From cfd1b82e004d682b0de5ba81be3fd741655a7cbc Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 8 Jul 2020 13:49:33 -0400 Subject: [PATCH 001/487] [refactor] Redirect to correct url_base + combine configs --- ...{nginx.conf.so-mastersearch => nginx.conf} | 87 ++--- salt/nginx/etc/nginx.conf.so-eval | 326 ------------------ salt/nginx/etc/nginx.conf.so-fleet | 100 ------ salt/nginx/etc/nginx.conf.so-heavynode | 89 ----- salt/nginx/etc/nginx.conf.so-helix | 89 ----- salt/nginx/etc/nginx.conf.so-master | 326 ------------------ salt/nginx/etc/nginx.conf.so-node | 89 ----- salt/nginx/etc/nginx.conf.so-sensor | 89 ----- salt/nginx/etc/nginx.conf.so-standalone | 326 ------------------ salt/nginx/init.sls | 2 +- 10 files changed, 32 insertions(+), 1491 deletions(-) rename salt/nginx/etc/{nginx.conf.so-mastersearch => nginx.conf} (85%) delete mode 100644 salt/nginx/etc/nginx.conf.so-eval delete mode 100644 salt/nginx/etc/nginx.conf.so-fleet delete mode 100644 salt/nginx/etc/nginx.conf.so-heavynode delete mode 100644 salt/nginx/etc/nginx.conf.so-helix delete mode 100644 salt/nginx/etc/nginx.conf.so-master delete mode 100644 salt/nginx/etc/nginx.conf.so-node delete mode 100644 salt/nginx/etc/nginx.conf.so-sensor delete mode 100644 salt/nginx/etc/nginx.conf.so-standalone diff --git a/salt/nginx/etc/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf similarity index 85% rename from salt/nginx/etc/nginx.conf.so-mastersearch rename to salt/nginx/etc/nginx.conf index 952f18cd9..4086970e6 100644 --- a/salt/nginx/etc/nginx.conf.so-mastersearch +++ b/salt/nginx/etc/nginx.conf @@ -1,20 +1,19 @@ {%- set masterip = salt['pillar.get']('master:mainip', '') %} -{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} -{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %} -{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %} -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ +{%- set role = grains.id.split('_') | last %} +{%- set url_base = salt['pillar.get']('master:url_base') %} + +{%- set fleet_master = salt['pillar.get']('static:fleet_master') %} +{%- set fleet_node = salt['pillar.get']('static:fleet_node') %} +{%- set fleet_ip = salt['pillar.get']('static:fleet_ip', None) %} worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; -# Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { - worker_connections 1024; + worker_connections 1024; } http { @@ -34,42 +33,12 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. include /etc/nginx/conf.d/*.conf; - #server { - # listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - # root /opt/socore/html; - # index index.html; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # error_page 404 /404.html; - # location = /40x.html { - # } - - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - -{% if FLEET_MASTER %} + {%- if fleet_master %} server { listen 8090 ssl http2 default_server; - server_name _; + server_name {{ url_base }}; root /opt/socore/html; index blank.html; @@ -86,15 +55,26 @@ http { grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; } - } -{% endif %} -# Settings for a TLS enabled server. + } + {%- endif %} + + {&- if role in ['eval', 'mastersearch', 'master', 'standalone'] &} + server { + listen 80 default_server; + server_name _; + return 301 https://{{ url_base }}$request_uri; + } + + server { + listen 443 ssl http2 default_server; + server_name _; + return 301 https://{{ url_base }}$request_uri; + } server { listen 443 ssl http2 default_server; - #listen [::]:443 ssl http2 default_server; - server_name _; + server_name {{ url_base }}; root /opt/socore/html; index index.html; @@ -105,8 +85,6 @@ http { ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { proxy_pass http://{{ masterip }}:9822; @@ -231,11 +209,12 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - {%- if FLEET_NODE %} + {%- if fleet_node %} location /fleet/ { - return 301 https://{{ FLEET_IP }}/fleet; + return 301 https://{{ fleet_ip }}/fleet; } - {%- else %} + {%- else %} + location /fleet/ { proxy_pass https://{{ masterip }}:8080; proxy_read_timeout 90; @@ -246,7 +225,7 @@ http { proxy_set_header Proxy ""; proxy_set_header X-Forwarded-Proto $scheme; } - {%- endif %} + {%- endif %} location /thehive/ { proxy_pass http://{{ masterip }}:9000/thehive/; @@ -313,13 +292,9 @@ http { return 302 /auth/self-service/browser/flows/login; } - #error_page 404 /404.html; - # location = /40x.html { - #} - error_page 500 502 503 504 /50x.html; location = /usr/share/nginx/html/50x.html { } } - + {%- endif %} } diff --git a/salt/nginx/etc/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval deleted file mode 100644 index 7e3a9a401..000000000 --- a/salt/nginx/etc/nginx.conf.so-eval +++ /dev/null @@ -1,326 +0,0 @@ -{%- set masterip = salt['pillar.get']('master:mainip', '') %} -{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} -{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %} -{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %} -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - client_max_body_size 1024M; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - #server { - # listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - # root /opt/socore/html; - # index index.html; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # error_page 404 /404.html; - # location = /40x.html { - # } - - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - -{% if FLEET_MASTER %} - server { - listen 8090 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index blank.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { - grpc_pass grpcs://{{ masterip }}:8080; - grpc_set_header Host $host; - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; - } - - } -{% endif %} - -# Settings for a TLS enabled server. - - server { - listen 443 ssl http2 default_server; - #listen [::]:443 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index index.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ masterip }}:9822; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location / { - auth_request /auth/sessions/whoami; - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ ^/auth/.*?(whoami|login|logout|settings) { - rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cyberchef/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /navigator/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /packages/ { - try_files $uri =206; - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /grafana/ { - auth_request /auth/sessions/whoami; - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:3000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/ { - auth_request /auth/sessions/whoami; - rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:5601/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /nodered/ { - proxy_pass http://{{ masterip }}:1880/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /playbook/ { - proxy_pass http://{{ masterip }}:3200/playbook/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - {%- if FLEET_NODE %} - location /fleet/ { - return 301 https://{{ FLEET_IP }}/fleet; - } - {%- else %} - location /fleet/ { - proxy_pass https://{{ masterip }}:8080; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - {%- endif %} - - location /thehive/ { - proxy_pass http://{{ masterip }}:9000/thehive/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cortex/ { - proxy_pass http://{{ masterip }}:9001/cortex/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /soctopus/ { - proxy_pass http://{{ masterip }}:7000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/app/soc/ { - rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent; - } - - location /kibana/app/fleet/ { - rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent; - } - - location /kibana/app/soctopus/ { - rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; - } - - location /sensoroniagents/ { - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - error_page 401 = @error401; - - location @error401 { - add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; - return 302 /auth/self-service/browser/flows/login; - } - - #error_page 404 /404.html; - # location = /usr/share/nginx/html/40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -} diff --git a/salt/nginx/etc/nginx.conf.so-fleet b/salt/nginx/etc/nginx.conf.so-fleet deleted file mode 100644 index 937f09a5b..000000000 --- a/salt/nginx/etc/nginx.conf.so-fleet +++ /dev/null @@ -1,100 +0,0 @@ -{% set MAININT = salt['pillar.get']('host:mainint') %} -{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} - -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - - server { - listen 8090 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index blank.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { - grpc_pass grpcs://{{ MAINIP }}:8080; - grpc_set_header Host $host; - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; - } - - } - - - server { - listen 443 ssl http2 default_server; - server_name _; - root /opt/socore/html/packages; - index index.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location /fleet/ { - proxy_pass https://{{ MAINIP }}:8080; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -} diff --git a/salt/nginx/etc/nginx.conf.so-heavynode b/salt/nginx/etc/nginx.conf.so-heavynode deleted file mode 100644 index 7ec3fef7d..000000000 --- a/salt/nginx/etc/nginx.conf.so-heavynode +++ /dev/null @@ -1,89 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - root /usr/share/nginx/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - location / { - } - - error_page 404 /404.html; - location = /40x.html { - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - } - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# #error_page 404 /404.html; -# # location = /40x.html { -# #} -# -# error_page 500 502 503 504 /50x.html; -# location = /usr/share/nginx/html/50x.html { -# } -# } - -} diff --git a/salt/nginx/etc/nginx.conf.so-helix b/salt/nginx/etc/nginx.conf.so-helix deleted file mode 100644 index e5a68c09d..000000000 --- a/salt/nginx/etc/nginx.conf.so-helix +++ /dev/null @@ -1,89 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - root /usr/share/nginx/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - location / { - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - -} diff --git a/salt/nginx/etc/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master deleted file mode 100644 index de3a3a6c1..000000000 --- a/salt/nginx/etc/nginx.conf.so-master +++ /dev/null @@ -1,326 +0,0 @@ -{%- set masterip = salt['pillar.get']('master:mainip', '') %} -{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} -{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %} -{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %} -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - client_max_body_size 1024M; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - #server { - # listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - # root /opt/socore/html; - # index index.html; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # error_page 404 /404.html; - # location = /40x.html { - # } - - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - -{% if FLEET_MASTER %} - server { - listen 8090 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index blank.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { - grpc_pass grpcs://{{ masterip }}:8080; - grpc_set_header Host $host; - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; - } - - } -{% endif %} - -# Settings for a TLS enabled server. - - server { - listen 443 ssl http2 default_server; - #listen [::]:443 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index index.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ masterip }}:9822; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location / { - auth_request /auth/sessions/whoami; - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ ^/auth/.*?(whoami|login|logout|settings) { - rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cyberchef/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /navigator/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /packages/ { - try_files $uri =206; - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /grafana/ { - auth_request /auth/sessions/whoami; - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:3000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/ { - auth_request /auth/sessions/whoami; - rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:5601/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /nodered/ { - proxy_pass http://{{ masterip }}:1880/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /playbook/ { - proxy_pass http://{{ masterip }}:3200/playbook/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - {%- if FLEET_NODE %} - location /fleet/ { - return 301 https://{{ FLEET_IP }}/fleet; - } - {%- else %} - location /fleet/ { - proxy_pass https://{{ masterip }}:8080; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - {%- endif %} - - location /thehive/ { - proxy_pass http://{{ masterip }}:9000/thehive/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cortex/ { - proxy_pass http://{{ masterip }}:9001/cortex/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /soctopus/ { - proxy_pass http://{{ masterip }}:7000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/app/soc/ { - rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent; - } - - location /kibana/app/fleet/ { - rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent; - } - - location /kibana/app/soctopus/ { - rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; - } - - location /sensoroniagents/ { - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - error_page 401 = @error401; - - location @error401 { - add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; - return 302 /auth/self-service/browser/flows/login; - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -} diff --git a/salt/nginx/etc/nginx.conf.so-node b/salt/nginx/etc/nginx.conf.so-node deleted file mode 100644 index e5a68c09d..000000000 --- a/salt/nginx/etc/nginx.conf.so-node +++ /dev/null @@ -1,89 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - root /usr/share/nginx/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - location / { - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - -} diff --git a/salt/nginx/etc/nginx.conf.so-sensor b/salt/nginx/etc/nginx.conf.so-sensor deleted file mode 100644 index e5a68c09d..000000000 --- a/salt/nginx/etc/nginx.conf.so-sensor +++ /dev/null @@ -1,89 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - root /usr/share/nginx/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - location / { - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - -} diff --git a/salt/nginx/etc/nginx.conf.so-standalone b/salt/nginx/etc/nginx.conf.so-standalone deleted file mode 100644 index de3a3a6c1..000000000 --- a/salt/nginx/etc/nginx.conf.so-standalone +++ /dev/null @@ -1,326 +0,0 @@ -{%- set masterip = salt['pillar.get']('master:mainip', '') %} -{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} -{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %} -{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %} -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - client_max_body_size 1024M; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - #server { - # listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - # root /opt/socore/html; - # index index.html; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # error_page 404 /404.html; - # location = /40x.html { - # } - - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - -{% if FLEET_MASTER %} - server { - listen 8090 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index blank.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { - grpc_pass grpcs://{{ masterip }}:8080; - grpc_set_header Host $host; - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; - } - - } -{% endif %} - -# Settings for a TLS enabled server. - - server { - listen 443 ssl http2 default_server; - #listen [::]:443 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index index.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ masterip }}:9822; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location / { - auth_request /auth/sessions/whoami; - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ ^/auth/.*?(whoami|login|logout|settings) { - rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ masterip }}:4433; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cyberchef/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /navigator/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /packages/ { - try_files $uri =206; - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /grafana/ { - auth_request /auth/sessions/whoami; - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:3000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/ { - auth_request /auth/sessions/whoami; - rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:5601/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /nodered/ { - proxy_pass http://{{ masterip }}:1880/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /playbook/ { - proxy_pass http://{{ masterip }}:3200/playbook/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - {%- if FLEET_NODE %} - location /fleet/ { - return 301 https://{{ FLEET_IP }}/fleet; - } - {%- else %} - location /fleet/ { - proxy_pass https://{{ masterip }}:8080; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - {%- endif %} - - location /thehive/ { - proxy_pass http://{{ masterip }}:9000/thehive/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cortex/ { - proxy_pass http://{{ masterip }}:9001/cortex/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /soctopus/ { - proxy_pass http://{{ masterip }}:7000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/app/soc/ { - rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent; - } - - location /kibana/app/fleet/ { - rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent; - } - - location /kibana/app/soctopus/ { - rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; - } - - location /sensoroniagents/ { - proxy_pass http://{{ masterip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - error_page 401 = @error401; - - location @error401 { - add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; - return 302 /auth/self-service/browser/flows/login; - } - - #error_page 404 /404.html; - # location = /40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -} diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index 73f14a7ed..83b2803fe 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -24,7 +24,7 @@ nginxconf: - user: 939 - group: 939 - template: jinja - - source: salt://nginx/etc/nginx.conf.{{ grains.role }} + - source: salt://nginx/etc/nginx.conf nginxlogdir: file.directory: From 0c3e35c55eca1ab80cd73911e6b27271e7487498 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 8 Jul 2020 14:30:27 -0400 Subject: [PATCH 002/487] [fix] correct jinja template syntax --- salt/nginx/etc/nginx.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 4086970e6..0944ecbf8 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -59,7 +59,7 @@ http { } {%- endif %} - {&- if role in ['eval', 'mastersearch', 'master', 'standalone'] &} + {%- if role in ['eval', 'mastersearch', 'master', 'standalone'] %} server { listen 80 default_server; server_name _; @@ -214,7 +214,6 @@ http { return 301 https://{{ fleet_ip }}/fleet; } {%- else %} - location /fleet/ { proxy_pass https://{{ masterip }}:8080; proxy_read_timeout 90; From a0ffe26334e9af39a520c81649baca7bd8820c82 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 8 Jul 2020 15:56:36 -0400 Subject: [PATCH 003/487] [fix] Only one default_server is allowed per port --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 0944ecbf8..6b17290de 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -73,7 +73,7 @@ http { } server { - listen 443 ssl http2 default_server; + listen 443 ssl http2; server_name {{ url_base }}; root /opt/socore/html; index index.html; From 533ed395e7aac7e4eaa9581c8b5a0c000d170d1f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 8 Jul 2020 15:59:31 -0400 Subject: [PATCH 004/487] [fix][WIP] Remove ssl and http2 from redirect server block --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 6b17290de..0d58eeeb7 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -67,7 +67,7 @@ http { } server { - listen 443 ssl http2 default_server; + listen 443 default_server; server_name _; return 301 https://{{ url_base }}$request_uri; } From 49e5cb311e28654e987f36f3759bc25a7997a90c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 8 Jul 2020 16:05:48 -0400 Subject: [PATCH 005/487] [fix][WIP] set ssl cert for redirect 443 server block --- salt/nginx/etc/nginx.conf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 0d58eeeb7..f4502d950 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -67,9 +67,16 @@ http { } server { - listen 443 default_server; + listen 443 ssl http2 default_server; server_name _; return 301 https://{{ url_base }}$request_uri; + + ssl_certificate "/etc/pki/nginx/server.crt"; + ssl_certificate_key "/etc/pki/nginx/server.key"; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; } server { From 81006ebbd0c907f53d01c7db8e2cb53f914b9766 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 17:46:15 -0400 Subject: [PATCH 006/487] [fix] Reflect new manager syntax --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index f4502d950..db0207805 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -59,7 +59,7 @@ http { } {%- endif %} - {%- if role in ['eval', 'mastersearch', 'master', 'standalone'] %} + {%- if role in ['eval', 'managersearch', 'manager', 'standalone'] %} server { listen 80 default_server; server_name _; From a5c790c31e0d91749259f4534b3115ddd7dbb50d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 17:50:53 -0400 Subject: [PATCH 007/487] [fix] managerr -> manager --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 1b3a1e386..4c50fb6e3 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -2,7 +2,7 @@ {%- set role = grains.id.split('_') | last %} {%- set url_base = salt['pillar.get']('manager:url_base') %} -{%- set fleet_managerr = salt['pillar.get']('static:fleet_manager') %} +{%- set fleet_manager = salt['pillar.get']('static:fleet_manager') %} {%- set fleet_node = salt['pillar.get']('static:fleet_node') %} {%- set fleet_ip = salt['pillar.get']('static:fleet_ip', None) %} From eaa41266a2d14c2ab3378c99a70235e00e5dfee8 Mon Sep 17 00:00:00 2001 From: jtgreen-cse <67059096+jtgreen-cse@users.noreply.github.com> Date: Tue, 20 Oct 2020 13:24:53 -0400 Subject: [PATCH 008/487] fix for rendering error >1 search node Fails rendering if you have more than one search node. --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 61c4ab6bb..d87b00f87 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -33,7 +33,7 @@ {%- if salt['pillar.get']('nodestab', {}) %} "remoteHostUrls": [ {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - "https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last }} + "https://{{ SN.split('_')|first }}:9200"{{ "," if not loop.last else ""}} {%- endfor %} ], {%- endif %} From d63358c8f0fccd58522ee22960c8c4192c22008b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 20 Oct 2020 14:30:06 -0400 Subject: [PATCH 009/487] [fix] Correct pillar reference + nginx errors --- salt/nginx/etc/nginx.conf | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 84689c8fa..66b3ed3f2 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,6 +1,6 @@ {%- set managerip = salt['pillar.get']('manager:mainip', '') %} {%- set role = grains.id.split('_') | last %} -{%- set url_base = salt['pillar.get']('manager:url_base') %} +{%- set url_base = salt['pillar.get']('global:url_base') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} {%- set fleet_node = salt['pillar.get']('global:fleet_node') %} @@ -41,13 +41,13 @@ http { server { listen 80 default_server; server_name _; - return 301 https://$host$request_uri; + return 301 https://{{ url_base }}$request_uri; } {%- if airgap is sameas true %} server { listen 7788; - server_name _; + server_name {{ url_base }}; root /opt/socore/html/repo; location /rules/ { allow all; @@ -87,12 +87,6 @@ http { {%- endif %} {%- if role in ['eval', 'managersearch', 'manager', 'standalone'] %} - server { - listen 80 default_server; - server_name _; - return 301 https://{{ url_base }}$request_uri; - } - server { listen 443 ssl http2 default_server; server_name _; From 1e14d66f54d7a4d8de1aa15a0a5bcd1ecba0f8c5 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 21 Oct 2020 08:59:26 -0400 Subject: [PATCH 010/487] Add case_template field to Playbook alerts --- salt/elastalert/files/modules/so/playbook-es.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py index 31a58b44b..394ca8534 100644 --- a/salt/elastalert/files/modules/so/playbook-es.py +++ b/salt/elastalert/files/modules/so/playbook-es.py @@ -16,7 +16,7 @@ class PlaybookESAlerter(Alerter): today = strftime("%Y.%m.%d", gmtime()) timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S", gmtime()) headers = {"Content-Type": "application/json"} - payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp} + payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "case_template": self.rule['play_id'], "@timestamp": timestamp} url = f"http://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/" requests.post(url, data=json.dumps(payload), headers=headers, verify=False) From 844ffe8fdfeef356baae50d458d969a2d79a0258 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 21 Oct 2020 09:58:31 -0400 Subject: [PATCH 011/487] nest case_template --- salt/elastalert/files/modules/so/playbook-es.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elastalert/files/modules/so/playbook-es.py b/salt/elastalert/files/modules/so/playbook-es.py index 394ca8534..cf29c0669 100644 --- a/salt/elastalert/files/modules/so/playbook-es.py +++ b/salt/elastalert/files/modules/so/playbook-es.py @@ -16,7 +16,7 @@ class PlaybookESAlerter(Alerter): today = strftime("%Y.%m.%d", gmtime()) timestamp = strftime("%Y-%m-%d"'T'"%H:%M:%S", gmtime()) headers = {"Content-Type": "application/json"} - payload = {"rule": { "name": self.rule['play_title'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "case_template": self.rule['play_id'], "@timestamp": timestamp} + payload = {"rule": { "name": self.rule['play_title'],"case_template": self.rule['play_id'],"uuid": self.rule['play_id'],"category": self.rule['rule.category']},"event":{ "severity": self.rule['event.severity'],"module": self.rule['event.module'],"dataset": self.rule['event.dataset'],"severity_label": self.rule['sigma_level']},"kibana_pivot": self.rule['kibana_pivot'],"soc_pivot": self.rule['soc_pivot'],"play_url": self.rule['play_url'],"sigma_level": self.rule['sigma_level'],"event_data": match, "@timestamp": timestamp} url = f"http://{self.rule['elasticsearch_host']}/so-playbook-alerts-{today}/_doc/" requests.post(url, data=json.dumps(payload), headers=headers, verify=False) From 79c4f07ff7154c9fbbe8796df56590687ba31c0b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Oct 2020 10:43:24 -0400 Subject: [PATCH 012/487] [fix] Don't listen on port 80 on all installs --- salt/nginx/etc/nginx.conf | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 66b3ed3f2..f47fbfdf9 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -37,13 +37,6 @@ http { include /etc/nginx/conf.d/*.conf; - - server { - listen 80 default_server; - server_name _; - return 301 https://{{ url_base }}$request_uri; - } - {%- if airgap is sameas true %} server { listen 7788; @@ -87,6 +80,12 @@ http { {%- endif %} {%- if role in ['eval', 'managersearch', 'manager', 'standalone'] %} + server { + listen 80 default_server; + server_name _; + return 301 https://{{ url_base }}$request_uri; + } + server { listen 443 ssl http2 default_server; server_name _; From 6a3e9219246b4d1e539ee3afa9557cd29a7bea46 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Oct 2020 13:09:26 -0400 Subject: [PATCH 013/487] [fix] Fixes for fleet install --- salt/nginx/etc/nginx.conf | 89 +++++++++++++++++++++++++++++---------- 1 file changed, 66 insertions(+), 23 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index f47fbfdf9..6cb2d0691 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,5 +1,10 @@ -{%- set managerip = salt['pillar.get']('manager:mainip', '') %} {%- set role = grains.id.split('_') | last %} +{%- if role == 'fleet' %} + {% set MAININT = salt['pillar.get']('host:mainint') %} + {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} +{%- endif %} + +{%- set managerip = salt['pillar.get']('manager:mainip', '') %} {%- set url_base = salt['pillar.get']('global:url_base') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} @@ -37,25 +42,7 @@ http { include /etc/nginx/conf.d/*.conf; - {%- if airgap is sameas true %} - server { - listen 7788; - server_name {{ url_base }}; - root /opt/socore/html/repo; - location /rules/ { - allow all; - sendfile on; - sendfile_max_chunk 1m; - autoindex on; - autoindex_exact_size off; - autoindex_format html; - autoindex_localtime on; - } - } - {%- endif %} - - - {%- if fleet_manager %} + {%- if fleet_manager or role == 'fleet' %} server { listen 8090 ssl http2 default_server; server_name {{ url_base }}; @@ -70,16 +57,21 @@ http { ssl_prefer_server_ciphers on; location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { + {%- if role == 'fleet' %} + grpc_pass grpcs://{{ MAINIP }}:8080; + {%- else %} grpc_pass grpcs://{{ managerip }}:8080; + {%- endif %} grpc_set_header Host $host; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; } - } {%- endif %} - {%- if role in ['eval', 'managersearch', 'manager', 'standalone'] %} + + {%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'fleet', 'import'] %} + server { listen 80 default_server; server_name _; @@ -99,6 +91,55 @@ http { ssl_prefer_server_ciphers on; } + {%- endif %} + + {%- if role == 'fleet' %} + server { + listen 443 ssl http2; + server_name {{ url_base }}; + root /opt/socore/html; + index index.html; + + ssl_certificate "/etc/pki/nginx/server.crt"; + ssl_certificate_key "/etc/pki/nginx/server.key"; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + + location /fleet/ { + proxy_pass https://{{ MAINIP }}:8080; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Proxy ""; + proxy_set_header X-Forwarded-Proto $scheme; + } + error_page 500 502 503 504 /50x.html; + location = /usr/share/nginx/html/50x.html { + } + } + {%- elif role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %} + + {%- if airgap is sameas true %} + server { + listen 7788; + server_name {{ url_base }}; + root /opt/socore/html/repo; + location /rules/ { + allow all; + sendfile on; + sendfile_max_chunk 1m; + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + } + } + {%- endif %} + server { listen 443 ssl http2; server_name {{ url_base }}; @@ -249,10 +290,11 @@ http { } {%- if fleet_node %} + location /fleet/ { return 301 https://{{ fleet_ip }}/fleet; } - + {%- else %} location /fleet/ { @@ -265,6 +307,7 @@ http { proxy_set_header Proxy ""; proxy_set_header X-Forwarded-Proto $scheme; } + {%- endif %} location /thehive/ { From 6a08086dfa051388c3090ee54a4d0af2df92ceca Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 22 Oct 2020 14:10:06 -0400 Subject: [PATCH 014/487] [refactor] Make variable names consistent --- salt/nginx/etc/nginx.conf | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 6cb2d0691..dcc89f13d 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,10 +1,10 @@ {%- set role = grains.id.split('_') | last %} {%- if role == 'fleet' %} - {% set MAININT = salt['pillar.get']('host:mainint') %} - {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} + {% set main_int = salt['pillar.get']('host:main_int') %} + {% set main_ip = salt['grains.get']('ip_interfaces').get(main_int)[0] %} {%- endif %} -{%- set managerip = salt['pillar.get']('manager:mainip', '') %} +{%- set manager_ip = salt['pillar.get']('manager:main_ip', '') %} {%- set url_base = salt['pillar.get']('global:url_base') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} @@ -58,9 +58,9 @@ http { location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { {%- if role == 'fleet' %} - grpc_pass grpcs://{{ MAINIP }}:8080; + grpc_pass grpcs://{{ main_ip }}:8080; {%- else %} - grpc_pass grpcs://{{ managerip }}:8080; + grpc_pass grpcs://{{ manager_ip }}:8080; {%- endif %} grpc_set_header Host $host; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -108,7 +108,7 @@ http { ssl_prefer_server_ciphers on; location /fleet/ { - proxy_pass https://{{ MAINIP }}:8080; + proxy_pass https://{{ main_ip }}:8080; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -155,7 +155,7 @@ http { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ managerip }}:9822; + proxy_pass http://{{ manager_ip }}:9822; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -169,7 +169,7 @@ http { location / { auth_request /auth/sessions/whoami; - proxy_pass http://{{ managerip }}:9822/; + proxy_pass http://{{ manager_ip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -183,7 +183,7 @@ http { location ~ ^/auth/.*?(whoami|login|logout|settings) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ managerip }}:4433; + proxy_pass http://{{ manager_ip }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -242,7 +242,7 @@ http { location /grafana/ { auth_request /auth/sessions/whoami; rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ managerip }}:3000/; + proxy_pass http://{{ manager_ip }}:3000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -255,7 +255,7 @@ http { location /kibana/ { auth_request /auth/sessions/whoami; rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ managerip }}:5601/; + proxy_pass http://{{ manager_ip }}:5601/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -266,7 +266,7 @@ http { } location /nodered/ { - proxy_pass http://{{ managerip }}:1880/; + proxy_pass http://{{ manager_ip }}:1880/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -279,7 +279,7 @@ http { } location /playbook/ { - proxy_pass http://{{ managerip }}:3200/playbook/; + proxy_pass http://{{ manager_ip }}:3200/playbook/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -298,7 +298,7 @@ http { {%- else %} location /fleet/ { - proxy_pass https://{{ managerip }}:8080; + proxy_pass https://{{ manager_ip }}:8080; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -311,7 +311,7 @@ http { {%- endif %} location /thehive/ { - proxy_pass http://{{ managerip }}:9000/thehive/; + proxy_pass http://{{ manager_ip }}:9000/thehive/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -323,7 +323,7 @@ http { } location /cortex/ { - proxy_pass http://{{ managerip }}:9001/cortex/; + proxy_pass http://{{ manager_ip }}:9001/cortex/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -335,7 +335,7 @@ http { } location /soctopus/ { - proxy_pass http://{{ managerip }}:7000/; + proxy_pass http://{{ manager_ip }}:7000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -361,7 +361,7 @@ http { if ($http_authorization = "") { return 403; } - proxy_pass http://{{ managerip }}:9822/; + proxy_pass http://{{ manager_ip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; From c066cc67dcd05ed31693d923dac0b2dbc1cb0a66 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 10:08:45 -0400 Subject: [PATCH 015/487] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 2bf1c1ccf..f90b1afc0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.1 +2.3.2 From 801f4aae8ef529e2dbadc1c23f360294f22a6fd9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 10:09:07 -0400 Subject: [PATCH 016/487] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 38e1d64dd..6138a2271 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.1 +## Security Onion 2.3.2 -Security Onion 2.3.1 is here! +Security Onion 2.3.2 is here! ### Release Notes From 73b83584e6142056930dd53eba9764434b272b55 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 23 Oct 2020 14:32:43 -0400 Subject: [PATCH 017/487] [fix] Remove bad '_' character --- salt/nginx/etc/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index dcc89f13d..dd599abf9 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,6 +1,6 @@ {%- set role = grains.id.split('_') | last %} {%- if role == 'fleet' %} - {% set main_int = salt['pillar.get']('host:main_int') %} + {% set main_int = salt['pillar.get']('host:mainint') %} {% set main_ip = salt['grains.get']('ip_interfaces').get(main_int)[0] %} {%- endif %} From fdb7cb90e3222f6cffa453759e67fa577a218851 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 23 Oct 2020 15:36:01 -0400 Subject: [PATCH 018/487] [wip] Test alt variable usage --- salt/nginx/etc/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index dd599abf9..05e935caa 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,7 +1,7 @@ {%- set role = grains.id.split('_') | last %} {%- if role == 'fleet' %} - {% set main_int = salt['pillar.get']('host:mainint') %} - {% set main_ip = salt['grains.get']('ip_interfaces').get(main_int)[0] %} + {% set mainint = salt['pillar.get']('host:mainint') %} + {% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %} {%- endif %} {%- set manager_ip = salt['pillar.get']('manager:main_ip', '') %} From c8a6b232d5843f0fb630c4a2457d1b1986f8ae27 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 15:58:35 -0400 Subject: [PATCH 019/487] Fix which field we return for Elastic index --- salt/curator/files/bin/so-curator-closed-delete-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 8909512db..f7ab6146d 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -50,7 +50,7 @@ curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " c {% if grains['role'] in ['so-node','so-heavynode'] %} OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) {% else %} - OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% endif %} # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. From 85e0b2cab3eeaf996af8f04be81662fe5b28ecc7 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 23 Oct 2020 16:35:35 -0400 Subject: [PATCH 020/487] Add cheatsheet URL to soc.json --- salt/soc/files/soc/soc.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 61c4ab6bb..f5326597a 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -56,8 +56,10 @@ "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", + "docsUrl": "/docs/cheatsheet.pdf", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", + "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", {%- endif %} "hunt": { "advanced": true, From b6f1cfada6f43216f1f6a73cc847e51391f3ee8a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:44:02 -0400 Subject: [PATCH 021/487] Update changes.json --- salt/soc/files/soc/changes.json | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 5aa9b220b..680dbd54d 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,13 +1,9 @@ { - "title": "Security Onion 2.3.1 is here!", + "title": "Security Onion 2.3.2 is here!", "changes": [ - { "summary": "Fixed a SOC issue in airgap mode that was preventing people from logging in." }, - { "summary": "Downloading Elastic features images will now download the correct images." }, - { "summary": "Winlogbeat download no longer requires Internet access." }, - { "summary": "Adjusted Alerts quick action bar to allow searching for a specific value while remaining in Alerts view." }, - { "summary": "/nsm will properly display disk usage on the standalone Grafana dashboard." }, - { "summary": "The manager node now has syslog listener enabled by default (you'll still need to allow syslog traffic through the firewall of course)." }, - { "summary": "Fixed an issue when creating host groups with so-firewall." }, + { "summary": "Elastic components have been upgraded to 7.9.3." }, + { "summary": "Fixed an issue where curator was unable to delete a closed index." }, + { "summary": "Cheat sheet is now available for airgap installs." }, { "summary": "Known Issues
  • It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.
  • In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:
    1. Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes
    2. Re-Index the data. This is not a quick process but you can find more information at https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing
  • Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at https://securityonion.net/discuss.
  • Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.
  • Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.
  • When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.
  • When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:
    1. Stop elasticsearch - sudo so-elasticsearch-stop
    2. Run the SSL state - sudo salt-call state.apply ssl
    3. Restart elasticsearch - sudo so-elasticsearch-restart
  • If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:
    1. Stop the Docker registry - sudo docker stop so-dockerregistry
    2. Remove the container - sudo docker rm so-dockerregistry
    3. Run the registry state - sudo salt-call state.apply registry
" } ] } From da488945e018370b002ed79f1513fe768fe2eaed Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:47:43 -0400 Subject: [PATCH 022/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 26b926971..d2fad2fa8 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.1 ISO image built on 2020/10/22 +### 2.3.2 ISO image built on 2020/10/23 ### Download and Verify -2.3.1 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.1.iso +2.3.2 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.1.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,17 +24,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.1.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.1.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.1.iso.sig securityonion-2.3.1.iso +gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: From 951f6ab3e2b34a17c7206e53be62ebf94ecaf563 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 16:48:05 -0400 Subject: [PATCH 023/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index d2fad2fa8..89f81eecf 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,7 +5,7 @@ 2.3.2 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso -MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A +MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E From d9c021e86ac250212df65b91efb722921a76509c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 23 Oct 2020 17:07:16 -0400 Subject: [PATCH 024/487] Update so-curator-closed-delete-delete --- salt/curator/files/bin/so-curator-closed-delete-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index f7ab6146d..b7b29b615 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -48,7 +48,7 @@ curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " c # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% else %} OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) {% endif %} From c61199618ac50a2f76cd2d3e4f1326f6d9ee3e2a Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Sat, 24 Oct 2020 07:15:43 -0400 Subject: [PATCH 025/487] Update so-curator-closed-delete-delete --- .../files/bin/so-curator-closed-delete-delete | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index b7b29b615..bf2ea22f1 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -33,24 +33,23 @@ LOG="/opt/so/log/curator/so-curator-closed-delete.log" # Check for 2 conditions: # 1. Are Elasticsearch indices using more disk space than LOG_SIZE_LIMIT? -# 2. Are there any closed logstash- or so- indices that we can delete? +# 2. Are there any closed indices that we can delete? # If both conditions are true, keep on looping until one of the conditions is false. while [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] && {% if grains['role'] in ['so-node','so-heavynode'] %} -curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do {% else %} -curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do {% endif %} - # We need to determine OLDEST_INDEX. - # First, get the list of closed indices that are prefixed with "logstash-" or "so-". - # For example: logstash-ids-YYYY.MM.DD + # We need to determine OLDEST_INDEX: + # First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed. # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) {% else %} - OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $3}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) {% endif %} # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. From f75badf43ae86866a29028fa6ddfcac26f5c63c6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Oct 2020 09:53:26 -0400 Subject: [PATCH 026/487] 2.3.2 ISO info --- sigs/securityonion-2.3.2.iso.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/securityonion-2.3.2.iso.sig diff --git a/sigs/securityonion-2.3.2.iso.sig b/sigs/securityonion-2.3.2.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..53bfe4569823f6e535a467c094a44781246f779e GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;4{k4pdw2@re`V7LBIa1-?D5C3Qjez?&Me z>7X&#c-?K_tDM+dD%0aSFBq*>N$O}b4awK`xrR1tE4FlrWSy9LA24YXxkL6@D-d4O z0%ADZJU3kc#2{W7;ctv&#I*bmNVe+F#p$d9h+)zn!~oBPJf9Xl{CWlp25*HG({~eN zfg3w6svRX8PLpeApdNgvud^{J7qn4orn@J@L;CRR>ryHc$3SJg`VJgIP#qYkbi!_6Ips#dee6vIT)ZM?B{i`J7$BZ-m z6mfzlu2Kkm6bfZb_Qg}j(GO?oKzSfkaA=M%DeN{nGNM+-rbZ`{2fSdFfbkt!ZvmDt zT4Yi-3w-+kJj&0wXcl&v5u(6>p_*ZGLq`FtY%aE=F4aOAj%C)oGrk8t5G1}^aB zK?|IZvLv5Cg`Og1^bPwp80b|XN#jXhwk+^x_vhQp6 Date: Mon, 26 Oct 2020 10:09:25 -0400 Subject: [PATCH 027/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 89f81eecf..96ba20b2c 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,4 +1,4 @@ -### 2.3.2 ISO image built on 2020/10/23 +### 2.3.2 ISO image built on 2020/10/25 ### Download and Verify From 45fd325307fc69cc43c6d04a553297dc4dd1b284 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Oct 2020 10:11:58 -0400 Subject: [PATCH 028/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 96ba20b2c..281821214 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 22 Oct 2020 10:34:27 AM EDT using RSA key ID FE507013 +gpg: Signature made Sun 25 Oct 2020 10:44:27 AM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. From 46628370752da12650d87b5098eec6c3b44348a9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 26 Oct 2020 10:25:16 -0400 Subject: [PATCH 029/487] [fix] Revert changes from merging dev --- salt/nginx/etc/nginx.conf | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 05e935caa..7774f9f8d 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -4,7 +4,6 @@ {% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %} {%- endif %} -{%- set manager_ip = salt['pillar.get']('manager:main_ip', '') %} {%- set url_base = salt['pillar.get']('global:url_base') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} @@ -60,7 +59,7 @@ http { {%- if role == 'fleet' %} grpc_pass grpcs://{{ main_ip }}:8080; {%- else %} - grpc_pass grpcs://{{ manager_ip }}:8080; + grpc_pass grpcs://{{ url_base }}:8080; {%- endif %} grpc_set_header Host $host; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -155,7 +154,7 @@ http { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ manager_ip }}:9822; + proxy_pass http://{{ url_base }}:9822; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -169,7 +168,7 @@ http { location / { auth_request /auth/sessions/whoami; - proxy_pass http://{{ manager_ip }}:9822/; + proxy_pass http://{{ url_base }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -183,7 +182,7 @@ http { location ~ ^/auth/.*?(whoami|login|logout|settings) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ manager_ip }}:4433; + proxy_pass http://{{ url_base }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -242,7 +241,7 @@ http { location /grafana/ { auth_request /auth/sessions/whoami; rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ manager_ip }}:3000/; + proxy_pass http://{{ url_base }}:3000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -255,7 +254,7 @@ http { location /kibana/ { auth_request /auth/sessions/whoami; rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ manager_ip }}:5601/; + proxy_pass http://{{ url_base }}:5601/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -266,7 +265,7 @@ http { } location /nodered/ { - proxy_pass http://{{ manager_ip }}:1880/; + proxy_pass http://{{ url_base }}:1880/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -279,7 +278,7 @@ http { } location /playbook/ { - proxy_pass http://{{ manager_ip }}:3200/playbook/; + proxy_pass http://{{ url_base }}:3200/playbook/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -298,7 +297,7 @@ http { {%- else %} location /fleet/ { - proxy_pass https://{{ manager_ip }}:8080; + proxy_pass https://{{ url_base }}:8080; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -311,7 +310,7 @@ http { {%- endif %} location /thehive/ { - proxy_pass http://{{ manager_ip }}:9000/thehive/; + proxy_pass http://{{ url_base }}:9000/thehive/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -323,7 +322,7 @@ http { } location /cortex/ { - proxy_pass http://{{ manager_ip }}:9001/cortex/; + proxy_pass http://{{ url_base }}:9001/cortex/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -335,7 +334,7 @@ http { } location /soctopus/ { - proxy_pass http://{{ manager_ip }}:7000/; + proxy_pass http://{{ url_base }}:7000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -361,7 +360,7 @@ http { if ($http_authorization = "") { return 403; } - proxy_pass http://{{ manager_ip }}:9822/; + proxy_pass http://{{ url_base }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; From 38095739639eeeeb9f3334cbc338b0417f8f3ddb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 26 Oct 2020 12:16:55 -0400 Subject: [PATCH 030/487] Correct cheatsheet URL for airgap installs --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index f5326597a..c48229a0c 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -56,7 +56,7 @@ "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", - "docsUrl": "/docs/cheatsheet.pdf", + "cheatsheetUrl": "/docs/cheatsheet.pdf", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", From 8d84718c91c4d424ea7065c910e2a8e37ec07c3d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Oct 2020 13:08:30 -0400 Subject: [PATCH 031/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 281821214..f6dc51b60 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,9 +5,9 @@ 2.3.2 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso -MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A -SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E -SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E +MD5: 8010C32803CD62AA3F61487524E37049 +SHA1: DCA300424C9DF81A4F332B8AA3945E18779C9D28 +SHA256: 1099494AA3E476D682746AAD9C2BD7DED292589DFAAB7B517933336C07AA01D0 Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig From 3648e293a18e71d0390df87a98cc4a8e8d0f900f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 26 Oct 2020 14:08:52 -0400 Subject: [PATCH 032/487] [fix] Add -L option to curl to respect redirects --- salt/common/tools/sbin/so-cortex-user-add | 2 +- salt/common/tools/sbin/so-cortex-user-enable | 2 +- salt/common/tools/sbin/so-elastic-clear | 12 ++++++------ salt/common/tools/sbin/so-elasticsearch-indices-rw | 2 +- .../tools/sbin/so-elasticsearch-pipeline-stats | 8 ++++---- .../tools/sbin/so-elasticsearch-pipelines-list | 8 ++++---- .../tools/sbin/so-elasticsearch-templates-list | 8 ++++---- .../tools/sbin/so-elasticsearch-templates-load | 8 ++++---- salt/common/tools/sbin/so-fleet-user-add | 2 +- salt/common/tools/sbin/so-index-list | 4 ++-- salt/common/tools/sbin/so-kibana-config-export | 2 +- salt/common/tools/sbin/so-thehive-user-add | 2 +- salt/common/tools/sbin/so-thehive-user-enable | 2 +- salt/common/tools/sbin/so-user | 14 +++++++------- .../files/bin/so-curator-closed-delete-delete | 12 ++++++------ .../elasticsearch/files/so-elasticsearch-pipelines | 8 ++++---- salt/kibana/bin/keepkibanahappy.sh | 8 ++++---- salt/nodered/files/nodered_load_flows | 4 ++-- salt/thehive/scripts/cortex_init | 14 +++++++------- salt/thehive/scripts/hive_init | 6 +++--- salt/utility/bin/crossthestreams | 6 +++--- salt/utility/bin/eval | 4 ++-- salt/wazuh/files/agent/wazuh-register-agent | 8 ++++---- 23 files changed, 73 insertions(+), 73 deletions(-) diff --git a/salt/common/tools/sbin/so-cortex-user-add b/salt/common/tools/sbin/so-cortex-user-add index 728ad25f1..5785a7f22 100755 --- a/salt/common/tools/sbin/so-cortex-user-add +++ b/salt/common/tools/sbin/so-cortex-user-add @@ -43,7 +43,7 @@ fi read -rs CORTEX_PASS # Create new user in Cortex -resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }") +resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }") if [[ "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully added user to Cortex." else diff --git a/salt/common/tools/sbin/so-cortex-user-enable b/salt/common/tools/sbin/so-cortex-user-enable index cbfdceb25..5fded5c33 100755 --- a/salt/common/tools/sbin/so-cortex-user-enable +++ b/salt/common/tools/sbin/so-cortex-user-enable @@ -46,7 +46,7 @@ case "${2^^}" in ;; esac -resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }") +resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }") if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully updated user in Cortex." else diff --git a/salt/common/tools/sbin/so-elastic-clear b/salt/common/tools/sbin/so-elastic-clear index 432e61c2b..941cc4538 100755 --- a/salt/common/tools/sbin/so-elastic-clear +++ b/salt/common/tools/sbin/so-elastic-clear @@ -51,9 +51,9 @@ if [ $SKIP -ne 1 ]; then # List indices echo {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -k https://{{ NODEIP }}:9200/_cat/indices?v + curl -k -L https://{{ NODEIP }}:9200/_cat/indices?v {% else %} - curl {{ NODEIP }}:9200/_cat/indices?v + curl -L {{ NODEIP }}:9200/_cat/indices?v {% endif %} echo # Inform user we are about to delete all data @@ -94,16 +94,16 @@ fi echo "Deleting data..." {% if grains['role'] in ['so-node','so-heavynode'] %} -INDXS=$(curl -s -XGET -k https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }') +INDXS=$(curl -s -XGET -k -L https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }') {% else %} -INDXS=$(curl -s -XGET {{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }') +INDXS=$(curl -s -XGET -L {{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }') {% endif %} for INDX in ${INDXS} do {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -XDELETE -k https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1 + curl -XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1 {% else %} - curl -XDELETE "{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1 + curl -XDELETE -L "{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1 {% endif %} done diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw index 6e9eebe47..dc9aee9d8 100755 --- a/salt/common/tools/sbin/so-elasticsearch-indices-rw +++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw @@ -22,5 +22,5 @@ THEHIVEESPORT=9400 echo "Removing read only attributes for indices..." echo for p in $ESPORT $THEHIVEESPORT; do - curl -XPUT -H "Content-Type: application/json" http://$IP:$p/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi; + curl -XPUT -H "Content-Type: application/json" -L http://$IP:$p/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi; done diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats index e1a0bfd3d..a4bc2e220 100755 --- a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats +++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats @@ -20,14 +20,14 @@ if [ "$1" == "" ]; then {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" + curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" {% else %} - curl -s {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" + curl -s -L {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" {% endif %} else {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" + curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" {% else %} - curl -s {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" + curl -s -L {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" {% endif %} fi diff --git a/salt/common/tools/sbin/so-elasticsearch-pipelines-list b/salt/common/tools/sbin/so-elasticsearch-pipelines-list index 58dbf9c9b..d1dda8dee 100755 --- a/salt/common/tools/sbin/so-elasticsearch-pipelines-list +++ b/salt/common/tools/sbin/so-elasticsearch-pipelines-list @@ -18,14 +18,14 @@ . /usr/sbin/so-common if [ "$1" == "" ]; then {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys' + curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys' {% else %} - curl -s {{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys' + curl -s -L {{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys' {% endif %} else {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq + curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq {% else %} - curl -s {{ NODEIP }}:9200/_ingest/pipeline/$1 | jq + curl -s -L {{ NODEIP }}:9200/_ingest/pipeline/$1 | jq {% endif %} fi diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-list b/salt/common/tools/sbin/so-elasticsearch-templates-list index 85ef27760..a5850534e 100755 --- a/salt/common/tools/sbin/so-elasticsearch-templates-list +++ b/salt/common/tools/sbin/so-elasticsearch-templates-list @@ -18,14 +18,14 @@ . /usr/sbin/so-common if [ "$1" == "" ]; then {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_template/* | jq 'keys' + curl -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys' {% else %} - curl -s {{ NODEIP }}:9200/_template/* | jq 'keys' + curl -s -L {{ NODEIP }}:9200/_template/* | jq 'keys' {% endif %} else {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -s -k https://{{ NODEIP }}:9200/_template/$1 | jq + curl -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq {% else %} - curl -s {{ NODEIP }}:9200/_template/$1 | jq + curl -s -L {{ NODEIP }}:9200/_template/$1 | jq {% endif %} fi diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-load b/salt/common/tools/sbin/so-elasticsearch-templates-load index 48558af34..76558e17a 100755 --- a/salt/common/tools/sbin/so-elasticsearch-templates-load +++ b/salt/common/tools/sbin/so-elasticsearch-templates-load @@ -31,9 +31,9 @@ COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -k --output /dev/null --silent --head --fail https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + curl -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" {% else %} - curl --output /dev/null --silent --head --fail http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + curl --output /dev/null --silent --head --fail -L http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" {% endif %} if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" @@ -56,9 +56,9 @@ cd ${ELASTICSEARCH_TEMPLATES} echo "Loading templates..." {% if grains['role'] in ['so-node','so-heavynode'] %} -for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl -k ${ELASTICSEARCH_AUTH} -s -XPUT https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done +for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done {% else %} -for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl ${ELASTICSEARCH_AUTH} -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done +for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl ${ELASTICSEARCH_AUTH} -s -XPUT -L http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done {% endif %} echo diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add index 5e2e91fe6..4230a1884 100755 --- a/salt/common/tools/sbin/so-fleet-user-add +++ b/salt/common/tools/sbin/so-fleet-user-add @@ -59,6 +59,6 @@ if [[ $? -eq 0 ]]; then echo "Successfully added user to Fleet" else echo "Unable to add user to Fleet; user might already exist" - echo $resp + echo "$MYSQL_OUTPUT" exit 2 fi \ No newline at end of file diff --git a/salt/common/tools/sbin/so-index-list b/salt/common/tools/sbin/so-index-list index f349cb0d4..0352e7e3e 100755 --- a/salt/common/tools/sbin/so-index-list +++ b/salt/common/tools/sbin/so-index-list @@ -16,7 +16,7 @@ # along with this program. If not, see . {% if grains['role'] in ['so-node','so-heavynode'] %} -curl -X GET -k https://localhost:9200/_cat/indices?v +curl -X GET -k -L https://localhost:9200/_cat/indices?v {% else %} -curl -X GET localhost:9200/_cat/indices?v +curl -X GET -L localhost:9200/_cat/indices?v {% endif %} diff --git a/salt/common/tools/sbin/so-kibana-config-export b/salt/common/tools/sbin/so-kibana-config-export index 7f578a3ba..6dd82a10a 100755 --- a/salt/common/tools/sbin/so-kibana-config-export +++ b/salt/common/tools/sbin/so-kibana-config-export @@ -23,7 +23,7 @@ KIBANA_HOST={{ MANAGER }} KSO_PORT=5601 OUTFILE="saved_objects.ndjson" -curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE +curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE # Clean up using PLACEHOLDER sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE diff --git a/salt/common/tools/sbin/so-thehive-user-add b/salt/common/tools/sbin/so-thehive-user-add index 6ddca526c..2fb9e6d4b 100755 --- a/salt/common/tools/sbin/so-thehive-user-add +++ b/salt/common/tools/sbin/so-thehive-user-add @@ -47,7 +47,7 @@ if ! check_password "$THEHIVE_PASS"; then fi # Create new user in TheHive -resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}") +resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}") if [[ "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully added user to TheHive" else diff --git a/salt/common/tools/sbin/so-thehive-user-enable b/salt/common/tools/sbin/so-thehive-user-enable index 94430b889..714643a83 100755 --- a/salt/common/tools/sbin/so-thehive-user-enable +++ b/salt/common/tools/sbin/so-thehive-user-enable @@ -46,7 +46,7 @@ case "${2^^}" in ;; esac -resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }") +resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }") if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully updated user in TheHive" else diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 02046a3e5..42bcf65f5 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -56,14 +56,14 @@ function verifyEnvironment() { require "openssl" require "sqlite3" [[ ! -f $databasePath ]] && fail "Unable to find database file; specify path via KRATOS_DB_PATH environment variable" - response=$(curl -Ss ${kratosUrl}/) + response=$(curl -Ss -L ${kratosUrl}/) [[ "$response" != "404 page not found" ]] && fail "Unable to communicate with Kratos; specify URL via KRATOS_URL environment variable" } function findIdByEmail() { email=$1 - response=$(curl -Ss ${kratosUrl}/identities) + response=$(curl -Ss -L ${kratosUrl}/identities) identityId=$(echo "${response}" | jq ".[] | select(.verifiable_addresses[0].value == \"$email\") | .id") echo $identityId } @@ -113,7 +113,7 @@ function updatePassword() { } function listUsers() { - response=$(curl -Ss ${kratosUrl}/identities) + response=$(curl -Ss -L ${kratosUrl}/identities) [[ $? != 0 ]] && fail "Unable to communicate with Kratos" echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort @@ -131,7 +131,7 @@ function createUser() { EOF ) - response=$(curl -Ss ${kratosUrl}/identities -d "$addUserJson") + response=$(curl -Ss -L ${kratosUrl}/identities -d "$addUserJson") [[ $? != 0 ]] && fail "Unable to communicate with Kratos" identityId=$(echo "${response}" | jq ".id") @@ -153,7 +153,7 @@ function updateStatus() { identityId=$(findIdByEmail "$email") [[ ${identityId} == "" ]] && fail "User not found" - response=$(curl -Ss "${kratosUrl}/identities/$identityId") + response=$(curl -Ss -L "${kratosUrl}/identities/$identityId") [[ $? != 0 ]] && fail "Unable to communicate with Kratos" oldConfig=$(echo "select config from identity_credentials where identity_id=${identityId};" | sqlite3 "$databasePath") @@ -171,7 +171,7 @@ function updateStatus() { fi updatedJson=$(echo "$response" | jq ".traits.status = \"$status\" | del(.verifiable_addresses) | del(.id) | del(.schema_url)") - response=$(curl -Ss -XPUT ${kratosUrl}/identities/$identityId -d "$updatedJson") + response=$(curl -Ss -XPUT -L ${kratosUrl}/identities/$identityId -d "$updatedJson") [[ $? != 0 ]] && fail "Unable to mark user as locked" } @@ -191,7 +191,7 @@ function deleteUser() { identityId=$(findIdByEmail "$email") [[ ${identityId} == "" ]] && fail "User not found" - response=$(curl -Ss -XDELETE "${kratosUrl}/identities/$identityId") + response=$(curl -Ss -XDELETE -L "${kratosUrl}/identities/$identityId") [[ $? != 0 ]] && fail "Unable to communicate with Kratos" } diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 8909512db..b7ddac731 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -37,9 +37,9 @@ LOG="/opt/so/log/curator/so-curator-closed-delete.log" # If both conditions are true, keep on looping until one of the conditions is false. while [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] && {% if grains['role'] in ['so-node','so-heavynode'] %} -curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do {% else %} -curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do +curl -s -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" > /dev/null; do {% endif %} # We need to determine OLDEST_INDEX. @@ -48,16 +48,16 @@ curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " c # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) {% else %} - OLDEST_INDEX=$(curl -s {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) + OLDEST_INDEX=$(curl -s -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices | grep -E " close (logstash-|so-)" | awk '{print $2}' | sort -t- -k3 | head -1) {% endif %} # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -XDELETE -k https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} + curl -XDELETE -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} {% else %} - curl -XDELETE {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} + curl -XDELETE -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} {% endif %} # Finally, write a log entry that says we deleted it. diff --git a/salt/elasticsearch/files/so-elasticsearch-pipelines b/salt/elasticsearch/files/so-elasticsearch-pipelines index eed62da24..dce6a081b 100755 --- a/salt/elasticsearch/files/so-elasticsearch-pipelines +++ b/salt/elasticsearch/files/so-elasticsearch-pipelines @@ -28,9 +28,9 @@ COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do {% if grains['role'] in ['so-node','so-heavynode'] %} - curl ${ELASTICSEARCH_AUTH} -k --output /dev/null --silent --head --fail https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + curl ${ELASTICSEARCH_AUTH} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" {% else %} - curl ${ELASTICSEARCH_AUTH} --output /dev/null --silent --head --fail http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + curl ${ELASTICSEARCH_AUTH} --output /dev/null --silent --head --fail -L http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" {% endif %} if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" @@ -52,9 +52,9 @@ cd ${ELASTICSEARCH_INGEST_PIPELINES} echo "Loading pipelines..." {% if grains['role'] in ['so-node','so-heavynode'] %} -for i in *; do echo $i; RESPONSE=$(curl ${ELASTICSEARCH_AUTH} -k -XPUT https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done +for i in *; do echo $i; RESPONSE=$(curl ${ELASTICSEARCH_AUTH} -k -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done {% else %} -for i in *; do echo $i; RESPONSE=$(curl ${ELASTICSEARCH_AUTH} -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done +for i in *; do echo $i; RESPONSE=$(curl ${ELASTICSEARCH_AUTH} -XPUT -L http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ingest/pipeline/$i -H 'Content-Type: application/json' -d@$i 2>/dev/null); echo $RESPONSE; if [[ "$RESPONSE" == *"error"* ]]; then RETURN_CODE=1; fi; done {% endif %} echo diff --git a/salt/kibana/bin/keepkibanahappy.sh b/salt/kibana/bin/keepkibanahappy.sh index e8534ec12..541a666bd 100644 --- a/salt/kibana/bin/keepkibanahappy.sh +++ b/salt/kibana/bin/keepkibanahappy.sh @@ -4,7 +4,7 @@ echo -n "Waiting for ElasticSearch..." COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 30 ]]; do - curl --output /dev/null --silent --head --fail http://{{ ES }}:9200 + curl --output /dev/null --silent --head --fail -L http://{{ ES }}:9200 if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" echo "connected!" @@ -28,7 +28,7 @@ MAX_WAIT=240 # Check to see if Kibana is available wait_step=0 - until curl -s -XGET http://{{ ES }}:5601 > /dev/null ; do + until curl -s -XGET -L http://{{ ES }}:5601 > /dev/null ; do wait_step=$(( ${wait_step} + 1 )) echo "Waiting on Kibana...Attempt #$wait_step" if [ ${wait_step} -gt ${MAX_WAIT} ]; then @@ -42,12 +42,12 @@ wait_step=0 # Apply Kibana template echo echo "Applying Kibana template..." - curl -s -XPUT http://{{ ES }}:9200/_template/kibana \ + curl -s -XPUT -L http://{{ ES }}:9200/_template/kibana \ -H 'Content-Type: application/json' \ -d'{"index_patterns" : ".kibana", "settings": { "number_of_shards" : 1, "number_of_replicas" : 0 }, "mappings" : { "search": {"properties": {"hits": {"type": "integer"}, "version": {"type": "integer"}}}}}' echo - curl -s -XPUT "{{ ES }}:9200/.kibana/_settings" \ + curl -s -XPUT -L "{{ ES }}:9200/.kibana/_settings" \ -H 'Content-Type: application/json' \ -d'{"index" : {"number_of_replicas" : 0}}' echo diff --git a/salt/nodered/files/nodered_load_flows b/salt/nodered/files/nodered_load_flows index 78bab818a..3d6ed2a8c 100644 --- a/salt/nodered/files/nodered_load_flows +++ b/salt/nodered/files/nodered_load_flows @@ -3,10 +3,10 @@ default_salt_dir=/opt/so/saltstack/default echo "Waiting for connection" -until $(curl --output /dev/null --silent --head http://{{ ip }}:1880); do +until $(curl --output /dev/null --silent --head -L http://{{ ip }}:1880); do echo '.' sleep 1 done echo "Loading flows..." -curl -XPOST -v -H "Content-Type: application/json" -d @$default_salt_dir/salt/nodered/so_flows.json {{ ip }}:1880/flows +curl -XPOST -v -H "Content-Type: application/json" -d @$default_salt_dir/salt/nodered/so_flows.json -L {{ ip }}:1880/flows echo "Done loading..." diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index 6f5d890ae..d358b8dd4 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -29,25 +29,25 @@ cortex_init(){ # Migrate DB - curl -v -k -XPOST "https://$CORTEX_IP:/cortex/api/maintenance/migrate" + curl -v -k -XPOST -L "https://$CORTEX_IP:/cortex/api/maintenance/migrate" # Create intial Cortex superadmin - curl -v -k "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}" + curl -v -k -L "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}" # Create user-supplied org - curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization" -d "{ \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}" + curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization" -d "{ \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}" # Create user-supplied org user - curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }" + curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }" # Enable URLScan.io Analyzer - curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}' + curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}' # Enable Cert PassiveDNS Analyzer - curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}' + curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}' # Revoke $CORTEX_USER key - curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" "https:///$CORTEX_IP/api/user/$CORTEX_USER/key" + curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" -L "https:///$CORTEX_IP/api/user/$CORTEX_USER/key" # Update SOCtopus config with apikey value #sed -i "s/cortex_key = .*/cortex_key = $CORTEX_KEY/" $SOCTOPUS_CONFIG diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index c44af6339..f47f60b0a 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -36,15 +36,15 @@ thehive_init(){ if [ "$THEHIVE_CONNECTED" == "yes" ]; then # Migrate DB - curl -v -k -XPOST "https://$THEHIVE_IP:/thehive/api/maintenance/migrate" + curl -v -k -XPOST -L "https://$THEHIVE_IP:/thehive/api/maintenance/migrate" # Create intial TheHive user - curl -v -k "https://$THEHIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}" + curl -v -k -L "https://$THEHIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}" # Pre-load custom fields # # reputation - curl -v -k "https://$THEHIVE_IP/thehive/api/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}" + curl -v -k -L "https://$THEHIVE_IP/thehive/api/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}" touch /opt/so/state/thehive.txt diff --git a/salt/utility/bin/crossthestreams b/salt/utility/bin/crossthestreams index e67ce9f57..6998c7669 100644 --- a/salt/utility/bin/crossthestreams +++ b/salt/utility/bin/crossthestreams @@ -9,7 +9,7 @@ echo -n "Waiting for ElasticSearch..." COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 30 ]]; do - curl --output /dev/null --silent --head --fail http://{{ ES }}:9200 + curl --output /dev/null --silent --head --fail -L http://{{ ES }}:9200 if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" echo "connected!" @@ -29,7 +29,7 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then fi echo "Applying cross cluster search config..." - curl -s -XPUT http://{{ ES }}:9200/_cluster/settings \ + curl -s -XPUT -L http://{{ ES }}:9200/_cluster/settings \ -H 'Content-Type: application/json' \ -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MANAGER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}" @@ -37,6 +37,6 @@ echo "Applying cross cluster search config..." {%- if salt['pillar.get']('nodestab', {}) %} {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} -curl -XPUT http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}' +curl -XPUT -L http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}' {%- endfor %} {%- endif %} diff --git a/salt/utility/bin/eval b/salt/utility/bin/eval index 87692e40f..f63a61942 100644 --- a/salt/utility/bin/eval +++ b/salt/utility/bin/eval @@ -6,7 +6,7 @@ echo -n "Waiting for ElasticSearch..." COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 30 ]]; do - curl --output /dev/null --silent --head --fail http://{{ ES }}:9200 + curl --output /dev/null --silent --head --fail -L http://{{ ES }}:9200 if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" echo "connected!" @@ -26,6 +26,6 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then fi echo "Applying cross cluster search config..." - curl -s -XPUT http://{{ ES }}:9200/_cluster/settings \ + curl -s -XPUT -L http://{{ ES }}:9200/_cluster/settings \ -H 'Content-Type: application/json' \ -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ grains.host }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}" diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index c6411b492..6e7f40137 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -52,7 +52,7 @@ register_agent() { echo "" echo "Adding agent:" echo "curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" - API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP $PROTOCOL://$API_IP:$API_PORT/agents) + API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP -L $PROTOCOL://$API_IP:$API_PORT/agents) echo -e $API_RESULT | grep -q "\"error\":0" 2>&1 if [ "$?" != "0" ]; then @@ -84,14 +84,14 @@ remove_agent() { echo "Found: $AGENT_ID" echo "Removing previous registration for '$AGENT_NAME' using ID: $AGENT_ID ..." # curl -u foo:bar -k -X DELETE "https://127.0.0.1:55000/agents/001 - REMOVE_AGENT=$(curl -s -u $USER:"$PASSWORD" -k -X DELETE $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID) + REMOVE_AGENT=$(curl -s -u $USER:"$PASSWORD" -k -X DELETE -L $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID) echo -e $REMOVE_AGENT } get_agent_id() { echo "" echo "Checking for Agent ID..." - AGENT_ID=$(curl -s -u $USER:"$PASSWORD" -k -X GET $PROTOCOL://$API_IP:$API_PORT/agents/name/$AGENT_NAME | rev | cut -d: -f1 | rev | grep -o '".*"' | tr -d '"') + AGENT_ID=$(curl -s -u $USER:"$PASSWORD" -k -X GET -L $PROTOCOL://$API_IP:$API_PORT/agents/name/$AGENT_NAME | rev | cut -d: -f1 | rev | grep -o '".*"' | tr -d '"') } # MAIN @@ -136,7 +136,7 @@ shift $(($OPTIND - 1)) # Default action -> try to register the agent sleep 30s -STATUS=$(curl -s -k -u $USER:$PASSWORD $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g') +STATUS=$(curl -s -k -u $USER:$PASSWORD -L $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g') if [[ $STATUS == "Active" ]]; then echo "Agent $AGENT_ID already registered!" else From 37ede9b993442d2b73272d0f22d8165b25649da7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 26 Oct 2020 15:03:27 -0400 Subject: [PATCH 033/487] [wip] Redirect so-user-add to separate log so ERROR isn't in main log --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 06f103cfc..3c056d23f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -173,7 +173,7 @@ add_web_user() { echo "Attempting to add administrator user for web interface..."; echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER"; echo "Add user result: $?"; - } >> "$setup_log" 2>&1 + } >> "/root/so-user-add.log" 2>&1 } # Create an secrets pillar so that passwords survive re-install From 0aaf8d6d9a785a79221a054f79eca57391c54ffb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 26 Oct 2020 16:37:16 -0400 Subject: [PATCH 034/487] [fix] Change 301 to 307 so curl requests work as intended --- salt/nginx/etc/nginx.conf | 6 +- salt/nginx/etc/nginx.conf.so-import | 326 ---------------------------- 2 files changed, 3 insertions(+), 329 deletions(-) delete mode 100644 salt/nginx/etc/nginx.conf.so-import diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 7774f9f8d..facfb4c22 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -74,13 +74,13 @@ http { server { listen 80 default_server; server_name _; - return 301 https://{{ url_base }}$request_uri; + return 307 https://{{ url_base }}$request_uri; } server { listen 443 ssl http2 default_server; server_name _; - return 301 https://{{ url_base }}$request_uri; + return 307 https://{{ url_base }}$request_uri; ssl_certificate "/etc/pki/nginx/server.crt"; ssl_certificate_key "/etc/pki/nginx/server.key"; @@ -291,7 +291,7 @@ http { {%- if fleet_node %} location /fleet/ { - return 301 https://{{ fleet_ip }}/fleet; + return 307 https://{{ fleet_ip }}/fleet; } {%- else %} diff --git a/salt/nginx/etc/nginx.conf.so-import b/salt/nginx/etc/nginx.conf.so-import deleted file mode 100644 index 1f180ad09..000000000 --- a/salt/nginx/etc/nginx.conf.so-import +++ /dev/null @@ -1,326 +0,0 @@ -{%- set managerip = salt['pillar.get']('manager:mainip', '') %} -{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %} -{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %} -{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %} -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - client_max_body_size 2500M; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - #server { - # listen 80 default_server; - # listen [::]:80 default_server; - # server_name _; - # root /opt/socore/html; - # index index.html; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - # location / { - # } - - # error_page 404 /404.html; - # location = /40x.html { - # } - - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # } - #} - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - -{% if FLEET_MANAGER %} - server { - listen 8090 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index blank.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ { - grpc_pass grpcs://{{ managerip }}:8080; - grpc_set_header Host $host; - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; - } - - } -{% endif %} - -# Settings for a TLS enabled server. - - server { - listen 443 ssl http2 default_server; - #listen [::]:443 ssl http2 default_server; - server_name _; - root /opt/socore/html; - index index.html; - - ssl_certificate "/etc/pki/nginx/server.crt"; - ssl_certificate_key "/etc/pki/nginx/server.key"; - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - # Load configuration files for the default server block. - #include /etc/nginx/default.d/*.conf; - - location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ managerip }}:9822; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location / { - auth_request /auth/sessions/whoami; - proxy_pass http://{{ managerip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location ~ ^/auth/.*?(whoami|login|logout|settings) { - rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ managerip }}:4433; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cyberchef/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /navigator/ { - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /packages/ { - try_files $uri =206; - auth_request /auth/sessions/whoami; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /grafana/ { - auth_request /auth/sessions/whoami; - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ managerip }}:3000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/ { - auth_request /auth/sessions/whoami; - rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ managerip }}:5601/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /nodered/ { - proxy_pass http://{{ managerip }}:1880/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /playbook/ { - proxy_pass http://{{ managerip }}:3200/playbook/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - {%- if FLEET_NODE %} - location /fleet/ { - return 301 https://{{ FLEET_IP }}/fleet; - } - {%- else %} - location /fleet/ { - proxy_pass https://{{ managerip }}:8080; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - {%- endif %} - - location /thehive/ { - proxy_pass http://{{ managerip }}:9000/thehive/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /cortex/ { - proxy_pass http://{{ managerip }}:9001/cortex/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /soctopus/ { - proxy_pass http://{{ managerip }}:7000/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /kibana/app/soc/ { - rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent; - } - - location /kibana/app/fleet/ { - rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent; - } - - location /kibana/app/soctopus/ { - rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; - } - - location /sensoroniagents/ { - proxy_pass http://{{ managerip }}:9822/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - proxy_set_header X-Forwarded-Proto $scheme; - } - - error_page 401 = @error401; - - location @error401 { - add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; - return 302 /auth/self-service/browser/flows/login; - } - - #error_page 404 /404.html; - # location = /usr/share/nginx/html/40x.html { - #} - - error_page 500 502 503 504 /50x.html; - location = /usr/share/nginx/html/50x.html { - } - } - -} From e75f8ba2575f6fa9aefa9ddd3c24832c8bf9941b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 09:39:29 -0400 Subject: [PATCH 035/487] [fix] Move root check to top of so-setup --- setup/so-functions | 9 --------- setup/so-setup | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3c056d23f..2505e1616 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1003,15 +1003,6 @@ get_redirect() { fi } -got_root() { - # Make sure you are root - uid="$(id -u)" - if [ "$uid" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi -} - get_minion_type() { local minion_type case "$install_type" in diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..093b1d1fb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -15,7 +15,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# Make sure you are root before doing anything +uid="$(id -u)" +if [ "$uid" -ne 0 ]; then + echo "This script must be run using sudo!" + exit 1 +fi + cd "$(dirname "$0")" || exit 255 + source ./so-functions source ./so-common-functions source ./so-whiptail From 42e00514f56bdfb6c2753cb39fe9e64bc64f83aa Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 11:09:14 -0400 Subject: [PATCH 036/487] Adding docker net setting --- setup/so-functions | 11 +++++++++++ setup/so-setup | 1 + setup/so-whiptail | 25 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 3c056d23f..0cfb5ded2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -845,6 +845,12 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ]"\ + " \"default-address-pools\": ["\ + " {"\ + " \"base\" : \"$DOCKERNET\","\ + " \"size\" : 24"\ + " }"\ + " ]"\ "}" > /etc/docker/daemon.json echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1 @@ -1139,12 +1145,17 @@ manager_global() { fi fi + if [ -z "$DOCKERNET" ]; then + DOCKERNET=172.17.0.0/16 + fi + # Create a global file for global values printf '%s\n'\ "global:"\ " soversion: '$SOVERSION'"\ " hnmanager: '$HNMANAGER'"\ " ntpserver: '$NTPSERVER'"\ + " dockernet: '$DOCKERNET'"\ " proxy: '$PROXY'"\ " mdengine: '$ZEEKVERSION'"\ " ids: '$NIDS'"\ diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..9fe10ae3a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -312,6 +312,7 @@ fi if [[ $is_helix || $is_manager || $is_import ]]; then whiptail_homenet_manager + whiptail_dockernet_check fi if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..a99d6a8c3 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -457,6 +457,31 @@ whiptail_dhcp_warn() { } +whiptail_dockernet_check(){ + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno \ + "Do you want to change the IP range Docker uses? (Choose no if you don't know what this means)" 8 75 + + local exitstatus=$? + + if [[ $exitstatus == 0 ]]; then + whiptail_dockernet_net + fi +} + +whiptail_dockernet_net() { + + [ -n "$TESTING" ] && return + + DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ + "\nEnter a network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0/16 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} whiptail_enable_components() { [ -n "$TESTING" ] && return From 83c23dd5de3d392731110872653264f0b3a58e28 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 11:20:39 -0400 Subject: [PATCH 037/487] [fix] Remove old got_root call --- setup/so-setup | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 093b1d1fb..f8a33a947 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -116,8 +116,6 @@ esac # Allow execution of SO tools during setup export PATH=$PATH:../salt/common/tools/sbin -got_root - detect_os && detect_cloud set_network_dev_status_list From 5054138be9323bd506c3b70447fb77f478d3516c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 11:21:03 -0400 Subject: [PATCH 038/487] [feat] Add analyst option + add back helix option --- setup/so-setup | 4 ++++ setup/so-whiptail | 60 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 49 insertions(+), 15 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index f8a33a947..e1ba7cf00 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -191,6 +191,10 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true elif [ "$install_type" = 'IMPORT' ]; then is_import=true +elif [ "$install_type" = 'ANALYST' ]; then + cd "$(dirname "$0")/../" || exit 255 + ./so-analyst-install + exit 0 fi # Say yes to the dress if its an ISO install diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..4ad09e073 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,11 +560,12 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 4 \ + "Choose install type:" 10 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ "IMPORT" "Standalone to import PCAP or log files " OFF \ + "OTHER" "Other install types" OFF \ 3>&1 1>&2 2>&3 ) @@ -572,21 +573,50 @@ whiptail_install_type() { whiptail_check_exitstatus $exitstatus if [[ $install_type == "DISTRIBUTED" ]]; then - install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ - "SENSOR" "Create a forward only sensor " OFF \ - "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ - "FLEET" "Dedicated Fleet Osquery Node " OFF \ - "HEAVYNODE" "Sensor + Search Node " OFF \ - 3>&1 1>&2 2>&3 - # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO - # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO - # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO - # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO - ) + whiptail_install_type_dist fi + if [[ $install_type == "OTHER" ]]; then + whiptail_install_type_other + fi + + export install_type +} + +whiptail_install_type_dist() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 6 \ + "MANAGER" "Start a new grid " ON \ + "SENSOR" "Create a forward only sensor " OFF \ + "SEARCHNODE" "Add a search node with parsing " OFF \ + "MANAGERSEARCH" "Manager + search node " OFF \ + "FLEET" "Dedicated Fleet Osquery Node " OFF \ + "HEAVYNODE" "Sensor + Search Node " OFF \ + 3>&1 1>&2 2>&3 + # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO + # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO + # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO + # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + export install_type +} + +whiptail_install_type_other() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 2 \ + "ANALYST" "Quit setup and run the installer for an analyst workstation" ON \ + "HELIXSENSOR" "Create a Helix sensor" OFF \ + 3>&1 1>&2 2>&3 + ) local exitstatus=$? whiptail_check_exitstatus $exitstatus From d4dd4aa416f203f3d2ad04082d7fbf4db1c94840 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 11:25:45 -0400 Subject: [PATCH 039/487] Add missing comma in daemon.json --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 0cfb5ded2..d7252bb53 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -844,7 +844,7 @@ docker_registry() { if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi printf '%s\n'\ "{"\ - " \"registry-mirrors\": [ \"$proxy:5000\" ]"\ + " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 474c4e54b4277c9cb56ee5a01c96ed196bf6c2a4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 27 Oct 2020 12:04:52 -0400 Subject: [PATCH 040/487] Ensure labels and icons are associated with all quick actions --- salt/soc/files/soc/alerts.actions.json | 8 ++++---- salt/soc/files/soc/hunt.actions.json | 6 +++--- salt/soc/files/soc/soc.json | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json index 5924750a4..b825c0131 100644 --- a/salt/soc/files/soc/alerts.actions.json +++ b/salt/soc/files/soc/alerts.actions.json @@ -1,6 +1,6 @@ [ - { "name": "", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, - { "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, - { "name": "", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } ] \ No newline at end of file diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json index 82f9731ed..254cf4c5d 100644 --- a/salt/soc/files/soc/hunt.actions.json +++ b/salt/soc/files/soc/hunt.actions.json @@ -1,5 +1,5 @@ [ - { "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, - { "name": "", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, - { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } + { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, + { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, + { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } ] \ No newline at end of file diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 1407218ad..d9da3f140 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -70,7 +70,7 @@ "relativeTimeValue": 24, "relativeTimeUnit": 30, "mostRecentlyUsedLimit": 5, - "dismissEnabled": false, + "ackEnabled": false, "escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }}, "eventFields": {{ hunt_eventfields | json }}, "queryBaseFilter": "", @@ -87,7 +87,7 @@ "relativeTimeValue": 24, "relativeTimeUnit": 30, "mostRecentlyUsedLimit": 5, - "dismissEnabled": true, + "ackEnabled": true, "escalateEnabled": {{ 'true' if THEHIVEKEY != '' else 'false' }}, "eventFields": {{ alerts_eventfields | json }}, "queryBaseFilter": "event.dataset:alert", From 970be4d530352d382d62aad61bd1a7cc7b6a2331 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:13:07 -0400 Subject: [PATCH 041/487] [fix] Change cd to relative Since the script already changes to the correct dir, we can work from relative directories now. --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e1ba7cf00..2d48f88d8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -192,7 +192,7 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then elif [ "$install_type" = 'IMPORT' ]; then is_import=true elif [ "$install_type" = 'ANALYST' ]; then - cd "$(dirname "$0")/../" || exit 255 + cd .. || exit 255 ./so-analyst-install exit 0 fi From 72dc267ab51092eec22e4c1fff1b223950b395b5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:14:44 -0400 Subject: [PATCH 042/487] [fix] Menu sizing fixes --- setup/so-whiptail | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 4ad09e073..9d2b2fcd6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,7 +560,7 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 5 \ + "Choose install type:" 12 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ @@ -612,9 +612,9 @@ whiptail_install_type_other() { [ -n "$TESTING" ] && return install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 2 \ - "ANALYST" "Quit setup and run the installer for an analyst workstation" ON \ - "HELIXSENSOR" "Create a Helix sensor" OFF \ + "Choose distributed node type:" 9 65 2 \ + "ANALYST" "Quit setup and run so-analyst-install " ON \ + "HELIXSENSOR" "Create a Helix sensor " OFF \ 3>&1 1>&2 2>&3 ) From a043bc7cc4ad8c44306db18fe4fb01e55cdb226b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:16:19 -0400 Subject: [PATCH 043/487] [fix] Second if to elif --- setup/so-whiptail | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 9d2b2fcd6..a6369c9b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -574,8 +574,7 @@ whiptail_install_type() { if [[ $install_type == "DISTRIBUTED" ]]; then whiptail_install_type_dist - fi - if [[ $install_type == "OTHER" ]]; then + elif [[ $install_type == "OTHER" ]]; then whiptail_install_type_other fi From 5a705fc0f257498c991e2462b2bdf1b1e5ed8677 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 27 Oct 2020 12:30:24 -0400 Subject: [PATCH 044/487] Add Hunt quick action for hunted events, grouping by dataset and module --- salt/soc/files/soc/hunt.actions.json | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json index 254cf4c5d..b825c0131 100644 --- a/salt/soc/files/soc/hunt.actions.json +++ b/salt/soc/files/soc/hunt.actions.json @@ -1,4 +1,5 @@ [ + { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" }, { "name": "actionPcap", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" }, { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" }, { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "link": "https://www.virustotal.com/gui/search/{value}", "target": "_blank" } From 697bc53aecdf84d22dd2aecb6998a5b039400ac5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 15:08:34 -0400 Subject: [PATCH 045/487] Dockernet Modifications --- salt/firewall/hostgroups.yaml | 3 ++- salt/fleet/init.sls | 6 ++++-- salt/playbook/init.sls | 6 ++++-- salt/soc/files/soc/soc.json | 4 +++- setup/so-whiptail | 6 +++--- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/salt/firewall/hostgroups.yaml b/salt/firewall/hostgroups.yaml index 5ff6b900b..778912911 100644 --- a/salt/firewall/hostgroups.yaml +++ b/salt/firewall/hostgroups.yaml @@ -1,3 +1,4 @@ +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} firewall: hostgroups: anywhere: @@ -9,7 +10,7 @@ firewall: ips: delete: insert: - - 172.17.0.0/24 + - {{ DNET }}/24 localhost: ips: delete: diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 220f3c4cb..e85358542 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -12,6 +12,8 @@ {% else %} {% set MAINIP = salt['pillar.get']('global:managerip') %} {% endif %} +{% set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + include: - mysql @@ -71,7 +73,7 @@ fleetdb: fleetdbuser: mysql_user.present: - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.0.0 - password: {{ FLEETPASS }} - connection_host: {{ MAINIP }} - connection_port: 3306 @@ -85,7 +87,7 @@ fleetdbpriv: - grant: all privileges - database: fleet.* - user: fleetdbuser - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.0.0 - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index c78743eb5..eb009b23e 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -10,6 +10,8 @@ {% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %} {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook_db', None) -%} +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + include: - mysql @@ -19,7 +21,7 @@ create_playbookdbuser: - mysql.user_create: - user: playbookdbuser - password: {{ PLAYBOOKPASS }} - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.255.0 - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root @@ -28,7 +30,7 @@ create_playbookdbuser: query_playbookdbuser_grants: mysql_query.run: - database: playbook - - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'172.17.0.0/255.255.0.0';" + - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DNET }}/255.255.255.0';" - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 1407218ad..bea5dde2f 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -9,6 +9,8 @@ {%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %} {%- import_json "soc/files/soc/hunt.actions.json" as hunt_actions %} {%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %} +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + { "logFilename": "/opt/sensoroni/logs/sensoroni-server.log", "server": { @@ -49,7 +51,7 @@ }, {% endif %} "statickeyauth": { - "anonymousCidr": "172.17.0.0/24", + "anonymousCidr": "{{ DNET }}/24", "apiKey": "{{ SENSORONIKEY }}" } }, diff --git a/setup/so-whiptail b/setup/so-whiptail index a99d6a8c3..f71a652f5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,11 +462,11 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to change the IP range Docker uses? (Choose no if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? (Choose yes if you don't know what this means)" 8 75 local exitstatus=$? - if [[ $exitstatus == 0 ]]; then + if [[ $exitstatus == 1 ]]; then whiptail_dockernet_net fi } @@ -476,7 +476,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0/16 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8fee19ee1bd36ec29dcef60a36f4d6d49b1f2ec0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:01:48 -0400 Subject: [PATCH 046/487] add bip for docker --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index d7252bb53..51f081b04 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -845,6 +845,7 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ + " \"bip\": \"$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24,\"\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ @@ -1146,7 +1147,7 @@ manager_global() { fi if [ -z "$DOCKERNET" ]; then - DOCKERNET=172.17.0.0/16 + DOCKERNET=172.17.0.0 fi # Create a global file for global values From fedf334ee9787157d695ad0825e703898eb8b8c5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:21:09 -0400 Subject: [PATCH 047/487] add bip for docker --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 51f081b04..7c6feb5c6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -841,11 +841,12 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 # Make the host use the manager docker registry + DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ - " \"bip\": \"$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24,\"\ + " \"bip\": \"$DNETBIP\",\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 741e17a637c08f7299c3fa032f6132f2e54ebe4f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:21:53 -0400 Subject: [PATCH 048/487] add bip for docker --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 7c6feb5c6..8de1f6ee4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -846,7 +846,7 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ - " \"bip\": \"$DNETBIP\",\ + " \"bip\": \"$DNETBIP\","\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 453247971eabd060788db7d5adf25f1e197ae677 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 28 Oct 2020 12:22:50 +0000 Subject: [PATCH 049/487] Add Wazuh user management scripts --- salt/common/tools/sbin/so-wazuh-user-add | 17 +++++++++++++++++ salt/common/tools/sbin/so-wazuh-user-passwd | 17 +++++++++++++++++ salt/common/tools/sbin/so-wazuh-user-remove | 17 +++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 salt/common/tools/sbin/so-wazuh-user-add create mode 100644 salt/common/tools/sbin/so-wazuh-user-passwd create mode 100644 salt/common/tools/sbin/so-wazuh-user-remove diff --git a/salt/common/tools/sbin/so-wazuh-user-add b/salt/common/tools/sbin/so-wazuh-user-add new file mode 100644 index 000000000..836e45959 --- /dev/null +++ b/salt/common/tools/sbin/so-wazuh-user-add @@ -0,0 +1,17 @@ +#!/bin/bash +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd /var/ossec/api/configuration/auth/user $1 diff --git a/salt/common/tools/sbin/so-wazuh-user-passwd b/salt/common/tools/sbin/so-wazuh-user-passwd new file mode 100644 index 000000000..836e45959 --- /dev/null +++ b/salt/common/tools/sbin/so-wazuh-user-passwd @@ -0,0 +1,17 @@ +#!/bin/bash +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd /var/ossec/api/configuration/auth/user $1 diff --git a/salt/common/tools/sbin/so-wazuh-user-remove b/salt/common/tools/sbin/so-wazuh-user-remove new file mode 100644 index 000000000..a70450f04 --- /dev/null +++ b/salt/common/tools/sbin/so-wazuh-user-remove @@ -0,0 +1,17 @@ +#!/bin/bash +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd -D /var/ossec/api/configuration/auth/user $1 From 8f7dffea4b9bf64c1cb68bde757834d1912c71cd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:10:43 -0400 Subject: [PATCH 050/487] Upodate dockernet menu --- setup/so-setup | 6 ++---- setup/so-whiptail | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 9fe10ae3a..50c37d15a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -310,10 +310,8 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then calculate_useable_cores fi -if [[ $is_helix || $is_manager || $is_import ]]; then - whiptail_homenet_manager - whiptail_dockernet_check -fi +whiptail_homenet_manager +whiptail_dockernet_check if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes diff --git a/setup/so-whiptail b/setup/so-whiptail index f71a652f5..cfad65fae 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -476,7 +476,9 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \n\ + \nThe same range MUST be used on ALL node\n\ + \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8d952eca7e9c63b8b42889afbf7224541726fbc4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:12:07 -0400 Subject: [PATCH 051/487] Upodate dockernet menu --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index cfad65fae..957532bed 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? (Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range?\n \n(Choose yes if you don't know what this means)" 8 75 local exitstatus=$? From 563a606e0e24d73cb4d3a308e07b2e039f6f0a02 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:14:14 -0400 Subject: [PATCH 052/487] Upodate dockernet menu --- setup/so-whiptail | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 957532bed..ae8d35d48 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,8 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range?\n \n(Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n\ + (Choose yes if you don't know what this means)" 8 75 local exitstatus=$? @@ -477,8 +478,8 @@ whiptail_dockernet_net() { DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ "\nEnter a /24 network range for docker to use: \n\ - \nThe same range MUST be used on ALL node\n\ - \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + The same range MUST be used on ALL node\n\ + (Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8173cb589b9b226a4427c99b4c208e752a8d1084 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:17:53 -0400 Subject: [PATCH 053/487] Update whiptail menu for docker question --- setup/so-whiptail | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index ae8d35d48..33e14f904 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,8 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? \n\ - (Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n(Choose yes if you don't know what this means)" 8 75 local exitstatus=$? @@ -477,9 +476,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \n\ - The same range MUST be used on ALL node\n\ - (Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \nThe same range MUST be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From bed70ab6bfca4b5ba2efcc5539c4c1fbc96b0e60 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:19:15 -0400 Subject: [PATCH 054/487] Update whiptail menu for docker question --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 33e14f904..d42df729e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? \n(Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n \n(Choose yes if you don't know what this means)" 10 75 local exitstatus=$? From b238c492e42104911412ce2a8d8eea66f5e69f5d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:50:10 -0400 Subject: [PATCH 055/487] Update so-functions --- setup/so-functions | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 607d0bd8e..f2a701e7e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -840,6 +840,9 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 + if [ -z "$DOCKERNET" ]; then + DOCKERNET=172.17.0.0 + fi # Make the host use the manager docker registry DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi From 348c2feee2dc7fb65d078c968ce115a3e785ce75 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 28 Oct 2020 11:06:57 -0400 Subject: [PATCH 056/487] Prevent usage of dollar signs in admin passwords during setup --- salt/common/tools/sbin/so-common | 2 +- setup/so-whiptail | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index b1dd425f8..43fdb8e01 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -48,6 +48,6 @@ check_container() { check_password() { local password=$1 - echo "$password" | egrep -v "'|\"|\\\\" > /dev/null 2>&1 + echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 return $? } \ No newline at end of file diff --git a/setup/so-whiptail b/setup/so-whiptail index 393c2c4af..cc37f0545 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -384,7 +384,7 @@ whiptail_invalid_pass_characters_warning() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 + whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." 8 75 } whiptail_cur_close_days() { From 3ee9f23d269ad37265a64c649ccc37543216cd56 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Oct 2020 12:28:34 -0400 Subject: [PATCH 057/487] [fix] Use url_base in sensoroni.json instead of manager hostname --- salt/pcap/files/sensoroni.