `wiki_pages` DISABLE KEYS */; -/*!40000 ALTER TABLE `wiki_pages` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `wiki_redirects` --- - --- `wiki_redirects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `wiki_redirects` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_id` int(11) NOT NULL, - `title` varchar(255) DEFAULT NULL, - `redirects_to` varchar(255) DEFAULT NULL, - `created_on` datetime NOT NULL, - `redirects_to_wiki_id` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_redirects_wiki_id_title` (`wiki_id`,`title`), - KEY `index_wiki_redirects_on_wiki_id` (`wiki_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `wiki_redirects` --- - -LOCK TABLES `wiki_redirects` WRITE; -/*!40000 ALTER TABLE `wiki_redirects` DISABLE KEYS */; -/*!40000 ALTER TABLE `wiki_redirects` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `wikis` --- - --- `wikis`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `wikis` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `start_page` varchar(255) NOT NULL, - `status` int(11) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`), - KEY `wikis_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `wikis` --- - -LOCK TABLES `wikis` WRITE; -/*!40000 ALTER TABLE `wikis` DISABLE KEYS */; -/*!40000 ALTER TABLE `wikis` ENABLE KEYS */; -UNLOCK TABLES; - --- --- Table structure for table `workflows` --- - --- `workflows`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE IF NOT EXISTS `workflows` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `tracker_id` int(11) NOT NULL DEFAULT '0', - `old_status_id` int(11) NOT NULL DEFAULT '0', - `new_status_id` int(11) NOT NULL DEFAULT '0', - `role_id` int(11) NOT NULL DEFAULT '0', - `assignee` tinyint(1) NOT NULL DEFAULT '0', - `author` tinyint(1) NOT NULL DEFAULT '0', - `type` varchar(30) DEFAULT NULL, - `field_name` varchar(30) DEFAULT NULL, - `rule` varchar(30) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `wkfs_role_tracker_old_status` (`role_id`,`tracker_id`,`old_status_id`), - KEY `index_workflows_on_old_status_id` (`old_status_id`), - KEY `index_workflows_on_role_id` (`role_id`), - KEY `index_workflows_on_new_status_id` (`new_status_id`), - KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=767 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Dumping data for table `workflows` --- - -LOCK TABLES `workflows` WRITE; -/*!40000 ALTER TABLE `workflows` DISABLE KEYS */; -INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(648,1,4,3,2,0,0,'WorkflowTransition',NULL,NULL),(649,1,4,3,3,0,0,'WorkflowTransition',NULL,NULL),(650,1,4,3,4,0,0,'WorkflowTransition',NULL,NULL),(651,1,4,3,5,0,0,'WorkflowTransition',NULL,NULL),(652,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(653,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(654,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(655,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(656,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(657,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(658,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(659,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(660,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(661,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(662,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(663,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(664,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(665,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(666,1,2,0,2,0,0,'WorkflowPermission','27','readonly'),(667,1,2,0,2,0,0,'WorkflowPermission','28','readonly'),(668,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(669,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(670,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(671,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(672,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(673,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(674,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(675,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(676,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(677,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(678,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(679,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(680,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(681,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(682,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(683,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(684,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(685,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(686,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(687,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(688,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(689,1,3,0,2,0,0,'WorkflowPermission','27','readonly'),(690,1,3,0,2,0,0,'WorkflowPermission','28','readonly'),(691,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(692,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(693,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(694,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(695,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(696,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(697,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(698,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(699,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(700,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(701,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(702,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(703,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(704,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(705,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(706,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(707,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(708,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(709,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(710,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(711,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(712,1,4,0,2,0,0,'WorkflowPermission','27','readonly'),(713,1,4,0,2,0,0,'WorkflowPermission','28','readonly'),(714,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(715,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(716,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(717,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(718,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(719,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(720,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(721,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(722,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(723,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(724,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(725,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(726,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(727,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(728,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(729,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(730,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(731,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(732,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(733,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(734,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(735,1,5,0,2,0,0,'WorkflowPermission','27','readonly'),(736,1,5,0,2,0,0,'WorkflowPermission','28','readonly'),(737,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(738,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(739,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(740,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(741,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(742,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(743,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(744,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(745,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(746,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(747,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(748,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(749,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(750,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(751,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(752,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(753,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(754,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(755,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(756,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(757,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(758,1,6,0,2,0,0,'WorkflowPermission','27','readonly'),(759,1,6,0,2,0,0,'WorkflowPermission','28','readonly'),(760,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(761,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(762,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(763,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(764,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(765,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(766,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); -/*!40000 ALTER TABLE `workflows` ENABLE KEYS */; -UNLOCK TABLES; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; - -/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; -/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; -/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; - --- Dump completed on 2020-12-08 3:09:49 diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 89ec36404..dca898eec 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -38,7 +38,7 @@ query_playbookdbuser_grants: query_updatwebhooks: mysql_query.run: - database: playbook - - query: "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id in (1,2)" + - query: "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id = 1" - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root From 61ae187d0360d00728634d3077188e1f9b2b0dfe Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 12 Dec 2020 10:12:23 -0500 Subject: [PATCH 185/270] revert previous commit #2321 --- salt/elasticsearch/files/ingest/ossec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/ossec b/salt/elasticsearch/files/ingest/ossec index 99b51c673..deb34168c 100644 --- a/salt/elasticsearch/files/ingest/ossec +++ b/salt/elasticsearch/files/ingest/ossec @@ -63,7 +63,7 @@ { "rename": { "field": "fields.module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, - { "set": { "if": "ctx.containsKey('rule.name') && ctx.rule.name != null", "field": "event.dataset", "value": "alert", "override": true } }, + { "set": { "if": "ctx.containsKey('rule') && ctx.rule != null", "field": "event.dataset", "value": "alert", "override": true } }, { "pipeline": { "name": "common" } } ] } From 7a314b593547be15551754d6c36e8df6a57502de Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 12 Dec 2020 11:35:29 -0500 Subject: [PATCH 186/270] Prevent Wazuh "last -n 20" logs from going to Alerts queue #2321 --- salt/elasticsearch/files/ingest/ossec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/ossec b/salt/elasticsearch/files/ingest/ossec index deb34168c..868de2798 100644 --- a/salt/elasticsearch/files/ingest/ossec +++ b/salt/elasticsearch/files/ingest/ossec @@ -63,7 +63,7 @@ { "rename": { "field": "fields.module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, { "pipeline": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "name":"win.eventlogs" } }, - { "set": { "if": "ctx.containsKey('rule') && ctx.rule != null", "field": "event.dataset", "value": "alert", "override": true } }, + { "set": { "if": "ctx.rule != null && ctx.rule.name != null", "field": "event.dataset", "value": "alert", "override": true } }, { "pipeline": { "name": "common" } } ] } From 4e04f31b8ee6ab56a803c57b17d85a2622c56433 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 14 Dec 2020 10:24:49 -0500 Subject: [PATCH 187/270] remove old firewall ports pillar file https://github.com/Security-Onion-Solutions/securityonion/issues/1586 --- pillar/firewall/ports.sls | 65 --------------------------------------- 1 file changed, 65 deletions(-) delete mode 100644 pillar/firewall/ports.sls diff --git a/pillar/firewall/ports.sls b/pillar/firewall/ports.sls deleted file mode 100644 index c10554fce..000000000 --- a/pillar/firewall/ports.sls +++ /dev/null @@ -1,65 +0,0 @@ -firewall: - analyst: - ports: - tcp: - - 80 - - 443 - udp: - beats_endpoint: - ports: - tcp: - - 5044 - forward_nodes: - ports: - tcp: - - 443 - - 5044 - - 5644 - - 9822 - udp: - manager: - ports: - tcp: - - 1514 - - 3200 - - 3306 - - 4200 - - 5601 - - 6379 - - 7788 - - 8086 - - 8090 - - 9001 - - 9200 - - 9300 - - 9400 - - 9500 - - 9595 - - 9696 - udp: - - 1514 - minions: - ports: - tcp: - - 3142 - - 4505 - - 4506 - - 5000 - - 8080 - - 8086 - - 55000 - osquery_endpoint: - ports: - tcp: - - 8090 - search_nodes: - ports: - tcp: - - 6379 - - 9300 - wazuh_endpoint: - ports: - tcp: - - 1514 - udp: - -1514 From a533e6fa3530f4d649cd7d31f3065d312ad71d00 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 14 Dec 2020 11:42:34 -0500 Subject: [PATCH 188/270] [fix] Always set INSTALLUSERNAME var --- setup/so-setup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index d45f400a1..2fad47e3e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -69,11 +69,10 @@ if [[ -f /root/accept_changes ]]; then [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" fi +parse_install_username if ! [ -f /root/install_opt ]; then # Begin Installation pre-processing - parse_install_username - title "Initializing Setup" info "Installing as the $INSTALLUSERNAME user" From aa479b9c8ebd74eb09531fe4de79a11307f7f325 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 14 Dec 2020 10:43:01 -0500 Subject: [PATCH 189/270] Move node address/desc into the minion pillar --- setup/so-functions | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3ff66be30..ad0587f31 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1042,6 +1042,9 @@ host_pillar() { printf '%s\n'\ "host:"\ " mainint: '$MNIC'"\ + "sensoroni:"\ + " node_address: '$MAINIP'"\ + " node_description: '$NODE_DESCRIPTION'"\ "" > "$pillar_file" } @@ -1205,8 +1208,6 @@ manager_global() { " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ "sensoroni:"\ - " node_address: '$MAINIP'"\ - " node_description: '$NODE_DESCRIPTION'"\ " node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ From aa281f849febff6594e8d3797deddc339419f67f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 14 Dec 2020 15:31:25 -0500 Subject: [PATCH 190/270] [feat] Add message about dropping to command line when setting up ssh key --- setup/so-whiptail | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 0a2a7e4fc..94b359574 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -748,11 +748,14 @@ whiptail_management_interface_setup() { local minion_msg local msg + local line_count if [[ $is_minion ]]; then - minion_msg="copy the ssh key for soremote to the manager" + line_count=11 + minion_msg="copy the ssh key for soremote to the manager. This will bring you to the command line temporarily to accept the manager's ECDSA certificate and enter the password for soremote" else - minion_msg="" + line_count=9 + minion_msg="" fi if [[ $is_iso ]]; then @@ -765,7 +768,13 @@ whiptail_management_interface_setup() { msg=$minion_msg fi - whiptail --title "Security Onion Setup" --yesno "Setup will now $msg. Select YES to continue or NO to cancel." 8 75 + read -r -d '' message <<- EOM + Setup will now $msg. + + Select OK to continue. + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" $line_count 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus } From cbd59ed86a5815d17e6d5205e75f668b9e31f146 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Mon, 14 Dec 2020 20:46:31 -0500 Subject: [PATCH 191/270] SOUP Changes --- salt/common/files/daemon.json | 12 +++++++++++ salt/common/init.sls | 9 ++++++++ salt/common/tools/sbin/soup | 39 +++++++++++++++++++++++++++++++++++ salt/docker_clean/init.sls | 2 +- setup/so-functions | 1 + setup/so-setup | 2 +- setup/so-whiptail | 2 +- 7 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 salt/common/files/daemon.json diff --git a/salt/common/files/daemon.json b/salt/common/files/daemon.json new file mode 100644 index 000000000..bc047bc80 --- /dev/null +++ b/salt/common/files/daemon.json @@ -0,0 +1,12 @@ +{%- set DOCKERRANGE = salt['pillar.get']('docker:range') %} +{%- set DOCKERBIND = salt['pillar.get']('docker:bip') %} +{ + "registry-mirrors": [ "https://:5000" ], + "bip": "{{ DOCKERBIND }}", + "default-address-pools": [ + { + "base" : "{{ DOCKERRANGE }}", + "size" : 24 + } + ] +} \ No newline at end of file diff --git a/salt/common/init.sls b/salt/common/init.sls index 1192923b7..337103fd9 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -244,10 +244,19 @@ commonlogrotateconf: - dayweek: '*' {% endif %} +# Manager daemon.json +docker_daemon: + file.managed: + - source: salt://common/files/daemon.json + - name: /etc/docker/daemon.json + - template: jinja + # Make sure Docker is always running docker: service.running: - enable: True + - watch: + - file: docker_daemon {% else %} diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index ca840de59..21076ba3d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -197,6 +197,7 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 + [[ "$INSTALLEDVERSION" == 2.3.0 ]] || [[ "$INSTALLEDVERSION" == 2.3.1 ]] || [[ "$INSTALLEDVERSION" == 2.3.2 ]] || [[ "$INSTALLEDVERSION" == 2.3.10 ]] && 2.3.0_to_2.3.20 } rc1_to_rc2() { @@ -278,6 +279,44 @@ rc3_to_2.3.0() { echo "playbook_admin: $(get_random_value)" echo "playbook_automation: $(get_random_value)" } >> /opt/so/saltstack/local/pillar/secrets.sls + + INSTALLEDVERSION=2.3.0 +} + +2.3.0_to_2.3.20(){ + # Remove PCAP from global + sed '/pcap:/d' /opt/so/saltstack/local/pillar/global.sls + sed '/sensor_checkin_interval_ms:/d' /opt/so/saltstack/local/pillar/global.sls + + # Add checking interval to glbal + echo "sensoroni:" >> /opt/so/saltstack/local/pillar/global.sls + echo " node_checkin_interval_ms: 10000" >> /opt/so/saltstack/local/pillar/global.sls + + # Update pillar fiels for new sensoroni functionality + for file in /opt/so/saltstack/local/pillat/minions/*; do + echo "sensoroni:" >> $file + echo " node_description:" >> $file + local SOMEADDRESS=$(cat $file | grep mainip | tail -n 1 | awk '{print $2'}) + echo " node_address: $SOMEADDRESS" >> $file + done + + # Remove old firewall config to reduce confusion + rm -f /opt/so/saltstack/default/pillar/firewall/ports.sls + + # Fix daemon.json by managing it + echo "docker:" >> /opt/so/saltstack/local/pillar/global.sls + DOCKERGREP=$(cat /etc/docker/daemon.json | grep base | awk {'print $3'} | cut -f1 -d"/") + if [ -z "$DOCKERGREP" ]; then + echo " range: '172.17.0.0/24'" >> /opt/so/saltstack/local/pillar/global.sls + echo " bip: '172.17.0.1/24'" >> /opt/so/saltstack/local/pillar/global.sls + else + DOCKERSTUFF="${DOCKERGREP//\"}" + DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + echo " range: '$DOCKERSTUFF'/24" >> /opt/so/saltstack/local/pillar/global.sls + echo " bip: '$DOCKERSTUFFBIP'" >> /opt/so/saltstack/local/pillar/global.sls + + fi + } space_check() { diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 61499cdb5..9c5ce0d17 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -1,6 +1,6 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1']%} +{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%} {% for VERSION in OLDVERSIONS %} remove_images_{{ VERSION }}: diff --git a/setup/so-functions b/setup/so-functions index 3ff66be30..83d9525f3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -898,6 +898,7 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 + # This will get applied so docker can attempt to start if [ -z "$DOCKERNET" ]; then DOCKERNET=172.17.0.0 fi diff --git a/setup/so-setup b/setup/so-setup index 73e66d058..d6566bdd3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -338,7 +338,6 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then fi whiptail_homenet_manager -whiptail_dockernet_check if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes @@ -373,6 +372,7 @@ fi if [[ $is_manager ]]; then whiptail_components_adv_warning whiptail_enable_components + whiptail_dockernet_check fi if [[ $is_manager || $is_import ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 791cceb76..63acadc90 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -426,7 +426,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \nThe same range MUST be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 size network range for docker to use WITHOUT the /24 notation: \nThis range will be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 80a61d33164b9200902bbcb6aceef3290c4c7013 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 12:06:30 -0500 Subject: [PATCH 192/270] SOUP Features --- salt/common/tools/sbin/so-image-common | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 3449158c0..f0fd8d691 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -17,6 +17,7 @@ # NOTE: This script depends on so-common IMAGEREPO=securityonion +FEATURESCHECK=$(lookup_pillar elastic features) container_list() { MANAGERCHECK=$1 @@ -46,17 +47,24 @@ container_list() { "so-curator" \ "so-domainstats" \ "so-elastalert" \ - "so-elasticsearch" \ - "so-filebeat" \ + if [[ "$FEATURESCHECK" == "True" ]]; then + "so-elasticsearch-features" \ + "so-filebeat-features" \ + "so-logstash-features" \ + "so-kibana-features" \ + else + "so-elasticsearch" \ + "so-filebeat" \ + "so-logstash" \ + "so-kibana" \ + fi "so-fleet" \ "so-fleet-launcher" \ "so-freqserver" \ "so-grafana" \ "so-idstools" \ "so-influxdb" \ - "so-kibana" \ "so-kratos" \ - "so-logstash" \ "so-minio" \ "so-mysql" \ "so-nginx" \ From 3da7a26e885e4259d9e09dc1ddafa5cd24b4ad12 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Dec 2020 12:37:01 -0500 Subject: [PATCH 193/270] Remove jinja whitespace trimming to avoid syntax error in bash --- salt/common/tools/sbin/so-yara-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index a2a633957..ddddb87eb 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -165,6 +165,6 @@ else echo "No connectivity to Github...exiting..." exit 1 fi -{%- endif -%} +{% endif %} echo "Finished rule updates at $(date)..." From f70d828aa633b68860339cac5c002c6149cacd60 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:04:09 -0500 Subject: [PATCH 194/270] [fix] Create array correctly --- salt/common/tools/sbin/so-image-common | 131 +++++++++++++------------ 1 file changed, 69 insertions(+), 62 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index f0fd8d691..6f5095aa3 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -29,73 +29,80 @@ container_list() { fi if [ $MANAGERCHECK == 'so-import' ]; then - TRUSTED_CONTAINERS=( \ - "so-elasticsearch" \ - "so-filebeat" \ - "so-idstools" \ - "so-kibana" \ - "so-kratos" \ - "so-nginx" \ - "so-pcaptools" \ - "so-soc" \ - "so-steno" \ - "so-suricata" \ - "so-zeek" ) + TRUSTED_CONTAINERS=( + "so-elasticsearch" + "so-filebeat" + "so-idstools" + "so-kibana" + "so-kratos" + "so-nginx" + "so-pcaptools" + "so-soc" + "so-steno" + "so-suricata" + "so-zeek" + ) elif [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ - "so-acng" \ - "so-curator" \ - "so-domainstats" \ - "so-elastalert" \ + TRUSTED_CONTAINERS=( + "so-acng" + "so-curator" + "so-domainstats" + "so-elastalert" + "so-fleet" + "so-fleet-launcher" + "so-freqserver" + "so-grafana" + "so-idstools" + "so-influxdb" + "so-kratos" + "so-minio" + "so-mysql" + "so-nginx" + "so-pcaptools" + "so-playbook" + "so-redis" + "so-soc" + "so-soctopus" + "so-steno" + "so-strelka-backend" + "so-strelka-filestream" + "so-strelka-frontend" + "so-strelka-manager" + "so-suricata" + "so-telegraf" + "so-thehive" + "so-thehive-cortex" + "so-thehive-es" + "so-wazuh" + "so-zeek" + ) if [[ "$FEATURESCHECK" == "True" ]]; then - "so-elasticsearch-features" \ - "so-filebeat-features" \ - "so-logstash-features" \ - "so-kibana-features" \ + TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" + "so-elasticsearch-features" + "so-filebeat-features" + "so-logstash-features" + "so-kibana-features" + ) else - "so-elasticsearch" \ - "so-filebeat" \ - "so-logstash" \ - "so-kibana" \ + TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" + "so-elasticsearch" + "so-filebeat" + "so-logstash" + "so-kibana" + ) fi - "so-fleet" \ - "so-fleet-launcher" \ - "so-freqserver" \ - "so-grafana" \ - "so-idstools" \ - "so-influxdb" \ - "so-kratos" \ - "so-minio" \ - "so-mysql" \ - "so-nginx" \ - "so-pcaptools" \ - "so-playbook" \ - "so-redis" \ - "so-soc" \ - "so-soctopus" \ - "so-steno" \ - "so-strelka-backend" \ - "so-strelka-filestream" \ - "so-strelka-frontend" \ - "so-strelka-manager" \ - "so-suricata" \ - "so-telegraf" \ - "so-thehive" \ - "so-thehive-cortex" \ - "so-thehive-es" \ - "so-wazuh" \ - "so-zeek" ) else - TRUSTED_CONTAINERS=( \ - "so-filebeat" \ - "so-idstools" \ - "so-logstash" \ - "so-nginx" \ - "so-redis" \ - "so-steno" \ - "so-suricata" \ - "so-telegraf" \ - "so-zeek" ) + TRUSTED_CONTAINERS=( + "so-filebeat" + "so-idstools" + "so-logstash" + "so-nginx" + "so-redis" + "so-steno" + "so-suricata" + "so-telegraf" + "so-zeek" + ) fi } From f7d02763e8f8e48aa90b1babfdeaaf3c6e540fa4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:07:21 -0500 Subject: [PATCH 195/270] [fix] Move FEATURESCHECK var assignment, fix indentation --- salt/common/tools/sbin/so-image-common | 159 +++++++++++++------------ 1 file changed, 80 insertions(+), 79 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 6f5095aa3..dd4cfc979 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -17,93 +17,94 @@ # NOTE: This script depends on so-common IMAGEREPO=securityonion -FEATURESCHECK=$(lookup_pillar elastic features) container_list() { - MANAGERCHECK=$1 - if [ -z "$MANAGERCHECK" ]; then - MANAGERCHECK=so-unknown - if [ -f /etc/salt/grains ]; then - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - fi - fi + MANAGERCHECK=$1 + FEATURESCHECK=$(lookup_pillar elastic features) - if [ $MANAGERCHECK == 'so-import' ]; then - TRUSTED_CONTAINERS=( + if [ -z "$MANAGERCHECK" ]; then + MANAGERCHECK=so-unknown + if [ -f /etc/salt/grains ]; then + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + fi + fi + + if [ $MANAGERCHECK == 'so-import' ]; then + TRUSTED_CONTAINERS=( + "so-elasticsearch" + "so-filebeat" + "so-idstools" + "so-kibana" + "so-kratos" + "so-nginx" + "so-pcaptools" + "so-soc" + "so-steno" + "so-suricata" + "so-zeek" + ) + elif [ $MANAGERCHECK != 'so-helix' ]; then + TRUSTED_CONTAINERS=( + "so-acng" + "so-curator" + "so-domainstats" + "so-elastalert" + "so-fleet" + "so-fleet-launcher" + "so-freqserver" + "so-grafana" + "so-idstools" + "so-influxdb" + "so-kratos" + "so-minio" + "so-mysql" + "so-nginx" + "so-pcaptools" + "so-playbook" + "so-redis" + "so-soc" + "so-soctopus" + "so-steno" + "so-strelka-backend" + "so-strelka-filestream" + "so-strelka-frontend" + "so-strelka-manager" + "so-suricata" + "so-telegraf" + "so-thehive" + "so-thehive-cortex" + "so-thehive-es" + "so-wazuh" + "so-zeek" + ) + if [[ "$FEATURESCHECK" == "True" ]]; then + TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" + "so-elasticsearch-features" + "so-filebeat-features" + "so-logstash-features" + "so-kibana-features" + ) + else + TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" "so-elasticsearch" "so-filebeat" - "so-idstools" - "so-kibana" - "so-kratos" - "so-nginx" - "so-pcaptools" - "so-soc" - "so-steno" - "so-suricata" - "so-zeek" - ) - elif [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( - "so-acng" - "so-curator" - "so-domainstats" - "so-elastalert" - "so-fleet" - "so-fleet-launcher" - "so-freqserver" - "so-grafana" - "so-idstools" - "so-influxdb" - "so-kratos" - "so-minio" - "so-mysql" - "so-nginx" - "so-pcaptools" - "so-playbook" - "so-redis" - "so-soc" - "so-soctopus" - "so-steno" - "so-strelka-backend" - "so-strelka-filestream" - "so-strelka-frontend" - "so-strelka-manager" - "so-suricata" - "so-telegraf" - "so-thehive" - "so-thehive-cortex" - "so-thehive-es" - "so-wazuh" - "so-zeek" - ) - if [[ "$FEATURESCHECK" == "True" ]]; then - TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" - "so-elasticsearch-features" - "so-filebeat-features" - "so-logstash-features" - "so-kibana-features" - ) - else - TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" - "so-elasticsearch" - "so-filebeat" - "so-logstash" - "so-kibana" - ) - fi - else - TRUSTED_CONTAINERS=( - "so-filebeat" - "so-idstools" "so-logstash" - "so-nginx" - "so-redis" - "so-steno" - "so-suricata" - "so-telegraf" - "so-zeek" + "so-kibana" ) fi + else + TRUSTED_CONTAINERS=( + "so-filebeat" + "so-idstools" + "so-logstash" + "so-nginx" + "so-redis" + "so-steno" + "so-suricata" + "so-telegraf" + "so-zeek" + ) + fi } update_docker_containers() { From e89c06f71b2e5471aad57c49a998ffa2882fdf8b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:37:21 -0500 Subject: [PATCH 196/270] [fix] Add backslash for newline --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 7982420a5..164aa74b2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -996,8 +996,8 @@ fireeye_pillar() { printf '%s\n'\ "fireeye:"\ " helix:"\ - " api_key: '$HELIXAPIKEY'" "" > "$fireeye_pillar_path"/init.sls + " api_key: '$HELIXAPIKEY'" \ } From 343e9f8b2c416d9cfcb5be29cdeeac73eb5574fc Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:37:46 -0500 Subject: [PATCH 197/270] [fix] Only try to stop/remove containers if at least one exists --- setup/so-functions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 164aa74b2..41d673e60 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1525,8 +1525,10 @@ reinstall_init() { if command -v docker &> /dev/null; then # Stop and remove all so-* containers so files can be changed with more safety - docker stop $(docker ps -a -q --filter "name=so-") - docker rm -f $(docker ps -a -q --filter "name=so-") + if [ $(docker ps -a -q --filter "name=so-") -gt 0 ]; then + docker stop $(docker ps -a -q --filter "name=so-") + docker rm -f $(docker ps -a -q --filter "name=so-") + fi fi local date_string From 7ba10ee6989dadab17d9c12adf05cbe332d7cebe Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:38:00 -0500 Subject: [PATCH 198/270] [fix] Add HELIXSENSOR to case for Ubuntu --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 41d673e60..2cf1b28cf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1675,7 +1675,7 @@ saltify() { 'FLEET') if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi ;; - 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR? + 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') # Add saltstack repo(s) wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 From 951556902c25f2af38baebfee5aaace3f59a4b13 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:41:00 -0500 Subject: [PATCH 199/270] [fix] Accept salt key on Helix Sensor install --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 6d2bd60c1..f29162852 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -624,7 +624,7 @@ set_redirect >> $setup_log 2>&1 accept_salt_key_remote >> $setup_log 2>&1 fi - if [[ $is_manager || $is_import ]]; then + if [[ $is_manager || $is_import || $is_helix ]]; then set_progress_str 20 'Accepting Salt key' salt-key -ya "$MINION_ID" >> $setup_log 2>&1 fi From 18257762716e1544be9bdb6ffdbdb9617c4c02f0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 13:58:36 -0500 Subject: [PATCH 200/270] [fix] helix -> helixsensor --- salt/top.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/top.sls b/salt/top.sls index 9d41481fe..c98123c7e 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -47,7 +47,7 @@ base: - sensoroni - salt.lasthighstate - '*_helix and G@saltversion:{{saltversion}}': + '*_helixsensor and G@saltversion:{{saltversion}}': - match: compound - salt.master - ca From c7c3d004ca2d42ca4139210a642464198dcb9aaa Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 14:01:19 -0500 Subject: [PATCH 201/270] [fix] More helix -> helixsensor --- pillar/top.sls | 4 ++-- salt/common/tools/sbin/soup | 4 ++-- salt/suricata/suricata_config.map.jinja | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pillar/top.sls b/pillar/top.sls index 627fed80b..a795e03c1 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -3,7 +3,7 @@ base: - patch.needs_restarting - logrotate - '*_eval or *_helix or *_heavynode or *_sensor or *_standalone or *_import': + '*_eval or *_helixsensor or *_heavynode or *_sensor or *_standalone or *_import': - match: compound - zeek @@ -62,7 +62,7 @@ base: - global - minions.{{ grains.id }} - '*_helix': + '*_helixsensor': - fireeye - zeeklogs - logstash diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index e399780d5..d874c6e31 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -585,9 +585,9 @@ if [ "$UPGRADESALT" == "1" ]; then echo "" echo "Upgrading Salt on the remaining Security Onion nodes from $INSTALLEDSALTVERSION to $NEWSALTVERSION." if [ $is_airgap -eq 0 ]; then - salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" + salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" fi - salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion queue=True + salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion queue=True echo "" fi diff --git a/salt/suricata/suricata_config.map.jinja b/salt/suricata/suricata_config.map.jinja index d8669c231..8c11901d0 100644 --- a/salt/suricata/suricata_config.map.jinja +++ b/salt/suricata/suricata_config.map.jinja @@ -20,7 +20,7 @@ HOME_NET: "[{{salt['pillar.get']('global:hnmanager', '')}}]" '*_eval': { 'default-packet-size': salt['pillar.get']('sensor:mtu', 1500) + hardware_header, }, - '*_helix': { + '*_helixsensor': { 'default-packet-size': salt['pillar.get']('sensor:mtu', 9000) + hardware_header, }, '*': { From 15347d1209cbaf85140c4724cb3fca16035d2728 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 15 Dec 2020 15:08:33 -0500 Subject: [PATCH 202/270] [fix] More condition changes for Helix --- salt/logstash/init.sls | 2 ++ salt/ssl/init.sls | 2 +- salt/top.sls | 2 -- setup/so-setup | 13 +++++++++---- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index e23e4eef2..d332f737a 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -45,8 +45,10 @@ {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} +{% if grains['role'] != 'so-helix' %} include: - elasticsearch +{% endif %} # Create the logstash group logstashgroup: diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 49e87f784..221c58c93 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -12,7 +12,7 @@ {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %} -{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %} +{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import', 'helixsensor'] %} {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %} {% set ca_server = grains.id %} {% else %} diff --git a/salt/top.sls b/salt/top.sls index c98123c7e..b6913895d 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -61,9 +61,7 @@ base: - suricata - zeek - redis - {%- if LOGSTASH %} - logstash - {%- endif %} {%- if FILEBEAT %} - filebeat {%- endif %} diff --git a/setup/so-setup b/setup/so-setup index f29162852..7b8621aa9 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -526,10 +526,13 @@ set_redirect >> $setup_log 2>&1 { generate_passwords; secrets_pillar; - add_socore_user_manager; } >> $setup_log 2>&1 fi + if [[ $is_manager || $is_import || $is_helix ]]; then + add_socore_user_manager >> $setup_log 2>&1 + fi + if [[ $is_manager && ! $is_eval ]]; then add_soremote_user_manager >> $setup_log 2>&1 fi @@ -680,8 +683,10 @@ set_redirect >> $setup_log 2>&1 set_progress_str 63 "$(print_salt_state_apply 'common')" salt-call state.apply -l info common >> $setup_log 2>&1 - set_progress_str 64 "$(print_salt_state_apply 'nginx')" - salt-call state.apply -l info nginx >> $setup_log 2>&1 + if [[ ! $is_helix ]]; then + set_progress_str 64 "$(print_salt_state_apply 'nginx')" + salt-call state.apply -l info nginx >> $setup_log 2>&1 + fi if [[ $is_manager || $is_node || $is_import ]]; then set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')" @@ -782,7 +787,7 @@ set_redirect >> $setup_log 2>&1 fi fi - if [[ $is_manager || $is_helix || $is_import ]]; then + if [[ $is_manager || $is_import ]]; then set_progress_str 82 "$(print_salt_state_apply 'utility')" salt-call state.apply -l info utility >> $setup_log 2>&1 fi From e58ca9389682a2dbeadbbe33ce54ea085dd54b5a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Dec 2020 15:46:55 -0500 Subject: [PATCH 203/270] Add logging for strelka configuration during setup --- setup/so-setup | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 7b8621aa9..70df60feb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -407,7 +407,10 @@ if [[ $is_manager && ! $is_eval ]]; then fi if [[ "$STRELKA" = 1 ]]; then + info "Enabling Strelka rules" STRELKARULES=1 + else + info "Disabling Strelka rules: STRELKA='$STRELKA'" fi if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then @@ -783,7 +786,9 @@ set_redirect >> $setup_log 2>&1 salt-call state.apply -l info strelka >> $setup_log 2>&1 fi if [[ "$STRELKARULES" = 1 ]]; then - /usr/sbin/so-yara-update >> $setup_log 2>&1 + logCmd /usr/sbin/so-yara-update + else + info "Skipping running yara update: STRELKARULES='$STRELKARULES'" fi fi From 6cab65a548c21c8e0488b613e9fdf9a18c2d5aa8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 15 Dec 2020 16:06:21 -0500 Subject: [PATCH 204/270] Update so-image-common --- salt/common/tools/sbin/so-image-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index dd4cfc979..426f42c02 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -20,7 +20,7 @@ IMAGEREPO=securityonion container_list() { MANAGERCHECK=$1 - FEATURESCHECK=$(lookup_pillar elastic features) + FEATURESCHECK=$(lookup_pillar features elastic) if [ -z "$MANAGERCHECK" ]; then MANAGERCHECK=so-unknown From 06dd3432f8350d9147d44747fee45c8755fdac14 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 15 Dec 2020 16:13:51 -0500 Subject: [PATCH 205/270] Copy the correct files over that soup needs --- salt/common/tools/sbin/soup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d874c6e31..342a07c7d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -422,6 +422,8 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" echo "soup has been updated. Please run soup again." From 7909834722b91757fa65b85ae1b94d75e968580c Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 16:23:49 -0500 Subject: [PATCH 206/270] Clean up previous upgrade dirs in temp --- salt/common/tools/sbin/soup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 342a07c7d..25a9e633c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -463,6 +463,8 @@ if [ $is_airgap -eq 0 ]; then airgap_mounted else echo "Cloning Security Onion github repo into $UPDATE_DIR." + echo "Removing previous upgrade sources." + rm -rf $UPDATE_DIR clone_to_tmp fi echo "Generating new repo archive" From e3c8018824d1c7a7d7378b26f3de89d3c4c0ccdd Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 15 Dec 2020 16:44:47 -0500 Subject: [PATCH 207/270] Toggle strelka rules after the user is prompted it strelka should be installed to ensure strelka rules are updated later during the setup process --- setup/so-setup | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 70df60feb..3c59c59cb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -406,13 +406,6 @@ if [[ $is_manager && ! $is_eval ]]; then whiptail_oinkcode fi - if [[ "$STRELKA" = 1 ]]; then - info "Enabling Strelka rules" - STRELKARULES=1 - else - info "Disabling Strelka rules: STRELKA='$STRELKA'" - fi - if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then whiptail_manager_adv_service_zeeklogs fi @@ -421,6 +414,14 @@ fi if [[ $is_manager ]]; then whiptail_components_adv_warning whiptail_enable_components + + if [[ "$STRELKA" = 1 ]]; then + info "Enabling Strelka rules" + STRELKARULES=1 + else + info "Disabling Strelka rules: STRELKA='$STRELKA'" + fi + whiptail_dockernet_check fi From 04a26df4f7777e71f0c78b61ab107edadff6d1df Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 17:05:33 -0500 Subject: [PATCH 208/270] Fix the features suffix --- salt/common/tools/sbin/so-image-common | 19 ++++--------------- salt/common/tools/sbin/soup | 20 +++++++++++++++----- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 426f42c02..31e5c04fb 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -49,13 +49,17 @@ container_list() { "so-curator" "so-domainstats" "so-elastalert" + "so-elasticsearch" + "so-filebeat" "so-fleet" "so-fleet-launcher" "so-freqserver" "so-grafana" "so-idstools" "so-influxdb" + "so-kibana" "so-kratos" + "so-logstash" "so-minio" "so-mysql" "so-nginx" @@ -77,21 +81,6 @@ container_list() { "so-wazuh" "so-zeek" ) - if [[ "$FEATURESCHECK" == "True" ]]; then - TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" - "so-elasticsearch-features" - "so-filebeat-features" - "so-logstash-features" - "so-kibana-features" - ) - else - TRUSTED_CONTAINERS=( "${TRUSTED_CONTAINERS[@]}" - "so-elasticsearch" - "so-filebeat" - "so-logstash" - "so-kibana" - ) - fi else TRUSTED_CONTAINERS=( "so-filebeat" diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 25a9e633c..314a86b20 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -467,6 +467,12 @@ else rm -rf $UPDATE_DIR clone_to_tmp fi + +echo "" +echo "Verifying we have the latest soup script." +verify_latest_update_script +echo "" + echo "Generating new repo archive" generate_and_clean_tarballs if [ -f /usr/sbin/so-image-common ]; then @@ -475,11 +481,6 @@ else add_common fi -echo "" -echo "Verifying we have the latest soup script." -verify_latest_update_script -echo "" - echo "Let's see if we need to update Security Onion." upgrade_check space_check @@ -496,6 +497,15 @@ if [ $is_airgap -eq 0 ]; then else update_registry update_docker_containers "soup" + FEATURESCHECK=$(lookup_pillar features elastic) + if [[ "$FEATURESCHECK" == "True" ]]; then + TRUSTED_CONTAINERS=( \ + "so-elasticsearch" \ + "so-filebeat" \ + "so-kibana" \ + "so-logstash" ) + update_docker_containers "features" "-features" + fi fi echo "" echo "Stopping Salt Minion service." From 082fd51b0545f8522ad6bcdf33e42a916f3faa32 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 17:07:40 -0500 Subject: [PATCH 209/270] Remove extra variable --- salt/common/tools/sbin/so-image-common | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 31e5c04fb..767f9d21c 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -20,8 +20,7 @@ IMAGEREPO=securityonion container_list() { MANAGERCHECK=$1 - FEATURESCHECK=$(lookup_pillar features elastic) - + if [ -z "$MANAGERCHECK" ]; then MANAGERCHECK=so-unknown if [ -f /etc/salt/grains ]; then From 87882b4d91e73beb53bef7be822b8f8b34a2f03e Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 18:18:26 -0500 Subject: [PATCH 210/270] Fix upgrade function --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 314a86b20..d9619a1fa 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -319,7 +319,7 @@ rc3_to_2.3.0() { else DOCKERSTUFF="${DOCKERGREP//\"}" DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 - echo " range: '$DOCKERSTUFF'/24" >> /opt/so/saltstack/local/pillar/global.sls + echo " range: '$DOCKERSTUFF/24'" >> /opt/so/saltstack/local/pillar/global.sls echo " bip: '$DOCKERSTUFFBIP'" >> /opt/so/saltstack/local/pillar/global.sls fi From e30d7a8d8e7435a06432738e792bda01812288f6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 18:25:41 -0500 Subject: [PATCH 211/270] Fix upgrade docker variable --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d9619a1fa..5ad2b87b8 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -312,7 +312,7 @@ rc3_to_2.3.0() { # Fix daemon.json by managing it echo "docker:" >> /opt/so/saltstack/local/pillar/global.sls - DOCKERGREP=$(cat /etc/docker/daemon.json | grep base | awk {'print $3'} | cut -f1 -d"/") + DOCKERGREP=$(cat /etc/docker/daemon.json | grep base | awk {'print $3'} | cut -f1 -d"," | tr -d '"') if [ -z "$DOCKERGREP" ]; then echo " range: '172.17.0.0/24'" >> /opt/so/saltstack/local/pillar/global.sls echo " bip: '172.17.0.1/24'" >> /opt/so/saltstack/local/pillar/global.sls From f1be6cc259c36d11108b8cfe971e514ea48f2f7d Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 18:32:07 -0500 Subject: [PATCH 212/270] Check MD5 of all components --- salt/common/tools/sbin/soup | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 5ad2b87b8..11074f7cf 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -417,10 +417,15 @@ verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}') - if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then + CURRENTCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-common | awk '{print $1}') + GITCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-common | awk '{print $1}') + CURRENTIMGCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common | awk '{print $1}') + GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}') + + if [[ "$CURRENTSOUP" == "$GITSOUP" ]] && [[ "$CURRENTCMN" == "$GITCMN" ]] && [[ "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then echo "This version of the soup script is up to date. Proceeding." else - echo "You are not running the latest soup version. Updating soup." + echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete" cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ From 4ca4141819a7773d43068ef0a7432636871f21e8 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 19:29:35 -0500 Subject: [PATCH 213/270] Fix conditional statement --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 11074f7cf..6c5897d11 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -422,7 +422,7 @@ verify_latest_update_script() { CURRENTIMGCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common | awk '{print $1}') GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}') - if [[ "$CURRENTSOUP" == "$GITSOUP" ]] && [[ "$CURRENTCMN" == "$GITCMN" ]] && [[ "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then + if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete" From 805e25f495195fddb588e26934b9f62b4492285d Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 15 Dec 2020 20:40:59 -0500 Subject: [PATCH 214/270] Fix typeo --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 6c5897d11..4d168c077 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -300,7 +300,7 @@ rc3_to_2.3.0() { echo " node_checkin_interval_ms: 10000" >> /opt/so/saltstack/local/pillar/global.sls # Update pillar fiels for new sensoroni functionality - for file in /opt/so/saltstack/local/pillat/minions/*; do + for file in /opt/so/saltstack/local/pillar/minions/*; do echo "sensoroni:" >> $file echo " node_description:" >> $file local SOMEADDRESS=$(cat $file | grep mainip | tail -n 1 | awk '{print $2'}) From a4897d20635a787ed0097fde88f2256af0c2a29e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 09:07:38 -0500 Subject: [PATCH 215/270] [fix] Add Elasticsearch to containers running on Helix sensor --- salt/common/tools/sbin/so-image-common | 1 + salt/common/tools/sbin/soup | 11 ++++++----- salt/logstash/init.sls | 2 -- salt/top.sls | 1 + setup/so-setup | 2 +- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 767f9d21c..01bb9727c 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -84,6 +84,7 @@ container_list() { TRUSTED_CONTAINERS=( "so-filebeat" "so-idstools" + "so-elasticsearch" "so-logstash" "so-nginx" "so-redis" diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 4d168c077..1c422280a 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -504,11 +504,12 @@ else update_docker_containers "soup" FEATURESCHECK=$(lookup_pillar features elastic) if [[ "$FEATURESCHECK" == "True" ]]; then - TRUSTED_CONTAINERS=( \ - "so-elasticsearch" \ - "so-filebeat" \ - "so-kibana" \ - "so-logstash" ) + TRUSTED_CONTAINERS=( + "so-elasticsearch" + "so-filebeat" + "so-kibana" + "so-logstash" + ) update_docker_containers "features" "-features" fi fi diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index d332f737a..e23e4eef2 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -45,10 +45,8 @@ {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} -{% if grains['role'] != 'so-helix' %} include: - elasticsearch -{% endif %} # Create the logstash group logstashgroup: diff --git a/salt/top.sls b/salt/top.sls index b6913895d..18dd1b61a 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -61,6 +61,7 @@ base: - suricata - zeek - redis + - elasticsearch - logstash {%- if FILEBEAT %} - filebeat diff --git a/setup/so-setup b/setup/so-setup index 3c59c59cb..8300fe6ae 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -692,7 +692,7 @@ set_redirect >> $setup_log 2>&1 salt-call state.apply -l info nginx >> $setup_log 2>&1 fi - if [[ $is_manager || $is_node || $is_import ]]; then + if [[ $is_manager || $is_node || $is_import || $is_helix ]]; then set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')" salt-call state.apply -l info elasticsearch >> $setup_log 2>&1 fi From af149d04a97602d082a3cc91633335d034c4f400 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 09:18:40 -0500 Subject: [PATCH 216/270] [fix] Only run portions of ES state, do not run container --- salt/common/tools/sbin/so-image-common | 1 - salt/elasticsearch/init.sls | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 01bb9727c..767f9d21c 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -84,7 +84,6 @@ container_list() { TRUSTED_CONTAINERS=( "so-filebeat" "so-idstools" - "so-elasticsearch" "so-logstash" "so-nginx" "so-redis" diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 3e0bac708..fdd9b4565 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -86,6 +86,8 @@ capemz: - user: 939 - group: 939 +{% if grains['role'] != 'so-helix' %} + # Add ES Group elasticsearchgroup: group.present: @@ -251,10 +253,12 @@ so-elasticsearch-templates: - template: jinja {% endif %} +{% endif %} {# if grains['role'] != 'so-helix' #} + {% else %} elasticsearch_state_not_allowed: test.fail_without_changes: - name: elasticsearch_state_not_allowed -{% endif %} +{% endif %} {# if 'elasticsearch' in top_states #} From b8581366729cee6f2027af1336553bb5b8c37536 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 16 Dec 2020 09:24:59 -0500 Subject: [PATCH 217/270] Add jertel complaince --- salt/common/tools/sbin/soup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 1c422280a..a87279a0c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -324,6 +324,8 @@ rc3_to_2.3.0() { fi + INSTALLEDVERSION=2.3.0 + } space_check() { From a1fc354a8957ae9146fa3e6c17732b30d3b0c4b9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 09:32:32 -0500 Subject: [PATCH 218/270] [fix] Correct ordering of printf lines --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 2cf1b28cf..5f98e685e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -996,8 +996,8 @@ fireeye_pillar() { printf '%s\n'\ "fireeye:"\ " helix:"\ - "" > "$fireeye_pillar_path"/init.sls " api_key: '$HELIXAPIKEY'" \ + "" > "$fireeye_pillar_path/init.sls" } From c68b87db566021d35e6624c53501a4fed6f46be1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 09:33:44 -0500 Subject: [PATCH 219/270] set steno running default based on sensor role or not --- salt/sensoroni/files/sensoroni.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index 55b928ef0..2e64dd2a6 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -3,7 +3,13 @@ {% set ADDRESS = salt['pillar.get']('sensoroni:node_address') -%} {% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} {% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%} -{% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%} +{%- set ROLE = grains.id.split('_') | last %} +{%- if ROLE in ['eval', 'standalone', 'sensor', 'heavynode'] %} +{%- set STENODEFAULT = True %} +{%- else %} +{%- set STENODEFAULT = False %} +{%- endif } +{%- set STENOENABLED = salt['pillar.get']('steno:enabled', STENODEFAULT) %} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", From f0999abd8ec78481f4ac15ea149eded2dc646098 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 09:38:21 -0500 Subject: [PATCH 220/270] add missing % --- salt/sensoroni/files/sensoroni.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index 2e64dd2a6..ac4762b12 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -8,7 +8,7 @@ {%- set STENODEFAULT = True %} {%- else %} {%- set STENODEFAULT = False %} -{%- endif } +{%- endif %} {%- set STENOENABLED = salt['pillar.get']('steno:enabled', STENODEFAULT) %} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", From 448d0e079eca4bc504ecffa42c38abd7cf551450 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 09:39:25 -0500 Subject: [PATCH 221/270] add whitespace removal to the front --- salt/sensoroni/files/sensoroni.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/sensoroni/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json index ac4762b12..23b967b04 100644 --- a/salt/sensoroni/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,8 +1,8 @@ -{% set URLBASE = salt['pillar.get']('global:url_base') -%} -{% set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') -%} -{% set ADDRESS = salt['pillar.get']('sensoroni:node_address') -%} -{% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} -{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%} +{%- set URLBASE = salt['pillar.get']('global:url_base') %} +{%- set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') %} +{%- set ADDRESS = salt['pillar.get']('sensoroni:node_address') %} +{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %} +{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) %} {%- set ROLE = grains.id.split('_') | last %} {%- if ROLE in ['eval', 'standalone', 'sensor', 'heavynode'] %} {%- set STENODEFAULT = True %} From 8889c79afdbbd019e87107ba72e6b796ec9b81c9 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 16 Dec 2020 09:39:41 -0500 Subject: [PATCH 222/270] Run a common state first to fix docker race condition --- salt/common/tools/sbin/soup | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a87279a0c..f9ac6de2b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -583,6 +583,9 @@ if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then echo "" fi +echo "" +echo "Applying common state for any package updates." +salt-call -l info state.apply common queue=True echo "" echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." salt-call state.highstate -l info queue=True From aa0d43b1db87d574f9b56a9f09282c37aa5aa9b2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 09:55:03 -0500 Subject: [PATCH 223/270] [fix] Always define ismanager var --- salt/elasticsearch/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index fdd9b4565..eb8f281b5 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -38,6 +38,8 @@ {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} +{% else %} + {% set ismanager = False %} {% endif %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} From e464117e8a3951242f26f86d5d9c144246ff34d6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 10:19:44 -0500 Subject: [PATCH 224/270] [fix] Run so-catrust in ES state on Helix sensor install --- salt/elasticsearch/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index eb8f281b5..4ebe05cec 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -38,8 +38,8 @@ {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} -{% else %} - {% set ismanager = False %} +{% elif grains['role'] = 'so-helix' %} + {% set ismanager = True %} {# Solely for the sake of running so-catrust #} {% endif %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} From 142649b396b0b7b9198dc1cadd175389eb777355 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 10:38:34 -0500 Subject: [PATCH 225/270] [fix] Fix comparator --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 4ebe05cec..300921807 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -38,7 +38,7 @@ {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} -{% elif grains['role'] = 'so-helix' %} +{% elif grains['role'] == 'so-helix' %} {% set ismanager = True %} {# Solely for the sake of running so-catrust #} {% endif %} From a959b4b2cd413935dcbea6ae830a41799e018d6f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 11:00:48 -0500 Subject: [PATCH 226/270] [fix] Helix sensor needs so-soc and so-elasticsearch images downloaded --- salt/common/tools/sbin/so-image-common | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 767f9d21c..ef53ce60f 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -84,11 +84,13 @@ container_list() { TRUSTED_CONTAINERS=( "so-filebeat" "so-idstools" + "so-elasticsearch" "so-logstash" "so-nginx" "so-redis" "so-steno" "so-suricata" + "so-soc" "so-telegraf" "so-zeek" ) From d670f96dc0b801b8be4d715ba96d858e07d4cbd2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 11:07:00 -0500 Subject: [PATCH 227/270] [fix] Exit on command failure in so-catrust --- salt/elasticsearch/files/scripts/so-catrust | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/elasticsearch/files/scripts/so-catrust b/salt/elasticsearch/files/scripts/so-catrust index aee83a379..d49a29ce4 100644 --- a/salt/elasticsearch/files/scripts/so-catrust +++ b/salt/elasticsearch/files/scripts/so-catrust @@ -18,6 +18,10 @@ {%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {%- set MANAGER = salt['grains.get']('master') %} . /usr/sbin/so-common + +# Exit on errors, since all lines must succeed +set -e + # Check to see if we have extracted the ca cert. if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt From 6ba3c16c7569050aec7f04f58775083841639868 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 11:10:57 -0500 Subject: [PATCH 228/270] [fix] Actually count containers when checking count --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5f98e685e..144a75160 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1525,7 +1525,7 @@ reinstall_init() { if command -v docker &> /dev/null; then # Stop and remove all so-* containers so files can be changed with more safety - if [ $(docker ps -a -q --filter "name=so-") -gt 0 ]; then + if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then docker stop $(docker ps -a -q --filter "name=so-") docker rm -f $(docker ps -a -q --filter "name=so-") fi From 9c8fc5e6ed560ce4b6e12af997c81fba79b7338a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 11:16:14 -0500 Subject: [PATCH 229/270] [fix] Make parent directories if needed --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 144a75160..0db2d5792 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -719,7 +719,7 @@ create_local_directories() { for d in $(find $PILLARSALTDIR/$i -type d); do suffixdir=${d//$PILLARSALTDIR/} if [ ! -d "$local_salt_dir/$suffixdir" ]; then - mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1 + mkdir -pv "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1 fi done chown -R socore:socore "$local_salt_dir/$i" From 09b5e6d227f501d2b2e052f6a779a2b4227726c5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 16 Dec 2020 11:57:27 -0500 Subject: [PATCH 230/270] Fix SSL issue --- salt/telegraf/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 8d400ca1e..1ff34ceae 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -48,6 +48,7 @@ so-telegraf: - HOST_ETC=/host/etc - HOST_SYS=/host/sys - HOST_MOUNT_PREFIX=/host + - GODEBUG=x509ignoreCN=0 - network_mode: host - binds: - /opt/so/log/telegraf:/var/log/telegraf:rw @@ -84,4 +85,4 @@ telegraf_state_not_allowed: test.fail_without_changes: - name: telegraf_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From 96b72d46be65d8becd1346c649bcd50355249e7e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 12:01:48 -0500 Subject: [PATCH 231/270] show steno,zeek,suricata as disabled in so-status on import node --- salt/pcap/init.sls | 2 +- salt/suricata/init.sls | 8 ++++++++ salt/zeek/init.sls | 8 ++++++++ setup/so-functions | 5 +++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index e98bbecf5..a43f90288 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -133,7 +133,7 @@ append_so-steno_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-steno - - unless: grep so-steno /opt/so/conf/so-status/so-status.conf + - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf {% if STENOOPTIONS.status == 'running' %} delete_so-steno_so-status.disabled: diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 0c50bb5d1..99609be32 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -167,6 +167,14 @@ append_so-suricata_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-suricata + - unless: grep -q so-suricata /opt/so/conf/so-status/so-status.conf + +{% if grains.role == 'so-import' %} +disable_so-suricata_so-status.conf: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-suricata$ +{% endif %} surilogrotate: file.managed: diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index f6edae136..6fa289d5c 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -200,6 +200,14 @@ append_so-zeek_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-zeek + - unless: grep -q so-zeek /opt/so/conf/so-status/so-status.conf + +{% if grains.role == 'so-import' %} +disable_so-zeek_so-status.conf: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-zeek$ +{% endif %} {% else %} diff --git a/setup/so-functions b/setup/so-functions index 5f98e685e..c49babaae 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1941,6 +1941,11 @@ sensor_pillar() { if [ "$HNSENSOR" != 'inherit' ]; then echo " hnsensor: $HNSENSOR" >> "$pillar_file" fi + if [[ $is_import ]]; then + printf '%s\n'\ + "steno:"\ + " enabled: false" >> "$pillar_file" + fi } From 2e278586f21dd68e3453657af4fbbb00faa20678 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 13:03:24 -0500 Subject: [PATCH 232/270] disable steno in so-status for import node --- salt/pcap/init.sls | 13 +++++++------ setup/so-functions | 6 ------ 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index a43f90288..b8580fd86 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -135,16 +135,17 @@ append_so-steno_so-status.conf: - text: so-steno - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf - {% if STENOOPTIONS.status == 'running' %} -delete_so-steno_so-status.disabled: - file.uncomment: - - name: /opt/so/conf/so-status/so-status.conf - - regex: ^so-steno$ - {% elif STENOOPTIONS.status == 'stopped' %} + + {% if not STENOOPTIONS.start %} so-steno_so-status.disabled: file.comment: - name: /opt/so/conf/so-status/so-status.conf - regex: ^so-steno$ + {% else %} +delete_so-steno_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-steno$ {% endif %} {% else %} diff --git a/setup/so-functions b/setup/so-functions index 6d7e5582a..da452516d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1941,12 +1941,6 @@ sensor_pillar() { if [ "$HNSENSOR" != 'inherit' ]; then echo " hnsensor: $HNSENSOR" >> "$pillar_file" fi - if [[ $is_import ]]; then - printf '%s\n'\ - "steno:"\ - " enabled: false" >> "$pillar_file" - fi - } set_default_log_size() { From eecb323459788d014557dad42429416df7149957 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 16 Dec 2020 13:12:38 -0500 Subject: [PATCH 233/270] remove extra state.apply common --- salt/common/tools/sbin/soup | 3 --- 1 file changed, 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index f9ac6de2b..a87279a0c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -583,9 +583,6 @@ if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then echo "" fi -echo "" -echo "Applying common state for any package updates." -salt-call -l info state.apply common queue=True echo "" echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." salt-call state.highstate -l info queue=True From 2d497cb7245b9aa34acdf3824f175fef67ef5ab5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 14:15:57 -0500 Subject: [PATCH 234/270] change to just Hunt --- salt/common/tools/sbin/so-import-pcap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 2dc5b0504..72c199231 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -217,6 +217,6 @@ https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module% or you can manually set your Time Range to be (in UTC): From: $START_OLDEST To: $END_NEWEST -Please note that it may take 30 seconds or more for events to appear in Onion Hunt. +Please note that it may take 30 seconds or more for events to appear in Hunt. EOF fi From 6e84227525ba1f17deb3cf2f70b8e59b0a282f6a Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 16 Dec 2020 16:06:05 -0500 Subject: [PATCH 235/270] Add DB migration for thehive --- salt/common/tools/sbin/soup | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a87279a0c..568cc85bc 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -340,6 +340,12 @@ space_check() { } +thehive_maint() { + echo "Migrating thehive databases if needed." + curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" + curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" +} + unmount_update() { cd /tmp umount /tmp/soagupdate @@ -602,6 +608,7 @@ echo "Running a highstate. This could take several minutes." salt-call state.highstate -l info queue=True playbook unmount_update +thehive_maint if [ "$UPGRADESALT" == "1" ]; then echo "" From 384456a991070c63f39f996f0ae9ed69598079d1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 16 Dec 2020 16:18:17 -0500 Subject: [PATCH 236/270] [fix] Make repo directory during soup if it doesn't exist --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 568cc85bc..8c8fd7807 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -158,6 +158,7 @@ copy_new_files() { generate_and_clean_tarballs() { local new_version new_version=$(cat $UPDATE_DIR/VERSION) + [ -d /opt/so/repo ] || mkdir -p /opt/so/repo tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR" find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \; } From 23110d3b336b13f938ad801d424b5cefdbf39fde Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 16 Dec 2020 17:23:51 -0500 Subject: [PATCH 237/270] Make sure thehive is up then soup --- salt/common/tools/sbin/soup | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 8c8fd7807..7a15c733a 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -342,9 +342,26 @@ space_check() { } thehive_maint() { - echo "Migrating thehive databases if needed." - curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" - curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" + echo -n "Waiting for TheHive..." + COUNT=0 + THEHIVE_CONNECTED="no" + while [[ "$COUNT" -le 240 ]]; do + curl --output /dev/null --silent --head --fail -k "https://localhost/thehive" + if [ $? -eq 0 ]; then + THEHIVE_CONNECTED="yes" + echo "connected!" + break + else + ((COUNT+=1)) + sleep 1 + echo -n "." + fi + done + if [ "$THEHIVE_CONNECTED" == "yes" ]; then + echo "Migrating thehive databases if needed." + curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" + curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" + fi } unmount_update() { From 90e499f6e995c6af82c41d2a536b720a426188c9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 17:25:56 -0500 Subject: [PATCH 238/270] fix eval grafana dashboard --- salt/grafana/dashboards/eval/eval.json | 543 ++++++++++--------------- 1 file changed, 218 insertions(+), 325 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index ee94504d1..b965ea248 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -16,7 +16,7 @@ "editable": true, "gnetId": 2381, "graphTooltip": 0, - "iteration": 1602101784759, + "iteration": 1608156396988, "links": [], "panels": [ { @@ -24,36 +24,18 @@ "fieldConfig": { "defaults": { "custom": {}, - "unit": "percent", - "min": 0, - "max": 100, + "decimals": 2, + "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { - "color": "rgba(50, 172, 45, 0.97)", + "color": "rgb(255, 255, 255)", "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 } ] }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "nullValueMode": "connected" + "unit": "s" }, "overrides": [] }, @@ -63,15 +45,23 @@ "x": 0, "y": 0 }, - "id": 2, - "links": [], + "id": 39, "options": { - "alertThreshold": true + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } }, - "pluginVersion": "7.3.4", + "pluginVersion": "7.0.5", "targets": [ { - "dsType": "influxdb", "groupBy": [ { "params": [ @@ -86,7 +76,7 @@ "type": "fill" } ], - "measurement": "cpu", + "measurement": "system", "orderByTime": "ASC", "policy": "default", "refId": "A", @@ -95,19 +85,13 @@ [ { "params": [ - "usage_idle" + "uptime" ], "type": "field" }, { "params": [], - "type": "mean" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" + "type": "last" } ] ], @@ -116,90 +100,21 @@ "key": "host", "operator": "=", "value": "{{ SERVERNAME }}" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" } - ], - "alias": "Usage" + ] } ], - "title": "{{ SERVERNAME }} - CPU", - "type": "graph", - "cacheTimeout": null, - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "percent", - "$$hashKey": "object:395" - }, - { - "label": null, - "show": false, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:396" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "fillGradient": 0, - "linewidth": 1, - "dashes": false, - "hiddenSeries": false, - "dashLength": 10, - "spaceLength": 10, - "points": false, - "pointradius": 2, - "bars": false, - "stack": false, - "percentage": false, - "legend": { - "show": false, - "values": false, - "min": false, - "max": false, - "current": false, - "total": false, - "avg": false - }, - "nullPointMode": "connected", - "steppedLine": false, - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, "timeFrom": null, "timeShift": null, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [] + "title": "{{ SERVERNAME }} - System Uptime", + "type": "stat" }, { + "aliasColors": {}, + "bars": false, "cacheTimeout": null, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { @@ -237,27 +152,41 @@ }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 0 }, + "hiddenSeries": false, "id": 2, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "percentage": false, "pluginVersion": "7.0.