samhain-3.1.0/0000777000175000017500000000000012234556172010147 500000000000000samhain-3.1.0/configure0000775000175000017500000132202612234450435011775 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.68. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software # Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV export CONFIG_SHELL case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in #( -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME= PACKAGE_TARNAME= PACKAGE_VERSION= PACKAGE_STRING= PACKAGE_BUGREPORT= PACKAGE_URL= ac_unique_file="src/samhain.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='LTLIBOBJS LIBOBJS mydefargs myhtmlfile myqdir mydataroot myrpmdatafile mydatafile mylockdir mylockfile mylogdir mylogfile myrpmconffile myconffile mytmpdir mytrust mykeytag mykeyid mygpg mykeybase my_key_4 my_key_3 my_key_2 my_key_1 my_key_B my_key_A sh_libkvm systemmap sh_insmod_pre sh_insmod_cmd sh_lkm lkm_inc xor_code stegin_prg INSTALL_NAME install_name need_user_install myident nocl_code mylogsrv myport mydebugdef HAVE_MYSQL_CONFIG LIBPRELUDE_CONFIG_PREFIX LIBPRELUDE_PREFIX LIBPRELUDE_LIBS LIBPRELUDE_LDFLAGS LIBPRELUDE_PTHREAD_CFLAGS LIBPRELUDE_CFLAGS LIBPRELUDE_CONFIG PTHREAD_LDFLAGS PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC acx_pthread_config clmytclient mytclient sh_main_prg yulectl_prg setpwd_prg tiger_src sh_libsocket selectconfig EGREP GREP cmd_hostname AWK LN_S CPP BUILD_CC OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC host_os host_vendor host_cpu host build_os build_vendor build_cpu build SET_MAKE VERSION PACKAGE INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localstatedir sysconfdir sbindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_largefile enable_ssp enable_db_reload enable_xml_log enable_mail enable_suid enable_shellexpand enable_external_scripts enable_message_queue with_cflags with_libs with_libwrap enable_network enable_static with_libprelude_prefix with_prelude with_database with_console with_altconsole with_timeserver with_alttimeserver enable_login_watch enable_mounts_check enable_logfile_monitor enable_process_check enable_port_check enable_userfiles enable_debug enable_asm enable_ipv6 enable_dnmalloc enable_ptrace with_rnd with_egd_socket enable_udp enable_encrypt enable_srp with_port with_logserver with_altlogserver enable_nocl enable_stealth enable_micro_stealth enable_install_name enable_identity enable_khide enable_suidcheck with_kcheck enable_base with_gpg with_keyid with_checksum with_fp with_recipient with_sender with_trusted with_tmp_dir with_config_file with_log_file with_pid_file with_state_dir with_data_file with_html_file ' ac_precious_vars='build_alias host_alias target_alias LIBS CC CFLAGS LDFLAGS CPPFLAGS CPP' as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # Sed expression to map a string onto a valid CPP name. as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; } # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE DESTDIR= SH_ENABLE_OPTS="asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. sbindir='${exec_prefix}/sbin' sysconfdir='${prefix}/etc' localstatedir='${prefix}/var' mandir='${prefix}/share/man' sbindir='${exec_prefix}/sbin' sysconfdir='${prefix}/etc' localstatedir='${prefix}/var' mandir='${prefix}/share/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in *=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; --config-cache | -C) cache_file=config.cache ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_feature" ac_feature=`echo $ac_feature | sed 's/-/_/g'` ac_enable_check_opt=no for f in ${SH_ENABLE_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_feature}" then ac_enable_check_opt=yes fi done if test x${ac_enable_check_opt} = xno then as_fn_error $? "unrecognized option: $ac_option Try \`$0 --help' for more information." fi eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_feature" ac_feature=`echo $ac_feature | sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac ac_enable_check_opt=no for f in ${SH_ENABLE_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_feature}" then ac_enable_check_opt=yes fi done if test x${ac_enable_check_opt} = xno then as_fn_error $? "unrecognized option: $ac_option Try \`$0 --help' for more information." fi eval "enable_$ac_feature='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ac_exec_prefix_set="yes" ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ac_exec_prefix_set="yes" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ac_localstatedir_set="yes" ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ac_localstatedir_set="yes" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ac_mandir_set="yes" ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ac_mandir_set="yes" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ac_prefix_set="yes" ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ac_prefix_set="yes" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ac_sbindir_set="yes" ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ac_sbindir_set="yes" ;; -bindir | --bindir | --bindi | --bind | --bin | --bi | --b) echo "WARNING: bindir will be ignored, use sbindir" ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* \ | --bi=* | --b=*) echo "WARNING: bindir will be ignored, use sbindir" ;; -datadir | --datadir) echo "WARNING: datadir will be ignored" ;; -datadir=* | --datadir=*) echo "WARNING: datadir will be ignored" ;; -includedir | --includedir) echo "WARNING: includedir will be ignored" ;; -includedir=* | --includedir=*) echo "WARNING: includedir will be ignored" ;; -infodir | --infodir) echo "WARNING: infodir will be ignored" ;; -infodir=* | --infodir=*) echo "WARNING: infodir will be ignored" ;; -libdir | --libdir) echo "WARNING: libdir will be ignored" ;; -libdir=* | --libdir=*) echo "WARNING: libdir will be ignored" ;; -libexecdir | --libexecdir) echo "WARNING: libexecdir will be ignored" ;; -libexecdir=* | --libexecdir=*) echo "WARNING: libexecdir will be ignored" ;; -sharedstatedir | --sharedstatedir) echo "WARNING: sharedstatedir will be ignored" ;; -sharedstatedir=* | --sharedstatedir=*) echo "WARNING: sharedstatedir will be ignored" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ac_sysconfdir_set="yes" ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ac_sysconfdir_set="yes" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_package" ac_package=`echo $ac_package| sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac ac_with_check_opt=no for f in ${SH_WITH_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_package}" then ac_with_check_opt=yes fi done if test x${ac_with_check_opt} = xno then as_fn_error $? "unrecognized option: $ac_option Try \`$0 --help' for more information." fi eval "with_$ac_package='$ac_optarg'" ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_package" ac_package=`echo $ac_package | sed 's/-/_/g'` ac_with_check_opt=no for f in ${SH_WITH_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_package}" then ac_with_check_opt=yes fi done if test x${ac_with_check_opt} = xno then as_fn_error $? "unrecognized option: $ac_option Try \`$0 --help' for more information." fi eval "with_$ac_package=no" ;; -*) as_fn_error $? "unrecognized option: $ac_option Try \`$0 --help' for more information." ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid variable name: $ac_envvar" ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` eval "$ac_envvar='$ac_optarg'" export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then as_fn_error $? "missing argument to --\`echo $ac_prev | sed 's/_/-/g'\`" fi # Be sure to have absolute paths. for ac_var in prefix exec_prefix do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* | NONE | '' | OPT | USR ) ;; *) as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val";; esac done # Be sure to have absolute paths. for ac_var in sbindir sysconfdir localstatedir mandir do eval ac_val=$`echo $ac_var` case $ac_val in [\\/$]* | ?:[\\/]* ) ;; *) as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val";; esac done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-largefile omit support for large files --disable-ssp disable the GCC stack protector --enable-db-reload enable database reload on SIGHUP [no] --enable-xml-log enable XML logfile format [no] --disable-mail disable the internal SMTP mailer --enable-suid allow suid --disable-shellexpand disable shell expansion in config file --disable-external-scripts disable interface to external scripts --enable-message-queue[=MODE] enable SysV message queue [MODE=0700] --enable-network=[client|server] compile client or server [no] --enable-static enable static linking [no] --enable-login-watch watch for login/logout [no] --enable-mounts-check check mount options on filesystems [no] --enable-logfile-monitor monitor logfiles [no] --enable-process-check check processes [no] --enable-port-check check ports [no] --enable-userfiles check for users' config files [no] --enable-debug enable debug options [no] --disable-asm disable asm inline code --disable-ipv6 disable ipv6 support --disable-dnmalloc disable dnmalloc --enable-ptrace use anti-debugger options [no] --enable-udp server can listen on port 514/udp [no] --disable-encrypt disable client/server encryption --disable-srp disable SRP for authentication --enable-nocl=PW no CL parsing unless first CL argument is PW --enable-stealth=XOR_VAL enable stealth mode [no] --enable-micro-stealth=XOR_VAL enable micro stealth mode [no] --enable-install-name=NAME name under which to install [samhain|yule] --enable-identity=USER user if dropping root [daemon] --enable-khide=SYSTEM_MAP use kernel module to hide (Linux only)[/boot/System.map] --enable-suidcheck check for suid/sgid files [no] --enable-base=B1,B2 base key (0...2147483647) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-cflags additional flags to pass to compiler --with-libs additional libraries to link with --with-libwrap=PATH Compile in libwrap (TCP Wrappers) support --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional) --with-prelude Prelude IDS support [no] --with-database=[mysql|postgresql|oracle|odbc] database support [no] --with-console=PATH set path to console device [/dev/console] --with-altconsole=PATH set path to second console device [none] --with-timeserver=HOST set host address for time server [none] --with-alttimeserver=HOST set address for backup time server [none] --with-rnd=[egd|unix|dev|default] random number generator [default] --with-egd-socket=NAME EGD socket name --with-port=PORT set port to use for TCP/IP connection [49777] --with-logserver=HOST set host address for log server [none] --with-altlogserver=HOST set address for backup log server [none] --with-kcheck[=SYSTEM_MAP] check Linux/FreeBSD/OpenBSD kernel integrity [/boot/System.map] --with-gpg=PATH use GnuPG to verify database/config [no] --with-keyid=KEYID specify KeyID (0x...) for GPG/PGP functions [none] --with-checksum=CHKSUM compile in gpg/pgp checksum [yes] --with-fp=FINGERPRINT compile in public key fingerprint [no] --with-recipient=ADDR set recipient(s) for e-mail [none] --with-sender=SENDER set sender for e-mail [daemon] --with-trusted=UID Set uid(s) of trusted users [0] --with-tmp-dir=PFX set directory for temporary files [HOME] --with-config-file=FILE configuration file [/etc/{install_name}rc] --with-log-file=FILE path of log file [/var/log/{install_name}_log] --with-pid-file=FILE set path of pid file [/var/run/{install_name}.pid] --with-state-dir=PFX set state data directory [/var/lib/{install_name}] --with-data-file=FILE set path of data file --with-html-file=FILE set path of html file, Some influential environment variables: LIBS libraries to link against, e.g. -lintl CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES # --------------------------------------------- # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR # accordingly. ac_fn_c_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes # INCLUDES, setting VAR accordingly. Returns whether the value could be # computed ac_fn_c_compute_int () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid; break else as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=$ac_mid; break else as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid else as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; '') ac_retval=1 ;; esac else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 static long int longval () { return $2; } static unsigned long int ulongval () { return $2; } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (($2) < 0) { long int i = longval (); if (i != ($2)) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ($2)) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : echo >>conftest.val; read $3 &5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi PACKAGE=samhain VERSION=3.1.0 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF $as_echo "#define SAMHAIN 1" >>confdefs.h # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$host" != "$build"; then for ac_prog in gcc cc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_BUILD_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$BUILD_CC"; then ac_cv_prog_BUILD_CC="$BUILD_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_BUILD_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi BUILD_CC=$ac_cv_prog_BUILD_CC if test -n "$BUILD_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BUILD_CC" >&5 $as_echo "$BUILD_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$BUILD_CC" && break done else BUILD_CC=$CC fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld" >&5 $as_echo_n "checking for ld... " >&6; } fi if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${lt_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld # Extract the first word of "hostname", so it can be a program name with args. set dummy hostname; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_cmd_hostname+:} false; then : $as_echo_n "(cached) " >&6 else case $cmd_hostname in [\\/]* | ?:[\\/]*) ac_cv_path_cmd_hostname="$cmd_hostname" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_cmd_hostname="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi cmd_hostname=$ac_cv_path_cmd_hostname if test -n "$cmd_hostname"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cmd_hostname" >&5 $as_echo "$cmd_hostname" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$GCC" = "xyes"; then GCC_VERSION="" gcc_VERSION_MAJOR=0 gcc_VERSION_MINOR=0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc version" >&5 $as_echo_n "checking for gcc version... " >&6; } if test "x$GCC" = "xyes" then $CC -dumpversion >/dev/null 2>&1 if test $? -eq 0 then GCC_VERSION=`$CC -dumpversion` gcc_VERSION_MAJOR=`echo $GCC_VERSION | cut -d'.' -f1` gcc_VERSION_MINOR=`echo $GCC_VERSION | cut -d'.' -f2` cat >>confdefs.h <<_ACEOF #define GCC_VERSION_MAJOR ${gcc_VERSION_MAJOR} _ACEOF cat >>confdefs.h <<_ACEOF #define GCC_VERSION_MINOR ${gcc_VERSION_MINOR} _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VERSION" >&5 $as_echo "$GCC_VERSION" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC -dumpversion working" >&5 $as_echo "$CC -dumpversion working" >&6; } fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: compiler is not gcc" >&5 $as_echo "compiler is not gcc" >&6; } fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in sys/ipc.h sys/msg.h sys/uio.h fcntl.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OS specific issues" >&5 $as_echo_n "checking for OS specific issues... " >&6; } mydebugflag=no myneedg3=no uid_cast="signed long" selectconfig=linux mynetbsd=no sh_use_lcaps="undef" dnmalloc_ok=yes sh_use_pie=yes case "$host_os" in *linux*) sh_use_lcaps="yes" $as_echo "#define HOST_IS_LINUX 1" >>confdefs.h $as_echo "#define HAVE_EXT2_IOCTLS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: use ioctl to get e2fs flags" >&5 $as_echo "use ioctl to get e2fs flags" >&6; } case "$host_cpu" in i*86*) $as_echo "#define HOST_IS_I86LINUX 1" >>confdefs.h ;; x86_64) $as_echo "#define HOST_IS_64LINUX 1" >>confdefs.h ;; *) ;; esac ;; *osf*) $as_echo "#define HOST_IS_OSF 1" >>confdefs.h if test "x$GCC" != "xyes"; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` CFLAGS="$CFLAGS -O2 -assume noaligned_objects" myneedg3=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: compiler needs assume noaligned_objects" >&5 $as_echo "compiler needs assume noaligned_objects" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi ;; *cygwin*) $as_echo "#define HOST_IS_CYGWIN 1" >>confdefs.h $as_echo "#define USE_REGISTRY_CHECK 1" >>confdefs.h dnmalloc_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: no trusted paths and no dnmalloc" >&5 $as_echo "no trusted paths and no dnmalloc" >&6; } ;; *darwin*|*apple*) $as_echo "#define HOST_IS_DARWIN 1" >>confdefs.h dnmalloc_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: check resource forks, no dnmalloc" >&5 $as_echo "check resource forks, no dnmalloc" >&6; } ;; *freebsd8*|*freebsd9*) $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd case "$host_cpu" in amd64|x86_64) dnmalloc_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: no dnmalloc" >&5 $as_echo "no dnmalloc" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; esac ;; *freebsd7*) $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd case "$host_cpu" in amd64|x86_64) sh_use_pie=no dnmalloc_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: no dnmalloc and broken compiler toolchain" >&5 $as_echo "no dnmalloc and broken compiler toolchain" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; esac ;; *freebsd*) $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; *openbsd*) $as_echo "#define HOST_IS_OPENBSD 1" >>confdefs.h selectconfig=freebsd dnmalloc_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: dnmalloc does not work with pthreads" >&5 $as_echo "dnmalloc does not work with pthreads" >&6; } ;; *netbsd*) mynetbsd=yes selectconfig=netbsd { $as_echo "$as_me:${as_lineno-$LINENO}: result: bug with libresolve" >&5 $as_echo "bug with libresolve" >&6; } ;; *solaris*) selectconfig=solaris $as_echo "#define HOST_IS_SOLARIS 1" >>confdefs.h case "$host_cpu" in i*86) $as_echo "#define HOST_IS_I86SOLARIS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: vsnprintf prototype" >&5 $as_echo "vsnprintf prototype" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; esac if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\-xO2" 2> /dev/null`"; then CFLAGS="$CFLAGS -xO2" fi if test -z "`echo "$CFLAGS" | grep "\-Xa" 2> /dev/null`"; then CFLAGS="$CFLAGS -Xa" fi LIBS="-lc $LIBS" fi ;; *sun*) selectconfig=solaris $as_echo "#define HOST_IS_SOLARIS 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; *aix*) $as_echo "#define HOST_IS_AIX 1" >>confdefs.h selectconfig=aix5.2.0 uid_cast="unsigned long" if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\-O3" 2> /dev/null`"; then CFLAGS="$CFLAGS -O3" fi if test -z "`echo "$CFLAGS" | grep "\-qstrict" 2> /dev/null`"; then CFLAGS="$CFLAGS -qstrict" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call and optimize O3 qstrict" >&5 $as_echo "AIX size_t in the accept call and optimize O3 qstrict" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call" >&5 $as_echo "AIX size_t in the accept call" >&6; } fi ;; *hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&5 $as_echo "HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&6; } $as_echo "#define HOST_IS_HPUX 1" >>confdefs.h if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\+O2" 2> /dev/null`"; then CFLAGS="$CFLAGS +O2" fi fi ;; *ultrix*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: ULTRIX getcwd uses popen" >&5 $as_echo "ULTRIX getcwd uses popen" >&6; } $as_echo "#define HAVE_BROKEN_GETCWD 1" >>confdefs.h ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } ;; esac cat >>confdefs.h <<_ACEOF #define UID_CAST ${uid_cast} _ACEOF ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if eval \${$as_ac_Header+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$as_ac_Header=yes" else eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$as_ac_Header { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/types.h defines makedev" >&5 $as_echo_n "checking whether sys/types.h defines makedev... " >&6; } if ${ac_cv_header_sys_types_h_makedev+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { return makedev(0, 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_header_sys_types_h_makedev=yes else ac_cv_header_sys_types_h_makedev=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_types_h_makedev" >&5 $as_echo "$ac_cv_header_sys_types_h_makedev" >&6; } if test $ac_cv_header_sys_types_h_makedev = no; then ac_fn_c_check_header_mongrel "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" if test "x$ac_cv_header_sys_mkdev_h" = xyes; then : $as_echo "#define MAJOR_IN_MKDEV 1" >>confdefs.h fi if test $ac_cv_header_sys_mkdev_h = no; then ac_fn_c_check_header_mongrel "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" if test "x$ac_cv_header_sys_sysmacros_h" = xyes; then : $as_echo "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5 $as_echo_n "checking whether stat file-mode macros are broken... " >&6; } if ${ac_cv_header_stat_broken+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if defined S_ISBLK && defined S_IFDIR extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1]; #endif #if defined S_ISBLK && defined S_IFCHR extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1]; #endif #if defined S_ISLNK && defined S_IFREG extern char c3[S_ISLNK (S_IFREG) ? -1 : 1]; #endif #if defined S_ISSOCK && defined S_IFREG extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1]; #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stat_broken=no else ac_cv_header_stat_broken=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5 $as_echo "$ac_cv_header_stat_broken" >&6; } if test $ac_cv_header_stat_broken = yes; then $as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h fi ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include /* NetBSD declares sys_siglist in unistd.h. */ #ifdef HAVE_UNISTD_H # include #endif " if test "x$ac_cv_have_decl_sys_siglist" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SYS_SIGLIST $ac_have_decl _ACEOF for ac_header in stddef.h libgen.h sched.h malloc.h sys/uio.h \ sys/mman.h sys/param.h sys/inotify.h \ sys/vfs.h mntent.h \ sys/select.h sys/socket.h netinet/in.h \ regex.h glob.h fnmatch.h \ linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ elf.h linux/elf.h auparse.h \ paths.h arpa/nameser.h arpa/nameser_compat.h \ rpc/rpcent.h rpc/rpc.h sys/statvfs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "utmpx.h" "ac_cv_header_utmpx_h" "$ac_includes_default" if test "x$ac_cv_header_utmpx_h" = xyes; then : sh_utmpx="yes" else sh_utmpx="no" fi if test "x$sh_utmpx" = "xyes"; then $as_echo "#define HAVE_UTMPX_H 1" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_host" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTHOST 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_addr" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTADDR 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_addr_v6" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTADDR_V6 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_xtime" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTXTIME 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_type" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTTYPE 1" >>confdefs.h fi rm -f conftest* else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_addr" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTADDR 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_host" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTHOST 1" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ut_type" >/dev/null 2>&1; then : $as_echo "#define HAVE_UTTYPE 1" >>confdefs.h fi rm -f conftest* fi ac_fn_c_check_header_mongrel "$LINENO" "sys/acct.h" "ac_cv_header_sys_acct_h" "$ac_includes_default" if test "x$ac_cv_header_sys_acct_h" = xyes; then : $as_echo "#define HAVE_SYS_ACCT_H /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_utime" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACUTIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_utime" >/dev/null 2>&1; then : $as_echo "#define ACUTIME_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_stime" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACSTIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_stime" >/dev/null 2>&1; then : $as_echo "#define ACSTIME_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_etime" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACETIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_etime" >/dev/null 2>&1; then : $as_echo "#define ACETIME_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_io" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACIO /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_io" >/dev/null 2>&1; then : $as_echo "#define ACIO_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_mem" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACMEM /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_mem" >/dev/null 2>&1; then : $as_echo "#define ACMEM_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_minflt" >/dev/null 2>&1; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_majflt" >/dev/null 2>&1; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "ac_swaps" >/dev/null 2>&1; then : $as_echo "#define HAVE_PAGING /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_minflt" >/dev/null 2>&1; then : $as_echo "#define ACMINFLT_COMPT /**/" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_mayflt" >/dev/null 2>&1; then : $as_echo "#define ACMAJFLT_COMPT /**/" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t.*ac_swaps" >/dev/null 2>&1; then : $as_echo "#define ACSWAPS_COMPT /**/" >>confdefs.h fi rm -f conftest* fi rm -f conftest* fi rm -f conftest* fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "comp_t" >/dev/null 2>&1; then : $as_echo "#define HAVE_COMP_T /**/" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "struct acct_v3" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACCT_V3 /**/" >>confdefs.h fi rm -f conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "struct acctv2" >/dev/null 2>&1; then : $as_echo "#define HAVE_ACCTV2 /**/" >>confdefs.h fi rm -f conftest* fi ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_SYS_VFS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif " if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_STATFS_F_FLAGS 1 _ACEOF fi # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 $as_echo_n "checking for special C compiler options needed for large files... " >&6; } if ${ac_cv_sys_largefile_CC+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext CC="$CC -n32" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 $as_echo "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } if ${ac_cv_sys_file_offset_bits+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=64; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 $as_echo "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } if ${ac_cv_sys_large_files+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 $as_echo "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF ;; esac rm -rf conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether _POSIX_SOURCE is necessary" >&5 $as_echo_n "checking whether _POSIX_SOURCE is necessary... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void fileno(int);int fdopen(int, char *); int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext for ac_func in strftime do : ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" if test "x$ac_cv_func_strftime" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRFTIME 1 _ACEOF else # strftime is in -lintl on SCO UNIX. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 $as_echo_n "checking for strftime in -lintl... " >&6; } if ${ac_cv_lib_intl_strftime+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lintl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char strftime (); int main () { return strftime (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_intl_strftime=yes else ac_cv_lib_intl_strftime=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 $as_echo "$ac_cv_lib_intl_strftime" >&6; } if test "x$ac_cv_lib_intl_strftime" = xyes; then : $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h LIBS="-lintl $LIBS" fi fi done for ac_func in memcmp memcpy memmove memset getpwent endpwent \ gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ seteuid setreuid setresuid lstat getwd getcwd ptrace \ usleep setpriority getpeereid nanosleep \ strptime basename sched_yield hasmntopt \ inet_aton gethostbyname setutent setrlimit gethostname uname \ getaddrinfo getnameinfo \ initgroups getpagesize \ ttyname fchmod writev mmap tzset \ getsid getpriority getpgid statvfs \ strerror_r getgrgid_r getpwnam_r getpwuid_r \ gmtime_r localtime_r rand_r readdir_r strtok_r \ mincore posix_fadvise inotify_init1 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_func "$LINENO" "statfs" "ac_cv_func_statfs" if test "x$ac_cv_func_statfs" = xyes; then : $as_echo "#define HAVE_STATFS 1" >>confdefs.h statfs="yes" else statfs="no" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for va_copy()" >&5 $as_echo_n "checking for va_copy()... " >&6; } if ${sh_cv_va_copy+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : sh_cv_va_copy=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); va_copy (args2, args1); if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sh_cv_va_copy=yes else sh_cv_va_copy=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_copy" >&5 $as_echo "$sh_cv_va_copy" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __va_copy()" >&5 $as_echo_n "checking for __va_copy()... " >&6; } if ${sh_cv___va_copy+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : sh_cv___va_copy=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); __va_copy (args2, args1); if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sh_cv___va_copy=yes else sh_cv___va_copy=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv___va_copy" >&5 $as_echo "$sh_cv___va_copy" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_lists can be copied by value" >&5 $as_echo_n "checking whether va_lists can be copied by value... " >&6; } if ${sh_cv_va_val_copy+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : sh_cv_va_val_copy=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); args2 = args1; if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : sh_cv_va_val_copy=yes else sh_cv_va_val_copy=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi if test "x$sh_cv_va_copy" = "xyes"; then $as_echo "#define VA_COPY va_copy" >>confdefs.h else if test "x$sh_cv___va_copy" = "xyes"; then $as_echo "#define VA_COPY __va_copy" >>confdefs.h fi fi if test "x$sh_cv_va_val_copy" = "xno"; then $as_echo "#define VA_COPY_AS_ARRAY 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_val_copy" >&5 $as_echo "$sh_cv_va_val_copy" >&6; } for ac_func in vsnprintf do : ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" if test "x$ac_cv_func_vsnprintf" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VSNPRINTF 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 $as_echo_n "checking for working vsnprintf... " >&6; } if ${ac_cv_func_vsnprintf+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_vsnprintf=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int doit(char * s, ...) { char buffer[32]; va_list args; int r; buffer[5] = 'X'; va_start(args, s); r = vsnprintf(buffer, 5, s, args); va_end(args); /* -1 is pre-C99, 7 is C99. R.W. 17.01.2003 disallow -1 */ if (r != 7) exit(1); /* We deliberately do not care if the result is NUL-terminated or not, since this is easy to work around like this. */ buffer[4] = 0; /* Simple sanity check. */ if (strcmp(buffer, "1234")) exit(1); if (buffer[5] != 'X') exit(1); exit(0); } int main(void) { doit("1234567"); exit(1); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_vsnprintf=yes else ac_cv_func_vsnprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vsnprintf" >&5 $as_echo "$ac_cv_func_vsnprintf" >&6; } if test $ac_cv_func_vsnprintf = yes; then : else $as_echo "#define HAVE_BROKEN_VSNPRINTF 1" >>confdefs.h fi fi done for ac_func in mlock do : ac_fn_c_check_func "$LINENO" "mlock" "ac_cv_func_mlock" if test "x$ac_cv_func_mlock" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MLOCK 1 _ACEOF fi done if test "$ac_cv_func_mlock" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mlock is broken" >&5 $as_echo_n "checking whether mlock is broken... " >&6; } if ${ac_cv_have_broken_mlock+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_have_broken_mlock="assume-no" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include #include #include int main() { char *pool; int err; long int pgsize = getpagesize(); pool = malloc( 4096 + pgsize ); if( !pool ) return 2; pool += (pgsize - ((long int)pool % pgsize)); err = mlock( pool, 4096 ); if( !err || errno == EPERM ) return 0; /* okay */ return 1; /* hmmm */ } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_have_broken_mlock="no" else ac_cv_have_broken_mlock="yes" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi if test "$ac_cv_have_broken_mlock" = "yes"; then $as_echo "#define HAVE_BROKEN_MLOCK 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else if test "$ac_cv_have_broken_mlock" = "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming no" >&5 $as_echo "assuming no" >&6; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strftime supports %z" >&5 $as_echo_n "checking whether strftime supports %z... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main() { struct tm tm; char tt[64]; memset(&tm, 0, sizeof(tm)); strftime(tt, sizeof(tt), "%z", &tm); if (strlen(tt) != 5) return 1; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_STRFTIME_Z 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to get filesystem type" >&5 $as_echo_n "checking how to get filesystem type... " >&6; } fstype=no # The order of these tests is important. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : $as_echo "#define FSTYPE_STATVFS 1" >>confdefs.h fstype=SVR4 fi rm -f conftest.err conftest.i conftest.$ac_ext if test $fstype = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : $as_echo "#define FSTYPE_USG_STATFS 1" >>confdefs.h fstype=SVR3 fi rm -f conftest.err conftest.i conftest.$ac_ext fi if test $fstype = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : $as_echo "#define FSTYPE_AIX_STATFS 1" >>confdefs.h fstype=AIX fi rm -f conftest.err conftest.i conftest.$ac_ext fi if test $fstype = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : $as_echo "#define FSTYPE_MNTENT 1" >>confdefs.h fstype=4.3BSD fi rm -f conftest.err conftest.i conftest.$ac_ext fi if test $fstype = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "f_type;" >/dev/null 2>&1; then : $as_echo "#define FSTYPE_STATFS 1" >>confdefs.h fstype=4.4BSD/OSF fi rm -f conftest* fi if test $fstype = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : $as_echo "#define FSTYPE_GETMNT 1" >>confdefs.h fstype=Ultrix fi rm -f conftest.err conftest.i conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $fstype" >&5 $as_echo "$fstype" >&6; } sh_libsocket= { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 $as_echo_n "checking for gethostbyname in -lnsl... " >&6; } if ${ac_cv_lib_nsl_gethostbyname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gethostbyname (); int main () { return gethostbyname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_gethostbyname=yes else ac_cv_lib_nsl_gethostbyname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 $as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBNSL 1 _ACEOF LIBS="-lnsl $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 $as_echo_n "checking for socket in -lsocket... " >&6; } if ${ac_cv_lib_socket_socket+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char socket (); int main () { return socket (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_socket=yes else ac_cv_lib_socket_socket=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 $as_echo "$ac_cv_lib_socket_socket" >&6; } if test "x$ac_cv_lib_socket_socket" = xyes; then : ac_need_libsocket=1 else ac_try_nsl=1 fi if test x$ac_need_libsocket = x1; then LIBS="$LIBS -lsocket" sh_libsocket="-lsocket" fi if test x$ac_try_nsl = x1; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 $as_echo_n "checking for gethostbyname in -lnsl... " >&6; } if ${ac_cv_lib_nsl_gethostbyname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gethostbyname (); int main () { return gethostbyname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_gethostbyname=yes else ac_cv_lib_nsl_gethostbyname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 $as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then : ac_need_libnsl=1 fi if test x$ac_need_libnsl = x1 then LIBS="$LIBS -lnsl" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_search in -lsocket" >&5 $as_echo_n "checking for res_search in -lsocket... " >&6; } if ${ac_cv_lib_socket_res_search+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); int main () { return res_search (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_res_search=yes else ac_cv_lib_socket_res_search=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_res_search" >&5 $as_echo "$ac_cv_lib_socket_res_search" >&6; } if test "x$ac_cv_lib_socket_res_search" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 $as_echo_n "checking for dn_skipname in -lresolv... " >&6; } if ${ac_cv_lib_resolv_dn_skipname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dn_skipname (); int main () { return dn_skipname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv_dn_skipname=yes else ac_cv_lib_resolv_dn_skipname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 $as_echo "$ac_cv_lib_resolv_dn_skipname" >&6; } if test "x$ac_cv_lib_resolv_dn_skipname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 $as_echo_n "checking for __dn_skipname in -lresolv... " >&6; } if ${ac_cv_lib_resolv___dn_skipname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char __dn_skipname (); int main () { return __dn_skipname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv___dn_skipname=yes else ac_cv_lib_resolv___dn_skipname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 $as_echo "$ac_cv_lib_resolv___dn_skipname" >&6; } if test "x$ac_cv_lib_resolv___dn_skipname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi if test x$ac_need_libsocket = x1; then : else LIBS="$LIBS -lsocket" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_search in -lresolv" >&5 $as_echo_n "checking for res_search in -lresolv... " >&6; } if ${ac_cv_lib_resolv_res_search+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); int main () { return res_search (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv_res_search=yes else ac_cv_lib_resolv_res_search=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_search" >&5 $as_echo "$ac_cv_lib_resolv_res_search" >&6; } if test "x$ac_cv_lib_resolv_res_search" = xyes; then : LIBS="$LIBS -lresolv" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 $as_echo_n "checking for dn_skipname in -lresolv... " >&6; } if ${ac_cv_lib_resolv_dn_skipname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dn_skipname (); int main () { return dn_skipname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv_dn_skipname=yes else ac_cv_lib_resolv_dn_skipname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 $as_echo "$ac_cv_lib_resolv_dn_skipname" >&6; } if test "x$ac_cv_lib_resolv_dn_skipname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 $as_echo_n "checking for __dn_skipname in -lresolv... " >&6; } if ${ac_cv_lib_resolv___dn_skipname+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char __dn_skipname (); int main () { return __dn_skipname (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_resolv___dn_skipname=yes else ac_cv_lib_resolv___dn_skipname=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 $as_echo "$ac_cv_lib_resolv___dn_skipname" >&6; } if test "x$ac_cv_lib_resolv___dn_skipname" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi fi fi sh_auparse=no if test "x$ac_cv_header_auparse_h" = "xyes" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for auparse_find_field in -lauparse" >&5 $as_echo_n "checking for auparse_find_field in -lauparse... " >&6; } if ${ac_cv_lib_auparse_auparse_find_field+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lauparse $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char auparse_find_field (); int main () { return auparse_find_field (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_auparse_auparse_find_field=yes else ac_cv_lib_auparse_auparse_find_field=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_auparse_auparse_find_field" >&5 $as_echo "$ac_cv_lib_auparse_auparse_find_field" >&6; } if test "x$ac_cv_lib_auparse_auparse_find_field" = xyes; then : LIBS="$LIBS -lauparse" sh_auparse=yes $as_echo "#define HAVE_AUPARSE_LIB 1" >>confdefs.h fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 $as_echo_n "checking for socklen_t... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif socklen_t x; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF #define ACCEPT_TYPE_ARG3 socklen_t _ACEOF $as_echo "#define HAVE_SOCKLEN_T 1" >>confdefs.h else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int accept (int, struct sockaddr *, size_t *); int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t" >&5 $as_echo "size_t" >&6; } cat >>confdefs.h <<_ACEOF #define ACCEPT_TYPE_ARG3 size_t _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5 $as_echo "int" >&6; } cat >>confdefs.h <<_ACEOF #define ACCEPT_TYPE_ARG3 int _ACEOF fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext for ac_header in attr/xattr.h do : ac_fn_c_check_header_mongrel "$LINENO" "attr/xattr.h" "ac_cv_header_attr_xattr_h" "$ac_includes_default" if test "x$ac_cv_header_attr_xattr_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ATTR_XATTR_H 1 _ACEOF fi done if test $ac_cv_header_attr_xattr_h = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getxattr in -lattr" >&5 $as_echo_n "checking for getxattr in -lattr... " >&6; } if ${ac_cv_lib_attr_getxattr+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lattr $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getxattr (); int main () { return getxattr (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_attr_getxattr=yes else ac_cv_lib_attr_getxattr=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_getxattr" >&5 $as_echo "$ac_cv_lib_attr_getxattr" >&6; } if test "x$ac_cv_lib_attr_getxattr" = xyes; then : sh_lattr=yes else sh_lattr=no fi if test x"$sh_lattr" = xyes; then LIBATTR=-lattr else LIBATTR= fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBATTR" for ac_func in getxattr lgetxattr fgetxattr do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF sh_fattr=yes else sh_fattr=no fi done LIBS="$OLDLIBS" if test x"$sh_fattr" = xyes; then $as_echo "#define USE_XATTR 1" >>confdefs.h LIBS="$LIBS $LIBATTR" fi fi for ac_header in sys/acl.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/acl.h" "ac_cv_header_sys_acl_h" "$ac_includes_default" if test "x$ac_cv_header_sys_acl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYS_ACL_H 1 _ACEOF fi done if test $ac_cv_header_sys_acl_h = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for acl_get_file in -lacl" >&5 $as_echo_n "checking for acl_get_file in -lacl... " >&6; } if ${ac_cv_lib_acl_acl_get_file+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lacl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char acl_get_file (); int main () { return acl_get_file (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_acl_acl_get_file=yes else ac_cv_lib_acl_acl_get_file=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_acl_acl_get_file" >&5 $as_echo "$ac_cv_lib_acl_acl_get_file" >&6; } if test "x$ac_cv_lib_acl_acl_get_file" = xyes; then : sh_lacl=yes else sh_lacl=no fi if test x"$sh_lacl" = xyes; then LIBACL=-lacl else LIBACL= fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBACL" for ac_func in acl_free acl_get_file acl_get_fd do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF sh_facl=yes else sh_facl=no fi done LIBS="$OLDLIBS" if test x"$sh_facl" = xyes; then $as_echo "#define USE_ACL 1" >>confdefs.h LIBS="$LIBS $LIBACL" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double with more range or precision than double" >&5 $as_echo_n "checking for long double with more range or precision than double... " >&6; } if ${ac_cv_type_long_double_wider+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include long double const a[] = { 0.0L, DBL_MIN, DBL_MAX, DBL_EPSILON, LDBL_MIN, LDBL_MAX, LDBL_EPSILON }; long double f (long double x) { return ((x + (unsigned long int) 10) * (-1 / x) + a[0] + (x ? f (x) : 'c')); } int main () { static int test_array [1 - 2 * !((0 < ((DBL_MAX_EXP < LDBL_MAX_EXP) + (DBL_MANT_DIG < LDBL_MANT_DIG) - (LDBL_MAX_EXP < DBL_MAX_EXP) - (LDBL_MANT_DIG < DBL_MANT_DIG))) && (int) LDBL_EPSILON == 0 )]; test_array [0] = 0 ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_long_double_wider=yes else ac_cv_type_long_double_wider=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_double_wider" >&5 $as_echo "$ac_cv_type_long_double_wider" >&6; } if test $ac_cv_type_long_double_wider = yes; then $as_echo "#define HAVE_LONG_DOUBLE_WIDER 1" >>confdefs.h fi ac_cv_c_long_double=$ac_cv_type_long_double_wider if test $ac_cv_c_long_double = yes; then $as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long typedef" >&5 $as_echo_n "checking for long long typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_long long | sed -e 's% %_%g'` if eval \${$sh_cv_typedef_foo+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifdef HAVE_STDINT_H #include #endif #ifdef HAVE_INTTYPES_H #include #endif int main () { #undef long long int a = sizeof(long long); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_cv_typedef=yes else sh_cv_typedef=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 $as_echo "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then $as_echo "#define HAVE_LONG_LONG 1" >>confdefs.h sh_HAVE_LONG_LONG=yes else sh_HAVE_LONG_LONG=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint16_t typedef" >&5 $as_echo_n "checking for uint16_t typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_uint16_t | sed -e 's% %_%g'` if eval \${$sh_cv_typedef_foo+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifdef HAVE_STDINT_H #include #endif #ifdef HAVE_INTTYPES_H #include #endif int main () { #undef uint16_t int a = sizeof(uint16_t); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_cv_typedef=yes else sh_cv_typedef=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 $as_echo "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then $as_echo "#define HAVE_UINT16_T 1" >>confdefs.h sh_HAVE_UINT16_T=yes else sh_HAVE_UINT16_T=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint64_t typedef" >&5 $as_echo_n "checking for uint64_t typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_uint64_t | sed -e 's% %_%g'` if eval \${$sh_cv_typedef_foo+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifdef HAVE_STDINT_H #include #endif #ifdef HAVE_INTTYPES_H #include #endif int main () { #undef uint64_t int a = sizeof(uint64_t); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_cv_typedef=yes else sh_cv_typedef=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 $as_echo "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then $as_echo "#define HAVE_UINT64_T 1" >>confdefs.h sh_HAVE_UINT64_T=yes else sh_HAVE_UINT64_T=no fi if test "$sh_HAVE_LONG_LONG" = "yes"; then # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5 $as_echo_n "checking size of unsigned long long... " >&6; } if ${ac_cv_sizeof_unsigned_long_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5 $as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long _ACEOF sh_sizeof_unsigned_long_long=`echo "$ac_cv_sizeof_unsigned_long_long" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_long_long" = "8"; then $as_echo "#define HAVE_LONG_LONG_64 1" >>confdefs.h fi fi ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" if test "x$ac_cv_type_ptrdiff_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ptrdiff_t long _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char *" >&5 $as_echo_n "checking size of char *... " >&6; } if ${ac_cv_sizeof_char_p+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char *))" "ac_cv_sizeof_char_p" "$ac_includes_default"; then : else if test "$ac_cv_type_char_p" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (char *) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_char_p=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char_p" >&5 $as_echo "$ac_cv_sizeof_char_p" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_CHAR_P $ac_cv_sizeof_char_p _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 $as_echo_n "checking size of size_t... " >&6; } if ${ac_cv_sizeof_size_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : else if test "$ac_cv_type_size_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (size_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_size_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 $as_echo "$ac_cv_sizeof_size_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_SIZE_T $ac_cv_sizeof_size_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 $as_echo_n "checking size of unsigned long... " >&6; } if ${ac_cv_sizeof_unsigned_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 $as_echo "$ac_cv_sizeof_unsigned_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 $as_echo_n "checking size of unsigned int... " >&6; } if ${ac_cv_sizeof_unsigned_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 $as_echo "$ac_cv_sizeof_unsigned_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5 $as_echo_n "checking size of unsigned short... " >&6; } if ${ac_cv_sizeof_unsigned_short+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_short" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned short) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_short=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5 $as_echo "$ac_cv_sizeof_unsigned_short" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short _ACEOF sh_sizeof_unsigned_long=`echo "$ac_cv_sizeof_unsigned_long" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_long" = "4"; then $as_echo "#define HAVE_LONG_32 1" >>confdefs.h fi if test "$sh_sizeof_unsigned_long" = "8"; then $as_echo "#define HAVE_LONG_64 1" >>confdefs.h fi sh_sizeof_unsigned_int=`echo "$ac_cv_sizeof_unsigned_int" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_int" = "4"; then $as_echo "#define HAVE_INT_32 1" >>confdefs.h fi sh_sizeof_unsigned_short=`echo "$ac_cv_sizeof_unsigned_short" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_short" = "4"; then $as_echo "#define HAVE_SHORT_32 1" >>confdefs.h fi samhain_64=no tiger_src=sh_tiger1.c samhain_64_asm=no # # if sizeof(unsigned long) = 4, try compiler macros for 64bit # if test "x$ac_cv_sizeof_unsigned_long" = x4; then if test "x$ac_cv_sizeof_unsigned_long_long" = x8; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a known 64 bit programming environment" >&5 $as_echo_n "checking for a known 64 bit programming environment... " >&6; } # Compile and run a program that determines the programming environment if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(int argc,char **argv) { if (argc > 1) { #if defined(__arch64__) printf("__arch64__\n"); #elif defined(__ia64__) printf("__ia64__\n"); #elif defined(__x86_64__) printf("__x86_64__\n"); #elif defined(__LP64__) printf("__LP64__\n"); #elif defined(__64BIT__) printf("__64BIT__\n"); #elif defined(_LP64) printf("_LP64\n"); #elif defined(_M_IA64) printf("_M_IA64\n"); #elif defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64) printf("_MIPS_64\n"); #else choke me #endif } return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : # Program compiled and ran, so get version by adding argument. samhain_prg_ENV=`./conftest$ac_exeext x` samhain_64=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_prg_ENV" >&5 $as_echo "$samhain_prg_ENV" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test "x$samhain_64" = xyes; then tiger_src=sh_tiger1_64.c fi # # if GCC and __i386__, use precompiled assembler # if test "x$GCC" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-apple non-cygwin i386" >&5 $as_echo_n "checking for non-apple non-cygwin i386... " >&6; } samhain_i386=no $CC -E -dM - < /dev/null | egrep '__i386__' >/dev/null 2>&1 if test $? = 0; then case "$host_os" in *linux*) # apples gcc does not understand the assembly we provide $CC -E -dM - < /dev/null | egrep '(__sun__|__APPLE__|__CYGWIN__)' >/dev/null 2>&1 || samhain_i386=yes ;; *) ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_i386" >&5 $as_echo "$samhain_i386" >&6; } if test "x$samhain_i386" = xyes; then if test "X$CC" != "X"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 $as_echo_n "checking whether ${CC} accepts -pie -fPIE... " >&6; } if ${pie_cv_cc+:} false; then : $as_echo_n "(cached) " >&6 else pie_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -pie -fPIE" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : pie_cv_cc=yes else pie_cv_cc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$pie_old_cflags" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 $as_echo "$pie_cv_cc" >&6; } if test $pie_cv_cc = yes; then case "$host_os" in *cygwin*) ;; *) PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-pie" ;; esac fi fi if test $pie_cv_cc = yes; then tiger_src=sh_tiger1.s $as_echo "#define TIGER_32_BIT_S 1" >>confdefs.h fi fi fi # # # else samhain_64=no tiger_src=sh_tiger1.c fi else # # sizeof(unsigned long) = 8 # tiger_src=sh_tiger1_64.c samhain_64=yes # # check for x86_64 (enables assembly optimizations) # if test "x$GCC" = xyes; then case "$host_os" in *linux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 $as_echo_n "checking for x86_64... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main() { __asm__ volatile ( "movq %rax, %rax" ); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi ;; *bsd*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 $as_echo_n "checking for x86_64... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main() { __asm__ volatile ( "movq %rax, %rax" ); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 $as_echo_n "checking for x86_64... " >&6; } if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main() { __asm__ volatile ( "movq %rax, %rax" ); return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi ;; esac fi fi if test "x$samhain_64" = xyes; then $as_echo "#define TIGER_64_BIT 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64 bit environment" >&5 $as_echo_n "checking for 64 bit environment... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_64" >&5 $as_echo "$samhain_64" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tiger source to use" >&5 $as_echo_n "checking for tiger source to use... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tiger_src" >&5 $as_echo "$tiger_src" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 $as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } if ${ac_cv_struct_tm+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { struct tm tm; int *p = &tm.tm_sec; return !p; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_tm=time.h else ac_cv_struct_tm=sys/time.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 $as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then $as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct stat has a st_flags field" >&5 $as_echo_n "checking whether struct stat has a st_flags field... " >&6; } if ${e2fsprogs_cv_struct_st_flags+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { struct stat stat; stat.st_flags = 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : e2fsprogs_cv_struct_st_flags=yes else e2fsprogs_cv_struct_st_flags=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags" >&5 $as_echo "$e2fsprogs_cv_struct_st_flags" >&6; } if test "$e2fsprogs_cv_struct_st_flags" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether st_flags field is useful" >&5 $as_echo_n "checking whether st_flags field is useful... " >&6; } if ${e2fsprogs_cv_struct_st_flags_immut+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { struct stat stat; stat.st_flags |= UF_IMMUTABLE; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : e2fsprogs_cv_struct_st_flags_immut=yes else e2fsprogs_cv_struct_st_flags_immut=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags_immut" >&5 $as_echo "$e2fsprogs_cv_struct_st_flags_immut" >&6; } if test "$e2fsprogs_cv_struct_st_flags_immut" = yes; then $as_echo "#define HAVE_STAT_FLAGS 1" >>confdefs.h fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct cmsgcred" >&5 $as_echo_n "checking for struct cmsgcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { struct cmsgcred cred; cred.cmcred_pid = 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_have_struct_cmsgcred=yes else sh_have_struct_cmsgcred=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_cmsgcred" >&5 $as_echo "$sh_have_struct_cmsgcred" >&6; } if test x$sh_have_struct_cmsgcred = xyes; then $as_echo "#define HAVE_STRUCT_CMSGCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct fcred" >&5 $as_echo_n "checking for struct fcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { struct fcred sockcred; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_have_struct_fcred=yes else sh_have_struct_fcred=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_fcred" >&5 $as_echo "$sh_have_struct_fcred" >&6; } if test x$sh_have_struct_fcred = xyes; then $as_echo "#define HAVE_STRUCT_FCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockcred" >&5 $as_echo_n "checking for struct sockcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { struct sockcred sockcred; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_have_struct_sockcred=yes else sh_have_struct_sockcred=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_sockcred" >&5 $as_echo "$sh_have_struct_sockcred" >&6; } if test x$sh_have_struct_sockcred = xyes; then $as_echo "#define HAVE_STRUCT_SOCKCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SO_PEERCRED" >&5 $as_echo_n "checking for SO_PEERCRED... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { int test = SO_PEERCRED; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sh_have_SO_PEERCRED=yes else sh_have_SO_PEERCRED=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_SO_PEERCRED" >&5 $as_echo "$sh_have_SO_PEERCRED" >&6; } if test x$sh_have_SO_PEERCRED = xyes; then $as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 $as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; *) case $ac_cv_c_inline in no) ac_val=;; *) ac_val=$ac_cv_c_inline;; esac cat >>confdefs.h <<_ACEOF #ifndef __cplusplus #define inline $ac_val #endif _ACEOF ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { /* FIXME: Include the comments suggested by Paul. */ #ifndef __cplusplus /* Ultrix mips cc rejects this. */ typedef int charset[2]; const charset cs; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this. */ char *t; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; }; struct s *b; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 $as_echo_n "checking whether byte ordering is bigendian... " >&6; } if ${ac_cv_c_bigendian+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler #endif typedef int dummy; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # Check for potential -arch flags. It is not universal unless # there are at least two -arch flags with different values. ac_arch= ac_prev= for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do if test -n "$ac_prev"; then case $ac_word in i?86 | x86_64 | ppc | ppc64) if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then ac_arch=$ac_word else ac_cv_c_bigendian=universal break fi ;; esac ac_prev= elif test "x$ac_word" = "x-arch"; then ac_prev=arch fi done fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ && LITTLE_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to _BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #ifndef _BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. if test "$cross_compiling" = yes; then : # Try to guess by grepping values from an object file. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; int use_ascii (int i) { return ascii_mm[i] + ascii_ii[i]; } short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } extern int foo; int main () { return use_ascii (foo) == use_ebcdic (foo); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* Are we little or big endian? From Harbison&Steele. */ union { long int l; char c[sizeof (long int)]; } u; u.l = 1; return u.c[sizeof (long int) - 1] == 1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_bigendian=no else ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 $as_echo "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) as_fn_error $? "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5 $as_echo_n "checking for C/C++ restrict keyword... " >&6; } if ${ac_cv_c_restrict+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_restrict=no # The order here caters to the fact that C++ does not require restrict. for ac_kw in __restrict __restrict__ _Restrict restrict; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ typedef int * int_ptr; int foo (int_ptr $ac_kw ip) { return ip[0]; } int main () { int s[1]; int * $ac_kw t = s; t[0] = 0; return foo(t) ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_restrict=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_restrict" != no && break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5 $as_echo "$ac_cv_c_restrict" >&6; } case $ac_cv_c_restrict in restrict) ;; no) $as_echo "#define restrict /**/" >>confdefs.h ;; *) cat >>confdefs.h <<_ACEOF #define restrict $ac_cv_c_restrict _ACEOF ;; esac am_cv_val_SA_SIGACTION=no ac_fn_c_check_header_mongrel "$LINENO" "signal.h" "ac_cv_header_signal_h" "$ac_includes_default" if test "x$ac_cv_header_signal_h" = xyes; then : if test $ac_cv_header_signal_h = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SI_USER in signal.h" >&5 $as_echo_n "checking for SI_USER in signal.h... " >&6; } if ${am_cv_val_SI_USER+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { return SI_USER ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_val_SI_USER=yes else am_cv_val_SI_USER=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SI_USER" >&5 $as_echo "$am_cv_val_SI_USER" >&6; } if test $am_cv_val_SI_USER = yes; then $as_echo "#define HAVE_SI_USER 1" >>confdefs.h fi fi if test $ac_cv_header_signal_h = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SA_SIGINFO in signal.h" >&5 $as_echo_n "checking for SA_SIGINFO in signal.h... " >&6; } if ${am_cv_val_SA_SIGINFO+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { return SA_SIGINFO ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_val_SA_SIGINFO=yes else am_cv_val_SA_SIGINFO=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SA_SIGINFO" >&5 $as_echo "$am_cv_val_SA_SIGINFO" >&6; } if test $am_cv_val_SA_SIGINFO = yes; then $as_echo "#define HAVE_SA_SIGINFO 1" >>confdefs.h fi fi if test $am_cv_val_SI_USER = yes && test $am_cv_val_SA_SIGINFO = yes then if test "$cross_compiling" = yes; then : am_cv_val_SA_SIGACTION=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include volatile int xnum = 0; volatile int xcode = 0; jmp_buf Buf; int xsig = SIGSEGV; void sighandler (int xsignam, siginfo_t * xsiginfo, void * xsigadd) { static sigset_t x; if (xsiginfo == NULL) exit(__LINE__); if (xsiginfo->si_signo != xsignam) exit(__LINE__); ++xnum; xcode = xsiginfo->si_code; sigemptyset (&x); sigprocmask(SIG_SETMASK, &x, NULL); longjmp ( Buf, 1); } int main () { struct sigaction newact; newact.sa_sigaction = sighandler; sigemptyset (&newact.sa_mask); newact.sa_flags = SA_SIGINFO; if (0 != sigaction (xsig, &newact, NULL)) exit (__LINE__); if(setjmp ( Buf)) { if (xnum > 1) goto Third; goto Second; } memcpy((void *) 0x0, "test", 5); Second: if (xcode == SI_USER) exit (__LINE__); raise(xsig); Third: if (xcode != SI_USER) exit (__LINE__); if (xnum != 2) exit (__LINE__); return (0); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : am_cv_val_SA_SIGACTION=yes else am_cv_val_SA_SIGACTION=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sa_sigaction is supported" >&5 $as_echo_n "checking whether sa_sigaction is supported... " >&6; } if test $am_cv_val_SA_SIGACTION = yes then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define SA_SIGACTION_WORKS 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --enable-ssp was given. if test "${enable_ssp+set}" = set; then : enableval=$enable_ssp; else enable_ssp=yes; fi if test "x$GCC" = "xyes"; then if test x"${enable_ssp}" = xno; then : else { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libssp exists" >&5 $as_echo_n "checking whether libssp exists... " >&6; } if ${ssp_cv_lib+:} false; then : $as_echo_n "(cached) " >&6 else ssp_old_libs="$LIBS" LIBS="$LIBS -lssp" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ssp_cv_lib=yes else ssp_cv_lib=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$ssp_old_libs" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_lib" >&5 $as_echo "$ssp_cv_lib" >&6; } if test $ssp_cv_lib = yes; then LIBS="$LIBS -lssp" fi if test "X$CC" != "X"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector-all" >&5 $as_echo_n "checking whether ${CC} accepts -fstack-protector-all... " >&6; } if ${ssp_cv_cc+:} false; then : $as_echo_n "(cached) " >&6 else ssp_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -fstack-protector-all" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ssp_cv_cc=yes else ssp_cv_cc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$ssp_old_cflags" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 $as_echo "$ssp_cv_cc" >&6; } if test $ssp_cv_cc = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector" >&5 $as_echo_n "checking whether ${CC} accepts -fstack-protector... " >&6; } if ${ssp_cv_cc+:} false; then : $as_echo_n "(cached) " >&6 else ssp_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -fstack-protector" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ssp_cv_cc=yes else ssp_cv_cc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$ssp_old_cflags" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 $as_echo "$ssp_cv_cc" >&6; } if test $ssp_cv_cc = yes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" LDFLAGS="$LDFLAGS -fstack-protector" $as_echo "#define ENABLE_SSP_CC 1" >>confdefs.h fi else if test $ssp_cv_cc = yes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" LDFLAGS="$LDFLAGS -fstack-protector-all" $as_echo "#define ENABLE_SSP_CC 1" >>confdefs.h fi fi fi if test "X$CC" != "X"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 $as_echo_n "checking whether ${CC} accepts -pie -fPIE... " >&6; } if ${pie_cv_cc+:} false; then : $as_echo_n "(cached) " >&6 else pie_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -pie -fPIE" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : pie_cv_cc=yes else pie_cv_cc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$pie_old_cflags" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 $as_echo "$pie_cv_cc" >&6; } if test $pie_cv_cc = yes; then case "$host_os" in *cygwin*) ;; *) PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-pie" ;; esac fi fi fi fi if test -d "/proc/$$" then $as_echo "#define HAVE_PROCFS 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __gmpz_init in -lgmp" >&5 $as_echo_n "checking for __gmpz_init in -lgmp... " >&6; } if ${ac_cv_lib_gmp___gmpz_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgmp $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char __gmpz_init (); int main () { return __gmpz_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gmp___gmpz_init=yes else ac_cv_lib_gmp___gmpz_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp___gmpz_init" >&5 $as_echo "$ac_cv_lib_gmp___gmpz_init" >&6; } if test "x$ac_cv_lib_gmp___gmpz_init" = xyes; then : sh_have_gmp=yes else sh_have_gmp=no fi if test "x${sh_have_gmp}" = xno then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mpz_init in -lgmp" >&5 $as_echo_n "checking for mpz_init in -lgmp... " >&6; } if ${ac_cv_lib_gmp_mpz_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgmp $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mpz_init (); int main () { return mpz_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gmp_mpz_init=yes else ac_cv_lib_gmp_mpz_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_mpz_init" >&5 $as_echo "$ac_cv_lib_gmp_mpz_init" >&6; } if test "x$ac_cv_lib_gmp_mpz_init" = xyes; then : sh_have_gmp=yes else sh_have_gmp=no fi fi if test "x${sh_have_gmp}" = xyes then # LIBS="-lgmp $LIBS" $as_echo "#define HAVE_LIBGMP 1" >>confdefs.h fi for ac_header in gmp.h do : ac_fn_c_check_header_mongrel "$LINENO" "gmp.h" "ac_cv_header_gmp_h" "$ac_includes_default" if test "x$ac_cv_header_gmp_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GMP_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ps" >&5 $as_echo_n "checking for ps... " >&6; } PS= for ff in /usr/ucb /bin /usr/bin; do if test -x "$ff/ps"; then PS="$ff/ps" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PS" >&5 $as_echo "$PS" >&6; } break fi done if test x$PS = x then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Cannot find ps in any of /usr/ucb /bin /usr/bin" "$LINENO" 5 fi cat >>confdefs.h <<_ACEOF #define PSPATH _("$PS") _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to use ps" >&5 $as_echo_n "checking how to use ps... " >&6; } $PS ax >/dev/null 2>&1 if test $? -eq 0; then case "$host_os" in *openbsd*) one=`$PS akx | wc -l` ;; *) one=`$PS ax | wc -l` ;; esac else one=0 fi $PS -e >/dev/null 2>&1 if test $? -eq 0; then two=`$PS -e | wc -l` else two=0 fi if test $one -ge $two then case "$host_os" in *openbsd*) PSARG="akx" ;; *) PSARG="ax" ;; esac else PSARG="-e" fi cat >>confdefs.h <<_ACEOF #define PSARG _("$PSARG") _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PS $PSARG" >&5 $as_echo "$PS $PSARG" >&6; } # Check whether --enable-db-reload was given. if test "${enable_db_reload+set}" = set; then : enableval=$enable_db_reload; if test "x${enable_db_reload}" = xyes; then $as_echo "#define RELOAD_DATABASE 1" >>confdefs.h fi fi # Check whether --enable-xml-log was given. if test "${enable_xml_log+set}" = set; then : enableval=$enable_xml_log; if test "x${enable_xml_log}" = xyes; then $as_echo "#define SH_USE_XML 1" >>confdefs.h fi fi # Check whether --enable-mail was given. if test "${enable_mail+set}" = set; then : enableval=$enable_mail; if test "x${enable_mail}" = xno; then : else $as_echo "#define SH_WITH_MAIL 1" >>confdefs.h fi else $as_echo "#define SH_WITH_MAIL 1" >>confdefs.h fi # Check whether --enable-suid was given. if test "${enable_suid+set}" = set; then : enableval=$enable_suid; if test "x${enable_suid}" = xyes; then $as_echo "#define SH_ALLOW_SUID 1" >>confdefs.h fi fi # Check whether --enable-shellexpand was given. if test "${enable_shellexpand+set}" = set; then : enableval=$enable_shellexpand; if test "x${enable_shellexpand}" = xno; then : else $as_echo "#define SH_EVAL_SHELL 1" >>confdefs.h fi else $as_echo "#define SH_EVAL_SHELL 1" >>confdefs.h fi # Check whether --enable-external-scripts was given. if test "${enable_external_scripts+set}" = set; then : enableval=$enable_external_scripts; if test "x${enableval}" = xno; then : else $as_echo "#define WITH_EXTERNAL 1" >>confdefs.h fi else $as_echo "#define WITH_EXTERNAL 1" >>confdefs.h fi # Check whether --enable-message-queue was given. if test "${enable_message_queue+set}" = set; then : enableval=$enable_message_queue; if test "x${ac_cv_header_sys_msg_h}" = "xyes"; then if test "x${enable_message_queue}" = xyes; then $as_echo "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define MESSAGE_QUEUE_MODE 0700 _ACEOF elif test "x${enable_message_queue}" != xno; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "With --enable-message-queue=MODE, MODE must be numeric" "$LINENO" 5 echo "${enableval}" | \ grep '0[0123456789][0123456789][0123456789]' >/dev/null 2>&1 || as_fn_error $? "With --enable-message-queue=MODE, MODE must be an octal (0nnn) number" "$LINENO" 5 $as_echo "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define MESSAGE_QUEUE_MODE ${enable_message_queue} _ACEOF fi else echo echo "**********************************************" echo { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&5 $as_echo "$as_me: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&2;} echo echo "**********************************************" echo fi fi # Check whether --with-cflags was given. if test "${with_cflags+set}" = set; then : withval=$with_cflags; if test "x$withval" != "xno" ; then CFLAGS="$CFLAGS $withval" fi fi # Check whether --with-libs was given. if test "${with_libs+set}" = set; then : withval=$with_libs; if test "x$withval" != "xno" ; then LIBS="$LIBS $withval" fi fi # # this is from ssh # { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use libwrap" >&5 $as_echo_n "checking whether to use libwrap... " >&6; } LIBWRAP_LIB="" LIBWRAP_INC="" # Check whether --with-libwrap was given. if test "${with_libwrap+set}" = set; then : withval=$with_libwrap; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5 $as_echo "$withval" >&6; } case "$withval" in no) ;; ""|yes) LIBWRAP_LIB="-lwrap" ;; *) if test -d "$withval"; then LIBWRAP_LIB="-L$withval -lwrap" sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` LIBWRAP_INC="-I${sh_libwrap_inc}/include" else LIBWRAP_LIB="-lwrap" sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` LIBWRAP_INC="-I${sh_libwrap_inc}" fi ;; esac if test -n "$LIBWRAP_LIB"; then # OLDLIBS="$LIBS" LIBS="$LIBWRAP_LIB $LIBS" # OLDCFLAGS="$CFLAGS" CFLAGS="$CFLAGS $LIBWRAP_INC" ac_fn_c_check_header_mongrel "$LINENO" "tcpd.h" "ac_cv_header_tcpd_h" "$ac_includes_default" if test "x$ac_cv_header_tcpd_h" = xyes; then : else as_fn_error $? "Could not find tcpd.h for libwrap. You need to install tcp_wrappers." "$LINENO" 5 fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int allow_severity; int deny_severity; int main () { hosts_access((struct request_info *) 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define SH_USE_LIBWRAP 1" >>confdefs.h else as_fn_error $? "Could not find the libwrap library." "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Check whether --enable-network was given. if test "${enable_network+set}" = set; then : enableval=$enable_network; if test "x$enable_network" = xclient; then mytclient="-DSH_WITH_CLIENT" yulectl_prg= setpwd_prg="samhain_setpwd" sh_main_prg="samhain" if test "x${sh_have_gmp}" = xyes then LIBS="-lgmp $LIBS" fi elif test "x$enable_network" = xserver; then mytclient="-DSH_WITH_SERVER" yulectl_prg="yulectl" setpwd_prg="samhain_setpwd" sh_main_prg="yule" if test "x${sh_have_gmp}" = xyes then LIBS="-lgmp $LIBS" fi sh_use_lcaps="undef" elif test "x$enable_network" = xno; then mytclient="-DSH_STANDALONE" yulectl_prg= setpwd_prg= sh_main_prg="samhain" else as_fn_error $? "With --enable-network=WHAT, WHAT must be client, server, or no" "$LINENO" 5 fi else mytclient="-DSH_STANDALONE" setpwd_prg= yulectl_prg= sh_main_prg="samhain" fi # needed for the rpm spec clmytclient=`echo ${mytclient} | sed s%\-%%` sh_no_gcc_static=no # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; if test x$enable_static = xyes; then if test x"$mynetbsd" = xyes then tmp_LIBS=`echo $LIBS | sed 's%\-lresolv%%' ` LIBS="${tmp_LIBS}" fi if test x"${sh_auparse}" = xyes then tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` LIBS="${tmp_LIBS}" fi $as_echo "#define SH_COMPILE_STATIC 1" >>confdefs.h if test "x$GCC" = "xyes"; then sh_no_gcc_static=no LDFLAGS="$LDFLAGS -static" else sh_no_gcc_static=yes case "$host_os" in *aix*) LDFLAGS="$LDFLAGS -bnso -bI:/lib/syscalls.exp" ;; *hpux*) LDFLAGS="$LDFLAGS -Wl,-a,archive" ;; *osf*) LDFLAGS="$LDFLAGS -non_shared" ;; *irix*) LDFLAGS="$LDFLAGS -non_shared" ;; *sco*) LDFLAGS="$LDFLAGS -dn" ;; *sun*) LDFLAGS="$LDFLAGS -Bstatic" ;; *solaris*) LDFLAGS="$LDFLAGS -Bstatic" ;; *) echo "***********************************************" echo "*" echo "* Don't know how to enable static linking" echo "* with your compiler. Please set the environment" echo "* variable LDFLAGS to:" echo "* ${LDFLAGS} + the static linking flag" echo "* and run configure again" echo "*" echo "***********************************************" ;; esac fi fi fi if test x"${mytclient}" = x-DSH_STANDALONE -o x"${mytclient}" = x-DSH_WITH_CLIENT; then ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu acx_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h # requires special compiler flags (e.g. on True64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS" >&5 $as_echo_n "checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pthread_join (); int main () { return pthread_join (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : acx_pthread_ok=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 $as_echo "$acx_pthread_ok" >&6; } if test x"$acx_pthread_ok" = xno; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" fi # We must check for the threads library under a number of different # names; the ordering is very important because some systems # (e.g. DEC) have both -lpthread and -lpthreads, where one of the # libraries is broken (non-POSIX). # Create a list of thread flags to try. Items starting with a "-" are # C compiler flags, and other items are library names, except for "none" # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: # pthreads: AIX (must check this before -lpthread) # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) # -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) # -pthreads: Solaris/gcc # -mthreads: Mingw32/gcc, Lynx/gcc # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it # doesn't hurt to check since this sometimes defines pthreads too; # also defines -D_REENTRANT) # ... -mt is also the pthreads flag for HP/aCC # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) case "${host_cpu}-${host_os}" in *solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based # tests will erroneously succeed. (We need to link with -pthreads/-mt/ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather # a function called by this macro, so we could check for that, but # who knows whether they'll stub that too in a future libc.) So, # we'll just look for -pthreads and -lpthread first: acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags" ;; esac if test x"$acx_pthread_ok" = xno; then for flag in $acx_pthread_flags; do case $flag in none) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 $as_echo_n "checking whether pthreads work without any flags... " >&6; } ;; -pthread) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 $as_echo_n "checking whether pthreads work with $flag... " >&6; } PTHREAD_CFLAGS="$flag" ;; -*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 $as_echo_n "checking whether pthreads work with $flag... " >&6; } PTHREAD_CFLAGS="$flag" ;; pthread-config) # Extract the first word of "pthread-config", so it can be a program name with args. set dummy pthread-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_acx_pthread_config+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$acx_pthread_config"; then ac_cv_prog_acx_pthread_config="$acx_pthread_config" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_acx_pthread_config="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_acx_pthread_config" && ac_cv_prog_acx_pthread_config="no" fi fi acx_pthread_config=$ac_cv_prog_acx_pthread_config if test -n "$acx_pthread_config"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_config" >&5 $as_echo "$acx_pthread_config" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x"$acx_pthread_config" = xno; then continue; fi PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$flag" >&5 $as_echo_n "checking for the pthreads library -l$flag... " >&6; } PTHREAD_LIBS="-l$flag" ;; esac save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" save_LDFLAGS="$LDFLAGS" LIBS="$PTHREAD_LIBS $LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $PTHREAD_CFLAGS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we # need a special flag -Kthread to make this header compile.) # We check for pthread_join because it is in -lpthread on IRIX # while pthread_create is in libc. We check for pthread_attr_init # due to DEC craziness with -lpthreads. We check for # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { pthread_t th; pthread_join(th, 0); pthread_attr_init(0); pthread_cleanup_push(0, 0); pthread_create(0,0,0,0); pthread_cleanup_pop(0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : acx_pthread_ok=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" CFLAGS="$save_CFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 $as_echo "$acx_pthread_ok" >&6; } if test "x$acx_pthread_ok" = xyes; then break; fi PTHREAD_LIBS="" PTHREAD_CFLAGS="" done fi # Various other checks: if test "x$acx_pthread_ok" = xyes; then save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 $as_echo_n "checking for joinable pthread attribute... " >&6; } attr_name=unknown for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { int attr=$attr; return attr; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : attr_name=$attr; break fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext done { $as_echo "$as_me:${as_lineno-$LINENO}: result: $attr_name" >&5 $as_echo "$attr_name" >&6; } if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then cat >>confdefs.h <<_ACEOF #define PTHREAD_CREATE_JOINABLE $attr_name _ACEOF fi # Solaris lossage: default is obsolete semantics for getpwnam_r, # getpwuid_r, getgrgid_r, unless _POSIX_PTHREAD_SEMANTICS is defined { $as_echo "$as_me:${as_lineno-$LINENO}: checking if more special flags are required for pthreads" >&5 $as_echo_n "checking if more special flags are required for pthreads... " >&6; } flag=no case "${host_cpu}-${host_os}" in *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; *-osf* | *-hpux*) flag="-D_REENTRANT";; *solaris*) flag="-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT";; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${flag}" >&5 $as_echo "${flag}" >&6; } if test "x$flag" != xno; then PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" fi # Detect PTHREAD_MUTEX_RECURSIVE { $as_echo "$as_me:${as_lineno-$LINENO}: checking for recursive mutexes" >&5 $as_echo_n "checking for recursive mutexes... " >&6; } mutex_recursive=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _XOPEN_SOURCE 500 #include int main () { pthread_mutexattr_t mta; pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); return 0; ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : mutex_recursive=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "x$mutex_recursive" = "xyes" then $as_echo "#define HAVE_PTHREAD_MUTEX_RECURSIVE 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mutex_recursive" >&5 $as_echo "$mutex_recursive" >&6; } LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" # More AIX lossage: must compile with xlc_r or cc_r if test x"$GCC" != xyes; then for ac_prog in xlc_r cc_r do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_PTHREAD_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_PTHREAD_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 $as_echo "$PTHREAD_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PTHREAD_CC" && break done test -n "$PTHREAD_CC" || PTHREAD_CC="${CC}" else PTHREAD_CC=$CC fi else PTHREAD_CC="$CC" fi if test x"$acx_pthread_ok" = xyes; then PTHREAD_CFLAGS="${PTHREAD_CFLAGS} -DUSE_MALLOC_LOCK=1" fi # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test x"$acx_pthread_ok" = xyes; then $as_echo "#define HAVE_PTHREAD 1" >>confdefs.h : else acx_pthread_ok=no fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" LDFLAGS="$PTHREAD_CFLAGS $LDFLAGS" CC="$PTHREAD_CC" if test "x${ZLIB_HOME}" = "x"; then ZLIB_HOME=/usr/local if test ! -f "${ZLIB_HOME}/include/zlib.h" then ZLIB_HOME=/usr fi fi zlib_found=no ZLIB_OLD_LDFLAGS=$LDFLAGS ZLIB_OLD_CPPFLAGS=$LDFLAGS if test "x${ZLIB_HOME}" = "x/usr"; then : else LDFLAGS="$LDFLAGS -L${ZLIB_HOME}/lib" CPPFLAGS="$CPPFLAGS -I${ZLIB_HOME}/include" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 $as_echo_n "checking for inflateEnd in -lz... " >&6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inflateEnd (); int main () { return inflateEnd (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_inflateEnd=yes else ac_cv_lib_z_inflateEnd=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 $as_echo "$ac_cv_lib_z_inflateEnd" >&6; } if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : zlib_cv_libz=yes else zlib_cv_libz=no fi ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" if test "x$ac_cv_header_zlib_h" = xyes; then : zlib_cv_zlib_h=yes else zlib_cv_zlib_h=no fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$zlib_cv_libz" = "yes" -a "$zlib_cv_zlib_h" = "yes" then # # If both library and header were found, use them # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 $as_echo_n "checking for inflateEnd in -lz... " >&6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inflateEnd (); int main () { return inflateEnd (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_inflateEnd=yes else ac_cv_lib_z_inflateEnd=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 $as_echo "$ac_cv_lib_z_inflateEnd" >&6; } if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBZ 1 _ACEOF LIBS="-lz $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 $as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } for ac_func in compressBound do : ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" if test "x$ac_cv_func_compressBound" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_COMPRESSBOUND 1 _ACEOF fi done zlib_found=yes else # # If either header or library was not found, revert and bomb # { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 $as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } LDFLAGS="$ZLIB_OLD_LDFLAGS" CPPFLAGS="$ZLIB_OLD_CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 $as_echo "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} fi fi if test x$enable_static = xyes; then : else if test x$sh_use_pie = xyes; then LDFLAGS="$LDFLAGS $PIE_LDFLAGS" CFLAGS="$CFLAGS $PIE_CFLAGS" fi fi ac_fn_c_check_func "$LINENO" "pmap_getmaps" "ac_cv_func_pmap_getmaps" if test "x$ac_cv_func_pmap_getmaps" = xyes; then : $as_echo "#define HAVE_PMAP_GETMAPS /**/" >>confdefs.h fi # # this is from the snort configure.in # # Check whether --with-libprelude-prefix was given. if test "${with_libprelude_prefix+set}" = set; then : withval=$with_libprelude_prefix; libprelude_config_prefix="$withval" else libprelude_config_prefix="" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use prelude" >&5 $as_echo_n "checking whether to use prelude... " >&6; } # Check whether --with-prelude was given. if test "${with_prelude+set}" = set; then : withval=$with_prelude; if test "x${withval}" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } if test x$libprelude_config_prefix != x ; then if test x${LIBPRELUDE_CONFIG+set} != xset ; then LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config fi fi # Extract the first word of "libprelude-config", so it can be a program name with args. set dummy libprelude-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_LIBPRELUDE_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $LIBPRELUDE_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_LIBPRELUDE_CONFIG="$LIBPRELUDE_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_LIBPRELUDE_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_LIBPRELUDE_CONFIG" && ac_cv_path_LIBPRELUDE_CONFIG="no" ;; esac fi LIBPRELUDE_CONFIG=$ac_cv_path_LIBPRELUDE_CONFIG if test -n "$LIBPRELUDE_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPRELUDE_CONFIG" >&5 $as_echo "$LIBPRELUDE_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x"$LIBPRELUDE_CONFIG" = "xno" ; then HAVE_PRELUDE_CONFIG=no else HAVE_PRELUDE_CONFIG=yes fi if test "$HAVE_PRELUDE_CONFIG" = "yes"; then sh_libprelude_version=`$LIBPRELUDE_CONFIG --version` case "$sh_libprelude_version" in 0.8*) as_fn_error $? "You have Libprelude 0.8, which is too old. Version 0.9.6 or higher is required." "$LINENO" 5 ;; *) min_libprelude_version=0.9.6 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libprelude - version >= $min_libprelude_version" >&5 $as_echo_n "checking for libprelude - version >= $min_libprelude_version... " >&6; } no_libprelude="" if test "$LIBPRELUDE_CONFIG" = "no" ; then no_libprelude=yes else LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` ac_save_CFLAGS="$CFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" rm -f conf.libpreludetest if test "$cross_compiling" = yes; then : echo $ac_n "cross compiling; assumed OK... $ac_c" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { system ("touch conf.libpreludetest"); if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) { printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", "$libprelude_config_version", prelude_check_version(NULL) ); printf("*** was found! If libprelude-config was correct, then it is best\n"); printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); printf("*** before re-running configure\n"); } else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) { printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); printf("*** library (version %s)\n", prelude_check_version(NULL) ); } else { if ( prelude_check_version( "$min_libprelude_version" ) ) { return 0; } else { printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", prelude_check_version(NULL) ); printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", "$min_libprelude_version" ); printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); printf("*** \n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else no_libprelude=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" LDFLAGS="$ac_save_LDFLAGS" fi if test "x$no_libprelude" = x ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_LIBPRELUDE 1" >>confdefs.h CFLAGS="$CFLAGS $LIBPRELUDE_PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" else if test -f conf.libpreludetest ; then : else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$LIBPRELUDE_CONFIG" = "no" ; then echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" echo "*** full path to libprelude-config." else if test -f conf.libpreludetest ; then : else echo "*** Could not run libprelude test program, checking why..." CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { return !!prelude_check_version(NULL); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" echo "***" else echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" LIBS="$ac_save_LIBS" fi fi LIBPRELUDE_CFLAGS="" LIBPRELUDE_LDFLAGS="" LIBPRELUDE_LIBS="" as_fn_error $? "Could not find libprelude (if you are using --enable-static, the static library libprelude.a might be missing)." "$LINENO" 5 fi rm -f conf.libpreludetest ;; esac else as_fn_error $? "Could not find libprelude-config." "$LINENO" 5 fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # # partly based on the snort configure.in # # Check whether --with-database was given. if test "${with_database+set}" = set; then : withval=$with_database; if test x"$enable_xml_log" != xyes; then as_fn_error $? "With --with-database, --enable-xml-log is required as well." "$LINENO" 5 fi if test "x${withval}" = "xmysql"; then if test "x$zlib_found" = "x" then if test "x${ZLIB_HOME}" = "x"; then ZLIB_HOME=/usr/local if test ! -f "${ZLIB_HOME}/include/zlib.h" then ZLIB_HOME=/usr fi fi zlib_found=no ZLIB_OLD_LDFLAGS=$LDFLAGS ZLIB_OLD_CPPFLAGS=$LDFLAGS if test "x${ZLIB_HOME}" = "x/usr"; then : else LDFLAGS="$LDFLAGS -L${ZLIB_HOME}/lib" CPPFLAGS="$CPPFLAGS -I${ZLIB_HOME}/include" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 $as_echo_n "checking for inflateEnd in -lz... " >&6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inflateEnd (); int main () { return inflateEnd (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_inflateEnd=yes else ac_cv_lib_z_inflateEnd=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 $as_echo "$ac_cv_lib_z_inflateEnd" >&6; } if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : zlib_cv_libz=yes else zlib_cv_libz=no fi ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" if test "x$ac_cv_header_zlib_h" = xyes; then : zlib_cv_zlib_h=yes else zlib_cv_zlib_h=no fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$zlib_cv_libz" = "yes" -a "$zlib_cv_zlib_h" = "yes" then # # If both library and header were found, use them # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 $as_echo_n "checking for inflateEnd in -lz... " >&6; } if ${ac_cv_lib_z_inflateEnd+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inflateEnd (); int main () { return inflateEnd (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_inflateEnd=yes else ac_cv_lib_z_inflateEnd=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 $as_echo "$ac_cv_lib_z_inflateEnd" >&6; } if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBZ 1 _ACEOF LIBS="-lz $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 $as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } for ac_func in compressBound do : ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" if test "x$ac_cv_func_compressBound" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_COMPRESSBOUND 1 _ACEOF fi done zlib_found=yes else # # If either header or library was not found, revert and bomb # { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 $as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } LDFLAGS="$ZLIB_OLD_LDFLAGS" CPPFLAGS="$ZLIB_OLD_CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 $as_echo "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} fi fi # Extract the first word of "mysql_config", so it can be a program name with args. set dummy mysql_config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_HAVE_MYSQL_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$HAVE_MYSQL_CONFIG"; then ac_cv_prog_HAVE_MYSQL_CONFIG="$HAVE_MYSQL_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_HAVE_MYSQL_CONFIG="yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_HAVE_MYSQL_CONFIG" && ac_cv_prog_HAVE_MYSQL_CONFIG="no" fi fi HAVE_MYSQL_CONFIG=$ac_cv_prog_HAVE_MYSQL_CONFIG if test -n "$HAVE_MYSQL_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_MYSQL_CONFIG" >&5 $as_echo "$HAVE_MYSQL_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$HAVE_MYSQL_CONFIG" = "yes"; then sh_mysql_libs="`mysql_config --libs`" sh_mysql_libs="`eval echo ${sh_mysql_libs}`" LIBS="$LIBS ${sh_mysql_libs}" sh_mysql_cflags="`mysql_config --cflags`" sh_mysql_cflags="`eval echo ${sh_mysql_cflags}`" CPPFLAGS="$CPPFLAGS ${sh_mysql_cflags}" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME" >&5 $as_echo_n "checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME... " >&6; } mysql_directory="/usr /usr/local /usr/local/mysql ${MYSQL_HOME}" for i in $mysql_directory; do if test -r $i/include/mysql/mysql.h; then MYSQL_DIR=$i MYSQL_INC_DIR=$i/include # we use AC_CHECK_HEADERS to check for mysql/mysql.h fi done if test -z "$MYSQL_DIR"; then for i in $mysql_directory; do if test -r $i/include/mysql.h; then MYSQL_DIR=$i MYSQL_INC_DIR=$i/include fi done fi if test -z "$MYSQL_DIR"; then tmp="" for i in $mysql_directory; do tmp="$tmp $i/include $i/include/mysql" done echo echo echo "**********************************************" echo " ERROR: unable to find" "mysql headers (mysql.h)" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit fi for i in lib lib/mysql; do str="$MYSQL_DIR/$i/libmysqlclient.*" for j in `echo $str`; do if test -r $j; then MYSQL_LIB_DIR="$MYSQL_DIR/$i" break 2 fi done done if test -z "$MYSQL_LIB_DIR"; then for ff in $mysql_directory; do for i in lib lib/mysql; do str="$ff/$i/libmysqlclient.*" for j in `echo $str`; do if test -r $j; then MYSQL_LIB_DIR="$ff/$i" break 3 fi done done done fi if test -z "$MYSQL_LIB_DIR"; then tmp="" for i in $mysql_directory; do tmp="$i/lib $i/lib/mysql" done echo echo echo "**********************************************" echo " ERROR: unable to find" "mysql library libmysqlclient" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LIBS="$LIBS -L${MYSQL_LIB_DIR} -lmysqlclient" # CFLAGS="$CFLAGS -I${MYSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${MYSQL_INC_DIR}" fi $as_echo "#define WITH_MYSQL 1" >>confdefs.h $as_echo "#define WITH_DATABASE 1" >>confdefs.h if test "x$zlib_found" = "xyes" then LIBS="$LIBS -lz -lm" else echo echo " Mysql library was not found or not useable." echo " Possible reasons include:" echo " - an old, incompatible version compiled from source" echo " - on Solaris, libmysql is compiled with the Solaris" echo " compiler, thus the mysql_config script provides" echo " compiler options unsuitable for gcc (move" echo " mysql_config out of your PATH)" echo " For other problems, check config.log for the error" echo " message from the compiler." echo echo " If your mysql libraries are installed in an" echo " unusual place, use --with-libs=-L/path/to/libdirectory" echo " where libdirectory is the directory holding libmysql." if test x"$enable_static" = xyes; then echo " Note that for compiling a static binary, you need" echo " the static libraries, rather than the shared ones." fi echo as_fn_error $? "Could not find libmysql, or it is not useable." "$LINENO" 5 fi for ac_header in mysql/mysql.h do : ac_fn_c_check_header_mongrel "$LINENO" "mysql/mysql.h" "ac_cv_header_mysql_mysql_h" "$ac_includes_default" if test "x$ac_cv_header_mysql_mysql_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MYSQL_MYSQL_H 1 _ACEOF fi done elif test "x${withval}" = "xpostgresql"; then $as_echo "#define WITH_POSTGRES 1" >>confdefs.h $as_echo "#define WITH_DATABASE 1" >>confdefs.h # PGCONF="no" MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin" OLD_IFS="$IFS" IFS=":" for ff in ${MY_PATH} do if test -f "$ff/pg_config" then PGCONF="$ff/pg_config" fi done IFS="${OLD_IFS}" # # if test "x${PGCONF}" = "xno" then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME" >&5 $as_echo_n "checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME... " >&6; } pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" for i in $pgsql_directory; do if test -r $i/include/pgsql/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h fi done if test -z "$PGSQL_DIR"; then for i in $pgsql_directory; do if test -r $i/include/postgresql/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i fi done fi if test -z "$PGSQL_DIR"; then for i in $pgsql_directory; do if test -r $i/include/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i fi done fi if test -z "$PGSQL_DIR"; then tmp="" for i in $pgsql_directory; do tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql" done echo echo echo "**********************************************" echo " ERROR: unable to find" "PostgreSQL header file (libpq-fe.h)" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit fi for i in lib lib/pgsql lib/postgresql; do str="$PGSQL_DIR/$i/libpq.*" for j in `echo $str`; do if test -r $j; then PGSQL_LIB_DIR="$PGSQL_DIR/$i" break 2 fi done done if test -z "$PGSQL_LIB_DIR"; then for ff in $pgsql_directory; do for i in lib lib/pgsql lib/postgresql; do str="$ff/$i/libpq.*" for j in `echo $str`; do if test -r $j; then PGSQL_LIB_DIR="$ff/$i" break 3 fi done done done fi if test -z "$PGSQL_LIB_DIR"; then tmp="" for i in $pgsql_directory; do tmp="$i/lib $i/lib/pgsql $i/lib/postgresql" done echo echo echo "**********************************************" echo " ERROR: unable to find" "postgresql library libpq" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" if test x"$enable_static" = xyes; then LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" else LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" fi # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" for ac_header in pgsql/libpq-fe.h do : ac_fn_c_check_header_mongrel "$LINENO" "pgsql/libpq-fe.h" "ac_cv_header_pgsql_libpq_fe_h" "$ac_includes_default" if test "x$ac_cv_header_pgsql_libpq_fe_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PGSQL_LIBPQ_FE_H 1 _ACEOF fi done for ac_header in postgresql/libpq-fe.h do : ac_fn_c_check_header_mongrel "$LINENO" "postgresql/libpq-fe.h" "ac_cv_header_postgresql_libpq_fe_h" "$ac_includes_default" if test "x$ac_cv_header_postgresql_libpq_fe_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POSTGRESQL_LIBPQ_FE_H 1 _ACEOF fi done else pg_lib_dir=`${PGCONF} --libdir` if test x"$enable_static" = xyes; then LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm" else LIBS="$LIBS -L${pg_lib_dir} -lpq -lm" fi pg_inc_dir=`${PGCONF} --includedir` # CFLAGS="$CFLAGS -I${pg_inc_dir}" CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" fi elif test "x${withval}" = "xodbc"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for odbc in /usr /usr/local ODBC_HOME" >&5 $as_echo_n "checking for odbc in /usr /usr/local ODBC_HOME... " >&6; } odbc_directory="/usr /usr/local" for i in $odbc_directory; do if test -r $i/include/sql.h; then if test -r $i/include/sqlext.h; then if test -r $i/include/sqltypes.h; then ODBC_DIR=$i ODBC_INC_DIR=$i/include fi fi fi done if test -z "$ODBC_DIR"; then tmp="" for i in $odbc_directory; do tmp="$tmp $i/include" done echo echo echo "**********************************************" echo " ERROR: unable to find" "odbc headers (sql.h sqlext.h sqltypes.h)" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit fi str="$ODBC_DIR/lib/libodbc.*" for j in `echo $str`; do if test -r $j; then ODBC_LIB_DIR="$ODBC_DIR/lib" ODBC_LIB="odbc" fi done if test -z "$ODBC_LIB_DIR"; then echo echo echo "**********************************************" echo " ERROR: unable to find" "odbc library (libodbc)" echo " checked in the following places" for i in `echo "$ODBC_DIR/lib"`; do echo " $i" done echo "**********************************************" echo exit fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } CPPFLAGS="${CPPFLAGS} -I${ODBC_INC_DIR}" LIBS="${LIBS} -L${ODBC_LIB_DIR} -l$ODBC_LIB" $as_echo "#define WITH_ODBC 1" >>confdefs.h $as_echo "#define WITH_DATABASE 1" >>confdefs.h elif test "x${withval}" = "xoracle"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for oracle in ORACLE_HOME /usr/local /usr" >&5 $as_echo_n "checking for oracle in ORACLE_HOME /usr/local /usr... " >&6; } oracle_directory="/usr /usr/local ${ORACLE_HOME}" for i in $oracle_directory; do ff=`find $i -name oci.h 2>/dev/null | tail -1` if test "x$ff" = "x"; then : else ORACLE_INC=`dirname $ff` fi fg=`find $i -name libclntsh.so 2>/dev/null | tail -1` if test "x$fg" = "x"; then : else ORACLE_LIB=`dirname $fg` fi done if test -z "$ORACLE_INC"; then tmp="" for i in $oracle_directory; do tmp="$tmp $i" done echo echo echo "**********************************************" echo " ERROR: unable to find" "OCI header file (oci.h) please define ORACLE_INC directory where oci.h resides" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit elif test -z "$ORACLE_LIB"; then tmp="" for i in $oracle_directory; do tmp="$tmp $i" done echo echo echo "**********************************************" echo " ERROR: unable to find" "OCI library file (libclntsh.so) please define ORACLE_LIB directory where libclntsh.so resides" echo " checked in the following places" for i in `echo $tmp`; do echo " $i" done echo "**********************************************" echo exit else ORACLE_CPP_FLAGS="-I$ORACLE_INC" ORACLE_LIB_DIR="$ORACLE_LIB" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ORACLE_INC $ORACLE_LIB" >&5 $as_echo "$ORACLE_INC $ORACLE_LIB" >&6; } CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}" ORACLE_LIBS="-lclntsh" if test -r $ORACLE_LIB_DIR/libnnz11.so; then ORACLE_LIBS="${ORACLE_LIBS} -lnnz11" fi if test -r $ORACLE_LIB_DIR/libwtc9.so; then ORACLE_LIBS="${ORACLE_LIBS} -lwtc9" elif test -r $ORACLE_LIB_DIR/libwtc8.so; then ORACLE_LIBS="${ORACLE_LIBS} -lwtc8" fi LIBS="${LIBS} -L${ORACLE_LIB_DIR} ${ORACLE_LIBS}" if test "x$GCC" != "xyes"; then CFLAGS="${CFLAGS} -fno-strict-aliasing" fi fi $as_echo "#define WITH_ORACLE 1" >>confdefs.h $as_echo "#define WITH_DATABASE 1" >>confdefs.h else as_fn_error $? "Option --with-database=database used with unsupported database ${withval}" "$LINENO" 5 fi fi # Check whether --with-console was given. if test "${with_console+set}" = set; then : withval=$with_console; if test "x${withval}" != xno; then mycons="$withval" cat >>confdefs.h <<_ACEOF #define DEFAULT_CONSOLE _("${mycons}") _ACEOF fi fi # Check whether --with-altconsole was given. if test "${with_altconsole+set}" = set; then : withval=$with_altconsole; if test "x${withval}" != xno; then myaltcons="$withval" else myaltcons="NULL" fi else myaltcons="NULL" fi cat >>confdefs.h <<_ACEOF #define ALT_CONSOLE _("${myaltcons}") _ACEOF # Check whether --with-timeserver was given. if test "${with_timeserver+set}" = set; then : withval=$with_timeserver; if test "x${withval}" != xno; then mytimeserv="$withval" $as_echo "#define HAVE_NTIME 1" >>confdefs.h else mytimeserv="NULL" fi else mytimeserv="NULL" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_TIMESERVER _("${mytimeserv}") _ACEOF # Check whether --with-alttimeserver was given. if test "${with_alttimeserver+set}" = set; then : withval=$with_alttimeserver; if test "x${withval}" != xno; then myalttimeserv="$withval" $as_echo "#define HAVE_NTIME 1" >>confdefs.h else myalttimeserv="NULL" fi else myalttimeserv="NULL" fi cat >>confdefs.h <<_ACEOF #define ALT_TIMESERVER _("${myalttimeserv}") _ACEOF # Check whether --enable-login-watch was given. if test "${enable_login_watch+set}" = set; then : enableval=$enable_login_watch; if test "x${enable_login_watch}" = xyes; then $as_echo "#define SH_USE_UTMP 1" >>confdefs.h fi fi # Check whether --enable-mounts-check was given. if test "${enable_mounts_check+set}" = set; then : enableval=$enable_mounts_check; if test "x${enable_mounts_check}" = xyes; then $as_echo "#define SH_USE_MOUNTS 1" >>confdefs.h fi fi # Check whether --enable-logfile-monitor was given. if test "${enable_logfile_monitor+set}" = set; then : enableval=$enable_logfile_monitor; if test "x${enable_logfile_monitor}" = xyes; then ac_fn_c_check_header_mongrel "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default" if test "x$ac_cv_header_pcre_h" = xyes; then : $as_echo "#define USE_LOGFILE_MONITOR 1" >>confdefs.h LIBS="-lpcre $LIBS" else ac_fn_c_check_header_mongrel "$LINENO" "pcre/pcre.h" "ac_cv_header_pcre_pcre_h" "$ac_includes_default" if test "x$ac_cv_header_pcre_pcre_h" = xyes; then : $as_echo "#define USE_LOGFILE_MONITOR 1" >>confdefs.h $as_echo "#define HAVE_PCRE_PCRE_H 1" >>confdefs.h LIBS="-lpcre $LIBS" else as_fn_error $? "The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed." "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_dfa_exec in -lpcre" >&5 $as_echo_n "checking for pcre_dfa_exec in -lpcre... " >&6; } if ${ac_cv_lib_pcre_pcre_dfa_exec+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpcre $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pcre_dfa_exec (); int main () { return pcre_dfa_exec (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pcre_pcre_dfa_exec=yes else ac_cv_lib_pcre_pcre_dfa_exec=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcre_pcre_dfa_exec" >&5 $as_echo "$ac_cv_lib_pcre_pcre_dfa_exec" >&6; } if test "x$ac_cv_lib_pcre_pcre_dfa_exec" = xyes; then : $as_echo "#define HAVE_PCRE_DFA_EXEC 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pcre_dfa_exec not available" >&5 $as_echo "$as_me: WARNING: pcre_dfa_exec not available" >&2;} fi fi fi # Check whether --enable-process-check was given. if test "${enable_process_check+set}" = set; then : enableval=$enable_process_check; if test "x${enable_process_check}" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sched_getparam in -lrt" >&5 $as_echo_n "checking for sched_getparam in -lrt... " >&6; } if ${ac_cv_lib_rt_sched_getparam+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lrt $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sched_getparam (); int main () { return sched_getparam (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_rt_sched_getparam=yes else ac_cv_lib_rt_sched_getparam=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_sched_getparam" >&5 $as_echo "$ac_cv_lib_rt_sched_getparam" >&6; } if test "x$ac_cv_lib_rt_sched_getparam" = xyes; then : sh_lrt=yes else sh_lrt=no fi if test x"$sh_lrt" = xyes; then LIBRT=-lrt else LIBRT= fi LIBS="$LIBS $LIBRT" $as_echo "#define SH_USE_PROCESSCHECK 1" >>confdefs.h fi fi # Check whether --enable-port-check was given. if test "${enable_port_check+set}" = set; then : enableval=$enable_port_check; if test "x${enable_port_check}" = xyes; then $as_echo "#define SH_USE_PORTCHECK 1" >>confdefs.h fi fi # Check whether --enable-userfiles was given. if test "${enable_userfiles+set}" = set; then : enableval=$enable_userfiles; if test "x${enableval}" = "xyes"; then $as_echo "#define SH_USE_USERFILES 1" >>confdefs.h fi fi # Check whether --enable-debug was given. if test "${enable_debug+set}" = set; then : enableval=$enable_debug; if test "x${enable_debug}" = "xyes"; then if test "x${mydebugflag}" != "xyes"; then $as_echo "#define MEM_DEBUG 1" >>confdefs.h fi $as_echo "#define WITH_TPT 1" >>confdefs.h $as_echo "#define SL_DEBUG 1" >>confdefs.h $as_echo "#define DNMALLOC_CHECKS 1" >>confdefs.h $as_echo "#define PARANOIA 0" >>confdefs.h $as_echo "#define SL_FAIL_ON_ERROR 1" >>confdefs.h if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" else mydebugdef="-g" fi mydebugit="yes" elif test "x${enable_debug}" = "xgdb"; then if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" else mydebugdef="-g" fi mydebugit="yes" fi fi sh_enable_asm=yes # Check whether --enable-asm was given. if test "${enable_asm+set}" = set; then : enableval=$enable_asm; if test "x${enable_asm}" = xno; then sh_enable_asm=no fi fi if test "x${samhain_64_asm}" = xyes; then if test "x${sh_enable_asm}" = xyes; then $as_echo "#define TIGER_OPT_ASM 1" >>confdefs.h fi fi # Check whether --enable-ipv6 was given. if test "${enable_ipv6+set}" = set; then : enableval=$enable_ipv6; if test "x${enable_ipv6}" = xno; then $as_echo "#define USE_IPV4 1" >>confdefs.h fi fi if test "x${dnmalloc_ok}" = "xyes"; then sh_dnmalloc_enabled=yes else sh_dnmalloc_enabled=no fi # Check whether --enable-dnmalloc was given. if test "${enable_dnmalloc+set}" = set; then : enableval=$enable_dnmalloc; if test "x${enable_dnmalloc}" = xno; then sh_dnmalloc_enabled=no else sh_dnmalloc_enabled=yes fi fi if test "x$sh_dnmalloc_enabled" = "xyes"; then if test x$enable_static = xyes; then if test "x$sh_no_gcc_static" = "xyes"; then sh_dnmalloc_enabled=no else if test "x$with_gnu_ld" = "xyes"; then LDFLAGS="$LDFLAGS -Wl,--allow-multiple-definition" else sh_dnmalloc_enabled=no fi fi fi fi if test "x${sh_dnmalloc_enabled}" = xno; then $as_echo "#define USE_SYSTEM_MALLOC 1" >>confdefs.h fi # Check whether --enable-ptrace was given. if test "${enable_ptrace+set}" = set; then : enableval=$enable_ptrace; if test "x${enable_ptrace}" = xyes; then if test "x$mydebugit" != "xyes"; then $as_echo "#define SCREW_IT_UP 1" >>confdefs.h fi fi fi if test "x$GCC" = "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g\ " 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\-Wall" 2> /dev/null`" ; then CFLAGS="$CFLAGS -Wall -W " fi if test -z "`echo "$CFLAGS" | grep "\-fstrength\-reduce" 2> /dev/null`" then if test -z "`echo "$CFLAGS" | grep "\-fno\-strength\-reduce" 2> /dev/null`" then CFLAGS="$CFLAGS -fno-strength-reduce" fi fi if test -z "`echo "$CFLAGS" | grep "\-fomit\-frame\-pointer" 2> /dev/null`" then if test -z "`echo "$CFLAGS" | grep "\-fno\-omit\-frame\-pointer" 2> /dev/null`" then CFLAGS="$CFLAGS -fno-omit-frame-pointer" fi fi fi if test "X$CC" != "X"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -Wno-empty-body" >&5 $as_echo_n "checking whether ${CC} accepts -Wno-empty-body... " >&6; } if ${empty_cv_body+:} false; then : $as_echo_n "(cached) " >&6 else empty_body_cflags="$CFLAGS" CFLAGS="$CFLAGS -Wno-empty-body" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : empty_cv_body=yes else empty_cv_body=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$empty_body_cflags" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $empty_cv_body" >&5 $as_echo "$empty_cv_body" >&6; } if test $empty_cv_body = yes; then CFLAGS="$CFLAGS -Wno-empty-body" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random module to use" >&5 $as_echo_n "checking which random module to use... " >&6; } # Check whether --with-rnd was given. if test "${with_rnd+set}" = set; then : withval=$with_rnd; use_static_rnd=$withval else use_static_rnd=default fi if test "$use_static_rnd" = no; then use_static_rnd=default fi case "$use_static_rnd" in egd | dev | unix | default ) { $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_static_rnd" >&5 $as_echo "$use_static_rnd" >&6; } ;; * ) { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid argument" >&5 $as_echo "invalid argument" >&6; } as_fn_error $? "Option --with-rnd=module used with unsupported module ${use_static_rnd}" "$LINENO" 5 ;; esac # Check whether --with-egd-socket was given. if test "${with_egd_socket+set}" = set; then : withval=$with_egd_socket; egd_socket_name="$withval" else egd_socket_name="" fi cat >>confdefs.h <<_ACEOF #define EGD_SOCKET_NAME _("$egd_socket_name") _ACEOF try_dev_random=yes case "$use_static_rnd" in dev | default ) try_dev_random=yes ;; egd) $as_echo "#define HAVE_EGD_RANDOM 1" >>confdefs.h try_dev_random=no ;; unix) $as_echo "#define HAVE_UNIX_RANDOM 1" >>confdefs.h try_dev_random=no ;; esac if test "x$try_dev_random" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether /dev/random exists" >&5 $as_echo_n "checking whether /dev/random exists... " >&6; } if test -r "/dev/srandom" && test -c "/dev/srandom"; then $as_echo "#define HAVE_URANDOM 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define NAME_OF_DEV_RANDOM _("/dev/srandom") _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } if test -r "/dev/urandom" && test -c "/dev/urandom"; then cat >>confdefs.h <<_ACEOF #define NAME_OF_DEV_URANDOM _("/dev/urandom") _ACEOF fi else if test -r "/dev/random" && test -c "/dev/random"; then $as_echo "#define HAVE_URANDOM 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define NAME_OF_DEV_RANDOM _("/dev/random") _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } if test -r "/dev/urandom" && test -c "/dev/urandom"; then cat >>confdefs.h <<_ACEOF #define NAME_OF_DEV_URANDOM _("/dev/urandom") _ACEOF fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define HAVE_UNIX_RANDOM 1" >>confdefs.h fi fi fi # Check whether --enable-udp was given. if test "${enable_udp+set}" = set; then : enableval=$enable_udp; if test "x${enable_udp}" = xyes; then $as_echo "#define INET_SYSLOG 1" >>confdefs.h fi fi myencrypt=yes # Check whether --enable-encrypt was given. if test "${enable_encrypt+set}" = set; then : enableval=$enable_encrypt; if test "x${enable_encrypt}" = xno; then myencrypt=no elif test "x${enable_encrypt}" = "x1"; then myencrypt=1 fi fi if test "x${myencrypt}" = "xyes"; then $as_echo "#define SH_ENCRYPT 1" >>confdefs.h $as_echo "#define SH_ENCRYPT_2 1" >>confdefs.h elif test "x${myencrypt}" = "x1"; then $as_echo "#define SH_ENCRYPT 1" >>confdefs.h fi sh_use_srp_proto=yes # Check whether --enable-srp was given. if test "${enable_srp+set}" = set; then : enableval=$enable_srp; if test "x${enable_srp}" = xno; then sh_use_srp_proto=no fi fi if test "x${sh_use_srp_proto}" = xyes; then $as_echo "#define USE_SRP_PROTOCOL 1" >>confdefs.h fi # Check whether --with-port was given. if test "${with_port+set}" = set; then : withval=$with_port; echo "${withval}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --with-port=PORT, PORT must be numeric." "$LINENO" 5 myport=${withval} else myport="49777" fi cat >>confdefs.h <<_ACEOF #define SH_DEFAULT_PORT ${myport} _ACEOF # Check whether --with-logserver was given. if test "${with_logserver+set}" = set; then : withval=$with_logserver; case "$withval" in *.* | localhost) mylogsrv="$withval" ;; *) mylogsrv="$withval" ;; esac else mylogsrv="NULL" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_LOGSERVER _("${mylogsrv}") _ACEOF # Check whether --with-altlogserver was given. if test "${with_altlogserver+set}" = set; then : withval=$with_altlogserver; case "$withval" in *.* | localhost) myaltlogsrv="$withval" ;; *) myaltlogsrv="$withval" ;; esac else myaltlogsrv="NULL" fi cat >>confdefs.h <<_ACEOF #define ALT_LOGSERVER _("${myaltlogsrv}") _ACEOF nocl_code= xor_code=0 # Check whether --enable-nocl was given. if test "${enable_nocl+set}" = set; then : enableval=$enable_nocl; if test "x${enableval}" != "x"; then $as_echo "#define SH_STEALTH_NOCL 1" >>confdefs.h fi if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then as_fn_error $? "For --enable-nocl=PW start/stop/reload/restart/status are reserved words." "$LINENO" 5 fi if test "x${enableval}" = "xreload" || test "x${enableval}" = "xrestart"; then as_fn_error $? "For --enable-nocl=PW start/stop/reload/restart/status are reserved words." "$LINENO" 5 fi if test "x${enableval}" = "xstatus"; then as_fn_error $? "For --enable-nocl=PW start/stop/reload/restart/status are reserved words." "$LINENO" 5 fi if test "x${enableval}" = "xno"; then as_fn_error $? "With --enable-nocl=PW, the use of --enable-nocl=no is ambiguous." "$LINENO" 5 fi nocl_code="${enable_nocl}" fi cat >>confdefs.h <<_ACEOF #define NOCL_CODE _("${nocl_code}") _ACEOF # Check whether --enable-stealth was given. if test "${enable_stealth+set}" = set; then : enableval=$enable_stealth; $as_echo "#define SH_STEALTH 1" >>confdefs.h if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --enable-stealth=XOR_VAL, XOR_VAL must be numeric." "$LINENO" 5 if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then if test x"${enableval}" = x0 then : else as_fn_error $? "For --enable-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255." "$LINENO" 5 fi fi xor_code="${enable_stealth}" else xor_code=0 fi stegin_prg="samhain_stealth" else stegin_prg= fi # Check whether --enable-micro-stealth was given. if test "${enable_micro_stealth+set}" = set; then : enableval=$enable_micro_stealth; $as_echo "#define SH_STEALTH 1" >>confdefs.h $as_echo "#define SH_STEALTH_MICRO 1" >>confdefs.h if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --enable-micro-stealth=XOR_VAL, XOR_VAL must be numeric." "$LINENO" 5 if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then if test x"${enableval}" = x0 then : else as_fn_error $? "For --enable-micro-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255." "$LINENO" 5 fi fi xor_code="${enable_micro_stealth}" else xor_code=0 fi fi install_name="samhain" INSTALL_NAME="SAMHAIN" # Check whether --enable-install-name was given. if test "${enable_install_name+set}" = set; then : enableval=$enable_install_name; if test "x${enableval}" != "xyes"; then install_name="${enableval}" INSTALL_NAME=`echo "${enableval}" | tr a-z A-Z` else install_name="${sh_main_prg}" INSTALL_NAME=`echo "${sh_main_prg}" | tr a-z A-Z` fi else install_name="${sh_main_prg}" INSTALL_NAME=`echo "${sh_main_prg}" | tr a-z A-Z` fi need_user_install=0 # Check whether --enable-identity was given. if test "${enable_identity+set}" = set; then : enableval=$enable_identity; if test x"$enableval" = xno; then myident="daemon" else myident="$enableval" fi echo "${myident}" | grep '[^0123456789]' >/dev/null 2>&1 || \ as_fn_error $? "With --enable-identity=USER, please supply a username, not a UID." "$LINENO" 5 myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&5 $as_echo "$as_me: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&2;} need_user_install=1 fi else for myident in ${install_name} daemon nobody; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user ${myident}" >&5 $as_echo_n "checking for user ${myident}... " >&6; } myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" != x; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } break; else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi done if test x"${myident_uid}" = x; then myident=${install_name} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-identity: user ${myident} will be added upon install" >&5 $as_echo "$as_me: WARNING: --enable-identity: user ${myident} will be added upon install" >&2;} need_user_install=1 fi fi cat >>confdefs.h <<_ACEOF #define DEFAULT_IDENT _("${myident}") _ACEOF sh_insmod_cmd=": # no kernel module" sh_insmod_pre=": # no kernel module" sh_lkm="" lkm_inc="" khidemap="/boot/System.map" sh_syscalltable="0x0" # Check whether --enable-khide was given. if test "${enable_khide+set}" = set; then : enableval=$enable_khide; if test "x${enable_khide}" != xno; then kernel_testsupport=`uname -r | sed s,^3.