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/pcap/files/sensoroni.json b/salt/pcap/files/sensoroni.json index 4fd31b96d..8a9027bd0 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/pcap/files/sensoroni.json @@ -1,4 +1,4 @@ -{%- set MANAGER = salt['grains.get']('master') -%} +{%- set URLBASE = salt['pillar.get']('global:url_base') %} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} {%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%} { @@ -6,7 +6,7 @@ "logLevel":"info", "agent": { "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }}, - "serverUrl": "https://{{ MANAGER }}/sensoroniagents", + "serverUrl": "https://{{ URLBASE }}/sensoroniagents", "verifyCert": false, "modules": { "importer": {}, From b02d434a0ede17b933789a2d1e1757a59b3f9409 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Oct 2020 12:29:09 -0400 Subject: [PATCH 058/487] [fix] Change any scripts using auth headers to url_base --- salt/common/tools/sbin/so-cortex-user-add | 4 ++-- salt/common/tools/sbin/so-cortex-user-enable | 4 ++-- salt/common/tools/sbin/so-thehive-user-add | 4 ++-- salt/common/tools/sbin/so-thehive-user-enable | 4 ++-- salt/thehive/scripts/cortex_init | 21 +++++++++---------- salt/thehive/scripts/hive_init | 12 ++++++----- 6 files changed, 25 insertions(+), 24 deletions(-) diff --git a/salt/common/tools/sbin/so-cortex-user-add b/salt/common/tools/sbin/so-cortex-user-add index 5785a7f22..1fdada70d 100755 --- a/salt/common/tools/sbin/so-cortex-user-add +++ b/salt/common/tools/sbin/so-cortex-user-add @@ -31,7 +31,7 @@ fi USER=$1 CORTEX_KEY=$(lookup_pillar cortexkey) -CORTEX_IP=$(lookup_pillar managerip) +CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api" CORTEX_ORG_NAME=$(lookup_pillar cortexorgname) CORTEX_USER=$USER @@ -43,7 +43,7 @@ fi read -rs CORTEX_PASS # Create new user in Cortex -resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }") +resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }") if [[ "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully added user to Cortex." else diff --git a/salt/common/tools/sbin/so-cortex-user-enable b/salt/common/tools/sbin/so-cortex-user-enable index 5fded5c33..c67b358b2 100755 --- a/salt/common/tools/sbin/so-cortex-user-enable +++ b/salt/common/tools/sbin/so-cortex-user-enable @@ -31,7 +31,7 @@ fi USER=$1 CORTEX_KEY=$(lookup_pillar cortexkey) -CORTEX_IP=$(lookup_pillar managerip) +CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api" CORTEX_USER=$USER case "${2^^}" in @@ -46,7 +46,7 @@ case "${2^^}" in ;; esac -resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }") +resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }") if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully updated user in Cortex." else diff --git a/salt/common/tools/sbin/so-thehive-user-add b/salt/common/tools/sbin/so-thehive-user-add index 2fb9e6d4b..03e670dde 100755 --- a/salt/common/tools/sbin/so-thehive-user-add +++ b/salt/common/tools/sbin/so-thehive-user-add @@ -31,7 +31,7 @@ fi USER=$1 THEHIVE_KEY=$(lookup_pillar hivekey) -THEHIVE_IP=$(lookup_pillar managerip) +THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api" THEHIVE_USER=$USER # Read password for new user from stdin @@ -47,7 +47,7 @@ if ! check_password "$THEHIVE_PASS"; then fi # Create new user in TheHive -resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}") +resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}") if [[ "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully added user to TheHive" else diff --git a/salt/common/tools/sbin/so-thehive-user-enable b/salt/common/tools/sbin/so-thehive-user-enable index 714643a83..2f3d95a0f 100755 --- a/salt/common/tools/sbin/so-thehive-user-enable +++ b/salt/common/tools/sbin/so-thehive-user-enable @@ -31,7 +31,7 @@ fi USER=$1 THEHIVE_KEY=$(lookup_pillar hivekey) -THEHIVE_IP=$(lookup_pillar managerip) +THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api" THEHIVE_USER=$USER case "${2^^}" in @@ -46,7 +46,7 @@ case "${2^^}" in ;; esac -resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }") +resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }") if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then echo "Successfully updated user in TheHive" else diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index d358b8dd4..beade9c4b 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -1,5 +1,5 @@ #!/bin/bash -# {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %} +# {%- set URLBASE = salt['pillar.get']('global:url_base', '') %} # {%- set CORTEXUSER = salt['pillar.get']('global:cortexuser', 'cortexadmin') %} # {%- set CORTEXPASSWORD = salt['pillar.get']('global:cortexpassword', 'cortexchangeme') %} # {%- set CORTEXKEY = salt['pillar.get']('global:cortexkey', '') %} @@ -17,7 +17,7 @@ cortex_clean(){ cortex_init(){ sleep 60 - CORTEX_IP="{{MANAGERIP}}" + CORTEX_API_URL="{{URLBASE}}/cortex/api" CORTEX_USER="{{CORTEXUSER}}" CORTEX_PASSWORD="{{CORTEXPASSWORD}}" CORTEX_KEY="{{CORTEXKEY}}" @@ -29,31 +29,30 @@ cortex_init(){ # Migrate DB - curl -v -k -XPOST -L "https://$CORTEX_IP:/cortex/api/maintenance/migrate" + curl -v -k -XPOST -L "https://$CORTEX_API_URL/maintenance/migrate" # Create intial Cortex superadmin - curl -v -k -L "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}" + curl -v -k -L "https://$CORTEX_API_URL/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}" # Create user-supplied org - curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization" -d "{ \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}" + curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization" -d "{ \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}" # Create user-supplied org user - curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }" + curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }" # Enable URLScan.io Analyzer - curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}' + curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}' # Enable Cert PassiveDNS Analyzer - curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}' + curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}' # Revoke $CORTEX_USER key - curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" -L "https:///$CORTEX_IP/api/user/$CORTEX_USER/key" + curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" -L "https://$CORTEX_API_URL/user/$CORTEX_USER/key" # Update SOCtopus config with apikey value #sed -i "s/cortex_key = .*/cortex_key = $CORTEX_KEY/" $SOCTOPUS_CONFIG touch /opt/so/state/cortex.txt - } if [ -f /opt/so/state/cortex.txt ]; then @@ -61,7 +60,7 @@ if [ -f /opt/so/state/cortex.txt ]; then exit 0 else rm -f garbage_file - while ! wget -O garbage_file {{MANAGERIP}}:9500 2>/dev/null + while ! wget -O garbage_file {{URLBASE}}:9500 2>/dev/null do echo "Waiting for Elasticsearch..." rm -f garbage_file diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index f47f60b0a..51eefeac8 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -1,5 +1,6 @@ #!/bin/bash # {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %} +# {%- set URLBASE = salt['pillar.get']('global:url_base', '') %} # {%- set THEHIVEUSER = salt['pillar.get']('global:hiveuser', 'hiveadmin') %} # {%- set THEHIVEPASSWORD = salt['pillar.get']('global:hivepassword', 'hivechangeme') %} # {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %} @@ -11,7 +12,8 @@ thehive_clean(){ thehive_init(){ sleep 120 - THEHIVE_IP="{{MANAGERIP}}" + THEHIVE_URL="{{URLBASE}}/thehive" + THEHIVE_API_URL="$THEHIVE_URL/api" THEHIVE_USER="{{THEHIVEUSER}}" THEHIVE_PASSWORD="{{THEHIVEPASSWORD}}" THEHIVE_KEY="{{THEHIVEKEY}}" @@ -21,7 +23,7 @@ thehive_init(){ COUNT=0 THEHIVE_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail -k "https://$THEHIVE_IP/thehive" + curl --output /dev/null --silent --head --fail -k "https://$THEHIVE_URL" if [ $? -eq 0 ]; then THEHIVE_CONNECTED="yes" echo "connected!" @@ -36,15 +38,15 @@ thehive_init(){ if [ "$THEHIVE_CONNECTED" == "yes" ]; then # Migrate DB - curl -v -k -XPOST -L "https://$THEHIVE_IP:/thehive/api/maintenance/migrate" + curl -v -k -XPOST -L "https://$THEHIVE_API_URL/maintenance/migrate" # Create intial TheHive user - curl -v -k -L "https://$THEHIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}" + curl -v -k -L "https://$THEHIVE_API_URL/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}" # Pre-load custom fields # # reputation - curl -v -k -L "https://$THEHIVE_IP/thehive/api/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}" + curl -v -k -L "https://$THEHIVE_API_URL/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}" touch /opt/so/state/thehive.txt From 98c669e80bd3ab62c86b08f448e07a1925f82232 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 28 Oct 2020 14:29:29 -0400 Subject: [PATCH 059/487] Disable nginx server version and TLSv1.0/TLSv1.1 --- salt/nginx/etc/nginx.conf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index facfb4c22..6cc7427fc 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -36,6 +36,8 @@ http { types_hash_max_size 2048; client_max_body_size 2500M; + server_tokens off; + include /etc/nginx/mime.types; default_type application/octet-stream; @@ -88,6 +90,7 @@ http { ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; } {%- endif %} @@ -105,6 +108,7 @@ http { ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; location /fleet/ { proxy_pass https://{{ main_ip }}:8080; @@ -151,7 +155,7 @@ http { ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; - + ssl_protocols TLSv1.2; location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { proxy_pass http://{{ url_base }}:9822; From 361b13dc8800b9a28d460859f4d6c00db9abef03 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 15:25:00 -0400 Subject: [PATCH 060/487] Add a place where custom logstash certs can go --- salt/logstash/etc/certs/Put.Your.Certs.Here.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 salt/logstash/etc/certs/Put.Your.Certs.Here.txt diff --git a/salt/logstash/etc/certs/Put.Your.Certs.Here.txt b/salt/logstash/etc/certs/Put.Your.Certs.Here.txt new file mode 100644 index 000000000..e69de29bb From 13be0da4846904e7f5e54a768c128c57b318f646 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 15:26:41 -0400 Subject: [PATCH 061/487] Add a place where custom logstash certs can go --- salt/logstash/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index ad11bf567..cec84bbc1 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -173,6 +173,7 @@ so-logstash: - /sys/fs/cgroup:/sys/fs/cgroup:ro - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro + - /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro {% if grains['role'] == 'so-heavynode' %} - /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro {% else %} From 3abd1c9f1686c3b7f3c9ff073c578515ba0e4b0e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 28 Oct 2020 16:08:19 -0400 Subject: [PATCH 062/487] [fix] Configure soctopus to use url_base --- salt/soctopus/files/SOCtopus.conf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf index 1b2e5fd3d..29f31f95f 100644 --- a/salt/soctopus/files/SOCtopus.conf +++ b/salt/soctopus/files/SOCtopus.conf @@ -1,4 +1,5 @@ {%- set MANAGER = salt['pillar.get']('global:url_base', '') %} +{%- set URLBASE = salt['pillar.get']('global:url_base', '') %} {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %} {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %} {%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %} @@ -14,7 +15,7 @@ es_verifycert = no [cortex] auto_analyze_alerts = no -cortex_url = https://{{MANAGER}}/cortex/ +cortex_url = https://{{URLBASE}}/cortex/ cortex_key = {{ CORTEXKEY }} supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS @@ -35,7 +36,7 @@ grr_user = YOURGRRUSER grr_pass = YOURGRRPASS [hive] -hive_url = https://{{MANAGER}}/thehive/ +hive_url = https://{{URLBASE}}/thehive/ hive_key = {{ HIVEKEY }} hive_tlp = 3 hive_verifycert = no @@ -66,7 +67,7 @@ soc_url = http://{{MANAGER}}:9822 [playbook] playbook_url = http://{{MANAGER}}:3200/playbook -playbook_ext_url = https://{{MANAGER}}/playbook +playbook_ext_url = https://{{URLBASE}}/playbook playbook_key = {{ PLAYBOOK_KEY }} playbook_verifycert = no playbook_unit_test_index = playbook-testing From 91221c43323d7b485f60da2160b029cbcbf761ca Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 29 Oct 2020 10:23:12 -0400 Subject: [PATCH 063/487] [revert] Move proxy_pass back to ip --- salt/nginx/etc/nginx.conf | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index facfb4c22..238536a70 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -4,6 +4,7 @@ {% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %} {%- endif %} +{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %} {%- set url_base = salt['pillar.get']('global:url_base') %} {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %} @@ -59,7 +60,7 @@ http { {%- if role == 'fleet' %} grpc_pass grpcs://{{ main_ip }}:8080; {%- else %} - grpc_pass grpcs://{{ url_base }}:8080; + grpc_pass grpcs://{{ manager_ip }}:8080; {%- endif %} grpc_set_header Host $host; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -154,7 +155,7 @@ http { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) { - proxy_pass http://{{ url_base }}:9822; + proxy_pass http://{{ manager_ip }}:9822; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -168,7 +169,7 @@ http { location / { auth_request /auth/sessions/whoami; - proxy_pass http://{{ url_base }}:9822/; + proxy_pass http://{{ manager_ip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -182,7 +183,7 @@ http { location ~ ^/auth/.*?(whoami|login|logout|settings) { rewrite /auth/(.*) /$1 break; - proxy_pass http://{{ url_base }}:4433; + proxy_pass http://{{ manager_ip }}:4433; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -241,7 +242,7 @@ http { location /grafana/ { auth_request /auth/sessions/whoami; rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ url_base }}:3000/; + proxy_pass http://{{ manager_ip }}:3000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -254,7 +255,7 @@ http { location /kibana/ { auth_request /auth/sessions/whoami; rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ url_base }}:5601/; + proxy_pass http://{{ manager_ip }}:5601/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -265,7 +266,7 @@ http { } location /nodered/ { - proxy_pass http://{{ url_base }}:1880/; + proxy_pass http://{{ manager_ip }}:1880/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -278,7 +279,7 @@ http { } location /playbook/ { - proxy_pass http://{{ url_base }}:3200/playbook/; + proxy_pass http://{{ manager_ip }}:3200/playbook/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -297,7 +298,7 @@ http { {%- else %} location /fleet/ { - proxy_pass https://{{ url_base }}:8080; + proxy_pass https://{{ manager_ip }}:8080; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -310,7 +311,7 @@ http { {%- endif %} location /thehive/ { - proxy_pass http://{{ url_base }}:9000/thehive/; + proxy_pass http://{{ manager_ip }}:9000/thehive/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -322,7 +323,7 @@ http { } location /cortex/ { - proxy_pass http://{{ url_base }}:9001/cortex/; + proxy_pass http://{{ manager_ip }}:9001/cortex/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_http_version 1.1; # this is essential for chunked responses to work @@ -334,7 +335,7 @@ http { } location /soctopus/ { - proxy_pass http://{{ url_base }}:7000/; + proxy_pass http://{{ manager_ip }}:7000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -360,7 +361,7 @@ http { if ($http_authorization = "") { return 403; } - proxy_pass http://{{ url_base }}:9822/; + proxy_pass http://{{ manager_ip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; From 6359e03ba6ee8c1203d718505f664eb410efcc2d Mon Sep 17 00:00:00 2001 From: jtgreen-cse <67059096+jtgreen-cse@users.noreply.github.com> Date: Thu, 29 Oct 2020 15:03:13 -0400 Subject: [PATCH 064/487] fix for Windows events via osquery This change was required to properly let Windows events flow through their specific pipelines. Otherwise, the `temp` field stays around and gets ingested in ES. --- salt/elasticsearch/files/ingest/osquery.query_result | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/files/ingest/osquery.query_result b/salt/elasticsearch/files/ingest/osquery.query_result index 3a6ed15a3..67a0b39f8 100644 --- a/salt/elasticsearch/files/ingest/osquery.query_result +++ b/salt/elasticsearch/files/ingest/osquery.query_result @@ -6,7 +6,7 @@ { "gsub": { "field": "message2.columns.data", "pattern": "\\\\xC2\\\\xAE", "replacement": "", "ignore_missing": true } }, { "rename": { "if": "ctx.message2.columns?.eventid != null", "field": "message2.columns", "target_field": "winlog", "ignore_missing": true } }, { "json": { "field": "winlog.data", "target_field": "temp", "ignore_failure": true } }, - { "rename": { "field": "temp.Data", "target_field": "winlog.event_data", "ignore_missing": true } }, + { "rename": { "field": "temp.EventData", "target_field": "winlog.event_data", "ignore_missing": true } }, { "rename": { "field": "winlog.source", "target_field": "winlog.channel", "ignore_missing": true } }, { "rename": { "field": "winlog.eventid", "target_field": "winlog.event_id", "ignore_missing": true } }, { "pipeline": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "name": "sysmon" } }, @@ -22,4 +22,4 @@ { "set": { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false} }, { "pipeline": { "name": "common" } } ] -} \ No newline at end of file +} From 71a260a000e3521df375ccaff46c20d392f6e1a4 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 2 Nov 2020 08:38:45 -0500 Subject: [PATCH 065/487] Match max-pending-packets size --- salt/suricata/afpacket.map.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/suricata/afpacket.map.jinja b/salt/suricata/afpacket.map.jinja index 37b80aa87..a6c390abb 100644 --- a/salt/suricata/afpacket.map.jinja +++ b/salt/suricata/afpacket.map.jinja @@ -7,9 +7,9 @@ af-packet: use-mmap: yes threads: {{ salt['pillar.get']('sensor:suriprocs', salt['pillar.get']('sensor:suripins') | length) }} tpacket-v3: yes - ring-size: {{ salt['pillar.get']('sensor:suriringsize', '2048') }} + ring-size: {{ salt['pillar.get']('sensor:suriringsize', '5000') }} - interface: default #threads: auto #use-mmap: no #tpacket-v3: yes -{% endload %} \ No newline at end of file +{% endload %} From 2acb930a2e78347f5653112a4416441bc970dcb6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 2 Nov 2020 11:06:38 -0500 Subject: [PATCH 066/487] fix: Remove crontab for automation installs --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index f2a701e7e..52d0435b8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -747,7 +747,7 @@ detect_os() { disable_auto_start() { - if crontab -l 2>&1 | grep so-setup > /dev/null 2>&1; then + if crontab -l -u $INSTALLUSERNAME 2>&1 | grep so-setup > /dev/null 2>&1; then # Remove the automated setup script from crontab, if it exists logCmd "crontab -u $INSTALLUSERNAME -r" fi From 1c4abcef15ee4c8246c471ac970849eac44ef674 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Nov 2020 14:25:02 -0500 Subject: [PATCH 067/487] [fix] Kill all jobs before checking if we can reach the salt master --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index f2a701e7e..36886b49e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -264,6 +264,7 @@ check_service_status() { check_salt_master_status() { echo "Checking if we can talk to the salt master" >> "$setup_log" 2>&1 + salt-call saltutil.kill_all_jobs > /dev/null 2>&1 salt-call state.show_top > /dev/null 2>&1 local status=$? #true if there is an issue talking to salt master From 033f5dbb9c57ee8c3d3bf7f345bfb90cb81932af Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Nov 2020 14:25:46 -0500 Subject: [PATCH 068/487] [fix] Use (mostly) absolute path when adding to PATH --- setup/so-setup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index d699e9f57..c88b3935f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -114,7 +114,8 @@ case "$setup_type" in esac # Allow execution of SO tools during setup -export PATH=$PATH:../salt/common/tools/sbin +local_sbin="$(pwd)/../salt/common/tools/sbin" +export PATH=$PATH:$local_sbin detect_os && detect_cloud set_network_dev_status_list From 6420ee0310bb326dc81e696bc22962793ae59ec9 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 2 Nov 2020 19:28:12 +0000 Subject: [PATCH 069/487] Update parsing for scan.exiftool --- salt/elasticsearch/files/ingest/strelka.file | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file index 06e2d5cb0..82474d8b5 100644 --- a/salt/elasticsearch/files/ingest/strelka.file +++ b/salt/elasticsearch/files/ingest/strelka.file @@ -6,16 +6,16 @@ { "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } }, { "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } }, { "rename": { "field": "scan.hash", "target_field": "hash", "ignore_missing": true } }, - + { "rename": { "field": "scan.exiftool", "target_field": "exiftool", "ignore_missing": true } }, { "grok": { "if": "ctx.request?.attributes?.filename != null", "field": "request.attributes.filename", "patterns": ["-%{WORD:log.id.fuid}-"], "ignore_failure": true } }, { "foreach": { - "if": "ctx.scan?.exiftool?.keys !=null", - "field": "scan.exiftool.keys", + "if": "ctx.exiftool?.keys !=null", + "field": "exiftool.keys", "processor":{ - "set": { - "field": "scan.exiftool.{{_ingest._value.key}}", - "value": "{{_ingest._value.value}}" + "append": { + "field": "scan.exiftool", + "value": "{{_ingest._value.key}}={{_ingest._value.value}}" } } } @@ -42,7 +42,8 @@ { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 70 && ctx.rule?.score <=89", "field": "event.severity", "value": 3, "override": true } }, { "set": { "if": "ctx.rule?.score != null && ctx.rule?.score >= 90", "field": "event.severity", "value": 4, "override": true } }, { "set": { "field": "observer.name", "value": "{{agent.name}}" }}, - { "remove": { "field": ["host", "path", "message", "scan.exiftool.keys", "scan.yara.meta"], "ignore_missing": true } }, + { "convert" : { "field" : "scan.exiftool","type": "string", "ignore_missing":true }}, + { "remove": { "field": ["host", "path", "message", "exiftool", "scan.yara.meta"], "ignore_missing": true } }, { "pipeline": { "name": "common" } } ] } From 3113d5fbdba75661ffa44c85df407a25e71f0d73 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 2 Nov 2020 19:31:14 +0000 Subject: [PATCH 070/487] Format scan.exiftool as text --- salt/elasticsearch/templates/so/so-common-template.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json index 7db65f62c..74ff3748a 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json +++ b/salt/elasticsearch/templates/so/so-common-template.json @@ -379,9 +379,14 @@ } } }, - "scan":{ + "scan":{ "type":"object", - "dynamic": true + "dynamic": true, + "properties":{ + "exiftool":{ + "type":"text" + } + } }, "server":{ "type":"object", From 184d163d6532f0502848f6ade9afe06eb0b1c268 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 2 Nov 2020 15:04:05 -0500 Subject: [PATCH 071/487] Do not persist the Cortex PID file; This allows Cortex to recover from non-graceful container shutdowns, such as a power loss event on the host machine --- salt/thehive/etc/cortex-application.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/thehive/etc/cortex-application.conf b/salt/thehive/etc/cortex-application.conf index d84566068..88bea88df 100644 --- a/salt/thehive/etc/cortex-application.conf +++ b/salt/thehive/etc/cortex-application.conf @@ -6,6 +6,7 @@ # WARNING: If you deploy your application on several servers, make sure to use the same key. play.http.secret.key="{{ CORTEXPLAYSECRET }}" play.http.context=/cortex/ +pidfile.path = "/dev/null" search.uri = "http://{{ MANAGERIP }}:9400" # Elasticsearch From 24a54a326ce10e279e81be21066470b874b93762 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 2 Nov 2020 21:03:45 +0000 Subject: [PATCH 072/487] Allow for muliple files for rules --- salt/idstools/init.sls | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls index 439c778aa..f3f040895 100644 --- a/salt/idstools/init.sls +++ b/salt/idstools/init.sls @@ -58,11 +58,12 @@ rulesdir: - makedirs: True synclocalnidsrules: - file.managed: - - name: /opt/so/rules/nids/local.rules - - source: salt://idstools/local.rules + file.recurse: + - name: /opt/so/rules/nids/ + - source: salt://idstools/ - user: 939 - group: 939 + - include_pat: 'E@.rules' so-idstools: docker_container.running: @@ -81,4 +82,4 @@ idstools_state_not_allowed: test.fail_without_changes: - name: idstools_state_not_allowed -{% endif%} \ No newline at end of file +{% endif%} From 7e090b08948ec1d4e697f089aca98a3e6590aeda Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 2 Nov 2020 16:23:34 -0500 Subject: [PATCH 073/487] dont echo salt minion config file to prevent mysql.pass from showing in sosetup.log --- setup/so-functions | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 52d0435b8..c842c85b8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -430,8 +430,6 @@ configure_minion() { { systemctl restart salt-minion; - printf '%s\n' '----'; - cat "$minion_config"; } >> "$setup_log" 2>&1 } From 05549a236205a97011241d26460c8a7d6f65e33b Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 2 Nov 2020 21:36:44 +0000 Subject: [PATCH 074/487] Add Zeek intel.dat --- salt/zeek/policy/intel/intel.dat | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 salt/zeek/policy/intel/intel.dat diff --git a/salt/zeek/policy/intel/intel.dat b/salt/zeek/policy/intel/intel.dat new file mode 100644 index 000000000..ca10994b6 --- /dev/null +++ b/salt/zeek/policy/intel/intel.dat @@ -0,0 +1,5 @@ +#fields indicator indicator_type meta.source meta.do_notice +# EXAMPLES: +#66.32.119.38 Intel::ADDR Test Address T +#www.honeynet.org Intel::DOMAIN Test Domain T +#4285358dd748ef74cb8161108e11cb73 Intel::FILE_HASH Test MD5 T From f007ef0ef5ad0b459ebaef733c51c320fb5fbb67 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 2 Nov 2020 17:00:02 -0500 Subject: [PATCH 075/487] Update so-functions --- setup/so-functions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 52d0435b8..4c223fd3d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1693,10 +1693,12 @@ setup_salt_master_dirs() { if [ "$setup_type" = 'iso' ]; then rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + mkdir -p $local_salt_dir/salt/zeek/policy/intel >> "$setup_log" 2>&1 cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1 else cp -Rv ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 cp -Rv ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + mkdir -p $local_salt_dir/salt/zeek/policy/intel >> "$setup_log" 2>&1 cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1 fi From 7dca988c1132ef34435a506746e5ad7140ddf78c Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 3 Nov 2020 14:53:50 +0000 Subject: [PATCH 076/487] Remove Wazuh API creds after registering intial agent --- salt/wazuh/files/agent/wazuh-register-agent | 50 ++++++++++++--------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index 6e7f40137..bcb674dbf 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -47,6 +47,10 @@ cat < try to register the agent +echo "Waiting before registering agent..." sleep 30s -STATUS=$(curl -s -k -u $USER:$PASSWORD -L $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g') -if [[ $STATUS == "Active" ]]; then +if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then echo "Agent $AGENT_ID already registered!" + exit 0 else register_agent + cleanup_creds + echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log + exit 0 fi #remove_agent From 562a0165797ca13ad1bc0a8e9ef256f8400c07c8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Nov 2020 10:23:56 -0500 Subject: [PATCH 077/487] remove more from sosetup.log --- setup/so-functions | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index c842c85b8..c1af97744 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1633,12 +1633,17 @@ salt_checkin() { done echo " Confirming existence of the CA certificate" - cat /etc/pki/ca.crt + openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates echo " Applyng a mine hack"; salt "$MINION_ID" mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt; salt "$MINION_ID" mine.update; - echo " Confirming salt mine now contain the certificate"; - salt "$MINION_ID" mine.get '*' x509.get_pem_entries; + echo "Confirming salt mine now contains the certificate"; + salt "$MINION_ID" mine.get '*' x509.get_pem_entries | grep -E 'BEGIN CERTIFICATE|END CERTIFICATE'; + if [ $? -eq 0 ]; then + echo "CA in mine" + else + echo "CA not in mine" + fi echo " Applying SSL state"; salt-call state.apply ssl; } >> "$setup_log" 2>&1 From 7f4b8e8183fe6c31258add1079bf4d0904028efa Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 11:39:42 -0500 Subject: [PATCH 078/487] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6138a2271..3c2835764 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.2 +## Security Onion 2.3.3 -Security Onion 2.3.2 is here! +Security Onion 2.3.3 is here! ### Release Notes From 85ea61bf987524f9ebc3831f886e2cb487420599 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 11:40:03 -0500 Subject: [PATCH 079/487] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index f90b1afc0..0bee604df 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.2 +2.3.3 From 82a7b7e02deeaff8ed8752e9bd8f6f8cc819b346 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 3 Nov 2020 11:50:21 -0500 Subject: [PATCH 080/487] Upgrade to Kratos 0.5.3-alpha1 --- salt/nginx/etc/nginx.conf | 2 +- salt/soc/files/kratos/kratos.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 73867a5c3..1463420b7 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -379,7 +379,7 @@ http { location @error401 { add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; - return 302 /auth/self-service/browser/flows/login; + return 302 /auth/self-service/login/browser; } error_page 500 502 503 504 /50x.html; diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/soc/files/kratos/kratos.yaml index 928e744d0..c26aeec3f 100644 --- a/salt/soc/files/kratos/kratos.yaml +++ b/salt/soc/files/kratos/kratos.yaml @@ -2,7 +2,7 @@ {%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%} selfservice: - strategies: + methods: password: enabled: true From a859aa4f48144a57a57152123b32e051854a8a68 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 3 Nov 2020 11:54:28 -0500 Subject: [PATCH 081/487] upgrade from salt 3001.1 to salt 3002.1 - https://github.com/Security-Onion-Solutions/securityonion/issues/1807 --- salt/salt/master.defaults.yaml | 2 +- salt/salt/minion.defaults.yaml | 2 +- setup/so-functions | 22 +++++++++++----------- setup/yum_repos/saltstack.repo | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index 8694ffbc7..02742737a 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: - version: 3001.1 \ No newline at end of file + version: 3002.1 \ No newline at end of file diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 31c313df6..26384e55e 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: - version: 3001.1 \ No newline at end of file + version: 3002.1 \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 06f103cfc..a971d23c1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1410,7 +1410,7 @@ saltify() { if [ $OS = 'centos' ]; then set_progress_str 5 'Installing Salt repo' { - sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub; + sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub; cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; } >> "$setup_log" 2>&1 set_progress_str 6 'Installing various dependencies' @@ -1427,14 +1427,14 @@ saltify() { # Download Ubuntu Keys in case manager updates = 1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 if [[ ! $is_airgap ]]; then - logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub" + logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH" logCmd "cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo" fi set_progress_str 7 'Installing salt-master' if [[ ! $is_iso ]]; then - logCmd "yum -y install salt-master-3001.1" + logCmd "yum -y install salt-master-3002.1" fi systemctl enable salt-master >> "$setup_log" 2>&1 ;; @@ -1462,7 +1462,7 @@ saltify() { { if [[ ! $is_iso ]]; then yum -y install epel-release - yum -y install salt-minion-3001.1\ + yum -y install salt-minion-3002.1\ python3\ python36-docker\ python36-dateutil\ @@ -1506,8 +1506,8 @@ saltify() { 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR? # Add saltstack repo(s) - wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1515,7 +1515,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 @@ -1528,7 +1528,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=3001.1+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-master=3002.1+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1 ;; *) @@ -1539,14 +1539,14 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=3001.1+ds-1\ - salt-common=3001.1+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-minion=3002.1+ds-1\ + salt-common=3002.1+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 diff --git a/setup/yum_repos/saltstack.repo b/setup/yum_repos/saltstack.repo index 2e1b425fb..d104e252c 100644 --- a/setup/yum_repos/saltstack.repo +++ b/setup/yum_repos/saltstack.repo @@ -1,6 +1,6 @@ [saltstack] name=SaltStack repo for RHEL/CentOS $releasever PY3 -baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/ +baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/ enabled=1 gpgcheck=1 -gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub \ No newline at end of file +gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub \ No newline at end of file From aa9aa592137e9551e15a4356d98fc677be41d6e2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 3 Nov 2020 12:27:55 -0500 Subject: [PATCH 082/487] Correct cheatsheetUrl for airgap installs --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index f5326597a..c48229a0c 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -56,7 +56,7 @@ "client": { {%- if ISAIRGAP is sameas true %} "docsUrl": "/docs/", - "docsUrl": "/docs/cheatsheet.pdf", + "cheatsheetUrl": "/docs/cheatsheet.pdf", {%- else %} "docsUrl": "https://docs.securityonion.net/en/2.3/", "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf", From 887f412e481105d9cac4c18a8988ab2f176b9db8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 13:54:00 -0500 Subject: [PATCH 083/487] Remove docker_clean from docker_update function --- salt/common/tools/sbin/soup | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index e24b7f105..770b8077c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -381,8 +381,6 @@ update_dockers() { docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION done fi - # Cleanup on Aisle 4 - clean_dockers echo "Add Registry back if airgap" if [ $is_airgap -eq 0 ]; then docker load -i $AGDOCKER/registry_image.tar From 00fc256c37fbe53cf1346f074ee6bc0efa7edfea Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 14:51:35 -0500 Subject: [PATCH 084/487] [fix][wip] Add reinstall_init function Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 19 ++++++++++++++++++- setup/so-setup | 4 ++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 36886b49e..9f903dd47 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1411,6 +1411,24 @@ reserve_group_ids() { groupadd -g 946 cyberchef } +reinstall_init() { + + # Move last setup log to backup + mv $setup_log $setup_log.bak + + # Stop salt so it won't highstate and start containers back up. + if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then + systemctl stop salt-master + fi + systemctl stop salt-minion + + # Remove startup highstate from minion config so we don't immediately highstate when salt starts back up + sed -i '/startup_states/d' $minion_config + + # Stop all containers so files can be changed with more safety + docker stop $(docker ps -a -q) +} + # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml saltify() { @@ -1566,7 +1584,6 @@ saltify() { } salt_checkin() { - case "$install_type" in 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # Fix Mine usage { diff --git a/setup/so-setup b/setup/so-setup index c88b3935f..dc8ea1566 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -57,6 +57,10 @@ done # Begin Installation pre-processing parse_install_username +if [[ -f $setup_log ]]; then + reinstall_init +fi + title "Initializing Setup" info "Installing as the $INSTALLUSERNAME user" From 93ab4b5d4f072a45624ce49993dde32dbc4dd19b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:44:37 -0500 Subject: [PATCH 085/487] [fix][wip] Add reinstall_init function (part 2) Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9f903dd47..099f27317 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1412,21 +1412,22 @@ reserve_group_ids() { } reinstall_init() { + is_reinstall=0 + export is_reinstall # Move last setup log to backup mv $setup_log $setup_log.bak - # Stop salt so it won't highstate and start containers back up. - if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then - systemctl stop salt-master - fi - systemctl stop salt-minion + { + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up + sed -i '/startup_states/d' $minion_config - # Remove startup highstate from minion config so we don't immediately highstate when salt starts back up - sed -i '/startup_states/d' $minion_config + # Disable schedule so highstate doesn't start running during the install + salt-call -l info schedule.disable - # Stop all containers so files can be changed with more safety - docker stop $(docker ps -a -q) + # Stop all containers so files can be changed with more safety + docker stop $(docker ps -a -q) + } >> $setup_log 2>&1 } # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml From 57e7e61f2123cdf4593e79fd72e72952071d6c07 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:45:19 -0500 Subject: [PATCH 086/487] [fix] Don't add proxy to yum.conf on manager nodes --- salt/yum/etc/yum.conf.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/yum/etc/yum.conf.jinja b/salt/yum/etc/yum.conf.jinja index 22449083e..bef9c2128 100644 --- a/salt/yum/etc/yum.conf.jinja +++ b/salt/yum/etc/yum.conf.jinja @@ -11,6 +11,6 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release -{% if salt['pillar.get']('global:managerupdate', '0') %} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') %} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 -{% endif %} \ No newline at end of file +{% endif %} From 1c91e2d50b75f03787d805753dbfdbcf2723b0c1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:48:08 -0500 Subject: [PATCH 087/487] [fix] Add minion_config variable so sed works --- setup/so-functions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 099f27317..63f7aebf6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1412,6 +1412,8 @@ reserve_group_ids() { } reinstall_init() { + local minion_config=/etc/salt/minion + is_reinstall=0 export is_reinstall From 6169758f4e8d0b27a4f3a5b6e6796682956dbf56 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 16:47:59 -0500 Subject: [PATCH 088/487] [fix] 0 -> root so file owner is set correctly --- salt/common/init.sls | 4 ++-- salt/filebeat/init.sls | 4 ++-- salt/nodered/init.sls | 4 ++-- salt/telegraf/init.sls | 2 +- salt/wazuh/init.sls | 10 +++++----- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 769484ef3..90a713c11 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -158,8 +158,8 @@ Etc/UTC: utilsyncscripts: file.recurse: - name: /usr/sbin - - user: 0 - - group: 0 + - user: root + - group: root - file_mode: 755 - template: jinja - source: salt://common/tools/sbin diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index b770f7cc8..26aca3542 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -58,8 +58,8 @@ filebeatconfsync: file.managed: - name: /opt/so/conf/filebeat/etc/filebeat.yml - source: salt://filebeat/etc/filebeat.yml - - user: 0 - - group: 0 + - user: root + - group: root - template: jinja - defaults: INPUTS: {{ salt['pillar.get']('filebeat:config:inputs', {}) }} diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls index ac886a6b7..8b583bf91 100644 --- a/salt/nodered/init.sls +++ b/salt/nodered/init.sls @@ -52,8 +52,8 @@ noderedflowsload: file.managed: - name: /usr/sbin/so-nodered-load-flows - source: salt://nodered/files/nodered_load_flows - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 0bbf131f7..bae80c697 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -26,7 +26,7 @@ tgrafetsdir: tgrafsyncscripts: file.recurse: - name: /opt/so/conf/telegraf/scripts - - user: 0 + - user: root - group: 939 - file_mode: 700 - template: jinja diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index f2a4ae05b..03cd3f89e 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -65,7 +65,7 @@ wazuhagentconf: file.managed: - name: /var/ossec/etc/ossec.conf - source: salt://wazuh/files/agent/ossec.conf - - user: 0 + - user: root - group: 945 - template: jinja @@ -81,8 +81,8 @@ wazuhagentregister: file.managed: - name: /usr/sbin/wazuh-register-agent - source: salt://wazuh/files/agent/wazuh-register-agent - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja @@ -91,8 +91,8 @@ wazuhmgrwhitelist: file.managed: - name: /usr/sbin/wazuh-manager-whitelist - source: salt://wazuh/files/wazuh-manager-whitelist - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja From 96ec483ae4efd64acebbdcd5fba62ed4627ae336 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 16:49:00 -0500 Subject: [PATCH 089/487] [fix][wip] Remove /opt/so directory during reinstall --- setup/so-functions | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 63f7aebf6..6a76f85c3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1413,14 +1413,19 @@ reserve_group_ids() { reinstall_init() { local minion_config=/etc/salt/minion - + is_reinstall=0 export is_reinstall # Move last setup log to backup mv $setup_log $setup_log.bak + info "Putting system in state to run setup again" + { + # Remove /opt/so since we'll be rebuilding this directory during setup + rm -rf /opt/so + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up sed -i '/startup_states/d' $minion_config From def993f4ed5829a0b0f70684f219513e1636ca44 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 3 Nov 2020 16:50:22 -0500 Subject: [PATCH 090/487] Improve salt version update comment --- setup/so-functions | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index a971d23c1..08f9dd8b6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1403,7 +1403,12 @@ reserve_group_ids() { groupadd -g 946 cyberchef } -# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml +# CAUTION! SALT VERSION UDDATES - READ BELOW +# When updating the salt version, also update the version in: +# - securityonion-builds/iso-resources/build.sh +# - securityonion-builds/iso-resources/packages.lst +# - securityonion/salt/salt/master.defaults.yaml +# - securityonion/salt/salt/minion.defaults.yaml saltify() { # Install updates and Salt From 3bf57382ce8d381e676e1bac0812a7724363ffda Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 17:05:34 -0500 Subject: [PATCH 091/487] [fix] Change when /opt/so is removed --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6a76f85c3..802cf45e5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1423,9 +1423,6 @@ reinstall_init() { info "Putting system in state to run setup again" { - # Remove /opt/so since we'll be rebuilding this directory during setup - rm -rf /opt/so - # Remove startup_states from minion config so we don't immediately highstate when salt starts back up sed -i '/startup_states/d' $minion_config @@ -1434,6 +1431,9 @@ reinstall_init() { # Stop all containers so files can be changed with more safety docker stop $(docker ps -a -q) + + # Remove /opt/so since we'll be rebuilding this directory during setup + rm -rf /opt/so } >> $setup_log 2>&1 } From e8616e4d46f7d200296b9a4d60ab6c521307949d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 17:19:55 -0500 Subject: [PATCH 092/487] Update soup --- salt/common/tools/sbin/soup | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 770b8077c..e7ddd0ee2 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -409,6 +409,10 @@ upgrade_check_salt() { if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then echo "You are already running the correct version of Salt for Security Onion." else + UPGRADESALT=1 + fi + +upgrade_salt() { SALTUPGRADED=True echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "" @@ -419,7 +423,11 @@ upgrade_check_salt() { yum versionlock delete "salt-*" echo "Updating Salt packages and restarting services." echo "" - sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION" + if [ $is_airgap -eq 0 ]; then + sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable "$NEWSALTVERSION" + else + sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION" + fi echo "Applying yum versionlock for Salt." echo "" yum versionlock add "salt-*" @@ -439,7 +447,6 @@ upgrade_check_salt() { apt-mark hold "salt-master" apt-mark hold "salt-minion" fi - fi } verify_latest_update_script() { @@ -500,29 +507,38 @@ echo "Let's see if we need to update Security Onion." upgrade_check space_check +echo "Checking for Salt Master and Minion updates." +upgrade_check_salt + echo "" echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION." echo "" +echo "Updating dockers to $NEWVERSION." +update_dockers +echo "" echo "Stopping Salt Minion service." systemctl stop salt-minion echo "" echo "Stopping Salt Master service." systemctl stop salt-master echo "" -echo "Checking for Salt Master and Minion updates." -upgrade_check_salt +# Does salt need upgraded. If so update it. +if [ "$UPGRADESALT" == "1" ]; then + echo "Upgrading Salt" + # Update the repo files so it can actually upgrade + if [ $is_airgap -eq 0 ]; then + update_centos_repo + fi + upgrade_salt +fi echo "Making pillar changes." pillar_changes echo "" -echo "" -echo "Updating dockers to $NEWVERSION." -update_dockers - # Only update the repo if its airgap -if [ $is_airgap -eq 0 ]; then +if [[ $is_airgap -eq 0 ]] && [[ "$UPGRADESALT" != "1" ]]; then update_centos_repo fi From 8edb1529a9fc7ae3a422e8d124d5e86a1928b7e2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 17:36:53 -0500 Subject: [PATCH 093/487] Update soup --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index e7ddd0ee2..a2af78d64 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -411,7 +411,7 @@ upgrade_check_salt() { else UPGRADESALT=1 fi - +} upgrade_salt() { SALTUPGRADED=True echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." From db31cf3083fbb70ac811e46f789d7d72b197cef6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 18:10:16 -0500 Subject: [PATCH 094/487] [refactor][fix] Remove old so-* containers, make fs changes after whiptail menus --- setup/so-functions | 16 ++++++---------- setup/so-setup | 15 +++++++++++---- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 802cf45e5..9adc8e038 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1414,13 +1414,8 @@ reserve_group_ids() { reinstall_init() { local minion_config=/etc/salt/minion - is_reinstall=0 - export is_reinstall - - # Move last setup log to backup - mv $setup_log $setup_log.bak - info "Putting system in state to run setup again" + info "Some commands may fail depending on whether setup previously succeeded" { # Remove startup_states from minion config so we don't immediately highstate when salt starts back up @@ -1429,11 +1424,12 @@ reinstall_init() { # Disable schedule so highstate doesn't start running during the install salt-call -l info schedule.disable - # Stop all containers so files can be changed with more safety - docker stop $(docker ps -a -q) + # Stop and remove all so-* containers so files can be changed with more safety + docker stop $(docker ps -a -q --filter "name=so-") + docker rm $(docker ps -a -q --filter "name=so-") - # Remove /opt/so since we'll be rebuilding this directory during setup - rm -rf /opt/so + # Backup /opt/so since we'll be rebuilding this directory during setup + mv /opt/so /opt/so_old } >> $setup_log 2>&1 } diff --git a/setup/so-setup b/setup/so-setup index dc8ea1566..348578f8c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -54,13 +54,16 @@ while [[ $# -gt 0 ]]; do esac done +if [[ -f $setup_log ]]; then + is_reinstall=true + + # Move last setup log to backup + mv $setup_log $setup_log.bak +fi + # Begin Installation pre-processing parse_install_username -if [[ -f $setup_log ]]; then - reinstall_init -fi - title "Initializing Setup" info "Installing as the $INSTALLUSERNAME user" @@ -425,6 +428,10 @@ whiptail_make_changes # From here on changes will be made. +if [[ $is_reinstall ]]; then + reinstall_init +fi + if [[ -n "$TURBO" ]]; then use_turbo_proxy fi From c7367eea38f457951728dcf309c0eda73d81dddf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 19:08:58 -0500 Subject: [PATCH 095/487] Fix AGREPO Variable --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a2af78d64..efcf2eaac 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -286,7 +286,7 @@ unmount_update() { update_centos_repo() { # Update the files in the repo echo "Syncing new updates to /nsm/repo" - rsync -a $AGDOCKER/repo /nsm/repo + rsync -a $AGREPO/repo /nsm/repo echo "Creating repo" createrepo /nsm/repo } From cf001875c2f016aebd04cf8a531b647878087c12 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 3 Nov 2020 20:14:15 -0500 Subject: [PATCH 096/487] Update soup --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index efcf2eaac..85aaea1b3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -286,7 +286,7 @@ unmount_update() { update_centos_repo() { # Update the files in the repo echo "Syncing new updates to /nsm/repo" - rsync -a $AGREPO/repo /nsm/repo + rsync -av $AGREPO/* /nsm/repo/ echo "Creating repo" createrepo /nsm/repo } From ec64314b70e8d9fad09b16543259a0aa931825ea Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 10:00:44 -0500 Subject: [PATCH 097/487] Fix soup to clear yum cache for airgap --- salt/common/tools/sbin/soup | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 85aaea1b3..aac34acb8 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -140,9 +140,9 @@ detect_os() { } highstate() { - # Run a highstate but first cancel a running one. - salt-call saltutil.kill_all_jobs - salt-call state.highstate -l info + # Run a highstate. + echo "Running a highstate. This could take a few minutes" + salt-call state.highstate -l info queue=True } masterlock() { @@ -529,6 +529,7 @@ if [ "$UPGRADESALT" == "1" ]; then # Update the repo files so it can actually upgrade if [ $is_airgap -eq 0 ]; then update_centos_repo + yum clean all fi upgrade_salt fi @@ -575,10 +576,12 @@ highstate playbook unmount_update -SALTUPGRADED="True" -if [[ "$SALTUPGRADED" == "True" ]]; then +if [ "$UPGRADESALT" == "1" ]; then echo "" echo "Upgrading Salt on the remaining Security Onion nodes from $INSTALLEDSALTVERSION to $NEWSALTVERSION." + if [ $is_airgap -eq 0 ]; then + salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" + fi salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion echo "" fi From 4592e2d4d7bc9f97215468d9785e187849aa4b82 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 10:08:01 -0500 Subject: [PATCH 098/487] add airgap option to upgradecommand --- salt/salt/map.jinja | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 89ceadd5b..40a0f4095 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -1,5 +1,6 @@ {% import_yaml 'salt/minion.defaults.yaml' as salt %} {% set SALTVERSION = salt.salt.minion.version %} +{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% if grains.os|lower == 'ubuntu' %} {% set COMMON = 'salt-common' %} @@ -9,10 +10,14 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} + {% if ISAIRGAP is sameas true %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION %} + {% else %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} + {% endif %} {% elif grains.os|lower == 'ubuntu' %} {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} -{% endif %} \ No newline at end of file +{% endif %} From 49af35b44010ec732340560c9bec9f16b778bb05 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 10:38:48 -0500 Subject: [PATCH 099/487] [fix][wip] Add reinstall_init function (part 3) Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 9adc8e038..24bf8a5aa 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1424,9 +1424,12 @@ reinstall_init() { # Disable schedule so highstate doesn't start running during the install salt-call -l info schedule.disable + # Kill any currently running salt jobs, also to prevent issues with highstate. + salt-call -l info saltutil.kill_all_jobs + # Stop and remove all so-* containers so files can be changed with more safety docker stop $(docker ps -a -q --filter "name=so-") - docker rm $(docker ps -a -q --filter "name=so-") + docker rm -f $(docker ps -a -q --filter "name=so-") # Backup /opt/so since we'll be rebuilding this directory during setup mv /opt/so /opt/so_old From e989fc7041834e1c32631f26ffef28d6566e74ab Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 10:58:52 -0500 Subject: [PATCH 100/487] Update map.jinja --- salt/salt/map.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 40a0f4095..9c7d0ac39 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -1,5 +1,5 @@ -{% import_yaml 'salt/minion.defaults.yaml' as salt %} -{% set SALTVERSION = salt.salt.minion.version %} +{% import_yaml 'salt/minion.defaults.yaml' as saltminion %} +{% set SALTVERSION = saltminion.salt.minion.version %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% if grains.os|lower == 'ubuntu' %} From 3d7069864745bb2fadb3dfb9fac58987d3a78079 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 11:26:56 -0500 Subject: [PATCH 101/487] [fix] Remove old mysql db directory --- setup/so-functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 24bf8a5aa..5c66d2b75 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1433,6 +1433,10 @@ reinstall_init() { # Backup /opt/so since we'll be rebuilding this directory during setup mv /opt/so /opt/so_old + + # Remove container data directories + rm -f /nsm/mysql + } >> $setup_log 2>&1 } From a364f13d2429476844291a788b1d4df03af3cba3 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 4 Nov 2020 11:42:39 -0500 Subject: [PATCH 102/487] Add issue template --- .github/ISSUE_TEMPLATE | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE new file mode 100644 index 000000000..350358e43 --- /dev/null +++ b/.github/ISSUE_TEMPLATE @@ -0,0 +1,10 @@ +PLEASE STOP AND READ THIS INFORMATION! + +If you are creating an issue just to ask a question, you will likely get faster and better responses by posting to our discussions forum instead: +https://securityonion.net/discuss + +If you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following: +- duplicated the issue on a fresh installation of the latest version +- provide information about your system and how you installed Security Onion +- include relevant log files +- include reproduction steps From 1e9e156a8720984f8463a8de92b084e506b3f425 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 4 Nov 2020 11:49:22 -0500 Subject: [PATCH 103/487] Improve issue template directions --- .github/ISSUE_TEMPLATE | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE index 350358e43..e02405f16 100644 --- a/.github/ISSUE_TEMPLATE +++ b/.github/ISSUE_TEMPLATE @@ -3,7 +3,9 @@ PLEASE STOP AND READ THIS INFORMATION! If you are creating an issue just to ask a question, you will likely get faster and better responses by posting to our discussions forum instead: https://securityonion.net/discuss -If you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following: +If you think you have found a possible bug or are observing a behavior that you weren't expecting, use the discussion forum to start a conversation about it instead of creating an issue. + +If you are very familiar with the latest version of the product and are confident you have found a bug in Security Onion, you can continue with creating an issue here, but please make sure you have done the following: - duplicated the issue on a fresh installation of the latest version - provide information about your system and how you installed Security Onion - include relevant log files From 8d5c29340ef4cc003541d9fc7f82883b9c2c8624 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 4 Nov 2020 12:03:57 -0500 Subject: [PATCH 104/487] Add screenshots to readme --- README.md | 7 +++++++ screenshots/alerts-1.png | Bin 0 -> 192060 bytes screenshots/hunt-1.png | Bin 0 -> 140926 bytes 3 files changed, 7 insertions(+) create mode 100644 screenshots/alerts-1.png create mode 100644 screenshots/hunt-1.png diff --git a/README.md b/README.md index 6138a2271..f4c060623 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,13 @@ Security Onion 2.3.2 is here! +## Screenshots + +Alerts +![Alerts](https://raw.githubusercontent.com/security-onion-solutions/securityonion/master/screenshots/alerts-1.png) + +Hunt +![Hunt](https://raw.githubusercontent.com/security-onion-solutions/securityonion/master/screenshots/hunt-1.png) ### Release Notes diff --git a/screenshots/alerts-1.png b/screenshots/alerts-1.png new file mode 100644 index 0000000000000000000000000000000000000000..140150c776129ad3533e997838adf39e63b6597d GIT binary patch literal 192060 zcmce;bySsW^fihNA|WU!DTss;(j9J4x>1mn?(Q~Flt#K6q+1$9x?4)RVbk4ral-Sv zG48nc`{Ucg;bG&B=Y5{F=9+V^^`0*>QonH0q?qv(()@L_RI6a;OCf7Yi(fM4MJaviBXQOmnt??qzcrbGb<?4`UlX>rY z)ZFJoK~%F_w_i-ZAHIJ-0++`pk5h}`(pw3^@Q59%I2!lOxa5tlxm0S0j2zM0V=tYr zHfEjYWvu5aOuch`j1qy*aKx_E1xENGC#s6t-(2$!n)j3{{LF92--2*_)6cT4gFG;t zw|4z-*SK%NQ^LBSIWB1eQ3eCkr

ch{}`v;f# zvETFD!oG%lhn{yu3Z;cjJdejX@t$2Oh45ps+j@*j&Azx#IkaLsOg>d*^IC0DuC4b6 zIuP7{O5hFcFV z-;BRR7k|U&Eoa_~E$i!RKL}emP(9v@VBf&ILW2GN)`M$pKg9AdXFnkFFpwy7@i+<} z1ShFEFbQf6El5-^4+>B%UdMXIa1Vu{7S#c(@d4`3XF8v68a_J;K-0N4EGW^8yY&GP zZ$XVI<{|fhk;3y8f-oNO?cQV0y=Sc5UEMT`JT}*s->(U}c4O~cKf0Cl21nw9t){#K zX1m90i>E|r4DaP9Q!MDCZ`{APbJ*F2ov_D$bSv<`Tzthen!Iyf+8pRsN`gWi1{U4Q0TKP6v_kUd@ z{Ontos-^gbU3>q{N=^`j6pv8FCNa@Svt3p7^qHpMAe3J#8WrekZmEV}L=%lE($g7B; zn8Y}#n64P#fT3?Z(^b~l0naq_n07qt{p%)u-tKp{w6;HOUo9%Es1DvA80f?34q065 zt%~Q)5+2|ghTA6*o^Yb4a%#ysb9Kv(nKp-ZpbtD-RtvB z^-cYt7pX^7s9LC8C_JxY&9I#^|8m}*HV;q2o5h;{k|#$Q?6xJJu=m3MtI!__JrPwkl>Ae!OawDy`W>N?b0(TOsvnAl5* ziBt<1bE?p*VBZVf<2k;0%#EpY!`+h=QxY?mIGgC2pEL0~r)TvR?a?xFn$|YQ zn#79HPSj?2wYM&ru`WC+B20}jhcCxiRl35>%G$2YihFI(v!d8J@>p}fwoK3Zn)QCy z>i*N6Nhjp?;;xPZrPJBs@QUta!*0fw)3WJo$3EZWX|!&wm@ctq)mHv);8FC>;SW3Q zT&XRVK5lqbM&8&YRB&~zjZAkx_dRjzpnjf=%>?il!^x? z&l=wAPuWd9sT+Ox?Y1~Mrf{YI&X?Z=hfiC1#7G7RB)>>~&iQhNJwqr@)JMooW%m+U z%(2QLt18b!&&PEpaI%P~`N)ljNx|`Gmg={f&Ub^u#3$ax_-PD$g&qYS6|+L*l#G;{ z7Ss4<)Focrk@cb@F)Tl|x9zsnx2g^woshlrj91#=8GcyC;rO)Sp{{dlK)1NkVF?4*(n)&}eVD1fX-&z4`jgB!%u-(l>J6vAOH{SbMX2FC5v@+PPao|i78g#g z?Y+Vz@?GRt@N+?eloc!ML;J02lP;te(!VV+EJi7(T($DV$xpX4HF}}!tc*WfAa^p` zK+Q1EYOJ;TW!B5%SAv;AuS#+lm4iz3-kAOv5nTDa()(*n$-JW4;j{vSkuY-GX8YIt zt~>sQnrXFFHA{_t(s5(!de4M+_4?3kp5b7s`L&bxnIFG@O!=t6w#}w-TD#_1K-ySB zVZJo9Txq+`hGg6PUh!Q0xu@4lZ)@-4lCIHlnV-}&)Q%%X6<%_ak-D~@1<}@a}Sm;*xQf!mOJNCC8X_>oR3eQ?i}Zm>hRxlF5SC5FI%e}(v%`? z6RU8lx2fWqYrP)9H&MMJ{V)Lls zx7%aaLnham2DZ=B8*94WkY5qr*guSWlt_4LY#bK=WcP|SLR0}26?Jq*$I4LOE z$Z6U?u&^@MGc?hCVB=_^`{0?33?m8(YQ&6~bcZ-ytHdj6>Q?EtcF{RGlq=e}^tj@< z;z>eRu3SOCg8G!@=~K3=Utb7(=TxBXLAe$l9+h$_q3m@*1kLBJYbes?cMS;XhI~*^ z9-xQ{JyURqMvmF5$}67V*a&*6`}|VLRebSF*RIO`_6nI&zg66Mv(w1H{nAnVn&j~N^?pS-RFVBAD~eEBjZHFwLp|Mrek+*1jGhUJCRWm5KqSm!m-JTX4b zLlQqbZpjN$|Ib4JmCR#w1oz*kC@62SQ00K)|NC&jNQW!^_fh$&|K7hpqoAk@8r}Nu zSuPpt^*_(v4h9fh`Sa|Dv54=bKhGvv8-B&2xWt!!^7Fcm8BHJRfo&<8I&1izdagA2 zx6RJ4?F_OD~{n~V0)kO^ck3#Xt5{1vr!5@p-Ojb zS<*T@oBtoXhJNt|Y|*vdBi}f8zOKQ2{@u}rvO!}%$q=5Z{k4T_f0q9DXJd-}!ZO|`Ij`!+s0 zI=YIb)_*VOBV#?w+i<9ib2}R7>EWcLEH5uVsv57DPf-wbbUgfg`(YTZTFyjOg;&8% z&${%SoSgJ@NAG=;j)niC1>>2~iRR%}+W<+dczb($W@e_gR-%eM)1yaSNl8grS=Tu@ zIHaOk9Bbb{*T^|C8Yx;j8mlliGSbyaE;+#??ce_IA`zdpjHM@ICN~}EbIhdtI#c!L zc}N)G!MWsSBcZU7|KOcK_ei0!n7UhRf35SI@m!6G>Qr9mo&NQ4K}E&1qN1G!Z~V*e zCfCNer!*HDUD;B_!*Z_N7{Mf9X}0U0tag>;<#l#;qQ^jsD6*_O^28!7n*Ei%d9|L_*S~!`(c3E*#ePS)B4&OxMm3X}nVH{(;&a!+Apaw5)auh; z$4WAj$8jM@qL^qjGWgnXyb3ZwV&Z5HBEQ_+!O<%GxGs&Ik4=fsy+eY736R*h#J02? zpHIDf30R#{y+?}-`_RawgsE3KdB$R_^rtiT z$*HMTy{Y|OQ&$(s82LMWGnl5&#MD$5sj8q_xqE&x7x!{|^YEnEn30D>n)=S#c=1Cn zN@Z$ngG~oLJv|Z<@!g#rR5Fzl_QPXyr?^5RG6se?^GX*jtwbsxdl&Dz&TvNSu_NEr zQTuqTYnPv?k0+f}R^GrO-C63hZ@=f9x=?Ja$cyJLtFYrFU3rFw$8CpXV`C%pXph@> zME~#~h8eJ7dRntGwYImbW>h66{&afVP^f>+3X9s@h{%cUcc= zr`_s^?|tp{H9qIXyeW?Wdp3J9Kos%hcA<5n_LWXJu*o&;vPMoaCk>fx5Z7OTgE@ zHgWfU4Z6BIpM*|jgL_cbsYrTrIJVrYS9a6&aY2;68v8T*3>wuYqu*BtnyK|PnaC&} zK0Nh)j(!t8?l$6;d+~ggB*~vO3_0yA_AI8y@xL3 zYj$_ZJbZ{ajat6yN;oeLTg;=4VBB|_6~T6WKg@Zt?4d_#!(EC-Unla^BaqQ2uuSBq zTOpBANcKNP@IWafG?dLLBRTp0mB-)TFp-ic$b3slX&CGa%ddfpXg`F{t5Ajo>9f;6 zy@^VO%yd9Lv z;if~;8`NW(((*EHE>4vl_LL{pDX|PM&pm(6Y%Yqs(ozSU+UV5$DMLS+mghSNA3b`+ z#l^KN9fQt2>T_vM-Bwg_;k$|I}%2hX1sGrL_$E_6wAZNoukH4$T1n}lRcGn zG~8&tE<16(kNqA2v&qM}lpK=blXqNbKVu`PM9)>e_dmSASk5ol)3b}eCl3UXpL#Qs zy=+TMPuSH?UAxwf6eXiMI3FK1zQ5)T2RT-BxGVK(q3is#Zr>PN}mWt9m^X!PWgc z&n;}N_qVnJ%RR=aDJhk62>*bw3(?~zPX=A8lxgwAi`U1CnaTL7?_X(+As{`OvCx!F z_c_$ze_4rbAQsBK62U5<9blyjny;cYAv@ z4g1vGoVJnC3)BeS(T)js+|}q{n~4ecz75R}Vf4EOjS8!uZr#24@$`6itjbtl!bZVi zh%?rR4W`sqwD&AjZ;iMMavIMoVUr z=?_n~9dBTgkb6*2QmB?%RBJa$J$&J#(@DaOr=+4Hj(VS?JJfYxAXBlmtqqNAhUiSc zkdK*pds6#Zo#!xP?rMJgkFg57Zcg^Sf`h}uZHLN}lM}QV;)p>Cnx!+q3un7^au1i8 zxrZ;E-j9Di739IYBQmJLZu#(EjCt$-LZsO+ETRvp*HRq-uzAhy8N|Z8FQvUvR?^rH zu7wxe>_yZ^F|dNDr{j$L{BhXR%kw0TbXhn? zOgEgw?#WVD6Bv{Cj^Of6O_~Pa(&(7RL&nvbfv8Pv7p1T*Qt5?ghXORB({1|6E{o>!t zMj?%83uC~@FJxs|)EpTs_5U)prp7(tBKdGO$GB3vX-}oZtaYgDTdBzSrV2gHlH0kP zD=$x&g9GhAU*F93A&?jzo-jDw@SWC(uC28fAOOQQy6$oxs|4MQdt zmYZCA`u-&6bWfj}kH0^1t#qy4-8msgMiY%rx5N;fS5Q0}lNKvqUs;)3o?ly7$W2Kp zww#%-tgPI~vsUIIArlf8Ux{+6$P}I09QjI_)IOgu;H5&%gCs&5YM9w1icx1^*K3vU z$4Z?s8%w+a>y@9m^y`-gHvPVB&sT5!t~gHX$T4AQe`!=2S{F)N(}hkoR5FC-cBZL} zviW1`TG~J}i*%-cBkM<+AZ%-WOW#ZEwZ|Y4eK#Hf@w?Fg*ScyPeY(_Y*2 zMJ+iof9sA%08rA|xw*|l7a)P@kFgyc9j{;iM9gicrF?SAp3mK#iAuIB9(;>{kgpJUQ*XVxahX!129MKr znFV;Xsp*ZeO2-d|HCBgP^ ztlRQ_dutn&jE7{s?ze|8UiyRcJE;bVJlAY@7N?#l(&HlV=#SoyoegSGSy@@3l4aH? zGs6-`h7tsuBIt8Gv2FlV1K=Br3(+7bz+FtG~;dS{!-EW&wsOMkV$*Uc6}3aIN}8vOYR$p@v@O;py3PMOonW zP5-8(uKax6{(pB7CC;xfA)&yY&w9QH88eq7vq=Vo6AN`{ZoS4(T<|#+5Cb*jl;~Lt zk#=Gd#1-faHnZPExWtc&nZlZ8%1X;uhpW6V0`R^6HF!q1r-Va75*ln1Hx|^juUTtLA1-WP zyEedbec7@PaJr7#snQDK&9=IzGk;R-m~TW2dYjoiFr!Tk9Lh?xa{4u zyA*TP$E78LU1$9tv!>3WS5~^Hs*TyNj|WBv-@(Q0nAwz&?10}aZNafMC&!70IeC2g z1cL0qV>U&cS4%tb+T}}eU8E-L^=)loT?^J1TUo6-me0n4{T4s|SSpPrno*o#O> zDSz(|5> z(LVlsBp%uk$*TVYWyP0pP@~!=y}aBD+v?cv_v)x6hB~X&>^BADPytZ~3CQ8972gW{KjK9|+(jXsk&J?p%Lu3?EJZJMK2=Yz{pJM7a)3`_^qaxU z?zGfTDY<}M4VpE}D389w#=*sPMJmNBEF=R5Z{#j7FRLgo@6+6d#}*05@kHm++lWy5 z-R3su*=06w%)7X_#JI%8&ihjD1h65tZiPe#3!M$?NPBI>#r`~3qvdf9%?u06&5Yt! zJ3qE}Q0mSX*!wyP)v;*ulMHom6>=R|M`&0W!|Q_fp`qF4z8j~t4UO+Jy1}Vs0K~~%J9xfta1@Z9V%p>tI*mKV@C1vF!M)*oprr? zW_fuT$U|kNFjQ5W3Z6g6c2Ej7m_3j``kXZ|NE~=b#_XgwYOV$TSry9cR{rXzeNoK} zIc&rkCYDNh|CPZ19NHpmxf%ETixPTx$k-$Mtm!huw6ZhTpKsV;6!>^CjY|_|RunLsKMj+78@z?&g~j|GTD1?Tv}u1f@qe>5}8)-||2I z_xC8ImzLo7Hn%$J=Bxt$^R`{CCL8yVAAFbxZ}#8UZdm@n)Z4I|#QI|}|7d!aUrdEU ziiYX=Ve*fIKKbx%apV8xb?=Vn>Hqy4*q;`G|2`H4<^PAp{=c}(|8I`|9Tls5a3W6* zx54gp-M~bVf ztFcIU4mO)ePft%*mY3a*S4-|Q>lL}^4By4a=Xczibshi1eo!W_^h6goc6N4-kB_&u zwt`S^YNDc|(r*i;OHED9RLsr!_RXNhq|uLf1&KV_?&803<3?ZTHuw)4byym1hjXi= zCDv9}%1j)B7ZFE}^Mzm~&;9(Y#OjY2MtSQ_eE5sNy6iVY&B<29dbK=oqmGUkcJo-^ z@!-IQ(yJZqgB^hA@9$S;B7`e>|NcELl~f*~{p!eb)CfLTF0xrqQn!N{fBqqT{r2$N z#KaxH?dRJgsH9_kzI@@dp1R<>FeG`qJXy9h8)Moza|(jEs?ykrJMy;ZIJaJydv10nX0;o*9;1EyJ^@-F9U;u2^{0)vH&1NO+H;%&W;fV26`aQ+r?EM$ppI8W|ad zdxnOFqM@N}RsV-8DA`iK`js>^&L?X>eE)_TK3>oh(<7j?lmp0^&+ls2W4F_z z=R!i*h!JqCocEAb&ig>ync3KY^i@53_6$k98XO$#;_BMh*9T=8`X%P$m4@c#UD3rQ zB{eonI6+R#p$r;s3!TIo8W+da-Q8`w@{5y`({}B51oqc}fbJT1cf{v{f`Tt!L`6hU zUB9KL4;Sip9UM56#qyz`xV)#p`EmiMum8!{6RZfi8IbM7JPrZSQ~32ON2P@R=~D{` z5M*-*c4AtZ{l?_8KoJ&LNRvNlW=6)*;i03GlU3Q)-CBdA4r@?hU?WAS_}^zvEhu2( z;)=x9($q}&_Duv==P?`GcjLhviThqiBoh8{-b6^qqqx`>s398Jr%#{2S8=5St$gd& zEqe9J=Az$~j`HMz_Xr4Z5I8tEU{WWfr0DADy?Xg_cTmGUB0L1kFcv#sdg#*^yvk}K_shjz1AjxkFAZ(vVC87_rb-dKz@{2FPM#2 zI{tWjDbD@OQAtTjT|Ji8o`#O@u6KjY{oLTr7;Ye?Ju{y_fBu3?wRLz>S;^zTNQlBNJlj#7-`>)Gis;k|nl6cjr8`ZZ3wtq_+#f0A=^M~&Zsek_?dwZw6^ z`_I3xj1Ln66oAbbX`-i>+JB@#Gt=nH%*aUQLBwVAt*A($F{%@;7Jli04OXh1Uh_Rh zt@;E(&*c(*eSLo-PPxX4N?Q$=&4!W*H*r+xmN7ubhpz3>ix)4Dy16EBuxYixJr9w? zg>e42}2=g ztiXc@9u7`UVhzQx9@7oGyLaybUhVDerAfy@K1m1(37xWUgQ<+YHELc1N<3&xT}}>x z>Ug*{_u&TC(f+!*fq@7&?5HvvqmoiQ4|MZHG|!)CYieqmnwq|O6Q7+ei3&&C(b`(> zdd#-nV1~O{bf4&W=es;JJryFC)cX`gaOcSaiphUyG&JC=Knhj5CFM*1B(R0 zJh#^W;iBY?TleB~b8CzT=@B9>E+>mUNxr_m{>0pr+dK@dpKRZx~ukCFT|AeRYgdszCT@FO-=3L!-vMk#)jIWqAd`;uX0p}Ay+Hx*R9HauZ>mgFZDGw zHKpZ`J{J~NR8%}ZIN)(TVtMo^rIrs6<>F7OWE43$Idm%rQpCd`^Ua6yrVh6kJOU05 z4uAnDC@3VSrS*BTs7s587#wD9eic zNcr9Nki)LWdmuaD?Uhi;;4A>sUn(eo?1(Uf{!YRTfI+SN0{|vgHnz3ygb!fXf~0`N zeDh{f!~OKp`VQpUP>?3|lPB(*4fr!n{!l8oJ?mOJI(VUiKv`eBtgfOm3jctM*jt~d zF&pEuYa6d}W;YoUKt)4Ey~ppyLsma9FfcaedayB7TwE+GD?8!3Pb@Dv*xG6YF$ha^ zJv%vs{c6z4?`IiTDoo7C@KQT`+qDoC5pf#<1TXw@CT^>DL3r^TNa=c0Te`YTI<0z zN=ab`rLup^$au`fH8MV4U3-(VKU<}QhnE+hPI+g{e&RL)ATu#BF`WF~&O%^tu#mWs zj*bo-VkJaWX=!O0!;iG*va&s(!ZR$lW?Rnp-OmRfZ)+0rIu%t^aPwl`x+Mfmx}#2A z_qPrBlGN0+kT2Z{f*(JAMB3T8Ncca(5w*1~mZ46z4T{w4j(_HjM+bm@JmpEMQ#lJf z?aAZEBalklYeNXwUwa#yWDSH<+#p-Wj~_ppn)IRkBc)6K3IG8+K0ZDY5|Z}19JPwh zSl-dvTFvSDFOnW6aC|^6JudPZ$Pw`3TKG+CtC*VFDP)h8WV~919rR}2kj&4`>FVo0 zp`p2U{rbqz(9=~20(byaKtO80D!>`u%Yz06znW=wdOD}&v=E}%>+Ta&GD=EHpbi-s z86E-jYUK{j&iu}M5;-k{?CxhS^kL$t!$8{#Zy3rNozRO=07bZXP#%45m_CwyI51Sq zvYovS;F==KJ38MHHHejeH|2NrP@dW8u9!H?{1t;g% zQ8vuU0!36+Rmbn$msh2?hZnqi_iiWdu+f5p2txiM>glqfv=qAQ2Hrlc2e-){-ui_X z`|qMQPWP9~~Xhzb+8c&~S&eF1lRzO*V;y z&qajcj&}nv@@k8z%XAh!z@C8G7#SMUsg}x&_m@HqK|W8ZfWCaCV_|0IlaABr>FHNl zO0dlD<`ZUshLE|-%dOQPX=z>=87==VvxZcpS1pBJ!OHAxkYJTskylm z753(P<|L9Qc#uXT*(&Ug3#r-JrdnDTtOd~woN}&;=&wDP%)ZBIMRCff`{vCXEiEla z$FiCle!5GHz#%BER@ch=H`m^Yyl+^BwT(`5oG?H1;_K}&r1M;tY$@ErbD3%i8Pt_Ur81XB7vj? z1O$YzS?*r~96=;lz~lw;Y;A2#qSy({3XgeeTc9&)Wg5 zmrs+rjo`9FmV!nGBo8?=dc^w9a;6dEK9i85;y%>ai;c2fzO$_o7#kZK6{P}oR=wKA zadm_>eF&=I*w|PV2uZDc4l=SSSkseNS#L5VSa=IyNGK{Q3Q$al97ukt>+yFa1NUDM zCDPN=lW=1P<1$$?yeK(28G14xa!f~x(zCKmHV{xKfOqtKESCcq1w%?FPEbO^2R=+8 z>HBv!UTSLUfJicCeHzK+0dT2y-d>;fz=q4ZcI}#^q$EPb(2%C^nueQOb$>B=;OAFO zt`DzW``E>Q9(}?4i0|E_ZhPb#$iO-d#i91Yjir1ca!ohAhK7bZPb_`)F!;XEb~L`* zQc_Z&0(UrQXbd5{C5(`>vlnpRa^@%k&o3A{l%hgHm@_N6^YKG&E-tf)>X_5PXBVX({y-W8J`@JtDjCD|a-8wfr1nog8jM@FW~-vaPf|=QF%3os)>c>56cp|d5vjg<^$VygFE4L;8}Jn# z9v&dYRl03>sj<00>)@;`EG$6o0~dpzH8shIzXSSYzRDJpmY%3`E-5J3f|v&(S95-L z{PpYC-@kuDFBBISH*%)L zf%6BsfQ^8(8q9kA@Xk&5^V9wEaxP(E;dy*MBM3_;Cnxu_Lw!(NFf7wwoh9ibkvlLr z$PcAKQ*-LayDKRWi5uaSa1&^^8EQVUsA%8t(3GhDqkP?Y-{il;G)p+ z>6>@yx>8{5+0|W&%AL*TB_F(*+{QZqgw*Ie2+_`4X~&BbAzx^8CdM5>6`**RsgS5k(ExhQFEuLn=Q2GfB8?sCjwS9$@~IGhX9n4Xz2A1g1mU3mp*0Y`B}#LUFBxNb*;+0@;=(Himu+=sNT z=Aj`DcJ`8t46$XJo#g>zpccTqf%%9^NNHRMZeDP^+%oz!ZA%0+vh6>lA!S8%YwO?hF(TDj+yhBmh)UgbHf5{>uCZbMWOm zzWx;z6(E|S2)ekqEHZ3da76~G5Tz(NIe^Tw@kIb`BJ zI9kcA074GT_QKMLU?%f$WO!=O9nWSuvbea|9>=dSUQyrJh=Ty+P*qbyBLiKLrgD-` zr6^GT| zg~$``ssLGPvw5T6DhUF{FC^qHFCOYuKrL3NO>AuH`C8Yub+2M!`2(qEbtnV(M}(r> zV(KUGUa1(a-RTB&u$#EKx$RQI0|Kxs+`E11nwvi#&Mq|i5`wWaKR*vA4^tfzKsqtO z6g)Y!9@fA>IVfdycJ8t-VfYpk69dagw}iUo;!+8i3L2112v}uv^CIveUsvnTO*4+p z&Y9`yroT(`^YQ{*Gg4DO5!c{>MNq0LDw+;WBM?}6e2VlmG%fAzEKE#^SP&Ed7}?3m z^$Xhr{rzWW$Lo-~f`WpG&-wY5%F4>8hT#zrq7*oGbn*4|LSKXsVYXno97ABV_r3+7 z^zgWvst@%5ejK6$yEMdd7IxrEgO=SnjF7M%ApT;VZ)u_a?IVW;QF{gkpj~EzK>P$& zgGL5iWunLscNLeER2mD4QAAXfxHSdk056!Ipbdb=4S!{--UWd1!IL3=`bGfCp@|9d z?WHTIWWd-VSUm!M{zM!#*8ceM7BAPhF_amcOLVnIg;2o4p@*|*Q10>VJ`CJ0zS0Cz zk$dji0phn2^jT9AGvO%oap4DXIvlOakFDJ(9Z#Wh((l)hD%UqO^ju~HE&(+)#W(4N zFNlk;DKFTLGiwRiOiF=U@PgTKpT{B3+Z&zCqiqfbLO&cCe$Tl=G;?*z>_F;2#GgQ=8+pwY{7I@qF z$pSwt00at{TaOtS&H)yp7^gm>CmKY_*aT;|^8gCulPBKv^B0q- zR#vb$rM?+Jiyh=}kRu2}g&Q|+%qLV=^I4l18V*mQl97>h3^_7@%QbxIs~Jkj*RK~2 zLRMB5SQLW{Dwrs7rCC|Dj`G@$=ahl2Pey#6PKuP;n&x{n{e@lkcwJOtUf?7 z3Ti&kKc~ezhGyI0VLst=@*ZiR;egwWbaGJ+q_E-O(MU>A0?5|3JO%OvoIH7)EB`JY z9=&qW=P`2D$pY}w=u{fbHa9i`2xfuVA>)0p3!rN5)qxLl3Y`FRt=N9Rb3pImpbU~%!}tyrQ!SKJ z{5I-UVLzgTiSP#=z^8pri9PD;>%q7VJU!J#Ie=Vj$Vb1?M$X9@(X47x1?6hb7Za>n zSTxY7Ms*W$?+wT#FmtJynfqYGhJqqFf42>vUNu03f}Wlp0{!Plbn{AWu-c@gIsrYT z;`k)J6(9n@#C`Gnc@Jh$k>!Q0Z?lA`Vfq>y%LmmCVhdD(UAof?80IZ3v<4PTK#RQz zx(LJp*a5wBT|}5bt@+xAp@k2r0Io*dVI-ma(xUIfK4V`WA0{Ry1Ml?oB|?qA8$)m1 z@sk_7Zw|3~gMk>qzA6W)4PUthL*pe@eT{ox5*rvJH9-ORlki4@lXohea}cQu+WsuqpAytUEh9$wq2wl@7ABc+g$9;)sSuQO#yG+$eFhoSFM7TiF)8 zLGarEEPwU)=kc>jNJ_@=I)7K9O`R*TvbKg~hIkEMPZDVX#}dF6I&ZtXyHH-AlLzMH zn1L+?w-|YQd4bRM!k3^JN+GlvMn*;;C-W7h)1db2=(I<%ON)zVe*4zk+Un&t=0i_! z<}_ObI%;PJIz?c_q~+yVO#XQ1>l*eqL7bdGPiL$&2Q>r@xq_Wp3yvTv>2V;yxUPVk zLs-N_MBoL^MfxK{1X4Z=B?2)a0;<-vKuAcqedr=D-v=x0A?AU*31BLzAG%^Gjvuc4 zXriK~UWB$)z#~*V?*?!`7A!b?=~z-%alU{&QKr7rTHP9s&1BI100f3!AVX4oJVe0_ z8-{MEsgPZgkt~L=$#4%cz$+-5T~9dGuObxSb>oG#=`Pe@034qJd7_exEP@77ph$3F zpyhNu+FtuouNnbfkozlA6(uF`{Mgy%K}Epi)F;3`z4ma}Fks~%g8RgXA+<-!Z8M{y zF8mMJf8ckvo6`;X+D%M@YeV^UAj29OAmhQ!KZ6bectnXMW==Zu%D_A@J%b`6FESpC z4EEEVzr*oNjl)Kt_bnb649w2VN0dXu!*G2q945es!Wp#}H@D{6BBt;D?b%}TRzuN~ zA8`O%4=Ug{en=tLtCwrx02b>YPbf=Did z6l+vEK(p2n%tpAp3q}WWKQZw=Hnbp_FFJUS%gv#E-Y{ix;r0R!0-0rhl|c@=?dj8} z?CkiAn-zM{TFA;$m63t4e`93C1)Ja9EhF^Le8C;)?dJkP1%o-<(|2{8!+FmH^2Lb< zcu%VQ4CqkciVzamh*H(HWoTUGs;jB1=VWF5R-)5>4SfWrCSoodR7}j&CJ6BhryGq7 z{J9iod1%@E?TEl)?7FR?0iicRjKW8Wthop_vM8O zb}TCEezMuLyD~Ue{t(5*g@XvQ&?SWU5*SnvY|hA#Y>7u+M~;jIGxlVF=JfPA#rl6o z@WwlY(XI6Xkg(x1(3k=+W*b_C^?*&WQwoO)#{Mq5nU*u82`pw6iG*oGEvWE-7%yKA z0AxU08nUjbu~EI;Ml@$E5tWQQu(_kd6dJe>h5eAdDc)bd;v6F(Bp|y$3enQh!N6V- znA1f?;AGxJN5{p%IfHIHA-h?#EjRG>o`dif_XtlG4n2H^7j*yJ=wo0T{oEU`c#mjO zJ3cAt;W3Fl3QF7^JxRtwPLhg1vJm3Jf5-X9sj@EaRCFjAGWHsN;qg#}5I}NZ4}9%8?-< z7hQAc+NLsR5MKG~iv^7TdizEvW1uBS1xPYbbi?`=%^iR?fX%eDG@x4x^Yb`YoBm#E zx06f)(96j&Eplz(hCq|q;1oV5=ePPMf8t9;qb~*`{DB-wg%0CY`98E`Kb!F{QS!o7Y?oE zBi{_0Gx84lx#kmPC4bIx;jdk-Y4M!wRHy{TEz7aFwtB%<2fVu`;v% z>g%(%umHva6@)x+akUfe;){OdNcIS6dL8ZT?n0*utaw4aFP6BveqbYl45nOXngZ() zT!dy@c=^S{g?v`Zw@h^{{@Dkp|EOdzz0#8i?FU(K2Fxv`zyRp#k`@+T;6Fdaavlrv z_3ePm1%4bAC=aybXmh3sNQJp&EPPY}EC%jc+fvun()t<^k^XJyM@|1OuFl^Urla^v z77w3vBimxZbG^pyqmenb_F& zfYw7>E4w`%qzl|=6q^)2;rSYYogjy4S( zuT@GTP(D)F}*c*v!VvLLPp58A(~XOx$Z^z{W{_X2POfp2aW8Ho)K zZ}#B_HVqh2P9Bc^Q(Y2fr!?m|I5}a)#~Fq#L5m_?m*F_-wekxKx1p8s2nS8F3R+s> z2P&^$JAzRS9rop7 z2mNj`H46~3tj)mX#*g1RJ>B39!x8O*^XP)Z!^6->0~=9POsut~B|S4UX|>8}*QhTQ zgYLd;927558vvb-JS1Ulb5>u8WOselRc;z?X)` zMkYFFhC%i*J$(v8A&cM=Ku&@pk0^x8{HuJx?sQvOB{zcMBpD5#4gUqWp^Fa4&(9AH z{ROWj<#CvV`4MgHzBfkgb5=lx#?$4~!0Fu9-c~FW$_*R4Y0b2|{HGo-4bqY+QZs5VQ|7n8Ivcuie zp~feWj*M~N3xGaofN2ao-p0-j=uf5N_B==uz*jgB)Qh_+b{Sy(F!tQq(E%1Z)aScj zgn+LgfjFGTf=~dv5q1ff0X;SKx9n_Ic6PX*1tx&3J_G?{pzwf!0FSY6@$mxsQeoPK zX*=N5MQHpJLk7V_>6?T#YHfGeP0#=sV8>zSLAdt!D?tDMDEno)8EhaR16;V{#^fb3 z3b59|P^zt+0)AN}2=*LANd&Y;!cTn_0b~P3z_gbTmJ$;)I&6pVAP5Qxd1P)B9T&%- zcpmCL=9!V5jRA3jhGqz~8$^`hU2h;F!C_&z7qeJlVPRCZq5u~l_@JJ4QVjZrv@OC+ z0-QNSBL2L_cq)HTDtZ9S6^2JewV9NgpZ(*PSEXEJoaF#d-h~S1IxZ{txi9Aq*77tp7XClWy+ChTC?p{0h<{O5u zhO34K0MqI4zr4Z3+&bHm`TJ2|FZ7OCS&L_9bqECXb#$O{0iEgoT#l@SgdVU6pxivA z1GWI6)Gk;~k--QS(WM_X_y_7r)AE~1Q*WBD& z1}n|yMTz{eunog5Kg?P>JL&1@PQiEr)eBQ_fLK8C;f7)G6vR;B{{p}V5)bTL=@728%PPuB zWQR~0B{H)zlSC0pxk54`l9^HnA>%&Iy2khW$M62{z8{a@`N!weh4=YB&)0a4<9Qs< z*D{g^L{#8+JyPbjpUOhW;D=xpwq@JS15XFfrQE)aGRyOCQ?SEALV0lLSj=#b*p;wa zKB(To{~$_+dPWbWC8Xrq+S+hi0Qw@vUBV%LPh_%PttWgO3UdANxdl5Y4lLK=Q zG#cbw>OVjCl=2}@t$1s<35l}Y3)rfjD0pf3v70RO$UXqTe1$5iz57zfCZxEy%I)4Z z_VxL|IKRzOx4v(JyH@XJBStgrVMaa|I}c<3P=ackfUeD8M4apnw*(0E2Oh8pTv+XJ;%(eO=vU zP*V%dYuV}P0m?^UfWYI`ICd-zu{{^p6#+w97MAA0bI9iJ6&Bt}O(m$rk`A2`L+^f% z8;P{vNXHu0NvZiZ$Y=KLQv)8|uZxA*($a!DGrHiO#>EYdjWvCHx_Utd@`7LAYj3h#_G|6^_>nGb z_%)G;r&t=JYz4K$pDj7sMpj} znA^riB|*uP%F2LkmcY^5Yg##lNgxU^U%sFy)~={AN55kS3J1vY5Qu~4;Rwfp+n-QT z@t*#qh-@3ql!lqPC-NYYh8HM<_aS7!V_vv$!6jc;5z!T>2F}jkdZWVrj>Cu3Enw^$ zPn!GAArikKT#pr~gfJGUWXmmtpgIS3{)OswgL6CzFI81oz1SnzAEiK=K;Kn>UE#)> zaC)2760=+W>NXB%TU&mH2$waPOBdJ;be5XdExY&re4@<%`0E$Z`Lxpm0>AcG4BVnU z6UqOpy*n|+=4(k&&lUkSW{E553cG{nwVfyW2RQg13W+>a7fb!gVRqL0FZY_CcgEO% z`d#|#M_-MIbS8WRD+2?sjDgv2K502(?QPf~z+J%#0tp(ZMHLENz)x%ZR;p0uJT50p z0WwP8p+H*Nm8O^30U)^m_-DXPK-v6#WoX-Zc+6tf!GrL?sG`el@^Ai=&u1RAlE$=3#%7--0p z1O(539vK{T@dpFsiyaSqJ{eX>^}1EWi@7)b`Oxf$0R1PFzhW@g6t4g^S~cGa4dvg~ zqy02p+Slw3LKY%wp%gk{Zk?+;@$H*gnp`m8K)|$C(P8)vE7!2U%y)-n@5DDZ@!!N% z^Pui@6d9l~!Nvo`e|nd+3C5f?yCq=#_kf%Ve!~Kjt99(9cwNct^w{Iy9}5jtWh`yP zV`T;$wEFumODXoTveW*1`R3h{W2}_pScCq(XeK z(cj-qe7LzTU+kYx(bC#jcH)iyxk_?C_>MnMH7f$lXzwJ=KR*x6VR}&XfBuxH1Hm`_ z`!f3f{2~AM*HNTOcDA=0gV_e_2@oV)?C+IFysV%i2HPN4yWw{|wL&#Puz`u@zqe0F zUw<|V@!rz>rQ|2?ZC5FcK;bm?p_xK-de^mBHaA~MF3rZ1)= zzTx+k?qc?ArW$bpC^^UidzKiHC$yv-d<%>QHr23RXuqU=hsFOGYJPLF7c6L|1JZaQ z2>B$`a=(1~#OZj!)%D<|dEo#c)Ih*a>gbemujl#aYdF*Q-X$3gA@zS(c*=w`_BG&K z7?jo3RU}fl@DD`AwC9zMkLKM5Xz>smwQ26-=_ z_ewAVOG`_En+3pdq58=YP)l5E2t!o&$o==#MM>d-BUD?r{+j!;+2Y4&3(}YMG>nX0 zK(34~qb8|WXi6}9!0hV{Prrx(?f4p#Si0#WHw4rO%>hu& zPEQ+QG!ZTaFT26SrdeZq|9vf02qeV-_DV=fG6v-g(5kyoDM&qd9iqwtZ~yjf>A7`w z_VyROy={7#=;+cv4kFdZ6p-NbQ0WA3jVQVzs79(s0^|`K5&rLr9+#0z%b&(wTVB5= zfuQ~sRYE)mkuPX#8&`ScDsU#Ex}dm`$!)o;`a`PQORkG@J)s@m^D=f3}u_!kRjTP1Nm_6lCNUXV2ce zb&H^ReEeuZ0%&U8bS*(O6U%^vvXB4IZ>K=AICA6($|&YfE|zoGsjI2Qaf})&Dh7L7 z{xis&=~fwIxY!dhd_}_A!OtPAqG5IIXoqK?U_0Apk0OUJhP2ApJobH1O528)SSINV4kcQ96VF?XHnyY4Jh<_%r0DOiuxK0;F6AM&OBL zIOZ}t78Vu~a7&^N8!wy|FGlkBUxRH$ORJaY2!i+I?Xp0~iik-lRy6nZ+jsAx!ovk8`TzZBP7Xz9mthuid87Ou^_)-{KgpF=QiM794OJD!nKo^3K;$Ntp-r5UY`C|cIj@I(6TGd=2tdt?JO|40NaD0bK|B>SgZuZ(cN8HHng6E z68u#39cgbj6uQAsL&ZQ&7oQhNy8{fY*`*eYP(+bp4JM93jDE<$9ea^hid2W!>HQ+4 zX=G#qh6{jtP;uGY_j}e=BcKFA%?brOO@szOVj&tZRc5Y5e2WYOc`8ZJps*TsM0^IJ zT}{~#EOq*)XElww44)?^Km;qpSIn>yJHVk+*ubC*LDCIqkfsJ!P(o#};+r-2qnn|n< z+;RB1CJ6NKA;>dSB@OWz!A)NsPS{+Fjco(4QIZ)+hJjYQAq;ake=}N@7LN%1T|e%L z@&)L5pq&F;`ugcpI|4}fpAoN6z!KNn8CRG z1R;<49xnCbIt?2eQN4dP_6@7k!O_tNxuSL?VXjw8A$S=7_U$O@uIptLEGBQ-2qnN}{kAEZ=Oo2Dq)BLj+oA8tGIVVua;9~?EDMoz35CB*Nfh6*< z;^^o%NafrwJwFFSGdPG|5rx8O%2>mNF!cCuR9u86Wpnc3wwqH>{3Msk1%wCyi2(1w zOod5ACbfeCSY}P+Y;VgMct5LRFBp`bO&-X?`bumf9$-1Mv9lj_?yCg93np+3;Y8g7 zR&bDO+(uMwZO2jngOmhnF}`?kA1NU4>Bx=CuYmWx8WPf#t8-kx7xe(p#x|^9A9&>o zXdHl;GQD0;Pfr5?<%}gK3@he7J1dK~7tr(~@MG!rStQEnEJlD;?tOXp?v-MdqGTik zH~>lt?7Ucx^>2E57GW7-RgZvkeD2&7suJKjQdo39u*BpbMa3}ZYNiGH1j94nhW8J)0&va%XBoXKJ)lODif?v6#Urq1n092bpvc=MSQ=*PsY|xwDgyzyZ}Q*~@1h zi~-*=@C=jhia&$-Chzt2^m)SIrZ3s|Hm7<|Wn z1IW?S-N7c?*w!Y7FTmPDyA`DBv!JlNS@vVk#v9^_jn%?FoSd9Q2$q_ZL}3A!06ywdyEU*C`-_Vg1_Ku>S43o2ch1!Uw1b|KNIGxPObf!P97qmd|X)0uAs z|4uN`KApXJ*2&3tc3f-w_BbT@2+EE^vQl4v4`wGgFACech7*Y~JTSn@%eQZ{kq#ez z3@ZUC2obDjvKjxCp`E*YADk{xvlL9rSM$pcAO6H9TIWMwf0Le)k1rc3D^V=QxxP_Z4F#bSnyel_$Jzk@p?s5rhpJ|&akk&*G9GV4B$jLc!NqLkx~^-{+GKZmu4 zI^b6H9lHR|^mp*S%UlK!+5TMU*6VrxocqurV;vox@n>S-Mh|wwH=t$%nWYPWw%7|> zWT7?yHV$N$pgv+Gp*6#(fqWpVf0uB2CKb!z(t!d>{t9NPF%_ml8m*tXKe|mtW(Tpo;&1k9Dt-hJSQ1!B=73mabejM@LMsmB1QF z2D=7B*}7q2yXgS%?XAGM;Sw`8M0ly z@c{%QL|3;1T5c4qOd_*+IR$sa+rbr-m6mP?^9Db~{%?Il6;M$zAIZEA2GZWqaT$Rm zh6bx#McL!Pfdk+QaKPkv|NM4a(+lPep?HBo(VcUEj6On#A0$)2%*rZd*RBA*&&!ve z0V{QNbw!7TEn+6Yd9Vr5F?!l@G(iNh>v~k$JWw0kNlE@$ngqAA>}Dw->$h{m<#Q(S zSW&T)GjnqZB2xAp$|#0mvzLfqp{$|`3!|_@x;(~{9?a)Wn>R~2y_a}c2RE?+$d;%@ z0M;PPVV-VoiTl{eo;Lv?XO!EvrC*$zAWd`@^rB|xGsYgTnu&LJ1YH-%(AXt7ctk%R z$Ho9f@7%HDw1vek86~31{(5Q9tWKmX5jP~ozKq?7mxytb8&%5b_>N1tQnGoT|2?)lWS&@MI8#n zAWDz(mytL@9e^dol@Ym4nVW9!-lD)71|qbn!n(MGNDk>B;1)MmSK69ycVztg8yZGn z-tber3izfM>_QSxUA(vilXmSTG&uIo!H5IQN#K6m*UltZp~=LTzl_6EKOn|u z$hmf9KKaU(E3lmyIc&m}m6hOi18Cl`_`P;*XDAu(oZ&6zEZFwKz3nJ+ z16&0RC1i5b37{51I70CRJ_*6s1>__i9y=<=RvZgCOOAL>0#UlBv=zAnM6W0$H9UVl zJl!pkKrs&^)$rm4xhxntP_kVk!}|sW_wgq2Z-ga{0{50DxD6 zVk^a-8%TK9p|mm%=Yv@trffpt^G2|1)X3SSzd-R03!|+N;yilP%uf=`6_d@Iy?-|i z8eq7AIDHXSS={^QWUqm86G%s5;^J{f>r69-Kd4@Zv*aCc=fy5ghKP0KBf%-)COuwebVembMyA%M zK8~n}!FeK+e(2aU^JAI^R4KgAu+B?Vs2iFbPMj$G33<}}&WAnDRiC}|&UJ;%bqF#sdt_+*44$jDmI z1Ok7crYNi^aB5xikCBp;q-Vfzg^xti3+YQ^H{q#JwnjPQbT0y^$-zNXfDXV`!77cI zMC%H|`zRp=NAMby7R5ss7L(fYcw24^pCptBzR4&BfMLNhbhOlxb*2fg5V-jo$U z65uAxjEwC26>chU41frFp5e9JSQUea$l-|0>H@@9^VnFRF~-NlkSxF}DN#9$5#m)( zf)(|Ky(PL$AeqQy$(JMQ;P8uG_w~M@a2aTjP6mIBBt2ahHnMok%5&F!PU#<58wsZ}R6G`3MtxOsS>GKiL|N)_zJ8FxVf zf`Xk~W77W{Y>}c0^A#>#O`{($?j$(B0^{=L;sD1@!}yyWub5dSY%Q=e=)xF8jJdzi z3TI$d5MZX?!r*4IJOC_lXpsWy8GY&tYFSy?07Ky${w&2vUQsoydti$#tD>QSI!cM- z_c1O5LN$245f)89Pk$0Sn&Qr>TbD)l@7J$rsIQj?F#;)O-SdkSo$ko5fz%)#e;M6@ zHWNI{{B+A`=o0+R(+$}uw&VAjUwdYCN~Sq?5DY5>Wkh)PLq-i<+QJml0qnf20MkzD z$dMIT(oICe49wPx#`}=FfN>C&pTTLMx(kJn4^{8L_lB`Ked!>XuL$yj+4AxBOv(VH z(W5s`M!}HPT(tSM&nFQvMj>jK=%>cY%>44ImBZDeJg)z60S0Q01R!xkR>JuGGg_A* zlF0$D6%{8$N*WmU%E7o zCU3cm7nM^&%U`4UVFOwst46wP-55zr*F=I;#$~q+)h>R1hO$8TbC3SzjOkMx|#wzjjZ9hl}VD$(B~y<_e&fACQ{^rQQZH zA51GRH+MX|Iq)19@$IAEei0N`%pF2sAHHmA3X0}Q|9co4xMT;!eQ=q8Y$saN>VbiQ zXd)QNQG(P35oRHlA3#>vZg}L9ehJO5sxLtvm_mpGchZA}1Rn;JJ6L5gXe@y6DJGvj zew=!>w-!w@NK8k4ya>+V?C0&Qtbn*y*q#Jj9j@ z55X@6sglulehg!dCv!nE40@5Mm>6JI#QR5J3bDK0oyAU6Z<4wC|LQ$}Xy$oW0My77JM zAj<*%G=s`Q=^6D3_Q!~hiJElHkB>H}K#vU#aV5uXe2UeJ86g%JQdj8TFw~1};}jFn zeioV6qF(X|?+U#VDhb%DJggD-5GKN}34J=EC71xD?hH^{_&Z6+)xce)CiHpY4vb9+>$VBB=~C+syh zQ)b>E3je!*Kj;G+TVao}ebFln`mp10X6^0T=R<>o71`hF#tUHM)m3wG#@fET&ZBo< z7uI|Y?ki$N0eLSbC`O&v5yTUOJ88+u)hKabDtdc*;H1>Luiv=AD^sL2t&P3>z)~Ir z1*{#UFQ*nyL1_daWyS>5C@kRuWFU~U<^+A(%_(@$&(Dv56cB9(eY0Aa?J*r(TMt=K zPxLHo{>f)aMCOZ}f|g6Ec+ZxYG?qS z`h4vc>#=r5A|T8FxzdZ9NGXiU?Gu(opDRj%V+UEw3w_F1@zoi?N?@Y{PCZra(tw62 zz&zh!aQa5Mg|84TiBMfe^b>!67f~xoeNa+j-(S6ms0kHn*n2N%#}R5E;6N=KF9ua2 z@Ur{piG-90Mg_?7#kJKZh?)Sd+gP*3(}Gl27o?1(*mFmGzl4NowHHAhUWXX&G|Vup|nEIGmg!S9NeTiib62~teZ*bY>;v4B8608gs};rM{xFDF<% zxtWVd@=z=zY9R=0!PE$vz8Ucf8yZ0;J`|*~xDmbvC|oKd?Asyi2P7d8VkDGoP^Zeq zs)E_n+V4ZqOBwc>nPRmU8w%5fq4+a^AHj~0zZnJN^dcs)&Ttto)ZgEaJJznPKGqdv z16K#(B~ifHc5q}5+#;fX@PkyBA7-J7!ATUDbSH1+ydOe!paJLp&@jhOk>;Q<_Q71x6mf zI}fP_(YlR3GZK{~6&;0xu9TBllRMZxB6hKPw*|}8^qS7-W$q>@R zS|u*uK*&kBPV7R+lNUc{r(&1SfBV3?bEh!XJ*ubB3joH32}f>45cOdRYzC+xRM5nt z!=8ZiAchYV4@D}CJ5yI|UJ(2Zs#vE!xR0C6JFkR}t2O`X=|g~x1x$DsRHor!5w@YL zQxi}&w>%M~@~Bdw^#|yBf7%NHo;cfF$&XMTbW-DL&ypfB`e>`K4#G5H3a|%w%{-&h zEc9{&QxwY-bgU^n8JII2a2Whhrf5foS(8xQg#lZ|tJQ|byB7bH^jn(E1^EflF5;Zp z<-WJX4jB*xs)w*_{W&)`x-(e#r4ER^fK-VlH^5~EGgE_);)iwG9<^Tz2uupFJJDj3 z{eTlt34mJT>CI>YoL606+NdiXe#9YVGxAbEPF*=#@`fVw&&4p4v|7cz=qK`9C)|U7 zKqmx10BFQHBudD3)d6n-QiezgTZiy4lgd8`Jqzv*v)_q3p*DmD4uI((=R4>%Wx@W| z3rnQUAOv|3yScbSq{j9p@W|nU7p#EY;1b-39gfk#dZI(b>jy*z$SU-zfLKLOB^MQa zN4jF;{+1|C+jYVWp&0Lk$W$Cu&1bA8a;aJ4`Rs`9_feA48~)Vzc=|H8Ii(!C85E4%XKDK)r)0 zN1X}VrN6f~x&AP|MJutcrg4`3(%R|~9fJI!FzX4I4A`|BbpaBZQFVd6{F^x<=&)nL z!O_~9OIju~6kt4I>J=lxYmR2Ncl~B?j0{xFrfV9`5dx+qT`Le^6dNIZ*45O@bs0Wq3qNRY(>xGPsQ{ zBR;6AtVC`~bmy3n1aeq_eNO_9{`Bc#q{8sY-2S_WL8EPBjKdi&u!w)^pZsT0u%=Yt zrlTL30-y}=XFbU5OkhKx;Dy4@t?Sp<69rI!R4B{frk+?134(fnrEI{q0wv;bH8vv& z4CkW4!aWQTBMxXz)Q7zQ%m`Zo#4TfRa*&PC^XL)_;P;j85-n$hE_CD#$8-2U9VkT# z2GpR=&C6?n@Tlm=2?i3t+N}V_u*mV63H1Fq9|u6wX~>wbBHXWqs1%h(=<Js86XLw$P`W|^81~Czqgc9TD~iSL$yQKb{_Frph4qUdJ+}0IJdCy zYh+M0vc|^m0ZZBBVI|@n2~Ah6-xKgqEAm~hNh0JTrvLZFU9^D5R)S$5p~?X104(@p zmw}_Xx=F{0iVe!?2ZV*c!l+=>THD%G0Kz{Wy-uFooCU9taGspF%j_f*+Q8X`$YzGs z?gcUu*R*C@oxO5_f0Zl?91@IvCjx)04rt4QW% z5tvI~6PJ>LRjEl%W(@$6fw#&4fg0BKI=!a0Hkk6r&F>@0!?{y(^72?b6pXulqZZ2l z5U9c_{mp6G9tQoCSTbE#(g-I5$#!mFaHh81U`Zng1|`S%@S=$Dwlgyecx?Ua@x9`L z0uj<+2D~3!$b-_-xHl|>ytgEY$Yc;uhbd@>{?FRHCD=3(3h8u$!WzO1Yw%>+xe~m* zqZn^FD=8RHP#=93XS{dXo;~{$AtoraK%hyeSy59{W4H{3DG7B zZ**a&(T4$H_svOw2N#h_*!(X#mjQ+}^A#8zD1gA7*#Wzaj@D3B4NpkWga1QNPvC1< zHqc$4g1C7#1|=xr9Y)$8EGxS_=aPFe@{@5{_k}M*tM{geu#L$=A(K^ z<}my7XDTZ7ZRzPn(T^S-42k-eGPAUaUqD-V8f*~ygrYMYl>h8#@Yb-u5a8%nD=jXL z!?gWEqaXo=JumLIC05&R9N z5n%B$kU2=3`QOp~YfxhYDN-bz!QMgn+pP~-Qz=X)BTo_{D3lRbfsY|`LhTTsz>V9t zKcH-e>?mCOKZ{H&kV7)UNjL-%g&=}FTu-Dv%E|;$5XPH=u?5KPsXLgR!T8?13u>_zr^g zQx%Sh=XCK=PylT#EorxJcSn$fo07|0qTulhjYxl?oz6}+wmiMO3iN#gaDg7Z1d{|w z2QaCUywe*LXOo&@y-O*DRhR)Aby5>-R~ z0o0HY-a)r$1?P(T2P@J-Fr-mRd0?QZXahr!;GT#}bp;`>{`Chy2Dt&1RpT<-w8BEO z@tZ3Dj=t_0kmx|(uSWSdP;$RrJ2(U~d-kC2TzIz))Gu6U524H%i}M2aa zxoT0bBh(U`H-{kczzdrQGem>@2;+=LCncdPDvlM~Z6l1Qy$Xt)qn@7u*xAT@9-!(b zjYdMKeS%$Sqz{SoJxn-Jhj2pM=X5Y5k!PMZIbCl~o&Y|Z2g>*uZp`So`u}(i7J7@I z@V)Y!u>}7Fj(~*t5^Pp`7Zgmt=p(Jh>!C@rkqT^c8f%HHpF%`rBvlVN9X4F5sAV1I zhfqxeh|Nc4ft&;DjD&WiHX%UxNUd+*Zr8`w8x}&o12Fp=%1$WGfG56R0%8{*aw1S1~Nbmb}R~7 zIB02usJQrbdUSne`0KhgDi_bu_X}hKxOQ+VAhonYKU9R6;WHEexQEct=DUGgD?Wl) zF)~6XE6f1LeyY3Dx{12jkm@PiW^eCf{xw7l-^>XL%8927bvU?(&* z(48#k+yr7(^r6MR5<+R>`0*z6tien5l<<5%gq+6>BL-1_uI_s{Xhd&F6gG4N(gm!5 z;=>47N2oTWjMGg(V(byDQ7DZ#ZK_F9w!=JKBAP$m75W^(Y zL7V&D-oQE6D6KF_i--Qy5gtjN*c_%W*;cz_Rk!ol?QM@^&uZvb_4SLfxMGY*xJ|o12cA zKaZ6^uggHnwY5MXR&^V1h@*zr0>4Ow;lx?%g*R4j(_IWzq+EWRi}ZAzoFXx;n((}$ zX~!Xkp}8;gPuK-dC2waJz9ulizsHek_TYYzrK|L6|2zRhGf>WHqNU5eDsfJ(~Z0(ne|EQ zdA_TA)Xd{oy+-#Z=&hA?tD19d=Q;{69$y~SyXbbA`n2`k>SDV#sr=TKKU0z8C6I8Q zq>xi^rmQ?A>T=0NyUlV9uVsyV9S$aA2*Nq)8fC*Rh?m=)B=vjSYZY5}-clW)cw2E| z#3zp`{++?C3cYG+)(rxo>Jc@TWKR8mjD5p3l)I++XUXYHqfE|4wiQJd@2SbV#;c#B zw=V0Vvhw8xdG>}^xwdvfxr-S}!zN;wms9lnB=W*}^)$^}E{d*R}c^V{}kufYe0W@JcgNFYTO=JoiH_!G=jq$0w07rfZI(X0`pX88OH0 zioH8p8m9($=+fLbMB0W>TupUk%pO{n>HZwmZMxaZ=52bBtV;jEKiptdaw7NVH#Hv` zh)jB?Bef^YE9X{NK(WlnpZ)yVYbu{M1SoH$kB{{}}i0mk`{&v+I^>)HP+#n3GZM z*FLG`nz0*<%9`hu4e{r{JS8gp=GguOg@u>Y^2TEo{xK)Fvc=jvUs^MX8Wgg!3=(p; zxPMclc%8@tUv0|?1D$8#mbO|)io`D_86KtDD(v3-CTq?~(Bs}xALpeLpOZ8aml9lU zs5>YYNcuIBH>YmL{oaB(!{X_F2Kz+qJ zzdqgft~=sVA3t3h`mu+ZE>uQV&AIN7(OYe;y1>g!GfH?nq-jW_p@$!}l?GEjkUK4bg_amqG8|ATgiJjZJy5)`O zoOh64-nk{S(fi~J=3`&CS^38|(eF)cyqm9iTi5vht+Y!+uSaI7ULOqFVnXx7m3%0Q zQEXUafs&!rvxT7!#_s!{j;#Bv9NM;^Uh>wJ~FS8)g$BTH+$Of zD>0$cT%q@Uj$>el#Ih&Z&2M8ICKWm|-cdciZJu_c{ms1Hi!xNkS00A-Y;)AwaIg1X zIP<6e!De~K+VHa3uQpd7HvE(voFi>8kuzbtkZKvscfEguEd9O{<3Yv@ng+)fOdM+> zFL4~s^?qcrr~lXN z4b;m?Y!dN2QFg5Ny{3WUxI?A+^ZJ`KVdq+De-#ep_@5~bZ|q*#-sqyFtov68DaV}o zi<0H&(a7&XGfQ6VQ6qP}mNuPYu}T*qnI>)^68#YVj2AWsh4WyO3_tBLrZ|3Fs z2cm&*YhJ%IQ@0$TkY9VfdNefP*uXu5eYeIr#i=(te{z)l>$~C4#+bSF{a=Gwqt{uy z-;>WAR{!wa6fbGHiZvul?i4+#O5%AVrSeT5Gaaqu8%Y#r=9Ofb&Rmr3EMEAwZ|B?_ zN8>vB#7pGXho1J))L#1djB>e~wqh%w1MWYVpNV{H3QFd8DD;%{_g(z$i`v6f>TTKdRyG7ZPze6fTiRl%x7#&&HEhZ6$-Z~^LnN*322 z7EZ z1D=fE7{yACoSA!;vo&V@)%S*nDHzupc=wW++Njlbin==JZ&J-l?2EA1rjN>}p}C4p zT*GL`oG4J;S+3RlDNf$4*>~8rA)-`l);9cIcJZejx(Sv!Q8w~}Y@s9BnkPAG=L5pU z_3t#VnLd)dI&d-lq+(?Mt@_<+JEwNDm2TU$%J#nNS@4I{GXy-G!%_+Y&|Fzk|F5J9oc+Jda-~A1a z6GLy@$^9c(Mi&bBwA(+j-I7;X%zBq6P$;e7L3ii4b;l;|tTWCW?Y#SJsASdH%0;F= zHjGKqm)l8J1Qt_|E`Iz`%s-sm8NjgcVS~%|wEL08GEWP4>wA4tq`D|o&mk}Bw!*jA z)HnN!TIc*O0s4D~pL&X3UEVUi`PKxM*(lpzgHg?s_b$%u_WK-|rH82|N$9p^F_>zQ z7C%^C+~44)k$>!nry`wbSGAJ6C0~SMQ=|EDE$WM86GOR@b%s&d+&)TEj`>LUfOYu859PLZ*9 z(atll+-K@!pqvzQcJJK9z1?YQ?BH`=Yu#V@dG{9BO!^rgx&MJk5_TRvqn4?pp(3&- zH+of5Uv8l{U*vdp{VOuFJ%)~{<el#bj`112)-Bv8n1SIv2zabcJ0# zI_S-}@8*SlOfa~z5w9nA$9nTz8P+JcYw6_rd|URnPkKAQ$uy;owW=4s&8+T_aI7Xx zZ{~i|)I*Xexc+EmP%Y(A$XOQ}+K4ALY&kJYx_eef;ki{kSx~Lwf=MNNNTz`O*zC@-#J&@@Ecef`Me^#AcJXZe%uH&n zp&s43a5~_c+tR_BZ_;0ecgqKI`Q_MelAm0z-$bHi;E+GZ?Hv5{FnK3~;l-W1W2bzBl6NO|6{gYKn^;V1 zZB*RFO-C7BSI1OfzfQL3OsIO}`%*9Fh%eEu-5SMlei?=9e|;}rqH+%2CC=Uzc&>Zf z5tcF2?h}Q#btM{;ViTj(Z-}qHq^2%7dN3m>Nng>LWQ2%DqVyCTrNyg!E0aA#p6j`_ zl`pS~Ja|Xh#R2Em_t&5e)zZTkX`^peJn6Rx#3&cnvyvPq);$gJz~hL8XeGO^qI6J*EHr{#Q;WVer?$oV5bioxII_y8F$2?(8>2+W2j4BW< zYvE&6_i$(0^-0gP^T)!pfM~}{)6TZ1l_zbDHt<#@YP7EXlK#Tqqw}s zKVo_`I(nkv*TNIV4!zy0q~xV3>gMWB?*Yp@O{bkA{Wn{aEfx2ZH@5DFU-r|Oy1?(l zaV+IdSNUHtA1CCyJDL(NY3eB*c3AeN*1YTe!r$x1`6c!$$;QjctzC6L%SGSHw{0jm zAy&A3LN};Je{_xV%#zXA)@82^K5OgJv=R-DPam$RF7f$0P0=Qy9Bfa=W4Eb!VsS@! zr2N&5H?pP{7y8O#RMlwZ)eGm&uv%#^ExM1U9<|$}xg>E@cwkIzI;>+@cOZ;yphx>3^G`ds-h`QGKszTF4;q_*=sI^VQf5_ODX_(CzodnN@=?u@%{!c%^lRYmXF zTKt6tuEx)6lxc@I$90#WN3k6927)a$f_dE8(aKrdnBB@>ikyw+%Ra6bM19M;k6v}H zq4rAb$<7IeqWpNVfLq)LzCFJ`n3^Fu|!q4bo zoRuy-4H8*2{i61Bdd&9LcwH5zZo)p9(#8GJKAS0T99-Mh=&5i!JjaB#Ev)jFZrVMC zr!ZW<1bCekJvhZPDn)@w@iDHaYISQ?nj^;FRshsH+5pBbC@9IJos|&*vhq+ z_6*tg^wfjv$iteA`@c{|e@T2*-&?16`cYetmo`$16ikv*Bx8?Y4C}I%4j}2`Ni`q-H(doPqy0lv zWdE8Rsq?nt#Z9Y8p=Rn@59#a;WTSZ>R6Gqay_h-q_}a<2)><+_mbByBXKe#lq{J_L z@V&~eem8yNRz2kKPYf)YErBHGlzqb=*6p5UnO z9W`|vlawe36gZ_-uv3ub-fc<0)dOROT}o?bzt?O?I>?a>>aZG$r}-Ba(e4Rk%Zck^IJ5v6N4cSBY%SA$@ONkjR$Pd`3C%st(G zM?yDOgU|S^ysD&)^@i<&`^1eW*5VH^^<7EfZLhF9-4`30^W>sUl<}Tuxj6g2?9dC< zxtr?enljR5uMOqO3yFW0Q!5xhIV@x2&ZTXeb2L|wE<$m;dfpAj94FBe`?6CV9lEtT zD8nxvJ9%Cr=dfLl_BIhWrg;tL(9nJc&DUzilGk>OypTGXuWlcgsKFwVYjRjyYk^O4 zafoT@S;@DXg{o!#XJg(fOcbhokQg5ei;q={zO$Y7L+D-V0=r1iIvi}4%*O98^W|n_ zs~jl{4ZT>N9s9(7{87Bx*cIE+T}ig8?pWX>1Z_Sm-TXTM5Qu<{{)%`B(Hmg_5IeE4$Z$XdLRmfl@?_m?@=TYu55 zWKXck^PaMmGoJ}7NYUT>X}eO;>kAzZ_vM!F;_>E8cb*(??em{--S&>}OHD_yWVv?w z;MM0=S{I!^e4krkV(AK5`f~l}TmKs!4qnTA754RaLY-yO+MeX`vys-hCJ)K{(fKr$vM~loqqbZc~qLe_}}Xrn1kbOLh)Fx_;E{^D*HgCmDpK zEx(7`AyeUNz^tkwoqy7;ZNJ04rox<+b-JL_XOg-Nl0{3Fl4M#*WAL$+;cU zc%}3K%=xw#QZ_`_dY?ax3Gn zmkRn<BnQzJFptlEo|(huId(_qWDFce_yI{t2rlHlPXLL`xKt@MUodDogHFgaX1moBjLJD zpjk_U?fOm7Q}<-5oGG(7pyEERNA2`z`3<*e+xPMdR4ptg78_;_b9{mp>g5gREHxBp z1>#KV5Fcy+w3?6R(|YWB+NBE7lnrfKZ0h=8$eFbIzxN4k>KCJU{?GifRF4$P`tMa7mejlW({c* ztFOKM)2Ox815IzaKPx=jSGejg(v{ZGU-wTKN@s36>Z%K4i298qFXf`E%DD8%1P8Ux96fT9w}`)4kfxaJ zDuWMO(#$^tCa}waD(c=daAvA9ZLIlw@4F6N-h2Fn-CqllU##{wT9BqKZIA8KFB<&Q zY`Aq?vx|w_#q+%E(W24o*QUx}jU^QRMNLzCWYdPwE%KB}#Y@yKzn?xpDI{M^xqraM zTjunK<8s-HFUJyAV?5Wsmt5RI-(W#@0bDFI&(7pjUJ9I0TJ z;!OGskYJEk>R$o_#KK!i38qjIruTan2Zd#8J_fh#!zOvu6yxiL&Nfhh zpsUn7oHPd=3J7tM-;&S*_f*v^9_UXw75rk_d=@F^6p$$J4bZ^j8_=4NyE^U3lNAtN zAx{MZqySwYs_jA2giHoi+G5_e*W^uiISkcJju=;!>UA`7G!=qXXn52+kdx4eGjSwI$WSVHk5=o1FL<{78I)G&v4e9X&f^Fz zTAV12uK?4174HB>wlw>j?(Xj2Y96A&CiYNkD|!fZym-M69x_BKfg6aUtgt*oU%Y!a zhsi?oOO)g54m*MVcVWQy0+`K^E7578eNtA|D0=JB?AW280BSmY8C0#rNv7cDqoyyX z0Old;?%kzlx6uX%1>x{SEPjL+MMco0qR+qgDE{ffRijG0v3_3@nW<%1A|5jnuPmbwV>avA6!^i5Y<@psR4Td%NIRlLY1LA zg6Ifrm#yT)g}$pDZEd?bai#&dC6pDM=}?JMvde(51Fi)s`QOmXGkJynHL#JtuK*X# zm2X!GaUez#ypOKRc~Daz!gh$vS(Qgy2^E#FM9MzMJaB&WU^)87oM^le3QakBkMW6! z;BaE%n0U0fhV}%#UqIzVm&RwjfhtW3&xfW%b1r6*LsF3CKFC(w^A+mI9gK_|IGapL z3jGmQpnJq&%Dq*dLUHQO@9xvnjtmczSJ3(SfSd>+D(H(~$&8MTLHyj-(o!IB{hxOC zc=)aQwV(+SXRYCQrNn*N%`@ow^#f}sYI}$O91dG)IkQhM44uAjB{r-F+k;qh?8g-q z(O&`wq-0cALohKW&HlZK!ymnP_9nN0`&HO=GLgF+R302qZE+l;XgmaDuh8&7If-st zTT3A_O!R&_97?8OQKuaHn2S^#q%yKfBnBk0Gkhah0Ul7OOmONF?Y zSZ=>JPIExR4jjyW7>C9b<@~b>NTj4BL-#10F%EH0@XeHi?pI%p;574Fq3Cu41q_4& zyZUfW(h69-TgjEt5dfr*&>hgS&Ca5&j*)ODJj1QWlZ#7BV2AnORUl`_Mu$>n(Cty+ zuU8P=;J|vwP#}i76^ge+!zDCfBV-LrS7YPi+`)^5v{Fq)g@=z1r?59ZeQE)UpaPbQ zfvG7JTl$=h6E<;R1CBMDgKXZ! z%O%ntH^^K1UdjYnrfN>p@;puSakZg-i6+oi^ke@8 z>}0UUp@`TTIt+3nj3HP#cyTCJ!0V%=K$p$Hz(CNOA^UX$Sq#wzy4`?e99RIxel|M5 zqqF7Lugg#xfy0a0j54Cfd3p{GhtbBz&h9fd{lUYBL#|%kzf1Jr*9*w1zh4|AM-Oe$ zJI2xB;gmz3;SE;M5kx$qG^Gb8D2is64-bS`EH`d%{^wHxdsUx&zslE&9!nrGO}xU9 zl@Sd~K}7rJzb{!UmOGM#R~*-Fy{)B&)Ms$RPzS!qen8w>hCR z*l`761~kYC?HPW1<QtP;)cX1s$1muqde_W#Cbvu4Z)#=ZqC?P@bkI52N&8m>8Ywx zB)5#ZJqmJs`tUw{E$kJ})gwCGL;PSCBaRk#yVBw0&;XZcdI7Z`B8?w>jW{QOXyDAi zkcFdE(i71$0b*fr0l)Otf`pF-O!4u$w?&A<_Hfivn-iM(L4q={)VNC&y>8I^h7R z+O1uk+cdxn-w!ulYM76s?Lm#5nQ`N6fBV*&mj&lmJAp?FS+wb%pYVN{1-%e_{TN;Cy>}5R{?2JS!6uW_S?$7L-CXhxvb4d+&HI`}d7sQ%gpZ zid0HcGSZ+Wm7<|Z8aAOMitdbtLPn)!WTd51DW#!Eq!ghNT0|iYL`K%{d3Ark_kDkV zkKdm^f83AHr^NfZuGe**$9bH`d7LsNa7i?iIGE)zvm%V_R66Nn={F=idj>{jLM!G!W8yA{MdR?1d<{rVN*W7~4uUsYT5%-A_STx5an>=nY|3$ogGeg#uR ztPjSsFYLsL^A|7PrRrfU^GRkVTZA#J`c3|0v~|>o@;QPX6N={}M~)<6Zp}y!*%Elo z8X5tAew%yp{-4OBF@)?7PGf`0k>kfX`AosOwKQDj?qVN`;}B|UzbDw0GrGzc78{dd zuT5{;+3xl6VK?^N<2b+=Gyk60&0BJ?NK$=jJ&&1GCE0gYR=-~;f&+(6y$-Gb|6tM1 z{AG9b%vZSay?(uF{rV3D1*>lh4GKdT`(b3K^y5b- z)UYGMKzr=4>$+sF(RIrO)E<~7VMPcM*vc$uR+d5P8cI^6*fL+;l7dh=&D^@D=NYt|5l^4WL*df+Dj zsVk7@qu1tG3LBTXW97Y%`uX*g>?SH&@OphNi;Y*ZnH0grI?{o!A~z~`+)WKj*eb9a^Xw@bI^NG=Igw?p1peynX;v%qrGt^ zMnfp>C#KmldqC&~6)_CZExau!wb$y{_-ogC_UQva!JET!)~pBMe>jb9@A)ehmVBkq zW~!*QwH34E2YrgEXuyO#hnWmbD=P;SHSlWuZL<4|=`9k$VqIud+_Fyq~}hfmVg$%ydB@j;z(Z!R%EWVTVhKq?L`0*3_vHSZFX=1^U9*_gdQeLsJ3NDYw#f~p}{mtnB?I| zF_|=R>eOcLW`5(7k6V~#Pv9?L5An4CcD#J^=I&qbkMnY}E>5UWU>BK;$}+>JBc0U` za7nz_x}%zo2rHC{ic_hPte2gq;>7K5-n{)RwPd9t83Xej=8Cj9Nqkf>u|NiUUN^;v z5%+mRF+-ZkZayC9AZ4TBips-1KjnT?b)3c`4a`T5r8_Y)>s!g4)?Hy}c$ke`;C<$I z&Wfg9mF&zkmF|jV%N}YUJ8~rL{)Bxj?a04<@AtS&)Ae;M*4tM+VX zf??Zcwl3n?fSm|gPu>WoCB4;9B99{LOL0mM3i|S#-FCm##w|Wn^CkVMOz%O`l9$=N z2gjz%hVx4t8U{vaohJ7Rna)v0>0=U=bd}xqzEnIvxgw{`I=_+kLag ze;=299GCl^ZFrB)i9dAb0|R6eND73wtQ8Zj&z<*e=u_@)(iCU1W!m^A&odV=L_3M)v0n5_Zmchu{C7ZxdQ2`Y^eQLhB z;*m0LX!}A#jRUnl*EJhV2=N6oki~>b;cPasH{tqqh7NNgvBa- za#kZ=B{u$U_=DSPR{918!ZUNb%K;*IV8Kpr#F^$@WKd28hNHryC3jFrhZ8mr%uCi> zJK+}AI=s&W%V*iya8t0Mp)}slupi&?H}tv?YynbUSb@_7vLNkI%H?5YC>h`hPi_u9+Y0`DJwZ4F7@+P(!1Te zu_vC5A2+U__UBr+d=pTsGDXF>arOWnJ`Hv`D|<~?Ex%S_)~ZzvoIuPlI5<(T_SBzL z19rXV4R(I=P}=TX=lulZro(BIM<^;nWv=6?@Oa?DM#eDKdz>=t{CS4d#$bYu`#V)G z=zxlNvbqDd4Z@Blx?FgEm%I8-gFRN$#s!4???RJ-u zI(|jBN%y{5;TH#U8+(1Cii#saiKjr5fQ(yPS7&h?Pnj)Hgco3R>>#(F5O=W@L|pmJTzj&-**1I zV?8zT%!9#IkS95h*Z&}Kj@VIxG&~x z32vce4y@-&)_B=2PH&r(#q8(von{2{MJrd{ByB%?cB#`T0xawe+n*e-9TI}%g$n{- z$_b(<=eO@^kh;@J@x(JRaq-5Q8k!%LqZ>G`{#V}1tEeo|aqZ7i2@AVty{5%&+EYWV z3{$Z0WhJd6nDR^CHP`;{XA)UNRpvn3k*bI5)RUgP+B|>K=ooU2Fbt2&M%?Au)Wh6< zUrZ16v+lpCvZqx@7RAz9BDtNgCOFwK0T1yCnMTeN z-*LfVp_n!gnj58dq8ag41^gyBK+r?J>-QfYK`^|92X#B8M= zWfvbV;zuGP#^3vnr{*=HAl_gYu+eYAWWA1>UTo)%e<;!!@9{Z;*tak@rzCo={Dnbp zaN54N-~-Ox9I3q7WfGHdJ;Bp!*q{0ERlimedtmlxXwXFrWLra;jx{d#1XmsN|M+#p=5-eHpaf`edXG~I2@7Lm zjWs_4e`H_}M&h&DydC>h{Y&|3h%cM;eAtymJV(qsD56Ui2f+-mOWr3jQS;zqhS@D> z=DkesxnY`u!dXh31@r&8+aggHJ?Zlcy#nD)?K||zyUv^OE~4JynR1=tJ$l%N4gWZ9 z*T3BKthxuAA81n2;rw1xTl=xDSr^w_VR<+vMU%EW{BwOGHFxr_UU3>gG}o=?waoAr zO`v}h+S=Oa z7gW9|CM!cR@LC54b)FH`y>$R<=zvO`kd-^uz9%tu{Qjz<8NNuDlUm0&*6-TqG-W7w zl+tkW=388DaWwC+u*s31kUV_Eb14f8{$QAijX3Nq-aDH<#fyaXxt@_bG~RdBC8drJ z7e8;=F?IBkIF*t27q4tK`g(kPQE~e4DA+DyI4>c+FM58)G=8f#;SlRXxkw)LY_ADB zBGiy=Cy*52AoJ2r6-25uy{o7wJ)&i9nRG0{lsG($yq62nPx>Ru07kethV%~wU%c~k z;jg|-^RuWdZ?MnXSx}bXIWXE{0|R&77l>h2DUTW~ZhM-Cqv=fo@(6GE_4UuY4P4}UhG;s(UY?EZHdHN^A^Qelw?C2=GKF2%ODbvT zhKxs#c-sJZzT1Q|pS_s+3eG|XW7P=T)Pho?7P<$XL-gTOI^8rx6OQ#yS$_0t^1Y-R z^^3RV?RMa(7?g*qbY$_>Zye)nk%+Jqcz4VGbvo(hRc8JUa zv<3Ti0LJ40=``*4x1CP2H~YwueswEOF86`8mjz&uW{Gxytt_2^{@VyATstt0y3w9^ zMq`ZLexQfOqEdt?SRgdB?}Hf4UTL^LKKGa}(P2+{8X=8AJ0Puy-=}e`)=jdwW<=Wg z{P}aK2EH70JOYP^_@rHMs-~KU$>i^@Q_~@cA%^pRWLyg#&S=XWrM3{GJ)9lK%|2IH zT)g4r#&1-FG)bOhW#Jm#&JJE)fbL>4N7;{I(n2H^3J;!tqRL$&8E$VsAx=Zj69U0M z;}Mc*96EAjCyXSvY{*2aoZN)_-_7}q+2Osyr_Wz- zE%D}bt1~`No_RiZ8-*q94_+oh7zmAwN!wshq{jK^=o;Kkp;+kn=}mlM&2Gafi|HRP zgrO+eXl8b*<|Q1M|BuU5C(!hC7+acZPuKJj)(R2wM_}l$ruGxc6G%%k74u!SWJxuL z2L{;B-#>}YHk@j=OJESW!Gr1Tu$Z~u#|4$#D8U>Pmls?pxcSDv;_A^XsAJ&4Q*+y~ zV>$~+M~(W#CkDZc7-41gnV0YnnKxfox3H+l&-Za!S{eMj7K{s_o~?>YX11lbH+J4b z&Fw%pcIpi*Ik=wExmyRf zgRS?xG`d5p2?t!KvhULmA0nq3?Urd=cGZp30z$%u%^CCuQ_dx_>!_8B5a7cgit|B( zDypiKVtq%Ibsr)4}^VWr`czs6h+xi_q7*{rW}vJLmph$`X1W zlKDPJ_n5SK&%dp+ zFD9l`;A&)LBXK*y&zt8qV%gHAf`2+;n5_kDa7aU~q#k%F$~OPCRPwZ&5efnUjfXK* znP5)RxpT%rIkxI3xtl|>l~+~$W_yIXy~370BIa{m4^IAT^mVoCBNEo^{rqW$$;1tv zL3IQDS$jRksPx-6oMZ&wlAiOr-3+C*1;_XF*)!Ayn80kfznhS9>XaGJ9!nsZ+!Uxx zm}XjY0!NK=%8wt<4fe99dIJhAm6TTV&6@=~N$QcFns7gaJCYqcg#^D|ZvWStk3smY zt?tw_cYe2i@$c-xS> zFl4$57hz|2kv$lkH*OaAaO%(?q?>5e1U^~>d5pb%W<7}`7Sl>r2!A}|wGF^!(Ea3s zfY+}pu-C)^yxYvp&|7@sb?j_QADu6LIZ-tM85mc|?j2!&JRhtX#DA$E~xtG=KJK z+O~mbw!dF>5nr!2`T5bIn1woX>!YIN>Rdn&LhI!G#F@Sqc=tKfd(I05&;%nx6;c)P z&La2`@MAsakA5#~W;ZcjX{4#4b+4%33SQ?3s+l+=`Fpw(ueMT~@9DXh?sE%Xg+k}K z>J?StWx6{M^V}fl6D)vI6KUO$nQdfQTxDWpMDWi4dK-#Mu!;m>aJMyJU(o>2)`-F6 zBnQCoN7VVIueZJC)2g%nc0 zy+tD>*&~hw@g@l3-aU7?ZD9#6RzD$oA%*dQ?=0zbXYIM@JEmcR_!xyE?ZlNHGGE}h z=icB^Zri?n;EWqeT+ri+y3ne(Tn5JOc@-3gte%2M^s}Y)sx5o4*-GDK@I#+fWg!Tt zOyW&DspCFM4m*pZK1x`n3+@-~kG^hNJ-j{1c;rBTAa66h44DEJ6fLR=nOcRgp{Mos z9GrMbO=L^~7tsG$9*Lc~f9TA)x-fzd^RwU@sU7EbMR9ru+zZTO-Iy9}JY4Kg&H*Jf zt%<#K=~-sx`xLLJ3vb3)e~f#x*zI>?wId1L%IZ<8{lL~`Eud-cxavWKRKx@hxSh81 zz!U}dk5#Q#G`0-Ws&oHeEkMaEnm~~1$vf)y`vT#su?c_ofad+wQ}6lZuver=e5RYF z4~j&~PRW|mz3H#9`P)*oK0B7}cMG5p?gMp#Be21vCG?mvOw5X$ZlZfdwCd8rbrzEO zbH7?{+7yA8an^J+cvfU~icXq(UB%8BgvQX+f+4~@n0KpRur8vChFnCSj#9q5r%b(!qb&v1l_WHSv)lDCHa(0lvKe%)q+ffh&L-z>|)>>xQ zn_(cK->jEqjPR{I#gEOpw|btN+ihR8kl<%%xmyUrd9_zwnf&*`TrpORU7Px&T^Hz5 zDu6SIuvXVI9**ZUVxGU;>Y!lW964#=dyKzM#LS$B)L_uCVeffog!P|!dDmiN^<1JL zxVZbbIMHO@%a_07i5qgu;D62^*Y6L;k77~7+h>Zy|N7_DQ6Tm8S^oA3Api%y2(Fe@ zoz53dlYUCv9N*n$pZXh;4GlpMHZ0)inKL_Rl>v%aM_c>rmq$~LnW<@X^et>n^NzHU zcbnYXA%l_aC@GR`MRFbP@%jjtz4<+M)2#7;5)P`#3V8Es`@@&KTr|~WzPjK_Y>RRR z!kTob+ke=wbtV<1x4c!1iITvg;Ly;qdN*PFdM? z-RCcK*_$|Y>_Ef!1tUG$$lDq$ji5B>HF`D0IMg`RMZ}J$YpYKN2dmlU4!3?WLPKPE z!EM94;CK3e38p`~glDf>zP#Ua8A!B#!q$48#_G#!R+_w?qNQarWz@&a00iII$Zg%S z1)sIK3l?N@XK>W_Q-mQzelc+1Kp6rJmzq^OQ{cV@!d~0!3kBtP-w~HZaR!>O{2(W}dU$LUT?BLAT z+x^ZrjsMttb%pEMX(<6c8Xr{DT^gj&rD?0F%fr=IPvkaM$&9^j6md4ZS$q_QA)r)H zbFibh=JRUGBf^M9J0g#P^qg4Q5f`W2b6)R0NK<$mV38glh672F3&~tM3=8-4$&*)& z87{i7z^4#ODB@2XJ-TJeP`*D^X~KyXZZk11VCd9kCMHRw;*^=rmyM5^+P&pmyo#kov&XL|Ak-|Oh{j}oI4#?-&`@Ea zS%yf+mx^tPaVJ>+Nu9xh48I=yIViZ{EP&DwlS#mV*D__3q#0*k3&2;S0rM0%lm24x) zTuM+5pl@;E!p2#%MA{(;XF1dUy~+Kd-+-R@SzCa=3^@>;G~Iw&XM$A|uxy z`wYh6bg=}+^vZSCwVpR!d92@f$?>N`u>-d&xDpXPSm;jh(-ekC&Dx8Kbi-r|V`-k6?T1(0yJ9jEyt*?bL=vNZ9LU( zT(}Q6%{OIgc=iMpl@rI0Cnh9ldA7P8yUAH=hxqbhGzT2d!B8^}Cjto~Ia+XHz72vp z8ShqBkCWX5-`dWdLq5|-rO<;KKXLf5plwKWkX|lU_7a>->Y#hbbw16^w6eAq&i|H1 zaW;)|IWRTCP!;fLPe8b@8}IS?xH$Iv43j-r@$qBoJzMt~#lSL-48qDg`%IyNNKt;3 zNDC3(GWT@a$4Auv(Lz1FCiYJFJ}D?Dc>A^m_yKK-LQR`K`KIYKpRRHyK_qdpv2K`U z(%{|X;Giov>EPo_*M{%%o$~15`FXG*jkUGSnA@^@s;#vZ*t)?Y;pEAotWc$8B`5vX6$FW7ua0C&1kfanq)p?$eg($RN2Ow*&ws>s1_Z$MgoLDRUo#90 zuBewN*$q)AlhD}afFDOTLWPXJjQ)?Il}X;|8=50NEK&snQu|y7NP;LOAkEe%TV@7> zLsiz?h>ef0p-$&FTdyK|ZM3)VsP^iBQRYW_{QLx}8=tU)`IghCErj3m>=`pCydr7t z@-&QuB(~4qx!_#l^>4r``g>FBLdHtnH-FU2X&ULYNe5nPh_rO}$*Ifd&Q(xXuj3*y zRUZ?>7z5=uI}7M2Y7?a(S_Oq+#QoalRwQZ;Eb`)b^7cXnnEzPLC&}c!Xl`mcdi?kd z?mh!$?mj^e&U-`&Cai$we@&~t)49gVJTxRkZ(4WTzDNiO zt~2Tud)Zyko;`bgRz~xH0T#uUWuh|gq`3YB}b?LES_~jU+X4IYKXK5Z=|aEHl1GJub^Pw)>;72n)J?{U?0P z+ne@WR8mPv2|z+`+K64deks9Sp0!|F;fN_=d2)N-Jh1Y)!6AOAB76ps5w=uk`PrhS=^n zRgKBU+Uo}%9P{PhSr3|7ONE>IKVSc^sf@tTN!zz>ML)7Jz3;!@Rib_=&YlP@>^!U* z|2%T~5J|~e={f&&ibO>GE@a6#-+9L=Q9USxCJyjuAh_X<9d|5s_Leh7_y5uTn(}bT z?X_1*oaWB$cH$W|eFXSz_wLzfYoRhZu_lIwvvmnWyxc;S&+0-{-L1cW*?;t;BoS81 z!4z+~^NtV&4IG;p)FWAqiaPi|pIrB&@A^#^7N_IlT2ngOmaJN}os-R@hF>M;qZ*k? zOI1f_&z(EME>K~^HlIT^Jl;ro=gyt1lOs1kXhE)Ov>E>IEd%M4#g=V$%gD&!?FS$s zksyFqqoX=| zfJy^MF#MPGlB&VFl%-BTDU-Wq6Bx#5p9;yTU>@rrTgWpqghdam`_x;q#4)Vo--i@^ z*e}d}EiA*DH5bpF%g|oAd^tMV;W0vPVc$@09N;i(>u#1kVrjm?vsq#6*vtB^&dm}71e4mt1Vws14hGZ@T&b{Qpug|Habw>o zKAF^20#YfKV z^NJL>sW|z**?Y}hQ@mC&qHWAf+ON-?dqI+TWZ!FBM906VjTRD#Y&UOt+G*vhhU(z- z87HoMzcIAr8FN?~qRKHVpN{W)@q*FQ%l*jU;I<9MAa6rFsbo3BE&ZmjJjeyCAy(u+E6*fQ#37~qS*&fsHfa!~$mLikK>Kzp9=ljTf z>Xa$K29+NjMM-sTO358gB^7UONxjh7cgXd^3dMa=XO}q!4>Z&nVi>G!D8JA+Sn;oC z!M1sk3;mZ~KdSKTQMT-{v)8NNwza9IRNt#`c6xt9vAUq{pscGkq;NvWbC37xS813$ zd2-vMC2{xePOIXI)n7PX3JDFx2c7$enp#~=jT~y_;1DouGRx{wZAkTop+i`PWq9Ld zpA#n<=?+k;_wV%?e1e-l)$!g5Kp~6+23Pw2dVhio-0$N9JLuo8G&2|Wmf$e!{H&!* zbMfu(zUIKB4{2$8r@X}ZpI1#o<7llln-(Z^SVF#caVRY%et_Eg3W?l1pDIs&P9F3k zhh@&sQJhOvNaVaH?!dz{tut`KTD`N&P>M8?v`%gEH5g4($IH>#D>D(z_R3|;)WGU; zg`>O=?c4W=_KecFad{mdx@TJcUrysKCo5~z5n&+%50*1C_=fegTTV#3AhOh!VY)H#$Ic(0>a`Y|ev-bS zBK9DvhuVr=hac?nu^%>QesS|MW#!El^S)o$RN3}x({HTuZ$QW~iV(ZvqMu(TADuBb z=B~!v+l7`J=LHbm{%eOvb`LcG8mEn6#k;+o9lG(oi)5#{_#Qb@$L%k)Oj+kcea{0Z zb9&3#qy>6-y!-rLEZ-Tb__U>(AW3wUNbT?W@^q_>snzJ-)My%HX_jQ@H5mtysEvWj# zhYuPT4nuAPNpL+7OA!pDu)JmDiO)PCgrC*r<;TOqo~EV}bNe93bKl5WyVadB;^^q% zq(TaN?ghC9-eRzf43fJE#G>5p60G%OY?csm52ZK@`WWPS=-qSg1oNfaw5hjFN8p@4d-kbIUsr#6+uW|ANq(d6%_?4AsJT5<)z$6o?fW_E1~k=wIl}7rHnrmZ z`(P5I zi0-~nN`spdejj5XSm0QIo!z^21M9Ol&3OKN8|YwK5$6&Hw!Ni4F*VcxX~SulE0wpB zA`f~r^#1Y5)O)vF&j-HsQG@sQoTs^d^yn^|pYJ~Y+|puQR%*kzx9ZB23|^F=q;yun z;yb|!Dzzw<5XMbt)}WY^{^_ee>(z@F!SjVZPw(CZEYX}aNpcJYbjxeDXDCozj2N+J z5xAq4$`c5iu12SkpCr)8K|$wwn&dL7eEG_i3?C_BpaCE-W{jxZ!Fx~(?3hsYot46* z=o`)fMG0jlN^jIrr7y_P{qXd9l|nZGikpq zRXpnL-4&)GIeTzraErXnonmKpH?rGJn$nkhP3x78hUva*X4SN`)4R_wF*b&;U

Dp`>OK==@Sei2J6`Z%#1RL9dF9?M~&q8eBR0bvbP} zNT%cb6Bg2R*4k?{T9ivCP1B*SPZ^{{wT#k`n?s+3mvq4>sr6%o^mU2gsl+WtaKzTa z_=XKspW50($7OO!g9goaU-%aTFbMi+%PM?m%$sQ?hgG$R_|?A*4R629)c~z z1>iww*s>G3(YI<58te`Z6cK3;Kdx-Nm8Lzf4u4O0F!vCa0kLEDqZOk>wFV38t3T0; zKsN?LIki-gx35s$xy!Gozqg;PY%G2t$C8<%*RR=*RtDYxc{X)?Nl&h)-%STK{&@z6 zeB%o<4u4Ba3p3j0`aWiIBBq0N15@Re1O*<8sQG?L<#VUx*Fh^Fq(({g9AbIE$;HKB z@nTOni;0Q7B=QRi9;c_9E>I%x()c7=Y{O#I>YQG(gAqjN zEm*Ll?e`?vHpB$8`NOh&Sa^5@Jw^>}=d7j22&J6QXgT^9guA~?_V3$g1$nwcN!VV0 zcp8bECk-KWTmFXV>9c1+AKv1(GgwViKdf}o2J|L#=IjOTiHd%&6LT3T)`>^WXa!NV z_}X2@`A~wP0DvQGY-mWtlLn`TL_X6ObO>;G1UAG=w6xMsT_CK3ddX)<%%}{8*uJE1 zcKyZ;m#tgZ(D)|mT=Qo;%QS)&+hc@Xqvsco2j;oHhdtERzD3V~N5<+~_pzd)^GQs_ z_~md=;gm^mp7WoV@*rtfr9OOUj^PQw1YD`A{<8eit?Sn*N2fB_w|_sIuIK6L>7}IF zj^I?&$%n;+SVzHJuVv>Mt^cDX=jW`7C&;pa9YsaPv^l{Asj0g|x@IuAkK+$)3wLar zv-7i@oX3lC@a=kStFdvB&{DtWCTX%TD{5kH>Zgw%ceFNLgDvDtMB$!8r${;QDmxhM z?JogFxH@>3gA(*+4kNy&9Am+i8OnQ9^^T6kuA=-n=8zc0PGW%(+Erdm_qHLntxR2b-+RpiNUjf#j^ z)Zx&*Yga_91IWaqGWp(p`WAq&SpwThe>;&@S2KxN>@7?n(T5d1Wr;}x@h}XT^ti4Qxo5gn?nMG!YtRVjR zEn@oMfd^eq zC-}}5`d~pl+566!!_JDJzF_&eYuEB}a>QF&Kc)%8h=7W3+JdfrXG5QZUnIm;(9fW& zWlQu;c9&~=%uWHJU`IfOPT-(_E3G|01gcwW$`oHeKNMD&tEK1V9d3Fk;m~zN#-C=D ziH=T8bhK&o8$vp*D?~SYJyaPqKRx!r^XHq{LCqF)hP%9TX`WNqKyp`>mg;zk(y#D| z2;=644e!7Ixk6)vkml1+r=zG?kHzrZM~iMh;mro8$FbuKID*p`({w5;LZz4Vf*M|5uHZiKJ6{& z^Lp0#QCeCp)Fqq?V){1kT&}cbx`#{9c^(A_o^DEm{qDVc(rkmrTu=hhhW_ADM z^@pRmSlT4M1LTbQ(@eCL2v`M258%l)%_XKyXruKs2tqq6UH{CmTuDd+D zUe~T(JwHWEWLL)?o(E+gZNH)VOE#=o^YqD@F7Gq(B!cteF#G*7snMDkv0hp%Lw`^4 z(0w|o?L*EkRb&b2Ez(o=jqd=1f$0vGLv@T(v%& zE>bdN)~ms-we!Rpl9Tc}0tc0vfvq?SC}jKtr9eF~G?dWy6<-k_tQMwxcTUUp-&OhJ zl#XGlaD$hQzC*6^07=Qi$BsQ(AG!a24%4=aT<#tt;qime=}_|!o53x_04Ddjh80Vf z+S(&QuJ5}>AR|yHWifR}AVk~|7LcZ~Bd}$W+fVd~JS6i+oEAO-Mo%XywuiHMUpNRLi**!p4p`cc_O0<@Z%n)omO`&YQq-3^>6($V{PvpLA`w{BHym@YO3 zR)%fPgf1$iZvo80=lRL-lj!@t+_A3!>_k!(K>h-yV`0aS&+F)B)#DWJ489D^s?<}p zLjtvpPCVzF=}}?)qj4ybVnnHQ@%+w-HQ7v??^pZ1Vdq4Mec<5bix;QSTXU#a_0-;& zg=h+@R-@;1d~oJFd(ge$(g#J2ij?ebAH7_vcc+q>d&Rt;*V5@_usT&VL`7lZF28 zoAJghBs$lO#t-YVPTl2)6jwrpRgjl=D)X7Jz|wvA7W%A9mK-FWj2rh=qW!l-7gxbg z>Bo=F-<+A+h3S%BE19&s?a=w@A|fMaA-6;;M@4&ra_{I-WHF0|KAw1J_m5BLWt(8K zQ*OQ9{g+koa;etmzG>YqUc3kl+Sm&UY4z&WW$(jzIlkTcm^`Vzq2cwbS0x=UJJk%? z6RX-(CN}M;+fem>J>`|!bVfdeFM`(4WbjaYMEE58fk?+@Xo~Lab(6(@kn2MdyYCly z7Sj@OjGyy?PC1ydFxNEfEW`Nb*4CcCss?EKd8~{?4Zf&P-_`gr(1PpMd*C6xQOZ%X z?Cr;e8mw9>e347jl6Q-*`3}H|{}4~>AB19UJ=$rg-0^~tc26{M8^L~sO*3+WD?Y=4@?aspum_QE(}ag*zzXe)(%7-g^`UH=wS2jA zw8m?Xx%1}zwPOb}sxR&p9?%`Z=q2M^aqE&2c}}-(ozOWIe=YBs)=b+&J?0qf*}ddN zpA8B#_C|$;U8F#OFNuvEEFr=>cwX2wUP!NVlv4?-)xuE0RUqy zBZTDSF|=Eu{Tobz!I+tu7mCfEX!vGs@{N+dY8D;b$MbTGm-fc3)g_%4%1~ZtEC_9R zxaUlh$&xQo=RC!G_v^QO-MR=6Xv!s4NW)!{{!4b$Na|26acz4?rw@%)b!m?SLs3n< zoor_?KgG+V9>EINP4y|J@h+r%Nzab5VfC6p5h~{UCx|@ol0LR@(xgepP=*^C8pB!Lz`w>~rg7p?nk14V|r9f8JVU0!W0k zaP*LjKXc|22pKoZnnlF$C1Dyp^;f(ZkbRUH+qkKm~Zmya)?;MY;cyL$E#fN-+ zd}F2 zXL_;_`}3DC7fzj0t(=#1_ikxf88RZSZz}w`@+N!WVDXKI!Y6m#wv9qQFJPaLV3Dg( z6v5rzO-eeyD16>blgWu%G*?{u4sSS_M4MZ4!HC09zVUM7lRev*@Y{D4KaUlq2hcf! zML44zaY3;jT_6>q|HC9_Yf42d=ns05!ad+sZhrowCw`Sl?>)u2)Nc@?WBV_Jd!d!% z6lc47^`Kh&KA{HIXV3}kBQZ670>wSj6YI0Nx7JdCcU96fogOolU4m>NOOf8xY>8(N zB|?nfo0dU9v<+6!d4lERl`BCZS*JFTG$|&U%;XR2HB~@zkvqan`U%4;gbU=A)R44+ zr)oMg=s?`pNIN1uzhc7f`x^uU0FB9BEO9_U|1AN|OkLgC&`>fWWk%S`*&~&dAUW(o zUmA6_i~3mRzP-&fF!2PW^`)STNYfImlYZ9L3XPN5vpY3(e?_}c;z-s3KR?xFOOPV% z+BK`VV^C%NQ`>2aT^8<LS&hb9M( z-#d^lUQ!bCVK1;O#ewVV9(M|UKpFNE>4#VGU#Pm`jx%*$Lp=|vl4sy?hUiQOK=AxL zqS{ukTq)3Wo^8`qUp_=mFOU@uwr~#g5}F8DFUSkuy6Hkl6lOtaQE#$4c!+>jsg{;CuZ0dc&R&&kDm2=h4*aKOZ%+$zf88dn`n@oEiyhzFz>CIS;09RJ7LLj;85B>VPS7xz0!c7hU-QpQy(5}Ivlh_7m}CM8W^*D`4MP&m>syTH6|uslpnt4 zlZ;ACKqZLkMB^7(-`q!#RYL=yY|&8Nt9}mNnp}GD;MFTv7SEY8hq2_?*d8V>++9qT zD20^g?g|cGW@$O9-QXP+UbuKMrbEA56D0{`Ieu>- zRt-(fz8W`(+AR^YRFUY5E*N``7!r_^#x?Tbf(1Pr?sXt8 zA~o2`4$`c8YS&eUym^aIL&=#$XUW`_H^tjpv*;UeI33k!Az0BM*tqo&1W zfSxvo$dOqY+rF_3$go3`ItOk#F*(^2N{(`;Fox=jFLj&eL_BTg$7xz%4owvd%7j&h zYyzAUZ_x#1fpH-fK@IoZo45Y1PCb3FeH|Hn?Mf#Z0TZNp z{QR))zrTLnIn7rLib{(M<3jP*BPioahOeR}icf-No_6#si`=(U8s>aE7#te&oP>EF0?{4^M@B;V?VyX!FU4(;+sCk< z_u{Jo=gM@?j~Z;otPF7#ih*(vkATw3%EG+7)F)+AL|XR`x9ihxdT-PV`485T(!Bqq|Cbhcdy$JiKghcX6c zA?(vVnr+vwUBj>`z0?)*CjBghHqe1{!@KL|t2BN*&Tgmg+>!Rbo_BTN&iVZepk}_JZ6wLW4cpbtu%W~bRR6F$;69{G z_=}XxNstD94S>a?CBAWEW@@V8x^*6nKh`OSEwPcDw?z07k8*K!9aH|}0Ye5uv~+QM zV#u3Q=y4>AI${BAJJli|m(eyqp#VXPBqKE$iRw5ls^PLAkGAC%RUzN0kn5 z$+;!IX%EjYDuP9siU12k10EUeg~soX#a%LCuJdL-(^y>wGh6GrKM>GL@d$lnoA zUm~T$Cwh9$XfK#Ol0ODAX=|UP-^?pom@55hmgvjO%r8)a==?adI8qG%&=Lt4m zfn>p}y_JqKtI#2A2*lUF!QL#tM?B4Ra=euXzBA?|K z7T&hWk>%hM!%SWM@K%E6HAWPjltk}(3p7%fVM~;b-Q}BTzCd~a@GuqMeI*UuYH6uC zkx2RJE)>qXJ&0FS%V3$`WVb%;5??=l{K(**oLup%SM~7E$N^33F082H73w>5N=aqq z6jW&ZTKvBRwhG!cEiDZ)>e)g$35jSR4QI^3;hsa08p54H%ycFYcxXu5QW@S$Z;+hj;L?Xo~Mep{=VhJ ziNh|8+15VIPeh0rSWj}YXuzyr|AC-So;Gt_mi_$scAVB2eI>S|ogv#GdGCHXaN${; znco%_p&o>*VK(*T^qm9qz8}kTIaztM>&QOfY`VJ6&a^%~t*p)hLjC=pHQEg6Vrp~< z3dJW$%yd);^;yHC{mJs$EA)NFtK<})3`nj!vwPvX9q0=Wx^l-6Nb|B_7Fk4)hcdg_7MVr@9DR}q4$I83)Si-6JHN*P5qg4 zcV*#DWSMdj`Ssc_fP@=X@s!Z#;@vC)QxB>tTl~jV*i%lRw(-lEXr==~-n#WVO{n66 zP?4G;Ra&nH$7GZ|ZWYlYOwy3+ga6zx;X|WL z=qfR(`^ZI$932-qR&TlWA6?t7nFAn*|NB*=;`^_Sh42?mgLMCMS^Pn3Z)ExZ{c7*# znARobDB{p9lmFFgiHOu(g`^9c%I{8DQLHcVpMO$gvb)cK|NMXYU)>BX{?8wD{5F$T zqKE$|J-sHA?jFrdxs_A@`z^aRl=;m4Lm(+C`Yw4MK3V+#ey*CwW{PvVQCJasUUUQ> zJv!?6wHr4aHg9f!{yHQ)JjJcHa}*(y#yBiJbHwv{Ft(re>Q#Re7X+a~tgI;i@9z`I zHMNbarG^kV=|z7dYq!;L{4$H-nMO0`wpNZMZru>%X_>c#5I)fP}>ec$ByOm0|HjatUVbV zr|c=VX!_n041E6cm20kOmzAFGEx~FJ&_i{S3qJ`A+`?eDgbw8sKNV63lCJorGSQhg zgt86MTh}OIzMS8IP~AOf|Nac9cWhMP_Ha3&qKg(wY&F|5(S1&x77s@`L^+Ic!PtxD^&3|7<>yE)s?F~d1J#mA&p@GEI&rH?Cmdn^=Znm^^fpcNJ zWZENcGJ%%QS%GP~q9WZcX~LGnVHkCMnb8FhHfdaA-n(e6ArAKU@4tWWpagk06c*fY zp}VJNdwIDvj!b{%S@h_iA-@#gq4MDBm}k$+pXNMUFhbtDA)ws&S$3w*2r<{wA|f+S z#KudkLR>SCrz!iMjaE+&1atIg&_xErDnvx%WN3`H;-V z51Pu;ZeU3>6{v>y@@2S@mnvh24`=8B=CY2`iy%x7 ziRPz;e~|3--_S{9ViE@62?aFJvt-=B{{6dl?Mfwtz=EkdYOn#}9cVKh9jo~+z8$1V z2xeH!*>-0qPgN-$(Z>M|L!O<_$lU$N&nEubn;_|7iccOtuD?GsuvHRKN=xJ}gVExy z{`0Wrx!TzA6@?lK(rVG%MonHF@A1?HSSA!iMPofS~y`52kGQE&E)}5$jq3Lyn7Ap&5)BP-RT*c z=UC%ujm;Jsnvb79KeB-}6O6YCZK#E)-Js9`+T>kww{o_m7}y-9PO8G-ex z21rQ(N1HC&n`!C0un{0CPg|yG>;tjifeJHcdZEHdiQY6bP42zmO(7Dn0ti8pn`7c? z8?mIOf;RmRpy2+b0V1uYeXL?D2dP@V%gx>86Ogi;g2~e}nHDX%ZT))Lh+u9!UxgJM zEuJ;CO=YF6_aQ64$s|Dc5f9o58M1axvs<9YTKZ}2`$dwz2tLx?9(A?rO%jSeJn}|m#mD8?oqsJ zS1(*J#^+b_OG(Lt%uFWF%^a>5Uzx+bw6#^FO$g%g@tMy7Cyw!laQez)$A0|j?vog}Z=V9D2~?(3In2B=pMZ9rzMdy7Qm`=9JS^V&6wg2jK>Tsk z#Jq$|3U#-Gru+(F!l)y+ek-aN)Bt7ODAa+Je$HFq-l3uBXpWsQfi)bsu#yiu@BQ8} z9TA1Kjg3VVuCTuTdZVOZLJ(4k7u(Vpb#t3C1K8D)HhH&%Ijj`!2-1`OOqS-goU1(b3b< zDP_nV!Vjhm7^JSDq1%HOwoJj#utW&NhXMJ4fs59zeMe!12x%+hHaO5&xU&2O!VuKpPu|g8J3ydXwkZ)HQmimcqr6I3Pn@zrUfb8+vaRZU%feRebgV zQWHfm(2r>r!aVIDR8r`NEaTgzQ2jZaX@K$}_#^*BCF-X__5*&$U{%VW#AM z0NdNQ_^{kTw>M$JW^Q1iJIyN!G1@5(@2*fQ>*%drt4+~FnFQEJgYL3*Ev^Y4$JFz7 z8VU2TETE_(OmQLPBvDbpxabd)EO;(THtNit{ZXLiyLICw;vhX9%^01^y1U+OxAL#j z+V7{5Knv7c7>#0(ulA<9hlkwsztW#R4Lf=?{n4XeIWs#5K(bz4Qt?>hLIg+C;9%@r zYcEw|e~Ng68;9tK)MYdh+m_!{5%71V@<^F`iHT(sU7tNe)+L*~!Q~r*QW$-Ni3ABg zFLKAGoLi%$HX<|trz?Xw{QOeq7d5{96H9hgpNWb22_ht_<5cr5*#oD6!SbIfEA;}p zITl^-=Ji|bYX%D2vuDmQbJVxZaepsrDBe_pH9?KL#{sGzACa?r;hvd&nSNn-4uXyA zxpSwhZ-(pJ= z#hKt)3WLL=GB$=PZ;QMyk`kb;HAL%u>m&b^>h}R&2QZ=?M{k$UPHThd#@pdt2Is$i zy?e4T_$! z3ri%$(ZF)oo}{BVZCaSYXjET^&Iw8b50Cr7!7p5s`wg(LwY^OTgsx$-TP+$;e0}@L z3j@_mOu`+|;Z(jkeSPG<8n=wM|EmSq$Gx}Y@lnoj4j?3r!f6n*jtuWocoe?iU%3k? z3IiDzN9u?UV!NxWsHkW{yn9;RWKwl8F4a`PT-N2wmuZ4>xDdy1T%G8qL+X?%U|WucKqVr zcZF1|lgqYk7gk(^Pyq>`@4t!EKddw2pD3?(idLaN&cVdhbkV|DLxut@pF+(^B6WTmC-o)E4PQ7{kfzBwGiflD^jeWG5NYC zSa?KE+hzxO|N5b@My-%p*un1iQrTlqu2gISEJnvMlr&=K(9GkyEEi%WGgao}BW)Y_buV(<@s8 z=%flVDaPLbttAgSg<1A?p-lxD)Nkae9`eL-dZ@5DFZ<8fQnCxb+U?sLcu>6Hz82mo z$IhR(A$~7elEc)agic{d5Lp^7z6b{eDqa2^pU|zDHv{z-HwDIr5#AE0oI)iJra&z+ z_dv_>#i0f%+a}AFVAdEEwV8+OP)^-4!?U&U<;yu|mm%|kFhQENX6@QaMV$0x2*F3 z5TfozeCz=+i{HzUBaryvA?+$TEfC}s<&e7jHgqB8A>}fvZxsxbw6-hjD56)SNaCMU zND=N&FI6P+$i=4KhN&k!l9Sb_C=_V@;=~xeRMAqc==t-Y^2|IwQ{2JtU%nu^gjnh5 z9WMUhR&)8i3=&$pVTRk2!SZOL-cevM7Anj|wV1HXWAnz1!ag_>CygECz+s&M2(q%W zeDEIfD0#@yU?zEQL=7?&uCBDJ3OExBT1Z&yxZc$)wu;l;IGp3LMZAeOrJTw3+;^gOI(;nU~W zZJ&)y#dCw3PL}=J_3MMWJ-t>jP*MljW@ceQh!fNNe^`6-sGj%!{WsebB@LuOqhtyd zjZ}Ox3z^H*s0>jEsgxlpm5?cwWQr{+nQ2nWP-JW{lp-Oj9Tla{>&`xUTDYJtv=<1=gB$+ELJf^yC)Q=L9zzs7?C9>_~2FBF}=M>duL=$<;G}$I!eent5L$cH^Q;RZcM=BWhax zWG3%Fz`OP5_aRrpLA`mpM)vsH_+_`yCWw_{08vhC2Ws@f?**qqni{s0jjmb%i1y1o zK>+kQ;SFELY6OmoEhX?htW7f$ok3AaDLS$uX+B$ZO^xhhBbsPxam%2Ten zJ0b%L{0F=h#uxF7H> zoNZ$B*P`+fYT5f`XqcK@%WHzNAJMUn)YB`b{35s&%tW`b)y|zsdYkdS$(-L zI0%#jF$kbFdv8~T(`_pD&k%4;Tj+4B{+`$5+Ncwo4tSQfwj9&bbL=r^@PUsOy7zmu zTu(Du5h}flIwmNn>FutSFI<=P*7ygNb!w=a-?7;B-{W)(4} zA8%%As?_|7f(Y^3r%$_v-#Kd9A^m#s_SED(QR9x>zd!5M_f-xTE&2dJ19F=mm1zn5 zsq#1D8|!f&Ln|viTbYZ8X;^nz@G zoVth(gz+Bg82(w;1^Dws1Ej#+YOla&0x#|XOkeagMk7JO&X&H8*T@DnR(vrr`I91F zMnpAALFJ|BxJ#1e06iDE$37zaodO}NXqhdvJCd9saIP^2N1SQTDzm3gXXLAs24f0P z{`gIOk9jWTOt(&L_?j&+fb*#Fjz-@=@>W#A%$1N3K)KXmD#`dx{nAjq5K#=@8LeVZ zA5c35`K{73debV};YYt92nv2+;$EftY@}Wx6d@}gQfJm3K!52;RsBdEb#-+{8=ppS zA14c>7JWQkcDnf7xLr#|{{-#kVbpz##CU<96PhII7}_Kh5e7r< z1Yf&;9p+sBRhUvT|JPO8ezH$mDK;B~Z;DFVtI^o}K-|)WbCF<<a7u^yghb9}pMl+^C?U1ae&g&y0%z9wMk~F%PkPshSDK~6* z0|KVeOGZXx&>)Dn2>}HFE`l!g(D1>7kBo4YYPbgvqMh`Pb&H%PpJKSepYEED zpF&yalyE{EGQ{aUG9@TfL}J*eZkI;v0Qcv)W=$lA4OKc;NAFo^cz)GDI=Ne3dhOLt zNNTFty!rwh#yWTE1g;CdMoY1t@fJvI1AYBZSL=R9alw3r0Sj&gjOnfRwsRRpgosIs zHBikqrozNl;=-%D_m+@C5iSs7L3^|@Za`XzO#$864AcIZ;t|L)XrXuqVGYNE1wtE1 zDH0mrw^P~G+XXfifC=OuaMcOj{XcJiBqmv`psn4kccSa?odpwAzwU2%Xr%JX;=b8m z=+#P!i$P6a6c!@CLEyUK*hc5AHAX96=#-y%NsE&9_@xFLu1YR04IzzE{qS*!4o9g3 zPMomp>m4esx%x&*O2lD{J{r$nzfNUY9787524ptc6Xq-ErV0MOvz-tL@dIUrMZvz9 z7^=>`efku-gHYWkQ;dFY3Gv0_Rd{|OALR~IC3YnY?NV&|H3}}=z(J%NCLb|iz`VMN zs};PIl8O?Ll6z3EUDWaN-oPA!%XPcC_+m-~-0Uemll}pRpeEp0)>Ku|XNyZpF1q14 z=*mDXt#K13!0`!dOi)OmnIJAdd^n5~x_x_vkinOv{(RvoyM~5|XPVLJ^7rpqh$A#& z0$4Y%_jCwLJ3F;lHsBf<8Vc!=76<@EMnrD`2tluhWgtg?6m1KA2t5hd3g8_QK4H|% zpY3%Uzj7-ahj0Dy!mzKIcdroZtCue$l2TJs88MPnO`B|>t7{Agh_Dq9d51)wr12xe z+K!%YKU(SmaA7{|U1&Ro zG~h}06~C>Pz9$T>8!PH8Dt&ow<_|^qva)dX;lus8Z?OMkyGpcwP_f#bvhwnnJ_@5S zt;gNPTGb`P49sa%(fuNg=rXjJ`FU&W+Slj*+M=;3X7N;$B3lKo4*d@7T082dx-))h zzkjyGy7FuTb%AYxUcjM%i%aWw@gE4eF=ue^VQXrYZxlY+ka%hp(D;AkLXEqWFrEvlL}(ed(ImR?g9%joH1awIBbocHrLdmk4Yyju0gUnzUk5w7#DUU=B|qQf(z zwPZziJ$qf1@6$EZxJ%j2shljlwxAf%pY`9*|-{1|H|_-?y(M z#Wj4}w!fgl2?1=|<5^}(kFor3RJ_1_Oz@zC1-?M(7u@T#CH7W$SZ&ub6KJ1$QRT4n1_Jkohpc9y%4Y1XPSnU@&%M;nAmc5#CvJ=F~Lg zY7%uIOAUK!Ecym^&OAUQ>K@>>YO zCYZW#m$s-$9?!AY(k*+d85p|e-w}0%ItM4vFEB}{GJ=((<61rxA;OQn$JbsO=pzSp zR5*hQk7+x~tD<*+mBuC}Xh?QVYxrV1aL}O6UAh48gA5|SW7FMyn25|w2izWPI#9V_ zQct<`{q;Af1B^I>rMUw%{#vq=L4aw?K+dTpHb1C1FA~T9Tyk^lPQeOuyQ-qR{6W+t zcEy8bgTY*$H3ltC^EF{{Urfwq)Rss+xNbDgKhF+zaQHE(O~U{4`fbYJ%CrBUr^!RF zdK{ZwJB>+^n>PaY1uwfhL_a7d<`-EI)|9g_G6cav9bFC0iQoaTB(>z_%bU!T&<$E7 zwl4-&_$y&MgrMoG9v%Ec0nj8j%851Asatk#s;Gl8@K`5x$x~bTv!m1%yW*n`$#iOT z(3HG`5y7zHjI1|v=9+8D295~(-pNq>u2T66Ct z5`AcRIJ4dUd=0uV1(QDGz9mL5QQ5xGs(_D=f`)q6X{FxUHRb(jg^<8tLa+#ua^Jr4 z4o#ntENg1BFvGl53pG-rwVhq84MQXhnr$Ssv380tFE`ub*BJn5 z&@ftKBLjoSI;PBvrlizU%R&$^ymc@phPiz6f=xm`$!KJ8>pdu!`hWgG%g*R}u-V)R zA1u5RR!*!wCOcw|2ZPjLZ~go45XEt$maSN!89?@@IineaL|2oO+rIG!A?5d2J6r$w z(Hu6++jtE=PX<} ziYMxq&820JVNNOh&deFS#=OoKnd3NSif|!gUP|lWTRbPOxD^AKF4KGr=r6f?GujP$ z3Sn-Zx>H(2t4dEQOb&hgh{_)$Q}#YCgyTc7O3@C9NhdH#>j~8?qEUi7MH{$gZN|Xh zaSUv_Iy#m>ly2O3mC-heN`sLj75a`b#o4X8bVj~SOXQr;6@q2(;JZ|gm0rTEcJCXu0@WfPM z6H3D)lEMHAK>=6jVS@+nYqvymMq$U4V9dI)*>~5|n=vJW9~=|b^mqr39$hkb?wz}L zfB(ZYCeqZYE{ zPuw8z4ffxlVLW^4RR5zNcevc4*5f}1v4a_98u<(`nD2ve-{$ZEJ%9_K0MI^wnLt#~ z$?j;%uU|+i$V^q@R5vMdL=lg2b{NlngrNx1)vbZH(vLl@*J#NO0%c;vpxsSo9QzQP zQzLimIEBVQOY3A>+L8$qD(PzpH)!5~bKs%}xSUbI1Tnq8e@@!=SYb*I{RXHO-5t@9 zpb}>i4pYG~;ZRWDgH-X2PJO(D$T-$yUCzswQANGmE|2OUcEZo*8R7GeAisNuy#Pg< zUl=2|l990jw@`_IgWOD{>iab?)Q0;=e#{(zVl=qhkSe*}y~hiCB_9vpfXs!F3mV(K zqPVgV@m7(y(F#}H7?-^PaqMjLEC~sDs7a%oaGz##Q@?(wJcZraJPG!ZzBCy0c?`01 zo__-h^cCP&(jqP}DL;3f;OByV=ExB^az)WHdSPfpYACSsr6+}#BhOfkN0=RJj)*uCQKUn2BV&-(b2D%LQuG6 ztVblFRv`Q2-@7*%SK{5fwIlA8dUxj$ab*+D+qYv+&7z}a^d)@!o{x*ph{plg(2Z&a z{B()b)z?SbD1QZOc&jB#{CM7)W|i+EeN&&L(4>fIT>2jTs|` zzft2=uF^CL3078NFa&MGwM!*eHT>EjE|?^)er*b%%SuJ~r_Y$f%f8un zo*;`Dhf*5Mvh`U)OxqgZc}2BPB;CgGUvUgRX?aY~5C;El#+6AxCUrUQlrHkp&qHDcP^Q94M zynA=@Uh0-ryB}UxcYJ4xz9q*3tN$>TU9=@{{7`4TzO7@%BZZuKSK^A5|#!hJKvjrFD>-PuQmRq&8ek| zIR(c@$2O{^zFPOltnro4jOZVE*FPj}QXj_lPufS0%-FFG)V)M_w9UAiOh{K93j)q# zfWID<30MblA^DnaNZ>AMs>d(q=V7yQ!@tcujiK7_6HQPcqK7Xw{=Ib~RM}`Z*qlbTrbnjV^jcQYPO%5^3qCPGj}HVkdV6Qj z4{%6XgAPxv`uY_VDd$GHSj&;3T}lL77Z@GMVEQ$zoo*Wmvy4NA5bV;Dg_ell6WAZd zs3^ACNWX1SFeEecZhWYuLSzHVfy_9jJcY1?UybkJCKxt{O;edDqp*ysJnZUcF4la z<4Q%}%lp|XBzegjZz$=OrF_KZaPK)_^aq>TH@vI?gER+yZf1K6I^SWytpYk zEBf+og*(SvF8w8KYhOPmuxqaFI=#B!l*1na49EZ!nne5zQ$g91(Nh%v6h@g|5;w|A zD6c6j-HVbm%*bbX?ktQ=c=Zf>O-EU zF`EuZRKB>q=XSxVnl&+!Vtz7immgAe^$URUSkR3VP%DX~HXR?Lt2;v}vrr4IN05d% zq6?NP6DML@6BQY$0(6^uH8{DZ%7%xqhB+XlZ|u@dzHL7+@^RsZ4SurA{~8dv{%ENR zY%vue*2zdJ9#npwZ*L7Vf!fBcG%Y6Xv%03{?L84wPEniz!M-(t{jj^`<$z6)y84*B z;GPe^%*LY((Y&|spnxf-5IDSzq9P|adzzY|C4|Nz-`fcCeqhMmzoKJfE!Mu9gq+T8 zHmLEUMYrtamX!fI2!axZHAxB=E(}9$INI<~WTXk|9aaCA%n-ooKKbbB?(S}GZXRGg zZ{9()jcF|9E$tFdncM~2UAjqBAb>QH^SPAKmF#YENe z5EEgfOKq-LlS*=LgPgRVNy*7SA~H~>yc`8zPN;VZDS^onB%sis)jf^+VKBFtw40u8 zVfhnmIQh^7^x?FQf++;eP)>F>FoZ?`WB_J66eA&2DBM<=wp5|vW3-Ruaa3qjt41(E ztm8R}ScBiAAK+NC#Ix3YebPP}hH5m2xZ{B1qHeqO7nuqzO*M&u?Ryv_e*X~bFIDy_ zBV2vPTSwOt$5rM>W33~{zAG<3e&WPB2siKpDt~?|jh1FKZYy=pgCr=nxWaS`br%5) zo!E1%*l=k$I0Xx^zt&aq`Elx(?&v|8iHHcNY`TK;Jjk3gax_C*QFhkNKYk#bvSR@Y z8IPKZn{($*=Ma&wk_8(%s#qFm`tXG`o~TWwMReN82Pgq~A;5a1k4+oB_)ShC*M`_C z4DkQ;uh9gH}I-tSqL;zc&>oSw5==jHoZONKAAKN86-r=9sbws^M zNx|e|IQzBL?1Warv7DzGH#{(XWD)7GEqulfbM9d&frf(lC5Oc>6DRIuriNM+>Iejz zYnHsXHTCrj7ed`gC5n(~o^ z(ZFTq@h-B5f=_1PkCuQZ7mFio2%U&tu@?Re{;_n?51D;$Cmj7E-Lb1ykLjAY!| zXY}r_3>-EQ4S6_~zy1e0HQ1ahNl6*AdC=xvShQTwPAoS;_Y53LQ%j}z=J-xYq}Z5> z2;)~DKk`M`5U2_vhImoho1I(mx1c{fugLHO25b4IkDfPZ1>03o|M2WkWCf?cAvN-3 zB_;ku>`0gO$Yq)WMHg1LzkpcjdpNIzlk7*c7B61q?Ck9B9zJaeu7wXggxPuyI_>PO z)Krf26~YP+3o>_hS#g0+pFD{eWSQ7pQe*dS-HJ(sV0SkABN-Cz-TQq-ML#VqR!0tD z9!w{dlz`LjTP``xEo~fKx^Qc2YoWbZda%aB1CR#?{OgQqfBI}I-Q!wJQZciwqfp5* zuuU+^=K?TAKw&VnmW<#0U7Vg5BV7t(BpWkF@8#hc%EBfqt2`uf_zIHX0WkPWW|i3J z(pj%(=L{|*=$bf-KoiM}5p{uZwKA7|{n|CAMoASx^=nWhFdAFNvpQ1g3n|WQLKug+ zb%-NLic`eyZ~S*#(nnPU;(y`MR6*%ACY>IEF%$gJAl2yeel|5> znA`LF_nm1*o~D}#@Dzp|aeUvg^t+Qb4|UDng9lkGkJ;wL6)OZZxlYCfYLCbs%0vaz ze+32hd*vkcJWXH2{T3IS02~}Ye*5|J?>ulFk2>|(k~v=3HaJ2~UiI?Div$Xd(~S!H zsvdJ0GnQi`9~?5`6~{pwhoV~t#p4w|O|63}JQ90k?0EP2s&vyC{(M6#b=K(4kbx`TKF~D-% zY=?6$?SeV6f_P?aS+~NYAlGMZm$Jg_(Rs_toWg=NDgbxgB^4`zDjEFVg9Un69)vq*V&6h3(#|7d#)Q!IsX%YQhJCP}Kc5|8gLQNSVG|q#Xs3p=q~Gk0p-OE*d)5HmA~H5#YAhNE zr32K=v88;^jxNgEt^g#<^Tbp<-YschCah8;MK_5r?Lv^?DWaK}LFKe;8EZ{PdDW_8 z>U1Ip#?#A1DJ<}i6C)VMj(HFoxkX%B94Cam*~*E1d~fbKcxBJQv{GB@q}t)h6ttZ9 zb!*m;+rF@A6Dfbv%HOnK>tcp@V3>H$t4P5Ew6xe*>d2pFi1pA~VI`^P4|GiSn=|