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { "dsType": "influxdb", @@ -315,8 +244,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:177", + "format": "percent", + "label": "Usage", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:178", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, @@ -869,12 +838,43 @@ { "aliasColors": {}, "bars": false, + "cacheTimeout": null, "dashLength": 10, "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": "67551000000", + "min": 0, + "nullValueMode": "connected", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": "54040800000.0" + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": "60795900000.0" + } + ] + }, + "unit": "bytes" }, "overrides": [] }, @@ -887,7 +887,7 @@ "y": 5 }, "hiddenSeries": false, - "id": 73, + "id": 12, "legend": { "avg": false, "current": false, @@ -899,12 +899,13 @@ }, "lines": true, "linewidth": 1, + "links": [], "nullPointMode": "connected", "options": { - "alertThreshold": true + "dataLinks": [] }, "percentage": false, - "pluginVersion": "7.3.4", + "pluginVersion": "7.0.5", "pointradius": 2, "points": false, "renderer": "flot", @@ -914,7 +915,7 @@ "steppedLine": false, "targets": [ { - "alias": "Used", + "dsType": "influxdb", "groupBy": [ { "params": [ @@ -983,16 +984,17 @@ }, "yaxes": [ { - "$$hashKey": "object:708", + "$$hashKey": "object:316", + "decimals": 2, "format": "percent", - "label": null, + "label": "Usage", "logBase": 1, "max": null, "min": null, "show": true }, { - "$$hashKey": "object:709", + "$$hashKey": "object:317", "format": "short", "label": null, "logBase": 1, @@ -1009,12 +1011,43 @@ { "aliasColors": {}, "bars": false, + "cacheTimeout": null, "dashLength": 10, "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": "131114444000", + "min": 0, + "nullValueMode": "connected", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": "104891555200.0" + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": "118002999600.0" + } + ] + }, + "unit": "bytes" }, "overrides": [] }, @@ -1027,7 +1060,7 @@ "y": 5 }, "hiddenSeries": false, - "id": 74, + "id": 31, "legend": { "avg": false, "current": false, @@ -1039,12 +1072,13 @@ }, "lines": true, "linewidth": 1, + "links": [], "nullPointMode": "connected", "options": { - "alertThreshold": true + "dataLinks": [] }, "percentage": false, - "pluginVersion": "7.3.4", + "pluginVersion": "7.0.5", "pointradius": 2, "points": false, "renderer": "flot", @@ -1054,7 +1088,7 @@ "steppedLine": false, "targets": [ { - "alias": "Used", + "dsType": "influxdb", "groupBy": [ { "params": [ @@ -1123,22 +1157,23 @@ }, "yaxes": [ { - "$$hashKey": "object:708", + "$$hashKey": "object:442", + "decimals": 2, "format": "percent", - "label": null, + "label": "Usage", "logBase": 1, "max": null, "min": null, "show": true }, { - "$$hashKey": "object:709", + "$$hashKey": "object:443", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ], "yaxis": { @@ -1230,7 +1265,7 @@ }, { "params": [ - " / {{ CPUS }}" + " / 16" ], "type": "math" } @@ -1375,7 +1410,7 @@ }, { "params": [ - " / {{ CPUS }}" + " / 16" ], "type": "math" } @@ -1520,7 +1555,7 @@ }, { "params": [ - " / {{ CPUS }}" + " / 16" ], "type": "math" } @@ -1665,7 +1700,7 @@ }, { "params": [ - " / {{ CPUS }}" + " / 16" ], "type": "math" } @@ -3038,18 +3073,25 @@ "title": "Zeek Restarts via Healthcheck", "type": "stat" }, - - - { + "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "unit": "s", - "min": 0, - "max": null, "decimals": 2, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "max": 1209600, + "min": 0, + "nullValueMode": "connected", "thresholds": { "mode": "absolute", "steps": [ @@ -3067,16 +3109,7 @@ } ] }, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "nullValueMode": "connected" + "unit": "s" }, "overrides": [] }, @@ -3089,9 +3122,18 @@ "id": 22, "links": [], "options": { - "alertThreshold": true + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true }, - "pluginVersion": "7.3.4", + "pluginVersion": "7.0.5", "targets": [ { "dsType": "influxdb", @@ -3134,81 +3176,13 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ], - "alias": "Oldest Pcap" + ] } ], - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "graph", - "renderer": "flot", - "yaxes": [ - { - "label": "", - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "s", - "$$hashKey": "object:643", - "decimals": 2 - }, - { - "label": null, - "show": false, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:644" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": false, - "min": false, - "max": false, - "current": false, - "total": false, - "avg": false - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "cacheTimeout": null, "timeFrom": null, "timeShift": null, - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false + "title": "{{ SERVERNAME }} - PCAP Retention", + "type": "gauge" }, { "aliasColors": { @@ -3838,7 +3812,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3878,7 +3852,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MONINT }}" + "value": "bond0" } ] } @@ -4416,7 +4390,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -4456,7 +4430,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "eth0" } ] }, @@ -4480,7 +4454,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -4520,7 +4494,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "{{ MANINT }}" + "value": "eth0" } ] } @@ -4710,87 +4684,7 @@ "style": "dark", "tags": [], "templating": { - "list": [ - { - "auto": true, - "auto_count": 30, - "auto_min": "10s", - "current": { - "selected": false, - "text": "10s", - "value": "10s" - }, - "hide": 0, - "label": null, - "name": "Interval", - "options": [ - { - "selected": false, - "text": "auto", - "value": "$__auto_interval_Interval" - }, - { - "selected": true, - "text": "10s", - "value": "10s" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "6h", - "value": "6h" - }, - { - "selected": false, - "text": "12h", - "value": "12h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - }, - { - "selected": false, - "text": "7d", - "value": "7d" - }, - { - "selected": false, - "text": "14d", - "value": "14d" - }, - { - "selected": false, - "text": "30d", - "value": "30d" - } - ], - "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - } - ] + "list": [] }, "time": { "from": "now-1h", @@ -4798,7 +4692,6 @@ }, "timepicker": { "refresh_intervals": [ - "5s", "10s", "30s", "1m", @@ -4825,4 +4718,4 @@ "title": "Evaluation Mode - {{ SERVERNAME }} Overview", "uid": "{{ UID }}", "version": 1 -} +} \ No newline at end of file From 345710a48de13c239349da162c38bf82114b9fc6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 16 Dec 2020 17:41:38 -0500 Subject: [PATCH 239/270] Make sure thehive is up then soup by hitting api --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 7a15c733a..38e6a581d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -346,7 +346,7 @@ thehive_maint() { COUNT=0 THEHIVE_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail -k "https://localhost/thehive" + curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert" if [ $? -eq 0 ]; then THEHIVE_CONNECTED="yes" echo "connected!" From 027929bb6dbef4701b1a8f9baaa22246a875613f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 16 Dec 2020 17:59:54 -0500 Subject: [PATCH 240/270] fix eval grafana dashboard --- salt/grafana/dashboards/eval/eval.json | 268 +++++++++++-------------- 1 file changed, 118 insertions(+), 150 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index b965ea248..cc4298bb2 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -16,7 +16,7 @@ "editable": true, "gnetId": 2381, "graphTooltip": 0, - "iteration": 1608156396988, + "id": 3, "links": [], "panels": [ { @@ -57,9 +57,10 @@ ], "fields": "", "values": false - } + }, + "textMode": "auto" }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "groupBy": [ @@ -119,6 +120,7 @@ "fieldConfig": { "defaults": { "custom": {}, + "links": [], "mappings": [ { "id": 0, @@ -176,10 +178,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -264,7 +266,6 @@ }, "yaxes": [ { - "$$hashKey": "object:177", "format": "percent", "label": "Usage", "logBase": 1, @@ -273,7 +274,6 @@ "show": true }, { - "$$hashKey": "object:178", "format": "short", "label": null, "logBase": 1, @@ -295,7 +295,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -322,9 +323,10 @@ "linewidth": 1, "nullPointMode": "null", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": true, "renderer": "flot", @@ -396,7 +398,6 @@ }, "yaxes": [ { - "$$hashKey": "object:198", "decimals": 1, "format": "percent", "label": "", @@ -406,7 +407,6 @@ "show": true }, { - "$$hashKey": "object:199", "format": "short", "label": null, "logBase": 1, @@ -429,7 +429,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -457,10 +458,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -570,7 +571,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -598,9 +600,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -709,7 +712,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -737,10 +741,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -838,43 +842,12 @@ { "aliasColors": {}, "bars": false, - "cacheTimeout": null, "dashLength": 10, "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "67551000000", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "54040800000.0" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "60795900000.0" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, @@ -887,25 +860,24 @@ "y": 5 }, "hiddenSeries": false, - "id": 12, + "id": 75, "legend": { "avg": false, "current": false, "max": false, "min": false, - "show": false, + "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, - "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -915,7 +887,7 @@ "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Usage", "groupBy": [ { "params": [ @@ -984,17 +956,15 @@ }, "yaxes": [ { - "$$hashKey": "object:316", "decimals": 2, "format": "percent", - "label": "Usage", + "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { - "$$hashKey": "object:317", "format": "short", "label": null, "logBase": 1, @@ -1011,43 +981,12 @@ { "aliasColors": {}, "bars": false, - "cacheTimeout": null, "dashLength": 10, "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "131114444000", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "104891555200.0" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "118002999600.0" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, @@ -1060,7 +999,7 @@ "y": 5 }, "hiddenSeries": false, - "id": 31, + "id": 77, "legend": { "avg": false, "current": false, @@ -1072,13 +1011,12 @@ }, "lines": true, "linewidth": 1, - "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -1088,7 +1026,7 @@ "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Usage", "groupBy": [ { "params": [ @@ -1106,6 +1044,7 @@ "measurement": "disk", "orderByTime": "ASC", "policy": "default", + "queryType": "randomWalk", "refId": "A", "resultFormat": "time_series", "select": [ @@ -1157,23 +1096,21 @@ }, "yaxes": [ { - "$$hashKey": "object:442", "decimals": 2, "format": "percent", - "label": "Usage", + "label": null, "logBase": 1, "max": null, "min": null, "show": true }, { - "$$hashKey": "object:443", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, - "show": true + "show": false } ], "yaxis": { @@ -1190,7 +1127,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -1218,10 +1156,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -1265,7 +1203,7 @@ }, { "params": [ - " / 16" + " / {{ CPUS }}" ], "type": "math" } @@ -1336,7 +1274,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -1364,9 +1303,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -1410,7 +1350,7 @@ }, { "params": [ - " / 16" + " / {{ CPUS }}" ], "type": "math" } @@ -1481,7 +1421,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -1509,9 +1450,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -1555,7 +1497,7 @@ }, { "params": [ - " / 16" + " / {{ CPUS }}" ], "type": "math" } @@ -1626,7 +1568,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -1654,9 +1597,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -1700,7 +1644,7 @@ }, { "params": [ - " / 16" + " / {{ CPUS }}" ], "type": "math" } @@ -1781,7 +1725,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -1811,9 +1756,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -2173,7 +2119,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -2200,9 +2147,10 @@ "linewidth": 1, "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -2280,7 +2228,6 @@ }, "yaxes": [ { - "$$hashKey": "object:147", "decimals": 1, "format": "decbytes", "label": "", @@ -2290,7 +2237,6 @@ "show": true }, { - "$$hashKey": "object:148", "format": "short", "label": null, "logBase": 1, @@ -2313,7 +2259,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -2341,10 +2288,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -2453,7 +2400,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -2481,9 +2429,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -2592,7 +2541,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -2620,9 +2570,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -2857,7 +2808,8 @@ "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -2885,9 +2837,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 2, "points": false, "renderer": "flot", @@ -3021,9 +2974,10 @@ ], "fields": "", "values": false - } + }, + "textMode": "auto" }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "groupBy": [ @@ -3133,7 +3087,7 @@ "showThresholdLabels": false, "showThresholdMarkers": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -3199,7 +3153,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -3229,9 +3184,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -3479,7 +3435,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -3511,9 +3468,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -3751,7 +3709,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -3781,9 +3740,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -3852,7 +3812,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "bond0" + "value": "{{ MONINT }}" } ] } @@ -3912,7 +3872,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -3942,9 +3903,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -4136,7 +4098,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -4165,9 +4128,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -4329,7 +4293,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -4359,9 +4324,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -4430,7 +4396,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "eth0" + "value": "{{ MANINT }}" } ] }, @@ -4494,7 +4460,7 @@ "condition": "AND", "key": "interface", "operator": "=", - "value": "eth0" + "value": "{{ MANINT }}" } ] } @@ -4551,7 +4517,8 @@ "error": false, "fieldConfig": { "defaults": { - "custom": {} + "custom": {}, + "links": [] }, "overrides": [] }, @@ -4581,9 +4548,10 @@ "links": [], "nullPointMode": "connected", "options": { - "dataLinks": [] + "alertThreshold": true }, "percentage": false, + "pluginVersion": "7.3.4", "pointradius": 5, "points": false, "renderer": "flot", @@ -4680,7 +4648,7 @@ } ], "refresh": "30s", - "schemaVersion": 25, + "schemaVersion": 26, "style": "dark", "tags": [], "templating": { From 73ad89f4badfb8ba7f34d794f7e251bce1a55556 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 17 Dec 2020 11:05:57 -0500 Subject: [PATCH 241/270] Fix so-suricata-testrule --- salt/common/tools/sbin/so-suricata-testrule | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-suricata-testrule b/salt/common/tools/sbin/so-suricata-testrule index 645a0368b..fee70cff5 100644 --- a/salt/common/tools/sbin/so-suricata-testrule +++ b/salt/common/tools/sbin/so-suricata-testrule @@ -29,14 +29,14 @@ echo "Running all.rules and $TESTRULE against the following pcap: $TESTPCAP" echo "" sleep 3 -cp /opt/so/conf/suricata/rules/all.rules /tmp/nids-testing/rules/all.rules -cat $TESTRULE >> /tmp/nids-testing/rules/all.rules rm -rf /tmp/nids-testing/output mkdir -p /tmp/nids-testing/output chown suricata:socore /tmp/nids-testing/output mkdir -p /tmp/nids-testing/rules +cp /opt/so/conf/suricata/rules/all.rules /tmp/nids-testing/rules/all.rules +cat $TESTRULE >> /tmp/nids-testing/rules/all.rules echo "==== Begin Suricata Output ===" From e0dc6cbb41bc477699a516d9c9270a7ddf6b7daa Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 17 Dec 2020 11:15:43 -0500 Subject: [PATCH 242/270] Update screenshots with new Grid menu change --- screenshots/alerts-1.png | Bin 192060 -> 250878 bytes screenshots/hunt-1.png | Bin 140926 -> 171491 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/screenshots/alerts-1.png b/screenshots/alerts-1.png index 140150c776129ad3533e997838adf39e63b6597d..099710f4f79fe62a4be515a9ffa0b9a954e39deb 100644 GIT binary patch literal 250878 zcmYIu18^nL*7c2T+nLz5ZQHgzv2Al=+qRQQCf3BZoj>odH}5-Dx2w8uopbiyz1P}n zcXxz>oH!gbHZ%YLfRmIEQ33$KvH<{)Wk~SvE4AsdyZ``|sF#X{i;|%`p@WmXnWc>> zp^K-3DWR!{r5OO=u~waJ=|6!K+^rU#6eo)&b2d(}7jH_Pw0{f2M&`PpHuf2Hx(@p~CZ=lKK0)%@e<7ng)y>+BiPPu;S- zS$!${hvkBqTA1ougq{MQk2GJ{vpd`ReNBHjK8}7ciucO)#MH_U@lTn)WRiT|rr8I- zhb`~Ly{*@>$MTDr^!6$y9`N(dEc-oOx?R2SY)XV+(dr{TkaPR!ha$+8@bnN+zn8zK zy?Foh3MUa%FdR-Vsu zs2;(0x1m{T*fZKUePc|$zFhzNp=Pn+3BhL-5M{ag^%(b-xAm_6+2);ALSezA`FgEs zpsd3TTbGM^j z;Na?~>rc76mC=v*NcoIx1W)#Cr6z2Ej|0Pk**Sb$N5k z+L=XtajLdubMw;r@e&DUy7x(Q>((3QAvim>j`j6RKlLB8Y|BGUvmDz;PV}9|`H9M^ zjx^-J&UZFmXC`SH?hueB3%9ixkpEW4hArFFaBz0r!F)u(x%?=Y3< zJ!;ciQYX$2qZKz5l@D*of)0tzW>x9MeUa+b03cf}=D$KxB`JS0U+hRl*}yZJ+3X;y zF{RVx>U;*{n%~-;zAQF%?7k1@e%hR+#cy94oTKv}o|~UWi!B~@-Dqzn1&0gb4Odzj zrrbDZ$!D`$rik+(_k;=`r_3u>v{OmIg&H@>uGXN$f6`xqCuT9@R%fv?-C7&SmO>?s zGzzpY$S$!kSE*c?M|-Hlph~|L?a9Ro&Jktq)qqsbKpYrYN*GPFn(dz z)Z9FJV%&d9oFscUjKSnpphKEv~ zt-kP~+(`V+FZ_|ZVLnF?BebYHXiPk z_9S%E*xUNq?7q=^C+znS`}QN(Ti()rg$2Vz=eVI60r0Ilm+2Zskvm<7%YV6Ns@~7u z(x^)L^OkF(tNr70-b@)@t{(-E)E_0eTa~mVWgEBFR%7i>WYOQKB|g5vnP_j!e5xaq z*1^k)7`^|wVEdc1R4<--v6Cpf^GxE2ElmPf?{Ahnn86f$a={fWYY##9UH6RftudIt z_4dm>VBXMl2_I0?&K!^K?+6x|PoPx3&|^0ztP5$hxpdW#49^jXy8;8r<$3{fN@KDO zB;l`Oj=vUOC6(dt)6T;fe*Oo)F`(*0XDom<_N{7W@?psU2a(=zX+k3uDCvwR7?h*E zJ5JW7ABUp&>dHJ&+gPoSF_xS$lPzD6Fxd!*OFFEFkXBRq@e;ZGaCi z=%F8t#q^=@uR8HN#xz@BV7Nx-?%e)}V*_;t^eGV(QIT0ADe*%^^I$q>7D&Gg08S+VOq1FE8fc4Qy5ezII- zvn!Zi(GjTq6sDgaFT8PhFwqP@#=sDAgAn6Qv|)VFHrEDO^5l$+Kqi6IxM1-EHX$al zq~H|buQ|v0VR(F^7xzG&PH&(MtwWjAOeHnfunO*FB88mhRxi~cTc&>&uxaQLo8<%M zXUZ=|hKTf`*F+*;lwhL9z7CV6?A~#lSl0$LPe)flj??>}Ln6eI>b4Lvis~ ze-yoy(SXPYRFy+`RRDnN@pUu>(_&11BL2>If>(i))S<+>2X~Ml;N4u?P z2eQkqT(k&!FDil7zNttf13nuU4Nmx&DZ((jD78`ve}jR^Y-e0Hil%+iq^q%FQ@>&T zljiRqE+E6uJ0Y@cps3n4Qeht>!k}T4i$n;ETs}w@Ct4;-&L*)AbMCrA^%y`D@Z#>= zA3S0xkJn=ABfI8yQwc~a-fGgUSI^JMIW9CxF zKjJAWq7oz~0ZM|K-NU?!!OC&>1$w&;pz|B?BaqI}&W+5f;tK>EULX{U9} zWB#d)CY+Q*fCP-x45)pq1wFz_9so#I1gu=yg+PHG8fMw1Cy6>=!oD?@?(Eb z@8<*(YOteoZT9krh;6i`zKm^q2`)3*hf4)k?5;o`@Pvfzkl#Y8aDj;jwvLoom>@b1 z2_@mKH&GIOg2@ObIPmczW4x!H=K1UI! zLp`0TNF;^`LnGRy!~ZVyd>-@?#Sf2#N*_a$2ZK&W6`E!W{Eukp%3Ta+4ODycGok&$i^w!B$H&5aJm1$q^b)3%^&9bu{Xl!&>4Ed%e@Zh{UJ~8DQi{mqc6g@c#o=mM2m!`-g0aY934n6 z-I5+IvJs*NnOGkDLf%njBC}jy0Nr~;B|rD&{FshNNP;lbOPF5-R*?SpPDv*sWyIG> z77`=Ba3U^QAg}=;#D{7MOMDVhlhm;9x&g70taP;0C1HpMDzMv9xSMzh96qQftc`uw znnfH%lu>&PpOG``_ToJ0lXr3`Q0ubxnmO!ppt3`b2q`hpBte1}+5zzVwD9q;2w}bt zblgY|V?~u%|9&80IAuDPA2s9fA46UGbPs#X--2C{9o6G`)cK2!1Pam)@|4Ng{bnns z{>;>S7@ET#{>fc`u>0x9wiNUPo&jkPW*{_nc=TRH%+ju;dpoKU7ueyniXhP>$#aW_ z%zg}k$Iu4Bw2k@I9(K5721b}p908i!a}4i*pX7KTBfxl~{&zcBin?dORr@hEG@fzq zpq2ubQ5rdLC(H|l3iIFZ?1;H| z-#i4*!q*nPL+ho~a7VW1*p5x2gHGR}&?y7rD>Jis?XDmOfm~1yY1K7y7znlwhW^GY zlA{I1CRaDDYRKe6MWC22aW#hg#QI$)q>7=kdSUE&-)xumlPudqN~lW62Bk-+%C7qx zE)%M=NBlj=XCD1ok)Pojc=r-J5G09P1Pla{1S)N`>@ffB!DWDR-%P^-)zlOba; z!9YtUjHcmuNOfUQ{WhRo>}Z1yr9)}-$IH8S_TL zuw%)%!ql7VR{ewVF$GAH!lDcakqnP9*pwa_(er|Zzeo&s`*w|bBprUyB>+S9+>4ekSz zesJP=bYqHv9bxJ|PqI$-cQ1QpUL*ye9@nJry#FmdlSN;3?N%dK0TU*kOaF=P@od(g zz{He2p|t}i1{dl7)kgW^R8J)x74s)mC1-k1TVFMtK^ho><;O|8PGp&4YJzoqtFjOp zmG8CJK_`SSK*JJ$Clyg+!ydM2FN?FGe{kq-zh3xCS3%oRmtgj*er!8%ahS`EC`{AVXW<24<`8cRVC( zN^1Zo;@AKrh0>CmoWSBQ<+zGOp9~HzgJka(3bF&FQyMq%DR6}`S)<|wT8o5D5@5y~ z6EpI8Oz>C`5X|Yn;iJGp)WTsKxf#GZCD1)Xnyz)CeNjv^5fAskV*98Vr1zfL@U!Fw zttipbOS$2ozZ4i~8-VV@88%!cjQM(o^%U zrBK!I_}xZD=XZLCckM+Ym%s)dS+|-@!a?N(kr{;Z88?QQI?Td`Ad!^?KTBfr0}Z~Y zGz+=m1HJQ#fQ|bE@DTTHqjWB=cIg<9Xc#Xo_Wi3#+JK7r=;jk$fX;tj`_p094nla5D$?cnl}IA+#SQ)g6IG%91*K zC(pQs7gXGSku8GuIiW4F&CZiV&XDH|L$@bwX8#}VNE8&c#I3%sp47)m+SakXNY>Shgh6p;u|q# zQBl^h5bYWCo4BL22{rv{rPh$ESm+Z4=8)WQ<7_GmGwtZlB9hp)FY>B*&Ac(;0jo?E zO5Miq()=Zp`V;h3#j#;$8qvj9lm|U`+FBoHYM~`k%1<`2sQb12&)E9%GgLuezF?vh z`6g8@G$!UPFqO^q7~OHR_c&@m@eoxgI z_2q&q{FiRN4J-oF@BGhHCM+8nA|;dp$Wln(8v*@gpzGfvGUSSV$as3BAT|tZ=h*zn z4A-s_3`RfeF%=+spbbbvQMQ=S`xb>oDWsGzB*8!h6(!t6ek(@|Cq$dDi8%Qm4&}5} zluvG-8S|0T_>hLC zBtIcy*5(ez1eLrXM!qxGc`9vL8Y7MuD!PpQD0#chgvHkKP$(L$F@(R9f8|>7;2^l` zsHrX*jM=vg=K_%&#u5N&P+q`POKKJr>!ON@ecRvC(4aam@8Itc7EtNMD)3yOi;7=3 zfT6eUkZwf?2daL7@NAtsv{$3pjNUJRQ_aCLPBw>?*b+w)xhE$739;w5PV#45U*g4Q zZD0o_N<^W*)J&1`aQotwV<6TQfs|2w)k>G6j}SR!q5AXqNMS4n(!;k?a2~TG+vzAm zani%|`iZoZm_N{@!iR7U7O-t!;g2+R^?a^-aN9J<)gt9pwV0X+yB4%;;QWJVLpzbQ z5ROFV-Le_lBxN3g3WGpm0e=|iChU^@Ih{)gTwlL{2aO+<1<^$H0*lF786R$&4XU9s zZpR8~+gQqR(m!b?7#oIAMBo?dg`X|UQScjYXh+M4kMtoiAKQSHHz+R&5@&%>t5wML zB*)sVA`~Jh_ayP8fE3dB#V@gKe$QiyA`xS~4V<}fTCh6(lb^(7cW?mAMtyEI+-Mq- zb6BB#1I$Tl0l`49AQ31XP%_8`erWc1c|7$@c5rRu0hPT-xX`eeI5+>$eUUSd@ofMB zDe=^78l@*gp83oUYnex3?Y(b&hywe(d?V#KT$$yz(b92pidREbghide5E z!MKFEM;&DM*w$fM&u&QUBC-|?TcF1`qKG&r+ez*n7mE!w2jge`_^KahEpQKW@yQub z%CXj2d_amv6H~D1-etkyUEvP6c7K!Ns|`s=?$>Hh*UOklCJSf*m@)>}=^QLo`Iuu( zA^?irhR68^+#pR8YGSLeW;Dclw zDJ0i2&jK1?8H!qFE<9!YR()Q@CxrZ{ikxLY5@?Inh>w{Ps5eJTcJXwJPc6kFYGNy> z#K|&cVlC2I4121n)=ae)rWfWuGHRz4nRW0CT*kC%}5 zK`JmJ6(WF4+=2+dZEhGr!fj|=A|C6%tb_ei4ss5vN=x0ii?DC92z`fYIgOz+a%W~ zVhAj0D#`VMwrrorZ)(WQG2U|>gjfPKkf2~K1WH^r0yDb-djxYxS&4ImT*4bY6i0}V zRD${o+ckU_n{OWfMu&yeg}x|g6AmkC!hjAg+Z+M6cptg}f;{)6!^qW}#P z&V1|?Revy-U^H@(08csOLIP)&0`%jnrE1L&!<}cs)OmR7T(n-qe4v#miY*i!@!UY0 zG9_L?!r2(=)<=!tBC(}XYuQoUsc5uT)nqW zaEhXNv%v$VM(Ci%pTg<>$)Fwuh=*owITjI*F63!-Yg4r}yj5U^3CA#wO9M)vDy73Z zP7O!^3cvVo)|3Z_2;f#AmW^eM0>%~?4!M)K>;+ATNvpJE9~m8L#?I&jmh@*zSU;QU zQbLE*fyCk&3?Lrq)+XlbOna4zQPgd>_;gq$t0&``y;L#s+r)d!A~;BPBg={iLV*OT z0mN+(4?x*udKuC$uVGuzNekqdF8Hz$9M$8!9ufQ`w%f`8+C?KI>7KE{MBS4I*Z2?B z*w`a+b3-*o0MJc~s!R~>p=S)Q-kY|jZkG&_^bp>&qvzus<4iROO`FZop#f{t0X0D{ zW_+Y+x~l7Rl=gL+1>N4R47w2Sy-}Mw6c-0@`h+8QhFKZ(jlaJDq{zcABO}vIg+l`& z52>0cV71Svj8x7*Z`{l zDq3geV^-13uYz}O25`eBQG?CrRTH@QWz|`z2#Orx3G7%$@(ZJF`NgoJ5)sx2|8vqX z9FmuWxlNGbP_xxEi6sxgH!19~O#>P$_3}d7D(n$4yBjyNSF}F;QhyTTUk#V-plEZF zicDyjVU|z+taB7oj{~vH6vV(}rPy*>YnH~}4@deqB#z4xaY%`s)XNV`rv$3!wb!bN zxv@`mPYPQi`@10jj@2VJ2U5YDgDe~dkpuq>!(J}^9B%`=+lKSPWYsCeULlq;?T6$* zSBPWLT*DQz2TCmiE6qN^KQ>TQQ)5-uLTdlDIRynGVvCeZJw^9d{p7A2%l9Sx4I=Nw zXW#R|o757&IYuvWZSdDrSoykmwWKwMPo-9bgpGeK<6i#$g_SqnwwjvrI5h-|Ygjx_ z&L|104GrK`CBY{pwmn^uW#5*G<2dBAAHGVd|1=^zGld3h^eS|R;eA3@y z>snmj<(4Wo25B4_Lcc+IBS#+W=#7ENLfI&;dGdV#l5j1y*xH}!=r@S!RKqARlNAUB z=L*~kF}6u7D^-#RXfZI1n%w@}Vso5mzN{yu{kBq;bvdCMc|T?X{z82jc7qt*;rI; zadK*CuC5TswMr=Uh^|QcV7XXc&6>PIN?T5;twKMfE#3Ox)I1v=`IT5UnjO$mf78>3 z`VPrAn6)MJRI9)FNI-;&>>{;~5ieLILJb=b8E!3+jTP>F)-+WT_)V0FEYhD+qJnkQ zAU%L9G0y@+MvdqGdF;CCNRayGE#GC;xCK{yPJ`MZ-xjK1?p;#VKv!E3RpRUfYoHup2DdjNjeW#32kyg4I|c%5=FcEI*09+ z$dlUSm?Wc5Oqe=gquG$(B4kb0yl6&UV?V)kRNRj#7PRyzu?z)DOkAhOQGK|Ci0J$g zv@6gP5To3fUsx7gMX&+XyFCOnpdxgi4e7Sl9Xkr9ZR&45v_%Hyv{*R6%Aex+3k-UC z$l^ESL98ahBpA(m0t1romXjj0up`Ht+6YXj%#~*x&g8?9y#+V{NC;L4M zBMS?&Q^>f%SB#ihhC0o{a<)c*@ ztisak`A90Ta8SY7Q>9)$#kuk0pRUjqO|V&p-Vqd*is?Rk4L{<6Sj8@E%#F~XFz`jV zOOT^<9qJeLT#4Qfp0}x8R>OP!j??1Wdf%q_yML2TtjXXPG^=b4rWNRk2hnKA<16jN z&iL}rkQhuY3WB}oz|M>rmbN--rPJ!F>QK_G+xST3sWGt z&o<&zv1SyUZ?ElI&bT@Vz@q0P11XRSSG^eLps07&JH24Vi&5S|!u%5|8D`lJo5HeX za=fvxZGEL_dwgK^hWv`9KbQpYDI79;->RqS4P{*jAm{_Y*Uh@QXF`ZZ$N*j@MK7U> zfdudIfa}N3qE{8?ynO_=%Jck$P@=iVX}6J8WC2mHp6fUeH4$sK(Lzcli{_3k$t^_0 zGPJJOYlaNQWjlE59;$bP5EZeZJWx2Av)x1n5;~17uE`p@)0 zb$Eo_+!=Cs?DoUv0>1;-8S5#AskxDBFSI`XP_dn0{VOZ8MKSa9Q}zRIrBZt}=NVcW z*VXvHIb2>@^!tGa4dXK?F_{UR6??gf(PHnpuXGB_aUw-K`U8L5+M9DV)B}YeYgOyz-vz29 zZthEh6I$9!87j|#;`n3@UXG|^)0>)2(qL;(l~O5|Am={mlkT5^S* zvg=yv4iLZ@(OhvQ&Y@Q_&Xh>AHEyspC~A5i$fDInJ`&An4@~8v6P=WJ;sf~z`8vCF zWe3PIL`3eS?J0L-SctTeO*2Vv*1I}Z=R{C@ge(cHNh_G>4Y3yKj{>)}7LrX&xD{VqdD&`qntY+n{LKV=oek@(1e%yX6c^A$g zmkR?xx}VD{O6o|>w{*6+nhS5^PlaV7(QxN*L!~^m%MF0u{ngBOt}dQ+ZPhJxo3j*| zL6+O`e>9eCZp?-+P}Z}L-);GbT~?nqMr!5H$}$wAjFPrj^ZA&Bwy1O4fuWag$a;&> z%$R$-Sucm)Cx9fFNaK}P<%*^T;U*uDs5G%MA(_Ir7C}@%8s`{!Nrbb|ea48GDmfgc zNIor>%^B>7*hFOKg7Une);6k2SUy~K!4+QpP?FS8W&fjiiMj9+bQ=i84Z<W}Hhe6|zB{BIgir;xGn)h`bnu}(f}J4Mxv z9GP8lFcpDUBgS^aaoLLgABl*f(-T2BXFlWuw1e(_PDYe^KP!FQVuu&FBndmm zOI2AQsu`E{d%~@IjPf2yR271;YS!WwYXdum#0-W)*$}oa5#SBWPDp?x6v0O8AR*LB zVf5-#0uV%8X~c%HPBBM-4@%gm)Tt{h##KCD&~4%SUd4|l=B?!`@RC)+I7UiN9T(?9 z%GEKNBGD3Ixd0Z!y3MT!9t0t=J7-pG0BV=Rr{`s~KKXJitOx)P)6E!U?Vc|p4^IVJ z-zaJ+$~f|@0Z2XS{?g*|kEx+KQBO&ofXABgH7K95`xXa<7>T+HIl-60Ll+729I;4$ zZK9OOxt~W4NOh{d%@PI+#dz*RD3|6Z8LqqMB`O8NHK3h^Vk*q(R^>*iJ|1uV^ROCx z85BCS6u2$$rRmGH$_ii|-Lfp4gW7!FwsKOmqB-zAvf?R>I20)D3Vf|DV}xg8;ciQe zm7=t(steI0mP&KAwXkIl4LEDWv6vvPah1za`z@Xqf{!`&Br3+!4i#%y{a8j!czF|g zPH|S-t^qdoYo~%CEUTR4Ms~M|ZodVi=%isUU5phQ<5HR}L(0U*X)kn>Sk}s2_JJw{ zxfhi2-c^5)+;Uf!f0zoKo$3_KSTNxVf;@s_k3At>du${wpTHLln(ufhlz4z15*9Wt z#zq?TjTDx-OM)*uB2NmP1;)e$C{~|W>1mdzn5MhUW!)t*I}|< zIMr0H2`15sBK<9*vgg!WUNSj@l~nv;Z7ZpbSvHEj@O8sQSXZ1L|7sUNjSDYjBI6kqn$AIbM=| zxFOdT>TCTcdyJYclqSNYG~;W0;i5)x$zE|n)f}BX-v=WhJmP-rjL|@(G)|W%H@)6G ztg8%r=MyPvTnJ>a$A)*`? zo2zzt+2r9!PK`XxxD($@!MO^JxuZP6p;006UHXJIt`4AJX?n!e3JvVj-$AjV7XueP zHTN6}PK@;fV2l<1`;-_I1MUNR&Wdo#z0j=gfB3r35Y%B_H{ z=_J5d)sGxna?_cj<@f8`0q-wCRS!vx65`W1!GSv3YKW zr2sOz-7n-l@Lbc16hG{w&Z`4XIIOOf+#Ox=ee|{!*lqbr*4pU`1)#KYH?T;zyrYNB zF_o7d+h}lU)HVD|V_b;4I39A!gS5gBI^(^=6iqa6{DD&m=SyQXy#Bn*OX6R=zIt3| zarL_Vdi5}Kg#`ORPQ%x)RO-6w+R)x9Ha^-ZKYL@OuJtWqKB^+QEw)r{i{e#hfsiq# zB^@`sY;2D5sv9iCJ6|{BQWR85U2~M0EwRa=nc(V33%6{Ou|1dW3jITwCp=+X21s@J z1(x_OFywJr0-XRnhT}@76MNtjJ&7fJ+s^fM2Zt=&YYv2Il+s5^UUrszm4I;$l|JI; zdSO*zTzfY9a#DUL|EsWMp0qsz6G)+79ylWa(DwzKgy(7 zT{k+YA;@awh#ml^d0$@5AIq#R(yjJMb;97>w(Lb&y9F56p`Aknc1FlNknikHGrfoe zmFsauYWZp&Q?FR?UTCr3XdBh-?Dc_%(j(`Uew0?{Zt+mgB*7V_V$k_FPI>;XT~W}E zFYwqY;ZT@uHdg=uDA-b1SV2-)_}>Sm-=C3Y|4iVO7!<%A)>kejMnmHchcqjbLl+Un zZH5*tL$nG}!;_)=K+I$zrKF1uwC?YZ8?Fe7YOH~;2_$?5+TA}cIwmIjq^E2Ozu9gh zxVq%M+yWA+9%8Aqh5hZaEKT<=HjS`*yN+Ypjkvg)q$u3{3M#QT`*@E-dNSQ=O^7UQ3C&RxiQ z4GY8K5Y4%T@E;L{6(!0&@i!U=UBjBxsv3K_?;$(cJzYbtnL!c;KvD68LV{p86#Zh+ zYB{JdlxuNs&k#DjB6J}-I0pOa;#k-w%Ltzky`9asD0_NJ9PmxO95bT~h-+Y{s-rJ_ zZrQI;h(6#o_a(hLASL{gwQSADNWZ(`badERO%d8QfL`-pSCe%qC6vdG0-l&(OK5(( z!?@IVb+bM?z5mxT;CGkSYLfAw=0f=75tO8{P?gdrJR;Rv zHHd5jl&T}Yoteo<-e_RwL8brBG^TpwKv?QnlE7>dtWZ>lyCZ5*9 zr@r}p9I!_sJ*+N|Mg14WafAQ3B&Q@qldTsqKEdWGxI!r-=~qNNoAU!fG!j*|v4)Zo z>d(&0_>bQ1FfQf)Z3ALCFYscX+tyNJ;$;mNL5_lMu7=Y26!$(&tyaDBc(LwsvLJ{@ z_Ad;#81s>5koFd*piG-60qFHEi=>8F+;(iu8IGg9@C$a(k1*-iDT=L9~h*N zkv!}_uvV{CtXDF{#l`iw-VWfB`e(vEy^*E8IkU_rq2J-oPXA~gY_V1IX*P#%b{In8 zm)l!9Dn?Ai0+yi+I(n1s8~Ih&pM-{kiM`9iSXXkKOa3-_8<{En27AxD*V~i29aLJi z?EHLTQj4MHf5yB+SOhl~m3znKx?HTm`5zx!@O{}V@SFWruhy8^>~ud_y3n;+E*I{8 zeE^b>lG@#%@2xXFf?ulDpDYN1&|l?)#lMA;&13=FK24#f(eBXrk@CN#&nUOwVddmB zE#`iakx8eOc--vnk0m5ks@Gmm()T(XE>NP=>y1@ww|=_TzNvY%-Ei>GoZC0s=j!Q! zs?-SGAd^vOHDPi(9}+S#MQ(3Tg6j87&5?*df4)_}Uw^PQczdE~RHCO)tCr}z+@jK` zga?K|&vknvs8wr?ZwnG2V__xiykXvGe1(K;F5pQ1i|HrIe?etQtzSUgXf{2F?4$@%Qr|H}N zK~B;q2>9;~R~#nOiTi~HcDoIOr7Enc9Nwrf1On{IN!2oeG`dZT-}yutOs2bs(^)Q8 zODVkGZl=dQW)1ZPj(a6Koo+Ef5RWI*r2n$$%f7+%uE@I8opSd`+{J|@3?9#DrV49l zc-Zv01=Ybf@Er{L`r|RjWF|Y~dzS|DSvxk{wXym_aSDZeMA0a;Ld!p99^T#{3h&s-d)K*7b8S)Re;blR`e%qo^jG27WKZtLv4JDwxiy4s97m`pt$!uT)H z68uuE7Au*ZmvD7-H>XnbIGr=qXtf>g#3VxP=!Jo2PnJ0}8rRo2a zU2n0+p8O8i^Xpk{I;SyLoRP8eV!3`V(Pqa}zR_@Gx(xZR!a~p5x6Ug4-lZy?odMq} zoo;Y>F%c8Cq{ z$hzzh6bviV=DxOfXYlRz$f(lPP3L!q2LZqLw$kM0=5B0)v#f7vA?M@c)3s!;s;<@_ zzkcLztZO1=B-+V1_?+;+>*V!fvRbg%d#O;ResK`sxBJ`kG1cLEwq!oBP~O(ohK%tP z4sYK(ol2WEHIYoK9-C6RWMpqYd$F#la!dcU!P(Ay+NPnQWn{>NL_m;t$@W>{{4bqF zJ~_WvnmK07<8PK3jzr`5np}llFA)`Ext&~X3=Rn?KKonS`}x|+jkvV5B&HQgye(SleW&MRN4wxq z=iLQOwJNPa99k_yrVRi6goDcEs-sPJZ=U*Uqv5DVuW7IEwd7lD#?_fh^3`+*lTMQ>FxFOD^zRkc<7Z|XaHnV$qcF0dX2de zC_m;dFWfb{&3M0gwtr;ivi#%lH8cBnC(F*|q0UQ<+Qb0)w*;p*@m-SKXESe4Y zN`ooNcLtG=l7d>F$;jle<=}EUWu|c6-_61jyix)*8#}J`YM-W;YIT~Ij=5o^r88Om zf-L`-JKo;Y2XAx@?-Y){7~P`s@bFBXs@CWXd)T(Lw3I(iPjBWtUb$>{ib}V+yihF* z*)`miZpvhE#Xx_iD5cEqp4%+tHaD}K$pP7;W zWkg6Y7z|&tjNRc#^JBJZre6sYDOB&3@FF@oxZg?FzqFK+=y2{k5x$K**XSHp$ z6)RLIBhjd5hNUs`+6d_A=s;DowgfgG8&#=UlZNS>GOQKVEw)##XQZAWP(FC zhsMXp%Z|2>C0cA&V~!~QKZ1EZuKn+hQgJ4+SuDmX&?fWR?58tXNb;r7c6WD==ZlRi z9=hLr1X5`<0V{QeyeL0n{fxASBQcJuTi293WHk8*?y&yauLJkJI3IbOO)uGOG@+TB zn}hqkL-BUFvsQAuU)p4{+RKGNe>T~yM$Q$AVU}}IL4X=qT1tMtgQfEsqpMb^fe{iB z0VR!#)abNZ{^es=tyC-4N}1T`^&m-zB-o^JsDQ!_-P&EDOd)D7sJ zvxjqq;zL6``>lU{y-$``D%I`3?=&(t_C)q-qveyC_Upsh{0>IeQMbd%p7# zJT5#m@b*G^(n!Nh4mX4000%t&%4iC8zt~@1*&MG2AdWgeex#ipv$LwIs_)VZ2B@#E zhsAjvM_I?Z9ar#Oxk16>cKuH=mdRs8c^f6i;PKoAbv~Ms+bR`{ad2^wSsV$zF$QvQ zcQ4iJ_9|bJ&&$BI;lo88$`1gc&|%t}xJ5}Ot97 z?&kfb8tR{~UGn9L!xX9wn7W;AW?!E_HMF#t9Ja&caoc+w=8z{+sAs?3I$3}Ed3$tM zptT6-dAsx@B_m7V_w(I4`^?=M`p3>+j-Bpb_X`j1S6i$`Ke5P!#W=EL$g8U6mlyuB zUY#E+l9Xd%hDSwFEB9ndC6&l(c3BW*vDtZ;)ojj=#>&I9eL2NOqD^L0cOv6X#qnR5 zTy25uk0*u2;&Cw=kFWs15nhtt!C>O!;{}dl@mAX$yA`j*##r4hSNh+3yqt)*SV-fUs+CI3orZ(pTi&%l z7Au$gmX=b})6-QjxY*TajhsG8U`TbJAZMHMQtG1|(~1 z>zVJUaJgDxll%gz(Q6<0uKgNaE}Q`Y&By!(gi+|U`&-?e<&UN_=c}-csyevoc zZ@@-LEcXser+v{Pj69qzTWmIfrP1q;d}Ht%4$StS?6};HnT*Dx$`vXnEN3rhv|=x} zukOa<(AbuK5!fGwM4c!^w(I@dEcz;^|oqgi=xb2gtvL_^CktaaXfb}SE^ zrnerxEf%;9zv!@xMhCZ8D1!Q~c|2bC;fs~(C0hDT&jjtpOVzq>Lp}IRCXf*k5k8!r z$gCBrhWp|B{xGVci`(a>)K+e zyqh*~IGn`q{0Hz6ylH0I9~Kpn@?kNh2M2>@H<}e2kII!#*sQhveCI+~=@YHZeff~wbj3G3YO8o6Bk4j~dG$FuhBWxC`Hc=H4mR3D@*o$gtIR0YQU^}n@82xquBFcp@1F4ZJnLPo`529ga$4vYf~8VY34L78IoNOdhBE)A46zJZ|CLYd?@ZyO`?N#MWe zlq((VJDn{RYx3XJCleuAlCraB$f#7R;rXXbenFo9ASZR;+xe?!IfEmr4ll4{t@}!eE!tJZCZ|ZDJ zsDsbA7|&qlG{61EA`>b9-CcNiw1=r}twu}o=LbYQnKb(8Le1psgJ1Nq?MfLG8yg#s z&vU%1wOVnveXAW-TqBn`*{%FrCat%dvB-1#U2l5z+hG>i`SVVgitX#`A;|Vf431?l zlpntv0zQuitNrcyDiCD5??;Adt*-P;nyqaP6gvU}a$W+v&OaGTD*DH48k2tqrorrk zB&sjVzUN`+cC+&-UwfG@oA2jsajR|drJv)|)nD_&sgo-0-dNeJ)_CS4>-+P?EKX-L zL;E}|0DteV=NGh}HIKe;7esDuZh)cT4{qQn40^rom3rf38qLJe7@RDyY#bH|xzc*; zWqElSDc}2N#XZM4BhhbKo%vyR)|_37goJO$BTxMl9Vf5%{+{T}4Ds>qoOyvtsRZi( z-G|l|$t%S=zB_})5y<~FG;AP6`oHHt`>T1ba(W!>s?R&@w^NH&b z2znMCnMt=dxEXa#E;u1v6&8yuaMp zY&N{KuYIE*W7kg}$k6cSN;0C(a8pYvl}2(pGeARI8wCR+EGGx=TPK0!@?a76?c@^* z2@Buc-xnDMiIoG-7_!?VqoGB77sxA@^PvQiu)Gd>5OCk{;$pII(P_B;Xj{IN_T6!0 zbLxY9C+kOTlRiye!Wu~5{AnCh1Qaw|)IW~DdoelwjRDP8dVO)?-AdCJFjXx;0nlw7jQYkb~i(Bmz zkmz^6_1Q@c4$j*#!B0SS6%$rmA%WO`YRz8X+Iz0hj^{TtVFBMANhG>=ebT@^#(|Ho zBD;O?_1!E4ki|k9BLEJY1vK#ojn8xR&Wm!X+|IXVz#guFhld<$1c?9Gss| zEZ3jizJSMzf%>vJKet$|fXiz2m0zye1hhGkr8^pr7Fm^g#eBbYsfXW%*(1@@0N~HXdolR4Q$VQaaUT z5w6>F&)(Aj8kK6Qz0o{Zla5RwBR;pU>sOd%Vu`d_EuRc_x*L$yw`{P0}`f zoPj2dFVEkft?*oLq?>NEVR?Dmy0}Yp;KlD$6DjkXZEu9Di|mmMozRyt{{6h_t#;PN z6VlA3sQ2E}BF7UZzQ3fOzdqOi&d+c4bFZxL&ad&BSM42*I8~x$c-DkUIo(fhH$8Fj z;+rO6ps43UCbZkPZ$Bv~CwRSJT=kX`)T2Ph>7nj04jMwI%L31u1eWP0ZR&NUKa;4L zt`y<_@6(uU)zi~U`uOpzZrcNX-khcN%w5h?vTOS*!%sKl0n{yyY&;W^W`U}(Gk0XWPKcuv%pPJ^%R3H0AthkPhA;lM{d-wcb&T`K`}NvP?mqpqoSTyJLO@0 zyry;67itPqGc$*gk6N-xVmzY^y2?wB^YdA>)@>Ai9|CT8=|;Ujhp`exp)Y$`lmeq} zlfy^HAGF=iH?T;GRxph3fBMLeL+&bQ*2$BrJ9wVQD4+iK3^wjHZ zn5~#R;x<`Q1o34ZPR0zoXaTmYTJFttF-l_%QWnG$b^2*^PjT>5 zi@YVDrc~n;yQ-b<8rJrBZ$Eske%KZb^8ql_{h2C&Wc$cd3X?r0U#qWj5UGfocKfcR z%WTJwAAino_U^p!!Grz~InSpWy<`YofjkB-*73t1ST56UsI;&`vm}U@or=a)etB_z z{$D`(8FA*)C`qeP&(pMGYX*|Oia%i-CK(KXf#!O9%YQES8sSc;06UStxCW=lJ z2Oee}%WYYDWSFS6uCL8pThwhdGK(V6o4YP< z@x_t%bC%U|P=#&!XUx*f+ZMkR_4Ijf8f-}XI)0U7pgNgj=gys8JH#IElxo*+39MMn zCSAU~$iwi_~0~GKDU^yZA~ks?@-3xU>@5r1PH=PHvswZClcvdWx^& zlb&qNoGuXX^J9?Jje6*4+7v<6Bxt1A-5)_;^RXo>;Gp(>Nr%ZR0>PxIy*%;YxroJ1 z8v0>{AN^b-r=s}vBu+KPpW8@7J#k>vuf6!c!W|@-VPt#ef`}x$oSa--ykOJ|`%wpj zl;qF5Q@_$Rd`wB%qp;oh_3J$mVyi^=kpbN#>z@R{-Y*>crZek*Dhs&(Y zpWmbN7h1TXNpi?~y*6#Kep`P^PR>T+AgzRxL}+LVQ)CW1BP(ke)`xkj>A;>ZUspP+ z4xyEy_C1q6@h?7y1UM)C{oli3rQ`}#x zQYI@WmkO={O|2Znx7POi|2mA}N|eS9QKf;0ioTpuu(Yx=9PrN@xX6Ew^7S7+V;S8Sv~B(x0_^t8Nl-2ulD%w=B}guKYq#Zf6FVS75x`{K71&D z|6IQMzbkO^q`=+(OZM!S(h3fV)2B}lu4BlDQ#aLL^`7Iux6yf0V(_K3re?EyLBYxC zhl~B{nwt6o!F3G(ecP(8s$`)0ir>7}SasQV6 zPfs5+X7Hz~Wa;|PX!e)B%tgP|V9T+{kpHY`ojcF&-MhDc!`6B2(uZ#UHh2aHtIIFX zhwb6oYWiEz>cxM5?d1Q5gZ=-%`vqX2C%!p<=+KKJH|~do zupUxP=)o4HsC%#K3sI3&e29CG9zU*O*!15Qo)0P>cTe^7q|-0*iBe0}qYyHwxqHlG zjn!}?KU%K*l`Fd_0D3C$halwNqhss?gdk@PIDqZye=p;gCx3rUDBacr`Jb%1$AAA` zy^EjUFHSvGz;^H=aMntx&Rx6*D$C20k2ZsuQEg<4K3zVG=Rlfg-WO8wLPfrYy5m zP{i(54)@qL?LXJOI8Wm~btn}T6*FWh5Z8jjLII<4rpi#UuX7XKCC?5qdeG4K0U0tc zuYyBCoG&XIo9_3Cxj*|O+zQcNSdLt;28punuRL27E(N}~P$nTF4ezogeG3cAJHfO6 zZKCCAfxVrJ=IQ3ywXdjv1jolM*KA-p*;gL?_HsN+n7FOp?_b{ocy)Jja&kuclo*sg zVXRIyR)*221TS)KxFE_VWuFFErCoBES30m_(cILo0>~4$6l>+}gvU%ks z``}XeC|+z5fg9N*^aO%Moo2Y%#BaWYGOhSR=n=3l-_2j=r2qWl2t2H5bh+X4=dLKb z_HW<oWFxzyXxHA3;S~Ce$qiLU_NqvYmqOTKGvNaB-k=nEG(3d9;I;i z+rD?#uKY$UCo|jitG{9a` ze9m_ppXWQy%EexM{4zYbPq0~XoM!v57^33h0iYVCS^VY!v_!+g@?htcrP&YWZ7l8) zZp*<$tveU3$P8+*mYzPwv?--<8QRr3<9K}EsBq4txX%BH{2Udx5q10hUCyB5#WUn3 z?$fhZLPraham!_(Q1VPo6;z2rMV;JbV_ zedWsB-9LYR!GhY)jl;1pdktf+F7~{~#~Te7VwBjF!o*KmTJizOK_*|NtE&s}Ygo53 zlHLLNg+H8K%CXLL@+$~_b)v2e$m&BMpJ;47ZmmyzKU^D|oBcVJcfNl8y1d!W%4#>1 z9*SXD16ZQ&U%%uBYNEt$4KqR43*gayVb+p%K2D84kVpGn>gAIsmjwpa?c&_G&#+Nz z!`~j}?>agTA39o*VA(S+mHT+mHuIB)_@L9R3;b8Vtk(E&?K6t;K=a2N zFAVWWNXs0&6FFRWlFrP@N$kHKf(dRQZ% zxLCeELAwlw-f4MxikH}TCL0gtT6M39aGop?Ob<(NpTeR0)soKp^#MJnW}0bvxD>0C z(}Hn*YFe66^~+=2I@!1m*-v`hxRC5Apk?M7hmhBwY%fW z@)F8J7?xb+u0+zY=!cHA#djgm1VF)yHSAEHBi>sXt9h z;zRv`#iajk2|il^><_T))EQpv(QlrNIP7@J3|qFGKv?8}PPQm?OM)f9eM5eJ^Q0u6~OmX)IGR6GBorJjz+8x09{ zZ&eLuIrrCC_|>oXgQ=@roSk7KvuJ1D9~8E5Bg>9&(6d!GHVNy;!N@h6A!^(oKjgEx$gAH>9P;&TRI z`$xF`DH$G%m6iC5Q5RP-To!~6Ykc4fhoTqa?oI)_`Z)HAcQ0!7Ld)H#b+A zThO3*6QrM}6hk`HnOCZbI;3RdK{HbtBM3lYR2h2u;>CdTvlB(i`qKx+c_bx6yNi6E z1_a!NAAq!*gCWfTaDyIHk@64`-?u6;)-%KE!^6Ylv$HYE5z;%vZ$7LD5n=7M8)^QA z@DB|hLOG!&{e>pLH?yYiI|x1{^hOV7Dub28IRKu{vz0_S$%=_GprWFV9T z<|-7q0_dd?YVC+Z$jHc0Y~HeEetBW+$D=)yK?_(N6g(mGRwh-|2IKm}m*bei!^6>7 zCcAxQUVMD}a;n1^?Zz%hS*e*U+kuV*JF zt`(no;S8UzH;R*pgn^K!)Rd;@gD z5~MiInwJJ1R=@_q$Gg(?<=)M~x<_}Y>4+HwU{v_(!~?I)X9q96#)9`$hK0ZY0}i=! zaiMo`@QlZr4emY168-%A-j<>qZdFiFz-hZ)@aJ-(&e=TIC4g0-LknFG*!{Uw_6PFn zDxuwkH`(FkzI^@K{b;DIwRL=IievZg+w?MvPtgAPu2t{iC^j=RJOxaLhl(S^XZ7SuYeABTFjJ-?Ne7145U4XgRE%PiNqh}w_uI)DB=ntC#t zG-qIlxb4A&gaiT~pFd~9X(0Q)Hu|h!DQRcuEY`n&o!4)Im}x)qv7zzfjUZ{Rm1C$l zvOzrB<$*t9&wu4URTj|zUQR2&QK`QyXpFb13dta1<5HGz%=ofNM0;@Vp&*S=)|*92 zHA(E=g9kKcLxjH}kAtnve7moRs0t1h=C{u#YPY?>D|S*daFGdkcNPDqm3gz|KoDY)U%q^~*8G7BL9ks14?aeJm$B36 zQQd5*w5Z}fdr88kZ$0GoFF$@f!%^G9!0;IlDdN+}x-I)rb?yqam;eFd8*um_Sg74dc==(fHmLPS9+O(+S;e!cnshbYHH8b!@z{OBvp{Hz_rh0|XM!Ce?mIkIjIP zCO@I|Onmvzv(4wmyFw-G$gcXHboE5$&4DjK0B?12#1U704WI&;SH1R6bU{Jx(u^id zle6KH4vim7wjk?8@V%7NOm=lH0%Rf7GAeU(bDckb9v^GZp+t0cY<@VkYJ6tKsNf+3 zerFt2;YHLY2Oaq5c+n?#nByRqQze`c-~hgPc`}DC$Gt>bAXX!CNw6$QfkNC1ow4^` z`ZmCoYu64?xcvG33Wvtt(Qz}>@bV6t@#EHmo+LPdx}lM79yZ!>%U6MUX}G7S0A(;K z<;=znvm-4*u1kNCO=|Z8{SicjhHW~277Y`u$ya^`5g*}jHjk1VOSo$y^4s! zE8#(iWC73??%h6cDOv9nflVM_T&fA78~?^x7yE~YLq}cyOv%Xa%ozIhYb{iK{Z9z3pm7=jZ6BRn z+YvC$JLt)qOLjK68WYFUwzf9JMulYstI&oKqyVtq2pu8foj1N)=g^R6V&a&f;QphN z@;?L4cjL4J#nHGo=(>^Si0qPAe`Uy`B=WoKkJiVji=lExxXdtI4U9nq{rqp`RMOJ|Fa{EQ(dJ#EXeH1m0 zOFQ#J(_M{$-k(4HN9oyUXdc|`sQKB~cfZ77kEEm)jYf~|K`t(?6Meb_SOGdHsV*C# zcZP;4}h`7CF<~aW)l>yibXUU=bB^n z9{ySwU$7$RVbPrbJoJqnQn$RordB->vCwJ8``1P*D^Gn4Jf!M_2JsVddSG}0CsdZg zPS1a#wH$6t7BWsZuX(c$6|MigDfh7l^k~s+lVGnRsDiC6*0*l;Rfu#T`t|_zBF&;B zK_q~niH^{qpdf~Hdr7-VKqtb~fq!#*N$(u5wm^sZoGEKeEc zS;>ndhmhdw#p2*8d#I-x1wS)uNC@K}8URIR=GR*d&hZMt{ho@DAaKaqbPL_?uj0MF z1>kfUc4IpsjvNVOhz+R?^J}CxOlWgC*nN&aI~AU?06x^eZZ!J-SmPwbZK#sNz`&ze^rDrTH970 zt>*x%en3j84m&AQ3`)MpvAdkaqtkU;I)dV3P!%4wikkKu&c5s7gj{8~lmc|7UyymI zXf_H-djioS$E^w7V+~ki6j(jjcnU}%T0*RP>V7E9oCvhyXiWB2`Fh94GgyKyiZ)3~ zp|Hx^&MHE)8E8!AKxoAP}+U&pes(!A?=9&^f-q`hvP4jWTP1t%j}=;}jA8At&G^T9_al zYkq5?{*tFf2W*Dw57TZvKygKwrJ=dG`C*0R$ZT~492QpJoSYmG(^dX7_ut3?17hQ& zZiQa`{`wTw_W@{YZKmxFsN}`)TPrIo$!x=b8_Ug~Lqlbd8MxGvu4D=bwr1MWxkK?~ z%KNyHUD{M@SF!&-Iwd6~{OP7)TbZ3#T*Dc9uvdNH8v=GIACB~UGO2q3xFl6mmO$Z| z;ik8m=?N2`1xy>07;`sIgZ0(ERpCrMbQfRab4Ld|ItamG0BkTHY5e6%qFOh)0rKrX z`@*0+fQ60C8{qKv?b}8zN$KgFe0u z>*GrB)V&2T-}6^1J$0wQ=`uF6m7Se2m=$W>H_?q;Q>%$;Slm$yT9ttg2~t~^pdCUa zURG9x?m};GKje1V1m8d1%pqU$e*O4BOoa9Fq60<|7A}15ixG2O6a}0EkgSPQ7eqgB zNA+Q_Sw~0L4RvcZ4GmQZ*Irsi9#k6RSTO8NS?ve+@1w@Dp)b8vP236Yv+5;Upvm%@ zGr_etKqgGugU!(^ft^1gje(}b$-}b|J3)U55L6u$5YMJi00$OWO%8YiudoNoI+pJ| zv}1pN|8S=}qkvo_Lkt`SeXa|UNC>`6OXQOSAym0jQmv(d;4?HmH;~^TFvU;UGfCCVyW7)c{8D!u-65o z3m{Z0L8#z=H)@3{bJmvnAaDf=P$#r+F9T;tibcNc{W!TtCx7Je=FWYYJ3&$-w-5%v zp~ViC4Z$adgn8tx`6Wh%)689=J3cwj#P)f04h%dZeyQt1d@}d1@vF@rOirN2irEfs zgg$fD^&Lv$rRv96q4CNRj9CQ%$NakaQlw$w{jMc1v(=nt0m2>@DHjIQFA!V&fr5PfA}CIn?eDO69lh^IbBJ*Dh*M& zl5cd3URMNhs%d^zzw&5bOBk1%4Jqi@(|dO9a>uhkisLvwnfKUDP!hphg;lH9tPwD8 z6(wC37z2qqgU4GGEL+{S8 z>b~!H!U;A42<2DP6lr((CFh{QnYU+`jCXydT)TE{C)5ttSME~)9)uhtZ*~Rnm*^`H zp(wE66+koOckrfrAblb_{piV)P5LXuZz=E!FFbC+<>y6YVQ78c{W6Q;S=M;62u&BO zg$sBLP2o`s8M&UFx7>g?gZo3Yan#SxY7J26ge=VD)zhrHWo3PKl)OCVL3SuenjSWm zY({nUIW((N!1I&`&c9wwQ1>6Z4woQ^jo)LG*%z0VD$EmOb#gM5DE!>~ifZ+v8oI@* zcR5^~@{}J7rRUOp{zAl}5|T@>v`gkhMu>p*uHO25eE8H%hy+-Q&-US{U?2~`eI~Az zQsIHC_(lbilaff12y;~z8N2bM*6sCmMdpQXRRvm$y}dozFHm{8&b_2?nCklmL=3?F zrukMWV=J1fpiQ4*cZa4$j-m5RRz?OoY2?M*lSL6(nVASGTeRu~{e&jPn;l;)lzZ;b zvloA>S;xCe?+L=DXO}Mc`t|Et;jz|?r&uedUf^F65P@44iLXtB6tiX_q9EWY{i=Jr z1;s>Ql2wL_ajI;t(}TY8lNHC4P}fSZQ^dAfP%su7 z$fh^VYzFJz7Ph$~u<|J@i`DK}ZY&Ae*J!ig z+NIoR;6Vpg#A_sjhaNak+&BX@`Bz7t3~)hDRYU|418y$_JlY#^iX-%tz&Y4e<>n5J za|>qMk-_bUY%046eP$CYYe+wBbPqHEZpQEE9$pkB=upoAA)yAY_O~dzhOPTTHI0bG zu$w#?9i<@X7*)x6F@65q@93|AR*_uZw(L!QZn=O@QKgKFuh9W@-YrjQi79)6gaS(Q z@9%SRc7QaF)JQo0yZI`yR`lB>z|cEypnQ2T@!#2gSmPW-T=Xyf?Otvg3F*jqLNh{` zk&muD`uB~}YYz~?B#as%-Q##dVB>^KI?qosz!*feuNaJxFKL?T4bo*vUoXvrnu?bo zGgu)ZAx+foMZRW0ouK?s8DF>r%D8@>a7Y6M)?YoT0)ia!@o&g~B@fcUbU}bI-F9vQ zinkuT_>fyY#gg<@5BZtVHU-ofbVZSxM3<=w5#n5e-P@or2-(o#;YOfr%h+~6N&5n! zIeeZ4yHd_~r<5hyP*s&LJg4r;&qa{a9uf%O-F-q$jR~T2_f(aP$e~m)Ng>XYaTnkE zH%(y+p>bCMix!7ThyX43KwZa2DTr$YK@1oF{Ih#W4I&k!XGj8lU+&Qr<_COG3=#G= zsf`Xk9CGBwcG5;57oSO8;vA8~m&cCzik!rrQ;#<-x(&BEXk9d1D4L)Td3h&x*PVs? ztfTvH?;j2BReGV&^wh{R*ht;T(BwMLVGW}UNgie2;K07zy`u~F&pe`wzC(9l4=vL| z`QmbC*CG=obwSOaT-`(mF`K}JP@5{g@Qg~^1PRI3L7r3Yz#5yj-sS1~_-__qD@YPO ztmHC6gaqg+|yGvhW?AW%=(955eS-mot(ipiYWH$|-X@`bDgjUPJp-cVo@-77i z-DEq{aTvwcgifWzx7@pX_ldv1Ufp@f)ncfkMFs*^edQRxX@>QC$eJzq(#f4X>K-wm zO_yy8X!peA8$@UQuuzhhCo%W=_UQC<5j=E5&>U38Z`XA&n8=$wz6unz4>IRoPEJ;j zM+Q=qm_Nm^WCyjt83XjaB#1sQgw0CPl%||7$q4dkC+bL{TAL{*!hvyHoOs}O-WlR1 z+Nd1jZeFIpo^mSJU_?W4ze++!axf$Np^LFsj=Zo(0l9{uV{rfAWG`P|U#lTqBN;=T z-{skSym` z-yEn}70-^7FwNR^3r`q8j4{^iS=}bCy*fHNKn)ty!i7F;HzWltoT~DEC zUjAUw(LU(MY`P{c-1v;5Vzz!KrwEF>GiC`cM+xqVESJNMW0th%0~gXS4d7~8vu&&2 z1J4RGhE8xohRvHVbk3kwj0!wIIm*xvZVg^dckx0bR^&}olwq0q8loxhe@e87aw9?D zCRk=P_yyn~p;;(CKd}Z)_1>PI`dDy?EJd-pw?q)x)5>vthEm@RKm-;Aph|Kh@S<2e ziezPFtw)-Vun3zLL#m<_g|&{91AweV!s zN++56#w#Nh>HtuK4)fp=TORm|PnB-*c+;b;{%AgG+rr6SLR&Ahod*~|Xkkp_@tz^G zI*fxP-0SpZmkBr1fXaK@ZJbv< zocS5RsuHrSlB1(IA+k^qu)OMrosg#lz%VorL{!BFP#X$vKBkAQ+X^9slvOwA=);FE zoLxl6o2znL)*t?=s_XI%z==p4MybKT`l+`@G&nrk3p9i2Y7>Td{^K(~lFpMao#E3MSxZ^($tRGnsxTc@k$A8hmA+aDRk!Z*Hc zL8+eSDg{|(UcXYnP^3SZMarOv`#U z@vX(5w8d}C*j@%I5xR32xVcuZKT{HMy&CI-S7w!e>9 z#n6eplbcf2xMlO33gbghaa_l8gD29ws<@kDEoQ<#w*ssNo-Ig@JE*i&`?!Mwx_7 zpEI~a9Q9kl($BK0S`PGB{DhqFoW@m09zLS0H1YpVA+xO?}je5$Q|_eu;hEj|w`LOB&4ug?(3 z9b~9(t!NN*OXRryQ8TSjlR>vnzrP&sWjl7WEd8ORGYniWPi?TFy+T4;5f=epR)7V^ zrJk~PyXQTWJ?qg{F;KD707KY7vPttZFHo0oZcz8ANPE|{aBdtfIvP3n;RJ+6 z8+`2UB}Rt%L$H5@JE&CLmZlq={|v+oNyW0~HdIhl52m8cvF*4EZ(^H;B4MIZ`TzP||4yc*offq?-r^Vx5Vx;-SpXC-|U z&vNBYLmrZp^QaR+GX~ab!pS39`dy7(O767=9Dsfu345A}%fto%`6M&HMh|-I8H*c}hxB z60!)UH7@3tlsrOk2Cpq@I~X7>y2tHAFk_*>%8`(Y%Zz2#l5c^nY2}TVR8OAVn}_Ws z>M*(2$H!;=PRYhtLANZRX(^DeAWD{K|9|f(wx#Fgu1}G^QL9(4Bwt z_mZZb12?M0RLrNJThQ|yYD8f6URU+26XaE(gMClb&C?1}K=}g7xR+7^RUfL$F$iX) zp91k^@MvaO8@9WxxF9QE1yPLzn26_#f`eX(K2-*c7eBgl2j3M6JoB#k{s>Nf{s|v5 ziuJ6*UKo%~L5LCaYK6!-!4$eLy#r=%{)G+XQmB$k^%@oGx*f~KW)9e)P80acFw1Qk zdR>?2jp4S_nPnm5(S@=B2VA(p@Sti!IY84jSQKP00ZCvro`Sn0$AlF| z;9)-3#ku2c=J0JumJJjWT1cN-ssqe5Fdrf`!sVmDw%JOwWh?_}@u8wtcL16(z@bY? z)NxdxGAIO-t!oTcr-OTxL&+TzJ({s~C!|HNAkUzn2DTstC8hn)QSB44J($UjTmJOh zJ@*wofJV5KV%>Wt+-Xz{|21VP;sXZj*KFJ&kHh)O!VZmNhqUu^6cZX_<9^dAs#U9C z7102Neag)IIXGB~uq;VbtzJ#R?6C<4ogK4C6mU}YE-iELnjMubc>=f4X)-m!B2!?!H7d&13lF($W+?gRX_WNM93}cQ09_>N zGcmn^NVvDtp_@R)4hKE4#`__n6JP%~d^UOyH4s=h8k+*e&I4M@1iYwo2si3DPn?2t zRRLo92|+N4Tf?7t7se6Y{SGxga#Y}`h6W1)9Ip`>yX-NC+gO5;kr4nuL)oCuhks0@ z5)4R-z|q9a-{E=l6U*Xa)M48YY0oHI=@?u^PS@bf6&nc3n38K?61ujD%>NJWJMPR4uy!Z5$K{@vyHGuN)gCNJZ-qKiDQTx=j0w1%UrH^w?X9@0I-9=H-DYT@c6J{;D^Z0#8LKp z#ne;&`u+Rng$oy;!gb=eL5UgXn6~q1J@oK6kub%0Sc6RTE(a`wSMq?*{)~xmEv=pW zhf#%~(m`c%Qf?WA$L8wlnmtj-`sa#g@rfZ6am1a3l*;Bi2N>9VfZiLBh0;?Szxuh51Yh= zG*fl#g0=4O8kTzIpV5EVoRpuugy z^MJyNh=mY&NFc%(hTv+M!P&+fpB*a3RhVEnCsU33zFl~ELb8;U`p{;{5Z^$}K5z#b z5(FdGH3$b3OIHH_MB42=VB034Ztc=P7muVS(SFIjXV5w*h^!>tx@WR_uqKKQ*q~x+ z5?gDBsO3>MP8<}*tbX??h#{%eA*t6}Kk+L|O>YGh%}S)XfTs$>V(pYk1gHk$%I5D9A0~ z3E$tG-h$1AjM!8D6%;|D&z&*(=ZZ|f#ZNKrHad4Io>F*W)Npy-C(EucY(cXa;_3ukt+2{Pl|}b@6CG{TGSfEmcNT6` z289LZU0zwaA5U!XN!~dSDYV{Rw6J?MI%rhTJuZsH>}ajMCJ-!hXYw_~sM(QSI~{r$ zps`?rpbu36E#KM2#YQ_9peg&$;Crn+*D!pga3CYxh;_8Pz6FAcO1#Dq0*X+D@Kl5l z!Cl=6mI5BT9Y!=F8zta^NEt{&jme%YJ+$@EWyOet*p$Dtv+XCsTQE8?C>0;^>GG`q>A4P*XIcg3q z2>;*nhs@&a-n|aYr1f19p#~=Egupeg;$w!)0bX0}nb579H+%4G@C*F!1LySl(X259N}1ua zM~vByaeZy7s5o3z*1pUU%LmcP3v7*5^)X^pCt&uf!B_Vwvm2`SMtO!`w3_IJd` z#Id%wqkU}xVKC}bHc)6ihqTKiX1y0xUwCjIF$D2N?g9^ze7b*Vs3OF_xOyjO6!3zG zGtm28j@=Lma4>|5=eht8TIo&b<|y9kpDcGne4wz~K|{4H^EDG^1<0}bc{?WlaF7a( zBV3HQySux;qAGbAX6NLLaVh-0S!a|7X)x-keyZxsv#h|Rr2r#qW!!ca%lFKID~qk< zHO!I==1wb|J)$EaE;dmvSOwA&G?I{$_ZYy2bbu#*^K3YASj?3VBP-)y>4Bo_-x=r} zlbR|Q1dbtGl_W(d2ul{WXkQE}pw9arWPA>oa}C&p~w9v=ibOO zn3_#RBswcIR|1KaPNf7-Z=?&!%921=+J{6Ec0KIj(`U}ShO>Zq8>yno$=|;*7I~j! zA?U$8-c$O6e8~Ci$mnJ~11QamybLDaVvs!sC_2h(i!|IJeYeAH*tF!ZoSp+@_Y^r#@~RS z6Exw`=|;8pMTL?7)2Ae93LCEv6qJB?h`I=S-vQ48Uwn<+EwYCC!XYHxi4;I2${JB3 zX=rHhbgy2T`a9z@>I>#7aI00c(1%qHLMjE>anVsxQ4E_l9mQ+_h5f`gMu-F(Fnw_a zXB|PXr?CHiLO}%vX+pFX=B_}q+i-Fbj>k3}T%>vep;z>MVn^{7OcTRvV;avJaz4pM ztcgfCAGrqKd;i|OcL9F{EZQZ}3uum_(~-Bqq!AB%Rzt82qIwgcbX3;e9&QHV1yHq< zu6^J0{`wj+jl}Lc*Tr^dBiiqF7z!Bsd01lb8o2iIR6n%R*$%fVgbLQu(vm;{8KK00 z7I1S3_!^=Q#VQ@7WPta6&$6?CD0CA0&A!J^4!_4&sD+X*4D0MC$^^K(7ogEsQQt9u z%AtnDeyBEpsG%rmYScQ&wwHjo{T;EKn3%u@4@BToutT$@V^>cu&2~)HYg(v(v@kXcuzQbkN&txQ$OqS-Gg8AqWLrvVi!%taPJSRx416G2qp2LDJ~aInCbzCz#_%5foxI5nGCE&volQBX6?%#C=HrJHe&Cz(}7*k#EejJp{t)jN=C=p9<`# zm5yLAE;0PM4u!$K_n9idMG=M?|H@w%&`F@nxR0yCX$HQuoeGDUGWS#&7_+o-q z(^^_8lBWXu3U^y}zyRuX+g6bN#f6TQXz)g&lx^O3hVM!~u`UU_!pFy_rJ|uxk&*TO zHw!?67f0li9{3HS&3#l*tk)cFQ5pNAu9>Vy4O;ybCj*tK3zuY~s}r}DP2!dTl5Lm> z+q`uvxgX@j{q>&_m?oPCN@*9q2%-hZQj*B)oO6eZWT4(r~ZyKBASBH;;+)*$l(%coP420Q4g;}8*x<7x`>>qk4OIl>9?fJusJ0H z6ru7qVVj`jMFBNsm}Io8o`W4^lakfW`X}#A8(iv0UT5Hy4kY4<>^Gp z!;F~GzzW17U<=U*PaiqotL4fH3b>jkmtX0j1uw%Swygl>4Y8n)FrvCjJpB`tE@MOVkYrfgN~Co90VQ5fqfj+ZRpgk zZEfnwdiTz+(!=V`Ei6nGY*DuS^V?)sH%~5>1W>CS{o-0<(rye<5D&Mm?&5vKsUUA- zVSdBhDt@@+@QwDka%k~KjiW%u#5Tn&3NGghg55}hrdT#Z+w+B(^ujBWOvJ_=qC}ZP z3H^!Zf|gnfNsci7NQThz)jRJtu zezJrUs>XU0!QF`dVgZR_L!y>|n50`F6xaz010_&GIpRGSVY1`&b>L;?U5B7nC66 zFuM>#z}}-PKJbl_xrB-MrDifl{Y4fwqp`6EpxgmI9gbVmTsF)B&`pB%t7`-mt^=yE70a6=?!rTm9!zmCGoU&) z;H04b%v$8aL^fZ=kb-Hzay+UHOlAzAtg^(>AYU0@;jLQo>*QsS(bT2O6H`-E0)^>i ze?oedXal--FfpmUyz?DmCPB2oaEa%ZMR7X-t}Q7`mhAy01G9dEicKzqygY^RCXe^; z521u?1_i?af(<5$fjUBl(gbMMLP?Q9V<4(Ej=6y2?`!b09^uaeXw}3EKwn4)rFnpx zd~kY^O~m!uk5TZ6LXO>r4Zqp*+ZRL$#Oy|Qkb6zQn2?+6zRN%KC=&b=4ony%z(FdE ziUvZwS;hQlM=;en<6aC9!H(p@*fFdRBb=SfQ-WLez?U~soSKwW+Oh>)>8Opg@Z%A4Q4JMC7>jT<&#dUQ&T09X9KQ8GH8p{UIjBGHs}A4t>GKB)p2^ zf*U+jB~WrP+t)?1%!v3Pkx%ZwK;{b9i0fk= zKV@ZgSn0w6IfcSZQoZn}h)nbi`YMs1FyM$5Ymc`?o|ShF3QBxE3hhB?)m`90@XlCj zag`5lOBC_`JUm&dm)!H-!WuZ^Bnkm4_mRO%c1VQ5(qf?+(9Ut(hKo%Q{?uQbS+{<@ z0R(`i6n8<;w+Rekk~?Gcn^Eu{K6>;D4jMsuV3OlF7r2npBp_GRx@Rq-X@D1GjNf%> zS`{w^tGraTqsItXqb^Z50z;i7Ziq%g&ZW2Or~Zd5D}&+&T)#b$W41=mg=ngLOqkIKdmgE+J7JBZ)EmzbF77wbeKn!g9WVv21{ zErB-?aR_A$1pR7AWQX;L8+C6}5lrWxA%n64o>LvKDFSG3+c0f8i`P((!J{g+Wp5cO z%D)8}M|LTmjnC z5%iL5P|jtA)(Px&8d@h#=RAwuzM-}^VoSHmZY=)z@nah&GDz zksAa6UJab$4=WEGzj+g$nAkKqIm+h{PI11axc4( zX*Rx1>m~EseXXmih`RJ1dxuOT;$jlufZ|&5BiHL*qE@+;E`LNB0ykJia*pU~4@=9DRydj17`( z2?==Xkkau#t_HESkO3i3#8+~1Et$c_*CR3#Dg^`7aP%151Q-Q8e(~MKM<5Vn#tKDE zUO_=0acGE{lmzMFbIQVThu%t@*Vnl9fb0>3pZ!53k+>(RKln?p;FA#X8PtuWAYg7) zLSK&eiN{}{Aa~*bakye65+~^-UW=j;mp+gK1`a{05VQcKgK)8peRw?;ekKwn8TrHm zBttZ?tYE2LDR;t+5oirYI6Lsxcr;fa8%!Y}zZR}NdD)8>x1!SGrX4>B$o}YB@p*WM zN_R>s{J07tK5(lgxr0lovss|);wzR(s6wpHEc@q7#1OgX3zJ9V5Vby z@O|Q{a~K8-cb+^A2vv?a(g1`eh{{)yizJRQ_$(!cv(7@HnuA#x%&)%&*eV(bgm@@0 zk4WxFUVbfDEcy=>8N%PPZQD0;YZYuC2S^C1Y?|OV1NHH&SV29AYoI!0dXXSv=q+af zD@?#!0PngXCKB!f8>rVo%Dq3_$%kCcf?GCVOCaFzG}#3SL8#vaKxZId^nfQ#Gs)Qe zq6my(LLXR>3|SEp{m9!p3X{7{e_Eh=B1vh5g12As`BBtyL=-jBx;N0$enIX5ZJdGt zT=;az1zk*7Lim$9^4}kmx0YGG3{WLh(!n2K$saNj`s~;zCG0xrZLnQXtxq7%_&@eC zTJi++lMA@O3k8mn^f=U*EBMY(e^PO|8iI@^L@dFyB{4N=fc5v{q8s2g{A8L~+>=0F z_01b3u9fxlUMJHN*B$1};%wduxsnA7X^qFe*zI6?C&1h^+q zkR-(+8{mc}sI;IId?~l5Qo_Lk$Pkf(0~r{BQ3rQFBzXj)HLT21REsZI)C0P?i);(R zfGyN?+bt)4o&rFTL$ghtwgc2gBfkov6n7ORqbEbEfZ}s4ZAluS1RZxxr=Q%;E|g%{ zL{bgQP~`5MKfM8rg#1Hv6LQ@Ze1z4-#n)%1rn=EzngTzjrj{jp14t6PqT3eC1-uq9 zs8yDTR_lkC7zhk*3#l;T2oXPWw?%!W%AMWpeCo-~|&G*pX zpVVWp<0*0-K1Dj@vZ$(XGsRR4>HLuxavj5-L_Gs*mBaFT&mPGmyTmTq;{4yQ$1q=n zAAS)@U_Xu)()Zhn*BT-5({W(wiLJYqo!#sXn(`dy`IJk2=A1hx>bQLhQ77u`a~vEfW(LZ$GluIc8cQ z^=k+G3*1+(gp);Z-E(0xjc{M7_u1U2S_Lqc@pg}YIKf~H(U;MNfk!Ada+#n+sxQeR zNvQn0Nb^NEkj?{50fE1Vi&x8YA=x11cwH#4*yL0HlXE`WJYvwg%M zwgUuQW*}!WVhK)V002dlKB#%)NGkN*&_%qM35iK^5d^Fiiw@~<$3ZSK8in~#F63cTNO`y`M?+!@6lBP2;lOkOcUnhhyJq+H1b0d(2_4{`4S&Gr9=50g?x zk%k$Slo{E|$Y@E)NT`g=j0P!0DKumyBO{cZjF3`RN%kfyE7_sQD&v2>>brjDIp;a& zIp;ag(>dQxU*q$6f8Ouc>wew$bzj$YcVgSkqHPU^B{gOrt-o@)A9cF$kD1}=#ZJI$ zC|t=phid85_ZFOrhj9?-A-Y8VIepC`3*G48evleT7bL~eq~DL^gChv8KnMW!4Gk&r z;MTy8j!Yf%*Z4?=bs>jhbGS2E1R5<;RyK(s#1PxSy9B_+<8N(qK(>P1>8Z{{2WjE= z^{p@sq~i0Q!mKU;q*+g+PPLpHKaWlp@T(kD^`wew>jD8%0S>FC|Cum)@NFv>cw%{* zClo;2J+|X_N=5!!?@zt@pDCAX?<@W1ckoTxf2UHYsKg%opQ)ste;cg+-gtcL|Hsqy z@&7pO(t7^aX;+i?f6RUV@85F0b0L@jpP_zm2RwBQM5?Lue=fdMLFMtv2sqBcCabu) znHfdU|9scO)mZ!t3{!EoI}Rr$z=WF4V)|Bi;Kv1E8t@1Mm<{=Tj?6VY=D z=@>D^F>swao@`_vkADAmoX!(i9H453Dk-=j_`?$J3&+3$aOQr%qI_Al2nfChIGt3Y z*#1PK-%lTWk5*Wz5EvXOJLLtaO-P@olB8~+XHgIpIl;IANGN1IYJxT^xtG`~{P}Z# z>54k#01gv^l%rF*Zo67HQ8$1d0h|d7>@6rfPCcH?55cepdV=F=7f{)$*Z*QP|4uR^ZY`O5-QHe>VE&c`@xMX_!H;xj0s<)cM8pCU{*Xp6sU~g z!;0LPc!p7cnrUjPOhxSHen2;g0%Lu-B5_Pj3fAC-1jNky=& zi!ffH8YGX*BT;Z{&2Oh&y;>p?E?m&Xcz_!r&-d@@yrL29Hi;INBMQm0&8eGUB|;!> zuyD!IOAZrGpK25l4#GWbp6M<8H`oF zV}(w5&iD==!-m$ijbPCa%*&MSUyx#}A(hx+^CogjxMTUsB7X=6|iw*8o6hKa~ z1xTdUz!t|%K7dSaqKO=NWbp#{0u67l0pf+f{sefA<~@@IFAsqg!e|pX`u=5&Msie8 zq7K94fN)5_F(szlxYEVRsHJ(HmCk>ZDUR4SExAr&M7E+Z|4li+tp#0dYzKm6B^$6Iv0Y6@QzT`^gg1N zL=FytwS=ql;w{qY!!~aE*YtbEg&Il=3alUE4S>e@quzNysq(+Rib24c!WptM>^~uM zg@qxD4`F*D@xmV8hsub2H2+<%x^elHAl(2t8Mgg9Y=D8d>(@IgUX(b<*|BQRERTRu z=3$s%HIbpGfBjjanD*>2f`l1Iwq)d=Dx0k1QU&*g12o)FXbo3H;=M8_#^z5x5v5IY!uL z*o)L7RQlppN=izwJM@IYv3Q_haRS2uJ|+RX)m36Cu<_PNw4G@XVYHv4*7bUmq_z0i zMlGo&vUSblk%O!0UR!tTNkr^hRDvv!C^rD9J_i?qEF%(&(b%1PDQf^Irt{h_TW}WP znR5n(Lj;r+Sflk22d#AOLKb^iMa83u8wC#tFO!IF8c$U2UbVUo<`SMS1O#0+lMq|M z@_RXQDTd--vT%vP!oi09@KJJL$(+Dj_$DD=$ekZYX-||+P6pS|5e2t%hz@+=FIxy5 zlW@|oAITvM>fky;lDb)iyp!OZMAlUcDF{d#2eG>_4t#~_bKMNNFHw`7dm1h8+1{>u zXqByzJ{PswI;MnOJxcqPoUh?zqsI*S}} zQKv)>(jKA`Ku@+5u<#)$MPStdD$OnsPM`!S1#yXM(1bW?5CqrXY{#nsiRdmTyv1-yw5KTy;Y$2_$8ixGr5XWi_98vO1a4dM9{ZW8d14X;L# zjiSsbCS6Em#hk-4dw6&}5vFkRm)TGb0FCtmIbg|FYz|9dkrvn~W>@P`5M<-}y?f19 zkjW^b0S8Q+N_32tiimyi^F(by_zYRr&A#Byq{FlBXoR$eWxFAaPN1koM*iug32dZ_ zfvVu-0fsS^Fg;EHg@hfEg>TG{;2A?0yRd1T=@*nNh<&6V`qSN|6h#F}FmjqYfr$j1 z=+&-qJbELf>$n$p@znaA515=I1dc_&ykBe5zPnIKFUk$v*9fBcn+ssNgK6v5Gt2KD zNwjJ-pgGf&s23B+ujHc{voBd(=f#m{^-q*E;`aA72eZW8VSR6~Q|rEuxohCDCwOzyWDtl$Mfmlu7cQ5565iz zrFnavmWZ&hasv0DFeVPCz@nYs=76{qh2pSa{lF-m0g97AVWrkbFr~z4ypD@2&BciH zYw?ld(Tv5Rbpwznl@YRC^h?nM*akmUHRA>Y$L2M+F>D>wGA|0WP6cxFnUw;>(SrPjW^xi%`L=K7wNC>^Cp|&MDT|0%42|NY42tB$jI!1G0$eP zWGD2uNZ&7jN9>Jj$@}*rh;z`hi%3YA!FPj&HBVRO1TKVp1cZ0_hJ|eF<~2CCKgr1g z(|io1mdpmg!%`^egOZhyc><#g94`)C+6@*SVL(~Jq|P9nwGboPaH)_}Na7n?c_a-c zt}2#W-r?AgdHt)s;j(Ha*@ zcou*9H18>Y-eA@H7bTo0lWm1*!rLaN#&A+a#yc{HV;bheOoQM`f#55tQHiU1lfGm7>Ch2T5Uk7q zLE`x1qijPDpPXH0p*RW}06!3GM&zq7;xhT>zXeGy7wHz_fFfE4@E5=()Bbo8{6a8o zh(8vZMQd^F0#{W+^rO2})no-cXqp}M3Q_o!|A4gw+~;l<6ciYo92jWRhbJ)N9y~L= zUtA_h(b07h2|{;Tg@ zxU|608ftryY_}RkX9@C%LC8S>sg^qAVfXSI>I(`AitO4&X3wd*&EjWB%7M^An0A}R zW={ficL^%H16yab4G8BF_7dMv&9MkhqJp+VdpFN5F()VIZS+mzT#OS4s6Lw;?y4q8 zj0E6-vl^VZ$;)Chpt0cxqzlW%0%fgD$LkGy%X~S32jNzgUHSF2$%-h|0R?T^eTk@l z_L`q1bOz{po`&>*sMK9z&<6931p}aZEw|%=aVjteIIcs@xX1)Zv&s9-js+ z2a5DQUHN^hws<&l;{H(=C2$7EAg#lA z@+gFt9CnUrtSQ8FxR@i!HS(mU(-ZV3Rw=CF6=*H7IYzD?xxyx;?>D$1 zn4(hwt_Y?K%ToXoaDGfxjXOalQaV;;uv;lk)A-yuqNxjXv;WhF)yaqi5UGmH)?gIv zn6Znnt3widI@$y{W|%?Yb=0_(Q3_FL1ASq=um)aaX!q>xcVi~lKDz1zA0gaF0Jg}` z2qpd&x;P*+UmC2vfeJE@;h+;{FL2{HIa42dNM;R34pd;oKu|v=9tSM!!j6G8<-YR? z+8xIshLN$mih~r%u14Do*%#E$K~G1G2{Q1(GE1P(y+9>E#!5fdd<{7YJWp>yH}rcN zD1gl5Qw@T1IoUY+`w<6K(`80py8to{6Sts`U}DwVHV+#Jqwp3u!P{7|B%Q~NO=SybUmP5fZCwC z%90=qABit7nhko9b~`I}CX|(z(_-I{k0sRsUtc%mk!Ec;Es0VQc!+x7^39Q4`YAed zi@_Ugs(*5dgXM~)8om4x)_JYfixsK8#Q7PGFtRsMpu}VKf~~5?XDtQ4HImHZtw@jn z&zqEOu&}@Ob7%*J!Sw|PoK8QoN019~?AeR$Mc^vZ*+ZfT?1+#gYH@@SpEY!Zh%+hHzW|T9ba>6jc zz<~_>?D0iRO>r77`S{ww8j&c;d+gC8tP8hJa)@=%BZPw9g?o zzBKkJ6sIdvsx>4C5nVQRGSP*AB_@+?dk#(NYNRkMfF7|+>cb&yBAP(QU!yPi!2baa z7ZIn+h`qIdes909pPzXsm1=khP)!hr_*zR_J6>IkIX2S-qLCx28N~cG7<)jvyhupd z1w*2&;aW`w<#1k&oXc7CyLJ&ur8K(;!zU^ogp>{6+ zHHFnxhLuC|UnD)`CBeuD#QzpBjW*y6j!V!B#&V)qzx(1-5lB$H05~C^{DKVgw``fL zPGlX(7p@af5cFes4s4N;VMU&XPkj^_IOLY{@LygHtwBFF40RMuR4|T%JWX5w(6V79 zu*jZ+YU%)DnZw4GFg0YZZQLNdGezg#(S+WRs_>xkJ%~LfSX=aL;&(uYGw+U8^sKfN z26+oIeQjrUB2Y&=1}2?!K#cc+^sATek~1N@h~konBCz|;peapVCg4=YFX0G6Jp~ze z16(MmlL|=(`DVHO#J*jSbb(Vh)zU{~3V{2*#BZ$mL}#dJf)iNWvUcxzeS|wA*d(*N zP$HCHLcWbI*%72BL5AHB`~223xlEn|Ulk^tLV!q-Y^a=%3<}x+$bk(QpYt6{J<;*o` z4k4)_xgeG|8M*SMbS=)bB6L4*f^`R!P^eZC#$tMJE(_s7iw{oAAX~>HE=C}fL7|Q_ z2X+?0C?8o|jtSlYH49fZ*zxA&+uV2NDw|;aiFP>Y_N%GUW0lI7k0AZq&cmYt4_x<= z*;ha7Wlk>%!fJ6jskUT%^`o@h3~;{B3hU|V5o5{CnLFxG;!u#8NXP`8D{wD~{hF+- zEa_ij*9&|bc*VRAYyuoGq-6eMmtKS1fnMI)04@=so3t)mNDt7kwYDZBoq%C46U~gu zl(&YomH73O@*ArzDse_fLk#5x)=w_R{Ge%hoHbS>MJE%GHo|52xPi;(;`@=2zBRtIihT54+Ilgs*f$UTTt&zY5bNk;*d0ZM-qMV}B3mYHYM9`Z685*8{^o;Wkn)54E zZ{fzdG1=Uz{E`NpiwJHg_yTXi3<$ayY_JX8h|Sx#Z?CyA{z6}9~f_V?)aX@%Lj!Tew z+MoVdRHQto@QeLRL+$4%;T_o5{oti&-mGqQuksI#!#eQfptAQPiY%lX`;ZvSbuBGg zd@DYS&*9gBXe31#+~(%ys!nTQXijoE8!-W@_Uh`RPSr?jn~hF_2*tw6$|uJ`fHF|N z?MCB6Ly+f~*xIJd{LF@5H`$aR<3SzM2kMBxx67~}CzNk8?jA3=`2j2){_$0&uv3E(BHZfGRS2ly^L6#9*IIJg>M8rVLTI!Yzsr z#F5k)lwT%f4d6b+Q4+Q5@PfasmDSVb5jBtY%&7S#Utd}zeiwwD9~oJVEOM$JqENP# z5R*-Ry^BkNB#r>pNC#kU_hKpQ2x*HGyaoMp;xG^Pf@T0CcGiA)%7wz13r~i+u(Faq zNOd0x(^tkL>9@`dmox}sb z)Qw_VtYro_=*M&(ic!*NMCjwDv@kZpQo+QxwWWfgj4UhVkuP$_XYc@VBa$WLcBmLCu-qy@QM=>iMI2Cw72;fZ zwjNF)H2S_Ys4MiL+)zo;!Q5vqU^*XAfKvvxT_!gM_0wZapCr^uBW-&;SuElz7?i+& z`5nl9&@Dk#IVpP!3tb?z2xkE}@C}eq0F;|DpvxGRzW(j)N^k_Ck8!<%o)i#}&TDaV z*XTEJ>W1{5C}i*y@!JXWdyTEE^andPp#S1-*MR~+4bT89S}bzTKgfKLa#DnHLyiEB z*nssLBsqj^YWYGRyfK48YYaYDB^w?&G@0fXA0Ll0OnHe((`~vK3-I%sPE(9}4 z@&iZ7XwY=yBGhb22I*D+O%TW*0Kx~kBdYZ~$%b*AnJ^n5p1asYAo1iH*naW$rYE-$ zUeu)81Aa_c*ywDsnLblEjLcW?^y@%`LNOfs?i4UyX~Lb>qzA(~`=t-*2-uQ7h*cv^lG9UD zuEVFfaQqK-0l2Ak0?`6q?aP*^!%w8>A0Ko@YC*C>(kugwEc((#;#E$d8R&ti^XNGp zz?T8qREFYi=$CqP>YwgQnkliJOE)cJB2-yS;z6Cb9Kgo_422robuht|ROdhn61Dlk zP?-a21DB~cxIBzMKkdW~jxF5!{jt})VKZiygGw6M3Q-PCa%`TsNI)orLd(X)`=Yi$ zqp&D%1G{*lnFPl{X#yoIoAcb%Ei5h`h!lMS?Fph9JDR`^FAFsBP9<5y>mR9I;>czD=Qd8dpUSbC4%JQJ~;8At7$4FfARQsyT-tN@!USw~jtJ!VCaa zLfIh8gHcKLLa$@nYqEe&EVW^hhGq%`u(XqBcv*rueD%d#)kb>g;<8v z>x!>Jp)jbEs0aTuHvTT>G z8Ms%)TZuFbb_w4d+Fft=s#x4D=;GLnj#AiBzI7Uv2R-$Vzv?^FV3%JY)M)gq%qfO{ z)B9NV)B&rQ_=q5{!e9Dh2`tr8&50tKiY{wL+E|hgR@dIwbn|+6Ii5e*L8PQia`Hgb zF9wHa4640qrqsqX`okfjpQkdc*iJNd8^y&tnQ>h`eTJwV4_1z zOiU}DvX%_r3;inifEVKq6UiXBy?bNoE`Z9!5uyP61re$#ydTvELI|l)$k_p40Ts~X z^VUZ&>L$ZbqC5Q=^|l|4C`Iu`xDu$DR8N$8dwX-NlwwD$LLA63zqK*wfP3{mR-0;Q zQ_4a4#4#a+Sn?Tr3f5W%bDn#y9+OCx{}cmvn=0&Ia??R$Lp90j!Waem@8Mv<$GGd| z_S2ZIS9@|h)+N>&!QL9JUMQYOKJW-HBOJr40IS?pt5;W@xaF+VfAwgF#dbyWj|U-4 zBYa$7MVc93$nZL14naRGqufui+s~>qH>b0AX<__2aYaDBhn0=KWPJq_>Utd6+%>&` zu2MVq${|0*$-pi+Gss{M=mRjdDQQ7Kr-OffdD!#q)yUFd-Uiggc&ERtaY@3QwphRj zm^PQ?&ls4$S;o*=o)JZ6?3dEhVIC(g!n zt0sQ;fYWR~)R=RE;{uTlhyxJ6sI3ZX&{ZXjdyxec)^IQ*`7PpVIJR)LFbU}t9sP(a!@Fs|C0qVwS4!-GhS`0yiC-!&tuTz2wJc<(9E0kvNS?CWGUK4P_QscrRUTf>&IbSvN?ZS#{X!QBCs zi*J_pUoFWuero|gIcIdOTJz^BZs3Rt2({2Vzp zoahy_sq&&wO#CyS;nsX#*|Kt|FN&I)Uet~-A1`c0p@wpfk4q4)EU;)L*_d*26Mw<* zz)TfkYC##g8fg0F%*81{}l<6J%{wp0%Y<(L{HdZ5qP=7?ABK^j0T=diZ!Aw`2m5F-rGLKtdVel1J>J2G`xqi(^PSFNc= zc3iODwhs9aad-tB=7dHbvBJUWvoA%5kj)?%k2bwdN)n)8azUDUaP1`M4Rr%9p%NPD z!B0725I`v=H!*?54B({_SQ@U66O}m;UBheU^XO<5eo{nCOiMIk%jE4}*aY<`t&wXc zG_RXD3)&7K1l&MWMm&>Us$+M25OHz-^>ga>BGL6pepffOBICg$+&v*T{MbnmF zb9Gnldvf-_-)438n=2E;V%bB^;}s8EZI9$+?Q+**@RHy7O=ku7a7cwW*XWzDx3_<3 z(fd}Eo!Xa7%f_T-G?k<+FD~{r$>V3J!Fb4%*bflb2EBgdFO%28P8m<~WYwHJs6DZ2ssQJ`l|(;d3v(LiNr5pX7;F)63gm+6B=2j&CNg8fMf z^P(_KvGH|Jq$Mf!5FHGQP@e+`C(UJI>%tQwBft{cw7LVg9cTwtXx?taU<^_L){S0J z98gfAD*<4}Dj3sb1w!p6LznNKqP!P1%9Be@1fxkrri@osR>E&-nSW@lHj+tz)o4(^ z*38Vofdzp&N*2~U(ev1HWU_mWjm=%48kvBLmZgP6DWci21&SejAY)tGDijQ?=n~17y%m3yAj7)8pv+wuLC_v|xm>rWI zD&AuNIDrf&F~OjZCrKM_l2)eq5i~S%97cjo`<4zciCz+1qiSMFwT{1qg<82Gi=Ro9 zlPkT+O6=wFV?AZ*LpE%g?V+009I2+srcWD^CSFvj@-*5MJb1i3oH964y{LS7q>lW> z5UbG8c|O+N@e4sJN5|<$BfKBhm;X@6%U552A>V#r4R|Y_`cm7s$Cn-j5Ox#ANB{06 ztoOk`U1;PY^!+GYeQ+8Qb~Zv0SpW>2vcyhwsdMn`S<=@+{*pJrj-i+4h?x_rTWI^x z*B-!sH4fK6&uIYwJkh@g;?XR9+sK)#8m{-9Mp9lHv|XP0{@v;6)Hfn3RfHJCD(lpeXKSiOkE63_7s#6V)r1IlFA5yTK%lF-^4C!CL%TPa{bi zcGv5HnNaWye#H<(4Ax_^p(ai8DAi3CrInYeM`S2N&G_in3BvS2iZ_{mkv;FUx5zHd zwJee6MA8C1y{vS8&YaNP{YmvB!}61C>^qqs(ava2u3+O^;HQ@0HYCuxvL0O%9-hM7Jbs)cRS;jnfCD&tB&B8HHs^{ z=OZgvJq9LD4)>nvWA$8B%iOqbMFiw^i%Opg!RQ2gig*xb0vpKtX@L3~75zmF=f*Q5 zZZv@M2s({KN?orST^_=)M31b3?t!B@KwM=MjZ-(Pfl730F-RAD&G4gN6ekXkY~)ce zs#jqtkhuUzLA5b~5{<9H6{o>(B&1g25eZp}oQ6#1Kr2dFnXA*!KCM?;zcxtK6HVgt zx!S6g=6Vs0k>oYz z)D1^H&1zlWTuZt)-Q;6wcv>NMuIRhA`KAWp%(_5>msls&Cckc=`zg6j2JDu4px~@|sPT7I`=SQ*a5~oY*PO?6edGH}}&(E9^-;ewo zuk5=1L{hC$DZ%0HLo4l5M@r>#MoTKra;&M@{4&9!v}i!Kdwwgz<{CsBGn}=kmo5N) zC#+18DPwg(sYO9XEP$ur&R_}}y=wElk_}IopYWP7?8X4vV3d7oY@`Fs_<6(2GsU#% zf{=BL$v0ZdD%~co!!rp2qAwsD`BSe``qGY*h{&t}Zx2lEedSW>vOT_2uf;q7qcc{F}>Xl2NF zKjSf!vvO{IjOLp;>KvjJ0RaUEP77j+@6_|f`AK!6 z5C+H>SQqW-xG{s8O%N3e@ZkE*O62CcIH8rrFy=B|T%ZjTa@y zzKm%&~ z>>n?yMirtGQ@7sgHgU|s=I!t@6@nFnV%Q zufuHslRgq#6|>IY6I1qM3Cc;CuC zZr3$&H{BcPD3^p}ahXol3(HY021(^DsJ>TADw|h*S<=_lZMhy`CIpn=cT`XY|Bp1W z7Mbz?kyrFL#m0`Li|?YBZqCp$2~`#yZyo%!vO*y7_R==l5Yc_-!?&|p4p_4MQfq$P zXfDqg^w!5x=s|cW)073RMQ@gF;$y?(CRRZ@nKIH-NiPjmZU$eaF*>*0`~&~i2X?;O zuB2IdG$>3ZFTDz!R!g&=KC2pCY$XuqP=#aAo&FLj(gU&UQIx7$;E zXuPy3TsT4D!N^lPdwYQkTVJ4%M&9h%W(+(8@fp`w6Nk1InYDNJ_l5rcE7vZ=>hj2? z-QMvA{?ui+^*>rgcqOg!{m2yX&{X z&3*a^i+0y?0j=7h?gt8*y4Uk8MI#yp8cQ?39(^nt0W1L?JHdNY|9!7j-^*!z8<;p| zzD{3JP%QCF&}40Rzue@77en|%k@&kbQZX-158C0)CTp8PYSzah`r8$D6-WA&|>O!C$4RyW2MVRWYtycJBrVj;Whujc|1HBn!)$`~l-Th^wrZu^ zXR)_3|G89ysTY2~4Lx1SliI_UD!M-e8^_{EXQTq-4 z;alP!#}c`PV`w|4W}CmG8CD(G&$RUcI@&!w^=2x6-v0Y=Mn=XNgjmvR27W+@Xz01@ zgWLseFAVs013pI#D~WIywVe}qlfLbCU;*QIz}k|kaebYWgYmWi5$J(E#p9RZtdv?> zBlPPzv-Y)`zKgb+>&rug)e(UK<^-|p$V#xzq(E6$dNOU(^$xpbDZRpVOHEP-H7V z|M1-z5YP|9OQ;Gpn&IrUz*EVxdpLB_W9tVu!LG<_Ysdx_?c}CdgP)s5S6tWB(yAM} zR4<+OP0sktnVb44`%`oVFy84uH~BLcI7M&adPdwH0BHP{p2FJ~VnCIYk7<=M@PY#) zi44rda1S(%R|58g5w&MjR8(gMx_ZRs3svBd8O;^&CeYo}ghdrjXi8pU#00HlbNi0Z0&%uClp9C&McuvUwiNqTC^&Hr-@Y=yBOY{qn(lX-9cu4Ra zT*mt&=S#v76!OF#oG9$kUI89+p8%VHl8Lh_YFVQDM_7Tpb2Z)+ZTY}auvF_{_JE1Q z#JLPj^iqebO6!AF<3_Xw+bL25lN!B z7`9aaw1&fq5jZEh8t4NsY|RRurP>Ax51P$S-uNKh$`kTE+`r5nPn5KRv< z{|jOzAnmYa+Vn!-)}QCmgRfL$aj~&RR#vooq1-3*PEf#CiXOH=--P9vVTS3Ub6xo< zvRLd=ZUKCw-Q9&Km#3Cx;29OQwY@H_=6N~l4Y35cA_5IKwh*e`!jj7kM>|K2oD|-# z+~F$Ig^l}CMBX0wK72ob?Vo5%(T!9S%o9>Q=M9k|69^T}$vhFK9UY|+;7)K7A`%E4 z6rndhK`9LOnId`}lMWm?E9}6r)rHiZ*pDG4gDEEQu3!~}sSJ$uQ#!v}nDJ2oA~iBG zi3!PpMSUTX^Lt-U*|i@<)(+9avG@>ZGQjUc{Y151*8RuD_H{~kEROu=G@uZ5j|H&z z1c1G2dKMfqet?*PV9@uv6HZgaEdazvOK~<}v$3XM$r^%V9JW7!$#CPTN337yBNlUB zbs=1Zs;brKxdQ}eg|{y(EOzPc1aBIl6A{}RW+kY}B}&bG(YwV*r2sx-a{hb`SXNQ9 zr#PFp!#0b!g-bYCWd<{qJ~f0}Qt=6Z7JPqy(${B!a>Mz5&Xok6}3P6Q}# zFwBzZ*wItVNwxnqZ3|OlcNBM6Wytg|LPCzCB2EyKB+u?N$SnmWR5#1=e&>7Z5Ki*1b2m+(63T0h7JH=`g#o?htN)6&M*omXGA#Veq^ zs_Mv7SGw(2l_|or>_dZ!LIr5^eu5N0axSc*2%p0FxPS44aK{{z_YWgK70(3&^ zdQe6x?DasA0(xWD5s&W!%=EZ@8y>6LrUL;{qadRjgY}EW&ULj~W|yewJM0~qu^k7=xeojh5ne&pjDGA2L*rqxt*$tL}#& zw4+bDaB9;75CDNx?Ay5NJiu5)mz^2Czd(Kl>$c23l=RWT_S&&~9JfjfeV3d=o{Tj< zTNj)(Q*^{Y1qYiwuy-EKb1;63fThLt{gaPqSc0U9L3<=DK@n+KYLC|>WAdONcvU+f zhtco&^j~hFD=6h9-hB!zRWOt$TKWi={Lf*oBpZbag~+f7iyOVu*||BsN$5k!L~Ss< z2vm-Lu~QKHBeaykK?Lqh3-6Tea1cN}91t9gB`iUFBMBu6%MFcJ{1maj07+ScEl#IQhVV zI2u?H2t~KSZS%ohTxMir`W|;K5q2*)&5cpvV;BisF_j?_B7H7gA0SQmwXbNjlEAJd ztYsi$2stG{?CPvulrMr+sEU9Bm+Z$AEwF1LoK^rY#%Ir#q2&+DmVJ+_ufk{-H^ms7 z4$#GsHpO9k;+--u&6-RVLMI-m2?P3=D@vQMc`!an_sWXB1wXNgCEx;yGgpwXxtn=~ zL1Ta+JmBYVJWZ9<^e{BE?9tZ09>V9i0mLUHMTBMyGJgV)140RL1CWjLp%}D#6qd25 zG|OlDLG0*(y$`Y*O2S#CKw}WC>fi3ja14S7k?;*Dh?O!D0KzgrPD3=#?#10?0jDD6ENmeU!q68R9-mGWL@`K|eUa6n3oEW$gS&(MAwTzJ9r!FN z$PP4;#frF(Kh+_l--xFUXc90Vq9lDN)N`b1jTDs3hM^!+h0&oP&NYVD=6KHM&uxbu zu&zA{DKmyOXmDca193<|&<9UZV_A`>+&Jw9ejG_&_zC#*mbA5nA$sFy3UTSgAXgU@ zLGWHK-)K9rY76a1((!r2T*v2~z2NNk3=jX*o;JfH1lVlZnh~ejt$-1RfFQ`+n4<|5 z4jqIs170(%S;Kng5xn6(tBi<*lk5JT{eMT9!^t>Lh&CF%2#V0RM-WO#zBz}M8`jP| z6h~y_A_X!`vN5p)c1cQZ7Zqg!!PYFC48MiJ5(Tj+!b3zc02=}(SjuhT=5_};0&^Lt z_afnZh4wE|=TPAEECGAj-rgQg{(+-7ZJFIbrH2PHaW(qCBoqZpi*Gt*B4OABaEn-` zBIkk`eO7>FFebFZUIUp89FoIuriKB<)&v_D4n7nu7-fO=P8AJ_5IjA@!G)zjQ>6l4 z24zUz=UTFl!W#uWV1ygA49H}AT9?jNu_Q`lri9IkPA%LkhiPHSw4H3DvG z-_gIK5o%mGxj>+L$_XI98LY#I**#hY$CpK5RjD%cx5N!xVcrduBDR8){)@Fn1jy;zF#Mn#@h^CLvkyJ_zmBU@+w^Dp zDdymjfNW+keu|RN;yD_CXFH{47ew#!pV*hh<>mY} zlGUn#SGA3+e`(;Y%OzCR)ptO76PnOuh0}#UU}4o36@y6q!a3Y+r|mn4e->)78j!Kc z7<=n% zSH2vny95R4fq)atsj?=i`8l|wu+c!L$n1^Y+a9zkcbPLoNJ3m>EZhyFUVh=76e3? zQw@({?#-K{52{C>@5(0#H;tslOZ23{gT9N4qQL2L29!_O5}|Tng8%M2P!&oMErUQT zOLB)K5V4my(xI#_KmAWk4I*m`x=>%d20juDxcTC?{q{j8R0cXa<(N7oQo$yBCEh%1 zQN$TX3G!0Or%xPia8|&<@YE&beACkngbSl6ay+2{w0#jNDZ-%!b(u^>p#ZrNwZs4b zVdoK?TsSojflq`j0*)_h1Y!SLyQg=PnG3?M$Bt?&W+4#_Lb zzZFp&PIz+>H*sR;jCQacl1=0wWE2WIz{H3j5^RJPKVWJGbGHR?x6lzHW|f3Khj%09 zKj^GI!O|ka9HPH*z@bjsZ)o`S^c3ADR!C@eBW}NkSO97^NkkTa1twNj<*+QJ1mRPG zFhW2s`2ZpjnBzFx=w9CqKE)t2i`=UYbO#4R7R78nT3`%PMPOfSmr-)_5BK%=#|sRqqIrM~A%8gs^$EuIu7HEXLJQ>#8n5WI zgW=5ERYIoVz{|TFB_HWS-KaF=PEZSd^70cnnnX4Q8#*|7ti#O(F^zVRfenG+64U`V zZr{E=QPGJTPex+Wv(0+(o=D}unG%9j?)UkWTaSz$$52jiLggXgEbtuI%*{=OObfV$ z-2!I{4jfEyM%kfVZiKn*9!MMo6wiQ{LJ~N1DHXe=-yqAt(`Rt|CpR9@^J@Wn5XcJ3 zO<)~Z)G%kFGyUjT{gmd>@fw-rBSavNB5lg|Kup~+#C=YAmr|hk_8kcTOcC~wQ;Zyu z`YW04#HKg?az#ODmBum8@(UO*`jW2Ep{S!n&aeU#H8${eM@)UNfRIe>Fhr!%(z;Hd z(q6%8jFbI1bcvd~(VR4>zz}U5*>4B?IKr5{;`P@pxN~AZ^28g>W%7GFdY3ifz(eNZ z4#Ng8!EeI@7y7F@Iu~#S_!YZzO&MN82hgXhJg3o0RfL~){)M|o?M`F<;?U9202G!M zPIZDgO$RXzp_xvJxj&bVyMP>NH&IjPV0%H#1OcoDdYM0G#-q}vz-xVn6p{G2N`unn z&$_C5B&09`6geu0NA6{c;gF}^jJyL)*=3>o<{*rXdFcz{A2xl-s2(bO4rSv`(|=O= z`!8`M^DS}hxva*9?PtK`Nh`f$+cu(k2EQ8d3;J%%gi}HVM=9<2Em|=?1Gy36NCIFb zGE%XW<9!;Lz6P=*!U)HK)G7ia;NHb*5sFD(TXgbKLIoEStC%5k&ygWFg-?HAKVSM! z$o##u=8g?2Qep12BAD7!@vD)oyOFI-Sm9M8&?f^ndEA-xHI5&C2PYSy)$`JaIPGkS7 zY_zB;3d_sA5HbWNGX!wdxrx%+1f!%f0{mPloCtX|@fC-6;CqM;Z|fxQi_=^SxiGd& zBA!@RvblM*t_Jg1DQQ|;4*Cm91M{JkooI8s|;9B@sOhr)_o+a z+3DmN2mk}f(P8Dk(n|8?8msmTHzrTy-KgBb;*lLc;&Ocwtrt;}i5WG<>zW#IophE;LIh)$IO70mvs@p)<%8SHx?A?RW^Tc2P8=9gh;hyasfgod_ z{;B_biY*43R%e&}_nH~^DgFmMAE+8~X}q4aXlM(Dw;cYu z-AcSH%=~i4wl`Lvp4B}(GtaaAqC{0jxTVUv2hZ3fo*OqtZ@rTjZ3Kt^f013(H1IE z+}y&+V8U+Wt+wlUQk)&99a~mx;FpV94@!!koQ&XC>piH*WI@|7epY6_DvZ%|OlhUq z0sSz^xBJZQK6uW*#*JJ*Wh-^haiF(U= z;H$`}B!+kYJeecbSbn=iFswH*J5ZIGVq4G`CY=lJk8(mD)9p$<5NYh5mxzG25^uuZv=N+>LPMck+mPlg! zy-+WzA9|;Ehn7vO=Tm)Su*KIl(Y6ep%T{7ZHX12e^)A_cr_E36h%?iQvCC82wu{!c zg>2`yPqMkF9%oJ45@vt*gb=SK&iGNRn1i{8Na z+ym<059M=R9NZV?mXS}05*-Ia%-fJXrETtdYdTnrhum{ioio--WNL@jmQ{uZ$4{G{ zrOVL{Y}#D0$+E9n@b=#Qx^riYx9#E`lcVD{Ic;MhWn{yUJ#7@MytzowRpdc$GGoxg zWbYx%eiZ?+t9DuYPT6#a%l+9R+6jtjmB{R~`uS8Ns#xCa~&R$SZ?LY#UgHZHUG zTzAZ?g&j0ol{Y1RrAX1%_r-l0_Dtcfri}fqKShd;o;fDV;vD*>Ct9?mywu~!6;^!60{d486gL+QOKDz2jgC7u3Z-K z?C~Q3@hfg4Ll-31YW^6vN=(RM*BYG-`CA8{2DI z=GJX1Iq^MF^tiHsg{A9Nt~-Z39-8v|N8RkE{QC6MjYmJz4@KIWXuiHD8M95zp{T^3-^XK?3w@3<8*gzzYnrDtT5nMwNc`I{&Tk7FFk^Ui>_ZT`e5>6XX@SZ2xA?gZGVBWY{km$ zwfbmJBMhuC*VY(fH|!r*&2C-(Oq5*7>JfUU8A0V(|9z z85iBwlZ6AqjgkJzi7^Z=i@65vZ=!Nm+ExyaWoEw!-E=+UTjJ96(AU&?vEvnM7NSLu zk6iZ_(YfLI-F;L0M$Xxhwe7Z*VYTXKPKukJ>ME<$U7AgQ`Ra{s{mjg_n!KK-wGunR z1u{h33w)0CCn+1!UCEo?^XJs2cW9;=0K7&Fn}{kVSSWd74n_2(C=9n>jJ%cuH44b^ za1eO{C=4`ZFDPyo7iS7G0W^YUSVF2T6cZaUDz3hYm@>hhLmdtu6qX;Kv7+Tk%)U^; z0xu!vTri3;hXQClGqV_KKp*uggZna|AVCESqvz2| zOUEQApopdZTa+(N;tj%17`g_*CF47B?gdUnU`fy~dCJG1sPlTPIRwPUP3aVteV49(?5JVT z$xrOc>U~}KG=%eOi_XdV!+tF|7dA4r`y?gB)ti;OM+Qc%UoK!^IV&n0NiY1P;e1=4 z@VmlnpI=v7UbCvbj*;bQ`qAVvaPYM7YVf4qHG~f8CJ8z{9+zb(OdCfX);5L8e!t)zfwigB{ z6vfs&-OkMApvCE4)x#LR^?3)y^G(qQK4nYU2eh2CNxl57xrfnNXIyb`?4Iooqop|o zozT^BI&UNDf__cOys&sD~~{>o&;cz4rVk=W#k$h&NvEGvW;5+;sBJJ0`> zz!)dKIVugW==DLW#c(9Bel&(CV1e~L^P>U*#~)7RM~|+-5Vr_fr;Pdmv$E6Z?*mak z3M2?&2Hht({8SQ_ZNcJ{Fj`53$&ETRs9ymD%rOVp8DNq}Q}%^a>kiCu>4sh{77r3S zFXB0f&9KVt{{6K;5YQ+*q1uA33&FcOx=?qTgNtC(mUS2SF`ma9LR?u@RS<7Mi9Sm^ zyQKU5wUsQ?C%KKQ9#70ndKvd!6Im89>b9I`s3C6yN6sp(pYN_Jye$@Yd@d~8x%OFA z&nF4p>=>8Y=((64Z4R6KO~Q!l)epY)Uooy zy6<)Ihge+L@y)@r;!yg?wy(K)QHvuq($}e69zC`econcbYTV{l{hv7Ox?cb(ri&q{s^t`Wl?9>zb*aXp=2}{d^&C@4!ozz%a zoASA&GH*5Cy7`js)FBW1?|marlYPg(G^{tLr%p5X_owaR^7vLUBbR;h;ov%`ESTFf zZ@=?ouYJOrW#`VC{I-tPe9dhNVP4*wt_j9X*LafjPUQKGKYf4Dc$aLaV(W+SHAPFl z{0)*XJX+NYZ@Ei!9ec(nKj3#O_GI~a6=>IQ`0%)7*XKO3S2IFZzLT>K{HgF!t;zS`BZ< z{Z&0OtggR3iRQ*EIx^NrB!%@dzC>Qn0eZA{UCb$6_;C3LXy$AP(@)7_0oDT=3{h;M zg-13Ta1qqpOb`JeTOe&T7>zs=zpkiw!=NwGx`ToQKhix%bq}siK5SGwvdlWpz+F7E zUX*|PgP12zSR||n#TCP@cL8I-pe*mayi*51S#y4%mVYv8%rO0taqY<|v6PL$;{xho zyLI`P^Tlozg4vc$s73tX@}}WU@8e|QdB0M9qN4>Q3km>EVqRm}e_rBAudB0oUgvzqWqu<``6_L>RIMB=yTo8LI z;`$qg3ECbm?vWGOq6SxF^JU`?IB~^X-C5XhIA}@H>AIRX)9zr;QIUU%!#>``l-vRdQ>LEqX#r9;Y03`kWHKTU_*JvDVv?4cFG3&>uYNn(K1f zq3PnjqdMuA!r+EBY1sYF!O?>0()U;6&qtjKOxlZR;umRd&Ubgq#C0l!(r%0|mz-1Q zr5~if&Khl)_eO@dBzZcreDk@2D2>nayA=BD?blh3&`by4D!E)Q#8MxZyJX1C&BC^d zhR=bkz-mu$e81A*DEpUi?!b@3SDdqjrQ6@#4mWPT_>l2b=aiO7Q0wgU;%v>XXvv!o zngc~=b9994Z8Dg;{8j{p$dt0rcl1;`6n!4Z=@f}xXQM!U_$8mi%$cR~1~pfD&5WMj zD%FZ5hDd7m%%4lX+Ku&nz6+&svezaK8&x|yn&eHe1=i$_KP;)~OP%>UlWQ`HNeSc$ z9Jd*ADF~5|N)K}NU>kl~9+ zT21~m^@fiJzy8>P=^(_NLm(~p-E))j#LqzO@*bUUv>Oep{|sNk)YmnX#An6kSwJiY zNNND{LA8PB@J);k>vEmhM8-dZx#oYc;5IOa)!}b{P4_;gP8Hi(H&xwkQurZvew?bV zFXiLvy9ob2*Z@n14mk(e&Lk$MpOySE?dkfQ@ya^q7dJ|i%O$^dvV9y)yV^PV@}xs5 zgZq(}es3flaTNa{e zomTXOiHG&)SBndy8yQz{o#dC&pqEGrsn?wG84qIDziJY=F_8Q9yXUjR133qt+b(Q= zfB7zTYIFoS7evx< zGdBxoE7$P4{~%Tb)WeeCLfZoaDh(qlC97 zPxR?M@oJA$!9*d8lmg8$v(8*6hgH=gMnQp)c=RJHxK7}eZNOZXdq3BR8lGPEGZ$4l+1(- zh0K(p%tX;lGNg=UmLX##Lq(Z0CmAzjE<{hay7D~(ugc`o+gq8n^0+Fv%;jmXB*l-jX}xe5q?XLvHPfYh1|=mOK}0a`XCm&m4?M`n+36 zlx3KX>As+-itGU@!}g`+Pa~%mva~+&uQbod8~S`c`NL9{Hsc^iireb`pcFqH3Vscy zo0Z>GbMGiVcHZ1NcRVNimBIXJi&;Bfod83#lD$Tg^hVAOqBlJK^P1g{$jcrG7I)Xl z-Jl+v*KMoEb3slukLu9X9ZvJ_?^MX;)0=6`|4K?RFxAOsRneNdHt8LIFHKBqKsj2l zB2**2a=?ZQa z3U_oY2vuQY@AUbH*{g(kCL_AaM~?10?D)R8)wgf#0q2;pO_So4OzsHD!gnXkS|TsV zUf(PIK$Rm*O5=U(V1YJg)boP2`g6QqbZY*3A5YlY4^grI(okNb&M3*>_%3^o;`#TH z3R(0tjqUVX%g6D=Gfd2lsTRR?0X;G$YnQr}X9^>@_V-B7 zI@c=vtofxDR~Vpf?9#}tt$keO*rlH*^Xi;(EHlQJw77o@e=R&#)tWCUXwoPxXyQJ9 zII&S*t!v&pOl?k^=8Nk|*@sy+Hzk*@h^Wi1aXj2`#M)la;I^k(UsY<~+q}WgDH{hmO$=LQ_x`7r^{-N-aYgga1>d`+K@m%xD(o#1|SM{WKqjS@a z)z<>$3JsDZU+uW2&bhqRIbi=K_2t;*S5sCrP4hKla@R!{Ti-u+)&EN2VD9R;a6mnT z(q_#R_xGypF(+)VnD-v+_&{?lLUiFx!Do$u{<$yguLGj(8Yjm;f9>bwQUCpFZsFlK zPCjO*ISse5Nk#|TV~wUA-zZqm@vxpw>lPZdDctl2M|`I^C3jFG*n$Qzld$E8DmVoZ z3RX~1@Cv#Z4{g7}BO_1_z{D>vEQg?xxPet~>Q~oRU5BW;4&ViQI5^_Rr%a9>4V9%8ylgTBh%ZlU}av^{)pv#4ApD6 z7lWSq9?3O8L!yLx=jVJU`U>)mG<%OL+ptM8A97GztgK|p%YKKjE{%1g!rGw0MiB!{SCdLwgJzns+>@Y)nW zNweIex0J(n(oRh)sOo(3f@Pw&_~ohjbyJ+$2`5bjM^w6g_42#j=qR7d61@?;(<{(9 zF#5ao)}p?x4sT@&YkzUt?|YFFXxOZ|;Bd^~r^$AS)Eg<1YP73{1{3z0#~aga2@d*b z!z||GeW#cuL@t;Vi`N-x?02+MZ?p>LW~1WU%Td<1Gr6nq%~Zs+ZbH(!wfCajPqD{V zY`jIu=%ziDY~ayD$3C!7_IrHVGe2%HPzQ4!OON6e@rG zF00WwV_)F1)!1s;0sCO>h?#HpG~pu*UadE>*oTjF9Q@dHcewJR1MQdf)UEH&v#4ss(ofk>L{INOeJeNLsQ4jOh=P9iS@Y}GY^E- zj;-DL#a<@Y@oG-TK=%$omI!4@>0KOc1tv;bhx@m3MqbJ~ z3}BQ#Cb9DjZDHvGEsbRLGZ!y*xh}pN7#M)>SM*oIiACM(PELnFOK4#C7u_ZwV+z?h zbi@N=69P7I@DhhLkOt+_XC?ELLod#p<-X<>aX4R)?t(SL>;4gnF@^ZtnB5${f~P*d z|IAljB3ShJsGl}PA*W6Ws^p`|#c>JaOk+1Y6Du5JQ*EM#>o zA1c{{p@jw=RzoQZ))!w+njg;d8Fz2dH#drC7I8oFeJDLj(4lMJu=wi7^ToH<$)(qy zr+%x=<;vOL(=0`^DI>s5@uQtaQ0p6ZJJS{c!SkwXy7~k8gcm{sKJ-U8zn^3a)ZXY5 zc5B0pa*A8?26WGI4wRI9?ztwmQl9r>pQ6c#g+qR$nvZiem+vp%k>@T=Rocw2Uv)3c zH3$}2#|2tB(adpI4EItkZ>Qz6rxTcu{BW)8$o-MG{Q+CbUIYkk6%h75x}!@mbK{=5 z2Iq-bf%F&SdG6*WL)5g^`!z>+1D==;DHnb@SLyjvA2{t8rWS886t^PKslg<0R5m3}>bw!nsw1>1>jdIAE$pGxPjp3Ir)i#N)zuGN=`w5b=J9By;puQ+GJpYVCx*Y>=HeWTx#10|m=i=T6(FE?g< zbCQ!&EvWW$KhIyij)vkH-IqPfOJmE#+8d)j1m%TMg>2P5pQe!KBBk37)fb;h>w(kS zdT$yo-gJ>|w+}K{dl!BCC0g^wkR^X{uSH1m1v{3cuH^$k(+s(S8zmjKsTZthaZF?1 z819%qE_C-y0A+at*Xz)g5lhNTnjP1!2vfN=Wz^WaHqn+Bony833^C~Z^-$l8PO$l6 zRmsj{|8N0n`^HU|HdAOkzBrVS*ZgMSw$PLM*pTu)ZBhI6J4_uM1ws$}qtgwBPIBw4Ij>z5dzz`1{-K`t+A?p}gJwzZLwC=Z(dG*s zXSS=VTzSCf{dY#I(jO`xBkA1w#@1Os^l4rbxaG;4hupmC%M`C%vjrYpRiEa_{w~~E zq1P1{B{1;&S^)sKk%q!{{{5U{ZMr+@N=wt0;cI$iRZLdMM&Y>Bce&AXCD*<%$K3Nd z5;wLqqtYw zR9^M1&6uuZ{~6Kp->$Jz_vw^>mjxc~nx#xLWN3)k;+plfv(q78Dh>x+Fkta&O~Fc9?O}*_R=NP^UasBzep1T0ZOO? z=y&q&6%pBttm$oBA$k|kkHe&j-=jx2z}JIN494uFvppOlU%z>S883T{il1WU?{fH# zT~XI=GVm4g43aNyI6j~&-QgC{$YnCHvh<`}deU(f``mWhgA^s`CD zJ9TK0J}vGyhSBW{% zA4bJ@;5gkjW=<;S7Ht_j|0Ujlv1_`DT6|jqI0S8S1{04tuk9`KSzFc^oDq8{<($eH zldhGk2mAtDI}GM8%ktHtTncidDiKw6X&-sjShhxaB2ntvAXvGZ-}8VSa6PLVZ0!WsUy676@=MUv-*-OefXn6NEtgd2BT`jW=5M`J zU#l_rI`V84wGB(`#z{@Rkarso+Q02OP!u-hcV(;ZT2wX8e9}n*4(U1m4z+P9ZU+^O zW!CL_xhtyLP`GIJo%VvRVhvLzxA*te^sHV+y!I@6XtK0khtfp1wK_)Svl|?XPg*BD z-t}SXP11KEQ%ApRQ#bC6bgbPtDd%)zYkT+f!pc(3`L;J-syRIkeqGlXn-Wjyuq01P zls)HnjoIA7QI3okfi@Yhj9H${%Fp(jTx-xf+X}%l~YTemZ}-u>OIaQTQP%tug-F!G?cLvzly1E{8fH48)%^Bde9XcH~~A zOPhRtr+lH9Fa9J|%WQ)LS5$m(uQS`AQ04a3eDY@Dd;?ot(oZ-pyjeH!bj7tkoySa@ z8FVb-0{b%dh@BhTz3|le)<@nWtP5ZGI6U)Z?u5*DmF;qPdF1ABvc!4A9<|;M)~a3+ zhl}D1M!V=3Ue0>^s;@0PUL5?UV*X>wfLP4lj>wM9e>WDDQu#!0I-D0h9=y${-F~n* zFa9obKfV^E?xD3-W(45M=a9m8oS! z9%hBq&V-0W#pOOzEq%e2%H;NXo`uP0ja3@okZ19P>oaC~?#KHk{c-a)7RD?)TiG=6 z^M^jauT;yv<&e2uAzrUpfbr(mZ~CrB-2Uc@eGZmOl)hcMK|7#KOw;(a;@-tQcjxZ$ z$r;NxiSupVCi&!hNvoiPF8bRvWW%nf$mZENxfI>o1ynFp(G3 zoJVq7oWxbHc=d+FeQBb&b7NwoSNDy3Bag2KTBJC*$k+CC8Cu+U^C5e^=o!J{iQF@XbR?>1+i)XG0=@k+pdwEo1D@|lTQK{4+d;d2`wMKnYT zIwT5E^J+=lw@gzFIc;>$d1tFs&xfCyrB`>4KW4GW-Fi<*TqR%)KHBz8EdqwUF-eO@tA4Yvg={eS2->{k;G{K3vT?U^^L8zN9C@5ke70!DV#2A@_EE9 zA3L@^J59@C9B=mSPus(vQtSTri+=rhZ|JS~PTjqs6*JF7qk?a7Q^v}hUcBTR_lmyh zWbBiKhIBToz#KQU+5yuexAW1+OoXMEGxEQOI})%G7oT{0dZPu;itrP`{WEL5WUFtt1C z+n8Kg?Ut*_d!N1b=c(QtYx8>7BVlSG{g;21&ugikToty_$3Na_3(4ibPOWB)wM|jn zxKZYk_FsKtw&U-WWEubd@4t>elU4rzlWAAG>mLrq-=xC-2OgQ<&Hp()PeT^g-#`8* zVWXGX_}`gZa&6mg;t~Gcq51RuBCBNo=eWMf`u`6XB4G7{nueNM5cU8RM068w4-M)6 z{u+rD+xB(=)ULu167vx!5zw>qrfFe%0bW519RGl1u3Sb1 z`@i5dDWqRS0UVIq^%~gWXtKu7ALi%x1*sT@XSBfWSa0)NTUnh`QrfWX!O7i6DTwgA zs%n7hzaPnzVya|lGH4776E$R#y64j)HUBCK{ zZL6VoJmwN=Y>X&E1nzmW1Sqb3clL+JH_u^&x(b4hQ{ir4dXqU6C;1^5jOpul>NNV? zxw9I^6p$UDQS=`I?~3Fv&xxq{KM$vtV=(Z_PRz@+<=H3M=3yAL-F?{=(y+x)>pUkT zvw{M@{~Qv}^m8YO>Jp~1LCOc`Rn)1Z1g6>GvAm5VvXz8~ZT=PX*KySQZECadfFx3F zXmL}({s4p7aG4MK{7j;HX?g?ZJj_3b#OXQ<#8@Rh%pvLT!d^Se8 ztFx1$2q4Mu26q@p0Wtj^Td^mjN^hbeEN{h}5k@QD0~mMc4b=Gg^XD#nG@0;$22G3Y zf7S^es#-(RnFmlYa7wO(>_L_medLht3pO(5hOr;e>dBlVNC|3rjprfijp1N2Lk5-s zvCPHRvyXu9i4cUsFl71;Qq*UzT{~d?c4`YIzPj<0c=QTFF$W3{S2_xSi1uE)Vb}Bj z#tot*=DtwBKe!TE?HC6oFAs z(jB=<6D9KtXLJWET3cB>y1R+h z0+uB)ZNvbOUwHVsB8YMQ=qQvzhk$C=!GljQnTT~x#$zM*=3~8`Hx|yz;7W5Kt^&g zeg^@g^;@@MUmXEuKf-D!(Sd*%ySn-oiW4VJkQW1?wjWK;verPpZ8U7;pm3E~f zh)qy!u$#E$;{z;F%TyD{5tNuH;m#sckp4l_E2^A#=J3R zXVuE3AkKaNL0}pOFK;jAZS!iZ;im>S4bV`*VykHXANP1%t%F(2>YK^uNlZCUjaASOA;~20_c60xW2C8Ao@vUDZ}(d8gwCq9?|Ahy=L=8 zXb(_8E?dK?kf-*-HQ~tk`1r3ZR9t~_zqkMQTwpuSI90uUv?b$Xq}!7Sn5bg_4M7aE zzX!f-Ws-0ZfLzCSn3$wYS_A8c(mex$00Piec-Krt(S1gX7$@b}nHUC^19TXyfch0N zQO6)yOj?>BTq5NPAH*sPLgSC9|4A+VVn94B#_?e$e_jJ(=%N%5zv6z&x_-U%rAwCr zgF5~Kfd1M}QNB+5L$kD!Q7=`vTW&y{CQVZ2*El|;eN=3Xo zu%BhYh$A)QUt@RJCr$coPE6%+5rhm}U7{K{1%_bB5HyI39(8kH-@RLbodE7tVr6Qr z2?r0)2Z)_xNEEU>7)bvB@1m&@_43)-S&&DbidpN%oUlPi!(N21%1UfB3Q&jtY%0(~ zh8h2L{kNTRlL|Jt!M5qpo2x_-gqRAlu-JmC2v>w88tw&*(GhFQ{PpD~=0d(^I#5iYJP5ur-kU{7K^Vqw zRNvfR219dlxaBdj7Bazol4#-36C+II5RU@`OYpDR=E9|tGyDbTjh5hDbNl5>9wOoh zrRf>?jltD;E6U2?xBt4KRZ9FMQz}flT+rU$4l3vxZS7XMFy|<3y_40)8s>j*jXY37q)XYQE_#|E|?i% z^*wm1)9qlgK9O`i1b}BVBcmV$VlnB=Ey}mk6aF3Y2ah%?u04b|s31AJ7gFo!a$wq< zoE>l!s=K86@1NaCNnaOJ8ivG)0t1o3+qSrK)W!TW(no%9%J>`8+Q8%gBj=WIQbk?+ z?~mE$`TsS=eo*=0!%9q~s&a|<5b4%GA4^}1p;rX?gxj=!hEhna9$~JLjM_qblDO^= z&mlM>6hZ7osd)&}1H&yD&=C!@xM?P_I9ZRZXB|E=f$q=e{W?8_;ckT3!nh$|{(HfY z!tt6=ZA#KD;(ybkIQxEvl#(y20H_hIv7q?9lI>oSHI1k}5IV^Em6=RwgEB zXRiXa*esw|itbOT^1u-Lh&X-V{etmbit$fo40>XwQ|(1c4kpgPj`TvbDL?slrq~dV z?TMqjFFX}~qo=u+8Qww10JD%VFP$w4v_!rQHtSG9fXb!U*9d&Ds`e+^`wrcA_Mbj` zw&&HyoiC!JR}u*{Sa6)e$qVNl10>03!zGxp{}H#IKu3v?$)Mzd5sQhDoQ`xPki=L8 zyI>aKa|TKucKadqo0&uzv0dJhs&+D<4V zK(F~8#w9_$_-I>m#0RmVtgH;aosVE%(%`fc0Z$r_nF3ioAFJ!+2Jn&st24+*C8l(V z+aWbIHMX5M4htwT5!*sds1M^0VF)q)ZY}@kY)fqzxMa#E?Ug z8B(ZFks<{HcUlIE82Gq{d=e+~z}GBpXl3_e!Ai#{|EWY#MIFVNgJqPY8icX&ozBC8 z7j$$$hw6gwP&X2OQLEI*$X($M-K#PEDn|Z+4hOk!5D~j^@d>}?UgixIATL%@R+h1| zvx~7Y6WNBcNDhX2U{FzXqOtk`Cm6Ubh03ALv9Uw>LP#)(l_p;HM(B;2M6DuD z-N{6SfBWR;6rIC3)F65Pgs+88?)o~+kzoaqqnOx1R#sJ!Z4Cl9aW%#1NfB2JTuN>lK~Q9n5bI=Z^Jkh}nD4bW`fgx3kCLgHCtE31d8sr-Z|rmn6IH55UI zpZf6YqaYz0m@mYk3t`fI}UwY%9NDVPPvWk%n`+d$fatbcN_@gAHo@M1$y6cVDg zxUDzx{GT`iQDi9%Il{(g9~K?OUqijx2|Rf2dA6EpYl1I9tQEnUKZ&{1&6|%SL!u;i zi6_06eINFi3`F~2??M}i6$4WsI>-^-SLJGxFlrXZ^NPfd%9|Ly>#ni4zhVu%UB3S= zfT9HX8|+yM=(+4bMuptpJXs3=LF9OlyMHP#-wiJk9Op{s&ws*~Q+)dLY1jV!amt!F zQXG(*Ln5OKvLl(+9lFgr$K{9aJ$OKb5k}kIP$6BWCB}1jJmzmDlScDuP~u&`KF!s8 z7DELvW5#&ECA<_&Ss@*dj*mY*W@u~K>}Uj~fcxr6#99(E4|OP4wQ_3qFvi&&+$wY1 zTO)``5-00}dJ+-g+X+a6tdiN`j2al38-U~Dl)OhwESQptMgY(a9t=D~i0stDWW53f zQE|sDoQkc+!0#sn5e@vnWO%=V``jkzgJ5FUAHfZv#tp10Je>Gzb2wRu0Rx#pp#TH% zCN39y+U0kPF=4zz!H%M>YJ~?Wt!4P)uw;h{BM1gYMgxLU$>0j**HCH9%lB zd(vUwBgnr{W>IyL-Q1uU`y7eDO(KZ%`0+9H!Iu~MrDmrKm+3ipEqCnLL7;+Hf`U8_ z{X1|?HK@>kAgmx^hiez*gOl%ZwmPDavL6x&2<7KCYi))Oly%@xM~1O)$}R5#00NY~8{XXoN>K`LgT%9X**d^wD8Sl-I^9Yv zEu1aBh&J#FR?F7ZJmZnR4ABhx{q|64#Y;v}#889^m9@vavA`^(4GLqu*Q;cUyQ}yf|ErW5n3Fe_PJqw1#M;3YjLgE1+>Tw7y^p+N>hC2R=tPSJr8ta#?cS{z9(`jJZJ3oK4; zTX*iP281;5If@Fg4l4md?~^IUt|=4cDa2OuAJeTDJm%jyFkGM+;^;*DfT^2lD9q(=2; zcCL!Oy}bjvTeoh7@WAu=*3#0G)3?=580}Yu1W;4kUXE6pMjSk9?GsQI#}f{POFd?X z>fjI=j&kyCMRKDVc3MHq=EgUdl+%XoF*pMviGzbfq;dkpDR6KN#By_St@s@F zCYYUb43V@K`-K9vJ`tZnmGc65I0Hj-($eU#@(EVd0Yvl)s@P-jo>&VuFjl1JcdwhNAH=K zQxRo7EN}%=Q%-oT6S$IsXet85BsLd6-j1d}E(7*6bWUKb2Qzj=DQkK(`4_C?=4bk) zmS=rlE@KPg*aid{>8wztGoLhkPD*riGW2!K8aT;KY!{Wh4k`sCNNmA z^Oa*hWOfybu>cK;bs!S!bod*4ZEXHi9d!GqW>2Un`rpB+?%?b^q-72*0cAx+X~aCl z@r#(rBO{Y}R*aLm*H+Qd9gk6d)j5*m2wlG^KGb~dkoAP{5Gv)5zyNW1gbKDBnqjzJ zNYvbb_y_`UKalQS92}>`mVx3@7+$#IJ~g*;m;-RzLd{brqwaW zeGda}tU6o$jGARZcPE~ZnU<|V&}<^&3&@c+#)BMKnuSv*<1W~Y)uw%(Nx zmwVUP$cPU>Q;9B->?Wt_(JB<t2djt#)XF#0(=q_=z* z@>)?*QIOZ#=7GpCj^ahw?uVk}!p~!P0h*a68<1Q>=i?EMT7uRhub^|9?8niFOBt^e zt`UIarCA)r^>(qbMK$#zL5Kj3s{Tli-FXm}givAW2U6X5B<1|o&+qci)g2uWVHK=6Fnz(M=0mqB|BaMR(#Z??Vp7=Idh1Jq^_H0ZWvz21%6MTj3f zvb>yey+cXqf;H90!ZaTFr_|I+ucnc@JKymv-Ss=@{G~hlHk?sayu-Ui zYS(xJYO3jhd`AZ>tgq+WYP%s=$gLX_1Eqbr86$t-IBLB5zrUS&57iY8 zIE<~FOS;$vOf}|8JJnl&S8{8O*_QMk?LP74&GppHH)np}?nqSt?**^a)YQ$l|3(E? zvDutZHe2<`JG$XNe{ysE?&-;xRsRC5p-4mhFYRd(3_oqcUHyrQfB(;;{r^j>WVgcq z7Apz=-(n>a|673E@tyQt>DxIfd3L6pHyIQ`n00b;QeHoHURinL+}!xE%3s*eud6up z;8MuB>Q}@ys4t)GKU1W6`?|}c{|IyAWPRm#+34RF$Tt4J65*@81uQl_QL@Kf-NJcGelS0IrFhDcozjzQonO-}A8%!nQ+iU%^O0qL(#O6$9M8(v

0>ubF;hYR&C?XO^0WpOru7kR9pw__|U)VCqL(iT^oEd1b!Kj4wlVo-{tw>)g72BK6BDwTVZ26XgSzMIRI# zTVBxh@7Dc9xq0j+M4k{;X-GzgIe3#Qjig4n51Yzk6V%G>h*3^}Y^$u;kv+KMA45Z% zSXiD}IU$mBDo3xvB@@dLb61213etU9%$iu9_j~f>6VTn-=H`!(QZx@iyU#9y|8Vc) zxq=4Ee7D7?2!VF+rKSe*_}YaIEKZN}*co=_P3mS=wth<$JTH)8bz;X((TCwVmiPN6nVJT^mB z<4!78)qg^R%j@>*Iw$f|9XvoDKKU?drny|HC>L_4n7UMvO?`#j35uO}(eOsw_dAke z3AY6%3RGr9yO{Axc6$15y#f~mLIShH1n}ADshIV<&6{q~oj;PgUX&{-D^|=>|8zYK z^{*qBsyk~LmTFy9x7zM{<)6`%+2ca3D7sCi?qaHM_d(#iI6{cKACYY%O5_l_D^F7v zxcF}6-OZfOMJ<7q5N&DTTj;oE_QA+f2;HV#?7PrDIvFBl^xAov4~|NGsF;@Hx#}Rs zO}fV@Pf^oDf(u0YRcJb)?@L9zWkGetc}f8e^+!nA0c~DSd=E*x80Kq4w+bjZYWU#Z zY-AQ^unS2!;3xFE7;b4yk}e04u^=5JXdCKIGBxY6Ii_b))?X*#K;WSux2v{DqlLhvrDKfDInp&h^2u~pVh6NB9g&aB}NC` z;hPFA1YN5DveiG;=gC29kV7?oJ?0&h zRi02-iaOG8Dz%qMn!hbHT1!VMtnF@J*%ZUlL0;YbCzw7?gYP@KQ~6iDj~lOI1T-o!56Rh zVGo=kiuBj78{^erUn^#sD3QaPw2bSb?`(Ye;Ne5{I;nx7A(ecGtHiDtJrlI6+=g6< zq6<;ML9T_+;{zC7DN>pe`>!00C@4*2)n)Vpen-K;rc;y)=v~6~spNiVJcj_6AMbxD1yLYbuNP@hZK!605!YDbh@HRd( zbUg;mYORlkSTLv)_q9!Xl5=ULpRqjw0Tkg!N0NhdX2$XxWbYXn#VkZfxw|255YgD$ z+S;C)2)z)E=+he@1C=o42CxDOkyQW*p_mzq{R6vKm4}||#dB+O1YTHGy^LU_AGJJ5 z$=xWG?mMV(=&^~4Y=6FCAY0;=QPzd4TrjAB*gTx;f4+w4i+Sm0Fsp{v9|_ipB>@)HI`tE!bYi5J;r%nmLFo&dHfFbiVaUsGfUGQ4P*6|^ z-&R)E8XQSkx_AQ=pj&tXUl2m5O{U$4yCBN`kWfayInH84;lhROFa#%60;+i9*B4+d z0Zzze0FBIiq}amXK3p@NY~*Q%h3mnqD}ZpG)fV$b&j@34_mC`dGpvNT0#2khQuQj$6qKL6EGVa zheU8-1Z?%0dfjbhFZs|3)`;n6l}3}DP=C;GBDMsC5te*DV!fk{Zl7Tnd93(MZoSj6 zG9kLDARgGlG?7U2!ox*D!51PxwgYwS$ zo3j)y^E2)d_TT0nw~#71&qCw2R*_Zve)~|sx2iivEC!0P1GKK8$U2DxJ%((fAZ_k~ zCOfH)QGyO!D1b^Kx(vdAnu*~tmUgD6B^)Sr!=?r}I{7m!?m&-Vpbj+=Qq5+$>o;v8 zj5m}*tP7%`krkotwWl#bHuLM}&rc%8sSxkSOM!50{!{^ku9@*SXbe5IY6nK}1k&|D z0?ISdGJ#alK@hD-BSZ+IU?!B6ORGOC3jmE6&2Mi zaG4OOe<5N?I8ENhCO9*+h+a2YiG(BAU9uMAwP;WVz1VepT>xjuVny~fdxPIQ+@{O)jzWh}9nXJo`@t?9fQ???deH43hn5f0hN&EMC9Z@II5g(i6|NQ_!9Kz(2 zOff1~MCTVf>pkJ&*w{SBqK8kwBaD&jTU(O_Lpl`TloGRs=O@+@i3ZThfZ<1@X@phz zLOluD7tw1*-8~N6hhgq17Gi%f)ktVBL3N$v#$W}%auw*S0r`ctXE*B20^ZIFjN3k6ZvJQp*b&)j=^3AN^i(FMyVKzJQSG4dSJtxPabebV5Qv zN+g18kVYn=Qip=IUthVHXNuU@hnNif9-09Q$a8*H>D(LWe7nlJ*kmSHofQ-T- zHhhMcS6F`usup7OgHr|IT_|!MV}~VD-tTsXDf7LU7E-Jt6; z{&RM*JdtkzLIpTkz~3T`eprTiA%t}!ZjwK zX}1pEx46Jw+c26UDqr*I!tCLepYBJt`L7KsO}ob5?bYP^c+{o0n&U8qsJLJQBR@xCM7O;NU3) z@%h?V;ryWTTugOmOeIat?3qloYU zZS6ie1RwyO>{tkkn$vyi%iJV%@f@7w*M zYYm|PJ6s`PK!ZRO2c(_(ci-l*bEu((lFvZ1n{?MfQxJz+04jh5bWR9|T3Sw_q@mqP zrib0@8^GoIxI@oc!Ame|*>?Ixt>M=-a;qMRx9)CXIM~`!&|$Y`aLWr>MP@Svk?fg{ z>o*^T{GLAgKDGAVPd4%2V+^B^a1uvyRSYwk0Lm&lditv{0;sIyX)D@+2;MaK>k+(7 zaGeQCFK9eA-acoK)e{Bd=E#w^7Xt4forJt2Wh9Y>)Xdn|#!#EtdLv+a8`62C zf7}e_6d>^i40t6W{pnrIQx5(U_nS7@yxupH4;EN6{{1C12#N=c&xExybB-#Ou zKr&2p_2JIMF@bgsTmyQ*#)N@LIJR-Rb%!KM@)86Wm@4STI^L7oi?RhhtZnGeS?Pk+ z1`{?n>v^00>K!PrWPvi)SIuK!ghWAf>}984bmGnc&VA0aHwS@f**D-j$v9D`VnSYB z*~_pQFX<{o+#Ri^hnjr>ErIO0RQ=l(FO6WI*c0YiA3(_73^7J6s-fuec=qdwMMct* z^TQc-ypg;-JTQx@H4|mf$0&*iB^AjviLDBJBD&B?Ko3Z7b#@%RTMkkhuZ{!vmTU zC{zg?iIdv{Wf;m3@@mQ1j-5ZS?bzx^TLI;Na6esh?y|U6d&6;Gz7d}G_hNVM_9zIi z5;?zFR`WyMy3?#YzNzh$Uhf#CUK`*+abl!|0C1ojfHOIcIrXcHbM}Dsjv@UDIbiv8 z<8gpQQm857P^uuUE|}?FOHO)}%76$+8iAu6cm|%N+Ia66as@y^0)+}k$iH|$ ze!K}Zuo;dNG`v=knFZ+GpF$-CN|bc6dOb+ZXxP2S(y+!z4Zf*;(#_Pu<(GdNQR+K;ap~6W+p43x9cYqYHy*+#Pc9_ zel1$om!}?~<&CPq+ne*P8vJ(%*E(?Im|OvIka?k;aNF1S6cP@{&to_bL9z@qDw%&A zme+$U5#`!C>=<=rYiL!~BjqXU;Az)+a+-uTZ*}>J+D6fSoq&Sn()(+S9<&b>FgMP5 zM$6>A2{(WG`r;S!O-_0PJ0)Zk^lrJG@nslw*dgT>O1jCwxbbiin2 zLQgP2Q7-&3;go|)MNmH!!C$g1pZV{p0;)`Eev}@h)mgB-RGIBmfP> z1r#sb_^I&pF=5aSUH;+#VymGcyP8zuDHqC+MA>FlgE5j0HhZ$hHJib?+1ajvfif)n zQXCBE^-JKAiU0)S*cx!DVRc`ijFyQ1Wa%NnUm=8dcxsGT<=_DR4ycjzm++$gnA@z| z{s~#SCPoJicZ`7|W5=MWTi_y#(CD~0CyIoz6ATN&SHYPY%3mXO-BJ*Vk@qxwXq@ZrhPJaiHfZQs!Zx5m)0pAc20C00k9l*fl?Hn?ogoT0|r^UM) z?kJ1^6v1gAK*oDe_JYAsj&N%$Qgr3y)FWiRWE_J`X<-Qf!88K8Ea5Waht)>KnQVxX zvJz319H{uP1!%~U$A!rq0psfJWP0nN#-8@%;Rbe$AjyIrRM#pbAh145>jA8GH%B_` zpG1`7cHMb%#vMRmy?D{P!eT*I?csa9TqB2Q7rU8%E_z*`V83K>%j~nR|Jj#z)nW%F z?#)En$FB+4XIivwa?;+Nrm_0b-V5KBkA`ay+ux!h4}^NCAx)uGfB=Z5!qE`4woW1h zy>^*RuhxGIAP4C$Fd%jvMa3B9UuF9v*6-Z8RNJR4DlGg0-2~+J{fBlO)dl?%#vJR= z#KH;v5zvg(T?555{iA?RDgmG_tC{NHnCH|?--|-3=Bi=`TyZwC%R#Cr&@TB_harj} zgsohBtI%yjEeOLAU!nn;a|Z+jB5}x+$B$V%)8~MKhoz20?8QsigiwN>jckE*^l;VX zMZTs;+*Ar&9Fdkk>ix1Eapk6i7;xUxsQScF2jn>sat!sF&5CuLJ*p?CHUL5<_B+@y z=meu)eGI%A2U%Q$brtk|?O1ToV}OCA6cp&%pS7?U);=P#HTQ9|y)0XM5S%zpfA83S zC45lHFG&7DZGA-x`!hd^il(=Q^}qYa3=12oH`O)_Kkaf^6b+NTe{OaBHoC70%1hmO zh4;fxKFX}SWhlRJ>S{_$Yb#MqM<8a~8vbdMDeZ0-6_R^;72IaHhjI}RFxmdtAp(|P zMT~U6df0-4u=(${Zg&{zhnp@uqpDs$ndoVBda&@wd-V#6L6#+xhrCA%&l+rGaeX`h z`PeP%-N*ZVpATayK)8yP`{w#wL;-p-r-EGpJi$|abQlQ(Deti!g|`>~GxYlRtrl*% z!l(DukE+!oK)t3We7{Og)ehZ4H>u#Pi(v(OFN>Vl=Zm+ZeVmry8+w~O`@h=G%Su8f zk?WT)2B&_^Xxtxkoc_ayeHji_71LWRXindixTEXRZeP*##zl2q;(z@wfLF;lV(2QQnV|h;TE%AQW`Y; z9|HrjNAnGE#{L+p$WZv}#y@;Kin$f#gy>x#+`l5a2#4{*CcPa8Y)!U`xidh#bp6tii)MKxG|GAT2H;B3YvQlZO zlS@mj=eh`Hs>oDNMkz+awjhm}u)B*I!!O+GH<&c+D__1tUwCx+Ilt^x{vL|E5-;N7 zd=e5&y(d7s5;$<+q@L9Gb7V*h-FZWo3=x4MP^ppp#t^`&fTts32O<*wE?QgRa%;7z zI3t(pZM42HA~YU7+-N51?d?5Kepr0AO=<=w8XH(+=*f=v*VF*3KtfQ{IbX;0;N;^Z z17x<66k)xouw%E!c-SHBUL$>dpc}*PeRFb0ma(#vC-TdxW+R-c3Q}#^4|i;0-tj%N zUsL^~dW`ab1OqU7AGsLPOLTOj|M2mn0gRL;m=Hyfd9<608>^j6sB^P6oSrKi%oh|9 z*^6Rz0ho)8!DgA;7rs?|aOd6WH$RuWe#{H3nQp01d6AUQf;EM&J>g`mSR50wQr4?_ zO0CWlru2ig<5ZxInuLKsUIvH=Ao=9#n=u7(5I7+$JMi>Kml(4@Qg?0mw6l4D%rO_3HN+Q#t0<&H z4(Jf87f48uyT&{l{qf^8_>qMRRZQuCe&dzQq!Xz6yDcQHY zXkG6E|3VJQf=bK?|X$szIdNX;s>G_%Kx)?Feu!+G+@QBZ{Q29RBmF^D9dBS(&K z>J{V*@#Z8i6HQ|rpI6X}24fdl59b6Kw?wxDeXuPTvZaoEG^ULIyT zfJl-KD;REORpuC}!K6bc-n_V0Kb*@=@du#EyIV(mM;Qj#O?`G52HU-OD_R|o@=_|M z9m9oeTryI^Jc>1`$pQ9?eJW?~bzHw&h6A(IFB9?X6(8j|I8K zQ4B=h2-u>9jtZG0LMhcfJp3}FWJ2m{J4zX!U8$o+$zfp$%2`|hbA2`^uHSuTEdN%< z$rn**8jzZ2s1bx|PFFUY;@l8Ud&#mn&D!R-XFplT%$@pO8>w}w`<`l@IKQUR?Zkl} zAT)@gszn0`-34)|M!=7t4@d^mEx!6`QLArEKx#ZaJu`j#oAojPj`{woQpB4OtB*{l4@k~lG&zoZ8yTF9t2$R!w(V5>S zVQ7=cf-#xXj@Fll?7+=NMNB#vXxDQjOWDpb3zL>1$w#x+0qDg`x zWibbcdK3V}$v~#{BFl-}V!d3Q7(6?PUz~*_cimfiU|!`#6g z;9q0!^)4e)0C7jm-7nfqKXaNgV@tXmw#!;H3YwA_z=U@69MJn-I!p9p}S|+c&2mA-Ypc@Aap@JX{N=Hv2 zS(Oh%fkZt9uZmP@ILO8`FW_g9p^`Z!58#F*oS-*f4(O!>$Fn9nzZl1%)`uMm&^aN9 zTcCTyeDKOHfHLJay692{=96Ow!&5hn$RtkRu$c z`fPn0S-1Fq%1P?H$=@Mf5E&?zha(%k5g+bgexf-+N=n3lIm7-m1X z?2K<8L3kl^2H3XMKtgV4C6^W#A1zCez@|1GYelP z%}-=f{xthCY6?Lh3YT(ESxM9B&X5UTqO9y8OeLUq!UQ7#Fh8{>gj!2+$`GU<+`n>P zWG!!O0E&gR>On3D7Mk541pplvB@>ve5=Vr2j(Gs=7@+ejbkwB)^&Hzlbp{DR z8t?%T9dVc%3{>wtoUsTb(h$`@`CVXAmo8qs0p(fHgwQ6|<9dp1dg1av+Z4J<^7v6Q z{DQMH7V%bYtfF%837OaC;kl2l6%qTPAhUr4u0=Z^t1b4}$A^blGw)sJ&zN7pscrJ@ z^{a9H-^67Z*Hv!a2;X6SE32jA>93o{^iq_~h=VUJEp6DuPPB6PK3%+gIcSJgT(bpM z>x5DR_KoQZ%Q-TcjvywCx*l}3+n`gS2MiYGZ8&^iS@)1 zzn5p-SbxWFr+w^~8aeJ>*OI*VNS^=ro@^U!0U?Euc8itA=Z>ZKc}biDS(aI!bRaPu zZ8Om)pBz_Vig}Aat|XRUKLESW@^u`jLkrZLnhTHz!OVav6oHuq6o|xS2*sdtLu7Dp zi-PFv`1XB;!jER2Ddt%*jJg>^)!7rT8d8r^+O%SkFPKr+Z^NrW1M~zpwFy_RvPG1n1lAHwg;Vo z2+knT5(0{!|2YGMJrVP!vzpalx{zwv{;LQDAhZ)8WSZ1Ir^W|0YZ-$QQ?~}`|5s$% zT)g2pVrmddkqboPM>SJ2(CNUwI?MBb8;6GKOz@r8s<9}oXCwDd3@>Nn6o{rmSm5NR<7 z$;qjMh7^Ik0`(6_qX`8uoqd>3#O0V+9!?Vajlp<~wMOA45uT6;yJB`4#cmfKw^nN^ z%$c!`U*HnKk>i>g1&vT(A}+!%C`vBoIXJYW0a-B)_?-_=;hoNAW-@QDpKU%$@Xf8anP%a(;wO$bQ>4{u4JJ+v*>qJzw;S-=q9 zWnl?K)Ie{VL4+1tt}Wa=Hg244UD>79%Iaq$Tn2^tJTgVLAm$dO>QbEZWJDWBeUz1(W?!>p13bEEv{D!7a!u7!X^%}aCKQqUkr8C_q)BH?2cAE2FyDU03P{*$&4;Ho7iPyorl#~wr@onIF<($XbQSMDeteL) zBpZ(}NJ5QVPd8KL<6b{L_XapAGOd;h1lVLW>p_@)da>gQ+Rbn<-B6h&C{Z3GpgqnJ zr<;io0-(3)4w|KXyLZo`trMf=;49%o4mLgx$^I)I!7EgtlmVv{GGM6Sap>Tm#xDpF z63eZp;ox!(<(%4npBw8Mxd}paZvSJEW{A>52#;c}}m6aDqZ<~b% z8&!p+-pCAr(d^$JK@Dmvb87U&N{@l7ZPTLpthg7LHMY{lnZ|x6UkKHfP*=m;irwAC zTL-GCB~J}f?9kyX)sOA=?e-YrVO6%fI2mW6dK!j#w>GXO9^Pk4>S*S zjvwQVT5TEfF-OrJG!%0kS5_@jLA0~zugluGA#b(Zgm<699%fHztzP_o(zkc-&~ndt zsarM(thnvTd5;60`gmA1d19N!L}&&9nH53ZFi|O*c*}vg)!EJ)-E#B7ANDTEH9aNLk)9CpKb-q$B5xnYWsp))+6_Z3^Al&8^68zM&FE|!(yAfpnvg(dy3kV zGvTy!X%-*k6Kbfyy1o zVJU%A4#vTP>E4jMh3q* znK>F=m)NJlDTn+iUNK7)KcLfInPTcJUciQqsuu5Ou!H+Jhod?rN79|Ab6m2M$Auq!3f$+zZ*B?z2i%fV`b(n?yCT^&Of- zt{9hlIu-WO?-O6xE_$vYEBecRvzo2$TPu(+srg| zYDD2!aC%^G9dmY6K7KMGtXpW&9N3M~lgU=#_}XDPMYLOUAJ>+C@ej8K3PndPq+>ND`b^*p>Kv6+e@vp zr-h)RDE!^>;NxZ>DTXMe<6T{EwOO`IpIV9ecGh70`5*eDNaUW<0AF@@rvAR(xOMvKGWN&pI=wbIW^vpVi#W>QEU>4%;9=+jtv)W z)1)DtYyC5C*{wZ4^#Btd7CRnA``O^_l~4FwwMq8x4&%m+qi)Hd=Xj2{m{q%tw9cjl z+av>*Ea9;F^KJx%4aJ9!W~hELDQ#D5tR|&iCGQ1;$;+jytQp+YQMP2nU{Y!blxfNwo-)E|zhA0yLB3D;L20v>dqL7B=@pRwApr1;E;6}2KiWbR&U_2eRZyCkP{{?a*%@tLSXl8ocPJAbkIzgNbJ$E#waqup zoJ+4J##j*<3g-?o#eEJt4`kU1{e>Y<8`9%J0wa|(E^$%WM84S7bq3v^&Gj|?7~#4P z@5rAhpt%RL)jkz+E!Z`NR!q}dxlbR9L?;vV0kV%(<^Qb(I8nvl`>$E`t6RDW!vVW^ zjSUF0EO*49)r-pyIu=X4wD8u(S-qPd1J==%d|LRHF|kL4tKR6zs69ULA_dWp@InB| z$+I8*t?NP&(P8?nC#jbiA(rQP6!cyQ?I<7s>ZsA6j#S^l@vDW70>h-zs;a$_km*}9FX-BEG#vY!o2GCSOwmqrXmn&g9d})e8f_Q^r;kh zxNsei8v#RrXT<+0d~3XjlataoS@c!w0i%R$i3$u2)S}++t`aVBRy>3$(WFU}FsoPw zR$=;Vrs}%$(`4)W4tHB|Zd&Ez`qZX=h4T!r%uQKl8?k?TtlMJQ2*qRBmMaf!Kig5| zbz)sZLnIJ{>B?e8_zTj#y%8@=S-*Y^IGupUX4s0cKC0Bn+d^sv;lX$nbYE$8^-O@B zAt=redZSu{=g6Uh!B+Ag-%t$1r~v0tNFr*SMn$zVT3K%j0Vfh=&ZkAaBlkaud2dBe z0O&az^#Im3=MQVgpkEZ^MM?NV+%QYY}xlgxlN3O3h zr0>~3_557B8yI?MVZS^e(j=Cg1Vr=!r`H)bzkF|ij}p_6tLk zfWn}@xzR&7B!R%f>vQ+`ok9(Hp?*C|vRlQ|t9ag~J)g|y{|SW#nlg)M3w5D}V#P>d z;phb=pU@XVF5H9W7Xy+f!}|2KWYD%xA8l+&vC`81d~gef(Ac`guHUL4FQ0|@n6IQh z{aE3Kw3=lPAM$rb(NB=}3N&7w`m)6C{{%`@2IaTW*XlzC3cC-&%QsTB@L5I&0G2is zh{5VjtKQ>Any`6H4vP#ybuw`3{%|gsh!ZPs@?AZCezA`qGX|-_S&C%Seo27TT-brR zj}?c;pCzS8VFJ71SbP9uEss&P#7+A3FmEi!xV@a*5`K`veMy)vFsc$)UVw$Xwe^|b_a6)}jkK_sue0j8 zdF)SPtENw%KksJ-fV(SZpLmIp%InSBtF{acEqRrcGSY=9#EBx9;TKA-*(2fe0j>f1l z9lC7&zm|;)2X29*g@lAycqS}LO*wo^x8~5tr^TzOe#D>^s{OAt(A3zrAQ;?u%Zghm zDHhkvddK@N^nZ|W>_GjKc>BBsQx77>%?KPn!v2u=vZf0$FHZX#rFhJ`Kkj#@KiaeM zyBC~(X*kEB-SDY*uSuyq{g%S)lIUQ?h%d4wA#?+#-l?e4DPnypcC3G)pF;Mkm)kH4 zRT&+=J91+_1Qos2_T|L455R5ox5D>RB24#irD%#u2-?3+-W$eI*Uv8$f4~mhQ_Gxs zq9&z!*Xf?&y}EQcJ6h!v;T4!x5mK7wJP>S;mQ@ysh1l(lVdbYfv&t!yr6BX8#S!GJ ziCaME5+>vTSf3yXK-;)>Ol$;jhIwnm)#VB|8ua2BP6R+oBsGDB8Gz>7wC0Zd%-}M@ zH)jnq7N5BLvoULyT*4Me%Ss; zu10zqo|R*5D@{B>T@TSQsSY2mV05-K z=j`RPuR7$UE5lL&%~ruBZ?lb06WYy)u? zJuqjSKkQaGU75`l7X^!X^Aa(BT*&-chboEXrIY9+?mm0gld60wg%)$8Qx@&&2Pw7v zPlGiUyWMcSE&aCnBfTxwdQ!~Bkn8$0O(3S(i?7plX5G7|RXrW@#?DOIQu+qHu7s%{=PjaJm#te#i-=W56D=!qFmt{S|!;pdpB9ul(dY2W#;8|!}m(H=9#A9w1y`ueq$IYB)f zMV@Cnfl>U;7@gHGy92d!O`lh?E+H;Xo>n%}`eh#zq5Wm_| zt_5s-%=79MF)=YTuo*Pr13I_QsH`W^Jo+BIYUN5fdwctchzKw3OS?~=I3dP}1>9yc z;CX(2=i=gG;Ui@CLqq%0*byOe(4N%zvd+#0DoKep!$iyX^5x4LuoQkj-@*p%5|Zbp zTi}JiAO@-|cU9fW`*}KhXWsS0hr2?{osEd_2aDTXv|z)A4Iitjv@g{Z|4^;Ioscl% zX;D$+1(P292AunMZ_rmA*@{g#cHJh(n^FshyD29(SXjQ{>W1B zpTie%)hW5UmegF&Gl9ROCKm_VoL&{BumQ(Ls3Mgy&le8IG9AMYSqW;C#lRiEVDUQl z?mhI6%a!6*9Mw8^42X)0^GDiu=kDF0lPC9K!+}6(z{rt`ln-4S5610lK^Y=+o>QV0Ft1f0pnFS1iL5pO}(Y*XPI3a9Af=`q0`@6XNFjWd>Rtmb(M@H^L&i;#X&!m zs#C(gbLZ49C>a`yL(<_43mtaLKeT?fr9l;^&*`fdYu0R1bL-Du6s1Om_5nsW{o1DO zd+8hh`;B~BuI}4S{grj!Dk&*xOYgvwD#)|`w`z4WoJ(2S4C`m>b8^!oihnoU92(`8 zfAz-?);YYHsacou8zGDH*zUjP7tCm{s^FPtUUqxPq2z>%W%f&sg@laGbeU1P#pKe9 z>36q=)K5~aHTG+JYQfbN>Rnf1^WH^nEH538TZPcj(1!-&6(U_qH$j<-RqjHr+;*$F z*7eJs8{hu@cL#j)g#SA7lCM8%7Kq^kPmTFoGX~l|Up1DhyK}#OVldm~MDnxL4s-n- z9?1O)@UnA#|IzMj*4pC_2aJz>W#-;>oX_ef?ILN^CFW;KdfmRZWbT>1-z+~r#?Wu( zwsxWa5#^P66b*Wr#Zaskc z0G--kAF>XbD+R;se@MN*S{or&07opsl_uTOG5C+* zuWrK1d_!qx1}pjqzX5D{;bt3;43#h)%ubb=pZ7h+vz__fhZ!T_oXv3-zwtJ$O6oRF zlE>HRLmir%n}2=cS2rbTj%U7sty!O;?;b5sU6k6ziv??z4H??W?Y^!V9vk3x=Dc?6 z2ulFA{}Vd~&Ur4YJm#y1`bvY-^n!bu9k#Z$_8g>8+JN^#OmIZz!O-tEY6Y#ZN*Ny>>i8k{)&(Hh6A1ZLn$<56yUl%>#!Ls3+nlmfBI*#vF zcgB0^|NJFh!=KM@`#=BO*{DyOcBlTwc1qQMOnd&=f1VZ}-L-Rf_y5W*`O*aghLrx# z2X3z#VQ8N5-+RMfKix0fXSAw=kEia5UxxE)j+mW1Y`Mujy`=4#+%Yfb{`dDgj91ra zW2EQyW0JGHRk^XG$B)}1j6%(S{T*@Oyz7n})mTYF$F^4X;S1;cBqgUN7ykDtrJ0|i zlx&)()!D*i-n?!|*Bgfw9_vb^d#8pon5u*9+`0r?k+MJo!aq}gmf2(+;92FCzo!!sb**U;_ zo{slVm2=H8*Z->a8u@AS*^gS$TPDo-WNBfsa62uhmfP*)Ejl=;VCARs$Ii!V@y|~j za*C#+gE>S^ZsSsQFL*B<}WZ*z`KeC&bp-*zgK4=gOa7Pb7{VC`8^7vyG#d~zsh zS@A5P-;XcBB}rQWXl>HBr#`R5WYO`MP$Myx?2Egh|E^ual|yZu0KTM#$!(dxG z#67=F;k%fQ&8d*VU3a8bL9WmnM*Jv>#sS)s$B(yJWo!HDHESfGEDjPYD?ETpK~CGV z0Lk&##4X>Wp4Op_NP8_;#L&w^rp~d+QL7i)JCO2-3m4RMbd(Shh|;~2ir)Sn!&|lv z*g$IqoNTkIM9gaQDH)zpl;9@RLHr0)h>+{0wCUrK{z0@n^janupZcynd;X=Pf(ihP zYZ_kkb+?M z0lB!cU#)RLqEo=@C8qW{4%XH^`Lpy= z=%U(G)v+(~JaTQ$A(~JAJ>84u(H6S2_lPf@w~wRYTbF+R<2r>|L0j&)TuH>Bm9f?( zd{Pt*J!u0jQ`!$1YMEMw)1Vt~@Ei?-`Z`AjW3RgE8$O%BcARzG<7(Er%6UmLD59YngT@?L%E(jhnizuafEu#Y#iAgsN*?Z6JycWkF6q7$zGj@g!|t8B);eWt_usz7gKz@( z?OIt>ZkPMuL3>PmVPh^DsVnSFc{-qM^!JkqJ?w_eXl?va`t9qHW4dFzr!`I=y40^| zS%1l~=ci07gGwW6{7Ucr8M$2_0azyn&41xS66zQ_28aE8>_0*)81qU#DzH#2+jsDC z(fxD*8@SH{c>+>2L{swv0#X$4+3;I1W_!Vjj2A3W_6Gj3uD>OgJs~R^JT^5h&TLRA za^3MPuWyg>RBI8|uX;>-?Kx|_OE~bW6;h2KLSDFc_~Y_*-yV&7TS^i@_!P2viKZCD z$85hNt(zFFmk5yrtwaWji={6>C_aECZg^S2N)`PeWd)?fG{LL@E6OFPwxu(Z4=MhV(b zK_YZ!(35^NUBbmd;=`Ae&OjM|x?#_wut4}q>FEh~ItUKz7<(!roPm3I3AfA&;T^Y^ma5?z;X8mhVJ zrdFR7`4wKL!p1*yZL6{0Zu+Ue%7*wAqWf`jxJr)Ym^)n>HFF*6T>&39LUXnC(hGA{ zc!eXjFsK29WKd0;S41@+1u7-Hb|@Xhsxv62%a}MIH}|%TKP44@`*vTv$eqHfti5CP zi=?to6h?r}I=1mGf{K+vLbzvmDC&!GJ)Uopo!