*,LINUX3,` if test "x${kernel_testsupport}" = "xLINUX3"; then as_fn_error $? "The --enable-khide option is not supported on Linux kernel version 3.x or above." "$LINENO" 5 fi if test "x${enableval}" != "xyes"; then khidemap="${enableval}" fi sh_syscalltable=`egrep '(D|d|R|r) sys_call_table' ${khidemap} | awk '{print $1}'` if test x"$sh_syscalltable" = x; then as_fn_error $? "Option --enable-khide cannot be used since the symbol sys_call_table was not found in ${khidemap}." "$LINENO" 5 fi sh_syscalltable="0x${sh_syscalltable}" install_name_len=`echo ${install_name} | awk '{ print(length()); }'` if test "${install_name_len}" -gt 15 ; then as_fn_error $? "If --enable-khide is used, install_name must not exceed a length of 15 chars." "$LINENO" 5 fi $as_echo "#define SH_USE_LKM 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define SH_MAGIC_HIDE "${install_name}" _ACEOF # -- NEW -- kernel_version=`uname -r | sed s,2.6.*,LINUX26,` kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` cat >>confdefs.h <<_ACEOF #define SH_KERNEL_NUMERIC ${kernel_numeric} _ACEOF if test x"$kernel_version" = xLINUX26 then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for modlist_lock" >&5 $as_echo_n "checking for modlist_lock... " >&6; } sh_modlist_lock=`egrep '[bd] modlist_lock$' ${khidemap} | awk '{print $1}'` if test x"$sh_modlist_lock" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else sh_modlist_lock="0x${sh_modlist_lock}" { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${sh_modlist_lock}" >&5 $as_echo "${sh_modlist_lock}" >&6; } cat >>confdefs.h <<_ACEOF #define SH_MODLIST_LOCK ${sh_modlist_lock} _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for module_mutex" >&5 $as_echo_n "checking for module_mutex... " >&6; } sh_modlist_mutex=`egrep '[bd] module_mutex$' ${khidemap} | awk '{print $1}'` if test x"$sh_modlist_mutex" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else sh_modlist_mutex="0x${sh_modlist_mutex}" { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${sh_modlist_mutex}" >&5 $as_echo "${sh_modlist_mutex}" >&6; } cat >>confdefs.h <<_ACEOF #define SH_MODLIST_MUTEX ${sh_modlist_mutex} _ACEOF fi sh_list_modules=`egrep 'd modules$' ${khidemap} | awk '{print $1}'` if test x"$sh_list_modules" = x; then as_fn_error $? "Option --enable-khide cannot be used, since the symbol modules was not found in ${khidemap}." "$LINENO" 5 fi sh_list_modules="0x${sh_list_modules}" cat >>confdefs.h <<_ACEOF #define SH_LIST_MODULES ${sh_list_modules} _ACEOF $as_echo "#define LINUX26 1" >>confdefs.h sh_insmod_cmd="modprobe ${install_name}_hide" sh_lkm="samhain_hide.ko" else sh_insmod_cmd="insmod ${install_name}_hide; insmod ${install_name}_erase; rmmod ${install_name}_erase" sh_lkm="samhain_hide.o samhain_erase.o" fi # -- END NEW -- kvers=`uname -r` if test -f /lib/modules/${kvers}/build/include/linux/kernel.h; then lkm_inc="-I/lib/modules/${kvers}/build/include" else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: /lib/modules/${kvers}/build/include/linux not found" >&5 $as_echo "$as_me: WARNING: --enable-khide: /lib/modules/${kvers}/build/include/linux not found" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: You may need to install the kernel-source" >&5 $as_echo "$as_me: WARNING: --enable-khide: You may need to install the kernel-source" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: headers for the currently-running kernel." >&5 $as_echo "$as_me: WARNING: --enable-khide: headers for the currently-running kernel." >&2;} fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 2.4 vanilla kernel" >&5 $as_echo_n "checking for 2.4 vanilla kernel... " >&6; } sh_is_vanilla_kernel=yes if test -f /lib/modules/${kvers}/build/include/linux/sched.h; then grep 'next_task,' /lib/modules/${kvers}/build/include/linux/sched.h >/dev/null 2>&1 || sh_is_vanilla_kernel=no fi if test x"${sh_is_vanilla_kernel}" = xno; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define SH_VANILLA_KERNEL 1" >>confdefs.h fi fi fi cat >>confdefs.h <<_ACEOF #define XOR_CODE ${xor_code} _ACEOF cat >>confdefs.h <<_ACEOF #define SH_SYSCALLTABLE ${sh_syscalltable} _ACEOF exepack_state0=`${srcdir}/c_random.sh 2>/dev/null` exepack_state1=`${srcdir}/c_random.sh 2>/dev/null` exepack_state2=`${srcdir}/c_random.sh 2>/dev/null` cat >>confdefs.h <<_ACEOF #define EXEPACK_STATE_0 ${exepack_state0} _ACEOF cat >>confdefs.h <<_ACEOF #define EXEPACK_STATE_1 ${exepack_state1} _ACEOF cat >>confdefs.h <<_ACEOF #define EXEPACK_STATE_2 ${exepack_state2} _ACEOF # Check whether --enable-suidcheck was given. if test "${enable_suidcheck+set}" = set; then : enableval=$enable_suidcheck; if test "x${enableval}" = "xyes"; then $as_echo "#define SH_USE_SUIDCHK 1" >>confdefs.h fi fi systemmap="/boot/System.map" sh_libkvm="" # Check whether --with-kcheck was given. if test "${with_kcheck+set}" = set; then : withval=$with_kcheck; if test "x${withval}" != "xno"; then $as_echo "#define SH_USE_KERN 1" >>confdefs.h kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` cat >>confdefs.h <<_ACEOF #define SH_KERNEL_NUMBER ${kernel_numeric} _ACEOF kernelversion=`uname -r` cat >>confdefs.h <<_ACEOF #define SH_KERNEL_VERSION _("${kernelversion}") _ACEOF if test "x${withval}" != "xyes"; then systemmap="${withval}" fi if test "x${cross_compiling}" = xyes; then : elif test "x$selectconfig" = "xfreebsd"; then LIBS="$LIBS -lkvm" sh_libkvm="-lkvm" elif test -f "${systemmap}"; then test_kmap_open=no if test -c /dev/kmem; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether /dev/kmem is useable" >&5 $as_echo_n "checking whether /dev/kmem is useable... " >&6; } dd bs=4 count=16 if=/dev/kmem of=/dev/null >/dev/null 2>&1 if test $? -eq 0; then test_kmap_open=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${test_kmap_open}" >&5 $as_echo "${test_kmap_open}" >&6; } fi if test x"${test_kmap_open}" = xno; then # need kernel module if test -f /lib/modules/${kernelversion}/build/include/linux/kernel.h; then lkm_inc="-I/lib/modules/${kernelversion}/build/include" else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: /lib/modules/${kernelversion}/build/include/linux not found" >&5 $as_echo "$as_me: WARNING: --enable-khide: /lib/modules/${kernelversion}/build/include/linux not found" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: You may need to install the kernel-source" >&5 $as_echo "$as_me: WARNING: --enable-khide: You may need to install the kernel-source" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-khide: headers for the currently-running kernel." >&5 $as_echo "$as_me: WARNING: --enable-khide: headers for the currently-running kernel." >&2;} fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vmlist_lock" >&5 $as_echo_n "checking for vmlist_lock... " >&6; } sh_vmlist_lock=`egrep '[bdBD] vmlist_lock$' ${systemmap} | awk '{print $1}'` if test x"$sh_vmlist_lock" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else sh_vmlist_lock="0x${sh_vmlist_lock}" { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${sh_vmlist_lock}" >&5 $as_echo "${sh_vmlist_lock}" >&6; } cat >>confdefs.h <<_ACEOF #define SH_VMLIST_LOCK ${sh_vmlist_lock} _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vmlist" >&5 $as_echo_n "checking for vmlist... " >&6; } sh_vmlist=`egrep '[bdBD] vmlist$' ${systemmap} | awk '{print $1}'` if test x"$sh_vmlist" = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else sh_vmlist="0x${sh_vmlist}" { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${sh_vmlist}" >&5 $as_echo "${sh_vmlist}" >&6; } cat >>confdefs.h <<_ACEOF #define SH_VMLIST ${sh_vmlist} _ACEOF fi sh_lkm="${sh_lkm} samhain_kmem.ko" sh_insmod_pre="modprobe ${install_name}_kmem" fi else as_fn_error $? "Option --with-kcheck=systemmap cannot be used, because system map ${systemmap} does not exist." "$LINENO" 5 fi fi fi # Check whether --enable-base was given. if test "${enable_base+set}" = set; then : enableval=$enable_base; { $as_echo "$as_me:${as_lineno-$LINENO}: checking base key setting" >&5 $as_echo_n "checking base key setting... " >&6; } my_key_A=`echo ${enableval} | awk 'BEGIN{FS=","}{print $1}'` my_key_B=`echo ${enableval} | awk 'BEGIN{FS=","}{print $2}'` { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 $as_echo "${my_key_A} ${my_key_B}" >&6; } if test "x${my_key_A}" = x; then as_fn_error $? "Option --enable-base=B1,B2 used with invalid first base key (zero length)." "$LINENO" 5 fi if test "x${my_key_B}" = x; then as_fn_error $? "Option --enable-base=B1,B2 used with invalid second base key (zero length)." "$LINENO" 5 fi echo "${my_key_A}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647." "$LINENO" 5 echo "${my_key_B}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647." "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking base key setting .. collecting entropy" >&5 $as_echo_n "checking base key setting .. collecting entropy... " >&6; } my_key_1=`${srcdir}/c_random.sh 2>/dev/null` my_key_2=`${srcdir}/c_random.sh 2>/dev/null` my_key_3=`${srcdir}/c_random.sh 2>/dev/null` my_key_4=`${srcdir}/c_random.sh 2>/dev/null` my_key_A=`expr $my_key_1 \* 32767` my_key_A=`echo ${my_key_A} | sed 's%^0*%%g' 2>/dev/null` my_key_A=`expr $my_key_A \+ $my_key_2` my_key_B=`expr $my_key_3 \* 32767` my_key_B=`echo ${my_key_B} | sed 's%^0*%%g' 2>/dev/null` my_key_B=`expr $my_key_B \+ $my_key_4` { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 $as_echo "${my_key_A} ${my_key_B}" >&6; } fi my_key_1=`expr $my_key_A \% 65536` my_key_2=`expr $my_key_A \/ 65536` my_key_3=`expr $my_key_B \% 65536` my_key_4=`expr $my_key_B \/ 65536` { $as_echo "$as_me:${as_lineno-$LINENO}: checking key position" >&5 $as_echo_n "checking key position... " >&6; } pos_tf_1=`${srcdir}/c_random.sh 2>/dev/null` pos_tf_2=`expr $pos_tf_1 \% 8` pos_tf=`expr $pos_tf_2 + 1` { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${pos_tf}" >&5 $as_echo "${pos_tf}" >&6; } cat >>confdefs.h <<_ACEOF #define POS_TF ${pos_tf} _ACEOF mykeybase=`echo ${my_key_A},${my_key_B}` cat >>confdefs.h <<_ACEOF #define DEFKEY ${mykeybase} _ACEOF # Check whether --with-gpg was given. if test "${with_gpg+set}" = set; then : withval=$with_gpg; if test "x${withval}" != "xno"; then if test "x${cross_compiling}" = xyes; then mygpg="${withval}" else if test -f "${withval}"; then mygpg="${withval}" mychk0=`${withval} --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` if test "x$?" != "x0"; then mychktest=no for sampre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do if test x"${mychktest}" = xyes then : else if test -f ${sampre} then echo "use existing ${sampre} for gpg checksum" mychk0=`${sampre} -H ${withval} 2>/dev/null` if test "x$?" != "x0"; then if test "x${nocl_code}" != "x"; then mychk0=`echo -H ${withval} | ${sampre} ${nocl_code} 2>/dev/null` if test "x$?" != "x0"; then : else mychk="${mychk0}" mychktest=yes fi fi else mychk="${mychk0}" mychktest=yes fi fi fi done if test x${mychktest} = xno; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&5 $as_echo "$as_me: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&2;} echo "-------------------------------------------------------------" echo " Your gpg binary does not support the TIGER192 checksum, " echo " and I cannot find an existing samhain binary to use instead." echo " You can:" echo " (a) run make to compile a samhain binary, then repeat" echo " ./configure and make" echo " (b) ignore the failure. The checksum of the gpg binary" echo " will not get compiled in, thus allowing an attacker" echo " to replace gpg with a trojan and subverting the gpg" echo " signature verification of configure and database files." echo echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" echo "-------------------------------------------------------------" fi else mychk="${mychk0}" fi else as_fn_error $? "--with-gpg: cannot find GnuPG PATH=${withval}" "$LINENO" 5 fi fi $as_echo "#define WITH_GPG 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define DEFAULT_GPG_PATH _("${mygpg}") _ACEOF fi fi # Check whether --with-keyid was given. if test "${with_keyid+set}" = set; then : withval=$with_keyid; if test "x${withval}" != "x"; then echo "${withval}" | awk '{if((length($0)==10)||(length($0)==18)){exit 2}else{exit 0}}' && as_fn_error $? "--with-keyid:${withval} must be \"0x\" + 8|16 hex digits" "$LINENO" 5 echo "${withval}" | grep '[^0][^x][^0123456789ABCDEFabcdef]' >/dev/null 2>&1 && as_fn_error $? "--with-keyid:${withval} must be \"0x\" + 8|16 hex digits" "$LINENO" 5 mykeyid="$withval" mykeytag="--default-key" else mykeyid="" mykeytag="" fi fi # Check whether --with-checksum was given. if test "${with_checksum+set}" = set; then : withval=$with_checksum; if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then if test "x${mychk}" != "x"; then if test "x${mychk}" != "x${withval}"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: possible gpg CHKSUM problem" >&5 $as_echo "$as_me: WARNING: --with-checksum: possible gpg CHKSUM problem" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: CHKSUM=${withval}" >&5 $as_echo "$as_me: WARNING: --with-checksum: CHKSUM=${withval}" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: autodetected=${mychk}" >&5 $as_echo "$as_me: WARNING: --with-checksum: autodetected=${mychk}" >&2;} fi fi mychk="${withval}" else if test "x${mychk}" = "x"; then as_fn_error $? "Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified." "$LINENO" 5 fi fi $as_echo "#define HAVE_GPG_CHECKSUM 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define GPG_HASH _("${mychk}") _ACEOF echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h fi else if test "x${mygpg}" != "x"; then if test "x${mychk}" != "x"; then $as_echo "#define HAVE_GPG_CHECKSUM 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define GPG_HASH _("${mychk}") _ACEOF echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h fi fi fi # Check whether --with-fp was given. if test "${with_fp+set}" = set; then : withval=$with_fp; if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then withval0=`echo ${withval} | sed 's% %%g'` echo "${withval0}" | \ grep '[^0123456789abcdefABCDEF]' >/dev/null 2>&1 && as_fn_error $? "In option --with-fp=FINGERPRINT, there is an invalid character(s) in FINGERPRINT=${withval0}." "$LINENO" 5 sh_len=`echo ${withval0} | wc -c | sed 's% %%g'` sh_len0=`expr ${sh_len} \- 1` if test "x${sh_len0}" = "x40" || test "x${sh_len0}" = "x32" then myfp="${withval0}" $as_echo "#define USE_FINGERPRINT 1" >>confdefs.h cat >>confdefs.h <<_ACEOF #define SH_GPG_FP _("${myfp}") _ACEOF echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h else as_fn_error $? "In option --with-fp=FINGERPRINT, the length (${sh_len0}) of FINGERPRINT ${withval0} is incorrect." "$LINENO" 5 fi else as_fn_error $? "For option --with-fp=FINGERPRINT, FINGERPRINT=yes is invalid, please specify a valid key fingerprint." "$LINENO" 5 fi fi fi # Check whether --with-recipient was given. if test "${with_recipient+set}" = set; then : withval=$with_recipient; withval0=`echo ${withval} | sed 's%,% %g'` for sh_item in ${withval0} do case ${sh_item} in *@localhost) ;; *@*.*) sh_tmp=`echo ${sh_item} | awk '{ if ($1 ~ /^[a-zA-Z0-9][a-zA-Z0-9\-_\.]*@[a-zA-Z0-9\-\.]+\.([a-zA-Z]+|[0-9]+)$/) {print 1; } else { print 0}}'` if test "x${sh_tmp}" != "x1" then as_fn_error $? "Option --with-recipient=ADDR used with invalid mail address ${sh_item}." "$LINENO" 5 fi ;; *) as_fn_error $? "Option --with-recipient=ADDR used with invalid mail address ${sh_item}." "$LINENO" 5 ;; esac done myrcp="$withval0" else myrcp="NULL" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_MAILADDRESS _("${myrcp}") _ACEOF # Check whether --with-sender was given. if test "${with_sender+set}" = set; then : withval=$with_sender; mysender="${withval}" else mysender="daemon" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_SENDER _("${mysender}") _ACEOF # Check whether --with-trusted was given. if test "${with_trusted+set}" = set; then : withval=$with_trusted; sh_tmp_test=no sh_tmp=`echo ${withval} | sed 's%,% %g'` for sh_tmp1 in ${sh_tmp} do echo "${sh_tmp1}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "Option --with-trusted=UID used with non-numeric UID in ${withval}." "$LINENO" 5 if test "x${sh_tmp1}" = "x0" then sh_tmp_test=yes fi done if test "x${sh_tmp_test}" = "xno" then withval="0,${withval}" fi mytrust="${withval}" else mytrust="0" fi cat >>confdefs.h <<_ACEOF #define SL_ALWAYS_TRUSTED ${mytrust} _ACEOF mytmpdir= # Check whether --with-tmp-dir was given. if test "${with_tmp_dir+set}" = set; then : withval=$with_tmp_dir; if test "x${cross_compiling}" = xyes; then mytmpdir="$withval" cat >>confdefs.h <<_ACEOF #define SH_TMPDIR _("${mytmpdir}") _ACEOF else if test -d "${withval}"; then mytmpdir="$withval" cat >>confdefs.h <<_ACEOF #define SH_TMPDIR _("${mytmpdir}") _ACEOF else mytmpdir="$withval" cat >>confdefs.h <<_ACEOF #define SH_TMPDIR _("${mytmpdir}") _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&5 $as_echo "$as_me: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&2;} fi fi fi if test "x${ac_prefix_set}" = xyes then if test "x${exec_prefix}" = xNONE then exec_prefix="${prefix}" fi if test "x${prefix}" = xOPT then tmp_sbindir="/opt/${install_name}/bin" tmp_sysconfdir="/etc/opt" tmp_mandir="/opt/${install_name}/man" tmp_localstatedir="/var/opt/${install_name}" elif test "x${prefix}" = xUSR then tmp_sbindir="/usr/sbin" tmp_sysconfdir="/etc" tmp_mandir="/usr/share/man" tmp_localstatedir="/var" else tmp_sbindir=`eval echo ${sbindir}` tmp_sysconfdir=`eval echo ${sysconfdir}` tmp_mandir=`eval echo ${mandir}` tmp_localstatedir=`eval echo ${localstatedir}` fi else prefix="" if test "x${ac_exec_prefix_set}" = xyes then tmp_sbindir=`eval echo ${sbindir}` else tmp_sbindir="/usr/local/sbin" fi tmp_sysconfdir="/etc" # share/man -> man (FHS) 11.10.2002 tmp_mandir="/usr/local/man" tmp_localstatedir="/var" fi if test "x${ac_sbindir_set}" = xyes then : else sbindir=`eval echo ${tmp_sbindir}` fi if test "x${ac_sysconfdir_set}" = xyes then : else sysconfdir=`eval echo ${tmp_sysconfdir}` fi if test "x${ac_mandir_set}" = xyes then : else mandir=`eval echo ${tmp_mandir}` fi if test "x${ac_localstatedir_set}" = xyes then : else localstatedir=`eval echo ${tmp_localstatedir}` fi # Check whether --with-config-file was given. if test "${with_config_file+set}" = set; then : withval=$with_config_file; myconffile="${withval}" tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` sysconfdir=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` myrpmconffile="${tmp}" else myconffile="${sysconfdir}/${install_name}rc" myrpmconffile="${myconffile}" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_CONFIGFILE _("${myconffile}") _ACEOF # Check whether --with-log-file was given. if test "${with_log_file+set}" = set; then : withval=$with_log_file; mylogfile="$withval" mylogdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` else if test "x${mytclient}" = "x-DSH_WITH_SERVER"; then mylogfile="${localstatedir}/log/${install_name}/${install_name}_log" mylogdir="${localstatedir}/log/${install_name}" else mylogfile="${localstatedir}/log/${install_name}_log" mylogdir="${localstatedir}/log" fi fi cat >>confdefs.h <<_ACEOF #define DEFAULT_ERRFILE _("${mylogfile}") _ACEOF cat >>confdefs.h <<_ACEOF #define DEFAULT_LOGDIR _("${mylogdir}") _ACEOF # Check whether --with-pid-file was given. if test "${with_pid_file+set}" = set; then : withval=$with_pid_file; mylockfile="$withval" mylockdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` else if test -h /var/run && test -d /run; then mylockfile="/run/${install_name}.pid" mylockdir="/run" else mylockfile="${localstatedir}/run/${install_name}.pid" mylockdir="${localstatedir}/run" fi fi cat >>confdefs.h <<_ACEOF #define DEFAULT_ERRLOCK _("${mylockfile}") _ACEOF cat >>confdefs.h <<_ACEOF #define DEFAULT_PIDDIR _("${mylockdir}") _ACEOF # Check whether --with-state-dir was given. if test "${with_state_dir+set}" = set; then : withval=$with_state_dir; mydataroot="$withval" else mydataroot="${localstatedir}/lib/${install_name}" fi # Check whether --with-data-file was given. if test "${with_data_file+set}" = set; then : withval=$with_data_file; mydatafile="$withval" tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` mydataroot=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` myrpmdatafile="${tmp}" if test x"${tmp}" = x then echo "No local path in data file ${withval}" echo "This will not work for initializing the database." if test x"${withval}" = xREQ_FROM_SERVER then echo "It should be REQ_FROM_SERVER/some/local/path" fi as_fn_error $? "Option --with-data-file=FILE used with invalid path ${withval}." "$LINENO" 5 fi else mydatafile="${mydataroot}/${install_name}_file" myrpmdatafile="${mydatafile}" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_DATA_FILE _("${mydatafile}") _ACEOF cat >>confdefs.h <<_ACEOF #define DEFAULT_DATAROOT _("${mydataroot}") _ACEOF cat >>confdefs.h <<_ACEOF #define DEFAULT_QDIR _("${mydataroot}/.quarantine") _ACEOF # Check whether --with-html-file was given. if test "${with_html_file+set}" = set; then : withval=$with_html_file; myhtmlfile="$withval" else myhtmlfile="${mylogdir}/${install_name}.html" fi cat >>confdefs.h <<_ACEOF #define DEFAULT_HTML_FILE _("${myhtmlfile}") _ACEOF mydefargs=$ac_configure_args # if test -z "`echo "$mydefargs" | grep "\-\-enable\-static" 2> /dev/null`" # then # mydefargs="--enable-static $mydefargs" # fi if test -z "`echo "$mydefargs" | grep "\-\-enable\-base" 2> /dev/null`" then mydefargs="--enable-base=${mykeybase} $mydefargs" fi cat >>confdefs.h <<_ACEOF #define SH_INSTALL_DIR _("${sbindir}") _ACEOF cat >>confdefs.h <<_ACEOF #define SH_INSTALL_PATH _("${sbindir}/${install_name}") _ACEOF cat >>confdefs.h <<_ACEOF #define SH_INSTALL_NAME _("${install_name}") _ACEOF ac_config_headers="$ac_config_headers config.h" ac_config_files="$ac_config_files Makefile samhain-install.sh init/samhain.startLSB init/samhain.startLinux init/samhain.startGentoo init/samhain.startFreeBSD init/samhain.startSolaris init/samhain.startHPUX init/samhain.startIRIX init/samhain.startMACOSX samhain.spec rules.deb rules.deb-light hp_ux.psf scripts/logrotate scripts/samhain.spec scripts/redhat_i386.client.spec scripts/samhain.ebuild scripts/samhain.ebuild-light scripts/samhainadmin.pl scripts/yuleadmin.pl scripts/check_samhain.pl deploy.sh" ac_config_commands="$ac_config_commands default" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in #( -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by $as_me, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ config.status configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "samhain-install.sh") CONFIG_FILES="$CONFIG_FILES samhain-install.sh" ;; "init/samhain.startLSB") CONFIG_FILES="$CONFIG_FILES init/samhain.startLSB" ;; "init/samhain.startLinux") CONFIG_FILES="$CONFIG_FILES init/samhain.startLinux" ;; "init/samhain.startGentoo") CONFIG_FILES="$CONFIG_FILES init/samhain.startGentoo" ;; "init/samhain.startFreeBSD") CONFIG_FILES="$CONFIG_FILES init/samhain.startFreeBSD" ;; "init/samhain.startSolaris") CONFIG_FILES="$CONFIG_FILES init/samhain.startSolaris" ;; "init/samhain.startHPUX") CONFIG_FILES="$CONFIG_FILES init/samhain.startHPUX" ;; "init/samhain.startIRIX") CONFIG_FILES="$CONFIG_FILES init/samhain.startIRIX" ;; "init/samhain.startMACOSX") CONFIG_FILES="$CONFIG_FILES init/samhain.startMACOSX" ;; "samhain.spec") CONFIG_FILES="$CONFIG_FILES samhain.spec" ;; "rules.deb") CONFIG_FILES="$CONFIG_FILES rules.deb" ;; "rules.deb-light") CONFIG_FILES="$CONFIG_FILES rules.deb-light" ;; "hp_ux.psf") CONFIG_FILES="$CONFIG_FILES hp_ux.psf" ;; "scripts/logrotate") CONFIG_FILES="$CONFIG_FILES scripts/logrotate" ;; "scripts/samhain.spec") CONFIG_FILES="$CONFIG_FILES scripts/samhain.spec" ;; "scripts/redhat_i386.client.spec") CONFIG_FILES="$CONFIG_FILES scripts/redhat_i386.client.spec" ;; "scripts/samhain.ebuild") CONFIG_FILES="$CONFIG_FILES scripts/samhain.ebuild" ;; "scripts/samhain.ebuild-light") CONFIG_FILES="$CONFIG_FILES scripts/samhain.ebuild-light" ;; "scripts/samhainadmin.pl") CONFIG_FILES="$CONFIG_FILES scripts/samhainadmin.pl" ;; "scripts/yuleadmin.pl") CONFIG_FILES="$CONFIG_FILES scripts/yuleadmin.pl" ;; "scripts/check_samhain.pl") CONFIG_FILES="$CONFIG_FILES scripts/check_samhain.pl" ;; "deploy.sh") CONFIG_FILES="$CONFIG_FILES deploy.sh" ;; "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "default":C) echo timestamp > stamp-h chmod +x samhain-install.sh chmod +x scripts/samhainadmin.pl chmod +x scripts/yuleadmin.pl chmod +x scripts/check_samhain.pl ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi chmod +x deploy.sh if test "x${cross_compiling}" = xyes then echo "--------------------------------------------------------------" echo echo "You are using a cross-compiler. The following system dependent" echo "values may have been set to default values that may be" echo "incorrect for your target system: " echo echo "ac_cv_c_bigendian bigendian byte order ${ac_cv_c_bigendian}" echo "ac_cv_c_long_double long double exists ${ac_cv_c_long_double}" echo "ac_cv_sizeof_char_p size of pointer to char ${ac_cv_sizeof_char_p}" echo "ac_cv_sizeof_char_p size of size_t ${ac_cv_sizeof_size_t}" echo "ac_cv_sizeof_unsigned_int size of unsigned int ${ac_cv_sizeof_unsigned_int}" echo "ac_cv_sizeof_unsigned_long size of unsigned long ${ac_cv_sizeof_unsigned_long}" echo "ac_cv_sizeof_unsigned_short size of unsigned short ${ac_cv_sizeof_unsigned_short}" echo echo "If these values are incorrect, change them in the file " echo "config.cache and run configure again." echo echo "--------------------------------------------------------------" fi if test x${silent} != xyes then # A=`eval echo ${sbindir}` ; A=`eval echo ${A}` # B=`eval echo ${myconffile}` ; B=`eval echo ${B}` # C=`eval echo ${mandir}` ; C=`eval echo ${C}` # D=`eval echo ${mylockfile}` ; D=`eval echo ${D}` # E=`eval echo ${mylogfile}` ; E=`eval echo ${E}` # F=`eval echo ${mydataroot}` ; F=`eval echo ${F}` echo echo " samhain has been configured as follows:" echo " System binaries: ${sbindir}" echo " Configuration file: ${myconffile}" echo " Manual pages: ${mandir}" echo " Data: ${mydataroot}" echo " PID file: ${mylockfile}" echo " Log file: ${mylogfile}" echo " Base key: ${mykeybase}" if test x"$mykeyid" != x then echo " target GPG/PGP key: ${mykeyid}" fi echo if test x"$mytclient" = x"-DSH_WITH_SERVER" then echo " Selected rc file: yulerc" else echo " Selected rc file: samhainrc.${selectconfig}" fi fi samhain-3.1.0/deploy.sh.in0000644000175000017500000007406011477226706012334 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # #VERSION2.0 # ----------------------------------------------------------------------- # Be Bourne compatible # ----------------------------------------------------------------------- if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi # ----------------------------------------------------------------------- # Make sure we support functions (from the autoconf manual) # ----------------------------------------------------------------------- SHELL="${SHELL-/bin/sh}" if test x"$1" = "x--re-executed" then shift elif "$SHELL" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null then : else for cmd in sh bash ash bsh ksh zsh sh5; do X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb"; OLD_IFS=${IFS} IFS=':'; export IFS for dir in $X; do shell="$dir/$cmd" if (test -f "$shell" || test -f "$shell.exe") then if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' 2>/dev/null then SHELL="$shell"; export SHELL IFS=${OLD_IFS}; export IFS exec "$shell" "$0" --re-executed ${1+"$@"} fi fi done IFS=${OLD_IFS}; export IFS done echo "-----------------------------------------------------------------" echo "ERROR: Unable to locate a shell interpreter with function support" >&2 echo "-----------------------------------------------------------------" { (exit 1); exit 1; } fi # ----------------------------------------------------------------------- # Test for 'echo -n' # ----------------------------------------------------------------------- case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,* ) ECHO_N=-n ECHO_C= ;; *) ECHO_N= ECHO_C='\c' ;; esac as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ######################################################################### # # Configuration section # ######################################################################### # ----------------------------------------------------------------------- # The following part will be cut and saved to ~/.deploy.conf # ----------------------------------------------------------------------- #__BEGIN_CUT__ ######################################################################### # # This file is sourced by a Bourne shell script. # Thus you need to take care of proper shell syntax. # ######################################################################### # if you need, you can expand your PATH environment variable here # just uncomment and replace /opt/contrib/bin with whatever you need # # PATH="/opt/contrib/bin:${PATH}"; export PATH # the base directory of the deployment system # CLI option: --basedir=... # defbasedir="@mydataroot@/profiles" # the name of the database of installed clients # no CLI option # defdatabase="yulerc.install.db" # be quiet; 0 = false, 1 = true, 2 = very quiet # CLI option: --quiet | --quiet=2 # silent=0; # assume yes as answer to all prompts and run non-interactively # 0 = false, 1 = true # CLI option: --yes # assumeyes=0; # which 'dialog' to use (e.g. "Xdialog") # "no" for plain text; empty ("") lets the program search for dialog # CLI option: --dialog=... # prefdialog="" # operating system; no default # CLI option: --arch=... # arch="" # Format for binary packages (run | deb | rpm | tbz2 | solaris-pkg | depot) # CLI option: --format=... # format="" # logfile; default is none # CLI option: --logfile=... # logfile="" # The path to the yule (samhain server) executable. # CLI option: --yule_exec=... # yule_exec="@sbindir@/yule" # The path to the yule (samhain server) configuration file. # CLI option: --yule_conf=... # yule_conf="@sysconfdir@/yulerc" # The path to the data directory of yule (samhain server). # This is the directory where client configuration/database files # are stored. # CLI option: --yule_data=... # yule_data="@mydataroot@" # The temporary directory to use. Default is '/tmp', but some # sites may mount this 'noexec'. # temp_dir="/tmp" #__END_CUT__ # ----------------------------------------------------------------------- # Write configuration file to user home directory/Read configuration file # ----------------------------------------------------------------------- if test -f ~/.deploy.conf then . ~/.deploy.conf else # # From the autoconf configure script - search ourselves # case $0 in *[\\/]* ) as_myself=$0 ;; *) old_IFS=$IFS; IFS=: for as_dir in $PATH do IFS=$old_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then { echo "ERROR: cannot find myself; rerun with an absolute path" >&2 { (exit 1); exit 1; }; } fi cat "$as_myself" | sed -n -e '/^#__BEGIN_CUT__/,/^#__END_CUT__/ p ' >~/.deploy.conf && { echo echo "-----------------------------------------------------" echo " Configuration file ~/.deploy.conf created" echo " You may want to edit it to adapt it to your needs" echo "-----------------------------------------------------" echo } fi export silent export assumeyes export arch export logfile export format export yule_exec export yule_conf export yule_data export temp_dir # dialog # DIALOG="${prefdialog}"; export DIALOG # base directory # basedir="$defbasedir"; export basedir # simulate only; 0 = false, 1 = true # simulate=0; export simulate # version # version=2.0; export version # host; no default # host= export host # hostgroup; empty default # hostgroup= export hostgroup # action; no default # action= export action # the 'log.lastrun' logfile # logOpen=0 export logOpen # source version; default = current # src_version="" export src_version # checksrc; do you want to delete if PGP signature check fails ? # cs_delete=0 export cs_delete # build; do you want to pack the executable ? # bd_packed='' export bd_packed bd_user='root' export bd_user # addpath # bd_addpath="" export bd_addpath # Install; do you want to initialize the database ? # is_init=y export is_init # Install; do you want to replace the rc.host file ? # is_rcfile=y export is_rcfile # Install; do you want to start the client ? # is_startup=y export is_startup # Install; optional local command ? # local_command=""; export local_command # Info on packages ? # showpkg=n export showpkg ######################################################################### # # Help Subroutines # ######################################################################### # ----------------------------------------------------------------------- # We cannot source these, because we don't know yet the base directory # ----------------------------------------------------------------------- showUNINSTALL() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] uninstall" echo echo "Uninstall the samhain client from the specified host. Can only be" echo "used if the client has been installed with deploy.sh version 2." echo echo "Options:" echo echo " --host= The host where you want to uninstall." echo " --tmpdir= Temporary directory to use on the this host." echo { (exit 0); exit 0; } } showINFO() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] info" echo echo "Show info for hosts in client database (default), or for available" echo "binary installer packages." echo echo "Options:" echo echo " --packages Show info on packages." echo { (exit 0); exit 0; } } showCLEAN() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] clean" echo echo "Remove all files that are no longer needed:" echo " - Source tarballs in ${basedir}/source" echo " - Unused installer packages in ${basedir}/archpkg" echo { (exit 0); exit 0; } } showCHECKSRC() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] checksrc" echo echo "Check PGP signatures of source tarballs in the source/ subdirectory" echo "of the deploy system." echo "You must have gpg (GnuPG) in your PATH, and you should have imported" echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." echo "To import the key, simply execute the command" echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" echo echo "Options:" echo echo " --delete Delete source tarballs if PGP signature" echo " cannot be verified." echo { (exit 0); exit 0; } } showDOWNLOAD() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] download" echo echo "Download a samhain source tarball from http://www.la-samhna.de," echo "check its PGP signature, and install it into the source/ subdirectory" echo "of the deploy system." echo "You must have gpg (GnuPG) in your PATH, and you should have imported" echo "the samhain release PGP key (Key ID 0F571F6C, Rainer Wichmann)." echo "To import the key, simply execute the command" echo "\"gpg --keyserver blackhole.pca.dfn.de --recv-keys 0F571F6C\"" echo echo "Options:" echo echo " --version= Version of samhain to download. The" echo " default is \"current\" to download the current version." echo { (exit 0); exit 0; } } showBUILD() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] build" echo echo "Copy a source tarball to a build machine, build a binary package, and fetch" echo "the package. Will bail out if not running under ssh-agent. If you are sure" echo "that you don't need ssh-agent, set the environment variable SSH_AGENT_PID" echo "to some arbitrary string before launching the deploy.sh command." echo echo "Options:" echo echo " --host= The build host." echo " --arch= The architecture/operating system to build for." echo " This is used to get the \"./configure\" options from the file" echo " \${basedir}/configs/\${arch}.configure." echo " --version= The version of samhain you want to build." echo " --format=" echo " The format of the package. \"run\" is a portable tar" echo " package, \"deb\" is for Debian, \"tbz2\" for Gentoo," echo " \"rpm\" for any RPM-based Linux, \"solaris-pkg\"" echo " for Sun Solaris, and \"depot\" for HP-UX" echo " --packed= The client password, if you want to" echo " create a packed executable. Defaults to empty (don't pack)" echo " --user= Login as to the build host (root)." echo " --add-path= Append 'path' to the PATH variable on the build host." echo " --tmpdir= Temporary directory to use on the build host." { (exit 0); exit 0; } } showINSTALL() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] install" echo echo "Copy a pre-built binary installer package to a remote host, stop the client" echo "running there (if any), install the (new) client, optionally initialize" echo "the file signature database and fetch it from the remote host, update" echo "the server configuration file and reload the server." echo echo "Options:" echo echo " --host= The host where you want to install." echo " --group= Optional group the host belongs to." echo " --arch= The architecture/operating system of this host." echo " This is used to get the correct binary package." echo " --version= The version of samhain you want to install." echo " --format=" echo " The format of the binary package." echo " --yule_exec= The path to the 'yule' executable." echo " --yule_conf= The path to the 'yule' configuration file." echo " --yule_data= The path to the 'yule' data directory." echo " --no-init Do not initialize the file signature database." echo " --no-rcfile Do not replace the rc.host file on server." echo " --no-start Do not start the client after installation." echo " --local= Local command (executed twice: " echo " after config installation and before client startup)." echo " --tmpdir= Temporary directory to use on the this host." { (exit 0); exit 0; } } showUSAGE() { echo "deploy.sh $version" echo "USAGE: deploy.sh [options] command" echo echo "Commands: info | clean | download | checksrc | build | install | uninstall" echo echo "Options:" echo " -h | --help Print general usage information." echo " -h | --help Print usage information for \"command\"." echo " --basedir= Set the basedir for the deployment system." echo " The default is ${defbasedir}." echo " -q | --quiet Produce output suitable for logging." echo " You can also use -q=# to set the quiet level up to" echo " a maximum of 2. Note that -q=2 implies --yes (see below)." echo " -s | --simulate Perform a simulation of events that" echo " would occur but do not actually change the system." echo " -y | --yes Assume "yes" as answer to" echo " all prompts and run non-interactively." echo " -o | --logfile=" echo " Specify an output file for messages that would go to stdout" echo " otherwise. Has no effect on stderr (error messages)." echo " -d | --dialog= Specify your preferred \"dialog\"" echo " clone (e.g. Xdialog). Use \"no\" to force plain text." if test x"$1" = x then { (exit 0); exit 0; } else { (exit $1); exit $1; } fi } ######################################################################### # # Command line # ######################################################################### for option do # If the previous option needs an argument, assign it. # if test -n "$opt_prev"; then eval "$opt_prev=\$option" eval export "$opt_prev" opt_prev= continue fi case "$option" in -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac case "$option" in # Info --packages | -packages) showpkg=y; export showpkg; ;; # Install --yule_exec | -yule_exec | --yule-exec | -yule-exec) opt_prev=yule_exec ;; --yule_exec=* | -yule_exec=* | --yule-exec=* | -yule-exec=*) yule_exec="$optarg"; export