D$$YaNKNg zbO;~f&jVy}!K3|h>yGS15!j`R)P|vAO;R>PPlu%iok^n@)3uN+#Xl4WAt{pJmOd8hWz_4}7D$4Z^T zP|Jdu^Fl}y@VJ=zYP{y&TK}%qR7%ue{1NwPlwV5|(j}gKU~3+lr%tVbfn5m1^mx?G zJnU3>$%h>TXA900t&0zfHOOe-NKu!CE*9yglvG1q-5}U~nvgLUdbISyL$mYmy8J(% z$^O_RI?c^4-pD9LckkaH4Awv15P+O%cis=0sAk^S+9-t)E>;M7V~cTlopI(*s(H(_ zkxF42r}$QXkiTMLk`8Y9E3HmE=I_JO6y0M(*!NX)e?N}@d28KeMM^9CDk|Rd3;uQg z&zBS{J9PWStsF)us7MgjZmxvg%6ssjS+#e^bVb7t2FQKex*hoQ{gTeo%4qC3uQ<5M z(|h{#hds~qY$|kEz3q=Hzs0V5Lf{|z0K&rmjWz%O>o)?GhMF%?&V2hW^TMAjeEOh= znHP|W7B7i=>#H?u(L$doKDqXVe@tm^DeW0*(8V%WXZ8JVGGmv>cGGYks%sS zt_^?{=2Hh^QwK}3@q)aVg(PmS)?-A=V)ta6lDYlq)@Yk(n}fI4kC~LQ?qrf~Zu;@P zLR$oE&y1ZvGywuWO4P15Cs-c5dDEw^jRy&k%zMpn(B8umpeOgCJdpC7owI_x54^|P zyj{{t?5luD1bCy9tjnV}K$Uabh!F~!1(f;YPtC#;k#goTNKEByp3J~FZ31*thsF~< zf2EGtKG57;^&HEygaFKA@Xxx3qd+AYpa)&7S*R2BCBW7_EMhBW>^Ofh)x_JANl5=} zX>Qv*{B7f9z#b@BtpNjY5=5-J2%nXh#lppEdQQn6fBLjkwGA3;im94~YPCZs5CaDfbcJY_aUrlvvlFDc;X{|`?kcN!T!cMUc zM^LyYOVUA+mf4G}RWIxnRZ&m~k`~r-fgebVi01(9v;_b(c|YnFXaw*cU48F$Jh*@V zvkx(ENs`I`SV#qr0}9O>kh=c!LBcyCP~?3iK0YPlx9|P1Z0+87HKy#RTl6(@ ztksc`A1PqCQ;d}m6DU7i(gRb?w)w%GVffe*+4bUbdTb!w?&9JgQS^2@7#+l)hK}>| z?~A(LUS$p-QsxEmrd4HX>%7Yga|Ez7x`zhI-0)X2J zdCn?!begsQ{B!$Sx?248>n2ghuqHTrwp%IBz1C`&@B>~tJ47Zv4Q?R0SQ@sE8oeOf z1CLqt6-Sb~3Tv|s)i#y0p({g0aXJgH2y0q#mEebF^hH6zvB%5I<{hwkR8q1apnx@; z!mb^FOUgq`MzMeC@(2n`=+$_r&@&+48ZC?ma%M3ZHZhWBD7$n;8-czSoZ)h5slSs-u&%_ZH1U z=4vPRu7bn`?3hbzU?7ywytd7BA>~fY<^xDe2rMl8KTiW!f%|OY?Hz;SFcV`B=oDrg z5tQA#d)Fq-cT?<5;jymW4E87#amaG{rbr=_j8^w`{IOH@bBWBTGueuRn|}O&+G}n2 zvT*PLB^8zPXosZ<9dtp0a)v@ha7BI3j45UDORQ!a2EXLEct7aoH;RdlH*d`0u8l=fgd723d#;BLg*Yq*&#%e20C)!WV%gtA z;uMuBs6g_Qq{U3HjW9G^f~_%&psBy^I_pPWb)-oF@c@2_1P&1e?cDjHCcO=TDeGt# z`}o|9j~^f(u57aQ9TAPf%*d_i7(~dIFZsIW8{s9n;Pjv-h}9{m<=4EqxKu(u<`&lc z4c$7VFhT~5O^BY~TyQPWpN8sWo5x9I0tI zK$yYNBnNi(cg;IYIh)L4_J9H|J0HM<#-54=9+8$Uq2v8>Tj}Jd)9E$g41o^l<%-d; zIAjGBFONP9t|dr8Vl84ZP`Th{zKu{rqazc)OqiErju8(yfdg5U;Whayu;TidZwZsKSU)@3mqOUR_V1@*(`z`kDPi7=L%oh_^ahWi7-iixyhvc2A{ zdR-skh^BRB3X?k`h>LNs`8-Q8k5FY9Zxi8 zD{y)Jlxo!^GXPyG2%==yeOuJXMBLE=T49Es3bDfMF zpE#cxTxc5RzBn}ivy>TIrRmF}Az%(1n9EKe@)Xt#@;WxwOq)rwt+Hp29(SZ-N4V|= z(gLUj5SAA4v?9;31J901e90Jq8nZg6MqX+STeWkp)q(}4jOpRSmy*I*knHCpP9JVF zgV>D90?7^cGyCt8_(TjJUi#`)sPql?va@%UKAGY7(DxQp7@Qhuk=gEtpiWp5bmb>_ z+=}JP8EpEPlE(=Gw_p&HA56BHr*Y*{0J?wTunzc#Rl>~;Lut<=cy@AMz3Qu`1^8)- zq?mIdJb7O70c+Q+`O)%Y#AgX+`8R*7k`d;Ps(`b3-XW57{-L!ImZ|Wczek+*l)*_1{5O~*Y&dO+B^REaeY1y0}YN&dyr8jeM4D;KtZONIS{;|mJ_MaJmvLI ziIr<97pAm^t>p1%)*5{5QEgu!&ZR6&pF0=IPFmpVNG$3u;^N{Nrl;t~5T9k-D7UEV zE>_i52&Zpq(_Y+^Yucz2v=hY28uPS~BU|E9Hncv_%Ujv<{z0FH@czkt`-BVE&(re~ zOSg>DZcXTWyMPf}FjXR_<3L3XEe(ymM~*yi} z2|KuV@7eR`?_^!$L&BVc`M6C8<2weKt;PNd9SXCb@W%EVm&1HBTnl8u`idM;jwHo8 zv6$6CUq62iImQ00?V>nxw_J)$VxP}djXB867_z1xMj;A4$_@XVk_Tfr`k$$%W?{Yp zPDzvKeKWR5y^p-cYfSwxi!Gl&ZnR2>>tj2@PSYcjNWTf8W893U=W%xta-itoN3aB6 zx|GS&K}?B4>9KH+c#XJi6piux`Ah_L3Xw=zb|&b(W%S79v&M`OON%^ubozg3-pP|Q z2h8*17)M%RhU>^ihR+fM{PsowD}X>aWCaT8`tT-{-PAKYi_Wbl?>qhuZi}h77*^p4 z5$1I$XNj*gvF729RmaNNdAtN@#%Vw{SCMVVz(dr!;u_Tw(?7rxVr4ZwIE}-5s=aAm)xY0JrVz z+6dS-^ChFA#~yuJ(7(pnhZVLRQwy!d`X?lTszKbFCIKNXBU3#%9RERJ-Ts-9e!={ zTKA&Ifjh6ARGM6jldisaS&^S9GhmX2`DPcU8Bp-0BquxgN$YG7`sK2l$DV#9kI;+Y zW~$Gq0`tX8xxvqWw)mDUHFy+k($Jwpg{80u4`Q`^3Ey~MmzNzrbV@f4lrmY@mhvc0 zAzPL%JN&b=SZ&Cb7v21PMhxopLa}M`$>2qnEfTU^N#YVR6za*_cQ4!7QXo;;60sCa z<@{Ufx>`P@*r1m&H8w8$51pF4{HZpRt&Y=KiDNi1n1J^XE}pVD?=7{!C?qkGTm>p&TQWmZ^!*t3$SQW zUp19uxD#Y%vhO0?J3Th9zkTWiU-K$n0e=O=dzH~TM>{{>^0HfVScENagXQ}J8FEBvpH9h1k&_c(AFyDGn5?+ghCs(Hri01uY+>`Rlcg0?DqPRHJJIMQlEMdzwd@vTY3|)$_1bWH z=!;6_a*1++8m=`|dn7<%3h4fQd_&hJ4KZ+LOUwgV6rDSMIZ>!kuo^MRyk(0RJPH&S zl`UOl`O|2b7?y`{2eJn~r%|U@U?}hgA|VJzZsf|9pBa%hEIh^nTKSmi>1ftzoG{ab zfF(R64SWZL1kk{w@@R+K0UUk-aU)BK3!+rc5&~X)a#%)(U&z}Lf8hm7fyvMs!2dL! zc$9fWe94Fn$!A$^92Yls+O!@T6indB0X;kN6)Gw#sf>23I#K5hJ3E*ObFnVs!y27hq#9(WT?c0o6v+0X+%| z*e5p|8)dvT6%-Vz-=sD}l=F1{+T4kB!Tc_|Xzbj76P91FO0Z4!z6_(orK8m8qhnL> zGRPeP9)B5640gRzTnoFT0d%so4d|=C!viH()l+jYF*km+HP}sN=2)Ir%Jkc}|BAYC zM38ZwJNFrM2Os-@Uk6c^{!IN9xG*=WVYk}iQ<)bjZM*MSOPM?RJ+KT@ zm&)0LdpJNns9*3Zc=ALam*|F`hy+gkZiCQ5YY!YKEHY<0mIALb8rYrgFT3#@%rEpE z79Oittup(~1rkGmz#5HbcSr$1fG$A9Mt6XPAu3%YT~aioSA=O=Z8kV_Uprm# zRF0XBfux`aqD8=!1Ws;E%V`!2k|{9wu+-ek2tHj|;ljQVm(hLjEHE3uyGMAdhyh)rW6r5}*A;;3s z|7HbINLpD{qxdCU;x0rXPE7o&hndBBW)>-f!4*KfdH=QWgKqODOvvGkfw+j`tYHOt zqBX}wXG(HQY#GsV&I_};xT|G}ho!=D0h@Psig zO7{b~$fmTApFb^2l}%$-Bi<=1^Pop0-ots*e5q=@`|?G2%;+|_qYS!HL~+%ec6x2v z1m*x#!a2rZA^C2%K!saRTYs|x5QIGS`@WCcB-V0qQuh319TWtAO^iC*-bIv1NL1C< zU5xxOb>r1}<9qmKb`@({f>bgNGCe-tsHk@bGo;pX($cy{Mr}(vgPR~sms)6`EChJ5 zE#?HHVdmz3g2rY1feuZJGw|nDe(<$wQC?R5y`0bso~HLdRR!!}(nQjMz))0VY-)M~ z$qIJDuvDo-&;CZfGkPNU-$xV#<$};NF*POCitZ}3oECz6^W}o`q?DusvnD4ntO0X-9B_H*IQjEl!5*8hl`vJ9oI5 z=LS})xxsY#vSq|iSQDxtVU&_D#uLDi){%Pr{5j7$%wFr&Sd|gP2qJFh&O0~@5Qqa< zY5emiM2w6^FNzsy>9UH7r=|K-jy#XX(42IWG=VSXcj{8PdiGS$mCYVfySGh0eCJQk z&8_xBR`@dW2`H|wb@0Fe9+&Q=#D_Bp38({q=5+r8#LhF$(@4-lz!Ax^S7H?I+@R#? z$<7VTlT}mU(6oUWQ+cx;T$p9xTkz4-PZiOG?z#64D(y-;((9jC@>iF+BNy}zGc3B? zeqn$AQnvBVyk`o^SufF7_3KnYV5p6y3iHE{$i1f`E`khXlw@U95RJUb!O-c(cz0gf zIY4l@mr^lBUbe9;W9!$itKABTD42maguSP=XJ3Ql&v)s6yq8$UUkhhC!9NA;!6=RX zq5ch*6jO~&{}q`q)VrLB1>o25Og?P_79B!_vtl&~-WmNxRkX15kml?MOv7p<3_wWG zdqtbB|3s9cGh)3A>wwrNvgN}_efe_bhEt|JNK6Nj%wD0ci`YjYF6fsDl<>x+s`V@yQv^dNSphAEnV106T(J~+%VZNUk zAaWAmRAgi^p^eIw8AkLdoB<^gp|tdtornJ<*vjVDPn%hxYMCP*2V~Aq>p^XVkyH!O zP20v|ABX)YX*W48mu8P~87lFjCHj%Lwx7?)7!zPky5UPvm7wO=K-rJ_i=y@Y`yJA| z!oxqjeftB(wf2l2f>Oq3sAZG$DHH_^=>nTEUmi8{Ny@xSEs0NM*6|!|ZEY>td$7q1 zKMn&}M%zdyO6R}_AE|VnK@dQz^o@TqZX z9lsL#r}w=Ya;l%;bPYX)JPXx3vkmxQ3o*`(D92lqS92Y2g5-GJz4pkotbbYkd~}N7 zwvHBL7r1%*JDLHgbE6|7MzHH`w5SJP+o)*n|8ZIhftVC#bx|;AmC>l+&MAc%qT!L> z#C2kZgW(<>^d4-Dtga5N`SkT`>p$-$k}sk6Q5U3k(jvg2I~#%T+n>y&+F^AA1FWfP zKbxut;PJAnjXh=ecxZm5 zvPv2IwuZkiUA@X|KiZcXis#g@1^~R~mLDmnPgjB)@x&9d!fVRQ%A{pwZ%^#Ob}bUQ zW`GbQSy4K#N!ng8iVu%xhoYW=0VRpn=d)ox->BTFxv86ET8l1R$$ZdJ{A z@L;N>BF|w(iWsI1_~DITxX>r#G9CMFHkc46f`fZ?Uy5L}=n?2H#VM^fzy}6&dRcF& zH*fn!it$Axqvw}(;{5T*mP%6O?kP2U|tt66d+eC0xQ>TXT zA!#5$9R;c4Xn<;REgux@E8A)L$P!Khqz;7=?!RWJfGN%ctXWsnz9(G>V9d{3CD)&#PP;@qN?^P9_42I0UFz!3e&F!`#yBt4lkeJ()aXhLNsr(dCu2t-@L__R3NC z)=46hq=zEQN;-M*J*d@?!|5)6auNX`#&t0APB$@~!2fSK;x%XIXOzjf!kAuAk&!|D zPh4IBn5M2S%q{NOQ}*uNGuQV(1oS-4^omYSS-H9M(Q!pbw=9H zsTS1(sKdEJHqOHKLv&lqmT^IvR`+(+r%Wf#U=&GWRof_EVCR$*%6F+5p&V(|`oFXS z!4ppCos@JoxRt4oQ3I+=9Ad!sGNb>GfL_}#skg!D$IG1ce{e^uo$=ZEd1dhTDR30j z43{oFV|}wpYY(vr5r-xo390|5P~#;p29(iswsJ-|8EG{L9*Ahm}j5Sd>Wc!1vaC9jyS7aC7*st)+R1x{1k} zJEn$*yXy5c>J}IM@WO!et7a@HvCq~MOFzZ~3-p!TwppvGxBb)y7ndkE_?Q)wA*yRM$L{lQm5wt}*gJ$kTcDMc-va zxBI#o{8Ji3We*W2DAk@kLC=PctBW8b;JJL;hVcYQqfCV+J3+~ng~?9w$A9x8tdz)(l6xY zNlHi{2P;$aZ+YyR?5r<{$$7BbX9En6&v|p6_}}768ak~5)ixnMyFDMqkkt?9pa68~^_ zP|#gWk0&(=DRH+8@aDUK>m;QWZTWinp95O%Y)bpNRRoraxWbCHBpwLN{%$@94ab5hf-v zI|3IL8hN(0nEqNse5Tc-Q2s5KEG*ne55tcjlo&K(#M6flrApmcC(9g9$0KxG)GwUZ z97CUKQ>G&lC`ZCyqIM^ffbr`(BUe99Dfsu?bCiIX0r;Go;p@u|l|*I~@E{aT0!#zX zgtI`!05~qLfnEy6hH(z_5dIrIggn$RvTNE!@|CK&Z%_@!PE ziVIkMi;wDcNogvi078clLVZ}+moK|K2wG@Dp}fU4=(brW%=hFUKARsEOXE+HtY8mI z#>!X&HBTra;%OoHJ6$^WZ;-aOi@m-5iWT07Oywu;y(eTuR3}2k0d7JV2mRvEfx1y@ zx;(UCzdT5qf9sFjyLT}(x{!VV)$-R7J)>qEyv!5dwNs~pkDjADuSD~Gi;qD;NTD4Z z8cMF^FQPdFFq|=YvW%=OYq!(<+tPp^$eA+2$TRBywHr1FP(R;+?Gb!(R4cV@=fRGP z@DfT(Grto2%fB0EdF{I(bP26?fn!>5z=fwYz@BGQEI;DUP5&HUa9 zQQqEvlojUQyI0KOt?3`Sib?uT77IM-e@E9!_fogD9&YbGd|6fF*}YJtdjC-?!-h{BPiPYi*Car5>&wRlBTg) z1-gOvcI3dRs;I;Wg1ntOaeBIVW=6Y`zPD;LHTG8_S5m@+Pdqwm<7#pf+UVFjcq{!D zSNLq&MEb=iZp*c+*RBEmanmJtQrSU#Vf^b9MQsK>2ISRrxES8rUeC_0)4+pOsOITj z%Cm#H@}w(Tfqj#TMs>ux=pEe;$N@iuutbK~T(7#muH;11kJK(KamuF#0ft3da02-T zLJkG?~E_ zu|StYwa-J1NF1jr?_0w97!}NuG%f)_^2KFc`x1Jup*XL*C!AlZDmb(v-6bHFyqrwe zB*uTB8d=G*BW@qJd;Xj`&NlrztmI82nP#9^&YrLeI1Dt?l_H7a_!N@_rD?Bu>^SI5 z>0=@yBSO;v3ww{&7O)rsYISKEj^QP*Ux!@{AS#>2On=2bmP?m7N;qjXc=ePKAutm1 zQLg_IXT6alwfwGclg3fO!`gZe*a~+8n2qCfxGhD<-(?eT zh7M@@LVpjW!d^gq-?a!PGD?@xi?dZquy$LL<_kZmqNbJ@AHVYuqb%^*2XNnWt5ILn zQOs?-K$8ucdF@(TebkMK64$Q#FIei=na?h)ZXemzZ(7l$$<^b1h#Cm8fbIiF)4>UI zyW|yGHX^ODiEXOVzQc!ua)TfkL39!A)f)dp4CVh94?k$7jcFzOkDM$6ivVwHceY+3N+U9k?}1&{P&LyaHu$sMY_7H3w z&T+6P>6u1bvwtP|C2Nn3QdrLD)hdD&Aq*MPF5n05ab1TizfFo6(qZ6ZA@9KjfC}-s zWy(_KGh9#e{LU=%!Bv>78nlT;B_~dt0D?sJ%ty>7uOk(#aPSN$z>ieG6KF|~*K{dDrw5#gzAx!s{~*o#nqNy03tz|v1-*Xl!_!WHc|L0 zc)9Zga=L=Ub9h+9+=F9=>9Vix&9GX1=~yvPZB2O*3oDA>?~eV7Tz#49t^foFpD z>Bbj!KS2i&pfK72lqIsXBmsnljdjUkiaey5TZ07y(UOdrS9`Csu*#WT96WCnK@?kX z(H?Cz##eA<;fE7JG^UPVR4~?Nv)IqBmFy-;eY^Sm#sRf8Hqt$vTwMjGll;=KasNPj zwX9n?+&4}p4GCjKRP*!?oKn}KAsQNb;7H892S~?E?N&jRH?kI0I@V);tpAXAO=L7D`!0y z`H7A{u5>z`lqB5@ks+lq(lI-TZ?ZuuTTw}gE8w_s5C*}}%kU+@eblueQNI@F84etH z_xW>ZQQQ+bNJgVa_f21)3dPSR3Gyt_DHRZtwrJ8M@pXoja+Sxi_PCDb4{-r38TCF- zQ?hv?q z+HhUx1_v<>WLE|p1Tq>eYKr+F;l!n#pfo_wLv&$74#AP4kBn#@K6sen%Jatm)dCE2 zIcy-6bv&KzHOW|;@kBVp?4Br`G8xX&V(TVQ)deU#OZ_uZp@O1A4*YWsIu zB0{XlHYdZrownG?p~ZJkd=!^`;%;B9fYu&UWuRqHn^C8HP1rI-awmwfD)(lI6N0?i9XMJz>NI|YSkfHezvIAi1uUX8}Wd-SdeCuEFF z#7n6lxs44)m8i+?>za*sH^^Nr5r~qtUkS7PHa!B3ox&X^R{PPD z+)9@zBJ9vN%pTZFJ}b=U76)&aS zSt*N;d-{=fn6eRwQE(xo=tX$C2lJ$Ykcy_#4ii#0OT1a=znof|ctXv=X{Rrwe5qRX zrdz|hZFYT=b0603?U40qfx;|>z{k3W#4-{)E}*o_FDrM9*%~|UNXBHBm=7CsGc(s9 z+d?oyaKW^=$AJI4F zc4w&1%6ggwN(*#p%?IUV9M(-N8@?O38B)YesZ&DM&f(p0tr8?jFBfT|B}x4*E?mdl z+^a}@13l3jyjYJ3TO^)8R>{9eW<0lWB1b{zkxWm>C z8SeUl6HdIZtdu$?Y*|H>#3QeFlBF3)%b8vcH*UOxz788(Vdc%LDU&Ao{`%Rwbm5#i z`zg}%M+iVgf6Vr9(cFqhTgdZ^!wzoRB#j)Dkb-rlmcIVQ+z8HdgRv?zzmM5wnU?{z?kfCaZVe1B0%^^D*YF|d`+&io^d_&dHv zGr?-lw6sHeS0WOwwbJL)8Ld0o*X<#N%ZnOLz@>W-h_D89y^I4`S0JS}$;&z&n?n z4y9ui%*@d>7MPzr3E{9B85@KJ-As}HIlkHKv(LZ>c)G|LY&to2`gEW}V1%k5P=q8!8K9QUtAAH#^Y@ zGP=9O?dUK-40<}%LozOVDCC{|&$9pS_pC6*3ZulBk3V?yC|Am%N?edK93}@0J^F4M^Bz?pT~92lpA9d(C@zk?R+y2Y z&W8^PId}1*Z1{8S0R!r5Yx!ypBV3b*aRCm-VU{`6EKS$y%UBoJ$xC7Bf@+5O1gipD>{+~q%Z~!BYHl*1FXqvp-ISnADvl)SO**!^aolQZRBHgGMqvvPR@|MBGf0X9|zo< zd08+R{s?eEFL#ro)zQ(mR#w6mtM!ITVJ}`rS3)1d-;72$iUQ}rl-G=StZ5x39LSbV z+-_no4L8j$L?ft1(G78E{{KDQk7($*>+-hTH!-<)uC=yxOh3JJ!Q{t#_w5nwI$otU z?qa~cb=A!;v{#nw)w10sXEJ%&-rb8eZAIgzgiP@nymXLr@GgCWbc?U0AI$4xRveLi zyveN1IQ(mK+SiqD)|D3O72f)ABQYf3#i+y%+r@b^XJTjIO)&^ugYF9JC(D@I&t=MI z%9<(|Mo}e^trgpOD#2KR%HQRXScfJPJrYmJs4i9FT(7Z1uijZWyXUB@ySMLuH&Sn= zxy1aW;@NhocY6AYsT}6H0^*`m{&-8H#qEs4Egsd;s(}oIGp%rhK$^PiZn)3@QU}vB zw>2FS$muOo6UL6!V7v-~l0)-FMPkedC8_$`Hcm}DmijMM40p$H}8xso9v+p#&m1h3a2~)rd+qT^ff270=BXk_`tF5ekv~-J9RzX1$ zfiWq`nt#MmgWQ>S;8vhh*j|IcD|I8B!*+;Yf1Das%YxcbX>DGKryH76`wE9b z_!-l+KzF51!LT)AzCCqBE#`Ay$ce-!C;a*;Ht65s=q(3nq6*@oFSN?mpSlvUWsFA1 zjz65Z7j&?7s#>=KBesd51>4n|8Bca`G_xGQ-NZ9`S`h3Yg7jypo zcTC(f4s5X>n8#=5|NL&7;NMiTJwdOVL-TwU~1-qM+R^9?p;UKU3!q%rB3@=vY z)3b1gIT4$k#!xNL5d}!2W5T1lx{13OiMa_3<7=%bS4gNY^*| zt&g!-eRhx4>Mv*K1njwS!_@oRY6calc6nwHl6?R2d%I%$rx}ydbYF?OPFnQh!eW@) zSGCK?yWnfa_8DTLyY$-7eLQs3_~~ZXm_il>(N`A=c1IvcG^L==kQ2l^R58yA3*|)2 zC-^W|N91|D1BeV97QXjPKA<1%`M1x7g2a-b?o(UV;j$f^9Ak>qE^M5Jhhb2YhCFTv z;Np^t&Nx!u=A1G|2UK_FPzBQGdIqH~Q2#Kw@UqnW-|LwXo?Cb;XSBzuP*9_Onwo%C zfYyy)GQU?nX0Zfgf){?#qWlhK0i{T zty@CL$|Atxq9XOBuhK&A+<7r&y{ub}?!TYiZ>DdU!Rjel`|BtN#Wk3{BT~&gcaBY( z0|Fo_z#$8tJ>xQZ^rmLw=Tz%-D=Q>N3&6Aw#P0@4Wk9vCFg!R|BY;4Eo%)FHKgWS2 zuxHO6lz7r2S`Q|VchEFoRkN6yG2Ein7+Moeg1CUg0lNw&PxQ~-G`O1($YkzgQhJej z5F?$sc13R&{P)33d-RCAS&CLtazsk9BxKd0>E)6+slyHK8C)jr{r4MXB*uSt3Nx9V zL-XQ!ze$;l%Oo8?m@*=}rm(`O^^!v}vIpWDZqOAJ&ryb}K9yV^a$qGa))zj9FiG26 zU^f8KDX&Gbla@ww)8MGnIL@6tyI%l?)XXTdKqkU8+a-kwG(C^9G1?J>1`oz9yOjNc zHv*~ObR(@kjT4D)&-9>C*VQF}itbGDtGu&w?dwZx6Y4fjQIr$W`cT#6yQBy+ARu%T;(Hnrhf`7nzca!NNKc@oBIMC+ zXMG^YZWTas_cRPoq3{Ft@WjoEirz_yKr46FdE^HT za6OvF*}|FSWd)DCv17+ZE$XnWa~F*(i%r`!G$z!{bn1RiZ^yL$*@pZ5y-IC{e6pXg zyYF@OoKPv*+7^=>W_JAa)~B|ip%wnaq!Cs3msi*8p%VWu*4{j<=Y4(q&a#jxVTnqT zaY=zl_9CtDnp3OG$^9M5J^-dq9l!ql%WBQC>kUU&+C)D*WSP1 zegE-1$MJOB$G(4i?M2`3=ktDF!+D<9dHJ4#)O2AyydbMf*X~!b`^C5F^s!^uCanif zf@G$^p~=K$pyTU%eTvls2YOv*<;^RKMk=^SQq@`9Hb_`p$M>X8h%ZDxaAXy(J`_F} zmpXo7C`yYrc%^tp%@7%x+m-3JLYd%3t0PJyJqm(eDXDFgJo0r3RPOhktB$e68tm}( zjg>QA&zohSZWv`rPr&77=j`90qC_nG{!1V2t4i6}@t&{4M*$n-x^nq9z!heN0wSzr z{vE)HzX&1sd)B*c86%8iG)uF^%W;h4%25+1)^SjU%Pc#f^%hJTRrkAhOT=zPzqAq# zIW4n!tld%^!OXguus!9|y$1wC!f@YSy)I}Vc*xk`o}_*l{CAQVAHgpB86KZQS_rq5T*UU%qUa(OFv_TEYOul!YFNHqk3+YNl-|c|Zxs z%AUMxO^ISl$FV)LPE6Y53A`A!O6lFbnz{|^_zj>TbQwQ>{=BnYNv@dRH#JXJ5N=Xz zpmUBiKpuki7m}GJ0e$aE0Hu>8Y~A|hZ^DWN3j50!@blp?scaWw53+~1 z!P~#3`b$Z%w5{fd_R&Q^P%z3lN6aGm($@v6uAeXaQ&Nw}2L}bMVwW*Fj?2i4&f5pm zL@ysXa2)k17lp0@3sbuo&7N+@2S~1XKJP+gX!XL>p&O0LT|D*uMfXw0tZj$d<)RQcps^zK^v7{44s;I4 z#1U&z&sVk4sH20S%RJ)i8>F#G#-@!+j6?>cB|R&Pg)$%nBbJL9tdfQcAm?z|Q=U9A zcKQiu3U;i`C&Z5F%4Nb}_uqe~R{<3uy7n77#jj>5S=9xB4ozpZ^ifpMG)7=MU|^f^ zzcP`A(>O6_8@{clx{B!dQu z$KRRE>f5`wu;RL@3H=Tsc2n~^+BSe7IxFEhKYNw$Lq|9b*CIj(7R<~IZ6Q^ptG-+lMUkwwgWaWnB{@zfpJ7QylY#LVz^>O*y+u3c;62Eldkp$IjB%v_}T zDHy!f7ebg6_#(dZ1Y0;L!DzP8MEXcS*UR=#3TJ-obUaAL(gEs=Np>&`4yLyxp@YJ0 zItEzGnD7ssPiI3zG2tm#wEpePFpx{bOb0BHbVtCT<4${f!L?Av z7zH(95U|x?Jih0GJQ0#SD{9Jv?8p>TA=x_}Rt=*zm88)`i3vn{d%dSG{+5Ct7HN-K zhtb!FOP5lX5_&Fh?s;yY-+@2T=K|eM=1mcLXuL^W#I}JVK}H^|!-|(!+uRFOV~7HF z=Y-6}SK@pYw*E{3AT(s_f*|W;wVGgD=Q>VX7_K2H0EBt=pQUr|u(+{zMQciE$LZc; zw%cj`lG>VHQ?|a^s8QjbrJoN%Lk+31`AwP&K)W|M2qqxQ6|1=m=CSIR2!kLF)E}xu z3Uzy_gDD)&Atx`&Qbv-Up-EZ9%ByDpZlTK_={|xe>-bZ_fiXIIlBOn8D`9q_5)??- z8h9{jz;|ZB3%A*AwUDDxkP=Revk$VNx1DYPmyWaC5%6i|eor33jFnq@)z2@7qXVc& z#T=Jf0l-xUm_c2^o1=I#N!9)l1JV@HUyr4F+-eD$zZic)AjMecS?9a zgh^6Rct2t2kISnhbx?oSXzvVE%;a)D3McWs>jpZm>Ueqb1187SuFt0|`tvGsjiiX8Ekwo*cW>l48gd!=;eDClsV)(C>^RzYF~jI zjnS^Qwl+575uPX!V%QIt^&6!b1Nl^IACag{`HpQlV$7$A{!LAPFf~9?AjI=$nl}H0Gd)oZ=Kqp4Df{7yc+w!mirYXo555M2{cS zpe!9bmH-D4?CST4Z`1OwEtKVV`W< zR>OjMg0HHMeczd{tMgxVO%Bx3TrL)(7gw&nId_1xTYHpnMZhhlX=%B?e`FsxYY52~ zzt&0Yk;pPpRhSLSz%o)jy**Bw5@?GB%y~#3h+G;X;|=pgb17)v`Yv0#RC&UL@Vqz} z7T_#SN2!{4UzZfs_l@wtj zbY|h0iaw$b9bsAV?w>xO5pu;L2fP$y!u;+wWe|@-EvzsqGaTIAXB{QRQ@+ub-l~*B zS(uxWvYynB7MjWeOw45U83MVs!v&}qB79XQl~UH#Nfkb{!Qhe&kJAAPNO!yn7Ri*i zrB3xoV@{p&f*mbDNFR1fAynNB^2xip%P0w86^EA|8T;&JZDAi^a|1Dt8gLbe0cs0? zjU>jU3jA))adcU{ftd@`B%5vx6cl6FkkMP7`8l3aX}H+D*)vT@k|OcOM{c3b6ME{X zWnGFv3wNw`mFGLMOM}JOxXR^AHchq?}GROmy-5D-QvM6%va+_`#{Tik<5Mjrax4nA6pdIJT4*EFw*EnKvLLO4 z)Z^LTt6>l=tV4>~$iR=Mo?I&F-+gJ<>Bsi;KC)}(`|zOrf{x(PqR7D?lN_I4KPSx5 zpVg|+rO!Z;erV9(-jofl4ToqIKAt8^2v+$LCxh_(UC7-SEihIH1tc} z`TfT&gcf{PW>5MH8cXRua}X%<;i_r}@d|UsyxNFHFrG7mIvLr0X-UaMkM>sdWnbGv zDn5mLTL)loQpW4o4&eYm{l z;<*ovsLa!jLpE(FTkxr$nsa3idAae++t+Y9ksr^8cu8kieN!3!(4t|`7h4^_2NSBP ze<TL1Ys(R3{xWt^z0=UXx7O-(54%A{Hdd} zMqhv5yZqc-N;->}LfBzSf6hq0I~#)8S(_`2_XsyTfC94i#g)Oq^|D)za@tRyrnTDD z-a3`5Se&F26!0u94VFG^j@6dPsHoMrB?n|m^z3=m&o87G|5G0*@j;WexYCpp-WVx; zzA=b1bwR&}khOkUFJG*xDZJ7Ba>3l}9&Pmh%svf~mR47K`hN8mJC|vtNsbz9{TiX9 zlwqZ6=GvQ8ZW9?>K^_R+V-EjZ^fdJRwNhlaXPszP+ zn^}BI>A069dqd-AvMuH-NW_I9uPv!`4J%>}epWlCV=p!g!qQJ%}* zkGCHxCzt8rtE~8@JVM=0kRc2kFE>;F!sz4=HbrIQ%H-T;Y7>Q+x#dT+pAbWxL(tsS z^M^j^{2>T>kooxIOrQXXGJ|F{Uc`uq(emZtQcK@2 zu|cLn0;J}+j-6L&sUr$X#rjwIjTBzP zC^`Vw2&!wFO#e#}5pncz49BUfm*Hvlo|cOjL2n_;s16U2o1Z;mkiYzb zh#yjLDj|IvYl}VJCb;A$r!W-%30u0xycxCqTEfumGDR+@<($TN8mV#38sUk0`$3Ll zv~IMa5^s;iiKdu@`*1z@X28O<2|G`CON^oMV)-aRx@-47LnhniaBvuzYxWp1up~UW zKrDl~aBy*SdYWe6=zEk`M)oW*bM7y><;(N%!p3~Y{R`>-?7xmOHJLIy-%A?8U-si3Lb*Q+(MlV*tDcy84y0+F{Wl_cjMw% zB1DHBGNS|(gt9c^71AiC%PJ7iH&dKqFws!B)jnoQLk_g zaR>KFpKZL4`H(g!9rhga5GD;d#2h2@4p~lU(SZN}f@Ovd6|_QtTMQ`DZc!23XGawy zHgDpcu8CI>W$0kBjbqhpn29V0LR?NU4FZ<`Om>AlG#zu89ITNS?*xqNP?`AQk}BsnVxI5BiI^*5+P9IYLLjYNGKP>gLB z@8gw#j)4iBS!j*-8_%$V=+*L=DWPx>9{e>UnK19&JM`4r4>d|XvbrA z^YY3lTo_?0T;tKEC(deeBWQN!?0^-h#bGdMk0S-EqkVm(2gu1Oj~N60F=g23^Iqqt zeFm3D$jp4k>3#cp)cSlAb6?pfOW(H3%4>XcW?JqXceWYmIB7<2kBIAD1HZ5I?Ngl80+dbj)KNt(~2~vk$nxo3)K6O_fSY5B{ z{p@m^)-sdX`;SN~6mC3b`g0J>v!}$Nr&d{v(DB4+w&?UQDZ<_GnKJ z1^fT9=k7?h!#|kHb*|Eu&of^RagTt9ZjvA<{_AH4KFa_8zXhLrtN$_z z|Nru9MKAx$RYRcpohKhpnO)#~>W}|PiHbhUiRsFk6`P6zAI5#ZH0Dy1{jMkfeDAuN zhbz`qPT8xv=Z;I&s8kC{(N(Q^XAT^+d^|}vfbj@!v+FMXndB+XMe(~Ow_<`n2*8e* z^ITvZxSY>&-CAd(E(ep6olZ2}J}o<29*cCdC*A52huim&>*D3tH)!!2Qv_hW3LjYrb|MQRU^0 zW6Qw*cOxY&YIFG!G1xeL8JC=^le&FvT83JqoKE<0{L z$_nh8>lg4Sz(=T15PTwMe%++pngAt6hvWf7MM*@#wN-A_4U31QY8Xla<8=O>Z9bAb zwdSuS552h3v0vW65-|T5zv=y7!KN4l!i#fxJT+cgtC=wIjs$AoyNphFYQvTEE<4Od zjhivc{8njuyGV3ym6mDJm57e7liF4gzQDMshMMZ@?Q2(P-AASgyzeTkErv@ur{$s; zTg5aWCLTyp?PAsz%*3jD`0(NQ4`*hwsd@#o49Gpntsssey%2h%mfGd&s^PYQVGRJ3 z0U~4zh_QzB*$df$g(qo;{!ivqc<2c4d+u!sjkWQyOgX;#bdrfm%jgw4s*2sc6owDa zsXHL2 zi~lE46|1h+KelD|30ybT|hqb_^qR%WmHr)^Zr>+ zcK#VOKUN4U7`-iBfITDs^15~JDYxmwV0gG24%9r2jlLbK$SQ0 zCCz`xXvkzK2HFE`BRD+5UYA5RLY*UNK^Fp825ztw%>_ilc&C}tj+&p*D(bc2*Xc7D0v`w%_hQU99aep8Gy+4F;)<2i?~imHZuSBQA{;UkBN{I9WP%biG)iL_$cBuhg9B;d;Col}nEoR6{il$v zS&QjoqA5E$UuY%~U{HvP_LIV)0%)LU_2F`>REm)Yr5=`pVm7K?qCxu}Ha~fSK4IzM zLj|l-DCYsB`*d%-Ro`*;`~`S)*vk;D&(IyE{>uz86U)wK;_7(Jc!@fvvhnt48mDZ0 zHLz zcpI@~#0VXwA!6@v4tD?fSrcGTBOo)rgPy#hSU5CkX()fY7Q_>?xI~Qpl&8-Yw%lL2 z9frvGGp>K29_m;Cs@X_D`7mD{5;9!jF2Ijt$?xZ+CP&Z|!F>afnApn8%Alp;z()KOK`ELe(RKesmdcSixxu8I8ZF=p%eawT5L<63)On1% zUWVy3px!#wvk+`y znmW|-XxwlPk?LG&k~v`TV1So{Q2qRJE1AoTsGHu$r97}t!(+#HCrmKsr!yR8iUg-<<@YM&yewp16 zI~N}nhPttH;BwN4dHZo8e1}ahLS%L>emyCMR5sjuvX*8t=pe-psPvFNbLiCO&Yc_M z0%P&zRkT+Md0z>R9yq7z%iEuT(h!{0dzk4xdg8=valp3n12auboZ(dXUeL7Oeq=KN zB*1A17(g4ffP2wAA~J1@!YFNR44Y_>1*sR*%z$;T)9&YgFZZV8%O!;bY- z01yS8;hmKRnyZf+Ck+1d=^hH@#{~*|e!|<23N%6XE&mOhI4xhnbr3cM1mNpgb&hZO zr=!>>zIy!{XFul4jB8C+ubu&{gT{c`#3cR9LA(~wvU1;;Q2k*+%me&E%hRsR!YRqEgiemNzvhRgKGwfD4>Sq>`&_3FRt zFW0HVzW+T?=kvvo5YP6XXd{Vr@9Sq5QL>Y?fQ0y&<12%AS~OiM$QAqx)hlQX1I3&u z*w6+zreFMvH^qU*pp$Sg6e^XOO#c0wgW*0qUmt_BI9e@IT4sCg!s*xN|HHt1=rA3R zybU`$Vcp3?3r?y6%gw+VTl?%5&XUwlU<9-rI6okXl!YBYYD~(p&MvDCd5(1p+qYiZ z4$ewWwnW`P?LaBvEm^(q$DFTg2Dn@2FYY-X0X$^W@-9>b#GfU+{WJ>DxYQmw>PU-u zZ2r{;y0!+QST;V=^ZKg08Wj7bxgdga=vyCncJUUrr#H8>0MTl+ZnoBshzEU~SUv7SDK!})^7B`k@re&&fqAH57iKNN903ZBLX%EczjCO&;{R44A`n$$2?N`z@+3zi+8&NFKL`#f%$OGM+O?~hb8nD73|in$lmmyW4=A8@G;js zY+r7fHBCiH>CJ&5{22_sMvWi;lV=DZ?7=3Vb|V2A*aVPdW@_43T2&}_m@Q`@hJK6@ zxQ{^kCJyH#hgI?Tkws8Q1pvW9q@nf-D-S9WVg^#Ks-(h=+a4`dk-04uHQjtw%bbFz zV$Jj1>}x*Emu3JIOUkQecMiKt#k#mWmkAn?m!57%qPnyBE!8B6nhh<9h-X}wjwwLP zfAuO(r3l{(Xr@`8Cpkb?_O3(m4AFj?Y|536BgY?QFA9yX{XC%09C-!zik01(qfkcI zm1lBZWuv0J2m;HW0>{C!0~|gd4GJlAyWo$Ywoa!m_NdSp&rVm`LLO(|eh}j*`|<)f zZe;k48b8UT|C8fc;=%r>*~^yQ<~ZkDla_?t&=-16wxzs8bFBjnMcHJkbP7JOljj+t zvGL5@buq^o>?VVq$+Yf)VDjL>fg%Rtp;@aw7OWK1(ZZ$}^<3pzE&e{eBN9WjoCT8# zmu~(bo%SKFz76|Uq5dW}qev{iF$xV%9MIvyEqoQvM{F%|DOegA$v4R4ihkRfr|WGM6Nz*-@&x1pm1gc__9t& zSlAqSn&*!h*8e7W61LYGW-miksZ)KW*MsYo0XI|o8mH#p`ADwhLB~cJBAN;qibw-; zcI8S}Fir#rLc*c!r0l`7X8IPvzleKD|IT-${9s%$05BF<8#ca`aa++`6cw=GRA^>x zQKjJ*p8iqZ$rlxGuiJH(wa4%~p<41Vo5Tl_xNU8SmXg3DN$>(HI^Hn7MbAxkB1F+{ zFxc4!eMH$#|K_k_2hb|ogutFtQ0o!d(FA7^ajBaq+{m@ui1+n9syV4l_>-)EjaWd% zb25xg=kibNHeBZ!;f}hUY9n7p0v`t60N)1`htNr=2$QeIau5T6pZIQe$FG{{5KM!} zx@3rh9amQQ4o`Sv?~(Qsuwwyw0I2fhcDs}Gjh?>>!G-W z1d~Vn#r$;e7vph4%ww=Re(j^~e86Sie+(U}ZJQH<+NwT^1>!GXzc%B&0yfisQ|^X^ zeX^}~)iB|U;tBvPWXn__eXT_Ok*C0B1c5I5jMvS z-xv{{BHN0|@IY4YD7mTbBCE#H#ZlZxe2SrvKYLcX!iNk2UH9q5l>#ffq0ax-0wBqv zsh?-C>aAqs5ibxv2y5Q=^gYXIlgS?Z5pI_JfC1D`cX&e@Kkp0J%_Xu5pA!9BZsM-( zNEDGhD4IU}>2-e`Z;#l-8NCA#kMJ4bBvL&mV$Ida$t+o(^djJrwnw`;{S*}@7$CK` z_Iy!~dVn|93s5joH z`E`xmK>PU9hSd|PDEd8SdX)d;kH=HpNe$^QUZ^W6 z9TL8qgM&l1%_#E~N~hQ#PN$2`mysXmk_TN{mQsH4(lWeP_Ar6|@%!NSR83S)=Q zJ7%*+nlcv0RPwr~Bs{SuT{lyvd=du22uH`A4sYPV+m7dEk}S@$YvaTT6W%x?GW33P zo#Yz~&^Q7zI5|5veEW9n#0eHAOE<>2{@M*i`Ag=cf;l{Fx)ytdt55Lc;d4PSad^*Q zgOC2aN(+=A}xw1^#+2U7F!hZyMc#A+{IoVCgh*0mGjr!NvNWjHIKd|y}Aznc2_Qk?) zt}C{*wFUoWB_kWMk~lfkHWv?-4t`N~H5!uGCLIeA|J4<%NT0-5Xao?KO+&}*LrNfZ zP~GBzC!OLJIbzCgJc#@hW*PE$>So)eD2zGov))GQ(EjQP{aJbq3%*%^=6!uz{-QJlnP zWYI7a6)@g{1xi}um!snSKL=X7CrOGu_+D01v%sLdw~h~$8=dIxq!u*bb#0xapq_^* zCnx~TZJAFk(mfcH%2Y2S(CCKg+3{oksQuVtVr7T>a;PMpn-H*xCp5)O30G>n;8sP6 z4zhP=W1&cVoU$^02A9fjB02X-O6mY$M#=^`dJiD7R&H#oMdu`K5d_%qQPE8`T`#f* z`(HmRqfTBaRZpix$jght<$}SD%-_7%%)WbdZ$U)y@4svH6#wJqivOkwO*h5J4119M z$z^w2O-sxFAPQ5Kzl@8DVr^v(Qyjs`N>VkiMRaZd`tjU0^1-6>Qpz(AH>Usd`^DT> zxnofuo)3?c${pT<64DP+` zk(c~@_9!LJ`sZKv^Z-=+7tOfWKp>cY{kSW-UHk9dz8(Gl-_x1@2e0_=zm$1)#)m6y z|F46WzgWhY&(G)mVj1JZZYQq$=i@gwTEI^ZeKh;b>-85O59uS??_%?`YJjDv&m3WF zI+xH3dl0+*4=YMd{9HfF=}r4N?~CBdt-B9L*^)0`7!-T32!r^H+}!BgS=2!c)n~qh znz6O8$Vpw>#Z5C!W|sbg;a2NTXWf5$v2V)kNbP7D<5%YwREU{w*zi}!?2+=wbx?Lg z5;{6gx;eKP_5Jp*9WKlXF>6yc1})y?t5)>BJtT(Wo131UokWDAS`hxbxUgUI*Ss0Y zxiT3Df?UDG7-K?j#Y#e>Ybu3f)=bmEVyys=q=6Y|z`&#Y8ANI$7m z@wj2D3eGJ=dJl4cVAsDGL;1fCqiGBF6`}gjhU|TynzWy6k~Iayx2FORfGQWVj(>v% zU2EvrDwF^Jnn`1VY=8*+vp?8$L*eT0pT2Y{`G#E+JZ|bWX3b?Kc7LWF;K{=6{u;6s z7OBzkpFHWpu?JE#T2BK2O^Kj}(jq7z0E?oxbz5P%q9A{;Qx%3vq@_9fVNIG#$Eq(# zrPdWDK=~UG&N2>bef@vWrfscyK3bFp#YE;}HBnCmc!4)>TB$1O`Y;#d36xc=-ct6~ z5Q>m=g=zmWIv815uu_w1C3l&ztG4DxEFn{Ya`H!LI0ykDYMu zK0_B<-Sy0GSah)&P3Qdm>sRKs7A{x-*FM1ZlcN+8JZ>(6O$2kB-X^FkD{q1l$v=;2 z=gq>6Y=NNeB|uR#vk~ZKsERPwmGs{ z#irF^*}^PoMfy1^nt3io%$cXFUkf~RC+9PffH9x2312Y|0M(eFZVv4DtNt-?HFA!7At4V4 zrY{6k0I`ec!%$16U-k07Qef2UQ!5bA40OZMg4YF)^{R z7?;0{UiXC4#}5#=zhciMXv%ULEB?jo5h0b%DvA9dpz5gQkSZbiGq7tULC`c=1>e_A&z$^;h>@}%ZDX*&92}8`N z=%-H`U2PaDA@5T?H}^ZKW~iCB_uNl`e1|@bvnnEc^iikQr`V6sP zAL-XJJy5TiUfq4!T|t52Es4hz=I+%EOiH1L#op$2M8tl{n+W~E9=OuRi^?={$Vz1; zE^uf5n2P7yOe{!&==@2ltu2iVk&NzS_%!GN_;qLq(7c@JwSoB}PBVwkTasb{XKD@r zL(G1PNhtEkfs!H_xu8T^1$3Z-JKc~&z}+dmONfGt!JM;1h#$7bIk! zeOZj7k;cYXB_BWHy~s~H^FHu$j5XhCkYdyMb?^gVpp6=4IQ7ueaMVV5*9ixfXHL5A zFOtbpjm8Iq-oZ%U%gc**9mPgN`H$MUgnVEDN+l(!@j5yld~((t&|$jc6Hu#(TlrSz zIYe{mv&chyM>5xr6Tu9E0!;B=BZ+&a)#=6&W5ul2uLnwb`qPE1AEJjsi3cttCugub z4chjblN6^n?8+6vih|m2ap%I{&e96P^1&id(= z4HKO+RrN=WdT%h-%W7D#K~Oz%lgHSwrG#w-QT~Pgd2~Dzg{8#-LdJN z{q>lpcQtlF-%TqL#S8E4bi%DS<^iNj#LOzbyfEF>m+7uSVw1aGNX_};Vr!Q;EwUr^ z?;UlIwtVbl?K;e*vUh&Hg%vl*@uqk8e#m;87G=um zQ$>Y-E$+IoMj8iG7^un0&JIt88)QPyb;vaqXS2F=pCeNs6beX6e;kq_+o|b);K8EV zLtDhQ)vzzZP$>}|IlVkjd(WYG;vkW+wlJoG8ZCbqdJalCw$WHmDsMFE+Lnrz0YSoj zvLa`?uedl+l-_X{o^#&OVrVnYKY|LXDvfPAk@HlvMG4&M{>)xo-~VHq_BlN#5R$y> zWNrZ&ZT=E?f@&VE1>u<=*2_>&*-_$vcx-q%vaYd_07ab8l^)2Bxn+*ib~DHx*y8SalQg}=d}OV zu3TAQV89^i80}eS>2|ndY)1kj?XLdEy66>zeS(B<&~uB1vvWL#z_o}oM+21Z<5RjS z94f!fKhs(*=FPXbLE8Q^U+89Al_tM8&1tS0>*CU3!(Dw;ae8_|FetQD zSTUkFadf{~W3-cSh}5JJEYu#>Z-avBm!4Ee!>pZx4M-N`fk2$ehn zlc<%kifpO?y`=?kwtg*j+B};nvVwVVMK-({0zrM(U`XoF&+-XW6xD;eBsm16g5X3a+O5Hn)=gbKMe8~^P?1d(wIm6)r z{v?Ks0HmaRgrfl{hk za39)Z+nZV7PB}Am5m*3e;B6(76x?VZGRN0>MkSCq#`tvJEu(j8_YRZ#KCpe7&2A7P zGCts9=I-BF88KNygCc=};k!&K#2(kz|A=VOSDKX;FE?K$q+-#ovimj4EHKbWA3=F% zS$0*0CQhjfef&T0>!M9RU%aWS^-oa=#>69PAhO8UNztZ)Fww&z&7s%xu@nmJ{ ze0eSBN@6lY_mpvXqY=0C!>6ue!NLt1Mz#4grBVD1kYZ3-Y=<&qQh|{vt~(=BlWkk^vf76uOkr&T~qL z98?UnTNo}gtIzDW5)#4j8wLl@aBp2d4Vdx2- z1Dgi~1rhQA#c!`(wOy?xheMlUz=6dNgL(v;DFj==eS&dfA)U9i(0(dI@z%LXnXi1g zsJS)}QjZ9!uBi!w4fhzp#e_EiD>UawztNYJlpN054^9D=2U@Rt9yy%;np#B|uj0Bg zQ7%kku^7-dvl+JH9w!x_O9DTsFOgYCs(RyjzO;OxdAfSRB=^ZMBIUwd7`P@tQ3a%z zV2GCg!kog*h2KMw)WK9%e$oJDLGsUYsGt~_`dHS0t4D`+nSrG*g1^O$H%&H)e0w>@EMBM=u|tj%T%X?Zo%RP%P;AtAwi=2Aw|)K8=FoU8X24(X?5!2YY!SE=cZI0UD?s5(MIkwG;A`~pZO2e3 zgS%vGxXtaFsG%VtE`H};@mOq-Cv19O{8aH=XvTPaUK&o{N92k%p z4C(;(SJ~JM#z_I{P565aK4d(5R^QmT>JIBJy!C?!4~Ro)tr@=G3ik$971`$dHoJv4 z3-d-s5quu#=)@hjZF>iai;D=-2v()4VT+--{r6g%hxujh$u<>K>-L0h&@!4GJ|0X6 zI8ijd2bYg#y8aF#F045wF4T97942@24xJQ(bG8)EpiX2Yl+5-@L3%t#E&z89P@IuT z2rN3Nh*>mR`~f^$eSCe}ID3(Mq&86Ivtt!ez&YePJeGnb>1Y-UH)=F4nzYCDrneut zS!KnI5DxmUW*R}_D{hAWJ;BM#HVXY2>^cBKr)ir${|6`eXjprW=H5r8N-J;uIbuW^ z6+F@*LFuYK`+Hp-dno!yNVqqB5*CZrKeOP^5KrN#uq1=i70&0ZzC~y`;eL@HF*HeI z@o?IbVGkA^Olj?@tb33~PnqD{BPnu|&A84XsKEs6FNzJ*rj7qhMq%qCXiBQ8 z=tMzK7A;&jJ8ei&?0OHPVWLGeB%?%H#G$itJ_(jFMc9 z*+z(hI%AN~Y~)`Jn>}Za#8NH@*qcG@A#bq-tinS`gd;tW?*3xoB+iJ>u<*2iFAg1Z`EcBkO z(e2ATSNqM&>w0J?99{Y%`|{=233|eF==}NIZ_Sc*c6%K#9(2;!j1Zv; zq%dmAlryg9FJ7E24t{p=yW8?k7U@%Aza1l+yQrKzrE@u=`hj)0hn|#BvUUD=p0cQ4 zx<7M_H}KFQYpe_}9Nt!$Q_5XHEIZPhT|z`1o{d|0`yRA z&|Ab)WEH6n7pVOis;Zb8>Y`;t$wzi;P|yh2&3v1yvK)3p$ZQ2YD*Zco`PAvt4kr)( z{qp2;vw*$AhU#BGx(jyK*zGV$TLC*KiI+I&0TmOua2kf%FKyp-Fj8{^T`-rLOt=B6 z5m54s>iTp*d2t2QZvtBU?j2wy1>2e!YXf**`i3)~t(J}c^VNern2?mx+JkoS(esB< zl93_ol;wa>X`Y$Qz+__?TB(({D#60QNJSb}|Nd-Z%_rTA^Wz>0PaDR9O4datjUgh| zgqtdE(qp9#v4^WCn4-ly+2G6wT8H8HKoKr~9N*K*W^?p?nR~4sd)GqcqdsC2^V=KG z!gBIT6&{230h9nsNm>$&Eu)3*dy0#jTPv`iutw#O0jcp{Kex6kACXa;l}hYzPHVo~ zt6#tH)x0lZjrE;k_mSRoYIuwrsr_BW-(^j_3>k5c8_T#?hU+P&EXR#AO=<^PW~zbC zm#4v!l~&Y7JjE~x+=z5`H66O_CuxLvd|=>JyvQT|c|&5Y^H&a0-+bK9k@}5X(}W?)Po3iC>_X#?z=XT{J7b2%<{6H z73Qh3jerf%M3!8awS8}SdS>RPnlb`G*fV({ymQV|sv|0x=^W6+z`>dZjDxO#J6_h_#wDr`u;(Mgwnv;|D1H0CWZs zeQ7)7mYU9@)$iw7UPu@HJyz%R*6{!Ev7WBg73$^VXLZ~6h&?Fn5}&)+?zX=;>apq7 z@RLiUU#xkZp#0Bo_}mZTdCk748#!ML)0Fy~vd>{fK}2UFqCw;p4E6U7MsYu!Nd%ey$obzb{ug`kb{t@;8S@s2is-qyu! zf?K9~_vWY3;-(`~Zwrw(J8Y<0fTND*Fl__G1m3QXV)!LGW;eP zEM1&)-nd6i^075DHY%y8u%Lta4E)MY-`@P}`h-c71opPUnljYgy`9t;i4}<%9Wj*4 z;(*3|5|k8EuwG*X10qULqyxv3;ZR<=z*3lWp=03&aUoh980QqmZbWGmUl7QdmeKff z+@wV#9lp%goh^ReOi%nNbCEyP@0d^$9N#_%={)CO|Mme!OA0@=Z2!c2TD^KTogHuc z9eoBA4%(+A`vt#uOM14Zw7hBH%Hu)D%h_fP#6{?0WfWR6y+w=AoE`3v(r6O**F(ow zQ*g>^gxyykH-C^eLZB0X3`57ff?r}X=$-^mB+hR=nJ}p>7$7`YX*iKdX)9PPbtYQYw-><&SWY!AX6A^VsHZBSv`B1W1&KX_u6Z_c(mLR5oDl1>o zq+3XS^TA(Nk;W4!o<19zg5@RH)hrjPyKSFWGQ_wlm3TX^L`*U=DHJ;$>13K~@LtGw%-K`r_tw>&61itmY+hBx%!`yS#9rqvOgGxJ{C9?jVNegH4}u zAptq~g&6W^ZYp|gtvT^<5n^hLZqcQn)}y}_>I9bdSpNmhlGm}uWZ5!}rlDjBW=0vx zVq%m2lWvF#H2-?~j@I+xd$(nDQB<3?$J_fcf1JOZ3nur+A6Ax@BJuu%2XEiH)s-1F z&LkF_(?19sm}`?dSg2CQ`R0f7GkMv7A~{fLJdBxyhu336%U>y$OMae}Rzx}ASeo3; zE@$(`jTtAG8M0X!NRaQHah`d)o=eu*esA#JGrRr!1Q)M42llt#NENGt(792}1Sp|# zsKmbbq#HN<+~p)CIWuvb@+c<~yI}6fF!CTD6-C9e%hx6$w`D;q?ewY0$SV31s6Rv< zJ5tg+jy?(--d* zoJDA&^2JU(iLodP4_>iyC8PE$7A&X%s}xi~3r_`S&11Zdx>kCI+Z4GC>&xo<1K0@8 zfC+Btd@}^VX2!;k;3Y)t!;&2|NZl&UkHB}l<{B$MU2hOF?mV$mVBEk% z)Kpb5M!iXYilSjg_&&l)1vit<3otzaTLq#*fVLhraLq9Ms29tx;jKQ&4nPa1>%^o5 z?lzzRY_fU4)D(cQuK`~{CgeHqjT#eeBU{MJ`3s?Q!Ua3X5r6)P2#lr#+_Cc0r+X02 ze5?T?j#C{Q*Z>ZMij;l`<$Uz9oG&zD0gp;?Gj*Wh!_=XIU=`O3YaAv%L}`3;7#Lxv zm%43u!aj}_g>hBqp~W8L?eRgjWzYJ>hxHPh{0!m4Ssg{e-%bsp7Z}Iek72HNDF{*o z`kufh+{J0kJ_)V{AL18gY=e{M7f%>J{u$FTMKQc@Vhqwt?$62) zx|5ti{n3C3pPHHXG17bE+k_XW2ekz2X|g-$CWVK$Us8KZ4U;eYSCF5Q@J%!>$PNJ1 zLo})$Uw3}g()2mt*fCWiPjxjjKlXOEhKYlzD>}fCU?##>&allHj*JE~De$oVBKizG zJ^y5UT+8Vh|B#0yFPiHW-ybvm#H}Caqrb3>W_l^{-aY@TF^sPOa)O@m!>^6^=(x`; z9-Za7@5fz3xfOULbQ%Q57Y$cbOxRec3gJZjlN9k{c!gTrH>NFyW&iCH>|Rz?^+Ry; zOruD{N$mpJxFSn##u3xX^BC#+dt#k{wJPg)i z&)c2OCZf4kR-;bJ#JQjHp#>+41!+}({CJ5~kgTYaUwV`^viIwdygI!A3jJ514KWj3e1}5U38NR+ z*Qj-jE*<+FxX&(4*vd)dK`;?mGgSgxIm8|i5%Blke&}ts?4FUpK~(?KW$RXd_Ccxt z(ec-Ev7A1g#N7Gw^5Saq)R&5dn8tmR(Ui8fwEP-4coAw@bUlS^f8g=??@}44<};I( z^@*RCrVl3LE8(Imq)zmBd)qKIN=^1E54f z$AA4Mt((2adB3LCTE4#pBC&R(Y+;IBbF&*2j zRr;JcaRSlwSRez^o<*rp+;Ty%!EK0T2J3n7O0q4L6zE1LN}zj1z-Cx&!9iw{3Frd{ zVS33|A56`=n)oLqv{0GK3{6I#oe?QY+1`?(-II!kBMQhqOhKt)FIo;NzPljFp5ZnG zy}hjLv%7}nTes!+a%dQH#Oz_HbbjM=HPg7d9a59sTY45um>g+cUp#dj|dsx@O{dWW-m3NM%!9WyC%C5&hiGr8SnssSZ{Pj)N*V;tF4efBX#+ z*|2_Cw5{bOx88!&6Z7Bms1z*~2h5iug10W13Ei-m$pY(Iod#cDDH++L0vJje3_L`E z4TLK!6i}-DUAV8ySFJKgD&I1tad~`1u~}TxmcCW8=7J68U+;Q;J~t*i`?I%XPpK=X zhbP4^>vI1JmjIB^kuKPLRu6t>)G<;&6ei9gYO8J%d!|fzMP-jaz3H)Yfv+$AFN!ui zT;Bot2MPozTGG$|qG%Hh7c5|%byaR?k622J*EG)7qjN%-DJFaev)qMZmTLsC+R4&7 zqB$GUcl}t5-Pti%v1Q7zVZ$Iay!{Xspu9Z0+WlGzbQJ@}b4Mq9TxCNEUs>1%MdC({ zfP}6Bo1wlqbdJ^r2aFnM0KKX<{~sJJofsS~7$|bX=fGM^mtG1@)z(sU;HG9Md6U(A zPcjmV7eScA-E-$wZ`!0hNOJ-Po)ENHbk@(d)-_+Wh!1%Ep-(C`-jp46A()@n*6x6B zqh$?<6a2VrBdOf^vW5W~%D_`C{f7y!ZYS55)*3}ZTodnJ09J_@mr}b@g*TihH6SxLvZ(coCGSjR+JsMCxi{dc7lbz+{3{|xfP(Dg#pnNPl8Q98#416&G7;Y_$tF;&dgceVHCbfzL5!DWb%ULBocLoR4~P4J0-tdp<}xj+q_x7_zyW7 z;qp0R7W!4*5&1d)`Sa@B&?hv9f+h7pq`^?9k1eC|`=t~ohVjGRK2;o2NSM^25Y2qP ztKAG(G%v_K$SgYwOo4Jfe7MMkXQ8))LkA_9;(Gmc-(&6v1_qLN>HY<6=-j!&TS-WW zS`nT6=FL6M8<2Vc&C&(EgW}mX4==56^X|wR2T@c}afjxVLX$PvAdbeS*94o2pW@7} z;b4eQ1FH-xF}37KK_?1$<5Z_Ge*M|Ag^-^z0bij_yZr*Wc|zOaB1maM6?gL72yJZ! z0FNJ-!NwmXuBwYZ;a)-wKnW*!{?REciM$d|5Y7WGB7M^?hqRxpEQ}fJV#@_a5(057 z&j4{~==)zN=f4;*6<#!$AYhKEX(3e~-aW@#?1I0`x1_?SbESptVn{*Q;t4o3CAPav zqp$j)z3jNYFel~&wE%&b^O4Be;cE&{b5fTs9n_JO_Iq>W@LAn% zt&=lVdVRR>!q_Xd{T!qBr&mYVeYtepU7ExPE*!oZB|B|+W9G^Wef{-j&GL$0J(B?* zwZnxMxs>#`fM0Z1E}vd~g-`~3Do${*Z#zc4K}ettZ#c*6qaeZc%WUP!Z8RHjdn`T$ zl#Q-b5LT}cJ26TZ#?N{9JgFVDlL*%pIE_|F)2R<{-@Xm!OO+e?{M*(kL-~%NJ|L!8 zt^y{Mw;F&aK<~9QH%p2*Yr@_Kn+0)HYFCk?3JUep6FMlkxW!f5L4i;Y-iARsd9N8v z*8KZrhS71|0T_AoXdO6!Q0mkE0;>rg34A~XH@Kg-Lgt~>hPK3lt0&$$ z&~;-RvW{gn$UpjpYcct-(36mB_+CYu3yXcupdomX-AFvLr(7VmoN0@&Ml95I)n#d z?dI*%^XAWIHP+#lm2dO%jIks`LPQ6`&^IPo#NaT) zuXS}pCR%{vc=F88pI10?tnOgxmMMff2{>MNcTRzzYQ|pcpwrbZx0Fxazwd5#r;B^H ze*@t|>h-mXHyi6e9cS5UI6|d#%b1GY$-j8qDD$a+Pwq1|=mzjsJi)Muo%TyBKYwnc zkFa~Ok*^}=IR>Le?VaBqBkPWjP-P8D`{a=sR6|NX>@$ZP)tY%3k@;pN>HWFx16zAB})Z2uZ<`DUReyfP5CtQJtySswUs$MT25mL$g5ha3M z1)AuhzE+A{wNRo=re?XwIt_x`k62KDLH%})QkH*fp$ zVXJcO6T7g)RQHq|wQ$TS7|7AgOA({Rl*zUFV* z#kJ_s5LZ$Kaloj}pFiPK(o}w>K7-OB`ypR|+ITHA8ZqP3kJdRC63EvFT&re~CA#fFK4I2~; zO{Q>?_~{R)__I@16huq#Rk(dySU%1Z#-^abCRnhf<|2#=w zdRT4R`>FXNG%z#a56N7taT1&YD?PzMu|*&W3vR&}-?+HDs|F@j#;EpImqA`?17pH- z7Gvc`)gQAc>k5@cQxdLV2<^ZXoY$bj;!+_-$B48N^10B^ber@l4`Og5>seo5iCW+lTrty}d0J2Tt-lxGxWk zd{-7N^2sv?Wys0=$M72Wk^jY=vUthIQ= zp8UyLSAG#g=MD7rXFI(gZk2WeM)~5!ASrf|edn@p^NHC^VYq;1<)+;Ig+B9#>=eRQjZ247 z%y;@z^sMYgz|{sLaHg-KcRs3B3EQwQR9Sg}SNhR?kGGGAP&bmvZ*9>1Wkn3Ce0^)< zWi%F+$?snNo6iEWRU!~0QNg1id4b#_rbk9`J; zf7Q8kre6pR70xk*WyUsq$mbo8(9_O`rAY&K>?pl5XpQaBqFIhJ zJZ1_VEFh5}45_boC&e)}M-XhYEGSTMl%azE*tJ;6V}Q^jAb!RYBcC#b146I!^ywVl zLCwz~Zt>&mF&)l%U~A z2d(~bvb*%&elMhC%9r-G)~jppd71ExNSjhVup#OuDw95ygBIq? zQvnI78y6US0Lcj3KxW{qId-8vw=?z2jzQItBdyvm@OMykW0v3YK`?;1K3}-s0UV(X zE`OmE_T}`~kFXe3fFN*ozo~A5-Knm5M|FnLYK|S-3P`{lV0{}I4j*uggN-Pxs8({D zfT)%(SwfH{g`%ZpPBcaSaY2M88)v_MWiRbSR_=a3YlrJH&mUCbd?3Ju^I?;WV2c5o zNzEXPA7^d*0#1Tfn-q;T4kwAZ*go)aC?i^%)+3oa7YN?ZC5Jg9$FobMFJx3xGPgv7 zK6B_$fw0Cmxjt`^{P}|q4lK8|?I|M@!jIES+P^w^x7vZEPpL#mp~1PrGsKJaG=WlV zBtnthf6LCNn88Q<@qAH>JL@zd19`eW*3^K@ zOCz@jhcvkLs7i$>3Hdbq``A${2tia)^Hgsp1buw-hKF1c+7J0VlfF$a*Dhb)qhCK# zuM?AtA9Zy-DmeQrg5Hntt8d>_z8Q_zxwoMIVM;xin9hj1%>*Si9)HZ?rT_oz>-k8F zb`@VkBs#bv0DFGp!KPT;J64@z(J&Lmq8k^MhyMm;9Ht}BC4)BoPXe1nMlFORA7b25 zWTRiE$CP%wU8+EMj0uvBz!ie&vE6;?k7rj?Ew7AIy<$kRiF45j@chC< zT3LB_%w|5U=->qu^?d1Wj(B{oexlFBjh+iNr_HOMJ@JL4lcb0w@IdpI!cEUFp{AhNhp;~|#Lw5u#{_*4D*|V1;zoo=?cAizW<7{{Edy={rk2cs10SIY{ zqq@(-iF4xFUfUv#lg|MGcR!$CBfTl`Vc?RH)+J~b8!m#9< z8^+KZs0Dcjh#dY>6_u3>mM*>N{^2Pa8=4jBsldK^)sbFpQR19|=dWLn(bHQvWlBtf zFB>zU{w#3Snpv24O4yH$eKSV1iziHYOJJZsJUz#96oY%>m{=`{v*3YcK-UwE5=Y2s z)vBk#>&az^k9MZu+mWs07dF_BRb%B^;j;Vj!_x@P%n_J| z&L5lYaV?~6<>8<}!vc<>55|5=OG~|os+6BZb5ttxx^b?$g|sNX>|XkUU(eu+1}rW= zLUce9yKd}cnLX>tipUiJ3CXP0tU+{ooCY1p#3tWF_xRMbPH9UIk(Q3du6KRiAb z=D&ek%!I`roRnDFs~s)zB`9uO&$*TFj;i71gwd4{mu_x?0k*#-Ucys6QEcV9KWCFm zsk$R6$Mp5XN(xU+mgIujFFP?vvxv5iTDgTA^i+EgP2f+8P#zMPO`bdov+$;n5h^OC zG!~ScY*<8X0i25G%Ucesm@?s^e&Gt5Wg?Pb--Y0~i?VQfB_)-hg#hV|*D!CE%B7r>eGNT%oS#gw0KdBUnpccKK4*c_`5-FRr>4G@-y=h0#cjVBIm zf-L9(it0J#IijXTzyT0THi?DmGUspH0Lo0fZ@@4N0Rm|TUx^ThJm7Tx!{{Xwny21; z!ofsEC8qp6%b$?QML9e8KHwa3M!`9QpZtp#<=FC&`0PUlv6fjbv;ZWMtsXNUP~woi z>q$096PN}dW})dzNC__E;t3rh>%jf8_8&Q-G|Ew`_xQ>uv%4r$Kha`qHI{DfG@Xs# zDeU=N|NPlAH$oq?v-Ptp19&4NM~t|dlym{^eZ~w1jegQogYAGz+-|;wj4rlR8I%l1 zv=Y6tH|u{rZ56WnO)Tj6$JS*wS(AE-TuB}KGv92gMh_E>ZO z@zPBJ^nUm52l!)BJ&GxFd8irfWv=}q*T{vNy2t@B3M_an`;r$7|EfJd6Bl=kaob%(yC@5lg2v*B6VG5r z+}#J1c7=ljp8MbAbb!R{gYL0uiMVr`8wHP5JdkB~Bu``{#%xIwmvaMM`HHBP-@wBX zJC-}dDP3~@fYzlW!xE(XklBHJDJM5!^vWn0S{4Q}xsV25;Y1eGa&wj_W>F*QIPaP~ zB^iW?TByFaW@%7%qT@x1;HLG|qy(0!+C8TuFq4qeLIT2<17r(m09nJ30xD5akZ$l) zF?mvtOp}nn=;B=0qw{ww~6}@NntC5l}s$Xrd*TRGk?hvmag_=t*cR0nJ_4KUa&r7s}emBbA1XjG9J{# zJRQ25WL}CKj*g0|BiV~~RtB5q0s&k|_2{AOV{VnJ=g$M9jrL?5mZ(zLCDOzl)DfbU~gpN=s)b-XO$Dy7VF@~7RO ze_HsAYTcqL()OE#*LgUeEOvC&gRI}fc6ig8Z=OZ8WwL{ZBXap76S0Mcg{!Zor>BE) z@7&e5`Guk|E4^?hv(i;(y?WW(cOqk>pnk!O^w*V0}ZU%1*n#8NSN$7Jmo`S)S!OE!+_ zDsSBCv$#{pr~d;(($j1=3FH-zDh2HVpiFK9*ap(MOAY19=x2g&!!qEFh}9%4-fuo> zB~=1dK4Z2oXWhJ0gqs@^#0xJhMt{5z2oX)FLE@S{cqIfmja%l`QuubBgnc)K?q@UC zYl(PDZ~guVK^@L6mUTk;0X9&Y`b1=Ur;lf@z8#Qh^IfKCU1# zEIR!r(S+Z8`UhO)hWC%RuZ;=}oR0oXaEmCUK&=fc_1;5?iiif}2Z)jof|coqf+aRK zCyyUj)KS@K#yLg~r>_u%Z?TWhAM+9QZHBKO?%0Wa15YSP8M=F77lC!+35U+_KYqMi z_!&XK(}vbKt4@I4QVs2;p70j)7c77V&L4T7;wI@@WNoSbCzib+gq4<&SzE1gZPT}C zs2d0?P!fR0*a(41rLE2NPP%&4!*(EfhdGuHMHeq!va+-^n{f;kSx@bsOE^bigSAG^ z_(jeKJDt?Lz!c0;Tfq*8#|nhJa#?pFaI-JGfx;AUmpNkdoS?ck)6!5VP;Na#tn0qK zeD;jC71P5mI*R<@2}wwp!-^|wM|4RK{UvbF->g|htvW|(zQ`+;w3Bxgx(}w`_LY1% z?OK=GFYXh38mC&WRv*#SN&cBH)ep2gUtN>|(0CJ2Ho`!v%(mpAAa*U0fWk>|bO>Is z9JxctWx*{#0jJLWsCG0xD#=^x)I21*%!~`#Eb1?6C_om%J5sMu(>aRVwEyiH>Uzm9 zFzRfEp&>iRU5bhlhM#kDr(Zn1bZZmm8QnT8To+{;`&TJ$gU5Eejp;AkF@9>6mb6;O zNny*oU#6*NZQnhcgqRFhkPyBBc!FW56JXCQ$mXNccqgBj3X98AfY$5Ar#P;n^ z8Gc1^FfgGW`P!I{%HI%XRr6j~Zg)ma*}Z_xqiofD3R9(a9`9RVnB z=dNs^4lk>zX{WRY!S!53Vs4YD|6{5VDU{QKi4d2(2s1F&8)BhHDEe;3+!6C~+Gh(H zjn6D77~Q{r#;aFN)Nmj|w2$1Xx7tx#|F4WpuefhXkm3~Jf!aq-ZWHYw@~x(-?O=9Z zEp?su-1%BphZwYtc0Q%#By4w+~&Tik>9~O!AMaT3}yEerY}+z=zf7{G1)>S zn1RS2$Fq6WVkLPyV(+y25kxTH%J#`Z zxZ|#3aPb%|8(7hV5iIq8SVX}2#75rydXlD-$)+c&%ew& zI<4e4%MK96I#*YyNoHQKY!8<|$>K_iM^vT2XM$00%A||nhLBruER0n091HwaJM~94XI?E4yZ5;r^2s?Bdf<5uRA^@R#?fuA^d{Z|C$N zd6TxbmNVFGO|hH*J@MQ}-L?PDFB|$u^sY5anYXwt=HxjT^|s!N{-xU&cbsk8@Z#-@ z{K^;kSJw{{-q5eFSHtXL{{DACRq_8tq3`<7)F`&8=gTuCDe@oZ&-mvByuE~>{3TnE zaw@4YIDH}fpT82hf$rzu|7z(v`=7yOfPg+H|KQ#1Sz3D%{;?=;+t7}EZ4J-PdJviW(`PAHm_TWxlN~&gO4#-HG6#J+ap6fep z@$li-7Aj8^pMCG?ZkecU<1dH&Fu&q|^3b-23C9)8hIWaSsyJ4v^sRNqH~qec!!3V) z-&*e%wkdDRvc!mQ)!RzG9gVu;cc(?JS6gP#e?FeKm1LlfXu4##!o0Kjdg8TDrA!R# zOWSp-dg}EF9L>X7tBpCHdF*p&8_5Uxm|BAmraLc1Q-qsT$R6ZoG4nnm_D(m}TJZVH z7h4+}(W^80Y}OfABVuOU&7)V@hDob$xjG)`pkZ<1rEE+0DXMRiqV-=zEicUVknW=F zV?V{cpT^4F>pfM*#BGQ_)hstkM+ZI$zqpur=UB32?f1>_+s~h8+b;1dQKqT&9kw9O zI!1Z;@P|aL(b**>Muvuco3~KY=JuOKm53r_oY)MuA5A+0uZlXm+>FC^4FHHn%tI4V zUF7mqYO#50^TBjvP1mi{GD5$wX5~t`K7A$+I>;n2IpPxwW)S6h_)!@cBC~{Jz*~!~ zg!XT?xp{`na!qXuID8XFApoig#Ln$=LwbpOK8_z95btZ4@Q6$g9GV+xtaPcv`4EdL znqD-Y>@%D)=per!)vanKy+h?qU?cq5*f%)>qeF0Ih7h3U3#z7;#}9Dr!$<^}donfo z>a_H9W7lkWC_*1a4r7x@H9>SygfUklRf%QS4Kxlw__VVOs0pLXAOlB)B~ekITxjO! zsr5ECTD*ACO=r&IZ(o4Lz$@9^CxT6StkJOT;}O|m-xSrjoA6ghG0^PU6U|ad)t#xm z7-!q^b8X0M*Ks#g@7b+m&o2lc0_^6*5m_?mk9iJI2BztV3Qm!xCIZz;Jpm`sPeFlY z#hpERmhLr)BD09#QWa!ubKP=iuLs_D?`;+o1ps11bYZU9I5}l|$I|CKc{zZbQ05J3 z>(iTu^=@(K5spWb**IVETElqD=hxSkOs;JFTCp@U-+6EFo~NEaHM41GDI;i^8F5!Y z&g5mMRajiyFA}u@_8v>pw(9GCC@;^%TNqG%^;ZU|Iw@xG@M3Yjj_6#$EtomRmk8}# z5TAMPo>=(ml`EHDJdMFxad9y@Vy455vDZ>kcsMDMwt)m;Lzthx0Fs_@LjHmRT65t$ zQsmpW*pMUwM*uP+pJ`Cp037U28z@8M$VO7T-aBp-3COxqe7O0i+WY=+IufPo1)L zb4w&qg@okuJDbPs+;(vz+BDz~G-3=%^BnV@Z90z~pim2QOnXbm_~8D1WcCZ@%|qZ2 zXn{A--~j_*+kfy16r5yf7RkYZHj&Glv>!1xp-)eMmlHq`>WDA~wrHeWhYl~3X z0ZpQ4d-wKj?XPtanDcmky3<%3Z?=OyAJleOPXb+&fZBbP`+^`c*3LtVAs8=slg5w} zNKu`VvT4?=JnPBAerdiuZzxt2KWNF+ijV)q85NWX@XXW|m#<#6A7VOSKU(6=TRK-| z+ftVM9_;$-A?liGbeEPu)KIEcNy~hOmWZfSz5GtAk|E@{< zvZq0lC|Zo-pB5EcAO>0Dd3*W{aPXk;{#lk&p>U4soPl~e#du-!Ivumeu0_7Z4kC~V z)2B>f+2O5_iY&LLO|DJN&1g?md=LQyOChYjaPAy}Gxj#H&B58piD>tT{?NeCaM8se zD`_|jkW)mTa5`lSJb*3-O4%%u%#z{w;wm)J$D9p+CSsp94B9`1D9ZE4|AWC71GmA? z1g)9Pq86ek9XB5rpj!QuJQiNWXFyJSXXoIDQRYL42EZKL4&tm>6f7-OGJSycpTZh| zCr`Gw8gN?UA%%faX-kce-sa_9I(4ekFk$lA)>a#ZH^@&*poWW^o6udw-((&Z_Xq*T zP59;sO9PV#E5oEiSZL_`4<9s@yyB$67@)uIJ$S%@qOl+b$G?`zDptcq@Xec3(a}gF z>Fbnw_ugeCJAqbwk2=*0?jlHNIdw zXefaJVM!@##i2h~;g$!b%Q|w%NJ2ltD+DrPQD_}VnV;kO;l1^%kNg51!u>^P?$!Ez z;j(2VG>4EHJk-}yh2huo_wOyNgxmM@DWkDP7>dz85$D{P-v3;E%6tg3V~=0Fh|sj1 z#FjWNn!je2o(|Qwox1T|fn**!RM@T)7s$9g&oqyp$-R=2Ws@f}#VAZ4F|7g_Ol z0Fep!KKqy#WBvg4eYey)cXy5w-k)q*eFCTf?iO&yLJk83>O5=a zEkDD9MS{3{^-dwUr-1W1J~;^+2clE4X*T9Oq(*FdlbFMWWxQc_bUd#DiJK6)70d`m zH26$(c~uo>fX-D_#@?u{Kp^Fm_>BZBI6+1yYqaepBqe99UyrH`Ia@XF>sUkt%t@}f zK<5wuF`g{N)N1b}ER30}MtZpDy88z(7HAq!uhGsEsYJmQ%73tcgs%f^kYT-%hsUy{ zRWA?;g^XA#R5OZ-%NJ=#1LAxFvOBpAue`-DoqX2_`W7>kS;Qwu^>Kq1i z0Rb86;?J1Fi!be3xUEpr>&%ZTryecROiwX3iSal>!$i&xzZ}Q=d>{y( z*??*-&B-pzm?BI<67=ZnUQ3DW-Juc!r`1awyGy~dkaipmu*0&YbLLzIDEN-m^?o~(<*V#4G-=a-i&CbfZKLVh45Ta@3Q zIVUNG9_+ebGIkIYo4DYU-KkFrsvGlbm|GCQ!pW0)Kg%OtsxQoY^hl8v-9P4TXWW>C zh(v5a{oWsPA|~&t$vBH7650+XTUQ*J5V|pW^XAQHtm{boc3O?RGQe&?P*DEMmxDt{ zTtBD)L2H5)^mpviLtMyED%3OwiE17?``Gf{$B?*_3Ro>kWwLUVuooe~3|1P4QKHKS z_v_@m^mH%oD=X^Qu>tLYDYXfoL)a`0X3u_csCLfs-OYm4B}!z#B=E(o?ChVsV=7iE zP3{ABMxx4i%nGO!K@ScDG!iogSjG_-+nr{^MB!8P^n?4>DWmDg$7fdC9!spQUaO=O z38eSqheyR$7MG&ta4x(&5CbF5HTTFuJkBWnvrFs9E^Y6~dEm4NBYMcl2rJO#_j)iG zOfrNx0ErvVB#!Iq7xjrbyG6ayylCZXqWveFQ9{#PS*Ec zIN8|j=(hB8Iz|+q*Q|yhW7bA+Bf-kxQ(2h{`K0?DG!7d-J|BvTHl*}fL3#wtd9^xHP+l32z^^ZGa9g8nN zlTgItfdkJV5!E*^U_E5{NVS&g-UQrLEbzK>=LHc%QPGn=QK`#;h_=)F(R+BfxG*%E zPVI$k5WWki9)ga=vaD^s54F6}KJzB20Jwfo;>UP0xOiOG(uj9_G+kq3C8g`f!^3kP zK4dcQMPze#!}x;e^i)OKS{N#{aTU3|MjTs8O}3WJS-WcI$Vqr5(6c&kHp6bSL^|uyo+c34(c>xe<`;6&%6VE;)%lO@N3pYI<9XaEgQg8?F z4jpdZEj#kE%DkeB%9bgr^^)nKom>3kbDdgd$X@o64v!~0n27C_)$I7mJ0p;PgwJvZ zXXNeJWQnF*q7}tTnZ?fu-(s#`KU&~{Y=s=+96v@P7il3e)R4}7^)**&XQyF%#=QCb zRo<5Bfdciz$Bz$Q>)cnqREJW6;-4=x4Lr`NWZ+;WxzgPMyD$JQimcZ65hfe~3TUk; z$^;)v#BEfGKdMg0FX>?k@oZ zc~ho{wYGl}|3+~{1tJJ}2~`5MtF3K2#pI##XQNIT);k}fAL>OQmX|j`BKK(Qxppb_ zc%`i>1M|Nl+_4F1pRKxVVT1n`QH$$exPKZ7KJd~No%fc9EgIw3KrupHa`VOwfQ^^0 zUhxufe8h@HEBr0(lGpo~+uKJYAcDVRkpXGtWt)KaQ_sGsF_KH<3C{3%pEjeUne$Sa%XKgNqJjy75*w zUxiYMr9TQ(^CQV#Mk^j1qDEm)Av!kNQL5z6OHa8QP>MbTn0Wm3>0+pKl79ZhrIr>J z_ZU)O)q}_VAd$t`zUW%eE-NA{<)XRWsziNg{-uexy1h9yBkb{|?kXap+#Q{WnSg&dQ(q)%5#uktQIjcYbaIF4GpZQD&^UsK4zTk!*;$yHQN=#-1EJrY!1 zj*c1%F4(oP4MC$Oh_hsBV`FHT%I~7C^kL-q1$&1u6Z08KKOh=0)4_9Af0G!}58*>r ztw&CLvxIjhl9e7NxtG4bIgy$gUZ5UrK7@y~0gcmP`ht+utla$kA1H+iPB?e}uCcm@ zlgAr3ZVg=`ZU*<381FJswhvf-L~{`GwbU>O& zcz$Hidc6(n*JD%ms<2Q~wHmJ*1J??lsHo-SXh6XpCU#n3@4gd+%B=hwZEx@~-fbA+ zKm&|mBsV?6t>Ln5!?brTNn)Pb3X64GSKmr-Qs`KFaQr3BhNRdB?mq^vsavHZ6MV6K zCeEWMG~)020q-0;_8PIas9{WL2xY%QhdRsl?3?65q6_$^1vg*Gt3?yd7G(nP0mPqw zN-YBu>{j{OFG76+eKCa}^-_bd7L_Rh0tAPN<*t(<^kLlL-ruF;uXpnYIQoJP8(duQ$0xux zFODWP|LA zSY!LUxlipNdz^1HI5%GOzz-iL=R4uICSVal1D;N{HH1&95831;v_M_iHMb>E9UVz(CZV8 z40*nIs`>tN^UqVRpfrcl4LmGtE(b&8rO?8m=%~wVD`*x;7`7Z~|LsTzo;MnfgwMi! zo}d%nFeNcDky;Ybdi>kxl(>+gwnv_amOIwFULDOhQAFNq%Sv?rFsD-WB_{(pkE-<0 zUuLWQq44Mnwhu=$$Zk$1zGZ)e!h|CqQa*mo7Hv5+9vK~w<=OM+tb@Qd>ra#SBo9Cd zC_vPvjI%5z-@p(yyNxRgXHd~|kcX0hr15hFIo0-g$Jf}|J&$~aYYaUvxl`ECGGc@g zGD{@mx9f6(%7-Q8U7A>HSpN9j2Zx?POW#O&M@neT^R_A&l39}Fl{n?Xz1)ht;9#@H z$OZLvC10;=Pj)XuU&RP**ar``}&Q zcDG_8hv;E5_Z2LVN0@lW5A5>u)0X_R_3OJm(7~K;M$6y7d-tNSFf2Sg)&8OUjpiD{ zKaCwe*oD-(j80J0Qf{ILyE;lmh3?P>JONM$Uu(ux5Qp+Kwn`@DiO`Ob!`t{AI6;8l z(Rv_`ugq0eK#W0z#oGt!1K0z>1&%KG!m;1!N^&wZvc?j#30x?#C}ezGeHaS1mb_Ux zkcS3P;l|RPv6|pW8I1Ay8&G zZRpmX{Bh{0m2-Hhy^}!GxYtZUt0$K{c`|#+5_QCvXM!`n8YY^p%5@nv`uKSx7;5+d zAX2iYAqrxqnFwnVD_#{9aSMg9(g6cF=akXcP1- zD2R5;vpRHJ@AbX8Jl44LA8D~2M9Lg&erodGzJdEkjNKyGt#Rmum)1@)W6Q2vDKckp6(+4}D)g~^Ir@*X!78Yjx5V3ur0>L@ zw->$PqSYskZ@Ht;bpHN?otlNi3~P!~=8qXX-a}w!clr~J5s&g<5+p(;{vK8q?O_!2 zXZG+xgLH>Pd6(wW*#^`E*f>~!ySyjx{rs@kQ%^;Wym{KF?a8%uv0Ibf(v_13@oE}n z@7*_ZlR1ufe@Lb+{CnbBR6JtkiGgsXoovnT{)gu!;z)h7u)XIb;i+VL?Zch6q#I+} ze-`=AxOeTX&GyW0U3k&IzPzm-jf?IoV(qf+!@$O3#fhg>d>%g&Z##6L^hfcAzrTrp zwz#pcv*Ciz8S&y_y?RNXn17>uSD#X$i}~xTwx7VGt}VIp^~TD6pZov)$NaNl#du%A zeCOXUE6Rv}|BF8T5HT-9ioS(>8NWCE8Cj9Do zxkvi{=QYZ#{`~K>JAcz4zWG1QIDfG9&zt`t&iRA19n1d1tMdo{Yj4z3@BE9R4VO0O zWzA6fJdPjx`>SDKorH&oh=hjoo1Z&OS4!?_d^W66)KKQ{zvrKxV>R++TZ~4Xbw6JC zST)1UR4hgAO551vy?#7w9Ywr5m<&1y@U^>j#+f;kE1@~}?%&5ihs~Ost@U6tj6xh2=#?-v)hR{7MuDLR0Tkxgu9SHBHF z@rx{dtJ5y>ED{!D>8Jgh{ML#egQkPSxppn>!o-KwHg8<2{c(e-K+H5l@HnXL$J8rT zr>G&Ur^?lb*zxTerz?|bwsyY zS(`f>UXNT3vdAgqEYjhnSGRxh>H>cq+iFFF0}c?g!jw8M%9r{NaI;4hf*|tPaxc&i z%?)xu&3}BFcogqY0<^1Z0>cq$^%NMWi2=MORALZn*y^8(X zh1BCjW&fH%mEh`#n&z{VAh;c{EWnjWS4YxA%IvkJY~}Xfz##~*PJUrbebr(f68fKJj}%arL8R!(7A0I65ol?&z`g6p`nhL zZC)<;iHYJC5F3#NQ`lQ8g)kP}1^4?teH^T<$1VAYGX{B?^uWYC{3iT~p`jt$pO)O* zoJ6(EUv!f0?`}$Y2i1hv|RI4$}@CGg!a7xN{Ff zkWlgfiq)p*Bo{zO>ax!v2d11xqkWv|s!69?4L$PDV}-QGb? zEu$u5Sus%Ec<bghix);|$>ue$lDdYs48Gpz+r1ySnHMW6D{_I7-e|JO{?@Bk@-^|o_BgkJ)WJ;U zlR4cD-h82mVahN1+&Os#h0irLrLSJ8QQy(*VOhyop;oWsH2-*7LL)JW%x&TV!YsUw zyeW%;G#eRsSWqaiIuD1_6Q@pTvm~;`e@$tcum+qGpBfZum7}upTV=PL(U2qI2M>M& zjN>7tR$xkC%(kXO7O?g8q*$(wFagCJ48!sC60nmDUSkSd><}aDy8=!@HNl(^cWgux;c;%nu{5yo*-g#uYW(A`UL(s&fCXl z0$wm?W?h9Xdiy5~0Ft*}_=t}zsv-UPeK$ERVXXvnBwZvWK`zH+ooUOHi&6PpS^0yW zV=Mi|kxp~Iq@(BwgmK20gOjyA54S2t7=_Uj-GB&l$P&T?qYON8NFq9nj5~W)m@9@6 z!MtGEHJ9yKS1ISFs2<=JQ-o87qBNh`QZ``!6rNlvZ1tDuj&<^9H_r;C76USjZ!e>A z)X~+&#Pe-s%)>Yd zVu9B!n7crvML}>;4sy69(l9yG!nQW2@4zXERxSIB=d6gmcxPHaW9{SP_a8dcOG?V6 zy{$Dm=f?uHlJOH)Mks>nD%d0DGIdbqI9qnj-kf)OX4ZIGW2k`#B ztgQdYk;dqOU%gt4!3=!q>U)EAcK|4fDw*wZi0S`}=x4HG8*d(6Fc((W3y}iZCKv1F z;Y_T31Lo4IIt6om{OD2Sq*pi8EQ4?5LaiQ}n&mI>*2rSXBI;^tNT{u4MTp4sHaZN- ztk#0cp*bxmrGp+ea%2@spx|1VCT>*^6D|?y0hH|SG(d2~p@^7BGG94q+Px3ZRX~9k#fpC^Xhf1 zQ9cED1(|)ANt9r5!D6)jcLn=e0tJOQ?g|yQ*i+yE*U->F-4DzL4zt>2tcfF}H>Jr* z^C95-g8D5b90Z%QDbeX8Cz$S*q>?c8v(KC%hxmmERQTK)y%_CD;hF^mbV=PAfK(fo ztBLE@v8pJY!FSLj+T*3j-kIk8tSkZ~C%om?DcS%mL`%AuhQXqyzTzHwf99Om8#|VP zpE9HXT&4!RJW8<(#5cqXRS zQNmhdFNmIiQ41O#g`PcG`Q|J2is86~ksBG5+GyPG$BH!$4o8?=oIQJco1W<|z%4XG zGiP?^A)GojQ!y8wb~FGNS(PL=ZJK!7=vOG+2}5X`yv)uuUz`?%FZn{Bm+ zS%WqPNAR2c#+5dd9D}9q>d1j%D#DgJq9~K1;IB#G`g}k^rxQF3`3)OArdnBf@vFe4 zG6q~pOk{@g>Xj?U^qh~gLk<7zoCnwh3H&*~jrm&yY7pOAy<`bew1Esoc9W0*BI134 z6qrO8OKrkV&`v&K&*q};y?<+5V zly?MNiMU59(r@V%$Nd<$f&Wnp@q7J)y8;7Mp>yC^B6gx%ZUF^M=nxM;#!4jIEE&cx zDJi*o*Pd}b^`GylfPT}=1#h{5EPZuh-9zO8ItSjs?bP{*08C9)Fqda+jW7ln-Ky_f zaJEC+&P?38@gf0WSzuv7eRrLKD&hiq1d1|(HbK_+h5qYa>X(*LcktNoD0k@+0Jg1} zjo4_C!a}MgBWM~hGoO9FzLWT%80nM*$3;c4m_Bdcu$>&ztzEebGsCprMdrMuA51r3 zgc;!>CI!^~Ou;kAs%31QJsqVL(|`yHC58`^4nS3}Nv(x_6;lJKJeNmSk)Y?Py}-&I zei-%wV#Ol$PGMmqp_f!)v4uFad+F5L97q->qY=qr>E!?dELap56kKB(`TcuG)Jj|J zBvbAC`duyb{w3sDMuP9z?@m+HykiCLjl@N2XTXXFOf}P&FkF#+|9*f))`t3an0Ovl zM?mV*>jR!pgCq8epE>R%irTqDdTss6J)5U?c-k51&K=)eT#`b6<_-eH6Nk9x0j_q- zLkAlIM3I=$is2Q=2n!F;a(!tJD08kNl?S$K5_^cT{;rpWm2#jVcokHNp#B65Z;H!& z`7)VSfKZ$5e5Mv=l*?^R%G~#Nl7oVvUZw8VWY8m%a-uaQ0rnBKpR@a zd1^^%X+}Cay^AJufmWOIP?(Z|b*m3ATD|%+&>N>67!y)%ZpF@aSq7HLrX+sxT_#cH z6z}|kP{SkCf;g1J69s5GAAGw$y9Br~&|E{|e^$$X3$(BCMxnRsJ@nViRJT8dTQEi9r%S_j- zxp3(ceo|kABDhm0+L?QeQ)sV$AQ(a}hBU|%?-UCQ*<~*{$6#{Ey0OmOQvF)L;*r7V z(deTyI^S5ki20HT( zKVd$EVu`|Ql>9>ywiR0(4$z)c$wGgVA_z`Kv$oURf$R%E9lV0*EkK&i&Lbmc0`lFA zj4Y*@2RVm5#ld(DtBK4zrH1b)evu;=FhRO^?>n9%S*%!*=x5NY@AT80Kfc1l+0cY1 z>yC%ZXLfv4{@OKd7w>(K)W<4GRt?oEsj92zW@jHcc1&1VsCHPsXU}JmH|&UFoM+Ca z#F{PuGrV!E4Y-#iUKER;hvpHmnFBw^+of?vYYCxdy;1*aDpSyR04resXX{B`yaUL;?=>gm)C z%8hR7_FxG7OU~P@7BKRM>lb>b;4#HNNT*zRxDx4S2eb@XP|G<)U>BBZEoFj?g6}0l za(k$CfE5YkK;stOmpo!z2wfK+#{SW<6f{FfW=T&DD^@HwL&G!u>@(mDMx1V?k+B66%|+jV)Az2=&mm%S5~<_>&h=fAs?bb!w;WuS>_4Q!*y@*qu+`U_I5O9}-SWrstLLnhBbOi@! zFjm$D1^#Dk2OYd$AZBGhO8yJZbbL$@q7Prb(4+9%vAOW@S&! z(4gWOPl}5le*O54<}=*S&rjBkQ%~87M>6k_E6Tm)(V|EsNzGoom=<}*K%GGqF4dz; zZvnCUYkU@f-koG|4msGrpo%2k(<$Fc->)BY{=9AD1q`@LU%w9Ys*x&Ww+6Q}AYi%i zWtrZ+6VBfdPJvv)3={$ESwq=!@g?(?(eoCuQD+z}dR!4(Og^%eydQDTg3gcdH*_EuLY$MuJH_@&O zYf2H25w2*)cq$NeQU0_2_$R;@naHhVa!9}T1Xwf|iAhQCZmbpRvrXS90|E>MRSQwA zvaYyPzLPGK_J8ILZJELF1Job8P2#6|_$3%q@9b5Qa%QkeRByEuCt#_V;56YIl`s-9(?Kf{G+HR(ta&y!E5t&7T zBof1_P=kf^`{VPYepQyTMQdpdH%vev(*CErLBB1AJ4h+ew(+ND-B$XjAyJxM;JmKY zf%z1?qRYydJ`@UPM)^H#$2VC?x8(FFn&@s25f$d6(?egcs37T~zwC&46L@Uk#~;|uY+pG+Owf?@UeUTpA|rjqFAYf~x(p+H6K#-%TjX_}O_#=fqloc3z36dq z@wT`3ge74%PfMU~^TM?KR!HX=fqWAwCHm@0Y|BaO@AHpH#7MARJ$bU@mPDnTHRN|Q zEWVXz3X>LXR&lnkXs;}UahSu0U%+g~kN6C-K_6h_G#zAfPvoXli^lP_Ps<-6QQ8zh$G&M_CFIqdW2javP6O)1R6vTY9D zw?lOr@=5wmb~fgZjPFZ3a94vlh)eq@3WHv(uThO&l#wONS^BwjCbtLpDqBm@Wpp4) zj7_N$@z3viVZDYs33E)Io@tB)LvWeSv6aZ*>fjjBKK=I3Gr31~K5<;guL?n`s8G@- z?hQ@#UEZV4nQ;mRf-YYL0(?_rk9o?weQl{2lacI%6cHT_l%U`_JIg4R(vjFiUub2jOF!-iz$N79A^30F$!eqJl?v2dixd!ShbgZle+T3OBu$qrm4 z!~zYS&RTf%>eg*9dd12;dw-Sdg1m)du087q>|1&)7;{#HyOLNVc%~7%FKwSZLO}?2)&f9H`1k*d&$W)(n-;f3Ic1ktIwRd zmc&jmAkj%ylk-bG&Ot-X;m0T7x?_*I>t@T5Z)v#^hI&*-KuKi!Wy?x3Gncat%EI@W zCkOjhg}`Kn1iU~c#9H<~aOs!}Xi{|OI`x7ij(9k?Uv zp%{u`<7jI}Axg|PV$6=Zg5aveV?{mMn)i(+dKX;{nS9EmN%n0mjl$lZ&EM7X+mnzP z6AFmhE1yNjl8nZtQ|tf$(yyX$M6=)u$mkYAKZa!#5*1+?6v{yUx69X8OG(Kf!jsn{ zp)m=?$sF9jzjwn?dx@~=-6bU4@nP}sK;m*8+z4w!`ce{zh5cpwDuOu>RB3{(AGd~` zWcVTFK7822gmDbMNI3Wj_3YCJi>GKjfm3Ie{1$5nwI4SQ%7pX|PG3+vy}Mr>%@Xfe zu-E31Vvp(N%Ql5)BUut4oiApykJ_|+RpB_){)mFZ`uaz=~(WbTV2(mJ1Av< zQV(#1(%C!dM0hs{e5hvxuk_n>Q)mxyS+Hr`1?(P=G~vcM?ji#&pVOo1lTo5%^@)IZ zg1$o5jnpHY3{O<1QH<|~`G(+x<>%*sH7$+7ipD|HUsL5$;$Fku4%Lj7`mLEUfq}Us zEY2TQz!GzF4UB@AA7YGXo)jz%v!6GOH{D%C{YeMIHMP9v5`}p(4~fv;>F?0|`$z(n zqj~DxqsMaDxq;Lf0mL@fnVUBo;072LCTBFs2rC;_zp>Rg`5}k;;i!QFTPy0Wyyoc1#Lyq?cw@v_RNI*NCy3(o)Ad3lnt38xRdrztBz#_ zL+8?I+18|Z4gg3BcZe0Pk8*SCzkRc9{QMLtE4umS>Ekox_D;e8bD+_gl4s9s>Gb)s zvqR4`NKx_lZ_mWrjO%XtPPfg-QVC*UyybYey~OW4cpwa6=WW{rK8Xrt=gyt~s8Hyl zDOsA8^ku53O@ZTAIyfM`|IV|-^HS-V!As+?`uhI;56nyOv{7wSMO{uv0G-PaN6Jo( z3^NyLxFLukl4)m0{0i8Geg;-A3I->9@6|;R!yEd@5d} zpu_2BA3*lev=mJIO8?9`;L=}?%jEXIe%(UW;JYBpNTJiFPW|vr1LqxKNhDf6x&=y0 zlr5vSDYvXUy*2e z^krk#y}d^hLYszTrd;z>@2ve>nOdTez^JpTy1JyGKvr6MM>eYlN3VQ(8sJcV?*dwG zdHLPxTdIgB7g7O3rxQ!?=bWy-h}!{c#C&Yc#`GbBh>+po&Ab{1k!lyU6n?liL$b=F ztv7ui;DZDa@`r0gZ4u^m5@c8ya3e;cri$060={_ueE6u9(rx3PGab8l@i`#lW6xz> z$81nI`3^#xh1mxWKKt1ZM}mftj?T^tF;_=2M2!tVgLMN$qLc~r4v-I1L~!Wf^Ndho zAU{7c>B$FoZZWg0lt$f^j9LgNs1_%S;fzXu28a+3;R}zTsye~avajVpXjTR?NUZ>T zWdHvh@7WBY;(0{j41LOuZn{O!rkNt%QYNRlz>*#kWgFP6>f;&ht1!;*;o|8!&4&Kh z&g?ZS+%~{YPn3?S&5)j&F?T(980Q)D3un=oQNnXy+XkySI6!z)FM+KayPe{@QG=w5 z3MHn+@@_SL-7f}>m=oFlDs{@AI;K%Mf{di0MoLBoPe)e*tMT&{fl_SLwcv_Gj?`AL zP?f%)mG#D9ZI55C)Y2J}PD4X)w|nmsxzO@m>YmMi1TPsIynz-|H??UY9%}rM9%)yW0&`DUx0sqw&myvr*184 zf24?Y5#Og6z3tJxFN&Wn{{4HAhVL2hug#Cm%g3&FIV57-MfpnB%=aTz#;@gqcEKmZ z8YGQ{um!XGgSAm^E5%_cT+F=cxQgGpCIw2ZzuY3M{ut4v)~XXz7aPV6P#(E3>V2YZ z$ndv=QMWkWtyk_m#>XaWqR-^k!6ViIcjIj(uziQc$4+Y>;^pP_v7Jl({K=E3%M5Rd z`^p2Q(?wJEw+_==GOiPr!)6#tuM9h=*39FWi~*TMuSz z#YqH*|9K(j@qs^h9((XSrguvHp7ruV54+3p5#`&$C5rV+;F+PR6TU>JT z&&ZP3vqB;w9)4|7-9H6a2lAI#6gS{6Uxs1%PoMJJc1o>tb%nr^XU!&f3R+0UQDJUG zR~r9%I6bA~y2wLN6l_PmX5BPPBI}Rz1ISL2lKu8qAs;L>rK(!4+ibCf_hmHyFp zoOs(xe$$yh0O2oO=oZ<6C7bJ4I;LYzc)MK$6YZ{NZ*FP1=j8%qvr?D^pr2-b&JYI% z-F(5lhem}upNFM2P%a!)K6vREvNIhF&ylTc&+)Gfu5KuGkE8tvg)i&fn?hDFM`Yhn zO-=A{R1-*Ge~%1OzoSpjd4?z@r{>nJj#g>|2TnXQ2evv$N*+lVMG`3H zJv%|mNu^$A!^=`jLW?tE+(TNrLh3ZjR~VEA6E0!@I*XZCN5cYx=ulK8WL`yjz%Z4G z7()zmVxI$!4-hmzYfEl4qUfa5;LXA^+3ce?AjjEh>0=)N$@U-LkZ*YTr>y@Mor&HzR6kr+m($X z4TIbbiqR@SfUB#=(X$$#N4o^usiLKIV6?WH+A4rQ`1}3`@0a$Znb01L7lZtQspW-7>FF`AH42ULtXY@R(w0Hj(V??&1~WFQlFZB~q~}Zb z0aifzQ^&%Y^6!+fF}&Tm8Lz+ z&OUqk^n_2@-_8m#``tTXna{Hiw;SPQf9-TBC@zkec7__6kE-m$JqJ>!!=Nk#hje8l zFmO3y8SP|MM0%N*-x?>>lvTO>8YDmL=hvC|pX#xOK?cTI`9L%f%+TUsC}jfc!`)=c zfi{DIvwW&;KnPJo7m>6MzsI&4j7l~Q*6pxtcV|(up}f(8KFaRG^uSlYnpzY;gj;S5 z6TccG@$8mv`^l3I*g%cS3J7l44E20AgUy|*O$+M0w-Ju4t*s5K4(=AWTj6Su)Kd;k z^dEonXFTPM6kNhCjy?<7M3WtYGm2;MEc#L@6JQ^7gG~MnEpg%jivX3Ef_J^P{!Frx*BUB6)iBf@9cv!FZ=PO{IN z%1RG+_uE=~QNP<1O%#K1orvdK%DO+5Y3HiGeCgMtM>#8qqoZ{>4s;IcdiR*3@gfb-}M5Q7X zCG9kl$`l!rO46LEWT+6$^?rWb|6#57eV(=6_jz0Q+V_9ks_VLb-|smb$8jDf@=NzH zH%_6)6k+`=!g0Drv_)e)MT^wKu3vwS-lSvs^K7CSv^2+;4$)I$Pp7Qhd!iM+LTD@? z2zV>-Z$Nf8am)V2-4IN{r|jCh7d4H9wu)o9{hwv(WKL2m&w*1Fb>)gPr01wno>o5e zG(6JudzE`dEG2F{d{O&&r`_7nGm|e&>o4xIVCMS2F_r%Q<8vv*4b1~P;qrA#M~XXL zU)21jM)I!Q2rHfqHX_W9twvR_c=0I(jlePuxyv<`PifdLK+L*2tX=z!jgz$m%W%3$ zvITVsZy)cSTj*}FHXz_p%j~|T?^Gv~CLbxx5l=h|IvElY!f!+sXS=D1M1HKRv!N)GG`pf(>OT)<^tkkA>>V9C3C|ey-K~UP^ zeEmWFlqs4x>n)$aw47P_nLd2#8V{HhV1b+B?u}(T5zD#$`ZB~?t%m3n;r?(-eb7cI zCX}W<<41NK#)5}zD;#gqcYULfc!#JbWQ9>_l)&u_4=>%7xOLXox3b~Nn)sri3^fRFz#jE2 zm9xP?kreO{S}~>^?a3Bjm9Jrc)%(nSHMlrUGPQr>r*Ti#NN7G*@>mwO{%`jp4eZbG za(#~{5UyLnI?fx`)~bUn!}9s@3u-q{1h$Nb*g<#x>fua&vaDOvS~3YECE)bvUHaYL zK3rfeXKfIZL$B$O)XO__UEFe%j%crt>LH(P*yWzZ+e?c1B?Nd`J_%&7?tpF z>>Zd*qWcE$z=Vr}QP4*Y0aho+j`a%uJmh)i;DRr)9iE*9kOLRM)Ubi#DB^TLA;vVS zX8fpxku$T87$MA@JYxoYxT(Ir_u~x_;o+P$Dk~<#NIWq<^4*%|eLTP>;eElLm0h>p z=oO>cwD0fq?exI{G=$HS_h?cke(3kxJ=C;?SvEltvZiUj6}S>^EU0BqX0F4PhW`?o zm}AWv>xnHPl6A?KT&)1dxuc+%ZXM0ma>?5OJkhq!InbS^;&}cMHPAx5L|esn4a1Qh z*+9@^9^S-2s5?h>vX%Wmm7D&)U$y#mLFp)9w1JZN%dR}Am@52M5 zJclIh`ab1`rQA6cKHIRE7{e)=C@sl3g4X`kobAhDsf$;p#QTMW5e_IFL0%o=U?6|- zo&{Rr`bt1azEPOItEt(I9>nd$y-g}soNB-{Q0V+`yHRus?8v6V$>_#Dv%xc8&J%V7n<8X7{k4(OAp*>|Pox8YfQLqy+!n$S zgU2lq7Kq@F6%iXtmcGUm_W1GUFc>dhtg*FawJMGyMI0imZ}KO)qcOu(D`)qEh3qUx zY7Iq8?s&~lBKqd){ayd#$50j|1CnEx8_Og+Dg+~-MQA2T^L3P_iVZJw@fKIYi=DtlpVu;pVj04}q8|H!?WCKQzerWVY% zuvtY8>YdrMSFZ#p^Q&0Ry6`a*k7xc6Bs2_BI+UhN0|>+b94irX^WrB@$o4j95|PLd zgIKDQCtwl$RwR`uV>neEze*hc>e1)2GVXoP;J}C=#CGx~34D-CD5Mhu@E@2}MG_;Z zLEgTF9`~yihA#j?&z?FZpd0jf&zA{j!y|;xwl~{((E?FJBeF*?Gi&>&fpYH&D`?d* z_4Q3j!J~QMmMwyS+Txl|wiPO$yj+6Dd$!+vtghA-<(u%TyN!GYu9G)HiEgabKF{pU zpV)B~&JFiCVQt3h)tcCykt+q2LO&UmsVJm(G_6rQPl0W%c-~>i5vgjpod#@M$ zgf$&Rj?8tXsx>a@4x3WdUiX}_rTS^1&%u!)mBatD4|KDkqrHyhdYeazPM_xY_U|tx z6)|z-tmr=D{ylf*At|@1*VosNvv!UdS&_JXpz!8@f64Tuj@o+I+wa=vv{4U+IOje7 zsq-Z}An8BTe4%CiY(E3bo$D)`_53eK>7inB@0TrhD0R5}UskrgU41Uj71JGWZG3)<;fBY>Q_ZNkOHIB=f zEBB~gnx&`IUwfv#rQy(JqZNu@P3z+Ef^vkhkHA$BkHQv%*kQ);=|-ctl@;8s>X#A{ z5;*JSf00Lk%#F;s8WcFS2UvP46*G6h(kV>lS+(ksU;0_UMuuj)FX?z1x!7Y$YlP9l zg>06%=O5Kuq~mGvQ-ARUOAO%A%qzIgg6{&UO!DdB(Sy^_Z|dL&kKTL`^S6H2J!Ab; zQMq}RF`G+XN}arJeCx4t!ggoN`!u#NSJ-WHG3x#EGT4KY{62)>%T_{@dxx0nHtvlM zPjC~z?lXOX=rl#e@hmON4eKE{59TK_3C6@|0V+P;0hr4laWDV6EVFHN-=m22c9T;r z9h`>oL!7Nqd7+G?J-97t#&|XoLe`(fdni&^bB!z~KYInnvUSIfDg&q+93MA86$Yu( z8UhI+*d8^CdOi0%fDRJ8kbl(o^kQ5k#TrG>MgA@%y7S_5e|<-^Ob^blb<^$@^A>#* zQ_QvM4ZXuJUW~(D+|6-u7su7KcP+x?Gkirx`>()Dm)7Nf&09BfI^D1qm7Duk$4=K$ z**OFig2-tK)XJrrH{-;vyq{ju_rP6*Myn}v;O`+GFxLb}(wctH{eXwsg`gm0s^7QY zt4wGnWKqY%3er1HY4YnUGQ0Jj>zo2}%l9+-bu3{C2R)R9ZkPJL9BYmJ8(+m*w>Kr# zv~@}Qe0*}$x%VaUabYL6Fv1w?El; zTJr6Xuki4XV54Z@>CyO^jeu=@oNn73csuNJuM8?uIqB=W#>$HLosqi$F)v_R-yw?c z3CGUIsaDZTiplYeEH`*lgCxbrhn=_4)22_VD6oU zAS{;Z=O^ZGL7J`s5@2*p`6EX+4%qu6Pj)8r;zN2J6cE4Uovd)7IDh@cv0dNm?i#{z zUVDoH`Rhqm*2m(+Xa>-D3&QbbX>D^s&${U)Ihbc4?MS4*CmHEMHGcf46xibERAI^} z>se1gE-k}Uc5=V)ghKNfZ|kn?F5fV#bootIc=XJ-yPWoNhWDFf~! zA)a}to)YTnHvzY36xi0-@$Hc;%vzP{Mpp9;8G^w8Qw~G=_m>AR6UABOsGr|}NI~)V zanfrpBOg9Xd!u)o->T_2ex!?S7r!?dYjxVFQ4tQKX5|%R6h0MiwEB9gA>kJb#=k+j!(Z~7N(tBfLSEHNunrvM}oRHDXF+QXv)jqD=7)A z)nn5g@uTcf#F;J0vUg=iWbkF^olzb zEEh-Vxok+U?gxzExvA*zgAiADFX3e3TRE-a*iNajkm|D zzdSkzvgZg78Klr)=AbG95+d>T>(}fH;=!m6tHVwmf6IK*Vg)~V`q>@o+B)%;z1uYX z0^Kf%bu=9OMM7VPics)J2UIsU4w{$S@q7F}UB~!N#Y86cgymwEuSyHw zl#Vp5Z~YOqbef2Z<_4dOWkY|>^*Nmqy4iB%&vNnQJzpffw*Q6f9%rB8NMl(!v$(`W z+`v{L&22;=_5$UR=-|jp;}raM6RLrSw%6o&mEX%)d;cH{WVJ=x=em~P-mUZ(^ZiD# z@v!&YNo-;t(X-LJ(DfuywN8`6DZ z2T6P(XP|L$+_7BDE$$oBZYuOoU_of?MXy}EcI{Y|boX9^Ls0Qy?p)kOv z_5F1LspBTev2AJDBiwV8hW*d+0#K|13W~5|AR7ty|fHMEAfBuu_Pw*`Rw?hc0yOf6pkGTHOp-(AO0Hj!dZQc z$=I20K4(=1bKp@>5NA|XRiCdC?;7A)nS2MWF%yhsI6wjq0n0<2ykg#pQ62EFH>KC= z)l;X88&?D-$Npt9__Xy8ubC&36^@qgD@lkGv-#oaD~u?p7P60r&@v07FRKY}j?by@ zp%+hdielQiY-fe?DkZj<2+jfX=Hc^cC%OVnbMU#{f0f_q?llj~-Pf zzw5f=kZ5~tl~grgEk4b7(dzciLbljVDUg={c!YQj_~z*24cjyyiOLZT*<(Rd z4U1dc+V{vk>IWN!nBp7}9%xDK0s9FM8PUyCje%+q#FV0+!o+2)!FU?LY`+l!8rMv= zj?b+(dAnxnU|~7_(S(0B+&`Nx!2ybuPf7OhqBLv4qWCv}C(o4dsP$YD{-P zx8hkkUXrzUmVRpKwmG+3`+>V`#*-;q7;QJglboBonIz#) zu+`w7%F1UV*D9f?dr(w#lR}AQ)BP2>VqLt*ooQSxayn<1Dgm>z6|>(k*@v@_c9swy zDCEI^iw^`oB76dD$+1&t4YvW7QRynQjv{oi`N7tct_{m=+4Oo`t82Z|&nbF3IvZ&d zI2cuCS{cn<14=3R)ZY0pyFp2av=@=s3J?@aKbyENb*yUVGzim&-LX-lGRog8{_&ad zD=e5GASp8_CZ7eV|3H2S?Tw?hb=-1(UPQYkKjv}#S&w8IY|6NXiA*UndnIfa3yNFT z)UT~e-ZhREb@-Ukqsc~0)Cmhlp<%+jgDza4Au|qAn%a;lJYO79AxWA_6 zM{+A{zS`ec4Okt|Hy$Aoit3x|+kyhMzczMQHdapRzJ^v+;O!3`+KLi`T&7}g0@(o`nBo|H3CUDoyPZV+`Db&RPSyKh85IF?LL81IpKM>g2Z>b$F0n;jq2Z)}wAi1$@K zxWjmLgvpkDlW$BKC}J}xc-npj$bL3&2g&)$`$_0Ku5ayDA9b@UZS|k$-knm#I}-G6 z4-jLK8W=`AX?ONk8W|BCoytP`i#v{-;HKsW@8qOjE_+0>xW8hdZd~Q< z9Xog8DG>HJTXOxTPe|M;ZWs}wNjZA_c*LQ&rOFc8P2uBu^cp;MSN)pcK|~_rmTqm}r_Wt&XMxZL!|6+0x?bE#))- zYPyNHZwKvIS~W&fGdSCdQKcDbYFoOiRUJyT{z&oORPe0mE{TI;JwCoh5VNXB+t}K| z3a~r%3cy2y$_^c!Ov(6%GYwbi>K>|CQ*kfMT_EsKI7~E8z*npJ(6#RkgKzEnChsbj z@)#rhEcTL7OC9%_?Nm$Vswy01Zhxor(AcR{x1fS1YEy+F2QfSmjG>&hk_!p3_|h(< z!25p_S|~qmrKVP-?lfjTV@BU|K|w?ap&+VloHEAT&2d29<-`Vh?3!1*MLR@nm$818ng-N3P`=kGJT>>RHClyI(!~Uhz zbqBTxU9ldm0zVT^yV`~3t*t!+v%w6L5d>AAi!b_u8%Im>W-JIO^@xHrvJ}8H6p75c zXdgzbK_wh{O49h&*|W=Zbh;T18K6xbCRoB$50R0{uKR*qQ2+s@Omdxbg7b1Ce^25dee1+mfp~J*pR(+N_zHrP}#L-bVG~;JcPd?f z$s?T{GSasz<~>rb3SP2ur9CHFPVR15v?+p077JN+)tUY5K=gU79o=o`(zt}Ws)nD!`gnCxVY zFh#wmgo0nq*RN%K6AvbTj*rEIRa$}Bk~6>0<+5NI8V9~im6rTECOC3*ee`+1onb?! z)gDU9{ac{>5Talx;p3D2hwfW3QBvl`imAa7Ms-&^4N$jkwzt0qT3zgac4$WOIS&PE zN5>2{j{wV|CxV9|5;*mheqk>p1*hcKd^JKVpI3pJ_$$(*_W4BCXPQJ zKU!1K?2lb)-kN1|*YZQivi|8?ODh!ZRRXK^4>^sSP`Tfyb(44Xgky8-L(G1kv^6W& z+cfrSRSL;}q%fRwAl9B#BDG&Jxxyw`H&)LFrwi(N>zV~&xIjE z6Vu-ElZXHk8u`wL#lJhh7N6-e_u0r9GxjnYVOWjD)eGyTCJZ?Q6$+43`Y_e0Q`L5V z-@tq3n=*0ixOe(M>$HCSHlfX~wV9}fL7@puqm3V_BVua7v`AWt8p3U;c> zS--kyirmhlAp}fx@9^wetSNT-)UUj;!aWvkU|k)^9B@$uy9A%FNwKt?GpCDpX8#~X z$=S30rYkAk#`@UBWu`-QP~-}F`xsa8(`V1ZJ8^}&|NS=}X7v*pDVy99!YThAeK9n& z5+E&T<#6vzX)MAbO_-}<(DcRgi!*%;>q|UkyG&YE-{bJqk1|6Wss&4Uqr4ys%2*_E z0qMQFad@)DI;rQ!>M$lEu%35MBvGb5-@$uT@ zFr(g?m;4&idw@mI2eY0cI5?d?uXc`)m&x+woc_LKD-EKM&@Sa0*3W32DEYayE~9#; zA)Zcg>{vPT_gTw{M~; zYu3jtFU`rWa?3Wn6JjP}NjQ6ve%|I)&*}ExHuyzJK26v}!^-p*U!D?Z8tArq?dz<2 zGtA*=g{tc&Rzf1+s-L+nW(Cm|Sc&ULE%S=xOHAws5oY{KfF0(!MSr_4dCxN zOsd_#Pg93+Ln4w}ZBd9(#q$6wl=sZL5dgPs-yZ(>E&0?OL_Rf@5YCqXDqVgE-V~;rZEOZlTQ`r#X#OQ^4|82Afvy;6QS35edU5U{VG*QX z5=%;vY`lhY#mQ#O)d!Aez($3WYMywsPv$>s?sg^Xxs~vpxm0E{GBPzOcRYQC3l%hs zLQ#0~dtU<(!NyORFoFB`Ge7T9!a=}c_j|WO1P42!7cMNLJc+ECz($exb!NziKBj>e zJeE7Y3X=I-8J-ed3@{-hs|3~?)FdXW;; zX4!?vI5D@t`jMfTJ;~>1Gcr0EE~Q8$r624on@)9t)+%34@fVxR!5&Z%0V_4uLhKGIA>Gozqyy5p4Yy`@=~X=Eu_9^bs_+A*@&BZS^zi`LDzJZwImPI+bQ zp&aSsoi9(nE3}fbuI!4NC;Is5Qww|pJ&r%jeh9(47`X^qg#OyZ;hS~^QNF&uQ~=17 z32=Zkdng0}D|ewQ0dSV7ZvZ-=+_B_-`uPcKrTJ4=UsJkNRI?1ya^bi{9}k>TyNINB zH@G|i4x33ykN0^xm?)QLxVyi(=Y`ozts4DOE;V09M@uxz7Xf?)a(V`0p5{!2*F2ed3X>3lUvExGorDwArP@lJx*?Jx>9Uf2J zHYz-GDH|HzynE*a$VZ$Oia`b;yQ*BEBxh?zyFm=64U-!Idb7|}Q`n-Q8O#rg8dbMgSr4-qv3Z zfV9?npCdXj3Q!4zXm1D1AZ)_@r-2DgE{2REp^~o|Nx~UeaQs@fY`zrwXUcJ^(ifK< z5altfP~AA`4X#Z>lfjz05N5t%uhSM%*X-b%%-Z}A>C*YoSV zwo3~){1d4-Uzlm~=-kis0yjP1k@A~He_{TS@_qTkzmDX#$iKZb$$Ed0=VdM5c~1n6 zTVp(R38>#A*0K~7wBy=@=A*K4thT^adq`f4o#rycA@7ez?pXdRoeVJ_2p!H23~&_$ zY0LqEI`{b16Mp}lgw)3B+Hrmot)0U&f1JQ%e?nQ3oWN_l$Z!*Z#2jRP?^|`2kav&~ zxg+)C;=Z_dF8=dXt}u#vGL!-NH6So-7-&dGiJ1(nLKhz{<+TO!@>stdzi_k zE3kLi?zY7Z-}G~n{xhf)n)d&%Vt~+c*t*Y+hxJR@jc_^UzowSvOx6Cc-LWo+x`Yqy z&)5ISzd0-U8AQD@bdghdvibAufBi&};?Z$QeMBn7OVn;IUUuV~`B`Uq{agPx(LkT+ z*^L?5t_mY_^+dNO?^fUb(ZZx(gIf0{Ei8XTdBH3T!|z-@N(8rDuJFi+Q5M1R4+cmHkiAC!bGZ94SUpitGjzPzO^= zSR$+tcD_*X#uq3K?gjU!rImqO*!PU2M|Hh;gJ`iXM@C8w9QfejL-v3WLAIQwr!T}C zm1G6y2$RF`G1hj!zJKrkVvSqt*JSz(#EM@B^bt&9?)abLGYbyxu>I`z{LG{_)wt!t zdYL2yKAj%@#)pnvuJOIV;D@SV_2;OU!&lV5bPHLxUboIkkOu???rmwXb$9PfIv)Ox zp&!;)zBhRF@+HD5d+darx6$;Iftc|M^`k5_+=Kxj6Y}T48IUCM`oO|~;qcd#L=O*x z|M_zuu5;v5LJnj1R%F?riV%xYOf3x_%%>;p3ZnetJz*_Cj)-LLG&>vHNudJ_Yo?tj zgea(B|kdNY2q}>l( zgkA!aMDzeGd!y)H`g8;UhY#z`{i{NDAJTN}BQZl=D2g_?2HhxdYRz?6aBw8?j1v`I ziG2cHwPYIyYN9051PjjTK;O|I@C|TDba*?qZ=Z#|ldv!H`V9Nm|B$ABtV~kb+Z_!r zcGlbQWGOyNd6a+}3`hy=vH-IIV9=Q}gEH5_sPHrB70j0}r$!zP@r$Y1wx0 zOJT2?&)y_rA0LO$V>>1YS^_7h-B#PGZo9T7!J*i8*~}>(D-d1$BHpG8hnFgYN*CK@p7R!Ub~K|`3P#f3l~tfNee<`CwO8c1l$#dlHhkX!TnL5 zP-akp`{0#Skj~x9m*USnec?xx%JTp4*~%A;cQ$hy5D_HAf1>YD*QbY2=9+0|!FGtr z(FuchGSGpF@iBo4Qg9Z}nBhgX9&lfH9vpBGCeY*l+PJ!bf>ZfpSTWPci=pbELh_K% zsk_n>*WzA7b@=^PBC~9FXs#M6w%RaVulqBr^}!Pk#6SnY~W2u7hH4bw@ES@2PD=(UBfIxJt7^%(HQC>w;7@m-WiwgxP*j> zW5+@vp;A(3z+CR~rAzlP{i~_j!m1Z6l)rt$j$6Vi7g7k9x{seBDS$bsCD5j*7(VL! z{&Wf-aisP6u$m#rW=oN$&_V+A+YW)H=k}t%v z(-nWk#?EfI`Zl88nDTP8BY;GG`<|d;-@&KH%uP;C9if#cigg7~h2nQF-4?I)WB984 z2_<|oR{Gkl+mP#HOfhX*9HUDrN=i(DcJd>+WwbzrOwg)}TZpbdge zHTO`~%wea;40jDFEl8{VqYKT7pv%o7TA=v(t83Sf@&s1GMDBI{dyhowo5|e?d*`;M zp@e+7KG*I}YOG|h*_(v150tqQ>(;MluHcSq*=$jDaCEXHnqc`24v;{^?Vt($g-z^? z7kc{gq&XeeuyDZsWAWne$f4V{XXI)i_Zs8*BCU!|xdbWkK7DFw7Kkf0`%g*WXU`X| zT!AM~%8ePb6M+Ssh>y$+6$OPV8hz)Wzpk4n>e0w+w( zsp{CdbFb+&>2+{v;{-n$u$ouNta;5xc_F;txbZeUbqfqSSQ8(*@XOVm6w;zLy#nsW z;k#Gw-iYOfpn7Swq16Qy{Yf?kq<{!o!Rc)rtN`F*h+l%T@&zsTbf`m`8cere@{_EV zJfwZ)*D!`O+IX{By?h^lebm=DEh?29V8%{u!UXS%TS3#I6JC+2DHXR)$$tJkee1h} zF)@?m1amS^2^ga8GBfpTfHVOa3=bI#g`&hkfOqffGNR@3CI>e zon24C z@1F6!@ze;DCJl;cBfZMb+A~j-2@E|Pwnsfcm9DhzfheB;%eLpAW9Jjs7)|p>uMWVb zfJr})FH!-KMEL!DT-*m5h5T=m>C;?kp0!22Gllsj#0Rk}Z{~eT!X%<*JeC&m$;oV( z6|NW8nEWt!;J|sJ$S`UPV=L%1g=Ts@Az0nDg-o3JW*ibK;FS!DM`&m|e$ktUFG*b` zM{*RY$_&M)4(adpn^yKzgFFBe)!ZPBm&(^-}yCFM`o1WiaiNBJjO zKI40ab3AI^==qC;Qxb~QY4YgN+j&4ZhTPkJKWGhcodDC&W7}qMBF13Ye2T_sl;@V~ z>shkkgnxd^t!vi|0I5I@i@fK)(Z8oU8Ge}_)YJEmR9;m@g?SfW3HH>gu@eaj07F^+ ziSnMC0v62o&+9)|c9m}7?rL;%JJS|)I_7c@qvxI{nf9JF!-GSbPD zjg~D_L1i^N4$npC^yilk9Jo(>@H)0nHlR!7JMD=K65kn-S^6LV^bT}6dGdm&1;rwD=!9LTJ+5YZTQm=dpY9Zyjto7R6VR(!yM zOsTLi3UzK9gsWsBdPds-MFmglz~3`w{{KB=rnmFoGiDp9GlB|1VXAw@KeUR+QQ9b^ z8cQ+=i@Q#rhquSg5tzU5Kvex=E7q??Ss^cwwy~MlAEe!SIeqZFj|oF(iwDRQrYz-z z;+O*%3xD)%$lTDBl;zC(M2<>3Xp^LGA0H6osXKS>0grv+V{5(pYK+?;()F0kjI-HR zkO~RobD+8#e*Iz;K7_cP7Rr({F0bR#UNJIbE{+Q}y?R)*Vqfrs2bym8w>=tHsVX9; z8>`@nkdiENB4X=Rs#=Pc=lAc=y(6!&0>J}=+6-4vOma18xobZgY3ot!0g*HRvP-47 zp;zAK89b_)TH27TTUCp}0P*(bi?#)!$quYK1-Jd%2S~7*a<>dv% zR9aMm@P@h<+;W@0;PC)-4(j5oY?-p;jytfM;^R*0r52_D^>dD*5~^n zjQVP|%|5gh-JUR;rN}?{4Q=1E1Quv#HbvT7L`OVNP`EfGNTWQN)nb$~ZNJnv@W#rv zoRJKd)Vy)n(;fPPK4SNt32;0e)J)msl7&P7CPG&fos~5%2H%Fa-8j%Y^HX80to5lMS(}F=;t6@Ns7tyUD2VIyT8oj-{>k(+j7ry@>VW;)eAt!M zE)??k9_L4T-pybQ`LaOq#^jD_S~Qv#b&NIXPgo`aLrssPN`=jl-IJ`DnN|}aH3V4! zg%1Cuq$QjZM__<36tmgkQsM{=c%D)o+;IPX?f9B^moCZEM}Rdmbq367yvx-5|6wwV z1+L#uvwnlcCZDMw1+#_|oCE06Z57CS6 z`uoqHY4FtXJ9UA41!O5^V4)Nl@p@~cH42f^lsA1H5lpTC= zJ)u`j(ban^4;?Z@aD2>KYam>yUEDreHUt-;^ftg7CQFxwYrTPK=8rryzx?k;$6EB> z^VxB$_n2r{JsV6t^nCnGv!t#IwIAJwH8Q9I6=h7Fx}@RfPju!wAzN5Aw87EQxU>5- za@BMzgLvgqMww}^cu52L^%EF|G0y&7n&gE7cYV(ry=O#-{q($Eq?La2381wS0b(Z8qZ&znWJNbvmZ;^V0509m_{KkWt9+&W%A+yiiNXY|6`}M2NHS~9^cG%+Vd^u-0==&`QIbK5HwG~TNuTDorQM>l|Zgx00@hia|!A<)s z94fg)1jG@!|VgmXLt#|gU zM7(xZVB4x=4@UxD|>HL;H)g z^`Ji?*hI#J{rRaPP0qrE%<;axk6n-&C|%?!u`PPG#^lKRnyon0{`sn`IFL?F{P!yV zj3BuQQ}UNDn!L~CKVxm0UHE;ur!)FbaA#omU*9B>VDbNTqU>INePuM(33i|VGoMx& zhGHvNJxlt&SwVuBkX3$v-BIl}()3^d0@A0O^e|0n-8S9kjS`NcZvel`||glhZu z*9)T~iQCys_xjW13mXO>vrtaFnz-FTM*Ls@eRiwxL2VtZx3H~v>FR*HBRnV8OjKRH z%>3A0o6n&lBAR*34>6Yo8WjC1Kyl*}hNwHkeRrY15;pu$9Drsb@T4^$^>8d5YA;SlmF-XSiG~POn01ZbYVZZAFG7 zJ`G;?yEYYqhRJj}AW=B^LSJXI!E%#yemp4d|91E)jUElCeVdJyzC(o~m|$9j%GBW8 z)Qd6qYqDs6^gG63?Smd?vM^)IOeW=nlwoKsg96wXPKogZp5W)M9pP%41(F@gf8 z`+j0#d^{6qwknrtp|>jVs;hEBIza~bR<^B>o*4)-o-;>o+O(~NxzY&?b}3Tl^X*xp zwjwhFBKncu10}=!7a{*#t9YI}^mZVuWGB9QI5IcOlt@0;-L&NsFcMmm8Ayt;Hl?;K zcLKG*$?=KR&O=s4&4Sayu3c)@d00Rge*0B$;Zm-1e{)4y?)g^wP2+O zI58+5(_65l2&{->7CnAu+ZLOGC^7XcCP(13{}oorJ8jb(O$BkcOpV};+5vHIiA^;p zp|TUh17f9X@hzemamZ3-c+**iSa2Bc8n=na3jyKx^u+j^mq$@uN+Gy zxAt@ClZOmBPv^~Rlu_SyIc9xL6E#L@S(&;YagRQ2=&U_T7gnb3h+!BWk>|$^@&0|_ z;YcwcXiPYiAqoI1WAcE`ky@VeMo<9#ft>N)VF9u%Zr+Ezy$2|&fHXm^)7=41Kmca! z{sEKmC^wfsT|*275&-!GPW1Gpho#@QXOj&0?m$KDTZiK#Uot=*=<@)#3_gvZ$Aswq z+B@pX@dk-Qhaa$&m)Zbq?cV&spWN_bo#BZX-x=j!E?$X^tp@Kn&)n2PL>`Rl;Q7K- z00_bJbJN~U&rhN5;&US-IO|dlVJ3m&$-{As#gRalq4fZ!fpT?!p48z$uY!07SSj2O z^wD9cacVqUW5^`hhohoCVG$rK>7Fa@}&_6Vpf6>`X?N&K&^u*d-?)PqSR-_ zcCgykOZZrUX7J=rczc(?(blK+VbY_S^3W(mQ*e-?wj492n$S%mCkH^GtL*Zug9$}eAr4H<$S9J@1Igtz}08Z)}^ zXRhaYPEKQEV|6fU=X9`WA`xW+cM!KH&*xgyU{p3Wo3ymFiVvKTVD@emV|ze9qCmtc zh$ILe%a)-aujU(f?GUUwur%Pvmd;um_|-b*;>CXKW0i72>tPhM5ke}@QzDZ=c?jg8`yuo0L)!0$!bc5C6%9pDCEhv}J-{B(`sb8{2R>bolo*jGV zpXz_A>!T?hCJR4Bcl+ywIWSk`g0(2BDQH0jw@iWenN6_=88v=`1N23PYpY7ylHjoP z^x$8j<*dCkH1q*Z<2g`E`_3Ao-p{QcF_&r<;YbPPzA)rSEm4 z{Q2|e=-Akb&^dp}dBPUiU9&9D-(P7>}ihoS%;D2cg@Gop9cf2 z0_19vi#cQCj^+>AR#Fk4+$zhF?(A!;`2BG#C?fNTB>YXU|GD^S$9V&ucoK-Z0YRB< zS>Q&&4Tj3tkAd~^RQRtucw;2PGu_V$>Ks5aEMLN>ErrFObF%3pvuI|M{b}BJLi2!& ze|dS;&)ma6p@a^1<>by!(Xl|-)7dP}rMxHE4aU+EM1hXX^6H`f1)HX9i1~-}dv$))bDgq(*3M=41y>^e#>Q7jEkE*iyNfPn`>%mdGg`Ae5_G_sEv)QDtx&yrz-@;SzG%aFytWH zm477E{*sychK8$HDz#@%i*PeAH@~DKZYvlcpBScog8)uqM&-5Q&s%y?PRZeN>Bv~n|pEiXy7E$lc%JnPT0{~TInMX5mXKk z2F)gXjvF)psynJHy0h>ZHSgaixVG+qR|O1#5{IFVO7H7GaYcVv^wHNoGy9e9vO6(e z>boX7uP~}#bnqum+6)CUz01M(#yac%cI^Q6+_X$?YlI5WUX6d!=xO7lcihp=n*4EC@S)J{gAXp#SbyH z9e$+mNz-Mr7bH)fIkR+;xZQRiAkT=VGT^k*(wR)L(|Xz| zk5#&v4DbcvYIYk0*Po1_dTzPV*0jtDT!>HszzVFy^_J$9q(61^7Cb7A> zd7PbUG!^d2OHJEcTyD$%wB5LII}1W|&M|gM(IIh(pu;`@=vV)wrysVFmTmp{PmFP3 z@&onp6?+KYHSmVMwg0DeU?WYGFHjkRV-5A2Fj7>Y^<;uA_!LErY{yQAhy2K^8y`Y7 z;Tn3z-#;>?XThq)lP%)(;fA<>%=q1aGhQtN%XEl|djN+Gus}z{)f9U6LceXivh;_G`&10=@Ngi@tNco-Ay->g&iOiI zZim*T1Z2;9$xw?Is*V^jJK%Fn;E?bwQN*R&#$|)wJ91+6+*xV& z{_3^yhV-qOBkuN?7Z4Sykz*<<7h}&%MWnPaWDU{blHSaP*VQ^w*9voqEqt~>aU3e}bwQpWK` zB{WpoZdA6i5o=~y(4}Ovh^!tSUatgz9&zhl;M+z%Xlk1U`Xyp=8x&XYVGUAVaQW|O zE(IZxDMLX>e?m4^MF*XfJ0c~zBNA6^TGM>6FaFlLOVt@HI2@L22nkrOA(CMjBk&F^hkjN%Rb%+*z?NyWcV(9scnBM<%V(-167 z*a2!W;h=_>?%M$v(77Tg)7h79o@h5jT3XW4-=lE;tHH9#^IP@=oSsy>`1=4$i5w>Q zsol|uiLRxjS-*Y>?d03qmt*v|CXaTUkSOF326=GhusB-vW~oUj~H_73_S_PEo2COu1ouFFQMiGoSZJ zjBQppLF$$8DNzl%H@!JTBrCYK0?E-$I^?5Ao-N*=XnJ)qX-HcXeLop#Ld3^c*H^XT zD&s)qb@i$(4Ht)(_37{f)x7U;M@LsNpH?CVtEPm;f|c_Y&K?R^2i{W zlB{!v7c{?QP#+&Zk55bW61Nsij-pw&vt+J}&4!(pc$B07N%O$wRmk#*DIFaT|Q)<}$(6 zO#UIM&SH5AH(2{H0R(Xuso6+c(Bg)}3gyZ1X(GpBPWc)aol7m8zWI~=PvAojU_ixl z?D%nE42H+MI`P=>`hC7}D@T?er5;K9q}!sZdOsyW|FQqGroC6IckjLs7V^!b?{7%? zb`Pc?sn9rwJ;lVv)uxNY9=rLl>2NpejmhIK#x609+b!q0a`OHgHx~R^apAEul9NkR z1-j!~NtCRI8nyA*iGeHDyF54^9wDp0v0%jSpItv^?5bN05JTC|p5Y*pcKbF6t!3$~ zuB!(O8ehL-puSg6Wex41So^5fx@YffzvWD^UNrN6OzCzhn`f4Fsf>BtZ{6I*+kz#u z4}U(tqCBLw_|KLCkvpk#y?VMV{uOa~m0pfgUS7|fh=2Lq)oW1jEE&L7qrgCm(zM?% zg@>`s^veJIPm!@F|GkysfAK%#q=%PJph0+B`!60KoX_}*gWRTLjpG#*B2s>vney{O zr~beBvHz>z`!F)%(A*~{u8V0De}7y1KOaH8N#3~HJ|d1qrNQ40w(PF%+UxfHUPn`> z{CO959v$L2IjgM*?^JBCU63|Y?tzm31Gj9y#Kd!3dks9msR8e!}L1J>PA zT6pF$!>>u^RhKlk>ZW_Ej61^zyH}Qyq^z`*93t7T-yEyz3+8d_bRM{0;4*QB`*mxg zIeuxLg8U`{{_rDh73bIVOJ08dP%3qrQoM4?IN0qJR|IC$FJFm4*h%Q8CJ<3F^|2Fx z;kv-y48EKD1>VEvfpc+j-^d&|@?G3h$^0w7-pby-ZO3Mx?xYD}W0sXw#4XrRC*F45 z$7Ary)byeh2a1Y&bR#9S!DZfZ!N-oe^YW!LagEbY*&=i)Qd7|36`LXjjwk7 zLDSYB#ORj!w9Ed0>&+IJmVjp; z;*OIOG5G;=_`wy!bHtuCbx)oMAPnzjEW$YIUyQn@V!N98qgo!9Xhy)O`8x4+V-OO2 z4M+i^oWap@K6yMpwvxNS)5Yb`H)!D{jPDiMH2rbeBFb9i#6Kj5zVyXSH!tr=_EPtS zFM%%U>5!{`YEo_IV~Uj7n4TSW-_thjLQD(tfk5CGw~A!7sdTZI zV|sHH7&0fD&166_2NFya{BWkdm!Cg<)Ts9)8_I-JN%|k8$^6b7gv!b_6vb`5>B3t< zwE2PLs}rAo@o}K(76>m|LS!-~lQI@XnO^l0mtqJQbq+o;p(Ojf9W{zvj6E!Sba(IM z8Ug;y7tQ6+K*hX_u`mnJ*2GjHQIiy`tKcV$a-vP;qauq_QwnqFMCfo2t&XPkz-~vI zNS%{b-7*zrm(5Y^g;*PHYIhT~ZSicdKd23y$IFmw7Q|XwZe2rl4pbm3Exm_o0626) zlGMv|3HgZ=?HSc3O)>Lv+PqlOZavn9&}q?wJwC{04jOpm#8aSj3PW{t zguHtO7JCh!x!l;;k$b~@AHy1p+a+!1gpBi)05G7~V~W(AzP@3fcHF9ON78+}+^%vJ zDIezK^DTGN>KSRCo7XxWDN)s%@xigFyydUkry3fZ$Bp{}e}g!J$+v? z=chKKj4XKi^fR$3YA7wb)GuIJ7$9BaRN@l=TCTZmE`pA*%Atnd{P=tBPn~M|1v38E?gujN4#AH%_ z9Da)E*=elVvq2RjSQsMBa$(t^#3i~e!LH%O#RI{?;aQ_lL$JlfF%;Cyt#9X@Oco}g0dQEpDtJUH<;+r0 zn6KbRqk;8Q7#EZ`1?9LaYX=asK}P4G#DAYc3H$ZRuyiDtImj<9*DF?9vs^7G+Vx_@PqYw(t6}EwkQrx63`o zx=cTd!)jP2uJNj3%8D5Pp7rG?VzgG=|7G4{;^G6eK`7?lza|JrKv@^RD5vrS{j3Fb zWgRT$6gYA zqZgiLO8o(KXn5=<3QysaqPbeS!H1kPIo$b&f8a zm>Ef|BMlzyxsH-`6R#8v%H>gY%<2CsvJOG1rI%<4NR27nX)+5I1SCSaxd#XCHi1LH z;*@_+FaCuN7>5L}S?=Y|3O+7~AXt;_%P*W4CTm$)2ZYdb;O?CTg%*{$PvI!F4CCS*v-$V~Et zR@|qcJ4h*Fl8tB3>C+7mrwcQ5=g)r?ZI+Xn`62w~n(UF^_Ayk@!6EmOAndhbD#t)8 zcXo;=wj?r&8}x{Y?5Z)(vOX#VeqKvnk2`ckN}FEcG5Bd!!<(ePcFo zuh%K4!bOMQlksMBM)^zo%&3W+LR?GoX6Hi~E9e`wIBvb%JS@2bJ6$P0%L94m+^iM~9!?#xT4;qy0Y_&>g-&yj8~L6Bg~R_8yr`um zv|(yTxYCIShu|mmz6to; zkp5=l14sHDQEe)pSueYI)jL(&wLDA!255acwxbi@bFyHp3*^J6J<#fG3tRhiio-lZ zFdsSbSA$OPT-It7a`u(`lefr9?DA$^m7Yud9W=zECOlyl`UVOSVN*fwrA++iA`H%x zE#!adPKzI@m3ftrI-&PnkV7vCPQ^8>g*oNGL6f?nK4ln9FhXjMHHp)~{DmI{o<3!k zf3dSwVqpDZ+J073u>yDTgc+M*2m=Er_{bF0#v~=}IGJ5lcXO;-k5#)`yR~l&FS)X4 zqW3V0)!V~wuGB>12pC0hOTBf=2vn09c3d^=-i_}4D50B=FEf_P%$V}4;5!lH2ud7c zw&UOUcJv06i~LSZ^-gxuvD++JD05>>aGBHRbbrpJ-PIX$w(bS z?aPx-EIqxv7A!q6nuON7Z(n~+sX=*ea|FzY-edWNFhD6@pU!Y5m+R-;0{$u*H1q97-uUX` zdz*Sy?%TQV+BD70*>)Rk7AK`d&V91?qrtTCD{fpy9I4cFW#!EqK0b!w3(p))T@o^p zF{Pn{qB=iiAP4Tt910Cr8j2B+HeU6rcq{(t;0CgHtk;LIeg#XaWjFA#?gFykwTm+` zXS`tvCzbrEYV%_D{mncm9;&ch0oXU`pMPvf;hb(S2|i~-HaIBR_)1*jeUqj4`utzz zeOFYKS+}LXmW3G=K?PA!M9GpVNs44d$vH^QARr*wQa}+Ek(@;(C&|Jgs3ggfB})(l zB}mTa&SO>m_jbSZ7~S`wM>kJY35Rp`xA)p>%{kXxmN=1uFtEgdKv@7ntqqS8JzG42 zf*Yu4L?7ZqFMvjbkwHU4I+7C6hhQAQL)fBb!=J&A=3^cT)VAb z&taqZ8eN!p6_ARQrv#B3{rK`l9<4Cg-0%^WqI^J_k~Tby!4;%iZ5c@;79Ow5l(Tsc z3+e6ai=0&n0yoU?KnP#0mq5q8`y0d{4CQVICl0C-k_4j?6`T= zK*5-F;ZrS*-4qW~bR_H~#3gJB>fSQ}j`Diz8%VnRX^Liw9&Ymb8p2F69o zT~V$he?fVR-6P|lWG>1UMvlxC^$+?0SX5HmvC&{xe%@OOzPzxzMWxcbd^ z`l^xeUr;>I9ae*T6c*mXGsmw6mnnxtN0as%VlTKRkOSAE`4yOoNYi$))F=?4$K!$u zgPxwG&GU(a1p^N=^LMbTsWcc0huRl0BNxREUY%VdXB1Z@h&2q%Q-5>w&jlYbL{#^c zS;!Vht($0w2J1zD-eOB-PY0S|Nm^zYFv6}k0&c>2#XeBUyhiGRlpUgOb(Fq%69^}d zkt8T2A~mE1TPNr+c1=Q}8l53WWaoF&L4(il7Vc9$CX8l)l4=)Q)U@$LFAr0p`tN8(PUG3t@C zPV4cW=X;fPtoL)i=j_h#S^xm~%pJKHDjyJ)$W2L>=^*s~1}0x%w#BLJQe6qRQuPqyvRX({?D)PX&c(6cW)K;4$mRw>4dKFKT)yjgWsD2CX0;bc+Og4N|( zXXi_#AHt7OJS!LVQO#c1ap!1`gK>QT&3LWP!Qncg`+Kj%{rI1d$UdR^=s7+XCC(Y$ zypt+_OPB9<;Z4OwejC5k((F&5`0HigN&4^k_q2_3|2b;ofBkLD@btDVFAgp)=4rOS zUTd4YE6TMVG{4=+nk(P=w~W|bKKWPw9_eS~&shFr_VNGRw>}`WF7ooS4G15jrbf1~ zv>7csz8MXFmS11OxPv9+BDry#QTM~TlP#3=gD@^f`@{p-fr^WlesAOW%XbCJ?kEem zLZVQD;u+Vd-SSs!#n(uM5&Ek-o`6~f3ir_{2hmJ5Q+rh>?&;rFB<}>WAx}X{jyQ1< zo_VL!_@r zU}#R9KoY$SRi=fxd89}*AQ(s zL2YV9Wy_L0#;9m+Bg-A0L{)^^-Q|q;9T7jne|FnU9d1!v4471R0;YT55QnFmyZ}<5 z9vhyn65s|qgGEAv59mf&EfBBZ7VJ^;q8^(XDD4GN2==e4x7L}ShsP0ECDP`3%gS`9 z!SFe;<`YPB5f>3!UkynkPP=1OHhS?cljNd+7RMLcfvEweGl>KkVHuLS@rH<3LmC4~ z2pcJhkAZby__@;KO$c>eZ2!v}f27UUTwCh`fQR%6+LQHf-aPG{tXsMU9QZHc3h`^0 z-X1zQ`=ESEkd8r!f$BK%_6jbH^3^dKIx*lTXfwupK@-_8Y%F&Jg&pt%(sV0y1*0>{ z92N}LnEX2g5EL&1QnVjrs`xCfB`hj5CzRl3JDh+qaM%r3;#wlz14uuBLx_@kgHcex z6|fJ#gK8NH7R6gwJ1F+hSd@otfolXWsnat(Iq3>i_U_%g;8avn6vca1s*dVm(%s_J zK<^pMbTdNHjxVtATDWhqM8=h*b!cHj1?=X98kXj4}`tF z7a$J&AxuQ<*p5bYz?`HZ7$9pw!s@y%A?x+QriK&244lxE{n4LHz!*`@GU!o<@gq;4 zJRwnhC@<&Y5Uy2}%TWGI<&;)|ONTTJf1R_t&S`jOsLLPv`AOfn(bd@r z6psL9Dsn-TeI)o7P1k@K_|awqU`ccr08eZw!1cT7uzg8m4uWcN$?$-;22~H>X#jF$ zB4baXEeWV*FI&Or1Fc9Q3j>2;&`#6Sz--om#$;gXtHN(DaI2DrehieX097C<6@?Ip=uuVZDDgai} zT#`S48zOj;de!14DMe2RII#!|>+T{ke%O=-2Cevg5_5wa7=$K>U4#HjxGNkXd6~fN zg2WlBS(*ab!)xISKO18I9;ITdSPPmwu#%uE_R^8^TDbX)jWO_eA`O_BMH2u-eDIYR zA05StSE0QC<^L`YAeN|=O8o`2pCP3OgJXcI7P@<&ACjn!&`ag(i`w&1I25F68S-|> zOrd}Zo5pN8615Puu)4zz`yF@?$#VnvJkamug$3okfD^w%1qiV@Wa$8QW+39DHpO*8 zn%0YUMu@k-uku-ao~0_@3dQXKZG~8*B{4qX@i_}W!>X>m184p-r~UFGBJTjtU{7=!j=8Hbn4U{T~BgUJF?d;nwn zaI!{6QODeejbife7^4=#qM@kJbp|@eMa59u6%Gh$sF#3xBDxk@biIG76{HgbhLG@d6QdY#GT?Q46=wwC2PPo0Z#6Pn znwv|zq=9nxdGJ714c-X@*sCQItZr$5O<(sAu>FyblWv2A5nx@>IIk*N0$>vk8UW`~ zq_v`RW31`|!MDhu>F_iRHR)WyLp;>bm9U{|f&39nE5L-h&;GReC9`IHgI4$A;H4Cp_ z>nX!hp}U;h>a#pU5Rg5%3W@h@#i~^>L!N;nmGB$Mni2#Bb4cUj@^S!%i6HW0&w@xr z9j}*_Sc$zr$@LWa5x_?5l!sSuq3alKTCx--l;viJDe$5&^uV@(dK@vM`0d-#W+`;m z3?szzadLv3YejVi?Iv?Q+Q zeU_xmaape{#4Ts#%lH3DDc9fNvISs{fJ16j0EGjI9dbXYnxBm=?V-bdMpXm8)%&1g z89yM=U35XU@M*C}(14@`&*EAXFRRxGK8PO5*z$5O?69P35y%2ja^qk^t8)u^7oZn7 z;;3@)6&%FV5OH65laypCFaHTypU*+0Z9h=equ59M`+}BJA7mttsd?(Esvugv3Dh5% zWw6N%b~GE-7;g{lF(d>UwfF0l_Vq^BaCLlN#m=2R+?z01#t5%m5gB1GNDFj;tGoP=`P?LZi9g5W;0V{wUO{ zq+xtn@leqw9K(w=dQ5C@h6T)jk}>@K++QnCa^O8X)~e*U+2WK~KEgR^gD{%u~UdmjZU zB)iubEKza*9>%KME$_Os-fnV2R#uE^@71dn%b}c9>AvW}#Mj*}c@Pa?w&gG`JN3v$ zJnPZlOIY!lLTZgr2!|p@GATb(^>Zg;Cl6}XsmsT2x7|z0^y`f zZ4_*o!jJ?cL2-}aZ8Q2`FOU7x(t7#NQF|AdxMnX8d1Ml#bpA^4@CFY5o$LMYfBXEp z-QU`sZFi#3ZsRl(n33M%Pd+i9J%7FP|Bk==fBw$@zkY@1>CxE= zcFTVw3)^Pn|GkN~UH1FuvHjott@Nw(pYN|qnl^+d6o2(^(wQD0WWgk-6t%LkyXf=b zaXX{OXIi1W?O9=&UX8i?1)Ulga@3J{O%Atep^vZ7L-)gOUsId;1|Q1{6xbU(bllMr zAY6SAAoTRH%L2daOxb))WAqW0g>>7N;n&zp?<@NrI9Gg>Ia7Pl?$#}q5*kU>(z$BbQL4H_t)M5;NIR>syzpaQ zM<>0t$JLIzJr$lRLSnL7g|3AW2bi~OZJivnTBY@8FIW10Ina7ctvIo?|8cqI235cN z=7>b@7Mm8KDlJwaBj|9xi1(zPjBKIU)_R|XCNQBOi9qELz?0obOcR zR+d_n!PL?9&Tj;%jGY}n6$3{~!wzKbnb8kimP^b~dbR9c6L(b;tN7;3C)bZXXKW+I zB!gZE5uCU9-KJX;{J+{4H#Hm8#7A@1D4AEEhHAkFv*hWmp>OE95_mg*bM0w6+|8F_%*V$!hh`S;aZP}=D^t=9E>xXq6pAU|{Fbt$NwlLF4f)$vn8ZnwYpW)U;{*QvWZ;0na{X1>C+ zv0jGoQ)&K3-nj1=@40L3WTIVOZyK*X4)qKhH(@TY47*^=H-B4VW8`kWN9(JKh5Cpn zFX0^J4qxfzEb}{qt#QJ$G2LQ`8Coszk}(Qe&p%|DGKiIN&&5^jJ$X{+jCXRMiTcj< z>B2CtbKVE%1Yxb}s`z>~YMps1 zGFVD*shlT-`5c^!PQQ1+Wj;z{RA5#ox!uC7vCRL&a+Azkhf9219iJ1QnEP)@4|NSz zr2K2!O63as1ig`_=)>YyeXRx`PM*|a@|LG9d@ZtGV;ed*VWoRLadLBjk>sEC8+2E7WhU8mUvbav_Yl<2ws@aWifww|H$zABmRvFKy=(lwvn zYTs`bk5?k|J}AnN_PIn4D}_H_OKy`q)gXO?ljznZkNaLnYYShpna1jT z;1jRnTb6b;!Co7CFKGoDjumopZw^{>U$8dQEiC^2qdJ$pFML@8&tU7LGxq@VMw!aQ z#iq(khj-0FZH5(#ax6!V&z>>o?plG06!0@ppio_)&jnW>Twh<>8t)dh(Y1k_K)FbS z1uL)(^w9Lb9daJ=)w}OYbaB#$TWOo2Bw9e>ocx5w6Y_qx*XMJ`8-!ejR~~(pg)Ias z*0JXG+WPO4V5ZtX;Ns|Sh?oqDq-40hQDA4dNJgD1C|Gcc{|&J==;NnPZc%*JRu;B; zQg03dC;Lvyd*eii<8fq+wT$S!Vxj+>FUc;VH;4)je)$IPH;PzAEE9MmU|ei=T~^i- z2TH53nBd;wSUDSy0}us^wAX$k0A#g3NnIWu87ak3k~eQYg@=Djkfl-s^Xl%i=TWK8 zhFc5_-zvxl*9VI!p(-q}p1yJBtTjy!;{mIl_JO{Vx|{@A3|lI+8dw19%RVP3p{i0` ztkaM{8{wzm5@B9@$g|nKgG|(=Tf?RMcx!+lyIOYt#(W?r?dH3D55=vY&5hUO{15E! zUENF@>mM!p!$o6)Bh2|x$%(5Di`|{X-9c;5!p?@(6PMS^ulBC=CQ)o}?)p&<4Qr~9 z)#fV^)dcYeRPDi`HoNO%9V(Wa++C+`;<0Kjl)lg-`xeH-#6I=OxkAugTGk>!^p`EgLaR*mgmrbtNYHD#pop@~bv#8kUn8;&Z z;|=~7OT`9_!NV1V@Mcd-p)0j3`T> z$$MW(}2hQ8GtrDrcl#QchM%vQbwzlaMH0 z;Ji3{eabzbUAc7EV)pGArS}8*-qMG5(D79BW{lXx%EuU-_Wroc@xlx%oY>@%e_Q6Y zh{tSd4U_lG*88`*G*NaZIay0EMJX&wT=F%JTV*1X#TNd#G-8R3`US@P(!ki=OItcL|IT zmQ-!VEX#N3MJYH6#5^~S)fHKZ%gEa5gxti|zu?b64gW3D0n?bUAQ)s#^H>ku*rgC} z-sOF>x$p6jj#BBNGG7%MO($aZZ8c^?5GDJ4B`C%u`gN!MWdqMZOGWSA}Tq zZ(&YTxYA|nDOs;6aP+YJO8BbIKDl|$w!_=E*p$q&xRdnB#p9P*85@!m{r@#)EqN@m z*UWzRp2$q!Lg(gbFfw5m^iO+#YbzWa5F&JJ2Ma*qL_9Sy{_e_Rp84gQA9LSgB%t2f zNB{-Ubme{?lZKBXTY`U>w;Gkx6te66baJxMl|KbU4Q_*{*11(34X;^Q0n~3NS>c7U z>tRqa3u{K0_KT~z3@1x9)Z4wHTdkOCmy(%1ECR zj6q$`?Vq{=K}u1Sh`fzFd(>1nK}JmM?LqWP{k%_hNF`O>to0toYvp`pP9$EG%Y0tg ziUa~^;h>lEV77;)**Bpo3FvD&T#rC#FOeWaX}|PrP*RxSm}4>G}1+|yiuE^vlQB*kJU>_V! zbDJJfJ})+&WN7p}EFy8q@aj6tc9aX({RnfY=*I)BkhGE`<`=VIk6eV4-u zcAJ$+AwJUJ;>1S1h-UFxs#~Mx0h@fDlq%ozl#y?L%Q_WJob`T}n~=);iB+eip=huz zZL;=Vu%z=e3$gCSbCpd$w@Bh#K*zffi>b7hR<7imgF>C-mvwENq6ZaniPytJUe|bw z5Io;T)+@_pvdz0ZcJfo?WSzRVea|Vba{u_0gJ+mIE)nzYcfE2U-&wWU$%(V+@5#I))saq{X$ z7O4nQkHR4Kxh}2$Y2UVYmXBQLDqC}^^}J%JFW!8%aJtAqT!~I>aWWL0=p`~)OkBA# zl24=6bH_~cv-VJ~&g4UOL0DgUyYlupm#2Jx>|bcR>rHzZ{eU2xuamTTo`$-zS#~NT zGtnu0`T;#hcg&>(MrbP3#Ap3IMS^qTW zIE{}r+oV-3N<7OP)fVa_jn9{RMu|Rryi&6)R7T+KZyH~B7Bm;Fw{N?=i0dkO*!Y+r!L$A4JpFwcRloPKt2=bPUC3-#dMp()v}6TBa=%***tyfi zqcCooW9K(e;KCu3Trl5<b(=bE76;T-i$m`-n09envUq=nRbpJ( zrt9(q3^7-s-A|oD@#Fu<^~`2vRq5*md(dZ@Iw$qx<0;O2uD32hpT(C>OaMhSHpWi$ z)CQm#!W>3$TyLfxghE-Tcr-$UpPk*dyY-yN#ziQ-UQrU;L4Ohmw#4$KX`xg<=71e5 z^mO!e$-4vSA4+Yj+9O;*mZ#%l)@=8ll9Jh4;a~afbMl(ERj9t-OW32Ck+0)^S}|j0 zX{CD2OepQ8oBU~}hZmU4c5OfN=jA)+{-j@*{7gS8p1cs(KQlfW5YZ45p*QW##V0b| zM?*u%d;7VE(U@C`{%~A#q5O-Sx$LYPgM&jK12e672|2B;+CqTaZeB5;*nIKj3vl46 z6%)7VtsNKz=l@jW!_AA^x9_NzX}syBbB>W=p3Hi4 z-+bG89rlskU$=c=sUgdH+Tv38GiG1mr|c5WBx63r|++}k9?4;GHp-QoqF6lmZz$1`ZV_AmkEZ@H{&-H)>>`XmX!ox<5k4=cogxp%C+F8vapkeTPJe1vlr5S(oJhT-sgu>~)uT603+}CmoA58^Ow!X)(QO|HCtF z5i`?wxTn^c;wT@~9!Z@iFciDhMOx}no*aLWRk%{S>)z?;jSpIJRGJrV7By~2a?8~g z?0ewH)ypDbTzW;E|7K~5N?qdf+?;BQ`Y>r{w(mPOSCdBClA6_Xj8cBi9{KHx{Kq5I zPcl6s1U`ag86Kw4V9^no%HlPKXC+qz$!}XFt?OZxL11!q-*gn8X+zA>GPZLe6+?4( z*vu#NAV#q1e{P&JyE<aFUPMO8r?FDkuOAK${$zH0id^K$yBA+> zgw~j=p{-zKm;yj;x7AW#(NJKZzYSI2C-%6|t%RhoY00W?uB60k9;Th?<(v@>py+Ed zqINDWCKAm672dqe6vD*pFrV4)R)0!(<+Q;T*`aw@kA{?5HWy?Srm{W_o*W&$EldpC zdvwmhe#t_Uea%o?{jHwTgQ%`nf%IRM`Rv%iG zLwf>EyjFDkntdWF1UDJE863l3^+xkNa>~~3%c2uY?0KGYyU|~)Ws|*RTCd1LC17U! z{EyWjM()HI|K-o$Y<=Ap<(~ETb~B~C9XnoB8~RmLf1ktN&Bq4Kp~~7^Iu9OA7pJ+c z4y8~HpI}OjwHcboDxos5OO*J0(YLqg&N>6Fl2nxL=6blDe!k{8!7v_+f{6oUnyr(E zfA+f%z8erv9_@ea~k`5bQRrFRZT`rWp*!4zrwwupC2 zk(}m^waL#y7J@lQ*UJtbx3!NJtT$fcjI6l88N%CVncCK?Kh?amx{BNEM<7ew z1i7>41u61_ugP|`Ci$^Vjmr6RYP@CeBD4jsD!)o1U{5PpUEpSL2%heww6wrzydqZGSjn3zs7 z(5HVc&S&pn4y)aYDDCZ!VGpaXubcK-XxZ)~s?X+&kmllGnv`ID?YeG;YMSjJ+rB7T zO_jw4BRsHDW7)B6Ly_YprzmO921-r$b7@_{0HfVejl!-A-XkJG^iY}6tpBns=oU{hPK>Tn(y;5377PVeNV&cQ7NS2w!uxIkNGj;<5BdQr|QDZU3 z+ji8~pE3(&?aP7^bI?oV-sy)&Ka?H1$ZI9l*iDekO;=_ze0kJ#rYDzkf`rIPO0ot| zJ_)e8mhtR~e}Chxu{77wDW2u}a-A2GQ(Xrm*Bm39ilz%oRnD*dUMXL9Nrvm{${}+K zwV1qY!}>~|teNN^$sKa48~l7tminPy)vTN$Eo`pxWrkO7Jn*|x$~~Dyyy)7b*}3wi zvxbkgt2Zi*P*7e-XtZvMw2PZoaw_Bt(@k&C$&3*130HqMbF!exsPL#q$a*NDd3}Aw z`+fmS=F5b#q0XTmf0Nv2ohOvK`>#9O$Gsg(pW0<(nVy6wXqQMRT?RWW9JyxJM8!EGxe0u zoaPLF#k+0WzXGJit|)UBuQ|(~C7$qO z!raoz!*yM^+O2whlIBgLAibQDuKYgs3lbe@LlI{s_e}dt%jK=azmG{YXt9%-G9Wg$ zy2(*6!m6!9eUY9${;Il(z4H!wGT!PV(1qhp@{}@qL>zlbpxIA$`8U%4Ad>x87uvf` zr>pw_=jWu^`GD1+WODGU{2kC$FDVcZL=uPc-_Wq5KDSx NY4Ph~nW8uE{RjQ4lp6p5 literal 0 HcmV?d00001 diff --git a/screenshots/hunt-1.png b/screenshots/hunt-1.png new file mode 100644 index 0000000000000000000000000000000000000000..aa7ae7c1ebf110405be5be9be43a33714dd3ff4e GIT binary patch literal 140926 zcmd42g;$kZ)HjNv5(-j+v?z^$NVgIq4T6Lc(%s!ENJ@!xH%NDb(%ndRcX!>%d%tte zd;fqt?%jhi7#sF}_IlQubN*t^?IR;4f`&?fihzKCCi+(B9RdQ99stfQ!3UtQMu5~x3!zlA{YB&IQZ_a%nu>t?z*p{TnEYmbxIKZH?4&Tu0S zq`du#{7}lg9mg$lCPnm3mc*ElXAvgbJp}1F%TyYKAY)A4XVKwbPsqNJ8PhHKH6rH; zkAzSy>|wr{`#Oq`ABoNLJ)cvP@z!Sv!HCEMs(2c=-T0K9p2ak3`(L@Df6jfie^{G# zUsteRe|*`$IKU(k{2EIPu^~7zU}L(bxbxFpzmO#_sUmNF1O7Gvhfjkn``Q~P21`~h z?vIQHmc1mb3R~locS4$cVsyWBGHOPpM$Y;wwY_6AimK?3EZ-}p{-#DfLw&J~`b;a0 z^CJ$gTa=Cg<{xG@<8NxT4;2>}F_2C=8xIu+=g3apy3)z~|kFc%d^+0r{#1s?%%7&jO4c0W#TL0_e+~V=tOW(k$KU)9_Dj^J9GF zd4O?u1)g9LOGD-(n!)B9dTyeemRN$8WKG^aXc;e6$UO#RM#QcflEI z4s?P)2IeFxw})R*t=xO~n(;9L;~!-Ehs{rr>tAboqZ+(E3qsMpJ1QvAioNG9kYG-Y zF6Qy>2@|=Of&gKHK*nQQucOzjy*<4&D?HYB*S>BEy7Xck+&g=a{0U3K-9|&s9=+2; z+580&3gcI~nN)Lz7$mbV9W%5i$P)Q` zOEgP9?|rsn_W0!+B&}~24dyQjB5*oiO7NxOSRq(pSz!+N+j$Ozls8`Ah75i5%MdE}6+}N2NpGwFCmGF8MBL|Gcntg&f=0 zIq|+p1hS*@BsPdP{D)6%K6|D{_Hh);e<0hW&T(f;%1ztKAjzp!sS&vR?#M_i%${ns zvU-qnFn>^W&_hs3@Eq++Go?S5|3?B+7Ci$;BUG0AEbFXQto%ky#TUi>#lFP^B_u}4 zCG;hD`iuipSuV0p_P8ct=g+6Izbd!r@%DbPd2Um0qp%{st}={2G&F$L8@jU9Uz5O{ zEi%0SSA2-Bk2{M!MSAFX5N|bnC4Ru|kBnaa zahp~Bb6YKVxA3|D2!<;yivk*;#Jw6g86lo}3|=H%v|q-Z5T2!<44(zw;kcWPtdG)o=N=O7-6L~rP97;VJ@Qrx{r55- zU(j$oE$2Bg@YeBWNpT?IVbq^GatK_C?!@acdvG@~rgt+ju%WX)%=5Amq3Vh8>!z=I zv$nHz4dc%;FvXvui&O_5_)HL-zG&wWBN-x)^pWz;^|`{BCzK-^Ampa9eZNt{vB@E; zBFDqP$947UVnv|t8#gXGIS0i8)r6{css3paonHxFIwN0^N1;d6g3wb+Cdys&IXqM9 zGGFefM$xfYmU^vy+dZ|tnp27kvM*iM3lgNRTUwpk?bRChZ1`>jb|i(zD&@liy>4>)z}Ae5oV zoyQ!M{6}-kjq%$g5Ba7Xzd9ss;f1K%#;3$R*Z)jlN$`f?n}3a@g`{fwSE&-VD)#t` zp`~H>bTlc&7+Lt6gwg z72wXgoX`pENY5)*<+KTPDA|qLFY#QL8kU|iue2y^s7Rho>*z|88tz`otx(l7bC~3E z8$Uiu<&NPVu3WaWoAj@A%A-n5KPI`Jnz=kU&m-05f9zC#gt;X9M=P`?RoXgE{!(}M zqf4IEb|l|)?Yi`{IKGYL!@3LAqx0}D)p`qhsXd4B!w<$D#*yrit~nR%H2oHD>nNDL zaLc&TI;PuKth<=KY&i@b3H~zNKRj>7RyXA6v=cjD^|vp-k7}EFD$s@cB;#-oE*p*f@dvKh0$X6EJ=3Kbf=!bh*j5T&H<&2+s^;SWIkJcfc`F)Q!J zOVc~Z|A+j`b)y{bNeTy|%p~Hg1ylq9Q-u61A_D`=Yn+9;C*QxWOy1gDwg~sHxkfJ32)d-ytAsVKZQhV~ZyXAtEB) zM?`+X^5O;CogZ&rm2%2c_aWSkh=@+Tl~|!%7)j&Za~DCn@{v9v{m6F&geM51La*iR zV>Tx3lyF+Ek#;H&U$4=8dcFAE2j_0+$SZjvGFnzz+*jG^k2WaZ_=>t3;!rRN3pYL1 zy2}#v1X+lJ7I`G;Yk&6Vgab!wjxAR=i9%C!jsVTB^TP#)LUwL$?kXoLyZG442O`N? z1h?Sc{?Fry2S&Zi0P#Oh5fDC?AtyEe_jCvA|Al8iE~2*(s{P9=|L!5CTROT3A!9z` z#nPi00_$ejTNqBbZ_4rsc*|;3>+5V+gF#3NMbTbbYY~Y7>Yi znm(<){O^)yh6D#6tIZj%wU2MjQfK)3lH51jz}1_+tWp`S3|akn|)0yMQbB~@`{A3lvXF8mv6Lml@5>q))`bp5)$27YZ5p;%X;krk- zLG|x@tKUVSJw)yjA!EOABPxlT^HtF}_}gsLX!EE(KNOx-1mao^I@TWX-N>o`dHgo| znz8FfTsCd*FwUzYsmj?9>47mDD>zr_OKIf0PP>*|W`QHW$bUAyzWMB*Hz8E>c@ta@ z`@GEkQHcugbE|X4AxkafIM1b~iW@MSFj^(}@1?iA2@o--I2&bUC_KC^=OP7MTo8*2 zB!#>Pf4EZEJc>~xt*O2GZa@6*Y z4l0R!rCQDR)2^2|k8n7Nq)bdqR8>`xw)Q1S{#zFdB3z?&tR%j&f|30t!Ml$i3GwjG zb-Cr_@$=)Y)6-2UNl61MBO?D?L*kJN_U=~w z)`Iyj&U|&dzhF83guL#z5!KxCwDnB1#F2fFA8LtpHU|{N88*zCSJ&`z*{VD9xwXA3 zqYw|XSsTo3L$xSidQF8ms%JdcC|b14!Ohi8?xC$$ccPhW_x7#1)7i|z#ybUtWcbR9bzgMy4gTK7CYK7K_-PH$fynTPXy)#R|<`TE9tZU=jNlbs!3 zKfjW)qOIS$dR&9qsKend5bIbom_4w0jf&goPY628A&#%%uJ-!+>w&zk27H9f{h3#QKd^^1VBo`an|o!+FB){w}N zp}x~Nd*hImb@1bKYUy~@uvz>bK zSl6|ptZZMZcsQLbQ|E7Ofz}4EhhYrLG2!9j$fpNIJ?bBq|64_l+x1mfF2Rcg6O&Q~ z!)ncM(NghoFR$1yp0&O1%M*!Acx0i$7r(t+#?MEVnV}>j|J>U*U~*=*X?`~R8%GhM^8PJlq6JYohjr<92vfHzA7r1zgY`XL|EM7 za#?(=Wt2-bR_w%YE@p#O<(5FCD1TzAKK4<&JO4z;PAx41gQ@L%S=sTipJqmSQ*Um6 zd8Mivn>V1?eD>yzpuiQeed_E7DyndY+-@JA<48-AK)inHasv}BBlyuWsj^J1N(>H; z933eyA8B@yUEUqRl>Q(W+Y<8jSQZj!P=0wAnQSA+e&Y=Xk=u36L28M=Nyz@W^7u$U zDxG3wQAccysy@fz@pO;z$wg5!Avytz{hxZ_GsiP8^h*hBTq?>b^&(xJS2LM`d<39h)*S8a>93~yUCuA`$#|)4NCGJzXpnvlDe^1v&)Iz;$TjzI&OWml z?;Gr@95K%0-+V;>k6W*_n0J(w4Ngnboqw+}yFB(+cfFYaTVO#4vS#dWI-4Kz!)G3y z7M7+w3?)pIT#-M2>YJG*XC~%mCT^{*#e{}7E$<(nY-%Z@^Wwc0Y@R+bO%J7t2)t~z zt9tch#+<_hS<=yXhlQDt4g;CZ^q{z`%)-V-O7m_e3Yn0l8P!zw34t(9s7pHS-wNsvC_r$~U>y zy0z`EE=Z%Vw#5Znm*_t_9d9*EE#!SfW%rIVV`uu00=L zS9fsh^8TtYCi0!!-0tRv2dkNBRDaq=n;II#HL)v`;UE<@k^hO1nM)Z})yvZ}Y2l~A zLKW9nE-1UZCPqazvhxih0gH=x9VgQbA_gYwa?z(}XT9bckO1-1SIztP3QhJ$ckNn7 zy15wGJaON6ctr-1KEptU#CWkv$-`6q0L>qn3>HvZJ8rPp*mw@VyIKO33+i*wR9OkR zrJi6sAmkcxyRI!CiSXWe;j?3^tgNhJECD~dOUy?d`kkfs?F$PgYLjxCTTaXGB*0znUF5*5g<)omj4>GSnfO>s|GEG{XjI!R!7XsC{vURO*A zESFB9oOowi8hLbPmLk~k>z20*CP2{2i4hI=zffv#=HYRtCvr0)DoQ|oX?fXXVx__& zSudKc}z+d|9SgDD~{7wN>i>T?} zACK%_-eEs}$^C04~HlJ(UZ3!Tu^w7^|u+z|(^&;To*G9+ zb2E1l`2RjTFIyK9$3VU#x%4cISn?eNp0<_=9cFi$0Uf|{xVM*V}|SAufxs>@@CM)S?lZadP?zJI-N7Vu6>!>xMplt)5LVgfR( zSuZZKJgQDd1Zw2=ux_4{BH2Bhze&#M>rz|6~*7beQ}trYHBSF7b) z0CAZ`GL?VfKyjTvQt`X&nZ5FY>qhG6tO+(^to4KA>E-3JIt!9}1g@#`CZoT8WvvLj z*7(v$8x?B5{+GU_q@;M^bblF3u)`o~Z6b!q$7FT$7Ck+EKi@$T3up3^&Fbov5NBzU13vOW#FU-129+IB1rA2cs zN?zgl-v>F-?5hGAU$h798(V`tFc^+?nt%A=^~CcMcIGB0H&A&jEG~)}XXQ-#VLZhs z<{iJ6I`vKfMc3OpL@@NfE$1E_9F&Sj*&0X>JTRoCrRBeNwqKLaQt0|VT$xeut*J54 zGcc&Y^0n(#ftJXJp({EpoW~fLB)BezQ2_zno@j9r97C=8-Us;m$Yh>x-sIJ~o5(9D z9Ek{>$Qu#b{_tJum%|W<<8%2D8QHeH570zj_)1$>7o8|$JXu6Kt#R0nyXy9&FGfFy zuuo)?@%D?LWm5LBH+mUB3?x@a0fZfu>AJS?RV<*{>%xum5%VYrn-xGxYk(eDNJ-r3{J^o7Vq@3FK}$2Z7KEY9L0MB?O` zpO&_a7|iyDRxd!6!xCT->(=7x0CBps9k~ZoVf6~jir5wb zM&D8Xfro6m+8iDjKSD!?y8l@o$()fFWVw)<^lG8WNq2XI+B{Aci((RM?k(p>#Q6m!&pd$8m2>pymL;dBUyq*ktnT$7MRyzZ z(PCoGT7RLG3Hv?2yTZiA{{3HNJ5x8WqMxx5+7pLn`hGsALuQxF3Nmwle0#m>GCJ*t zRD?fqS!Y-51-8|9KmWG&_Wr)UQOH;o$l<-Ls0HwIV_B~ zCLBO9Kc}M`uU@75;0kd0`d;Pqb-q#i&rHyJf}ZF)Y@9Q7)8pgrliqQ0SBzePYwLs< z0s*A_j+-A;oB{&GB&tdA@QifXY#Z+7-2lDc-2A-wHtNaww#jwvKjDKgWdKsO(vh_? zz0}r^m5z>XYr1OqSMzjy29u=v%*JCn4T_Q^d~+xK%syT=J=lD{qZ`e*d~SnA%0$7itpZOI`u!L zq67v9B~$>|EY z@xjq|-+<6^YJd;UE{nJu!F1Ye#~l*?zv5+Mb$|*qw!BMbRS96Yr<`0JtKO?O1 zdOExI)o@f?Pj`GpNlZH~s?R&V^-b2vDA zAtm5%LYE1@KLeF`_|Oc*k-jOCz*`j+V;PyxLN}Zf#H~~}gOn6Q@n|*_^o6@?jl6A;$w*JHb8foX@q+uXdMhg{ z$V$Eo^8_KW#rpdC-rgc4H?EzPz6SIa_J1!|t%JepN(z+(4+JhU6N&CfX>lDkl~fe# zcw2w}FQegHNd@ZX&mW+mTruxyN^}mbt*zPG;QjmlDNS#Jy8RPp*SGq2;(N>*Ud=Z@ zr_b?xNcuV)tSzvTZs0>#w|{l--?z-vcxCKzfA3lDv9PqT`q&M1uh>cFTFU!BGo$yz z_K>mtHI0M(c@JZ&Cig9Q37W%&*QB4)}ANfH* zP@Ah={qLU$zdzoQh2f5W9`-2zKYAvrmKA+;<0tO3u(0&^_fJ{>=lmrgwsy3&)vWUU z=9X4di))yzUj5IrdW94e9uk7>*JM^nxMK>o@ISXVGf9Ct0nfQUS6B0d`w@-)^ACh= zL*e9**7nZ^J$x-=k!5 zNB?Yx`Ojs4I|*J%+96CKwFaR5^S7O;-%4652><&t*vsh^|NTUS&({xx{QrA8L-GIZ zvr{&+%#4h3{k|mA$x32AXAY*utTERUY$7NkI=Quh#8c3Jkp00Bf6cjWxTr1FO zF`X#yE0rqsPfuS)B6ZH!Zu>D@@h_c%Higi~m-3JC@rijI<<-^I$+6zQf1jC|xj9y1 z)E&dQx!o16?z+0UdAZOQ(iP2qes+fXt$wn~t|y8$>yo}BHz8rB$qz5jD)67g1#3z}6J>|mkl zE{CCCzY4s0(+ukTy}UdTF|lH{(ryc>8-~Eo(9rRLP)@5QxKs?EOO$H48_<^4&PZky zvS>CFF3SaEr_F5TB26u=$jk0H-gEemg@uJ)Pn=Gm%v7OH2kg6EcMLue5fL69yV+EA zc{v9wD{ET)=Ua$yeyo-YZw0(zYvBYU-zSR%UM+^J!?nO%Dc5MYCoC*1;0;TI6NUXV zhbBU`=hYB}D`v?uewowJwI_9w{7%)C6A5A5#l_6UL!N&lg^6%cTE z*sd>081}HMJC^%+WAqu8kG>8)ea_z_L0MUg-h|h%XsqPV`+IvNJocZAjU|vP?04r9 zUb{OUZ*^st6c>N@_fOS|nVg&)&Q`WM-COM8zvkiLaRzS~w5EjQvuDXZ*i?=V4qY*v z%ukO;nuV~Qi3t@(z!m;F(GW_Lk^Cbepff$+8>~em@>wJ>$z?(o4mxb2gEX6$6qftGU&sAD2=;GoX3WpHL?j4IuOG|8Op&=myHBNQ{tvMgd z?%cjLU|D85>4{EEfR8VVygF8rm6f%A(?{7HzljQWq=)zJ-7C~9ULVX1DJwgM=V0;g z?d?HAXz1uPWtS8dp6&PWM`o~V4gGo#i3iCO0Bb`-n=I7v^Y`~JEoCDkCnM7s$=C3} zxO?|5BBFax5XRX%NlBC6pKpPT&Eax}MxO$vUz29RiRAJBk;GHd^dkO}l9CTe`8t>P z*Vos}j7PCBFlM&5d(bPe1c3OWlk!dU_JUNdU+#&w+nN|{X=$09jO{R)GYqm8C-0<@Xmv2*TE%6Xh0y&vDn+*02Pyu&~aKxASsyO|`Y<<>dCq&Fb(UKc=Ro zMJML^iD3z&e+tAL2netI8lQKC{-3BUR_`d9&G}Fw_WpfIO3DK47oLw$O91h};GnUJ z&NWD=eTC@2V;8_LQC`uh6D z#xY@GZ|qBc`}yJieo;};GmnVqXgzIhmfRN_^&XJoYz)%k;zdBXEEtJRSNl^5*-gnkvQ?|t zI5?D=b1JP@3oRGLAavoFtT+!r!VYSsR=eEGgA%lg48fX5vN4D)k9YH4B z+Sg-j@j&XI)C)%^9v z$xAu>FaI|kviFjR(%y*Wd)UVT*?=lM46G^-rjU+Qbon#-T4;j zIG&2i$|!~LS{Lrv;DCN8P=EjO!Ks9h*}Q?KrB&9400Mr8J#EMZkD$Bvao?igGgC@L z}e%pDGEL^$Osl7_z8@#6*P^mE5eqO#p_#TQM=; zygbJJoAQNbn}!Cx9)s4C)q(VZG)Zu1`D`~LGBXWeC6Jfm$x+O@oe5;~<>lph0Hm;; z1Ox>0&Hljd$UJzQj=nc9;zzTar77DsG&Dqyn{~*}FWvlk31@3KFFrC-IeJ_}rP{u) zu~8ea!O_uiI9C-a=)hp6oJb%^jn#5DI3{Tyw6zz$<1@#^#3Uspt*x&cXh6HHFIfb@ zB{?U@Wx1P}A$&Yfz3#R9JqHH|*0L%Hm$9)AjEs2@cmTze>yQzECaU9QW`W0wtpy(_x_da;{1@!SwClI!T~|X(J0k5} z{G&VPAGlT?{}Y|Ov~+aINl7b(F)>7{)C>%|s3>H%wzj#sxqus6a2RT8Q;QwpfV?5$ z;prI}Co6r=(#94$-1r4Ev$Eh;`K6_$RaGaUj|qMvw5^+3TDHf_wgIhkHZ?>=QL309 z+`an^I*MbXqlfFmfeo|T+S)PPc3V)Wtxs}%eA+VQ(viu$(22(ib?#R!K*oM7Go|o= zj}{RZr(~NW_|Ms`E z2rvn1tecygEj+&u$R5t1Iu=Lr&i`RuNoQxLv55)XARw$l&IcVcv-pUJh_JA~SG6Vj zf3uafn!jsYRoAj1BB3Ab?VX*i=Zy+taQVXixx2dqOi4ZDr zAvXOi=TI!KX?=LCA^4Is?8vPj)XNkb&}f!4(Zj9D@u8uc=>q`LcbfVxX9tlS7D;c( zX`esOhAkf)gsBG>2p4m6ebWOyt4iBVE}(KtAe42X!=5e`d;9k7H~s`oKi7ejude!& z@=uM9M&f6PX-DY3k&}a7SVm&vYgyR>yX~p_7NyAsOsUhwIZ!uSs0eJBk)q2}PxWk}D z196d@oVC2n$aESJq0 z=#x@_HP9_wk4OLf`SQkpIOn5?U^A6e3^ck(@1YTpGqnrhY8Kc-)#JZ9nFrybrKzc} zVQIMsj9_)c2*_62H$l$__%F4QRpS8kplm~xqIiQ1iQ65;>WA@8Nr{^G9^H7J48WUy z8LmLHn-&@it}lnGBX&t#&d6Oia=n?xIzq#%4u4Ni&o5v8z)hf#L9PVXT$V}7%MT8# zyIrO^?V7IiC40rhs2Cd?fA|o!vHyr&L{04~w)HDCR!-qgYJET6hoT=89ck+pP_p_W4w-PcBt+rhBLVJu9}YYJpzJ#pt6!uFaMicw{9J8P0}$k9v>d2(mZ+o z{CSEoWURuwcZH6JYd|2te!c`~OqvEd5q#IEbVmRbefenXAC9A~rtEw*;!^ zfBI5Y#m!9K`{&P}_IAU?_R!|$<}8Jrryegv>3Mj0_xJZ7J$j_q839rO8GL}bxw(~< zmHp+Ofryf%q`9lhbLkk4Kl8iIfuz&mHa0dk0w6%)=!)eY{{1@vUIMA+c6CZ+k`MI> z`~y}VpLQVxF1jy)1~80cl%yAR(~ut){y3^cD;0@phzwK z_N&TnyB1icYLzW`Ac0}Pwaq{sLa?xGoD3geWl@)z(Q3YCK;8;2%1(7)|7g~q16jx=(M@C>rkiXRfO_EEO z>f614@Gg$a1`yE*^f6q`=x;U{NI@&^zkaP18w`K|{*{}{fPqZH=WKtnqrt`F@jn$B z=I3D2ETOpg0HprU#mW%3!jBt3w*Zu&Q%pfYv0;Kj2FmebAw(MLU|4v#-O+~f{ri4r zXJ@eb;5P<$Qerd&ki8l#%*`M3yH@-9wu85Xc>6Y++0=x#!Y!ZuwsPmwmt8V{WT5xC zzi%{@se5(`i~-Q8HP)+Gmm=jA(vDEM)1>3U2pI=L2W2>x)5sghWMIES z%wRo&L?vf~xw20$@z|lCX9xtsBj`RJL$*rAJ8B%$v0{U(i_;tTWp6= z8Y=2oxkWPUVsJ2Kc!!Sb77(_+%=_TKLm;GV{4Az5tTvmjg(Mx&DNyQE8T|V7HpKN( z<7@@9J?{tSR|!my9)&`^E8O?}PRQO3bZmF7Nit0s31Q_Gkx2utp*KZXBY-vS{w?3}Lx7OQ#kqpUbJ$-(BjMp-Vk&3~3keBvJ6lZ$9u3eG2m$rP<7Zfy zB}WXXiKFdleh!WkFd*K%dBd#N4M7L`QkyM?%f=AQK@j?|w@?}Io+~AQNI5^+ghT`0 z0#n_ff%}{+fvDIg{{F&(g4OY|yuiSRWD8!Tu1Y0_?`>>YFWLGRj{RW) z;NtMWj3F!QdtheL(s|IKV=$vKI1yW_EC?`vqAem>k{R3}7#^vWE67 z=Y1&oRZ+!=wH$)me~TFFS5_7;FYmbdFYtAT1_xcwR;j+cdV+%rHJ8uz;snl($L&f* zSXc)xM21(uJ(qXt?qEzeb0Q47H#%j>Do!@iz#gsHg~J1R}0v zS?m_V?{kj|#%^udm5B;wv<^7jz7@@R{zO-&RuG@_D{{`gLPWD&ET zH)O?aEP|w;kC{C%5`P(*Y$1|N?&Pg?fvGUEP+hG8uWgyXN%mfIAf*&+&;UxVBLJyS z*b^#(oXF{iLWaknl2C*C@L~ENb!_Yqu-(3Y|L*IH3J?mF;7)=;9{Jb}p;)C~o0<8v z)X$Rss7||4lgUctgMg|ku@&tt?c+btlGts+!}=z14|jD8gVol`%IIQURZYzmY%y>x zjP^oM5PCJ_tICoJm7beoUGov*^cw-@*tuf2fJ%cG0b)$shhTVU zsE^7Q@G{cuF%$xD1EA%fhFP$%pbaq!#vHH>7%lJT0vQa_F0})oysWtR!Gi}Wh@)88 z*btZCbVw#Q154DZy$^Kg1s$Ey4aV%GVU?tyONv5a__(X9 zD;9a2$B*?54Y`a*@0B?po3(f1ql?;%{inQ?U)J)Qk*!SYQ<1A`mN(pe#&GiDo=B!?C#V zjQ~vA4JQpo+}93S{_)JvUq$R$yCJJ74JPXCq^ z8UG$CjV_ZeN?bpKZ-3(q8Nz`QsV!9ArV5AZZa&OrdF$7=PD9F zq_HF&?()>e_G>*1C&3!P9kLxf=}#4B*;R+rfX)h}pTXeB@87S~)vtl-9?-}B_)!QF zNB8rOJHXn2^T84ZOjavwtgW?a^F{K~)6#r}o__o|4q;iKG_gSC0-OleIPH2)&#NdZ zDhmEsX;D$KV0AS4uB?jjFi?$w-hsscM-*U125m;PHbntzR?GP{$og5u4 zIiN=r4mBJ?1K_AXu{@knJfdZS}wVuQ*+ zDr4yYz8Mr_;c?j< zWA$se9c(lxQW!^>TU$Hp6Cq`qe9UF7@9ca5 z2*;pO{>i|g0*H1cEjan0Jq;4km{o5h6i1zG4>p^W^Bzefc6okBAp_R|Zu`v}DAh2J z15K6C(9q~A_UExsnU$W`TFl>*vxK`x!KQpb#1Z81HJW%fDbR(9;%P87J9~J=^vw)| zK|eV*Ha7S!OMOKkQ`%puPlG##Le|&UCz;F2#s;l{HPDH_e$je01c!vIj}|R@!2kNd zzoVq2l$Di*rVp%x-E<;oPwBm(;V&WGaT>X_2Lvn`O~gz9;SonLltD*J8|5d#nrY%C z>az0(2{30PFBAqWdg6Eqfy!dHYqty&Ftf09wzldsXwu=JMn+>p+XuRzorxv(li>g8 z^Z2zxlVcp%$SuTs`Bn`;VPj4eCR3KWZ@?cSY*aP}7&to~t0|ST6qu`A=g%U;!q}j% z05&RU9k5pM&4gPmWgyTWlJI;|TU%Y#(bj&kEJKbpS?v&l?itF*7LVoEB!Lix@#E)D zZ4C{eypi$o)8&@qx!+`{JKNg}%gPkx{zs{P+9Vk z_l-SDOh`xo^f>V828?+{j#W@)4eexT0#Y9LLqdaVStO?f1GXW=tO|;XWd#NJJoYy@ zz-_Z8gd7|m4&RP2h}rv=+dnXH6T()x`o0g&=oEo=U#(Gk^qMoPhMi>8Rt82SCThUf zE6zp7Pfkv5vS?$J8NNf;r3f9FDXKscUM};Q&(YD*VPUx3*=u@4rX9Jdy`)jHwAswDd(<^ zjw*|JPjFMA5@2Itae-0hNmj&vvEyD*;Q%OIW-`9CwUwKiI^>z_>E#97#J6V|8V)zw z9z^xk>%5GNgph4af!gaUC*W#)@pYj0KuP}4Wq?@J<5vYRXSwP6-l(*6i{^3b^g^Y>%tg3V}^irU>TGh+7r3J9X-|utr}%*J0&@j*bpc zNFO!PZEY*Ph?aR#G%);;VJTZG|=M;K^Xm=pzQPmG!QzV40*E6dBrh-kScfSRWm*?4VaZ?^f?WV7iL@R`ChOmKRWxwFkj|=Ng4O6Rl6Pv2`p9^biV*7Hyy1ZEkEp2Ui-ot+kZ{%>6Hj zND=DnAle}Kv%p4&N)I6I>#G@87c2{P4&H>P?hGUC83_sI2P=J02ch*)_A3~Qo54UD zbP^5gJy3uP!oXlpcXuraEvT;%n1oRF;+^-}z!recjQ&*_bZ@|C`4Zc|=5~Efsv4w| z!1Q|X@s-@o)I=~IlyuO=)}IK-gy1_KU5ED(uCN<9MTwx}uUS9)f-|6L(ILm5z%NeR zDJVut=>Ql~KYrz7D9J2_5_Mz+a?-RwP7U%43xA{y=+u7b^A-(pU;4lTETOgat!_ER z7_-kv2y6GV0M7cDut0Wi4%@zXrsuxMKV6vL@Q$(4wBF$);BSrPhHP^$CzQ-6Pj zNzM@w<>~Sd7_?D(s{Ct15V|w81nCAL!qIt7@85^YQ2#u626;Q>`DLGl4UClTJGJVQ zcJ6F3YXI87Y2g746m&wi?^4-z7bh00+=dOWp^tPBWq^!4I}U1gBLR3=tfBX{M*8r+5d@eAcu3-5QM2vwB5Ezp)E`}W{|BVZ3DA2AgM|CT_+$(ap}rt6TqY!fo9>7su=&| z=;$bmp$c^65)=R22>>lzTtZ>yS#ZtznAeeo`>^P{_V$q<9wT^R6u>qrj8Z_~S%Lh( z?gNQ8G&~$$AP$;2HS%c$mSBS}6^9G>NYGEJy6qInC*AHkC2+=X4W$H#MDOr0BQL*Bu&u!x8efEp;1KDD9~w+)6uVT9##*`234JGq(Wbv*^aexb;NYy~= zxOb`l=Nk&p9|N-&ObtosV$#xDT3e^=|B{U3i6nl~+SZ2YBZP~KON1^$js@8b^Bnxn zC+1))fMo?uarT!lqhRO)C{`*@?Iclw5@~R_fl`1MiG$NytbhOi;_c1DdS3VN-`2)b#>zYtp+uAh4I(6DC}X4$%>$B>&|oMD z6*5#LM2MtGi85D2rMV0tQp(tzhV%NYwb!zL*SW59&R?f%?=`8upW%7l!+qcH`x!U^ zNHop)lOZ<+Sx9Ti+9}mt>hl*tuF|tzXKHZ62Ieg!#?2b(*QVE5IDTWTU=?5!gdV+xDG1e{l;ay1%!$gD6uMmzx)Zl+srJYOBj3S(zFcSy4eoM?dd%4~fKyy?Y%jWgJ34lv6GD&kEPT3IW5C78NF6|oH+QxRjB!@huxUFI zjujk0hykP!tYX!peNdcNX9oo5!p`bfXQ<<0xO@6Oj7>~DuCMc^Imq*K!8jC?$O-7Y z1`QfS?UA=r6^{DqgfOp*BVsc%Ghx4&h6Zx~0Uk(LfUhI8KxjqO3q6~N<8(d$cVRL= zp0A~-0{l^o_w^)UCq6QI{NACvX8Uu^vVD4q+V51h-R+Q?R4G2H68_*%MPKnv4}-40 zk}&ih{jg%@sB@FH+&iMTR902(DJDj_ClF|CT7)DfKpy@2IalY& z%7t6=d}hqp1u6~vtvNj4(j^;D&koWI!0{$4tBat*t5>_z;MaY+=)dj6dpcZ_2dLU= z#U=zDo}Qlk^Ru%3`$d@_2ZDzD98k;#4B5PRoZNa?*!SpTf1At-+-8Dhi&Xz@t-vO$t}Bn$P$*^bNgR z$<0-xWD`1X)%7(AgiJlHL%@htU?ySuw}_UY;mA1<6d zd-(YAL?RILJ1Oemf&g)#Iq`9EbZgVMeLelCs)N-*p3~CSu4{3pBxZTF4%skq+-oX> z>?cn`AUWYFX|J-gAv!D~ovV2^&UMN?m}Agb!>>fAX`n%r_&#nSiz$lsdPtE>8d zM>PbuYJ77;$gvLeVANQ!HoUL z>5ZjvkMG}K4@QCBkNAd6>)D06I5%(!zWd9|By^M%s6XAN?%2BN&7FBBDL4;`d~dAC z?ARqa!#N=_F(ka-#2!6+T11`(063%Jct+0$vNRy1Xf!?c_Ut9FjMJvBM_=M{%%2GZ zW8>i6yZ?xPT2c}`WW{h`DQoLFClN)J+GQ;Yn}QBB&#e$SP>9TUGFWt2rl`o-c3Tns z2?NnV9?^eP7YAGFg!SVG*`{R4XKiOhL}GgTK9rc2vV3P|Y<|X@S7{NU*GBJfz1nd;P*bDZ z`u72}d@%qoT;4<(nLlJIl7gtIA|fn!F>GlrSkg7n;)Chp4)D8Ui zQ%8^fJmGtY2K)Mj3y%(IZ>n80RX(q16HOC&Ph6%Vpm6sHK@{eeG}6A;x1-R_0C$3f?1_JJvzw~l?%J9PY| zItkxP2BLJ8YL>4z>bLBzRI%Raoaz~)sjUrG5qa?S0KBJUQ=@orJ5zs z`|jG-^L+Yu#UFKbr`Wvgv{E0Ek{KW`MeP)OCBgvwI|;Jt@}GZ*m>higZqlmxr84U% zAI{G``Po=(VaUS%{uPh+$|^6KHC5HrM)$( z_J(02N+k(Y`8yQsB1_&c`lh=;u*FUcN zJpv(8zTkD)P-L>k#>UT1X#|Qt_*93K9YXhqmFlC4AEQQ%0=Pdl*&%)HCVTtP;9&XD zqn8DGu%KP5^FH>p66Y=b{q?r|TAw8rtU@$5R#_*uqGwVRuxBLvKR;%*v?;0UY(Yi| zX(T3t{G)m4FXAV)cIVQazt!x`gM!q{vV<|lsljf_FAvMiqE-EIQN_~U-el?0Ex_P3 zGCAd^PM?1D>D%wSc>76aV?hbE2||X*L<*_G+}!5>+`6p4VEN!*^(`UY|GE2Jj!*LQRVfcph3vHXP(G)u^!tv++9$Cq;73bJnkfpxLr!r4 zlQ)!nZ)>R&rcqFIpbDi~FSO+Kff`X})sWp#tZrfurMg;+LcF$iL+CofGMO%T%GRiB z*EUel@J)!K;5o%)poljXT?_H`oeLOo>Cz<%c~UEi0-MU=|6H6%nkEA%^!D~EOG`@J zzeJGxjBdXwDbXA|_LIYiHM%hCeTHk!5FMhv!FcIXNf}GTxYU1RygcMy275?xQ;vQno<|AuJ`SQaY$k zp8Pt|;iU0|6Z%E*Hj7YRgLJ>SsP~m=rT5x#`(+>fIY;%r%o-H zeiM!M`Sa!iKaj&9MtHdMzcveMsD&69b!D_%(e1fM9}KV-bmi z!$Uq2k{^NIM@61=^@d0*%vrct0d+J@8aMivy#zt=66`M&;!1;3XfLz}FAgiiuf$xv zn&p0Hd!1ayZWUG4ZvVOex$r6*1f=(SNa>&dT+gnUM=xH)a=HBPb%I^LHRq9Zp9G)~ z$PH>ma#Q40s)&%|$0t+VAOxYQLN^x0_k+_P3-DMY_B`6r%kTAI!pv@N_wz7VI?TlKW3T2iwVdM1P-ykv%#NWRCZ z|88s8y&Q^nl!x^m6Zo20RJuAkX95N}ac@kZvMIT}`4>>|ITl=gL1!K;3;IvL_$&hv zxASm$cs`mE$~mOB1N`);M_wh^En_L$RQ^3SAUwvj2}ktDNcxG&EZqB^-Qx;j!m^)bvzTw-FXS7!%x?(*f!8Iy!Wj*E}~#zfJE4ZJDqbBhOyi;s*| zkh@%VW!cy%+4pHfSp|B7kPI}{6vv?VhP`6!Dk(m`=GCqEix*{s3ej4z8NuozSH)W+ zYMrmI@5ZtR+otCQHzn#!ko2SS2pq0uZf6%l&C$@q9zNguFe+9Q_D`SA*UbcvLdLT? z|IGz^hgTQo1wmyxU237KXmPhQRa{B`a7g_9yLS>q$^ioel9N?<*Q+z?_Vb*aoF`9W zEry`G5BG2BvU1Tos zY-!ARYCGZI2Tc&CN}1BJ+1-6=?;*wWqi&|>CG6jndv-Tcx{2*OfE(zTrwde&v~>1_ z4aL`AgRCDmjay7Ty{?sm^u{AKlaBR{=Sa0yXa@MpMoAp0z4d$d{&`)3D=c*-MD z5M~LQzst1iSNOvWg7+2V=8p7ssVzAop2yQf!fUO-co!Ru{bp$HsCy0!XXSzgkXtq^ zw}mxptSw&?DI|5lxxsY{3JbMeYtd|KrF=$S%1dKUu(AQLgx=Y?o+c{(Qdv#zxxemx z3%O)+*vi7{@(Zhs0xk7IFFWxVzkK;}v9$R7?1Rh}AwH4)7+Z=WQdUW6MF0LSWHsw| z;Fc&Z;Hk$;Oy)8S=g%*TweY=rx09R>47_#g)&&bN_wu;>+H7fuW{9qTaJzoARL-u93gsujBSN3wxX&eJvKaM#VSc`X zqT-pU+qV=3s|0PhMAcFLZ`3AXG|G&gGn|fje;lH zZQtI4LbSRZ^1fHko;A>%1WOt3RoPB1Q-;R*`gZr16Q(8!1>WL<$JnR2qNOZrlH3?| zv;fRfM2Ds| zUj9LIiLF4%`sPsVO-PqTq1Q}6A_^5D6v+lPVlpmzeXUzE0!M7C6$YsSqE7Xao@#7P z)LIm2a7ym^yMJHs+wzI>^0t&Xf}HliffV8wEj8kMA_jApS%#6((W#bCBwLdx4^Y6y z+w&V&f_b~QY$5Rz=he^$51eQsuKTt8?uY>c9(%Ze|FBG%VFTt-hP>n{2x*P`r%`Kh z*O5|a0Xi|#z$&q4pFYe+C4_{OGS3mb>kHk8{WL2k87WVg>k~%khHD+26V9-L|NX@~ z3k3D9%M9CpFMpR;3b2N;si~6jjkAaZDYS&QtE;O^L8GTaYdO>;+7AGYpu$5IWLhM3 zO1K!)q<|qqBIMxmF=N>5&sX+2PZb46=a;TOmdr9BPmw`stmA+yIT3 zt*2Lzvfj?FntNbpA{U(V$t^28TgU0WUSe;5F_}9QYV(3*_R$q3C26#qP8fJ9IJp17 zfkk$Gzkd_Pa0rp#!g~ID56%B+-uimvxN%&;g8FYf_fh{d_x{~+=`Ya%l8n)@{~?AN z0Gd!UdHGNMH+3-#k=@PoshE(GjN};m9pI!5& z&!t7I!P}H4$kg(SiaO$k{L_ljdw;vUX`}!4scXqoLPlH{d-bXVH9Ez|h7H$@Cv=>? z#t$RvKw0jWib8uPL!iQB&*^D3C?Tt>1w_Ev_4hCQu6lWvsfCr*M_TWfrKR%{lwey? z#+;h&l}7$Nnf>PEIqKr|>wly=|6V2E`;OdLU~Fi(iTQCtlZ^N3)E$E4+NFi+fDJoe zlz8KhwwCs2~q*} zn~Ysv)2^IP7XYpqBjqPfOhx)&U?(VSHf>U5z?CKhDy;S69G)m;yJS!2En6vUA5+b#rJO&>m)1hvym8CE>q8#5+_w3oi%5Nl%{0+bR;a&Ci zfkQRy@;-D1_2>%m&zHA23z=R8NRWTPe9~G=Mvqt1su?4+_|!LzN0ACwH!&>q^v!V^ z#`d`1ui$%r)HHi$Sfo*k5}gH*ZEm2ojZHs+z7pnDM9(?D=b2x;bSZGKvhKWj`1L3g z*c?72-nnyn+Oyb0hkCt#@b5DaFB|G_TG#(8hc}z~>x7DB9|Up){}jokgar zPuEP{a(B*J928=heeK@^k*uf;OgY9`c^mX??gbq`K2b@jbLf!Yx8GcRm7XFzw&owe1BxaIw)~TslJCDCB+}_}hb1>Z z1UCpT8f+K&cU+K$ZSJo2xv)AhG2bW(?ygHBqn=Y+);8twbrAW~&?GgXu**(2KI@bKp_d1>bjJYTwk?HlV zw(YXsh{u5y3Nf{kcik3md^`BJTZu@s##tGQ5GP-8rRzR3&J;(6FI*6DV6SW8p8++h z!=(Scn0tMF`rHwIr*3+lWM*CG>6uZ(^1J*WzeoJw<2xtjlxq*_9K+uW`*iWY{9ov> zKzF1#wdQsL0r2HBT{;b(vKu3|05;l{j2*xAI(yD3tYGo#zpz9;b;iV@YPRbrd?A)D zUVJ=Z1FbK^5G*0n1lu1{bwC66F5fJju$fTbJoZIlAvON>q@*N@deA6H_UP-^J5p62 zKYsFLoUH7}ouBrI>o&WmF=%k+jP%^0UtbmNP-Me%MGL@L=gs@k)Wm4fCqyRFF{d1xbqAMh!|ZZs|nH z1wbgS$za|*VN}S?4R1D?HE)10jIOTm@%5$X1aP7k)!(4W=m`PuMgDN8e1lc3OXma( zzr|0}gg{;L$-=k1(GyKY!lKJ?Fo~o7oVit3_Mm}eDY^gQ~8bcd)0>gN;{#rW(SDJx3Gh)sxat~ z}d7#K`z-2Ha0oVX|-ug+5> z*OFa?ddj^c@Rw~-l+jhH6Msr&&jcPoXAGcDz7Hie8V7e0;$1WKKSbWz_`3bDIVwNn ze$&(LGZ^Pv4p7RNT}e-pVHyTB5c2~2wbSa*OXQGTW7;-FQ5kPsn?h8_PMPxR%54;wb@Hq{ULkb!{8mb>&2WNa`n==T-iH&I_-y?LXt)HJ{B95+;jfZnx5ssM~=Mk7VC#;PeZEePbEtS zhhLO!q);#aFt1ZRi$S@VZ#zv#jHtn^Va9ihr2yocH{U>{x@?(+k{9cgRt#8ov584* z>dzGd;z5u%B2YIY@<21J?Kf#2JDI3q`_P3xs=dSV1sG4GF=Zx}1$@g{g-IO# z7+(p2ga-s4tg(q1v^Q-15ZsZk3&b>0gX)5UmU++*RaNpI&+ddY26AQ226B=Y8K%B5 zlxgaakRfZXMnuG$KR!SQ2gTab($cMK*9nL%7z}p#0v<@B*a++g!qc|ks7f(OAwti>#SCdi~)byNUlAxq(XSTp9^t?7^kYbtTh@!`qQ%z zWY!h6weAcg5}jk#+%9_XV9#xj)UE+_ACraE%txEWn){F%=m;QSh-*4L-?Aw{4UWv~ z2+SI5j)x5x?8dJlNEMA6xpv~$Jx42BJ$oZUzP$v{XL%vdi=bE1@f_Tz5W~C>7W=$4n_3923j>^i{Td+g;#0p!#e*H5gjX7Xed-v>Fx@=j{ z(W6vDm(HJma4jnF;qbXO+Ud~Bw)&|>eT;@{on!8cSD%;Yuu^wFstZ;eUO4uj`vGa( zQhmEn`!eMzULJq%= zG*|p*z7oIQGMR28TZ=cyimk1UUrd+HbQ+Oz{rKVA<^@+Idvx8y3lN5J*rX~dg0^Mr zlog3-PO@E_gD9mAAHJtnbk^kNhU$t6 zXJRzd32e~#yQx(-(M(B5NU#Q37oNb8GL|?))n{3gqh8&T^{)E-nN@`M%@{ekl;q^i z+YS$>yFrr1)2qthg)xMP;;Z$D-GK$%-Er{;y*zDfZG~V%h$6`OMbKBWwA%4g0LHqc zh2xB@H&L`1jFNVVM7a0Q-sXCzip#j2owfIE>{A;gbXgfNsbh-l zF~PRBog5<|$!6#HUb!&BCZ`8*I*4aTv1 zJcXxMR~L~~&U*t|laqaZ7d44g0HYZDZpFqJ$3FObuKmq(7X6CJ3%0gLzE!l>2}gDol#$i%ejXJvqA5BXW7|kQ^NDaA=iN4*_I1dM>4P!P4PuW7=9E>sj+f$D@^CV^1bdL`{DZFtmBZUbV829t~|5V z42vA#?Yk@t5>UQb7jJPCmb?dGGlj{*=&vx50Qvw*qBbf$V6)KzMkq3mjOH4hTwN6v z6r5dL=mN%R-=|5~xM2e_hXr1v5;ne6pEfNlY$Rau{Z1(_L$d`~`sn z;X9umowY0sFr#~-t|eGaQdfV2D>)uO1R*gQI3Cdb5~3Bk7G^$%HHI#8;Ye|Ox&pr% z$oHQ=^#lq%HZovOCC?RzT-N(WJey#C-J9De1;b`c=K`7DWxn zmC%qyhjyA=?Y>P}Qn#va26r5VKMVci$dPBk5b~xjDsq{l=92ZMOLPbqZ*c<48bKMr z)iTe(FA+#{I+cYAB26t@4l*P3^r=ZQe)W$9Kik_|Ypg9S;u&TfT6nRyrEi6O0!X_AJB0j6%-F<`XtY z^nr{!ITJ3C7@)PJ4}umF>)BIPLnCIZ_mBe>MHt^NU;YYehP?{W1mc(GQoS^Vmz2bV z7rcYspP>?Ebc25_eDee9DG}o3`}fT-7ibrV96UPSH=vW+7QqdoEW z@9hym0$Z|7Ouy6M{+a?F1;tY%|3~)L*<8_=Zq07!-Q^Ax%VhGOjg4tk;`n_GWX3)s z;-QQD5tSbl7w|ad8#h9Rd&Bses2&)AjedYmp4w{d=7e;PoQ{N zU|QtW{C&6Qvi^ext$aS9$^T%*T9bSq$ir3Z)~$1Oy~*YA3gOl%sRs=kwm@{%jdk}g zFNvU#XDUsQK{qs1D=Z3laBht(3v=wk;2Cod?m!~nt~jtQUbO2T7OhIZt?(tx!m2t( zgG%a+Is)b=L*$U7k2EipUk&Hga;i+~x2hT&W|kTcmayW$X9NQSP0ir8r1;ldW7W%2LNe7CenL0y$^&{) zp6YtJ3;s1g*xurlBAsoYrc3@6%kAxVApC9}W?e&_%o13AK(|PtfzjLeg*ksvL4n@P0H1*9q%r$9Tgqc+z?%?(18qPP1U%Fo9cl zJ{|l43im?!KwxDAq^H?p^g()~UT~2}$-x?!K(2HpJ$%JV)fh zAt=%FOKWa^3rF{t-JImKU~ZBTh2Um3)KJyUlN#PV>@FR6iMdh~O8{MI-i z5D0cUzfK|wZ4jk|b(02AD49AUfFB)4|*y}K!j2>p zAlRBWv_uH}4a#Mgw~u`ora584v;6#c!ghVnRMH~J4&UFXhV!|y&mN^vf`ppG0@UzD{z9TO4^5Q1jTXP);f06HHdD&MZ#;CFb`{`)LO1Wd?_*opUla9vo)&0|4%o!`0`4C=T6{y5jvkCgYQY>6%ipFw2)}&7Em38T%A0(_&tQul5{s@y^c$Io4<;tuTSBQ^qfsJ)a2@)|PRi|5bpX`UWh zgEWSAr4HZk=SQ-hsjIsODVD17%v9>6pfe_k4$q%G+p}j69oh*>#iK{hbNp2I81WuH zKu@$mh3dC0V16HDWC#$DT7n*9WUFS)iin)|pIcYwM$?D;k*cn*LpjJ7*+^4mp3~_i z;JHwlBC|~$?-O(PV)kkkj)nZ%RT{n~OL!D&Tw1_Dix`ez(q(cOC1j&W6L>P=%%+<$u z^9yqiE2GRZDt@7Vv5ijqGn<#ltvpLhLf7_ksx)2c=z#}I`%b6IM6C0X;xk@e>04|>@< zkr=4VP`BKr1+6`2_<8x!??HoAt$Woqk(~t?7OyeJ@L+Z+ws3`H9&FdNtl`@2IqUGd zAfvP0YRAcAWDP_^fB~Up#ePnhMM92=$#KzkU@AT(WyIGQ1q9tbwJthL^eXz%2xk|py6G-gXlK4dT=r%I*Z$$t+3mP^ht<%`y8lcZP*i`yLN|SR&7bZ~ zZ?^0{(WCc=yWedG>>v8DuXo2B##Uws0a!T{ajlMz_pG50xM>6 z5WyPm7sgvPZn@P}`m4?Q zx+VMtbtb)`Fdq5g!v`Qc>b|rc4F}qD^xn6(0XG4#32Ea~*7NM_>wp*hc^@$`+?<c$_9dhcF13-g=17hF6KK)GxNQvgW ze5t*6Hm$rq45VWS8s`uOxumUoN0XJVH*&SMqFjnndIO*nphKwt*oaBM;X zzGD5OPbaSJue)E*ViwY7kJ2sW$(mm;7TUvdLe=0_N7;@1%zD!%=^;a&TtNJnilIJ` zWA&@K*ooKo)(e|2>G>z6UhPcj(_vxNO@@}17m&_wG{P!b)1hdBoB`z4g_cdNCos7Z z2;bJpu@nWk+gUHY#zq3OjWg?7G$1S~0_1P^?%nn0cI`VPtQk=l>F64VTY~Dxp;%DB z)LRs;wXL^EoF%gI%Ot#fR%|sbD-H0p3>3*S2t5s!i-p+&)x}2elwzC=d7T}?Tg6!l z@#`$C(G1ETzZ$!=#tsjl%6a~O?Q_67EIMK}Ts3BXO)MOWks>awWCt38Kq>7;67_PA znZe=V$PQ;)Y-im@;Q$@izRK(9{LCWsay(|*@1g?NOGUH1tl9JG7jDky`*X6jUN??d zBX;h(%kt*H;m3QQYFp%RW7fbPYrA|13GCV1=VZqCxPG?d>ZG;CH*M;$yK1a0>(~D5 z^Qb$MT04_W%*QlkF1c0KIdojn;6|fkAEgGL&owaJCoXwLaZB3w&NZoFO76WD4U*7J zvCA4h`25-C*}hsGv7Y^iFCj|7vezGgkRTHxG?0>5V}hYrcG>4f4Z9S5Wd2#Kw$mg)*l*Oc8M8c*OT zB$b9$`MDc5pV`6jU=)5wk1j2|2bxd_S`soZMYN`29_)$!nD>L%uQoOPMZ7@L!`)hS z7SU>5p|e*t>uv?5$Csm{SIbW;SgFXL`U}_o$Wpqiud3FyX$S#b7%+sy!V3@};%_s( zb?NmZukGws_k-YS9-CZL_c8l8%2jYdjQ2xiaY>sh9RoXFAN?2>NY3^;V?!x`yueZ0)e z{Su=&#rUh<)@d{nG7T5UpHuU&zq?b`+v{*%kGN#t(?+&Vh4U-6U79d8^)zGW%Vj34 z>3_7fb40nvwb+2?s^T4Q_M6GbIcIxKZCHHa+&u;Pe*JXcJC8TC+<*Rz=*`}TJ5wdR z&g|a2b@en;2_v7I>EFAYlSpT5h8Y>7Q}dv3ygXV8^Edk;KA9jIGHlqQP_-+c4}KMfm_SAGK3%1|Ao%s; zQW0G`bKg2!SnsXyWc93!|!Nxo>W5juCMZTraW1h--$ zh2bgdiN9umx^XH=ZL*N6__=iNt5uj|Hk?%*rz~~8W+KE>LGCys&S;hrry*AgQ}q?+ zRCe4iY@sg#tR@Ww!x%i+c-1N`I3&M6qe1#^c3w?LI2NEd|I_@Be^nK|u_yBzb`uE@ z>l}3VTH^5Joc)9%59oxjaR~ADOR3csTmjJEJgSHX`mn@O^WfuPE z?jt}gK7Gg@^pu)GD<>a<@I0HS)zb0wIOyjc+fe+*(5BR&Gj&HSSn)?Aaf?_ zGXi3IN!oM3#OD((e3=;K8XV;I(qx&h*4J!Tm#)U+GR|F}JQf_5Qu*1g*?F}S6%_-- ztm#Mi}e7TXddz{Ka(cw{&DsEHHfE<~dkJ@?IH$^(d@Go&dqGaXA zk07;irkXD{dR?9`+BtIOxQ`o${p{Yp!ocD6$=UC_JC3jR8esnOKzr=ICY{~`+$=gr zFA)84XRYh!bNj`A-qd?l8gn_`?8Qq-4qh&pb>vfnif(2}XQuk{X7lI%FNy|xjwBCV znm!Flvc<-Y6Mr1SbL}4Wy`(Ol03n`J!pEtoY@zWFk~28J+d?-JP|!9rSn&0Ku<2mE z5p-TonD$C$>3GUe!5}rpah78Ko?l-k9EHUWD1m3%U$x*S~7SU;`_yk=SC z!XK330CVhJda9W-cVotDaEE2VEFT_Ua9t|z&R`6i+jv}n-fuZyijQ|Dzhk<}o}sx$ z4T>d)WJD9-`J+8FR3<=9BHZA$Kx2(d$jtdSH>9rtq8`cvTRdQr0OVd8RkYW#bpTR+gt^FoHlhTWKhMYPr~dG)0F~YLdExN^ju1;U#&-{ zKy?U@lgBtzeM2wbAAFv$+@U* zV1-nshW0KqQ=Swwq)mW6pvHb;&D{KB^iFwUO39bNyKi6XuU`yx-{F@gTzX7h>@X2j z!sXmz{qk_;T4ANJgQxjBdv+v6kBLUifr!iCu7Kwl#+-qy=+`fwZUv>?jh7EjBXr`3 zDYhGnf@%d=@0hJfRx-=n*tmp;(NP!PiJ*t`kC-;XE659KrMCOZas8ONz!H&$XT?Zy z1VzfLj#i%Ed@>rr6xnDktYAm`FIWdEf-mf~$B%tBWqVY-Pdm9Hbu%{Uz{f7GuDF^7 zqIviA?S8wSgGOL0=9jNy%D$8#4A0(9gR*H%D2Ui<%+KqM!lllB&25o~(*qvu5?&q~ z##|#Q5SJ2MVFIMIOQv=4Ob|O#65kQP;Uewhk7aLd39)?}d{dKkD$~$o$gm+pTAG_V zM`zQ!2R^mh@2Go;)h^yrro}^=t7Z>PhR+bwQg%0^z1*&Wv1R7UsitCeqAvJbnjK5bl7&dE2fdMcs+$* z{hc`M%v!QrKz7V@Q&~&ul?XumXZwf$7a~qwP-7y-E=S~Xzpb+64+WXFy?5mMf4ggX z^WI{&##sIOTOLQ}l~=0h4q3Wd@y*HAYnO$3Jo(sXN8Ew9JDwA}F0A;N<9%7VZ3gRF zuzkf%o@$y_2vJ@mgf%iSj*o~`J^G?aa7w1~Ch)QhP^UeFk6?L+jLal;0p@-E{5gfw%8-%s{p`!l8P8!0(jbL-Pd&Ttfo4QS zt4GwHGiP7>`(s#t3cx5Z`Q!9-4xr^a+=bLJc9FGY?zr0Ejm%9FxP{-rVJEm}@iE$3 zTFMr-dDbeDeI*fI2`3ME?cA{gtE@vKrk@EAsrmBd`HzRAI4gkdOn`DmE7Q?-i=h;~ z0^>1~FV@dtcyoJIuFRrEiyA-JvENP}ITC`%f8)Jm9=f1Ka*!H69O>3pPRbAt=6%Jp zD(O3wct<5iML!r&i65hkoXf#Cj|S44aI?rg(P83V-pJcy`=~hX18pkleqLz|QHN0| zy%bA!k&A0j-At%0et{Vt&uW^Xsy58M9)L|vP4ysiY}ukBrSlPeDyOZO0F8h#@q^B=A{gx~R&$52K75I&4@Vd_NQDT3V&q*@osLIWZ_E30A6nPwpNlDwBoJxg5 z+d`Z<0^`}>dKxN9Na6g3++3_(8)3ZAWj}s%8uYt3J6Jg)GLcjNR&Ut8U2EI2AHZ`g z9FVOIuacLH6c_44!fCCHEgBq@NRtqvA^2@}p~2vbB&`urN+V-erWG^HVVPz^2C4 zwUN{xqWEsOPaUufq#w_Mmgh9*6_Mxd7fW|o0l1hfUOZ#;IpJvdNDdk6r_0Vop(q@2 zN8}SkwHTyq??j_&WNh60ddq65R@Fo5K}-TOT!zu1+Ost)R^a(lGO?+~S4#8x+)TW) z*RhF-;Yg8<#?D8sxCg^;cyE6nRuOE0(U(a!j*e!D4_~4Cg`~kEvA~R)^1IW+hRz&{h6hMQAd&tIR#8{SBeSsa!_@}8@gJ^M8ZyQ}3g?@YGY z*6+hwg>&E1^U zq#5Z%?X3;&6W7tCqp)vh(TXJtLgtDdIsPsz(Wuuvg{C`ef$*DjKJBLmMJ6sv*C-}-C4U8>Pifq^7L*uIv!+ku1Ol%!p5S;NnG-|jz+Q_u zcP@6_{XM_~C@}ISJ*UcGHbvltS3mEczus`9I1;uf%A18Y+F;b+`{ZEcS71FaIser# za=voAH%IJ(0#s$KiJUcHuE3>HiCEj(W(F7v&=MEweHdvNjhFA7T&6*6Pi|-A8x(yF zBG55o^e~RWHR8q%`i|X&H{;)F9xc7@3a`bq$^U25l`)$HIJOBI!TD;e@ zU%gh_IJv7ApB)@=N$tn-dG-07<>QMCtG~Bz`F0_0T$t6R8nIu)70;B+b2T=d**W8h z{@3Sz^V5>DQiGD$woKj97GAwxcWKt3wd0MBSG*2BJ4Wt8P5JC@R_}XzeB4l$6&I9P zwkBy?j+H}M{+z+JmHTXw>ztsC61-_>s1lxVhKHbF~k)%lqMIS_XGbXB>_NKf7UK0e)~K8!(5&&H*Lfn%XKB{{97pE6jZdTVFz zEitm*qFw*vdTGelQ6JZuCid*JO&||yhx4e^WMpQJGMOtX)}sf;BZJj!#lMVcn%tIf z{IIwRhql4l+dVz;KZ}FPpd2R%mJasKFp}&;RhbHtz{lC|wq5i7KHJjcvitYS{C^i@p4jW=K2F~uUC%*W`S@}^TM;d5qmNoorH=b&ktlj5PhtBk)3M9Jthg!eB z)=p?xcxRT=(W(h8c{dmKIhcG*zFp~}Tu_92Nt|vZP8=vvW1X?SG=~}TKyF| z3Ln7+5-!#H(j<#6_jmvfO)naS;&0owaD-fA`wXdAZQ-3eHp1h&6Fj(JjOpl@W2pkb z%mFUfQ-*K+(t0>N4Ge(bixHSG-r}u;={!*B$1Ip{?-LuiMp`P71Z~pS zwiW&6@fR1r-DmoQXv0+BDur7Nh6`g)lZ}Uqc;wvZH|oN21!w=ctNZI&pU9cqaXZ{I z?S}hxr@l6=U!`}XWi;E(wmS0moWbB4k5$oqP7D;y%06|>+5eAqi!EA1`&^3`%X8go zH~Ex9FOiASwl;rOce!`gdCy#}0W0sGb2EOCz2f+so{7%>%JzrsXGYKUPehR{9ArzY ze!6m z$1b7DY=*4_iK!DSarE7e0OX1@SpG3wa=D0Un}{z*}9jAX0x98M*X(RtS#>k>yEqD zV_DMDIR-}4ijzT8poXVdpFDi{Y_(l<)v(5KpN1~GJS2l!jY>G`hG#z%~bmM zs$vsFG0c!2bu?Wd$O=j+igSCDfPum{8MWTKm2Q?Son0TjromWEWLK@EPom7ZR$Y0Y zRT@4sC$D*tyiZ}d-rTu0X@SgNlLv~fxdTlsHr$1tloTMyRPkU}nTd`JD&rOW#lV9A zV~_@%==Xx7pse;lOHX9BjpRUkw)}YuO$2q0$jFmf@o{nBmPjKP750A7y|teC;9RWR zl$EdC(4YSIZ3y?$+Q;K1f3!J%WUXua5_w}#-3d=8Bujzt2 zFM>3Yb)1)gQV>MG_Yf7-OI_}PQnk0W>CT!ZNO`f3`S78hW2I2}FAnT?5yu}X5tsrD z0`$%|MOvbK0AmZE6CoJIz=PA~LmReZE1qL0-`_lQu<+RadcdL{ea}=r?H<-oEq=_- zDfyS&CjGH)<+bJ=acYW5m7I9#ViG#PX~1}$Ne9LTJwaHqAl1;ofPJ_VtP8-l=;DGw z)29nr16k+7kY<=X{@EyPva&L8AY!sK4xj+(Wt!c{89(N;TR728R@59A2-p@Jsr_)? zsDH18#WuF?L-f?!dMc0iUJ=oh9J@VhrTYabBdN)P{Bv$uk}HY6iwLl_2q!u}qKQHS zeLZx>gn`VP$(IXq{4q~p_rBo3#r*Jq^Xc}^>6ev%zXaVXg`X#4Hoso^ACU(`uUlN} z_j7b*`+CY$5ss9KGrq=TAh^o1t3kGTv;vHofe>}?)-7@4%OXyJe|p*>l`~s@UvK>q zv5O-#EPJKIIJ}}^q9v#a)|@`QlXy8A{0VMR?8JiZ{dhoYZh!O#i55eCe2Z)ITna&oKW)TRd4o=6~)$)Z?Lx|IkGtDv$H? zmt{Qa;d9%R2!M<@TMNP%HRMFk+E;4e3Ha^sI5ODfx_ zWZCFhA4gc7v;BQDEYYayp_AoAb(1^29p z!)U`t%gCI=88s72S%43!NNaQRrL;S;!YM}U)}38Go#9Ba!nl>DzRsetR-J>#s!dkpSFkIzv&iGT3r2fkQ(Qxed5 zyiD`BUG`Uu=sirm>#iP)?$wkf){ud(6a$wLE+wY~!@u#Y#?fGn?7?jPCg0XCG4kzJwrG+grK~DtNFp3?X znas(oPtQ+{?cd{gdG;v{VP@v(|GAz{p+XruY-`J_i_P|#K@ST(uR9bp*Kv%G4hFWA zTxi^RK1|``zCv~sPJU!R&?C;p%GdYq%7+kbIiZuY($nP>6l$CY4Ex{Z^+dd@OwX6| zrX)SAPM>n5ht+!R!t3g*w-zK*p9_-oufixXhqUbQ$$!q`8-W=;LuWiK)sSaY_(Ur1 z=o$zE7D+E}Z*%miXSoGq-%Ox`pZ=-*bnicLK!{Lz@^KZ9efI@@x%6U~%e|7=IZMyg z8wIz0Rm|LeUEO{m+IYL1ccgB$p#~YRXV0CR11wN>QO`_^S?Sg4cwPPT%RJWh@X`J2 z7>|&JawoG2bw>C8Lu97-n0a}&YDdS2?YTT$^ZJhKv0r5@M9${l4Ukp(=LdyfQ7%1R zx`#-C*Acnpv#x~M_Da$7N2+)5ah{V+R8GXK|Ji@%7VR6!c`E064IlmG^5NLBdrpPV zi@{qurkKWA&igWG#5tuBBsjdrnW<19--PC5L+Q_VrG!oNlkE@dmRvL`h{!Oxrxa#qf2})lAEIH!zJ4RN4*#{v z{ZP=cz`0v5$Fv(Szgk?lqAB|WVcvo)Nq+U*6DbYdy7#^&iz?&Ii@8+9 zXTgr;%cE`*GizzYj%{RW6d-^x3J(z>a|!jZs_Gy2a&tGc%n|JKwX(AA!;^lDpJ1^A zoU_REuZ3c?mw|NR0@fDm*RA7R;6VchG?aUF!sp~H9gHa`Axfw{yVMCsd{azbH@j?no==*c}gOYnGw<=B=e2AUWNukN}8a*$L5TFurZN(N4O|6DK58p9~<*6l8 z@$}g2cHPA%<3DV<)o6*dHRY2Qa~FgTVNzBY9sB#pRiGh2+{qVF;h~32`4n>^CMJf{ zp7@V=OyeBStSKo1pnL4``3@(}1x&0nisuw_4ULs+Z(Vt{55~s$wrlkA@nCaiNM~tb zIap+oxE@dzGXlctr>t!Ir<`LMNBc#G+Oj-R2zHAbu!EYoD$YCWBWD>+!!efADPXXW z*AwDeU(LR1P&hQ>y#1B0yM_e%3}o*%)HW~B-q==VWcz05)z>Vqz%vcp zZBgs;f%HUR5x4|=r}%}|7EY=G_Fy?(Uv?>*MFuQZ#vBv6WMMpBWSymD!r$M*;Q$I* z77h-$YZx;QAF^;DM!Ov2k|;5U85;23JO#%pTByA0BtcARVnDp>g!QpWw>Nzk{i5 zVlEY>J#ZvLz~dDaiQJZar7UMT0FaU2Wtks$qeix!;dAwuN%zgTFy3m=?(?ymIe`!4w24p?&p5adGGW8 z^Oxvm?X|9TT{FfUb4>qhG%r9hJSD{&N|^S0F-A|;dX%D8xG4aGBVr0 z>UaXMCrXtnV-PG2c#hU3`zQg;7lP2+2Im?&62NRi+j$~Dx*QyEP`#kskNh6hYX;PE z)KhWC*?{H%_;A!zHW;@2>KDc+A%+-gt{b3=Fq;k1O884w?Yl|5e0vv{r?RrC**?}* zZGiefXa{ZR{Cs=|U>&mf9>E(aEVRA6IEU`&oIGlM5EKNoXw%jYoJd-KE(E$)vHoKM zZ}Njjg(2Y@O4!!WTMGP87=#UW3lMV??ptEl0Y+OH%EJHf4XTe2YB2H2_YDo%L)Zmb z2!Pg5M68A;A_OeO$?-A7VPKg+=q4tf{wG9K&^`#-?y!-7DyI6JAq%E4+>NM#QZ*tq zI^m8S>M~H&dvtpnz>1OYGN(8>;C$dL*+At4P6~=w4JDA#S1=^y1&~Joa)w60Ly#7P zYzNiE^ZPeM+d{0Y@@l`M*3(zdvY?Oy**HKXfbZ47)&bxTk=m8E0XrA!8vx*$a8JNN z1Es?0nHkVEGzN8T@EMT50BgD{pmcYwbrFtpPl!L^6kgeUmsv^r+n6H^w5s;oiwU1v*Q;K0G=D956|NC z-6nC?`n*SP$E+QcLs*q}{y}32N|xK(cEC&|`@pGJD;YHaCkK=>2q<_!H@9LpQ`#1j zHwn#BaJlfuQ&1}oIoQ>-m<5td#XKf^hwSh+uGn=zB%s8|;nbN41sN0pqSRQ*sbBzJ z*BX=B%qoPwke}Z{fGMlb&9#8l0U08o38-LUl$(b%8dbCLoN&NMMHtAekjOs>?S24m z?-#&ng+6YSJ%#<03=Op)c8oyHpaD`G;J4ruL6;vC7Z3=P-W_zIz@k7W*(7{gAEpNN zFtD@Rf{B7%1$Lev2Il}L2lx^DQBa8S@Tj-?9%~QJ3GS#EO4-n(xVfuf!#4#L4Pe*< zAA*|OBoN^JXgnZ_K4Az4&xo334(KTu0x&c1$UuXJf$l9}SXnY%oSX;<3H3{jzrh88 zn2U{Iki){jfCLyD14FmTYi4SyZdV`bS5xJdU%-*ULeA#QEruu-PGS`R$6yhv>*~Ht*dS5|Enp8ex@;#$KZ4%EgXI)&)RY+@V~jLe z<;R0U3e>{|x1jX_GJ#i4PNSv{(1J-A@Z}#_p$eM`RX1gpswfs{{Q~s?t8z&Q@}Lgy z=-@Dn#D7Z*$WXQJ7Fc>{xBa=kJ_X(rj~%$0FuwIO8%kEoslM_I=njxyp?ZD+PKHdk ztDkjj22L@Uac=-+fDQ;HsEy6diseLLvo&3w+d;7(9BDGN`Bgm8fvbRWK^{li=dx%# zmWin;V8AFB^H!vRM4?K+F#)9=rHTy&-Q@d5ZyOpO zi(Mzat1u4s^W&`t(Bz&R8;gSgn*h~HI2B2}*8df4W|=Ojf8Ie@s#Om!0j{a+E4PN{ zA}ZPpJ}!^QFzQYs$OM3=fph|;d%D~30?ZHU6+-njqEi=60Ti}GMMYt^rKF@}_l*9) zHrYhr96J^3^xzz9q>24 zh|bR?aurId2-GQn@*?;v@WE*zW=lVc6gFG3K&mkon#dwo^RU>MnYH0$K-dY;VnN;` z_^KBmZU$*1z=d8=pdXb>h1HIO=2B>QLQ1q-;p_TtrCE-}OK+1X>Q(Jd(9{cQKZAxj zSW>9er}ao~-cRm2gBK5>&Zy&G)1|)#>>XJ;j}r1aE@z*a6F-P zfgnHigfyX-@4*9*)4Tv53D^SY&yT@Y2a_-f!wiyyk+!u^Z9(yi zK>HIID*$$lXhLyr1PA0VH39a>N>_n%1tQl9K$ntbsCE5A&)c{PMSqB1z{8T@Nda9a znsTwNtql&T#CiD1(GfD_5VRtI*C5Ukwd-0BaS*6(%i0P9<`3gs;Oc;-1N=CuDwc^BL?__@Q3M2FSIOyE)a{YxH$S~J#11)yFruqNBA;;CAmkZ zz%2l*mc;`)CA8d#4xl6e>8T#y;lTk&H&CUZa)BoMrT5%h1~r8&8%Ty5phbcw1WjBc z$Pa+?LS;Kyz(JZm48}Ks(L*7@;@wOn?_vApUj=>=eBsC=-OWtZRroq+0Eb}A^-sE0 zQ@*at)2IEg48VI)<%mH=^!X8NBmYpb!n>D%?Q2{*J~>H&&;e6QMWx^r1e-=(Ta1w} zq0okh-4@0i$m9&G7Y~T4_u?av8Y81Ps8rU|2a2bx(>&R05Xyq-hNp$XE3&6`YU&ga z9x%KBO{92V`~hlKsTPRVKuV4(JU_{T@DWsFvW-Q#<9eWc)N2NEpQ=9JU@#*cgmCQa zigzPss$W3_EAGaTDhI?GBr+1o(%`Th0u@KdbWPu7K(F9ec*VfGQBb)0spIv|Pc&Zp z43=Exzg$KR>UU2fE2fw{TEQK{43!kQBFX7d=WFMz(aB zi^li46`T^Qm>#q86i@EFWl>aD1{%_PD`)6%ge*v9If(ZtO3exAxj~XQKusXr1Uf}v zlmm3!f$;+=zQg&rjADu+WuHcJU5=Pq>5loAp!CTPtt@K?^rLT(Mn-f2ZP0}L@c#W+ z7#Fph@^p=&4&3WOT*(tyP1q|ynCe(S1@8briK9b5y%Er+;-$azL_Njvrg@V8_i zvOXihDg*`L?$_EsW5$j_CbN;r1Jj0g#S%n=P5rDv8w1O?6eyQ#>`6*b<>fQ<3o3iy ztU!4}lk5W&kN0<%SkPqxSud;)WO*xN#h`=O2J{YKnncCN zTY*&K$_j9jWLUBQbc7akuYiiOt2crqIbznqxN)}*iVOUJAG^k2P&GwmUazjLp6JXm zK7wCJ=o$sj_pUBH6ebdRhi6k_0uR{{uyYZrm8Wx$dFO%&dFpqG$C&5wGH=XErf}p2 zp1QCGG`^$$Y;L50!3I2Q-BrPQ;PJ?oPWOtQc5#=UChhgy$ERxN4^(EtAbz!C=gIT9 zC|IgSR^_N)e9(Bz%*V?M5n^F|+S(`IvTe(J!=(qbip%w*=Rvt;XZcd2B>Ku(d3aV* z($cV=sJ1xhl?A#6QowqLH7D~#hMnw#x_4@>^J!?$;20q)2X9;W1K`X9kP}-&MT@(v zFgOs1Z9byVeFEM%EG{mu7BI<*^74^aoN$tW2ninpQJbz5!z@T_fKve(x;#TTyhBhu zT#GG~Wk?_HzOX5vaT^~V-#E;-v=L6SyH$8o=*TPCZ3fiVr-i1=Ym8SuX44~mRfCcWdJ@$ZR9&S+n@fZ3H z#PZ)wxggTTo6--Rc|csw5H{kD0|PR$iSY)wMA*tAvb-y^4^Oj7(5KK&4nN9B2XA`rw|I^z^#8pJ{6c19}cM zxshM5P)q@PjVZ=*q%t#@Sb+&iHA+Yh!{RXqz`1}yWUaCVHS2@tR?zmDl5%M?Qb8*ygH-6uum_*Ud+!{bzeBCIb8fglxUC zLJdfp{%RcFOYhn(7$VWn)h0#I0!#-gl`t`|=8+UZzB2oN0+?!X%oC2-ganB2=Gxo+ zTMV^8>+$47wW=TSCOB9T07RU(JAeLw*jW}?DNHb?<}$`0C4{3sGK2?ID~NW05_lJ< z6{M$~sx>CS_JEjOp0gVs!te|D%ZVF7?>bFbI44%=A3sj2#SZ>v4C$BL>tDdu0OLgw zoGsr6=L6j*6=GioIY1P0^&avG3f6+ZhPS~+Rsc-pNqJIg>KRaefn0WY)lo1Bls}(W z6eP?6g$AE0WF7L1;Gyh&QPyvuis&564fQrYX+^*puY9& z_*#kcji5zH7l8H%S&iA330Pi8^2u>9Moir**dyTN0-@66`*pGpQsJ3^DgobQvIpWb zxKllpWb?RI1*&>eFOf40ayD*{Zu3^@Y#LAG-+tu!6Q->|O);DS4p5$MKOHzSAU=&? z?mz`il?Gxl@Et5vbLmp}OSG#1bainI!swJ4)|=$yWAJ-ck1{I>fIq~W$87yn^L7v%zNHWMsbqBe1f1a{V1dwf06nfC54e1UVf_GI$dIa~?w7`BPV2k^P>& z>6kiducS#}vv|xEK6|((@!w-oxb;dUYjSwxLP|4N9(*B;pj>gRg=SX!q^+)eb+P|7 z;-t9*oJeg<_NIFf`$DQ@3%%^S6Zb22S##tnPUueBf9gKp)4Ps?0d^0NCtf~24tDln zz?0l|8TLnki3)^JP= zwH+<_UtlqS#O(%XgNLv;zz35K(VZrc3Q>X1DHv~<@&bBLtOmKC0s~7bEA?yavn1(Z zat91335Ztx<5~|G6*N3J0x~i(q&K1##fp;u0;lZPK{eI`1PsV<9|8{o;sPtxV+iM* zrVoHD4?H3*Ak-pRf+1QbB>eFTMPCM1GW@~?jL>xyM0LAEJey7SOnHhM&(9d_JRCLD z_~;}h7-%jGochT`xM;`6Tf~%<1(qa3a5w)Tb9=L%}q>0HQ1jN9$gwI8FulYf7S5KUc%m7;D zAUEfZQ;5M+)%=d?x-C4&n)DY>gC3axIMP{nS5cY{0F1)!SOdwgh|a}7u8=3IdL|x1 z+8SAW2?B1=SOU~1omHj(1VFOy#OGmk05U`MQA1Y<|EWZUJBgy(=mG0F5ep zUgcCz21ZU1P`Vi8me8$9SGZe2t_+3O7#jYB&Q_=$6u_CXZz_NZbF6D^Jr53ePO{;(j6)c>LpAUXo zb*iN)V}M!+I9;$jh#ly#P?V=k0Zu=FQK(FOY^?wL_i>nUzsqWs2<%kx8r|C@B$;{5 z@p#Inhq?9ZfYxnh9J16Ev8Ow9{_06sY6;=UXQQtmPE#zAgT5f@4YP@RQF zC0)1k;5AT^fK+q_90QDL!#3NWKuvW%J%v#*O5LP>R>zxFbI=DxMMGo2T4O1mF^C!o z2m$!guiLypQn?QrXaK#h#WsTT0cUstlnuu@KWO*^91>X2pim~EXbE^NOv{3{#@yGH z|EX>oeE8&kv8xUAXBZ{spi^{cUDB@?Y6UHNX+TvG zyAJLB0HGZ793By448oV8OgSx#jRC_2Ph$i9V1t)pq3&Si_Yn;u1qZ;%peoWen$C*yL!tj+R1Az6!$05T zmQLw07g&~BS@&Z_(jrf>2&tgi^AK=Crj*Yo>Zv~>vW8ay^@T&FF06X6U{tCFD+*JC zn?TI4V|MIb#_6Q~Bv5F-1KbJRW}1Z{R+4MiK0#uA3jwDVWasq0P=mLA36h!IaT_QY z%FxUcvIY=(>X^m?-3jp!tQ9*;Da%%cHr1?2<(Q)#4o$I=W7_rE{E-=f<7 zPZb|0%^ske|M@iPlSqih|NZm3E~Aluv1Xv`CV-+<{p+GE0V>b`{j>PeeXEcE`hW3U zD(PTU3Hg6N^#8|AxL2q`2m=-;l!3K99%5_QZcu*{&Sb(6+XFuXP&5<*x#QRXiGj8= z00ix8&LqmD{&gF4nRRPY!BB?f0<&IW01Q2p6u-oKZYXmCbpR#B2#z&t&;p{1t-*{A zI33WH5n%G+-w!A20-Op^13)R^LoHYlcMX^`pah(pd;!35JgF(%2+BXzIkWE{z?;X1 zG_BKwx4W?New@P9Xa8QwMjE&j5IAQ+`Ia5m>*ClP0eVxwMak7xf$R=!B2q+!;MSLk z4WQMd`juepBr~%mI21Thsg2Mi(*@oV;yl=Kiq|DU=oP>kKXJPMpxeoh>!1z;Ei$0g z4Lb`^m^&5ffJp*O4heq8l09@Uyo3f8E9Q?7hyjvn2=P0rcxljd0bsrtpr6oRf(nnP zr|UB_QKI#*(@_yg+N!x3Zd3J?l|v7srku`uC7PdKIcgj6ov`|M9Z zM#chs2gKnJ76RS45@JG_lA?wST`+%O$Qai{SN@;wM{Kr(6zG*}xxn4c4R60MX2BBV#3L@q#iK!b_I^JFiM|CKQ~ z2oz2-k_Q%?5)#k_tN+8miut^j`v-zVF#3)?Mc^bsP#caf6w7j7sDLSkjNKow&#tB2 z%*;&aqJ$&}sJsYKkS>5K0lcnd@Lg9#p?ebC8tk_M-M(LtlEO2hy@C1;s`m`)p6@B@ zYHJ}o1NdhhSq7n~3TL)LoIO0If%kb-S8%5ZAtm1iIAZ|a5TfBGaMLK0_7y}zphWNp z6|~f0DFSRg zC??vPm|!3v%0&UP;_Z;^C3{=qaaxdt!5j-h^slEkvJD^^H_(X*hr4h`)~ z_dxduLg&#@_2VG>V|*53Kp=rwSX)yQW-`j||L>z=z^SL1d&IM75Ar(j=PJSx!ZUcQ z5dOfnSboWm8Y{3ptDc=X2<_S?@7LawL0nSv_A6wMP-cDv#}M{2w4uP%L==AjUOpl; zC8c;8D*ouAsPaseaj6z>8@OMXuLeaaL+Duq*9m?duCK{NLX&~{@B3N#ds3F(o)3-+ z^8M|fKM@FEIYW>h2h+x_&_~UeELC-Nq1f^pB0(OD0YeB-fC^p!$p(;05g^*a5&>YD z%4?N`AYBe%1fUwOARmGk3={Dpfp!FeiI?o=|M|*pWbi&2kQadmh$hN#gZhzc=*bSO zEPWUb0-8zz{u0S#LcY=JoSsf>o8NJLgn-g(V^R`zl9G3!_%TyG3p2@kAbvs(YS^M2 z%oCnpD{Maq5m|_V+AqaM29!tZ{(C|~r*KsiE5p(8v;NHgxd&F2;F@-bbRfHgrGiKg zq`xVEc#c4g*MRVajcgqZ1!TLhr1`H@P-#A_AF#cvQd67ZAc6%`&D#UVJyHa^2T%${ zjfl$3WPm^qwoRa9I&@80_B((J0|E#z_aMlHnm6oUC@&&*pgIN>BGgDZxCPk75Tn5t zH08<6t5-rn3?g^{u%ja*q1p`ZI7Ua}%Kvi|bnhA;8w}u)Lil+yA3y`TJk9ej!ODYS z0lfJHv|bRQ-AlkXJ6_F6fj(Dgi3K$-$TWZ*sc)JL0VLcSsHy?@i;__1wI<_r6JTI4 z0qO&)rw4QvV!DB0unjxC+=LrcIv@f70s+*G!I}e4ZB)PE|JXKsaTFEoDG@cbVgs}- z2aD1|?C%NrKj?PknhzhJoWRK*gxW21Im3FQ=7HXTAnGI|n$lAR$dp~~OjDmFu?!TR68mHK(LoiYPjlO?7=#_*&n1$9Kl?AfV26wPq8+o;AuD3g< zYGMcGFMk7P!n8=srb=Qa+J`TtQ%?VfFHm0OK$rkm`r(z=cAit&3d8P>8G;NE41u2- z)b`vuN#E1g@ayTEDJ0S`f4|D2$f_c1<;gi-(I}CUZT-)CKr$v;0~4IRkM}Mc1yP|i zQ7@Kp>`gi(K8gLeh`;Z#y;rAKf zdL3E%i2K+-PbVt_5l2O8WqP~GGN$DEE1KkM;yCK5fx-+;6?x8o&%S-`Wq4jS*-PxX zc|az79!0tD6K6Ok9yR*pe=gv{1I)jEJ*>S^D6)0+^<9Kg;e3!@9GH<@*s4%xcz0b@ zYP^D$;z+#x`A-LtM-R!fSLxQb8VIOF93tB)(aDsCv;$~I6B-%@j-2*t^OSc%~0Q0dBpJ8TqTzAkTsmmSD4==P`w zmP37Au9F2@CHmkGJ2t6n5(cY(@B{iEVQ|GT{`5o6ra zIG(huSJE>cHxyF$&V-xUivGqY70;{OdzZ%8!lRriiFA=^imhnDG;cECxiP)wlSAyv zFaG#};egMxZ!BmUj+JPgSBXuKaSxpfx050m%kBN6m44b_I_>#9yUJY?y;$qQ{!f5s z_3@$x|4pO8JE=SA`_=t=c<%-@d%FGknh3r`5dfah&+gH2CFFun~FsK0p0d zI{jhR)~UTwyb`zb>6_N{VzLC>3tJ;Y>-$5mxBtFX!(uJ2O4gDT*axpyY0yl-n!rMlAmOkS3hnb>%YseNB6Rb3zi|lTERJ9N~_N6 z<1X#HMmLP+`X4>PN&6cgWz$X-SYfv!US|IL{FsRxec$EC!F!HziuwtPcr`U(_6ww>)HLG z;v>?eckPt}1(@~U-`ON*U(Mgp`6u%9#L*qQ>3LV-O8P`Ii`w~wnw?Vs=c^=Wk|b~+ z)qJ2n*AlCcY-M39i@eDH5r$#2WBNGJF!a&rz)bqDIs30SebIugHqG8X)h^})Z4q^^ z(Jue!N28%qrz?KPbtxC(cE4rj6oY$qOp+;)%s8r3(N*S(ha*4GdC;RPo-6(ti1oMN zyB>=rxYZYGc$L>itARfKY3e6zD*Rl*2_5g)(Sp0jQ*o^!e@K^oGzOX}oIhd{2YXuP z8c9gJOOTdy@XG;p(lYnMW8)c^j)wu^fD*9;%Maxt!Uh?5rE5sT%|p1xv(8a5dYx%xPj^ke(fZlDTamLm926;jysNBY6LJ+% zD>wuk{(waC#U0WtW7|R#g8<#3=!r@H_VkvShh^$6QWK1(tG)X{qtseS8dsdX zC0q>AMu18w9A=rKc;v)cO*6!D`7?*z<%RMI;~(eE z#J(63JNWvM>qlRDuG)W$^sl1t)%dI$%W`+oVw79lO;X{i3L@G4wT2*pug$(WW_44DfzB%k#Uf-09v+1Q=0>>L( z`GVeR(tT}xqF zDSOGyoyzOK9{kkhVKC7sP%-=I>i{!D!X`h zjm5M(G9pUMa6V39KH|MJvG{-c3cQi#`zDOeH#A|IAqBwy8xen^a4 zCzd%`%OPjRN?x)HA?vmIMm6`DZDX{F=rMyL--7?kb^`o5#hX4C+){1;vM3ct}H+ z1}}ouXWJkA^{#)eW$j~OXT9}7X>pg-hwImJRCN3(Y9kG`MrQwBeA*j3`Z$~S<%!?o zE~{SMo-lGcc?7YN1 zP5vE_`J~Ea%-Trm3WEH>uCl>-huzYZK0GrlT&r z$@xmnE}4%1Ri56GwM3d}>mIqkFYiqoQtR(tlSP~jMQ1VJ%~`lcgm7J-T8r#UC)`ND z5aIC~4!eJd!zP3YT*2a#fdaqyua0N;j=F#3F!F0fHuSN-l{+;YjVm*c#AUpH$%H}m zj$Tar?QgdZdstpu_xKM|^DbptU;fkfkb44V{zTz3PqJRY$(I~` z=R9Lmpc7qe<SkxehjClhs= zU4QMqh9;UUI(VXN>G$?=vPB8Mq$4|!4s6$lG%C#nM(9!;Okdy559(0yui+*^;J?6S zw0G@`ddL-VHj?PJ6NG^{>%;AG@M87gZ%NhDJ6R>afruRnrwe6i*CkU9doLqk+UdMM zu)eB*{bn)G-%`qc?)h1*^dgpl1}mkGbDoC-^7ym#Q|qBdLV=STA`P;Hh`+v4rNmcj z`3LMWWgpvGK$G8j|4!cculSdL8ui@|oW7US*F?M5#D-yAHFk((Dv(4&2pNAR$NI89 zN=N*6sqvsZWPfGm>FzL#;#Z~l&P#F*^fz=Iq;@%@yQFCM8wH*t)%=r);y9Ic6(Vh_ z?_s?`JT+_b->a22@lht))2ZcB?TLx>%MqFwHmfk^OMX%zKRd+d+!P9vf;$Ybc}SOBTeiGu+y?GjLJmVaLUgV(C(0M?>Uw;9_}PwrgdEMr zqN;@OzvgytXn&?myrietz0E;b9(Wf^i zRSV~FLR;hu1foh4fjE1Gc@gYZe09WM)7VJiUTy};JT7T^15f$gq<8HY*$`H_?vMOoU?0XvxQr0V_5zbS0u}Q#@G7ONR^gI|L#~*;=7L?-@gZ3Ci(h_w3bEeFc84lP;;Z< z+%g_d9r4(cxDv1+N_qu8ydVGiHN9vltuswwFq1H$r>apq_%U<4@{?~=j?r7r@!00{ zg&iJhueGZ)(`g~X3`@-^Ej#xy5vdLMXWZA_3pu9-W~m6D`ldajtIFM2k-RHjOr{(_ zz|~o@#7&~%sfjTTOHnk?O7vCLb&mpU)HMCdGA^-4%l4--ejx-KCC16sqa_lAXoCO! zMq++#aWUp;FDz_{u4JZaQ=ZIv%)8KRjpm15B>b-Fg%A4AMYe(G&6ob@2$IOwRCdyC z!(JcE^X8e`yYCI>3U~YWZ{E+jR{jzZg0@J~dc0C5!d2nvq#(1hf%SumX;H!zeWL+a z92X&~r-rkFtGJGq^p5TJMh&h?5CyCLk^vfG?+;=L<8MRD^)Lhitg{U@zB&DT%4-DT z@2A#Pfo9{#DCa|h(EOUBy!EI5?KK?*0C&&rdONS%)dgkpldzl{mml6ji!iHDiJ;KX zwt1(&{&h#E%;NR0?_KZodbo6)Yq|JeVv2>ya!q|W*0l4Sd!B{P9J@{&aJr@^AI^bG zG(kbMF0?u*cf?rEhV^hds&pg7!ZI*a?9R~*zXMX1NVbWujru3%2C{bzi1~OJH7mXC zD9pagI$OkleD7XWo-JkG67?^nulc-yNRn9b$ut<1N3X7^V`lIO1=&`Jsdl9lssx<>b>wp#fS9JUK}w;+^%WH(o;O8Vnj|?#IAG@+7GWXsKWW$d6E{vYIB=l!C6d+4nxGRXlqGj;l);HJbuu` zBp=!v{~tS#uC#BV-zDG+e)~tH`M`Q-?)iN)%~y7fz5+))ZgL!GtL^DA zvqVlurvU0pF)I$9ayYebIQ<8X-golbkFM-l5GHVn36h^wy`7V89#2{d zb5W$2YAvw2NsXf*`1uwdzV|x=C3J+=h>y2fTmAzpimtDS%3$BrdpqX$5xn=@Zz@b& zqw6;`d%EN3zXDd<{i?;>O+H-=gvBaG!I|N*Q=lT+gFCUK_f-uwF6&CybvGUc53x2_-(FgcuecpB`L1ovtFiymNX8%d@F=_gUxkn~4g z-ey<&*>&wvbUkx;H)+WO>BQ!!?e|3F?@0>P&6HmRk&)w&a%0+f(qg@#q2xvwW>Wgz zd&iiT{uSNLB7Vc0C>>M~x?Bw$vo}(fZv@ppYR>;aq<9Oe{`qz3V}84-B&#j=wiSgu zqgkJNKV1LuR&fzxvEO(kBLSq`x`WA4s!UB08f2!Q%_RwKTV+|pKh-es?;^_v5_lVH z;$`Msrv~G7LjS%9N_JR!I@{%qOUgp?{ouZg2Ac-ko>|$gcekm@%8kM>v;c}P8Ms%? zB6Z_Q8Zy1aFk*5&ic|S&6VuIKt**kII}`o>v(DvQF_=i6=|;kdp77ts(h1Ib)h9(O z*smvP^sF1>eT1pKtoo*@7=`zB!