*!gn1MnhC_A9ovlx zgFrlbv^#h4nWsMO)(4W8S)hVM)c*wU%Qmf(%P1(j)~m(8l0uDwbW523pusXb<5rT= zj)6BU8jrgw*{Ptlr5YDa_i;%JRmf#DomjE#c;xbIsCTW=qQ+OxpF4s--&p^tD?_&; zzPgWZO`Y`tS_w*mS18S&nhMo5C}A0J_IS(^PKPc%>=d=doc+=J_(1Q0D%FN(qHxqK=t^F{kL9<^n~s52 zof`i1LvwoW^5xEG#+;53fjfyUNpQu*v0s?FL5|Z82t*h7Q?0J^&c~Gq-8*CBA}lqu z*z)3X2KZ0}1%_ipJ{2oNuq~!0czj#Q-2NDjk|G9z+^$7$E6Koy;rK4Mq#wKDwhfEc z``h%&AY?@XBF;NAc^`*MJN?xP$YvwBJnVQ90bg9+&OScMa9DcXwc+t`>g9L2$HL?k zbeb5v3pG;l&=Q^Ay?UXHl?L&(2=V;(z8&&f;YGw2oo=&EjPbp2VemY+O`o5O*+$_v zkN1N4_4XuEy}dgPW^X)?Jt2A!j^og-Fa{JDxjXZk5ttiGDo~{{+11k9`ndEU9Ona zP1XB4Iqay%4(LmWI+9M#Fsh{GJld)6zg?OMzfq-{BPWuyhY0qef zM2W)8A^xKeHDwlNS45vrs!ncQ^R=*(!BD;Kul@BiG@?_q5-xw~s2=;pp*ig(b1D!X z-M2TSo}l^_s5;U=?M#1kq++h*p*D1Rety0It;U!!W4_`c6Ld@txIuLBp7R(s41@w${TFFGx~@1BvDSM$WxM{>)ZP$h1zE9(GM`_K%_lb)K!o(8}EP>8oQ*Uu4*6s1x-^CAn~VZ-ES?Addi;gK5)N5J@p)1@UH zgdM#D5DeO{wn1J}xXzOPkBov?P7smbu+A8$sVRp5NLhVk!oRfuZ9;PIagW41U|3m- zn0&-5Z}Am?5IOW6iIP{aYE#yD0rLCuaGanA$pisHkCS&=b8V`y&uUW+g?yJ2D+C>w zKlZ?-&A`CG=lMEuqHwPwio^&axMW(z{oB9qU-~`x2}4}uUhUkoY3Y6f zCV%))o*N`;6ORwQzz;clZgs9k^~=Ul+S+$`HlWWK zj%813ACs`DuE72zgWep6ukf4?;=A$HWp>>adL>Xxye54RQ}m;1LaB-Ok}sxwMxO$M z50R%oaMKyh*%cF`!8RALD%FB>&oCwBZ?K9QvB1`LF-PWOQEX3~5vClRQCH=ugE;B) z>zm!s!`~N0pi2tMZCKS(iVVV}5DGs`TmkTCK5w3oXo>YgV%-nn$7s=_{#OoC>tO>w zZP+8`a>ODl^$Mo_`Vwf(%(rq|dSO#fnYl~AX=q6w-t{nfCM}i$YFBsk^j>Br zMT)X9-ugvuUyAhJR8&@Kdd)tvK|XkW-y<7R4fOUSqcq~KBe)YgCHqf$Iw`@j_9vNo z37=~EtXcQa5Q(ZbsG6M&6{@s!G!p)&PoI8z-ManU?i->FA1u4S|NO7V#fG-Mm+dpv z|7>{AxsS%v7P*x63119N-qghG`>V;f^VirNlkY6L;`>?7Akt^!3bFrG+(9^+duFkX zRd(>dmt7w95mhwhpg)W-$_UWR9f;e&8qlU1T3Ra60Y1phZPLh@WihT3HTiuE2o}_C z0Ph{Br`I3dve`Zt?uMY6J`a8fnZOZrUNeG?$U?qW;q57o%jeJX5}~=k$7zicJ%ND5$kyO z?`bh4KKz3ivH6AmaLO_0#N!WI+5Fh`mO)T9MGb%3{lK%vTHEim6{ifD=5toG5i(8I zq|p#&rKK}avB&-qshxdC*6-HiSvKR;BKuBP1&WIK;4enNgbo9D2MHa*ZoQ52C-2@3 z-4?UFrONb4U8VbYs&E<3-`(4@-!dD7|Bea|G7Go7pkv2mT3gd6%$hx0;0GqZk8Hr8 z3c5@S!(0S<7A`3-ue&J@A3mIt>OGQ`=|b!lI{GZ5%6x7(i}tjPU8{>P^x1ds4tD_K z(2fj-bwZD2$Vqhs|Do#Jy}nER?}nA444-ze@8bS~@aw&5?1HM3odBuCz!NgFM4XKz z2ClBrSv?M+)->6&MOXMp^z}wBAPgb#_lSN|{*?lF%b!l%5Lq}B;o#~SwU)+KbfA<# z3H2-M1bl#R5`G_hcv0^tq!85xz|#;hck(}qH@^-pi7!_1zziakg-_V%Yzvag^5x5S z7X{HP4ItuDgmkHHwSLnQc=gcAXBSCiIc6R;bwUI$Fkh=GDs5IRE~{W-wp%MJERJW) zf~%#)*ohA619h%A#77)FUm?;+f10!iL}9vK^Pgr`&-zo(olQ#W3jc^S?Hd7=Nw!!p2lIQGx?P+-=lw`}g95R2+QYwQMd)T-yVs@Bs=X>8KTpKi1YNg5WVm z(2nBxuFyWe9TWCA+b#XiPJ|L#o)bLlB5XqX5H`749TivQxm*!Wc>^Jnh_Zyff2RC| z;Bj^}gSD#A3C2AuRD9z+cBrjTaZ`TZYYP)2K_8Cau5MSiSP-9{N6H9DyZ7wz6;;B7 z{f{d@K!J(VCi=>Xl=bYAQmeMZ62E?wA^4dv^J+5~u(xcbQ$)n(eU{xK6;>~G|JwY8=AivPNkwR1N*E7v^jlboD9idiPJlVfMSZ$|Skd~^-Lt_IIJ zv!8)j5e%sH#b64rO0+w|>z(xBFza$}3Ch30#p$e@zFLbwpoj2?0T&XBNHI?9o|u^E zBvnbmeotmb!s5e2Xxm1LRX4{69G?XKA?jvIqkJyepg-READaW@guU+gzMT-%4exrx zV*N>x*K$XKX`=dAEZl=eyU3FWvxjZ^T53opGaR-WmcgQM^3n&L;m1ZvkHj8PxECI< z$$0VPNf%l-C>lYXvXxL+E{~r$@jNY^pvZ3Rk4kgjPAv^iCt-e2Ttu4v9n|~SJMAH! zzbCp#e7F^h@oICbX60VUjTUxS1#M4N>X26S<(MNCaX#b5zfU8qpc*!&)S}tzg?ezR z_s@P?8onGr26Gm!@?CRLa9rJ`83Q^CZ&!CDPKx@?5}v2nbJ*dHz>YiU*gfyrqsKYU zq$DQAH@bhu7y{Uu%e|vkXaxrc2M{#H_5lIKfSXi*e>HsQP(xTCA)`jak^%Y7Lscu8 zC9&L=ZwDy{K@YKS!ucytYv<(Z+QHIN6bD*`^g4H5?|-&*h-7@C=bo-IXIkVNWoVFO^M-Mq2~|^UZF@8G=KG~2_Kjn~ zlP97P>Gm-9(W7k_4U4+JP}%Sz8%X?cXvK*?J*_KSQC&E-c;oz2KVS-viY{~~<(C*{=2I(1nh-m&& z9%;Nt4;k%2Mi3nFq^C+Y#5DTKseSw8*z+|g?X21?FR$BKva^zM(zf_KLrT*P&Yykl z2OsFRZR0z=`W?OJv3?5Y83yj~KZZq|>Vw2gPS1UXDpR%*x{Juuh|JV`Bm>W85?RIgu_FafFBFXrX616SN1?00aYhYTnu{H*WGRoAi7D zsSjdl4;FmkFnn}|Ur@%=!M3_R&=;PY zLJ&u9mGREqoR`4cXvXE2urK>2ZJTDnAvY6~fUMio<<97D{wm>w2S5KAj_4ZEh)K%B zsJuCk4#j0EHGThd_q+aYRQh6rB^fe+<)`(5;UgMjH9gB8FYJ}{g4k+^odmoPL!P^V z%w5trz8#l-pLvOd&5<-_jZQ?Zm8*uPrj}Dyd*;0EfWl&GhH!KL(}Y10DbvJmIyk1`T(PHH>-=DJXyTvP5Beh)|Cf_X@(;aw7;~@Jo${+1l{|z z9?6p%2Mn4GTCBA^KV0`2TAbn0Zo11?t~`J4T$`$@D*8yDojYZqqApWhxs=}DxmhyA z&HJgdiss>p6U5N0AGMGgQwmtomlZeD*jQR9eNfPxzCJuQPQ9k*S@R)DC3FO%-Ddo4 zdOi8A`=c*@ONG53U(Li$W2UaY#^Fw$jZwC{I1^LsYI!A!kkHZd>|^>Ly*Z-c_DkyL z&MGR0kW?jlOnoGKvFMXh#{kY$78x>fgyv(KMaR{vhp$}(3?RILnn$jV+mVtmt@ws) z*`Ju|n{%&NZCYG#@VbJheDEewFH_0yofW%nRrHtH2^Bi-ix!=EZtzm)(Axr;7lR{4 zz)?O}7BOK?hYh`*VmpLL2g~$XYT7@+r03Cb)vDX?#IAYwutKsh?ZG5f2f3V*Wls*q zFJ=}I@>^-;1~IdT{89W1$o^dqyr>hH0*U2fK@?Y1FE?Q@v;*^+PK8H~95HEQS*z(? zmy>QsS;Jh4G%zOnp?c!9Ab38H58oifxq{lcu`w~i-}YfLG6>Q9(SKzVGs>=It-$qy z?tTaMWt-XN$0aehw2ZGeuq;yCdH;}#B0g6^Yj*p@SQjvH?nn18FlRuWTSii;LM!ws zu9(#%d!%C~lXUsYJwjc8#lA1LU$kgML8Z$hs{RF&0A2vR+mn|NUbU$3`_Gu zf|lfhI}?5aP;MBTm8sk!pCJxK?b0iIX9#eqv2P0EkZaQBx`9<i1$MQ=fs$E|u52di3 z({qO?`HUK*we(ukn_@1wxTrM$D{bh;Tr!Sn`XL+hCVBC;@bOZOTjl~wJ$}%+or7=e zg*J}iDLJy^54#WeJb7B(q(@UN_bu0v8L-_#)1z-k^}7`gC23={v_$&jTpf2s*2O0c z&9XklBD}SX)S?|dM+f)tBBk_$M~?znQ^8N=-uw=DSXql0h<)a zELFz7c1b=l3Bw^SM{HcuqhCJ-HmAB=K2xQ9=teQy=`XyQ zeR8Y$RddSTL5_W0%(78>(~Kvo5t%;j^WPk)$kl5$uW*bCnr$9^C?_;AXi#tqUt zNR^~sL3U|pP!z7K-TzQ_+@<8?`4QeWu6y_GTMPGs z1+Oxr9bM&oIs_QO84c02o_uZf>l<3^6}Yo%p4Hb+w8l6Wwgn3#mx>Bt`YI_VOvO%s z(M@@jy09K*4#$|xT(%~E7U{N)Wm3-B!6wx+Fy4md_GN-mTk#l%2U_{EPAe0oja+aB5i3Yd0G?wZK;AzMDVeJv2o3*kq0W9`{gvKr=R)j0P4ni=Q3Mz;ghfRPAT?hhITN6zjTk6obU%w=cuyuqK-M_^ z2(JbDJq00lrv1CTrbIW?ug$hSD-^xvt`>B&-?*ly=)N?eA!M}PK z@uy+5+kz5ft=oh9hQ3dbQt%uD$NIR;Vv@;((IO#YKp%>FL|gi9QL<=#b#>nZViEpL zC{Zr2el^ym^cGoLFeBqxGt~0ur-Oi4p$Iz$8`s<(Vlf9I+0oI_2cpSnK<993QTl0^ z!Nb$_?@BI{&J%0+2K!D;WBcf3R@I7L5jYZ_Qur!`E)f}3c=*WopVW(6BX$)$bS#5{ z8wHyqga))6*1xU~TJ1d~NuWk45se_p0ZG zc8*K^T2X0Te62iqLyZ@z9aY*bno~dCKi&#Hd@YTmUtR(Wp1p8E20Qqm0o9!Q<2`;d z@0!8Me#Z*azWU`sAqQ!zr#})yo3MIfT#UdkoR>s@1fb>%UN4qhDr_9C8vA)=dSW8@ zKi13bg~btU!(2iTU7}Fv4C^5$AWywVd3ifYB3L*0Ggs6B9rO+696W}JX$L`ophWRv zKE%l{tA~=3P!6G7=*>h$`?KclK{}F?#Zb3Jg^gT;{T#sDK5^yaqm?}?{jsn`#VQse z-M~16Z#ke~clow{#w%5_m)eiy2|YR3>@O0DXi#{c2(mhJH6i}SPTyqhKmG2Cw`r48 z>kS^XvKnw(rPS&-A=3A^jB_hCcdV2zhuD>YBs?n%;o zg~WYIdBk1E8K10Acx1_zU!Uz|*{~XR4N$kM^2dZU0Gm^%PO&Llwcxs{YM3%&Dl`ut zz!fYOpfR$$1K+_7>0aIQyS?j*73YAzhYT5FuyNzHEZ@kgeaOR#i+d21r_Y#SIAg}& zvX8^m0ExJHs@f8avb74+!(iCZqurCSioGPRGSQBQ-ecl+rVZ#Q=dZ9W3gFG-iLn+G zjr{qw(Ti%llmyhVC>Ln@W{K=^UfW z@QwM6Vm;!p)>UJb!An4eOr}oVX``Qc^*_lDdvW1@_WARwJs)~LFundw%HFu75a=BV)rymJu2qU)}W9w7zp>0z~b5qjqU)>6EbE;~{;RQA-e>J{fS z=k(rC;~KqiNLIo)lkv?JeO({4 zUjy2=b9OMX2kW{EgWG+(Qm|0emKh5z3UQFmIbCL3=~O)xbm~(*Jtr_ZKRdwiLC*m= zU$JCf@BmcXox68$OYupcV*W1hXGN;)sTZrpLJu8p>A13rEsQl%bu$`|O6P^C9Xz9? z@mI^76|v5eQkTDs0x$Pp6`K(CQQNZO_tE#pb2qN7x1PI^zHQBWAxN#8VMm6ciu$Yg z@x;cu=%^@1ggCfBFZ8=@Yt+8+7X|e{X(!))@&HdmLn)3kme}JU zd?uDs2MrXK)lt#Wd(7NE`iwr5?Z=T~3`DtEX&5Jp;l>KfE_KeoU$@CSwy@JiodVhF zR$13A>fN2b7J41^3V-4o{OW*lKyqfAYTx?t?aG7n%}oaVTX5T_GbjwtXTy0zz1>?B z`rHuY!Rl95?{B|;y)e<|3W?*!!Y^BM{ZE|eLtg|zq3AOI>5d(3L~ev2b((5+=@Ol7 zDO8U!*Gi0PUft=X{Ut=sJua%(+o-5;d85yp|NQW4cTy_6F4N?4&fWp@tyTv%Bz`${ z{`7zBUdN2uveMUUdPB$Y!dTg$X!)(H)6~&>cWr!2>CO0*xs{cS#AVRyop;LDi7_6U z4>iKGpaIcF(TWOd3Bi@|v$e?w#J2Y^@0LvJhv@r(bMoqXUb<}gN#TuE$8RZhcMnS0 z1#MFPJnK)U)~ZhLZnY#h=ufkKv-;)Pe?OM?s$q#++MSA(zQ3|K&T!qjq^IR8WKWK? zPw^+a2wo5XSmCfQkK;Vo|2T%~0?C$$g;EUj(PaBk8NWv?+F5S@vw&mAdcaoKeX0z)e(aA~jBKR2Cf-H7 zM5!#Gas0;?laB=-vij9ECZ13oWOdjz+Gm*f0_|Eq)#in5#wzKJ%1et z>m?;Yd%pOBu)_q$>S;SdRaNSrnIVMP1S=U}2pI{x$=WiC`WywXL};4$Bs;GLE6onm zqf6{Ac3%=vq59fNkkEDJC;7?}2^-|a0#v#glZ_k4O2X-fRCf!=6nV4ik+L9&w5R0&lZ815^;}%vcK2%p2lynj^ax02DN~Xvd z-$oNvxJ^dFF&9E%9}%Amomyz{=K(aZv!Y%-%h(a?(ixGdl~7m{r_`t37ybFzoiKfLjp3$ zF!Z~;;nmp0(rZ+Ozr50()?RtBio}BexDWLH!!byuqTjOi&4^5)wV`T0be)ocW$v1A z4TDIgo2HfuC>=pT;qO}8yF7uykygnm(*d?!6!a`^ zu=jHj@P2-A@qHM!d^U^xtDJGn+T8_PRIyq!a{F}%Q6%#KcI{3++DYu^zJ^ol9z0xT z<3)6r7%*62V7am!<+8-*&YUQa2F6RyQpArvDPnFol-kprL;o3=;sUHfFCwlky?X5i@L9}_5PUsp$RB()U`L*8r@k3{Au*H$Kp-@3JmTd~qqLJt{jNS7)ant=4|ckaTXVyUw; zyiVJHB*5gv=u8i=9fla+Lq9VKNRq%{Pz%9S+}Dlh6wGaGcEj{ZEaNW(A3gdN8X+cB zMOZKiZTI(n^g$Zq|NGhMEE%{6oY1;&?@^c{c@Wvy`k!!}0yopHp$F7X7n=x!GTdRX zPBXjaj)757t3&D*6PSkMES(|Kw&&fb!(xlr zzizhI{Wl9#^2j~is{M|4u6uX&+J{V!C~b{)IlG_NcXW2XGiUJXVG2u*-jtPIsFZQ1 z-R*Ndhs=39XX1hX9HcV2d#-pj>MKdBT8`1tDeu(FR{7+kmLaa?^|rmnS;!R*jxu&Q z)UJoJ`>M>lxgkcA9!CEf(`i(~zPT@=8oj&iugT2&rQ*LsJ7!fxCapTvl%cJy?fZ+I zTnG@7o<)dMjEr}D^p8#SYD@L*>1b;kapVL_$n`zTbk5T4kG@Y=Tb%|F{<)?GAEfrY zupp_Gjb3`7L-($=o1eOko3MjPnf3vPRi>;R-&cS!FJANppcI61$hI)5b+Ph^L=e=x zr+@t~A*JT@GAOEfEgjBi(3fd5z>Ju^Ij)UpWL;Rkw;7VZ-md8g*Oy(PTtyU)-9@PN8zW7m)3X-r8H#Wx{w7Q ztM?J6_IL@_{n{zezJn_Iop7jiIf3Nv*a-W*Vzdy-q<#DLQ6AT)g=qqU(1}d{BN7M+ zAo%7(A?7LG$`0y?ix&qnNlqCc@;)5;C@c$t64vu~A3y@5M!ctUh8`RZ2$l%+#3Ybb zE;zb8E(3>89KtPOF-+sbR=Vj$ix#0-yi0i|c5<^eTj(kQRiq{Iy|vpi5QDSnmFK^& zttr_{AR0W%@)bB&(3vv_NzhKXVF}f(5SVabyf1Idc1lFLwhI*$C5Gtm$Fs?<$M4^J zkA4Gm65JLD6?=f&(_m#2cS+HC!;U}_i##Izkfe^<2E8SZEbDpz2lqS`~Y^)Vm>0^&{`zHD)Fa~3GSqu zoq4J!!4di~$d%wBH2*?&sJ)G%04K!mxSr5jOHnOEzXJL_y4fpXH3~K6dZLV6Ez8DR z+b=6DC=h&9GcL)Dz}HT^6gEL|_`)IUCe1DTWrfHdd@RVLtEzwC9PC&IVL($f;O7{X zdapTImm0Qtc|{F)@YlXJdH!BIi-#BbE}41oY2%v7H;>mBX3L+roKdACE19`!wrzD6 z$4@7`m71bqT!rx;o-YCX?{E9!D(Wfjf}FV)AV>Ldz$7l0-w2^ZA%R+4 zT1ejLlBgWhV%~}@LU)y=$E)mxdAul7Ri=@ILrwn+$&#% zybRP{z@mhHWcdF4!o6*eF^%NQSc6cP0y8;Pqb$(ly-A@v$C@&n`dUN)m;w@QR-3i8 zxp3<5zI^FK-WI$Z@|#SWh~0}>qX>{m)kq0TN0JGqh^>o14E|Zn=?Pyr3mK@>LlV z|L67V?ww|*D0kTbsYBVPhbCD$FQQlsk6pnAQKOm~0bL;@sT34R?ALtsoV%S&%JB4lPy zS1N`*!V(xL@!I1SuQ}}-Zwo2)Epj+H?W$Jb`!`JNZj1&yTFD2W6!66A^_t`P9xaUslM zv77BfiH+m=M80JDiMIkW5S9XZMrX}GOB;Ol_M{ASN5Qpp*|NJ}Jd#n2&9E+489Nu@ znRf+K@4?(KIpQiV70G#?^fmV&MA=XzrqxDWy50&;C}u(E85gfwB`*=YB+FgtzN92n zZO1to?9n>}-<7xlF9IjHh3CnxN2ce_lwd14K&Xe9o9hqsCDt$_KF?=A8q+g9p?HiK zJuB=dB_ZE9^15#DvV`qC+TYRjc+VUZs5?&QCU9`{38OHk4XS0UopAkrn2gxYk@-g2 z$TkvT-@x}4N(w3siKsb6I|?L%#`4Y0FG3y3**mVYvInVb6cczZZ|MBRzA(0%bfLTu z3TK~~5lUi~K=e@LP$4cNcnQh<(P^N_bne_)0xO5Bj?Qy8%|V0OG72;eI#2kC5Up{Kk(G=h z8p`(_(;lliv+%>H__2TC6ELwfjGLDkHUw#Gzsf#3*iGn%<(a?n*3)ZqD1a|f~^ zT}uDYpca`&%u=a#?m4T;R=D6Z4*Rr-it8zyO2yzv;3L!VPMrUrFivmS$0bx|<=A{D3};Y5PzC zJ0dAZ80?&PvgoHg-&5)4{hwdI8gM`)g6gEn^+k(@sd5K`zo6d#PwD@XMq4OW7#79m zeYBein55Xp%FN4D^k4#l;&e@){FYgs0X%sz%|a%=od2vR?a;Nf)Oj8V--rA^u zV!)8XMryv!l<3Bc#Yk_3fz7V$_16^pwz>>HvTfS#-GL^b$DA|ztPp?toMH4fS1iB# zM7CeFwZ_sZ{@UJi8~4O_H&jzgtWC^HD4xDF^kMCx+Y{3F|GhK+eapgU3$0!9LPyWZ z`+cfu(&Im(osaA^AG1Rtwg$#~CkL-@?PygWdMpBN0j<1On&~H8#yR6f zGkZ!z2ExWm2o1jL&6z$u+`F|!2r?Su02F%l?u|s^$fk*>}By1G3+x?vf= zlj$_9=GF{2f2)zGlyv$hn==HwJHz|iB$!wh4@K8av}FchH&)Bo70DTRc})T(nT)#N zqE};`aP1XVpWB;%tqQSc`z(MqlG8^Ue}gn?jT@Jpn=1!sOe$dzMp&>5{D=9mp}89& zS84v1U$qlPPeh%sosWpC`@3hGAXWx;(`xGU~vA4 zBU6LP9rf3L>`a>&$>EH1NIxSaQhBHLAf)=!wCt3kc=CXDFH*OT<7+RYY-?tpL{3W1 z8WpAs9&CKcwX;q0y7^`q!{-n*N4X8cVhi`S1&-DCu(d;qbMDFV;~2hc1e@MWoJ<%& zH7dN;W^|w%?8{X5Bf^nbAV7Y7ckA8VVC53tjW(`?cun!CJ-_^QbM-D1fWjfH{C*>I zge7VizhEjPF+DoO5RYJ{!6)#f9q&Pm#uTS;-QxyO>jrj-s40k)ql|T?=@H&! zz0(cjt?H{UrCYEXUC?=mg2AFLVyY=&mEgh`VP}S~WQ4Kt^OeV9JcU&qjHw3D_fL9u z&6V;W6(+&{nPVfeZh_O8j+Da+ljzExx^)LDufxy{tquFx4A!Pz_3Y9}B^?&d&0qyH zb&5M=ycpLeqJ>V}l%PFA`0h7sxyCn?rydw^{+%HZzfjK7NC2Z9VwoQ9(QPuYU;I^e zWDd$?8U5z3(g?W3Rt|&ve%ai!E0A!)M++w~vFy_0_8aV*{dhgy`u6?D`>Ot1HpRT@ z*i!vczW4?1k2p8%^JG8PFUm^jM^)^|SsFUzfTiBAQfb!XMSb7R&~gvRj!B!p8dyaP zF~6VG(SP%m8#gOjFE=DCHF}=#Oxb;Y(~p5gNr82Ge;$|?)VjRR=o9QFbD_9**fSOR zkUNGKgAe>p_nFOW0@>hKbOKuucA9hp!ULXbStd3C@yKNUZp24wmW|Evx|X|&`Vk~B zc2b=Xh0N$`cYsEjFy`rZcj~8m`>VFtkQ?zzsKs-0#e85A>7#GIep;hPqiEL4u0`?F z6tK>f{ZGAKev| zsWVAG&hBbQZoeMuB=N{G-Lgej+)Zx1Sc8H}i$7t^5Yi`Buo&-@Uku}ylf=;C@_e~c z=aQQqyNm*~^A=0X$d^)ZmZrD<87bi@RFaLvQeEDiRBy#&+CPJcDrhkx~vuA{7@=Tlf6ozc3oL9R27Xozfl z_s{QfvqoH1?gKS<7AVuvW2KMx;@XWd*JEA$%V$hpLfFgo$dbCE5TJmDs z^A2Ur8(CMc?laQA^ZR>^zkWHcTshOmrWc!R%t0740iSbH zZ0WyJY~<#aiGz<0`?h7GR@7(v8TFm=n;t&+-g@guwOLEL@^(Abab~Id>J48XC(Zr) z+i1V*EUjV@y$V*IqEST2vWj z7V7IR_5%$bJug_p5>i}PX_{_PB3L0$B|cf~hy=bUY+5wCX~v>g?_QKIT?SS!9PbD! zz~*8mTSB@K^CB#jseiMz*7?=B*Nh6&@-W^K{5a`?jt1-d$WL<%-WW{H{nH$A?19y=G1g`?IxrzwMZ*r^0}NaRy5<)mwvR2Gj0Anik#1cNj1CZRgO6 ztidG{8%bsBD&YEbZW@RqRNe=eDfHb{w%e3N|iM5_7e*Skl2YMGdBuh>slOwJzt zN$H15<_Pgq^dLDQBOfC+iL$+N;jnT|?4`8#%s5!cbb$LCffnx~B@d3TWv3VH!i0B7 zpkZ3l-UA07Y3Z2YC`V?PYj;^Mc6yK+V=0x-w@n^LsV>ppVf$ES7f_EFD`gkiQ{~UB zzsMD4-Ir#1ZPd=4ch)FimGmm0GWE%mPxBK)#_8DR2ELfA5AuezcD-)D;^J2CQ(=?0 zT8(r+&N`Fp&2dA~+=z{Q<4HB|sHslrd;k9!dk=7~`~Ur0b)~(h)Rl&chSF9Mm5?Mv zBn=};DKtnZX)DQyipolob_r?9ij0N^4I?dC+1!uUb$!S6z3<~b{{P?c`yI#iyRPE% zdB0z;=Qz*vc|L>5t`nJDll}D$NCH20O1)xW6UNN~nF-ECUm!-HFgGI{%6b2Y$+o^g z665UYoAi>Bmj2f4hFlMJ+0ZFOYVNaYqMU8OM*e4FM{AwwTOs{=E#H>1xa64~C3Do$P)Uka3B|h|(1Z$aabo6E)SX@L5x2X1shtML zySsN7Oo?LMD)dn0E`Hzmi~uvf$k^G7ya=FPpEtm81p-urWZ@%wMhHkJB!97YaOpFFb1$pg&|7wT9smXW8m!F=dTZ-sH*O zY`DOJcVmxQZ)xdt>J`B#;Whw}lj_m7LQCVm@qy_Y?G^fHFRmQAdBQS1PtUkRkHe~s z%%*LPG6~y}H~F-;)aGe=9_mTqzL^>QxBh4owsB}xrrlePu|0Fbi4x~YoE$=i@4GlV zox)U`1z9r6%3^~KOI07jY0pHRLZKnUnvL%MuPpdXl!=E>rd1Md6W60{9KmjS0D?KS z_Mbn0rodH1^Ax2z@g{kS%?1g-=6TZX(?ikC%<0-TlPZ^IFM^E73+~tV@86%}^C~N= z#~Gcc)V#vw6=!1SHrFUMiyEy$DGK;81G}#6-=~iUXsQGe0p#Ndckb)66ZP&9G94m2 zb?kUQElu?2VyxdVnpGxR3O(zY^JF_ic&XWMG@3ig6Kkup%KFI{oxCP9eE1$hoFdlg ziKm?b7KI&AY6$ARWwYnZA<7t;M5-mb+lB1xl#Fuy5|6uMCl5#S4rdZVz zB6aAl>RuF!FQn&BN=o0E|3fq(01FG~Bv@FG)+$E!k+O+(KueUyz?=%1c zxi=3|Q{~<|4wB$^KS9vLFlOxgbaPX4Dm>wS$TPbiO5U%F*!4!g@X(r3_?x=jKIj-8y zbBBkct$DL))rynS*_Y#rqZLjbAN1AjO!LT7M}F4JORu{>ae1(5)YOX)&C1{1aKzb7^)(G?J;L9AiZel(8)29oa z5*NjE6{!}-!>(qr*ACYTWL78A99!U{PhF(`tp(t2t;LRyzbrNyePL@2ii}XRE6>qh zoplNH2(%2Rrl(XWEDWKNMge_@j*-waV#bVex{zkPcOcLs}D zt>`tJn(8JAcWl}vJ~<6Sd)BQ!!~zCbs*R$g*Q_m{_L^OhT8-!ueYae@@Khdqx_40yF#1@;yZ}TG96stxNKRqP7sYSmy zpIe4qJNH=T^O`N_kbNs>?@U~>XwkfIJ-HsM#lDEDs3kpZM>DN5j8g+ICkbvDT2kWcNeif%}xVxvFWUG?@A2+5r{VebHbA#sN zj~1DxE?eK5z9`=+b93|Wl}Y+GwF`^Q25ek&%r;UwD)0H`j!gyM&b$f6U;8}7yI4`e z%M&q=V)-!_me0#70WnE{rN!6T0W4ecP!ClWBoW7yBNd6CNU*62H19(N_oqkpz=~_u0Bz)P5>W_zeuLD1EUA_;rafoZLX?)CCdAqK{<-%Riy(JyE%l9AaQJa9nQbp)p6B06y{#I`d| z9RA!Z4hQxb z!$*z6;7m#MDSRz5$I@F-GN6G^k$4FQGAfVQ>ep|1VDz#U02E>unYhJUKFt>rP_zep zbba+Ww_b4@JET}2e2b!rhQMBXA-k=0M0(wH5fS(!!0T&^6;7;YTpFfxOpoa-Fk8%y zmo|cHpwt>YX3POTuR!AHc^1$kUSDbW@>)w}x&nUUzT{XWfC0K^6X{xJ$>fI~$HBmKq zd~2pU<(qUtwDpl(40Yy(>pas0p++ISV+%k)>MNcOoeA#?2FK~4X{gC@6%7dNgnZ&i z&{FH%h;Eqt1zeh2p*1kEwWTqqRP{isSf8qTFFnCRxnkFgZ835U4?QG)zCNK|IBdJw zGtI{t{a0pn3p@4Ja@KptR|a}LT93RrH%0Efp?O%E>#jiCfogB^HADT$e6~ZF2{*P(d`YVuJ_SBRIY*XD2x~_XM0~$!q(!=&b2L z`Nga#nDDE{`}54ql#Vp3)S67V)Gg|vyPPE=%+Wa5E8evRr`JC`8>nmq!!Q*i=$fG#_yq z-zRgMt{N(otSrEBkZfjyx@HzqYe2sa>{@VY6|6aW=T|bGC%FHRwj~tvgmR#Dm|^|o zb31-Jv)EMghDnT%%4@JJsQ$QP^&JqfeP+xMOH&Ye-zkSb`H>>h6I&*X{T8SGh;urS{@o$+d;O-m&3d^x7QQ=$GUved zy?>nc+|j+Y#Jwu%_?ri3d^aVPzP6E?+voPshi>zi-JO=|+HAivxU9f9Onsd5=$B{E zc67Zstfl6nLDWN#-l&!Fzq=HV@BeA#FAC!v2uW_P@Z6x`csBV?H^VQus_VuT(i1OW92_Pr{`#$>Uk?+qPn`& z{)$Hnm27U_d6F9$TYBZCLF17k$=&U5C)7Q%Hmdd>vXoRSJ$iEZzQ5H%cJT>qGv$pJ zs3pW@J`MlXxGyqn!>~!3Pme9~FU#YP2S$+NQzbX~x zdA+A`LX_OpLj$Ic`gri@!cK2qwY-%-tTu3_^8<%<0WTvL-C5l5-r-uG&i@fDHXSa0 z@i2e6;qjh!_rBfEX}Macv!qFS!jAy2e;7rN{P(B(TN8C)&oB$7B2VzBR+rE29>GUQT)x`oBNkPR{e*g^W*qW zo^3O^CUh~Uxx7-^@mR;fQW_LQMn?8wO*u+A1Q9Obtw+%NBdVDVZH2%XHyi)*a_qUu znfnZ*n-``<>O~QC#rkN48foOpw3=JMhy%?2sZmp#eQZGI8B2nubQ(G|#5R%^aFN1? zu2OBj8s)FN&#j|SUdlEugNsLQnp(^8%A2lAWFB--O#2E28lA@G? z@&9t4|2R62H`Jy{cEdD5a7Ma&p7ASOnrmK#MMUHvR7R<` zs$n|OyZ%e)G1@>C-_@H&#Tcd|YNC34#A05y#E7XYV9~IQ+-M_(G+#L(=4j_06(|~2 z+8LjdCpBP5a+IXbV(H1;)kzR;x|BWu;7?&Ue9I`%`Ut!k>Yi+Kuijk^gY-CFogdQv`7LAl3w@?^Rp_R1Me#1)*?XK&nlLZfR~X0K-S(ri*qKhbWzHKGRvhm1PeLd`OZmV@c9C#D zG>I|Pvq|t6<)}Tn#jc;jt>!LE6o1xCto*t6Yr|5XN2Mvr|CQM8INZ3;HZoD$nfCut83fSwF#Y@v&Uf6OJ8@5mX|*y4hm_FC4*u@ z4aRn9#HpYl7LV>F67}9(z#L&0zaB{F&tM%hrW`uYi!~`U_#D#ndQoCo3ypHxY|6U_ z&z>#*U9|o6&hR5&3}*cqlX<|?&41*~#kH|=r`|-&D2s{QlRP+P=SJ<`t)q%lI_F#e zHz3KY9y*Sik#pQ1@h(*Mt^I07xUdL)7EYN9IY26DsWhOA-tBrjn@;@_A@SiNI}e$y1DCx zFZz}kYjRUw0Fz`Q5oAF}!71Nt~z(AYFBYpL$Tep8?CZx&XFyjE%SVT4U2iV-#Mgg+z{PYEtO~9nql*@ z?#ZF1+u#2r@i0p391<85R4E835Mdw>H4+q?`Ec_ne{=JjLvz8YOo$`SZ&BSvKBYis zwgwYu294WJ&&FhE%7-d~nIM5!b=j5GSKemj{+B=j#l|iP20B?$+Q(6}p7*$}!Y2}} zEnvgUfN{ocg~(0JyZM%j9aV4#Vj)xAB_n7e=$4Eb?`P((BDAG`5XNb?j2 zHwH2;R4Oq9PfR^W0?+q9$6Pdy?Ry|xBN@8XeoYC^&+V ztZQn8y^Oz&(>vBv;r!gTnY1*9^7W#lflX1g&Tsm-e`sa?x{wOW*8X2qkksrDJ47KN zfBpWQ4DQR7oQ&b!?AfzVPTLq%(5;zB%1lZTisdFsF6Z=%D{fB!oMRO#zj!|&GEcGH zYCa#0g>ZskD=k}4%n?2b4Mb{L)3xICXSA$hFS^k45TtQb7V~uX>Pt@9u2^vR_S+tF zPF(ozJo;(b&}E4ap8MZ*tIk_nq|*11Ydi0s&7ExaZy(W3o6fq7jZ~C=k#O8jnT52# zNc=K^#k%d;0oDV~+IKmy3OREer^9G|^%)Pj?`D0t}3is!)Ue&I0b8VVFRGOG>7DH=!jl&pV zro*2>_8EWa`F8KT5swd#@pi8QKM7=_4|pbJ+Uq8HSjRvB0nBlQ#1FM3OU7k^s>Lo& zhEV*RaQDi`xB>qL+jn=eR~rMmaAgmmyZ)8CM5ULMR4R@KZ3G?xsKB%K(utOE6@%gnK%<`)>T4q2oP~ob_}$#wbkZS3eQA=yb1=F zUNM4XD-hNy;}t8!IS1*i*ZEVLoJ5SyFz1SLqwK0Lw%f#r{cL z98N_b{@D9EsJ7^?DP2H-&9N^N)|q16#kJGxN*z$UQ3g@d_)-MkYy3H@xQ!DqS3Q@$ zx+M#ksVa4Jh=f?i1bmFDOc+c%r|(+ov=L{GB}7R9D6zNJSALm%p(X2mEvdqt-(Es4 z2}F5>5PB8u69@QLtDm~xA)w$sfBu=t-?7G#ht@ZofF>b?rLk*vL+Ah}>**OFS`|Wl zQ8V*-yE^y8{UU_;+GofRAxA^u!JLu@V?FJ}*^pfxA{Souyei*g} ztrxPvVr&~&U${877@2WyozR_OcY@|;9nTJW46SMg@rr{O4x;D$b`ytJXf`;!6YYyM z@@#HCxVkh<<1dLTY%Zj!4DW_hP#mN+pN{;SpZ*!S*akze{6IP%0r7&(u*LT%O;Zln zHe8umip|4^4;Pzp1vwKt$4mVY0hV8BNutMf;1mloC7u%_!74Qg5%p+fus?X)Xt(TY5u97Ex_#ouh+QS$ziT6H77QZB#Y4U0Q5%a< z3%8c~$bwR1J8#kK5RJR-nUC(!g7e0{RG}mSr>>4D%~KqwQVf56CMQTqA4v`p@w7%x zaSqaTNWH5!ZWQqlakZAqrGZJO7_p3XO@C3XmHNs>{{AcdC;lg^UzsTTMfEGA>n@+V z(D2+&#~~v|OkH2TeZe}b#X$>)9C`ok__mL+x1Co!J2T5D>W`BCt26SjeUlLCvBWHf zFxW_WNKqo1-h_ZsgzU+=G>WhQBU`pJk5huZvEa(+KiO}I`u^i@xmfcecc1ECOV0UgtaMkn-J7cgk)^VN1Dgh zIx%KL8-} zvyKpWA^kjeW84J&h$EFUBfcrGS-ZCFeIf26&4Wk4K265-l z6rj0CM9|%fm&}MlX-o5wDI&U(`R10ruVxD5(}xdp2?h08ZY}c&qjj8mzDj34j4Th4 z`2u_PBY?=N1qF4g2%N_6+;gyPD=@)U;es>HnAM<&z+ z3Wf-Us8EkH2j)8Z)lv5<$Ns^*8wuw&@svnaH12=3xo0*WP2$>$@OZE8Qy0dc#Oa{JS(BUWm9grIJBo`^ z<69KULy`Kc&6^hoRRdblb?^*bg~Sy2ci&UKsL4=^UVL?E=m&A=7`gkSRbiI~v;6$+ z=_#RaQM(iB%9wJ3DgHyT?b+7mayKazSC`;o4$1`5%4B|~kfSh1p140DOP-D66oR=M z-WD=JF7TH&V<;#I73Tb3obu)dHWUd!&b#768eI=(UXkG|iH4dVi3|R)B zq6LH;Slo_6r!6F@04E)UClXZh=vBov6%~RIr0t=c>nb_{CPT0QQxbtVywc zK|gOh@qP*Dx+WhEJMj`k`;zH`)(1>A8pNXPE2^XtsP`6)e8L=w&#{GY50Y;1v zA&&izOIspg9%Vaz|M^n~8mf--{0MTQ4z+>toz25Qi3lG;5667Rs#94qij z_O?R~3byWCc}pK5^Fn`ua_3}D`}qf^FFmNXq-sv=hL2M|)OcxJx~AZHE2zcYT0P=r zTA|X3)~t$iV~h4_-kcCNxIuH;R|o8IyCW^X0Xz$`hA4WEmsdAP?(@8m*r{_KCoSfZ zcXJLd>MxUV3@fLv;d>>7*I>aqW3LjyyaULVOz1Mll6e_KN_~o)!2v^h^-|?1vr&SaBCKtcb~VU#Q>k-5rra)MbR zo85(okcm+tB5Y~+rXX^oo}N$6_-ZN$=cGu(Xur8mqoBKfTdaT52+e9a_tT|f_Px&* zI>$ZFyeAz91s2ZfJZ8G6AegWLFs;M^P7Jntyu4}5y+4Y+Rm#Pc7TxGt($gnT?+0Bw-C1ZEVfpp~%pr^?&M&c( zE;jmyj&pTxLBXGh^h7x=G6f~I@R7>L;EtCqFu|-uGpwkDrg7{FnmRO<^>2Pk0OZ9< zwPUfF3i^cU({H=XF-^VO!)l0bHJ8kJ_j=JJ`e(zxzM2&*)VEE|Xpscr%GveZwJKZ> zkI+ZdumT6=Uqw*+(irI_x$c59KJl%^y9~jsWSgyExUEOtebug)x>Qe0%kS>~t)yfh zGtmY0DjSx3L!a0gtCwD|bdtLaaJO-y2b$HmS%|DpJHu(#2iaj{D2(eeR*oG#p? z(04O6!ekO$g@fCY=oc;KBUVg6zRfIcO8)_N32T2JtD0lCWq)6@b@z>PH+PJ(>C@cf znXRu%?&6s0tWK`GCMw}?QhCj7VQ9^#Mu zFiV)h4HQ5wzh%t$;(~36taK$S<;R%By!@bAcD+pz*n%G5?36)XIlYG{-kmZ?TDpqk z;!!+GR<@$BwIu*}TO^#e)?h-4pA+=r51+L;=SKUo?u%1ZL`XZ=HE_Ymd_~6zj1*qA!S~-xiV~IPUqe z%Pg%V`svzBM1*~b>~-zx)sN*aMGM3tMvcg|kbuXIWt`6TuF%EBRwP8>H%uB~llF?E z)AbmjjjcJ?Aezx0J=}gata#}w4`@zc4B+}40Jue|epn~+ky84$SqS&ZJP$aA?vYDc zThFa~nRNZc&8>H_{O1Zgf15FWyq93y@iw7D)aJV&>+gdWEgbew%$XtgXo_ojno;QT z`=h%_Or}F)>5W(mYaPcR0fR+GzFuB9aAgy*QG_>^LtxAr^+Pw<~_eZR=n-f{`Ba@L62!d{fa80B`a3ku1W4GUH*UoPh6JqG7t`4fp;&ACTg$cSv4n}S3O3c6U-f8P<8gSZ#XRhO9t zf9b=-qmK_x5-afro*%JBZzOZT6q~1*ExOB z;>9o0OhpDvKyN^s#LL4M!7#}_yUT7&mIkcR?1<#yN>rf}1zjn;( zOm|%bytYFNio&Tfpz0(UBPwpav@H6iLx)tT*`_M{=*gDKwwau+QyJepjvYH@AA`~} zk|Tx5^DzR-WX6PL7q8sp)wTF;l~ro=pZ-Q?it`)HbhcU#yXO3H);l4ze!rorQBcqd zrMYj`XH88C*Bta?!@Z-E4-R_YVcxY6EBz_v{a38J|4YtFt9aVLS^m39Z&}hk2|}%( zyg`aX0Ul@eSVc2|cbKb9wi8a2I1LbJ7+o7eC81}AFV5&;!*j zu}Sqm&GNXJPXtAWDLffzL1?z_b*sh6N2KQA%6eI@A4aVem6Z(4N6bxk#2J}+y{NFD zlqr;2LI}W^v+tDttar%>QCStc?AvvrDHWPRtmO4xf`#+~N+8G{JalL{LSXiti>Z1j z5ZIm^>8|r*3@3xX%JyVXWzy8CFQQYrV}(e6De6v|A|Q$B*2BbJRSM(X`}cRiZ(lH+ z1~Dct&Z^OXSs{Hwl&QBVLlAF(E7&F#p)>X!XY4~%6HfvV()WHVpP>xHcd=zDG}{{* zhVF$-X!m~0318o^t_`=5Pz%_Z@*QQZ7$4%y>Y;8yUnlglRDm<8wovPitv`D`I9kze zE{|RZaL8{xm-jPera(to4X1b4aXs5EM4aPlKudZey886x%gHUx*KUZJA|bI{AGM4{ zxr1BxXOuxvjB;uu`=KajOJ3|x-3<6Y~PXo zv*?Rcx5bGF`0AC>Oa)=nMX_(`Tr%cI;O=?~A?k@{wKxTI=DJY^Y0B^^=JZRx!EM1o z3kLt)jTM*h;IKA5K)-e_+jl&vQ#@Etfx{u#$c2Ywq3il=Z9qIUMXN&6SB%3W~uIa?yia!)p8yPm>cgnV) zTR$bV?~Z$PVdwAZ&(-Cp%D0}~zG-KFd4mJo6n##T%QF>r4hW)=I|?O1kW(HuV@BPX z&SOd~x#1#DNX8DDYLk#t2>U7q_y84XAjMQ4FO4z0V3@|@hWDbCn)P~(Dmt2js#kW> z;BqCh`R+`r%!I+@f#Djmn{;1t=Muby5a59>it$#exxv(hK#)14L)ncfoG{@80VE<) zs-62SKt-L?GlT~NiE%Wv3C+rv;*G>Srlj^E+(UsuD|S-VSjZ1VWhnqkhDI(x(lbwl zgjdz>9&@kUD=AtwSP)*m#KZg^H$v8^4ZTUxIIr$e4u-UHJ+^>$Ey#EJFx@ zS)!bvdK;Sy|0QNU#iCyUeSp)!O~}=scjG6DVHEl+Q6!?l#t&F3ZFMSr*;*brRkc)8 zk1U;5Rw;0ihM|q*!$ab17o2q0Yju~ZVx;T?YC6F+BhBzooiTZ1;k`4U zfr{Xw9_tB(BNY{WaM?wqMfEQw;I?X!Kk!Iq9cm_@LQJF41iGE8b^yMTg_@$zv!{N( z*HpQPM)nYNB%ks`7lAdXR$iQ3Y*?7K2z@&*2aUiHs&RXPTpaszv5CnbUW7};>Gpz&0F9Lwug_jlni3@r`lV7Z#sK9WYE4TH_LjXi zWcA0w)mdK}@AP+VQY(D#dShUsn)YA%zV2HKpZ%@x+fmwAuY2>}HxIn3%{ENZvkXaH zm^i^ZFLw?4zW#mtKIZs!mAspN5Ri}jqu+L1mgMWlDp{;}qw^p$*2LN0feEp~vGGd!uHRNTZP~t^^E^wk zW|{C_efLh--O-{axdK&ecC5t&Ch8oT)VhU-G8^_(NgQe#*t6UEs>UR?t z{T?0Kp(0GddbiH0N}cZ;E?>SZ2qAFF^xdNioQ&ILDw@=sdc=p3`7rKZN}<2ToF^Yy z9%c17ZNReyjW&CpeO3Dzwyb`}E15fYAFO^oxr5)%AvyLPr?va?UF)n)0&7@7j8dore| zJ6=Ac^R0Gho3qn$Cf$Ce@A_tAW^iun(U+MQojtN`GW=@SyM}}+4bgJ0G|zWGe;;85 zG5z@GYDBccj5*5wXWj`PA2l1Biv{bzz|gD>a@k~SE08Df*rk^p0BZTO9>uuc$fr+Z z8AWLJn8KaEZ!)Vx! zKDE2uKG>J(?S0aA!4=gfYFD@axEy=+_vNd}Zw?Mw{`%1QwU>TezN&R#$le3PFPt2> zVfT1Rnav+-J0$J&|CZ>xHm1rcxN7$1%+qlWC1?2G?FCK?_fZKEI!y0u-i;Ed=zDx< z>=M`moPR`O^7YM{{75z+9U<=V;9B$CU0SXT`fCMDc!tJ-H9G#uidLgOW6TZMe$6(^ z{m|^|8(PaFTm6Nf02-jr@xP;z6etW)ut%*Nt9w==D@0}CIbE0E4Q!XtZM?ke!X?)4 z0qB)bG@RG()$xx#tpo8f4GRmqPts)*<8CIWGiFP-K1WiBurRyL(j zmx4KEJx>lJ$qX`IniLCQRC0H*+Xe&^o7t+P9m{_W2IE_L&!t{FS37uiAa&J+(*jx$ zr3?dw@}=~uLWCw*B`6R}r2IFmv)e*{-E@gv8J`T9A{rjRaxv-zhIQQ`@?vBwP4sdK zB1(5m&=qs-_wC&)%#(z|4@WoAV@Obg@tm{6H2eHH$9ZHp_R-3KSx>UFmn!D))Bwk( zBLIMueu6lJC5MWnDAatuWp->?J3?Y!ZEc+bHOQ+GI|~GNNmK5kCnZWF@nIlwiZ$;p zdC{Fwh6N;fAxcCI%iy~3gaOnUEmaDJl!-8OY6$|_IYQ7bzCqJ?9FJ13Ea!`whPURi zEaE5?kOMl4*;&*;?@udj)%x+aPEKz56(Kbef?dW~F3t|AG@<*Qsx!gGMr5(YH4G8H z`-qM(aCkG|#ntw!6!K>d-Q^vg0lAMTcJ-Py=eGUeFftdkszHT~8`QkWEY?yF->dKZ zA}2?zMrOP)%IR*$KSB;$?kcddv6Zwo{n#dSMPKuKSpl7MFMAq#WGC3!N@`rpYxASa zERCJ6r78-MqLHC6LE$yURiQAFDP`aBEBw)aT#(XbjyM&tHvh)@K74=CBM2x142$+a zc!4j=VG1%B9AuZ_ql|zES_5vZ>W?PgBC0Vjt(AA<;+CSfFMC(o5S-*xwGa0lu?88h zw#(bzGYA3j(YCDMG*yH-?kC`1)8E?LZ1~I4!j-Ml+PUJH3&soHo+%!|X7OgBS$a~v z33-{9x;!-&Pv|j)QvSVNvpRdWCB2AE0JznmwQLNlxdmu2ZgfBUQxjrSLsV4oPZH)f zG$_nj9?~8ais%J~Z4fmM6v2dWH&VU2=Nz6f5syM9+(FD)1Cr1I&Nbhe$Q=9S95)+R zY?~M!`K8%4bCvK866QszXPa)$DWr9fnrh>#wZfEn5ZFT@Y$kHpRtX37oweWBlw2}a zd(c}16&Y&!tP?L(7Y~{qVOn4L@I%v(%5X>92e+SfFb)MUPp7D-uipPA`?lSxo7Knx zQ;I8>R7wa*z?3Nl#lnrArydTbsdtyHW7=~h96TTZz-@F>XT=H|7@WL0<=JZOZKiC? zIe&4b?X9wgsR{G$DNK19`uX+Iu%T(z3I3yU7Z`4@-aagvF?ro6Jz1}P3%ssve8(t; zG~i#vge=$QurwIXZT)!LnS}33J_IY^uMCj5xmu}U*4lG5`$^pU|tChcJvd@G$)&H!C- z%}0@Fm_%a?Mxks37|2>0KKU#FthK2d60Eb&3%wQp9W%C|C?m!D44&cl)J+V}@x(QH zxb+5^fzWzk)r!(!%B^MLTXaukT({|vA0De8*`3CLjjx?lRFcNki1l%Th$htM1HTKG zaZU|TN87Stsx*b5Up+Wr764N@MbBva(47nwdwikh{>XWBMSKz%58-;xHx4edtA!x| zWmIImsryjn44PI}$Hi+6VplY(J24=OjEqyS`AT^A!{!@9U<(2cg5x|^TZ7!vA3d69 zX>Ubh5L;v$TH)Yme`kteYDW4%OQtFhbtmp&)dOreS%~5Q+cz{lLxUs6ts%w_K(&ZZ zO(K!ss)DkB#$GT+{JKZU$)k)4Pr~wD2V&~lt(%Y!g;nvAEFi0Bs>KE<*!OT}28BY` zgsS^|R2mz|1VV3yshBDdOQPf`oc-%zcC^YHpu1`IPwE!2)=Q>?MZ{#wNW1k7I<)|W za2ZQ;Iz07~UPz}Z&`hw~zGHM{-YVY%3A$mO??dk<05DCrs$ajv+#|CGle3?73)CL9 zw>A)ov+!LON=h=&CumdBuMm6@4(rf_efl&!JWFTvhSyhyF{CyCu&s{Q5e- z?0MYyfDcLO9i&ckw7T90Qx*7U8kpTBpO;M8l03C4I;%Xn-va!#hBwWdY)41NPP4;2 zT!QQ~MXSiUzsBo58YcTxVS7z)laM5L=j4&E290cvmaZS|9O-{f`pd!Zt>)85`(5zV zsZeTlGG6RH zW{NJm6ab3JLZSA66uS(9(RN0F`p7R-&-&714UbNEF(_@V{5?b{-x*DzlrT2eE(Foh zJ3F@xcj4kT4zm|GLHG@B$Y>;C1M=*H+j&j|i|S6)O{U7gCzhok#~?tWACHFlh?sw{ zcaDtUQw1*0MG(?0GSl(&Vq%a!W7i-MY5Zkg$bFnxct{e0w&N*D(EHvem4M}myJ9-w zDaI+J06#}6TjAP2Z{9p0lZ=01O)x;-X(b;%oUJ?!nyYt8O385ypUy(0pEoxT1DROa zWNdeI1SFhqZu^+iuqf*s=0FQ$V%}f@X={7BwA_<%6rx8l*BfQ!DYPddKXEZ5CN&cc zh0H}@mXu5xr)Qo3BN<8m>oEl7o6coi>e58QS3v&F8g>6|9VKEb~3k4Q(N0$Qtw$aXHEjyVw74e z7^N~D&qz_;@>ujSpBP8?xpx&tLGZjed*>r7*->99Yae%-a8Gr0p`u=bXZJ`HbEGT| zh2NXkjY309MTu`+Dxx5)vOc3*Ii5C&DRnXbfS^~H!16;xz)HXKvwTEA`uc)|nLUOo z7m)(z-kr1q4H!!}#S}1w&TFzWe;R>FMN_?lfEMw%yrn40Z^$a}4>_z!{0R!{0+Yzf zXpx1tOrZAf_ce>!?w_m}RQ@xzdks2-%r7n^} z*|*BdziLf^|zB)=R)1{5;D3B4cwiS~j;2cTvC2?$FprWPt zaTKhE*{avS7NU3;dLa4+UQu_ZQv5WVk0@>1rsTLOUAC^gQgztW8#i*imXjsZ^tL!6 z%OzyyJpDywBH%!>W@*&0I#4$v$A#1J)G}b$p{Q1c7+%BVSID`#9-1?CzM0PUY&Sr; zeBAX6ONmtV)_un`<|KLKMNZF28e)0M!|ZPM@S6pj@AUa&edl3$gU9s2{6Jnho=u`X z`}7Gd(KKQpAC*Sk%H&si`_88@UNjJBuI0n*w>Q>@_C7j7;f_%1HC61l&`3}9sXZ-% z8ZlXFjBmKMjTZ`}GEz|+9UENCLGw?56H@lDF-CV zO$~B{2Oj;*qCh}*|ny-(bBf`XX(2SmkePN>24PWIC1(JVmLlFU<) z*>gjJg3{>Iu-p1f-HZWMF3nJstDlFRM#wLL^Kzkmp1Lw*&^J_(A{6aKHtve+H(we_ z>S3ab4M2y{wNkhtYF!#?s@9h`zkp50MYwtxec0?Sw*C2)kM;uH^f>{YVW$ zgh`2OaO5@SC}a727Vvj-8!C@8u%Vl5 zNY-h6dw1y20qum?A7^}Zt!MH|m937BLiKz1?p@5U&j7V#+b5YHT3%$@a;v@1?yPm2 zUuLdbbjV?}pM!~W>!yK05sl@IC)cjoA6%6+GNf@{$EniT088ZgUkHzgsH~2%8OM>| z`57CUwFXUQMBW1?rZ0}Y*UZPikdP968nev6Lq_3>kLO!i-@Qkfiql>i+bs|X=>)%E z(T*aA&62BNQ;??Rd08af`!ds}8CG5(+l7H92bS!D=_F*$10}d%e0`Ki7&I4XWd&jI%BV9PoCZ6(J`7$)F={E){6yPH*=2$y2e>1NIEA1k8Fyp9|Z7T{nD zIW-I<-PG;n{-*Kt0Hotu8}%PRa(kW7<7GX9)>zP8C}=gWBSWNPlTvn>!Hfn16j}Yz zd#DqVijxB*z?=-$OQXum z8z?y*0X|YbGUa>{G=l1)CiXl8?#t6nYvIe}w2J76 zbqoBFISE#=(=Wb~&^AaNpIY(ZK|AX5aoq;{NlU{E_5%SSPA;U{P7P2P3J-Mr=T4Tc zQ=cHMn`oq{uN-RMGiYUtmPb`%(g=17?dg#lXy5zInp^i_uT>NV^PVK2mDb>`xs zvASb0oEa(RMZh^CFL-t1Ch6x&{}JMU#5{zWcME0_>)Tbpk+BH~bC%3oZVWhHIyCt) z#XQRbb4Du!Oq|hryMAQFD86R+r~JW8o1k8lUE&X496hGgsYUnA8|-U?cuW_@sT$?r zt%ZVp9>JAPyO>BT>?HA(ItU^{ZdjjxtvE??^7!!>aE5#vwvPhU-?k3}wz=4C+ zTs}YlC3Cs@OYXEP2?meZ=;D-vr5g=t*Eus`_6b9eO~>REdgEqdXF3uP$EA~kjFs;>JpyJ0~~!k z)gJJ3CfD@Oy5lp?_~nrk(}E;NrTJ}lH+k!wYB6Z^E?zZ0E@wG3LZ=K_OO3~;Nk#|8 z@RUvU{g;nH0G7RRGE8WFmsZV1oO`!TeRFA6olCihD^!_cP?cz5j#gLf1MNKTyyGuG z&*K(U(0h`SlC)ZnO9xu|s_Im^Rh4*s$!Jf*x4&rqx-{*=v`euWbS6xBv zFD!KaLJuwGBMm-j+SE3o+%!}(DJLf}KjxjZz3`;SP>8|NujO@p)D=@Cx7ZIt0pN@Wj&Ybip0wwrpXI%^d@DU(;Xvr zHf!kU7#?&R6Ob<3LkDJpY9$5QSE!rGHNp#kiyF1VXsnoiVPKiDj``2JD492XR8WPw zN9?IL6UpgJuYxyeCzJ3TJJGcmQai_;#~=pSMTvkWDy&?`3J2#N?7-#Uj4GQbx?@B? zfzA$N&9&vDOm1E@xIDOKXKPa2Is0FX5(H|0{z4)IT|Gj>DCWd@;5gz4UPf2<`8vN7 zl~OBBO-Js^#S;!`iO7f12{h4KLfev^{gH$}rf+AsgTuFP-}Wuxo4!10x5?7~Z4>8y zuJ;_{GHrNv&zW{B`u=@f%`8TU#a?)v1ZEiRav|q2ws#iUqTao!HhFcIPHpL8 zAGyxrMG_WW8s-Burc2IJQnGQ>NY&ckzoVj0%Yj78N zJaU?I*pgA!MvYtOSzR2BR!?o=!u_BD{E8_1X7YxFyreA2PzZ%KZ@w~dS{I2gpMv7I zr)o_1Jo-XqUSzDShjZwZRf^5Sn$68k2I_`9aVdQ*`J-+4y;;V%`FmryVEwMTd>6=u zm=d8y=3W)q&!j^i3I0f}xu}db<$V7WH9ODKU}D(2;zx>&(@wL^I6hJ!KVj$yWT`KG zD&((lRz~#~+q>hj-Nj#cwPmp68j5{H!Uyy z_U$m<9W+kaFp)3Jr*}Imso(&MrGg_VbDce4%-4yNVe1H43+w}8(gJXn8y zcp&7B8!J~p0-3LP_GMSFk&y2o64E%QiF|pZ#17EE}bc*0Ug3KWka*uI5F=*^gFRN9tA6Gkd9;8F@ zq!+A=VN`#TB6d~>dI?0?_E&97{0g9EvP~RW?nc99%KyNE6BYH9K0Kd3=+Zfv;SJ5q zxa=TFs4LWeuU@NByL^d`P6=g{eS-6HX}4S#HGxl>hia(Z{d*_?{PB(ktahSZW+Nl3W6HV|CX;QGw~l7k7*eti&`E z7Jp(8RKR1Dj{?nfoP&yrxa&mGkVbWA6Zj@YGyif@#8A<)7 z<+!vS4#`pvAY>>!=90~Yll1GRU$aUh?Vn#&|M|JH`-YYSx!EsGkJUTwTW1`eIdZ`B z!RCrlFJ*2l%2Qo>-|X|&@f)S44D2?`t@(1%dW<2MyzA7xduDe04`wUKgCe3b=p_Vp zvXYlfCqyz8$s25p-?dQj@}SfdoXiZSIi_zA{nv}=0b(-;(mBNm>htG={uPcZr#zWJ zIrkB4FssUbBcKTKt&0Pzh1Sy)54BJZZUtZb}2 z#Fr4dp-&uzDvq9;7@<(}gfE5*h8J%VUg8Ou3r;T~L-=@aY&v35|(a zjMR*QGBFP-U&i{nDJ6d1-g6ljsk$+Q%?*EoH;Ouf(HVjD*C9~X_Bu&%ZAp#*Jz~Bs z3(#ALmiW{Zt5^csFsiP@YZu#bs7(R=1-MQ)7dFUWu%@Tt6Rs@S1x!NZP8jiIOEV?B z@3iA+AB`Hj6Bzu2WDM;oA>dbS?K(=anXU!EXJvC-_!Y{(Hh)A8_+HA7mC)6$! z^Mx5w79&4bIXOF*L|sC8!z!&Juus4ejT49Cx-C3cJ%1C^yYOynNZ!ITpH`aoX)e$E$@YgH{bIKPd3kRn*3jR z&%kyLNk9E&Kdrc#1u!T&Oa%ZcixpHpSL?w{#FmLCuWjw@mXMf{+UmVcC@~kMD&+-8 zmdaa2y1hU#y9_tTCkm`>jo*l;u>%Ql+t1ezF18jPe+Oy}dx3H_gPC9vltDRIr0vf^ z5tf01@iseXVnWB~je;N{A%PLziF|YUSlx&BErG!t9Y7OimDRrXVQaav9J*q^U}{Yd+( zB8Cl^!fcAi?%k@FfA(@w=GE=@@MuRR&^)qY2P+5bgU7#p|DFK>au6^df)muoDt<8ZcoTniUBfIb#1wcJ zPC-06D3`4YCuz&AkKEjd-VTunWztNu^%krlBN$V})n9xwmoGeqyu&AYQFloyy_Fqj zBs*YRV29HH`uK6TPkr=)TAuD4wtpGrf>;xE>eQmE=bvR{?5O>DCQrG#rbd{;a=+x) zxEHJgvKQ?U$4k5l?9c6&?T6la3<3g(ctTV${rc5t`v1Py>f(f-Uw6K?C~p9xOY`Mb zVMWN~|I%yZZ^}8LAGpi9g(^-a<+iu&H0F5C$SRB~bAnB<# zZ1GPMV`I*)!rEH5aEn(-Z}aod#l~h4#;(0McP-~!`@#lxB)q`r1x=4L8r z3r7L=xC3JR6nzheO`3}r7ZY`O!spq&c<$UVVOs#7o}xIg`#d!@!3l^;2}omOpCAeq z2e3{K*Alo?fC9k|egYXp6>*4y<_gl$;Mq=U42?1(x`xX(x554c^{`OHLbmPOw@(cD z5{I`ic_8=24OJ*Ii40~hsWb5L2pQL|woA*~(|6Y%3O4V(-b5*`spI{MG0jU1C!8_y za0)nhRch{*>2n@?e5&7A6uVYqlETIM_m?JjjXCvHLw}^(fXW*T-RvLgnsW1F-8?_7 z2c;kBt_$Zc@8hXfp?ab}FV1Gzxq?y}3*+vJ*BalS9<(h4-9c}?QIkca3)fbxa$V*x zdwW<69r254WsQUGxV7F>KlT!{bGtvqiU8)XE3be;8N9ut@L7hnAxnz`3y1EY46%9l zc;;ATE4}e@a%G|046}|dnR!J^Q#1AW?&-G?yR3gVa$@xMInx!>H~#gG>+al}IBVC~ zS&DDRDa9)*BSEtCD6D-tYIxr-uNH4>-f4L1K&d(vxXiJxnG25&UIVF3T)ndT!Je$% z>YvRqPO-w7Zm_b;Kynu)cK%iK4h(LBGz1YVkSB_s@?Z3+jguI?LEj_Tah^GO$2Z|B zDwzF%5#Zb-*b77Hdv#sbpDYdO><&!}&;+{s3nB^^d-PNN$uuvP7l;%}K%6t0cCXsG4>0&^Ljz;o>5PRp#(IaxB$s_%r7DeGXAK+nF;p@OzN+Et zR$Wnukq35v*eSC_&8BECV)bdlFN^s;^Q~>#4d(7qL(0K30sX$ZGja;C1(&})SQ4B5xIdxJ(dF5&sZ&0#j`3`* zJLU6W`UF*-XPVPSj&l1m)GNWhN5PAsf!piftL$I9b7*!?Iu(>?h>k}XG z?@#)m_Sw2lQ5EBnh2{CLP-d~T#&q@cVtbb3JY&(+nf33AP@-#3Z`4|}=rc{faq`)W zGW*rLWhQTW9C3AW*q9-vKTn(-_h|Cjly#G*wHwpYNp-AT@RXI0W~VM`OzyOI{X8DX zz1bndm9PHm(V!+$u9NYof?0Ww`bRig;+eW#B5>*fFFi;DkG;>Lpi{eXY{ z5gCP^lI#Baq5u8YiaHIiyEOOLapC7}@X*bh(t#zf^A{X&?*E@Jxo0+7K&d#>3G!;c z7K1;XDc-tfbN`OY6^lmw`^Wt2&$=ia@E-L4`oR3olsS-{Qv#w-lIEuT%Y@E=xS4CednM-yZkJ3<(3X`TBuNM z+M$zbr~mn#O;59XEtBc#^49lNZure}%AIe#{;d=ocH>5Dgsoz(TG%aP3Hx?^Wo^z$ zw;l!9}i3E z7S`JDrsTO@`2l&`V?8C>JMFu5YZ{?H(2S9-g-e$72-NmpAA~UNIBPBJ8Mo*GXN4?N zV&b%EjBk3vi@ex2;l!HNtM3CNNucpdslLrj5UI+qW%{&f5rnEQWo5$rSm2h`84PF$ zri;N600xy6E2Rex^!D*NZ)h|$Xu^`DgAEN5@|8<(dDRw=MIV}*`d&?h zZfCv9dDXd6Xxr&-4jwy}Wf1G+_WgKZcZ)S^9st6=aFp5oA+&nK()Rq}g>3?-1sm26 zw6!^sn3<%$_p9^WaT#`*-`iTPN;pzEe3^z^?($;Oprx)BHznP+R|;dYx3^2*U1!nL zImjfvA5E<-wJJCVrNX3cad3D9K;%xFE4E&EEu>g&t*TkU)uPH$oP%+G3guIvWf1(~ zh2nT-2np=+&2B9C27w*3{K{Fay9DuG{rbsD2?ynJZ8toG6n*yGVZ{rIJ@~EB^tr-m zi1e>ZLLb-fA(e=5nWB^ygrgAhU|Puj+=iJ&B$|n|)0^kU{F;xF0RRSw~YoEMn5jcl|L0@Wcn^!pNJcI0$P`=RYHbL2Pg&Z?c00>1? z-onru&w*jNH~5DUc;3LeTv)l{uA>}>qviWnAu;1SD>vE=7^CY>B1CfF`B1hr*CgTJ zS^zFvYn#f8v2cv?5Lo^CHTYej$3smx-Rl*?CCc~nkR16X<{LLYBMrd_p1fe78a#aV z>GpfjXB}DC5qOl-LoSVM|M_uYF+q$2s`h%p8LP;XJuuacGbyy7D4#~}HC!&5umF7e41x>LQvfQyTHTML06Yn>qZ?kF?=gu7BAfLDjH*!AUH7<+rL7QT9`~9Y0UXwaDHUO>l4CbBBEQvp>+)D3;zjtn z{X? z9C0^pV@JIkX@83vbJjoqThz$x&4rI8KakFd4QPCuYeoYntd|h3^b}isqr-fur3p^< zki^2wgRg(4JFA2tGlb1bg2HIAIE82xGm_mZC5xI`r#Sd|I5jkq(&kBfzhxF;V_C! z0|(WzyF=6Gs>g=;J|`7j0xP+D|9tn{x3?@=j1tv=$#Pn#rx_WizzZ#;A8EVS zmseH_M`dvUI&}hzlavs8O^l`pd$xg7B><{#Srts-KnX!NLm^iVbQpR_6e~po(tqAl z)e7-CdpN4FY+d)zFbkc{U*=@CR@dyiV!N?(^_jF+S~{oRUf8&9pkJ?Dtu>KrVr@oq z?lN{v6M)xC{QB7CbKQo$u05crsBdNc?%S4i?{eq>^K#cqJ^~=3um!~~dVPO`rR8s! zn2|ZJkigC*SBBM$v66 zHgusJownn{!8Hb~)Z@F4<+YQIfCk5h^@2`Co#F+)6~)+eVS;n$#-yyA9Ia=6U^q^5BlzIwE`G?Gd^)(UhB?B zrz~EZqNV;-Y@Q;F>Z{%34)A`w{43`@Tk`t~iF|{fi*Ry7tu1zmc~t^Q1fZQ1-w%B& z#L1Gk_jUy>)i&^&r|A8$y!;uAqfnO+H@G5Q_{?nm?aj*VZh^Wt-zM%`Cuc0OgHOu! zh-IHNVMX;E#0eIi^0Pp|cf{_XZ_X5oneBICl!zsiz;#h6wsRrGE@yaCpm59> zv-~w)#a^*N4NSQmZR9D4y%R0nhF*}NOGWDP#(r|OizOCqnb2ih$GO-4 zIyY2XLd$v z+E0r{ecWK(qs-%$)~h$Ovf(m8CC z#low$ZQDxRb*Q^;`qFi0MlO@Tz54fGh=m)`o#!xb^vYX+cDxi5^eEy-E-JFCLixF@ zDIOr)jeecE1cj6&Sb5069o(gHX>0!8m<(iGhD1O}|44R7K2^5e1Z+Bnpv`^T>O`C% zz)6RXns$!QCBSLnZ~)akshe(3X=(W2DZnOE&b%v2Et!hsP1cNl%-cr zzik|40#42li964iIHVqxtLzmwg$m>PTwbLFmVAx!k! zUB0qviQZq5!?U-NP$ibuYzNL=(KYcEKE8ba1nr1u5|uy*y=>2)STj^x=+uIBHgM!U z=C-J#U|~Pk^$U*84YvZHTa*ko0^fAou)>pSMc6rk01KlV{wJOk&g`@to>q-u2q!2h z5XF>mkwoERmKBRcs(1hXvcJ$v31(|WHGnJHF|q4Xy9~*F=q+_51;RFeMLOWxQGS%^ z+8iXOG@5y!SmLKqlCXLkqoN4>CO)?1;aZ%|)>vF;B3Y#CCN04L(5FR*d-+{P^4D&uY`i^RQJzGlI@DA)D6Ux#XsFp%?noz{wl?M3F$5K@JY1N!SoS^adyib zT0M6>8$L7ega-mVQ-kg$!&E*tLC1$q*)LC%c0g&~N@q7eKcn0AiA6oi^!Kf$$Rz{` zEhT@8Whcr;eFG7*@rf}rxk6PX%s;SQ7Q({z4bmyoek_|FO%Zu*+8xu7sdBN~-ycZ5 zyWn7UPp4?-Mf&6js|`VZHFsC%gDLx?Y&525lcGiU3E)ETk|_&d#sTzOfkf(I%E=FN-jb+bl_U*I%)= zA$@#T8T>fGfthT=eQXSDvv@bk#OwB@=6y3Cym`}HWUaAzEIYE-Q}3-_yY?dsd!UY$ zyD42BRE&A=859b(pIWD8Npu6KK@f&AX6F>vFr)8XLp(Y*2_PP#G`0i(x` zr%j&t8(g4UUCQ4RW&m^%H0?Oj()62Ye$V(a$wDX^iZd==96s-`)6RkQH8la0LlVvG zw-DxN9=hZ$NE#e62_|#-KWNOyz}GIlSZ;80eH%)`GCCC|qOn0**Zak;c?8iW# zU5>(yA1w>rN|<6&p^+Zm5kGCpqlr^Bbg{+W*r)=Jtqdu_4&X5#9fS>U?1A{-TWz*0G}W=bSrlB<{)MMzHI7$~%WyLJT$+{wav+eKu57qR?iSE*Qh zGW2x3NDUZKj-b2gPaBxplR7oP$ffeOE?91)tJp}OO0 zMC;ePsZVpJENnCnN=zxS5i)kjKtZ^Z(9>-`)=*C@X9iZx%#e)45H*_cM@t*~diWL6 z4vrNda>L&qHq4G+u5GjV_{kL&UzeN} zbvT_bP?KUoG^jjT+A{XMp(5s}6X(yLfAyd-2PuDH^0r@RflkyAG_IVX{@UgyR)bNd zDZNst2VZa4HKjG_% z%YcL-J06J9P#bRh_qQQkFZ`&lF(~lHK1}fmK*IcJTE1sGt$76-mMgnnU@4MB&Ia(tr~Mih^wBMolP+X z2flVN#_l4FmM|FS?b_E@6%F_S`A-PjP7Tqw$EgdE@RFv=(n#OhW`68rUYl80S4WSg z-McLuuP`*_$n+XIv`3)QX)9QGbZvTTnMRn1$KGi*$63WblOkD%iM`7T$-YA$5p@9N z9-!;sOf4$ZV>)6K*F%^Oo11HpsRdWa<;fgyR&b+S?}g{vQ+l)J^&AC9*}bsh!xRp$ zXpl9BP-h09#gj3KS4fPaefzMlwP`3oC9~T-xI1EK8RD4#kh+p%IdC!e^Ej2fmaog$ zSXeoVmH_UDxX@JL41Ne80Q8jer#^IT_n;eI8)gd>|C>F{QS81}b?d^o%T$5{>z4@f z+(Hkloc3xV*dCsH+5JL4wle4d3I-PaS!|N#X z8S!(5HJF-T(f!qqCY1@9NL2P-VqW{oj}8Y6mnJX0*za)c)FJhgCq6P>)uNdeT-H44 zT8Gb*dwi&rnscYAU$n!PDFZfHroC*j{Jck27cn)LL<20_#&a())f+ZS3!g|#Mumlg z5D_KB0GBW^`~hVVu`Zp)?Da{~-M+{o&K^Sod4m$Yotq*N_y}Dd!gJCXefJ-I`poCn zPMX}s-p)?Ushm|bA`Gp%i?K1-^ZW%1@FVOrZ04I}G3o}a%-g4e(3D)VsHj}n;^E#b zMqxnwRx|kpT|N8f;gKTqfJIa9Fk-7@HO%8Q8X+-2z|K(wWeaKU4@IZhYjAQGg4u9s zMlf^+{2K|{VmU9Gb75j>new;OQ)01Z*9u<=jRgw?1B;{a7(~T0irb zm+_0#)hV$h{5Y{N5ikgu%|pKZ3bj|vKEI%wW^+>8%a<=_-amJ131hYU={Wk#Q)2BN zRHs+u-e;2%GceUtk!iI(4uQuTANw=|VVJT*?Iuy_b2|lLOdiMDUc+Pv-%}{4m|_ys zAK*0PMMipu=UR=P%5(%grhP53?ykfRo%yUl3T9<}I7906{t% zEFJlUS+L|+7#EQ*-3sGSZ3;pG&>3Q9l;6eaW?e>WdtCuN;pHAC62aJqj!P3RdI&K* ztnQ()6_6+G!Htz;d~`&3f@`>~Vd4mUib3r=a9Y*y0Nn+=MmA`+=hAqT*=PuX4I5yn zQ8o|ED>)od;WHU=$tmPGEV~_RB{vEDkZf5-BFj6x>)G|N;(q*aUN$B7+>@2dRQI!W zEI{Y6z3J$SZ*pGzDQ5PCZH%EJ1=|n;8`YNFs_+Z7-JQ3p^0Qb~d`m@ov}gh{v}pnW ztBBm{UQLx5x6F0)v8R9CpQxeVYw~85TgR`=cRMtq%k51! zwdapKCZph-SKni=&T8*5Q#{LTyO-UxwXiU^sCr)LT$*kRw7qqLQQPzpi76Rv%1-aj zQJFlc#B$R3(Uo;K_V!6GU8q!A6_k_J(dccD$Z@M$8`S0RWF80@({9h{&1_J{;rt+$Q(6T2~-xo`63uOp!ZO?xF#8O}Xf~(gU zY5IV6%tyUSF6p>(Q&l_jvM8&}zg7(k+U>p7_1*b?kKezmzp9`zdi3%2lUxderPkD+ zTGYj8&9IXe2r%0FE=cHo(Ou{iO&4}Low1k!O!f)EA4vsv8+3l+3y||n7GdsL6c48lQ zmngL>}87qZ$t<<6z;{^lp^`U0yM z!9$8ABhoKw?U{@)qp7x0S+L($)gbxDUAw~Z`bS39-f(DW2xV3G4W3ui0$-LB8}=on`o@Kv#Vg!IpIy)F5QYGM?G6163rNao36R5sEYCefn4sXx!Pu z^WENXfsG)zB%wkGR2Qvvs8woa2FOSrh z$JA#DD5e0@2ocPnZpZ0I0(|rV^D1%(2oYAj=ctR$zP5bXwK@NGG5bC%WAeK3FK;iJhjL8ZhwyAEbZFaH1HgPwQljfq}v0m7#FI z!iX!2MNvtx7#NFEpP-%Cy42sppr`-KU#*|N_5&6$!eX2fv5(_mQ;{Aa{#r%bgXF*=xE2jAVw@=#qDg5BP zhY#m;7AqmYp{JLr+xnxnHjpX=5#T4U4j0-0CJQaASpP+u74{GmxI#51!EO{@qSXLc zRx*}wsKMj2J-9ABR)@g4tBQ=`;zWKZr0XAz7g?IS^(fA z;f=yo#9EHBdLs!@LU>gQe~Ksl*S);I$C~5K0>EN+myMV_xvvY<^#sP&g|!d|N-^e! z%YC5o&+Y$ZA7^(`^#W!exvQ$%a0)McRHMFI)pF|i@y9SzaP{w4kgTuox$OE0{sWux zbU7x_si`hY9{OW{niXw6?3ymLOTxbNsir z-UwHM6>5KhR)aO#J4F1BumAi%N2cofYi!QP6V!iYa8?Cqymvf)jsHD{*2BDz600j& z-=J9|vgp?N)8|8PDmWSyuN4lIYHH2b3So3c%vkc@Bi5%AS1#{tnW`RRnxjQ6;<)<1 z|FzTb_U_4;2p(xR^IW{)=W3s_G^yN$H zXG(I`b18{#4#9b=tG76{-OxFuapS<(Fa8Y3>ZfNMqS7*`E>A+Q_t4ZfeKOow(1;0j zS~Z9{TM(CpM(w>S%h+DA>EoJUUpBcy#oV1zvBbcLmn0&70Ju(({%wayT>n3>!h=@E>tBDD0Y7_4(wkCA&I5 z$j(+tE3w#ZTyl10=#!+Rg9!e;@9Fvnr^i40*?3)jpSdX55I7^{iEvuhd3cfnPPM~n zrfs&S9nIB-VPGI`jG|(dPr+#3vhbxX-@~46;pO;U#^&W!15=9^mmVFuy1u%|^7FRq zX1o7TNQjAYC@HuqZ*;17tW`JHPW^UolIcEndvY3`FLK>thrI+nCJeTz{KBGD%q_qc zinVqMZC=$EI-X+xm15Q`_8d&z+j@^sk5|mN*3GP{Cg(=_mAUp%pRi^dodt;C6~Gk@ zGm8IGIvMPR9$bB%ocyPd$Z#D4BJpuiZ!GQ|P$6gl;0ehr;aW`FNg|nYP8}~1oVV%? zBM>LYhxL_(@f>#7^8PYd?|V0@9e7&rN6C04}N zrLVcHV(x3~s_NqkDF@WwNd8XDEAx{6D|33vp-9F3yluVjg#UR4?#K?7mu2;LTwdj zT8VF+*P#DdGpMl_m^2W?*R51 zLSu+S%|J)Tra@(2G2?^O4A|G&g40dfCFV@_{vOmuI|h%X&IcDZ$HMCYsTR8lC2Ml8 zE^{TZOaw@1YilefZ+K18i*J0=6p(1^^W0bHb+{;YRVboLB&2HXvP# zyUj!$7zd*rV&7s=ZUrR%ImoeBO;Mk|thca82J;py2;>0368_r4zyb6O~GFR$5z5e>A5SC;fu%ue|`EkH`jkTkLUc5%P zfF->~w4T0w_*suYd|4x;d)O}DTyiCMz0&cye_dS>VLEW}=H0`u*}c|DtCd-<@?v4% zBPJ!Kr5XUku?)e7m)6(T3W^m#cz{AFLA>Ll|+qukhq! ztK_$%ysLGX2?(ekJbBxjbJQPrGt4Ef?T@~+4uo3jfV;gx850Bsa5eBisgds!^(A#% z%<4Lo($x#=4%Ba>g}JmcJ}qKd7nvh94)vEP5;@WkM#2r-GZI)U61z7cEaLe8Q*!qi zzee9D1clj+H8ICF0eDUqpn=>!gJ1Pw7S zMXlzwv#;)06ou5F>?{~6#tqO=ie&+=U(T_PigUdcd*p~@w|N1tfDx~>Uk&`bnEPz| zrpjU&Q_pN%)#Y4@03bdW)8MIRdQ_P-s6R8kIUSc~-lIcG{o5V#!f017~Z z@UNC9cWwKWnRVe5-LVOB4S}#Psyr&3?FfXy&uiZ9DH4}NpfLT{IkkB}^(8#vsnaZ2 zaHCpvM)n0Gk%S5%kMBN2?Fje{r_b!s!Ok!hLKTFgm&A!rZ{XW1@?#VP_*!c9_Fl}Z zxQbl@YK5Nk;6YC?e?EZPJRsYbf4#xVDs1bjpKd|S}G8oZ0wt4!+~?*mrzbQtmz zR&N?*>&eP^XERH!;PA3(Lc= zhlvDYBO43KA5nlq?VcGt&i`op3y17pWKT|e8<0OXUOl%)y~ui|wui6OO5^kX&E2Br z6>X4-9`K^oW~%IpO$Rg^&8?enRrB3>6w^yamEocs0Y$UHbOn1z>FY>RkloZbtNT&M}^&P26!7Xzmve5Wq4S>`(BS)gvz>?4y_BBsAz$vKTUsr8$BHfmKn+ z5>{(JE`!sIT~RtU0y{>{O`A3ax2X`C3PzVp>WFc=+;4$&3X?8jEl|1Rqf7LlY&3rF z?te`%VN;8Uu1Ekz4*-9j$l*V=B*cViCo$#&`64Gj2jpK!o6wf7Cm(N$Sp!w#`KC}T zrz5Yg7nmT<1Pr%9=%2Wasj+x7Ogl9oHD>FC8MS~|$l_zc-^9G-7zn|Kva*F`iblv> zMq)fFR<=lpkXl||KIl%9fzZ>HmOkY+=iS{gk~kX-2rAhW$1@UR9ss&R^e3tWN`p4S zhfsX8usel9^(aKI{Dx}GVQ1CcO4l|@P3L5CAeK8cP2KcTj4#WzF=Tlm$u@RpMK9*G zu0TOZi0O7tqui|Pw)wKUHuzQ)6bytCX4YQ=j9zH?zzfaz4gl~=8{g>Ws6tqXJQ{G#Q7XA+Rld{vHlPWMBx5 z3G9F-tl7jUMKv{(1jM32ZYvsugJ>LxB+K=ZOjp!rW%voHHwpvc7dvFu-mTl0%PW3Il>u{vKc+v z8O!@gG(dR#eoIqI6g1MEqP^M#(wmV#mHL*66_PaUVqrCxR%khQ-?SU!p*QbH?umdg z_4P-u`=0-{&?!^iu){(K__En73I~5^Y_oIV^{_DaHQPD~<`lsIa>?`FUeQua6 z%4;6D>wa&_UcA2!zw#?X1e%FLD!@3l!1;p$HE~#& z>`yYf=aBZ&?Sz-!G8qRRL1}z_p$Yn(*fqIie5S3tOTYz+QP-rWPi+|FWVPBObW37c zE^~(O!LD>;1TmrTaB0k%ux2^2*1KCNZ_0O0#H*c{o%?ieUIEYUTH8UK8;U2%8iw%y zKzE06jiX)3YHXfA@# zSCw^=GZo;L#f&wt@gvW70mxovM5o$&31APKDFDja~9325d=_F80R=)s0?*vIq4UtG}r8ZZl7O>c|q^f}JUn5c#^FxEoctqr{Fo^ZRz@SvaHqQd4#-a)V-Q? zU|!MElv=n04CLhT6}mZum+kh08sfXo)Ot`sUKg5ophV@WeeoxTTiv`vwi#emKx3%< zwv?E{0SbxR3s;aiFOgJxx5voWXtjKB0*7 z%0+1YyjpVcwo|)|EA^HD*m@56D(o$(qD3vrWrol8uawxkq^Vd_IznD-Zed~r612Aq zA30!UC^i|-YvZMD6I;piv-1~Up-ve1!jWm7l2-nP!c?WqT;IJqV3bUt5nx{t2JjbN!^i4v(|irRzFkMCNo3 zjxG`pTmob=^)1z(vtsT}Q0%Xf_a)7n71LA6peGKzh_&oJeqF*KoG*pf0Fn>8spe5(?X^;V~M$l zn$>GaCx}yY@j{D*&&;ul7mJoh)Q~jAVn4~ssL03eG$`uXn&314sN82DC5TIejpfMhpcvPCT<>LP~zVOuVu6x4(+uvT*iTVQevZz!Ha- z(?7-;@J3ap-=`Nw6Tf&$3pK0}=I;9a{(5*CO?BZux z&&4`T*IWu`pY&CCwi$_KNn*Do8U1@rO`6Kg=UIDOYHL8ClP)Dlwr{_ks%B7Sf|r+9 zuOqtNJKjAHnfYg(!%V_-2;Y%mq+@7pv0&*$>h>~QV$bfs<)(YOJ=b}Cw0igXPnSp{vYPVg>gikKtH-sQ*7b7p zl+#ATk}3ltbJ}NxoJ%~RF>konu?FvNhc3(K9vS7WBl%dX$FxwDOOvN=)$!>+CoAc= zXHnv5S6?^A|Ipor2F{US_MC~Hr>w#~}8m(DGN z1&4q<`pU&Rwl6eE>#w3#%-^H~jO(Or+u+wBbmgqHoH3eIx6`t4Z*f=W zK=QHTYysAo;|7*wM81tJp=qr>iFwLI5PWWK>8FX$YMoA26gpIncfC+(ubQKjn%LTs zh7P!qc?ePCauc{hhOvK;Y+KsynE5F$N|s%@dYNA5&Yx#e;)aFsHXKRlXdn<=eaSI( zBgT#$n|yB{M8@=;zRI@QM;^* zE|aFVe%<3mQVu`sYxH+bN!WL)f4fKcCN)}}_6o7;eRP#9rt$a#{bI3*{j%}1q}r1O4DXXq<#PmW~n z18hMxYfh_wU{(dbWS8i~r%j)J<@ILii5uGsV2~m()ro>EW4zMm%B$E7K~rRxf3;WZ zj(~MGoh9}XJA)goL^sSimuj0R0qjEAry>1DD)WGo?lzO3A5RnaFGJVS>AhLM^br-Y zFy`SIdlh!pjY@wGlsupzBDY;&x9Ml{)O9k3HU+{u+hVpT8VC*_YbZsoQc7qzu&2n` z8%5@@Fz*I(hH#)pZ}1SF8sZB(*n)A6+2+w~b_73N47NbaOBR{{+2Q&}ew5&rz;C=} z+fYVO8LbYk>?S3}O+E+!M5n))5|o|NQF;(Y0B|ca3xri8M@u0h%kfn3sZK4?1#cO} zpmT9Av5;1?ySdERlp+pL`5LE9oJJy~!H=yDz({92lJBDlq?y&B#oe6lEBa{Y(p34Tw-Uii%`~ z3JCNB;&Kpeh-%I+vS`4oO~UZUeRs{snH?RC(>oB*a8bKb9J4C)H3v1pJ!JL4o)GL+ zGImgjbQ<%~FJT-NNP#W+v43&Q;=tTWHZ-NayTPw1#o2$w?T*8SPZTw`ip=7ZMO{a< z(kw_4DLw$=UIA%hCMw0n|$B-fEJl6&ir)RC?Kl&$pZ5TWi zOILgldeS;tV7(`7e9*4pm1+6c&G*Z#_fTfLN!mOw2N#?CbD58)XA;^fm@9Zdv&Ql* z=7NE>xacfQvBcOPPh_QJcv|JH^eslIZlKnjT2-cn+|Pd0<6kuCC)0!*z8P&+=CD3<M_;YrZlKyjEj4G45i2?MVcSTL}cD8N3|qw29GG;O_;K}@63 zS$22(2H=S2%%(E(`YIBm=#r2T$0ji2)x7$zgMzWRQ@*J1Z0EvIM+C? z`@`hqQf6i^0tBPpHt|X%PF+A65gI^#N_l~?LtZLPO`bkWD5*)w z*4d}7)719v+c!w<+B-(bIBd3cNwaSkRgCT1S79ZQ{4iqXfpupyu2qTB7zl)gYVFd$-JvP#7>v zZZOt<#&HeHJD#k`zuM=+g5#paIbk{)zZ4$_IcgvEEEh-BnJ3p#WQbcUbZ2ZQhkJT2 zXt&gYU&ZzfrqlnFU1xFUExJmaYv0NZULxp96yw3csuoolWBulDoB3szoOr4!(-x)s zen=TOC8P5GoQT|kQX0NldtRQ|^%WbF7eAi<%JP3~W4of$GIz5*-JC!sCUw}wA;)Z4 z+9_Ea7pF29hJjMkFJ#ppcs5k9ZdB+#(|29>@Mo0o3>)>7JOwVh_<4Nmx!A_7zAC%> zF1q^q(C3ZsuA9$$)m}-%D53N3=c2b&%cL~NyLduk+Z}2F0RfnL1?q1dUVR!JlxV0i zj(G$`fo+dEe_{@{tYqp;p%FyLgG0@NJ=H)}HEOP1lh6gLZ$63Od|Vy12|!#z#Kl_07ye$=9uI zyZ5MdxR+Eo^80AF?l;16y_5Ql^e?IoUvOz{?z*v8dVcWI*1h&O^PS|&FvkTJo>%0J z^FMw;Z}YQD`{%|z4IfqcO?T1kKabh1-(~nnyDQ5FTe>gs>Qn#bY)HcP+1;=A9I?)Q zebjFf-0qApQ@d#pry@u|DdRgs(kqT_$xf=MQ`2#742jBrG-SoCRF_XaX9M=_Jf2<9 zKd{$-H9o~A%9}3r?C@Z*(I>bqpha-m7{fHLmE zv{pbQ18R{}IwiX{ZyrnIEx_bHiiQndPK#`9ZRzBI7`#R*`it?tlqGiUD(W2c$9jG4 zl$Y_(C;t9M80x*=Y_{-7ZaxK9)cB0$5A1zfBr_c!0x3m3ogtQ;BDUC_r&Qek;a<<#Iucs~);3kOAO9s8D8W(_S1pP?S z9P?jE#r*vqf6Lk=gnX5bTv^Uhxgm!KfNJ?9tM++q!aj4BSn}q)*N$VQ3=GXIqiC|_W`)E4EPegfp z7;9wZw~P!0RlNkoA^`=O|65?vWl-JmHQQkVqz=4*of8BK`hQ_bA-tFLW?cni=G^mV zgSk(VK!dK;s6BC;*CxdYG8FLtSxuQSqG$;;SICB+UW%g`6reqIz^vT5|DLx_!;?aP z%x#`vB{Lv05jYBeswL*V9SS z3o0*+pFww%s?4KUNTq2LpDwIV)<2Non?IqfN1a7sF6TP7boc-H#dhIs${-ac!orOH ziy*lSI=eB|^@WSF`>+RqDK9JQF!)-(ZQBxr_p!KQV)U1)M$SR-o4#I}M+{ygqr>-I z+V+|5F*i4{_7KbOn=s?BFIZ6vZ${l1pk`$>U}*}I4G>=CoMdMFAdzwWE9JA*)VnjPH_;D6~M! z2e$Wp4A*?%1>$Rdpjf4jDEFfE?%5bolPXE16ZW+@ncXAzW4W9$sP-++!UBN<8%Ay+ zlv?qgb;k|_Y*Xz!)7Nlb$f{dT7e^kIZw#s0bVK`ezGe4KT`z~eY@c;^#;C#TWIHbY zk1**&w>m?~ZaaB`2VU@Aov1c6X8K|TR8eq8iJCff&y3-yzM-uEmzIXU7MtdTW*|23 zHcQUMA}X=*+e_;S5T$Xd!xP^O!_bYh70wmbw2_eU@(*g)`}@`4^r;0`Ehn~(KIEBu zZ;b0QUxSo~y_HT-K2Wsb9HCI8Eo~XIhB~2JOZMi+wi*GiOsCJ3r6viaQ^JQj=_=|U zDJ(d2iYzv4*iSL@(5WI~Qj?SP?>TkX3cAm1dY>zoT4K4ZqK5$2h~g?wm;B zX$T@Lmf#3VlvL0`?2X!4^+uZ7J11npG_rJ37J%F#346&jxsb z2KO?Ij+zKdjwbBfgbfEiONn=>wg<3C79S>5%W5^&GBht-NYjvhH>X^Wu3TWOc4tsJ zcFL6szlQNtgMcG6vU>OGrR-ODX->P6Rs?5ELI`C)cL^Es4$@yxGtb;dv7Ok-BWWf) zSP2}GHB11H$f_@kHXa@sS$@VYV7;w|b#Cm#^6q9n35)BF-CpW;y>8P3yI#dH6eJ9-dhH3XOZw;cby~{a_}zSdy6!J=@boSH1Bdv13O|vpu6+ZG<$X zu&_|@7YNE_(}WG?DR{F2xp!~K?jS^e#>B)ttc8vrJ9Q*?5?^RudVdfI+zy&jPo^N> zDDHSv)H_KEQ*bu`eW-n&W>1bn`Eoe=YnNe`xyR#{rYSa{j*=qDD$Oi!x}Kw8tot=P z=biEUl_zVu)t-17{w*|5!^*E-Q-0axEamv8eHN!hbV<5p!>?l@oZum+flNBbvaJE3 zhnQmlkl8PEx`d&&mho$O_F-?b^CQi~im`T=Xk*KFP8T{9;wFD0yuX=nyfyoC8Iw`f z=`+5H$r&2hOH#d>NWntf3Mmn(vqDfnqN1k|+P-t=^Q@m((FTlJ06&+yA;lY|;U1BBL& zH3z95ZG;JIQPD+AdE~ybnWVql95!5pT2o7ivd-;r!^aJ4v$}xg_{K#&| z5I(k+0mmNf`y(9)yDA56UANmzy2QK{)8a^+CiLvCvTabQC`1XORMFpWT+&QpYZ_8nB9h2{-eWN(l~yhp^bB*eA7 z1nw%7Fo+L?I3mbM6)l(8&B&(|!(1|M8r=)E#g4b1Kfa`)>H@ld$ONl6=RijMO&tm` z!9bMaSY$yJ4r1`ffC0~dg{97V8x5Rnaz6nE1R=(=ck$x44t4rA$N#o=Tx@lp?Mrlh zZZWC@4q{W6d&hd6YkimD)xjG|0u3*|={7c@*->lrByBz4?kkPAoN7IsvcJQo9*T3l z-21s}@31_kd8ias%unQ31E#S`pv$4>U}oO|$7OVmpF9~%VJ<<#J0#vXgW-m6H8m#4 z<1qPea}ybx5Q@~(h<2u;nBQyEu z3>`9L2~otS{Np@o)|Z=OIO5p*KOh#EP54TYZpk9m7rquot;}o*Ze(!&ovG7;33>?K z)>`t4NO(T*l49r&o1|l;TKBVUtGFFtU~b^4Z7k*IYGa4N zoX~3I%z(g?%SR0}9tZhHx)g$G6n0`jmA9!!XDyc1@~u6ms0&ToCW>yM!{i8)q~r&0 zu-P17zBSidZrR+}KTdzIUkHg%9c}dCg;$8D3>y(I@t1XfsROXk$$Z{5+<(rY53w03 zYcmXz(|apT4Lhv)@nK+}mWYLytNv07O!C*>qW0RZho61^rTst8j(o4xGw@UKC6BWm z8@M`>S;C5{R&SS$jS%(-uAb(b5Ge)~_#O*Fvg9j9@NO5Nlx`qC5Ec}AHZdobQr`JA zMUs3QtwjR^cY%jWU=b@fwGFTi*aB`E*_Zl%%4(=iQxZqOZ~C6nk1fAYS_&r^F+Pn7 z(bb;Ocj3}4mV{d6N2gSe`OF;`&i1`q>)Ty|k7QoujJx}K6>F*#&kPKE=7|A;qeoMI z+`2<@jKuOu0_dHCdh%gQ>JkcNFwF#yp$ISh$T|ap&ZL$@t_oYK)G|(z&>8B7t`q~x z1D^*ReJ^*8eNVUQ4%x;ukaN zp#lp6nH6ecK5{aSSX@lu1}x@+Fo1Lak^O;xz;9X;o_|$oUbqwVz%er+QS7 zS1mM!{J_ps1_e=Z3`^TatXyfiD}p{;cp3T3!XOpeS1tm)DvjZJx3(>@yO?XlhweD` zHrDZV{m>`{LT3s`Kj!6guZA=-3?ueT(?d;2&AOn-T0ssUCAL^Ob^@nQ6j&)c3wbGW z7iHOTO`N<*k-c@`cGAa+mL6TZ{;iAk2(49uK$tS%gfjh6a^X0dmg0B&+oe|WcCjKk zT@eQ(HXJW{A>8E1Ehh*7`!Ke{&La~{QDHp18nc!^=WLEoQ|6U3-7Q?&i4rSQhpO4l zrY2a8)JQlL6L7H?IRy=hifWcvZ$OhAInHqn_ij?TeG5=QfWscfjFB2e#Ho`K_fI=@ zh%%{nsXBBnHm8LT?jZ1Xj-P^y)H7#M`5@K7{Qa6?%(8V! zyEPv)zBpSpryY}8o?k|$&OOpU;NX|Xh8b&96_0vLZ_l|sXhG!D?Cnx!`QkFDdsCD&1M^5XN?pQrA$@pD!lp9~f$kN~lcXvk?&Ybke52)B{Kz}jGS zy?N`_Wg=UuU&9Gk1puX2>)9ngWFjNbWs%zuB|Y z*)4KehYKG+er!Y-X@Jw60Ks;~QfG+YLH#4(7}7%;W`xS!GW{{9yEaSr>5%soQ>S}) zDC_2$Sebc!iNsk3{aIeRa8LC!Y#-GI;60hQuez^A4TlNg1ELjS3f2|yMc3O`nfkdz zqkUlAs96|i5gp>7k9Jn(xS>1~wps#Jt0%2K1IrZRxxP(1l{U2^| z(+E&|D8>ViOkKD8i^rSj*OB++{f*XkUQes(RGlJA9rT^bO%x=`h=p{@R)oH$z%$vh zMcf#a&0}aE30o;`oR0cS{bl~6Hjt?x7y*WeU3cyV4iSSaNIH0{Q8lLL%Jvz>hRbre}3<;>CnR>Ml!lo(#)Y|#JMR$$8_vB zZBNyOR}XfJiCR>Ho+zS;+x|Qs1v9oT)9fDv-y-ZCi-?GL=*W;2@=2dkALlF*LO@mp zDf8Mg0|9kO9(F7gL!B(7rQDsg+0>5;Jk5AGcXkw+hDOwUhAy=}EbkX_`;l zj7G9|%s4{mKeb-wy=hLgef=sW<=egL`7^^%GXlY-?RFMhP56L%#%ouvX3g6gSIY`| zv?ll_GLulcktlZcOj{AdZMZx1^nD-iA? zgzyEtCt)BoX3QAzqLJo#oI5944&lsC!F!p~YIeR!6H5@~F{E((G$<+}01he&{0qnE^PXviWE0NF#EObbsv-9=^zzOc9=0#fiOX~3p;?@kh1mC)c4R$?OX(TKo^83$gU#-l8=qtHcvbWWAFKUZ zVRPQ*56szXcV3AgLX*8&V+xou=OasA)3Xjba#_dwngjT>#m6WgH^6bYpO zS?gKpD+)5oDX&PnATb%7iDM#@p<*Sa`OEvjL+6BKm`2!S+qQJFEsnFxZ&$7bSU^lC z%QGjdk!ha(JvMauRUGiWDKUuV{?hBs!k?Co#R5U{!9V}R=cQ{TqOV%3kp&p(Pd$IN4lrn2R0 z3yU`pBeQQUNN|;*f)ZMOZo$)!Z}z9MOq@V_3Z1}m@@~(x*&J#n8+u!hM@Qo$&}8bZ z{&cM{6(T<2kojIrMuHm)vsm;&)azofhT2Wdq4o$|50CpX-?t&LwJC92@{m6wo^k{R zOy1lF)Z+>@AD8NP8p9LY@XoR*SG9HFjy;3tDgrRfhDg>7ahRg2wPSIM{rX`-XKT(%TMtdQy&YG;d;; z?sgOiyX@6UzNCU0112n-{N&{uBjl%G=puJFg;!C~2z{K}pK2l`rGKYb$= z{sJNabHp70Ljlb;MB0aih5n-R@!OZ@HS2HfeUvD%s3kob?$E=>e zN;{!-qgn@DT-trTx+&BR4I*>h89SFgxRHO=N9-sfSEbfu1%7xT+s0zJ@-vJ;Qiguo zw7hbNuJ378`2}e`_AgjHuzBN>U11?T?%f+|Y7pM?-C1v2PzU|Rl2s#K-`-l?kPp3kDKDNh;_si_Gop9J`*HIn8)N^pH6MF+>G!6FL@$@G@zW-KIyHXI z-0C#du*F3`k9gjY?E1Xj;+@k{w*1sw(1+Xd&j(waveW~LTQRBJU}$yge~ed@?vFD% ze@SlT>}9u-WV-eH9ACd}N)f0jJ~D)`RRdM z+UtJ&a`kSERb26KevMOlp6&Yl^g_!${;@TN7SYp38jq5xc@ciVdi-Bf?l$A40+QZ1 zjxQ?DoRfF;KcA-O*9n&I$8EjvHRXS_07=?~G5yjlyA()&A2Gx~DgM`E1G5U3d$Xl? zYG_#BzGP9ac`{aR#$|E+e}AE*89Fx8x_%$hQ2A1i1rG2CcwK0l&+PPFv~Nf)hdZK7(T93FS= zKKOXksv7~<{im*Ri>=-lS!Qun@$;zB?|rt;J}nCYB^H872w9!Hyry-WMgVJ(=UcBP zAy0qXIwTw5La=#*pWHo-&>{$lS{F4{HlJ1MI>gI?I*0h;~nIj9GaWSKXxs$ z+`9DyjZyVmC0p<+#7H7ppz0;l`&QM{3?8GIutofjBDt`jH{GmQe?o0Xbo8s59<*wu zWuj5QD|goEVeMGmnpTJJz>N&6h;1KFBq+_OyzuJB5(QgU6hnGNz8Rv_`jk|vhl?)j zuhXfxvfd^O$socs)*fv1AFRM3ojpsk1&oW z@HHqXXmU#o0ghuI_J@iJABD=Wzw1y2i#lfbYkpf?e8Oa}$=QsUkd3M_h2QSQsAPwk zrB$^%DkAMqbilaBTXy_<$Fc3m4#A6gY<&5-~r~`6y@fPZ|Th_MHx&LdA?Kxfxl!;Bu9c25 z9EmYYE-V6P7f{=)%`xo3iEO=7bWU|kKk|Yg-@!t~;vG7>O*c;<1X#{E8wGGD)=SW% zsaR&tS2gDL^CN_Jwvb^zepiDK6sg{+!YK*hD3C@U@iJQ3_Hv#uN6$mHK3t0QF zm@VGbMiMyQFuQ+CjGy4a?39bs+yHf_yOHsXor<9_3ZoS#n}8Uy!q!fOKbg<3%8PfL z3QU<<5Mh%>ow*492eLcmbqU>+Cq*YKIldSgZ9}uMi53>^ihFN=LfiKqhBcupLN!E# z8Si+f&!@x(lm$nQ9otB0rZ?cjx{8?T-IzTeD*8-Hm(X)i4eI_%;8_X357=BI^LBdW^=nWP*ADR6BID7NBp7Xu`KN<|m zGQ*JFSj!S6OO`ByBuOPIR7ho)P>Ilxtt@R)S*A^r5G7g|OO%RA$x=v>G*Kc_eeX{* z=eo}CT-P7J+x5@6%`v7vpZEKo{QeR`(?M=_`AVQMkKO~_e7c77l! zDd}Bpz!6Q`Hst)k=kMaVNcg|>;Ix$h!c(Ffiat0rHf#ZOi*^;%0j?H~AfxL-51}GT z9QnD|(Pli?T=8iodR&<@l#wwjA=9gimYzx;VE!qg-l1dk7xg9L*_CB;%;zEIJ3 z@Ul?Si1}D_c^+QfW$vv;FsB0z7cTC%8I`Di@T2?q70M_hpCYrf3&wzc&ZHV9VbwCc z#Fg=lHg%?_47X!kk_L_AW|*dC`U7p->F}t&mDL|V_9eU#WydsCbr^p7%9}jd+BYEw ze5zO=+B}Do6Sp^|LajoCEK+7kS>mC}3`x43d)`ZM0teEzq~DcG-YKgjPb=375@^PqfxIwK}I{m9{u!qn+&U5G&{Ck$hLb$4BV{BAy0L!bjOUk4cY`xU-; zINN;CqF{pv*X%l-@#vS4x_1J(?lj-6fYdM<$IFT-C0#P@z4TKM&tR}VD^9_xp&EY9 zm7FHaPTDq=36F+QFf$L}1qWE#IryL9z#8r&I%1X#$HU-qL%MW3poy6;=JgveK%^lE zjDzgo9-4QH;nv)U$+a(AGwy=lH`^v-1dDd;7DdQNr$U*b9&f9`@q-^AovWI44ItzG+9XP|ER|Kh~5e zG~6lA(ZdTTK$TM#?F~{Rt^t5vajj#;wKd;*e9I>l!LoRhuF&j{3d(fGRpiI?ge7~9 z0v%q`T;=QoJ7J+{FH0E$4#Q|zd9ndq=M9MvEZJ8P$G5sfZ&<iiyM(T~c?VoL(Ayf&7Nxgl1o@hkbH>W8hpq7>ebD0F<$}}&a6Wz7nK+N;r;tw0Ev+^Gf?#ry~8iN z?WB{URQ|`WYivv{%X1^W3l%-U3q;S>>X*T%o^ER1tQkpogPN&2_^QSHLKD9#$!a}- zBTxDztR&6$sC2z829n-|FP`%vsBBV|WP$*8px#5a31>RbUaR)uJj>xojFQUI$x&dh zsFDZGD!yG*WT|2cTEcS`c!3h@HbKwS1**~63PO%i7jY$Z;$MWbP$s@DPXn4(v;uNU zo3)j5U1WoF_cFOeoHnahpY24HQfz;!q5-{nP5e~YcMp=cGad1X90hYaiw0k~tRK)^@q4+Oz&m zGke=dw#k<0)wge3g(k=8EWLBETl~du>ZdtQ-5Tph;W8cZy}G5v7ARID$TH-C?0EN4 zjt(y=z?io(O!iYyvbr?&C_0)S4@y4CfR){h0Y#lQf`Au{?jrHyXv+ysrs3{}NA}q| zT-YyQCr~yjM7EtzDU%5zCFdo0HO&W6A5^5BvKLO{?EpR5qF}^yZjcbiOoZ~V7pSp> za=kt4V@?Gn!tcnkI={LcckZ0wR$BxN65K+G$tvrY`s58mW(DP>$A4uPY$=J`NPmi1 z<~~C#eu3O4_ri`ap@`W?8e0)p+6}WRWwXFECATXvg_LEsh}>R?k*7>~5Wr)zRvi?K zEIeo9vxhb0oafWH1Z(*ZvGBve&=e;i2hGCye-HY(#ruy*{@O}+l}!-NDM0m zs}uXx5o2+5^yLR|8|I|Axp9BD4Gm8h34<_&1iP>SHJ0ZNv|03zv6ed0ci#5(7gqC{ z?gfrIkj~l2DJ@nQEU&&Uw##ge6kG;uu4b*vg~k53dt65cXZ^&G2PYobNnyabCE^NT zCnU8`2B#tic8a&z=ru}9D-1h>OWUI0pdg>kKO!-cV)>tV21e4{`=q54yTbnOOl8s4 zAwX)PyXF2u93E5-H>t$zi%z;1-kAU4(^6AQ;_=kDSLSqSHUgInkHwgbeFaI&;hzW8 zFWtSsHmFnUS*=G#%ypsM0702!zLqO#pPX@TH<1?QO?{xb^3gD&7mxmx@r5Q~302@P$OtH$wYRiKxy$p&&^_ zST*#9!Iu~aQ^Wu|Kj29}zOE*ZQwAIJC1o@_C8iB9ohTGx&*aKL&O=`yxGzcHhJ160 zqk7uS3%?U5dU9SyoRiMw4p|M>7GXPDUTu@;6jdH^cFd8!>5Ur(9(7pWN44!xMJtoD z{f?B*?EY7Ya{lB=5nI;8KNK+q79$BJ$lPK-q$%&v14nhW+l0VcBs}317^jW8B9va7*$T zr-J)ksfH}dLSg*?OOrGi01-mf0-U3xnUv7bRYm1IqZL4!C-K|FVFiDI-t;`wziiO@ z_49qzFjY-iGoKMXiw0E$Vb7hTJudSvZQE4Aj;~Civ;$pR%#XyQ^YY!hGu;{kX6WfH z2KRMs`0|?m$e0d?%+No1X*m_&hL07!eDb%dnF>IV_h2m<--urMsbM&gh!O+#ofDcB zjI(RNan~K(uO!1*bIEaPca)J7q9`M`eimLuki-$ob9J2`9nx{zDoUk_*Ci!Wf$)5~ zeI&*c+uJZoV|R_!c+6QH#zsfj0+SL{^a4Ml5i5mVl+lh<-p?7#!Ge)u9pKp{FNY9f zBt&K1f0jPV?!H2>fq(G^bVwAzTCU?)bvgL>(MdXZ{?#@qE6jJPcq+=A6HF|opX%vb zeB)-o{OZJ~R zJA=CzV(d;v*HP#Ay;Q=06Ox6^Dd^)e6`_zl3LSo*pJ(kaHgheXz;wxc1ju)x7+Hx9 z6j=P^+Z0Q}4$;VY@92;)G+!~3-ENHph~k#3)a80huh(hxE>9cf+2f-KAOP@W0P|wvtOv%15mpMs`k^uQ{&= zNx%{oh5~S~F!oOuER-~Dhn%f^FkueZOA@@k=&=N3Q*2X&T+KGF=c;$OwBfST=MF=H z>O1|sx8t0ohZ~FwIu1zCo0nugEj%x+Nc-oRC6%wf4LxF7HpA%E(a#QJ$BZ2-o<|Yn zQ7jI`Rwl$9u>4|F#(FK*P}~KL-|WYUwjMz#qOLw;o!d}_8gnuvUCTz`yT{kJqXK%L z7gb?18=rhW>|LX6%hWL)G!nz#oEsj2l|^non%1=UC!fRep-&FD{ywO=;ec63Ll;<5 z$9|})`V&$I!@Y{*t17IVNQr%(-YR2|weeYrq?K(UIcmHXqm->%s79w?$YhL}7n?J8ga@%DnmkG3)oRYJ;>?wSi2T{lj6Q-Urk%@~`QlJ1sof})d+Jtnz5wt< zJl;+TP9hj}7(ztO`H0+67xcE+K+VZhP0Tb)Kp&cY-jdh}Zt5kldJ1~)vq;!{R#ba| zm3$5-H(zZRbBv^lg}5W)qvX=pYfjF`8-M|}<+f<2-XdrwL(qWSIY>=+5nbks)I$c> z08o)(bXnssiVEsKWx|re6mR-lTVVReloJ?a}A{1-w zNpF2I8aT2tPHq$@FE0Pz{Hlvs2G2${YFu4p^V$3;83QsalCt(q&ec&<_jSBM6#{{A zr@3o7e06~RmRS)wz(12vzKDz(6SXA#-A!Ex8_EIFj|y35f=^)UD2w>Bi_Xd1ru|*C z)Uw<&?0LZwLdk?ft@nYc#}1`r z$fRHn&ax6GrPi(cFci7+<`(R&aCWKeZ?hzqOI1f#xBw%}BGk6<+{M7gi}_2oDOv9M zrLns~vkQ%HlVWq8WSk5;{o36i`nbizH;on}7y)no)^p|=ErmYoud=^L8~c&lS`Kd6 zW592+R=EamKwb0d9^gk80U^+hR8$DL?~bT(*DYe%ox61DVfpUW9N`jqO|REgzwz6b z^)^pY`k8SvbZrrs^ZTw{7uLTv;L<5~9Q1~lNQ*tF`SE)Woor3+BFF9vZwc~M&9Uu( z7YEG2X4oo@7y^-1HrBqTCg$Y=Cq&RUG8V4gC3BJeaO5rFoRhLf?!DThueehF7_39Z zjy_W2lEngCKCenkQMxxO@g+-_{)S*x<6Xr#p5vEbnRbWt2GB;LI*7UF=k!G}g#()F zE66?o`LdeHsS_*9gU+sBCL-;3vw2hVc4Qp<`d;w_8?t$Iz>y;|$bzAad&oHh2AcSG z3Ygw6!{~d^A{~Aaw|Va4DSji$O18OaZJBAlA`+E}yM0dKPt4(oYe-lW_UD~DyQ%n8 zw|^R;p5kS{Vuj3D1K50(?tg$k2f{T&rg5cwBSfF%A91loTEq{9W6s~aVo0pjX|$o- z6yfY;;Z{j{&9pk|U)T0-*_F9x7X;AWaiM0=HqD2RpgGy(XLBTY9lq2wZTS`KLI>>Z z#HCR6Nt!3}VKF{%J0R}4>lg%ZzsbTN>jQm6`g<4uXDf_0#)PTo50Iu&QUZ5|Nunf% zjOil_b$Ug8?Gl>Ydp;xmBI(<<)o+D2Jseg{VsR~DHlfS)WsI$l zfBa%DIyH<_z2mRmllvruh%1%mK{>|I1S0raeo1_OG76CZ&VIA>rU{2f z=n2PDwGQU3@uux%S`zzRrbqEp9$sy7)-?KP)n|aJ;V9l&H)$Km?NZ^=$ypH@6wc92 zNyBY3jcZya>GB8Y^K8F%1(C*^Aw$z#KNZ*xMjj+Fp4zhw@}ueNzv1c;?K3Bd%!cZB z?YNoBvbo6+HXMsK-D%pc(cNC&SkXlc)Drc}K`e?*UWgUZRv^n7-Qhr9KJzOWGhs;S z`>Mbd1r@d0u`7%WV#2ucB;im}tq@i-#FpU}cUL4G>Q|_5TBD`AB|V+fmh%U;{Vo<1 znd*Zmw3M7iw~CLeCNJ$j@7FoJ>&4vdY08AI|32wl0SU~45R{boM(DhuI})v@3^Gx7 zv!%(S25Kh49{d`}kncRNc?lySiU?{aw(;3X6SXrCYwVOP5C8T?7DL0H)kd1AvF@i4 z*Tcormj(j%NPp~zL?{Go1KSJFaeOMiNop9>@Z?H-mVZdukb9nQa?>;_=iSp)UKEnu z((S zsvN`@0~2OW{S-`D#r>~=ErkdCJK%K}&s}id$l-(XGxs4pquh)P`F#H3y{}GJU=)zA z&RLY>7Qpwpt|35D#V=>dk=k%&Yr0lwX~OpqUazlX`)f8@MuPpy2pWR`qoMK zH~?A6!bSbT*O4<2iqus_Coio`_tw}Jya`ygFOxmT)}5m-RYpS7LS#azjLI&(@P;5+N&3qc2P;Qt3N3p zG~(i-@%h*fZ_f=D1m3m%o}S3Fj~eNiM4Iq5nJVO~|6jO83R?wfeFW|(=}DPq#k#1z zo&W9Kf|h4h!{7Y_6Cb-n6`&e#i(6KHTSFWZ{qKACJ7R@@BTJu!q zuNVoW;TWk5zC3BQ?)k}Y!7U}eQoP}mY9u%zCYM|#M%;xJ zA3;kvZGUH>#n@HqRC%`$`2(Sy!<9oSbiSj%4$K*^PvAYybN)V+cFVSHk;*0Y>1*-}stHlAA-u{B1BG#F_%?>vd{J(Ki*Rk3}u^+B9d0%PDy)4fW}fM?#H0ast$dm zm^rE2nc)82uDO5z4|o19S)0&9 zbxWx}m>2jNn9Dcis$N)1OGnso5(^4H4_khfyrcBEyL8Lno*BwD}E~732nP3Q==WJ64MgrB~50X+v zVJH?<;S@P|aYXh4;b9C2nV0U)mF$*%_T{Hm*iqW}TaCxZa*X##j-Z(FA zgKpoY?jlsy8m>W4O)}VE=8uHTJ1{j$GMyWV{?PpZ*!c!Ru2ME5^$8^CHv7@ntMbCj z=g+^7DZ@xNHgbs2^ zVB5^%vAX~A>7z%TH*MO)VV^VpKml`(-@Z)~Drr_dK*KH%j~2W_Yr{_goacEAlsKUg>YMVaP+f5!^5zn3-In zedN}NI=|S^i1*DO`jrU zqz_jepa|X#aFek4^V!4urYDYXEZtW9YR;z-XKW`MXzuIZFRb0U{$4ecva0%T%f55q z_qJD-E|{==;fy^A2VLGN{n)=C&hBf@_+-!3b1fXr6Na_w-S7kuAQOj6$;t2jWolPT z)u?T;AKaoRX1na0?LDXP&OOnM*yr?LmUS!xP~XW6Pa+>l+uAhsJH{m%P|R-~IWt4bxAwshK|a!pN2?q#7Mw6+ApT z&m;7`?}hU_+cnzTZ)p9GRLiMTlIgWEy?Zx-;gJ9W^XlaC9ur*e$Q?_CL7f|IWN}+aV5sR9vv zsT*!{pIQ*aV;AFL?bCT*=FMN{`9)lD{V{r_=|7)bdeyuYC2M!(F1UlRddyLoa!ZJX zZsb0Ry=pPTjh{)#WK(u`|na#;43qb5FnU^M41WeA`!I z*5)<3o}6AiFSL7k{6l`yE4O!7jTblWS~1oG z`8xP-`ohqEY5soAM>&oaAhg%bu|u@AwZ97se?8DvKzvxNt(Sw7jKwdTdn=Nrrh z@6i^WU~b;d8TO;vjwrQTxMImqb))t~jJz|A{r<1@H+#l4v)!9~0uHtB9(~V#nRT0O zUAo6sKRNed>R{`2dm8s{FvYR_IY zPxUpQ1*xoResQ3PjaWu@mmWL%`^I?%ID;|!*#tef5)cqzy>g{KIy5!kRz%Ss({b~n zpvDGsqXbC=U0%$n!LiPZ8iw$JurPgFQWrQagmmKXg6T0~@s{DAuf|@jkOVQ~a3x^1 z-W)n@T;(w=-3QhHKVg!(O^`3Zjp@nB3cJ)27dk5sW422VNuLg_LnQc!nAp>elqq>XnF%7Es+D zo>?X)!+^MSyv$3HV1Dr<5P7aZTX&V_pt{$h?HH5~L<2L^oLgI$5A)&kXNk^}Q3bShHkT7& zbh06s-HWXrowF`8NFk*}X3mg|PDBMA-d~=d0`TWCWg;QpJd@ta9_0qK>&fev>HVaY zBQ!;3~x|AT25TX7cOLlu8P^VZJXnorZi~3#Vkq^o9sV=KKeKr77pUa zaV0^ZKrE$qGhPMy_>0!J!HfdBFG0k}f|4FMFfz!?-CdDShQX)E>xuYe@yV)tv?X1;Bv9rql z8Ijq|Y9c-DdM0a@6 zgt3)K9;)3tO%85{@exMK{RP0AO9_0a4r_t*Swp76Sa%G}>+ai>`htYhYL;XB@?oj9^r| zK~4E529JS;CloZ7z0tXs;9T9GLd2w@=$y5p=pI24%o;x31B~`SO0bvr8P>IzC7M3* z<10YyLSGF>Pi2#&`8AVwhIU}puyJ_Qw$T*5)|={tjS?)n_Dd+P%J2xA|z$i2mpZc==<163eg3P%4=d1 zfIDT)x^$5+%W>%GWd1m|PJx9?Q-)gNJIkU!{nzqq$< zrS0-v@9$X}aiPpBCvukIsM;!>^U(s%0cxTAG@3x9uHo%b$V1_JRinFE=AE89NQUo# zHJ}{(QS@~D8@+v|)&rTfh78($ww~VJ!U55j%F=IW(ADKETxLEfoAyD%2Lu%XC^@z8 z>PV0<*7_Kpn9b#Dc&C-kC4BftB_)|eh(*8iy}-iC zdzovp?r_uN<`*$#K-}%Eml8K^V}7y$hjI;RCOG zb*KH_4yuQvoxuh0;kFb`dKX^EJ@iBC8SD$cEYpV+K-Fcyk$CU`@$a8qICg7Y#VGOJ z0{uuZ$^|9JCIn5s>-7lcWOjoxtv;Q^Zlp4{^B2h-cBgoAveMh(w3z)zkDedX1JoBmfQ&>NAhLMw7RDcsoSk+K!K&-W2LQysEnV>y zvT;tL(>j^#B#>HKBi)w}@jQW*g^4QLV5`<)+WMPfmK+rRGh+A@MH>9nG4$C9F4rc1 z>z#n|Z=|K|6=B#0g&5j;O+?Gh^BqBF6=LJ)K(u zBalX`XO`%6USr5L&R@32csaqcvf7eUh=E;sB5E5XTrw(S#*}#Ic4oyy8dd4)P6T`~|vu;luUsG3sH!}~08zSVS?XWHcms0&)OvWL}(*u~F|-jH83 zyVd-}_A?@TbEaL^uJc$$e)Ol*{)x}L_r5kfJfyo%j&pI-S2VI%EqTnMK0^x5Frh~zU4bg}W_zGwItWNd_TFr&Np_8l z0_T);XEYa?HBCcH{r@5pUal96jLyYHBes5X0&Q!ujn11|OoFotGDE;Er{PQ&08;n{ z;whm0E-(~^51xv;W;9ii!sbu!<`^xf(as^td1bRWGRI~h^pP}0uymQD2&nM`_r6H# z=ly-6Sp+;>a-mO%_BIqdWb=u=0C7!w-HIb)Dx$+_i&+CoNV|R54Brzq>DlHEC>lp)rR8({Ax)C`P9(#L zZ35d!*278(c;U{UylY{46wtFLew@$sazTGt2xD)#}e=J-T0l?Vh2etT>1(U&f zFd5Gp zTrQLXkkPq;tKnt!BDRn5&2tEawb$EM=sy<^t&fk-xQfm}zY1B1aKBAm(YQ|j?aBF#7& z#L*1{fqHoAm9|RRfLy5rFKpFrA|tk+Sk0^83#5byB3^Q#NXRwpmMK8 zCFo=jT!Rz~bScvuRq`}V)H*_oi3J!#0LBHZ4a6%i82Q}dBN(!~HJG1ErcEvox3)wzd7zVwgP`an&Tq6RZ@r-*}SLn8n^kAzIuzO z+D%7@rw7+w0>>$AxfmKavql_!ntrkeB5R(K@4Oy0UgJG?vBqT%hvV22_bOU3?4yKv zX*aK5@11jP<)SMz7$6BUP!HDQ+qZ8V5wGc2(UKjf5D~A8-18ExIX4P$@fT9%u3MQQ zvhIs6g`}ZjM9w0~59xGg>qEB11G^Det*5SWdfbTkAbTh}}ff#^Lk4R_56RXB1FC(V6r@5U( zSJKoFUe;zlN03s}oXM|7e#aW@ZLJT5lx1u;HC^*UHCE5_?8!A>i_aLZPdmLbsL73e z=8JEA>fC8yb>XTgzSVttYvP}pO6;F5WXBlS+O>W|CL>>+%{iOJQj|1DtRAy<>V4Qd zcULSA7-*S14rY0HZQ|W>D;k2bp_gmKELM0*Kk8Q(H2l? zN*X;0X%b(_NVy$^zeSsB(!2Ki@r-E{;}Qi5nz%f9GF4NrOEwn|9ctgjvpGO166k%A zk@mZ;Kjj!+M-&ozX+6$P^y*><1mIaqU^!h{V9D3iTenn$FE6!0rHAWr4~2qi+jAVk zlK}?^_WAw7INgeb34JII=B#eRt$6R+c17QHobp^x53qhINb(U|&$mNYb^q@`L6zyU znj^GqAJAS+XsBJntvmg1g~94Lzs-0fB{_^!pHD-6cV~=NC}tSN0bH-IZxlF+B1hBi zey@_coVSX|=(ws7mY}fH+Y-r91u3GIv)Ana*{1tIJmeRM;0y^z*p!JMOm(rj7q;Ip zf3B0pSn^$XI|{Z)IoYF1vxMZMXFyFJbB9uYlO>F0PCyY4f?u9i+y(>gsZ z#QIrk<-^OA{IBYqEV}lqhqQPo`eUlk@oHTlsH>k8dx+$qRT`Jx; z0vV%O-1>egr@^T>v;VZJ1=5n84wkW)a@-|SgRt#Km)G@?<`q22tn}L!Gme3>!lbK( z=fs&o>T8($b!vUeq3K*oR4$wiG6WV4*f-Pk%^Z?){&LQeG}U05Qpci$sFOfIEKt02 zRjK_83kwx!=hlCEXC@SQQgv@@}=xgaGI z8NEoK;ZhXrso9Lt{{OoxPtlAAcZ$^ zT`@ipNt|M69An5E#z}CWNC$`7as)_>5)wnTT_9p~VAD(<1(;(GNLnREx>DQU-Sw@L3fUW{ zVo#?1OA8>FAA~qN^a4Nt`*6S(#XaL}AR3jOUr*ZIIFH$XD>q&E7+1ewpw3j2n9nzB zbtgBqoZxhL)PVMy7P-e)54iPoDP>0=*c86hl2cIx2VaIb&i#HG+tIWmlTBhA=tzy4#NWL5)cEv$~t}= zvr*SqtK-g}hoYQR=5vnYOhkEzR}~EzsSSs^$22PAeO*OGh5TUtJnP|tyfWHfuFTo&9!W__*;&&K60Tff z<1R6D6CDrvK@@>BFNp7NVAi0NQHYFu%3qJj)uA&0cD%62V*_Pd*+z#U4PyXeUjk>L zm|zYFfBLVfzUKKIU(OP6!2esIVrIy@=*T6@;kt(OD|0-vrAK;9R&{AvSa{hyyFr`o zu1$PfXVAB3cE$Mo+MI=7#07u7-LAvyiiyawL1cvVrc>fnJ|8{W0v@@9WS z{x`3dz}&w=VBm^UfI|tOX%GD#N+It*+dEGqiy`qKE2ns$?-l(eCW7 zKgNGkR?FA!o8K@vr$nWv`EQFKIjGM6`)9I#JF!wlu?}?7Hgw~Jde-l2dynGDx@~NG z7g`VPqP3#6w$;bRq$WBK%j`D4Zt`JG1 zulC~CkUSlDPHMEnBf7kdHk<*|@z<5Zp*9vPyP5Cbt(Z4%^M|}0849ZTe-6{zpK+-~ zWuf-Ku5$h zHKrDBNzHd`Y}?I^2?Fna+aJ1dce~!d>yG&Sh}P-F{*TOyPOF9G?rlF}aq8&;!;{PN zch3)-_UoScbD~CSE&2J-oy#dYRq6I;183Nk)qQb#+9KigQ_TslT{E4IXF0nayM5U8 z^X!6_{~at*Xe~2eKVPeOmFu>$Ff!|}LoQ?VNA3_XTI&4XzaRAJ@?ZZfe^BM|p9E6t z|IDT6^q;vD>Y+IkdoS{4&35>6vu@PGKa3(ndljBz=9ZGus{-b=%P)JG(z{>3X3Sk` z*1OOiS6JG{%lsy%S)2gglmGkkv}+2a@b^di`wxFT&Qkr?r^N#7O4jpw)i;8`Eqw2bb@>@@!o0rDPxFe@oUsrs?x5;zQGdJMGpiSz=^( zUVG@FPUaOU%L+{VZaKXe-)uy@rUia<|PJh9I zLX>4?b+BgUc&sJ8RA?Wy%!%_8JS%?k}%atIlf6Ok)BPN-ELcP-xWLW?WI0V@eZH06rx7kufWy&Kx-s zniLFza$=sB`fMHY3C3^U#cj$J5|F7gK(us$futVZaJ%>y0b$Y+ks`&gTRsIE(p|fD z735t?ME>>y9xPz>jZwGAOP%+mVJ^_qp~Hv&WS2T@QM!9MCH#QDFKL1%YID6()9-~> zhv%_8Zk9U-uW0_EaxNNL%pVt$`e$V%n1vb5!9|M@;>4y^LvOBl79lfI&MNJ!brX35 zpT+sB=gAjO+*TX^wrb+GOZ_@3KMZJ7ZZ!W$uXvX8Q zUv%Qv&{28P@rp~U z;0rw-+pQ27nsOG4!+O7BlwG@cduFe%A`wHK&UlE^4#PK6cOZACxoPdAV2ZdpfSy4< zGsq9n;p(?W`KUc4n>LA`KIjOm2FNFbg)tZhg#0F|4Im`^ z+e_haQE22q7z@$B)eMoc$7F{-^xfK*H(MrEf>FbaUaHzeiN}!IFsh@pO=jc2SYjrj z-fNm|Ui}bE6Y6@2o!uP}&UKqM$utE3a3pf4Rt8eiX;P1)e49dtx+ro(3B1~yf08eO zNhze~oU@uF6UPuoQ!`3oD=Z}1_xmUq!%D1yc7VHNiJHZA$gqE=u=?rcNho+fZVl{l zYOC)m>=a@Q4q(0l%rVqnD~!l|6iO^L@V~U$812UV8sv={&JK^=&$FM5;0Ii{Y{BLw z3coMfF$mGcq6j15`}`t#;GZjtB6wih#iqn7Vcn~45v5k6>XCXlux4mkI=j(UOQDRYHc?pb{k>W4(NuiaZtsX7^69-O;r1% z`NQ--k*5-RZYKhvUsKMi9MxK-XJc#ooik+E>eG3xKFmI3pt#d1HFwnTKb8+QpSx+e z=B>vQYYq$!vG$Eiti7h1V{Lw^{acr!dfPaEkYf~&$Tg=8I0YRslT%Nk!6ootY}Mev z#^$TSTPVoyhGmjCOT6;_U|3DswmJr=%H&{VOTox*1Q;Mf2#NE-St# zD}+})dh}=#Mtcsd`;DF+Gp)k&ed@`E=1pd!3g_jE-3jWD|U7U`jCVaB!`rCxAuahXPnpvREXB zAwHQSeJLEQ0->%iN=k0Y_J{gBX8#3_Xghuxx?OBOVFokb`{N>j`MM2PCM=~K(}nM; z?qiW0Fe@^XSIv{UXtayQZtm^i;Y*r>OE%U8Jtk+i|13%11ppQCA5$sx=~p>CZ`{7! zKgR})NAp-~;pK7n@TbOU8qef&pp}$-27;~cjC?qCb&2C(SKs0=;4^?`e18*FjVaS& z)@990nZPoBi6U0MGON0s?h4Nfgelru=SfcMeFjm(Y=F5NhtI|1 zC-!rgfbZjVO->!`aL#GS-#GNM`QA|&v=3mcV&3^Zc2UmTB{gr;Ms6+u&q%~dIu7PhK~iCP00Jiw<9idDSUd}`pRUmx+%Nh}Qunv#SI|Z}RjeXy zG#xt(g4338=GLe%NQIbW8iZQ_g~>*PBF)JUFs!lW}`rr^=7Vs&Mbq4L)3nz3oCWt|9 zbGJ&6Ef4_$b1QQ0Vq;?sdelpo0B_tY`o$!ELT7~WJP)zcYv(H!F}Xx|eIA+2&LD>P zI3!}z_dN6*V%;!QWw4OAyks3ueB9NHl}3H!4$`eSY<;Od)Seftwaosue_~pBJ<=(b zV`CRD6`Bt%@xZp}T3wW3oAip*DBT#s;XzKsPVlGqpwh)9B|F2y!Zf1Ue-3aN66ggk z?Ni>d_aa|uq`MoN2iFDOPMfytTf?_o77Hg_O7-s>(8;vHV0_%s+|93ZRwoa-q)>d( z+kAQbq_zFJU94P_`U9ZYEnX~jSPo5nur-L84fi3jP`@P{wBUA;wR-2yj~v!8e7osT zz_f3oOb52bt{k0{aHQ7a>x!2uQ>RY{n z)-ZwHXs>m+6Ve%lI~yOX458MNr4T)@@pDR}&Ev@VtMi8xE9)<7vcb*GjYO9!^C#pX zc(GrHvsmTj@z_3Y_0Ip|_Tg5iw60Ccs?QKT(^yy3=ws4>4vM8cEGsw=;UG8lVVjwG z`Rm@??~Q@7d1%QR!3Lpv`{9FNEr_UQdG4v}yrWpxH;zjfG!uWy2tf%iFlF zpvk&0FPFd5M1*dL)fB*6n^Mm6L8if3AIv-S0=8W+Ktu#4F^jryBYI)&x7u}Kx7Kr= zIlX`0MC2wMY@ps_$xN6z<~CZrH$z_2sQH}uLicweW8E`GMbIgx3#r^fh3gV{n~xi&W1F9p%0r#@+YW0%aO z;c#7#0hehNZLV?mQ6<^M)fs`!#YP8yxeL3hs)(ro*#J9RPp^kubsTV>;$FbK3Y4sm zGKYgL>tn{rdmTt@;;w%atVzJ3)VH`*h(Gy7cjhK6k;j|7$G9M7uAl+R%E}VE&Y_47 z**oRzLXm%PGbvv(&tL+HK;7UWiYI7Eh-))(J~y~9@uSC23TOZaP}H1+*3n+06uxE? z>xlK*>>8{xLx6IwZnY%q`Cy(CEtN64j9-M-@lrkNv2Fc2cVW>dO&WW6;n=sX5gKtu z4KZ3@$9DhC!Fu!lg;x(c_N`5NY9KC1PIu@ncrjCSE%G&_Zfwz}+X-$0j=kyj!%ZYp_ln-RmX(A_)GyOvI*GaMeOfvrx);2#ef7Z61N1fasw_WIkxP647CeTclK z(CTabICiKSmRT$V1U~^V?^2YKwr=16&KT{wXKY$7y=z^|2G2pPI+HDvz>R{|Y@Sy% z{rW2o5jx@i^YRY`j6X3LjWf8A_Um(e=Rr+MDM{ONfZ)#g4POv0kvmn&Oc?JVVS{j2 zWrfjQ!}R>a0TQHqgh6(M>eY{Fq@z0-|4ehE!SRBPU+L5wKlKIzT;wn4VCthTuO_IQ zK8O#Rl76Dl>hQy9S0?o5#6jiAiA%Bq= z7MgDRn4nAcQz&eCPYT)Qi}UDLg>~eTpmS`gtUR~r5)n@z%tJvlv)`RRacx#5E!hvO zHQ3lV(dokuunszrBV}tLvT!X)d{_0jBH;F>hVb;kRvkl|P1pofLw@Bc;4M}a9QA%~ z;gnBT!e$y6Yz@=M$cPh`7PWy4CF4vhroEtOb~Io5YC{8_AeSM_ER*NBJTzF3K654r z(BZVcI$@R{^I;mPs15D65FEz1%9datx1keGoH#K!g3Q!YpM${*33Z^Ve&gCG9-2m? z23+dq-`3!s>d6dq5r@jEr7e&YZ^{X&FIY_z&G(f`Xgs&iOIi=w4w1}h&Wbu@!H=L3 z49*|Vl-N`X#hTkgP~@JdGrdMZg)MLMzW(E9O}*Xq+{X=bBTcyHo31EVpem`Lwj#iT+)AEq-9^s^Ih0MIX!CZ-b&4RK!=D9n)mm z?G^jy*$4IheUYo~-if<6d4$|<7cy?YrBU>4lbVg%ZA|U9J31=&#Di5W zPiv`eyJFDz*}($4+CFxHTqzQG%ReIjC}o$6hC{*!7ruLz=*+C6t_b~PfcCA16z>+g z={L;joaxkib$nqN7Yu;zYc+40s0)bDAR4mN`3gB1uUS(Z{8QJ=XU#}i3-P(xHa!Ch z2wiA<@)0?lcry~j`uFXN4u1+~=kQ^}oWe|}Ag5(C{fvl^D<54Sl%|P&}L1m*3k|uCSF^0UR*Lb@kK@TB;!^rx{ zjkf57qErAMMEct@yKYRVIHNVbW@l7XRMkRiRB7|!a;a&gkC5?zRPV7#m8UFICQvR# z@N;CIGgWg-u=bWF4Xwj06>Z)rhVVIEw%hlv3Y2rp!zr-qYkODY=Swt;N2OS)Y324j z{H0e^+w3+YP5UX-dz&xz&FkD@ooi*>Lkh(JrnOhe0LR_?_AQ}umhdBLWNB3;$wV(q zCVPGtpiZ0C^c?!X39BD8#r3W~YnI9|D~Y>?dexhHX9u||;L{K567S|;=jVEuM%l13 zVa>$Biof!j4E$_t_^iXfjL12fOE~wMFB;7ovzgw4_(fn@Kr_@n*7O@JHcE>=$YVhg zQa)&CX=tQf)L-%NbPd%jDF(u6b`QkCyNgapVw&kYKc-c)ipCNSU{v_SDWZK5Gm@t> zVRredB}?1`1G~}-NJ=3W4_L(MR~EC$8B$GR+QjK70;LL3j#TTvcBTrM@a_E+j;8RO z$yyleIRp<a+9@PuiUZ*E`0c(uRmqETagpFC{&gxV1VUhxp4LJ<@-Qpki`(&wzOqFgUyWA zJe3qM_660@Fbxd}b!4)Eu?iR11`rnm5&tT@=iD^Fu8UTqS+@C6inl=c3_zOjM00bH zMo@bH*CknzD|6hNe`i_x&|G@aQDwJsp)7L6^a1OSj7KK3YHqm<_4KlSv7Oy+2J=`w5zfrXJVZ}& zg61HtN}+Gx{zjm!Nc_3%J9q9pua#d-dzTPW4O1hRlewg?mDOEz#)y=??=Pr8MV5MmKxs zyiilr8u6`7-p7X7tFk_}3Bh}Vv0OCW4D$g^XdT*2gRs!)Yd7k9cmJ0bVC}i8x1Z=W zi*y?veZH06-7=J_qbHY%Tc2tP%3xzJLkb~s1^ITSQO;C>LOFX3F5}utMQapV{fz6; z?*57Gg%`nav-oK;WE{=irj z<}hSrsEE>#5E2^sY*2<9xQWcqKvITcp}Pc9?C>9A+;nfkLuC8_6N=Y(0}`TG|FtHk zb=9V~xieyn(}4B{CirQVkBcVoAt1a2>tO>?dqimnHrSm+ps-g59t8%9Vz0iKp zNqU?=Kb&?&d{Oq>ABz|Yg&_Nh!F(_I@Jj(|(nd&R`LnC>hnEnV@RP4z*tlMbk^}^D zSB$I(SRyXDo#WKq3~ahGs1QJ%K<~-_INA}h zlYYe-?T3Sc15pegRGT0~UIr1z;BE_Nvuh+^mP6qfZ$IqCkPU6cL-arv8yR z2e?j?ych7jr7waRiSJ~2spL(?e)7sM09X|_s|Q-}$v#Xg&Q{QjLV z%$*T_yldHP*P@GaM>bQne!n~>>GvevWjAjOShF<2q<^#fTayD!jLY>sx;9P-4()UO zRBPXosaYFNDQT#yhh!8Ta$Wt}ZT0b-?>24+R#M5Ozx+SXU@Za>RX^_je9tJxsZ2H@ z52zGE&oUn;`1#BpkER~s2QB+Lbf(c5g`p|=^~w`2mO9I&8LoW z&5VnWe@$EM5($BQZy=$W93@Pp!WQr|u$J!x4Gt*UFj4D|u?-6i9k``0Jtkew_2rl_}%XB zLIjZzOu%!*Q8ZRRX!Idu3UCPI)L4br-}>>8#h7M6$dTJs?p8T)e0Z^Coc`O%CAy~` z`@LKITrFmep-0w@6Dzy_6w8p8z83!19z~CxF=vukuK)hwyIqM{y2ffP0KirNA|mq7 zvemT2Ip0xbQ`3-TX4WfA8XNak{2c8Ux2fl$TE9gJS_8`iZ1(PVoME$KO2OlVql=cC z&Hgu$!y$E6$Q1e%ILO}2!pOGU9slP(6(mb^O;?t}>fEdB+cdw=DXg%DwZvDCowRu{}>I@6KQDeDv$5sMzgh)+TXY z+umLZ5AodBucpxX-&G_HxB7a-wrgy%$;hbjymQ3uB9B2W{y&cC|I}=_{a-X2+R7bX zYWb=fPiysJd?;xoktRm%jQ%yX<3+?>7?h?Wb=qHNy*k}!(^C94Xmg0o?P+e<9C8ZOmy<4{Ju_EE?yzG?4 zDq0!ebnCCp_+nvkrq$^q8|;i1-O21vn@wye~{1 z33=F1e_~p+DQQM$KX2JsJ!06fUSr0Xeg2`YF~|ACudCchFb0+T&9<&%wb z6!2Xm$8z=rC_GVODTZowDgrLf|AA9#Vxgm~dCSuN{&4;w=j?obW=sNu6BZk(6r!TXz+6Jcp zLQ{eVlVVT8Y6MCXyEi=>%3N+k5AG>La-r&r^Ws*SkX1@2d>&7@NEzUte79XDfdyDW zq9Wm(ma5$A0#Qa#-Ti{wRNo>Z!E)8_zAUeM1WgJ9#I7g?d`4yE0BX*ikU-bn^+~Fv z?9G@*ALw5i#} z-s+07mWt~j-1}Rlcc z6y8Maa+?znod!r|&Fo`AF*&Q4y#z&j?Z%B_OXp9`FddRY*epyIQ7X1?xm_)=9yQSICLM07-I_?y;GZ>T*Kd|*6Rkwtg7@O zrmxsIT4V$+^%fP1^OQcjYScd-=wWW+=~3-)PNmnw8sprZ?;4Gtq_c{la@3ma|Jdsm zMY*`QktB?Bsy#?WAtaOnA(D5gO=VTHu3m#G^GMneM;NIPKom)Hv^>_VW}dVn3Leza z2N)=b#Tl}AP%#^R@tQRUnB|CQUuJqh;t#{7H?OEzS&3Nc1zyGUhDtCDNwWzO5*-xU z1;DRgID-_(Ww$693x!~#Ei-PmmP4@u4$BCk%*>%VUr?!d11p~=rH})27dhdAKG3N0 zTcqb!QqH-s5|G}5e6i;*U+zFDLNhCjK4KmyS&iTZ#8xuSTiR%{Z)m&kW1)T=za~rc z{vX(u67EJ>tev9HWGkrB2P+;hd+6jDTco-osNlgD(<7wE1*uympINyCe}kZ!2q*-~ z0y%d!FWvv{-8Ld0}}i)6SWrbJwkOoNRdPEaDBvSl4*kW(DC{BJ-+!{~|3=E5Z3j=`2+Q z9MJoy|57e}4Sr(Ne)6~Vsda8u^Lzd7^jT!coAj%9{gQj;*!r(E>Q^lc@0i!4a0xfx ze0blot?SRs?Rs+c=#M(FNyOg?P?B9WVj&M%2q-ZV13WDgw)EC538_q@(A=_Ugw z;l78FsfE~$_~V@>JN&_Z{OO29bpU?^4K+@IT#TjA9!x}kEs!>m*Di_#n6j-U zHZlqdNF@xauE5Lx@L`k*I|>IRJv9BgqCrKmjakyy<3p2bke1}NJYy@|xTwWg$wCWP z)kE8JcK#^KmGex2m9&-tPr-g0WNr^Znv=tfY_zwqV1*o@dG)EJCQU{3GTN;nG4nFw zrx1R*c9G2g5XZxl!z1yN(Wh1c^+JU?B&`BZ6p0U16mt~)0Pstl19Ill!T(d%U;NDz zPzi)=<&!vNMfZ#8YSiPLZ8FIo2+d{EE%1!FT8($`!kH}f z{FD2O!p8D#`A>+#diyOI8XTvj&g>03qiRa#e$vuyy+6h>rH51y!|%a1HDZRW1-)x?89=?Aty=N19`$q_uKV$mJp^Jgd6ct%e zdQg2prb}UwwbPBy%pZ<^M6?0i%i%Pf+UY*VTb#^TlhS=k2Ms2K+GS+gImAbzB!Yhc zEX$Alc}#Q+7#NsXfh*d)ALD+%tvk6cG_(bb(*Y-t=__a{ z&>9Vd7mhDVK6U09omA`ACx&0=Oc&YGy7y0K)_h>&9-Fo0N!R;XisatVt$LfJ}EAuwE`Lw31K;?bs577*`-79xrH7L$8K!kq<1DG2m#yL?6PE zQ?u2Ki&HOYVZP(5#`34^rLHyc89bZ$~MC#8fJbIGo? zvrDZmHw}I`kliScfuoow(Hyfza>c^M$H)E-Y=je2WL|QAI}GTbx5iB4hE6pz-!nk{0Q)-VlVXDqR`&5$W_ ztiY$tFteNG+*i+^fY0rGSWN~VAx^4HFYM@Ygv1GO{Vic7YoyaAp5`*OmQP~#a%~ZY zuz3?IGzmaB0=n|LxEMF|e4p3u#D(3v+tl?_e*I355b~9 zAA2%Zg$>hJXNiPlFmb4n&7bqmNeXB5@`pXx6+mtc5#rT5Ml=Pg8CSSVp}Hve(4DN@ zmn2qj^=lO0RByMKk0%)}V6!rCKzIQVW6bOD3^Gv#py&j^rQVH8ajO$Kn8f$a6)FN2 za7r`aA1>IIB)3C;K#~}nv@+%t;V-`Xt#c#>Xl_J!Eb`^G(A99>--Wpp@gF-WXLS;g zHMfTA*|TLUI&0B;$cdjfU_t+UIXVG9Nm$t*Ze0|X5SN zc9H=J-E|!JCl4C7l2S#rXF0Wd_^G;P3%K&k2EUDJ8=$`65PlA2a@wZGpY7< zNy%jPI!kE{2TW$(+m1|oA?Uz@gW(5Yv{+yvA>MWlkBKa$WX5NB7aHWdj%~pT>YHdB7X*9idPjW*HeTm)E~u=!%r6Y02`)F@ccR*Fo2Bu zMGj_LVBMG7M z`?x^kK6aLNi&w3fJ-GY2FEN)k&nSOCG1{S3QJGh8;(n(u85j2UDV{!Q(D~m+KU?$1 z!sf1zyuNH$K;Us_U_Uy{@el^f~P4TR`Zn??cGRm~I2(?M>Iv*Qr2`DN( zN%^Y@z{ZoLz$6@*CuY=26B*;{^v*8=ia@3xI~XKlKipDVW2GQ~+g8qn@)O#2NO zXZjfSPlB#km>HUfD@gR|AJszZ6t&?|J!_SrYmS-DuwrjO47`oqc`-JYroY!SmFlNY z=Y_6Mqm7icXd_#f{82cuWD9%q-`ji49j+-2M< z){E&pX(W^vTR-@TUff#~oZ}dz&2yHm3|m79N|?=I>pu&gd)@YR{)VSzI=29jL~jD8 zsnBGI8%B!D=*l7N9a0CgOILENGz=+HqpQ-R$DN<|35Xh&BDnCfhr7E|(Klt%fXH#-&tYq z>EmWlu}R>I40pM-7DlRu9Rsp>9Dr34YQbphufZycCwLnQTa2HQ20}bf(Y9=Hb>O`o zy|4OZk>fJvvC(dJq!Zrnb1i`)Oq{S3UTBXepup#4isw~IRHu(u=I1|ui;9(BWRQ?W z#W#~@B%nE}kQ_3SAzo+PVZfxWgv^jRo`}Ksv|7pcmBesDRvGWh#&Rep7pm7lpD((P ztKr}grXBC3;R&yIq5c`vq3DDPWbo&L#DG*?XXcMSPoZ62o_ir;+Rs|r41jsp)*+3d zP7tG!T(^s&zHjlZs`l$Cj2cnB&(6C*Uz1gm)s0qKt`iBeLY_yWh$Nr@`#YxfxaBei z1#3Sv47BmD(R%PL|4trJw-@R9F9lP_p4VQFxX$rOM>u2O7sNi23eccI1F+X%`!iUV z1K6fiFt}P8|M>Z2$+s(u;yUXFMsoRN@S!NasBM_^bDs<2?+~hveP|QW(`+~_uSum z+((PjZ{~@=rk$(i6rN`i_F*&C*(-id>Q|URGLj8yfRtWHvF9N6j*ms+&JT zn@2SH^pSYn^){A_P15&R{^Yb0*pp~`sHN2cd!joP2!eAyojQmdjV0`SiQp0N2;J`1 zm2Q?0fW3v){q0z0gH@~zgC^mSllF{avfOmX?0Y2Mh4gfu!#s!4ie}4}`IH{Xzi08j z*WmvB8^@Y>xVnzJ82CjdJHsc5^i{22bJGdmToEz1U^_7!szj~mW%?@Tln)6Th%YOu zm&@@mlzB8P;InZ@l|0v%vH~icFE+LaP!mSINz*oegCZc+ghuLluKRMzNsREfy!HpZ4 zo^;{)Y1`FeO6LX*ESq+8ctl}sEvs5Y2RuPa{Ri~iD4hK^)MiYOfl-SuMjW(Tkezh% zCPRgX?*FWsMhkMCH+25erMpQ<g2taZFN=1ojpy;1bKfR*2J}d0Rs5! zRG4LABmk}IpZ%0JO*g?(^_JRgw-D(l+J5i$7SXO8Jla-qtr5zQft)30^L3EBTrLrt~FkmOr?0K6t)9 z?X(v!gc8)u))uS})l>d>@T*=dBAlIBR4@>}NipR^Yc)iK;2Q+)f; zrFoA0CZ{FX_#G-`tw08~&UsSF`{SE~9MuQ+{|kOwItM*H|F>`7uC#wyKXpZ3Nxg`; zKehf)Y;XG?EkH>8_QPEYod9@5@``Qd@4>7&fKB_DSizY^vB7YV-C%?K4~c(4!Y#%| z5>xp zSt8)j65I|H#Vdb9ji34n&{}GEL}Ay_&Zh8Ze4W&+Z*O*bdwWmY-{FC7*kaIpid9z> zR{aLF8aH;V-6CVVXG=$fUrk`Af=tV#Yw>G<0du@_eYW7@Jz%-#Ft_ZmlJ9$2D(QNh zVj|)Sv|pvKwBSVI`y!t-n^?V!;tAdJ`k<4O>~~s9p=ALx?$EP)Cn#6#Yv<#0<&F9&o>hZI2i8V)Lg|(+T&!CO%#A(Ivsy2H8e6sXzup)F> zt^4-v0}h)(ke6P-scjmTd}ECo6ajnM#rpXIk9J50CrzxVqF{-U~fm|3&bGk3gWj+-F*w0 zP2rt7Y{aFNdUP*=(d}O)ip{BHpf5bj+PAl0t4sNh+?8$Qf=5k+yK8*kiH5^dZBv2h#j-`k=%cpAr;H$SQ-##!%*w zhh&L<45(ghz{y+r-1sT{tP+%1;t~>Bu(qGKT0c_bQkQ#@n+>F$ zs{PiOBO_kM;~883JnVbKo<}FCb(DYfi4u=>CD|#5x`60zOX@CFYo!5Ib)2zgj01cd`=~hW^w45CvO@I_*GeVGd>RGqR9N|(MfIgpi zs<9Rp7CzfXLVsJ1KxikUeC2ykOQ#M=UT$F#@*_PhtqJRxFF4W6>{w=fjk9S@Wk5D% z7GzSVxpS@WK4BGt*4^dlk#aRqvg6p(avh2LgjP!8hPZUblI=!8MC#$flBf3pwm1XI zA-5$RdAKI>JgqhomeFU*yBqJ?-eXVv-a7~T?%7j6Ey3lJ=8_k`-)Ns!scV(7q`0|O%$JY%p2ypl z*=v~2-r^2t8pJWE^g&WExmsnK^54_om-~3S@Wd%L?^(E)p3X(uNuT@6B;wYE>_=@q zE3{bwMU_Pp5?0J#%WZvn*I6M6R*)OdgHIsb&a<(27fR^+b-8$}>Oua8gx3MJ?QX{a))Ar z4HiWUTQq6HkP%-{E``3`mtyK!`N(jXT1~(P4@Iv=VVObsTo6DyJ`gc7DDWm$B=$ z6zxT^d55nVPb{9-c2>r5VJ!{Ilz92a-z_`AEQP0BQ69=*aJ}NxT(r3fM|! zI())|(rVW9^KR3^zWOF6j-sy z+$7RKiIWJqQGwhxlP)2+nr?jx*lx7bN(Am9U>B*LPHL{50`)J$h0#EYosyQ&3}FnF`X9`R=MYl8RQJp_@g<&dz642V zNLwnYgW;x@w|uP?Pv0(rS?i9jzzy@P3-}w7JH_DALrYXM?Kf00FsOIz^Y~N zmkIlHp+=S@?UZynZdwuT>)I7|qjm+3@83d4rqEE2gH`lHSt8mPz0n-xod7S-eB2VgGrRvfp*cRDsU6rpkAd*Jh$fM z*lw}KQ)qJ}xgHOJhzGEop9kZkLb(f!L2ongX&HwTycI_N0J?YP!JS(f^o5|mEiX&; zb6q{D$CoKzJpuh_U_Q?ufVh(AGRqPthXZ9MbEVBj8v`Dl3ciYBEiv=$;YBj84RBl} z0P&{NIVvlhl~EFKxW7WzhTQ{kv3Ounim(B-V2R)pC06*{xpQV1t*2T=cxf2D28yK=DeeBEpigA(3rX4*)q5^n=<>jpO~D{5#sseAYE()HH8 zHCwmk`}gl!E1sz17>B>DPeF*^zLko~_p!~An8p|e<1OWc=wmspEfe-wdG-!&7&JC+ zIz=Lj{w3mDdZqTvRE3rDcJq=)Allj(Ue|!Dc90m(X5JLr`30ur$yPC0;J$7~Q&575WYSK6K!qu^`jYxu$ zKYej+sbM$=CQPZa+pRja8OKJ49cuT}_w%ZIZY#ER*sOm+Yv_TqiHX&YfA;X%u-tKF z@7`{KDeGchw3#$K?hg;=B}NIgZM<`$w+32L7IFdW84**`TgPSQ=1H6_v(A?OvJN9%N;#$z$t}q>9t=ZDKWx5g z)z9=%Q_@mvDz2utK-Yr8?CZ^7-ApxRNdqDdQeF=TqmOQavn^n_gHfZh{dZtYdra7a z(ZxL4*Kt{~Yd@N#S9C6^E%Vu3YpMMh4v6p<%1C1W4lU6&T_67dO^f*DhPh}BGmb8u z6I41s#cEP#Z+n$rT@FMd;k<@@!Jdho#?^w(Ve;x^QvT)$uhw8h5|7 zS>4&Sa_0Hlx1N9o1cZLzd__um>#KbmYY2XW)A&66C5 zHaU>~?0Hg7ThE(s-p~6GQstOXH+uRG#cYH%?IA^hg?sz{ zSKwK`&&aU-ALSqQHV-;5N2SfACpTXIHX>1D)7Lx7N9q~<>2}<}X?@c1IaXf`j{ncp zpSYwDq^l)yD@Ful71rUny4!E~uI%`7=SX|KV<`)o#v4@Isq9IdS`nyK(Yx(`6_}gc zCO0Kiu7S?#pBuFvgbn|8#LKW@NX!3zmhON3_2?hP@88*E_e3C7~>R<-LD0`7V=bM|`GiYEe?{NY1Urtrb284{kRZkTLQfO>tL6)`WiW z0r!?=7q~E&`TyArF?0y-6a&?N1*2{IKR?l)|6iX-(dysw*p_Gi(jNMsK~lfI-lpEN z=)PRn*y8XtY}T1e6;JOyKXu%CP=l$VM~(iM`c*4M)UTF?CJ#Q^+Z*BbTwK2O*7%{s?b;?!%1Qj6S91#^Gjdw1hxy^AJ|r~db=yc*G4zF@HWfH_VNpZjE}nAAV^aCU1}VY~wP|X-CF61T8F5c@*wC$w67;_r9h|AS~YAb9R={v)*AEK&;;D zF(Wv?X-X}fVzjk@CAV|dD}|z`ue?$h)Q*mZ|E9F6PmHsbP7p`hWrS&ZfgimK;~6Ui zhTk`_`dfBgff}j~3W`Idd2%s|^@N|Qv`}LJWrW6TeXh9Q2Kv=0d+6tU=CFwNS`0$V zJsCHv_-Ra0z~hYXD|P)O&IaWU)&-xvemu!?|I#V1oNZccD*qPM(sny9?^Wl*!*|`= zX?0f0&EB(gLfr_D$T^wO-LCIbO4R#NeD~zq+P^}Uu5ad3a{B$l+2209s>dMbI7n}Q zWXdd3&|#V(^ZKO`ABwp{@BqYXm`z*I;1;IYZs(LjT&k47G=(H!MXg1W4(<0*hT=$p zzx)cJq5K7aoTq)Ihe1tB-lZK7&qOLzAcN66zdvOZBwu2Pi7AA(uz71XU8$6SO9T!u zx8G7L5*V+aXG(7+7nn)b6-(t4qfA=XTnj{>IV zUy7(U_ySD15Jyy}(HEjbZvjb%4+uUescC8rWDq);flR-{M-fLRSm`w`zqQ7!L;^4OcVSJrhIyoT7&n@_v!vR_MyYDmYSnv}zjW<$7@7>bRQg_NcjBc?Lr*au~#14fXRQ&u(pEqqeRMd;}Y*+S1jWdhS zcIj>Cy_C!UV8qy6#RuhCnZJ8{?!=F~87^}l{Y>jrcroiopS#QFUe(>*wVjS%SoY!I zh>>qy`)N=Vk(Hc=M|J8DO*k8Yc@RafJQs%uM07%+-r@t2dbOhBCT9I<+nciM%BjwS zeNE5mIM&lIi;*2B`aI|&JK!Afi1IRBvt{~tKEI-J5Qh`%h=C++saZhYOyAkt#F_{M zNniQ&Z>#g5<-^ZHCS`a(+gm*pVP6 z^|QF70GnT8BSM1!%n58FGA^94f6=XUtg6aTkD{put61Pr#!d!^64Mg5a>j-1m2mPR z&_s7NB~Y*WN->)H?-2{K*WA*F+a*YjrtPNL6|7Ml->NWn5>A5HIru}-{Ug47Pz>0= zhkPEHPp~m`fYB3~%UhA?wxztvhMqaSwRYW#a(o}rSU^VPys_S^5jKLl3pEkn8CdQ5a(IPM7BiXHx!OlCAq zJvowKl#xSLKVLr3<_z!b2ZKK5U+u6$TN!64q*!;7-Gs9aeybU24)Eo7Cm}&>l1e$n zpt>S4fj*L_Fsf-+#-<&(`Mm{^k;M6ohFOM)Q=fNkbi`ib`VZ2?^ectz@aLOXi1=;> zwnUnsPnn4`|JvlkeN(=#y!>KvZc5aXS?5m|9T_#c$%=y`e@=5)v1Mhm_TR&oY%x>x zuk(BnFt2bHmydJHqQTIW(nfI@dSp^iN-`qQl9o+XQwE>X#fhRAEr$$`C8d6h#_}Zr zK>}cG;thO>{gAC6H$jx6gyEu@}GzBQD znQ4j2q3(m-C(sVeBNI<_*nbaz=s&8h%ueI*l|D(*I*B@f;VG)4Z6#$yIVI^ z8S>uy&EC0@p-9b;$k#8xiH}l8eyJogaqbEaDTd6guyO}^K@h^p-~(@;M5&OLonxOx zk;(kxz0vs)ANI_h5$p>?Dx@!h&?j%d0o^#! zVo_IRWt)~dx#Tg@nAm-MKVM|W2&-5;F*AR!h0sA#FbgxEmC>PgBOh0z@*+DvLz`I2dYnQ@a9SC1$|0xF-}np)o%;>7Y^KNQ zwkBqGgDgYJAUg=O!;Q4IZ_y zdA<0L@dF~|ZsUz>Zv40qrMT_>Fr$dW%p#{BF6Oi8*L|nY%mP0Fq-zoKxf2&mWB^)u zUHhlE*G2eClwSRam%}x)PKaDR zUJ2aB{L!#SDp&lJSc~Y8<-P=#km=W4X+1diSWhaqasqYjRXIHy7^#$?s;e-n5qJKr zKG`<0GUEf5M|7njpU1=J%yrBYppSz-D{6s`sJld~$^Qhvkf2Mp5TNL+ty8j&#=@V3 zmjB>Lh5`Eo0jF|1n?<9;d0Gs7UauR3BEW>$1?Z)xtRBW_GX(z{Lg{6dA3xSl?4orhv;tYnJ?Z)Pk<7m~X2Ve{K{CAdp6{E*ab=ulO~xk!k!!Z9F0g zhBl84bT4+Oao2dq(OH;MSvI&X$9yujs|kR`K+$JfSAHX*bqNJl#Ft3BB5qzq7IvTE z!#gR^{IRBA-|;Nw$BNEvvCB^|sWT5QuQf+3=T(%_gd%>|#tC!Z+54ruHC<_KEkmOu z{|xZFp3%6B(4TjbPw#Vpm^ia2eh+eMekpcZ8MZ?4gWTwpku5jX(V2l0<4j>I5%wN{ zK<;n35jdX;YY(>yPpuEUKkcRPQfRli9i+mLD=@*y0Sv6KQa@8&YZ)N;`rxS225lO* z-xTB8@zIqe3M;YM_}w=svTglho{ zusVZhXM#+f(H6q(Z0T?)wg!XQ+^>|PRRI^E9 z8M13tz{UIvmgEK)OfS2QP;+PPb1FZ-f(5myzOCIg4E($c-t ze5)I7V*x1k9GcnH(2+~DH(WYpaL2+i{_qg{2~6&x)8pUIa90}BOhjePqq%ZcY0rqI+N2W%umh= zZ{9iaM{D2hzelk0IlF!9J0;N@or{h(dbdwOh#EGN44DEgBz8ea8Hx;<$|`w_gs^q1 zK3;cu?dx7WZ%5j8J*ZBe_A4)A@1pgAfq5&N4p?7Z@9p3>ifOa!@`IJS-R==yR2>xc zA1%Nblck|&XBH*@H1)~S$#+Vku9nPS@elxMl2jo>!z4BtJLyo zjDzd9e4s#zMiQ+?v$O3=D(qopMT;*IMx;gOtTMXroj*UnQ0(xnD&k?WVX2Y@BfdR6 zJSrMDZu|RTh5_oS*KZ!%Nkr=4L#SdQcxOP7Zw)uZ{YLTC?Js zTrb!*X5qqs%*(5+tS0h!C`(cYm9EpP{rb9vtLX>p5&o7v#sWH&MV@|CoEdZee9Adf zvr}EXX6{P3_wH~86TX0rm2jh-wtGVi+qczL4!MN>dArX`|5zqxGEvpih_L5+w}pRIcRQ>1Hb&$c*JT~ z>W>B`&!PX>uY67KgB~h@!R*l+M5SIP_jJEk=cvX!ec zWlD8kL%+wxnfhPmnbdy2_AaN@BBjZZhkVqGrzx#6MzYTBGYv2>{muZ>g(maAef=r~aM7i`qyZUyX+lN-GmehI#f{h3m$sA#%Fxh0pd`Z` zt0rk0#o7HL;U-5#KO2T+j`r9Vc4*}+tHe3a^cvjpD4K4lGwwq{ z4XcR*MkHJnJmC&4x{kCUmqT==C`6P(n6A77(1V*VnaWqb_+sbkcHDmu@={X4Oc$2e ztAYkdAO;1o4c^jVw=QmjYxNwCDhmE-w$bAQIcI2t1M8Pa9G8NG9Epw)Dzn?w{x#g87XG zuIF$-vb4=P8i#NCw3Tflft#RDdV%{$1+t@Do{}}i`q{;(8&lrFq^7ofs4awQUi=X- zC9>7l%4|c5K2f9_ef36ZN$$!XE?ItsmcjH=k28!q(b2g}2hgO+-llHBJ9q4Oh*8<{ z=?XX!3jHF^RD<9Z8!pvE2My}Uc0!Q$nmU&C!HvwU=^z=?MC(;tTgOB3a{Gh7Q<&yE zT`9Fu#E9fFrUGKakS&7NPpUUo#EGnuWd1;+52@n{DMkfMz=CA9Ox3xMbRUc9J_zEh z;AE!6`wK-H;-N6qP4jap#UfV(^R= z``fP3eIOo>fq+15&L7=5&~cEa;5S+Ybj zqFLKiQ=I{B?%;Tk++7Zxp1=!i=GJZ7TC~jnI&}f(oBZ`>7d?;*#2`_bduHAZN|}eH z)%OC2`JyhCVTqI*+$O*}eY3P@arYLli42Q92Nm+~haed6EPpQwo6w z(gqG$=ZK)=HzSpujJGxON+4_(NQ9W4J_PG}IST(2<%qULE6M(69<-hP52UF+Od_ggj(HH@% zm}#F-)1qMP4W!x$WihcgYmioB|0phgGN>LcyBqP3@(b!}e}XNv?$~h>k1L!PO0j+uDE*Pcy;^ZbvAAK>As&5w%~_t4;qRGPp=(#ijOb0 z6*RJZ5J3@G1Ls?lHUpF*c3Bk*M8|G7%=cEb+^At)qN7yYjL> zfvzaZI5Cy~=E)F|8JxDD+`_+|^o9+y=OPN;SwL%z{5&1r+xuwz{K=br z!1X~ns2@?p9xh*R7I(s%E(*Wo5PD|Dn06dGbTCW!YJ)Vr9*5BYLpS zI}X_;3}3Kf?yPH9bx*CVU2J63IL5cvxuxTNlv)ozsTC03^-}s!m-d&s7frMAoK~H^ zVA4hVLGh-~*H<+;aw0p$gE&t$_LmPi3V1_4~j6jb@{W?&I~!Y$kd9=;~Mg>A=y3E!NvQ z<=aFKKUv{8_F}N1O6I7zsj2zJg@*qk3)>%px^!Y*gh6e_=fH}uT`za)zoXkfPl2D_ zD`e;2Pvr04w99zh{{>z5|02hxFw@p_SeySoANef52)2L!$t|_+|9*!29n(hi@_&EszyD&n z!T%lCcWd)?jY|UpSK23d-(5C0L@#%4%=wcQfo;A1`zUU0PM;D@ve1HlP3-+m=ARgM zd(YRqz1~&Z-al`>vhq;o${x$@kEvDkd*fNxz5J~~Kkff4tg*Ykc-_g#aR{++Z5e?( z@(LSe*xJ)R{oActdHU_jLv1$4Di5AGhOx6=!3{!^>PRxEH+Kc>L~vZ-8Gg*uo|c>m?I1HH1SKRK$zQ^^m_u5}oo zu8w@7kfJG76Mf`IF4E8y+at;4m{kmr_+1ob*1A16*_$SQ0U_w z(MB4$kx);QE1jid$`-Xq;HMNw1=wdPP#GW z(9YzSh`?|_9nA?-kuTkdrp{^ArcIL2c|NeUdCOni`+Nm8mdv#jABNuFRY5S{RZfG@KuUNDN&lBuseUa1Ycwtd z)%`4ULC>_X#vRN=V0G@kpB`H>_{rjV2W_=NSSFr#Msv72ZGim&Qnlch322TQC5Gt^ zu5n6)jO@(rF-zv&i%SNWUXmOnM+LwV#53+uu{8`I!kOfCfs_IVu(~SDpcP|Y!hPE4 zqt`ybgYwPComqJHi|JcXZO~R^jq^NaZlxSwcJJ^Q zsu0SWi%vCK4@oP&>$`e`cK%SY4q zKeUUQYshjKO5PCTp;Ic(yY1X*gaO0Vtug2uEL-hN<>#4#K?we}A_zD$95GC4B+f7e zq3lG&8xKZvDIc7oie7-@;pO_IpRfQ9aOOyJIuJj- z_5FE$R=Ck^E$S%qe`A~_qFw2sXcJBn`^aI!1aZUpwzP=SdV{6SVAQ(|@CHu@{|KY; z$;q?D#V!F4pdc6#|DX>>&Y!~a6PXw6v{OVyWqEnZz<4?Vr*9?U21;NpDgfk|PwSp6 zw1;O*CVC;oPiuvJUtaW9QavrKUtr#&S0?c&XyJ3NjktE}!`?r?d&{Mi0#5!GP5z{1 zyXwx(ne<2bvu=&Z>TpFg(;8?h z@j0hjIMODf(tAl6s+cCbNU~p%u%YxD#fa7$D4+o@bQ@{z_wu^MH+46)?%p!f)Oy_Q zOpP>I;U^bdI&&i$K`7+D0c!u0J)5w1qU_~u4M}oqnvu&-f=dOJP)oxVeiOuv5F%sc z6NoRzVV?P;Su^Jd=URkv!n{z}xi;*q7np9*W!YdSQB9M#AjG10!P0=ar(v0*0$mDd zsu*uB12cHIP*+I#GmeG3EVHJ4Eg&IhR^BjdX{Zy>Ajn$+bDX^MZVoGyZ%3fIWVq(& zo#j|fL%=4B0OBMGEf?!YCd9i|%Pbw_6Wc-D#brcc2a7PiWJw`pCTE_=y8bgfHub^eZj5V@?O~s@@V@2yISmBUW zxdjCU*ZBjZGA)wH`^cv+SJ6Q^6{zLAmgA&hmAZHl2LWbQv`KLy(%Jiph*SE`IR}mU{joaQxS$X zdp8C5KZqj-_cV@Op{9`!XT)Ffzv}6*X_LhDKvqmLGwUW^eDpMp%bG=BxFDGg;v!@6 z0-NjikbPe4ub?${b_T1y&WeuP}^2kU1L7z)Wa9)RsrMa2mu%`i(hyZJ;6OrK7Cm8p7yx9HXybvHJa6g6k=&xl@0QT`TCq37Tm~! zk^z;2U^ETgxPo3#B>40tBcS6#!RbL3%C1;*V-Z3(AqTgeGZPTn1AEIvJ2b}+EXFN5 zGGvulo!E#t333L@xc!tTwT8cP;WaR5|`F86h}z8 z(bBTUmjV~j{|He`L=fvy>GM}2nqRRh#HRv~-FH+iyvc0>S-eXp(y_{V3P~I#4ivt6 z;IxV8q%nEj`}`%5gPA+qZ^{u2Bi!K`Mn~JzOoDIB1o69Qn=gJ|35t^az@t#TR8~@w zf_b!_XgB!oGDifxQ^&0m0|W~h12r!B%rwpjcL(K8;{=lgC@C6P0Sep`d+GCKR1sV@Cn#R-LG*`)N6V{zG?=Z`^W8Q~pnHdh2$9zr=qUf{Tq<*D#<|1J5_q4l-LOxJv~3wor}@ag1+eEs?1l8Rv2oGdY)5 z!;m3%ye1i?+_Js00oUbx=3}#0Q5{eAd#)Y%oeNEsdH26p{`qI71`kcifW_Ipi2?K4;Kc2*nqTr50vr8 zvr1%!6o-=_U3?dr1SgUNZZt^NxldX&Zfa3jS7y)Np~4P>FsJos*|Fm;qV0GN#gOIt z->;Ib&FN4C1Zc^OCj=?(Jd1OdmCN4T3ygH?D*j)|Ac)Br6>gY)hI8~Uh@x}&dHGDy zKh1T(Kj!;S(ou8pM;ra%0Cd=Cnt4WIBoH@x5s|p zuz&`LSgbX5wa%fZnU@O9)QQ)$gu6z9bQBCumjcnA13i?}h=e8a5E>=m6k3Z?Ce>#^ zWI!Tqbe;daZd|~UeIUtuH4GfpT4>!?+Ix(ARiof<`CFdGs3|RCc zi}MyRcgAu}S3;eUnIGi3li{D;))&gmsCm~mM74dTBBQM=e=9(=C%IjZA3r`e(wra; zkmVG5jC*tm#~%&IdZ%WMtM1J3DQniODZrxP-L$<%_K;rlyWP5WJ4L;8M6=2x@i}9f zzI(pofpg{)DEpiGH4AKOZ37IQkKR1&Qqg<2TZeexqS^Esz{L}Rai{ED`8F%u(`dJr zC151ihp5AN@%ZVrNCdzB?Afp+#Y-(-5N~xCML|=a_&sqDg-dzTG6GH<;gn?p$UZ7~ z&Vi02c{GN4(e=|}bH7p8+P2la?Zx0)N@rIdFD+Q_sydZFzH}XWJ!JAB#P`&RPmYbz zjQoyLMuxpd6o(kx=22J^VFMDoV~jg~&TLICr(pAIQ29IW1~Mjy2CrfZU79#JttVAg zRcXJw?MNmkfsidirded2T|5fHp3S}taFUZwe}m-h;nDkvo=kYn^|*L99)-OtX>n3s7C0Hv_rVByELVE+Yq|@Sy*-gPc@% zN%&h34{7fB(KGjSp*8P0?B$B1@mt=l)1wvedZ|a#as$e;UIRrD#PJ2)9baV}(eY&H z)Ib_T%Y16J?wFJ)Ir@%pnXHC1-}*q9g8<% z-uTUK`lyEYU`stNw(HzE>IZ*k6}Xca40Rx7m1_VA;eK6hYD{7;UC)&XM+=T<>3bMQldz zoqK7L#q2MCNPv;_d)$1%nf6tvyd+nZuObmzx~-;srTR8ayG6j*`vN%BP--sbo&~bH zT{~W}22n6ry0i!V#|$6-&n`TH77;geqqdvkGz1SgSv4Aw>4f`@#7r zmkXOq`F#f77@m~M;0=~K@P1Co?EQcxS9yc5=i2jpYVW4;i7;}VpcrS)#G&ql`SQ|e z1AVP?D~CIOYx`3xP2|odHG{O0?!3u&TO!e5a5M{ou5sIOxJ&R%x9S_?bNl{9ub@0N z{ZQ?&Lu$rqk*Td)?5W#0s_^yO`nk()4O7REBdL&9ETkEgOO`^ zE!oxk*}5;Sk}oGs$c-=N-qvukox0ffS+r#n5%W;*8eG28N!M-?D;Bm()8zB}xX#wq z?p2*9LAeLtTVa0c%(s>PEj7f>vB|A%%)q4KDy7$!4=$V$F=*CcSscbq{d#OPK(I6B-Tye=|AA2Y%UZj?;{rFrL z+6gnOqW2Bjm{tr^pYo$y9?G8IK9}WtqTGSHmIE>pzi0QIS(EWHhea<$($nQOx}Ab%6w!1 z6Ok^(th1dui?F-l!-u1{+86zTL&R`g(Sp8Fr=1bKt+D0kcR1cCbVqXYUj)jenBu0Z zw#;pQ?0mJ#rqt6s%|dzu_@ngs%#+e;?$~?xXLY>+t0{d% zxAiygP=W2kOAt-QC`i{hVk$(pE^PnJIf^0h-rAt1~wym8-smckDpwty)jZQ*Y;O0Uck16W^rFwz^L*D z%qkL-yXGY*$96d~;Y#z6p@&y@d@!ffqsBLF=K4V+9R4zh8nei1SKBq;hG&&f z0k?oq;tZB*kHcOTI}M6&)70zC47x>s>28Wl(Wzur_|%RYNIVMObO)lBv*NIO-DVDF zw)}J?(q1x2OH1$0g~`3M95o4@P+r+5%Gln-^U3> z?91Y17yB}J2;b#aMutYx(+B%=ldSkuvQs#t?C65$+||M)tHOS>nPDL04+81Z)OF+D5xGK1QLNk_Rx4+*Z* zT{m+xU<|k5ZR+sCI@LaXWYDVwvtt;N$T~SXS#{!=)-Meo9KaWE)1kv%CL2rGBf?(` zngaa4Dz~zx*|OZEN1nVO&XnZh#JSEDP-%8JkT{Mts(nZf#&C3*g}BQMg^&`v%jIRm^Y6g>wcXSn0L z;{5Kn>G|Q2 zs_q{_uim`bNs$5;CV-()w^y-e7Vl*^0umwj`Zv0C=^`(QchWI*aI($wED~Tj#VKdB z=D&%LJ$LRHHW&$05wThS#5Hrdiv?=rzPUeS$DZ0Bf6}qY<-|pqGtJiAd>k)T;AVo za0C7kdNt0hp$J9*_&Rx8!Wlu@8|huvmOOQ?iUUx~b|#cvFqol*0iP=?UlYBH{_l^i z@FJ+(Ecp?@+O$t<)eduup5VA7lv&30gw$^}c30goPI%mTH=$G9KdQ+oNSL&{(buBc zz!VZmdQe$CJo`!bS#xlwknnJob@P0^yey&<+mx4yc!&)#Cio%pZtjj2T<0_NY}&ut zachr^saZ0*a89$KE{m?$b6KHgcf`8i)Nu2M!Q;0$R4qMfYUAHje?dfG&Gqzviy`@` z??+@;WKFdg+F{Tlr5A}~@7x=`E_b$W%N;GxwgZQx@}Tok=hoKDu`w>J$UX7!904^n z7M70={zx1hH8+OfiG&{&hN0#L!ujvAI?wIHFp3mNTs9U&X=5v^V)d@?o0P|eWR31_ z+UE7g5oXULKf68+9a>_0DP8lAGiS0pY?ylc#N|;X%eLQF&u;Y zwqCg1HF?{AH6w-H$wT2+_VU=dso$?}U|yVc;k4nDv3vLQGP{vCpkx*T31A6Y(Dr#`rE641CODHd#wr)AUU*Ooo;^%rp5kbllw}cV8F11%>t#KA0*8 z8dN(qaon`G>REVEw|}|KJtj9tpRAyhsZ|?WmcGf!&ArJr%RYZ=JAMf){?7qRw*Ti$ zqND$s7xnA)4DVj=e>=Gy#>#*t-I}joCv}h8M%muq+o18Q-_w$luiqSd)cGIFe60%0 znSP=1*tjQLeL+Q=WR!FO2t}`dt7m>YXf*C$AFuoPE(f;$Z~OcI$M0u`*T4Tw#b1od z{IBqYB~{pn-}US3{_}s5+sM?cW&`7#l}D(&Gfi0^qyD+eyCGRK62FhinfX6I%yy_D zla@?v+r`gWchW&AYTE69{JjSb*1kJ^q`%7;qXq8uJO;Fl+_C=Eh|GQJzJdQEzbW5o zwAs;dr{SPK4y15P&<_;ZbZN5JrFcR;6^}iu*ROMWQdn}I{W}Xn>y&0ZXt6gq@`3fNBC|FQ`k_V#Fz6v_ow6k}D~sgj+vuC$Ybz)zDJiDK zqHEQCjvNKs9BWJgZ0zaNr+w>2QJgxZYVxn{O{1uGn--3<#vHBqh7pf#2A7nSC_W3T z>+*A`tNn~92E3-f9mXHyOQQtv^yYnP)d!R8#Jf0_aXD%k?T{Uo(E`flhcs={xG^(MB_M?YABV;;+Rg@= z4U8ztLQ!zwUp^1qE|yc8mcsGQV#A_!