yule_exec ;; --yule_conf | -yule_conf | --yule-conf | -yule-conf) opt_prev=yule_conf ;; --yule_conf=* | -yule_conf=* | --yule-conf=* | -yule-conf=*) yule_conf="$optarg"; export yule_conf ;; --yule_data | -yule_data | --yule-data | -yule-data) opt_prev=yule_data ;; --yule_data=* | -yule_data=* | --yule-data=* | -yule-data=*) yule_data="$optarg"; export yule_data ;; --no-init | -no-init) is_init=n; export is_init ;; --no-rcfile | -no-rcfile) is_rcfile=n; export is_rcfile ;; --no-start | -no-start) is_startup=n; export is_startup ;; --local | -local) opt_prev=local_command ;; --local=* | -local=*) local_command="$optarg"; export local_command ;; --group | -group) opt_prev=hostgroup ;; --group=* | -group=*) hostgroup="$optarg"; export hostgroup ;; # Build --format | -format) opt_prev=format ;; --format=* | -format=*) format="$optarg"; export format ;; --packed | --pack | -packed | -pack) opt_prev=bd_packed ;; --packed=* | -packed=*) bd_packed="$optarg"; export bd_packed ;; --user | -user) opt_prev=bd_user ;; --user=* | -user=*) bd_user="$optarg"; export bd_user ;; --add-path | -add-path | --addpath | -addpath) opt_prev=bd_addpath ;; --add-path=* | -add-path=* | --addpath=* | -addpath=*) bd_addpath="$optarg"; export bd_addpath ;; # Checksource --delete | -delete) cs_delete=1; export cs_delete ;; # Download --version | -version) opt_prev=src_version ;; --version=* | -version=*) src_version="$optarg"; export src_version ;; # Generic --basedir | -basedir) opt_prev=basedir ;; --basedir=* | -basedir=*) basedir="$optarg"; export basedir ;; --host | -host) opt_prev=host ;; --host=* | -host=*) host="$optarg"; export host ;; --arch | -arch) opt_prev=arch ;; --arch=* | -arch=*) arch="$optarg"; export arch ;; --tmpdir | -tmpdir) opt_prev=temp_dir ;; --tmpdir=* | -tmpdir=*) temp_dir="$optarg"; export temp_dir ;; -o | --logfile | -logfile) opt_prev=logfile ;; -o=* | --logfile=* | -logfile=*) logfile="$optarg"; export logfile ;; -h | --h | --help | -help | help) if test $# -gt 1 then if test x"$2" = xdownload then showDOWNLOAD elif test x"$2" = xinfo then showINFO elif test x"$2" = xchecksrc then showCHECKSRC elif test x"$2" = xclean then showCLEAN elif test x"$2" = xbuild then showBUILD elif test x"$2" = xinstall then showINSTALL elif test x"$2" = xuninstall then showUNINSTALL else showUSAGE 1 fi fi showUSAGE ;; -q | --quiet | -quiet | --silent | -silent) if test x"$silent" = x0 then silent=1; export silent else silent=2; export silent fi ;; -q=* | --quiet=* | --silent=* | -silent=*) silent="$optarg"; export silent ;; -s | --simulate | -simulate | --dry-run | -dry-run | --recon | -recon | --just-print | -just-print | --no-act | -no-act) simulate=1; export simulate ;; -y | --yes | -yes) assumeyes=1; export assumeyes ;; -d | --dialog | -dialog) opt_prev=DIALOG ;; -d=* | --dialog=* | -dialog=*) DIALOG="$optarg"; export DIALOG ;; -*) showUSAGE 1 ;; clean | download | checksrc | build | install | info | uninstall) action="$option"; export action break ;; esac done ######################################################################### # # Subroutines # ######################################################################### # ----------------------------------------------------------------------- # Printing/logging Subroutines # ----------------------------------------------------------------------- . ${basedir}/libexec/funcPRINT # ----------------------------------------------------------------------- # Interaction Subroutines # ----------------------------------------------------------------------- . ${basedir}/libexec/funcDIALOG # ----------------------------------------------------------------------- # Setup test Subroutines # ----------------------------------------------------------------------- . ${basedir}/libexec/funcSETUP # ----------------------------------------------------------------------- # Subroutines for determining existence of / path to executables # ----------------------------------------------------------------------- . ${basedir}/libexec/funcEXE # ----------------------------------------------------------------------- # Subroutines for building # ----------------------------------------------------------------------- . ${basedir}/libexec/funcBUILD # ----------------------------------------------------------------------- # Subroutines for installing # ----------------------------------------------------------------------- . ${basedir}/libexec/funcINSTALL # ----------------------------------------------------------------------- # Subroutines for client database # ----------------------------------------------------------------------- . ${basedir}/libexec/funcDB # ----------------------------------------------------------------------- # Subroutine for the 'download' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comDOWNLOAD # ----------------------------------------------------------------------- # Subroutine for the 'checksrc' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comCHECKSRC # ----------------------------------------------------------------------- # Subroutine for the 'clean' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comCLEAN # ----------------------------------------------------------------------- # Subroutine for the 'build' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comBUILD # ----------------------------------------------------------------------- # Subroutine for the 'install' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comINSTALL # ----------------------------------------------------------------------- # Subroutine for the 'install' command # ----------------------------------------------------------------------- . ${basedir}/libexec/comUNINSTALL ######################################################################### # # Main # ######################################################################### main_exit_status=0 tmpdir= # Find a dialog clone # findDIALOG # Check for basedir and tmpdir # testSETUP1 # Logfile setup # exec 5>${basedir}/tmp/logfile.lastrun now=`date` echo "$now: $0 " ${1+"$@"} >&5 lastlog="${basedir}/tmp/logfile.lastrun"; export lastlog logOpen=1 # Temporary directory/file setup # tmpD="$tmpdir/build.gui.$$" mkdir "$tmpD" || printFATAL "Cannot create temporary directory $tmpD" export tmpD tmpF="$tmpD/tmpF.$$" touch $tmpF || printFATAL "Cannot create temporary file $tmpF" export tmpF tmpERR="$tmpD/tmpERR.$$" echo '0' > $tmpERR || printFATAL "Cannot create temporary file $tmpERR" export tmpERR # Trap exit and cleanup # trap "exit_status=$?; rm -rf $tmpD; exit ${exit_status};" 0 trap "(exit 1); exit 1;" 1 2 13 15 # Check for action to perform, and host, if required # testSETUP2 if test x"$action" = xdownload then if test x"$src_version" = x then src_version="current"; export src_version fi #--------------------------------------------------------------------- # Vodoo code to tee both stdout and stderr, but keep them seperate. #--------------------------------------------------------------------- if test x"$DIALOG" = x then ((commandDOWNLOAD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandDOWNLOAD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version DOWNLOAD logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi elif test x"$action" = xinfo then if test x"${showpkg}" = xn then if test x"$DIALOG" = x then ((dbSHOWHOSTS "${host}" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else dbSHOWHOSTS "${host}" 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version INFO logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi else if test x"$DIALOG" = x then ((dbSHOWPKG show | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else dbSHOWPKG show 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version INFO logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi fi elif test x"$action" = xchecksrc then if test x"$DIALOG" = x then ((commandCHECKSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandCHECKSRC 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version CHECKSRC logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi elif test x"$action" = xclean then if test x"$DIALOG" = x then ((commandCLEAN | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandCLEAN 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version CLEAN logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi elif test x"$action" = xbuild then #--------------------------------------------------------------------- # Make sure we are running under ssh-agent. #--------------------------------------------------------------------- if test x"$SSH_AGENT_PID" = x then if test x"$assumeyes" = x1 then printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." else promptYESNO "Not running under ssh-agent, continue anyway" "no" test "x$YESNO" = xn && { (exit 0; ); exit 0; } fi fi #--------------------------------------------------------------------- # Setup. #--------------------------------------------------------------------- selBVERSION selBARCH selBFORMAT if test x"$DIALOG" = x then ((commandBUILD | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandBUILD 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version BUILD logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi elif test x"$action" = xinstall then needEXE ssh scp ssh-agent #--------------------------------------------------------------------- # Make sure we are running under ssh-agent. #--------------------------------------------------------------------- if test x"$SSH_AGENT_PID" = x then if test x"$assumeyes" = x1 then printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." else promptYESNO "Not running under ssh-agent, continue anyway" "no" test "x$YESNO" = xn && { (exit 0; ); exit 0; } fi fi #--------------------------------------------------------------------- # Setup. #--------------------------------------------------------------------- is_root=`id -u 2>/dev/null` if test "x$?" = x0 && test "x${is_root}" != x0 then promptYESNO "You are not root, continue anyway" "no" test "x$YESNO" = xn && { (exit 0; ); exit 0; } else is_root=0 fi pathYULE pathYDATA selbinARCH selbinVERSION if test "x${is_init}" = xy then promptYESNO "Initialize database" "yes" is_init=$YESNO fi if test "x${is_rcfile}" = xy then promptYESNO "Replace rc.host file on server" "yes" is_rcfile=$YESNO fi if test "x${is_startup}" = xy then promptYESNO "Start client after installation" "yes" is_startup=$YESNO fi if test -f "${yule_conf}" then : else promptINPUT "Please enter the path to the yule configuration file" yule_conf="$INPUT"; export yule_conf if test -f "${yule_conf}" then : else printFATAL "Cannot find ${yule_conf}" fi fi if test x"$DIALOG" = x then ((commandINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version INSTALL logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi elif test x"$action" = xuninstall then needEXE ssh scp ssh-agent #--------------------------------------------------------------------- # Make sure we are running under ssh-agent. #--------------------------------------------------------------------- if test x"$SSH_AGENT_PID" = x then if test x"$assumeyes" = x1 then printFATAL "Not running under ssh-agent, and not running interactive: cannot continue." else promptYESNO "Not running under ssh-agent, continue anyway" "no" test "x$YESNO" = xn && { (exit 0; ); exit 0; } fi fi #--------------------------------------------------------------------- # Setup. #--------------------------------------------------------------------- dbINFO "$host" if test x"$?" = x0 then if test x"${DB_status}" = "xD2_installed" then : else if test x"${DB_status}" = "xD2_removed" then promptYESNO "Already uninstalled on host $host, continue" "no" test "x$YESNO" = xn && { (exit 0; ); exit 0; } else printFATAL "No deploy version 2 installation on host $host: ${DB_status}" fi fi else printFATAL "Cannot uninstall on host $host" fi if test x"$DIALOG" = x then ((commandUNINSTALL | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 else commandUNINSTALL 2>&1 | tee -a "$lastlog" >/dev/null | $DIALOG \ --title "deploy.sh $version UNINSTALL logfile" \ --backtitle "Logfile: $lastlog" \ --tailbox "$lastlog" 19 75 fi fi if test x"${main_exit_status}" = x0 then test -f "$tmpERR" && main_exit_status=`cat "$tmpERR" | tr -d '\n'` fi (exit ${main_exit_status}); exit ${main_exit_status}; samhain-3.1.0/hp_ux.psf.in0000644000175000017500000000356611001354416012323 00000000000000# PSF depot layout_version 1.0 # Product definition: product tag @install_name@ revision @VERSION@ is_patch false title @install_name@ Client description "Client for the @install_name@ system" machine_type * os_name HP-UX os_release ?.11.* os_version ? directory / is_locatable false # Dummy for configure warning # datarootdir = @datarootdir@ # Specify a checkremove script that executes during the # swremove analysis phase. (This script prevents the # removal of the SD product and returns an ERROR. # checkremove scripts/checkremove.sd configure ./sc/configure unconfigure ./sc/unconfigure preremove ./sc/preremove # Fileset definitions: fileset tag basic title Core system revision @VERSION@ file_permissions -m 0700 -o root -g sys # # Files: # directory ./sbin/init.d=/sbin/init.d file -m 0555 -o bin -g bin @install_name@ # directory .@prefix@=@prefix@ file -m 0555 -o bin -g bin . # directory .@sysconfdir@=@sysconfdir@ file -v -m 0600 @install_name@rc file -m 0555 -o bin -g bin . # directory .@sbindir@=@sbindir@ file * file -m 0555 -o bin -g bin . file -m 0750 -o bin -g bin @install_name@ # directory .@mydataroot@=@mydataroot@ file -m 0555 -o bin -g bin . # directory .@mylogdir@=@mylogdir@ file -m 0755 -o adm -g adm . # directory .@mylockdir@=@mylockdir@ file -m 0555 -o bin -g bin . end # Manpage fileset definitions: #fileset # tag man # title Manual pages for samhain # revision 2.05 # directory .@mandir@/man8=@mandir@/man8 # file * # directory .@mandir@/man5=@mandir@/man5 # file * #end #man end # samhain-3.1.0/missing0000755000175000017500000001420210132006064011442 00000000000000#! /bin/sh # Common stub for a few missing GNU programs while installing. # Copyright (C) 1996, 1997 Free Software Foundation, Inc. # Franc,ois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi case "$1" in -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file yacc create \`y.tab.[ch]', if possible, from existing .[ch]" ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing - GNU libit 0.0" ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; aclocal) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acinclude.m4' or \`configure.ac'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`configure.ac'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acconfig.h' or \`configure.ac'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER([^):]*:\([^)]*\)).*/\1/p' configure.ac` if test -z "$files"; then files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^):]*\)).*/\1/p' configure.ac` test -z "$files" || files="$files.in" else files=`echo "$files" | sed -e 's/:/ /g'` fi test -z "$files" && files="config.h.in" touch $files ;; automake) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`configure.ac'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print \ | sed 's/^\(.*\).am$/touch \1.in/' \ | sh ;; bison|yacc) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.h fi ;; esac fi if [ ! -f y.tab.h ]; then echo >y.tab.h fi if [ ! -f y.tab.c ]; then echo 'main() { return 0; }' >y.tab.c fi ;; lex|flex) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if [ ! -f lex.yy.c ]; then echo 'main() { return 0; }' >lex.yy.c fi ;; makeinfo) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` fi touch $file ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and you do not seem to have it handy on your system. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequirements for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 samhain-3.1.0/dsys/0000755000175000017500000000000011477223742011127 500000000000000samhain-3.1.0/dsys/funcDIALOG0000644000175000017500000001415610414541043012577 00000000000000######################################################################### # # Interaction Subroutines # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # print without newline # printASK() { echo $ECHO_N "$@ $ECHO_C" } # find a 'dialog' program # findDIALOG() { if test x"$DIALOG" = xno then DIALOG=""; return 0 elif test -n "$DIALOG" then return 0 fi PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH X="$PATH" progs="dialog"; OLD_IFS=${IFS} IFS=':'; export IFS for dir in $X; do for dia in $progs; do dialog="$dir/$dia" if (test -f "$dialog" || test -f "$dialog.exe") then if "$dialog" 2>&1 | grep tailbox >/dev/null 2>&1 then IFS=${OLD_IFS}; export IFS DIALOG="$dialog"; export DIALOG return 0 fi fi done done IFS=${OLD_IFS}; export IFS DIALOG=""; export DIALOG } # prompt user for yes/no # promptYESNO() { if test $# -lt 1 then printFATAL "promptYESNO: insufficient arguments" fi if test $silent -gt 1 then YESNO=y; export YESNO return 0 fi DEFAULT="" case "$2" in [yY]|[yY][eE][sS]) DEFAULT=y ;; [nN]|[nN][oO]) DEFAULT=n ;; esac YESNO="" if test -n "$DIALOG" then if test x"$assumeyes" = x1 then YESNO="$DEFAULT"; export YESNO return 0 fi "$DIALOG" --title "deploy.sh $version" --yesno "$1" 10 75 2>"$tmpF" mtest=$? if test x"$mtest" = "x-1" then printFATAL "promptYESNO: something went wrong" elif test x"$mtest" = x0 then YESNO=y else YESNO=n fi else while : do if test x"$DEFAULT" = xy then printASK "$1 (Y/n) ?" elif test x"$DEFAULT" = xn then printASK "$1 (N/y) ?" else printASK "$1 (y/n) ?" fi if test x"$assumeyes" = x1 then YESNO="$DEFAULT"; export YESNO echo "$DEFAULT" return 0 fi read YESNO if test -z "$YESNO" then YESNO="$DEFAULT" fi case "$YESNO" in [yY]|[yY][eE][sS]) YESNO=y; break ;; [nN]|[nN][oO]) YESNO=n; break ;; *) YESNO="" ;; esac done fi export YESNO return 0 } # get user input from tmp file # getINPUT() { INPUT=`cat $tmpF` export INPUT return 0 } # info box # promptINFO() { if test $# -lt 1 then printFATAL "promptINPUT: insufficient arguments" fi if test x"$silent" != x0 then return 0 fi if test -n "$DIALOG" then "$DIALOG" --title "deploy.sh $version" --sleep 2 --infobox "$1" 8 75 else echo $1 fi return 0 } # prompt user for input # promptINPUT() { if test $# -lt 1 then printFATAL "promptINPUT: insufficient arguments" fi if test $assumeyes -gt 0 then printFATAL "promptINPUT: user interaction required" fi INPUT="" DEFAULT="$2" if test -n "$DIALOG" then "$DIALOG" --title "deploy.sh $version" --inputbox "$1" 16 75 "$2" 2>"$tmpF" mtest=$? if test x"$mtest" = "x1" then # cancel button (exit 0); exit 0; fi if test x"$mtest" = "x-1" then printFATAL "promptINPUT: something went wrong" else getINPUT fi else while : do if test -z "$DEFAULT" then printASK "$1 ?" else printASK "$1 ? $DEFAULT" fi read INPUT if test -z "$INPUT" then if test -n "$DEFAULT" then locINPUT="$DEFAULT" break fi elif test -n "$INPUT" then break fi done export INPUT fi return 0 } # get MENU from tmp file # getMENU() { MENU=`cat $tmpF` export MENU return 0 } # prompt user for options from menu # promptMENU() { if test $# -lt 2 then printFATAL "promptMENU: insufficient arguments" fi if test $assumeyes -gt 0 then printFATAL "promptMENU: user interaction required" fi TITLE="$1" shift if test -n "$DIALOG" then #command="'$DIALOG' '--title' \\'deploy.sh $version\\' '--backtitle'" #command="$command \'$TITLE\' '--menu' \'$TITLE\' '16' '75' '$#'" argc=$# if test $argc -gt 7 then argc=7 fi command="'$1' '' 'on'" shift for item do command="$command '$item' '' 'off'" done command="$command " # printFATAL "$command" eval $DIALOG '--title' \'deploy.sh $version\' '--backtitle' \'$TITLE\' '--radiolist' \'$TITLE\' '16' '75' $argc $command 2>"$tmpF" mtest=$? if test x"$mtest" = "x1" then # cancel button (exit 0); exit 0; fi if test x"$mtest" = "x-1"; then printFATAL "promptMENU: something went wrong" else getMENU fi else MENU="" INPUT="" while : do clear echo echo "$TITLE" echo echo " 1) $1" test -n "$2" && echo " 2) $2" test -n "$3" && echo " 3) $3" test -n "$4" && echo " 4) $4" test -n "$5" && echo " 5) $5" test -n "$6" && echo " 6) $6" test -n "$7" && echo " 7) $7" test -n "$8" && echo " 8) $8" test -n "$9" && echo " 9) $9" echo printASK "Please enter your choice: " read INPUT if echo "$INPUT" | grep '[^0123456789]' >/dev/null 2>&1 then : elif test $INPUT -gt $# then : else break fi done case "$INPUT" in 1) MENU="$1"; break ;; 2) MENU="$2"; break ;; 3) MENU="$3"; break ;; 4) MENU="$4"; break ;; 5) MENU="$5"; break ;; 6) MENU="$6"; break ;; 7) MENU="$7"; break ;; 8) MENU="$8"; break ;; 9) MENU="$9"; break ;; esac export MENU fi return 0 } samhain-3.1.0/dsys/comINSTALL0000644000175000017500000005725211477223620012605 00000000000000######################################################################### # # Subroutine for the 'install' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandINSTALL() { printINFO "About to run \"$action\" on host \"$host\"" # # configuration options we should know about # is_packed=0 is_nocl="start" is_xor="no" if test -f "${basedir}/configs/${arch}.configure" then : else printFATAL "Configure options ${basedir}/configs/${arch}.configure missing." fi if test -f "${basedir}/configs/${arch}.samhainrc" then : else printFATAL "Configuration file ${basedir}/configs/${arch}.samhainrc missing." fi realformat=`echo $format | sed s,solaris-,,`; export realformat if test -f "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" then : else printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} does not exist." fi if test -f "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" then : else printFATAL "Binary package OS: ${arch}, version: ${src_version}, format ${format} is incomplete and cannot be installed." fi if test -f "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" then printINFO "Binary package OS: ${arch}, version: ${src_version}, format ${format} is packed." is_packed=1 is_passwd=`cat "${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" | tr -d '\n'` else is_passwd=`eval "${yule_exec}" -G` if test x$? != x0 then printFATAL "Could not generate password. Is yule in your PATH ?" fi fi if test -f "${basedir}/configs/${arch}.preinstall" then cp "${basedir}/configs/${arch}.preinstall" "${tmpD}/preinstall" || \ printFATAL "Could not copy ${basedir}/configs/${arch}.preinstall to ${tmpD}/preinstall" is_preinstall_full="${tmpD}/preinstall" else is_preinstall_full="${basedir}/libexec/preinstall" fi if test -f "${basedir}/configs/${arch}.postinstall" then cp "${basedir}/configs/${arch}.postinstall" "${tmpD}/postinstall" || \ printFATAL "Could not copy ${basedir}/configs/${arch}.postinstall to ${tmpD}/postinstall" is_postinstall_full="${tmpD}/postinstall" else is_postinstall_full="${basedir}/libexec/postinstall" fi if test -f "${basedir}/configs/${arch}.initscript" then cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" is_initscript_full="${tmpD}/initscript" else is_initscript_full="${basedir}/libexec/initscript" fi #--------------------------------------------------------------------- # Get important configuration options. #--------------------------------------------------------------------- getconfopts "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" || printFATAL "Could not check config file ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" #--------------------------------------------------------------------- # Prepare the configuration file #--------------------------------------------------------------------- if test -f "${basedir}/hosts/${host}/${arch}.samhainrc" then hostconfig="${basedir}/hosts/${host}/${arch}.samhainrc" elif test -f "${basedir}/hosts/${host}/samhainrc" then hostconfig="${basedir}/hosts/${host}/samhainrc" else hostconfig="${basedir}/configs/${arch}.samhainrc" fi test -f "${hostconfig}" || printFATAL "Configuration file ${hostconfig} missing." # Handle the '--enable-stealth' option # if test x"${is_xor}" = xno then : else test -f "${basedir}/private/stealth_template.ps" || \ printFATAL "${basedir}/private/stealth_template.ps not available." ${basedir}/libexec/samhain_stealth -o "${hostconfig}" >/dev/null ||\ printFATAL "Problem reading ${hostconfig}". ccount=`${basedir}/libexec/samhain_stealth -o "${hostconfig}" 2>&1 | awk '{ print $1 }'` ${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" >/dev/null || \ printFATAL "Problem reading ${basedir}/private/stealth_template.ps" mcount=`${basedir}/libexec/samhain_stealth -i "${basedir}/private/stealth_template.ps" 2>&1 | awk '{ print $7 }'` if test ${mcount} -lt ${ccount} then printFATAL "Configuration file ${hostconfig} too big." fi cp "${basedir}/private/stealth_template.ps" "$tmpD" || \ printFATAL "Could not copy ${basedir}/private/stealth_template.ps to ${tmpD}/" ${basedir}/libexec/samhain_stealth -s "${tmpD}/stealth_template.ps" "${hostconfig}" >/dev/null if test "x$?" = x0 then printINFO "Configuration file hidden into stealth_template.ps" hostconfig="${tmpD}/stealth_template.ps" else printFATAL "Could not run ${basedir}/libexec/samhain_stealth -s ${tmpD}/stealth_template.ps ${hostconfig}" fi fi rm -f "${tmpD}/prepared_samhainrc" cp "${hostconfig}" "${tmpD}/prepared_samhainrc" || \ printFATAL "Could not copy ${hostconfig} to ${tmpD}/prepared_samhainrc" hostconfig="${tmpD}/prepared_samhainrc" #--------------------------------------------------------------------- # Create temporary directory on host. #--------------------------------------------------------------------- tmpdir=`eval echo "${temp_dir}/sh_${src_version}_${arch}_${format}_$$"` if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' else printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" fi if test x"$?" != x0 then printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." else printLOG "Directory ${tmpdir} created on host ${host}." fi #--------------------------------------------------------------------- # Copy to host. #--------------------------------------------------------------------- if test x"$simulate" = x0 then if test x"$silent" = x0 then scp "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" else scp -q "${is_initscript_full}" "${is_preinstall_full}" "${is_postinstall_full}" "${hostconfig}" "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" "root@${host}:${tmpdir}/" fi else if test x"$silent" = x0 then printINFO "scp ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" else printINFO "scp -q ${is_initscript_full} ${is_preinstall_full} ${is_postinstall_full} ${hostconfig} ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} root@${host}:${tmpdir}/" fi fi if test x"$?" != x0 then printFATAL "Could not copy package to host ${host}." else printINFO "Package copied to host ${host}." fi #--------------------------------------------------------------------- # Run preinstall script. #--------------------------------------------------------------------- if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && cp "'install-${src_version}.${realformat}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)' else printINFO "ssh -x -l root ${host} (cd ${tmpdir} && cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x preinstall && ./preinstall)" fi if test x"$?" != x0 then printFATAL "Could not run preinstall script on host ${host}." else printLOG "Preinstall script executed on host ${host}" fi #--------------------------------------------------------------------- # Install. #--------------------------------------------------------------------- if test "x$format" = "xrun"; then is_command="/bin/sh" elif test "x$format" = "xdeb"; then is_command="dpkg --install --force-downgrade --force-confnew" elif test "x$format" = "xrpm"; then is_command="rpm --upgrade --quiet --oldpackage" elif test "x$format" = "xtbz2"; then is_command="emerge -K" elif test "x$format" = "xsolaris-pkg"; then is_command="pkgadd -n -d" elif test "x$format" = "xdepot"; then is_command="/usr/sbin/swinstall -x fix_explicit_directories=false -v -s " else printFATAL "Don't know how to install package format ${format}" fi if test "x$format" = "xdepot" then tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` if test x"$simulate" = x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/sbin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'${tmpdir}/samhain-${src_version}.${realformat}'" "'${tmp_iname}'") >/dev/null '\' else printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} ${tmpdir}/samhain-${src_version}.${realformat} ${tmp_iname})'" fi elif test "x$format" = "xsolaris-pkg" then if test x"$simulate" = x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat} all'") >/dev/null '\' else printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat}) all'" fi elif test "x$format" = "xtbz2" then # Gentoo is a PITA # tmp_iname=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name` if test x"$simulate" = x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'samhain-${src_version}.${realformat}'" "'/usr/portage/packages/All/${tmp_iname}-${src_version}.tbz2'" && eval "'${is_command}'" "'${tmp_iname}-${src_version}.${realformat}'") >/dev/null '\' else printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && cp samhain-${src_version}.${realformat} /usr/portage/packages/${tmp_iname}-${src_version}.tbz2 && eval ${is_command} ${tmp_iname}-${src_version}.${realformat})'" fi else if test x"$simulate" = x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && eval "'${is_command}'" "'samhain-${src_version}.${realformat}'") >/dev/null '\' else printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && eval ${is_command} samhain-${src_version}.${realformat})'" fi fi if test x"$?" != x0 then printFATAL "Could not install package on host ${host}." else printLOG "Package installed on host ${host}" fi #--------------------------------------------------------------------- # Run postinstall script to fix the client password. #--------------------------------------------------------------------- if test x"$simulate" = x0 then if test "x${is_packed}" = "x0" then ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall "'${is_passwd}'") >/dev/null' else # Dummy argument ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x postinstall && ./postinstall DUMMY ) >/dev/null' fi else if test "x${is_packed}" = "x0" then printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall ${is_passwd})" else # Dummy argument printINFO "ssh -x -l root ${host} (cd ${tmpdir} && chmod +x postinstall && ./postinstall DUMMY )" fi fi if test x"$?" != x0 then printFATAL "Could not run postinstall script on host ${host}." else printLOG "Postinstall script executed on host ${host}" fi #--------------------------------------------------------------------- # Update the rc file #--------------------------------------------------------------------- if test "x${is_rcfile}" = xy then mytest_file=`ls -1 "${yule_data}/rc*" 2>/dev/null | tail -n 1 2>/dev/null` if test "x$mytest_file" = x; then rcfile_perm=640; xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ grep "^samhain:" | awk -F: '{ print $3; }'` if test "x$xgid" = x; then rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` else rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` rcfile_group=samhain fi else mytest_file=`basename $mytest_file` rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ gsub("-","",u); gsub("-","",g); gsub("-","",o); \ print "u=" u ",g=" g ",o=" o; }'` rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ awk '{print $3 }'` rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ awk '{print $4 }'` fi if test -f "${hostconfig}" then if test x"$simulate" = x0 then ageFILE "${yule_data}/rc.${host}" || printFATAL "Could not backup ${yule_data}/rc.${host}." cp "${hostconfig}" "${yule_data}/rc.${host}" || printFATAL "Could not copy ${hostconfig} to ${yule_data}/rc.${host}" chown ${rcfile_owner}:${rcfile_group} "${yule_data}/rc.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/rc.${host}" chmod ${rcfile_perm} "${yule_data}/rc.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/rc.${host}" else printINFO "Backup existing ${yule_data}/rc.${host}" printINFO "Copy ${hostconfig} to ${yule_data}/rc.${host}" fi else printFATAL "${hostconfig} is missing." fi printLOG "Server-side config file ${yule_data}/rc.${host} copied from ${hostconfig}." fi #--------------------------------------------------------------------- # Server entry and restart #--------------------------------------------------------------------- instlock="${yule_conf}.lockdir"; trap "rm -rf ${instlock}" 1 2 13 15 if test x"$simulate" = x0 then # # A lockfile will not work, because 'root' can write anyway. # However, 'mkdir' an existing directory will fail even for root # until (umask 222; mkdir "${instlock}") 2>/dev/null # test & set do printINFO "Waiting for lock" sleep 1 done fi Replace=`"${yule_exec}" -P "${is_passwd}" | sed s%HOSTNAME%${host}%g` if test "x$Replace" = x then rm -rf "${instlock}" printFATAL "Could not execute ${yule_exec} -P ${is_passwd}." fi SearchString="Client=${host}@" Seen=n echo >"$tmpF" || printFATAL "Cannot write new server configuration." while read line do if test "x$Seen" = xn then echo "$line" >>"$tmpF" if test -n "`echo $line | awk '/^\[Clients\]/'`" then Seen=y echo "$Replace" >>"$tmpF" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Cannot write new server configuration." fi fi else if test -n "`echo $line | awk '/^'${SearchString}'/'`" then : else echo "$line" >>"$tmpF" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Cannot write new server configuration." fi fi fi done <"${yule_conf}" rcfile_perm=`ls -l "${yule_conf}" | \ awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ gsub("-","",u); gsub("-","",g); gsub("-","",o); \ print "u=" u ",g=" g ",o=" o; }'` rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` rcfile_owner=`ls -l "${yule_conf}" | \ awk '{print $3 }'` rcfile_group=`ls -l "${yule_conf}" | \ awk '{print $4 }'` if test x"$simulate" = x0 then ageFILE "${yule_conf}" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Could not backup ${yule_conf}" fi rm -f "${yule_conf}" && cp "$tmpF" "${yule_conf}" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Could not write new server config. Backup is ${yule_conf}.1" fi chown ${rcfile_owner}:${rcfile_group} "${yule_conf}" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_conf}" fi chmod ${rcfile_perm} "${yule_conf}" if [ $? -ne 0 ]; then rm -rf "${instlock}" printFATAL "Could not chmod ${rcfile_perm} ${yule_conf}" fi else printINFO "Backup and update ${yule_conf}" fi if test "x${local_command}" = x then : else if test x"$simulate" = x0 then eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "first" else printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} first" fi fi yule_name=`basename "${yule_exec}"` if test x"$simulate" = x0 then if test -f "/etc/init.d/${yule_name}" then eval "/etc/init.d/${yule_name}" reload if test x"$?" != x0 then printWARNING "Could not reload server using: /etc/init.d/${yule_name} reload." fi else eval "${yule_exec}" reload if test x"$?" != x0 then printWARNING "Could not reload server using: ${yule_exec} reload." fi fi # # wait for the server to pick up the new configuration # sleep 5 # rm -rf "${instlock}" else printINFO "Reloading server configuration." fi printLOG "Server configuration updated and reloaded." #--------------------------------------------------------------------- # Write/update client database #--------------------------------------------------------------------- SH_NAME=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config name`; export SH_NAME SH_PREFIX=`/bin/sh ${basedir}/archpkg/${arch}/install-${src_version}.${realformat} --print-config prefix`; export SH_PREFIX if test x"$simulate" = x0 then updateDB else printINFO "Updating client database." fi #--------------------------------------------------------------------- # Initialize and fetch database #--------------------------------------------------------------------- if test "x${is_init}" = xy then if test x"$simulate" = x0 then if test x"$silent" != x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' else ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && chmod +x initscript && ./initscript ${is_nocl} >/dev/null 2>&1 )'\' fi if test x"$?" != x0 then printFATAL "Could not initialize database on host ${host}." else printLOG "Database initialized on host ${host}" fi scp -q "root@${host}:${tmpdir}/data" "$tmpD" || \ printFATAL "Could not retrieve database file root@${host}:${tmpdir}/data" else printINFO "ssh -x -l root ${host} /bin/sh -c '(cd ${tmpdir} && chmod +x initscript && ./initscript ${is_nocl})'" printLOG "Database initialized on host ${host}" printINFO "scp -q root@${host}:${tmpdir}/data $tmpD" fi mytest_file=`ls -1 "${yule_data}/file*" 2>/dev/null | tail -n 1 2>/dev/null` if test "x$mytest_file" = x; then rcfile_perm=640; xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ grep "^samhain:" | awk -F: '{ print $3; }'` if test "x$xgid" = x; then rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` rcfile_group=`ls -ld ${yule_data} | awk '{print $4 }'` else rcfile_owner=`ls -ld ${yule_data} | awk '{print $3 }'` rcfile_group=samhain fi else mytest_file=`basename $mytest_file` rcfile_perm=`ls -l "${yule_data}/${mytest_file}" | \ awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ gsub("-","",u); gsub("-","",g); gsub("-","",o); \ print "u=" u ",g=" g ",o=" o; }'` rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` rcfile_owner=`ls -l "${yule_data}/${mytest_file}" | \ awk '{print $3 }'` rcfile_group=`ls -l "${yule_data}/${mytest_file}" | \ awk '{print $4 }'` fi if test x"$simulate" = x0 then if test -f "$tmpD/data" then ageFILE "${yule_data}/file.${host}" || printFATAL "Could not backup ${yule_conf}." mv "$tmpD/data" "${yule_data}/file.${host}" || printFATAL "Could not move database file to ${yule_data}/file.${host}" chown ${rcfile_owner}:${rcfile_group} "${yule_data}/file.${host}" || printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${yule_data}/file.${host}" chmod ${rcfile_perm} "${yule_data}/file.${host}" || printFATAL "Could not chmod ${rcfile_perm} ${yule_data}/file.${host}" else printFATAL "Database file not downloaded from host ${host}" fi else printINFO "Backup and replace ${yule_data}/file.