*!TG^@dTq>5!4m{8grkVt%d0_NgndgM#N*gXe~jQakj1dGS>{vUtxzuI zQccugXi8>-o8T@LP5Y zgxJ||Ttqb1yKG~%8ZL{k_0L*kj(24Q%ChLvIYJy|7Oc)3)aGxh8(Jf0acr>uXwsZl zI$0u=SyYtIOEf)C`nKHjyG6z=-9t0_L?oSLsgoaDJV)obq3X~rBJl9q+Zc%*`=imO zv$hY{XgLT-5a?W2?eHOFS(SBd^ONU#DM035HJm3JW88&acc?EeiGEbUeER4MBHVr? z)9yE-$jNBQGSK@<9416d`X-{9E{Hb?uLiynZp`*-ZT!L#d!=rJ4j0{MM5D(g!JnVJ zv*S3FH;zDHoVnlDHxo0VeQVojuWUzi z0woW8D}&Jx{_btP{6`P5xbc6EJa&!D|LcW@cq4`FO>?xs0+9&WwXH`14^#%mBov>> zFC5NRy7-Jr_$Xa@Q&xRD0hdxn9KU0iM?vuAhzRjh`OCpP>rr069*@w*y4}Ghb?qiR zeZpXyu87S#OaVVy%{S6> z927~%{H(U~t+AeUyfvjpFkQR#bQ`U0vau>?^ptv+I_U(UWE5)6`_>_NaBMNIi@vbN zL&`&cg1H=>Hm3OgFz2o|obm2YQHzMazbeiK%p5t=N)M_-CGdHd$wqhq@;V}xt; zJ-cSQj#@6lM@6nvURQ{BZS%x$rFns}rP2%b>nz#&vv755qMbrX zQwQ`pCGP&2y5@fP#RU8Ihg%F>GZB9@?aqD7kI|X0V}v3cUf|`K-@M?|t*?qnE~E?7 zR*hI~-&d4=bu;@%Mv^Nh;YF$yd2`QCJrYbItn;Y-DK9;0*@gI|Cs?U{pS`S*mH>^t%- z0areK)34-N`y{JYibh+ZoP4?U_Ul3wcN`T(Y-lmQ(+P3GnWnOjaFXjK`^T52Oeroh zh>uRsky=00Q_`k}+pT6c+C=Xd>A29U<3*<5&~PqswKIFAOR;zG=KbG=Q56D$rY?U% z#V&nT&HK5jr3CjaUYh=SO=CtDX?r0^UR&J~CIm;-MzQ-x-9Q=czPMY{qfgiF`m0AB zC0%`S?2GnSo|e7X#u9z4kQW=#+(L!-4UN;)!FEV5-v2X zLbhsL1m2sR)l2j3zJ>JsF_AYS<_BmK{!)hHlG>P zHuJ(XFK&j1_e*aVPuYqSU%<(v8YT<`45v@kUH;C92`WTy#Y9)v|U&#tN2jq1iQY_b+w}_L9Hl7(*!V z0)~1s6oPtBefWC6OwSF2{>{g(f*uK?%Lgyp!cE8y!u%AMZT0rpmfXq`qF`@WAGpS*av4y@7d@gE*`( zmU;AL^x=AtVVL>D-}8kPXM5ha%{Y6?s24aVZTxTU z51UKdOj-}554>zICCHk@$?r&Bv7F=O+0cHlJ?YGw3OPWe!N1%YpM4NuebUkJ|6wcTJeiFW^nA~ z==H%cn>O}qFBkrY3t%lnal8Meah;CiRy^*q z#q~+$X}+q+Kv}i1fxlt7baFa0ukcHG1@kZ-(n$V2X4-5Y~S8R#NIbF!Dt0_ z9lXPA_5Ltf+02~6945XfENo?OZ}{lRoY-WTp=HN2^}M@&6TZ>=GL)+Al1L53VlR2t z1TgANZ4EEN}ai3YQVey2PuKM!7sPpjRJ z;}H~$Qu;)Y`J#-kDBAuB({#>!$4iLeK+dXmn zk{U~9hkyv#RfRNtlHt0vd&NsqI_VE*#j$D_1+p?%q?48QMFgk90*Fmxt`jXqhBiHG zOS~}43Sg(<8jfGT%EM5ye-n>Y)>h-UX=n7w;Gzw~o`-^`^S&#dXMKTD@>{$i9)nx$ zt;fUJYU?YE;X#&NKYuJQl4^v`%FaLZa=EG!`_MGz29bKc+}#(h9|u>M-1x(WgXt+7 z8Ul@&s@}25bEY>o5+phFu3mL~_ixD?FV1Fa z1VT51U0ds!FIbW~KVOdS+1tJHYe`1tW$T&es!C9~3@1t=wZxj*ho?k_qa%1Y!oU9t zsXEbYj)|E+zbT)vux23gAW?TSD9~Phb<{4eZ-c9OwAE~EB>OKmYPYBAh4NytGQaRj zJr-ITy$H8>YV=g5r7TP}Da<*CGH|6s-rXxk+x(h}rPQ#Um zo7yE`3{_KCR`37u$KTg`7abh=n2Oe2q_R&#A&uj$GPzHl$L1LMUV|QHF=6PQBgrEQ zrW2XmmAcIKCFZ~tWFuE$qUY;CNe0@y&H2 z>A$P9HGI<&EO&`&wMp*c%jg!KX__YMO5=91_II^7?s22G7S7>6L@7Df$Oyt8-J(Az zCEt5R{D}JQ-Sm%mKcw_iHVEy>9?=Y5pNd&_%y=EBPs4!w@&*P!uGt>Z)cafbGFpYp zLtWa#A{EI6gRd-?KKoQS%Cghg(!1NHnuO*I%&F`Q;^g@hikt_2A4~HZHb!d;XmL@U z_R!`e9lC7)eo~9;xq(US9(45T^7an#V=vs&34gLEtoW@Ixd;{(7yY*2^yZ5q|3awjO^uit{u++ z+pqgVN|MPl7-<~npD0NK*w09L?3ua^1!uiN&^d+Bh=TXYJ^7wg8YOy^sLD!SgrN6R zTK~AUs`UcDVP@(~+EH6`_C!H)@7Rm`=IT26$~@EBreaGnPa2IMliZy6x6qVdD?az# zJ+8YkTZoIq4}9{vDDWDZP@o`s5>ol~{@!?V`x2&ctA&EW?#uKXe-+7Vlg{~#o|DS% z>w{)|k+F(F6Xhm12(I0|CWEIk)DyNZ^)6_|os@BD=CX#NiKK(>sW2SWFS(DT(!keBxE>`#i z`!Vmw*%SqOG%m+sG=afit0wbjmcw~Y6@iUHN?(jE{@meV2z7VPxwzPOvfJ-Xni9NX zE28*?CY8=-aY3B(6Cz^TKepQ3?VQ}( zJl<6M8%p|pjs`dl+?D&j%1AMl3$U5a_Vnop7oEo$jkjHl`AiLR+%n`CXoCXvZ_f;5 z306glNACMB1mk42pqa7OAM5tA-;sHSx644k>r%%obGar#GB5MuVC0L?{(hmi>~o`z zgbUax^jY&x)h?bb?_=5rdcw+gwe3sq(8C?B2Aitkuekp;_-L{IjQBrZxljV-l{p?J zub#Sg6kcYiIc?9~+jqF08D09|(DE2<>q*7*UPFc5wXhA(R_Vg!1ASf(*RpR!ZP7{j zr-v_BBd(b{=};d z>go26#)k^E=UfT-f?KkcKE>Y^B*oD-J<}U04Py%o6|Siiy{G<@(Y~9xl;e~y=w6y~ zByuPxUoqXs^O%S+s)Pm>#OiZmAfDCusJUbIc!%?>CFbI6*r7Nvzx#iJz-H z-aRv(57iN#lq}ys&J5knp&|05xD#AEh@U*SL^oIP!K!+l;zgIz<}+VL5n;AF=_B?B zNzeD20^QEPJ`wWC4-twqJ=!bps}J1a?8K5`{&I+06PA$@L7-Tm_i*1P_9!d&gyFP` zcu}(ar^RL;k3^wQ@>GGRXXs))1ZN(2ePg2U7@L{CDY?!Dp zN4e$g(OWBr@+7Yvr0v^OC}sl4lv3YQoLHDk> z^zSnt?5JD&`=(U$`*4tOyfl@JHe>ldvdz_66VIZT&ixYi20rsDg{_d(^Ao-=zZE-j z#T6s42I{fp^ki;*BZxbZ_Tm@gGTKj)PN7oZQ{8pS+olv|2#gk%qtKH$pU`=1D=;xM zn>bXdC0|vT^W&knsuh|dh3p3!MoL`ue7JJ&oMc=tftReL!KE0wKbazf&@EGv;e>>| z-0;9$=+v$n7U>vLYs*bdtV~X?y2r~Fr6+!Gcr_yDyOI*_t-aOc6X(*v)_S|OE?d>K z>=?eGMC=vcJO%P8#1I3U?~hzD^&{Zk<1V_w065z~=%>=THtrHFovHeW80()l-%FxO5F~ zJ@M2_6J|5LGmh?ORx_$1@w z|GCjzWi*X+H3#y9CVX^6$wsYzLdDZ53$6NWd-aXKO{07%+;@L*Y*{?-iVd{lKaY;z zd-mbR7TR2jMRtY-_zG)gQw7OqRzvKI`!B7|6_fh2P3!C^2+FkoXs$-guq&2(SOJ$E zftbE)65L`{{XnE#m>41IpxQMK_pS81>L}^0gtoujRK*yQ{jTYYefE`v{O&3qk?A`c zTN&!7b`-bzb+h6x?1XFu&5SS$lLh!IF0u*rGNtC!yzu>k_N7m_qGwO?j)z7i-#z$G zEGrnRoQKpA!m3_}zFZhRSRrh1C!Sl{xSQ$Dmd$-k-s$`Yg3nn!ucQ4e(#*&(P$T%` zC*2U1NiWSrTj*n7P(8;@u-&o7r#moKc^`wC=+&Qu>h9M%iPMRy89y{=gTiZOUQAbQ z*DbJ{#i!oUWlnv(3=udz8m`~h`$&C>PPg(+9`-54)o2dy^?Z)aT+6IzSxtcoj^8>f zTm;nV)$g5C($4JZL%!1Az>`&%*B-OHbknI!P|{6{7U?Np`tNI@-psQG9X5T>eRXVX zZ2J7qpLIbHUdh~2nYntoBB$sN!Q17^`&$j$HjfYpvX@dZ6N*nO?Is$!WLmR0T=;HR zYch^TDSe+CZI63pB{nrPl!u9W3j@NNdCG&phz1!9k)xl!*MyIL5lLo>tdq}G)cTsX`x#Rz%?#;uoT-&!{4T{o$ z21Lq`LZ*lik|cA;Je8SbjLel16_#WQAt7_7%p{rTOl6jkA!9nfN` z1pZyGV}J3|*C&_>cQhPMwRLdt^Y@3@(Ey#ciN3!6hF(uUo%U$)Bep9Bxuy3%aueC_ zuw*X$b1;o5wU;gL6`M!N5=o|uzD8We)bdwGHTzsesqG1evM&kApC){myT8UXV+Y6V z3!oar4t5I^6TuNhE8>%a=pQ&q8UM(OHn4FT{oHUSkAZA_D-oSHTS5J;mu16|g$)Z# zZHMGet)5Oy`{^e^y!i5U!KYIXOPSmHZ1X)LH1#zK6*k|);k%}WL2L^&Bk%>Wk}}AZ z$wdlYi&Jv@*>ag6zY=qy>Z|mp&vFX3v*9UpBt$*oc}sGW@hnyeAsP8>1#_g!g&o&) z3K%UsU1|!FWGLqxa|+o`%AYo^v3#jX_#8yJNft)FM^3S^tw2$(x2FfPdyTmeoQIjz zI_vYW2!W}xPjqz# z)sj;FsH&(@|C0{Coi+nR#KuU{Qz2~XW2}bMLIQ^mt()%V*mQuBE>O6LSf$`F}_S4JjQ(#MJl@&H&1gTXXEKMz7!p3M;0L0nFA-$2%4puvbg zWUAbkhePm$pb^R}L$gC0bcpxr!o0bf zSt5HqRrb{Lnc=UG_G2uxM9tT%+1r!yl3ZC!J`7jdjd}bf-)o~)h^3$P?c;jTOXube z7R{+ITCZjfefhGRX{*;*p0Bvtd)tV|?K)>v^g4o~J{_V}9qq9GEtKaTq3NMT=eBv= zW?$9Hsw69SUF>yS{cP_$eu-V{oosq1WeY*3MIoxOx5b@XGgUQCX*SXU3|jDO1i+$t z{`>%gAowm|!a)YR01|4Tfnf1dQxoL&KqJCOp4s?Q4VmKl(+1Od`X#Dd_U*BSwZAA%hN6hxqE zrpE9B{$XIFLGQ?x0qU*KVX_Swz~yt`(ZJbr9hQvqqFCNhjx#5FJ?+h>=5+CGQMHAr zxqwE#H1>qSWjRbF-E-Nqc|s7q4Sx5l|C<0djopTD@8>UH!W1&IvWB|B7rA4iTq!&v znfs!-xf$w|A_!#g{sgH7q!MO^R8{Z~X~@YhNPuSw61sw{EGR%sub`$HDeBRe{SF4i zgkJ&QP6DQr9i~sfvWIRGu6Na+wu(-~RRE443<3KCloGWenTEXxtsZcmNTFiuvHY^)1fCAoVmfp}5+ITQ=MB%Yzk-8}d1=;R z3@>@<5^M%RuI)<{cE&x8 zjEvNC8VR+a(GEK+NY(O?&EwRZi~T`R_Qg7ja{oOBmUOn}54)!G37r#i zLv`@3hrtx|eAcEt))^Usjj%ri?7ugIRNiM!1w$diF2y@N5Wfy%F&v4`i&Mq=Wm_4f z!N5#z2a!}4BEKOaoi5YG3989*y9t~yu%uwqOpq&#zTkP(`TOzK*SUSpkne&tMj{-Y zSy^FIFaZks4*`jPJ}VJj(n88Cj%pJqviCg;4*rG1dp6D;5(;46((m7|FLF^%4kS)l zp;u6t0|#qBKt5G45^SXBw$R?G>tYEr2*|KPKNj3LJ~`%B&}h%sXU#YC!KY$(^B2Fi=CFT}OQWK|=P= zhm5|+-Jp7v>o7fie|84kZ?Pzis74U$hA-cnVR7^KS2L+* z6Ah#wmwx}&d^w8$&BWk!oq>U2>C%*x_1`~)G_eLh1||MWkaPPajpxvP-n zVGwM@MVr5?v85MN&WpLw#^Wu5`TY1 zZ^^9u``>XTL>dPF{+sFD6z+fjjaRIL>fe8(`Txh;-FxHq1ltUuAmDl^T)d&_I@MUY z{okLX!`4E>06tt922~=nA1U!8-?S?I>7&BJ2vlmQOUuQ!*o!^*_b)U%b!oMi7d?i2`5{Q1%injWyuW|_?6wpNr&w)#_l z|Hb+F!uAEE?1Ca9x+f336C4Fo6X%PG(@Q8mOI*6tYfg3onM6O-KI^p(;b=e*bV%R- z&ovC3&3Vc9E+b=kGOLLoME@;N0h)&|6kfn`5H5%BtoqYhOu>%?>lYcWsK;Cl3si`H z>^&(g+*4le>3!67rpzJz<9+z$L14*mNHg*bKR+DO>*s{wzdMF~U+8J}f{)|WDQL%7 zE$;gFYPqF6agY^Doe%25!SOgw-BxF-^jv2vaH)8=$%zS<^*@XL5WNQj`^RpAF0N+k zSw=t??+y8w1J%AszaQ5+Ihc3RNzOG}#yKC}!S6f3*fjSp$bjgVwwG72_2 zJR^HXl3+Sh&Q*_0Mng->WvALk^Sk3yW6KQ9)nv>j%|S9$3m)A-NC^SX#Q{ zo&$M`KM27D4@U`Hzzb0icT>|hQcMs8{|$nz1Jb116RHTOkk^F_W4O02(p+2?@*xpwoo2K@qWQ^@}yJaLiFYORihTR{@K{4mj= znv}%8^FNyj!A6A@i3Q<}Ab;l0$$oh+kuNB>&`Ke{YGX4CI{0!WRDxI!>|&6Xm4#Ay zLEJ%jj6iUdyajS$WIHalQd4=&&d)>e5i5wjE=eT`sv*!M?d}CYd{>LtyzOMbo3N%; z0zp495us2pa;ouGhNmhXQKZ2~Z*nMC7BNH1yP%-J?%h#Z+R4$;kjO|k$i^6(eD5nR zgorE-cCllM$?XWls68SnkG$`f!;u#x-ClXyhPEo?EkR92j~61$a1nvvt-P$PD}o#p zehg}9a7&yaWQ#Q*17TWw`=8HHA)H>pVj?)yPZuxtAxweY48`LvJl2D3s<^}TkwW}f zl(^|~xhE-nbP+T0KfaBQiXsQYS_+4}L93&jH{++jX93C~J%E^pmvcelfqY^07NPn; z5+mR+`5B3bghagUq4lLIQ7Ah=h~Z|2x~v5DJec25D?R+A0t!IgkUYTBheQt^lmV9a z;NWbd&@``0GeM~V!OR6m1>Axmbw_Z=_VsNztmkSY6R_>>IW;x4Fj-YCEyRYpgr`Dq zcb32g(+EyYOFQHvv5{*tF*Dy*B&G4XPIIu&tP6p{LjhuUmS~p!31r3sM!h=}bXA8B9Qs}Zkj@{=w z_8bh=@Uv(2et|2mnPYyC95$AOYyix6l+`1mlu(U=$Qo}r-yxFixCK~^Os_agmIyA2 z5abcD|NhsqFyz#s{s(K(!G13a3W}v)&z@1lwx~nVNnPDk#6wrN58Fak6lDI6pMofy zJM}!^Wc!Wqme;PuwVU4-)QPQ-)4enJ5Q#aUn7f1miHV{H*9ZM5EfKz+;OZ^!BXra8 zxbWzp6bb3$_(QE^&^pCKtgMX3ht11dLb{Gy*4W6w#PqSO?4CEAx#7{Ps;({oEqr(K zlB!vpZ*VD?mVQRH%AX&NJOOiSql&@o0?YLCnh85=~e z5mS()!#R|jJD`cKdf0Z&oOwS9D;t}#k`hcJVo$$F5B9(ow}g%2z(BN8BAj;Lw43`> zx3q9`aW&&c>vKU&{5(YCCJdRe-{2T_H73TmKR5Q(D{UQ}<#elG6P-;B4L|C`&LA^h zH5$exBkMe^BLr#h=hAU1tnCvEsE3jKLZc2ZD1n`fFEvd~=aG79Wg-~YLdV1#C#I6J zvQIUf9&nyZ$IU^@85L+lU*k;H0st8Z6%OSg>4d7u{GzI>zj5o~EBojKKW4J)*`0zh zY=3{$P#%O1_$<*WSULwACI}(Oo?zqPD6t=-h-x#ZxhV4pYQ#8RPaW8mp{|WxtE=md zGrIA2&bFS{3oSFyA?j9-;AdibaGk1Hw@FPu?;3@VA&yCpwdDlebe31p2ywb|XGV`T zWTRXKI>guDid`c4WF2v4b+@mivbHv4qO5**-EnYu7ap#ab!1qe@uw8_cUnqH%2)(z zP*Psr9i-s~l~2uNMkUr_^L_qHNxUZ440RBK1YSuv&QvTx=t)@m(-PGusw9n%o5PVI zK@Sy>WTtFnRpC}AOsk^H?k3KDl*u>t}5XV9OJ%y zOwix-ep68J0wZ8op{qvjQ*pz^#pRwD7lM17k{K@z9Athv7t5Zoc$d+BJ~Ja@_SY}u z9NfJbE_dz#I>7NYw&0BT2zfL(nMOu7WU{Yc<7~~e&F=x^@%lB&{q4lWHN&>PSKf=2+!)$axRIYc(7qs;Xx#%@)kRPfTcOYS!9BKyT#d&zq;b zg7=!?2!Ku)%twI?XliPjALSBbvG{ZGWs9jSj(X^HC)+`l?Y=j5X?22|RXb|kACr@) zMmgc7LO`ohVTle8;a_>I$L(PCXIUGn zyS@g0xXPxe;NXtzH172(b;M9}?ms!wOcdCiT3T9>@{TYXbJr+wv~HDjZ#A54C3tb- z3?^Tg{1WJ$t!ataNw&S{u$;E}Pj*Vom_q^d&fq^q?x z3);A=P_#IF7&rp|uaG!JrQskI&Y5Cx(WQ`u#hMVc1|YW6tN{as0rpYpg+K`UBJU zFLZ^Lv;a50QBAfmH(z3{#OemN-PczF8v-*OgEf~|>~$|#E+V`^Wle%$oh4^wf(e<< z5N~9FOVtfKQ5i?Udgjx2i=Xj84yx_>iU1{Exk6gbg$)D2Frak}mCc`yA0*js&zOEq zQSmMtqx#iw$#S7PGy2II2Km}+=!#IZ0IqB)QAC!1Q3B%TF-}7e>QhZoFB|oiBW;yT z7rFqW>~O1+Q-_{F=bDfvqxv^QZeXdwg&+)6BQ8XjCn(0$;M*!kxTEC=ePm8?JueY2 z-f{nd1K+-W{m>cB)kHH-@3XXP$UNtTk;XkSST4fPt{kRnR^m3aA3+V!-6>&d0`@};!#{plt}zQ^Y4#l1Mr2R!8gsnW|8%icNKg>)Lu_yy z0KrC3xrNuo@=xOah158U%ScFVY%&lHBqX+zo8@#taxeaxfBkGHIX>s1CvtA8OWhoi z@|}}Eo}RK*P9Kb4)Nl=cN8Va}O-@U*m}ZVYXf-l&`C9r_veR^*prVzZmv=HqT7*QLFTl z-{z1Bg=rvsEq^agd%&E*{S$Dvu8g4W*PRp44?PQgCHpZYABk73V`Mu#VOjN-WSv7_ zdIA2`v+eS7Y&R1>Er(AlDW@==lj;7{| zF@r#{V_cW|>@`GotaTf%GQ__Z@DuV_D>55i1tcYXYXN&*>~K}7Z}_^EUul?Ha{EY> zRD+PKhHmP)wckoeS;xbWC^etoN)%mZKIRrals7kLiz`CL2OJFl4&%Fo3(L2vk?1UG zkp)QMm>Hd(o*o}hQenl)J>8@DJR}6|my$a+nwm7^@LrkM2tkr#Y-OSzJZ$v@9tul$ zmLx^uEDHE63R2^9W#WTX)4k+4V>k9>`DZjSh0`KovcKv$O98akv=MR*pwdq_@CR&fhGQ855A3?{k?Bb0n*;t$o3D{R2vB54ePU`lO^xs?w*X=LQFu%v>Nf zDD;rSGzrhwqb6=HDc?Js(s7wc zHK6LXx>$#-6kP~p($L(3U_a8Dz(8dH$0&%iE{_B=Y$v)~D5IefCK;QNld~{4mz0=@ zP>O`_$B}m;oSaS2ENf_xOCX3?#Gk?m0SxLy$O60p4qRs7YL66u}Lh{HKEuVGx`e};T`bacM=PIz(T zpw$y71=G^eEeF(K_b#SYThM`QkkOiiBCoKpE0A-fW&J>*fz#KA`~heN5cv-h z0fkVmn3NQFHQt73+W3GQao!?2;Kos{b9_nYy)V&d;mkqI3z8m&ivHA8W9CglWRMN_ z#zQ5X&{t0`Z*gtV$+Ip)35i`>R#s-p8;p#_*my1o`&3R!ie$qc6P* zA$kd`PnfV?xUfYuSp3NBpTy;sN9X*MliPh+?f8NsB2wDT3FX}R^9#;@&}a0437L#$ zYDaHxG2o;fo~X$li{3p=M~(RyH6&xeJNocZVdwlsG`Zs$Qg z|GYSnVE5@ZzFQv&kSuchX;WcqHF2GP@b|keUT=D381(*)>RV6e5AXVSn~KPK-^Kp} zB;TdiNj2a{Fvma$oEjh3ym~bQQl_ZdOU|>hnga?2paPYA>_HSAOblVNXR#4s5|N_` ziOeZ9lFO4aAVyTIaPol2ug?a6BtmKoaVDV+86cm)sGWd>rtbY|T#)_tpL{zk(CBp; ziwl8>EEgg>^0@0jfq>XZd>bDZL?i)3TOTD_T2SB&E2Gs_LJDDRtqwaUY&wW`QczKu zw$E%K8t7a6NU4CsIz>C*7O@5M7bY6P){$FLw{6Q+L6hPFZnuT4y}cpT37C7B@}6L3 zhW{wWE-0?r+uK7SUR?aXWbBuBmReF$-r_N^qd{JamLvw1aH;}~N3N3f>nL*Z;(7!> z=-Hxegq?;84|=g@smLBo9KeU7&Wpo)?!BMFt*#7pPgsKjzypf1Q3%TsLhh-c+K32R z_m{{fkQk`2qU?xMN=!V@!g3iiQK#*Rh?b5Z^-sl4^zp&)L_-z5hcG~*61vV)L`2^i ztYt7JM7RC6Z`lh0KR9JXVy*&n4NoP9AZMDKoa`gT8f2cM*?JSR11AEn#3?Z(B`2S; z%9aK{c7}iO+c#vk3=}>vzMn>(W!mxz7Qv_z1_bf4I@@n0;sJT0Pt(x`fEjO}s+q$I z9HXkr1c)h+54AMy#N_0_y5aaQP!+YbJiR_B$r=QK<`*=~6h0_F+6f(|l!UZ2c{D-3 zpZMu~zMKn>qjSt273+D&DQ%>iY05-Ii(HZNXhWvbRh-^f582_vTC5mAdx1&<(;_I* zyicO!#E$0W{Rt6v#6M_Tt_nkav!mlIjK7nTq!U_~mzHMq^5-_%N-2eWlj`$4Apz-y=t-A}lo^*4japa_Y>P`NV{mFrkpU zas_LHbk{CHx8J z&dPV}-BNI}v1<#FSRvvi&USPy%@E}PAR<)(sND2@sz@GZ>-jO=g1D_qS{L?i(R_U> z*J1lY=$36e)CuErzyShL{9&fA79fgk z00ixrQt+n}s?6=bH}TveI#us=e8J;F+vwQEtsqEtV<>DJu0ikEc6XPHB z^7tq1PNh2_w$j_~;ZHPT&BK3x+g1-Y{7Oi(QD)`+M$(OT=AHVxCSfy=sKXeq+@#KD z9HKcEx};~Zb7O$+?}p@E`HBaAEEHiLy9^2*{WUE%acQ%KXHB`;%M?6VPUD@Qf5n`I zYW<%6H}SbigUHa$gSLLNQQ4gMxmMde;;b>Xi-K{p>|mBC=~2Cg2cpspVYlyZHb;+9 z;1O&*3P4yILU@O}g;j~Z-^eB9*A@~DioKL|Od|d)`N)cqQSQI!X_A%rD4%WTo2ADK zTQ@HDZt1D3*N^X*Bs5;X3u|8~m>tbOF#DkXyrP;$HS>DqaHK)e@2k_KveQ0KKYDpf z4YE)Phwo^L&yJl8+NNE*<*T~I&b=EK?QxjFVkeP@1ci4W4WvWNvsU9z-aIkn)r{j5tUnX9~OtgajGUwjwoO>Tfm*emn7r^|l3y>_| zX7N=(-s2(;b)4u3Ij=AP1~mM^gYCYOStv(TXSeP2cC?x`yfSBzgxXAxF zPk0LZwSS%Z^}aNJfik~ebZ{3(M=sCS6F-la8ARmg%KQP&KR!E^ni~J3`y5ld#b8fL`C%&0$`Y@sh*F5=FyHO zgC9RE1h1d5cBFVxaW>NSsFF$K43P&LW=9V8pLyazf-L}^ zQsB;B7i7)9a87}=_d4^;gp7!gPE$w@d<*>`Eo_VLjM8)R7 zppJ~2orZ?#MBUh0)V8Za7-9Ts1_DOGz7#rId6rqD-T*lNmR&{yWj5?^ zksPAS&{g8*a^b?gWf~xWXP`3=kZ)|^H^7A#m46XNTkdka77jn3@j~9C;eouqv%g8v z%6x!n9__qydDaDe;DqJp!*2e6cIBr^RV?{%3Ti$sKRS(xOBPjKTM7qz+?f*N@-giaw|yJS!n3RgHrPJ)Jza z6^9bh!sKLv(F`WLc|6uuFfg*B+OwAAb@K**9_CN?$;082MA2nGOn%-HG* zLhN_)CLnwdyb71x0}zTeXdJ!9RsPq{r3no!Q3U{jC|yRDRzW8tmMil}eD+)(2!7%}x% zFYTpxx-Q0LAaus`#BIBrTi9wIcAM4r4Kv;%7vXe>3ikB7z=1LLrmJ@yJfH*h`& zlxTp6;5>nW2>v|}FH4Y>6Kuz7*Rvc)ZLS8b(7!KjniRX~=~+#3KiXUT@$0|HRdp9m z#C(;r%MX@;WiChJmz=58BF$4%k7f8L;@4EPZTmk>&^-Ri5gr}Qcrw!}E2^KqN>aRx zIFx!|-hE;2cB9?PbE7VkHjPdtc8&8zi$|+$FpSe(Vo?U z90NUO4CkQV4YGtXAO6VEZ0PTiic`YIW6f6ojw8sos<*DPFyu=Z{hJ>`DLUJgvrjO@ zn^yEiNFOiHPZsi3bB~KSAaj|NsF^B;fEnEWMyfG{v9bBx<~am&F@H5Ff+vVd?wXgB;$Ss>!gNmA!K1I0MGxgQS@Qq~NKN zbnZb`mR;(jKLW9y7k#MrZd(XcXMe{hBgACKcZbL{BJb5kw)p3L*QK}brn#azeY|fD zr_6I*AHCkw9@*2bm#<|LyqA(F+Qy7ahn0x!di;(i^?-ADoo6tMdh5s8H~x}u#~TaQ zAXaoofk9zl9Iz*ykb`!%DLFa7aExlsi9Q214}Z)#$}^P}6$@jnCb0Jc5(vZqFb*)% zudP!-0zyJ+5k(nOTvxB&jx81&ifp|+cAXA^CM*{Ur8+q7 zOYkt<*ix(^X2tPmyW_ALhfP$RC$#+7Y2e%To+dQC?92(?s_W6ZJXB=HD_>JfWSFs2 zM|`%?aDiNcJ9Bu2V7T3XXUG@DIl)4@``r&X%0taWHC`!k$G)RISo|nHV5Ku-C69~W zv3)z)k+Uh779p5av8k2cOxNZXI^1CsO}%&f!Y5B&jCdbT~fng2~v)GTCuQgB@?8Mb3_RwZv_GyJN&+ z<|*li%CI3ZMf#v&J5mLzl^70{{t*qZN$M$g^6CT5E`+gaTAr(WM@DLubu z&y{ks`sVL3+-mnr_nWHJ|4x~Gnmi(~zwPqAPh=J@;iHP}xlTpbHink@VmWv!*KaO0 z_2(65<#&%BJtWAg@mXN7+VcL;$|YHh=CyS7%pC3drXJo zxPwnSQ2sr;cW3E;R=r%tzXSW7nAq`$J!d)U-qI|kBfj(pSGy~Ih`T)Mrgt(Ef z!g`vMlRp(bk2*shSjtPlp7ln|x!4?cZL_11%l?Bs9vb?3Wp!7-^}R&Ke1mh*fOBz3 z$=_DZ(Y9viX}S{|ua4&){LZ|cwIp0l0wI7f1sK9zhnZ+~ZOrW>1i;2E&em5Fb+3VD zPDTdif?Z40F${%fUW^1oMpjnx$bMj8xA*6@*9pi{Ke{c_YwvC~abA3xr(;|W-z|SE zzCQo+>iHj8HQhfV@4I+ERg&owHxn@60zh2qeV9K(+uf%ci8u2q`$d8$AB-h&4}tRk zLCSIUp@tU*@c?DNQcA?-uu}^ndocx0v4@Q8TVX$jb%4Om&CGcF_yAeJc# zlLVzi;Qt7i2?;D7mUBOUsvyfr1S(P)vdpV?OJDragR4q9xPWnTwPaUT?^qkr1G7qt6AJ9!}ya+(6Xz zOibS}#~Li+>3p})sW#8TYp}}EcUDw+x%|}5u&jiE1^QQBfNi8X|i^FH|l{gwXfvG|$<*M-8AI zvZkFtV~B}KB`H=lSuI8VdSx^XO`1UXiW^_#p8(>Y*S8dhUFOnjT%MrwZiwZw$^T$GmNA+`@>&V6`Jw{+S63OnOwMj;vb2$9hS zn`<$Uu(|H$yy^U}!CDsp{xghM0&Fxkj+bEY0nR*Tk4bl?S7>BaS66T5HDSioU+a(; zW&veD>lsdN-@lu(g@wQLc|6l2qH-yrH7tSd#+tL~&1N41ua2YBBDA|LIz=>U$Ubqw3+tNJ?9#IuFxM(a({Ci1TJ|6 zP#j8LP}eZTfNBMViH|CvCFSV`J69ewWi^O91<^XN68L3f~15 z7Sv^4*h&;iUjQsl@v=GsB|F`=HkbdKKv|{~y55afT((bDukKYCNt^nX_T$wjZ5iSY z(-`iHp7$!XN!P@quX0ahRh~(EK?u(0rOu@MuzY#(TK~xGCZ(qBjP_R%4jXzW2a4@K zjkg3a?WZKSTQIP4lRnPK^=*T7Ben-v9^vd;P&O{&KJ&71wYuw4=3ObTzS?aIwMNbReaHs zQGMRem3w}oY}NU%@n^GL98+DlJ{{0HyZJ5_%0e1L7%REs;u5Y3o+4@zZ8jG#Ne1|h zfe@hu-bIXca~t&0F4VA&R~i zSYwFB?9Z8*zog^P?*n9_mL^R5g{U*}w}kQy*(FiwCD9Se#;)S>E=gf_wReY4b}N6E z8fw?+S?K+Ftl`zwtwe1k8%w8fdroEusJVUz$*6f=t2*rVeIR>cqC0mQgl{?KT@P=7 z@IrvZ*tUWM z6W@p8*D<^QIVuNUjyEDPhaU3$c^lVr0xcNhG4akgfyq5IY;y8E-cq2Nz*Vk;$={u0VZw?e9uq*Twx}M=%o3FnpGz@e z-bv+UKtM~J%;DV<*j~Q%2m|%%-N3etGd62Y^RBVe1JFiJL5E=nOr@W)%SCE=6 zw~nWEq`6dH_7E1ruN6)6Bgah-U)bB=?X7Ej(B3&pu(&BMYJg%9F-|Hy!yfGug}WPz zApnbkcJ5M#QU@QJU^gLu{SE#QI`{glJxHm6 z1*xWKo3W0yC&M^C_Q0+R0{x{i(t_rL*@p+Dgc-oXLYM2;2hsZhKTTVE)mnEF5ZBHA zl0TTlM3eEb0bbSs)`6INlX$IoQsnpdST$WIlz7ZQJwUvHb!JwJX-bXHdu5nugCmI& z`5J4dDKGMZ_-p@BB(Hf;>zOv1V*A>#BI!MK3RoW;EbRbHV!*^E()>|EqO#iDgqp6IUh#@Z5``M4N+Mi`0gkkDo8Iwv@UD;#c?%LYfEz4$Wb8wzIHK<&V0RqO$e%ToriJ`B(3Yr1Y zzke_0{@ff)G}Tm1G#=qf`9_5mT-g#oZI0ZmEagNM3`k*xwYHvNW`5|6IUm&V|B=ZW z3y`Bsm)rTv%S(p+Q1^>Cx@Y+`!eX%%RA77nc3hYeByJiU*;3#nHocsbc5Ppz)#9Uv z@<;EhU2aK^mEiaHX?3Sepvy4zR^8=G{hnc?7M2c8EIXrW=vOXQ%yeKEUCPjt#fq#- z1zD)LJ_I8iqgXdq@F8$8*Q3VCwd_`Plfx_-Y^i}{J@H1?i-Y+SxIO?L$XkH4Ur%y? z#|wDP?@U`h@Y*V4G!ovW>ke zr`0*EBTz|}cGeGJ*nyEz2wWh{D5>gei_&*SW|ID1vM37J(Jnv?F#WV%2 zDW|TOFEqk;gSg7i7lYre%~5JIw8LQ1m%q>2#%6HZVZ8VDu9sSCx&_%Gr!?2iKJQ{E zc2p~N?9ALdjUAT%`pJmbeL>KVJ-h%e6y5K;RB0 zZ2S890K~Zx@7uQz6Stq@E-Syly1-m$t2rb>z=^^5J|^3?Z@nkQl$n!r8j$9)(}ioG zcFTEMVge8h5lu~L2~aSQyI=Gov$3@WX&ebIpPmW8JVwc<>Uq}JH8j3poM1_>8mYv% zcZ(^82oza^Xsdej?M#5w!mpG?JAuZR^--$n*E-$x&<~Y1J}bUgR!$A`*Hw}d`BHBt zP`XSO+LuomFaVdsX`+Lu^Xk$Qk=2=UK>JDNbE1K&+P7_Njx%7Um02bj-rM?ECYb(s znt>UvnTu=ltj72D?C>;GR#9n7h;k=LU|^L&Oa^4mHEgpGDW+P$DU3K*m zg4fGD(#}N5{}RJZwsyP=d27j85cQFHYV_G&>*Z^Gg-8ImY+V17mn*5iAD)@NgLkJf?=4nq|BnvWk%4U{#w>pT}=c z_qk!v8LPDr4zhTz0)ELg8id40Y+HF89sg9sEp^HoI=v4@dM?>zIeR94`wW!p5l`0} zmFS#4d~D+fQ=LjuGJJjIDxMSMPh_XF0B`xzp5tL)c-2KG9Ef2S&}*v=GtqGD?(P=N z@PjZxNXX&R$-%)E9M@P@v*d>k9}Z8t{o{8E{}fMH%A4;k>fbPt$ax5YMMyCW^Tz-U zJe}A<#qU4Jaci)4jq0}iNz^aI(`ox%XFO8sF1NMy6A~PJwN=j>`2sv=6*1DbA$bi| z18###^h*;}Kh)OOM+iG*78b6cJd(Y*qK2`UMVxt#`20Y+0MH??g3mF-D~ucBKjFX2 zu?BfPdncc?G)8D-8rGne^#Eu4dbtX|ZhFn>`2Bf}3=DZuAIO=H0qG`;)a+&Lg`aD=@m- ze(?MG`)h2(7q*3Yh7W((PPo!LA}QDx?VSQHzu3urArFL5+^&Lq)r|;-nP0rVZuk~) zw`SxrAUkUcK4t+Qu(7Gh!?~Eo;IZoc0HJ#8V{iQPUT>?UQ^vn$0f=R5A?kA7CO~|L zc79A+WUxM$&Cc{!!X9Tn#~~_whd4Z~-OYYLN9Tfp*N$zz`4p=U#bR#|3MuQ#Yj(6G zg?B0xb7gY;iAY3OA?+)!QZfT)Px@EuR2WO(vzO@E@sqyia;OU5Gv1kos zYhqFUt&RkvXyd09W`3q*l<8xz4nVVOaPMrn#OAA*JMRf`^_CHl;Bgsg4O+Ix8ozSm zvP6Al*w&TI_a!P3ma^xi`TcChSlH<}2*2_^O8C45sMdo(@kEBE_R@=JXWfam3HUFG zy7nMH@y?wfRW*Ydb?%%KX7<3*a{Ys_y_1+24Svv^=aFe2+C%884w$u7^yKv7+pzP& z@>+n%A+-G`d$-f=yjpePx#Rrcz`-z+)3}JXGaH39os)CN(i6@S_>y~q-lc4T{gm+f zb(^G0v-uwfUFU5ZAOfR8 z6OA2hNNA|3mtr*eCv;Rhg8t5~YinykDg~McqJ_`Nvu7P3M1xrm$T0EpLd3ZMc_`-R zHk0(c3LN%#o#PcNm~ReHoc&8iW`vSs#?4cBJ@jQ)>S;TRI^836y&_FTW6@FWUY|nXvna9k;)Klyd;*FLR0XpPE-JhKe&+$nxoW#!#p2tw)seek%7gP-+_s_sV46 zd`qO?uvr5hU+CbfaGR#5WkwMQRX)D$?E@hU94<+}%J=5DpVNT^RDQ zSB57-_tMmlFe|ltR%*7ElvKZV`P|e=jj!xGOBF-VW+K8a;cn{DA{u(OBMvi zF-M?lNK5~k>V-B$4+2+Po607Rn51uD0N`gi{0KOaP+57n0Z@7AFD0v_( zwA-~`zhsbUaU_>ZP1JV5pzNZQR%O_yDo0MOv${lYDK=p^%;~0(7|6ybLc$3UDmVpz~*Sm5Jhtre+sL!2sNrl2W!_?5!2Hs27>!K$-a#}FZ#H53LVDN;` z>3LEUkwFOwC;sK18GsWWPit`zE^r}NhFG7uzHNY-jfc zbm?Dx8i()A$B~WyjS>2DPPZmBfq)GJR9syARctKqOpJt@uLCn&ULLvgFwp1mc4Gmu zHU+`RM&TdLH}@QUFC9AgvahCQ47x$x?=0CkIsG3${tYz?!t@HmhmSw?&uafBMazbq zyR+llmoO(UuJrxSRs;G2T+Zb4-=;doJDy*^^l0C)ei5r0?=A0({aOoh^e(rR&u+C%& z31Y`QTyd=Wfh2aSGk>Qcmx2Gw)c&2xoI-2k`0*H}7>t-_+_=TFQ! zuHSHen=-eRWBC{}J@5X2OwZ^`Bst&fg)e$%JUSTh;!MKGqU25I6Hot zijSy`d~+B7-8=!Y)nk37-(z|Bu-^~~Wvl0cq7H8o$EUGt-v%0s#6wL?<|gZDdt|%A zs@T5G?sECTn6`AZ&~0k)3;yfg8Ug?Up#fk1-rfT;1d#}6tYCF4JT35+IaeP? zdxF8%BP_qP{snQS@fN1VB=sjXT7MN01JftJI_p+jaHGh@r%w1X0Ec6Q`$6>fqKP13IP~%Ph5GY% zd$y`)iDlZjs>qGJ*YwH=zAhoLgO2c-S7>|BH5t8RES8*^vQ=6N@`)3V?7Cyb;%J*_ z)VMJQYrcWdf|7$FM@ZeEhQrW3NCt|DN9Dgk?}>odtu^%jpTIh>001XFp4*C+=u~BS zINQh?kMfSISwtg8rR0zLCy`ccgbz{e_5;t_0=&;qFfw#3Z(}WNV!p}ah~trJvpU(X zkiJ#X1RMNTU(q?7?TB9@peW*e8La#N-pAu`z{T9%@ubk@3)Om{&1iyGXeo{AFD@kZ zvY)Gs^j7Sc84@9Z$X#;x%FPGI>3K?zPBt-~*e2F{fzb9CCqdgohH!c`9LPph49;#> zcQ<&xkG#C%6B5APqP%+Z<|GosVOu9`aZ^)M%)4Un2P7pxoZzQ&wGgC##Clm(Y#y=} zlssZ&$k?OoaLj0Dhp_hxNBtXG%C(_Y=L&YeIz&M}mZL4tGyK|mQ8{m==6Rs>F!3Q$ z`snMMs1;$P_q3~<8xl{@%%G>MVr*zQGYs$y6OtGZWC*}eg0hpOq$C7W*bfmBG%?24 zY@@gS$mhC`jhbcwl7~gJQ=AitqF6=Bpg;Di5{&t?~abrp% zGT*EZpWt9i9{BooZn1Rz59a0v1^m2UD}mRRZ)Sl%WKRT2$4R_yF=aiZ$)t&QBRa+~ z^iU1}#k0>|p?9gSI&E>Z*3G`_|d> zt?t&ppfz;4feEIKATw)vPd3D3hctZBHVAi2Xm^a*PRvOevQ@r%hQEs<(z~jfWDm-nZ z9doxmWu=zav+R#GC0zgSxJRK%HH|0pIROEn-$Pi@JNF$u@T5Wlbl-D+pt3)C`g9WQ zQh-D%Dk>0y)73pnNGAT@BObvb8x4#*s@i?0YYQuw*8@IN)KEoS z$RSQzQ;ZLx=ki?c>^NK8v&8Ql2m6K}XV%*>G|zAu{S`er`ctV@>7LkrU8w}MBb?K3 z?G>B0Z|2iEfqXBy4ZM)unDK2^kvW+rrk}fVt){04Uq_*58Uj(P!$6k*3yxAskY4;> za1^d?PQqR}AFpQT$l2Ok7yl?=jG5SOAr==~M0}2qrD~);@f^46vgcNEyIU6;Prtdr z8s;s)7$tr7P@mIt>5}5K zq~6m*@3D5(bpPtY?#6edjDFss^*()}C-S1q>r0HiKAV$lemp|S$=6Sqi#V|BQpGdE zysm4mq8_hB$0Rgng8jad*7J)$d=;c`_~#DQmU{nxhCx<5{~iX}a#taao=l23&%%%g^b0q5vt;E*xw}p8}`(?*zq) zgGncc$gb6oUzuEb6hPc~^jq8NbKz`eizAMV~fs^_+C z`;L=SGKB^*Bx5SlWJt=H3>8W$4U}1BND-A(Cq;&2s*GhQsU##qlPM%36+$9OkxGUl z^?Z&vulsuL`+o2BK5M<}{p0zqYh9 zPX3<`=S!Kb6m*vlePMRu$DJ$#d95EOx+qR+8W56m=)fb>twXA#RB}V-{~0kOw<39a z?!jKG5B+sledk}dI@(QdUb(-coo40ew6LFNL$xaJN%!fF-ech3``Q>z@3+vf_WE|c z$mEM|^RmOYSiS4hYxUlPc3+yfQiXK549>xzDe(mg9YcJzGS*f{I6o~e_JzdIG3$vd zNE*^Z8c&KS-eXs?JMoZ}?Xn!fB63xov6!D|D+IGj66Vbn-`oih@;$5!|1jR>q`5M_ z6SPJh07mPCbPyLS^vZp@c2dyBqsWb}7U&~<@sMovQ16zRlk$3H;O)?pj?jG1{;;eNmI&priY4Pq~q@ z&N!=seU40T)~%JdccD!`Y3YYi#(VDL&|7a!^#M0?(fQG)ASo#+2)&Uw*6sf=aZ|E_ zwv#zMkvI2h2uh=I0}fjNa!c+V5Gr!?QbY;xE>-L(F$M)zZ0V!Kx#nf6*PbAh)Q{5E ztrdnZYF*dYTqTn0)x(20P>i#ca2kT{X~bO+CBpe~=z!0a1*!uFf)&oCVnT~q9`fVU zUG*+#;LyLo>A=Hbl6@U!(V?Ub>D`gyhN_D%gHGmkdGars(MYCOFDw*%F3onZvFU+h zTc192I4LYGSEF$U(jX5$)oMxpOxwPpW#d$0PmJttIbGFM(Nufe!htdxM*|`&g9GLd z?)K<<#fyOhrS)f8{yDDn^Fr;Nf0-TnyQA*wj)(q^jGlID`=9qMS3KC|FyYTmksCUx6>#2`gPSx`+9%T z@Q(($2iuVvIL&p@c3d9a0@(`tRdiWjtDYHDpC-ehnjN*`d42u?;r$wC6`$VRv~Cx! zZFIx(&!BejNagEe;#zg3I{jc|qygm!kA=2DHu2UVK*|T8AGCh}`SM!lAc8) ze(Suzt#7((w9ef2db_1VW~jX7@C#E$%$=0A%HYwZ$mNF*>+EZ!Yx&4v+tMK?wr_cd z(;-ZdXK@4>^@~7Fyt9_TQtTWMPy zAT$vVoN)UVG9j0LWswUN^tY*>pX$R`<)u@%!L}4&A8ci2cFLv{DfOvo*wN9s+%-cF z*w@kTXQ<<8ZSzeQvAr=f!XF>ZzsCanr?w3UwJ6STH<4!2c9xV7HltDd*4UTRw%B{#u8{1_&uS@~D^?8kIV+ zg|VkU{iKuwrKeAqwX$-T6DNaTgb}E(Qb?)xasktf7b;+4NXc)8q@#J zlk1#vB*HedKxcvF_Z4PM?I|xS8?0!ck9*r&Hz(}_?EDPW1Yp^3P4O8ZG}88!;J}2?_U!yXw2V`xOj*79JXD}dvQ-s+VPh1J zFEQNc4<0aSedEtx$ZCfT<#EdwESRaWNN>gS(U00@J$>qh79Wo(_1@VyM4&PmL%~?S zb#q97t?4dS6|w9)1^LhLh7f0tD87B*68TDu&691b6So%ATFHI2c9+>>97o?mc=;`49Ha z77{8csSZZHA)6XndDt+lBwoRga;OLRj+XcbLXwZDw#CgLajRL+Ssyy^)Ps9!oxuL@ z^VE-Zx~t!ruUuJ!c}5L%&zkPp`&pcruuCp`@{SF5I*f)-Y86XBC zN9arY{+2Hku58|(3JTsZ2K@9-j+lb&XIlD~{xf0IynV)cY{uzg;f;Rcw~Dso3TKi0 zm{Fd6_Z{rpvJ*=JThxF$pP!d1i1r2YE03;H)yRhN#PfZ9f{g`kaLGal9scax+sTe4 zo#^aEa3YLrCBzj}ipYjDl}6}?ml+vx<7S;g4~~DZquYDpcSP;#lAC%zo`1I1yu0(^ z)uT5$ZvOkbu^{W0`lo&$-Axb`=ytpxqvr0m*rjH>?6|aU+7^aKA6(T<_lz97wBy`A zbM;51h3079Fq)YA?YX}8;Fj`ETC3|{3pP$yBS*BVob&&nVgK^Kku)12FO~#%@DFm) z89$rhlSAq)?Jb+HgXXj*;w+^00Du;QUQ-yLwrq2LNWxMv1K90D~ z55L~sxyRb68rT1>Y3ipvveS`!qx@$|l>G0CJxSUBs@RLvH*9;$jU}6`fG#|L$##v2 zOHJFgD%^G@a#@8yW{yP6+iHDdgl$L5_G|Y^yxsh?2HfCM`$@}^R!h!J$f>{1HkHsG zm~uTJZl!U%(MhT4?ImPi#k3H!;vqm2{(?Mz{pSDVcSZ{{x^cRiXh&t?^O@Z zqf@@tfTh8#B}6lzepwz|rsqML;yhlJ{8Q?Nw6u?vHb7Gq~<5vxs)pX0sTw^0*> zb!rbV+D2GioN-UF#Qh)%9;C9)z0hVw^qt@O?+0pCXQHBROzjk*q3wCH+k(X| zn+tEnCC-%a$nkmH&tEso?NIcDlM}4h#~Ox9#cdict3BNMk+6QK45p9!7xiNHxTJ-8 zVI+f&LCBIti}qLCsyk(5_jAXX&TY(feu=QP`gH8nw?xBw{o&Rp7c5TuvsM0}tbPCS z)~6&u9cAYQNSz#oaWale82h0rL(>8uLi4F}#S!sHuKn91`4G^fv9HU0wiME~j_rgp zMpClJ$YnOzDPtw&4VhQ@o)d4EWS9I23$A7?U{y=x+>&~xcY5XnC)-yUll|o%mGsi$ z`4%|Uyp)g#rTe3{s>_!xE!;t1^l?7XQ}f^Nt>gfdum8L<2mHG+{QueSCQKMCeI#(g zfcYbOsP$>>Z>!@!GUUCCc8^XaF9%3;fp(r9cVx!ZQ4-oC=?$5YAWWWmqHQ@*fY6Dg z_HlMZD;LB5yKHpZ)bAlkoQR5QD+3`;M-L0o}{*rm^COllGN9w2f{`77-D?=AL2Oe^% z{$t1fKony#ZJLhj2MNDCkYf^HN&zfJav?@)r8M_1L)Ac0!M-C9<9W=H+<4-@Hp675 zp8Z4bJf|PoWcl~obg(dlr$+e?iTuErjAi|0q&9Bcc)jTq!&&b z@B*%d&f{cGTSQ)%sLpEMg-eYPfmrXjU-#`>Bnk{#Z^ZTE8U$j^1=b#^O%_Sw_#N_B8QVx0Zi2RCn)q4+4^Zr4tWWkf3KKIt*7{p0%dnuIa*0&pTeoea1!Q^F$yR+~PmNYr<`30- zFC|e}T9K1Vv=U(`{PRI9iC#nC|QTLF@hlPfEt>YfPxWZA( z%{u)mB61E=Nimb<#EBD4HP^dV|uJPjBypv-+tbB|aKUKrm=J9;~h=z);f-qI4y zk-#Rn`JnHQv<)ZP*x2ASi@nfae_f^H*_B~9Bw7^n6i>oC^2r%k;e$7o-A!AI0 zHL6HJk>GX-G&h*~`|zBp8kCNa+>jXif^~2}GNg$JVtTk~ z(D*-QnwyJ(UAH2gJ+Kq(pV^Q+mTel_;4@cNIA--L||* z%GK8jHdpGlg+m{4NlVXY0dg<2CVgEuBmTAHc;XS2u~HGqRg_2i`Odd*d*%qs7A~pw zE(|L|Fl++RX{}aOZzOaf0t2sEXQHD$lG-z&I1x4kOQoiJB^SScM%I_h5jiu zx)TsLw9|h1LTnW^F*C2S_Qjr|wTejwHmRO&fOC9I{WNmvpNyWfwXpbvDqk=_Y(a8v zs?XTbh7-NK0J85=fHSFrV=E#o3~Pu4-LbPq?BUtg?$_y$-;Uq=go{%%f<4|nn1`D< zcb4y_t9u|wMl|!0j+Ln5+pg!EJJV_`9+FndGAskS(t7K-z8SCo-kvezPh@x z#(WjWBHa=`g*LI42Zld|2qEswKg;hxpKBK+)RbXhnKwPoB@@0o1amXe70g`+Pdl)h zdWkV6ZT|d|8`KEluy2c`%Pe~ISkd0zx*58w-cCi^N?f8f8i1f11G}`>%a*@=i&L{o zXts%MDXZ6~)bC5dEcsz}d-v?oBEE}R04yV)>%Mp@h(}-Cz3tN4)V2FC8KS)Nh)ztW z=l}8J$7_)cATV`saPV34x^|5xw-U+L)&Z851=g+9%3d}%jmmfc_YA5|-&+A7G5|04 zb1b+c|DjK!lw}OYIcv`Z=`BWR#2>jN)0=j4{f05))(1#6IUm3e%p+kgF}v|M`ugL? zkM1*wZ^T@T;_kaW?+~C#I0bNC{^ZQj`7~SqMbSdIbt@h^;M9kQF3O4j z-2E0UaU4%;v8iS!D9XOPSyxk2k5lW8-ecT3d+EtSlF%PBHW1xqK;>9$3P-8!PVGBo zIyQfw1rl_iZ``Y4^T)=k?c6vxe+=_(xec*XcG<5`ND|B*171mfQ-x%*agxgM67#Z32vncM_@nvt`5JB-7JT~2|yTTTs z1x4D~cn<4+rniMRv}Lr$*_{zdt?F_;6gqCg^b?u&$O>8X;07f*z8qP@>iOJD5rwc9L#Ba*y;2!OeH!@5^u_ zo?fGL4rxi5L606il;yUG87Z{70~XM$OxjN4m1TFKP1n-Y#EI}F)-mMs2p>P)SsG|~ zmh0f07io}P!Wz_-?4>?T0N@1Vc)#AIkQ8ch)BCNtj6LN>QvXQ&x2AH&C`}W@2P7g!^xZ=5!cmBIA5u-=Z zNl~tKQ#Os6W_}HK9g$>?*@0h%_v@8ke>w9Z-R#*F&*-=1<&R4&Gd~dvv=|=;;A-Wg z7~h{~M>CVTc?n78{2M`xN{q;rXP{bBab{N5+uDNxaYe@1aa0uOC0H*#aCPeOhjY)Z zJLy58$}9=TxAOTe9ybls8*9&wj(5pCAqN(zsOqe-D(*+p$5yvDFa2?=j8;mlm`#5cQc!xF{;&km= zau=Q!RefzpUu<)qF^GhwrAF(c=Jn|B>t-r8vd>t9IFWoKf9XXj3>ho@Yw)rhcuZ`T zh3CjH_n*tc$b?M)guM;MQ_gx$sxrm%|LAWI5w{xBR=?Aa(U>V8YN%3zyTGK;yy^#-Y|f{!Tf> zD48#0vZV#x&iqMQM>WU{1yJ$tq{<{^2?Z__k8PH}CB_xbFB?*P;!RoErOTJC)!bIC z!p!wH*x< ztfebwPsX>JmR9XhmE(u~bubsD3@xv&8KW#DVY3a8>!FHnH! zF2`DJ)LF2dA*v8Ip(Zyo#+n+rUpk~X>B9Vbai>2>SjE2TbHXlRxVrjU50A1{9a7_p z=G_cAp0Gid!U6{+VK_VWTYGo|&^FP|bNfno`w3oJSHTox=gQ#|^5i^_@Z z;HA@smMX-(wbmRp>KlwFm2BsX@A%#JChvb8lIb&Ye-Lh?d_zbYQzLxa8L5dx>-1ak`V>u8wSG}QJ1=o=2nFFq$nP(AG1ce`1(m3Bw+cgj(A zdxm@2*4P@>5lDJ*aq)Hy`nj5h?M7S6`sGZ!y-@S-@g*NWqVP3MPro{shIpojaQn+| zb#He@X8%;V-n|*eyjpjTv-8kqEd)uMA|n->&o74Bj<~#sgHgs;yYMl!*&0c17Q;E*q~(%gaCJ z*G$A<5)U2Eoa)wky^GrK+Z_91D=k_!Ir73T5n{9P6L+c@B8!<1 zx${M%{$6$WMu7*YjvKw<&yI_;dT6cJIw%)(k}mhg;FHW;S-J8Ip%3#s!mIc``pag| zK1AtAd|s$&`%6U={a0}O<#T`N%~<|oo~VHd3fnc9c-mA^I^@E2PT5BzWSrvX24X5F ztdk7N?u;b`qdsCm1{fZlG7we{_aD|#ka+Y|KKl{JfXWY=eyrAe*OK7({TDShe|X_F zJGi3xR&D&M>Cr((GoCIw9Jo(yAUg{wO|t$71NU)Cj+v()7glx{n*4kDC-zJm;GSX}8VshqrUB zeBwafnRu7NkTXs?5(2yPPP?A7k>b~v*04et4y6*Xv&pY0ZQaG^gMP+NYl@%q_p@N+ z?~#rhr44_)z4GD1vWB+<7Az>`7O$wCPjkp^x=XU<} z_4TCOq@sCGo`A*qK(n-6oK8+L)8OgfONKU>?Gr~2Hdmy&suj7e)OU4BO$ML8eDPSb zhCSl}eFd3N?mMpITM2CI zsc_}wT*Bl3(#+&kv=a)Tor_LggvL&zNs5)Q$LE2Eyr`|ll zTHWSMCSz=ybj&VKZP#uy5Rcx{rNU|4%q$lK&Nv462AcEqdFct?7nynM@52pa&H*tj zgQtGw^WU{!HAan6&mPi34gs`3cC1}R%cp4JO7#4h7$tOvePpPkJCNOhw%|Au7M zq>8Xn6{DGo!#pMixPUw4W%pT5`MSF^6(CN|tE-nlhywobWviPGewIlb(uYQ+0ZRPW#5>939QK=NUer{~{UI=k{WxhY*Io6T`Wb%&fL(C#hrDbF5=}oYQ z=%mzAx6bBZBKs`o0AId*J@3h8V$)Lt3>iJTo)K)jvwBlBT)nEqK}0wD1K)&6$9s2C2 z_kd13>>(|s-o&$Td3+kfyB@uI-HrHXv~108nFxiY+6vJY zmk>W4n;OnB^Lls0X_8-Z^kAHZS)`MWdl^^5^R&F0-2!8>7*dbkYF*cuvA&I-cPhOG z)7uFSkrs95_gazIeeIi0;lqc{R3Ar=&O5q_+04Z$ZpZgZT|XFr8+FTD`Cpv$YH2V* z0>^TPzhH=d{i$Y*^80^2O(LMD{2sv`u6Z747NH@Tg?XO8WUOn{tGt4hYIW7fTn-3=2I+*%gal~AI9|h){ zF`a19BCBgIXpc!{rLX1XxszoANeWnxw5)whi{zj8k(u!-R!E=%rBRS@lm`<+KApvA z0Y<{KZ_f@&DDYCfM`>!hLo=!gTkouZFV8A3PB>{)9tvCYj zY!oOzAlle5V~k_S1NS2`2n{U|6AgyhGXqaOIo>i(M6k+&yPQy5Bnm+$SbZ8uF`>Y0 z8|Ho)8eSs=kPfP(&1r=kuqV|fr7lU7iEqO{H*&Dl%g6O&q>QqtvQZF3pwb{&FmVtD z71I6b>KT7!%NAo?v5|Z5tgu1Ct9m5hee8QQ2ZUhr*d_z1#MzfV3G(aB?XDHzlD?E) zWYO^2m;IWX2%a|a*27}&-n_YpBZxdz`~_J7Cb9tRLp*>ZoQaOWuNVcNU`9A;-+q9AC zAx-S-+jn>$5+tQ@*b06#E5WYp)hnfd(Q7{*3Jkmn!s<=NqI83@UxazUUgJ67qbM{f zOzd4;;8xDq2*hSta$;@Jc;HAGkU z`<;0t8}G?P0PMlu4UbZ%@#T;sf)K%TyeFm7HYTDmn6s&&T(KeW(;FTZ<12 zY8no)=jP5ZJI$m__4g%7EQ){fLt*LUEDC4p7sNP=ovrp9JlLySH+KMMsyG83O*uon zQ~N-M0gbYtNZD3!7uHlm^Wn)u%hyxVF07y)JTSjxidca2B?d7uWm>o94jYggpTB}0 zn~)UMs%VbI4TkmgKa8U~)kgxU5NN$}Z9$9JA0f+ARR@=4c*FK#I`i0( zZ{pXfgan$e_U+vZh+vhi)AS6+4p+b*{J5C)*keRyQPJg0e`3nm(WBqIecJ>uQB+0U z0CjZv@?{ZKwVigd`bmaV0zCQCrk_9X$3d3KH4&0udX*pM0%v;{a1h|e^9ijU2@4@) zb^gg2P}e&Z1BbNl*b%j-I&MgZA|lf9FAMjq{e8hTyJgjNI(O*6JRJa=YR2I(iYoaE z%|vgS(=7#=U=f|oTT}aD)(VDxdG6KLRjnvR2$Np*HS>IYQrBFWbX*MLMkQ>88Vc2K z%H_+%d6PLLNp$uL#k6It1-`+MXTVoOJjgL!fU}`|C_$!AnIa6fXRdlhshkVMN40}Y zh%9XV&{@Am8%Ri~M~czLb(3KTq?Et|5bM+*n)fS}p5g9(j;0)EIU66~y>^{@*YjnG zC$<+t8`thTcyMz-z+R7*<~6>w$zQdF3K?(zJ-d0&#LL36-!~-lU`$OuWu zN>}qEf1w;dX6A5wQZUDr@h!4|R02wcOecxv9=8-XjNQYLb!K#3va=o5=XUn?j4lq3Y7z4_yG3Pr_F*IsYIMvhjE~-S?3`#3 zt3cWVIfDDvFdjU#)*_pE#$?%|g&)9hr#K7<`76}G6;}{fM0jhwUdPFR`9%b zZQ4w^mDrRR3eTkOJVHD*J;hiJhsgpi*KyhFrWlh=j}g1|w2VDQ>c=~KMVS^|#J4U`p>#Gh1N%1acFRtO%8_5`%`!sy&0?mf_7xXI2KM-K3M5K&HVMVm-HjAd)MHVJi5dJLhYFcCyu|qG*p>X^56zB0g<^IjLu3ejt z?uVNP5=fmF{-=$d-Ef;TC6tl~f(^nZoNt{PwZ?iyx{9GNDEna+q`-fUaP)2c9?`?l5ke7H+y;4A@aqHRC z(1}Ta7+#4vJX}t|=Oi=SSR@@7jgb#Qi&}JJv0UVV6ySG4#6!`0%KWGyfiOTCZ9d1$ z8fL~*7H-+n69*h(s9*i7%}7}ob9}qv48f4pjm=Z}IMEgQ?D<78MS*UOUzx@z7+H9J zat68umLuOQx=!nyNN!=Fum$ShQX{EvPtNkJ+TK%Zk}fluf8Zoe5_#;!!F~Hu*lRKA zD`BtPuf-ofJ|IBcV5(`6C4@M0vhbjgwhDfOmwfyg_Bp!@z+vZfrYaX8V+F#vk(DL) zy$E;=B-h@?hJGS%ZmD4qYLE^}K*WNL<1xwgV8%Dozx2G8dywao2Z{f2C+|g!yYfzl z6vCHOi?e#y^ytLgJs_(>1gv5ecY7Gv6U$KOMM>Icl6OOtlcgEY;qU~C;YDKacyYzy zukLyho@2!ofYBKSv6ZP!X^MY@-}j0br1eSxU-fU3 zMw4F|22tRO2TqIP&A1!6xz!xShC#4M)KZ$t%2Onn4`HwxV%Sz5nN4fcG^v2wxw{!CIyY0oS@903mN(~r z6GmhfrG9E)F_yi4eJnnHEJPps-1umX$jGXO9=-SQ;fzXb(GTGpH2V!QkU;@-DvSnP zAyRMHxUnqXlQmCBSzr0%G}IGQBR@HV#7lL2_v~Wgq1jhbQdoLZbcNViMh+d$`t|F} z9F(9EisSvJ$VjBN<~%^&5oSiLMm`fxV($|2u<65Xh>_d3M`&r8nwqZjuxhgJYH(NF zmy$7L6Rsh|J{Q;B5Ac_-C?N=0EL01q`TF%fBE%6#Qh4rBw{0ZdN-|qjjE}ZJ&v8;& z-S6|eU39lfALC-#MzV%&+O#1dHW+h`t&(>YE8REi!=m}ITBsnIw8g=b2HY&m#Y)Pw zq91dl#>(*KKxwh@z{qFZ{!y$M21=m{C%1v; z0k96ac<~!5Dbj1<_e-VD4#i<39J_el-v+X->k!e2$G(dyB_Pe3^;ll@6ICQ#Ne=-h zSQH#@U*_)-kG?)+fKJxZA^rLtVTl?B;ir8B*-4(}D*#&1&!fD3u5oaO51o}QVb{-NS{#$emN>(QXP*x9+^lm^P0FRVB$_a2Z!fxusIDZnRy(8*||3Y3eg z^ED)DCe@?4l{$|Optl~G&ee@=iv-a z$|&yl@&|FFHqvzhYuuYFr9_k)^ioZ&)9w5B!@ix``B6vC(1-A!yI+V~_FAiUP~xal z?!%=zx!#zq?6tm@=Mj-Sv=n1VP=N&1B{6;3!()M%Wya=g zZ|=vWL(&nNBBx4Xd(#aw7U3mAj>5tVJQBisSlB@@3GU65gL6r0zX4Dw1i$5Q z!bosp;$%rT&RcX?*U$z@GU~P%K!;=F;DG};JeF|~eEItIWZ1?Un zj~WINz>O0NierD*`L5@$&0G*|fpk_(Ft5sb^5hAhogG8P=tzPSC?#uRA>c~{N(nFA zfiGFI?Uit6S_iyMike#UhWwSByZFq!3C1cnRO?`77A;;(#%&UVmJJdv{i{Eigy9fl zGqbhs?!=Ipyel3o*y{FMdowEwF}|&DwonO1<=aGC7!R#s(k~E6q|U1G<1-mDr3E2) zX^_6YFM@-cDTYd#T3T%I-0~2iK^6-e#9virD+@K-EMB!AI&IEmHnyyx51E~qU@zUD zCYh92H)fZkU0@+LdH<6?>L+<5-~-U#$)E0W@h#q zH|{5gH-Hif5mLyZ*?Q%S31vPYSQg)Pn3@_nG>dpG2P7DzlfmVCEOExqG4zb+!7~@# zd#H0bej;?L$bN*1T1*_HCsNXl01p5%Y4YUo#%qzHHe|LiVUwRkD@eDZv0u^{X036J zW%F38a0x3oDz^s*mo538=Fi|h1b~3M9wd8gJ0^l~naaxVh&F~n9P8YtiwL%OJF7U$ z87iTiDWG?NOWH4FkYQgcjiL|7Myze3H>|l!Q6o-tZWj0%0Cc2bkjQ>11iX)2+_7Ui^}~b-6KIE? zbLhQiUsKb&3_Y^ey-zZW7g$T@uOsE4bK1>4=hd_G^FMRW=}`_N1h~6yGOOt2j1T!X zV>Ky^_Un0l+M~L`v2Vqaet^^D2323lK*Q7>9VDrlw}NOaUCRNGdhQe7_1O)$TA(We zTi)@mQuVOjHnyiSu0AIr=dk~T z==ZYpYp4^}rdeleWf_(oAtHL8f+^hui5bmJ_GA=^jxX=uKTUuXC)yq}7q6aEr%eNs zMfGP4WjH=o`M(2)Q5^H-sai}ja+<;OsqJ7LYxithpYQU8hz0j@BCVTk7;cFH5AaBw z;Yqh%5Pup5lR(glIgy3>th1zKJ<&Z-8hlp(=C}t@;R`8vwrbmAiHRL|AaT_q_Piec z%#YoRAn@-jVzJzn?EbI`oRP7zlO|4_lkQ_Hi6tq7^+P_J0s%AK@)HhkL3x_8|Sl(58u*px!pMP|I${%iG11JZdk zB$R|Dp_c7Zy`(zrAi7t*eQRwuHqEKpTuDn?dv8-&XJQm+nPCuL0KJ!;j>+O&gautkqy28!p4E)heg z=C*=Wav$rz#B2J>*}HF}i$_Y79Roz3TO{9KOY70SdsQR?qak>B%K&MMCdRIgU7XXy z&#xKS?_EU&tyJhD*CPNEwZrFY?D|9F)~%taG?ctlJ0{LDwtqm-wrzW+V^zKcHB(j9 zdO`_L0IJ~#SP4R?ZiaaJECUThm;fhAs6s+dxpDKd@RC3s;tRG&MvPC3D`>Vi9^~3Q@f_W5{QhYDMHo``Ks7eks}K1C4&R-3 zIi#C$*}<%kagS|Go1TyJa`#HUdkP~%wW5}1b?bG`_0)BR15kIJItiL)|% zMHn|QFt}94k0AE~sogoV^jN?p(P>Vr&}#aSmV4dHW_T2>hA}_$Kl0$p%gW&O`(gJ$ zJ}%A&a6KV@;Z%h6m@nI`#?LYd66m^_PzvAk)V&W}yy>ghvy+aKHW9RjX0K+O4I0ks zE%6wVpn2LdcK7r7fb#M22lwu^Tr;tinH!E{6b3vDSxJ_1xclfN; zn91i2*HF&_*Oi=65;2icvg2aT@B7xUqwhF{-n}V5z%3t<_<)muT~3pnfo~;m2q?C+ z3rdh!PCAhgdy+MfxQk4Ijz3a7AWYd_y?$H^A7E@^Vuu2r{1hY^%vs1IIrK#MT8T4U zjp7VX7a#67e=hHK`J7z>Pozf0*w&sh3TP%ej8v%o$5ywNR#1N$N>-JSOWnewOW8Q* zd)TfEBT<@e``mFklM{y*>H%l~V#ydHrhg!HB+PL`%M(>~TRyL8)?m$jVWoQw>guEf@vi_X>mL1h*^@fK%|kTsO& z>`z)%KD}zQsUGtNRWgRQlJIZdK%w%I;*2`}lYR`C0#A`@Z;^eE8q1=qZu95AX222J znC#0ZHJSB8s%{n6=opAu50o&@J|)%Fj&{|r2_qP;L%%n{lL12r86cG`f-TU`@ z(Xs?BA)rFbI3gXW1K_?_=BkK`LtlK3T|c8}4mU!N@?NC733fU{Wn(S_35Hg%xh#@P z&GfTAIC43~6Tp&EfG3DNX2XmgrUo4v0Mu-cZbVGFAbRsNP}8rmSF}xbk#+0nU=Og8 zbNB8+dPTQw>tIl9fMSY8#ytXG+RBk;YD&JHOE+rAPMr{a?u&?6v259MGC0DQi|eG> zYD8vzuTN1>g7j5!DpY{WLKu)=34$2aJh?ppGBJy1%Icb_5(=#_#n>3G(}a_QI~XN1 zdc=qtE{dj)0@fVHPg+2FOVZ}RjNiVkVd4aQnuzrJK6Mct-=00abdJ3xC6)6vn< z)cn*oVFK3rZj!x; zzM_DHlEZkFUm8{w+PiDlhaf4GOFet^7&v4IJSk@T;}5(7 zhQs?1prP-m6^A~1rje28e@Vkb4V60C))%VP%6IQbc8%|N5*0~HDN*2R1VNhToe#0* z`M!b@eXmC+&(i(>M!A#%_ND$Av)G%Co^Q)dr%g*kGeh(@J@8xKDp9P)rRPaG;uoE!FlyvTYyFX$ zns%4m7a8|ophWFCBx)lBpQMs_ql>9xY#y(~lHlJLR1$nd*(bnIDS!zc6(?`rxno?( zh9 qPa3anpFj43c&7TY`T`LGmX5C9aoJ2oNFwaLtgQMfW#W3Y9GDu_ReFuPf30m z&Ju0mJZ~Pg`IFOg#tLyuZ)7m=r+Fe}3Rkmrr{d#{1TF+O741Ib_x04+4W(|6x-CjN zAzd3t#|-#4BOA#sPVLRU8)K;g|JTmdRe&$p*{>w!qvA83Hci%$bdx~mLXwYz4$T_( ze+l})(~{rkN0>x=XIl|OYsdoG{Y0)kc5vGBI4w#`DP47RXaZX>d-iisB-+u4tAb@9 zi#^i|H$n08znHTvCd({%d!RJP5U*(Kl4kS~LcQ?J8ueE*$v%&K8~_-bbu#z@xG&>~ zB$fW7)*quY5;d}WQirO^4R^4&Ab(Co5oH}8D9u$7pqLaVZMa=Q#{@v==~LV6Sep0* zCW4_{)iOr>wY-X3tM3!?BWgDHg^d=}=f>@LSkwbh|Avw*a>mjoNQQ0ZhTx4o#l#aQ zCoqApdJOiacD}Z!j#TA2urSxl(aGY6=@jM3Wn3T|fBuYaA1Do2hM?fgw&O=R%)JbvdnyHnVBS!+Iu0u}q<|-%_QCvn{1S;`zXm@kE(5B&>0^4ig zadGpk!DGhQ3K{x9^)_K5&1$>2uC~@~&6+|6TO}oR=+XrT^xZ|wyAkQ{@}j75qrvee z#{X8k`9HR-wOAlv)7$8>8ql9u%;GV%>)1oOd-qawN#7Ug3*)O_I&Uf{`%h09kyT5P zzLwO5D9cI=eMSl?M9GNMtG?X-b*U0HUxzxl%#NAfr^+hJo$U3@g$og*-R4_Z% z?*2bXvTrW#(77`<7#f@x;()`CBM`7$ic^mhpLKQ}8i zf3%uf&WjgmWO}RK<^b(IMzq#Ftm(&Aw&3u=gBQ1mr#s)v$w?)HGTyxug*3AU$O?r} zAs8tG=Ot20T3+BVIgDw)^lp1)%x|bUQ}qO;XKP9_NpHM2kO^q0#&f8%=W+S-$t z3=x}_HM>$xJ?N`N6g_|be77)$=4A#oYWsQWl!wxrip&6l9)>=SG6F2}dSs zWL;`h0GjN}azY8Irz0lpN&m*QHU8~Tj5QMOX}nnZ(e-0P0A;a|aK87oHB}S+rak2( zQojhz6Nxnt1uqCP0z1NA#~=3AcRDeykUW$B32N@9bF0*&Bv;@&0|HjMyJPX7A~G<~ z%NEU<-o}ysK4)5IEvIobl{b(x&yTe12nu~6sV~~ z`i!+6o>g4jMDr8EuP4+hiU?&oo&HRh_`@9s3kf6*S#9U`;SEIzzGM^B=e4xo$M9qrP;J;2{U8vbNZu* zh%%Vc*T6TGv_llKt(Q)iaGhjKxYo5@3_u11LcY z&s4JDNl5=OPTja|o9W!SC16R^CnGTwS+{PTQo#9@Da3Tp05KE|NjZ$H@PpxFz;8_O zWm6$qvJFCgR&|ufoi}&x2-Fi4=4=kmM1;7KN@N=YhiR{PaO5grDhvY{4meXMdX*>^ z8zSS*@0{ulu@FC*l+J;YyNP1&-$Q#lz zKjWym=w5?|M^;R}!b2bCn4a3$Fe#U_>;kRP{IO6Xl}z*XMLpelyV-9 zEmXxys$<9J>Fck2F8zyTh{S+YkY-t?f>W%i4LgHqW)4a%9u_oo^f)oqoiwfD<40ev z1A>`Dlh0U3COq*{V|ZQYpAvhg?Dw0C)ax;q^ZdCWKtu}j1K?&9>^EAbla_JZJAefi zZ4z~;+4LtY2R64tuU^az%F*ZZyd-^iLHki z*W9n)Tp}pXKd%vtj~uNpNkq8b(vP+lTJ9o~WIYZYJUKy_l0CaLP-fs4sIVk4J9_znX*X1%Sm1QVO zNelt@WDNtr!6!|UQbNayYM%)IIZwUg`1bEAEAQ{qIL^%g1E{I1TZdu_G9orHQBg)F z$~yk#`fqb8er!UmB7F_bmu+cT`zs#rZn1RTUhqY4>HQ33ZZyjc$Xi$hw6uDNM05wP54^9a;3CkK3c%%DQ>Wr zur%UIB2!zvZ}8hW{4?P-af@biX5Qn+kt3JefneaXLwNPMk|2G|Bvb{o4I)A~I?>WX z)2<5;e13acDgnpdmzBw4EryVcgpwU*E2+WYN*?{;aq9}7JsYc{5=Z4@7(~F`-fPrp zI7NK4V(b#I9@__q^3cGhl|*7*htvPTv{`z3d96nx!DjhX-1QvD`WLzpz)h%tj+!%h zkYEDVNRXa9aU!NPbHL0bAHoTfMvWug%e)IbBt)>luNCms-`T?Mi9BOU!i0q7sQPGw zH;K;sSinTlOF$0Gp|Vzxx%Jd>u>?g1f{zL-*E{#;c;{VBmau<&m>_#ZkRW)$&=|*3 zV#*dJ5)YqFeP1#J?GoFwcUjxw&>Cip0B`Hjqpyes;BWTC5Q=6R;2iwKh+PPGoQL|2 z%ZcHW`GW|=mei-}b1vtjVP$(ma)M+pUbql58oec{+OH5+qVfdAp}h{29e#QYu@LyR zgAx-sBa?o<=2Q52L9|gP93HbO3qb7Q!?Wxv?n=66?Q2?81_nIgH$-dXe$?s5NaZ~} zJz<<+&Iu(PJ1_vO>m2U#x}x%!tU!m(5+yn_-YVLFt5d(Cm=lf9laAAiJ&D^CeVX&! zT7Oka!ZXxippI|sE>1g`9$YvW+_-D4w6LA|pPExdJ0Kph z=$A-#f!=?BdFhW?MF@$qx~^Fj>d@RPxVWF&FS?oF9yQe z%cga!7#Vo}yf(0Ch0XWFw%;e({di`%Y}u)njGx`RE6mCGd%RPPkGD$8CD;;3@8NJtn}*>?deHlqVIWokW3e@?t2l{uT{>;tEf!6JTJBE{5U2eUKc8#q=!af;l4x~Xb*YMqekBYQ^y}h%}8;U zK|2fw&*wMA95@xObMr!aBKPd=2!#_kn1zV7OYhU$tE055f2)T+#S*JiwQ8ASCJ zZ-m*}hJ@*H`I&@W89+}!|$W9ru!z9@CkR-0MSA^ z=|Sp4U?4~OKt~PSL*58@C$H&ObDv4n=u$BMt6%Bvy3v-WXM1J(x1wTjue9ri2h8>B z3*g@b3>Tq4BtV&mu|^G8BmU=ZvX~cX>mF0NUc1)6U%!&rj6T#C%lR}2yu9yyR;{W- zY-iHTn)u5HI=?t3ZHPpS(D3OR-EYfcXQ;g8pay4o2abi(Q(IKEF3I14g$HGJF3<(s66#6<{(nqjyn84!}u_$ur=;?;XJm(-OUCpZrhz$6_6VcJe zFCRz^dSQLGwc~uk~hpV#THp2jfid9U|LT1 z1vp3Y@@FFBW9b)sx3Y&p)4#)V zIyBUZb~=!>=%2d=bMBo@N?J;VL?_|Qay=AM+(2doG(WkLdqz32vAJ}Kg!6$jsw(|8 z2FuxWu-!O!?eTbv4;t|&ZMtn#JJNNAMu74N|A)zEZ>+G~x@rD0CpDuf=51!&*r1#@ z>Fa|4Mq)FbTL!eYRQ>o20$b-N1 zZ}vbM4flq*U=asIM8oaY{x1&-rvZmF-Erey(05ES1t2=z*EhZLuCvuWMd5&2eX4m7 zwKS{f3^S>*WAs})qLPqFmBx2lKwb~WW2tzOJd}nF0#a`ZVLc>65mJ*Sv?%TKAd-s;7EF&sV7}n#~5%u+Jb07#m-tJjw)pam1 zseJo(&8ur|(TOMpkOcw!(olQ?%b17=AxT1%N1<4-rQ~9(q=tnze8JoIJ~xasJc2}cnldW^T()d0;M@uc<7wrva+&yNe$n8Arn!Qy-+EGzgQ{L4wRsnqrQ(hr9YA10YIx3i0L zdDd*ISR=S4UjB>UT|~8J7RlX!B5Zj1l%AZAe#0vYcHdbD%tGSGTBP;l>*vo=J^!I< zPByM_VesR-l9C$N70gzx&nT$NMjOh@<;p*8yY+{^SEXlZ?*Cxs_k9l#rt3$1hmLP@ z+`skh#`LUTA3uIi?XxAp2oa`F-|?r(Z*Wt>>F|yV9e(`-NUI$?h4ifDl|SXT1A>Hv zOVsbTU|z+)><#=6L|o`FUTZ$fuBzMbpE-%HL*HPEOUHX&uMGbB{f8NLZ9)UhbC~d1sc9)jdjX9BSsVU%{ehcEa5SF&;?N*Z~7dK?z`zAaFgw zsFG*s`-hvks6I5uVM$vD6%-&62p<_G)I_YE8J<;uDbyuUvV#T>Mnl}tupFlkD0#RI zCo*S^E-~SYeZX#loJ$sTUVZj1SN+an&WHX8Q zilrwoKJ~y!hfv=|Qrw-^u^Rq^4ILf*uv;J^kE2cAg^95-(b0T%)A#OJ^bp4!*9S{z zzXGxdGw7x7Q_mH1?gdB_poQoeITK$I|K+An;TdXkE?atUr9}ZoiHC~lMDT*t4ji{} zuOdhegs=fLonw*nXvnbVvJyvziW-EU0dtzPy$70a2Rl35m+mYifk~!lcXQjX?QDS( z3EY7_79E3bQIu|62s`x*js2(-EU)~`mXVNX9;$08;q;jfB1rwyXfo%_NyBo&YTZ_b zi{mDv-~Fea5Y^(kBql154n*ym-zwD|!1lz6Ns?mDIhYlqG|{hM7(|=KK-k5>gC|MO zu(ZSzxCh}$TKY(0V)fg%gAXJ8C#ePJ#luzX*}P4xBrscqqV{Lz{xxUL;jbS%N<4__ z(X;2h{aWP=ehvx_mNgU;bQo`A7$oXoBRa0MPbv%A;sqdKtbz3uv%GJeK9rD9ywAV znT)Uj!X4b<&m*lg_p5On###=yJI`=NDbaHdw=)7tZPQ(FD|&O6FI;$@17=gH#l_Wk zKrB&%Ab-RpUT3DB#E~&#>@uD!^doDPl1j4X_duc=0V8q+B%M+D^kdn4kz34Gqi(k} zYYfGErD-OSNFj~mmc|+>p>_vt;4}h+q2p}Yv}s^6(K=L7hLVAX8VherR~+}_yKM~$ z@+1)xdUw@3n*Ni-5UIjK0>W9*JAR!^M!t=h=TKl_S z`@4U8|DOHbujilVeyu;s3io|o*XJCL^Ei$(pl#WCFZA=DK7s$0a3yqfXNvsSvFkfg zW?Xz>)BO_!ak*h$&Z#X=+uv2(VUd{z=rpf=V*I~I9MPIz@x7RhSKvCStvz07VSvKJ zLPJ}ClC=)?bse7s9G8`~CVP|yb*CcmNXbAJmuTwfByLsh+rPiS#NZ+@p-MQpy@TlK z$=Z&f^8Tg|VeICC3L~y7y}*HGsfV|pUwCy#{>>0m_YN}FWZ|VNR&Z%#<>W@tnvm0= z9!t9gvL<-fmh0%-cukfC*zzw4SsK7A4(=vlw zs~i;OiFtX~uU`k!z|vmy)i zX#KEDm-?|}=JRL$wQB?8eLIO{hVyvws0)sw97;#W=8>&c2b8gcm`L{L`-lc9^i?jxtHFB zpA{adEgJG1D?A8_fXbj5=3^<>*tR1pyOSS}z#7KsJSV4kl?yKgEy^ev8J2kOK|Mgj z;)IfW<;rIODt@ozP`HfuK;_eCSSOL;X$lF(qk_v5Zm-D{{hG?>T5&1%N-L(pA|pd= zVP4~WIyP2EOAEq%4N9DLd2Y}ZB(Rba3mG=Zt{E#@aWf*K zfF>g81UMLNiB`AiY&F8=kY*JQK342wd9s8=ffpok3$sK5CM7)MqE_D3+*_e|5rIu2 zG&e~<-vV9D{4%iKYF&-(JYoJ!cu$P@SZR?I5up8URM>MRL zG$-#96HGXH_BdZ{D5L)T^H;Q66$Kqc{weRML&oF2CQO_J1A7ybj|@VDrFZ+44|XyO zCalJ`J>mZYCZm5;ImkW0h))864?rGPO^=UD2-U(G0y@Ky58I}*x< z*Uy7irS#J$YJ$Cw2Z^d~BINs(l{{HlwsauW>EvCTSqhi}gQJkaunXp&Cf&O?zuR<9 zA&5RFH1T_}G;-pl>gu@~6(ZO1M_&w@=OJ*+Xi{j|X{%lPvBOR+!u~hI8 zUPBBF3J_RfB`+93cN3&<$gFrgSjRR!JOgN^ebU%(0PJNF8|fswp2DSr+&m^rhgC5ZQHdB7g5uvRyJZ zgZo6iJ(kCYF5VXniiYzq{^q2fo40NarBy21aUJRa4`hw$O^y&l*&REeQ0{)K&D;fy z9vn|<;>2A6vYkXe7f2fe4SPylmM&QZzSBqLb)rilQWOTtfC`2;H>Xg_z#eb-^nA=y z&7LANrBACm_@|`8g@U@L)fN#`(APR<#V`pf0aCKwUEhdRdDgmwd3L%}a(3h1E`5p@)xWP}N!j1{STtrT{a zjdlCPSD103k8av8>2JI&bSss(TizUOk=gmo94 zdk)Zt;!2@TSIH4eY`Vs&##ce`)29;(cWDU`dq-diPgqN&T_7|`!nlVEHO_!BDf57p zCcuTFQKDrF=W8Z22ZsqGuEGy}UQi&2p>WorGNZOTH@TA!!(^I<0LvinQf?l=M&Q1o z9Q0T1gd=?Bd8v*00m)eC>gExNsP7R+>d`7t7egdo+7s*|H7yN0U~pEQ)vHg?b8sO| zBR$iKDKOazP$a|-4x6r&7sGr(8UkiQVVl@=ioq>vcI@cvy*|HM9(eYBWvg2kZWP;~gZ8O(tYEt=O&qV~1{Ppvu(U}Gpx zcw~E?Iwd%H64qdRPMkcsuL>nFOK8@_2(>H77ho*_=xu`;T#r$1Vt{;;SpuA%?lnSS z4d#W?UyDB*(#h-r`5T`q+*HWo6poDDY$->9)K~cso(u6;!66EZW__tdN^|B*5xUZ% z702^bW%>gFuRt;LnN&%~0l%IE7o5|N9vOWMqiwzjl?C|M*;x-wB?cr!E}t`J%)XeA zn{(+q;Yrt^A(7qlRAXnLSs)FfP!KZhqkyMmQNoYpsSfeTS_m?Ive2()XA617;xfJ2 z29F+sKA${FAQ2GVR~2v^~>qKP&AW1`N)~uIMT#%`# zbR%to8Nf2ZB)*|6+Y%6+R+GD=RbjqyW8V=Y3|Ft7PR`xmRswU`2o4BKM});1)D)Lb zfI`G?E#_AdEWbieXhTQ`+|f+1S@P$g)qq*|D2kr`CbW&$Zr=P#GfzMOJDw;hITRx! zKn?y2(OqwD?tu1;6b#ITT0QH0N3-AX4kKlWU8Id4DsRo6nOXwTJ~5DmWsDn_FaJ~Q zB4b&sTv(|^eGMgnT7Hh@6t{_!Cf&Gs(}(pYlV#;*&di7500jm20)F^ydsC6?$3WomX#2{d75RZ7i* za1w_$Cg-G6Qxg-58@i$)6j(e;;1@sxr&I&P?t`B*Hep&}b%&De8r=~O6OXOMEUAcv zUKCRk#*9hAO(P+}aAtBRkv|5rp$Oi|}_6qI;6cu(ll@4QP}4 zkNv7BowX={%kKfWLMl{5^h|~OyZTQG3=WZQUTceZRdY z&4TKfNmypCpgA5F~`BhEkjSx}K@k)vE(>JIY%lz+%ud&GtaMS+p4%4-8-hsdHYS({hf)y}n*Ma!wvo7eb{5HjH z|9*HJ8u?lzjb8+`K+tL)?ji-C@!bb%1$To$YM$_8yQS;mCF=Q|MR(gEqS<4nkXZ+R z%+I?5N*59u<_0o`0@Jo?_l2uh@v^!qTy6I*0@~sTh>`0o=ybQHV#&(GN-*YLWobKz zWR?p!E#XZ@7Bq(@2x$`{KD@oO$~nk#JOj8`wCkPRph+ku3cVi}jkV6Ef8(@#A^;tH z=2dCbn41{S@U~DL?}4UOuykbfqGko8+wV%ei7o9 zBL@#X#as$QEQgHE&0lRLRu^$}sQB}Od%1q3leBB|j*oAl1aHT8dG23he!&GmkO@4C zS`v2t<*QJ6X!#x&Zzt&f7-zr6%%L6JC7x0|Kqh$zIDdIxY)6sIB6=X$H8mI>$(Wx6 zt0hTmt$~t2RDT(>GlXAADT;T&IKeV(1+oHYc7i+`D}@)?*#eJ8N2fuj^&sgP`>p5r zjw30~d<;X1sDT5ME6vZ*q4HlY9aHM7@_6%2o?3jyG6;!3cF112@=@!}98poj(ci>H zL!y{3OX)>kyM7(pnirJDq&*s*_8tMVuNZYdC6M!MI}mSGHi#yE0@}yxgU!=BsYX-| z0t=Ei7~k}epzVj>NBpOUPDp6Q36nj70b8Tl5{jn~<|1&nJmlbfaQ=negH+m0Tckxr z#tb8OY}+R6T(0f-p}gGJ$7k{i<_YW!;hCQyCACt(ns+d7lXyUv!jnH3y5>|E{3)ra z%{6{)Q=TSdP|P4m3<(a_977fd{c;t12OJDyzSG{m5WE*egHjK|4qcy{7(qY0EV6^h zz5Or=n&DLjh$;Noo6Z}BsROZsc?N8wEsbMlxPDwP-XoOCCn4btyXO84BmQSSto(PY z*`#o?XMTR{&+O^5SKuKI8bmTw?Tw5G(DHIQ3_8}lGVoWdImOMS*#Pa?zgJjo9DeyB zb!__gxl zis=ctje;wC;|Y-riCoBRFp}CaV#c$eq_k}3*S&&}CE-@KBfEyRN0?O3p*vl*s!G+e zi%4ccL_~yioUO=tO4Y`f)dUS+;vE(+0D#^!5J67bJwo;>oqnt z6#$p=gW@`%TcDJsj#FCyn~VdgJfH7{P{d_|^398j$N+$YDhv05Jr>;4T*KX=E^Vz$ zl7$(1NC*@)_JILZBRRPM@d%Cs@09!g0v!k;l1)+7M7_$43ws%$P}*;8Yjv_J9L)$Q zFeKy~a7rU2kYNB6>=C5GPDzgke z8_5nRG-R5(lnH*qdUvmc=r9By%-Yh4|B$YVLKx=+s ztG2%WcL*QQ^_U8=qtT*FnmTZWhI*oD#)Xda-fJ5fC1TePT%fe8Y7`XCy}gx+uIl-F z-@0*w@}a&#czG?xSQ;?l1rh;zuAkd92oIFZ!Q#Xu*TKzhR;`$S(PNx-9&_Q#7wZEBK#lnJ`2YLZF%)qw3#<|xsiAq#uTmMu%6 zu4>wDGeDGa=l|4&@4CP<&+1~1r)vH_k;r)o!?Nb@qlW)AdKOvyoEZD};fh-pCbZ1l z%POUHNk^GOe_!%x)$d-eMB?_>yiE)Lt}5=@fL#47LjGS?J}amK{0GDH&G;Jue?gS? z8#z{X|Hrs0zfnJaylbI2L&Bf0|8i3Pe_iav2^?4e5sKi*p3G|Pnf=lkTR_KY|NB6o zai4DZvO&ldhOvv!o;$})hE14FF@Y-bPecVre!Atz3~oRk$qe3J7oP|Ji>l7=5 z5NUm;szB|990=Mp^E+}PAA44n@(`8Akdtu>MRDCnQWMP7mGjfZ! z*nQw_rVLzo(gElOWDl)Hi;{^LTDxiYaq7^~)Wj9M0@c25v@~^i7U7UAf~<=bwfKu) z=TJd!>~@2@K@btx%}{s9s&QXLqT2{z=e?K1UV{w=^gr=ib22jpJ0)%m(TYLQ6~)dO z!w`9ZVoNLpnPwUxjK7#D_mE)quLqgn%$Y$F3mK8o?yy*C-aJ>%AWIK+PAPdUmvq(G>-3F?M-ivH=O_{#nxzxa#)<1~0qjIouKA~hAUUrrwooyBC9ASMh1 zWQTd_UQ{Dyc(6nW4WN-xxc56Ch4}(gU*$e_WxIJssHq_6Ai>e;2G;*uw7wFhEF*I0 zjS%asbb4^-g-pJY?9GLRsFt|^dZz>%q9B7F+#&Uz=PNV)74soJ5J)jWOn1s4*N3}y z@5bnkszST&p5Z^~qFqXJzoLR=EI@c;5F3~2!<##-5wyeB7W4fEu7@(Rd&<%mKXyL| zqZJ5rINK;OYG$DW-EoOg9DROvqugAP`%6YdOq0(!+oANKonWbhr>Cc4;#%r|UNwt4 zX3QlyF_!^}*+260(`U~{Kn<%o(v$69At6Sy#^GiOFBhVRKBF$9WzkTGK4%7~2}|{W z%i+k%^CX#HzjH^}Rm6oga;o#BEwq#TMI@ts78L)WmbSLs+@TC<*R5G|X~;V4F5rxr zn+Guu!=6U)dn6T4)#@?N78fLef+_gJChU2|fVA6c-lU%1&;bJ?={=zlz^Ub_WR$?s zgz%`Tr3I13n68Qf0-ELwR@6pBWM^eT&ef@yIAlY)r`%?*|5695Ty5z+al1c!#!Raav<6n^d6lk{|Z zTU)iIOEc_NiwvX58mL>l(jax|qB@2tFQ6okH<#Mz`uclJt*AD{dnEIA13FWn3Te~y znLfdc2aKr)AGi5QBx}=oex;<23ShGaqk6%?55p{oCd`eHdLjuCR}uCo5h?g@H!}h1 z4l(RRDqvAPJ@NmKbpKr*{P!bW{#V9C`tubJz%sZO&At5+xV@BsD2EpY=(L}rbygk9)btz&oD{~mnFwF9HJm+1(holu3 zjLcbb49f;^2@T~ym1}s?vE-u#^?X}hxC?4br5Q6a=~khqSjvk;W>4DF5JMw28X)m} z)t)F3;0TUVur8E2Uo_hsKml*o8Y^;lXx*dzKZ67e2;EAw;Xtqf2V9!7{E#p+dA+Q= zmB!stIV3FXbeF5ky)SA`Ms>u4PWzt-R19t*a4!+Oycb9o+y%x&VR}(vfq`aBjeQbH zXIb+&bI;*i%wqK(nri8(w80}49e4c1rBm*U%oY*V8~m_^Lg7EH9h9cO06ZtP&%!%r z_wL??s%98#gW#Rg81DVPf)Jm(AG>TfeQ1At?h8QpyvL~;Yw)&b>RA#>!d5|F3+hI?4GjycudcrE4;j~uxCr(Eat9lJirX24VuEgP z%QZ0;0nY*(!K@uzvAjIpd*&mS%=Pe6Q&olLeTA#t91lJx%mSGeAZinunK$P;h+ZWweVQYO9vKqC$6e$P?_wP7|FOG=`u-33ivd$8vp4Lc+pkyq^<|aH` zK&luD;aYm>cReVz%LIPMbbdX(#z;J190LVg!^i3A!r>uBiM=C{bD2~Qay9WBkBN=N zhs^xOdeIOZ1dL5h1v|%VnVoT?ekt;`DW)r^BI z3*$E*ZCwYL1C0&p9#H;yBUl*1t7&uxv-7m&2ijk?T~3aLrn;zpYV2q=qAtmyU1~&f2esyoW@WII$Wix?}+xp6neBbshvCSh)@Iw%Arm4D1dkgGt z;v+>!$N(rQR2K2j5fSwu4R{ce&{;HZP4YS(jkR?6Nw~tv9JU zxCPm{x#_<0g26raT*K%+d7-(naj7~A4qwtXd`--0;dM1oRfW?z`V3Lpvx{ek;(}&b zSegyANMmU!0R8SmL43!DL`K>%x8@oNZioQ(D36)^T&=h$irWt0#M3QUw6wNnJ_Zn` zgkht#9C43Qj^BgRh2Y(kT{wQqlxtAI$Wlx(sCA(K3wXSV9!Jh21vAd>M>~k57csyW z%)}ugF*WERfeedUv%Vp*%}E$Sj#L8O`zUbE*$Tv>X5iT4$44oaqt)Tlp*&TFEW&sI zz1v7(e31nY|Ni}VfIEz;3g8f24nNRYRFpXCA7Fo%piVjq2zo;%{_J}1CYEw_(tBtA z&$(pr-koy(;sOA#x4-^t)c&9G%79CL@XDmWPw4jJ2Nl`x`>TKdca-w~>qfc#$Nh)? zTiV3bls0WM-f_aCgDa3+2CBFcDCT2|(aAr*3gXHTB!-`sp?`S^Y+ zmjeO@LnLP{2Qb{snF8C&51lmlPC#x1k48@k^t%i+Xs-liJWwMle5=A9BL8L2+iR#E zDaBvGoiN5^5^9y(aoz&FhizDHY`_NWYEZIvLKsfj%#kON52sEAACW;=qbP0hbr8$I(&WAao)hrsABgF+@~ANc?g&0QiS8pfX^e4rkTma95Gc zNUqyz1FFpYCr>`JsFSp!nads6$sT!cPbvj@p$_)|p~g)U+sN8g(4@LuST&KoLK=+s zvol3ze^9A~h6>*IT37cnX!?s6jR)-*x9d?+uKMvEU%2|z7H8Tdfoh7)R)!Nvd1xY^di(lWrd zxAdNgJk7_-@^W%c+shMu`?M3E!NTwX_Sj*yVFQTGF;XPvz9FRVw>R$5dO{5}nzOW< z|D;lAS@gR&3Jc~5s0<_)!VAD`eC^to1Z0L)q;7@|f`G4~a-^8pDlM%Dx(_5xTAG@e zAEd%hgt@A&j&YcN#8rK%+~>~^xx2Fjn34C3H&40RM}WO~6legLVb}8~aCw%ePy&{a zkOKU+>=Wam5|A#C5};jqFcUx}%UBDl@Owh$&S!GJTVS0%I@-Rc;Zs7DDH)U?!&Z^aup9#Kw0=xLPidy_leL^?U4l z*FJ0(Tru&f4Nx1nqOh;XziAyxX1*B=9zC|37|1dDepa4iFZB+u!^^T9W}kMirISGB zAm4%jJ^N$_P^Ev`1iOA@i{TT%Y`mldpx0+SG@TzAK=hA6d(Y7Jy;vgmB+mo;^9}w7rO|)$mkGn@_Sb*N zmPN@ltn`}%nsyX-1?*kOkB98+$xHj%^O7(y<$hC*&?~bJbI3}Vs!hy0=^tOcdW9}S zSn?Su*eCNcTlkYqB_t$fZP4wQd@9e>GB6n4rwFSv2{Lk7>A+dohlx|~*AcTtzB1wJQPMdoA5J(O26e@csiG{HJ zp-G(wE55pRlw1=(Dyq*+ke@_|Or= zxk!b3YG8!B%SgqqBA7$pU>XRtCaeo)i13PQi}?UT5eT)TLS?{x@f7C>(nFs=dGg)c zw-=r#_7S;iZxiD5)$nj-gc;z;Y*1R6A0gUREU=^PE2V^dxQ%x79|_WUasJ4M+oK^I zPlU+S4V+V!6dSE?DA+2Qro$xA*3=w^AzK6s5>iMla93EcT-{i`DfIO~k$-o{wR@H> zJ;*v#wzCw1OfY>B#!Kx?;U`elDf*c$dae8gj#oL&DmLZd&5mKWZq-0Fqe{)9c;$i+ z7HpUws~lvcQ${OAP6Gjh(nSImn08aAdY&hV5s*v;AfL;F+gP(O2Kx4SCh{3(J!ESL zKr}wIhtQ`v%HOCQcq(Yi_nvNb1fvu1f=QI&`2<|XXTUDB@Mh{AWV-&;LkZOn6mMMI zgZ4fpCNVsqyWc0wlL6rA6t+j}!wH3l4V_Hmj{Xk>8w&Oh1iPXw!oG0Z3Ii+ABlY_u zCij@Ju>UGe{aOA!W+~`r$K>hiKywS6nw?{?`hiw(M40ZtS*t^KMuq9>b-mcF$Hj@G zx~2B*Z=C+2WsH-D%yK;QEeL}+{Z*u$ZW41hLS)X@VSwhH4t`V)3+PO^s+)F4o0x&JTo^N+E$ zjfx+Iur6%^{h6OYx)9cFP%(ambvDs-XH8w5mgaF%F>-5JIB5L(?h=$bMP+4kSQ~($ z3w<%)x@6(PZW1iN>5m+vbxh!pPP;r=A0%u?pm(u}ugl>S;Cc7ybH}zmeGhG>nT0qG z9sBU}wRHb5*RvaUhJp=%ivIrlJsR!oTwJy$3hOmk{<(|6JqnfNvAso&m4l|OpT|@b zNO%vnO36M@8Y2OXfhRB;rWbY&XQD|isgPLx$z zb1hR(^B|Bz#gD)T0E~kip>mL?@mo{VIk<(w0|)nM>)ZRc=2(jECXUqFBnrO?J$BK7 zSx6%o@7|Nbj4FIF?BW-zCA1=%~wPf^(i9-d0aVjN;6GJK{ zmc*_yf>;ekZwtK{0*0{kP7rVS$OQE$`32VAR{6Q2HgN%7VoGzav+KYMlvPX?c%{CA z#>hh~sH#hgsBb=$lz2ri+rR_ED64z7ZY=z%wp}(5W9R`xhbl1DhGxrrLFdN!(W5WI zH{d>MZMgswDYb;pg@lbzmB7j%La?X(-4J$EsL(po^le-{`ot^+1!^|Q0l0ANLE_F0 zAUz0ET&?sTFr_yk?C|mh;X^L)&VlI_DigWm&lx33Vg+*9Yg~jM31PD|Zv_0nw3<@z79?E!q!+kf9Q*FzeB11QXse^|M zVM5PqQVx>^a{?pjU9hKRg9f*{ozM3gth#>(fG}?VTa>N>E&klO;qY}fBz18&iI0yT z*LT^xd7^!^6Eg?)>o=2s=jtko)=%J&P&o?5({QoS-+^ffOGMJsrELm%;?JBpGfdI( z_T|e9r}w)d1~Q4+n=of3{NNL#rml`%%up;{dP-0p zfE9CP)<8TQFhH11x*wW?R&5%{i`vc-SFiJIAg7s_+zS@AV~3RX(nBN)yhwqYDe3)h zP=iW#`!-hozyJT%A1@jdbT3kVzyjl#H9y~nKbntKj^ng8#mzEK_~j>o{(H!@zip4_ z?F;_9mi!m}ao#JyL74D369y~v0TQIIeE#Us)yXFy!Z48pAxl>nC%PNr7A%}dfJ^xE zq<+4I8T8s@IwR3twW&181iYAAxNP1OVtX_X(;I-)knjY@;2;0y>5rA<0l9El;~F<} zTSf#w6d76rRxz)BMZ@4{(a%-q%tqbrJIUp%x0Jn!|3=P+7{GzxK?^1iGRvqUU*BBJ=p~EnShbKRa@k$vvTX!>*vo4po5zjM_~`E0hx?%^uR=#l|N!^ z1lvOF19<^ygCN+zbfV?^_x}4#dOQv&QoBHOVCu-00~wfK!h%(WnWDRr{q-R#pJp5XuEoIpKx9FA(eZ zi9xdzN{{Ml!DI92(N=t{hXBQMUou0vfaa)`fHo+@xrR&C)CBKy$dOzuKC@wMbO({4 zv+ZloARfvBp7&kWAz=SI`&$aDx+%Ek%$mi37=eJ|#EFlY41%W8CQx~*bPLjS zq_svbp_!)%1*{n#iw)lC9YlenO$4`!a32a?*e2T`g8;dudI~u{zD~Qeh?vV~n;}1G z3fqB6V4ON(l}~$)Hxg$m%)(A`1fPWX$jFA8Ve$l2{s_1zoA14R*%;&lIHaA}iTS|$ zTg!*A`ezAND_;A=NJoO46R{Nar7^mYPoHMd#*ow2#;@S7KayiCr#ahJI5sCX zTD&JmF`Mck0Xw}sJA}QlLz6E*R5?gd0whR%0%4aH;7)9;G~8DrhPZqzBATvU574F< zb=v^zgt3$lV=rNE@R_3Fim(p+va#SQf+v!(U$ZMm>8bK}XVFk-lahx1WU3U3N*7m%c- zrG=x@_*%V_s4DdYJ(s5aZ@WrqyC=o|@B^W7w)pek=w++^_y1_7W8bl{_l?NNurJtB zw7&w!jvs&8a9Q>s>6J{VcA_b1fBE-)@^8|y3;*Vj@-O=1Dmkp-G2sR`C|mi9$aRKr zQ$e7#jzJy5BEggyDP|`)XQ5`KYQv0XSO zsmfcTeMM)5J{#_1dGfhmNo+YJ0fKTN4<~Vshx}G#B81#qBh_nR~=*+F!|D1lTa`oVc#vskN+Es zynzKUd@ElD*SF!|(`4a_ad7l@ZaKYhCA*6Wb1?jnEpVFC<_f;Nw4Z&&#Un6ikq{n0 zo}W@2o^KHssBEgJL4I6+IwexR^rT5>T3O&Rm}Zx@3U)C}65D7gE>zd{x(fA?{IqGa zpqMOMc4*<~b?m67ivRJDNO{2u>n6dJlXvDshsVRxT>`Jb+x&q(rKd#SzI|!pSsgO~ z79t8byk9nxKn}nA$}RMfvuYL$>OvlpPhnN^2%~EgmKN8Y8_dJA5wSLMG0xS851Sw=N;oi&PKT@Evc3P$?pr#F2EVQ}>rqw~lKNmi4STxic={jhFfm~< z+HZaY<6f16gnc9iDANKD&<&wFfS`|bNz2IzZt>TqAJ947#Qk$}9YpCFd}zTRmJ$cx zuQPkT73^@;S#e_$0)?im)4=n{vnD5qX-$F8F>z=#^OCO)7zrR*0MVr9ZL`y+MBPG# z1qGuy6$f)vJ%WyhdP|V3B9J6U_YoJbi#pa()Yx!IXyxR{$hdM$T&yS9Df2kdu3fSC z^)9eBw&0M>Q`HL~_3TLiy?WnOTaMXhY3ZcJeI_G1G0imSQl&xa_4>gXXs$Gc!1QKM z&C|?#^w25ve6}9_Aag=0YhhK z_4u7M&I>XD#gJFDEQl6X3@PYFJi3p*Ik= z&=xp!2wVw}!#C<-*Mc^YBApjyr`SdUAmAc`9R7yNm|{%hbq|8tPmG}X)1_k^Y^V-Q z>y&`E>g2!(o!KEtu#v;nS$8GqMVWc#e+Zq5nTQtS5i{rfD`E11|ZE9651LzIjh(ev*-fSm#7 zu8bH>0f00|grn2QNScwVFj&UJd2dW@_0RkW#!<`pKlLB0O;891>ci&~SqrnPY<7ydL z_0O`=TCS#6-g)fLQH%d!N(I&M&HMir-}RXJgS%dJSg=n$IZjPR`^x3ZTtY21C6TLF z|CyRagV+D{&x?#7jBv=gFA@zIC-?%8N`JguRsVSjw6yF+*y@7WKmV1eb?TtMR!N9f z{fp|6_MiQ~_QQhWEaED!?&UFAZIl(8o*!lX$js7Ga)6VQm*SpNL3>`u`dviOC#!XB zxthx`NFNY8XiXf~3>a|QwlMT&}vZXS}1+y9X(rk%c7{2@)6HE=%cM-?AekGqWscJ9j(4J3I7SwvJ(;OCkXymTAsve2jmpc)nwzD1cJHOWTvc(m)ODRo zr6CG(=9#q*QnHq%n3qWZvh!2MjdwCTEZ52T-AT66(l4nCde(FAH6xv!ZaXZ_*wv+L zy1cAy{w)11XPRx}Cxu+`CE&lk82F?(Egy*WzVF#m(6Z6z>$5>>e67(;#|n zu7m5vr_Y9F84NH8E1$7+%=D6dUQ_fBe0K=rLd>pbBC;?+&xKF&CVB2%nPtOt$pi+n(w+t3N6P! zC)69}&%V0c$IdZtjK$a>|LOy)+SHcqtW`5A32XIERbJ?A)tYo<-95?clgsAxUKQ6@ zRkE_j#4{0Je4j$O`3<5EqkPvGqgB#h2V3`Z++qChw%!nyZFGIvgIc<$$rguY3OH%?0|J zSN>4CbziyCr`0>VS<@@|Uj4`^nP&6j6E)3U!k;|TN*=83STI&Muf9_HQ=`@9l3wP+ z6AqcpurLl7xMEps=0SrF3JE?6E~S~t3}tSZJU-sL{!7aZn66VzN(LG&Z)!WKe`%lG z%Bc*S^&%`<-oI%froh$VP?U~(0_we{^u zb>(ww=YRjb(>KfgemW9QXk|SqT zolEqZAQFkG$e3sD$oV{*ihAeMr<~D+qpMp?ns9`tG6?x2o;(w75FfL-`XX`D`<6-9 z&&@Xs^0iY##p8stky^a*$(duUI4^9dAnE886ev7MemFT2llTgSj&z?T_Fa27uK#rX zT!-Cxk>=i*xLAL^l>4}c?ShZd1B;d9Zd!-g1i$JNGdC${)R=YE`i2^p^}_>fUYpb( z`hK7xEPU8WuVJA&kMf$`w>|8oYx+<>_}$L5-C_gh#>OvHdlZ*cWb$6#RQi_~FSe=MGRLvPL(lZc_8EU(8(!XUc34@K zfs~i0{cFd9#rg3i!{e<|FI9QOjMsMGFJ&%UQ5CVsCiQTSQ_~mC9&EQaeunkgpm)(S zEt}(StVnxYw`u#A!ocU(S9mdsm{=Y)pVYOUPF-RhIG!(KgJ zBqgccJ2176-|1@;+g{JIO|Cgw_$DUet;eINXWb<}B=0M(_?j+l5)gj3 zJ4_qSE_pjawa0b~`AX~O=4(HmOOr0j00G??HnnuzSPcoc_l-}ZCq1t|aJq-Yi*HjM z%OT{Nb=~q05;*4%+#FcIUKh4)!?kTQ>=}g&V&p-JUoh>0;LPYj?!l z-IE=>b8P-ppWEcLLEF)Lx1{5B4J*Y?wy};je_F~{KFLm2yj5u^S!w23@9noNw>CY^ zY*p6dyytcqukCEp-FDeedX_e2c+=VD-Qq@3&5Gl_BTH>t^6hIhDnEJWO_VIsTHUnv zJv1y~e|%V&_2EVEpuiO?UbT2t4p7}Zu5;(6HkbZpw^wP5mYg!>*Y44M`)&`=Do@;F zFA&p*=SKkq;uW>uO@H>TtuCFtpVaxd)INS|v&W0_4r27ws`CQ}?b`71$?PE;$QeG0 zdbX=>Wt#dqy$L(_ao~_L#_BQlm4IUnmo8e{tWA9ODmmbf^%4(~kNi&809iU=x4e{s zWd56k)t&F{?UHCeZWe{gUJi2gx@n2FUSUJ_26Yh4%U%|cx$ag;bIHHYq#X zSGhLT#Lrds{ah@Y7~`H~?cY)oc86XbH9>y%WXDHd>U#DbUj5U0 z)Mz}b5WBf?jOEkkIWFDTd>AE(7}7uY)&2A|TaQbr zma4&*Y#4MY#F{GKxg9=BdZv6+y}N8u-SR0@U+)h(5MVSraMKo(yvU1cS2dH~M2Dr_ zJ;>^SO;Vm8OqCOyT0h404vle_yS}3_->S@4He-62ZQF;2aSrP^WWAHrl@9$zdTH&I zni#Pv_H(gkkzY#kwOaAUC(CyJ`nk|(D<|WF^7o!IP9C=PyKFFfP`s6D@$QZySB=fd z``Rk!K6bnIA^q8cLwQjJsn2{zFAtlZu|`UIl2mHSQl;2}yP5MhiCJ$m%z2+*@+2>Q zs@w6h!8ztli*>8!*SQXfwA$X+M(J1ONs_73d(NKSZoTB~`wxfv$(g^qV!F}6v}8xk zZjy zk{7)?Hli>=thHj)p|Aw4sAFk8okq089}f4uVdYyJqFnMiQ9?2`UG31yIq?_1_nYK7 zFQ89TlS9|uUq*htw<`IaYlpp1XGf0?(`gwbz_Dd4y7*TAEcM>39$tU^@$pIZkZJ2z zF=Ujqp0B2cSL?GO#>Fkl6%{!vZY>^h-FAt)k8I(W{O~7s`;QG`w`|(vD;4iD-+p{L z)N?zB;%U*CLFt+ zozHKaK6-SVc~G?U3&le{ZVvsRm1}%F!F=3siCz)D_G-NqFDgAiN>#RLUh(C;m;u%! zmqygpjCi0}k)Ued(d32o^Z2IA6@7#1<2Q-7d0OUCN!jBGmTBtNBX{^smpgar zCS0)E{I%g|W1OPLk)|l4-(B>2<;&&mj~JoYWm^R^LwSOOzJV?Y!J^3^$WMxvQQQL#ZF%DWQ=Nou_*&nrAXI@)tr@FdcZek0R2F2{wab0|OcV(|b zN25b_eJ;4VPA+~#AMewxjZuZqTEEwvaCIGC<~w)p!8RX)b}sSL$B%}F z!YrL8EvUCfw$7EyS8{^ZEE#k2^5vJg_9-|)UCx~GEG)^g0{*=2tHC`b9^jiQYgQGD zxFAploVhsMzH)~1>z7zT&|m3@nQz&A$}?!lrSsn2=3DeHO=j-tnt81}_n3S97`Kc; z>xK;+sF#?qLQ5A%_oloCU+~~r+UJSEvs40q$_8d zTv!nUsfPguih2I&{k_7I&N@l?$Yg)+Hv60Y4m~HG>S^Y0w4x33@2uRgc-(^7lTFrJ zUp*rpR(fXVYCT0+XPZXN!`o+k`Q?d>WnpDx;n=zk&jZYJr*WMv_Pm++Wa)ERx$J|> zpBv(mxMJPvRx-c1vGVpoH(pyAZwU!fF3nyo zt`*|^prp)O|B0&6@9Agl+~?f<p zUX^}(5K~bY9bKQ48LND_G5gMZ$#Xs*Pg^e-sh=^Wi^&AH1K;XrUf*uk^h&BB+kW`s zDOqMldo_7qX?I`v$KO18u~xF{)V4Y6wI!sBSLPMB^eXh$_Piyz>+HnB;QwQquQR3yM?r(wJCY+t^pml<^gKA=Qoz1aQ@@pEFQ01}wMiQ(;Ug?% z^f5nvcgf=VUZBI#PLHJEgRVXeU;!niXHDXh5G(Ty)%56@_rBG)PV`h|4MNmpQ(+B3 z?6nr>mZ}X4WV$Tz^3vP*t_6q@NO!rosD(-`rN%cuyR5snA_q*1{J0Bg6IZi5x^qyrGG%6+d@v=Yrt9%%{ zNPC#}*}7H1rhx%%UaB$HR%!P?9~g3C`?{2ZPDiY|J_{?_QUIy;rSYUsa7qxz9ntc5a*TdhQq+ha}oGlxeRrYj( zxQW(IbkzsCT?@^(NqTG9>sQJr zPo}nBrB?7{1aM^FRQ+3a1$76jXnJ>1`FHx(5NcQxUzw{`EdK121=dfWs-BNo@*5(= zIg2V6IUPOH<4t(P?c2_46Q46}*mQq_M$qZ==Myj)crbtIV^8#|(urrSS@me~;#1zv zGCW(Z{UP&Nc`c>&I<@qrSN8|4D3tDTE3;>2TV|h=WuNFj#d{w*T^3vQAZzG{n->T8 zRm_OonVC6r#%+st06Af!_d`=Jhw4EcZtAvKXQ(Yd+nh?J=tq)2I*Q3#EqZC(G59%iXR}PRj^B zq`AbX@P2|})bn-rVRI|`jO#nKxNv2Y<b1zE$s|I1O!b#kpLw$D>1}MwaH>d?9zuI42=7 z>9I}Qn?<0Yo{i-S5eqf!22Ybzno_fJYs(0a)R+D3Wk35mH@Gx~)s6=u(l%I9njIva z{XFE=C)rz(Hm1pjlZIdM*NHv9tR}3FoTEr-4I?n_HfDcJ8dc$iD$(3xHx z<^(twjB`6~W^P$JcyPAO+p4#R=Y$ryl~3${U8#fk03 zP2-UFk6b3j@BDQA?ScbAt(o<9a`c^(hT9dZR=E%D0~1s~rZ!!}X1;T4aJJ=8x!Y42 z@Ar&tZvD0w;#yjo#OJ&S`{p`t1^e??OZrFaJ6CTk%6D>n_+X*e;3-~dtUrfzZtY%| zwB*kxj~{pIHMOCm)A#B#oPx@iH`H#h7|+}^WQgtC*KeYiq#OFmw>Tut_g-HA(O2<` zx*ujoVk1XZvJhap(}4qzF5hzb-e-5o(T&v%x){hA#68H(%p5&!T1L{QJr3s7hrtJr z9`#XbNn`w@r@J<_`0J?`r@UuE)(Fsw%hgkK1Y3pQdd1I0N$bWHz1)?#;Rhto>r^?T zJWjGudyJu#ae(YVIpfi_o<>1*HUzW)hs{4G$7x44Jw<9+PKRu@J6E`if z^ixEaomR$+I;fB)f%I1gqF%|MDUliGnQNPdI+=R=@t~X>lFdVqe&D_~yu0wbfhZ-j5oqEI+ee_5KN)^Iu<( z6ganVhMo&7F-TL8m;G3OrTZ)Uq}12(GRw~8EteEjo%0rr&fadgYtrWPAAdQ>-y4s? zS8X4FU?Ut<76+lO{lz90ftvQ?CI0`_A3fVTjGZ^FlYXApJK>!yTeNavn9BM;{vT7m B_UQls literal 0 HcmV?d00001 From b643363e82733aed47ab15cdfa95fd014474483c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 12:07:34 -0500 Subject: [PATCH 105/487] [fix] Directories need -r flag --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5c66d2b75..41aaf5ab6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1435,7 +1435,7 @@ reinstall_init() { mv /opt/so /opt/so_old # Remove container data directories - rm -f /nsm/mysql + rm -rf /nsm/mysql } >> $setup_log 2>&1 } From 3150367b1d8e11936828d74955653dfcf381f47d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 12:52:37 -0500 Subject: [PATCH 106/487] [fix] Add epoch string to /opt/so folder name --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index ca8618e53..58f671462 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1430,7 +1430,7 @@ reinstall_init() { docker rm -f $(docker ps -a -q --filter "name=so-") # Backup /opt/so since we'll be rebuilding this directory during setup - mv /opt/so /opt/so_old + mv /opt/so "/opt/so_old_$(date +%s)" # Remove container data directories rm -rf /nsm/mysql From 2aa21512e53a500a9761ca1f1b560c31909ab4f0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 13:40:45 -0500 Subject: [PATCH 107/487] Update soup --- salt/common/tools/sbin/soup | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index aac34acb8..08c9778ef 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -141,7 +141,6 @@ detect_os() { highstate() { # Run a highstate. - echo "Running a highstate. This could take a few minutes" salt-call state.highstate -l info queue=True } From 3825becd1b6c91e47a95d6863c88925ec19775e6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 13:44:52 -0500 Subject: [PATCH 108/487] Update changes.json --- salt/soc/files/soc/changes.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 680dbd54d..e9556aee6 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,8 +1,7 @@ { - "title": "Security Onion 2.3.2 is here!", + "title": "Security Onion 2.3.3 is here!", "changes": [ - { "summary": "Elastic components have been upgraded to 7.9.3." }, - { "summary": "Fixed an issue where curator was unable to delete a closed index." }, + { "summary": "Updated salt to 3002.1 to address CVE-2020-16846, CVE-2020-17490, CVE-2020-25592." }, { "summary": "Cheat sheet is now available for airgap installs." }, { "summary": "Known Issues

" } ] From 6b144903fc7a86839608abbe050ff04b0eea80ed Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 4 Nov 2020 13:47:37 -0500 Subject: [PATCH 109/487] Update VERIFY_ISO.md --- VERIFY_ISO.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index f6dc51b60..256868b00 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.2 ISO image built on 2020/10/25 +### 2.3.3 ISO image built on 2020/10/25 ### Download and Verify -2.3.2 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso +2.3.3 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso MD5: 8010C32803CD62AA3F61487524E37049 SHA1: DCA300424C9DF81A4F332B8AA3945E18779C9D28 SHA256: 1099494AA3E476D682746AAD9C2BD7DED292589DFAAB7B517933336C07AA01D0 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,17 +24,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso +gpg --verify securityonion-2.3.3.iso.sig securityonion-2.3.3.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: From b2759c4c7c703ee8e8796625b9afdc8a21cce819 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:19:25 -0500 Subject: [PATCH 110/487] [fix] Uninstall launcher if installed --- setup/so-functions | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 58f671462..0291c5641 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1435,6 +1435,17 @@ reinstall_init() { # Remove container data directories rm -rf /nsm/mysql + # Remove the old launcher package in case the config changes + if [ $OS = 'centos' ]; then + if rpm -qa | grep launcher-final; then + yum remove -y launcher-final + fi + else + if dpkg -l | grep launcher-final; then + apt purge -y launcher-final + fi + fi + } >> $setup_log 2>&1 } From 1e41b9ba3102cfa51175e920b414b64a2f922e5a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:20:26 -0500 Subject: [PATCH 111/487] [fix] Add conditions for commands so they're less likely to fail --- setup/so-functions | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0291c5641..faadee63f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1410,27 +1410,37 @@ reserve_group_ids() { } reinstall_init() { - local minion_config=/etc/salt/minion - info "Putting system in state to run setup again" - info "Some commands may fail depending on whether setup previously succeeded" { + local minion_config=/etc/salt/minion + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up - sed -i '/startup_states/d' $minion_config + if [[ -f $minion_config ]] && grep -q "startup_states" $minion_config; then + sed -i '/startup_states/d' $minion_config + fi - # Disable schedule so highstate doesn't start running during the install - salt-call -l info schedule.disable + if command -v salt-call &> /dev/null; then + # Disable schedule so highstate doesn't start running during the install + salt-call -l info schedule.disable - # Kill any currently running salt jobs, also to prevent issues with highstate. - salt-call -l info saltutil.kill_all_jobs + # Kill any currently running salt jobs, also to prevent issues with highstate. + salt-call -l info saltutil.kill_all_jobs + fi - # Stop and remove all so-* containers so files can be changed with more safety - docker stop $(docker ps -a -q --filter "name=so-") - docker rm -f $(docker ps -a -q --filter "name=so-") + if command -v docker &> /dev/null; then + # Stop and remove all so-* containers so files can be changed with more safety + docker stop $(docker ps -a -q --filter "name=so-") + docker rm -f $(docker ps -a -q --filter "name=so-") + fi + + local date_string + date_string=$(date +%s) # Backup /opt/so since we'll be rebuilding this directory during setup - mv /opt/so "/opt/so_old_$(date +%s)" + if [[ -d /opt/so ]]; then + mv /opt/so "/opt/so_old_${date_string}" + fi # Remove container data directories rm -rf /nsm/mysql From b4446cba9ae6a68cfa646949c38d751677c84371 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:20:51 -0500 Subject: [PATCH 112/487] [refactor][wip] Also backup directories in /nsm --- setup/so-functions | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index faadee63f..ad2ce7f41 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1442,8 +1442,11 @@ reinstall_init() { mv /opt/so "/opt/so_old_${date_string}" fi - # Remove container data directories - rm -rf /nsm/mysql + # Backup /nsm for the same reason + while IFS= read -r -d '' dir; do + mv "$dir" "${dir}_old_${date_string}" + done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -print0) + # Remove the old launcher package in case the config changes if [ $OS = 'centos' ]; then From 5cb8d0beda46ed6d57cb139f1a9ef0df771c9c95 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:23:24 -0500 Subject: [PATCH 113/487] [fix] Add -q flag to grep --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index ad2ce7f41..35f8aea2f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1450,11 +1450,11 @@ reinstall_init() { # Remove the old launcher package in case the config changes if [ $OS = 'centos' ]; then - if rpm -qa | grep launcher-final; then + if rpm -qa | grep -q launcher-final; then yum remove -y launcher-final fi else - if dpkg -l | grep launcher-final; then + if dpkg -l | grep -q launcher-final; then apt purge -y launcher-final fi fi From 4369b8d0f65bb7fd8f51992a92c272a7c017cdd7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 16:14:58 -0500 Subject: [PATCH 114/487] [fix] Remove wazuh-agent package as well --- setup/so-functions | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 35f8aea2f..438394a75 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1447,21 +1447,26 @@ reinstall_init() { mv "$dir" "${dir}_old_${date_string}" done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -print0) - # Remove the old launcher package in case the config changes - if [ $OS = 'centos' ]; then - if rpm -qa | grep -q launcher-final; then - yum remove -y launcher-final - fi - else - if dpkg -l | grep -q launcher-final; then - apt purge -y launcher-final - fi - fi + remove_package launcher-final + remove_package wazuh-agent } >> $setup_log 2>&1 } +remove_package() { + local package_name=$1 + if [ $OS = 'centos' ]; then + if rpm -qa | grep -q "$package_name"; then + yum remove -y "$package_name" + fi + else + if dpkg -l | grep -q "$package_name"; then + apt purge -y "$package_name" + fi + fi +} + # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml saltify() { From cb75b2df6593b132ea130a766d962bad40838a93 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 16:23:51 -0500 Subject: [PATCH 115/487] [revert] Remove wazuh-agent package as well --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 438394a75..6618f34c1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1449,7 +1449,6 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - remove_package wazuh-agent } >> $setup_log 2>&1 } From f7394559d4c03a9a035d69093c2a2b8e74e04ce7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:16:52 -0500 Subject: [PATCH 116/487] [fix] Only add entry to /etc/hosts if unable to resolve hostname --- setup/so-functions | 16 +++------------- setup/so-setup | 7 +++++-- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6618f34c1..993cf5751 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -103,6 +103,9 @@ add_manager_hostfile() { local exitstatus=$? whiptail_check_exitstatus $exitstatus + + # Add manager to hosts file + echo "$MSRVIP $MSRV" >> /etc/hosts } addtotab_generate_templates() { @@ -1852,25 +1855,12 @@ set_default_log_size() { set_hostname() { - set_hostname_iso - - if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then - if ! getent hosts "$MSRV"; then - echo "$MSRVIP $MSRV" >> /etc/hosts - fi - fi - -} - -set_hostname_iso() { - hostnamectl set-hostname --static "$HOSTNAME" echo "127.0.0.1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts echo "::1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts echo "$HOSTNAME" > /etc/hostname hostname -F /etc/hostname - } set_initial_firewall_policy() { diff --git a/setup/so-setup b/setup/so-setup index 348578f8c..c8c6dcdb2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -438,15 +438,18 @@ fi if [[ "$setup_type" == 'iso' ]]; then # Init networking so rest of install works - set_hostname_iso + set_hostname set_management_interface fi disable_ipv6 disable_auto_start +if [[ "$setup_type" != 'iso' ]]; then + set_hostname >> $setup_log 2>&1 +fi + { - set_hostname; set_version; clear_manager; } >> $setup_log 2>&1 From f058fb460dda73f76c79a3eefa1960bf1fa06874 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:25:02 -0500 Subject: [PATCH 117/487] [fix] Don't modify hosts file during whiptail menus --- setup/so-functions | 8 ++++++-- setup/so-setup | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 993cf5751..f764071cc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -103,9 +103,13 @@ add_manager_hostfile() { local exitstatus=$? whiptail_check_exitstatus $exitstatus +} - # Add manager to hosts file - echo "$MSRVIP $MSRV" >> /etc/hosts + +add_mngr_ip_to_hosts() { + if [[ -n "$MSRVIP" ]]; then + echo "$MSRVIP $MSRV" >> /etc/hosts + fi } addtotab_generate_templates() { diff --git a/setup/so-setup b/setup/so-setup index c8c6dcdb2..cf180000f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -446,7 +446,11 @@ disable_ipv6 disable_auto_start if [[ "$setup_type" != 'iso' ]]; then - set_hostname >> $setup_log 2>&1 + set_hostname +fi + +if [[ $is_minion ]]; then + add_mngr_ip_to_hosts fi { From 915aaf58f2bf6856c446211e4e8cae115b85a9b7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:28:21 -0500 Subject: [PATCH 118/487] [fix] Always set MSRVIP because /etc/hosts is wiped --- setup/so-functions | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index f764071cc..87ba2f922 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -107,9 +107,12 @@ add_manager_hostfile() { add_mngr_ip_to_hosts() { - if [[ -n "$MSRVIP" ]]; then - echo "$MSRVIP $MSRV" >> /etc/hosts + if [[ -z "$MSRVIP" ]]; then + MSRVIP=getent hosts "$MSRV" | awk 'NR==1{print $1}' fi + + echo "$MSRVIP $MSRV" >> /etc/hosts + } addtotab_generate_templates() { From b27b2e358b3bef423e6b1566c9efe738d1d527dd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:38:08 -0500 Subject: [PATCH 119/487] [fix] Set MSRVIP variable before hosts file is overwritten --- setup/so-functions | 6 ------ setup/so-whiptail | 2 ++ 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 87ba2f922..a0ac5bac6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -105,14 +105,8 @@ add_manager_hostfile() { whiptail_check_exitstatus $exitstatus } - add_mngr_ip_to_hosts() { - if [[ -z "$MSRVIP" ]]; then - MSRVIP=getent hosts "$MSRV" | awk 'NR==1{print $1}' - fi - echo "$MSRVIP $MSRV" >> /etc/hosts - } addtotab_generate_templates() { diff --git a/setup/so-whiptail b/setup/so-whiptail index cc37f0545..20682a8b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -791,6 +791,8 @@ whiptail_management_server() { if ! getent hosts "$MSRV"; then add_manager_hostfile + else + MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}') fi } From 2911e37b707ca2a87e36d5fd6c1bab531728c898 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 5 Nov 2020 14:03:08 -0500 Subject: [PATCH 120/487] Don't sleep if not registering agent --- salt/wazuh/files/agent/wazuh-register-agent | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index bcb674dbf..6762f023d 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -136,13 +136,12 @@ shift $(($OPTIND - 1)) # fi # fi -# Default action -> try to register the agent -echo "Waiting before registering agent..." -sleep 30s if [ -f /opt/so/conf/wazuh/initial_agent_registration.log ]; then echo "Agent $AGENT_ID already registered!" exit 0 else + echo "Waiting before registering agent..." + sleep 30s register_agent cleanup_creds echo "Initial agent $AGENT_ID with IP $AGENT_IP registered on $DATE." > /opt/so/conf/wazuh/initial_agent_registration.log From b528fe1a0345163df17f224e5d4cfc74efe6b4d8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 14:39:04 -0500 Subject: [PATCH 121/487] [fix] Only show analyst on network installs Closes #1682 --- setup/so-whiptail | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 20682a8b5..21e394b65 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -635,12 +635,22 @@ whiptail_install_type_other() { [ -n "$TESTING" ] && return - install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 9 65 2 \ - "ANALYST" "Quit setup and run so-analyst-install " ON \ - "HELIXSENSOR" "Create a Helix sensor " OFF \ - 3>&1 1>&2 2>&3 - ) + # so-analyst-install will only work with a working network connection + # so only show it on network installs for now + if [[ $setup_type == 'network' ]]; then + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 9 65 2 \ + "ANALYST" "Quit setup and run so-analyst-install " ON \ + "HELIXSENSOR" "Create a Helix sensor " OFF \ + 3>&1 1>&2 2>&3 + ) + else + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 8 65 1 \ + "HELIXSENSOR" "Create a Helix sensor " ON \ + 3>&1 1>&2 2>&3 + ) + fi local exitstatus=$? whiptail_check_exitstatus $exitstatus From d2ea197ce090bcbdaed98b25cd31cb7d00bbefe9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 14:40:00 -0500 Subject: [PATCH 122/487] [fix] Remove old entry for manager from known_hosts Resolves #1839 --- setup/so-functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 0ac1d0446..a5c620440 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -641,6 +641,10 @@ copy_ssh_key() { mkdir -p /root/.ssh ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" < /dev/zero chown -R "$SUDO_USER":"$SUDO_USER" /root/.ssh + + echo "Removing old entry for manager from known_hosts if it exists" + sed -i "/${MSRV}/d" /root/.ssh/known_hosts + echo "Copying the SSH key to the manager" #Copy the key over to the manager ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV" From 8da070d5118d4862f2e78db8e48f8944aef53dbb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 5 Nov 2020 17:46:23 -0500 Subject: [PATCH 123/487] https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 53 ++++++++++++++++++++++---------- salt/salt/lasthighstate.sls | 0 2 files changed, 37 insertions(+), 16 deletions(-) create mode 100644 salt/salt/lasthighstate.sls diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 519d9f39d..714e71bc9 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -23,11 +23,16 @@ if ! [ "$(id -u)" = 0 ]; then fi # Constants +SYSTEM_START_TIME=$(date -d "$( Date: Thu, 5 Nov 2020 17:51:51 -0500 Subject: [PATCH 124/487] https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 2 +- salt/salt/lasthighstate.sls | 4 ++++ salt/top.sls | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 714e71bc9..05f32d7ce 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -24,7 +24,7 @@ fi # Constants SYSTEM_START_TIME=$(date -d "$( Date: Thu, 5 Nov 2020 17:52:28 -0500 Subject: [PATCH 125/487] https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 05f32d7ce..26d390454 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -24,7 +24,8 @@ fi # Constants SYSTEM_START_TIME=$(date -d "$( Date: Thu, 5 Nov 2020 17:54:10 -0500 Subject: [PATCH 126/487] https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 26d390454..8d50bc2fd 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -25,7 +25,7 @@ fi # Constants SYSTEM_START_TIME=$(date -d "$( Date: Thu, 5 Nov 2020 18:03:42 -0500 Subject: [PATCH 127/487] add color - https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 8d50bc2fd..17bf50523 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -167,11 +167,11 @@ print_line() { local PADDING_CONSTANT=14 - if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]]; then + if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]] || [[ $service_state = "$WAIT_START_STRING" ]]; then state_color="\e[1;31m" elif [[ $service_state = "$SUCCESS_STRING" ]]; then state_color="\e[1;32m" - elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]]; then + elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]] || [[ $service_state = "$STARTING_STRING" ]]; then state_color="\e[1;33m" fi From c7b4a5351cb99325a412bfd09301bfd2332d7792 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 5 Nov 2020 18:17:11 -0500 Subject: [PATCH 128/487] fix logic - https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 17bf50523..0aff7a5a2 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -146,7 +146,7 @@ parse_status() { # if a highstate has not run since system start time, but a highstate is currently running # then show that the containers are STARTING - elif [ $HIGHSTATE_RUNNING -eq 0 ]; then + elif [[ "$HIGHSTATE_RUNNING" == 0 ]]; then printf $STARTING_STRING && return 0 # if a highstate has not finished running since system startup and isn't currently running From 21b284fb100334073aead4226b097ba4f31ef4df Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 5 Nov 2020 18:46:11 -0500 Subject: [PATCH 129/487] show if disabled regardless of highstate status - https://github.com/Security-Onion-Solutions/securityonion/issues/1764 --- salt/common/tools/sbin/so-status | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 0aff7a5a2..523149e25 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -121,6 +121,10 @@ parse_status() { [[ $container_state = "$state" ]] && printf $SUCCESS_STRING && return 0 done + for state in "${BAD_STATUSES[@]}"; do + [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]] && printf $DISABLED_STRING && return 0 + done + # if a highstate has finished running since the system has started # then the containers should be running so let's check the status if [ $LAST_HIGHSTATE_END -ge $SYSTEM_START_TIME ]; then @@ -133,13 +137,7 @@ parse_status() { # This is technically not needed since the default is error state for state in "${BAD_STATUSES[@]}"; do - if [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]]; then - printf $DISABLED_STRING - return 0 - elif [[ $container_state = "$state" ]]; then - printf $ERROR_STRING - return 1 - fi + [[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1 done printf $ERROR_STRING && return 1 From 7eb0dab6c7839c53a5456c2a65988388603ff712 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 5 Nov 2020 19:08:19 -0500 Subject: [PATCH 130/487] increase padding by 1 - https://github.com/Security-Onion-Solutions/securityonion/issues/1536 --- salt/common/tools/sbin/so-status | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 523149e25..904c3ae7d 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -163,7 +163,7 @@ print_line() { local columns=$(tput cols) local state_color="\e[0m" - local PADDING_CONSTANT=14 + local PADDING_CONSTANT=15 if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]] || [[ $service_state = "$WAIT_START_STRING" ]]; then state_color="\e[1;31m" From 6b2ab67c584a291b9bbc321a68fb2ab8e01e5230 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 6 Nov 2020 08:52:36 -0500 Subject: [PATCH 131/487] [fix] Bump version of navigator json to 3.0 + fix booleans --- salt/nginx/files/nav_layer_playbook.json | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/salt/nginx/files/nav_layer_playbook.json b/salt/nginx/files/nav_layer_playbook.json index 7b7f39098..69db796e8 100644 --- a/salt/nginx/files/nav_layer_playbook.json +++ b/salt/nginx/files/nav_layer_playbook.json @@ -1,6 +1,6 @@ { "name": "Playbook", - "version": "2.2", + "version": "3.0", "domain": "mitre-enterprise", "description": "Current Coverage of Playbook", "filters": { @@ -13,16 +13,15 @@ }, "sorting": 0, "viewMode": 0, - "hideDisabled": "false", - "techniques": [{ - }], + "hideDisabled": false, + "techniques": [], "gradient": { "colors": ["#ff6666", "#ffe766", "#8ec843"], "minValue": 0, "maxValue": 100 }, "metadata": [], - "showTacticRowBackground": "false", + "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", - "selectTechniquesAcrossTactics": "true" + "selectTechniquesAcrossTactics": true } From 51256983da03c9dec9a119330a9523027af64e26 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 6 Nov 2020 08:53:30 -0500 Subject: [PATCH 132/487] [fix] Make sure pip is installed on Ubuntu --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a5c620440..c19490e73 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1626,9 +1626,9 @@ saltify() { salt-common=3002.1+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then - apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 + apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 else - apt-get -y install python-dateutil python-m2crypto python-mysqldb >> "$setup_log" 2>&1 + apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb >> "$setup_log" 2>&1 fi fi From 12125deecb223fa23de0d6ef710d9b8e43b20c64 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 9 Nov 2020 11:06:08 -0500 Subject: [PATCH 133/487] [feat] Show link state in whiptail menus --- setup/so-common-functions | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/setup/so-common-functions b/setup/so-common-functions index c3df787cc..0afd732ce 100644 --- a/setup/so-common-functions +++ b/setup/so-common-functions @@ -18,12 +18,22 @@ filter_unused_nics() { fi # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use) - filtered_nics=$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') + filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g') readarray -t filtered_nics <<< "$filtered_nics" nic_list=() for nic in "${filtered_nics[@]}"; do - nic_list+=("$nic" "" "OFF") + case $(cat "/sys/class/net/${nic}/carrier") in + 1) + nic_list+=("$nic" "Link UP " "OFF") + ;; + 0) + nic_list+=("$nic" "Link DOWN " "OFF") + ;; + *) + nic_list+=("$nic" "Link UNKNOWN " "OFF") + ;; + esac done export nic_list From 7e578d2ce04c692311641f3b29821145c4813a31 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 9 Nov 2020 16:53:53 +0000 Subject: [PATCH 134/487] Pull out additional fields from Exif info --- salt/elasticsearch/files/ingest/strelka.file | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file index 82474d8b5..e5e8560f8 100644 --- a/salt/elasticsearch/files/ingest/strelka.file +++ b/salt/elasticsearch/files/ingest/strelka.file @@ -12,7 +12,7 @@ { "if": "ctx.exiftool?.keys !=null", "field": "exiftool.keys", - "processor":{ + "processor": { "append": { "field": "scan.exiftool", "value": "{{_ingest._value.key}}={{_ingest._value.value}}" @@ -20,6 +20,18 @@ } } }, + { "foreach": + { + "if": "ctx.exiftool?.keys !=null", + "field": "exiftool.keys", + "processor": { + "set": { + "field": "exiftool.{{_ingest._value.key}}", + "value": "{{_ingest._value.value}}" + } + } + } + }, { "foreach": { "if": "ctx.scan?.yara?.meta !=null", @@ -32,6 +44,14 @@ } } }, + { "set": { "if": "ctx.exiftool?.SourceFile != null", "field": "file.source", "value": "{{exiftool.SourceFile}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FilePermissions != null", "field": "file.permissions", "value": "{{exiftool.FilePermissions}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FileName != null", "field": "file.name", "value": "{{exiftool.FileName}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FileModifyDate != null", "field": "file.mtime", "value": "{{exiftool.FileModifyDate}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FileAccessDate != null", "field": "file.accessed", "value": "{{exiftool.FileAccessDate}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FileInodeChangeDate != null", "field": "file.ctime", "value": "{{exiftool.FileInodeChangeDate}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.FileDirectory != null", "field": "file.directory", "value": "{{exiftool.FileDirectory}}", "ignore_failure": true }}, + { "set": { "if": "ctx.exiftool?.Subsystem != null", "field": "host.subsystem", "value": "{{exiftool.Subsystem}}", "ignore_failure": true }}, { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "rule.name", "value": "{{scan.yara.matches.0}}" }}, { "set": { "if": "ctx.scan?.yara?.matches != null", "field": "dataset", "value": "alert", "override": true }}, { "rename": { "field": "file.flavors.mime", "target_field": "file.mime_type", "ignore_missing": true }}, From 9960cf05921c8f121521f80857a0f24d472938d4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 9 Nov 2020 12:05:37 -0500 Subject: [PATCH 135/487] [feat] Add salt module to check if mysql is accepting db connections --- salt/_modules/mysql.py | 35 +++++++++++++++++++++++++++++++++++ salt/mysql/init.sls | 5 +++++ 2 files changed, 40 insertions(+) create mode 100644 salt/_modules/mysql.py diff --git a/salt/_modules/mysql.py b/salt/_modules/mysql.py new file mode 100644 index 000000000..f4e35ae76 --- /dev/null +++ b/salt/_modules/mysql.py @@ -0,0 +1,35 @@ +#!py + +from MySQLdb import _mysql +import logging +import time + +log = logging.getLogger(__name__) + + +def status(retry): + mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) + mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] + + mysql_up = False + for i in range(0, retry): + log.debug(f'Connection attempt {i+1}') + try: + _mysql.connect( + host=mainip, + user="root", + passwd=__salt__['pillar.get']('secrets:mysql') + ) + mysql_up = True + break + except _mysql.OperationalError as e: + log.debug(e) + except Exception as e: + log.error(e) + break + time.sleep(1) + + if not mysql_up: + log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + + return mysql_up diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index 818b5c303..e1f37f29c 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -97,6 +97,11 @@ so-mysql: - timeout: 900 - onchanges: - docker_container: so-mysql + module.run: + - mysql.status: + - retry: 900 + - onchanges: + - cmd: so-mysql {% endif %} {% else %} From 394fa727cbb87346411c46a1db2e0662b45968aa Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 9 Nov 2020 13:05:29 -0500 Subject: [PATCH 136/487] [fix] Don't overwrite mysql module --- salt/_modules/mysql.py | 35 ----------------------------------- salt/_modules/so.py | 36 +++++++++++++++++++++++++++++++++++- salt/mysql/init.sls | 2 +- 3 files changed, 36 insertions(+), 37 deletions(-) delete mode 100644 salt/_modules/mysql.py diff --git a/salt/_modules/mysql.py b/salt/_modules/mysql.py deleted file mode 100644 index f4e35ae76..000000000 --- a/salt/_modules/mysql.py +++ /dev/null @@ -1,35 +0,0 @@ -#!py - -from MySQLdb import _mysql -import logging -import time - -log = logging.getLogger(__name__) - - -def status(retry): - mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) - mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] - - mysql_up = False - for i in range(0, retry): - log.debug(f'Connection attempt {i+1}') - try: - _mysql.connect( - host=mainip, - user="root", - passwd=__salt__['pillar.get']('secrets:mysql') - ) - mysql_up = True - break - except _mysql.OperationalError as e: - log.debug(e) - except Exception as e: - log.error(e) - break - time.sleep(1) - - if not mysql_up: - log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') - - return mysql_up diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 50c29902f..43ffac250 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -1,4 +1,38 @@ #!py +import logging + def status(): - return __salt__['cmd.run']('/usr/sbin/so-status') \ No newline at end of file + return __salt__['cmd.run']('/usr/sbin/so-status') + + +def mysql_conn(retry): + from MySQLdb import _mysql + import time + + log = logging.getLogger(__name__) + mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) + mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] + + mysql_up = False + for i in range(0, retry): + log.debug(f'Connection attempt {i+1}') + try: + _mysql.connect( + host=mainip, + user="root", + passwd=__salt__['pillar.get']('secrets:mysql') + ) + mysql_up = True + break + except _mysql.OperationalError as e: + log.debug(e) + except Exception as e: + log.error(e) + break + time.sleep(1) + + if not mysql_up: + log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + + return mysql_up \ No newline at end of file diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index e1f37f29c..121e689f8 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -98,7 +98,7 @@ so-mysql: - onchanges: - docker_container: so-mysql module.run: - - mysql.status: + - so.mysql_conn: - retry: 900 - onchanges: - cmd: so-mysql From 5616aa6beb48c107178b8c0a56a517911afcecb2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Nov 2020 13:12:45 -0500 Subject: [PATCH 137/487] fix top logic for mysql - https://github.com/Security-Onion-Solutions/securityonion/issues/1857 --- salt/top.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index 36fd171e1..5976e3eaa 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -98,7 +98,7 @@ base: - idstools - suricata.manager - healthcheck - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -156,7 +156,7 @@ base: - manager - idstools - suricata.manager - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -206,7 +206,7 @@ base: - idstools - suricata.manager - healthcheck - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -337,7 +337,7 @@ base: - manager - idstools - suricata.manager - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} From f647a06239e0d54cbb25b0c10bd961bba0cbbb4b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 9 Nov 2020 13:37:42 -0500 Subject: [PATCH 138/487] [fix] Correct percentage steps --- setup/so-setup | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index cf180000f..0d98d6a01 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -701,24 +701,24 @@ fi salt-call state.apply -l info fleet.event_update-custom-hostname pillar="$pillar_override" >> $setup_log 2>&1 fi - set_progress_str 74 "$(print_salt_state_apply 'so-fleet-setup')" + set_progress_str 78 "$(print_salt_state_apply 'so-fleet-setup')" so-fleet-setup "$FLEETNODEUSER" "$FLEETNODEPASSWD1" >> $setup_log 2>&1 fi if [[ "$WAZUH" = 1 ]]; then - set_progress_str 78 "$(print_salt_state_apply 'wazuh')" + set_progress_str 79 "$(print_salt_state_apply 'wazuh')" salt-call state.apply -l info wazuh >> $setup_log 2>&1 fi if [[ "$THEHIVE" = 1 ]]; then - set_progress_str 79 "$(print_salt_state_apply 'thehive')" + set_progress_str 80 "$(print_salt_state_apply 'thehive')" salt-call state.apply -l info thehive >> $setup_log 2>&1 fi if [[ "$STRELKA" = 1 ]]; then if [[ $is_sensor ]]; then - set_progress_str 80 "$(print_salt_state_apply 'strelka')" + set_progress_str 81 "$(print_salt_state_apply 'strelka')" salt-call state.apply -l info strelka >> $setup_log 2>&1 fi if [[ $STRELKARULES == 1 ]]; then @@ -727,15 +727,15 @@ fi fi if [[ $is_manager || $is_helix || $is_import ]]; then - set_progress_str 81 "$(print_salt_state_apply 'utility')" + set_progress_str 82 "$(print_salt_state_apply 'utility')" salt-call state.apply -l info utility >> $setup_log 2>&1 fi if [[ ( $is_helix || $is_manager || $is_node ) && ! $is_eval ]]; then - set_progress_str 82 "$(print_salt_state_apply 'logstash')" + set_progress_str 83 "$(print_salt_state_apply 'logstash')" salt-call state.apply -l info logstash >> $setup_log 2>&1 - set_progress_str 83 "$(print_salt_state_apply 'filebeat')" + set_progress_str 84 "$(print_salt_state_apply 'filebeat')" salt-call state.apply -l info filebeat >> $setup_log 2>&1 fi From ff4d7a6cb60654c68cde17cc896462bcb73f80a2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 9 Nov 2020 14:01:19 -0500 Subject: [PATCH 139/487] [fix] Sync modules so states can use our modules during setup --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index c19490e73..51a9b01c0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1729,6 +1729,7 @@ salt_checkin() { { salt-call state.apply ca; salt-call state.apply ssl; + salt-call saltutil.sync_modules; } >> "$setup_log" 2>&1 } From 0e19594c97142b8e4436791d1cebd9d2afddb56f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Nov 2020 15:25:11 -0500 Subject: [PATCH 140/487] enable fleet in global pillars before running fleet state during setup https://github.com/Security-Onion-Solutions/securityonion/issues/1857 --- salt/fleet/event_enable-fleet.sls | 2 +- salt/reactor/fleet.sls | 11 ++++++----- setup/so-setup | 7 ++----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls index d09749a55..28542ba6c 100644 --- a/salt/fleet/event_enable-fleet.sls +++ b/salt/fleet/event_enable-fleet.sls @@ -1,4 +1,4 @@ -{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} +{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default', '') %} {% set MAININT = salt['pillar.get']('host:mainint') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index a32fb5cfd..a4226b027 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -31,16 +31,17 @@ def run(): print(line) # Update the enroll secret in the secrets pillar - for line in fileinput.input(SECRETSFILE, inplace=True): - line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip()) - print(line) + if ESECRET != "": + for line in fileinput.input(SECRETSFILE, inplace=True): + line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip()) + print(line) - # Update the Fleet host in the static pillar + # Update the Fleet host in the static pillar for line in fileinput.input(STATICFILE, inplace=True): line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip()) print(line) - # Update the Fleet IP in the static pillar + # Update the Fleet IP in the static pillar for line in fileinput.input(STATICFILE, inplace=True): line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip()) print(line) diff --git a/setup/so-setup b/setup/so-setup index cf180000f..c8f401656 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -684,12 +684,9 @@ fi fi if [[ "$OSQUERY" = 1 ]]; then - if [[ "$PLAYBOOK" != 1 ]]; then - set_progress_str 74 "$(print_salt_state_apply 'mysql')" - salt-call state.apply -l info mysql >> $setup_log 2>&1 - fi set_progress_str 75 "$(print_salt_state_apply 'fleet')" + salt-call state.apply fleet.event_enable-fleet # enable fleet in the global pillar salt-call state.apply -l info fleet >> $setup_log 2>&1 set_progress_str 76 "$(print_salt_state_apply 'redis')" @@ -701,7 +698,7 @@ fi salt-call state.apply -l info fleet.event_update-custom-hostname pillar="$pillar_override" >> $setup_log 2>&1 fi - set_progress_str 74 "$(print_salt_state_apply 'so-fleet-setup')" + set_progress_str 77 "$(print_salt_state_apply 'so-fleet-setup')" so-fleet-setup "$FLEETNODEUSER" "$FLEETNODEPASSWD1" >> $setup_log 2>&1 fi From f5a1bd40747dff47bcfbd61fdfb9c5696bb76162 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Nov 2020 16:25:28 -0500 Subject: [PATCH 141/487] only try to get enrollsecret if fleet is already enabled https://github.com/Security-Onion-Solutions/securityonion/issues/1857 --- salt/fleet/event_enable-fleet.sls | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls index 28542ba6c..83e5af4c3 100644 --- a/salt/fleet/event_enable-fleet.sls +++ b/salt/fleet/event_enable-fleet.sls @@ -1,4 +1,10 @@ -{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default', '') %} +{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} +{% if FLEETNODE or FLEETMANAGER %} + {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} +{% else %}} + {% set ENROLLSECRET = '' %} +{% endif %} {% set MAININT = salt['pillar.get']('host:mainint') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} From ae5bc297dd30d59d42c97623e3538f06050557a5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Nov 2020 17:06:32 -0500 Subject: [PATCH 142/487] remove extra squigly https://github.com/Security-Onion-Solutions/securityonion/issues/1857 --- salt/fleet/event_enable-fleet.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls index 83e5af4c3..34b031685 100644 --- a/salt/fleet/event_enable-fleet.sls +++ b/salt/fleet/event_enable-fleet.sls @@ -2,7 +2,7 @@ {% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {% if FLEETNODE or FLEETMANAGER %} {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %} -{% else %}} +{% else %} {% set ENROLLSECRET = '' %} {% endif %} {% set MAININT = salt['pillar.get']('host:mainint') %} From 66cd91c0a7ecbda9cb81cf771c65b0e336f7b5c4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Nov 2020 18:16:02 -0500 Subject: [PATCH 143/487] make so-status line color same as service state https://github.com/Security-Onion-Solutions/securityonion/issues/1864 --- salt/common/tools/sbin/so-status | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 904c3ae7d..951f55078 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -175,7 +175,7 @@ print_line() { printf " $service_name " for i in $(seq 0 $(( $columns - $PADDING_CONSTANT - ${#service_name} - ${#service_state} ))); do - printf "-" + printf "${state_color}%b\e[0m" "-" done printf " [ " printf "${state_color}%b\e[0m" "$service_state" From 7ca8fefdeda53dcd2f64d12ceaab0dd215b436c2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 10 Nov 2020 09:45:06 -0500 Subject: [PATCH 144/487] gpg sign images --- salt/common/tools/sbin/so-docker-refresh | 35 ++++++++++++++++++++---- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 770d9f241..f651b115f 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -29,16 +29,41 @@ manager_check() { } update_docker_containers() { - + SIGNPATH=/root/sosigs + rm -rf $SIGNPATH + mkdir -p $SIGNPATH + if [ -z "$BRANCH" ]; then + BRANCH="master" + fi # Download the containers from the interwebs for i in "${TRUSTED_CONTAINERS[@]}" do # Pull down the trusted docker image echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i - # Tag it with the new registry destination - docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i + docker pull quay.io/$IMAGEREPO/$i + + # Get signature + curl https://github.com/Security-Onion-Solutions/securityonion/blob/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg + if [[ $? -ne 0 ]] + echo "Unable to pull signature file for $i" + exit 1 + fi + # Dump our hash values + docker inspect quay.io/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + if [[ $? -ne 0 ]] + echo "Unable to inspect $i" + exit 1 + fi + GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) + if [[ $? -eq 0 ]] + # Tag it with the new registry destination + docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i + else + echo "There is a problem downloading the $i image. Details: " + echo "" + echo $GPGTEST + exit 1 done } From dba30fb0edb1d354dfbf62dbfa22d175f8595c4a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 09:48:20 -0500 Subject: [PATCH 145/487] [refactor] Split 15 min mysql startup between two wait states --- salt/mysql/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index 121e689f8..c8683b1a1 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -94,12 +94,12 @@ so-mysql: - /opt/so/conf/mysql/etc cmd.run: - name: until nc -z {{ MAINIP }} 3306; do sleep 1; done - - timeout: 900 + - timeout: 600 - onchanges: - docker_container: so-mysql module.run: - so.mysql_conn: - - retry: 900 + - retry: 300 - onchanges: - cmd: so-mysql {% endif %} From 22b7de819cd4a603eb44b78bce7f54c84eeb127b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 10:00:21 -0500 Subject: [PATCH 146/487] [fix] Put mysql import in try,catch in case it hasn't been installed --- salt/_modules/so.py | 57 ++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 43ffac250..de337c43f 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -3,36 +3,41 @@ import logging def status(): - return __salt__['cmd.run']('/usr/sbin/so-status') + return __salt__['cmd.run']('/usr/sbin/so-status') def mysql_conn(retry): - from MySQLdb import _mysql - import time + log = logging.getLogger(__name__) - log = logging.getLogger(__name__) - mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) - mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] + try: + from MySQLdb import _mysql + except ImportError as e: + log.error(e) + return False + from time import sleep - mysql_up = False - for i in range(0, retry): - log.debug(f'Connection attempt {i+1}') - try: - _mysql.connect( - host=mainip, - user="root", - passwd=__salt__['pillar.get']('secrets:mysql') - ) - mysql_up = True - break - except _mysql.OperationalError as e: - log.debug(e) - except Exception as e: - log.error(e) - break - time.sleep(1) + mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) + mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] - if not mysql_up: - log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + mysql_up = False + for i in range(0, retry): + log.debug(f'Connection attempt {i+1}') + try: + _mysql.connect( + host=mainip, + user="root", + passwd=__salt__['pillar.get']('secrets:mysql') + ) + mysql_up = True + break + except _mysql.OperationalError as e: + log.debug(e) + except Exception as e: + log.error(e) + break + sleep(1) - return mysql_up \ No newline at end of file + if not mysql_up: + log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.') + + return mysql_up \ No newline at end of file From 54d732a0602e12170a59ba464eb37adbc76e90aa Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 10:01:10 -0500 Subject: [PATCH 147/487] [refactor] Code cleanup --- salt/_modules/so.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index de337c43f..9a3706c78 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -9,12 +9,13 @@ def status(): def mysql_conn(retry): log = logging.getLogger(__name__) + from time import sleep + try: from MySQLdb import _mysql except ImportError as e: log.error(e) return False - from time import sleep mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint')) mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0] From b3c527e7a91ae2f266001b992d2e9fc257ba64e4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 10:05:06 -0500 Subject: [PATCH 148/487] [refactor] Code cleanup pt. 2 --- salt/_modules/so.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 9a3706c78..a15e7ee66 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -25,15 +25,17 @@ def mysql_conn(retry): log.debug(f'Connection attempt {i+1}') try: _mysql.connect( - host=mainip, - user="root", - passwd=__salt__['pillar.get']('secrets:mysql') + host=mainip, + user='root', + passwd=__salt__['pillar.get']('secrets:mysql') ) + log.debug(f'Connected to MySQL server on {mainip} after {retry} attempts.') mysql_up = True break except _mysql.OperationalError as e: log.debug(e) except Exception as e: + log.error('Unexpected error occured.') log.error(e) break sleep(1) From 7f218e52973a96a5805fffbc652e8187bc61115d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 11:02:34 -0500 Subject: [PATCH 149/487] [feat] Also run query against mysql to ensure queries can complete --- salt/_modules/so.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index a15e7ee66..2356f68da 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -24,12 +24,14 @@ def mysql_conn(retry): for i in range(0, retry): log.debug(f'Connection attempt {i+1}') try: - _mysql.connect( + db = _mysql.connect( host=mainip, user='root', passwd=__salt__['pillar.get']('secrets:mysql') ) - log.debug(f'Connected to MySQL server on {mainip} after {retry} attempts.') + log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.') + db.query("""SELECT 1;""") + log.debug(f'Successfully completed query against MySQL server on {mainip}') mysql_up = True break except _mysql.OperationalError as e: From d3227bbcb189e0a15a065e136f7e48d81a18ebbd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 11:03:43 -0500 Subject: [PATCH 150/487] [refactor] Code cleanup pt. 3 --- salt/_modules/so.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 2356f68da..b9fd3c693 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -30,8 +30,10 @@ def mysql_conn(retry): passwd=__salt__['pillar.get']('secrets:mysql') ) log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.') + db.query("""SELECT 1;""") log.debug(f'Successfully completed query against MySQL server on {mainip}') + mysql_up = True break except _mysql.OperationalError as e: From 676b4f077703e50eb023ac82d7393bfd26ace382 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 10 Nov 2020 11:42:40 -0500 Subject: [PATCH 151/487] [fix] Close connection in mysql_conn module --- salt/_modules/so.py | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index b9fd3c693..e75c90ec8 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -34,6 +34,7 @@ def mysql_conn(retry): db.query("""SELECT 1;""") log.debug(f'Successfully completed query against MySQL server on {mainip}') + db.close() mysql_up = True break except _mysql.OperationalError as e: From c5bf9bf90d4e4012d888e48aef6fcf71d3ee3cfa Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 10 Nov 2020 12:05:08 -0500 Subject: [PATCH 152/487] rework soup and docker refresh --- salt/common/tools/sbin/so-common | 112 +++++++++++++++++++++ salt/common/tools/sbin/so-docker-refresh | 91 +---------------- salt/common/tools/sbin/soup | 122 +++++------------------ 3 files changed, 137 insertions(+), 188 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 43fdb8e01..93b13ec44 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -50,4 +50,116 @@ check_password() { local password=$1 echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 return $? +} + +container_list() { + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + if [ $MANAGERCHECK == 'so-import' ]; then + TRUSTED_CONTAINERS=( \ + "so-idstools" \ + "so-nginx" \ + "so-filebeat" \ + "so-suricata" \ + "so-soc" \ + "so-elasticsearch" \ + "so-kibana" \ + "so-kratos" \ + "so-suricata" \ + "so-registry" \ + "so-pcaptools" \ + "so-zeek" ) + elif [ $MANAGERCHECK != 'so-helix' ]; then + TRUSTED_CONTAINERS=( \ + "so-acng" \ + "so-thehive-cortex" \ + "so-curator" \ + "so-domainstats" \ + "so-elastalert" \ + "so-elasticsearch" \ + "so-filebeat" \ + "so-fleet" \ + "so-fleet-launcher" \ + "so-freqserver" \ + "so-grafana" \ + "so-idstools" \ + "so-influxdb" \ + "so-kibana" \ + "so-kratos" \ + "so-logstash" \ + "so-minio" \ + "so-mysql" \ + "so-nginx" \ + "so-pcaptools" \ + "so-playbook" \ + "so-redis" \ + "so-soc" \ + "so-soctopus" \ + "so-steno" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ + "so-suricata" \ + "so-telegraf" \ + "so-thehive" \ + "so-thehive-es" \ + "so-wazuh" \ + "so-zeek" ) + else + TRUSTED_CONTAINERS=( \ + "so-filebeat" \ + "so-idstools" \ + "so-logstash" \ + "so-nginx" \ + "so-redis" \ + "so-steno" \ + "so-suricata" \ + "so-telegraf" \ + "so-zeek" ) + fi +} + +update_docker_containers() { + # Let's make sure we have the public key + curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - + + CONTAINER_REGISTRY=quay.io + SIGNPATH=/root/sosigs + rm -rf $SIGNPATH + mkdir -p $SIGNPATH + if [ -z "$BRANCH" ]; then + BRANCH="master" + fi + # Download the containers from the interwebs + for i in "${TRUSTED_CONTAINERS[@]}" + do + # Pull down the trusted docker image + echo "Downloading $i" + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i + + # Get signature + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg + if [[ $? -ne 0 ]]; then + echo "Unable to pull signature file for $i" + exit 1 + fi + # Dump our hash values + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + if [[ $? -ne 0 ]]; then + echo "Unable to inspect $i" + exit 1 + fi + GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) + if [[ $? -eq 0 ]]; then + # Tag it with the new registry destination + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i + else + echo "There is a problem downloading the $i image. Details: " + echo "" + echo $GPGTEST + exit 1 + fi + done + } \ No newline at end of file diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index f651b115f..37908fffc 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -28,46 +28,6 @@ manager_check() { fi } -update_docker_containers() { - SIGNPATH=/root/sosigs - rm -rf $SIGNPATH - mkdir -p $SIGNPATH - if [ -z "$BRANCH" ]; then - BRANCH="master" - fi - # Download the containers from the interwebs - for i in "${TRUSTED_CONTAINERS[@]}" - do - # Pull down the trusted docker image - echo "Downloading $i" - docker pull quay.io/$IMAGEREPO/$i - - # Get signature - curl https://github.com/Security-Onion-Solutions/securityonion/blob/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg - if [[ $? -ne 0 ]] - echo "Unable to pull signature file for $i" - exit 1 - fi - # Dump our hash values - docker inspect quay.io/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt - if [[ $? -ne 0 ]] - echo "Unable to inspect $i" - exit 1 - fi - GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) - if [[ $? -eq 0 ]] - # Tag it with the new registry destination - docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i - else - echo "There is a problem downloading the $i image. Details: " - echo "" - echo $GPGTEST - exit 1 - done - -} - version_check() { if [ -f /etc/soversion ]; then VERSION=$(cat /etc/soversion) @@ -83,54 +43,5 @@ version_check # Use the hostname HOSTNAME=$(hostname) # List all the containers -if [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ - "so-acng:$VERSION" \ - "so-thehive-cortex:$VERSION" \ - "so-curator:$VERSION" \ - "so-domainstats:$VERSION" \ - "so-elastalert:$VERSION" \ - "so-elasticsearch:$VERSION" \ - "so-filebeat:$VERSION" \ - "so-fleet:$VERSION" \ - "so-fleet-launcher:$VERSION" \ - "so-freqserver:$VERSION" \ - "so-grafana:$VERSION" \ - "so-idstools:$VERSION" \ - "so-influxdb:$VERSION" \ - "so-kibana:$VERSION" \ - "so-kratos:$VERSION" \ - "so-logstash:$VERSION" \ - "so-minio:$VERSION" \ - "so-mysql:$VERSION" \ - "so-nginx:$VERSION" \ - "so-pcaptools:$VERSION" \ - "so-playbook:$VERSION" \ - "so-redis:$VERSION" \ - "so-soc:$VERSION" \ - "so-soctopus:$VERSION" \ - "so-steno:$VERSION" \ - "so-strelka-frontend:$VERSION" \ - "so-strelka-manager:$VERSION" \ - "so-strelka-backend:$VERSION" \ - "so-strelka-filestream:$VERSION" \ - "so-suricata:$VERSION" \ - "so-telegraf:$VERSION" \ - "so-thehive:$VERSION" \ - "so-thehive-es:$VERSION" \ - "so-wazuh:$VERSION" \ - "so-zeek:$VERSION" ) - else - TRUSTED_CONTAINERS=( \ - "so-filebeat:$VERSION" \ - "so-idstools:$VERSION" \ - "so-logstash:$VERSION" \ - "so-nginx:$VERSION" \ - "so-redis:$VERSION" \ - "so-steno:$VERSION" \ - "so-suricata:$VERSION" \ - "so-telegraf:$VERSION" \ - "so-zeek:$VERSION" ) - fi - +container_list update_docker_containers diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c75f89255..ab90653d1 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -79,6 +79,24 @@ airgap_mounted() { fi } +airgap_update_dockers() { + if [ $is_airgap -eq 0 ]; then + # Let's copy the tarball + if [ ! -f $AGDOCKER/registry.tar ]; then + echo "Unable to locate registry. Exiting" + exit 1 + else + echo "Stopping the registry docker" + docker stop so-dockerregistry + docker rm so-dockerregistry + echo "Copying the new dockers over" + tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker + echo "Add Registry back" + docker load -i $AGDOCKER/registry_image.tar + fi + +} + check_airgap() { # See if this is an airgap install AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap | awk '{print $2}') @@ -290,103 +308,6 @@ update_centos_repo() { createrepo /nsm/repo } -update_dockers() { - if [ $is_airgap -eq 0 ]; then - # Let's copy the tarball - if [ ! -f $AGDOCKER/registry.tar ]; then - echo "Unable to locate registry. Exiting" - exit 0 - else - echo "Stopping the registry docker" - docker stop so-dockerregistry - docker rm so-dockerregistry - echo "Copying the new dockers over" - tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker - fi - else - # List all the containers - if [ $MANAGERCHECK == 'so-import' ]; then - TRUSTED_CONTAINERS=( \ - "so-idstools" \ - "so-nginx" \ - "so-filebeat" \ - "so-suricata" \ - "so-soc" \ - "so-elasticsearch" \ - "so-kibana" \ - "so-kratos" \ - "so-suricata" \ - "so-registry" \ - "so-pcaptools" \ - "so-zeek" ) - elif [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ - "so-acng" \ - "so-thehive-cortex" \ - "so-curator" \ - "so-domainstats" \ - "so-elastalert" \ - "so-elasticsearch" \ - "so-filebeat" \ - "so-fleet" \ - "so-fleet-launcher" \ - "so-freqserver" \ - "so-grafana" \ - "so-idstools" \ - "so-influxdb" \ - "so-kibana" \ - "so-kratos" \ - "so-logstash" \ - "so-minio" \ - "so-mysql" \ - "so-nginx" \ - "so-pcaptools" \ - "so-playbook" \ - "so-redis" \ - "so-soc" \ - "so-soctopus" \ - "so-steno" \ - "so-strelka-frontend" \ - "so-strelka-manager" \ - "so-strelka-backend" \ - "so-strelka-filestream" \ - "so-suricata" \ - "so-telegraf" \ - "so-thehive" \ - "so-thehive-es" \ - "so-wazuh" \ - "so-zeek" ) - else - TRUSTED_CONTAINERS=( \ - "so-filebeat" \ - "so-idstools" \ - "so-logstash" \ - "so-nginx" \ - "so-redis" \ - "so-steno" \ - "so-suricata" \ - "so-telegraf" \ - "so-zeek" ) - fi - -# Download the containers from the interwebs - for i in "${TRUSTED_CONTAINERS[@]}" - do - # Pull down the trusted docker image - echo "Downloading $i:$NEWVERSION" - docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i:$NEWVERSION - # Tag it with the new registry destination - docker tag $IMAGEREPO/$i:$NEWVERSION $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION - done - fi - echo "Add Registry back if airgap" - if [ $is_airgap -eq 0 ]; then - docker load -i $AGDOCKER/registry_image.tar - fi - -} - update_version() { # Update the version to the latest echo "Updating the Security Onion version file." @@ -513,7 +434,12 @@ echo "" echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION." echo "" echo "Updating dockers to $NEWVERSION." -update_dockers +if [ $is_airgap -eq 0 ]; then + airgap_update_dockers +else + container_list + update_docker_containers +fi echo "" echo "Stopping Salt Minion service." systemctl stop salt-minion From 9a59ceee4e32a477e9096222415dcecc342c642d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 10 Nov 2020 12:16:54 -0500 Subject: [PATCH 153/487] move to so-image-common --- salt/common/tools/sbin/so-common | 112 -------------------- salt/common/tools/sbin/so-docker-refresh | 1 + salt/common/tools/sbin/so-image-common | 128 +++++++++++++++++++++++ salt/common/tools/sbin/soup | 1 + 4 files changed, 130 insertions(+), 112 deletions(-) create mode 100755 salt/common/tools/sbin/so-image-common diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 93b13ec44..cbc0bd4e5 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -51,115 +51,3 @@ check_password() { echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 return $? } - -container_list() { - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [ $MANAGERCHECK == 'so-import' ]; then - TRUSTED_CONTAINERS=( \ - "so-idstools" \ - "so-nginx" \ - "so-filebeat" \ - "so-suricata" \ - "so-soc" \ - "so-elasticsearch" \ - "so-kibana" \ - "so-kratos" \ - "so-suricata" \ - "so-registry" \ - "so-pcaptools" \ - "so-zeek" ) - elif [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ - "so-acng" \ - "so-thehive-cortex" \ - "so-curator" \ - "so-domainstats" \ - "so-elastalert" \ - "so-elasticsearch" \ - "so-filebeat" \ - "so-fleet" \ - "so-fleet-launcher" \ - "so-freqserver" \ - "so-grafana" \ - "so-idstools" \ - "so-influxdb" \ - "so-kibana" \ - "so-kratos" \ - "so-logstash" \ - "so-minio" \ - "so-mysql" \ - "so-nginx" \ - "so-pcaptools" \ - "so-playbook" \ - "so-redis" \ - "so-soc" \ - "so-soctopus" \ - "so-steno" \ - "so-strelka-frontend" \ - "so-strelka-manager" \ - "so-strelka-backend" \ - "so-strelka-filestream" \ - "so-suricata" \ - "so-telegraf" \ - "so-thehive" \ - "so-thehive-es" \ - "so-wazuh" \ - "so-zeek" ) - else - TRUSTED_CONTAINERS=( \ - "so-filebeat" \ - "so-idstools" \ - "so-logstash" \ - "so-nginx" \ - "so-redis" \ - "so-steno" \ - "so-suricata" \ - "so-telegraf" \ - "so-zeek" ) - fi -} - -update_docker_containers() { - # Let's make sure we have the public key - curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - - - CONTAINER_REGISTRY=quay.io - SIGNPATH=/root/sosigs - rm -rf $SIGNPATH - mkdir -p $SIGNPATH - if [ -z "$BRANCH" ]; then - BRANCH="master" - fi - # Download the containers from the interwebs - for i in "${TRUSTED_CONTAINERS[@]}" - do - # Pull down the trusted docker image - echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i - - # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg - if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i" - exit 1 - fi - # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt - if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i" - exit 1 - fi - GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) - if [[ $? -eq 0 ]]; then - # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i - else - echo "There is a problem downloading the $i image. Details: " - echo "" - echo $GPGTEST - exit 1 - fi - done - -} \ No newline at end of file diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 37908fffc..b39513990 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -16,6 +16,7 @@ # along with this program. If not, see . . /usr/sbin/so-common +. /usr/sbin/so-image-common manager_check() { # Check to see if this is a manager diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common new file mode 100755 index 000000000..a739ec889 --- /dev/null +++ b/salt/common/tools/sbin/so-image-common @@ -0,0 +1,128 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +container_list() { + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + if [ $MANAGERCHECK == 'so-import' ]; then + TRUSTED_CONTAINERS=( \ + "so-idstools" \ + "so-nginx" \ + "so-filebeat" \ + "so-suricata" \ + "so-soc" \ + "so-elasticsearch" \ + "so-kibana" \ + "so-kratos" \ + "so-suricata" \ + "so-registry" \ + "so-pcaptools" \ + "so-zeek" ) + elif [ $MANAGERCHECK != 'so-helix' ]; then + TRUSTED_CONTAINERS=( \ + "so-acng" \ + "so-thehive-cortex" \ + "so-curator" \ + "so-domainstats" \ + "so-elastalert" \ + "so-elasticsearch" \ + "so-filebeat" \ + "so-fleet" \ + "so-fleet-launcher" \ + "so-freqserver" \ + "so-grafana" \ + "so-idstools" \ + "so-influxdb" \ + "so-kibana" \ + "so-kratos" \ + "so-logstash" \ + "so-minio" \ + "so-mysql" \ + "so-nginx" \ + "so-pcaptools" \ + "so-playbook" \ + "so-redis" \ + "so-soc" \ + "so-soctopus" \ + "so-steno" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ + "so-suricata" \ + "so-telegraf" \ + "so-thehive" \ + "so-thehive-es" \ + "so-wazuh" \ + "so-zeek" ) + else + TRUSTED_CONTAINERS=( \ + "so-filebeat" \ + "so-idstools" \ + "so-logstash" \ + "so-nginx" \ + "so-redis" \ + "so-steno" \ + "so-suricata" \ + "so-telegraf" \ + "so-zeek" ) + fi +} + +update_docker_containers() { + # Let's make sure we have the public key + curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - + + CONTAINER_REGISTRY=quay.io + SIGNPATH=/root/sosigs + rm -rf $SIGNPATH + mkdir -p $SIGNPATH + if [ -z "$BRANCH" ]; then + BRANCH="master" + fi + # Download the containers from the interwebs + for i in "${TRUSTED_CONTAINERS[@]}" + do + # Pull down the trusted docker image + echo "Downloading $i" + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i + + # Get signature + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg + if [[ $? -ne 0 ]]; then + echo "Unable to pull signature file for $i" + exit 1 + fi + # Dump our hash values + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + if [[ $? -ne 0 ]]; then + echo "Unable to inspect $i" + exit 1 + fi + GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) + if [[ $? -eq 0 ]]; then + # Tag it with the new registry destination + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i + else + echo "There is a problem downloading the $i image. Details: " + echo "" + echo $GPGTEST + exit 1 + fi + done + +} \ No newline at end of file diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index ab90653d1..538ac1c56 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -16,6 +16,7 @@ # along with this program. If not, see . . /usr/sbin/so-common +. /usr/sbin/so-image-common UPDATE_DIR=/tmp/sogh/securityonion INSTALLEDVERSION=$(cat /etc/soversion) INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'}) From 1fca5e65df4a5844bc14e881ca15acaa75641703 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Nov 2020 15:31:47 -0500 Subject: [PATCH 154/487] redo how containers get added to so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/common/init.sls | 17 +++++++++ salt/common/maps/domainstats.map.jinja | 5 --- salt/common/maps/eval.map.jinja | 20 ---------- salt/common/maps/fleet.map.jinja | 10 ----- salt/common/maps/fleet_manager.map.jinja | 7 ---- salt/common/maps/freq.map.jinja | 5 --- salt/common/maps/grafana.map.jinja | 6 --- salt/common/maps/heavynode.map.jinja | 15 -------- salt/common/maps/helixsensor.map.jinja | 12 ------ salt/common/maps/hotnode.map.jinja | 9 ----- salt/common/maps/import.map.jinja | 10 ----- salt/common/maps/manager.map.jinja | 21 ----------- salt/common/maps/managersearch.map.jinja | 21 ----------- salt/common/maps/mdengine.map.jinja | 5 --- salt/common/maps/playbook.map.jinja | 5 --- salt/common/maps/searchnode.map.jinja | 10 ----- salt/common/maps/sensor.map.jinja | 9 ----- salt/common/maps/so-status.map.jinja | 48 ------------------------ salt/common/maps/standalone.map.jinja | 25 ------------ salt/common/maps/strelka.map.jinja | 9 ----- salt/common/maps/thehive.map.jinja | 7 ---- salt/common/maps/warmnode.map.jinja | 7 ---- salt/common/maps/wazuh.map.jinja | 5 --- salt/common/tools/sbin/so-status | 13 +++---- salt/curator/init.sls | 6 +++ salt/domainstats/init.sls | 5 +++ salt/elastalert/init.sls | 6 +++ salt/elasticsearch/init.sls | 6 ++- salt/filebeat/init.sls | 5 +++ salt/fleet/init.sls | 5 +++ salt/freqserver/init.sls | 5 +++ salt/grafana/init.sls | 5 +++ salt/idstools/init.sls | 5 +++ salt/influxdb/init.sls | 5 +++ salt/kibana/init.sls | 5 +++ salt/logstash/init.sls | 5 +++ salt/manager/init.sls | 5 +++ salt/minio/init.sls | 5 +++ salt/mysql/init.sls | 6 +++ salt/nginx/init.sls | 5 +++ salt/nodered/init.sls | 5 +++ salt/pcap/init.sls | 23 ++++++++++++ salt/playbook/init.sls | 5 +++ salt/redis/init.sls | 5 +++ salt/registry/init.sls | 5 +++ salt/soc/init.sls | 10 +++++ salt/soctopus/init.sls | 5 +++ salt/strelka/init.sls | 30 +++++++++++++++ salt/suricata/init.sls | 5 +++ salt/telegraf/init.sls | 5 +++ salt/thehive/init.sls | 15 ++++++++ salt/wazuh/init.sls | 5 +++ salt/zeek/init.sls | 5 +++ 53 files changed, 228 insertions(+), 280 deletions(-) delete mode 100644 salt/common/maps/domainstats.map.jinja delete mode 100644 salt/common/maps/eval.map.jinja delete mode 100644 salt/common/maps/fleet.map.jinja delete mode 100644 salt/common/maps/fleet_manager.map.jinja delete mode 100644 salt/common/maps/freq.map.jinja delete mode 100644 salt/common/maps/grafana.map.jinja delete mode 100644 salt/common/maps/heavynode.map.jinja delete mode 100644 salt/common/maps/helixsensor.map.jinja delete mode 100644 salt/common/maps/hotnode.map.jinja delete mode 100644 salt/common/maps/import.map.jinja delete mode 100644 salt/common/maps/manager.map.jinja delete mode 100644 salt/common/maps/managersearch.map.jinja delete mode 100644 salt/common/maps/mdengine.map.jinja delete mode 100644 salt/common/maps/playbook.map.jinja delete mode 100644 salt/common/maps/searchnode.map.jinja delete mode 100644 salt/common/maps/sensor.map.jinja delete mode 100644 salt/common/maps/so-status.map.jinja delete mode 100644 salt/common/maps/standalone.map.jinja delete mode 100644 salt/common/maps/strelka.map.jinja delete mode 100644 salt/common/maps/thehive.map.jinja delete mode 100644 salt/common/maps/warmnode.map.jinja delete mode 100644 salt/common/maps/wazuh.map.jinja diff --git a/salt/common/init.sls b/salt/common/init.sls index 90a713c11..1f8782575 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -32,6 +32,23 @@ soconfperms: - gid: 939 - dir_mode: 770 +sostatusconf: + file.directory: + - name: /opt/so/conf/so-status + - uid: 939 + - gid: 939 + - dir_mode: 770 + +so-status.running.conf: + file.touch: + - name: /opt/so/conf/so-status/so-status.conf + - unless: ls /opt/so/conf/so-status/so-status.conf + +so-status.stopped.conf: + file.touch: + - name: /opt/so/conf/so-status/so-status.disabled.conf + - unless: ls /opt/so/conf/so-status/so-status.disabled.conf + sosaltstackperms: file.directory: - name: /opt/so/saltstack diff --git a/salt/common/maps/domainstats.map.jinja b/salt/common/maps/domainstats.map.jinja deleted file mode 100644 index 221dcde03..000000000 --- a/salt/common/maps/domainstats.map.jinja +++ /dev/null @@ -1,5 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-domainstats' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/eval.map.jinja b/salt/common/maps/eval.map.jinja deleted file mode 100644 index 075344e82..000000000 --- a/salt/common/maps/eval.map.jinja +++ /dev/null @@ -1,20 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-filebeat', - 'so-nginx', - 'so-telegraf', - 'so-dockerregistry', - 'so-soc', - 'so-kratos', - 'so-idstools', - 'so-elasticsearch', - 'so-kibana', - 'so-steno', - 'so-suricata', - 'so-zeek', - 'so-curator', - 'so-elastalert', - 'so-soctopus', - 'so-sensoroni' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/fleet.map.jinja b/salt/common/maps/fleet.map.jinja deleted file mode 100644 index c55223125..000000000 --- a/salt/common/maps/fleet.map.jinja +++ /dev/null @@ -1,10 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-mysql', - 'so-fleet', - 'so-redis', - 'so-filebeat', - 'so-nginx', - 'so-telegraf' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/fleet_manager.map.jinja b/salt/common/maps/fleet_manager.map.jinja deleted file mode 100644 index 91850846c..000000000 --- a/salt/common/maps/fleet_manager.map.jinja +++ /dev/null @@ -1,7 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-mysql', - 'so-fleet', - 'so-redis' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/freq.map.jinja b/salt/common/maps/freq.map.jinja deleted file mode 100644 index d3f692484..000000000 --- a/salt/common/maps/freq.map.jinja +++ /dev/null @@ -1,5 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-freqserver' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/grafana.map.jinja b/salt/common/maps/grafana.map.jinja deleted file mode 100644 index 1118a50fe..000000000 --- a/salt/common/maps/grafana.map.jinja +++ /dev/null @@ -1,6 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-influxdb', - 'so-grafana' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/heavynode.map.jinja b/salt/common/maps/heavynode.map.jinja deleted file mode 100644 index cbd0fc3b0..000000000 --- a/salt/common/maps/heavynode.map.