&>WUP#&}aD&EM#FW3nKpKyzra~ON&{MT#rc@W|lMDM{GMac1b?9yzE{*derCH z03%s#7{Qey8CjxFKrA9zd0T0h*w%c2BAU+BD*6m_LiOl1juJ?!AZ5$)<$aNQ(hoL3 zbj0_)MPh#r*sjm0xmZ=E(<4gaHHA4yC+LHWKDZ0vV;?t)$6z0qF79ziVO8J38`C@O zY}Pg1D#%%1G|o1$sY7YFx!T1EE9R+BLVn}WhvREB8bnmEA0bu7T+8NcANn)e zHE{}RF4|xjHOeP?Si_*%1bFd5F+^8tJzj#>jJ8^Bn+cvOsQ(F+k3d=J<#v)RNu?xF zzksK7*6!@>;r3>q`KZF&0`VN_bXLROS*d;B8P_fRien`x9`Kq85&Nx7@38+sLd*dg z^euVF{i)>r1}+)9&&PXC=XM=CCiAnS16(L=BqbFlY{bSKh>F(qo<&ZXAmO|XH1eOg zJ`-DIJ5d2k)+fI^=h{Z*3^Y2BrdQ@LysUa!oaxcHJh;b0P;Cz}H}>mzJo#h2zd}f@ z7_5EeyLrrwWm{Ek7l*o3o^W4OXB%p5eEd{?P`K-Tg$VE5rE9etzlh&k=l8Q3Q+XvK zFhUE=EoGc_NA2Y;MW)5dgIbPZv(WGxK;y^`nRK8B#r7`#dpTk74*|9S*cWdqJ)b>? znw)xiu<}tx^30gAzoL%m#-mx?JiXaF<4k`D1J`hJUrD7?gQT=KOPBMoQnIr*yE*;8v6bWVU+` zdLB3uO%^5Er?EWdX7yd?fAD;MTI)K0-f=|k*D;R|<@@g6KN_cmcO5eczP=6ilmSW- zB#+QZ$3GFQL%t=STwa4cqtvO9fx;v`+smsh58P5apAltad0fj0Fs2$-IEGAFpp3h_ zck4EvT{4w1mQWBzK+!Z>zg-vT1BzMv9^_jo7SLM7egAmPFZQ&-1k$@jR09+fO5UKu zMQ2KFOIlU=aU=?(muq0@fWT!5U!L`-ZXC7nX!t#udP|;<0-}o(ybt_K-lS^@tcx#ZaaCerI9q=$(+5oarBKczA$yG*)=f z(jIDx-i4ha+W?rDX?O0Bf6#hAho4Oo`jOY@H*{?eiD;mjUY7P_&LhNLMco&gdd*=k zp`y4Sov?YnFkB=vY`yoSl3teFjR45@{@+X1qw0}-OUZvOi~rIE)uWe6*X~D;r*H1! zur|KU+3=GmPpYeU{jsFtO9VOXXMI)M&7NI-<-mt^Ba|22(#=nd+2>QV;Lx|ZN{3#r zvr&7r{#%{ZXJ5i)$quyOK`CzA17dIvfeOw0U9L*a$JB+S;0E85QSsdVvoc4*XVUDdj9X(5dd{mu2A&PpShr(P*s0XkJwB zMn1OrXYvA`uvzt6@H>`qoXZ#h7My=THl`Q0uqIY^7Eb7oJ5tqpqr*H;zFk+_{cHXYiMSTpL|E0w~UcL^A;T0GAo4d zg28tU9gpQxWD3F=ae-YK`KO2*IQhL4`dTRFAkA>cAF(+=W)2ebJUl-Eb%mre^L9@B zcBFeuyDBnH_R`G2-UQ;EN{hSaWT3DVnPIrolwdh zN0E}ck()%o3g8WyK;*y+x_>4p;U1k{Dr>*#_QTVC9oR{1D@iVx8z%b#eqL+n5PA8O zSMx8e?ws$o^Tgap@A7}^;yef{%vKlkl&UdMSH`?2ra zw(Z+aL_kOZ9-OemAj31h+7$qF%mFJDPklN=advUZah(5-K3xSo3*Il5w7G%`gFMpOejkccTmxkMVj?3XMC2iG9}$ih zC}H0pT@_VT3tX9iJ1t!R<0T`wP{o50=Rd?`14F~e{euuv5akVV;ly_kVvtQSx#l0<+)46T9ca@8L|R?^o{ z*PeCH`N}cOpKGlzDjnJ1F2epd&i%nZ z_H7lfY-nHtKH(c$R5X7@q!|f2(jHFtM;EvjcS0bA*%RMOW`0j^e2LkK_)g?K%qGWb zLh6e3n1vIL>PoRUx46t%pEjq%h8%rPeSoi(dPpuuk~Pr5S4s}%p0Sce2A5#z;^Gp; zR6R^fOKS=v<>xI7U<%ptFD&fEV++k(E)Rva3f?ed6fWFbmZ915X0O5tHeLKD*61tT*lXW=LmQkd4 z7?Kb;+>aGctO3Syq5b9i-aOPN09LeDnaG~kizeV62pDn~LanAbJOe=;9JtlcsEPWB zIL5q9jXsSZIhv_WreS?ZqT7bv97-1JmcsmXVVPKdf;b`tz&(2^L5bCooz4Z!1tiEyD(%y7HM%t{Ku1SMA+!LwzTNs6 z5xR+~!2;|lm6*d&`r%g+%NA4;aN%491q3c^;<5y~7*i=LunrL>PYceQ0wyE84WdkU zdUk0yZt2=+T3}^xafn9h1M}hj3!#}PDlo#KvfgdKurQD}c&VQH6pzq?Mg^W=rAm+r zLz#=GPn!&;{Y!b{)Lz*7GpiF4?=B4#ZJ(-LIr4Vf;3DPoX1nPKN4IE^Dwi!SM~ z)ba}AXnf=PP{sRSEx;RpglJ;OiSptYH0sdWh=3zA#U~P$3m&6_%~o2>R#!_zG*ehm zzv_fYLpAB^I6gI{^>gA%kx_TUwjH~#J2$Yp2@h=gsU>>%T~dPB%#LS;)o=+Mc)SpM zdGF0z2dpG%(k-KX9GB|59Oo;lIGe0HKYO%*m&d+}0;3KvUWzl>E(%QgmA}+bX67Ba zp0_A0LIuRdS!&!f4elppV#6`0I>!M+U7j6WIb~`4^RsJieQcKWt)E;UZ9omY1%VeaVvH3di6qEt!W8!7 zWH^j|W%DL(dhWjx#Rl+;PQwdHJKN|4b|%ufWV{U|2scoy<-(=G*9B6lIL79CY;h}G zCg+`Tf8(N$I&qA&%_i{HAwrR`fR!No!?e<$hIl*RG085t^8q;1E?j>2%p*W+{}R_^ zG9v&GsP`DXAvPsSL;PQ#b1j43I>O56g?f5E^uN%hN3gd7Qu>%}%mW=QB6csCrok!MI$PFLsW z;jgb~?Rq_hpl(N^vK>;EI!$`04hR8GN+nWzqe3Th4Sjhs2=;>6hotmI)$`0Ja=DOr z=;fbMRZ(%xvQ$E*N;}cvwd~>h$yTj@?VhTSe{dw$LB9&=L}KyHha3dSMq2`a2&K%( zDQSnf2xC;5*d)xSE--IeT*`Ln90uS(z zH20E4p?_YUlrQ@|6jEq6_>WpExby%}3hX_rFS+}Lkv|ik32-meFwXd=DI%H3rTzV_ zqC5Y*?db;0(T`(d1=VLU@)gLyLvctkPuU&EJt@!Rq?($JhB<}Uz~PSE!06U73W1&+ zLKJYz`!Q(s(|g+(6Ww#LNJ5gBAgjE&gJtT4h)HGhEBq}^J00t}OF29~SuHs(_F%H* zVg@l1fgn^NeU4~Ep|teXF4<>lY3Zk**^iGP3r|$`yxwlmOcISV3@M1z+g=Z8#TNLl zEG;e{v$h0G8Wgk|!VmQFhoXVTvK@P=K~y-|GK=}a*{kj(Y(dxcA^$kXO=lPA5)1*0 zM4lfC&m85Eb$yLYMOE~8a`R;v@pQNhYy$as3r&Sc1`-jt)jrTjDjh9gV}%@D01o0T62p#~8e%vB0zDYl1^mp3 zW>^_*q#$6xB?4F`O#vuiHHVWxYGS$vnP-)nnhN(sonw97y}j4T6fOQm+z{(7uy-$y zetGuh$E+qMv|kvIzADFtKn%JEg;Jy`;BGDI`u}**5w$V=k^d$#c10FCUP1SI-nxzA zO{eTeo0CHmfT zTXx5}+gW?uEp?}sMIKN|WH5!RB$v+bVi))nf82HA!(l=)1KsG0)cj`zN5HLH7QmN? zm=a3ZsvI6R5k(x~p@|9%t`;yMB<^5;qoVW)&O*<{LUnzAG z{YX7KByR?Of_QHhVCYwF${CvI zEyXshWg-}AB;_^gi-!J7rOxC0fCmZGNTvn+LfjYXIRleQgZaw#{Rce~9z^2HfVHv_ z{{gkWD)1N*>@hkf!G+8f*h7zw17(uJ!&2~8H3mS&VBZq>1RAuxc%kIHBEeQ+(dzsS z8@}dqp6I9RiyQ~V_yMwa0K$s;`rK~QKL{5O5pp1Y9MxUw3I*)wh;$v6Sj%~gF(q{3 z+l^^+jx%U3MQvEyG9DW)A&HP+dG-v?NNWO8$L-Djni%lP!rh8hh3(R_F@R|cc8 zuBrDG{B5k_Y7;Xv0$aBD;+rzW6%Fajg5Qf`JK+Wx7wpn zok-7%D;W2KyW35lF~Xy)g^wo@%3njx)qazv5F6fI6-;8`Z2}BQ`NWATQ~*)h%QRYQ zonOC20Q6nIaic0yRnnFL9E(5>|B)Z}?`1I?rn{s)FUH6Bs@IpNMpa!BR(are$&~0Q zbSD0uEBx(S|KSc`%%*2nYQ$9nu{YxGE#j4B`5b+l?_{RD$A);rmI@uAS7R45QpM$X zuA{g>qw`>a2d-JY&1aB z-taz7fd-YivYMLo-pwG*028R&OB`=f2=D?T{A?h6huWvLdNFEqu2tOK0`(ao2936O`n~!p zF|g^OOVM(0W=maaP0Nwm{xXHvM(RswbduIyx%I4y8O4A=;}l;4^>1 zdT|1P9vQA%ocrV|MDHL?$RI?#k==t9!?@!?W%TW*OK~2@ng;zdF;vM%RNh))ArA@C zf0}gd+4j~3V!_GKSX|yNWl{;MOCCj?f+3v=25DGy;$(q?{NQ0W_Wt(M`B;8o=|+&j>3PI+%-hMz>3M<%>2vBp7Tax*x$R8u`j)Tog!nP-U z7Avx1%jJ;%{l!k}=r%!TI-oU8s)GDg>E5 zu_`1DfH;+&3*$$_XFp!i_X^TE?lg7DHtPj&&y{7zc5?@RQ4;Ph`+J2b9kS^Y6+0)F z?r<%=?0QhC3X@~m9@$zx$tLrz@2fcJ*feVCOuO`lgWGhle=R|J)LH=@b1zO^`hxC9%AnAZ?NGDhkIp%D<<8c?w~c!coGmsg4o)@Mpu^qcR=-+3kT z(iFl7B9W4a*Cc7%LI$jdZXqyLq{xC6Wfwvpi~-;v`{XU@$y5ag;S3luC$HXJF9TBd z|4>H4or`s8T5xP>Mp+7KSrB;?Y4}1&#FSk;(-jEYfFu7JA6K_+#{fBJTTX+zrGu7fVFYQSt@IBwa+tq~5}YA#$y_vEv<*`W+{npnTv()YDst0|F8g z=t&}qUyG$>grC;9F8N@Iu&jjszLRHBgo5AMS{3+jhj|PXe>3tFtpDs(=%k;ETv`)l)TzgYQAXp>KM}ovk#b&Y_s4<-qaRhy%4=f8)kdg_$(LhHm>DLD55BYZVLpdB`0Bhh#wqi5{;m0sPh7vWa zkMOz5LT)RUocqgln8xz79Qy{#Nu)dIG$Ue2VCaxbNg^A8k<`PB`kVQdf>5F5rt3Vj z$L&Z)9AZ;N@OGg;2}4_sBsY^Vc>W%8S}+4SxpHd8e*xI^ZAGqorCZw&!n@%-h6hAn z3E?bUI-He?`5dDNjpBc!kN3|v;etnFb!Vl&TzTg!*=lU?UC%I;#yTs>xb0--;y(7O zPQ?-ZieBePKknff|304OtXKsHJ0bZRc9pbhXT zH}Q*vD*tv0z*ZUTha!l2FyNSdmkYmbK(|>d`s*X@(5Mb`XA>BS;$}y!@dhP2Yz|&c zr#>ue%sr@@DJc(mC4AhK(3(_+anN%XdTRinlKlvfj58RP6=dQOf$IfB-`Q>mJ` z@R}hh5BG8KhC3>9L&9)DdWyXULWU5quhNq%kHS;>Z6Ll3X6E>yOhQ_Z)cLf_HaS_@ z82ln}$OQ-?0VJLb0|z^XHrg+7TVA)jei|(TiVP+ZVBu3RtAB+(4^Sbl=jKjxkcvR< zmTWn_6D{8-(b@DL(c2#d0Eh0c~(K%g6%x<=J}7kpw5{Ug!Dy^oF+eQT!GQ6kOo4)H-i z1XD+P=diJx0Vble_&DUBIH2FbVvJcz_RpDW;~qXBLQTe9LIVP9Olk2j6c2 zY))E_fomYaw@0mlb_!TnQ3(BuCj^c3cf{1SYow!EufRUhJ_H%XdXOiGTM?S4(Y-(l zMi8e&l}oHW@QqvmCKFrB4~Iz4$!0=eApP;Fzq^F|MuR#*?EnPP3VMC{@V6xl5`of{ z63C$;bOmI;+!RY8UWl6bQ9|vmh|!hh&{x@^vR=u?$3P?_F;)2Xy7n zaC)|C5?k$1jw2dfHp{uEM5LZf-XbTr8Sv#c!)D}>1g$~=*b9vfPy*si0>Fp9+?$Gq zXe^L^l!G5axUaMj$UhYDqcJ&Sxa9{UkT`^8QtO^fCSLetFM_HdgcvdVhTs~#X=cbL za52WBE10zXCX5(rPt73TwK!UO2ncqprR>A#kx`t0eR%!of!GT48~Z}Im5z_mjP&e; zU)_BDj~Bj2KM?1F2S=A*&m5V**wpD1S_2rAbV=py`e3 z(J3}GGz1vDjgL=Z72^Y_+6B=i0ArDNxy_BZNih<=3du{becIB7Ho7R;Z})_CLXc6O zjXrun06Ave4?S$mTL{m;5PJn(@{E=A0Is4ujvUKF>H&m+Y)8@^vGA#}65=v!+AC1E zhY!U5qe$2yeKqWN~^vbXub4<7hxqc7!ic)LBkJ@7N3K^8RMnXpW z>(d##_eEFjuy>R4Ugy7fkqpy?vm=ZkmC*HbXZ|ZX2%+}braacuLs~KcpSYW5pFe1* z?E=Qa-k{i7z2L5!iwm5ATP~dW14~;DCH&#M7 zfT50Va1ps)^JO-|u;jre2$+E`nLCs`fA%Z^HWFlT5h4eEAF5;(|D^x*k~o8f$MLdw zPUY)7VL7uw19*WAM#{a!BS+N-pwZ`__JUFwfea_kT?Id7Qg??{O6-2u^)`W&Luf9=2mS|bQ}7(DBm@_Fws zwQb*{!=A+V^NQVRHhLGdn!U;<>cs8%d)gV>S<|Bu`Yc(~X(3GfFa4qO#bY{m4i#6w z>uAc6$)eYfx%npbu4_te@G|_ zq)3yYi|NVV%SwYq<6rUSZ7YD8pyxDLy7K|S6zqI+93(1-`<+$)wVd?h#(W@G{-3p- z|Fs(UPj3qlMf3mo8Gg0@cOusg3eCe!f6Dnfg$r!&R*l513VB`lX&^V@zdx(v(p`-e zhl)EEGBVFuTluoH9p~A8C#|_eVkF5)@UT*obJOR?B1Rk1Ul%>uY_$Er{}@HYv<)g+ zqtkofV)o;rwT;zkZ|+Uz1{(uiA1WJY3=8Lk47)BWw|*8{K7ZaTq$<$(t+I>Yfm6L) z1S$LRqdr6pYzJ(=^Yt$}p+TM%E5~@_3!vR!xVU=E&tz6ZWd6^E&m@*{_b#ASDC4d} zpP`?WItD8rDskPro<)xy8DXL%I*Fbd>3Jk)W@f&B9{qLu>1InUIVHzC!AyYOF;KYl zAH4cDX1XO;@^C1mrcpeZ3h#ee#xr<3ekz`stSpLzWLX8Jqiry$h!~p#CDw>BP^biD zH~^_gA1vK5odKlc?mq;EURn3_`SY{bRRjyR{~oOlo7fPZgSOMBG0VjhImOOom}XnW^k5AJ~r+se7i=%L@Hdr0W|T49L()jk}m3Lim3a&lB!#&~Me^ zF)usR&rbEieS!FI3T?xo>1JEU##RNYV5+??6@w;_NNU7o2jCX{fZ92{2es5*d{@GF zIPF761@x_?_dq57rpz`Gge@i};qS^^$0w5Q49}mJyOL+6Uy3iV!Y$gfnAc6Z%EG(^xR52lyqjA0LTMWMovNF2YTb zfTm=ai1_2mtMQ2q#!6!Lk)4#x?%k0f4Fs2gECmA@!`mA73OO#RwnV&jkq{zPx&P`H zFrRP{70`vqhI)Xy0*k%|@Sy+PH}Hkl$QhADX@>Y<$u5E4Axc>Bizu>T$ZwogdIed< z%7aAoc^_u^#Igk28n7INP!)i2O{Kh?GB=S*4H!P|?fM$p{;;mM1Bg-gGWY#zI=kmnE zgZt_q;*b!%rLQUI4$|iWFfv@a8^@ElegL6Rhp=;FrW>k3Fq+UB2vuVJs!*R0GZL)p z3JIDjWOLj0?3peooj~Tc)8Hiw@+k1vkzM+kpDeh}&M=%s$@dvHTKFFc`kyoa4kR&~ z3-9AK;8b1cg$MwT{v<14E3kn7h5p;6(_ZJK2;YarBK?18^d|FOB}ySih68^zuwGE} zsS&|O82zYM?7RzghX6Xxa8{|JvNyqd;4ac^;bwh({am>25b`YHA~%HF1i(UTmB!}1 zPZAT?;#>fMN4(O0ZU@N$(eS{pi)DiZh3nkET7V7dGMcpw_K&9Kr^sQ$BSR7^X>+>+ z87xs~1LP#3K|y#D61iMhmw+^=#_^to6jL=z4bMj!iqCWGPuGb$!|3i zlO=42$cjN3^?i8w!Kkb*I>d#G zUXqa)Gwh{eRFV^N^ZOICWBu}Fxt3y=*URi*ki2_9ApXm4S}pstKl>-wE$OmnPbiHg z<5i!Aez|WMVoK-+)`KHvvREl%hXVnz_kGwL1De7-^`lXq_GRHw}bgOaMgQ zD`N$GQycjK2ooDD4=z?#2<~pZ^``=Y-UZ0V5(Of`H8Clpf6xu`>%RuQV=!_QNA1^x zDyj=Q8`$4bys@PpYovZgxVYkxtdzh98W!i~G7%xZEGa2b=W=y(L%Z^l(@tJWfmA|>V^6J{x0AvL>qa5wN~r710Pmu7Lq}UR z6pHB!%KAXx5OvR@hZw}vXI|Y=xWl3Bf<~PjKlH2-=MtNbDGH#P&||^NyVT(}rVdRM zG=>&=hCp-pL`C2A?rDTR6NssB8wWJmM4gM{0%ZaZfmD9S@h8{0d>ZqwpX7jeme96D z0;eW7dwAbj%mh+{8k6{&LFj|G`V_vLm?y6B2$9=;szry`sY6K%^EcaH9ysVkT#6F= z0aU$xgZJNM8IUZkJKo;Z*MV!Hd zC}Kr+K(h2#Ed@XTNWx$4tNH9zX7>Mxx9s~EFt>?f0+%mz-UmQ}2LSm9LJ81-$RFkR zQt-Y|3Q0h&1-25-QbcNysUHcy%N_G2a4I3=djMY$Up_R>B~0oi#P;KQByuA-9)#fA z?JyZP*qV5QC7a96@ts=RZ*A>`yMOG@)aZYjdpPNyRlEFE@%XVakNp$+#>L;im#uqSI^luV{X*gLVYz!&e_WQt9nsGmn22i>= zN%6>PQ|wU$!h;hM%^yBs{|OMTL0?K5u6D4&5)`qTB17$GW~=~1%l9k#Lm1Gv{DVlb zut8{`s!}8*6@o%wP;eDgxp+6~I8!itjLW;;ICS+B2zSs8)KMZE$p|kK#AAb>bGDGM1pO);&1jI%0!Sn1ECNh7&Xm%@NnFVh_U}Rf7oiou3poK9$%9nq zbfJSaG=aC%`(zqtu8w|4k-?%@p@~ZRlI@m;i;Xf%XxY7E>7@ z0VLjbh~k0>2Oxb&#vp(8cpA$7bsQX45o!y1b)XtWG)zgsaTZKD6A`D_w%0)Xi0=`P z-t~R9m-V4Rfo|V?a?c}_rO4g3^YdT(OTe3-TWmX__sus3s8iX}To87^GkC^geuu!x zhbHJKS%B<}0!9D^WV}1dj2?qeAtg73*wUfy{xvgpR%U6RQD6xQ(+OhRe^ ztip76x8ty8pXoKsO2+HGOU>TMvEdFsOZQZ_Y19PAdIr7H_IsQ=9|k@4NcM#;#nH3R zE=H@=YsqQ+)o_gHlb^9O)nm_yISelM_aKYNVM1<77(){H@x^IOh~^Jy3}yq>S|r=^ zTlFnCJe7m>dBMFRph1LQ0=Q3zbJ!CT*`?t3_AJ8#Ah_fKi4Zpg80o>KJPr06E6kta z`aTZaleoe`EBm_oHH8H}A%Ml82qtVOC^!4X7?=u}5*a=*a023Tt~rS;>RG@}wGO1Q z9c!&Lau@u%Q;F}jYcK8lZhjc=#tJ~55T#H)i_0GFBOKo3;<{4wIKij><94846|Y`V zdE-2tf{F|Oi9dV`F|Fs6zOGJ&uDUf-797KpS3InnoxL3vRxaJS5dQoP+}37&ovyD2W@N?~k@-Fm2069{H1SE2jOjBGrr3qVz zw=$jm|D+53RsT4-;Gi{-Mk8=%v#_XyZbQO(%ZG=!#UH3H_5+cDa0zEp`^Hf7oaI&K zX(^C&xb2SNl+8lshni5U7{}2&G;L*qHrPP{j?8Udq91xlx@(gwO zlaR({u!j(}NIl5HAtaqz_?|+Qgq1?bw`aZdsWYxMLob|^Pa-U^hK7kqJoaz|?0pe_ z`sNOxCaZ(4@7ymBoY!O&7D_%f?GdIB_!GGqEHI^X{lSZ<7dc(r=BH|JpZmTTr+WLn zFL3=LEGrRs6NX==dd{)bWg_X-q?%I)8Vv#flX@+AZFT@GuD{9^6KZ3~!A1H4qTuqC zD@0Yly_F#3z}YH#UjkD{N~VH*j4HQ2|4}sdhI>*iNBNg8`zFpde)tflN|Hxxb!@Ij zU+#{$g81#m!9?Q~pNh#WV&KX*_vFOpnzz!G5ct9k(kSBA`u)2J@;}nuMr5vz!}m`f z8~pWp_vU)(mrb1f12Q=)=<#KX8D zti9BuZE$JyZKrhq&(Z5OOr#f=d&k9#fm)(TVvp6$(=~2St`p^aV3vPuBJ;fatL7J% zo}coqt~Po2u6k|ye&aj2*1tBq$i~@J#1>=PzXkDOrAmk?zO4UO|LICSLo64}k8M@y=fz^>g8LXV(xh3N*mAfs^S3b%#zxE@Z3hX#OH z>m9rO+d{w*p(Y-ii+}@dIN)c+J3z|v4m<=Ecc*NP#F-4xTu~oCYU0YVYNDPwhU_R2 zc?9H-^}H#geAzeje&{&)90W@!Ra=>sB-5<-!y1C3<3hUJm?l;Rssnv{l4Ot>6n8qCACrrQe@qK9NVH8Ne`r8Z_VJzMO?ZKq}# zK8%fEw>*Uf8Kna}WD~{Y3m>^){ zu6{hTiQ)Ln2fOytIowvnln(|ZD~Oqs`@;Aek^v(4VNhv3%rgW}CozI{#@egH*!o$f z$dPF@RsNcpk)G?V8ZiNkf%=6WAT62xDpiV-lMICB{k2+9}usWgq?7 z_97GydkIred_ToQ-ABycz?uqWuD73vNg6zJ7=6V;m4GW$@8UdH52Wa4CJ~`I6m;j> z@wTnoU*;(I@7V_e3>~AodX{qf6PS&MPQKb1EdCnw|A15n6Y|?_tR%U<43#tZ7-aw_ z;4YlV=G2so-)MMh{&K|msHSV$|`pa~}(qnICq-l#pZ-}%Jug>!V0 z$cAcz+*(K}DnToOJ0p+>kqIMKfjoxHl*=24`vgYPay|Ks2P8TG#HeQ6{c!IVj10yx zAE!=ju>tH5KRJpaIs`~V`ao(Ke2H-ge2CT`Yh-arEFu!Yn@kuc#6NTdsQrn?4sM1Q z#$NGGG;Bk=H*yY0_lV`r4r%bQswhGttgF%q@DEF}>u9G5!`aiw(A_n}a;lh>bi?l+ ze-y*iFlx^uv$WMqPDR(+Xs}QZg4P@9Lpo*oV^bArb!M784}QuVvW%~O-1Wk)eQ7^j zXJIQ!%5tJdK#G7Y?I`kFDo)JO1Ir4t@S8Zj$Ze`2xzQ_iFWC5_@f-oOV5U3>G4s@b z(KHk*RG*(&g~C`J;RC=3K?__qV)|JKG~$-J%E|%n_Yc!}&auD3)>v-s@Hl$pa)}3J z**3v<(wmi5Q$8nX+a5E!obyu8?|**Gxx4xr_wk+CwB}oG%G%tLRXXycy5m$1A47n* z6qUjgu`?Y9{}dF8YH=j=&+qfU@;T}NnnZufOw@mKYxy*ht2F@(rPC(b57Nn*DeXT1 zQG_NrQ4F5niK}shzv#(cbS}VkvgMN@w?q^pijXS6duv%)ucLM~M>ND3CJe4Vz{159 z2#(eSR~xYv#V$>rj+%usHV33Rz!ho)n^#zwOQ3RK9;2rPx2aXQ8U5qqO>>x?bDuri z<^JcAa-s%Oe=^bQHIT`8O`-RIqRi&=KUKTtTiUItsP*5lFO&9USPPZhQ@TMn+9XtG=cxEy)7V^o{!;a`Op#>FBCfVb_`yn4fqe1d(PDTpMmT7Q0ps?kFlkgivsmp*f zQR7s$wQT^Ha0H7&8ep}%>H49Qxu(0b8e00xgH3!bly_e_$8MwuUc*BCmS#S@j3GD1 zgOt@g*JPiwKjkR>w!UY=#pV9PJ4T}O+nOZ(&h?rKPM%mDBPN%>;zL{~pTyN0W}iLj zZw~6{PtF|fJ-B!7ZOm!t^)Fq%tN@!qRHM6BenNpkvSy^N45J+P2g_>8%ZVi$Ead$R zMExH<+FV~>9~Kryi8GmWL|zEt1nXChJh*+~j<^A76i8Ad^HP9*77|f5-oB;7aDcHwE8}ScOZd$fb8NTpw6A(2ltVsCHnY&_xP^2IUX zFu#J6(;i&xYvHwvP{6wXm*nj|;$5nf5199LErb`WdN48^mmw?CCmi`_i{yrR$-04| z#3ze8YeuF;>`O15wyU|rpw!3~D#PFxrPyVx)My^BySy#Jeuvs&ejyI{eWz%qt|J~x z2#BQYk`cs%AD%qchQbQkgPVxB3ZnPSakGm{N-6@dalVw&eyK_Rap-ls;njaUP3E`e zUh>IsYBUS~{#a}~Wx&(7DRH00k*(2G^42!Y$13f3ONv7xPaN(ugXn1xUhvvk25&7S zQ4y?N6aail0VS@@wBH4CLZXGFyHU$_X7Bovens0Z15T?zdN230t6nWD(RjvdK0b4Z z!M?M3uzdfcPI>K*CO&owlfC&(B(vys(g@2tF27%NR%J{ zLoMv{pMM$fIdLWVuK)b8rd$8+KfjMWEt~4z_5c2>wYRnLTL1fB>c3K;3GBEHrw`@| z0p(Q9L%b}%j$O}a zy_5YTu76I7LCU{%Rlum+eY>{vGe`F6$x287*~{*l2!`K{~N3PK)}zhd0yCL9io ze^UZt7Eybx@lV~%RR42|{7!a7ob!T$g0Q;2s?ryCLaOLy7L$|d3Ji<}Jxkp?_4M>8 zl)%H(n>K9x>c{uF2}!#d+Cz6o!NtWg zq|I~nt$=`(heIPHird3IevNPP(1mp|@4dR)k&#+SpF@=$jjI*qC&zOn*iF6#IDE8M zRgdoYAiG)Qn~(X6QE}JspJj!i{6%v$SI;N!IbmzE=G*p!_`S~t52~xdMw|e{;F@?@ z87@N&k1Lu164(3ak-->9sk`ceten!e8!2(1`Y?Rp8qx@xFZYf~xdJ&7!qB#Jwnlpyd%@b^ndL@qfxiZ~qHWB2vC%ftYO zTRld{Pyjh04gF!9IsrJk2hWb2F21@LSzHAsLSj4xxjEnXW*LVM!2fums3JQHm|oEf#Pi-+@P-4?wm^YolYtkva%h8j*35IfP~9I83!) z@Vf}W3|z7|=F^1T8?Q-EfPeI;Lhnmjos2R&`1l@9;T(PD+@9lGzAO|@=l6)G9=F`N z>d%WpYYzD)n{^bQ>W$XlI#@cs&|2Dj6fjnU^tc)&Ne*x(Y-bbHAtXb^uf73npaO!8 zOm_roO%W}BMy_jkUIMkeywpWa{tNUN#-TB#>UsTw*a%8W;Iaw3WW~goLG0?3Y=$Bg zg4__$KB-A;j;csk0s*K{1kX+BLy8Mo@Jh2BPV`jx1LPpL22dLUbUTkf{?0)Mu%#R+ zUyj?1E%INz$cLgq01{1r>gb{k9;(XQckWQb26o|hofsJ+0+ZJOe86LrTQEEk#Xr)g zYBI!qH~pJDpfu(`!w*3+TM)ao+=9!q-43Sv^Xx*oH*e-?U?PUX52UO$evNKrDF^O@ zw7vph$qn4Z6P2d}Pp9l3`T4F~=V9@+bzOP$zMR+gTfQp2s{hsb<>=*xM`51*MuRem%5;zKhRe;m+B-SH zrf5BU(0zdkbOC)w^>Y;Eo2i{$DEb^suo2SAP|ywzVFXOgZQ3bmvlS@+y-|jeNiPsz zDxg1s%!rs!Jarx6skgu1W?@I9O7KAnclL4qNENbUKoW4`cu>6Y2D^|4V!MP0ePN{F z3=kgz-hbO_VO(P~0X z!C$(79^r+b&vW&RF%T7-bnY7%fb5u?G?o*smewrpeN)&c5Oa-z|mk@>Ug9}8C3g=h4b%BR>mjU%g zQ*k+j1Nh7or;VLbaHb&E!cYPdsT-j)@@KI-b@E+jCMFb7{yl|_4GJn+B*aIs<~I$l zq5}$}se?#!H4xVOyFB(E=D%&z0S>VVmapW~fEf6|fr*i6wdh7f3;!1{uEvjecyz#- zkxYBS>zW)+991QN+#jC{u+WRc zDgXdGJ06S757l(k`8-QYL6t__{KzVS&nMY4vAZr43=9}d0HNy#2D%IIP};~w3K_Ny z+~Mhq7dnxnt=T*fTWO7l<58hcxQSw{65}o*EtQA3nTo=Hn;t?4GL4)J?M1n^0fKD` zL*c6ja1%j$_9YNEJB>>XTI3U+{>gs1*S9tnp9BMf092{Oi-UAQL;Wa@nH=!AN4Y@- z#6Bmj7`ZcvzeKAGcK;8`)Q_K9pIx?G5YQwrXr%Eh)R`= zIY_g{$YK`y72My(&?uA271@ZAsEiGCX2OPzWip$X&`q+k# zd&7p+P)I_|z>3T14QX!9$k>TwHSY68PA)F%jbb1P=vPpqYT$*K5}$qD$A^lP=6I84 zxPo4~&q@Hp4~EYZx`mnK6>?orfe~v0G+z<^1N-cBi*b&>KOK=32OQ>yB99FZJP2nJ zSesk}I!|nS$hf5@@HP~0)H1kAZ~l5JjyWJ}NDM&4R6TJbUn6u~;0lVgS1txPb8BfTp>2pk?LOty>J=TG0hhv=fBB1<(_)S=KFW-3)qHiPRdP zRxtRzSFNoa(5h<1NP{6g42WvA;n>IoPB=L>&aSR$`aOVe&qPXj>g_?iA~TC9Cis7d z6Ba82E$PG7w?jkWspONJAiF$$(T&WWsgcXW&`EGkY*k< zkU>JZKrUrda7}4+N03tUNCY0f22Uj3y?Z%9u*(DF!Rw$wmImD>+;dWb)nI8sgF29+ zIL|@IKeMxB^ckL$ngUHl0wN8j zP;fwAWJTu9qV}csKGajz-OVWEg#wg>ZU;xl9Kf|7)3jEjFXuWw6td|M&}I4aKIFw? zsmSbMLMk(IOVPtNosNQ*T4wNYHSgY4BX%@F#gVT>^*;_-&T*#4p|_f?K4{#_9N1d< z{=gXQ2U5lbdpGE(7ztmys&IRqQCLc92UpW>(fdDlQw0>#3--lYpm%y(>f(}M z{X}_;B0oQu$aw(XUPc>C%MpD+*0jj*w-(CE%HEjIesIMRc&G(e=K-mK9(gRYbrud9 zDRWL)fZQQHzYTX$Ti5bm~n zpF6MOs%T19;|U%jrv8wxkX?k^v>eeNDvj5;*hy;?r9AvTC#LO^VE`0wbn0}Yd7=V# zPZSCe=nBMxUw9Y-K~gS3^Nijj4hq>o^nQoPafT*_Ksj)|UxnJ7xR-6;zWwhe5*vaH zI?ii(i7?GV)_Uy7RnuG}l(%98oqtHk8oVN-en&^(dZdL0Kq$0zE8^m+YRKR>+)SoW zJ7edDq$R4ueH_1lw78{*@K79vKG2eB9C%=@H#t(cI8%mw#{mL5D$1_nVlQQ1FUiX3zz)x*BnqigGBPh1_Y6tAci6Knfm@ke3v1WMS41 z5BB94e;pk5lQTdO>|yak#QwP9^E;Mu-ZS?uu|Lqdmhos#?JjL$_S_Eb;o{*Q#j{{dor3-h;YxPmdm{dp7BoKfjf@P`OLDX=3>_J_4&fY=mC_FtTcK=OzTz{S}CSfB|)cuR?C#vWx`SS9$BTXV0!g zP45sAQrW$?zph990i7(i;A{9^d>zB2)*->u6eCDyr z-ZD>5!jiz#T)o6|X@T^Z{n>U5d(sall^6Dv;F(WX?ZgKiL7p7nx=_(wQ*p-+Tl@xY zW4yXVClSvmlMa}rqao}XN)b{hAVP>rObcCnsL(eu#*|XWq;3 zcz3w9Nt@OMh6Or&Oj@vQn}Lz&zzLud`K{SAiH2}I094I|pTvx$YNVod?ZeZK z*vb0yLyu6#D#a9gN&?@!1!)@p0F5^!93-b97S2dQ{(w*lYVU~tW+~$~tvZ^oyj92{ z?kMsUh;%AGeq<%!F>(pMNEI#SypDxZ7d?MUtxQc{blF!H2ERmZcR0nY#R?I%$`g$p z=s&y!3^`vytVlgDD5&}K4S8O{$pr~1Db117B~LxzYC3lcl@wW5Fb#*03KP>*^w6uf zFi%7qg_coRqh7mlJu6u%Uv@+;P>v#ijOij$Eol4hFO`XMbnJN-_j~GW&jab6k$aAo zHZ}}Vs!8lRwSD%)Orxf*&KFR-zD}6DLeK3Fu98L~qn_`RPnejVecWq`efcktb+rlz z-hTmV|Np?Ye?OF;|NkRO_rL!KyAw|CEqbZxqr1~H-O|y)QN8G-AxNj+JMq;Y9~$z~ zrlr2Edw!&OS0;UriX-2L-3w})j><--H9bpZNR&VIv+WM2-m9jZHP_9){q96(!d4~r zZFKEshMYQSs{?Phc$Idn;NLWOMr-zaN4h-kHPb3?@u#UPedJ$@9mLCh;-1plIdl2j zl5WpauPq%d{UwcOGA&a@)4xYreSbBF zu4maWe^{$J;jGBReQulCE@tvI)SW&dEg?~1m)=@|eoaCmtX_QuVrA;}UK>LtmlqPA z$C$rSd-bkkbMS^wM^UO!(|#`>>u26)H8H?(|&#dX*w?uF*J13 z>7(ZHJS?c$Jd)y%g*UF{;qXs*6Oy*6?CO_CS*3E@PcE!N{i>jA}=OG78*0S4y z0V&FhbIkG+{UW^Kb#awklmTi00m7d+U9tTjht^b;&0mmWLP~2;=0* z)=s(_o86RPr6$P6@S{D4hKh>rc)nMpTm5y*%FQecD_Ax}^&EM<`})Ob%Fr{NoNBA! zxeCXRuECa(vll|reR$h|$gb;a5s%kOU@`z-R4yB+en?bj&kXW(E$skZ{FAmDbn+dKeHCN8^>Z! zWj4n5IDdYz!8gvDiMQ^U*!147`BO@Xw&A>u4c9dI{9iXQs-4VGnDn7d8>RC0NapEk zw_^X9IT-r!j8AsR8#TJH&A*u+ZPd$p(BD4K!Kt0*S9H86{bF5;y~j%?l&FS_Q!nx zY)$Q;dXaCBxWdT~<}&+oH||iFZ>bHOy!CzhoBn-QcPeXr>eou_VSP`wnANR#^6g-z z_VahQPCGmGgnf1MI33h5ME|Ibo9lL~@ur?NJ-_sNj9%_5qNS9Vf7-;_!wo_q;dFkh!} zjpmP~+Tp_wE}PA8UHTyr|6N~rr?L|RD{VoBz?;_Z<3G79Z?cIDJ1R1bWuEFCNJ~0q z{DgOOde`9}_Zbom(jFLHeMigLR?zc1^k+wBef692adPOC2kCB4`ArbJ;Suc9ixs# z8JF)rDv-UF)Z#Dmf_GUUVle(oVX{rm4f$3|!{U10#>UfChxZ)|UF&7WwC>$S_0SWY z5-XRbyT5&CpO0ucv+d!`&kjEbq${64-n6c}hvB5WtZd%7FY9_dITO@N9fif(OW6#5 zH=OV6fR)Mxg{K$J1<=q@KXrbqF**F@gjUk=ds*-qrq|!Iyb%qdPczT?Czgp;RvZc1 zbxD4C-HV*_jdH#Hy^lRhzA7I(xsrlwkh{ofOfh*48As!o{~Oa@?(Z?*o^&E6BT_7h z%J+uJkC)@RIX`q{TsH=~Ot6>Ne&tSI)MhVg*Nn9WoJ4bXad>rsst;TG!msb1f@ods zaB&Obn6Icz*v`K5zJH);__uH8 z4!XCqDq=^tW{!f3QFMKS$ghFeqNiS+Mj1vu{$r(^Zk&krJc@_Z968sVCEG8i>uv1e zF+O;CD=bs}>N6OF>FVurQ(D>fh|u*^*Eil?=3iBK)+t58nJdk`WW|im)M?@9m_PKb z9>Z)rPtIr_Y6yg6Wx!$Uqc6JR4M{@7ClB}(e{_Bw^UH0d@MTd3^CSO9I|B3^nbh6v zDQRmK*sk7n5^*Zn@GLrQ$u5_Fo#~nCo-Ze+EZnu->CM#U5>(1)U+x;=5$ux~)cnI3 zVz`~(Y(C;nc*7=7WdAwzdiy9trnIY0^{7mpGH*W_P*oVve&BRw@lFAncg78GCft%W z6C&OqsR++Y60=5#TAnQqd> zRfo-9G8_9p&0HVm?#O)I%>X4iPVI`9eL*^xi_z$ z>Hf6fWD{t9@$E_assdBm%&Zf#UmsWB7kT-|qe=rMl(cB-CsI8_pS8m9Jkf`=~3IAS@`j#%fw2e5-)j^9v<)EzXlZTQ4^CmrP+HT zcD1ZKtt`7PmGkN9rN3ZF>(%6f8yLVATFTbfZ%jYcbNSiMoM?!CaTuzMu2EV2$O|he zUdt`8!mF$q+a3Gyf^OLwv`HVG8s1!$%O!ioi}%m1pS&>S_F_yIixt&6Z9#w)5Q(UhOtKrb7k3vo2LarDzCofzt0&R zcQM+j_$JHR+c&;C4p)>nv9!Ios38AcUGs`#Wx0ZHSC{&F$+LeLxi}44(tX3)`TK`MMdk#;>b>7w@de zWiSga&f6=~v707Unz^iH*RwHkc3cBmZ_iR{PB6ZyWJ(B&omD;WxTUe~P;D?J;6z@l zq3-0;EXy&6t|rfol=9Ru_u_y;!?X>o{!ZqJJ~65VSRkly*4r(2Xr#iSx>*XE1qFM$1LrU{fTj4`CmJg@yNKP<%*>P6Y^d;gtS2m-bt=2mcz#WXv%Li^_BIuTK0@Vn>=*Ah^BnRS zb`@eCh+aAtRqcnA>Nf?PIM{su9{X?Rox_gWCG11o6`!lt4|VC(_063h{X!EuvqYV! z$`GW#i9uxI`DFvA3dQRe7pRgp8;RSeB<7Dyx4kx9CD2;=e5h6Y>5SmilCXt~a)~47 zWq}3L&UZxyje);!Ud{IyODIfsYole}B;yT4)U?4aokEG(?-jWIO(@$}q30g{CsVYF zvW6XvY(=Mkbfl`EH14ESS6Bb-BuUT#6XN*$iGCDRYi6~qJR1+Xa6`CN^+nR^(&(_| zb$`FemyM{i6)k!b4xKT=_GNG!v5|AU85CNX6ujZ-rExQd(GRILj>jh^_%MX)GEaX) zjBnoZwmPcvXX;xpKREJbd)=qDmiG3pmdD!wDfx}}RF_UnKQuH5i-`%YsX3Z$D{5{= zU?9)R_1L2QBKqHd#Vej0>hnXzUg4F`bDe)J{OE)451tzwj%*LTzbESihv>t~;Am;B z>@#_j6<`fo3MVf)IK1XL^P*J$s3z;z=OVK{!xIMtP8G~+eq5a8ky$NwEiX(`*~@|J zOW=c?8;2V?pNrf`>EzvdI3=IIDSPn7Ex`t3*Tjx}bML13KD_r=&gOl&$3BC0q`GAM zN5`?umKXd7Il2xcRe1c_Z*kCLMctes%R*V!hMNiI`fK-}-J`sEU*c>jyc;^5wmOJx zY$>Ft@;=&@9QUbL(b;uetv4xRNvWnLXZxeh<_iT&{M`~ytkq1<4cxSnZW*YG)nyt{ zDlzGtb9)_QU^sm7SaWQ5Rl-Qh&l08`(llXCV>~itUMdNRg}1MG^lpbg)Hg?Cd!%Dr5 zf<_~*if3Al%?DP7acY)73+r)qn&;fPVOl7+F7-ulkNur3VKWOm@FALky;n( zdym`y&*=@P9KV~j8+}eyom$}kA@Q(K%`Yy1{rlHbM*jv?I;Qq#Rva?28!A53G9Ywi zp2@E+Et_W3e-4NYmKEN^**aq#es|kS%>_0eebar}Vdt8a8*fBL?q28^wCOe-^vL^d z;{zHDbns95y&D70xB9++Zs@;m=1Y48bz|&7F^7(DY@4AWw*7X2V`h8z?|nR`bL8rm z9Oo|T4CAuruRQ_+LxA|N1R?OW+G`UShG3Cs>Bza4n4=2B^Bwm6mR^g2Vr*EU1L;hX*%sUjqSq0_aviup4!&jji%Ap>rZ}VRboI8?&x0v)x=rH`!91PZ-Sc%d{Rh znU>B9_BR-NYo&jrIdP`#rm~t>%cvrp)EOC>RNO=L#%C^@JFS*smSq-h+?*mgO3%G$ zEMC9b`aPe7xR2w6f{hoO!9gA2EuW;X?VLYS@bPHy_<{Eh4eO;0CsyQptWh+0#hr6h z$J%j2>I>@IuFH(=N9_)^=X9#DxvQvVP*G;Nc07<~3+$p*NO^QN@olNMn=w5h>Wr`FPWGMRZ}(Mj!5JL_*#qc`p=mWteIDT3)xw@7)cWsaZEk6jTJfZ4b&&K?mzO6 zS)5x*3FEl@6OJt<6ZuK3IsBAC&8ON`4kxs)S6=MZfAVer&09wwWZt!$El_4Iqpn*? z`>j#`I?D;Hh7wstal%cmYzY3dZu{`S1aXSice2o2@Prz`YZ_v;tgmR;P) z?s1OKK}6_P;jv|jQ7_MGNkQ5}^w+!X55SnJL!_=mO|RIoV&9K0#r86uYqo|(mFZgN zdyggVb?kPIw|uksJvd~vEp2ITN<^lsJ^3p0XV0^%+8TGhf084BIvaY#G<8va{*97W zs*26qnZ{khZ#c7X-|W=B*DkS5PIL{NhlCth6dRR-(XL}WXz#Lb-+fuD?VgYJt*%y5 z8gsvcHZtaWSu0+BtY^$DevqF3UFhvoyD|l>d$oiPndCZHHZcupzp0H)nzoU#8jpG? z&qOUq9&Wg~ocdO>a?StM+LeYw*|uSlCEFPL)-XttjI3EgV@;MJ#=g{u@M4lIV_#m8 zC0^NM@U}1{OPZ{c$kJet!8=(BDIu~ncHiB%9^cRJIKJn2{yzWi`+CmnT&@eImAr7S zO)|^Wq50D~tuit{xWWL7dm2M~B_|tGH6?Oia&as=hSJFFIcKk;VOO7j8-s0GI`X${%jXAS|^#`&J_JE!F(PAN!^7Ph9%0_23HacIRW-km`ih5nQ#Q$tO zV%b^`bah?gPA-J?@IL0Arude;Zk?;42>lcD{KFan^X-}ys7C98_{sfE!~9pOqnyES zo0Wps^aG$wB|4A;)sz^$mB`AlZh`W&%r6K;;yva<}W)mz}|=yNK{y5 zW%Bd3{eE%JeNUHsCH;3~VJdr#h1!B6?q~e1$IXED!3jN15nz-&3jag?iMHN5K?oR` z`q*0|-`3x0TTN|SNnt4@4pq&eLR<(7IVc@_PC6FHHn!FBraXjo6d%E?=#EHqm=Vt9 zY8Gnh|Il^IERKQqs@niVV1XsArw>+=%@nhx_4FhF%gF}e=&UK$Mm;O6aw^aZ z{hmbGv`-lWaw;&RDC8G8zn+{dpV)FI!H!EyORM@#yI@Ly#YNHe6>1*XuD67w-gKV7 zbC06kW)eyl-Hsxw@6W{Vd_A(007Ip6e49v+E*Dtsmx$KMQ29~KjZ1Wqyo zTHC>ygd4f$9e6)8v!zw}7nB6*SUJVs9S+y!K5Z%9*%7P%+r%po;5r3kl+Qthgy?QH z7C_bgKwN#j@j_MAXN1k0@^E z6uk9(otfBAR>J6DYV=z&dvv)Ytz+L))2BCTS9n3KeTZ}2RnNrO7MmrVMXtAjMtMLV z?jd4Pa`M!l%CH$Ev&KLXgpVl5bFa%3a?yFd9@_Gxli>D?Q?VoX|D`IHhP$oUcF+B` z3N$qMlrjcc8n{RJkSCNiE(xk~Ws%pU&+Kfr7M3y z1uP>Ln65rdML!#=y*0->^S~K?kXuOBSGj0D$IkL4LaqIkkt}}!|7`S#7+hf$mLEdC^!R4Oj`d?lANq6)7>-o zrs;M*(E~nK_LQg;TbT|Jk4U z5{5Wq>>;l1n|FzpAUAf$7xo8Y)xh%n3CG2T(_umVke36j4}6^|(uxK%FWD9L8%rND zFtAu&HoRmDVu4RYw8r8}>`r+alY9%Zq2VWe=oC) z_=rk;hL4f$H+3#FSMzLN$J@_1#T@%q=Uh;I!=4TrUB}=*4iXBwa9q&c;NI7d2b{zIKt|psva>AlwaJ4Ow)}AzZ zsxIWDmT+{mANFA39H^}wlat~=Y1Mz4v67jUWxZTqRt5*_QT&C^Uw_oy3Y8|A04P}F z+GMk=1qQdK0>3I|dksqPfglZrs~4+0w}>;`CdOVYimte=t{VrtjT5hYIGX8S86We$ z3fYnmS+bZg^(`nPbexf2Ge3gW?3Km0Q!AiYq72L zMRL%{59}11?SU7w{L5YL_11U{e_govqrm-#h>Od|V5|81-!Mn9I;WX z38Upga%BF}z5#fFOEUb@-zNf1Ay)&>@qN<}rnWnCQQi_WkM_?Pb}#g%#KeBwS&^hr zm&aRd=w~WM5A5>fM68KWoi9|$^sE-I(q=mT=Dwetr{f}z7+QZnrO~wgB|YIev391X z!++jb)p1LBWb{IEdVdx)O6)$pk{;zh?!~{ZVxyXI!&MX>>(}lyj_9_$qo(`k zxGdG0D{^~zfw2olk8Po&<$@aEBUBT#iyW**tOF4NP>VM}EvZsuv%9yb#zuoyT-=G3 z5h^mQD~Nh?pXVge@nBabhf$yV5#(Khg;fNWWqnfNS83^LAd&3EzYP6gy%4<5h&uLH z9X%^-fsSkuIb-fv^WjE%r(2$YM110HXVB4lmTfEzXmK&1OmAnwpoy$Y#)8@(%hbUi z ztX}`3IiSvglMWPoN!15^UVt@`ytzc1pS59LM2wIl+r}$Bm<}ie$)(F|o|>z=75RWf zEVEE!J1*rZn}|f2+j|21#lo!yw}@J|JjbDX{8*N-@lQ2)-a>nx;GekM9C)QiLiN{= zHld8`>W0lpO0`woj%cU4b7li%HNWP@XH{-H%1)RSTI_j@kb&0!dyHT!|8A6f-s-(dVz(folpE*0P)6K-iVqMO^={gaWeH0HFMTJ+#+} ze@~VCGiky6KO`;wKOg=+)Zd?G^6%gWfFT7#lat5Hwf>Xw7;f2(L0e$Qf5!Nd7{GJc L$kMO|=@I`oCs&7T literal 192060 zcmce;bySsW^fihNA|WU!DTss;(j9J4x>1mn?(Q~Flt#K6q+1$9x?4)RVbk4ral-Sv zG48nc`{Ucg;bG&B=Y5{F=9+V^^`0*>QonH0q?qv(()@L_RI6a;OCf7Yi(fM4MJaviBXQOmnt??qzcrbGb<?4`UlX>rY z)ZFJoK~%F_w_i-ZAHIJ-0++`pk5h}`(pw3^@Q59%I2!lOxa5tlxm0S0j2zM0V=tYr zHfEjYWvu5aOuch`j1qy*aKx_E1xENGC#s6t-(2$!n)j3{{LF92--2*_)6cT4gFG;t zw|4z-*SK%NQ^LBSIWB1eQ3eCkr

ch{}`v;f# zvETFD!oG%lhn{yu3Z;cjJdejX@t$2Oh45ps+j@*j&Azx#IkaLsOg>d*^IC0DuC4b6 zIuP7{O5hFcFV z-;BRR7k|U&Eoa_~E$i!RKL}emP(9v@VBf&ILW2GN)`M$pKg9AdXFnkFFpwy7@i+<} z1ShFEFbQf6El5-^4+>B%UdMXIa1Vu{7S#c(@d4`3XF8v68a_J;K-0N4EGW^8yY&GP zZ$XVI<{|fhk;3y8f-oNO?cQV0y=Sc5UEMT`JT}*s->(U}c4O~cKf0Cl21nw9t){#K zX1m90i>E|r4DaP9Q!MDCZ`{APbJ*F2ov_D$bSv<`Tzthen!Iyf+8pRsN`gWi1{U4Q0TKP6v_kUd@ z{Ontos-^gbU3>q{N=^`j6pv8FCNa@Svt3p7^qHpMAe3J#8WrekZmEV}L=%lE($g7B; zn8Y}#n64P#fT3?Z(^b~l0naq_n07qt{p%)u-tKp{w6;HOUo9%Es1DvA80f?34q065 zt%~Q)5+2|ghTA6*o^Yb4a%#ysb9Kv(nKp-ZpbtD-RtvB z^-cYt7pX^7s9LC8C_JxY&9I#^|8m}*HV;q2o5h;{k|#$Q?6xJJu=m3MtI!__JrPwkl>Ae!OawDy`W>N?b0(TOsvnAl5* ziBt<1bE?p*VBZVf<2k;0%#EpY!`+h=QxY?mIGgC2pEL0~r)TvR?a?xFn$|YQ zn#79HPSj?2wYM&ru`WC+B20}jhcCxiRl35>%G$2YihFI(v!d8J@>p}fwoK3Zn)QCy z>i*N6Nhjp?;;xPZrPJBs@QUta!*0fw)3WJo$3EZWX|!&wm@ctq)mHv);8FC>;SW3Q zT&XRVK5lqbM&8&YRB&~zjZAkx_dRjzpnjf=%>?il!^x? z&l=wAPuWd9sT+Ox?Y1~Mrf{YI&X?Z=hfiC1#7G7RB)>>~&iQhNJwqr@)JMooW%m+U z%(2QLt18b!&&PEpaI%P~`N)ljNx|`Gmg={f&Ub^u#3$ax_-PD$g&qYS6|+L*l#G;{ z7Ss4<)Focrk@cb@F)Tl|x9zsnx2g^woshlrj91#=8GcyC;rO)Sp{{dlK)1NkVF?4*(n)&}eVD1fX-&z4`jgB!%u-(l>J6vAOH{SbMX2FC5v@+PPao|i78g#g z?Y+Vz@?GRt@N+?eloc!ML;J02lP;te(!VV+EJi7(T($DV$xpX4HF}}!tc*WfAa^p` zK+Q1EYOJ;TW!B5%SAv;AuS#+lm4iz3-kAOv5nTDa()(*n$-JW4;j{vSkuY-GX8YIt zt~>sQnrXFFHA{_t(s5(!de4M+_4?3kp5b7s`L&bxnIFG@O!=t6w#}w-TD#_1K-ySB zVZJo9Txq+`hGg6PUh!Q0xu@4lZ)@-4lCIHlnV-}&)Q%%X6<%_ak-D~@1<}@a}Sm;*xQf!mOJNCC8X_>oR3eQ?i}Zm>hRxlF5SC5FI%e}(v%`? z6RU8lx2fWqYrP)9H&MMJ{V)Lls zx7%aaLnham2DZ=B8*94WkY5qr*guSWlt_4LY#bK=WcP|SLR0}26?Jq*$I4LOE z$Z6U?u&^@MGc?hCVB=_^`{0?33?m8(YQ&6~bcZ-ytHdj6>Q?EtcF{RGlq=e}^tj@< z;z>eRu3SOCg8G!@=~K3=Utb7(=TxBXLAe$l9+h$_q3m@*1kLBJYbes?cMS;XhI~*^ z9-xQ{JyURqMvmF5$}67V*a&*6`}|VLRebSF*RIO`_6nI&zg66Mv(w1H{nAnVn&j~N^?pS-RFVBAD~eEBjZHFwLp|Mrek+*1jGhUJCRWm5KqSm!m-JTX4b zLlQqbZpjN$|Ib4JmCR#w1oz*kC@62SQ00K)|NC&jNQW!^_fh$&|K7hpqoAk@8r}Nu zSuPpt^*_(v4h9fh`Sa|Dv54=bKhGvv8-B&2xWt!!^7Fcm8BHJRfo&<8I&1izdagA2 zx6RJ4?F_OD~{n~V0)kO^ck3#Xt5{1vr!5@p-Ojb zS<*T@oBtoXhJNt|Y|*vdBi}f8zOKQ2{@u}rvO!}%$q=5Z{k4T_f0q9DXJd-}!ZO|`Ij`!+s0 zI=YIb)_*VOBV#?w+i<9ib2}R7>EWcLEH5uVsv57DPf-wbbUgfg`(YTZTFyjOg;&8% z&${%SoSgJ@NAG=;j)niC1>>2~iRR%}+W<+dczb($W@e_gR-%eM)1yaSNl8grS=Tu@ zIHaOk9Bbb{*T^|C8Yx;j8mlliGSbyaE;+#??ce_IA`zdpjHM@ICN~}EbIhdtI#c!L zc}N)G!MWsSBcZU7|KOcK_ei0!n7UhRf35SI@m!6G>Qr9mo&NQ4K}E&1qN1G!Z~V*e zCfCNer!*HDUD;B_!*Z_N7{Mf9X}0U0tag>;<#l#;qQ^jsD6*_O^28!7n*Ei%d9|L_*S~!`(c3E*#ePS)B4&OxMm3X}nVH{(;&a!+Apaw5)auh; z$4WAj$8jM@qL^qjGWgnXyb3ZwV&Z5HBEQ_+!O<%GxGs&Ik4=fsy+eY736R*h#J02? zpHIDf30R#{y+?}-`_RawgsE3KdB$R_^rtiT z$*HMTy{Y|OQ&$(s82LMWGnl5&#MD$5sj8q_xqE&x7x!{|^YEnEn30D>n)=S#c=1Cn zN@Z$ngG~oLJv|Z<@!g#rR5Fzl_QPXyr?^5RG6se?^GX*jtwbsxdl&Dz&TvNSu_NEr zQTuqTYnPv?k0+f}R^GrO-C63hZ@=f9x=?Ja$cyJLtFYrFU3rFw$8CpXV`C%pXph@> zME~#~h8eJ7dRntGwYImbW>h66{&afVP^f>+3X9s@h{%cUcc= zr`_s^?|tp{H9qIXyeW?Wdp3J9Kos%hcA<5n_LWXJu*o&;vPMoaCk>fx5Z7OTgE@ zHgWfU4Z6BIpM*|jgL_cbsYrTrIJVrYS9a6&aY2;68v8T*3>wuYqu*BtnyK|PnaC&} zK0Nh)j(!t8?l$6;d+~ggB*~vO3_0yA_AI8y@xL3 zYj$_ZJbZ{ajat6yN;oeLTg;=4VBB|_6~T6WKg@Zt?4d_#!(EC-Unla^BaqQ2uuSBq zTOpBANcKNP@IWafG?dLLBRTp0mB-)TFp-ic$b3slX&CGa%ddfpXg`F{t5Ajo>9f;6 zy@^VO%yd9Lv z;if~;8`NW(((*EHE>4vl_LL{pDX|PM&pm(6Y%Yqs(ozSU+UV5$DMLS+mghSNA3b`+ z#l^KN9fQt2>T_vM-Bwg_;k$|I}%2hX1sGrL_$E_6wAZNoukH4$T1n}lRcGn zG~8&tE<16(kNqA2v&qM}lpK=blXqNbKVu`PM9)>e_dmSASk5ol)3b}eCl3UXpL#Qs zy=+TMPuSH?UAxwf6eXiMI3FK1zQ5)T2RT-BxGVK(q3is#Zr>PN}mWt9m^X!PWgc z&n;}N_qVnJ%RR=aDJhk62>*bw3(?~zPX=A8lxgwAi`U1CnaTL7?_X(+As{`OvCx!F z_c_$ze_4rbAQsBK62U5<9blyjny;cYAv@ z4g1vGoVJnC3)BeS(T)js+|}q{n~4ecz75R}Vf4EOjS8!uZr#24@$`6itjbtl!bZVi zh%?rR4W`sqwD&AjZ;iMMavIMoVUr z=?_n~9dBTgkb6*2QmB?%RBJa$J$&J#(@DaOr=+4Hj(VS?JJfYxAXBlmtqqNAhUiSc zkdK*pds6#Zo#!xP?rMJgkFg57Zcg^Sf`h}uZHLN}lM}QV;)p>Cnx!+q3un7^au1i8 zxrZ;E-j9Di739IYBQmJLZu#(EjCt$-LZsO+ETRvp*HRq-uzAhy8N|Z8FQvUvR?^rH zu7wxe>_yZ^F|dNDr{j$L{BhXR%kw0TbXhn? zOgEgw?#WVD6Bv{Cj^Of6O_~Pa(&(7RL&nvbfv8Pv7p1T*Qt5?ghXORB({1|6E{o>!t zMj?%83uC~@FJxs|)EpTs_5U)prp7(tBKdGO$GB3vX-}oZtaYgDTdBzSrV2gHlH0kP zD=$x&g9GhAU*F93A&?jzo-jDw@SWC(uC28fAOOQQy6$oxs|4MQdt zmYZCA`u-&6bWfj}kH0^1t#qy4-8msgMiY%rx5N;fS5Q0}lNKvqUs;)3o?ly7$W2Kp zww#%-tgPI~vsUIIArlf8Ux{+6$P}I09QjI_)IOgu;H5&%gCs&5YM9w1icx1^*K3vU z$4Z?s8%w+a>y@9m^y`-gHvPVB&sT5!t~gHX$T4AQe`!=2S{F)N(}hkoR5FC-cBZL} zviW1`TG~J}i*%-cBkM<+AZ%-WOW#ZEwZ|Y4eK#Hf@w?Fg*ScyPeY(_Y*2 zMJ+iof9sA%08rA|xw*|l7a)P@kFgyc9j{;iM9gicrF?SAp3mK#iAuIB9(;>{kgpJUQ*XVxahX!129MKr znFV;Xsp*ZeO2-d|HCBgP^ ztlRQ_dutn&jE7{s?ze|8UiyRcJE;bVJlAY@7N?#l(&HlV=#SoyoegSGSy@@3l4aH? zGs6-`h7tsuBIt8Gv2FlV1K=Br3(+7bz+FtG~;dS{!-EW&wsOMkV$*Uc6}3aIN}8vOYR$p@v@O;py3PMOonW zP5-8(uKax6{(pB7CC;xfA)&yY&w9QH88eq7vq=Vo6AN`{ZoS4(T<|#+5Cb*jl;~Lt zk#=Gd#1-faHnZPExWtc&nZlZ8%1X;uhpW6V0`R^6HF!q1r-Va75*ln1Hx|^juUTtLA1-WP zyEedbec7@PaJr7#snQDK&9=IzGk;R-m~TW2dYjoiFr!Tk9Lh?xa{4u zyA*TP$E78LU1$9tv!>3WS5~^Hs*TyNj|WBv-@(Q0nAwz&?10}aZNafMC&!70IeC2g z1cL0qV>U&cS4%tb+T}}eU8E-L^=)loT?^J1TUo6-me0n4{T4s|SSpPrno*o#O> zDSz(|5> z(LVlsBp%uk$*TVYWyP0pP@~!=y}aBD+v?cv_v)x6hB~X&>^BADPytZ~3CQ8972gW{KjK9|+(jXsk&J?p%Lu3?EJZJMK2=Yz{pJM7a)3`_^qaxU z?zGfTDY<}M4VpE}D389w#=*sPMJmNBEF=R5Z{#j7FRLgo@6+6d#}*05@kHm++lWy5 z-R3su*=06w%)7X_#JI%8&ihjD1h65tZiPe#3!M$?NPBI>#r`~3qvdf9%?u06&5Yt! zJ3qE}Q0mSX*!wyP)v;*ulMHom6>=R|M`&0W!|Q_fp`qF4z8j~t4UO+Jy1}Vs0K~~%J9xfta1@Z9V%p>tI*mKV@C1vF!M)*oprr? zW_fuT$U|kNFjQ5W3Z6g6c2Ej7m_3j``kXZ|NE~=b#_XgwYOV$TSry9cR{rXzeNoK} zIc&rkCYDNh|CPZ19NHpmxf%ETixPTx$k-$Mtm!huw6ZhTpKsV;6!>^CjY|_|RunLsKMj+78@z?&g~j|GTD1?Tv}u1f@qe>5}8)-||2I z_xC8ImzLo7Hn%$J=Bxt$^R`{CCL8yVAAFbxZ}#8UZdm@n)Z4I|#QI|}|7d!aUrdEU ziiYX=Ve*fIKKbx%apV8xb?=Vn>Hqy4*q;`G|2`H4<^PAp{=c}(|8I`|9Tls5a3W6* zx54gp-M~bVf ztFcIU4mO)ePft%*mY3a*S4-|Q>lL}^4By4a=Xczibshi1eo!W_^h6goc6N4-kB_&u zwt`S^YNDc|(r*i;OHED9RLsr!_RXNhq|uLf1&KV_?&803<3?ZTHuw)4byym1hjXi= zCDv9}%1j)B7ZFE}^Mzm~&;9(Y#OjY2MtSQ_eE5sNy6iVY&B<29dbK=oqmGUkcJo-^ z@!-IQ(yJZqgB^hA@9$S;B7`e>|NcELl~f*~{p!eb)CfLTF0xrqQn!N{fBqqT{r2$N z#KaxH?dRJgsH9_kzI@@dp1R<>FeG`qJXy9h8)Moza|(jEs?ykrJMy;ZIJaJydv10nX0;o*9;1EyJ^@-F9U;u2^{0)vH&1NO+H;%&W;fV26`aQ+r?EM$ppI8W|ad zdxnOFqM@N}RsV-8DA`iK`js>^&L?X>eE)_TK3>oh(<7j?lmp0^&+ls2W4F_z z=R!i*h!JqCocEAb&ig>ync3KY^i@53_6$k98XO$#;_BMh*9T=8`X%P$m4@c#UD3rQ zB{eonI6+R#p$r;s3!TIo8W+da-Q8`w@{5y`({}B51oqc}fbJT1cf{v{f`Tt!L`6hU zUB9KL4;Sip9UM56#qyz`xV)#p`EmiMum8!{6RZfi8IbM7JPrZSQ~32ON2P@R=~D{` z5M*-*c4AtZ{l?_8KoJ&LNRvNlW=6)*;i03GlU3Q)-CBdA4r@?hU?WAS_}^zvEhu2( z;)=x9($q}&_Duv==P?`GcjLhviThqiBoh8{-b6^qqqx`>s398Jr%#{2S8=5St$gd& zEqe9J=Az$~j`HMz_Xr4Z5I8tEU{WWfr0DADy?Xg_cTmGUB0L1kFcv#sdg#*^yvk}K_shjz1AjxkFAZ(vVC87_rb-dKz@{2FPM#2 zI{tWjDbD@OQAtTjT|Ji8o`#O@u6KjY{oLTr7;Ye?Ju{y_fBu3?wRLz>S;^zTNQlBNJlj#7-`>)Gis;k|nl6cjr8`ZZ3wtq_+#f0A=^M~&Zsek_?dwZw6^ z`_I3xj1Ln66oAbbX`-i>+JB@#Gt=nH%*aUQLBwVAt*A($F{%@;7Jli04OXh1Uh_Rh zt@;E(&*c(*eSLo-PPxX4N?Q$=&4!W*H*r+xmN7ubhpz3>ix)4Dy16EBuxYixJr9w? zg>e42}2=g ztiXc@9u7`UVhzQx9@7oGyLaybUhVDerAfy@K1m1(37xWUgQ<+YHELc1N<3&xT}}>x z>Ug*{_u&TC(f+!*fq@7&?5HvvqmoiQ4|MZHG|!)CYieqmnwq|O6Q7+ei3&&C(b`(> zdd#-nV1~O{bf4&W=es;JJryFC)cX`gaOcSaiphUyG&JC=Knhj5CFM*1B(R0 zJh#^W;iBY?TleB~b8CzT=@B9>E+>mUNxr_m{>0pr+dK@dpKRZx~ukCFT|AeRYgdszCT@FO-=3L!-vMk#)jIWqAd`;uX0p}Ay+Hx*R9HauZ>mgFZDGw zHKpZ`J{J~NR8%}ZIN)(TVtMo^rIrs6<>F7OWE43$Idm%rQpCd`^Ua6yrVh6kJOU05 z4uAnDC@3VSrS*BTs7s587#wD9eic zNcr9Nki)LWdmuaD?Uhi;;4A>sUn(eo?1(Uf{!YRTfI+SN0{|vgHnz3ygb!fXf~0`N zeDh{f!~OKp`VQpUP>?3|lPB(*4fr!n{!l8oJ?mOJI(VUiKv`eBtgfOm3jctM*jt~d zF&pEuYa6d}W;YoUKt)4Ey~ppyLsma9FfcaedayB7TwE+GD?8!3Pb@Dv*xG6YF$ha^ zJv%vs{c6z4?`IiTDoo7C@KQT`+qDoC5pf#<1TXw@CT^>DL3r^TNa=c0Te`YTI<0z zN=ab`rLup^$au`fH8MV4U3-(VKU<}QhnE+hPI+g{e&RL)ATu#BF`WF~&O%^tu#mWs zj*bo-VkJaWX=!O0!;iG*va&s(!ZR$lW?Rnp-OmRfZ)+0rIu%t^aPwl`x+Mfmx}#2A z_qPrBlGN0+kT2Z{f*(JAMB3T8Ncca(5w*1~mZ46z4T{w4j(_HjM+bm@JmpEMQ#lJf z?aAZEBalklYeNXwUwa#yWDSH<+#p-Wj~_ppn)IRkBc)6K3IG8+K0ZDY5|Z}19JPwh zSl-dvTFvSDFOnW6aC|^6JudPZ$Pw`3TKG+CtC*VFDP)h8WV~919rR}2kj&4`>FVo0 zp`p2U{rbqz(9=~20(byaKtO80D!>`u%Yz06znW=wdOD}&v=E}%>+Ta&GD=EHpbi-s z86E-jYUK{j&iu}M5;-k{?CxhS^kL$t!$8{#Zy3rNozRO=07bZXP#%45m_CwyI51Sq zvYovS;F==KJ38MHHHejeH|2NrP@dW8u9!H?{1t;g% zQ8vuU0!36+Rmbn$msh2?hZnqi_iiWdu+f5p2txiM>glqfv=qAQ2Hrlc2e-){-ui_X z`|qMQPWP9~~Xhzb+8c&~S&eF1lRzO*V;y z&qajcj&}nv@@k8z%XAh!z@C8G7#SMUsg}x&_m@HqK|W8ZfWCaCV_|0IlaABr>FHNl zO0dlD<`ZUshLE|-%dOQPX=z>=87==VvxZcpS1pBJ!OHAxkYJTskylm z753(P<|L9Qc#uXT*(&Ug3#r-JrdnDTtOd~woN}&;=&wDP%)ZBIMRCff`{vCXEiEla z$FiCle!5GHz#%BER@ch=H`m^Yyl+^BwT(`5oG?H1;_K}&r1M;tY$@ErbD3%i8Pt_Ur81XB7vj? z1O$YzS?*r~96=;lz~lw;Y;A2#qSy({3XgeeTc9&)Wg5 zmrs+rjo`9FmV!nGBo8?=dc^w9a;6dEK9i85;y%>ai;c2fzO$_o7#kZK6{P}oR=wKA zadm_>eF&=I*w|PV2uZDc4l=SSSkseNS#L5VSa=IyNGK{Q3Q$al97ukt>+yFa1NUDM zCDPN=lW=1P<1$$?yeK(28G14xa!f~x(zCKmHV{xKfOqtKESCcq1w%?FPEbO^2R=+8 z>HBv!UTSLUfJicCeHzK+0dT2y-d>;fz=q4ZcI}#^q$EPb(2%C^nueQOb$>B=;OAFO zt`DzW``E>Q9(}?4i0|E_ZhPb#$iO-d#i91Yjir1ca!ohAhK7bZPb_`)F!;XEb~L`* zQc_Z&0(UrQXbd5{C5(`>vlnpRa^@%k&o3A{l%hgHm@_N6^YKG&E-tf)>X_5PXBVX({y-W8J`@JtDjCD|a-8wfr1nog8jM@FW~-vaPf|=QF%3os)>c>56cp|d5vjg<^$VygFE4L;8}Jn# z9v&dYRl03>sj<00>)@;`EG$6o0~dpzH8shIzXSSYzRDJpmY%3`E-5J3f|v&(S95-L z{PpYC-@kuDFBBISH*%)L zf%6BsfQ^8(8q9kA@Xk&5^V9wEaxP(E;dy*MBM3_;Cnxu_Lw!(NFf7wwoh9ibkvlLr z$PcAKQ*-LayDKRWi5uaSa1&^^8EQVUsA%8t(3GhDqkP?Y-{il;G)p+ z>6>@yx>8{5+0|W&%AL*TB_F(*+{QZqgw*Ie2+_`4X~&BbAzx^8CdM5>6`**RsgS5k(ExhQFEuLn=Q2GfB8?sCjwS9$@~IGhX9n4Xz2A1g1mU3mp*0Y`B}#LUFBxNb*;+0@;=(Himu+=sNT z=Aj`DcJ`8t46$XJo#g>zpccTqf%%9^NNHRMZeDP^+%oz!ZA%0+vh6>lA!S8%YwO?hF(TDj+yhBmh)UgbHf5{>uCZbMWOm zzWx;z6(E|S2)ekqEHZ3da76~G5Tz(NIe^Tw@kIb`BJ zI9kcA074GT_QKMLU?%f$WO!=O9nWSuvbea|9>=dSUQyrJh=Ty+P*qbyBLiKLrgD-` zr6^GT| zg~$``ssLGPvw5T6DhUF{FC^qHFCOYuKrL3NO>AuH`C8Yub+2M!`2(qEbtnV(M}(r> zV(KUGUa1(a-RTB&u$#EKx$RQI0|Kxs+`E11nwvi#&Mq|i5`wWaKR*vA4^tfzKsqtO z6g)Y!9@fA>IVfdycJ8t-VfYpk69dagw}iUo;!+8i3L2112v}uv^CIveUsvnTO*4+p z&Y9`yroT(`^YQ{*Gg4DO5!c{>MNq0LDw+;WBM?}6e2VlmG%fAzEKE#^SP&Ed7}?3m z^$Xhr{rzWW$Lo-~f`WpG&-wY5%F4>8hT#zrq7*oGbn*4|LSKXsVYXno97ABV_r3+7 z^zgWvst@%5ejK6$yEMdd7IxrEgO=SnjF7M%ApT;VZ)u_a?IVW;QF{gkpj~EzK>P$& zgGL5iWunLscNLeER2mD4QAAXfxHSdk056!Ipbdb=4S!{--UWd1!IL3=`bGfCp@|9d z?WHTIWWd-VSUm!M{zM!#*8ceM7BAPhF_amcOLVnIg;2o4p@*|*Q10>VJ`CJ0zS0Cz zk$dji0phn2^jT9AGvO%oap4DXIvlOakFDJ(9Z#Wh((l)hD%UqO^ju~HE&(+)#W(4N zFNlk;DKFTLGiwRiOiF=U@PgTKpT{B3+Z&zCqiqfbLO&cCe$Tl=G;?*z>_F;2#GgQ=8+pwY{7I@qF z$pSwt00at{TaOtS&H)yp7^gm>CmKY_*aT;|^8gCulPBKv^B0q- zR#vb$rM?+Jiyh=}kRu2}g&Q|+%qLV=^I4l18V*mQl97>h3^_7@%QbxIs~Jkj*RK~2 zLRMB5SQLW{Dwrs7rCC|Dj`G@$=ahl2Pey#6PKuP;n&x{n{e@lkcwJOtUf?7 z3Ti&kKc~ezhGyI0VLst=@*ZiR;egwWbaGJ+q_E-O(MU>A0?5|3JO%OvoIH7)EB`JY z9=&qW=P`2D$pY}w=u{fbHa9i`2xfuVA>)0p3!rN5)qxLl3Y`FRt=N9Rb3pImpbU~%!}tyrQ!SKJ z{5I-UVLzgTiSP#=z^8pri9PD;>%q7VJU!J#Ie=Vj$Vb1?M$X9@(X47x1?6hb7Za>n zSTxY7Ms*W$?+wT#FmtJynfqYGhJqqFf42>vUNu03f}Wlp0{!Plbn{AWu-c@gIsrYT z;`k)J6(9n@#C`Gnc@Jh$k>!Q0Z?lA`Vfq>y%LmmCVhdD(UAof?80IZ3v<4PTK#RQz zx(LJp*a5wBT|}5bt@+xAp@k2r0Io*dVI-ma(xUIfK4V`WA0{Ry1Ml?oB|?qA8$)m1 z@sk_7Zw|3~gMk>qzA6W)4PUthL*pe@eT{ox5*rvJH9-ORlki4@lXohea}cQu+WsuqpAytUEh9$wq2wl@7ABc+g$9;)sSuQO#yG+$eFhoSFM7TiF)8 zLGarEEPwU)=kc>jNJ_@=I)7K9O`R*TvbKg~hIkEMPZDVX#}dF6I&ZtXyHH-AlLzMH zn1L+?w-|YQd4bRM!k3^JN+GlvMn*;;C-W7h)1db2=(I<%ON)zVe*4zk+Un&t=0i_! z<}_ObI%;PJIz?c_q~+yVO#XQ1>l*eqL7bdGPiL$&2Q>r@xq_Wp3yvTv>2V;yxUPVk zLs-N_MBoL^MfxK{1X4Z=B?2)a0;<-vKuAcqedr=D-v=x0A?AU*31BLzAG%^Gjvuc4 zXriK~UWB$)z#~*V?*?!`7A!b?=~z-%alU{&QKr7rTHP9s&1BI100f3!AVX4oJVe0_ z8-{MEsgPZgkt~L=$#4%cz$+-5T~9dGuObxSb>oG#=`Pe@034qJd7_exEP@77ph$3F zpyhNu+FtuouNnbfkozlA6(uF`{Mgy%K}Epi)F;3`z4ma}Fks~%g8RgXA+<-!Z8M{y zF8mMJf8ckvo6`;X+D%M@YeV^UAj29OAmhQ!KZ6bectnXMW==Zu%D_A@J%b`6FESpC z4EEEVzr*oNjl)Kt_bnb649w2VN0dXu!*G2q945es!Wp#}H@D{6BBt;D?b%}TRzuN~ zA8`O%4=Ug{en=tLtCwrx02b>YPbf=Did z6l+vEK(p2n%tpAp3q}WWKQZw=Hnbp_FFJUS%gv#E-Y{ix;r0R!0-0rhl|c@=?dj8} z?CkiAn-zM{TFA;$m63t4e`93C1)Ja9EhF^Le8C;)?dJkP1%o-<(|2{8!+FmH^2Lb< zcu%VQ4CqkciVzamh*H(HWoTUGs;jB1=VWF5R-)5>4SfWrCSoodR7}j&CJ6BhryGq7 z{J9iod1%@E?TEl)?7FR?0iicRjKW8Wthop_vM8O zb}TCEezMuLyD~Ue{t(5*g@XvQ&?SWU5*SnvY|hA#Y>7u+M~;jIGxlVF=JfPA#rl6o z@WwlY(XI6Xkg(x1(3k=+W*b_C^?*&WQwoO)#{Mq5nU*u82`pw6iG*oGEvWE-7%yKA z0AxU08nUjbu~EI;Ml@$E5tWQQu(_kd6dJe>h5eAdDc)bd;v6F(Bp|y$3enQh!N6V- znA1f?;AGxJN5{p%IfHIHA-h?#EjRG>o`dif_XtlG4n2H^7j*yJ=wo0T{oEU`c#mjO zJ3cAt;W3Fl3QF7^JxRtwPLhg1vJm3Jf5-X9sj@EaRCFjAGWHsN;qg#}5I}NZ4}9%8?-< z7hQAc+NLsR5MKG~iv^7TdizEvW1uBS1xPYbbi?`=%^iR?fX%eDG@x4x^Yb`YoBm#E zx06f)(96j&Eplz(hCq|q;1oV5=ePPMf8t9;qb~*`{DB-wg%0CY`98E`Kb!F{QS!o7Y?oE zBi{_0Gx84lx#kmPC4bIx;jdk-Y4M!wRHy{TEz7aFwtB%<2fVu`;v% z>g%(%umHva6@)x+akUfe;){OdNcIS6dL8ZT?n0*utaw4aFP6BveqbYl45nOXngZ() zT!dy@c=^S{g?v`Zw@h^{{@Dkp|EOdzz0#8i?FU(K2Fxv`zyRp#k`@+T;6Fdaavlrv z_3ePm1%4bAC=aybXmh3sNQJp&EPPY}EC%jc+fvun()t<^k^XJyM@|1OuFl^Urla^v z77w3vBimxZbG^pyqmenb_F& zfYw7>E4w`%qzl|=6q^)2;rSYYogjy4S( zuT@GTP(D)F}*c*v!VvLLPp58A(~XOx$Z^z{W{_X2POfp2aW8Ho)K zZ}#B_HVqh2P9Bc^Q(Y2fr!?m|I5}a)#~Fq#L5m_?m*F_-wekxKx1p8s2nS8F3R+s> z2P&^$JAzRS9rop7 z2mNj`H46~3tj)mX#*g1RJ>B39!x8O*^XP)Z!^6->0~=9POsut~B|S4UX|>8}*QhTQ zgYLd;927558vvb-JS1Ulb5>u8WOselRc;z?X)` zMkYFFhC%i*J$(v8A&cM=Ku&@pk0^x8{HuJx?sQvOB{zcMBpD5#4gUqWp^Fa4&(9AH z{ROWj<#CvV`4MgHzBfkgb5=lx#?$4~!0Fu9-c~FW$_*R4Y0b2|{HGo-4bqY+QZs5VQ|7n8Ivcuie zp~feWj*M~N3xGaofN2ao-p0-j=uf5N_B==uz*jgB)Qh_+b{Sy(F!tQq(E%1Z)aScj zgn+LgfjFGTf=~dv5q1ff0X;SKx9n_Ic6PX*1tx&3J_G?{pzwf!0FSY6@$mxsQeoPK zX*=N5MQHpJLk7V_>6?T#YHfGeP0#=sV8>zSLAdt!D?tDMDEno)8EhaR16;V{#^fb3 z3b59|P^zt+0)AN}2=*LANd&Y;!cTn_0b~P3z_gbTmJ$;)I&6pVAP5Qxd1P)B9T&%- zcpmCL=9!V5jRA3jhGqz~8$^`hU2h;F!C_&z7qeJlVPRCZq5u~l_@JJ4QVjZrv@OC+ z0-QNSBL2L_cq)HTDtZ9S6^2JewV9NgpZ(*PSEXEJoaF#d-h~S1IxZ{txi9Aq*77tp7XClWy+ChTC?p{0h<{O5u zhO34K0MqI4zr4Z3+&bHm`TJ2|FZ7OCS&L_9bqECXb#$O{0iEgoT#l@SgdVU6pxivA z1GWI6)Gk;~k--QS(WM_X_y_7r)AE~1Q*WBD& z1}n|yMTz{eunog5Kg?P>JL&1@PQiEr)eBQ_fLK8C;f7)G6vR;B{{p}V5)bTL=@728%PPuB zWQR~0B{H)zlSC0pxk54`l9^HnA>%&Iy2khW$M62{z8{a@`N!weh4=YB&)0a4<9Qs< z*D{g^L{#8+JyPbjpUOhW;D=xpwq@JS15XFfrQE)aGRyOCQ?SEALV0lLSj=#b*p;wa zKB(To{~$_+dPWbWC8Xrq+S+hi0Qw@vUBV%LPh_%PttWgO3UdANxdl5Y4lLK=Q zG#cbw>OVjCl=2}@t$1s<35l}Y3)rfjD0pf3v70RO$UXqTe1$5iz57zfCZxEy%I)4Z z_VxL|IKRzOx4v(JyH@XJBStgrVMaa|I}c<3P=ackfUeD8M4apnw*(0E2Oh8pTv+XJ;%(eO=vU zP*V%dYuV}P0m?^UfWYI`ICd-zu{{^p6#+w97MAA0bI9iJ6&Bt}O(m$rk`A2`L+^f% z8;P{vNXHu0NvZiZ$Y=KLQv)8|uZxA*($a!DGrHiO#>EYdjWvCHx_Utd@`7LAYj3h#_G|6^_>nGb z_%)G;r&t=JYz4K$pDj7sMpj} znA^riB|*uP%F2LkmcY^5Yg##lNgxU^U%sFy)~={AN55kS3J1vY5Qu~4;Rwfp+n-QT z@t*#qh-@3ql!lqPC-NYYh8HM<_aS7!V_vv$!6jc;5z!T>2F}jkdZWVrj>Cu3Enw^$ zPn!GAArikKT#pr~gfJGUWXmmtpgIS3{)OswgL6CzFI81oz1SnzAEiK=K;Kn>UE#)> zaC)2760=+W>NXB%TU&mH2$waPOBdJ;be5XdExY&re4@<%`0E$Z`Lxpm0>AcG4BVnU z6UqOpy*n|+=4(k&&lUkSW{E553cG{nwVfyW2RQg13W+>a7fb!gVRqL0FZY_CcgEO% z`d#|#M_-MIbS8WRD+2?sjDgv2K502(?QPf~z+J%#0tp(ZMHLENz)x%ZR;p0uJT50p z0WwP8p+H*Nm8O^30U)^m_-DXPK-v6#WoX-Zc+6tf!GrL?sG`el@^Ai=&u1RAlE$=3#%7--0p z1O(539vK{T@dpFsiyaSqJ{eX>^}1EWi@7)b`Oxf$0R1PFzhW@g6t4g^S~cGa4dvg~ zqy02p+Slw3LKY%wp%gk{Zk?+;@$H*gnp`m8K)|$C(P8)vE7!2U%y)-n@5DDZ@!!N% z^Pui@6d9l~!Nvo`e|nd+3C5f?yCq=#_kf%Ve!~Kjt99(9cwNct^w{Iy9}5jtWh`yP zV`T;$wEFumODXoTveW*1`R3h{W2}_pScCq(XeK z(cj-qe7LzTU+kYx(bC#jcH)iyxk_?C_>MnMH7f$lXzwJ=KR*x6VR}&XfBuxH1Hm`_ z`!f3f{2~AM*HNTOcDA=0gV_e_2@oV)?C+IFysV%i2HPN4yWw{|wL&#Puz`u@zqe0F zUw<|V@!rz>rQ|2?ZC5FcK;bm?p_xK-de^mBHaA~MF3rZ1)= zzTx+k?qc?ArW$bpC^^UidzKiHC$yv-d<%>QHr23RXuqU=hsFOGYJPLF7c6L|1JZaQ z2>B$`a=(1~#OZj!)%D<|dEo#c)Ih*a>gbemujl#aYdF*Q-X$3gA@zS(c*=w`_BG&K z7?jo3RU}fl@DD`AwC9zMkLKM5Xz>smwQ26-=_ z_ewAVOG`_En+3pdq58=YP)l5E2t!o&$o==#MM>d-BUD?r{+j!;+2Y4&3(}YMG>nX0 zK(34~qb8|WXi6}9!0hV{Prrx(?f4p#Si0#WHw4rO%>hu& zPEQ+QG!ZTaFT26SrdeZq|9vf02qeV-_DV=fG6v-g(5kyoDM&qd9iqwtZ~yjf>A7`w z_VyROy={7#=;+cv4kFdZ6p-NbQ0WA3jVQVzs79(s0^|`K5&rLr9+#0z%b&(wTVB5= zfuQ~sRYE)mkuPX#8&`ScDsU#Ex}dm`$!)o;`a`PQORkG@J)s@m^D=f3}u_!kRjTP1Nm_6lCNUXV2ce zb&H^ReEeuZ0%&U8bS*(O6U%^vvXB4IZ>K=AICA6($|&YfE|zoGsjI2Qaf})&Dh7L7 z{xis&=~fwIxY!dhd_}_A!OtPAqG5IIXoqK?U_0Apk0OUJhP2ApJobH1O528)SSINV4kcQ96VF?XHnyY4Jh<_%r0DOiuxK0;F6AM&OBL zIOZ}t78Vu~a7&^N8!wy|FGlkBUxRH$ORJaY2!i+I?Xp0~iik-lRy6nZ+jsAx!ovk8`TzZBP7Xz9mthuid87Ou^_)-{KgpF=QiM794OJD!nKo^3K;$Ntp-r5UY`C|cIj@I(6TGd=2tdt?JO|40NaD0bK|B>SgZuZ(cN8HHng6E z68u#39cgbj6uQAsL&ZQ&7oQhNy8{fY*`*eYP(+bp4JM93jDE<$9ea^hid2W!>HQ+4 zX=G#qh6{jtP;uGY_j}e=BcKFA%?brOO@szOVj&tZRc5Y5e2WYOc`8ZJps*TsM0^IJ zT}{~#EOq*)XElww44)?^Km;qpSIn>yJHVk+*ubC*LDCIqkfsJ!P(o#};+r-2qnn|n< z+;RB1CJ6NKA;>dSB@OWz!A)NsPS{+Fjco(4QIZ)+hJjYQAq;ake=}N@7LN%1T|e%L z@&)L5pq&F;`ugcpI|4}fpAoN6z!KNn8CRG z1R;<49xnCbIt?2eQN4dP_6@7k!O_tNxuSL?VXjw8A$S=7_U$O@uIptLEGBQ-2qnN}{kAEZ=Oo2Dq)BLj+oA8tGIVVua;9~?EDMoz35CB*Nfh6*< z;^^o%NafrwJwFFSGdPG|5rx8O%2>mNF!cCuR9u86Wpnc3wwqH>{3Msk1%wCyi2(1w zOod5ACbfeCSY}P+Y;VgMct5LRFBp`bO&-X?`bumf9$-1Mv9lj_?yCg93np+3;Y8g7 zR&bDO+(uMwZO2jngOmhnF}`?kA1NU4>Bx=CuYmWx8WPf#t8-kx7xe(p#x|^9A9&>o zXdHl;GQD0;Pfr5?<%}gK3@he7J1dK~7tr(~@MG!rStQEnEJlD;?tOXp?v-MdqGTik zH~>lt?7Ucx^>2E57GW7-RgZvkeD2&7suJKjQdo39u*BpbMa3}ZYNiGH1j94nhW8J)0&va%XBoXKJ)lODif?v6#Urq1n092bpvc=MSQ=*PsY|xwDgyzyZ}Q*~@1h zi~-*=@C=jhia&$-Chzt2^m)SIrZ3s|Hm7<|Wn z1IW?S-N7c?*w!Y7FTmPDyA`DBv!JlNS@vVk#v9^_jn%?FoSd9Q2$q_ZL}3A!06ywdyEU*C`-_Vg1_Ku>S43o2ch1!Uw1b|KNIGxPObf!P97qmd|X)0uAs z|4uN`KApXJ*2&3tc3f-w_BbT@2+EE^vQl4v4`wGgFACech7*Y~JTSn@%eQZ{kq#ez z3@ZUC2obDjvKjxCp`E*YADk{xvlL9rSM$pcAO6H9TIWMwf0Le)k1rc3D^V=QxxP_Z4F#bSnyel_$Jzk@p?s5rhpJ|&akk&*G9GV4B$jLc!NqLkx~^-{+GKZmu4 zI^b6H9lHR|^mp*S%UlK!+5TMU*6VrxocqurV;vox@n>S-Mh|wwH=t$%nWYPWw%7|> zWT7?yHV$N$pgv+Gp*6#(fqWpVf0uB2CKb!z(t!d>{t9NPF%_ml8m*tXKe|mtW(Tpo;&1k9Dt-hJSQ1!B=73mabejM@LMsmB1QF z2D=7B*}7q2yXgS%?XAGM;Sw`8M0ly z@c{%QL|3;1T5c4qOd_*+IR$sa+rbr-m6mP?^9Db~{%?Il6;M$zAIZEA2GZWqaT$Rm zh6bx#McL!Pfdk+QaKPkv|NM4a(+lPep?HBo(VcUEj6On#A0$)2%*rZd*RBA*&&!ve z0V{QNbw!7TEn+6Yd9Vr5F?!l@G(iNh>v~k$JWw0kNlE@$ngqAA>}Dw->$h{m<#Q(S zSW&T)GjnqZB2xAp$|#0mvzLfqp{$|`3!|_@x;(~{9?a)Wn>R~2y_a}c2RE?+$d;%@ z0M;PPVV-VoiTl{eo;Lv?XO!EvrC*$zAWd`@^rB|xGsYgTnu&LJ1YH-%(AXt7ctk%R z$Ho9f@7%HDw1vek86~31{(5Q9tWKmX5jP~ozKq?7mxytb8&%5b_>N1tQnGoT|2?)lWS&@MI8#n zAWDz(mytL@9e^dol@Ym4nVW9!-lD)71|qbn!n(MGNDk>B;1)MmSK69ycVztg8yZGn z-tber3izfM>_QSxUA(vilXmSTG&uIo!H5IQN#K6m*UltZp~=LTzl_6EKOn|u z$hmf9KKaU(E3lmyIc&m}m6hOi18Cl`_`P;*XDAu(oZ&6zEZFwKz3nJ+ z16&0RC1i5b37{51I70CRJ_*6s1>__i9y=<=RvZgCOOAL>0#UlBv=zAnM6W0$H9UVl zJl!pkKrs&^)$rm4xhxntP_kVk!}|sW_wgq2Z-ga{0{50DxD6 zVk^a-8%TK9p|mm%=Yv@trffpt^G2|1)X3SSzd-R03!|+N;yilP%uf=`6_d@Iy?-|i z8eq7AIDHXSS={^QWUqm86G%s5;^J{f>r69-Kd4@Zv*aCc=fy5ghKP0KBf%-)COuwebVembMyA%M zK8~n}!FeK+e(2aU^JAI^R4KgAu+B?Vs2iFbPMj$G33<}}&WAnDRiC}|&UJ;%bqF#sdt_+*44$jDmI z1Ok7crYNi^aB5xikCBp;q-Vfzg^xti3+YQ^H{q#JwnjPQbT0y^$-zNXfDXV`!77cI zMC%H|`zRp=NAMby7R5ss7L(fYcw24^pCptBzR4&BfMLNhbhOlxb*2fg5V-jo$U z65uAxjEwC26>chU41frFp5e9JSQUea$l-|0>H@@9^VnFRF~-NlkSxF}DN#9$5#m)( zf)(|Ky(PL$AeqQy$(JMQ;P8uG_w~M@a2aTjP6mIBBt2ahHnMok%5&F!PU#<58wsZ}R6G`3MtxOsS>GKiL|N)_zJ8FxVf zf`Xk~W77W{Y>}c0^A#>#O`{($?j$(B0^{=L;sD1@!}yyWub5dSY%Q=e=)xF8jJdzi z3TI$d5MZX?!r*4IJOC_lXpsWy8GY&tYFSy?07Ky${w&2vUQsoydti$#tD>QSI!cM- z_c1O5LN$245f)89Pk$0Sn&Qr>TbD)l@7J$rsIQj?F#;)O-SdkSo$ko5fz%)#e;M6@ zHWNI{{B+A`=o0+R(+$}uw&VAjUwdYCN~Sq?5DY5>Wkh)PLq-i<+QJml0qnf20MkzD z$dMIT(oICe49wPx#`}=FfN>C&pTTLMx(kJn4^{8L_lB`Ked!>XuL$yj+4AxBOv(VH z(W5s`M!}HPT(tSM&nFQvMj>jK=%>cY%>44ImBZDeJg)z60S0Q01R!xkR>JuGGg_A* zlF0$D6%{8$N*WmU%E7o zCU3cm7nM^&%U`4UVFOwst46wP-55zr*F=I;#$~q+)h>R1hO$8TbC3SzjOkMx|#wzjjZ9hl}VD$(B~y<_e&fACQ{^rQQZH zA51GRH+MX|Iq)19@$IAEei0N`%pF2sAHHmA3X0}Q|9co4xMT;!eQ=q8Y$saN>VbiQ zXd)QNQG(P35oRHlA3#>vZg}L9ehJO5sxLtvm_mpGchZA}1Rn;JJ6L5gXe@y6DJGvj zew=!>w-!w@NK8k4ya>+V?C0&Qtbn*y*q#Jj9j@ z55X@6sglulehg!dCv!nE40@5Mm>6JI#QR5J3bDK0oyAU6Z<4wC|LQ$}Xy$oW0My77JM zAj<*%G=s`Q=^6D3_Q!~hiJElHkB>H}K#vU#aV5uXe2UeJ86g%JQdj8TFw~1};}jFn zeioV6qF(X|?+U#VDhb%DJggD-5GKN}34J=EC71xD?hH^{_&Z6+)xce)CiHpY4vb9+>$VBB=~C+syh zQ)b>E3je!*Kj;G+TVao}ebFln`mp10X6^0T=R<>o71`hF#tUHM)m3wG#@fET&ZBo< z7uI|Y?ki$N0eLSbC`O&v5yTUOJ88+u)hKabDtdc*;H1>Luiv=AD^sL2t&P3>z)~Ir z1*{#UFQ*nyL1_daWyS>5C@kRuWFU~U<^+A(%_(@$&(Dv56cB9(eY0Aa?J*r(TMt=K zPxLHo{>f)aMCOZ}f|g6Ec+ZxYG?qS z`h4vc>#=r5A|T8FxzdZ9NGXiU?Gu(opDRj%V+UEw3w_F1@zoi?N?@Y{PCZra(tw62 zz&zh!aQa5Mg|84TiBMfe^b>!67f~xoeNa+j-(S6ms0kHn*n2N%#}R5E;6N=KF9ua2 z@Ur{piG-90Mg_?7#kJKZh?)Sd+gP*3(}Gl27o?1(*mFmGzl4NowHHAhUWXX&G|Vup|nEIGmg!S9NeTiib62~teZ*bY>;v4B8608gs};rM{xFDF<% zxtWVd@=z=zY9R=0!PE$vz8Ucf8yZ0;J`|*~xDmbvC|oKd?Asyi2P7d8VkDGoP^Zeq zs)E_n+V4ZqOBwc>nPRmU8w%5fq4+a^AHj~0zZnJN^dcs)&Ttto)ZgEaJJznPKGqdv z16K#(B~ifHc5q}5+#;fX@PkyBA7-J7!ATUDbSH1+ydOe!paJLp&@jhOk>;Q<_Q71x6mf zI}fP_(YlR3GZK{~6&;0xu9TBllRMZxB6hKPw*|}8^qS7-W$q>@R zS|u*uK*&kBPV7R+lNUc{r(&1SfBV3?bEh!XJ*ubB3joH32}f>45cOdRYzC+xRM5nt z!=8ZiAchYV4@D}CJ5yI|UJ(2Zs#vE!xR0C6JFkR}t2O`X=|g~x1x$DsRHor!5w@YL zQxi}&w>%M~@~Bdw^#|yBf7%NHo;cfF$&XMTbW-DL&ypfB`e>`K4#G5H3a|%w%{-&h zEc9{&QxwY-bgU^n8JII2a2Whhrf5foS(8xQg#lZ|tJQ|byB7bH^jn(E1^EflF5;Zp z<-WJX4jB*xs)w*_{W&)`x-(e#r4ER^fK-VlH^5~EGgE_);)iwG9<^Tz2uupFJJDj3 z{eTlt34mJT>CI>YoL606+NdiXe#9YVGxAbEPF*=#@`fVw&&4p4v|7cz=qK`9C)|U7 zKqmx10BFQHBudD3)d6n-QiezgTZiy4lgd8`Jqzv*v)_q3p*DmD4uI((=R4>%Wx@W| z3rnQUAOv|3yScbSq{j9p@W|nU7p#EY;1b-39gfk#dZI(b>jy*z$SU-zfLKLOB^MQa zN4jF;{+1|C+jYVWp&0Lk$W$Cu&1bA8a;aJ4`Rs`9_feA48~)Vzc=|H8Ii(!C85E4%XKDK)r)0 zN1X}VrN6f~x&AP|MJutcrg4`3(%R|~9fJI!FzX4I4A`|BbpaBZQFVd6{F^x<=&)nL z!O_~9OIju~6kt4I>J=lxYmR2Ncl~B?j0{xFrfV9`5dx+qT`Le^6dNIZ*45O@bs0Wq3qNRY(>xGPsQ{ zBR;6AtVC`~bmy3n1aeq_eNO_9{`Bc#q{8sY-2S_WL8EPBjKdi&u!w)^pZsT0u%=Yt zrlTL30-y}=XFbU5OkhKx;Dy4@t?Sp<69rI!R4B{frk+?134(fnrEI{q0wv;bH8vv& z4CkW4!aWQTBMxXz)Q7zQ%m`Zo#4TfRa*&PC^XL)_;P;j85-n$hE_CD#$8-2U9VkT# z2GpR=&C6?n@Tlm=2?i3t+N}V_u*mV63H1Fq9|u6wX~>wbBHXWqs1%h(=<Js86XLw$P`W|^81~Czqgc9TD~iSL$yQKb{_Frph4qUdJ+}0IJdCy zYh+M0vc|^m0ZZBBVI|@n2~Ah6-xKgqEAm~hNh0JTrvLZFU9^D5R)S$5p~?X104(@p zmw}_Xx=F{0iVe!?2ZV*c!l+=>THD%G0Kz{Wy-uFooCU9taGspF%j_f*+Q8X`$YzGs z?gcUu*R*C@oxO5_f0Zl?91@IvCjx)04rt4QW% z5tvI~6PJ>LRjEl%W(@$6fw#&4fg0BKI=!a0Hkk6r&F>@0!?{y(^72?b6pXulqZZ2l z5U9c_{mp6G9tQoCSTbE#(g-I5$#!mFaHh81U`Zng1|`S%@S=$Dwlgyecx?Ua@x9`L z0uj<+2D~3!$b-_-xHl|>ytgEY$Yc;uhbd@>{?FRHCD=3(3h8u$!WzO1Yw%>+xe~m* zqZn^FD=8RHP#=93XS{dXo;~{$AtoraK%hyeSy59{W4H{3DG7B zZ**a&(T4$H_svOw2N#h_*!(X#mjQ+}^A#8zD1gA7*#Wzaj@D3B4NpkWga1QNPvC1< zHqc$4g1C7#1|=xr9Y)$8EGxS_=aPFe@{@5{_k}M*tM{geu#L$=A(K^ z<}my7XDTZ7ZRzPn(T^S-42k-eGPAUaUqD-V8f*~ygrYMYl>h8#@Yb-u5a8%nD=jXL z!?gWEqaXo=JumLIC05&R9N z5n%B$kU2=3`QOp~YfxhYDN-bz!QMgn+pP~-Qz=X)BTo_{D3lRbfsY|`LhTTsz>V9t zKcH-e>?mCOKZ{H&kV7)UNjL-%g&=}FTu-Dv%E|;$5XPH=u?5KPsXLgR!T8?13u>_zr^g zQx%Sh=XCK=PylT#EorxJcSn$fo07|0qTulhjYxl?oz6}+wmiMO3iN#gaDg7Z1d{|w z2QaCUywe*LXOo&@y-O*DRhR)Aby5>-R~ z0o0HY-a)r$1?P(T2P@J-Fr-mRd0?QZXahr!;GT#}bp;`>{`Chy2Dt&1RpT<-w8BEO z@tZ3Dj=t_0kmx|(uSWSdP;$RrJ2(U~d-kC2TzIz))Gu6U524H%i}M2aa zxoT0bBh(U`H-{kczzdrQGem>@2;+=LCncdPDvlM~Z6l1Qy$Xt)qn@7u*xAT@9-!(b zjYdMKeS%$Sqz{SoJxn-Jhj2pM=X5Y5k!PMZIbCl~o&Y|Z2g>*uZp`So`u}(i7J7@I z@V)Y!u>}7Fj(~*t5^Pp`7Zgmt=p(Jh>!C@rkqT^c8f%HHpF%`rBvlVN9X4F5sAV1I zhfqxeh|Nc4ft&;DjD&WiHX%UxNUd+*Zr8`w8x}&o12Fp=%1$WGfG56R0%8{*aw1S1~Nbmb}R~7 zIB02usJQrbdUSne`0KhgDi_bu_X}hKxOQ+VAhonYKU9R6;WHEexQEct=DUGgD?Wl) zF)~6XE6f1LeyY3Dx{12jkm@PiW^eCf{xw7l-^>XL%8927bvU?(&* z(48#k+yr7(^r6MR5<+R>`0*z6tien5l<<5%gq+6>BL-1_uI_s{Xhd&F6gG4N(gm!5 z;=>47N2oTWjMGg(V(byDQ7DZ#ZK_F9w!=JKBAP$m75W^(Y zL7V&D-oQE6D6KF_i--Qy5gtjN*c_%W*;cz_Rk!ol?QM@^&uZvb_4SLfxMGY*xJ|o12cA zKaZ6^uggHnwY5MXR&^V1h@*zr0>4Ow;lx?%g*R4j(_IWzq+EWRi}ZAzoFXx;n((}$ zX~!Xkp}8;gPuK-dC2waJz9ulizsHek_TYYzrK|L6|2zRhGf>WHqNU5eDsfJ(~Z0(ne|EQ zdA_TA)Xd{oy+-#Z=&hA?tD19d=Q;{69$y~SyXbbA`n2`k>SDV#sr=TKKU0z8C6I8Q zq>xi^rmQ?A>T=0NyUlV9uVsyV9S$aA2*Nq)8fC*Rh?m=)B=vjSYZY5}-clW)cw2E| z#3zp`{++?C3cYG+)(rxo>Jc@TWKR8mjD5p3l)I++XUXYHqfE|4wiQJd@2SbV#;c#B zw=V0Vvhw8xdG>}^xwdvfxr-S}!zN;wms9lnB=W*}^)$^}E{d*R}c^V{}kufYe0W@JcgNFYTO=JoiH_!G=jq$0w07rfZI(X0`pX88OH0 zioH8p8m9($=+fLbMB0W>TupUk%pO{n>HZwmZMxaZ=52bBtV;jEKiptdaw7NVH#Hv` zh)jB?Bef^YE9X{NK(WlnpZ)yVYbu{M1SoH$kB{{}}i0mk`{&v+I^>)HP+#n3GZM z*FLG`nz0*<%9`hu4e{r{JS8gp=GguOg@u>Y^2TEo{xK)Fvc=jvUs^MX8Wgg!3=(p; zxPMclc%8@tUv0|?1D$8#mbO|)io`D_86KtDD(v3-CTq?~(Bs}xALpeLpOZ8aml9lU zs5>YYNcuIBH>YmL{oaB(!{X_F2Kz+qJ zzdqgft~=sVA3t3h`mu+ZE>uQV&AIN7(OYe;y1>g!GfH?nq-jW_p@$!}l?GEjkUK4bg_amqG8|ATgiJjZJy5)`O zoOh64-nk{S(fi~J=3`&CS^38|(eF)cyqm9iTi5vht+Y!+uSaI7ULOqFVnXx7m3%0Q zQEXUafs&!rvxT7!#_s!{j;#Bv9NM;^Uh>wJ~FS8)g$BTH+$Of zD>0$cT%q@Uj$>el#Ih&Z&2M8ICKWm|-cdciZJu_c{ms1Hi!xNkS00A-Y;)AwaIg1X zIP<6e!De~K+VHa3uQpd7HvE(voFi>8kuzbtkZKvscfEguEd9O{<3Yv@ng+)fOdM+> zFL4~s^?qcrr~lXN z4b;m?Y!dN2QFg5Ny{3WUxI?A+^ZJ`KVdq+De-#ep_@5~bZ|q*#-sqyFtov68DaV}o zi<0H&(a7&XGfQ6VQ6qP}mNuPYu}T*qnI>)^68#YVj2AWsh4WyO3_tBLrZ|3Fs z2cm&*YhJ%IQ@0$TkY9VfdNefP*uXu5eYeIr#i=(te{z)l>$~C4#+bSF{a=Gwqt{uy z-;>WAR{!wa6fbGHiZvul?i4+#O5%AVrSeT5Gaaqu8%Y#r=9Ofb&Rmr3EMEAwZ|B?_ zN8>vB#7pGXho1J))L#1djB>e~wqh%w1MWYVpNV{H3QFd8DD;%{_g(z$i`v6f>TTKdRyG7ZPze6fTiRl%x7#&&HEhZ6$-Z~^LnN*322 z7EZ z1D=fE7{yACoSA!;vo&V@)%S*nDHzupc=wW++Njlbin==JZ&J-l?2EA1rjN>}p}C4p zT*GL`oG4J;S+3RlDNf$4*>~8rA)-`l);9cIcJZejx(Sv!Q8w~}Y@s9BnkPAG=L5pU z_3t#VnLd)dI&d-lq+(?Mt@_<+JEwNDm2TU$%J#nNS@4I{GXy-G!%_+Y&|Fzk|F5J9oc+Jda-~A1a z6GLy@$^9c(Mi&bBwA(+j-I7;X%zBq6P$;e7L3ii4b;l;|tTWCW?Y#SJsASdH%0;F= zHjGKqm)l8J1Qt_|E`Iz`%s-sm8NjgcVS~%|wEL08GEWP4>wA4tq`D|o&mk}Bw!*jA z)HnN!TIc*O0s4D~pL&X3UEVUi`PKxM*(lpzgHg?s_b$%u_WK-|rH82|N$9p^F_>zQ z7C%^C+~44)k$>!nry`wbSGAJ6C0~SMQ=|EDE$WM86GOR@b%s&d+&)TEj`>LUfOYu859PLZ*9 z(atll+-K@!pqvzQcJJK9z1?YQ?BH`=Yu#V@dG{9BO!^rgx&MJk5_TRvqn4?pp(3&- zH+of5Uv8l{U*vdp{VOuFJ%)~{<el#bj`112)-Bv8n1SIv2zabcJ0# zI_S-}@8*SlOfa~z5w9nA$9nTz8P+JcYw6_rd|URnPkKAQ$uy;owW=4s&8+T_aI7Xx zZ{~i|)I*Xexc+EmP%Y(A$XOQ}+K4ALY&kJYx_eef;ki{kSx~Lwf=MNNNTz`O*zC@-#J&@@Ecef`Me^#AcJXZe%uH&n zp&s43a5~_c+tR_BZ_;0ecgqKI`Q_MelAm0z-$bHi;E+GZ?Hv5{FnK3~;l-W1W2bzBl6NO|6{gYKn^;V1 zZB*RFO-C7BSI1OfzfQL3OsIO}`%*9Fh%eEu-5SMlei?=9e|;}rqH+%2CC=Uzc&>Zf z5tcF2?h}Q#btM{;ViTj(Z-}qHq^2%7dN3m>Nng>LWQ2%DqVyCTrNyg!E0aA#p6j`_ zl`pS~Ja|Xh#R2Em_t&5e)zZTkX`^peJn6Rx#3&cnvyvPq);$gJz~hL8XeGO^qI6J*EHr{#Q;WVer?$oV5bioxII_y8F$2?(8>2+W2j4BW< zYvE&6_i$(0^-0gP^T)!pfM~}{)6TZ1l_zbDHt<#@YP7EXlK#Tqqw}s zKVo_`I(nkv*TNIV4!zy0q~xV3>gMWB?*Yp@O{bkA{Wn{aEfx2ZH@5DFU-r|Oy1?(l zaV+IdSNUHtA1CCyJDL(NY3eB*c3AeN*1YTe!r$x1`6c!$$;QjctzC6L%SGSHw{0jm zAy&A3LN};Je{_xV%#zXA)@82^K5OgJv=R-DPam$RF7f$0P0=Qy9Bfa=W4Eb!VsS@! zr2N&5H?pP{7y8O#RMlwZ)eGm&uv%#^ExM1U9<|$}xg>E@cwkIzI;>+@cOZ;yphx>3^G`ds-h`QGKszTF4;q_*=sI^VQf5_ODX_(CzodnN@=?u@%{!c%^lRYmXF zTKt6tuEx)6lxc@I$90#WN3k6927)a$f_dE8(aKrdnBB@>ikyw+%Ra6bM19M;k6v}H zq4rAb$<7IeqWpNVfLq)LzCFJ`n3^Fu|!q4bo zoRuy-4H8*2{i61Bdd&9LcwH5zZo)p9(#8GJKAS0T99-Mh=&5i!JjaB#Ev)jFZrVMC zr!ZW<1bCekJvhZPDn)@w@iDHaYISQ?nj^;FRshsH+5pBbC@9IJos|&*vhq+ z_6*tg^wfjv$iteA`@c{|e@T2*-&?16`cYetmo`$16ikv*Bx8?Y4C}I%4j}2`Ni`q-H(doPqy0lv zWdE8Rsq?nt#Z9Y8p=Rn@59#a;WTSZ>R6Gqay_h-q_}a<2)><+_mbByBXKe#lq{J_L z@V&~eem8yNRz2kKPYf)YErBHGlzqb=*6p5UnO z9W`|vlawe36gZ_-uv3ub-fc<0)dOROT}o?bzt?O?I>?a>>aZG$r}-Ba(e4Rk%Zck^IJ5v6N4cSBY%SA$@ONkjR$Pd`3C%st(G zM?yDOgU|S^ysD&)^@i<&`^1eW*5VH^^<7EfZLhF9-4`30^W>sUl<}Tuxj6g2?9dC< zxtr?enljR5uMOqO3yFW0Q!5xhIV@x2&ZTXeb2L|wE<$m;dfpAj94FBe`?6CV9lEtT zD8nxvJ9%Cr=dfLl_BIhWrg;tL(9nJc&DUzilGk>OypTGXuWlcgsKFwVYjRjyYk^O4 zafoT@S;@DXg{o!#XJg(fOcbhokQg5ei;q={zO$Y7L+D-V0=r1iIvi}4%*O98^W|n_ zs~jl{4ZT>N9s9(7{87Bx*cIE+T}ig8?pWX>1Z_Sm-TXTM5Qu<{{)%`B(Hmg_5IeE4$Z$XdLRmfl@?_m?@=TYu55 zWKXck^PaMmGoJ}7NYUT>X}eO;>kAzZ_vM!F;_>E8cb*(??em{--S&>}OHD_yWVv?w z;MM0=S{I!^e4krkV(AK5`f~l}TmKs!4qnTA754RaLY-yO+MeX`vys-hCJ)K{(fKr$vM~loqqbZc~qLe_}}Xrn1kbOLh)Fx_;E{^D*HgCmDpK zEx(7`AyeUNz^tkwoqy7;ZNJ04rox<+b-JL_XOg-Nl0{3Fl4M#*WAL$+;cU zc%}3K%=xw#QZ_`_dY?ax3Gn zmkRn<BnQzJFptlEo|(huId(_qWDFce_yI{t2rlHlPXLL`xKt@MUodDogHFgaX1moBjLJD zpjk_U?fOm7Q}<-5oGG(7pyEERNA2`z`3<*e+xPMdR4ptg78_;_b9{mp>g5gREHxBp z1>#KV5Fcy+w3?6R(|YWB+NBE7lnrfKZ0h=8$eFbIzxN4k>KCJU{?GifRF4$P`tMa7mejlW({c* ztFOKM)2Ox815IzaKPx=jSGejg(v{ZGU-wTKN@s36>Z%K4i298qFXf`E%DD8%1P8Ux96fT9w}`)4kfxaJ zDuWMO(#$^tCa}waD(c=daAvA9ZLIlw@4F6N-h2Fn-CqllU##{wT9BqKZIA8KFB<&Q zY`Aq?vx|w_#q+%E(W24o*QUx}jU^QRMNLzCWYdPwE%KB}#Y@yKzn?xpDI{M^xqraM zTjunK<8s-HFUJyAV?5Wsmt5RI-(W#@0bDFI&(7pjUJ9I0TJ z;!OGskYJEk>R$o_#KK!i38qjIruTan2Zd#8J_fh#!zOvu6yxiL&Nfhh zpsUn7oHPd=3J7tM-;&S*_f*v^9_UXw75rk_d=@F^6p$$J4bZ^j8_=4NyE^U3lNAtN zAx{MZqySwYs_jA2giHoi+G5_e*W^uiISkcJju=;!>UA`7G!=qXXn52+kdx4eGjSwI$WSVHk5=o1FL<{78I)G&v4e9X&f^Fz zTAV12uK?4174HB>wlw>j?(Xj2Y96A&CiYNkD|!fZym-M69x_BKfg6aUtgt*oU%Y!a zhsi?oOO)g54m*MVcVWQy0+`K^E7578eNtA|D0=JB?AW280BSmY8C0#rNv7cDqoyyX z0Old;?%kzlx6uX%1>x{SEPjL+MMco0qR+qgDE{ffRijG0v3_3@nW<%1A|5jnuPmbwV>avA6!^i5Y<@psR4Td%NIRlLY1LA zg6Ifrm#yT)g}$pDZEd?bai#&dC6pDM=}?JMvde(51Fi)s`QOmXGkJynHL#JtuK*X# zm2X!GaUez#ypOKRc~Daz!gh$vS(Qgy2^E#FM9MzMJaB&WU^)87oM^le3QakBkMW6! z;BaE%n0U0fhV}%#UqIzVm&RwjfhtW3&xfW%b1r6*LsF3CKFC(w^A+mI9gK_|IGapL z3jGmQpnJq&%Dq*dLUHQO@9xvnjtmczSJ3(SfSd>+D(H(~$&8MTLHyj-(o!IB{hxOC zc=)aQwV(+SXRYCQrNn*N%`@ow^#f}sYI}$O91dG)IkQhM44uAjB{r-F+k;qh?8g-q z(O&`wq-0cALohKW&HlZK!ymnP_9nN0`&HO=GLgF+R302qZE+l;XgmaDuh8&7If-st zTT3A_O!R&_97?8OQKuaHn2S^#q%yKfBnBk0Gkhah0Ul7OOmONF?Y zSZ=>JPIExR4jjyW7>C9b<@~b>NTj4BL-#10F%EH0@XeHi?pI%p;574Fq3Cu41q_4& zyZUfW(h69-TgjEt5dfr*&>hgS&Ca5&j*)ODJj1QWlZ#7BV2AnORUl`_Mu$>n(Cty+ zuU8P=;J|vwP#}i76^ge+!zDCfBV-LrS7YPi+`)^5v{Fq)g@=z1r?59ZeQE)UpaPbQ zfvG7JTl$=h6E<;R1CBMDgKXZ! z%O%ntH^^K1UdjYnrfN>p@;puSakZg-i6+oi^ke@8 z>}0UUp@`TTIt+3nj3HP#cyTCJ!0V%=K$p$Hz(CNOA^UX$Sq#wzy4`?e99RIxel|M5 zqqF7Lugg#xfy0a0j54Cfd3p{GhtbBz&h9fd{lUYBL#|%kzf1Jr*9*w1zh4|AM-Oe$ zJI2xB;gmz3;SE;M5kx$qG^Gb8D2is64-bS`EH`d%{^wHxdsUx&zslE&9!nrGO}xU9 zl@Sd~K}7rJzb{!UmOGM#R~*-Fy{)B&)Ms$RPzS!qen8w>hCR z*l`761~kYC?HPW1<QtP;)cX1s$1muqde_W#Cbvu4Z)#=ZqC?P@bkI52N&8m>8Ywx zB)5#ZJqmJs`tUw{E$kJ})gwCGL;PSCBaRk#yVBw0&;XZcdI7Z`B8?w>jW{QOXyDAi zkcFdE(i71$0b*fr0l)Otf`pF-O!4u$w?&A<_Hfivn-iM(L4q={)VNC&y>8I^h7R z+O1uk+cdxn-w!ulYM76s?Lm#5nQ`N6fBV*&mj&lmJAp?FS+wb%pYVN{1-%e_{TN;Cy>}5R{?2JS!6uW_S?$7L-CXhxvb4d+&HI`}d7sQ%gpZ zid0HcGSZ+Wm7<|Z8aAOMitdbtLPn)!WTd51DW#!Eq!ghNT0|iYL`K%{d3Ark_kDkV zkKdm^f83AHr^NfZuGe**$9bH`d7LsNa7i?iIGE)zvm%V_R66Nn={F=idj>{jLM!G!W8yA{MdR?1d<{rVN*W7~4uUsYT5%-A_STx5an>=nY|3$ogGeg#uR ztPjSsFYLsL^A|7PrRrfU^GRkVTZA#J`c3|0v~|>o@;QPX6N={}M~)<6Zp}y!*%Elo z8X5tAew%yp{-4OBF@)?7PGf`0k>kfX`AosOwKQDj?qVN`;}B|UzbDw0GrGzc78{dd zuT5{;+3xl6VK?^N<2b+=Gyk60&0BJ?NK$=jJ&&1GCE0gYR=-~;f&+(6y$-Gb|6tM1 z{AG9b%vZSay?(uF{rV3D1*>lh4GKdT`(b3K^y5b- z)UYGMKzr=4>$+sF(RIrO)E<~7VMPcM*vc$uR+d5P8cI^6*fL+;l7dh=&D^@D=NYt|5l^4WL*df+Dj zsVk7@qu1tG3LBTXW97Y%`uX*g>?SH&@OphNi;Y*ZnH0grI?{o!A~z~`+)WKj*eb9a^Xw@bI^NG=Igw?p1peynX;v%qrGt^ zMnfp>C#KmldqC&~6)_CZExau!wb$y{_-ogC_UQva!JET!)~pBMe>jb9@A)ehmVBkq zW~!*QwH34E2YrgEXuyO#hnWmbD=P;SHSlWuZL<4|=`9k$VqIud+_Fyq~}hfmVg$%ydB@j;z(Z!R%EWVTVhKq?L`0*3_vHSZFX=1^U9*_gdQeLsJ3NDYw#f~p}{mtnB?I| zF_|=R>eOcLW`5(7k6V~#Pv9?L5An4CcD#J^=I&qbkMnY}E>5UWU>BK;$}+>JBc0U` za7nz_x}%zo2rHC{ic_hPte2gq;>7K5-n{)RwPd9t83Xej=8Cj9Nqkf>u|NiUUN^;v z5%+mRF+-ZkZayC9AZ4TBips-1KjnT?b)3c`4a`T5r8_Y)>s!g4)?Hy}c$ke`;C<$I z&Wfg9mF&zkmF|jV%N}YUJ8~rL{)Bxj?a04<@AtS&)Ae;M*4tM+VX zf??Zcwl3n?fSm|gPu>WoCB4;9B99{LOL0mM3i|S#-FCm##w|Wn^CkVMOz%O`l9$=N z2gjz%hVx4t8U{vaohJ7Rna)v0>0=U=bd}xqzEnIvxgw{`I=_+kLag ze;=299GCl^ZFrB)i9dAb0|R6eND73wtQ8Zj&z<*e=u_@)(iCU1W!m^A&odV=L_3M)v0n5_Zmchu{C7ZxdQ2`Y^eQLhB z;*m0LX!}A#jRUnl*EJhV2=N6oki~>b;cPasH{tqqh7NNgvBa- za#kZ=B{u$U_=DSPR{918!ZUNb%K;*IV8Kpr#F^$@WKd28hNHryC3jFrhZ8mr%uCi> zJK+}AI=s&W%V*iya8t0Mp)}slupi&?H}tv?YynbUSb@_7vLNkI%H?5YC>h`hPi_u9+Y0`DJwZ4F7@+P(!1Te zu_vC5A2+U__UBr+d=pTsGDXF>arOWnJ`Hv`D|<~?Ex%S_)~ZzvoIuPlI5<(T_SBzL z19rXV4R(I=P}=TX=lulZro(BIM<^;nWv=6?@Oa?DM#eDKdz>=t{CS4d#$bYu`#V)G z=zxlNvbqDd4Z@Blx?FgEm%I8-gFRN$#s!4???RJ-u zI(|jBN%y{5;TH#U8+(1Cii#saiKjr5fQ(yPS7&h?Pnj)Hgco3R>>#(F5O=W@L|pmJTzj&-**1I zV?8zT%!9#IkS95h*Z&}Kj@VIxG&~x z32vce4y@-&)_B=2PH&r(#q8(von{2{MJrd{ByB%?cB#`T0xawe+n*e-9TI}%g$n{- z$_b(<=eO@^kh;@J@x(JRaq-5Q8k!%LqZ>G`{#V}1tEeo|aqZ7i2@AVty{5%&+EYWV z3{$Z0WhJd6nDR^CHP`;{XA)UNRpvn3k*bI5)RUgP+B|>K=ooU2Fbt2&M%?Au)Wh6< zUrZ16v+lpCvZqx@7RAz9BDtNgCOFwK0T1yCnMTeN z-*LfVp_n!gnj58dq8ag41^gyBK+r?J>-QfYK`^|92X#B8M= zWfvbV;zuGP#^3vnr{*=HAl_gYu+eYAWWA1>UTo)%e<;!!@9{Z;*tak@rzCo={Dnbp zaN54N-~-Ox9I3q7WfGHdJ;Bp!*q{0ERlimedtmlxXwXFrWLra;jx{d#1XmsN|M+#p=5-eHpaf`edXG~I2@7Lm zjWs_4e`H_}M&h&DydC>h{Y&|3h%cM;eAtymJV(qsD56Ui2f+-mOWr3jQS;zqhS@D> z=DkesxnY`u!dXh31@r&8+aggHJ?Zlcy#nD)?K||zyUv^OE~4JynR1=tJ$l%N4gWZ9 z*T3BKthxuAA81n2;rw1xTl=xDSr^w_VR<+vMU%EW{BwOGHFxr_UU3>gG}o=?waoAr zO`v}h+S=Oa z7gW9|CM!cR@LC54b)FH`y>$R<=zvO`kd-^uz9%tu{Qjz<8NNuDlUm0&*6-TqG-W7w zl+tkW=388DaWwC+u*s31kUV_Eb14f8{$QAijX3Nq-aDH<#fyaXxt@_bG~RdBC8drJ z7e8;=F?IBkIF*t27q4tK`g(kPQE~e4DA+DyI4>c+FM58)G=8f#;SlRXxkw)LY_ADB zBGiy=Cy*52AoJ2r6-25uy{o7wJ)&i9nRG0{lsG($yq62nPx>Ru07kethV%~wU%c~k z;jg|-^RuWdZ?MnXSx}bXIWXE{0|R&77l>h2DUTW~ZhM-Cqv=fo@(6GE_4UuY4P4}UhG;s(UY?EZHdHN^A^Qelw?C2=GKF2%ODbvT zhKxs#c-sJZzT1Q|pS_s+3eG|XW7P=T)Pho?7P<$XL-gTOI^8rx6OQ#yS$_0t^1Y-R z^^3RV?RMa(7?g*qbY$_>Zye)nk%+Jqcz4VGbvo(hRc8JUa zv<3Ti0LJ40=``*4x1CP2H~YwueswEOF86`8mjz&uW{Gxytt_2^{@VyATstt0y3w9^ zMq`ZLexQfOqEdt?SRgdB?}Hf4UTL^LKKGa}(P2+{8X=8AJ0Puy-=}e`)=jdwW<=Wg z{P}aK2EH70JOYP^_@rHMs-~KU$>i^@Q_~@cA%^pRWLyg#&S=XWrM3{GJ)9lK%|2IH zT)g4r#&1-FG)bOhW#Jm#&JJE)fbL>4N7;{I(n2H^3J;!tqRL$&8E$VsAx=Zj69U0M z;}Mc*96EAjCyXSvY{*2aoZN)_-_7}q+2Osyr_Wz- zE%D}bt1~`No_RiZ8-*q94_+oh7zmAwN!wshq{jK^=o;Kkp;+kn=}mlM&2Gafi|HRP zgrO+eXl8b*<|Q1M|BuU5C(!hC7+acZPuKJj)(R2wM_}l$ruGxc6G%%k74u!SWJxuL z2L{;B-#>}YHk@j=OJESW!Gr1Tu$Z~u#|4$#D8U>Pmls?pxcSDv;_A^XsAJ&4Q*+y~ zV>$~+M~(W#CkDZc7-41gnV0YnnKxfox3H+l&-Za!S{eMj7K{s_o~?>YX11lbH+J4b z&Fw%pcIpi*Ik=wExmyRf zgRS?xG`d5p2?t!KvhULmA0nq3?Urd=cGZp30z$%u%^CCuQ_dx_>!_8B5a7cgit|B( zDypiKVtq%Ibsr)4}^VWr`czs6h+xi_q7*{rW}vJLmph$`X1W zlKDPJ_n5SK&%dp+ zFD9l`;A&)LBXK*y&zt8qV%gHAf`2+;n5_kDa7aU~q#k%F$~OPCRPwZ&5efnUjfXK* znP5)RxpT%rIkxI3xtl|>l~+~$W_yIXy~370BIa{m4^IAT^mVoCBNEo^{rqW$$;1tv zL3IQDS$jRksPx-6oMZ&wlAiOr-3+C*1;_XF*)!Ayn80kfznhS9>XaGJ9!nsZ+!Uxx zm}XjY0!NK=%8wt<4fe99dIJhAm6TTV&6@=~N$QcFns7gaJCYqcg#^D|ZvWStk3smY zt?tw_cYe2i@$c-xS> zFl4$57hz|2kv$lkH*OaAaO%(?q?>5e1U^~>d5pb%W<7}`7Sl>r2!A}|wGF^!(Ea3s zfY+}pu-C)^yxYvp&|7@sb?j_QADu6LIZ-tM85mc|?j2!&JRhtX#DA$E~xtG=KJK z+O~mbw!dF>5nr!2`T5bIn1woX>!YIN>Rdn&LhI!G#F@Sqc=tKfd(I05&;%nx6;c)P z&La2`@MAsakA5#~W;ZcjX{4#4b+4%33SQ?3s+l+=`Fpw(ueMT~@9DXh?sE%Xg+k}K z>J?StWx6{M^V}fl6D)vI6KUO$nQdfQTxDWpMDWi4dK-#Mu!;m>aJMyJU(o>2)`-F6 zBnQCoN7VVIueZJC)2g%nc0 zy+tD>*&~hw@g@l3-aU7?ZD9#6RzD$oA%*dQ?=0zbXYIM@JEmcR_!xyE?ZlNHGGE}h z=icB^Zri?n;EWqeT+ri+y3ne(Tn5JOc@-3gte%2M^s}Y)sx5o4*-GDK@I#+fWg!Tt zOyW&DspCFM4m*pZK1x`n3+@-~kG^hNJ-j{1c;rBTAa66h44DEJ6fLR=nOcRgp{Mos z9GrMbO=L^~7tsG$9*Lc~f9TA)x-fzd^RwU@sU7EbMR9ru+zZTO-Iy9}JY4Kg&H*Jf zt%<#K=~-sx`xLLJ3vb3)e~f#x*zI>?wId1L%IZ<8{lL~`Eud-cxavWKRKx@hxSh81 zz!U}dk5#Q#G`0-Ws&oHeEkMaEnm~~1$vf)y`vT#su?c_ofad+wQ}6lZuver=e5RYF z4~j&~PRW|mz3H#9`P)*oK0B7}cMG5p?gMp#Be21vCG?mvOw5X$ZlZfdwCd8rbrzEO zbH7?{+7yA8an^J+cvfU~icXq(UB%8BgvQX+f+4~@n0KpRur8vChFnCSj#9q5r%b(!qb&v1l_WHSv)lDCHa(0lvKe%)q+ffh&L-z>|)>>xQ zn_(cK->jEqjPR{I#gEOpw|btN+ihR8kl<%%xmyUrd9_zwnf&*`TrpORU7Px&T^Hz5 zDu6SIuvXVI9**ZUVxGU;>Y!lW964#=dyKzM#LS$B)L_uCVeffog!P|!dDmiN^<1JL zxVZbbIMHO@%a_07i5qgu;D62^*Y6L;k77~7+h>Zy|N7_DQ6Tm8S^oA3Api%y2(Fe@ zoz53dlYUCv9N*n$pZXh;4GlpMHZ0)inKL_Rl>v%aM_c>rmq$~LnW<@X^et>n^NzHU zcbnYXA%l_aC@GR`MRFbP@%jjtz4<+M)2#7;5)P`#3V8Es`@@&KTr|~WzPjK_Y>RRR z!kTob+ke=wbtV<1x4c!1iITvg;Ly;qdN*PFdM? z-RCcK*_$|Y>_Ef!1tUG$$lDq$ji5B>HF`D0IMg`RMZ}J$YpYKN2dmlU4!3?WLPKPE z!EM94;CK3e38p`~glDf>zP#Ua8A!B#!q$48#_G#!R+_w?qNQarWz@&a00iII$Zg%S z1)sIK3l?N@XK>W_Q-mQzelc+1Kp6rJmzq^OQ{cV@!d~0!3kBtP-w~HZaR!>O{2(W}dU$LUT?BLAT z+x^ZrjsMttb%pEMX(<6c8Xr{DT^gj&rD?0F%fr=IPvkaM$&9^j6md4ZS$q_QA)r)H zbFibh=JRUGBf^M9J0g#P^qg4Q5f`W2b6)R0NK<$mV38glh672F3&~tM3=8-4$&*)& z87{i7z^4#ODB@2XJ-TJeP`*D^X~KyXZZk11VCd9kCMHRw;*^=rmyM5^+P&pmyo#kov&XL|Ak-|Oh{j}oI4#?-&`@Ea zS%yf+mx^tPaVJ>+Nu9xh48I=yIViZ{EP&DwlS#mV*D__3q#0*k3&2;S0rM0%lm24x) zTuM+5pl@;E!p2#%MA{(;XF1dUy~+Kd-+-R@SzCa=3^@>;G~Iw&XM$A|uxy z`wYh6bg=}+^vZSCwVpR!d92@f$?>N`u>-d&xDpXPSm;jh(-ekC&Dx8Kbi-r|V`-k6?T1(0yJ9jEyt*?bL=vNZ9LU( zT(}Q6%{OIgc=iMpl@rI0Cnh9ldA7P8yUAH=hxqbhGzT2d!B8^}Cjto~Ia+XHz72vp z8ShqBkCWX5-`dWdLq5|-rO<;KKXLf5plwKWkX|lU_7a>->Y#hbbw16^w6eAq&i|H1 zaW;)|IWRTCP!;fLPe8b@8}IS?xH$Iv43j-r@$qBoJzMt~#lSL-48qDg`%IyNNKt;3 zNDC3(GWT@a$4Auv(Lz1FCiYJFJ}D?Dc>A^m_yKK-LQR`K`KIYKpRRHyK_qdpv2K`U z(%{|X;Giov>EPo_*M{%%o$~15`FXG*jkUGSnA@^@s;#vZ*t)?Y;pEAotWc$8B`5vX6$FW7ua0C&1kfanq)p?$eg($RN2Ow*&ws>s1_Z$MgoLDRUo#90 zuBewN*$q)AlhD}afFDOTLWPXJjQ)?Il}X;|8=50NEK&snQu|y7NP;LOAkEe%TV@7> zLsiz?h>ef0p-$&FTdyK|ZM3)VsP^iBQRYW_{QLx}8=tU)`IghCErj3m>=`pCydr7t z@-&QuB(~4qx!_#l^>4r``g>FBLdHtnH-FU2X&ULYNe5nPh_rO}$*Ifd&Q(xXuj3*y zRUZ?>7z5=uI}7M2Y7?a(S_Oq+#QoalRwQZ;Eb`)b^7cXnnEzPLC&}c!Xl`mcdi?kd z?mh!$?mj^e&U-`&Cai$we@&~t)49gVJTxRkZ(4WTzDNiO zt~2Tud)Zyko;`bgRz~xH0T#uUWuh|gq`3YB}b?LES_~jU+X4IYKXK5Z=|aEHl1GJub^Pw)>;72n)J?{U?0P z+ne@WR8mPv2|z+`+K64deks9Sp0!|F;fN_=d2)N-Jh1Y)!6AOAB76ps5w=uk`PrhS=^n zRgKBU+Uo}%9P{PhSr3|7ONE>IKVSc^sf@tTN!zz>ML)7Jz3;!@Rib_=&YlP@>^!U* z|2%T~5J|~e={f&&ibO>GE@a6#-+9L=Q9USxCJyjuAh_X<9d|5s_Leh7_y5uTn(}bT z?X_1*oaWB$cH$W|eFXSz_wLzfYoRhZu_lIwvvmnWyxc;S&+0-{-L1cW*?;t;BoS81 z!4z+~^NtV&4IG;p)FWAqiaPi|pIrB&@A^#^7N_IlT2ngOmaJN}os-R@hF>M;qZ*k? zOI1f_&z(EME>K~^HlIT^Jl;ro=gyt1lOs1kXhE)Ov>E>IEd%M4#g=V$%gD&!?FS$s zksyFqqoX=| zfJy^MF#MPGlB&VFl%-BTDU-Wq6Bx#5p9;yTU>@rrTgWpqghdam`_x;q#4)Vo--i@^ z*e}d}EiA*DH5bpF%g|oAd^tMV;W0vPVc$@09N;i(>u#1kVrjm?vsq#6*vtB^&dm}71e4mt1Vws14hGZ@T&b{Qpug|Habw>o zKAF^20#YfKV z^NJL>sW|z**?Y}hQ@mC&qHWAf+ON-?dqI+TWZ!FBM906VjTRD#Y&UOt+G*vhhU(z- z87HoMzcIAr8FN?~qRKHVpN{W)@q*FQ%l*jU;I<9MAa6rFsbo3BE&ZmjJjeyCAy(u+E6*fQ#37~qS*&fsHfa!~$mLikK>Kzp9=ljTf z>Xa$K29+NjMM-sTO358gB^7UONxjh7cgXd^3dMa=XO}q!4>Z&nVi>G!D8JA+Sn;oC z!M1sk3;mZ~KdSKTQMT-{v)8NNwza9IRNt#`c6xt9vAUq{pscGkq;NvWbC37xS813$ zd2-vMC2{xePOIXI)n7PX3JDFx2c7$enp#~=jT~y_;1DouGRx{wZAkTop+i`PWq9Ld zpA#n<=?+k;_wV%?e1e-l)$!g5Kp~6+23Pw2dVhio-0$N9JLuo8G&2|Wmf$e!{H&!* zbMfu(zUIKB4{2$8r@X}ZpI1#o<7llln-(Z^SVF#caVRY%et_Eg3W?l1pDIs&P9F3k zhh@&sQJhOvNaVaH?!dz{tut`KTD`N&P>M8?v`%gEH5g4($IH>#D>D(z_R3|;)WGU; zg`>O=?c4W=_KecFad{mdx@TJcUrysKCo5~z5n&+%50*1C_=fegTTV#3AhOh!VY)H#$Ic(0>a`Y|ev-bS zBK9DvhuVr=hac?nu^%>QesS|MW#!El^S)o$RN3}x({HTuZ$QW~iV(ZvqMu(TADuBb z=B~!v+l7`J=LHbm{%eOvb`LcG8mEn6#k;+o9lG(oi)5#{_#Qb@$L%k)Oj+kcea{0Z zb9&3#qy>6-y!-rLEZ-Tb__U>(AW3wUNbT?W@^q_>snzJ-)My%HX_jQ@H5mtysEvWj# zhYuPT4nuAPNpL+7OA!pDu)JmDiO)PCgrC*r<;TOqo~EV}bNe93bKl5WyVadB;^^q% zq(TaN?ghC9-eRzf43fJE#G>5p60G%OY?csm52ZK@`WWPS=-qSg1oNfaw5hjFN8p@4d-kbIUsr#6+uW|ANq(d6%_?4AsJT5<)z$6o?fW_E1~k=wIl}7rHnrmZ z`(P5I zi0-~nN`spdejj5XSm0QIo!z^21M9Ol&3OKN8|YwK5$6&Hw!Ni4F*VcxX~SulE0wpB zA`f~r^#1Y5)O)vF&j-HsQG@sQoTs^d^yn^|pYJ~Y+|puQR%*kzx9ZB23|^F=q;yun z;yb|!Dzzw<5XMbt)}WY^{^_ee>(z@F!SjVZPw(CZEYX}aNpcJYbjxeDXDCozj2N+J z5xAq4$`c5iu12SkpCr)8K|$wwn&dL7eEG_i3?C_BpaCE-W{jxZ!Fx~(?3hsYot46* z=o`)fMG0jlN^jIrr7y_P{qXd9l|nZGikpq zRXpnL-4&)GIeTzraErXnonmKpH?rGJn$nkhP3x78hUva*X4SN`)4R_wF*b&;U

Dp`>OK==@Sei2J6`Z%#1RL9dF9?M~&q8eBR0bvbP} zNT%cb6Bg2R*4k?{T9ivCP1B*SPZ^{{wT#k`n?s+3mvq4>sr6%o^mU2gsl+WtaKzTa z_=XKspW50($7OO!g9goaU-%aTFbMi+%PM?m%$sQ?hgG$R_|?A*4R629)c~z z1>iww*s>G3(YI<58te`Z6cK3;Kdx-Nm8Lzf4u4O0F!vCa0kLEDqZOk>wFV38t3T0; zKsN?LIki-gx35s$xy!Gozqg;PY%G2t$C8<%*RR=*RtDYxc{X)?Nl&h)-%STK{&@z6 zeB%o<4u4Ba3p3j0`aWiIBBq0N15@Re1O*<8sQG?L<#VUx*Fh^Fq(({g9AbIE$;HKB z@nTOni;0Q7B=QRi9;c_9E>I%x()c7=Y{O#I>YQG(gAqjN zEm*Ll?e`?vHpB$8`NOh&Sa^5@Jw^>}=d7j22&J6QXgT^9guA~?_V3$g1$nwcN!VV0 zcp8bECk-KWTmFXV>9c1+AKv1(GgwViKdf}o2J|L#=IjOTiHd%&6LT3T)`>^WXa!NV z_}X2@`A~wP0DvQGY-mWtlLn`TL_X6ObO>;G1UAG=w6xMsT_CK3ddX)<%%}{8*uJE1 zcKyZ;m#tgZ(D)|mT=Qo;%QS)&+hc@Xqvsco2j;oHhdtERzD3V~N5<+~_pzd)^GQs_ z_~md=;gm^mp7WoV@*rtfr9OOUj^PQw1YD`A{<8eit?Sn*N2fB_w|_sIuIK6L>7}IF zj^I?&$%n;+SVzHJuVv>Mt^cDX=jW`7C&;pa9YsaPv^l{Asj0g|x@IuAkK+$)3wLar zv-7i@oX3lC@a=kStFdvB&{DtWCTX%TD{5kH>Zgw%ceFNLgDvDtMB$!8r${;QDmxhM z?JogFxH@>3gA(*+4kNy&9Am+i8OnQ9^^T6kuA=-n=8zc0PGW%(+Erdm_qHLntxR2b-+RpiNUjf#j^ z)Zx&*Yga_91IWaqGWp(p`WAq&SpwThe>;&@S2KxN>@7?n(T5d1Wr;}x@h}XT^ti4Qxo5gn?nMG!YtRVjR zEn@oMfd^eq zC-}}5`d~pl+566!!_JDJzF_&eYuEB}a>QF&Kc)%8h=7W3+JdfrXG5QZUnIm;(9fW& zWlQu;c9&~=%uWHJU`IfOPT-(_E3G|01gcwW$`oHeKNMD&tEK1V9d3Fk;m~zN#-C=D ziH=T8bhK&o8$vp*D?~SYJyaPqKRx!r^XHq{LCqF)hP%9TX`WNqKyp`>mg;zk(y#D| z2;=644e!7Ixk6)vkml1+r=zG?kHzrZM~iMh;mro8$FbuKID*p`({w5;LZz4Vf*M|5uHZiKJ6{& z^Lp0#QCeCp)Fqq?V){1kT&}cbx`#{9c^(A_o^DEm{qDVc(rkmrTu=hhhW_ADM z^@pRmSlT4M1LTbQ(@eCL2v`M258%l)%_XKyXruKs2tqq6UH{CmTuDd+D zUe~T(JwHWEWLL)?o(E+gZNH)VOE#=o^YqD@F7Gq(B!cteF#G*7snMDkv0hp%Lw`^4 z(0w|o?L*EkRb&b2Ez(o=jqd=1f$0vGLv@T(v%& zE>bdN)~ms-we!Rpl9Tc}0tc0vfvq?SC}jKtr9eF~G?dWy6<-k_tQMwxcTUUp-&OhJ zl#XGlaD$hQzC*6^07=Qi$BsQ(AG!a24%4=aT<#tt;qime=}_|!o53x_04Ddjh80Vf z+S(&QuJ5}>AR|yHWifR}AVk~|7LcZ~Bd}$W+fVd~JS6i+oEAO-Mo%XywuiHMUpNRLi**!p4p`cc_O0<@Z%n)omO`&YQq-3^>6($V{PvpLA`w{BHym@YO3 zR)%fPgf1$iZvo80=lRL-lj!@t+_A3!>_k!(K>h-yV`0aS&+F)B)#DWJ489D^s?<}p zLjtvpPCVzF=}}?)qj4ybVnnHQ@%+w-HQ7v??^pZ1Vdq4Mec<5bix;QSTXU#a_0-;& zg=h+@R-@;1d~oJFd(ge$(g#J2ij?ebAH7_vcc+q>d&Rt;*V5@_usT&VL`7lZF28 zoAJghBs$lO#t-YVPTl2)6jwrpRgjl=D)X7Jz|wvA7W%A9mK-FWj2rh=qW!l-7gxbg z>Bo=F-<+A+h3S%BE19&s?a=w@A|fMaA-6;;M@4&ra_{I-WHF0|KAw1J_m5BLWt(8K zQ*OQ9{g+koa;etmzG>YqUc3kl+Sm&UY4z&WW$(jzIlkTcm^`Vzq2cwbS0x=UJJk%? z6RX-(CN}M;+fem>J>`|!bVfdeFM`(4WbjaYMEE58fk?+@Xo~Lab(6(@kn2MdyYCly z7Sj@OjGyy?PC1ydFxNEfEW`Nb*4CcCss?EKd8~{?4Zf&P-_`gr(1PpMd*C6xQOZ%X z?Cr;e8mw9>e347jl6Q-*`3}H|{}4~>AB19UJ=$rg-0^~tc26{M8^L~sO*3+WD?Y=4@?aspum_QE(}ag*zzXe)(%7-g^`UH=wS2jA zw8m?Xx%1}zwPOb}sxR&p9?%`Z=q2M^aqE&2c}}-(ozOWIe=YBs)=b+&J?0qf*}ddN zpA8B#_C|$;U8F#OFNuvEEFr=>cwX2wUP!NVlv4?-)xuE0RUqy zBZTDSF|=Eu{Tobz!I+tu7mCfEX!vGs@{N+dY8D;b$MbTGm-fc3)g_%4%1~ZtEC_9R zxaUlh$&xQo=RC!G_v^QO-MR=6Xv!s4NW)!{{!4b$Na|26acz4?rw@%)b!m?SLs3n< zoor_?KgG+V9>EINP4y|J@h+r%Nzab5VfC6p5h~{UCx|@ol0LR@(xgepP=*^C8pB!Lz`w>~rg7p?nk14V|r9f8JVU0!W0k zaP*LjKXc|22pKoZnnlF$C1Dyp^;f(ZkbRUH+qkKm~Zmya)?;MY;cyL$E#fN-+ zd}F2 zXL_;_`}3DC7fzj0t(=#1_ikxf88RZSZz}w`@+N!WVDXKI!Y6m#wv9qQFJPaLV3Dg( z6v5rzO-eeyD16>blgWu%G*?{u4sSS_M4MZ4!HC09zVUM7lRev*@Y{D4KaUlq2hcf! zML44zaY3;jT_6>q|HC9_Yf42d=ns05!ad+sZhrowCw`Sl?>)u2)Nc@?WBV_Jd!d!% z6lc47^`Kh&KA{HIXV3}kBQZ670>wSj6YI0Nx7JdCcU96fogOolU4m>NOOf8xY>8(N zB|?nfo0dU9v<+6!d4lERl`BCZS*JFTG$|&U%;XR2HB~@zkvqan`U%4;gbU=A)R44+ zr)oMg=s?`pNIN1uzhc7f`x^uU0FB9BEO9_U|1AN|OkLgC&`>fWWk%S`*&~&dAUW(o zUmA6_i~3mRzP-&fF!2PW^`)STNYfImlYZ9L3XPN5vpY3(e?_}c;z-s3KR?xFOOPV% z+BK`VV^C%NQ`>2aT^8<LS&hb9M( z-#d^lUQ!bCVK1;O#ewVV9(M|UKpFNE>4#VGU#Pm`jx%*$Lp=|vl4sy?hUiQOK=AxL zqS{ukTq)3Wo^8`qUp_=mFOU@uwr~#g5}F8DFUSkuy6Hkl6lOtaQE#$4c!+>jsg{;CuZ0dc&R&&kDm2=h4*aKOZ%+$zf88dn`n@oEiyhzFz>CIS;09RJ7LLj;85B>VPS7xz0!c7hU-QpQy(5}Ivlh_7m}CM8W^*D`4MP&m>syTH6|uslpnt4 zlZ;ACKqZLkMB^7(-`q!#RYL=yY|&8Nt9}mNnp}GD;MFTv7SEY8hq2_?*d8V>++9qT zD20^g?g|cGW@$O9-QXP+UbuKMrbEA56D0{`Ieu>- zRt-(fz8W`(+AR^YRFUY5E*N``7!r_^#x?Tbf(1Pr?sXt8 zA~o2`4$`c8YS&eUym^aIL&=#$XUW`_H^tjpv*;UeI33k!Az0BM*tqo&1W zfSxvo$dOqY+rF_3$go3`ItOk#F*(^2N{(`;Fox=jFLj&eL_BTg$7xz%4owvd%7j&h zYyzAUZ_x#1fpH-fK@IoZo45Y1PCb3FeH|Hn?Mf#Z0TZNp z{QR))zrTLnIn7rLib{(M<3jP*BPioahOeR}icf-No_6#si`=(U8s>aE7#te&oP>EF0?{4^M@B;V?VyX!FU4(;+sCk< z_u{Jo=gM@?j~Z;otPF7#ih*(vkATw3%EG+7)F)+AL|XR`x9ihxdT-PV`485T(!Bqq|Cbhcdy$JiKghcX6c zA?(vVnr+vwUBj>`z0?)*CjBghHqe1{!@KL|t2BN*&Tgmg+>!Rbo_BTN&iVZepk}_JZ6wLW4cpbtu%W~bRR6F$;69{G z_=}XxNstD94S>a?CBAWEW@@V8x^*6nKh`OSEwPcDw?z07k8*K!9aH|}0Ye5uv~+QM zV#u3Q=y4>AI${BAJJli|m(eyqp#VXPBqKE$iRw5ls^PLAkGAC%RUzN0kn5 z$+;!IX%EjYDuP9siU12k10EUeg~soX#a%LCuJdL-(^y>wGh6GrKM>GL@d$lnoA zUm~T$Cwh9$XfK#Ol0ODAX=|UP-^?pom@55hmgvjO%r8)a==?adI8qG%&=Lt4m zfn>p}y_JqKtI#2A2*lUF!QL#tM?B4Ra=euXzBA?|K z7T&hWk>%hM!%SWM@K%E6HAWPjltk}(3p7%fVM~;b-Q}BTzCd~a@GuqMeI*UuYH6uC zkx2RJE)>qXJ&0FS%V3$`WVb%;5??=l{K(**oLup%SM~7E$N^33F082H73w>5N=aqq z6jW&ZTKvBRwhG!cEiDZ)>e)g$35jSR4QI^3;hsa08p54H%ycFYcxXu5QW@S$Z;+hj;L?Xo~Mep{=VhJ ziNh|8+15VIPeh0rSWj}YXuzyr|AC-So;Gt_mi_$scAVB2eI>S|ogv#GdGCHXaN${; znco%_p&o>*VK(*T^qm9qz8}kTIaztM>&QOfY`VJ6&a^%~t*p)hLjC=pHQEg6Vrp~< z3dJW$%yd);^;yHC{mJs$EA)NFtK<})3`nj!vwPvX9q0=Wx^l-6Nb|B_7Fk4)hcdg_7MVr@9DR}q4$I83)Si-6JHN*P5qg4 zcV*#DWSMdj`Ssc_fP@=X@s!Z#;@vC)QxB>tTl~jV*i%lRw(-lEXr==~-n#WVO{n66 zP?4G;Ra&nH$7GZ|ZWYlYOwy3+ga6zx;X|WL z=qfR(`^ZI$932-qR&TlWA6?t7nFAn*|NB*=;`^_Sh42?mgLMCMS^Pn3Z)ExZ{c7*# znARobDB{p9lmFFgiHOu(g`^9c%I{8DQLHcVpMO$gvb)cK|NMXYU)>BX{?8wD{5F$T zqKE$|J-sHA?jFrdxs_A@`z^aRl=;m4Lm(+C`Yw4MK3V+#ey*CwW{PvVQCJasUUUQ> zJv!?6wHr4aHg9f!{yHQ)JjJcHa}*(y#yBiJbHwv{Ft(re>Q#Re7X+a~tgI;i@9z`I zHMNbarG^kV=|z7dYq!;L{4$H-nMO0`wpNZMZru>%X_>c#5I)fP}>ec$ByOm0|HjatUVbV zr|c=VX!_n041E6cm20kOmzAFGEx~FJ&_i{S3qJ`A+`?eDgbw8sKNV63lCJorGSQhg zgt86MTh}OIzMS8IP~AOf|Nac9cWhMP_Ha3&qKg(wY&F|5(S1&x77s@`L^+Ic!PtxD^&3|7<>yE)s?F~d1J#mA&p@GEI&rH?Cmdn^=Znm^^fpcNJ zWZENcGJ%%QS%GP~q9WZcX~LGnVHkCMnb8FhHfdaA-n(e6ArAKU@4tWWpagk06c*fY zp}VJNdwIDvj!b{%S@h_iA-@#gq4MDBm}k$+pXNMUFhbtDA)ws&S$3w*2r<{wA|f+S z#KudkLR>SCrz!iMjaE+&1atIg&_xErDnvx%WN3`H;-V z51Pu;ZeU3>6{v>y@@2S@mnvh24`=8B=CY2`iy%x7 ziRPz;e~|3--_S{9ViE@62?aFJvt-=B{{6dl?Mfwtz=EkdYOn#}9cVKh9jo~+z8$1V z2xeH!*>-0qPgN-$(Z>M|L!O<_$lU$N&nEubn;_|7iccOtuD?GsuvHRKN=xJ}gVExy z{`0Wrx!TzA6@?lK(rVG%MonHF@A1?HSSA!iMPofS~y`52kGQE&E)}5$jq3Lyn7Ap&5)BP-RT*c z=UC%ujm;Jsnvb79KeB-}6O6YCZK#E)-Js9`+T>kww{o_m7}y-9PO8G-ex z21rQ(N1HC&n`!C0un{0CPg|yG>;tjifeJHcdZEHdiQY6bP42zmO(7Dn0ti8pn`7c? z8?mIOf;RmRpy2+b0V1uYeXL?D2dP@V%gx>86Ogi;g2~e}nHDX%ZT))Lh+u9!UxgJM zEuJ;CO=YF6_aQ64$s|Dc5f9o58M1axvs<9YTKZ}2`$dwz2tLx?9(A?rO%jSeJn}|m#mD8?oqsJ zS1(*J#^+b_OG(Lt%uFWF%^a>5Uzx+bw6#^FO$g%g@tMy7Cyw!laQez)$A0|j?vog}Z=V9D2~?(3In2B=pMZ9rzMdy7Qm`=9JS^V&6wg2jK>Tsk z#Jq$|3U#-Gru+(F!l)y+ek-aN)Bt7ODAa+Je$HFq-l3uBXpWsQfi)bsu#yiu@BQ8} z9TA1Kjg3VVuCTuTdZVOZLJ(4k7u(Vpb#t3C1K8D)HhH&%Ijj`!2-1`OOqS-goU1(b3b< zDP_nV!Vjhm7^JSDq1%HOwoJj#utW&NhXMJ4fs59zeMe!12x%+hHaO5&xU&2O!VuKpPu|g8J3ydXwkZ)HQmimcqr6I3Pn@zrUfb8+vaRZU%feRebgV zQWHfm(2r>r!aVIDR8r`NEaTgzQ2jZaX@K$}_#^*BCF-X__5*&$U{%VW#AM z0NdNQ_^{kTw>M$JW^Q1iJIyN!G1@5(@2*fQ>*%drt4+~FnFQEJgYL3*Ev^Y4$JFz7 z8VU2TETE_(OmQLPBvDbpxabd)EO;(THtNit{ZXLiyLICw;vhX9%^01^y1U+OxAL#j z+V7{5Knv7c7>#0(ulA<9hlkwsztW#R4Lf=?{n4XeIWs#5K(bz4Qt?>hLIg+C;9%@r zYcEw|e~Ng68;9tK)MYdh+m_!{5%71V@<^F`iHT(sU7tNe)+L*~!Q~r*QW$-Ni3ABg zFLKAGoLi%$HX<|trz?Xw{QOeq7d5{96H9hgpNWb22_ht_<5cr5*#oD6!SbIfEA;}p zITl^-=Ji|bYX%D2vuDmQbJVxZaepsrDBe_pH9?KL#{sGzACa?r;hvd&nSNn-4uXyA zxpSwhZ-(pJ= z#hKt)3WLL=GB$=PZ;QMyk`kb;HAL%u>m&b^>h}R&2QZ=?M{k$UPHThd#@pdt2Is$i zy?e4T_$! z3ri%$(ZF)oo}{BVZCaSYXjET^&Iw8b50Cr7!7p5s`wg(LwY^OTgsx$-TP+$;e0}@L z3j@_mOu`+|;Z(jkeSPG<8n=wM|EmSq$Gx}Y@lnoj4j?3r!f6n*jtuWocoe?iU%3k? z3IiDzN9u?UV!NxWsHkW{yn9;RWKwl8F4a`PT-N2wmuZ4>xDdy1T%G8qL+X?%U|WucKqVr zcZF1|lgqYk7gk(^Pyq>`@4t!EKddw2pD3?(idLaN&cVdhbkV|DLxut@pF+(^B6WTmC-o)E4PQ7{kfzBwGiflD^jeWG5NYC zSa?KE+hzxO|N5b@My-%p*un1iQrTlqu2gISEJnvMlr&=K(9GkyEEi%WGgao}BW)Y_buV(<@s8 z=%flVDaPLbttAgSg<1A?p-lxD)Nkae9`eL-dZ@5DFZ<8fQnCxb+U?sLcu>6Hz82mo z$IhR(A$~7elEc)agic{d5Lp^7z6b{eDqa2^pU|zDHv{z-HwDIr5#AE0oI)iJra&z+ z_dv_>#i0f%+a}AFVAdEEwV8+OP)^-4!?U&U<;yu|mm%|kFhQENX6@QaMV$0x2*F3 z5TfozeCz=+i{HzUBaryvA?+$TEfC}s<&e7jHgqB8A>}fvZxsxbw6-hjD56)SNaCMU zND=N&FI6P+$i=4KhN&k!l9Sb_C=_V@;=~xeRMAqc==t-Y^2|IwQ{2JtU%nu^gjnh5 z9WMUhR&)8i3=&$pVTRk2!SZOL-cevM7Anj|wV1HXWAnz1!ag_>CygECz+s&M2(q%W zeDEIfD0#@yU?zEQL=7?&uCBDJ3OExBT1Z&yxZc$)wu;l;IGp3LMZAeOrJTw3+;^gOI(;nU~W zZJ&)y#dCw3PL}=J_3MMWJ-t>jP*MljW@ceQh!fNNe^`6-sGj%!{WsebB@LuOqhtyd zjZ}Ox3z^H*s0>jEsgxlpm5?cwWQr{+nQ2nWP-JW{lp-Oj9Tla{>&`xUTDYJtv=<1=gB$+ELJf^yC)Q=L9zzs7?C9>_~2FBF}=M>duL=$<;G}$I!eent5L$cH^Q;RZcM=BWhax zWG3%Fz`OP5_aRrpLA`mpM)vsH_+_`yCWw_{08vhC2Ws@f?**qqni{s0jjmb%i1y1o zK>+kQ;SFELY6OmoEhX?htW7f$ok3AaDLS$uX+B$ZO^xhhBbsPxam%2Ten zJ0b%L{0F=h#uxF7H> zoNZ$B*P`+fYT5f`XqcK@%WHzNAJMUn)YB`b{35s&%tW`b)y|zsdYkdS$(-L zI0%#jF$kbFdv8~T(`_pD&k%4;Tj+4B{+`$5+Ncwo4tSQfwj9&bbL=r^@PUsOy7zmu zTu(Du5h}flIwmNn>FutSFI<=P*7ygNb!w=a-?7;B-{W)(4} zA8%%As?_|7f(Y^3r%$_v-#Kd9A^m#s_SED(QR9x>zd!5M_f-xTE&2dJ19F=mm1zn5 zsq#1D8|!f&Ln|viTbYZ8X;^nz@G zoVth(gz+Bg82(w;1^Dws1Ej#+YOla&0x#|XOkeagMk7JO&X&H8*T@DnR(vrr`I91F zMnpAALFJ|BxJ#1e06iDE$37zaodO}NXqhdvJCd9saIP^2N1SQTDzm3gXXLAs24f0P z{`gIOk9jWTOt(&L_?j&+fb*#Fjz-@=@>W#A%$1N3K)KXmD#`dx{nAjq5K#=@8LeVZ zA5c35`K{73debV};YYt92nv2+;$EftY@}Wx6d@}gQfJm3K!52;RsBdEb#-+{8=ppS zA14c>7JWQkcDnf7xLr#|{{-#kVbpz##CU<96PhII7}_Kh5e7r< z1Yf&;9p+sBRhUvT|JPO8ezH$mDK;B~Z;DFVtI^o}K-|)WbCF<<a7u^yghb9}pMl+^C?U1ae&g&y0%z9wMk~F%PkPshSDK~6* z0|KVeOGZXx&>)Dn2>}HFE`l!g(D1>7kBo4YYPbgvqMh`Pb&H%PpJKSepYEED zpF&yalyE{EGQ{aUG9@TfL}J*eZkI;v0Qcv)W=$lA4OKc;NAFo^cz)GDI=Ne3dhOLt zNNTFty!rwh#yWTE1g;CdMoY1t@fJvI1AYBZSL=R9alw3r0Sj&gjOnfRwsRRpgosIs zHBikqrozNl;=-%D_m+@C5iSs7L3^|@Za`XzO#$864AcIZ;t|L)XrXuqVGYNE1wtE1 zDH0mrw^P~G+XXfifC=OuaMcOj{XcJiBqmv`psn4kccSa?odpwAzwU2%Xr%JX;=b8m z=+#P!i$P6a6c!@CLEyUK*hc5AHAX96=#-y%NsE&9_@xFLu1YR04IzzE{qS*!4o9g3 zPMomp>m4esx%x&*O2lD{J{r$nzfNUY9787524ptc6Xq-ErV0MOvz-tL@dIUrMZvz9 z7^=>`efku-gHYWkQ;dFY3Gv0_Rd{|OALR~IC3YnY?NV&|H3}}=z(J%NCLb|iz`VMN zs};PIl8O?Ll6z3EUDWaN-oPA!%XPcC_+m-~-0Uemll}pRpeEp0)>Ku|XNyZpF1q14 z=*mDXt#K13!0`!dOi)OmnIJAdd^n5~x_x_vkinOv{(RvoyM~5|XPVLJ^7rpqh$A#& z0$4Y%_jCwLJ3F;lHsBf<8Vc!=76<@EMnrD`2tluhWgtg?6m1KA2t5hd3g8_QK4H|% zpY3%Uzj7-ahj0Dy!mzKIcdroZtCue$l2TJs88MPnO`B|>t7{Agh_Dq9d51)wr12xe z+K!%YKU(SmaA7{|U1&Ro zG~h}06~C>Pz9$T>8!PH8Dt&ow<_|^qva)dX;lus8Z?OMkyGpcwP_f#bvhwnnJ_@5S zt;gNPTGb`P49sa%(fuNg=rXjJ`FU&W+Slj*+M=;3X7N;$B3lKo4*d@7T082dx-))h zzkjyGy7FuTb%AYxUcjM%i%aWw@gE4eF=ue^VQXrYZxlY+ka%hp(D;AkLXEqWFrEvlL}(ed(ImR?g9%joH1awIBbocHrLdmk4Yyju0gUnzUk5w7#DUU=B|qQf(z zwPZziJ$qf1@6$EZxJ%j2shljlwxAf%pY`9*|-{1|H|_-?y(M z#Wj4}w!fgl2?1=|<5^}(kFor3RJ_1_Oz@zC1-?M(7u@T#CH7W$SZ&ub6KJ1$QRT4n1_Jkohpc9y%4Y1XPSnU@&%M;nAmc5#CvJ=F~Lg zY7%uIOAUK!Ecym^&OAUQ>K@>>YO zCYZW#m$s-$9?!AY(k*+d85p|e-w}0%ItM4vFEB}{GJ=((<61rxA;OQn$JbsO=pzSp zR5*hQk7+x~tD<*+mBuC}Xh?QVYxrV1aL}O6UAh48gA5|SW7FMyn25|w2izWPI#9V_ zQct<`{q;Af1B^I>rMUw%{#vq=L4aw?K+dTpHb1C1FA~T9Tyk^lPQeOuyQ-qR{6W+t zcEy8bgTY*$H3ltC^EF{{Urfwq)Rss+xNbDgKhF+zaQHE(O~U{4`fbYJ%CrBUr^!RF zdK{ZwJB>+^n>PaY1uwfhL_a7d<`-EI)|9g_G6cav9bFC0iQoaTB(>z_%bU!T&<$E7 zwl4-&_$y&MgrMoG9v%Ec0nj8j%851Asatk#s;Gl8@K`5x$x~bTv!m1%yW*n`$#iOT z(3HG`5y7zHjI1|v=9+8D295~(-pNq>u2T66Ct z5`AcRIJ4dUd=0uV1(QDGz9mL5QQ5xGs(_D=f`)q6X{FxUHRb(jg^<8tLa+#ua^Jr4 z4o#ntENg1BFvGl53pG-rwVhq84MQXhnr$Ssv380tFE`ub*BJn5 z&@ftKBLjoSI;PBvrlizU%R&$^ymc@phPiz6f=xm`$!KJ8>pdu!`hWgG%g*R}u-V)R zA1u5RR!*!wCOcw|2ZPjLZ~go45XEt$maSN!89?@@IineaL|2oO+rIG!A?5d2J6r$w z(Hu6++jtE=PX<} ziYMxq&820JVNNOh&deFS#=OoKnd3NSif|!gUP|lWTRbPOxD^AKF4KGr=r6f?GujP$ z3Sn-Zx>H(2t4dEQOb&hgh{_)$Q}#YCgyTc7O3@C9NhdH#>j~8?qEUi7MH{$gZN|Xh zaSUv_Iy#m>ly2O3mC-heN`sLj75a`b#o4X8bVj~SOXQr;6@q2(;JZ|gm0rTEcJCXu0@WfPM z6H3D)lEMHAK>=6jVS@+nYqvymMq$U4V9dI)*>~5|n=vJW9~=|b^mqr39$hkb?wz}L zfB(ZYCeqZYE{ zPuw8z4ffxlVLW^4RR5zNcevc4*5f}1v4a_98u<(`nD2ve-{$ZEJ%9_K0MI^wnLt#~ z$?j;%uU|+i$V^q@R5vMdL=lg2b{NlngrNx1)vbZH(vLl@*J#NO0%c;vpxsSo9QzQP zQzLimIEBVQOY3A>+L8$qD(PzpH)!5~bKs%}xSUbI1Tnq8e@@!=SYb*I{RXHO-5t@9 zpb}>i4pYG~;ZRWDgH-X2PJO(D$T-$yUCzswQANGmE|2OUcEZo*8R7GeAisNuy#Pg< zUl=2|l990jw@`_IgWOD{>iab?)Q0;=e#{(zVl=qhkSe*}y~hiCB_9vpfXs!F3mV(K zqPVgV@m7(y(F#}H7?-^PaqMjLEC~sDs7a%oaGz##Q@?(wJcZraJPG!ZzBCy0c?`01 zo__-h^cCP&(jqP}DL;3f;OByV=ExB^az)WHdSPfpYACSsr6+}#BhOfkN0=RJj)*uCQKUn2BV&-(b2D%LQuG6 ztVblFRv`Q2-@7*%SK{5fwIlA8dUxj$ab*+D+qYv+&7z}a^d)@!o{x*ph{plg(2Z&a z{B()b)z?SbD1QZOc&jB#{CM7)W|i+EeN&&L(4>fIT>2jTs|` zzft2=uF^CL3078NFa&MGwM!*eHT>EjE|?^)er*b%%SuJ~r_Y$f%f8un zo*;`Dhf*5Mvh`U)OxqgZc}2BPB;CgGUvUgRX?aY~5C;El#+6AxCUrUQlrHkp&qHDcP^Q94M zynA=@Uh0-ryB}UxcYJ4xz9q*3tN$>TU9=@{{7`4TzO7@%BZZuKSK^A5|#!hJKvjrFD>-PuQmRq&8ek| zIR(c@$2O{^zFPOltnro4jOZVE*FPj}QXj_lPufS0%-FFG)V)M_w9UAiOh{K93j)q# zfWID<30MblA^DnaNZ>AMs>d(q=V7yQ!@tcujiK7_6HQPcqK7Xw{=Ib~RM}`Z*qlbTrbnjV^jcQYPO%5^3qCPGj}HVkdV6Qj z4{%6XgAPxv`uY_VDd$GHSj&;3T}lL77Z@GMVEQ$zoo*Wmvy4NA5bV;Dg_ell6WAZd zs3^ACNWX1SFeEecZhWYuLSzHVfy_9jJcY1?UybkJCKxt{O;edDqp*ysJnZUcF4la z<4Q%}%lp|XBzegjZz$=OrF_KZaPK)_^aq>TH@vI?gER+yZf1K6I^SWytpYk zEBf+og*(SvF8w8KYhOPmuxqaFI=#B!l*1na49EZ!nne5zQ$g91(Nh%v6h@g|5;w|A zD6c6j-HVbm%*bbX?ktQ=c=Zf>O-EU zF`EuZRKB>q=XSxVnl&+!Vtz7immgAe^$URUSkR3VP%DX~HXR?Lt2;v}vrr4IN05d% zq6?NP6DML@6BQY$0(6^uH8{DZ%7%xqhB+XlZ|u@dzHL7+@^RsZ4SurA{~8dv{%ENR zY%vue*2zdJ9#npwZ*L7Vf!fBcG%Y6Xv%03{?L84wPEniz!M-(t{jj^`<$z6)y84*B z;GPe^%*LY((Y&|spnxf-5IDSzq9P|adzzY|C4|Nz-`fcCeqhMmzoKJfE!Mu9gq+T8 zHmLEUMYrtamX!fI2!axZHAxB=E(}9$INI<~WTXk|9aaCA%n-ooKKbbB?(S}GZXRGg zZ{9()jcF|9E$tFdncM~2UAjqBAb>QH^SPAKmF#YENe z5EEgfOKq-LlS*=LgPgRVNy*7SA~H~>yc`8zPN;VZDS^onB%sis)jf^+VKBFtw40u8 zVfhnmIQh^7^x?FQf++;eP)>F>FoZ?`WB_J66eA&2DBM<=wp5|vW3-Ruaa3qjt41(E ztm8R}ScBiAAK+NC#Ix3YebPP}hH5m2xZ{B1qHeqO7nuqzO*M&u?Ryv_e*X~bFIDy_ zBV2vPTSwOt$5rM>W33~{zAG<3e&WPB2siKpDt~?|jh1FKZYy=pgCr=nxWaS`br%5) zo!E1%*l=k$I0Xx^zt&aq`Elx(?&v|8iHHcNY`TK;Jjk3gax_C*QFhkNKYk#bvSR@Y z8IPKZn{($*=Ma&wk_8(%s#qFm`tXG`o~TWwMReN82Pgq~A;5a1k4+oB_)ShC*M`_C z4DkQ;uh9gH}I-tSqL;zc&>oSw5==jHoZONKAAKN86-r=9sbws^M zNx|e|IQzBL?1Warv7DzGH#{(XWD)7GEqulfbM9d&frf(lC5Oc>6DRIuriNM+>Iejz zYnHsXHTCrj7ed`gC5n(~o^ z(ZFTq@h-B5f=_1PkCuQZ7mFio2%U&tu@?Re{;_n?51D;$Cmj7E-Lb1ykLjAY!| zXY}r_3>-EQ4S6_~zy1e0HQ1ahNl6*AdC=xvShQTwPAoS;_Y53LQ%j}z=J-xYq}Z5> z2;)~DKk`M`5U2_vhImoho1I(mx1c{fugLHO25b4IkDfPZ1>03o|M2WkWCf?cAvN-3 zB_;ku>`0gO$Yq)WMHg1LzkpcjdpNIzlk7*c7B61q?Ck9B9zJaeu7wXggxPuyI_>PO z)Krf26~YP+3o>_hS#g0+pFD{eWSQ7pQe*dS-HJ(sV0SkABN-Cz-TQq-ML#VqR!0tD z9!w{dlz`LjTP``xEo~fKx^Qc2YoWbZda%aB1CR#?{OgQqfBI}I-Q!wJQZciwqfp5* zuuU+^=K?TAKw&VnmW<#0U7Vg5BV7t(BpWkF@8#hc%EBfqt2`uf_zIHX0WkPWW|i3J z(pj%(=L{|*=$bf-KoiM}5p{uZwKA7|{n|CAMoASx^=nWhFdAFNvpQ1g3n|WQLKug+ zb%-NLic`eyZ~S*#(nnPU;(y`MR6*%ACY>IEF%$gJAl2yeel|5> znA`LF_nm1*o~D}#@Dzp|aeUvg^t+Qb4|UDng9lkGkJ;wL6)OZZxlYCfYLCbs%0vaz ze+32hd*vkcJWXH2{T3IS02~}Ye*5|J?>ulFk2>|(k~v=3HaJ2~UiI?Div$Xd(~S!H zsvdJ0GnQi`9~?5`6~{pwhoV~t#p4w|O|63}JQ90k?0EP2s&vyC{(M6#b=K(4kbx`TKF~D-% zY=?6$?SeV6f_P?aS+~NYAlGMZm$Jg_(Rs_toWg=NDgbxgB^4`zDjEFVg9Un69)vq*V&6h3(#|7d#)Q!IsX%YQhJCP}Kc5|8gLQNSVG|q#Xs3p=q~Gk0p-OE*d)5HmA~H5#YAhNE zr32K=v88;^jxNgEt^g#<^Tbp<-YschCah8;MK_5r?Lv^?DWaK}LFKe;8EZ{PdDW_8 z>U1Ip#?#A1DJ<}i6C)VMj(HFoxkX%B94Cam*~*E1d~fbKcxBJQv{GB@q}t)h6ttZ9 zb!*m;+rF@A6Dfbv%HOnK>tcp@V3>H$t4P5Ew6xe*>d2pFi1pA~VI`^P4|GiSn=|