${host}" fi fi #--------------------------------------------------------------------- # Start up. #--------------------------------------------------------------------- if test "x${local_command}" = x then : else if test x"$simulate" = x0 then eval "${local_command}" "${host}" "${arch}" "${basedir}" "${yule_data}" "second" else printINFO "eval ${local_command} ${host} ${arch} ${basedir} ${yule_data} second" fi fi if test "x${is_startup}" = xy then if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(cd "'${tmpdir}'" && chmod +x initscript && eval "'./initscript ${is_nocl} start'")' else printINFO "Starting remote client now." fi if test x"$?" != x0 then printFATAL "Could not start client on host ${host}." else printLOG "Client started on host ${host}." fi fi #--------------------------------------------------------------------- # Clean up. #--------------------------------------------------------------------- if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' else printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" fi if test x"$?" != x0 then printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." else printLOG "Directory ${tmpdir} deleted on host ${host}." fi } samhain-3.1.0/dsys/funcEXE0000644000175000017500000000311310414541057012255 00000000000000######################################################################### # # Subroutines for determining existence of / path to executables # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # findEXE() { if test $# -lt 1 then printFATAL "findEXE: insufficient arguments" fi X="$PATH"; prog="$1"; OLD_IFS=${IFS} IFS=':'; export IFS for dir in $X; do exe="$dir/$1" if (test -f "$exe" || test -f "${exe}.exe") then EXECUTABLE="$exe"; export EXECUTABLE IFS=${OLD_IFS}; export IFS return 0 fi done IFS=${OLD_IFS}; export IFS printINFO "Command $1 not found in \$PATH" EXECUTABLE=""; export EXECUTABLE } needEXE() { # printINFO "Checking for $@" for arg do findEXE "$arg" test -z "$EXECUTABLE" && printFATAL "Need \"$arg\" in \$PATH" done return 0 } samhain-3.1.0/dsys/funcSETUP0000644000175000017500000000363310414541123012535 00000000000000######################################################################### # # Setup test Subroutines # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # test setup # testSETUP1() { test -d "$basedir" || printFATAL "Basedir $basedir does not exist" test -d "$basedir/tmp" || printFATAL "Tmpdir $basedir/tmp does not exist" tmpdir="$basedir/tmp"; export tmpdir return 0 } # test setup # testSETUP2() { test -z "$action" && { promptMENU "Which action do you want to perform" "install" "build" "download" "checksrc" "clean" "info" "uninstall"; action="$MENU"; export action; } if (test x"$action" = xbuild || test x"$action" = xinstall || test x"$action" = xuninstall) then test -z "$host" && { promptINPUT "On which host do you want to $action"; host="$INPUT"; export host; } fi return 0 } setupFORMAT() { tmp_format=`echo "${1}" | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` echo "${tmp_format}" } setupVERSION() { tmp_version=`echo ${DB_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.depot%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.pkg%%` echo "${tmp_version}" } samhain-3.1.0/dsys/0F571F6C.asc0000644000175000017500000002657710067503516012553 00000000000000-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.1 (GNU/Linux) mQGiBDgcfd0RBADvXitAL1gCXw1yOJsPWJdU6wbgqMWqfMbkFGRiLZut/rwbN3x/ ch8sF+hptcQGH4Hhe25+1WkSO1KO81j6ZQZqhYNHogE3IFsv1TK7vX0r81ZRjinM koQ69kWw+elp1vcLCwHzHDB8MhV3eI3jpQcGgpsRVq4uEumyGfI1v6AUfwCg+RIj aGtvyxFH2UsSUVNaM/008v8D/R56I6qLcixxuWrHUhZBNaiQ0I70PWo92uLHwSvF dnSnkpUc4BvTeq4PVuId6e3LdeonG4OW8jWFK0/9OE+ubuZYJdOmuv+3BzPOktZy 9Cf8QwHpUvQ/c9S5MrIOsFdQAOj6rQvlA7OmnidyW4+MA3IYp8bwq5dx6sHcAy7o 0RBSBADpf5eWfni8Awfcwq7yyGgJFhAAgkoDKAHBj4OepVKhcnCe8+78VpqWtZ9p e45AL/5nhl6CceWWZfCYXgv2Zm8CUnUwxb6XKuGOGJagtRT9d0fQFeEXFlSPE5HA JCXkhbcQpZq1YzyjKMeExBfM5w4XaEhfQ652pjXQieyWETjd17QtUmFpbmVyIFdp Y2htYW5uIDxyd2ljaG1hbm5AaHMudW5pLWhhbWJ1cmcuZGU+iFUEExECABUFAjgc fd0DCwoDAxUDAgMWAgECF4AACgkQGq0myA9XH2y7FwCdEIZRr4gI9vlS7DgcS8mY FjveBncAoLiNO3tE00J4r6LEWm4IpYYUiRUFiQEcBBMBAgAGBQI+UjZjAAoJEAbp c/N5kkHBNjwH/138Qk7NcZT2ar5t4MOyaHM7gaIOaywZHXaGEx7wrvpmD3ImoerE psp19+JqOfzhgpGI8Z37nh+HR5vIYERrMrIBLoHMwyNkJxqRiqNVfZ3AxpZWvKTl AJlwIvPGF6FfR2f05Lvaw06UoOLpIjmzb8rXQ6bvbqSXtgUEU+pmwfjQOPidwNjW ovUTkCpv2LWQxwapYgOZilne+7Zad+nf/asCGfqL9V9WIblrwoFkSlP13UwF4j5f m7iTM9ZAXFUUFvarN2Mz0RP4+58rceb6bRM+agL+dpd5AqgwBgtGYmeO/G4/E/WY PYBLTh+ZbupmvykgdnKR0E0w72KXnLg11M2JARwEEwECAAYFAj5SNakACgkQBz/7 hK/ULUUktggAgbbW4uM9B8jQeavzdMmV3WiF2owqr1MiS+oiWKBK3U6O0xJP5G9Q h5Zj80NEdopDV0G8z1KOFn4v4SMlzSjvq6938end+zvgaPGEGaE94iHp5aI6TMhF ezmbM2MfNphfn2yxmzQefEj8VaJbi+du4n1YmnkMJDkpw+6927/99Sj3A0jNvUxC B5YM9K/t6xI89qlKZlCDHjgEHARAxNWRyE5YSqRkXWgxcHPKkF1oKifD4/eNyQw2 OZnRTFRsk28uEJTysnjsiIUbP13LR6m1VfZQrEpk0RjnlGKVRwy42WWDnOsCXOnM Sy2+a9gYa+ayCGI+NTuUUecvZ7VVxKCHIYhGBBMRAgAGBQI+UjYnAAoJEA86uzhI KF65WpIAn0p+PQe7WaHp15qul2E7AoDD7uuzAJ486FDSWZi92crLJNPnyPi9HXbi DIhGBBMRAgAGBQI+S5Q1AAoJEBwB7TX3s/Rm2QcAn2zwg7uup1JMGqTxSaQ+sjWR 0vEqAJ9xvhAZMOrk51/6T7Oq/DzaZGwT3IhGBBARAgAGBQI4XqDdAAoJEB3kOh0g CZVMC8cAn04Ph20EZH5vbPvVQN9+KdketxyHAKCIhQvT2DiNsadeI7fQwRssLn7a xohGBBMRAgAGBQI+S5NzAAoJEG48dKkHK3yJ8/YAnRTCT5OhC9jPOxL26UKTF/YT t46kAJ9WI3vfQrbKgu32s6E5UTgQS/U4hokBHAQTAQIABgUCPlIpcQAKCRB4oTZL RAPrMfOcCACxIuPyBAxDIDvP3xWzMdlN4AhLIQ1myMHlwA7X90RVKW+saR+gU3QI hBVahKfC7OEXhH/dCft1c64Vy3lZT5vl9W6m0ZukdVSKTVKZYaRk+iGej3+zzD8W CzwDvMvkDGa1/VuOZDvx3byj866/L3Y4n8Qa+66KkqNG3sMgjOfMoxGTvZuxL3Zz YdQWUovd9KcmOl7etDB8rhkz4cBPxXxcIbDhDPJNgDoViby4Bgs1nmfvhPq+RNvK fKysRo9XYWfTRjwqicSMhSTRdgMS1GHCMY3U183p+njorU9gxvxmZhxzop41vwh2 ps6CVpUo9u+fpiDkfWeZIBzdl6+pz8TkiQEcBBMBAgAGBQI+S5OYAAoJEH641Vr2 yhx/sVIH/3MXz2dFzTze2eM9jj8DMJhM6wsuXIxKnGxl7Vd0i/T3jlh+UAQBueHz KtsmyE7xZ8OnoBfC9U4+ypyuKdnd0oULOTChDpY2a0Dv4gp4HZGoO3BR1qcf7LFy 3Ibn37siiJ4WmvgqPx9v1sFZAr+rKeSqhxnD7+GosbyD7qNQTATsorAMgYAdWCAC MsnLdP0K7yTW3X4JGgnRNjVJbYkFVC/j3qedT/Or0iUDDZdzID+vxxlwxa8Y+UTS wR75IPJEw7UObjQMdUixwUsb04rCI5CtPvMdO7nSvC1RvfP5TTSY5Ypu7bO6ArMT iYQfWhz2YCE/ikB8jeT6OovpqXiSKFaInAQTAQIABgUCPkuS/gAKCRCMWj5dyq7Z nSSwBAC2Zbo6lkfoq+ZPYj4hXs+C83aaVwEDEY4MqcEONPlt5tno6Tipt1aE7utf aCT2az5qLcns4cb+UckchEfcqmJc3+YTX97h6Iz55OsFYIXtUkYyys7Q3VmSqDZg Xz2N3YGBR0ttRk/qTNd3BoIWzdlqaLFfkFf5EgdIO5UIB8KPLYkBHAQQAQIABgUC PnHPRAAKCRB7Id4BrmYkJQOVCACpVqEZXDSU/LA1B1y7OtbQvuLOBqkKYvJ6QY+b SUnQA4pIWm1tZuGXckuo7Th/2zUqu+Jthso6zNRzz+FXIPOamHVRqxjbihPCsLA7 1MfVax7shaXswrHbKDt4Ou9834+KY2/G7XFdym2IezSeOrmsSicgQNsqdOIlmgMX YaG/4ddRvbB4V5PomPCz+tKDALXrkRoiS2akyfMgwsMOo9xfXA6j6bHJwHjar6eD ZiWcG24KXbiRYsyXw8v/piuG6rer7VuTFuaJwEAUvZYxAvFtISmxDAysHKwHXK1g ijK3Dh0JSkZrEH3LofAzRtcw+MQUkiD5sBDJ0E6QOr9bk14FiEYEEBECAAYFAj5x 0GwACgkQhfcxbPQmVn3FQACg1wSQt5mdfpwN74PFs6SVpoQ3kFMAoNJORjgHXFyF Gc+2DXq1KFXEUKAtiQEcBBMBAgAGBQI+cc0RAAoJEO67Mb58Bv0ljgYH/RVSwmd+ BufOXhZNfozT8p2M6xVgsEQ1nzdHtAVo+tr00xyHHwLQj1phDXSZtK1iRvLY6GXg Dp0VAGjkjUilR8adfT7uvgu9br32zCx7EZkAOQXp51tPWnD4JDcWB0adJEWwfVo9 +abC/84/Xy0c+IOdNLEePLxlYlezynXTCEgTXMeeROKOQMog/vB8obNi3rYjUKC/ eypJCuMtmnLKhHhbezvJMy+N10iWajpOYInQLP+uee48/ytmbnb+8klx8j3rJ1Ew r4KU+7ewm2eHPzJl1xCbuqePoxciptgtjdwtmGQH+VHDPRAcF+FfoNtF1Fc1p6+8 7qznfNJoLHWsde+JARwEEwECAAYFAj5xzSAACgkQKBTThimyUAFD9gf/RUY5fwxN Qv2N2bnSqmisUEx8XrOGGmzPNKvL1TdIwcc+votQ98nOBEv6De17+HD/jPVD3ReS 71sB1gI5/Duni5h8nx2L2siQxOqNE2YI2oSn8f4ign91ruFSEwPR+nFUDtbuMk4C 0df16i7asVXiKq3GW7Tv20iXnTvjQZCVSFtXxU00pdtmf0FpRSPp7YonQMLv6vCH iZ6j74kkn4+EwroXmWF5nb9/HZOJiZnTv6+vGpFYiI/gAGkOA4SBipUWm2B2E4AV MTo2MeXe+/wbirL43PDiG2kbeet7KH5M+/BTceUjl0alIFeZizYaluvouWo7NahA MLz89pUD25hpl4hGBBIRAgAGBQI+dJKeAAoJEI47c57dK8ydsAoAmwXDmPsbM0Ao 0VkY1q8anK5lhJMqAKDQOIimB3yzFt7koY9MUgFgHX77rYhGBBARAgAGBQI+hde4 AAoJEHFOxoebS5syXOMAn3xCJVsb0IRb42q25sLpHVXvc8+TAJ9Q3RBxdagtPVPx m58Uf4bhGLuBdohGBBMRAgAGBQI+iDOzAAoJEJJVvZ/mhE25CQYAn0j2H3sUfjao iTML5QF057ZfwzwoAKDBulEh0SChQQ2KbHdlpAVP+Io+U4g/AwUQPtSY59vSRfyz sqEsEQIDSQCfVPYWXSS2qbCI0BZm1jNI/D3WndIAoLmDomrFc+B+9Hp6id8B8kxy /IRdiEYEEBECAAYFAj74SAgACgkQ36XkltcZWyKb6ACg6XOdq03pvSlA0AqBZLQV wmeItVcAnRpHJt7znvfrxPpI4vfnkRR1Lt/yiEYEExECAAYFAj+f3koACgkQxcDF xyGNGNeCuwCfRP034939xTTTLWp+hQUE/O6NfbIAoJ7IbYA3YQmfDQukotNGypzH uo1aiEYEExECAAYFAkBbXgcACgkQ01u8mbx9Agqs9QCfTRKAxpfPhFz0kL2cODz6 Eo/TbMUAoIyztog7I3BTwu22eTPv6pXUTQEliEYEExECAAYFAkBbJ/0ACgkQSvFU KpY6VLBbHwCdHlFGr+t5aNg9SWqFfLs2N38awXkAoIW0bSz0MOPCkUHtY1o+wfjo J+DPiEYEExECAAYFAkBqj9AACgkQECqmVFXwdrOgIgCeNTva96TnQPlkIcpRE2hs oHITahAAoIEk77c6+Cr9CsS46WGvf1ePJW0yiEYEExECAAYFAkBytVYACgkQGyfX UvpJphr6dwCgkB330qWc6xjgounXSXbCvR7Dry4An3MzbcU/YS/OH7IBZMopWJbo Vr6KiEYEExECAAYFAkByunAACgkQA5e1oKh+NRxEmgCbBOyZmLeti3aysxi6yYEz JRkBGe4AmgPMOK8nxNjqa2KTrvsdH+XJSnGOiEYEExECAAYFAkB0A6AACgkQzAoJ I8gDfT8aMgCcCqTKT9sTVsk6UYIvYB6aBbmQIvYAn1gYeX6HTIo4+CfPC2c6bc80 iO+ViEYEExECAAYFAkB0ZUsACgkQr/RnCw96jQEetgCgnJatrM9Co+6JunHUl58L PswEAdAAoIFqNka9tvPrk8ZOJkfxJJEujrIgiEYEEBECAAYFAkCKrbQACgkQ9yNf So1Tr57J0wCfdZB/pGW/wyjHP2rpEQ/xV8bc/94AoKnbj0KC+glYM3pDOwjKbEZH /WAfiEYEEhECAAYFAkBzpsUACgkQ78vN/2HwW4wcDwCfYPlVzDJ0jfI+mMR+tHP8 n6Guj98An252IGC/eIB1I4nCi5TqqeVEvIeZtChSYWluZXIgV2ljaG1hbm4gPHJ3 aWNobWFubkBsYS1zYW1obmEuZGU+iFYEExECABYFAjoDPmkECwoEAwMVAwIDFgIB AheAAAoJEBqtJsgPVx9sNHAAoOPNgUXL+qRFyHU8wyDEeOHWALErAJoD2eIs0r7R 4UH+q+3J+v2EDbrHQYkBHAQTAQIABgUCPlI2awAKCRAG6XPzeZJBwcA2B/4sQlDm NMykYdYPY/MZ2b/O6S/2rZts+W3htjMEMvSzTM96koCJEpJCaHbmMehqZGUh/V97 oj4+rTfeKtKQBSVaBU2Bj8Zy2YjlqBUs2ShilVMR14RSOgmKr8FSvJVSegWf62T+ yFisLZdhQMTImSkKMB2oWkZPS9Su9dtk7j9gfHKwPIx3O8MCNf2dnaksHCpUMa3o AcXBZprMYE31zbrre2pi9E1jRFyq2zr0Ywkw1/LO4GUi3Zstg1gffLEku+ZpIBaw NH+WO+kkfoNmS03Ffxoo+Y5LLXAkm/dfn/KsbVy/WKHCiXfhWnyAxGxZhUAcgMwW VFcN53kQ1Twq8S3HiQEcBBMBAgAGBQI+UjWwAAoJEAc/+4Sv1C1FzQUH/j03htOj wiBSi/S3KcRCjrX9gem3RwCVTVbOKoGhAuA2cd45ZlT3E1ivvPAg2MzNzGQt1Fai CsQ/3Xy/1JzfnwVijHGXDZFrV7/ZClA4sj/bO36KNSoVNHeE7n1dsrfd1N2s9WgT JkB/LdRCcTqiUubxy+pWghdAEpSOAO/KacxhZ9Bbf1cjOcWJBbMWZSMLBTddUCcx cxzi3hpIfNOjwuZwYWlIe7KLI6YdjrdNUQZHPBTivTiZMzQ2kc7jPoSS/h5s9cvo hLa/9QqARih0V+ilTl8RFwYuPFWvIy4aTCSHWkzYO110KiLhz54Z1P0z5nWe/IfS XJRFgrAd2xKkpd+IRgQTEQIABgUCPlI2TwAKCRAPOrs4SCheuVwuAJ9q/3m2ZuG/ RpbNISA1zTi1239CbwCghqx5M2MClODQ4YRF+I/be6j8ub+IRQQTEQIABgUCPkuU OgAKCRAcAe0197P0Zp3gAJjpxPKU0GFcYhaE/ED/jI+h65HKAJwOwYPmGuU4dR3I nN+iHBnqY/9s2ohGBBMRAgAGBQI+S5N5AAoJEG48dKkHK3yJd5sAnjIKbVSpWM6v aEYdrWKF55rlXwo1AJ99RNP00MRpBa7IiVcXBR3KOurRsIkBHAQTAQIABgUCPlIp eAAKCRB4oTZLRAPrMUAfCADAz95sXsxdUYAS+jejVuf1EYA+5TEgSIi5uhSOlgdu WyUAzGuWSplc6kjoqwysUmnwthJON5Y4DSIes5YsDs93k+X0bZxDkzghqiFU5LWE 266bN7MvWmYXh7DfAz3V262dqa2IvvxSHtxmiYLPn5mZ2pLsXnWYTZUBZ4BSdArB t0pfHOOjZaixqfK7DYzyripm9259552aYOrmso8lSnAq2a+ekD9tQ9e2m8gkPbei 5sF1kawoYkyedEr+r4j0h1Sf24LVJinLPnavtDGUynt+v0NobzqBUHgI5lnSmlDt WWUU23YvAko73aJwlW1cDkRfcsR+TdA+IiECbFcipOd1iQEcBBMBAgAGBQI+S5Op AAoJEH641Vr2yhx/sN0H/1kWbhVnnkqC1LvOdqP9bx7S3UDUkQw0xEf1DC2lUALV zioDt9PvarRh47bcaUis+x/9k9AYsPFDhBiYPYek6VcxT86LPVUKz/gELOmHNcAq 3aUl35NKC97JVxYqMix1+hS8UY+m5zezSDdLAz1G8UKZ1d6tx3daikOPzKmpIY50 wMBdA3jITr6J4eWZ/ptfL0GDdlXFOVKFURMIn6t5AAjKdqQHYySxhuWn+S3QQxDz Ulv9vAUW4VS+6lzWB1thmRxwawbfJ+05kO/hGD+alWiJxyW/PXRwEiqdVzAIIocM mHmGtEIONcNyRdjIsDIyZTMavFJOE0hMHftp8a7vbTuInAQTAQIABgUCPkuTAwAK CRCMWj5dyq7ZncE6A/9tzn5ZST0cgPqQEywAcTeQeja7Qxxl7/CJ3gHqnK8eZu2D MmSINdRgPjDknn9hWhKu2aDjfhl/a/sIbD8cHtvWza0Z9a12tZZ5+kDOand/U3rn RLRUO8MnhLxHif5vEtQvC54jxmpOl05J2o5QT0pFs9BHW3tDGlR4CWPrwUC2W4kB HAQQAQIABgUCPnHPTAAKCRB7Id4BrmYkJaWCB/41LdB1IdcPLraASItBLqfKb46+ fOoU1teYrM3J7zE5r1z79Mu7slT5JRP3i5iD+TjbqDI4LitZ2lrbmGTI/uQ0R9T8 PBWcs+SBroVCDziCO2nTVQldvqtmXCx0Rpu8iZacKotEz9nVQxouUiskgNn/v0p2 Ng1gUK5g3CripcYXUpkEpmYkyTYAbokeeKsF3cCe9czVT9l/nB/OJIus31eKa8x0 9+1EMdu/GJIxa/tDQh7vkNKSP09qtKrCsSxzpfmwIj1PBTT8oDkBkheuTaKTTWPE 0jWP3aNMTHZUkLpRVNf1htus7utSm1O+W6hTYQLL0OPMylBTWZ33vN2Nb0fliEYE EBECAAYFAj5x0HIACgkQhfcxbPQmVn3c8ACgyIVKF4Fjl2vCc3VgAcPvNZ8p5lYA nj2/t1pja5FPd89R7I1ZS4Ctb12uiQEcBBMBAgAGBQI+cc0VAAoJEO67Mb58Bv0l t48IAIWzONERcs+QPNZ3NbMU3Um5s43XxZcql6mOIc0I7eBLl/bn+UTh4F5PuAbh mgTkVR5l9KF1PKswHfbzYxDSGTYqSXOCXRnbU4sByoSaV6xlGJAM9ivi/vEom6uE v6pQEZslNDNt4IfYx35+8WLhjXb7OM0HF5ZqpLqXF5BGAYGx9vDKs4SEo5HNslTT q1JgDMJNXKVyQxOAewICq+VaqbztwGf8nhcNz5Di4G5IbKi6BKOvlkPt4TkRsppJ Gq+1rAM6Fh34FqaKshuubOuoZwXKrmMHGEYgoE7XLXW5998GmE4dZh8fO7iaPjH4 3f/qcmn5joko+HQw9visZymSxgiJARwEEwECAAYFAj5xzSQACgkQKBTThimyUAFv NQgAthIAnR7+dtVcrH51R4J+8Li30yi04E0VGLhJ6KnGCpzv8eSp2HMiaRe1JAss Zy7S+dpcL6MDjcYR6HaNP49V9RtTfiARFgZWQ6SD5nOdmMe3Nb6kmfYnZO3YHwiW NXtncNHHnvSS1bDM5o3hitEPHvnQbOB/k6BpilsKzPl/bvRa8hT1/b4hQjhmv5Hf LxI6suLyOqz6ESWL2enFXTmthOOAan0yLkhLNvIsHZue3Kd7OP7+7uzmCF+mEIL7 eL9EheCa+4hWUEltdEdBtX5kcgJdTJQZZCuyz7aZ1JSZwr0G+4x6K5J9WAzI7BzI TD0rZ0LSOilyuDTYQChRDJPe8ohGBBIRAgAGBQI+dJKhAAoJEI47c57dK8ydmcAA oJa36CvpFHhq9VH0BRAgk6whGRFpAJ9J+VP1AmA3tjmzV3R7Ls5TMJRs4YhGBBAR AgAGBQI+hyNZAAoJEHFOxoebS5syxQEAn0XqPZdIJqSzqFq7ElQMK7khAxuwAKCA qlcHbWvhqxN7mAmC/wfYebKbZ4hGBBMRAgAGBQI+iDO2AAoJEJJVvZ/mhE25bioA ni6Vz0lqdlCdJG9KpeWUGtPcwUFDAJ9281Qpt6+9PW5TJOrcBO7OJW8UIokBHAQT AQIABgUCPsoYKQAKCRAcU5jLRuk3pDzVB/wP5SA6Dq168ItTQoOhNmx4k4sm5sJP bbPPFOKjYhPjnBKSNmU2l+Z4lNrI9BxEhTwGCc3NpTV8E7G5I6PtWaeTgFgdd2B/ eZCSui82yQmBOh/CFk5WW8deB4Bd4MDCCjhx2nZz7ivB0Dv9FlMyLqChjARrJQGD u2XfAvYyXhW+4UNOPI0D/SkJgeCRoVQi8ASbgt6SlHn7wkdvrDltJy1CfbqiYBr3 Y5TG4JaGceW8vfMCEdbw21MxPK/nP08J7ES5oMRcFHCA82+TvuCOErOnq/naPqHC vjpbpLqYl5qtv8cN7kV/eb/sAXBL41AM0bQoM/KY7Bv/Qldk0R7w/4XmiD8DBRA+ 1Jj029JF/LOyoSwRAmdiAJ4iGUh4PlFl2QLC2HBdOk+gnZdFSQCeOTZ5bFIRg0YU OCpuvgkifys5L2mIRgQQEQIABgUCPvhICgAKCRDfpeSW1xlbIibpAKCfTI1e8MXw BbGPVPYGPEWfF5Dl2wCffBaai8FxqWhzHRek00rxLgEqCfiIRgQSEQIABgUCP51G YwAKCRAdqzxE2iYyGBerAJ9utXaBGuKbOLW1N3EAFVPUsMl1pwCeJWmBUvaZ6Z18 UitAdRn+c3tcEE2IRgQTEQIABgUCP5/eRgAKCRDFwMXHIY0Y17qSAKCoOhCWYphZ tuwgAiglspzyXyUPGgCg0Fjhhq8KfNQujv5LJEKgP5EUrv6IRgQTEQIABgUCQFsn +QAKCRBK8VQqljpUsEajAKCRBtUxFnh+w5YdYU971cbT54sQQACfVg1gozhfClAw XhPGML85ne/WatuIRgQTEQIABgUCQFteAwAKCRDTW7yZvH0CCn+BAJ4959iKUXvk dYpmtNKZyulsCGj9ygCgxA8Qo/1WffxrWeCnL9jK106qkMuIRgQTEQIABgUCQGqP yAAKCRAQKqZUVfB2s5CAAKCYZGG8v9mlYwGZd62fLcuqh28kvgCcCzpEb0xQaoTV Y1LdcKlnrQyLg9qIRgQTEQIABgUCQHK1UwAKCRAbJ9dS+kmmGjF1AKCdX/0pvL7J Q9QIpk37clvuTjdk9ACfW5CPmsBTo4QebFLvrXjPA2BS2OyIRgQTEQIABgUCQHK6 ZgAKCRADl7WgqH41HMhvAKCHhiRvXGhAd7DS5nvCURhUde6/QgCfZQgEtHFSLhpj KacnyMkg6xF2dSeIRgQTEQIABgUCQHQDnQAKCRDMCgkjyAN9P+W9AJ9OQZ3++gB1 KDNRxmsj/W/KHLQ2SQCdHUEhkuCKURe7upjXUOhExaIKTdKIRgQTEQIABgUCQHRl RwAKCRCv9GcLD3qNAWt5AJ9t8EbD+ZoZP6ZcJRIH0byTXSvaIACgtcC7OUBQayGD eKpkyyTpUTTJFpyIRgQQEQIABgUCQIqtrgAKCRD3I19KjVOvnhkdAKCLJygVD/kJ lQWaJkxgU5ykneSklQCeN8508dGDEY0gmq+uJPtdgDCusy6IRgQSEQIABgUCQHOm twAKCRDvy83/YfBbjGClAJ9kF+WHOy0ctth6wvisP04IH8YCBwCeLYt5p8KLLZ9v T/+kn5KNrNmZJay5AQ0EOBx96RAEAMnQiAMYTglVoIciiw5l0YIuE/Uh4KSPhf1X TY4CqZrjpv56QSlhndyM5Q9vhC/bpnzMCl4A1YCb2MPMO5QYD1URI13KkG7HX6hz eW/ANfs/DJ6o1odOu3deSIzgb/TEqLV6rr7IcY/hkn3IuAiBCrMR/3kKx5AkyKOQ ZNsd40sHAAMFA/4jrzq9HoWmeEFG25U7s43NvoDFtrlt8IaS/BVdVCx599yT+BPT RmwRfpkV7TAKghgXp0SKYgo1Bp6tdyymTiZ8Ly14CUiuPYBOBifjsFoeVXWj1arW FmmQWd4d59scGoITMh39f0XTxpgGjVVxNbdqSMS+khzP5acQ27DsFMbtMIhGBBgR AgAGBQI4HH3pAAoJEBqtJsgPVx9stTUAnikTmI5ST+k6VhT2gltex+sDmr6NAJoC qkfo4qjAQCyqTx5Eg3NKuxafqQ== =jITK -----END PGP PUBLIC KEY BLOCK----- samhain-3.1.0/dsys/postinstall0000644000175000017500000000305010414541166013335 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # name=`./samhain-install.sh --print-config name` sbin=`./samhain-install.sh --print-config sbin_dir` rcfi=`./samhain-install.sh --print-config config_file` passwd=$1 setpwd="./${name}_setpwd" # Install the prepared configuration file. # test -f ./prepared_samhainrc || exit 1 ./samhain-install.sh --install-sh -m 600 ./prepared_samhainrc "$rcfi" || exit 1 # Gentoo noise # rm -f /etc/init.d/._cfg????_${name} rm -f /etc/._cfg????_${name}rc # Set the password within the executable. # if test "x${passwd}" = "xDUMMY" then rm -f "$sbin/${name}_setpwd" else current=`pwd` cd "$sbin" || exit 1 eval "$setpwd" "$name" new "$passwd" || exit 1 if test -f "${name}.new" then rm "$name" || exit 1 mv "${name}.new" "$name" || exit 1 rm -f "./${name}_setpwd" fi cd "$current" fi exit 0 samhain-3.1.0/dsys/comDOWNLOAD0000644000175000017500000001677010414540734012704 00000000000000######################################################################### # # Subroutine for the 'download' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandDOWNLOAD() { printINFO "About to run \"$action\" for samhain version \"$src_version\"" needEXE du gunzip tar gpg if test x"$simulate" = x0 then cd "${basedir}/tmp" || printFATAL "could not cd to ${basedir}/tmp" rm -f "samhain-${src_version}.tar.gz" else # # -- Simulate only: print what would be done # printINFO "cd ${basedir}/tmp" printINFO "rm -f samhain-${src_version}.tar.gz" fi command="" if test -z "$command" then findEXE wget if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="--quiet" opt2="-O" opt3="-" fi fi if test -z "$command" then findEXE curl if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="--silent" opt2="--show-error" opt3="--fail" fi fi if test -z "$command" then findEXE lynx if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="-source" opt2="" opt3="" fi fi if test -z "$command" then findEXE links if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="-source" opt2="" opt3="" fi fi if test -z "$command" then findEXE lwp-request if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="" opt2="" opt3="" fi fi if test -z "$command" then findEXE fetch if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="-q" opt2="-o" opt3="-" fi fi if test -z "$command" then findEXE fget if test -n "$EXECUTABLE" then command="$EXECUTABLE" opt1="" opt2="" opt3="" fi fi if test -z "$command" then printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download" fi if test x"${src_version}" = xcurrent then location="http://la-samhna.de/samhain/samhain-current.tar.gz" if test -f /usr/bin/md5sum && test -f /bin/hostname then # # for testing # dl_tmp_hna=`/bin/hostname -f 2>/dev/null` dl_tmp_md5=`echo "x${dl_tmp_hna}" | md5sum` if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" then location="http://localhost/samhain-current.tar.gz" fi fi else location="http://la-samhna.de/archive/samhain_signed-${src_version}.tar.gz" if test -f /usr/bin/md5sum && test -f /bin/hostname then # # for testing # dl_tmp_hna=`/bin/hostname -f 2>/dev/null` dl_tmp_md5=`echo "x${dl_tmp_hna}" | /usr/bin/md5sum 2>/dev/null` if test x"$dl_tmp_md5" = "xc5f41bf28a7baf12c763f1be27a9b863" then location="http://localhost/samhain_signed-${src_version}.tar.gz" fi fi fi printINFO "Executing $command $opt1 $opt2 $opt3 $location" if test x"$simulate" = x0 then eval "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" 2>/dev/null else printINFO "$command" "$opt1" "$opt2" "$opt3" "$location" 1>"samhain-${src_version}.tar.gz" printINFO "du -s -k samhain-${src_version}.tar.gz | awk '{ print $1 }'" printLOG "Downloaded to samhain-${src_version}.tar.gz (XXX kB)" printINFO "gunzip -c samhain-${src_version}.tar.gz | tar -tvf - " printINFO "Source in tarball is version X.X.X" printINFO "Unpacking to ${tmpD}" printINFO "cd ${tmpD}" printINFO "gunzip -c ${basedir}/tmp/samhain-${src_version}.tar.gz | tar -xf -" printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar.gz" printINFO "Checking PGP signature" printINFO "(LANG=C; gpg --status-fd 1 --verify samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz 2>&1 | grep 'GOODSIG')" printINFO "cp samhain-X.X.X.tar.gz.asc samhain-X.X.X.tar.gz ${basedir}/source" printLOG "Installed samhain (X.X.X) source" return 0 fi if test -f "samhain-${src_version}.tar.gz" then : else printFATAL "failed: $command $location" fi size=`du -s -k "samhain-${src_version}.tar.gz" | awk '{ print $1 }'` if test $size -lt 100 then rm -f "samhain-${src_version}.tar.gz" printFATAL "failed: $command $location" else printLOG "Downloaded to samhain-${src_version}.tar.gz (${size} kB)" fi files=`gunzip -c "samhain-${src_version}.tar.gz" | tar -tvf - 2>/dev/null` sig=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null` sig_version=`echo $files | egrep ' samhain.*tar\.gz\.asc$' 2>/dev/null | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz\.asc//g'` if test x"$sig" = x then rm -f "samhain-${src_version}.tar.gz" printFATAL "downloaded file does not contain a PGP signature" fi if test x"${sig_version}" = x then rm -f "samhain-${src_version}.tar.gz" printFATAL "cannot determine samhain version from downloaded file" fi if test x"${src_version}" != xcurrent then if test x"${src_version}" != x"${sig_version}" then rm -f "samhain-${src_version}.tar.gz" printFATAL "downloaded version (${sig_version}) != requested version (${src_version})" fi fi printINFO "Source in tarball is version ${sig_version}" printINFO "Unpacking to ${basedir}/source" cd "${tmpD}" || { rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" printFATAL "could not cd to ${tmpD}" } gunzip -c "${basedir}/tmp/samhain-${src_version}.tar.gz" | tar -xf - rm -f "${basedir}/tmp/samhain-${src_version}.tar.gz" if test -f "samhain-${sig_version}.tar.gz" then if test -f "samhain-${sig_version}.tar.gz.asc" then : else printFATAL "not found in source: PGP signature samhain-${sig_version}.tar.gz.asc" fi else printFATAL "not found in source: samhain-${sig_version}.tar.gz" fi printINFO "Checking PGP signature" sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null)` sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` if test x"${sig_nokey}" != x then printWARNING "Public key (ID 0F571F6C) not found, trying to import it." gpg --import ${basedir}/private/0F571F6C.asc 2>&5 sig_ok=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz" 2>/dev/null | grep 'GOODSIG')` fi if test x"${sig_ok}" = x then (LANG="C"; gpg --verify "samhain-${sig_version}.tar.gz.asc" "samhain-${sig_version}.tar.gz") printFATAL "no good signature" fi cp "samhain-${sig_version}.tar.gz" "samhain-${sig_version}.tar.gz.asc" \ ${basedir}/source/ || \ printFATAL "failed: cp samhain-${sig_version}.tar.gz samhain-${sig_version}.tar.gz.asc ${basedir}/source/" printLOG "Installed samhain source (version=${sig_version})" return 0 } samhain-3.1.0/dsys/comCLEAN0000644000175000017500000000432610414540720012304 00000000000000######################################################################### # # Subroutine for the 'clean' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandCLEAN() { printINFO "About to run \"$action\"" cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" LIST=`ls samhain*.tar.gz 2>/dev/null` if test x$? != x0 then printINFO "No sources available." fi for ff in $LIST do sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` if test x"${sh_version}" = x then printFATAL "Cannot determine version for $ff" fi if test "$ff" != "samhain-${sh_version}.tar.gz" then printFATAL "Version number not correctly extracted from $ff" fi if test -f "samhain-${sh_version}.tar.gz.asc" then printINFO "REMOVE samhain-${sh_version}.tar.gz.asc" if test x"$simulate" = x0 then rm -f "samhain-${sh_version}.tar.gz.asc" else printINFO "rm -f samhain-${sh_version}.tar.gz.asc" fi fi if test -f "samhain-${sh_version}.tar.gz" then printINFO "REMOVE samhain-${sh_version}.tar.gz" if test x"$simulate" = x0 then rm -f "samhain-${sh_version}.tar.gz" else printINFO "rm -f samhain-${sh_version}.tar.gz" fi fi done printLOG "Cleaned sources in ${basedir}/source/" dbSHOWPKG dontshow delete printLOG "Cleaned unused packages in ${basedir}/archpkg/" return 0 } samhain-3.1.0/dsys/funcBUILD0000644000175000017500000001425710414541004012476 00000000000000######################################################################### # # Subroutine for bulding from source # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # #------------------------------------------------------------------------ # List available sources #------------------------------------------------------------------------ listSRC() { OKSRCLIST=""; export OKSRCLIST echo > $tmpF; needEXE ls gpg cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" LIST=`ls samhain*.tar.gz 2>/dev/null` if test x"$LIST" = x then printFATAL "No source tarball found in ${basedir}/source. Please use 'deploy.sh download'." fi for ff in $LIST do sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` if test x"${sh_version}" = x then printFATAL "Cannot determine version for $ff" fi if test "$ff" != "samhain-${sh_version}.tar.gz" then printFATAL "Version number not correctly extracted from $ff" fi if test -f "samhain-${sh_version}.tar.gz.asc" then : else printWARNING "No detached signature for $ff found" continue fi sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` if test x"${sig_nokey}" != x then printWARNING "Public key (ID 0F571F6C) not found, trying to import it." gpg --import ${basedir}/private/0F571F6C.asc 2>&5 sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` fi if test x"${sig_nokey}" != x then printFATAL "Importing public key failed." fi if test x"${sig_ok}" = x then printWARNING "File $ff has no good signature" continue fi if test x"$1" = x then OKSRCLIST="$OKSRCLIST ${sh_version}" else if test x"$1" = x"${sh_version}" then OKSRCLIST="${sh_version}" return 0 fi fi done if test x"$OKSRCLIST" = x then printFATAL "No source tarball found. Please use 'deploy.sh download'." fi for dd in $OKSRCLIST do echo $dd >> "$tmpF" done OKSRCLIST=`cat "$tmpF" | sort -r | sed 9q` export OKSRCLIST rm -f "$tmpF" && touch "$tmpF" echo $OKSRCLIST > "$tmpF" return 0 } selBVERSION() { #--------------------------------------------------------------------- # Select version to build #--------------------------------------------------------------------- if test x"$src_version" = x then if test x"$assumeyes" = x1 then printFATAL "No version selected, aborting." fi promptINFO "Checking which versions are available" ((listSRC | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 OKSRCLIST=`cat "$tmpF"` n=0 for word in $OKSRCLIST do n=`expr $n + 1` eval part$n="$word" done command="promptMENU 'Please select version to build' " for word in $OKSRCLIST do command="$command '${word}'" done eval ${command} m=$? if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else src_version="$MENU"; export src_version fi else ((listSRC "$src_version" | tee -a "$lastlog") 6>&1 1>&2 2>&6 | \ tee -a "$lastlog") 6>&1 1>&2 2>&6 fi } selBARCH() { #--------------------------------------------------------------------- # Select arch to build #--------------------------------------------------------------------- if test x"$arch" = x then if test x"$assumeyes" = x1 then printFATAL "No operating system selected, aborting." fi cd "$basedir"/configs || printFATAL "Cannot cd to $basedir/configs !" LIST=`ls *.configure 2>/dev/null` if test x"$LIST" = x then printFATAL "No config files found in ${basedir}/configs." fi n=0 command="promptMENU 'Please select operating system of build host' " ALIST="" FLIST="" for ff in $LIST do n=`expr $n + 1` osp=`echo $ff | sed s/\.configure//` ALIST="$ALIST $osp" FLIST="$FLIST $osp" if test $n -lt 8 then command="$command '${osp}'" fi done command="$command other" eval ${command} m=$? if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else arch="$MENU"; export arch if test x"$arch" = xother then promptINPUT "Please select operating system of build host from $FLIST or enter new one" if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` if test x"$found" = x then printLOG "Copy configuration for $INPUT from generic" cp generic.configure "${INPUT}.configure" fi arch="$INPUT"; export arch fi fi fi fi # arch selected or exited } selBFORMAT() { if test x"$format" = x then promptMENU "Please select format of binary package" "run" "rpm" "deb" "tbz2" "solaris-pkg" "depot" if test x$m = x1 then (exit 0); exit 0 elif test x$m = "x-1" then printFATAL "Something went wrong !" else format="$MENU"; export format fi fi } samhain-3.1.0/dsys/initscript0000644000175000017500000000643510414541143013156 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # startup=no # arg1: the --enable-nocl=password password (use 'start' for none) # arg2(optional): if 'startup', start the client and exit # # # 'nocl' is used to handle the --enable-nocl=password option. 'start' is a # reserved word, hence cannot be the password. # We are called with one argument, which may be 'start' to indicate that # the --enable-nocl=password option is not used. # if test "x$1" = x then nocl=start else nocl="$1" fi if test "x$2" = x then command="data" else command="$2" fi name=`./samhain-install.sh --print-config name` sbin=`./samhain-install.sh --print-config sbin_dir` # execute and exit for start|stop|restart|reload|status, else fallthrough case $command in start | stop) MONIT="" test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" if test x"$MONIT" = x then test -f /usr/bin/monit && MONIT="/usr/bin/monit" if test x"$MONIT" = x then : else zz=`/usr/bin/monit status | grep ${name}` if test x"$zz" = x then : else ${MONIT} "${command}" "${name}" exit 0 fi fi fi retval=0 if test -f /etc/init.d/${name} then /etc/init.d/${name} ${command} retval=$? elif test -f /etc/rc.d/init.d/${name} then /etc/rc.d/init.d/${name} ${command} retval=$? elif test -f "$sbin/$name" then $sbin/$name ${command} retval=$? else exit 1 fi if test x"$command" = xstop then exit 0 fi exit $retval ;; reload | restart | status ) if test -f /etc/init.d/${name} then /etc/init.d/${name} ${command} elif test -f /etc/rc.d/init.d/${name} then /etc/rc.d/init.d/${name} ${command} elif test -f "$sbin/$name" then $sbin/$name ${command} else exit 1 fi exit $? ;; *) ;; esac data=`./samhain-install.sh --print-config data_file` ddir=`./samhain-install.sh --print-config data_dir` remfile=no remdir=no if test -d "$ddir" then test -f "$data" || remfile=yes else ./samhain-install.sh --mkinstalldirs "$ddir" remdir=yes fi if test -f "$sbin/$name" then if test -f "$data" then rm "$data" || exit 1 fi if test x"$nocl" = xstart then $sbin/$name -t init -p err else echo '-t init -p err' | $sbin/$name "$nocl" fi else echo "$sbin/$name not found" >&2 exit 1 fi if test -f "$data" then cp "$data" ./data else echo "$data not found" >&2 exit 1 fi if test x"$remdir" = xyes then rm -rf "$ddir" elif test x"$remfile" = xyes then rm -f "$data" fi exit 0 samhain-3.1.0/dsys/funcINSTALL0000644000175000017500000003231710434037056012753 00000000000000######################################################################### # # Subroutines for installing # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # getconfopts () { fconf="$1" if test -f "$fconf" then # # check if readable # cat "$fconf" >/dev/null 2>&1 || return 1 # # empty string if no --enable-nocl=..., else password # is_nocl=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-nocl=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` if test x"${is_nocl}" = x then is_nocl="start" else printINFO "Option --enable-nocl=${is_nocl} used." fi # # # is_xor=`cat "$fconf" | tr -d '\n' | egrep "^ *'?--enable-stealth=" | sed -e "s%^ *%%" | sed -e "s%^'%%" | sed -e "s%^--enable-nocl=%%" | sed -e "s% *$%%" | sed -e "s%'$%%"` if test x"${is_xor}" = x then is_xor="no" else printINFO "Option --enable-stealth=${is_xor} used." fi return 0 else return 1 fi } writerecord () { IDATE=`date +"%Y-%m-%d %H:%M:%S"` echo " " echo " ${host}" echo " ${hostgroup}" echo " ${arch}" echo " ${install_entry}" echo " ${IDATE}" echo " ${SH_NAME}" echo " ${SH_PREFIX}" echo " ${src_version}.${realformat}" echo " " } FTEST=0 set_flag () { case "$line" in *\*) FTEST=0; return 0; ;; *\${host}\*) FTEST=1; return 1; ;; *) return ${FTEST}; ;; esac } #------------------------------------------------------------------------ # Update client db #------------------------------------------------------------------------ updateDB() { if test "x$1" = x then install_entry="D2_installed" else install_entry="$1" fi export install_entry if test x"$DATABASE" = x then DATABASE="${basedir}/${defdatabase}" fi updlock="${DATABASE}.lockdir" trap "rm -rf ${updlock}" 1 2 13 15 # # A lockfile will not work, because 'root' can write anyway. # However, 'mkdir' an existing directory will fail even for root # until (umask 222; mkdir "${updlock}") 2>/dev/null # test & set do printINFO "Waiting for lock" sleep 1 done IDATE=`date +"%Y-%m-%d %H:%M:%S"` rm -f "$tmpF"; touch "$tmpF" if test -f "$DATABASE"; then rcfile_perm=`ls -l "${DATABASE}" | \ awk '{ u= substr($1,2,3); g=substr($1,5,3); o=substr($1,8,3); \ gsub("-","",u); gsub("-","",g); gsub("-","",o); \ print "u=" u ",g=" g ",o=" o; }'` rcfile_perm=`echo ${rcfile_perm} | sed s%g=,%g-rwx,% | sed s%,o=$%,o-rwx%` rcfile_owner=`ls -l "${DATABASE}" | \ awk '{print $3 }'` rcfile_group=`ls -l "${DATABASE}" | \ awk '{print $4 }'` else rcfile_perm=640; rcfile_owner=`ls -ld ${basedir} | awk '{print $3 }'` rcfile_group=`ls -ld ${basedir} | awk '{print $4 }'` fi if test -f "${DATABASE}" then SStr1=`grep '' "${DATABASE}"` if test "x${SStr1}" != "x" then SStr2=`grep "${host}" "${DATABASE}"` SStr3= if test "x${SStr2}" != "x" then # REPLACE printINFO "Replace ${host} in ${DATABASE}" exec 3<&0 <"${DATABASE}" while read line do # for some reason, var=xx only works in a function call (why?) # # here we test if we are still in the same client block # (set_flag will return 0 for and following) set_flag "$line" if test "x$?" = "x1" then # # Write the full entry when client_os_machine is found # case "$line" in *\*\) echo " ${hostgroup}" >>"${tmpF}" echo " ${arch}" >>"${tmpF}" echo " ${install_entry}" >>"${tmpF}" echo " ${IDATE}" >>"${tmpF}" echo " ${SH_NAME}" >>"${tmpF}" echo " ${SH_PREFIX}" >>"${tmpF}" echo " ${src_version}.${realformat}" >>"${tmpF}" ;; *\*\) : ;; *\*\) : ;; *\*\) : ;; *\*\) : ;; *\*\) : ;; *\*\) : ;; *) echo "$line" >>"${tmpF}" ;; esac else echo "$line" >>"${tmpF}" fi done exec 0<&3 3<&- cp "${tmpF}" "${DATABASE}" else # WRITE NEW CLIENT RECORD printINFO "Write record for ${host} in ${DATABASE}" exec 3<&0 <"${DATABASE}" while read line do if test "x$line" = "x" then echo "$line" >>"${tmpF}" writerecord >>"${tmpF}" else echo "$line" >>"${tmpF}" fi done exec 0<&3 3<&- cp "${tmpF}" "${DATABASE}" fi else # COMPLAIN printLOG "File ${DATABASE} exists, but has wrong format"; fi else # WRITE XML FROM SCRATCH printINFO "Write ${DATABASE} from scratch" echo '' >"${tmpF}" echo '' \ >>"${tmpF}" echo "" >>"${tmpF}" writerecord >>"${tmpF}" echo "" >>"${tmpF}" cp "${tmpF}" "${DATABASE}" fi chown ${rcfile_owner}:${rcfile_group} "${DATABASE}" if [ $? -ne 0 ]; then rm -rf "${updlock}" printFATAL "Could not chown ${rcfile_owner}:${rcfile_group} ${DATABASE}" fi chmod ${rcfile_perm} "${DATABASE}" if [ $? -ne 0 ]; then rm -rf "${updlock}" printFATAL "Could not chmod ${rcfile_perm} ${DATABASE}" fi rm -rf "${updlock}" } ageFILE() { file="$1" if test -f "${file}" then test -f "${file}.9" && { rm -f "${file}.9" || printFATAL "rm -f ${file}.9 failed."; } test -f "${file}.8" && { mv "${file}.8" "${file}.9" || printFATAL "mv ${file}.8 ${file}.9 failed."; } test -f "${file}.7" && { mv "${file}.7" "${file}.8" || printFATAL "mv ${file}.7 ${file}.8 failed."; } test -f "${file}.6" && { mv "${file}.6" "${file}.7" || printFATAL "mv ${file}.6 ${file}.7 failed."; } test -f "${file}.5" && { mv "${file}.5" "${file}.6" || printFATAL "mv ${file}.5 ${file}.6 failed."; } test -f "${file}.4" && { mv "${file}.4" "${file}.5" || printFATAL "mv ${file}.4 ${file}.5 failed."; } test -f "${file}.3" && { mv "${file}.3" "${file}.4" || printFATAL "mv ${file}.3 ${file}.4 failed."; } test -f "${file}.2" && { mv "${file}.2" "${file}.3" || printFATAL "mv ${file}.2 ${file}.3 failed."; } test -f "${file}.1" && { mv "${file}.1" "${file}.2" || printFATAL "mv ${file}.1 ${file}.2 failed."; } test -f "${file}" && { mv "${file}" "${file}.1" || printFATAL "mv ${file} ${file}.1 failed."; } fi return 0; } #------------------------------------------------------------------------ # The path to yule data #------------------------------------------------------------------------ pathYDATA() { if test "x${yule_data}" = x then promptINPUT "Please enter the path to your yule executable" yule_data="$INPUT"; export yule_data fi if test -d "${yule_data}" then : else printFATAL "Path to yule data directory not given." fi } #------------------------------------------------------------------------ # The path to yule #------------------------------------------------------------------------ pathYULE() { if test "x${yule_exec}" = x then findEXE yule if test -n "$EXECUTABLE" then yule_exec="$EXECUTABLE" export yule_exec fi else if test -f "${yule_exec}" then : else yule_exec="" findEXE yule if test -n "$EXECUTABLE" then yule_exec="$EXECUTABLE" export yule_exec fi fi fi if test "x${yule_exec}" = x then promptINPUT "Please enter the path to your yule executable" yule_exec="$INPUT"; export yule_exec fi if test -f "${yule_exec}" then if "${yule_exec}" --help 2>&1 | grep qualified >/dev/null 2>&1 then : else printFATAL "${yule_exec} is not Yule, or not executable." fi else printFATAL "Path to yule executable directory not given." fi } #------------------------------------------------------------------------ # Select operating system #------------------------------------------------------------------------ selbinARCH() { #--------------------------------------------------------------------- # Select arch to build #--------------------------------------------------------------------- if test x"$arch" = x then if test x"$assumeyes" = x1 then printFATAL "No operating system selected, aborting." fi cd "$basedir/archpkg" || printFATAL "Cannot cd to $basedir/archpkg !" LIST=`ls 2>/dev/null` if test x"$LIST" = x then printFATAL "No OS directories found in ${basedir}/archpkg." fi n=0 command="promptMENU 'Please select operating system of host' " ALIST="" FLIST="" for ff in $LIST do haspkg=`ls $ff/samhain-* 2>/dev/null` if test x"$haspkg" = x then : else n=`expr $n + 1` osp="$ff" ALIST="$ALIST $ff" FLIST="$FLIST $ff" if test $n -lt 8 then command="$command '${ff}'" fi fi done if test $n -ge 8 then command="$command other" fi eval ${command} m=$? if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else arch="$MENU"; export arch if test x"$arch" = xother then promptINPUT "Please select operating system of host from $FLIST" if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else found=`echo $FLIST | sed -n /$INPUT/p 2>/dev/null` if test x"$found" = x then printFATAL "There is no package for $INPUT" fi arch="$INPUT"; export arch fi fi fi fi # arch selected or exited } selbinVERSION() { OKVERLIST="" #--------------------------------------------------------------------- # Select version #--------------------------------------------------------------------- if test x"$src_version" = x then if test x"$assumeyes" = x1 then printFATAL "No version selected, aborting." fi cd "${basedir}/archpkg/${arch}" || printFATAL "Cannot cd to ${basedir}/archpkg/${arch} !" LIST=`ls samhain-* 2>/dev/null` if test x"$LIST" = x then printFATAL "No binary package found in ${basedir}/archpkg/${arch}." fi # -------------------------------------------------- # Build a list of ${version}.${format} # -------------------------------------------------- for ff in $LIST do sh_version=`echo "$ff" | sed 's/samhain\-//g'` if test -f "install-${sh_version}" then OKVERLIST="$OKVERLIST ${sh_version}" fi done rm -f "$tmpF" && touch "$tmpF" for dd in $OKVERLIST do echo "$dd" >>"$tmpF" done OKVERLIST=`cat "$tmpF" | sort -r` rm -f "$tmpF" && touch "$tmpF" command="promptMENU 'Please select version to install' " for word in $OKVERLIST do command="$command '${word}'" done eval ${command} m=$? if test x$m = x1 then (exit 0); exit 0; elif test x$m = "x-1" then printFATAL "Something went wrong !" else first_version="$MENU"; fi src_version=`echo ${first_version} | sed s%\.run%% | sed s%\.rpm%% | sed s%\.deb%% | sed s%\.tbz2%% | sed s%\.depot%% | sed s%\.pkg%%` export src_version format=`echo ${first_version} | sed '/^\(.*\)\.\([0-9a-zA-Z]*\)$/{ s//\2/; q; }'` if test "x$format" = xpkg then format="solaris-pkg" fi export format fi } samhain-3.1.0/dsys/funcPRINT0000644000175000017500000000345610414541110012530 00000000000000######################################################################### # # Printing/logging Subroutines # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # Fatal error # printFATAL() { printERROR ${1+"$@"} main_exit_status=1 echo '1' > "$tmpERR" (exit 1); exit 1; } # Print a message to stderr # printERROR() { echo "ERROR:" ${1+"$@"} >&2 } # Print a message to stderr # printWARNING() { echo "WARNING:" ${1+"$@"} >&2 } # Print a message to stdout # printLOG() { if test $silent -lt 2 then now=`date` if test -z "$logfile" then if test x"$simulate" = x0 then echo "${now}:" ${1+"$@"} else echo "${now}: (simulate)" ${1+"$@"} fi else if test x"$simulate" = x0 then echo "${now}:" ${1+"$@"} >"$logfile" else echo "${now}: (simulate)" ${1+"$@"} >"$logfile" fi fi fi } # Print a message to stdout # printINFO() { if test x"$silent" = x0 then if test x"$simulate" = x0 then echo ${1+"$@"} else echo "(simulate)" ${1+"$@"} fi fi } samhain-3.1.0/dsys/preinstall0000644000175000017500000000257110414541201013133 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # name=`./samhain-install.sh --print-config name` sbin=`./samhain-install.sh --print-config sbin_dir` MONIT="" test -f /usr/local/bin/monit && MONIT="/usr/local/bin/monit" if test x"$MONIT" = x then test -f /usr/bin/monit && MONIT="/usr/bin/monit" if test x"$MONIT" = x then : else zz=`/usr/bin/monit status | grep ${name}` if test x"$zz" = x then : else ${MONIT} stop "${name}" exit 0 fi fi fi if test -f /etc/init.d/${name} then /etc/init.d/${name} stop elif test -f /etc/rc.d/init.d/${name} then /etc/rc.d/init.d/${name} stop else if test -f $sbin/$name then $sbin/$name stop fi fi exit 0 samhain-3.1.0/dsys/comBUILD0000644000175000017500000002230311477223561012327 00000000000000######################################################################### # # Subroutine for the 'build' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandBUILD() { printINFO "About to run \"$action\"" if test -d "${basedir}/archpkg/${arch}" then : else if test -d "${basedir}/archpkg" then if test x"$simulate" = x0 then mkdir "${basedir}/archpkg/${arch}" else printINFO "mkdir ${basedir}/archpkg/${arch}" fi else if test x"$simulate" = x0 then mkdir "${basedir}/archpkg" && mkdir "${basedir}/archpkg/${arch}" else printINFO "mkdir ${basedir}/archpkg && mkdir ${basedir}/archpkg/${arch}" fi fi fi if test -f "${basedir}/configs/${arch}.configure" then : else printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." fi local_test=`cat "${basedir}/configs/${arch}.configure" | tr -d '\n' | egrep "^ *'?