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-redis', - 'so-logstash', - 'so-elasticsearch', - 'so-curator', - 'so-steno', - 'so-suricata', - 'so-wazuh', - 'so-filebeat', - 'so-sensoroni' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/helixsensor.map.jinja b/salt/common/maps/helixsensor.map.jinja deleted file mode 100644 index 84866de3a..000000000 --- a/salt/common/maps/helixsensor.map.jinja +++ /dev/null @@ -1,12 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-idstools', - 'so-steno', - 'so-zeek', - 'so-redis', - 'so-logstash', - 'so-filebeat - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/hotnode.map.jinja b/salt/common/maps/hotnode.map.jinja deleted file mode 100644 index bc9d58360..000000000 --- a/salt/common/maps/hotnode.map.jinja +++ /dev/null @@ -1,9 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-logstash', - 'so-elasticsearch', - 'so-curator', - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/import.map.jinja b/salt/common/maps/import.map.jinja deleted file mode 100644 index 324536d11..000000000 --- a/salt/common/maps/import.map.jinja +++ /dev/null @@ -1,10 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-filebeat', - 'so-nginx', - 'so-soc', - 'so-kratos', - 'so-elasticsearch', - 'so-kibana' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/manager.map.jinja b/salt/common/maps/manager.map.jinja deleted file mode 100644 index 45358d017..000000000 --- a/salt/common/maps/manager.map.jinja +++ /dev/null @@ -1,21 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-dockerregistry', - 'so-nginx', - 'so-telegraf', - 'so-soc', - 'so-kratos', - 'so-idstools', - 'so-redis', - 'so-elasticsearch', - 'so-logstash', - 'so-kibana', - 'so-elastalert', - 'so-filebeat', - 'so-soctopus' - ] -} %} - -{% if salt['pillar.get']('global:managerupdate') == 1 %} - {% do docker.containers.append('so-aptcacherng') %} -{% endif %} \ No newline at end of file diff --git a/salt/common/maps/managersearch.map.jinja b/salt/common/maps/managersearch.map.jinja deleted file mode 100644 index 66c5afd43..000000000 --- a/salt/common/maps/managersearch.map.jinja +++ /dev/null @@ -1,21 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-soc', - 'so-kratos', - 'so-idstools', - 'so-redis', - 'so-logstash', - 'so-elasticsearch', - 'so-curator', - 'so-kibana', - 'so-elastalert', - 'so-filebeat', - 'so-soctopus' - ] -} %} - -{% if salt['pillar.get']('global:managerupdate') == 1 %} - {% do docker.containers.append('so-aptcacherng') %} -{% endif %} \ No newline at end of file diff --git a/salt/common/maps/mdengine.map.jinja b/salt/common/maps/mdengine.map.jinja deleted file mode 100644 index 881e3ec4f..000000000 --- a/salt/common/maps/mdengine.map.jinja +++ /dev/null @@ -1,5 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-zeek' - ] -} %} diff --git a/salt/common/maps/playbook.map.jinja b/salt/common/maps/playbook.map.jinja deleted file mode 100644 index 84baa8dec..000000000 --- a/salt/common/maps/playbook.map.jinja +++ /dev/null @@ -1,5 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-playbook' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/searchnode.map.jinja b/salt/common/maps/searchnode.map.jinja deleted file mode 100644 index b46652742..000000000 --- a/salt/common/maps/searchnode.map.jinja +++ /dev/null @@ -1,10 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-logstash', - 'so-elasticsearch', - 'so-curator', - 'so-filebeat' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja deleted file mode 100644 index 3f5ebe8eb..000000000 --- a/salt/common/maps/sensor.map.jinja +++ /dev/null @@ -1,9 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-telegraf', - 'so-steno', - 'so-suricata', - 'so-filebeat', - 'so-sensoroni' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja deleted file mode 100644 index 12bddfec7..000000000 --- a/salt/common/maps/so-status.map.jinja +++ /dev/null @@ -1,48 +0,0 @@ -{% set role = grains.id.split('_') | last %} -{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %} - -# Check if the service is enabled and append it's required containers -# to the list predefined by the role / minion id affix -{% macro append_containers(pillar_name, k, compare )%} - {% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %} - {% if k == 'enabled' %} - {% set k = pillar_name %} - {% endif %} - {% from 'common/maps/'~k~'.map.jinja' import docker as d with context %} - {% for li in d['containers'] %} - {{ docker['containers'].append(li) }} - {% endfor %} - {% endif %} -{% endmacro %} - -{% set docker = salt['grains.filter_by']({ - '*_'~role: { - 'containers': docker['containers'] - } -},grain='id', merge=salt['pillar.get']('docker')) %} - -{% if role in ['eval', 'managersearch', 'manager', 'standalone'] %} - {{ append_containers('manager', 'grafana', 0) }} - {{ append_containers('global', 'fleet_manager', 0) }} - {{ append_containers('global', 'wazuh', 0) }} - {{ append_containers('manager', 'thehive', 0) }} - {{ append_containers('manager', 'playbook', 0) }} - {{ append_containers('manager', 'freq', 0) }} - {{ append_containers('manager', 'domainstats', 0) }} -{% endif %} - -{% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %} - {{ append_containers('strelka', 'enabled', 0) }} -{% endif %} - -{% if role in ['heavynode', 'standalone'] %} - {{ append_containers('global', 'mdengine', 'SURICATA') }} -{% endif %} - -{% if role == 'searchnode' %} - {{ append_containers('manager', 'wazuh', 0) }} -{% endif %} - -{% if role == 'sensor' %} - {{ append_containers('global', 'mdengine', 'SURICATA') }} -{% endif %} \ No newline at end of file diff --git a/salt/common/maps/standalone.map.jinja b/salt/common/maps/standalone.map.jinja deleted file mode 100644 index ae3177f4b..000000000 --- a/salt/common/maps/standalone.map.jinja +++ /dev/null @@ -1,25 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-soc', - 'so-kratos', - 'so-idstools', - 'so-redis', - 'so-logstash', - 'so-elasticsearch', - 'so-curator', - 'so-kibana', - 'so-elastalert', - 'so-filebeat', - 'so-suricata', - 'so-steno', - 'so-dockerregistry', - 'so-soctopus', - 'so-sensoroni' - ] -} %} - -{% if salt['pillar.get']('global:managerupdate') == 1 %} - {% do docker.containers.append('so-aptcacherng') %} -{% endif %} \ No newline at end of file diff --git a/salt/common/maps/strelka.map.jinja b/salt/common/maps/strelka.map.jinja deleted file mode 100644 index b26a1241b..000000000 --- a/salt/common/maps/strelka.map.jinja +++ /dev/null @@ -1,9 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-strelka-coordinator', - 'so-strelka-gatekeeper', - 'so-strelka-manager', - 'so-strelka-frontend', - 'so-strelka-filestream' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/thehive.map.jinja b/salt/common/maps/thehive.map.jinja deleted file mode 100644 index e4ca7d2a2..000000000 --- a/salt/common/maps/thehive.map.jinja +++ /dev/null @@ -1,7 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-thehive', - 'so-thehive-es', - 'so-cortex' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/warmnode.map.jinja b/salt/common/maps/warmnode.map.jinja deleted file mode 100644 index 08cf2dbb8..000000000 --- a/salt/common/maps/warmnode.map.jinja +++ /dev/null @@ -1,7 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-nginx', - 'so-telegraf', - 'so-elasticsearch' - ] -} %} \ No newline at end of file diff --git a/salt/common/maps/wazuh.map.jinja b/salt/common/maps/wazuh.map.jinja deleted file mode 100644 index 5217a79ee..000000000 --- a/salt/common/maps/wazuh.map.jinja +++ /dev/null @@ -1,5 +0,0 @@ -{% set docker = { - 'containers': [ - 'so-wazuh' - ] -} %} \ No newline at end of file diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 951f55078..9daf30a56 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -14,8 +14,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -{%- from 'common/maps/so-status.map.jinja' import docker with context %} -{%- set container_list = docker['containers'] | sort | unique %} if ! [ "$(id -u)" = 0 ]; then echo "This command must be run as root" @@ -39,9 +37,8 @@ declare -a BAD_STATUSES=("removing" "paused" "exited" "dead") declare -a PENDING_STATUSES=("paused" "created" "restarting") declare -a GOOD_STATUSES=("running") declare -a DISABLED_CONTAINERS=() -{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %} -DISABLED_CONTAINERS+=("so-steno") -{%- endif %} +mapfile -t DISABLED_CONTAINERS < <(sort -u /opt/so/conf/so-status/so-status.disabled.conf) + declare -a temp_container_name_list=() declare -a temp_container_state_list=() @@ -83,9 +80,9 @@ compare_lists() { # {% endraw %} create_expected_container_list() { - {% for item in container_list -%} - expected_container_list+=("{{ item }}") - {% endfor -%} + + mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf) + } populate_container_lists() { diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 31f738349..2f0147794 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -127,6 +127,12 @@ so-curator: - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro - /opt/so/conf/curator/action/:/etc/curator/action:ro - /opt/so/log/curator:/var/log/curator:rw + +append_so-curator_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-curator + # Begin Curator Cron Jobs # Close diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls index daac87387..7716ddf83 100644 --- a/salt/domainstats/init.sls +++ b/salt/domainstats/init.sls @@ -56,6 +56,11 @@ so-domainstats: - binds: - /opt/so/log/domainstats:/var/log/domain_stats +append_so-domainstats_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-domainstats + {% else %} domainstats_state_not_allowed: diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 2e757805c..7caef532f 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -121,6 +121,12 @@ so-elastalert: - {{MANAGER_URL}}:{{MANAGER_IP}} - require: - module: wait_for_elasticsearch + +append_so-elastalert_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-elastalert + {% endif %} {% else %} diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 1406df02c..0b28ee6d1 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -215,13 +215,17 @@ so-elasticsearch: - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro - /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro - /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro - - watch: - file: cacertz - file: esyml - file: esingestconf - file: so-elasticsearch-pipelines-file +append_so-elasticsearch_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-elasticsearch + so-elasticsearch-pipelines-file: file.managed: - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 26aca3542..98229ca35 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -86,6 +86,11 @@ so-filebeat: - watch: - file: /opt/so/conf/filebeat/etc/filebeat.yml +append_so-filebeat_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-filebeat + {% else %} filebeat_state_not_allowed: diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index e85358542..db3414a18 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -134,4 +134,9 @@ so-fleet: - watch: - /opt/so/conf/fleet/etc +append_so-fleet_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-fleet + {% endif %} \ No newline at end of file diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls index 668e33079..5ff454bcc 100644 --- a/salt/freqserver/init.sls +++ b/salt/freqserver/init.sls @@ -56,6 +56,11 @@ so-freq: - binds: - /opt/so/log/freq_server:/var/log/freq_server:rw +append_so-freq_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-freq + {% else %} freqserver_state_not_allowed: diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 39c2cc26c..8fe88f354 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -236,6 +236,11 @@ so-grafana: - watch: - file: /opt/so/conf/grafana/* +append_so-grafana_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-grafana + {% endif %} {% else %} diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls index f3f040895..2aacb973d 100644 --- a/salt/idstools/init.sls +++ b/salt/idstools/init.sls @@ -76,6 +76,11 @@ so-idstools: - watch: - file: idstoolsetcsync +append_so-idstools_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-idstools + {% else %} idstools_state_not_allowed: diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 669c9e9eb..9dc7ee692 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -54,6 +54,11 @@ so-influxdb: - watch: - file: influxdbconf +append_so-influxdb_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-influxdb + {% endif %} {% else %} diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 7f91719d4..02e76495d 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -90,6 +90,11 @@ so-kibana: - port_bindings: - 0.0.0.0:5601:5601 +append_so-kibana_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-kibana + kibanadashtemplate: file.managed: - name: /opt/so/conf/kibana/saved_objects.ndjson.template diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index cec84bbc1..e23e4eef2 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -202,6 +202,11 @@ so-logstash: - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} {% endfor %} +append_so-logstash_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-logstash + {% else %} logstash_state_not_allowed: diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 66e614b62..ddd1673e8 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -81,6 +81,11 @@ so-aptcacherng: - /opt/so/log/aptcacher-ng:/var/log/apt-cacher-ng:rw - /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro +append_so-aptcacher_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-aptcacherng + {% endif %} strelka_yara_update: diff --git a/salt/minio/init.sls b/salt/minio/init.sls index c1a681747..484eac1f9 100644 --- a/salt/minio/init.sls +++ b/salt/minio/init.sls @@ -62,6 +62,11 @@ so-minio: - /etc/pki/minio.crt:/.minio/certs/public.crt:ro - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data" +append_so-minio_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-minio + {% else %} minio_state_not_allowed: diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index 818b5c303..756547843 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -97,6 +97,12 @@ so-mysql: - timeout: 900 - onchanges: - docker_container: so-mysql + +append_so-mysql_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-mysql + {% endif %} {% else %} diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index 9a63ead6c..8d6dd46f7 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -98,6 +98,11 @@ so-nginx: - file: nginxconf - file: nginxconfdir +append_so-nginx_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-nginx + {% else %} nginx_state_not_allowed: diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls index 8b583bf91..a594c23d9 100644 --- a/salt/nodered/init.sls +++ b/salt/nodered/init.sls @@ -74,6 +74,11 @@ so-nodered: - port_bindings: - 0.0.0.0:1880:1880 +append_so-nodered_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-nodered + so-nodered-flows: cmd.run: - name: /usr/sbin/so-nodered-load-flows diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index ade70d718..0db9e7f61 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -152,6 +152,24 @@ so-steno: - watch: - file: /opt/so/conf/steno/config +append_so-steno_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-steno + + {% if STENOOPTIONS.status == 'running' %} +delete_so-steno_so-status.disabled: + file.line: + - name: /opt/so/conf/so-status/so-status.disabled.conf + - match: so-steno + - mode: delete + {% elif STENOOPTIONS.status == 'stopped' %} +append_so-steno_so-status.disabled: + file.append: + - name: /opt/so/conf/so-status/so-status.disabled.conf + - text: so-steno + {% endif %} + so-sensoroni: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} @@ -166,6 +184,11 @@ so-sensoroni: - watch: - file: /opt/so/conf/sensoroni/sensoroni.json +append_so-sensoroni_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-sensoroni + {% else %} pcap_state_not_allowed: diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index eb009b23e..46cd33f17 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -93,6 +93,11 @@ so-playbook: - port_bindings: - 0.0.0.0:3200:3000 +append_so-playbook_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-playbook + {% endif %} so-playbooksynccron: diff --git a/salt/redis/init.sls b/salt/redis/init.sls index 1b7611eab..57f189865 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -70,6 +70,11 @@ so-redis: - watch: - file: /opt/so/conf/redis/etc +append_so-redis_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-redis + {% else %} redis_state_not_allowed: diff --git a/salt/registry/init.sls b/salt/registry/init.sls index c98577ca2..c456aa0c4 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -57,6 +57,11 @@ so-dockerregistry: - /etc/pki/registry.crt:/etc/pki/registry.crt:ro - /etc/pki/registry.key:/etc/pki/registry.key:ro +append_so-dockerregistry_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-dockerregistry + {% else %} registry_state_not_allowed: diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 012dae330..cc8aee048 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -67,6 +67,11 @@ so-soc: - watch: - file: /opt/so/conf/soc/* +append_so-soc_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-soc + # Add Kratos Group kratosgroup: group.present: @@ -119,6 +124,11 @@ so-kratos: - watch: - file: /opt/so/conf/kratos +append_so-kratos_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-kratos + {% else %} soc_state_not_allowed: diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 2c9e721ac..2137a4511 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -73,6 +73,11 @@ so-soctopus: - extra_hosts: - {{MANAGER_URL}}:{{MANAGER_IP}} +append_so-soctopus_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-soctopus + {% else %} soctopus_state_not_allowed: diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index dabd58fe5..8748cbe50 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -87,6 +87,11 @@ strelka_coordinator: - port_bindings: - 0.0.0.0:6380:6379 +append_so-strelka-coordinator_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-coordinator + strelka_gatekeeper: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} @@ -95,6 +100,11 @@ strelka_gatekeeper: - port_bindings: - 0.0.0.0:6381:6379 +append_so-strelka-gatekeeper_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-gatekeeper + strelka_frontend: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-frontend:{{ VERSION }} @@ -107,6 +117,11 @@ strelka_frontend: - port_bindings: - 0.0.0.0:57314:57314 +append_so-strelka-frontend_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-frontend + strelka_backend: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-backend:{{ VERSION }} @@ -117,6 +132,11 @@ strelka_backend: - command: strelka-backend - restart_policy: on-failure +append_so-strelka-backend_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-backend + strelka_manager: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-manager:{{ VERSION }} @@ -125,6 +145,11 @@ strelka_manager: - name: so-strelka-manager - command: strelka-manager +append_so-strelka-manager_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-manager + strelka_filestream: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-filestream:{{ VERSION }} @@ -133,6 +158,11 @@ strelka_filestream: - /nsm/strelka:/nsm/strelka - name: so-strelka-filestream - command: strelka-filestream + +append_so-strelka-filestream_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-strelka-filestream strelka_zeek_extracted_sync: cron.present: diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 6245b9e51..0c50bb5d1 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -163,6 +163,11 @@ so-suricata: - file: /opt/so/conf/suricata/rules/ - file: /opt/so/conf/suricata/bpf +append_so-suricata_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-suricata + surilogrotate: file.managed: - name: /opt/so/conf/suricata/suri-rotate.conf diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index bae80c697..8d400ca1e 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -73,6 +73,11 @@ so-telegraf: - file: tgrafconf - file: tgrafsyncscripts +append_so-telegraf_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-telegraf + {% else %} telegraf_state_not_allowed: diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index 443ac9a8f..e695c237f 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -102,6 +102,11 @@ so-thehive-es: - 0.0.0.0:9400:9400 - 0.0.0.0:9500:9500 +append_so-thehive-es_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-thehive-es + # Install Cortex so-cortex: docker_container.running: @@ -116,6 +121,11 @@ so-cortex: - port_bindings: - 0.0.0.0:9001:9001 +append_so-cortex_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-cortex + cortexscript: cmd.script: - source: salt://thehive/scripts/cortex_init @@ -136,6 +146,11 @@ so-thehive: - port_bindings: - 0.0.0.0:9000:9000 +append_so-thehive_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-thehive + thehivescript: cmd.script: - source: salt://thehive/scripts/hive_init diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 03cd3f89e..e8e40c720 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -110,6 +110,11 @@ so-wazuh: - binds: - /nsm/wazuh:/var/ossec/data:rw +append_so-wazuh_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-wazuh + # Register the agent registertheagent: cmd.run: diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index 712ca53fd..f6edae136 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -196,6 +196,11 @@ so-zeek: - file: /opt/so/conf/zeek/policy - file: /opt/so/conf/zeek/bpf +append_so-zeek_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-zeek + {% else %} zeek_state_not_allowed: From c58039ab473c4230c70a24dac9ff3ceea81c3d7d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Nov 2020 15:34:10 -0500 Subject: [PATCH 155/487] rename state https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/common/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 1f8782575..bc66d8cf2 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -39,12 +39,12 @@ sostatusconf: - gid: 939 - dir_mode: 770 -so-status.running.conf: +so-status.conf: file.touch: - name: /opt/so/conf/so-status/so-status.conf - unless: ls /opt/so/conf/so-status/so-status.conf -so-status.stopped.conf: +so-status.disabled.conf: file.touch: - name: /opt/so/conf/so-status/so-status.disabled.conf - unless: ls /opt/so/conf/so-status/so-status.disabled.conf From 1fc94a8f5968cc0eb803a1c32d708ce4d302c198 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Nov 2020 15:37:03 -0500 Subject: [PATCH 156/487] change to so-acng for so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/manager/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index ddd1673e8..5360c07dc 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -81,10 +81,10 @@ so-aptcacherng: - /opt/so/log/aptcacher-ng:/var/log/apt-cacher-ng:rw - /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro -append_so-aptcacher_so-status.conf: +append_so-acng_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - - text: so-aptcacherng + - text: so-acng {% endif %} From edb00c2058b301ce77fb4cd5d85488279d758b37 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Nov 2020 17:09:38 -0500 Subject: [PATCH 157/487] remove redundant common from top, create so-status conf files on manager before registry state https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/registry/init.sls | 4 ++-- salt/top.sls | 14 -------------- setup/so-setup | 5 +++++ 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/salt/registry/init.sls b/salt/registry/init.sls index c456aa0c4..5782c2033 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -57,10 +57,10 @@ so-dockerregistry: - /etc/pki/registry.crt:/etc/pki/registry.crt:ro - /etc/pki/registry.key:/etc/pki/registry.key:ro -append_so-dockerregistry_so-status.conf: +append_so-registry_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - - text: so-dockerregistry + - text: so-registry {% else %} diff --git a/salt/top.sls b/salt/top.sls index 5976e3eaa..0c7bde183 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -42,7 +42,6 @@ base: - salt.master - ca - ssl - - common - registry - telegraf - firewall @@ -60,7 +59,6 @@ base: - match: compound - ca - ssl - - common - telegraf - firewall - nginx @@ -86,7 +84,6 @@ base: - salt.master - ca - ssl - - common - registry - manager - nginx @@ -145,7 +142,6 @@ base: - salt.master - ca - ssl - - common - registry - nginx - telegraf @@ -194,7 +190,6 @@ base: - salt.master - ca - ssl - - common - registry - manager - nginx @@ -252,7 +247,6 @@ base: '*_node and I@node:node_type:parser and G@saltversion:{{saltversion}}': - match: compound - - common - firewall - logstash {%- if FLEETMANAGER or FLEETNODE %} @@ -263,7 +257,6 @@ base: '*_node and I@node:node_type:hot and G@saltversion:{{saltversion}}': - match: compound - - common - firewall - logstash - curator @@ -275,7 +268,6 @@ base: '*_node and I@node:node_type:warm and G@saltversion:{{saltversion}}': - match: compound - - common - firewall - elasticsearch {%- if FLEETMANAGER or FLEETNODE %} @@ -288,7 +280,6 @@ base: - match: compound - ca - ssl - - common - nginx - telegraf - firewall @@ -307,7 +298,6 @@ base: '*_managersensor and G@saltversion:{{saltversion}}': - match: compound - - common - nginx - telegraf - influxdb @@ -326,7 +316,6 @@ base: - salt.master - ca - ssl - - common - registry - nginx - telegraf @@ -375,7 +364,6 @@ base: - match: compound - ca - ssl - - common - nginx - telegraf - firewall @@ -406,7 +394,6 @@ base: - match: compound - ca - ssl - - common - nginx - telegraf - firewall @@ -422,7 +409,6 @@ base: - salt.master - ca - ssl - - common - registry - manager - nginx diff --git a/setup/so-setup b/setup/so-setup index 70502251e..a39411a8f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -590,6 +590,11 @@ fi set_progress_str 25 'Configuring firewall' set_initial_firewall_policy >> $setup_log 2>&1 + # create these so the registry state can add so-registry to /opt/so/conf/so-status/so-status.conf + mkdir -p /opt/so/conf/so-status/ + touch /opt/so/conf/so-status/so-status.conf + touch /opt/so/conf/so-status/so-status.disabled.conf + if [[ "$setup_type" == 'iso' ]]; then set_progress_str 26 'Copying containers from iso' else From 15f243f0ce1b363f5b53fb0513424d5ad2e33c57 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 10 Nov 2020 17:51:00 -0500 Subject: [PATCH 158/487] change names of acng and docker registry containers https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/manager/init.sls | 4 ++-- salt/registry/init.sls | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 5360c07dc..b506d06bf 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -81,10 +81,10 @@ so-aptcacherng: - /opt/so/log/aptcacher-ng:/var/log/apt-cacher-ng:rw - /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro -append_so-acng_so-status.conf: +append_so-aptcacherng_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - - text: so-acng + - text: so-aptcacherng {% endif %} diff --git a/salt/registry/init.sls b/salt/registry/init.sls index 5782c2033..c456aa0c4 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -57,10 +57,10 @@ so-dockerregistry: - /etc/pki/registry.crt:/etc/pki/registry.crt:ro - /etc/pki/registry.key:/etc/pki/registry.key:ro -append_so-registry_so-status.conf: +append_so-dockerregistry_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - - text: so-registry + - text: so-dockerregistry {% else %} From 1c326f561befe42633b6fc23604fb44171c52146 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 11 Nov 2020 13:26:59 +0000 Subject: [PATCH 159/487] Allow for disabling Elastic stack via pillar --- salt/top.sls | 106 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 102 insertions(+), 4 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index 0c7bde183..f1a2af0e8 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -5,6 +5,15 @@ {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %} {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %} {% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %} +{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %} +{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %} +{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %} +{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} +{% set CURATOR = salt['pillar.get']('curator:enabled', True) %} +{% set REDIS = salt['pillar.get']('redis:enabled', True) %} {% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} @@ -51,8 +60,12 @@ base: - suricata - zeek - redis + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} - schedule '*_sensor and G@saltversion:{{saltversion}}': @@ -95,14 +108,18 @@ base: - idstools - suricata.manager - healthcheck - {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} + {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if KIBANA %} - kibana + {%- endif %} - pcap - suricata {%- if ZEEKVER != 'SURICATA' %} @@ -111,9 +128,15 @@ base: {%- if STRELKA %} - strelka {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} + {%- if ELASTALERT %} - elastalert + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet - redis @@ -152,18 +175,30 @@ base: - manager - idstools - suricata.manager - {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} + {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if REDIS %} - redis + {%- endif %} + {%- if KIBANA %} - kibana + {%- endif %} + {%- if ELASTALERT %} - elastalert + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} @@ -201,16 +236,24 @@ base: - idstools - suricata.manager - healthcheck - {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} + {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if REDIS %} - redis + {%- endif %} + {%- if KIBANA %} - kibana + {%- endif %} - pcap - suricata {%- if ZEEKVER != 'SURICATA' %} @@ -219,9 +262,15 @@ base: {%- if STRELKA %} - strelka {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} + {%- if ELASTALERT %} - elastalert + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet - fleet.install_package @@ -248,7 +297,9 @@ base: '*_node and I@node:node_type:parser and G@saltversion:{{saltversion}}': - match: compound - firewall + {%- if LOGSTASH %} - logstash + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package {%- endif %} @@ -258,8 +309,12 @@ base: '*_node and I@node:node_type:hot and G@saltversion:{{saltversion}}': - match: compound - firewall + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package {%- endif %} @@ -269,7 +324,9 @@ base: '*_node and I@node:node_type:warm and G@saltversion:{{saltversion}}': - match: compound - firewall + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package {%- endif %} @@ -286,10 +343,18 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package {%- endif %} @@ -326,19 +391,34 @@ base: - manager - idstools - suricata.manager - {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} + {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if REDIS %} - redis + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} + {%- if KIBANA %} - kibana + {%- endif %} + {%- if ELASTALERT %} - elastalert + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} + - utility - schedule {%- if FLEETMANAGER or FLEETNODE %} @@ -370,11 +450,21 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if LOGSTASH %} - logstash + {%- endif %} + {%- if REDIS %} - redis + {%- endif %} + {%- if CURATOR %} - curator + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} {%- if STRELKA %} - strelka {%- endif %} @@ -386,7 +476,9 @@ base: {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} - schedule - docker_clean @@ -417,9 +509,15 @@ base: - idstools - suricata.manager - pcap + {%- if ELASTICSEARCH %} - elasticsearch + {%- endif %} + {%- if KIBANA %} - kibana + {%- endif %} + {%- if FILEBEAT %} - filebeat + {%- endif %} - utility - suricata - zeek From 625307ac5f6a4b9cc2e6344fb7755e300a6dcb61 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 11 Nov 2020 08:52:39 -0500 Subject: [PATCH 160/487] Fix duplicate vars --- salt/top.sls | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index f1a2af0e8..9a043ecc1 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -5,8 +5,7 @@ {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %} {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %} {% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} -{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} -{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} +{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %} {% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %} {% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %} @@ -14,7 +13,6 @@ {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} {% set CURATOR = salt['pillar.get']('curator:enabled', True) %} {% set REDIS = salt['pillar.get']('redis:enabled', True) %} -{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% import_yaml 'salt/minion.defaults.yaml' as saltversion %} From da9a915421762090b51d55d8451133479a184a35 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 11 Nov 2020 09:15:50 -0500 Subject: [PATCH 161/487] add top change for fleet getting mysql state back was reverted in https://github.com/Security-Onion-Solutions/securityonion/pull/1880/files --- salt/top.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index 9a043ecc1..d707af003 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -106,7 +106,7 @@ base: - idstools - suricata.manager - healthcheck - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -173,7 +173,7 @@ base: - manager - idstools - suricata.manager - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -234,7 +234,7 @@ base: - idstools - suricata.manager - healthcheck - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} @@ -389,7 +389,7 @@ base: - manager - idstools - suricata.manager - {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %} + {%- if (FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0 %} - mysql {%- endif %} {%- if WAZUH != 0 %} From ea1f53b40ccc12a4af03bf2d045a73e6bace0049 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 11 Nov 2020 10:29:58 -0500 Subject: [PATCH 162/487] Add check for field --- salt/elasticsearch/files/ingest/syslog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog index b4e09e9df..6d28aa705 100644 --- a/salt/elasticsearch/files/ingest/syslog +++ b/salt/elasticsearch/files/ingest/syslog @@ -13,7 +13,7 @@ } }, { "grok": { "field": "message", "patterns": ["<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}"], "ignore_failure": false } }, - { "set": { "if": "ctx.source.application == 'filterlog'", "field": "dataset", "value": "firewall" } }, + { "set": { "if": "ctx.source?.application == 'filterlog'", "field": "dataset", "value": "firewall" } }, { "pipeline": { "if": "ctx.dataset == 'firewall'", "name": "filterlog" } }, { "pipeline": { "name": "common" } } ] From f9b52677d7d17fde79da05f0a3a4fd92fe2df606 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:15:45 -0500 Subject: [PATCH 163/487] Update suriloss.sh --- salt/telegraf/scripts/suriloss.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index 48745c161..6a1f8a6c5 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=suriloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4) CHECKIT=$(echo $SURILOG | grep -o 'drop' | wc -l) From ea1227de9dde68378d0cf78c706520b3f2d0435f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:16:15 -0500 Subject: [PATCH 164/487] Update checkfiles.sh --- salt/telegraf/scripts/checkfiles.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh index a22735696..0ae56c177 100644 --- a/salt/telegraf/scripts/checkfiles.sh +++ b/salt/telegraf/scripts/checkfiles.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=checkfiles +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + FILES=$(ls -1x /host/nsm/faf/complete/ | wc -l) echo "faffiles files=$FILES" From 711f5ab38f87d634e22400426bca28365c1c3b71 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:16:47 -0500 Subject: [PATCH 165/487] Update helixeps.sh --- salt/telegraf/scripts/helixeps.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh index eee4f65c3..9cb4b77b7 100644 --- a/salt/telegraf/scripts/helixeps.sh +++ b/salt/telegraf/scripts/helixeps.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=helixeps +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + PREVCOUNTFILE='/tmp/helixevents.txt' EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')" From a4d3e109e6c9a50df0f54edb30ddd94c47e13a97 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:17:18 -0500 Subject: [PATCH 166/487] Update influxdbsize.sh --- salt/telegraf/scripts/influxdbsize.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh index 7060942ae..140c19b23 100644 --- a/salt/telegraf/scripts/influxdbsize.sh +++ b/salt/telegraf/scripts/influxdbsize.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=influxsize +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + INFLUXSIZE=$(du -s -k /host/nsm/influxdb | awk {'print $1'}) echo "influxsize kbytes=$INFLUXSIZE" From cb46c13054b17a6ddb46e7728a1a76099d46b077 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:22:28 -0500 Subject: [PATCH 167/487] Update oldpcap.sh --- salt/telegraf/scripts/oldpcap.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh index 970c47589..4aee393ac 100644 --- a/salt/telegraf/scripts/oldpcap.sh +++ b/salt/telegraf/scripts/oldpcap.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=oldpcap +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + # Get the data OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'}) DATE=$(date +%s) From d3f65ac1a8e431de74815d931d35d3ffce5b9268 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:22:52 -0500 Subject: [PATCH 168/487] Update redis.sh --- salt/telegraf/scripts/redis.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh index a91e1f2dc..a1fe0a5ca 100644 --- a/salt/telegraf/scripts/redis.sh +++ b/salt/telegraf/scripts/redis.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=redis +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + UNPARSED=$(redis-cli llen logstash:unparsed | awk '{print $1}') PARSED=$(redis-cli llen logstash:parsed | awk '{print $1}') From 9548b3df54302bcf3ee2a46444ccde327335bbb2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:23:20 -0500 Subject: [PATCH 169/487] Update stenoloss.sh --- salt/telegraf/scripts/stenoloss.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index 1b60f0517..83b07e4f6 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=stenoloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + # Get the data DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}') From fc9c31706d23f317f42fb647a12c2dcf5dcad339 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 16:31:42 +0000 Subject: [PATCH 170/487] Auto-publish so-acng image signature --- sigs/images/so-acng.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-acng.sig diff --git a/sigs/images/so-acng.sig b/sigs/images/so-acng.sig new file mode 100644 index 0000000000000000000000000000000000000000..ef0728b1c244bfcbf780a83d44a985a2d4c942ee GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5J5$*sA2@qb#TbW_DIM!sA) zcp6qqW+7ltbDOD2I}PGK=7r88^4Pmw1eqFo(%CT*ii?ALrJ|!nfq(41<$yjv)ahh? zE`S(ebZi=Ofe*HmcaKZfV@JeImupuZR~l3sG)x#Dwi!(RqdO0NI^1e$P16ub5~o}+ z&pu{OUvZsSHxs^AiwbrXKcHK`DOFv_ZuTJNY;GB(A@|BO(c(smbx3D^W>~Bokftc` z!vLt_7!CRoPFPlHKj_jW{dCw!dZHJo*bTcuor7+L5d%C7cPq*bR|s%2b!`=EB+sLc zqxTjY0GBqg0}kc=?jwN5Yi9D1QMW|&A^vijjDZG;f+QUFXDqFoF5EiS>tzjxl{JE< z&eMJ?>rP Date: Wed, 11 Nov 2020 11:38:48 -0500 Subject: [PATCH 171/487] just use so-status.conf for containers to fix salt warning https://github.com/Security-Onion-Solutions/securityonion/issues/1681 --- salt/common/init.sls | 5 ----- salt/common/tools/sbin/so-status | 4 ++-- salt/pcap/init.sls | 16 ++++++++-------- setup/so-setup | 1 - 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index bc66d8cf2..cf791cfa2 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -44,11 +44,6 @@ so-status.conf: - name: /opt/so/conf/so-status/so-status.conf - unless: ls /opt/so/conf/so-status/so-status.conf -so-status.disabled.conf: - file.touch: - - name: /opt/so/conf/so-status/so-status.disabled.conf - - unless: ls /opt/so/conf/so-status/so-status.disabled.conf - sosaltstackperms: file.directory: - name: /opt/so/saltstack diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 9daf30a56..344db61c6 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -37,7 +37,7 @@ declare -a BAD_STATUSES=("removing" "paused" "exited" "dead") declare -a PENDING_STATUSES=("paused" "created" "restarting") declare -a GOOD_STATUSES=("running") declare -a DISABLED_CONTAINERS=() -mapfile -t DISABLED_CONTAINERS < <(sort -u /opt/so/conf/so-status/so-status.disabled.conf) +mapfile -t DISABLED_CONTAINERS < <(sort -u /opt/so/conf/so-status/so-status.conf | grep "^\s*#" | tr -d "#") declare -a temp_container_name_list=() @@ -81,7 +81,7 @@ compare_lists() { create_expected_container_list() { - mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf) + mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf | tr -d "#") } diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 0db9e7f61..5a13c1231 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -156,18 +156,18 @@ append_so-steno_so-status.conf: file.append: - name: /opt/so/conf/so-status/so-status.conf - text: so-steno + - unless: grep so-steno /opt/so/conf/so-status/so-status.conf {% if STENOOPTIONS.status == 'running' %} delete_so-steno_so-status.disabled: - file.line: - - name: /opt/so/conf/so-status/so-status.disabled.conf - - match: so-steno - - mode: delete + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-steno$ {% elif STENOOPTIONS.status == 'stopped' %} -append_so-steno_so-status.disabled: - file.append: - - name: /opt/so/conf/so-status/so-status.disabled.conf - - text: so-steno +so-steno_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-steno$ {% endif %} so-sensoroni: diff --git a/setup/so-setup b/setup/so-setup index a39411a8f..fe69e8148 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -593,7 +593,6 @@ fi # create these so the registry state can add so-registry to /opt/so/conf/so-status/so-status.conf mkdir -p /opt/so/conf/so-status/ touch /opt/so/conf/so-status/so-status.conf - touch /opt/so/conf/so-status/so-status.disabled.conf if [[ "$setup_type" == 'iso' ]]; then set_progress_str 26 'Copying containers from iso' From 6ff192278811c17a3e9d4f49e61703a51cfee69c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:42:58 -0500 Subject: [PATCH 172/487] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index a2e350212..8b0b97c70 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,6 +1,15 @@ #!/bin/bash # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp +APP=zeekloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + if [ -d "/host/nsm/zeek/spool/logger" ]; then WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }} ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log @@ -23,4 +32,4 @@ if [ -f "$ZEEKLOG" ]; then fi fi echo "$CURRENTTS" > $LASTCAPTURELOSSLOG -fi \ No newline at end of file +fi From edb0d71e87858c55091e56fb987be399ca0aafe6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:43:28 -0500 Subject: [PATCH 173/487] Update zeekloss.sh --- salt/telegraf/scripts/zeekloss.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh index 579fdf9f2..8c134916c 100644 --- a/salt/telegraf/scripts/zeekloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -1,5 +1,15 @@ #!/bin/bash # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage + +APP=zeekloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) declare RESULT=($ZEEKLOG) CURRENTDROP=${RESULT[3]} @@ -14,4 +24,4 @@ else TOTAL=$((CURRENTPACKETS - PASTPACKETS)) LOSS=$(echo $DROPPED $TOTAL / p | dc) echo "zeekdrop drop=$LOSS" -fi \ No newline at end of file +fi From 73c17b77ae65abf0ec44710b62d5601258052187 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:43:48 -0500 Subject: [PATCH 174/487] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index 8b0b97c70..095428140 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,7 +1,7 @@ #!/bin/bash # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp -APP=zeekloss +APP=zeekcaploss lf=/tmp/$APP-pidLockFile # create empty lock file if none exists cat /dev/null >> $lf From 2a119d78244924cdd3760eaace06c047a007dd37 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:08:52 +0000 Subject: [PATCH 175/487] Auto-publish so-soc image signature --- sigs/images/so-soc.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-soc.sig diff --git a/sigs/images/so-soc.sig b/sigs/images/so-soc.sig new file mode 100644 index 0000000000000000000000000000000000000000..4b89684bba0f3228a9cd538874caff0de294f29c GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5J8l(UU2@qb#x#4}kzS7qW1ATylYPJ8=n`!7v%VgR>)3vF8FYiqgGy89f~( zD5mT2-Gm`oAu^}bY$23F!(LKtm)&8 zWdXZy)~^@Cbz$s6<{W6aAgejPr0ho50zOFT(`C@cqPFhb;Qxx+94wf#(g$;)snBpC ze*xbHX`*r}a0f}{Au*-m_~SdQ>NPw4!AN^HFQIE2k3JjTJPwp8@g;Ao%*hD_e@_gZ z;TMRo-%JTkTAa*imi$5mjTTOjQ=yumxi#<=Ii_Uf$nMj#Y&g)cD0|_T)B3W6rkeGP zmCv?RF$x Date: Wed, 11 Nov 2020 17:12:03 +0000 Subject: [PATCH 176/487] Auto-publish so-fleet image signature --- sigs/images/so-fleet.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-fleet.sig diff --git a/sigs/images/so-fleet.sig b/sigs/images/so-fleet.sig new file mode 100644 index 0000000000000000000000000000000000000000..3277719ae6f015558037707a7a4e82328a418e58 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5J8)EBBhnWFim>7u5;K zakBxZpQ>er-KyK`oB74na?2X{tvS$uNKP|;UAd6+V8zn=Aqv8v?QQ^OT4I@jn~ro$ zW!V?fg$Evc)G4v7Xcpxd76DcmS;zM=fG=`yOxhUJ(tNemL37(-sO^N5^C9#3E72&_ zxip=MJKZW6EIyrnD#eT?+hi*|-U}zVJ2i41{k^-R!92jq1lR%qtHJ>@gOvlT+Q>Hctbx>;d+!mR z^%*f~$dbq)#9G);X?2CYmtG>C7HPJZ%x-@Rrz{sx5BTwaN&7ZwJ7V=07!#I}tl^g}$cLEtwDLDj&9v Date: Wed, 11 Nov 2020 17:39:18 +0000 Subject: [PATCH 177/487] Auto-publish so-acng image signature --- sigs/images/so-acng.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-acng.sig b/sigs/images/so-acng.sig index ef0728b1c244bfcbf780a83d44a985a2d4c942ee..91c06b7f4bc8044b90d4df895d0d430e3c18a68c 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JA;tg-2@qb#M(iQD9>Qi4Y1i z%6S9jhkwRGG%p2-kv*;sUhxi1DeedjW!E=#)P#s{ZXsD30s&ze5t{?SNSXn=m-O@> z={;-XN_A%g*yvm$0S5kG1*3&IG>Ya{nI(7`Xd&RE{Wq2jl8yCB(4;vGn_DRao|{)O zI^_3g^+tD#JTp_fNF#9;48vkmWF@JE6fcw_^13d2<38AIoxC`jW8&JW*G|9v*`$@Wp^=7&2``19)WapQpJgWrJr1PjlQ7pjLA_>n!DACn=_INjoQ zBij~YupRR;LK$+w3S7AjN5dW*00x<4<%57WTR!zPciSg1NUUudJT@ieP3or!<1DE& zBEOJo!`90()uqF9*pH5b^bg#0c$mAzl}dw#%`8N@0!%WuNJo zPkGEkS6119bLO(cjTe%j1WzM7QTZg~VOcws9!H%yNvEghy7fTbW_DIM!sA) zcp6qqW+7ltbDOD2I}PGK=7r88^4Pmw1eqFo(%CT*ii?ALrJ|!nfq(41<$yjv)ahh? zE`S(ebZi=Ofe*HmcaKZfV@JeImupuZR~l3sG)x#Dwi!(RqdO0NI^1e$P16ub5~o}+ z&pu{OUvZsSHxs^AiwbrXKcHK`DOFv_ZuTJNY;GB(A@|BO(c(smbx3D^W>~Bokftc` z!vLt_7!CRoPFPlHKj_jW{dCw!dZHJo*bTcuor7+L5d%C7cPq*bR|s%2b!`=EB+sLc zqxTjY0GBqg0}kc=?jwN5Yi9D1QMW|&A^vijjDZG;f+QUFXDqFoF5EiS>tzjxl{JE< z&eMJ?>rP Date: Wed, 11 Nov 2020 17:41:08 +0000 Subject: [PATCH 178/487] Auto-publish so-zeek image signature --- sigs/images/so-zeek.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-zeek.sig diff --git a/sigs/images/so-zeek.sig b/sigs/images/so-zeek.sig new file mode 100644 index 0000000000000000000000000000000000000000..363196aef0b2e0a201136860efeab7258e511f33 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JA~XOB2@qb#EpH2Ls{9VW zk(ri%0uPSzr+j{I#|;A@zA5({ls-BjRv_$jaBH)Q7fDl z!-PZkXsk~0xAG%8vf)YO|CJl z!dFp`d?PB7DViP;pJ^30%G^#d zi)3Vmu>sE5+BnB(2$x|j*9Cd=E6{ooqA&#g1}(xvjXwn`2>c20+|2+ literal 0 HcmV?d00001 From b4989c6c0e20f0d092e909a68c7a63fe796216d5 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:43:17 +0000 Subject: [PATCH 179/487] Auto-publish so-minio image signature --- sigs/images/so-minio.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-minio.sig diff --git a/sigs/images/so-minio.sig b/sigs/images/so-minio.sig new file mode 100644 index 0000000000000000000000000000000000000000..32f77e0e9b3430ce3e36c7ff9a053884a573f819 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JBDDYt2@qb#2dh_{taNs-IASe9vEsFou@f-MdU0uN7qPfUW319TD*hdWeRG`7N&-m^ z0TKMQDXcrQOoVoWdLp%QT1}HW<>I?av_%?V_gywQaLza<=kMHVEV{#8F9R#}H!Gno z%b*B}ym8ap?hm91ucs{g%YoUQUpVk<269Im%qh%6$?!XWq8N`hr=Nv(Av@!71s{D` zxGq!h3Vjc4;ZNL%K~ Date: Wed, 11 Nov 2020 12:46:19 -0500 Subject: [PATCH 180/487] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index 11324dd31..b03d99e31 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,2 +1,12 @@ #!/bin/bash + +APP=closeddelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + /usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1 From d85c99abf3ec20620644e401994cf8c5c4ec275a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:46:44 -0500 Subject: [PATCH 181/487] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index b03d99e31..be3ddf77d 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,6 +1,6 @@ #!/bin/bash -APP=closeddelete +APP=close lf=/tmp/$APP-pidLockFile # create empty lock file if none exists cat /dev/null >> $lf From 1e2df983af2a7729cef72b2e9cdfc7de117e9819 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:46:57 +0000 Subject: [PATCH 182/487] Auto-publish so-redis image signature --- sigs/images/so-redis.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-redis.sig diff --git a/sigs/images/so-redis.sig b/sigs/images/so-redis.sig new file mode 100644 index 0000000000000000000000000000000000000000..0154990b7399f858752e8697edec6228a7b64a48 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JBai?J2@qb#1RQ`{!rS_ zWgbJ=bxW}fLz%tB(g4~_w$4()g(e%WS;)=5y|+mF$;FmS9IIe@1a-W`7dsrOw=n=b zuR>B08u~*ZESQai{1?P0CRPaIhz9gQ^VaENn;y-MggnSPGV<3!#x ztF*6SI`5KozFm>^OG^M@v+K?C8>7Vw=UG7w0bNLCl=t}HOX5^!izi}l;~v#SH!saC zB}%R40|o%!5cL_qMFH=|V)w|RlwpA=AUg0#EBxJ9I(RBBp{zD7^>|>9{dK+Ae8%yV zSn**^M--P5-Au|kLGUaE>W02M1KK4@9^BdNH6#7!T(y>`m(BE=mV}b(*8f!@I@7_t zMT>zN)+;+TOrNSk<jCW3{S>h+l>q;%1@}1^FG*lq%beII~U}MZLu_xa# zrHckRU}|@+nJJ~+HY%nx{dqJjvS8Ls8h}va*+$Z!`>eWM#ja@IFfQ;`ip)Te83Ar* hk?d(DUxSBVem?OX+=$K Date: Wed, 11 Nov 2020 17:48:03 +0000 Subject: [PATCH 183/487] Auto-publish so-kratos image signature --- sigs/images/so-kratos.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-kratos.sig diff --git a/sigs/images/so-kratos.sig b/sigs/images/so-kratos.sig new file mode 100644 index 0000000000000000000000000000000000000000..7b2b6e9a35ba05c15c8e079b037c5c940b029c10 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JBhvs12@qb#yVe*tGeod|_g)mllS z3Fmx#VgVqby|h)hG$;@gmUe`HK_uRtnH3^gM7;c>d-L;gF7*c0IH?q|Ss`}8_;(0N zn3woT%Stx9dR@eAOrnRl?_Vi$waHh}S#lq@ag=+Tc-D~~N$P}IdAy$a{8U_gY?>@6Zp5(JDbkOn~MY zzAAj!lLcD?btM$1+uAnzy~fwaT>_3_F@W`!0{gNZ{fOe|W9EEw!9l`qi7cJc?sfv6 zPOn8CXlf!M9ez`i7?87%O?RC&S}v?fu1q?C^chP&OBpv_=e-w%x>L&Gc@2o*v_pRr hdVDT@P0sivk$RCnxQ^7(JbB3u28}zb^%B4Yc_bL*04D$d literal 0 HcmV?d00001 From e68f90c3b5d51d71561018a1cf94e4964667178b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:48:28 -0500 Subject: [PATCH 184/487] Update so-curator-closed-delete-delete --- salt/curator/files/bin/so-curator-closed-delete-delete | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 689056dc2..c681c04e9 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,6 +1,15 @@ #!/bin/bash +APP=closedeletedelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + {%- if grains['role'] in ['so-node', 'so-heavynode'] %} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%} From 578250a9946a9153653ad1f24591768dd733c721 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:48:55 -0500 Subject: [PATCH 185/487] Update so-curator-delete --- salt/curator/files/bin/so-curator-delete | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/files/bin/so-curator-delete index 166497855..d79555dee 100644 --- a/salt/curator/files/bin/so-curator-delete +++ b/salt/curator/files/bin/so-curator-delete @@ -1,2 +1,12 @@ #!/bin/bash + +APP=delete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/delete.yml > /dev/null 2>&1 From a354a6279b70dbcabc5858cc38bca41dda7b9b41 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:49:25 +0000 Subject: [PATCH 186/487] Auto-publish so-idstools image signature --- sigs/images/so-idstools.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-idstools.sig diff --git a/sigs/images/so-idstools.sig b/sigs/images/so-idstools.sig new file mode 100644 index 0000000000000000000000000000000000000000..74c6d746ca100d78a68efba2c09268c95dee0f67 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JBqaa}2@qb#}dIR8Cj(c*GDNpi^ozr%~oP$7g3g1bpYb0Vnyz(n)OuW-;tn<*zzM~N2#WAzf~-;O|eqH<7doeXb3H;jyE+oXMLm~xMP3^Wr>3E4(+r7SYK&f1>y0y{wq2FtDCi_8%I!h6% z*r8;Lr&+bOTBeYBXv`#|H?=BBL4hFG_2&JZ@WJ#lq#Ae3IkmmJ3+rG+DBKWG9De4^ ztJ%V+gGxp{HMVXOh5TzvhAex$_0fIJG4p3#4UyTo!j+JMM4aq*plsi{puhW2jjr#J zYGozs8CLBMv&)e=X>~J%2Zqdlv6O8}> literal 0 HcmV?d00001 From 2eb3378b62bb5378cb674d665b24d186f2209a22 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:50:59 -0500 Subject: [PATCH 187/487] Update so-curator-closed-delete --- salt/curator/files/bin/so-curator-closed-delete | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete index 8f6d0a8ea..c2949a4fc 100755 --- a/salt/curator/files/bin/so-curator-closed-delete +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -34,6 +34,13 @@ #fi # Avoid starting multiple instances -if ! pgrep -f "so-curator-closed-delete-delete" >/dev/null; then - /usr/sbin/so-curator-closed-delete-delete -fi +APP=closeddelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + +/usr/sbin/so-curator-closed-delete-delete From 047ab95e68da6010d55b9e556f3c299a78d41fa9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:52:38 -0500 Subject: [PATCH 188/487] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index be3ddf77d..682653ce4 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=close lf=/tmp/$APP-pidLockFile From 33bf799b479b14fb042a1cc4d5759994704a3d31 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:52:55 +0000 Subject: [PATCH 189/487] Auto-publish so-freqserver image signature --- sigs/images/so-freqserver.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-freqserver.sig diff --git a/sigs/images/so-freqserver.sig b/sigs/images/so-freqserver.sig new file mode 100644 index 0000000000000000000000000000000000000000..42f780ca35fb7fd109939ec212388adbcd10b9f7 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JB=-Oc2@qb# zZlrv^CRc)eHJ2IjvqrMS|H9^M>(G|Jm$Yb0XECP;w|X#>ELKHy-O?j@z2U6b-W-*E z_~-5|RIJ#mgjLC@-O6#Epg~ish)n7jut1hIPaEuYdf44FF2q(`j2=cfX9rS!So$#8 zrE`f%!r#omkPsr*D6;7VU>uq+gf7E+Km~4+7}V+rt&y&PWSwwrvVb71HOkR{0M=k& z8o!O%suPx6EA@W|6T7mi(v~7TWjcRQQscWX8Ki$J4&|po6YrpiG-NSVGNO7Fan1%3 z>Q*H2@q?$yG6s=w$XAOIH`gV;(h_><6r!Uc)G6CqvUx9q+hi0)U=<>VWV#PXf#kyk z2aexk28#a3H^^U+x25Sk6vASBs_BGB32ki#Vhw-s7*IVT`>iLSi)_MDMkOh#Z{~l< zFf3`itnFGGDnrdGCJ|Ku+r5%Hv|`8I<%!= Date: Wed, 11 Nov 2020 12:53:05 -0500 Subject: [PATCH 190/487] Update so-curator-closed-delete --- salt/curator/files/bin/so-curator-closed-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete index c2949a4fc..714aa5f6f 100755 --- a/salt/curator/files/bin/so-curator-closed-delete +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From c11d8367fac5c4ed2c00fd0d7c7fd1f61d1e12e8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:53:36 -0500 Subject: [PATCH 191/487] Update so-curator-closed-delete-delete --- .../files/bin/so-curator-closed-delete-delete | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index c681c04e9..ac5a1aba2 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,5 +1,19 @@ - #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=closedeletedelete lf=/tmp/$APP-pidLockFile From c75536db6d5726754322f10ab786356aef258f53 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:04 -0500 Subject: [PATCH 192/487] Update so-curator-delete --- salt/curator/files/bin/so-curator-delete | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/files/bin/so-curator-delete index d79555dee..6a85eddb4 100644 --- a/salt/curator/files/bin/so-curator-delete +++ b/salt/curator/files/bin/so-curator-delete @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=delete lf=/tmp/$APP-pidLockFile From c5ddddda2aa6d7f43880c972ff0ffb7b82ed87ca Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:31 -0500 Subject: [PATCH 193/487] Update checkfiles.sh --- salt/telegraf/scripts/checkfiles.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh index 0ae56c177..4b6a8493a 100644 --- a/salt/telegraf/scripts/checkfiles.sh +++ b/salt/telegraf/scripts/checkfiles.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=checkfiles lf=/tmp/$APP-pidLockFile From 814aa85dbad049ad44de315d618a6c85bdc96f7c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:48 -0500 Subject: [PATCH 194/487] Update helixeps.sh --- salt/telegraf/scripts/helixeps.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh index 9cb4b77b7..aed559932 100644 --- a/salt/telegraf/scripts/helixeps.sh +++ b/salt/telegraf/scripts/helixeps.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=helixeps lf=/tmp/$APP-pidLockFile From ee0e1ce8d72026bebbbd3c8142eb8821f7e5bed7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:55:08 -0500 Subject: [PATCH 195/487] Update influxdbsize.sh --- salt/telegraf/scripts/influxdbsize.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh index 140c19b23..4e74c4cf5 100644 --- a/salt/telegraf/scripts/influxdbsize.sh +++ b/salt/telegraf/scripts/influxdbsize.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=influxsize lf=/tmp/$APP-pidLockFile From c9bfd8a2539ab7aa34785ca42bbdd113343d7b9b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:55:28 -0500 Subject: [PATCH 196/487] Update oldpcap.sh --- salt/telegraf/scripts/oldpcap.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh index 4aee393ac..b8d383112 100644 --- a/salt/telegraf/scripts/oldpcap.sh +++ b/salt/telegraf/scripts/oldpcap.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=oldpcap lf=/tmp/$APP-pidLockFile From ea88fa731959eabecf68fa93a681fb75248f7074 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 17:56:28 +0000 Subject: [PATCH 197/487] Auto-publish so-soctopus image signature --- sigs/images/so-soctopus.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-soctopus.sig diff --git a/sigs/images/so-soctopus.sig b/sigs/images/so-soctopus.sig new file mode 100644 index 0000000000000000000000000000000000000000..2567336642d9f769483b3c9ffe6f39870b2664d9 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCCmT{2@qb#VzK8O)Q_|0RvXLeAe(wPv{-5IUOM3Cu!4oPXXM~#Lrv)h?_foJ>02;AkFl{6zCm`rn?F~Kk$p8gPBkTz}1u`9kw0My)} zU_8#>JL0;;5jg@p6TUpeD9^;SM71@EA3<4Go<+erBNkNXB9^c~Mfb&RgIN%~5ToFN zGWm4(i{?iRTQ_x}3p3fq#a{#}vN@f1M^#rOK!FC{xFGe8nBPv#hi}5je89GCX Date: Wed, 11 Nov 2020 17:58:56 +0000 Subject: [PATCH 198/487] Auto-publish so-fleet-launcher image signature --- sigs/images/so-fleet-launcher.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-fleet-launcher.sig diff --git a/sigs/images/so-fleet-launcher.sig b/sigs/images/so-fleet-launcher.sig new file mode 100644 index 0000000000000000000000000000000000000000..1a9a00a3b866217a710daa868f544094be4bbd4e GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCSU*x2@qb#gJKcb z$%^uAf=%Cq?whmVfvVJhHWv_4fsC`5qbG~oW5vcC@NVR3g0_;4b9=RneMPWy+H34s znFNS!?O&!tP>U)QBx!t>{US+9E|EC&Kyu1%TvwVi1Vmq8Kn5d&shE!gJ46z8mP&gL zk8z5o{W;XmH%nMVu}W&o*_2oa(ccPcCYkR?mW2(@MzQ9gOwo#sU*aE-@bEo8V7Wjo0Cb1B zuU=Fqy!;I6bxHi5lqQ3UE^p=A8CtC2vPS*w>4bq+_TJu@Wp4=r;yGwju<+iQmIJgv z#Wp2Oed(lEtT8l-+urqkwL5Lh{T06esn;cg{GT+eh{M-^v>srcLbm<$!gJTk20ecz z8C_e!omG6Yt^NDD0*sNCGp77I_I{WBb$G4uPE)2EtgqPBs2xdnzySNM-Yx6oCa Date: Wed, 11 Nov 2020 18:02:54 +0000 Subject: [PATCH 199/487] Auto-publish so-strelka-manager image signature --- sigs/images/so-strelka-manager.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-strelka-manager.sig diff --git a/sigs/images/so-strelka-manager.sig b/sigs/images/so-strelka-manager.sig new file mode 100644 index 0000000000000000000000000000000000000000..0e1bafe983a37f1d6ed8012d1bad2045b79ed11d GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCr$tg2@qb#_49S;+| zDN=A`RB#lKdn|i08U~4K&ASOy;+};&_<%hTFV%a_PQlE~VLM_%=X?B6UUw+S-9dZk zUM@{4Rb*$@J3lK1I`^HDRn|PcjT@qU zz8gxFuf#AP1 z*L2kc7CwqMCGyrANRZb@i?i}?)(_W;dEG5m;V0df>ScArk~l~2q(7y7`e^7pGs|4A hS1c!ZqrG;h_V5aUX{n*T8QTyz6yDGwlTS4>t++vq1|I+b literal 0 HcmV?d00001 From 307af1248ca74d6cbccaff9aeffdec8bbbae2467 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 18:05:26 +0000 Subject: [PATCH 200/487] Auto-publish so-thehive-cortex image signature --- sigs/images/so-thehive-cortex.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-thehive-cortex.sig diff --git a/sigs/images/so-thehive-cortex.sig b/sigs/images/so-thehive-cortex.sig new file mode 100644 index 0000000000000000000000000000000000000000..18198fa9640e07f65e1a314587a7e304ea9d7868 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JC*}YO2@qb#)XnE?dWrqmFfom<=oHZE?7&V|?sI0YJQgV-lXhmV{2UA^n$EUXl zDg{piPkDd&igQ9IwGgoqkD8)TG(JEyr_Y1a^&D8di}nrbngTP`i}LWru@0Yff{@T$lPI#^3=rXj3Azsa5XsWwR|ygp3CCO*Ss2RHx# literal 0 HcmV?d00001 From 3a9c9e3d99c588a35deadbec204410c006f8d87b Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 18:08:03 +0000 Subject: [PATCH 201/487] Auto-publish so-strelka-frontend image signature --- sigs/images/so-strelka-frontend.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-strelka-frontend.sig diff --git a/sigs/images/so-strelka-frontend.sig b/sigs/images/so-strelka-frontend.sig new file mode 100644 index 0000000000000000000000000000000000000000..b8b8dddb3900290e530f1a455a06cf817187a535 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JD1!hB2@qb#yYkG z#HI@F+01?G#4PeRn*@jn{B$q+`e9L(9&O|c)!)F~nRltLFgWwpT#@9O00>Pu{d#9n zhj9iQF2Qv2Zf`Mw6qy3qT9XBXZ_ijx?Bn-gHqo-M#{qO+|LiZo2SOrHME@Cn z;xM(n0}1$36&UMDbh<$!&NcSPHhXe#uGZPS)U>US`*Hk?TF2Jl`<9M-hb2jSyJjC? z96YhXao9$8t$*zEt1=9Q6f7V7@0f2w6xIk7qm9ebktf)(G)q^B>p7}9X?<6%7byIG zsPOgLX7{Ut!=;@fVS%6FiH?&;&QsV9^g#*A1Rz42CDG$&>*3zcFO)U*W Date: Wed, 11 Nov 2020 13:08:28 -0500 Subject: [PATCH 202/487] Update redis.sh --- salt/telegraf/scripts/redis.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh index a1fe0a5ca..9f5dbd37f 100644 --- a/salt/telegraf/scripts/redis.sh +++ b/salt/telegraf/scripts/redis.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=redis lf=/tmp/$APP-pidLockFile From 8e88c350d53ba4b99da3122a2318ac5bca3bfbce Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:08:43 -0500 Subject: [PATCH 203/487] Update stenoloss.sh --- salt/telegraf/scripts/stenoloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index 83b07e4f6..d078284a4 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=stenoloss lf=/tmp/$APP-pidLockFile From 4a80c371674cb8c6304c9953f4ffaabcd0cd3309 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:09:08 -0500 Subject: [PATCH 204/487] Update suriloss.sh --- salt/telegraf/scripts/suriloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index 6a1f8a6c5..cc2cff94c 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=suriloss lf=/tmp/$APP-pidLockFile From a4df3623be69d743ef0a25ab812a1fc582ad13f3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:09:31 -0500 Subject: [PATCH 205/487] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index 095428140..36962e109 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,4 +1,21 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp APP=zeekcaploss From 80b926bc31f055768c217505fd7bef1450c23f55 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 18:09:41 +0000 Subject: [PATCH 206/487] Auto-publish so-logstash image signature --- sigs/images/so-logstash.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-logstash.sig diff --git a/sigs/images/so-logstash.sig b/sigs/images/so-logstash.sig new file mode 100644 index 0000000000000000000000000000000000000000..33c754f0d0290ad9faa2803bf6aa4c5c3c5785d2 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDCGbO2@qb#0d7Q2Qt;a_#laOnUa{4NhQje&dK)RNczuI7duUdA~fqN;1w3QKTv8q5E@WH1B7xB z1KvKceuJKM(l9;bp0S59f2GtFD{;l}lOk1KE3@8~uPzO$oCW=B(vv#{8 z^_Yv#_l7vOr$jT8d#in>%phvhJZp2gT+KgNE&oYa7jkv|ZS5!4;grsLB#_N96e*Z$$mMK<5%hS2UwA%oawvD1(L?3{NZfa0 z8SR}quNiBd;)MhihoQw?VCUzJ$_er}Qymv|l^NR1msV$+h3NcWaj67!r*SZPhY!g< zP}yELd2_2Lgak#eV`Ee;2;SjtVoM?K7wrz65^ows=F!u!6*?u@als~{NSHD&zvcp! zsZ)8A>k`t~fTatAtrX)CH=Ejrc{Cu>LjFCJ%?2%7V@xAqYqCw9B8RIYE9RIH9hAMQ zePhXcYwbiU=xnRKE#-ZFtsi*ne)>jdDG_LTP@p^ Date: Wed, 11 Nov 2020 13:09:52 -0500 Subject: [PATCH 207/487] Update zeekloss.sh --- salt/telegraf/scripts/zeekloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh index 8c134916c..9a64ef4dd 100644 --- a/salt/telegraf/scripts/zeekloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage APP=zeekloss From 97f5f8438c017fa15d488bcf3b96b588720253d6 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 18:11:17 +0000 Subject: [PATCH 208/487] Auto-publish so-thehive-es image signature --- sigs/images/so-thehive-es.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-thehive-es.sig diff --git a/sigs/images/so-thehive-es.sig b/sigs/images/so-thehive-es.sig new file mode 100644 index 0000000000000000000000000000000000000000..0fc118c27fd263c313830cf44cf53291654bd17b GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDMbJZ2@qb#wv&D|Bj{uwsT#d zSZ+(i`d0xeUPVB&o0&u|HunLbWfV%*N@Xavlhe;audGJksM5=ULk0;!Y1>Jd@R&{l z`^mfWmIQ?31yeQyFiL)~8Yi*7K2EMlJ^SVY=YX%zFjk2m_4JLZmNj958NnCbJjH&r zDB5r11a~(7eM2fMk{_Y07N7i?jF%*Be(B5bQ~yE&Nttx?p2Lv=kL-1oEHaHgr+oW_ zsd{ykSC1OKgIou_3w{!q@*R9z0jRD$T2*O|NZ-KPGq>QR#PmLPg1&XzDGK^pO8k`L z5{n#NqLVgR)sTaX=2+>G_6B@9P%_?wAeyB^!xv@K(7H}jE+nn9Re6(Fpz6`>80en2 zJU^7Ln4OE+k6q7%aGNGq6&_*U?$|`*fip*;?egMvqBfe4SksdpdonkTeL+^bY@ZY! zNx#bUG77rcf?!Do@z1#`8XkdW)r-EiP-m2t99&{N-BR6bIVeCf|0;PnQJn6_+A*JX z=O$DH$gx`QcpYGMVbbhx=ev~==XWr)lR`(RV)G(0lc94Bt6^1z%Y Date: Wed, 11 Nov 2020 18:12:47 +0000 Subject: [PATCH 209/487] Auto-publish so-strelka-filestream image signature --- sigs/images/so-strelka-filestream.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-strelka-filestream.sig diff --git a/sigs/images/so-strelka-filestream.sig b/sigs/images/so-strelka-filestream.sig new file mode 100644 index 0000000000000000000000000000000000000000..1bca113cd5613727d95e59ade3238a6f00a03a04 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDW3oe2@qb#U1&&*?f8v&btk=ooZ?w=XY8F;QO)%`Aaq--8@U7t8;Pim0&iVc zp%+~Gp6+ZN7NWDcs6u#O*YCl!oy`qX<^h+X)@qxNyH^oC_KOvwIR$31E(}CM3W?}1 zsGIAsOvvlhLBCalcUgM$=L6Sy*0S9(y6;glTq-ssAw?;bA?tlt)Z&1e{4323Fu6g0 z-eUjj&%GFn*;CF;RAp;(LN$*)Y+x<^K1{ZB$Itm8UjdxKb@~&`eIy1RhfZ0cj>$EU z^ARqldfn`MGs1iACVIrfKJ1H5yyvW#i?zk|ZGFS1WQacT7_NWQy})0m`BgSrVoj=d zC^7zsvLEBa96CoN6gABpe4S9B?9Wa($u6cC zk#`p>IsqwBJOjPXzj-bO!;$B2BZB+B`T6BP= z%8Leh)Xo3SiO0p*zXh-!gM{>YW4>0P!q!n8ux{7w_{pUr=5TK$FVX&X9qu*-S>K0B zoD)-G5w3HxAY~_xRmYkR`E2B2YRyere7(qk(~0(}Ja=b}I0iC#V6>Eo0ikNn^Qj?U h``u Date: Wed, 11 Nov 2020 18:14:28 +0000 Subject: [PATCH 210/487] Auto-publish so-strelka-backend image signature --- sigs/images/so-strelka-backend.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-strelka-backend.sig diff --git a/sigs/images/so-strelka-backend.sig b/sigs/images/so-strelka-backend.sig new file mode 100644 index 0000000000000000000000000000000000000000..5a54bf2e06dd213ced77341b016878024353b5c3 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDg*!u2@qb#CeyjlgD1j@lYMMGC2rmyv>-q?R9KP!9aFZI zj>XW;Bmvia4e7BS8!jJ=s)!r zs;9vWKSKX9%==Uje_nxhGMR4(}H z{QCor@43}+wbBlQo{xSSi^M$C%u$gAWoUnOit?zid|8)iwR_x8^A*?4&Z@;9Eut|G z3;BQ*nZEOC` Date: Wed, 11 Nov 2020 18:25:23 +0000 Subject: [PATCH 211/487] Auto-publish so-mysql image signature --- sigs/images/so-mysql.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-mysql.sig diff --git a/sigs/images/so-mysql.sig b/sigs/images/so-mysql.sig new file mode 100644 index 0000000000000000000000000000000000000000..2f2c47f53f66b1cf7b8425af59ddb913a0dc2c1b GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JERz5V2@qb#K?prr>+ z>iskbL=ES_Q~S8E9X!wkwc4fpA%pzL1Uy+qloQy1z!OC(2j_FfSoH3bWsZCqB(-R&X5Qd6pvdMFT(?aBlB@^&4~MjW+2#tk00u&_-Jm%WT&BClc(=MP^=$_NUNc#DRx?pPGRAdrh+ImGVO=0a Date: Wed, 11 Nov 2020 18:53:13 +0000 Subject: [PATCH 212/487] Auto-publish so-nginx image signature --- sigs/images/so-nginx.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-nginx.sig diff --git a/sigs/images/so-nginx.sig b/sigs/images/so-nginx.sig new file mode 100644 index 0000000000000000000000000000000000000000..862da215ece771c83156ceb72603df40d732c1b7 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JGZ_F12@qb#&&gp8BfPS zRHRf;zN)VRO&-iVU|7R%{ra4^6LdsAz1_U|CXirg)+d?&l4lbGv|M?$xQX%wPSjz! zzC_1Kx+^V}3~(T+!A%YnCJAkwN2q1!(vLlhF9F+A&2B?ZzUqzr>26PO?p9-4B~6M% zG_6AC;jJu%B+COW@%O`5l}vRJ9vymU=mFObPz{#dwaSYsKH)nsV~UYPZF1BIhG)iH zTUDk8uEzBu Date: Wed, 11 Nov 2020 18:54:25 +0000 Subject: [PATCH 213/487] Auto-publish so-wazuh image signature --- sigs/images/so-wazuh.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-wazuh.sig diff --git a/sigs/images/so-wazuh.sig b/sigs/images/so-wazuh.sig new file mode 100644 index 0000000000000000000000000000000000000000..e1084947787f8534041f9a4a8446a2102f42a733 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JGhqM<2@qb#*-a zX%ouTozp{QUA362=Ivn19qtPcD{JxlCoS2}M;AVDO5y&<*YjU*urK1$4QWi{a)@OV z0UYi95(&yDlrp;^8d9B+S}d`?dMPxlWTY%rp1ZoYBhzgDAMR8ixd`DzNd^m8pGjn3 z0Cmh#w*x$Jp-Y>+w4CH>~?Jrg+aw4z&?wL^cY>e7v$!sPki^Ya0&{3 zO+g#g*XvNog}Hddm(N!Wh2*I<2u+!@iw-X)lX5`j`U5oA5=GDf4E`b^)}TB*( zxL0rLO!Jg(Ta~CilCU_Yn^uZ9;VGfS1iT!TbP(jhNlB#Q)P#7eIrs6ZQ|;pY+n=iU hw7&K)7@t-E#*dLWI_r{((TW^<;W9$=_QvJfhZ}h*3*7(! literal 0 HcmV?d00001 From 3a622ee71e332051006d6f95e92b966c4ab4f045 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 14:29:47 -0500 Subject: [PATCH 214/487] Hash and sig update --- salt/common/tools/sbin/so-image-common | 6 ++-- setup/so-functions | 48 ++++++++++++++++++++------ 2 files changed, 41 insertions(+), 13 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index a739ec889..92562847f 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -101,18 +101,18 @@ update_docker_containers() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.sig --output $SIGNPATH/$i.gpg if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i" exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 fi - GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1) + GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) if [[ $? -eq 0 ]]; then # Tag it with the new registry destination docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i diff --git a/setup/so-functions b/setup/so-functions index 51a9b01c0..9a21181f9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -19,6 +19,8 @@ source ./so-whiptail source ./so-variables source ./so-common-functions +CONTAINER_REGISTRY=quay.io + SOVERSION=$(cat ../VERSION) log() { @@ -932,21 +934,47 @@ docker_seed_registry() { ) fi local percent=25 + # Let's make sure we have the public key + curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - + + SIGNPATH=/root/sosigs + rm -rf $SIGNPATH + mkdir -p $SIGNPATH + if [ -z "$BRANCH" ]; then + BRANCH="master" + fi for i in "${TRUSTED_CONTAINERS[@]}"; do if [ "$install_type" != 'HELIXSENSOR' ]; then ((percent=percent+1)); else ((percent=percent+6)); fi # Pull down the trusted docker image set_progress_str "$percent" "Downloading $i" { - - if ! docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i"; then - sleep 5 - docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i" - fi - # Tag it with the new registry destination - docker tag $IMAGEREPO/"$i" "$HOSTNAME":5000/$IMAGEREPO/"$i" - docker push "$HOSTNAME":5000/$IMAGEREPO/"$i" - #docker rmi $IMAGEREPO/"$i" - } >> "$setup_log" 2>&1 + echo "Downloading $i" + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i + + # Get signature + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.sig --output $SIGNPATH/$i.gpg + if [[ $? -ne 0 ]]; then + echo "Unable to pull signature file for $i" + exit 1 + fi + # Dump our hash values + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + if [[ $? -ne 0 ]]; then + echo "Unable to inspect $i" + exit 1 + fi + GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) + if [[ $? -eq 0 ]]; then + # Tag it with the new registry destination + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i + else + echo "There is a problem downloading the $i image. Details: " + echo "" + echo $GPGTEST + exit 1 + fi + } >> "$setup_log" 2>&1 done else tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1 From 7132011ece8d983c950d7a31ab39ac270edcf8b7 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:32:05 +0000 Subject: [PATCH 215/487] Auto-publish so-steno image signature --- sigs/images/so-steno.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-steno.sig diff --git a/sigs/images/so-steno.sig b/sigs/images/so-steno.sig new file mode 100644 index 0000000000000000000000000000000000000000..1baf22430f80739aa23802ba03f204afceb946b2 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJT(9c2@qb#x~T1v4wsH__%yUJ)5vVp=Wfm1U3*Nki5{8U0q5K&jK&zoqhoqCRc&6 zvAxEy>#l5j2ChPE8D`CR{Dq|4pbA+ZJv8B4Cfg-|1wEN7ulB3VnW0?9 zm-ru#6=bU?O7#^TwI!Z0PdMC|LNTcCC>*VkE?%`(bxYmvE*I5bZ{U5U^gvi}zfU~& zbtO+D)mVZxHoY2}wG_OjM`5lP2>y z))rTDhpnV!JYiaP-`+m@bdl=A%^2pOqT$CLJ%ARUdq!thC@?+*jnW5j3p;{d0TF$@ hnyOw-4Soy9@uyQAbejYejX+eArpTy}EWYmA^>(C5{I~!B literal 0 HcmV?d00001 From dded28a54ada36fa28355a3034386b06e01b3a92 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:33:55 +0000 Subject: [PATCH 216/487] Auto-publish so-kibana image signature --- sigs/images/so-kibana.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-kibana.sig diff --git a/sigs/images/so-kibana.sig b/sigs/images/so-kibana.sig new file mode 100644 index 0000000000000000000000000000000000000000..e87d93756eb6ae9f54e38d8ae2a43a774747658f GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJfi>#2@qb#D)rPbxpImw4w=lS)UIf;S6xB;sG-%G z^GdObdZsG)bgQT=`AW(0Qn>G-Pr8J`pq4R=246idS&`jWIv~4=%1+|$5W_-e$M=r0YCBs}R@I*9d$DlKJza(9 zL!A2=zp5hb_Xh?TE5+pUDsoqu zo}>^;X)Dy|15Vzvq|Pg;OMzRW>v^He4N$Xgb}Of4O3j*Y9}; zyo_fGDeX7fwv5Atoh3s6mpA?P=#>VFuq+x)>^7?GI0(c<=AC%5g@4n9(Ozw9G9WA?estu$ hn|S)s0)om;;zPK2WjB@D#M_A{Z58)?njf0HgZ|=T3_t(? literal 0 HcmV?d00001 From 638d9ddee32d254f630d9526e78becc49187dc88 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:35:45 +0000 Subject: [PATCH 217/487] Auto-publish so-soc image signature --- sigs/images/so-soc.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-soc.sig b/sigs/images/so-soc.sig index 4b89684bba0f3228a9cd538874caff0de294f29c..df851b48dee3463b8ec6c691147ac1bc3817ba73 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJrMv32@qb#g-uUSIRjoflc?edOcmvIN z#e48RK5J=Ij>0*58|XusJ!Mnh?kS1Pwr+accorO#3()yOA-14L(^gY=3;Hs#_V^>a zmcmNFdmYxIRVOSKLK8O!P_%5B={%9s*%|I2f`PRisFe^NnvsKi@^dM<{ufK4X_EB* z=t=QN--eNIuB+q%hOt9JymCT7gK?{n)O0&jh<1H(n$4^LhevFs55nEhTiT%@%07VV z1%6+$NT&8gyTG(AWP`b=9~e?|@3Aj?X;Z?Z{%O=TKimqQo^*O#LMba_Zvfg#(ute; zO4flT-3^Ih_KYy>C36I@PkImp9ro4;dWq9^(wkX`T4FLoRo|TcM-%P+r-YT_;Ek@o zV;`kOhmeB-xLAu82zi?c>C&NG0zYB)X+rq4qc^0Ne2QmB6gO-So{&AsG$txF>8r92 z(=^CfY-{OXSJ+VkA8HJy8UQd_99X52pwd_)?abrFkpVCHwAvo7nimJVW!5?OwYH_S z1XD|$bBy<{|0hSBTr6`%(>^J5wYCsL3*(UXKF<7S70QKIf9U%DWIG>IE60o2HyYx literal 543 zcmV+)0^t3L0vrSY0RjL91p;5J8l(UU2@qb#x#4}kzS7qW1ATylYPJ8=n`!7v%VgR>)3vF8FYiqgGy89f~( zD5mT2-Gm`oAu^}bY$23F!(LKtm)&8 zWdXZy)~^@Cbz$s6<{W6aAgejPr0ho50zOFT(`C@cqPFhb;Qxx+94wf#(g$;)snBpC ze*xbHX`*r}a0f}{Au*-m_~SdQ>NPw4!AN^HFQIE2k3JjTJPwp8@g;Ao%*hD_e@_gZ z;TMRo-%JTkTAa*imi$5mjTTOjQ=yumxi#<=Ii_Uf$nMj#Y&g)cD0|_T)B3W6rkeGP zmCv?RF$x Date: Wed, 11 Nov 2020 19:36:46 +0000 Subject: [PATCH 218/487] Auto-publish so-acng image signature --- sigs/images/so-acng.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-acng.sig b/sigs/images/so-acng.sig index 91c06b7f4bc8044b90d4df895d0d430e3c18a68c..c1f27f80b1d1600ac04892fae1c349665593bcc5 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJx%}$2@qb#2O}!J)9B#JxA}eWi7U5QN8uzD_DbHF1Vl8Sn566X-$N z@bfvrYgNL8q6HH|o}YQ!qcPs>_F;Tp*6v9kyI^m^R_HbXb6=E|`J(EyuF!YyL=6Jk zOnbtUchIXb8L)4-!Te0}6|yd=>nKm>utS z5aTPyBFO5Q^`Rr{|G-v}RBS9|;rf&wKBu?>dM(iQD9>Qi4Y1i z%6S9jhkwRGG%p2-kv*;sUhxi1DeedjW!E=#)P#s{ZXsD30s&ze5t{?SNSXn=m-O@> z={;-XN_A%g*yvm$0S5kG1*3&IG>Ya{nI(7`Xd&RE{Wq2jl8yCB(4;vGn_DRao|{)O zI^_3g^+tD#JTp_fNF#9;48vkmWF@JE6fcw_^13d2<38AIoxC`jW8&JW*G|9v*`$@Wp^=7&2``19)WapQpJgWrJr1PjlQ7pjLA_>n!DACn=_INjoQ zBij~YupRR;LK$+w3S7AjN5dW*00x<4<%57WTR!zPciSg1NUUudJT@ieP3or!<1DE& zBEOJo!`90()uqF9*pH5b^bg#0c$mAzl}dw#%`8N@0!%WuNJo zPkGEkS6119bLO(cjTe%j1WzM7QTZg~VOcws9!H%yNvEghy7f Date: Wed, 11 Nov 2020 19:38:01 +0000 Subject: [PATCH 219/487] Auto-publish so-zeek image signature --- sigs/images/so-zeek.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-zeek.sig b/sigs/images/so-zeek.sig index 363196aef0b2e0a201136860efeab7258e511f33..a1ce80dd3a9b523c6c7e8a51e3dc3b8c89ffb5b6 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ(&Os2@qb#Zk!@+<8qHr57?T8$Ey|vhK)oq|7Xn$lymr$l8b}N_PKVn z0EW9YA6m<*iyVyZ(?t`AmKHIj#8yf!oPa!zof~ynjE26!50EQ1*y9ZP%yU{Hg6`a; h1NvI~hU4hpW->Wz<{TNegb?T28Q8~_fB(7Sjg^+L3HSg2 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JA~XOB2@qb#EpH2Ls{9VW zk(ri%0uPSzr+j{I#|;A@zA5({ls-BjRv_$jaBH)Q7fDl z!-PZkXsk~0xAG%8vf)YO|CJl z!dFp`d?PB7DViP;pJ^30%G^#d zi)3Vmu>sE5+BnB(2$x|j*9Cd=E6{ooqA&#g1}(xvjXwn`2>c20+|2+ From ff1dab283c1dd507c89482a834f86f7c3bd90ad0 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:38:45 +0000 Subject: [PATCH 220/487] Auto-publish so-fleet image signature --- sigs/images/so-fleet.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-fleet.sig b/sigs/images/so-fleet.sig index 3277719ae6f015558037707a7a4e82328a418e58..c08ed77f48ce1b5c534434ad0ae29a2e82405a0d 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ;eYD2@qb#rAliM}w$Q8)EBj5_cJ zUKk#DGQm|+F27DuS=2!tg|k&fGXDZ(d#Xh%U;{o}qFCfT)n2tpCj5vc^~y6QxY=z- zNAQZQ=C#GP*fUNpQ%NmvnP;1Qiuc`b@o`XjsP7ddd9%x6l#6dXnZ4d8FV+*Uo|d7I zO2%LU|ACGYH7G--ryml9K~<$3BH3XjW8>QICPikXW=vTNFyvMadu^ZASy^KGGeA6i zu<7q0(+pEQWc-eh*S{LLPVTX(9j-a_d_A%UL3p_Csm{dZL_h(JHipsyG(pOQDY35K z3z0~!3*-x?`+u!I0l%|mC=PO5OL_e16urO?XW3-Lc~o#j(&EjVI*Xo$qURJP zM@CG~lgf@Y<&p3U zV(U3{c_BN;EW#9Q(UU8HY^1P_5q%@ghlMYlKI`cGhC#V2tc5W#U?Kxfs;{SD^g6EN hum;7z5?kSyMDjC5cA^IuHF}r5SLs{xuw288Cf0@v2jl<% literal 543 zcmV+)0^t3L0vrSY0RjL91p;5J8)EBBhnWFim>7u5;K zakBxZpQ>er-KyK`oB74na?2X{tvS$uNKP|;UAd6+V8zn=Aqv8v?QQ^OT4I@jn~ro$ zW!V?fg$Evc)G4v7Xcpxd76DcmS;zM=fG=`yOxhUJ(tNemL37(-sO^N5^C9#3E72&_ zxip=MJKZW6EIyrnD#eT?+hi*|-U}zVJ2i41{k^-R!92jq1lR%qtHJ>@gOvlT+Q>Hctbx>;d+!mR z^%*f~$dbq)#9G);X?2CYmtG>C7HPJZ%x-@Rrz{sx5BTwaN&7ZwJ7V=07!#I}tl^g}$cLEtwDLDj&9v Date: Wed, 11 Nov 2020 19:39:38 +0000 Subject: [PATCH 221/487] Auto-publish so-minio image signature --- sigs/images/so-minio.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-minio.sig b/sigs/images/so-minio.sig index 32f77e0e9b3430ce3e36c7ff9a053884a573f819..b82eb163d042884e8b1d48cad16c36173401e78e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ^BC&2@qb#yGsi!Pou_HNZtCD9g@{jv!Yk!G;@HDt4RnMaw4x@<4RSjV8ljTP3k^b7zS|D!tR zy$}i;ryLLycH}5M2#{hkxEal02wA>zcD42h^IlpkuyMdP;h*=55n(U3sAU2Y?O z^ed;dPCOs(saCeIOA3PFnVYwXY%l-0CrZ5`6g%caOYi(sEJ8)3g)723%cIcg&LSlu z4XTg{hG~@V*Mq=%ciHf6-BwIumazGO@zbL+z+gDo;j}HIpNUvU6=gB3iKt_x>v}2dh_{taNs-IASe9vEsFou@f-MdU0uN7qPfUW319TD*hdWeRG`7N&-m^ z0TKMQDXcrQOoVoWdLp%QT1}HW<>I?av_%?V_gywQaLza<=kMHVEV{#8F9R#}H!Gno z%b*B}ym8ap?hm91ucs{g%YoUQUpVk<269Im%qh%6$?!XWq8N`hr=Nv(Av@!71s{D` zxGq!h3Vjc4;ZNL%K~ Date: Wed, 11 Nov 2020 19:40:32 +0000 Subject: [PATCH 222/487] Auto-publish so-mysql image signature --- sigs/images/so-mysql.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-mysql.sig b/sigs/images/so-mysql.sig index 2f2c47f53f66b1cf7b8425af59ddb913a0dc2c1b..b24f4054678ac63a691419dbda7d2a58c46396b5 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ}>|Z2@qb#4*6vBb3vt^exY5Z^lei6{1O!7nLl7t~-vyz>TpVtPpAjgi?7#gOIR@*ClzPf|=0 zk@P$Hh^}gt=5;$f{koH?-c#4;{%ML6< zZ6TLb6StOkP474DBjjq#3u}y|WOK$3%Z7y4(LbAcr3lQMhhV_${b@S%7F}bzk+HSh zAciGZq71pu=^4qLJc<#-Fw(}(mq0EU1P>zmcN@xzE2IC*%?qs{sSB*bQES%Ijr4qoM5vD41Ni|9K%0VXf z)-1qt>H3~g)Duvf$(*m{Z`vTEBNc0c$XKxbh?+QN&~>A_+}HH}T%$PpKP6?T4x=7i zm&8q#l*o|Gp2U2NFhsY|G#P!b7a@tOk;jykHFN`)aKwP23+^L~n8Wzy^7v8B3>+X0 h*-#T-G;Po{-OCHF0yEL+7u{b7L49WjGs6Kgc^>5S6J`Ja literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JERz5V2@qb#K?prr>+ z>iskbL=ES_Q~S8E9X!wkwc4fpA%pzL1Uy+qloQy1z!OC(2j_FfSoH3bWsZCqB(-R&X5Qd6pvdMFT(?aBlB@^&4~MjW+2#tk00u&_-Jm%WT&BClc(=MP^=$_NUNc#DRx?pPGRAdrh+ImGVO=0a Date: Wed, 11 Nov 2020 19:41:26 +0000 Subject: [PATCH 223/487] Auto-publish so-nginx image signature --- sigs/images/so-nginx.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-nginx.sig b/sigs/images/so-nginx.sig index 862da215ece771c83156ceb72603df40d732c1b7..3b273662c101cc3f4e6687ae94871aca8430cfef 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JK4t(42@qb#nYUOkwDx?YW-t&ObU<39gjx@Fqv7V?@n-2NV{dk*YzfrlAt z+aOuu^z8mcTXu^#9Fn0c%`-mLN_!ZQqwB@Yyb<|?ckdoC6*Gbsr)fz_JgT6~f<5=K zq=Q|?EmQo~z#w!*fqQ*K3oC1EDibyl_Ut%v%&(2{c-gZdVa$ez!kZ$My|LCkk7^Q> zn}PgcAr{`fDA8eBaUZZiqQWqdTPfL6%~OrE?KJa~vR^lu{H`daHAmE?KtqnB=}LJy z*~vkp+IetsS86ao;@XQa%8DF#W6Nc&mAM*S&sQ?ovy@_#@RyG!1x1q?9+fXqZ(#!i zh8EeVyD@9MVzoDdZ;3HDmHU!A8+KxqYmIO>oA8m2O+NYVay^xym!!bDP&J0IQ#ghG zg!cW*4@nA+=mf3uj=p-l`UcB1-e`hmhUS-zg;M|t43D&NGYj$(cv!OgDHOW^(z>cd hvFh#n3pi-BO9ndXglKQE&*mOG*eFTxJ{(%Q1A#&Q3FZI* literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JGZ_F12@qb#&&gp8BfPS zRHRf;zN)VRO&-iVU|7R%{ra4^6LdsAz1_U|CXirg)+d?&l4lbGv|M?$xQX%wPSjz! zzC_1Kx+^V}3~(T+!A%YnCJAkwN2q1!(vLlhF9F+A&2B?ZzUqzr>26PO?p9-4B~6M% zG_6AC;jJu%B+COW@%O`5l}vRJ9vymU=mFObPz{#dwaSYsKH)nsV~UYPZF1BIhG)iH zTUDk8uEzBu Date: Wed, 11 Nov 2020 19:42:27 +0000 Subject: [PATCH 224/487] Auto-publish so-redis image signature --- sigs/images/so-redis.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-redis.sig b/sigs/images/so-redis.sig index 0154990b7399f858752e8697edec6228a7b64a48..0e0c12a50515550f0029f75c092d7e553da53cfa 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKBE8%2@qb#XGZ!V*Vq)o+gN%EBp zZ%=9(OhKp~M~&>y!55wSjB4{xEmT?K4_SwFIIdgLB$oHms>4cxhc%;nir_NUoH!}( z3D4Er!4CTAfF$SWRK%d?>A&usnVAHdj<%|!>(kC&i-XO|d!Eia^6m}l7Qp_@ED;Je zxkipT$D@*fK!iA!!)gHJEpdPset(!f@x9A=q9(pazn-G6I5xAA*Tg$eOu6eVmC}lI zHJ;y^;#Pll3bL|T5UWZG=HAOeqh}NQX3G)a%9694W-ZrmD=-pCg=19d5C|q zZqC6Wico-F7Vp>XUTG)PbsDu?Br@?rf*ueeEiS*>td2mYlBcB}c2vE8zw2SV``2?2S1RQ`{!rS_ zWgbJ=bxW}fLz%tB(g4~_w$4()g(e%WS;)=5y|+mF$;FmS9IIe@1a-W`7dsrOw=n=b zuR>B08u~*ZESQai{1?P0CRPaIhz9gQ^VaENn;y-MggnSPGV<3!#x ztF*6SI`5KozFm>^OG^M@v+K?C8>7Vw=UG7w0bNLCl=t}HOX5^!izi}l;~v#SH!saC zB}%R40|o%!5cL_qMFH=|V)w|RlwpA=AUg0#EBxJ9I(RBBp{zD7^>|>9{dK+Ae8%yV zSn**^M--P5-Au|kLGUaE>W02M1KK4@9^BdNH6#7!T(y>`m(BE=mV}b(*8f!@I@7_t zMT>zN)+;+TOrNSk<jCW3{S>h+l>q;%1@}1^FG*lq%beII~U}MZLu_xa# zrHckRU}|@+nJJ~+HY%nx{dqJjvS8Ls8h}va*+$Z!`>eWM#ja@IFfQ;`ip)Te83Ar* hk?d(DUxSBVem?OX+=$K Date: Wed, 11 Nov 2020 19:43:44 +0000 Subject: [PATCH 225/487] Auto-publish so-steno image signature --- sigs/images/so-steno.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-steno.sig b/sigs/images/so-steno.sig index 1baf22430f80739aa23802ba03f204afceb946b2..fa11864ce214ff161cabcfbb3b94440331a98f8f 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKJNeu2@qb#FbJts*}LDRaNJ@D;ZC`fyYEU~vS~k3csP#6B7j%MJT|Q_rcd zw^zWTeI=3@KFs2~Gu>0OA{^$S(05ul0tk4OQ(ibdFxCpBO zz`6B*S~YiY+?z*`HNl)7-@Ea$v{VZ-rwJ)3w;bLu3>JfIT&GDq{JS{-`3Y)I@>v52 z&V@F;Ke#cEaaF??#bLn6-qc0J**=g){j(v7c%&TSLze=NR&auL7fWB8d(0Pk-Qhxb hJL@-;pGTj{C&XrB}*46=06}LNVLjX7;Y;aXU{c`{S literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJT(9c2@qb#x~T1v4wsH__%yUJ)5vVp=Wfm1U3*Nki5{8U0q5K&jK&zoqhoqCRc&6 zvAxEy>#l5j2ChPE8D`CR{Dq|4pbA+ZJv8B4Cfg-|1wEN7ulB3VnW0?9 zm-ru#6=bU?O7#^TwI!Z0PdMC|LNTcCC>*VkE?%`(bxYmvE*I5bZ{U5U^gvi}zfU~& zbtO+D)mVZxHoY2}wG_OjM`5lP2>y z))rTDhpnV!JYiaP-`+m@bdl=A%^2pOqT$CLJ%ARUdq!thC@?+*jnW5j3p;{d0TF$@ hnyOw-4Soy9@uyQAbejYejX+eArpTy}EWYmA^>(C5{I~!B From ca28cc7a177db7ed6a7fd21a7b52a0ca21a91d1b Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:44:58 +0000 Subject: [PATCH 226/487] Auto-publish so-wazuh image signature --- sigs/images/so-wazuh.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-wazuh.sig b/sigs/images/so-wazuh.sig index e1084947787f8534041f9a4a8446a2102f42a733..b2a38d2e2a48dfa95ac39f504add1e0e18edefc2 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKRN&k2@qb#*`BR(^hYOt$!p*=tD6|#E9zp5T^ zMdIK|_~h8!d~7{?RDZv2?HV>yKo87+ylEjEL6=`GVLu)fi?ScV(8knDA^E8ghEU^=m?R}JA?>1 zswyIV;Xg$VzdZKMD%cS>_h>Rh0*XM#?Dp)C3W36e$7Gw}fT$2dtTF0m=6J>6BfWpt zi_}JftO)%?a*V_89l3Mx%YH1{$UB1MfE$;*)v$i0n}oQ1evCiSJ!Bt;2o?QdJaV}B zv)e$~s&bKJz+!ZFL!U21H!C%*jFNsesI6g&AQoI^wwUTKOc@X$qP=gdYfi^tkIz{l9t-5IpSb!__q%XC=vS8V=D~{)<6(KydocR5q@}tr#c6yRy*O)~Vv> z0#~3jeG7kLD)8d$(Mu;tHV129$KXK5a9*-a zX%ouTozp{QUA362=Ivn19qtPcD{JxlCoS2}M;AVDO5y&<*YjU*urK1$4QWi{a)@OV z0UYi95(&yDlrp;^8d9B+S}d`?dMPxlWTY%rp1ZoYBhzgDAMR8ixd`DzNd^m8pGjn3 z0Cmh#w*x$Jp-Y>+w4CH>~?Jrg+aw4z&?wL^cY>e7v$!sPki^Ya0&{3 zO+g#g*XvNog}Hddm(N!Wh2*I<2u+!@iw-X)lX5`j`U5oA5=GDf4E`b^)}TB*( zxL0rLO!Jg(Ta~CilCU_Yn^uZ9;VGfS1iT!TbP(jhNlB#Q)P#7eIrs6ZQ|;pY+n=iU hw7&K)7@t-E#*dLWI_r{((TW^<;W9$=_QvJfhZ}h*3*7(! From 0ad0255e8cb5e63d89d03a1b1ddf2b414723b9c4 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:46:20 +0000 Subject: [PATCH 227/487] Auto-publish so-kibana image signature --- sigs/images/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-kibana.sig b/sigs/images/so-kibana.sig index e87d93756eb6ae9f54e38d8ae2a43a774747658f..6a1f7c7ab62204cc9a19cfa0df04cbe78406c127 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKa2nh2@qb#w*$C$*z;J8EHWCS7 z73`}Fh4Uf88aW8?$K)WitfI0pMe7+Av{`(H+LEjmwjXHjVO3VwTz#$#a~URPN(su9 z$Lsp6L@=1E5R&_bKq*nf-qCDH?mKt#_VI9$pX^chJ$4-v#TledwADlXvN9SQ(Y$M*pzyl;&{38UP zi98b(f^ZWmpb8k8v$V#&O&^((pcR6Qq`ugC5X}M^*kJNu5k%bLc zl+C=APH?GU)5hOO$VXkS5!3;Mx%AyL*F-?@NTs9R6)55*CDL`t_FE(gBD=kskNgZ2 zhDY4~^;|X`ts6GXTsVPjdM=Cu-9t)t+$~{vgaH+47@@E9?gIIBi}6XK1M@{rPL(iX z44=aLZ4v{B!gwnysQz+{s=fkH+858{8_j&JYQN8FgBZXj;r{=iO#kW!q0aJguU*`c`wMFnPIOe^g;6Yb*#?m4abGw`3#uYjeRD@jn hwVWg`?NMjw79U9BATuCdWgs3|sll5xt$=9APvgqC|3d%( literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJfi>#2@qb#D)rPbxpImw4w=lS)UIf;S6xB;sG-%G z^GdObdZsG)bgQT=`AW(0Qn>G-Pr8J`pq4R=246idS&`jWIv~4=%1+|$5W_-e$M=r0YCBs}R@I*9d$DlKJza(9 zL!A2=zp5hb_Xh?TE5+pUDsoqu zo}>^;X)Dy|15Vzvq|Pg;OMzRW>v^He4N$Xgb}Of4O3j*Y9}; zyo_fGDeX7fwv5Atoh3s6mpA?P=#>VFuq+x)>^7?GI0(c<=AC%5g@4n9(Ozw9G9WA?estu$ hn|S)s0)om;;zPK2WjB@D#M_A{Z58)?njf0HgZ|=T3_t(? From 20107129291ee041b9ba841c4987f6a36c9cdc0b Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:47:11 +0000 Subject: [PATCH 228/487] Auto-publish so-kratos image signature --- sigs/images/so-kratos.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-kratos.sig b/sigs/images/so-kratos.sig index 7b2b6e9a35ba05c15c8e079b037c5c940b029c10..cd4e2c3b9103c9bc1aaad3f10331e7b778fc11ac 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKfeG92@qb#e-hek050F%E95&VJHHYHpK9ZjL^TF+FhASEnRAD(hFA&zc;7UA1#VH9R{6*+_;j zv|bcYIz;Pf)2YmBy9u7BR4Zq^fV%SK38d-{ZT~`Bfc1>wdV=8{09V1t)ilXl{gz+8 zdPPouR|!&YG$HQVz`$b!v}F>rB|wPeDxKgmiVqpgsg2hU3C7U#87fDvvcSRYpUyBd z=Qw5v__c1E{-m7`M8FY@oYTz>-5EW^kN9Ag|3NYxXyGKvVF9uvi7ZQPXLDnI=dMdy15r{ zw+BYwZtPM*$S*VKp~Hn?wq*1?&M3_K8J^RHy+h_Y^4f5jAM(3lM+HaeVJ;&`3#gp zMT?TxJxdo>b$_={ugl$=Xg#-BC9WO6uc$|+5v`^>nUU2tlUg)Pg59}*7$Yu7;7wRI z6@+FsO!FAb`z7(`)eg+W-St%%@$8C(u#_; h;gyVe*tGeod|_g)mllS z3Fmx#VgVqby|h)hG$;@gmUe`HK_uRtnH3^gM7;c>d-L;gF7*c0IH?q|Ss`}8_;(0N zn3woT%Stx9dR@eAOrnRl?_Vi$waHh}S#lq@ag=+Tc-D~~N$P}IdAy$a{8U_gY?>@6Zp5(JDbkOn~MY zzAAj!lLcD?btM$1+uAnzy~fwaT>_3_F@W`!0{gNZ{fOe|W9EEw!9l`qi7cJc?sfv6 zPOn8CXlf!M9ez`i7?87%O?RC&S}v?fu1q?C^chP&OBpv_=e-w%x>L&Gc@2o*v_pRr hdVDT@P0sivk$RCnxQ^7(JbB3u28}zb^%B4Yc_bL*04D$d From 4ccc89805457ac178684c83d3624a380f52f2da1 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:48:16 +0000 Subject: [PATCH 229/487] Auto-publish so-curator image signature --- sigs/images/so-curator.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-curator.sig diff --git a/sigs/images/so-curator.sig b/sigs/images/so-curator.sig new file mode 100644 index 0000000000000000000000000000000000000000..352122a6ed33340f7aa672821477ef4e19086b92 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKmY&=2@qb#-hFs&M9?I?6yWsn>>*hHa&_A6N4Q+_ zOA5=X$eST)3 zy<%db1JT>TxEz;7!so;lo)#vASCVXCm%FQSNIUjJ>|M+kB;5GQBsl?@C;Xl}?vBZ> hS}UTAH!T-duM= Date: Wed, 11 Nov 2020 19:49:26 +0000 Subject: [PATCH 230/487] Auto-publish so-grafana image signature --- sigs/images/so-grafana.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-grafana.sig diff --git a/sigs/images/so-grafana.sig b/sigs/images/so-grafana.sig new file mode 100644 index 0000000000000000000000000000000000000000..ea003a09a73e3c69e238dab1edb9273ad61bb1e4 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKt%uw2@qb#!EPO>6W^RF0~xHE zk;*tk1f@I{=AetNZGuo|aRmQpWd86Il1+f3b9C^m4WJjoqJ-oX2S75&=aQIx@gRAV zCSkGOY~qcw6C+pg5D}5=({W-As_EEM!D-q8ov$CxV;4E|RcL#3n!~{FE>dBJ4 z0uvnSy+GiJSmM(3!QC>i+g0&T&THwPRE}WrM!?SkqFxJrR(j!7Reb-p1O%p5;I$&P zD=ILM3m+3GncF%}x0UwVuxKnHRDdBm)HGiH+l<&^yQ9ws{DK#Lm<3gXQ+DtheInmB ziv;bdZ0q%^kg%q?0`H~ft;uJvj8LU@OpIUT63q$N?N2anN}-97!)h^~$ z9F$xr#bR5ibz6}J*Pmn^cH~9gK(~l0+H4i88Zdl(zqIZN6^_+;2>P>#Mgoai`Pnk+ zQmOl1Us2r+Q$%9iyG{Mb(zcv_{AdxUva9dQ5P$Mgbx{0R`6}!tJdygMk8u+fhK+v5 zIrP$%oaRrB`v6r&K&x}J8SqQ6^VRH5Pp31)hrDuw-n<5*c5wA|_*{OjER1f8l_)xr z^44Maup6dSyUbrK$~M`*_d~5bsL>eH=Mj?1H|7?3tt|)YT3)}|f2w)V2FT67o~oyQ hN><6^Y(|g{; Date: Wed, 11 Nov 2020 19:50:50 +0000 Subject: [PATCH 231/487] Auto-publish so-filebeat image signature --- sigs/images/so-filebeat.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-filebeat.sig diff --git a/sigs/images/so-filebeat.sig b/sigs/images/so-filebeat.sig new file mode 100644 index 0000000000000000000000000000000000000000..58b6415f46e5f6459cb4baba71568cb32dcdb8b6 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JK$-vw2@qb#4A^)M#JiSe>i2%Yz|m63I^?-sh)u{+J49F z)d!lIg>K&rf>q~2^tAR!=$em9+)xWz!`_QSb5&UFa(rT`{mU(7RplTVI2CEGv5%jT z$WJ$fDratIJ?zR}e!u>*c0YSH(ChRg{CmJD?Kli8VXwmpGQ+l^p?62;VKxDMJ0iNc z1L!FvsNBJX$~-JDQ$^dVggLA42JXLk27@KG1X0oa?cUFD-cct9$A#gyETQuO}k zw?&`zPAjChGrrb|Z~R>tY9X>U)DAA$CxCJ7qH+EaZ+xsWEWq<`Q;GetuL`7kWC{6Ku#Tt82Te74TE%-#Sd3n-drXJ>Ss?KM`x9^QDgecLMF hpH?2IpDH8@76x(g_9xyAe|kxR)lWaHLnT$ZOGTNO|7idK literal 0 HcmV?d00001 From 9e9a023377a0c6378a01ae260162ebcc82269afb Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:52:11 +0000 Subject: [PATCH 232/487] Auto-publish so-thehive image signature --- sigs/images/so-thehive.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-thehive.sig diff --git a/sigs/images/so-thehive.sig b/sigs/images/so-thehive.sig new file mode 100644 index 0000000000000000000000000000000000000000..6cbd0478f9034b8a3ca7d97bcde9a39859575900 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKOx z;Qb@!5@JBh$L-JLFmMEp{Wc&=JbtQ33Md;$h`T+xSfPg$qL&oR9+Sal87mIv^vOYY z)I%A1!p{E3n{RV+p>WG(d@%r=ayDF-n*fND)nPEkK7wil`%$cls;90HYMyaAKLWJ&Eq}K5%pN=)z#9t=*ZWD{X~0F)+OKT z7yhk<)q=P*B=%ov-&h|=M+H%6V`gbX5@daC$<1fBS3mF1n@N(Y78Rs)Cq?$C6_=X_ z( Date: Wed, 11 Nov 2020 19:53:15 +0000 Subject: [PATCH 233/487] Auto-publish so-idstools image signature --- sigs/images/so-idstools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-idstools.sig b/sigs/images/so-idstools.sig index 74c6d746ca100d78a68efba2c09268c95dee0f67..b6d914b69c9d64bb5b5bc09d08092b5110810a05 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JK`Q_X2@qb#%!-0K7J*m19gKu$k5exhO<9P?Z4U%-!Zbpwuj#qn+8>K6{|q((~3X8ASf zl}(v3X4;P(r?%3X+hOhkt^UNv-*1z|U?Yv?-V*RuHcEH9ez{=2%YY42&pY`tOJRNc zQw!Es*|qBv8zK1_Wmy|o-HarcEhzwh_U9rl1pcRg`zoY5FPuC}{TcN5Lt&H*GDy1i zdmV}x9mK{cne`k(p;39{TE$8&f4{0$qzE7v4Qd=rWzy!}f0m32Q;&#{AyHay#{GgJ z%?sXOHSZi^piWtp*WT8ByB?sAQ1bRY!e%T(kUBM89aOjV3%O}cq0=i|oS(ljwdsp@ z=5=*l*k@n328LcllXrY$5s>nOST5*2isr0p5VEh{{9y*(7{|VO8fQMWnN6*~hpj*F zyAK&*M|T}{k4)gO_x#)nde}IY)=P=wG=mD5{_Q$qVi(!aa+y47uE);7ESe z*Rs7|G!636YtTo0qmjLIdjFq}oJNKKh>tp69ZjPY3I+fG literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JBqaa}2@qb#}dIR8Cj(c*GDNpi^ozr%~oP$7g3g1bpYb0Vnyz(n)OuW-;tn<*zzM~N2#WAzf~-;O|eqH<7doeXb3H;jyE+oXMLm~xMP3^Wr>3E4(+r7SYK&f1>y0y{wq2FtDCi_8%I!h6% z*r8;Lr&+bOTBeYBXv`#|H?=BBL4hFG_2&JZ@WJ#lq#Ae3IkmmJ3+rG+DBKWG9De4^ ztJ%V+gGxp{HMVXOh5TzvhAex$_0fIJG4p3#4UyTo!j+JMM4aq*plsi{puhW2jjr#J zYGozs8CLBMv&)e=X>~J%2Zqdlv6O8}> From 25b771d36f5bfc6272360ebdcc353bd3e2683bd0 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:54:19 +0000 Subject: [PATCH 234/487] Auto-publish so-influxdb image signature --- sigs/images/so-influxdb.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-influxdb.sig diff --git a/sigs/images/so-influxdb.sig b/sigs/images/so-influxdb.sig new file mode 100644 index 0000000000000000000000000000000000000000..333895fbac571a81519c71807f5feaebb94998b4 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL2CdC2@qb#7O$ECC5T~B4;5u-US|6l-n`Qw2UQBos(!E4DZ=-_mlxMG z1UL!gig)e-GoSj3fMrAgT*;>K^*^$0X}1rorN;X)rG;N)?O#?6Y`;tIBpO_v!wK