D$$YaNKNg zbO;~f&jVy}!K3|h>yGS15!j`R)P|vAO;R>PPlu%iok^n@)3uN+#Xl4WAt{pJmOd8hWz_4}7D$4Z^T zP|Jdu^Fl}y@VJ=zYP{y&TK}%qR7%ue{1NwPlwV5|(j}gKU~3+lr%tVbfn5m1^mx?G zJnU3>$%h>TXA900t&0zfHOOe-NKu!CE*9yglvG1q-5}U~nvgLUdbISyL$mYmy8J(% z$^O_RI?c^4-pD9LckkaH4Awv15P+O%cis=0sAk^S+9-t)E>;M7V~cTlopI(*s(H(_ zkxF42r}$QXkiTMLk`8Y9E3HmE=I_JO6y0M(*!NX)e?N}@d28KeMM^9CDk|Rd3;uQg z&zBS{J9PWStsF)us7MgjZmxvg%6ssjS+#e^bVb7t2FQKex*hoQ{gTeo%4qC3uQ<5M z(|h{#hds~qY$|kEz3q=Hzs0V5Lf{|z0K&rmjWz%O>o)?GhMF%?&V2hW^TMAjeEOh= znHP|W7B7i=>#H?u(L$doKDqXVe@tm^DeW0*(8V%WXZ8JVGGmv>cGGYks%sS zt_^?{=2Hh^QwK}3@q)aVg(PmS)?-A=V)ta6lDYlq)@Yk(n}fI4kC~LQ?qrf~Zu;@P zLR$oE&y1ZvGywuWO4P15Cs-c5dDEw^jRy&k%zMpn(B8umpeOgCJdpC7owI_x54^|P zyj{{t?5luD1bCy9tjnV}K$Uabh!F~!1(f;YPtC#;k#goTNKEByp3J~FZ31*thsF~< zf2EGtKG57;^&HEygaFKA@Xxx3qd+AYpa)&7S*R2BCBW7_EMhBW>^Ofh)x_JANl5=} zX>Qv*{B7f9z#b@BtpNjY5=5-J2%nXh#lppEdQQn6fBLjkwGA3;im94~YPCZs5CaDfbcJY_aUrlvvlFDc;X{|`?kcN!T!cMUc zM^LyYOVUA+mf4G}RWIxnRZ&m~k`~r-fgebVi01(9v;_b(c|YnFXaw*cU48F$Jh*@V zvkx(ENs`I`SV#qr0}9O>kh=c!LBcyCP~?3iK0YPlx9|P1Z0+87HKy#RTl6(@ ztksc`A1PqCQ;d}m6DU7i(gRb?w)w%GVffe*+4bUbdTb!w?&9JgQS^2@7#+l)hK}>| z?~A(LUS$p-QsxEmrd4HX>%7Yga|Ez7x`zhI-0)X2J zdCn?!begsQ{B!$Sx?248>n2ghuqHTrwp%IBz1C`&@B>~tJ47Zv4Q?R0SQ@sE8oeOf z1CLqt6-Sb~3Tv|s)i#y0p({g0aXJgH2y0q#mEebF^hH6zvB%5I<{hwkR8q1apnx@; z!mb^FOUgq`MzMeC@(2n`=+$_r&@&+48ZC?ma%M3ZHZhWBD7$n;8-czSoZ)h5slSs-u&%_ZH1U z=4vPRu7bn`?3hbzU?7ywytd7BA>~fY<^xDe2rMl8KTiW!f%|OY?Hz;SFcV`B=oDrg z5tQA#d)Fq-cT?<5;jymW4E87#amaG{rbr=_j8^w`{IOH@bBWBTGueuRn|}O&+G}n2 zvT*PLB^8zPXosZ<9dtp0a)v@ha7BI3j45UDORQ!a2EXLEct7aoH;RdlH*d`0u8l=fgd723d#;BLg*Yq*&#%e20C)!WV%gtA z;uMuBs6g_Qq{U3HjW9G^f~_%&psBy^I_pPWb)-oF@c@2_1P&1e?cDjHCcO=TDeGt# z`}o|9j~^f(u57aQ9TAPf%*d_i7(~dIFZsIW8{s9n;Pjv-h}9{m<=4EqxKu(u<`&lc z4c$7VFhT~5O^BY~TyQPWpN8sWo5x9I0tI zK$yYNBnNi(cg;IYIh)L4_J9H|J0HM<#-54=9+8$Uq2v8>Tj}Jd)9E$g41o^l<%-d; zIAjGBFONP9t|dr8Vl84ZP`Th{zKu{rqazc)OqiErju8(yfdg5U;Whayu;TidZwZsKSU)@3mqOUR_V1@*(`z`kDPi7=L%oh_^ahWi7-iixyhvc2A{ zdR-skh^BRB3X?k`h>LNs`8-Q8k5FY9Zxi8 zD{y)Jlxo!^GXPyG2%==yeOuJXMBLE=T49Es3bDfMF zpE#cxTxc5RzBn}ivy>TIrRmF}Az%(1n9EKe@)Xt#@;WxwOq)rwt+Hp29(SZ-N4V|= z(gLUj5SAA4v?9;31J901e90Jq8nZg6MqX+STeWkp)q(}4jOpRSmy*I*knHCpP9JVF zgV>D90?7^cGyCt8_(TjJUi#`)sPql?va@%UKAGY7(DxQp7@Qhuk=gEtpiWp5bmb>_ z+=}JP8EpEPlE(=Gw_p&HA56BHr*Y*{0J?wTunzc#Rl>~;Lut<=cy@AMz3Qu`1^8)- zq?mIdJb7O70c+Q+`O)%Y#AgX+`8R*7k`d;Ps(`b3-XW57{-L!ImZ|Wczek+*l)*_1{5O~*Y&dO+B^REaeY1y0}YN&dyr8jeM4D;KtZONIS{;|mJ_MaJmvLI ziIr<97pAm^t>p1%)*5{5QEgu!&ZR6&pF0=IPFmpVNG$3u;^N{Nrl;t~5T9k-D7UEV zE>_i52&Zpq(_Y+^Yucz2v=hY28uPS~BU|E9Hncv_%Ujv<{z0FH@czkt`-BVE&(re~ zOSg>DZcXTWyMPf}FjXR_<3L3XEe(ymM~*yi} z2|KuV@7eR`?_^!$L&BVc`M6C8<2weKt;PNd9SXCb@W%EVm&1HBTnl8u`idM;jwHo8 zv6$6CUq62iImQ00?V>nxw_J)$VxP}djXB867_z1xMj;A4$_@XVk_Tfr`k$$%W?{Yp zPDzvKeKWR5y^p-cYfSwxi!Gl&ZnR2>>tj2@PSYcjNWTf8W893U=W%xta-itoN3aB6 zx|GS&K}?B4>9KH+c#XJi6piux`Ah_L3Xw=zb|&b(W%S79v&M`OON%^ubozg3-pP|Q z2h8*17)M%RhU>^ihR+fM{PsowD}X>aWCaT8`tT-{-PAKYi_Wbl?>qhuZi}h77*^p4 z5$1I$XNj*gvF729RmaNNdAtN@#%Vw{SCMVVz(dr!;u_Tw(?7rxVr4ZwIE}-5s=aAm)xY0JrVz z+6dS-^ChFA#~yuJ(7(pnhZVLRQwy!d`X?lTszKbFCIKNXBU3#%9RERJ-Ts-9e!={ zTKA&Ifjh6ARGM6jldisaS&^S9GhmX2`DPcU8Bp-0BquxgN$YG7`sK2l$DV#9kI;+Y zW~$Gq0`tX8xxvqWw)mDUHFy+k($Jwpg{80u4`Q`^3Ey~MmzNzrbV@f4lrmY@mhvc0 zAzPL%JN&b=SZ&Cb7v21PMhxopLa}M`$>2qnEfTU^N#YVR6za*_cQ4!7QXo;;60sCa z<@{Ufx>`P@*r1m&H8w8$51pF4{HZpRt&Y=KiDNi1n1J^XE}pVD?=7{!C?qkGTm>p&TQWmZ^!*t3$SQW zUp19uxD#Y%vhO0?J3Th9zkTWiU-K$n0e=O=dzH~TM>{{>^0HfVScENagXQ}J8FEBvpH9h1k&_c(AFyDGn5?+ghCs(Hri01uY+>`Rlcg0?DqPRHJJIMQlEMdzwd@vTY3|)$_1bWH z=!;6_a*1++8m=`|dn7<%3h4fQd_&hJ4KZ+LOUwgV6rDSMIZ>!kuo^MRyk(0RJPH&S zl`UOl`O|2b7?y`{2eJn~r%|U@U?}hgA|VJzZsf|9pBa%hEIh^nTKSmi>1ftzoG{ab zfF(R64SWZL1kk{w@@R+K0UUk-aU)BK3!+rc5&~X)a#%)(U&z}Lf8hm7fyvMs!2dL! zc$9fWe94Fn$!A$^92Yls+O!@T6indB0X;kN6)Gw#sf>23I#K5hJ3E*ObFnVs!y27hq#9(WT?c0o6v+0X+%| z*e5p|8)dvT6%-Vz-=sD}l=F1{+T4kB!Tc_|Xzbj76P91FO0Z4!z6_(orK8m8qhnL> zGRPeP9)B5640gRzTnoFT0d%so4d|=C!viH()l+jYF*km+HP}sN=2)Ir%Jkc}|BAYC zM38ZwJNFrM2Os-@Uk6c^{!IN9xG*=WVYk}iQ<)bjZM*MSOPM?RJ+KT@ zm&)0LdpJNns9*3Zc=ALam*|F`hy+gkZiCQ5YY!YKEHY<0mIALb8rYrgFT3#@%rEpE z79Oittup(~1rkGmz#5HbcSr$1fG$A9Mt6XPAu3%YT~aioSA=O=Z8kV_Uprm# zRF0XBfux`aqD8=!1Ws;E%V`!2k|{9wu+-ek2tHj|;ljQVm(hLjEHE3uyGMAdhyh)rW6r5}*A;;3s z|7HbINLpD{qxdCU;x0rXPE7o&hndBBW)>-f!4*KfdH=QWgKqODOvvGkfw+j`tYHOt zqBX}wXG(HQY#GsV&I_};xT|G}ho!=D0h@Psig zO7{b~$fmTApFb^2l}%$-Bi<=1^Pop0-ots*e5q=@`|?G2%;+|_qYS!HL~+%ec6x2v z1m*x#!a2rZA^C2%K!saRTYs|x5QIGS`@WCcB-V0qQuh319TWtAO^iC*-bIv1NL1C< zU5xxOb>r1}<9qmKb`@({f>bgNGCe-tsHk@bGo;pX($cy{Mr}(vgPR~sms)6`EChJ5 zE#?HHVdmz3g2rY1feuZJGw|nDe(<$wQC?R5y`0bso~HLdRR!!}(nQjMz))0VY-)M~ z$qIJDuvDo-&;CZfGkPNU-$xV#<$};NF*POCitZ}3oECz6^W}o`q?DusvnD4ntO0X-9B_H*IQjEl!5*8hl`vJ9oI5 z=LS})xxsY#vSq|iSQDxtVU&_D#uLDi){%Pr{5j7$%wFr&Sd|gP2qJFh&O0~@5Qqa< zY5emiM2w6^FNzsy>9UH7r=|K-jy#XX(42IWG=VSXcj{8PdiGS$mCYVfySGh0eCJQk z&8_xBR`@dW2`H|wb@0Fe9+&Q=#D_Bp38({q=5+r8#LhF$(@4-lz!Ax^S7H?I+@R#? z$<7VTlT}mU(6oUWQ+cx;T$p9xTkz4-PZiOG?z#64D(y-;((9jC@>iF+BNy}zGc3B? zeqn$AQnvBVyk`o^SufF7_3KnYV5p6y3iHE{$i1f`E`khXlw@U95RJUb!O-c(cz0gf zIY4l@mr^lBUbe9;W9!$itKABTD42maguSP=XJ3Ql&v)s6yq8$UUkhhC!9NA;!6=RX zq5ch*6jO~&{}q`q)VrLB1>o25Og?P_79B!_vtl&~-WmNxRkX15kml?MOv7p<3_wWG zdqtbB|3s9cGh)3A>wwrNvgN}_efe_bhEt|JNK6Nj%wD0ci`YjYF6fsDl<>x+s`V@yQv^dNSphAEnV106T(J~+%VZNUk zAaWAmRAgi^p^eIw8AkLdoB<^gp|tdtornJ<*vjVDPn%hxYMCP*2V~Aq>p^XVkyH!O zP20v|ABX)YX*W48mu8P~87lFjCHj%Lwx7?)7!zPky5UPvm7wO=K-rJ_i=y@Y`yJA| z!oxqjeftB(wf2l2f>Oq3sAZG$DHH_^=>nTEUmi8{Ny@xSEs0NM*6|!|ZEY>td$7q1 zKMn&}M%zdyO6R}_AE|VnK@dQz^o@TqZX z9lsL#r}w=Ya;l%;bPYX)JPXx3vkmxQ3o*`(D92lqS92Y2g5-GJz4pkotbbYkd~}N7 zwvHBL7r1%*JDLHgbE6|7MzHH`w5SJP+o)*n|8ZIhftVC#bx|;AmC>l+&MAc%qT!L> z#C2kZgW(<>^d4-Dtga5N`SkT`>p$-$k}sk6Q5U3k(jvg2I~#%T+n>y&+F^AA1FWfP zKbxut;PJAnjXh=ecxZm5 zvPv2IwuZkiUA@X|KiZcXis#g@1^~R~mLDmnPgjB)@x&9d!fVRQ%A{pwZ%^#Ob}bUQ zW`GbQSy4K#N!ng8iVu%xhoYW=0VRpn=d)ox->BTFxv86ET8l1R$$ZdJ{A z@L;N>BF|w(iWsI1_~DITxX>r#G9CMFHkc46f`fZ?Uy5L}=n?2H#VM^fzy}6&dRcF& zH*fn!it$Axqvw}(;{5T*mP%6O?kP2U|tt66d+eC0xQ>TXT zA!#5$9R;c4Xn<;REgux@E8A)L$P!Khqz;7=?!RWJfGN%ctXWsnz9(G>V9d{3CD)&#PP;@qN?^P9_42I0UFz!3e&F!`#yBt4lkeJ()aXhLNsr(dCu2t-@L__R3NC z)=46hq=zEQN;-M*J*d@?!|5)6auNX`#&t0APB$@~!2fSK;x%XIXOzjf!kAuAk&!|D zPh4IBn5M2S%q{NOQ}*uNGuQV(1oS-4^omYSS-H9M(Q!pbw=9H zsTS1(sKdEJHqOHKLv&lqmT^IvR`+(+r%Wf#U=&GWRof_EVCR$*%6F+5p&V(|`oFXS z!4ppCos@JoxRt4oQ3I+=9Ad!sGNb>GfL_}#skg!D$IG1ce{e^uo$=ZEd1dhTDR30j z43{oFV|}wpYY(vr5r-xo390|5P~#;p29(iswsJ-|8EG{L9*Ahm}j5Sd>Wc!1vaC9jyS7aC7*st)+R1x{1k} zJEn$*yXy5c>J}IM@WO!et7a@HvCq~MOFzZ~3-p!TwppvGxBb)y7ndkE_?Q)wA*yRM$L{lQm5wt}*gJ$kTcDMc-va zxBI#o{8Ji3We*W2DAk@kLC=PctBW8b;JJL;hVcYQqfCV+J3+~ng~?9w$A9x8tdz)(l6xY zNlHi{2P;$aZ+YyR?5r<{$$7BbX9En6&v|p6_}}768ak~5)ixnMyFDMqkkt?9pa68~^_ zP|#gWk0&(=DRH+8@aDUK>m;QWZTWinp95O%Y)bpNRRoraxWbCHBpwLN{%$@94ab5hf-v zI|3IL8hN(0nEqNse5Tc-Q2s5KEG*ne55tcjlo&K(#M6flrApmcC(9g9$0KxG)GwUZ z97CUKQ>G&lC`ZCyqIM^ffbr`(BUe99Dfsu?bCiIX0r;Go;p@u|l|*I~@E{aT0!#zX zgtI`!05~qLfnEy6hH(z_5dIrIggn$RvTNE!@|CK&Z%_@!PE ziVIkMi;wDcNogvi078clLVZ}+moK|K2wG@Dp}fU4=(brW%=hFUKARsEOXE+HtY8mI z#>!X&HBTra;%OoHJ6$^WZ;-aOi@m-5iWT07Oywu;y(eTuR3}2k0d7JV2mRvEfx1y@ zx;(UCzdT5qf9sFjyLT}(x{!VV)$-R7J)>qEyv!5dwNs~pkDjADuSD~Gi;qD;NTD4Z z8cMF^FQPdFFq|=YvW%=OYq!(<+tPp^$eA+2$TRBywHr1FP(R;+?Gb!(R4cV@=fRGP z@DfT(Grto2%fB0EdF{I(bP26?fn!>5z=fwYz@BGQEI;DUP5&HUa9 zQQqEvlojUQyI0KOt?3`Sib?uT77IM-e@E9!_fogD9&YbGd|6fF*}YJtdjC-?!-h{BPiPYi*Car5>&wRlBTg) z1-gOvcI3dRs;I;Wg1ntOaeBIVW=6Y`zPD;LHTG8_S5m@+Pdqwm<7#pf+UVFjcq{!D zSNLq&MEb=iZp*c+*RBEmanmJtQrSU#Vf^b9MQsK>2ISRrxES8rUeC_0)4+pOsOITj z%Cm#H@}w(Tfqj#TMs>ux=pEe;$N@iuutbK~T(7#muH;11kJK(KamuF#0ft3da02-T zLJkG?~E_ zu|StYwa-J1NF1jr?_0w97!}NuG%f)_^2KFc`x1Jup*XL*C!AlZDmb(v-6bHFyqrwe zB*uTB8d=G*BW@qJd;Xj`&NlrztmI82nP#9^&YrLeI1Dt?l_H7a_!N@_rD?Bu>^SI5 z>0=@yBSO;v3ww{&7O)rsYISKEj^QP*Ux!@{AS#>2On=2bmP?m7N;qjXc=ePKAutm1 zQLg_IXT6alwfwGclg3fO!`gZe*a~+8n2qCfxGhD<-(?eT zh7M@@LVpjW!d^gq-?a!PGD?@xi?dZquy$LL<_kZmqNbJ@AHVYuqb%^*2XNnWt5ILn zQOs?-K$8ucdF@(TebkMK64$Q#FIei=na?h)ZXemzZ(7l$$<^b1h#Cm8fbIiF)4>UI zyW|yGHX^ODiEXOVzQc!ua)TfkL39!A)f)dp4CVh94?k$7jcFzOkDM$6ivVwHceY+3N+U9k?}1&{P&LyaHu$sMY_7H3w z&T+6P>6u1bvwtP|C2Nn3QdrLD)hdD&Aq*MPF5n05ab1TizfFo6(qZ6ZA@9KjfC}-s zWy(_KGh9#e{LU=%!Bv>78nlT;B_~dt0D?sJ%ty>7uOk(#aPSN$z>ieG6KF|~*K{dDrw5#gzAx!s{~*o#nqNy03tz|v1-*Xl!_!WHc|L0 zc)9Zga=L=Ub9h+9+=F9=>9Vix&9GX1=~yvPZB2O*3oDA>?~eV7Tz#49t^foFpD z>Bbj!KS2i&pfK72lqIsXBmsnljdjUkiaey5TZ07y(UOdrS9`Csu*#WT96WCnK@?kX z(H?Cz##eA<;fE7JG^UPVR4~?Nv)IqBmFy-;eY^Sm#sRf8Hqt$vTwMjGll;=KasNPj zwX9n?+&4}p4GCjKRP*!?oKn}KAsQNb;7H892S~?E?N&jRH?kI0I@V);tpAXAO=L7D`!0y z`H7A{u5>z`lqB5@ks+lq(lI-TZ?ZuuTTw}gE8w_s5C*}}%kU+@eblueQNI@F84etH z_xW>ZQQQ+bNJgVa_f21)3dPSR3Gyt_DHRZtwrJ8M@pXoja+Sxi_PCDb4{-r38TCF- zQ?hv?q z+HhUx1_v<>WLE|p1Tq>eYKr+F;l!n#pfo_wLv&$74#AP4kBn#@K6sen%Jatm)dCE2 zIcy-6bv&KzHOW|;@kBVp?4Br`G8xX&V(TVQ)deU#OZ_uZp@O1A4*YWsIu zB0{XlHYdZrownG?p~ZJkd=!^`;%;B9fYu&UWuRqHn^C8HP1rI-awmwfD)(lI6N0?i9XMJz>NI|YSkfHezvIAi1uUX8}Wd-SdeCuEFF z#7n6lxs44)m8i+?>za*sH^^Nr5r~qtUkS7PHa!B3ox&X^R{PPD z+)9@zBJ9vN%pTZFJ}b=U76)&aS zSt*N;d-{=fn6eRwQE(xo=tX$C2lJ$Ykcy_#4ii#0OT1a=znof|ctXv=X{Rrwe5qRX zrdz|hZFYT=b0603?U40qfx;|>z{k3W#4-{)E}*o_FDrM9*%~|UNXBHBm=7CsGc(s9 z+d?oyaKW^=$AJI4F zc4w&1%6ggwN(*#p%?IUV9M(-N8@?O38B)YesZ&DM&f(p0tr8?jFBfT|B}x4*E?mdl z+^a}@13l3jyjYJ3TO^)8R>{9eW<0lWB1b{zkxWm>C z8SeUl6HdIZtdu$?Y*|H>#3QeFlBF3)%b8vcH*UOxz788(Vdc%LDU&Ao{`%Rwbm5#i z`zg}%M+iVgf6Vr9(cFqhTgdZ^!wzoRB#j)Dkb-rlmcIVQ+z8HdgRv?zzmM5wnU?{z?kfCaZVe1B0%^^D*YF|d`+&io^d_&dHv zGr?-lw6sHeS0WOwwbJL)8Ld0o*X<#N%ZnOLz@>W-h_D89y^I4`S0JS}$;&z&n?n z4y9ui%*@d>7MPzr3E{9B85@KJ-As}HIlkHKv(LZ>c)G|LY&to2`gEW}V1%k5P=q8!8K9QUtAAH#^Y@ zGP=9O?dUK-40<}%LozOVDCC{|&$9pS_pC6*3ZulBk3V?yC|Am%N?edK93}@0J^F4M^Bz?pT~92lpA9d(C@zk?R+y2Y z&W8^PId}1*Z1{8S0R!r5Yx!ypBV3b*aRCm-VU{`6EKS$y%UBoJ$xC7Bf@+5O1gipD>{+~q%Z~!BYHl*1FXqvp-ISnADvl)SO**!^aolQZRBHgGMqvvPR@|MBGf0X9|zo< zd08+R{s?eEFL#ro)zQ(mR#w6mtM!ITVJ}`rS3)1d-;72$iUQ}rl-G=StZ5x39LSbV z+-_no4L8j$L?ft1(G78E{{KDQk7($*>+-hTH!-<)uC=yxOh3JJ!Q{t#_w5nwI$otU z?qa~cb=A!;v{#nw)w10sXEJ%&-rb8eZAIgzgiP@nymXLr@GgCWbc?U0AI$4xRveLi zyveN1IQ(mK+SiqD)|D3O72f)ABQYf3#i+y%+r@b^XJTjIO)&^ugYF9JC(D@I&t=MI z%9<(|Mo}e^trgpOD#2KR%HQRXScfJPJrYmJs4i9FT(7Z1uijZWyXUB@ySMLuH&Sn= zxy1aW;@NhocY6AYsT}6H0^*`m{&-8H#qEs4Egsd;s(}oIGp%rhK$^PiZn)3@QU}vB zw>2FS$muOo6UL6!V7v-~l0)-FMPkedC8_$`Hcm}DmijMM40p$H}8xso9v+p#&m1h3a2~)rd+qT^ff270=BXk_`tF5ekv~-J9RzX1$ zfiWq`nt#MmgWQ>S;8vhh*j|IcD|I8B!*+;Yf1Das%YxcbX>DGKryH76`wE9b z_!-l+KzF51!LT)AzCCqBE#`Ay$ce-!C;a*;Ht65s=q(3nq6*@oFSN?mpSlvUWsFA1 zjz65Z7j&?7s#>=KBesd51>4n|8Bca`G_xGQ-NZ9`S`h3Yg7jypo zcTC(f4s5X>n8#=5|NL&7;NMiTJwdOVL-TwU~1-qM+R^9?p;UKU3!q%rB3@=vY z)3b1gIT4$k#!xNL5d}!2W5T1lx{13OiMa_3<7=%bS4gNY^*| zt&g!-eRhx4>Mv*K1njwS!_@oRY6calc6nwHl6?R2d%I%$rx}ydbYF?OPFnQh!eW@) zSGCK?yWnfa_8DTLyY$-7eLQs3_~~ZXm_il>(N`A=c1IvcG^L==kQ2l^R58yA3*|)2 zC-^W|N91|D1BeV97QXjPKA<1%`M1x7g2a-b?o(UV;j$f^9Ak>qE^M5Jhhb2YhCFTv z;Np^t&Nx!u=A1G|2UK_FPzBQGdIqH~Q2#Kw@UqnW-|LwXo?Cb;XSBzuP*9_Onwo%C zfYyy)GQU?nX0Zfgf){?#qWlhK0i{T zty@CL$|Atxq9XOBuhK&A+<7r&y{ub}?!TYiZ>DdU!Rjel`|BtN#Wk3{BT~&gcaBY( z0|Fo_z#$8tJ>xQZ^rmLw=Tz%-D=Q>N3&6Aw#P0@4Wk9vCFg!R|BY;4Eo%)FHKgWS2 zuxHO6lz7r2S`Q|VchEFoRkN6yG2Ein7+Moeg1CUg0lNw&PxQ~-G`O1($YkzgQhJej z5F?$sc13R&{P)33d-RCAS&CLtazsk9BxKd0>E)6+slyHK8C)jr{r4MXB*uSt3Nx9V zL-XQ!ze$;l%Oo8?m@*=}rm(`O^^!v}vIpWDZqOAJ&ryb}K9yV^a$qGa))zj9FiG26 zU^f8KDX&Gbla@ww)8MGnIL@6tyI%l?)XXTdKqkU8+a-kwG(C^9G1?J>1`oz9yOjNc zHv*~ObR(@kjT4D)&-9>C*VQF}itbGDtGu&w?dwZx6Y4fjQIr$W`cT#6yQBy+ARu%T;(Hnrhf`7nzca!NNKc@oBIMC+ zXMG^YZWTas_cRPoq3{Ft@WjoEirz_yKr46FdE^HT za6OvF*}|FSWd)DCv17+ZE$XnWa~F*(i%r`!G$z!{bn1RiZ^yL$*@pZ5y-IC{e6pXg zyYF@OoKPv*+7^=>W_JAa)~B|ip%wnaq!Cs3msi*8p%VWu*4{j<=Y4(q&a#jxVTnqT zaY=zl_9CtDnp3OG$^9M5J^-dq9l!ql%WBQC>kUU&+C)D*WSP1 zegE-1$MJOB$G(4i?M2`3=ktDF!+D<9dHJ4#)O2AyydbMf*X~!b`^C5F^s!^uCanif zf@G$^p~=K$pyTU%eTvls2YOv*<;^RKMk=^SQq@`9Hb_`p$M>X8h%ZDxaAXy(J`_F} zmpXo7C`yYrc%^tp%@7%x+m-3JLYd%3t0PJyJqm(eDXDFgJo0r3RPOhktB$e68tm}( zjg>QA&zohSZWv`rPr&77=j`90qC_nG{!1V2t4i6}@t&{4M*$n-x^nq9z!heN0wSzr z{vE)HzX&1sd)B*c86%8iG)uF^%W;h4%25+1)^SjU%Pc#f^%hJTRrkAhOT=zPzqAq# zIW4n!tld%^!OXguus!9|y$1wC!f@YSy)I}Vc*xk`o}_*l{CAQVAHgpB86KZQS_rq5T*UU%qUa(OFv_TEYOul!YFNHqk3+YNl-|c|Zxs z%AUMxO^ISl$FV)LPE6Y53A`A!O6lFbnz{|^_zj>TbQwQ>{=BnYNv@dRH#JXJ5N=Xz zpmUBiKpuki7m}GJ0e$aE0Hu>8Y~A|hZ^DWN3j50!@blp?scaWw53+~1 z!P~#3`b$Z%w5{fd_R&Q^P%z3lN6aGm($@v6uAeXaQ&Nw}2L}bMVwW*Fj?2i4&f5pm zL@ysXa2)k17lp0@3sbuo&7N+@2S~1XKJP+gX!XL>p&O0LT|D*uMfXw0tZj$d<)RQcps^zK^v7{44s;I4 z#1U&z&sVk4sH20S%RJ)i8>F#G#-@!+j6?>cB|R&Pg)$%nBbJL9tdfQcAm?z|Q=U9A zcKQiu3U;i`C&Z5F%4Nb}_uqe~R{<3uy7n77#jj>5S=9xB4ozpZ^ifpMG)7=MU|^f^ zzcP`A(>O6_8@{clx{B!dQu z$KRRE>f5`wu;RL@3H=Tsc2n~^+BSe7IxFEhKYNw$Lq|9b*CIj(7R<~IZ6Q^ptG-+lMUkwwgWaWnB{@zfpJ7QylY#LVz^>O*y+u3c;62Eldkp$IjB%v_}T zDHy!f7ebg6_#(dZ1Y0;L!DzP8MEXcS*UR=#3TJ-obUaAL(gEs=Np>&`4yLyxp@YJ0 zItEzGnD7ssPiI3zG2tm#wEpePFpx{bOb0BHbVtCT<4${f!L?Av z7zH(95U|x?Jih0GJQ0#SD{9Jv?8p>TA=x_}Rt=*zm88)`i3vn{d%dSG{+5Ct7HN-K zhtb!FOP5lX5_&Fh?s;yY-+@2T=K|eM=1mcLXuL^W#I}JVK}H^|!-|(!+uRFOV~7HF z=Y-6}SK@pYw*E{3AT(s_f*|W;wVGgD=Q>VX7_K2H0EBt=pQUr|u(+{zMQciE$LZc; zw%cj`lG>VHQ?|a^s8QjbrJoN%Lk+31`AwP&K)W|M2qqxQ6|1=m=CSIR2!kLF)E}xu z3Uzy_gDD)&Atx`&Qbv-Up-EZ9%ByDpZlTK_={|xe>-bZ_fiXIIlBOn8D`9q_5)??- z8h9{jz;|ZB3%A*AwUDDxkP=Revk$VNx1DYPmyWaC5%6i|eor33jFnq@)z2@7qXVc& z#T=Jf0l-xUm_c2^o1=I#N!9)l1JV@HUyr4F+-eD$zZic)AjMecS?9a zgh^6Rct2t2kISnhbx?oSXzvVE%;a)D3McWs>jpZm>Ueqb1187SuFt0|`tvGsjiiX8Ekwo*cW>l48gd!=;eDClsV)(C>^RzYF~jI zjnS^Qwl+575uPX!V%QIt^&6!b1Nl^IACag{`HpQlV$7$A{!LAPFf~9?AjI=$nl}H0Gd)oZ=Kqp4Df{7yc+w!mirYXo555M2{cS zpe!9bmH-D4?CST4Z`1OwEtKVV`W< zR>OjMg0HHMeczd{tMgxVO%Bx3TrL)(7gw&nId_1xTYHpnMZhhlX=%B?e`FsxYY52~ zzt&0Yk;pPpRhSLSz%o)jy**Bw5@?GB%y~#3h+G;X;|=pgb17)v`Yv0#RC&UL@Vqz} z7T_#SN2!{4UzZfs_l@wtj zbY|h0iaw$b9bsAV?w>xO5pu;L2fP$y!u;+wWe|@-EvzsqGaTIAXB{QRQ@+ub-l~*B zS(uxWvYynB7MjWeOw45U83MVs!v&}qB79XQl~UH#Nfkb{!Qhe&kJAAPNO!yn7Ri*i zrB3xoV@{p&f*mbDNFR1fAynNB^2xip%P0w86^EA|8T;&JZDAi^a|1Dt8gLbe0cs0? zjU>jU3jA))adcU{ftd@`B%5vx6cl6FkkMP7`8l3aX}H+D*)vT@k|OcOM{c3b6ME{X zWnGFv3wNw`mFGLMOM}JOxXR^AHchq?}GROmy-5D-QvM6%va+_`#{Tik<5Mjrax4nA6pdIJT4*EFw*EnKvLLO4 z)Z^LTt6>l=tV4>~$iR=Mo?I&F-+gJ<>Bsi;KC)}(`|zOrf{x(PqR7D?lN_I4KPSx5 zpVg|+rO!Z;erV9(-jofl4ToqIKAt8^2v+$LCxh_(UC7-SEihIH1tc} z`TfT&gcf{PW>5MH8cXRua}X%<;i_r}@d|UsyxNFHFrG7mIvLr0X-UaMkM>sdWnbGv zDn5mLTL)loQpW4o4&eYm{l z;<*ovsLa!jLpE(FTkxr$nsa3idAae++t+Y9ksr^8cu8kieN!3!(4t|`7h4^_2NSBP ze<TL1Ys(R3{xWt^z0=UXx7O-(54%A{Hdd} zMqhv5yZqc-N;->}LfBzSf6hq0I~#)8S(_`2_XsyTfC94i#g)Oq^|D)za@tRyrnTDD z-a3`5Se&F26!0u94VFG^j@6dPsHoMrB?n|m^z3=m&o87G|5G0*@j;WexYCpp-WVx; zzA=b1bwR&}khOkUFJG*xDZJ7Ba>3l}9&Pmh%svf~mR47K`hN8mJC|vtNsbz9{TiX9 zlwqZ6=GvQ8ZW9?>K^_R+V-EjZ^fdJRwNhlaXPszP+ zn^}BI>A069dqd-AvMuH-NW_I9uPv!`4J%>}epWlCV=p!g!qQJ%}* zkGCHxCzt8rtE~8@JVM=0kRc2kFE>;F!sz4=HbrIQ%H-T;Y7>Q+x#dT+pAbWxL(tsS z^M^j^{2>T>kooxIOrQXXGJ|F{Uc`uq(emZtQcK@2 zu|cLn0;J}+j-6L&sUr$X#rjwIjTBzP zC^`Vw2&!wFO#e#}5pncz49BUfm*Hvlo|cOjL2n_;s16U2o1Z;mkiYzb zh#yjLDj|IvYl}VJCb;A$r!W-%30u0xycxCqTEfumGDR+@<($TN8mV#38sUk0`$3Ll zv~IMa5^s;iiKdu@`*1z@X28O<2|G`CON^oMV)-aRx@-47LnhniaBvuzYxWp1up~UW zKrDl~aBy*SdYWe6=zEk`M)oW*bM7y><;(N%!p3~Y{R`>-?7xmOHJLIy-%A?8U-si3Lb*Q+(MlV*tDcy84y0+F{Wl_cjMw% zB1DHBGNS|(gt9c^71AiC%PJ7iH&dKqFws!B)jnoQLk_g zaR>KFpKZL4`H(g!9rhga5GD;d#2h2@4p~lU(SZN}f@Ovd6|_QtTMQ`DZc!23XGawy zHgDpcu8CI>W$0kBjbqhpn29V0LR?NU4FZ<`Om>AlG#zu89ITNS?*xqNP?`AQk}BsnVxI5BiI^*5+P9IYLLjYNGKP>gLB z@8gw#j)4iBS!j*-8_%$V=+*L=DWPx>9{e>UnK19&JM`4r4>d|XvbrA z^YY3lTo_?0T;tKEC(deeBWQN!?0^-h#bGdMk0S-EqkVm(2gu1Oj~N60F=g23^Iqqt zeFm3D$jp4k>3#cp)cSlAb6?pfOW(H3%4>XcW?JqXceWYmIB7<2kBIAD1HZ5I?Ngl80+dbj)KNt(~2~vk$nxo3)K6O_fSY5B{ z{p@m^)-sdX`;SN~6mC3b`g0J>v!}$Nr&d{v(DB4+w&?UQDZ<_GnKJ z1^fT9=k7?h!#|kHb*|Eu&of^RagTt9ZjvA<{_AH4KFa_8zXhLrtN$_z z|Nru9MKAx$RYRcpohKhpnO)#~>W}|PiHbhUiRsFk6`P6zAI5#ZH0Dy1{jMkfeDAuN zhbz`qPT8xv=Z;I&s8kC{(N(Q^XAT^+d^|}vfbj@!v+FMXndB+XMe(~Ow_<`n2*8e* z^ITvZxSY>&-CAd(E(ep6olZ2}J}o<29*cCdC*A52huim&>*D3tH)!!2Qv_hW3LjYrb|MQRU^0 zW6Qw*cOxY&YIFG!G1xeL8JC=^le&FvT83JqoKE<0{L z$_nh8>lg4Sz(=T15PTwMe%++pngAt6hvWf7MM*@#wN-A_4U31QY8Xla<8=O>Z9bAb zwdSuS552h3v0vW65-|T5zv=y7!KN4l!i#fxJT+cgtC=wIjs$AoyNphFYQvTEE<4Od zjhivc{8njuyGV3ym6mDJm57e7liF4gzQDMshMMZ@?Q2(P-AASgyzeTkErv@ur{$s; zTg5aWCLTyp?PAsz%*3jD`0(NQ4`*hwsd@#o49Gpntsssey%2h%mfGd&s^PYQVGRJ3 z0U~4zh_QzB*$df$g(qo;{!ivqc<2c4d+u!sjkWQyOgX;#bdrfm%jgw4s*2sc6owDa zsXHL2 zi~lE46|1h+KelD|30ybT|hqb_^qR%WmHr)^Zr>+ zcK#VOKUN4U7`-iBfITDs^15~JDYxmwV0gG24%9r2jlLbK$SQ0 zCCz`xXvkzK2HFE`BRD+5UYA5RLY*UNK^Fp825ztw%>_ilc&C}tj+&p*D(bc2*Xc7D0v`w%_hQU99aep8Gy+4F;)<2i?~imHZuSBQA{;UkBN{I9WP%biG)iL_$cBuhg9B;d;Col}nEoR6{il$v zS&QjoqA5E$UuY%~U{HvP_LIV)0%)LU_2F`>REm)Yr5=`pVm7K?qCxu}Ha~fSK4IzM zLj|l-DCYsB`*d%-Ro`*;`~`S)*vk;D&(IyE{>uz86U)wK;_7(Jc!@fvvhnt48mDZ0 zHLz zcpI@~#0VXwA!6@v4tD?fSrcGTBOo)rgPy#hSU5CkX()fY7Q_>?xI~Qpl&8-Yw%lL2 z9frvGGp>K29_m;Cs@X_D`7mD{5;9!jF2Ijt$?xZ+CP&Z|!F>afnApn8%Alp;z()KOK`ELe(RKesmdcSixxu8I8ZF=p%eawT5L<63)On1% zUWVy3px!#wvk+`y znmW|-XxwlPk?LG&k~v`TV1So{Q2qRJE1AoTsGHu$r97}t!(+#HCrmKsr!yR8iUg-<<@YM&yewp16 zI~N}nhPttH;BwN4dHZo8e1}ahLS%L>emyCMR5sjuvX*8t=pe-psPvFNbLiCO&Yc_M z0%P&zRkT+Md0z>R9yq7z%iEuT(h!{0dzk4xdg8=valp3n12auboZ(dXUeL7Oeq=KN zB*1A17(g4ffP2wAA~J1@!YFNR44Y_>1*sR*%z$;T)9&YgFZZV8%O!;bY- z01yS8;hmKRnyZf+Ck+1d=^hH@#{~*|e!|<23N%6XE&mOhI4xhnbr3cM1mNpgb&hZO zr=!>>zIy!{XFul4jB8C+ubu&{gT{c`#3cR9LA(~wvU1;;Q2k*+%me&E%hRsR!YRqEgiemNzvhRgKGwfD4>Sq>`&_3FRt zFW0HVzW+T?=kvvo5YP6XXd{Vr@9Sq5QL>Y?fQ0y&<12%AS~OiM$QAqx)hlQX1I3&u z*w6+zreFMvH^qU*pp$Sg6e^XOO#c0wgW*0qUmt_BI9e@IT4sCg!s*xN|HHt1=rA3R zybU`$Vcp3?3r?y6%gw+VTl?%5&XUwlU<9-rI6okXl!YBYYD~(p&MvDCd5(1p+qYiZ z4$ewWwnW`P?LaBvEm^(q$DFTg2Dn@2FYY-X0X$^W@-9>b#GfU+{WJ>DxYQmw>PU-u zZ2r{;y0!+QST;V=^ZKg08Wj7bxgdga=vyCncJUUrr#H8>0MTl+ZnoBshzEU~SUv7SDK!})^7B`k@re&&fqAH57iKNN903ZBLX%EczjCO&;{R44A`n$$2?N`z@+3zi+8&NFKL`#f%$OGM+O?~hb8nD73|in$lmmyW4=A8@G;js zY+r7fHBCiH>CJ&5{22_sMvWi;lV=DZ?7=3Vb|V2A*aVPdW@_43T2&}_m@Q`@hJK6@ zxQ{^kCJyH#hgI?Tkws8Q1pvW9q@nf-D-S9WVg^#Ks-(h=+a4`dk-04uHQjtw%bbFz zV$Jj1>}x*Emu3JIOUkQecMiKt#k#mWmkAn?m!57%qPnyBE!8B6nhh<9h-X}wjwwLP zfAuO(r3l{(Xr@`8Cpkb?_O3(m4AFj?Y|536BgY?QFA9yX{XC%09C-!zik01(qfkcI zm1lBZWuv0J2m;HW0>{C!0~|gd4GJlAyWo$Ywoa!m_NdSp&rVm`LLO(|eh}j*`|<)f zZe;k48b8UT|C8fc;=%r>*~^yQ<~ZkDla_?t&=-16wxzs8bFBjnMcHJkbP7JOljj+t zvGL5@buq^o>?VVq$+Yf)VDjL>fg%Rtp;@aw7OWK1(ZZ$}^<3pzE&e{eBN9WjoCT8# zmu~(bo%SKFz76|Uq5dW}qev{iF$xV%9MIvyEqoQvM{F%|DOegA$v4R4ihkRfr|WGM6Nz*-@&x1pm1gc__9t& zSlAqSn&*!h*8e7W61LYGW-miksZ)KW*MsYo0XI|o8mH#p`ADwhLB~cJBAN;qibw-; zcI8S}Fir#rLc*c!r0l`7X8IPvzleKD|IT-${9s%$05BF<8#ca`aa++`6cw=GRA^>x zQKjJ*p8iqZ$rlxGuiJH(wa4%~p<41Vo5Tl_xNU8SmXg3DN$>(HI^Hn7MbAxkB1F+{ zFxc4!eMH$#|K_k_2hb|ogutFtQ0o!d(FA7^ajBaq+{m@ui1+n9syV4l_>-)EjaWd% zb25xg=kibNHeBZ!;f}hUY9n7p0v`t60N)1`htNr=2$QeIau5T6pZIQe$FG{{5KM!} zx@3rh9amQQ4o`Sv?~(Qsuwwyw0I2fhcDs}Gjh?>>!G-W z1d~Vn#r$;e7vph4%ww=Re(j^~e86Sie+(U}ZJQH<+NwT^1>!GXzc%B&0yfisQ|^X^ zeX^}~)iB|U;tBvPWXn__eXT_Ok*C0B1c5I5jMvS z-xv{{BHN0|@IY4YD7mTbBCE#H#ZlZxe2SrvKYLcX!iNk2UH9q5l>#ffq0ax-0wBqv zsh?-C>aAqs5ibxv2y5Q=^gYXIlgS?Z5pI_JfC1D`cX&e@Kkp0J%_Xu5pA!9BZsM-( zNEDGhD4IU}>2-e`Z;#l-8NCA#kMJ4bBvL&mV$Ida$t+o(^djJrwnw`;{S*}@7$CK` z_Iy!~dVn|93s5joH z`E`xmK>PU9hSd|PDEd8SdX)d;kH=HpNe$^QUZ^W6 z9TL8qgM&l1%_#E~N~hQ#PN$2`mysXmk_TN{mQsH4(lWeP_Ar6|@%!NSR83S)=Q zJ7%*+nlcv0RPwr~Bs{SuT{lyvd=du22uH`A4sYPV+m7dEk}S@$YvaTT6W%x?GW33P zo#Yz~&^Q7zI5|5veEW9n#0eHAOE<>2{@M*i`Ag=cf;l{Fx)ytdt55Lc;d4PSad^*Q zgOC2aN(+=A}xw1^#+2U7F!hZyMc#A+{IoVCgh*0mGjr!NvNWjHIKd|y}Aznc2_Qk?) zt}C{*wFUoWB_kWMk~lfkHWv?-4t`N~H5!uGCLIeA|J4<%NT0-5Xao?KO+&}*LrNfZ zP~GBzC!OLJIbzCgJc#@hW*PE$>So)eD2zGov))GQ(EjQP{aJbq3%*%^=6!uz{-QJlnP zWYI7a6)@g{1xi}um!snSKL=X7CrOGu_+D01v%sLdw~h~$8=dIxq!u*bb#0xapq_^* zCnx~TZJAFk(mfcH%2Y2S(CCKg+3{oksQuVtVr7T>a;PMpn-H*xCp5)O30G>n;8sP6 z4zhP=W1&cVoU$^02A9fjB02X-O6mY$M#=^`dJiD7R&H#oMdu`K5d_%qQPE8`T`#f* z`(HmRqfTBaRZpix$jght<$}SD%-_7%%)WbdZ$U)y@4svH6#wJqivOkwO*h5J4119M z$z^w2O-sxFAPQ5Kzl@8DVr^v(Qyjs`N>VkiMRaZd`tjU0^1-6>Qpz(AH>Usd`^DT> zxnofuo)3?c${pT<64DP+` zk(c~@_9!LJ`sZKv^Z-=+7tOfWKp>cY{kSW-UHk9dz8(Gl-_x1@2e0_=zm$1)#)m6y z|F46WzgWhY&(G)mVj1JZZYQq$=i@gwTEI^ZeKh;b>-85O59uS??_%?`YJjDv&m3WF zI+xH3dl0+*4=YMd{9HfF=}r4N?~CBdt-B9L*^)0`7!-T32!r^H+}!BgS=2!c)n~qh znz6O8$Vpw>#Z5C!W|sbg;a2NTXWf5$v2V)kNbP7D<5%YwREU{w*zi}!?2+=wbx?Lg z5;{6gx;eKP_5Jp*9WKlXF>6yc1})y?t5)>BJtT(Wo131UokWDAS`hxbxUgUI*Ss0Y zxiT3Df?UDG7-K?j#Y#e>Ybu3f)=bmEVyys=q=6Y|z`&#Y8ANI$7m z@wj2D3eGJ=dJl4cVAsDGL;1fCqiGBF6`}gjhU|TynzWy6k~Iayx2FORfGQWVj(>v% zU2EvrDwF^Jnn`1VY=8*+vp?8$L*eT0pT2Y{`G#E+JZ|bWX3b?Kc7LWF;K{=6{u;6s z7OBzkpFHWpu?JE#T2BK2O^Kj}(jq7z0E?oxbz5P%q9A{;Qx%3vq@_9fVNIG#$Eq(# zrPdWDK=~UG&N2>bef@vWrfscyK3bFp#YE;}HBnCmc!4)>TB$1O`Y;#d36xc=-ct6~ z5Q>m=g=zmWIv815uu_w1C3l&ztG4DxEFn{Ya`H!LI0ykDYMu zK0_B<-Sy0GSah)&P3Qdm>sRKs7A{x-*FM1ZlcN+8JZ>(6O$2kB-X^FkD{q1l$v=;2 z=gq>6Y=NNeB|uR#vk~ZKsERPwmGs{ z#irF^*}^PoMfy1^nt3io%$cXFUkf~RC+9PffH9x2312Y|0M(eFZVv4DtNt-?HFA!7At4V4 zrY{6k0I`ec!%$16U-k07Qef2UQ!5bA40OZMg4YF)^{R z7?;0{UiXC4#}5#=zhciMXv%ULEB?jo5h0b%DvA9dpz5gQkSZbiGq7tULC`c=1>e_A&z$^;h>@}%ZDX*&92}8`N z=%-H`U2PaDA@5T?H}^ZKW~iCB_uNl`e1|@bvnnEc^iikQr`V6sP zAL-XJJy5TiUfq4!T|t52Es4hz=I+%EOiH1L#op$2M8tl{n+W~E9=OuRi^?={$Vz1; zE^uf5n2P7yOe{!&==@2ltu2iVk&NzS_%!GN_;qLq(7c@JwSoB}PBVwkTasb{XKD@r zL(G1PNhtEkfs!H_xu8T^1$3Z-JKc~&z}+dmONfGt!JM;1h#$7bIk! zeOZj7k;cYXB_BWHy~s~H^FHu$j5XhCkYdyMb?^gVpp6=4IQ7ueaMVV5*9ixfXHL5A zFOtbpjm8Iq-oZ%U%gc**9mPgN`H$MUgnVEDN+l(!@j5yld~((t&|$jc6Hu#(TlrSz zIYe{mv&chyM>5xr6Tu9E0!;B=BZ+&a)#=6&W5ul2uLnwb`qPE1AEJjsi3cttCugub z4chjblN6^n?8+6vih|m2ap%I{&e96P^1&id(= z4HKO+RrN=WdT%h-%W7D#K~Oz%lgHSwrG#w-QT~Pgd2~Dzg{8#-LdJN z{q>lpcQtlF-%TqL#S8E4bi%DS<^iNj#LOzbyfEF>m+7uSVw1aGNX_};Vr!Q;EwUr^ z?;UlIwtVbl?K;e*vUh&Hg%vl*@uqk8e#m;87G=um zQ$>Y-E$+IoMj8iG7^un0&JIt88)QPyb;vaqXS2F=pCeNs6beX6e;kq_+o|b);K8EV zLtDhQ)vzzZP$>}|IlVkjd(WYG;vkW+wlJoG8ZCbqdJalCw$WHmDsMFE+Lnrz0YSoj zvLa`?uedl+l-_X{o^#&OVrVnYKY|LXDvfPAk@HlvMG4&M{>)xo-~VHq_BlN#5R$y> zWNrZ&ZT=E?f@&VE1>u<=*2_>&*-_$vcx-q%vaYd_07ab8l^)2Bxn+*ib~DHx*y8SalQg}=d}OV zu3TAQV89^i80}eS>2|ndY)1kj?XLdEy66>zeS(B<&~uB1vvWL#z_o}oM+21Z<5RjS z94f!fKhs(*=FPXbLE8Q^U+89Al_tM8&1tS0>*CU3!(Dw;ae8_|FetQD zSTUkFadf{~W3-cSh}5JJEYu#>Z-avBm!4Ee!>pZx4M-N`fk2$ehn zlc<%kifpO?y`=?kwtg*j+B};nvVwVVMK-({0zrM(U`XoF&+-XW6xD;eBsm16g5X3a+O5Hn)=gbKMe8~^P?1d(wIm6)r z{v?Ks0HmaRgrfl{hk za39)Z+nZV7PB}Am5m*3e;B6(76x?VZGRN0>MkSCq#`tvJEu(j8_YRZ#KCpe7&2A7P zGCts9=I-BF88KNygCc=};k!&K#2(kz|A=VOSDKX;FE?K$q+-#ovimj4EHKbWA3=F% zS$0*0CQhjfef&T0>!M9RU%aWS^-oa=#>69PAhO8UNztZ)Fww&z&7s%xu@nmJ{ ze0eSBN@6lY_mpvXqY=0C!>6ue!NLt1Mz#4grBVD1kYZ3-Y=<&qQh|{vt~(=BlWkk^vf76uOkr&T~qL z98?UnTNo}gtIzDW5)#4j8wLl@aBp2d4Vdx2- z1Dgi~1rhQA#c!`(wOy?xheMlUz=6dNgL(v;DFj==eS&dfA)U9i(0(dI@z%LXnXi1g zsJS)}QjZ9!uBi!w4fhzp#e_EiD>UawztNYJlpN054^9D=2U@Rt9yy%;np#B|uj0Bg zQ7%kku^7-dvl+JH9w!x_O9DTsFOgYCs(RyjzO;OxdAfSRB=^ZMBIUwd7`P@tQ3a%z zV2GCg!kog*h2KMw)WK9%e$oJDLGsUYsGt~_`dHS0t4D`+nSrG*g1^O$H%&H)e0w>@EMBM=u|tj%T%X?Zo%RP%P;AtAwi=2Aw|)K8=FoU8X24(X?5!2YY!SE=cZI0UD?s5(MIkwG;A`~pZO2e3 zgS%vGxXtaFsG%VtE`H};@mOq-Cv19O{8aH=XvTPaUK&o{N92k%p z4C(;(SJ~JM#z_I{P565aK4d(5R^QmT>JIBJy!C?!4~Ro)tr@=G3ik$971`$dHoJv4 z3-d-s5quu#=)@hjZF>iai;D=-2v()4VT+--{r6g%hxujh$u<>K>-L0h&@!4GJ|0X6 zI8ijd2bYg#y8aF#F045wF4T97942@24xJQ(bG8)EpiX2Yl+5-@L3%t#E&z89P@IuT z2rN3Nh*>mR`~f^$eSCe}ID3(Mq&86Ivtt!ez&YePJeGnb>1Y-UH)=F4nzYCDrneut zS!KnI5DxmUW*R}_D{hAWJ;BM#HVXY2>^cBKr)ir${|6`eXjprW=H5r8N-J;uIbuW^ z6+F@*LFuYK`+Hp-dno!yNVqqB5*CZrKeOP^5KrN#uq1=i70&0ZzC~y`;eL@HF*HeI z@o?IbVGkA^Olj?@tb33~PnqD{BPnu|&A84XsKEs6FNzJ*rj7qhMq%qCXiBQ8 z=tMzK7A;&jJ8ei&?0OHPVWLGeB%?%H#G$itJ_(jFMc9 z*+z(hI%AN~Y~)`Jn>}Za#8NH@*qcG@A#bq-tinS`gd;tW?*3xoB+iJ>u<*2iFAg1Z`EcBkO z(e2ATSNqM&>w0J?99{Y%`|{=233|eF==}NIZ_Sc*c6%K#9(2;!j1Zv; zq%dmAlryg9FJ7E24t{p=yW8?k7U@%Aza1l+yQrKzrE@u=`hj)0hn|#BvUUD=p0cQ4 zx<7M_H}KFQYpe_}9Nt!$Q_5XHEIZPhT|z`1o{d|0`yRA z&|Ab)WEH6n7pVOis;Zb8>Y`;t$wzi;P|yh2&3v1yvK)3p$ZQ2YD*Zco`PAvt4kr)( z{qp2;vw*$AhU#BGx(jyK*zGV$TLC*KiI+I&0TmOua2kf%FKyp-Fj8{^T`-rLOt=B6 z5m54s>iTp*d2t2QZvtBU?j2wy1>2e!YXf**`i3)~t(J}c^VNern2?mx+JkoS(esB< zl93_ol;wa>X`Y$Qz+__?TB(({D#60QNJSb}|Nd-Z%_rTA^Wz>0PaDR9O4datjUgh| zgqtdE(qp9#v4^WCn4-ly+2G6wT8H8HKoKr~9N*K*W^?p?nR~4sd)GqcqdsC2^V=KG z!gBIT6&{230h9nsNm>$&Eu)3*dy0#jTPv`iutw#O0jcp{Kex6kACXa;l}hYzPHVo~ zt6#tH)x0lZjrE;k_mSRoYIuwrsr_BW-(^j_3>k5c8_T#?hU+P&EXR#AO=<^PW~zbC zm#4v!l~&Y7JjE~x+=z5`H66O_CuxLvd|=>JyvQT|c|&5Y^H&a0-+bK9k@}5X(}W?)Po3iC>_X#?z=XT{J7b2%<{6H z73Qh3jerf%M3!8awS8}SdS>RPnlb`G*fV({ymQV|sv|0x=^W6+z`>dZjDxO#J6_h_#wDr`u;(Mgwnv;|D1H0CWZs zeQ7)7mYU9@)$iw7UPu@HJyz%R*6{!Ev7WBg73$^VXLZ~6h&?Fn5}&)+?zX=;>apq7 z@RLiUU#xkZp#0Bo_}mZTdCk748#!ML)0Fy~vd>{fK}2UFqCw;p4E6U7MsYu!Nd%ey$obzb{ug`kb{t@;8S@s2is-qyu! zf?K9~_vWY3;-(`~Zwrw(J8Y<0fTND*Fl__G1m3QXV)!LGW;eP zEM1&)-nd6i^075DHY%y8u%Lta4E)MY-`@P}`h-c71opPUnljYgy`9t;i4}<%9Wj*4 z;(*3|5|k8EuwG*X10qULqyxv3;ZR<=z*3lWp=03&aUoh980QqmZbWGmUl7QdmeKff z+@wV#9lp%goh^ReOi%nNbCEyP@0d^$9N#_%={)CO|Mme!OA0@=Z2!c2TD^KTogHuc z9eoBA4%(+A`vt#uOM14Zw7hBH%Hu)D%h_fP#6{?0WfWR6y+w=AoE`3v(r6O**F(ow zQ*g>^gxyykH-C^eLZB0X3`57ff?r}X=$-^mB+hR=nJ}p>7$7`YX*iKdX)9PPbtYQYw-><&SWY!AX6A^VsHZBSv`B1W1&KX_u6Z_c(mLR5oDl1>o zq+3XS^TA(Nk;W4!o<19zg5@RH)hrjPyKSFWGQ_wlm3TX^L`*U=DHJ;$>13K~@LtGw%-K`r_tw>&61itmY+hBx%!`yS#9rqvOgGxJ{C9?jVNegH4}u zAptq~g&6W^ZYp|gtvT^<5n^hLZqcQn)}y}_>I9bdSpNmhlGm}uWZ5!}rlDjBW=0vx zVq%m2lWvF#H2-?~j@I+xd$(nDQB<3?$J_fcf1JOZ3nur+A6Ax@BJuu%2XEiH)s-1F z&LkF_(?19sm}`?dSg2CQ`R0f7GkMv7A~{fLJdBxyhu336%U>y$OMae}Rzx}ASeo3; zE@$(`jTtAG8M0X!NRaQHah`d)o=eu*esA#JGrRr!1Q)M42llt#NENGt(792}1Sp|# zsKmbbq#HN<+~p)CIWuvb@+c<~yI}6fF!CTD6-C9e%hx6$w`D;q?ewY0$SV31s6Rv< zJ5tg+jy?(--d* zoJDA&^2JU(iLodP4_>iyC8PE$7A&X%s}xi~3r_`S&11Zdx>kCI+Z4GC>&xo<1K0@8 zfC+Btd@}^VX2!;k;3Y)t!;&2|NZl&UkHB}l<{B$MU2hOF?mV$mVBEk% z)Kpb5M!iXYilSjg_&&l)1vit<3otzaTLq#*fVLhraLq9Ms29tx;jKQ&4nPa1>%^o5 z?lzzRY_fU4)D(cQuK`~{CgeHqjT#eeBU{MJ`3s?Q!Ua3X5r6)P2#lr#+_Cc0r+X02 ze5?T?j#C{Q*Z>ZMij;l`<$Uz9oG&zD0gp;?Gj*Wh!_=XIU=`O3YaAv%L}`3;7#Lxv zm%43u!aj}_g>hBqp~W8L?eRgjWzYJ>hxHPh{0!m4Ssg{e-%bsp7Z}Iek72HNDF{*o z`kufh+{J0kJ_)V{AL18gY=e{M7f%>J{u$FTMKQc@Vhqwt?$62) zx|5ti{n3C3pPHHXG17bE+k_XW2ekz2X|g-$CWVK$Us8KZ4U;eYSCF5Q@J%!>$PNJ1 zLo})$Uw3}g()2mt*fCWiPjxjjKlXOEhKYlzD>}fCU?##>&allHj*JE~De$oVBKizG zJ^y5UT+8Vh|B#0yFPiHW-ybvm#H}Caqrb3>W_l^{-aY@TF^sPOa)O@m!>^6^=(x`; z9-Za7@5fz3xfOULbQ%Q57Y$cbOxRec3gJZjlN9k{c!gTrH>NFyW&iCH>|Rz?^+Ry; zOruD{N$mpJxFSn##u3xX^BC#+dt#k{wJPg)i z&)c2OCZf4kR-;bJ#JQjHp#>+41!+}({CJ5~kgTYaUwV`^viIwdygI!A3jJ514KWj3e1}5U38NR+ z*Qj-jE*<+FxX&(4*vd)dK`;?mGgSgxIm8|i5%Blke&}ts?4FUpK~(?KW$RXd_Ccxt z(ec-Ev7A1g#N7Gw^5Saq)R&5dn8tmR(Ui8fwEP-4coAw@bUlS^f8g=??@}44<};I( z^@*RCrVl3LE8(Imq)zmBd)qKIN=^1E54f z$AA4Mt((2adB3LCTE4#pBC&R(Y+;IBbF&*2j zRr;JcaRSlwSRez^o<*rp+;Ty%!EK0T2J3n7O0q4L6zE1LN}zj1z-Cx&!9iw{3Frd{ zVS33|A56`=n)oLqv{0GK3{6I#oe?QY+1`?(-II!kBMQhqOhKt)FIo;NzPljFp5ZnG zy}hjLv%7}nTes!+a%dQH#Oz_HbbjM=HPg7d9a59sTY45um>g+cUp#dj|dsx@O{dWW-m3NM%!9WyC%C5&hiGr8SnssSZ{Pj)N*V;tF4efBX#+ z*|2_Cw5{bOx88!&6Z7Bms1z*~2h5iug10W13Ei-m$pY(Iod#cDDH++L0vJje3_L`E z4TLK!6i}-DUAV8ySFJKgD&I1tad~`1u~}TxmcCW8=7J68U+;Q;J~t*i`?I%XPpK=X zhbP4^>vI1JmjIB^kuKPLRu6t>)G<;&6ei9gYO8J%d!|fzMP-jaz3H)Yfv+$AFN!ui zT;Bot2MPozTGG$|qG%Hh7c5|%byaR?k622J*EG)7qjN%-DJFaev)qMZmTLsC+R4&7 zqB$GUcl}t5-Pti%v1Q7zVZ$Iay!{Xspu9Z0+WlGzbQJ@}b4Mq9TxCNEUs>1%MdC({ zfP}6Bo1wlqbdJ^r2aFnM0KKX<{~sJJofsS~7$|bX=fGM^mtG1@)z(sU;HG9Md6U(A zPcjmV7eScA-E-$wZ`!0hNOJ-Po)ENHbk@(d)-_+Wh!1%Ep-(C`-jp46A()@n*6x6B zqh$?<6a2VrBdOf^vW5W~%D_`C{f7y!ZYS55)*3}ZTodnJ09J_@mr}b@g*TihH6SxLvZ(coCGSjR+JsMCxi{dc7lbz+{3{|xfP(Dg#pnNPl8Q98#416&G7;Y_$tF;&dgceVHCbfzL5!DWb%ULBocLoR4~P4J0-tdp<}xj+q_x7_zyW7 z;qp0R7W!4*5&1d)`Sa@B&?hv9f+h7pq`^?9k1eC|`=t~ohVjGRK2;o2NSM^25Y2qP ztKAG(G%v_K$SgYwOo4Jfe7MMkXQ8))LkA_9;(Gmc-(&6v1_qLN>HY<6=-j!&TS-WW zS`nT6=FL6M8<2Vc&C&(EgW}mX4==56^X|wR2T@c}afjxVLX$PvAdbeS*94o2pW@7} z;b4eQ1FH-xF}37KK_?1$<5Z_Ge*M|Ag^-^z0bij_yZr*Wc|zOaB1maM6?gL72yJZ! z0FNJ-!NwmXuBwYZ;a)-wKnW*!{?REciM$d|5Y7WGB7M^?hqRxpEQ}fJV#@_a5(057 z&j4{~==)zN=f4;*6<#!$AYhKEX(3e~-aW@#?1I0`x1_?SbESptVn{*Q;t4o3CAPav zqp$j)z3jNYFel~&wE%&b^O4Be;cE&{b5fTs9n_JO_Iq>W@LAn% zt&=lVdVRR>!q_Xd{T!qBr&mYVeYtepU7ExPE*!oZB|B|+W9G^Wef{-j&GL$0J(B?* zwZnxMxs>#`fM0Z1E}vd~g-`~3Do${*Z#zc4K}ettZ#c*6qaeZc%WUP!Z8RHjdn`T$ zl#Q-b5LT}cJ26TZ#?N{9JgFVDlL*%pIE_|F)2R<{-@Xm!OO+e?{M*(kL-~%NJ|L!8 zt^y{Mw;F&aK<~9QH%p2*Yr@_Kn+0)HYFCk?3JUep6FMlkxW!f5L4i;Y-iARsd9N8v z*8KZrhS71|0T_AoXdO6!Q0mkE0;>rg34A~XH@Kg-Lgt~>hPK3lt0&$$ z&~;-RvW{gn$UpjpYcct-(36mB_+CYu3yXcupdomX-AFvLr(7VmoN0@&Ml95I)n#d z?dI*%^XAWIHP+#lm2dO%jIks`LPQ6`&^IPo#NaT) zuXS}pCR%{vc=F88pI10?tnOgxmMMff2{>MNcTRzzYQ|pcpwrbZx0Fxazwd5#r;B^H ze*@t|>h-mXHyi6e9cS5UI6|d#%b1GY$-j8qDD$a+Pwq1|=mzjsJi)Muo%TyBKYwnc zkFa~Ok*^}=IR>Le?VaBqBkPWjP-P8D`{a=sR6|NX>@$ZP)tY%3k@;pN>HWFx16zAB})Z2uZ<`DUReyfP5CtQJtySswUs$MT25mL$g5ha3M z1)AuhzE+A{wNRo=re?XwIt_x`k62KDLH%})QkH*fp$ zVXJcO6T7g)RQHq|wQ$TS7|7AgOA({Rl*zUFV* z#kJ_s5LZ$Kaloj}pFiPK(o}w>K7-OB`ypR|+ITHA8ZqP3kJdRC63EvFT&re~CA#fFK4I2~; zO{Q>?_~{R)__I@16huq#Rk(dySU%1Z#-^abCRnhf<|2#=w zdRT4R`>FXNG%z#a56N7taT1&YD?PzMu|*&W3vR&}-?+HDs|F@j#;EpImqA`?17pH- z7Gvc`)gQAc>k5@cQxdLV2<^ZXoY$bj;!+_-$B48N^10B^ber@l4`Og5>seo5iCW+lTrty}d0J2Tt-lxGxWk zd{-7N^2sv?Wys0=$M72Wk^jY=vUthIQ= zp8UyLSAG#g=MD7rXFI(gZk2WeM)~5!ASrf|edn@p^NHC^VYq;1<)+;Ig+B9#>=eRQjZ247 z%y;@z^sMYgz|{sLaHg-KcRs3B3EQwQR9Sg}SNhR?kGGGAP&bmvZ*9>1Wkn3Ce0^)< zWi%F+$?snNo6iEWRU!~0QNg1id4b#_rbk9`J; zf7Q8kre6pR70xk*WyUsq$mbo8(9_O`rAY&K>?pl5XpQaBqFIhJ zJZ1_VEFh5}45_boC&e)}M-XhYEGSTMl%azE*tJ;6V}Q^jAb!RYBcC#b146I!^ywVl zLCwz~Zt>&mF&)l%U~A z2d(~bvb*%&elMhC%9r-G)~jppd71ExNSjhVup#OuDw95ygBIq? zQvnI78y6US0Lcj3KxW{qId-8vw=?z2jzQItBdyvm@OMykW0v3YK`?;1K3}-s0UV(X zE`OmE_T}`~kFXe3fFN*ozo~A5-Knm5M|FnLYK|S-3P`{lV0{}I4j*uggN-Pxs8({D zfT)%(SwfH{g`%ZpPBcaSaY2M88)v_MWiRbSR_=a3YlrJH&mUCbd?3Ju^I?;WV2c5o zNzEXPA7^d*0#1Tfn-q;T4kwAZ*go)aC?i^%)+3oa7YN?ZC5Jg9$FobMFJx3xGPgv7 zK6B_$fw0Cmxjt`^{P}|q4lK8|?I|M@!jIES+P^w^x7vZEPpL#mp~1PrGsKJaG=WlV zBtnthf6LCNn88Q<@qAH>JL@zd19`eW*3^K@ zOCz@jhcvkLs7i$>3Hdbq``A${2tia)^Hgsp1buw-hKF1c+7J0VlfF$a*Dhb)qhCK# zuM?AtA9Zy-DmeQrg5Hntt8d>_z8Q_zxwoMIVM;xin9hj1%>*Si9)HZ?rT_oz>-k8F zb`@VkBs#bv0DFGp!KPT;J64@z(J&Lmq8k^MhyMm;9Ht}BC4)BoPXe1nMlFORA7b25 zWTRiE$CP%wU8+EMj0uvBz!ie&vE6;?k7rj?Ew7AIy<$kRiF45j@chC< zT3LB_%w|5U=->qu^?d1Wj(B{oexlFBjh+iNr_HOMJ@JL4lcb0w@IdpI!cEUFp{AhNhp;~|#Lw5u#{_*4D*|V1;zoo=?cAizW<7{{Edy={rk2cs10SIY{ zqq@(-iF4xFUfUv#lg|MGcR!$CBfTl`Vc?RH)+J~b8!m#9< z8^+KZs0Dcjh#dY>6_u3>mM*>N{^2Pa8=4jBsldK^)sbFpQR19|=dWLn(bHQvWlBtf zFB>zU{w#3Snpv24O4yH$eKSV1iziHYOJJZsJUz#96oY%>m{=`{v*3YcK-UwE5=Y2s z)vBk#>&az^k9MZu+mWs07dF_BRb%B^;j;Vj!_x@P%n_J| z&L5lYaV?~6<>8<}!vc<>55|5=OG~|os+6BZb5ttxx^b?$g|sNX>|XkUU(eu+1}rW= zLUce9yKd}cnLX>tipUiJ3CXP0tU+{ooCY1p#3tWF_xRMbPH9UIk(Q3du6KRiAb z=D&ek%!I`roRnDFs~s)zB`9uO&$*TFj;i71gwd4{mu_x?0k*#-Ucys6QEcV9KWCFm zsk$R6$Mp5XN(xU+mgIujFFP?vvxv5iTDgTA^i+EgP2f+8P#zMPO`bdov+$;n5h^OC zG!~ScY*<8X0i25G%Ucesm@?s^e&Gt5Wg?Pb--Y0~i?VQfB_)-hg#hV|*D!CE%B7r>eGNT%oS#gw0KdBUnpccKK4*c_`5-FRr>4G@-y=h0#cjVBIm zf-L9(it0J#IijXTzyT0THi?DmGUspH0Lo0fZ@@4N0Rm|TUx^ThJm7Tx!{{Xwny21; z!ofsEC8qp6%b$?QML9e8KHwa3M!`9QpZtp#<=FC&`0PUlv6fjbv;ZWMtsXNUP~woi z>q$096PN}dW})dzNC__E;t3rh>%jf8_8&Q-G|Ew`_xQ>uv%4r$Kha`qHI{DfG@Xs# zDeU=N|NPlAH$oq?v-Ptp19&4NM~t|dlym{^eZ~w1jegQogYAGz+-|;wj4rlR8I%l1 zv=Y6tH|u{rZ56WnO)Tj6$JS*wS(AE-TuB}KGv92gMh_E>ZO z@zPBJ^nUm52l!)BJ&GxFd8irfWv=}q*T{vNy2t@B3M_an`;r$7|EfJd6Bl=kaob%(yC@5lg2v*B6VG5r z+}#J1c7=ljp8MbAbb!R{gYL0uiMVr`8wHP5JdkB~Bu``{#%xIwmvaMM`HHBP-@wBX zJC-}dDP3~@fYzlW!xE(XklBHJDJM5!^vWn0S{4Q}xsV25;Y1eGa&wj_W>F*QIPaP~ zB^iW?TByFaW@%7%qT@x1;HLG|qy(0!+C8TuFq4qeLIT2<17r(m09nJ30xD5akZ$l) zF?mvtOp}nn=;B=0qw{ww~6}@NntC5l}s$Xrd*TRGk?hvmag_=t*cR0nJ_4KUa&r7s}emBbA1XjG9J{# zJRQ25WL}CKj*g0|BiV~~RtB5q0s&k|_2{AOV{VnJ=g$M9jrL?5mZ(zLCDOzl)DfbU~gpN=s)b-XO$Dy7VF@~7RO ze_HsAYTcqL()OE#*LgUeEOvC&gRI}fc6ig8Z=OZ8WwL{ZBXap76S0Mcg{!Zor>BE) z@7&e5`Guk|E4^?hv(i;(y?WW(cOqk>pnk!O^w*V0}ZU%1*n#8NSN$7Jmo`S)S!OE!+_ zDsSBCv$#{pr~d;(($j1=3FH-zDh2HVpiFK9*ap(MOAY19=x2g&!!qEFh}9%4-fuo> zB~=1dK4Z2oXWhJ0gqs@^#0xJhMt{5z2oX)FLE@S{cqIfmja%l`QuubBgnc)K?q@UC zYl(PDZ~guVK^@L6mUTk;0X9&Y`b1=Ur;lf@z8#Qh^IfKCU1# zEIR!r(S+Z8`UhO)hWC%RuZ;=}oR0oXaEmCUK&=fc_1;5?iiif}2Z)jof|coqf+aRK zCyyUj)KS@K#yLg~r>_u%Z?TWhAM+9QZHBKO?%0Wa15YSP8M=F77lC!+35U+_KYqMi z_!&XK(}vbKt4@I4QVs2;p70j)7c77V&L4T7;wI@@WNoSbCzib+gq4<&SzE1gZPT}C zs2d0?P!fR0*a(41rLE2NPP%&4!*(EfhdGuHMHeq!va+-^n{f;kSx@bsOE^bigSAG^ z_(jeKJDt?Lz!c0;Tfq*8#|nhJa#?pFaI-JGfx;AUmpNkdoS?ck)6!5VP;Na#tn0qK zeD;jC71P5mI*R<@2}wwp!-^|wM|4RK{UvbF->g|htvW|(zQ`+;w3Bxgx(}w`_LY1% z?OK=GFYXh38mC&WRv*#SN&cBH)ep2gUtN>|(0CJ2Ho`!v%(mpAAa*U0fWk>|bO>Is z9JxctWx*{#0jJLWsCG0xD#=^x)I21*%!~`#Eb1?6C_om%J5sMu(>aRVwEyiH>Uzm9 zFzRfEp&>iRU5bhlhM#kDr(Zn1bZZmm8QnT8To+{;`&TJ$gU5Eejp;AkF@9>6mb6;O zNny*oU#6*NZQnhcgqRFhkPyBBc!FW56JXCQ$mXNccqgBj3X98AfY$5Ar#P;n^ z8Gc1^FfgGW`P!I{%HI%XRr6j~Zg)ma*}Z_xqiofD3R9(a9`9RVnB z=dNs^4lk>zX{WRY!S!53Vs4YD|6{5VDU{QKi4d2(2s1F&8)BhHDEe;3+!6C~+Gh(H zjn6D77~Q{r#;aFN)Nmj|w2$1Xx7tx#|F4WpuefhXkm3~Jf!aq-ZWHYw@~x(-?O=9Z zEp?su-1%BphZwYtc0Q%#By4w+~&Tik>9~O!AMaT3}yEerY}+z=zf7{G1)>S zn1RS2$Fq6WVkLPyV(+y25kxTH%J#`Z zxZ|#3aPb%|8(7hV5iIq8SVX}2#75rydXlD-$)+c&%ew& zI<4e4%MK96I#*YyNoHQKY!8<|$>K_iM^vT2XM$00%A||nhLBruER0n091HwaJM~94XI?E4yZ5;r^2s?Bdf<5uRA^@R#?fuA^d{Z|C$N zd6TxbmNVFGO|hH*J@MQ}-L?PDFB|$u^sY5anYXwt=HxjT^|s!N{-xU&cbsk8@Z#-@ z{K^;kSJw{{-q5eFSHtXL{{DACRq_8tq3`<7)F`&8=gTuCDe@oZ&-mvByuE~>{3TnE zaw@4YIDH}fpT82hf$rzu|7z(v`=7yOfPg+H|KQ#1Sz3D%{;?=;+t7}EZ4J-PdJviW(`PAHm_TWxlN~&gO4#-HG6#J+ap6fep z@$li-7Aj8^pMCG?ZkecU<1dH&Fu&q|^3b-23C9)8hIWaSsyJ4v^sRNqH~qec!!3V) z-&*e%wkdDRvc!mQ)!RzG9gVu;cc(?JS6gP#e?FeKm1LlfXu4##!o0Kjdg8TDrA!R# zOWSp-dg}EF9L>X7tBpCHdF*p&8_5Uxm|BAmraLc1Q-qsT$R6ZoG4nnm_D(m}TJZVH z7h4+}(W^80Y}OfABVuOU&7)V@hDob$xjG)`pkZ<1rEE+0DXMRiqV-=zEicUVknW=F zV?V{cpT^4F>pfM*#BGQ_)hstkM+ZI$zqpur=UB32?f1>_+s~h8+b;1dQKqT&9kw9O zI!1Z;@P|aL(b**>Muvuco3~KY=JuOKm53r_oY)MuA5A+0uZlXm+>FC^4FHHn%tI4V zUF7mqYO#50^TBjvP1mi{GD5$wX5~t`K7A$+I>;n2IpPxwW)S6h_)!@cBC~{Jz*~!~ zg!XT?xp{`na!qXuID8XFApoig#Ln$=LwbpOK8_z95btZ4@Q6$g9GV+xtaPcv`4EdL znqD-Y>@%D)=per!)vanKy+h?qU?cq5*f%)>qeF0Ih7h3U3#z7;#}9Dr!$<^}donfo z>a_H9W7lkWC_*1a4r7x@H9>SygfUklRf%QS4Kxlw__VVOs0pLXAOlB)B~ekITxjO! zsr5ECTD*ACO=r&IZ(o4Lz$@9^CxT6StkJOT;}O|m-xSrjoA6ghG0^PU6U|ad)t#xm z7-!q^b8X0M*Ks#g@7b+m&o2lc0_^6*5m_?mk9iJI2BztV3Qm!xCIZz;Jpm`sPeFlY z#hpERmhLr)BD09#QWa!ubKP=iuLs_D?`;+o1ps11bYZU9I5}l|$I|CKc{zZbQ05J3 z>(iTu^=@(K5spWb**IVETElqD=hxSkOs;JFTCp@U-+6EFo~NEaHM41GDI;i^8F5!Y z&g5mMRajiyFA}u@_8v>pw(9GCC@;^%TNqG%^;ZU|Iw@xG@M3Yjj_6#$EtomRmk8}# z5TAMPo>=(ml`EHDJdMFxad9y@Vy455vDZ>kcsMDMwt)m;Lzthx0Fs_@LjHmRT65t$ zQsmpW*pMUwM*uP+pJ`Cp037U28z@8M$VO7T-aBp-3COxqe7O0i+WY=+IufPo1)L zb4w&qg@okuJDbPs+;(vz+BDz~G-3=%^BnV@Z90z~pim2QOnXbm_~8D1WcCZ@%|qZ2 zXn{A--~j_*+kfy16r5yf7RkYZHj&Glv>!1xp-)eMmlHq`>WDA~wrHeWhYl~3X z0ZpQ4d-wKj?XPtanDcmky3<%3Z?=OyAJleOPXb+&fZBbP`+^`c*3LtVAs8=slg5w} zNKu`VvT4?=JnPBAerdiuZzxt2KWNF+ijV)q85NWX@XXW|m#<#6A7VOSKU(6=TRK-| z+ftVM9_;$-A?liGbeEPu)KIEcNy~hOmWZfSz5GtAk|E@{< zvZq0lC|Zo-pB5EcAO>0Dd3*W{aPXk;{#lk&p>U4soPl~e#du-!Ivumeu0_7Z4kC~V z)2B>f+2O5_iY&LLO|DJN&1g?md=LQyOChYjaPAy}Gxj#H&B58piD>tT{?NeCaM8se zD`_|jkW)mTa5`lSJb*3-O4%%u%#z{w;wm)J$D9p+CSsp94B9`1D9ZE4|AWC71GmA? z1g)9Pq86ek9XB5rpj!QuJQiNWXFyJSXXoIDQRYL42EZKL4&tm>6f7-OGJSycpTZh| zCr`Gw8gN?UA%%faX-kce-sa_9I(4ekFk$lA)>a#ZH^@&*poWW^o6udw-((&Z_Xq*T zP59;sO9PV#E5oEiSZL_`4<9s@yyB$67@)uIJ$S%@qOl+b$G?`zDptcq@Xec3(a}gF z>Fbnw_ugeCJAqbwk2=*0?jlHNIdw zXefaJVM!@##i2h~;g$!b%Q|w%NJ2ltD+DrPQD_}VnV;kO;l1^%kNg51!u>^P?$!Ez z;j(2VG>4EHJk-}yh2huo_wOyNgxmM@DWkDP7>dz85$D{P-v3;E%6tg3V~=0Fh|sj1 z#FjWNn!je2o(|Qwox1T|fn**!RM@T)7s$9g&oqyp$-R=2Ws@f}#VAZ4F|7g_Ol z0Fep!KKqy#WBvg4eYey)cXy5w-k)q*eFCTf?iO&yLJk83>O5=a zEkDD9MS{3{^-dwUr-1W1J~;^+2clE4X*T9Oq(*FdlbFMWWxQc_bUd#DiJK6)70d`m zH26$(c~uo>fX-D_#@?u{Kp^Fm_>BZBI6+1yYqaepBqe99UyrH`Ia@XF>sUkt%t@}f zK<5wuF`g{N)N1b}ER30}MtZpDy88z(7HAq!uhGsEsYJmQ%73tcgs%f^kYT-%hsUy{ zRWA?;g^XA#R5OZ-%NJ=#1LAxFvOBpAue`-DoqX2_`W7>kS;Qwu^>Kq1i z0Rb86;?J1Fi!be3xUEpr>&%ZTryecROiwX3iSal>!$i&xzZ}Q=d>{y( z*??*-&B-pzm?BI<67=ZnUQ3DW-Juc!r`1awyGy~dkaipmu*0&YbLLzIDEN-m^?o~(<*V#4G-=a-i&CbfZKLVh45Ta@3Q zIVUNG9_+ebGIkIYo4DYU-KkFrsvGlbm|GCQ!pW0)Kg%OtsxQoY^hl8v-9P4TXWW>C zh(v5a{oWsPA|~&t$vBH7650+XTUQ*J5V|pW^XAQHtm{boc3O?RGQe&?P*DEMmxDt{ zTtBD)L2H5)^mpviLtMyED%3OwiE17?``Gf{$B?*_3Ro>kWwLUVuooe~3|1P4QKHKS z_v_@m^mH%oD=X^Qu>tLYDYXfoL)a`0X3u_csCLfs-OYm4B}!z#B=E(o?ChVsV=7iE zP3{ABMxx4i%nGO!K@ScDG!iogSjG_-+nr{^MB!8P^n?4>DWmDg$7fdC9!spQUaO=O z38eSqheyR$7MG&ta4x(&5CbF5HTTFuJkBWnvrFs9E^Y6~dEm4NBYMcl2rJO#_j)iG zOfrNx0ErvVB#!Iq7xjrbyG6ayylCZXqWveFQ9{#PS*Ec zIN8|j=(hB8Iz|+q*Q|yhW7bA+Bf-kxQ(2h{`K0?DG!7d-J|BvTHl*}fL3#wtd9^xHP+l32z^^ZGa9g8nN zlTgItfdkJV5!E*^U_E5{NVS&g-UQrLEbzK>=LHc%QPGn=QK`#;h_=)F(R+BfxG*%E zPVI$k5WWki9)ga=vaD^s54F6}KJzB20Jwfo;>UP0xOiOG(uj9_G+kq3C8g`f!^3kP zK4dcQMPze#!}x;e^i)OKS{N#{aTU3|MjTs8O}3WJS-WcI$Vqr5(6c&kHp6bSL^|uyo+c34(c>xe<`;6&%6VE;)%lO@N3pYI<9XaEgQg8?F z4jpdZEj#kE%DkeB%9bgr^^)nKom>3kbDdgd$X@o64v!~0n27C_)$I7mJ0p;PgwJvZ zXXNeJWQnF*q7}tTnZ?fu-(s#`KU&~{Y=s=+96v@P7il3e)R4}7^)**&XQyF%#=QCb zRo<5Bfdciz$Bz$Q>)cnqREJW6;-4=x4Lr`NWZ+;WxzgPMyD$JQimcZ65hfe~3TUk; z$^;)v#BEfGKdMg0FX>?k@oZ zc~ho{wYGl}|3+~{1tJJ}2~`5MtF3K2#pI##XQNIT);k}fAL>OQmX|j`BKK(Qxppb_ zc%`i>1M|Nl+_4F1pRKxVVT1n`QH$$exPKZ7KJd~No%fc9EgIw3KrupHa`VOwfQ^^0 zUhxufe8h@HEBr0(lGpo~+uKJYAcDVRkpXGtWt)KaQ_sGsF_KH<3C{3%pEjeUne$Sa%XKgNqJjy75*w zUxiYMr9TQ(^CQV#Mk^j1qDEm)Av!kNQL5z6OHa8QP>MbTn0Wm3>0+pKl79ZhrIr>J z_ZU)O)q}_VAd$t`zUW%eE-NA{<)XRWsziNg{-uexy1h9yBkb{|?kXap+#Q{WnSg&dQ(q)%5#uktQIjcYbaIF4GpZQD&^UsK4zTk!*;$yHQN=#-1EJrY!1 zj*c1%F4(oP4MC$Oh_hsBV`FHT%I~7C^kL-q1$&1u6Z08KKOh=0)4_9Af0G!}58*>r ztw&CLvxIjhl9e7NxtG4bIgy$gUZ5UrK7@y~0gcmP`ht+utla$kA1H+iPB?e}uCcm@ zlgAr3ZVg=`ZU*<381FJswhvf-L~{`GwbU>O& zcz$Hidc6(n*JD%ms<2Q~wHmJ*1J??lsHo-SXh6XpCU#n3@4gd+%B=hwZEx@~-fbA+ zKm&|mBsV?6t>Ln5!?brTNn)Pb3X64GSKmr-Qs`KFaQr3BhNRdB?mq^vsavHZ6MV6K zCeEWMG~)020q-0;_8PIas9{WL2xY%QhdRsl?3?65q6_$^1vg*Gt3?yd7G(nP0mPqw zN-YBu>{j{OFG76+eKCa}^-_bd7L_Rh0tAPN<*t(<^kLlL-ruF;uXpnYIQoJP8(duQ$0xux zFODWP|LA zSY!LUxlipNdz^1HI5%GOzz-iL=R4uICSVal1D;N{HH1&95831;v_M_iHMb>E9UVz(CZV8 z40*nIs`>tN^UqVRpfrcl4LmGtE(b&8rO?8m=%~wVD`*x;7`7Z~|LsTzo;MnfgwMi! zo}d%nFeNcDky;Ybdi>kxl(>+gwnv_amOIwFULDOhQAFNq%Sv?rFsD-WB_{(pkE-<0 zUuLWQq44Mnwhu=$$Zk$1zGZ)e!h|CqQa*mo7Hv5+9vK~w<=OM+tb@Qd>ra#SBo9Cd zC_vPvjI%5z-@p(yyNxRgXHd~|kcX0hr15hFIo0-g$Jf}|J&$~aYYaUvxl`ECGGc@g zGD{@mx9f6(%7-Q8U7A>HSpN9j2Zx?POW#O&M@neT^R_A&l39}Fl{n?Xz1)ht;9#@H z$OZLvC10;=Pj)XuU&RP**ar``}&Q zcDG_8hv;E5_Z2LVN0@lW5A5>u)0X_R_3OJm(7~K;M$6y7d-tNSFf2Sg)&8OUjpiD{ zKaCwe*oD-(j80J0Qf{ILyE;lmh3?P>JONM$Uu(ux5Qp+Kwn`@DiO`Ob!`t{AI6;8l z(Rv_`ugq0eK#W0z#oGt!1K0z>1&%KG!m;1!N^&wZvc?j#30x?#C}ezGeHaS1mb_Ux zkcS3P;l|RPv6|pW8I1Ay8&G zZRpmX{Bh{0m2-Hhy^}!GxYtZUt0$K{c`|#+5_QCvXM!`n8YY^p%5@nv`uKSx7;5+d zAX2iYAqrxqnFwnVD_#{9aSMg9(g6cF=akXcP1- zD2R5;vpRHJ@AbX8Jl44LA8D~2M9Lg&erodGzJdEkjNKyGt#Rmum)1@)W6Q2vDKckp6(+4}D)g~^Ir@*X!78Yjx5V3ur0>L@ zw->$PqSYskZ@Ht;bpHN?otlNi3~P!~=8qXX-a}w!clr~J5s&g<5+p(;{vK8q?O_!2 zXZG+xgLH>Pd6(wW*#^`E*f>~!ySyjx{rs@kQ%^;Wym{KF?a8%uv0Ibf(v_13@oE}n z@7*_ZlR1ufe@Lb+{CnbBR6JtkiGgsXoovnT{)gu!;z)h7u)XIb;i+VL?Zch6q#I+} ze-`=AxOeTX&GyW0U3k&IzPzm-jf?IoV(qf+!@$O3#fhg>d>%g&Z##6L^hfcAzrTrp zwz#pcv*Ciz8S&y_y?RNXn17>uSD#X$i}~xTwx7VGt}VIp^~TD6pZov)$NaNl#du%A zeCOXUE6Rv}|BF8T5HT-9ioS(>8NWCE8Cj9Do zxkvi{=QYZ#{`~K>JAcz4zWG1QIDfG9&zt`t&iRA19n1d1tMdo{Yj4z3@BE9R4VO0O zWzA6fJdPjx`>SDKorH&oh=hjoo1Z&OS4!?_d^W66)KKQ{zvrKxV>R++TZ~4Xbw6JC zST)1UR4hgAO551vy?#7w9Ywr5m<&1y@U^>j#+f;kE1@~}?%&5ihs~Ost@U6tj6xh2=#?-v)hR{7MuDLR0Tkxgu9SHBHF z@rx{dtJ5y>ED{!D>8Jgh{ML#egQkPSxppn>!o-KwHg8<2{c(e-K+H5l@HnXL$J8rT zr>G&Ur^?lb*zxTerz?|bwsyY zS(`f>UXNT3vdAgqEYjhnSGRxh>H>cq+iFFF0}c?g!jw8M%9r{NaI;4hf*|tPaxc&i z%?)xu&3}BFcogqY0<^1Z0>cq$^%NMWi2=MORALZn*y^8(X zh1BCjW&fH%mEh`#n&z{VAh;c{EWnjWS4YxA%IvkJY~}Xfz##~*PJUrbebr(f68fKJj}%arL8R!(7A0I65ol?&z`g6p`nhL zZC)<;iHYJC5F3#NQ`lQ8g)kP}1^4?teH^T<$1VAYGX{B?^uWYC{3iT~p`jt$pO)O* zoJ6(EUv!f0?`}$Y2i1hv|RI4$}@CGg!a7xN{Ff zkWlgfiq)p*Bo{zO>ax!v2d11xqkWv|s!69?4L$PDV}-QGb? zEu$u5Sus%Ec<bghix);|$>ue$lDdYs48Gpz+r1ySnHMW6D{_I7-e|JO{?@Bk@-^|o_BgkJ)WJ;U zlR4cD-h82mVahN1+&Os#h0irLrLSJ8QQy(*VOhyop;oWsH2-*7LL)JW%x&TV!YsUw zyeW%;G#eRsSWqaiIuD1_6Q@pTvm~;`e@$tcum+qGpBfZum7}upTV=PL(U2qI2M>M& zjN>7tR$xkC%(kXO7O?g8q*$(wFagCJ48!sC60nmDUSkSd><}aDy8=!@HNl(^cWgux;c;%nu{5yo*-g#uYW(A`UL(s&fCXl z0$wm?W?h9Xdiy5~0Ft*}_=t}zsv-UPeK$ERVXXvnBwZvWK`zH+ooUOHi&6PpS^0yW zV=Mi|kxp~Iq@(BwgmK20gOjyA54S2t7=_Uj-GB&l$P&T?qYON8NFq9nj5~W)m@9@6 z!MtGEHJ9yKS1ISFs2<=JQ-o87qBNh`QZ``!6rNlvZ1tDuj&<^9H_r;C76USjZ!e>A z)X~+&#Pe-s%)>Yd zVu9B!n7crvML}>;4sy69(l9yG!nQW2@4zXERxSIB=d6gmcxPHaW9{SP_a8dcOG?V6 zy{$Dm=f?uHlJOH)Mks>nD%d0DGIdbqI9qnj-kf)OX4ZIGW2k`#B ztgQdYk;dqOU%gt4!3=!q>U)EAcK|4fDw*wZi0S`}=x4HG8*d(6Fc((W3y}iZCKv1F z;Y_T31Lo4IIt6om{OD2Sq*pi8EQ4?5LaiQ}n&mI>*2rSXBI;^tNT{u4MTp4sHaZN- ztk#0cp*bxmrGp+ea%2@spx|1VCT>*^6D|?y0hH|SG(d2~p@^7BGG94q+Px3ZRX~9k#fpC^Xhf1 zQ9cED1(|)ANt9r5!D6)jcLn=e0tJOQ?g|yQ*i+yE*U->F-4DzL4zt>2tcfF}H>Jr* z^C95-g8D5b90Z%QDbeX8Cz$S*q>?c8v(KC%hxmmERQTK)y%_CD;hF^mbV=PAfK(fo ztBLE@v8pJY!FSLj+T*3j-kIk8tSkZ~C%om?DcS%mL`%AuhQXqyzTzHwf99Om8#|VP zpE9HXT&4!RJW8<(#5cqXRS zQNmhdFNmIiQ41O#g`PcG`Q|J2is86~ksBG5+GyPG$BH!$4o8?=oIQJco1W<|z%4XG zGiP?^A)GojQ!y8wb~FGNS(PL=ZJK!7=vOG+2}5X`yv)uuUz`?%FZn{Bm+ zS%WqPNAR2c#+5dd9D}9q>d1j%D#DgJq9~K1;IB#G`g}k^rxQF3`3)OArdnBf@vFe4 zG6q~pOk{@g>Xj?U^qh~gLk<7zoCnwh3H&*~jrm&yY7pOAy<`bew1Esoc9W0*BI134 z6qrO8OKrkV&`v&K&*q};y?<+5V zly?MNiMU59(r@V%$Nd<$f&Wnp@q7J)y8;7Mp>yC^B6gx%ZUF^M=nxM;#!4jIEE&cx zDJi*o*Pd}b^`GylfPT}=1#h{5EPZuh-9zO8ItSjs?bP{*08C9)Fqda+jW7ln-Ky_f zaJEC+&P?38@gf0WSzuv7eRrLKD&hiq1d1|(HbK_+h5qYa>X(*LcktNoD0k@+0Jg1} zjo4_C!a}MgBWM~hGoO9FzLWT%80nM*$3;c4m_Bdcu$>&ztzEebGsCprMdrMuA51r3 zgc;!>CI!^~Ou;kAs%31QJsqVL(|`yHC58`^4nS3}Nv(x_6;lJKJeNmSk)Y?Py}-&I zei-%wV#Ol$PGMmqp_f!)v4uFad+F5L97q->qY=qr>E!?dELap56kKB(`TcuG)Jj|J zBvbAC`duyb{w3sDMuP9z?@m+HykiCLjl@N2XTXXFOf}P&FkF#+|9*f))`t3an0Ovl zM?mV*>jR!pgCq8epE>R%irTqDdTss6J)5U?c-k51&K=)eT#`b6<_-eH6Nk9x0j_q- zLkAlIM3I=$is2Q=2n!F;a(!tJD08kNl?S$K5_^cT{;rpWm2#jVcokHNp#B65Z;H!& z`7)VSfKZ$5e5Mv=l*?^R%G~#Nl7oVvUZw8VWY8m%a-uaQ0rnBKpR@a zd1^^%X+}Cay^AJufmWOIP?(Z|b*m3ATD|%+&>N>67!y)%ZpF@aSq7HLrX+sxT_#cH z6z}|kP{SkCf;g1J69s5GAAGw$y9Br~&|E{|e^$$X3$(BCMxnRsJ@nViRJT8dTQEi9r%S_j- zxp3(ceo|kABDhm0+L?QeQ)sV$AQ(a}hBU|%?-UCQ*<~*{$6#{Ey0OmOQvF)L;*r7V z(deTyI^S5ki20HT( zKVd$EVu`|Ql>9>ywiR0(4$z)c$wGgVA_z`Kv$oURf$R%E9lV0*EkK&i&Lbmc0`lFA zj4Y*@2RVm5#ld(DtBK4zrH1b)evu;=FhRO^?>n9%S*%!*=x5NY@AT80Kfc1l+0cY1 z>yC%ZXLfv4{@OKd7w>(K)W<4GRt?oEsj92zW@jHcc1&1VsCHPsXU}JmH|&UFoM+Ca z#F{PuGrV!E4Y-#iUKER;hvpHmnFBw^+of?vYYCxdy;1*aDpSyR04resXX{B`yaUL;?=>gm)C z%8hR7_FxG7OU~P@7BKRM>lb>b;4#HNNT*zRxDx4S2eb@XP|G<)U>BBZEoFj?g6}0l za(k$CfE5YkK;stOmpo!z2wfK+#{SW<6f{FfW=T&DD^@HwL&G!u>@(mDMx1V?k+B66%|+jV)Az2=&mm%S5~<_>&h=fAs?bb!w;WuS>_4Q!*y@*qu+`U_I5O9}-SWrstLLnhBbOi@! zFjm$D1^#Dk2OYd$AZBGhO8yJZbbL$@q7Prb(4+9%vAOW@S&! z(4gWOPl}5le*O54<}=*S&rjBkQ%~87M>6k_E6Tm)(V|EsNzGoom=<}*K%GGqF4dz; zZvnCUYkU@f-koG|4msGrpo%2k(<$Fc->)BY{=9AD1q`@LU%w9Ys*x&Ww+6Q}AYi%i zWtrZ+6VBfdPJvv)3={$ESwq=!@g?(?(eoCuQD+z}dR!4(Og^%eydQDTg3gcdH*_EuLY$MuJH_@&O zYf2H25w2*)cq$NeQU0_2_$R;@naHhVa!9}T1Xwf|iAhQCZmbpRvrXS90|E>MRSQwA zvaYyPzLPGK_J8ILZJELF1Job8P2#6|_$3%q@9b5Qa%QkeRByEuCt#_V;56YIl`s-9(?Kf{G+HR(ta&y!E5t&7T zBof1_P=kf^`{VPYepQyTMQdpdH%vev(*CErLBB1AJ4h+ew(+ND-B$XjAyJxM;JmKY zf%z1?qRYydJ`@UPM)^H#$2VC?x8(FFn&@s25f$d6(?egcs37T~zwC&46L@Uk#~;|uY+pG+Owf?@UeUTpA|rjqFAYf~x(p+H6K#-%TjX_}O_#=fqloc3z36dq z@wT`3ge74%PfMU~^TM?KR!HX=fqWAwCHm@0Y|BaO@AHpH#7MARJ$bU@mPDnTHRN|Q zEWVXz3X>LXR&lnkXs;}UahSu0U%+g~kN6C-K_6h_G#zAfPvoXli^lP_Ps<-6QQ8zh$G&M_CFIqdW2javP6O)1R6vTY9D zw?lOr@=5wmb~fgZjPFZ3a94vlh)eq@3WHv(uThO&l#wONS^BwjCbtLpDqBm@Wpp4) zj7_N$@z3viVZDYs33E)Io@tB)LvWeSv6aZ*>fjjBKK=I3Gr31~K5<;guL?n`s8G@- z?hQ@#UEZV4nQ;mRf-YYL0(?_rk9o?weQl{2lacI%6cHT_l%U`_JIg4R(vjFiUub2jOF!-iz$N79A^30F$!eqJl?v2dixd!ShbgZle+T3OBu$qrm4 z!~zYS&RTf%>eg*9dd12;dw-Sdg1m)du087q>|1&)7;{#HyOLNVc%~7%FKwSZLO}?2)&f9H`1k*d&$W)(n-;f3Ic1ktIwRd zmc&jmAkj%ylk-bG&Ot-X;m0T7x?_*I>t@T5Z)v#^hI&*-KuKi!Wy?x3Gncat%EI@W zCkOjhg}`Kn1iU~c#9H<~aOs!}Xi{|OI`x7ij(9k?Uv zp%{u`<7jI}Axg|PV$6=Zg5aveV?{mMn)i(+dKX;{nS9EmN%n0mjl$lZ&EM7X+mnzP z6AFmhE1yNjl8nZtQ|tf$(yyX$M6=)u$mkYAKZa!#5*1+?6v{yUx69X8OG(Kf!jsn{ zp)m=?$sF9jzjwn?dx@~=-6bU4@nP}sK;m*8+z4w!`ce{zh5cpwDuOu>RB3{(AGd~` zWcVTFK7822gmDbMNI3Wj_3YCJi>GKjfm3Ie{1$5nwI4SQ%7pX|PG3+vy}Mr>%@Xfe zu-E31Vvp(N%Ql5)BUut4oiApykJ_|+RpB_){)mFZ`uaz=~(WbTV2(mJ1Av< zQV(#1(%C!dM0hs{e5hvxuk_n>Q)mxyS+Hr`1?(P=G~vcM?ji#&pVOo1lTo5%^@)IZ zg1$o5jnpHY3{O<1QH<|~`G(+x<>%*sH7$+7ipD|HUsL5$;$Fku4%Lj7`mLEUfq}Us zEY2TQz!GzF4UB@AA7YGXo)jz%v!6GOH{D%C{YeMIHMP9v5`}p(4~fv;>F?0|`$z(n zqj~DxqsMaDxq;Lf0mL@fnVUBo;072LCTBFs2rC;_zp>Rg`5}k;;i!QFTPy0Wyyoc1#Lyq?cw@v_RNI*NCy3(o)Ad3lnt38xRdrztBz#_ zL+8?I+18|Z4gg3BcZe0Pk8*SCzkRc9{QMLtE4umS>Ekox_D;e8bD+_gl4s9s>Gb)s zvqR4`NKx_lZ_mWrjO%XtPPfg-QVC*UyybYey~OW4cpwa6=WW{rK8Xrt=gyt~s8Hyl zDOsA8^ku53O@ZTAIyfM`|IV|-^HS-V!As+?`uhI;56nyOv{7wSMO{uv0G-PaN6Jo( z3^NyLxFLukl4)m0{0i8Geg;-A3I->9@6|;R!yEd@5d} zpu_2BA3*lev=mJIO8?9`;L=}?%jEXIe%(UW;JYBpNTJiFPW|vr1LqxKNhDf6x&=y0 zlr5vSDYvXUy*2e z^krk#y}d^hLYszTrd;z>@2ve>nOdTez^JpTy1JyGKvr6MM>eYlN3VQ(8sJcV?*dwG zdHLPxTdIgB7g7O3rxQ!?=bWy-h}!{c#C&Yc#`GbBh>+po&Ab{1k!lyU6n?liL$b=F ztv7ui;DZDa@`r0gZ4u^m5@c8ya3e;cri$060={_ueE6u9(rx3PGab8l@i`#lW6xz> z$81nI`3^#xh1mxWKKt1ZM}mftj?T^tF;_=2M2!tVgLMN$qLc~r4v-I1L~!Wf^Ndho zAU{7c>B$FoZZWg0lt$f^j9LgNs1_%S;fzXu28a+3;R}zTsye~avajVpXjTR?NUZ>T zWdHvh@7WBY;(0{j41LOuZn{O!rkNt%QYNRlz>*#kWgFP6>f;&ht1!;*;o|8!&4&Kh z&g?ZS+%~{YPn3?S&5)j&F?T(980Q)D3un=oQNnXy+XkySI6!z)FM+KayPe{@QG=w5 z3MHn+@@_SL-7f}>m=oFlDs{@AI;K%Mf{di0MoLBoPe)e*tMT&{fl_SLwcv_Gj?`AL zP?f%)mG#D9ZI55C)Y2J}PD4X)w|nmsxzO@m>YmMi1TPsIynz-|H??UY9%}rM9%)yW0&`DUx0sqw&myvr*184 zf24?Y5#Og6z3tJxFN&Wn{{4HAhVL2hug#Cm%g3&FIV57-MfpnB%=aTz#;@gqcEKmZ z8YGQ{um!XGgSAm^E5%_cT+F=cxQgGpCIw2ZzuY3M{ut4v)~XXz7aPV6P#(E3>V2YZ z$ndv=QMWkWtyk_m#>XaWqR-^k!6ViIcjIj(uziQc$4+Y>;^pP_v7Jl({K=E3%M5Rd z`^p2Q(?wJEw+_==GOiPr!)6#tuM9h=*39FWi~*TMuSz z#YqH*|9K(j@qs^h9((XSrguvHp7ruV54+3p5#`&$C5rV+;F+PR6TU>JT z&&ZP3vqB;w9)4|7-9H6a2lAI#6gS{6Uxs1%PoMJJc1o>tb%nr^XU!&f3R+0UQDJUG zR~r9%I6bA~y2wLN6l_PmX5BPPBI}Rz1ISL2lKu8qAs;L>rK(!4+ibCf_hmHyFp zoOs(xe$$yh0O2oO=oZ<6C7bJ4I;LYzc)MK$6YZ{NZ*FP1=j8%qvr?D^pr2-b&JYI% z-F(5lhem}upNFM2P%a!)K6vREvNIhF&ylTc&+)Gfu5KuGkE8tvg)i&fn?hDFM`Yhn zO-=A{R1-*Ge~%1OzoSpjd4?z@r{>nJj#g>|2TnXQ2evv$N*+lVMG`3H zJv%|mNu^$A!^=`jLW?tE+(TNrLh3ZjR~VEA6E0!@I*XZCN5cYx=ulK8WL`yjz%Z4G z7()zmVxI$!4-hmzYfEl4qUfa5;LXA^+3ce?AjjEh>0=)N$@U-LkZ*YTr>y@Mor&HzR6kr+m($X z4TIbbiqR@SfUB#=(X$$#N4o^usiLKIV6?WH+A4rQ`1}3`@0a$Znb01L7lZtQspW-7>FF`AH42ULtXY@R(w0Hj(V??&1~WFQlFZB~q~}Zb z0aifzQ^&%Y^6!+fF}&Tm8Lz+ z&OUqk^n_2@-_8m#``tTXna{Hiw;SPQf9-TBC@zkec7__6kE-m$JqJ>!!=Nk#hje8l zFmO3y8SP|MM0%N*-x?>>lvTO>8YDmL=hvC|pX#xOK?cTI`9L%f%+TUsC}jfc!`)=c zfi{DIvwW&;KnPJo7m>6MzsI&4j7l~Q*6pxtcV|(up}f(8KFaRG^uSlYnpzY;gj;S5 z6TccG@$8mv`^l3I*g%cS3J7l44E20AgUy|*O$+M0w-Ju4t*s5K4(=AWTj6Su)Kd;k z^dEonXFTPM6kNhCjy?<7M3WtYGm2;MEc#L@6JQ^7gG~MnEpg%jivX3Ef_J^P{!Frx*BUB6)iBf@9cv!FZ=PO{IN z%1RG+_uE=~QNP<1O%#K1orvdK%DO+5Y3HiGeCgMtM>#8qqoZ{>4s;IcdiR*3@gfb-}M5Q7X zCG9kl$`l!rO46LEWT+6$^?rWb|6#57eV(=6_jz0Q+V_9ks_VLb-|smb$8jDf@=NzH zH%_6)6k+`=!g0Drv_)e)MT^wKu3vwS-lSvs^K7CSv^2+;4$)I$Pp7Qhd!iM+LTD@? z2zV>-Z$Nf8am)V2-4IN{r|jCh7d4H9wu)o9{hwv(WKL2m&w*1Fb>)gPr01wno>o5e zG(6JudzE`dEG2F{d{O&&r`_7nGm|e&>o4xIVCMS2F_r%Q<8vv*4b1~P;qrA#M~XXL zU)21jM)I!Q2rHfqHX_W9twvR_c=0I(jlePuxyv<`PifdLK+L*2tX=z!jgz$m%W%3$ zvITVsZy)cSTj*}FHXz_p%j~|T?^Gv~CLbxx5l=h|IvElY!f!+sXS=D1M1HKRv!N)GG`pf(>OT)<^tkkA>>V9C3C|ey-K~UP^ zeEmWFlqs4x>n)$aw47P_nLd2#8V{HhV1b+B?u}(T5zD#$`ZB~?t%m3n;r?(-eb7cI zCX}W<<41NK#)5}zD;#gqcYULfc!#JbWQ9>_l)&u_4=>%7xOLXox3b~Nn)sri3^fRFz#jE2 zm9xP?kreO{S}~>^?a3Bjm9Jrc)%(nSHMlrUGPQr>r*Ti#NN7G*@>mwO{%`jp4eZbG za(#~{5UyLnI?fx`)~bUn!}9s@3u-q{1h$Nb*g<#x>fua&vaDOvS~3YECE)bvUHaYL zK3rfeXKfIZL$B$O)XO__UEFe%j%crt>LH(P*yWzZ+e?c1B?Nd`J_%&7?tpF z>>Zd*qWcE$z=Vr}QP4*Y0aho+j`a%uJmh)i;DRr)9iE*9kOLRM)Ubi#DB^TLA;vVS zX8fpxku$T87$MA@JYxoYxT(Ir_u~x_;o+P$Dk~<#NIWq<^4*%|eLTP>;eElLm0h>p z=oO>cwD0fq?exI{G=$HS_h?cke(3kxJ=C;?SvEltvZiUj6}S>^EU0BqX0F4PhW`?o zm}AWv>xnHPl6A?KT&)1dxuc+%ZXM0ma>?5OJkhq!InbS^;&}cMHPAx5L|esn4a1Qh z*+9@^9^S-2s5?h>vX%Wmm7D&)U$y#mLFp)9w1JZN%dR}Am@52M5 zJclIh`ab1`rQA6cKHIRE7{e)=C@sl3g4X`kobAhDsf$;p#QTMW5e_IFL0%o=U?6|- zo&{Rr`bt1azEPOItEt(I9>nd$y-g}soNB-{Q0V+`yHRus?8v6V$>_#Dv%xc8&J%V7n<8X7{k4(OAp*>|Pox8YfQLqy+!n$S zgU2lq7Kq@F6%iXtmcGUm_W1GUFc>dhtg*FawJMGyMI0imZ}KO)qcOu(D`)qEh3qUx zY7Iq8?s&~lBKqd){ayd#$50j|1CnEx8_Og+Dg+~-MQA2T^L3P_iVZJw@fKIYi=DtlpVu;pVj04}q8|H!?WCKQzerWVY% zuvtY8>YdrMSFZ#p^Q&0Ry6`a*k7xc6Bs2_BI+UhN0|>+b94irX^WrB@$o4j95|PLd zgIKDQCtwl$RwR`uV>neEze*hc>e1)2GVXoP;J}C=#CGx~34D-CD5Mhu@E@2}MG_;Z zLEgTF9`~yihA#j?&z?FZpd0jf&zA{j!y|;xwl~{((E?FJBeF*?Gi&>&fpYH&D`?d* z_4Q3j!J~QMmMwyS+Txl|wiPO$yj+6Dd$!+vtghA-<(u%TyN!GYu9G)HiEgabKF{pU zpV)B~&JFiCVQt3h)tcCykt+q2LO&UmsVJm(G_6rQPl0W%c-~>i5vgjpod#@M$ zgf$&Rj?8tXsx>a@4x3WdUiX}_rTS^1&%u!)mBatD4|KDkqrHyhdYeazPM_xY_U|tx z6)|z-tmr=D{ylf*At|@1*VosNvv!UdS&_JXpz!8@f64Tuj@o+I+wa=vv{4U+IOje7 zsq-Z}An8BTe4%CiY(E3bo$D)`_53eK>7inB@0TrhD0R5}UskrgU41Uj71JGWZG3)<;fBY>Q_ZNkOHIB=f zEBB~gnx&`IUwfv#rQy(JqZNu@P3z+Ef^vkhkHA$BkHQv%*kQ);=|-ctl@;8s>X#A{ z5;*JSf00Lk%#F;s8WcFS2UvP46*G6h(kV>lS+(ksU;0_UMuuj)FX?z1x!7Y$YlP9l zg>06%=O5Kuq~mGvQ-ARUOAO%A%qzIgg6{&UO!DdB(Sy^_Z|dL&kKTL`^S6H2J!Ab; zQMq}RF`G+XN}arJeCx4t!ggoN`!u#NSJ-WHG3x#EGT4KY{62)>%T_{@dxx0nHtvlM zPjC~z?lXOX=rl#e@hmON4eKE{59TK_3C6@|0V+P;0hr4laWDV6EVFHN-=m22c9T;r z9h`>oL!7Nqd7+G?J-97t#&|XoLe`(fdni&^bB!z~KYInnvUSIfDg&q+93MA86$Yu( z8UhI+*d8^CdOi0%fDRJ8kbl(o^kQ5k#TrG>MgA@%y7S_5e|<-^Ob^blb<^$@^A>#* zQ_QvM4ZXuJUW~(D+|6-u7su7KcP+x?Gkirx`>()Dm)7Nf&09BfI^D1qm7Duk$4=K$ z**OFig2-tK)XJrrH{-;vyq{ju_rP6*Myn}v;O`+GFxLb}(wctH{eXwsg`gm0s^7QY zt4wGnWKqY%3er1HY4YnUGQ0Jj>zo2}%l9+-bu3{C2R)R9ZkPJL9BYmJ8(+m*w>Kr# zv~@}Qe0*}$x%VaUabYL6Fv1w?El; zTJr6Xuki4XV54Z@>CyO^jeu=@oNn73csuNJuM8?uIqB=W#>$HLosqi$F)v_R-yw?c z3CGUIsaDZTiplYeEH`*lgCxbrhn=_4)22_VD6oU zAS{;Z=O^ZGL7J`s5@2*p`6EX+4%qu6Pj)8r;zN2J6cE4Uovd)7IDh@cv0dNm?i#{z zUVDoH`Rhqm*2m(+Xa>-D3&QbbX>D^s&${U)Ihbc4?MS4*CmHEMHGcf46xibERAI^} z>se1gE-k}Uc5=V)ghKNfZ|kn?F5fV#bootIc=XJ-yPWoNhWDFf~! zA)a}to)YTnHvzY36xi0-@$Hc;%vzP{Mpp9;8G^w8Qw~G=_m>AR6UABOsGr|}NI~)V zanfrpBOg9Xd!u)o->T_2ex!?S7r!?dYjxVFQ4tQKX5|%R6h0MiwEB9gA>kJb#=k+j!(Z~7N(tBfLSEHNunrvM}oRHDXF+QXv)jqD=7)A z)nn5g@uTcf#F;J0vUg=iWbkF^olzb zEEh-Vxok+U?gxzExvA*zgAiADFX3e3TRE-a*iNajkm|D zzdSkzvgZg78Klr)=AbG95+d>T>(}fH;=!m6tHVwmf6IK*Vg)~V`q>@o+B)%;z1uYX z0^Kf%bu=9OMM7VPics)J2UIsU4w{$S@q7F}UB~!N#Y86cgymwEuSyHw zl#Vp5Z~YOqbef2Z<_4dOWkY|>^*Nmqy4iB%&vNnQJzpffw*Q6f9%rB8NMl(!v$(`W z+`v{L&22;=_5$UR=-|jp;}raM6RLrSw%6o&mEX%)d;cH{WVJ=x=em~P-mUZ(^ZiD# z@v!&YNo-;t(X-LJ(DfuywN8`6DZ z2T6P(XP|L$+_7BDE$$oBZYuOoU_of?MXy}EcI{Y|boX9^Ls0Qy?p)kOv z_5F1LspBTev2AJDBiwV8hW*d+0#K|13W~5|AR7ty|fHMEAfBuu_Pw*`Rw?hc0yOf6pkGTHOp-(AO0Hj!dZQc z$=I20K4(=1bKp@>5NA|XRiCdC?;7A)nS2MWF%yhsI6wjq0n0<2ykg#pQ62EFH>KC= z)l;X88&?D-$Npt9__Xy8ubC&36^@qgD@lkGv-#oaD~u?p7P60r&@v07FRKY}j?by@ zp%+hdielQiY-fe?DkZj<2+jfX=Hc^cC%OVnbMU#{f0f_q?llj~-Pf zzw5f=kZ5~tl~grgEk4b7(dzciLbljVDUg={c!YQj_~z*24cjyyiOLZT*<(Rd z4U1dc+V{vk>IWN!nBp7}9%xDK0s9FM8PUyCje%+q#FV0+!o+2)!FU?LY`+l!8rMv= zj?b+(dAnxnU|~7_(S(0B+&`Nx!2ybuPf7OhqBLv4qWCv}C(o4dsP$YD{-P zx8hkkUXrzUmVRpKwmG+3`+>V`#*-;q7;QJglboBonIz#) zu+`w7%F1UV*D9f?dr(w#lR}AQ)BP2>VqLt*ooQSxayn<1Dgm>z6|>(k*@v@_c9swy zDCEI^iw^`oB76dD$+1&t4YvW7QRynQjv{oi`N7tct_{m=+4Oo`t82Z|&nbF3IvZ&d zI2cuCS{cn<14=3R)ZY0pyFp2av=@=s3J?@aKbyENb*yUVGzim&-LX-lGRog8{_&ad zD=e5GASp8_CZ7eV|3H2S?Tw?hb=-1(UPQYkKjv}#S&w8IY|6NXiA*UndnIfa3yNFT z)UT~e-ZhREb@-Ukqsc~0)Cmhlp<%+jgDza4Au|qAn%a;lJYO79AxWA_6 zM{+A{zS`ec4Okt|Hy$Aoit3x|+kyhMzczMQHdapRzJ^v+;O!3`+KLi`T&7}g0@(o`nBo|H3CUDoyPZV+`Db&RPSyKh85IF?LL81IpKM>g2Z>b$F0n;jq2Z)}wAi1$@K zxWjmLgvpkDlW$BKC}J}xc-npj$bL3&2g&)$`$_0Ku5ayDA9b@UZS|k$-knm#I}-G6 z4-jLK8W=`AX?ONk8W|BCoytP`i#v{-;HKsW@8qOjE_+0>xW8hdZd~Q< z9Xog8DG>HJTXOxTPe|M;ZWs}wNjZA_c*LQ&rOFc8P2uBu^cp;MSN)pcK|~_rmTqm}r_Wt&XMxZL!|6+0x?bE#))- zYPyNHZwKvIS~W&fGdSCdQKcDbYFoOiRUJyT{z&oORPe0mE{TI;JwCoh5VNXB+t}K| z3a~r%3cy2y$_^c!Ov(6%GYwbi>K>|CQ*kfMT_EsKI7~E8z*npJ(6#RkgKzEnChsbj z@)#rhEcTL7OC9%_?Nm$Vswy01Zhxor(AcR{x1fS1YEy+F2QfSmjG>&hk_!p3_|h(< z!25p_S|~qmrKVP-?lfjTV@BU|K|w?ap&+VloHEAT&2d29<-`Vh?3!1*MLR@nm$818ng-N3P`=kGJT>>RHClyI(!~Uhz zbqBTxU9ldm0zVT^yV`~3t*t!+v%w6L5d>AAi!b_u8%Im>W-JIO^@xHrvJ}8H6p75c zXdgzbK_wh{O49h&*|W=Zbh;T18K6xbCRoB$50R0{uKR*qQ2+s@Omdxbg7b1Ce^25dee1+mfp~J*pR(+N_zHrP}#L-bVG~;JcPd?f z$s?T{GSasz<~>rb3SP2ur9CHFPVR15v?+p077JN+)tUY5K=gU79o=o`(zt}Ws)nD!`gnCxVY zFh#wmgo0nq*RN%K6AvbTj*rEIRa$}Bk~6>0<+5NI8V9~im6rTECOC3*ee`+1onb?! z)gDU9{ac{>5Talx;p3D2hwfW3QBvl`imAa7Ms-&^4N$jkwzt0qT3zgac4$WOIS&PE zN5>2{j{wV|CxV9|5;*mheqk>p1*hcKd^JKVpI3pJ_$$(*_W4BCXPQJ zKU!1K?2lb)-kN1|*YZQivi|8?ODh!ZRRXK^4>^sSP`Tfyb(44Xgky8-L(G1kv^6W& z+cfrSRSL;}q%fRwAl9B#BDG&Jxxyw`H&)LFrwi(N>zV~&xIjE z6Vu-ElZXHk8u`wL#lJhh7N6-e_u0r9GxjnYVOWjD)eGyTCJZ?Q6$+43`Y_e0Q`L5V z-@tq3n=*0ixOe(M>$HCSHlfX~wV9}fL7@puqm3V_BVua7v`AWt8p3U;c> zS--kyirmhlAp}fx@9^wetSNT-)UUj;!aWvkU|k)^9B@$uy9A%FNwKt?GpCDpX8#~X z$=S30rYkAk#`@UBWu`-QP~-}F`xsa8(`V1ZJ8^}&|NS=}X7v*pDVy99!YThAeK9n& z5+E&T<#6vzX)MAbO_-}<(DcRgi!*%;>q|UkyG&YE-{bJqk1|6Wss&4Uqr4ys%2*_E z0qMQFad@)DI;rQ!>M$lEu%35MBvGb5-@$uT@ zFr(g?m;4&idw@mI2eY0cI5?d?uXc`)m&x+woc_LKD-EKM&@Sa0*3W32DEYayE~9#; zA)Zcg>{vPT_gTw{M~; zYu3jtFU`rWa?3Wn6JjP}NjQ6ve%|I)&*}ExHuyzJK26v}!^-p*U!D?Z8tArq?dz<2 zGtA*=g{tc&Rzf1+s-L+nW(Cm|Sc&ULE%S=xOHAws5oY{KfF0(!MSr_4dCxN zOsd_#Pg93+Ln4w}ZBd9(#q$6wl=sZL5dgPs-yZ(>E&0?OL_Rf@5YCqXDqVgE-V~;rZEOZlTQ`r#X#OQ^4|82Afvy;6QS35edU5U{VG*QX z5=%;vY`lhY#mQ#O)d!Aez($3WYMywsPv$>s?sg^Xxs~vpxm0E{GBPzOcRYQC3l%hs zLQ#0~dtU<(!NyORFoFB`Ge7T9!a=}c_j|WO1P42!7cMNLJc+ECz($exb!NziKBj>e zJeE7Y3X=I-8J-ed3@{-hs|3~?)FdXW;; zX4!?vI5D@t`jMfTJ;~>1Gcr0EE~Q8$r624on@)9t)+%34@fVxR!5&Z%0V_4uLhKGIA>Gozqyy5p4Yy`@=~X=Eu_9^bs_+A*@&BZS^zi`LDzJZwImPI+bQ zp&aSsoi9(nE3}fbuI!4NC;Is5Qww|pJ&r%jeh9(47`X^qg#OyZ;hS~^QNF&uQ~=17 z32=Zkdng0}D|ewQ0dSV7ZvZ-=+_B_-`uPcKrTJ4=UsJkNRI?1ya^bi{9}k>TyNINB zH@G|i4x33ykN0^xm?)QLxVyi(=Y`ozts4DOE;V09M@uxz7Xf?)a(V`0p5{!2*F2ed3X>3lUvExGorDwArP@lJx*?Jx>9Uf2J zHYz-GDH|HzynE*a$VZ$Oia`b;yQ*BEBxh?zyFm=64U-!Idb7|}Q`n-Q8O#rg8dbMgSr4-qv3Z zfV9?npCdXj3Q!4zXm1D1AZ)_@r-2DgE{2REp^~o|Nx~UeaQs@fY`zrwXUcJ^(ifK< z5altfP~AA`4X#Z>lfjz05N5t%uhSM%*X-b%%-Z}A>C*YoSV zwo3~){1d4-Uzlm~=-kis0yjP1k@A~He_{TS@_qTkzmDX#$iKZb$$Ed0=VdM5c~1n6 zTVp(R38>#A*0K~7wBy=@=A*K4thT^adq`f4o#rycA@7ez?pXdRoeVJ_2p!H23~&_$ zY0LqEI`{b16Mp}lgw)3B+Hrmot)0U&f1JQ%e?nQ3oWN_l$Z!*Z#2jRP?^|`2kav&~ zxg+)C;=Z_dF8=dXt}u#vGL!-NH6So-7-&dGiJ1(nLKhz{<+TO!@>stdzi_k zE3kLi?zY7Z-}G~n{xhf)n)d&%Vt~+c*t*Y+hxJR@jc_^UzowSvOx6Cc-LWo+x`Yqy z&)5ISzd0-U8AQD@bdghdvibAufBi&};?Z$QeMBn7OVn;IUUuV~`B`Uq{agPx(LkT+ z*^L?5t_mY_^+dNO?^fUb(ZZx(gIf0{Ei8XTdBH3T!|z-@N(8rDuJFi+Q5M1R4+cmHkiAC!bGZ94SUpitGjzPzO^= zSR$+tcD_*X#uq3K?gjU!rImqO*!PU2M|Hh;gJ`iXM@C8w9QfejL-v3WLAIQwr!T}C zm1G6y2$RF`G1hj!zJKrkVvSqt*JSz(#EM@B^bt&9?)abLGYbyxu>I`z{LG{_)wt!t zdYL2yKAj%@#)pnvuJOIV;D@SV_2;OU!&lV5bPHLxUboIkkOu???rmwXb$9PfIv)Ox zp&!;)zBhRF@+HD5d+darx6$;Iftc|M^`k5_+=Kxj6Y}T48IUCM`oO|~;qcd#L=O*x z|M_zuu5;v5LJnj1R%F?riV%xYOf3x_%%>;p3ZnetJz*_Cj)-LLG&>vHNudJ_Yo?tj zgea(B|kdNY2q}>l( zgkA!aMDzeGd!y)H`g8;UhY#z`{i{NDAJTN}BQZl=D2g_?2HhxdYRz?6aBw8?j1v`I ziG2cHwPYIyYN9051PjjTK;O|I@C|TDba*?qZ=Z#|ldv!H`V9Nm|B$ABtV~kb+Z_!r zcGlbQWGOyNd6a+}3`hy=vH-IIV9=Q}gEH5_sPHrB70j0}r$!zP@r$Y1wx0 zOJT2?&)y_rA0LO$V>>1YS^_7h-B#PGZo9T7!J*i8*~}>(D-d1$BHpG8hnFgYN*CK@p7R!Ub~K|`3P#f3l~tfNee<`CwO8c1l$#dlHhkX!TnL5 zP-akp`{0#Skj~x9m*USnec?xx%JTp4*~%A;cQ$hy5D_HAf1>YD*QbY2=9+0|!FGtr z(FuchGSGpF@iBo4Qg9Z}nBhgX9&lfH9vpBGCeY*l+PJ!bf>ZfpSTWPci=pbELh_K% zsk_n>*WzA7b@=^PBC~9FXs#M6w%RaVulqBr^}!Pk#6SnY~W2u7hH4bw@ES@2PD=(UBfIxJt7^%(HQC>w;7@m-WiwgxP*j> zW5+@vp;A(3z+CR~rAzlP{i~_j!m1Z6l)rt$j$6Vi7g7k9x{seBDS$bsCD5j*7(VL! z{&Wf-aisP6u$m#rW=oN$&_V+A+YW)H=k}t%v z(-nWk#?EfI`Zl88nDTP8BY;GG`<|d;-@&KH%uP;C9if#cigg7~h2nQF-4?I)WB984 z2_<|oR{Gkl+mP#HOfhX*9HUDrN=i(DcJd>+WwbzrOwg)}TZpbdge zHTO`~%wea;40jDFEl8{VqYKT7pv%o7TA=v(t83Sf@&s1GMDBI{dyhowo5|e?d*`;M zp@e+7KG*I}YOG|h*_(v150tqQ>(;MluHcSq*=$jDaCEXHnqc`24v;{^?Vt($g-z^? z7kc{gq&XeeuyDZsWAWne$f4V{XXI)i_Zs8*BCU!|xdbWkK7DFw7Kkf0`%g*WXU`X| zT!AM~%8ePb6M+Ssh>y$+6$OPV8hz)Wzpk4n>e0w+w( zsp{CdbFb+&>2+{v;{-n$u$ouNta;5xc_F;txbZeUbqfqSSQ8(*@XOVm6w;zLy#nsW z;k#Gw-iYOfpn7Swq16Qy{Yf?kq<{!o!Rc)rtN`F*h+l%T@&zsTbf`m`8cere@{_EV zJfwZ)*D!`O+IX{By?h^lebm=DEh?29V8%{u!UXS%TS3#I6JC+2DHXR)$$tJkee1h} zF)@?m1amS^2^ga8GBfpTfHVOa3=bI#g`&hkfOqffGNR@3CI>e zon24C z@1F6!@ze;DCJl;cBfZMb+A~j-2@E|Pwnsfcm9DhzfheB;%eLpAW9Jjs7)|p>uMWVb zfJr})FH!-KMEL!DT-*m5h5T=m>C;?kp0!22Gllsj#0Rk}Z{~eT!X%<*JeC&m$;oV( z6|NW8nEWt!;J|sJ$S`UPV=L%1g=Ts@Az0nDg-o3JW*ibK;FS!DM`&m|e$ktUFG*b` zM{*RY$_&M)4(adpn^yKzgFFBe)!ZPBm&(^-}yCFM`o1WiaiNBJjO zKI40ab3AI^==qC;Qxb~QY4YgN+j&4ZhTPkJKWGhcodDC&W7}qMBF13Ye2T_sl;@V~ z>shkkgnxd^t!vi|0I5I@i@fK)(Z8oU8Ge}_)YJEmR9;m@g?SfW3HH>gu@eaj07F^+ ziSnMC0v62o&+9)|c9m}7?rL;%JJS|)I_7c@qvxI{nf9JF!-GSbPD zjg~D_L1i^N4$npC^yilk9Jo(>@H)0nHlR!7JMD=K65kn-S^6LV^bT}6dGdm&1;rwD=!9LTJ+5YZTQm=dpY9Zyjto7R6VR(!yM zOsTLi3UzK9gsWsBdPds-MFmglz~3`w{{KB=rnmFoGiDp9GlB|1VXAw@KeUR+QQ9b^ z8cQ+=i@Q#rhquSg5tzU5Kvex=E7q??Ss^cwwy~MlAEe!SIeqZFj|oF(iwDRQrYz-z z;+O*%3xD)%$lTDBl;zC(M2<>3Xp^LGA0H6osXKS>0grv+V{5(pYK+?;()F0kjI-HR zkO~RobD+8#e*Iz;K7_cP7Rr({F0bR#UNJIbE{+Q}y?R)*Vqfrs2bym8w>=tHsVX9; z8>`@nkdiENB4X=Rs#=Pc=lAc=y(6!&0>J}=+6-4vOma18xobZgY3ot!0g*HRvP-47 zp;zAK89b_)TH27TTUCp}0P*(bi?#)!$quYK1-Jd%2S~7*a<>dv% zR9aMm@P@h<+;W@0;PC)-4(j5oY?-p;jytfM;^R*0r52_D^>dD*5~^n zjQVP|%|5gh-JUR;rN}?{4Q=1E1Quv#HbvT7L`OVNP`EfGNTWQN)nb$~ZNJnv@W#rv zoRJKd)Vy)n(;fPPK4SNt32;0e)J)msl7&P7CPG&fos~5%2H%Fa-8j%Y^HX80to5lMS(}F=;t6@Ns7tyUD2VIyT8oj-{>k(+j7ry@>VW;)eAt!M zE)??k9_L4T-pybQ`LaOq#^jD_S~Qv#b&NIXPgo`aLrssPN`=jl-IJ`DnN|}aH3V4! zg%1Cuq$QjZM__<36tmgkQsM{=c%D)o+;IPX?f9B^moCZEM}Rdmbq367yvx-5|6wwV z1+L#uvwnlcCZDMw1+#_|oCE06Z57CS6 z`uoqHY4FtXJ9UA41!O5^V4)Nl@p@~cH42f^lsA1H5lpTC= zJ)u`j(ban^4;?Z@aD2>KYam>yUEDreHUt-;^ftg7CQFxwYrTPK=8rryzx?k;$6EB> z^VxB$_n2r{JsV6t^nCnGv!t#IwIAJwH8Q9I6=h7Fx}@RfPju!wAzN5Aw87EQxU>5- za@BMzgLvgqMww}^cu52L^%EF|G0y&7n&gE7cYV(ry=O#-{q($Eq?La2381wS0b(Z8qZ&znWJNbvmZ;^V0509m_{KkWt9+&W%A+yiiNXY|6`}M2NHS~9^cG%+Vd^u-0==&`QIbK5HwG~TNuTDorQM>l|Zgx00@hia|!A<)s z94fg)1jG@!|VgmXLt#|gU zM7(xZVB4x=4@UxD|>HL;H)g z^`Ji?*hI#J{rRaPP0qrE%<;axk6n-&C|%?!u`PPG#^lKRnyon0{`sn`IFL?F{P!yV zj3BuQQ}UNDn!L~CKVxm0UHE;ur!)FbaA#omU*9B>VDbNTqU>INePuM(33i|VGoMx& zhGHvNJxlt&SwVuBkX3$v-BIl}()3^d0@A0O^e|0n-8S9kjS`NcZvel`||glhZu z*9)T~iQCys_xjW13mXO>vrtaFnz-FTM*Ls@eRiwxL2VtZx3H~v>FR*HBRnV8OjKRH z%>3A0o6n&lBAR*34>6Yo8WjC1Kyl*}hNwHkeRrY15;pu$9Drsb@T4^$^>8d5YA;SlmF-XSiG~POn01ZbYVZZAFG7 zJ`G;?yEYYqhRJj}AW=B^LSJXI!E%#yemp4d|91E)jUElCeVdJyzC(o~m|$9j%GBW8 z)Qd6qYqDs6^gG63?Smd?vM^)IOeW=nlwoKsg96wXPKogZp5W)M9pP%41(F@gf8 z`+j0#d^{6qwknrtp|>jVs;hEBIza~bR<^B>o*4)-o-;>o+O(~NxzY&?b}3Tl^X*xp zwjwhFBKncu10}=!7a{*#t9YI}^mZVuWGB9QI5IcOlt@0;-L&NsFcMmm8Ayt;Hl?;K zcLKG*$?=KR&O=s4&4Sayu3c)@d00Rge*0B$;Zm-1e{)4y?)g^wP2+O zI58+5(_65l2&{->7CnAu+ZLOGC^7XcCP(13{}oorJ8jb(O$BkcOpV};+5vHIiA^;p zp|TUh17f9X@hzemamZ3-c+**iSa2Bc8n=na3jyKx^u+j^mq$@uN+Gy zxAt@ClZOmBPv^~Rlu_SyIc9xL6E#L@S(&;YagRQ2=&U_T7gnb3h+!BWk>|$^@&0|_ z;YcwcXiPYiAqoI1WAcE`ky@VeMo<9#ft>N)VF9u%Zr+Ezy$2|&fHXm^)7=41Kmca! z{sEKmC^wfsT|*275&-!GPW1Gpho#@QXOj&0?m$KDTZiK#Uot=*=<@)#3_gvZ$Aswq z+B@pX@dk-Qhaa$&m)Zbq?cV&spWN_bo#BZX-x=j!E?$X^tp@Kn&)n2PL>`Rl;Q7K- z00_bJbJN~U&rhN5;&US-IO|dlVJ3m&$-{As#gRalq4fZ!fpT?!p48z$uY!07SSj2O z^wD9cacVqUW5^`hhohoCVG$rK>7Fa@}&_6Vpf6>`X?N&K&^u*d-?)PqSR-_ zcCgykOZZrUX7J=rczc(?(blK+VbY_S^3W(mQ*e-?wj492n$S%mCkH^GtL*Zug9$}eAr4H<$S9J@1Igtz}08Z)}^ zXRhaYPEKQEV|6fU=X9`WA`xW+cM!KH&*xgyU{p3Wo3ymFiVvKTVD@emV|ze9qCmtc zh$ILe%a)-aujU(f?GUUwur%Pvmd;um_|-b*;>CXKW0i72>tPhM5ke}@QzDZ=c?jg8`yuo0L)!0$!bc5C6%9pDCEhv}J-{B(`sb8{2R>bolo*jGV zpXz_A>!T?hCJR4Bcl+ywIWSk`g0(2BDQH0jw@iWenN6_=88v=`1N23PYpY7ylHjoP z^x$8j<*dCkH1q*Z<2g`E`_3Ao-p{QcF_&r<;YbPPzA)rSEm4 z{Q2|e=-Akb&^dp}dBPUiU9&9D-(P7>}ihoS%;D2cg@Gop9cf2 z0_19vi#cQCj^+>AR#Fk4+$zhF?(A!;`2BG#C?fNTB>YXU|GD^S$9V&ucoK-Z0YRB< zS>Q&&4Tj3tkAd~^RQRtucw;2PGu_V$>Ks5aEMLN>ErrFObF%3pvuI|M{b}BJLi2!& ze|dS;&)ma6p@a^1<>by!(Xl|-)7dP}rMxHE4aU+EM1hXX^6H`f1)HX9i1~-}dv$))bDgq(*3M=41y>^e#>Q7jEkE*iyNfPn`>%mdGg`Ae5_G_sEv)QDtx&yrz-@;SzG%aFytWH zm477E{*sychK8$HDz#@%i*PeAH@~DKZYvlcpBScog8)uqM&-5Q&s%y?PRZeN>Bv~n|pEiXy7E$lc%JnPT0{~TInMX5mXKk z2F)gXjvF)psynJHy0h>ZHSgaixVG+qR|O1#5{IFVO7H7GaYcVv^wHNoGy9e9vO6(e z>boX7uP~}#bnqum+6)CUz01M(#yac%cI^Q6+_X$?YlI5WUX6d!=xO7lcihp=n*4EC@S)J{gAXp#SbyH z9e$+mNz-Mr7bH)fIkR+;xZQRiAkT=VGT^k*(wR)L(|Xz| zk5#&v4DbcvYIYk0*Po1_dTzPV*0jtDT!>HszzVFy^_J$9q(61^7Cb7A> zd7PbUG!^d2OHJEcTyD$%wB5LII}1W|&M|gM(IIh(pu;`@=vV)wrysVFmTmp{PmFP3 z@&onp6?+KYHSmVMwg0DeU?WYGFHjkRV-5A2Fj7>Y^<;uA_!LErY{yQAhy2K^8y`Y7 z;Tn3z-#;>?XThq)lP%)(;fA<>%=q1aGhQtN%XEl|djN+Gus}z{)f9U6LceXivh;_G`&10=@Ngi@tNco-Ay->g&iOiI zZim*T1Z2;9$xw?Is*V^jJK%Fn;E?bwQN*R&#$|)wJ91+6+*xV& z{_3^yhV-qOBkuN?7Z4Sykz*<<7h}&%MWnPaWDU{blHSaP*VQ^w*9voqEqt~>aU3e}bwQpWK` zB{WpoZdA6i5o=~y(4}Ovh^!tSUatgz9&zhl;M+z%Xlk1U`Xyp=8x&XYVGUAVaQW|O zE(IZxDMLX>e?m4^MF*XfJ0c~zBNA6^TGM>6FaFlLOVt@HI2@L22nkrOA(CMjBk&F^hkjN%Rb%+*z?NyWcV(9scnBM<%V(-167 z*a2!W;h=_>?%M$v(77Tg)7h79o@h5jT3XW4-=lE;tHH9#^IP@=oSsy>`1=4$i5w>Q zsol|uiLRxjS-*Y>?d03qmt*v|CXaTUkSOF326=GhusB-vW~oUj~H_73_S_PEo2COu1ouFFQMiGoSZJ zjBQppLF$$8DNzl%H@!JTBrCYK0?E-$I^?5Ao-N*=XnJ)qX-HcXeLop#Ld3^c*H^XT zD&s)qb@i$(4Ht)(_37{f)x7U;M@LsNpH?CVtEPm;f|c_Y&K?R^2i{W zlB{!v7c{?QP#+&Zk55bW61Nsij-pw&vt+J}&4!(pc$B07N%O$wRmk#*DIFaT|Q)<}$(6 zO#UIM&SH5AH(2{H0R(Xuso6+c(Bg)}3gyZ1X(GpBPWc)aol7m8zWI~=PvAojU_ixl z?D%nE42H+MI`P=>`hC7}D@T?er5;K9q}!sZdOsyW|FQqGroC6IckjLs7V^!b?{7%? zb`Pc?sn9rwJ;lVv)uxNY9=rLl>2NpejmhIK#x609+b!q0a`OHgHx~R^apAEul9NkR z1-j!~NtCRI8nyA*iGeHDyF54^9wDp0v0%jSpItv^?5bN05JTC|p5Y*pcKbF6t!3$~ zuB!(O8ehL-puSg6Wex41So^5fx@YffzvWD^UNrN6OzCzhn`f4Fsf>BtZ{6I*+kz#u z4}U(tqCBLw_|KLCkvpk#y?VMV{uOa~m0pfgUS7|fh=2Lq)oW1jEE&L7qrgCm(zM?% zg@>`s^veJIPm!@F|GkysfAK%#q=%PJph0+B`!60KoX_}*gWRTLjpG#*B2s>vney{O zr~beBvHz>z`!F)%(A*~{u8V0De}7y1KOaH8N#3~HJ|d1qrNQ40w(PF%+UxfHUPn`> z{CO959v$L2IjgM*?^JBCU63|Y?tzm31Gj9y#Kd!3dks9msR8e!}L1J>PA zT6pF$!>>u^RhKlk>ZW_Ej61^zyH}Qyq^z`*93t7T-yEyz3+8d_bRM{0;4*QB`*mxg zIeuxLg8U`{{_rDh73bIVOJ08dP%3qrQoM4?IN0qJR|IC$FJFm4*h%Q8CJ<3F^|2Fx z;kv-y48EKD1>VEvfpc+j-^d&|@?G3h$^0w7-pby-ZO3Mx?xYD}W0sXw#4XrRC*F45 z$7Ary)byeh2a1Y&bR#9S!DZfZ!N-oe^YW!LagEbY*&=i)Qd7|36`LXjjwk7 zLDSYB#ORj!w9Ed0>&+IJmVjp; z;*OIOG5G;=_`wy!bHtuCbx)oMAPnzjEW$YIUyQn@V!N98qgo!9Xhy)O`8x4+V-OO2 z4M+i^oWap@K6yMpwvxNS)5Yb`H)!D{jPDiMH2rbeBFb9i#6Kj5zVyXSH!tr=_EPtS zFM%%U>5!{`YEo_IV~Uj7n4TSW-_thjLQD(tfk5CGw~A!7sdTZI zV|sHH7&0fD&166_2NFya{BWkdm!Cg<)Ts9)8_I-JN%|k8$^6b7gv!b_6vb`5>B3t< zwE2PLs}rAo@o}K(76>m|LS!-~lQI@XnO^l0mtqJQbq+o;p(Ojf9W{zvj6E!Sba(IM z8Ug;y7tQ6+K*hX_u`mnJ*2GjHQIiy`tKcV$a-vP;qauq_QwnqFMCfo2t&XPkz-~vI zNS%{b-7*zrm(5Y^g;*PHYIhT~ZSicdKd23y$IFmw7Q|XwZe2rl4pbm3Exm_o0626) zlGMv|3HgZ=?HSc3O)>Lv+PqlOZavn9&}q?wJwC{04jOpm#8aSj3PW{t zguHtO7JCh!x!l;;k$b~@AHy1p+a+!1gpBi)05G7~V~W(AzP@3fcHF9ON78+}+^%vJ zDIezK^DTGN>KSRCo7XxWDN)s%@xigFyydUkry3fZ$Bp{}e}g!J$+v? z=chKKj4XKi^fR$3YA7wb)GuIJ7$9BaRN@l=TCTZmE`pA*%Atnd{P=tBPn~M|1v38E?gujN4#AH%_ z9Da)E*=elVvq2RjSQsMBa$(t^#3i~e!LH%O#RI{?;aQ_lL$JlfF%;Cyt#9X@Oco}g0dQEpDtJUH<;+r0 zn6KbRqk;8Q7#EZ`1?9LaYX=asK}P4G#DAYc3H$ZRuyiDtImj<9*DF?9vs^7G+Vx_@PqYw(t6}EwkQrx63`o zx=cTd!)jP2uJNj3%8D5Pp7rG?VzgG=|7G4{;^G6eK`7?lza|JrKv@^RD5vrS{j3Fb zWgRT$6gYA zqZgiLO8o(KXn5=<3QysaqPbeS!H1kPIo$b&f8a zm>Ef|BMlzyxsH-`6R#8v%H>gY%<2CsvJOG1rI%<4NR27nX)+5I1SCSaxd#XCHi1LH z;*@_+FaCuN7>5L}S?=Y|3O+7~AXt;_%P*W4CTm$)2ZYdb;O?CTg%*{$PvI!F4CCS*v-$V~Et zR@|qcJ4h*Fl8tB3>C+7mrwcQ5=g)r?ZI+Xn`62w~n(UF^_Ayk@!6EmOAndhbD#t)8 zcXo;=wj?r&8}x{Y?5Z)(vOX#VeqKvnk2`ckN}FEcG5Bd!!<(ePcFo zuh%K4!bOMQlksMBM)^zo%&3W+LR?GoX6Hi~E9e`wIBvb%JS@2bJ6$P0%L94m+^iM~9!?#xT4;qy0Y_&>g-&yj8~L6Bg~R_8yr`um zv|(yTxYCIShu|mmz6to; zkp5=l14sHDQEe)pSueYI)jL(&wLDA!255acwxbi@bFyHp3*^J6J<#fG3tRhiio-lZ zFdsSbSA$OPT-It7a`u(`lefr9?DA$^m7Yud9W=zECOlyl`UVOSVN*fwrA++iA`H%x zE#!adPKzI@m3ftrI-&PnkV7vCPQ^8>g*oNGL6f?nK4ln9FhXjMHHp)~{DmI{o<3!k zf3dSwVqpDZ+J073u>yDTgc+M*2m=Er_{bF0#v~=}IGJ5lcXO;-k5#)`yR~l&FS)X4 zqW3V0)!V~wuGB>12pC0hOTBf=2vn09c3d^=-i_}4D50B=FEf_P%$V}4;5!lH2ud7c zw&UOUcJv06i~LSZ^-gxuvD++JD05>>aGBHRbbrpJ-PIX$w(bS z?aPx-EIqxv7A!q6nuON7Z(n~+sX=*ea|FzY-edWNFhD6@pU!Y5m+R-;0{$u*H1q97-uUX` zdz*Sy?%TQV+BD70*>)Rk7AK`d&V91?qrtTCD{fpy9I4cFW#!EqK0b!w3(p))T@o^p zF{Pn{qB=iiAP4Tt910Cr8j2B+HeU6rcq{(t;0CgHtk;LIeg#XaWjFA#?gFykwTm+` zXS`tvCzbrEYV%_D{mncm9;&ch0oXU`pMPvf;hb(S2|i~-HaIBR_)1*jeUqj4`utzz zeOFYKS+}LXmW3G=K?PA!M9GpVNs44d$vH^QARr*wQa}+Ek(@;(C&|Jgs3ggfB})(l zB}mTa&SO>m_jbSZ7~S`wM>kJY35Rp`xA)p>%{kXxmN=1uFtEgdKv@7ntqqS8JzG42 zf*Yu4L?7ZqFMvjbkwHU4I+7C6hhQAQL)fBb!=J&A=3^cT)VAb z&taqZ8eN!p6_ARQrv#B3{rK`l9<4Cg-0%^WqI^J_k~Tby!4;%iZ5c@;79Ow5l(Tsc z3+e6ai=0&n0yoU?KnP#0mq5q8`y0d{4CQVICl0C-k_4j?6`T= zK*5-F;ZrS*-4qW~bR_H~#3gJB>fSQ}j`Diz8%VnRX^Liw9&Ymb8p2F69o zT~V$he?fVR-6P|lWG>1UMvlxC^$+?0SX5HmvC&{xe%@OOzPzxzMWxcbd^ z`l^xeUr;>I9ae*T6c*mXGsmw6mnnxtN0as%VlTKRkOSAE`4yOoNYi$))F=?4$K!$u zgPxwG&GU(a1p^N=^LMbTsWcc0huRl0BNxREUY%VdXB1Z@h&2q%Q-5>w&jlYbL{#^c zS;!Vht($0w2J1zD-eOB-PY0S|Nm^zYFv6}k0&c>2#XeBUyhiGRlpUgOb(Fq%69^}d zkt8T2A~mE1TPNr+c1=Q}8l53WWaoF&L4(il7Vc9$CX8l)l4=)Q)U@$LFAr0p`tN8(PUG3t@C zPV4cW=X;fPtoL)i=j_h#S^xm~%pJKHDjyJ)$W2L>=^*s~1}0x%w#BLJQe6qRQuPqyvRX({?D)PX&c(6cW)K;4$mRw>4dKFKT)yjgWsD2CX0;bc+Og4N|( zXXi_#AHt7OJS!LVQO#c1ap!1`gK>QT&3LWP!Qncg`+Kj%{rI1d$UdR^=s7+XCC(Y$ zypt+_OPB9<;Z4OwejC5k((F&5`0HigN&4^k_q2_3|2b;ofBkLD@btDVFAgp)=4rOS zUTd4YE6TMVG{4=+nk(P=w~W|bKKWPw9_eS~&shFr_VNGRw>}`WF7ooS4G15jrbf1~ zv>7csz8MXFmS11OxPv9+BDry#QTM~TlP#3=gD@^f`@{p-fr^WlesAOW%XbCJ?kEem zLZVQD;u+Vd-SSs!#n(uM5&Ek-o`6~f3ir_{2hmJ5Q+rh>?&;rFB<}>WAx}X{jyQ1< zo_VL!_@r zU}#R9KoY$SRi=fxd89}*AQ(s zL2YV9Wy_L0#;9m+Bg-A0L{)^^-Q|q;9T7jne|FnU9d1!v4471R0;YT55QnFmyZ}<5 z9vhyn65s|qgGEAv59mf&EfBBZ7VJ^;q8^(XDD4GN2==e4x7L}ShsP0ECDP`3%gS`9 z!SFe;<`YPB5f>3!UkynkPP=1OHhS?cljNd+7RMLcfvEweGl>KkVHuLS@rH<3LmC4~ z2pcJhkAZby__@;KO$c>eZ2!v}f27UUTwCh`fQR%6+LQHf-aPG{tXsMU9QZHc3h`^0 z-X1zQ`=ESEkd8r!f$BK%_6jbH^3^dKIx*lTXfwupK@-_8Y%F&Jg&pt%(sV0y1*0>{ z92N}LnEX2g5EL&1QnVjrs`xCfB`hj5CzRl3JDh+qaM%r3;#wlz14uuBLx_@kgHcex z6|fJ#gK8NH7R6gwJ1F+hSd@otfolXWsnat(Iq3>i_U_%g;8avn6vca1s*dVm(%s_J zK<^pMbTdNHjxVtATDWhqM8=h*b!cHj1?=X98kXj4}`tF z7a$J&AxuQ<*p5bYz?`HZ7$9pw!s@y%A?x+QriK&244lxE{n4LHz!*`@GU!o<@gq;4 zJRwnhC@<&Y5Uy2}%TWGI<&;)|ONTTJf1R_t&S`jOsLLPv`AOfn(bd@r z6psL9Dsn-TeI)o7P1k@K_|awqU`ccr08eZw!1cT7uzg8m4uWcN$?$-;22~H>X#jF$ zB4baXEeWV*FI&Or1Fc9Q3j>2;&`#6Sz--om#$;gXtHN(DaI2DrehieX097C<6@?Ip=uuVZDDgai} zT#`S48zOj;de!14DMe2RII#!|>+T{ke%O=-2Cevg5_5wa7=$K>U4#HjxGNkXd6~fN zg2WlBS(*ab!)xISKO18I9;ITdSPPmwu#%uE_R^8^TDbX)jWO_eA`O_BMH2u-eDIYR zA05StSE0QC<^L`YAeN|=O8o`2pCP3OgJXcI7P@<&ACjn!&`ag(i`w&1I25F68S-|> zOrd}Zo5pN8615Puu)4zz`yF@?$#VnvJkamug$3okfD^w%1qiV@Wa$8QW+39DHpO*8 zn%0YUMu@k-uku-ao~0_@3dQXKZG~8*B{4qX@i_}W!>X>m184p-r~UFGBJTjtU{7=!j=8Hbn4U{T~BgUJF?d;nwn zaI!{6QODeejbife7^4=#qM@kJbp|@eMa59u6%Gh$sF#3xBDxk@biIG76{HgbhLG@d6QdY#GT?Q46=wwC2PPo0Z#6Pn znwv|zq=9nxdGJ714c-X@*sCQItZr$5O<(sAu>FyblWv2A5nx@>IIk*N0$>vk8UW`~ zq_v`RW31`|!MDhu>F_iRHR)WyLp;>bm9U{|f&39nE5L-h&;GReC9`IHgI4$A;H4Cp_ z>nX!hp}U;h>a#pU5Rg5%3W@h@#i~^>L!N;nmGB$Mni2#Bb4cUj@^S!%i6HW0&w@xr z9j}*_Sc$zr$@LWa5x_?5l!sSuq3alKTCx--l;viJDe$5&^uV@(dK@vM`0d-#W+`;m z3?szzadLv3YejVi?Iv?Q+Q zeU_xmaape{#4Ts#%lH3DDc9fNvISs{fJ16j0EGjI9dbXYnxBm=?V-bdMpXm8)%&1g z89yM=U35XU@M*C}(14@`&*EAXFRRxGK8PO5*z$5O?69P35y%2ja^qk^t8)u^7oZn7 z;;3@)6&%FV5OH65laypCFaHTypU*+0Z9h=equ59M`+}BJA7mttsd?(Esvugv3Dh5% zWw6N%b~GE-7;g{lF(d>UwfF0l_Vq^BaCLlN#m=2R+?z01#t5%m5gB1GNDFj;tGoP=`P?LZi9g5W;0V{wUO{ zq+xtn@leqw9K(w=dQ5C@h6T)jk}>@K++QnCa^O8X)~e*U+2WK~KEgR^gD{%u~UdmjZU zB)iubEKza*9>%KME$_Os-fnV2R#uE^@71dn%b}c9>AvW}#Mj*}c@Pa?w&gG`JN3v$ zJnPZlOIY!lLTZgr2!|p@GATb(^>Zg;Cl6}XsmsT2x7|z0^y`f zZ4_*o!jJ?cL2-}aZ8Q2`FOU7x(t7#NQF|AdxMnX8d1Ml#bpA^4@CFY5o$LMYfBXEp z-QU`sZFi#3ZsRl(n33M%Pd+i9J%7FP|Bk==fBw$@zkY@1>CxE= zcFTVw3)^Pn|GkN~UH1FuvHjott@Nw(pYN|qnl^+d6o2(^(wQD0WWgk-6t%LkyXf=b zaXX{OXIi1W?O9=&UX8i?1)Ulga@3J{O%Atep^vZ7L-)gOUsId;1|Q1{6xbU(bllMr zAY6SAAoTRH%L2daOxb))WAqW0g>>7N;n&zp?<@NrI9Gg>Ia7Pl?$#}q5*kU>(z$BbQL4H_t)M5;NIR>syzpaQ zM<>0t$JLIzJr$lRLSnL7g|3AW2bi~OZJivnTBY@8FIW10Ina7ctvIo?|8cqI235cN z=7>b@7Mm8KDlJwaBj|9xi1(zPjBKIU)_R|XCNQBOi9qELz?0obOcR zR+d_n!PL?9&Tj;%jGY}n6$3{~!wzKbnb8kimP^b~dbR9c6L(b;tN7;3C)bZXXKW+I zB!gZE5uCU9-KJX;{J+{4H#Hm8#7A@1D4AEEhHAkFv*hWmp>OE95_mg*bM0w6+|8F_%*V$!hh`S;aZP}=D^t=9E>xXq6pAU|{Fbt$NwlLF4f)$vn8ZnwYpW)U;{*QvWZ;0na{X1>C+ zv0jGoQ)&K3-nj1=@40L3WTIVOZyK*X4)qKhH(@TY47*^=H-B4VW8`kWN9(JKh5Cpn zFX0^J4qxfzEb}{qt#QJ$G2LQ`8Coszk}(Qe&p%|DGKiIN&&5^jJ$X{+jCXRMiTcj< z>B2CtbKVE%1Yxb}s`z>~YMps1 zGFVD*shlT-`5c^!PQQ1+Wj;z{RA5#ox!uC7vCRL&a+Azkhf9219iJ1QnEP)@4|NSz zr2K2!O63as1ig`_=)>YyeXRx`PM*|a@|LG9d@ZtGV;ed*VWoRLadLBjk>sEC8+2E7WhU8mUvbav_Yl<2ws@aWifww|H$zABmRvFKy=(lwvn zYTs`bk5?k|J}AnN_PIn4D}_H_OKy`q)gXO?ljznZkNaLnYYShpna1jT z;1jRnTb6b;!Co7CFKGoDjumopZw^{>U$8dQEiC^2qdJ$pFML@8&tU7LGxq@VMw!aQ z#iq(khj-0FZH5(#ax6!V&z>>o?plG06!0@ppio_)&jnW>Twh<>8t)dh(Y1k_K)FbS z1uL)(^w9Lb9daJ=)w}OYbaB#$TWOo2Bw9e>ocx5w6Y_qx*XMJ`8-!ejR~~(pg)Ias z*0JXG+WPO4V5ZtX;Ns|Sh?oqDq-40hQDA4dNJgD1C|Gcc{|&J==;NnPZc%*JRu;B; zQg03dC;Lvyd*eii<8fq+wT$S!Vxj+>FUc;VH;4)je)$IPH;PzAEE9MmU|ei=T~^i- z2TH53nBd;wSUDSy0}us^wAX$k0A#g3NnIWu87ak3k~eQYg@=Djkfl-s^Xl%i=TWK8 zhFc5_-zvxl*9VI!p(-q}p1yJBtTjy!;{mIl_JO{Vx|{@A3|lI+8dw19%RVP3p{i0` ztkaM{8{wzm5@B9@$g|nKgG|(=Tf?RMcx!+lyIOYt#(W?r?dH3D55=vY&5hUO{15E! zUENF@>mM!p!$o6)Bh2|x$%(5Di`|{X-9c;5!p?@(6PMS^ulBC=CQ)o}?)p&<4Qr~9 z)#fV^)dcYeRPDi`HoNO%9V(Wa++C+`;<0Kjl)lg-`xeH-#6I=OxkAugTGk>!^p`EgLaR*mgmrbtNYHD#pop@~bv#8kUn8;&Z z;|=~7OT`9_!NV1V@Mcd-p)0j3`T> z$$MW(}2hQ8GtrDrcl#QchM%vQbwzlaMH0 z;Ji3{eabzbUAc7EV)pGArS}8*-qMG5(D79BW{lXx%EuU-_Wroc@xlx%oY>@%e_Q6Y zh{tSd4U_lG*88`*G*NaZIay0EMJX&wT=F%JTV*1X#TNd#G-8R3`US@P(!ki=OItcL|IT zmQ-!VEX#N3MJYH6#5^~S)fHKZ%gEa5gxti|zu?b64gW3D0n?bUAQ)s#^H>ku*rgC} z-sOF>x$p6jj#BBNGG7%MO($aZZ8c^?5GDJ4B`C%u`gN!MWdqMZOGWSA}Tq zZ(&YTxYA|nDOs;6aP+YJO8BbIKDl|$w!_=E*p$q&xRdnB#p9P*85@!m{r@#)EqN@m z*UWzRp2$q!Lg(gbFfw5m^iO+#YbzWa5F&JJ2Ma*qL_9Sy{_e_Rp84gQA9LSgB%t2f zNB{-Ubme{?lZKBXTY`U>w;Gkx6te66baJxMl|KbU4Q_*{*11(34X;^Q0n~3NS>c7U z>tRqa3u{K0_KT~z3@1x9)Z4wHTdkOCmy(%1ECR zj6q$`?Vq{=K}u1Sh`fzFd(>1nK}JmM?LqWP{k%_hNF`O>to0toYvp`pP9$EG%Y0tg ziUa~^;h>lEV77;)**Bpo3FvD&T#rC#FOeWaX}|PrP*RxSm}4>G}1+|yiuE^vlQB*kJU>_V! zbDJJfJ})+&WN7p}EFy8q@aj6tc9aX({RnfY=*I)BkhGE`<`=VIk6eV4-u zcAJ$+AwJUJ;>1S1h-UFxs#~Mx0h@fDlq%ozl#y?L%Q_WJob`T}n~=);iB+eip=huz zZL;=Vu%z=e3$gCSbCpd$w@Bh#K*zffi>b7hR<7imgF>C-mvwENq6ZaniPytJUe|bw z5Io;T)+@_pvdz0ZcJfo?WSzRVea|Vba{u_0gJ+mIE)nzYcfE2U-&wWU$%(V+@5#I))saq{X$ z7O4nQkHR4Kxh}2$Y2UVYmXBQLDqC}^^}J%JFW!8%aJtAqT!~I>aWWL0=p`~)OkBA# zl24=6bH_~cv-VJ~&g4UOL0DgUyYlupm#2Jx>|bcR>rHzZ{eU2xuamTTo`$-zS#~NT zGtnu0`T;#hcg&>(MrbP3#Ap3IMS^qTW zIE{}r+oV-3N<7OP)fVa_jn9{RMu|Rryi&6)R7T+KZyH~B7Bm;Fw{N?=i0dkO*!Y+r!L$A4JpFwcRloPKt2=bPUC3-#dMp()v}6TBa=%***tyfi zqcCooW9K(e;KCu3Trl5<b(=bE76;T-i$m`-n09envUq=nRbpJ( zrt9(q3^7-s-A|oD@#Fu<^~`2vRq5*md(dZ@Iw$qx<0;O2uD32hpT(C>OaMhSHpWi$ z)CQm#!W>3$TyLfxghE-Tcr-$UpPk*dyY-yN#ziQ-UQrU;L4Ohmw#4$KX`xg<=71e5 z^mO!e$-4vSA4+Yj+9O;*mZ#%l)@=8ll9Jh4;a~afbMl(ERj9t-OW32Ck+0)^S}|j0 zX{CD2OepQ8oBU~}hZmU4c5OfN=jA)+{-j@*{7gS8p1cs(KQlfW5YZ45p*QW##V0b| zM?*u%d;7VE(U@C`{%~A#q5O-Sx$LYPgM&jK12e672|2B;+CqTaZeB5;*nIKj3vl46 z6%)7VtsNKz=l@jW!_AA^x9_NzX}syBbB>W=p3Hi4 z-+bG89rlskU$=c=sUgdH+Tv38GiG1mr|c5WBx63r|++}k9?4;GHp-QoqF6lmZz$1`ZV_AmkEZ@H{&-H)>>`XmX!ox<5k4=cogxp%C+F8vapkeTPJe1vlr5S(oJhT-sgu>~)uT603+}CmoA58^Ow!X)(QO|HCtF z5i`?wxTn^c;wT@~9!Z@iFciDhMOx}no*aLWRk%{S>)z?;jSpIJRGJrV7By~2a?8~g z?0ewH)ypDbTzW;E|7K~5N?qdf+?;BQ`Y>r{w(mPOSCdBClA6_Xj8cBi9{KHx{Kq5I zPcl6s1U`ag86Kw4V9^no%HlPKXC+qz$!}XFt?OZxL11!q-*gn8X+zA>GPZLe6+?4( z*vu#NAV#q1e{P&JyE<aFUPMO8r?FDkuOAK${$zH0id^K$yBA+> zgw~j=p{-zKm;yj;x7AW#(NJKZzYSI2C-%6|t%RhoY00W?uB60k9;Th?<(v@>py+Ed zqINDWCKAm672dqe6vD*pFrV4)R)0!(<+Q;T*`aw@kA{?5HWy?Srm{W_o*W&$EldpC zdvwmhe#t_Uea%o?{jHwTgQ%`nf%IRM`Rv%iG zLwf>EyjFDkntdWF1UDJE863l3^+xkNa>~~3%c2uY?0KGYyU|~)Ws|*RTCd1LC17U! z{EyWjM()HI|K-o$Y<=Ap<(~ETb~B~C9XnoB8~RmLf1ktN&Bq4Kp~~7^Iu9OA7pJ+c z4y8~HpI}OjwHcboDxos5OO*J0(YLqg&N>6Fl2nxL=6blDe!k{8!7v_+f{6oUnyr(E zfA+f%z8erv9_@ea~k`5bQRrFRZT`rWp*!4zrwwupC2 zk(}m^waL#y7J@lQ*UJtbx3!NJtT$fcjI6l88N%CVncCK?Kh?amx{BNEM<7ew z1i7>41u61_ugP|`Ci$^Vjmr6RYP@CeBD4jsD!)o1U{5PpUEpSL2%heww6wrzydqZGSjn3zs7 z(5HVc&S&pn4y)aYDDCZ!VGpaXubcK-XxZ)~s?X+&kmllGnv`ID?YeG;YMSjJ+rB7T zO_jw4BRsHDW7)B6Ly_YprzmO921-r$b7@_{0HfVejl!-A-XkJG^iY}6tpBns=oU{hPK>Tn(y;5377PVeNV&cQ7NS2w!uxIkNGj;<5BdQr|QDZU3 z+ji8~pE3(&?aP7^bI?oV-sy)&Ka?H1$ZI9l*iDekO;=_ze0kJ#rYDzkf`rIPO0ot| zJ_)e8mhtR~e}Chxu{77wDW2u}a-A2GQ(Xrm*Bm39ilz%oRnD*dUMXL9Nrvm{${}+K zwV1qY!}>~|teNN^$sKa48~l7tminPy)vTN$Eo`pxWrkO7Jn*|x$~~Dyyy)7b*}3wi zvxbkgt2Zi*P*7e-XtZvMw2PZoaw_Bt(@k&C$&3*130HqMbF!exsPL#q$a*NDd3}Aw z`+fmS=F5b#q0XTmf0Nv2ohOvK`>#9O$Gsg(pW0<(nVy6wXqQMRT?RWW9JyxJM8!EGxe0u zoaPLF#k+0WzXGJit|)UBuQ|(~C7$qO z!raoz!*yM^+O2whlIBgLAibQDuKYgs3lbe@LlI{s_e}dt%jK=azmG{YXt9%-G9Wg$ zy2(*6!m6!9eUY9${;Il(z4H!wGT!PV(1qhp@{}@qL>zlbpxIA$`8U%4Ad>x87uvf` zr>pw_=jWu^`GD1+WODGU{2kC$FDVcZL=uPc-_Wq5KDSx NY4Ph~nW8uE{RjQ4lp6p5 diff --git a/screenshots/hunt-1.png b/screenshots/hunt-1.png index aa7ae7c1ebf110405be5be9be43a33714dd3ff4e..08971384777b37988e582824a707a522eb9a3e17 100644 GIT binary patch literal 171491 zcmcG!b95!&7d`l5t7BUoTOHfBZQDtQ9otUFw$-t1qhs5d_n9^Qo!{TH*3??bO1->W zRrlU=_St)%`lTQzjsS}T3jhERBqcl8`5pKE#^Wy*$L9|@ zJ@C|W)7=|O05x2b_Gftzdc=PI?epTJ2IQ4)WIJ|ayO94-<$7aga6ZO|DL7b`3=rB>@D`h=cCQN#e3S^jZ~dPtLOVE#2b&0*FM?7iErht z@jLa8=BN1=OTTB)u@-&5+Xf+|_(~m2rxn9s+^M&&KStqPITCV4QIRsoZDKKAI+C7a zuP_{1rinAEcFiYD*|1(UAX^g8Q`McLdD3$jMo;`cBcN;k_fU9xPLh{>(=HGLrD{|c%Msi_=H zrS6*cs~>8ZI)D2n=%AFu!i?cev|kLbFr&zIM|Xgi%=LHTNkTbkgecN!-%Vji!jO+R z1=r8%N&WD%qO)xd_-pV>{V+@E>5J4kX5oXy-hX5bW4bD}P9F1nG2g5&$C74CA@7^6 zr8bW5k|4WGtCD)UOw+lu5)WYY@+ilwFv;yBG+VrzxVYZ=#=7!yuH2YFFPbA}V|g>G z5-hLAY+LUNdhn)or<3GM{V-uq(3t+I)WkLC~3tU7FdmD}MaiphGzCh8D& z7)O}Y@7Bd%-BC6<(@LyIQ{eY27rUIw9`m+lma7^>0$c2D>PWcZTGW$MS!W*(UK4(c zKJW_Ng*WQCAi5}F73K~%($SB`?%6)EOm7P8qs0;)V@IuHMD`$m1?ZVmxw?CMhh(GU zM9=It7W2UBJ42hS9Tm?Ee_!@R<@z zf)yMg*3qp)t#G$2B)&*Y&U=lqP*~+(b$PK;Foz@GAVm7hr~XOrDxR{iRIIHDPN)p? zc7vf@&nAyWr=4R9k|6(X^&3J_s5odeNwh8YvN&fyy{2V=-|ui)ej+#W{SoEq>gnam ze*g1>@9V>MxML9mz+Nhdb3%k5- zX_|As|sC;Gr(8muKc6bQpwCV=@{r%a2QVrY;j6cp`~(~=YM(+HAm zP+#kVTQ;%9to3^%d*GQfgU&+c&Kc;Tw+spo~h*7nMMLWzf^dPu)J)W&g`10{L42u0Lg?NK- zY_xl(bXBxYbQPcSaUQaRW*ZrsFJ~<2K9ia$x|+=8qvHf_1KwAz>3CbiR$5Avc2L5v z8e65ot}19uNwItaQ*a8c&HF0>ba#1?b8Q{;N>Lk-%cFRlaA&kM92G`+7@rNBQFp=UBK zz$x0SP3I_ylAV&&qCc~8sOB!oeKWpIlbI73!H9n`@2xVfMN8+Po*YJ>w0g!1T86Cz zMs6Tul{7WY6r-TGXbI}%#qDthPt5kTxN#*!|0tB&VNw!JotJf!aK;iC`GuV&RCun& z;T~b0O&SQwrB8~*NSC&Z2%nK;WU(H5!k`s~_UAs*4xf!7U$b`WtSG|ai{swfIxTYTK?li;c}mrr$-m;oCnX0ZOy5g&JB*w=uItsv-itUW zIaWm5>meAcdX1o1+gGeh%b0VpHEjT4UYhPb*TnCt@Nyh8Uv{rt>ma@| z%zSgu`|@5M31oYijGgdNnO;rg7Ua*Sjs zn*bRV4wY#Eknf(x@&>`6Z7L`5V_~<05Cxe4#EF5b=_p}HFpwB}iy7-F)Qug)Vsxt5{@v=}Z%{2Wb7ce^D0gIJ zbW#BP@1MjLZXktsGpLIrGe;};n6!futt06Q>I)Kt<%5@uYtc$&5pot@BhOZ4OPKZMF$=J6AtRh1JX$BwCfBn)Xr z(QZKy>fp#D9+iQga^%N;TM4oi&?!w&vFJtPolS>A$T%_8ArB9{Au$#NAgH0fqj50X zLyq?BkJvMy1c{6Hh_WJWGpU|(7Cte`(uKs3X4cb&;~UJ)aDWz+L;5szO>9!R;Vejk za!Lh&{h^XM#xs!s&D@5~zClu%k4M~3hh&}s@ia1uS1`^HF45-1zkhOZFR&Y#J5p