--with-logserver=FQDN_MISSING"` if test x"${local_test}" = x then : else printFATAL "Your configuration file has a bad --with-logserver option." fi if test x"$bd_packed" = x then printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}" else printINFO "Building version: ${src_version}, host: ${host}, os: ${arch}, format: ${format}, packed: password=${bd_packed}" fi tmpdir=`eval echo "${temp_dir}/sh_${src_version}_${arch}_${format}_$$"` #--------------------------------------------------------------------- # Create temporary build directory on build host. #--------------------------------------------------------------------- if test x"$simulate" = x0 then ssh -x -l "${bd_user}" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' else printINFO "ssh -x -l ${bd_user} ${host} (umask 0077; mkdir ${tmpdir})" fi if test x"$?" != x0 then printFATAL "Could not create temporary build directory on host ${host}." else printLOG "Build directory ${tmpdir} created on host ${host}" fi #--------------------------------------------------------------------- # Copy source tarball to build host. #--------------------------------------------------------------------- if test x"$simulate" = x0 then rm -f "${basedir}/tmp/samhain-${src_version}.tar" gunzip -c "${basedir}/source/samhain-${src_version}.tar.gz" > "${basedir}/tmp/samhain-${src_version}.tar" else printINFO "rm -f ${basedir}/tmp/samhain-${src_version}.tar" printINFO "gunzip -c ${basedir}/source/samhain-${src_version}.tar.gz > ${basedir}/tmp/samhain-${src_version}.tar" fi if test x"$?" != x0 then printFATAL "Could not gunzip source to ${basedir}/tmp/samhain-${src_version}.tar." fi if test x"$simulate" = x0 then if test x"$silent" = x0 then scp "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" else scp -q "${basedir}/tmp/samhain-${src_version}.tar" "${bd_user}@${host}:${tmpdir}/" fi else if test x"$silent" = x0 then printINFO "scp ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" else printINFO "scp -q ${basedir}/tmp/samhain-${src_version}.tar ${bd_user}@${host}:${tmpdir}/" fi fi if test x"$?" != x0 then printFATAL "Could not copy source to host ${host}." else printINFO "Source copied to host ${host}." fi #--------------------------------------------------------------------- # Build the package. #--------------------------------------------------------------------- if test x"$silent" = x0 then config_com='./configure' else config_com='./configure --silent' fi if test -f "${basedir}/configs/${arch}.configure" then while read line do if test -z "`echo $line | awk '/^#/'`" then nline=`echo ${line} | tr -d '\n'` config_com="${config_com} ${nline}" fi done <"${basedir}/configs/${arch}.configure" else printFATAL "Configure options file ${basedir}/configs/${arch}.configure not found." fi printINFO "configure command is ${config_com}" if test x"$bd_packed" = x then command="make clean" else command="make CLIENTPASSWD=${bd_packed} samhain-packed" fi command=`eval echo $command`; if test x"$simulate" = x0 then if test $silent -lt 2 then ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'")'\' else ssh -x -l "${bd_user}" "${host}" /bin/sh -c \''(PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:${PATH}:${bd_addpath}'" && export PATH && cd "'${tmpdir}'" && tar -xf "'samhain-${src_version}.tar'" && cd "'samhain-${src_version}'" && eval "'${config_com}'" && eval "'${command}'" && make "'${format}-light'") >/dev/null'\' fi else if test $silent -lt 2 then printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light)'" else printINFO "ssh -x -l ${bd_user} ${host} /bin/sh -c '(PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\${PATH}:${bd_addpath} && export PATH && cd ${tmpdir} && tar -xf samhain-${src_version}.tar && cd samhain-${src_version} && eval ${config_com} && eval ${command} && make ${format}-light) >/dev/null'" fi fi if test x"$?" != x0 then printFATAL "Could not build package on host ${host}." else printINFO "Source compiled." fi #--------------------------------------------------------------------- # Fetch package and remove temporary build directory on build host. #--------------------------------------------------------------------- realformat=`echo $format | sed s,solaris-,,` if test x"$simulate" = x0 then ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-install.sh'")' >"${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" else printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-install.sh) >${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" fi if test x"$?" != x0 then printFATAL "Could not fetch samhain-install.sh script from host ${host}." fi chmod +x "${basedir}/archpkg/${arch}/install-${src_version}.${realformat}" if test x"$simulate" = x0 then ssh -x -l "${bd_user}" "${host}" '(cat "'${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat}'" && rm -rf "'${tmpdir}'")' >"${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" else printINFO "ssh -x -l ${bd_user} ${host} (cat ${tmpdir}/samhain-${src_version}/samhain-${src_version}.${realformat} && rm -rf ${tmpdir}) >${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" fi if test x"$?" != x0 then printFATAL "Could not fetch package samhain-${src_version}.${realformat} from host ${host}." else printLOG "Build directory ${tmpdir} deleted on host ${host}." fi chmod +x "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" if test x"$simulate" = x0 then pkgsize=`ls -l "${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat}" | awk '{print $5}'` if test "x$pkgsize" = "x0"; then printFATAL "Returned package file is empty." fi else printINFO "ls -l ${basedir}/archpkg/${arch}/samhain-${src_version}.${realformat} | awk '{print $5}'" fi # >> Save password # if test x"$bd_packed" = x then : else if test x"$simulate" = x0 then echo "$bd_packed" >"${basedir}/archpkg/${arch}/PASSWD-${src_version}.${realformat}" fi fi # >> Save configure options # if test x"$simulate" = x0 then cp "${basedir}/configs/${arch}.configure" "${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" else printINFO "cp ${basedir}/configs/${arch}.configure ${basedir}/archpkg/${arch}/configure-${src_version}.${realformat}" fi printLOG "New package: ${arch}/samhain-${src_version}.${realformat}." } samhain-3.1.0/dsys/comCHECKSRC0000644000175000017500000000663610414540704012657 00000000000000######################################################################### # # Subroutine for the 'checksrc' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandCHECKSRC() { printINFO "About to run \"$action\"" needEXE ls gpg cd "${basedir}/source" || printFATAL "could not cd to ${basedir}/source" LIST=`ls samhain*.tar.gz 2>/dev/null` if test x$? != x0 then printINFO "No sources available." fi for ff in $LIST do sh_version=`echo "$ff" | sed 's/.*samhain\-//g' | sed 's/\.tar\.gz//g'` if test x"${sh_version}" = x then printFATAL "Cannot determine version for $ff" fi if test "$ff" != "samhain-${sh_version}.tar.gz" then printFATAL "Version number not correctly extracted from $ff" fi if test -f "samhain-${sh_version}.tar.gz.asc" then : else printWARNING "No detached signature for $ff found" if test x"$cs_delete" = x1 then if test x"$simulate" = x0 then printLOG "REMOVE $ff: No detached signature found." rm -f "$ff" else printLOG "REMOVE $ff: No detached signature found." printINFO "rm -f $ff" fi else printLOG "BAD: $ff (no signature)" fi continue fi sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` if test x"${sig_nokey}" != x then printWARNING "Public key (ID 0F571F6C) not found, trying to import it." gpg --import ${basedir}/private/0F571F6C.asc 2>&5 sig_lines=`(LANG="C"; gpg --status-fd 1 --verify "samhain-${sh_version}.tar.gz.asc" "samhain-${sh_version}.tar.gz" 2>/dev/null)` sig_ok=`echo ${sig_lines} | grep 'GOODSIG'` sig_nokey=`echo ${sig_lines} | grep 'NO_PUBKEY'` fi if test x"${sig_nokey}" != x then printFATAL "Importing public key failed." fi if test x"${sig_ok}" = x then printWARNING "File $ff has no good signature" if test x"$cs_delete" = x1 then if test x"$simulate" = x0 then printLOG "REMOVE $ff: No good signature found." rm -f "$ff" else printLOG "REMOVE $ff: No good signature found." printINFO "rm -f $ff" fi else printLOG "BAD: $ff (invalid signature)" fi continue fi printLOG "OK: $ff" done if test x"$cs_delete" = x1 then printLOG "Checked sources in ${basedir}/source/ (delete=on)" else printLOG "Checked sources in ${basedir}/source/ (delete=off)" fi return 0 } samhain-3.1.0/dsys/funcDB0000644000175000017500000001647210414541020012123 00000000000000######################################################################### # # More subroutines for client DB # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # DBFTEST=0 dbSETFLAG() { case "$line" in *\*) DBFTEST=0; return 0; ;; *\${DB_host}\*) DBFTEST=1; return 1; ;; *) return ${DBFTEST}; ;; esac } DB_arch=""; export DB_arch; DB_status=""; export DB_status; DB_version=""; export DB_version; DB_date=""; export DB_date; DB_name=""; export DB_name; dbINFO() { if test "x$1" = x then printFATAL "No host specified, aborting" else DB_host="$1" fi DB_arch=""; export DB_arch; DB_status=""; export DB_status; DB_version=""; export DB_version; DB_date=""; export DB_date; DB_name=""; export DB_name; if test x"$DATABASE" = x then DATABASE="${basedir}/${defdatabase}" fi if test -f "${DATABASE}" then SStr1=`grep '' "${DATABASE}"` if test "x${SStr1}" != "x" then SStr2=`grep "${DB_host}" "${DATABASE}"` SStr3= if test "x${SStr2}" != "x" then exec 3<&0 <"${DATABASE}" while read line do # for some reason, var=xx only works in a function call (why?) # # here we test if we are still in the same client block # (set_flag will return 0 for and following) dbSETFLAG "$line" if test "x$?" = "x1" then case "$line" in *\*\) DB_arch=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_os_machine>\(.*\)$/{ s//\2/; q; }'` export DB_arch ;; *\*\) DB_status=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_status>\(.*\)$/{ s//\2/; q; }'` export DB_status ;; *\*\) DB_date=`echo "$line" | sed '/^\(.*\)\([ 0-9a-zA-Z_.:,-]*\)<\/client_install_date>\(.*\)$/{ s//\2/; q; }'` export DB_date ;; *\*\) DB_name=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_-]*\)<\/client_install_name>\(.*\)$/{ s//\2/; q; }'` export DB_name ;; *\*\) ;; *\*\) DB_version=`echo "$line" | sed '/^\(.*\)\([0-9a-zA-Z_.-]*\)<\/client_install_version>\(.*\)$/{ s//\2/; q; }'` export DB_version ;; *) ;; esac else : fi done exec 0<&3 3<&- return 0 else printINFO "Host ${DB_host} not found in client database" return 1 fi else printINFO "Client database ${DATABASE} in bad shape" return 1 fi else printINFO "Client database ${DATABASE} not available" return 1 fi } DB_hostlist=""; export DB_hostlist dbHOSTLIST() { DB_hostlist=""; export DB_hostlist if test x"$DATABASE" = x then DATABASE="${basedir}/${defdatabase}" fi if test -f "${DATABASE}" then DB_hostlist=`cat "${DATABASE}" | grep 'client_host' | sed '/^\(.*\)\([0-9a-zA-Z.-]*\)<\/client_host>\(.*\)$/{ s//\2/; }' | sort` export DB_hostlist return 0 else printINFO "Client database ${DATABASE} not available" return 1 fi } dbSHOWHOSTS() { if test "x$1" = x then dbHOSTLIST else DB_hostlist="$1" fi if test "x$?" = x1 then printLOG "No known hosts - database unavailable" fi if test "x${DB_hostlist}" = x then printLOG "No known hosts - database unavailable, empty, or corrupt" fi for ff in ${DB_hostlist} do dbINFO "$ff" if test "x$?" = x1 then : else test -z "${DB_date}" && DB_date="INDEF" test -z "${DB_arch}" && DB_arch="INDEF" test -z "${DB_version}" && DB_version="INDEF" tmp_status="-" if test "x$DB_status" = xinstalled then tmp_status="o" elif test "x$DB_status" = xD2_installed then tmp_status="i" elif test "x$DB_status" = xD2_removed then tmp_status="u" fi out=`echo | awk '{ printf "%1s %14s %-11s %19s %s\n", "'"${tmp_status}"'", "'"${DB_arch}"'", "'"${DB_version}"'", "'"${DB_date}"'", "'"${ff}"'" }'` printINFO "${out}" fi done } dbSHOWPKG() { delete=no show=no if test x"$1" = xshow then show=yes fi if test x"$2" = xdelete then delete=yes fi cd "${basedir}/archpkg" || printFATAL "Cannot cd to ${basedir}/archpkg" dbHOSTLIST if test x"$DATABASE" = x then DATABASE="${basedir}/${defdatabase}" fi LIST=`ls` this_dir=`pwd` for dd in $LIST do if test -d "$dd" then cd "$dd" PKGLIST=`ls samhain-* 2>/dev/null` for ff in $PKGLIST do if test -f "$ff" then version=`echo "$ff" | sed -e 's%samhain-%%'` tmp_status="-" grep "$version" "${DATABASE}" >/dev/null 2>&1 if test "x$?" = x0 then for hh in ${DB_hostlist} do dbINFO "$hh" if test x"${DB_arch}" = x"${dd}" && \ test x"${DB_version}" = x"${version}" then tmp_status="-" if test "x$DB_status" = xinstalled then tmp_status="o" elif test "x$DB_status" = xD2_installed then tmp_status="i" fi break fi done else tmp_status="-" fi if test x"${show}" = xyes then printINFO "${tmp_status} ${dd}/${version}" fi if test x"${delete}" = xyes && test x"${tmp_status}" = "x-" then printLOG "REMOVE ${dd}/${version}" if test x"$simulate" = x0 then rm -f "samhain-${version}" rm -f "install-${version}" rm -f "configure-${version}" else printINFO "rm -f ${dd}/samhain-${version}" printINFO "rm -f ${dd}/install-${version}" printINFO "rm -f ${dd}/configure-${version}" fi fi fi done cd "${this_dir}" fi done } samhain-3.1.0/dsys/comUNINSTALL0000644000175000017500000001606311477223647013054 00000000000000######################################################################### # # Subroutine for the 'uninstall' command # ######################################################################### # # Copyright Rainer Wichmann (2005) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # commandUNINSTALL() { printINFO "About to run \"$action\" on host \"$host\"" format=`setupFORMAT ${DB_version}` realformat="$format" src_version=`setupVERSION ${DB_version}` test -f "${basedir}/archpkg/${DB_arch}/install-${DB_version}" || \ printFATAL "Install script ${DB_arch}/install-${DB_version} not found" name=`/bin/sh "${basedir}/archpkg/${DB_arch}/install-${DB_version}" '--print-config' 'name'` test x"$name" = x"${DB_name}" || \ printFATAL "Client database and installer files are inconsistent" arch="${DB_arch}" #--------------------------------------------------------------------- # Uninstall. #--------------------------------------------------------------------- if test "x$format" = "xrun"; then is_command="./samhain-install.sh --force --express purge" target="uninstall" elif test "x$format" = "xdeb"; then is_command="dpkg --purge" target="${DB_name}" elif test "x$format" = "xrpm"; then is_command="rpm --erase" target="${DB_name}" elif test "x$format" = "xtbz2"; then is_command="emerge unmerge" target="${DB_name}" elif test "x$realformat" = "xpkg"; then is_command="pkgremove" target="${DB_name}" elif test "x$realformat" = "xdepot"; then is_command="/usr/sbin/swremove" target="${DB_name}" else printFATAL "Don't know how to uninstall package format ${format}" fi if test x"$silent" = x0 then is_rmboot="./samhain-install.sh --force --express uninstall-boot" else is_rmboot="./samhain-install.sh --force --express --verbose uninstall-boot" fi #--------------------------------------------------------------------- # Create temporary directory on host. #--------------------------------------------------------------------- tmpdir=`eval echo "${temp_dir}/sh_${src_version}_${arch}_${format}_$$"` if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(umask 0077; mkdir "'${tmpdir}'")' else printINFO "ssh -x -l root ${host} (umask 0077; mkdir ${tmpdir})" fi if test x"$?" != x0 then printFATAL "Could not create temporary directory ${tmpdir} on host ${host}." else printLOG "Directory ${tmpdir} created on host ${host}." fi #--------------------------------------------------------------------- # Copy to host. #--------------------------------------------------------------------- if test -f "${basedir}/configs/${arch}.initscript" then cp "${basedir}/configs/${arch}.initscript" "${tmpD}/initscript" || \ printFATAL "Could not copy ${basedir}/configs/${arch}.initscript to ${tmpD}/initscript" is_initscript_full="${tmpD}/initscript" else is_initscript_full="${basedir}/libexec/initscript" fi if test x"$simulate" = x0 then if test x"$silent" = x0 then scp "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" else scp -q "${is_initscript_full}" "${basedir}/archpkg/${arch}/install-${src_version}.${format}" "root@${host}:${tmpdir}/" fi else if test x"$silent" = x0 then printINFO "scp ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" else printINFO "scp -q ${is_initscript_full} ${basedir}/archpkg/${arch}/install-${src_version}.${format} root@${host}:${tmpdir}/" fi fi if test x"$?" != x0 then printFATAL "Could not copy uninstall script to host ${host}." else printINFO "Script copied to host ${host}." fi #--------------------------------------------------------------------- # Run uninstall script. #--------------------------------------------------------------------- if test x"$simulate" = x0 then # # No, this is not a bug; the first 'start' argument to 'initscript' # is a required dummy argument. # if test x"$silent" = x0 then ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'")'\' else ssh -x -l "root" "${host}" /bin/sh -c \''(cd "'${tmpdir}'" && PATH="'/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH'" && export PATH && cp "'install-${src_version}.${format}'" samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "'${is_command}'" "'${target}'"; eval "'${is_rmboot}'") >/dev/null'\' fi else printINFO "ssh -x -l root ${host} (cd ${tmpdir} && && PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:\$PATH && export PATH cp install-${src_version}.${realformat} samhain-install.sh && chmod +x samhain-install.sh && chmod +x initscript && ./initscript start stop; eval "${is_command}" "${target}"; eval "${is_rmboot}")" fi if test x"$?" != x0 then printFATAL "Could not complete uninstall on host ${host}." else printLOG "Uninstall executed on host ${host}" fi #--------------------------------------------------------------------- # Clean up. #--------------------------------------------------------------------- if test x"$simulate" = x0 then ssh -x -l "root" "${host}" '(rm -rf "'${tmpdir}'")' else printINFO "ssh -x -l root ${host} (rm -rf ${tmpdir})" fi if test x"$?" != x0 then printFATAL "Could not remove temporary directory ${tmpdir} on host ${host}." else printLOG "Directory ${tmpdir} deleted on host ${host}." fi #--------------------------------------------------------------------- # Write/update client database #--------------------------------------------------------------------- SH_NAME="$name"; export SH_NAME SH_PREFIX=`/bin/sh ${basedir}/archpkg/${DB_arch}/install-${DB_version} --print-config prefix`; export SH_PREFIX if test x"$simulate" = x0 then updateDB D2_removed else printINFO "Updating client database." fi } samhain-3.1.0/samhainrc.solaris0000644000175000017500000003542711705341273013435 00000000000000##################################################################### # # SOLARIS Configuration file for samhain. # # Based on a contribution by Sean Boran (sean [at] boran d.o.t com) # # HISTORY: # 16.Aug.03 rw add plenty of comments # 24.Jun.02 rw remove linux stuff, clean up a bit # 06.Jun.02 sb <3>, add LOTS more Solaris stuff. Also and comment at bottom # of this file. # 03.Jun.02 sb Separate Linux & Solaris # 24.Apr.02 sb Use Samhain v.15 template and tune for Solaris. # # To do: logs /var/adm/messages and /var/cron/log are # pruned weekly. ##################################################################### # # -- empty lines and lines starting with '#', ';' or '//' are ignored # -- boolean options can be Yes/No or True/False or 1/0 # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # SETUP for file system checking: # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) Section [EventSeverity]: # To each policy, you can assign a severity (further below). # (iii) Section [Log]: # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). ##################################################################### ##################################################################### # # Files are defined with: file = /absolute/path # # Directories are defined with: dir = /absolute/path # or with an optional recursion depth (N <= 99): dir = N/absolute/path # # Directory inodes are checked. If you only want to check files # in a directory, but not the directory inode itself, use (e.g.): # # [ReadOnly] # dir = /some/directory # [IgnoreAll] # file = /some/directory # # You can use shell-style globbing patterns, like: file = /path/foo* # ###################################################################### [Misc] ## ## Add or subtract tests from the policies ## - if you want to change their definitions, ## you need to do that before using the policies ## # RedefReadOnly = (no default) # RedefAttributes=(no default) # RedefLogFiles=(no default) # RedefGrowingLogFiles=(no default) # RedefIgnoreAll=(no default) # RedefIgnoreNone=(no default) # RedefUser0=(no default) # RedefUser1=(no default) [Attributes] ## ## for these files, only changes in permissions and ownership are checked ## file=/etc/ssh/ssh_random_seed file=/etc/resolv.conf # There are files in /etc that might change, thus changing the directory # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. file=/etc file=/etc/skip/randseed file=/etc/cron.d/FIFO file=/etc/devlink.tab file=/etc/.syslog_door file=/etc/syslog.pid file=/etc/.name_service_door file=/etc/mnttab file=/etc/cron.d file=/etc/mail file=/etc/inet dir=/secure/tmp dir=/etc/sysevent dir=/usr/local/imap/spool/user dir=/usr/local/imap/proc dir=/usr/local/imap/quota dir=/usr/local/qmail/queue dir=/usr/local/qmail/alias/Mailbox dir=/usr/tmp dir=/usr/aset/tmp dir=/usr/oasys/tmp dir=/var/spool/lp/tmp dir=/var/tmp dir=/var/dt/tmp dir=/tmp dir=/etc/osa [LogFiles] ## ## for these files, changes in signature, timestamps, and size are ignored ## #file=/var/run/utmp file=/etc/motd file=/var/cron/log file=/var/adm/wtmpx file=/var/adm/wtmp file=/var/adm/utmpx file=/var/adm/lastlog [GrowingLogFiles] ## ## for these files, changes in signature, timestamps, and increase in size ## are ignored ## file=/var/adm/messages [IgnoreAll] ## ## for these files, no modifications are reported ## file=/etc/utmppipe file=/usr/dt/bin/ttsnoop file=/dev/mem dir=/etc/saf # dir=/secure/tmp dir=/usr/share/man dir=/usr/share/lib/terminfo dir=/usr/demo dir=/usr/lib/adb dir=/usr/local/man dir=/usr/local/doc dir=/usr/dt/share/man dir=/usr/openwin/lib/locale dir=/usr/openwin/share/man dir=/usr/openwin/share/src dir=/usr/openwin/lib/X11/fonts dir=/var/snort dir=/var/log/snort dir=/etc/snort/rules dir=/opt/oracle/doc dir=/usr/dt/share/examples dir=/opt/SUNWebnfs/javadoc dir=/usr/local/mysql/var dir=/jumpstart/Flash dir=/jumpstart/OS dir=/jumpstart/Patches dir=/etc/opt/SUNWicg/SunScreen/.active dir=/etc/opt/SUNWicg/SunScreen/.old [IgnoreNone] ## ## for these files, all modifications (even access time) are reported ## - you may create some interesting-looking file (like /etc/safe_passwd), ## just to watch whether someone will access it ... ## [ReadOnly] ## ## for these files, only access time is ignored ## dir=/usr/bin dir=/usr/sbin dir=/usr/lib # SuSE (old) has the boot init scripts in /sbin/init.d/*, # so we go 3 levels deep dir=3/sbin # RedHat and Debian have the bootinit scripts in /etc/init.d/* or /etc/rc.d/*, # so we go 3 levels deep there too dir=3/etc # Various directories / files that may include / be SUID/SGID binaries # dir=/usr/openwin/bin dir=/usr/dt/bin #dir=/opt/install dir=/opt/OBSDssh dir=/root # Critical devices file=/dev/dsk file=/dev/rdsk file=/dev/null file=/dev/zero [User0] [User1] ## User0 and User1 are sections for files/dirs with user-definable checking ## (see the manual) [EventSeverity] ## ## Here you can assign severities to policy violations. ## If this severity exceeds the treshold of a log facility (see below), ## a policy violation will be logged to that facility. # Severity for verification failures. # # SeverityReadOnly=crit # SeverityLogFiles=crit # SeverityGrowingLogs=crit # SeverityIgnoreNone=crit # SeverityAttributes=crit # SeverityUser0=crit # SeverityUser1=crit # We have a file in IgnoreAll that might or might not be present. # Setting the severity to 'info' prevents messages about deleted/new file. # # SeverityIgnoreAll=crit SeverityIgnoreAll=info # Files : file access problems # SeverityFiles=crit # Dirs : directory access problems # SeverityDirs=crit # Names : suspect (non-printable) characters in a pathname # SeverityNames=crit [Log] ## ## Switch on/OFF log facilities and set their threshold severity ## ## Values: debug, info, notice, warn, mark, err, crit, alert, none. ## 'mark' is used for timestamps. ## ## Use 'none' to SWITCH OFF a log facility ## ## By default, everything equal to and above the threshold is logged. ## The specifiers '*', '!', and '=' are interpreted as ## 'all', 'all but', and 'only', respectively (like syslogd(8) does, ## at least on Linux). Examples: ## MailSeverity=* ## MailSeverity=!warn ## MailSeverity==crit ## E-mail ## # MailSeverity=none ## Console ## # PrintSeverity=info ## Logfile ## # LogSeverity=mark ## Syslog ## # SyslogSeverity=none ## Remote server (yule) ## # ExportSeverity=none ## External script or program ## # ExternalSeverity = none ## Logging to a database ## # DatabaseSeverity = none ## Logging to a Prelude-IDS ## # PreludeSeverity = crit ##################################################### # # Optional modules # ##################################################### # [SuidCheck] ## ## --- Check the filesystem for SUID/SGID binaries ## ## Switch on # # SuidCheckActive = yes ## Interval for check (seconds) # # SuidCheckInterval = 7200 ## Alternative: crontab-like schedule # # SuidCheckSchedule = NULL ## Directory to exclude # # SuidCheckExclude = NULL ## Limit on files per second (0 == no limit) # # SuidCheckFps = 0 ## Alternative: yield after every file # # SuidCheckYield = no ## Severity of a detection # # SeveritySuidCheck = crit ## Quarantine SUID/SGID files if found # # SuidCheckQuarantineFiles = yes ## Method for Quarantining files: # 0 - Delete the file. # 1 - Remove SUID/SGID permissions from file. # 2 - Move SUID/SGID file to quarantine dir. # # SuidCheckQuarantineMethod = 0 ## For method 1 and 3, really delete instead of truncating # # [Utmp] ## ## --- Logging of login/logout events ## ## Switch on/off # # LoginCheckActive = True ## Severity for logins, multiple logins, logouts # # SeverityLogin=info # SeverityLoginMulti=warn # SeverityLogout=info ## Interval for login/logout checks # # LoginCheckInterval = 300 # [Database] ## ## --- Logging to a relational database ## ## Database name # # SetDBName = samhain ## Database table # # SetDBTable = log ## Database user # # SetDBUser = samhain ## Database password # # SetDBPassword = (default: none) ## Database host # # SetDBHost = localhost ## Log the server timestamp for received messages # # SetDBServerTstamp = True ## Use a persistent connection # # UsePersistent = True # [External] ## ## Interface to call external scripts/programs for logging ## ## The absolute path to the command ## - Each invocation of this directive will end the definition of the ## preceding command, and start the definition of ## an additional, new command # # OpenCommand = (no default) ## Type (log or rv) ## - log for log messages, srv for messages received by the server # # SetType = log ## The command (full command line) to execute # # SetCommandLine = (no default) ## The environment (KEY=value; repeat for more) # # SetEnviron = TZ=(your timezone) ## The TIGER192 checksum (optional) # # SetChecksum = (no default) ## User who runs the command # # SetCredentials = (default: samhain process uid) ## Words not allowed in message # # SetFilterNot = (none) ## Words required (ALL of them) # # SetFilterAnd = (none) ## Words required (at least one) # # SetFilterOr = (none) ## Deadtime between consecutive calls # # SetDeadtime = 0 ## Add default environment (HOME, PATH, SHELL) # # SetDefault = no ##################################################### # # Miscellaneous configuration options # ##################################################### [Misc] ## whether to become a daemon process ## (this is not honoured on database initialisation) # # Daemon = no Daemon = yes ## whether to test signature of files (init/check/none) ## - if 'none', then we have to decide this on the command line - # # ChecksumTest = none ChecksumTest=check ## Set nice level (-19 to 19, see 'man nice'), ## and I/O limit (kilobytes per second; 0 == off) ## to reduce load on host. # # SetNiceLevel = 0 # SetIOLimit = 0 ## The version string to embed in file signature databases # # VersionString = NULL ## Interval between time stamp messages # # SetLoopTime = 60 SetLoopTime = 600 ## Interval between file checks # # SetFileCheckTime = 600 SetFileCheckTime = 7200 ## Alternative: crontab-like schedule # # FileCheckScheduleOne = NULL ## Alternative: crontab-like schedule(2) # # FileCheckScheduleTwo = NULL ## Report only once on modified files ## Setting this to 'FALSE' will generate a report for any policy ## violation (old and new ones) each time the daemon checks the file system. # # ReportOnlyOnce = True ## Report in full detail # # ReportFullDetail = False ## Report file timestamps in local time rather than GMT # # UseLocalTime = No ## The console device (can also be a file or named pipe) ## - There are two console devices. Accordingly, you can use ## this directive a second time to set the second console device. ## If you have not defined the second device at compile time, ## and you don't want to use it, then: ## setting it to /dev/null is less effective than just leaving ## it alone (setting to /dev/null will waste time by opening ## /dev/null and writing to it) # # SetConsole = /dev/console ## Activate the SysV IPC message queue # # MessageQueueActive = False ## If false, skip reverse lookup when connecting to a host known ## by name rather than IP address (i.e. trust the DNS) # # SetReverseLookup = True ## --- E-Mail --- # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # SetMailTime = 86400 ## Maximum number of mails to queue # # SetMailNum = 10 ## Recipient (max. 8) # # SetMailAddress=root@localhost ## Mail relay (IP address) # # SetMailRelay = NULL ## Custom subject format # # MailSubject = NULL ## --- end E-Mail --- ## Path to the executable. If set, will be checksummed after startup ## and before exit. # # SamhainPath = (no default) ## The IP address of the log server # # SetLogServer = (default: compiled-in) ## The IP address of the time server # # SetTimeServer = (default: compiled-in) ## Trusted Users (comma delimited list of user names) # # TrustedUser = (no default; this adds to the compiled-in list) ## Path to the file signature database # # SetDatabasePath = (default: compiled-in) ## Path to the log file # # SetLogfilePath = (default: compiled-in) ## Path to the PID file # # SetLockfilePath = (default: compiled-in) ## The digest/checksum/hash algorithm # # DigestAlgo = TIGER192 ## Custom format for message header. ## CAREFUL if you use XML logfile format. ## ## %S severity ## %T timestamp ## %C class ## ## %F source file ## %L source line # # MessageHeader="%S %T " ## Don't log path to config/database file on startup # # HideSetup = False ## The syslog facility, if you log to syslog # # SyslogFacility = LOG_AUTHPRIV SyslogFacility=LOG_LOCAL2 ## The message authentication method ## - If you change this, you *must* change it ## on client *and* server # # MACType = HMAC-TIGER ## The Prelude-IDS profile to use for reporting ## default value is "samhain" # # PreludeProfile = samhain ## Map these samhain severities to impact severity 'info' severity # # PreludeMapToInfo = ## Map these samhain severities to impact severity 'low' severity # # PreludeMapToLow = debug info ## Map these samhain severities to impact severity 'medium' severity # # PreludeMapToMedium = notice warn err ## Map these samhain severities to impact severity 'high' severity # # PreludeMapToHigh = crit alert # everything below is ignored [EOF] ##################################################################### # This would be the proper syntax for parts that should only be # included for certain hosts. # You may enclose anything in a @HOSTNAME/@end bracket, as long as the # result still has the proper syntax for the config file. # You may have any number of @HOSTNAME/@end brackets. # HOSTNAME should be the fully qualified 'official' name # (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. # No IP number - except if samhain cannot determine the # fully qualified hostname. # # @HOSTNAME # file=/foo/bar # @end # # These are two examples for conditional inclusion/exclusion # of a machine based on the output from 'uname -srm' # $Linux:2.*.7:i666 # file=/foo/bar3 # $end # # !$Linux:2.*.7:i686 # file=/foo/bar2 # $end # ##################################################################### samhain-3.1.0/configure.ac0000644000175000017500000023705112234446026012355 00000000000000dnl We want to override the standard _AC_INIT_PARSE_ARGS dnl AU_ALIAS([_AC_INIT_PARSE_ARGS], [SH_INIT_PARSE_ARGS]) AU_ALIAS([_AC_INIT_help], [SH_INIT_HELP]) AC_INIT(src/samhain.c) AC_ARG_VAR([LIBS], [libraries to link against, e.g. -lintl]) dnl dnl start dnl AM_INIT_AUTOMAKE(samhain, 3.1.0) AC_DEFINE([SAMHAIN], 1, [Application is samhain]) AC_CANONICAL_HOST dnl dnl checks for programs dnl AC_PROG_CC if test "$host" != "$build"; then AC_CHECK_PROGS(BUILD_CC, gcc cc) else BUILD_CC=$CC fi AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_AWK SH_PROG_LD AC_PATH_PROG(cmd_hostname,hostname) AC_SUBST(cmd_hostname) AC_SUBST(BUILD_CC) if test "x$GCC" = "xyes"; then SH_GCC_VERSION fi AC_HEADER_STDC dnl dnl first one is a dummy because of an autoconf bug dnl (no HAVE_... for first one) dnl AC_CHECK_HEADERS([sys/ipc.h sys/msg.h sys/uio.h fcntl.h]) AC_MSG_CHECKING([for OS specific issues]) mydebugflag=no myneedg3=no uid_cast="signed long" selectconfig=linux mynetbsd=no sh_use_lcaps="undef" dnmalloc_ok=yes sh_use_pie=yes case "$host_os" in *linux*) sh_use_lcaps="yes" AC_DEFINE(HOST_IS_LINUX) AC_DEFINE(HAVE_EXT2_IOCTLS) AC_MSG_RESULT([use ioctl to get e2fs flags]) case "$host_cpu" in i*86*) AC_DEFINE(HOST_IS_I86LINUX) ;; x86_64) AC_DEFINE([HOST_IS_64LINUX], 1, [Define if host OS is 64bit Linux]) ;; *) ;; esac ;; *osf*) AC_DEFINE([HOST_IS_OSF], 1, [Define if host OS is OSF]) if test "x$GCC" != "xyes"; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` CFLAGS="$CFLAGS -O2 -assume noaligned_objects" myneedg3=yes AC_MSG_RESULT([compiler needs assume noaligned_objects]) else AC_MSG_RESULT([none]) fi ;; *cygwin*) AC_DEFINE(HOST_IS_CYGWIN) AC_DEFINE([USE_REGISTRY_CHECK], 1, [Define for registry check]) dnmalloc_ok=no AC_MSG_RESULT([no trusted paths and no dnmalloc]) ;; *darwin*|*apple*) AC_DEFINE(HOST_IS_DARWIN) dnmalloc_ok=no AC_MSG_RESULT([check resource forks, no dnmalloc]) ;; *freebsd8*|*freebsd9*) AC_DEFINE(HOST_IS_FREEBSD) selectconfig=freebsd case "$host_cpu" in amd64|x86_64) dnmalloc_ok=no AC_MSG_RESULT([no dnmalloc]) ;; *) AC_MSG_RESULT([none]) ;; esac ;; *freebsd7*) AC_DEFINE(HOST_IS_FREEBSD) selectconfig=freebsd case "$host_cpu" in amd64|x86_64) sh_use_pie=no dnmalloc_ok=no AC_MSG_RESULT([no dnmalloc and broken compiler toolchain]) ;; *) AC_MSG_RESULT([none]) ;; esac ;; *freebsd*) AC_DEFINE(HOST_IS_FREEBSD) selectconfig=freebsd AC_MSG_RESULT([none]) ;; *openbsd*) AC_DEFINE([HOST_IS_OPENBSD], 1, [Define if host OS is OPENBSD]) selectconfig=freebsd dnmalloc_ok=no AC_MSG_RESULT([dnmalloc does not work with pthreads]) ;; *netbsd*) mynetbsd=yes selectconfig=netbsd AC_MSG_RESULT([bug with libresolve]) ;; *solaris*) selectconfig=solaris AC_DEFINE(HOST_IS_SOLARIS) case "$host_cpu" in i*86) AC_DEFINE(HOST_IS_I86SOLARIS) AC_MSG_RESULT([vsnprintf prototype]) ;; *) AC_MSG_RESULT([none]) ;; esac if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\-xO2" 2> /dev/null`"; then CFLAGS="$CFLAGS -xO2" fi if test -z "`echo "$CFLAGS" | grep "\-Xa" 2> /dev/null`"; then CFLAGS="$CFLAGS -Xa" fi LIBS="-lc $LIBS" fi ;; *sun*) selectconfig=solaris AC_DEFINE(HOST_IS_SOLARIS) AC_MSG_RESULT([none]) ;; *aix*) AC_DEFINE(HOST_IS_AIX) selectconfig=aix5.2.0 uid_cast="unsigned long" if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\-O3" 2> /dev/null`"; then CFLAGS="$CFLAGS -O3" fi if test -z "`echo "$CFLAGS" | grep "\-qstrict" 2> /dev/null`"; then CFLAGS="$CFLAGS -qstrict" fi AC_MSG_RESULT([AIX size_t in the accept call and optimize O3 qstrict]) else AC_MSG_RESULT([AIX size_t in the accept call]) fi ;; *hpux*) AC_MSG_RESULT([HPUX need _XOPEN_SOURCE_EXTENDED for h_errno]) AC_DEFINE(HOST_IS_HPUX) if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi if test -z "`echo "$CFLAGS" | grep "\+O2" 2> /dev/null`"; then CFLAGS="$CFLAGS +O2" fi fi ;; *ultrix*) AC_MSG_RESULT([ULTRIX getcwd uses popen]) AC_DEFINE(HAVE_BROKEN_GETCWD) ;; *) AC_MSG_RESULT([none]) ;; esac AC_SUBST(selectconfig) AC_DEFINE_UNQUOTED(UID_CAST, ${uid_cast}) dnl ***************************************** dnl dnl checks for header files dnl dnl ***************************************** AC_HEADER_DIRENT AC_HEADER_MAJOR AC_HEADER_TIME dnl used in minilzo.c AC_HEADER_STAT AC_DECL_SYS_SIGLIST AC_CHECK_HEADERS(stddef.h libgen.h sched.h malloc.h sys/uio.h \ sys/mman.h sys/param.h sys/inotify.h \ sys/vfs.h mntent.h \ sys/select.h sys/socket.h netinet/in.h \ regex.h glob.h fnmatch.h \ linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ elf.h linux/elf.h auparse.h \ paths.h arpa/nameser.h arpa/nameser_compat.h \ rpc/rpcent.h rpc/rpc.h sys/statvfs.h, [], [], [#include ] ) AC_CHECK_HEADER(utmpx.h, sh_utmpx="yes", sh_utmpx="no") if test "x$sh_utmpx" = "xyes"; then AC_DEFINE(HAVE_UTMPX_H) AC_EGREP_HEADER(ut_host, utmpx.h, AC_DEFINE(HAVE_UTHOST) ) AC_EGREP_HEADER(ut_addr, utmpx.h, AC_DEFINE(HAVE_UTADDR) ) AC_EGREP_HEADER(ut_addr_v6, utmpx.h, AC_DEFINE(HAVE_UTADDR_V6) ) AC_EGREP_HEADER(ut_xtime,utmpx.h, AC_DEFINE(HAVE_UTXTIME) ) AC_EGREP_HEADER(ut_type, utmpx.h, AC_DEFINE(HAVE_UTTYPE) ) else AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UTADDR) ) AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UTHOST) ) AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UTTYPE) ) fi dnl dnl figure out where acct.h lives dnl and whether fields are int/comp_t dnl dnl GNU Accounting Utilities dnl Copyright (C) 1993, 1996, 1997, 2003, 2005 Free Software Foundation, Inc. dnl The GNU Accounting Utilities are free software; you can redistribute dnl them and/or modify them under the terms of the GNU General Public dnl License as published by the Free Software Foundation; either version dnl 2, or (at your option) any later version. dnl AC_CHECK_HEADER(sys/acct.h, AC_DEFINE(HAVE_SYS_ACCT_H, , [Define if you have the header file.]) AC_HEADER_EGREP(ac_utime, sys/acct.h, AC_DEFINE(HAVE_ACUTIME, , [Define if has the AC_UTIME field.]) AC_HEADER_EGREP(comp_t.*ac_utime, sys/acct.h, AC_DEFINE(ACUTIME_COMPT, , [Define if 's AC_UTIME field is a COMP_T.])) ) AC_HEADER_EGREP(ac_stime, sys/acct.h, AC_DEFINE(HAVE_ACSTIME, , [Define if has the AC_STIME field.]) AC_HEADER_EGREP(comp_t.*ac_stime, sys/acct.h, AC_DEFINE(ACSTIME_COMPT, , [Define if 's AC_STIME field is a COMP_T.])) ) AC_HEADER_EGREP(ac_etime, sys/acct.h, AC_DEFINE(HAVE_ACETIME, , [Define if has the AC_ETIME field.]) AC_HEADER_EGREP(comp_t.*ac_etime, sys/acct.h, AC_DEFINE(ACETIME_COMPT, , [Define if 's AC_ETIME field is a COMP_T.])) ) AC_HEADER_EGREP(ac_io, sys/acct.h, AC_DEFINE(HAVE_ACIO, , [Define if has the AC_IO field.]) AC_HEADER_EGREP(comp_t.*ac_io, sys/acct.h, AC_DEFINE(ACIO_COMPT, , [Define if 's AC_IO field is a COMP_T.])) ) AC_HEADER_EGREP(ac_mem, sys/acct.h, AC_DEFINE(HAVE_ACMEM, , [Define if has the AC_MEM field.]) AC_HEADER_EGREP(comp_t.*ac_mem, sys/acct.h, AC_DEFINE(ACMEM_COMPT, , [Define if 's AC_MEM field is a COMP_T.])) ) AC_HEADER_EGREP(ac_minflt, sys/acct.h, AC_HEADER_EGREP(ac_majflt, sys/acct.h, AC_HEADER_EGREP(ac_swaps, sys/acct.h, AC_DEFINE(HAVE_PAGING, , [Define if has the AC_MINFLT, AC_MAJFLT and AC_SWAPS fields.]) AC_HEADER_EGREP(comp_t.