$cyha4)4D>C1X(>Uy* zudYq8-E3XuBqO>gj=o`)Vo#yKkCCU@_!Ia04EbB6@3yejs&qtns=iwUXnY)#=9_5h zaw)X^R!_H2#miA^Z*n+@FDKmFq{pFoX5^~~7eV#>wf!67j)fgGI#W`D_LfzPJ2@ly zC8_*^47ErzjpbJ@(KP5nQ?CDb>dc4Sn#0(?l=tDNh%vog4n|@2J;Aofx3glK0w-;9jD_DTK3+pMQh?Tk!)0lv?DK@EjIEUC{nN*#}Yz@*3O?l z$DQ>*!fyzKDS0u^+3%6tl*B?Q!tOY23CX|nXR%==`SH?;(L)fT~NrGr7n5>6R$peL-?g1Y6%MFmi$f3L*di literal 0 HcmV?d00001 From 7fae7500e833ba8aa50fb5efbcaaf38495468446 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 19:55:41 +0000 Subject: [PATCH 235/487] Auto-publish so-logstash image signature --- sigs/images/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-logstash.sig b/sigs/images/so-logstash.sig index 33c754f0d0290ad9faa2803bf6aa4c5c3c5785d2..e515fdd74f4c1d726f8f844d41a313a4b84815cf 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLA?M92@qb#G(1P&Sy2X=VE=)cgQV&aj(3>ZpFK0|E=|Q++e@B;Yh~H{XxcyJa9|AzyDG& zHQV6f8rYqJ$%1W-yy)9_N+A3vQC8X!*HO+Uty*Ynf=^ubE~mc9%w*Njy{DbzA`k0w zhe%Tadm#BEn7pG%W%ScW_$HiQ`wJ+;3Ts#Hh)^)bYa05i8v{j+2QFgv$O-`wE*X>l#{%3*hW7Vsd0R&j^`66nqv7WY&g01pGpVEF`z6I^qIOi89x;48yUVD<*c9 hetRZ7`=0^pZ_n6^_rC-luZ=V5eqRged#JFBnw{y!4Uhl; literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDCGbO2@qb#0d7Q2Qt;a_#laOnUa{4NhQje&dK)RNczuI7duUdA~fqN;1w3QKTv8q5E@WH1B7xB z1KvKceuJKM(l9;bp0S59f2GtFD{;l}lOk1KE3@8~uPzO$oCW=B(vv#{8 z^_Yv#_l7vOr$jT8d#in>%phvhJZp2gT+KgNE&oYa7jkv|ZS5!4;grsLB#_N96e*Z$$mMK<5%hS2UwA%oawvD1(L?3{NZfa0 z8SR}quNiBd;)MhihoQw?VCUzJ$_er}Qymv|l^NR1msV$+h3NcWaj67!r*SZPhY!g< zP}yELd2_2Lgak#eV`Ee;2;SjtVoM?K7wrz65^ows=F!u!6*?u@als~{NSHD&zvcp! zsZ)8A>k`t~fTatAtrX)CH=Ejrc{Cu>LjFCJ%?2%7V@xAqYqCw9B8RIYE9RIH9hAMQ zePhXcYwbiU=xnRKE#-ZFtsi*ne)>jdDG_LTP@p^ Date: Wed, 11 Nov 2020 19:57:18 +0000 Subject: [PATCH 236/487] Auto-publish so-playbook image signature --- sigs/images/so-playbook.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-playbook.sig diff --git a/sigs/images/so-playbook.sig b/sigs/images/so-playbook.sig new file mode 100644 index 0000000000000000000000000000000000000000..5985fba6a84c95a346cb2d296c172b3c7e3a8180 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLLLAL2@qb#qV%DMLdO(vfw z*fPkB274QXqL$A3^I`=!k3np}<#WWIdvmHcO5>X_vbTwhug2}_9C;S%fe+>8;vmRo z^7m(p1aj9G1N?-BAJsXlHXu!!?J?5Qo5*l`xSA~wZYsnR`()%Gc2>X$dqrE!z1Z0O zrS3AgbnUUobs$xlk7BkSMgHodNFjZshVKUjEipsUYz*V#+y(EiX(u9ar#J}w%=7t? zRs&8grf*vIWRb>vW;+MH*+a37AsMgrsUtYH3 zNncX*1Nm~R5qda&%`TFTY!cdgp#pkd{K9uDSpsp&{{>VudzZC*Mh{nG6}v2T4@Y69 zs;q_LZ+m^NT+HKWuuKTe36Og*0RGfDu;c}1r7nOp?w&)W- hF554|lO&HL Date: Wed, 11 Nov 2020 19:58:35 +0000 Subject: [PATCH 237/487] Auto-publish so-soctopus image signature --- sigs/images/so-soctopus.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-soctopus.sig b/sigs/images/so-soctopus.sig index 2567336642d9f769483b3c9ffe6f39870b2664d9..b29cc5b631e37491775b40b1a8cafdb3d0fc787f 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLTUgC2@qb#zT1t6c@rjn}LO@^?Uy2&pqeq7vMa zGc5yLn?{rLhn|;#w6DhqBaOQht=bS!R!>~*a6O2&-;Fzy!#CALAIPbybs;E$_1Qd-CE5yr#(^y(NN z?z8^Ct6+y4jGFXRUT?i!?O2F>7*FEwXjZR2DgaoFTSu9az02=zw#{d68E+OB#;ocT zDOk*G?l5|f*QwlMYP;Dlss)i$(N%wUKYhTC*LL=>Cwo=vPDI7P(cpIjm=We4c5F8_ zDP%TSti`#TPQ(J%AWd;}=?wc)u-UK@GK`43JR`Q7GpMm_XI*3mP7=B?@{V2MWW7Us zltjakWzuWCM-zR4EG;x>=_;ZSS92y3wCbEVoUR`l9S&UU69#3eNE(?c>~|!6^%)*TT}3*AjlWiDIPdb}cQ)F1rV|HX|CIm$ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCCmT{2@qb#VzK8O)Q_|0RvXLeAe(wPv{-5IUOM3Cu!4oPXXM~#Lrv)h?_foJ>02;AkFl{6zCm`rn?F~Kk$p8gPBkTz}1u`9kw0My)} zU_8#>JL0;;5jg@p6TUpeD9^;SM71@EA3<4Go<+erBNkNXB9^c~Mfb&RgIN%~5ToFN zGWm4(i{?iRTQ_x}3p3fq#a{#}vN@f1M^#rOK!FC{xFGe8nBPv#hi}5je89GCX Date: Wed, 11 Nov 2020 19:59:46 +0000 Subject: [PATCH 238/487] Auto-publish so-suricata image signature --- sigs/images/so-suricata.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-suricata.sig diff --git a/sigs/images/so-suricata.sig b/sigs/images/so-suricata.sig new file mode 100644 index 0000000000000000000000000000000000000000..147efa17420de137bb5825d9fe6dce1a1eee53e2 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLb3n~2@qb#LDDA$4M~>i+rV|Lw$~cwdr~N!Xr|#x|h3n8OYo7&$-uY zqq)FUB~j$0MaNTz5P|P6w^u|B42^t;HfSOr?f?6^sANCsq7mB_dP=eBlc%|gSJr-P z2fkPr=-qQ7mvZM0YriB~DcuEeMTM40aRQ!n7#F}ZOe~B8NEKe%J)&YlkFWtB>{?*| z1_b<>Y$|-(wAv5pMZ0KC^f7!|y+3JEy zF^;96C}Oqa7WD{y@HgMfQ&22VpGNmj(oi&;q`Z hfr?Y$`4g6yTRl~SNp3I3E%ed+ Date: Wed, 11 Nov 2020 20:00:55 +0000 Subject: [PATCH 239/487] Auto-publish so-telegraf image signature --- sigs/images/so-telegraf.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-telegraf.sig diff --git a/sigs/images/so-telegraf.sig b/sigs/images/so-telegraf.sig new file mode 100644 index 0000000000000000000000000000000000000000..698642eb4895287fb278196845ecde92d997072b GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLiYd)2@qb#P_;Y5`u}qiMmscwl6VEu59a#p*{5255lUdTkZab38t;6bxs>CX0!oRjoix4pP2)~w>a!cCaZ*U3{#{P6RM(Dy#Jd5q~w9^sl+ zaJPb5sHS7(mA-(y!uYmWc^QP8Fleb5ocE;EgG1lhAv^)gmq ho*ow^EYX3I|Aos;YR7lq#{)S9)m++ Date: Wed, 11 Nov 2020 20:02:05 +0000 Subject: [PATCH 240/487] Auto-publish so-pcaptools image signature --- sigs/images/so-pcaptools.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-pcaptools.sig diff --git a/sigs/images/so-pcaptools.sig b/sigs/images/so-pcaptools.sig new file mode 100644 index 0000000000000000000000000000000000000000..6df84a60341ed9b9a00297b6ff0db9d39c134b95 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLp=Zr2@qb#SC~_E=mvH{soyKH57_fxGL;OJfR*OjTa>l5M$)x1o+H2 zLDG3obsWEY-5daESMIj|%xtn2^q+=i>gv|J^B@F_LgNIomw z4(}{>)u&0?As+wY!+D;VLDKLac~n?YEXP-sO>>qm@(~gS0t!*cyQC%t@Px2uM(hlX zE46~nRo+uN1z=~U=CJ5mdC_M{t3>ZOSD9Y#%(MHZnZ5%1`f6@H8>*7{!!Sq^MB>_M z*u^l&eZR`3OjCdh>C;96r_`|YWiqY`kX3^bKR~U36T_eg77Z@89F}oRqPz|dp4YP^ ha@nC*O?7>zHEH}|3^do+w2}0rl&&^~2SFI2Waq#^42l2% literal 0 HcmV?d00001 From 687120ce4a0dc43d7dc8296cd15aa1d4c1c97d55 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:03:28 +0000 Subject: [PATCH 241/487] Auto-publish so-tcpreplay image signature --- sigs/images/so-tcpreplay.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-tcpreplay.sig diff --git a/sigs/images/so-tcpreplay.sig b/sigs/images/so-tcpreplay.sig new file mode 100644 index 0000000000000000000000000000000000000000..ecffc15b9b0f72417c2a56a4bb63e2ac72c5a8e3 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLy!Op2@qb#UXveDe$Rt`HNNoc+0OX7mAvT~?4fqgALSOMl@Q92>qrJ#ok-e^5L7^Zc^)%U>u z4KRrg!zqSv3JbeAiy;}xZqH-|B?+V;4#hyNj*mz!E$=H=G(2io8I(2v}EUFN2{*# z;Q62G5+kmWOPu1Z`bz5fl|=x(NLj!!yv(?8T|r%+Y_CuFsCH+9ZIS^6ojDH4?He)H znh$_<8@t%mhVdA_Wep}H_-``5_Ky)s1KgUXr|a*wztl}&3^U|UNlYnP1=-Avp+o{Z z50CN^hMUp)PfBdz$G2Obr(hyJ!pTZ$n0_NAYo7WbbxWw*QLSpp4emYNdmYS8cJ8T% zLc$m2AM)Sp#E9KKZ5Fbi|CoTZv^+BSJY=UQ<9MY`NHJ|bMgipc$a++PbOBeN=#%P)Td#_(pmT#Rd7?LxY#Z~z26Wb_iq zw2ked$@0MiFQ?b_+H6)E(7W#H^I$XQnM46bdtF$c1kt;3X~LoXzc{%P6L`KHl0=RY h^ko?JQH*`%2eFa^3B;g9;i-0RF(2jaB{?J4r&!eU34{Ou literal 0 HcmV?d00001 From 6a60890c3658a244bf4533bc2fd06d477941660b Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:04:37 +0000 Subject: [PATCH 242/487] Auto-publish so-elastalert image signature --- sigs/images/so-elastalert.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-elastalert.sig diff --git a/sigs/images/so-elastalert.sig b/sigs/images/so-elastalert.sig new file mode 100644 index 0000000000000000000000000000000000000000..c2a596cfa8b90c787eaf23218fcd18614afa55fc GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL)8EZ2@qb#!I3|2D;5PXZSvB(6H*LR_N)~$sGWt1R<-8~B z0`!(9nL%PxjLs@sNmkb+h$z%>$timZTB6a0GI`^Y<8UkY)0Wy zAsVBa(EGU0%LTIw5qD#ALd=yTYqHu_4@%kHz~K*jXza06g&SQ{uP+tcp0vUp)e>L4Uq{YJF z=ZSn|rp4muOHh6XsDcNrm1AoD}Esd0J54+> Date: Wed, 11 Nov 2020 20:05:36 +0000 Subject: [PATCH 243/487] Auto-publish so-freqserver image signature --- sigs/images/so-freqserver.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-freqserver.sig b/sigs/images/so-freqserver.sig index 42f780ca35fb7fd109939ec212388adbcd10b9f7..4c9b9bf23819f044ff59e448b6c3635f82a189aa 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL=XT92@qb#P5BvzGzE25@c>_i=EqJI0 zzZ*Re60~IDI~36wdVjDCFr7Z#dYtiLkS!Al@`nseWA;q&wrPm%CpjuQaVtP{L&>he zYqG%$t_-#F?BD|xN0^li0GzN`J?Yt~pHW;`IW5u$KTfROKRNSGAhDy)_Ij}X{;5>g z+AmP(#Jl!tS>SS@Bw2jf>m}(N|Z}2bY9U7S@}%LS)k;hX>5``OV@j0 zZq$?hdsi__aR0hdJ5IT>D_dj0=jfrlJ4xV zsGq_BUzlbDBPQuXdHskpJ`3&l(H&SQ2NNr*@=ia~2_eHU@bS55Kkee6ue#yND*GP` zhSyCuH_dqckEIQ|I21~el1jnvBe{#hnHiPDQB1XASkdN4k#J$f?hzRhn}5zjZ|-&P+NbZ$YrXrb*fi76SGd2@x{W!(X84{fE)HRadl zNiN28HSuX)m5fE-mbelx>Q*W5^sHU1&?+RJQDUh&VrmB_j`o*Zp@5n>DQ4^3x&MWHqIf$3{9EMP#Y*rt2V4LE literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JB=-Oc2@qb# zZlrv^CRc)eHJ2IjvqrMS|H9^M>(G|Jm$Yb0XECP;w|X#>ELKHy-O?j@z2U6b-W-*E z_~-5|RIJ#mgjLC@-O6#Epg~ish)n7jut1hIPaEuYdf44FF2q(`j2=cfX9rS!So$#8 zrE`f%!r#omkPsr*D6;7VU>uq+gf7E+Km~4+7}V+rt&y&PWSwwrvVb71HOkR{0M=k& z8o!O%suPx6EA@W|6T7mi(v~7TWjcRQQscWX8Ki$J4&|po6YrpiG-NSVGNO7Fan1%3 z>Q*H2@q?$yG6s=w$XAOIH`gV;(h_><6r!Uc)G6CqvUx9q+hi0)U=<>VWV#PXf#kyk z2aexk28#a3H^^U+x25Sk6vASBs_BGB32ki#Vhw-s7*IVT`>iLSi)_MDMkOh#Z{~l< zFf3`itnFGGDnrdGCJ|Ku+r5%Hv|`8I<%!= Date: Wed, 11 Nov 2020 20:06:33 +0000 Subject: [PATCH 244/487] Auto-publish so-domainstats image signature --- sigs/images/so-domainstats.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-domainstats.sig diff --git a/sigs/images/so-domainstats.sig b/sigs/images/so-domainstats.sig new file mode 100644 index 0000000000000000000000000000000000000000..26d19a98122ff8efd39e1f35adb6837a0e049eca GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL`eV&2@qb#!r479F+z{Di zxh1DNGw9t|ic;E;PWH`x0STu84piI?&)gou2s1b3@Zld1{s8e4>I*iWYbVO}F&-=< zC7W(nzSwiEYuHZ0qm*P=$yf9kJ?9<|U@=}p{Dvu*?QCmk3i^Tpcyy-PJPFp!5r&Hr zR}}Fqks9u2zguU#k14RMluw1MPuVhPZZ)7-9l%y^^J|TGT1I*(-nuD@EOIp|9Nqji zx<#?Ow3x}Wa(a%3-SOr|YtH&SfCHbVnyjGvKrBsC#d-19M@V~VE+*YkuVG>=A1Jqi zN#w!1z8qn%mGq+hDliO;#6-_}n?&}A3e?`7*A{JCjZHV6qbVml@8#M>uf&UgyS9AC z)#50=g~NCL-kcbMG~pMbYTXPgBb(RDn3qIP0*Wd96(rL$)47B^GW1=5z@rJ1=TA&n zFRR-@kQS{z<|ySx{{-(t@TI{MN$^Dtb?-{qI(g42L?9A377fXMx*PZax;dRc{3#VU zp@4tgn6v=6zI7@RKKpHH!*kQmAGe=YbL7~?f+HADIyR0! Date: Wed, 11 Nov 2020 20:08:10 +0000 Subject: [PATCH 245/487] Auto-publish so-elasticsearch image signature --- sigs/images/so-elasticsearch.sig | Bin 0 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 sigs/images/so-elasticsearch.sig diff --git a/sigs/images/so-elasticsearch.sig b/sigs/images/so-elasticsearch.sig new file mode 100644 index 0000000000000000000000000000000000000000..26eb76b6d81c17b6dfc3d98feb4d3c123f8556b0 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM5+J^2@qb#G`e*9 z77)eG5=sE9*)&7OBKv>-^JFw7&^c2+fd~{@uf@o+IR}EwGXd zP1HXcEa&woI=>cOynv%&<~AM&eZNp1XS@ToS@)vQu_nh1xrUB4iPW)a2$OPF%?SW1 z#LDxojxzr#P@{+ftvI0p!UY!n^(!*kkVSC$m^viAtjNUoxF5Ti(IQS<;(Jop%X#yR6CqqfHd+L502}TZalqE z6U49RI((&t%JQtp)1KB`4}^l;w=4eQ5R;T_JuZ+pJN|?p&C8m>3hpr72JtIO=Rf1a h=sq3t3q@_VSG$Ktb3_0tt`n1h!_m15wAFCoewi|S36cN+ literal 0 HcmV?d00001 From 3bbaca41c9e6dcf732b7987e01123e30c1b2d125 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:09:30 +0000 Subject: [PATCH 246/487] Auto-publish so-elasticsearch image signature --- sigs/images/so-elasticsearch.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-elasticsearch.sig b/sigs/images/so-elasticsearch.sig index 26eb76b6d81c17b6dfc3d98feb4d3c123f8556b0..6878dfd6d69c0a5344eee956c83bd4a47d5c6b1a 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMEU><2@qb#=mSg zkSEnRQhSMMs77}y@r@^7OgU^Qwc!oBOw^!)+CxrlpMK((ZIJZw=WfJbyJI!%Zr)p8 zg!=6(`2DB7+fbMFHp&R$f%;x(*MPw)2rKAVXw43o9A%(ZQ=*>ktCEAGjUGK~E>2%z z*(W;*{inJhR7U?6t;#M}U;LQ{Ty}$4?ly{Vu?ZqgnOwMF=w_B(%r3Njb_9@0{0Oa4 ze?q`*Z;Fk+t3!~rqC%oT2-QrjdIF1wA8@(L#2}G?2cZ5-R<^>Cc;!8<8-1$&c zxOmb)_Rq;?kmn}z<=`TdT=!WV0vKK`H{_f2Iops#dx865$8cr5zlp5Iwqt(&hO_!> hjAjv7Zj_k|B29MG`e*9 z77)eG5=sE9*)&7OBKv>-^JFw7&^c2+fd~{@uf@o+IR}EwGXd zP1HXcEa&woI=>cOynv%&<~AM&eZNp1XS@ToS@)vQu_nh1xrUB4iPW)a2$OPF%?SW1 z#LDxojxzr#P@{+ftvI0p!UY!n^(!*kkVSC$m^viAtjNUoxF5Ti(IQS<;(Jop%X#yR6CqqfHd+L502}TZalqE z6U49RI((&t%JQtp)1KB`4}^l;w=4eQ5R;T_JuZ+pJN|?p&C8m>3hpr72JtIO=Rf1a h=sq3t3q@_VSG$Ktb3_0tt`n1h!_m15wAFCoewi|S36cN+ From debbe965fe97363610daad1b0e8ab45c8ab4c20e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:10:27 +0000 Subject: [PATCH 247/487] Auto-publish so-filebeat image signature --- sigs/images/so-filebeat.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-filebeat.sig b/sigs/images/so-filebeat.sig index 58b6415f46e5f6459cb4baba71568cb32dcdb8b6..de2b9291246400aa169ad93b49b37b0995a76c32 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMKb^j2@qb#d;|a(2i{Bd`7`VH`$@xscNA^JI%NH1TcO3*Za``WQ%Qzr6&lFj!89w z9fFXg6+1(vBSp|I~n#{K1M$ z;f(be9yZ<3yXz2YU_{Ok<2p<)+F;h_Yqq&aW8&--S(gewv*wzFz5`DbA`)Fkf+mN? z%9vGD!+Bj_@%CMz<EnQ;2%JR}O&i39`Ma^8lSyDfrAk&VbT0{o0+^2cHC7q{)XK4A^)M#JiSe>i2%Yz|m63I^?-sh)u{+J49F z)d!lIg>K&rf>q~2^tAR!=$em9+)xWz!`_QSb5&UFa(rT`{mU(7RplTVI2CEGv5%jT z$WJ$fDratIJ?zR}e!u>*c0YSH(ChRg{CmJD?Kli8VXwmpGQ+l^p?62;VKxDMJ0iNc z1L!FvsNBJX$~-JDQ$^dVggLA42JXLk27@KG1X0oa?cUFD-cct9$A#gyETQuO}k zw?&`zPAjChGrrb|Z~R>tY9X>U)DAA$CxCJ7qH+EaZ+xsWEWq<`Q;GetuL`7kWC{6Ku#Tt82Te74TE%-#Sd3n-drXJ>Ss?KM`x9^QDgecLMF hpH?2IpDH8@76x(g_9xyAe|kxR)lWaHLnT$ZOGTNO|7idK From 7af1b7a539dc350b7659202aff10b0b947347889 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:11:29 +0000 Subject: [PATCH 248/487] Auto-publish so-fleet-launcher image signature --- sigs/images/so-fleet-launcher.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-fleet-launcher.sig b/sigs/images/so-fleet-launcher.sig index 1a9a00a3b866217a710daa868f544094be4bbd4e..cc6a2d55f22b44c317f7ae3482dea0af57bd9a4e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMR5QM2@qb#YHx2kb;ZUHpI;UTW%$-g2E|%X)0bnKsp+&qk0|+lI={@qK;47WYT$zu}AJrGKp@B&zjNJ~_E6 zIOLr4B)0wR&*%dldKGo4;i`1Z))6#GKAIrG$QTn3q|?J;Dv#7CBBhuQUlbaI1i_tO z>X2VO)|yYy$-f(@+T*I!L(BR0cZ3w%9%7}`3-@x-W0Yo>a1CI1u)W`uyn(4o=3Efi zY~(BI9;x^83lI;V3A}dd_&82M?(mA`8tG7I!qCFN+aJ0hRpoXY zB$3OS;jxD1pX*)3AET8>+{KL#?FllWVHeO)B6I?Sa_u0Px}0b3DfQM5rglVcuVZ*thh zC{ACyT1L;|u%nw4WutOf=uhAm+C^v07;{tM6mD(`K`#u8g)CH@tdgFx6C{lUaloH0 z?aYC{rENTX&()$ym)PA$IX%A*uf~(2FGKT~-9fU|Q$rwsp*jOw>-_7y-u2_FCe literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCSU*x2@qb#gJKcb z$%^uAf=%Cq?whmVfvVJhHWv_4fsC`5qbG~oW5vcC@NVR3g0_;4b9=RneMPWy+H34s znFNS!?O&!tP>U)QBx!t>{US+9E|EC&Kyu1%TvwVi1Vmq8Kn5d&shE!gJ46z8mP&gL zk8z5o{W;XmH%nMVu}W&o*_2oa(ccPcCYkR?mW2(@MzQ9gOwo#sU*aE-@bEo8V7Wjo0Cb1B zuU=Fqy!;I6bxHi5lqQ3UE^p=A8CtC2vPS*w>4bq+_TJu@Wp4=r;yGwju<+iQmIJgv z#Wp2Oed(lEtT8l-+urqkwL5Lh{T06esn;cg{GT+eh{M-^v>srcLbm<$!gJTk20ecz z8C_e!omG6Yt^NDD0*sNCGp77I_I{WBb$G4uPE)2EtgqPBs2xdnzySNM-Yx6oCa Date: Wed, 11 Nov 2020 20:12:38 +0000 Subject: [PATCH 249/487] Auto-publish so-kibana image signature --- sigs/images/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-kibana.sig b/sigs/images/so-kibana.sig index 6a1f7c7ab62204cc9a19cfa0df04cbe78406c127..43ed827e08b3af93d20856384ba4d1eb90c3ad61 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMYaG62@qb#>LuBJy z4!iCSO=)o4aBYks@708g(tZM2xmo-{u0_p{N6#RhAkq)Y+?uW9`4>C~i_vWaX+;(J z_6?R`bNSKarfH&iQ)EDvZUAZvBr>C&qv^4L5T-X_p+nIVsisA?{`%7F95l+S6tJwS z%=3*TXX=Z#xf!X8DV&yUk4k=R&BqZKnxm}po^k+Mmt1~&2k+BBsTvTE+rfOnYa!`w zcKX)ZQN&^B!J$J@a8)b z>cJ(&(V{n`n-3Eo_{w;qsl1>6YWdtmfdRZ9>qVT;F7saFQu+{x4O76Gb>4B{l{~nF z9_YfvXXm-Ep!`l1&M}i@U6=>AO}-x3mJZg zK(3!TP)h$dD??djKtDh@J`qaYRMb@o+%d+}_?@*SxIG?3E|O_+iA9*fC2BkgeUINXFdUOX=f|Z9XP4M{F2BtYfOJX+6Vc h5HD^F=G}`mR#xfcVB9Mi3>lcFBY(mk{eGVU5~5)62`B&n literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKa2nh2@qb#w*$C$*z;J8EHWCS7 z73`}Fh4Uf88aW8?$K)WitfI0pMe7+Av{`(H+LEjmwjXHjVO3VwTz#$#a~URPN(su9 z$Lsp6L@=1E5R&_bKq*nf-qCDH?mKt#_VI9$pX^chJ$4-v#TledwADlXvN9SQ(Y$M*pzyl;&{38UP zi98b(f^ZWmpb8k8v$V#&O&^((pcR6Qq`ugC5X}M^*kJNu5k%bLc zl+C=APH?GU)5hOO$VXkS5!3;Mx%AyL*F-?@NTs9R6)55*CDL`t_FE(gBD=kskNgZ2 zhDY4~^;|X`ts6GXTsVPjdM=Cu-9t)t+$~{vgaH+47@@E9?gIIBi}6XK1M@{rPL(iX z44=aLZ4v{B!gwnysQz+{s=fkH+858{8_j&JYQN8FgBZXj;r{=iO#kW!q0aJguU*`c`wMFnPIOe^g;6Yb*#?m4abGw`3#uYjeRD@jn hwVWg`?NMjw79U9BATuCdWgs3|sll5xt$=9APvgqC|3d%( From 4ed6355186dae1a78fd49d4784764b2fc6ea5c5e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:14:14 +0000 Subject: [PATCH 250/487] Auto-publish so-logstash image signature --- sigs/images/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-logstash.sig b/sigs/images/so-logstash.sig index e515fdd74f4c1d726f8f844d41a313a4b84815cf..f05889d3ffaa51a7bce9ba1ab5d34f587b0133ec 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMiu}H2@qb#qj@H#>>UkAUXOq%aFBZD8er>ccFA+$&N4~t5YA88IRn%0`R;nwg9 zvSe(2O~C!vMEK02aCwueV++x()2hltB=v8ih<$OB;fs2)a%eR*PE8$0#W|W=5cws* zv4{74_i$qcuA$6ZER9433hJRo_blr>O)az5|nD(GN-B>Osr zwpHV&wkwR>xscl0X=I03cUAn9W+B|p#pygZA1*lSwk*?9Mi-+9+KpIjo=ZMG(1P&Sy2X=VE=)cgQV&aj(3>ZpFK0|E=|Q++e@B;Yh~H{XxcyJa9|AzyDG& zHQV6f8rYqJ$%1W-yy)9_N+A3vQC8X!*HO+Uty*Ynf=^ubE~mc9%w*Njy{DbzA`k0w zhe%Tadm#BEn7pG%W%ScW_$HiQ`wJ+;3Ts#Hh)^)bYa05i8v{j+2QFgv$O-`wE*X>l#{%3*hW7Vsd0R&j^`66nqv7WY&g01pGpVEF`z6I^qIOi89x;48yUVD<*c9 hetRZ7`=0^pZ_n6^_rC-luZ=V5eqRged#JFBnw{y!4Uhl; From b31ea84c008bd215b7e88a58723e46a9b0812045 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:15:36 +0000 Subject: [PATCH 251/487] Auto-publish so-strelka-backend image signature --- sigs/images/so-strelka-backend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-strelka-backend.sig b/sigs/images/so-strelka-backend.sig index 5a54bf2e06dd213ced77341b016878024353b5c3..9f20104544df067c1800d3e7588facdf7c3595d8 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMrZ&E2@qb#s^Gz70IzF)i5;K#uOOOXlt{>Jtn>8EUYsE~56`mCrV zF-eAEh8cpUDFi*Axp7Fm3^Ke+kxYe#7g;n)Y(iWa*3+ji=WYfXwL+WrE$=z;qRTz&=>$592v;@8MMoaGEy<(23y#9SdC*vNNF>APrJBW?$_aahwDX!ZEPXPleuJ z4J<9i6!aPj5m~|^)R&Cqkmc*tR4)_!+%U!>)EJws6&e6H0rycn|VM|v|OBAn&FUfi%5MokuM--Pxc|80hlZDfZZQX zNoJ2ZNr{o9o2L0OKM4yQ|G3=9rYCk-c&Nua150>JLP*-AyG$~Q%p!cYPTO^J2hC{d z^V%A?6wN?CeyjlgD1j@lYMMGC2rmyv>-q?R9KP!9aFZI zj>XW;Bmvia4e7BS8!jJ=s)!r zs;9vWKSKX9%==Uje_nxhGMR4(}H z{QCor@43}+wbBlQo{xSSi^M$C%u$gAWoUnOit?zid|8)iwR_x8^A*?4&Z@;9Eut|G z3;BQ*nZEOC` Date: Wed, 11 Nov 2020 20:16:30 +0000 Subject: [PATCH 252/487] Auto-publish so-strelka-filestream image signature --- sigs/images/so-strelka-filestream.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-strelka-filestream.sig b/sigs/images/so-strelka-filestream.sig index 1bca113cd5613727d95e59ade3238a6f00a03a04..fc1e993d31797786456c6b3b13841aace8e65caf 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMxFo)2@qb#oTcMT#7O73p+4j~7=ieF*?fiS#SW0>%`YsOW3E<$iU7O{4}H zs$z+hvVo$(2A+Xh2kjS$dl-|9ktmfbJ=Xma044~Bfx2B-MQ=q2w=Z&dd^+LBIZL32 zN9E$c!&1oVmx~XeNOo|>5?twQ23OMX4Yq<>udm^Ag!FdroX~w+Bbdk4{<3hDZTLPP z1k8)9)I@a9&lF|*rsHIezzPCqbi88(ggL5mc;2e59J-N(P7tR{dYFj{ucF^}CdGWP hJG-JtXR13w>a^obQpe-Qw2nc2sk^5|b9?Zy5>Sd@2BZK0 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDW3oe2@qb#U1&&*?f8v&btk=ooZ?w=XY8F;QO)%`Aaq--8@U7t8;Pim0&iVc zp%+~Gp6+ZN7NWDcs6u#O*YCl!oy`qX<^h+X)@qxNyH^oC_KOvwIR$31E(}CM3W?}1 zsGIAsOvvlhLBCalcUgM$=L6Sy*0S9(y6;glTq-ssAw?;bA?tlt)Z&1e{4323Fu6g0 z-eUjj&%GFn*;CF;RAp;(LN$*)Y+x<^K1{ZB$Itm8UjdxKb@~&`eIy1RhfZ0cj>$EU z^ARqldfn`MGs1iACVIrfKJ1H5yyvW#i?zk|ZGFS1WQacT7_NWQy})0m`BgSrVoj=d zC^7zsvLEBa96CoN6gABpe4S9B?9Wa($u6cC zk#`p>IsqwBJOjPXzj-bO!;$B2BZB+B`T6BP= z%8Leh)Xo3SiO0p*zXh-!gM{>YW4>0P!q!n8ux{7w_{pUr=5TK$FVX&X9qu*-S>K0B zoD)-G5w3HxAY~_xRmYkR`E2B2YRyere7(qk(~0(}Ja=b}I0iC#V6>Eo0ikNn^Qj?U h``u Date: Wed, 11 Nov 2020 20:17:09 +0000 Subject: [PATCH 253/487] Auto-publish so-strelka-frontend image signature --- sigs/images/so-strelka-frontend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-strelka-frontend.sig b/sigs/images/so-strelka-frontend.sig index b8b8dddb3900290e530f1a455a06cf817187a535..e035c992861dc902fa0becedc38788302f9e5ca7 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM#TUM2@qb#J7-ATD^Tu zviBXzvQu{5Q&lN7O^}P1O6$v8i9VmMpHgDx}>RPhNUy=z@jqwD=Z zvQQQ<71n)wiA|~{`SdF>y6k;u>EO@X7c(SYWzUT;ctZH*G2NV_%07Dn&aAyDQ0yks zBTdnX3IV6?&n|vCcVd4B`_8(6F8sNn2$Gs><-En`ufJh4M6-@0VSguStz3rXaz%RV zl@`7;zq{%l3_v4THU5loGx!oAm`k|ndSa@sd^29gh29K|E==1<=M}909^zf8J$Z5& zU|N{;lDfi0{2Fo&wXSPxOF-WD{&P{t^}*)--VE*QKA9Ey4&`pjiyutDQ*Xmnyz=KI znga2w>9_Wg!T}1$o(OCmn6=)Mh>tTJC++_CFTimpAvkw1 z+n{z6oJ9(3ggV;a*~i3V`Q%QgeL1Tg>r literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JD1!hB2@qb#yYkG z#HI@F+01?G#4PeRn*@jn{B$q+`e9L(9&O|c)!)F~nRltLFgWwpT#@9O00>Pu{d#9n zhj9iQF2Qv2Zf`Mw6qy3qT9XBXZ_ijx?Bn-gHqo-M#{qO+|LiZo2SOrHME@Cn z;xM(n0}1$36&UMDbh<$!&NcSPHhXe#uGZPS)U>US`*Hk?TF2Jl`<9M-hb2jSyJjC? z96YhXao9$8t$*zEt1=9Q6f7V7@0f2w6xIk7qm9ebktf)(G)q^B>p7}9X?<6%7byIG zsPOgLX7{Ut!=;@fVS%6FiH?&;&QsV9^g#*A1Rz42CDG$&>*3zcFO)U*W Date: Wed, 11 Nov 2020 20:18:03 +0000 Subject: [PATCH 254/487] Auto-publish so-strelka-manager image signature --- sigs/images/so-strelka-manager.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-strelka-manager.sig b/sigs/images/so-strelka-manager.sig index 0e1bafe983a37f1d6ed8012d1bad2045b79ed11d..fa2248204ca22676629010f39ae9b67dacf5896d 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM*9E?2@qb#VZSlJpiZN-&p^-0bE*)bvQbqQfb}oh&Pg7G|CmfiByBu`rc9hU#3Oda8 zqe4;Viul5>XI>L;n<-DI@VuESo0Dvp@UW?i6=&y5BNuepHg1A>;xbq3S-)!>uArFr zt}P+X5tt-tisL}3d7EQ5#K9$3ReIC literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JCr$tg2@qb#_49S;+| zDN=A`RB#lKdn|i08U~4K&ASOy;+};&_<%hTFV%a_PQlE~VLM_%=X?B6UUw+S-9dZk zUM@{4Rb*$@J3lK1I`^HDRn|PcjT@qU zz8gxFuf#AP1 z*L2kc7CwqMCGyrANRZb@i?i}?)(_W;dEG5m;V0df>ScArk~l~2q(7y7`e^7pGs|4A hS1c!ZqrG;h_V5aUX{n*T8QTyz6yDGwlTS4>t++vq1|I+b From 25c91192a1ffd57084fb9e5cd857a3b4d5646665 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:19:33 +0000 Subject: [PATCH 255/487] Auto-publish so-thehive-cortex image signature --- sigs/images/so-thehive-cortex.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-thehive-cortex.sig b/sigs/images/so-thehive-cortex.sig index 18198fa9640e07f65e1a314587a7e304ea9d7868..ade63ad67bf049c29f286617fc0cc265fef43ff2 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM^yj{2@qb#HZKYBvuJ7dhHj=(ipN8S<2sRQLX1AYPuC~5ZU_XRzP^WJ%vSUJyTX$ zU@{3M`Cn2`yYnAT9)nMf5>PL|Z3ndbw27&OXtGVtM~~GWffj>sg3OZAO{C9c1Ls_r z-O-N(-Gt>Dpc4`a}RMnrASj`YXz!go~Fp4M2l zs}M1JC|HPT8pP^GOe#e72BL0oSlmIiARC6RY^)C;o(9Dd%6K-;myt1%&zD{gs=H0| zdIRD7C{&C)kf_6%1*-`#k^UloEwUeZeu`~D>i3Wk`d@Wak3HuI@ zAk0D-OvW5@4VMe0nW3%;SL=j1VP)u4-|kxb-)XnE?dWrqmFfom<=oHZE?7&V|?sI0YJQgV-lXhmV{2UA^n$EUXl zDg{piPkDd&igQ9IwGgoqkD8)TG(JEyr_Y1a^&D8di}nrbngTP`i}LWru@0Yff{@T$lPI#^3=rXj3Azsa5XsWwR|ygp3CCO*Ss2RHx# From a234e1c8981690d5a312027efdd8c6ebd0b810a1 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 20:20:56 +0000 Subject: [PATCH 256/487] Auto-publish so-thehive-es image signature --- sigs/images/so-thehive-es.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/so-thehive-es.sig b/sigs/images/so-thehive-es.sig index 0fc118c27fd263c313830cf44cf53291654bd17b..c05fcae3449a2917dfb1ac701de7e93e213ea8f6 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JN2mY_2@qb##{(K8;0XZUM zFTof2C1{^oz0Xb_xXDLDz*T)>GvQne@X0dy9-wl0H;BzoaGRBs^F8$~^tD@us#NYy z%5{~;Hz|L=`G$dM5e%3Q_t)1w|`;JihR91wk(&aVjA;2uS6D!QlE0^Lqc zi~E%5%FRC`%f9E1W?7K6MOFW~bGgRNLT>gO;KOzQfEIOJAHKfKcA5j;dr5K~L=`Cc zzYK{x@`sEfOQo9Mvt*c^IM4icnFYWb6hIv6mANOHqxW(*%%q;ynK3fZQ#;UaIQzmut$bgX^(24<86mW{pD_za69maDVL zVmE@m0_!-V&$@VRS0L3%jxE^v1EA!-{qZxRL`FaM$25Jy=HF;-ZX4c8{$tD%=l2w* hVOp>jvopZi$Y?U%ZutrALv?*iYS7aPizEIe>0L5G5H$b* literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JDMbJZ2@qb#wv&D|Bj{uwsT#d zSZ+(i`d0xeUPVB&o0&u|HunLbWfV%*N@Xavlhe;audGJksM5=ULk0;!Y1>Jd@R&{l z`^mfWmIQ?31yeQyFiL)~8Yi*7K2EMlJ^SVY=YX%zFjk2m_4JLZmNj958NnCbJjH&r zDB5r11a~(7eM2fMk{_Y07N7i?jF%*Be(B5bQ~yE&Nttx?p2Lv=kL-1oEHaHgr+oW_ zsd{ykSC1OKgIou_3w{!q@*R9z0jRD$T2*O|NZ-KPGq>QR#PmLPg1&XzDGK^pO8k`L z5{n#NqLVgR)sTaX=2+>G_6B@9P%_?wAeyB^!xv@K(7H}jE+nn9Re6(Fpz6`>80en2 zJU^7Ln4OE+k6q7%aGNGq6&_*U?$|`*fip*;?egMvqBfe4SksdpdonkTeL+^bY@ZY! zNx#bUG77rcf?!Do@z1#`8XkdW)r-EiP-m2t99&{N-BR6bIVeCf|0;PnQJn6_+A*JX z=O$DH$gx`QcpYGMVbbhx=ev~==XWr)lR`(RV)G(0lc94Bt6^1z%Y Date: Wed, 11 Nov 2020 15:37:11 -0500 Subject: [PATCH 257/487] Change Sig Path --- setup/so-functions | 110 ++++++++++++++++++++++----------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9a21181f9..97c837c4a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -876,61 +876,61 @@ docker_seed_registry() { if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then if [ "$install_type" == 'IMPORT' ]; then local TRUSTED_CONTAINERS=(\ - "so-idstools:$VERSION" \ - "so-nginx:$VERSION" \ - "so-filebeat:$VERSION" \ - "so-suricata:$VERSION" \ - "so-soc:$VERSION" \ - "so-steno:$VERSION" \ - "so-elasticsearch:$VERSION" \ - "so-kibana:$VERSION" \ - "so-kratos:$VERSION" \ - "so-suricata:$VERSION" \ - "so-pcaptools:$VERSION" \ - "so-zeek:$VERSION" + "so-idstools" \ + "so-nginx" \ + "so-filebeat" \ + "so-suricata" \ + "so-soc" \ + "so-steno" \ + "so-elasticsearch" \ + "so-kibana" \ + "so-kratos" \ + "so-suricata" \ + "so-pcaptools" \ + "so-zeek" ) else local TRUSTED_CONTAINERS=(\ - "so-nginx:$VERSION" \ - "so-filebeat:$VERSION" \ - "so-logstash:$VERSION" \ - "so-idstools:$VERSION" \ - "so-redis:$VERSION" \ - "so-steno:$VERSION" \ - "so-suricata:$VERSION" \ - "so-telegraf:$VERSION" \ - "so-zeek:$VERSION" + "so-nginx" \ + "so-filebeat" \ + "so-logstash" \ + "so-idstools" \ + "so-redis" \ + "so-steno" \ + "so-suricata" \ + "so-telegraf" \ + "so-zeek" ) fi if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORT' ]; then TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \ - "so-acng:$VERSION" \ - "so-thehive-cortex:$VERSION" \ - "so-curator:$VERSION" \ - "so-domainstats:$VERSION" \ - "so-elastalert:$VERSION" \ - "so-elasticsearch:$VERSION" \ - "so-fleet:$VERSION" \ - "so-fleet-launcher:$VERSION" \ - "so-freqserver:$VERSION" \ - "so-grafana:$VERSION" \ - "so-influxdb:$VERSION" \ - "so-kibana:$VERSION" \ - "so-minio:$VERSION" \ - "so-mysql:$VERSION" \ - "so-pcaptools:$VERSION" \ - "so-playbook:$VERSION" \ - "so-soc:$VERSION" \ - "so-kratos:$VERSION" \ - "so-soctopus:$VERSION" \ - "so-steno:$VERSION" \ - "so-strelka-frontend:$VERSION" \ - "so-strelka-manager:$VERSION" \ - "so-strelka-backend:$VERSION" \ - "so-strelka-filestream:$VERSION" \ - "so-thehive:$VERSION" \ - "so-thehive-es:$VERSION" \ - "so-wazuh:$VERSION" + "so-acng" \ + "so-thehive-cortex" \ + "so-curator" \ + "so-domainstats" \ + "so-elastalert" \ + "so-elasticsearch" \ + "so-fleet" \ + "so-fleet-launcher" \ + "so-freqserver" \ + "so-grafana" \ + "so-influxdb" \ + "so-kibana" \ + "so-minio" \ + "so-mysql" \ + "so-pcaptools" \ + "so-playbook" \ + "so-soc" \ + "so-kratos" \ + "so-soctopus" \ + "so-steno" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ + "so-thehive" \ + "so-thehive-es" \ + "so-wazuh" ) fi local percent=25 @@ -946,19 +946,19 @@ docker_seed_registry() { for i in "${TRUSTED_CONTAINERS[@]}"; do if [ "$install_type" != 'HELIXSENSOR' ]; then ((percent=percent+1)); else ((percent=percent+6)); fi # Pull down the trusted docker image - set_progress_str "$percent" "Downloading $i" + set_progress_str "$percent" "Downloading $i:$VERSION" { echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.sig --output $SIGNPATH/$i.gpg + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.gpg if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i" + echo "Unable to pull signature file for $i:$VERSION" exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 @@ -966,8 +966,8 @@ docker_seed_registry() { GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) if [[ $? -eq 0 ]]; then # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION else echo "There is a problem downloading the $i image. Details: " echo "" From eb7e8079ec73519ed827ea46a63510340b992f51 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 11 Nov 2020 15:39:06 -0500 Subject: [PATCH 258/487] Create leaktest.yml --- .github/workflows/leaktest.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/leaktest.yml diff --git a/.github/workflows/leaktest.yml b/.github/workflows/leaktest.yml new file mode 100644 index 000000000..d7f407314 --- /dev/null +++ b/.github/workflows/leaktest.yml @@ -0,0 +1,19 @@ +name: leak-test + +on: + push: + branches: [ master, dev ] + pull_request: + branches: [ master, dev ] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: '0' + + - name: Gitleaks + uses: zricethezav/gitleaks-action@master From ac236a053833ccbe8384753ce74cdfa53a77fe21 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 11 Nov 2020 15:42:25 -0500 Subject: [PATCH 259/487] Move image sigs into versioned dir --- sigs/images/{ => 2.3.10}/so-acng.sig | Bin sigs/images/{ => 2.3.10}/so-curator.sig | Bin sigs/images/{ => 2.3.10}/so-domainstats.sig | Bin sigs/images/{ => 2.3.10}/so-elastalert.sig | Bin sigs/images/{ => 2.3.10}/so-elasticsearch.sig | Bin sigs/images/{ => 2.3.10}/so-filebeat.sig | Bin sigs/images/{ => 2.3.10}/so-fleet-launcher.sig | Bin sigs/images/{ => 2.3.10}/so-fleet.sig | Bin sigs/images/{ => 2.3.10}/so-freqserver.sig | Bin sigs/images/{ => 2.3.10}/so-grafana.sig | Bin sigs/images/{ => 2.3.10}/so-idstools.sig | Bin sigs/images/{ => 2.3.10}/so-influxdb.sig | Bin sigs/images/{ => 2.3.10}/so-kibana.sig | Bin sigs/images/{ => 2.3.10}/so-kratos.sig | Bin sigs/images/{ => 2.3.10}/so-logstash.sig | Bin sigs/images/{ => 2.3.10}/so-minio.sig | Bin sigs/images/{ => 2.3.10}/so-mysql.sig | Bin sigs/images/{ => 2.3.10}/so-nginx.sig | Bin sigs/images/{ => 2.3.10}/so-pcaptools.sig | Bin sigs/images/{ => 2.3.10}/so-playbook.sig | Bin sigs/images/{ => 2.3.10}/so-redis.sig | Bin sigs/images/{ => 2.3.10}/so-soc.sig | Bin sigs/images/{ => 2.3.10}/so-soctopus.sig | Bin sigs/images/{ => 2.3.10}/so-steno.sig | Bin sigs/images/{ => 2.3.10}/so-strelka-backend.sig | Bin sigs/images/{ => 2.3.10}/so-strelka-filestream.sig | Bin sigs/images/{ => 2.3.10}/so-strelka-frontend.sig | Bin sigs/images/{ => 2.3.10}/so-strelka-manager.sig | Bin sigs/images/{ => 2.3.10}/so-suricata.sig | Bin sigs/images/{ => 2.3.10}/so-tcpreplay.sig | Bin sigs/images/{ => 2.3.10}/so-telegraf.sig | Bin sigs/images/{ => 2.3.10}/so-thehive-cortex.sig | Bin sigs/images/{ => 2.3.10}/so-thehive-es.sig | Bin sigs/images/{ => 2.3.10}/so-thehive.sig | Bin sigs/images/{ => 2.3.10}/so-wazuh.sig | Bin sigs/images/{ => 2.3.10}/so-zeek.sig | Bin 36 files changed, 0 insertions(+), 0 deletions(-) rename sigs/images/{ => 2.3.10}/so-acng.sig (100%) rename sigs/images/{ => 2.3.10}/so-curator.sig (100%) rename sigs/images/{ => 2.3.10}/so-domainstats.sig (100%) rename sigs/images/{ => 2.3.10}/so-elastalert.sig (100%) rename sigs/images/{ => 2.3.10}/so-elasticsearch.sig (100%) rename sigs/images/{ => 2.3.10}/so-filebeat.sig (100%) rename sigs/images/{ => 2.3.10}/so-fleet-launcher.sig (100%) rename sigs/images/{ => 2.3.10}/so-fleet.sig (100%) rename sigs/images/{ => 2.3.10}/so-freqserver.sig (100%) rename sigs/images/{ => 2.3.10}/so-grafana.sig (100%) rename sigs/images/{ => 2.3.10}/so-idstools.sig (100%) rename sigs/images/{ => 2.3.10}/so-influxdb.sig (100%) rename sigs/images/{ => 2.3.10}/so-kibana.sig (100%) rename sigs/images/{ => 2.3.10}/so-kratos.sig (100%) rename sigs/images/{ => 2.3.10}/so-logstash.sig (100%) rename sigs/images/{ => 2.3.10}/so-minio.sig (100%) rename sigs/images/{ => 2.3.10}/so-mysql.sig (100%) rename sigs/images/{ => 2.3.10}/so-nginx.sig (100%) rename sigs/images/{ => 2.3.10}/so-pcaptools.sig (100%) rename sigs/images/{ => 2.3.10}/so-playbook.sig (100%) rename sigs/images/{ => 2.3.10}/so-redis.sig (100%) rename sigs/images/{ => 2.3.10}/so-soc.sig (100%) rename sigs/images/{ => 2.3.10}/so-soctopus.sig (100%) rename sigs/images/{ => 2.3.10}/so-steno.sig (100%) rename sigs/images/{ => 2.3.10}/so-strelka-backend.sig (100%) rename sigs/images/{ => 2.3.10}/so-strelka-filestream.sig (100%) rename sigs/images/{ => 2.3.10}/so-strelka-frontend.sig (100%) rename sigs/images/{ => 2.3.10}/so-strelka-manager.sig (100%) rename sigs/images/{ => 2.3.10}/so-suricata.sig (100%) rename sigs/images/{ => 2.3.10}/so-tcpreplay.sig (100%) rename sigs/images/{ => 2.3.10}/so-telegraf.sig (100%) rename sigs/images/{ => 2.3.10}/so-thehive-cortex.sig (100%) rename sigs/images/{ => 2.3.10}/so-thehive-es.sig (100%) rename sigs/images/{ => 2.3.10}/so-thehive.sig (100%) rename sigs/images/{ => 2.3.10}/so-wazuh.sig (100%) rename sigs/images/{ => 2.3.10}/so-zeek.sig (100%) diff --git a/sigs/images/so-acng.sig b/sigs/images/2.3.10/so-acng.sig similarity index 100% rename from sigs/images/so-acng.sig rename to sigs/images/2.3.10/so-acng.sig diff --git a/sigs/images/so-curator.sig b/sigs/images/2.3.10/so-curator.sig similarity index 100% rename from sigs/images/so-curator.sig rename to sigs/images/2.3.10/so-curator.sig diff --git a/sigs/images/so-domainstats.sig b/sigs/images/2.3.10/so-domainstats.sig similarity index 100% rename from sigs/images/so-domainstats.sig rename to sigs/images/2.3.10/so-domainstats.sig diff --git a/sigs/images/so-elastalert.sig b/sigs/images/2.3.10/so-elastalert.sig similarity index 100% rename from sigs/images/so-elastalert.sig rename to sigs/images/2.3.10/so-elastalert.sig diff --git a/sigs/images/so-elasticsearch.sig b/sigs/images/2.3.10/so-elasticsearch.sig similarity index 100% rename from sigs/images/so-elasticsearch.sig rename to sigs/images/2.3.10/so-elasticsearch.sig diff --git a/sigs/images/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig similarity index 100% rename from sigs/images/so-filebeat.sig rename to sigs/images/2.3.10/so-filebeat.sig diff --git a/sigs/images/so-fleet-launcher.sig b/sigs/images/2.3.10/so-fleet-launcher.sig similarity index 100% rename from sigs/images/so-fleet-launcher.sig rename to sigs/images/2.3.10/so-fleet-launcher.sig diff --git a/sigs/images/so-fleet.sig b/sigs/images/2.3.10/so-fleet.sig similarity index 100% rename from sigs/images/so-fleet.sig rename to sigs/images/2.3.10/so-fleet.sig diff --git a/sigs/images/so-freqserver.sig b/sigs/images/2.3.10/so-freqserver.sig similarity index 100% rename from sigs/images/so-freqserver.sig rename to sigs/images/2.3.10/so-freqserver.sig diff --git a/sigs/images/so-grafana.sig b/sigs/images/2.3.10/so-grafana.sig similarity index 100% rename from sigs/images/so-grafana.sig rename to sigs/images/2.3.10/so-grafana.sig diff --git a/sigs/images/so-idstools.sig b/sigs/images/2.3.10/so-idstools.sig similarity index 100% rename from sigs/images/so-idstools.sig rename to sigs/images/2.3.10/so-idstools.sig diff --git a/sigs/images/so-influxdb.sig b/sigs/images/2.3.10/so-influxdb.sig similarity index 100% rename from sigs/images/so-influxdb.sig rename to sigs/images/2.3.10/so-influxdb.sig diff --git a/sigs/images/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig similarity index 100% rename from sigs/images/so-kibana.sig rename to sigs/images/2.3.10/so-kibana.sig diff --git a/sigs/images/so-kratos.sig b/sigs/images/2.3.10/so-kratos.sig similarity index 100% rename from sigs/images/so-kratos.sig rename to sigs/images/2.3.10/so-kratos.sig diff --git a/sigs/images/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig similarity index 100% rename from sigs/images/so-logstash.sig rename to sigs/images/2.3.10/so-logstash.sig diff --git a/sigs/images/so-minio.sig b/sigs/images/2.3.10/so-minio.sig similarity index 100% rename from sigs/images/so-minio.sig rename to sigs/images/2.3.10/so-minio.sig diff --git a/sigs/images/so-mysql.sig b/sigs/images/2.3.10/so-mysql.sig similarity index 100% rename from sigs/images/so-mysql.sig rename to sigs/images/2.3.10/so-mysql.sig diff --git a/sigs/images/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig similarity index 100% rename from sigs/images/so-nginx.sig rename to sigs/images/2.3.10/so-nginx.sig diff --git a/sigs/images/so-pcaptools.sig b/sigs/images/2.3.10/so-pcaptools.sig similarity index 100% rename from sigs/images/so-pcaptools.sig rename to sigs/images/2.3.10/so-pcaptools.sig diff --git a/sigs/images/so-playbook.sig b/sigs/images/2.3.10/so-playbook.sig similarity index 100% rename from sigs/images/so-playbook.sig rename to sigs/images/2.3.10/so-playbook.sig diff --git a/sigs/images/so-redis.sig b/sigs/images/2.3.10/so-redis.sig similarity index 100% rename from sigs/images/so-redis.sig rename to sigs/images/2.3.10/so-redis.sig diff --git a/sigs/images/so-soc.sig b/sigs/images/2.3.10/so-soc.sig similarity index 100% rename from sigs/images/so-soc.sig rename to sigs/images/2.3.10/so-soc.sig diff --git a/sigs/images/so-soctopus.sig b/sigs/images/2.3.10/so-soctopus.sig similarity index 100% rename from sigs/images/so-soctopus.sig rename to sigs/images/2.3.10/so-soctopus.sig diff --git a/sigs/images/so-steno.sig b/sigs/images/2.3.10/so-steno.sig similarity index 100% rename from sigs/images/so-steno.sig rename to sigs/images/2.3.10/so-steno.sig diff --git a/sigs/images/so-strelka-backend.sig b/sigs/images/2.3.10/so-strelka-backend.sig similarity index 100% rename from sigs/images/so-strelka-backend.sig rename to sigs/images/2.3.10/so-strelka-backend.sig diff --git a/sigs/images/so-strelka-filestream.sig b/sigs/images/2.3.10/so-strelka-filestream.sig similarity index 100% rename from sigs/images/so-strelka-filestream.sig rename to sigs/images/2.3.10/so-strelka-filestream.sig diff --git a/sigs/images/so-strelka-frontend.sig b/sigs/images/2.3.10/so-strelka-frontend.sig similarity index 100% rename from sigs/images/so-strelka-frontend.sig rename to sigs/images/2.3.10/so-strelka-frontend.sig diff --git a/sigs/images/so-strelka-manager.sig b/sigs/images/2.3.10/so-strelka-manager.sig similarity index 100% rename from sigs/images/so-strelka-manager.sig rename to sigs/images/2.3.10/so-strelka-manager.sig diff --git a/sigs/images/so-suricata.sig b/sigs/images/2.3.10/so-suricata.sig similarity index 100% rename from sigs/images/so-suricata.sig rename to sigs/images/2.3.10/so-suricata.sig diff --git a/sigs/images/so-tcpreplay.sig b/sigs/images/2.3.10/so-tcpreplay.sig similarity index 100% rename from sigs/images/so-tcpreplay.sig rename to sigs/images/2.3.10/so-tcpreplay.sig diff --git a/sigs/images/so-telegraf.sig b/sigs/images/2.3.10/so-telegraf.sig similarity index 100% rename from sigs/images/so-telegraf.sig rename to sigs/images/2.3.10/so-telegraf.sig diff --git a/sigs/images/so-thehive-cortex.sig b/sigs/images/2.3.10/so-thehive-cortex.sig similarity index 100% rename from sigs/images/so-thehive-cortex.sig rename to sigs/images/2.3.10/so-thehive-cortex.sig diff --git a/sigs/images/so-thehive-es.sig b/sigs/images/2.3.10/so-thehive-es.sig similarity index 100% rename from sigs/images/so-thehive-es.sig rename to sigs/images/2.3.10/so-thehive-es.sig diff --git a/sigs/images/so-thehive.sig b/sigs/images/2.3.10/so-thehive.sig similarity index 100% rename from sigs/images/so-thehive.sig rename to sigs/images/2.3.10/so-thehive.sig diff --git a/sigs/images/so-wazuh.sig b/sigs/images/2.3.10/so-wazuh.sig similarity index 100% rename from sigs/images/so-wazuh.sig rename to sigs/images/2.3.10/so-wazuh.sig diff --git a/sigs/images/so-zeek.sig b/sigs/images/2.3.10/so-zeek.sig similarity index 100% rename from sigs/images/so-zeek.sig rename to sigs/images/2.3.10/so-zeek.sig From 2269695e75f998df8752fd8fea01cb27f3b3fd22 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 15:50:52 -0500 Subject: [PATCH 260/487] Change gpg to sig --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 97c837c4a..f5463bc1e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -952,7 +952,7 @@ docker_seed_registry() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.gpg + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 From 79cbc747ea49aae4bf6333d199f2eee28e6dea49 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 11 Nov 2020 15:52:48 -0500 Subject: [PATCH 261/487] Run leaktest on any branch --- .github/workflows/leaktest.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/leaktest.yml b/.github/workflows/leaktest.yml index d7f407314..e66a06fa8 100644 --- a/.github/workflows/leaktest.yml +++ b/.github/workflows/leaktest.yml @@ -1,10 +1,6 @@ name: leak-test -on: - push: - branches: [ master, dev ] - pull_request: - branches: [ master, dev ] +on: [push,pull_request] jobs: build: From bc362acf82f36c332e2eb5a45283dd40fd582bb1 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:05:43 +0000 Subject: [PATCH 262/487] Auto-publish so-soc image signature --- sigs/images/2.3.10/so-soc.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soc.sig b/sigs/images/2.3.10/so-soc.sig index df851b48dee3463b8ec6c691147ac1bc3817ba73..c29673ddb47e47dbf52c3dbce69f05a731763ab1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JQYQck2@qb#D0XqfENGcS zm<=5$5>Gz7VQWQ5tz<+sXf2oi{bIhUt9rB!SjO3uN&R)uzD*3~fY2wIGyC{t#&wYK zpc>ZSk_vnUH@0kfkz%41?o=3=R3mLx8o}ZV%a+Iyj4@rvT0xUOdfVRIo3_R+(#?FP zn2D5qU`622U@v_vG0p4rVv}i%&zWdta+2zLl*^x!oYxaX8bH~|$yxZr*Ls-9Y5Y7F zZBZ4`G@eqg_kEpdZ8&g!;I?c;FsRab`a8)P7q65!)8ZSasH~*txcT4a3{IcOu5JkW zsvH7ZxX16g6kB~kMo>e|h+&$bB7I^=iTlyipJR|n;Q#@Z9XZ^N?5?g$Ugd*T9xUa< zv;2U>EE@*p!Y3Ns=cvC>^z!nOoh>ogX zDol6Lq!wCfJGT%nswmA;cFgr5g!=x=HXJxTL-$m)IFxU hiSY=xzmtp{uoi*)iy@<3P;;Wp+D+wzFcuL3MIa>24tW3o literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJrMv32@qb#g-uUSIRjoflc?edOcmvIN z#e48RK5J=Ij>0*58|XusJ!Mnh?kS1Pwr+accorO#3()yOA-14L(^gY=3;Hs#_V^>a zmcmNFdmYxIRVOSKLK8O!P_%5B={%9s*%|I2f`PRisFe^NnvsKi@^dM<{ufK4X_EB* z=t=QN--eNIuB+q%hOt9JymCT7gK?{n)O0&jh<1H(n$4^LhevFs55nEhTiT%@%07VV z1%6+$NT&8gyTG(AWP`b=9~e?|@3Aj?X;Z?Z{%O=TKimqQo^*O#LMba_Zvfg#(ute; zO4flT-3^Ih_KYy>C36I@PkImp9ro4;dWq9^(wkX`T4FLoRo|TcM-%P+r-YT_;Ek@o zV;`kOhmeB-xLAu82zi?c>C&NG0zYB)X+rq4qc^0Ne2QmB6gO-So{&AsG$txF>8r92 z(=^CfY-{OXSJ+VkA8HJy8UQd_99X52pwd_)?abrFkpVCHwAvo7nimJVW!5?OwYH_S z1XD|$bBy<{|0hSBTr6`%(>^J5wYCsL3*(UXKF<7S70QKIf9U%DWIG>IE60o2HyYx From 16e0a268692bcb13ff2458ac74006786f917dcf4 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:30:17 +0000 Subject: [PATCH 263/487] Auto-publish so-soc image signature --- sigs/images/2.3.10/so-soc.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soc.sig b/sigs/images/2.3.10/so-soc.sig index c29673ddb47e47dbf52c3dbce69f05a731763ab1..981549c4a49d3b0d1ee8f5b5a0e7c26eea0d579b 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JSLpx>2@re`V7LBIa1$5d5B?}--5{J+s^yd7=)+)1 z+3}c#ixF=x#%#4nm{C+!D<^~$bAiA^l2mDQ>_CK}4js+}wf4`LIZg0T%ytN0S&59k z-2ZMfB)XRG1D1hU6l^iPseD`=*My0YR!e$cPTwndZk0H{yzARXOKBJ=D@+z*Y}mNL zlhLt$sULy*Rr&^>YmJ~v9#iNogx!p^IF1CX(FeHnj+j(=!w%xgqf9h{qp8gB*`wZp zGNUI+8LFMF<(MU-WiWDruZOlflhM-eVKlhXXP>4Rwsh{xk@2=859z|+8us(tu?r6Y zQtm@=#kAAtr9n;&`%)@y-@ao<6kqCv1c@Np}; z>-j(1jt8Gi6U#!%3VX#ORrp&4wjD0XqfENGcS zm<=5$5>Gz7VQWQ5tz<+sXf2oi{bIhUt9rB!SjO3uN&R)uzD*3~fY2wIGyC{t#&wYK zpc>ZSk_vnUH@0kfkz%41?o=3=R3mLx8o}ZV%a+Iyj4@rvT0xUOdfVRIo3_R+(#?FP zn2D5qU`622U@v_vG0p4rVv}i%&zWdta+2zLl*^x!oYxaX8bH~|$yxZr*Ls-9Y5Y7F zZBZ4`G@eqg_kEpdZ8&g!;I?c;FsRab`a8)P7q65!)8ZSasH~*txcT4a3{IcOu5JkW zsvH7ZxX16g6kB~kMo>e|h+&$bB7I^=iTlyipJR|n;Q#@Z9XZ^N?5?g$Ugd*T9xUa< zv;2U>EE@*p!Y3Ns=cvC>^z!nOoh>ogX zDol6Lq!wCfJGT%nswmA;cFgr5g!=x=HXJxTL-$m)IFxU hiSY=xzmtp{uoi*)iy@<3P;;Wp+D+wzFcuL3MIa>24tW3o From b09065626994cb37ccb2e567757d00eb07748d6e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:33:29 +0000 Subject: [PATCH 264/487] Auto-publish so-acng image signature --- sigs/images/2.3.10/so-acng.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-acng.sig b/sigs/images/2.3.10/so-acng.sig index c1f27f80b1d1600ac04892fae1c349665593bcc5..e22b6ebf14e9c8786f69cfdfce16f4b434ad8a0c 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JSg8OC2@re`V7LBIa1%)q5CDQ-q-j_;MEjBkh;LU& zmvVJYCR}PO*&6-UvnBlx#|%Vf=5Fwf2j|dH6qhZ7rI^Ng&hv5`=BpC)+NQAgU4vG|W#D{VmVobvV%PFyiz1RuDmF(CF)b|q*CA5ozEnmQ59KmcR zCqKg-uJK`aHnH(U?sEfeAGld`HUuxpX|V!VLshe2V>lHbu3z@HXj|0{;53*fCUI~@Vd4ddNqY&V8Z$8wf(Pqjld)g6hU_TX?n@hyiyXZJ{y1{ueh9nbgvT2 zG<7@yshf}El%?X=#k?0hEPIAn`pI_2K~<3LPnjd3(nJaf6PrWA!S<TMZBgv(V!F*+{_!b;-TkOynb!|VkXz&8>Wfn6fZ h6hzgS9SzB@R8%HF8$93a(m$544poujS`jJ-Jz#kf_2O}!J)9B#JxA}eWi7U5QN8uzD_DbHF1Vl8Sn566X-$N z@bfvrYgNL8q6HH|o}YQ!qcPs>_F;Tp*6v9kyI^m^R_HbXb6=E|`J(EyuF!YyL=6Jk zOnbtUchIXb8L)4-!Te0}6|yd=>nKm>utS z5aTPyBFO5Q^`Rr{|G-v}RBS9|;rf&wKBu?>d Date: Wed, 11 Nov 2020 21:34:50 +0000 Subject: [PATCH 265/487] Auto-publish so-zeek image signature --- sigs/images/2.3.10/so-zeek.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-zeek.sig b/sigs/images/2.3.10/so-zeek.sig index a1ce80dd3a9b523c6c7e8a51e3dc3b8c89ffb5b6..9733714a270f8ea9e2149d3015b3eff81fe2f4eb 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JSo#182@re`V7LBIa1%Ix5B?xNQ)3J103>&+L)-M+>eswSQf2`;=pjux5~`W6S|Y4xV%-V9bB=uj%BvYMP5#u1 zQ{N`qeIe&%@^WdYXx0Ghmj}ac0x>-s7CnS_pUXcfae+SZ(Y68b`p{*l81jIRdYUgS z!;CYsk_l!BV}7&g91yKIt@rT`TX^#y6_I`nWCK#WctNO(0`TLG&Dc9~2|E`wUjZF_ zy^nusKG!y$2hrPk?1PimyDntm(n_&Vr9Y*MafjjC&FU8K^Emhvu_GIBeHb* zM1&-$NJJSAHCO)Q;(D>v;D%W;#uX^eSi|vdrTl)vhT0^I(UiVH6<_O;a|kkNRYVr# zu4h&RF($Oa`;$At8X4np9=Fz6@C0fK53X{v($U1L<^i)gkw#cK3ohN3@LbfXEUC5d z5yySGsZdC7?eXXmICPUzKZCW*7-H9vZOt3Yxdf*4mV!XRfhJH}-ghT&247%mS6(*w zX#WN*>nw&=N%U;IWf{G_%TC|1xhYaz&u!mM?L%>HI_w|FszRx7&k^*o2FrM{z}{shvrs5?|FF>m1zN4!^?F^I}5uXbo)@_QdE{{8>} literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ(&Os2@qb#Zk!@+<8qHr57?T8$Ey|vhK)oq|7Xn$lymr$l8b}N_PKVn z0EW9YA6m<*iyVyZ(?t`AmKHIj#8yf!oPa!zof~ynjE26!50EQ1*y9ZP%yU{Hg6`a; h1NvI~hU4hpW->Wz<{TNegb?T28Q8~_fB(7Sjg^+L3HSg2 From b9440364f79e7de007c92b8493ba9e2a2f4ac497 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:35:44 +0000 Subject: [PATCH 266/487] Auto-publish so-fleet image signature --- sigs/images/2.3.10/so-fleet.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet.sig b/sigs/images/2.3.10/so-fleet.sig index c08ed77f48ce1b5c534434ad0ae29a2e82405a0d..7fc2f3ae1d134c12bc29d321f83532a232f3d876 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JSug+!2@re`V7LBIa1+Ps5B(ia!1gvzjkC*CamCir z22}@`EUziPT5B|8%ff(qQhr|=F>*;6{0atUTT$z+6P+9rt^swv z<$>I#@MmBy;~uTGX@~ES6*cZU_Au*zkQAQ3WJOj!;s$Cd4Bw0 zb^)_eHntO{K;W0Ks62gAk$nS+@vvf3(I>sEDR`w`dMXMh3(mR5Vsm9R+-h7@17&Nf z6Oyv&B}giVq~Rur+Bxwz7Xrrey$DTaoL+=Oakrk2*HSoh>Y ze3)h0*M@yoa20~i71L$M1ILnnZn7*YhW_}KcNBn4vnNmfSbne&*X`^I+5w5-z8)6{ zsPe<><12R^RAh!^ST^dSFrt(hx9M3`a!lN3igHU*YFY5(53W47SP<~VbzSrAliM}w$Q8)EBj5_cJ zUKk#DGQm|+F27DuS=2!tg|k&fGXDZ(d#Xh%U;{o}qFCfT)n2tpCj5vc^~y6QxY=z- zNAQZQ=C#GP*fUNpQ%NmvnP;1Qiuc`b@o`XjsP7ddd9%x6l#6dXnZ4d8FV+*Uo|d7I zO2%LU|ACGYH7G--ryml9K~<$3BH3XjW8>QICPikXW=vTNFyvMadu^ZASy^KGGeA6i zu<7q0(+pEQWc-eh*S{LLPVTX(9j-a_d_A%UL3p_Csm{dZL_h(JHipsyG(pOQDY35K z3z0~!3*-x?`+u!I0l%|mC=PO5OL_e16urO?XW3-Lc~o#j(&EjVI*Xo$qURJP zM@CG~lgf@Y<&p3U zV(U3{c_BN;EW#9Q(UU8HY^1P_5q%@ghlMYlKI`cGhC#V2tc5W#U?Kxfs;{SD^g6EN hum;7z5?kSyMDjC5cA^IuHF}r5SLs{xuw288Cf0@v2jl<% From 8668cf9a9cfcda28b98973ec1424489c363e6236 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:36:45 +0000 Subject: [PATCH 267/487] Auto-publish so-minio image signature --- sigs/images/2.3.10/so-minio.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-minio.sig b/sigs/images/2.3.10/so-minio.sig index b82eb163d042884e8b1d48cad16c36173401e78e..1cdcc81cee2cc25dd19e6d22c1e90ba81f0e4cb9 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS!@6b2@re`V7LBIa1+ZH5CEVOP8b`az%xFu@#qtc z1RS%A>*#v@D*(%NhALM{$U$5aa_=0{7gh=tMGB^xD~J~gVZ-rBnHEwkTm4z}M>!Ee z^aWBAV{#O*?{VdZdTH;9Z#>S^$0g;`aLzln&|(e~+Ni z5KP66gPLmEJHn^UEy2a&cJMo9lf~+e<8`m{1izKRy5YFpiBrsXjfzj>m zVHIl8*8kym;D2y3lh&Oihu3s6eE`CchfnAso6&6iFjDM(&6bf6Y+z4V0PNEGS!u!G z1%1|f_-R&+nF6JXJD`p!9xT;7bq!&Bd!(VY;sn_O1Dm2DWKDtWrOa5)#un`k0;xQc zFHQQMK!4ajB2%54WF2U#kR+wfyN6U#y;Zpk>DpaNJ2A%Dc hJxJBH0A)#<%dHE`cnR~j*ePBOm{jIJqN&pkl^Shs1KI!p literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JJ^BC&2@qb#yGsi!Pou_HNZtCD9g@{jv!Yk!G;@HDt4RnMaw4x@<4RSjV8ljTP3k^b7zS|D!tR zy$}i;ryLLycH}5M2#{hkxEal02wA>zcD42h^IlpkuyMdP;h*=55n(U3sAU2Y?O z^ed;dPCOs(saCeIOA3PFnVYwXY%l-0CrZ5`6g%caOYi(sEJ8)3g)723%cIcg&LSlu z4XTg{hG~@V*Mq=%ciHf6-BwIumazGO@zbL+z+gDo;j}HIpNUvU6=gB3iKt_x>v} Date: Wed, 11 Nov 2020 21:37:49 +0000 Subject: [PATCH 268/487] Auto-publish so-mysql image signature --- sigs/images/2.3.10/so-mysql.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-mysql.sig b/sigs/images/2.3.10/so-mysql.sig index b24f4054678ac63a691419dbda7d2a58c46396b5..4da45d9d1dfa60ba0c30e3206a708f42aec17c91 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS*-vH2@re`V7LBIa1%zi5B(G~|JSUORFQw@EQ6F7 zDO7*(hRJV}pN)}pV6t*6$VWsp7~07>h5B5|T&r^~R-Rb^$Hs9*$dWPV60iMQzWuR& zN(KLqSJj_{KDW^D5OsFe*#G9g@?ov$V6O8TOMulI zur>sQ%~tn?qaAcT61i&^SIh+P{&TP2<;_DSUpf!j$1HyV2BE*J7X$V8CmO+!px;?h zJV1yFDO<$+h4m}}rZ`E&L&_X}3W>B|&X@botI!Sr^CovoNaa-O$a_eIB#ONvMFdqE zK9|^>DoCk?)KQXKV9O10bV{l9&v0EL{4;j@cSi%9tdym;aqTo=_2zG>JwtMa^t|Fs zC+d>+ClkN-f+Fx=pPtR>J-h)t;ob0_e=f-weayE4=eZH1l$Yh39uDT?$|Q|5A;!gf zJnPgiBGNp2-*bgcKK2qcSdJ^_hlLhsU$ZQmq^z|nX2HeO$WvTKfb;R&)|>i>{PANa zUV90ct`y)s|Z2@qb#4*6vBb3vt^exY5Z^lei6{1O!7nLl7t~-vyz>TpVtPpAjgi?7#gOIR@*ClzPf|=0 zk@P$Hh^}gt=5;$f{koH?-c#4;{%ML6< zZ6TLb6StOkP474DBjjq#3u}y|WOK$3%Z7y4(LbAcr3lQMhhV_${b@S%7F}bzk+HSh zAciGZq71pu=^4qLJc<#-Fw(}(mq0EU1P>zmcN@xzE2IC*%?qs{sSB*bQES%Ijr4qoM5vD41Ni|9K%0VXf z)-1qt>H3~g)Duvf$(*m{Z`vTEBNc0c$XKxbh?+QN&~>A_+}HH}T%$PpKP6?T4x=7i zm&8q#l*o|Gp2U2NFhsY|G#P!b7a@tOk;jykHFN`)aKwP23+^L~n8Wzy^7v8B3>+X0 h*-#T-G;Po{-OCHF0yEL+7u{b7L49WjGs6Kgc^>5S6J`Ja From d73542d274487cd8f302345994f988fe3b8032ae Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:38:45 +0000 Subject: [PATCH 269/487] Auto-publish so-nginx image signature --- sigs/images/2.3.10/so-nginx.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig index 3b273662c101cc3f4e6687ae94871aca8430cfef..fc3010155a7dd1003e589947c09e3c921dba20ca 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS>*r<2@re`V7LBIa1$==5C3r3dwA?xzoE`I=+{L~ z%Nz=FqFyY`loX;C=k9sKGd0!`jEH=JMW{xD%Tw^qX8~MKjqC%VL|#e$$+zBB^MW0( zunqOCOnLh{>%hWN(RuQkPCg9a+?Ojp*Ohd!IViDl~#C6T8LEZ$y}kcL zQt%=sXfZ=-e_m95z56%rgtLfj+W}yK`O+VL)LSF5=D$pt)Zs^SU=ACCR*y={{d6i_ zsd=o@7uTMSF$s!7!W{12cNrcmFq~?3M`MTdSRx|je#jeJc#1fyL4*3=A$NVBg80dU9N|j&* zw~C@xFA1<3RCIwO`CjlBbsykuu8pp0<(fHCtvn+1+Wokoa=d_d<+ChPdt{dHt!s&L hoaT`kb<*{(Au+4D1UQg)$%TH`#plV6^bnOI-xJP738w%6 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JK4t(42@qb#nYUOkwDx?YW-t&ObU<39gjx@Fqv7V?@n-2NV{dk*YzfrlAt z+aOuu^z8mcTXu^#9Fn0c%`-mLN_!ZQqwB@Yyb<|?ckdoC6*Gbsr)fz_JgT6~f<5=K zq=Q|?EmQo~z#w!*fqQ*K3oC1EDibyl_Ut%v%&(2{c-gZdVa$ez!kZ$My|LCkk7^Q> zn}PgcAr{`fDA8eBaUZZiqQWqdTPfL6%~OrE?KJa~vR^lu{H`daHAmE?KtqnB=}LJy z*~vkp+IetsS86ao;@XQa%8DF#W6Nc&mAM*S&sQ?ovy@_#@RyG!1x1q?9+fXqZ(#!i zh8EeVyD@9MVzoDdZ;3HDmHU!A8+KxqYmIO>oA8m2O+NYVay^xym!!bDP&J0IQ#ghG zg!cW*4@nA+=mf3uj=p-l`UcB1-e`hmhUS-zg;M|t43D&NGYj$(cv!OgDHOW^(z>cd hvFh#n3pi-BO9ndXglKQE&*mOG*eFTxJ{(%Q1A#&Q3FZI* From 8258b782fcf90cdbff6fea3af4370fa56d552011 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 11 Nov 2020 21:39:40 +0000 Subject: [PATCH 270/487] Update syslog pipeline to allow for initial CEF parsing and pipeline targeting --- salt/elasticsearch/files/ingest/syslog | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog index 6d28aa705..2f35c5961 100644 --- a/salt/elasticsearch/files/ingest/syslog +++ b/salt/elasticsearch/files/ingest/syslog @@ -12,9 +12,24 @@ "ignore_failure": true } }, - { "grok": { "field": "message", "patterns": ["<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}"], "ignore_failure": false } }, - { "set": { "if": "ctx.source?.application == 'filterlog'", "field": "dataset", "value": "firewall" } }, - { "pipeline": { "if": "ctx.dataset == 'firewall'", "name": "filterlog" } }, + { + "grok": + { + "field": "message", + "patterns": [ + "^<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}$", + "^%{SYSLOGTIMESTAMP:syslog.timestamp} %{SYSLOGHOST:syslog.host} %{SYSLOGPROG:syslog.program}: CEF:0\\|%{DATA:vendor}\\|%{DATA:product}\\|%{GREEDYDATA:message2}$" + ], + "ignore_failure": true + } + }, + { "set": { "if": "ctx.source?.application == 'filterlog'", "field": "dataset", "value": "firewall", "ignore_failure": true } }, + { "set": { "if": "ctx.vendor != null", "field": "module", "value": "{{ vendor }}", "ignore_failure": true } }, + { "set": { "if": "ctx.product != null", "field": "dataset", "value": "{{ product }}", "ignore_failure": true } }, + { "set": { "field": "ingest.timestamp", "value": "{{ @timestamp }}" } }, + { "date": { "if": "ctx.syslog?.timestamp != null", "field": "syslog.timestamp", "target_field": "@timestamp", "formats": ["MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601", "UNIX"], "ignore_failure": true } }, + { "pipeline": { "if": "ctx.vendor != null && ctx.product != null", "name": "{{ vendor }}.{{ product }}", "ignore_failure": true } }, + { "pipeline": { "if": "ctx.dataset == 'firewall'", "name": "filterlog", "ignore_failure": true } }, { "pipeline": { "name": "common" } } ] } From 75b26fb2af27752e5dc3d4b1e2216e872894face Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:39:49 +0000 Subject: [PATCH 271/487] Auto-publish so-redis image signature --- sigs/images/2.3.10/so-redis.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-redis.sig b/sigs/images/2.3.10/so-redis.sig index 0e0c12a50515550f0029f75c092d7e553da53cfa..40dbee0a35596d5049855678b33d3a0f6e254c7f 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS|tDq2@re`V7LBIa1)O85C3GDuhW{xC`*E>r6wr$ zSysL>H$%ufXo{677gcz{QkyNlR8FUWJ8DmNzzSRhE6CK!V387z>0r(yts%M85@ysL zIv~|Bhm|N??0H7Jizx<1Kt%ZU<2m@F*Qt5_fUV}nR%LWNr`VsVIh93Aa!dxyN z-+EeHX;u7Y7M2a%-Alkl9J_aXosA0r4aTXR(+$LH%rEqt3#p+1E&r=IO*~Swzb5#f z^u=)Kdq#nAx$-z%f^?j9x+u&T>LpZtUn;xnwoC2FOL{5WdztnXU!Jy-qA<;RDz-B4oizAGI6u6@vy<{>$%C z-1OGXtwkJvvUc}E`HL44GF(d h2TMt*narBAngX!Yuw?4QHyt@l%*Sbur}8am?=0u82j>6) literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKBE8%2@qb#XGZ!V*Vq)o+gN%EBp zZ%=9(OhKp~M~&>y!55wSjB4{xEmT?K4_SwFIIdgLB$oHms>4cxhc%;nir_NUoH!}( z3D4Er!4CTAfF$SWRK%d?>A&usnVAHdj<%|!>(kC&i-XO|d!Eia^6m}l7Qp_@ED;Je zxkipT$D@*fK!iA!!)gHJEpdPset(!f@x9A=q9(pazn-G6I5xAA*Tg$eOu6eVmC}lI zHJ;y^;#Pll3bL|T5UWZG=HAOeqh}NQX3G)a%9694W-ZrmD=-pCg=19d5C|q zZqC6Wico-F7Vp>XUTG)PbsDu?Br@?rf*ueeEiS*>td2mYlBcB}c2vE8zw2SV``2?2S Date: Wed, 11 Nov 2020 21:42:21 +0000 Subject: [PATCH 272/487] Auto-publish so-wazuh image signature --- sigs/images/2.3.10/so-wazuh.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-wazuh.sig b/sigs/images/2.3.10/so-wazuh.sig index b2a38d2e2a48dfa95ac39f504add1e0e18edefc2..3e6274d2726054ba39cc68bd551012359d786d41 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTD<@Y2@re`V7LBIa1#i35C3kR8GYqCA{9qU(gw1p z4{?+6%bEBwdU$XpIZl%gwwV90loJ#AEZ>xsbC4f0(D79VdJUiifF~*d-iG5ts&mLB zk4F^?VJ_i*%xk@CB?TspT4in6%Qmbz>j*brLWQhg>wWCT?um1FKLAbGSX}rI$tY~r z_vk)($OgC~IHG`pZX<@Avc03_^3lr(gi(8o1bZ^Xkq~bTE>r+x&48W%tp?{9F}G_x z90vfl5}46Ju_n;)HcgQ&H7lX`J za=`lD3a?=t<7=Y>d$uQ-h}Mo~?ILQ5(tX}WkRK@Hs z3sNsAy7Q`;|D*`BR(^hYOt$!p*=tD6|#E9zp5T^ zMdIK|_~h8!d~7{?RDZv2?HV>yKo87+ylEjEL6=`GVLu)fi?ScV(8knDA^E8ghEU^=m?R}JA?>1 zswyIV;Xg$VzdZKMD%cS>_h>Rh0*XM#?Dp)C3W36e$7Gw}fT$2dtTF0m=6J>6BfWpt zi_}JftO)%?a*V_89l3Mx%YH1{$UB1MfE$;*)v$i0n}oQ1evCiSJ!Bt;2o?QdJaV}B zv)e$~s&bKJz+!ZFL!U21H!C%*jFNsesI6g&AQoI^wwUTKOc@X$qP=gdYfi^tkIz{l9t-5IpSb!__q%XC=vS8V=D~{)<6(KydocR5q@}tr#c6yRy*O)~Vv> z0#~3jeG7kLD)8d$(Mu;tHV129$KXK5a9 Date: Wed, 11 Nov 2020 21:43:58 +0000 Subject: [PATCH 273/487] Auto-publish so-kibana image signature --- sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig index 43ed827e08b3af93d20856384ba4d1eb90c3ad61..cdce6c15787bcbfedc86d30758fb9a521f4bc7c1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTOI%k2@re`V7LBIa1+0F5C1_W#X^pbPUP$N%w~hE zgO5d2!<`PjFK8R)h9FWU{9Z(z!9!0Tl}4WlGsbepD1KxVc{_Mqs;Rux=x*h!AXsh} z*^#?F2p0c(L86Y?vWkMrU|{UR_*V*E@8Nhn-3SAxQ!)2Bq7?V@4+){86t(qS^>(?T z(&o13*5WNH78rk%yLi+Y=l}?rTUJRL9;^ADY}77hHh~~`Q;z`R0jRZL!KKE?b|A9F zcR0v_|1knPnw<=!Z!V_LL2Ti<`zCV>D~@AJ-EZc!YEsFE*04qX8E`SiD`Z&ryIov9 zz+0QvJtOroYNt_+H;!eWSr=!nb`_#{oyMo&tNY--AZt0uCzGqe4-VfNQ+HQGHZ)fpImN6+Ve% zbEVQlZ`Lo9vk>NQ#-H<7qBZEC)0|x$JjPrF~?OMuy+0BSX&%ei71jw|6<2J3kDRBc|Qvs(X~OMpICN~dgIEY hwLO(y8YLDk1Tvo$n0Oqpy7c@T>4#KkmrSUz0gWbb0C)fZ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMYaG62@qb#>LuBJy z4!iCSO=)o4aBYks@708g(tZM2xmo-{u0_p{N6#RhAkq)Y+?uW9`4>C~i_vWaX+;(J z_6?R`bNSKarfH&iQ)EDvZUAZvBr>C&qv^4L5T-X_p+nIVsisA?{`%7F95l+S6tJwS z%=3*TXX=Z#xf!X8DV&yUk4k=R&BqZKnxm}po^k+Mmt1~&2k+BBsTvTE+rfOnYa!`w zcKX)ZQN&^B!J$J@a8)b z>cJ(&(V{n`n-3Eo_{w;qsl1>6YWdtmfdRZ9>qVT;F7saFQu+{x4O76Gb>4B{l{~nF z9_YfvXXm-Ep!`l1&M}i@U6=>AO}-x3mJZg zK(3!TP)h$dD??djKtDh@J`qaYRMb@o+%d+}_?@*SxIG?3E|O_+iA9*fC2BkgeUINXFdUOX=f|Z9XP4M{F2BtYfOJX+6Vc h5HD^F=G}`mR#xfcVB9Mi3>lcFBY(mk{eGVU5~5)62`B&n From 871f919c27621c13bf3dd35a995ec2966bae5813 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:44:53 +0000 Subject: [PATCH 274/487] Auto-publish so-kratos image signature --- sigs/images/2.3.10/so-kratos.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kratos.sig b/sigs/images/2.3.10/so-kratos.sig index cd4e2c3b9103c9bc1aaad3f10331e7b778fc11ac..c23717342a062bccecb293d4225bc1524827d70a 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTT}oF2@re`V7LBIa1&LN5B@#j1~(q6f*A~WHuyy_ zS*WwEWb?|GdU<8>DFNpGK5-zU#nF{=NY0u2?&7z4V#m@MRiCUW#0}^uJeL(nB*y)B zZl+}**;}`7+kzHDJYFCM)t1<{3fEo3IIYl9NQpNuNwWb)#|O(RBCcO65r*vEt*=;K zh2T6mUg46Z;N$AXgPP1~*Qff-jp3CK*T{6Ab`Yt~Y~jY6^d4Q$xfYfTyxK-XtmY2D zz-rC&b`55&whINv5Q2ratj8_kD*Swjs3DnB-7lHg1XWNyn_hH`o&XjTy<+0eES=Iv zL`KFACL1F!gy!O=$~U^a6|N9|0aW~Y6pzQmFQyX!gD2E56Sv-t$Oj`b?ye-hek050F%E95&VJHHYHpK9ZjL^TF+FhASEnRAD(hFA&zc;7UA1#VH9R{6*+_;j zv|bcYIz;Pf)2YmBy9u7BR4Zq^fV%SK38d-{ZT~`Bfc1>wdV=8{09V1t)ilXl{gz+8 zdPPouR|!&YG$HQVz`$b!v}F>rB|wPeDxKgmiVqpgsg2hU3C7U#87fDvvcSRYpUyBd z=Qw5v__c1E{-m7`M8FY@oYTz>-5EW^kN9Ag|3NYxXyGKvVF9uvi7ZQPXLDnI=dMdy15r{ zw+BYwZtPM*$S*VKp~Hn?wq*1?&M3_K8J^RHy+h_Y^4f5jAM(3lM+HaeVJ;&`3#gp zMT?TxJxdo>b$_={ugl$=Xg#-BC9WO6uc$|+5v`^>nUU2tlUg)Pg59}*7$Yu7;7wRI z6@+FsO!FAb`z7(`)eg+W-St%%@$8C(u#_; h;g Date: Wed, 11 Nov 2020 21:45:36 +0000 Subject: [PATCH 275/487] Auto-publish so-curator image signature --- sigs/images/2.3.10/so-curator.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-curator.sig b/sigs/images/2.3.10/so-curator.sig index 352122a6ed33340f7aa672821477ef4e19086b92..01fc6f309e719d5723f8e9608dc36f51772e3c4d 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTYvxx2@re`V7LBIa1-aK5CE@zF=|vzd_TQf6EaRW ztzc|)Ql};D;vHkvn}za}C-vHN0O)w+=0xJqtFkujrvth1XLdTRQBO$*#oStz=Mivg zntGPx|FE1F2@>?i7m)JLn!zZGd5EvtA+8IDC47pzB#-z1O~EQj0w2e{QgZuc1T`HLb|-XK z$V2~<^L1R!sCoe-flk-!nFXrY!#7E^@y%$?;h^m2s*Vfx3}yi3*j3n3NcUB0tRp4Z zm;Nv8!09<78i9ADn z?2OMyw!P8}h>`)cbgA2KoSmUW4g96JBCTgN4UtZ142OPgffN`HWr8Wv57%Us^Ga@0 zVmP5MQo&8fZY|4tsA`@2Z%*B7a<61#NeOTljlfp{MH$=3pPF?ojtRY3sGpahtg1hg zo(tD8x@5CPNg^4bk%?dQWli;J;^I~cR5l_vSiRQ_RMyVWY}>Y6S<4iC8ige)Mfup| hDw%drr8V@7m=m5K*1esLAk@I4px57V3y7QYzao(B4^998 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKmY&=2@qb#-hFs&M9?I?6yWsn>>*hHa&_A6N4Q+_ zOA5=X$eST)3 zy<%db1JT>TxEz;7!so;lo)#vASCVXCm%FQSNIUjJ>|M+kB;5GQBsl?@C;Xl}?vBZ> hS}UTAH!T-duM= Date: Wed, 11 Nov 2020 21:46:55 +0000 Subject: [PATCH 276/487] Auto-publish so-grafana image signature --- sigs/images/2.3.10/so-grafana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-grafana.sig b/sigs/images/2.3.10/so-grafana.sig index ea003a09a73e3c69e238dab1edb9273ad61bb1e4..60964a824aa155a094dc8e32f20d0f770d865529 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTh9Or2@re`V7LBIa1$+`5C29VBU5Jq>Cjl834Nl~ z`-O=nB;}W^^pN!+;_T9-rnyBAG3A@4IS0Q z7Guw*nNx6#birZq-ZohS`w&@Fnw@E1l_N&~!ioooS8ZNnDrTEm0Mbm|fFnG_2LHUC z79$j)73SN@MJ zD(CY_MhHC?c({_W6*eTKyo<<47>@4iCUT{;)rjBYrrI>Wvi)(_ZaA=eJSY{O4< zxp7+}PZ)b#hO9?KZ5%fgXrBf*cDicYl{~h?J@k1SmUnRYAeJ8lTQWRi!8SHLxvBGE zU01jr_0?;c+ZVBKRJmyTd^@|vB;58uFEdF?;prsYD2Oy>O=9+jR99+S!|8Q;=}?{+ zFfOgQ`i2TK`LCd?lA{$9{dgVPm6?D39!Ls>20{|^tf(D7WNu<@K54RftmY)vo6^q# h`Sa_)>J5D14~MJB(nL}5A_*4WA_&;+{roL9nOZiG47LCO literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKt%uw2@qb#!EPO>6W^RF0~xHE zk;*tk1f@I{=AetNZGuo|aRmQpWd86Il1+f3b9C^m4WJjoqJ-oX2S75&=aQIx@gRAV zCSkGOY~qcw6C+pg5D}5=({W-As_EEM!D-q8ov$CxV;4E|RcL#3n!~{FE>dBJ4 z0uvnSy+GiJSmM(3!QC>i+g0&T&THwPRE}WrM!?SkqFxJrR(j!7Reb-p1O%p5;I$&P zD=ILM3m+3GncF%}x0UwVuxKnHRDdBm)HGiH+l<&^yQ9ws{DK#Lm<3gXQ+DtheInmB ziv;bdZ0q%^kg%q?0`H~ft;uJvj8LU@OpIUT63q$N?N2anN}-97!)h^~$ z9F$xr#bR5ibz6}J*Pmn^cH~9gK(~l0+H4i88Zdl(zqIZN6^_+;2>P>#Mgoai`Pnk+ zQmOl1Us2r+Q$%9iyG{Mb(zcv_{AdxUva9dQ5P$Mgbx{0R`6}!tJdygMk8u+fhK+v5 zIrP$%oaRrB`v6r&K&x}J8SqQ6^VRH5Pp31)hrDuw-n<5*c5wA|_*{OjER1f8l_)xr z^44Maup6dSyUbrK$~M`*_d~5bsL>eH=Mj?1H|7?3tt|)YT3)}|f2w)V2FT67o~oyQ hN><6^Y(|g{; Date: Wed, 11 Nov 2020 21:48:26 +0000 Subject: [PATCH 277/487] Auto-publish so-thehive image signature --- sigs/images/2.3.10/so-thehive.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive.sig b/sigs/images/2.3.10/so-thehive.sig index 6cbd0478f9034b8a3ca7d97bcde9a39859575900..9c53fc8e9d62603ec4675fd4278eea21b1af9d9d 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTq*zx2@re`V7LBIa1#pm5CEol;<~qNC6-NWdeipd zA7-@JW|_uyH)*d*DSZ`-eW)E7a@aY#kg!Db5+?wtY%4=T!FU7BVX*M_NDBWyQ zIuw^begiJ$BoVXbS`TeK@8P`oVXK-mi+SjrYpX0Wy;YiMz&q=PE1?-HafT}f5Zo)9s`6Mv?dx)EDd%`L!%5XLh8IT#y%n?wl~RaKE{>(? ziT3(kiON68DQk@N^d6Vug1-if0VSvM=$PB6Y8??Dp5Frelb~ht%FheL8XIId>O0A~Bnn zT#WS+W#YP4@NyUNi%J(CL(f?Z6X7gKSM?08p3GO~o%fxNq1a0XLEau|>g;IcZ)vVV hyl}A(ucoZzCs}x9H6O*PBTK9xw>r$k%qscA+U<}U5q|&x literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKOx z;Qb@!5@JBh$L-JLFmMEp{Wc&=JbtQ33Md;$h`T+xSfPg$qL&oR9+Sal87mIv^vOYY z)I%A1!p{E3n{RV+p>WG(d@%r=ayDF-n*fND)nPEkK7wil`%$cls;90HYMyaAKLWJ&Eq}K5%pN=)z#9t=*ZWD{X~0F)+OKT z7yhk<)q=P*B=%ov-&h|=M+H%6V`gbX5@daC$<1fBS3mF1n@N(Y78Rs)Cq?$C6_=X_ z( Date: Wed, 11 Nov 2020 21:49:41 +0000 Subject: [PATCH 278/487] Auto-publish so-filebeat image signature --- sigs/images/2.3.10/so-filebeat.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig index de2b9291246400aa169ad93b49b37b0995a76c32..b1388773c5b9ea97829d2bc564df67483cc93cdb 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTy+2n2@re`V7LBIa1#O$5CDO|b=xQMqa+n!_uNsn(G6p4a^J+Dj?bqS}x`biZT`27M7D_o`?L!zw#Q!AabRVv>yW+SPf zANX|9Rnw~Wf1tC~7QZtvWhNF^I-aADhR~)`+ahSsTelg@Z!a7PDrtL|-8BS9X_F{G z@!HLol4lC4$n^O$o8*?K7WzGfa*07faRzv|Fpq!cj%fIoSMTs-pRNk?oEk0rf6<<> z(g7wwR@pc+jf zS$)jDvaG=iIWc$@xZvfMmkB zivG7e1)t2{GH_+jlmlb@uWjd;|a(2i{Bd`7`VH`$@xscNA^JI%NH1TcO3*Za``WQ%Qzr6&lFj!89w z9fFXg6+1(vBSp|I~n#{K1M$ z;f(be9yZ<3yXz2YU_{Ok<2p<)+F;h_Yqq&aW8&--S(gewv*wzFz5`DbA`)Fkf+mN? z%9vGD!+Bj_@%CMz<EnQ;2%JR}O&i39`Ma^8lSyDfrAk&VbT0{o0+^2cHC7q{)XK Date: Wed, 11 Nov 2020 21:50:43 +0000 Subject: [PATCH 279/487] Auto-publish so-idstools image signature --- sigs/images/2.3.10/so-idstools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-idstools.sig b/sigs/images/2.3.10/so-idstools.sig index b6d914b69c9d64bb5b5bc09d08092b5110810a05..9404000bdbf5563e75d6c154e23a966c87b95454 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JT(bZQ2@re`V7LBIa1$;35BdX|f{_1{NeYV0?QhxT z>6~l+AwP`IoOrOzP!aR*^63N(eADv?M;$XAS{%0I0o*<&0v3qMm*gsUL|B z?)!emQpUYEB7d=VV^fr(KgUp|JeyKGv20*KZUCGTXt}vpRpD&V5WsXeO8R7j&jjU& zDLIWbHdkc=&<>k>a+%}c?=tbk`1tK`5$nJfO8gsP%P29tWN$O|#>@V6QI}={jZJO9@5Lf|f&`3+hQ0 z3|4aEe6Lr>Q^&8&V^2UEr4F@Pq$L+|2D(YQY01g*woZjz#Pp1plzHmO7s&g?$$cME zlSRZAiJIdYy<>$uMNa%Ksg79tDB0GbQL&h}>)X+us*U~52O_PrsUvqU~M@#T1^wI3Y)rEe^K<}-# zP&xu4W03AvJvm>sk+zoHfiOu8FqW7mPZy?l>^qA+ml_hUMcFfrgOybtI;G*Udx~5b h(gh?~EkSqJ56L$kCE`-lphZ}n*mWR&`np^lmWhrW2cG}{ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JK`Q_X2@qb#%!-0K7J*m19gKu$k5exhO<9P?Z4U%-!Zbpwuj#qn+8>K6{|q((~3X8ASf zl}(v3X4;P(r?%3X+hOhkt^UNv-*1z|U?Yv?-V*RuHcEH9ez{=2%YY42&pY`tOJRNc zQw!Es*|qBv8zK1_Wmy|o-HarcEhzwh_U9rl1pcRg`zoY5FPuC}{TcN5Lt&H*GDy1i zdmV}x9mK{cne`k(p;39{TE$8&f4{0$qzE7v4Qd=rWzy!}f0m32Q;&#{AyHay#{GgJ z%?sXOHSZi^piWtp*WT8ByB?sAQ1bRY!e%T(kUBM89aOjV3%O}cq0=i|oS(ljwdsp@ z=5=*l*k@n328LcllXrY$5s>nOST5*2isr0p5VEh{{9y*(7{|VO8fQMWnN6*~hpj*F zyAK&*M|T}{k4)gO_x#)nde}IY)=P=wG=mD5{_Q$qVi(!aa+y47uE);7ESe z*Rs7|G!636YtTo0qmjLIdjFq}oJNKKh>tp69ZjPY3I+fG From 07871987e4c5c5703533f621e2829e80c42ec5cf Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:51:49 +0000 Subject: [PATCH 280/487] Auto-publish so-influxdb image signature --- sigs/images/2.3.10/so-influxdb.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-influxdb.sig b/sigs/images/2.3.10/so-influxdb.sig index 333895fbac571a81519c71807f5feaebb94998b4..429ece4b072f5fc13abd9e96a479a98ae307a1d8 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JT=f772@re`V7LBIa1*oq5CF2SjYyi%bkkQaINS$- zb2gfCA7}js6Nk-feF^Mj8lN$QrA1UYuzA2hz$-3|QxeRE>fL`i zdnXRVw@iG(LokQnfVz@_J!mY9Yd)x$mB#rOlUppENBHuj!^uY8DV#OR?;{2Yqe2$L z&4S^T%QMV!&K5Bc-L_nWMT{-bR}l{X$7#7-H2^k^^aSeC1S<{rO=S{jlP^5q+>~pn zld~akZw0-3qhB;}z;X$tkWSeA6p~XQ>Z>wuRA=8Q<a1$K>iA`YaQ20j1) literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL2CdC2@qb#7O$ECC5T~B4;5u-US|6l-n`Qw2UQBos(!E4DZ=-_mlxMG z1UL!gig)e-GoSj3fMrAgT*;>K^*^$0X}1rorN;X)rG;N)?O#?6Y`;tIBpO_v!wK

$cyha4)4D>C1X(>Uy* zudYq8-E3XuBqO>gj=o`)Vo#yKkCCU@_!Ia04EbB6@3yejs&qtns=iwUXnY)#=9_5h zaw)X^R!_H2#miA^Z*n+@FDKmFq{pFoX5^~~7eV#>wf!67j)fgGI#W`D_LfzPJ2@ly zC8_*^47ErzjpbJ@(KP5nQ?CDb>dc4Sn#0(?l=tDNh%vog4n|@2J;Aofx3glK0w-;9jD_DTK3+pMQh?Tk!)0lv?DK@EjIEUC{nN*#}Yz@*3O?l z$DQ>*!fyzKDS0u^+3%6tl*B?Q!tOY23CX|nXR%==`SH?;(L)fT~NrGr7n5>6R$peL-?g1Y6%MFmi$f3L*di From e6fd3160ca855f1d562572cf0a8cceba33bda5d9 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:52:59 +0000 Subject: [PATCH 281/487] Auto-publish so-logstash image signature --- sigs/images/2.3.10/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig index f05889d3ffaa51a7bce9ba1ab5d34f587b0133ec..8f72292cdc2fa90038f5126f8f197a8686c6fdc1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JT{{2@2@re`V7LBIa1%R95CD`wB2mo=n}V8ju5EVu zueXlc{8~qDHY}G~d(9`wgRWEq#dcXesD+%@Au1RwspWbsbPMQ;0Wi}n>##OjY-J#>9!`X_nntprv>Gf&Zi~aw!rziB* zZ4DZTQTD`Sjmd8d+Vm3yDSn@Wk77wY(u&Cybi4IzQc}e-Ed9n!%q`!2LlUP^|5)DS zd7lwI0t;TQH^fOn5c%;Rm838vgCkNc7aZQvI-*HxAXIngVg}%HrA}paKfJ2uUa~6d zLvzHf*Mg!)%Bl~oAfgDyCv{gCVg{m@l_%p>o$~;Cz7}cP^c1SWnVK}ETUqImP>qqe zId9-3@pxW#G8twbqj@H#>>UkAUXOq%aFBZD8er>ccFA+$&N4~t5YA88IRn%0`R;nwg9 zvSe(2O~C!vMEK02aCwueV++x()2hltB=v8ih<$OB;fs2)a%eR*PE8$0#W|W=5cws* zv4{74_i$qcuA$6ZER9433hJRo_blr>O)az5|nD(GN-B>Osr zwpHV&wkwR>xscl0X=I03cUAn9W+B|p#pygZA1*lSwk*?9Mi-+9+KpIjo=ZM Date: Wed, 11 Nov 2020 21:54:12 +0000 Subject: [PATCH 282/487] Auto-publish so-playbook image signature --- sigs/images/2.3.10/so-playbook.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-playbook.sig b/sigs/images/2.3.10/so-playbook.sig index 5985fba6a84c95a346cb2d296c172b3c7e3a8180..435913a147eb915b87e73f057c0f7a37afcb50d9 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JU4#G%2@re`V7LBIa1*a85C2=Ho?lH_<*4d^P}(a_ zzy{6%f%+JRh@u|h9DR#KL1+mJJsv}s+Ec}<7w@wx4~NCSU=MKo#!2NCO~^-%M8_#qmnAME367P&z?h%{*)+1wmX3) z^h`?h8%>i7T;3+doIT1pkG(zb$`j64hhM4+pZ0&$C=)Ee+G#ak%!gg`o+^gqYOIGPbEP@onU=v27$9E8 z6D((4Z%oA#K%V_e{C~gcEOA&1_O2Ond@fpKN04exc#_Wc8Q)A@fV)DeDaQ6pzd3d| z`)1~|v`eWtk<;IgL(3MTB$3_k!S)Wu{dnd;av4%$?;V<+euVZ{iRru!ZnmPZN%i2v zO!`9C@Qp+R6K}$b`0z)59`hDGwUo0+%d|N=oOj#7*qc;7A&YYTB%Zo|HM^YAcUe|s~Bd5~rJkU0vzTUnsQ#+x42 zSY;c+!5eBc-R^r=;@>3uBzuRwy~M8Ukr3y8S&uKUCwl6)`S6=9vWOVoEW_Z{8vY*V hppLQxdrWN?u;4>si5liYU9A`Mel03T2)YbjU+B3G2Cx7C literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLLLAL2@qb#qV%DMLdO(vfw z*fPkB274QXqL$A3^I`=!k3np}<#WWIdvmHcO5>X_vbTwhug2}_9C;S%fe+>8;vmRo z^7m(p1aj9G1N?-BAJsXlHXu!!?J?5Qo5*l`xSA~wZYsnR`()%Gc2>X$dqrE!z1Z0O zrS3AgbnUUobs$xlk7BkSMgHodNFjZshVKUjEipsUYz*V#+y(EiX(u9ar#J}w%=7t? zRs&8grf*vIWRb>vW;+MH*+a37AsMgrsUtYH3 zNncX*1Nm~R5qda&%`TFTY!cdgp#pkd{K9uDSpsp&{{>VudzZC*Mh{nG6}v2T4@Y69 zs;q_LZ+m^NT+HKWuuKTe36Og*0RGfDu;c}1r7nOp?w&)W- hF554|lO&HL Date: Wed, 11 Nov 2020 21:55:11 +0000 Subject: [PATCH 283/487] Auto-publish so-soctopus image signature --- sigs/images/2.3.10/so-soctopus.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soctopus.sig b/sigs/images/2.3.10/so-soctopus.sig index b29cc5b631e37491775b40b1a8cafdb3d0fc787f..1c6483528971afc5372af22bfa274b3afcf0dcf0 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUB3Vd2@re`V7LBIa1%by5C2f9LW>%vglX0s&y!@@ ztb28WR-fsx9U<9Fg{0Hz+CQ2WWSx&X9d$c!ESE%w8jB*dd4 zfxuHn%U-eYRxQs62?YzOgdz&t&6jU^%-(>1X8zUMoOp0uVi+DGce4aI2g5AA7b0gP z#1i0mV+ysEh-PbNg1PHA+3=bhM)2m-nV4yn^sAb+nMH&(rBT~}MqAiyurc}2Y`5|1 z4=-Tl-O`A58a4IlETH$NGTDJ|*!FFe;vTZ~9^Ja`I4Nc9E?*W%k$HER)(ODNc+uw? z%N({)B|;kJ$NMa|4#%!-6ZHA4K3>kvqnaiGsXA+b#g)tq-tv*~GV0ZM6%?O<+TTQw zDpoX=tJnYV0keUS-;}O3>y>!~yZwg^-R9EZfaxCv^)fl$?g$ggZzuEOPutQS0of42A#z literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLTUgC2@qb#zT1t6c@rjn}LO@^?Uy2&pqeq7vMa zGc5yLn?{rLhn|;#w6DhqBaOQht=bS!R!>~*a6O2&-;Fzy!#CALAIPbybs;E$_1Qd-CE5yr#(^y(NN z?z8^Ct6+y4jGFXRUT?i!?O2F>7*FEwXjZR2DgaoFTSu9az02=zw#{d68E+OB#;ocT zDOk*G?l5|f*QwlMYP;Dlss)i$(N%wUKYhTC*LL=>Cwo=vPDI7P(cpIjm=We4c5F8_ zDP%TSti`#TPQ(J%AWd;}=?wc)u-UK@GK`43JR`Q7GpMm_XI*3mP7=B?@{V2MWW7Us zltjakWzuWCM-zR4EG;x>=_;ZSS92y3wCbEVoUR`l9S&UU69#3eNE(?c>~|!6^%)*TT}3*AjlWiDIPdb}cQ)F1rV|HX|CIm$ From 7ec2d852864be5335f6fc05a95a88bedfecf607c Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:56:06 +0000 Subject: [PATCH 284/487] Auto-publish so-suricata image signature --- sigs/images/2.3.10/so-suricata.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-suricata.sig b/sigs/images/2.3.10/so-suricata.sig index 147efa17420de137bb5825d9fe6dce1a1eee53e2..d3aa1fab173a02d20e6fd27240f972ec29005866 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUG@M92@re`V7LBIa1&~?5CEmeaUt&~z=0YbBaPZO z6SEOxQz*oXQ|wtXA~x!zEqe2$2F(95D5TvN-4|Wns!_Sa49~0{;jo*zk27K`NNWt* z)sh*JXzLT!J{v?Hpg3?1W||=nBprlFmyqk5LM%HnVefqH3r;x1{LDvFbW7?kWqu|D z?9qtkG>V2EMkOgyF0yaONUyB^XiJ}g9cZ|92(-FfN$BLA#uMw!M=W=GkAG+zF zxzlbdDEuz3jX@M~bC4=&0ljqok{;AbhOw}co@ky0OhR~L;rLh@xOt_xw?BVDovoWY z4lbQT$dEZL+@?@6PjGxzO?(ZViY*`6*BnTGI(5Tb-g>r1WH8h^Eh-dvi>yrx)Mh<> zh~QhX%taBxlh24T;?P*ndcT46ugzu9#_9v;#+y^T^NN273Grw$_M+!)*7IgS;4?hL z)A9wT0I^(@JH+YyX>RBeqet&LO~lJAR60#FDiJ~(NAW{PMuQo-rh&9I-rIdjpJ&e# z8r@hG&05jzQp0L?`ohiloUpO9b;VFT1{^f*bBkS_%Zk#K&^rU%%{oaj$dz@mob)<= h!0F5A=IrLDDA$4M~>i+rV|Lw$~cwdr~N!Xr|#x|h3n8OYo7&$-uY zqq)FUB~j$0MaNTz5P|P6w^u|B42^t;HfSOr?f?6^sANCsq7mB_dP=eBlc%|gSJr-P z2fkPr=-qQ7mvZM0YriB~DcuEeMTM40aRQ!n7#F}ZOe~B8NEKe%J)&YlkFWtB>{?*| z1_b<>Y$|-(wAv5pMZ0KC^f7!|y+3JEy zF^;96C}Oqa7WD{y@HgMfQ&22VpGNmj(oi&;q`Z hfr?Y$`4g6yTRl~SNp3I3E%ed+ Date: Wed, 11 Nov 2020 21:56:53 +0000 Subject: [PATCH 285/487] Auto-publish so-telegraf image signature --- sigs/images/2.3.10/so-telegraf.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-telegraf.sig b/sigs/images/2.3.10/so-telegraf.sig index 698642eb4895287fb278196845ecde92d997072b..182baf172fe0a720c378927788b7b840a40df6b7 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUL^nu2@re`V7LBIa1(r{5C3vkqo^dAYrM8Q62wt3 z7>yUnF(K`;j3ekH3r^vnZN4dw4@#&2dd2ZxOCo&pgYfN6@#G0K4`z6H9^b3k$SKh*=Z7v z0a3U9bIwKxC`@U^UDK)oHZVP-(#;)WUQX#;oRXC;o@<899{OMOAI2qi;(7Xys(0lQ z-eYX8h8Bv;omEJ*gq3D%K;ahwB}{f{a*kq7wN#Ss5;D;#vHk_EF7iiU*CFHN8U$X^ zH*9j7!4WQ8Yk)SdDQ2$B&Ffg?H`s>wIGw69;|SF^oxp1}MR}FMdSkw_YI-O+n7_`) zD+-kavXh#Az(?j%%otOe%{3uh8!mf>$5rWXbxO20;f*uchS+}@pu4Kgmi&XqfVPne zN?b?Z2Jsq2u}*j9?CK#Cs+43;ciLUK&`Y81GCWY_VJ(r4deVwb6_pg!m$-?Up8vXC h%`4UhyHgJp#wqB8`_q>PlJ8eg$u4Lq{cGPY6O!Z;2@wDQ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLiYd)2@qb#P_;Y5`u}qiMmscwl6VEu59a#p*{5255lUdTkZab38t;6bxs>CX0!oRjoix4pP2)~w>a!cCaZ*U3{#{P6RM(Dy#Jd5q~w9^sl+ zaJPb5sHS7(mA-(y!uYmWc^QP8Fleb5ocE;EgG1lhAv^)gmq ho*ow^EYX3I|Aos;YR7lq#{)S9)m++ Date: Wed, 11 Nov 2020 21:57:37 +0000 Subject: [PATCH 286/487] Auto-publish so-pcaptools image signature --- sigs/images/2.3.10/so-pcaptools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-pcaptools.sig b/sigs/images/2.3.10/so-pcaptools.sig index 6df84a60341ed9b9a00297b6ff0db9d39c134b95..99142e4fec37dcf87b3a3a7e33fa6268d92eb46d 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUQqxF2@re`V7LBIa1-y#5C2BvRwUD236~ZmyQ?Oc zF-{^HxWXVZ2pYx}QU?9Kwb!Z7X@fqAd?z5XVZgf6oUOitln-BJ)&&fVTrkHKL z2hN$y5FYQIAYQSp*!enlGoVVPS)yJ8IrZuvib z|Cy5}U+uY=iF4U?3|AJQ>I?`R_k%81ATm-%(fOc($7MQ7#ezWAteY7k_*# zC|bN?2>ht`gMbS==CL1Ea!HT~FwsVZcPt(5w$n&uqGt3b=b`-+Y69iXD`Q?f$n^#9 zUX0MQvi&C|@l77JI5>VqgtDRuKRmTLoH;2{9UsFfKEdXDSYwZ|4xk@(5uZK)(%V~! z=TzsZ;2=nC?|KH9gO8*V!c#T#vi|!f-t)|4VxFd2v)c#=!|B7-U%PM(^MSW7eRA_K zO^nwiz=|2#wnsW?G{U^>K3tk|1fc#+D7)*9r!@k(T=Q8$k@X@oXHu?e`JfX#P@H{C zbU7G*$!UDh^hnGioeKbkF@DyjH&2hfmvjhFs%;`}2y$v8@>&x1ISC~_E=mvH{soyKH57_fxGL;OJfR*OjTa>l5M$)x1o+H2 zLDG3obsWEY-5daESMIj|%xtn2^q+=i>gv|J^B@F_LgNIomw z4(}{>)u&0?As+wY!+D;VLDKLac~n?YEXP-sO>>qm@(~gS0t!*cyQC%t@Px2uM(hlX zE46~nRo+uN1z=~U=CJ5mdC_M{t3>ZOSD9Y#%(MHZnZ5%1`f6@H8>*7{!!Sq^MB>_M z*u^l&eZR`3OjCdh>C;96r_`|YWiqY`kX3^bKR~U36T_eg77Z@89F}oRqPz|dp4YP^ ha@nC*O?7>zHEH}|3^do+w2}0rl&&^~2SFI2Waq#^42l2% From 4106d88338a7c49fae61deeca96e2b6ea113b2f9 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:58:50 +0000 Subject: [PATCH 287/487] Auto-publish so-tcpreplay image signature --- sigs/images/2.3.10/so-tcpreplay.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-tcpreplay.sig b/sigs/images/2.3.10/so-tcpreplay.sig index ecffc15b9b0f72417c2a56a4bb63e2ac72c5a8e3..f0b83be492495e0d06dc7fbbc976b2f8bc6cfede 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUYY<32@re`V7LBIa1(5e5B?@^AH}$(r+SR6zBeYc zFFAc$86Zmm|9h+c-(p-)M=MVSsfepQGb@3u-=0_xh zDp%WFso2@6H+*z&FF_H-vh==YK_?ar4nbDSmZE7mx* zhcoxq(?MHldT;6{mYK>&f~mSAAKA{c`liu6)lT;iwA$WSSEoxGXVf8X*_OX)1IAyS z%m2wwG5yaqzncZ8`KFnkYuU+wWf&`y)%wJcr?6xh^eyTF{OVpG(r{zNzTHV1zxgz= zcdq#%j%H7%(#KWU+aksB1jyt2hdzkDd z$Qic`XNc+7hn%!x*i5Bg1M-mZxp~nno-X^lnf#eVCdUJz=|7{3-P%Ks_Fz;zX=BX8 zqr1l2xHfUJO0XfvxftLz&`^L>SWnH3=uq2*h0reZ>3BRfA0>I(0)Jr9fM%c$x_We# z5HZL48Fes^Z$w^X_%J4~*wo9GX-c9#?sFoAXAF(6gT=WSd!e{7GH>KWqAc0E>}vXk zqjj;r+>!-187}nK!;fsh*(>!T`{7c@E8rgRXle2g0#^RSX2)^3uz1{P&!$=9z_5E literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JLy!Op2@qb#UXveDe$Rt`HNNoc+0OX7mAvT~?4fqgALSOMl@Q92>qrJ#ok-e^5L7^Zc^)%U>u z4KRrg!zqSv3JbeAiy;}xZqH-|B?+V;4#hyNj*mz!E$=H=G(2io8I(2v}EUFN2{*# z;Q62G5+kmWOPu1Z`bz5fl|=x(NLj!!yv(?8T|r%+Y_CuFsCH+9ZIS^6ojDH4?He)H znh$_<8@t%mhVdA_Wep}H_-``5_Ky)s1KgUXr|a*wztl}&3^U|UNlYnP1=-Avp+o{Z z50CN^hMUp)PfBdz$G2Obr(hyJ!pTZ$n0_NAYo7WbbxWw*QLSpp4emYNdmYS8cJ8T% zLc$m2AM)Sp#E9KKZ5Fbi|CoTZv^+BSJY=UQ<9MY`NHJ|bMgipc$a++PbOBeN=#%P)Td#_(pmT#Rd7?LxY#Z~z26Wb_iq zw2ked$@0MiFQ?b_+H6)E(7W#H^I$XQnM46bdtF$c1kt;3X~LoXzc{%P6L`KHl0=RY h^ko?JQH*`%2eFa^3B;g9;i-0RF(2jaB{?J4r&!eU34{Ou From fb70e1e40cc8b04688c6d37e80f55d19b0fcfe1e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 21:59:35 +0000 Subject: [PATCH 288/487] Auto-publish so-elastalert image signature --- sigs/images/2.3.10/so-elastalert.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elastalert.sig b/sigs/images/2.3.10/so-elastalert.sig index c2a596cfa8b90c787eaf23218fcd18614afa55fc..a05951e076fba76ed112bbec2391b2fff4394248 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUdI3m2@re`V7LBIa1#)j5CEaUB*GXu@Hm=vg`n43 z*-xx2hp~GC1G3!I^rSyL88-Y&NeSO4&8?B+nsQrX{;={A!5tDx8ur82ebTv%fECDo zZo=Jl=9g5-0OpX*B7_AFx4ITP;ztV{5iE*bXLP|}V=M&4D2%-crpUpfC^(&R0j^r2 zC5QjMCxgo8vBK8u+~a(ivI5BwNywz@oplYrIPp3IJ^5jq^ASme)^{x%-86b^N}b{- zOpiDuWK4cu*iGtY1@`jvl+*S&yv_CAI;tZ&(W1YTji-IJ@--Ex(eHkCw4t}#M2B3H ztC{DVz4pTwj1k|j+oZj0phwzYUdI6BS)pg-)c+7Fr;AD`pCyZ@e|q!~Znu0D%C~NY z!S1u5@>e~t*sTqX62?xNy7|`CN~ejxi1WZmg+X!aP~v9+>5lyhGUPvq8o5x0r2DGi z*g^$PM;651rYeJ%pp_LN##~1H{7N11UK%aM{RjQx?7W|+nORwm{(Mc`i12rd#F6H< zOW@d*y-pF5yX^q&y)+nu-jsqo%ZL#uP7u2Mz(S1If171ML?-y?EBd1)nz6Jh`W literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL)8EZ2@qb#!I3|2D;5PXZSvB(6H*LR_N)~$sGWt1R<-8~B z0`!(9nL%PxjLs@sNmkb+h$z%>$timZTB6a0GI`^Y<8UkY)0Wy zAsVBa(EGU0%LTIw5qD#ALd=yTYqHu_4@%kHz~K*jXza06g&SQ{uP+tcp0vUp)e>L4Uq{YJF z=ZSn|rp4muOHh6XsDcNrm1AoD}Esd0J54+> Date: Wed, 11 Nov 2020 22:00:41 +0000 Subject: [PATCH 289/487] Auto-publish so-freqserver image signature --- sigs/images/2.3.10/so-freqserver.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-freqserver.sig b/sigs/images/2.3.10/so-freqserver.sig index 4c9b9bf23819f044ff59e448b6c3635f82a189aa..d636a1ce821cb3cdf3c82a638e0aa3ac71081974 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUkLyT2@re`V7LBIa1)YM5C2vH&!?LM8{~q;Pe$$c z(j$qi+ZeWY1S?0kNdMGg+XAvtC7>{*A=yEGI4HWimk~BI^ki8%6l=SS`X1-ejI}bG*NC0w z-(q!D5 zvfUW&U}8WcWUX(8Js=+m6aPQ^V!A6}GrG;^aEAbNwqRe%w_?c<3%mdT literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JL=XT92@qb#P5BvzGzE25@c>_i=EqJI0 zzZ*Re60~IDI~36wdVjDCFr7Z#dYtiLkS!Al@`nseWA;q&wrPm%CpjuQaVtP{L&>he zYqG%$t_-#F?BD|xN0^li0GzN`J?Yt~pHW;`IW5u$KTfROKRNSGAhDy)_Ij}X{;5>g z+AmP(#Jl!tS>SS@Bw2jf>m}(N|Z}2bY9U7S@}%LS)k;hX>5``OV@j0 zZq$?hdsi__aR0hdJ5IT>D_dj0=jfrlJ4xV zsGq_BUzlbDBPQuXdHskpJ`3&l(H&SQ2NNr*@=ia~2_eHU@bS55Kkee6ue#yND*GP` zhSyCuH_dqckEIQ|I21~el1jnvBe{#hnHiPDQB1XASkdN4k#J$f?hzRhn}5zjZ|-&P+NbZ$YrXrb*fi76SGd2@x{W!(X84{fE)HRadl zNiN28HSuX)m5fE-mbelx>Q*W5^sHU1&?+RJQDUh&VrmB_j`o*Zp@5n>DQ4^3x&MWHqIf$3{9EMP#Y*rt2V4LE From 5c9c1915f1502f326319e754e37f173e5ae63a9b Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:01:41 +0000 Subject: [PATCH 290/487] Auto-publish so-domainstats image signature --- sigs/images/2.3.10/so-domainstats.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-domainstats.sig b/sigs/images/2.3.10/so-domainstats.sig index 26d19a98122ff8efd39e1f35adb6837a0e049eca..694630c583cfaac01b44f2c296d75881add683e2 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUqt{42@re`V7LBIa1$6i5C2xQou(P(i28ga?ZSVa0hieA?$R(-7wLb{-#+6A=8+Tcr70qt^e zYmQGQ$H2zYpKY>J4Hp?y!U4b;ib~V_I%8!&!@0EqAtFM~MDcE~BD&Itq1bB<&RW3p zD&l`sd^~V$WsvM|GH}zvCvgGAJgdo0K3I2#0Q#4Gj@DYFR71_|iivkCJ;s(}|FB5= zbW3=>jd48Q@;|2O!Oo|tCi?zO8(5uM-P>X z2M&I?;|RUXYCPG#`OMf~Jvd#O*sf?WAGJszpPiq!nado-D1;l~r8Z)(@)q|V1(;n; z+}-p1`a-jN)*tT)(;byV?l3Y^9+}i#JlO_m?-NW5oJ!p{=0ZPEwlRiY%!lhn>>EU1 zck!{_R|ro6JMsI={HN-`G7wZnUmNRN0@HMPp-(dMGS_XPXZ)AbMxamB!r479F+z{Di zxh1DNGw9t|ic;E;PWH`x0STu84piI?&)gou2s1b3@Zld1{s8e4>I*iWYbVO}F&-=< zC7W(nzSwiEYuHZ0qm*P=$yf9kJ?9<|U@=}p{Dvu*?QCmk3i^Tpcyy-PJPFp!5r&Hr zR}}Fqks9u2zguU#k14RMluw1MPuVhPZZ)7-9l%y^^J|TGT1I*(-nuD@EOIp|9Nqji zx<#?Ow3x}Wa(a%3-SOr|YtH&SfCHbVnyjGvKrBsC#d-19M@V~VE+*YkuVG>=A1Jqi zN#w!1z8qn%mGq+hDliO;#6-_}n?&}A3e?`7*A{JCjZHV6qbVml@8#M>uf&UgyS9AC z)#50=g~NCL-kcbMG~pMbYTXPgBb(RDn3qIP0*Wd96(rL$)47B^GW1=5z@rJ1=TA&n zFRR-@kQS{z<|ySx{{-(t@TI{MN$^Dtb?-{qI(g42L?9A377fXMx*PZax;dRc{3#VU zp@4tgn6v=6zI7@RKKpHH!*kQmAGe=YbL7~?f+HADIyR0! Date: Wed, 11 Nov 2020 22:03:08 +0000 Subject: [PATCH 291/487] Auto-publish so-elasticsearch image signature --- sigs/images/2.3.10/so-elasticsearch.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elasticsearch.sig b/sigs/images/2.3.10/so-elasticsearch.sig index 6878dfd6d69c0a5344eee956c83bd4a47d5c6b1a..305c8cd6ccf49af5d29a06e17f467d76073fe5ae 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUz`962@re`V7LBIa1%645B?%ZSgiZ>^9-s7^}A&R z*9H{>>&s26rUAkAmhysVE|gNfZlgYrm{T#6d}tQ4ao0Bg#}3P32)RDPZYKzy^MfH0V)Q1A*5j3hXT_XgE^*4`=Z{-XmDq+4^MN)q^KP@M$e!gk zmfp;5x@*q_YhK3<=BeTDzZ`+bsG+NIxpqvz-P9k=iOGEu=W$w&NQK+ z)uZ71o@hb1Dla$h7+}0(25~(Xpzs%c8eXxbYmTapIRkS;<)rbSo|j7?v+6Fim@vtZ zL#!yfLm%>7;IYdcktb43t=7`_8*iA#;#uv{BM_4NVr+<^vO*d?<(@wmAS(%+jr&&$ zON}S1RSsIntCgi@+5<2_hVdlgszJZaZ)Wac4VtoTj2WC)KJa4>#Ta!3f zx2b&_F@{E()Q^>8O=6VdNLM~FDP>5@9ulCle|O1bs>Sg8DYYWbk*e-VVM6JXuKun} zL(;{)dxGGWMIBPk86xXw1JK;;K73vlQ9w?&(P%a6_Fb2jBST}SgGIRTKE&4wAK~($ z&?$?Yl3b0JDti+sqi$|oeE1I?-KT+4UQ`L2fp71N`8)_tpzvV>Ytwe8yJ;S-{TrR- hP&^@*IxeFu#@3T39Zg**!l6~0phQ-XO4iuV&a$5l3se9A literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMEU><2@qb#=mSg zkSEnRQhSMMs77}y@r@^7OgU^Qwc!oBOw^!)+CxrlpMK((ZIJZw=WfJbyJI!%Zr)p8 zg!=6(`2DB7+fbMFHp&R$f%;x(*MPw)2rKAVXw43o9A%(ZQ=*>ktCEAGjUGK~E>2%z z*(W;*{inJhR7U?6t;#M}U;LQ{Ty}$4?ly{Vu?ZqgnOwMF=w_B(%r3Njb_9@0{0Oa4 ze?q`*Z;Fk+t3!~rqC%oT2-QrjdIF1wA8@(L#2}G?2cZ5-R<^>Cc;!8<8-1$&c zxOmb)_Rq;?kmn}z<=`TdT=!WV0vKK`H{_f2Iops#dx865$8cr5zlp5Iwqt(&hO_!> hjAjv7Zj_k|B29M Date: Wed, 11 Nov 2020 22:04:36 +0000 Subject: [PATCH 292/487] Auto-publish so-elasticsearch image signature --- sigs/images/2.3.10/so-elasticsearch.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elasticsearch.sig b/sigs/images/2.3.10/so-elasticsearch.sig index 305c8cd6ccf49af5d29a06e17f467d76073fe5ae..34a8c11c36b2d5f543f14c7b6948bda18151e02e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JU-SS92@re`V7LBIa1&JT5C2S`3)8}s!)GJ-47cGD z4;~we$^@Zs_@UNB*tXu|ma!hH(x`g((oq3ba(GA1<#iGQ1sy}f9#y+NzDO-YOo>cB z?6~-_fRpyjxZl3N&RKrDlh=VDqsR=)JwU^B!;vDf*n%08G|8HoO8&yKwO&7#sg#O< zBqO8HKD?KY=Y-^U0n>k#eetdQKJSZ=J&=pUfoi4rI-So28VyXKhng34xbXmU{HsoO zStfF=8{xCq0q&hES|t`S5D5m8q20ez8Mz>yuf9rdW(MJv(8p$d>ND=V`5J>(qQASU zahwl4Jgmn=WfF7YWmc8>0R-Q3>$gKqszZ(=2Z8_9WMNaQT%}${Wk-tvWxZ{#pkik; zMwm8n7)AlHp(y&+jgR2TM-&eUR6`gBxhUdX`(2VU0I4ZloZ_j3I~7L#bi5OH0iubL7;H4Da#45$)Ti$LX+IqciSPK)ZYdVxcl+2+b!tAt%~@lo61lOggq8! z*ayMeWivhz2=;Z`R0ct68L4EjIOesDPUvO|kfEHeagA)V@R62eb!CXs2Qp$Sda(UO huUI{|D|D(k3@%ku?i18tR*R@wLA!kDv{B2=k=P+V2A}`{ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUz`962@re`V7LBIa1%645B?%ZSgiZ>^9-s7^}A&R z*9H{>>&s26rUAkAmhysVE|gNfZlgYrm{T#6d}tQ4ao0Bg#}3P32)RDPZYKzy^MfH0V)Q1A*5j3hXT_XgE^*4`=Z{-XmDq+4^MN)q^KP@M$e!gk zmfp;5x@*q_YhK3<=BeTDzZ`+bsG+NIxpqvz-P9k=iOGEu=W$w&NQK+ z)uZ71o@hb1Dla$h7+}0(25~(Xpzs%c8eXxbYmTapIRkS;<)rbSo|j7?v+6Fim@vtZ zL#!yfLm%>7;IYdcktb43t=7`_8*iA#;#uv{BM_4NVr+<^vO*d?<(@wmAS(%+jr&&$ zON}S1RSsIntCgi@+5<2_hVdlgszJZaZ)Wac4VtoTj2WC)KJa4>#Ta!3f zx2b&_F@{E()Q^>8O=6VdNLM~FDP>5@9ulCle|O1bs>Sg8DYYWbk*e-VVM6JXuKun} zL(;{)dxGGWMIBPk86xXw1JK;;K73vlQ9w?&(P%a6_Fb2jBST}SgGIRTKE&4wAK~($ z&?$?Yl3b0JDti+sqi$|oeE1I?-KT+4UQ`L2fp71N`8)_tpzvV>Ytwe8yJ;S-{TrR- hP&^@*IxeFu#@3T39Zg**!l6~0phQ-XO4iuV&a$5l3se9A From d650e68472cd24119ab79746ea2037ab0256ed8e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:05:38 +0000 Subject: [PATCH 293/487] Auto-publish so-filebeat image signature --- sigs/images/2.3.10/so-filebeat.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig index b1388773c5b9ea97829d2bc564df67483cc93cdb..7554662acdd76b7ae934f18576a362adb8dbc5f5 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JU@`y-2@re`V7LBIa1*N15C4BKM&8%>F!Nle@bBk! zJ2HIA2dQ*~M9)$Q!4dci4J;KCMEH@3k!@*2$?>M#6IzJ2U^Dh3J?}!v9($wtPeCw4 zf0Wu)>kHGM3Z~2Lw$R{c4KynJ6xym*z0x*6?=nk8K!$ZJ2mazLv=xhH%q*9wgV`?^ zzYRy4OZ<3wab3w-qqYsBg3^b9kHT#YW>p6B_(qwBS1#*3OV+&!zn~*3%t9fE9MWVi zG;)0jgy)8`WrP?lpcY!xJ^6xKlQ_)X-8lhl4sR--TYeB)eIpUJIR~G{oMv8fn{Ljo zP=X|7C9rt0NAThk$NdJ`uh`Tda{eMt@jMQSbL-I{gZd+djNmV%8cE*QyYoLeJdgk^ z90_P*XFO{vNJHfGG%qJrSw12|h*K567FzM`p!|@Ko6-P$XSs?t-@9R9QR7MucAu12 zF32Np;Ow`uLG~i8ln7w${mddt$zJb6*HW1Watxas&gssns(xSf#Thp}q@-i78VlUI zlSc;l0lfnyJM6qn!*pz+n!_uNsn(G6p4a^J+Dj?bqS}x`biZT`27M7D_o`?L!zw#Q!AabRVv>yW+SPf zANX|9Rnw~Wf1tC~7QZtvWhNF^I-aADhR~)`+ahSsTelg@Z!a7PDrtL|-8BS9X_F{G z@!HLol4lC4$n^O$o8*?K7WzGfa*07faRzv|Fpq!cj%fIoSMTs-pRNk?oEk0rf6<<> z(g7wwR@pc+jf zS$)jDvaG=iIWc$@xZvfMmkB zivG7e1)t2{GH_+jlmlb@uWj Date: Wed, 11 Nov 2020 22:06:47 +0000 Subject: [PATCH 294/487] Auto-publish so-fleet-launcher image signature --- sigs/images/2.3.10/so-fleet-launcher.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet-launcher.sig b/sigs/images/2.3.10/so-fleet-launcher.sig index cc6a2d55f22b44c317f7ae3482dea0af57bd9a4e..723cb5f081c26955693546dd44479178777a3ff1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JV0Qot2@re`V7LBIa1(`25Bv?NWnx%ciHGB$k-6W! ztr`W&(kd^qDeU=(m}p~^OqX5{P4wxjNZ#6;YX@G_VGjDlEy*orw?=e`1{sCD(!_TZ z+vzyMAn&5;R&?IC#2Nqa-tANc0wkC>yBb%Phkjt+_&B_+XuIqqNs=yIH80cmm0k(; z^AR{UiKTN|g&uhaTQ4KYWC78e9BPGN?YGPF1S~^f9o{U_u;_Nkr^#r@pm&h`tlxCMUxh4Kpfi07D&$x?@${@R8_#GIetnqjiqhh0J)JPipVX@k`MSYjxHd>#-3bw4WwC hliTr8CTMEH5_u;UMa|@&C_r2BVHP=4#b~Jh0YjZl`@#SK literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMR5QM2@qb#YHx2kb;ZUHpI;UTW%$-g2E|%X)0bnKsp+&qk0|+lI={@qK;47WYT$zu}AJrGKp@B&zjNJ~_E6 zIOLr4B)0wR&*%dldKGo4;i`1Z))6#GKAIrG$QTn3q|?J;Dv#7CBBhuQUlbaI1i_tO z>X2VO)|yYy$-f(@+T*I!L(BR0cZ3w%9%7}`3-@x-W0Yo>a1CI1u)W`uyn(4o=3Efi zY~(BI9;x^83lI;V3A}dd_&82M?(mA`8tG7I!qCFN+aJ0hRpoXY zB$3OS;jxD1pX*)3AET8>+{KL#?FllWVHeO)B6I?Sa_u0Px}0b3DfQM5rglVcuVZ*thh zC{ACyT1L;|u%nw4WutOf=uhAm+C^v07;{tM6mD(`K`#u8g)CH@tdgFx6C{lUaloH0 z?aYC{rENTX&()$ym)PA$IX%A*uf~(2FGKT~-9fU|Q$rwsp*jOw>-_7y-u2_FCe From 3ccd8b40b2b9238deef6fd2d6c0721a9ebdb256e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:08:21 +0000 Subject: [PATCH 295/487] Auto-publish so-kibana image signature --- sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig index cdce6c15787bcbfedc86d30758fb9a521f4bc7c1..ca159f29a55624895eaa97422500e633efbfc1ba 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVATK$2@re`V7LBIa1+T&5C351?;I;d$e3v<-%!lj z*z5eGJALaInBX)|ct-p7iT1wMUe^Mexb+xp7)e=2CI7Q<14_cH(rn|Ag z`(~Dj5*DMjK^uIS>+srTYPy@7kPV*V*ZWDy)_ege9=pUFpzuZN4EtDlNwNKc$iEdi z1RmfR4r8&K8#=e~xwx=qA}V*y|MsWZcFOBT9drQVYUCF6(3%FY*HV4ju)-Rb)|d8I z7f`GS8Uv%-nFOU+8qy9K)w#J`0fk?rJPooBdHES<=8m7ycE^e(iHUK7BVg1A^etrr zWcF$Qn=pR}g(&B`o&oEwFL98%^E_oJ_#5Ck2g&1Gke^8BLb9j)8Y`L9`}DG`s=lgz ztkO+0$If|!<8BvSmQn|29{3tBvI(VZ|Fc_dMmRVr(#1cn4c?o){A220ZXX|G@Y9AP zDP+lO>&-!;(r(6iycL-S1+gq<+<+ED$UnN(g<8@Aca07FZ^WZra-H+1j0YZmB&2s? z=z)`w`b&a!QV~)teQ;{B##7pAS+M_^&TUPd#Y(Z=Wr5EqP*>4NUHJUvk~a%hdvbHp zeY~5hUdg#JYGB(?T z(&o13*5WNH78rk%yLi+Y=l}?rTUJRL9;^ADY}77hHh~~`Q;z`R0jRZL!KKE?b|A9F zcR0v_|1knPnw<=!Z!V_LL2Ti<`zCV>D~@AJ-EZc!YEsFE*04qX8E`SiD`Z&ryIov9 zz+0QvJtOroYNt_+H;!eWSr=!nb`_#{oyMo&tNY--AZt0uCzGqe4-VfNQ+HQGHZ)fpImN6+Ve% zbEVQlZ`Lo9vk>NQ#-H<7qBZEC)0|x$JjPrF~?OMuy+0BSX&%ei71jw|6<2J3kDRBc|Qvs(X~OMpICN~dgIEY hwLO(y8YLDk1Tvo$n0Oqpy7c@T>4#KkmrSUz0gWbb0C)fZ From 0dc7c8b0e784a2cb5b1171efd3db3ac4a1b9eeba Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:09:47 +0000 Subject: [PATCH 296/487] Auto-publish so-logstash image signature --- sigs/images/2.3.10/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig index 8f72292cdc2fa90038f5126f8f197a8686c6fdc1..410028f602d5322732e202a231cd690cd8176793 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVJZL$2@re`V7LBIa1$W!5C3VFzTDnzRfY5k%(k2F zM92jHNDd7=9~Sj5jKEzOetr4#xON%afupFit<&iRIznn6+a?RHgQeTIe4_Z-Zw4PC zt)m~ts!lJTE2cuk=hGDxO&a)Z?YU-#^^+FYc1>esnkrXq>Fu@Li#9C29bV(FjOvo` zMWXY99d*qI6I#9oP z2^AuF-QIA2i!|5x$;L;-OooMN^jx|XnvA$1rx@XrlB_pSk7-&dfl-0Bup<(4zrx|1 zD&0fu{s_p@^y^0w;~R3bj&6Omqp?vzFi>mR!1?f?;c=tXdD-tuklXJG1;mtqiY{kr z9;eoHVoL?r>`6)$l)i%x;B#Uo3N6`j;WMu*JW?K|^0RdFz#YuTi}tv2IO>2)nhin> h*bC0}Ughk6!_Nxe`$XR0(gMgy##OjY-J#>9!`X_nntprv>Gf&Zi~aw!rziB* zZ4DZTQTD`Sjmd8d+Vm3yDSn@Wk77wY(u&Cybi4IzQc}e-Ed9n!%q`!2LlUP^|5)DS zd7lwI0t;TQH^fOn5c%;Rm838vgCkNc7aZQvI-*HxAXIngVg}%HrA}paKfJ2uUa~6d zLvzHf*Mg!)%Bl~oAfgDyCv{gCVg{m@l_%p>o$~;Cz7}cP^c1SWnVK}ETUqImP>qqe zId9-3@pxW#G8twb Date: Wed, 11 Nov 2020 22:10:44 +0000 Subject: [PATCH 297/487] Auto-publish so-strelka-backend image signature --- sigs/images/2.3.10/so-strelka-backend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-backend.sig b/sigs/images/2.3.10/so-strelka-backend.sig index 9f20104544df067c1800d3e7588facdf7c3595d8..137434bb8d31316b0a259ceb8fbef1f98326ffa5 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVPpUb2@re`V7LBIa1%9;5B@mTO+P-r_exj}R=&yr zYVS*_#sp97^+FZjPZ$^wx0JasJGT0tG$^h7^ zdI-P37PH@(W{k%${AEk%?7E85W`N;5?E7Dofc16Aft&O+3NQ(A<0g!@?#X5bDWYg_ zu{aSy__q-K{bxgYWUXI6s|^!z6u__|eJ~}bX7{KUD&gyyknD>@sNu^7SVqP0h-sV7 z;zFO8CWTXVwL?+*M!p+5eZO@ev(Ua;%w2}F=Djz*9|0rZ!5CrTRl5R+Fk;#&*PUn1 z$HZ?SAp%j()F$&fz`1iRpWbrcJHb7JWS5?wu7E{g@Og`RwUyw=+d~@hP++HBFFUvr zuR(&v+T6>77}YnGqCLVxE2=1j66w2{ij;ISQ>0lHqFZw}f@y@E12LYm%Rq4H83yar zT}8`(&my(VqNgapD>)p2`DQ+_wDW>}eMQvzpv6dAhn1Fop$$ddPs6+E*?$vGj${Az zKBl(S@ZGWsxK~~WkxrNMXBBQ>r#L3be4VqahZ9xG)84lf+ustZW^&k|?*COMpc7~3 hB~5D(;`qvfL3qwDQEXaboj%iO8hza;EebzRVv)HS30?pI literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JMrZ&E2@qb#s^Gz70IzF)i5;K#uOOOXlt{>Jtn>8EUYsE~56`mCrV zF-eAEh8cpUDFi*Axp7Fm3^Ke+kxYe#7g;n)Y(iWa*3+ji=WYfXwL+WrE$=z;qRTz&=>$592v;@8MMoaGEy<(23y#9SdC*vNNF>APrJBW?$_aahwDX!ZEPXPleuJ z4J<9i6!aPj5m~|^)R&Cqkmc*tR4)_!+%U!>)EJws6&e6H0rycn|VM|v|OBAn&FUfi%5MokuM--Pxc|80hlZDfZZQX zNoJ2ZNr{o9o2L0OKM4yQ|G3=9rYCk-c&Nua150>JLP*-AyG$~Q%p!cYPTO^J2hC{d z^V%A?6wN? Date: Wed, 11 Nov 2020 22:11:36 +0000 Subject: [PATCH 298/487] Auto-publish so-strelka-filestream image signature --- sigs/images/2.3.10/so-strelka-filestream.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-filestream.sig b/sigs/images/2.3.10/so-strelka-filestream.sig index fc1e993d31797786456c6b3b13841aace8e65caf..79a829a76c261e5d9a93825b8d47112b0c00dc74 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVVD342@re`V7LBIa1+W!5CD?UcVLX+Lq{}d)p>ob zs<|+!8E*XXbxNlv$#M}ro^uXQWAmv8 zYui0e9k_f9wnjUxdg1Dj#31NnOb^+dbJ59Y&*QwH**@dPSMDvMtnps%koK)vZ&r20 zv2*#}@J4_s6nUfv<}R8y-ua@es*VfgT)u!&%@`Y~Ql|L9u0 zH{k(#%Q}dq{5e8%Pr-RS zUrVm0HvutlZRAy8zh6w8>8c&8z?mj)`1`B?dfBhU?7=k&pU0qSRY3o47F5nGQg&Nj zOCFG)ex{m*A!??GUb%jWUd8J9g?3Pj8@RecSS_9ZoQrH6;B)gi!q;3(5XjzDsMds= z{Qd8q7FGsI`d!|qGDvt##H%7*yisKPno3-*u4XER(aU&1=C8OsF?ak6nvl|7J9Y2s hX{t>Vj;oTcMT#7O73p+4j~7=ieF*?fiS#SW0>%`YsOW3E<$iU7O{4}H zs$z+hvVo$(2A+Xh2kjS$dl-|9ktmfbJ=Xma044~Bfx2B-MQ=q2w=Z&dd^+LBIZL32 zN9E$c!&1oVmx~XeNOo|>5?twQ23OMX4Yq<>udm^Ag!FdroX~w+Bbdk4{<3hDZTLPP z1k8)9)I@a9&lF|*rsHIezzPCqbi88(ggL5mc;2e59J-N(P7tR{dYFj{ucF^}CdGWP hJG-JtXR13w>a^obQpe-Qw2nc2sk^5|b9?Zy5>Sd@2BZK0 From 88b6ae1b2f8360b0c3f71e6254a742c1fe48aed8 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:12:32 +0000 Subject: [PATCH 299/487] Auto-publish so-strelka-frontend image signature --- sigs/images/2.3.10/so-strelka-frontend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-frontend.sig b/sigs/images/2.3.10/so-strelka-frontend.sig index e035c992861dc902fa0becedc38788302f9e5ca7..bd26ecd9ee43070a7826453a639c8ee250ae5d60 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVbA~y2@re`V7LBIa1)X+5C3^_wP8MhgWgCdY*4>I z9SBqs!#m(+Npm>Ad3Ya^1nR1efFRGU*Q9gC&h^=R2pu0u#4GBKfrZZnS1av~BGdeR zv2-vcneUgiZObf*bXGxOPp;Vjg3h0*oPDE92T2arVU!4d#{X|a`k3f~_2lTcd>g>h z_Co{W8(Yht)o?#@F1i@`xUD={;v*aLb4fhp=uU%{STuvZm(E|)jVT^MAc$v_yQqJ^ zT?56li>_reLrd`-!G&;rB;uw_Ga&P;^b28bX~2mp2INOQ*&jXp>EOa6Td)OyV$Pb;P*&|;_d}u4*K*CphVwfrzAqJ)?CE19yjYPbnOw`aXiJbIUC%M(S>*D~ z(6iKaTtgpQvNDrDN$El`%GXMdw%6UWkI;0@x8yhW1{4SIlq;NV7_r!zs-Is~e(t1% z%>OwNa?ARo_nhIIwy+Ein(`d_l5IHhb7t?3ILhEj1!+^8xi&+Z&8wH%@m^BWkJiPW z;RTfj+-Ya>1wBq`+c}WOi|=1#U5%J7-ATD^Tu zviBXzvQu{5Q&lN7O^}P1O6$v8i9VmMpHgDx}>RPhNUy=z@jqwD=Z zvQQQ<71n)wiA|~{`SdF>y6k;u>EO@X7c(SYWzUT;ctZH*G2NV_%07Dn&aAyDQ0yks zBTdnX3IV6?&n|vCcVd4B`_8(6F8sNn2$Gs><-En`ufJh4M6-@0VSguStz3rXaz%RV zl@`7;zq{%l3_v4THU5loGx!oAm`k|ndSa@sd^29gh29K|E==1<=M}909^zf8J$Z5& zU|N{;lDfi0{2Fo&wXSPxOF-WD{&P{t^}*)--VE*QKA9Ey4&`pjiyutDQ*Xmnyz=KI znga2w>9_Wg!T}1$o(OCmn6=)Mh>tTJC++_CFTimpAvkw1 z+n{z6oJ9(3ggV;a*~i3V`Q%QgeL1Tg>r From ad0ecff8c53df0e7c3bfbb5684d21de26cc25310 Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:13:19 +0000 Subject: [PATCH 300/487] Auto-publish so-strelka-manager image signature --- sigs/images/2.3.10/so-strelka-manager.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-manager.sig b/sigs/images/2.3.10/so-strelka-manager.sig index fa2248204ca22676629010f39ae9b67dacf5896d..6250ac29f48dcc262e78ee837d2bfc19b04fc60e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVgCRM2@re`V7LBIa1$!K5C3qRG{?{eL131VcTEVt zbS{EoEZih@hyn%&iuByX)p941Ib;3K&-;I;8(=BnTMUF(a${u|%hR#B#yK zd57u9CJVR)P3MvoD?-qkqFysqr*#`)?zolxJlOTo67UQMnzMAhESn=^qbB^#Io^Up zG%4$0c_z|6=#`2n5K1KCT|oMKECabVLBw9pph_=Ch08S zzZ4t^xa=*%0LJ%8<3f;S#ooPJY9$7t0(dhC-8m;QKN$NYov3LeVYV6Y#((#~f~e_f z%HhIW>F+xJq90;|T9JZq3{y1KFnio55#kyNP7W@Cqvs#8hxEgUSyB6p(be_kg8yRA zG&KC%HJZZ;cY)yQP10m5Y_$&;4^Jbx=bg{KGTfo-Eqxn1dU;Fwd90#EVS9#}7zc=g z6E~g~j5k(wi5f_AKLxIq<~$_c??P#UAh=~IKU!?Ee-qt{BSqK(^h_c00INp z3)H$Pp%gS^9(;ldLodJYJNKgczRD~p?Akf5gwCZ~d4Ls*7Q$-~nCmgqcLX-DHjVC* zlPO_Ltb-lGgNw9Hn=854+<3mpvL5w!!#Ocdon_!b-O) hlsz`^H22vvV^&%xHYl+9O|`adY!O4Um8j^(*a3&!0DAxc literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM*9E?2@qb#VZSlJpiZN-&p^-0bE*)bvQbqQfb}oh&Pg7G|CmfiByBu`rc9hU#3Oda8 zqe4;Viul5>XI>L;n<-DI@VuESo0Dvp@UW?i6=&y5BNuepHg1A>;xbq3S-)!>uArFr zt}P+X5tt-tisL}3d7EQ5#K9$3ReIC From 5fd1fd9b0dc3266780cb914ba0abaad7736dc70e Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:14:47 +0000 Subject: [PATCH 301/487] Auto-publish so-thehive-cortex image signature --- sigs/images/2.3.10/so-thehive-cortex.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive-cortex.sig b/sigs/images/2.3.10/so-thehive-cortex.sig index ade63ad67bf049c29f286617fc0cc265fef43ff2..dd49ffb9d77eeb423130f3093f2c124baedc4098 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVpjkP2@re`V7LBIa1#Uc5C3nX2WUnPzw1AfnwlQ| zwU2hrPo-`=p&Cj(nSZTs@yz)lk_YD4*n6VaS%WRzrxJM!tKFw`1wmAipN$e=-k^HF zE8*WZRd|>EVj?mk%>#?eLr0ifQ8zp;oO!~5WndHpP=7%|Gw&e+8IA&gRw*J2M#ip< zv}(xA@s!TE5R>Y21(De6d0kcN>M0AuhN#WX%y0;^#TT^W#-P<5`snvo_ctgv>1v4M zpOvGARe%i>`_sIAm}y~hNzwwc$b{JW116)C^pQ1kN=nY^*@f#9M( z*^)Ga4vyZCqs4xRS}Ot9Mr&W)7VT-APCtbljZBzCrnGUj{Mb2793DizVh?^d2sYQl zh;zUZ1)Ytipgo|6FtVF02?J#WsibL{q(1aoNwgif`pFc+SN6NIlof=WsN?ZaGqbC( zG;>?CHxA2QoEjSwN0fJn;_;g}5I&Mq$YyWDUJi3+CBg<5YK@D4AfHds==MA6UDVZU z;;)uODrHrt6G2HsFaDo)whR$juXzgaaTg~jytO$X8!%2#@ep~bA0O3+oTM^z+Pf?9 h=AcXsVtd^?8kBcut}XK8OeXkop1qA2wxiDVWM~Qk0viAT literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JM^yj{2@qb#HZKYBvuJ7dhHj=(ipN8S<2sRQLX1AYPuC~5ZU_XRzP^WJ%vSUJyTX$ zU@{3M`Cn2`yYnAT9)nMf5>PL|Z3ndbw27&OXtGVtM~~GWffj>sg3OZAO{C9c1Ls_r z-O-N(-Gt>Dpc4`a}RMnrASj`YXz!go~Fp4M2l zs}M1JC|HPT8pP^GOe#e72BL0oSlmIiARC6RY^)C;o(9Dd%6K-;myt1%&zD{gs=H0| zdIRD7C{&C)kf_6%1*-`#k^UloEwUeZeu`~D>i3Wk`d@Wak3HuI@ zAk0D-OvW5@4VMe0nW3%;SL=j1VP)u4-|kxb- Date: Wed, 11 Nov 2020 22:16:06 +0000 Subject: [PATCH 302/487] Auto-publish so-thehive-es image signature --- sigs/images/2.3.10/so-thehive-es.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive-es.sig b/sigs/images/2.3.10/so-thehive-es.sig index c05fcae3449a2917dfb1ac701de7e93e213ea8f6..ca44118126868c212ea6f8c06d26da355eaabd00 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVx|BJ2@re`V7LBIa1(K}5B?~g9s0Ic*IR23uJ3aE zJ`@rbXr;OyXxUxL>e`gBkFb4jd~2wD0?8<_>cO8*?ER&)eQGkHTsNDvW~)d!YyZ5p zkaP|RB}LT>M8i>B&zk>kL~M%{-;n#molpRP0WrU7si=9T4-JmzpiME}RgDO+#VM4! z;FKw+FI}=*Qj1&6l;IBS|I2-^ZX>aq*74d>X_5;*tn3WenVr=PbaYwSj=i63`;h~U zqwk#?CYXb;;BZMzei`^PPB0oDidOx?Ny5f}^Ers*3?wkdl?j^;e4G^%Ox||%mAsDJ zrD=0wYR>tjlei{MkeejM;rJ7ll@$|R5g3%(7+1oO(bTMr0(>4NoB=kDrk~>-cLUSz zq}HN1g&)id7xfP^OHxu;iZPx}Q@k~Bi~fv;`p97Mv>jh*(a$^N0jb{Pah-fx2X0W( zzF;#mogBqbDBp2bNJnll6;BBzgy$Ot(?)-vQJ;e z6O1Nwkl+{o9vzOoG&gQ!N?;<0A}6ylx){lVbb5>T?Xjr6;#T?pvp8+232E`w0dYPI z+Yl50_s(>V9q^5duC6cbyze$T6LJ-0%VgsD<>fb@)#hF8mRP?O~T;9_LN-9$hN>Qc%}2MMBU^0-*o^ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JN2mY_2@qb##{(K8;0XZUM zFTof2C1{^oz0Xb_xXDLDz*T)>GvQne@X0dy9-wl0H;BzoaGRBs^F8$~^tD@us#NYy z%5{~;Hz|L=`G$dM5e%3Q_t)1w|`;JihR91wk(&aVjA;2uS6D!QlE0^Lqc zi~E%5%FRC`%f9E1W?7K6MOFW~bGgRNLT>gO;KOzQfEIOJAHKfKcA5j;dr5K~L=`Cc zzYK{x@`sEfOQo9Mvt*c^IM4icnFYWb6hIv6mANOHqxW(*%%q;ynK3fZQ#;UaIQzmut$bgX^(24<86mW{pD_za69maDVL zVmE@m0_!-V&$@VRS0L3%jxE^v1EA!-{qZxRL`FaM$25Jy=HF;-ZX4c8{$tD%=l2w* hVOp>jvopZi$Y?U%ZutrALv?*iYS7aPizEIe>0L5G5H$b* From 7ef2056f1746b53817fe15302624f957da918a7d Mon Sep 17 00:00:00 2001 From: Automation Date: Wed, 11 Nov 2020 22:17:26 +0000 Subject: [PATCH 303/487] Auto-publish so-steno image signature --- sigs/images/2.3.10/so-steno.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-steno.sig b/sigs/images/2.3.10/so-steno.sig index fa11864ce214ff161cabcfbb3b94440331a98f8f..c3d269502d606c196f09c23665c5c6d649aeb134 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JV)XzD2@re`V7LBIa1-be5B@&ZGYaig&7TH%VqQ?b zRM-&UhM_>*45}(k(=2=rqEzA^0A{cM&ovLCXL-azp+;bYe&P_8Yq_uU6z{j0MuN(I zVvu|;3-3NXa;pF>ZbJ%;`dzH$`xTg6jVB!*f2wwywW#+a8)=x^G$q4IqviNxeNy~h zkUCO*`ZFL|r%%RZZIlBGYD^9UC^xxj4>%jdg5L)gKDxssw>1*Kh}Lmbjd(Y3KEk>g zr>Tn7m~zQf@l6i7@AnugQ`5HH|?^XLBK1-fcrdDA7?UZ zD0W(fBB8SzItaNLKrPU5RYf`9g{>l$+v_bm6a0yri9wdBHB(B$&w$5elH85Nm^y?U zP?m&Xs*l688?F=%3JF6L5S$^+0h>g-k1qOZP|_IIs55C;v9aUIBu1OFt}Y_&?Q>xg zapc<&V8FuJ#@VSX(xft$6<}#-BIYlT%>4+1fL=+HJTRwVB(s=A%|BbTVHcCCq` z)W)xgp_T%8{YM!)X7Um!urZQP%8QM}7slDO|h4AIJE#4t5gq0+W h3fYEF!*2rtdP5M2+BiNg&?0{Xyrsbd=)M9=CUkW={dWKW literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JKJNeu2@qb#FbJts*}LDRaNJ@D;ZC`fyYEU~vS~k3csP#6B7j%MJT|Q_rcd zw^zWTeI=3@KFs2~Gu>0OA{^$S(05ul0tk4OQ(ibdFxCpBO zz`6B*S~YiY+?z*`HNl)7-@Ea$v{VZ-rwJ)3w;bLu3>JfIT&GDq{JS{-`3Y)I@>v52 z&V@F;Ke#cEaaF??#bLn6-qc0J**=g){j(v7c%&TSLze=NR&auL7fWB8d(0Pk-Qhxb hJL@-;pGTj{C&XrB}*46=06}LNVLjX7;Y;aXU{c`{S From eb0b909cd220d29e1f23cb149ce99796a7592e6c Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 00:41:23 +0000 Subject: [PATCH 304/487] Auto-publish so-nginx image signature --- sigs/images/2.3.10/so-nginx.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig index fc3010155a7dd1003e589947c09e3c921dba20ca..725f0a1ffd8f7f6f646b68a53fd82b28721b186e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JgtGt&2@re`V7LBIa1$w55B@Vl(eC`kRi36Q%-)DD9HJbjdFV`OqL}?rHhvkJYuH6ABLV( zhVq}!m`0McX~Gn%)Iyv_d7_@wA+GCnSh6;NPwi+8#RZvp?LKSWryaMmK%zc_eFP)3 zEqREQ?j!UykL^fMkYUs3*a8S3GG!u^s{mDHm}A2G2iNiIfz+XNo8GsZG2io-5W0og zJ`#<5)15v>_Pg#oZCTdUT1N-RcX;4053BE%Ws7h3(AbY6Td%O1guy>r><96J)?a=+ zq%g1h*(!`=P%B1t?nZ*r<2@re`V7LBIa1$==5C3r3dwA?xzoE`I=+{L~ z%Nz=FqFyY`loX;C=k9sKGd0!`jEH=JMW{xD%Tw^qX8~MKjqC%VL|#e$$+zBB^MW0( zunqOCOnLh{>%hWN(RuQkPCg9a+?Ojp*Ohd!IViDl~#C6T8LEZ$y}kcL zQt%=sXfZ=-e_m95z56%rgtLfj+W}yK`O+VL)LSF5=D$pt)Zs^SU=ACCR*y={{d6i_ zsd=o@7uTMSF$s!7!W{12cNrcmFq~?3M`MTdSRx|je#jeJc#1fyL4*3=A$NVBg80dU9N|j&* zw~C@xFA1<3RCIwO`CjlBbsykuu8pp0<(fHCtvn+1+Wokoa=d_d<+ChPdt{dHt!s&L hoaT`kb<*{(Au+4D1UQg)$%TH`#plV6^bnOI-xJP738w%6 From a2ef12eb6ac2752d86ee7910e1982ce6ce3683ba Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 00:46:11 +0000 Subject: [PATCH 305/487] Auto-publish so-nginx image signature --- sigs/images/2.3.10/so-nginx.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig index 725f0a1ffd8f7f6f646b68a53fd82b28721b186e..51589c186e3d29570eb42189c15918b8d9f9eaff 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jh0_2E2@re`V7LBIa1-$R5C3p<%gKLFQ62Xei3bX* z6Bq|gsz<>@#yQ###6NUKQ@4=x0AWh|9|t4}lzC`b7>Nh3RxdiE?M~Ba(%}%0XiyETlR5wSr#6q$gRN=ZXu zrm`By`-`VI6bd?oho2p!P8kKG`Pj;xA*AyLI7O;u-Db@Y@8!jAIQ+4|kIBS|5yWf4 z`<;$=xK2i?#aWMvQ#J?HMFF}b?FsO{@mszSl{}I}S5L-&Mig6-BBoND@P3)js7hdf>iKwwUCvT%f+AI3k)*DwEWJ1G|T1 zuAFxVs)KHI%GGfCJ&)1dK8Cuz5*`-{sGDC3Rplhd&UH8mRr4 zly)zb;yACklOwzK-d;!!`Q%*zCPs`EO8g0U3D;78vFNIHwWa42SYRHx{bQN-Fg^|X zZ^@!kRCeA4J!M42a*PCeHvmhB6c}ArEJIA&(Tgw6B-N^WN+KW<7MgjLnfR hdq~!!JHP+^1e5o4>xWkP7=xHP3}j$ex9l&$TmKGS1AqVk literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JgtGt&2@re`V7LBIa1$w55B@Vl(eC`kRi36Q%-)DD9HJbjdFV`OqL}?rHhvkJYuH6ABLV( zhVq}!m`0McX~Gn%)Iyv_d7_@wA+GCnSh6;NPwi+8#RZvp?LKSWryaMmK%zc_eFP)3 zEqREQ?j!UykL^fMkYUs3*a8S3GG!u^s{mDHm}A2G2iNiIfz+XNo8GsZG2io-5W0og zJ`#<5)15v>_Pg#oZCTdUT1N-RcX;4053BE%Ws7h3(AbY6Td%O1guy>r><96J)?a=+ zq%g1h*(!`=P%B1t?nZ Date: Wed, 11 Nov 2020 19:49:25 -0500 Subject: [PATCH 306/487] remove size from gpg sig --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index f5463bc1e..b8616439d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -958,7 +958,7 @@ docker_seed_registry() { exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].RootFS.Layers' > $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 From 94ab77b14dbba3faf39a1b2cc91164b6bdd2e3c1 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 00:57:45 +0000 Subject: [PATCH 307/487] Auto-publish so-nginx image signature --- sigs/images/2.3.10/so-nginx.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig index 51589c186e3d29570eb42189c15918b8d9f9eaff..1f42909b3e25cc21c222ecb80b8320baeaf88b37 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jh=~9S2@re`V7LBIa1$rh5C43XMfEQyn`ddIfe%-L z@s}(};S{37lnw91f{Pr70sdHRl9(;D0n_fM-oQZ3w97p<^!s5&2;zYyjxNIZ3LpSG z2q@o?ji8g^{M#2Cv|SjCsqKut5Ap>NU?G>qMP8&*Z0b|muyD_%WCyr9Jh(%;v5dUbNX+J&%uENVaXPndcTkeK0KaJWX$HR)W{!g^%*p1(qP z%vAJmXy~9@Tvy2vG|AG=2qd50LhCW%PH#kTTL@|gA!nXWYl5zH@ljUl=_vvzAT>1&-L@*vk_~TvoS-iONx>)G=G}3Ml)_$l3 zC<=cTuh07BvDiiUaeoIc%vQyXy^Ucja|DfS9T*rJp4wo}q_3}H0kaCL>zL`93S$5O literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jh0_2E2@re`V7LBIa1-$R5C3p<%gKLFQ62Xei3bX* z6Bq|gsz<>@#yQ###6NUKQ@4=x0AWh|9|t4}lzC`b7>Nh3RxdiE?M~Ba(%}%0XiyETlR5wSr#6q$gRN=ZXu zrm`By`-`VI6bd?oho2p!P8kKG`Pj;xA*AyLI7O;u-Db@Y@8!jAIQ+4|kIBS|5yWf4 z`<;$=xK2i?#aWMvQ#J?HMFF}b?FsO{@mszSl{}I}S5L-&Mig6-BBoND@P3)js7hdf>iKwwUCvT%f+AI3k)*DwEWJ1G|T1 zuAFxVs)KHI%GGfCJ&)1dK8Cuz5*`-{sGDC3Rplhd&UH8mRr4 zly)zb;yACklOwzK-d;!!`Q%*zCPs`EO8g0U3D;78vFNIHwWa42SYRHx{bQN-Fg^|X zZ^@!kRCeA4J!M42a*PCeHvmhB6c}ArEJIA&(Tgw6B-N^WN+KW<7MgjLnfR hdq~!!JHP+^1e5o4>xWkP7=xHP3}j$ex9l&$TmKGS1AqVk From ed025851cad44a146f98dc5dff401bc4545827c7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 20:13:21 -0500 Subject: [PATCH 308/487] Change soup for new gpg verification --- salt/common/tools/sbin/so-image-common | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 92562847f..46f2d4a0f 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -15,6 +15,11 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# Figure out if this is soup or refresh +if [ -z "$VERSION" ]; then + VERSION="$NEWVERSION" +fi + container_list() { MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') if [ $MANAGERCHECK == 'so-import' ]; then @@ -98,27 +103,27 @@ update_docker_containers() { do # Pull down the trusted docker image echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.sig --output $SIGNPATH/$i.gpg + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i" + echo "Unable to pull signature file for $i:$VERSION" exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].RepoDigests, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].RootFS.Layers' > $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i" + echo "Unable to inspect $i:$VERSION" exit 1 fi GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) if [[ $? -eq 0 ]]; then # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION else - echo "There is a problem downloading the $i image. Details: " + echo "There is a problem downloading the $i:$VERSION image. Details: " echo "" echo $GPGTEST exit 1 From bee829697e64904f8945cdbb8e1a92847b2412ac Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:10:11 +0000 Subject: [PATCH 309/487] Auto-publish so-soc image signature --- sigs/images/2.3.10/so-soc.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soc.sig b/sigs/images/2.3.10/so-soc.sig index 981549c4a49d3b0d1ee8f5b5a0e7c26eea0d579b..56218b69b19626dd2c1a83f172db8d4f9f7f6f40 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnS%fd2@re`V7LBIa1)g65C27=xL6?FUFo)D=dIR~ zWnhCqHZ+Eg$#x@>BmIDQ;>N>6ITSt>-Zt2C0J3NA0)WWGM$Po*s6p}(1FI?~NBPEvJLq>1jdPpy&XED(2vzDQj_tu^vi zXLeG7vZT~m5^R6Lasl0TVUV?kM}iExnj#xq)e5E?&P5nVaKE9fp>F~`KRFSPWUep} z4UuP)=ehUD5<*PGx`VprGtk7GPOD|)*`u)hx4;FJeEhuP(NHGTuy zJ9)vv^W0GTsQkRs>G%Vh{Gz&L6N^uq?&xiQ8Wv^N__k ze8p;BsoSA|wEAn1U~Jxe%3f9v%p@p2qb@|;9(`-~+&9MX>bIa|Bfki#t?Gm2 hjzFUJb9tn{OG0Ee&Dl;Vv;E>vwq6MkD=fM7fIc9C57+2@re`V7LBIa1$5d5B?}--5{J+s^yd7=)+)1 z+3}c#ixF=x#%#4nm{C+!D<^~$bAiA^l2mDQ>_CK}4js+}wf4`LIZg0T%ytN0S&59k z-2ZMfB)XRG1D1hU6l^iPseD`=*My0YR!e$cPTwndZk0H{yzARXOKBJ=D@+z*Y}mNL zlhLt$sULy*Rr&^>YmJ~v9#iNogx!p^IF1CX(FeHnj+j(=!w%xgqf9h{qp8gB*`wZp zGNUI+8LFMF<(MU-WiWDruZOlflhM-eVKlhXXP>4Rwsh{xk@2=859z|+8us(tu?r6Y zQtm@=#kAAtr9n;&`%)@y-@ao<6kqCv1c@Np}; z>-j(1jt8Gi6U#!%3VX#ORrp&4wj Date: Thu, 12 Nov 2020 02:11:20 +0000 Subject: [PATCH 310/487] Auto-publish so-acng image signature --- sigs/images/2.3.10/so-acng.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-acng.sig b/sigs/images/2.3.10/so-acng.sig index e22b6ebf14e9c8786f69cfdfce16f4b434ad8a0c..5f2f413ede033fd972caed3354adefac8c20e637 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnaBVN2@re`V7LBIa1#k=5CEAUI4;UK_({u>+z|I< ztsVzdzOSPT#{7rlk@*xl(%J9zB{=|&K;Ea>cW19o^WDu{d40ww%{5E7xPF{h1Ws+-{Ql2-wBIZuX8}(w{$iC@B_hW$4fX zFPnb;-TMgD;zlD}q81g1NmXqdDoZF!Dkhl8Oc#|;WS#1{e`oq29+Kdjq$g7EYzvj` zwFC{@*56p|LzUn0H!kxM$9iBzqf@L{t}4VpFsyC`6yM83kSGG?HSaF7H7II6vg&pe zmxHW4j}H$zuhS4@nrMBG4zAgYH@gqPfV;J`lFJ`kg8(DE^VBvjVu3$DS`!^%>Zyy hLO8C2Z1O}b{Hj3#FFR(aR2O2}_a|iN6}y2CWDKQO|0)0g literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JSg8OC2@re`V7LBIa1%)q5CDQ-q-j_;MEjBkh;LU& zmvVJYCR}PO*&6-UvnBlx#|%Vf=5Fwf2j|dH6qhZ7rI^Ng&hv5`=BpC)+NQAgU4vG|W#D{VmVobvV%PFyiz1RuDmF(CF)b|q*CA5ozEnmQ59KmcR zCqKg-uJK`aHnH(U?sEfeAGld`HUuxpX|V!VLshe2V>lHbu3z@HXj|0{;53*fCUI~@Vd4ddNqY&V8Z$8wf(Pqjld)g6hU_TX?n@hyiyXZJ{y1{ueh9nbgvT2 zG<7@yshf}El%?X=#k?0hEPIAn`pI_2K~<3LPnjd3(nJaf6PrWA!S<TMZBgv(V!F*+{_!b;-TkOynb!|VkXz&8>Wfn6fZ h6hzgS9SzB@R8%HF8$93a(m$544poujS`jJ-Jz#kf_ Date: Thu, 12 Nov 2020 02:12:58 +0000 Subject: [PATCH 311/487] Auto-publish so-zeek image signature --- sigs/images/2.3.10/so-zeek.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-zeek.sig b/sigs/images/2.3.10/so-zeek.sig index 9733714a270f8ea9e2149d3015b3eff81fe2f4eb..f88f86a0ff9134af5d177828f37b55a6e9318bc0 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnkoPa2@re`V7LBIa1%v&5Bv-$3yQ*jYu_V}m*Cqk zG~IgUCHfiSuipnt2Ot^_ZXs1$V(FUY=s`*@!Q~ikn+I^Z+gM|szU^J`S8dA25Q=4Jrlyg(okiL6~iQCT)s#*Kqe??ebtaU7fDsqAOSR3 z_(~%cBd-b$pg&pbPZew(msIFs$NH`*X)%Rp{GOaZdLJcRx^C9?Sg>hP5bkKu)~;11>};iJNLSfcKlFYhLNcptaqL3jYCE9} z-JuTYE)cqmPqipx;yebTbe>H_oA7NO%)MzGZUenqV=MLsuX@QbuatJf$68>Tx6<`U zMkUa@1G6Fr78*wpDZ^Qe@z1S??K~R@367175*AiuZVLoeClUbv;|x>&+L)-M+>eswSQf2`;=pjux5~`W6S|Y4xV%-V9bB=uj%BvYMP5#u1 zQ{N`qeIe&%@^WdYXx0Ghmj}ac0x>-s7CnS_pUXcfae+SZ(Y68b`p{*l81jIRdYUgS z!;CYsk_l!BV}7&g91yKIt@rT`TX^#y6_I`nWCK#WctNO(0`TLG&Dc9~2|E`wUjZF_ zy^nusKG!y$2hrPk?1PimyDntm(n_&Vr9Y*MafjjC&FU8K^Emhvu_GIBeHb* zM1&-$NJJSAHCO)Q;(D>v;D%W;#uX^eSi|vdrTl)vhT0^I(UiVH6<_O;a|kkNRYVr# zu4h&RF($Oa`;$At8X4np9=Fz6@C0fK53X{v($U1L<^i)gkw#cK3ohN3@LbfXEUC5d z5yySGsZdC7?eXXmICPUzKZCW*7-H9vZOt3Yxdf*4mV!XRfhJH}-ghT&247%mS6(*w zX#WN*>nw&=N%U;IWf{G_%TC|1xhYaz&u!mM?L%>HI_w|FszRx7&k^*o2FrM{z}{shvrs5?|FF>m1zN4!^?F^I}5uXbo)@_QdE{{8>} From 42fc0add5ec8ee6c818c08e37834ac89a50bb0ea Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:14:08 +0000 Subject: [PATCH 312/487] Auto-publish so-fleet image signature --- sigs/images/2.3.10/so-fleet.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet.sig b/sigs/images/2.3.10/so-fleet.sig index 7fc2f3ae1d134c12bc29d321f83532a232f3d876..33afe07229a1f049871bbfd7227e4f012cf646a0 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jns5LL2@re`V7LBIa1&c}5CEMexO~vCnKFwor$3J+ z4rqfOUWJ*sH7i;JUK32j-%s?vvnX1DP%%_3pPsxXIN&f#bRX?Grc^jB9tS{e>@X=>bo%%RNKG?>(d%=W zrs_~(RNMyT0C?(RgpWESA()q$@CJ{aKtp)1(PAZYO-ZCX6sULgS{BX+F?wqLZ zH)I|`n#3wM=tTNH_PwtDun^)%TonEnl}Z+h7ADuw-+ATYPl3926ybWCEc9RBSz~hZeykxHek+&cxz}&!X zTPTMb?YE$S+=~tG$<@-{Hulf7l+fX-HRc4n_y04CD^x9z5yL@tYP7@sI_8b4#G zAXPQSWkg&r{E(dmAB@1lE*~6KPL?Elul>lPi_CKWn0(jrgPvic6BgMQ*d#vA+3A0J hNYDr@x(o}@`EUziPT5B|8%ff(qQhr|=F>*;6{0atUTT$z+6P+9rt^swv z<$>I#@MmBy;~uTGX@~ES6*cZU_Au*zkQAQ3WJOj!;s$Cd4Bw0 zb^)_eHntO{K;W0Ks62gAk$nS+@vvf3(I>sEDR`w`dMXMh3(mR5Vsm9R+-h7@17&Nf z6Oyv&B}giVq~Rur+Bxwz7Xrrey$DTaoL+=Oakrk2*HSoh>Y ze3)h0*M@yoa20~i71L$M1ILnnZn7*YhW_}KcNBn4vnNmfSbne&*X`^I+5w5-z8)6{ zsPe<><12R^RAh!^ST^dSFrt(hx9M3`a!lN3igHU*YFY5(53W47SP<~VbzS Date: Thu, 12 Nov 2020 02:15:06 +0000 Subject: [PATCH 313/487] Auto-publish so-minio image signature --- sigs/images/2.3.10/so-minio.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-minio.sig b/sigs/images/2.3.10/so-minio.sig index 1cdcc81cee2cc25dd19e6d22c1e90ba81f0e4cb9..823b0105431330d0971f5cfa00986da57b065181 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnyLT_2@re`V7LBIa1+035C3xK0L&r)f{xw9nCu?D zl*M;i@F-^y)BrQEM%s#G6|IVGjzZkrYEN7i+8iP{!?BI~3bvwX^Jj`?K}P*Xz+-my z^}kPTce!@78m)Fs-RmWF7v{k)yNwlto!q_uVNp?JoGg#XFXUJH3(@B9EK5iZJ&fHh zBaZ}}i4^W$yPdGRC|VvAl+sg zT|glW*#r1m!L6c7XzOj}+t=q@>IBqOBN&dci+FG(5U{y*if}ppe$?pz0lu8 zbBrM3qCs&n8OHEm_5^N#L1kpoE2^7?dXQNd1XZEfJ%ZKyjKuW;c;#M&rZOd;f$p$#D`>5nk literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS!@6b2@re`V7LBIa1+ZH5CEVOP8b`az%xFu@#qtc z1RS%A>*#v@D*(%NhALM{$U$5aa_=0{7gh=tMGB^xD~J~gVZ-rBnHEwkTm4z}M>!Ee z^aWBAV{#O*?{VdZdTH;9Z#>S^$0g;`aLzln&|(e~+Ni z5KP66gPLmEJHn^UEy2a&cJMo9lf~+e<8`m{1izKRy5YFpiBrsXjfzj>m zVHIl8*8kym;D2y3lh&Oihu3s6eE`CchfnAso6&6iFjDM(&6bf6Y+z4V0PNEGS!u!G z1%1|f_-R&+nF6JXJD`p!9xT;7bq!&Bd!(VY;sn_O1Dm2DWKDtWrOa5)#un`k0;xQc zFHQQMK!4ajB2%54WF2U#kR+wfyN6U#y;Zpk>DpaNJ2A%Dc hJxJBH0A)#<%dHE`cnR~j*ePBOm{jIJqN&pkl^Shs1KI!p From ed883f173bcc108964119dba71b48cdb4594669f Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:16:12 +0000 Subject: [PATCH 314/487] Auto-publish so-mysql image signature --- sigs/images/2.3.10/so-mysql.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-mysql.sig b/sigs/images/2.3.10/so-mysql.sig index 4da45d9d1dfa60ba0c30e3206a708f42aec17c91..669e702763967f212e2e0d14577c89470192fa90 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jn(P1y2@re`V7LBIa1*~f5CDlu3&kPin(d*Y{RP-X zw?s=M@9R6so^Hw25Wsu580;1m!;e=4-2^3ZLu1P;Qb;U-;|cSOFvOH4Sl#%^F=}KZ zDaT*D1)Z-pBWS3kFN-y?VE?J-iX4oGV}80N-vkeVqrrwAYqqxS(s*WEN|T@Jw(%IV zOo+rx`>B*1S6{HGx_^mz2j>mAZ@dpkQcNf>ax=&d_q&q^qvX%kG~|7_$1;5H7Jvl+ z8E?*0+u`#VU$BoKVsm!zm0W0PPum=qMnSA@|Md@YbQ_;MpZ6(kxKWp}79=Wp^h{R+ z)VP99W4p-E^74P~Di~fIYmr^0}<_2rVQ`QSXU%Tv*WLgT3b>A!&IM`eCxqADo7gBSRPb>Hk%iL*g?lI4474csn*Ur}Am?-y=eoE2V z9fnY^@^>O2s6$&hDA`}8<+9&Dklg8~TfA@Ft;+l6?6JudpstY0k3YGR@^7By@X#Qu h8blvfxTtmTeY*g5qum93x#pdXavFM!2C{(C64fb%2b2H+ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS*-vH2@re`V7LBIa1%zi5B(G~|JSUORFQw@EQ6F7 zDO7*(hRJV}pN)}pV6t*6$VWsp7~07>h5B5|T&r^~R-Rb^$Hs9*$dWPV60iMQzWuR& zN(KLqSJj_{KDW^D5OsFe*#G9g@?ov$V6O8TOMulI zur>sQ%~tn?qaAcT61i&^SIh+P{&TP2<;_DSUpf!j$1HyV2BE*J7X$V8CmO+!px;?h zJV1yFDO<$+h4m}}rZ`E&L&_X}3W>B|&X@botI!Sr^CovoNaa-O$a_eIB#ONvMFdqE zK9|^>DoCk?)KQXKV9O10bV{l9&v0EL{4;j@cSi%9tdym;aqTo=_2zG>JwtMa^t|Fs zC+d>+ClkN-f+Fx=pPtR>J-h)t;ob0_e=f-weayE4=eZH1l$Yh39uDT?$|Q|5A;!gf zJnPgiBGNp2-*bgcKK2qcSdJ^_hlLhsU$ZQmq^z|nX2HeO$WvTKfb;R&)|>i>{PANa zUV90ct`y)s Date: Thu, 12 Nov 2020 02:17:06 +0000 Subject: [PATCH 315/487] Auto-publish so-redis image signature --- sigs/images/2.3.10/so-redis.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-redis.sig b/sigs/images/2.3.10/so-redis.sig index 40dbee0a35596d5049855678b33d3a0f6e254c7f..c6c1634cb3ac8b1208971f6c53c06c618cc0e914 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jn<4-T2@re`V7LBIa1(r)5B@TteK>c3k{_5VX621+ zWC3MXE*iRbSv+`sbQW1-@Ya&Q(Q$EPA9lmrl<`Hgi#+JAA!-Fy3d+qS^^;msHVy;7 zPV+Gdo}&;g{d~J9Qe;**Oub;f1Gc(AelsHZH7B9xNc434)f<&*6K~v zx*DUSly}H492?(QEPuGQ|K97S>-&jMgeW>E&RL8QLHTvFSLit+dKCFBa+j*$GszQX zrk?Q%)o(m<3J2Ya4{0;a^cmT1cW5JoA5oj?Y&x<}BQl)%X6|Q~1|ed*Cp(mfMJAd* zllg=t&W!KI(hTMUOX$G&mY_&Cr)wxS)XtUO(6p}lfH4Q#M9G2-b;>ud4>?*}5_3q!sYow0DuFlDiB6L@JeU;^J0B+UFLx!igxb2+oBj2^$&` z%@g(MXkv9Nb~IFWa>o|$v{WN(`M+7U2*PF@0tBl*oL2wP4#$!YUj4@XrsD^k$ zzn^kwJsmzojB3Qf23sVgm6li*uag_hHw%y_z(SbXy+6d@L)AeH*EOAx6lycR4wT+a heOM9$14gxM!g`ajDhlao2S2>)e%&12u5BFD{SFep{j~r9 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JS|tDq2@re`V7LBIa1)O85C3GDuhW{xC`*E>r6wr$ zSysL>H$%ufXo{677gcz{QkyNlR8FUWJ8DmNzzSRhE6CK!V387z>0r(yts%M85@ysL zIv~|Bhm|N??0H7Jizx<1Kt%ZU<2m@F*Qt5_fUV}nR%LWNr`VsVIh93Aa!dxyN z-+EeHX;u7Y7M2a%-Alkl9J_aXosA0r4aTXR(+$LH%rEqt3#p+1E&r=IO*~Swzb5#f z^u=)Kdq#nAx$-z%f^?j9x+u&T>LpZtUn;xnwoC2FOL{5WdztnXU!Jy-qA<;RDz-B4oizAGI6u6@vy<{>$%C z-1OGXtwkJvvUc}E`HL44GF(d h2TMt*narBAngX!Yuw?4QHyt@l%*Sbur}8am?=0u82j>6) From c7517b37fa5098149cbdb4c800e23be2cf031eae Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:18:25 +0000 Subject: [PATCH 316/487] Auto-publish so-steno image signature --- sigs/images/2.3.10/so-steno.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-steno.sig b/sigs/images/2.3.10/so-steno.sig index c3d269502d606c196f09c23665c5c6d649aeb134..a3d9704e0cc1de28aaa5a3b86d8cf35bf4a5726a 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jn{faN2@re`V7LBIa1)Gx5B@WfEy7BZ%IA*m{Wdv} zW9Q88Fj@+@-LZ>4v_=M>gw$Tz{g!BB8%KZIOeY;W0@+&^R?_{dgW~Q(GD7~;J@hL< zMVYORIl83|`MJGJ7(c+9?6C$tEbL#Xs2&84xXRi_Z%w&2-_LWeo)a<{LkV0?*I$Ge zqiaP(*yHE>PY~u!I4DESvamd>`0P}(PKh&e#i(z;NK;(DwROhoBcTpO(Yb&a3nZ6N zauv$`gn@(0Z(EdUxM6;O4--m0#ivu_FrxVOx4fEag72e#3OB8l8D}!uy|EqHa9S=q zDQ|=CVo`wLs4BeYeud-ehZJ^V)gl2JaYI|0{*h)wx)d0~9oWqZ1dsSV;ASn`(Y>K-QBE ze?>keC?LoCO#ACuITI5|50iht^InXfXkubN9gjpcKm#hTVq4PCY8zbhPIeZU>XyLo ze2j8Rg8$Hl>(X_EA&7QI&PJLo%v0BLT#htoTo-myqxw-s2(3>v-|B|F6fZSh?uSy< zutWSF2w@)`t|(HaLwK-GiRx6?3NN_$?#Yjt4yh5^>Ad(A3!|L}HjaQ+5KOUJ*6J7L h9NZ5S;g4HEY%TO@Uv1R&WRmE1-jev?AL;r2?*qP{2n_%L literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JV)XzD2@re`V7LBIa1-be5B@&ZGYaig&7TH%VqQ?b zRM-&UhM_>*45}(k(=2=rqEzA^0A{cM&ovLCXL-azp+;bYe&P_8Yq_uU6z{j0MuN(I zVvu|;3-3NXa;pF>ZbJ%;`dzH$`xTg6jVB!*f2wwywW#+a8)=x^G$q4IqviNxeNy~h zkUCO*`ZFL|r%%RZZIlBGYD^9UC^xxj4>%jdg5L)gKDxssw>1*Kh}Lmbjd(Y3KEk>g zr>Tn7m~zQf@l6i7@AnugQ`5HH|?^XLBK1-fcrdDA7?UZ zD0W(fBB8SzItaNLKrPU5RYf`9g{>l$+v_bm6a0yri9wdBHB(B$&w$5elH85Nm^y?U zP?m&Xs*l688?F=%3JF6L5S$^+0h>g-k1qOZP|_IIs55C;v9aUIBu1OFt}Y_&?Q>xg zapc<&V8FuJ#@VSX(xft$6<}#-BIYlT%>4+1fL=+HJTRwVB(s=A%|BbTVHcCCq` z)W)xgp_T%8{YM!)X7Um!urZQP%8QM}7slDO|h4AIJE#4t5gq0+W h3fYEF!*2rtdP5M2+BiNg&?0{Xyrsbd=)M9=CUkW={dWKW From f858027da15a983ff40f9fe88536b616e96dc1cf Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:19:52 +0000 Subject: [PATCH 317/487] Auto-publish so-wazuh image signature --- sigs/images/2.3.10/so-wazuh.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-wazuh.sig b/sigs/images/2.3.10/so-wazuh.sig index 3e6274d2726054ba39cc68bd551012359d786d41..f726bd63de0c96e98d285cea11e9b3d1e2ac23ae 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo5%nP2@re`V7LBIa1+Ux5C49SX3qr0Es;dq8bW_} zi^$rN^fe^C4g)^qs_w;CR|&_NOqaxoO4y?wC1r6V`>qJC(Z$glrp%Q7oV-gJPx1nK zS=IrwGj7Ak*kq3}K#ow1^e4{c!ED`$WSW(x#lOla7<_^GN)NuAdFsr~Qx@FbeBnke z5-bBljOKBM0QVQpxoVXUvnTV4V%|v=$ojjvrih$#0ajwOHz7OQhk&iffAPke@}O^Q zg1>Qf?f;4*Hf55my@n)m@3W_c6qJ?+dwMDC_w(ywEYnmW2vh0T1eSfhUBuH*vISK) znH(S=kW>0pjaZ{9E9MQ!;al^Yar7zS5Z?!7ru_n*X4|lyL;siIs1T<&FsefSgml>F zc0sHA(0OWSklL^^BRSYw^Z*$old+_4aYOh<6HQlsV5aAEE z5#(~`xlv66&%X_K#O0hYJ96`-_~FoFl~OO5=)acf`PGW&cz0lM!xxkzKp2{Rx*oD& z0WahN>jvOK*U@6{cR_LMj~#0)C2_HWQT#Mujt0Vc{r$7K~{3mH-fW`MSF5s(0 zSN}K5R4={yoa`l~`2Sg7A%M3ToNk{N+cIR8nvZ6Bu7cPKLe4gCeBwdJQejO}5 h9mb)Ys31yobJ3#C3T#9)V`Qu{hIPE+5Wo_ROd(F^3lIPR literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTD<@Y2@re`V7LBIa1#i35C3kR8GYqCA{9qU(gw1p z4{?+6%bEBwdU$XpIZl%gwwV90loJ#AEZ>xsbC4f0(D79VdJUiifF~*d-iG5ts&mLB zk4F^?VJ_i*%xk@CB?TspT4in6%Qmbz>j*brLWQhg>wWCT?um1FKLAbGSX}rI$tY~r z_vk)($OgC~IHG`pZX<@Avc03_^3lr(gi(8o1bZ^Xkq~bTE>r+x&48W%tp?{9F}G_x z90vfl5}46Ju_n;)HcgQ&H7lX`J za=`lD3a?=t<7=Y>d$uQ-h}Mo~?ILQ5(tX}WkRK@Hs z3sNsAy7Q`;|D Date: Thu, 12 Nov 2020 02:21:20 +0000 Subject: [PATCH 318/487] Auto-publish so-kibana image signature --- sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig index ca159f29a55624895eaa97422500e633efbfc1ba..4351c59b81fb1d3fa0d916b52ec1ba792688dc17 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoFD)S2@re`V7LBIa1)+#5C3VKWNa9gA&I=>pC-}Y zu02I@iDDLB2xu+JfGv2+Q|1TrD@XUOh_~r# zU8-3hls;*Fh+hAZxc9tkFo3txF)jL;(C)H!EliRkt-{2M+BYJ{R=Q#if(na~urac+ z52hZYr%Vd@Z`zu`z*qP+&@|ilv^QK^KE>(9Zy$pz1ssf8)Ux-MK_RF$u+&h?Az6z* zz?gzdTU!*=s7xpM+_&E=EmT$+FUtqZ(&J1SkeQ#4rlz-a+U6vc zte%ppUnsg-PZnX4sFqVeuYq47c-P`)_&06$&N>2gUQv)J;6;3{9FswAYKm%*R&p)& hN!l3;g3pHAB&?|*z}|l!dP^%QM8)jH?Y}1uM+88U4vqi- literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVATK$2@re`V7LBIa1+T&5C351?;I;d$e3v<-%!lj z*z5eGJALaInBX)|ct-p7iT1wMUe^Mexb+xp7)e=2CI7Q<14_cH(rn|Ag z`(~Dj5*DMjK^uIS>+srTYPy@7kPV*V*ZWDy)_ege9=pUFpzuZN4EtDlNwNKc$iEdi z1RmfR4r8&K8#=e~xwx=qA}V*y|MsWZcFOBT9drQVYUCF6(3%FY*HV4ju)-Rb)|d8I z7f`GS8Uv%-nFOU+8qy9K)w#J`0fk?rJPooBdHES<=8m7ycE^e(iHUK7BVg1A^etrr zWcF$Qn=pR}g(&B`o&oEwFL98%^E_oJ_#5Ck2g&1Gke^8BLb9j)8Y`L9`}DG`s=lgz ztkO+0$If|!