rlUg7(QEjY%@S`F$YV;gyh?nbSIvT z`g*&UASawxyHcc8#6a;M6lll+Db_IG)8ElC-D%V#-K+_SRJZr1r6Y1b^Mv3{!Sfx0 z1nq^acg!hmLKsYD+T(VqB}TwX#lsQPTJ zk3Sgiup$C?ABTRv8cT9P9aU%tOquP+pWi~BYz2Z2VW@UOs?%gNFe-(18~D~Xv}Ytj z_(cqgQAPAj2Huvg$Vt_VkWmQ%fOl%G0;2D(^a}>aDLeYvicjNIq+{w-v9gO(6L1o%+HdT3L>yFhtJdU!hG{R7ge5a0MHYUS z3Va42ULU|m<)=6(Fyd2$^zWEe$zPo&J)F&hW=fmJSfKP@8E%5%B<+GaPgq9EqD%#F zN_8lPYiL+CE6fNykbgLGfZT3KwySEj`mE9(_YfyS!XozhoDf(2F%a;iOla=4;_W}7 zics7nHf}U%vdn%Xn@y~7;5qF|{b~N_s+q#SlA~o|O4dn>e z?*n6^IXzm1aWJ-6On$=AFhYhw4nj=8A%lbS`E%)N5*@F9A1=O+Fj6JL-M>#1r;(Pu ze$u?(gd<&`p5MpzMDDmgxN+>>FF!{6dSf|wb4!_ybKqt)JK zt_aA~Tmi#(aeY5Qbgig_)~;>g7x)8ftkuu^&iUu??%!!HOel-(+u1qVdOqTFV}{$V zf7DfoRk+}O!v$lX1bFt@l!>(vadSf@v#~g(;xNtCp3}+AO%-zkL>S|AFpNPN^;a=I zyX7;DLQkNV(8zdxm1K1I&#R0Z6ALk2^O+`Ym`1uTva<&Hni!BM1{BQMX6h! zg{TW?mdJgvzA}BQh_R93S&ju_7khOO`?{iBlNOYmSR-?l(VRos^Rl}%ifGzQ6wj3h zT(X*@xIu6#?m#_7*w#<|iUW9Cq)XQjC22k!viert;)3EZPM$W~xWe8KEaq0tOINtlpBpj-}j@ebH&kqY{{_rFR*m02_$zEbRcbY&~<}r1sA!ofWi1J(&VzID63KhZj4LWBSi~M6H?Oy@Ue;? zSI_5NApZf2wyix-EIw^GV!oI6`FUYQAcnS&%uyXvyz&R+2y5kn$SD_(im470A2TS&eP&0$| z)kYRU$yIf(mY}MtVg~=h;w@k$UtwO}&P1`hST@PS;0^6=2eBW?WSUnvv6@6{DpE)? zuczM-=Kbm8;h=$27$8`fk6fj-o;o8GYmkVNexUbOeI_z;HVVrpW7+%OOV|k8JC@~^ z5m>B|+f8_T=bq@t+a~!}NN2;d!cB~KGn}V3iapQS#lonh)gaycO>Y3IHc+U@%|UBcbPJ42`6Af(sJ|#@ zSOXg*d{l!~9ucnl7?iqo~5Lu^Iom}u+QAB zNS)OKKKdyIvqx9cel(w?tJt7slp_B%N+)sy1~~3yY~5unT7`>g-nYx|3GpP53?U{;2H0^r4@6rH{aGC= z#aDdEUz4eTRhre~NtGSvmw5s{_gE%2Wjr}GJ+mU+#5yo|ghL6sYL!MneIEpcP z0z*q(%|h!S$!%jkV=m0a;g`B}nfmuY0pje)6rl+CiV5O}t+0*2Mq(zLm4s~FmyMM6 z0zH-8y!1}Ugm3J69d_~1(Y6G*J{fv~8kf3Ml;`|@)C(Ok>)wjz-xw$aXG)6-`@g;a zL_1JG5n5B_3?|S5=~je0t}UV$@5%Fm+c}vL=F|$P#itwTTpJ=S{Yf(E;!y6I9(+wU z!WK>eINzyD!5^@RL7;%lP2|~PUiB2WNT_gOGz=@sWZ=uUu_K%L|`k{Rv2uf zWVODh?$51;*!X6@WZvo$>OaL{IOfE})<|ZWmJex>XUf|niYLy4oVlhb)K>_-CSd&F8lonq#0zX2GBGou$It_!=iJSQdK^ZJm;hZiltSyUL}j9VU2)=JjfgH z(D>*J9uVpSK3Y06Wx%yC8(6|K&{b-w1^(5O)@>4DMRqLCOU)HBna;hXQog)KZQBda zdoFNiZ|Y^yUusB+*ZUKPcp0A#B|gNXe)!U(UOo+_4&LH;6QDDoS^_&2BvcWhv@>&# zNh(xkT=-oF-mJf4tzj@xrs^W`L|7^#|MeO=lwbHHs(?G9kF*(EeF&N!QxUZ)2_-`A z3ILBb3t%ILus}Zl25p&+i1xcQTRcqiFA(g7?78Gwk+XPoL#7A(f}tDA!%Z=4iIy~QGeo2Qz&RE?pqdbEtE%+X zo zN_juMuSj+)bVIt~4|6#fRhCA&gMa}Ma|GD_18+yRg*GYU#+spDHOFudV)@sFgLsUk z40QBzWO;H;oEMu@5pipR*YghP$MBhgthv}LzDkFlBVufGE5~Z}jN~qA65+)PIaml} zF;DqKTR$;w2eyU_RuBiDh%i+9lbUfLvI@NeC8J1T#9F>WCZ0OHmh%Epo}Wu!!aAX$0u3pwJB z{%G!T5&HbX;+Pc=$3-DGt=J^AwQoq`ZVk5HGp0o0*U&*gk_!E8RAK*Sa}^+V-s8^vF^z7;-E~SdA+~R7 z_d=P+1aXK1a7(DbT$|@&R|dSCz*(f)xU5S5q$@#sHlr&at#QrPALH8&*KXCIAVAi* zF!sLavXU3(;naZjI6poIXY%NXLrcI3q;Q~ezA!k7Tm*B-ht|>1;R_lIX}{!@gAh4% z>)reA#@1y8$5fUmBu!&-*?2H}E$$t&Q)#&`e#SYVHC!*k%ZkY-exy9YAy!~D%QJk6 z35!=Lg-^cE{Sy&(SXf~soC&YP?Mp%%J;fA<5|&Az!w&Uzw!Foy1>(n*i_1Lq&aTV7 zl--4GP~k0@(i_I^EMh=UhD(e)IAj8NefYrlTw@SWm#U#4UvnNZjIL-?aT97u?pe*h z9}QD_0p=EX_+4T$Op2gp8{c%aT5W{YTG&KJCac(*9y7dr#F6XS-CE?1e_5gMu?m5o zghPi~WxOw5_=J&Ye!^oeM&n^|G2#fRSToUZt zp>cb|(saG>Nh*x-H@}szVoWB4BF2my?b)b@bsg(uFKF2NE3J22%f`sjAW7P>Wr|0o z%W+vk5X+{GpPPa+ygw!)9fo?)f@4mE)Cv(3hfp2VZs22`O`3izDR%NT1(qv2xqbhw z-DHm-Mh<|xD23%8!OwQ^(;fhpZOpZxDCgS*#Bq(hjBS{#4PF+pK}BH@j#yVb{LdkP z^yrD+8vJ?Pt>lF4Vw;vC*Uub)=*32Yq?6FaqE}Piq=}dR#S`Lt*UzFDzSN6$8ib%) zM+LSE76I#Q{u~9<`Pp_jy6l<BUik}2Ob+3-Nw}8f zG*o52EjK$3Qcn)*@qq?fy+&SVGGjMJZShru9~iY<_;3}H`$0hVHb&=X{^u{%HHHiKyk zsu>WCeCg86O5xJyUx9w*tHmiR6G-n`%Yp$p*NZMIT31xEOT?zxrLQ~7i;s?(11OAn zb~nV&+;m}3_|d|@1qBfuVtQ#GHsR%@2A54!hftwatbYg+TngkxFZ;7qX1)V57bZ9t7miiPo=+BiQ zGRG&zN)x(oM&jjV{Z*a#mc%gm*rehDn zvyE92xk{o-L8PT%x>V$CDVvRGG$QjivQ>>es=Vc>tM}3>=t}V4GjPfiNaotoc##Wt z%$KR@p$Y9DEK))>q@|Ntc8sr)Ba@V$K5dcuZPkap{BTQ*^H@JK$1{Ja5i+emv}k_b zjuD!@L`)X-^bjEgA-4(y-txMKRj1*4Ge^OpTp)!;s zep;RZj7k$9Tl6k5BkVzOO6Q8!25OGYwFHzkvj~)C)G^P8s_hlsi!HwVSXf`sDsc-M zozf=wb8f(^)s>50bOoiss$Olm2z~ReMoKdS7Ce2?1On&fq4GFoguIWxdV8LJ))t?m5>@Cgm=8dkL*;k^mmPiJJ}?mR<^k6%n56q+QDBWeMwY#~@SihYQlEwO2V< z;-+t!!%C8Mp`PwSL|9bJ0)%OI4{5eP!NfGty=cw7t0wG;eVcRc!3UlD*6^1{7r%ZL zr%7xI$CeV3N=xH5M2Xd~=5SW(lKT3S`1lO_5aiDY_;E{7xwfCb`)oCk_-0-{N|r!V z$nFBW=K>W_4Wgkr?Va7G;9ALpbv|NPkb`To*T(hcEJjc}Te~b*lclK~l+4@Gt;QfYM*_e z7TJ4+nNEEn?1`JMAhDxWHgx0RfqqY-ek0^0Nl50jjG3D|LQmj;BwRrG2vT}FqJxu6 zOMffi4Tg&py37USV{7*mFB1duo(*fw0^ZA>#GGy*jp`p#)cxb2yb{=2efD3Hr@mI{Cr*4`oHgnXa3pQ%`~-_x zewId2Cfv17OV7cYCw%aN4t|=CE0H{aTq*V^y?$<&InuuuuhD z`rbL)Ip_D>u_$j>W@=o)6B!9Q551hO({t+(7RPXR+1oBw5G-nO;V>9j2xdP)K0P3c zI4?a(9;oohz$=>g3d2vUHf@%GK{PfTBN&3X6+Aads>Fp9{Ml3Bc@~PGl(*enKfV2~ z3N=YaA`&^EZqDzIFP$>Bu!|cTKB1uJl$>Vqpwg*`c#`lp>y4^E;gMU~ZD6c~e`qDz z!@BG66db$sx3b!O`_f8v_u1YX&%WC?(wW;Sp?r(PY^_0w&7SHgc_;$+B}vqd0K83E zzbrYk+3iwO1D)-^bx#lk)v{#xmanro;C4hbf`{#$OH;iE&XUb zFA;9%=J7#5zte<*NS+D~W&WaiZj#cDp^9usHY|B#63*H9+0137f7FLiH7XJ5Q3-EQ8 zEZ=xuiGBgRL4D;S5_EK)aA>nqISdg|ye3%DQe>+THGCQR59AD1GHUvmpVobSv4iD7 zkqy;|)jx@zLG})ge;<>Oe=<-vhTrV85?)>MUT%R1RSmFK*uu}atjmz^8BuhQgzBM) zF?b>WiJPD`R!c~@#@By>zJ8z|YIvXi;A&sU8Vm@K_|XqPPoYPdv(|_(^)`T_mZZAp zyr-B*FY!L&I=Ig<1(6DogUvKw#)jclv*|#9Q9i4+cT6-j|hE;4z9sLnm9I&$uiO> zR8L3KE$Y6W5+`C~59ib{Bk~%=sp{|xpIg=|46+Yo^?h-V4p=e2WDR@MG0IFAf{qRc zn<-N32FPnJ{A!XewS@A>QQ#BHYccJNJDf|kR~Or(<165IS;YZ@g9CIF8kP6t(I$RX z*N1oU>^2ftyHniN>=Op?eIrOCX>k$27vKf3b*wq=5BvniK|<3R0DwdN?*{~sk%a~P z5XwbTRut+09t9Z=$L^pC5da_pNQwxmc&wdoy6dR@{TjYmoF(wl zCCgcNnd`|l`|a|YYx$#1CIl9pJrOh!CSF}^Fd~`L>7bTd$i+7DcnxFLm9F4SOJup} zou=ljwwBQ~_m0`AMdR5S3SI9IVh4G1-lohYkMf zK(E(d{Ccnn7#$+0D2)8Y&8nVF@&DeDYKOMw5#l@z%DM+4?YzOr)s0j!FfozNJh_T! zDY`^Z&HdRCbQZIv?CyWFVot+ANK%g(st+#vL`J#6#?0D~sWti?at}CcjxH_- zH~Yi?=Ox2k&7e9QPa$6#blRMltR^&07pjJD@`!SN{CZx`F680{MU`avlU7-Iyi$j1 z-?frtghn!#!d8?b6~xUt&s-g+m#RHHxM z2L`3L#ubIf8=69=4dQTds+z)}T@WetZ)-nq&>ZAMmnv7UpX{YWq>`!BtMNSV4)@oZ zDzbRJQ|2k<>rF=8H`<(!2%p-of$9MFyUy*}loc7N6U#*sjY9e7m(T_{R9F-g#_4KK2WjJ?im-CyrXV z*gU1n^NvE_k1Mt2(0??MQaJ z{4FNiWHcd!Qa-2F+np$r-S%K*mK2RaFQHyfuhHsnSXdYopn*UAAr(^pE45pXUEsMzR|eV`E38l^<54INmf z)jDlLH94DHKxh@sM5j^P>mVN=NoS#y&*d|n=>@6O=vKk({+DO(g$q^cv7Y+$y^CyN zgOBqi^0U=d{4I8n=Epb8WII1T_B9VC;#qWEpRU%&G4*{OTX4e}Fli5>IkfJcZ;UfI ztpALn4kso#Iye~2i7S_>Rnm_DzThDyuVzJJzcCYW=;n_Ql9@dU!{J}Qh`pHlBq@$ML-sp^EXsf;is1N zddqo8U)X;< zU#r6nGjL(9AJpNn*lmtk#<@8;HGbPl#8g$$F)=ZnNOc%mTfZq4w|u21H?cX^)s>~Z z(SS|)zIOEw{368ZsR733Qz*jUtuF7fCEJZw>V~6P z6>2r)&W95l9hhsl%Pbu@ zd&kf7ba#`Ji>Xq{pN+jRcdt=#N zuWG%X(IT2<%^pV<<6+s}!9ljcN9NVl*;Yqovx)cMe(|7I>~CW?iRKzW;A8*1U`&@0 zc%Qgs135dHFVT;%^-QK2&Iov@gwc?{+_;fvKJ?*B1^%;a??RS>hiA)Te>%aG2D%&j zPfcp|T!*`U1lkSjDG-$;H@zOBwrSMMKm}fI|3=$dgD$Zc56NtuzhVIYY;bY~xFI4= zpZ^C5QSA@DxD>0oH0t!B2)KwqFfzLhLp@n+@Xq)-3D9n~De!Ed0EdDyw$A*;mFq9K z)%ij@hWGv#b13!$2>{%)8UJ3Q$PeJcvb|1?t>N@6**?EVGH^Mb()P7nIy_q-6HaHy z0^^PY3TEdI9-ySaJf zqm8ZYjs1EKFz|O4((k~x+xzoL1!XeXgU(kQ&gNDAB{r2}xk|a|m}m0%jPaU@2q~Mj z%9}WXh>HvB)7AFy>T0^v-?5U4Xh;P8{j-`LV&L`9ORBos$#Ec+;HsBmVvCn=-p3ceg2#kqd2;$&AI)qvHdS%ZIGq}H(C%WNVo z#YkK4@7QdcGv;^I>ObO%ly$!A7=Wo<9`Pf&i`7<3nyIO&C_J`MKVNUng^$yUm**xs z*(NK#M%(omBuY6(CD(;YRXA&F>j-q3DNN^{-)`C5fPtYQBj$7}g*+nNcC_De+1v|N zx{2bk1R!zabS<+;Fi6nf8ZA~MxN?0B9c=+gbZ4Tg^?Hrg%Q@IA#Viknl0$qQGU-u| z5vf$82eHKpP30|)^lEBqXtWw}cD!Cng=)6Iw2@W$-f;PkrXA$cyM-%o71G zHLw`#Ph^W9ibTTYaQbD{U`)jFmn`cKkB(AH;?9@If)JTcWwBb$k&S*b91cQdA`x;A zgzxrKsTN?dm3uc_S3nF53@GFY2tp$GaV+xHZ1<)DM}R5rLbxNXFqNv&3i_3`$& zoT>5uB+Y?7J>&I}`KAB$P9VzJI2AT?|EdYIp>bk&@n^NCIe*qO2!fBVqobqgV~MlH zYB{=e_g9Q8F30Z->!(8M`Msb?^J&E{FV#q2^%|Ysl3e$C^Jza=^zR~1cD!jkPtE|b zm`|iZDKtuU_LQ8>jt0klufna#owM`z8}V+v#<-dFmic73*J)tv2wGTB0jGYq^XVJu z`|_FOwKo)fw$bW{AFyOU0QK`Kbd%iR;gsycZlyNx^J6<-uj_SXeH|4WJN|UIWCR4okmYgg?csF8_p{d*1!(&P2d(PWz7C*M$iw>TZJ|yQ@4xP zeFQdOeY-zdkDW+oxzpOGsMM<4D9FxryF7S(us#@1&GmZl)x&lpJ}nT zC!K!S>@b8UWKY^?+q78fS z#>Kb%AIW}?{AhHhq*13WiS}PNd5XnD`VTuEUE~#d{^m;uH@8J@x^oP+2lkwn<&e3{P zX^`Xl!%TtqKS3Ak?f`@N;%JP%!-1)6E?JM~O?dBYmSS1iZ#I64z-Iv4Gq>T8Gizq- zJ)_e$vbG)vrkQ4gnQFp^>G(%HkJ;v06ZPZ6@oeF*$jJRfO_nm?wh+pMBRwD9j99N8 z5w~!x%WjscD-*Z(Yw03%C+hGH3gT2&*hYs!RG7n)wP?&?@th(tNZ%6-nG)aFWzkT z2C}`3qq$)D?wt|-_H@LlIEN#N0m$fQ%G;NV~~o(i76kh>!;2LpefudbZNuN0pz-3V7ga&F9jf+#*M4U58$G3VzC zug7Ey-=c51Qhh5WO$viA_3(IH5)PpsV;~+i_>GeD@l0ROLx2dc=O5rEqyg82&1#`Q zHw>}SV)mQ3xHz!pOeBzxr*YjGQ^;lkfSlqc5J>1we`SY zr?)uiyKV+hmms5|4Md=i)9$%5kO+fLv6xRitHaOb@CKf*qK=e4Z5J93Pu&wT#sPuj z`m#e9rpq_;i)xg7IGNK?uF;6JiyZvR&oK9=@hudsarrYO+E75+VHHY{m zeV*jpZbjPK`|qvk`}P+CDUeOEdQ~x%p_O8`(g z#apeOE$`o%uCJMqh*#?j6eV!z{G&%?f;9a6#j;;%=c`{MBr|2oM`+_u7wfTGU0a6> zWvC23Hn^@|ci#8MD0hdxeeDltD~+CTK-PGa4FaZFyCcnPJ_Ra}&TI;lVm29TZx=0; zoSd8hWc-h5Xj;9_XPV&{{6e7+SXTSlKO{RFm6|@>(YhUea!k}Ovw4L>)23ZxxARlk z)C4sC-S5F6p*TI1soup7yCg}}sJWRhGYmas>vAV^MIfzCe{ZEv5`&pyB!#az9bXY? z64@MqmdU^LE~C+Hr_J@{L*n7-U|s%Cm+Jf9=>sueZXuD9!Q~wuhO_0-Ub-5OYhLx~ z`DP!uhtE=oTUD8TK78hgi6t_FKmyS@mds(slFRR(Q>D#bQkH#pH2v+)8y1?T!e34* z7~yP5DPITzhxK}JX({FS*a8m^uT-~$KJL~i01$?RPeMip&cVTv!Qss-+57TXr5zl$ zJqT18E$vS`Bk}#yKT-|*xBJ)DGX6sj+u>%iw+fXiscxSakd+?$ZRrclGZiIofX4c} zA_cu#pV_}ymCR%^9_CZ8@9zOod^S-9!qkJxVbQlt$k*)1y*7V_AleW8YA3qNi)LQdd z?_t&Y$zlZu0LbhNPm@L^*UHp;_+n4d3`d5c0Q_Zhyd zXFYJtWSsuo=VAN>HfY!!dJO@KGE{ExOitK0#jamVjsy~uc zjdqJ%ZofkHc6T5 z7g|_o9PzjOWg$;IHV1INQkUJ~-oMh}&H=OnzzwcDgq7hTJ6cdkkp_m$?dy+06-BMBArU#-FRj- zd73L&C{hS@gDarV&I(5FD_mj_JW_i3dQ$yt8loS z4^94#u}x&ZLGYii^bJO0Qt7s{MrX1XS}(V>y4;X-Bb?S7tukvh+lX%YygXm|W3u>v z{&+m!lI?o!ZoGLKp1wjL;PVM@XmAdFoUYdGu-M;D0fIi0+XndIk-)2=>Nwlhv(|5D_Vk2OMMYxJSCYpAs6^*LvtsDdk9jReF$q zxf;P>>Rev$)D;~SwI2#~sBWi1G>KX{1sJ(3)`#$Z@4Mm!g}F*4a__D{p@IOQkpG;4 zzWnFUhW{R%Ar5->+Es6DHlpIULd?ge>$yZ{EYPXy2r1ZHHhdd=2*np@ zZ28*$4szSK1ssTvo==mAxj|QU`rPs$ZaUcW5Vsto(_f3lvHu9t^+`#?i&bAL(9#1MU7`O8osw*x+*P%% z*9UAy1IDJa1*T@-uMc;4d}io7{Wv%tgGrnXrw$goKT!XzDug~A2|Ybx!>Y}_yp0X5 zGKKtJW(`}%{~9+r+dzkr%X9Df>tF?zlkz`yYq6_dsoRhtXYZD8g>FBV%n#X zeK^w>biUn^IvDviUML=$&{$`-C?y9DF?*E_qEe-lTre162t;lmYvy!(=fqvA+0V4^ zrr_r09vxJuFmu(jpG_Ew&Qz#yvjqaaCy=)c#}b;a&XLpVzVZT{K|tqX5lc`ge35Zj z4A6m&Oio5Gk;^_f%Jn~NkT-XJbAyIL`uv$Z8d189>Hfp@lnjU(hiVQE5x&>YEyMq} z3lJW@P5US+EB#TZC!Hpuj5+yHKw7cX#_f zyq{LuUGJP@M}d5U)pjlXW}h!l`|0vvEIASg2@*YiAFIu#EMbU*X4~DoI&D6yrN*YV zvNuNLr5a`5nyi-FHI6m3tSH!7!+0N<~%) zzCdcT0f#h9+yDj)bQUvjN(^-L!MP&ov>%ovz_RsqcQ)472Lkk?il%|Rk^lRMSI+^R zx}AGzvg?0;(MJK+&5JcQF84#1(8jmdGrE)Y9)8twl|d6`-Ub^H5pW>Btkj#b;4at5 zFAIbHKi5D(@ni?~q>9RcR`0fN4;m(>dJ3Jc)R$iu%RAO;RyMU(BNYT3MzO%>yT`$} zIPfxk%Qemqr>a1I@=pyW!!_%7DX@Q)jpX(lu!+VXda>r}(Qu{>G;Pqly}f}p+34A1 z#w`%DTx0%Gf)V~CV4n_t8HiAKhm#zBU%O%W_ZOSe|1Zaj_veJjBJbC2bNK~q2Q;{z zVJtyb9_}#olq&xtNg|&RNlL>1I|H^tliLOUkJF$3pF5-f2a6^l!4?8B|KD<#gq}Hk1@1 z6e22-sf>{_q*F3QQKl4SmJnsiR7#nWIb}*AAxX#(GLxZ16UjUzGG^xY+UL5?xqr{P z*YnS_o_nox)_tAy9X@;S_xm-yx1Fo*d3kyFHTbXI{O5V9Y+aI#vM@E@oN$`AyVT!$ zAZMxl3pV69lk&e0Bt9e<|7Rf+xHRGSp8nsj6nf<)0PBMff|Ccaz5XwUxaDnqy^un( zpSIEj4dAB=HnyMjwNyM;T*|I~SD}&>I9Oz-w@NwT8wmYqy|23X#>0V^N zeA$w8eP^lq{Rz>3cT00Kja0hMuIo1%|NT$HsVe{ewg2r`|9@YVuLYvN|H%UU|FkK} z2a=_1Onnm)c(7b1ZO=}_KwRg;fBeCT9E;-+Ut;!M+|u3My_NExMcfqXeTSZLKfs!p zc|B`!aWRF}*Oz>}%0XRUvQ1BAo!e$?Y)kfZY}P4ra79JnfEXJ!&T>yIfX6Aw`;-{q>SxXmcJw3Za=W`)HdxXS3236t+cOS^`KRF)TJhTlJ;M$PDp z1GGADU_tbE2V@oJUtg3|RPH>N`scki%|lZ0aZ2cX3|^kd zw>#@TJ@ocAkJp|2d>ItPeLwGOq|m!j{w|){I5swRW#m&Z9ot^^cCFa`Z%5nnIV8+z z_ZYq+tKjW6SY25uX45Kg*8JaXHJN2HvomsZbQG+7!}mg$8Z(K@0}UL7S4Wh;zBG@K zb>hdzHU+dOUR_xfF)ryydj9xvFI_@$U?3eZiRJggtC0BCyo=h?TOTR>%JwU>o}S*8 zJ%&dr{22Ds7tee;qg==c2@yJY-RuwVX1wryDQjkKZf@nT*QwXFJU+$*J~2WMvsz(4Ge z?*fb6w|OKy7q0Zq?mQas!s^3LqqAqP_WuK!@6`U#ETnF7o9sLP_Qu*)03si(@B1uc zMfaJXRb6j=Nd-yN%`|LCP)vXmAmKJ?#+zGJ>Ccj8kTXCR=aGG(3aXL$@6I=MV=@mL zx#Zm=Jmx1a&yJnN`ec=^6dsNFlzGMpC>nA#mnz)eF9je-*jSL;J!abU`f5X|eehR4 zKqW17`Q23FxwzkTd^?|7M52-}jq2V(0Oi+j0DXRQJmAqFGaHjA5<~CA+l}qziMdQj5k1`(4>U|Guq^mVNhbDX9pE+`V00Wdn^5(@v#@iSrg*s0tt(9=JpMwZr)b`z}@& zyAj<_0Uo-=(ECTIwfbw)&Kenw&(2y_2XTNe`XwfAH;s}w)LR`~;5xB0RVzW$aqsft z?BIBJMbNf`QLt0QTsq|tBG6p?GfFwvA8kB7IZ2fW^9}AH%hs)^0H=edTHKJwL1dSUGsV+vG02=SGk4 zEcFcx@FI0Sl+-~Bu!lHr(XmN;DY{QTt?IcAf$luMK4>~pB}#DzuFj1W{SJ%0{pO84 zGEqC_bE1~lfKSLS zVWtvr>DQ0aguB}gu3TDZ`}i^ZQhOfd`$Q$`y~ZW6&z=1?Zc~HdKr!?+XE*AzYCX<7 z7e3d*sA6kF(&lX;J1UMrY{|-Lg*VmVM z(T1mgwgoQCjP(BespjAy7RV-Q0YIbt6@{GtVA>pZP!NYCf7|D{=RQ+?b>XB^VfXKb zTulxk_F1Z7Go-Ukyvi@k>X=E@dwsbV%AQ&w%w#M8Wg_Agv8eQ4CGddy@lJ<4eB6JO zc($hNg`hU!@NFwunpCHFY5vadt1bWDy-h0Xs9rb?YVJK(Y_-I_Y18=+E7;#0QdUe1 zTcx^Sf#LK(x~bkZi0yw9U>|XTEu+T8uA%twus8Q#8DhdSKK0y)_`uotRJOLZL*H_R zu@LYxln5iNHLj?tx`nbHxPIL#owKtuJUAv!&UA5L)6nR09C0m$`J2!p#noRN{S;=CN{P{JQBcyIoKJyAS`0|a~4l$XQ%2y*@q9I44l&X8e^GQ z>vQMMVH?YT?S+EfJu>pJXP)bzGyNT7Nib^X>OUaVC(&(b=-JCqaw(o7IrQ=pU%uZt z$Ck|w3XXlW_9gTD6lf4yIxl3i(VN9CeiBg*VxKrn?LE5V=fL%l z5JnJv%cZ%A>O5#T5|?|9czAkd=jU6Fe9ELSDspBBudCEjT(0b{xE(y{<>iHAn(Dd{ zJN8%Sn};Z|o4C1~P_YVJexD0-L^}iWVq#`4&oIad8ik$of0+pc*%VH{K^SFC~Vdy@Qcs{uKW5@10{%YA5siKX$8}}B-giM z{PN|?q$B>!a5mT_d1*Fs-6<+M_`7t~%a7|ZiWN>w1U@DU7neqYf~Nr3&hIy~=L)}F z#GBxhUTA%KvhGheN=N~KHRKSlwB?9SMX~A-9<4`*Z+&@X&4Tr*yXXAzVrQ`%a!lXm zc)Pp>A7>T4y8E^%?qH1crL8>POXAQB^Ij`R+H`;;o!bX)Dy?0k``qa3YkN-YHyQiR zH9e-<-fUX&a*v??sOGJ*@Q8$P%O9w#{In*=qA>}Ey{o%B|Cw0`t<~SZ$3a2v^qf5l zvzlGOV?Xw5;$OEn0uk&|jf0}Wym_;E_8xq&x%v4`Y;4C)oM4KPv`j(qq7X5BbqBeF ziOy@kyGKWl<2{0|HKMYy&nEi+&TMf{FrSh*Ace|~qTFC1i5B_j%5aP5rE!JjX&rQw zs`6WOc&&}_nxV;1^6>D`FmgA*J>HXY^Y^#hKrm*w7fh%IL=*OzOIysh`<`?r-|pt^ z+oV*ZhPgrMM+l`^viUq<0Umo?ZLNyJT$eBFyGxzLF*vz7-m6}a^^Rs5<|4DhuDCSr zTU9lIg6X)taMhG4>uiy7IR9}-izy1Kt0_3p%Ge}9KeXZwL|(9)KojI(v@WlxkaZnT zJaFPjAKz2MTp{R{z<)Rejb`@s+8-bNwGL8NjM(||)ukB}ZgBviz^tOP#jYm<*QY*8 zXnB0%(P37hQ+IrPDA0N0&yTLKAi{Ij(bNHD+-$dtmB*1IeLsGpFjY72-Me?oW&g^Y zljxcaFewG0foW=LE-j2?iJUErz;5IAk?C};pj~6x_#hJbxykv#1gE9B%WBbk8;gFI zr~|h62M6~9-vV3lezl)Vt+tg;T^L||EtsQ^)F>TpW?efDDM@3%XWYU^-8@WsXB(_Z4hesx6 zQbvJZgJ77Y{wu4KF9!z(2XBXmv!MA7ynpnUV2R)7bJv2=z9$=He!S1UsMnjjTj3nI zZ2Wvaec9OeqTuZg{>*$sKxqmJ3Uw=&a@=QZbhFM~${sCUT^6N4m)%$7Jc@(M0psSD#f za_kss`OueWH*9bpkmcI%;4?n%fci{JPp^^P0o37e^{RP&gy0cnWnwquInM#<2TNSP zex062Ar>ceYdfCo;gzNNuelea$vz9%vd89$B_+G0MbJdbN)8|chq3>ceEWoKtG-n= z9RIomMMWk>Q^juKEjxE+6{7Vy%}<&qB_(11*%VSWdAkf3)J4A{P>xBFqYD)fXy~cV zO3%nxvnhoY6|#dW2OEz9mVyRVJU{SI`JT-A7US|| zs>+(}>8I1H(P1g^Ad>O3a$ZaK@vJ$rN>P2K>^r%@vTpeLrk#9D^TT6`0S)|+$KDYD z625C*s5N}XB_0IG3ev=0vbANGb$pUNaQ1MSY_`zpXB1#|jb^)#GlGO{w4WXHVN zVq|l``IibR>T8dA2^?OkF5m{#gx;Q>!vLMMw6uw6N)%j*UL8+I#>Se^i>%w8Z3YhB zEhiU?MSmi@XHvbu>F%PA&#d`D&jqQ`Z@Cq1ZIP(qo3PPw8g%6TOb>sIQSfwsIXbtv zs6+O(SzS4{xa(w}f429R7w7BpETtcYAAhoqgTuP-{Pj5#l)*Q*u@Bd7VC}+l?kMqW zPtvrqdRnDn;1i;-a0maWB;1?Ser5loQ@?f+pBZdHFAmFFjBcf!qQOD%7Xo2%2VGLE zJ|u0)k^7c!AA+Y2|4$|_Qdn9Ug|6k`=$Lfz^K&dW z6}TrbNNrD5U~rbm!s22$*8VQHycz&;T`2E59N_-N-=(Ri({)d!>yq9YFMmxx$0GQ$ zEh8f%IxqZFdT4Zb$DC`kcA5zaBosFUpg;lqwi5`76n%Wo?w+1=;Ur?;Sv>vggRf8SMdP{a$yL}1aHwQD)NeU=Np<6yR=>Fh?{$835Y22w}RQPdn2;3}cL;TSN0fbYNDvj+912gq@YIaWXmpqiK)0R8y#wfl8#dLJ6D z@_DUZ8S97vC3FBaBTO4ahuhT^Su(Tc_&8vf zuED_?81i2M7yw37!O#$4jy@w}|MJRL3E-=AMm5=adg?mFRVeP zb`agv0+mhUfs{Y8F`TloEL2JI?$c$Ro$*-sk0{aTcm}yPn^DyW_HN$h&=e~x8NK(c z+RHa646h-lICLE%&8+E(YWVp0xCx{W*1bmeXFIPkdV8-9dM)3*d)H(3y9;T_Xji`C zrq%agfMV(N3mo~Nu~eh&px_`isHCsYj_pZu2g5&qbIZG*czR-oA3eumGqXO)cl`0Y z9)7`xo|vAlY;Wg82LP4}KE;kxrZU5Yer@qY52DPo&?Fh8xD-4W2&CuNif;hJ2K62Q z1W@jfy!a^t2%J#Q)-;`9>1)soK+Qi&4d|{uk$L~U$mMIkJr8oSDlUl!!D5{Tn=bd& zZbE!VdBghkWMiuSEtsuJTja=o^%i}GBBy`m3`ie0u>CP~kG6EZd;w_e=RGQTCxQ(= z{7vfnaYE!g=I#N=I4xDK#|O^_(+AcC{(9*)WkE$nMOp`*U9}$jcQ7sO*ajAlmlG4pvw?3pC=j>JPgmVv+sgtJ7_viPIW&lH?tFO*_uO5Secqb@G ziYi3Lu0zbO1#78=6GR#0By99r43D=PTN*Xz^J{CZQTAqL4i5i1GYJdDT~Bp0x84e5 zRs9p#2>>=L%G6^GaAoqDfl&rl z-dw|bQ79^wN`=_lEJx2BK-XYJ+@k^;?9pGhwbOO?@J1W=jBM<&WVwnH3&ipQ>xSoc z3=G!ldtvU$6co=_cHbZ1Z5;c5o(3x&Lgpk{EmAE{aYc>>Rqt(6(_Mu4cNLt|**g0w zChhJ<4}v>)PL`TMcR`DxL}xO= zCo?Mbii74tH9_~a4LVWP0(K`kW&p>xsMcPmr(A+*RA{3d##WpOVhM^bza34*dbnr^ZK_)pM?XPL48- z{`tvy#z)TWy>@N!RKipLJ4=x*%qKLB_~p|N>!s@kV}EkWgtK`sLvwjHj-r$@|7aTL zDec4~D#)ePjTgY`>yQYj+If?FJm@P}rEmB5j1CRe0>=@BhpAKmB&;Z#Jpu2Y;JqRX zw}(s4^&XU>Fh2Dy3JXKLrUL^|PuLGSiyRGL?XC^wU9)BlDWPdPsbR-++FoBabsT7@ z^In3t0zf_BD$_zWtxwtRICL3=VkJi-aB$te)l%^)yW`)nWI1Ta`shwYD62zIUa zH$##-r!e2g62K~0j!vyTy8Di?xZM8zUv|pm$Hi>}r=TMCg4w$$^ii7^m)fNdqk%d0 zsf0PBy9EXZGoU6)^9zx^f$;#H7bZ%kk19!|3$P;jHB&Bj98pDy&cR)UFB$`~zsBC) zzIOrIfXUo=cXdYhdKP~6>pxx@{bfB|S{=*@JXB7E4WJ|nV&1v@?ri1?fBkwtfpZ;$ zcx*aPR5ta_?6Z3BgV)ZvP_>~qfDN^9X&Hur}rQ9Z?hWt%-(RMT%z`#t;fqE zHu)H+4f;s^98EcqIS}{5W8V@Oh>udd0pj&vDagW!IPU&Ycr}ny#_k?Ssb$ms;GiJ0 zmM5yHz%}|ILOWDqAe3xs%`lMs>bd^5~3Aw(T|Tr8BA;LQYgPrP=W$&-JZ9{A}0nv;56Q)L?0}ljt9457q**vITu`cr?Sa5REFj}U zh#-^TB<#344^ZqcKl<$2WkPXE7JdpN+)#UO$6rzcJHxtLB(EWKs;Kw=E54zYmR6wA z0({#PEKG#Z>H3{V-%bhP@6V2XmxQLp$Sv1}X95md`(+C^x83D%E^cm34UM2p4naXd zeW(X0V^j{X7@?-GuWV*T2B)H?X7`H4p5Ovss0f#yY*rtiYF2atm_VjaLq(;QZks72 z&MUvZgg!f+&dkJg2oM2@Sf5bcZUan+*@yD;DwY507|aEZ>>Wfu!=%E6>{?YD@Q^xG z9oSRlZEbC|clq;g%;mVcxm^Z{&B)Be7~Gm3omWV#oy@Z};7#OUWsSJ-f+G=36fO6R zh|v_%o7jey6Yu9Le@l+C5TH%_Q=xg^bjFG>YCp~}axsrQ91GU59Q2rbQS~GYngPe# z@tdEcT{FXxsB}Q_lk((~ded@1fhe2pd5x~@S0Qc-oqAfvXi0swHanf#GW&s=BOu|VQK^~ zd#}8ho}83W&>w+ejg}@-a-n-*K$)<9j0~)-tPtA^l>kIx&$l{2!jh5_5U-1ej_mr2 zub?jHYFVC{q{iAeZ{N^gzAO7e;vuFnHDt7yU1qk659VLE>tS_LanJR^n+DJDsZ)Sx zDXN2?hJ-XrQa7co>jE@e|rxWg~vOFE3W2zU25QT^8v8v8W~XsdnURDwsCV? z&GYBaRW0Zc`gOv8rkAaTJtlkYkH}`BQ`?byARBVqwnn%>+L=Yre|TR<>w_o88;B-P ztT?S!S63^1{>vZOxTV<52_lE@ z1xumDNdbPetyE(kbNTD=VFwqNRIpp@bW#oBgT^o3-?3vyN2xat{`UhZ>kCg3ROISJ zvk5f;N=9i4U-mOGF-a5`-oK-%1&$d7o<-Qez8&CYce1iXK?WpR5_UbwSASh93b7D9 zyxdm$jELO*durq88meR6%r|Pu9>rb-2!79Q>I3%qAz7UbdCzKaav}#{lBn9<7|M;c zJA{h$tEo{#vkSRYnl-3Ho3Xyjk@Z%Kj4gE$ey-8Tqj zaXlb%+R916os)7aT()_FKLbzSa<1Hxc0OBvOIgzPRKLk3CdT%?HDaPW z#h-4uSoQ-~e~v>8bLgpDkIFJWHKp#nX($5v5i=WG4Pt*0}Wizu~fEChXbS(?Vi(lb8u|h*jgb*9VqZm&} zA2deJ*_*~56SpePo=^EF3vlue)QQ(cMIZ6-Z9YFI0>eten`H4{ z)CoXVs$2fjEc_Y*n;iBQzRQ@qIeZkIz-@JT76#7_5s@G;{?qeR-EaZ>0ss2?`^7I* z(vs&44h3xHr@d|o%En&31{FSU=fkH;h^sX?sP|LLEuctoW1MCUj?%=`)MNBuG?t9Y zb=m?;G&u;3+IAKjxb5ZRy9LTCkl(jqM`drJ;tTVZS2E9{YockTqm|G6=9}JjBdsMv zE2dqf2|_=V!)(CR!-o&kdwI?Gvo$m{M96%Wm6heQTX#)A&sVYIO3bi{0i@xjZA(W%b`FJUP9VGjtm z=OcNmsF(m=6b5fla1;jDlZYso$U7AjRzi0VpLt<&U84CWPAeQb4?sEZVOcslI#V1+ z0`IVS;Hjw}K1^j=9VB=;|J$0(wxjDr;(Pqbwl?N>o+*;t3kaDa5npv#WU5 z)Krc689d6c@bIt5DL~PuXBYE<=xSnSb_BMV7|w;1)O2W#jJS9xw89=(<;ZGc-Rh6< z9Gx;5x^e&|=r&dWb&ao{=a!#e%d^wMI2Sdr8=qnvhmw+V7e9YkM8v7*o^l$_&eE36 z@yR%{I9wd9TwX>;S-vyiEm74k*x6}fzrB;MGo6s>Fb`&7je1UAL0X!8BO*1JJ39s| zKQ`l1v@Jrf#w>bgB6cqz%}3BeU}68<+^cDPN4WbS{_Wbmn@D3ly}ci7a;L|>a|SEx zJP+gRf8$qg`uX`;U^6i!c#t9qg1-v@mND)ou=l_LqAESM5jL+4W>v9J)%es!Lm+d2&ofrXvDmM|`V|IpR#H<=F0?Qe;~yS(dJYZ_I2BxEAa9?|5j@htrZ~yhbo3i8GA+)}cMlES zIhUoUc4PDJ8sF;2u>AP$9^AkGJ~Bd3QtQz#k*pD%X-Wx*Vo}x9+$)*ZkE+G!v4TNn z3xr}|(m28LWlmn+B6?0kLxUbtXYkue)V-1hg-hRF`2z)Qm9p{ydWjY_-aFAL@E-vT zFa_@N0erj7LNOwgmOJ9fqHfiw)#<=-PNv1wR)^7Z?TyCzEjIg2Tcv0pzgzc#jn(39l&;}l$=VRf z=x{!DevVG!Nf^PEhdcS`gB1)J9zxwve2F$QH|HvC`{huA!s@%H3hvVa2+N%Rlwm+r zAo6#RpTX$oB6;MAFB+{*K4bB$*R;fEE7NHLxzJqcbQ5W|vCu9=pULORPL1>qJopXwJanhlH zZXu~3ba?#SMu0j9;HQ7Ne;BUkN==e^4+cqEH#-Lh+}j$M&m0he@uvM4^A!E;Tv1*Q zxz7}|lAc?RJyPu`Did@WnfuGda-Q)3tB~3*;7g)7L*~*)=P!^P6dqXu;LS!93M{-4 z8f9&L{RN0ekWLyCn=T)<$~7ElihBpD%6{OA0LnZGv*9uei0eZA3uz5gInX~))ZQYR ze%Q`#FD^B}+^|yJgO@K}fUsv8u?*1exXGjyzO>{4@$mEQJasKCQSs8Fwzj_#zJ12G zRuFrxZDhbAsdwtbwv$>cahjk+1d3;- zSJvCD{9awrirH~C>oaEuKPL;z(*2I=l4B&?Q=WJ^4MGzn(3 z6+@~|+iZv&1euL{;cee}{8u$EF9pNQD2#xF$Hg@!9Ssy3T}aEAGPSV@K%x)mx1;cC zdZq0+X&B@QTa+*zrrlAQFdC_M?rn9ovZ|Qd0~Nm~lK!IW7tVHJz2|bFCQcu|DA>Iykn3H;_j^NqU7eeig`;(Q zV{NT~Ufu~eIXi#<8u?P3QQ~ZY-wPXj0P?T?^5u2I$TJa`{~jyzgBgaoYJ%#dG{VgS zUCwG9NqyO*rK#COZE2FFm&Fa9Zi;N=WCH3o?T!_RqrcPR>zhLz-EX=cU~N8}^YZ24 zOkGa1odpF2f~9)SFOJgg;I6D~@(t+NFjK0RxoR%QIecX(UEWJ@$JyhIR}O5m$t`qX zOpa({(rQBPQv)prbzb!3Zp|f6(y*SNJxJ21FfY?kG$GiFoXN|mT(hq~GB#ENt|APt zBme|63kz*TJ>f;Hr=zE`E6YaYU@;rgptt;Ogp1E}?LDKLAm~^;gCeVyn16g64trB{e)RWJBpt@te)w z=e_b50CdA1Syd@BxRVM)XE!~!DEvqC3ytH)aX=ec9$JZsifYY&fBW`2yr&TKTHS>` z&kx_R3=a+cxrwT3L9zbg5T(5Pn~m!k6&FFRbOn?5R({kuZA>5b#*gt*NE~jhUnl{n*PH@xV zJKjNF%M0gijj}^B0Oq27a`0Uz*mUZcXeX|`AHITmd>=17Ikn2BUDwoPfyG67&DbF2 z^N8@JQiwAb@U&Q2S!-3%_dG5YUhNM3ysyP~EM&>*wC+#S*`waVnwoc*4lns)4(#~6 zCq@x53H!P=0o{z!VXQ+IbCDDJivXnuQBz8e(YcB&DxfOy<2#FC&bmpix-?K0L$#}noHU!#=zE>p$Ll|r z3b01do=xl1$+NqKHj}5u$9I(9nWe}6Pn4uuq!sK7G0I?{h z<0MavyESAtkw?6i>=iUSbMLNFr}f{{PPI1eInkC8a`GzY^wy8eqtnVu;s)D?f`bm( z-xL>mCA3fZ8#=H=x*^~}vPQAy^z^iLcgHusP`^DLhHge4u$+JpJjxrS#iv@>2ffBr2VZyK5cZioR}kw+#b7RQhPKX||> zIy5ANC?<9f!~NvrHZ(T=H#-W3%f!Rej2T4qbE-tuaQDaS@~v=gz}9;RpON&uq2X4TbY=kf`wt%M z?d|pT_g@d|;XLXt&CFd4*eijk*S%}xTbR2HBUT;TcMcnt0u!gHXdlIMJ%Q|;oGieS z2(Z*)SY=k$>B^NSh{Q_Sw9;aw5YQrNR=fdq84||lvPzp|=(fDarh}eV*U(@FPXeym zp|5udO`@Ss1o01f#Z~St{Y8a^V7_(u-0$8n2+-R#$I6C-LJMY5_S79jh!!ZrJP)B(Zs?lz1yR5GDv;v^Rt`+^bOM1EjRz;>;I*u7VwfJ=}<5rFJUO0 zGes-mF8UosR8-XKYp#hOtX5`~)soA`{ zn;Vgq^`@q#xY5n`T-G2FVcXg^6F-2AT|f}mK(-Hni;SFrg*yvIdM}R{gD@eQ%>YO= zj7^4KEb6if4IYoB8GZwD)G^t z0x%)#k&0I%!v>(>K)=t7)Dt}aaA1OlOTptlMivU4M{OK5*U_^dLM7erG(Zo|#(q%> zH|o@=8Q+{M`cmvBNkB5XGR?agcX_M^!2%EtPA_=j{nY{Hpc7RzG-OmxLGH(4Lb1OE z9RRC@_;X^L4JrY(2_BG?T?g)vxkxqs?P3;3#Hv8Ebm9xMS{z)yFH5`Ojg9}+jv8K2 znJajcY4u82w+KNzyOoo*1$pka+3YjS+>&b;tRNHK5q`0&Z!4b_ggCQb(C z`wFiN-@x9$$v@2>GC4KXi`gS_D?N04@Wl$)8XtzQ5Cjd`apJ=<9zm9;7>g6LY~s3c z;|55uYC(tr1T5Gyu#nf0_H!T8TQJaQ@=vj)ejL6pcAg4LMS+ef5N`6dy`2ziXqOR} z>>wE+WhLC(-_vsgq#4XpM}Z64(u1(?*&=VQ%24{&(+63z#xPT!CAL`5TiMQ^(b-D2CdCrmaOT_Roz= z2}g%?^!FGTx4dE97|qc4A{n?**gtA%v!3u)JKYAi!HH8nr}u4ahjzj{?! zU%$cI+Z%$ndWNOB`C8Vf1q4s&VdpL3@D^i2mt0VTNdZTD>J6nT;onxhOBfZGm{81p zMXv{<`*ESI=)C-hzQ-E&H%{FV|FkE0Ux1g4goF^i+{nz(l|tt013e);)7PwVhA|xD z$81YO`T%H$gcXtp^0;s(b4>*&P73ZjOIh>q(YW(Z(xQQ6H}E(iSMt_*uhHu=r)K%r zb~9jIktULd933TaZtBI;+H8EgtUwv?!{t>~YklCdF#w7nj4l)zfNTt@Y$yh&#}sz+ z^G|*{V^4X@pb#07xrK!-CFiB2J>Iz@|Jy&?+Iq^-(edf&^eyCS4&Id(K404`gnh@o z5ujr1aKTESOmD+z!5M?7$jB;ujETv~XAY|Yty#uA;NsXK7Wd*@|NJt*vGPM|1Be2H z)Ti9W;7h8dOfRDY1%)a<#{FOJSfF!)F-aeXX&D)1X!pyY&cY4YoNJgly^KBpHHZ`> z=q-R(kI+I$o(do3UPJ^5sr4T{wlu15XgCSi{UZix`t5NnPhwUGN8rAkn*`zst~(bM zV0tPpPqUDj3s98$Nr3ZLhI^2?FoW>M_o)b-i$YaZ6&gq^1aTyv|GbA=o$TqBzhmXV zfw;SfE%-1i4JMi7#O~g4Q$Urf3E=FeYtk4aKbxnIFt@AMd-tQGfq4@zd~zTxXgd|m z-L6`c4AIunVW298kP0<8`b#Hl0szI!1$Q&&R7%|EyXmZth#0`ol#Hv1*G#Tl4amvOoK&`iI3Yv4sKVEnm>3QV3k$%B-qBGYHPnlBU5Lk80?HyJ zL@r)JHvoZ^qP3u#$k0hU1#9&V{OEC5ui00IwGo#-j=2N3k<5In&(F6ZR*eg8FVb9X z5&npyJ25+}_j4~bWLPK68lXp*iTNi$3qgA70xoC45a${n994eJSQR8Gh(#Nb zg@iU>6pIA$)J5M^;_El#OGmm_n>}YSXhTrWxpc2zJxtS09v>mDgSkVEyi;;JxDEYoZzY>Xj5W1u{K1lvWe^*f(EV zUAg#Dfaz>&iol2);3i)l;g4l_TWnD2EnBw8tu9Sr;xmlczh-8Y_-uW*jxFs$5?k1X znZ#D{*eGx{t_mzjbWcE=No3&^vwfT_Eck(;PpM6@E_>q@B#;Ev0CmAt7t|O@GsmnX zZh>*a`88k0RVQMgVep*lf!yd$(*~aqo|I^Qi_{QB#3aYjfcgMAo7I545qS7G zlMy_kqM|D^S>BI64!?H!9skzJ-28%GHG6V$GK6JyY+Z&Zw&N7*Z*h#JrKO?j)Fj%w zzlld|vgg;Ypn;I}RBwulYinz_!)+&y7beb*2~qP_e*9^?y1+&;*qlJ7A_*_34@pQ! zm`v6nr(rlbI$mE9j10^3=kNnT1EFgpB8{J) zQ)y@NmWSyHHC6-QXxA4262=`If7hhBkF0C&sz2QIBI8d#Z0Eg*60^&@OQ9K8BbEdB z5EY|DPiFAQAN+^NzOAjj1AElu!iB@QzR^cQwFA?NB!3JwavHm>^%5ggcC2$0UZn-O zZE_>cZ|~Jb71J%qkDyGD&W@EJ)(=Dn5Pl^*dy0vP2|^+9o-a*nHi9JuVj|r~ySdPN zbp?$g0b*-JVFK3j8=`#xuh6p~4}Sm!q5vkY|NaBG7JQ9kzr%LWZKX_I7AB?>1G0DE zuK_j@%tXlH$frGUy!=q4v|EzomW4NL2Wh}-`b-ZMvniKN}@er0s^8pn_Mw%bk2TD66 zMvy(K4I>Tikm%s>ouE5&$MWol=t~edOu!G#^E^SX8GfcJ20%zt7%#x2@m9G{Hn|X( zf)TN7foCQmDar6tj!njOyh}Se+L9B)FHv+#;QNxvE!0h9m#Z?gs3iWA1yEI8n(Gab zC?ris;Pg@Iy8g{zmJp8#GSW%W*dZ(&h<%K?rF`aG*T5nqJ~6>XjpRovSj?gGF~L|p zUBM~`gtw5hIt*@!p^XFRs5^G;deRy*0$x>-n&1_nmfVA4l5w^u3f_l&i@5dwyG7ws zzWxuS3r)P%Fk-*}!H`mbwIrS-%8vdU_kCz{r_}6_6h99b zOWYSZS25tDn>W|sUh^!ocKi0cU@`)MeBnLRI52-mumYhAxySV|Ls0DGwStU>1{1}m(Bq5o8PRGtg5RUzHYFd{NNsd zVcvrWIdcsgVOEm?djK{er)~dF|Dq&XeBVCAR&)h(Pa1*H4F4!qBvH+V26`kd0Rx0% zRTsCTZSg58@?`4110o;-C|tVwDYO^_`5%2ADR3S&^e_B??1c#)kNFrZbM9beQwIqa0&&ded)d4> z0h2{edZmZ}GvO?5eiH-BGZ5#;e$j?}dl^8fKCdY4SNe=v!p$(EMBo%1yMQ*F=8b(2#yMV}5mY zeH;%tvU4MH&ShUQkbv+xyT%nN#n07 z5Gsy|%o&yT&sI`Mw%vf~`L2%vuUDxfghqou69-Gg7?TQ!*=0w^3#9gF(#%S!Yii<# zr3VlWKES(2sY!#GkK&3QA9?K{VppyvVunivB!PoW3b~a4O>_T&14-IxbF-zZdwhA1 zh-ba|V|a`IZNs~F;WvSJnR*1rzwqsYGFAzoZEW!np^gbyqlzD>NirDOrL{oGtGF+l zkAJ|e!^a78q_{P~8i;*Def(s5N)1|a4?;3#r(a^us}yU^1xycr?PTOffqCvFR% zivDoBvx7q-3C+DC{ceE3cew{S%P zfD0po^k3Z?qZo&9PqI&1US5_3DZ|FN^0Rd~)ba)!d3gA3*2L6MCnjmh?|PAThtj@2 zGvqM(*Q_2lGdD*%N06GlDv*rxsgRsW7@+zkaZgV{ja>5Ib`xM2WtN|Wmb~U~VS`4> z(j7d6<4$JrAwrOx4|>Nrw;XH(M< z78!Z;)TsywL2?xwnZAOfM=lw_;}pl3IZVL@jEKE>@#0>(+CLwTsfWh|lUvA_D2%5f z=m5a;!gZo&_qPy)a^+qy5(Utv`XVCk_z@!X12L?&dS-!(LrjLw^yf>vBYuGat{iz~ z)27BTh^8aljPvjgKfhw_bcICYP%+S7o{LC|i+5v;0e>=yIuBhWuTx@Lomqa8#V$kzKqoQcaAYtG)e(-`$UQHYQaqYMKT^_|I`0y0_p|x+! zy-1>UI0cd6L@kFDxrX(V1I>N}^l%>F^nmM&V0H**UiFwNu&4gQE`m040%5(ND1j9VYu!0h^!g3NL*9n%r)1jK{MQi91{h(FLg7mmGbL zY6Ep8!~-+j?hw2GGMV}%7y6j5W))9vfId>)-oALjXYea|#Xd<`bAjp%_YMNz` z!%uFB!D+yAo5Iybpp}?vy?_@b(iR1#GqVA;$;AQYMlQG=@{IkP(*sxUhlf|-wg$>F zJl_viQpDSVT7XjUXxa_%4fkfpgI!2?Ex85-(>aCSrspU}HyY}Ea}YrQGnmmd?Rx2L z@U=pK^`rOOC%g60Te`ToJcG$S_6NVMfYfRty#C~IhD#(MAW(*ph3zJ>2yLO*;LC|w z*#k+aB_|~&9x5oK0C@2a38|^Ar4^vxA3YOHe!l}IE4yHdR@Kzp#(<8PMFTsTLq{U3 zf3x0y>rVU*I9nwRlz31mf+>*CjnoQp23=7 zAHBt#8|DF>;3W|l2&P!Nx^j@TU}W#eSanB{O9`Ng8Hu8#A7(E|qD`(-7y6>|11ycK{bF&l7Nii?Zq zP``QHGf9>W2{4FBjiALLm`EdTD)D?!yP@xd#l;=Ruq&`MN!ziou)to?#B+egcmW+0 zfZhR9r@k$`P>6OyVMf*!ZeY~yKmDQ9O{k@tZHz&b;U5seLTH9DAC!SyyMuPHRU`pv zBqDL(g>VMU=fQ7*n)&(osuKN5nB8Xhm{?i6+d?Ykur_g{h@GCIdNVNT>W(iE)$wQ z=dj69l9fME&X_8;}SJKtYhvsgCA35U)ZRAQ-M-Z_9V zV}=3{>Kina`wt&VI+Xd`zI*&+LC5cs z#k(CHM!qXxa%9XEpN(D7OAe&Z0=GLL0f*4ZJfOEfL^EMwI*cMikdFu&0}VzRwGzn$ zh8r)5*F!u5*h2{5Xc*u@Igw}!l&b$~JkXuSfn7)h0H;m^8aCR+W7w8>0@ooB_4f50 z!O26Wt_Rm=^cOydLs<V1I zyOEQxcRDJb1v(`BF5pH*mFZOoE^1eAB+1sJkNe?R;fl@kXhyi2<0EdTNPNM%t_(M& z)uV0S2?-I+wFlC>|KNcmL;>V-(tqV(zL#b*?JL7f=3S!Syid-5OHy02H8{n{^zr8r zpxcxF`27V=-WfccoOFlaN0J-w$PpA2^vBbjLOLoN6T<+qX&IK*)~evN#G^Y9*JSb# z2gw6ze=?V9f?u2}J~=bPci@2G`X_9WtzXDA7X0Cz7>-1p3P2JK#p5X2AtYrHm+!++ zDg~xKf>8v(mq=!W@&-gjL0or8JV@!mp%)$@q#d81!}cR?`KG{f`#$M>DW~l>1zOCo z*KZP;$*%7%Kg=P&M^4rNDeFO-CzGZAgE$jMEG$yOD9?64X@8NO-3`d!g?)-L1~^%V z)4N#aX>Mjl$~Z|*+8o^f!mEM?qa65+1H!L87o}0=jvPIDxvPxQt&R0x49^szk@Z=4 z<~p84JqkFbn1loxVB(QQ92wk`!Hi|9#%(qL3;A!SAd=FQRaE?Cpc`?-4M)^>xl=3k zV`zN*-_{w1oFWomLn1LSFz7!JkCcM>YSp3%%w_a`_3342Bda6gDo z`JqY3?~SP5(DzB68c4_wT_YBySNJN%4abP%4dj$;H;W(S6A(~YU(3d`2qdu8jFyvw z<1%j1#%5JR0|XL*|K^83!sN{{Sct^JMe$F6pQ|%%uKa<0^UPb+49r*J>J{h$xUQZ9 zz7ve{mghqqTiBSHZy@PULUI7e<~YZUqZPbsV?%J;3kISh+-v$H6B3NaSjQ*t1N2fS z2nz^^%}GC+%io0T4G%HbtRPzzBU&D)gJH20#SlyPyz5H49Gu~Y$H3ZicV@SzW+z>}s? zjRf4s<#2o{{l?aERa#G!*>_OgaCoiwM86_LO?%b1Og@Y1d70i`@#=mF|D|0}0iA2(Q_6qn&} zaooP0d2O(18*oZ9jCxuIhSL&LJbj^5P2}P}#08p{c#(UOCnt%D1CO7wtfia^x)(A(>KW~DiZPK3DBg=lRzC>}DvqH7 zk`BLh>u5m@&cbOcTQ!of)id_2!dJPEWZK^oALOni_;F-TjZtCF2Sy+s1&Q901p9dm zWpT;AY`FBhqaYl+UC7)^QbGb(?d(FG(+;yF*I+p~ywFbSL9`rxm~hNzIOOP;l+xGldi9olwlX?Tv1Hct3SZ}s($kt#Q%*4XQ1Qix> zIo`PwSs23q05|2NB>xz&b3)jI)biSS^nsG~CIJ!IuzUATj4jkLLMZ@POifJm!FXi! zQ_8bYZfD9StKHv}v`PpkXTu7|7!=G=fvXh>H`VC&Q{xwS9V1T+Z6C7<4FE#@riv(m_|4u0i3`*Do>_ija^^vHjlQ~a%y(D-mo zP2@Vw!qc1ZWioZoJPK04UTWq)ZEin~2f=JhB5>p#CK?_I8Zt1(`>OXAxiPg^^q6sqxyr)0e?jLI&fnjXfI09oi~Tf)gH0#3ROlM>u&5 zFS|K0Y{$Q!enT5#K6qU`Ps}R_em;Pox-#^>TWi=DwE|bSP?&(Vp(x0OE*Ap|kjoRm zO;*!-S3$#Yc}#AqMKO&3Q?c3f*Z+CdlS81KxX6PAdLlHxcZl0j;HA1q3=o49^`-z> z@Ub*N!%?RHxo?JK$6&ie!wGd*S#krTRYMvLy&4DuQ@9nd{*M8c;aH=}_`;FE#OYx| zwTavhL`RHN++c|ZSaUJ!jUQ%Zz|fFqMrh+0qVeR8FkI7tt&Yoy$lv3X#tjt;on2qf zT^rp;fwet`-mbX1B#Gn$Nj*>y>`dGRKu+R@;5FcaVYcs$(Fi3WCAhbY0oEvqC17L` z6QISXpwmDZrjSp`+!~ZNa={-3R1Y_lFCPiCEy-^jK9(1i;-A+K%+_rzc^TwqFa zl@P%`r~w_tZsGZz?&+1;XyJ(eGvby+C=+F$KeJ&Qfa6yId=PsawRk&B42;p>%ix!6 z=@)#acI^$8K{YnV`Xf)-{rh*;uOGO{5>J%ek%3=dppHhaK0Q$|7+(Qq2Vl{HYi?o0 zy(RN~*glw0-7DS+7oR9=P&!DA`{aoeWw?w>ug4W64xNKsLFR*5x^8585y<1&--##7 z9sHjl=ildWLr&DbtqhQo@#_)7qN8i*M2k-h9DrJdVZwXS(Z_6Tgs`kg{|b{N#q{(Q zua$XA1YN`>C8@h`4oIT}c7s(*Kp$R*OTmL3r;fr4zpa3rQV`qW;bDX}b?`*-W3`Qq ze2CYeN+&a77lY|WBU9)PttcDD28puRF#H5jUzti+b%66uAQ`$P!o35CZ$UO%hr2)U zI&gKl2`P|vaQg&@qxwG{3Squrpw0Lj5uWx4E}_f4glCGCakz3t#L3pl(UFXnL(MY< z+G)jOt#pOJ@c^xooLiWj=)2|b-qFDmVqU(BjRyyjf*fGv#bO{)%Q=vuAh%U8?eFJD z{zU=e@b>>u_9kF8_wD-kDrF{9h76S2MV)zq_D2ssP4m=DH*UOXU7#Iu~H?9X=wPa^Q)wt3LQ5KPT!wNoa)F10&VU3sb#aURDNg+_cQe-ofE~zN6pLrz^&U_S?=4pz=Q!pN(N;udgMIxa8Y$ z2+_6JY16a3kAtOXsa->=Ni-&7|L038QH&viz+e>7f=GQAoLs2fNXq|F>8;^v z3G-7hTwqGo%I;7OUR;A(1jhnDH@R*F!;c(3JoDl+zZ)aT%ct4pOf(ZRZo=I0;;Tp* z(Y&{;nrCXNXJ8<-f)YV^9opAKuxUX?qGS$X+a!joid%1SC#jFxBSfZeE2p8!^z`rx z|Ggz>^7ii30QNUw_2+WExUp2OXf98I+j$>5R{i*&59ahA#-jLk_+ShSxty=<0+GrB zS;Npr20Vv6AZ&p|t(cxZG%b(EG8*qP?3rAIiyd%=2%;n^k1k#1;?b~7`SWc$b-WkTX394_ zR6iUm%%YE{WEL>yK$U^UZ?X>|Vzj7FN_M;Hh6o$5WG2ytj&^9xbNGm&dgoJ*EZovg z+4Iu)0bKK2?L9i7TRttA{r{%m;E<9QBFe5{%ZI;%Fz(6OMgrOas zW`bS{WIr@4J~1)TROJqr6R@hwtNayXV3sN5>F-4Gw})@r*s5cQdclVE>r+9SgLgXH z-*CG*eE4vYvUoD&UCWAp-cC=16()!Nikl3+Hr@x%Qg5sCM~Jxoy9g2iVN(CVF~P&9LYnk%Ruq5KtSxWo z@4s`Y+kXgC|NSy1L;qJThiUrkzm*cj zVE7FnN)SV|>n5`?Lid0DlqM84DJHhxWfwA2`*b&C-M%zkU-Dxg+s1mVtruW%bemG z!HIOv|6k8)Xurr1VFv@pTQ}w($0%V*iX;%11PQIe-b-kiQ5U=c@w26cLuIE8C$%2d(XYKcWy%$5yA|9;TH# zD|c&)ov6j9@322QwcS(foHT0OxR@trjLpqw0+wg}88U2`!SH8@kHddacut!;S5CY7 zo>zT+z2H6rb_;z-H+lKR*xHJ}1N!;&=~H84W3d3ZKMaMOet#dAq35gzX@dTG2+!^2 zW(GsWRIOs_Ct+$KKXc|x3~Z$(z^QWdiP_&77kNT(<|M+|SiEeR*_UNIzZTt&d72Cp zK2TCmn^^q*eT&JHC%;Z{?M;y}3f2bY^2hAIkCnG+g#3E{WwI^OyS74R(uoa7k^=^7 z7!>!DbYcK@=Z?PUx~4mRcqk)vLcD_Q4v-)Xq}~w zK9~-8MlWfybfR+igZvZuC&g#bxPda#QfK7Zs;?ZmV&%#w zFQ)%}mDe{bcRB*7w z+}s>(!LFRM>x_Y7I`{0U*8vLHzfVa|bN!UfvVy@zmoDIyBi-ijKbALnj#11vnqLfgmNpsv&pU3d{GlN= z{IDOQ|9#f}f4`R$4K+vUzb~P(<}T@+e?RFzuiz*nd-{L>nAUB_cm4bCgm>)0+vEko8K1A0z^?yABy~Dxo8h^icZ-r@6%m02+Wlc6Q{r#dkjxvL>Hnra6-CPJ@ z=P2{npN`nC{{R0yj?a_%>-D{3&RD61>0Vk&MPj~F?teaW-U1Fb#V%cQ3kiLy@}NPo z(!1OhygKPrOlUjG&GmuyS;-jj=R-Qubjv`Mf;=dNFR^Y1Q|W{0(m}bike1Kr-&s?y z12NPt;RUsID+$5#0%uL<+_%W*DFiWPcxM#YwO0>soz#y%Evr${DJa*=cu2_D=IkbS z@A}n9$HW8|#{`LB|9jA&2)nznr-mn9)>abZz|punO>(V2u5gq$ryOV1KH5Yvb;*!> z$yG{gAD>VtZD-P{`)OO!#kgg>uCNT)3axr%Z)`P080vaw#GL9CUg`Ia!Tn z{|;!n>Y5traDKN18TN5O!HAlA=83{egqZ32!Y|_z+;nwyMKS~l+6@7qgv>0MpWPw!&9qqagG9+)S|b!XRxS8yc`^&Z!e`1|xy0s0<` z-#htzI5C~j3Pk=$0LCnS_ih*Cbuq}Mv)h%DGDVbSVz$f#h=KoIBCY@~ZbFi9;MdcE z$nf3?EGoL~)*Lw{2b&>5zrglo)#ME>WG-V<(>o|8Z%4Rx+dt!BR@QWSO5kRtF8ja1 zSN(e4*7tLa-asAhl#s$C#5}0@zD>o}^7aFVgt&D@Qvj&igUJORo2+N72qzR%1_f=y%kM63wxA+s?HTcO9>Dog&6v zXjyllwdRkswc}b}-`;jf-1XP1juWZEmy-Ad!~|fR*}lM=xx^3(pfU#r!&(NUE?c*w4gW?A`&gN@sQ?h&gOg=*8{zqSh2V0lLA}Z<77$ zj>(h&sj1dBkm#Ptn#t)&=P+KXkKP+w{^7%@X=Qv=kp}eoLM&?!eXAq*LEwvQs!n{5 zXgV+dx?r&EO+ancs~(&iT|9Z9j>BZ%O}j0?CFV`(H184#!$tL3*{A+gJ9uPNur?Xsh}X}H3C=xTuA=|O+*g=HurPq z7W)}|!9hvFeP8kR<^;{}*VdmMvuf_)Z}MF#PFObmI(TxwcXBC8S)O?d38f0#n^h26 z3yaeeEc?Pi>z>*~Mo)s?^!Dop-uu&M&#FH?8$58}KqVGqKh@&wjB`loLpj}+au>H{ z-)wule>zfZCdD7IXDpHirYs25V^&#IKYK=`cn@;-k8Dt`y+lyPhN!CEA(SsG=)DN) zGsn#X?9pvggY)=4YF4ol>O~!dx=l?D>l~(T+_(|ilxbPJuyf~>5m52MxAhC9y2)kO z5Uh!iqEe+HKT@e}H5=_2}V6!EFacg44R>?St}~(a@4$ z3Zp!fLc=1yv5+YXY;6^(cGH0f056X41*<Gc)1Cfdg@0&a4;z$#do}V&QWsZ#x*~5IaNAw7OICRbTfZSsBop8^Bydoy1+D^0k0%42%!_M*L(Qb52?C_SNEz>hJya!qE zF&1AAx5#3;dU~y~qwHV1l^-n_U@4dQ3humq-G`1zRQ5E>yZIc)U*w>&5L-;HgQW@0 z%;js0rXb)A?fTmLv`6UC#fxlm>6Ep3!Hq61apIFfbi{dvZhD4abU9kirC9b0%uwVk zrb~7iCFv9xqN2t{<{(!+jj?rwt6$#%5>oGd=mlbK@%hb-YuVEuU|V7bz;1dQ4cbh8 zNM2r^>YpyEpBBJH%DOUtrfNkGC@V)$Dsj{FZ!L#yhN^pSe7tjLrS}gxAx8`w8agP*}Jokx8X>1@RF(sru5gho%|&M<95qh-NJgPgmR-yEZM!WEN_ z%Q$SI`OGR?Ki7fH)!)9QQUyFg6Qm!ohLW7pVeeGtRi|FKxw^Un;i>;R!V@68%pgt& zZpUi;qNpvX&=3;anujZG)zj^ZVO#K=sfEnFnWgVpRFp#1qzz;#5P9;_?6U7da!6M! zIAT3i!jD_230?`kZcCiL)m^P%1lp}zcNEWGq5IZfz2iZ78^0&N^}`*_w=FVF4fNJZ zaq7)duCCs7%$Q>FonDyaEKBi$<^Mq8Ot|{>^|;^C_HnU1n;}Do<~O(&=I5u=%?e`p ziWMu&l5b))|9tgWaT?IFwBDnGMB1t>p86lP;DRNo)IpB0U8)aYR{Z0 z%lIfEZ#$g{-B2qAmKUD7=t;LhcySNF@7ReG`{DVenGM{A_7vJyUC=nFe{Ortye2GjP;9Vt{^-0oIXHm9e$^|Q9N7Qzzo3@%*oK(@rg7jkGr z?{Khv@B|%-3vtRA2Mb{?vCF=o5?2XMT?+;t`wk!8!^!PBUTr0r2lzv{o1$=)fl&cL z#B1xD%*+VGpX?%udJHj7qD?N2b8Xnf`%i;j3M$}<I*q@)1^2#&(FmTvX(f@>W~?gYoB zKaJ+i>k3=kbU=SAweB?Mj}i1s((TuXZ;1&#7{_qWX&XI3y0w2QSdZ8@vQ zw-rH{1)f3#xZso4z(x-UjcnZ5&9^8(0zr(!+%~E4teRhKE0P>cU|j+Li{^GwccgK? zMWx{H-<^ualZPQmC3K&7qUTqeH4P4mxRk1>mD5L?FCBTi?WXPj(<$$)cAa(*c>NGuhBKL&)N6&1?NRD zcZBmIl!I9$c<-}kJIcu&RhKhz*|<^g^uLB3>KPuWUBa^qjn3!vh#{onlpS_EFGfcn zp@5i2@Y%M{aeP-(F9>LXZZTGI(#*Yll3s&zKY=?1F0RAD5jup#k@?=*Zr=|{XXG)`&$PN9l8hWQ>;uB z3Y9jOCz<;0tC~Rc;p3I=f9wa zeT-cRAP)#x%AHz&V=yR)+NSd-!V11e2O5~2EWXvJPrGm(o+m7qL#i+4bwu9LQl(tj z5<-yat^tDv4GKT>hGOv@Reko1bujG5uP>J1@3fvXn|)HV9eG4Ri#@`a5Q^l;g&(?=28~`J1S6{(n}#1ceE1m6G8y_k zovzsByW1EHXa9r(7!V%n=j|;@w$X)0BO+9Z7R-@HS{~*j zOoX6dM^7YTDj(uqX=(bhO=$HG&fi3<7L;!*I9SQa$ztDYeFjG`$xt_v77VugE)l7@ zu9Sfu{0>duiIZOm+e~2)oN0{O{&RKGwOx-K2H=FbvXHPZraWS$kQn(&+<^xXG@R(% zn@wf+LEMVzB#57)x`Ip4I)}`qcUA4x6lT! ze}@=XAoS^S5-KOeeO^qU!9N5?2x-+l+Pcvop87|Hf0i)0k~H9}tW%ktv~ z4zvXk+z&njqS^ zb_ygUTI$W+b>rBrJe@1OaK zdZi86`VB*#N0Tm_f;A$sW#^=lhIXT716gwM>eUNX*1M2Z)CXAV!*jYzWqvL)vK{0g zSYd@P#&WL};FInmVG`h>MjS!3^`5($tVH@=sDBl-sF6tT30?|a#o1){96vvWt^ zR8T*b;n`h=yN)5))AqY__pTUL;(lb{_h1285pxd^TGP^PH$F7v6Fb7~Y6zR?Kl{QW zSVB0@-WQ6bS- zOw%0RFblQ?2<%;2QleNY2kZ$+O4RJ&N7pxg>Ou!*`9;&{!*scx6-CuP`M)fO-4#12 zzExL;7tH(TSID^~1-AF9;9|L(dsY?C?{ z6}9L~hgo1M&{)I~Bea{0_rMd3|ep z4=|vXEn7OTiA+w`5@((-NW<1Rvc_j|_nJ0)b{jDsuJGJO!;O`z=G#_ix;sz~naY*& z%*|9r;j(lP{6M|Ie$AT0@N>f3=)&?mOb_8`Uo$(pbH+B#>j?Ay?@3FhrMu2wxWFJI zP%PI50=RSNCM*t5Z6)uDqT6}3?Ii#N{#q%DQ+LiltrwZ6JJL2~+3rU^m7mdtWG4wb z1ANCcUSxgmGk^m{6Fw@`vkocmp5*0?q^n@$Q(cjc=dqvI(8 z9=Ag{RfiWDG@bR^(dkn~MOz$B*ExLYWjYRoc;1mYnA99l+}k2O@zbEdoXpHj^XT{O zCG;{LVPPtw=nW6w53OMIuNB`9UH4f&#_w|H&3=d54*am)B&vP+)9Di;b*QW>+T{d* z5wsvOyypb7(b(kH_V~FKBQttDfZCw%ag3^VY18m<-vy`OP6@9mhfQC72ul14SKh&z z_rkB@?kurZ= z%Zlf*%2RgyHZFUYMn;T9B_^n$O!Zij*oJWVuDraJy}kVy#)1?$*^irj^b3`vqJ3Ts zY||eUgMMxA-o4B-?czHPijQxYzbgMnVs~qH58tPOSMkmF zt1#e@+aKw(mAwpsFP{&}P+c{kTiehaw~R!yc>f)rHhg9fu%+(%pfQ@7QW8S-T~c%# z9Lr3fHQyJm&pjqA6fg;Ms$EQ=LPOK&U=9oA&-0G9p z3P?r7h#BTf|3f_Z%0Kf&$#I5{G5}lEFYq=zm(c5@Yq6>0RF4)`Q6k%dc8*2Dw!2uTLLTs z6K#HI)*dgfr4X<--f{D)aGiY^?bGoWr{;u;UuL6@E>OJ*rud}x5l7~y;Vrj?3qB&~O-=Gtmr;FBa&f@jK$RyFQdoXd3 zW0v}E{j!!ydvuf`)WqUp#%h63{h&|S0rMeC$fwS?m&45M$wp>DEM69*C-7BZOraHB z*0MP-KmQ4iB4K5YE~RB<{WUb^IXrsnQ*H^kKW}gpxj^7+^QK$8buk;95Iitr>pU%w z_+|HpoO*PhqObaA)dGkgQbgMaAZlz*s%~3Y1)?XKC~6g~cBC1g2_AKLO)>ALCpsq1 zGmyAgn!}rwCG~Qt_8JeFp{KVm``y}7+18O8mJT185whK>=Imz^R~v7jAGono;a*X2>NhwJ$%J zqBL$?K;XCiNsHgDKcSFS3c)|1m)@u`V=j-f8agb}5?E$Zzqu6(#`EU+Rva~0M*$y^ zry1nuw}*Fkp8F~k&CuURZZNwSaQ*C{2UkYquH1UmgnA4ro^q|$(Fc)ZUR^ss+jdal zGZfGv@sWd;$!1UlmR9tD6n%u^^a3)y;8}zBpp2d@f*4V^$TtF zk0`Zm-+l%+4C2h~lbcGbx1eCV$6n3#2qzqTbh{sv1q>98&O~P~?*l+1(*|})v;UxX z{ZOAa5+EU&qYv&jH8uop4~Ur3K7hX4Gp{I+`9j&*7?oM+e*K(&CE7mI6l?4s=Hx_= z8a-=Z7xM|75A8Ucu_mdf-JO~D`bu35X`Ax#s##?w>pi83CK0vsde_FoFO7xxA|^sC zdSd1=llv_&xv&j*Z}#F7%M#F-Zl+~qw4sKY!3Gi0WDwE(=YNH_uGFpVVn;{owTlXY zokj&!m6v-l>N?bOv`)m7zRF#E)cP~_12b$JFnsGAeU)_)!*4ZBwOU4LN`*IV!Gcps z$BxUK8f0s2&`QeD8qW2(m>4nZTmpJ&I+gEpI^0NAwLrWS4$@q4u4jI^Y=%5mNCYdw zX7povCwQ*n0GS8%mVgrlhlJeA`=+*r9?sap!a-%<HH1U4QZ4t)lH4t*C)N!_o|zyrBy<- z7L3ZS*N04yIg(pG0Hy{obSiOmJqzaGXuJb%rZM(nOU7a_8~^mzh@QIj zy9}q(K2u5W&1mPNyeOi6L(vyjyR#dUf`X+dh(Q z8QMD;T4cUeinFp;@rNYrlc~4vS=eDS$wlar0*(n)BAqXWe}lE}`Pf+F2s2~Xl(SPW z=0<$(Ihj&~Q6*2)zhbcdoFBi5nCh-OGTQVt@cq-59@pP7fKu+xt5*vgVy~$--r>$X z#=cefAd1BSK3yu}*B!e!m5%H_Fr-*3z^rb%QYW+ebnCM_UlbH{2ZxsRx;u^IMROuN zbfC%dNe>a0J4C^RizY2cHQF;UhF$EAJ2(N7Mg?nOS5szOUY5n3{Cc zWOAZCG+M!l68$P<7*@LJSJYC9i~R+$c(NnMWYIw^rZEmb-UQ?!4M6|47^GLgsx+Xf zua_I09^aYvcbc}gq&@BUiWRM=1j+Hw^y$;X7D_9ZQm6dWR|-c(HyX?V8e3=e3-whc zYMgjtEPwdA>Y2|bK9`@Eh0c2I`lxWD5hUg`j!l+PcIW*w*rDE8Q0@nB@4ND$iF=fC ztEwyWV>LenE0<>#}m?SgExZHWZK|XP;&R+(I#}?g6M3q zz3O?KNBE;l(a|0G6ZnO9;duCIS%_E+pu(i8x*~sA_@UKX3r%`uJQA(HM#e0B!!?o) za}f!jLb)JXM&M5FtNWQVXUu|Bfy)5)cITE~08yr923PfMYwY^_n-nd*Hb+L3#s2<6 zDk1P@h!rQ$^B`Mj*U_s518t_kj9SIstTy+N-pc~WIqY5taE6!cUbI;pTry_t+BaG~ zd-fb9HDi9mcq}MD3uixyU(}V#j@%^2WSEhRWcAqI^kw4pzZBg*N)IIr>3MXbKu2vX zejKR#^s=kOS7{(zQJtf~mO~~YL_HaYj0_C!BJZjOJ;6M-Jsx{U&D_QKhki>)!8j8&@Y6IkHPsd+ciS;V5zJT8 zG;B~j_ZJjZA?^sCGjknn(P8LAfpPjDSYWhuwfze zFz7yVFTgs!d^+Rr zXh{J~GaDDjS>-ovH-6%})MZw>`IwUxt8Ry_n!aSo`Rw3?fzSKk+B|q$-`Lgn?tE$5 zv9Q<0LnDSChzS@m{P}hDIlXQ))GU6nuXg6ugSAm(uZMJ8$TU!N$3MOnDZYF6&c5Pq zn>{+14@kon@T+(z?#h&)qf8}=AqAL99m~AAqs~-ym{+I$w7}}MUTk<54zDHXeRffm zj_=cvo>~;?YPKn-x8_pSth(hnlhgn&dAR(>DWKqib{oikQEP!1g_Z&0&awhc+It_ zgE0W!OW0E8@rn6IRMc=vwpGjgtC_%)A6w7_%|t0BxG)5iyXcrQz8yp8)bqHXANvcH z{fsR9T+BWIK?&9csVwl_A4piHwV4=+9)>eoLj69?+FAj7pd-S>BIfqCT0sqaz+iqo z=bN!hdtfAik<*d~t`f14n};?+m{yPuq&ePD_{FkUcj z3nLJyVs;L0Metrwg6}6!9DFghqn8H->zOuPGG9J`36%17DBzI}W$K%4`i1*YW&yInBMSB7WU0sD_#U_C%(GJH97h%Jy=s>f*VhrWrZ zLWXo8q3RYR6is-6top@^v)Uv+X#Hcfiz~ zfb7EU;<*)w``ppt2QxkpmI--1PBS(V#A)i8==Jf>>(@`d2BpHVV6%C~hC|dbdtp2+ zg#yF_)J9yw6gfmC>m{l$NLi!T{@Eg0PKNuXKO4Hxj=w{%2IiW$AC_u0?e6hW8J-Ku*F=j-(#fUhHUE<| zV*LEKDXzmbJmMnw=n{@It#9+@)cI<}iata<0f~T`QIvFqBc%Ps@Cg%I9kuQPcn~m~ zV9x{3jearBMYOIGgnEDWlC`l|-8Z3r%%iOW; z)R{Afd9i}bkM2)JfI?ptKDEL{esz<7+>6y$Rz4$lx4aHc88~u><}L~fI-KI_E%0A1 z7koIP8P_rRcSbWkuWI{ZEDEL>7_{SF9G|c&3>*`FH%p%GEh{EC!3^2Cte@`sq=hRS z9XX~wvK!C_dV;=d_&QL%o#P4j4yfk<}F&M9_?ib6d;01O}laYg8SHS%8nr#u~|#v z>>M52!qmFy+R&Yo<~PT^J_$S{Q27to$9cD{a1OQwbWi2+<9l+? z?=d^7W`(Fo^Z=p+wsvF2jDhFSqWi%;Z2vk9$Cmc-vhPv{wrw#S7xH9vjdzS5a|T8n zzrqG?!In!;-!sD0l%lP_!Ud{A;R_=2iJ=Nq8vHUEWXV^qcCb1m4_b`W01A8es* zWTgMP@3CP0w_lPeBc`g}x%9ryG^_qs$+_^h?FRHeaC>Cm=GkpjjIwf{HxEmeEcp7+ zEw^gP!*tu9>4VC@%ceGk=v;Yfmv-OXH`B zv0B~JB&bq>iFbFEwDF~I3)N2&tYPrYOSNl;_1YL_r=k48Kr{#_fIL|)HF^Lg?MY8~ z4;KLPvy0xmG*vJDlVoOY?t~GuSh*pkgv6!|>fpVc(wb)2>vutg#a72d$(>uvJjZtt zTA`|+W(q9|leaLNugw&gfhLy-8-m;*Fe*|k!@YA%l(S`$#P3sfocMZ3b7q(9fKo^Y zf)FpTB2qKWkcb+*n{+~=;82OvLxujF1gf?1qx;R9lRz79?rcYCI#^WbK0boa3(e%>9e1QC&Y^{4!mV7} zk1y{gopm9!MRI71oI%qc`DR}~vF7gd%16zI9bz)yKQ2&h+qy1E%4|z&lws$vpzOOB z7LG2PuexO4&{pTJ9gHo}Rkl_gW_RXRm+Zv(zs)3nHjZlbDd?W&)3BnMsmO@SOnqHN z@h_&Oj}5>ru@&e`W6i|II<)c+UYetcmJH@KdfCvYK^cJ+x!X$3K{|&5+J5gs5O^x) zF0g0)Po|&EQ*=R&1xXMm>%U`OkQ^~5pr0gERM5b#anWEFdbQ*%h zYh&7kn zC&LP0n}`xJ%MYrdsHn{A&s&_KX&i9U%a^dmfTo_lomNBMzoFRXAhC3 zPTn9TlV?p zaQ9oCd$&tgy;GwzE$VC5(cuSwy`N!ivWIc=zN{`KX4akSPpv;t)MLT8s>bz8mVT zf%GMd7oxKK#wM=Hs>wn(WjkF-I5mi+YiHax3DxAYXH&ONCfsgRYNMQ30p*DcB3#D5 z3DNy2sUb)s=#0c}siKAcZ;0K(N=~a+>+o5$!-AiRfuA6!Ne+1A0E~HCe*ro~bulwa z_H@Rt^e3JzW_6ttb$LN+yBFy?pPeo4JQ*W(-nL*){Qgs;Tg^)zqGJ&H`>X3w|JA2A znB0FjAZd$<0^y z*vh!P`PXAzgFUh>YG2B=vK)409i^M*y>qH(Cv7#2Qf?D8477?&Da=np;-?2q+PWJC zvuKQ{wS+K;tZ1KOvxCvDkhuy_gwFDl;~p>)MR58~l9a2S8xC0%qX z{@F}|f|R*Ji*L4XY%*5)G@EYH2p_7`*?aKujw9O>+3Sd~mk3v%$@`3ujC9 z8T&0I_>cRK1J89%_Y6POtNVe(c)9JSGFzHV+8^!5qD1W`h z^E@?j4=g=-ZR&wy7cIqG9j<>|b5D1zaY`;1!yY;Qw#h@ zo#(wycc$-=&ff>U-ac3+Aaq}jk=1zH^J8=eN0p3U@$$y^Ec=@yx-D(=lg@5D=Jlb+ zdFO<4k+;@NSn}FHK6rb(vD*}!?JlS9ZU}7N{UFG5iKky%6~&##o<%#0r6lLSwuv2N zZalckDymOKMaxrCd70Vg&1>N?i#VqG{BI3o-Oe+vDl_gc=-l)Un*J|8*48g`IkQOL!{3zX%)}% zX+v6eJZg47YPRb0u`}8PD(eot3vL! z_&H(N^xGy*BdRY-7f;{SGug52mY>twyPTCaJ1}geQq%rU?~jzf_l+(4dG6u0HG2j* zMVQ|eKA!@FUnKjt7;|0DLFwX|eH~;iU0$_R%(-hjcGCEs8-nk&Fx!&8tH`0*R_B6V z>(j2ro`FwfH5FF-xAL0vkD>d&+Sc%?Z`Y)f;~WKEeguIOVnb~(2G&VHaR=m@L9OwVH>*`Ih(W+jI^XG-IB8_dbUvT>ojdPqWP)+l{CAaDm?I7UaO z-sb32=-WASHZ652j8ixow3K39`dvJZ8fEHu(UrheiY?@EkkV@h4jp31C z5+J&q37Q4NYt?5Bs%^3C7u(Jx-GYl3FSddVgeK^rJrmDQl&S)x^ zh^Gw<8jb?e2LqbmVtt>=KJDFljPF{)dH%K4xGS|t?D}^)Vs`^2r@+LKvx&Z%now&^ zE>%)Vz_9^NU;fmsOP)Ih!YJS>_}+&pimDUm&|ux8>mUUMsy|o*GA51~W6F*gm( zQPs@sab8JH#&nMM#u}xz^9Gy?4o>~^Q0HiD>$;9mCSYw2U`|1aE*p@whYu5G7`U4m zFf-b`kL3U#huZXXLEi&9dY?+`cEwnR?P7h2C?f?m5&*L(Zvsf*In~<_Sk56NCIo-6 z=tPp9c8_uI?yS-hzE`q^@D}9N1&($rF zvp?KC4f%||zJ9jRQ3h^|_;_Lx1}Rv={$ULr^G9TWU2Se}Ln3oc09%p+EsO-wQz8l! z-mR=e$ir_p{_HK#9-c!VWRURMy&xQkIUp7j(@ab{vo&TK!apXnamXVi?f^_Iqi;te zNm(%4al0_x5#<~VReHbaxE^LVnwp!Z<6gqhz@4gl3GDbzt!1#j)?vi!8}+5MbPurq zG$W%9(AY%9DI_8gELfh~0RkA6kS@5g7_y34G48wqphr(3y-VAjN&FpnQ-Xg_PlYp? z1m%vnanM2p$&smyP!+4JT8JD)e7J;#46zaab!37FlL2ceDTx^GF~$?>Ao;5eAdu^6 zT1450l?)1kx~V_EOq>*<>RSAJvxE9FMd9;d>y(pAu6%_Fz&QzF8$~TrZ2g6nDnT^pFy! za?F}}FeRtfr3mBD{Ht^4PlcqV%#sgK)_3ebFeyv9fx| z3c^(C%ug>9hXG4oyF7Un+4L^F7!fv+R11R92c~)mn=D>53mo4%$^l_0vvA+z$05{Q zF5O~Y7=-yGQeith%Y`FU@7`JHBQQjbj+?}yDTcdqK-nMa%`LA?Tr~msE_B=RH?ph{ zu;1VoTRQ&CRJW9uSJ^ufhJJ^-S|Iav--LVP&Q@Gv;WI5v6T$bSjLppM@zN}_aSJ_e zEuUM*wCFxzomQh9wGESwJC5@ip`LYX+6v2kg{J-%IDzQS4nUh1ad%Q-%%_{t{SWKj z#qsJBY7mNYW*;83BNkfgw&S$75?Keo$#mO?crBH8W5m@fvrSB%bU34kpM}+;+hW1@ z%kR;a^KRWgsyLUvp0#lAh37B#Nz*1Mf8!#?P=abObi{}<07YSSMdA2z#~)AQaI+JS z9I}=lxp3iv%xSms_fl3zW*Mb9c=yTC`7;PZ!>&9!vAtmF(aE~7)EIHFBQ_Ac2F83+ zW%LcE{X$6^vM42+1xKy5;nD!v^aS24;VFk9&V23q>y1Qg^n+r&AIHFh%tka=1|vc6 ziA1Ue=yzC1h$qt;XXcb}oeAiPG70TlP7hVGf!VwgH6GnpG0S1k^K#;QpC3ar*A**i znmHt4=NLNwBiY3oWc~=4H&GS`@#lqzhfdZPu!S!+op+~4TOl0sX@JEL{Xd4=l0g?g z!{7g1b*<<(?y=(Kz&#|Bem-A{$>evqfUJKvpz~x?OT?9+xs$48IG2AKikewkE~HWX zBnX!DAIHxE~nLfH@{V(;pp_?^Y&r1> z=-wAH@J>xlUGVa(rm%9NDZE*eGZDdR03*%w7Lk!vZW8EIV!zLhpD&g(s`796azk$F z)Y}RT3D!|%X{{8Oq0XQ#Yhi5anrHDAFdr~sF(j7H&y##DZMMpe8+T2=mS>|pe0bEH z#x(!;W~cZXpMm7n75{TD27_3jcie*;Kx8?2xbDl1uc~kMm~F}_|N1p|-rULQ9K1)w zuoZac5HDiY&>B7%7IPCR;ha!O6(cq=n>kYZcgt9r5%aWdDvf*NH#S(*4uRqpR*A|Y{^s_WEs%;C+8Q7b?))$N8>2j0J zDr@Jv6w32GO{&eChtBkvu-JvMcyio2n~U!U&zQe{Ua0AO-F*Mj%>i!LnrzdLJ-V7* zH4tmErvB6)(_z#yJ)P9>IYG_(%EK<7rLkRmM}Xsb97gVp*m5snh^>?2>Oww8BqG{& z?j2h1XJ~U!p$Z>+cDHDf)Dr89XV0B`O~#wxGJ}aJ<4@V+r=OZ1w#&}VUCvAzEemeH zMieQDQsoRj6HrHrwbg)3QM(W44^>n9fZ?Jd@S)hGCU$Upq-i6{#7vx#fSL7REv=IX z55+zgKstRA8v9fJ%b`E(;nRqnYjA@TGF|4)EICibR(K{a7S%9+(TxBWFSR4Eakpmp(S#x*Z5uTa~CF>0+p6&D+?X)t5?-BjZKLux!ALg6wBm1Vw4 z%;hz%#=4&@16uqcLi)Sb-FlgDp1DRW<6ypST|PH^A>w6zL{_*3e`o=O{(-uXEbt;eKc?LDTvR z55hlhxa*&KMKl3xJD!HcKJ2jbMdJ-cgRoo zADi@~=6z+1t>ds<|E1*ld&07m=Z8o(vHj~yRrQx6Dh~k4Iy0L_a`y=2{l(QaryiA; z>MV>|lA5$cwN>5b%BDp{O;^2-E9m^0Nt%gssk9Kj&cvF{Z(Mpn84-_40v=$cJB;dU z$=FjXpN6!ddIYW9&G%p}eF-Kr=VBkn!D?-lDoZ&uFRo)R3FYr%R%2pP;?Kb~x5m&- z19b(OO?`M|hZ6=_p7y-J7x2=~B3)?Czy>^l4HHbq5ZV+Mru z(Aj#Cm2SLEi6;^0OCfUHv5)5t_7%|S1p{_-4 z2x4^M^yT#gbSQe*!=X*QfKVvWdd;(i9rDjq7H+b!WY^9q#{F6EJw=P_C z!!mL1)hm(1T_P^g7Wup^u9qx@$0IhtmOj|~G84jMoI+d$^M^FM*bl9*m7YLnHQ%}A zNkbJ3QANo}!Gc|ZGmKegJUg%bRKwtMOZ}&dbpQ-6upeT75t6jLmtRzT+fdrmDoRur z^)bs2;^X9!Is@4y4q=NL*&F|sd@CF5ZgejkV_DEK9*BWkUS+M{Rr@gt!v~yNQzdt` z&&8K>I=y-QI^yOtMjD=-uIa)r;b$jO+PWz4%9SyE5to17ULw&#-3MbPvSup>g4=#L z&2EKvvRR=@2dAA218S;X{(P`Z-Tc+t#6>~oo1;EdRjqMxonQEVu;=fkzT)!B(ghu1 zQX09yk98skFb)``B;To%T~goMs09|{%8O?%)0XLM(k`7*9Ju_fD7oS6h;>--J|$u& zDpx+-X)2Tz#zEygNs>cyru~1c{gp?K6qY{RAnS75QQSpL)y{;DxC+N7ZsnB?>0Qm- z0hOgQqZZ4zcqJe3%rOyxI@V^6Ib~kFW3iaQL5u z5rz4%aPy#G9zJzSLw)`C$J6EFhyad-6VY!9zhfu?6zo)_j=kbe;m1n@N}OFrW$&Lf zQ&m0C(4xk|>_I_IG6lO}n6iV!KK^UvERE$34%X4jnf+omC+up+Eev@1GDJD&=rEhx z&#i5YY9r>jM(5(h*oN(7SRt_6GEgZtn%uB&>WE(N)b818LlmR*TF!17VFK#o(}n9S zmZ~k!Iem`Of`R*Jn2~voniLN^SSsc2BKD?9%B@!z6W8e-Kd^w zm3adx7bppj^7PH>>IocMKOCDSfO8dJL6_E`5Ce%>9vGKA77CmlI{;Dgoqz#!YVG@} zZcUR&NXtkB=5ziy-9m#orQx#%zMcIl!k!>r#l^*` zOapt7CZG*px;p8?lZWiJ*+PI9>sQfe(IzEj?r$Q;Ecbi$!oSHb%SqK>sMyRGSrx@X zTA^M-;6Y3nuK1cd<=)p7_|i;j{P9efMT4Yw;G@9^%weylX_Xemnb2zTqXBEC!+V71 ze(lftj_Z*fa{onxe1fhuzaB3XT8{$NGc(LrPmXy-(8PH{iv}unnR+$7gn6dXEf5ko z8`<=yc*lrEZ9UuX?Hz5fX3df@3hRFVxn5G6MVGyL-q!r8xdiZtH*<^%m*>B@v3Vq8 z#(&nWjZvT)-5(RP?p99Lo=$Ft5s+IF#&~o(5F8xbvaj;C8%`THvis8;CUoSa`8*=K zhs9|($F1s)q=x7;zfmFDB64_FbCQmg9|qejaJW|2{Wo-*$4IJ~>{!0v$v$GMpHB*2 z$H=qUm^~kUzNgI}&MIVtz0nY#gOL& zR6v|NNFLO-?p^2g^9R1YzyKt~F$x_3)BGH^#SFoGmXvucC}=LSUjQ@A-|lw_i4LFI zs%1+bnBh-WklJKD(%f&~b~{|k+F_bq)6(`ogNJ^uwy^UAsuxypvrK<7f*B;5S zxntbhEgo=m>P))`m|?kn-671h)js8|o-Z;)V83kt4O?#6*j6SjS(H;r0AX-<`KsZW zIkV^~XB!zsZS1>#fJE4s4rZm;37ksaVCITZaT5dGoh24GH4ce;M~hXBb9l6QUfXEs`k5+qbEF{M2{q%1~n`R&Z7OkLe1yx z_1BJCApJnz4{)`usl|g8W7H`iVLDG>+a?_kGI)z#t4FN5Te;ypjJAW%sbBTZ&_tbIB`!~I)KECA+49u143F1r3KUFSw!A>Rx2N75TU&m>MfJvt zOHq?N(v06PpY~!b1i5T>;Qi*3SG-nqoH)n47XT8+)W=TjPH;L!YZm@YawOiRBCDWg z^Mc$;cLlf4BVIYUl+PSz+G9cHf7R!!hsQ+MMpV`Y(gBOzrCfs#Wo6DREweUSu_)l5 z9Q+ivOwMtKPCD<(%6OSSQF2?XRLzHuuR|ZXHhQ&)C}zA5<*q zHQHK8O+yxo+-MMVrLyYXuNArQSlhR3LHT;ZP=!(M8qI`XU(Mf=#KgM2(W9&VuXtcM zh>6DK!VhOT1)kSkS0=vHDjnS2Z8fYnD4u80ca+di6O2V86SCOzce`WM31;7x&;4&p zeod3ee9;B~5xm&(%XUpleZ{b|+bY7figsD~k!hu1V|;HJL&+cmt61#Pxz}~B@xq1K zd^4f*S}V`!tGPnI1IwK0Z)a2OM(kLG=`)Hj*a#t||Jq;gdv!=ZbP1?DaA;JTbdK9` zEx6u6C|A2ED&~R|4m$&Hp(1=*3r^i;2da|95rhB7>bvBp2C$n1-B?CZbJJ$-;FkXb z>M~FI0;lLYSjOm{?S+_u^%VENzXbj6MU3S@5kq%@M@rW7r9EYb4u!thK1tA*&=P9k z!3nBD$ZXGQTl>)0X)tq(S(pS?)Z}2^ihafZ2PSyMe7>;YM+i;} z&z3^5;`lEd6eY%&l!mnuF54=&xpUyzh_!+Y(COFCJ^SSN<_POUBg z*L(cv{_m96&C$MVhl^ohVhjEMr6b=GT8l>xD<3+8nNv^#s;rS;-&FlTQLIu%$uod8 zm(=;9kflE&4V44KvLVssm@f<7_@=^1TRYY01>4C>1+atW z5UQ*@hm1x@cn--;`X-^EqwBx;vQ~}_Z-||L$o%^h&P)HN-!!zbIa|uQqC={)sw!%? zVbfy3djl=Hmy@IQS{P<$74a6vPn@`cxu6?Ys}tuW{#+@gqJBii!$Q|KT|N|vCX zTJ_pC(Rz`6U+PI17*{4O$Kh@Jr$x`NW@cy0q^=mlx@G%7$&+R3=bo%kSUr(mdinZi z(t<8?eUQBHa0NDFES0Z*Ao+9Q44yJ>nHi$EsFj`n1b8Q;$G_*kQz7?92;38`4`(cs z9(J(k;lEsf>UA#a*+5SCv_t>v#2#a>nfo%ccgG*=Y}v8q_; zOY|VK_eW33xz0)k9_iV>C6Jq0Rf-lP$!DKbC(}_K1^r>M?UmI<7_N|FFJ2vW>XBy3 zTjN)qsk%K{8iix<+J;^;!u5^as8~SVmj4fPZyA+U+lB3dh!_YWB1$XL5=u9Sf=C#2 zm$Za*BOqNO64Huvci(_CNK3bLch{cFH}|`L?J>R|A7eZ}9^sC)))n)bbDqbUg}7dW zp{{-y9q(Lcd?(D~O;83Sx_QVC`oKs=T(UM`U4=3M^TuzPmrDJM(D#Z=O&H(s6q}YL zr2lp02du2o?J!2Hcu2u~9kR|nU~h=_pF=`e|Fz4P!G*^QVh{=XAU`@LV0x5*g*s%R zAPf_Sa~`4wg9Q<0H_Z1BATfiqGLnSLo&~W8h{_A87SyQWp~Cz@M=+T5%TT5LdoId3 z{>QlpQt=FZwQnCQ&3?@GFMlTncHt{TRv#^)K@7r^gxO8-e{O?_5y@Y}x4e$p25lg6 zSVwA=8ZRX!3tyyw&wSg}MtTY(Ua=N4d9{$PN$@f<`2N5#h50IdSo*AA2s0a{yES{3+Zi7PmzXLwS z&&P*lz&Z)?1b~{7TebkpqXgJ!VP_14L@-eVdvrUXhT`BbI8;dvOXn=a;j`eSmG9(> zdFhgTx%E6G$B}Rca3BE){S$bHpwL6t?WuuBKJKv02-;0yK(Rqu>eFmQFXS;8dH;A+>1aF-fotr`mVvB2wtqDud<7GRvBw zP-73{QC@f)7GW@3YlBtZMA;SgAHKtx&=as*dH^`?R~KrFoI_OC;eZSwn({}le3KCl zp|9L~@VqdElHLGriz~zWmmVubV{+m1D=VsoUF zvjZ1L$Yo>T@}bp0E`>f&*2c=}EmT`z_Vhr+DD<^H2Sy7Vi~gpOGGWhza7Vx?G9*!S zvpPwFA*m8MQ$q2ABO>DS=O++pWW`lLRFo9)uNCC)lfS+M76eEz1qcG&-BHS5z6&+{ z`=iJp&Qd34)x!qEO7}iX0vS12V)Ee_!n5841sMb*4FWW7IOWbm2PjmZ5WO>$fR?_j zxI$2jocEB(4x%{3?mgqH>Ayn2zn?CfGmeg!XQM$QHNqxEgCi0MGDo+RpFuA-8W7%8 zW?79!iW!x&`nMd^zz=&H3fkMl#yOj?=t3?BN|100M8Im$39f00S_C~!4^SbYd@liu zk5N$+g5d+ijFf}lKS%iA5B~jx01rKwJk1bavv=w!nCQ?FAl~-hCN=f(0p%zL z>IV;gFBU=cU=#uJ8r4d>*Fj$YeNiWFeZ1ZU@)=3+cvAbqbo#+;9FEipJ=;)s2Jg&_ zo^8nMvtP>fER}oU{co>0nD)C0>tBdqK0q6GzhNxsOAX)uD>^{F>Otrm3H<-Qs*eVj z|Hm|^o8o^>bAgyI^{M|S29)H&F4^{l!_N~x3G~IM z|31*x$&^?}SW-~NM0aZt2IMq~ z6KRafMg$zL&`Ii9y6}ydT1@=I&$5~s@rSBy$L2DwjMB1gx)`8U_h^ytN1kVDu=~Tp zN6~cL<(G8kJfq9gZtt1${kh#}5b=tyFQ{klPk8HNg1md{7uqbP@iRJ2yYfX=$LxMH z1~|ruY<4}LxLqQjocAg4@I7ae+26V3GvYzb!eX8bnWn3d9s|o`;!4%yu8LRtu5q7> zMIIT?{!#aF=v`vLv=N%_C6Ri~l$`0$smtmS<6+mw5EIhzZ9(?4^NUdjo-oo_(h~!% zb>Zx?$ZJP2UW+44!j(&DJ0@a9J0|a!xzmdN^O<5E>V`07H^v>;ArEi~sk6dK657mO zDl4Dp8jj$2$H~xcn$QK_dy4VM%c`!U1>ez;^hidK!(eE?lwCi{QD51RKj~Y;dUlGA zPUY_)u8hK`bB*E?w|h$duBG)RIdDvd{XY>=N5=ua_;dJeSMj}Xw&J-;KG8qwO9*WE zsT2DMwYjRRgj-2wdY)de_*2~5IPRY^#v5YBv0T=Q)<7$-qnMvj71yVspf9En7}z)=z!bQ zC~0Bb7Qj&5S7v5AfcgB`Ke}lEa~M-7f$+y$;a^nEx%^4$FPj?q{)~s;y<07=auvCT zlPf25dj8x1-GuBN<`=#mXrrBnY#1D?IS`veU?DVz+%DM*?5kvM%$-8M>f~1z#$fM} z>FLb$9c4Y#S7zMBL$*du8727rVAHCwtCm95p6&XRY4$Y0EdEgXBRLTe!?M$_=)^$(lQwQWUP#tN2N?WT&v zCNi%RV?_>&D88C-?EUk;A0NqFjDdzG$nq!lS%M?yB;BIOSZ zl^jGo-tyG}DGZXNIQ%0uqr2vGDUJ8}`+~5oP3ixU;_(r56Ewk@2W&3VKm`3Y4?ByX z=LzxahFe|$nGAL3T{#FL(Gb^l2uz+F?oK)H=K)MEij%qX+7UdI$53^E92)dmQ$gz( z_^-tSJ>Cr>y~j>=yOhet!yJe|2f%dZL6xWn-9CtSHROF%!Vs1>M3#-vF<>|4Ntjzu za8@-5g)gMD0q!ELsHwUtAtXsuj7ouwv^>MZ8v2tU*hxf zlxMuwDDlaNy=rT+dropTxqdqj3oTRfW}ALN_7qiF2nZFAKeEjD?IxV=w$@ujYH zCcEeqT1FF3-<@~aw0w$nOL@{42X8VP_g@RN9TT%ChBdyLsq`#xa`^&(l!y%TAzEdu zJ+E71Bd#C~V=B?)>6V?Doy*(Z+BrWfoQ=`vy0OYTy_miIwY^@bRi$%O)*In#dD8hd&h!T&NFDt z18BfQ)zaLaWr(K>D^b8dS5Yp5hzHUP5Qss#Gapo`a73<0n!X^6T7=xgdUejsNhQQ~ z5L*;yIzk4y7bIqgAYBMDWJs9^&~#4|yAk0TByyyn&jqPBXtHcTjuyH!WDEt3MmTB& z&o*(9Q#mw)98P-RLjUAk9j;)Z8l2fRGCmW^FiBhVMdFPaQcYg22C- zcfC>snkbM^@V%vFsJctWgsfDBj?G?LFOMTNcft8<{U=ua=s{X;L_yLvjfqbv)(>&^ z>QCA|33OuZib^mv1SjiTXjJWr)eak$hr5GFVpmjGtHo5t1PIHWPk#p(Dwjkv+VK66 zWS$rnL=o|(+fhsUhaT-`HOZ{5D6zJNhz6Nk<+C!Xno1Q`YV$hpf569OGdp;-zlFyW zw`|b)g@w_0{e7nOp^`Ic)*FL6Qkp2!jr^fZK8?mErG`vYQG|)ruEEWYDpw z2gxoz2)V%p1CEeSAwkJ)F>@J?ce;RWh6T$5Ojy9>)-y5j<^hnE3aFZ0pbG|`?{i4S zl>uV0&*gXVDrEb>+q(uTe~r*>jt<=+bI<}y1ED!ISb*hHGb|(T=yafE4NlnYZ`7eu z2px}z`WaebETG2(a_~^tqM)G>b2wuBv4xv4;Xr@jXeJgnsI0j9c-`7kQ__)feU(;k z*K=#MIJmHIy8R62fGgvm37wy^nweSW1utXoF;~}C!B&f7K*?*z>!#UBSvgVb)5HP; z4l)Yty~o@eW0)A24b>X_7CY2ev56kP*uU4iF~7Ke=zw3=ptmE+ig^?jK{}w?_Tl!d z2Jg@_y*O2k=eZeC+#)1kdvQlnZ+!5LuTp}LT=R8A> z166A zw&z50&9D6;&6%;dL}k0ZoH2EHk7Wl3%yuuSS70Td4De{$#_nnNJz0JcL-c_hmAx*Jxa#E^NzdZ^-30-);PzDWztS{st zp#lJHfL_o)dJU5Gv9{wa(Dk0#AMER!cM=;C;)Y}^K3bZL2*BPBXQw3C-{Hs@2(1&q zN%(Q`r7S(tZVH`iay2OEHia^UG8wRE!=U>L|L)xuC>x85Usx4Njfnb~K^;!gzb)gJzw#s8#_D>PIbVBoUF_=nd~cIHQN5=GtVOZm-?CP^ z4COM(zUiCRV^9!3yTuNf};i*s9m^Zv<*AMndpT}aaGt0G_UKcP_89DHO z$mH2YQj(K*vF3&H*OD0($1_i5ggTtrM^JuKH_3_Yh ztn&3WuU&UxG73tHvO6Al!bBhvhrV@P@9GN*4Gqhrzi4|hFQlII^> zb3EjeC=JzCrp~Er=T)>+nYlu-HP*by+9%C0?logE>DDUnwqm?U0len}3qjFcO?|4lUtM`(y-8EW{n(WYx zYW~UftLyxiHQsqFeC)x!LGUp0qTth7X8o|&W4&HN&ncgyE*S6qJmbxT_Z??OyDj%Bwh5U(Yh0kWbSb zHXk%c3twe$Mb)5btXv?NoX2^<;MU|5Zoa`MxpJ)l<+=TJ!XIp)KUVH)pr>J)-i;~U&O~(iw~g~oh!=ExXbaeS1vL?WG43|Cc6-dRg=N+MSwk> zG9U;ISKmkcV{oyMp75&k@#%4G)Ahz3*`s}hWBPT4>hKLsGjr>YsRd!ZMc78yM0i9D z(CU+FJDW5mB>UEhdD$h`u1zu4K1(Uw^c%Yok@lspfIHx-ckYeSm?Wn?k{6j}%$(cq zi~F=~PFz>!%sxaGrjOVu5-vAwyS@@|>`=e7Tf*Xu{p%QYQpI(Sb#Q#JHS2AY#y&Z! z%3!Jak7Ic^dozDE6a|ab}zyP_nG1$(>+FGo|So~aGT6!VswcCszC@Mol$)dv% z%?*-oBt6{0yFLTmM_@0HMo35q>AYvKw?X?wPTvtEQ8`w{Ohzst&FVl}SgL|O z7%gvijYq8dZ&&5ObJ-#+@P6*?U!;QJ~_ zIo(c5(fQy-SU!l+H6~W~GlXZaK7z&C8J&0f#eunjJ?}ujG}=p>-p_Hy+KqeK`ToD0 z9{1pBI1&UA5x{$9TJRlnXBe!d@sZulocb1|ED+4W;%fHDZH-=UNA^PPYjLWWYQ4EX z?D&rO#%D^DzuO$V$<|VfW}MGpyAWpBK1^mCTro=dGZoaIrV-_sX4ZPlJlIjRW)>+g zZ2mBtZ&00om`{>amXYkmyV;VvXD5}}IFC}y zlw0B4bD3OKMy*DOG6?r$5`Rm*GbjDVeFV+Lw5wQr_xNo5)Le|#selkQf|XcNYl(4> zk&vX&T*348pRuSXiuhb{*r<-&$tzS8$D6_C9GGX1P)^m+2R~WszVI-Qr(f(-XNVP> zdS03D1SLG_KHThE!UQ-`COk?HG z*iFCtUOz4FaONGv;8UfbFWxfNV|6N)x$^OX9XEq;r(sgl!wj_K9giv7pPx-wjI(+O z&)Cx{)r^g7^|1`dzkey&rG0paSay?~`#$}TW`jkH zoM6w7*a!0^t+))#0T*$b(kD2BcfH(VwR*K?PuFKJyu^8>UNBIzb37?~(`ke8fx6pQ z+^~Vfa+DJld2tv{fFfa1fMm9Gv-P6-+A>ag&$fp~$IrTJU(SW?&rr)fB<#Bt-0>}c z^U{BcwFh2dhGBlmAzwUk#Eb^9(+iL^KBQwt1P8E~WQ8yGJiD6&CZf1VAKO z1|z&+Xy1bfy#Wew!5{*J2tH!~1u;1^ar6Rg3;2qyQ+2H?J5U8>tU|GdMy3WxmQ4ro zKFq-YdEM7R#o6!XAi6@dJ|HdlYx1S0rUVo{T>hOKP-ZCG*-?3JvhJQ1x6H(4s%dA; zX!dk)yHQ}7d)2Q5mGZsgXjB5W4Rd-y%q(DNtXz7Fw|(6U6@&7|B9sM+77D%_FZ6ykNXQI&W3 z(w*9VvfA|I^R@QOKxVCqc>Js?*^^HO_vuCg{Hwl_-(*6Q&}!=V5rxrk zDzZ}g*(^VxQZQ8ayUK@~Ldq7!C#9ri^3K)QdeSm2I59@?erOGui^UzJ`505_!F>v! zM!hYiRJ)Mn;fi9ScekQ%v$(!{W+^u`aN54Kj$WZde-X=BtJPY#*)#fH%8qx-Sc>LU ze@{Z^9j@r~fIFB}{K6TH8=5bIEobf3fktiCg#9 zdNc2&`RDwTp<4%Yk}~cHc`rUud4FnnO7~*O_Hz(Or zX_Y8}U`iO#R@ergWbOUZl!t+S?1+js2N*tim%sr?TfBD zk(8ee=utdr2lt9U(on7}P9RlkAsF4dy>8KC5 zy8Ej)+Hfk#{o~Poc<9~atFyvZp5=3k-_j!TEg36+uZZX3V8?f`JWeQ6%UXTw`&yme zb?rso*V2dh!fQsURFjqTjWxqI(ko8QzGGKJi`Ce2X_HNTQ%|ksf-Bc2bG}8#M=_?& z9(T3Bl)`eADw_R$%N!N5uMxW-k&vfwIPKo^0slj2)#KJ)6Mg#{do$0@Kgoe#Ldpml z)ZNuhOeW5TuBP4I+WBOKd7;WkgE=$rW_<y@})|S|uwKDFG zsW2q^qbpyeO}iME&Vm=0Sas9tq2<||!-<4 zuTLmB&p?J2+7Gdyp#(Zv?4UcIaTe*41?M*+PE$$M7>oBr1OyGB4sL`L%5s%!k;ySM z5g;NyFr15rU;-L@ARmLsRzap52}zqRkejlAW^LbgykKxDJvcs z9#>@+&%+~Sl6@IKT^rEQc%&xa@P$KXXu;$Iw(}vMGSOsH9?z&X{T>aG?+dzG&BxP< z?KCQ88rS24dhjB2|JX%^&fmjt$7y-sH~q+P8qd+q0;<@>UHbm*4LSV%EV{{W z#mWvJ4Zi#)r@@w-&^eY2Xv&W2B5og4cs`=V^3{HOUK>e3h09W!ov7AhCE;ID-WxEO z8fuv&g0|Gff;!dXU;%qQejMw?5kd(X{-~Q`@z-5);{3uBQA~Lf78BQQR@S=B*v((p|XY zO%&MZ0I5Rr&8@(F6Md}aO4F^m%BvW6c-Xvfsp*d$c&?y^QhpGmbV{{SXmbSqo+wwgXM8y(&Ithv5)g#q`cl# zH_YvC5^ne?uPnfyrtkdbiZX!{&+{hA*h0Rtq|2dqgOcwu8a_r#F6_2=G-4%j)Hkb& zPkP$-YASoD*oEkgg;Y_o%-3YH*_R7!^vVb6hpu~Td?>%8@$&=Yxpyt%(t962Vcx&^ zWDwKWFH53fjDblpqiWd5Y+rq~YS40<@?guH#@4mAj#&WbHQ|y<4gWilXNm32D`T@~Cu28QZD-#}TM~^5 zG_-dTdK&}{{>t?Ew3l70rZMQeo&3F<`W^T(67n~fXZaO=UgT>2u-(eIk;JNHesyJ# zA#$e-BS1FW*sbS+X7Fz`O02pLHA*TGZJuhKAXJS-sJndPY*u0=|Ro_%`^56u% z_gV)hpCRoS>W1UM=BHn00|RI8hK+v~rI(N4Uwrazi#K}EV7|lr-B6;2_s^BMw!yak z=ga6BhRe0ZtK~MS>48$BWt_qI)P(zdCsxPV4ubZVf2mYgn9S)n_B`1s8h_dPakt_^ zRZ7gQYu`-`xi(Pbsm`XxUe`yoYv+1jOm3>tnWn4MY0~ z`JX2@&FV09a7M$icD24({`M=H)pGpdcsRYh(U~37o;~<6J-7O0tE-MFKJgU!%4xKI2} zpl5vy{s(#r{o>S1YOyWu$anc)f^k2>rj#f!7ZP~gL zuyuFTRrUlGCBja1&bmvF&y>6 z0~Es@YKflPwn^(g!+Gy*$XIWiS5^E9Y|_$<>bg}}X7fGNEZBPbk6Oqwa9$Ct;aMJ#W={}yv*J#RjMkR*0wGmBa&u#Cj$}h|meyi|!qGL%i zY7-TG?@Au-yfyJ}TOpl=Nm1LJ@ge?Od;*-s%qTVP=xVm^27E%AdYYRn%HzFz7`vw< zB&Grf7+X8Xc_E>K6*!GJL71%0WCu%k&HEJ{NO*AaKCFG5st}V8>hSCq(dwYdt7b6L z32u#7Ad0qHcAQ@&>lmM{4AsG}v{&0GD$q$}CR}aZbU0!;$ho$6KE7@ikd$7!DfwK= zCv4Nh)gvvbV*hYeE>HHte1M1R+I#Qm_zZ12f)0j2%=Tm)kMlD6@Xqp=8hb219;}iP z9EGuJhZgOMnOQ3qG345Hx8zN#W#eX#E>mw7J8%_U^wMn%*Kig+Up97?Hwng6sQ5v( zj+5>3?Lm0Kp=-9^DY152&u7~la^J?*g@$l}!V$((!;#>QKq<+?I)5EbSqk~ieT}O1 z=g0i38%?4M>THJl53Du#*u$?T8GmuoSUUA$)oC(Oq*mp-629IV;*?N47O_{Rd0o}v z#k=2|juoON-rw`YX;P#DX0=~h)dt3Un5mT>JL5he@!H`Jnus$wuIkIx%cBvI=+-oxlKeFiA*nbbcg566Lm zvF{4SUrInkKv(oONH&$&nVT3Z^cVx8U7BZ445cC^Bx1hItl*sRm)(0JMq3lyv1Q(3 zKp0NC?BSwpwz&7Yg=6nR~}Y8x`G|8WPCrMImo(xURF#=m0)(3nW_iRed)Hppv$cp!I!q%r<s0M^0$WyxmmzY#w!~U_i{Sg72qEyo9Eq6xK`T>)RUf`{vVc z3BB;HahzLQKlC{d-N)c_628Ff(k-EX=K@}Id8*l2XWed)wb{lk&wyYqNeqCdPT zWo19=pFIn0FgB(PX!SEWA01|KEqfSp$ob&)fR@(CrC=u#zJ-wbYITx7D_YWzEAu`~ z>n5rlj8flK_qbx8x6i{pQQI5wpl49aQhIZ(cw$g%d%58o%K03pXXzD&0@;cvsaEN< z(m{^I6s|@vKlK_*LOzbm!L8A5314QWASv^G*9qSw&*rV#4D#9&wZw~r3N^#@rPE7; z4-6zY8_vdiy-YSD%$h{?Y%Wa&o7DuVC0>xYR7aIkV>Z8XJl>9e(8plDOt9g3B~MfK z(B@z$!|{Zouy#0$#p=exK^^z%l7U81f^&mQqc;PbhbGP*aD2{ZzU_K7BD_|jq(-jV zU+Su&(zTo{z60iZx1|lvoCfMQ(Ytkn6PDq%;*J5WPKP>n8*O>M6Uw}r{Y~a|ghvV* z$1(%AqYF36)za#md^h};b#~cL+056BM$TC=UI@BxzYNOio%O`bdyLa%iYqbVaxQbQ zDma`nnIhMrU!&YO56LC@1`!=iR3iNmovHo&;ML z$0#%R-;FRkk&NUtp-8VC^dDLlS^11ruHOkn-`*p@G>}&~~wl65k6|L{jHF%oW zm6;Ev(#kD;K~T9iRHLnRAU?~hTl-hAUj z+IV66=s?}3e$uac`QKXnQV19Spfx6a{oyzndMSFYYKxJ4!4mu9p9dcI1VX|5g->yG zz+q{)DQ^)+o?XRiElh=XO!w2Y+jWy;(`8E{Ny&AMk-^@+XVNb3yK7TqkEWv0&(!f2 zos;@wH~w(uEpd>^4khv}^06;Gxx`&{di=`c^EV2NR@*1b!XziPbe|$FMH}gqz1>$@ z^T#aSSKm8n-}w2&&iUCp_sZ)k+M2s5~g{xLxPPH64*;j`>0=apjfer(jeC zX`VPiG%wcNwQdzs9x2*(PoncPj}kBRXN#}8ttO9_UpjM3+RaeYcJP*V7N!xQcAw@L zV%dleA1-y2C=tI~DN23wlIP{D`tzVfa+4931TOs1Y(+o+RLE(n#ax%B?B}4ApICBM zCF9#6H{a}}XdyMGQ8^Cj`Ch%+%c32+nPjh}CN&|(X)7-ELFhrh=w1pfWq(lX^4`Sw zi%Y_CIxD=muRdKGQPEyrJFOD8s{MpbJFz>q&vlRSo=w4J?ZmX+&ziHvYi_%!!r7Gv zsp|`;yzfn~j9RzXl1CpyBrTJQ#U5gVD!0U0c9%lNS94y52Kqe6(!u2qXECtEWTX+q zwAL4AQXk(y*GKDY*vBVx^`w`5E4W5yxg93HCeU7@JF+pLdvERdpe8YzltF{~q%ruo z=w)^5A&CM_1PL+0Ac47y?pLDTZc|0-lbzu;?h;3tvCD!kI2`)|KeyLSh)c6$!#2}F-fi?hFty|61)^*)$P|e$b)NaJN%Q}7wEY3M>dXb9`ufm;a}TJxHsGa zuW%ms^}9NIs0K9Zj@G?xp^QQ0!NdUo}s990QM*STz|ic9Xyker5b8XG=z z_9h{|f7_|_io9viY~d<)V-JzlMV+!TIKA>WnOr;=h#!HUzNFcbtcbI!QH2v0=uE%XP;5bFrk>&O z&r6ZRyzfodxY4rBW#NTS>X1$^@>Wp!Cx@%Lid<$En3~Gm0}AGw&MVU)5-OZp)LBVbUhFe7VlwJI-(AREWK^I9tXU#9}@q zG?H>|%~N z;&yWMLr;8 zjU;vJ-apkU9GF(#qz?%uqbfIP(Q=G`DdHl3X*o9!-gP62Ne<uZ3@fwSz$ zcf!Lh2{dk7@frr9vy39*jm!>KXo_?LJLVWaP7ZDtVArE`!q;!*+VMxJiucV`Sbf0 zCy!x9{QKweja%km?D)^05cF>!3XswFk00#Im@&u$|Hsc;A==4@|9;_p48SD+>vec| zcW=ND``7Dynm@d%QTo^Go<6<>XG~_$5Je%LfG>sr_ zN~%v+T}rrr;A%%z?)IxV9ZY#c9)8a-8pwTNuE!;=%LB)1a6L#5ytDc_QbdD1`$}&) zG*-q~w9>uNb0fx#`Mo09Df(g7^D*)3TYNKyRB_)W$<2Q zJ3SKi@L_jjCdaMHC?<+zNZX#q!@QF(8`}YWF*6M~^0K)wwW zZEoX!(Xj55Q+3|$Lx4_8OGZG2SUfn3v+h??ecwQEvYX>NJ2G*`0mMH*8E!z^K0uR` z%!2+sp;i(#=-7cSc(khre*>WM4|WcLZsy(32&c@s5Ft3UztIo{u7%1^BV!W2p61$U z88Up4`v&1ceFQEbm5g($!a)PO2}=3y;o(*_+pz}ZJA>y>E9h8%B7oNMeH50EynM-< z^@D%)0?0ePc?t%>hK6(?QKu*>Dmnpq01XMw_B8o>i0mbY z!JJD{O>GQ@?KP&-55URp9UQz|18Qw90EE~teDg-*nhs#S0}g&AV>ZMfzd+MQU&kV| zOHknkUwp$mr2vtW`0WB}4yR58CGK$R?8WbLxt|&hFb^`?CL1z1)FS;2hS`mgI6d$%-(5}`0fQ%tj zWl>QW;6KUsb)jc-({-S)4=+%3nlfge4ai+gr~_?v`&j~klMNApvjd$o7;e4ene2{DTFulhy&QUSP1N3#HZLm2>;~SnuAu#<#l-z5raN zA!2>BEEI$d;6OZOt~f#V?;)_*xU%jA^sg=9toYE-I@krS)PT}SK$CnDXfRYaeL=Ha z4;&kq9GBp_Kh|k6l`q^!`|K=m;v(oKM1fM%*QWuBlZuif(|Z0sPu0-G-f;mS*npD)MD+4})GZg0zdLmF4YhdZ&&|JKO0MS4xZx3T~Pl*E_Hi%0P0Vx5D zF-rq8vv~%M!>eE|2^dM!^2KCyiRJgXaD*&{z4$H|w4i~REj&ZSf3jXwg9bPfph?iW zbNtRs>2|H=jhq30!zieuTP|mndkJplwm4)D507d%=0Lp04 zJyU0x659yOpma0Of3LMWZTDtH4`3mAU&Dq2z)!x78Vs&jX&`3(iU;}y`pBUKQ`yI( zBL`Ue6P?2uRZBlXvINu?ey(Evnr6S2T40R2!Uf zNqbl(pe^BSE28?-=g;r}kthxrG)M;n@H{SiJ{bjd{k!49MIYxuz(;_C_%k^%=Z#4Y*+fT~yO>K)M1G>yL*3mh&O^TQ(}$fkV& z`>E`R#cv65@o(kj$^`$uB|W%vLIj22oPj!MVBTtF$k9}~9j^NbQesG05qJkVs{Z4L z8y)-ki@++~w{Ow91_x7#!gc)K82x9&#BZD5N*DT1h~DhmBunt`U;8u*{hx}v|G%Mr z2>$6)O=QqdTk*)<{d+qto^0CjJ$UdS_5RaKpT1v%REH3d3?Zt-Oh`^f9Cn)`Vqs4K z5(YZbA#y+DdG&bR^6ne(^>KFQ4-5=EerU@@0^Wgskie1btuHo#m5xC^6YSVTu*Biq zFvC|;0&x+zm>_P1iq$UsuuWlX#o<#+Y69N{ym;d?Gc(bdHJ(1*GlQKEP+hCrM}Qlo zV`dh-e{7Y2x*-H$A+XZ0<0C_Z%>rRdz>~p}o4J8JT#Jvo0F#NL4%eLm6IUrI(oYun z`1lBPJzRHn|Nin!=u2v#>62 zd@TI{4)33O=_`vgzI8E%WoD9IZL)_@syBM%;MtciDb?)iu^b{QB z-%3jnOex&qp+dt@Q4UDGxC>F-An%)l=l6HkMZx={J!WO4qo>z~I1QdVtSk+1Kar{u z@QT2Q7hVle;aV1K5Gvj|Z=ks6%}Z0wmu>0YFOTFY}J&oZel;eEw1B9yYM)WrSG;F#d2-ZnZe}HSk12XfqG_&sBeDGx; zJAMM;l|HB}!T0Ztl2Qv;*dn(bC`jx5f>A((b6I`}9Wo_3+1Yx~qWv`SHF7=c6+6Y% z{9%i`4tF_CN#HtRQHN%4C3t1HZrW>!YC7)%pJqH+4UJ%v5o{v1%O3!c2{Xf`S`YISL=;SDxD^oaeosjF0JmbN{1*#0n9%^OY||n%G!){3O~xBvn_b(H|U}OVta{3j%Me7Y-rgX@ z3vrvZsn|Spvg3<8sD@MkV%A)2f}n8$LM03z3(-MO&l`9t3~M@>WX&k*u&^*dO1+Vn z_o|y($UDj2mi$LV4QEJ5n6~`-wPI-x85T{LqcD?X0Ko`sZ#0L>?Dd5OpM8CbJ+^?( zc}h6Cx~Rp2oK{6;L|CIqEU{bt_=(zl95`E>zO=sNAqc_XM7?;zSFXn{| zKtKX`-y1mIzM_f8JHZa=1=*`W6h+KAKwJrnFyb0cf+Lo5{9EO#n(zt?)K@YxA~5zK zmNe?Jc+U1y>FLa6zo+-vI5--aBVmdFTTzTJ_)fhjr%HGOoQQm%-nX){VgdLkv=_dw z7~AwuhRtpRxPw|z)Nq!URZs{8LaK~RuRx-81=EMU4qQ?kZ**i6y;kGp<#pim0TweY zCHb7Tqn~V2x0zI*Lm~wpCECHM3lw(Tb(H`e7X}M@e~t$E#02<60^O_pz{Ld!xe)kt z@b9Yvb?C$3Wv}dzt5fEYV6+8|QAmFkFK;wVLkI_7SX;Bh2BQlLF|4H8cP^Qh5RVkY zIZpRv;{N@up|s4*AC;9c;7x=qL9i~vi5^x&kT%1}LwvK$xxi~3E`}81Yd9GF;WTwb z%ot!vlF-t+hm3w82m&{PtgSbc>Hd8zWGcf9L3`MSEGLj&Dr{Ol0t;&h7Qx_xf}K4K zPIAEDf>cCYoHRJdkp<5u&sGlgV*O1;!d##IA0apJ7y{ zN=Xoy%^h6t;6E0_TDo@Es}`hP2Jhb0&sqTN+p}$U$=cPC7YA&Y>sU7I_+;hfA^yd= z;P!#2kmM$kmkY{;eF<6VU@c>l0=u$1JXQuyWdqApH!jyR`;?RUZaGvTHa~E3h6f5} zBUB_fNLnK*I@-~>Gh57aKQ6Frxxxt5>cv9Xp|r?tyNfA|0Yc>H@ju5(UT=hXN6`Mk&L^;|FeF?nWYlvQO^4FI=L=2RgF+PdFi`TN|y zO>3`V){}^aSixcxrhFE;qISchMm8Ijh{N|9YsY4ZM;GzHa3d3qH_kf5TqPLf>joWD z?iTx0|87{O-Esb|^L)EV;FRkN+~Um{`chnOb>qJdyScf|xz{@y{LsQ~s%-^4M=l{n z_YoDX#&Jwk9KB@U_`L^eRuT6pTN?U}KBb)xPzElz$=zri)t|qSKda<6AtfUtb8$fL zSHtl4e&$_nD~cxvxW`YJyT#Pu_+Mr#6O}(?V{-;W?nAL=j~qR!gy3J#!Wa@fwzp#Q z5x|$-wDHfM8Ne}DC z7+*BMz`T*S0`UrFB&@p1qcQdv=0%MLFGk0{^rL525#NZr*b9= zN}q1|4~H`QH;rUhsAp6W|M=H8}%*)F&5JpWx?raRo*@dX%l1>p6 zjHC1KvG#F7MAa z_(T9snr3GFj~_pdd-}Alr9~atrgE&Ou-_3pE(0hNU+Dru!jGOhrH(Sj{kSjxJ4UA6 zGY*v!fQc_P50Z&fKxrprhZhv@3GncE6efn?2$qrpSf%9VCfjM7)!dHLXlj1JQ@?z& zftB*>WgVjW}L_3 z4&>N<6QK^r3=IplW&){DcMBjp+4FMG$!0_DY7fHDIo1b+p7?ejm`D|(U3{@I-G4{$@ubi}gj+$|Cb1jd60zp|0 zkB3x0tYR+iutyvvftBp5_ptguj{frMOu)t@jILmz zy<@27VTS)-D4C}(6uU=q5q(OIIAZ*xxPSkCi)|@ANzcdHA*s)Z&RrHJZm|~0;=56+ zAUxzJ0e@?1E?I=5v$%o^iXs_VGzJ%cY!R&J(0OuZ0dO4Yxj>M>X06#o(kUq5ZJ21jC7;T-FmiF54kd~GJ z8(r3l{+qVq75-4WYHkEH6Q;hPrxQ$fkOHzjAj|f@I#xc!-ya?Sg)r1Nw{h}#f~pWhO72uYNT##mU##>iUfD`> zG-c#hzd9?9w(Ru}2a}U0=El|dyz71pXuINHOA8d|>_B-WP>oS`?Q4Hu5uVNGWfR`tCFP_C*SM>)vgUXB5c1aE1xdBNMbgMy+yD|1>oF+w#0i#%hiUIs)LZG}XK1Z6 z2CZGIbM9VM+Fa6Un|TJMx2<$b(of)%l^$7)niXpObr%IF>#z3h9e;39`mjF7k4s}D z`v?GUqk-E_3|c3Vnz!%X^~6gnY){HaWo@jfODVKn<8+iI!+7oZHoevthJ2@`vO1(jI zjf&ECUxDSk#VexMsi~FyiZjZ(Rn$eLwKhXwL+LG_!2=~1wwUJRvpv+Lol23_6QQbX zirQK8*{Aihcl~Fd`%+x?wfAUU>rA66(|BZ7Xq8-?UB(l!=vcyGKkoXe_oL0--;d(s ztQ<&RjznP--HkXdJq7}L97xblX2JMQ&*=)ouMRS(-2)V6&^NuoMdPm$8^|stWT1lS z1?Z`sJmCjwfpq_C!WDob9zVWXR#xVD2bW~|J@jm5mC==m30hMG7FWZ=!=td8d4Bis z+X9YTNxa`Hi$t74=7KNQ`3K8zt3)Y07+x&K+gOqGhk8El8D&4+sNvpCxgWa zs|aGikd$;$#!+OjkrwvQqi>x(lUHThoq=Fny9QuK|+PnN}2UOB_~QuAtS;ZXggah9_K7WXTz zua*3u2xxl z$YSPQ>%Vi&isVPjXfw*ayQ!pi%^r3wGuZnp(55yt@@k!fk#>@gvzMyNtib&CYFlYh zck-A;kN(_rhVh9FBVX^p#tkw1x9(o8F7PpSz|ts}ImQ0qFSiHsAv1E&K-`!&xU(?g zr@$vHY}1H2%{%>SlRU?F0Gn|-Y;yrA-h?aEFHGrmh37)kKKM z&t$E;L!C%{UW+H|X3-tCLrGtMzCQZu*HK{=?*3}y{US=7YzU@&u03#xo3|yH)Bmx- z=B8Dbn-&LccQ|D1Gg-?QcSVYmSCljFIa_qo;(_-i?>82-o7%YMg%zAiXxKO}{ri4; zyRvBOjvc9PdYzY7aCKljjOln^{k$jh^2l#Gn8!;L8S<%N$1SDVk==YZGS zVwLet2>K8TfK2piuK7bT7uG))I=<$`iuzJfZB~P%dnn7QvpZ7dh9lovmH(nInZL@t zmdkN(=EwZj28;MNM<%xwvo3UPougo&%Uq*sB9kGoQcU!2SEKFV``(Bf-aju6U~-5P{)71Ne) zA>|$YunVR!fyn_-jQI2WyUwhlAS0J-@b@uwd#(LQ=jz%A5ok?XqU?H<`-e1EuUs7K_1P$8deNPae#1U>mb45nyYlp0&&JxK}O;t@7N;^xO!kYB^!!_yZF6ZxP;vQ-q zZ0~UId;S!t^aib@QK*~jkX(8zEbJ{F^LtX~o;^#^0q)QoR{d7WDzMRfTeftLO#>S5 zl`5R32V^9(icm-wK8SKyx0t)L_NOH=O6ZR^RzBGtI9Y~eX4v7_mFtnr>u=I@~& zzE`Cy$1H9P-usyE@snEJY?>WS7n|Cu85~XgWKzELugMzfq-&MAP~MRPr^Wa$Rq+LN`i|DaOthTlmtSzG=>lH5Lnw=i&($70-Bo+p9dvKy9j?+er1xxGDKG zk-ML5*b8tY_nYy=>^u-cAlA@#07TnTkWf$%4T8tI8S(aH)TSL~HrnHAA(QAUId+h5 zQ_f-Tw6cmlnpbXI;cKy(xwy|*ser${=kCru-jxD5->V$i#{1V;CQm<`$&;}3FK}I> zQhzjX;v&b+W>Lw4LoN%8(OFgxjF}sbHGci_^T=Gf+UUuw!Z|*(qjwAV$nW2r{*WfQKmq1j!uCHxMRrE20JfnbUK9N8$q@`1s&I z)bI|mhV7Pl{B*P(dZ`?>aH{zy=l4r z(e923(KI1tbCXX+4d*07pRD@hCVrRE3;FIMJCZ=(q*loU0BOWH$ouGnK+u+CSdl3y zNS;UUPX!$pZqihvVsGnaEsTP|G)$rnBHR#m+Qf$COIqm_)#4h7**zPfSyK|>`(?#uj)G>UQp$LS37PxL8_#^`MY4pYGKn&FDPJ`+iUHK3RrevhB zL($J*b6>HQjc*h-@0uxTWv%l_E1#FbpC@?F9+nRd^zoG*QS zklTCun}FTie6zB1pKlQPiX9Iqt3bC9DPW6ZqyG8!0?wG~a!3^xmnB1vNK|2DV$oVU z8ekIUpx0V6409Z|k^g@}$D_s4))Q-3+xNZhEIU|LW>>jrTrg!-BC+F-y=1rA z1?4c(b%nJ!=jPvk+i*E3fJ3Ci9RX-gv$NRxCV1ayb^%2v3$DIYR;I$`KC&0c=#PPc zxaZHe6_5Zk=EX@Z&!5a#z=7?<<-?Ql``?ewns!|n{U+>nA4n4OHDw*>naI+m0Giqf zc;H%+DPIIX54^-4|?TR~X59{e2Qq^PURKzI` z?uKXzFq>xBYtfA-l$H>`IR95N^HYG^dY9vva^xzS_nr{1IbIY2zzbg)6;q-gq0mXT z-TXB2!YYzh8}h9(#>>5Dr&EtsN#4&%<(s>l3Nwaw^4PRoS#N!;i}{CNO}Mt*iaFb9 z;o>`rpCWw64uyPm?`+Pw7As$U0I%F0|xA9dJNhy&Iy7O%OG3&wp11Pz zQKeklz2ZXLNgLiq0wTPEwt!HxiG>RnG1&$*Z#RY~`d4RTj>yMBT_Lo-%^A7+b&gI> zYiX%5H?+KW%&|W~N-jn{}p4JZ89Csd4jDgs+~!9E^cGg+s&&y zX0#%`78xc26^wFk`SZnffbM=#2J46lE&iFAap45;iTI(t=UK{34$0>~Hf@x3b% zZyd}>JVPW!=bPKiPl|7R^TPoxWtY|~$EZdCY(n?2paJuVM481*NbTeue3n%A{Xj3H z^dy&vK83Wm=i0Uc=JMb(F0USpBpoCYM7*`H7qW9+_Fu>bl-raM)I5lRvr34nN=(o&C1CSEV9ud+v^GiL?wSbUXllxf4e$hH8F~X+GiNELM-Hwq3vSwdN;DBO@~6ynI}Li3Ky~t_K99G!JIA4%zz2 zf!7C9$w)`D8=}dQq-y~IyxX^5M{x&60P)kS?qQze*Kt6LN$Iu|`Al6mS0wA4Q?b-L zv}$GkMcLw`8mk3rPf@x_cIh}t^$ho{eU(YoxKbzaeu!gnkdJ%&HpRZNxd9KZ^ucv2 z-t4t|CM9f=5tOI4Z(FBe?FYigAe0Dq98uWj;Yz{~;T@+6Flwe?x`&+rAtr1pe}2X4 zUdtN)TfV{Sc1D|BA`Q3$EUapE(yj{Y;gq4ON18S9;nw-hGzqeNki5Zav2_Petso#xwR=MPCC#Ac@p3j~Hdj8_dxa;M zp5_X;T)Z6|V|2rdDZG`zf;)EZe3>cF#AKmw;5I1HVlAb$XM7#@$y3O^JAX)kDSmrt z8CBSBdwwF?1g+48Q9EQpAPNe?$6zCFz~Ez0Vw9WU362~S zU6r$q=ks}mtSdD)^;T~GEO_AqwNsDDNeTLj#hoJN4tv;pw|E^j`qT?lRk>UG5mOaU z2A) zk~sinMlpY`Hkad+p6U7Le=MmrP=LQ7E`yZ z3jPg4bF8>+%VNO~!K)cqNiwP$vm7r>sr37aSv;?PLik{NRAB> zmrY0vH5;$jj-jdUlyllsytUEJwK8h9Ans!ExCTo=!_q=r@#azbn~Kk3RQ4mx)GsCM zujsBBe8f$WnvS_7uy?-t;WS#rCAl>$WyZ*cg9NicyWx zTiR}YrtFIwo>aP?LjII3^TM0b@L$n299R}$qZ3Y)u0D6-4{OYa&rylEbN4RScuLO< zo(+>lJjc^$)$fZM^YWih9aa2(r#WKFXF(nXgSV5M3tqvc=RTQY<)615t#w}mTIb!5tW9A}jTeevGv47Qa z6=mhP<;S4ez>hB{sG3^WALCzKqjyiskD!A@?(2}o}*O6p+iP+ z0>uYKiX3l6C~Z!}-}&%CeP(iaO%ZhFCsEKoJp2p?iOiu~>4C-%rT)|VD>Dk$j*TlY z3cjz?;H&lCu-mJwVVYh^G>SIe*>rJm-CWYVu#eIza13gzW3k`x<0a9!lkt<#2AD3) zO+zV)QQVpoWbhl7@&*M@IqdSU6U{c@5kqmylClTb4jX>KZDPO}L%%4{>VQ2h0R?&= zgwwYCix|Oo#KvQ1bmg^qXDwsCNZr&8tBl;nLf95RKVnylyDAocFu6zW`kRCUBJ3y- z9D6iY1(MGc=R=f~YCA|}o!RbLf&U%CR5oeE_7b8LnV7!@KHmZsO;>7!OONd+i)+B&q>GY*mp2W+KjX|6DpL-==IlKqKA!}irQSDN4gb&`F^+oK{uN0r-Z zVB?XJlA<$6e`qdCHYenyy0^f1>>R!*$3k#h_RR^y0_9(#?rRjvT{Fe4#$oP_F!+9@ zd}`>$v`&JgxBg6RXP%y&OIr==r9Zb1BOZ+SEvTo%q2n8a$hH>BB_bqVK-rRdrhJxgU1#3k_RkjAs5{-#l!9C`GCNnL9-PC= zy3gh@L@v$IhSp!2BUpDOWvPgW2J_Rplkp#hCz)xfdETSyysY@3Z3Z3d#$Q~moUON6 z?r}wwS-Y=|Q}BLsj;bibOLifX`*m-UOiyEvPPFr(x)as>78Hm>X)vgxR-UQs<@6s=pdfl3yBj}o9W`he41tBP*~ODlZGC+ab_Hb z+oH$=03mX9ay=`nX=bxsZlRVpkyYsG9<;Nwdu`%{zhYJy1T7%lA44g{lmw|AS%^9V zgUR&w4?OdzbW7J>XPRdx)l+@rJWD9QwPn(MPSJGVZ?6isZvFG%R@#cvMjg)msh$WM zX;@mazunbK{(K%t$hUugAT0e<=V1f7Qrh9MX?MtEL?FB)1KU(UzN4Wj?HcvTTm}i( zyXtDlZa0RM??Z&+z0O?) zY}orV0!@P)k>;nji~RY?C^5@8)XWL!6HGTxp_381*H1o?wg-b>Y;nk}M7OlCnTx@P zuEbQ6l@b<$UnqZFrj%D#B!*S{4viJ7z2X2H$@5(`u5-Vq#`bF zaFwV$R@8|@{&@P^`#TCchKHEO`!`cpv2nCzB;F55>M(8P<9Vs}z-UjE@Ll6y)A|~@ zLyuB)3SC1E?@#fLmDjp8>G~<-7zgUchi!TOpCy0t&_DJ`RTHbIs)D{Y0w@TIMr{l@ zeQzpx&rBaO$^x3o=Z!VllN>s+Cz^8d4ie#5!$ZXcY zKfR{?4viW*ZHU~iv2A9dr6wj4)E*SK@7*Jv( zwoWamC+rd0w65-&Q5t*so5?P>S$1iB2zzm|(E2SN9GM z&z7}n%cpL4Rb(}cyR+(qTS`Lo!hCz`?H#rbvf7t_^W32^p=0cAG+})$MK7_)R4@ zWnEa+(0S5l;E2!KTPZOTw~GXX$ua~aR9$po;H*nV8V&V2oUtP!U$nr!1wr?^*N!j-8_l^r^6}&U~_+=Xdx|;_& zX`ftnYYqgtjvc}uC(-T^y?&~l&C8Of->+O4KdAI=g=1yN z<&2u%kG;Q_#Y|I~m#>9A*S+4e!Yw{tqsjdF0^*N-)x@ARl|5IwI=J;z_&7P`F65=E zWGB-_FL=Dl-pbw8TDVn&$0~5qu-Zhpb+w|%cAD9%rt8-c0=?V3X5iR4G~cjCJoLXx zO#xp|738!I%SlBN{+1XUx7<7BUGdEX^*V9BL6(l*9igsdSO?bKEwH{s)&9LXQy5Y> z^!LQN2y}Ss_U$F-(r@0se*j0^GEBkZ#gf{xZdJWryQq1($zqHJ+faDMlQ)L@M_$g- zE`RU1&p%D{$&sKlm4aF4%qk~-Xqz_`=t><833N`(#Y%^qt-j8$$=8<+PuL~^` zvsFH_LKb7egDp&)kZ|f&c8JCGb<~uReS^-@GAy0Af%VOsc6)hx%WLhkK zfizxlp-`V=(Laca8MG=fp4~RcfBW|Bv&@2+eV?*v<5!sAFhegA{eRWPu>6>WINRE52G%JthF{0X17L$%+H3zosgPigZIP$mK*V9c)W z>jSF$_Zzd(6dN6OCOCWADpmuR%_PGUA%Ya-B)Wv-zb@5W3)3$T{G%qJfE;zi<=omd z6ePrftgNa^gxb(d;q<3SnE%d;e9&^t&+1FC0dH3RE0U8Gv2#b-rOqoxW;eIn6?n_I42hJgdd7ts*8#!$MEhoy~<_UdkmK&aM4~Blo0c z2Vp{iubCqgw9^A+BZ$=t#miaAtZ^Jkkb%(?%@DrFS7N9h^yB_HU|;=%fe|n7L?>n{ zpGJR01`9h3G=)OaI0|nxeP(kI^yg4Ixu1u|8kbtwlMSNnXP`1ggNqsW$dAD?T6OQv z?b{%4{6j*LQVUGq^~hYVxpPePr9|b)*-S3V?2sQSj7;9Mg(ca8oPlDAFFxCKw(9(B zE2Y~=iqf~DHP3v;PMSw8FTyx#OO5VAEL{J=WmGgG!1N=l!tZQ^?#d)Zym{qGK^7w6 zL05WT-a`i0h@?|)6l83pc#nP8;Yd@9|MYO*3c@9ccrCaCc5rU@kb=Iw6JwHJj33wD zx~{}5)i~VjrCcVS4(E;ON*>CyKJTV5`-lsS>p4J#WJ#GbJ#r+Pn^HK z=p>`!7j7XZSa0wp$t7c!$7rgP>bIU20HN4bQ1$aj>Trewy9oz$#U;KF7{nE}N5jyocy3D#@ z!LiwS==J@fd^@m-5#F%IlZG(DTxpBXjg6@NTB{NhZ(2h|t(CZe!dP^lPU@ofWV@{H zoW#uYUJp6T_})az1^Z~XZB-gcMXrS_9{fz`42yUr64Ym=V1w0>QPp;8JwoQE$?E6~ zeh&>v7Cs9tH6?M_V%#zRVw7{MBP;O{pqCIl`HJrmGck59O&POkqfqJcX1W_RZ zYQU((taerPXC&A^qEGrY)EWVs8kFVlVSQ7CVH~w^;lg+lq5dIICj~#MJslhp_>--t zCfi`}rehPi1hYoL!i*)9?A4IYJ2s}@S#z(o3YDiSIspo9uQ^ehydz>s-LS@x|Cd!> za^0%Yk4U%qp&5h}q&D4B z8<+wFZsedHZy>emA@pbRF~WKJfBbQ^)%s~x7F%v>aPuI8R!k^JIE*XDEf;B5wxP2T zBOS@SFNm9ga+6VA6=awesR*3~mB({9V%s%3t(s@-``C)%J8l0V59$S~R= zvrKhSZ^Ua(8zli$XclIbyFN@oHy6V8IS(pwa&p0`L4mHU6N~D6ZToJVoxn`Yh$j%> z=wts~5tY#ToKwCzo711ji{1qnga173 zDU4qGGm)wR{6s1kAL6{nW9)y4+DG>uq>dM=cJ~@(HU^pWdAO}JJAMrr z2TH&>3T(UGxJ-yAoI}Qewy?cAwOYOcJ=jK}!oC;rYC|8d{1Gp{>gi6{;=W>j*F&ft zVbO3JXxfWzYuWeO$E$HCK$(u#WaEN6@i0LUUEZ~96UttQxqUID5S=vfB^e~KUP|Zo zP)6&mgUbSMqWhfyi?yNfUs`||G)BZ$40scx;+H*3E#PH!Tgw#M)&Bm@j@{#*j$z)# zIhTt8u46sRlEH+igm7u#PsN=psFx9l5NZmXZg1cqgnX*VB*n+@Rz$=hI2G-CKEOGF z&}#TczO89!JS8~6pyT_2r+a|nQtW^pB^nZ?z54D<&yN{(DJ1{OUv^4>F)+B?ZbHPp zKl-m%@hNU)FOscEV`=-!6&zuwg?Km`uc$ByOBQ&gd%!@+dI1Gy6EjoKPnyOK;?0nP zqY;;(x`Tr_W_g%kvMLEL`PEk+a7$C>8lH3no`P~-&)ZPB6>GTo*ywy!r3>LrcIf+b z4c`7cs5)<;;vdy{k>-g%i+<7F<@j7@@I^fO?4EE-^feCw@jzmK8=yWTJ3G6l+=g>p zeu;kp2J1(4bZ{mBXqcLEfmBr4^aU(%SP|-V390fD;4yR|jCnmbJ!U7(fo9mhaP035 z$8KL^p9&b`iK>zx(7G%yBQ4p-CMM@psJOBZJ9vys+y>_)vZ$5GO7j^>D#XcTD*F3Gv!~z6eloZT{KR z5fyO8xB!!-a6#1#>5p61k0%j0l8;0srOY)t;o=e3z!8FtMglI*psECXexF1>;MVe8 zocxvC*O$W@nFZzU28na)z)hRLq(MR}6vC+QHEffS2?sQQB#bxcT`4f1khEq=g$v=B z6CXv`5u`t3x_wD(-x{DDo#pq}REsi51Q>rAbb{mRW#eC92v@qiU+Kq=QYI%Zzg>21hqHkGI|s{G;Xx`xN>CkoelB~=vI6cs42 zw?|jzH1X7KDyTNt+&5rMZKB1;HdxlM$fC3uo>T-e)I^}kL-b}EEGv?h`pJ5}mA%*( z%6t)6RmXRHj)bV~@jZk0P`?pFa`-R4VD&j6gtf!f93nfE#Tz-WCp_+$R#20shQ>FT z`-ra##rXdH%aJvqmsRQnLxbehyw1xLgiZv%;rjKOK*=nF@QqDYs;Je-d>G=$0fe_& z%7>xakVb;{Tj9UC4ws>^Qdmggrhzr{NRNXITqf{0jF=C9$xijb?=zO+4>RR zM4_RglF=E()Hi98=+#SDUw(an?{+Sb`%v()>e9ULvx{k&Ug;d|PnH9+6F*fGl5Mw) zZpO6IsW2kNdd^Q}cl_TUNW>d&*U0Fukaq#%$8QO43=0cmTj(l8JP7UzZOhYR zBpb^oe9z$!`I)VdU6QKaY48i@I7zdIi7UAN++)mbCYL;kY*DP_l}1f~%G)$u_kfm` zc}LM@otN~hNlDi`#>B}Pgv*3j8dCJGal+?S`+Ib2Gjn;e)m&gw$7Bz zyP=Xr&p`(Y6Q%|RtqMv;R#sJva3${K{5F4!lfQ3foZU;nPAk(H*iM%2``X&iCR&#l z?`ziR)>Wl(x9l~Vj#CZDo>Fv-GAHPs){zCKNeXy;uojf2s(Xm5f-G$WXZ(b;oXmV4`B@>cgRKy)9K_798<&D^&c@Hk z>zD5IVRk`6IbbhDfh@;FGdVJW7KYJ>hy6)r5xaHPWe6^gI~%ZzxQrN)DIZ8rU`%PZ zVI!(}U{{>a?l)uF?2tR~eNa??!bFEt58D5owkin;$Jd4(8@hEMN=~AmT z)eq?x$$c0gcb#>%oK8MWl)J>K6 zfXU5+*c_^#oOOU(P4&XjPHv7QgM7>}(4MLox}$AyO^14~?$c7!S(_ikkwk+W(9-(Fwmz`LC|APkKOO)mAU?ym75RP8p?1 zRm8GOq&@o5k()_P{%Wxs^bATpCk}ht37Dn@yzv|woND~==Y!xk+l_=GuV3qU{T3&G zf;3AUSGe!EVb4Wzbe`V=gbO-=xNCPm-rt9N8|R~p8GYKK!NX~h+*VC>^$$lXOiWBJ z#R`AzcFKjtr(7hErtx1KO_zg@|9>JHHLpyUY=4q^F0+V}FolDhG}jK_59eTXm8)vc1jx zg4_9VhdFk`T8~HejjsJIUKg8(KlF_&hOtMlMI^`c)h#b8*uD z1wgV-n z@#7Q(I{?Pz0;22&O;-pPfIBQ@A{@dzpH`ath!Y zQ`+jaZ`OzMo6^uHEMDxKmG8TMUq{yAxDkPb4#%oUYhgw!4n36w>SjhVd=@LuyL#+}cYY zOf8m`{sY|q!opfi>j)~e41Eh>Ia;0D$;tg!7mRG4n?@pRcIW@M&H9=eH0z}bdS3*N z%1>DYI!W{|YuX-gws1~fkn?;^aqEl3y3pR%hO~NnFpu}WBMcvWy{T#`dDP2qHeS0} zJ3$ynS}4DfHZ6hFg1rDMI8F5e^B}T0#GhFr2_~?#(_gxw(-vG4++q$gmUpJ-Jt;3M zD&MdB!N*A3F*)0xkOaDN@9_BB<*Ersgc7u?`MPDEKM^?`bl-7JTYmHj=b*Gpku3C| zvNJb5u1JpA9eCJejd$?G@fbVi`W*ri?_2?2q&c3rs)!HKJ#`O3Hx=Jj*>H0`KXvL< zAfSrD1^JaX!@|^n!@$hMbS#ei_3u69{=Bk&)TZqrXHqgtJqO*DuDzpZQliPoSM1)wcL?g&yvu0Cy4J9KEac*c`1pfcFwEl1$3>V(gd z8iMgpn40d#2W;ah_et5aVz!u*0* zRF??h$iR89F;Sm584>*fmodfvx??|gobWU`OGG?Up~wk__ym%^fUb%HGe1s~G>6BJ znV6YNNz@lwTM`>WW>~?+Daf)K6%`c`INZLy4xr!_i*N{bUV$6nPDqju7Mf3vti7k0 zyOkqq)->|M3B+*>ot%piYPh;C)Kp+y$*D;>y6BUspJ%rxurH`Qa|kh6@^#JK9$s-( zG0yehjj?~-kJHd9xa1q0NHVB|PyQ`*O~5ILt_iVa0T9E%*Gzh2M7s?j&1&;LU(y>B zQ6^@=15#CwmfHY!P0C3So>4)=g1jT+*ZkG`Utzo#k^Et_5b3l;0&P!%l|xHZI_Pu^ z|8(SUqKG;ZsKkgU0xA&-j8mY0ktB3v-q$4BS@z*GhU3i~VRwhQ)9gKGR@HM?*6+tx z6iW8k9Xy}OEZ3ck}OaaeCzv+I;{CEs$RV=^>^%z#!jSvc(X0^%OI~ za8`obgl$j&Rzj4^H^Re7q!(Anic*ocAY<^||K5?_BiqpP7ZdtT3kUL6WnA;yWSEOk zo2c#-ql>ND9ae!OPtmQjN(f3P_tct7zsC$G5#47t=zI3T!4#%Ymd#mCLZ>F(E32RCdk^{;P*1w8V}lND zi379HF?fBR-8IzrXvxXA4UV8Q(T-e+l6BsNbRhWcJPWz~N}22;{{$FeGHlrX4}kIP zaSuqLfGg6>AF+CC#~?@@(#YZe4-M5Pw#5`Bw+zNrGnRvyGw(&m6vCd zs_5F8k`70w|_1n!UD3-_Wv(nv|FRp%g1 zx3XZ)3W%JDa00gJ&R3|vej*lZ7h(eOONW${lr(rhp8Ez#{~3T1M7oGPHJ14LnJeS< zZ!)d9iob;z%}&`!OBGUcSG|eZv#jn}&2r{Ymg1(_4HNp76e2rW1PilO_Y#qn^2WX7 zq@{|lKZpgchFa-oh47kTFSPY85YL~?vfWH#hIZ}@LZ1evs0{rV1yYGjN_2)i zH7F$ENXH>?E?H;@1t6+m0E@s21rWjc?v?-opt{O}w?J--0>ANOJ3!Yy51TS6?h+~P zJ|+z&ixh9mn6d#od6xJnNI7gLvS_{9W{J25i6gv(DJKACtV+;}R5@Yc5adZ9O6+%; zYMM11eR)(*jEr=9*uJ)=`GWXaRpz-nXr#Mj}v#{UFX^Ci<5xLIy#zlN(lK*C1=pdW}QkTotgzbCAWOg z79BBGyAdD5&Vg~g-@WNH6Uitb%B1f=M)NO@o4}jRWWQaOgTcGl=yeL5xe=AV7UAjd z@l%(f4>e4@GjxO_Y1A`3e_rr}TWOitT-YCpdbctzw&nEX^pxKl9AZpM ziqUq@K#PqtuSjJr}`{hHKlRiRIJhSMcmMDy=lf_X|B? z1YbRgF+c>;&yv-`Bzg>y3Wyl`SNU|z2ELpBOZfzm2I(u+EKS_!c-%9&FBv(=1*gfb zL!}%_Q-gyLKVG(!TwP7NMXVMqe znSqWj;Z*j|6=Xf^RF9=BFN`kF`c+NA=8^Pf=7)*WDHt^K1u+!1;9 zSv(Q8y7h&de-;UpsR&jVmr9ez+u>cu_iI5tYsi(td(Vo_?@mIOy~nQyku&4y3arfV z0|cu@$m#)vx`i;vCj7}z0I#LMv!g)H4IQ_9WVU_pE9m1$k}6_^iPaC{c-W9cTz{U% z$@VW1(}n*|0@a@Yk^(m_Rk^Qb9SAFMLmKIn$SHGC8^~d#~-y<0W5bq$dI5V#DiV>U$>KM{+mK<3Dm&0 z5mz6{-=O0yPXS<~)UJnq)%B%ktN{*!1!)Vnu*y;Xtb2 z-j7NTaia9V{2`hOMi2VR*8W!1hc4DW^RY+aN{&dpsPy;X z5L{;mGfSI+h7lkT8vrd+>Tu*|7S8_z41W>h4P8g85raB051 z*Uu#o;}IHy`=}~~vb)!M)OHI*NLZej>Lpx$rBwR};QDaR%EPb-F|qSN(?s>N6WcBU>EmG{D^=pb(jO zR#_SiVOQ^N%(cCRb8P*p+g)=;EM<%8@t+sQ7fTmhS<0a3iIlAQr;@$v7l)U+LEOWQ z5`O;@0ZgMp;axzM^x}1Cr=m;Ckg2|NZu!WuTZO9qr{=*r3ZPmcsonjFxxom52uUz3 zjE3BVUi@}g>5?Kiln&&o~rhj-Pv{*y6zb-|X?N8j79}6^30mVJm1>(m5HiFXG zcIs|em_PJ-e-XLCTmP+?CtimynKsq%^SniNEyO1X9a~Q_^}yK~l!b6tKiVIVg#-$s zw-;_nLm)8uKY?z-Qg%9P-rlA238XKfwehTI)(DUFUhCpRwhXP zZliW9LFU17sB+UN3F9qXoGoNpM9#oQd28}0qGTi@&l@0vlY|VTQqYjRS4+}0kk3m3 zyA<1nMND>kfrLtXQ6?p9|99=@8rWkD%kF9jGuL0}NKIY%y!i zb?ybRSkg6G^HNU=32-G*^Z#h`xg~%N;hyS%gLLawTB+|0g`TK>e{yC3f%(Tdn~K&xep~8JUmu=ZQraD-0M|YEikvL_hcqfIHD$J3b*=LL~L=e<;g{! zZ-YS*s(EgZ%uwVpadWrx74{O_Fdn*epJ^m&9%!M=cNocl+Xdm?R=c~)fiaao=SqwT{+6(mY%q^3M#2T67k0#WOl$xyOfuok;cF-1 zuXx+Qj3#Y6ik5+mc!Lb0-Gga$$O%~O+)Yx;;WQ!P*8r?Yj0TAzB8kdS>ER`2f4#ng zTx?`60Vv{b@>l^oVcP2mc{@0blM#hVeiz&nHTs|513H16aDB=!@i=3_ zr=K`WgCLX5fNsD!`M*N^An2bG-U(m?r7(y5TdE1>bk1lAPax63Bsd;1trg$SeNs9U zq@T6zw+LuWO?v(QvtNFGmCfmqnQVCd%4+la{94f#ebFdR|MxC8oZ_2@C~|DP> z+eMgD88LAIe+CekuSguBI``zePKwEL;A$>er46~x!y_$CwUWT`W!U%m8h<+JbUL=b zP~r)xob>-`pduBcs&Lw;rmIMNBr5CXJ|5?s6*vCU0*G6=j&hPx{KV(`2D{f+NK_l? z3QoD5^2r{T`!c+!W2j7?OPZ@jxGfiCy%;0E(piZFqeiR5?&erndp$UqVK^RDLi@e4SF^oAs?~MA3u@f@Iwh4_iLWzs$v*WfpuTOy)d#uQ|3q9 zNaR(&-V7SD%Xw9nbHY%OS5%AxE)3!@5`cxq=4;$7&96vxwZ3@-!IV6;k{XfHp+wKu z5>4PX@6|&7I%j{_s{V&}&2bK2d?6PFWX9_$GkVSHRe`rFC}>Hw<|+0d?kT>SRl}1P z-%;-;+&N!>Z3KHj^6C!sEcZI zooyJnKF{`O7%L!&Ex@!{h#!4^KA+6K0G?oxvzl!{xQFt5KaTsIWnYd4X&!Jpx%47HSWr-)zS1 zh0-pus!{Jhh-uWUoic_*?}$wOcbv{G#R%tH^(k<`H~h5IKH#255uRg}*~-E-?*VGN z&ziJ0DtdV?qUhO)XPNrSUfkO3(Mk!TIL@4wjx)aFN9ede__S-%Z2B&^4-`hyEZ^h6T05O@FR-P$S&a46)YBD>`Sba*&G zY6?8uP!K>)#M>8Dx^3Mmgd+F{2bY~oU(3l^iI2V)#a8m?5Uy}kQxqs)FNc48&#Mwh zQDl}X@qG`bvS17cVRnj*Zr}wH#`?lY$KKXZvc$FmA|M&^ua_KFB~~nFTb53h1Ilrg zD>pP=ITn8UU=UCPF=(Sm0$VJ9M8q+$vP8s) z5iMQNKaePRl7&imUP5a{Md=Us8~#sJa9YDCl8uSnr<}_z5Z4VER$>4b35w-uR0m%k z#EpRy)da7A_72&g;rLlJnNUEa`uK0uogb6FKo=0X@~dez0=;T5EY_50IPPpau8l*~ z>e{#0bt`o(C#kLsp1Kj1KmiasqV9A6O~J$$ONHhG?x5(%`i;bF8FJJPd`Sc=d@A(2ZKA=d?IH+IAy{%u{BEdLU&*@FmyGen969scqwd!cUJ zs3}P`(43jn7WxIZAs)mIIUD<}>%NjCs*ss{Tv45;#Xbe9Z5I-1(EogpxNXUV6;J{2 zE%Utpe__v3tW?tcO%dGxci9<~_-7X?V?W&6wB2&DOK|;)&JL&F{gj3MMv2IVe{ivB z%VEVp(gNXoh!1mQ;UCgxT5clDd|<|)8B$KA2pW^z;y||{GkfJUs0;lqg{8ubKgz2V zX#G^`wNIXW9zY^Acz!Z3ck=Qvtuy)V#Vi>?6|kYCFTP|>Zgu;RU(XaZJiyYzRyd-0>gi|>(|Aw zyN7R;J=zKHF6<{)CHn@P$hZNh?v_oVTp*({E}6=PJn>i4J9B%TNwdChQr2;g=o3x< z>XR;x@t8Hk{E=l-+r--Q?HdgGPjfZ9Re%0=NYU^5Z=kayON|_R4WkqJK+-E%yvu)# zCxL&(uuhUS=J7n3D#0*?p*TPim{)1WPZF~Z8`M9g@u^3e=*+0FWfcKjf(e5Qc z_x;CT%;v(C@P9L#S`7cGmR({tB?;GJp^vJb6h@$`p^hO@%y0&CM5~I)%H}rY-6LSS zt1x{jIqncMtvh!1?%#=Yqy{bVFfg)lnEuPnO|6(|-Acv^`~~HIN~n$ehdwmc?6*Et zrIE;fD^LlO4s{uvSVSx6?d^TBH$N~a$g0*=94tGbmzZ*uHeDDXvqJu5>!thCP)+f_ zY66x>i!{yu2UQgOSuXsyt&hFB=0q>``3n2Zec}Br&>RuJ$QK#{YTXAU18*|ZEKW)` zEH06e$nHQ7b83+Vl$ss5RSw&PowM@_glTkz2jd}T#-ODdL+l4s z-ZKG!*?lnAgFPqM3<{s;Rb!g^%p;lxtB*J)$`s!E`BF5b41k@p%+BYVFEBrji)(VY zy(&!oiHYn%R3nm{NtSz}{ry|G&NU>w!?}MF>w_RT0Q`%B^i_{x)0=W3zY}57pw=a8 z;M@T8C{R*bYL(Ic){(q2{78%Q#WnYKXO)piO|tPmNQNt*TsCVhfNre-0%v@tjdpqzRX$U%1d)yYX+c z_l^qv{w{2f%)-6|rCl3Bkq11*-*d$7At}u+fnz zXDwcf^ArPZ`4MnG7)wTsj*XcD9Kbuj5*SDaK3M~%%4_8iHsHs{Fpxm+Bg~`&TBsfS zJ{hB}B@HkfA)^>(N72#STMqdlA;(dAe#0Io3Bi}3ZLN8BgtyIW(W4Dgs*MuoVY8Q` zECQgm+w~_O{#7y|j^tE(c`dFD!8^r|N1|vmZ%b9$vShD(p`BC((%sI%0qFNtM0ru@ zrk&k;>J$goG{yg+?#;t;UfcHXk}>l_A@e+jqNJ309uq=_C1t8KNFo(2V?sodkjN}a zQc@WjL}hGHDKsF3GNtJK99h=7pXYg>?S0?v{p)va+r93!sO!4E-|u-I=W*=&e(c9z zTeb+>Xfl8P@`uN3vGJ+}0G63ykI&BR?fm2OY*b?LWV_q$E_ul(l1n{`bhL9_yxV*K z{*ybJG!1X)xOQ!ScqQnvmD#fn%=y#I&#c?8FOc9jS#hbS@3Fa|DvIU@E^#*g7|kczqO-rbnns};7{&%mW!y!ox!W3(qF-ZO_Av|ttpkVUa%y>>!J6n*RWweAoD=0tb@dk zW-VH5zHwtH%%axvva&K8YwMVsHx)xNEV8XMe60DeWdl{#?ar`>d;Ywgd#qvJ$DLz3 zKaYBTa!A^v6BA=MW%r${s-kNbejwIwSpG5FX*x!eDBe?BEyQ~{#LB_Orsw1HmoDGe zs9(SSjL|HAOPzx0Ia8{C(yPl;+og9#PncMJGZ+2PaHT%CewRL=hLX|%pGkv<40(29 zP-_p9Yt|cixV{^9?b^k0Ve{fvt({{`{l6ZZ)UA)oM9=tp!bRwuG*W%~=!E9tu|N4j zYg9(c7y2;r9AD^kn_lKi^)T??wykbtWTeGaZ~IxsbIg5+)max!+kGxJYSgRF{*mL~ z6~DWbrD)^%h-sjCV-}u|yb%sGZehMLzp(Jt>(}FKZ8ZRZLan}*mfph5lmU5^A`@sA zy--p4;|K75R~?;Jb?VfKym8~ga3vQPmqzXNCpkMi2eV5&bw|!I-@M=cfX}H@-D_`s zG<4thDSiX&x~DWZ^y~eeMO__!YO}emF4gbWj3Qkxes}xA^k7q?bF(}ol6_8FXsY2O zeFvc{o_3-Kk?n)v8$+E&EccqVY6a6!qQFT}w{hd{;1dvF99;KV3F4(W*zPm>6 zq9*Fj_wIe~_a-mS_8f+)5mBZxZ3vw4JA}+sI)P?{A2@ zW|orUoaUWpSuw7KR&N6!KU7`ukzI%5eDB+bTE#IV?b?PAeZNme(xYC?|o?aNOFSK1; z+=8bTYLsx3x;0}{Yv)%ssIA1-NvrHKpT~4|)`bbSwwI42Ry)~M$5d@2pBmL&e}wwc zCAxM6J157qQm=j5W6Uf2d!tz3q9T}lXdqJs6p%S4<4BVXH$TySCmq(8EsJIqxO~Z& ztP?HXYy_0D2O}HrFSp~llw+cFdTwYhB=$p4OB&UeUd`&4r&{17#X@EfHg?5qUNs`A zlw(yZC=(Qv+=qx>lm3lGOP9{JYE`#x-CRoG7z-_&sz+h&xGeR2E1}JA-n@C(z~u-B zad}{i4<35aDt+fp3tcf2RD9}^B`4;FRUf9+2kJELqiW5aEWF8U*RBnIquy9cruPwQ zkw!Ntnv}D0kcd-FOqhPCI@tbga|Lj*mmoZUA~WIy$_uQ0cvW6``L}O-yuIV$E}vW; zofl|x{&BtQ-~Co)lxc77*U8|`wqAyE&W{>c(6pyp(U%7?lrow$N3Oi2qo;RRJI84s zVXSteHgqwj4074x>#HWpbgTva1|6K&0l5;e>7$GDb@lZ0LQ>pQ#0-={QUV-+{ypFa=GLV_?AJX2@QyOy|Ky~JW8Cf5E)9gK(2v{*YhER`eNS9>?-N-1DC z-hBNQty+}=iWnyd5e;)sZ*As2JR;TM>vBa)nQ_E1d}dKzL~zzqg&847!rqlueAtF=gKIQNt z3`^1~b%^6P6a1wq8MTQfV-Ths9(`1^i{uM#ty%Ic^j^1glOt!1&eWK8Huo(pzGA(|yK}=IUN)P^@ndPOH+IaJQpgMA zh1$y=xC-7&$saA+L|*c|Q74N}l%V6Tt_nqc@^Batn0~Zb37nG zv2MeLW=tBq77@XGzLPa*;5t|E^5qDS7lDpB*=aP}#)lu$UNyzo_@FXqAzP+t`0f2G zW5P-MAQ>}STYy=H*|+j2dO>C%6MJ&d#U((91ii;d^2M+Tfq5d)#4WWp%#SBB@2jqk&Yw${j$O3q*r41>+84dvR4Uvz*R0d1&7~;)^HR__KY0Qle z_v2aMYMl=3smMHac3e-+IvI-Qo8yV7lQhF*nUh#GV^g-Can0kcMvDxRI>;`h%Zfn}?*~g8LxVF)BxKfn-E; zE%3!9jIh>vQ>-4{BtQSpVB`M2NyIf`)6$UVm+vlFj4fSijK-oew>5(b>rjrZoWJ0< z`GZycNjS}hdQVJw!Di^#t=pKsb9O9QwQAw%$)q@@+@>{azO=}B?-BM{cm5v}OKsk@ z8ETc(XzU87Go=T8jyT4yEyW|F0t1t^4<4LV%-#0yzc=ND( z*NVyu^BSod-aFYw{pX&HoLjRE>sP*?)3DSfZO1*AdCK3r0|6TMIbd6{Aw1jbyKX>a z@0`SnzJ9C1hsNtUjBp7Ym@}_zv)88j`D`zP0kaX1-QIaF@19>rc(Q z+~)q7?ukFNubb3JPV&_btEWZr(Og+8jU<@|XhYkM?Yz>CXnJL^4OU1DuG@Zh$@l1- z8g3iqrgCc1Q`aB{7nwV(EozMV#6+!o%N3qP6t?qC>pS-fbCNu1yQ7bGGzS3Z`!4(F zprC#-+v?LKXl}eYVCwV4f`DN*sI)V_Ja%dtXGPidEu6iVs>2pJ?E>d=GwF-T%Fb>za9I;z%HFoKuGAey_K`I5Fk8gh z*7hX_RWIBfdX}wncXLyc=dj`C-tQyHOR8%Yoy4xWZB$g^F!W&Yx8Kn~YvEKnT?qrP z2aSj@dueU!;1S(}~`T7D)p(m7FON&T$Ue=#BMX z&5^QgPCcU1Q>1y^k25pRsVK~kSlyANoJG?D#{sYLAkBQw)UBOWE0ayWw^1hR@c=z3 zG0DHWrHtfh)!c4tpmN?nzfrGlT`44iq-{o#K^iK_JlZEa_wV0CTU(ou zY?*pOxn8}FUAm0AF!wy_DyAO}T6N>I3Y8kGSbD-vbM)jLqO<-l1P4v%$GU!9mjopC z%Z*2oG7`NuDliD93 zrDlHD{o7gLc#44p0b1;I#mmN>`9yjlZ8wws|>@9IDz>zKuhk58B{e_Q>^ z(=sX;bl7z9V)|>R*TdW6?^oSvao{L<$t0$yMto}@a`*fQDKDuX>;H&4?bqXdVp!=# zry}j~#j~pm+|zw7uC}zyjtCt+x|{8E9wa5_wBf(sZJXCd5R-rYYh3t$ndzFi*=@(L zQC2g-7aEJVGw0%szGd2|$r;Y3xvRawg21l^U(!u0@&5&HF!~m`ZvFbQ7^TLL5fSIs zEo5a4XxV^Vr1H?ciKBMRVsajN!&r~jgAl|PlEf{d!*lbanL!KuK+mU>H-ik6OKC?3 zp#tp?C&-pLRGPGJFUAKDzGpu;x{!Fifm5)uvZ9$tW>VARrhKxux=U@hjgoSZAGCLc zEtZL>_X~F1P+7zV5m_rYyDMgv*zvR|zw{yVO!82Y+`%@-Cm+3)lCm2s4!VjOGHA@0 zm5I&U=I8SaBj)*&D7+p9DDsU$;$nKB`?~iaW?S6d>r2b`+$-BYefl)-c(Llt!mj)8 z78@1Hfm=KzZq>6ZJ=d&RLnHre8&BU!njmJqP803D$jTPZICdv3?dyRzP5@Qo_p2K! zHY7tMaUtl*)r-$22+rn59_Z&6y8PImo4ZI7Y6#>VHy6e5U1gdf{t_avhBaX>qw(ex z2Y@u`o;*lfnCvTPmIiGGUz!%Nw=@kyM5&0mGbt#>#s+L@=$Pj@w%6(?%+W<|fb_QG z;K2u(Bs75D3-GE{_l5+`y3m@P{Ayv|5ajnuAB- zc1y{p&~Y#nBekF<>ww(ChfD}}9oxrcbI#4`iwnjiQuy;Bw>x$2{O0L7RY3H=Hg8sZ z!0%EeN-&aCbq+-BkBZNxKejZ))^c;dfUUo^02>8>h_3qSD*z^ZP)S6Qx@6OcRdsA$ z)`Z@Z8Ywk8uOuU6E2OO0KTkVj*i{tZc;SGE^wY@pII`TxD4eoEMt^ep92{cbOKKmK zYgc-@b3KbQ$4q~A)p8v!DCPQ=*f=1~bfL%A4F}mLcF8E+_st8~|_0!jpMh%Rn$Wc;a$$jwU3G<92f|bOEOI zKHh02-R%nBzJJ$P@uY{?Vk%=@Y}~%#Q#5oO`Hlou^O;P=n9wwgiy+IRf1dj)6e7a@zM2Z^ntyu-C^KBFTUA} zw{PbzyZQmgn+fn5z!!P^u2hStW@WY)N7p2DX;kq`NUok-obO8^OhfHGd0y7J!@>)$ zbI9Ue$ALFTf$m`$Ag{RW>Dd-&eA<8q^c&zp5+-xKQm%Ru*^KbG++IyN;?T{{DqEl<>2-xTRlTA-aCtOhkFPJf5AQ@U~J>oS{4bUMpnjt zU!hbuK*iXk1g{rprtwRbbdhI4=~zi0Hyri%LuI}`K6lwx+dMo@VuzGktgfyuWjJ;N zP4?YgGWjuZF_IFCME`56hi$g1VA)`?@e?5GMeYZe+qd?<4Fa=Gz4|^sKbCdN2sDLU zI!9~Pu0416^y!(-Hueh)eN3EhTt8y(9Plj4M9sm$q4tlUoc$my{CvIo^?T27>87Ev zm&$W1c*mU~YCi!1mvWhHhOWDkKEQBvNs5W3OVA11-s)9EiE5mH+yDU=?H#=)wXd4e zuB^HCtezJ=)I7$BjUszyI8RK*mC^6?CwYv5m`JhP6vvJoOZIUa^tr#!q|pmTw&%xD zYHjoLYa106Wj zj?Qf}$pemBdDP9Oc)S4M-W;-z_^?JI6(C0`shn6l@?6dAvIzdU;*B5=6iA8z;Q0V}`D7)1wC0cQ;SI_mDq^5exfEmwT4rbi z7g}WYm@s^)GsZFW@_nRvKA6&2?BziEUjt%nF4q?;tF7(UZDUt_#Q!7n(5l%E4iw9` z0YKLRVuDQOl3n##qZ{*J_JWR_fGE?;$^s|L)Z?W~3;)PW@hEul;wI=Pz!(h9D20Y(dF@z{k z6tM(DtWyUgr!5rZL?1Z$O@K4r>!U(0U$!u}t@!pW_uV^^LS1su!+MT?9J^Bq;gX&; z!3Bq>5t_XwMjW7amw6+0KPw#(tMpAiYLG&p5RV&aHB3tKsMBukv8=LUB%uwjwrWsY zYW2_d0dKQz-*y|@euEb|hddNtGSD*WGffP;#7-KC<;LsRD+U$fiZ7f1!D(qo_TS}u z2ZjYJ69%;Mrx`}ZNK$sswR|MfEyhPCDVSg_Xzl!G+zS}qFy0i!_ zR-G+rh{yRdwWnY5pP>(G?#emzfyesz-0Xg>wXIA7e@?pTkiBf++}-bsirn|@o3Y*W z#Exf2drou-x>npZ-{n`bT8cJJ^wj+cmAz&&Fg1RY!>xm-P6SV|vCN8%-Ar(>12mM0 z8au}Xgc?)&JSdv2_3&!8X-?w3640h^tU{rUyn$_rs*6A6&5rW)p`T%ky2O)Pn=(?D6d6Mfj|#XS-KQUx)Y zx{d-^Om1}5kACEvT_G+=9Y_k~Tvt^$$)!N&$X4~e*vU(%j-|hKYYL(D)?iKLx4g41Rv=%ua?WFgiVaE|()S)kz!W%Zobhs^z>s<>i=V z<7VfUVPQ_$jq0Ob$X%nnHPCc#(}GgqPH=qh26oE=en4oH-I^M;VLjP5z*S2+G$@7l zATT2R1H_5Fch4PUZOT#oBo0I!$L|BV(tNfy`dK%uP{|?YpAGFFv^u-TvW2zM0!Rnb zo;mhAn9;LJ+j=#nG+7p^licEB%O5|JXk;UX8b4-C+2a%An}M=guUR7`9AlG6{m}p4;*`W6A$!E$00LV*diU+m)MD&j@YC>j#7w|Niw~Fc0Z%jb&w07h% zU%q^)-e~hei@jGr_rCf=KutLztHw3T+G|-g!D@+L&i$+XW*5A9GoDQ^t%PWf-sMCe zr9wfe6>s}K#cSZ0v!{RfT>kWRN9F>PpGe9Dte{-%2rEob3TEI(gDpFnzKoa=uNUhv zb3&OPTX(l|XvVQ)9i%!XBwuh?9v2_4y1wD$DO0-9eNH?q%GPdS-)C*8P19AY-YSo+YyRDqM|C!TnZ6MN->0c7SaZtrPb@ zZiz;VjE>=lR<}4~qMUgA1nXTo6NuF;(4`wf~ufk23aoUwv<@*5^=?bc#w>teorgvtxXsoL?~})p5FG zwBG62&(%$?O?w^oXxYHU8a@;Jk{1WF9;2^(c3A%48}5(-oyj5Gw5iR+t3OJYspZcv z)D9@Vw}0kYqwOpn-=demZOcjVN!8bfe_49*N#l##el618VJ}M;(#(QB%d%wP>2b|! zmpmCTl_JK|bboKs#2%NA+LRlgIo67o7X_&S*$+_qOl-bnF60#Eph2 z^;Elv0DqeIEySO9r=+*zjf7}(llu#V1j5(zP+p|gzK&!3Ez z5tJb#@&xz2dF*`c9p5h&!vG2%Oz5&L$T8)}l)JcL^^wk}*;_2DV0O9)j`X?i{tXsEk z*6ZrENe;fF?R)aA3#?7iIb}^tPEMA-Mk@EX?;X0iQocSqKS#63(n~5karZ~1x*LFf z&MMD!AbiWwI$M7XI?a(yiocht{Skpd*)v6~xdyIG-3hWPo`VqUoL9pCyEK?TfBuEA z8~gLvkEzkKYKUhZCn#d2Ge&3rkkz(CWBSPnEmk}^{pW_Gv5SMBe+N|BF-_h3NKyWT z6>8p4(rsWJWd_NoqO``;5=acrD{eY=?3l9Mx%tDNLyTG6c>09|K99<++HM|04A@3g zN6g&Hv|hdX1fMwC%7Axb2~v=%T>G|lCu;r1Q>Ug#x}ZWjMRImQ=^}FQX*br{e|euX z7359WHDGGg!{RI!5)u;nle?#E;#9i&W(R4N$Drfhx|Jp{kQa{5d}RO17L9%zeW!zj ztQ9&Q_wa&WtmR7!RCa99f$O>)=2vPTv z*+*KYsJhga`d(#S-6s9hP7>#iT0+aLiR-)yY)4tmp$LGCo4Qj2P9M}eOmjj^YF(hAub#>=0U4%ud^BGb( zkc0D|P4*n!WU#n}*U0g2te)ETcoW&rvV!D^;^|?;MSHSM*+S|YZO(=M=pF9I8cwFF zl&ip*Atts?-8EDqET98t3}$@T&}(hf1n{bGI`b|@v^SalUDNE%`}t?G)KjYHW`h;K z{G}MaS(yCuDF;uVHocj-;r@&)q4(m z;}0udb?WNzwbu%hQNV_ITUM|v3F-c;a-u#JXQs7&u$F>ECb3~r>LM+Au=b#{%B}+6 z;W@yB^yTxt*Yd=*{H}09bJD)X7MrmRUG1cV4Ew>UlNEZ*JZVlmm0e=C0CWiCW#7QiuXgAX*x#q(x1Z1R91*Y|K9%&-}}_ zr*Y$tB>yjo&!>{sbN6>xs>RCS7!r1K7Q47}ZTP;LlYq!kmxmw#K#Q04-qUdrdbOA* zRy6V&iQ6}Fda*zzk6i2Mh`72nO$zQ=jXvaiFBEfyb)Q~uL^Vbi7oCot^k_>^R-y7{ z=ZYYdcjgMkL={U1vHqqi6;>Vv#JhLzM3yWPB8mwy#o;tBCD(_suboSUhfTk$4DjS) zk$ap!Iy1{YV6eDt5eBs@b*De{nbb{2384xZ$5yggv&Nh|L6rti^%^oqq?wX*lIWTu zSUeFJ`10*rh@yk`7jh`u%c!qBeSEfqzka@Yb0W9i9Zw*)uQ@L5-EI!Us1JmvKVbd! zo{k1E#PUwygq?WO9I572t5R2iBfPyD(k|*^%l(C!2|3KVD{)*sIUxtr)XdL;BPyZ>;U@yD|%lU6}jgh0W6+ ztz3x-QbN*yGXPm9Fjn6g2G=@$TAKJMhp7bWSF?5`y3qR}c14IE^xzU&HmL0kAiUVy zfox-k)nv&XK|3f;F(0Rleia=QHA|eVLH5tc+#S$ z`rTTgwlfk4Dbh%@lnq;i$8w(8F>AN28=v#hqA4e0BJ6!(foYuBwK5-1mk z@cFq*>1mUkjjEQ?+CgVG-C&{v6kwq{z^+MweIlJowc z%-?3@VjmNd%?U~ABL^k z_FWUIZ5Xjo-M`hp`eL(FV_*DBi~SGgilKV{y#9w0*)`-J%4?ff{jEhm6iNE29DJ!} zGA#^Nziz^MH){Cr4`p?`xIRXQ?FZBR;?0}oAva(><*I(avc^ChuAzPgJOuG;@k|xY z3Mh8j21_m9dW{+ply!h3vP)~3FI~EojE&-h!auY_wG>VM;aSylMvNo*FJRf(gbkn! z!Sx2;j#UVKxGYk=6=RGR_}huziab@cM;xFvnzU<|ENB#poyL$D^b)sfew1y~?q3fO$*rNm#N`mZ0fiFjpOdQk< z3K?FYr2-{CUu-m>x(`!7nO78Rp>;0sUrzI4h(@i$^=rftM1U(I(^q@f@pYhk0?a}N zgw%HP&(g3VoQ@bd((-C-e7uCfhX|hN4?KNH?Ad<3!jms%j#R=sD+S-2^EV4Ve6SYm zQ8fOfDLTgWr0DsPOMWJUPDYwbnLi}Azx{;M=YL~;jr$9Gp443@;vciq`Xqa~$w z9kLC8kD;5t7*JjccmZLl>0G&1I{IO~rl6O@ov0H{aMan44n0p!-bJ18to5DRVrQho z3aw&@^kB{}=@+NlP4O7{fhY_B*>(wJy8LlB!JKh~X*3MY85=GaOGeS?N!9tc_@~8? z*@SceuH^_CnO-#WlC%%}di6SQd-O#XlLqi&TfAXhF4()prlhoyaG?TGTiY}&B>R_r z4*NmJ z!@?)PVwrP1gKNy{JL~sVjN&pH4t4+|mlD-2iT>cL>H#)G&CJcA&dfI4ps$^qzA~iP z(4g{zk}zQ~ZpTTfMez^Vtozgh50#S?zp0TeU@N4MAa=~S zFn18N9zo$!`F(`s573EGmz>7p*WWJlxd<{S_hx*t5Tn!K*I3sT^O&DetW<`si-Am0aAW) zyYWB!`NW9c-h&R4TUj-;Kuyx4xy8kKVd`)qx$uq=;jOe2Y#!u-sa!R;}{QAE;b9BZl?MxmHGkgVAQ=VbmEGkF?Q>0?go2pTc9OMPhT( zPijHmlQwPc!v`QMxU7>*43&ijcg&J| zSyGZLm?aL(5P*WR8=W<(=gJj42D2qeR*E6Ek0UQ4b5n{T;-HWVaj9}f=W^lbFEN~C znur1WGo~uk_;++`dgfB1*?13>K`foo{C?E+VslTZJEr7_2IZk31zW^2pOP+FsY?&mx0BMC7cOVrcnG?4MYnv~t z|IXt2_H78ZjNl}WQ^H*@=SRg?zC>%8FbipVA3XDk?Z2zwRxrw?(EJrS&D*tW6oWsT z`H!moJ6jIe1T7|~3T8pJk2S5J_o;_uTM!Kuq+bB}(8`#~&8iEI0rQ9>b4Z5C>y}jH z!o^}-Fk<)`5FVPDwns-BjNR3yBV#)sRBYI=0dB4lxSs$WD?C~ZBWTwj`awFuf4wHe zznGG=mYfleDlB6SFk$ZE{?C>Td<4BJ9Za3vk`(w3vHA%qi-SQuR)%yd%STp%eeSH@ zl5bSMJTph2H|Gonl^Vb)rEw$dxEca6DU1lyrsN(g5cvFlotzff{$6C@Z!N&q+Qh8-HXfW;6l(y&=g5D0LmhL=Y!1R;qEe@ns zH&|8wXwT~!K`+`+hE1BZbAn7${QKpqp?-$encpv4onP|&Uw?bTq(^R_-+x7hG(u6V zy8eFkRQ=EFkNo0cEt-QHh+udg7K&zLb=lA=J`pG8`wU2MxZhS-M>n<}`+ZlXs%++0NT zGLm)k)uXsVMKphg55r9`VxJ-QXXozuovUt3s3QL}Y0@7lf)-Nt*ud+0>5({pp-8+# zI49QTAJ~p}6!Mwl&;HpnO~beUKcr^beIEni{YfP!J$giOj_|u|sm0mvA=mjX!zp6f zAWPU{SgN!~pa)4M+C^ZySa4ZV@Oc-IV*mZB+23Th8v>N)=H_;5*AAw9r}s+H`sJN^ z@TIe@juz(Sjgt8AqxS?Jp9~-vH*Q?6m|q`nSWWDJS`8#D3os1BHW5I%q2o>N2Uph)lXfw%%QGIYUc^dm&ng{`t9| zf`EfhS3H%25z;%rrRpbhgC0b?xPU(>;Fifb)v9LAnwJoN%IKGI<3#_qf?@Z+UsW?M zDi#u&HIO*2yyVE=rkV}Bc#7}w5g&DxXU>k7fZ%+XFtil_m~!7NyQHXSB6Xpw`^_T$ z2#x)!?Du(jf1#N`#Z8)PctN=1U#}B&^Hr>!DIRF1**p0^k_>=N7MFAEYO(_gaHw`z zvD9LyN>CM)hIB;K0ese~nA}Yys)ZzsD+c`j(w#cR_V9MK!%x_9QxeN|^QI(_sFR$= z0-^v0WO?0Za0fd4(Tu@?pbfTKh4`0xo_SZ+1aOpID?)OR6wtggL2+q#3C%+0A#-XG z`DUL)tw)8e`s^pfsj#_{z>ZUtbPYT=|GE}aMquKiA4GB2E^}WoQJL`B2LSRo z2P{{8`qx=zH6Z^F>n|jowSB+xv?xfFlPpTGg;c8DU=g&WcHi6v;-J8ReFva10}CMO zeSjJhkyw*I{un{lC%Qax*8pIKNK79D&5U(dRZ?AQ1Vi2`;NjYA@A{sZIl@Gva3Sey z2kK9<^#`ROj8olu^};Wd4gt6l05b>|l_YZe#rw=ri|a89D>aS1$hN53ayaM2_O{e<1+QGn}H{1N#-rU^WM}H;y zP1I$jlo_SC;CR0s%BByXaf%-EGaGj#^j*p&qk?E0TS8ytOB7zIIn60oYt*Rmp|te! z^FK}dx0DtznB(40jsmotGCVnfD&fo7_i-`=*!ts?cH|;7k-#cS1Ld`EkqrUl z1i*HhJ7syB6_mDMy$2Ejv^pT52H)@vTKluSP!`1-U}Df-maGO%jkz!F`bkDeRiUs9 zIjbzdn>RPYEJBA=?KyB@)?2%8)M~AOTA_#oDRR)Ni&%()Hywox5an%Jra;X#=+b4~SL~(#MuW&o@7unDi00 ze6Cv(`#zFJu)~9GZbi5}XN(AC&oqiIC^;Ls+bA!f4~#CFWIWq~SnCWC0_m7mkx2v{ zj3^k8R7ek!$UR7_wF)^LCcr@`V2mJ~ZA8Bg9TZ?9AYKOdY<1iitZG0iH>mp_DWl7evO&MsP7 zsSzoQ`lnY8ppmB$?@JB~;o9{;4h73bclU|GnqP^86WBw+VPW0Ts6Z4n_qm8S{lH}p z6gVphapx87n|c2L&{$aJ^WHU$ih8pVz1%&sGH+sMst-y;0+jqh*IrBVFM=GEA=-boRju)3hU|^XcXH| zO|g(XLGcnfz`WXrEiEkSHfj{ef2a)4r$BpzfEbC+WQt3f(d7{VF=t(xH(rK`EnfVx zZTu=kV$x#)+V6f0YEBdLk>GK4YJ_VZ--^hH8p$;)=$yD{lC!nUJeXw84ubbBF!kOy zZ&bU!U`s-1$5licta-{gMgGz%B@is3^Mk|jOEf;BnwB}W3KtjLNTlrDX>jR%_Vu*2 z8xT3X+U-zolb_h4bBZ0iiIa`WOkinXLc~9*vDNut&pVUKGv0h(IIVXn$VF$)6*tSU}L z`<*?`Aw{=hdR;9gaPeyI1QU~za6e*o%i?