<8BvSmQn|29{3tBvI(VZ|Fc_dMmRVr(#1cn4c?o){A220ZXX|G@Y9AP zDP+lO>&-!;(r(6iycL-S1+gq<+<+ED$UnN(g<8@Aca07FZ^WZra-H+1j0YZmB&2s? z=z)`w`b&a!QV~)teQ;{B##7pAS+M_^&TUPd#Y(Z=Wr5EqP*>4NUHJUvk~a%hdvbHp zeY~5hUdg#JYGB Date: Thu, 12 Nov 2020 02:22:11 +0000 Subject: [PATCH 319/487] Auto-publish so-kratos image signature --- sigs/images/2.3.10/so-kratos.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kratos.sig b/sigs/images/2.3.10/so-kratos.sig index c23717342a062bccecb293d4225bc1524827d70a..ff10115bbf4fbc0d74047de8e81ecc45a2b11b46 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoKpY_2@re`V7LBIa1(FL5CFB{`0&-+4W`0<3nHQ{ ziXB0QvK1Ve8FXA3@BV^;lOKCcg1t``A>o4%Kd7?o>z-5dJGh!+0jDeg45e$mdp&OF z)d~mwRlOb-qNb#O|NHRz*0^(v)l-{`$Z^fdX6xK{+=U4hy7uAC zc`+-EX5JPfQ$}e@s1Zup`Ly!MqZCC=)XyaemiYyb@D^0-?p7MOCSO&>r=_fPUs6vV zkc@Z10sO)@wvci^X0aUtfSZ9M4my`?ooAwBojYM&Jf{=Ft6eoWYz`H{ONZ%-@xb_< z-#`-qu8{aP43`pQ>w*NSvf14RUB+uMSjY_ZA^q(jZ=)@y1gZZF{a>*#XQg;3VV8I+ z&jnNswO%rlr7s{JLvj{ad)6@5YDU)Bktee!|3*~heZg*N|gSdf3!I( zj+%?}vKNO(HA?Wj&iT{c-n6mVTj{HO0e0%oIJdT{%DrmvMYrTSv#dL(a7NNP(tY=8 zy}acv>1n`w>nUK%Tme1s*}h!}BM*}06e;H-_^BE`MC|(Be^>t0ybr~Tl252vYvADE hz+9V$Nlh`~t(PF$`Ii8io*`JI5v|bh;*h$5cGk#B6O{k} literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTT}oF2@re`V7LBIa1&LN5B@#j1~(q6f*A~WHuyy_ zS*WwEWb?|GdU<8>DFNpGK5-zU#nF{=NY0u2?&7z4V#m@MRiCUW#0}^uJeL(nB*y)B zZl+}**;}`7+kzHDJYFCM)t1<{3fEo3IIYl9NQpNuNwWb)#|O(RBCcO65r*vEt*=;K zh2T6mUg46Z;N$AXgPP1~*Qff-jp3CK*T{6Ab`Yt~Y~jY6^d4Q$xfYfTyxK-XtmY2D zz-rC&b`55&whINv5Q2ratj8_kD*Swjs3DnB-7lHg1XWNyn_hH`o&XjTy<+0eES=Iv zL`KFACL1F!gy!O=$~U^a6|N9|0aW~Y6pzQmFQyX!gD2E56Sv-t$Oj`b?y Date: Thu, 12 Nov 2020 02:22:56 +0000 Subject: [PATCH 320/487] Auto-publish so-curator image signature --- sigs/images/2.3.10/so-curator.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-curator.sig b/sigs/images/2.3.10/so-curator.sig index 01fc6f309e719d5723f8e9608dc36f51772e3c4d..04319eb5a8dde529246ba3c1191f44ae1891d3c1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoPYod2@re`V7LBIa1$V$5C2B`@rCoOhN*uuId+-F zJm8_N`%Sny=^N1A!_lRG$|!T$jd8a`SwKnU6Nn9M_^7J-$cs6p6}#*$P%XKhbHRxJ z25CzR+}>%!(t@?~;kSJ{5E?{h0L)BtOWmE(ok zpd61j{bgW$i)2H_fuf{Gl2niQOTtx@FKBXu2)I)6ZG1h~Uooo#ciBs|@q%kJqS7xy zt-FhfDY*PK8W4%!eV#tC1SJ5#NSuuzK^;7r=~f1x=8IC}12BIV042MPls?WQt5kyc zh2%n6^?i7m)JLn!zZGd5EvtA+8IDC47pzB#-z1O~EQj0w2e{QgZuc1T`HLb|-XK z$V2~<^L1R!sCoe-flk-!nFXrY!#7E^@y%$?;h^m2s*Vfx3}yi3*j3n3NcUB0tRp4Z zm;Nv8!09<78i9ADn z?2OMyw!P8}h>`)cbgA2KoSmUW4g96JBCTgN4UtZ142OPgffN`HWr8Wv57%Us^Ga@0 zVmP5MQo&8fZY|4tsA`@2Z%*B7a<61#NeOTljlfp{MH$=3pPF?ojtRY3sGpahtg1hg zo(tD8x@5CPNg^4bk%?dQWli;J;^I~cR5l_vSiRQ_RMyVWY}>Y6S<4iC8ige)Mfup| hDw%drr8V@7m=m5K*1esLAk@I4px57V3y7QYzao(B4^998 From 41a123c22bdac1f177c039afbfb94315d2e3a444 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:24:19 +0000 Subject: [PATCH 321/487] Auto-publish so-grafana image signature --- sigs/images/2.3.10/so-grafana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-grafana.sig b/sigs/images/2.3.10/so-grafana.sig index 60964a824aa155a094dc8e32f20d0f770d865529..74300c1e33fbab3e39b09b5a3ccb3d2eb7850ae8 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoYMdb2@re`V7LBIa1#@65B?%WV-oZ~FRxD17EWqN z(%U~YgC zFTck_Xe<0U+s>Vv&wHMGK>qqs|5^J+t|bltjj%3Kg-hm`|4EecB=y(0U~?~$LjGZo z=sYi3@LF}_5y?%5urh@yt7zhtjjrUGEz$Z#I}#(rtf1*X|8=KH-WG{~%PGh3LJ8KH z6|Lgt`IWys&Zz74`wc|9Bo(b$F+ki3Gpbut6^Bl$(9$==;@Hp{^O}JGG5+nF)kxg?wXP;nrqu z=K6VpSvjy8y6$)$_e_CLh8$~{MQ#5}EdM9H9Ge4^9K(+rdsNkF9J$=a;WvIyX_o?l zN=5A$msm5Q9_#xhNG8fw@n4|~^kIq_#`@ZraMrDdw++ZR_yib|pU6{vWVqqwBc6ut8(xd#^jE+2bqLW@WB*q;xqh6aMQ*t)v3~2xW literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JTh9Or2@re`V7LBIa1$+`5C29VBU5Jq>Cjl834Nl~ z`-O=nB;}W^^pN!+;_T9-rnyBAG3A@4IS0Q z7Guw*nNx6#birZq-ZohS`w&@Fnw@E1l_N&~!ioooS8ZNnDrTEm0Mbm|fFnG_2LHUC z79$j)73SN@MJ zD(CY_MhHC?c({_W6*eTKyo<<47>@4iCUT{;)rjBYrrI>Wvi)(_ZaA=eJSY{O4< zxp7+}PZ)b#hO9?KZ5%fgXrBf*cDicYl{~h?J@k1SmUnRYAeJ8lTQWRi!8SHLxvBGE zU01jr_0?;c+ZVBKRJmyTd^@|vB;58uFEdF?;prsYD2Oy>O=9+jR99+S!|8Q;=}?{+ zFfOgQ`i2TK`LCd?lA{$9{dgVPm6?D39!Ls>20{|^tf(D7WNu<@K54RftmY)vo6^q# h`Sa_)>J5D14~MJB(nL}5A_*4WA_&;+{roL9nOZiG47LCO From f9b26c9a8fb033f2be2ac3cd07a1e6f20ef1009c Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:25:44 +0000 Subject: [PATCH 322/487] Auto-publish so-thehive image signature --- sigs/images/2.3.10/so-thehive.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive.sig b/sigs/images/2.3.10/so-thehive.sig index 9c53fc8e9d62603ec4675fd4278eea21b1af9d9d..4a5a20eba201f5fd9637e3e2a0c3a73f8c120465 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JohSeb2@re`V7LBIa1&pJ5B@dE!A7?2-CtPTp#7Uo zg@e?|gZrKypeYOwLnWAV_ns+3F?a~)yHIphVo*U6eQWH)f~#$h2L~hP*>FixB5MXB z?g}G<9bj#ithZI0jm78iiwaQ=dptc9XSe^J#bg&eY7R!?>t+8a5Ao{}GCz7Ss>?BE zaMfJ`!;7lv5P@Pl0Q~rb;?)ZWND;M$8){A{*;!43S3D2FJ#Zex*_I8evWO#2P9M4G zx>eLOae2WE8NVm3$j#9=428=AK>`>wF!l$M1~!5Z7;izq^E_Yr=>2}&uG=&_^15{7 zrdhRl;rq62GJ%sxoZ4Hjy7@332_r&X-ND$?5rLinWh>9(`#CqL9?Jv>S`m(V9juPD z<)#9E@DKiSjp=qA_m{CmY1JR;PYgxB=e#md1V$%TW7Yr#22!|?fz)oP*So0bTbat- z1ITTSp3+Sl0kS+Q5-ODYEcP&;Qp^B?qgIZSRojS2LlCt=C4KLpJlAyhrG5GgUuH_N zwj9|pINQM(`GrBjYLJg_s4`coF8;UkJI4o$JUoy^E8EzPEs6?2ewZ2X!L*V20z3~*fu!(dNiWYc h+mSlHShAA;3grP+d_SZ`-eW)E7a@aY#kg!Db5+?wtY%4=T!FU7BVX*M_NDBWyQ zIuw^begiJ$BoVXbS`TeK@8P`oVXK-mi+SjrYpX0Wy;YiMz&q=PE1?-HafT}f5Zo)9s`6Mv?dx)EDd%`L!%5XLh8IT#y%n?wl~RaKE{>(? ziT3(kiON68DQk@N^d6Vug1-if0VSvM=$PB6Y8??Dp5Frelb~ht%FheL8XIId>O0A~Bnn zT#WS+W#YP4@NyUNi%J(CL(f?Z6X7gKSM?08p3GO~o%fxNq1a0XLEau|>g;IcZ)vVV hyl}A(ucoZzCs}x9H6O*PBTK9xw>r$k%qscA+U<}U5q|&x From adc99ff06d378174f05279246f9496e3c469c53a Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:26:57 +0000 Subject: [PATCH 323/487] Auto-publish so-filebeat image signature --- sigs/images/2.3.10/so-filebeat.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig index 7554662acdd76b7ae934f18576a362adb8dbc5f5..a3dec1ef5e3ac4f7a0db9b090ad0a9503fbf6413 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JopAsP2@re`V7LBIa1(K{5CEFZE-5HY#&5PPROLNm zb>QDLkxuOq?X?d^vJKoc5YnEECqc#SOzQ7ymWuadXe-?|2+EE^%YI7xpBoJV5oZZc zLyrfO2O4O{nfqZ*faVm{7iUyojO4*_is}j#U&uU2TNvvg52(HbA!%fX@(a}JtmG(g zb{29XR-?yU+M%i6$(f14|B-y8P=t<{b`tw_nKGna>6+hVq4{l^_N z1$?)kNmW>V`K>nR`f0XDIUsRwG7~lXj>!Mh*?A zx_5Ee3FZ*lB)9&v`amzg{jGg%Wr5F!Nle@bBk! zJ2HIA2dQ*~M9)$Q!4dci4J;KCMEH@3k!@*2$?>M#6IzJ2U^Dh3J?}!v9($wtPeCw4 zf0Wu)>kHGM3Z~2Lw$R{c4KynJ6xym*z0x*6?=nk8K!$ZJ2mazLv=xhH%q*9wgV`?^ zzYRy4OZ<3wab3w-qqYsBg3^b9kHT#YW>p6B_(qwBS1#*3OV+&!zn~*3%t9fE9MWVi zG;)0jgy)8`WrP?lpcY!xJ^6xKlQ_)X-8lhl4sR--TYeB)eIpUJIR~G{oMv8fn{Ljo zP=X|7C9rt0NAThk$NdJ`uh`Tda{eMt@jMQSbL-I{gZd+djNmV%8cE*QyYoLeJdgk^ z90_P*XFO{vNJHfGG%qJrSw12|h*K567FzM`p!|@Ko6-P$XSs?t-@9R9QR7MucAu12 zF32Np;Ow`uLG~i8ln7w${mddt$zJb6*HW1Watxas&gssns(xSf#Thp}q@-i78VlUI zlSc;l0lfnyJM6qn!*pz Date: Thu, 12 Nov 2020 02:28:04 +0000 Subject: [PATCH 324/487] Auto-publish so-idstools image signature --- sigs/images/2.3.10/so-idstools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-idstools.sig b/sigs/images/2.3.10/so-idstools.sig index 9404000bdbf5563e75d6c154e23a966c87b95454..f0ed287f54494120a44f3d0860d8af8bc8a148a0 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JowEQ62@re`V7LBIa1+Ej5CDRM?laP3|FYo@&N%mn z<}|jOdGdi=GP2|rd}@ZxBcTTaqg*!vPwbBExX7nni;51!K4d%zw#o>s{bQnoM)pJlR!^&fp^*j ziF3&CvZ&v^_1;O5aP18XlVxINa}FVM7&xuaquu7XyoYFk>KrncN`K!73-1=^?c@~X z$ql@|*0QEiu|pP+K;IJ3Y6y7@{2T9HsIDX_4ftA8rHik5m9#?GOqMLa#KyKIq`X1F zh{QcogspcpAW>-nWj<&vvZYiK$f9RjE~tzqzTCF`9lP%M{@XiGe|7<}FFy_Z58j^& zr3iLS)X1hpR<4PXU$e(RO(D&KeHbPYsozJ@!}PO@kt>(4=E-Kg(1D9=2O;on3~X2$ zym?N}4@tN8iuCadPkq0r53dU+1XR?Qfcmz8w#y1HRQwZ;Qg52XZtPkMYYP<}WGGQs z9<`3dkK!SK5$xG8=}kukujE`F;Yr>SRh~g`2o@g&pSJZ8Yge-|LR*|cKqrzwG-kMY zn>;>PZLBoxfhQSCfMOV9sSYLG6vXs?1^Wwu2Grhu8FhpfGncq4!KxUOGL#gDF`D&7 hA}t-8=A~+H=>Yl&NLn8pNL`KInNGmjNr)L+XMMm^{U87U literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JT(bZQ2@re`V7LBIa1$;35BdX|f{_1{NeYV0?QhxT z>6~l+AwP`IoOrOzP!aR*^63N(eADv?M;$XAS{%0I0o*<&0v3qMm*gsUL|B z?)!emQpUYEB7d=VV^fr(KgUp|JeyKGv20*KZUCGTXt}vpRpD&V5WsXeO8R7j&jjU& zDLIWbHdkc=&<>k>a+%}c?=tbk`1tK`5$nJfO8gsP%P29tWN$O|#>@V6QI}={jZJO9@5Lf|f&`3+hQ0 z3|4aEe6Lr>Q^&8&V^2UEr4F@Pq$L+|2D(YQY01g*woZjz#Pp1plzHmO7s&g?$$cME zlSRZAiJIdYy<>$uMNa%Ksg79tDB0GbQL&h}>)X+us*U~52O_PrsUvqU~M@#T1^wI3Y)rEe^K<}-# zP&xu4W03AvJvm>sk+zoHfiOu8FqW7mPZy?l>^qA+ml_hUMcFfrgOybtI;G*Udx~5b h(gh?~EkSqJ56L$kCE`-lphZ}n*mWR&`np^lmWhrW2cG}{ From 2098dd16ff149754b65dba416ee34dfaa5d9b774 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:29:02 +0000 Subject: [PATCH 325/487] Auto-publish so-influxdb image signature --- sigs/images/2.3.10/so-influxdb.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-influxdb.sig b/sigs/images/2.3.10/so-influxdb.sig index 429ece4b072f5fc13abd9e96a479a98ae307a1d8..4746d5f82e63c68276ae1f0fa9795cc3c2bee44b 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo$de%2@re`V7LBIa1%G!5C4A3dY=u3sJ1*QQD8Mp z4rp}|)vk0>o6CxGr^#MKfMx;tSWF zjiq5YfxMiOMpYU%^c(sh_D&y9+UpLlrEK6^bvkhS&J+)3q7n&TIt?KZt6-d~h~^w#6-wkZX% z#PR3|LNyIOTapy_8}2uRYeWyaqpcu z=vKO50&IUsjk~}_=LFLZwgdHjn{aO#A-VVjH!ew9Hr#RNtRq`3!gjZIXnGi#ns8^T z)YsXr#vMs}3n?dL@nQvXTwgEAl&QGjV(9~Ye(+{uqMA^d&m!ad<;r#Kx<;5$XpRx# zh;bp@<|ju-^Mj8lN$QrA1UYuzA2hz$-3|QxeRE>fL`i zdnXRVw@iG(LokQnfVz@_J!mY9Yd)x$mB#rOlUppENBHuj!^uY8DV#OR?;{2Yqe2$L z&4S^T%QMV!&K5Bc-L_nWMT{-bR}l{X$7#7-H2^k^^aSeC1S<{rO=S{jlP^5q+>~pn zld~akZw0-3qhB;}z;X$tkWSeA6p~XQ>Z>wuRA=8Q<a1$K>iA`YaQ20j1) From c3ae80e2c1b23d80ec8d604f0915b538ed295515 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:30:36 +0000 Subject: [PATCH 326/487] Auto-publish so-logstash image signature --- sigs/images/2.3.10/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig index 410028f602d5322732e202a231cd690cd8176793..fd2875ad3d10b24a961f42c1ccf212c8661b97ce 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo=gA=2@re`V7LBIa1%R55B(lf1#q4wu{thz%d;wL z&9_j^GKkd24YXkFl+@}v=M<1@GSnlqis(ly*9(#eXnLa0D#lr5!(-xBQb)To%~|>!&D|Pqq#>vL5>UN zu6PoLD|KwAgY!m+Gs(Mx^fMY1XmP-ds#7<2AE43P=*3_A>li46f6K0ZcuJZ^x+0wm z56{sR6OC*t@KXJ)N0{O5m8{HZMUxXv$yYV)Euj1~J^Idjj4WQF5E~Lt#uX7DO#Yrh zTCB7m0mqhcTd4&s4(LP5JTD%efh|A=BT1h#^<08+D&8P=pCp5j;5BlTJjE$d7%kO- zTfPlrMwGGFI8T^hh`9qlgB}F-`B=uBO(6pID{duhLH^3muDD!?HfwrPEy}qxdn-a6 z#sck*rd101xZ%V|d8zpddZFdU0YcNxoO*}1ilT6BK4(w(3)lw#yfZV!zlk=GQ~Ty3 zru82N<#LV{!^(?5p*wK5D4kxo#wccZu#`%vpDPhG0f^LesnkrXq>Fu@Li#9C29bV(FjOvo` zMWXY99d*qI6I#9oP z2^AuF-QIA2i!|5x$;L;-OooMN^jx|XnvA$1rx@XrlB_pSk7-&dfl-0Bup<(4zrx|1 zD&0fu{s_p@^y^0w;~R3bj&6Omqp?vzFi>mR!1?f?;c=tXdD-tuklXJG1;mtqiY{kr z9;eoHVoL?r>`6)$l)i%x;B#Uo3N6`j;WMu*JW?K|^0RdFz#YuTi}tv2IO>2)nhin> h*bC0}Ughk6!_Nxe`$XR0(gMgy Date: Thu, 12 Nov 2020 02:31:59 +0000 Subject: [PATCH 327/487] Auto-publish so-playbook image signature --- sigs/images/2.3.10/so-playbook.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-playbook.sig b/sigs/images/2.3.10/so-playbook.sig index 435913a147eb915b87e73f057c0f7a37afcb50d9..0a3d501404d5c02eb9cbd48574e2c5ca2a646e8a 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo}T~;2@re`V7LBIa1*t45B(Sza?%rr)u^h%s1VIW z@b&0=qtD#4WCaSH)q6-WA)U*_&dj<`Vf$sdOqu6BR#VU97k#+WGB;CnC`8wM`2u!29l5@L_wY5nr#^K(ejmOM0e+~;0N}zr zw(u!u|GJIo_BLVFUk!JXnp#f{z*{zlEOwS%gVjo4CtpGTVqDATgv}(0*?)N)?2I4O zB-Vti<9;67^&m90rI+R=>5c!Wf}}Hb>t;$vq@dV^^>Nk&LK@`OIO>ApgS&+LuH72k za#vH<+{3X&OD%g!Zs?=!SLI43V*N5r_*Xwk0Qx9A!C99jej0WJuZDhzzu_Ihyq);1xkc? z3#W5^Yv#7do@@d={5t-xRdN&_f#w55?8|_wQ`r~)0%Qzm{*nR7xy$Oy_;;gLh-lbBsB zPB;j>rDW-!{V&d<(S0K-sc8Ro`ztjbWZN;m0AO)=x@#t8n^9mdOF`c;<}mPwA=tQ4 h!%G3?J$09xs1zceVv)We2{ki|pP_Y(z~#NSIKP|R2g?8e literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JU4#G%2@re`V7LBIa1*a85C2=Ho?lH_<*4d^P}(a_ zzy{6%f%+JRh@u|h9DR#KL1+mJJsv}s+Ec}<7w@wx4~NCSU=MKo#!2NCO~^-%M8_#qmnAME367P&z?h%{*)+1wmX3) z^h`?h8%>i7T;3+doIT1pkG(zb$`j64hhM4+pZ0&$C=)Ee+G#ak%!gg`o+^gqYOIGPbEP@onU=v27$9E8 z6D((4Z%oA#K%V_e{C~gcEOA&1_O2Ond@fpKN04exc#_Wc8Q)A@fV)DeDaQ6pzd3d| z`)1~|v`eWtk<;IgL(3MTB$3_k!S)Wu{dnd;av4%$?;V<+euVZ{iRru!ZnmPZN%i2v zO!`9C@Qp+R6K}$b`0z)59`hDGwUo0+%d|N=oOj#7*qc;7A&YYTB%Zo|HM^YAcUe|s~Bd5~rJkU0vzTUnsQ#+x42 zSY;c+!5eBc-R^r=;@>3uBzuRwy~M8Ukr3y8S&uKUCwl6)`S6=9vWOVoEW_Z{8vY*V hppLQxdrWN?u;4>si5liYU9A`Mel03T2)YbjU+B3G2Cx7C From 9c20450832242c8a0495dde1d5a0c96556e8699f Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:33:10 +0000 Subject: [PATCH 328/487] Auto-publish so-soctopus image signature --- sigs/images/2.3.10/so-soctopus.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soctopus.sig b/sigs/images/2.3.10/so-soctopus.sig index 1c6483528971afc5372af22bfa274b3afcf0dcf0..db4016176072d6183c51d2a50a3755b93f9ae782 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp5_1w2@re`V7LBIa1#xj5CFIPKN+wrXZ^3>l*diF z5|k;Q*=!_p4z{I!^E)w#%$Mn^#J(o1@a!%!f0~HE25%Cb*iuF_Y?^=#j}zF5HuZQ* z(W;YpuY(?rpKHn7&-EX6L><|jKtKR@+uD_!FEF}qlb14dR=T|)m@1M+`^JBL^{@(Z zuZ`syEo(8t87lnTVuJ#_!0rnG4s2p0n?_Cad2owM1z3NYq6_WmJ2c(wG z)B2VJDQDy_ZfpP=M0@$yHLnG#U`{0u*rRnE-S3{s*@E;ryu9Hl?|J$N2$lsdz*f&O zWw-A^1!i#oiA}Q^*o9?+V=STUn7m4J(h%7sAO?Y4A$M92DgbVr%7#P&cYO=l1erd-oc2ioqk7uZzLGQ%D3~-M#h%d=rjN}BUOr&k=lcHO@oa|Blj`n2Pee=f5hd4RQM4x9_8B=hi+4fuf^4i+YV01boUE_28kS~j6#Yi-VL2)I h&I3k%jg&5i>>bxUC*v@^i00Q;IO^H{0?;nj9UyEQ{yqQz literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUB3Vd2@re`V7LBIa1%by5C2f9LW>%vglX0s&y!@@ ztb28WR-fsx9U<9Fg{0Hz+CQ2WWSx&X9d$c!ESE%w8jB*dd4 zfxuHn%U-eYRxQs62?YzOgdz&t&6jU^%-(>1X8zUMoOp0uVi+DGce4aI2g5AA7b0gP z#1i0mV+ysEh-PbNg1PHA+3=bhM)2m-nV4yn^sAb+nMH&(rBT~}MqAiyurc}2Y`5|1 z4=-Tl-O`A58a4IlETH$NGTDJ|*!FFe;vTZ~9^Ja`I4Nc9E?*W%k$HER)(ODNc+uw? z%N({)B|;kJ$NMa|4#%!-6ZHA4K3>kvqnaiGsXA+b#g)tq-tv*~GV0ZM6%?O<+TTQw zDpoX=tJnYV0keUS-;}O3>y>!~yZwg^-R9EZfaxCv^)fl$?g$ggZzuEOPutQS0of42A#z From 3560ba933b4f8f935375c0f0f3776093dd005ade Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:34:18 +0000 Subject: [PATCH 329/487] Auto-publish so-suricata image signature --- sigs/images/2.3.10/so-suricata.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-suricata.sig b/sigs/images/2.3.10/so-suricata.sig index d3aa1fab173a02d20e6fd27240f972ec29005866..d94b58866cde9bd4dd80c72382c3d09501670b54 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpDF+f2@re`V7LBIa1*Fb5B?&fNajM;wLUSfr|U25 z<@$_SD?GLQ>)`c5- zAi9QT#U#Cl@6o0NOQ&7#PQOdkV-#^A>(#2aYR@>Nq^kY5wm|H7&Sh0S&tw`SA!YoR zIDGZkp@#*)HGn+>v6D3V8!!ZUuIFByKsxvSyNr{FML2D)7qzMD>D*hf)oM_*(Kyy2(!?a(Tl+S;gaIY$560R~T_pI4fd_qpHU<1#W?nm5e#whIqgpFXv zQ)!Lkd4uV@5aYQGo92q22$_q77oPw$w31azGBTDO`~^?O&HBm@zqwSI0C&?uP-_*a zcrvsddV7MgXo?8{%k=$zabFl*7T72T2ADgXr1126RPe@Q_hnM|KmUtI;KKviPHrx~ z!nX1Yz5*Yh;GA31%+ahWcExlAj9{OR$rIve2#l^Fw+0Wk0gM-CykW2jD1Y{h&;;hc z)|xAMLU{AM341v@e$QYp-pzyDC-+?D{vJ;`W4G-Oh&Fsv{c!PK-n7g`!-q{Bc!Mqx z)Kv7hp$Ow0rBl@fZ~$V2Ur1s|PjF43audTgvxEBCj#6T!;IlgC2EBuHJkH7&G_pv~ hByYgHfhdfN-q1%w1Zi~>u)wIVeWK+oeojRxp}2Oj_c literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUG@M92@re`V7LBIa1&~?5CEmeaUt&~z=0YbBaPZO z6SEOxQz*oXQ|wtXA~x!zEqe2$2F(95D5TvN-4|Wns!_Sa49~0{;jo*zk27K`NNWt* z)sh*JXzLT!J{v?Hpg3?1W||=nBprlFmyqk5LM%HnVefqH3r;x1{LDvFbW7?kWqu|D z?9qtkG>V2EMkOgyF0yaONUyB^XiJ}g9cZ|92(-FfN$BLA#uMw!M=W=GkAG+zF zxzlbdDEuz3jX@M~bC4=&0ljqok{;AbhOw}co@ky0OhR~L;rLh@xOt_xw?BVDovoWY z4lbQT$dEZL+@?@6PjGxzO?(ZViY*`6*BnTGI(5Tb-g>r1WH8h^Eh-dvi>yrx)Mh<> zh~QhX%taBxlh24T;?P*ndcT46ugzu9#_9v;#+y^T^NN273Grw$_M+!)*7IgS;4?hL z)A9wT0I^(@JH+YyX>RBeqet&LO~lJAR60#FDiJ~(NAW{PMuQo-rh&9I-rIdjpJ&e# z8r@hG&05jzQp0L?`ohiloUpO9b;VFT1{^f*bBkS_%Zk#K&^rU%%{oaj$dz@mob)<= h!0F5A=Ir Date: Thu, 12 Nov 2020 02:35:22 +0000 Subject: [PATCH 330/487] Auto-publish so-telegraf image signature --- sigs/images/2.3.10/so-telegraf.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-telegraf.sig b/sigs/images/2.3.10/so-telegraf.sig index 182baf172fe0a720c378927788b7b840a40df6b7..1ae3917e63b7a6805ca476aaad2cd626c70cfd19 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpJ@OJ2@re`V7LBIa1&Mt5CD(GOYa5h8)v0FXxI%vhYy>xq$PE(rpN=yAtnB9voyEJ(GN}0S0CB8Bkg{H-GHdDa; z6O7_ekOF3y(id@p;3E{>YIT@A?3Lkb*@Ka17xcoBJatp7-2EKc#rf37l{0NESL$2P zTfmlc-1B2;IN!?VCT7%Mm#Q#@A{!~-h`LmVqEecC zd$KaclWBLI^Mp2%2Rx`SIHE!FD%*X7b)Cg1(c3CFOqd__7wn|%V;v>g4hSs;{;g_* zxad;UV05|rq!Qv|-Sc-Vhmy%maTwH{*7$H-2v4EER>^)*3co>;MZ&C^embKTf`Tj~ zVOh;)J9m%sSnXK&rA4`*SAB+)k3&>{^z(}k3vmtJoDyi1U81U+0=X&TTBQe$zn+g? z1A8h+@LGQ!g+&R!G*Zz?X_Q#oglE_sI(sr6dORsNh-DTfZXEuIkKS9yJeRH`A9E)0JXcu&^ZIeJ1Hb?P literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUL^nu2@re`V7LBIa1(r{5C3vkqo^dAYrM8Q62wt3 z7>yUnF(K`;j3ekH3r^vnZN4dw4@#&2dd2ZxOCo&pgYfN6@#G0K4`z6H9^b3k$SKh*=Z7v z0a3U9bIwKxC`@U^UDK)oHZVP-(#;)WUQX#;oRXC;o@<899{OMOAI2qi;(7Xys(0lQ z-eYX8h8Bv;omEJ*gq3D%K;ahwB}{f{a*kq7wN#Ss5;D;#vHk_EF7iiU*CFHN8U$X^ zH*9j7!4WQ8Yk)SdDQ2$B&Ffg?H`s>wIGw69;|SF^oxp1}MR}FMdSkw_YI-O+n7_`) zD+-kavXh#Az(?j%%otOe%{3uh8!mf>$5rWXbxO20;f*uchS+}@pu4Kgmi&XqfVPne zN?b?Z2Jsq2u}*j9?CK#Cs+43;ciLUK&`Y81GCWY_VJ(r4deVwb6_pg!m$-?Up8vXC h%`4UhyHgJp#wqB8`_q>PlJ8eg$u4Lq{cGPY6O!Z;2@wDQ From 96bf2c57e7e2caeb82ce1d6c3c4c7f66dd9c6f10 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:36:20 +0000 Subject: [PATCH 331/487] Auto-publish so-pcaptools image signature --- sigs/images/2.3.10/so-pcaptools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-pcaptools.sig b/sigs/images/2.3.10/so-pcaptools.sig index 99142e4fec37dcf87b3a3a7e33fa6268d92eb46d..8755e142b69ae07acd94223aa7e0e150b4562ecc 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpQHc^2@re`V7LBIa1+DL5CD|(ysc$0LHbg>mIkNi zw*j1j8`3uYF{?epa*L>3(m(A_|E3Dmqd8oQV-bQ$MAH5tRmo`zW&Fs*Xkw^}j|jUv zmD?8scyKnolV#h@3p#_xio1rwZrN8I89PZ$DVNeZQj(tw{|J6}o3R`rJIJ=QT!~yH zh^3aKtELmFB%u|>a0NFSr|_}<(E#iiBTBdDj=V+!p+JYoOH=2kcXfh?{i>iL$MlU%|Ckci}=t-G0T!(W8V;RB&h9_ zZng%R!K*iIC;9(Fmm@LYan(Ano?#MQj$vPwz|3>>0TuNCl4(4OQ#_!Fg;PL_K>KG? hEw``ZS|0*vISIYmbWX;&Wyy;rw{utJsY>`m=3D^Jt literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUQqxF2@re`V7LBIa1-y#5C2BvRwUD236~ZmyQ?Oc zF-{^HxWXVZ2pYx}QU?9Kwb!Z7X@fqAd?z5XVZgf6oUOitln-BJ)&&fVTrkHKL z2hN$y5FYQIAYQSp*!enlGoVVPS)yJ8IrZuvib z|Cy5}U+uY=iF4U?3|AJQ>I?`R_k%81ATm-%(fOc($7MQ7#ezWAteY7k_*# zC|bN?2>ht`gMbS==CL1Ea!HT~FwsVZcPt(5w$n&uqGt3b=b`-+Y69iXD`Q?f$n^#9 zUX0MQvi&C|@l77JI5>VqgtDRuKRmTLoH;2{9UsFfKEdXDSYwZ|4xk@(5uZK)(%V~! z=TzsZ;2=nC?|KH9gO8*V!c#T#vi|!f-t)|4VxFd2v)c#=!|B7-U%PM(^MSW7eRA_K zO^nwiz=|2#wnsW?G{U^>K3tk|1fc#+D7)*9r!@k(T=Q8$k@X@oXHu?e`JfX#P@H{C zbU7G*$!UDh^hnGioeKbkF@DyjH&2hfmvjhFs%;`}2y$v8@>&x1I Date: Thu, 12 Nov 2020 02:37:39 +0000 Subject: [PATCH 332/487] Auto-publish so-tcpreplay image signature --- sigs/images/2.3.10/so-tcpreplay.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-tcpreplay.sig b/sigs/images/2.3.10/so-tcpreplay.sig index f0b83be492495e0d06dc7fbbc976b2f8bc6cfede..b8c02f2ecbadb41c842051676601f7bc3ce2f832 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpYs3;2@re`V7LBIa1$Pk5CDLebjeZX7i^)?NQf%y z2T#9RHZ6WzN_%GI%3625oZfWy>zsIz3OM}28?(I`KP&w$sUFE#Awrn(3Yl-Gz3VKd z&$d8GjXS-$HQxc*9-NpS%~YZ-j7Ze$b7D;Y_biDk9*DFZwNr@nk|^zc`|ZOI$=B{=kX#hW9Y^ zNXCeA-Z|5>03EPCJvp1-KVZb<061J8gI4vNl5kG+p`lwfKpTc;`+VS4JfHyz+`}V z8f(oaO!R1H=Kpje?gMyh)I2ACBdEslC`Q+J`tRerlP#vQ>-N|D4%6T4V&ADD%?xAk zlAO#t3O|rk7kqzZ9E0r3M6w&sat^6}G!{<1K*>?Jf@ah>W6~fl>`8k1->N(H*!nog hQGryZ(`)}{#nXI1z6g$?t33LfKjNcbg*mzbRfpqM1(g5* literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JUYY<32@re`V7LBIa1(5e5B?@^AH}$(r+SR6zBeYc zFFAc$86Zmm|9h+c-(p-)M=MVSsfepQGb@3u-=0_xh zDp%WFso2@6H+*z&FF_H-vh==YK_?ar4nbDSmZE7mx* zhcoxq(?MHldT;6{mYK>&f~mSAAKA{c`liu6)lT;iwA$WSSEoxGXVf8X*_OX)1IAyS z%m2wwG5yaqzncZ8`KFnkYuU+wWf&`y)%wJcr?6xh^eyTF{OVpG(r{zNzTHV1zxgz= zcdq#%j%H7%(#KWU+aksB1jyt2hdzkDd z$Qic`XNc+7hn%!x*i5Bg1M-mZxp~nno-X^lnf#eVCdUJz=|7{3-P%Ks_Fz;zX=BX8 zqr1l2xHfUJO0XfvxftLz&`^L>SWnH3=uq2*h0reZ>3BRfA0>I(0)Jr9fM%c$x_We# z5HZL48Fes^Z$w^X_%J4~*wo9GX-c9#?sFoAXAF(6gT=WSd!e{7GH>KWqAc0E>}vXk zqjj;r+>!-187}nK!;fsh*(>!T`{7c@E8rgRXle2g0#^RSX2)^3uz1{P&!$=9z_5E From 4286ac0dfda9f4b8db508c94c1f182c8d244fb26 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:38:46 +0000 Subject: [PATCH 333/487] Auto-publish so-domainstats image signature --- sigs/images/2.3.10/so-domainstats.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-domainstats.sig b/sigs/images/2.3.10/so-domainstats.sig index 694630c583cfaac01b44f2c296d75881add683e2..40af186c8e2500031b47513c7eb3821c753eff77 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jpf&&s2@re`V7LBIa1;J35B?{t^iYN6(`)BoAFjla z8!p;i@DS!98~Ysmu25JA?-i<#;&7QoQ=RoSvZ2fkdGGWzH%p$A;y3Y5m+UQbu(xKX zqXLSZCM*-KKQ_%g%6V0{?$@G$PD2kKB32N`M^EysjU7ffh|6y#+txhkK$4cMX|yO> zYF6Rg=?j)8$km;N3wIIINfskufl--D5#Mg~GenbjbhC%{RnBxyk{8$y&iK*N6{1K? z^!Afidx=%D`!LgXB%!`D&LnQ-<&}HOl7JZZF@_2iE^r$EbCGhq5!SV%H*QY}y!c|< zq=HR*i%+B;z(iDVURLinc@u^`{~Lp`#A8^3B&kQ&I|7B+imNJ$V$kQe&N&VMaLN!) zudk7eimfqL3UQgs)~8YkSaMH(o~cmJbWU|r<@c?MzOBO+3BM938QdB6hoZrz6Ih|M zcQxKjiQJ7MR^CBTa-fLoxR*OfUYLQ;ucdCt_}f$HWE|P6A`|{f?f$#qJY3ppu2|_q zu@GZSDO$N7P=FC+2Pev*rwk!GrLqIf*|PH9*Y7%yL)Tr{6fJvs`>%)( hr;gRAFzr-47XO{?RN4Z(BhH*5zl0=g83>GvGP(i28ga?ZSVa0hieA?$R(-7wLb{-#+6A=8+Tcr70qt^e zYmQGQ$H2zYpKY>J4Hp?y!U4b;ib~V_I%8!&!@0EqAtFM~MDcE~BD&Itq1bB<&RW3p zD&l`sd^~V$WsvM|GH}zvCvgGAJgdo0K3I2#0Q#4Gj@DYFR71_|iivkCJ;s(}|FB5= zbW3=>jd48Q@;|2O!Oo|tCi?zO8(5uM-P>X z2M&I?;|RUXYCPG#`OMf~Jvd#O*sf?WAGJszpPiq!nado-D1;l~r8Z)(@)q|V1(;n; z+}-p1`a-jN)*tT)(;byV?l3Y^9+}i#JlO_m?-NW5oJ!p{=0ZPEwlRiY%!lhn>>EU1 zck!{_R|ro6JMsI={HN-`G7wZnUmNRN0@HMPp-(dMGS_XPXZ)AbMxamB Date: Thu, 12 Nov 2020 02:39:48 +0000 Subject: [PATCH 334/487] Auto-publish so-elastalert image signature --- sigs/images/2.3.10/so-elastalert.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elastalert.sig b/sigs/images/2.3.10/so-elastalert.sig index a05951e076fba76ed112bbec2391b2fff4394248..2c1eade9ea83005953c2310eeaef8532ce5538ce 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpmYEV2@re`V7LBIa1*MP5C1};$CYsb9{17~2|xZN zs_vWD`l*obW@gK8#1!Br9fk{S_KM-|tNgoQR;9aTd-u>@Lf5{Ih#8TkO`J9!P=4yy zsj=V?@LI`}Pl_@pwF>Py2-%w{r1QR|DM<0jw}EexgU@o`a^tS@*=XFmgyG5#`}h)D z3?{mx7y8x$Kv+D%m;pbfTF$ZX=;*SE70a+(Fewtvk4t>XTN9`HF?u@wn!;>FJ3nH14B4wo27oon{h`eR8VqO++J-**PxbQA-Cl8U(#1xE zx~_BoT&p;A=Zwmp?n>)Jw+JrJ31f2#8HZbA&KCr#rQ1#xk`BDG@HKac(LD%%G6cKU?ciADB& hZ|GDxWaM<%H>sSX+zi0`G#n$GltnRe&-?Oe~t*sTqX62?xNy7|`CN~ejxi1WZmg+X!aP~v9+>5lyhGUPvq8o5x0r2DGi z*g^$PM;651rYeJ%pp_LN##~1H{7N11UK%aM{RjQx?7W|+nORwm{(Mc`i12rd#F6H< zOW@d*y-pF5yX^q&y)+nu-jsqo%ZL#uP7u2Mz(S1If171ML?-y?EBd1)nz6Jh`W From 71370d45228f3e565527931f11ad7d3bf97a327b Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:41:12 +0000 Subject: [PATCH 335/487] Auto-publish so-elasticsearch image signature --- sigs/images/2.3.10/so-elasticsearch.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elasticsearch.sig b/sigs/images/2.3.10/so-elasticsearch.sig index 34a8c11c36b2d5f543f14c7b6948bda18151e02e..263de73c260a133f43db7eca1aebabbfcd3a7191 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpvM3T2@re`V7LBIa1*Zt5CE!I-Q0*df@qA_pY6sj zjA#J;9do}H{7}{`rLX(NhTKRzv8p}x#`i#RORa<23 zW(U-0e6ie@!(vam-i8C$=O>Q;i_&h+J?i|Kq5x`ZV^n;fziz*DSkj z#CPNB4%nIE)Stig-e)b3;AJd{wr_WJNPGKc*J<{Jw%$KhD&=oBe0T5j(CIN?yFQN( zB?Q{{qs5F~TWDkt#{b%?l<&rKQtZ$IL30dNX(`~z{?>X&Ev7uR?*-I%SMPa=`As-i zgWScN$z)k=$_(vFhpetN9|NE2i~cAa3w&o-jd39Tfkxv(4d?*&mK=gTa1W4;1J>{Q zLQO79_*3I*2E$tHXwJM@{QX*`)E51I&) h6V#gL*PLutcug5PWVA0}pX%CvIoCB{!_|lz9X1Kv5?TNN literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JU-SS92@re`V7LBIa1&JT5C2S`3)8}s!)GJ-47cGD z4;~we$^@Zs_@UNB*tXu|ma!hH(x`g((oq3ba(GA1<#iGQ1sy}f9#y+NzDO-YOo>cB z?6~-_fRpyjxZl3N&RKrDlh=VDqsR=)JwU^B!;vDf*n%08G|8HoO8&yKwO&7#sg#O< zBqO8HKD?KY=Y-^U0n>k#eetdQKJSZ=J&=pUfoi4rI-So28VyXKhng34xbXmU{HsoO zStfF=8{xCq0q&hES|t`S5D5m8q20ez8Mz>yuf9rdW(MJv(8p$d>ND=V`5J>(qQASU zahwl4Jgmn=WfF7YWmc8>0R-Q3>$gKqszZ(=2Z8_9WMNaQT%}${Wk-tvWxZ{#pkik; zMwm8n7)AlHp(y&+jgR2TM-&eUR6`gBxhUdX`(2VU0I4ZloZ_j3I~7L#bi5OH0iubL7;H4Da#45$)Ti$LX+IqciSPK)ZYdVxcl+2+b!tAt%~@lo61lOggq8! z*ayMeWivhz2=;Z`R0ct68L4EjIOesDPUvO|kfEHeagA)V@R62eb!CXs2Qp$Sda(UO huUI{|D|D(k3@%ku?i18tR*R@wLA!kDv{B2=k=P+V2A}`{ From f3aadcd5535b1ffa494d461476802f6cecf26eac Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:42:22 +0000 Subject: [PATCH 336/487] Auto-publish so-elasticsearch image signature --- sigs/images/2.3.10/so-elasticsearch.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-elasticsearch.sig b/sigs/images/2.3.10/so-elasticsearch.sig index 263de73c260a133f43db7eca1aebabbfcd3a7191..522092f3ff0d9d1d75c237c434f456077aa0ef29 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp$-5F2@re`V7LBIa1(T(5Bv!t$Eqj;?tD(c_u2lwA|C}_e=Bog2F(uvKy z0GK~(lmsfER`2Y)3kI0u!9C>;AqgdN#{=)_GQzSc{~PK>S+BssvpF|Fb-n@OWJTt> zGcc2^zhPG4Yi(lD1=Nr$!VIQ^iYY3A(4#7>$$L z10z{7+I^IKF&?x<&QA9%M;*Sa9mZ6mdfCkdJX-OcxU`o3~gdk)3rQO)u+?8TO0uEhz4 hL@p9czjzHpQm1CqwtXDE`0mavwP3I>YnZr4=Fy2o2L%8C literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpvM3T2@re`V7LBIa1*Zt5CE!I-Q0*df@qA_pY6sj zjA#J;9do}H{7}{`rLX(NhTKRzv8p}x#`i#RORa<23 zW(U-0e6ie@!(vam-i8C$=O>Q;i_&h+J?i|Kq5x`ZV^n;fziz*DSkj z#CPNB4%nIE)Stig-e)b3;AJd{wr_WJNPGKc*J<{Jw%$KhD&=oBe0T5j(CIN?yFQN( zB?Q{{qs5F~TWDkt#{b%?l<&rKQtZ$IL30dNX(`~z{?>X&Ev7uR?*-I%SMPa=`As-i zgWScN$z)k=$_(vFhpetN9|NE2i~cAa3w&o-jd39Tfkxv(4d?*&mK=gTa1W4;1J>{Q zLQO79_*3I*2E$tHXwJM@{QX*`)E51I&) h6V#gL*PLutcug5PWVA0}pX%CvIoCB{!_|lz9X1Kv5?TNN From 61b5e009c7734ad90f42b9b36dbf31db3348ddfe Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:43:27 +0000 Subject: [PATCH 337/487] Auto-publish so-filebeat image signature --- sigs/images/2.3.10/so-filebeat.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig index a3dec1ef5e3ac4f7a0db9b090ad0a9503fbf6413..b543d83101550a23c6b9e1a877c32947eb5a5ce1 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp-%t`2@re`V7LBIa1*GP5C3}j4>z}3TR004e|xt+ z9-#%MD94p@hu$R|i?8XUmprynyE>B&%XEcW!%e9To9@uOS5t8HwKV^e_ir_l~PLX`92wfXQmt}G+6CZmTLgBH#6%6~EU!lMXHe~vG z2vWw#7&sW%I={5%LZK*3m?(nu?xWI-)I~{YX-zM=U$;+m@~s0W64w&`RbTuK4L)1s8xYM74>s z?WBvSaf23;2I7iDTd*OYMEZd9fUAR~ZDa64JPPF3tUs3MR#*IXZCRJ@iKVW6RmxF1 z#mPIpY44FV!6>PduliB7g#1Gag&{a$-;ZlaK%)wxU*vLmfJ zyhhOtIcKI<#Vk=MK~(amRcyqKF~N(W%48Wz=|yQ6^e_165@U%(CTg%FflRH_>mDKa h`>+lO&&&LQXvl6q5l8ey{=dahv6LuD`o_?O$tXQ_0%HIG literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JopAsP2@re`V7LBIa1(K{5CEFZE-5HY#&5PPROLNm zb>QDLkxuOq?X?d^vJKoc5YnEECqc#SOzQ7ymWuadXe-?|2+EE^%YI7xpBoJV5oZZc zLyrfO2O4O{nfqZ*faVm{7iUyojO4*_is}j#U&uU2TNvvg52(HbA!%fX@(a}JtmG(g zb{29XR-?yU+M%i6$(f14|B-y8P=t<{b`tw_nKGna>6+hVq4{l^_N z1$?)kNmW>V`K>nR`f0XDIUsRwG7~lXj>!Mh*?A zx_5Ee3FZ*lB)9&v`amzg{jGg%Wr5 Date: Thu, 12 Nov 2020 02:44:31 +0000 Subject: [PATCH 338/487] Auto-publish so-fleet-launcher image signature --- sigs/images/2.3.10/so-fleet-launcher.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet-launcher.sig b/sigs/images/2.3.10/so-fleet-launcher.sig index 723cb5f081c26955693546dd44479178777a3ff1..776978800c766d02e6467baa0f1df6f4d71e1eec 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp^pFx2@re`V7LBIa1-4q5C27KEaf)Mw2G;%GabwN zNYabZ?#psz%>kyPsFu@`P$pVXV4Y#At%YG$Y@X1)Wnhp6u^$BCo@CRnqYmhV&qk;B zuJs$_WBc8sA-t8prAD_;qWtW7$yU7>E~W}ux2#{C`v?lTNKrJfl@LdF8_Eku6%s2S zcxIiVS{;CAqjZ*)cKbx%cU2`+Dr8U(_gh>y*JL&vL=DoZ~ zqGY-ib2rXVH@EK_b-mcv>g-L{iuFDv&suaXP&DK>3<^^T{Y(|!%HD8{B;Bw-4EkwW zx(_WrZ6Qo=)R;%5A}>>jS=&AX#md=6_K>7DX|3>uTMUt2pcYeF0r_tkDYkr&6LlFN z;TlTAC0zoeCGgR?7h|N-3jJH@9fK@MV3*u759~|PQcNij3T+FVJ0(6ObWy|li>lL?X-)} z3VF`QIVlC{q~~tXnVIxAZ#3h)#h_`!96)2Mh2)=^>6~U14nUKxYJUsb*?&$R9Ch20 hDw6Z`t_a~Y^IL47B^gP0x`IWmjr6E15Xyvn)&4+G2dw}A literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JV0Qot2@re`V7LBIa1(`25Bv?NWnx%ciHGB$k-6W! ztr`W&(kd^qDeU=(m}p~^OqX5{P4wxjNZ#6;YX@G_VGjDlEy*orw?=e`1{sCD(!_TZ z+vzyMAn&5;R&?IC#2Nqa-tANc0wkC>yBb%Phkjt+_&B_+XuIqqNs=yIH80cmm0k(; z^AR{UiKTN|g&uhaTQ4KYWC78e9BPGN?YGPF1S~^f9o{U_u;_Nkr^#r@pm&h`tlxCMUxh4Kpfi07D&$x?@${@R8_#GIetnqjiqhh0J)JPipVX@k`MSYjxHd>#-3bw4WwC hliTr8CTMEH5_u;UMa|@&C_r2BVHP=4#b~Jh0YjZl`@#SK From 6ac1bc5623993e2fd129e74791939573120a9ada Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:45:21 +0000 Subject: [PATCH 339/487] Auto-publish so-freqserver image signature --- sigs/images/2.3.10/so-freqserver.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-freqserver.sig b/sigs/images/2.3.10/so-freqserver.sig index d636a1ce821cb3cdf3c82a638e0aa3ac71081974..e324d53e087f400ed90bc07972838ae24d5bd2e9 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp}+tN2@re`V7LBIa1(2q5Bmolkb#zA{F8jbSO-W& zJf<%iq-Kol15o#~gBew8;%7EF#?dHK9=CIn=!h|(B32uVa=FjOsh5f zXR^xRuIv?XaXLAh^GeeLE~7Vhfb8BEfX4p|BO=%r&e{g&MUjDDwx5bs(p2KYOo@Q! za#bgD5fnn$W7EZuQPiKCV{n~WiZw+kza4qU8HMk20lUGjVJA>ss#gAd|gH# z^~`f4e0xpmfla`nxu^?Qbd*nRFdAUB_~$!rEGFK4j5tGOumZT4_KuAdo4Qcy(KOc> znPThH94p;><4fB?7KlCYC#%B2nqY6WKJghAI~(j$qi+ZeWY1S?0kNdMGg+XAvtC7>{*A=yEGI4HWimk~BI^ki8%6l=SS`X1-ejI}bG*NC0w z-(q!D5 zvfUW&U}8WcWUX(8Js=+m6aPQ^V!A6}GrG;^aEAbNwqRe%w_?c<3%mdT From 202c672798849be04ba8da6af537574ed1ef7148 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:47:00 +0000 Subject: [PATCH 340/487] Auto-publish so-kibana image signature --- sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig index 4351c59b81fb1d3fa0d916b52ec1ba792688dc17..d55179fbc91338f5ab799c0d0b8b5fa69a2825e6 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jq9gzc2@re`V7LBIa1(!s5CDXt*c`Nw z2RLEMoy5~1{LKjADX;lnkO)IMRZygpU*v!^%vp+YUWB+jO9;1_D@8A%EgH8HN&6vd zb+U}A4ggYEV#-4(3YNGn(x>s}`G_5ZB#a}TeZsFxf##OM)^h90zZp8qimvBf5Z}%# z`U~16xEo1xYtpOMJ&l#4>L>HHOWWX?E1K$lF|oZ6!ho~Nh_IsDAib9^QHYf559~T} zIBKR5u-ytgU3zzh?uA|2rOZ?RN3U}fer(%w|M8DQ@Z6o$J<_TpFHOAPWS^lvBTMra zfed3;K1FNInH0Q^Y(>1-FlL-?j+@2cVz97(L8y&wTms)F$=!|2KFW`;d03l}U|xv2 zFhX$Tr?>*8Leur^o@TX05H>T&t`ikvp(git{0BwMQ&klIEZV|kuR_9G>fr@g%gIn$ zL5p-aGew_$N4Pya2!)|*Ah%^H`lqU#+p-|MfGB?G)!mYJ3#d`s`f^{_IXCD9Gaij# z{u;qu%4x-W;XO7C8Zxy^b^AwAhhAh$y2L#9bSTpC-}Y zu02I@iDDLB2xu+JfGv2+Q|1TrD@XUOh_~r# zU8-3hls;*Fh+hAZxc9tkFo3txF)jL;(C)H!EliRkt-{2M+BYJ{R=Q#if(na~urac+ z52hZYr%Vd@Z`zu`z*qP+&@|ilv^QK^KE>(9Zy$pz1ssf8)Ux-MK_RF$u+&h?Az6z* zz?gzdTU!*=s7xpM+_&E=EmT$+FUtqZ(&J1SkeQ#4rlz-a+U6vc zte%ppUnsg-PZnX4sFqVeuYq47c-P`)_&06$&N>2gUQv)J;6;3{9FswAYKm%*R&p)& hN!l3;g3pHAB&?|*z}|l!dP^%QM8)jH?Y}1uM+88U4vqi- From 3107f469407b0eb08269302b2fd9b73412cc028f Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:48:28 +0000 Subject: [PATCH 341/487] Auto-publish so-logstash image signature --- sigs/images/2.3.10/so-logstash.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig index fd2875ad3d10b24a961f42c1ccf212c8661b97ce..54cb8d2b87e74ec885d3bc23b8cdf8b1f0986017 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqI>`f2@re`V7LBIa1$yP5CE-#ZPB@foH`LkCSY#$ z?H8E)^YJPXFduzp)!c;I4k?`=eGm;_!ouIqg$u%WDY@yyPPbNz-_1!sWg>5-hCg>a zvN_k<$6GJ2&$C7Pu+!sPMD6sM`~`j8bV zMq&q584lg8yh@|onz3?K*o7ycKDpF^rG5E;w9nI-KR3@!F7S{CL!pF)y~J|`ATJtu zT+2_DejBFyJ?0y-$^?`>W}4w&(I@`z4<@(>S4`)_g2}nmHh8bzo)vRLF2cXQ)|R`~ z%kiXPOwQH|IKU1Nz>(-v*#LX!s zoc%(_+^uea53rjKs-wVFPgyaG6tFri3VF;=<16VCmY`a>h?adiljK1mLlF+q&*Wj>8Y*b>gAMU(nxkr@bcEZe z3^g=TX(7IjZQpFxOZs*6oTwr! h6|dxNp^@EZX>wx>2p&g|_DElZllE5&6e#`|AjK|11zG?A literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo=gA=2@re`V7LBIa1%R55B(lf1#q4wu{thz%d;wL z&9_j^GKkd24YXkFl+@}v=M<1@GSnlqis(ly*9(#eXnLa0D#lr5!(-xBQb)To%~|>!&D|Pqq#>vL5>UN zu6PoLD|KwAgY!m+Gs(Mx^fMY1XmP-ds#7<2AE43P=*3_A>li46f6K0ZcuJZ^x+0wm z56{sR6OC*t@KXJ)N0{O5m8{HZMUxXv$yYV)Euj1~J^Idjj4WQF5E~Lt#uX7DO#Yrh zTCB7m0mqhcTd4&s4(LP5JTD%efh|A=BT1h#^<08+D&8P=pCp5j;5BlTJjE$d7%kO- zTfPlrMwGGFI8T^hh`9qlgB}F-`B=uBO(6pID{duhLH^3muDD!?HfwrPEy}qxdn-a6 z#sck*rd101xZ%V|d8zpddZFdU0YcNxoO*}1ilT6BK4(w(3)lw#yfZV!zlk=GQ~Ty3 zru82N<#LV{!^(?5p*wK5D4kxo#wccZu#`%vpDPhG0f^L Date: Thu, 12 Nov 2020 02:49:47 +0000 Subject: [PATCH 342/487] Auto-publish so-strelka-backend image signature --- sigs/images/2.3.10/so-strelka-backend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-backend.sig b/sigs/images/2.3.10/so-strelka-backend.sig index 137434bb8d31316b0a259ceb8fbef1f98326ffa5..10db903c43234104e83b533724aaccd1d629e86e 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqRRjZ2@re`V7LBIa1#;B5CFgU8CIS_zk=t}xEsA| zYP_1*)qrQ+FF8FVZ0`Y11Mq-KTvekDqd$hK5~EW`=mZD)CINX~XX|P6GgaXqFC_~$ z*I$P>V$-e|3QqX2Kp+MD4oA>r#9sm*DRmQ#6Z9Pj{pR$a)xy%b=%D=Fu-n`iU}hS= zi)YZ%EFp=Rh`oA@d>_hhx+bW{G8u1gO$lQgR`VmtgR}J9&*0n-d-RmY1R!Zy8GZ>h zTiS2SFdLwRE{-40T%B;ArgG_gjW6QNf6;h(9tDYw$9PdQZc=D32U2}$ocPL%Q#GoZ zL~oJrC3Nmjc%wnC&;zntvmc5v~8b=&l&B5I@+W3)%x{NV_dx!C# zT3lTeE!8@&r*as#E-WGy?&Bvi45e#zI~J?ri5n(9*mUS4THe)zUVWOM45Sfn(o+Ts z!C(ebSo-58WTF+FJ2C~ql?)bg_%Qn?JA#6na%c(Sp!XihIK6j2;%TxCUYcILgE4Td zKUw438(2YsK`UfB+w%3rLzp`rBVyu+s%=lg7KlnYQZYjPZ$^wx0JasJGT0tG$^h7^ zdI-P37PH@(W{k%${AEk%?7E85W`N;5?E7Dofc16Aft&O+3NQ(A<0g!@?#X5bDWYg_ zu{aSy__q-K{bxgYWUXI6s|^!z6u__|eJ~}bX7{KUD&gyyknD>@sNu^7SVqP0h-sV7 z;zFO8CWTXVwL?+*M!p+5eZO@ev(Ua;%w2}F=Djz*9|0rZ!5CrTRl5R+Fk;#&*PUn1 z$HZ?SAp%j()F$&fz`1iRpWbrcJHb7JWS5?wu7E{g@Og`RwUyw=+d~@hP++HBFFUvr zuR(&v+T6>77}YnGqCLVxE2=1j66w2{ij;ISQ>0lHqFZw}f@y@E12LYm%Rq4H83yar zT}8`(&my(VqNgapD>)p2`DQ+_wDW>}eMQvzpv6dAhn1Fop$$ddPs6+E*?$vGj${Az zKBl(S@ZGWsxK~~WkxrNMXBBQ>r#L3be4VqahZ9xG)84lf+ustZW^&k|?*COMpc7~3 hB~5D(;`qvfL3qwDQEXaboj%iO8hza;EebzRVv)HS30?pI From b086f5e5c121725ec7aac2e0c13489951be3e9b5 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:50:51 +0000 Subject: [PATCH 343/487] Auto-publish so-strelka-filestream image signature --- sigs/images/2.3.10/so-strelka-filestream.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-filestream.sig b/sigs/images/2.3.10/so-strelka-filestream.sig index 79a829a76c261e5d9a93825b8d47112b0c00dc74..e20af1d3171163095423f2eb2a0e8ba8b6c9e047 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqY3~D2@re`V7LBIa1%@(5C2PCv~kkjfA%(TV;b5% z&I1!(2_1?@+_1o8tb4H|xVB3i#fJ>5+X!5zxVX-vT$uyAqD$YueH3t$b$2?K#Xfov>I z)$J?=+87Lck`AKYXLw`OtbMUlt)Zl!J|;Ny+gqL%cEpa9?03m$4{Ar)msHaKIN@{{ zpT1d6DH%Um(PRB~kjtApV|0xaKN$vhM!&)>+$7~RLbi8{&2Hley{1vhQcGQFQkNGo zLoQ1NqS@hHzzhny*h(N26YbAt4#uA(2e?w8)rMNnscob4l*cO)%3?ols>W8f#(&2S z14ZS(n0=~QT|XbJ%k>$BkQmB{#_TO|Q|9h+7jOGAeo@`1UW4X)Ax%rbfS8Dik!wSN zCdUDzqsgXF?>V=7u8)(E2>Tbeo6z!fxNoMd4DnN6So}5t%liOsr#$6gSt7Y(=rtMG zE_AKH84p;Q{dd6vdfcR(=UQ%}*sZf{*86#{ABoY24w5HKVy0b)Knzg{v=BAEWl#0< zARE0cG4CzEMM4E%s}XR1DPFrxBubeh%S%(n-(tq5&oh3SS$DIVmSriBd&kR`b^~2d h>_=2M8EUox;JdbH<@;C;!UShVu%=hgR_{TiCj_zx1R4MU literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVVD342@re`V7LBIa1+W!5CD?UcVLX+Lq{}d)p>ob zs<|+!8E*XXbxNlv$#M}ro^uXQWAmv8 zYui0e9k_f9wnjUxdg1Dj#31NnOb^+dbJ59Y&*QwH**@dPSMDvMtnps%koK)vZ&r20 zv2*#}@J4_s6nUfv<}R8y-ua@es*VfgT)u!&%@`Y~Ql|L9u0 zH{k(#%Q}dq{5e8%Pr-RS zUrVm0HvutlZRAy8zh6w8>8c&8z?mj)`1`B?dfBhU?7=k&pU0qSRY3o47F5nGQg&Nj zOCFG)ex{m*A!??GUb%jWUd8J9g?3Pj8@RecSS_9ZoQrH6;B)gi!q;3(5XjzDsMds= z{Qd8q7FGsI`d!|qGDvt##H%7*yisKPno3-*u4XER(aU&1=C8OsF?ak6nvl|7J9Y2s hX{t>Vj; Date: Thu, 12 Nov 2020 02:51:38 +0000 Subject: [PATCH 344/487] Auto-publish so-strelka-frontend image signature --- sigs/images/2.3.10/so-strelka-frontend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-frontend.sig b/sigs/images/2.3.10/so-strelka-frontend.sig index bd26ecd9ee43070a7826453a639c8ee250ae5d60..2ab8027e70b4b61ee11798a748137ffacf8e88bc 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqdEWz2@re`V7LBIa1({A5CD$C8&VhZ9#8@tJT=ne z^xqHwKu@HOp9o_~!CULhO9k4Q6BBre_i>?26At15?|J*r28~Y)4;|^u0NK~gRo|RO zfw|}TV4qVcyUI>(S0FO{@bsUTY1kF~4*@Gt4_M2`WSV4%43L>7Q-)Ck$SI^f5fyH=gL9H2Ox0*9jf*Xq89{zs8HSIJt0*c1Z^ooB)UAf9DGUn>#KYb`$#* zTJp@*!PbKT1yq}Q`1+ZHhWj){9Ar|3#d94)gC=&k<=TO{`5x)QVOs8DPW@G;tX?XB zc!Fb@NgO5q)?KlxlpC{7TXlGIWso7VA5*t%qqSrLz)ogv53}2|K~B(S#>e{6RD5Az z2o{G_zkzNfOY-24d5QI*-ePyyzzI`$K@vs(GgTFHrXR%z(0>frW(}!gXWBa!5H4n( zCw=(OZo$(DxKRT{{R=;diT6cZ?~wNrQ!Vi_NcwlP{)EAZPgLxR_WAZWnhK2K&PQLy zTqhW|RBvgK3TUMvo7pApQtiT*5Ba{lLNBs5J-`|22b`?RtZr_2 zkdkrK9<-Z%c|$O#>~u#9!H@soh}X?zW07aq7JV`=O85f*3H390ukE>N@ngXCb5^k? h2necsj?%q&l;~LPsQ72c>X{#MI2qas9Na;_s(Tr11Wy0} literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVbA~y2@re`V7LBIa1)X+5C3^_wP8MhgWgCdY*4>I z9SBqs!#m(+Npm>Ad3Ya^1nR1efFRGU*Q9gC&h^=R2pu0u#4GBKfrZZnS1av~BGdeR zv2-vcneUgiZObf*bXGxOPp;Vjg3h0*oPDE92T2arVU!4d#{X|a`k3f~_2lTcd>g>h z_Co{W8(Yht)o?#@F1i@`xUD={;v*aLb4fhp=uU%{STuvZm(E|)jVT^MAc$v_yQqJ^ zT?56li>_reLrd`-!G&;rB;uw_Ga&P;^b28bX~2mp2INOQ*&jXp>EOa6Td)OyV$Pb;P*&|;_d}u4*K*CphVwfrzAqJ)?CE19yjYPbnOw`aXiJbIUC%M(S>*D~ z(6iKaTtgpQvNDrDN$El`%GXMdw%6UWkI;0@x8yhW1{4SIlq;NV7_r!zs-Is~e(t1% z%>OwNa?ARo_nhIIwy+Ein(`d_l5IHhb7t?3ILhEj1!+^8xi&+Z&8wH%@m^BWkJiPW z;RTfj+-Ya>1wBq`+c}WOi|=1#U5% Date: Thu, 12 Nov 2020 02:52:24 +0000 Subject: [PATCH 345/487] Auto-publish so-strelka-manager image signature --- sigs/images/2.3.10/so-strelka-manager.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-manager.sig b/sigs/images/2.3.10/so-strelka-manager.sig index 6250ac29f48dcc262e78ee837d2bfc19b04fc60e..63e2c3a2b596acbe5182e6eca1ea5d841c9cd154 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jqi6sM2@re`V7LBIa1;8e5CFfw=Y}5*T<@NSh8 z(#A(E+@(874$e*rCi1ptM44ReNZn*O1iHnR%z#bl zf|Ld&zN3cwn6K$x{j|40Heh literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JVgCRM2@re`V7LBIa1$!K5C3qRG{?{eL131VcTEVt zbS{EoEZih@hyn%&iuByX)p941Ib;3K&-;I;8(=BnTMUF(a${u|%hR#B#yK zd57u9CJVR)P3MvoD?-qkqFysqr*#`)?zolxJlOTo67UQMnzMAhESn=^qbB^#Io^Up zG%4$0c_z|6=#`2n5K1KCT|oMKECabVLBw9pph_=Ch08S zzZ4t^xa=*%0LJ%8<3f;S#ooPJY9$7t0(dhC-8m;QKN$NYov3LeVYV6Y#((#~f~e_f z%HhIW>F+xJq90;|T9JZq3{y1KFnio55#kyNP7W@Cqvs#8hxEgUSyB6p(be_kg8yRA zG&KC%HJZZ;cY)yQP10m5Y_$&;4^Jbx=bg{KGTfo-Eqxn1dU;Fwd90#EVS9#}7zc=g z6E~g~j5k(wi5f_AKLxIq<~$_c??P#UAh=~IKU!?Ee-qt{BSqK(^h_c00INp z3)H$Pp%gS^9(;ldLodJYJNKgczRD~p?Akf5gwCZ~d4Ls*7Q$-~nCmgqcLX-DHjVC* zlPO_Ltb-lGgNw9Hn=854+<3mpvL5w!!#Ocdon_!b-O) hlsz`^H22vvV^&%xHYl+9O|`adY!O4Um8j^(*a3&!0DAxc From f96cc35d373999c03a6ffb7108f3e2f6fb78d051 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:53:56 +0000 Subject: [PATCH 346/487] Auto-publish so-thehive-cortex image signature --- sigs/images/2.3.10/so-thehive-cortex.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive-cortex.sig b/sigs/images/2.3.10/so-thehive-cortex.sig index dd49ffb9d77eeb423130f3093f2c124baedc4098..7d3321db0d1e54d61400498270405ad6bfd7ce94 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jqr?CT2@re`V7LBIa1&qW5B(gKd8-VpmykIk4vwp6 zGAi?(|4bD`I(yW!>VYx?F7UZAxd*wn6fcSOvTJ#vjjCOdHI65Aqt>+{>(D9F8EEqiB`C;qzv zvO((m`k(v7+3U>;8CJ=6!~F;gx=2^V{()uLVDCWhThU))HP#tW4ir8lbzDZmMr=~g zL_LJVu={Ib53z>=;FO#(CjW>TtNVic$&JBIC`nU{X}QR@j9t>cxgA6W0|5>ta@@SdvP97TVA}rCW6fgdNHkZVBbSzXNQ<4Ph7Mo8WU@i z3Di~he9@0@#E;X6`{uMXPxyL~lmt8poRp-0idgFq0U$6JqVvI5(#bB z%$chDOHD~gQKRk<+DUgFyf%(;>RXpdaL39JB0YH)j6PM#aJkw4k%ZsC0^fygd;DHB*|vSPhAgR6v0i+`-U;M~UU*8jbwI(u%Lot= hKpl}zupNB&%}=%p2uB2J>`{{EVj?mk%>#?eLr0ifQ8zp;oO!~5WndHpP=7%|Gw&e+8IA&gRw*J2M#ip< zv}(xA@s!TE5R>Y21(De6d0kcN>M0AuhN#WX%y0;^#TT^W#-P<5`snvo_ctgv>1v4M zpOvGARe%i>`_sIAm}y~hNzwwc$b{JW116)C^pQ1kN=nY^*@f#9M( z*^)Ga4vyZCqs4xRS}Ot9Mr&W)7VT-APCtbljZBzCrnGUj{Mb2793DizVh?^d2sYQl zh;zUZ1)Ytipgo|6FtVF02?J#WsibL{q(1aoNwgif`pFc+SN6NIlof=WsN?ZaGqbC( zG;>?CHxA2QoEjSwN0fJn;_;g}5I&Mq$YyWDUJi3+CBg<5YK@D4AfHds==MA6UDVZU z;;)uODrHrt6G2HsFaDo)whR$juXzgaaTg~jytO$X8!%2#@ep~bA0O3+oTM^z+Pf?9 h=AcXsVtd^?8kBcut}XK8OeXkop1qA2wxiDVWM~Qk0viAT From d1fe79b6428b3604c1d9ac8f57ebc9d21e63a2b5 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 02:55:19 +0000 Subject: [PATCH 347/487] Auto-publish so-thehive-es image signature --- sigs/images/2.3.10/so-thehive-es.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-thehive-es.sig b/sigs/images/2.3.10/so-thehive-es.sig index ca44118126868c212ea6f8c06d26da355eaabd00..55258326f3f7fb6ff00e09537d2b4af4c84f1720 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jq!$1R2@re`V7LBIa1;1N5B(XG>oR=%mjy(Jm$}H( zq{x$T){g$MbRLn3);`!s}*D`CE?X zCwKm8<>F0<95wCwKKq0pc3@;D7E7i(MtYOaxk0v{d`281IQb<@0?~im zswU35$5n>IzU(UFx42Jr`UGmCcGO`z`*N*F8`Up_abrZlNOPO4B0M7h@^25V1~~!R z(D`w2DzlK8E1Z1+#s054bWN&_%v!%$*~$o{ICX*r;w}*pVrhD^lI4Dsm^Lz?QeA~b z;artGEOm@eh2MUgfG~T$B$A7{JT+&xL*%pj;QkTAQQp;tdWK?Y2-jugq7s8=y_pir zgYT%cImDRDL{%eB0eV<+(3cv|1&O|-2&dN) hvd#Lu(LjU<9$*6D6Rz2;Xl-0EUZlv+1Pe^-qV8}v0g3e`gBkFb4jd~2wD0?8<_>cO8*?ER&)eQGkHTsNDvW~)d!YyZ5p zkaP|RB}LT>M8i>B&zk>kL~M%{-;n#molpRP0WrU7si=9T4-JmzpiME}RgDO+#VM4! z;FKw+FI}=*Qj1&6l;IBS|I2-^ZX>aq*74d>X_5;*tn3WenVr=PbaYwSj=i63`;h~U zqwk#?CYXb;;BZMzei`^PPB0oDidOx?Ny5f}^Ers*3?wkdl?j^;e4G^%Ox||%mAsDJ zrD=0wYR>tjlei{MkeejM;rJ7ll@$|R5g3%(7+1oO(bTMr0(>4NoB=kDrk~>-cLUSz zq}HN1g&)id7xfP^OHxu;iZPx}Q@k~Bi~fv;`p97Mv>jh*(a$^N0jb{Pah-fx2X0W( zzF;#mogBqbDBp2bNJnll6;BBzgy$Ot(?)-vQJ;e z6O1Nwkl+{o9vzOoG&gQ!N?;<0A}6ylx){lVbb5>T?Xjr6;#T?pvp8+232E`w0dYPI z+Yl50_s(>V9q^5duC6cbyze$T6LJ-0%VgsD<>fb@)#hF8mRP?O~T;9_LN-9$hN>Qc%}2MMBU^0-*o^ From 4e40392c5501869d8fa787d1b76e8a4c81f950e7 Mon Sep 17 00:00:00 2001 From: Jason Green Date: Thu, 12 Nov 2020 07:16:07 -0500 Subject: [PATCH 348/487] fix for #1725, grafana queries use non_negative_ variants --- salt/grafana/dashboards/eval/eval.json | 20 ++++----- salt/grafana/dashboards/manager/manager.json | 44 +++++++++---------- .../managersearch/managersearch.json | 34 +++++++------- .../dashboards/search_nodes/searchnode.json | 24 +++++----- .../dashboards/sensor_nodes/sensor.json | 30 ++++++------- .../dashboards/standalone/standalone.json | 32 +++++++------- 6 files changed, 92 insertions(+), 92 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 241db393e..c9f3bced4 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -3565,7 +3565,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -3636,7 +3636,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3656,7 +3656,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4036,7 +4036,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -4084,7 +4084,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -4143,7 +4143,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -4214,7 +4214,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -4234,7 +4234,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4278,7 +4278,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -4298,7 +4298,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index ede457cdb..c5c09ae0e 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -1795,7 +1795,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -1860,7 +1860,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -1880,7 +1880,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -1924,7 +1924,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -1944,7 +1944,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2459,7 +2459,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2524,7 +2524,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2544,7 +2544,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2588,7 +2588,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -2608,7 +2608,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3168,7 +3168,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -3233,7 +3233,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3253,7 +3253,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3297,7 +3297,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -3317,7 +3317,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3463,7 +3463,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -3510,7 +3510,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -3700,7 +3700,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -3765,7 +3765,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3785,7 +3785,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3829,7 +3829,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -3849,7 +3849,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index 657239b88..838a37426 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -1799,7 +1799,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -1864,7 +1864,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -1884,7 +1884,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -1928,7 +1928,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -1948,7 +1948,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2546,7 +2546,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2611,7 +2611,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2631,7 +2631,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2675,7 +2675,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -2695,7 +2695,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3299,7 +3299,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", + "query": "SELECT non_negative_derivative(mean(\"rx_bytes\"), 1s) *8 FROM \"docker_container_net\" WHERE (\"host\" = '{{ SERVERNAME }}' AND \"container_name\" = 'so-influxdb') AND $timeFilter GROUP BY time($__interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3319,7 +3319,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3380,7 +3380,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3785,7 +3785,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3846,7 +3846,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4164,7 +4164,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -4211,7 +4211,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json index 8677d9f27..a7170d276 100644 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ b/salt/grafana/dashboards/search_nodes/searchnode.json @@ -2135,7 +2135,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -2182,7 +2182,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -2781,7 +2781,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2846,7 +2846,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2866,7 +2866,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2910,7 +2910,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -2930,7 +2930,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3353,7 +3353,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -3418,7 +3418,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3438,7 +3438,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3482,7 +3482,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -3502,7 +3502,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 83b4bd921..048bb5a34 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -2729,7 +2729,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2800,7 +2800,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2820,7 +2820,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2864,7 +2864,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -2884,7 +2884,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3311,7 +3311,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -3359,7 +3359,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -3418,7 +3418,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -3489,7 +3489,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -3509,7 +3509,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4085,7 +4085,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -4156,7 +4156,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -4176,7 +4176,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4220,7 +4220,7 @@ "measurement": "docker_container_net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -4240,7 +4240,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index d5ddb4ca3..3bab1ff5f 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -2010,7 +2010,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2081,7 +2081,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2101,7 +2101,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2145,7 +2145,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "B", "resultFormat": "time_series", @@ -2165,7 +2165,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -2794,7 +2794,7 @@ "aliasColors": { "InBound": "#629E51", "OutBound": "#5195CE", - "net.derivative": "#1F78C1" + "net.non_negative_derivative": "#1F78C1" }, "bars": false, "dashLength": 10, @@ -2865,7 +2865,7 @@ "measurement": "net", "orderByTime": "ASC", "policy": "default", - "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", + "query": "SELECT 8 * non_negative_derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": false, "refId": "A", "resultFormat": "time_series", @@ -2885,7 +2885,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3466,7 +3466,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -3527,7 +3527,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4102,7 +4102,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4163,7 +4163,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4854,7 +4854,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -4915,7 +4915,7 @@ "params": [ "1s" ], - "type": "derivative" + "type": "non_negative_derivative" }, { "params": [ @@ -5202,7 +5202,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], @@ -5250,7 +5250,7 @@ }, { "params": [], - "type": "difference" + "type": "non_negative_difference" } ] ], From 2fba02f71b226be18059bdb15e7a4891e2b0f7e6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 09:29:18 -0500 Subject: [PATCH 349/487] Grab specific digest so re-installs work --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index b8616439d..3f6abd555 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -958,7 +958,8 @@ docker_seed_registry() { exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt + docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 From 667800d830cd8e85c13800eadf72d9eec685d6ae Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 09:35:19 -0500 Subject: [PATCH 350/487] Change docker inspect to variable to speed it up --- salt/common/tools/sbin/so-image-common | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 46f2d4a0f..9690f5ead 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -112,7 +112,11 @@ update_docker_containers() { exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RepoDigests, .[0].RootFS.Layers' > $SIGNPATH/$i.txt + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) + + echo "$DOCKERINSPECT" | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt + if [[ $? -ne 0 ]]; then echo "Unable to inspect $i:$VERSION" exit 1 @@ -130,4 +134,4 @@ update_docker_containers() { fi done -} \ No newline at end of file +} From 312f99966efa345f28a5642a449e1eff6e7a742b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 09:39:13 -0500 Subject: [PATCH 351/487] Change docker inspect to a variable to speed it up --- setup/so-functions | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3f6abd555..6d93fecb8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -958,9 +958,12 @@ docker_seed_registry() { exit 1 fi # Dump our hash values - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt - docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt - if [[ $? -ne 0 ]]; then + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) + + echo "$DOCKERINSPECT" | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt + + if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 fi From 04263101cf53739825e72ac5259f7c6ed2146003 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:15:27 +0000 Subject: [PATCH 352/487] Auto-publish so-kibana image signature --- sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-kibana.sig b/sigs/images/2.3.10/so-kibana.sig index d55179fbc91338f5ab799c0d0b8b5fa69a2825e6..ec6539f553d5d7ecd7ec7c2a334b0736f89515de 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KU!DL82@re`V7LBIa1%AO5C3XPP#rL7_q2nkazdMi z2r!AaS32tk(PG>b^rTT|+HhDBt7E{DtP~GRFpfn;FrdLcA$%R6Zs^lxV=tvqNi9Z( z@!2EgRhems`Ood&Ld%R8OpPt?S*XKdtZoe{qJ=A0*^j|9P|#;Z(G!zBc?fM8o6;hTGqI_VV{7#G=2TW-WX)Hq#MkeOa<^;HkXX zeAoE%3f`z2*_|lqucGS1lKs@8D+dzcs*Xl;$(tF%8qIIdzNwxHDk>w+{QMA^Ki^vy h8@Xk&SVUx(=Ef$i+SH4|9o~zb1~D|j1A|wd>uItG2eJSF literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jq9gzc2@re`V7LBIa1(!s5CDXt*c`Nw z2RLEMoy5~1{LKjADX;lnkO)IMRZygpU*v!^%vp+YUWB+jO9;1_D@8A%EgH8HN&6vd zb+U}A4ggYEV#-4(3YNGn(x>s}`G_5ZB#a}TeZsFxf##OM)^h90zZp8qimvBf5Z}%# z`U~16xEo1xYtpOMJ&l#4>L>HHOWWX?E1K$lF|oZ6!ho~Nh_IsDAib9^QHYf559~T} zIBKR5u-ytgU3zzh?uA|2rOZ?RN3U}fer(%w|M8DQ@Z6o$J<_TpFHOAPWS^lvBTMra zfed3;K1FNInH0Q^Y(>1-FlL-?j+@2cVz97(L8y&wTms)F$=!|2KFW`;d03l}U|xv2 zFhX$Tr?>*8Leur^o@TX05H>T&t`ikvp(git{0BwMQ&klIEZV|kuR_9G>fr@g%gIn$ zL5p-aGew_$N4Pya2!)|*Ah%^H`lqU#+p-|MfGB?G)!mYJ3#d`s`f^{_IXCD9Gaij# z{u;qu%4x-W;XO7C8Zxy^b^AwAhhAh$y2L#9bST Date: Thu, 12 Nov 2020 16:17:22 +0000 Subject: [PATCH 353/487] Auto-publish so-telegraf image signature --- sigs/images/2.3.10/so-telegraf.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-telegraf.sig b/sigs/images/2.3.10/so-telegraf.sig index 1ae3917e63b7a6805ca476aaad2cd626c70cfd19..ec5f07070dcd0a52cb1cc2cad2eee35b5dc03908 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KU=jcd2@re`V7LBIa1-Z05BdVlGRp&*6N$be2_Nhn z+Vj40IyPV5T|2&NVHCoESX_^V5wc1@x1w7@Pnps12jm9eG<(vMHF?CiMp(avVm9eC zO$nJE9ZA)uTeHw(zw!k!aZ|IGpNu$Jc?GCzpQ1 zGtUPFTOr9Sd!X6w2Z$0z=8eTegT80hpnn!F5K+c}J)+a=Jd}URwDdM|=?LfTJ)|;) z@;WjmPs~1f%|?{gaa~Sk(K{4TIBGpAE&eP&&+`Uf_{tVghPze-Lm$f_z}P^nb%Rox zJOEOdy0a?Asd9dkmt+Xlj}8E^r1He7ORfiz%r;zF3?^n<3fb$YM>;yFgEIbDK2?>d zpM*BG9l`#xh=B6v0l@MrcXOyzq~zWmEVx~qIwH0XloFk_J7k@xgwpimgcP!L%#7MUK z%)D#lX>-J*lm)!;^&R?IOJitUix8f2Zb~|#ymH{Co)2k{z40u8{T+{;=1ujBD)$=B zW9+p(nQ&Jg3iMqdKK%65VY~$7Vfq8~=j6b;z9l{&v#1u>st(UatH9Y?$wrG@Z?E`~ hE-3T0W@B*ao5wQ@t%omVyP!WJk>7Z-WtJWZlP>?10;vE1 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpJ@OJ2@re`V7LBIa1&Mt5CD(GOYa5h8)v0FXxI%vhYy>xq$PE(rpN=yAtnB9voyEJ(GN}0S0CB8Bkg{H-GHdDa; z6O7_ekOF3y(id@p;3E{>YIT@A?3Lkb*@Ka17xcoBJatp7-2EKc#rf37l{0NESL$2P zTfmlc-1B2;IN!?VCT7%Mm#Q#@A{!~-h`LmVqEecC zd$KaclWBLI^Mp2%2Rx`SIHE!FD%*X7b)Cg1(c3CFOqd__7wn|%V;v>g4hSs;{;g_* zxad;UV05|rq!Qv|-Sc-Vhmy%maTwH{*7$H-2v4EER>^)*3co>;MZ&C^embKTf`Tj~ zVOh;)J9m%sSnXK&rA4`*SAB+)k3&>{^z(}k3vmtJoDyi1U81U+0=X&TTBQe$zn+g? z1A8h+@LGQ!g+&R!G*Zz?X_Q#oglE_sI(sr6dORsNh-DTfZXEuIkKS9yJeRH`A9E)0JXcu&^ZIeJ1Hb?P From e434ccd3d3f3f4f66f3a7735f5fa4abb8e7322e9 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:18:25 +0000 Subject: [PATCH 354/487] Auto-publish so-soctopus image signature --- sigs/images/2.3.10/so-soctopus.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-soctopus.sig b/sigs/images/2.3.10/so-soctopus.sig index db4016176072d6183c51d2a50a3755b93f9ae782..af780c3ed4a9ab48750c63d3bcd0f32af026ad1b 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KU{L@H2@re`V7LBIa1&%e5C37j$inaH^`zua3WPA^ zolPdrF$)+}MOZs!E_#khPmIQRV-c6(22od*Y}QQ4n65qy|Yo)&)T#TmJ%S zJ5P^4`!CR_7&BI#e(4ql6pU12#KymuAtRTpR9#FNI(EA*m<;8p%jgYfzh>#TG!pDZe|e zKWoLVveyE<>^3Fk<3&W3aUdG4;F3rFf+BTeh6n^Cq;Y*lbu3}z%|nrS%wwH>udWZr z3~ubw9mzvT+YD!q8nWP}4#!THAvo90U<-+GA!0jBojEO!Ulg2u1`GS~V3BQR;oQ%> zpTz+h2SKYs-WYG!A4E5;E h;eLJ=4bo4syqZ4RShh$`TRTX*hx9Xs&3A4QH0z>o_`U!D literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp5_1w2@re`V7LBIa1#xj5CFIPKN+wrXZ^3>l*diF z5|k;Q*=!_p4z{I!^E)w#%$Mn^#J(o1@a!%!f0~HE25%Cb*iuF_Y?^=#j}zF5HuZQ* z(W;YpuY(?rpKHn7&-EX6L><|jKtKR@+uD_!FEF}qlb14dR=T|)m@1M+`^JBL^{@(Z zuZ`syEo(8t87lnTVuJ#_!0rnG4s2p0n?_Cad2owM1z3NYq6_WmJ2c(wG z)B2VJDQDy_ZfpP=M0@$yHLnG#U`{0u*rRnE-S3{s*@E;ryu9Hl?|J$N2$lsdz*f&O zWw-A^1!i#oiA}Q^*o9?+V=STUn7m4J(h%7sAO?Y4A$M92DgbVr%7#P&cYO=l1erd-oc2ioqk7uZzLGQ%D3~-M#h%d=rjN}BUOr&k=lcHO@oa|Blj`n2Pee=f5hd4RQM4x9_8B=hi+4fuf^4i+YV01boUE_28kS~j6#Yi-VL2)I h&I3k%jg&5i>>bxUC*v@^i00Q;IO^H{0?;nj9UyEQ{yqQz From fee52f8b864ceb95be5f0ead7d9c65d98c9d499e Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:28:23 +0000 Subject: [PATCH 355/487] Auto-publish so-redis image signature --- sigs/images/2.3.10/so-redis.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-redis.sig b/sigs/images/2.3.10/so-redis.sig index c6c1634cb3ac8b1208971f6c53c06c618cc0e914..73d8e21916c86b6b6a986809321dab44dbf9c9fa 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KVy6HK2@re`V7LBIa1(1i5CEm;%WJLfIAz}8qwgS! z;&a4-WM7HdW{2oP*7}C)E)WU?1-;PsFsPwSejQ<}I@xNML|1OExjk9Ug0v8jrodLn zMcm$SMiYI;Fkb(R5V&B0f|DK~>o%VtTBgFF3ps*1SPUdq_dfrKagfMxn3`+IY$=Mu zdCP1u&BKbM{B|f`1g(N0n7E9@d`|zxHON`le3`4!qTw1Zzer(?4c&5Y7AN}uslGWa zPh)NsAT+`LpjUvf2FKQkt7pTVMkl{p?UTC>To3|TKn}Zegdx@@{G_8An6i#en8*LP zLG>RU;3=4q*F%VZlv%h15aj8p>zumky~PfQu-btfjBb6)8**q@H7Za#20Jd5dAI*$o!4IMP~Ahm&PY3{%5IQ zIwxB!h0WHAmcSzaJ*#VX=CO34c$K&bk%6^`s&fK$e@brbfG*L(k=ZkFbTX9Wt|!+^ h(wrc3k{_5VX621+ zWC3MXE*iRbSv+`sbQW1-@Ya&Q(Q$EPA9lmrl<`Hgi#+JAA!-Fy3d+qS^^;msHVy;7 zPV+Gdo}&;g{d~J9Qe;**Oub;f1Gc(AelsHZH7B9xNc434)f<&*6K~v zx*DUSly}H492?(QEPuGQ|K97S>-&jMgeW>E&RL8QLHTvFSLit+dKCFBa+j*$GszQX zrk?Q%)o(m<3J2Ya4{0;a^cmT1cW5JoA5oj?Y&x<}BQl)%X6|Q~1|ed*Cp(mfMJAd* zllg=t&W!KI(hTMUOX$G&mY_&Cr)wxS)XtUO(6p}lfH4Q#M9G2-b;>ud4>?*}5_3q!sYow0DuFlDiB6L@JeU;^J0B+UFLx!igxb2+oBj2^$&` z%@g(MXkv9Nb~IFWa>o|$v{WN(`M+7U2*PF@0tBl*oL2wP4#$!YUj4@XrsD^k$ zzn^kwJsmzojB3Qf23sVgm6li*uag_hHw%y_z(SbXy+6d@L)AeH*EOAx6lycR4wT+a heOM9$14gxM!g`ajDhlao2S2>)e%&12u5BFD{SFep{j~r9 From aefcb9a491e46480973c80c4a038128cbbcb61df Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 11:28:58 -0500 Subject: [PATCH 356/487] Fix Variable for docker --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6d93fecb8..cd0baf205 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -949,7 +949,7 @@ docker_seed_registry() { set_progress_str "$percent" "Downloading $i:$VERSION" { echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig @@ -960,8 +960,8 @@ docker_seed_registry() { # Dump our hash values DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - echo "$DOCKERINSPECT" | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt - echo "$DOCKERINSPECT" | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" From 9b33201ba5b456da0102e10606ca74409dab357d Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:30:56 +0000 Subject: [PATCH 357/487] Auto-publish so-minio image signature --- sigs/images/2.3.10/so-minio.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-minio.sig b/sigs/images/2.3.10/so-minio.sig index 823b0105431330d0971f5cfa00986da57b065181..7826b69cf045ccd65b92816fffc819d5446ff533 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KV?Y232@re`V7LBIa1$Sk5CFgWp*k?Q=Q0}d_jKhQ zj4-bs`F(hhDm(2S!|UgnLet`x5BcSmNxW!^HWdDCIA(-i$w8uYTgJQ&to41oKy&eZ z;@zwX5tIZAo3J7+_q#(9)HaK(u2Pl16rgWQ(!IJ|SKI<*sfFNzYLTgxJa*2*9Ci-t zN5y$h_Ko*~t-5K{_78;pOs{C%`#ikfRaAC|BlD{lfxgF;dZ7ILuO+T{``gz%vaG>x zP8n1nT!4((m7xLq<-1us3)9-Sn@OPQpc_CI4S{5N#uxYp#QSgmV!^D8-m!AWoiiEW z*7t#FCKTrrxh2t#q@5T8{sZp{;qht8q4GOg!??tnRf@}Fa@(j1+bs2P0bpV$ zvs7966#Pn3O?#jhvJv!u$YP50py}!s!;Qp&w*_!sL2^EOrZQf&AnuF8p$s~ zlmUU2A0|A`zE-YR+AWU_nB<7yC7g2W2R|p8>%5=Ix|V=0JLFyDD7sg-u=0E#+&>bL zN|P!11ldue3@2JQwp@XhJ+mXcYx(p3-o4sWA)Amm6%n`eI@r*WN}Y%l>=dQ}iswMv hY!)ne;%Oz>cBGWBTrWl+sg zT|glW*#r1m!L6c7XzOj}+t=q@>IBqOBN&dci+FG(5U{y*if}ppe$?pz0lu8 zbBrM3qCs&n8OHEm_5^N#L1kpoE2^7?dXQNd1XZEfJ%ZKyjKuW;c;#M&rZOd;f$p$#D`>5nk From 7f491545fa57d052d5359451b814661ee2f50ffd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 11:31:27 -0500 Subject: [PATCH 358/487] Fix Variable for docker inspect --- salt/common/tools/sbin/so-image-common | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 9690f5ead..b0c4e5bca 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -113,10 +113,10 @@ update_docker_containers() { fi # Dump our hash values DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - - echo "$DOCKERINSPECT" | jq '.[0].RepoDigests[] | select(. | contains("$CONTAINER_REGISTRY"))' > $SIGNPATH/$i.txt - echo "$DOCKERINSPECT" | jq '.[0].Created, .[0].RootFS.Layers' >> $SIGNPATH/$i.txt - + + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i.txt + if [[ $? -ne 0 ]]; then echo "Unable to inspect $i:$VERSION" exit 1 From 67f18a02ea7d6778df6867408d94fa7a941cac74 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:33:37 +0000 Subject: [PATCH 359/487] Auto-publish so-strelka-frontend image signature --- sigs/images/2.3.10/so-strelka-frontend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-frontend.sig b/sigs/images/2.3.10/so-strelka-frontend.sig index 2ab8027e70b4b61ee11798a748137ffacf8e88bc..aa858871e86800c7c1ef20185b4ce479be1925b2 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KW8nY_2@re`V7LBIa1*n{5B(espOkW6Yaag!Xk$(3 zYqSYoI0P-N>d{~*Mesa<9c7D;3ARn`=#!frsprN+MI*#V+#b(3W-+X(-sO9lx|gMN zK5K*6L8_fJ%k+<3bk+O(EM4mAgzfpWb+PkciSyyH7?e+=Mf(r;2uBmL=3!HIh1^E> z62JC+69e`qSAMlt(5#)1vplhE#ach()eWGTZSgeYU;LoRXb-Q05rE&Y!~>9m2-eZz z%BOkG)ocp52ucyDXr8VfNZpy+dhicF8OA}YkYjo{1SbEhl?hG$$gV@U0q|@MzM=Yx z90e&wyvS}GQruNlZD;$`#CsilMWx<Oy+U&FG5F66JE2KtqYTuj+6L(+*Aj;h-tBrYE=${} zc(hSEVF{@B>I_8Jj@9Fhs<#tN$g;P$<7{I2QZ{g%a$ChF=s|}zSgoyBcQSo|*pyM| h+s77{i&@1BJ3;j9@f}NA0O$eB=jyqX(dUEeE_iD55vTwF literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqdEWz2@re`V7LBIa1({A5CD$C8&VhZ9#8@tJT=ne z^xqHwKu@HOp9o_~!CULhO9k4Q6BBre_i>?26At15?|J*r28~Y)4;|^u0NK~gRo|RO zfw|}TV4qVcyUI>(S0FO{@bsUTY1kF~4*@Gt4_M2`WSV4%43L>7Q-)Ck$SI^f5fyH=gL9H2Ox0*9jf*Xq89{zs8HSIJt0*c1Z^ooB)UAf9DGUn>#KYb`$#* zTJp@*!PbKT1yq}Q`1+ZHhWj){9Ar|3#d94)gC=&k<=TO{`5x)QVOs8DPW@G;tX?XB zc!Fb@NgO5q)?KlxlpC{7TXlGIWso7VA5*t%qqSrLz)ogv53}2|K~B(S#>e{6RD5Az z2o{G_zkzNfOY-24d5QI*-ePyyzzI`$K@vs(GgTFHrXR%z(0>frW(}!gXWBa!5H4n( zCw=(OZo$(DxKRT{{R=;diT6cZ?~wNrQ!Vi_NcwlP{)EAZPgLxR_WAZWnhK2K&PQLy zTqhW|RBvgK3TUMvo7pApQtiT*5Ba{lLNBs5J-`|22b`?RtZr_2 zkdkrK9<-Z%c|$O#>~u#9!H@soh}X?zW07aq7JV`=O85f*3H390ukE>N@ngXCb5^k? h2necsj?%q&l;~LPsQ72c>X{#MI2qas9Na;_s(Tr11Wy0} From f50e6ab929a752f1b47aea1213d671360bbfdfe5 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:34:12 +0000 Subject: [PATCH 360/487] Auto-publish so-strelka-filestream image signature --- sigs/images/2.3.10/so-strelka-filestream.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-filestream.sig b/sigs/images/2.3.10/so-strelka-filestream.sig index e20af1d3171163095423f2eb2a0e8ba8b6c9e047..23a22173892311f9d437b884902f8beec60a599c 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWCQ>T2@re`V7LBIa1&Y@5C3>Gi>`${eHtTyEG+e& zb`G;(_O`(8ISdLYPsaof`=v^uX?u*jg5&TLsQb6dZZsMW*^I}s<_lLxf#GT)XR+mX zSM^m7K>RtsjaWIy{nVB>TB$rnzG?|ii_)s=U_*ceaF#oIq##a4{MO5{e6bnTx_(`G zYs46T|4hn80EsDkY9b1vkdn(@0@08gl>t&O3s)@YH2FOXF>>Y{7V#NZjU;V$dd@L) zniy)CRilTH+*`GMf3t!AN(?KuUeJh5j_Lw3fqb(la*KgbX&5cK$7@n6HbB9(g2;F| zbjP}hKLqlUDVIsLU0`tA!o@HRL2SDXFE$tX5Jhfkh_UiSFz^BWpFLTbS5YZEZLhxS z-34UZYOdJb4?@=brFx}W>){t9H$hnFkU|FB+;RW|q_CER!NbnZtB)Dz>iy3&A1G>2 zv-9azL6@1*5@|ioUXA{1U(L0Kq$KAD_q_Pld(QnEY2@fjiT3ZFO7&N^yLO3N4I^>G z{B3ljOhdnW#azluW?q$m)+TqTDd1TnlQ2yo`ztk7Xrq>JHR(Qy5YF7j|B96Z_?61V8`) literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqY3~D2@re`V7LBIa1%@(5C2PCv~kkjfA%(TV;b5% z&I1!(2_1?@+_1o8tb4H|xVB3i#fJ>5+X!5zxVX-vT$uyAqD$YueH3t$b$2?K#Xfov>I z)$J?=+87Lck`AKYXLw`OtbMUlt)Zl!J|;Ny+gqL%cEpa9?03m$4{Ar)msHaKIN@{{ zpT1d6DH%Um(PRB~kjtApV|0xaKN$vhM!&)>+$7~RLbi8{&2Hley{1vhQcGQFQkNGo zLoQ1NqS@hHzzhny*h(N26YbAt4#uA(2e?w8)rMNnscob4l*cO)%3?ols>W8f#(&2S z14ZS(n0=~QT|XbJ%k>$BkQmB{#_TO|Q|9h+7jOGAeo@`1UW4X)Ax%rbfS8Dik!wSN zCdUDzqsgXF?>V=7u8)(E2>Tbeo6z!fxNoMd4DnN6So}5t%liOsr#$6gSt7Y(=rtMG zE_AKH84p;Q{dd6vdfcR(=UQ%}*sZf{*86#{ABoY24w5HKVy0b)Knzg{v=BAEWl#0< zARE0cG4CzEMM4E%s}XR1DPFrxBubeh%S%(n-(tq5&oh3SS$DIVmSriBd&kR`b^~2d h>_=2M8EUox;JdbH<@;C;!UShVu%=hgR_{TiCj_zx1R4MU From 6c1d5451eb4753f2c07def6a52ddbdcc992e1d13 Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:35:16 +0000 Subject: [PATCH 361/487] Auto-publish so-strelka-backend image signature --- sigs/images/2.3.10/so-strelka-backend.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-backend.sig b/sigs/images/2.3.10/so-strelka-backend.sig index 10db903c43234104e83b533724aaccd1d629e86e..b7177d12d48fefb77c62c4ffb4f0d9750567dc1a 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWJCZ82@re`V7LBIa1%`35CFQB1JQ$>q4{2vzOq>d z|6}jrHl=I7OE&C!41pj>Z`=!9g~fnVP@MpQYBOfXHwq(16)+w89Q_;QbyNKKJd?QE zI42+3#zG)nu^i)BYJb@xT(>N+)k3RD7j_JmgtN6?@CG7&d3T9Xo44_+{5n{65=$9LL(f=D$NMF%AKq%fxHv^ zd->&8q>D?eyXvSCzH_G9?VY5*MC>e%4{SCwWp?Jo6pt$5v?JENnQPd40bQsEcqxw?gn^#4&Pmf# z(eNgy_3`nf?1Vc)hA3-j0o157tOW*Sgys=_?x2PF!6uXSRaz}CI~*kJaXnu#oV zQ6b*7tk=E))u%0(#i)s;P&QvCyZ?xjO3)prziWmiY^jJ=?{fKr>Nop^P})Wj`D2A{ hNs7l=P0Au>tmu@v&4QsK#S=|WG8xZNQ9*3J51~NJ1knHh literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqRRjZ2@re`V7LBIa1#;B5CFgU8CIS_zk=t}xEsA| zYP_1*)qrQ+FF8FVZ0`Y11Mq-KTvekDqd$hK5~EW`=mZD)CINX~XX|P6GgaXqFC_~$ z*I$P>V$-e|3QqX2Kp+MD4oA>r#9sm*DRmQ#6Z9Pj{pR$a)xy%b=%D=Fu-n`iU}hS= zi)YZ%EFp=Rh`oA@d>_hhx+bW{G8u1gO$lQgR`VmtgR}J9&*0n-d-RmY1R!Zy8GZ>h zTiS2SFdLwRE{-40T%B;ArgG_gjW6QNf6;h(9tDYw$9PdQZc=D32U2}$ocPL%Q#GoZ zL~oJrC3Nmjc%wnC&;zntvmc5v~8b=&l&B5I@+W3)%x{NV_dx!C# zT3lTeE!8@&r*as#E-WGy?&Bvi45e#zI~J?ri5n(9*mUS4THe)zUVWOM45Sfn(o+Ts z!C(ebSo-58WTF+FJ2C~ql?)bg_%Qn?JA#6na%c(Sp!XihIK6j2;%TxCUYcILgE4Td zKUw438(2YsK`UfB+w%3rLzp`rBVyu+s%=lg7KlnYQZY Date: Thu, 12 Nov 2020 16:36:01 +0000 Subject: [PATCH 362/487] Auto-publish so-freqserver image signature --- sigs/images/2.3.10/so-freqserver.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-freqserver.sig b/sigs/images/2.3.10/so-freqserver.sig index e324d53e087f400ed90bc07972838ae24d5bd2e9..c082343fc02ddd479a94b12ed299e2e6394835af 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWN`or2@re`V7LBIa1&S85C3rnwmt+3$5~yb)e83d zF;cj~o@MphL@g?PJUaLN%2ZJ_1UxBIUOXb4ya4jDv^A;Y<9LUWu7f6y%j%KhsOP*mM0lTyb zaC4S`Co{h~S7b^tVXW3Zh9_~oV$_bOq-ey6oeK3>>y-^?-V402&RKq+6$=9h;eOr&%>c{^uR2a>K!anI8WFUNY^1(7~wS|HB5 z)5#4$Syl#_7OY0{6IfAz?L$SL`1vNVOX>+ehwmGfAigYlZb4m(e_3FMdSou3qSM08#N=FjOsh5f zXR^xRuIv?XaXLAh^GeeLE~7Vhfb8BEfX4p|BO=%r&e{g&MUjDDwx5bs(p2KYOo@Q! za#bgD5fnn$W7EZuQPiKCV{n~WiZw+kza4qU8HMk20lUGjVJA>ss#gAd|gH# z^~`f4e0xpmfla`nxu^?Qbd*nRFdAUB_~$!rEGFK4j5tGOumZT4_KuAdo4Qcy(KOc> znPThH94p;><4fB?7KlCYC#%B2nqY6WKJghAI~ Date: Thu, 12 Nov 2020 16:36:51 +0000 Subject: [PATCH 363/487] Auto-publish so-fleet-launcher image signature --- sigs/images/2.3.10/so-fleet-launcher.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet-launcher.sig b/sigs/images/2.3.10/so-fleet-launcher.sig index 776978800c766d02e6467baa0f1df6f4d71e1eec..e1360dab4ad70becaaa9de2b393c1a88a1818c86 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWTOBI2@re`V7LBIa1%G)5B@mhKDzAJ-A{}DB_VX4 zVjZmGMY2y=NiYJAsfblCgaMG(nw>o)aln-!U6#1X|BBi1!(L3t&wsM6z>6BXt*QW< z|LR)Vb7NHPHIJ65)D#k3alB7=l={A#m(U(R-6YMn==B%l6&W&2NG}uE9zXNbcoq=b z!mn>p+nJjB9>%EG`S~u)4(O}7-p$W!W@s9#X?r-_fc~hA)-dcO`3Z>owFuqlke)O8 zEWZng+aL)ZACdoi)jg|kQ`=O{EB`t6J<z zgog`}rC6Pi6+`3rz^H!O#iJ9WnC$Ev-XLh5w2nJXuTs6QbXqg1V_Eg#s$=msasDQ< zBoA=kNPqwL7LJqW=u!Ee8-E1pm@pO(lF2HCef7ezW!U4TZI_`5fJokxo-}D=00cuZ z&#jdbr%N{B9=hV3u~MkLY5af&s*^%v%eQnrCJlns5F>b`qvl@)?@hlMkyPsFu@`P$pVXV4Y#At%YG$Y@X1)Wnhp6u^$BCo@CRnqYmhV&qk;B zuJs$_WBc8sA-t8prAD_;qWtW7$yU7>E~W}ux2#{C`v?lTNKrJfl@LdF8_Eku6%s2S zcxIiVS{;CAqjZ*)cKbx%cU2`+Dr8U(_gh>y*JL&vL=DoZ~ zqGY-ib2rXVH@EK_b-mcv>g-L{iuFDv&suaXP&DK>3<^^T{Y(|!%HD8{B;Bw-4EkwW zx(_WrZ6Qo=)R;%5A}>>jS=&AX#md=6_K>7DX|3>uTMUt2pcYeF0r_tkDYkr&6LlFN z;TlTAC0zoeCGgR?7h|N-3jJH@9fK@MV3*u759~|PQcNij3T+FVJ0(6ObWy|li>lL?X-)} z3VF`QIVlC{q~~tXnVIxAZ#3h)#h_`!96)2Mh2)=^>6~U14nUKxYJUsb*?&$R9Ch20 hDw6Z`t_a~Y^IL47B^gP0x`IWmjr6E15Xyvn)&4+G2dw}A From 9c0a1bc8b9b2750b79b06c27813dd6bc7ff1f3ee Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:37:24 +0000 Subject: [PATCH 364/487] Auto-publish so-fleet image signature --- sigs/images/2.3.10/so-fleet.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-fleet.sig b/sigs/images/2.3.10/so-fleet.sig index 33afe07229a1f049871bbfd7227e4f012cf646a0..77326a44fb0c963fff541dab636aab477cd60d52 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWWxXo2@re`V7LBIa1(>_5C3EBk>0heq~)1CxgVD) z6Og8`rKxOA=kd5ss416jjqe1IxiM3ngXlr&1L}#-fs&pY=P>-4A2L%auZqe zU_mtVjo?^{pzL|Unn?(^C>7ozOtZHd&vw9NM7JT>Hmx9qO$6EzfG{n9$_N4%Lsa91 zi3sx3(hGisPTg!@?favPBtH%}bQ<>RZLoIO{3K86hS=bXmpsqK6ZcSEPXt6ZV?;Xx zp#D0U53Tw=}6s z9c{KY^t%(-2cYoiG!$HYAPIjX6UJBiL^Kv0b$}1FJdX-R=|A5ZcaNV4%a`+wetOW9 zKF_AkB3gE{BEKEZH>v)Pv)|qcks@q<4X!dHiy6y+7BEhKj-{kRPEhL25VntUm!)kK z5UDGL+Hnxtxxl||IR5fJS5g)o=`Q$ol%Wx hguh;tU!|9+RSXfrPyq`^OUj$B1HHgnF5y>mg!llv1Kt1t literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jns5LL2@re`V7LBIa1&c}5CEMexO~vCnKFwor$3J+ z4rqfOUWJ*sH7i;JUK32j-%s?vvnX1DP%%_3pPsxXIN&f#bRX?Grc^jB9tS{e>@X=>bo%%RNKG?>(d%=W zrs_~(RNMyT0C?(RgpWESA()q$@CJ{aKtp)1(PAZYO-ZCX6sULgS{BX+F?wqLZ zH)I|`n#3wM=tTNH_PwtDun^)%TonEnl}Z+h7ADuw-+ATYPl3926ybWCEc9RBSz~hZeykxHek+&cxz}&!X zTPTMb?YE$S+=~tG$<@-{Hulf7l+fX-HRc4n_y04CD^x9z5yL@tYP7@sI_8b4#G zAXPQSWkg&r{E(dmAB@1lE*~6KPL?Elul>lPi_CKWn0(jrgPvic6BgMQ*d#vA+3A0J hNYDr@x(o Date: Thu, 12 Nov 2020 16:37:53 +0000 Subject: [PATCH 365/487] Auto-publish so-strelka-manager image signature --- sigs/images/2.3.10/so-strelka-manager.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-strelka-manager.sig b/sigs/images/2.3.10/so-strelka-manager.sig index 63e2c3a2b596acbe5182e6eca1ea5d841c9cd154..51db7bba95d2bb7e764b64562667be61431f7935 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWZ?h`2@re`V7LBIa1&;45Bv$XYDEQFcucq4XpuTf zEGG%rhZvuqpD2Xk#j>h(T};+n077RxWM%Xn1JcB!Wnr2a z1nyRG4V;&=Ke)@B; zDg*j5x2w`FAw-1|Qu(WT1V{#FoOMz3UX`qX>itrr!So@+dRn4#?8JIymw=7CoEOD% zkZ11o=iPuIZHKm0=k!d!XgfXg+$5wI8a1(+KrOIqOWa~xv$fb_*K&t~Nr^~D@1aq_ z9K_Plmf|}csPF+CL?1jwO9yz85u<8rtIVp$bGG?Pq?VEAO&9k2(G=)@UGQ%AY5dyx zG|P)Qua+HH1yqUKmc(0&z4N6X|=f3#yftHovj@(vlPWv73 z;e!)f0cHaAME2i7I5)_oonfA=ELFsvqwP42ykcCG0^ki!#2~`&y8RIV#nU09@2T9f zm5k40p4zWhqnW7=lAFujJ8&~B>2TOK69=S8lv9}?yr(RzwkPtGiP8Ehzm=ZJc?{Us hvSp8KAa-~#UC0%deFF%FB7cegdEFq3P=LAHJLd}B5k~+3 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jqi6sM2@re`V7LBIa1;8e5CFfw=Y}5*T<@NSh8 z(#A(E+@(874$e*rCi1ptM44ReNZn*O1iHnR%z#bl zf|Ld&zN3cwn6K$x{j|40Heh From 6194d85180878ed19b98101ee12f643bc5a130db Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:38:38 +0000 Subject: [PATCH 366/487] Auto-publish so-idstools image signature --- sigs/images/2.3.10/so-idstools.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-idstools.sig b/sigs/images/2.3.10/so-idstools.sig index f0ed287f54494120a44f3d0860d8af8bc8a148a0..c8bb591f8d2ef87f66c8560b25b893838686d5e8 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWexxe2@re`V7LBIa1-L85CEgmR#>|HieNfj4fJvN zuc}n{=TO=DM{|M)(gMjg{pL^jBdWL1Md3vflrE|K(weV=YQ9$F72@jU+^B~c;e@7g zu=bvAS1KbwgdB?O1*1>=hmR?1=H@mLk+0lBG^Y<72Z7~W)?i&@pV0rV+c8-8ou+|~ z^KlW~*8vKqBy>+{mz$f<5~3(-XJ_^^c#ageW#WS>FNzo3NIjOveF{P$r9GR~I|8YR zQ~!&nc4lr%w?~ve&z%FTdbv~#EyfWb()2;uY@D*zLb^q^$|T!ZC1noLdWf5{+ zq`G0N63&e6K^%m}eG^6}RNvUcbF@Km=-rwLy zCt^IQ1yp-xkUk8+-Y(z~t!RJ>^iyKri4tRIIgS1kG53N~jTiN1D@F%|@(2y)&DZ4n zUp>aN)1u787k}RY&Hn=1O`hpwksF(LE}23tD_b+=zHJqg*!vPwbBExX7nni;51!K4d%zw#o>s{bQnoM)pJlR!^&fp^*j ziF3&CvZ&v^_1;O5aP18XlVxINa}FVM7&xuaquu7XyoYFk>KrncN`K!73-1=^?c@~X z$ql@|*0QEiu|pP+K;IJ3Y6y7@{2T9HsIDX_4ftA8rHik5m9#?GOqMLa#KyKIq`X1F zh{QcogspcpAW>-nWj<&vvZYiK$f9RjE~tzqzTCF`9lP%M{@XiGe|7<}FFy_Z58j^& zr3iLS)X1hpR<4PXU$e(RO(D&KeHbPYsozJ@!}PO@kt>(4=E-Kg(1D9=2O;on3~X2$ zym?N}4@tN8iuCadPkq0r53dU+1XR?Qfcmz8w#y1HRQwZ;Qg52XZtPkMYYP<}WGGQs z9<`3dkK!SK5$xG8=}kukujE`F;Yr>SRh~g`2o@g&pSJZ8Yge-|LR*|cKqrzwG-kMY zn>;>PZLBoxfhQSCfMOV9sSYLG6vXs?1^Wwu2Grhu8FhpfGncq4!KxUOGL#gDF`D&7 hA}t-8=A~+H=>Yl&NLn8pNL`KInNGmjNr)L+XMMm^{U87U From 7d810800766414b03e2f9e030a33d930ad4be3fe Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:39:24 +0000 Subject: [PATCH 367/487] Auto-publish so-grafana image signature --- sigs/images/2.3.10/so-grafana.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-grafana.sig b/sigs/images/2.3.10/so-grafana.sig index 74300c1e33fbab3e39b09b5a3ccb3d2eb7850ae8..d8fd398104ddc157b26e7dd30579e34e5921bfea 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWjp{12@re`V7LBIa1*ZW5B?{T#e}DmGoP?==DB@m zDXWq3p7(qyQWI5dkqzvtj6?NHt&E3tIb6+8B3dmDqvI=lo|m0?@`d+Y)Gd;gw3q4s zJP6IM{f!F{5oo41^DgxzRgGT>gyz#+SVtd}(2H8m7gaH#Bq%~m&K_`i( zNX|QlVn8Y(%0Tx>EKil+A&mIHR3_TmA1g~#Mr}*N8qYn zQ!B`X5{a6TmOAExq0lVp;Y1H-K< zNo4U>A*v&XunKsICmji^Yh&mL{oDkFPs3jHV_;k`d{MBU&CusCM=_=CUo@CRAM}sn hH^?bzDq3@~^^32Wk&iV}qZu1SO(-<8LY&1dkhhUS3Z4J} literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoYMdb2@re`V7LBIa1#@65B?%WV-oZ~FRxD17EWqN z(%U~YgC zFTck_Xe<0U+s>Vv&wHMGK>qqs|5^J+t|bltjj%3Kg-hm`|4EecB=y(0U~?~$LjGZo z=sYi3@LF}_5y?%5urh@yt7zhtjjrUGEz$Z#I}#(rtf1*X|8=KH-WG{~%PGh3LJ8KH z6|Lgt`IWys&Zz74`wc|9Bo(b$F+ki3Gpbut6^Bl$(9$==;@Hp{^O}JGG5+nF)kxg?wXP;nrqu z=K6VpSvjy8y6$)$_e_CLh8$~{MQ#5}EdM9H9Ge4^9K(+rdsNkF9J$=a;WvIyX_o?l zN=5A$msm5Q9_#xhNG8fw@n4|~^kIq_#`@ZraMrDdw++ZR_yib|pU6{vWVqqwBc6ut8(xd#^jE+2bqLW@WB*q;xqh6aMQ*t)v3~2xW From af44cce42306b67b48b0e9324787c3ccc7ce39fe Mon Sep 17 00:00:00 2001 From: Automation Date: Thu, 12 Nov 2020 16:39:54 +0000 Subject: [PATCH 368/487] Auto-publish so-acng image signature --- sigs/images/2.3.10/so-acng.sig | Bin 543 -> 543 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/sigs/images/2.3.10/so-acng.sig b/sigs/images/2.3.10/so-acng.sig index 5f2f413ede033fd972caed3354adefac8c20e637..a4c70c3ebb837daef88795a87ad0c4a48d78fa87 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWm*6V2@re`V7LBIa1&4R5C2Nw553BwDY~_zaxXKL zMFsm643A_zjcs~RuGnLkE5p#!-9OCdf0{t3_|dtH-<)kZap;{wvSWf7p$w3MFkJ%7 zT(;Hgxrp>Yt1G0(S$hVh-#)`l(%!y?`= z<0_+F=u`0bvMN>f4QjltzWDCfym~NX;BewiDt4y+iM(Q=CIikuJUNK5i@rlI*Gvsq2LmD5Pndm#dOh6C80wyUQ literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnaBVN2@re`V7LBIa1#k=5CEAUI4;UK_({u>+z|I< ztsVzdzOSPT#{7rlk@*xl(%J9zB{=|&K;Ea>cW19o^WDu{d40ww%{5E7xPF{h1Ws+-{Ql2-wBIZuX8}(w{$iC@B_hW$4fX zFPnb;-TMgD;zlD}q81g1NmXqdDoZF!Dkhl8Oc#|;WS#1{e`oq29+Kdjq$g7EYzvj` zwFC{@*56p|LzUn0H!kxM$9iBzqf@L{t}4VpFsyC`6yM83kSGG?HSaF7H7II6vg&pe zmxHW4j}H$zuhS4@nrMBG4zAgYH@gqPfV;J`lFJ`kg8(DE^VBvjVu3$DS`!^%>Zyy hLO8C2Z1O}b{Hj3#FFR(aR2O2}_a|iN6}y2CWDKQO|0)0g From cbca2d702f9aee9cf845104f63125485ad1dd89a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 11:53:30 -0500 Subject: [PATCH 369/487] Add Version back to sig files --- salt/common/tools/sbin/so-features-enable | 57 +++++++++++++++++++---- salt/common/tools/sbin/so-image-common | 8 ++-- setup/so-functions | 8 ++-- 3 files changed, 56 insertions(+), 17 deletions(-) diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index 0f2d694fe..65e9bcec7 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -51,22 +51,61 @@ manager_check() { } manager_check + +# Let's make sure we have the public key +curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - + +CONTAINER_REGISTRY=quay.io +SIGNPATH=/root/sosigs +rm -rf $SIGNPATH +mkdir -p $SIGNPATH +if [ -z "$BRANCH" ]; then + BRANCH="master" +fi + VERSION=$(lookup_pillar soversion) # Modify global.sls to enable Features -sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls SUFFIX="-features" TRUSTED_CONTAINERS=( \ - "so-elasticsearch:$VERSION$SUFFIX" \ - "so-filebeat:$VERSION$SUFFIX" \ - "so-kibana:$VERSION$SUFFIX" \ - "so-logstash:$VERSION$SUFFIX" ) + "so-elasticsearch" \ + "so-filebeat" \ + "so-kibana" \ + "so-logstash" ) for i in "${TRUSTED_CONTAINERS[@]}" do # Pull down the trusted docker image echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i - # Tag it with the new registry destination - docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX + + # Get signature + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION$SUFFIX.sig --output $SIGNPATH/$i:$VERSION$SUFFIX.sig + if [[ $? -ne 0 ]]; then + echo "Unable to pull signature file for $i:$VERSION$SUFFIX" + exit 1 + fi + # Dump our hash values + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX) + + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION$SUFFIX.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION$SUFFIX.txt + + if [[ $? -ne 0 ]]; then + echo "Unable to inspect $i:$VERSION:$SUFFIX" + exit 1 + fi + GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION$SUFFIX.sig $SIGNPATH/$i:$VERSION$SUFFIX.txt 2>&1) + if [[ $? -eq 0 ]]; then + # Tag it with the new registry destination + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$SUFFIX + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$SUFFIX + else + echo "There is a problem downloading the $i:$VERSION$SUFFIX image. Details: " + echo "" + echo $GPGTEST + exit 1 + fi + + done +sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index b0c4e5bca..fe89a0c4a 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -106,7 +106,7 @@ update_docker_containers() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 @@ -114,14 +114,14 @@ update_docker_containers() { # Dump our hash values DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i:$VERSION" exit 1 fi - GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) + GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1) if [[ $? -eq 0 ]]; then # Tag it with the new registry destination docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION diff --git a/setup/so-functions b/setup/so-functions index cd0baf205..86233b4de 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -952,7 +952,7 @@ docker_seed_registry() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig + curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 @@ -960,14 +960,14 @@ docker_seed_registry() { # Dump our hash values DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 fi - GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1) + GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1) if [[ $? -eq 0 ]]; then # Tag it with the new registry destination docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION From 52e909007f4e6c33787de88a7bdef1e810dda89c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 12 Nov 2020 16:08:27 -0500 Subject: [PATCH 370/487] Change url and clean up sigs --- salt/common/scripts/dockernet.sh | 8 -------- salt/common/tools/sbin/so-features-enable | 2 +- salt/common/tools/sbin/so-image-common | 2 +- setup/so-functions | 10 +++++----- sigs/images/2.3.10/so-acng.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-curator.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-domainstats.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-elastalert.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-elasticsearch.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-filebeat.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-fleet-launcher.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-fleet.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-freqserver.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-grafana.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-idstools.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-influxdb.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-kibana.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-kratos.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-logstash.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-minio.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-mysql.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-nginx.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-pcaptools.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-playbook.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-redis.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-soc.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-soctopus.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-steno.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-strelka-backend.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-strelka-filestream.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-strelka-frontend.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-strelka-manager.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-suricata.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-tcpreplay.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-telegraf.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-thehive-cortex.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-thehive-es.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-thehive.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-wazuh.sig | Bin 543 -> 0 bytes sigs/images/2.3.10/so-zeek.sig | Bin 543 -> 0 bytes 40 files changed, 7 insertions(+), 15 deletions(-) delete mode 100755 salt/common/scripts/dockernet.sh delete mode 100644 sigs/images/2.3.10/so-acng.sig delete mode 100644 sigs/images/2.3.10/so-curator.sig delete mode 100644 sigs/images/2.3.10/so-domainstats.sig delete mode 100644 sigs/images/2.3.10/so-elastalert.sig delete mode 100644 sigs/images/2.3.10/so-elasticsearch.sig delete mode 100644 sigs/images/2.3.10/so-filebeat.sig delete mode 100644 sigs/images/2.3.10/so-fleet-launcher.sig delete mode 100644 sigs/images/2.3.10/so-fleet.sig delete mode 100644 sigs/images/2.3.10/so-freqserver.sig delete mode 100644 sigs/images/2.3.10/so-grafana.sig delete mode 100644 sigs/images/2.3.10/so-idstools.sig delete mode 100644 sigs/images/2.3.10/so-influxdb.sig delete mode 100644 sigs/images/2.3.10/so-kibana.sig delete mode 100644 sigs/images/2.3.10/so-kratos.sig delete mode 100644 sigs/images/2.3.10/so-logstash.sig delete mode 100644 sigs/images/2.3.10/so-minio.sig delete mode 100644 sigs/images/2.3.10/so-mysql.sig delete mode 100644 sigs/images/2.3.10/so-nginx.sig delete mode 100644 sigs/images/2.3.10/so-pcaptools.sig delete mode 100644 sigs/images/2.3.10/so-playbook.sig delete mode 100644 sigs/images/2.3.10/so-redis.sig delete mode 100644 sigs/images/2.3.10/so-soc.sig delete mode 100644 sigs/images/2.3.10/so-soctopus.sig delete mode 100644 sigs/images/2.3.10/so-steno.sig delete mode 100644 sigs/images/2.3.10/so-strelka-backend.sig delete mode 100644 sigs/images/2.3.10/so-strelka-filestream.sig delete mode 100644 sigs/images/2.3.10/so-strelka-frontend.sig delete mode 100644 sigs/images/2.3.10/so-strelka-manager.sig delete mode 100644 sigs/images/2.3.10/so-suricata.sig delete mode 100644 sigs/images/2.3.10/so-tcpreplay.sig delete mode 100644 sigs/images/2.3.10/so-telegraf.sig delete mode 100644 sigs/images/2.3.10/so-thehive-cortex.sig delete mode 100644 sigs/images/2.3.10/so-thehive-es.sig delete mode 100644 sigs/images/2.3.10/so-thehive.sig delete mode 100644 sigs/images/2.3.10/so-wazuh.sig delete mode 100644 sigs/images/2.3.10/so-zeek.sig diff --git a/salt/common/scripts/dockernet.sh b/salt/common/scripts/dockernet.sh deleted file mode 100755 index b317e4006..000000000 --- a/salt/common/scripts/dockernet.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -if [ ! -f /opt/so/state/dockernet.state ]; then - docker network create -d bridge so-elastic-net - touch /opt/so/state/dockernet.state -else - exit -fi diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index 65e9bcec7..3590fca22 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -79,7 +79,7 @@ do docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION$SUFFIX.sig --output $SIGNPATH/$i:$VERSION$SUFFIX.sig + curl https://sigs.securityonion.net/$VERSION/$i:$VERSION$SUFFIX.sig --output $SIGNPATH/$i:$VERSION$SUFFIX.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION$SUFFIX" exit 1 diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index fe89a0c4a..c10f255f8 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -106,7 +106,7 @@ update_docker_containers() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 diff --git a/setup/so-functions b/setup/so-functions index 86233b4de..00b7ea28c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -952,18 +952,18 @@ docker_seed_registry() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 fi # Dump our hash values - DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt - if [[ $? -ne 0 ]]; then + if [[ $? -ne 0 ]]; then echo "Unable to inspect $i" exit 1 fi diff --git a/sigs/images/2.3.10/so-acng.sig b/sigs/images/2.3.10/so-acng.sig deleted file mode 100644 index a4c70c3ebb837daef88795a87ad0c4a48d78fa87..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWm*6V2@re`V7LBIa1&4R5C2Nw553BwDY~_zaxXKL zMFsm643A_zjcs~RuGnLkE5p#!-9OCdf0{t3_|dtH-<)kZap;{wvSWf7p$w3MFkJ%7 zT(;Hgxrp>Yt1G0(S$hVh-#)`l(%!y?`= z<0_+F=u`0bvMN>f4QjltzWDCfym~NX;BewiDt4y+iM(Q=CIikuJUNK5i@rlI*Gvsq2LmD5Pndm#dOh6C80wyUQ diff --git a/sigs/images/2.3.10/so-curator.sig b/sigs/images/2.3.10/so-curator.sig deleted file mode 100644 index 04319eb5a8dde529246ba3c1191f44ae1891d3c1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoPYod2@re`V7LBIa1$V$5C2B`@rCoOhN*uuId+-F zJm8_N`%Sny=^N1A!_lRG$|!T$jd8a`SwKnU6Nn9M_^7J-$cs6p6}#*$P%XKhbHRxJ z25CzR+}>%!(t@?~;kSJ{5E?{h0L)BtOWmE(ok zpd61j{bgW$i)2H_fuf{Gl2niQOTtx@FKBXu2)I)6ZG1h~Uooo#ciBs|@q%kJqS7xy zt-FhfDY*PK8W4%!eV#tC1SJ5#NSuuzK^;7r=~f1x=8IC}12BIV042MPls?WQt5kyc zh2%n6^ zYF6Rg=?j)8$km;N3wIIINfskufl--D5#Mg~GenbjbhC%{RnBxyk{8$y&iK*N6{1K? z^!Afidx=%D`!LgXB%!`D&LnQ-<&}HOl7JZZF@_2iE^r$EbCGhq5!SV%H*QY}y!c|< zq=HR*i%+B;z(iDVURLinc@u^`{~Lp`#A8^3B&kQ&I|7B+imNJ$V$kQe&N&VMaLN!) zudk7eimfqL3UQgs)~8YkSaMH(o~cmJbWU|r<@c?MzOBO+3BM938QdB6hoZrz6Ih|M zcQxKjiQJ7MR^CBTa-fLoxR*OfUYLQ;ucdCt_}f$HWE|P6A`|{f?f$#qJY3ppu2|_q zu@GZSDO$N7P=FC+2Pev*rwk!GrLqIf*|PH9*Y7%yL)Tr{6fJvs`>%)( hr;gRAFzr-47XO{?RN4Z(BhH*5zl0=g83>GvG@Lf5{Ih#8TkO`J9!P=4yy zsj=V?@LI`}Pl_@pwF>Py2-%w{r1QR|DM<0jw}EexgU@o`a^tS@*=XFmgyG5#`}h)D z3?{mx7y8x$Kv+D%m;pbfTF$ZX=;*SE70a+(Fewtvk4t>XTN9`HF?u@wn!;>FJ3nH14B4wo27oon{h`eR8VqO++J-**PxbQA-Cl8U(#1xE zx~_BoT&p;A=Zwmp?n>)Jw+JrJ31f2#8HZbA&KCr#rQ1#xk`BDG@HKac(LD%%G6cKU?ciADB& hZ|GDxWaM<%H>sSX+zi0`G#n$GltnRe&-?O(c_u2lwA|C}_e=Bog2F(uvKy z0GK~(lmsfER`2Y)3kI0u!9C>;AqgdN#{=)_GQzSc{~PK>S+BssvpF|Fb-n@OWJTt> zGcc2^zhPG4Yi(lD1=Nr$!VIQ^iYY3A(4#7>$$L z10z{7+I^IKF&?x<&QA9%M;*Sa9mZ6mdfCkdJX-OcxU`o3~gdk)3rQO)u+?8TO0uEhz4 hL@p9czjzHpQm1CqwtXDE`0mavwP3I>YnZr4=Fy2o2L%8C diff --git a/sigs/images/2.3.10/so-filebeat.sig b/sigs/images/2.3.10/so-filebeat.sig deleted file mode 100644 index b543d83101550a23c6b9e1a877c32947eb5a5ce1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jp-%t`2@re`V7LBIa1*GP5C3}j4>z}3TR004e|xt+ z9-#%MD94p@hu$R|i?8XUmprynyE>B&%XEcW!%e9To9@uOS5t8HwKV^e_ir_l~PLX`92wfXQmt}G+6CZmTLgBH#6%6~EU!lMXHe~vG z2vWw#7&sW%I={5%LZK*3m?(nu?xWI-)I~{YX-zM=U$;+m@~s0W64w&`RbTuK4L)1s8xYM74>s z?WBvSaf23;2I7iDTd*OYMEZd9fUAR~ZDa64JPPF3tUs3MR#*IXZCRJ@iKVW6RmxF1 z#mPIpY44FV!6>PduliB7g#1Gag&{a$-;ZlaK%)wxU*vLmfJ zyhhOtIcKI<#Vk=MK~(amRcyqKF~N(W%48Wz=|yQ6^e_165@U%(CTg%FflRH_>mDKa h`>+lO&&&LQXvl6q5l8ey{=dahv6LuD`o_?O$tXQ_0%HIG diff --git a/sigs/images/2.3.10/so-fleet-launcher.sig b/sigs/images/2.3.10/so-fleet-launcher.sig deleted file mode 100644 index e1360dab4ad70becaaa9de2b393c1a88a1818c86..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWTOBI2@re`V7LBIa1%G)5B@mhKDzAJ-A{}DB_VX4 zVjZmGMY2y=NiYJAsfblCgaMG(nw>o)aln-!U6#1X|BBi1!(L3t&wsM6z>6BXt*QW< z|LR)Vb7NHPHIJ65)D#k3alB7=l={A#m(U(R-6YMn==B%l6&W&2NG}uE9zXNbcoq=b z!mn>p+nJjB9>%EG`S~u)4(O}7-p$W!W@s9#X?r-_fc~hA)-dcO`3Z>owFuqlke)O8 zEWZng+aL)ZACdoi)jg|kQ`=O{EB`t6J<z zgog`}rC6Pi6+`3rz^H!O#iJ9WnC$Ev-XLh5w2nJXuTs6QbXqg1V_Eg#s$=msasDQ< zBoA=kNPqwL7LJqW=u!Ee8-E1pm@pO(lF2HCef7ezW!U4TZI_`5fJokxo-}D=00cuZ z&#jdbr%N{B9=hV3u~MkLY5af&s*^%v%eQnrCJlns5F>b`qvl@)?@hlM_5C3EBk>0heq~)1CxgVD) z6Og8`rKxOA=kd5ss416jjqe1IxiM3ngXlr&1L}#-fs&pY=P>-4A2L%auZqe zU_mtVjo?^{pzL|Unn?(^C>7ozOtZHd&vw9NM7JT>Hmx9qO$6EzfG{n9$_N4%Lsa91 zi3sx3(hGisPTg!@?favPBtH%}bQ<>RZLoIO{3K86hS=bXmpsqK6ZcSEPXt6ZV?;Xx zp#D0U53Tw=}6s z9c{KY^t%(-2cYoiG!$HYAPIjX6UJBiL^Kv0b$}1FJdX-R=|A5ZcaNV4%a`+wetOW9 zKF_AkB3gE{BEKEZH>v)Pv)|qcks@q<4X!dHiy6y+7BEhKj-{kRPEhL25VntUm!)kK z5UDGL+Hnxtxxl||IR5fJS5g)o=`Q$ol%Wx hguh;tU!|9+RSXfrPyq`^OUj$B1HHgnF5y>mg!llv1Kt1t diff --git a/sigs/images/2.3.10/so-freqserver.sig b/sigs/images/2.3.10/so-freqserver.sig deleted file mode 100644 index c082343fc02ddd479a94b12ed299e2e6394835af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWN`or2@re`V7LBIa1&S85C3rnwmt+3$5~yb)e83d zF;cj~o@MphL@g?PJUaLN%2ZJ_1UxBIUOXb4ya4jDv^A;Y<9LUWu7f6y%j%KhsOP*mM0lTyb zaC4S`Co{h~S7b^tVXW3Zh9_~oV$_bOq-ey6oeK3>>y-^?-V402&RKq+6$=9h;eOr&%>c{^uR2a>K!anI8WFUNY^1(7~wS|HB5 z)5#4$Syl#_7OY0{6IfAz?L$SL`1vNVOX>+ehwmGfAigYlZb4m(e_3FMdSou3qSM08#Ngyz#+SVtd}(2H8m7gaH#Bq%~m&K_`i( zNX|QlVn8Y(%0Tx>EKil+A&mIHR3_TmA1g~#Mr}*N8qYn zQ!B`X5{a6TmOAExq0lVp;Y1H-K< zNo4U>A*v&XunKsICmji^Yh&mL{oDkFPs3jHV_;k`d{MBU&CusCM=_=CUo@CRAM}sn hH^?bzDq3@~^^32Wk&iV}qZu1SO(-<8LY&1dkhhUS3Z4J} diff --git a/sigs/images/2.3.10/so-idstools.sig b/sigs/images/2.3.10/so-idstools.sig deleted file mode 100644 index c8bb591f8d2ef87f66c8560b25b893838686d5e8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWexxe2@re`V7LBIa1-L85CEgmR#>|HieNfj4fJvN zuc}n{=TO=DM{|M)(gMjg{pL^jBdWL1Md3vflrE|K(weV=YQ9$F72@jU+^B~c;e@7g zu=bvAS1KbwgdB?O1*1>=hmR?1=H@mLk+0lBG^Y<72Z7~W)?i&@pV0rV+c8-8ou+|~ z^KlW~*8vKqBy>+{mz$f<5~3(-XJ_^^c#ageW#WS>FNzo3NIjOveF{P$r9GR~I|8YR zQ~!&nc4lr%w?~ve&z%FTdbv~#EyfWb()2;uY@D*zLb^q^$|T!ZC1noLdWf5{+ zq`G0N63&e6K^%m}eG^6}RNvUcbF@Km=-rwLy zCt^IQ1yp-xkUk8+-Y(z~t!RJ>^iyKri4tRIIgS1kG53N~jTiN1D@F%|@(2y)&DZ4n zUp>aN)1u787k}RY&Hn=1O`hpwksF(LE}23tD_b+=zHJo6CxGr^#MKfMx;tSWF zjiq5YfxMiOMpYU%^c(sh_D&y9+UpLlrEK6^bvkhS&J+)3q7n&TIt?KZt6-d~h~^w#6-wkZX% z#PR3|LNyIOTapy_8}2uRYeWyaqpcu z=vKO50&IUsjk~}_=LFLZwgdHjn{aO#A-VVjH!ew9Hr#RNtRq`3!gjZIXnGi#ns8^T z)YsXr#vMs}3n?dL@nQvXTwgEAl&QGjV(9~Ye(+{uqMA^d&m!ad<;r#Kx<;5$XpRx# zh;bp@<|ju-b^rTT|+HhDBt7E{DtP~GRFpfn;FrdLcA$%R6Zs^lxV=tvqNi9Z( z@!2EgRhems`Ood&Ld%R8OpPt?S*XKdtZoe{qJ=A0*^j|9P|#;Z(G!zBc?fM8o6;hTGqI_VV{7#G=2TW-WX)Hq#MkeOa<^;HkXX zeAoE%3f`z2*_|lqucGS1lKs@8D+dzcs*Xl;$(tF%8qIIdzNwxHDk>w+{QMA^Ki^vy h8@Xk&SVUx(=Ef$i+SH4|9o~zb1~D|j1A|wd>uItG2eJSF diff --git a/sigs/images/2.3.10/so-kratos.sig b/sigs/images/2.3.10/so-kratos.sig deleted file mode 100644 index ff10115bbf4fbc0d74047de8e81ecc45a2b11b46..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JoKpY_2@re`V7LBIa1(FL5CFB{`0&-+4W`0<3nHQ{ ziXB0QvK1Ve8FXA3@BV^;lOKCcg1t``A>o4%Kd7?o>z-5dJGh!+0jDeg45e$mdp&OF z)d~mwRlOb-qNb#O|NHRz*0^(v)l-{`$Z^fdX6xK{+=U4hy7uAC zc`+-EX5JPfQ$}e@s1Zup`Ly!MqZCC=)XyaemiYyb@D^0-?p7MOCSO&>r=_fPUs6vV zkc@Z10sO)@wvci^X0aUtfSZ9M4my`?ooAwBojYM&Jf{=Ft6eoWYz`H{ONZ%-@xb_< z-#`-qu8{aP43`pQ>w*NSvf14RUB+uMSjY_ZA^q(jZ=)@y1gZZF{a>*#XQg;3VV8I+ z&jnNswO%rlr7s{JLvj{ad)6@5YDU)Bktee!|3*~heZg*N|gSdf3!I( zj+%?}vKNO(HA?Wj&iT{c-n6mVTj{HO0e0%oIJdT{%DrmvMYrTSv#dL(a7NNP(tY=8 zy}acv>1n`w>nUK%Tme1s*}h!}BM*}06e;H-_^BE`MC|(Be^>t0ybr~Tl252vYvADE hz+9V$Nlh`~t(PF$`Ii8io*`JI5v|bh;*h$5cGk#B6O{k} diff --git a/sigs/images/2.3.10/so-logstash.sig b/sigs/images/2.3.10/so-logstash.sig deleted file mode 100644 index 54cb8d2b87e74ec885d3bc23b8cdf8b1f0986017..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JqI>`f2@re`V7LBIa1$yP5CE-#ZPB@foH`LkCSY#$ z?H8E)^YJPXFduzp)!c;I4k?`=eGm;_!ouIqg$u%WDY@yyPPbNz-_1!sWg>5-hCg>a zvN_k<$6GJ2&$C7Pu+!sPMD6sM`~`j8bV zMq&q584lg8yh@|onz3?K*o7ycKDpF^rG5E;w9nI-KR3@!F7S{CL!pF)y~J|`ATJtu zT+2_DejBFyJ?0y-$^?`>W}4w&(I@`z4<@(>S4`)_g2}nmHh8bzo)vRLF2cXQ)|R`~ z%kiXPOwQH|IKU1Nz>(-v*#LX!s zoc%(_+^uea53rjKs-wVFPgyaG6tFri3VF;=<16VCmY`a>h?adiljK1mLlF+q&*Wj>8Y*b>gAMU(nxkr@bcEZe z3^g=TX(7IjZQpFxOZs*6oTwr! h6|dxNp^@EZX>wx>2p&g|_DElZllE5&6e#`|AjK|11zG?A diff --git a/sigs/images/2.3.10/so-minio.sig b/sigs/images/2.3.10/so-minio.sig deleted file mode 100644 index 7826b69cf045ccd65b92816fffc819d5446ff533..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KV?Y232@re`V7LBIa1$Sk5CFgWp*k?Q=Q0}d_jKhQ zj4-bs`F(hhDm(2S!|UgnLet`x5BcSmNxW!^HWdDCIA(-i$w8uYTgJQ&to41oKy&eZ z;@zwX5tIZAo3J7+_q#(9)HaK(u2Pl16rgWQ(!IJ|SKI<*sfFNzYLTgxJa*2*9Ci-t zN5y$h_Ko*~t-5K{_78;pOs{C%`#ikfRaAC|BlD{lfxgF;dZ7ILuO+T{``gz%vaG>x zP8n1nT!4((m7xLq<-1us3)9-Sn@OPQpc_CI4S{5N#uxYp#QSgmV!^D8-m!AWoiiEW z*7t#FCKTrrxh2t#q@5T8{sZp{;qht8q4GOg!??tnRf@}Fa@(j1+bs2P0bpV$ zvs7966#Pn3O?#jhvJv!u$YP50py}!s!;Qp&w*_!sL2^EOrZQf&AnuF8p$s~ zlmUU2A0|A`zE-YR+AWU_nB<7yC7g2W2R|p8>%5=Ix|V=0JLFyDD7sg-u=0E#+&>bL zN|P!11ldue3@2JQwp@XhJ+mXcYx(p3-o4sWA)Amm6%n`eI@r*WN}Y%l>=dQ}iswMv hY!)ne;%Oz>cBGWBTrWB*1S6{HGx_^mz2j>mAZ@dpkQcNf>ax=&d_q&q^qvX%kG~|7_$1;5H7Jvl+ z8E?*0+u`#VU$BoKVsm!zm0W0PPum=qMnSA@|Md@YbQ_;MpZ6(kxKWp}79=Wp^h{R+ z)VP99W4p-E^74P~Di~fIYmr^0}<_2rVQ`QSXU%Tv*WLgT3b>A!&IM`eCxqADo7gBSRPb>Hk%iL*g?lI4474csn*Ur}Am?-y=eoE2V z9fnY^@^>O2s6$&hDA`}8<+9&Dklg8~TfA@Ft;+l6?6JudpstY0k3YGR@^7By@X#Qu h8blvfxTtmTeY*g5qum93x#pdXavFM!2C{(C64fb%2b2H+ diff --git a/sigs/images/2.3.10/so-nginx.sig b/sigs/images/2.3.10/so-nginx.sig deleted file mode 100644 index 1f42909b3e25cc21c222ecb80b8320baeaf88b37..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jh=~9S2@re`V7LBIa1$rh5C43XMfEQyn`ddIfe%-L z@s}(};S{37lnw91f{Pr70sdHRl9(;D0n_fM-oQZ3w97p<^!s5&2;zYyjxNIZ3LpSG z2q@o?ji8g^{M#2Cv|SjCsqKut5Ap>NU?G>qMP8&*Z0b|muyD_%WCyr9Jh(%;v5dUbNX+J&%uENVaXPndcTkeK0KaJWX$HR)W{!g^%*p1(qP z%vAJmXy~9@Tvy2vG|AG=2qd50LhCW%PH#kTTL@|gA!nXWYl5zH@ljUl=_vvzAT>1&-L@*vk_~TvoS-iONx>)G=G}3Ml)_$l3 zC<=cTuh07BvDiiUaeoIc%vQyXy^Ucja|DfS9T*rJp4wo}q_3}H0kaCL>zL`93S$5O diff --git a/sigs/images/2.3.10/so-pcaptools.sig b/sigs/images/2.3.10/so-pcaptools.sig deleted file mode 100644 index 8755e142b69ae07acd94223aa7e0e150b4562ecc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpQHc^2@re`V7LBIa1+DL5CD|(ysc$0LHbg>mIkNi zw*j1j8`3uYF{?epa*L>3(m(A_|E3Dmqd8oQV-bQ$MAH5tRmo`zW&Fs*Xkw^}j|jUv zmD?8scyKnolV#h@3p#_xio1rwZrN8I89PZ$DVNeZQj(tw{|J6}o3R`rJIJ=QT!~yH zh^3aKtELmFB%u|>a0NFSr|_}<(E#iiBTBdDj=V+!p+JYoOH=2kcXfh?{i>iL$MlU%|Ckci}=t-G0T!(W8V;RB&h9_ zZng%R!K*iIC;9(Fmm@LYan(Ano?#MQj$vPwz|3>>0TuNCl4(4OQ#_!Fg;PL_K>KG? hEw``ZS|0*vISIYmbWX;&Wyy;rw{utJsY>`m=3D^Jt diff --git a/sigs/images/2.3.10/so-playbook.sig b/sigs/images/2.3.10/so-playbook.sig deleted file mode 100644 index 0a3d501404d5c02eb9cbd48574e2c5ca2a646e8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jo}T~;2@re`V7LBIa1*t45B(Sza?%rr)u^h%s1VIW z@b&0=qtD#4WCaSH)q6-WA)U*_&dj<`Vf$sdOqu6BR#VU97k#+WGB;CnC`8wM`2u!29l5@L_wY5nr#^K(ejmOM0e+~;0N}zr zw(u!u|GJIo_BLVFUk!JXnp#f{z*{zlEOwS%gVjo4CtpGTVqDATgv}(0*?)N)?2I4O zB-Vti<9;67^&m90rI+R=>5c!Wf}}Hb>t;$vq@dV^^>Nk&LK@`OIO>ApgS&+LuH72k za#vH<+{3X&OD%g!Zs?=!SLI43V*N5r_*Xwk0Qx9A!C99jej0WJuZDhzzu_Ihyq);1xkc? z3#W5^Yv#7do@@d={5t-xRdN&_f#w55?8|_wQ`r~)0%Qzm{*nR7xy$Oy_;;gLh-lbBsB zPB;j>rDW-!{V&d<(S0K-sc8Ro`ztjbWZN;m0AO)=x@#t8n^9mdOF`c;<}mPwA=tQ4 h!%G3?J$09xs1zceVv)We2{ki|pP_Y(z~#NSIKP|R2g?8e diff --git a/sigs/images/2.3.10/so-redis.sig b/sigs/images/2.3.10/so-redis.sig deleted file mode 100644 index 73d8e21916c86b6b6a986809321dab44dbf9c9fa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KVy6HK2@re`V7LBIa1(1i5CEm;%WJLfIAz}8qwgS! z;&a4-WM7HdW{2oP*7}C)E)WU?1-;PsFsPwSejQ<}I@xNML|1OExjk9Ug0v8jrodLn zMcm$SMiYI;Fkb(R5V&B0f|DK~>o%VtTBgFF3ps*1SPUdq_dfrKagfMxn3`+IY$=Mu zdCP1u&BKbM{B|f`1g(N0n7E9@d`|zxHON`le3`4!qTw1Zzer(?4c&5Y7AN}uslGWa zPh)NsAT+`LpjUvf2FKQkt7pTVMkl{p?UTC>To3|TKn}Zegdx@@{G_8An6i#en8*LP zLG>RU;3=4q*F%VZlv%h15aj8p>zumky~PfQu-btfjBb6)8**q@H7Za#20Jd5dAI*$o!4IMP~Ahm&PY3{%5IQ zIwxB!h0WHAmcSzaJ*#VX=CO34c$K&bk%6^`s&fK$e@brbfG*L(k=ZkFbTX9Wt|!+^ h(wrBmIDQ;>N>6ITSt>-Zt2C0J3NA0)WWGM$Po*s6p}(1FI?~NBPEvJLq>1jdPpy&XED(2vzDQj_tu^vi zXLeG7vZT~m5^R6Lasl0TVUV?kM}iExnj#xq)e5E?&P5nVaKE9fp>F~`KRFSPWUep} z4UuP)=ehUD5<*PGx`VprGtk7GPOD|)*`u)hx4;FJeEhuP(NHGTuy zJ9)vv^W0GTsQkRs>G%Vh{Gz&L6N^uq?&xiQ8Wv^N__k ze8p;BsoSA|wEAn1U~Jxe%3f9v%p@p2qb@|;9(`-~+&9MX>bIa|Bfki#t?Gm2 hjzFUJb9tn{OG0Ee&Dl;Vv;E>vwq6MkD=fM7fIc9C57+_#khPmIQRV-c6(22od*Y}QQ4n65qy|Yo)&)T#TmJ%S zJ5P^4`!CR_7&BI#e(4ql6pU12#KymuAtRTpR9#FNI(EA*m<;8p%jgYfzh>#TG!pDZe|e zKWoLVveyE<>^3Fk<3&W3aUdG4;F3rFf+BTeh6n^Cq;Y*lbu3}z%|nrS%wwH>udWZr z3~ubw9mzvT+YD!q8nWP}4#!THAvo90U<-+GA!0jBojEO!Ulg2u1`GS~V3BQR;oQ%> zpTz+h2SKYs-WYG!A4E5;E h;eLJ=4bo4syqZ4RShh$`TRTX*hx9Xs&3A4QH0z>o_`U!D diff --git a/sigs/images/2.3.10/so-steno.sig b/sigs/images/2.3.10/so-steno.sig deleted file mode 100644 index a3d9704e0cc1de28aaa5a3b86d8cf35bf4a5726a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jn{faN2@re`V7LBIa1)Gx5B@WfEy7BZ%IA*m{Wdv} zW9Q88Fj@+@-LZ>4v_=M>gw$Tz{g!BB8%KZIOeY;W0@+&^R?_{dgW~Q(GD7~;J@hL< zMVYORIl83|`MJGJ7(c+9?6C$tEbL#Xs2&84xXRi_Z%w&2-_LWeo)a<{LkV0?*I$Ge zqiaP(*yHE>PY~u!I4DESvamd>`0P}(PKh&e#i(z;NK;(DwROhoBcTpO(Yb&a3nZ6N zauv$`gn@(0Z(EdUxM6;O4--m0#ivu_FrxVOx4fEag72e#3OB8l8D}!uy|EqHa9S=q zDQ|=CVo`wLs4BeYeud-ehZJ^V)gl2JaYI|0{*h)wx)d0~9oWqZ1dsSV;ASn`(Y>K-QBE ze?>keC?LoCO#ACuITI5|50iht^InXfXkubN9gjpcKm#hTVq4PCY8zbhPIeZU>XyLo ze2j8Rg8$Hl>(X_EA&7QI&PJLo%v0BLT#htoTo-myqxw-s2(3>v-|B|F6fZSh?uSy< zutWSF2w@)`t|(HaLwK-GiRx6?3NN_$?#Yjt4yh5^>Ad(A3!|L}HjaQ+5KOUJ*6J7L h9NZ5S;g4HEY%TO@Uv1R&WRmE1-jev?AL;r2?*qP{2n_%L diff --git a/sigs/images/2.3.10/so-strelka-backend.sig b/sigs/images/2.3.10/so-strelka-backend.sig deleted file mode 100644 index b7177d12d48fefb77c62c4ffb4f0d9750567dc1a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWJCZ82@re`V7LBIa1%`35CFQB1JQ$>q4{2vzOq>d z|6}jrHl=I7OE&C!41pj>Z`=!9g~fnVP@MpQYBOfXHwq(16)+w89Q_;QbyNKKJd?QE zI42+3#zG)nu^i)BYJb@xT(>N+)k3RD7j_JmgtN6?@CG7&d3T9Xo44_+{5n{65=$9LL(f=D$NMF%AKq%fxHv^ zd->&8q>D?eyXvSCzH_G9?VY5*MC>e%4{SCwWp?Jo6pt$5v?JENnQPd40bQsEcqxw?gn^#4&Pmf# z(eNgy_3`nf?1Vc)hA3-j0o157tOW*Sgys=_?x2PF!6uXSRaz}CI~*kJaXnu#oV zQ6b*7tk=E))u%0(#i)s;P&QvCyZ?xjO3)prziWmiY^jJ=?{fKr>Nop^P})Wj`D2A{ hNs7l=P0Au>tmu@v&4QsK#S=|WG8xZNQ9*3J51~NJ1knHh diff --git a/sigs/images/2.3.10/so-strelka-filestream.sig b/sigs/images/2.3.10/so-strelka-filestream.sig deleted file mode 100644 index 23a22173892311f9d437b884902f8beec60a599c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWCQ>T2@re`V7LBIa1&Y@5C3>Gi>`${eHtTyEG+e& zb`G;(_O`(8ISdLYPsaof`=v^uX?u*jg5&TLsQb6dZZsMW*^I}s<_lLxf#GT)XR+mX zSM^m7K>RtsjaWIy{nVB>TB$rnzG?|ii_)s=U_*ceaF#oIq##a4{MO5{e6bnTx_(`G zYs46T|4hn80EsDkY9b1vkdn(@0@08gl>t&O3s)@YH2FOXF>>Y{7V#NZjU;V$dd@L) zniy)CRilTH+*`GMf3t!AN(?KuUeJh5j_Lw3fqb(la*KgbX&5cK$7@n6HbB9(g2;F| zbjP}hKLqlUDVIsLU0`tA!o@HRL2SDXFE$tX5Jhfkh_UiSFz^BWpFLTbS5YZEZLhxS z-34UZYOdJb4?@=brFx}W>){t9H$hnFkU|FB+;RW|q_CER!NbnZtB)Dz>iy3&A1G>2 zv-9azL6@1*5@|ioUXA{1U(L0Kq$KAD_q_Pld(QnEY2@fjiT3ZFO7&N^yLO3N4I^>G z{B3ljOhdnW#azluW?q$m)+TqTDd1TnlQ2yo`ztk7Xrq>JHR(Qy5YF7j|B96Z_?61V8`) diff --git a/sigs/images/2.3.10/so-strelka-frontend.sig b/sigs/images/2.3.10/so-strelka-frontend.sig deleted file mode 100644 index aa858871e86800c7c1ef20185b4ce479be1925b2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KW8nY_2@re`V7LBIa1*n{5B(espOkW6Yaag!Xk$(3 zYqSYoI0P-N>d{~*Mesa<9c7D;3ARn`=#!frsprN+MI*#V+#b(3W-+X(-sO9lx|gMN zK5K*6L8_fJ%k+<3bk+O(EM4mAgzfpWb+PkciSyyH7?e+=Mf(r;2uBmL=3!HIh1^E> z62JC+69e`qSAMlt(5#)1vplhE#ach()eWGTZSgeYU;LoRXb-Q05rE&Y!~>9m2-eZz z%BOkG)ocp52ucyDXr8VfNZpy+dhicF8OA}YkYjo{1SbEhl?hG$$gV@U0q|@MzM=Yx z90e&wyvS}GQruNlZD;$`#CsilMWx<Oy+U&FG5F66JE2KtqYTuj+6L(+*Aj;h-tBrYE=${} zc(hSEVF{@B>I_8Jj@9Fhs<#tN$g;P$<7{I2QZ{g%a$ChF=s|}zSgoyBcQSo|*pyM| h+s77{i&@1BJ3;j9@f}NA0O$eB=jyqX(dUEeE_iD55vTwF diff --git a/sigs/images/2.3.10/so-strelka-manager.sig b/sigs/images/2.3.10/so-strelka-manager.sig deleted file mode 100644 index 51db7bba95d2bb7e764b64562667be61431f7935..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KWZ?h`2@re`V7LBIa1&;45Bv$XYDEQFcucq4XpuTf zEGG%rhZvuqpD2Xk#j>h(T};+n077RxWM%Xn1JcB!Wnr2a z1nyRG4V;&=Ke)@B; zDg*j5x2w`FAw-1|Qu(WT1V{#FoOMz3UX`qX>itrr!So@+dRn4#?8JIymw=7CoEOD% zkZ11o=iPuIZHKm0=k!d!XgfXg+$5wI8a1(+KrOIqOWa~xv$fb_*K&t~Nr^~D@1aq_ z9K_Plmf|}csPF+CL?1jwO9yz85u<8rtIVp$bGG?Pq?VEAO&9k2(G=)@UGQ%AY5dyx zG|P)Qua+HH1yqUKmc(0&z4N6X|=f3#yftHovj@(vlPWv73 z;e!)f0cHaAME2i7I5)_oonfA=ELFsvqwP42ykcCG0^ki!#2~`&y8RIV#nU09@2T9f zm5k40p4zWhqnW7=lAFujJ8&~B>2TOK69=S8lv9}?yr(RzwkPtGiP8Ehzm=ZJc?{Us hvSp8KAa-~#UC0%deFF%FB7cegdEFq3P=LAHJLd}B5k~+3 diff --git a/sigs/images/2.3.10/so-suricata.sig b/sigs/images/2.3.10/so-suricata.sig deleted file mode 100644 index d94b58866cde9bd4dd80c72382c3d09501670b54..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpDF+f2@re`V7LBIa1*Fb5B?&fNajM;wLUSfr|U25 z<@$_SD?GLQ>)`c5- zAi9QT#U#Cl@6o0NOQ&7#PQOdkV-#^A>(#2aYR@>Nq^kY5wm|H7&Sh0S&tw`SA!YoR zIDGZkp@#*)HGn+>v6D3V8!!ZUuIFByKsxvSyNr{FML2D)7qzMD>D*hf)oM_*(Kyy2(!?a(Tl+S;gaIY$560R~T_pI4fd_qpHU<1#W?nm5e#whIqgpFXv zQ)!Lkd4uV@5aYQGo92q22$_q77oPw$w31azGBTDO`~^?O&HBm@zqwSI0C&?uP-_*a zcrvsddV7MgXo?8{%k=$zabFl*7T72T2ADgXr1126RPe@Q_hnM|KmUtI;KKviPHrx~ z!nX1Yz5*Yh;GA31%+ahWcExlAj9{OR$rIve2#l^Fw+0Wk0gM-CykW2jD1Y{h&;;hc z)|xAMLU{AM341v@e$QYp-pzyDC-+?D{vJ;`W4G-Oh&Fsv{c!PK-n7g`!-q{Bc!Mqx z)Kv7hp$Ow0rBl@fZ~$V2Ur1s|PjF43audTgvxEBCj#6T!;IlgC2EBuHJkH7&G_pv~ hByYgHfhdfN-q1%w1Zi~>u)wIVeWK+oeojRxp}2Oj_c diff --git a/sigs/images/2.3.10/so-tcpreplay.sig b/sigs/images/2.3.10/so-tcpreplay.sig deleted file mode 100644 index b8c02f2ecbadb41c842051676601f7bc3ce2f832..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JpYs3;2@re`V7LBIa1$Pk5CDLebjeZX7i^)?NQf%y z2T#9RHZ6WzN_%GI%3625oZfWy>zsIz3OM}28?(I`KP&w$sUFE#Awrn(3Yl-Gz3VKd z&$d8GjXS-$HQxc*9-NpS%~YZ-j7Ze$b7D;Y_biDk9*DFZwNr@nk|^zc`|ZOI$=B{=kX#hW9Y^ zNXCeA-Z|5>03EPCJvp1-KVZb<061J8gI4vNl5kG+p`lwfKpTc;`+VS4JfHyz+`}V z8f(oaO!R1H=Kpje?gMyh)I2ACBdEslC`Q+J`tRerlP#vQ>-N|D4%6T4V&ADD%?xAk zlAO#t3O|rk7kqzZ9E0r3M6w&sat^6}G!{<1K*>?Jf@ah>W6~fl>`8k1->N(H*!nog hQGryZ(`)}{#nXI1z6g$?t33LfKjNcbg*mzbRfpqM1(g5* diff --git a/sigs/images/2.3.10/so-telegraf.sig b/sigs/images/2.3.10/so-telegraf.sig deleted file mode 100644 index ec5f07070dcd0a52cb1cc2cad2eee35b5dc03908..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5KU=jcd2@re`V7LBIa1-Z05BdVlGRp&*6N$be2_Nhn z+Vj40IyPV5T|2&NVHCoESX_^V5wc1@x1w7@Pnps12jm9eG<(vMHF?CiMp(avVm9eC zO$nJE9ZA)uTeHw(zw!k!aZ|IGpNu$Jc?GCzpQ1 zGtUPFTOr9Sd!X6w2Z$0z=8eTegT80hpnn!F5K+c}J)+a=Jd}URwDdM|=?LfTJ)|;) z@;WjmPs~1f%|?{gaa~Sk(K{4TIBGpAE&eP&&+`Uf_{tVghPze-Lm$f_z}P^nb%Rox zJOEOdy0a?Asd9dkmt+Xlj}8E^r1He7ORfiz%r;zF3?^n<3fb$YM>;yFgEIbDK2?>d zpM*BG9l`#xh=B6v0l@MrcXOyzq~zWmEVx~qIwH0XloFk_J7k@xgwpimgcP!L%#7MUK z%)D#lX>-J*lm)!;^&R?IOJitUix8f2Zb~|#ymH{Co)2k{z40u8{T+{;=1ujBD)$=B zW9+p(nQ&Jg3iMqdKK%65VY~$7Vfq8~=j6b;z9l{&v#1u>st(UatH9Y?$wrG@Z?E`~ hE-3T0W@B*ao5wQ@t%omVyP!WJk>7Z-WtJWZlP>?10;vE1 diff --git a/sigs/images/2.3.10/so-thehive-cortex.sig b/sigs/images/2.3.10/so-thehive-cortex.sig deleted file mode 100644 index 7d3321db0d1e54d61400498270405ad6bfd7ce94..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Jqr?CT2@re`V7LBIa1&qW5B(gKd8-VpmykIk4vwp6 zGAi?(|4bD`I(yW!>VYx?F7UZAxd*wn6fcSOvTJ#vjjCOdHI65Aqt>+{>(D9F8EEqiB`C;qzv zvO((m`k(v7+3U>;8CJ=6!~F;gx=2^V{()uLVDCWhThU))HP#tW4ir8lbzDZmMr=~g zL_LJVu={Ib53z>=;FO#(CjW>TtNVic$&JBIC`nU{X}QR@j9t>cxgA6W0|5>ta@@SdvP97TVA}rCW6fgdNHkZVBbSzXNQ<4Ph7Mo8WU@i z3Di~he9@0@#E;X6`{uMXPxyL~lmt8poRp-0idgFq0U$6JqVvI5(#bB z%$chDOHD~gQKRk<+DUgFyf%(;>RXpdaL39JB0YH)j6PM#aJkw4k%ZsC0^fygd;DHB*|vSPhAgR6v0i+`-U;M~UU*8jbwI(u%Lot= hKpl}zupNB&%}=%p2uB2J>`{{oR=%mjy(Jm$}H( zq{x$T){g$MbRLn3);`!s}*D`CE?X zCwKm8<>F0<95wCwKKq0pc3@;D7E7i(MtYOaxk0v{d`281IQb<@0?~im zswU35$5n>IzU(UFx42Jr`UGmCcGO`z`*N*F8`Up_abrZlNOPO4B0M7h@^25V1~~!R z(D`w2DzlK8E1Z1+#s054bWN&_%v!%$*~$o{ICX*r;w}*pVrhD^lI4Dsm^Lz?QeA~b z;artGEOm@eh2MUgfG~T$B$A7{JT+&xL*%pj;QkTAQQp;tdWK?Y2-jugq7s8=y_pir zgYT%cImDRDL{%eB0eV<+(3cv|1&O|-2&dN) hvd#Lu(LjU<9$*6D6Rz2;Xl-0EUZlv+1Pe^-qV8}v0g3FixB5MXB z?g}G<9bj#ithZI0jm78iiwaQ=dptc9XSe^J#bg&eY7R!?>t+8a5Ao{}GCz7Ss>?BE zaMfJ`!;7lv5P@Pl0Q~rb;?)ZWND;M$8){A{*;!43S3D2FJ#Zex*_I8evWO#2P9M4G zx>eLOae2WE8NVm3$j#9=428=AK>`>wF!l$M1~!5Z7;izq^E_Yr=>2}&uG=&_^15{7 zrdhRl;rq62GJ%sxoZ4Hjy7@332_r&X-ND$?5rLinWh>9(`#CqL9?Jv>S`m(V9juPD z<)#9E@DKiSjp=qA_m{CmY1JR;PYgxB=e#md1V$%TW7Yr#22!|?fz)oP*So0bTbat- z1ITTSp3+Sl0kS+Q5-ODYEcP&;Qp^B?qgIZSRojS2LlCt=C4KLpJlAyhrG5GgUuH_N zwj9|pINQM(`GrBjYLJg_s4`coF8;UkJI4o$JUoy^E8EzPEs6?2ewZ2X!L*V20z3~*fu!(dNiWYc h+mSlHShAA;3grP+d_qJC(Z$glrp%Q7oV-gJPx1nK zS=IrwGj7Ak*kq3}K#ow1^e4{c!ED`$WSW(x#lOla7<_^GN)NuAdFsr~Qx@FbeBnke z5-bBljOKBM0QVQpxoVXUvnTV4V%|v=$ojjvrih$#0ajwOHz7OQhk&iffAPke@}O^Q zg1>Qf?f;4*Hf55my@n)m@3W_c6qJ?+dwMDC_w(ywEYnmW2vh0T1eSfhUBuH*vISK) znH(S=kW>0pjaZ{9E9MQ!;al^Yar7zS5Z?!7ru_n*X4|lyL;siIs1T<&FsefSgml>F zc0sHA(0OWSklL^^BRSYw^Z*$old+_4aYOh<6HQlsV5aAEE z5#(~`xlv66&%X_K#O0hYJ96`-_~FoFl~OO5=)acf`PGW&cz0lM!xxkzKp2{Rx*oD& z0WahN>jvOK*U@6{cR_LMj~#0)C2_HWQT#Mujt0Vc{r$7K~{3mH-fW`MSF5s(0 zSN}K5R4={yoa`l~`2Sg7A%M3ToNk{N+cIR8nvZ6Bu7cPKLe4gCeBwdJQejO}5 h9mb)Ys31yobJ3#C3T#9)V`Qu{hIPE+5Wo_ROd(F^3lIPR diff --git a/sigs/images/2.3.10/so-zeek.sig b/sigs/images/2.3.10/so-zeek.sig deleted file mode 100644 index f88f86a0ff9134af5d177828f37b55a6e9318bc0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p;5JnkoPa2@re`V7LBIa1%v&5Bv-$3yQ*jYu_V}m*Cqk zG~IgUCHfiSuipnt2Ot^_ZXs1$V(FUY=s`*@!Q~ikn+I^Z+gM|szU^J`S8dA25Q=4Jrlyg(okiL6~iQCT)s#*Kqe??ebtaU7fDsqAOSR3 z_(~%cBd-b$pg&pbPZew(msIFs$NH`*X)%Rp{GOaZdLJcRx^C9?Sg>hP5bkKu)~;11>};iJNLSfcKlFYhLNcptaqL3jYCE9} z-JuTYE)cqmPqipx;yebTbe>H_oA7NO%)MzGZUenqV=MLsuX@QbuatJf$68>Tx6<`U zMkUa@1G6Fr78*wpDZ^Qe@z1S??K~R@367175*AiuZVLoeClUbv;|x Date: Fri, 13 Nov 2020 08:51:28 -0500 Subject: [PATCH 371/487] [feat] Add ssh-harden script --- salt/common/tools/sbin/so-ssh-harden | 49 ++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 salt/common/tools/sbin/so-ssh-harden diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden new file mode 100644 index 000000000..2f78a7af8 --- /dev/null +++ b/salt/common/tools/sbin/so-ssh-harden @@ -0,0 +1,49 @@ +#!/bin/bash + +. /usr/sbin/so-common + +if [[ $1 =~ ^(q|--quiet) ]]; then + quiet=true +fi + +print_sshd_t() { + local string=$1 + local state=$2 + echo "${state}:" + sshd -T | grep "^${string}" +} + +if ! [[ $quiet ]]; then print_sshd_t "ciphers" "Before"; fi +sshd -T | grep "^ciphers" | sed -e "s/\(3des-cbc\|aes128-cbc\|aes192-cbc\|aes256-cbc\|arcfour\|arcfour128\|arcfour256\|blowfish-cbc\|cast128-cbc\|rijndael-cbc@lysator.liu.se\)\,\?//g" >> /etc/ssh/sshd_config +if ! [[ $quiet ]]; then + print_sshd_t "ciphers" "After" + echo "" +fi + +if ! [[ $quiet ]]; then print_sshd_t "kexalgorithms" "Before"; fi +sshd -T | grep "^kexalgorithms" | sed -e "s/\(diffie-hellman-group14-sha1\|ecdh-sha2-nistp256\|diffie-hellman-group-exchange-sha256\|diffie-hellman-group1-sha1\|diffie-hellman-group-exchange-sha1\|ecdh-sha2-nistp521\|ecdh-sha2-nistp384\)\,\?//g" >> /etc/ssh/sshd_config +if ! [[ $quiet ]]; then + print_sshd_t "kexalgorithms" "After" + echo "" +fi + +if ! [[ $quiet ]]; then print_sshd_t "macs" "Before"; fi +sshd -T | grep "^macs" | sed -e "s/\(hmac-sha2-512,\|umac-128@openssh.com,\|hmac-sha2-256,\|umac-64@openssh.com,\|hmac-sha1,\|hmac-sha1-etm@openssh.com,\|umac-64-etm@openssh.com,\|hmac-sha1\)//g" >> /etc/ssh/sshd_config +if ! [[ $quiet ]]; then + print_sshd_t "macs" "After" + echo "" +fi + +if ! [[ $quiet ]]; then print_sshd_t "hostkeyalgorithms" "Before"; fi +sshd -T | grep "^hostkeyalgorithms" | sed "s|ecdsa-sha2-nistp256,||g" | sed "s|ssh-rsa,||g" >> /etc/ssh/sshd_config +if ! [[ $quiet ]]; then + print_sshd_t "hostkeyalgorithms" "After" + echo "" +fi + +{% if grains['os'] != 'CentOS' %} +echo "----" +echo "[ WARNING ] Any new ssh sessions will need to remove and reaccept the ECDSA key for this server before reconnecting." +echo "----" +{% endif %} + From 210a7bc65b6bb6965676202055e4358a0e965dd1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 13 Nov 2020 10:05:23 -0500 Subject: [PATCH 372/487] Merge curator closed-delete-delete changes from the abandoned 2.3.3 release --- .../files/bin/so-curator-closed-delete-delete | 61 ++++++------------- salt/soc/files/soc/changes.json | 1 + 2 files changed, 18 insertions(+), 44 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index ac5a1aba2..c892bf23f 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,28 +1,5 @@ -#!/bin/bash -# -# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -APP=closedeletedelete -lf=/tmp/$APP-pidLockFile -# create empty lock file if none exists -cat /dev/null >> $lf -read lastPID < $lf -# if lastPID is not null and a process with that pid exists , exit -[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit -echo $$ > $lf +#!/bin/bash {%- if grains['role'] in ['so-node', 'so-heavynode'] %} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%} @@ -49,40 +26,36 @@ echo $$ > $lf # You should have received a copy of the GNU General Public License # along with this program. If not, see . -#. /usr/sbin/so-elastic-common -#. /etc/nsm/securityonion.conf - LOG="/opt/so/log/curator/so-curator-closed-delete.log" +overlimit() { + + [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] +} + +closedindices() { + + INDICES=$(curl -s -k {% if grains['role'] in ['so-node','so-heavynode'] %}https://{% endif %}{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed 2> /dev/null) + [ $? -eq 1 ] && return false + echo ${INDICES} | grep -q -E "(logstash-|so-)" +} + # Check for 2 conditions: # 1. Are Elasticsearch indices using more disk space than LOG_SIZE_LIMIT? # 2. Are there any closed indices that we can delete? # If both conditions are true, keep on looping until one of the conditions is false. -while [[ $(du -hs --block-size=1GB /nsm/elasticsearch/nodes | awk '{print $1}' ) -gt "{{LOG_SIZE_LIMIT}}" ]] && -{% if grains['role'] in ['so-node','so-heavynode'] %} -curl -s -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do -{% else %} -curl -s -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed > /dev/null; do -{% endif %} +while overlimit && closedindices; do # We need to determine OLDEST_INDEX: # First, get the list of closed indices using _cat/indices?h=index\&expand_wildcards=closed. # Then, sort by date by telling sort to use hyphen as delimiter and then sort on the third field. # Finally, select the first entry in that sorted list. - {% if grains['role'] in ['so-node','so-heavynode'] %} - OLDEST_INDEX=$(curl -s -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) - {% else %} - OLDEST_INDEX=$(curl -s -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | sort -t- -k3 | head -1) - {% endif %} + OLDEST_INDEX=$(curl -s -k {% if grains['role'] in ['so-node','so-heavynode'] %}https://{% endif %}{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/_cat/indices?h=index\&expand_wildcards=closed | grep -E "(logstash-|so-)" | sort -t- -k3 | head -1) # Now that we've determined OLDEST_INDEX, ask Elasticsearch to delete it. - {% if grains['role'] in ['so-node','so-heavynode'] %} - curl -XDELETE -k -L https://{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} - {% else %} - curl -XDELETE -L {{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} - {% endif %} + curl -XDELETE -k {% if grains['role'] in ['so-node','so-heavynode'] %}https://{% endif %}{{ELASTICSEARCH_HOST}}:{{ELASTICSEARCH_PORT}}/${OLDEST_INDEX} # Finally, write a log entry that says we deleted it. echo "$(date) - Used disk space exceeds LOG_SIZE_LIMIT ({{LOG_SIZE_LIMIT}} GB) - Index ${OLDEST_INDEX} deleted ..." >> ${LOG} -done +done \ No newline at end of file diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index e9556aee6..ec54844cf 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -3,6 +3,7 @@ "changes": [ { "summary": "Updated salt to 3002.1 to address CVE-2020-16846, CVE-2020-17490, CVE-2020-25592." }, { "summary": "Cheat sheet is now available for airgap installs." }, + { "summary": "Updated Go to correct DST/Timezone issue in SOC." }, { "summary": "Known Issues

  • It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.