^g3}Y;#=l2Kq;D#;9`xt4PudKjfzZlsk zzp$5Hcq1b(&qB?iL$epRDH-S-<}~imBuVqeT+-3i&0I#B_>ANw-gw|=7%K5O5Oo>z z>VbgV_wR2(upr~x4D3@>pz2wtfTkCCl!xCOzJ2&p!8Fb~cyVlxS?5~Nu=<1@urDZq=(Eo_a_z?rwY)nx zocx5$+9RU!9CE|l+*}11AFt7VFtD-j()B2YUqA<|m?3v0`;eY`43J$zLkAHM?j$De zfTLh-#j=Ypg@&53Qcx=)rXIm8rxThs%%;Z@j^FV7MPK5}XiNt>b zV8X&GhKEF~(smAejF+A1)z2c(&{$FzXu|x_iSdM~J&2U11ExxLO!}mlPIAT3pwt0f z1KOM#u0)<3t%h5-CAf*0onPE(U`^I9BC~+!Trc0Rv)^>&UnHe6KnoD5%5!iX<_*su zCuNf7h)y{(+A?{70_Q>99a*P}qI)_0n55y#QPX<4`o*s_TxBgQXoZ4MG3_ zW_KoQp?T%p*zVzRV|fL4Y{rRkO%+u7Ettd^1G|<-+%%*44Upj>3%}c>gVs}j|q%(=eig8FHx4ih>jj~Usa)EfL}k(MuAvhb(#p5P)f&nfg8 zcvP6>Qj%qr_d$(UJU_U}l!OZN`&YTSu3=$cc}t+^);G-)l46~R9}~RQCv%LHoV!4Z z3THAN7=GumI57KF;l-chSq{eZudIKprM;`rFN>QpBg)C~)iXKTdl+Cw<>@vsh3v)R zL?x>H{hn3pct%dBG|Cq&nm8)YN~MqSFhj#feTxt?q<~~e6-n*_e0F#3E*7RQ(O$xs zC?VyqNj+uqvxdeWV!LTvxeR9WC-Eyh zvSf3otG}l?o; zxO?xZNr?Gm*nS1XPVs%iZs;GBY!RL6k7*a5mX{T>kZ;Gu)dotQazw9Q4D%`{@^}@+ z4^!xSqQ7MP7$p3KJ@^sFf>yGs3C@bR{`>yJ0+t$UF0VVPT@=hv!ol#Tq-^3!z*T(w z@F5o~#}_!z-Mn|NDC(IWegvR&O2>$?^fuOZ{iEvyso_npi(R_${SieE{FPvcBqTb_ z??Axc&YRYyULd1xIb`+e>0#8Y6+;S0(rk*K4dPEvWA}+5OZ()Rgpl=Ltss#U`N1B% z!LX7MP7?3IZQ@=!rP-}sT{$o9?RSN>Sd?%$2_^!4_kjL-ikZPq-}(#3f!eSS)5|1j zqvV&aAaYrcfjwQm8q0AbuXgryMwB+bw))K<@}vmFFaZxqfN4Qk96TBCTL36@WIv8P z8|a%PF-~eW<9YK$(oc>{gDB?S+IKw zt$YO7lSn0LbzwY|0yKX<99C424NG4z0FHzj;R{bD*YB0{nkyB5N-{`8y6vR9h)Y5N zrf6%|M^eS~pFB+z$l{{Gj)-UPdd$iA`bwH5aDa}<&i0dmvc!}>O-)UAzCoo&=VT|` zA4R8)PUIm?9nvF4%go}~9dX75wJLtY+3jXm-xcX{aC~#p+iLEjo=|(_MoqzP3E%I} zB~b_S+|BMUSi^Z!BcS)J^SNBypc)Z~!lblCx}BVEKo5m<#IRknukNNbKfA?cbK=H5d-klZ)=`AF$bQ}19Hp4ghc;61>NRr* z4UUCHLr$JLC3^NYrvPx+T4X1h(2hcQbl=fxNo?+qEtF&h;YEr3)*OT}vFg z-&gfhNO15?l4TL8w{7beZJ-oeDyH4=R<%-+ruDQS1 zvyYtOygcLgvtiT9Pt{1?eADA!INMXL=hk10edRd>eU*WqHA~W9ZpuOY1|F14*OtE3 zlJS&k;A3I)pNIqGiA!Qf!yWiJ&yv-@yn`$QtKmHdjk*{hqb3Z~KhvN{S^p6lGRLSe zKYujop#TMN`1u^&UA44kxpk`=g0#X3$(7N0;{gjR#*QBSkakMwe7l?qEnF^8xn*B< zChm)t7^7}&nS@I__-3#qVVH2a3b%eygG1*8QwX`>^D*6(o}8WOzGu%K-$cnYo@}mv zKIhU#8HVY+&sf$qA;n9zOJ>2DE|M^nFV$DI7n7clxiq_+v2;=7Uzp zZ#EmCQZq8Br`iA<}aIyHyOsY?I6zGY!QzDoJ2YPrO?juP0#IU5ic!BDhWOgTBU*g%m~ z!|VPP7N*U9sh$)@r z_&`tF`}Pe*PLU9Rt(h!^5f?{nRyI04Z6g)jw98BG`o7K1&IZ?71dkkN5d&`+0%DEX znka89v{rV=Us&k8DY;fFizrp{*Z|5&uaLnI7TQC$- zN*>8hVyz7~PQhuzhBv99y+aD``;$$P{ge^yo~I4?btG;J2nZPMhs4eT2R%q@0@ptZsG*3YszbM@Hs5x2E&B(*8B;2ufJ?VF3zbX&o=>2fP#77nn ze3g@*JI{^14_5rB$4W|O!34Clw9d~B-GO>gx}NA8vN$}JBZTXASp+zSn;-P#d4Z5Xsl8&o-+rmbtC8| zDXgY>BfJEpdSM;MvQ~C(7`wBjm?Mj3kobW`fb=o%r56*G-FUEFmVZjxwd}W**HI4~ ztA30*0oA)C!L$Ug8iibv5S4t2XGNIrDQ;cL%?Z9_@n|O^Uag^gd`Upu{mzk|8L{P& zv90czi+%Jw~ies-SYeF9RsPn`3M&lz~lY)!wzxLjDfkTLa zfCt~l9gX+U+_h@*Gf&z2Azb6x*rmz=59vBUmYOBT*)24Gq=d9CNR{i(ntF zTpCxUBc0vi(drILiAXawj)X-(PhRTt4^i40;s`=_LPoTU0dLZ+SFg7RDma6))5;4^ zHI}bw{qNVc|AKv4-NDzx!#$52ah@@3LY_0}ytIp0&v>BIFa7YIJ;ye#8%A#>V&mxi zPOh~=JDjH9iZ%hdx9*J7-K#z0JBj7>{5~I;+(J{3v@f}<^gYfQCo&M=(q2ZV7iDQ` zN8}hWRAQv0SZ(^YmJyGo2j?+-0l1PNmU282+DRNMK}j3#t+ZsTvSc!P%(ztk;@aAe zok)iz$%2-yTu%nFGqyr`1lbD*F-VQ$(WM8PhC)a-86Gn|P%W(qYpDCPa(qkj=V0rmR zq_ZnrPsHTa@#ZJJDV?1|X^Tpo1n3W-L|8w%L_|)6a#8XcG7q|8$09IhVb?qcEkr#! zjh1|V$0^NuY(t0LVkN#9Bo*E5*~$e-f4r!5gtP;{WArPG~1y`D}Mc)WLq-Cn@?!4Opq|Kf+Q zCLZYPPBujLx^|Jf|Mupy5X|O@yIv19&;6f@-9Xj_3l4Mq?D}MqMpAP|}eX_LY+$#(NQy(>EOhHlQ`;*nHWN^E+ zF&RrVf(ZgdiB)G;J~+1VqN|?auf3c2jkeJ>Pj-9*1Klm-Faq%ry`ZZlV`x_9nBRfa!$pV*Apc8pxOM0)yrip z1KV#fXHblRMt}}2t+1G{ldH-4o+pH#=hQeo&A$c_{*kMEde&B_T8GPO#DNBwk_Clj zm&7e90}&MiOCLQ)jc)titZHA0j&5gKi(W>e;gjeAc&C<6YSP$#*zMc5>osni=2xvo zG2F($&YtO_`q|8x`x?cwWjj{C@{WEPRwFq~ zS&KXosGwd9g*mlB%*de+@gmu`XHN{vEqvYQUR0a65kDvRZ6AtF405P)x}Wbw-B>Sf zaq!famj#e&;kLJ~5bPY6pe>S!Fc}jY9m=d6H2^beUz%88W$kxn3C+O$W#OYfB7Hj8N9}O{@ zr`T+5DSp=6sBF8VEF576u3#KTg1*SiOd4f8Mz?q$x=@x#^~>|tv0+Ndcu&3{-PPEX zBwYa9?W(nxTJ=}?qbAjESE^y!+hGSkVko4qe}p5pbtc6W+B>s{ao22KRj*VZxRa*C zqNbCb5tKzEhu2X}>MES>=8)oU`24RQreVwG#xdpS-^|E&Rc;or#gGiN-`;HU`0?Rp zj^uFEaGVN%f*^TeJ|;dHefHE9)Xq0ar6T9s&oRV|CA8Ml^Vp!@p!4wtc^;Yr z-Jk8x8v6AzT-JPCOgImLkD(UMM(IcI66yi5$m3BA)lh0e00+_(M(C)1c8?%{c))2F z-PdX=Dgu;>DvcW?ZVru4%AG5BXvu&~a;MZ`b3#FXMh zY=hb4KjBWIv)7=R5xE7=k&qQk61VkH5L>TOH}Asqj-7T#AReW)p71K(>!=^ZvS&~-h>{Tc zWB$WFYJgWzn`8y_(qJiBY5D}DPU`AY0@Qc+$^Tb(b~oCo&>D4ThfbYFbe3f1@7FN> zU*jeJzRIj||JLG2+M4_qY1zjAVi~3U*FTUO?`7EG*O~J7Mylaoog@GKuFdQI7irnB z|DtBA^|wtj_^7-AA7hk~DW^bfb3xXo z|D-*-=YPogN?YEY9g_i%Lr{GA?w!+&Y$_0xoIW3)TWH}_F(&`i`C^A4Z`)j;5@utT+9viLD02Ntj=y0Wys#6UGfK|wGjv9jlE zGlU{R;uWO(570ZRU8}%450^;KxCsp{c1j*yX1l&!@)&eNhV&%^?3?_bsAb zRj7S(Hb}Ii1jYvl6iBySv*tVk=Q}xS`yX-oq{MN6PGm()njS$W=n)|TZxZ>B%%HLP z_MjuCR^vG+IlL8*0YyZDT)m@{8LuI!QlwvF?p2HNpv*FpZV@Ggz<*?m8g!=#h{&x< zLTD&szQ_wUJv_ykji|8zu5t;tFk=00#CBAkr(v$<;s1WHX;|2)0P^RzUg(3Yi!%&+ba(nt>Y9VKp%g&h7=|b zpaG+E_P8-)YNLpLNg7^L%zwp$W`e#x-a!YrGc`o@4ElE)rFuLETuTGz$cIz;6=?lH zI5yCv2CiUM{Vme_XaCz4Qku~7fvX+J**AnN;KZcQ9s^r9uFhluzz{t9vp7}ksgahD z$%2tOTl5rqEYgg@N`mu0t^yME zWkEq4dhIcsHm5ny0Zqb&ej)P{w%h%3-l(5@x6 zun0?BmUX9rUd;Z%{yX;Qk#Ia2nwSjrG1h7HaAFvvL>hG|-5fBFVp)|Gk!+Ksm8z>C z&{?(y_o+`J4S=+?Xgqf)ezqTeVFvI&y`kTtt11l8+gN9s_M3jZCQC}i4B%Su#)}_j=k!QQJl{=8LjRNNA-?*w@yG*0+ng)Qno7}1)9@Ha&b@1E zid)0`ie;v(0H{^>4YzOILXY_hgGw=r(5`i&jABx(;VJJtE=$Wz!W>HtpVxSlAZ}O+ z_UeR#fB=dw*IKRq_;NIbgxU02I4E?`_K=Ypzg`Ie7fF+;w~!mq`@@&X85p7i&yCXd z5sRmev!NJ;@}$A`dX1SwCppo%dEdFs_uZAY7%8f|J+9i)0bcj-H8fIjA^QJ4mX zjrx#bKOLZ*9{N=)uc{CI-I3&ARUqL4V*_D-I&iaKYhR=v(l#Rv^D>WE^t=Lrftty% zKSo`3Kgj+K&L&`j`gQ8l=iSxtQ$R-dIr7fHdV!&I!b6MIN!2hO3_w9B4^l64wmFIW zAIO@dlY(}qx-?qBt6-VGGXZ!*K)8?3oSA_UoPD;O^|FIGchG;k!7+XfyZ-;H}X zZv1!x@J55G%6)RaRKwuw!im&|%3=*E!<&m!Jy@!VsfwePdW#C=F{Edq;cPUV-ITGR%4 zFF-t|Qn6rR*6Wuj=0HMoSZtHov1A zbYaC|j9{y!Dtec_ZvWF7)}^Y{@3u~-PA>zU5`L$Q0AcU{MzVi>@VMdsUlYUT>$t`K zJmS`Mf89J!mxGc`8ZP_%E@K}Wpi7{wGTfNfoV9PyoNBi=n&%}-(g=l4yZy=J4}p#j zeWEYjgRrAxsW(d^ipi9yv@ffBZ5yZ9V_}qDP-Lkx8M#AtD!__#%i%qmZJ!AiR!T3R z-lbR04~pHlRnC_zcbq>=O>c3vqPP=pP672P)N}c;Td}eE8@~)?sR8z$a_>;uas}`* zoobJu+!7Nfxb^E)x@RT~hCmX^EqY~@g?wLdBn`<+C+Oo(O1dR=vZJ;o1 zK`c3gMK`G+UWlX`ml>Z<#vnP2g7~h8jVm$UwcdJa}_$hHd7qZIk+(L}~4Hl*eiXdUkB45ySx#fA)N-LGFiDmaNr zYe6{I!m|id0^g)pRar(15;-}0ic0Rbh1R^vO*!<)5#*!=jSf~x@FLL-Qli&ixNsp1 z@K{JaoW@O2NlSwuik;jyZ|+iJ(F}WQiN-^I9b9Ij+xO3R?4|pg7d|diY=L-Jrk=kU7qnb^vOB1(P4cCIHNt0o{%ZrYoJ~Jmx`$f0AWO|Cnh`ubF3Y+O9uL@(8B5z;+iR ziV+VQJRcTWTFMPpl(UJXwt5Beuv#Giqhys;Mj@ezEhtd_-Q>jMkWS5e&uXx8qh<7@~D!;+CXPGm%z?k`#sCFXe5UHFJYJ z0|TsijAw%a(Uu}XSHJPlp+n^;2h8P2s|UgZ<}sNvUI-!N%^Q(zxSIxtgqSjOff8{S zHU_?r&NQSN5p)=d2xpWG#R6c5AySfoCq!&n#)z=xU?&)gSus1i@h}o`aju~VB8%Dx zY=X<^+IX95!Seh|9WQol($w=-TvAd)H8nNjuz(JY@TrTx){I48C-?DJVt8Vc>iiCiTtYZF-AfMq`oX@!ZLC+i>jeVxSOw#JjA} z`upzQ!SM)&sy$1S=%hpz%LIwrs4FC2Cz!>v3u&ZOD;CWYxT8!zQ6Qa?!PJBCu-Q{_ zVQc2lg*3g+pj~Dp9%OJUk!8ucGVCJ3&!_NLO`>B{IrtSdjQFo1$rJJ#QRx|&Kn_5# zAwFX1C&y^0OJPGPQu1ZQE2~kZum{wC)|+za{3Q+$*p$Q{GY?b|eP7OJ$AjE%3bU3N zVUqI7qJz|6tZ&^Ic&Wk8mDgf}`NOtU$%xQm=%kJT6y7<6+sh9nfGs7XvrfdPLO~Lw zZ)7{%KoEFg-JqV!3D43(4}mArvT;=fg@tv7kqT0Yt3i-=(9-&{>y@=>1qfLuwT2sk zu(e2wk%G(!UObvo?(Y5jHEow3AFQj(PzH-WKmU-{OvJH5ZWXrKpaAfs#Poos34Y6a zbZR{NdB1#7-}Z3f%ZT<8XS_fH)``GCd^E(#5*fFm_|O#cKkY9Z27?w9)^gmpcdtSZ z!xITZ+s}ZZ;-ygm6*!b)1CK9O>Mf>!B@%HB7ShjDw@P$H3l%YtHC{r>-l%x!~QRYk;k|~K&nMyRP z5Vs-9&|sFzTuIV|kdP^)LNZpSN``Mg)$@DTyVm-xcfH&9ZJ$4$%@gkXy07azkMlV8 zeLwbtA|f9USjx+1cwblgNQ9xUG@aU4Pj9-0y9x9B1H{o3VQ&{PivWnhUdRwJ{w)E~ z8nN~X&adp89APMIQRkqGnF1t4_7w^wVz`FDJCr$tV#NpZq*d5NX;#3PC^%7=_e;APfTAj2QuNJwYH?NF0H{>%xS9f{yeQa9lFs5Jw`B zdLX;7htnX29JFVbJW|U;3WeL{G;r)|ctUt7cK_F2A0SkuS7YPGtAv8Z1af;EoG=?h z1-=GC7hDs;j3G-a=dyA#5QK7X{VM73}Fb`uh6B z{r8VpcrCOR6fu#25S?H>IG|6UP(|4%0NUu<<4=js=$7-2-|P!*`ZXt$OXbxtsV430 zsMUpW+T)P>4se}6_rtKK-{-Ebd(h+vZRmahZb}m@GLm{i$dH5|O3I?~LRceWV1zGR z6U2>@SOpzlnOB)SUV=pq3I#J#s$lZ*6#8jBh}j@PehE(^sMlcCOUOJVvLt5>3QGDz+SjAvXdnC)4`ntQxuAl^Io9d1h2!#y zEw5p56RdU^aZ22(Knidt8Mpxik*Kk;+I%I#0CgO;YsuC>(9)urct= z9RZ%A5G79O#7_c?_Fh2&s9`xNtAb!0Gf4bik`o004$Afx>#~m%3j;e)K^>08e+X@qdtYiNVE>W@iiFeSYKzPM{a~EtFIi_(WmW?GOX2ax zfLjEy1bm{Ga&4yI7Jbo7wM<`Lz?t;XIR`{Ge`s(j~ zvSbOj-qh>E-kRa=s$t{ap>J;q>qqs2m$yxnSyyEzA?iildr#y z+(S{PwR3tI`WYG8ZjZv68&yijK7-k4M>yX~~;XvdnVMrpD%DZv9{qd0rFN^18N1uvsAS}AH z5h;%YNUXzFg%`$r3q^xxqy?$vSzO>PD~ z`&KBZZB1@Va79vy@5L`8(!#=ipOLfgIgHr8sZsKS)NtSyhkve2c!qbP{?@-r`=I|% zNtCm3AvL+pkB51@7)~oJ{pT%*FX!M=xosLl9c4;>iZ}C$wx%x9G?I?U?qOjM{^wFA zSFL|$k;Iwn&by#MGvr502=m??$r~q8$Uk7gIz>XgUuYJhXA46~!rf>~ulyC!y~M>Z z+PH0Azm~epjItq<$P7PWx&U?~xy(g=cB>8ARdPze!4`g)Ku3@T#v__Bz+r4F_5o>3 zB!#DxR4}#-BwD_eCrD`ls|Sn#4V2@+cobqK z>95PmSRk|~F`-HhPi-|W7{QtW-uU{cg^0rvg=3UZ*Hv-KBPrv+(n$;>zBCl1d^b?w z65CO5suvLRhLQDshfJ?$y2o|zGXz`YA;}=#iK_X?7lT{HXt!C2?8{ms{MZ{P!a8%k zi_t7hG9$n(MBy=eWi;AHuocdb1HAO|&MdKk{2!*1%b`MB1K5qgEFAdspX0sX-$3>T zQhX6wV91z2tOx*n#H|FV5k#ak^evHYRd{PL*x^1C3l#vXb(nhz3WzvgAu)Ri2{S4k z!UaG=;eGU!0Sr_0??~=#JHVs1xg361LuP`@-x&==*;U9rNS^ljb-XSyxrG)vd#1f_ga9tY#s~d_Vi1=M zbNKbddqc));#YM2NH{1>~@YUI_Sq0ldIq|d>7>Sfht92GN6NC`H**#4Ea%ArGOXqvb{5?93b(J`psAUdiADFKMvmqWd#*$ z1wsx=)H~9V<(m=IK#4O3VsVg@8mSL43PR6UDpo#ZBrWA1F_@V2#UZs%f^@?Bc1=By z83Ghy(UhXhRKQ1^;RM-$Nc0+agH(MCWb6@XVgSfPy0GDTMCKP!#6SW%2U5iY!eb<) z6Q+wX5u*zr$`>FI17xS>ZkdnU&18^aBA(#Ci|eR{2HRDfif4n;^Om$6-DDMM(Gn$N z)59%3UDEWLN8G58g>O?y?URaS&WRq!i84HELzUbe-ZtW;2DYFn_N8LLsSGXAXFG%0Yhf2vlLKi zq>bdr;5*YLv@TWE8ltH{nTw@2KM=ePad9X5n!v3DbVLI<@*eLj7Jx2JSZU~8`?LBo zK^zdo5Bprp;{Ar*Sl?PG5t<+S7a3kbx`*3_WKQ-KHnqbeRS=yNI%$A?Fg&?A_~px& zYmE#@ZcFqrIe6Ri0$tgUds%IBjCNlra!^!hHE;NZeaVewANM1TP>X1EASK z@)<>h+(W2>%RqlZFMjaXup@PmTl^_B{BSXc7yYl4afG2~@O-YMi|P{YL)Q2mZW5M& zEOfj?aZCZ8El2QkX@97I^qmrdN(}x6IcVbqaOH!Yg*IBni6!B!$he639qAiiZljR5 zlO>SOg$rkX&#XgzOMq!uCl@s`q0T20ToFZxzmOE~5*}zJGYLwCJJx1mhV}3vU~88O zSTl2rDG%APN0H7=MUST^Dk!8!c92yVX*c_A5Uwxmt=^*2U42l|;&fKArgf-4?V`$W z-rj)Vdg@ilML=wXn0G453ndMtZatPK5;x0I6rtE!unWpt%fIvXaf@iC*-MW5dp)k)xTt?XK=sCkulJ3&uGG3z4Zrw;u8|3}Bw<=)Dk5Sg5F|g`#O2?CMU^|qRbWJ~`4ekcuv|v0 zNl!~llNym171add04OL9nWm^?Lg^cHLM5l9yqA@xfh%YN#N|-f+5iVBe=J`ecmecM z-#FVI{j`O3{oXB8z&G;u)oYz*aXyji3*sT~;Kyw=dTMGa@XA3SK}yKu!_AXwk7LqT zw=C1_5g3t(_6;g55m7HV=$C(`%OsCc`FRHhrQ8Edl!Bur9pT##z}s^4jBS8t1P$a= zU+t~)sLf3t`5Zbr&}@jjWuxzKl1`);Ia1Sc2Gf&P@3`s$o*NaWPxNDeCO1(#N+>9p zLQ`&JU=Ri*WE7BhMSZ<7pzT@^XV*bGK-9C14g^D#j2eS;!CSymOQk+6#Lc)(Xd-N+ zSLNjf_?&#K`ndvC-6n_kH z5m`Qu{bt95Z>IIVojdNd1Zt97dDeuKB zlyA@t5Q<)Pl!JstP7=aObm8js%*%QnQ$p9S>4zRl<&o9t*l4}FL#<_F^_9|?k+0e* zbBm+Ck1S^9`x$^@Q3`PJAh?yv#$}K})B~hHib!8Hl&Kvqj339Hz_j!-!I}*i{g4jk zL}$kiQzIk#-lL*{zkB-nG7x+Fa8d7olx!|zpnUa#T^z-v4k@eaG|0vyfcptWR74Jr zEW<9a!xL>8@=P6b&;yN|ex7Ww64bgS?l{uHax0 zy1bXeS%^cPM?z9}EUk4#{k_z~~2hdkr9q(IJ=p_^Nd*#+gvCOl{Kw##kNW}N-q8KzxIOujLLKehPk z>OHfzJiB2k!ZZ65ierIf+)0%x&!OwVhiWQJ@=gsfKbtx_ek`M|X1PfEpWpGZ6T_d! z4fgrAgl4T;^yeSTN1Bb8{(MV?N#Ym&e(yPVuJhk-)$UyXu;B0a`Q`FsGRNy2W{(B1!vAurcuY++R^Zxu%;Q#Ory8jpNz#Yf%_uU?x zIwk-2TOl)pgUrLqse#OL3W*}d?XN}tUMWWumpC=N?zHovCyu5Q) z`|m{yvf;M<@?|_fUL~bCb49f40H3uA4L|fQbyFnM6Er9_L2hnt5t`@W!x1fbR1Y3L z+&IKU4NH?hj6|*?C$au@ozu}DQM&Ek4ps{EIUmD!At)k~JEr^+C{Pr7Inc+f;2w80 z6kL`u>b2qn9oRcjSdFUFKRcxcp*Ao>9yJQdilnl#1(J}nXaiVF^YrrCg`C0^elhs{ z9jI53MqWCCEQ@)5`7=VHH>4YHM?hZ5M}=)i%akG1%n=Cl01-2hWx66yy9y^Yq{As> zvy$#NLn`dNA#RuG=>;Ea=?hwfd-e0e4*l5OvQA*l4j%{WVn0(v#>%?S0|U1~5$(hO z(324V#W!!ZMzP@~K&pJJ@fIMOa7LotEgrv$qLePm%gvnxNZ%E7>;yiCDO~%jV`SA) zQIN(*1(bK2VU~RrlQ^&o$6jyxnugK`t)Gtvyf$HA8FlaqYMpMpDFU7jouG6OuwQsi zsi|%&CnN;CZRERD-hf|O0ea|<5_(YQ4XX7Wp80 zMW`}cp=*8s5%9%QTEDpemIsfaU!Qm%$q()wW@ zE+!&*Ez%8K%9R)PhPWA#;o&Q3p5ER~&|;;abTM*c_S}l`!;h!Nt;#x)S>O(lagPxq zyt6OgXaXqOz|HM8w13wD>xSu3K0yczzk<_uIy-WUb@{lp zDw`FIoEN2?)7g5G=2;M#5ma8W7EqnZyt|v8C7u~d=yGhT@ zd0yA=MK8?~!p9)K8@^Up<)qkSAz1+J}7ne~ga4#dB0Lo=Xi= zBj>pze zjpeis;xM>IL{q4!!;etqop7ZP2WD0bx+Js!^>ig%{JW?p>Mz-xg|^7VB;8Y0KL6;V z<4&h_0km^&-_h>Y=mnHY1akHo^Drq3IQ`3rX=Xg ztQ2DSA&x=-JVztMbPoBJJUCtu&UmEE4TyOY!c_yPD&J$rNL|SI;0H#9J$L*AYF}e8vOIiz;-^cmgZl{KlYg0APEp^!k-UMSo+~TL@V;AU_Nbq= zgOBgI+si+9E#0tmhmp^E+VfStD`tM42g$V#dnVZ*uX7axn2CN0JdF#&=R*k2QR#Lm zr2uKcc{Xi56%R~nA7ChQS@?}xc=Y?Bo7i|s~v zU*Fo_{qr3Uk5tGG4c9MqbW2Li91N>2I!dw%MNqvYg|2ttRNSDZo5Me21f$ zr49Y#oOc9k4A<`!8R-XoM|F4g(zYYi%FzhKSGe`P9@@ z0~-D@_(^irDs>1VBQV{EpgO>OKL0EvGFtRvGqaZ8BJL**SypDqU__9apFi;akp*74 z5oe?}Gu6d}r0#fyn7RguuZygzqvZzUB>T^b)SW4r3)}#CnmO>zFdUvDz3>=<6w5lg zlN>0><6XfDwoLeZf3ZXXI!*`|bjgKaM1=xia)i~LIPR|CFGx4$jghRP0A4 zM)zfbHfrr4Wd%}|!%}Xub<#JnTOSs5sek5Q>+n4@W^a|dXSA`8twqn#)rLQDMDfnylCH$oEELcnP}4> z=_LAiR$i-KO+)n;U269R5geC1AT@=V@kV&92B=>7gg&UAJ%1i$hE2;mC{OMJn|Osp z8@lSp_=r(Rw2?LSM(C>^67Wv_nV9dRx z>dvY&5RE|Fd*b4S3$?^7KtSL&6bcy-s)nwJ#N=NhwhUP+yA9b($$`lfWR1OWWHmt_ zy?|sFMFnhzYiRN0aOK5Im+H|^gWNJ;`jIN;DM*z;N2H5-C|YE>>Tz={u3czM!qKu0 zxzt*lN9I64ElW-mgFPWeFuj0;M3z$1!ep;MH@_ErJKxfIpZtBFjYF;R^Cu6L7+jCr zUwm^ktDYtxs0>Juq;b1<#{vEkIJTjuE5FI69=PLO&^2w@9b_9}Q}_YO#WaFV*j?Jt z-5KDZCwM1_jb!A4$b37FkA#p5xMF*v<@+Rh0%*|MOrYtMPekYnDL$e0w0z*1jKC#I z!!58qQ!Dn57QhUaYf!xiIP-8L$%2qm!tmzv<(+hHyaO21KFG1SuQ7aBc?@c8)9Y#{ zrJBmjVT4xD30Sb_e!z&l4TNlYAPttog$=`7-k{XW2Qf-&3sB7b6>|ei!os|KX?t{-Le~zyHa5DFiYH;hP0?)!g_MrA_8V*#30hx!QQ^ZQzxGzf zLMp1@)@*>*_@V;=Kp(;}5(K=r8ImY%6ykMw;BT>eXmtpA`7qll+c%Ed3M(QChhIc; zA}TuQIyB>Q=5>v;?7C%$d;SKucDdxc*;0}Bk|q=*q&NVCBE@?NzMtu%qoaT80}?X; zFe9#SptDmP z@7+yD$|SN6jc>^kTf#Z-N;G=nun!!d3Se(A% zwU92R2Wcoa<@iGghlAVr@qRISB%q<7qe*cLqon{|?Xb+YKZ|a@w?K7h5BE;iU_T&` zrr=`I@%AEuU{TOnfJQwdT-;mi^`ig+q@1JLUxVbr!K_-HxW$&Zpn!ISxJ>u}qzlg( zpV*cgpjONREe>n|=%_K25`@VM?4|GCnx$~RS@ z{?z+dKYiz&UNC6})}EV>FC96m)9XbMG^}j`A0cKUx#@MQ`93;o0(HnJq;*O=%UHgB z16Z2@)Cb|`Dqx;tHHRp*_s|d%KovVmqO8Wj+vvu&xyZJ(0j_?0#}5__C)>2hI^MYI zng!8g7orP;m!%ejiH-$|RP<(v&awg(CwkAgMXYixOp$*Rm;|;-TvgQu-D!U_+OEYB zB_%VQU_gMByz(r~KCilUepJ-hgOzei-HU&RL|iUeu!P=i(wUeO?Qx|4_3mPag0`@+ z=U&YG2A>~S1F4j}Fq`)ZEm00<6#6PRxA985&+mO#7jX*DJ@dugD zliciYa!^ay=M2lVeh-mLO6|4`IH#VeE%7IJ7F;?@40N|`Mf=4Aie3us%J| ziNo-BWL%uy;y>3${SS4_65CGcp6agiPJDo904k#fj zJSZyKkFcjhqZy)MA4=LgUJShE`k>{%#o!?TWDjR^?A}L6>m&@W2ZD$j5W|tQrqZRVEmlHC#sF+8VGj8?g{~mw z|1Xex=U?A@c7ET2lOvvBwm>eCPK6x@Xbp;bJy^WWV{eTg`h35M9x8M-Nf4WOSAITm zq>BDP_egXhL^(7jJFrk@u@)Q%1RW=`B%-H9@wXFTUn5d3niMsuNg(Z^`YY$<`lbx^ zyxxzk;5)HtRZ*!(KYX|QKBbT5jCBdTQH$QYzkG?{KA=gah-z<9dlr*H81|@&c7gwf zJG0QWYEls??|M2J0F_-m6hRFjb;%yaW+;>KEDMb>~Djgd;`W7!h67gJ~#EIyb>Xc|2Bje^@TlmsU(VLL^7QCOMU*cVfyf%cj^885pT@AYvQ^;8o#XnCboXJvls)*Y31O3PI=~ zXT75vC2y&%EZf`q`aw?o7AcyXiL3C`kDDh8?j_WHAEUSH)P2)N8$cw){MS*LS2*Q5 zUibwJ7>odc+_0(0Api>)8cEThy^GGei}aG*5vaKd2ZNh6N={tdUxHH-$i7VQm>%?@ zC}bi~GmZgc%LIn?F30f_0W}HpO!nUk`&vMbnULn>yR{hYl03|Le+7yIs5Iyzo4-Hj z0?gS6Nm(RLXjG08NK8=U<)Es;r@)zv;V@dE{N&Z%E1odMNlZBRF^mra?zsjsk1*8N z^@qGFfhvxn`H65{oV)#}yIgm5%s z0cj&0olBNsP`2GZ3)g~IbxsGrd$tvBT5_m)o`W%{=yzOCyL%oVipGVk5t)LBpFx)Z=g;RrSZdEnDA`KQZi8BO6J$`X;PS`BiNq66(A(DW{SGNQ_hQW3wHj56Ol*KS{%|I$*vCE0^X9q!k5muVe ziJAnMg=T~(MV27&+_UG->AadOtw0HkWUyrK?pG@6d;T*m!J%~ULty80_5OqCT{nSy zo%h%za0%rh4EE7nJ)23q%ihaEYLq}yqqsahHy+*I6_;H7t%IkU?r>N2a*MU-aiKNfYXS&9ZLq__AiD20?k_09!>31p%k zwF*=mgDyY5e-D3QAC4hM@T=|a?G?{#KvM723y=ef7i2VNN6{To-rBmUwNZr%JiiKU z@nt_w6-8aW+IRnJSLB1&ukEwL%u&YQd&*b7M$a+9$j`uK{7Lnx+)|NP>)bN~cizi2 z^h;Fc1ca-p7y;tRK*P)?!DS&@r2Ya0`UWT3DC$Z{5fKfnD6iuW#Gv*NA?HBLL_d}= z@R(7Ed^f(s2{F{XY8(n2wt4d^hT}kB_u(cq9T>u3 z1nD3Ks0g*+Kcuc3Ew$%f;BT}B+AszL_bA{I>I0m@zeX_BGjg)uzVxn z#y?fcWDP;X(P_aBv+*P*H9@bbm+WLCt&R{M`TaU%nS@c2cJy8xU=rw^gwxngLWW}% z9p0_LPWi}?_z>88q4Aa2ZpAWlzhY^*M=I)#3lDn+FAH8Ru5uLxisOIHh&&eA2lp`) zt*0UJ+mBthg8)_Jc0lN)Z}eHP217axpmWHFj2#aAn%E78xS#m_7+Q;~f-xjAcvEtG zA#vz5U&;O$Uh=oy)tHT^}{; zsj#d1)zSG##xh!6m(O9c_%JbO_U<>d#tuZi|zk+y_Z>^lTi)7{c&e$XDnYcu;BZn_@}zOmIi zb~5AD?jM6zyw^l4K6S23{V*=V^YbngG?y=xA%j%ec6(PQ&`FV^c&-NwANJTowsoG5 zX`A~4&6hj)81!ij`t7Cx1%aIV4l`buEAlvq{Ea;UKUK=G zO2OMd-%-^6Rl$M^ZO9mqp*G4R6w`5WKJyu;7tR(+jY`y$j+4myOYMXfQQv|#d3Kc_ z=se!aBKYkeDbuvHx%;21p{R16|2FaR_ey6~T)*OsTMS}n_|{wrlm6%B|0<;-%;vS& z2&{^2cUWts|9W4Egny5~;y+@l!1JfTR;fC|HwfDq}}#f1ZRk$Jk-C0zi$d1rHxcmH|KOL=Is**JcZT^++QE-cEpweh(CmC2N*8$pHNg>NKoSxXI;bZe-aSG52zaD-6A*WG zI*^zN}N+t5T13<>3z2p1*DN$S2Mef+``x^fPenq3PbD>j62e+=J% zzBD8st~ly}RvNgtqyhU_b4#}0$_inT2x8{WnbVeYm*kBwzkmgG>UxY{w7&0Si2pT0 zh+1BTPD?GgKQ=<&E>L)FZZ|N@3}n2Pk9@MBpG^X8F9{2Pt&GFh(d_UAA?p6u6U6%g zqTBE@jB2Vzhztnt8gtpWh4`p%6w!9AJRHKC^Yb6E)cY$UAH&hKn1s8Hxod_|1T>XQbNmEo-3hX_FwSV&$|5L#u-)udTDILuIokj+RQF&^sCs%r8b@VO%b zzmY@tqk@eV!L&x@&_w(#t}+>fdK$F(p`EA|ZX;WDMM*IWWBHHd??H10dESpFhjn3H zqDxOAg%@xxV>D~7hc>!Xsd6P@0v`m7C`a@ zdP$cjmQ2qadjc9B0HPSJ4oEkVuMw1&73^!t4$CDREq&gQQ;KcUi~Kn8 zl`f)d;IACTE^6W9U?Ihev&9;DTO=uw`{9q)gsk@n=2Mj&LhA7rgSc-Y_I4DM;GE6C zZS1Q{z67)c3Ef&S2wCRYkUb;a1N2IsKS93%^Kvi!Sr$77FdESeV50FIoP~sWgS_=F zF|@T~cwpeORNg5Vbkhweefl8uB^bgie31!Ri3BW9%D$slCp4D}+F=v8X81$NjUMoK zk9=p9&v;fkbXbqwKq_{?yu=35l<*d}UC60$Vwj-AmyG&@9xDtxH3M{(3;eT)Fb-(~ z@*nAVr9<1mMTCjq$?kxc3>}Z>7Kp42$aT@6y@H9A`tilaX7--L*1`q%oL|M~9uS8l zqIhvrbUwymUg#cArb5ur7E|xpc8;A2+tmDwuiPU-G3k=jT((VuR^C<7-EE~+>$**^ zzUsT`TdQ`=XGL%G#tJ9VeLf=XZQfszXOT@MLW5h*#Z~Xo+d|-Hzy_{OciIp9epeDu z0?S`gu|kklB|nE;CPqHf$SyQRiM|{M zep`AH3^&q{5y8$3?PMbaxGaYp9-w)Y$P^lwh@b&cEbP~b!7ftu@P%l#xG6F(riSW@ zA0-g0Xu|lMoBnb1I9N}jTt{t{hg`<(D+6%EOp$%4Dgf**u3!#iIde)r?DEq2(c$^K z8ZRaA?N(V1Pyc`cO{aC-Vm+33#r*q^EIz;e9XOW^ToOTf2?>T~_BBY%NrsDbtt4}s zKE&~agd$-9q|`2;2MsV*%d#!8LF9Z3tvZp7qdJ5@9TYWiUu>qaI?%twmAk@D1_p5_ zpxSPL?{x?N z+b9ajjN`wCiM9kfkDNiS0Ar}vfakw0^7cSv(1G;+L3cJ4XjRnOWDI~Gxp*c-N2K1q zHH9p`9${!mOsS)9Gn7FezKJg_-(K~xmZ;SfANnZ|z1yvlbLRF+k5?adg`q0O=V7X!bdj|LWCgPS0no`KA0PR3mXXh>OArR}Xu?m2TBLNTymINnC z!hR#tHOyc4NQg#|1XO>Hckb8#eTS(e>2E-hAOUv2=uFP$T>-=t$0JSPa`9I<=j}6z|4S091rv}j@8NW-4MIBw;dK6{L zB|AOqaEI3JzHfkHq6rMfdUSg-b5PSP-oO1U@7aC+Apm5}7iKW-L`4cKu;XRWr$0IU z3|vm449i<%tq1qq21Eb%T$Z>=S{P|E!ZEpV-1#vSe27x3k=GM`1#XkN(LM00(7~Bs z2V>9ZtSxvl;3)u-;%pJfTmwtUG?>p2peWP_s>7q07(tG1@cg*rN1wx-F%4d4t@f@=Q$plp zsog3D;sW4kX~mqt^Fhd!9{-=(YgUPhi_f;Vz&!|V%xgf-k~ug~nb+gU&xiZ(EC~iy zBKFSi2RFfZxB}9pCy}fP*G*5tO@jIIHY7AeFowE~Fj=IL#OO2IRWQf4Xw;5G9LLp} zf^qRjBqGXF^b?U~ICt*c3Jm8!lV~)K{(MZxW1fFsA3zA9k8qYQzihpGH^wC;0n#S@ zC4J4=xA2Q&I4v_lL3y|TfJ`zq0OMUlAGBggHl!J<1LFdgC%1F~8bU~i36StE(3nbD zzj5y*%PCuf&0+Y!aPxmpoAq=P&7Pdr=&B1oUBo2_lC-xFM&x6Y5gbna+=4^g zkzc#u8+(L11%_XD0LJcbyMG7(d?Gn~NMVWt`ijWZ?~a*9=px5Zsf)?V8qQ4rC>aBm zfe7=M-r#Bqah}6^{(Q_UMQxe^?;&VoA|Z`=rpEAtq!i=@iQW=RZa=Dfu)*QLeG1y% z|2|;G9}kbn)Cu(k{~j@P?qFdS!*J*wX0MRVMih|f$i506jnk}@cdw1DJ}`~jNF(~u z+}wm^{ubxs*w+qQl5uCx0Kw^dlFYMu;2$l(NhWgDuvyhsqEv*=VMVsmn8MN>D(LW` zwR(Rw>5i&g@z`lMcU9$=@w=Xrqa*e>lVksSTjss5H+9GGj_!I{qr22W#RwC)Op!yB zEeS$u)HZfl5)~eMA1*{fA;Q6NSs>9C90VjJZQm!1aI6zyglqmQ zG;`F~*UNTbBo7btUr_Foe}%LN(wetu&*W31?w8g0AmX{M=ZDsmFu;TFi>)9Z@E+(u zmW-0!`{<#4)RSV+wv#j)DWz+Pd{X^fYd!cj>^!hiw~v8FueZ{5ko;->I%2ABUd!t3 zuiSSyUuU4d&C`| zbi5xXmC8R8nScD2mG|d9(cJEHx7QR9wh_Df3!2nL|Fr0I2@{IT`agFFwO3czjX&Ys zw^s$V@Xi~v_38%(((nhZ;bX&dqj|ggYYw{b(B{rog-@7BAm_-9+a$KP?XVnAmQYdY z!GQRwgpAR{EVO^Ih-|^_CuqF!mFJkYRf$msFCH=ll`icPzeC? zhX>+L$DvX7I38{M1`H_Y<4n-?w7Tw+5_jpxnMz{!Tz) zW@i@&>0DYPhEJb1FyAO|itM}=!Xa)Rp6|~&_gSEvm4#k2q#J1q@a*&WQ{*Y+H@bRy zIsu}?_AE2Q#<4qK3`N6UWRfu;NBVM42L(-Az^9H_m%}XS!p)n)(5kJ&b!6tj*u<4% zb=-yb>mQyI>m3%3y?ywrGiy%74elTzj~@%W9%_ks^)beuYZtoo`04n~fGns}g#h1= zwUw4KAexFvNonA){Wj1dpMM72?gDsRV!p&#WC5Oq``z6`QQ+-Cv4oxj(*v8t#8}Z_ zN*q26&CP>Q7JY35S1x2a1Zah9&osCFh~POi#c^UWV0F3fP{30?ok# z8<1?2M)-xjz!GE><({VQZ!}4t)F;N5SSc71^~^zjQSE+Y&rHU~#_$K_z;YrV9V36| zAcV421_h;!+dYl_!oI3cX|5qVw0aLnw;%D*K%2nUs?khjLHG><=`0t#vCP z87ED~bOC%Ck&t{J?KOto;~d0aO)swk%PAbYRA6$lq*R^97eXYFsidp`|BcFxqwT1`hjaVj!A&>O6Twfl?c<)Nzdws&n=_9N4k3(YfrW4q=&$vR+ z76{i&$oOP1rv_8YwwakN5f0bRdY@>#$0X8CQC7AT%&H6=4D-9AqoYxyFaU2ki_-E- ze}5-Rzo)R(FsXOvG^~ax`!m2qhu|IEV6qX>Y1^SgvLIm>qB)KVOivdN4hg|TOXGdY z6dCu9isw1*uhO>Apfp}$A@~9FivVVQLiR|!_rXL+tX(C1^PPJ6Y9YVV@9!lXzQNs_ zww7yhCdi30_`;tS#p8XI^<)Cyve4-$$nNgJL2Z2dN7o3D)*KL;d7;lb- zv+%1|Er%4#LYAF}LB{UK$1M){!qpr}i^-PUnwpw2q*a&*^@MBdCfXJ3ParE};Ns#U&OISJG)AuymYg%6D>X|HDx!G%}lUlyv{RXUSuiazswME2JRXX%(4%{JYkr6gL!~3I% zC+3%E{F?(iQL-kG`aC5pW`7O*G)Nw_d4qz2CcYta4fhZ1M@56N6EEOqAQYv8_`w0v zmI*48j~9e8_CRX;5(wlys1nM%J(V_Xde+jy=j7x>1_i*@5zC7S&j=pkPnw#RK&~2A z*&P)<(*V#d45J7i1&%DLMXy*aG9EPUD&C>95v1F@Gw8%x-`z1W<1Gh!+OSS%2J z44p`}GYo?RhR4UXa2HH#Hmj%zakAnu+|DimK@InFdlU#TsCkNmoD6v;laJP%1_8K2 zRbbl!P(>52HZnk0 z6jcx)ubW6@1Bt_kU221Sn;Lw17qGKu14Nt+kY0=OAd|0f5|Y4JY}nIYcgrRip~^>@IZtygZ}0heyj(D`la?~W9j<)_PZbWG zhI@yc04QSO{nBONFNeqRMjtOqnDkKMK*k7@Kl-j;Xo?%<$^l2cUFLZXr1xQK1P zyAyx-1Fnk`cLLQ6rd2go7jQZ~-#W07Q8eUOl$HKUg>#{|IWImhQmNITVC5f($f7vs z?`tZEabIMseBp*G*KK}tt4&;P+NAED{F{4+8&o;@{iwq6dwVVzY}_vN=l2)wTjIg5 zZE~q%uZNmJ+}+|0$DcbYO8ouVqK2gi4;e4G(-(0L3eGusl#4oL_AXj(!(7qyMQ$el z7?x$o>M3zGcwU@bFZ6livQz&!l(}x+nZETuri56Qo{|6Obr&t#Hy203zrK=q@CyI> zVfe0ZDJM1VrXf>un{(5ZUg5xbsb%h>sU>3EY^-MmI@L5rZLw%pa*=KKAlBU2%z0njKk=FdPxA)oRJL)hU4tl6}Uiirsc8wXnhYugZ zoo5rYc^7bSQ54AYT8v$h>xYDP3BK87RRH^WWWC#O-7!jkj*N_f!WmHpmt8xgLgzVF zkZBtlE-o&~W!p6JoA3){ux&7!VM4ZQj53q32I1@5=n4lp9Aaq+=!XP4HyRil%Qw_f za+%~_8#XMVfbpvXWnzNy8v2a4si~1^s8#1gh3n*I&y|jcr`}(pSl8=t58YZR=k35% zTapkG!Va0tC3HjF00btpVS`ze=JxHKfDT+QS5@huA95}vT>Py>MwJGXnnPDtmwE#7 z8yK3c5G+kGS^>`eF9C&r`1HxBH=B6>hkK!~a4`_x^UxmlErRA>A^?3O_t0zzBVc>r z7Qp>iLO?&~h5;+0A*T6q3x~5J3OoU9nCDvp>Axy)BtsLEBtx&6Y5%s80Nb&)=H{h<;7Sqgzjak`g-j3?`>~w_RBk|~U zwj@^}88sdxO!wEBj7dn&WTLs5OoESrr8sJcmY>)G_YmI5F#@pc8PEU*3L*AvXy`(O zGM4Szx5K^e6N>J&ho_L$+d%??gqw-N)X7ysLKFmR@JBlLCxtg%l>of=BH%iE9I0-{ zg@xDJ&*rCZ70%r3U*B-JqCN3O)y`9DLZ@y|6&dJ+2pt|`!)9>Mm(DHyVvCEnx_`8v zS7h-#C<7#KLp5iKvn5rhez&=~xgDT(bJ+PqBSKL)6R>RzGOr{ia$vrp>x%h{O!Yz9 zSlZvf*^IWPwSf8;--%0~rjJY-}$UrGta)DWW+(+B2kf1|}wRFrNqWC{_W(&o723 z3@0_p#s%13SYf+FugwJa2nYxWakJep5c6RS3d%b}PTavA{j%(GOu7w+f5kI}Z4Q`2 zh2<@s^B`|D<>ae`k-#sRf!mO;&#Z?zA)JcIDmTr*OxE2P8j0i3Hh%!xw=d8lAOnSA zehAv?$P@w0YO!bHYPg5hlXfEZ4Xo2(w8=?UDB6hMAWI?H1&pN){cnhHvt^^z9v|l> zz*L^-nF`GM#R7XtEdOB6t+)}#YTof*o*3Ip?htXAT_~Uw2%?se!Uy`$*LM+T_VuKs zIpDt3pk0v#uZ#J4TgAAAq36n98>@E?>{86NYn?d9V_+l>aEn+|X^Si#9c*1PF)=|B zO%y|9{aHReBVW5r!=;fLR^0nGdft%`lK{!13v4D2d}NJR{CfT8xQ(K~R4VD%CP^1b zrL*?i+n)koO(xj6Ru;OooPrnDTtJiC@C>02StKYJiX<)P{= z2w2%(ym;{iz6{ui3=}dd862FTXe8FM=xnbc`Mu9-1ER5J;f-wAU33{H zwt|>Db|38t?}l*|aDQI`B$JFXl0n-FJaD6wSFB&up!P(9`x6K>jXir-5<>|~cUM=o zSUqNSb@ioue5K{(tVo?OTZ-_blK7~pwPe0AGHsc|pY;?K7a6XFsT4(F_^1|*cER-* z)|hF96UEBPss`=@?d8GXA*kdZzkW(0??igeL}6T45V)UDz(__&-W8~A=S5+1C^YbH>4e}m} zf|=n`rGrBF9*;5*qH;3wLMM4KXwj#LNT^a@Xsr?U+fh|rosG4PX^E^*YCa)FE8xj%t;iCuB-&4TN znaI$}Duy{48VZ4{fIOkDgV#zd2A!l4XWe5Iu1d=O6dqMUP9O6b+}A+3AcB=I#VxOsBe)FpaH#Y8y(7}O zdhZV~A9>%xQhLl$pHGPMqR>EbScvwFGV&KvW}|;Awi}3wCU&z)4UPb|lWL^O*#CAj z*d<5?4xu3oi)J~TEMhizB)rpCxsc`r(@;iK5_s0gA_Duq14s~-m*+x+*^V-cU>EQq zfAZ!HCtCBUK%L4Noz)S0P?CPBOP-JHr{x>s|4Cdjz9-h&@JZkVwV{b=t2sKz4C`{PN zpU3NEf4mTsr}qX=U-a6^v`AR^fuVJ6x@O|aR@)U}@Fh0dLV96y;HTDO$ac=ye==k} z<5&~9YT~H0j$pz^+Ukh_Qbog6*K~=DDHb9d%$OT$lrE%sh3O;%ht=G=l>wc?nbtcs zG(30_bpUIuf-$CC?CrMUEj{kLili4`cmpFgGIB;hMNPv*UFp2M;emh%zX>&)ojH6I zcXlB~4UdWi!Vfcd(S;z_u=2)6uh|cqoh^&Q)wO2X+o$t}rzKZ%MsE2X z()^b9)TmOB)#X!!Wu*gMM&h{aYoh{e-IAQm?C-M`zCq zk9zt!K{a&_v5b40lW(yc+`DF3G;83t8+NNmGKa5ye6v-FxV<~6O7aKi3EJA`3g1$1d~(s5O%v)4gN(^)-&~hf(zbpd+5W$lC67$RZr;sV`8Q1uN^9gYkKvPS zS@0h@{%8j7;_Um*{^$Q(oBUVR!M|Sie=chN|Np~Bwey_UtZ@!{@#%`C*>U-6up(5Le& z7A=~}eA_tvBk@aN$6KX=qtA=pJsS5-&$>P3w)tJbzWH}mH#bDjeCuRDN%v^ei8$Am zdgt^oZ4v&~pWmKw92_m*(=gKfQv@e6QZhsHmL+n&jI47p))V0yt2-LX>k$d`kx za~NY{V^@lOQT$vT8*=81k7+#bowbL0hrgyd?+y8MQ@Fts$LI0<11t}Jd^w4Hf;0%@ zFpk;e%qwmED6Jqdw};Vgzw`Of!PeP&=6Yu8`RC6a@?1Wj>gq~e*YE|Dgl5NyDMJJE zK-UronT@z;=`!8d0o@`)EO+50({ zaXr(Am$*bz%uI+nlsrNam85c&lzs^eH=}KX>n#u0j_g&cS2r$?-WARI?MK;3b(XNW z$fRA)U1^0fZa)u-@vsS~9HiFl6u4XWU14bfWAxzptzw*NZZ4q%i(Q<5eZTvq=YiHi8}l@>Z008>8vY!Z zC(I#jw6|0i7;mgkKC7sNpVK2tx$r`CcJ&D&Z4qL{x;Iv=$$H&8qhdh>F zsxk;@7$5jub1J@ReVa`kZ_cUPY^}8gHAj>d#B%uV5sYM07GZV@`Z2?wUDlW}&O&)H zeSUK2Z5eC(@Rp?WaelReBcUrL2ZTTA2i&mytTfEER4MQI)DHEAamVKC?7LOl7?yKM zayut)YieU|x$N<=c7w4&+}METv8#>hWi`*jJqI}jhZ2%3ZSMZoF!v2EEmkO&^!JY` z6bzhTa#AmQ%WUtzmpe&g)%55R?P7nEtORXW)+-!dPx3T5xSdtbHosxaIVGiWV#6{% z4(YUp1I1F*zS5HPsk;G9gRN3+*6s6^4Y#g)cR!J%?})(3O_D_n)aZe$HwXJNlkaMt zq!@3ohE?ix_D3$oXV=PiZ&fJOR_Zz5RoT(_)3;tWi=`*K-)`XTLL@o3;pwGii;f=r zuItY{%jkGkAMnaGrNT;9(NVk9>Aq)|aZX6&CPy`Wibhpyo zs30AZ(l}ytZty<7@x%8Yc=zLWUAuN&yFd5++~=I78-2E(BX&7b+>2j+7!slN{#U3aVVF|% z^7h7qHb`iH1X-5Q4^XLwHH+o$th|zST{}E(w?%{ouSs~Gc>O+qBs@vAiOShJDM(DE zE3(TDPj=!y4~Z`@X*EdDu@NH-VcT~%Di12&%A@%O50Q7aL^>@*gI5>=4T58IM8sw1d zVsWQLY2Y_#XshNd+`r;(% zl*Kn+5|EDuACiVeTIRQ>h+y~jl%e1rytQA*))Y+b?X7atrW1qu8lSEan}i&DxX%aP zj+p4pHs|x$57CI2j&BLPInOH=_=Wh@EG>m5VbhUOWE&-R5udix2L^>J0rk!*@5wmZ zdeTLN*6o&F-0letwk~!%Izhdabe*z0?2Y%OVT%&BXjOB!M)Wcaggjr`jc@$2LfxD# zt_`Zf)sbvtAKB%%O(=Kf8D~C^S>+=(-?o04=)QzA)u6ez`sWF^&5S`~sXJG_@V=(L zKMf5QYkgrkcO6J4)+O?xx3rPaspby>b4v?T$cuw=kCs0l*o)ilyTx>_pdC4O5dLBc zB6rA1HtM?k2FwXU0;#nd$YpuG^+JX%)pjjR{i+)lA5EX8hgFuXBp%mG;JU2-L98nf zaopPCMD3B*TvUg%LR)JH)3R`jGn@^pXu;%e%|&k=mj^a+OQRDmUW?o2V0j`-=; zIj&{?cE^rGhTf4}EaXB>EthwFN|*X@s{kjo7aepX3!%Wi>szrM+(25ziIe;+?@#Zx zhKQ&Bu|-$Vx!)>}oYH9Ce8^V7E87Wo=sUdHwrHDqLgkcnGcIg}cWPCC0$GH^)>SlJ zOcv%^q}oOb@etZ@F3#qxgmTVnMa{Pf!QI#)xa5=K z@7~dTmi5-oxk7Tmis^+m)|OUd7N0tlDX8>k+2RAFibGzW4QEf{4mG60)ObDky4=-7 z_nZ69o4;da`@;6;ht`UT&5Q23>{m)>!DfYVnFhXGW-kK>yHJ>hAPPYU|`)r>vZwzJhM3Ld1 zEl$@7$}1FktM{)y!5 zOx&jP?~eDxm%A!})Ul)Bx;m*DHO()W>e14Ki$UJUM&Hg%WmmZi$Kn~{-0s6! zz2p>vS%oo|wSeaQU+LqWH`T!u&^MRSbzk1MhS249H&0$ql`ndABNxI!dE?;V<gBTHUms(omk^FLQf;5nDBiXNVzoPRoc%FUA%$SU;;puR_4yhps&`+@7gp* zwp&P3?Vr8O>)YPlMHCkDIUt%ziHSqg)7R@B$7sczIS#o8)&|Qr6H)NLp6%h`NlZ;P z^e0D_TSvuR>!#oe2q1^IZr$CPy2u}GdV`oQ2*sPb;j;&CA2bCpGufsl z9x#k|SD!Vo-T=Y?Z`REaNGE|9~)7{7XlBEy?I^VJgo#EW#U3 zUAZMmAG1+sg*^iRz~LG^gNl{<>s)nlPpv?6oGw zA55unlJN@dWU~--j)VT4?X5SyY)^f@;M`g=l3;AWv%`PYe=ushB*h4xTs@2fio)#} zTx53R7?D;spO(p;zfbn_gzHC!Ckj+;_(l@{k3d5F%Ui{22PG%7BD8S&JU-4lPo=?7 zWCue)uk7$M_KcAErWJv*3|D(iR{rul%JR~%@8P1v-UgB~%c|+5@>_MdsgOp+mlluJ zR4#`}Hc-g_RJ#6gj55^&{+Bmd)x2KdW!uwwV7j$T&CI&cFasSq(vZ+E^G!>DEdkbM z{Et7&MYU%(ZLUmIjM_`pRVo2EG|geZstUjf4k>Qa_3XzxTlPm5Yr4OyuD;fQ>@Cf_ zJ}L&5e`$V<%*@MMJNHMb9RveUcchKnPl1}lZUUuCO@B;q1DMb?x4ofYH99o72JFPM zO(w?B=;%!}YO+RI#ZK;%gpaa|_FpI5C`&|_B18adkyUu~rgdgBT}(_YG1*kMVET*% zy)-82y1$l+3d@hzk$>jU^6}&!dUZi~@!=}LPm7YOxtc|+D+F%TWb4$jDj|Ee5aq|j zC98JPTe*9Im;p(c&ue7u6*zPhdkN+7+d*lqf{RWC4(->k3jnXGDeAQRU z$>KW?f?b3n?OJAD>sv-_2wxp-_*QzeCRf`*$<3mDw$Rx<&Gr-S0d6!*A8~P3*P49* z>|otcQKV8zj3diCS^TklEQPrK(Lz{UqIkbwwv3CJ@ssG%==91L7P8n<^>pP26f#!- zCj7?r(s>3g75|3^Em*+;i{m?|8r~u-eYl~VBD8ohh{=nc)c7vDkW2E$TQ@6rkJ?<= zLbM(;C*yGtsJx7CNpTTaDEn2T>)q_tdA^^c3G&CuRh!}20YldO0(Uh+uN%a+E(Sg$ zu7WNL+3ht_Gd$QOJsDr1Ogr-tJhI*|hyYFq%E5X3ZCqS?ti!`UBSrGEuU!)0OG{@i z7HeDv?`UY3P&3s7>5R2o!??Og-VY7d`pUS*<>p~)f(mbvvX%tf9sp~mm)Lc;kDt=A zo}ZSxaMcTl?_)`vR>yHb8#HZvaW06i$h-{!*s06$ajt)K48n0pNlgs|gR$qBjjcnk zKo;8Z_RSbIJTkI}LN-;^5|vb>9Pf>;%37r^c&+5+SuuY_fk{C8DQ|NGq;ns>*Pb-Zmxsfce&BPWAfOHxW(2Diw>LaP@o65S%G!uo5 zm>3m6 zUKe^E8FY{EViMsb>bd56DJQ6{8=75D#j7JH@k3}fJ~SzUo;BV4x37|=FkGM^@)j5zSI2w*{ZMmi=R;zShp?GVI9d5XF$8TY>;2o-4K1g|dfJ;IHPRKPtHq{qip3cQPWEB8Bk#2l|zOgw^AGlqVhw>|MHkEhrz)wFU>NX{Z_c2Mz`Wt3=p}*u`U3 z`=Vtq_qa9I6B*47n+84Kvv+)Z$rs-+hNApJgwJvenmn(W@%($j{t+seaojZ`Y4UgVp^5{8~6ER)7nCe zWlAby+J5WLSz8Sisk+gO&0{a(N0t&I3UOAA%KS83f*8++Ee&>aQo&PYQ4c4xyr794 zG4|b(a2QWI}=B#vR?Ko5SXA zY1Z=^{Q zRuVXe(a^Qow_^=!71Q`u1<)xcPHGZR&CNd)FUNG@;2x#s(bg115u#w}E-x-F4hZ5B zd9P!EYo?{cal_565=s)vW^Nef>3Yrjup|gB1j)0_3uyy~jhX+-;Woz7;pmFi! z)W}3nz7A5A_q~ZMPw%^)x1#=!es`e)j<#b?*zOx&C=O;QLJA%uJ7IkxQ9#cJ)JR#U zb+voj3v7V$)o(K$9PAh`8Uvst5r8p402x&QaPRkO`EkMkMtEhV-Xq@-PMoK6vn#fa zj2YgR^o4A4RF{CQJ5rR%ompoJrH|S}87=}<4MDF3I zmj!y7Hap(jQlcgaL^fF+B}CS61VG_#|6P-)_UP?jk}{NjA<+}UM+ z$PeF-pylcq+4USGujZ?iTAX+lRELv4>x*oE*&XXyFjn~Z+TvCTA}7h`luoP@&oH4N zwJpNzaJTq8--Z`K`+%EDi-JQ+6s}%!<%C(1>b|P2(tZUosaXt8gKk%3p9rh5B^(q? zP;G81b4x}doaMo(1h1raAzHDuRm0|?B>n&H_RgM304)b3k~~nPGDyQL1?v`)Y!J?1 z8-8}L7FOZQ92a-w1(kLocqk~Ct001{?Hz&%ntyu{lOCoV9gheLOX2`(QqiE9WC6Cr z0CYSYxj04KNE;5owSS_4r7k$*@FE#7MyD@lVP}5>3Blk3;r%3kx`dwqXp+>vhmKLR zKyn-rp^6`Pw!}SA4a#?Od7sk^+#7{(@<|g-RkWS;I)K>0>BGU-jIu8nleKT}O$xI@ z3xnZj)srPZt{i`TL?9_49rZ6^UESRT27J0ITJ-Lr4}c&>2Uzo}Kq`W#TVF}9iUE@H zHUK8jI*bY7;XlwKnenYfZcR5myu8%9-!s;@z22Pz<0OSJ-J)%poHF4qaljrippT(m zPZa@Ws{ePt2RV-yaUnd?dny(C#17P97F2|S^0n?npd0!~Ee1Rxg8_sAXEnZ}v!4x-s`UldFXijDRj)QQB^oMo#)^DJz*?l_OR4Hr1bfY4Jp#4d19O(qwG_qs1A& zE%7l(UmoDbRM`>(zze@tenC_JEPqZ_(tKZU)&7Ct+hLk5K7}= zc}`+W521)FIsgc$sobL(3XUr6L*+PhVtaG;iDrl0gNU`okjl@VA;NRv^-aBG2P%Vp zEo^V@Ms^J|7-X+@&vnfkiMWq4dOI|bf0I9a;6UmusIX9rCis;5vYq+5pa^AQzqet4$ z%Z#KI9yPrJ(4l$e-y?Ju{{Z}f38i1mlJB=yG>Y2*B>iB-V=R;)BtoVUFPm)fCHR!? zQMymZ;jHG*G6R58=jcvNz}2@}iLrs-W)9-uskcQ2B0xWR(As>Ow+y|!61QCp;mssC zpk=>(KDr=Qz;x%K_r(sX*EZxsD%~3ZLc_r->yXkE5{QeF$$wYPc-2jAPNt!gh22F} zr>AM6;iTwhSX5fofllDqWSJ|zrY2vcJh8g5j5JjQZg4;9H|xm1$i5;HM>9U+6!vlA)ke2@EKqG>m9GLfj&Y_z#oF>LA&&8bxm0L( z?%e}Bw6Py)Vk*a|WN53Kc>jTz0INP8j-5R1=4_2p$5-OAKx$CCs%;2yPg<2Mp%uhY z&2jUGRwB#WqtY7gk37=2(*6;64ws+-U;S3Rkfqno1#_ERJxz=Mm-af5C}8zm4fC#p z#taJUf=bW=exbLTNE;Qg9C7>BO%oPDf3j30$G9o_j1Pn j&kz4o1N#3#mtGUioaNAqkC6Yjk))RTW3_UXr{VtvE@kWq literal 140926 zcmd42g;$kZ)HjNv5(-j+v?z^$NVgIq4T6Lc(%s!ENJ@!xH%NDb(%ndRcX!>%d%tte zd;fqt?%jhi7#sF}_IlQubN*t^?IR;4f`&?fihzKCCi+(B9RdQ99stfQ!3UtQMu5~x3!zlA{YB&IQZ_a%nu>t?z*p{TnEYmbxIKZH?4&Tu0S zq`du#{7}lg9mg$lCPnm3mc*ElXAvgbJp}1F%TyYKAY)A4XVKwbPsqNJ8PhHKH6rH; zkAzSy>|wr{`#Oq`ABoNLJ)cvP@z!Sv!HCEMs(2c=-T0K9p2ak3`(L@Df6jfie^{G# zUsteRe|*`$IKU(k{2EIPu^~7zU}L(bxbxFpzmO#_sUmNF1O7Gvhfjkn``Q~P21`~h z?vIQHmc1mb3R~locS4$cVsyWBGHOPpM$Y;wwY_6AimK?3EZ-}p{-#DfLw&J~`b;a0 z^CJ$gTa=Cg<{xG@<8NxT4;2>}F_2C=8xIu+=g3apy3)z~|kFc%d^+0r{#1s?%%7&jO4c0W#TL0_e+~V=tOW(k$KU)9_Dj^J9GF zd4O?u1)g9LOGD-(n!)B9dTyeemRN$8WKG^aXc;e6$UO#RM#QcflEI z4s?P)2IeFxw})R*t=xO~n(;9L;~!-Ehs{rr>tAboqZ+(E3qsMpJ1QvAioNG9kYG-Y zF6Qy>2@|=Of&gKHK*nQQucOzjy*<4&D?HYB*S>BEy7Xck+&g=a{0U3K-9|&s9=+2; z+580&3gcI~nN)Lz7$mbV9W%5i$P)Q` zOEgP9?|rsn_W0!+B&}~24dyQjB5*oiO7NxOSRq(pSz!+N+j$Ozls8`Ah75i5%MdE}6+}N2NpGwFCmGF8MBL|Gcntg&f=0 zIq|+p1hS*@BsPdP{D)6%K6|D{_Hh);e<0hW&T(f;%1ztKAjzp!sS&vR?#M_i%${ns zvU-qnFn>^W&_hs3@Eq++Go?S5|3?B+7Ci$;BUG0AEbFXQto%ky#TUi>#lFP^B_u}4 zCG;hD`iuipSuV0p_P8ct=g+6Izbd!r@%DbPd2Um0qp%{st}={2G&F$L8@jU9Uz5O{ zEi%0SSA2-Bk2{M!MSAFX5N|bnC4Ru|kBnaa zahp~Bb6YKVxA3|D2!<;yivk*;#Jw6g86lo}3|=H%v|q-Z5T2!<44(zw;kcWPtdG)o=N=O7-6L~rP97;VJ@Qrx{r55- zU(j$oE$2Bg@YeBWNpT?IVbq^GatK_C?!@acdvG@~rgt+ju%WX)%=5Amq3Vh8>!z=I zv$nHz4dc%;FvXvui&O_5_)HL-zG&wWBN-x)^pWz;^|`{BCzK-^Ampa9eZNt{vB@E; zBFDqP$947UVnv|t8#gXGIS0i8)r6{css3paonHxFIwN0^N1;d6g3wb+Cdys&IXqM9 zGGFefM$xfYmU^vy+dZ|tnp27kvM*iM3lgNRTUwpk?bRChZ1`>jb|i(zD&@liy>4>)z}Ae5oV zoyQ!M{6}-kjq%$g5Ba7Xzd9ss;f1K%#;3$R*Z)jlN$`f?n}3a@g`{fwSE&-VD)#t` zp`~H>bTlc&7+Lt6gwg z72wXgoX`pENY5)*<+KTPDA|qLFY#QL8kU|iue2y^s7Rho>*z|88tz`otx(l7bC~3E z8$Uiu<&NPVu3WaWoAj@A%A-n5KPI`Jnz=kU&m-05f9zC#gt;X9M=P`?RoXgE{!(}M zqf4IEb|l|)?Yi`{IKGYL!@3LAqx0}D)p`qhsXd4B!w<$D#*yrit~nR%H2oHD>nNDL zaLc&TI;PuKth<=KY&i@b3H~zNKRj>7RyXA6v=cjD^|vp-k7}EFD$s@cB;#-oE*p*f@dvKh0$X6EJ=3Kbf=!bh*j5T&H<&2+s^;SWIkJcfc`F)Q!J zOVc~Z|A+j`b)y{bNeTy|%p~Hg1ylq9Q-u61A_D`=Yn+9;C*QxWOy1gDwg~sHxkfJ32)d-ytAsVKZQhV~ZyXAtEB) zM?`+X^5O;CogZ&rm2%2c_aWSkh=@+Tl~|!%7)j&Za~DCn@{v9v{m6F&geM51La*iR zV>Tx3lyF+Ek#;H&U$4=8dcFAE2j_0+$SZjvGFnzz+*jG^k2WaZ_=>t3;!rRN3pYL1 zy2}#v1X+lJ7I`G;Yk&6Vgab!wjxAR=i9%C!jsVTB^TP#)LUwL$?kXoLyZG442O`N? z1h?Sc{?Fry2S&Zi0P#Oh5fDC?AtyEe_jCvA|Al8iE~2*(s{P9=|L!5CTROT3A!9z` z#nPi00_$ejTNqBbZ_4rsc*|;3>+5V+gF#3NMbTbbYY~Y7>Yi znm(<){O^)yh6D#6tIZj%wU2MjQfK)3lH51jz}1_+tWp`S3|akn|)0yMQbB~@`{A3lvXF8mv6Lml@5>q))`bp5)$27YZ5p;%X;krk- zLG|x@tKUVSJw)yjA!EOABPxlT^HtF}_}gsLX!EE(KNOx-1mao^I@TWX-N>o`dHgo| znz8FfTsCd*FwUzYsmj?9>47mDD>zr_OKIf0PP>*|W`QHW$bUAyzWMB*Hz8E>c@ta@ z`@GEkQHcugbE|X4AxkafIM1b~iW@MSFj^(}@1?iA2@o--I2&bUC_KC^=OP7MTo8*2 zB!#>Pf4EZEJc>~xt*O2GZa@6*Y z4l0R!rCQDR)2^2|k8n7Nq)bdqR8>`xw)Q1S{#zFdB3z?&tR%j&f|30t!Ml$i3GwjG zb-Cr_@$=)Y)6-2UNl61MBO?D?L*kJN_U=~w z)`Iyj&U|&dzhF83guL#z5!KxCwDnB1#F2fFA8LtpHU|{N88*zCSJ&`z*{VD9xwXA3 zqYw|XSsTo3L$xSidQF8ms%JdcC|b14!Ohi8?xC$$ccPhW_x7#1)7i|z#ybUtWcbR9bzgMy4gTK7CYK7K_-PH$fynTPXy)#R|<`TE9tZU=jNlbs!3 zKfjW)qOIS$dR&9qsKend5bIbom_4w0jf&goPY628A&#%%uJ-!+>w&zk27H9f{h3#QKd^^1VBo`an|o!+FB){w}N zp}x~Nd*hImb@1bKYUy~@uvz>bK zSl6|ptZZMZcsQLbQ|E7Ofz}4EhhYrLG2!9j$fpNIJ?bBq|64_l+x1mfF2Rcg6O&Q~ z!)ncM(NghoFR$1yp0&O1%M*!Acx0i$7r(t+#?MEVnV}>j|J>U*U~*=*X?`~R8%GhM^8PJlq6JYohjr<92vfHzA7r1zgY`XL|EM7 za#?(=Wt2-bR_w%YE@p#O<(5FCD1TzAKK4<&JO4z;PAx41gQ@L%S=sTipJqmSQ*Um6 zd8Mivn>V1?eD>yzpuiQeed_E7DyndY+-@JA<48-AK)inHasv}BBlyuWsj^J1N(>H; z933eyA8B@yUEUqRl>Q(W+Y<8jSQZj!P=0wAnQSA+e&Y=Xk=u36L28M=Nyz@W^7u$U zDxG3wQAccysy@fz@pO;z$wg5!Avytz{hxZ_GsiP8^h*hBTq?>b^&(xJS2LM`d<39h)*S8a>93~yUCuA`$#|)4NCGJzXpnvlDe^1v&)Iz;$TjzI&OWml z?;Gr@95K%0-+V;>k6W*_n0J(w4Ngnboqw+}yFB(+cfFYaTVO#4vS#dWI-4Kz!)G3y z7M7+w3?)pIT#-M2>YJG*XC~%mCT^{*#e{}7E$<(nY-%Z@^Wwc0Y@R+bO%J7t2)t~z zt9tch#+<_hS<=yXhlQDt4g;CZ^q{z`%)-V-O7m_e3Yn0l8P!zw34t(9s7pHS-wNsvC_r$~U>y zy0z`EE=Z%Vw#5Znm*_t_9d9*EE#!SfW%rIVV`uu00=L zS9fsh^8TtYCi0!!-0tRv2dkNBRDaq=n;II#HL)v`;UE<@k^hO1nM)Z})yvZ}Y2l~A zLKW9nE-1UZCPqazvhxih0gH=x9VgQbA_gYwa?z(}XT9bckO1-1SIztP3QhJ$ckNn7 zy15wGJaON6ctr-1KEptU#CWkv$-`6q0L>qn3>HvZJ8rPp*mw@VyIKO33+i*wR9OkR zrJi6sAmkcxyRI!CiSXWe;j?3^tgNhJECD~dOUy?d`kkfs?F$PgYLjxCTTaXGB*0znUF5*5g<)omj4>GSnfO>s|GEG{XjI!R!7XsC{vURO*A zESFB9oOowi8hLbPmLk~k>z20*CP2{2i4hI=zffv#=HYRtCvr0)DoQ|oX?fXXVx__& zSudKc}z+d|9SgDD~{7wN>i>T?} zACK%_-eEs}$^C04~HlJ(UZ3!Tu^w7^|u+z|(^&;To*G9+ zb2E1l`2RjTFIyK9$3VU#x%4cISn?eNp0<_=9cFi$0Uf|{xVM*V}|SAufxs>@@CM)S?lZadP?zJI-N7Vu6>!>xMplt)5LVgfR( zSuZZKJgQDd1Zw2=ux_4{BH2Bhze&#M>rz|6~*7beQ}trYHBSF7b) z0CAZ`GL?VfKyjTvQt`X&nZ5FY>qhG6tO+(^to4KA>E-3JIt!9}1g@#`CZoT8WvvLj z*7(v$8x?B5{+GU_q@;M^bblF3u)`o~Z6b!q$7FT$7Ck+EKi@$T3up3^&Fbov5NBzU13vOW#FU-129+IB1rA2cs zN?zgl-v>F-?5hGAU$h798(V`tFc^+?nt%A=^~CcMcIGB0H&A&jEG~)}XXQ-#VLZhs z<{iJ6I`vKfMc3OpL@@NfE$1E_9F&Sj*&0X>JTRoCrRBeNwqKLaQt0|VT$xeut*J54 zGcc&Y^0n(#ftJXJp({EpoW~fLB)BezQ2_zno@j9r97C=8-Us;m$Yh>x-sIJ~o5(9D z9Ek{>$Qu#b{_tJum%|W<<8%2D8QHeH570zj_)1$>7o8|$JXu6Kt#R0nyXy9&FGfFy zuuo)?@%D?LWm5LBH+mUB3?x@a0fZfu>AJS?RV<*{>%xum5%VYrn-xGxYk(eDNJ-r3{J^o7Vq@3FK}$2Z7KEY9L0MB?O` zpO&_a7|iyDRxd!6!xCT->(=7x0CBps9k~ZoVf6~jir5wb zM&D8Xfro6m+8iDjKSD!?y8l@o$()fFWVw)<^lG8WNq2XI+B{Aci((RM?k(p>#Q6m!&pd$8m2>pymL;dBUyq*ktnT$7MRyzZ z(PCoGT7RLG3Hv?2yTZiA{{3HNJ5x8WqMxx5+7pLn`hGsALuQxF3Nmwle0#m>GCJ*t zRD?fqS!Y-51-8|9KmWG&_Wr)UQOH;o$l<-Ls0HwIV_B~ zCLBO9Kc}M`uU@75;0kd0`d;Pqb-q#i&rHyJf}ZF)Y@9Q7)8pgrliqQ0SBzePYwLs< z0s*A_j+-A;oB{&GB&tdA@QifXY#Z+7-2lDc-2A-wHtNaww#jwvKjDKgWdKsO(vh_? zz0}r^m5z>XYr1OqSMzjy29u=v%*JCn4T_Q^d~+xK%syT=J=lD{qZ`e*d~SnA%0$7itpZOI`u!L zq67v9B~$>|EY z@xjq|-+<6^YJd;UE{nJu!F1Ye#~l*?zv5+Mb$|*qw!BMbRS96Yr<`0JtKO?O1 zdOExI)o@f?Pj`GpNlZH~s?R&V^-b2vDA zAtm5%LYE1@KLeF`_|Oc*k-jOCz*`j+V;PyxLN}Zf#H~~}gOn6Q@n|*_^o6@?jl6A;$w*JHb8foX@q+uXdMhg{ z$V$Eo^8_KW#rpdC-rgc4H?EzPz6SIa_J1!|t%JepN(z+(4+JhU6N&CfX>lDkl~fe# zcw2w}FQegHNd@ZX&mW+mTruxyN^}mbt*zPG;QjmlDNS#Jy8RPp*SGq2;(N>*Ud=Z@ zr_b?xNcuV)tSzvTZs0>#w|{l--?z-vcxCKzfA3lDv9PqT`q&M1uh>cFTFU!BGo$yz z_K>mtHI0M(c@JZ&Cig9Q37W%&*QB4)}ANfH* zP@Ah={qLU$zdzoQh2f5W9`-2zKYAvrmKA+;<0tO3u(0&^_fJ{>=lmrgwsy3&)vWUU z=9X4di))yzUj5IrdW94e9uk7>*JM^nxMK>o@ISXVGf9Ct0nfQUS6B0d`w@-)^ACh= zL*e9**7nZ^J$x-=k!5 zNB?Yx`Ojs4I|*J%+96CKwFaR5^S7O;-%4652><&t*vsh^|NTUS&({xx{QrA8L-GIZ zvr{&+%#4h3{k|mA$x32AXAY*utTERUY$7NkI=Quh#8c3Jkp00Bf6cjWxTr1FO zF`X#yE0rqsPfuS)B6ZH!Zu>D@@h_c%Higi~m-3JC@rijI<<-^I$+6zQf1jC|xj9y1 z)E&dQx!o16?z+0UdAZOQ(iP2qes+fXt$wn~t|y8$>yo}BHz8rB$qz5jD)67g1#3z}6J>|mkl zE{CCCzY4s0(+ukTy}UdTF|lH{(ryc>8-~Eo(9rRLP)@5QxKs?EOO$H48_<^4&PZky zvS>CFF3SaEr_F5TB26u=$jk0H-gEemg@uJ)Pn=Gm%v7OH2kg6EcMLue5fL69yV+EA zc{v9wD{ET)=Ua$yeyo-YZw0(zYvBYU-zSR%UM+^J!?nO%Dc5MYCoC*1;0;TI6NUXV zhbBU`=hYB}D`v?uewowJwI_9w{7%)C6A5A5#l_6UL!N&lg^6%cTE z*sd>081}HMJC^%+WAqu8kG>8)ea_z_L0MUg-h|h%XsqPV`+IvNJocZAjU|vP?04r9 zUb{OUZ*^st6c>N@_fOS|nVg&)&Q`WM-COM8zvkiLaRzS~w5EjQvuDXZ*i?=V4qY*v z%ukO;nuV~Qi3t@(z!m;F(GW_Lk^Cbepff$+8>~em@>wJ>$z?(o4mxb2gEX6$6qftGU&sAD2=;GoX3WpHL?j4IuOG|8Op&=myHBNQ{tvMgd z?%cjLU|D85>4{EEfR8VVygF8rm6f%A(?{7HzljQWq=)zJ-7C~9ULVX1DJwgM=V0;g z?d?HAXz1uPWtS8dp6&PWM`o~V4gGo#i3iCO0Bb`-n=I7v^Y`~JEoCDkCnM7s$=C3} zxO?|5BBFax5XRX%NlBC6pKpPT&Eax}MxO$vUz29RiRAJBk;GHd^dkO}l9CTe`8t>P z*Vos}j7PCBFlM&5d(bPe1c3OWlk!dU_JUNdU+#&w+nN|{X=$09jO{R)GYqm8C-0<@Xmv2*TE%6Xh0y&vDn+*02Pyu&~aKxASsyO|`Y<<>dCq&Fb(UKc=Ro zMJML^iD3z&e+tAL2netI8lQKC{-3BUR_`d9&G}Fw_WpfIO3DK47oLw$O91h};GnUJ z&NWD=eTC@2V;8_LQC`uh6D z#xY@GZ|qBc`}yJieo;};GmnVqXgzIhmfRN_^&XJoYz)%k;zdBXEEtJRSNl^5*-gnkvQ?|t zI5?D=b1JP@3oRGLAavoFtT+!r!VYSsR=eEGgA%lg48fX5vN4D)k9YH4B z+Sg-j@j&XI)C)%^9v z$xAu>FaI|kviFjR(%y*Wd)UVT*?=lM46G^-rjU+Qbon#-T4;j zIG&2i$|!~LS{Lrv;DCN8P=EjO!Ks9h*}Q?KrB&9400Mr8J#EMZkD$Bvao?igGgC@L z}e%pDGEL^$Osl7_z8@#6*P^mE5eqO#p_#TQM=; zygbJJoAQNbn}!Cx9)s4C)q(VZG)Zu1`D`~LGBXWeC6Jfm$x+O@oe5;~<>lph0Hm;; z1Ox>0&Hljd$UJzQj=nc9;zzTar77DsG&Dqyn{~*}FWvlk31@3KFFrC-IeJ_}rP{u) zu~8ea!O_uiI9C-a=)hp6oJb%^jn#5DI3{Tyw6zz$<1@#^#3Uspt*x&cXh6HHFIfb@ zB{?U@Wx1P}A$&Yfz3#R9JqHH|*0L%Hm$9)AjEs2@cmTze>yQzECaU9QW`W0wtpy(_x_da;{1@!SwClI!T~|X(J0k5} z{G&VPAGlT?{}Y|Ov~+aINl7b(F)>7{)C>%|s3>H%wzj#sxqus6a2RT8Q;QwpfV?5$ z;prI}Co6r=(#94$-1r4Ev$Eh;`K6_$RaGaUj|qMvw5^+3TDHf_wgIhkHZ?>=QL309 z+`an^I*MbXqlfFmfeo|T+S)PPc3V)Wtxs}%eA+VQ(viu$(22(ib?#R!K*oM7Go|o= zj}{RZr(~NW_|Ms`E z2rvn1tecygEj+&u$R5t1Iu=Lr&i`RuNoQxLv55)XARw$l&IcVcv-pUJh_JA~SG6Vj zf3uafn!jsYRoAj1BB3Ab?VX*i=Zy+taQVXixx2dqOi4ZDr zAvXOi=TI!KX?=LCA^4Is?8vPj)XNkb&}f!4(Zj9D@u8uc=>q`LcbfVxX9tlS7D;c( zX`esOhAkf)gsBG>2p4m6ebWOyt4iBVE}(KtAe42X!=5e`d;9k7H~s`oKi7ejude!& z@=uM9M&f6PX-DY3k&}a7SVm&vYgyR>yX~p_7NyAsOsUhwIZ!uSs0eJBk)q2}PxWk}D z196d@oVC2n$aESJq0 z=#x@_HP9_wk4OLf`SQkpIOn5?U^A6e3^ck(@1YTpGqnrhY8Kc-)#JZ9nFrybrKzc} zVQIMsj9_)c2*_62H$l$__%F4QRpS8kplm~xqIiQ1iQ65;>WA@8Nr{^G9^H7J48WUy z8LmLHn-&@it}lnGBX&t#&d6Oia=n?xIzq#%4u4Ni&o5v8z)hf#L9PVXT$V}7%MT8# zyIrO^?V7IiC40rhs2Cd?fA|o!vHyr&L{04~w)HDCR!-qgYJET6hoT=89ck+pP_p_W4w-PcBt+rhBLVJu9}YYJpzJ#pt6!uFaMicw{9J8P0}$k9v>d2(mZ+o z{CSEoWURuwcZH6JYd|2te!c`~OqvEd5q#IEbVmRbefenXAC9A~rtEw*;!^ zfBI5Y#m!9K`{&P}_IAU?_R!|$<}8Jrryegv>3Mj0_xJZ7J$j_q839rO8GL}bxw(~< zmHp+Ofryf%q`9lhbLkk4Kl8iIfuz&mHa0dk0w6%)=!)eY{{1@vUIMA+c6CZ+k`MI> z`~y}VpLQVxF1jy)1~80cl%yAR(~ut){y3^cD;0@phzwK z_N&TnyB1icYLzW`Ac0}Pwaq{sLa?xGoD3geWl@)z(Q3YCK;8;2%1(7)|7g~q16jx=(M@C>rkiXRfO_EEO z>f614@Gg$a1`yE*^f6q`=x;U{NI@&^zkaP18w`K|{*{}{fPqZH=WKtnqrt`F@jn$B z=I3D2ETOpg0HprU#mW%3!jBt3w*Zu&Q%pfYv0;Kj2FmebAw(MLU|4v#-O+~f{ri4r zXJ@eb;5P<$Qerd&ki8l#%*`M3yH@-9wu85Xc>6Y++0=x#!Y!ZuwsPmwmt8V{WT5xC zzi%{@se5(`i~-Q8HP)+Gmm=jA(vDEM)1>3U2pI=L2W2>x)5sghWMIES z%wRo&L?vf~xw20$@z|lCX9xtsBj`RJL$*rAJ8B%$v0{U(i_;tTWp6= z8Y=2oxkWPUVsJ2Kc!!Sb77(_+%=_TKLm;GV{4Az5tTvmjg(Mx&DNyQE8T|V7HpKN( z<7@@9J?{tSR|!my9)&`^E8O?}PRQO3bZmF7Nit0s31Q_Gkx2utp*KZXBY-vS{w?3}Lx7OQ#kqpUbJ$-(BjMp-Vk&3~3keBvJ6lZ$9u3eG2m$rP<7Zfy zB}WXXiKFdleh!WkFd*K%dBd#N4M7L`QkyM?%f=AQK@j?|w@?}Io+~AQNI5^+ghT`0 z0#n_ff%}{+fvDIg{{F&(g4OY|yuiSRWD8!Tu1Y0_?`>>YFWLGRj{RW) z;NtMWj3F!QdtheL(s|IKV=$vKI1yW_EC?`vqAem>k{R3}7#^vWE67 z=Y1&oRZ+!=wH$)me~TFFS5_7;FYmbdFYtAT1_xcwR;j+cdV+%rHJ8uz;snl($L&f* zSXc)xM21(uJ(qXt?qEzeb0Q47H#%j>Do!@iz#gsHg~J1R}0v zS?m_V?{kj|#%^udm5B;wv<^7jz7@@R{zO-&RuG@_D{{`gLPWD&ET zH)O?aEP|w;kC{C%5`P(*Y$1|N?&Pg?fvGUEP+hG8uWgyXN%mfIAf*&+&;UxVBLJyS z*b^#(oXF{iLWaknl2C*C@L~ENb!_Yqu-(3Y|L*IH3J?mF;7)=;9{Jb}p;)C~o0<8v z)X$Rss7||4lgUctgMg|ku@&tt?c+btlGts+!}=z14|jD8gVol`%IIQURZYzmY%y>x zjP^oM5PCJ_tICoJm7beoUGov*^cw-@*tuf2fJ%cG0b)$shhTVU zsE^7Q@G{cuF%$xD1EA%fhFP$%pbaq!#vHH>7%lJT0vQa_F0})oysWtR!Gi}Wh@)88 z*btZCbVw#Q154DZy$^Kg1s$Ey4aV%GVU?tyONv5a__(X9 zD;9a2$B*?54Y`a*@0B?po3(f1ql?;%{inQ?U)J)Qk*!SYQ<1A`mN(pe#&GiDo=B!?C#V zjQ~vA4JQpo+}93S{_)JvUq$R$yCJJ74JPXCq^ z8UG$CjV_ZeN?bpKZ-3(q8Nz`QsV!9ArV5AZZa&OrdF$7=PD9F zq_HF&?()>e_G>*1C&3!P9kLxf=}#4B*;R+rfX)h}pTXeB@87S~)vtl-9?-}B_)!QF zNB8rOJHXn2^T84ZOjavwtgW?a^F{K~)6#r}o__o|4q;iKG_gSC0-OleIPH2)&#NdZ zDhmEsX;D$KV0AS4uB?jjFi?$w-hsscM-*U125m;PHbntzR?GP{$og5u4 zIiN=r4mBJ?1K_AXu{@knJfdZS}wVuQ*+ zDr4yYz8Mr_;c?j< zWA$se9c(lxQW!^>TU$Hp6Cq`qe9UF7@9ca5 z2*;pO{>i|g0*H1cEjan0Jq;4km{o5h6i1zG4>p^W^Bzefc6okBAp_R|Zu`v}DAh2J z15K6C(9q~A_UExsnU$W`TFl>*vxK`x!KQpb#1Z81HJW%fDbR(9;%P87J9~J=^vw)| zK|eV*Ha7S!OMOKkQ`%puPlG##Le|&UCz;F2#s;l{HPDH_e$je01c!vIj}|R@!2kNd zzoVq2l$Di*rVp%x-E<;oPwBm(;V&WGaT>X_2Lvn`O~gz9;SonLltD*J8|5d#nrY%C z>az0(2{30PFBAqWdg6Eqfy!dHYqty&Ftf09wzldsXwu=JMn+>p+XuRzorxv(li>g8 z^Z2zxlVcp%$SuTs`Bn`;VPj4eCR3KWZ@?cSY*aP}7&to~t0|ST6qu`A=g%U;!q}j% z05&RU9k5pM&4gPmWgyTWlJI;|TU%Y#(bj&kEJKbpS?v&l?itF*7LVoEB!Lix@#E)D zZ4C{eypi$o)8&@qx!+`{JKNg}%gPkx{zs{P+9Vk z_l-SDOh`xo^f>V828?+{j#W@)4eexT0#Y9LLqdaVStO?f1GXW=tO|;XWd#NJJoYy@ zz-_Z8gd7|m4&RP2h}rv=+dnXH6T()x`o0g&=oEo=U#(Gk^qMoPhMi>8Rt82SCThUf zE6zp7Pfkv5vS?$J8NNf;r3f9FDXKscUM};Q&(YD*VPUx3*=u@4rX9Jdy`)jHwAswDd(<^ zjw*|JPjFMA5@2Itae-0hNmj&vvEyD*;Q%OIW-`9CwUwKiI^>z_>E#97#J6V|8V)zw z9z^xk>%5GNgph4af!gaUC*W#)@pYj0KuP}4Wq?@J<5vYRXSwP6-l(*6i{^3b^g^Y>%tg3V}^irU>TGh+7r3J9X-|utr}%*J0&@j*bpc zNFO!PZEY*Ph?aR#G%);;VJTZG|=M;K^Xm=pzQPmG!QzV40*E6dBrh-kScfSRWm*?4VaZ?^f?WV7iL@R`ChOmKRWxwFkj|=Ng4O6Rl6Pv2`p9^biV*7Hyy1ZEkEp2Ui-ot+kZ{%>6Hj zND=DnAle}Kv%p4&N)I6I>#G@87c2{P4&H>P?hGUC83_sI2P=J02ch*)_A3~Qo54UD zbP^5gJy3uP!oXlpcXuraEvT;%n1oRF;+^-}z!recjQ&*_bZ@|C`4Zc|=5~Efsv4w| z!1Q|X@s-@o)I=~IlyuO=)}IK-gy1_KU5ED(uCN<9MTwx}uUS9)f-|6L(ILm5z%NeR zDJVut=>Ql~KYrz7D9J2_5_Mz+a?-RwP7U%43xA{y=+u7b^A-(pU;4lTETOgat!_ER z7_-kv2y6GV0M7cDut0Wi4%@zXrsuxMKV6vL@Q$(4wBF$);BSrPhHP^$CzQ-6Pj zNzM@w<>~Sd7_?D(s{Ct15V|w81nCAL!qIt7@85^YQ2#u626;Q>`DLGl4UClTJGJVQ zcJ6F3YXI87Y2g746m&wi?^4-z7bh00+=dOWp^tPBWq^!4I}U1gBLR3=tfBX{M*8r+5d@eAcu3-5QM2vwB5Ezp)E`}W{|BVZ3DA2AgM|CT_+$(ap}rt6TqY!fo9>7su=&| z=;$bmp$c^65)=R22>>lzTtZ>yS#ZtznAeeo`>^P{_V$q<9wT^R6u>qrj8Z_~S%Lh( z?gNQ8G&~$$AP$;2HS%c$mSBS}6^9G>NYGEJy6qInC*AHkC2+=X4W$H#MDOr0BQL*Bu&u!x8efEp;1KDD9~w+)6uVT9##*`234JGq(Wbv*^aexb;NYy~= zxOb`l=Nk&p9|N-&ObtosV$#xDT3e^=|B{U3i6nl~+SZ2YBZP~KON1^$js@8b^Bnxn zC+1))fMo?uarT!lqhRO)C{`*@?Iclw5@~R_fl`1MiG$NytbhOi;_c1DdS3VN-`2)b#>zYtp+uAh4I(6DC}X4$%>$B>&|oMD z6*5#LM2MtGi85D2rMV0tQp(tzhV%NYwb!zL*SW59&R?f%?=`8upW%7l!+qcH`x!U^ zNHop)lOZ<+Sx9Ti+9}mt>hl*tuF|tzXKHZ62Ieg!#?2b(*QVE5IDTWTU=?5!gdV+xDG1e{l;ay1%!$gD6uMmzx)Zl+srJYOBj3S(zFcSy4eoM?dd%4~fKyy?Y%jWgJ34lv6GD&kEPT3IW5C78NF6|oH+QxRjB!@huxUFI zjujk0hykP!tYX!peNdcNX9oo5!p`bfXQ<<0xO@6Oj7>~DuCMc^Imq*K!8jC?$O-7Y z1`QfS?UA=r6^{DqgfOp*BVsc%Ghx4&h6Zx~0Uk(LfUhI8KxjqO3q6~N<8(d$cVRL= zp0A~-0{l^o_w^)UCq6QI{NACvX8Uu^vVD4q+V51h-R+Q?R4G2H68_*%MPKnv4}-40 zk}&ih{jg%@sB@FH+&iMTR902(DJDj_ClF|CT7)DfKpy@2IalY& z%7t6=d}hqp1u6~vtvNj4(j^;D&koWI!0{$4tBat*t5>_z;MaY+=)dj6dpcZ_2dLU= z#U=zDo}Qlk^Ru%3`$d@_2ZDzD98k;#4B5PRoZNa?*!SpTf1At-+-8Dhi&Xz@t-vO$t}Bn$P$*^bNgR z$<0-xWD`1X)%7(AgiJlHL%@htU?ySuw}_UY;mA1<6d zd-(YAL?RILJ1Oemf&g)#Iq`9EbZgVMeLelCs)N-*p3~CSu4{3pBxZTF4%skq+-oX> z>?cn`AUWYFX|J-gAv!D~ovV2^&UMN?m}Agb!>>fAX`n%r_&#nSiz$lsdPtE>8d zM>PbuYJ77;$gvLeVANQ!HoUL z>5ZjvkMG}K4@QCBkNAd6>)D06I5%(!zWd9|By^M%s6XAN?%2BN&7FBBDL4;`d~dAC z?ARqa!#N=_F(ka-#2!6+T11`(063%Jct+0$vNRy1Xf!?c_Ut9FjMJvBM_=M{%%2GZ zW8>i6yZ?xPT2c}`WW{h`DQoLFClN)J+GQ;Yn}QBB&#e$SP>9TUGFWt2rl`o-c3Tns z2?NnV9?^eP7YAGFg!SVG*`{R4XKiOhL}GgTK9rc2vV3P|Y<|X@S7{NU*GBJfz1nd;P*bDZ z`u72}d@%qoT;4<(nLlJIl7gtIA|fn!F>GlrSkg7n;)Chp4)D8Ui zQ%8^fJmGtY2K)Mj3y%(IZ>n80RX(q16HOC&Ph6%Vpm6sHK@{eeG}6A;x1-R_0C$3f?1_JJvzw~l?%J9PY| zItkxP2BLJ8YL>4z>bLBzRI%Raoaz~)sjUrG5qa?S0KBJUQ=@orJ5zs z`|jG-^L+Yu#UFKbr`Wvgv{E0Ek{KW`MeP)OCBgvwI|;Jt@}GZ*m>higZqlmxr84U% zAI{G``Po=(VaUS%{uPh+$|^6KHC5HrM)$( z_J(02N+k(Y`8yQsB1_&c`lh=;u*FUcN zJpv(8zTkD)P-L>k#>UT1X#|Qt_*93K9YXhqmFlC4AEQQ%0=Pdl*&%)HCVTtP;9&XD zqn8DGu%KP5^FH>p66Y=b{q?r|TAw8rtU@$5R#_*uqGwVRuxBLvKR;%*v?;0UY(Yi| zX(T3t{G)m4FXAV)cIVQazt!x`gM!q{vV<|lsljf_FAvMiqE-EIQN_~U-el?0Ex_P3 zGCAd^PM?1D>D%wSc>76aV?hbE2||X*L<*_G+}!5>+`6p4VEN!*^(`UY|GE2Jj!*LQRVfcph3vHXP(G)u^!tv++9$Cq;73bJnkfpxLr!r4 zlQ)!nZ)>R&rcqFIpbDi~FSO+Kff`X})sWp#tZrfurMg;+LcF$iL+CofGMO%T%GRiB z*EUel@J)!K;5o%)poljXT?_H`oeLOo>Cz<%c~UEi0-MU=|6H6%nkEA%^!D~EOG`@J zzeJGxjBdXwDbXA|_LIYiHM%hCeTHk!5FMhv!FcIXNf}GTxYU1RygcMy275?xQ;vQno<|AuJ`SQaY$k zp8Pt|;iU0|6Z%E*Hj7YRgLJ>SsP~m=rT5x#`(+>fIY;%r%o-H zeiM!M`Sa!iKaj&9MtHdMzcveMsD&69b!D_%(e1fM9}KV-bmi z!$Uq2k{^NIM@61=^@d0*%vrct0d+J@8aMivy#zt=66`M&;!1;3XfLz}FAgiiuf$xv zn&p0Hd!1ayZWUG4ZvVOex$r6*1f=(SNa>&dT+gnUM=xH)a=HBPb%I^LHRq9Zp9G)~ z$PH>ma#Q40s)&%|$0t+VAOxYQLN^x0_k+_P3-DMY_B`6r%kTAI!pv@N_wz7VI?TlKW3T2iwVdM1P-ykv%#NWRCZ z|88s8y&Q^nl!x^m6Zo20RJuAkX95N}ac@kZvMIT}`4>>|ITl=gL1!K;3;IvL_$&hv zxASm$cs`mE$~mOB1N`);M_wh^En_L$RQ^3SAUwvj2}ktDNcxG&EZqB^-Qx;j!m^)bvzTw-FXS7!%x?(*f!8Iy!Wj*E}~#zfJE4ZJDqbBhOyi;s*| zkh@%VW!cy%+4pHfSp|B7kPI}{6vv?VhP`6!Dk(m`=GCqEix*{s3ej4z8NuozSH)W+ zYMrmI@5ZtR+otCQHzn#!ko2SS2pq0uZf6%l&C$@q9zNguFe+9Q_D`SA*UbcvLdLT? z|IGz^hgTQo1wmyxU237KXmPhQRa{B`a7g_9yLS>q$^ioel9N?<*Q+z?_Vb*aoF`9W zEry`G5BG2BvU1Tos zY-!ARYCGZI2Tc&CN}1BJ+1-6=?;*wWqi&|>CG6jndv-Tcx{2*OfE(zTrwde&v~>1_ z4aL`AgRCDmjay7Ty{?sm^u{AKlaBR{=Sa0yXa@MpMoAp0z4d$d{&`)3D=c*-MD z5M~LQzst1iSNOvWg7+2V=8p7ssVzAop2yQf!fUO-co!Ru{bp$HsCy0!XXSzgkXtq^ zw}mxptSw&?DI|5lxxsY{3JbMeYtd|KrF=$S%1dKUu(AQLgx=Y?o+c{(Qdv#zxxemx z3%O)+*vi7{@(Zhs0xk7IFFWxVzkK;}v9$R7?1Rh}AwH4)7+Z=WQdUW6MF0LSWHsw| z;Fc&Z;Hk$;Oy)8S=g%*TweY=rx09R>47_#g)&&bN_wu;>+H7fuW{9qTaJzoARL-u93gsujBSN3wxX&eJvKaM#VSc`X zqT-pU+qV=3s|0PhMAcFLZ`3AXG|G&gGn|fje;lH zZQtI4LbSRZ^1fHko;A>%1WOt3RoPB1Q-;R*`gZr16Q(8!1>WL<$JnR2qNOZrlH3?| zv;fRfM2Ds| zUj9LIiLF4%`sPsVO-PqTq1Q}6A_^5D6v+lPVlpmzeXUzE0!M7C6$YsSqE7Xao@#7P z)LIm2a7ym^yMJHs+wzI>^0t&Xf}HliffV8wEj8kMA_jApS%#6((W#bCBwLdx4^Y6y z+w&V&f_b~QY$5Rz=he^$51eQsuKTt8?uY>c9(%Ze|FBG%VFTt-hP>n{2x*P`r%`Kh z*O5|a0Xi|#z$&q4pFYe+C4_{OGS3mb>kHk8{WL2k87WVg>k~%khHD+26V9-L|NX@~ z3k3D9%M9CpFMpR;3b2N;si~6jjkAaZDYS&QtE;O^L8GTaYdO>;+7AGYpu$5IWLhM3 zO1K!)q<|qqBIMxmF=N>5&sX+2PZb46=a;TOmdr9BPmw`stmA+yIT3 zt*2Lzvfj?FntNbpA{U(V$t^28TgU0WUSe;5F_}9QYV(3*_R$q3C26#qP8fJ9IJp17 zfkk$Gzkd_Pa0rp#!g~ID56%B+-uimvxN%&;g8FYf_fh{d_x{~+=`Ya%l8n)@{~?AN z0Gd!UdHGNMH+3-#k=@PoshE(GjN};m9pI!5& z&!t7I!P}H4$kg(SiaO$k{L_ljdw;vUX`}!4scXqoLPlH{d-bXVH9Ez|h7H$@Cv=>? z#t$RvKw0jWib8uPL!iQB&*^D3C?Tt>1w_Ev_4hCQu6lWvsfCr*M_TWfrKR%{lwey? z#+;h&l}7$Nnf>PEIqKr|>wly=|6V2E`;OdLU~Fi(iTQCtlZ^N3)E$E4+NFi+fDJoe zlz8KhwwCs2~q*} zn~Ysv)2^IP7XYpqBjqPfOhx)&U?(VSHf>U5z?CKhDy;S69G)m;yJS!2En6vUA5+b#rJO&>m)1hvym8CE>q8#5+_w3oi%5Nl%{0+bR;a&Ci zfkQRy@;-D1_2>%m&zHA23z=R8NRWTPe9~G=Mvqt1su?4+_|!LzN0ACwH!&>q^v!V^ z#`d`1ui$%r)HHi$Sfo*k5}gH*ZEm2ojZHs+z7pnDM9(?D=b2x;bSZGKvhKWj`1L3g z*c?72-nnyn+Oyb0hkCt#@b5DaFB|G_TG#(8hc}z~>x7DB9|Up){}jokgar zPuEP{a(B*J928=heeK@^k*uf;OgY9`c^mX??gbq`K2b@jbLf!Yx8GcRm7XFzw&owe1BxaIw)~TslJCDCB+}_}hb1>Z z1UCpT8f+K&cU+K$ZSJo2xv)AhG2bW(?ygHBqn=Y+);8twbrAW~&?GgXu**(2KI@bKp_d1>bjJYTwk?HlV zw(YXsh{u5y3Nf{kcik3md^`BJTZu@s##tGQ5GP-8rRzR3&J;(6FI*6DV6SW8p8++h z!=(Scn0tMF`rHwIr*3+lWM*CG>6uZ(^1J*WzeoJw<2xtjlxq*_9K+uW`*iWY{9ov> zKzF1#wdQsL0r2HBT{;b(vKu3|05;l{j2*xAI(yD3tYGo#zpz9;b;iV@YPRbrd?A)D zUVJ=Z1FbK^5G*0n1lu1{bwC66F5fJju$fTbJoZIlAvON>q@*N@deA6H_UP-^J5p62 zKYsFLoUH7}ouBrI>o&WmF=%k+jP%^0UtbmNP-Me%MGL@L=gs@k)Wm4fCqyRFF{d1xbqAMh!|ZZs|nH z1wbgS$za|*VN}S?4R1D?HE)10jIOTm@%5$X1aP7k)!(4W=m`PuMgDN8e1lc3OXma( zzr|0}gg{;L$-=k1(GyKY!lKJ?Fo~o7oVit3_Mm}eDY^gQ~8bcd)0>gN;{#rW(SDJx3Gh)sxat~ z}d7#K`z-2Ha0oVX|-ug+5> z*OFa?ddj^c@Rw~-l+jhH6Msr&&jcPoXAGcDz7Hie8V7e0;$1WKKSbWz_`3bDIVwNn ze$&(LGZ^Pv4p7RNT}e-pVHyTB5c2~2wbSa*OXQGTW7;-FQ5kPsn?h8_PMPxR%54;wb@Hq{ULkb!{8mb>&2WNa`n==T-iH&I_-y?LXt)HJ{B95+;jfZnx5ssM~=Mk7VC#;PeZEePbEtS zhhLO!q);#aFt1ZRi$S@VZ#zv#jHtn^Va9ihr2yocH{U>{x@?(+k{9cgRt#8ov584* z>dzGd;z5u%B2YIY@<21J?Kf#2JDI3q`_P3xs=dSV1sG4GF=Zx}1$@g{g-IO# z7+(p2ga-s4tg(q1v^Q-15ZsZk3&b>0gX)5UmU++*RaNpI&+ddY26AQ226B=Y8K%B5 zlxgaakRfZXMnuG$KR!SQ2gTab($cMK*9nL%7z}p#0v<@B*a++g!qc|ks7f(OAwti>#SCdi~)byNUlAxq(XSTp9^t?7^kYbtTh@!`qQ%z zWY!h6weAcg5}jk#+%9_XV9#xj)UE+_ACraE%txEWn){F%=m;QSh-*4L-?Aw{4UWv~ z2+SI5j)x5x?8dJlNEMA6xpv~$Jx42BJ$oZUzP$v{XL%vdi=bE1@f_Tz5W~C>7W=$4n_3923j>^i{Td+g;#0p!#e*H5gjX7Xed-v>Fx@=j{ z(W6vDm(HJma4jnF;qbXO+Ud~Bw)&|>eT;@{on!8cSD%;Yuu^wFstZ;eUO4uj`vGa( zQhmEn`!eMzULJq%= zG*|p*z7oIQGMR28TZ=cyimk1UUrd+HbQ+Oz{rKVA<^@+Idvx8y3lN5J*rX~dg0^Mr zlog3-PO@E_gD9mAAHJtnbk^kNhU$t6 zXJRzd32e~#yQx(-(M(B5NU#Q37oNb8GL|?))n{3gqh8&T^{)E-nN@`M%@{ekl;q^i z+YS$>yFrr1)2qthg)xMP;;Z$D-GK$%-Er{;y*zDfZG~V%h$6`OMbKBWwA%4g0LHqc zh2xB@H&L`1jFNVVM7a0Q-sXCzip#j2owfIE>{A;gbXgfNsbh-l zF~PRBog5<|$!6#HUb!&BCZ`8*I*4aTv1 zJcXxMR~L~~&U*t|laqaZ7d44g0HYZDZpFqJ$3FObuKmq(7X6CJ3%0gLzE!l>2}gDol#$i%ejXJvqA5BXW7|kQ^NDaA=iN4*_I1dM>4P!P4PuW7=9E>sj+f$D@^CV^1bdL`{DZFtmBZUbV829t~|5V z42vA#?Yk@t5>UQb7jJPCmb?dGGlj{*=&vx50Qvw*qBbf$V6)KzMkq3mjOH4hTwN6v z6r5dL=mN%R-=|5~xM2e_hXr1v5;ne6pEfNlY$Rau{Z1(_L$d`~`sn z;X9umowY0sFr#~-t|eGaQdfV2D>)uO1R*gQI3Cdb5~3Bk7G^$%HHI#8;Ye|Ox&pr% z$oHQ=^#lq%HZovOCC?RzT-N(WJey#C-J9De1;b`c=K`7DWxn zmC%qyhjyA=?Y>P}Qn#va26r5VKMVci$dPBk5b~xjDsq{l=92ZMOLPbqZ*c<48bKMr z)iTe(FA+#{I+cYAB26t@4l*P3^r=ZQe)W$9Kik_|Ypg9S;u&TfT6nRyrEi6O0!X_AJB0j6%-F<`XtY z^nr{!ITJ3C7@)PJ4}umF>)BIPLnCIZ_mBe>MHt^NU;YYehP?{W1mc(GQoS^Vmz2bV z7rcYspP>?Ebc25_eDee9DG}o3`}fT-7ibrV96UPSH=vW+7QqdoEW z@9hym0$Z|7Ouy6M{+a?F1;tY%|3~)L*<8_=Zq07!-Q^Ax%VhGOjg4tk;`n_GWX3)s z;-QQD5tSbl7w|ad8#h9Rd&Bses2&)AjedYmp4w{d=7e;PoQ{N zU|QtW{C&6Qvi^ext$aS9$^T%*T9bSq$ir3Z)~$1Oy~*YA3gOl%sRs=kwm@{%jdk}g zFNvU#XDUsQK{qs1D=Z3laBht(3v=wk;2Cod?m!~nt~jtQUbO2T7OhIZt?(tx!m2t( zgG%a+Is)b=L*$U7k2EipUk&Hga;i+~x2hT&W|kTcmayW$X9NQSP0ir8r1;ldW7W%2LNe7CenL0y$^&{) zp6YtJ3;s1g*xurlBAsoYrc3@6%kAxVApC9}W?e&_%o13AK(|PtfzjLeg*ksvL4n@P0H1*9q%r$9Tgqc+z?%?(18qPP1U%Fo9cl zJ{|l43im?!KwxDAq^H?p^g()~UT~2}$-x?!K(2HpJ$%JV)fh zAt=%FOKWa^3rF{t-JImKU~ZBTh2Um3)KJyUlN#PV>@FR6iMdh~O8{MI-i z5D0cUzfK|wZ4jk|b(02AD49AUfFB)4|*y}K!j2>p zAlRBWv_uH}4a#Mgw~u`ora584v;6#c!ghVnRMH~J4&UFXhV!|y&mN^vf`ppG0@UzD{z9TO4^5Q1jTXP);f06HHdD&MZ#;CFb`{`)LO1Wd?_*opUla9vo)&0|4%o!`0`4C=T6{y5jvkCgYQY>6%ipFw2)}&7Em38T%A0(_&tQul5{s@y^c$Io4<;tuTSBQ^qfsJ)a2@)|PRi|5bpX`UWh zgEWSAr4HZk=SQ-hsjIsODVD17%v9>6pfe_k4$q%G+p}j69oh*>#iK{hbNp2I81WuH zKu@$mh3dC0V16HDWC#$DT7n*9WUFS)iin)|pIcYwM$?D;k*cn*LpjJ7*+^4mp3~_i z;JHwlBC|~$?-O(PV)kkkj)nZ%RT{n~OL!D&Tw1_Dix`ez(q(cOC1j&W6L>P=%%+<$u z^9yqiE2GRZDt@7Vv5ijqGn<#ltvpLhLf7_ksx)2c=z#}I`%b6IM6C0X;xk@e>04|>@< zkr=4VP`BKr1+6`2_<8x!??HoAt$Woqk(~t?7OyeJ@L+Z+ws3`H9&FdNtl`@2IqUGd zAfvP0YRAcAWDP_^fB~Up#ePnhMM92=$#KzkU@AT(WyIGQ1q9tbwJthL^eXz%2xk|py6G-gXlK4dT=r%I*Z$$t+3mP^ht<%`y8lcZP*i`yLN|SR&7bZ~ zZ?^0{(WCc=yWedG>>v8DuXo2B##Uws0a!T{ajlMz_pG50xM>6 z5WyPm7sgvPZn@P}`m4?Q zx+VMtbtb)`Fdq5g!v`Qc>b|rc4F}qD^xn6(0XG4#32Ea~*7NM_>wp*hc^@$`+?<c$_9dhcF13-g=17hF6KK)GxNQvgW ze5t*6Hm$rq45VWS8s`uOxumUoN0XJVH*&SMqFjnndIO*nphKwt*oaBM;X zzGD5OPbaSJue)E*ViwY7kJ2sW$(mm;7TUvdLe=0_N7;@1%zD!%=^;a&TtNJnilIJ` zWA&@K*ooKo)(e|2>G>z6UhPcj(_vxNO@@}17m&_wG{P!b)1hdBoB`z4g_cdNCos7Z z2;bJpu@nWk+gUHY#zq3OjWg?7G$1S~0_1P^?%nn0cI`VPtQk=l>F64VTY~Dxp;%DB z)LRs;wXL^EoF%gI%Ot#fR%|sbD-H0p3>3*S2t5s!i-p+&)x}2elwzC=d7T}?Tg6!l z@#`$C(G1ETzZ$!=#tsjl%6a~O?Q_67EIMK}Ts3BXO)MOWks>awWCt38Kq>7;67_PA znZe=V$PQ;)Y-im@;Q$@izRK(9{LCWsay(|*@1g?NOGUH1tl9JG7jDky`*X6jUN??d zBX;h(%kt*H;m3QQYFp%RW7fbPYrA|13GCV1=VZqCxPG?d>ZG;CH*M;$yK1a0>(~D5 z^Qb$MT04_W%*QlkF1c0KIdojn;6|fkAEgGL&owaJCoXwLaZB3w&NZoFO76WD4U*7J zvCA4h`25-C*}hsGv7Y^iFCj|7vezGgkRTHxG?0>5V}hYrcG>4f4Z9S5Wd2#Kw$mg)*l*Oc8M8c*OT zB$b9$`MDc5pV`6jU=)5wk1j2|2bxd_S`soZMYN`29_)$!nD>L%uQoOPMZ7@L!`)hS z7SU>5p|e*t>uv?5$Csm{SIbW;SgFXL`U}_o$Wpqiud3FyX$S#b7%+sy!V3@};%_s( zb?NmZukGws_k-YS9-CZL_c8l8%2jYdjQ2xiaY>sh9RoXFAN?2>NY3^;V?!x`yueZ0)e z{Su=&#rUh<)@d{nG7T5UpHuU&zq?b`+v{*%kGN#t(?+&Vh4U-6U79d8^)zGW%Vj34 z>3_7fb40nvwb+2?s^T4Q_M6GbIcIxKZCHHa+&u;Pe*JXcJC8TC+<*Rz=*`}TJ5wdR z&g|a2b@en;2_v7I>EFAYlSpT5h8Y>7Q}dv3ygXV8^Edk;KA9jIGHlqQP_-+c4}KMfm_SAGK3%1|Ao%s; zQW0G`bKg2!SnsXyWc93!|!Nxo>W5juCMZTraW1h--$ zh2bgdiN9umx^XH=ZL*N6__=iNt5uj|Hk?%*rz~~8W+KE>LGCys&S;hrry*AgQ}q?+ zRCe4iY@sg#tR@Ww!x%i+c-1N`I3&M6qe1#^c3w?LI2NEd|I_@Be^nK|u_yBzb`uE@ z>l}3VTH^5Joc)9%59oxjaR~ADOR3csTmjJEJgSHX`mn@O^WfuPE z?jt}gK7Gg@^pu)GD<>a<@I0HS)zb0wIOyjc+fe+*(5BR&Gj&HSSn)?Aaf?_ zGXi3IN!oM3#OD((e3=;K8XV;I(qx&h*4J!Tm#)U+GR|F}JQf_5Qu*1g*?F}S6%_-- ztm#Mi}e7TXddz{Ka(cw{&DsEHHfE<~dkJ@?IH$^(d@Go&dqGaXA zk07;irkXD{dR?9`+BtIOxQ`o${p{Yp!ocD6$=UC_JC3jR8esnOKzr=ICY{~`+$=gr zFA)84XRYh!bNj`A-qd?l8gn_`?8Qq-4qh&pb>vfnif(2}XQuk{X7lI%FNy|xjwBCV znm!Flvc<-Y6Mr1SbL}4Wy`(Ol03n`J!pEtoY@zWFk~28J+d?-JP|!9rSn&0Ku<2mE z5p-TonD$C$>3GUe!5}rpah78Ko?l-k9EHUWD1m3%U$x*S~7SU;`_yk=SC z!XK330CVhJda9W-cVotDaEE2VEFT_Ua9t|z&R`6i+jv}n-fuZyijQ|Dzhk<}o}sx$ z4T>d)WJD9-`J+8FR3<=9BHZA$Kx2(d$jtdSH>9rtq8`cvTRdQr0OVd8RkYW#bpTR+gt^FoHlhTWKhMYPr~dG)0F~YLdExN^ju1;U#&-{ zKy?U@lgBtzeM2wbAAFv$+@U* zV1-nshW0KqQ=Swwq)mW6pvHb;&D{KB^iFwUO39bNyKi6XuU`yx-{F@gTzX7h>@X2j z!sXmz{qk_;T4ANJgQxjBdv+v6kBLUifr!iCu7Kwl#+-qy=+`fwZUv>?jh7EjBXr`3 zDYhGnf@%d=@0hJfRx-=n*tmp;(NP!PiJ*t`kC-;XE659KrMCOZas8ONz!H&$XT?Zy z1VzfLj#i%Ed@>rr6xnDktYAm`FIWdEf-mf~$B%tBWqVY-Pdm9Hbu%{Uz{f7GuDF^7 zqIviA?S8wSgGOL0=9jNy%D$8#4A0(9gR*H%D2Ui<%+KqM!lllB&25o~(*qvu5?&q~ z##|#Q5SJ2MVFIMIOQv=4Ob|O#65kQP;Uewhk7aLd39)?}d{dKkD$~$o$gm+pTAG_V zM`zQ!2R^mh@2Go;)h^yrro}^=t7Z>PhR+bwQg%0^z1*&Wv1R7UsitCeqAvJbnjK5bl7&dE2fdMcs+$* z{hc`M%v!QrKz7V@Q&~&ul?XumXZwf$7a~qwP-7y-E=S~Xzpb+64+WXFy?5mMf4ggX z^WI{&##sIOTOLQ}l~=0h4q3Wd@y*HAYnO$3Jo(sXN8Ew9JDwA}F0A;N<9%7VZ3gRF zuzkf%o@$y_2vJ@mgf%iSj*o~`J^G?aa7w1~Ch)QhP^UeFk6?L+jLal;0p@-E{5gfw%8-%s{p`!l8P8!0(jbL-Pd&Ttfo4QS zt4GwHGiP7>`(s#t3cx5Z`Q!9-4xr^a+=bLJc9FGY?zr0Ejm%9FxP{-rVJEm}@iE$3 zTFMr-dDbeDeI*fI2`3ME?cA{gtE@vKrk@EAsrmBd`HzRAI4gkdOn`DmE7Q?-i=h;~ z0^>1~FV@dtcyoJIuFRrEiyA-JvENP}ITC`%f8)Jm9=f1Ka*!H69O>3pPRbAt=6%Jp zD(O3wct<5iML!r&i65hkoXf#Cj|S44aI?rg(P83V-pJcy`=~hX18pkleqLz|QHN0| zy%bA!k&A0j-At%0et{Vt&uW^Xsy58M9)L|vP4ysiY}ukBrSlPeDyOZO0F8h#@q^B=A{gx~R&$52K75I&4@Vd_NQDT3V&q*@osLIWZ_E30A6nPwpNlDwBoJxg5 z+d`Z<0^`}>dKxN9Na6g3++3_(8)3ZAWj}s%8uYt3J6Jg)GLcjNR&Ut8U2EI2AHZ`g z9FVOIuacLH6c_44!fCCHEgBq@NRtqvA^2@}p~2vbB&`urN+V-erWG^HVVPz^2C4 zwUN{xqWEsOPaUufq#w_Mmgh9*6_Mxd7fW|o0l1hfUOZ#;IpJvdNDdk6r_0Vop(q@2 zN8}SkwHTyq??j_&WNh60ddq65R@Fo5K}-TOT!zu1+Ost)R^a(lGO?+~S4#8x+)TW) z*RhF-;Yg8<#?D8sxCg^;cyE6nRuOE0(U(a!j*e!D4_~4Cg`~kEvA~R)^1IW+hRz&{h6hMQAd&tIR#8{SBeSsa!_@}8@gJ^M8ZyQ}3g?@YGY z*6+hwg>&E1^U zq#5Z%?X3;&6W7tCqp)vh(TXJtLgtDdIsPsz(Wuuvg{C`ef$*DjKJBLmMJ6sv*C-}-C4U8>Pifq^7L*uIv!+ku1Ol%!p5S;NnG-|jz+Q_u zcP@6_{XM_~C@}ISJ*UcGHbvltS3mEczus`9I1;uf%A18Y+F;b+`{ZEcS71FaIser# za=voAH%IJ(0#s$KiJUcHuE3>HiCEj(W(F7v&=MEweHdvNjhFA7T&6*6Pi|-A8x(yF zBG55o^e~RWHR8q%`i|X&H{;)F9xc7@3a`bq$^U25l`)$HIJOBI!TD;e@ zU%gh_IJv7ApB)@=N$tn-dG-07<>QMCtG~Bz`F0_0T$t6R8nIu)70;B+b2T=d**W8h z{@3Sz^V5>DQiGD$woKj97GAwxcWKt3wd0MBSG*2BJ4Wt8P5JC@R_}XzeB4l$6&I9P zwkBy?j+H}M{+z+JmHTXw>ztsC61-_>s1lxVhKHbF~k)%lqMIS_XGbXB>_NKf7UK0e)~K8!(5&&H*Lfn%XKB{{97pE6jZdTVFz zEitm*qFw*vdTGelQ6JZuCid*JO&||yhx4e^WMpQJGMOtX)}sf;BZJj!#lMVcn%tIf z{IIwRhql4l+dVz;KZ}FPpd2R%mJasKFp}&;RhbHtz{lC|wq5i7KHJjcvitYS{C^i@p4jW=K2F~uUC%*W`S@}^TM;d5qmNoorH=b&ktlj5PhtBk)3M9Jthg!eB z)=p?xcxRT=(W(h8c{dmKIhcG*zFp~}Tu_92Nt|vZP8=vvW1X?SG=~}TKyF| z3Ln7+5-!#H(j<#6_jmvfO)naS;&0owaD-fA`wXdAZQ-3eHp1h&6Fj(JjOpl@W2pkb z%mFUfQ-*K+(t0>N4Ge(bixHSG-r}u;={!*B$1Ip{?-LuiMp`P71Z~pS zwiW&6@fR1r-DmoQXv0+BDur7Nh6`g)lZ}Uqc;wvZH|oN21!w=ctNZI&pU9cqaXZ{I z?S}hxr@l6=U!`}XWi;E(wmS0moWbB4k5$oqP7D;y%06|>+5eAqi!EA1`&^3`%X8go zH~Ex9FOiASwl;rOce!`gdCy#}0W0sGb2EOCz2f+so{7%>%JzrsXGYKUPehR{9ArzY ze!6m z$1b7DY=*4_iK!DSarE7e0OX1@SpG3wa=D0Un}{z*}9jAX0x98M*X(RtS#>k>yEqD zV_DMDIR-}4ijzT8poXVdpFDi{Y_(l<)v(5KpN1~GJS2l!jY>G`hG#z%~bmM zs$vsFG0c!2bu?Wd$O=j+igSCDfPum{8MWTKm2Q?Son0TjromWEWLK@EPom7ZR$Y0Y zRT@4sC$D*tyiZ}d-rTu0X@SgNlLv~fxdTlsHr$1tloTMyRPkU}nTd`JD&rOW#lV9A zV~_@%==Xx7pse;lOHX9BjpRUkw)}YuO$2q0$jFmf@o{nBmPjKP750A7y|teC;9RWR zl$EdC(4YSIZ3y?$+Q;K1f3!J%WUXua5_w}#-3d=8Bujzt2 zFM>3Yb)1)gQV>MG_Yf7-OI_}PQnk0W>CT!ZNO`f3`S78hW2I2}FAnT?5yu}X5tsrD z0`$%|MOvbK0AmZE6CoJIz=PA~LmReZE1qL0-`_lQu<+RadcdL{ea}=r?H<-oEq=_- zDfyS&CjGH)<+bJ=acYW5m7I9#ViG#PX~1}$Ne9LTJwaHqAl1;ofPJ_VtP8-l=;DGw z)29nr16k+7kY<=X{@EyPva&L8AY!sK4xj+(Wt!c{89(N;TR728R@59A2-p@Jsr_)? zsDH18#WuF?L-f?!dMc0iUJ=oh9J@VhrTYabBdN)P{Bv$uk}HY6iwLl_2q!u}qKQHS zeLZx>gn`VP$(IXq{4q~p_rBo3#r*Jq^Xc}^>6ev%zXaVXg`X#4Hoso^ACU(`uUlN} z_j7b*`+CY$5ss9KGrq=TAh^o1t3kGTv;vHofe>}?)-7@4%OXyJe|p*>l`~s@UvK>q zv5O-#EPJKIIJ}}^q9v#a)|@`QlXy8A{0VMR?8JiZ{dhoYZh!O#i55eCe2Z)ITna&oKW)TRd4o=6~)$)Z?Lx|IkGtDv$H? zmt{Qa;d9%R2!M<@TMNP%HRMFk+E;4e3Ha^sI5ODfx_ zWZCFhA4gc7v;BQDEYYayp_AoAb(1^29p z!)U`t%gCI=88s72S%43!NNaQRrL;S;!YM}U)}38Go#9Ba!nl>DzRsetR-J>#s!dkpSFkIzv&iGT3r2fkQ(Qxed5 zyiD`BUG`Uu=sirm>#iP)?$wkf){ud(6a$wLE+wY~!@u#Y#?fGn?7?jPCg0XCG4kzJwrG+grK~DtNFp3?X znas(oPtQ+{?cd{gdG;v{VP@v(|GAz{p+XruY-`J_i_P|#K@ST(uR9bp*Kv%G4hFWA zTxi^RK1|``zCv~sPJU!R&?C;p%GdYq%7+kbIiZuY($nP>6l$CY4Ex{Z^+dd@OwX6| zrX)SAPM>n5ht+!R!t3g*w-zK*p9_-oufixXhqUbQ$$!q`8-W=;LuWiK)sSaY_(Ur1 z=o$zE7D+E}Z*%miXSoGq-%Ox`pZ=-*bnicLK!{Lz@^KZ9efI@@x%6U~%e|7=IZMyg z8wIz0Rm|LeUEO{m+IYL1ccgB$p#~YRXV0CR11wN>QO`_^S?Sg4cwPPT%RJWh@X`J2 z7>|&JawoG2bw>C8Lu97-n0a}&YDdS2?YTT$^ZJhKv0r5@M9${l4Ukp(=LdyfQ7%1R zx`#-C*Acnpv#x~M_Da$7N2+)5ah{V+R8GXK|Ji@%7VR6!c`E064IlmG^5NLBdrpPV zi@{qurkKWA&igWG#5tuBBsjdrnW<19--PC5L+Q_VrG!oNlkE@dmRvL`h{!Oxrxa#qf2})lAEIH!zJ4RN4*#{v z{ZP=cz`0v5$Fv(Szgk?lqAB|WVcvo)Nq+U*6DbYdy7#^&iz?&Ii@8+9 zXTgr;%cE`*GizzYj%{RW6d-^x3J(z>a|!jZs_Gy2a&tGc%n|JKwX(AA!;^lDpJ1^A zoU_REuZ3c?mw|NR0@fDm*RA7R;6VchG?aUF!sp~H9gHa`Axfw{yVMCsd{azbH@j?no==*c}gOYnGw<=B=e2AUWNukN}8a*$L5TFurZN(N4O|6DK58p9~<*6l8 z@$}g2cHPA%<3DV<)o6*dHRY2Qa~FgTVNzBY9sB#pRiGh2+{qVF;h~32`4n>^CMJf{ zp7@V=OyeBStSKo1pnL4``3@(}1x&0nisuw_4ULs+Z(Vt{55~s$wrlkA@nCaiNM~tb zIap+oxE@dzGXlctr>t!Ir<`LMNBc#G+Oj-R2zHAbu!EYoD$YCWBWD>+!!efADPXXW z*AwDeU(LR1P&hQ>y#1B0yM_e%3}o*%)HW~B-q==VWcz05)z>Vqz%vcp zZBgs;f%HUR5x4|=r}%}|7EY=G_Fy?(Uv?>*MFuQZ#vBv6WMMpBWSymD!r$M*;Q$I* z77h-$YZx;QAF^;DM!Ov2k|;5U85;23JO#%pTByA0BtcARVnDp>g!QpWw>Nzk{i5 zVlEY>J#ZvLz~dDaiQJZar7UMT0FaU2Wtks$qeix!;dAwuN%zgTFy3m=?(?ymIe`!4w24p?&p5adGGW8 z^Oxvm?X|9TT{FfUb4>qhG%r9hJSD{&N|^S0F-A|;dX%D8xG4aGBVr0 z>UaXMCrXtnV-PG2c#hU3`zQg;7lP2+2Im?&62NRi+j$~Dx*QyEP`#kskNh6hYX;PE z)KhWC*?{H%_;A!zHW;@2>KDc+A%+-gt{b3=Fq;k1O884w?Yl|5e0vv{r?RrC**?}* zZGiefXa{ZR{Cs=|U>&mf9>E(aEVRA6IEU`&oIGlM5EKNoXw%jYoJd-KE(E$)vHoKM zZ}Njjg(2Y@O4!!WTMGP87=#UW3lMV??ptEl0Y+OH%EJHf4XTe2YB2H2_YDo%L)Zmb z2!Pg5M68A;A_OeO$?-A7VPKg+=q4tf{wG9K&^`#-?y!-7DyI6JAq%E4+>NM#QZ*tq zI^m8S>M~H&dvtpnz>1OYGN(8>;C$dL*+At4P6~=w4JDA#S1=^y1&~Joa)w60Ly#7P zYzNiE^ZPeM+d{0Y@@l`M*3(zdvY?Oy**HKXfbZ47)&bxTk=m8E0XrA!8vx*$a8JNN z1Es?0nHkVEGzN8T@EMT50BgD{pmcYwbrFtpPl!L^6kgeUmsv^r+n6H^w5s;oiwU1v*Q;K0G=D956|NC z-6nC?`n*SP$E+QcLs*q}{y}32N|xK(cEC&|`@pGJD;YHaCkK=>2q<_!H@9LpQ`#1j zHwn#BaJlfuQ&1}oIoQ>-m<5td#XKf^hwSh+uGn=zB%s8|;nbN41sN0pqSRQ*sbBzJ z*BX=B%qoPwke}Z{fGMlb&9#8l0U08o38-LUl$(b%8dbCLoN&NMMHtAekjOs>?S24m z?-#&ng+6YSJ%#<03=Op)c8oyHpaD`G;J4ruL6;vC7Z3=P-W_zIz@k7W*(7{gAEpNN zFtD@Rf{B7%1$Lev2Il}L2lx^DQBa8S@Tj-?9%~QJ3GS#EO4-n(xVfuf!#4#L4Pe*< zAA*|OBoN^JXgnZ_K4Az4&xo334(KTu0x&c1$UuXJf$l9}SXnY%oSX;<3H3{jzrh88 zn2U{Iki){jfCLyD14FmTYi4SyZdV`bS5xJdU%-*ULeA#QEruu-PGS`R$6yhv>*~Ht*dS5|Enp8ex@;#$KZ4%EgXI)&)RY+@V~jLe z<;R0U3e>{|x1jX_GJ#i4PNSv{(1J-A@Z}#_p$eM`RX1gpswfs{{Q~s?t8z&Q@}Lgy z=-@Dn#D7Z*$WXQJ7Fc>{xBa=kJ_X(rj~%$0FuwIO8%kEoslM_I=njxyp?ZD+PKHdk ztDkjj22L@Uac=-+fDQ;HsEy6diseLLvo&3w+d;7(9BDGN`Bgm8fvbRWK^{li=dx%# zmWin;V8AFB^H!vRM4?K+F#)9=rHTy&-Q@d5ZyOpO zi(Mzat1u4s^W&`t(Bz&R8;gSgn*h~HI2B2}*8df4W|=Ojf8Ie@s#Om!0j{a+E4PN{ zA}ZPpJ}!^QFzQYs$OM3=fph|;d%D~30?ZHU6+-njqEi=60Ti}GMMYt^rKF@}_l*9) zHrYhr96J^3^xzz9q>24 zh|bR?aurId2-GQn@*?;v@WE*zW=lVc6gFG3K&mkon#dwo^RU>MnYH0$K-dY;VnN;` z_^KBmZU$*1z=d8=pdXb>h1HIO=2B>QLQ1q-;p_TtrCE-}OK+1X>Q(Jd(9{cQKZAxj zSW>9er}ao~-cRm2gBK5>&Zy&G)1|)#>>XJ;j}r1aE@z*a6F-P zfgnHigfyX-@4*9*)4Tv53D^SY&yT@Y2a_-f!wiyyk+!u^Z9(yi zK>HIID*$$lXhLyr1PA0VH39a>N>_n%1tQl9K$ntbsCE5A&)c{PMSqB1z{8T@Nda9a znsTwNtql&T#CiD1(GfD_5VRtI*C5Ukwd-0BaS*6(%i0P9<`3gs;Oc;-1N=CuDwc^BL?__@Q3M2FSIOyE)a{YxH$S~J#11)yFruqNBA;;CAmkZ zz%2l*mc;`)CA8d#4xl6e>8T#y;lTk&H&CUZa)BoMrT5%h1~r8&8%Ty5phbcw1WjBc z$Pa+?LS;Kyz(JZm48}Ks(L*7@;@wOn?_vApUj=>=eBsC=-OWtZRroq+0Eb}A^-sE0 zQ@*at)2IEg48VI)<%mH=^!X8NBmYpb!n>D%?Q2{*J~>H&&;e6QMWx^r1e-=(Ta1w} zq0okh-4@0i$m9&G7Y~T4_u?av8Y81Ps8rU|2a2bx(>&R05Xyq-hNp$XE3&6`YU&ga z9x%KBO{92V`~hlKsTPRVKuV4(JU_{T@DWsFvW-Q#<9eWc)N2NEpQ=9JU@#*cgmCQa zigzPss$W3_EAGaTDhI?GBr+1o(%`Th0u@KdbWPu7K(F9ec*VfGQBb)0spIv|Pc&Zp z43=Exzg$KR>UU2fE2fw{TEQK{43!kQBFX7d=WFMz(aB zi^li46`T^Qm>#q86i@EFWl>aD1{%_PD`)6%ge*v9If(ZtO3exAxj~XQKusXr1Uf}v zlmm3!f$;+=zQg&rjADu+WuHcJU5=Pq>5loAp!CTPtt@K?^rLT(Mn-f2ZP0}L@c#W+ z7#Fph@^p=&4&3WOT*(tyP1q|ynCe(S1@8briK9b5y%Er+;-$azL_Njvrg@V8_i zvOXihDg*`L?$_EsW5$j_CbN;r1Jj0g#S%n=P5rDv8w1O?6eyQ#>`6*b<>fQ<3o3iy ztU!4}lk5W&kN0<%SkPqxSud;)WO*xN#h`=O2J{YKnncCN zTY*&K$_j9jWLUBQbc7akuYiiOt2crqIbznqxN)}*iVOUJAG^k2P&GwmUazjLp6JXm zK7wCJ=o$sj_pUBH6ebdRhi6k_0uR{{uyYZrm8Wx$dFO%&dFpqG$C&5wGH=XErf}p2 zp1QCGG`^$$Y;L50!3I2Q-BrPQ;PJ?oPWOtQc5#=UChhgy$ERxN4^(EtAbz!C=gIT9 zC|IgSR^_N)e9(Bz%*V?M5n^F|+S(`IvTe(J!=(qbip%w*=Rvt;XZcd2B>Ku(d3aV* z($cV=sJ1xhl?A#6QowqLH7D~#hMnw#x_4@>^J!?$;20q)2X9;W1K`X9kP}-&MT@(v zFgOs1Z9byVeFEM%EG{mu7BI<*^74^aoN$tW2ninpQJbz5!z@T_fKve(x;#TTyhBhu zT#GG~Wk?_HzOX5vaT^~V-#E;-v=L6SyH$8o=*TPCZ3fiVr-i1=Ym8SuX44~mRfCcWdJ@$ZR9&S+n@fZ3H z#PZ)wxggTTo6--Rc|csw5H{kD0|PR$iSY)wMA*tAvb-y^4^Oj7(5KK&4nN9B2XA`rw|I^z^#8pJ{6c19}cM zxshM5P)q@PjVZ=*q%t#@Sb+&iHA+Yh!{RXqz`1}yWUaCVHS2@tR?zmDl5%M?Qb8*ygH-6uum_*Ud+!{bzeBCIb8fglxUC zLJdfp{%RcFOYhn(7$VWn)h0#I0!#-gl`t`|=8+UZzB2oN0+?!X%oC2-ganB2=Gxo+ zTMV^8>+$47wW=TSCOB9T07RU(JAeLw*jW}?DNHb?<}$`0C4{3sGK2?ID~NW05_lJ< z6{M$~sx>CS_JEjOp0gVs!te|D%ZVF7?>bFbI44%=A3sj2#SZ>v4C$BL>tDdu0OLgw zoGsr6=L6j*6=GioIY1P0^&avG3f6+ZhPS~+Rsc-pNqJIg>KRaefn0WY)lo1Bls}(W z6eP?6g$AE0WF7L1;Gyh&QPyvuis&564fQrYX+^*puY9& z_*#kcji5zH7l8H%S&iA330Pi8^2u>9Moir**dyTN0-@66`*pGpQsJ3^DgobQvIpWb zxKllpWb?RI1*&>eFOf40ayD*{Zu3^@Y#LAG-+tu!6Q->|O);DS4p5$MKOHzSAU=&? z?mz`il?Gxl@Et5vbLmp}OSG#1bainI!swJ4)|=$yWAJ-ck1{I>fIq~W$87yn^L7v%zNHWMsbqBe1f1a{V1dwf06nfC54e1UVf_GI$dIa~?w7`BPV2k^P>& z>6kiducS#}vv|xEK6|((@!w-oxb;dUYjSwxLP|4N9(*B;pj>gRg=SX!q^+)eb+P|7 z;-t9*oJeg<_NIFf`$DQ@3%%^S6Zb22S##tnPUueBf9gKp)4Ps?0d^0NCtf~24tDln zz?0l|8TLnki3)^JP= zwH+<_UtlqS#O(%XgNLv;zz35K(VZrc3Q>X1DHv~<@&bBLtOmKC0s~7bEA?yavn1(Z zat91335Ztx<5~|G6*N3J0x~i(q&K1##fp;u0;lZPK{eI`1PsV<9|8{o;sPtxV+iM* zrVoHD4?H3*Ak-pRf+1QbB>eFTMPCM1GW@~?jL>xyM0LAEJey7SOnHhM&(9d_JRCLD z_~;}h7-%jGochT`xM;`6Tf~%<1(qa3a5w)Tb9=L%}q>0HQ1jN9$gwI8FulYf7S5KUc%m7;D zAUEfZQ;5M+)%=d?x-C4&n)DY>gC3axIMP{nS5cY{0F1)!SOdwgh|a}7u8=3IdL|x1 z+8SAW2?B1=SOU~1omHj(1VFOy#OGmk05U`MQA1Y<|EWZUJBgy(=mG0F5ep zUgcCz21ZU1P`Vi8me8$9SGZe2t_+3O7#jYB&Q_=$6u_CXZz_NZbF6D^Jr53ePO{;(j6)c>LpAUXo zb*iN)V}M!+I9;$jh#ly#P?V=k0Zu=FQK(FOY^?wL_i>nUzsqWs2<%kx8r|C@B$;{5 z@p#Inhq?9ZfYxnh9J16Ev8Ow9{_06sY6;=UXQQtmPE#zAgT5f@4YP@RQF zC0)1k;5AT^fK+q_90QDL!#3NWKuvW%J%v#*O5LP>R>zxFbI=DxMMGo2T4O1mF^C!o z2m$!guiLypQn?QrXaK#h#WsTT0cUstlnuu@KWO*^91>X2pim~EXbE^NOv{3{#@yGH z|EX>oeE8&kv8xUAXBZ{spi^{cUDB@?Y6UHNX+TvG zyAJLB0HGZ793By448oV8OgSx#jRC_2Ph$i9V1t)pq3&Si_Yn;u1qZ;%peoWen$C*yL!tj+R1Az6!$05T zmQLw07g&~BS@&Z_(jrf>2&tgi^AK=Crj*Yo>Zv~>vW8ay^@T&FF06X6U{tCFD+*JC zn?TI4V|MIb#_6Q~Bv5F-1KbJRW}1Z{R+4MiK0#uA3jwDVWasq0P=mLA36h!IaT_QY z%FxUcvIY=(>X^m?-3jp!tQ9*;Da%%cHr1?2<(Q)#4o$I=W7_rE{E-=f<7 zPZb|0%^ske|M@iPlSqih|NZm3E~Aluv1Xv`CV-+<{p+GE0V>b`{j>PeeXEcE`hW3U zD(PTU3Hg6N^#8|AxL2q`2m=-;l!3K99%5_QZcu*{&Sb(6+XFuXP&5<*x#QRXiGj8= z00ix8&LqmD{&gF4nRRPY!BB?f0<&IW01Q2p6u-oKZYXmCbpR#B2#z&t&;p{1t-*{A zI33WH5n%G+-w!A20-Op^13)R^LoHYlcMX^`pah(pd;!35JgF(%2+BXzIkWE{z?;X1 zG_BKwx4W?New@P9Xa8QwMjE&j5IAQ+`Ia5m>*ClP0eVxwMak7xf$R=!B2q+!;MSLk z4WQMd`juepBr~%mI21Thsg2Mi(*@oV;yl=Kiq|DU=oP>kKXJPMpxeoh>!1z;Ei$0g z4Lb`^m^&5ffJp*O4heq8l09@Uyo3f8E9Q?7hyjvn2=P0rcxljd0bsrtpr6oRf(nnP zr|UB_QKI#*(@_yg+N!x3Zd3J?l|v7srku`uC7PdKIcgj6ov`|M9Z zM#chs2gKnJ76RS45@JG_lA?wST`+%O$Qai{SN@;wM{Kr(6zG*}xxn4c4R60MX2BBV#3L@q#iK!b_I^JFiM|CKQ~ z2oz2-k_Q%?5)#k_tN+8miut^j`v-zVF#3)?Mc^bsP#caf6w7j7sDLSkjNKow&#tB2 z%*;&aqJ$&}sJsYKkS>5K0lcnd@Lg9#p?ebC8tk_M-M(LtlEO2hy@C1;s`m`)p6@B@ zYHJ}o1NdhhSq7n~3TL)LoIO0If%kb-S8%5ZAtm1iIAZ|a5TfBGaMLK0_7y}zphWNp z6|~f0DFSRg zC??vPm|!3v%0&UP;_Z;^C3{=qaaxdt!5j-h^slEkvJD^^H_(X*hr4h`)~ z_dxduLg&#@_2VG>V|*53Kp=rwSX)yQW-`j||L>z=z^SL1d&IM75Ar(j=PJSx!ZUcQ z5dOfnSboWm8Y{3ptDc=X2<_S?@7LawL0nSv_A6wMP-cDv#}M{2w4uP%L==AjUOpl; zC8c;8D*ouAsPaseaj6z>8@OMXuLeaaL+Duq*9m?duCK{NLX&~{@B3N#ds3F(o)3-+ z^8M|fKM@FEIYW>h2h+x_&_~UeELC-Nq1f^pB0(OD0YeB-fC^p!$p(;05g^*a5&>YD z%4?N`AYBe%1fUwOARmGk3={Dpfp!FeiI?o=|M|*pWbi&2kQadmh$hN#gZhzc=*bSO zEPWUb0-8zz{u0S#LcY=JoSsf>o8NJLgn-g(V^R`zl9G3!_%TyG3p2@kAbvs(YS^M2 z%oCnpD{Maq5m|_V+AqaM29!tZ{(C|~r*KsiE5p(8v;NHgxd&F2;F@-bbRfHgrGiKg zq`xVEc#c4g*MRVajcgqZ1!TLhr1`H@P-#A_AF#cvQd67ZAc6%`&D#UVJyHa^2T%${ zjfl$3WPm^qwoRa9I&@80_B((J0|E#z_aMlHnm6oUC@&&*pgIN>BGgDZxCPk75Tn5t zH08<6t5-rn3?g^{u%ja*q1p`ZI7Ua}%Kvi|bnhA;8w}u)Lil+yA3y`TJk9ej!ODYS z0lfJHv|bRQ-AlkXJ6_F6fj(Dgi3K$-$TWZ*sc)JL0VLcSsHy?@i;__1wI<_r6JTI4 z0qO&)rw4QvV!DB0unjxC+=LrcIv@f70s+*G!I}e4ZB)PE|JXKsaTFEoDG@cbVgs}- z2aD1|?C%NrKj?PknhzhJoWRK*gxW21Im3FQ=7HXTAnGI|n$lAR$dp~~OjDmFu?!TR68mHK(LoiYPjlO?7=#_*&n1$9Kl?AfV26wPq8+o;AuD3g< zYGMcGFMk7P!n8=srb=Qa+J`TtQ%?VfFHm0OK$rkm`r(z=cAit&3d8P>8G;NE41u2- z)b`vuN#E1g@ayTEDJ0S`f4|D2$f_c1<;gi-(I}CUZT-)CKr$v;0~4IRkM}Mc1yP|i zQ7@Kp>`gi(K8gLeh`;Z#y;rAKf zdL3E%i2K+-PbVt_5l2O8WqP~GGN$DEE1KkM;yCK5fx-+;6?x8o&%S-`Wq4jS*-PxX zc|az79!0tD6K6Ok9yR*pe=gv{1I)jEJ*>S^D6)0+^<9Kg;e3!@9GH<@*s4%xcz0b@ zYP^D$;z+#x`A-LtM-R!fSLxQb8VIOF93tB)(aDsCv;$~I6B-%@j-2*t^OSc%~0Q0dBpJ8TqTzAkTsmmSD4==P`w zmP37Au9F2@CHmkGJ2t6n5(cY(@B{iEVQ|GT{`5o6ra zIG(huSJE>cHxyF$&V-xUivGqY70;{OdzZ%8!lRriiFA=^imhnDG;cECxiP)wlSAyv zFaG#};egMxZ!BmUj+JPgSBXuKaSxpfx050m%kBN6m44b_I_>#9yUJY?y;$qQ{!f5s z_3@$x|4pO8JE=SA`_=t=c<%-@d%FGknh3r`5dfah&+gH2CFFun~FsK0p0d zI{jhR)~UTwyb`zb>6_N{VzLC>3tJ;Y>-$5mxBtFX!(uJ2O4gDT*axpyY0yl-n!rMlAmOkS3hnb>%YseNB6Rb3zi|lTERJ9N~_N6 z<1X#HMmLP+`X4>PN&6cgWz$X-SYfv!US|IL{FsRxec$EC!F!HziuwtPcr`U(_6ww>)HLG z;v>?eckPt}1(@~U-`ON*U(Mgp`6u%9#L*qQ>3LV-O8P`Ii`w~wnw?Vs=c^=Wk|b~+ z)qJ2n*AlCcY-M39i@eDH5r$#2WBNGJF!a&rz)bqDIs30SebIugHqG8X)h^})Z4q^^ z(Jue!N28%qrz?KPbtxC(cE4rj6oY$qOp+;)%s8r3(N*S(ha*4GdC;RPo-6(ti1oMN zyB>=rxYZYGc$L>itARfKY3e6zD*Rl*2_5g)(Sp0jQ*o^!e@K^oGzOX}oIhd{2YXuP z8c9gJOOTdy@XG;p(lYnMW8)c^j)wu^fD*9;%Maxt!Uh?5rE5sT%|p1xv(8a5dYx%xPj^ke(fZlDTamLm926;jysNBY6LJ+% zD>wuk{(waC#U0WtW7|R#g8<#3=!r@H_VkvShh^$6QWK1(tG)X{qtseS8dsdX zC0q>AMu18w9A=rKc;v)cO*6!D`7?*z<%RMI;~(eE z#J(63JNWvM>qlRDuG)W$^sl1t)%dI$%W`+oVw79lO;X{i3L@G4wT2*pug$(WW_44DfzB%k#Uf-09v+1Q=0>>L( z`GVeR(tT}xqF zDSOGyoyzOK9{kkhVKC7sP%-=I>i{!D!X`h zjm5M(G9pUMa6V39KH|MJvG{-c3cQi#`zDOeH#A|IAqBwy8xen^a4 zCzd%`%OPjRN?x)HA?vmIMm6`DZDX{F=rMyL--7?kb^`o5#hX4C+){1;vM3ct}H+ z1}}ouXWJkA^{#)eW$j~OXT9}7X>pg-hwImJRCN3(Y9kG`MrQwBeA*j3`Z$~S<%!?o zE~{SMo-lGcc?7YN1 zP5vE_`J~Ea%-Trm3WEH>uCl>-huzYZK0GrlT&r z$@xmnE}4%1Ri56GwM3d}>mIqkFYiqoQtR(tlSP~jMQ1VJ%~`lcgm7J-T8r#UC)`ND z5aIC~4!eJd!zP3YT*2a#fdaqyua0N;j=F#3F!F0fHuSN-l{+;YjVm*c#AUpH$%H}m zj$Tar?QgdZdstpu_xKM|^DbptU;fkfkb44V{zTz3PqJRY$(I~` z=R9Lmpc7qe<SkxehjClhs= zU4QMqh9;UUI(VXN>G$?=vPB8Mq$4|!4s6$lG%C#nM(9!;Okdy559(0yui+*^;J?6S zw0G@`ddL-VHj?PJ6NG^{>%;AG@M87gZ%NhDJ6R>afruRnrwe6i*CkU9doLqk+UdMM zu)eB*{bn)G-%`qc?)h1*^dgpl1}mkGbDoC-^7ym#Q|qBdLV=STA`P;Hh`+v4rNmcj z`3LMWWgpvGK$G8j|4!cculSdL8ui@|oW7US*F?M5#D-yAHFk((Dv(4&2pNAR$NI89 zN=N*6sqvsZWPfGm>FzL#;#Z~l&P#F*^fz=Iq;@%@yQFCM8wH*t)%=r);y9Ic6(Vh_ z?_s?`JT+_b->a22@lht))2ZcB?TLx>%MqFwHmfk^OMX%zKRd+d+!P9vf;$Ybc}SOBTeiGu+y?GjLJmVaLUgV(C(0M?>Uw;9_}PwrgdEMr zqN;@OzvgytXn&?myrietz0E;b9(Wf^i zRSV~FLR;hu1foh4fjE1Gc@gYZe09WM)7VJiUTy};JT7T^15f$gq<8HY*$`H_?vMOoU?0XvxQr0V_5zbS0u}Q#@G7ONR^gI|L#~*;=7L?-@gZ3Ci(h_w3bEeFc84lP;;Z< z+%g_d9r4(cxDv1+N_qu8ydVGiHN9vltuswwFq1H$r>apq_%U<4@{?~=j?r7r@!00{ zg&iJhueGZ)(`g~X3`@-^Ej#xy5vdLMXWZA_3pu9-W~m6D`ldajtIFM2k-RHjOr{(_ zz|~o@#7&~%sfjTTOHnk?O7vCLb&mpU)HMCdGA^-4%l4--ejx-KCC16sqa_lAXoCO! zMq++#aWUp;FDz_{u4JZaQ=ZIv%)8KRjpm15B>b-Fg%A4AMYe(G&6ob@2$IOwRCdyC z!(JcE^X8e`yYCI>3U~YWZ{E+jR{jzZg0@J~dc0C5!d2nvq#(1hf%SumX;H!zeWL+a z92X&~r-rkFtGJGq^p5TJMh&h?5CyCLk^vfG?+;=L<8MRD^)Lhitg{U@zB&DT%4-DT z@2A#Pfo9{#DCa|h(EOUBy!EI5?KK?*0C&&rdONS%)dgkpldzl{mml6ji!iHDiJ;KX zwt1(&{&h#E%;NR0?_KZodbo6)Yq|JeVv2>ya!q|W*0l4Sd!B{P9J@{&aJr@^AI^bG zG(kbMF0?u*cf?rEhV^hds&pg7!ZI*a?9R~*zXMX1NVbWujru3%2C{bzi1~OJH7mXC zD9pagI$OkleD7XWo-JkG67?^nulc-yNRn9b$ut<1N3X7^V`lIO1=&`Jsdl9lssx<>b>wp#fS9JUK}w;+^%WH(o;O8Vnj|?#IAG@+7GWXsKWW$d6E{vYIB=l!C6d+4nxGRXlqGj;l);HJbuu` zBp=!v{~tS#uC#BV-zDG+e)~tH`M`Q-?)iN)%~y7fz5+))ZgL!GtL^DA zvqVlurvU0pF)I$9ayYebIQ<8X-golbkFM-l5GHVn36h^wy`7V89#2{d zb5W$2YAvw2NsXf*`1uwdzV|x=C3J+=h>y2fTmAzpimtDS%3$BrdpqX$5xn=@Zz@b& zqw6;`d%EN3zXDd<{i?;>O+H-=gvBaG!I|N*Q=lT+gFCUK_f-uwF6&CybvGUc53x2_-(FgcuecpB`L1ovtFiymNX8%d@F=_gUxkn~4g z-ey<&*>&wvbUkx;H)+WO>BQ!!?e|3F?@0>P&6HmRk&)w&a%0+f(qg@#q2xvwW>Wgz zd&iiT{uSNLB7Vc0C>>M~x?Bw$vo}(fZv@ppYR>;aq<9Oe{`qz3V}84-B&#j=wiSgu zqgkJNKV1LuR&fzxvEO(kBLSq`x`WA4s!UB08f2!Q%_RwKTV+|pKh-es?;^_v5_lVH z;$`Msrv~G7LjS%9N_JR!I@{%qOUgp?{ouZg2Ac-ko>|$gcekm@%8kM>v;c}P8Ms%? zB6Z_Q8Zy1aFk*5&ic|S&6VuIKt**kII}`o>v(DvQF_=i6=|;kdp77ts(h1Ib)h9(O z*smvP^sF1>eT1pKtoo*@7=`zB!*!TG^@dTq>5!4m{8grkVt%d0_NgndgM#N*gXe~jQakj1dGS>{vUtxzuI zQccugXi8>-o8T@LP5Y zgxJ||Ttqb1yKG~%8ZL{k_0L*kj(24Q%ChLvIYJy|7Oc)3)aGxh8(Jf0acr>uXwsZl zI$0u=SyYtIOEf)C`nKHjyG6z=-9t0_L?oSLsgoaDJV)obq3X~rBJl9q+Zc%*`=imO zv$hY{XgLT-5a?W2?eHOFS(SBd^ONU#DM035HJm3JW88&acc?EeiGEbUeER4MBHVr? z)9yE-$jNBQGSK@<9416d`X-{9E{Hb?uLiynZp`*-ZT!L#d!=rJ4j0{MM5D(g!JnVJ zv*S3FH;zDHoVnlDHxo0VeQVojuWUzi z0woW8D}&Jx{_btP{6`P5xbc6EJa&!D|LcW@cq4`FO>?xs0+9&WwXH`14^#%mBov>> zFC5NRy7-Jr_$Xa@Q&xRD0hdxn9KU0iM?vuAhzRjh`OCpP>rr069*@w*y4}Ghb?qiR zeZpXyu87S#OaVVy%{S6> z927~%{H(U~t+AeUyfvjpFkQR#bQ`U0vau>?^ptv+I_U(UWE5)6`_>_NaBMNIi@vbN zL&`&cg1H=>Hm3OgFz2o|obm2YQHzMazbeiK%p5t=N)M_-CGdHd$wqhq@;V}xt; zJ-cSQj#@6lM@6nvURQ{BZS%x$rFns}rP2%b>nz#&vv755qMbrX zQwQ`pCGP&2y5@fP#RU8Ihg%F>GZB9@?aqD7kI|X0V}v3cUf|`K-@M?|t*?qnE~E?7 zR*hI~-&d4=bu;@%Mv^Nh;YF$yd2`QCJrYbItn;Y-DK9;0*@gI|Cs?U{pS`S*mH>^t%- z0areK)34-N`y{JYibh+ZoP4?U_Ul3wcN`T(Y-lmQ(+P3GnWnOjaFXjK`^T52Oeroh zh>uRsky=00Q_`k}+pT6c+C=Xd>A29U<3*<5&~PqswKIFAOR;zG=KbG=Q56D$rY?U% z#V&nT&HK5jr3CjaUYh=SO=CtDX?r0^UR&J~CIm;-MzQ-x-9Q=czPMY{qfgiF`m0AB zC0%`S?2GnSo|e7X#u9z4kQW=#+(L!-4UN;)!FEV5-v2X zLbhsL1m2sR)l2j3zJ>JsF_AYS<_BmK{!)hHlG>P zHuJ(XFK&j1_e*aVPuYqSU%<(v8YT<`45v@kUH;C92`WTy#Y9)v|U&#tN2jq1iQY_b+w}_L9Hl7(*!V z0)~1s6oPtBefWC6OwSF2{>{g(f*uK?%Lgyp!cE8y!u%AMZT0rpmfXq`qF`@WAGpS*av4y@7d@gE*`( zmU;AL^x=AtVVL>D-}8kPXM5ha%{Y6?s24aVZTxTU z51UKdOj-}554>zICCHk@$?r&Bv7F=O+0cHlJ?YGw3OPWe!N1%YpM4NuebUkJ|6wcTJeiFW^nA~ z==H%cn>O}qFBkrY3t%lnal8Meah;CiRy^*q z#q~+$X}+q+Kv}i1fxlt7baFa0ukcHG1@kZ-(n$V2X4-5Y~S8R#NIbF!Dt0_ z9lXPA_5Ltf+02~6945XfENo?OZ}{lRoY-WTp=HN2^}M@&6TZ>=GL)+Al1L53VlR2t z1TgANZ4EEN}ai3YQVey2PuKM!7sPpjRJ z;}H~$Qu;)Y`J#-kDBAuB({#>!$4iLeK+dXmn zk{U~9hkyv#RfRNtlHt0vd&NsqI_VE*#j$D_1+p?%q?48QMFgk90*Fmxt`jXqhBiHG zOS~}43Sg(<8jfGT%EM5ye-n>Y)>h-UX=n7w;Gzw~o`-^`^S&#dXMKTD@>{$i9)nx$ zt;fUJYU?YE;X#&NKYuJQl4^v`%FaLZa=EG!`_MGz29bKc+}#(h9|u>M-1x(WgXt+7 z8Ul@&s@}25bEY>o5+phFu3mL~_ixD?FV1Fa z1VT51U0ds!FIbW~KVOdS+1tJHYe`1tW$T&es!C9~3@1t=wZxj*ho?k_qa%1Y!oU9t zsXEbYj)|E+zbT)vux23gAW?TSD9~Phb<{4eZ-c9OwAE~EB>OKmYPYBAh4NytGQaRj zJr-ITy$H8>YV=g5r7TP}Da<*CGH|6s-rXxk+x(h}rPQ#Um zo7yE`3{_KCR`37u$KTg`7abh=n2Oe2q_R&#A&uj$GPzHl$L1LMUV|QHF=6PQBgrEQ zrW2XmmAcIKCFZ~tWFuE$qUY;CNe0@y&H2 z>A$P9HGI<&EO&`&wMp*c%jg!KX__YMO5=91_II^7?s22G7S7>6L@7Df$Oyt8-J(Az zCEt5R{D}JQ-Sm%mKcw_iHVEy>9?=Y5pNd&_%y=EBPs4!w@&*P!uGt>Z)cafbGFpYp zLtWa#A{EI6gRd-?KKoQS%Cghg(!1NHnuO*I%&F`Q;^g@hikt_2A4~HZHb!d;XmL@U z_R!`e9lC7)eo~9;xq(US9(45T^7an#V=vs&34gLEtoW@Ixd;{(7yY*2^yZ5q|3awjO^uit{u++ z+pqgVN|MPl7-<~npD0NK*w09L?3ua^1!uiN&^d+Bh=TXYJ^7wg8YOy^sLD!SgrN6R zTK~AUs`UcDVP@(~+EH6`_C!H)@7Rm`=IT26$~@EBreaGnPa2IMliZy6x6qVdD?az# zJ+8YkTZoIq4}9{vDDWDZP@o`s5>ol~{@!?V`x2&ctA&EW?#uKXe-+7Vlg{~#o|DS% z>w{)|k+F(F6Xhm12(I0|CWEIk)DyNZ^)6_|os@BD=CX#NiKK(>sW2SWFS(DT(!keBxE>`#i z`!Vmw*%SqOG%m+sG=afit0wbjmcw~Y6@iUHN?(jE{@meV2z7VPxwzPOvfJ-Xni9NX zE28*?CY8=-aY3B(6Cz^TKepQ3?VQ}( zJl<6M8%p|pjs`dl+?D&j%1AMl3$U5a_Vnop7oEo$jkjHl`AiLR+%n`CXoCXvZ_f;5 z306glNACMB1mk42pqa7OAM5tA-;sHSx644k>r%%obGar#GB5MuVC0L?{(hmi>~o`z zgbUax^jY&x)h?bb?_=5rdcw+gwe3sq(8C?B2Aitkuekp;_-L{IjQBrZxljV-l{p?J zub#Sg6kcYiIc?9~+jqF08D09|(DE2<>q*7*UPFc5wXhA(R_Vg!1ASf(*RpR!ZP7{j zr-v_BBd(b{=};d z>go26#)k^E=UfT-f?KkcKE>Y^B*oD-J<}U04Py%o6|Siiy{G<@(Y~9xl;e~y=w6y~ zByuPxUoqXs^O%S+s)Pm>#OiZmAfDCusJUbIc!%?>CFbI6*r7Nvzx#iJz-H z-aRv(57iN#lq}ys&J5knp&|05xD#AEh@U*SL^oIP!K!+l;zgIz<}+VL5n;AF=_B?B zNzeD20^QEPJ`wWC4-twqJ=!bps}J1a?8K5`{&I+06PA$@L7-Tm_i*1P_9!d&gyFP` zcu}(ar^RL;k3^wQ@>GGRXXs))1ZN(2ePg2U7@L{CDY?!Dp zN4e$g(OWBr@+7Yvr0v^OC}sl4lv3YQoLHDk> z^zSnt?5JD&`=(U$`*4tOyfl@JHe>ldvdz_66VIZT&ixYi20rsDg{_d(^Ao-=zZE-j z#T6s42I{fp^ki;*BZxbZ_Tm@gGTKj)PN7oZQ{8pS+olv|2#gk%qtKH$pU`=1D=;xM zn>bXdC0|vT^W&knsuh|dh3p3!MoL`ue7JJ&oMc=tftReL!KE0wKbazf&@EGv;e>>| z-0;9$=+v$n7U>vLYs*bdtV~X?y2r~Fr6+!Gcr_yDyOI*_t-aOc6X(*v)_S|OE?d>K z>=?eGMC=vcJO%P8#1I3U?~hzD^&{Zk<1V_w065z~=%>=THtrHFovHeW80()l-%FxO5F~ zJ@M2_6J|5LGmh?ORx_$1@w z|GCjzWi*X+H3#y9CVX^6$wsYzLdDZ53$6NWd-aXKO{07%+;@L*Y*{?-iVd{lKaY;z zd-mbR7TR2jMRtY-_zG)gQw7OqRzvKI`!B7|6_fh2P3!C^2+FkoXs$-guq&2(SOJ$E zftbE)65L`{{XnE#m>41IpxQMK_pS81>L}^0gtoujRK*yQ{jTYYefE`v{O&3qk?A`c zTN&!7b`-bzb+h6x?1XFu&5SS$lLh!IF0u*rGNtC!yzu>k_N7m_qGwO?j)z7i-#z$G zEGrnRoQKpA!m3_}zFZhRSRrh1C!Sl{xSQ$Dmd$-k-s$`Yg3nn!ucQ4e(#*&(P$T%` zC*2U1NiWSrTj*n7P(8;@u-&o7r#moKc^`wC=+&Qu>h9M%iPMRy89y{=gTiZOUQAbQ z*DbJ{#i!oUWlnv(3=udz8m`~h`$&C>PPg(+9`-54)o2dy^?Z)aT+6IzSxtcoj^8>f zTm;nV)$g5C($4JZL%!1Az>`&%*B-OHbknI!P|{6{7U?Np`tNI@-psQG9X5T>eRXVX zZ2J7qpLIbHUdh~2nYntoBB$sN!Q17^`&$j$HjfYpvX@dZ6N*nO?Is$!WLmR0T=;HR zYch^TDSe+CZI63pB{nrPl!u9W3j@NNdCG&phz1!9k)xl!*MyIL5lLo>tdq}G)cTsX`x#Rz%?#;uoT-&!{4T{o$ z21Lq`LZ*lik|cA;Je8SbjLel16_#WQAt7_7%p{rTOl6jkA!9nfN` z1pZyGV}J3|*C&_>cQhPMwRLdt^Y@3@(Ey#ciN3!6hF(uUo%U$)Bep9Bxuy3%aueC_ zuw*X$b1;o5wU;gL6`M!N5=o|uzD8We)bdwGHTzsesqG1evM&kApC){myT8UXV+Y6V z3!oar4t5I^6TuNhE8>%a=pQ&q8UM(OHn4FT{oHUSkAZA_D-oSHTS5J;mu16|g$)Z# zZHMGet)5Oy`{^e^y!i5U!KYIXOPSmHZ1X)LH1#zK6*k|);k%}WL2L^&Bk%>Wk}}AZ z$wdlYi&Jv@*>ag6zY=qy>Z|mp&vFX3v*9UpBt$*oc}sGW@hnyeAsP8>1#_g!g&o&) z3K%UsU1|!FWGLqxa|+o`%AYo^v3#jX_#8yJNft)FM^3S^tw2$(x2FfPdyTmeoQIjz zI_vYW2!W}xPjqz# z)sj;FsH&(@|C0{Coi+nR#KuU{Qz2~XW2}bMLIQ^mt()%V*mQuBE>O6LSf$`F}_S4JjQ(#MJl@&H&1gTXXEKMz7!p3M;0L0nFA-$2%4puvbg zWUAbkhePm$pb^R}L$gC0bcpxr!o0bf zSt5HqRrb{Lnc=UG_G2uxM9tT%+1r!yl3ZC!J`7jdjd}bf-)o~)h^3$P?c;jTOXube z7R{+ITCZjfefhGRX{*;*p0Bvtd)tV|?K)>v^g4o~J{_V}9qq9GEtKaTq3NMT=eBv= zW?$9Hsw69SUF>yS{cP_$eu-V{oosq1WeY*3MIoxOx5b@XGgUQCX*SXU3|jDO1i+$t z{`>%gAowm|!a)YR01|4Tfnf1dQxoL&KqJCOp4s?Q4VmKl(+1Od`X#Dd_U*BSwZAA%hN6hxqE zrpE9B{$XIFLGQ?x0qU*KVX_Swz~yt`(ZJbr9hQvqqFCNhjx#5FJ?+h>=5+CGQMHAr zxqwE#H1>qSWjRbF-E-Nqc|s7q4Sx5l|C<0djopTD@8>UH!W1&IvWB|B7rA4iTq!&v znfs!-xf$w|A_!#g{sgH7q!MO^R8{Z~X~@YhNPuSw61sw{EGR%sub`$HDeBRe{SF4i zgkJ&QP6DQr9i~sfvWIRGu6Na+wu(-~RRE443<3KCloGWenTEXxtsZcmNTFiuvHY^)1fCAoVmfp}5+ITQ=MB%Yzk-8}d1=;R z3@>@<5^M%RuI)<{cE&x8 zjEvNC8VR+a(GEK+NY(O?&EwRZi~T`R_Qg7ja{oOBmUOn}54)!G37r#i zLv`@3hrtx|eAcEt))^Usjj%ri?7ugIRNiM!1w$diF2y@N5Wfy%F&v4`i&Mq=Wm_4f z!N5#z2a!}4BEKOaoi5YG3989*y9t~yu%uwqOpq&#zTkP(`TOzK*SUSpkne&tMj{-Y zSy^FIFaZks4*`jPJ}VJj(n88Cj%pJqviCg;4*rG1dp6D;5(;46((m7|FLF^%4kS)l zp;u6t0|#qBKt5G45^SXBw$R?G>tYEr2*|KPKNj3LJ~`%B&}h%sXU#YC!KY$(^B2Fi=CFT}OQWK|=P= zhm5|+-Jp7v>o7fie|84kZ?Pzis74U$hA-cnVR7^KS2L+* z6Ah#wmwx}&d^w8$&BWk!oq>U2>C%*x_1`~)G_eLh1||MWkaPPajpxvP-n zVGwM@MVr5?v85MN&WpLw#^Wu5`TY1 zZ^^9u``>XTL>dPF{+sFD6z+fjjaRIL>fe8(`Txh;-FxHq1ltUuAmDl^T)d&_I@MUY z{okLX!`4E>06tt922~=nA1U!8-?S?I>7&BJ2vlmQOUuQ!*o!^*_b)U%b!oMi7d?i2`5{Q1%injWyuW|_?6wpNr&w)#_l z|Hb+F!uAEE?1Ca9x+f336C4Fo6X%PG(@Q8mOI*6tYfg3onM6O-KI^p(;b=e*bV%R- z&ovC3&3Vc9E+b=kGOLLoME@;N0h)&|6kfn`5H5%BtoqYhOu>%?>lYcWsK;Cl3si`H z>^&(g+*4le>3!67rpzJz<9+z$L14*mNHg*bKR+DO>*s{wzdMF~U+8J}f{)|WDQL%7 zE$;gFYPqF6agY^Doe%25!SOgw-BxF-^jv2vaH)8=$%zS<^*@XL5WNQj`^RpAF0N+k zSw=t??+y8w1J%AszaQ5+Ihc3RNzOG}#yKC}!S6f3*fjSp$bjgVwwG72_2 zJR^HXl3+Sh&Q*_0Mng->WvALk^Sk3yW6KQ9)nv>j%|S9$3m)A-NC^SX#Q{ zo&$M`KM27D4@U`Hzzb0icT>|hQcMs8{|$nz1Jb116RHTOkk^F_W4O02(p+2?@*xpwoo2K@qWQ^@}yJaLiFYORihTR{@K{4mj= znv}%8^FNyj!A6A@i3Q<}Ab;l0$$oh+kuNB>&`Ke{YGX4CI{0!WRDxI!>|&6Xm4#Ay zLEJ%jj6iUdyajS$WIHalQd4=&&d)>e5i5wjE=eT`sv*!M?d}CYd{>LtyzOMbo3N%; z0zp495us2pa;ouGhNmhXQKZ2~Z*nMC7BNH1yP%-J?%h#Z+R4$;kjO|k$i^6(eD5nR zgorE-cCllM$?XWls68SnkG$`f!;u#x-ClXyhPEo?EkR92j~61$a1nvvt-P$PD}o#p zehg}9a7&yaWQ#Q*17TWw`=8HHA)H>pVj?)yPZuxtAxweY48`LvJl2D3s<^}TkwW}f zl(^|~xhE-nbP+T0KfaBQiXsQYS_+4}L93&jH{++jX93C~J%E^pmvcelfqY^07NPn; z5+mR+`5B3bghagUq4lLIQ7Ah=h~Z|2x~v5DJec25D?R+A0t!IgkUYTBheQt^lmV9a z;NWbd&@``0GeM~V!OR6m1>Axmbw_Z=_VsNztmkSY6R_>>IW;x4Fj-YCEyRYpgr`Dq zcb32g(+EyYOFQHvv5{*tF*Dy*B&G4XPIIu&tP6p{LjhuUmS~p!31r3sM!h=}bXA8B9Qs}Zkj@{=w z_8bh=@Uv(2et|2mnPYyC95$AOYyix6l+`1mlu(U=$Qo}r-yxFixCK~^Os_agmIyA2 z5abcD|NhsqFyz#s{s(K(!G13a3W}v)&z@1lwx~nVNnPDk#6wrN58Fak6lDI6pMofy zJM}!^Wc!Wqme;PuwVU4-)QPQ-)4enJ5Q#aUn7f1miHV{H*9ZM5EfKz+;OZ^!BXra8 zxbWzp6bb3$_(QE^&^pCKtgMX3ht11dLb{Gy*4W6w#PqSO?4CEAx#7{Ps;({oEqr(K zlB!vpZ*VD?mVQRH%AX&NJOOiSql&@o0?YLCnh85=~e z5mS()!#R|jJD`cKdf0Z&oOwS9D;t}#k`hcJVo$$F5B9(ow}g%2z(BN8BAj;Lw43`> zx3q9`aW&&c>vKU&{5(YCCJdRe-{2T_H73TmKR5Q(D{UQ}<#elG6P-;B4L|C`&LA^h zH5$exBkMe^BLr#h=hAU1tnCvEsE3jKLZc2ZD1n`fFEvd~=aG79Wg-~YLdV1#C#I6J zvQIUf9&nyZ$IU^@85L+lU*k;H0st8Z6%OSg>4d7u{GzI>zj5o~EBojKKW4J)*`0zh zY=3{$P#%O1_$<*WSULwACI}(Oo?zqPD6t=-h-x#ZxhV4pYQ#8RPaW8mp{|WxtE=md zGrIA2&bFS{3oSFyA?j9-;AdibaGk1Hw@FPu?;3@VA&yCpwdDlebe31p2ywb|XGV`T zWTRXKI>guDid`c4WF2v4b+@mivbHv4qO5**-EnYu7ap#ab!1qe@uw8_cUnqH%2)(z zP*Psr9i-s~l~2uNMkUr_^L_qHNxUZ440RBK1YSuv&QvTx=t)@m(-PGusw9n%o5PVI zK@Sy>WTtFnRpC}AOsk^H?k3KDl*u>t}5XV9OJ%y zOwix-ep68J0wZ8op{qvjQ*pz^#pRwD7lM17k{K@z9Athv7t5Zoc$d+BJ~Ja@_SY}u z9NfJbE_dz#I>7NYw&0BT2zfL(nMOu7WU{Yc<7~~e&F=x^@%lB&{q4lWHN&>PSKf=2+!)$axRIYc(7qs;Xx#%@)kRPfTcOYS!9BKyT#d&zq;b zg7=!?2!Ku)%twI?XliPjALSBbvG{ZGWs9jSj(X^HC)+`l?Y=j5X?22|RXb|kACr@) zMmgc7LO`ohVTle8;a_>I$L(PCXIUGn zyS@g0xXPxe;NXtzH172(b;M9}?ms!wOcdCiT3T9>@{TYXbJr+wv~HDjZ#A54C3tb- z3?^Tg{1WJ$t!ataNw&S{u$;E}Pj*Vom_q^d&fq^q?x z3);A=P_#IF7&rp|uaG!JrQskI&Y5Cx(WQ`u#hMVc1|YW6tN{as0rpYpg+K`UBJU zFLZ^Lv;a50QBAfmH(z3{#OemN-PczF8v-*OgEf~|>~$|#E+V`^Wle%$oh4^wf(e<< z5N~9FOVtfKQ5i?Udgjx2i=Xj84yx_>iU1{Exk6gbg$)D2Frak}mCc`yA0*js&zOEq zQSmMtqx#iw$#S7PGy2II2Km}+=!#IZ0IqB)QAC!1Q3B%TF-}7e>QhZoFB|oiBW;yT z7rFqW>~O1+Q-_{F=bDfvqxv^QZeXdwg&+)6BQ8XjCn(0$;M*!kxTEC=ePm8?JueY2 z-f{nd1K+-W{m>cB)kHH-@3XXP$UNtTk;XkSST4fPt{kRnR^m3aA3+V!-6>&d0`@};!#{plt}zQ^Y4#l1Mr2R!8gsnW|8%icNKg>)Lu_yy z0KrC3xrNuo@=xOah158U%ScFVY%&lHBqX+zo8@#taxeaxfBkGHIX>s1CvtA8OWhoi z@|}}Eo}RK*P9Kb4)Nl=cN8Va}O-@U*m}ZVYXf-l&`C9r_veR^*prVzZmv=HqT7*QLFTl z-{z1Bg=rvsEq^agd%&E*{S$Dvu8g4W*PRp44?PQgCHpZYABk73V`Mu#VOjN-WSv7_ zdIA2`v+eS7Y&R1>Er(AlDW@==lj;7{| zF@r#{V_cW|>@`GotaTf%GQ__Z@DuV_D>55i1tcYXYXN&*>~K}7Z}_^EUul?Ha{EY> zRD+PKhHmP)wckoeS;xbWC^etoN)%mZKIRrals7kLiz`CL2OJFl4&%Fo3(L2vk?1UG zkp)QMm>Hd(o*o}hQenl)J>8@DJR}6|my$a+nwm7^@LrkM2tkr#Y-OSzJZ$v@9tul$ zmLx^uEDHE63R2^9W#WTX)4k+4V>k9>`DZjSh0`KovcKv$O98akv=MR*pwdq_@CR&fhGQ855A3?{k?Bb0n*;t$o3D{R2vB54ePU`lO^xs?w*X=LQFu%v>Nf zDD;rSGzrhwqb6=HDc?Js(s7wc zHK6LXx>$#-6kP~p($L(3U_a8Dz(8dH$0&%iE{_B=Y$v)~D5IefCK;QNld~{4mz0=@ zP>O`_$B}m;oSaS2ENf_xOCX3?#Gk?m0SxLy$O60p4qRs7YL66u}Lh{HKEuVGx`e};T`bacM=PIz(T zpw$y71=G^eEeF(K_b#SYThM`QkkOiiBCoKpE0A-fW&J>*fz#KA`~heN5cv-h z0fkVmn3NQFHQt73+W3GQao!?2;Kos{b9_nYy)V&d;mkqI3z8m&ivHA8W9CglWRMN_ z#zQ5X&{t0`Z*gtV$+Ip)35i`>R#s-p8;p#_*my1o`&3R!ie$qc6P* zA$kd`PnfV?xUfYuSp3NBpTy;sN9X*MliPh+?f8NsB2wDT3FX}R^9#;@&}a0437L#$ zYDaHxG2o;fo~X$li{3p=M~(RyH6&xeJNocZVdwlsG`Zs$Qg z|GYSnVE5@ZzFQv&kSuchX;WcqHF2GP@b|keUT=D381(*)>RV6e5AXVSn~KPK-^Kp} zB;TdiNj2a{Fvma$oEjh3ym~bQQl_ZdOU|>hnga?2paPYA>_HSAOblVNXR#4s5|N_` ziOeZ9lFO4aAVyTIaPol2ug?a6BtmKoaVDV+86cm)sGWd>rtbY|T#)_tpL{zk(CBp; ziwl8>EEgg>^0@0jfq>XZd>bDZL?i)3TOTD_T2SB&E2Gs_LJDDRtqwaUY&wW`QczKu zw$E%K8t7a6NU4CsIz>C*7O@5M7bY6P){$FLw{6Q+L6hPFZnuT4y}cpT37C7B@}6L3 zhW{wWE-0?r+uK7SUR?aXWbBuBmReF$-r_N^qd{JamLvw1aH;}~N3N3f>nL*Z;(7!> z=-Hxegq?;84|=g@smLBo9KeU7&Wpo)?!BMFt*#7pPgsKjzypf1Q3%TsLhh-c+K32R z_m{{fkQk`2qU?xMN=!V@!g3iiQK#*Rh?b5Z^-sl4^zp&)L_-z5hcG~*61vV)L`2^i ztYt7JM7RC6Z`lh0KR9JXVy*&n4NoP9AZMDKoa`gT8f2cM*?JSR11AEn#3?Z(B`2S; z%9aK{c7}iO+c#vk3=}>vzMn>(W!mxz7Qv_z1_bf4I@@n0;sJT0Pt(x`fEjO}s+q$I z9HXkr1c)h+54AMy#N_0_y5aaQP!+YbJiR_B$r=QK<`*=~6h0_F+6f(|l!UZ2c{D-3 zpZMu~zMKn>qjSt273+D&DQ%>iY05-Ii(HZNXhWvbRh-^f582_vTC5mAdx1&<(;_I* zyicO!#E$0W{Rt6v#6M_Tt_nkav!mlIjK7nTq!U_~mzHMq^5-_%N-2eWlj`$4Apz-y=t-A}lo^*4japa_Y>P`NV{mFrkpU zas_LHbk{CHx8J z&dPV}-BNI}v1<#FSRvvi&USPy%@E}PAR<)(sND2@sz@GZ>-jO=g1D_qS{L?i(R_U> z*J1lY=$36e)CuErzyShL{9&fA79fgk z00ixrQt+n}s?6=bH}TveI#us=e8J;F+vwQEtsqEtV<>DJu0ikEc6XPHB z^7tq1PNh2_w$j_~;ZHPT&BK3x+g1-Y{7Oi(QD)`+M$(OT=AHVxCSfy=sKXeq+@#KD z9HKcEx};~Zb7O$+?}p@E`HBaAEEHiLy9^2*{WUE%acQ%KXHB`;%M?6VPUD@Qf5n`I zYW<%6H}SbigUHa$gSLLNQQ4gMxmMde;;b>Xi-K{p>|mBC=~2Cg2cpspVYlyZHb;+9 z;1O&*3P4yILU@O}g;j~Z-^eB9*A@~DioKL|Od|d)`N)cqQSQI!X_A%rD4%WTo2ADK zTQ@HDZt1D3*N^X*Bs5;X3u|8~m>tbOF#DkXyrP;$HS>DqaHK)e@2k_KveQ0KKYDpf z4YE)Phwo^L&yJl8+NNE*<*T~I&b=EK?QxjFVkeP@1ci4W4WvWNvsU9z-aIkn)r{j5tUnX9~OtgajGUwjwoO>Tfm*emn7r^|l3y>_| zX7N=(-s2(;b)4u3Ij=AP1~mM^gYCYOStv(TXSeP2cC?x`yfSBzgxXAxF zPk0LZwSS%Z^}aNJfik~ebZ{3(M=sCS6F-la8ARmg%KQP&KR!E^ni~J3`y5ld#b8fL`C%&0$`Y@sh*F5=FyHO zgC9RE1h1d5cBFVxaW>NSsFF$K43P&LW=9V8pLyazf-L}^ zQsB;B7i7)9a87}=_d4^;gp7!gPE$w@d<*>`Eo_VLjM8)R7 zppJ~2orZ?#MBUh0)V8Za7-9Ts1_DOGz7#rId6rqD-T*lNmR&{yWj5?^ zksPAS&{g8*a^b?gWf~xWXP`3=kZ)|^H^7A#m46XNTkdka77jn3@j~9C;eouqv%g8v z%6x!n9__qydDaDe;DqJp!*2e6cIBr^RV?{%3Ti$sKRS(xOBPjKTM7qz+?f*N@-giaw|yJS!n3RgHrPJ)Jza z6^9bh!sKLv(F`WLc|6uuFfg*B+OwAAb@K**9_CN?$;082MA2nGOn%-HG* zLhN_)CLnwdyb71x0}zTeXdJ!9RsPq{r3no!Q3U{jC|yRDRzW8tmMil}eD+)(2!7%}x% zFYTpxx-Q0LAaus`#BIBrTi9wIcAM4r4Kv;%7vXe>3ikB7z=1LLrmJ@yJfH*h`& zlxTp6;5>nW2>v|}FH4Y>6Kuz7*Rvc)ZLS8b(7!KjniRX~=~+#3KiXUT@$0|HRdp9m z#C(;r%MX@;WiChJmz=58BF$4%k7f8L;@4EPZTmk>&^-Ri5gr}Qcrw!}E2^KqN>aRx zIFx!|-hE;2cB9?PbE7VkHjPdtc8&8zi$|+$FpSe(Vo?U z90NUO4CkQV4YGtXAO6VEZ0PTiic`YIW6f6ojw8sos<*DPFyu=Z{hJ>`DLUJgvrjO@ zn^yEiNFOiHPZsi3bB~KSAaj|NsF^B;fEnEWMyfG{v9bBx<~am&F@H5Ff+vVd?wXgB;$Ss>!gNmA!K1I0MGxgQS@Qq~NKN zbnZb`mR;(jKLW9y7k#MrZd(XcXMe{hBgACKcZbL{BJb5kw)p3L*QK}brn#azeY|fD zr_6I*AHCkw9@*2bm#<|LyqA(F+Qy7ahn0x!di;(i^?-ADoo6tMdh5s8H~x}u#~TaQ zAXaoofk9zl9Iz*ykb`!%DLFa7aExlsi9Q214}Z)#$}^P}6$@jnCb0Jc5(vZqFb*)% zudP!-0zyJ+5k(nOTvxB&jx81&ifp|+cAXA^CM*{Ur8+q7 zOYkt<*ix(^X2tPmyW_ALhfP$RC$#+7Y2e%To+dQC?92(?s_W6ZJXB=HD_>JfWSFs2 zM|`%?aDiNcJ9Bu2V7T3XXUG@DIl)4@``r&X%0taWHC`!k$G)RISo|nHV5Ku-C69~W zv3)z)k+Uh779p5av8k2cOxNZXI^1CsO}%&f!Y5B&jCdbT~fng2~v)GTCuQgB@?8Mb3_RwZv_GyJN&+ z<|*li%CI3ZMf#v&J5mLzl^70{{t*qZN$M$g^6CT5E`+gaTAr(WM@DLubu z&y{ks`sVL3+-mnr_nWHJ|4x~Gnmi(~zwPqAPh=J@;iHP}xlTpbHink@VmWv!*KaO0 z_2(65<#&%BJtWAg@mXN7+VcL;$|YHh=CyS7%pC3drXJo zxPwnSQ2sr;cW3E;R=r%tzXSW7nAq`$J!d)U-qI|kBfj(pSGy~Ih`T)Mrgt(Ef z!g`vMlRp(bk2*shSjtPlp7ln|x!4?cZL_11%l?Bs9vb?3Wp!7-^}R&Ke1mh*fOBz3 z$=_DZ(Y9viX}S{|ua4&){LZ|cwIp0l0wI7f1sK9zhnZ+~ZOrW>1i;2E&em5Fb+3VD zPDTdif?Z40F${%fUW^1oMpjnx$bMj8xA*6@*9pi{Ke{c_YwvC~abA3xr(;|W-z|SE zzCQo+>iHj8HQhfV@4I+ERg&owHxn@60zh2qeV9K(+uf%ci8u2q`$d8$AB-h&4}tRk zLCSIUp@tU*@c?DNQcA?-uu}^ndocx0v4@Q8TVX$jb%4Om&CGcF_yAeJc# zlLVzi;Qt7i2?;D7mUBOUsvyfr1S(P)vdpV?OJDragR4q9xPWnTwPaUT?^qkr1G7qt6AJ9!}ya+(6Xz zOibS}#~Li+>3p})sW#8TYp}}EcUDw+x%|}5u&jiE1^QQBfNi8X|i^FH|l{gwXfvG|$<*M-8AI zvZkFtV~B}KB`H=lSuI8VdSx^XO`1UXiW^_#p8(>Y*S8dhUFOnjT%MrwZiwZw$^T$GmNA+`@>&V6`Jw{+S63OnOwMj;vb2$9hS zn`<$Uu(|H$yy^U}!CDsp{xghM0&Fxkj+bEY0nR*Tk4bl?S7>BaS66T5HDSioU+a(; zW&veD>lsdN-@lu(g@wQLc|6l2qH-yrH7tSd#+tL~&1N41ua2YBBDA|LIz=>U$Ubqw3+tNJ?9#IuFxM(a({Ci1TJ|6 zP#j8LP}eZTfNBMViH|CvCFSV`J69ewWi^O91<^XN68L3f~15 z7Sv^4*h&;iUjQsl@v=GsB|F`=HkbdKKv|{~y55afT((bDukKYCNt^nX_T$wjZ5iSY z(-`iHp7$!XN!P@quX0ahRh~(EK?u(0rOu@MuzY#(TK~xGCZ(qBjP_R%4jXzW2a4@K zjkg3a?WZKSTQIP4lRnPK^=*T7Ben-v9^vd;P&O{&KJ&71wYuw4=3ObTzS?aIwMNbReaHs zQGMRem3w}oY}NU%@n^GL98+DlJ{{0HyZJ5_%0e1L7%REs;u5Y3o+4@zZ8jG#Ne1|h zfe@hu-bIXca~t&0F4VA&R~i zSYwFB?9Z8*zog^P?*n9_mL^R5g{U*}w}kQy*(FiwCD9Se#;)S>E=gf_wReY4b}N6E z8fw?+S?K+Ftl`zwtwe1k8%w8fdroEusJVUz$*6f=t2*rVeIR>cqC0mQgl{?KT@P=7 z@IrvZ*tUWM z6W@p8*D<^QIVuNUjyEDPhaU3$c^lVr0xcNhG4akgfyq5IY;y8E-cq2Nz*Vk;$={u0VZw?e9uq*Twx}M=%o3FnpGz@e z-bv+UKtM~J%;DV<*j~Q%2m|%%-N3etGd62Y^RBVe1JFiJL5E=nOr@W)%SCE=6 zw~nWEq`6dH_7E1ruN6)6Bgah-U)bB=?X7Ej(B3&pu(&BMYJg%9F-|Hy!yfGug}WPz zApnbkcJ5M#QU@QJU^gLu{SE#QI`{glJxHm6 z1*xWKo3W0yC&M^C_Q0+R0{x{i(t_rL*@p+Dgc-oXLYM2;2hsZhKTTVE)mnEF5ZBHA zl0TTlM3eEb0bbSs)`6INlX$IoQsnpdST$WIlz7ZQJwUvHb!JwJX-bXHdu5nugCmI& z`5J4dDKGMZ_-p@BB(Hf;>zOv1V*A>#BI!MK3RoW;EbRbHV!*^E()>|EqO#iDgqp6IUh#@Z5``M4N+Mi`0gkkDo8Iwv@UD;#c?%LYfEz4$Wb8wzIHK<&V0RqO$e%ToriJ`B(3Yr1Y zzke_0{@ff)G}Tm1G#=qf`9_5mT-g#oZI0ZmEagNM3`k*xwYHvNW`5|6IUm&V|B=ZW z3y`Bsm)rTv%S(p+Q1^>Cx@Y+`!eX%%RA77nc3hYeByJiU*;3#nHocsbc5Ppz)#9Uv z@<;EhU2aK^mEiaHX?3Sepvy4zR^8=G{hnc?7M2c8EIXrW=vOXQ%yeKEUCPjt#fq#- z1zD)LJ_I8iqgXdq@F8$8*Q3VCwd_`Plfx_-Y^i}{J@H1?i-Y+SxIO?L$XkH4Ur%y? z#|wDP?@U`h@Y*V4G!ovW>ke zr`0*EBTz|}cGeGJ*nyEz2wWh{D5>gei_&*SW|ID1vM37J(Jnv?F#WV%2 zDW|TOFEqk;gSg7i7lYre%~5JIw8LQ1m%q>2#%6HZVZ8VDu9sSCx&_%Gr!?2iKJQ{E zc2p~N?9ALdjUAT%`pJmbeL>KVJ-h%e6y5K;RB0 zZ2S890K~Zx@7uQz6Stq@E-Syly1-m$t2rb>z=^^5J|^3?Z@nkQl$n!r8j$9)(}ioG zcFTEMVge8h5lu~L2~aSQyI=Gov$3@WX&ebIpPmW8JVwc<>Uq}JH8j3poM1_>8mYv% zcZ(^82oza^Xsdej?M#5w!mpG?JAuZR^--$n*E-$x&<~Y1J}bUgR!$A`*Hw}d`BHBt zP`XSO+LuomFaVdsX`+Lu^Xk$Qk=2=UK>JDNbE1K&+P7_Njx%7Um02bj-rM?ECYb(s znt>UvnTu=ltj72D?C>;GR#9n7h;k=LU|^L&Oa^4mHEgpGDW+P$DU3K*m zg4fGD(#}N5{}RJZwsyP=d27j85cQFHYV_G&>*Z^Gg-8ImY+V17mn*5iAD)@NgLkJf?=4nq|BnvWk%4U{#w>pT}=c z_qk!v8LPDr4zhTz0)ELg8id40Y+HF89sg9sEp^HoI=v4@dM?>zIeR94`wW!p5l`0} zmFS#4d~D+fQ=LjuGJJjIDxMSMPh_XF0B`xzp5tL)c-2KG9Ef2S&}*v=GtqGD?(P=N z@PjZxNXX&R$-%)E9M@P@v*d>k9}Z8t{o{8E{}fMH%A4;k>fbPt$ax5YMMyCW^Tz-U zJe}A<#qU4Jaci)4jq0}iNz^aI(`ox%XFO8sF1NMy6A~PJwN=j>`2sv=6*1DbA$bi| z18###^h*;}Kh)OOM+iG*78b6cJd(Y*qK2`UMVxt#`20Y+0MH??g3mF-D~ucBKjFX2 zu?BfPdncc?G)8D-8rGne^#Eu4dbtX|ZhFn>`2Bf}3=DZuAIO=H0qG`;)a+&Lg`aD=@m- ze(?MG`)h2(7q*3Yh7W((PPo!LA}QDx?VSQHzu3urArFL5+^&Lq)r|;-nP0rVZuk~) zw`SxrAUkUcK4t+Qu(7Gh!?~Eo;IZoc0HJ#8V{iQPUT>?UQ^vn$0f=R5A?kA7CO~|L zc79A+WUxM$&Cc{!!X9Tn#~~_whd4Z~-OYYLN9Tfp*N$zz`4p=U#bR#|3MuQ#Yj(6G zg?B0xb7gY;iAY3OA?+)!QZfT)Px@EuR2WO(vzO@E@sqyia;OU5Gv1kos zYhqFUt&RkvXyd09W`3q*l<8xz4nVVOaPMrn#OAA*JMRf`^_CHl;Bgsg4O+Ix8ozSm zvP6Al*w&TI_a!P3ma^xi`TcChSlH<}2*2_^O8C45sMdo(@kEBE_R@=JXWfam3HUFG zy7nMH@y?wfRW*Ydb?%%KX7<3*a{Ys_y_1+24Svv^=aFe2+C%884w$u7^yKv7+pzP& z@>+n%A+-G`d$-f=yjpePx#Rrcz`-z+)3}JXGaH39os)CN(i6@S_>y~q-lc4T{gm+f zb(^G0v-uwfUFU5ZAOfR8 z6OA2hNNA|3mtr*eCv;Rhg8t5~YinykDg~McqJ_`Nvu7P3M1xrm$T0EpLd3ZMc_`-R zHk0(c3LN%#o#PcNm~ReHoc&8iW`vSs#?4cBJ@jQ)>S;TRI^836y&_FTW6@FWUY|nXvna9k;)Klyd;*FLR0XpPE-JhKe&+$nxoW#!#p2tw)seek%7gP-+_s_sV46 zd`qO?uvr5hU+CbfaGR#5WkwMQRX)D$?E@hU94<+}%J=5DpVNT^RDQ zSB57-_tMmlFe|ltR%*7ElvKZV`P|e=jj!xGOBF-VW+K8a;cn{DA{u(OBMvi zF-M?lNK5~k>V-B$4+2+Po607Rn51uD0N`gi{0KOaP+57n0Z@7AFD0v_( zwA-~`zhsbUaU_>ZP1JV5pzNZQR%O_yDo0MOv${lYDK=p^%;~0(7|6ybLc$3UDmVpz~*Sm5Jhtre+sL!2sNrl2W!_?5!2Hs27>!K$-a#}FZ#H53LVDN;` z>3LEUkwFOwC;sK18GsWWPit`zE^r}NhFG7uzHNY-jfc zbm?Dx8i()A$B~WyjS>2DPPZmBfq)GJR9syARctKqOpJt@uLCn&ULLvgFwp1mc4Gmu zHU+`RM&TdLH}@QUFC9AgvahCQ47x$x?=0CkIsG3${tYz?!t@HmhmSw?&uafBMazbq zyR+llmoO(UuJrxSRs;G2T+Zb4-=;doJDy*^^l0C)ei5r0?=A0({aOoh^e(rR&u+C%& z31Y`QTyd=Wfh2aSGk>Qcmx2Gw)c&2xoI-2k`0*H}7>t-_+_=TFQ! zuHSHen=-eRWBC{}J@5X2OwZ^`Bst&fg)e$%JUSTh;!MKGqU25I6Hot zijSy`d~+B7-8=!Y)nk37-(z|Bu-^~~Wvl0cq7H8o$EUGt-v%0s#6wL?<|gZDdt|%A zs@T5G?sECTn6`AZ&~0k)3;yfg8Ug?Up#fk1-rfT;1d#}6tYCF4JT35+IaeP? zdxF8%BP_qP{snQS@fN1VB=sjXT7MN01JftJI_p+jaHGh@r%w1X0Ec6Q`$6>fqKP13IP~%Ph5GY% zd$y`)iDlZjs>qGJ*YwH=zAhoLgO2c-S7>|BH5t8RES8*^vQ=6N@`)3V?7Cyb;%J*_ z)VMJQYrcWdf|7$FM@ZeEhQrW3NCt|DN9Dgk?}>odtu^%jpTIh>001XFp4*C+=u~BS zINQh?kMfSISwtg8rR0zLCy`ccgbz{e_5;t_0=&;qFfw#3Z(}WNV!p}ah~trJvpU(X zkiJ#X1RMNTU(q?7?TB9@peW*e8La#N-pAu`z{T9%@ubk@3)Om{&1iyGXeo{AFD@kZ zvY)Gs^j7Sc84@9Z$X#;x%FPGI>3K?zPBt-~*e2F{fzb9CCqdgohH!c`9LPph49;#> zcQ<&xkG#C%6B5APqP%+Z<|GosVOu9`aZ^)M%)4Un2P7pxoZzQ&wGgC##Clm(Y#y=} zlssZ&$k?OoaLj0Dhp_hxNBtXG%C(_Y=L&YeIz&M}mZL4tGyK|mQ8{m==6Rs>F!3Q$ z`snMMs1;$P_q3~<8xl{@%%G>MVr*zQGYs$y6OtGZWC*}eg0hpOq$C7W*bfmBG%?24 zY@@gS$mhC`jhbcwl7~gJQ=AitqF6=Bpg;Di5{&t?~abrp% zGT*EZpWt9i9{BooZn1Rz59a0v1^m2UD}mRRZ)Sl%WKRT2$4R_yF=aiZ$)t&QBRa+~ z^iU1}#k0>|p?9gSI&E>Z*3G`_|d> zt?t&ppfz;4feEIKATw)vPd3D3hctZBHVAi2Xm^a*PRvOevQ@r%hQEs<(z~jfWDm-nZ z9doxmWu=zav+R#GC0zgSxJRK%HH|0pIROEn-$Pi@JNF$u@T5Wlbl-D+pt3)C`g9WQ zQh-D%Dk>0y)73pnNGAT@BObvb8x4#*s@i?0YYQuw*8@IN)KEoS z$RSQzQ;ZLx=ki?c>^NK8v&8Ql2m6K}XV%*>G|zAu{S`er`ctV@>7LkrU8w}MBb?K3 z?G>B0Z|2iEfqXBy4ZM)unDK2^kvW+rrk}fVt){04Uq_*58Uj(P!$6k*3yxAskY4;> za1^d?PQqR}AFpQT$l2Ok7yl?=jG5SOAr==~M0}2qrD~);@f^46vgcNEyIU6;Prtdr z8s;s)7$tr7P@mIt>5}5K zq~6m*@3D5(bpPtY?#6edjDFss^*()}C-S1q>r0HiKAV$lemp|S$=6Sqi#V|BQpGdE zysm4mq8_hB$0Rgng8jad*7J)$d=;c`_~#DQmU{nxhCx<5{~iX}a#taao=l23&%%%g^b0q5vt;E*xw}p8}`(?*zq) zgGncc$gb6oUzuEb6hPc~^jq8NbKz`eizAMV~fs^_+C z`;L=SGKB^*Bx5SlWJt=H3>8W$4U}1BND-A(Cq;&2s*GhQsU##qlPM%36+$9OkxGUl z^?Z&vulsuL`+o2BK5M<}{p0zqYh9 zPX3<`=S!Kb6m*vlePMRu$DJ$#d95EOx+qR+8W56m=)fb>twXA#RB}V-{~0kOw<39a z?!jKG5B+sledk}dI@(QdUb(-coo40ew6LFNL$xaJN%!fF-ech3``Q>z@3+vf_WE|c z$mEM|^RmOYSiS4hYxUlPc3+yfQiXK549>xzDe(mg9YcJzGS*f{I6o~e_JzdIG3$vd zNE*^Z8c&KS-eXs?JMoZ}?Xn!fB63xov6!D|D+IGj66Vbn-`oih@;$5!|1jR>q`5M_ z6SPJh07mPCbPyLS^vZp@c2dyBqsWb}7U&~<@sMovQ16zRlk$3H;O)?pj?jG1{;;eNmI&priY4Pq~q@ z&N!=seU40T)~%JdccD!`Y3YYi#(VDL&|7a!^#M0?(fQG)ASo#+2)&Uw*6sf=aZ|E_ zwv#zMkvI2h2uh=I0}fjNa!c+V5Gr!?QbY;xE>-L(F$M)zZ0V!Kx#nf6*PbAh)Q{5E ztrdnZYF*dYTqTn0)x(20P>i#ca2kT{X~bO+CBpe~=z!0a1*!uFf)&oCVnT~q9`fVU zUG*+#;LyLo>A=Hbl6@U!(V?Ub>D`gyhN_D%gHGmkdGars(MYCOFDw*%F3onZvFU+h zTc192I4LYGSEF$U(jX5$)oMxpOxwPpW#d$0PmJttIbGFM(Nufe!htdxM*|`&g9GLd z?)K<<#fyOhrS)f8{yDDn^Fr;Nf0-TnyQA*wj)(q^jGlID`=9qMS3KC|FyYTmksCUx6>#2`gPSx`+9%T z@Q(($2iuVvIL&p@c3d9a0@(`tRdiWjtDYHDpC-ehnjN*`d42u?;r$wC6`$VRv~Cx! zZFIx(&!BejNagEe;#zg3I{jc|qygm!kA=2DHu2UVK*|T8AGCh}`SM!lAc8) ze(Suzt#7((w9ef2db_1VW~jX7@C#E$%$=0A%HYwZ$mNF*>+EZ!Yx&4v+tMK?wr_cd z(;-ZdXK@4>^@~7Fyt9_TQtTWMPy zAT$vVoN)UVG9j0LWswUN^tY*>pX$R`<)u@%!L}4&A8ci2cFLv{DfOvo*wN9s+%-cF z*w@kTXQ<<8ZSzeQvAr=f!XF>ZzsCanr?w3UwJ6STH<4!2c9xV7HltDd*4UTRw%B{#u8{1_&uS@~D^?8kIV+ zg|VkU{iKuwrKeAqwX$-T6DNaTgb}E(Qb?)xasktf7b;+4NXc)8q@#J zlk1#vB*HedKxcvF_Z4PM?I|xS8?0!ck9*r&Hz(}_?EDPW1Yp^3P4O8ZG}88!;J}2?_U!yXw2V`xOj*79JXD}dvQ-s+VPh1J zFEQNc4<0aSedEtx$ZCfT<#EdwESRaWNN>gS(U00@J$>qh79Wo(_1@VyM4&PmL%~?S zb#q97t?4dS6|w9)1^LhLh7f0tD87B*68TDu&691b6So%ATFHI2c9+>>97o?mc=;`49Ha z77{8csSZZHA)6XndDt+lBwoRga;OLRj+XcbLXwZDw#CgLajRL+Ssyy^)Ps9!oxuL@ z^VE-Zx~t!ruUuJ!c}5L%&zkPp`&pcruuCp`@{SF5I*f)-Y86XBC zN9arY{+2Hku58|(3JTsZ2K@9-j+lb&XIlD~{xf0IynV)cY{uzg;f;Rcw~Dso3TKi0 zm{Fd6_Z{rpvJ*=JThxF$pP!d1i1r2YE03;H)yRhN#PfZ9f{g`kaLGal9scax+sTe4 zo#^aEa3YLrCBzj}ipYjDl}6}?ml+vx<7S;g4~~DZquYDpcSP;#lAC%zo`1I1yu0(^ z)uT5$ZvOkbu^{W0`lo&$-Axb`=ytpxqvr0m*rjH>?6|aU+7^aKA6(T<_lz97wBy`A zbM;51h3079Fq)YA?YX}8;Fj`ETC3|{3pP$yBS*BVob&&nVgK^Kku)12FO~#%@DFm) z89$rhlSAq)?Jb+HgXXj*;w+^00Du;QUQ-yLwrq2LNWxMv1K90D~ z55L~sxyRb68rT1>Y3ipvveS`!qx@$|l>G0CJxSUBs@RLvH*9;$jU}6`fG#|L$##v2 zOHJFgD%^G@a#@8yW{yP6+iHDdgl$L5_G|Y^yxsh?2HfCM`$@}^R!h!J$f>{1HkHsG zm~uTJZl!U%(MhT4?ImPi#k3H!;vqm2{(?Mz{pSDVcSZ{{x^cRiXh&t?^O@Z zqf@@tfTh8#B}6lzepwz|rsqML;yhlJ{8Q?Nw6u?vHb7Gq~<5vxs)pX0sTw^0*> zb!rbV+D2GioN-UF#Qh)%9;C9)z0hVw^qt@O?+0pCXQHBROzjk*q3wCH+k(X| zn+tEnCC-%a$nkmH&tEso?NIcDlM}4h#~Ox9#cdict3BNMk+6QK45p9!7xiNHxTJ-8 zVI+f&LCBIti}qLCsyk(5_jAXX&TY(feu=QP`gH8nw?xBw{o&Rp7c5TuvsM0}tbPCS z)~6&u9cAYQNSz#oaWale82h0rL(>8uLi4F}#S!sHuKn91`4G^fv9HU0wiME~j_rgp zMpClJ$YnOzDPtw&4VhQ@o)d4EWS9I23$A7?U{y=x+>&~xcY5XnC)-yUll|o%mGsi$ z`4%|Uyp)g#rTe3{s>_!xE!;t1^l?7XQ}f^Nt>gfdum8L<2mHG+{QueSCQKMCeI#(g zfcYbOsP$>>Z>!@!GUUCCc8^XaF9%3;fp(r9cVx!ZQ4-oC=?$5YAWWWmqHQ@*fY6Dg z_HlMZD;LB5yKHpZ)bAlkoQR5QD+3`;M-L0o}{*rm^COllGN9w2f{`77-D?=AL2Oe^% z{$t1fKony#ZJLhj2MNDCkYf^HN&zfJav?@)r8M_1L)Ac0!M-C9<9W=H+<4-@Hp675 zp8Z4bJf|PoWcl~obg(dlr$+e?iTuErjAi|0q&9Bcc)jTq!&&b z@B*%d&f{cGTSQ)%sLpEMg-eYPfmrXjU-#`>Bnk{#Z^ZTE8U$j^1=b#^O%_Sw_#N_B8QVx0Zi2RCn)q4+4^Zr4tWWkf3KKIt*7{p0%dnuIa*0&pTeoea1!Q^F$yR+~PmNYr<`30- zFC|e}T9K1Vv=U(`{PRI9iC#nC|QTLF@hlPfEt>YfPxWZA( z%{u)mB61E=Nimb<#EBD4HP^dV|uJPjBypv-+tbB|aKUKrm=J9;~h=z);f-qI4y zk-#Rn`JnHQv<)ZP*x2ASi@nfae_f^H*_B~9Bw7^n6i>oC^2r%k;e$7o-A!AI0 zHL6HJk>GX-G&h*~`|zBp8kCNa+>jXif^~2}GNg$JVtTk~ z(D*-QnwyJ(UAH2gJ+Kq(pV^Q+mTel_;4@cNIA--L||* z%GK8jHdpGlg+m{4NlVXY0dg<2CVgEuBmTAHc;XS2u~HGqRg_2i`Odd*d*%qs7A~pw zE(|L|Fl++RX{}aOZzOaf0t2sEXQHD$lG-z&I1x4kOQoiJB^SScM%I_h5jiu zx)TsLw9|h1LTnW^F*C2S_Qjr|wTejwHmRO&fOC9I{WNmvpNyWfwXpbvDqk=_Y(a8v zs?XTbh7-NK0J85=fHSFrV=E#o3~Pu4-LbPq?BUtg?$_y$-;Uq=go{%%f<4|nn1`D< zcb4y_t9u|wMl|!0j+Ln5+pg!EJJV_`9+FndGAskS(t7K-z8SCo-kvezPh@x z#(WjWBHa=`g*LI42Zld|2qEswKg;hxpKBK+)RbXhnKwPoB@@0o1amXe70g`+Pdl)h zdWkV6ZT|d|8`KEluy2c`%Pe~ISkd0zx*58w-cCi^N?f8f8i1f11G}`>%a*@=i&L{o zXts%MDXZ6~)bC5dEcsz}d-v?oBEE}R04yV)>%Mp@h(}-Cz3tN4)V2FC8KS)Nh)ztW z=l}8J$7_)cATV`saPV34x^|5xw-U+L)&Z851=g+9%3d}%jmmfc_YA5|-&+A7G5|04 zb1b+c|DjK!lw}OYIcv`Z=`BWR#2>jN)0=j4{f05))(1#6IUm3e%p+kgF}v|M`ugL? zkM1*wZ^T@T;_kaW?+~C#I0bNC{^ZQj`7~SqMbSdIbt@h^;M9kQF3O4j z-2E0UaU4%;v8iS!D9XOPSyxk2k5lW8-ecT3d+EtSlF%PBHW1xqK;>9$3P-8!PVGBo zIyQfw1rl_iZ``Y4^T)=k?c6vxe+=_(xec*XcG<5`ND|B*171mfQ-x%*agxgM67#Z32vncM_@nvt`5JB-7JT~2|yTTTs z1x4D~cn<4+rniMRv}Lr$*_{zdt?F_;6gqCg^b?u&$O>8X;07f*z8qP@>iOJD5rwc9L#Ba*y;2!OeH!@5^u_ zo?fGL4rxi5L606il;yUG87Z{70~XM$OxjN4m1TFKP1n-Y#EI}F)-mMs2p>P)SsG|~ zmh0f07io}P!Wz_-?4>?T0N@1Vc)#AIkQ8ch)BCNtj6LN>QvXQ&x2AH&C`}W@2P7g!^xZ=5!cmBIA5u-=Z zNl~tKQ#Os6W_}HK9g$>?*@0h%_v@8ke>w9Z-R#*F&*-=1<&R4&Gd~dvv=|=;;A-Wg z7~h{~M>CVTc?n78{2M`xN{q;rXP{bBab{N5+uDNxaYe@1aa0uOC0H*#aCPeOhjY)Z zJLy58$}9=TxAOTe9ybls8*9&wj(5pCAqN(zsOqe-D(*+p$5yvDFa2?=j8;mlm`#5cQc!xF{;&km= zau=Q!RefzpUu<)qF^GhwrAF(c=Jn|B>t-r8vd>t9IFWoKf9XXj3>ho@Yw)rhcuZ`T zh3CjH_n*tc$b?M)guM;MQ_gx$sxrm%|LAWI5w{xBR=?Aa(U>V8YN%3zyTGK;yy^#-Y|f{!Tf> zD48#0vZV#x&iqMQM>WU{1yJ$tq{<{^2?Z__k8PH}CB_xbFB?*P;!RoErOTJC)!bIC z!p!wH*x< ztfebwPsX>JmR9XhmE(u~bubsD3@xv&8KW#DVY3a8>!FHnH! zF2`DJ)LF2dA*v8Ip(Zyo#+n+rUpk~X>B9Vbai>2>SjE2TbHXlRxVrjU50A1{9a7_p z=G_cAp0Gid!U6{+VK_VWTYGo|&^FP|bNfno`w3oJSHTox=gQ#|^5i^_@Z z;HA@smMX-(wbmRp>KlwFm2BsX@A%#JChvb8lIb&Ye-Lh?d_zbYQzLxa8L5dx>-1ak`V>u8wSG}QJ1=o=2nFFq$nP(AG1ce`1(m3Bw+cgj(A zdxm@2*4P@>5lDJ*aq)Hy`nj5h?M7S6`sGZ!y-@S-@g*NWqVP3MPro{shIpojaQn+| zb#He@X8%;V-n|*eyjpjTv-8kqEd)uMA|n->&o74Bj<~#sgHgs;yYMl!*&0c17Q;E*q~(%gaCJ z*G$A<5)U2Eoa)wky^GrK+Z_91D=k_!Ir73T5n{9P6L+c@B8!<1 zx${M%{$6$WMu7*YjvKw<&yI_;dT6cJIw%)(k}mhg;FHW;S-J8Ip%3#s!mIc``pag| zK1AtAd|s$&`%6U={a0}O<#T`N%~<|oo~VHd3fnc9c-mA^I^@E2PT5BzWSrvX24X5F ztdk7N?u;b`qdsCm1{fZlG7we{_aD|#ka+Y|KKl{JfXWY=eyrAe*OK7({TDShe|X_F zJGi3xR&D&M>Cr((GoCIw9Jo(yAUg{wO|t$71NU)Cj+v()7glx{n*4kDC-zJm;GSX}8VshqrUB zeBwafnRu7NkTXs?5(2yPPP?A7k>b~v*04et4y6*Xv&pY0ZQaG^gMP+NYl@%q_p@N+ z?~#rhr44_)z4GD1vWB+<7Az>`7O$wCPjkp^x=XU<} z_4TCOq@sCGo`A*qK(n-6oK8+L)8OgfONKU>?Gr~2Hdmy&suj7e)OU4BO$ML8eDPSb zhCSl}eFd3N?mMpITM2CI zsc_}wT*Bl3(#+&kv=a)Tor_LggvL&zNs5)Q$LE2Eyr`|ll zTHWSMCSz=ybj&VKZP#uy5Rcx{rNU|4%q$lK&Nv462AcEqdFct?7nynM@52pa&H*tj zgQtGw^WU{!HAan6&mPi34gs`3cC1}R%cp4JO7#4h7$tOvePpPkJCNOhw%|Au7M zq>8Xn6{DGo!#pMixPUw4W%pT5`MSF^6(CN|tE-nlhywobWviPGewIlb(uYQ+0ZRPW#5>939QK=NUer{~{UI=k{WxhY*Io6T`Wb%&fL(C#hrDbF5=}oYQ z=%mzAx6bBZBKs`o0AId*J@3h8V$)Lt3>iJTo)K)jvwBlBT)nEqK}0wD1K)&6$9s2C2 z_kd13>>(|s-o&$Td3+kfyB@uI-HrHXv~108nFxiY+6vJY zmk>W4n;OnB^Lls0X_8-Z^kAHZS)`MWdl^^5^R&F0-2!8>7*dbkYF*cuvA&I-cPhOG z)7uFSkrs95_gazIeeIi0;lqc{R3Ar=&O5q_+04Z$ZpZgZT|XFr8+FTD`Cpv$YH2V* z0>^TPzhH=d{i$Y*^80^2O(LMD{2sv`u6Z747NH@Tg?XO8WUOn{tGt4hYIW7fTn-3=2I+*%gal~AI9|h){ zF`a19BCBgIXpc!{rLX1XxszoANeWnxw5)whi{zj8k(u!-R!E=%rBRS@lm`<+KApvA z0Y<{KZ_f@&DDYCfM`>!hLo=!gTkouZFV8A3PB>{)9tvCYj zY!oOzAlle5V~k_S1NS2`2n{U|6AgyhGXqaOIo>i(M6k+&yPQy5Bnm+$SbZ8uF`>Y0 z8|Ho)8eSs=kPfP(&1r=kuqV|fr7lU7iEqO{H*&Dl%g6O&q>QqtvQZF3pwb{&FmVtD z71I6b>KT7!%NAo?v5|Z5tgu1Ct9m5hee8QQ2ZUhr*d_z1#MzfV3G(aB?XDHzlD?E) zWYO^2m;IWX2%a|a*27}&-n_YpBZxdz`~_J7Cb9tRLp*>ZoQaOWuNVcNU`9A;-+q9AC zAx-S-+jn>$5+tQ@*b06#E5WYp)hnfd(Q7{*3Jkmn!s<=NqI83@UxazUUgJ67qbM{f zOzd4;;8xDq2*hSta$;@Jc;HAGkU z`<;0t8}G?P0PMlu4UbZ%@#T;sf)K%TyeFm7HYTDmn6s&&T(KeW(;FTZ<12 zY8no)=jP5ZJI$m__4g%7EQ){fLt*LUEDC4p7sNP=ovrp9JlLySH+KMMsyG83O*uon zQ~N-M0gbYtNZD3!7uHlm^Wn)u%hyxVF07y)JTSjxidca2B?d7uWm>o94jYggpTB}0 zn~)UMs%VbI4TkmgKa8U~)kgxU5NN$}Z9$9JA0f+ARR@=4c*FK#I`i0( zZ{pXfgan$e_U+vZh+vhi)AS6+4p+b*{J5C)*keRyQPJg0e`3nm(WBqIecJ>uQB+0U z0CjZv@?{ZKwVigd`bmaV0zCQCrk_9X$3d3KH4&0udX*pM0%v;{a1h|e^9ijU2@4@) zb^gg2P}e&Z1BbNl*b%j-I&MgZA|lf9FAMjq{e8hTyJgjNI(O*6JRJa=YR2I(iYoaE z%|vgS(=7#=U=f|oTT}aD)(VDxdG6KLRjnvR2$Np*HS>IYQrBFWbX*MLMkQ>88Vc2K z%H_+%d6PLLNp$uL#k6It1-`+MXTVoOJjgL!fU}`|C_$!AnIa6fXRdlhshkVMN40}Y zh%9XV&{@Am8%Ri~M~czLb(3KTq?Et|5bM+*n)fS}p5g9(j;0)EIU66~y>^{@*YjnG zC$<+t8`thTcyMz-z+R7*<~6>w$zQdF3K?(zJ-d0&#LL36-!~-lU`$OuWu zN>}qEf1w;dX6A5wQZUDr@h!4|R02wcOecxv9=8-XjNQYLb!K#3va=o5=XUn?j4lq3Y7z4_yG3Pr_F*IsYIMvhjE~-S?3`#3 zt3cWVIfDDvFdjU#)*_pE#$?%|g&)9hr#K7<`76}G6;}{fM0jhwUdPFR`9%b zZQ4w^mDrRR3eTkOJVHD*J;hiJhsgpi*KyhFrWlh=j}g1|w2VDQ>c=~KMVS^|#J4U`p>#Gh1N%1acFRtO%8_5`%`!sy&0?mf_7xXI2KM-K3M5K&HVMVm-HjAd)MHVJi5dJLhYFcCyu|qG*p>X^56zB0g<^IjLu3ejt z?uVNP5=fmF{-=$d-Ef;TC6tl~f(^nZoNt{PwZ?iyx{9GNDEna+q`-fUaP)2c9?`?l5ke7H+y;4A@aqHRC z(1}Ta7+#4vJX}t|=Oi=SSR@@7jgb#Qi&}JJv0UVV6ySG4#6!`0%KWGyfiOTCZ9d1$ z8fL~*7H-+n69*h(s9*i7%}7}ob9}qv48f4pjm=Z}IMEgQ?D<78MS*UOUzx@z7+H9J zat68umLuOQx=!nyNN!=Fum$ShQX{EvPtNkJ+TK%Zk}fluf8Zoe5_#;!!F~Hu*lRKA zD`BtPuf-ofJ|IBcV5(`6C4@M0vhbjgwhDfOmwfyg_Bp!@z+vZfrYaX8V+F#vk(DL) zy$E;=B-h@?hJGS%ZmD4qYLE^}K*WNL<1xwgV8%Dozx2G8dywao2Z{f2C+|g!yYfzl z6vCHOi?e#y^ytLgJs_(>1gv5ecY7Gv6U$KOMM>Icl6OOtlcgEY;qU~C;YDKacyYzy zukLyho@2!ofYBKSv6ZP!X^MY@-}j0br1eSxU-fU3 zMw4F|22tRO2TqIP&A1!6xz!xShC#4M)KZ$t%2Onn4`HwxV%Sz5nN4fcG^v2wxw{!CIyY0oS@903mN(~r z6GmhfrG9E)F_yi4eJnnHEJPps-1umX$jGXO9=-SQ;fzXb(GTGpH2V!QkU;@-DvSnP zAyRMHxUnqXlQmCBSzr0%G}IGQBR@HV#7lL2_v~Wgq1jhbQdoLZbcNViMh+d$`t|F} z9F(9EisSvJ$VjBN<~%^&5oSiLMm`fxV($|2u<65Xh>_d3M`&r8nwqZjuxhgJYH(NF zmy$7L6Rsh|J{Q;B5Ac_-C?N=0EL01q`TF%fBE%6#Qh4rBw{0ZdN-|qjjE}ZJ&v8;& z-S6|eU39lfALC-#MzV%&+O#1dHW+h`t&(>YE8REi!=m}ITBsnIw8g=b2HY&m#Y)Pw zq91dl#>(*KKxwh@z{qFZ{!y$M21=m{C%1v; z0k96ac<~!5Dbj1<_e-VD4#i<39J_el-v+X->k!e2$G(dyB_Pe3^;ll@6ICQ#Ne=-h zSQH#@U*_)-kG?)+fKJxZA^rLtVTl?B;ir8B*-4(}D*#&1&!fD3u5oaO51o}QVb{-NS{#$emN>(QXP*x9+^lm^P0FRVB$_a2Z!fxusIDZnRy(8*||3Y3eg z^ED)DCe@?4l{$|Optl~G&ee@=iv-a z$|&yl@&|FFHqvzhYuuYFr9_k)^ioZ&)9w5B!@ix``B6vC(1-A!yI+V~_FAiUP~xal z?!%=zx!#zq?6tm@=Mj-Sv=n1VP=N&1B{6;3!()M%Wya=g zZ|=vWL(&nNBBx4Xd(#aw7U3mAj>5tVJQBisSlB@@3GU65gL6r0zX4Dw1i$5Q z!bosp;$%rT&RcX?*U$z@GU~P%K!;=F;DG};JeF|~eEItIWZ1?Un zj~WINz>O0NierD*`L5@$&0G*|fpk_(Ft5sb^5hAhogG8P=tzPSC?#uRA>c~{N(nFA zfiGFI?Uit6S_iyMike#UhWwSByZFq!3C1cnRO?`77A;;(#%&UVmJJdv{i{Eigy9fl zGqbhs?!=Ipyel3o*y{FMdowEwF}|&DwonO1<=aGC7!R#s(k~E6q|U1G<1-mDr3E2) zX^_6YFM@-cDTYd#T3T%I-0~2iK^6-e#9virD+@K-EMB!AI&IEmHnyyx51E~qU@zUD zCYh92H)fZkU0@+LdH<6?>L+<5-~-U#$)E0W@h#q zH|{5gH-Hif5mLyZ*?Q%S31vPYSQg)Pn3@_nG>dpG2P7DzlfmVCEOExqG4zb+!7~@# zd#H0bej;?L$bN*1T1*_HCsNXl01p5%Y4YUo#%qzHHe|LiVUwRkD@eDZv0u^{X036J zW%F38a0x3oDz^s*mo538=Fi|h1b~3M9wd8gJ0^l~naaxVh&F~n9P8YtiwL%OJF7U$ z87iTiDWG?NOWH4FkYQgcjiL|7Myze3H>|l!Q6o-tZWj0%0Cc2bkjQ>11iX)2+_7Ui^}~b-6KIE? zbLhQiUsKb&3_Y^ey-zZW7g$T@uOsE4bK1>4=hd_G^FMRW=}`_N1h~6yGOOt2j1T!X zV>Ky^_Un0l+M~L`v2Vqaet^^D2323lK*Q7>9VDrlw}NOaUCRNGdhQe7_1O)$TA(We zTi)@mQuVOjHnyiSu0AIr=dk~T z==ZYpYp4^}rdeleWf_(oAtHL8f+^hui5bmJ_GA=^jxX=uKTUuXC)yq}7q6aEr%eNs zMfGP4WjH=o`M(2)Q5^H-sai}ja+<;OsqJ7LYxithpYQU8hz0j@BCVTk7;cFH5AaBw z;Yqh%5Pup5lR(glIgy3>th1zKJ<&Z-8hlp(=C}t@;R`8vwrbmAiHRL|AaT_q_Piec z%#YoRAn@-jVzJzn?EbI`oRP7zlO|4_lkQ_Hi6tq7^+P_J0s%AK@)HhkL3x_8|Sl(58u*px!pMP|I${%iG11JZdk zB$R|Dp_c7Zy`(zrAi7t*eQRwuHqEKpTuDn?dv8-&XJQm+nPCuL0KJ!;j>+O&gautkqy28!p4E)heg z=C*=Wav$rz#B2J>*}HF}i$_Y79Roz3TO{9KOY70SdsQR?qak>B%K&MMCdRIgU7XXy z&#xKS?_EU&tyJhD*CPNEwZrFY?D|9F)~%taG?ctlJ0{LDwtqm-wrzW+V^zKcHB(j9 zdO`_L0IJ~#SP4R?ZiaaJECUThm;fhAs6s+dxpDKd@RC3s;tRG&MvPC3D`>Vi9^~3Q@f_W5{QhYDMHo``Ks7eks}K1C4&R-3 zIi#C$*}<%kagS|Go1TyJa`#HUdkP~%wW5}1b?bG`_0)BR15kIJItiL)|% zMHn|QFt}94k0AE~sogoV^jN?p(P>Vr&}#aSmV4dHW_T2>hA}_$Kl0$p%gW&O`(gJ$ zJ}%A&a6KV@;Z%h6m@nI`#?LYd66m^_PzvAk)V&W}yy>ghvy+aKHW9RjX0K+O4I0ks zE%6wVpn2LdcK7r7fb#M22lwu^Tr;tinH!E{6b3vDSxJ_1xclfN; zn91i2*HF&_*Oi=65;2icvg2aT@B7xUqwhF{-n}V5z%3t<_<)muT~3pnfo~;m2q?C+ z3rdh!PCAhgdy+MfxQk4Ijz3a7AWYd_y?$H^A7E@^Vuu2r{1hY^%vs1IIrK#MT8T4U zjp7VX7a#67e=hHK`J7z>Pozf0*w&sh3TP%ej8v%o$5ywNR#1N$N>-JSOWnewOW8Q* zd)TfEBT<@e``mFklM{y*>H%l~V#ydHrhg!HB+PL`%M(>~TRyL8)?m$jVWoQw>guEf@vi_X>mL1h*^@fK%|kTsO& z>`z)%KD}zQsUGtNRWgRQlJIZdK%w%I;*2`}lYR`C0#A`@Z;^eE8q1=qZu95AX222J znC#0ZHJSB8s%{n6=opAu50o&@J|)%Fj&{|r2_qP;L%%n{lL12r86cG`f-TU`@ z(Xs?BA)rFbI3gXW1K_?_=BkK`LtlK3T|c8}4mU!N@?NC733fU{Wn(S_35Hg%xh#@P z&GfTAIC43~6Tp&EfG3DNX2XmgrUo4v0Mu-cZbVGFAbRsNP}8rmSF}xbk#+0nU=Og8 zbNB8+dPTQw>tIl9fMSY8#ytXG+RBk;YD&JHOE+rAPMr{a?u&?6v259MGC0DQi|eG> zYD8vzuTN1>g7j5!DpY{WLKu)=34$2aJh?ppGBJy1%Icb_5(=#_#n>3G(}a_QI~XN1 zdc=qtE{dj)0@fVHPg+2FOVZ}RjNiVkVd4aQnuzrJK6Mct-=00abdJ3xC6)6vn< z)cn*oVFK3rZj!x; zzM_DHlEZkFUm8{w+PiDlhaf4GOFet^7&v4IJSk@T;}5(7 zhQs?1prP-m6^A~1rje28e@Vkb4V60C))%VP%6IQbc8%|N5*0~HDN*2R1VNhToe#0* z`M!b@eXmC+&(i(>M!A#%_ND$Av)G%Co^Q)dr%g*kGeh(@J@8xKDp9P)rRPaG;uoE!FlyvTYyFX$ zns%4m7a8|ophWFCBx)lBpQMs_ql>9xY#y(~lHlJLR1$nd*(bnIDS!zc6(?`rxno?( zh9 qPa3anpFj43c&7TY`T`LGmX5C9aoJ2oNFwaLtgQMfW#W3Y9GDu_ReFuPf30m z&Ju0mJZ~Pg`IFOg#tLyuZ)7m=r+Fe}3Rkmrr{d#{1TF+O741Ib_x04+4W(|6x-CjN zAzd3t#|-#4BOA#sPVLRU8)K;g|JTmdRe&$p*{>w!qvA83Hci%$bdx~mLXwYz4$T_( ze+l})(~{rkN0>x=XIl|OYsdoG{Y0)kc5vGBI4w#`DP47RXaZX>d-iisB-+u4tAb@9 zi#^i|H$n08znHTvCd({%d!RJP5U*(Kl4kS~LcQ?J8ueE*$v%&K8~_-bbu#z@xG&>~ zB$fW7)*quY5;d}WQirO^4R^4&Ab(Co5oH}8D9u$7pqLaVZMa=Q#{@v==~LV6Sep0* zCW4_{)iOr>wY-X3tM3!?BWgDHg^d=}=f>@LSkwbh|Avw*a>mjoNQQ0ZhTx4o#l#aQ zCoqApdJOiacD}Z!j#TA2urSxl(aGY6=@jM3Wn3T|fBuYaA1Do2hM?fgw&O=R%)JbvdnyHnVBS!+Iu0u}q<|-%_QCvn{1S;`zXm@kE(5B&>0^4ig zadGpk!DGhQ3K{x9^)_K5&1$>2uC~@~&6+|6TO}oR=+XrT^xZ|wyAkQ{@}j75qrvee z#{X8k`9HR-wOAlv)7$8>8ql9u%;GV%>)1oOd-qawN#7Ug3*)O_I&Uf{`%h09kyT5P zzLwO5D9cI=eMSl?M9GNMtG?X-b*U0HUxzxl%#NAfr^+hJo$U3@g$og*-R4_Z% z?*2bXvTrW#(77`<7#f@x;()`CBM`7$ic^mhpLKQ}8i zf3%uf&WjgmWO}RK<^b(IMzq#Ftm(&Aw&3u=gBQ1mr#s)v$w?)HGTyxug*3AU$O?r} zAs8tG=Ot20T3+BVIgDw)^lp1)%x|bUQ}qO;XKP9_NpHM2kO^q0#&f8%=W+S-$t z3=x}_HM>$xJ?N`N6g_|be77)$=4A#oYWsQWl!wxrip&6l9)>=SG6F2}dSs zWL;`h0GjN}azY8Irz0lpN&m*QHU8~Tj5QMOX}nnZ(e-0P0A;a|aK87oHB}S+rak2( zQojhz6Nxnt1uqCP0z1NA#~=3AcRDeykUW$B32N@9bF0*&Bv;@&0|HjMyJPX7A~G<~ z%NEU<-o}ysK4)5IEvIobl{b(x&yTe12nu~6sV~~ z`i!+6o>g4jMDr8EuP4+hiU?&oo&HRh_`@9s3kf6*S#9U`;SEIzzGM^B=e4xo$M9qrP;J;2{U8vbNZu* zh%%Vc*T6TGv_llKt(Q)iaGhjKxYo5@3_u11LcY z&s4JDNl5=OPTja|o9W!SC16R^CnGTwS+{PTQo#9@Da3Tp05KE|NjZ$H@PpxFz;8_O zWm6$qvJFCgR&|ufoi}&x2-Fi4=4=kmM1;7KN@N=YhiR{PaO5grDhvY{4meXMdX*>^ z8zSS*@0{ulu@FC*l+J;YyNP1&-$Q#lz zKjWym=w5?|M^;R}!b2bCn4a3$Fe#U_>;kRP{IO6Xl}z*XMLpelyV-9 zEmXxys$<9J>Fck2F8zyTh{S+YkY-t?f>W%i4LgHqW)4a%9u_oo^f)oqoiwfD<40ev z1A>`Dlh0U3COq*{V|ZQYpAvhg?Dw0C)ax;q^ZdCWKtu}j1K?&9>^EAbla_JZJAefi zZ4z~;+4LtY2R64tuU^az%F*ZZyd-^iLHki z*W9n)Tp}pXKd%vtj~uNpNkq8b(vP+lTJ9o~WIYZYJUKy_l0CaLP-fs4sIVk4J9_znX*X1%Sm1QVO zNelt@WDNtr!6!|UQbNayYM%)IIZwUg`1bEAEAQ{qIL^%g1E{I1TZdu_G9orHQBg)F z$~yk#`fqb8er!UmB7F_bmu+cT`zs#rZn1RTUhqY4>HQ33ZZyjc$Xi$hw6uDNM05wP54^9a;3CkK3c%%DQ>Wr zur%UIB2!zvZ}8hW{4?P-af@biX5Qn+kt3JefneaXLwNPMk|2G|Bvb{o4I)A~I?>WX z)2<5;e13acDgnpdmzBw4EryVcgpwU*E2+WYN*?{;aq9}7JsYc{5=Z4@7(~F`-fPrp zI7NK4V(b#I9@__q^3cGhl|*7*htvPTv{`z3d96nx!DjhX-1QvD`WLzpz)h%tj+!%h zkYEDVNRXa9aU!NPbHL0bAHoTfMvWug%e)IbBt)>luNCms-`T?Mi9BOU!i0q7sQPGw zH;K;sSinTlOF$0Gp|Vzxx%Jd>u>?g1f{zL-*E{#;c;{VBmau<&m>_#ZkRW)$&=|*3 zV#*dJ5)YqFeP1#J?GoFwcUjxw&>Cip0B`Hjqpyes;BWTC5Q=6R;2iwKh+PPGoQL|2 z%ZcHW`GW|=mei-}b1vtjVP$(ma)M+pUbql58oec{+OH5+qVfdAp}h{29e#QYu@LyR zgAx-sBa?o<=2Q52L9|gP93HbO3qb7Q!?Wxv?n=66?Q2?81_nIgH$-dXe$?s5NaZ~} zJz<<+&Iu(PJ1_vO>m2U#x}x%!tU!m(5+yn_-YVLFt5d(Cm=lf9laAAiJ&D^CeVX&! zT7Oka!ZXxippI|sE>1g`9$YvW+_-D4w6LA|pPExdJ0Kph z=$A-#f!=?BdFhW?MF@$qx~^Fj>d@RPxVWF&FS?oF9yQe z%cga!7#Vo}yf(0Ch0XWFw%;e({di`%Y}u)njGx`RE6mCGd%RPPkGD$8CD;;3@8NJtn}*>?deHlqVIWokW3e@?t2l{uT{>;tEf!6JTJBE{5U2eUKc8#q=!af;l4x~Xb*YMqekBYQ^y}h%}8;U zK|2fw&*wMA95@xObMr!aBKPd=2!#_kn1zV7OYhU$tE055f2)T+#S*JiwQ8ASCJ zZ-m*}hJ@*H`I&@W89+}!|$W9ru!z9@CkR-0MSA^ z=|Sp4U?4~OKt~PSL*58@C$H&ObDv4n=u$BMt6%Bvy3v-WXM1J(x1wTjue9ri2h8>B z3*g@b3>Tq4BtV&mu|^G8BmU=ZvX~cX>mF0NUc1)6U%!&rj6T#C%lR}2yu9yyR;{W- zY-iHTn)u5HI=?t3ZHPpS(D3OR-EYfcXQ;g8pay4o2abi(Q(IKEF3I14g$HGJF3<(s66#6<{(nqjyn84!}u_$ur=;?;XJm(-OUCpZrhz$6_6VcJe zFCRz^dSQLGwc~uk~hpV#THp2jfid9U|LT1 z1vp3Y@@FFBW9b)sx3Y&p)4#)V zIyBUZb~=!>=%2d=bMBo@N?J;VL?_|Qay=AM+(2doG(WkLdqz32vAJ}Kg!6$jsw(|8 z2FuxWu-!O!?eTbv4;t|&ZMtn#JJNNAMu74N|A)zEZ>+G~x@rD0CpDuf=51!&*r1#@ z>Fa|4Mq)FbTL!eYRQ>o20$b-N1 zZ}vbM4flq*U=asIM8oaY{x1&-rvZmF-Erey(05ES1t2=z*EhZLuCvuWMd5&2eX4m7 zwKS{f3^S>*WAs})qLPqFmBx2lKwb~WW2tzOJd}nF0#a`ZVLc>65mJ*Sv?%TKAd-s;7EF&sV7}n#~5%u+Jb07#m-tJjw)pam1 zseJo(&8ur|(TOMpkOcw!(olQ?%b17=AxT1%N1<4-rQ~9(q=tnze8JoIJ~xasJc2}cnldW^T()d0;M@uc<7wrva+&yNe$n8Arn!Qy-+EGzgQ{L4wRsnqrQ(hr9YA10YIx3i0L zdDd*ISR=S4UjB>UT|~8J7RlX!B5Zj1l%AZAe#0vYcHdbD%tGSGTBP;l>*vo=J^!I< zPByM_VesR-l9C$N70gzx&nT$NMjOh@<;p*8yY+{^SEXlZ?*Cxs_k9l#rt3$1hmLP@ z+`skh#`LUTA3uIi?XxAp2oa`F-|?r(Z*Wt>>F|yV9e(`-NUI$?h4ifDl|SXT1A>Hv zOVsbTU|z+)><#=6L|o`FUTZ$fuBzMbpE-%HL*HPEOUHX&uMGbB{f8NLZ9)UhbC~d1sc9)jdjX9BSsVU%{ehcEa5SF&;?N*Z~7dK?z`zAaFgw zsFG*s`-hvks6I5uVM$vD6%-&62p<_G)I_YE8J<;uDbyuUvV#T>Mnl}tupFlkD0#RI zCo*S^E-~SYeZX#loJ$sTUVZj1SN+an&WHX8Q zilrwoKJ~y!hfv=|Qrw-^u^Rq^4ILf*uv;J^kE2cAg^95-(b0T%)A#OJ^bp4!*9S{z zzXGxdGw7x7Q_mH1?gdB_poQoeITK$I|K+An;TdXkE?atUr9}ZoiHC~lMDT*t4ji{} zuOdhegs=fLonw*nXvnbVvJyvziW-EU0dtzPy$70a2Rl35m+mYifk~!lcXQjX?QDS( z3EY7_79E3bQIu|62s`x*js2(-EU)~`mXVNX9;$08;q;jfB1rwyXfo%_NyBo&YTZ_b zi{mDv-~Fea5Y^(kBql154n*ym-zwD|!1lz6Ns?mDIhYlqG|{hM7(|=KK-k5>gC|MO zu(ZSzxCh}$TKY(0V)fg%gAXJ8C#ePJ#luzX*}P4xBrscqqV{Lz{xxUL;jbS%N<4__ z(X;2h{aWP=ehvx_mNgU;bQo`A7$oXoBRa0MPbv%A;sqdKtbz3uv%GJeK9rD9ywAV znT)Uj!X4b<&m*lg_p5On###=yJI`=NDbaHdw=)7tZPQ(FD|&O6FI;$@17=gH#l_Wk zKrB&%Ab-RpUT3DB#E~&#>@uD!^doDPl1j4X_duc=0V8q+B%M+D^kdn4kz34Gqi(k} zYYfGErD-OSNFj~mmc|+>p>_vt;4}h+q2p}Yv}s^6(K=L7hLVAX8VherR~+}_yKM~$ z@+1)xdUw@3n*Ni-5UIjK0>W9*JAR!^M!t=h=TKl_S z`@4U8|DOHbujilVeyu;s3io|o*XJCL^Ei$(pl#WCFZA=DK7s$0a3yqfXNvsSvFkfg zW?Xz>)BO_!ak*h$&Z#X=+uv2(VUd{z=rpf=V*I~I9MPIz@x7RhSKvCStvz07VSvKJ zLPJ}ClC=)?bse7s9G8`~CVP|yb*CcmNXbAJmuTwfByLsh+rPiS#NZ+@p-MQpy@TlK z$=Z&f^8Tg|VeICC3L~y7y}*HGsfV|pUwCy#{>>0m_YN}FWZ|VNR&Z%#<>W@tnvm0= z9!t9gvL<-fmh0%-cukfC*zzw4SsK7A4(=vlw zs~i;OiFtX~uU`k!z|vmy)i zX#KEDm-?|}=JRL$wQB?8eLIO{hVyvws0)sw97;#W=8>&c2b8gcm`L{L`-lc9^i?jxtHFB zpA{adEgJG1D?A8_fXbj5=3^<>*tR1pyOSS}z#7KsJSV4kl?yKgEy^ev8J2kOK|Mgj z;)IfW<;rIODt@ozP`HfuK;_eCSSOL;X$lF(qk_v5Zm-D{{hG?>T5&1%N-L(pA|pd= zVP4~WIyP2EOAEq%4N9DLd2Y}ZB(Rba3mG=Zt{E#@aWf*K zfF>g81UMLNiB`AiY&F8=kY*JQK342wd9s8=ffpok3$sK5CM7)MqE_D3+*_e|5rIu2 zG&e~<-vV9D{4%iKYF&-(JYoJ!cu$P@SZR?I5up8URM>MRL zG$-#96HGXH_BdZ{D5L)T^H;Q66$Kqc{weRML&oF2CQO_J1A7ybj|@VDrFZ+44|XyO zCalJ`J>mZYCZm5;ImkW0h))864?rGPO^=UD2-U(G0y@Ky58I}*x< z*Uy7irS#J$YJ$Cw2Z^d~BINs(l{{HlwsauW>EvCTSqhi}gQJkaunXp&Cf&O?zuR<9 zA&5RFH1T_}G;-pl>gu@~6(ZO1M_&w@=OJ*+Xi{j|X{%lPvBOR+!u~hI8 zUPBBF3J_RfB`+93cN3&<$gFrgSjRR!JOgN^ebU%(0PJNF8|fswp2DSr+&m^rhgC5ZQHdB7g5uvRyJZ zgZo6iJ(kCYF5VXniiYzq{^q2fo40NarBy21aUJRa4`hw$O^y&l*&REeQ0{)K&D;fy z9vn|<;>2A6vYkXe7f2fe4SPylmM&QZzSBqLb)rilQWOTtfC`2;H>Xg_z#eb-^nA=y z&7LANrBACm_@|`8g@U@L)fN#`(APR<#V`pf0aCKwUEhdRdDgmwd3L%}a(3h1E`5p@)xWP}N!j1{STtrT{a zjdlCPSD103k8av8>2JI&bSss(TizUOk=gmo94 zdk)Zt;!2@TSIH4eY`Vs&##ce`)29;(cWDU`dq-diPgqN&T_7|`!nlVEHO_!BDf57p zCcuTFQKDrF=W8Z22ZsqGuEGy}UQi&2p>WorGNZOTH@TA!!(^I<0LvinQf?l=M&Q1o z9Q0T1gd=?Bd8v*00m)eC>gExNsP7R+>d`7t7egdo+7s*|H7yN0U~pEQ)vHg?b8sO| zBR$iKDKOazP$a|-4x6r&7sGr(8UkiQVVl@=ioq>vcI@cvy*|HM9(eYBWvg2kZWP;~gZ8O(tYEt=O&qV~1{Ppvu(U}Gpx zcw~E?Iwd%H64qdRPMkcsuL>nFOK8@_2(>H77ho*_=xu`;T#r$1Vt{;;SpuA%?lnSS z4d#W?UyDB*(#h-r`5T`q+*HWo6poDDY$->9)K~cso(u6;!66EZW__tdN^|B*5xUZ% z702^bW%>gFuRt;LnN&%~0l%IE7o5|N9vOWMqiwzjl?C|M*;x-wB?cr!E}t`J%)XeA zn{(+q;Yrt^A(7qlRAXnLSs)FfP!KZhqkyMmQNoYpsSfeTS_m?Ive2()XA617;xfJ2 z29F+sKA${FAQ2GVR~2v^~>qKP&AW1`N)~uIMT#%`# zbR%to8Nf2ZB)*|6+Y%6+R+GD=RbjqyW8V=Y3|Ft7PR`xmRswU`2o4BKM});1)D)Lb zfI`G?E#_AdEWbieXhTQ`+|f+1S@P$g)qq*|D2kr`CbW&$Zr=P#GfzMOJDw;hITRx! zKn?y2(OqwD?tu1;6b#ITT0QH0N3-AX4kKlWU8Id4DsRo6nOXwTJ~5DmWsDn_FaJ~Q zB4b&sTv(|^eGMgnT7Hh@6t{_!Cf&Gs(}(pYlV#;*&di7500jm20)F^ydsC6?$3WomX#2{d75RZ7i* za1w_$Cg-G6Qxg-58@i$)6j(e;;1@sxr&I&P?t`B*Hep&}b%&De8r=~O6OXOMEUAcv zUKCRk#*9hAO(P+}aAtBRkv|5rp$Oi|}_6qI;6cu(ll@4QP}4 zkNv7BowX={%kKfWLMl{5^h|~OyZTQG3=WZQUTceZRdY z&4TKfNmypCpgA5F~`BhEkjSx}K@k)vE(>JIY%lz+%ud&GtaMS+p4%4-8-hsdHYS({hf)y}n*Ma!wvo7eb{5HjH z|9*HJ8u?lzjb8+`K+tL)?ji-C@!bb%1$To$YM$_8yQS;mCF=Q|MR(gEqS<4nkXZ+R z%+I?5N*59u<_0o`0@Jo?_l2uh@v^!qTy6I*0@~sTh>`0o=ybQHV#&(GN-*YLWobKz zWR?p!E#XZ@7Bq(@2x$`{KD@oO$~nk#JOj8`wCkPRph+ku3cVi}jkV6Ef8(@#A^;tH z=2dCbn41{S@U~DL?}4UOuykbfqGko8+wV%ei7o9 zBL@#X#as$QEQgHE&0lRLRu^$}sQB}Od%1q3leBB|j*oAl1aHT8dG23he!&GmkO@4C zS`v2t<*QJ6X!#x&Zzt&f7-zr6%%L6JC7x0|Kqh$zIDdIxY)6sIB6=X$H8mI>$(Wx6 zt0hTmt$~t2RDT(>GlXAADT;T&IKeV(1+oHYc7i+`D}@)?*#eJ8N2fuj^&sgP`>p5r zjw30~d<;X1sDT5ME6vZ*q4HlY9aHM7@_6%2o?3jyG6;!3cF112@=@!}98poj(ci>H zL!y{3OX)>kyM7(pnirJDq&*s*_8tMVuNZYdC6M!MI}mSGHi#yE0@}yxgU!=BsYX-| z0t=Ei7~k}epzVj>NBpOUPDp6Q36nj70b8Tl5{jn~<|1&nJmlbfaQ=negH+m0Tckxr z#tb8OY}+R6T(0f-p}gGJ$7k{i<_YW!;hCQyCACt(ns+d7lXyUv!jnH3y5>|E{3)ra z%{6{)Q=TSdP|P4m3<(a_977fd{c;t12OJDyzSG{m5WE*egHjK|4qcy{7(qY0EV6^h zz5Or=n&DLjh$;Noo6Z}BsROZsc?N8wEsbMlxPDwP-XoOCCn4btyXO84BmQSSto(PY z*`#o?XMTR{&+O^5SKuKI8bmTw?Tw5G(DHIQ3_8}lGVoWdImOMS*#Pa?zgJjo9DeyB zb!__gxl zis=ctje;wC;|Y-riCoBRFp}CaV#c$eq_k}3*S&&}CE-@KBfEyRN0?O3p*vl*s!G+e zi%4ccL_~yioUO=tO4Y`f)dUS+;vE(+0D#^!5J67bJwo;>oqnt z6#$p=gW@`%TcDJsj#FCyn~VdgJfH7{P{d_|^398j$N+$YDhv05Jr>;4T*KX=E^Vz$ zl7$(1NC*@)_JILZBRRPM@d%Cs@09!g0v!k;l1)+7M7_$43ws%$P}*;8Yjv_J9L)$Q zFeKy~a7rU2kYNB6>=C5GPDzgke z8_5nRG-R5(lnH*qdUvmc=r9By%-Yh4|B$YVLKx=+s ztG2%WcL*QQ^_U8=qtT*FnmTZWhI*oD#)Xda-fJ5fC1TePT%fe8Y7`XCy}gx+uIl-F z-@0*w@}a&#czG?xSQ;?l1rh;zuAkd92oIFZ!Q#Xu*TKzhR;`$S(PNx-9&_Q#7wZEBK#lnJ`2YLZF%)qw3#<|xsiAq#uTmMu%6 zu4>wDGeDGa=l|4&@4CP<&+1~1r)vH_k;r)o!?Nb@qlW)AdKOvyoEZD};fh-pCbZ1l z%POUHNk^GOe_!%x)$d-eMB?_>yiE)Lt}5=@fL#47LjGS?J}amK{0GDH&G;Jue?gS? z8#z{X|Hrs0zfnJaylbI2L&Bf0|8i3Pe_iav2^?4e5sKi*p3G|Pnf=lkTR_KY|NB6o zai4DZvO&ldhOvv!o;$})hE14FF@Y-bPecVre!Atz3~oRk$qe3J7oP|Ji>l7=5 z5NUm;szB|990=Mp^E+}PAA44n@(`8Akdtu>MRDCnQWMP7mGjfZ! z*nQw_rVLzo(gElOWDl)Hi;{^LTDxiYaq7^~)Wj9M0@c25v@~^i7U7UAf~<=bwfKu) z=TJd!>~@2@K@btx%}{s9s&QXLqT2{z=e?K1UV{w=^gr=ib22jpJ0)%m(TYLQ6~)dO z!w`9ZVoNLpnPwUxjK7#D_mE)quLqgn%$Y$F3mK8o?yy*C-aJ>%AWIK+PAPdUmvq(G>-3F?M-ivH=O_{#nxzxa#)<1~0qjIouKA~hAUUrrwooyBC9ASMh1 zWQTd_UQ{Dyc(6nW4WN-xxc56Ch4}(gU*$e_WxIJssHq_6Ai>e;2G;*uw7wFhEF*I0 zjS%asbb4^-g-pJY?9GLRsFt|^dZz>%q9B7F+#&Uz=PNV)74soJ5J)jWOn1s4*N3}y z@5bnkszST&p5Z^~qFqXJzoLR=EI@c;5F3~2!<##-5wyeB7W4fEu7@(Rd&<%mKXyL| zqZJ5rINK;OYG$DW-EoOg9DROvqugAP`%6YdOq0(!+oANKonWbhr>Cc4;#%r|UNwt4 zX3QlyF_!^}*+260(`U~{Kn<%o(v$69At6Sy#^GiOFBhVRKBF$9WzkTGK4%7~2}|{W z%i+k%^CX#HzjH^}Rm6oga;o#BEwq#TMI@ts78L)WmbSLs+@TC<*R5G|X~;V4F5rxr zn+Guu!=6U)dn6T4)#@?N78fLef+_gJChU2|fVA6c-lU%1&;bJ?={=zlz^Ub_WR$?s zgz%`Tr3I13n68Qf0-ELwR@6pBWM^eT&ef@yIAlY)r`%?*|5695Ty5z+al1c!#!Raav<6n^d6lk{|Z zTU)iIOEc_NiwvX58mL>l(jax|qB@2tFQ6okH<#Mz`uclJt*AD{dnEIA13FWn3Te~y znLfdc2aKr)AGi5QBx}=oex;<23ShGaqk6%?55p{oCd`eHdLjuCR}uCo5h?g@H!}h1 z4l(RRDqvAPJ@NmKbpKr*{P!bW{#V9C`tubJz%sZO&At5+xV@BsD2EpY=(L}rbygk9)btz&oD{~mnFwF9HJm+1(holu3 zjLcbb49f;^2@T~ym1}s?vE-u#^?X}hxC?4br5Q6a=~khqSjvk;W>4DF5JMw28X)m} z)t)F3;0TUVur8E2Uo_hsKml*o8Y^;lXx*dzKZ67e2;EAw;Xtqf2V9!7{E#p+dA+Q= zmB!stIV3FXbeF5ky)SA`Ms>u4PWzt-R19t*a4!+Oycb9o+y%x&VR}(vfq`aBjeQbH zXIb+&bI;*i%wqK(nri8(w80}49e4c1rBm*U%oY*V8~m_^Lg7EH9h9cO06ZtP&%!%r z_wL??s%98#gW#Rg81DVPf)Jm(AG>TfeQ1At?h8QpyvL~;Yw)&b>RA#>!d5|F3+hI?4GjycudcrE4;j~uxCr(Eat9lJirX24VuEgP z%QZ0;0nY*(!K@uzvAjIpd*&mS%=Pe6Q&olLeTA#t91lJx%mSGeAZinunK$P;h+ZWweVQYO9vKqC$6e$P?_wP7|FOG=`u-33ivd$8vp4Lc+pkyq^<|aH` zK&luD;aYm>cReVz%LIPMbbdX(#z;J190LVg!^i3A!r>uBiM=C{bD2~Qay9WBkBN=N zhs^xOdeIOZ1dL5h1v|%VnVoT?ekt;`DW)r^BI z3*$E*ZCwYL1C0&p9#H;yBUl*1t7&uxv-7m&2ijk?T~3aLrn;zpYV2q=qAtmyU1~&f2esyoW@WII$Wix?}+xp6neBbshvCSh)@Iw%Arm4D1dkgGt z;v+>!$N(rQR2K2j5fSwu4R{ce&{;HZP4YS(jkR?6Nw~tv9JU zxCPm{x#_<0g26raT*K%+d7-(naj7~A4qwtXd`--0;dM1oRfW?z`V3Lpvx{ek;(}&b zSegyANMmU!0R8SmL43!DL`K>%x8@oNZioQ(D36)^T&=h$irWt0#M3QUw6wNnJ_Zn` zgkht#9C43Qj^BgRh2Y(kT{wQqlxtAI$Wlx(sCA(K3wXSV9!Jh21vAd>M>~k57csyW z%)}ugF*WERfeedUv%Vp*%}E$Sj#L8O`zUbE*$Tv>X5iT4$44oaqt)Tlp*&TFEW&sI zz1v7(e31nY|Ni}VfIEz;3g8f24nNRYRFpXCA7Fo%piVjq2zo;%{_J}1CYEw_(tBtA z&$(pr-koy(;sOA#x4-^t)c&9G%79CL@XDmWPw4jJ2Nl`x`>TKdca-w~>qfc#$Nh)? zTiV3bls0WM-f_aCgDa3+2CBFcDCT2|(aAr*3gXHTB!-`sp?`S^Y+ zmjeO@LnLP{2Qb{snF8C&51lmlPC#x1k48@k^t%i+Xs-liJWwMle5=A9BL8L2+iR#E zDaBvGoiN5^5^9y(aoz&FhizDHY`_NWYEZIvLKsfj%#kON52sEAACW;=qbP0hbr8$I(&WAao)hrsABgF+@~ANc?g&0QiS8pfX^e4rkTma95Gc zNUqyz1FFpYCr>`JsFSp!nads6$sT!cPbvj@p$_)|p~g)U+sN8g(4@LuST&KoLK=+s zvol3ze^9A~h6>*IT37cnX!?s6jR)-*x9d?+uKMvEU%2|z7H8Tdfoh7)R)!Nvd1xY^di(lWrd zxAdNgJk7_-@^W%c+shMu`?M3E!NTwX_Sj*yVFQTGF;XPvz9FRVw>R$5dO{5}nzOW< z|D;lAS@gR&3Jc~5s0<_)!VAD`eC^to1Z0L)q;7@|f`G4~a-^8pDlM%Dx(_5xTAG@e zAEd%hgt@A&j&YcN#8rK%+~>~^xx2Fjn34C3H&40RM}WO~6legLVb}8~aCw%ePy&{a zkOKU+>=Wam5|A#C5};jqFcUx}%UBDl@Owh$&S!GJTVS0%I@-Rc;Zs7DDH)U?!&Z^aup9#Kw0=xLPidy_leL^?U4l z*FJ0(Tru&f4Nx1nqOh;XziAyxX1*B=9zC|37|1dDepa4iFZB+u!^^T9W}kMirISGB zAm4%jJ^N$_P^Ev`1iOA@i{TT%Y`mldpx0+SG@TzAK=hA6d(Y7Jy;vgmB+mo;^9}w7rO|)$mkGn@_Sb*N zmPN@ltn`}%nsyX-1?*kOkB98+$xHj%^O7(y<$hC*&?~bJbI3}Vs!hy0=^tOcdW9}S zSn?Su*eCNcTlkYqB_t$fZP4wQd@9e>GB6n4rwFSv2{Lk7>A+dohlx|~*AcTtzB1wJQPMdoA5J(O26e@csiG{HJ zp-G(wE55pRlw1=(Dyq*+ke@_|Or= zxk!b3YG8!B%SgqqBA7$pU>XRtCaeo)i13PQi}?UT5eT)TLS?{x@f7C>(nFs=dGg)c zw-=r#_7S;iZxiD5)$nj-gc;z;Y*1R6A0gUREU=^PE2V^dxQ%x79|_WUasJ4M+oK^I zPlU+S4V+V!6dSE?DA+2Qro$xA*3=w^AzK6s5>iMla93EcT-{i`DfIO~k$-o{wR@H> zJ;*v#wzCw1OfY>B#!Kx?;U`elDf*c$dae8gj#oL&DmLZd&5mKWZq-0Fqe{)9c;$i+ z7HpUws~lvcQ${OAP6Gjh(nSImn08aAdY&hV5s*v;AfL;F+gP(O2Kx4SCh{3(J!ESL zKr}wIhtQ`v%HOCQcq(Yi_nvNb1fvu1f=QI&`2<|XXTUDB@Mh{AWV-&;LkZOn6mMMI zgZ4fpCNVsqyWc0wlL6rA6t+j}!wH3l4V_Hmj{Xk>8w&Oh1iPXw!oG0Z3Ii+ABlY_u zCij@Ju>UGe{aOA!W+~`r$K>hiKywS6nw?{?`hiw(M40ZtS*t^KMuq9>b-mcF$Hj@G zx~2B*Z=C+2WsH-D%yK;QEeL}+{Z*u$ZW41hLS)X@VSwhH4t`V)3+PO^s+)F4o0x&JTo^N+E$ zjfx+Iur6%^{h6OYx)9cFP%(ambvDs-XH8w5mgaF%F>-5JIB5L(?h=$bMP+4kSQ~($ z3w<%)x@6(PZW1iN>5m+vbxh!pPP;r=A0%u?pm(u}ugl>S;Cc7ybH}zmeGhG>nT0qG z9sBU}wRHb5*RvaUhJp=%ivIrlJsR!oTwJy$3hOmk{<(|6JqnfNvAso&m4l|OpT|@b zNO%vnO36M@8Y2OXfhRB;rWbY&XQD|isgPLx$z zb1hR(^B|Bz#gD)T0E~kip>mL?@mo{VIk<(w0|)nM>)ZRc=2(jECXUqFBnrO?J$BK7 zSx6%o@7|Nbj4FIF?BW-zCA1=%~wPf^(i9-d0aVjN;6GJK{ zmc*_yf>;ekZwtK{0*0{kP7rVS$OQE$`32VAR{6Q2HgN%7VoGzav+KYMlvPX?c%{CA z#>hh~sH#hgsBb=$lz2ri+rR_ED64z7ZY=z%wp}(5W9R`xhbl1DhGxrrLFdN!(W5WI zH{d>MZMgswDYb;pg@lbzmB7j%La?X(-4J$EsL(po^le-{`ot^+1!^|Q0l0ANLE_F0 zAUz0ET&?sTFr_yk?C|mh;X^L)&VlI_DigWm&lx33Vg+*9Yg~jM31PD|Zv_0nw3<@z79?E!q!+kf9Q*FzeB11QXse^|M zVM5PqQVx>^a{?pjU9hKRg9f*{ozM3gth#>(fG}?VTa>N>E&klO;qY}fBz18&iI0yT z*LT^xd7^!^6Eg?)>o=2s=jtko)=%J&P&o?5({QoS-+^ffOGMJsrELm%;?JBpGfdI( z_T|e9r}w)d1~Q4+n=of3{NNL#rml`%%up;{dP-0p zfE9CP)<8TQFhH11x*wW?R&5%{i`vc-SFiJIAg7s_+zS@AV~3RX(nBN)yhwqYDe3)h zP=iW#`!-hozyJT%A1@jdbT3kVzyjl#H9y~nKbntKj^ng8#mzEK_~j>o{(H!@zip4_ z?F;_9mi!m}ao#JyL74D369y~v0TQIIeE#Us)yXFy!Z48pAxl>nC%PNr7A%}dfJ^xE zq<+4I8T8s@IwR3twW&181iYAAxNP1OVtX_X(;I-)knjY@;2;0y>5rA<0l9El;~F<} zTSf#w6d76rRxz)BMZ@4{(a%-q%tqbrJIUp%x0Jn!|3=P+7{GzxK?^1iGRvqUU*BBJ=p~EnShbKRa@k$vvTX!>*vo4po5zjM_~`E0hx?%^uR=#l|N!^ z1lvOF19<^ygCN+zbfV?^_x}4#dOQv&QoBHOVCu-00~wfK!h%(WnWDRr{q-R#pJp5XuEoIpKx9FA(eZ zi9xdzN{{Ml!DI92(N=t{hXBQMUou0vfaa)`fHo+@xrR&C)CBKy$dOzuKC@wMbO({4 zv+ZloARfvBp7&kWAz=SI`&$aDx+%Ek%$mi37=eJ|#EFlY41%W8CQx~*bPLjS zq_svbp_!)%1*{n#iw)lC9YlenO$4`!a32a?*e2T`g8;dudI~u{zD~Qeh?vV~n;}1G z3fqB6V4ON(l}~$)Hxg$m%)(A`1fPWX$jFA8Ve$l2{s_1zoA14R*%;&lIHaA}iTS|$ zTg!*A`ezAND_;A=NJoO46R{Nar7^mYPoHMd#*ow2#;@S7KayiCr#ahJI5sCX zTD&JmF`Mck0Xw}sJA}QlLz6E*R5?gd0whR%0%4aH;7)9;G~8DrhPZqzBATvU574F< zb=v^zgt3$lV=rNE@R_3Fim(p+va#SQf+v!(U$ZMm>8bK}XVFk-lahx1WU3U3N*7m%c- zrG=x@_*%V_s4DdYJ(s5aZ@WrqyC=o|@B^W7w)pek=w++^_y1_7W8bl{_l?NNurJtB zw7&w!jvs&8a9Q>s>6J{VcA_b1fBE-)@^8|y3;*Vj@-O=1Dmkp-G2sR`C|mi9$aRKr zQ$e7#jzJy5BEggyDP|`)XQ5`KYQv0XSO zsmfcTeMM)5J{#_1dGfhmNo+YJ0fKTN4<~Vshx}G#B81#qBh_nR~=*+F!|D1lTa`oVc#vskN+Es zynzKUd@ElD*SF!|(`4a_ad7l@ZaKYhCA*6Wb1?jnEpVFC<_f;Nw4Z&&#Un6ikq{n0 zo}W@2o^KHssBEgJL4I6+IwexR^rT5>T3O&Rm}Zx@3U)C}65D7gE>zd{x(fA?{IqGa zpqMOMc4*<~b?m67ivRJDNO{2u>n6dJlXvDshsVRxT>`Jb+x&q(rKd#SzI|!pSsgO~ z79t8byk9nxKn}nA$}RMfvuYL$>OvlpPhnN^2%~EgmKN8Y8_dJA5wSLMG0xS851Sw=N;oi&PKT@Evc3P$?pr#F2EVQ}>rqw~lKNmi4STxic={jhFfm~< z+HZaY<6f16gnc9iDANKD&<&wFfS`|bNz2IzZt>TqAJ947#Qk$}9YpCFd}zTRmJ$cx zuQPkT73^@;S#e_$0)?im)4=n{vnD5qX-$F8F>z=#^OCO)7zrR*0MVr9ZL`y+MBPG# z1qGuy6$f)vJ%WyhdP|V3B9J6U_YoJbi#pa()Yx!IXyxR{$hdM$T&yS9Df2kdu3fSC z^)9eBw&0M>Q`HL~_3TLiy?WnOTaMXhY3ZcJeI_G1G0imSQl&xa_4>gXXs$Gc!1QKM z&C|?#^w25ve6}9_Aag=0YhhK z_4u7M&I>XD#gJFDEQl6X3@PYFJi3p*Ik= z&=xp!2wVw}!#C<-*Mc^YBApjyr`SdUAmAc`9R7yNm|{%hbq|8tPmG}X)1_k^Y^V-Q z>y&`E>g2!(o!KEtu#v;nS$8GqMVWc#e+Zq5nTQtS5i{rfD`E11|ZE9651LzIjh(ev*-fSm#7 zu8bH>0f00|grn2QNScwVFj&UJd2dW@_0RkW#!<`pKlLB0O;891>ci&~SqrnPY<7ydL z_0O`=TCS#6-g)fLQH%d!N(I&M&HMir-}RXJgS%dJSg=n$IZjPR`^x3ZTtY21C6TLF z|CyRagV+D{&x?#7jBv=gFA@zIC-?%8N`JguRsVSjw6yF+*y@7WKmV1eb?TtMR!N9f z{fp|6_MiQ~_QQhWEaED!?&UFAZIl(8o*!lX$js7Ga)6VQm*SpNL3>`u`dviOC#!XB zxthx`NFNY8XiXf~3>a|QwlMT&}vZXS}1+y9X(rk%c7{2@)6HE=%cM-?AekGqWscJ9j(4J3I7SwvJ(;OCkXymTAsve2jmpc)nwzD1cJHOWTvc(m)ODRo zr6CG(=9#q*QnHq%n3qWZvh!2MjdwCTEZ52T-AT66(l4nCde(FAH6xv!ZaXZ_*wv+L zy1cAy{w)11XPRx}Cxu+`CE&lk82F?(Egy*WzVF#m(6Z6z>$5>>e67(;#|n zu7m5vr_Y9F84NH8E1$7+%=D6dUQ_fBe0K=rLd>pbBC;?+&xKF&CVB2%nPtOt$pi+n(w+t3N6P! zC)69}&%V0c$IdZtjK$a>|LOy)+SHcqtW`5A32XIERbJ?A)tYo<-95?clgsAxUKQ6@ zRkE_j#4{0Je4j$O`3<5EqkPvGqgB#h2V3`Z++qChw%!nyZFGIvgIc<$$rguY3OH%?0|J zSN>4CbziyCr`0>VS<@@|Uj4`^nP&6j6E)3U!k;|TN*=83STI&Muf9_HQ=`@9l3wP+ z6AqcpurLl7xMEps=0SrF3JE?6E~S~t3}tSZJU-sL{!7aZn66VzN(LG&Z)!WKe`%lG z%Bc*S^&%`<-oI%froh$VP?U~(0_we{^u zb>(ww=YRjb(>KfgemW9QXk|SqT zolEqZAQFkG$e3sD$oV{*ihAeMr<~D+qpMp?ns9`tG6?x2o;(w75FfL-`XX`D`<6-9 z&&@Xs^0iY##p8stky^a*$(duUI4^9dAnE886ev7MemFT2llTgSj&z?T_Fa27uK#rX zT!-Cxk>=i*xLAL^l>4}c?ShZd1B;d9Zd!-g1i$JNGdC${)R=YE`i2^p^}_>fUYpb( z`hK7xEPU8WuVJA&kMf$`w>|8oYx+<>_}$L5-C_gh#>OvHdlZ*cWb$6#RQi_~FSe=MGRLvPL(lZc_8EU(8(!XUc34@K zfs~i0{cFd9#rg3i!{e<|FI9QOjMsMGFJ&%UQ5CVsCiQTSQ_~mC9&EQaeunkgpm)(S zEt}(StVnxYw`u#A!ocU(S9mdsm{=Y)pVYOUPF-RhIG!(KgJ zBqgccJ2176-|1@;+g{JIO|Cgw_$DUet;eINXWb<}B=0M(_?j+l5)gj3 zJ4_qSE_pjawa0b~`AX~O=4(HmOOr0j00G??HnnuzSPcoc_l-}ZCq1t|aJq-Yi*HjM z%OT{Nb=~q05;*4%+#FcIUKh4)!?kTQ>=}g&V&p-JUoh>0;LPYj?!l z-IE=>b8P-ppWEcLLEF)Lx1{5B4J*Y?wy};je_F~{KFLm2yj5u^S!w23@9noNw>CY^ zY*p6dyytcqukCEp-FDeedX_e2c+=VD-Qq@3&5Gl_BTH>t^6hIhDnEJWO_VIsTHUnv zJv1y~e|%V&_2EVEpuiO?UbT2t4p7}Zu5;(6HkbZpw^wP5mYg!>*Y44M`)&`=Do@;F zFA&p*=SKkq;uW>uO@H>TtuCFtpVaxd)INS|v&W0_4r27ws`CQ}?b`71$?PE;$QeG0 zdbX=>Wt#dqy$L(_ao~_L#_BQlm4IUnmo8e{tWA9ODmmbf^%4(~kNi&809iU=x4e{s zWd56k)t&F{?UHCeZWe{gUJi2gx@n2FUSUJ_26Yh4%U%|cx$ag;bIHHYq#X zSGhLT#Lrds{ah@Y7~`H~?cY)oc86XbH9>y%WXDHd>U#DbUj5U0 z)Mz}b5WBf?jOEkkIWFDTd>AE(7}7uY)&2A|TaQbr zma4&*Y#4MY#F{GKxg9=BdZv6+y}N8u-SR0@U+)h(5MVSraMKo(yvU1cS2dH~M2Dr_ zJ;>^SO;Vm8OqCOyT0h404vle_yS}3_->S@4He-62ZQF;2aSrP^WWAHrl@9$zdTH&I zni#Pv_H(gkkzY#kwOaAUC(CyJ`nk|(D<|WF^7o!IP9C=PyKFFfP`s6D@$QZySB=fd z``Rk!K6bnIA^q8cLwQjJsn2{zFAtlZu|`UIl2mHSQl;2}yP5MhiCJ$m%z2+*@+2>Q zs@w6h!8ztli*>8!*SQXfwA$X+M(J1ONs_73d(NKSZoTB~`wxfv$(g^qV!F}6v}8xk zZjy zk{7)?Hli>=thHj)p|Aw4sAFk8okq089}f4uVdYyJqFnMiQ9?2`UG31yIq?_1_nYK7 zFQ89TlS9|uUq*htw<`IaYlpp1XGf0?(`gwbz_Dd4y7*TAEcM>39$tU^@$pIZkZJ2z zF=Ujqp0B2cSL?GO#>Fkl6%{!vZY>^h-FAt)k8I(W{O~7s`;QG`w`|(vD;4iD-+p{L z)N?zB;%U*CLFt+ zozHKaK6-SVc~G?U3&le{ZVvsRm1}%F!F=3siCz)D_G-NqFDgAiN>#RLUh(C;m;u%! zmqygpjCi0}k)Ued(d32o^Z2IA6@7#1<2Q-7d0OUCN!jBGmTBtNBX{^smpgar zCS0)E{I%g|W1OPLk)|l4-(B>2<;&&mj~JoYWm^R^LwSOOzJV?Y!J^3^$WMxvQQQL#ZF%DWQ=Nou_*&nrAXI@)tr@FdcZek0R2F2{wab0|OcV(|b zN25b_eJ;4VPA+~#AMewxjZuZqTEEwvaCIGC<~w)p!8RX)b}sSL$B%}F z!YrL8EvUCfw$7EyS8{^ZEE#k2^5vJg_9-|)UCx~GEG)^g0{*=2tHC`b9^jiQYgQGD zxFAploVhsMzH)~1>z7zT&|m3@nQz&A$}?!lrSsn2=3DeHO=j-tnt81}_n3S97`Kc; z>xK;+sF#?qLQ5A%_oloCU+~~r+UJSEvs40q$_8d zTv!nUsfPguih2I&{k_7I&N@l?$Yg)+Hv60Y4m~HG>S^Y0w4x33@2uRgc-(^7lTFrJ zUp*rpR(fXVYCT0+XPZXN!`o+k`Q?d>WnpDx;n=zk&jZYJr*WMv_Pm++Wa)ERx$J|> zpBv(mxMJPvRx-c1vGVpoH(pyAZwU!fF3nyo zt`*|^prp)O|B0&6@9Agl+~?f<p zUX^}(5K~bY9bKQ48LND_G5gMZ$#Xs*Pg^e-sh=^Wi^&AH1K;XrUf*uk^h&BB+kW`s zDOqMldo_7qX?I`v$KO18u~xF{)V4Y6wI!sBSLPMB^eXh$_Piyz>+HnB;QwQquQR3yM?r(wJCY+t^pml<^gKA=Qoz1aQ@@pEFQ01}wMiQ(;Ug?% z^f5nvcgf=VUZBI#PLHJEgRVXeU;!niXHDXh5G(Ty)%56@_rBG)PV`h|4MNmpQ(+B3 z?6nr>mZ}X4WV$Tz^3vP*t_6q@NO!rosD(-`rN%cuyR5snA_q*1{J0Bg6IZi5x^qyrGG%6+d@v=Yrt9%%{ zNPC#}*}7H1rhx%%UaB$HR%!P?9~g3C`?{2ZPDiY|J_{?_QUIy;rSYUsa7qxz9ntc5a*TdhQq+ha}oGlxeRrYj( zxQW(IbkzsCT?@^(NqTG9>sQJr zPo}nBrB?7{1aM^FRQ+3a1$76jXnJ>1`FHx(5NcQxUzw{`EdK121=dfWs-BNo@*5(= zIg2V6IUPOH<4t(P?c2_46Q46}*mQq_M$qZ==Myj)crbtIV^8#|(urrSS@me~;#1zv zGCW(Z{UP&Nc`c>&I<@qrSN8|4D3tDTE3;>2TV|h=WuNFj#d{w*T^3vQAZzG{n->T8 zRm_OonVC6r#%+st06Af!_d`=Jhw4EcZtAvKXQ(Yd+nh?J=tq)2I*Q3#EqZC(G59%iXR}PRj^B zq`AbX@P2|})bn-rVRI|`jO#nKxNv2Y<b1zE$s|I1O!b#kpLw$D>1}MwaH>d?9zuI42=7 z>9I}Qn?<0Yo{i-S5eqf!22Ybzno_fJYs(0a)R+D3Wk35mH@Gx~)s6=u(l%I9njIva z{XFE=C)rz(Hm1pjlZIdM*NHv9tR}3FoTEr-4I?n_HfDcJ8dc$iD$(3xHx z<^(twjB`6~W^P$JcyPAO+p4#R=Y$ryl~3${U8#fk03 zP2-UFk6b3j@BDQA?ScbAt(o<9a`c^(hT9dZR=E%D0~1s~rZ!!}X1;T4aJJ=8x!Y42 z@Ar&tZvD0w;#yjo#OJ&S`{p`t1^e??OZrFaJ6CTk%6D>n_+X*e;3-~dtUrfzZtY%| zwB*kxj~{pIHMOCm)A#B#oPx@iH`H#h7|+}^WQgtC*KeYiq#OFmw>Tut_g-HA(O2<` zx*ujoVk1XZvJhap(}4qzF5hzb-e-5o(T&v%x){hA#68H(%p5&!T1L{QJr3s7hrtJr z9`#XbNn`w@r@J<_`0J?`r@UuE)(Fsw%hgkK1Y3pQdd1I0N$bWHz1)?#;Rhto>r^?T zJWjGudyJu#ae(YVIpfi_o<>1*HUzW)hs{4G$7x44Jw<9+PKRu@J6E`if z^ixEaomR$+I;fB)f%I1gqF%|MDUliGnQNPdI+=R=@t~X>lFdVqe&D_~yu0wbfhZ-j5oqEI+ee_5KN)^Iu<( z6ganVhMo&7F-TL8m;G3OrTZ)Uq}12(GRw~8EteEjo%0rr&fadgYtrWPAAdQ>-y4s? zS8X4FU?Ut<76+lO{lz90ftvQ?CI0`_A3fVTjGZ^FlYXApJK>!yTeNavn9BM;{vT7m B_UQls From 1f523deaea5f01765deed1521a146f5f2d3c9c7d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 17 Dec 2020 12:23:06 -0500 Subject: [PATCH 243/270] [fix] Playbook setup bug fixes * Increase timeout for port check * Exit with non-zero code in user create script if timeout exceeded or error occurs --- salt/playbook/automation_user_create.sls | 6 +++--- salt/playbook/files/automation_user_create.sh | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/salt/playbook/automation_user_create.sls b/salt/playbook/automation_user_create.sls index 51eae1796..e333a4a99 100644 --- a/salt/playbook/automation_user_create.sls +++ b/salt/playbook/automation_user_create.sls @@ -8,12 +8,12 @@ include: wait_for_playbook: cmd.run: - name: until nc -z {{ MAINIP }} 3200; do sleep 1; done - - timeout: 30 - - onchanges: - - cmd: create_user + - timeout: 300 create_user: cmd.script: - source: salt://playbook/files/automation_user_create.sh - cwd: /root - template: jinja + - onchanges: + - cmd: wait_for_playbook diff --git a/salt/playbook/files/automation_user_create.sh b/salt/playbook/files/automation_user_create.sh index 03736e521..86f279378 100644 --- a/salt/playbook/files/automation_user_create.sh +++ b/salt/playbook/files/automation_user_create.sh @@ -2,6 +2,8 @@ # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) -%} # {%- set automation_pass = salt['pillar.get']('secrets:playbook_automation', None) %} +set -e + local_salt_dir=/opt/so/saltstack/local try_count=6 @@ -44,7 +46,11 @@ while [[ $try_count -le 6 ]]; do echo " api_key: ${automation_api_key}" } >> $local_salt_dir/pillar/global.sls fi + exit 0 fi ((try_count++)) sleep "${interval}s" done + +# Timeout exceeded, exit with non-zero exit code +exit 1 From d99596ad06664039737b51492b857ba8be4275e6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 17 Dec 2020 15:21:29 -0500 Subject: [PATCH 244/270] Fix Docker Settings on new installs --- salt/common/files/daemon.json | 4 ++-- salt/common/tools/sbin/soup | 2 +- setup/so-functions | 6 ++++++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/salt/common/files/daemon.json b/salt/common/files/daemon.json index bc047bc80..17d8e1c88 100644 --- a/salt/common/files/daemon.json +++ b/salt/common/files/daemon.json @@ -1,5 +1,5 @@ -{%- set DOCKERRANGE = salt['pillar.get']('docker:range') %} -{%- set DOCKERBIND = salt['pillar.get']('docker:bip') %} +{%- set DOCKERRANGE = salt['pillar.get']('docker:range'), '172.17.0.0/24' %} +{%- set DOCKERBIND = salt['pillar.get']('docker:bip'), '172.17.0.1/24' %} { "registry-mirrors": [ "https://:5000" ], "bip": "{{ DOCKERBIND }}", diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 38e6a581d..4f8a00a82 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -291,7 +291,7 @@ rc3_to_2.3.0() { INSTALLEDVERSION=2.3.0 } -2.3.0_to_2.3.20(){ +2.3.0_to_2.3.20(){DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 # Remove PCAP from global sed '/pcap:/d' /opt/so/saltstack/local/pillar/global.sls sed '/sensor_checkin_interval_ms:/d' /opt/so/saltstack/local/pillar/global.sls diff --git a/setup/so-functions b/setup/so-functions index da452516d..b1668ef66 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,6 +1199,9 @@ manager_global() { if [ -z "$DOCKERNET" ]; then DOCKERNET=172.17.0.0 + DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + else + DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 fi # Create a global file for global values @@ -1346,6 +1349,9 @@ manager_global() { " playbook:"\ " rulesets:"\ " - windows"\ + "docker:"\ + " range: '$DOCKERNET/24'"\ + " bip: '$DOCKERBIP" "redis_settings:"\ " redis_maxmemory: 812" >> "$global_pillar" From 336ec18e091feee5f292f91add53e963c9cb435b Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 17 Dec 2020 15:32:34 -0500 Subject: [PATCH 245/270] Change wording about true clustering --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index af7f6da2f..373680165 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -836,7 +836,7 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to set up a traditional ES cluster?" 8 75 + "Do you want to set up a traditional ES cluster for using replicas and/or Hot/Warm indices? Recommended only for those who have experience with ES clustering! " 8 75 local exitstatus=$? From 96ebb98fc6906e3fda48598d9e6ef771698b5238 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 17 Dec 2020 15:34:29 -0500 Subject: [PATCH 246/270] Change wording about true clustering again --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 373680165..5403bd847 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -836,7 +836,7 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to set up a traditional ES cluster for using replicas and/or Hot/Warm indices? Recommended only for those who have experience with ES clustering! " 8 75 + "Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 8 75 local exitstatus=$? From 370a2cdb81072295b946449a9f438b34184c37b1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 17 Dec 2020 15:49:09 -0500 Subject: [PATCH 247/270] Update change.json for 2.3.20 --- salt/soc/files/soc/changes.json | 88 +++++++++++++++++++-------------- 1 file changed, 50 insertions(+), 38 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 90f71f940..2736e73b8 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,42 +1,54 @@ { - "title": "Security Onion 2.3.10 is here!", + "title": "Security Onion 2.3.20 is here!", "changes": [ - { "summary": "UEFI installs with multiple disks should work as intended now." }, - { "summary": "Telegraf scripts will now make sure they are not already running before execution." }, - { "summary": "You are now prompted during setup if you want to change the docker IP range. If you change this it needs to be the same on all nodes in the grid." }, - { "summary": "Soup will now download the new containers before stopping anything. If anything fails it will now exit and leave the grid at the current version." }, - { "summary": "All containers are now hosted on quay.io to prevent pull limitations. We are now using GPG keys to determine if the image is from Security Onion." }, - { "summary": "Osquery installers have been updated to osquery 4.5.1." }, - { "summary": "Fix for bug where Playbook was not removing the Elastalert rules for inactive Plays." }, - { "summary": "Exifdata reported by Strelka is now constrained to a single multi-valued field to prevent mapping explosion (scan.exiftool)." }, - { "summary": "Resolved issue with Navigator layer(s) not loading correctly." }, - { "summary": "Wazuh authd is now started by default on port 1515/tcp." }, - { "summary": "Wazuh API default credentials are now removed after setup. Scripts have been added for API user management." }, - { "summary": "Upgraded Salt to 3002.2 due to CVEs." }, - { "summary": "If salt-minion is unable to apply states after the defined threshold, we assume salt-minion is in a bad state and the salt-minion service will be restarted." }, - { "summary": "Fixed bug that prevented mysql from installing for Fleet if Playbook wasn't also installed." }, - { "summary": "so-status will now show STARTING or WAIT_START, instead of ERROR, if so-status is run before a salt highstate has started or finished for the first time after system startup" }, - { "summary": "Stenographer can now be disabled on a sensor node by setting the pillar steno:enabled:false in it's minion.sls file or globally if set in the global.sls file" }, - { "summary": "Added so-ssh-harden script that runs the commands listed in https://docs.securityonion.net/en/2.3/ssh.html" }, - { "summary": "NGINX now redirects the browser to the hostname/IP address/FQDN based on global:url_base" }, - { "summary": "MySQL state now waits for MySQL server to respond to a query before completeing" }, - { "summary": "Added Analyst option to network installs" }, - { "summary": "Acknowledging (and Escalating) alerts did not consistently remove the alert from the visible list; this has been corrected." }, - { "summary": "Escalating alerts that have a rule.case_template field defined will automatically assign that case template to the case generated in TheHive." }, - { "summary": "Alerts and Hunt interface quick action bar has been converted into a vertical menu to improve quick action option clarity. Related changes also eliminated the issues that occurred when the quick action bar was appearing to the left of the visible browser area." }, - { "summary": "Updated Go to newer version to fix a timezone, daylight savings time (DST) issue that resulted in Alerts and Hunt interfaces not consistently showing results." }, - { "summary": "Improved Hunt and Alert table sorting." }, - { "summary": "Alerts interface now allows absolute time searches." }, - { "summary": "Alerts interface 'Hunt' quick action is now working as intended." }, - { "summary": "Alerts interface 'Ack' icon tooltip has been changed from 'Dismiss' to 'Acknowledge' for consistency." }, - { "summary": "Hunt interface bar charts will now show the quick action menu when clicked instead of assuming the click was intended to add an include filter." }, - { "summary": "Hunt interface quick action will now cast a wider net on field searches." }, - { "summary": "Now explicitly preventing the use of a dollar sign ($) character in web user passwords during setup." }, - { "summary": "Cortex container will now restart properly if the SO host was not gracefully shutdown." }, - { "summary": "Added syslog plugin to the logstash container; this is not in-use by default but available for those users that choose to use it." }, - { "summary": "Winlogbeat download package is now available from the SOC Downloads interface." }, - { "summary": "Upgraded Kratos authentication system." }, - { "summary": "Added new Reset Defaults button to the SOC Profile Settings interface which allows users to reset all local browser SOC customizations back to their defaults. This includes things like default sort column, sort order, items per page, etc." }, - { "summary": "Known Issues

  • Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run sudo systemctl restart salt-minion. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minion watch process will restart it automatically after 1 hour.
  • During soup, you may see the following during the first highstate run, it can be ignored: Rendering SLS '' failed: Jinja variable 'list object' has no attribute 'values'. The second highstate will complete without that error.
" } + { "summary": "soup has been refactored. You will need to run it a few times to get all the changes properly. We are working on making this even easier for future releases."}, + { "summary": "soup now has awareness of Elastic Features and now downloads the appropriate Docker containers."}, + { "summary": "The Sensors interface has been renamed to Grid. This interface now includes all Security Onion nodes."}, + { "summary": "Grid interface now includes the status of the node. The status currently shows either Online (blue) or Offline (orange). If a node does not check-in on time then it will be marked as Offline."}, + { "summary": "Grid interface now includes the IP and Role of each node in the grid."}, + { "summary": "Grid interface includes a new Filter search input to filter the visible list of grid nodes to a desired subset. As an example, typing in “sensor” will hide all nodes except those that behave as a sensor."}, + { "summary": "The Grid description field can now be customized via the local minion pillar file for each node."}, + { "summary": "SOC will now draw attention to an unhealthy situation within the grid or with the connection between the user’s browser and the manager node. For example, when the Grid has at least one Offline node the SOC interface will show an exclamation mark in front of the browser tab’s title and an exclamation mark next to the Grid menu option in SOC. Additionally, the favicon will show an orange marker in the top-right corner (dynamic favicons not supported in Safari). Additionally, if the user’s web browser is unable to communicate with the manager the unhealth indicators appear along with a message at the top of SOC that states there is a connection problem."}, + { "summary": "Docker has been upgraded to the latest version."}, + { "summary": "Docker should be more reliable now as Salt is now managing daemon.json."}, + { "summary": "You can now install Elastic in a traditional cluster. When setting up the manager select Advanced and follow the prompts. Replicas are controlled in global.sls."}, + { "summary": "You can now use Hot and Warm routing with Elastic in a traditional cluster. You can change the box.type in the minion’s sls file. You will need to create a curator job to re-tag the indexes based on your criteria."}, + { "summary": "Telegraf has been updated to version 1.16.3."}, + { "summary": "Grafana has been updated to 7.3.4 to resolve some XSS vulnerabilities."}, + { "summary": "Grafana graphs have been changed to graphs vs guages so alerting can be set up."}, + { "summary": "Grafana is now completely pillarized, allowing users to customize alerts and making it customizable for email, Slack, etc. See the docs here."}, + { "summary": "Yara rules now should properly install on non-airgap installs. Previously, users had to wait for an automated job to place them in the correct location."}, + { "summary": "Strelka backend will not stop itself any more. Previously, its behavior was to shut itself down after fifteen minutes and wait for Salt to restart it to look for work before shutting down again."}, + { "summary": "Strelka daily rule updates are now logged to /nsm/strelka/log/yara-update.log"}, + { "summary": "Several changes to the setup script to improve install reliability."}, + { "summary": "Airgap now supports the import node type."}, + { "summary": "Custom Zeek file extraction values in the pillar now work properly."}, + { "summary": "TheHive has been updated to support Elastic 7."}, + { "summary": "Cortex image now includes whois package to correct an issue with the CERTatPassiveDNS analyzer."}, + { "summary": "Hunt and Alert quick action menu has been refactored into submenus."}, + { "summary": "New clipboard quick actions now allow for copying fields or entire events to the clipboard."}, + { "summary": "PCAP Add Job form now retains previous job details for quickly adding additional jobs. A new Clear button now exists at the bottom of this form to clear out these fields and forget the previous job details."}, + { "summary": "PCAP Add Job form now allows users to perform arbitrary PCAP lookups of imported PCAP data (data imported via the so-import-pcap script)."}, + { "summary": "Downloads page now allows direct download of Wazuh agents for Linux, Mac, and Windows from the manager, and shows the version of Wazuh and Elastic installed with Security Onion."}, + { "summary": "PCAP job interface now shows additional job filter criteria when expanding the job filter details."}, + { "summary": "Upgraded authentication backend to Kratos 0.5.5."}, + { "summary": "SOC tables with the “Rows per Page” dropdown no longer show truncated page counts."}, + { "summary": "Several Hunt errors are now more descriptive, particularly those around malformed queries."}, + { "summary": "SOC Error banner has been improved to avoid showing raw HTML syntax, making connection and server-side errors more readable."}, + { "summary": "Hunt and Alerts interfaces will now allow pivoting to PCAP from a group of results if the grouped results contain a network.community_id field."}, + { "summary": "New “Correlate” quick action will pivot to a new Hunt search for all events that can be correlated by at least one of various event IDs."}, + { "summary": "Fixed bug that caused some Hunt queries to not group correctly without a .keyword suffix. This has been corrected so that the .keyword suffix is no longer necessary on those groupby terms."}, + { "summary": "Fixed issue where PCAP interface loses formatting and color coding when opening multiple PCAP tabs."}, + { "summary": "Alerts interface now has a Refresh button that allows users to refresh the current alerts view without refreshing the entire SOC application."}, + { "summary": "Hunt and Alerts interfaces now have an auto-refresh dropdown that will automatically refresh the current view at the selected frequency."}, + { "summary": "The so-elastalert-test script has been refactored to work with Security Onion 2.3."}, + { "summary": "The included Logstash image now includes Kafka plugins."}, + { "summary": "Wazuh agent registration process has been improved to support slower hardware and networks."}, + { "summary": "An Elasticsearch ingest pipeline has been added for suricata.ftp_data."}, + { "summary": "Elasticsearch’s indices.query.bool.max_clause_count value has been increased to accommodate a slightly larger number of fields (1024 -> 1500) when querying using a wildcard."}, + { "summary": "On nodes being added to an existing grid, setup will compare the version currently being installed to the manager (>=2.3.20), pull the correct Security Onion version from the manager if there is a mismatch, and run that version."}, + { "summary": "Setup will gather any errors found during a failed install into /root/errors.log for easy copy/paste and debugging."}, + { "summary": "Selecting Suricata as the metadata engine no longer results in the install failing."}, + { "summary": "so-rule-update now accepts arguments to idstools. For example, so-rule-update -f will force idstools to pull rules, ignoring the default 15-minute pull limit."} ] } From b6f2cdce8c8b867c09a6a3232eb53bb34a14c4dc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 17 Dec 2020 15:57:13 -0500 Subject: [PATCH 248/270] Fix whiptail menu --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 5403bd847..d60352bdd 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -836,7 +836,7 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 8 75 + "Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75 local exitstatus=$? From 6fcc11eac2ca8292f3bcbada9e1bdfde4518b0b9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 17 Dec 2020 16:31:25 -0500 Subject: [PATCH 249/270] Fix setup --- setup/so-functions | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b1668ef66..78bde3a95 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1198,8 +1198,8 @@ manager_global() { fi if [ -z "$DOCKERNET" ]; then - DOCKERNET=172.17.0.0 - DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + DOCKERNET=172.17.0.0 + DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 else DOCKERBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 fi @@ -1279,9 +1279,9 @@ manager_global() { " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ - " cluster_routing_allocation_disk_watermark_low: '95%'"\ - " cluster_routing_allocation_disk_watermark_high: '98%'"\ - " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ + " cluster_routing_allocation_disk_watermark_low: '95%'"\ + " cluster_routing_allocation_disk_watermark_high: '98%'"\ + " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ @@ -1351,7 +1351,7 @@ manager_global() { " - windows"\ "docker:"\ " range: '$DOCKERNET/24'"\ - " bip: '$DOCKERBIP" + " bip: '$DOCKERBIP'"\ "redis_settings:"\ " redis_maxmemory: 812" >> "$global_pillar" From 6ccbe47f1057d2ce0316fa87e79322b11f877229 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 17 Dec 2020 16:34:49 -0500 Subject: [PATCH 250/270] Fix Jinja --- salt/common/files/daemon.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/files/daemon.json b/salt/common/files/daemon.json index 17d8e1c88..c2df49f34 100644 --- a/salt/common/files/daemon.json +++ b/salt/common/files/daemon.json @@ -1,5 +1,5 @@ -{%- set DOCKERRANGE = salt['pillar.get']('docker:range'), '172.17.0.0/24' %} -{%- set DOCKERBIND = salt['pillar.get']('docker:bip'), '172.17.0.1/24' %} +{%- set DOCKERRANGE = salt['pillar.get']('docker:range', '172.17.0.0/24') %} +{%- set DOCKERBIND = salt['pillar.get']('docker:bip', '172.17.0.1/24') %} { "registry-mirrors": [ "https://:5000" ], "bip": "{{ DOCKERBIND }}", @@ -9,4 +9,4 @@ "size" : 24 } ] -} \ No newline at end of file +} From 412e8eeccbc216c2d3488f34a5e6e1efbe3be843 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 17 Dec 2020 18:05:25 -0500 Subject: [PATCH 251/270] tell dc to use 4 decimal spot for suriloss calc --- salt/telegraf/scripts/suriloss.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index cc2cff94c..7ef8de2ee 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -44,7 +44,7 @@ if [ $CHECKIT == 2 ]; then TOTALPAST=$(($PASTPACKETS + $PASTDROP)) TOTAL=$(($TOTALCURRENT - $TOTALPAST)) - LOSS=$(echo $DROPPED $TOTAL / p | dc) + LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc) echo "suridrop drop=$LOSS" fi else From 6448ddc31afeae46db102c49910283df2d78fa28 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 17 Dec 2020 20:08:21 -0500 Subject: [PATCH 252/270] Allow SNs to resolve the ES master --- salt/elasticsearch/init.sls | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 300921807..c72e4ce26 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -23,6 +23,7 @@ {% set FEATURES = salt['pillar.get']('elastic:features', False) %} {% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{% set MANAGERIP = salt['pillar.get']('global:managerip') %} {% if FEATURES is sameas true %} {% set FEATUREZ = "-features" %} @@ -192,11 +193,16 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - extra_hosts: - - "{{ grains.host }}:{{ NODEIP }}" - {% if salt['pillar.get']('nodestab', {}) %} - {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" - {% endfor %} + - extra_hosts: + {% if ismanager %} + - {{ grains.host }}:{{ NODEIP }} + {% if salt['pillar.get']('nodestab', {}) %} + {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }}:{{ SNDATA.ip }} + {% endfor %} + {% endif %} + {% else %} + - {{ MANAGER }}:{{ MANAGERIP }} {% endif %} - environment: {% if TRUECLUSTER is sameas false or (TRUECLUSTER is sameas true and not salt['pillar.get']('nodestab', {})) %} From 39425c1ba801f654b869fc18e6fe7c3475fe1cd0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 17 Dec 2020 20:15:56 -0500 Subject: [PATCH 253/270] Fix extra extrahosts --- salt/elasticsearch/init.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index c72e4ce26..0f9284161 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -193,7 +193,6 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - extra_hosts: - - extra_hosts: {% if ismanager %} - {{ grains.host }}:{{ NODEIP }} {% if salt['pillar.get']('nodestab', {}) %} From 575098e368ad74ce0090b77687272324ed79a0da Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 17 Dec 2020 20:23:38 -0500 Subject: [PATCH 254/270] Update init.sls --- salt/elasticsearch/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 0f9284161..2d83f9882 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -201,6 +201,7 @@ so-elasticsearch: {% endfor %} {% endif %} {% else %} + - {{ grains.host }}:{{ NODEIP }} - {{ MANAGER }}:{{ MANAGERIP }} {% endif %} - environment: From bf76c1b58c940e3fd7e9841f9ae20a1a76c2cc90 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 18 Dec 2020 10:52:14 -0500 Subject: [PATCH 255/270] Create unprocessed dir and move Zeek extracted files there --- salt/strelka/init.sls | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 8748cbe50..bdca1213b 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -72,13 +72,20 @@ strelkalogdir: - group: 939 - makedirs: True -strelkastagedir: +strelkaprocessed: file.directory: - name: /nsm/strelka/processed - user: 939 - group: 939 - makedirs: True +strelkaunprocessed: + file.directory: + - name: /nsm/strelka/unprocessed + - user: 939 + - group: 939 + - makedirs: True + strelka_coordinator: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} @@ -167,7 +174,7 @@ append_so-strelka-filestream_so-status.conf: strelka_zeek_extracted_sync: cron.present: - user: root - - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1' + - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1' - minute: '*' {% else %} @@ -176,4 +183,4 @@ strelka_state_not_allowed: test.fail_without_changes: - name: strelka_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From 9493aad1a57e54d81ab9ac50bfe308616e7b303f Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 18 Dec 2020 10:53:17 -0500 Subject: [PATCH 256/270] Read from dedicated unprocessed dir --- salt/strelka/files/filestream/filestream.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/strelka/files/filestream/filestream.yaml b/salt/strelka/files/filestream/filestream.yaml index 0661cabfa..aa5d51ad1 100644 --- a/salt/strelka/files/filestream/filestream.yaml +++ b/salt/strelka/files/filestream/filestream.yaml @@ -16,7 +16,7 @@ throughput: delay: 0s files: patterns: - - '/nsm/strelka/*' + - '/nsm/strelka/unprocessed/*' delete: false gatekeeper: true response: From 90dcad7e6f4920187a9675c961feeef931ce4682 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 18 Dec 2020 11:00:24 -0500 Subject: [PATCH 257/270] make sure timestamp on steno log line has changed so we dont snapshot the drop% --- salt/telegraf/scripts/stenoloss.sh | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index d078284a4..9cdf7f99c 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -15,7 +15,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . - APP=stenoloss lf=/tmp/$APP-pidLockFile # create empty lock file if none exists @@ -25,7 +24,22 @@ read lastPID < $lf [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit echo $$ > $lf -# Get the data -DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}') +TSFILE=/var/log/telegraf/laststenodrop.log +if [ -f "$TSFILE" ]; then + LASTTS=$(cat $TSFILE) +else + LASTTS=0 +fi -echo "stenodrop drop=$DROP" +# Get the data +LOGLINE=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop) +CURRENTTS=$(echo $LOGLINE | awk '{print $1}') + +if [[ "$CURRENTTS" != "$LASTTS" ]]; then + DROP=$(echo $LOGLINE | awk '{print $14}' | awk -F "=" '{print $2}') + echo $CURRENTTS > $TSFILE +else + DROP=0 +fi + +echo "stenodrop drop=$DROP" \ No newline at end of file From 1a463bccaf546369c9d2b275a6844e1b031a5fbd Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 18 Dec 2020 11:25:14 -0500 Subject: [PATCH 258/270] Add cron.absent to remove old cron job if present --- salt/strelka/init.sls | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index bdca1213b..64bf089ff 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -170,7 +170,13 @@ append_so-strelka-filestream_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-strelka-filestream - + +strelka_zeek_extracted_sync_old: + cron.absent: + - user: root + - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1' + - minute: '*' + strelka_zeek_extracted_sync: cron.present: - user: root From 96bd1e72a7fe7cc9788d5250b914ec063cb74251 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 18 Dec 2020 11:55:24 -0500 Subject: [PATCH 259/270] Update soup --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 4f8a00a82..4e9f46a74 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -240,7 +240,7 @@ rc1_to_rc2() { while read p; do local NAME=$(echo $p | awk '{print $1}') local EHOSTNAME=$(echo $p | awk -F"_" '{print $1}') - local IP=$(echo $p | awk '{print $2}') + local IP=$(echo $p | awk '{print $2}') echo "Adding the new cross cluster config for $NAME" curl -XPUT http://localhost:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"'$NAME'": {"skip_unavailable": "true", "seeds": ["'$EHOSTNAME':9300"]}}}}}' done Date: Fri, 18 Dec 2020 13:06:14 -0500 Subject: [PATCH 260/270] add sensoroni port to minions for manager nodes --- salt/firewall/assigned_hostgroups.map.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index 30a6117aa..d3fb79117 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -33,9 +33,9 @@ role: - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} + - {{ portgroups.sensoroni }} sensor: portgroups: - - {{ portgroups.sensoroni }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: @@ -127,12 +127,12 @@ role: - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} + - {{ portgroups.sensoroni }} {% if ISAIRGAP is sameas true %} - {{ portgroups.yum }} {% endif %} sensor: portgroups: - - {{ portgroups.sensoroni }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: @@ -220,10 +220,10 @@ role: - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} + - {{ portgroups.sensoroni }} - {{ portgroups.yum }} sensor: portgroups: - - {{ portgroups.sensoroni }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: @@ -309,10 +309,10 @@ role: - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} + - {{ portgroups.sensoroni }} - {{ portgroups.yum }} sensor: portgroups: - - {{ portgroups.sensoroni }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: @@ -394,9 +394,9 @@ role: - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} + - {{ portgroups.sensoroni }} sensor: portgroups: - - {{ portgroups.sensoroni }} - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: @@ -560,11 +560,11 @@ role: minion: portgroups: - {{ portgroups.docker_registry }} + - {{ portgroups.sensoroni }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} - - {{ portgroups.sensoroni }} search_node: portgroups: - {{ portgroups.redis }} From dea88e4c6877b3b3b80c06172acd9a2b537f50ef Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 18 Dec 2020 13:27:08 -0500 Subject: [PATCH 261/270] Update soup --- salt/common/tools/sbin/soup | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 4e9f46a74..5ee403418 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -291,7 +291,8 @@ rc3_to_2.3.0() { INSTALLEDVERSION=2.3.0 } -2.3.0_to_2.3.20(){DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 +2.3.0_to_2.3.20(){ + DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 # Remove PCAP from global sed '/pcap:/d' /opt/so/saltstack/local/pillar/global.sls sed '/sensor_checkin_interval_ms:/d' /opt/so/saltstack/local/pillar/global.sls @@ -325,7 +326,7 @@ rc3_to_2.3.0() { fi - INSTALLEDVERSION=2.3.0 + INSTALLEDVERSION=2.3.20 } From e756bbc4309a41c31b776abc0507e82937204002 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 18 Dec 2020 13:40:55 -0500 Subject: [PATCH 262/270] limit sensor uptime in grafana dash to 2 decimal --- salt/grafana/dashboards/sensor_nodes/sensor.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 9136a7838..ea0a6a63b 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -34,7 +34,8 @@ } ] }, - "unit": "s" + "unit": "s", + "decimals": 2 }, "overrides": [] }, From 4bbedfa02782e83461726dc654e323a291641c13 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 18 Dec 2020 14:14:45 -0500 Subject: [PATCH 263/270] put portgroup name in statename --- salt/firewall/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 07871fa74..6f68cb677 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -104,7 +104,7 @@ enable_docker_user_established: {% for proto, ports in portgroup.items() %} {% for port in ports %} -{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}: +{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{portgroup}}_{{port}}_{{proto}}: iptables.{{action}}: - table: filter - chain: {{ chain }} From ad45779978251acb8abaf7579b90f1b2eab09a4e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 18 Dec 2020 15:01:55 -0500 Subject: [PATCH 264/270] fix duplicate state name for fw --- salt/firewall/init.sls | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 6f68cb677..27f04bee0 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -95,6 +95,7 @@ enable_docker_user_established: - match: conntrack - ctstate: 'RELATED,ESTABLISHED' +{% set count = namespace(value=0) %} {% for chain, hg in assigned_hostgroups.chain.items() %} {% for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %} {% for action in ['insert', 'delete' ] %} @@ -103,8 +104,9 @@ enable_docker_user_established: {% for portgroup in portgroups.portgroups %} {% for proto, ports in portgroup.items() %} {% for port in ports %} + {% set count.value = count.value + 1 %} -{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{portgroup}}_{{port}}_{{proto}}: +{{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}_{{count.value}}: iptables.{{action}}: - table: filter - chain: {{ chain }} From 7453626b06fb0ea82a6be329ddd72521187acbdb Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 18 Dec 2020 15:39:52 -0500 Subject: [PATCH 265/270] Add identifier --- salt/strelka/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 64bf089ff..0a92dbbb6 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -180,6 +180,7 @@ strelka_zeek_extracted_sync_old: strelka_zeek_extracted_sync: cron.present: - user: root + - identifier: STRELKACRON - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1' - minute: '*' From 2fee2ca1433a322094fb457f0fdcb1743526c9b5 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 18 Dec 2020 15:40:54 -0500 Subject: [PATCH 266/270] Change identifier name to be more descriptive --- salt/strelka/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 0a92dbbb6..339b5d434 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -180,7 +180,7 @@ strelka_zeek_extracted_sync_old: strelka_zeek_extracted_sync: cron.present: - user: root - - identifier: STRELKACRON + - identifier: zeek-extracted-strelka-sync - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1' - minute: '*' From a0f00e09c198cb64bedb7e23f0aaab62734ec653 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 09:55:23 -0500 Subject: [PATCH 267/270] 2.3.20 Readme Update --- VERIFY_ISO.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index ed450a342..35cb33926 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.10 ISO image built on 2020/11/19 +### 2.3.20 ISO image built on 2020/11/19 ### Download and Verify -2.3.10 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso +2.3.20 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso -MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96 -SHA1: 01361123F35CEACE077803BC8074594D57EE653A -SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D +MD5: E348FA65A46FD3FBA0D574D9C1A0582D +SHA1: 4A6E6D4E0B31ECA1B72E642E3DB2C186B59009D6 +SHA256: 25DE77097903640771533FA13094D0720A032B70223875F8C77A92F5C44CA687 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.20.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.20.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso +gpg --verify securityonion-2.3.20.iso.sig securityonion-2.3.20.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013 +gpg: Signature made Sun 20 Dec 2020 11:11:28 AM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 88be7bca3fee05978b69b8ef3713aa3920f77251 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 21 Dec 2020 09:56:18 -0500 Subject: [PATCH 268/270] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 35cb33926..e28513cef 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.3.20 ISO image built on 2020/11/19 +### 2.3.20 ISO image built on 2020/12/20 ### Download and Verify From def8dc0e1efafefdb7eaa43dab29e940549c5183 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Mon, 21 Dec 2020 09:58:25 -0500 Subject: [PATCH 269/270] 2.3.20 ISO sig --- sigs/securityonion-2.3.20.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.20.iso.sig diff --git a/sigs/securityonion-2.3.20.iso.sig b/sigs/securityonion-2.3.20.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..4f24d58391abcb25482896ed1d9c663217ff8796 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5+cd!5o2@re`V7LBIa1-H`5CFMaD1-xAI&s(P?tDD8 zK^FHL*$*!22Q%nJ1d;hnkL>D0e1%7$Q9e?%Skx9iZ#HnYF|^9h`sXt77?UknleS+4 z7_?8GPG`)Vp3*3>2I*)4=iv2)8qvZ>_W8@nqqEr}eQ|rOSQR@P!pf4de?VPLh;v1^5!k>KBGb?aLhYyD;nW|wF!i>vc z_LL4ka5V3d>-`Hm-?q;aQ0}fkc2Ktq{O^5+9ZTdvR>ws6sc}saDbTfAJx3r+I;?JS zA^X8#!3Rl_Yd#n@^}NUb^lS4lC~HcuLonxKG!4n9<-pP3cdNuYHYF0ME9b{Yq*M;v z;NKs5erbK$QUt}(5V8N1Dz&90_ItNQe-0yTwajcOTw>A;sMKIoBlsNNmbT5A&lI%erI(e%g3-iuP zcdWf;`@$Pf7@YK(J|mlObN1~Ps~-_XKY6K7ocrn(9KcxTkoGS~GCJ3$6jZrw$DT0k z7-NTFGVy@R+w4XOJ} Date: Mon, 21 Dec 2020 10:21:28 -0500 Subject: [PATCH 270/270] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7a2d2e4a2..87cbefbf6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.10 +## Security Onion 2.3.20 -Security Onion 2.3.10 is here! +Security Onion 2.3.20 is here! ## Screenshots