  • In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:
    1. Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes
    2. Re-Index the data. This is not a quick process but you can find more information at https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing
  • Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at https://securityonion.net/discuss.
  • Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.
  • Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.
  • When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.
  • When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:
    1. Stop elasticsearch - sudo so-elasticsearch-stop
    2. Run the SSL state - sudo salt-call state.apply ssl
    3. Restart elasticsearch - sudo so-elasticsearch-restart
  • If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:
    1. Stop the Docker registry - sudo docker stop so-dockerregistry
    2. Remove the container - sudo docker rm so-dockerregistry
    3. Run the registry state - sudo salt-call state.apply registry
" } ] } From fddfb8eb92cc2176818501b5c66a552798735425 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 13 Nov 2020 16:06:22 +0000 Subject: [PATCH 373/487] Syslog updates --- salt/elasticsearch/files/ingest/syslog | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog index 2f35c5961..b08a62187 100644 --- a/salt/elasticsearch/files/ingest/syslog +++ b/salt/elasticsearch/files/ingest/syslog @@ -12,22 +12,23 @@ "ignore_failure": true } }, - { - "grok": - { - "field": "message", - "patterns": [ - "^<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}$", - "^%{SYSLOGTIMESTAMP:syslog.timestamp} %{SYSLOGHOST:syslog.host} %{SYSLOGPROG:syslog.program}: CEF:0\\|%{DATA:vendor}\\|%{DATA:product}\\|%{GREEDYDATA:message2}$" + { + "grok": + { + "field": "message", + "patterns": [ + "^<%{INT:syslog.priority}>%{DATA:syslog.timestamp} %{WORD:source.application}: %{GREEDYDATA:real_message}$", + "^%{SYSLOGTIMESTAMP:syslog.timestamp} %{SYSLOGHOST:syslog.host} %{SYSLOGPROG:syslog.program}: CEF:0\\|%{DATA:vendor}\\|%{DATA:product}\\|%{GREEDYDATA:message2}$" ], - "ignore_failure": true - } + "ignore_failure": true + } }, { "set": { "if": "ctx.source?.application == 'filterlog'", "field": "dataset", "value": "firewall", "ignore_failure": true } }, { "set": { "if": "ctx.vendor != null", "field": "module", "value": "{{ vendor }}", "ignore_failure": true } }, { "set": { "if": "ctx.product != null", "field": "dataset", "value": "{{ product }}", "ignore_failure": true } }, { "set": { "field": "ingest.timestamp", "value": "{{ @timestamp }}" } }, { "date": { "if": "ctx.syslog?.timestamp != null", "field": "syslog.timestamp", "target_field": "@timestamp", "formats": ["MMM d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601", "UNIX"], "ignore_failure": true } }, + { "remove": { "field": ["pid", "program"], "ignore_missing": true, "ignore_failure": true } }, { "pipeline": { "if": "ctx.vendor != null && ctx.product != null", "name": "{{ vendor }}.{{ product }}", "ignore_failure": true } }, { "pipeline": { "if": "ctx.dataset == 'firewall'", "name": "filterlog", "ignore_failure": true } }, { "pipeline": { "name": "common" } } From 8b3262ce1b885f3a0dc0e1a5c79f89aa8afc9574 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 13 Nov 2020 11:20:39 -0500 Subject: [PATCH 374/487] Add so-playbook-reset --- salt/common/tools/sbin/so-playbook-reset | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 salt/common/tools/sbin/so-playbook-reset diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset new file mode 100644 index 000000000..f07df2142 --- /dev/null +++ b/salt/common/tools/sbin/so-playbook-reset @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +salt-call state.apply playbook.db_init,playbook,playbook.automation_user_create + +/usr/sbin/so-soctopus-restart + +echo "Importing Plays - this will take some time...." +wait 5 +/usr/sbin/so-playbook-ruleupdate \ No newline at end of file From 09f3199cc2a9bf7dd15ab93d6e5c42c8a71d8620 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 13:39:52 -0500 Subject: [PATCH 375/487] Change user agent string for docker refresh --- salt/common/tools/sbin/so-docker-refresh | 1 + salt/common/tools/sbin/so-image-common | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index b39513990..cf1b1a117 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -45,4 +45,5 @@ version_check HOSTNAME=$(hostname) # List all the containers container_list +CURLTYPE=refresh update_docker_containers diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index c10f255f8..c1b6fae8f 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -87,6 +87,14 @@ container_list() { fi } +operating_system() { + if [ -f /etc/redhat-release ]; then + OS=CentOS + else + OS=Ubuntu + fi +} + update_docker_containers() { # Let's make sure we have the public key curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - @@ -106,7 +114,7 @@ update_docker_containers() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl -A "$OS $CURLTYPE" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 From 069908ec569b1f5edb372f5a5cf7a60e5188b0da Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 13:55:26 -0500 Subject: [PATCH 376/487] Change user agent string for docker refresh --- salt/common/tools/sbin/so-docker-refresh | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index cf1b1a117..4706f8981 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -40,6 +40,7 @@ version_check() { manager_check version_check +operating_system # Use the hostname HOSTNAME=$(hostname) From 3173c6fd3c455b6104b1f279975056dfacf34399 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 14:09:29 -0500 Subject: [PATCH 377/487] Change user agent string for docker refresh --- salt/common/tools/sbin/so-image-common | 6 +++--- salt/common/tools/sbin/soup | 8 ++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index c1b6fae8f..f5d18ec2f 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -89,9 +89,9 @@ container_list() { operating_system() { if [ -f /etc/redhat-release ]; then - OS=CentOS + OS=centos else - OS=Ubuntu + OS=ubuntu fi } @@ -114,7 +114,7 @@ update_docker_containers() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl -A "$OS $CURLTYPE" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl -A "$CURLTYPE/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 538ac1c56..c2c1260a5 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -16,13 +16,17 @@ # along with this program. If not, see . . /usr/sbin/so-common -. /usr/sbin/so-image-common +if [ -f /usr/sbin/so-image-common ]; then + . /usr/sbin/so-image-common +fi UPDATE_DIR=/tmp/sogh/securityonion INSTALLEDVERSION=$(cat /etc/soversion) INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'}) DEFAULT_SALT_DIR=/opt/so/saltstack/default BATCHSIZE=5 SOUP_LOG=/root/soup.log +CURLTYPE=soup + exec 3>&1 1>${SOUP_LOG} 2>&1 manager_check() { @@ -119,7 +123,6 @@ clean_dockers() { } clone_to_tmp() { - # TODO Need to add a air gap option # Clean old files rm -rf /tmp/sogh # Make a temp location for the files @@ -379,6 +382,7 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" echo "soup has been updated. Please run soup again." From 50175f7e427ef61cff2486d5662cc6ff009fea2f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 14:25:29 -0500 Subject: [PATCH 378/487] soup should now copy the common image functions --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c2c1260a5..f6bf446b9 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -382,7 +382,7 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ - cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" echo "soup has been updated. Please run soup again." From 8577fa63a3c7c7f344adb37121f434f3d182453f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 14:28:27 -0500 Subject: [PATCH 379/487] fix network install download --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 00b7ea28c..b36cd1537 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -952,7 +952,7 @@ docker_seed_registry() { docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION # Get signature - curl https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl -A "netinstall/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig if [[ $? -ne 0 ]]; then echo "Unable to pull signature file for $i:$VERSION" exit 1 From 0a807621ccae24cb1b61bd462918946b3bd3bbd9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 16:02:28 -0500 Subject: [PATCH 380/487] check health of salt-minion https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/common/tools/sbin/so-elastalert-test | 5 +- salt/common/tools/sbin/so-salt-minion-check | 107 ++++++++++++++++++++ salt/salt/minion-check.sls | 16 +++ salt/salt/minion-state-apply-test.sls | 3 + salt/salt/minion.defaults.yaml | 3 +- salt/salt/minion.sls | 2 +- salt/top.sls | 1 + 7 files changed, 131 insertions(+), 6 deletions(-) create mode 100644 salt/common/tools/sbin/so-salt-minion-check create mode 100644 salt/salt/minion-check.sls create mode 100644 salt/salt/minion-state-apply-test.sls diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test index e72d928ed..ccb823168 100755 --- a/salt/common/tools/sbin/so-elastalert-test +++ b/salt/common/tools/sbin/so-elastalert-test @@ -136,7 +136,4 @@ else echo "Something went wrong..." fi -echo - - - +echo \ No newline at end of file diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check new file mode 100644 index 000000000..240d3b908 --- /dev/null +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -0,0 +1,107 @@ +{% import_yaml 'salt/minion.defaults.yaml' as SALT_MINION_DEFAULTS -%} + +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# this script checks the time the file /opt/so/log/salt/state-apply-test was last modified and restarts the salt-minion service if it is outside a threshold date/time +# the file is modified via file.touch using a scheduled job healthcheck.salt-minion.state-apply-test that runs a state.apply. +# by default the file should be updated every 5-8 minutes. +# this allows us to test that the minion is able apply states and communicate with the master +# if the file is unable to be touched via the state.apply, then we assume there is a possibilty that the minion is hung (though it could be possible the master is down as well) +# we then stop the service, pkill salt-minion, the start the salt-minion service back up + +. /usr/sbin/so-common + +QUIET=false +UPTIME_REQ=1800 #in seconds, how long the box has to be up before considering restarting salt-minion due to /opt/so/log/salt/state-apply-test not being touched +CURRENT_TIME=$(date +%s) +SYSTEM_START_TIME=$(date -d "$(> "/opt/so/log/salt/so-salt-minion-check.log" +} + +log() { + msg=$1 + level=${2:-I} + now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ") + if ! $QUIET; then + echo $msg + fi + echo -e "$now | $level | so-salt-minion-check | $msg" >> "/opt/so/log/salt/so-salt-minion-check.log" 2>&1 +} + +error() { + log "$1" "E" +} + +info() { + log "$1" "I" +} + +usage() +{ +cat < Date: Fri, 13 Nov 2020 16:17:09 -0500 Subject: [PATCH 381/487] Remove unnecessary branch var; allow skipping of tag/push step --- salt/common/tools/sbin/so-image-common | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index f5d18ec2f..1a006f6fc 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -103,9 +103,7 @@ update_docker_containers() { SIGNPATH=/root/sosigs rm -rf $SIGNPATH mkdir -p $SIGNPATH - if [ -z "$BRANCH" ]; then - BRANCH="master" - fi + # Download the containers from the interwebs for i in "${TRUSTED_CONTAINERS[@]}" do @@ -131,9 +129,11 @@ update_docker_containers() { fi GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1) if [[ $? -eq 0 ]]; then - # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + if [[ -z "$SKIP_TAGPUSH" ]]; then + # Tag it with the new registry destination + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + fi else echo "There is a problem downloading the $i:$VERSION image. Details: " echo "" From 23f2dee8409be23ea0e1220ac1435009b4770fc2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 16:30:34 -0500 Subject: [PATCH 382/487] fix soup so-image-common --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index f6bf446b9..a8ba8575b 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -382,6 +382,7 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + echo "Copying so-image-common" cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" From 7dfb8f5b12ef8e32d899d5f23b353a50bb640ffb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 16:50:12 -0500 Subject: [PATCH 383/487] fix soup so-image-common --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a8ba8575b..fc1175911 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -381,9 +381,9 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup." - cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ echo "Copying so-image-common" cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" echo "soup has been updated. Please run soup again." From 51b3e066be1bfe57ca2539a9aba9a3695255fc4c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 17:01:42 -0500 Subject: [PATCH 384/487] fix soup so-image-common --- salt/common/tools/sbin/soup | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index fc1175911..2968c12f3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -16,9 +16,7 @@ # along with this program. If not, see . . /usr/sbin/so-common -if [ -f /usr/sbin/so-image-common ]; then - . /usr/sbin/so-image-common -fi + UPDATE_DIR=/tmp/sogh/securityonion INSTALLEDVERSION=$(cat /etc/soversion) INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'}) @@ -41,6 +39,12 @@ manager_check() { fi } +add_common() { + cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + echo "Run soup one more time" + exit 0 +} + airgap_mounted() { # Let's see if the ISO is already mounted. if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then @@ -381,8 +385,6 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup." - echo "Copying so-image-common" - cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "" @@ -424,6 +426,12 @@ else echo "Cloning Security Onion github repo into $UPDATE_DIR." clone_to_tmp fi +if [ -f /usr/sbin/so-image-common ]; then + . /usr/sbin/so-image-common +else +add_common +fi + echo "" echo "Verifying we have the latest soup script." verify_latest_update_script From 6a010bb3e62e3e8e0e48d485e9ee55f03b7418fe Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 17:08:47 -0500 Subject: [PATCH 385/487] change var name --- salt/common/tools/sbin/so-salt-minion-check | 2 +- salt/salt/minion.defaults.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 240d3b908..a28fd1367 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -33,7 +33,7 @@ SYSTEM_START_TIME=$(date -d "$( Date: Fri, 13 Nov 2020 17:13:05 -0500 Subject: [PATCH 386/487] fix soup so-image-common --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 2968c12f3..60e0369e1 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -41,6 +41,7 @@ manager_check() { add_common() { cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ + salt-call state.apply common queue=True echo "Run soup one more time" exit 0 } From 977eea131ef84386c19abcf851de127693251752 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 17:18:55 -0500 Subject: [PATCH 387/487] fix soup so-image-common --- salt/common/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 60e0369e1..eb2ea3258 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -104,6 +104,7 @@ airgap_update_dockers() { echo "Add Registry back" docker load -i $AGDOCKER/registry_image.tar fi + fi } From 2f0eaff8b3921c4d121dd8429fbc0ae2be77c90d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 17:25:45 -0500 Subject: [PATCH 388/487] sbin --- salt/salt/minion-check.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion-check.sls b/salt/salt/minion-check.sls index 103a36d49..747454ef3 100644 --- a/salt/salt/minion-check.sls +++ b/salt/salt/minion-check.sls @@ -9,7 +9,7 @@ state-apply-test: start: 0 end: 180 -/usr/bin/so-salt-minon-check -q: +/usr/sbin/so-salt-minon-check -q: cron.present: - identifier: so-salt-minion-check - user: root From 13c261178a67a17c0f239d137117156b180c2969 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 13 Nov 2020 17:26:04 -0500 Subject: [PATCH 389/487] fix soup so-image-common --- salt/common/tools/sbin/so-image-common | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 1a006f6fc..b7d3794c6 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -96,6 +96,9 @@ operating_system() { } update_docker_containers() { + if [ -z "$VERSION" ]; then + VERSION="$NEWVERSION" + fi # Let's make sure we have the public key curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - From a5823be0acd101100f372a23dec1aef1a8717063 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 17:55:19 -0500 Subject: [PATCH 390/487] fix typo --- salt/salt/minion-check.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion-check.sls b/salt/salt/minion-check.sls index 747454ef3..d8dc4c418 100644 --- a/salt/salt/minion-check.sls +++ b/salt/salt/minion-check.sls @@ -9,7 +9,7 @@ state-apply-test: start: 0 end: 180 -/usr/sbin/so-salt-minon-check -q: +/usr/sbin/so-salt-minion-check -q: cron.present: - identifier: so-salt-minion-check - user: root From 71a409f21035dc58071d1ad34a3cb5b8a51b8c69 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 18:23:55 -0500 Subject: [PATCH 391/487] fix threshold logic https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/common/tools/sbin/so-salt-minion-check | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index a28fd1367..0d69c7e96 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -34,7 +34,7 @@ LAST_HIGHSTATE_END=$([ -e "/opt/so/log/salt/lasthighstate" ] && date -r /opt/so/ LAST_HEALTHCHECK_STATE_APPLY=$([ -e "/opt/so/log/salt/state-apply-test" ] && date -r /opt/so/log/salt/state-apply-test +%s || echo 0) # SETTING THRESHOLD TO ANYTHING UNDER 600 seconds may cause a lot of salt-minion restarts THRESHOLD={{SALT_MINION_DEFAULTS.salt.minion.check_threshold}} #within how many seconds the file /opt/so/log/salt/state-apply-test must have been touched/modified before the salt minion is restarted -THRESHOLD_DATE=$((CURRENT_TIME-THRESHOLD)) +THRESHOLD_DATE=$((LAST_HEALTHCHECK_STATE_APPLY+THRESHOLD)) logCmd() { cmd=$1 @@ -87,7 +87,7 @@ log "running so-salt-minion-check" if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then log "system uptime is at least $UPTIME_REQ seconds" I - if [ $LAST_HEALTHCHECK_STATE_APPLY -le $THRESHOLD_DATE ]; then + if [ $THRESHOLD_DATE -le $CURRENT_TIME ]; then log "salt-minion is unable to apply states" E log "/opt/so/log/salt/healthcheck-state-apply ($LAST_HEALTHCHECK_STATE_APPLY) older than threshold date ($THRESHOLD_DATE)" I log "last highstate completed at $LAST_HIGHSTATE_END" I From e820c6fa422759495360a0202f24a3db128a0dbe Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 19:04:09 -0500 Subject: [PATCH 392/487] logging changes issue/1831 --- salt/common/tools/sbin/so-salt-minion-check | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 0d69c7e96..d7b7a4d85 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -86,10 +86,9 @@ done log "running so-salt-minion-check" if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then - log "system uptime is at least $UPTIME_REQ seconds" I if [ $THRESHOLD_DATE -le $CURRENT_TIME ]; then log "salt-minion is unable to apply states" E - log "/opt/so/log/salt/healthcheck-state-apply ($LAST_HEALTHCHECK_STATE_APPLY) older than threshold date ($THRESHOLD_DATE)" I + log "/opt/so/log/salt/healthcheck-state-apply not touched by threshold date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I log "last highstate completed at $LAST_HIGHSTATE_END" I log "checking if any jobs are running" I logCmd "salt-call --local saltutil.running" I @@ -100,7 +99,7 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then log "starting salt-minion service" I logCmd "systemctl start salt-minion" I else - log "/opt/so/log/salt/healthcheck-state-apply ($LAST_HEALTHCHECK_STATE_APPLY) newer than threshold date ($THRESHOLD_DATE)" I + log "/opt/so/log/salt/healthcheck-state-apply touched by threshold date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I fi else log "system uptime only $((CURRENT_TIME-SYSTEM_START_TIME)) seconds does not meet $UPTIME_REQ second requirement." I From b210092534fc5527faf6acda03dc222a80548151 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 19:09:53 -0500 Subject: [PATCH 393/487] logging changes issue/1831 --- salt/common/tools/sbin/so-salt-minion-check | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index d7b7a4d85..74718e192 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -89,7 +89,7 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then if [ $THRESHOLD_DATE -le $CURRENT_TIME ]; then log "salt-minion is unable to apply states" E log "/opt/so/log/salt/healthcheck-state-apply not touched by threshold date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I - log "last highstate completed at $LAST_HIGHSTATE_END" I + log "last highstate completed at `date -d @$LAST_HIGHSTATE_END`" I log "checking if any jobs are running" I logCmd "salt-call --local saltutil.running" I log "stopping salt-minion service" I From e958246457f241f4f586770d50c150e35ec7fc36 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 19:34:17 -0500 Subject: [PATCH 394/487] touch file at start of highstate, just kill salt dont systemctl stop it https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/common/tools/sbin/so-salt-minion-check | 4 +--- salt/salt/minion-check.sls | 3 +++ salt/salt/minion-state-apply-test.sls | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 74718e192..84f72bb72 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -92,9 +92,7 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then log "last highstate completed at `date -d @$LAST_HIGHSTATE_END`" I log "checking if any jobs are running" I logCmd "salt-call --local saltutil.running" I - log "stopping salt-minion service" I - logCmd "timeout -k10 -s9 120 systemctl stop salt-minion" I - log "killing any leftover salt-minion processes" I + log "killing all salt-minion processes" I logCmd "pkill -9 -ef /usr/bin/salt-minion" I log "starting salt-minion service" I logCmd "systemctl start salt-minion" I diff --git a/salt/salt/minion-check.sls b/salt/salt/minion-check.sls index d8dc4c418..e8a0c2639 100644 --- a/salt/salt/minion-check.sls +++ b/salt/salt/minion-check.sls @@ -1,3 +1,6 @@ +include: + - salt.minion-state-apply-test + state-apply-test: schedule.present: - name: salt-minion-state-apply-test diff --git a/salt/salt/minion-state-apply-test.sls b/salt/salt/minion-state-apply-test.sls index 4da77419b..9d7e90e63 100644 --- a/salt/salt/minion-state-apply-test.sls +++ b/salt/salt/minion-state-apply-test.sls @@ -1,3 +1,4 @@ minion-state-apply-test: file.touch: - - name: /opt/so/log/salt/state-apply-test \ No newline at end of file + - name: /opt/so/log/salt/state-apply-test + - order: first \ No newline at end of file From 43a244e0da29d8d6dded25b4cb66716b3c0b4c3f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 19:37:03 -0500 Subject: [PATCH 395/487] change log path https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/common/tools/sbin/so-salt-minion-check | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 84f72bb72..d60dcf5c4 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -39,7 +39,7 @@ THRESHOLD_DATE=$((LAST_HEALTHCHECK_STATE_APPLY+THRESHOLD)) logCmd() { cmd=$1 info "Executing command: $cmd" - $cmd >> "/opt/so/log/salt/so-salt-minion-check.log" + $cmd >> "/opt/so/log/salt/so-salt-minion-check" } log() { @@ -49,7 +49,7 @@ log() { if ! $QUIET; then echo $msg fi - echo -e "$now | $level | so-salt-minion-check | $msg" >> "/opt/so/log/salt/so-salt-minion-check.log" 2>&1 + echo -e "$now | $level | so-salt-minion-check | $msg" >> "/opt/so/log/salt/so-salt-minion-check" 2>&1 } error() { From 4e6e29e7dca55e4d85628adfb6ecf5f46d987884 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 13 Nov 2020 20:26:06 -0500 Subject: [PATCH 396/487] update logging --- salt/common/tools/sbin/so-salt-minion-check | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index d60dcf5c4..25302802c 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -88,7 +88,7 @@ log "running so-salt-minion-check" if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then if [ $THRESHOLD_DATE -le $CURRENT_TIME ]; then log "salt-minion is unable to apply states" E - log "/opt/so/log/salt/healthcheck-state-apply not touched by threshold date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I + log "/opt/so/log/salt/healthcheck-state-apply not touched by required date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I log "last highstate completed at `date -d @$LAST_HIGHSTATE_END`" I log "checking if any jobs are running" I logCmd "salt-call --local saltutil.running" I @@ -97,7 +97,7 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then log "starting salt-minion service" I logCmd "systemctl start salt-minion" I else - log "/opt/so/log/salt/healthcheck-state-apply touched by threshold date: `date -d @$THRESHOLD_DATE`, last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY`" I + log "/opt/so/log/salt/healthcheck-state-apply last touched: `date -d @$LAST_HEALTHCHECK_STATE_APPLY` must be touched by `date -d @$THRESHOLD_DATE` to avoid salt-minion restart" I fi else log "system uptime only $((CURRENT_TIME-SYSTEM_START_TIME)) seconds does not meet $UPTIME_REQ second requirement." I From 1c079f7ff4e21c61d5acce25decf2e03ecf4ed6b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sat, 14 Nov 2020 10:35:45 -0500 Subject: [PATCH 397/487] Remove duplicate docker pull/sigverify logic from so-features-enable; Provide current SO version to curl --- salt/common/tools/sbin/so-common | 2 - salt/common/tools/sbin/so-features-enable | 49 +---------------------- salt/common/tools/sbin/so-image-common | 48 +++++++++++++--------- 3 files changed, 32 insertions(+), 67 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index cbc0bd4e5..547e3f9dc 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -15,8 +15,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -IMAGEREPO=securityonion - # Check for prerequisites if [ "$(id -u)" -ne 0 ]; then echo "This script must be run using sudo!" diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index 3590fca22..581580307 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -14,7 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -. /usr/sbin/so-common +. /usr/sbin/so-image-common local_salt_dir=/opt/so/saltstack/local cat << EOF @@ -52,17 +52,6 @@ manager_check() { manager_check -# Let's make sure we have the public key -curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - - -CONTAINER_REGISTRY=quay.io -SIGNPATH=/root/sosigs -rm -rf $SIGNPATH -mkdir -p $SIGNPATH -if [ -z "$BRANCH" ]; then - BRANCH="master" -fi - VERSION=$(lookup_pillar soversion) # Modify global.sls to enable Features SUFFIX="-features" @@ -72,40 +61,6 @@ TRUSTED_CONTAINERS=( \ "so-kibana" \ "so-logstash" ) -for i in "${TRUSTED_CONTAINERS[@]}" -do - # Pull down the trusted docker image - echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX - - # Get signature - curl https://sigs.securityonion.net/$VERSION/$i:$VERSION$SUFFIX.sig --output $SIGNPATH/$i:$VERSION$SUFFIX.sig - if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i:$VERSION$SUFFIX" - exit 1 - fi - # Dump our hash values - DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX) - - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION$SUFFIX.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION$SUFFIX.txt - - if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i:$VERSION:$SUFFIX" - exit 1 - fi - GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION$SUFFIX.sig $SIGNPATH/$i:$VERSION$SUFFIX.txt 2>&1) - if [[ $? -eq 0 ]]; then - # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$SUFFIX - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$SUFFIX - else - echo "There is a problem downloading the $i:$VERSION$SUFFIX image. Details: " - echo "" - echo $GPGTEST - exit 1 - fi - +update_docker_containers -done sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index b7d3794c6..843617d86 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -16,12 +16,21 @@ # along with this program. If not, see . # Figure out if this is soup or refresh -if [ -z "$VERSION" ]; then - VERSION="$NEWVERSION" -fi +set_version() { + if [ -f /etc/soversion ]; then + CURRENTVERSION=$(cat /etc/soversion) + fi + if [ -z "$VERSION" ]; then + VERSION="$NEWVERSION" + fi +} container_list() { - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + MANAGERCHECK=so-unknown + if [ -f /etc/salt/grains ]; then + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + fi + if [ $MANAGERCHECK == 'so-import' ]; then TRUSTED_CONTAINERS=( \ "so-idstools" \ @@ -96,13 +105,14 @@ operating_system() { } update_docker_containers() { - if [ -z "$VERSION" ]; then - VERSION="$NEWVERSION" - fi + # Recheck the version for scenarios were the VERSION wasn't known before this script was imported + set_version + # Let's make sure we have the public key curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - CONTAINER_REGISTRY=quay.io + IMAGEREPO=securityonion SIGNPATH=/root/sosigs rm -rf $SIGNPATH mkdir -p $SIGNPATH @@ -112,33 +122,33 @@ update_docker_containers() { do # Pull down the trusted docker image echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX # Get signature - curl -A "$CURLTYPE/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig + curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.sig if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i:$VERSION" + echo "Unable to pull signature file for $i:$VERSION$IMAGE_TAG_SUFFIX" exit 1 fi # Dump our hash values - DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX) - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i:$VERSION" + echo "Unable to inspect $i:$VERSION$IMAGE_TAG_SUFFIX" exit 1 fi - GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1) + GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.sig $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt 2>&1) if [[ $? -eq 0 ]]; then if [[ -z "$SKIP_TAGPUSH" ]]; then # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX fi else - echo "There is a problem downloading the $i:$VERSION image. Details: " + echo "There is a problem downloading the $i:$VERSION$IMAGE_TAG_SUFFIX image. Details: " echo "" echo $GPGTEST exit 1 @@ -146,3 +156,5 @@ update_docker_containers() { done } + +set_version \ No newline at end of file From 372f694cc1b7e6268c567a6420d849470b212788 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sat, 14 Nov 2020 11:04:40 -0500 Subject: [PATCH 398/487] Set curl type to 'features' when adding features to existing installation --- salt/common/tools/sbin/so-features-enable | 1 + salt/common/tools/sbin/so-image-common | 1 + 2 files changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index 581580307..a5bc5ff12 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -61,6 +61,7 @@ TRUSTED_CONTAINERS=( \ "so-kibana" \ "so-logstash" ) +CURLTYPE=features update_docker_containers sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 843617d86..1af101f82 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -17,6 +17,7 @@ # Figure out if this is soup or refresh set_version() { + CURRENTVERSION=0.0.0 if [ -f /etc/soversion ]; then CURRENTVERSION=$(cat /etc/soversion) fi From d22040fb5d359bdb93a34822cc5c0668bc8f9355 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sat, 14 Nov 2020 11:53:31 -0500 Subject: [PATCH 399/487] Annual fall bash cleanup event --- salt/common/tools/sbin/so-common | 47 +++++++++++++++++++++++ salt/common/tools/sbin/so-docker-refresh | 32 +-------------- salt/common/tools/sbin/so-features-enable | 22 ++--------- salt/common/tools/sbin/so-image-common | 43 ++++++++++----------- salt/common/tools/sbin/soup | 32 +++------------ 5 files changed, 78 insertions(+), 98 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 547e3f9dc..ab54d634e 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -39,6 +39,11 @@ lookup_pillar_secret() { salt-call --no-color pillar.get secrets:${key} --out=newline_values_only } +lookup_grain() { + key=$1 + salt-call --no-color grains.get ${key} --out=newline_values_only +} + check_container() { docker ps | grep "$1:" > /dev/null 2>&1 return $? @@ -49,3 +54,45 @@ check_password() { echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 return $? } + +set_os() { + if [ -f /etc/redhat-release ]; then + OS=centos + else + OS=ubuntu + fi +} + +set_minionid() { + MINIONID=$(lookup_grain id) +} + +set_version() { + CURRENTVERSION=0.0.0 + if [ -f /etc/soversion ]; then + CURRENTVERSION=$(cat /etc/soversion) + fi + if [ -z "$VERSION" ]; then + if [ -z "$NEWVERSION" ]; then + if [ "$CURRENTVERSION" == "0.0.0" ]; then + echo "ERROR: Unable to detect Security Onion version; terminating script." + exit 1 + else + VERSION=$CURRENTVERSION + fi + else + VERSION="$NEWVERSION" + fi + fi +} + +require_manager() { + # Check to see if this is a manager + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ] || [ $MANAGERCHECK == 'so-import' ]; then + echo "This is a manager, We can proceed." + else + echo "Please run this command on the manager; the manager controls the grid." + exit 1 + fi +} diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 4706f8981..452bc3121 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -18,33 +18,5 @@ . /usr/sbin/so-common . /usr/sbin/so-image-common -manager_check() { - # Check to see if this is a manager - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ]; then - echo "This is a manager. We can proceed" - else - echo "Please run soup on the manager. The manager controls all updates." - exit 1 - fi -} - -version_check() { - if [ -f /etc/soversion ]; then - VERSION=$(cat /etc/soversion) - else - echo "Unable to detect version. I will now terminate." - exit 1 - fi -} - -manager_check -version_check -operating_system - -# Use the hostname -HOSTNAME=$(hostname) -# List all the containers -container_list -CURLTYPE=refresh -update_docker_containers +require_manager +update_docker_containers "refresh" diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index a5bc5ff12..d64f22dc2 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -14,6 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +. /usr/sbin/so-common . /usr/sbin/so-image-common local_salt_dir=/opt/so/saltstack/local @@ -39,29 +40,14 @@ fi echo "Please wait while switching to Elastic Features." -manager_check() { - # Check to see if this is a manager - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch')$ ]]; then - echo "This is a manager. We can proceed" - else - echo "Please run so-features-enable on the manager." - exit 0 - fi -} +require_manager -manager_check - -VERSION=$(lookup_pillar soversion) -# Modify global.sls to enable Features -SUFFIX="-features" TRUSTED_CONTAINERS=( \ "so-elasticsearch" \ "so-filebeat" \ "so-kibana" \ "so-logstash" ) +update_docker_containers "features" "-features" -CURLTYPE=features -update_docker_containers - +# Modify global.sls to enable Features sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 1af101f82..ef3ebb59d 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -15,16 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# Figure out if this is soup or refresh -set_version() { - CURRENTVERSION=0.0.0 - if [ -f /etc/soversion ]; then - CURRENTVERSION=$(cat /etc/soversion) - fi - if [ -z "$VERSION" ]; then - VERSION="$NEWVERSION" - fi -} +# NOTE: This script depends on so-common container_list() { MANAGERCHECK=so-unknown @@ -97,24 +88,29 @@ container_list() { fi } -operating_system() { - if [ -f /etc/redhat-release ]; then - OS=centos - else - OS=ubuntu - fi -} - update_docker_containers() { + CURLTYPE=$1 + IMAGE_TAG_SUFFIX=$2 + + CONTAINER_REGISTRY=quay.io + IMAGEREPO=securityonion + SIGNPATH=/root/sosigs + + if [ -z "$CURLTYPE" ]; then + CURLTYPE=unknown + fi + # Recheck the version for scenarios were the VERSION wasn't known before this script was imported set_version + set_os + + if [ -z "$TRUSTED_CONTAINERS" ]; then + container_list + fi # Let's make sure we have the public key curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - - CONTAINER_REGISTRY=quay.io - IMAGEREPO=securityonion - SIGNPATH=/root/sosigs rm -rf $SIGNPATH mkdir -p $SIGNPATH @@ -145,6 +141,9 @@ update_docker_containers() { if [[ $? -eq 0 ]]; then if [[ -z "$SKIP_TAGPUSH" ]]; then # Tag it with the new registry destination + if [ -z "$HOSTNAME" ]; then + HOSTNAME=$(hostname) + fi docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX fi @@ -157,5 +156,3 @@ update_docker_containers() { done } - -set_version \ No newline at end of file diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index eb2ea3258..2500781f3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -23,23 +23,11 @@ INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'}) DEFAULT_SALT_DIR=/opt/so/saltstack/default BATCHSIZE=5 SOUP_LOG=/root/soup.log -CURLTYPE=soup exec 3>&1 1>${SOUP_LOG} 2>&1 -manager_check() { - # Check to see if this is a manager - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch'|'so-import')$ ]]; then - echo "This is a manager. We can proceed." - MINIONID=$(salt-call grains.get id --out=txt|awk -F: {'print $2'}|tr -d ' ') - else - echo "Please run soup on the manager. The manager controls all updates." - exit 0 - fi -} - add_common() { + cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ salt-call state.apply common queue=True echo "Run soup one more time" @@ -156,17 +144,6 @@ copy_new_files() { cd /tmp } -detect_os() { - # Detect Base OS - echo "Determining Base OS." >> "$SOUP_LOG" 2>&1 - if [ -f /etc/redhat-release ]; then - OS="centos" - elif [ -f /etc/os-release ]; then - OS="ubuntu" - fi - echo "Found OS: $OS" >> "$SOUP_LOG" 2>&1 -} - highstate() { # Run a highstate. salt-call state.highstate -l info queue=True @@ -413,13 +390,14 @@ done echo "Checking to see if this is a manager." echo "" -manager_check +require_manager +set_minionid echo "Checking to see if this is an airgap install" echo "" check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" -detect_os +set_os echo "" if [ $is_airgap -eq 0 ]; then # Let's mount the ISO since this is airgap @@ -454,7 +432,7 @@ if [ $is_airgap -eq 0 ]; then airgap_update_dockers else container_list - update_docker_containers + update_docker_containers "soup" fi echo "" echo "Stopping Salt Minion service." From 1908a683301a29ec17d5e23223b305368dbe8e8c Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sat, 14 Nov 2020 16:19:23 -0500 Subject: [PATCH 400/487] Cleanup & fix sysmon pid ingest --- salt/elasticsearch/files/ingest/sysmon | 34 +++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/salt/elasticsearch/files/ingest/sysmon b/salt/elasticsearch/files/ingest/sysmon index 2ca5c6193..599899488 100644 --- a/salt/elasticsearch/files/ingest/sysmon +++ b/salt/elasticsearch/files/ingest/sysmon @@ -30,40 +30,40 @@ { "rename": { "field": "winlog.event_data.DestinationHostname", "target_field": "destination.hostname", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.DestinationIp", "target_field": "destination.ip", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.DestinationPort", "target_field": "destination.port", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.image", "target_field": "process.executable", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.image", "target_field": "process.executable", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.Image", "target_field": "process.executable", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.processID", "target_field": "process.pid", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.ProcessID", "target_field": "process.pid", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.processGuid", "target_field": "process.entity_id", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.processID", "target_field": "process.pid", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.ProcessId", "target_field": "process.pid", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.processGuid", "target_field": "process.entity_id", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.ProcessGuid", "target_field": "process.entity_id", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.commandLine", "target_field": "process.command_line", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.commandLine", "target_field": "process.command_line", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.CommandLine", "target_field": "process.command_line", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.currentDirectory", "target_field": "process.working_directory", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.currentDirectory", "target_field": "process.working_directory", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.CurrentDirectory", "target_field": "process.working_directory", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.description", "target_field": "process.pe.description", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.description", "target_field": "process.pe.description", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.Description", "target_field": "process.pe.description", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.product", "target_field": "process.pe.product", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.product", "target_field": "process.pe.product", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.Product", "target_field": "process.pe.product", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.company", "target_field": "process.pe.company", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.company", "target_field": "process.pe.company", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.Company", "target_field": "process.pe.company", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.originalFileName", "target_field": "process.pe.original_file_name", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.originalFileName", "target_field": "process.pe.original_file_name", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.OriginalFileName", "target_field": "process.pe.original_file_name", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.fileVersion", "target_field": "process.pe.file_version", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.fileVersion", "target_field": "process.pe.file_version", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.FileVersion", "target_field": "process.pe.file_version", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.parentCommandLine", "target_field": "process.parent.command_line", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.parentCommandLine", "target_field": "process.parent.command_line", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.ParentCommandLine", "target_field": "process.parent.command_line", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.parentImage", "target_field": "process.parent.executable", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.parentImage", "target_field": "process.parent.executable", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.ParentImage", "target_field": "process.parent.executable", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.parentProcessGuid", "target_field": "process.parent.entity_id", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.parentProcessGuid", "target_field": "process.parent.entity_id", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.ParentProcessGuid", "target_field": "process.parent.entity_id", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.parentProcessId", "target_field": "process.ppid", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.parentProcessId", "target_field": "process.ppid", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.ParentProcessId", "target_field": "process.ppid", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.Protocol", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "winlog.event_data.Protocol", "target_field": "network.transport", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.User", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.SourceHostname", "target_field": "source.hostname", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.SourceIp", "target_field": "source.ip", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.SourcePort", "target_field": "source.port", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.targetFilename", "target_field": "file.target", "ignore_missing": true } }, - { "rename": { "field": "winlog.event_data.TargetFilename", "target_field": "file.target", "ignore_missing": true } } + { "rename": { "field": "winlog.event_data.TargetFilename", "target_field": "file.target", "ignore_missing": true } } ] } From 76c917d977310039d97604adcd0769f38cf25009 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sun, 15 Nov 2020 09:57:12 -0500 Subject: [PATCH 401/487] Continued bash cleanup --- salt/common/tools/sbin/so-user | 2 +- setup/so-functions | 2 +- setup/so-setup | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 42bcf65f5..3ab9ae6a2 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -8,7 +8,7 @@ # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -. /usr/sbin/so-common +source $(dirname $0)/so-common if [[ $# -lt 1 || $# -gt 2 ]]; then echo "Usage: $0 [email]" diff --git a/setup/so-functions b/setup/so-functions index b36cd1537..642ae5004 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2040,7 +2040,7 @@ set_updates() { fi } -set_version() { +mark_version() { # Drop a file with the current version echo "$SOVERSION" > /etc/soversion } diff --git a/setup/so-setup b/setup/so-setup index fe69e8148..21c78cd92 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -454,7 +454,7 @@ if [[ $is_minion ]]; then fi { - set_version; + mark_version; clear_manager; } >> $setup_log 2>&1 From c744d389f760a2f680ee01f82ab0b6f5f65c42ae Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sun, 15 Nov 2020 10:44:14 -0500 Subject: [PATCH 402/487] More bash cleanup --- salt/common/tools/sbin/so-image-common | 2 +- salt/common/tools/sbin/soup | 1 - setup/so-common-functions | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index ef3ebb59d..a4eeb5239 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -16,6 +16,7 @@ # along with this program. If not, see . # NOTE: This script depends on so-common +IMAGEREPO=securityonion container_list() { MANAGERCHECK=so-unknown @@ -93,7 +94,6 @@ update_docker_containers() { IMAGE_TAG_SUFFIX=$2 CONTAINER_REGISTRY=quay.io - IMAGEREPO=securityonion SIGNPATH=/root/sosigs if [ -z "$CURLTYPE" ]; then diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 2500781f3..72e0e58df 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -431,7 +431,6 @@ echo "Updating dockers to $NEWVERSION." if [ $is_airgap -eq 0 ]; then airgap_update_dockers else - container_list update_docker_containers "soup" fi echo "" diff --git a/setup/so-common-functions b/setup/so-common-functions index 0afd732ce..bbe3589ed 100644 --- a/setup/so-common-functions +++ b/setup/so-common-functions @@ -2,6 +2,7 @@ source ./so-variables source ../salt/common/tools/sbin/so-common +source ../salt/common/tools/sbin/so-image-common # Helper functions From 5c25dcf1923a1b8bbe44a0c106d12989bdc5533f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 16 Nov 2020 09:50:10 -0500 Subject: [PATCH 403/487] add /opt/so/log/salt/so-salt-minion-check to log rotate https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/common/files/log-rotate.conf | 1 + salt/common/tools/sbin/so-salt-minion-check | 4 ++-- salt/salt/minion.defaults.yaml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index d383981cd..8f1df0307 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -18,6 +18,7 @@ /opt/so/log/filebeat/*.log /opt/so/log/telegraf/*.log /opt/so/log/redis/*.log +/opt/so/log/salt/so-salt-minion-check { {{ logrotate_conf | indent(width=4) }} } diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check index 25302802c..a8828b16e 100644 --- a/salt/common/tools/sbin/so-salt-minion-check +++ b/salt/common/tools/sbin/so-salt-minion-check @@ -32,7 +32,7 @@ CURRENT_TIME=$(date +%s) SYSTEM_START_TIME=$(date -d "$(> "/opt/so/log/salt/so-salt-minion-check" 2>&1 + echo -e "$now | $level | $msg" >> "/opt/so/log/salt/so-salt-minion-check" 2>&1 } error() { diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 1513803d8..871babdeb 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -3,4 +3,4 @@ salt: minion: version: 3002.1 - check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. setting less that 600 cause cause a lot of salt-minion restarts \ No newline at end of file + check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default \ No newline at end of file From cc50eba6cbb3302ec3630095142b304c83f16a71 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 16 Nov 2020 10:01:40 -0500 Subject: [PATCH 404/487] make sure /opt/so/log/salt/so-salt-minion-check gets touched even if salt-minon verison isnt correct https://github.com/Security-Onion-Solutions/securityonion/issues/1831 --- salt/top.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/top.sls b/salt/top.sls index 2cf2443d1..bbd2a862d 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -22,6 +22,7 @@ base: 'not G@saltversion:{{saltversion}}': - match: compound + - salt.minion-state-apply-test {% if ISAIRGAP is sameas true %} - airgap {% endif %} From c226c1d902c5dc7ded799c06f28f0f4dd75d683b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 16 Nov 2020 11:30:47 -0500 Subject: [PATCH 405/487] [fix] Redirect stderr when checking for link state --- setup/so-common-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-common-functions b/setup/so-common-functions index bbe3589ed..8bdf09374 100644 --- a/setup/so-common-functions +++ b/setup/so-common-functions @@ -24,7 +24,7 @@ filter_unused_nics() { nic_list=() for nic in "${filtered_nics[@]}"; do - case $(cat "/sys/class/net/${nic}/carrier") in + case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in 1) nic_list+=("$nic" "Link UP " "OFF") ;; From 2ff738a61cd5c6ed0a91bce8ddd100dbb5c54b01 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 13:27:23 -0500 Subject: [PATCH 406/487] Refactor docker_seed_registry to eliminate duplicate logic --- salt/common/tools/sbin/so-image-common | 73 +++++++------ setup/so-functions | 140 ++++++------------------- 2 files changed, 74 insertions(+), 139 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index a4eeb5239..4a3a099bc 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -19,29 +19,30 @@ IMAGEREPO=securityonion container_list() { - MANAGERCHECK=so-unknown - if [ -f /etc/salt/grains ]; then - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + MANAGERCHECK=$1 + if [ -z "$MANAGERCHECK" ]; then + MANAGERCHECK=so-unknown + if [ -f /etc/salt/grains ]; then + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + fi fi if [ $MANAGERCHECK == 'so-import' ]; then - TRUSTED_CONTAINERS=( \ - "so-idstools" \ - "so-nginx" \ - "so-filebeat" \ - "so-suricata" \ - "so-soc" \ + TRUSTED_CONTAINERS=( \ "so-elasticsearch" \ + "so-filebeat" \ + "so-idstools" \ "so-kibana" \ "so-kratos" \ - "so-suricata" \ - "so-registry" \ + "so-nginx" \ "so-pcaptools" \ + "so-soc" \ + "so-steno" \ + "so-suricata" \ "so-zeek" ) elif [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ + TRUSTED_CONTAINERS=( \ "so-acng" \ - "so-thehive-cortex" \ "so-curator" \ "so-domainstats" \ "so-elastalert" \ @@ -65,18 +66,19 @@ container_list() { "so-soc" \ "so-soctopus" \ "so-steno" \ - "so-strelka-frontend" \ - "so-strelka-manager" \ "so-strelka-backend" \ "so-strelka-filestream" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ "so-suricata" \ "so-telegraf" \ "so-thehive" \ + "so-thehive-cortex" \ "so-thehive-es" \ "so-wazuh" \ "so-zeek" ) else - TRUSTED_CONTAINERS=( \ + TRUSTED_CONTAINERS=( \ "so-filebeat" \ "so-idstools" \ "so-logstash" \ @@ -90,11 +92,12 @@ container_list() { } update_docker_containers() { - CURLTYPE=$1 - IMAGE_TAG_SUFFIX=$2 + local CURLTYPE=$1 + local IMAGE_TAG_SUFFIX=$2 + local PROGRESS_CALLBACK=$3 - CONTAINER_REGISTRY=quay.io - SIGNPATH=/root/sosigs + local CONTAINER_REGISTRY=quay.io + local SIGNPATH=/root/sosigs if [ -z "$CURLTYPE" ]; then CURLTYPE=unknown @@ -117,38 +120,44 @@ update_docker_containers() { # Download the containers from the interwebs for i in "${TRUSTED_CONTAINERS[@]}" do + if [ -z "$PROGRESS_CALLBACK" ]; then + echo "Downloading $i" + else + $PROGRESS_CALLBACK $i + fi + # Pull down the trusted docker image - echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX + local image=$i:$VERSION$IMAGE_TAG_SUFFIX + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image # Get signature - curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.sig + curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i:$VERSION$IMAGE_TAG_SUFFIX" + echo "Unable to pull signature file for $image" exit 1 fi # Dump our hash values - DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX) + DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$image) - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt + echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$image.txt + echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$image.txt if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i:$VERSION$IMAGE_TAG_SUFFIX" + echo "Unable to inspect $image" exit 1 fi - GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.sig $SIGNPATH/$i:$VERSION$IMAGE_TAG_SUFFIX.txt 2>&1) + GPGTEST=$(gpg --verify $SIGNPATH/$image.sig $SIGNPATH/$image.txt 2>&1) if [[ $? -eq 0 ]]; then if [[ -z "$SKIP_TAGPUSH" ]]; then # Tag it with the new registry destination if [ -z "$HOSTNAME" ]; then HOSTNAME=$(hostname) fi - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$image $HOSTNAME:5000/$IMAGEREPO/$image + docker push $HOSTNAME:5000/$IMAGEREPO/$image fi else - echo "There is a problem downloading the $i:$VERSION$IMAGE_TAG_SUFFIX image. Details: " + echo "There is a problem downloading the $image image. Details: " echo "" echo $GPGTEST exit 1 diff --git a/setup/so-functions b/setup/so-functions index 642ae5004..3afc97b6c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -23,6 +23,11 @@ CONTAINER_REGISTRY=quay.io SOVERSION=$(cat ../VERSION) +# Duplicate stdout and stderr file descriptors for use with whiptail +# Using >&10 or >&20 will override any ancestral >> or > redirects and send +# to stdout or stderr, repsectively. +exec 10>&1 20>&2 + log() { msg=$1 level=${2:-I} @@ -870,116 +875,37 @@ docker_registry() { } +docker_seed_update() { + local name=$1 + local percent_delta=1 + if [ "$install_type" == 'HELIXSENSOR' ]; then + percent_delta=6 + fi + ((docker_seed_update_percent=docker_seed_update_percent+percent_delta)) + + # Backup current output descriptors and reset to normal + exec 8>&1 9>&2 1>&10 2>&20 + + set_progress_str "$docker_seed_update_percent" "Downloading $name" + + # Restore current output descriptors and remove backups + exec 1>&8- 2>&9- +} + docker_seed_registry() { local VERSION="$SOVERSION" if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then - if [ "$install_type" == 'IMPORT' ]; then - local TRUSTED_CONTAINERS=(\ - "so-idstools" \ - "so-nginx" \ - "so-filebeat" \ - "so-suricata" \ - "so-soc" \ - "so-steno" \ - "so-elasticsearch" \ - "so-kibana" \ - "so-kratos" \ - "so-suricata" \ - "so-pcaptools" \ - "so-zeek" - ) + if [ "$install_type" == 'IMPORT' ]; then + container_list 'so-import' + elif [ "$install_type" != 'HELIXSENSOR' ]; then + container_list 'so-helix' else - local TRUSTED_CONTAINERS=(\ - "so-nginx" \ - "so-filebeat" \ - "so-logstash" \ - "so-idstools" \ - "so-redis" \ - "so-steno" \ - "so-suricata" \ - "so-telegraf" \ - "so-zeek" - ) + container_list fi - if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORT' ]; then - TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \ - "so-acng" \ - "so-thehive-cortex" \ - "so-curator" \ - "so-domainstats" \ - "so-elastalert" \ - "so-elasticsearch" \ - "so-fleet" \ - "so-fleet-launcher" \ - "so-freqserver" \ - "so-grafana" \ - "so-influxdb" \ - "so-kibana" \ - "so-minio" \ - "so-mysql" \ - "so-pcaptools" \ - "so-playbook" \ - "so-soc" \ - "so-kratos" \ - "so-soctopus" \ - "so-steno" \ - "so-strelka-frontend" \ - "so-strelka-manager" \ - "so-strelka-backend" \ - "so-strelka-filestream" \ - "so-thehive" \ - "so-thehive-es" \ - "so-wazuh" - ) - fi - local percent=25 - # Let's make sure we have the public key - curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - - - SIGNPATH=/root/sosigs - rm -rf $SIGNPATH - mkdir -p $SIGNPATH - if [ -z "$BRANCH" ]; then - BRANCH="master" - fi - for i in "${TRUSTED_CONTAINERS[@]}"; do - if [ "$install_type" != 'HELIXSENSOR' ]; then ((percent=percent+1)); else ((percent=percent+6)); fi - # Pull down the trusted docker image - set_progress_str "$percent" "Downloading $i:$VERSION" - { - echo "Downloading $i" - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION - - # Get signature - curl -A "netinstall/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig - if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $i:$VERSION" - exit 1 - fi - # Dump our hash values - DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION) - - echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt - echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt - - if [[ $? -ne 0 ]]; then - echo "Unable to inspect $i" - exit 1 - fi - GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1) - if [[ $? -eq 0 ]]; then - # Tag it with the new registry destination - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION - else - echo "There is a problem downloading the $i image. Details: " - echo "" - echo $GPGTEST - exit 1 - fi - } >> "$setup_log" 2>&1 - done + + docker_seed_update_percent=25 + update_docker_containers 'netinstall' '' 'docker_seed_update' >> "$setup_log" 2>&1 else tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1 rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1 @@ -1006,10 +932,10 @@ firewall_generate_templates() { local firewall_pillar_path=$local_salt_dir/salt/firewall mkdir -p "$firewall_pillar_path" - cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1 + cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1 - for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do - $default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1 + for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do + $default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1 done } From a343e3f31ea0907d09bc5ad4da38b4e2a1cb3ba2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 14:10:48 -0500 Subject: [PATCH 407/487] Save descriptors while inside the progress pipe --- setup/so-functions | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3afc97b6c..8ec78787e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -23,11 +23,6 @@ CONTAINER_REGISTRY=quay.io SOVERSION=$(cat ../VERSION) -# Duplicate stdout and stderr file descriptors for use with whiptail -# Using >&10 or >&20 will override any ancestral >> or > redirects and send -# to stdout or stderr, repsectively. -exec 10>&1 20>&2 - log() { msg=$1 level=${2:-I} @@ -883,7 +878,7 @@ docker_seed_update() { fi ((docker_seed_update_percent=docker_seed_update_percent+percent_delta)) - # Backup current output descriptors and reset to normal + # Backup current output descriptors and reset to saved descriptors from docker_seed_registry function exec 8>&1 9>&2 1>&10 2>&20 set_progress_str "$docker_seed_update_percent" "Downloading $name" @@ -905,6 +900,10 @@ docker_seed_registry() { fi docker_seed_update_percent=25 + + # Save output descriptors for use in docker_seed_registry_update function + exec 10>&1 20>&2 + update_docker_containers 'netinstall' '' 'docker_seed_update' >> "$setup_log" 2>&1 else tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1 From e956ee93246b45bfded3c0376292ab65ebe08e34 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 16 Nov 2020 14:56:20 -0500 Subject: [PATCH 408/487] redirect output from setting up so-status stuff in so-setup --- setup/so-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 21c78cd92..83bb8ceed 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -591,8 +591,8 @@ fi set_initial_firewall_policy >> $setup_log 2>&1 # create these so the registry state can add so-registry to /opt/so/conf/so-status/so-status.conf - mkdir -p /opt/so/conf/so-status/ - touch /opt/so/conf/so-status/so-status.conf + mkdir -p /opt/so/conf/so-status/ >> $setup_log 2>&1 + touch /opt/so/conf/so-status/so-status.conf >> $setup_log 2>&1 if [[ "$setup_type" == 'iso' ]]; then set_progress_str 26 'Copying containers from iso' From 8234b6f83565aa448a5d985ccda35f22f42633ab Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 15:11:08 -0500 Subject: [PATCH 409/487] Switch remaining containers over to new registries; Continued bash refactoring --- salt/common/tools/sbin/so-image-common | 30 +++++++++++++++----------- salt/domainstats/init.sls | 4 ++-- salt/freqserver/init.sls | 4 ++-- salt/nodered/init.sls | 2 +- salt/registry/init.sls | 2 +- setup/so-functions | 5 +---- setup/so-setup | 4 ++-- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 4a3a099bc..aefeade91 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -95,6 +95,7 @@ update_docker_containers() { local CURLTYPE=$1 local IMAGE_TAG_SUFFIX=$2 local PROGRESS_CALLBACK=$3 + local LOG_FILE=$4 local CONTAINER_REGISTRY=quay.io local SIGNPATH=/root/sosigs @@ -103,6 +104,10 @@ update_docker_containers() { CURLTYPE=unknown fi + if [ -z "$LOG_FILE" ]; then + LOG_FILE=/dev/tty + fi + # Recheck the version for scenarios were the VERSION wasn't known before this script was imported set_version set_os @@ -114,26 +119,26 @@ update_docker_containers() { # Let's make sure we have the public key curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - - rm -rf $SIGNPATH - mkdir -p $SIGNPATH + rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 + mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 # Download the containers from the interwebs for i in "${TRUSTED_CONTAINERS[@]}" do if [ -z "$PROGRESS_CALLBACK" ]; then - echo "Downloading $i" + echo "Downloading $i" >> "$LOG_FILE" 2>&1 else $PROGRESS_CALLBACK $i fi # Pull down the trusted docker image local image=$i:$VERSION$IMAGE_TAG_SUFFIX - docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image + docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 # Get signature - curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig + curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig >> "$LOG_FILE" 2>&1 if [[ $? -ne 0 ]]; then - echo "Unable to pull signature file for $image" + echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1 exit 1 fi # Dump our hash values @@ -143,7 +148,7 @@ update_docker_containers() { echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$image.txt if [[ $? -ne 0 ]]; then - echo "Unable to inspect $image" + echo "Unable to inspect $image" >> "$LOG_FILE" 2>&1 exit 1 fi GPGTEST=$(gpg --verify $SIGNPATH/$image.sig $SIGNPATH/$image.txt 2>&1) @@ -153,15 +158,14 @@ update_docker_containers() { if [ -z "$HOSTNAME" ]; then HOSTNAME=$(hostname) fi - docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$image $HOSTNAME:5000/$IMAGEREPO/$image - docker push $HOSTNAME:5000/$IMAGEREPO/$image + docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$image $HOSTNAME:5000/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 + docker push $HOSTNAME:5000/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 fi else - echo "There is a problem downloading the $image image. Details: " - echo "" - echo $GPGTEST + echo "There is a problem downloading the $image image. Details: " >> "$LOG_FILE" 2>&1 + echo "" >> "$LOG_FILE" 2>&1 + echo $GPGTEST >> "$LOG_FILE" 2>&1 exit 1 fi done - } diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls index 7716ddf83..965d87426 100644 --- a/salt/domainstats/init.sls +++ b/salt/domainstats/init.sls @@ -43,13 +43,13 @@ dstatslogdir: so-domainstatsimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3 + - name: docker pull {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-domainstats:{{ VERSION }} so-domainstats: docker_container.running: - require: - so-domainstatsimage - - image: docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3 + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-domainstats:{{ VERSION }} - hostname: domainstats - name: so-domainstats - user: domainstats diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls index 5ff454bcc..f514353a1 100644 --- a/salt/freqserver/init.sls +++ b/salt/freqserver/init.sls @@ -43,13 +43,13 @@ freqlogdir: so-freqimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3 + - name: docker pull {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-freqserver:{{ VERSION }} so-freq: docker_container.running: - require: - so-freqimage - - image: docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3 + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-freqserver:{{ VERSION }} - hostname: freqserver - name: so-freqserver - user: freqserver diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls index a594c23d9..c4fb8cb37 100644 --- a/salt/nodered/init.sls +++ b/salt/nodered/init.sls @@ -67,7 +67,7 @@ noderedlog: so-nodered: docker_container.running: - - image: {{ IMAGEREPO }}/so-nodered:HH1.2.2 + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-nodered:{{ VERSION }} - interactive: True - binds: - /opt/so/conf/nodered/:/data:rw diff --git a/salt/registry/init.sls b/salt/registry/init.sls index c456aa0c4..43b9d8fa6 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -45,7 +45,7 @@ dockerregistryconf: # Install the registry container so-dockerregistry: docker_container.running: - - image: registry:latest + - image: ghcr.io/security-onion-solutions/registry:latest - hostname: so-registry - restart_policy: always - port_bindings: diff --git a/setup/so-functions b/setup/so-functions index 8ec78787e..273472f25 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -901,10 +901,7 @@ docker_seed_registry() { docker_seed_update_percent=25 - # Save output descriptors for use in docker_seed_registry_update function - exec 10>&1 20>&2 - - update_docker_containers 'netinstall' '' 'docker_seed_update' >> "$setup_log" 2>&1 + update_docker_containers 'netinstall' '' 'docker_seed_update' "$setup_log" else tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1 rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index 21c78cd92..381ef9bca 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -599,9 +599,9 @@ fi else set_progress_str 26 'Downloading containers from the internet' fi - import_registry_docker >> $setup_log 2>&1 + import_registry_docker >> $setup_log 2>&1 salt-call state.apply -l info registry >> $setup_log 2>&1 - docker_seed_registry 2>> "$setup_log" # ~ 60% when finished + docker_seed_registry # ~ 60% when finished set_progress_str 60 "$(print_salt_state_apply 'manager')" if [[ "$STRELKARULES" == 1 ]]; then From 3bae243915a681c7ca623245ec4460d99fcee18b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 15:20:00 -0500 Subject: [PATCH 410/487] Continued refactoring of bash --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 273472f25..2b103e396 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -893,7 +893,7 @@ docker_seed_registry() { if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then if [ "$install_type" == 'IMPORT' ]; then container_list 'so-import' - elif [ "$install_type" != 'HELIXSENSOR' ]; then + elif [ "$install_type" == 'HELIXSENSOR' ]; then container_list 'so-helix' else container_list From 5ae78d4108cc339dc2892024400505092211fdae Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 15:31:40 -0500 Subject: [PATCH 411/487] Install curl in order to test for cloud --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 2b103e396..cb88f8dcf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -743,7 +743,7 @@ detect_os() { systemctl start NetworkManager; } >> "$setup_log" 2<&1 fi - apt-get install -y bc >> "$setup_log" 2>&1 + apt-get install -y bc curl >> "$setup_log" 2>&1 else echo "We were unable to determine if you are using a supported OS." From 1ec4af1a4d2c256fd94c2310dcb1eec4f182cf48 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 15:41:15 -0500 Subject: [PATCH 412/487] Destroy the old registry before updating SO images --- salt/common/tools/sbin/soup | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 72e0e58df..1f3153d41 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -93,7 +93,12 @@ airgap_update_dockers() { docker load -i $AGDOCKER/registry_image.tar fi fi +} +update_registry() { + docker stop so-dockerregistry + docker rm so-dockerregistry + salt-call state.apply registry } check_airgap() { @@ -431,6 +436,7 @@ echo "Updating dockers to $NEWVERSION." if [ $is_airgap -eq 0 ]; then airgap_update_dockers else + update_registry update_docker_containers "soup" fi echo "" From a08923030b956fcd366dd0f9731afbc6ae6a80e3 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 16 Nov 2020 16:26:38 -0500 Subject: [PATCH 413/487] [feat] Exit setup if less than required number of NICs present --- setup/so-whiptail | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 21e394b65..a1f07868c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -340,11 +340,27 @@ whiptail_requirements_error() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" \ - --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 + if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then + whiptail --title "Security Onion Setup" \ + --msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press OK to exit setup and reconfigure the machine." 10 75 + + # Same as whiptail_cancel, but changed the wording to exit instead of cancel. + whiptail --title "Security Onion Setup" --msgbox "Exiting Setup. No changes have been made." 8 75 + if [ -d "/root/installtmp" ]; then + { + echo "/root/installtmp exists"; + install_cleanup; + echo "/root/installtmp removed"; + } >> $setup_log 2>&1 + fi + exit + else + whiptail --title "Security Onion Setup" \ + --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + fi } whiptail_storage_requirements() { From 0d9b22fe2d049f3e0492541d8079cde4db9729ea Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 16 Nov 2020 16:33:29 -0500 Subject: [PATCH 414/487] fix so-status to work with so.status module and change padding --- salt/common/tools/sbin/so-status | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 344db61c6..8dd607bd6 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -181,12 +181,10 @@ print_line() { non_term_print_line() { local service_name=${1} - local service_state="$( parse_status ${2} )" - - local PADDING_CONSTANT=10 + local service_state="$( parse_status ${2} ${1} )" printf " $service_name " - for i in $(seq 0 $(( 40 - $PADDING_CONSTANT - ${#service_name} - ${#service_state} ))); do + for i in $(seq 0 $(( 35 - ${#service_name} - ${#service_state} ))); do printf "-" done printf " [ " From 3cf8afc1ddf48eeb14155bdb03ee0c1dae7e067e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 16:39:54 -0500 Subject: [PATCH 415/487] Remove unused redirect descriptors and ensure gpg import output is not leaked to console --- salt/common/tools/sbin/so-image-common | 2 +- setup/so-functions | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index aefeade91..9fa1278ef 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -117,7 +117,7 @@ update_docker_containers() { fi # Let's make sure we have the public key - curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - + curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS >> "$LOG_FILE" 2>&1 | gpg --import - >> "$LOG_FILE" 2>&1 rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 diff --git a/setup/so-functions b/setup/so-functions index cb88f8dcf..fb8b17a88 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -878,13 +878,7 @@ docker_seed_update() { fi ((docker_seed_update_percent=docker_seed_update_percent+percent_delta)) - # Backup current output descriptors and reset to saved descriptors from docker_seed_registry function - exec 8>&1 9>&2 1>&10 2>&20 - set_progress_str "$docker_seed_update_percent" "Downloading $name" - - # Restore current output descriptors and remove backups - exec 1>&8- 2>&9- } docker_seed_registry() { From 4436f02f6de3e7cb6f2cfa695a3dcbf3e9289432 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 16 Nov 2020 16:46:22 -0500 Subject: [PATCH 416/487] fix nginx for non manaager/fleet nodes --- salt/nginx/etc/nginx.conf | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 1463420b7..e65979f92 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -44,7 +44,9 @@ http { include /etc/nginx/conf.d/*.conf; - {%- if fleet_manager or role == 'fleet' %} + {%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'fleet', 'import'] %} + + {%- if (fleet_manager or role == 'fleet') and role != 'import' %} server { listen 8090 ssl http2 default_server; server_name {{ url_base }}; @@ -69,10 +71,7 @@ http { proxy_buffering off; } } - {%- endif %} - - - {%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'fleet', 'import'] %} + {%- endif %} server { listen 80 default_server; From 4311f661102daf403077d87be7b576eb95781a48 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 16 Nov 2020 16:58:09 -0500 Subject: [PATCH 417/487] Remove unnecessary redirect --- salt/common/tools/sbin/so-image-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 9fa1278ef..165c20528 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -117,7 +117,7 @@ update_docker_containers() { fi # Let's make sure we have the public key - curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS >> "$LOG_FILE" 2>&1 | gpg --import - >> "$LOG_FILE" 2>&1 + curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - >> "$LOG_FILE" 2>&1 rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 From b9267ee015e5ad09eb0a90ce6b3f6e22a031b39b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 09:00:02 -0500 Subject: [PATCH 418/487] Add missing newline after armor header --- KEYS | 1 + 1 file changed, 1 insertion(+) diff --git a/KEYS b/KEYS index 4844a1d94..15be14ca9 100644 --- a/KEYS +++ b/KEYS @@ -1,4 +1,5 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- + mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8 PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO From 79b63ed14b4321c63dac27ec3f9bebecba216d73 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 17 Nov 2020 09:47:08 -0500 Subject: [PATCH 419/487] [fix] Use singular when needed for requirements --- setup/so-functions | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 642ae5004..8e32e8abe 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -467,15 +467,15 @@ check_requirements() { if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi elif [[ "$standalone_or_dist" == 'import' ]]; then - req_mem=4 - req_cores=2 + req_mem=4 + req_cores=2 req_nics=1 fi if [[ $setup_type == 'network' ]] ; then if [[ -n $nsm_mount ]]; then if [[ "$standalone_or_dist" == 'import' ]]; then - req_storage=50 + req_storage=50 else req_storage=100 fi @@ -487,7 +487,7 @@ check_requirements() { fi else if [[ "$standalone_or_dist" == 'import' ]]; then - req_storage=50 + req_storage=50 else req_storage=200 fi @@ -498,11 +498,20 @@ check_requirements() { fi if [[ $num_nics -lt $req_nics ]]; then - whiptail_requirements_error "NICs" "$num_nics" "$req_nics" + if [[ $num_nics -eq 1 ]]; then + whiptail_requirements_error "NIC" "$num_nics" "$req_nics" + else + whiptail_requirements_error "NICs" "$num_nics" "$req_nics" + fi fi if [[ $num_cpu_cores -lt $req_cores ]]; then - whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores" + if [[ $num_cpu_cores -eq 1 ]]; then + whiptail_requirements_error "core" "$num_cpu_cores" "$req_cores" + else + whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores" + fi + fi if [[ $total_mem_hr -lt $req_mem ]]; then From 65440f9aef91dd76f246a9db85f69388269041c7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 09:51:28 -0500 Subject: [PATCH 420/487] verify new salt version is installed during soup if not, exit before proceeding --- salt/common/tools/sbin/soup | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 1f3153d41..5ce777aa3 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -458,6 +458,20 @@ if [ "$UPGRADESALT" == "1" ]; then upgrade_salt fi +echo "Checking if Salt was upgraded." +echo "" +# Check that Salt was upgraded, should be 3 'salt' packages on a manager node. salt-minion, salt-master and salt or salt-common depending on Ubuntu or CentOS. we could add salt-syndic in the future so checking that there are at least 3 packages +if [[ `rpm -qa | grep salt | grep $NEWSALTVERSION | wc -l` < 3 ]]; then + echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." + echo "Once the issue is resolved, run soup again." + echo "Exiting." + echo "" + exit 1 +else + echo "Salt upgrade success." + echo "" +fi + echo "Making pillar changes." pillar_changes echo "" From d13733e7166f0483fd61e5314c5591215fdd09a1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 09:59:01 -0500 Subject: [PATCH 421/487] Queue the registry state in case a highstate is already active --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 5ce777aa3..0453ea29d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -98,7 +98,7 @@ airgap_update_dockers() { update_registry() { docker stop so-dockerregistry docker rm so-dockerregistry - salt-call state.apply registry + salt-call state.apply registry queue=True } check_airgap() { From 88c2ee0d36af415ff6c44143d25aa7e31ed73fdf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 11:58:22 -0500 Subject: [PATCH 422/487] The Hive ES update --- salt/thehive/init.sls | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index e695c237f..c89017dda 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -89,14 +89,6 @@ so-thehive-es: - /opt/so/conf/thehive/etc/es/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/log/thehive:/var/log/elasticsearch:rw - environment: - - http.host=0.0.0.0 - - http.port=9400 - - transport.tcp.port=9500 - - transport.host=0.0.0.0 - - cluster.name=thehive - - thread_pool.index.queue_size=100000 - - thread_pool.search.queue_size=100000 - - thread_pool.bulk.queue_size=100000 - ES_JAVA_OPTS=-Xms512m -Xmx512m - port_bindings: - 0.0.0.0:9400:9400 @@ -164,4 +156,4 @@ thehive_state_not_allowed: test.fail_without_changes: - name: thehive_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From f31d459a24fea552f18e21fd38c27f9db90b6bf6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 11:59:03 -0500 Subject: [PATCH 423/487] The Hive ES Update --- salt/thehive/etc/es/elasticsearch.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 7f268a671..77e09b071 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -1,7 +1,7 @@ cluster.name: "thehive" network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 -# This is a test -- if this is here, then the volume is mounted correctly. +discovery.type: single-node path.logs: /var/log/elasticsearch action.destructive_requires_name: true transport.bind_host: 0.0.0.0 @@ -11,6 +11,3 @@ http.host: 0.0.0.0 http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 -thread_pool.index.queue_size: 100000 -thread_pool.search.queue_size: 100000 -thread_pool.bulk.queue_size: 100000 From aa8d9c12a0727ae87b4834d7127b0af53a76637d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 12:15:20 -0500 Subject: [PATCH 424/487] Remove yara rule update that can't succeed since the script doesn't exist at this point of the setup process --- setup/so-setup | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 065ba548f..e2728a571 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -604,9 +604,6 @@ fi docker_seed_registry # ~ 60% when finished set_progress_str 60 "$(print_salt_state_apply 'manager')" - if [[ "$STRELKARULES" == 1 ]]; then - /usr/sbin/so-yara-update >> $setup_log 2>&1 - fi salt-call state.apply -l info manager >> $setup_log 2>&1 set_progress_str 61 "$(print_salt_state_apply 'idstools')" From 65d28f98b5c851932e081354c27f62e97f8cea42 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 12:51:13 -0500 Subject: [PATCH 425/487] Revert "The Hive ES Update" This reverts commit f31d459a24fea552f18e21fd38c27f9db90b6bf6. --- salt/thehive/etc/es/elasticsearch.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 77e09b071..7f268a671 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -1,7 +1,7 @@ cluster.name: "thehive" network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 -discovery.type: single-node +# This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true transport.bind_host: 0.0.0.0 @@ -11,3 +11,6 @@ http.host: 0.0.0.0 http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 +thread_pool.index.queue_size: 100000 +thread_pool.search.queue_size: 100000 +thread_pool.bulk.queue_size: 100000 From 2184c3b8ee517d5f36c5b703d7fe5c50c1ab3b6a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 12:51:42 -0500 Subject: [PATCH 426/487] Revert "The Hive ES update" This reverts commit 88c2ee0d36af415ff6c44143d25aa7e31ed73fdf. --- salt/thehive/init.sls | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index c89017dda..e695c237f 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -89,6 +89,14 @@ so-thehive-es: - /opt/so/conf/thehive/etc/es/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/log/thehive:/var/log/elasticsearch:rw - environment: + - http.host=0.0.0.0 + - http.port=9400 + - transport.tcp.port=9500 + - transport.host=0.0.0.0 + - cluster.name=thehive + - thread_pool.index.queue_size=100000 + - thread_pool.search.queue_size=100000 + - thread_pool.bulk.queue_size=100000 - ES_JAVA_OPTS=-Xms512m -Xmx512m - port_bindings: - 0.0.0.0:9400:9400 @@ -156,4 +164,4 @@ thehive_state_not_allowed: test.fail_without_changes: - name: thehive_state_not_allowed -{% endif %} +{% endif %} \ No newline at end of file From 4cd1086efa75aed292cdb6ce32feb1dbcd9fd491 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 13:15:55 -0500 Subject: [PATCH 427/487] new way for soup to install and resart salt for upgrade --- salt/salt/map.jinja | 9 +++++---- salt/salt/minion.sls | 14 ++++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 9c7d0ac39..41ca3befb 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -1,5 +1,6 @@ {% import_yaml 'salt/minion.defaults.yaml' as saltminion %} {% set SALTVERSION = saltminion.salt.minion.version %} +{% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split('-')[0] %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% if grains.os|lower == 'ubuntu' %} @@ -11,13 +12,13 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} -{% endif %} +{% endif %} \ No newline at end of file diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 59209828b..5613e11ab 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -1,4 +1,6 @@ {% from 'salt/map.jinja' import COMMON with context %} +{% from 'salt/map.jinja' import SALTVERSION %} +{% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} {% from 'salt/map.jinja' import UPGRADECOMMAND with context %} include: @@ -6,12 +8,12 @@ include: install_salt_minion: cmd.run: - - name: {{ UPGRADECOMMAND }} - -#versionlock_salt_minion: -# module.run: -# - pkg.hold: -# - name: "salt-*" + - name: | + exec 0>&- # close stdin + exec 1>&- # close stdout + exec 2>&- # close stderr + nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & + - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' != '{{SALTVERSION}}' ]]" salt_minion_package: pkg.installed: From e162be2e1d7a60f300f063758ea134ad007e5cec Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 14:29:39 -0500 Subject: [PATCH 428/487] change salt upgrade command https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- salt/salt/minion.sls | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 41ca3befb..cf62f6db3 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 5613e11ab..841762d37 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -1,7 +1,7 @@ {% from 'salt/map.jinja' import COMMON with context %} +{% from 'salt/map.jinja' import UPGRADECOMMAND with context %} {% from 'salt/map.jinja' import SALTVERSION %} {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %} -{% from 'salt/map.jinja' import UPGRADECOMMAND with context %} include: - salt From 1ec8b52353c964d11504f407130c83e87f745590 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 15:12:02 -0500 Subject: [PATCH 429/487] Replace scan.exiftool.* fields due to reduction in strelka field counts --- salt/soc/files/soc/hunt.eventfields.json | 2 +- salt/soc/files/soc/hunt.queries.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/files/soc/hunt.eventfields.json b/salt/soc/files/soc/hunt.eventfields.json index f7cfb53e3..e8af03a5c 100644 --- a/salt/soc/files/soc/hunt.eventfields.json +++ b/salt/soc/files/soc/hunt.eventfields.json @@ -37,7 +37,7 @@ "::firewall": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "network.transport", "network.direction", "interface.name", "rule.action", "rule.reason", "network.community_id" ], ":osquery:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ], ":ossec:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.level", "rule.category", "process.name", "user.name", "user.escalated", "location" ], - ":strelka:file": ["soc_timestamp", "scan.exiftool.OriginalFileName", "file.size", "hash.md5", "scan.exiftool.CompanyName", "scan.exiftool.Description", "scan.exiftool.Directory", "scan.exiftool.FileType", "scan.exiftool.FileOS", "log.id.fuid" ], + ":strelka:file": ["soc_timestamp", "file.name", "file.size", "hash.md5", "file.source", "file.mime_type", "log.id.fuid" ], ":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ], ":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ], ":windows_eventlog:": ["soc_timestamp", "user.name" ] diff --git a/salt/soc/files/soc/hunt.queries.json b/salt/soc/files/soc/hunt.queries.json index f2c3a633a..57027dc0f 100644 --- a/salt/soc/files/soc/hunt.queries.json +++ b/salt/soc/files/soc/hunt.queries.json @@ -10,7 +10,7 @@ { "name": "Wazuh/OSSEC Users", "description": "Show all Wazuh alerts grouped by username", "query": "event.module:ossec AND event.dataset:alert | groupby user.escalated.keyword"}, { "name": "Sysmon Events", "description": "Show all Sysmon logs grouped by event type", "query": "event.module:sysmon | groupby event.dataset"}, { "name": "Sysmon Usernames", "description": "Show all Sysmon logs grouped by username", "query": "event.module:sysmon | groupby event.dataset, user.name.keyword"}, - { "name": "Strelka", "description": "Show all Strelka logs grouped by file type", "query": "event.module:strelka | groupby scan.exiftool.FileType"}, + { "name": "Strelka", "description": "Show all Strelka logs grouped by file type", "query": "event.module:strelka | groupby file.mime_type"}, { "name": "Zeek Notice", "description": "Show notices from Zeek", "query": "event.dataset:notice | groupby notice.note notice.message"}, { "name": "Connections", "description": "Connections grouped by IP and Port", "query": "event.dataset:conn | groupby source.ip destination.ip network.protocol destination.port"}, { "name": "Connections", "description": "Connections grouped by Service", "query": "event.dataset:conn | groupby network.protocol destination.port"}, From b14670030349a2747a00ace665568ab5f51ac47b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 17 Nov 2020 15:36:25 -0500 Subject: [PATCH 430/487] [feat] Remove so-setup permission from sudoers file after iso setup Closes #1701 --- salt/common/tools/sbin/soup | 7 +++++++ setup/so-functions | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 0453ea29d..db806a443 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -191,6 +191,7 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 + [[ "$INSTALLEDVERSION" =~ 2.3.2 ]] && up_2.3.2_to_2.3.10 } @@ -292,6 +293,12 @@ unmount_update() { umount /tmp/soagupdate } +up_2.3.2_to_2.3.10() { + if grep -q "so-setup" /etc/sudoers; then + echo "[ INFO ] There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." + fi +} + update_centos_repo() { # Update the files in the repo echo "Syncing new updates to /nsm/repo" diff --git a/setup/so-functions b/setup/so-functions index bd2c05179..c21f8407a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1019,6 +1019,10 @@ install_cleanup() { # If Mysql is running stop it /usr/sbin/so-mysql-stop + if [[ $install_type == 'iso' ]]; then + info "Removing so-setup permission entry from sudoers file" + sed -i '/so-setup/d' /etc/sudoers + fi } import_registry_docker() { From ee3708a428a9561ac12fa302addd045b32f19c70 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 17 Nov 2020 15:44:20 -0500 Subject: [PATCH 431/487] [fix] Move sudoers check in soup to correct place + fix styling issue --- salt/common/tools/sbin/soup | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index db806a443..42e6c2637 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -114,6 +114,12 @@ check_airgap() { fi } +check_sudoers() { + if grep -q "so-setup" /etc/sudoers; then + echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." + fi +} + clean_dockers() { # Place Holder for cleaning up old docker images echo "Trying to clean up old dockers." @@ -191,8 +197,6 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 - [[ "$INSTALLEDVERSION" =~ 2.3.2 ]] && up_2.3.2_to_2.3.10 - } rc1_to_rc2() { @@ -293,11 +297,6 @@ unmount_update() { umount /tmp/soagupdate } -up_2.3.2_to_2.3.10() { - if grep -q "so-setup" /etc/sudoers; then - echo "[ INFO ] There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." - fi -} update_centos_repo() { # Update the files in the repo @@ -468,7 +467,7 @@ fi echo "Checking if Salt was upgraded." echo "" # Check that Salt was upgraded, should be 3 'salt' packages on a manager node. salt-minion, salt-master and salt or salt-common depending on Ubuntu or CentOS. we could add salt-syndic in the future so checking that there are at least 3 packages -if [[ `rpm -qa | grep salt | grep $NEWSALTVERSION | wc -l` < 3 ]]; then +if [[ $(rpm -qa | grep salt | grep -c $NEWSALTVERSION) -lt 3 ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." @@ -531,6 +530,8 @@ if [ "$UPGRADESALT" == "1" ]; then echo "" fi +check_sudoers + } main "$@" | tee /dev/fd/3 From fcfd3e3758d725a455b194eda81d25409e79f7db Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 16:09:30 -0500 Subject: [PATCH 432/487] change location yum/apt verison locks https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- salt/salt/minion.sls | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index cf62f6db3..f238c3eae 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 841762d37..4a92c8d80 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -21,6 +21,7 @@ salt_minion_package: - {{ COMMON }} - salt-minion - hold: True + - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' == '{{SALTVERSION}}' ]]" salt_minion_service: service.running: From 1fd2196dd5bdebd767a184b2363067b925fd2208 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 16:18:50 -0500 Subject: [PATCH 433/487] fix check of salt was upgraded during soup for ubuntu and centos --- salt/common/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 0453ea29d..df2776fee 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -460,8 +460,8 @@ fi echo "Checking if Salt was upgraded." echo "" -# Check that Salt was upgraded, should be 3 'salt' packages on a manager node. salt-minion, salt-master and salt or salt-common depending on Ubuntu or CentOS. we could add salt-syndic in the future so checking that there are at least 3 packages -if [[ `rpm -qa | grep salt | grep $NEWSALTVERSION | wc -l` < 3 ]]; then +# Check that Salt was upgraded +if [[ `salt --versions-report | grep Salt: | awk {'print $2'}` == "$NEWSALTVERSION" ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." From 7d1cf56160cc37bbfb92dd7683611566f710f8a1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 16:29:35 -0500 Subject: [PATCH 434/487] change check of salt was upgraded during soup for ubuntu and centos --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index df2776fee..73432d5f1 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -461,7 +461,7 @@ fi echo "Checking if Salt was upgraded." echo "" # Check that Salt was upgraded -if [[ `salt --versions-report | grep Salt: | awk {'print $2'}` == "$NEWSALTVERSION" ]]; then +if [[ $(salt --versions-report | grep Salt: | awk {'print $2'}) -eq "$NEWSALTVERSION" ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." From 2bfc48be35f1c7e6fcdde30af04caa16211eb199 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 16:31:11 -0500 Subject: [PATCH 435/487] change check of salt was upgraded during soup for ubuntu and centos --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 73432d5f1..622e06eed 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -461,7 +461,7 @@ fi echo "Checking if Salt was upgraded." echo "" # Check that Salt was upgraded -if [[ $(salt --versions-report | grep Salt: | awk {'print $2'}) -eq "$NEWSALTVERSION" ]]; then +if [[ $(salt --versions-report | grep Salt: | awk {'print $2'}) == "$NEWSALTVERSION" ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." From 42126f125bcbf2e7a33a0d98e753ac3b338d26f6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 17:00:59 -0500 Subject: [PATCH 436/487] change verison check to != --- salt/common/tools/sbin/soup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 622e06eed..d8e3ee0bb 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -461,7 +461,7 @@ fi echo "Checking if Salt was upgraded." echo "" # Check that Salt was upgraded -if [[ $(salt --versions-report | grep Salt: | awk {'print $2'}) == "$NEWSALTVERSION" ]]; then +if [[ $(salt --versions-report | grep Salt: | awk {'print $2'}) != "$NEWSALTVERSION" ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." @@ -510,6 +510,7 @@ masterunlock echo "" echo "Starting Salt Master service." systemctl start salt-master +echo "Running a highstate. This could take several minutes." highstate playbook unmount_update From 695cce0b509586ba90c7fdeddc6937a1ce6eeade Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 17:54:56 -0500 Subject: [PATCH 437/487] upgrad command changes https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index f238c3eae..422fa76d0 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && yum versionlock add "salt-*"' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && yum versionlock add "salt-*"' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && apt-mark hold salt-common && apt-mark hold salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 7291d64e8202db4bc27f6a50758eba5787f3de9b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 18:38:01 -0500 Subject: [PATCH 438/487] pkill salt-minion before restartiong salt-minion service https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 422fa76d0..42f9260ad 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && yum versionlock add "salt-*"' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && yum versionlock add "salt-*"' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && salt-call --local service.restart salt-minion && apt-mark hold salt-common && apt-mark hold salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 5c6e9e0e3a7eee3f3fae7a8e5de5bf82ab214458 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 17 Nov 2020 19:40:42 -0500 Subject: [PATCH 439/487] run a highstate and let that start the salt-minion back up https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 42f9260ad..711701b69 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 90 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From bfbc0f354c837eb36e7f75b7f628a29536d66cfc Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 22:48:40 -0500 Subject: [PATCH 440/487] Only default to logging out to tty if tty exists as a character device --- salt/common/tools/sbin/so-image-common | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 165c20528..3449158c0 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -105,7 +105,11 @@ update_docker_containers() { fi if [ -z "$LOG_FILE" ]; then - LOG_FILE=/dev/tty + if [ -c /dev/tty ]; then + LOG_FILE=/dev/tty + else + LOG_FILE=/dev/null + fi fi # Recheck the version for scenarios were the VERSION wasn't known before this script was imported From c95619d335b095d018ca8634c1fc60dc52ad4b68 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 08:35:56 -0500 Subject: [PATCH 441/487] change upgradecommand order https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 711701b69..d11491046 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 90 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate --l info' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate --l info' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate --log-file-level info' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate --l info' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 4bb1ad9799059a856f1eafbcf4bd1bffb81a7ee2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 09:29:09 -0500 Subject: [PATCH 442/487] dont restart or kill salt-minon in upgrade command https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index d11491046..bd1f6b1ff 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate --l info' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate -l info' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate --l info' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate -l info' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && systemctl stop salt-minion && pkill -9 -ef /usr/bin/salt-minion && /usr/sbin/bootstrap-salt.sh -s 90 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate --l info' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate -l info' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From bddc3d6df9cae3f87821d312afc55c30f1ba781b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 10:40:23 -0500 Subject: [PATCH 443/487] kill all salt-minion again since they hang and redirect highstate to a logfile --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index bd1f6b1ff..102c4ee44 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate -l info' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate -l info' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate -l info' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 8a4defcffa3c1f6038674492a0b52e5af271beed Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 11:16:31 -0500 Subject: [PATCH 444/487] [refactor] Check for setup log earlier * Check for sosetuo.log before any scripts besides so-variables are sourced to make sure the log hasn't been created yet. --- setup/so-setup | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index e2728a571..8c6378150 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -24,10 +24,19 @@ fi cd "$(dirname "$0")" || exit 255 +source ./so-variables + +is_reinstall=false +if [[ -f $setup_log ]]; then + is_reinstall=true + + # Move last setup log to backup + mv $setup_log $setup_log.bak +fi + source ./so-functions source ./so-common-functions source ./so-whiptail -source ./so-variables # Parse command line arguments setup_type=$1 @@ -54,12 +63,6 @@ while [[ $# -gt 0 ]]; do esac done -if [[ -f $setup_log ]]; then - is_reinstall=true - - # Move last setup log to backup - mv $setup_log $setup_log.bak -fi # Begin Installation pre-processing parse_install_username From ce70e0a61f23d5c56f9a5faa9d7f9ac7af7ae291 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 11:51:28 -0500 Subject: [PATCH 445/487] changes to upgradecommand https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 102c4ee44..bb4a01fa9 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate -l info > /opt/so/log/salt/salt-upgrade-highstate 2>&1' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From ad74b4b3e06a9e25677659b1fc6cb761735aef8e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 12:29:54 -0500 Subject: [PATCH 446/487] [refactor][fix] Update reinstall logic * Only set reinstall flag if new accept_changes file exists * Instead of stopping highstate from running, kill all salt processes and remove their configs * Make end of non-reinstall logs clear in cases where user cancels (and log not rotated) --- setup/so-functions | 17 +++++------------ setup/so-setup | 20 +++++++++----------- setup/so-variables | 3 +++ setup/so-whiptail | 6 +++++- 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index c21f8407a..1d6ac642c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1382,20 +1382,13 @@ reinstall_init() { info "Putting system in state to run setup again" { - local minion_config=/etc/salt/minion + rm -f "$change_file" - # Remove startup_states from minion config so we don't immediately highstate when salt starts back up - if [[ -f $minion_config ]] && grep -q "startup_states" $minion_config; then - sed -i '/startup_states/d' $minion_config - fi + # Kill any salt processes + pkill -9 -ef /usr/bin/salt - if command -v salt-call &> /dev/null; then - # Disable schedule so highstate doesn't start running during the install - salt-call -l info schedule.disable - - # Kill any currently running salt jobs, also to prevent issues with highstate. - salt-call -l info saltutil.kill_all_jobs - fi + # Remove all salt configs + rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/* if command -v docker &> /dev/null; then # Stop and remove all so-* containers so files can be changed with more safety diff --git a/setup/so-setup b/setup/so-setup index 8c6378150..24089dffc 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -24,19 +24,10 @@ fi cd "$(dirname "$0")" || exit 255 -source ./so-variables - -is_reinstall=false -if [[ -f $setup_log ]]; then - is_reinstall=true - - # Move last setup log to backup - mv $setup_log $setup_log.bak -fi - source ./so-functions source ./so-common-functions source ./so-whiptail +source ./so-variables # Parse command line arguments setup_type=$1 @@ -63,6 +54,13 @@ while [[ $# -gt 0 ]]; do esac done +is_reinstall=false +if [[ -f $change_file ]]; then + is_reinstall=true + + # Move last setup log to backup + mv "$setup_log" "$setup_log.bak" +fi # Begin Installation pre-processing parse_install_username @@ -320,7 +318,6 @@ if [[ $is_import ]]; then PLAYBOOK=0 fi - # Start user prompts if [[ $is_helix || $is_sensor ]]; then @@ -428,6 +425,7 @@ fi if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi whiptail_make_changes +touch $change_file # From here on changes will be made. diff --git a/setup/so-variables b/setup/so-variables index 83b9b4325..8c85954c2 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -21,6 +21,9 @@ export node_es_port setup_log="/root/sosetup.log" export setup_log +change_file="/root/accept_changes" +export change_file + filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_root diff --git a/setup/so-whiptail b/setup/so-whiptail index a1f07868c..2c47b69e1 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -168,8 +168,12 @@ whiptail_cancel() { echo "/root/installtmp removed"; } >> $setup_log 2>&1 fi - exit + echo "----------" >> "$setup_log" 2>&1 + info "User cancelled setup, no changes made." + echo "----------" >> "$setup_log" 2>&1 + + exit } whiptail_check_exitstatus() { From d0e7b5b55ae6d13d0386bc8d99ab3564a105330e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 12:32:21 -0500 Subject: [PATCH 447/487] only ensure salt-minion service is running if salt is on right verison https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/salt/minion.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 4a92c8d80..f7d2126c1 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -26,4 +26,5 @@ salt_minion_package: salt_minion_service: service.running: - name: salt-minion - - enable: True \ No newline at end of file + - enable: True + - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' == '{{SALTVERSION}}' ]]" \ No newline at end of file From 0542e0aa047ea2d29fd26f9aab23209b25e71b09 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 12:35:16 -0500 Subject: [PATCH 448/487] [fix] info -> title --- setup/so-whiptail | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 2c47b69e1..07e534c0f 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -169,9 +169,7 @@ whiptail_cancel() { } >> $setup_log 2>&1 fi - echo "----------" >> "$setup_log" 2>&1 - info "User cancelled setup, no changes made." - echo "----------" >> "$setup_log" 2>&1 + title "User cancelled setup, no changes made." exit } From 57e9f69c9701fe989f816da7e707e6812c52eccb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 18 Nov 2020 12:35:33 -0500 Subject: [PATCH 449/487] Add new so-ip-update script (Work in progress) --- salt/common/tools/sbin/so-common | 61 +++++++++++++++++++++++------ salt/common/tools/sbin/so-ip-update | 59 ++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 11 deletions(-) create mode 100644 salt/common/tools/sbin/so-ip-update diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index ab54d634e..1dfa22a5f 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -17,8 +17,8 @@ # Check for prerequisites if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 + echo "This script must be run using sudo!" + exit 1 fi # Define a banner to separate sections @@ -29,19 +29,43 @@ header() { printf '%s\n' "$banner" "$*" "$banner" } +lookup_salt_value() { + key=$1 + group=$2 + kind=$3 + + if [ -z "$kind" ]; then + kind=pillar + fi + + if [ -n "$group" ]; then + group=${group}: + fi + + salt-call --no-color ${kind}.get ${group}${key} --out=newline_values_only +} + lookup_pillar() { - key=$1 - salt-call --no-color pillar.get global:${key} --out=newline_values_only + key=$1 + pillar=$2 + if [ -z "$pillar" ]; then + pillar=global + fi + lookup_salt_value "$key" "$pillar" "pillar" } lookup_pillar_secret() { - key=$1 - salt-call --no-color pillar.get secrets:${key} --out=newline_values_only + lookup_pillar "$1" "secrets" } lookup_grain() { - key=$1 - salt-call --no-color grains.get ${key} --out=newline_values_only + lookup_salt_value "$1" "" "grains" +} + +lookup_role() { + id=$(lookup_grain id) + pieces=($(echo $id | tr '_' ' ')) + echo ${pieces[1]} } check_container() { @@ -50,9 +74,9 @@ check_container() { } check_password() { - local password=$1 - echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 - return $? + local password=$1 + echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1 + return $? } set_os() { @@ -96,3 +120,18 @@ require_manager() { exit 1 fi } + +is_single_node_grid() { + role=$(lookup_role) + if [ "$role" != "eval" ] && [ "$role" != "standalone" ] && [ "$role" != "import" ]; then + return 1 + fi + return 0 +} + +fail() { + msg=$1 + echo "ERROR: $msg" + echo "Exiting." + exit 1 +} diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update new file mode 100644 index 000000000..7321a5587 --- /dev/null +++ b/salt/common/tools/sbin/so-ip-update @@ -0,0 +1,59 @@ +#!/bin/bash + +. $(dirname $0)/so-common + +if [ "$FORCE_IP_UPDATE" != "1" ]; then + is_single_node_grid || fail "Cannot update the IP on a distributed grid" +fi + +echo "This tool will update a manager's IP address to the new IP assigned to the management network interface." + +echo +echo "WARNING: This tool is still undergoing testing, use at your own risk!" +echo + +if [ -z "$OLD_IP" ]; then + OLD_IP=$(lookup_pillar "managerip") + + if [ -z "$OLD_IP" ]; then + fail "Unable to find old IP; possible salt system failure" + fi + + echo "Found old IP $OLD_IP." +fi + +if [ -z "$NEW_IP" ]; then + iface=$(lookup_pillar "mainint" "host") + NEW_IP=$(ip -4 addr list $iface | grep inet | cut -d' ' -f6 | cut -d/ -f1) + + if [ -z "$NEW_IP" ]; then + fail "Unable to detect new IP on interface $iface. " + fi + + echo "Detected new IP $NEW_IP on interface $iface." +fi + +if [ "$OLD_IP" == "$NEW_IP" ]; then + fail "IP address has not changed" +fi + +echo "About to change old IP $OLD_IP to new IP $NEW_IP." + +read -n 1 -p "Would you like to continue? (y/N) " CONTINUE +echo + +if [ "$CONTINUE" == "y" ]; then + for file in $(grep -rlI $OLD_IP /opt/so/saltstack /etc); do + echo "Updating file: $file" + sed -i "s|$OLD_IP|$NEW_IP|g" $file + done + + echo "The IP has been changed from $OLD_IP to $NEW_IP." + + if [ -z "$SKIP_STATE_APPLY" ]; then + echo "Re-applying salt states." + salt-call state.highstate queue=True + fi +else + echo "Exiting without changes." +fi \ No newline at end of file From 34fd80182e3fa2124dcd235dac0bde637e7ccf9a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 12:54:29 -0500 Subject: [PATCH 450/487] [fix][wip] Don't use variable for accept_changes file --- setup/so-setup | 4 ++-- setup/so-variables | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 24089dffc..e8993c1da 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -55,7 +55,7 @@ while [[ $# -gt 0 ]]; do done is_reinstall=false -if [[ -f $change_file ]]; then +if [[ -f /root/accept_changes ]]; then is_reinstall=true # Move last setup log to backup @@ -425,9 +425,9 @@ fi if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi whiptail_make_changes -touch $change_file # From here on changes will be made. +echo "1" > /root/accept_changes if [[ $is_reinstall ]]; then reinstall_init diff --git a/setup/so-variables b/setup/so-variables index 8c85954c2..83b9b4325 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -21,9 +21,6 @@ export node_es_port setup_log="/root/sosetup.log" export setup_log -change_file="/root/accept_changes" -export change_file - filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_root From 276c011a4f8b6727567a7f05d3dc47f6744a3bf4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 13:22:11 -0500 Subject: [PATCH 451/487] queue state and change upgrade command https://github.com/Security-Onion-Solutions/securityonion/issues/1961 --- salt/common/tools/sbin/soup | 2 +- salt/salt/map.jinja | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d8e3ee0bb..a256bb30d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -521,7 +521,7 @@ if [ "$UPGRADESALT" == "1" ]; then if [ $is_airgap -eq 0 ]; then salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all" fi - salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion + salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion queue=True echo "" fi diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index bb4a01fa9..1688e562a 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True'%} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate && pkill -9 -ef /usr/bin/salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 1e2b4048362caa90251c5c4dececa37c6a1817d2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 13:29:42 -0500 Subject: [PATCH 452/487] remove -s --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 1688e562a..f6cf42570 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True'%} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True'%} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 6b4af30fc1ff11b5736b45e5f72e99a1541456ff Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 18 Nov 2020 13:47:32 -0500 Subject: [PATCH 453/487] Change clean_removed to true cleanup tracking of Zeek logs removed from current --- salt/filebeat/etc/filebeat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 3587b6ffd..799a37337 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -115,7 +115,7 @@ filebeat.inputs: fields: ["source", "prospector", "input", "offset", "beat"] fields_under_root: true - clean_removed: false + clean_removed: true close_removed: false - type: log From 81b9658499e378d00fe31bf5e678a60252349fb0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 13:51:18 -0500 Subject: [PATCH 454/487] [fix] Don't remove accept_changes file --- setup/so-functions | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 1d6ac642c..5875fb8a4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1382,8 +1382,6 @@ reinstall_init() { info "Putting system in state to run setup again" { - rm -f "$change_file" - # Kill any salt processes pkill -9 -ef /usr/bin/salt From 280cde43ff57df00e9d30902fce2794a67bbd519 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 13:51:39 -0500 Subject: [PATCH 455/487] [fix] install_type -> setup_type --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5875fb8a4..03ebf53be 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1019,7 +1019,7 @@ install_cleanup() { # If Mysql is running stop it /usr/sbin/so-mysql-stop - if [[ $install_type == 'iso' ]]; then + if [[ $setup_type == 'iso' ]]; then info "Removing so-setup permission entry from sudoers file" sed -i '/so-setup/d' /etc/sudoers fi From ceef07b74b8e500e1e5a115668ec5f514808c983 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 14:00:01 -0500 Subject: [PATCH 456/487] remove pkill --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index f6cf42570..5cb2c76e2 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True'%} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True'%} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && pkill -9 -ef /usr/bin/salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate && sleep 300 && salt-call state.apply salt.minion queue=True' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From e65c53dbb1a29979359ccb0453850ecb7a7cf07d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 14:01:33 -0500 Subject: [PATCH 457/487] [fix] Don't rename /nsm/docker-registry --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 03ebf53be..f1a1ec1b5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1405,7 +1405,7 @@ reinstall_init() { # Backup /nsm for the same reason while IFS= read -r -d '' dir; do mv "$dir" "${dir}_old_${date_string}" - done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -print0) + done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -not -path "/nsm/docker-registry" -print0) # Remove the old launcher package in case the config changes remove_package launcher-final From 8b6b7cbd11e589ff805b5736b5d7884dfb211e0f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 14:46:22 -0500 Subject: [PATCH 458/487] [fix] Check if $is_reinstall is true --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e8993c1da..9b3beb27d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -429,7 +429,7 @@ whiptail_make_changes # From here on changes will be made. echo "1" > /root/accept_changes -if [[ $is_reinstall ]]; then +if [[ $is_reinstall == true ]]; then reinstall_init fi From 80d0080f70bc322b863e43c68524be2f0c0b5e38 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 14:47:53 -0500 Subject: [PATCH 459/487] [fix] Only set is_reinstall if it's needed --- setup/so-setup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 9b3beb27d..e1550ff03 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -54,7 +54,6 @@ while [[ $# -gt 0 ]]; do esac done -is_reinstall=false if [[ -f /root/accept_changes ]]; then is_reinstall=true @@ -429,7 +428,7 @@ whiptail_make_changes # From here on changes will be made. echo "1" > /root/accept_changes -if [[ $is_reinstall == true ]]; then +if [[ $is_reinstall ]]; then reinstall_init fi From 0830f63c4e96f38a7de960a491f2e4da99d43f07 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 18 Nov 2020 14:55:14 -0500 Subject: [PATCH 460/487] SOUP - Regen Osquery Packages --- salt/common/tools/sbin/soup | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 42e6c2637..a6841e3a6 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -501,6 +501,16 @@ echo "" echo "Starting Salt Master service." systemctl start salt-master +# Only regenerate osquery packages if Fleet is enabled +FLEET_MANAGER=$(lookup_pillar fleet_manager) +FLEET_NODE=$(lookup_pillar fleet_node) +if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then + echo "" + echo "Regenerating Osquery Packages.... This will take several minutes." + salt-call state.apply fleet.event_gen-packages -l info queue=True + echo "" +fi + echo "" echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." highstate From 1c55bb6db27dab50f20695db2bd03ae8f8c1c6b5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Nov 2020 15:34:40 -0500 Subject: [PATCH 461/487] [fix] Only backup /nsm/mysql and /nsm/wazuh --- setup/so-functions | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index f1a1ec1b5..a01515866 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1398,14 +1398,11 @@ reinstall_init() { date_string=$(date +%s) # Backup /opt/so since we'll be rebuilding this directory during setup - if [[ -d /opt/so ]]; then - mv /opt/so "/opt/so_old_${date_string}" - fi + backup_dir /opt/so "$date_string" - # Backup /nsm for the same reason - while IFS= read -r -d '' dir; do - mv "$dir" "${dir}_old_${date_string}" - done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -not -path "/nsm/docker-registry" -print0) + # Backup directories in /nsm to prevent app errors + backup_dir /nsm/mysql "$date_string" + backup_dir /nsm/wazuh "$date_string" # Remove the old launcher package in case the config changes remove_package launcher-final @@ -1413,6 +1410,15 @@ reinstall_init() { } >> $setup_log 2>&1 } +backup_dir() { + dir=$1 + backup_suffix=$2 + + if [[ -d $dir ]]; then + mv "$dir" "${dir}_old_${backup_suffix}" + fi +} + remove_package() { local package_name=$1 if [ $OS = 'centos' ]; then From 6cc9d1c076ae1e130c0ff63ad256e0f8a34e9db4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 15:49:30 -0500 Subject: [PATCH 462/487] add back -s --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 975df36ed..1c855ab07 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From 1170b04a87afbc3aa0b38840f7293489b5441d4e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 18 Nov 2020 16:18:00 -0500 Subject: [PATCH 463/487] Update changes for 2.3.10 --- salt/soc/files/soc/changes.json | 43 +++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index ec54844cf..44298caf0 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,9 +1,42 @@ { - "title": "Security Onion 2.3.3 is here!", + "title": "Security Onion 2.3.10 is here!", "changes": [ - { "summary": "Updated salt to 3002.1 to address CVE-2020-16846, CVE-2020-17490, CVE-2020-25592." }, - { "summary": "Cheat sheet is now available for airgap installs." }, - { "summary": "Updated Go to correct DST/Timezone issue in SOC." }, - { "summary": "Known Issues
  • It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.
  • In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:
    1. Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes
    2. Re-Index the data. This is not a quick process but you can find more information at https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing
  • Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at https://securityonion.net/discuss.
  • Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.
  • Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.
  • When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.
  • When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:
    1. Stop elasticsearch - sudo so-elasticsearch-stop
    2. Run the SSL state - sudo salt-call state.apply ssl
    3. Restart elasticsearch - sudo so-elasticsearch-restart
  • If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:
    1. Stop the Docker registry - sudo docker stop so-dockerregistry
    2. Remove the container - sudo docker rm so-dockerregistry
    3. Run the registry state - sudo salt-call state.apply registry
" } + { "summary": "UEFI installs with multiple disks should work as intended now." }, + { "summary": "Telegraf scripts will now make sure they are not already running before execution." }, + { "summary": "You are now prompted during setup if you want to change the docker IP range. If you change this it needs to be the same on all nodes in the grid." }, + { "summary": "Soup will now download the new containers before stopping anything. If anything fails it will now exit and leave the grid at the current version." }, + { "summary": "All containers are now hosted on quay.io to prevent pull limitations. We are now using GPG keys to determine if the image is from Security Onion." }, + { "summary": "Osquery installers have been updated to osquery 4.5.1." }, + { "summary": "Fix for bug where Playbook was not removing the Elastalert rules for inactive Plays." }, + { "summary": "Exifdata reported by Strelka is now constrained to a single multi-valued field to prevent mapping explosion (scan.exiftool)." }, + { "summary": "Resolved issue with Navigator layer(s) not loading correctly." }, + { "summary": "Wazuh authd is now started by default on port 1515/tcp." }, + { "summary": "Wazuh API default credentials are now removed after setup. Scripts have been added for API user management." }, + { "summary": "Upgraded Salt to 3002.1 due to CVEs." }, + { "summary": "If salt-minion is unable to apply states after the defined threshold, we assume salt-minion is in a bad state and the salt-minion service will be restarted." }, + { "summary": "Fixed bug that prevented mysql from installing for Fleet if Playbook wasn't also installed." }, + { "summary": "so-status will now show STARTING or WAIT_START, instead of ERROR, if so-status is run before a salt highstate has started or finished for the first time after system startup" }, + { "summary": "Stenographer can now be disabled on a sensor node by setting the pillar steno:enabled:false in it's minion.sls file or globally if set in the global.sls file" }, + { "summary": "Added so-ssh-harden script that runs the commands listed in https://docs.securityonion.net/en/2.3/ssh.html" }, + { "summary": "NGINX now redirects the browser to the hostname/IP address/FQDN based on global:url_base" }, + { "summary": "MySQL state now waits for MySQL server to respond to a query before completeing" }, + { "summary": "Added Analyst option to network installs" }, + { "summary": "Acknowledging (and Escalating) alerts did not consistently remove the alert from the visible list; this has been corrected." }, + { "summary": "Escalating alerts that have a rule.case_template field defined will automatically assign that case template to the case generated in TheHive." }, + { "summary": "Alerts and Hunt interface quick action bar has been converted into a vertical menu to improve quick action option clarity. Related changes also eliminated the issues that occurred when the quick action bar was appearing to the left of the visible browser area." }, + { "summary": "Updated Go to newer version to fix a timezone, daylight savings time (DST) issue that resulted in Alerts and Hunt interfaces not consistently showing results." }, + { "summary": "Improved Hunt and Alert table sorting." }, + { "summary": "Alerts interface now allows absolute time searches." }, + { "summary": "Alerts interface 'Hunt' quick action is now working as intended." }, + { "summary": "Alerts interface 'Ack' icon tooltip has been changed from 'Dismiss' to 'Acknowledge' for consistency." }, + { "summary": "Hunt interface bar charts will now show the quick action menu when clicked instead of assuming the click was intended to add an include filter." }, + { "summary": "Hunt interface quick action will now cast a wider net on field searches." }, + { "summary": "Now explicitly preventing the use of a dollar sign ($) character in web user passwords during setup." }, + { "summary": "Cortex container will now restart properly if the SO host was not gracefully shutdown." }, + { "summary": "Added syslog plugin to the logstash container; this is not in-use by default but available for those users that choose to use it." }, + { "summary": "Winlogbeat download package is now available from the SOC Downloads interface." }, + { "summary": "Upgraded Kratos authentication system." }, + { "summary": "Added new Reset Defaults button to the SOC Profile Settings interface which allows users to reset all local browser SOC customizations back to their defaults. This includes things like default sort column, sort order, items per page, etc." }, + { "summary": "Known Issues
  • Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run sudo systemctl restart salt-minion. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minon watch process will restart it automatically after 1 hour.
  • During soup, you may see the following during the first highstate run, it can be ignored: Rendering SLS '' failed: Jinja variable 'list object' has no attribute 'values'. The second highstate will complete without that error.
" } ] } From 1805effdc01657b3a074922f03e29760c0027dd8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 16:32:53 -0500 Subject: [PATCH 464/487] add -X so bootstrap doesnt try to start salt-minion during soup --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 1c855ab07..2de32eb34 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From afd466cd2b749bf0f6a7fb29fa13e460eecb6455 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 17:27:25 -0500 Subject: [PATCH 465/487] dont highstate, just restart salt-minion --- salt/salt/map.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 2de32eb34..e4c395304 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && salt-call state.highstate' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minon' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} From d68726f6ef4a2ae411cdd1f2cf819587b1a1e9e0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Nov 2020 18:25:02 -0500 Subject: [PATCH 466/487] upgrade from salt 3002.1 to salt 3002.2 --- salt/salt/master.defaults.yaml | 2 +- salt/salt/minion.defaults.yaml | 2 +- salt/soc/files/soc/changes.json | 2 +- setup/so-functions | 22 +++++++++++----------- setup/yum_repos/saltstack.repo | 4 ++-- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index 02742737a..e774a2c7d 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: - version: 3002.1 \ No newline at end of file + version: 3002.2 \ No newline at end of file diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 871babdeb..baaaff411 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -2,5 +2,5 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: - version: 3002.1 + version: 3002.2 check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default \ No newline at end of file diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 44298caf0..e18bf1dc9 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -12,7 +12,7 @@ { "summary": "Resolved issue with Navigator layer(s) not loading correctly." }, { "summary": "Wazuh authd is now started by default on port 1515/tcp." }, { "summary": "Wazuh API default credentials are now removed after setup. Scripts have been added for API user management." }, - { "summary": "Upgraded Salt to 3002.1 due to CVEs." }, + { "summary": "Upgraded Salt to 3002.2 due to CVEs." }, { "summary": "If salt-minion is unable to apply states after the defined threshold, we assume salt-minion is in a bad state and the salt-minion service will be restarted." }, { "summary": "Fixed bug that prevented mysql from installing for Fleet if Playbook wasn't also installed." }, { "summary": "so-status will now show STARTING or WAIT_START, instead of ERROR, if so-status is run before a salt highstate has started or finished for the first time after system startup" }, diff --git a/setup/so-functions b/setup/so-functions index a01515866..8254b2819 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1445,7 +1445,7 @@ saltify() { if [ $OS = 'centos' ]; then set_progress_str 5 'Installing Salt repo' { - sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub; + sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub; cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; } >> "$setup_log" 2>&1 set_progress_str 6 'Installing various dependencies' @@ -1462,14 +1462,14 @@ saltify() { # Download Ubuntu Keys in case manager updates = 1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 if [[ ! $is_airgap ]]; then - logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub" + logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH" logCmd "cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo" fi set_progress_str 7 'Installing salt-master' if [[ ! $is_iso ]]; then - logCmd "yum -y install salt-master-3002.1" + logCmd "yum -y install salt-master-3002.2" fi systemctl enable salt-master >> "$setup_log" 2>&1 ;; @@ -1497,7 +1497,7 @@ saltify() { { if [[ ! $is_iso ]]; then yum -y install epel-release - yum -y install salt-minion-3002.1\ + yum -y install salt-minion-3002.2\ python3\ python36-docker\ python36-dateutil\ @@ -1541,8 +1541,8 @@ saltify() { 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR? # Add saltstack repo(s) - wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1550,7 +1550,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 @@ -1563,7 +1563,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=3002.1+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-master=3002.2+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1 ;; *) @@ -1574,14 +1574,14 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=3002.1+ds-1\ - salt-common=3002.1+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-minion=3002.2+ds-1\ + salt-common=3002.2+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 diff --git a/setup/yum_repos/saltstack.repo b/setup/yum_repos/saltstack.repo index d104e252c..856d4d80c 100644 --- a/setup/yum_repos/saltstack.repo +++ b/setup/yum_repos/saltstack.repo @@ -1,6 +1,6 @@ [saltstack] name=SaltStack repo for RHEL/CentOS $releasever PY3 -baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/ +baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/ enabled=1 gpgcheck=1 -gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub \ No newline at end of file +gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub \ No newline at end of file From d3065005cad3550557248d1da2b345fb643aa260 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 18 Nov 2020 20:48:02 -0500 Subject: [PATCH 467/487] playbook mysqluser --- salt/playbook/init.sls | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 46cd33f17..dca898eec 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -17,15 +17,14 @@ include: - mysql create_playbookdbuser: - module.run: - - mysql.user_create: - - user: playbookdbuser - - password: {{ PLAYBOOKPASS }} - - host: {{ DNET }}/255.255.255.0 - - connection_host: {{ MAINIP }} - - connection_port: 3306 - - connection_user: root - - connection_pass: {{ MYSQLPASS }} + mysql_user.present: + - name: playbookdbuser + - password: {{ PLAYBOOKPASS }} + - host: {{ DNET }}/255.255.255.0 + - connection_host: {{ MAINIP }} + - connection_port: 3306 + - connection_user: root + - connection_pass: {{ MYSQLPASS }} query_playbookdbuser_grants: mysql_query.run: From ac3b5e4f1b1f4fb13817299989b39c6d5027af59 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 19 Nov 2020 09:48:56 -0500 Subject: [PATCH 468/487] [fix] Remove echo redirect at beginning of install --- setup/so-functions | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 8254b2819..f13a183f2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -709,7 +709,8 @@ detect_os() { exit 1 fi - echo "Installing required packages to run installer..." >> "$setup_log" 2>&1 + # Print message to stdout so the user knows setup is doing something + echo "Installing required packages to run installer..." # Install bind-utils so the host command exists if [[ ! $is_iso ]]; then if ! command -v host > /dev/null 2>&1; then @@ -743,6 +744,7 @@ detect_os() { exit 1 fi + # Print message to stdout so the user knows setup is doing something echo "Installing required packages to run installer..." # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then From 3be1c9ae3231c49a7bcbabc869c4c2432b7ac079 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 19 Nov 2020 09:58:08 -0500 Subject: [PATCH 469/487] Clean up 2.3.1 dockers --- salt/docker_clean/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 795b96e3a..61499cdb5 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -1,6 +1,6 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0']%} +{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1']%} {% for VERSION in OLDVERSIONS %} remove_images_{{ VERSION }}: From 177819447bc6937f9451b05bbb3b97d29e1b114f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 19 Nov 2020 11:26:08 -0500 Subject: [PATCH 470/487] Update Sigs and Hashes --- VERIFY_ISO.md | 22 +++++++++++----------- sigs/securityonion-2.3.10.iso.sig | Bin 0 -> 543 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.3.10.iso.sig diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 256868b00..3ee915325 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -1,16 +1,16 @@ -### 2.3.3 ISO image built on 2020/10/25 +### 2.3.10 ISO image built on 2020/11/19 ### Download and Verify -2.3.3 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso +2.3.10 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso -MD5: 8010C32803CD62AA3F61487524E37049 -SHA1: DCA300424C9DF81A4F332B8AA3945E18779C9D28 -SHA256: 1099494AA3E476D682746AAD9C2BD7DED292589DFAAB7B517933336C07AA01D0 +MD5: 2043701FC0FE785A877ECAE74CD73694 +SHA1: 15AE0B332DAF91C7895FDBEB1FCF900D6ECA8299 +SHA256: 4CD3FB9335F0AA00339D0F76D03867439BF963169C47C0CF43C82A18C6F32830 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS @@ -24,22 +24,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.3.3.iso.sig securityonion-2.3.3.iso +gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Sun 25 Oct 2020 10:44:27 AM EDT using RSA key ID FE507013 +gpg: Signature made Thu 19 Nov 2020 10:22:55 AM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.10.iso.sig b/sigs/securityonion-2.3.10.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..a9fe2820be84cdad985a04b1d5dbff4dd8d26d3d GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5Tjn4oI2@re`V7LBIa1#N)5C3&)pXOng&h2iNG)FyR zGGm>N+S|DSNK|4xB0GBVBQFbNA_BkSKzti4 z)|YFknl76+810>GN|s(~?PLhy=2gn5dBm5YUeo-%7j9xtKh4zjJ(=Mo<_aOVSB0~q zK`@e}eo;`*R_xX{Qn5ZV&dXLDW`kwI()t~5mrSiiE`vxP?pYwe1PNP&uzMFpE8_Pf zdwP0gdGKQydil?iLmaceM010NhRH64j-B=?X=i6Vb+$A41DSXXAu<*I26#o6?cKol zeTIvA-~Z&DbNMjbjYUUc%r5gr%lI@~N7fH|wqJ*&@`a0`FQ$#op8SG%v{lQNVj?4q zfVw$AJ0ZMl@Abra=22Jix73ojKy!Hm!EYq8$9_xH+qYwj;vPn8p>WFGLQs>s|O z#%!Bf=8_G2C1CO-8%PEVClz(t_1pvZ(Ux&I5@e-o7%R7u{CJ@PiqLd|45gqU4Cz>K z#2lVj8AS4zsrR9sLik^hzKaA}ES#95VyKHPwHBnxzt!9P z-oSNEWW|l9AgBucj_F#ii2zA!m;zU-9C)5y06QvU51mIrK5~Aw{Q#2t=-J}P7=AJ? hsQ@JLj60|jveIIQoUAIM8m Date: Thu, 19 Nov 2020 11:27:15 -0500 Subject: [PATCH 471/487] Update Readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3288bbb2f..7a2d2e4a2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -## Security Onion 2.3.3 +## Security Onion 2.3.10 -Security Onion 2.3.3 is here! +Security Onion 2.3.10 is here! ## Screenshots From 2a3951ab36f10f898a0004cc08cbe4af268a6b03 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 19 Nov 2020 15:08:08 -0500 Subject: [PATCH 472/487] change typo on minon to minion --- salt/salt/map.jinja | 8 ++++---- salt/soc/files/soc/changes.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index e4c395304..4796b16a2 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,13 +12,13 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minon' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minon' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %} {% endif %} {% else %} - {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} + {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} {% endif %} \ No newline at end of file diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index e18bf1dc9..90f71f940 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -37,6 +37,6 @@ { "summary": "Winlogbeat download package is now available from the SOC Downloads interface." }, { "summary": "Upgraded Kratos authentication system." }, { "summary": "Added new Reset Defaults button to the SOC Profile Settings interface which allows users to reset all local browser SOC customizations back to their defaults. This includes things like default sort column, sort order, items per page, etc." }, - { "summary": "Known Issues
  • Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run sudo systemctl restart salt-minion. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minon watch process will restart it automatically after 1 hour.
  • During soup, you may see the following during the first highstate run, it can be ignored: Rendering SLS '' failed: Jinja variable 'list object' has no attribute 'values'. The second highstate will complete without that error.
" } + { "summary": "Known Issues
  • Following the Salt minion upgrade on remote nodes, the salt-minion service may not restart properly. If this occurs, you can ssh to the minion and run sudo systemctl restart salt-minion. If you do not want to connect to each node and manually restart the salt-minion, the new salt-minion watch process will restart it automatically after 1 hour.
  • During soup, you may see the following during the first highstate run, it can be ignored: Rendering SLS '' failed: Jinja variable 'list object' has no attribute 'values'. The second highstate will complete without that error.
" } ] } From cdc7a5cc7cf8b6b50a6a6c84fb5c356c254d76ed Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 19 Nov 2020 15:17:11 -0500 Subject: [PATCH 473/487] kill salt process with soup and dont restart salt-minion service when salt upgrade --- salt/common/tools/sbin/soup | 2 ++ salt/salt/map.jinja | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 85364594d..40e0232a5 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -448,6 +448,8 @@ fi echo "" echo "Stopping Salt Minion service." systemctl stop salt-minion +echo "Killing any remaining Salt Minion processes." +pkill -9 -ef /usr/bin/salt-minion echo "" echo "Stopping Salt Master service." systemctl stop salt-master diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 4796b16a2..e5fa79a8e 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -12,12 +12,12 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['centos', 'redhat'] %} {% if ISAIRGAP is sameas true %} - {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -r -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*"' %} {% else %} - {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*" && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && yum versionlock add "salt-*"' %} {% endif %} {% elif grains.os|lower == 'ubuntu' %} - {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion && systemctl restart salt-minion' %} + {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && /usr/sbin/bootstrap-salt.sh -X -s 120 -F -x python3 stable ' ~ SALTVERSION ~ ' && apt-mark hold salt-common && apt-mark hold salt-minion' %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} From 316a1c02f16ae19c4690fececaeea115ee14eb35 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 19 Nov 2020 15:19:50 -0500 Subject: [PATCH 474/487] Update soup to display what its doing --- salt/common/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 40e0232a5..27439a137 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -515,7 +515,7 @@ fi echo "" echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." -highstate +salt-call state.highstate -l info queue=True echo "" echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." @@ -529,7 +529,7 @@ echo "" echo "Starting Salt Master service." systemctl start salt-master echo "Running a highstate. This could take several minutes." -highstate +salt-call state.highstate -l info queue=True playbook unmount_update From 40511119995abdfcaef6d41f2d327999407f3418 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 19 Nov 2020 16:00:40 -0500 Subject: [PATCH 475/487] Update hashes and keys --- VERIFY_ISO.md | 8 ++++---- sigs/securityonion-2.3.10.iso.sig | Bin 543 -> 543 bytes 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md index 3ee915325..ed450a342 100644 --- a/VERIFY_ISO.md +++ b/VERIFY_ISO.md @@ -5,9 +5,9 @@ 2.3.10 ISO image: https://download.securityonion.net/file/securityonion/securityonion-2.3.10.iso -MD5: 2043701FC0FE785A877ECAE74CD73694 -SHA1: 15AE0B332DAF91C7895FDBEB1FCF900D6ECA8299 -SHA256: 4CD3FB9335F0AA00339D0F76D03867439BF963169C47C0CF43C82A18C6F32830 +MD5: 55E10BAE3D90DF47CA4D5DCCDCB67A96 +SHA1: 01361123F35CEACE077803BC8074594D57EE653A +SHA256: 772EA4EFFFF12F026593F5D1CC93DB538CC17B9BA5F60308F1976B6ED7032A8D Signature for ISO image: https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.10.iso.sig @@ -39,7 +39,7 @@ gpg --verify securityonion-2.3.10.iso.sig securityonion-2.3.10.iso The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Thu 19 Nov 2020 10:22:55 AM EST using RSA key ID FE507013 +gpg: Signature made Thu 19 Nov 2020 03:38:54 PM EST using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.3.10.iso.sig b/sigs/securityonion-2.3.10.iso.sig index a9fe2820be84cdad985a04b1d5dbff4dd8d26d3d..f1c9093fd8ffd9b4df1fd0785dbb05d7a4dfdb39 100644 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p;5T*WLgM2@re`V7LBIa1(DU5C45cDj6IjNf3oO?VU4* zvBkapzwAI+CK$trRDK_DGhQ^C!E5RmoK1;b>H1CI;$hN$@ryY1B8Byp{z8oJrkSeB zn7*Ni{h1OWCN`oC;5U0oOw(xT{)e}u=uuR9!(0Gqrm8euj@qW^2vbC0yx3vxk&Tfi zTb;x-A7oQezGoB-WAXzh_7~miu;;rW>!?7UYp~U%mX+DX1bk*-+vKcket;7vZ}dL6 zmCBLT@cv==LPejD%x;IMDQpmn4xyN%u|OR~>YK3OCDYj&*G-7i-HMc!(&!?E8?VPX z*6<}V8J$JVSmkDBlJjsqfjBV6WkA<9TOJoDj^{4LflbLNuAl}rT6@V1-=$?k4%{M` zN%`b3*#L9sbmC6f5`^KjN?Ez>Ib#;X$r-(|btiJ(Io=YC^#2ja)k)`mi^4=fXCA19oGkeBmkqabDfmiSQoFOYSYoy|cR%wZO5%DTx^Uf;J zWABj6nFu2%5YGJ91@{_zx_a@r*t4lWoWHRbOJ6Lm!yORuDCh5nXXN+S|DSNK|4xB0GBVBQFbNA_BkSKzti4 z)|YFknl76+810>GN|s(~?PLhy=2gn5dBm5YUeo-%7j9xtKh4zjJ(=Mo<_aOVSB0~q zK`@e}eo;`*R_xX{Qn5ZV&dXLDW`kwI()t~5mrSiiE`vxP?pYwe1PNP&uzMFpE8_Pf zdwP0gdGKQydil?iLmaceM010NhRH64j-B=?X=i6Vb+$A41DSXXAu<*I26#o6?cKol zeTIvA-~Z&DbNMjbjYUUc%r5gr%lI@~N7fH|wqJ*&@`a0`FQ$#op8SG%v{lQNVj?4q zfVw$AJ0ZMl@Abra=22Jix73ojKy!Hm!EYq8$9_xH+qYwj;vPn8p>WFGLQs>s|O z#%!Bf=8_G2C1CO-8%PEVClz(t_1pvZ(Ux&I5@e-o7%R7u{CJ@PiqLd|45gqU4Cz>K z#2lVj8AS4zsrR9sLik^hzKaA}ES#95VyKHPwHBnxzt!9P z-oSNEWW|l9AgBucj_F#ii2zA!m;zU-9C)5y06QvU51mIrK5~Aw{Q#2t=-J}P7=AJ? hsQ@JLj60|jveIIQoUAIM8m Date: Thu, 19 Nov 2020 16:53:34 -0500 Subject: [PATCH 476/487] Increment version to 2.3.20 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 506c62f67..69484413e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3.10 \ No newline at end of file +2.3.20 \ No newline at end of file From 79ec1de83a8d1b853d5c1293afb7632ec2986e77 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 09:56:48 -0500 Subject: [PATCH 477/487] [fix] Add exit check for static ip whiptail menus Fixes #1992 --- setup/so-whiptail | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 07e534c0f..bf40a99dd 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -697,6 +697,8 @@ whiptail_management_interface_dns() { MDNS=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your DNS servers separated by a space:" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_dns_search() { @@ -706,6 +708,8 @@ whiptail_management_interface_dns_search() { MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your DNS search domain:" 10 60 searchdomain.local 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_gateway() { @@ -715,6 +719,8 @@ whiptail_management_interface_gateway() { MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your gateway:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_ip() { @@ -724,6 +730,8 @@ whiptail_management_interface_ip() { MIP=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_interface_mask() { @@ -733,6 +741,8 @@ whiptail_management_interface_mask() { MMASK=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_management_nic() { From e62b52da1b39c360493703ba4ad19159a766fac0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 09:58:07 -0500 Subject: [PATCH 478/487] [fix] Add condition to zeek state during setup for ZEEKVERSION Fixes #1990 --- setup/so-setup | 8 +++++--- setup/so-whiptail | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index e1550ff03..22e429ad4 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -639,12 +639,14 @@ fi salt-call state.apply -l info pcap >> $setup_log 2>&1 fi - if [[ $is_sensor || $is_import ]]; then + if [[ $is_sensor || $is_import || $is_helix ]]; then set_progress_str 66 "$(print_salt_state_apply 'suricata')" salt-call state.apply -l info suricata >> $setup_log 2>&1 - set_progress_str 67 "$(print_salt_state_apply 'zeek')" - salt-call state.apply -l info zeek >> $setup_log 2>&1 + if [[ $ZEEKVERSION == 'ZEEK' ]]; then + set_progress_str 67 "$(print_salt_state_apply 'zeek')" + salt-call state.apply -l info zeek >> $setup_log 2>&1 + fi fi if [[ $is_node ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index bf40a99dd..11d968910 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -97,7 +97,8 @@ whiptail_zeek_version() { [ -n "$TESTING" ] && return - ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 \ + "ZEEK" "Zeek (formerly known as Bro)" ON \ "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) local exitstatus=$? From 9d837f7b45f3b2c4561acf5f5c572e1c73531b9f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 10:09:14 -0500 Subject: [PATCH 479/487] [fix] Reload sshd if config changes are made Fixes #1976 --- salt/common/tools/sbin/so-ssh-harden | 75 ++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 16 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 2f78a7af8..1cfdc482d 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -3,47 +3,90 @@ . /usr/sbin/so-common if [[ $1 =~ ^(q|--quiet) ]]; then - quiet=true + quiet=true fi +before= +after= +reload_required=false + print_sshd_t() { - local string=$1 - local state=$2 - echo "${state}:" - sshd -T | grep "^${string}" + local string=$1 + local state=$2 + echo "${state}:" + + local grep_out + grep_out=$(sshd -T | grep "^${string}") + + if [[ $state == "Before" ]]; then + before=$grep_out + else + after=$grep_out + fi + + echo $grep_out +} + +print_msg() { + local msg=$1 + + printf "%s\n" \ + "----" + "$msg" + "----" + "" } if ! [[ $quiet ]]; then print_sshd_t "ciphers" "Before"; fi sshd -T | grep "^ciphers" | sed -e "s/\(3des-cbc\|aes128-cbc\|aes192-cbc\|aes256-cbc\|arcfour\|arcfour128\|arcfour256\|blowfish-cbc\|cast128-cbc\|rijndael-cbc@lysator.liu.se\)\,\?//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "ciphers" "After" - echo "" + print_sshd_t "ciphers" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "kexalgorithms" "Before"; fi sshd -T | grep "^kexalgorithms" | sed -e "s/\(diffie-hellman-group14-sha1\|ecdh-sha2-nistp256\|diffie-hellman-group-exchange-sha256\|diffie-hellman-group1-sha1\|diffie-hellman-group-exchange-sha1\|ecdh-sha2-nistp521\|ecdh-sha2-nistp384\)\,\?//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "kexalgorithms" "After" - echo "" + print_sshd_t "kexalgorithms" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "macs" "Before"; fi sshd -T | grep "^macs" | sed -e "s/\(hmac-sha2-512,\|umac-128@openssh.com,\|hmac-sha2-256,\|umac-64@openssh.com,\|hmac-sha1,\|hmac-sha1-etm@openssh.com,\|umac-64-etm@openssh.com,\|hmac-sha1\)//g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "macs" "After" - echo "" + print_sshd_t "macs" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true fi if ! [[ $quiet ]]; then print_sshd_t "hostkeyalgorithms" "Before"; fi sshd -T | grep "^hostkeyalgorithms" | sed "s|ecdsa-sha2-nistp256,||g" | sed "s|ssh-rsa,||g" >> /etc/ssh/sshd_config if ! [[ $quiet ]]; then - print_sshd_t "hostkeyalgorithms" "After" - echo "" + print_sshd_t "hostkeyalgorithms" "After" + echo "" +fi + +if [[ $before != $after ]]; then + reload_required=true +fi + +if [[ $reload_required == true ]]; then + print_msg "Reloading sshd to load config changes..." + systemctl reload sshd fi {% if grains['os'] != 'CentOS' %} -echo "----" -echo "[ WARNING ] Any new ssh sessions will need to remove and reaccept the ECDSA key for this server before reconnecting." -echo "----" +print_msg "[ WARNING ] Any new ssh sessions will need to remove and reaccept the ECDSA key for this server before reconnecting." {% endif %} From 1a11c24f0304ccaf764db921aed0154d977d164a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 11:13:40 -0500 Subject: [PATCH 480/487] [fix] Add newline escapes to so-ssh-harden --- salt/common/tools/sbin/so-ssh-harden | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 1cfdc482d..531c64cfd 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -31,9 +31,9 @@ print_msg() { local msg=$1 printf "%s\n" \ - "----" - "$msg" - "----" + "----" \ + "$msg" \ + "----" \ "" } From 2e6be747d92f303f2f606072f83787647778a545 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Nov 2020 11:18:40 -0500 Subject: [PATCH 481/487] [fix] Fixes for quiet flag in so-ssh-harden --- salt/common/tools/sbin/so-ssh-harden | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden index 531c64cfd..1fd7d58d9 100644 --- a/salt/common/tools/sbin/so-ssh-harden +++ b/salt/common/tools/sbin/so-ssh-harden @@ -2,7 +2,7 @@ . /usr/sbin/so-common -if [[ $1 =~ ^(q|--quiet) ]]; then +if [[ $1 =~ ^(-q|--quiet) ]]; then quiet=true fi @@ -29,12 +29,13 @@ print_sshd_t() { print_msg() { local msg=$1 - + if ! [[ $quiet ]]; then printf "%s\n" \ "----" \ "$msg" \ "----" \ "" + fi } if ! [[ $quiet ]]; then print_sshd_t "ciphers" "Before"; fi From f074179656d6f39eed0f767f687a6de010af2646 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 14:13:44 -0500 Subject: [PATCH 482/487] Correct so-import-pcap wrapping; add so-pcap-import alias for so-import-pcap; prompt to reboot after changing IP address on manager; ensure all tools have exec bit set --- salt/common/tools/sbin/so-import-pcap | 3 +-- salt/common/tools/sbin/so-ip-update | 6 +++--- salt/common/tools/sbin/so-playbook-reset | 0 salt/common/tools/sbin/so-ssh-harden | 0 salt/common/tools/sbin/so-wazuh-user-add | 0 salt/common/tools/sbin/so-wazuh-user-passwd | 0 salt/common/tools/sbin/so-wazuh-user-remove | 0 7 files changed, 4 insertions(+), 5 deletions(-) mode change 100644 => 100755 salt/common/tools/sbin/so-ip-update mode change 100644 => 100755 salt/common/tools/sbin/so-playbook-reset mode change 100644 => 100755 salt/common/tools/sbin/so-ssh-harden mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-add mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-passwd mode change 100644 => 100755 salt/common/tools/sbin/so-wazuh-user-remove diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index f10f5fad9..2dc5b0504 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -27,8 +27,7 @@ function usage { cat << EOF Usage: $0 [pcap-file-2] [pcap-file-N] -Imports one or more PCAP files onto a sensor node. The PCAP traffic will be analyzed and -made available for review in the Security Onion toolset. +Imports one or more PCAP files onto a sensor node. The PCAP traffic will be analyzed and made available for review in the Security Onion toolset. EOF } diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update old mode 100644 new mode 100755 index 7321a5587..8ab012ccf --- a/salt/common/tools/sbin/so-ip-update +++ b/salt/common/tools/sbin/so-ip-update @@ -50,9 +50,9 @@ if [ "$CONTINUE" == "y" ]; then echo "The IP has been changed from $OLD_IP to $NEW_IP." - if [ -z "$SKIP_STATE_APPLY" ]; then - echo "Re-applying salt states." - salt-call state.highstate queue=True + read -n 1 -p "The system must reboot to ensure all services have restarted with the new configuration. Reboot now? (y/N)" CONTINUE + if [ "$CONTINUE" == "y" ]; then + reboot fi else echo "Exiting without changes." diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-add b/salt/common/tools/sbin/so-wazuh-user-add old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-passwd b/salt/common/tools/sbin/so-wazuh-user-passwd old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-wazuh-user-remove b/salt/common/tools/sbin/so-wazuh-user-remove old mode 100644 new mode 100755 From bc40a2bfc5d36e1a3a2dd82fa9fe5cfcfb60776b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 14:13:57 -0500 Subject: [PATCH 483/487] Correct so-import-pcap wrapping; add so-pcap-import alias for so-import-pcap; prompt to reboot after changing IP address on manager; ensure all tools have exec bit set --- salt/common/tools/sbin/so-pcap-import | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100755 salt/common/tools/sbin/so-pcap-import diff --git a/salt/common/tools/sbin/so-pcap-import b/salt/common/tools/sbin/so-pcap-import new file mode 100755 index 000000000..667bf064e --- /dev/null +++ b/salt/common/tools/sbin/so-pcap-import @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +$(dirname $0)/so-import-pcap $@ From 0d3754200fd5054a95d1877b261db08be12bc7ee Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 20 Nov 2020 14:27:07 -0500 Subject: [PATCH 484/487] fix issue with proper salt.minion state execution for ubuntu --- salt/salt/map.jinja | 9 ++++++++- salt/salt/minion.sls | 6 +++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index e5fa79a8e..7ef63bd68 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -1,6 +1,13 @@ {% import_yaml 'salt/minion.defaults.yaml' as saltminion %} {% set SALTVERSION = saltminion.salt.minion.version %} -{% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split('-')[0] %} + +{% if grains.os == 'Ubuntu' %} + {% set SPLITCHAR = '+' %} +{% else %} + {% set SPLITCHAR = '-' %} +{% endif %} + +{% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% if grains.os|lower == 'ubuntu' %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index f7d2126c1..de85693c6 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -13,7 +13,7 @@ install_salt_minion: exec 1>&- # close stdout exec 2>&- # close stderr nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & - - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' != '{{SALTVERSION}}' ]]" + - onlyif: test "{{INSTALLEDSALTVERSION}}" != "{{SALTVERSION}}" salt_minion_package: pkg.installed: @@ -21,10 +21,10 @@ salt_minion_package: - {{ COMMON }} - salt-minion - hold: True - - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' == '{{SALTVERSION}}' ]]" + - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" salt_minion_service: service.running: - name: salt-minion - enable: True - - onlyif: "[[ '{{INSTALLEDSALTVERSION}}' == '{{SALTVERSION}}' ]]" \ No newline at end of file + - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" \ No newline at end of file From 78f5727f6f493511f747ac3601b497e66bab580d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 20 Nov 2020 15:16:07 -0500 Subject: [PATCH 485/487] Improve so-ip-update prompts --- salt/common/tools/sbin/so-ip-update | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/common/tools/sbin/so-ip-update b/salt/common/tools/sbin/so-ip-update index 8ab012ccf..9976a42e8 100755 --- a/salt/common/tools/sbin/so-ip-update +++ b/salt/common/tools/sbin/so-ip-update @@ -39,6 +39,7 @@ fi echo "About to change old IP $OLD_IP to new IP $NEW_IP." +echo read -n 1 -p "Would you like to continue? (y/N) " CONTINUE echo @@ -50,7 +51,10 @@ if [ "$CONTINUE" == "y" ]; then echo "The IP has been changed from $OLD_IP to $NEW_IP." + echo read -n 1 -p "The system must reboot to ensure all services have restarted with the new configuration. Reboot now? (y/N)" CONTINUE + echo + if [ "$CONTINUE" == "y" ]; then reboot fi From bafefb980b4768be0feda40a4ae1f7a62f8bf12b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 23 Nov 2020 10:45:52 -0500 Subject: [PATCH 486/487] Update so-elastalert-test script for compatibility with SO 2.3 --- salt/common/tools/sbin/so-elastalert-test | 135 +++++++++++----------- 1 file changed, 66 insertions(+), 69 deletions(-) diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test index ccb823168..4e59aacb3 100755 --- a/salt/common/tools/sbin/so-elastalert-test +++ b/salt/common/tools/sbin/so-elastalert-test @@ -19,8 +19,7 @@ # # Purpose: This script will allow you to test your elastalert rule without entering the Docker container. -. /usr/sbin/so-elastic-common - +HOST_RULE_DIR=/opt/so/rules/elastalert OPTIONS="" SKIP=0 RESULTS_TO_LOG="n" @@ -29,111 +28,109 @@ FILE_SAVE_LOCATION="" usage() { -cat < Write results to specified log file - -o '' Specify Elastalert options ( Ex. --schema-only , --count-only, --days N ) - -r Specify path/name of rule to test + -h This message + -a Trigger real alerts instead of the debug alert + -l Write results to specified log file + -o '' Specify Elastalert options ( Ex. --schema-only , --count-only, --days N ) + -r Specify filename of rule to test (must exist in $HOST_RULE_DIR; do not include path) EOF } while getopts "hal:o:r:" OPTION do - case $OPTION in - h) - usage - exit 0 - ;; - a) - OPTIONS="--alert" - ;; - l) - RESULTS_TO_LOG="y" - FILE_SAVE_LOCATION=$OPTARG - ;; - - o) - OPTIONS=$OPTARG - ;; - - r) - RULE_NAME=$OPTARG - SKIP=1 - ;; - *) - usage - exit 0 - ;; - esac + case $OPTION in + h) + usage + exit 0 + ;; + a) + OPTIONS="--alert" + ;; + l) + RESULTS_TO_LOG="y" + FILE_SAVE_LOCATION=$OPTARG + ;; + o) + OPTIONS=$OPTARG + ;; + r) + RULE_NAME=$OPTARG + SKIP=1 + ;; + *) + usage + exit 0 + ;; + esac done docker_exec(){ - if [ ${RESULTS_TO_LOG,,} = "y" ] ; then - docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" > $FILE_SAVE_LOCATION + CMD="docker exec -it so-elastalert elastalert-test-rule /opt/elastalert/rules/$RULE_NAME --config /opt/config/elastalert_config.yaml $OPTIONS" + if [ "${RESULTS_TO_LOG,,}" = "y" ] ; then + $CMD > "$FILE_SAVE_LOCATION" else - docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" + $CMD fi } rule_prompt(){ - CURRENT_RULES=$(find /opt/so/rules/elastalert -name "*.yaml") - echo - echo "This script will allow you to test an Elastalert rule." - echo - echo "Below is a list of active Elastalert rules:" - echo + CURRENT_RULES=$(cd "$HOST_RULE_DIR" && find . -type f \( -name "*.yaml" -o -name "*.yml" \) | sed -e 's/^\.\///') + if [ -z "$CURRENT_RULES" ]; then + echo "There are no rules available to test. Rule files must be placed in the $HOST_RULE_DIR directory." + exit 1 + fi + echo + echo "This script will allow you to test an Elastalert rule." + echo + echo "Below is a list of available Elastalert rules:" + echo echo "-----------------------------------" - echo - echo "$CURRENT_RULES" - echo + echo + echo "$CURRENT_RULES" + echo echo "-----------------------------------" - echo - echo "Note: To test a rule it must be accessible by the Elastalert Docker container." - echo - echo "Make sure to swap the local path (/opt/so/rules/elastalert/) for the docker path (/etc/elastalert/rules/)" - echo "Example: /opt/so/rules/elastalert/nids2hive.yaml would be /etc/elastalert/rules/nids2hive.yaml" - echo - while [ -z $RULE_NAME ]; do - echo "Please enter the file path and rule name you want to test." - read -e RULE_NAME + echo + while [ -z "$RULE_NAME" ]; do + read -p "Please enter the rule filename you want to test (filename only, no path): " -e RULE_NAME done } log_save_prompt(){ RESULTS_TO_LOG="" - while [ -z $RESULTS_TO_LOG ]; do - echo "The results can be rather long. Would you like to write the results to a file? (Y/N)" - read RESULTS_TO_LOG - done + read -p "The results can be rather long. Would you like to write the results to a file? (y/N) " -e RESULTS_TO_LOG } log_path_prompt(){ - while [ -z $FILE_SAVE_LOCATION ]; do - echo "Please enter the file path and file name." - read -e FILE_SAVE_LOCATION - done + while [ -z "$FILE_SAVE_LOCATION" ]; do + read -p "Please enter the log file path and file name: " -e FILE_SAVE_LOCATION + done echo "Depending on the rule this may take a while." } if [ $SKIP -eq 0 ]; then rule_prompt log_save_prompt - if [ ${RESULTS_TO_LOG,,} = "y" ] ; then - log_path_prompt - fi + if [ "${RESULTS_TO_LOG,,}" = "y" ] ; then + log_path_prompt + fi fi -docker_exec +echo -if [ $? -eq 0 ]; then +docker_exec +RESULT=$? + +echo + +if [ $RESULT -eq 0 ]; then echo "Test completed successfully!" else - echo "Something went wrong..." + echo "Test failed." fi echo \ No newline at end of file From 1e32a01657306619de7e9e79c1b94a20428d1ec0 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 23 Nov 2020 18:36:19 -0500 Subject: [PATCH 487/487] Create symlink before registration otherwise registration script can't save it's state (.log) file into the conf subdir; add more logging output to track down registration failures --- salt/wazuh/files/agent/wazuh-register-agent | 3 ++- salt/wazuh/init.sls | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index 6762f023d..da4870e47 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -55,8 +55,9 @@ register_agent() { # Adding agent and getting Id from manager echo "" echo "Adding agent:" - echo "curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" + echo "Executing: curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents" API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP -L $PROTOCOL://$API_IP:$API_PORT/agents) + echo "Result: $API_RESULT" echo -e $API_RESULT | grep -q "\"error\":0" 2>&1 if [ "$?" != "0" ]; then diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index e8e40c720..19afa48d7 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -128,15 +128,15 @@ whitelistmanager: - name: /usr/sbin/wazuh-manager-whitelist - cwd: / +/opt/so/conf/wazuh: + file.symlink: + - target: /nsm/wazuh/etc + wazuhagentservice: service.running: - name: wazuh-agent - enable: True -/opt/so/conf/wazuh: - file.symlink: - - target: /nsm/wazuh/etc - hidsruledir: file.directory: - name: /opt/so/rules/hids