*ac_minflt, sys/acct.h, AC_DEFINE(ACMINFLT_COMPT, , [Define if 's AC_MINFLT field is a COMP_T.])) AC_HEADER_EGREP(comp_t.*ac_mayflt, sys/acct.h, AC_DEFINE(ACMAJFLT_COMPT, , [Define if 's AC_MAJFLT field is a COMP_T.])) AC_HEADER_EGREP(comp_t.*ac_swaps, sys/acct.h, AC_DEFINE(ACSWAPS_COMPT, , [Define if 's AC_SWAPS field is a COMP_T.])) ) ) ) AC_HEADER_EGREP(comp_t, sys/acct.h, AC_DEFINE(HAVE_COMP_T, , [Define if uses the COMP_T type.])) AC_HEADER_EGREP([struct acct_v3], sys/acct.h, AC_DEFINE(HAVE_ACCT_V3, , [Define if has struct acct_v3.])) AC_HEADER_EGREP([struct acctv2], sys/acct.h, AC_DEFINE(HAVE_ACCTV2, , [Define if has struct acctv2.])) ) dnl need to check because AIX 4.2 does not have it dnl AC_CHECK_MEMBERS([struct statfs.f_flags],[],[],[ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #ifdef HAVE_SYS_VFS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif ]) AC_SYS_LARGEFILE dnl dnl check whether _POSIX_SOURCE is required dnl SAMHAIN_POSIX dnl ***************************************** dnl dnl Checks for library functions. dnl dnl ***************************************** AC_FUNC_STRFTIME AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent \ gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ seteuid setreuid setresuid lstat getwd getcwd ptrace \ usleep setpriority getpeereid nanosleep \ strptime basename sched_yield hasmntopt \ inet_aton gethostbyname setutent setrlimit gethostname uname \ getaddrinfo getnameinfo \ initgroups getpagesize \ ttyname fchmod writev mmap tzset \ getsid getpriority getpgid statvfs \ strerror_r getgrgid_r getpwnam_r getpwuid_r \ gmtime_r localtime_r rand_r readdir_r strtok_r \ mincore posix_fadvise inotify_init1 ) AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") SL_CHECK_VA_COPY AC_CHECK_FUNCS(vsnprintf, [SL_CHECK_VSNPRINTF]) AC_CHECK_MLOCK SH_STRFTIME_Z AC_MSG_CHECKING(how to get filesystem type) fstype=no # The order of these tests is important. AC_TRY_CPP([#include #include ], AC_DEFINE(FSTYPE_STATVFS) fstype=SVR4) if test $fstype = no; then AC_TRY_CPP([#include #include ], AC_DEFINE(FSTYPE_USG_STATFS) fstype=SVR3) fi if test $fstype = no; then AC_TRY_CPP([#include #include ], AC_DEFINE(FSTYPE_AIX_STATFS) fstype=AIX) fi if test $fstype = no; then AC_TRY_CPP([#include ], AC_DEFINE(FSTYPE_MNTENT) fstype=4.3BSD) fi if test $fstype = no; then AC_EGREP_HEADER(f_type;, sys/mount.h, AC_DEFINE(FSTYPE_STATFS) fstype=4.4BSD/OSF) fi if test $fstype = no; then AC_TRY_CPP([#include #include ], AC_DEFINE(FSTYPE_GETMNT) fstype=Ultrix) fi AC_MSG_RESULT($fstype) sh_libsocket= dnl Solaris needs -lsocket and -lnsl. Unisys system includes dnl gethostbyname in libsocket but needs libnsl for socket. AC_CHECK_LIB(nsl, gethostbyname) AC_CHECK_LIB(socket, socket, ac_need_libsocket=1, ac_try_nsl=1) if test x$ac_need_libsocket = x1; then LIBS="$LIBS -lsocket" sh_libsocket="-lsocket" fi if test x$ac_try_nsl = x1; then AC_CHECK_LIB(nsl, gethostbyname, ac_need_libnsl=1) if test x$ac_need_libnsl = x1 then LIBS="$LIBS -lnsl" fi fi AC_SUBST(sh_libsocket) AC_CHECK_LIB(socket, res_search, [ AC_CHECK_LIB(resolv, dn_skipname) AC_CHECK_LIB(resolv, __dn_skipname) if test x$ac_need_libsocket = x1; then : else LIBS="$LIBS -lsocket" fi ], [ AC_CHECK_LIB(resolv, res_search, [ LIBS="$LIBS -lresolv" ], [ AC_CHECK_LIB(resolv, dn_skipname) AC_CHECK_LIB(resolv, __dn_skipname) ]) ]) sh_auparse=no if test "x$ac_cv_header_auparse_h" = "xyes" then AC_CHECK_LIB(auparse, auparse_find_field, [ LIBS="$LIBS -lauparse" sh_auparse=yes AC_DEFINE(HAVE_AUPARSE_LIB, 1, [Define if you have the auparse lib]) ]) fi dnl arguments for accept dnl check for Unix98 socklen_t (found on dnl xemacs-patches mailing list, written dnl by Martin Buchholz) dnl dnl On Darwin(MacOSX) socklen_t needs to be dnl an int (see accept man page), on all other dnl unix systems we need a size_t. AC_MSG_CHECKING(for socklen_t) AC_TRY_COMPILE([ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif socklen_t x; ], [],[ AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[socklen_t], [type of arg3 of accept]) AC_DEFINE([HAVE_SOCKLEN_T], 1, [Define if you have socklen_t]) ],[ AC_TRY_COMPILE([ #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif int accept (int, struct sockaddr *, size_t *); ],[],[ AC_MSG_RESULT(size_t) AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[size_t], [type of arg3 of accept]) ], [ AC_MSG_RESULT(int) AC_DEFINE_UNQUOTED([ACCEPT_TYPE_ARG3],[int], [type of arg3 of accept]) ] ) ]) dnl ***************************************** dnl checks for extended attribute or ACL dnl support dnl ***************************************** sh_CHECK_XATTR sh_CHECK_POSIX_ACL dnl ***************************************** dnl checks for typedefs dnl ***************************************** AC_C_LONG_DOUBLE SH_CHECK_TYPEDEF(long long, HAVE_LONG_LONG) SH_CHECK_TYPEDEF(uint16_t, HAVE_UINT16_T) SH_CHECK_TYPEDEF(uint64_t, HAVE_UINT64_T) if test "$sh_HAVE_LONG_LONG" = "yes"; then AC_CHECK_SIZEOF(unsigned long long, 4) sh_sizeof_unsigned_long_long=`echo "$ac_cv_sizeof_unsigned_long_long" | sed 's%[^0-9]%%g'` if test "$sh_sizeof_unsigned_long_long" = "8"; then AC_DEFINE(HAVE_LONG_LONG_64, 1, [Define if you have 64bit long long]) fi fi AC_CHECK_TYPE(ptrdiff_t, long) AC_TYPE_SIZE_T AC_CHECK_SIZEOF(char *, 4) AC_CHECK_SIZEOF(size_t, 4) AC_CHECK_SIZEOF(unsigned long, 4) AC_CHECK_SIZEOF(unsigned int, 4) AC_CHECK_SIZEOF(unsigned short, 2) sh_sizeof_unsigned_long=`echo "$ac_cv_sizeof_unsigned_long" | sed 's%[^0-9]%%g'` if test "$sh_sizeof_unsigned_long" = "4"; then AC_DEFINE(HAVE_LONG_32) fi if test "$sh_sizeof_unsigned_long" = "8"; then AC_DEFINE(HAVE_LONG_64) fi sh_sizeof_unsigned_int=`echo "$ac_cv_sizeof_unsigned_int" | sed 's%[^0-9]%%g'` if test "$sh_sizeof_unsigned_int" = "4"; then AC_DEFINE(HAVE_INT_32) fi sh_sizeof_unsigned_short=`echo "$ac_cv_sizeof_unsigned_short" | sed 's%[^0-9]%%g'` if test "$sh_sizeof_unsigned_short" = "4"; then AC_DEFINE(HAVE_SHORT_32) fi dnl dnl check for 64 bit programming environment dnl SAMHAIN_64 dnl ***************************************** dnl checks for structures dnl ***************************************** AC_STRUCT_TM dnl dnl from e2fsprogs dnl AC_MSG_CHECKING(whether struct stat has a st_flags field) AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags, AC_TRY_COMPILE([#include ], [struct stat stat; stat.st_flags = 0;], [e2fsprogs_cv_struct_st_flags=yes], [e2fsprogs_cv_struct_st_flags=no])) AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags) if test "$e2fsprogs_cv_struct_st_flags" = yes; then AC_MSG_CHECKING(whether st_flags field is useful) AC_CACHE_VAL(e2fsprogs_cv_struct_st_flags_immut, AC_TRY_COMPILE([#include ], [struct stat stat; stat.st_flags |= UF_IMMUTABLE;], [e2fsprogs_cv_struct_st_flags_immut=yes], [e2fsprogs_cv_struct_st_flags_immut=no])) AC_MSG_RESULT($e2fsprogs_cv_struct_st_flags_immut) if test "$e2fsprogs_cv_struct_st_flags_immut" = yes; then AC_DEFINE(HAVE_STAT_FLAGS) fi fi dnl dnl from dbus dnl AC_MSG_CHECKING(for struct cmsgcred) AC_TRY_COMPILE([ #include #include ],[ struct cmsgcred cred; cred.cmcred_pid = 0; ],sh_have_struct_cmsgcred=yes,sh_have_struct_cmsgcred=no) AC_MSG_RESULT($sh_have_struct_cmsgcred) if test x$sh_have_struct_cmsgcred = xyes; then AC_DEFINE(HAVE_STRUCT_CMSGCRED,1,[Have cmsgcred structure]) fi AC_MSG_CHECKING(for struct fcred) AC_TRY_COMPILE([ #include #include #include ],[ struct fcred sockcred; ],sh_have_struct_fcred=yes,sh_have_struct_fcred=no) AC_MSG_RESULT($sh_have_struct_fcred) if test x$sh_have_struct_fcred = xyes; then AC_DEFINE(HAVE_STRUCT_FCRED,1,[Have fcred structure]) fi AC_MSG_CHECKING(for struct sockcred) AC_TRY_COMPILE([ #include #include #include ],[ struct sockcred sockcred; ],sh_have_struct_sockcred=yes,sh_have_struct_sockcred=no) AC_MSG_RESULT($sh_have_struct_sockcred) if test x$sh_have_struct_sockcred = xyes; then AC_DEFINE(HAVE_STRUCT_SOCKCRED,1,[Have sockcred structure]) fi AC_MSG_CHECKING(for SO_PEERCRED) AC_TRY_COMPILE([ #include #include ],[ int test = SO_PEERCRED; ],sh_have_SO_PEERCRED=yes,sh_have_SO_PEERCRED=no) AC_MSG_RESULT($sh_have_SO_PEERCRED) if test x$sh_have_SO_PEERCRED = xyes; then AC_DEFINE(HAVE_SO_PEERCRED,1,[Have SO_PEERCRED define]) fi dnl ***************************************** dnl checks for compiler characteristics dnl ***************************************** AC_C_INLINE AC_C_CONST AC_C_BIGENDIAN AC_C_RESTRICT AM_SA_SIGACTION_WORKS AC_ARG_ENABLE(ssp, [ --disable-ssp disable the GCC stack protector], [], [enable_ssp=yes;] ) if test "x$GCC" = "xyes"; then if test x"${enable_ssp}" = xno; then : else GCC_STACK_PROTECT_LIB GCC_STACK_PROTECT_CC dnl GCC_STACK_CHECK_CC GCC_PIE_CC fi fi dnl ***************************************** dnl dnl checks for system services dnl dnl ***************************************** dnl dnl check for /proc filesystem dnl if test -d "/proc/$$" then AC_DEFINE([HAVE_PROCFS],[1],[Define if you have a proc fs]) fi dnl dnl check for GNU gmp dnl AC_CHECK_LIB(gmp, __gmpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) if test "x${sh_have_gmp}" = xno then AC_CHECK_LIB(gmp, mpz_init, [sh_have_gmp=yes], [sh_have_gmp=no]) fi if test "x${sh_have_gmp}" = xyes then # LIBS="-lgmp $LIBS" AC_DEFINE(HAVE_LIBGMP, 1, [Have GNU gmp library]) fi AC_CHECK_HEADERS(gmp.h) AC_MSG_CHECKING([for ps]) PS= for ff in /usr/ucb /bin /usr/bin; do if test -x "$ff/ps"; then PS="$ff/ps" AC_MSG_RESULT([$PS]) break fi done if test x$PS = x then AC_MSG_RESULT([no]) AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) fi AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) AC_MSG_CHECKING([how to use ps]) $PS ax >/dev/null 2>&1 if test $? -eq 0; then case "$host_os" in *openbsd*) one=`$PS akx | wc -l` ;; *) one=`$PS ax | wc -l` ;; esac else one=0 fi $PS -e >/dev/null 2>&1 if test $? -eq 0; then two=`$PS -e | wc -l` else two=0 fi if test $one -ge $two then case "$host_os" in *openbsd*) PSARG="akx" ;; *) PSARG="ax" ;; esac else PSARG="-e" fi AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) AC_MSG_RESULT([$PS $PSARG]) dnl ***************************************** dnl dnl enable features dnl dnl ***************************************** AC_ARG_ENABLE(db-reload, [ --enable-db-reload enable database reload on SIGHUP [[no]]], [ if test "x${enable_db_reload}" = xyes; then AC_DEFINE(RELOAD_DATABASE) fi ] ) AC_ARG_ENABLE(xml-log, [ --enable-xml-log enable XML logfile format [[no]]], [ if test "x${enable_xml_log}" = xyes; then AC_DEFINE(SH_USE_XML) fi ] ) AC_ARG_ENABLE(mail, [ --disable-mail disable the internal SMTP mailer], [ if test "x${enable_mail}" = xno; then : else AC_DEFINE(SH_WITH_MAIL) fi ], [AC_DEFINE(SH_WITH_MAIL)] ) AC_ARG_ENABLE(suid, [ --enable-suid allow suid], [ if test "x${enable_suid}" = xyes; then AC_DEFINE(SH_ALLOW_SUID, [1], [Define if you want to allow suid execution for samhain]) fi ] ) AC_ARG_ENABLE(shellexpand, [ --disable-shellexpand disable shell expansion in config file], [ if test "x${enable_shellexpand}" = xno; then : else AC_DEFINE(SH_EVAL_SHELL, [1], [Define if you want shell expansion in configuration file]) fi ], [AC_DEFINE(SH_EVAL_SHELL, [1], [Define if you want shell expansion in configuration file])] ) AC_ARG_ENABLE(external-scripts, [ --disable-external-scripts disable interface to external scripts], [ if test "x${enableval}" = xno; then : else AC_DEFINE(WITH_EXTERNAL) fi ], [AC_DEFINE(WITH_EXTERNAL)] ) AC_ARG_ENABLE(message-queue, [ --enable-message-queue[[=MODE]] enable SysV message queue [[MODE=0700]]], [ if test "x${ac_cv_header_sys_msg_h}" = "xyes"; then if test "x${enable_message_queue}" = xyes; then AC_DEFINE(WITH_MESSAGE_QUEUE) AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, 0700) elif test "x${enable_message_queue}" != xno; then echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be numeric]) echo "${enableval}" | \ grep ['0[0123456789][0123456789][0123456789]'] >/dev/null 2>&1 || AC_MSG_ERROR([With --enable-message-queue=MODE, MODE must be an octal (0nnn) number]) AC_DEFINE(WITH_MESSAGE_QUEUE) AC_DEFINE_UNQUOTED(MESSAGE_QUEUE_MODE, ${enable_message_queue}) fi else echo echo "**********************************************" echo AC_MSG_WARN([sys/msg.h missing, --enable-message-queue disabled]) echo echo "**********************************************" echo fi ] ) AC_ARG_WITH(cflags, [ --with-cflags additional flags to pass to compiler], [ if test "x$withval" != "xno" ; then CFLAGS="$CFLAGS $withval" fi ] ) AC_ARG_WITH(libs, [ --with-libs additional libraries to link with], [ if test "x$withval" != "xno" ; then LIBS="$LIBS $withval" fi ] ) # # this is from ssh # AC_MSG_CHECKING(whether to use libwrap) LIBWRAP_LIB="" LIBWRAP_INC="" AC_ARG_WITH(libwrap, [ --with-libwrap[=PATH] Compile in libwrap (TCP Wrappers) support], [ AC_MSG_RESULT($withval) case "$withval" in no) ;; ""|yes) LIBWRAP_LIB="-lwrap" ;; *) if test -d "$withval"; then LIBWRAP_LIB="-L$withval -lwrap" changequote(<<, >>)dnl sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` LIBWRAP_INC="-I${sh_libwrap_inc}/include" changequote([, ])dnl else LIBWRAP_LIB="-lwrap" changequote(<<, >>)dnl sh_libwrap_inc=`echo ${withval} | sed 's%/[^/][^/]*$%%'` LIBWRAP_INC="-I${sh_libwrap_inc}" changequote([, ])dnl fi ;; esac if test -n "$LIBWRAP_LIB"; then # OLDLIBS="$LIBS" LIBS="$LIBWRAP_LIB $LIBS" # OLDCFLAGS="$CFLAGS" CFLAGS="$CFLAGS $LIBWRAP_INC" AC_CHECK_HEADER(tcpd.h, [], [ AC_MSG_ERROR([Could not find tcpd.h for libwrap. You need to install tcp_wrappers.]) ]) AC_TRY_LINK([ #include int allow_severity; int deny_severity; ], [ hosts_access((struct request_info *) 0); ], [ AC_DEFINE(SH_USE_LIBWRAP,1,[Build with tcp wrapper support]) ], [ AC_MSG_ERROR([Could not find the libwrap library.]) ]) fi ], AC_MSG_RESULT(no) ) dnl dnl NETWORK OPTIONS dnl AC_ARG_ENABLE(network, [ --enable-network=[[client|server]] compile client or server [[no]]], [ if test "x$enable_network" = xclient; then mytclient="-DSH_WITH_CLIENT" yulectl_prg= setpwd_prg="samhain_setpwd" sh_main_prg="samhain" if test "x${sh_have_gmp}" = xyes then LIBS="-lgmp $LIBS" fi dnl AC_CHECK_HEADER(sys/capability.h, dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], dnl [sh_use_lcaps="no"]) elif test "x$enable_network" = xserver; then mytclient="-DSH_WITH_SERVER" yulectl_prg="yulectl" setpwd_prg="samhain_setpwd" sh_main_prg="yule" if test "x${sh_have_gmp}" = xyes then LIBS="-lgmp $LIBS" fi sh_use_lcaps="undef" elif test "x$enable_network" = xno; then mytclient="-DSH_STANDALONE" yulectl_prg= setpwd_prg= sh_main_prg="samhain" dnl AC_CHECK_HEADER(sys/capability.h, dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], dnl [sh_use_lcaps="no"]) else AC_MSG_ERROR([With --enable-network=WHAT, WHAT must be client, server, or no]) fi ], [ mytclient="-DSH_STANDALONE" setpwd_prg= yulectl_prg= sh_main_prg="samhain" dnl AC_CHECK_HEADER(sys/capability.h, dnl [AC_CHECK_LIB(cap, cap_get_proc,,sh_use_lcaps="no")], dnl [sh_use_lcaps="no"]) ], ) AC_SUBST(setpwd_prg) AC_SUBST(yulectl_prg) AC_SUBST(sh_main_prg) AC_SUBST(mytclient) # needed for the rpm spec clmytclient=`echo ${mytclient} | sed s%\-%%` AC_SUBST(clmytclient) sh_no_gcc_static=no AC_ARG_ENABLE(static, [ --enable-static enable static linking [[no]]], [ if test x$enable_static = xyes; then if test x"$mynetbsd" = xyes then tmp_LIBS=`echo $LIBS | sed 's%\-lresolv%%' ` LIBS="${tmp_LIBS}" fi if test x"${sh_auparse}" = xyes then tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` LIBS="${tmp_LIBS}" fi AC_DEFINE(SH_COMPILE_STATIC, 1, [Define if compiling static]) if test "x$GCC" = "xyes"; then sh_no_gcc_static=no LDFLAGS="$LDFLAGS -static" else sh_no_gcc_static=yes case "$host_os" in *aix*) LDFLAGS="$LDFLAGS -bnso -bI:/lib/syscalls.exp" ;; *hpux*) LDFLAGS="$LDFLAGS -Wl,-a,archive" ;; *osf*) LDFLAGS="$LDFLAGS -non_shared" ;; *irix*) LDFLAGS="$LDFLAGS -non_shared" ;; *sco*) LDFLAGS="$LDFLAGS -dn" ;; *sun*) LDFLAGS="$LDFLAGS -Bstatic" ;; *solaris*) LDFLAGS="$LDFLAGS -Bstatic" ;; *) echo "***********************************************" echo "*" echo "* Don't know how to enable static linking" echo "* with your compiler. Please set the environment" echo "* variable LDFLAGS to:" echo "* ${LDFLAGS} + the static linking flag" echo "* and run configure again" echo "*" echo "***********************************************" ;; esac fi fi ] ) if test x"${mytclient}" = x-DSH_STANDALONE -o x"${mytclient}" = x-DSH_WITH_CLIENT; then dnl For threaded modules ACX_PTHREAD CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" LDFLAGS="$PTHREAD_CFLAGS $LDFLAGS" CC="$PTHREAD_CC" dnl For MODI_TXT CHECK_ZLIB() fi if test x$enable_static = xyes; then : else if test x$sh_use_pie = xyes; then LDFLAGS="$LDFLAGS $PIE_LDFLAGS" CFLAGS="$CFLAGS $PIE_CFLAGS" fi fi AC_CHECK_FUNC(pmap_getmaps, AC_DEFINE([HAVE_PMAP_GETMAPS], [], [Define if pmap_getmaps available]), [],[]) # # this is from the snort configure.in # AC_DEFUN(FAIL_MESSAGE,[ echo echo echo "**********************************************" echo " ERROR: unable to find" $1 echo " checked in the following places" for i in `echo $2`; do echo " $i" done echo "**********************************************" echo exit ]) AC_ARG_WITH(libprelude-prefix, [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], libprelude_config_prefix="$withval", libprelude_config_prefix="") AC_MSG_CHECKING(whether to use prelude) AC_ARG_WITH(prelude, [ --with-prelude Prelude IDS support [[no]]], [ if test "x${withval}" = "xno"; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) if test x$libprelude_config_prefix != x ; then if test x${LIBPRELUDE_CONFIG+set} != xset ; then LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config fi fi AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) if test x"$LIBPRELUDE_CONFIG" = "xno" ; then HAVE_PRELUDE_CONFIG=no else HAVE_PRELUDE_CONFIG=yes fi dnl AC_CHECK_PROG(HAVE_PRELUDE_CONFIG, libprelude-config, yes, no) if test "$HAVE_PRELUDE_CONFIG" = "yes"; then sh_libprelude_version=`$LIBPRELUDE_CONFIG --version` case "$sh_libprelude_version" in 0.8*) AC_MSG_ERROR([You have Libprelude 0.8, which is too old. Version 0.9.6 or higher is required.]) ;; *) AM_PATH_LIBPRELUDE([0.9.6], [ AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) CFLAGS="$CFLAGS $LIBPRELUDE_PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" ], [ AC_MSG_ERROR([Could not find libprelude (if you are using --enable-static, the static library libprelude.a might be missing).]) ]) ;; esac else AC_MSG_ERROR([Could not find libprelude-config.]) fi fi ], [ AC_MSG_RESULT(no) ] ) # # partly based on the snort configure.in # AC_ARG_WITH(database, [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], [ if test x"$enable_xml_log" != xyes; then AC_MSG_ERROR([With --with-database, --enable-xml-log is required as well.]) fi if test "x${withval}" = "xmysql"; then if test "x$zlib_found" = "x" then CHECK_ZLIB() fi AC_CHECK_PROG(HAVE_MYSQL_CONFIG, mysql_config, yes, no) if test "$HAVE_MYSQL_CONFIG" = "yes"; then sh_mysql_libs="`mysql_config --libs`" sh_mysql_libs="`eval echo ${sh_mysql_libs}`" LIBS="$LIBS ${sh_mysql_libs}" sh_mysql_cflags="`mysql_config --cflags`" sh_mysql_cflags="`eval echo ${sh_mysql_cflags}`" CPPFLAGS="$CPPFLAGS ${sh_mysql_cflags}" else AC_MSG_CHECKING([for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME]) mysql_directory="/usr /usr/local /usr/local/mysql ${MYSQL_HOME}" for i in $mysql_directory; do if test -r $i/include/mysql/mysql.h; then MYSQL_DIR=$i MYSQL_INC_DIR=$i/include # we use AC_CHECK_HEADERS to check for mysql/mysql.h fi done if test -z "$MYSQL_DIR"; then for i in $mysql_directory; do if test -r $i/include/mysql.h; then MYSQL_DIR=$i MYSQL_INC_DIR=$i/include fi done fi if test -z "$MYSQL_DIR"; then tmp="" for i in $mysql_directory; do tmp="$tmp $i/include $i/include/mysql" done FAIL_MESSAGE("mysql headers (mysql.h)", $tmp) fi for i in lib lib/mysql; do str="$MYSQL_DIR/$i/libmysqlclient.*" for j in `echo $str`; do if test -r $j; then MYSQL_LIB_DIR="$MYSQL_DIR/$i" break 2 fi done done if test -z "$MYSQL_LIB_DIR"; then for ff in $mysql_directory; do for i in lib lib/mysql; do str="$ff/$i/libmysqlclient.*" for j in `echo $str`; do if test -r $j; then MYSQL_LIB_DIR="$ff/$i" break 3 fi done done done fi if test -z "$MYSQL_LIB_DIR"; then tmp="" for i in $mysql_directory; do tmp="$i/lib $i/lib/mysql" done FAIL_MESSAGE("mysql library libmysqlclient", $tmp) fi AC_MSG_RESULT(yes) LIBS="$LIBS -L${MYSQL_LIB_DIR} -lmysqlclient" # CFLAGS="$CFLAGS -I${MYSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${MYSQL_INC_DIR}" fi AC_DEFINE(WITH_MYSQL) AC_DEFINE(WITH_DATABASE) if test "x$zlib_found" = "xyes" then LIBS="$LIBS -lz -lm" else echo echo " Mysql library was not found or not useable." echo " Possible reasons include:" echo " - an old, incompatible version compiled from source" echo " - on Solaris, libmysql is compiled with the Solaris" echo " compiler, thus the mysql_config script provides" echo " compiler options unsuitable for gcc (move" echo " mysql_config out of your PATH)" echo " For other problems, check config.log for the error" echo " message from the compiler." echo echo " If your mysql libraries are installed in an" echo " unusual place, use --with-libs=-L/path/to/libdirectory" echo " where libdirectory is the directory holding libmysql." if test x"$enable_static" = xyes; then echo " Note that for compiling a static binary, you need" echo " the static libraries, rather than the shared ones." fi echo AC_MSG_ERROR([Could not find libmysql, or it is not useable.]) fi AC_CHECK_HEADERS(mysql/mysql.h) elif test "x${withval}" = "xpostgresql"; then AC_DEFINE(WITH_POSTGRES) AC_DEFINE(WITH_DATABASE) # PGCONF="no" MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin" OLD_IFS="$IFS" IFS=":" for ff in ${MY_PATH} do if test -f "$ff/pg_config" then PGCONF="$ff/pg_config" fi done IFS="${OLD_IFS}" # # if test "x${PGCONF}" = "xno" then AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME) pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" for i in $pgsql_directory; do if test -r $i/include/pgsql/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h fi done if test -z "$PGSQL_DIR"; then for i in $pgsql_directory; do if test -r $i/include/postgresql/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i fi done fi if test -z "$PGSQL_DIR"; then for i in $pgsql_directory; do if test -r $i/include/libpq-fe.h; then PGSQL_INC_DIR=$i/include PGSQL_DIR=$i fi done fi if test -z "$PGSQL_DIR"; then tmp="" for i in $pgsql_directory; do tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql" done FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp) fi for i in lib lib/pgsql lib/postgresql; do str="$PGSQL_DIR/$i/libpq.*" for j in `echo $str`; do if test -r $j; then PGSQL_LIB_DIR="$PGSQL_DIR/$i" break 2 fi done done if test -z "$PGSQL_LIB_DIR"; then for ff in $pgsql_directory; do for i in lib lib/pgsql lib/postgresql; do str="$ff/$i/libpq.*" for j in `echo $str`; do if test -r $j; then PGSQL_LIB_DIR="$ff/$i" break 3 fi done done done fi if test -z "$PGSQL_LIB_DIR"; then tmp="" for i in $pgsql_directory; do tmp="$i/lib $i/lib/pgsql $i/lib/postgresql" done FAIL_MESSAGE("postgresql library libpq", $tmp) fi AC_MSG_RESULT(yes) LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" if test x"$enable_static" = xyes; then LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" else LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" fi # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" AC_CHECK_HEADERS(pgsql/libpq-fe.h) AC_CHECK_HEADERS(postgresql/libpq-fe.h) else pg_lib_dir=`${PGCONF} --libdir` if test x"$enable_static" = xyes; then LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm" else LIBS="$LIBS -L${pg_lib_dir} -lpq -lm" fi pg_inc_dir=`${PGCONF} --includedir` # CFLAGS="$CFLAGS -I${pg_inc_dir}" CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" fi elif test "x${withval}" = "xodbc"; then AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) odbc_directory="/usr /usr/local" for i in $odbc_directory; do if test -r $i/include/sql.h; then if test -r $i/include/sqlext.h; then if test -r $i/include/sqltypes.h; then ODBC_DIR=$i ODBC_INC_DIR=$i/include fi fi fi done if test -z "$ODBC_DIR"; then tmp="" for i in $odbc_directory; do tmp="$tmp $i/include" done FAIL_MESSAGE("odbc headers (sql.h sqlext.h sqltypes.h)", $tmp) fi str="$ODBC_DIR/lib/libodbc.*" for j in `echo $str`; do if test -r $j; then ODBC_LIB_DIR="$ODBC_DIR/lib" ODBC_LIB="odbc" fi done if test -z "$ODBC_LIB_DIR"; then FAIL_MESSAGE("odbc library (libodbc)", "$ODBC_DIR/lib") fi AC_MSG_RESULT(yes) CPPFLAGS="${CPPFLAGS} -I${ODBC_INC_DIR}" LIBS="${LIBS} -L${ODBC_LIB_DIR} -l$ODBC_LIB" AC_DEFINE(WITH_ODBC) AC_DEFINE(WITH_DATABASE) elif test "x${withval}" = "xoracle"; then AC_MSG_CHECKING(for oracle in ORACLE_HOME /usr/local /usr) oracle_directory="/usr /usr/local ${ORACLE_HOME}" for i in $oracle_directory; do ff=`find $i -name oci.h 2>/dev/null | tail -1` if test "x$ff" = "x"; then : else ORACLE_INC=`dirname $ff` fi fg=`find $i -name libclntsh.so 2>/dev/null | tail -1` if test "x$fg" = "x"; then : else ORACLE_LIB=`dirname $fg` fi done if test -z "$ORACLE_INC"; then tmp="" for i in $oracle_directory; do tmp="$tmp $i" done FAIL_MESSAGE("OCI header file (oci.h) please define ORACLE_INC directory where oci.h resides", $tmp) elif test -z "$ORACLE_LIB"; then tmp="" for i in $oracle_directory; do tmp="$tmp $i" done FAIL_MESSAGE("OCI library file (libclntsh.so) please define ORACLE_LIB directory where libclntsh.so resides", $tmp) else ORACLE_CPP_FLAGS="-I$ORACLE_INC" ORACLE_LIB_DIR="$ORACLE_LIB" AC_MSG_RESULT([$ORACLE_INC $ORACLE_LIB]) CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}" ORACLE_LIBS="-lclntsh" if test -r $ORACLE_LIB_DIR/libnnz11.so; then ORACLE_LIBS="${ORACLE_LIBS} -lnnz11" fi if test -r $ORACLE_LIB_DIR/libwtc9.so; then ORACLE_LIBS="${ORACLE_LIBS} -lwtc9" elif test -r $ORACLE_LIB_DIR/libwtc8.so; then ORACLE_LIBS="${ORACLE_LIBS} -lwtc8" fi LIBS="${LIBS} -L${ORACLE_LIB_DIR} ${ORACLE_LIBS}" if test "x$GCC" != "xyes"; then CFLAGS="${CFLAGS} -fno-strict-aliasing" fi fi AC_DEFINE(WITH_ORACLE) AC_DEFINE(WITH_DATABASE) else AC_MSG_ERROR([Option --with-database=database used with unsupported database ${withval}]) fi ] ) AC_ARG_WITH(console, [ --with-console=PATH set path to console device [[/dev/console]]], [ if test "x${withval}" != xno; then mycons="$withval" AC_DEFINE_UNQUOTED(DEFAULT_CONSOLE, _("${mycons}") ) fi ]) AC_ARG_WITH(altconsole, [ --with-altconsole=PATH set path to second console device [[none]]], [ if test "x${withval}" != xno; then myaltcons="$withval" else myaltcons="NULL" fi ], [myaltcons="NULL"]) AC_DEFINE_UNQUOTED(ALT_CONSOLE, _("${myaltcons}") ) AC_ARG_WITH(timeserver, [ --with-timeserver=HOST set host address for time server [[none]]], [ if test "x${withval}" != xno; then mytimeserv="$withval" AC_DEFINE(HAVE_NTIME) else mytimeserv="NULL" fi ], mytimeserv="NULL") AC_DEFINE_UNQUOTED(DEFAULT_TIMESERVER, _("${mytimeserv}") ) AC_ARG_WITH(alttimeserver, [ --with-alttimeserver=HOST set address for backup time server [[none]]], [ if test "x${withval}" != xno; then myalttimeserv="$withval" AC_DEFINE(HAVE_NTIME) else myalttimeserv="NULL" fi ], myalttimeserv="NULL") AC_DEFINE_UNQUOTED(ALT_TIMESERVER, _("${myalttimeserv}") ) AC_ARG_ENABLE(login-watch, [ --enable-login-watch watch for login/logout [[no]]], [ if test "x${enable_login_watch}" = xyes; then AC_DEFINE(SH_USE_UTMP) fi ] ) AC_ARG_ENABLE(mounts-check, [ --enable-mounts-check check mount options on filesystems [[no]]], [ if test "x${enable_mounts_check}" = xyes; then AC_DEFINE(SH_USE_MOUNTS) fi ] ) AC_ARG_ENABLE(logfile-monitor, [ --enable-logfile-monitor monitor logfiles [[no]]], [ if test "x${enable_logfile_monitor}" = xyes; then AC_CHECK_HEADER(pcre.h, [ AC_DEFINE(USE_LOGFILE_MONITOR, 1, [Define if you want the logfile monitor module.]) LIBS="-lpcre $LIBS" ], [ AC_CHECK_HEADER(pcre/pcre.h, [ AC_DEFINE(USE_LOGFILE_MONITOR, 1, [Define if you want the logfile monitor module.]) AC_DEFINE(HAVE_PCRE_PCRE_H, 1, [Define if you have pcre/pcre.h.]) LIBS="-lpcre $LIBS" ], AC_MSG_ERROR([The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed.]) ) ] ) AC_CHECK_LIB(pcre, pcre_dfa_exec, [ AC_DEFINE([HAVE_PCRE_DFA_EXEC], 1, [Define if you have pcre_dfa_exec]) ], [ AC_MSG_WARN([pcre_dfa_exec not available]) ]) fi ] ) AC_ARG_ENABLE(process-check, [ --enable-process-check check processes [[no]]], [ if test "x${enable_process_check}" = xyes; then AC_CHECK_LIB([rt], [sched_getparam], sh_lrt=yes, sh_lrt=no) if test x"$sh_lrt" = xyes; then LIBRT=-lrt else LIBRT= fi LIBS="$LIBS $LIBRT" AC_DEFINE(SH_USE_PROCESSCHECK, [1], [Define if you want to check processes]) fi ] ) AC_ARG_ENABLE(port-check, [ --enable-port-check check ports [[no]]], [ if test "x${enable_port_check}" = xyes; then AC_DEFINE(SH_USE_PORTCHECK, [1], [Define if you want to check ports]) fi ] ) AC_ARG_ENABLE(userfiles, [ --enable-userfiles check for users' config files [[no]]], [ if test "x${enableval}" = "xyes"; then AC_DEFINE(SH_USE_USERFILES) fi ] ) AC_ARG_ENABLE(debug, [ --enable-debug enable debug options [[no]]], [ if test "x${enable_debug}" = "xyes"; then if test "x${mydebugflag}" != "xyes"; then AC_DEFINE(MEM_DEBUG) fi AC_DEFINE(WITH_TPT) AC_DEFINE(SL_DEBUG) AC_DEFINE(DNMALLOC_CHECKS, 1, [Debug dnmalloc]) AC_DEFINE(PARANOIA, 0, [Paranoia level for dnmalloc]) AC_DEFINE(SL_FAIL_ON_ERROR) if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" else mydebugdef="-g" fi mydebugit="yes" elif test "x${enable_debug}" = "xgdb"; then if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" else mydebugdef="-g" fi mydebugit="yes" fi ] ) AC_SUBST(mydebugdef) sh_enable_asm=yes AC_ARG_ENABLE(asm, [ --disable-asm disable asm inline code], [ if test "x${enable_asm}" = xno; then sh_enable_asm=no fi ] ) if test "x${samhain_64_asm}" = xyes; then if test "x${sh_enable_asm}" = xyes; then AC_DEFINE([TIGER_OPT_ASM],1,[Define to use tiger x86_64 optimized assembly]) fi fi AC_ARG_ENABLE(ipv6, [ --disable-ipv6 disable ipv6 support], [ if test "x${enable_ipv6}" = xno; then AC_DEFINE(USE_IPV4,1,[Define if you do not want IPv6]) fi ] ) if test "x${dnmalloc_ok}" = "xyes"; then sh_dnmalloc_enabled=yes else sh_dnmalloc_enabled=no fi AC_ARG_ENABLE(dnmalloc, [ --disable-dnmalloc disable dnmalloc], [ if test "x${enable_dnmalloc}" = xno; then sh_dnmalloc_enabled=no else sh_dnmalloc_enabled=yes fi ] ) dnl Handle the problem that static linking against libc.a on Linux dnl produces the error "multiple definitions of malloc" dnl if test "x$sh_dnmalloc_enabled" = "xyes"; then if test x$enable_static = xyes; then if test "x$sh_no_gcc_static" = "xyes"; then sh_dnmalloc_enabled=no else if test "x$with_gnu_ld" = "xyes"; then LDFLAGS="$LDFLAGS -Wl,--allow-multiple-definition" else sh_dnmalloc_enabled=no fi fi fi fi if test "x${sh_dnmalloc_enabled}" = xno; then AC_DEFINE(USE_SYSTEM_MALLOC,1,[Define if you want to use the system malloc]) fi AC_ARG_ENABLE(ptrace, [ --enable-ptrace use anti-debugger options [[no]]], [ if test "x${enable_ptrace}" = xyes; then if test "x$mydebugit" != "xyes"; then AC_DEFINE(SCREW_IT_UP) fi fi ] ) dnl if test "x$GCC" = "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g\ " 2> /dev/null`" ; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` fi dnl if test ! -z "`echo "$CFLAGS" | grep "\-O2" 2> /dev/null`" ; then dnl CFLAGS=`echo $CFLAGS | sed 's%\-O2%\-O3%' ` dnl fi if test -z "`echo "$CFLAGS" | grep "\-Wall" 2> /dev/null`" ; then CFLAGS="$CFLAGS -Wall -W " fi if test -z "`echo "$CFLAGS" | grep "\-fstrength\-reduce" 2> /dev/null`" then if test -z "`echo "$CFLAGS" | grep "\-fno\-strength\-reduce" 2> /dev/null`" then CFLAGS="$CFLAGS -fno-strength-reduce" fi fi if test -z "`echo "$CFLAGS" | grep "\-fomit\-frame\-pointer" 2> /dev/null`" then if test -z "`echo "$CFLAGS" | grep "\-fno\-omit\-frame\-pointer" 2> /dev/null`" then CFLAGS="$CFLAGS -fno-omit-frame-pointer" fi fi fi dnl Test whether gcc supports -Wno-empty-body dnl Suppresses warnings from glibc pthread_cleanup_pop dnl GCC_WEMPTY_BODY AC_MSG_CHECKING([which random module to use]) AC_ARG_WITH(rnd, [ --with-rnd=[[egd|unix|dev|default]] random number generator [[default]]], [use_static_rnd=$withval], [use_static_rnd=default] ) if test "$use_static_rnd" = no; then use_static_rnd=default fi case "$use_static_rnd" in egd | dev | unix | default ) AC_MSG_RESULT($use_static_rnd) ;; * ) AC_MSG_RESULT([invalid argument]) AC_MSG_ERROR([Option --with-rnd=module used with unsupported module ${use_static_rnd}]) ;; esac AC_ARG_WITH(egd-socket, [ --with-egd-socket=NAME EGD socket name], egd_socket_name="$withval", egd_socket_name="" ) AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, _("$egd_socket_name") ) dnl dnl See whether the user wants to disable checking for /dev/random try_dev_random=yes case "$use_static_rnd" in dev | default ) try_dev_random=yes ;; egd) AC_DEFINE(HAVE_EGD_RANDOM) try_dev_random=no ;; unix) AC_DEFINE(HAVE_UNIX_RANDOM) try_dev_random=no ;; esac if test "x$try_dev_random" = "xyes"; then AC_MSG_CHECKING(whether /dev/random exists) if test -r "/dev/srandom" && test -c "/dev/srandom"; then AC_DEFINE(HAVE_URANDOM) AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/srandom") ) AC_MSG_RESULT(yes) if test -r "/dev/urandom" && test -c "/dev/urandom"; then AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) fi else if test -r "/dev/random" && test -c "/dev/random"; then AC_DEFINE(HAVE_URANDOM) AC_DEFINE_UNQUOTED(NAME_OF_DEV_RANDOM, _("/dev/random") ) AC_MSG_RESULT(yes) if test -r "/dev/urandom" && test -c "/dev/urandom"; then AC_DEFINE_UNQUOTED(NAME_OF_DEV_URANDOM, _("/dev/urandom") ) fi else AC_MSG_RESULT(no) AC_DEFINE(HAVE_UNIX_RANDOM) fi fi fi AC_ARG_ENABLE(udp, [ --enable-udp server can listen on port 514/udp [[no]]], [ if test "x${enable_udp}" = xyes; then AC_DEFINE(INET_SYSLOG) fi ] ) myencrypt=yes AC_ARG_ENABLE(encrypt, [ --disable-encrypt disable client/server encryption], [ if test "x${enable_encrypt}" = xno; then myencrypt=no elif test "x${enable_encrypt}" = "x1"; then myencrypt=1 fi ] ) if test "x${myencrypt}" = "xyes"; then AC_DEFINE(SH_ENCRYPT) AC_DEFINE(SH_ENCRYPT_2) elif test "x${myencrypt}" = "x1"; then AC_DEFINE(SH_ENCRYPT) fi sh_use_srp_proto=yes AC_ARG_ENABLE(srp, [ --disable-srp disable SRP for authentication], [ if test "x${enable_srp}" = xno; then sh_use_srp_proto=no fi ] ) if test "x${sh_use_srp_proto}" = xyes; then AC_DEFINE(USE_SRP_PROTOCOL) fi AC_ARG_WITH(port, [ --with-port=PORT set port to use for TCP/IP connection [[49777]]], [ echo "${withval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([For --with-port=PORT, PORT must be numeric.]) myport=${withval} ], [myport="49777"]) AC_DEFINE_UNQUOTED(SH_DEFAULT_PORT, ${myport}) AC_SUBST(myport) AC_ARG_WITH(logserver, [ --with-logserver=HOST set host address for log server [[none]]], [ case "$withval" in *.* | localhost) mylogsrv="$withval" ;; *) mylogsrv="$withval" ;; esac ], [mylogsrv="NULL"]) AC_DEFINE_UNQUOTED(DEFAULT_LOGSERVER, _("${mylogsrv}") ) AC_SUBST(mylogsrv) AC_ARG_WITH(altlogserver, [ --with-altlogserver=HOST set address for backup log server [[none]]], [ case "$withval" in *.* | localhost) myaltlogsrv="$withval" ;; *) myaltlogsrv="$withval" ;; esac ], [myaltlogsrv="NULL"]) AC_DEFINE_UNQUOTED(ALT_LOGSERVER, _("${myaltlogsrv}")) dnl dnl STEALTH OPTIONS dnl nocl_code= xor_code=0 AC_ARG_ENABLE(nocl, [ --enable-nocl=PW no CL parsing unless first CL argument is PW], [ if test "x${enableval}" != "x"; then AC_DEFINE(SH_STEALTH_NOCL) fi if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) fi if test "x${enableval}" = "xreload" || test "x${enableval}" = "xrestart"; then AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) fi if test "x${enableval}" = "xstatus"; then AC_MSG_ERROR([For --enable-nocl=PW start/stop/reload/restart/status are reserved words.]) fi if test "x${enableval}" = "xno"; then AC_MSG_ERROR([With --enable-nocl=PW, the use of --enable-nocl=no is ambiguous.]) fi nocl_code="${enable_nocl}" ] ) AC_DEFINE_UNQUOTED(NOCL_CODE, _("${nocl_code}") ) AC_SUBST(nocl_code) AC_ARG_ENABLE(stealth, [ --enable-stealth=XOR_VAL enable stealth mode [[no]]], [AC_DEFINE(SH_STEALTH) if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be numeric.]) if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then if test x"${enableval}" = x0 then : else AC_MSG_ERROR([For --enable-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.]) fi fi xor_code="${enable_stealth}" else xor_code=0 fi stegin_prg="samhain_stealth" ], [ stegin_prg= ] ) AC_ARG_ENABLE(micro-stealth, [ --enable-micro-stealth=XOR_VAL enable micro stealth mode [[no]]], [ AC_DEFINE(SH_STEALTH) AC_DEFINE(SH_STEALTH_MICRO) if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be numeric.]) if test "${enableval}" -lt 127 || test "${enableval}" -gt 255; then if test x"${enableval}" = x0 then : else AC_MSG_ERROR([For --enable-micro-stealth=XOR_VAL, XOR_VAL must be in the range 127 to 255.]) fi fi xor_code="${enable_micro_stealth}" else xor_code=0 fi ] ) install_name="samhain" INSTALL_NAME="SAMHAIN" AC_ARG_ENABLE(install-name, [ --enable-install-name=NAME name under which to install [[samhain|yule]]], [ if test "x${enableval}" != "xyes"; then install_name="${enableval}" INSTALL_NAME=`echo "${enableval}" | tr [a-z] [A-Z]` else install_name="${sh_main_prg}" INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` fi ], [ install_name="${sh_main_prg}" INSTALL_NAME=`echo "${sh_main_prg}" | tr [a-z] [A-Z]` ] ) need_user_install=0 AC_ARG_ENABLE(identity, [ --enable-identity=USER user if dropping root [[daemon]]], [ if test x"$enableval" = xno; then myident="daemon" else myident="$enableval" fi echo "${myident}" | grep ['[^0123456789]'] >/dev/null 2>&1 || \ AC_MSG_ERROR([With --enable-identity=USER, please supply a username, not a UID.]) myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" = x; then AC_MSG_WARN([Option --enable-identity used, user ${myident} will be added upon install.]) need_user_install=1 fi ], [ for myident in ${install_name} daemon nobody; do AC_MSG_CHECKING(for user ${myident}) myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" != x; then AC_MSG_RESULT(yes) break; else AC_MSG_RESULT(no) fi done if test x"${myident_uid}" = x; then myident=${install_name} AC_MSG_WARN([--enable-identity: user ${myident} will be added upon install]) need_user_install=1 fi ]) AC_DEFINE_UNQUOTED(DEFAULT_IDENT, _("${myident}") ) AC_SUBST(myident) AC_SUBST(need_user_install) sh_insmod_cmd=": # no kernel module" sh_insmod_pre=": # no kernel module" sh_lkm="" lkm_inc="" khidemap="/boot/System.map" sh_syscalltable="0x0" AC_ARG_ENABLE(khide, [ --enable-khide=SYSTEM_MAP use kernel module to hide (Linux only)[[/boot/System.map]]], [ if test "x${enable_khide}" != xno; then kernel_testsupport=`uname -r | sed s,^3.*,LINUX3,` if test "x${kernel_testsupport}" = "xLINUX3"; then AC_MSG_ERROR([The --enable-khide option is not supported on Linux kernel version 3.x or above.]) fi if test "x${enableval}" != "xyes"; then khidemap="${enableval}" fi sh_syscalltable=`egrep '(D|d|R|r) sys_call_table' ${khidemap} | awk '{print $1}'` if test x"$sh_syscalltable" = x; then AC_MSG_ERROR([Option --enable-khide cannot be used since the symbol sys_call_table was not found in ${khidemap}.]) fi sh_syscalltable="0x${sh_syscalltable}" install_name_len=`echo ${install_name} | awk '{ print(length()); }'` if test "${install_name_len}" -gt 15 ; then AC_MSG_ERROR([If --enable-khide is used, install_name must not exceed a length of 15 chars.]) fi AC_DEFINE(SH_USE_LKM) AC_DEFINE_UNQUOTED(SH_MAGIC_HIDE, "${install_name}") # -- NEW -- kernel_version=`uname -r | sed s,2.6.*,LINUX26,` kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` AC_DEFINE_UNQUOTED(SH_KERNEL_NUMERIC, ${kernel_numeric}, [Kernel number]) if test x"$kernel_version" = xLINUX26 then AC_MSG_CHECKING([for modlist_lock]) sh_modlist_lock=`egrep ['[bd] modlist_lock$'] ${khidemap} | awk '{print $1}'` if test x"$sh_modlist_lock" = x; then AC_MSG_RESULT(no) else sh_modlist_lock="0x${sh_modlist_lock}" AC_MSG_RESULT([${sh_modlist_lock}]) AC_DEFINE_UNQUOTED(SH_MODLIST_LOCK, ${sh_modlist_lock}, [The address of the modules list spinlock]) fi AC_MSG_CHECKING([for module_mutex]) sh_modlist_mutex=`egrep ['[bd] module_mutex$'] ${khidemap} | awk '{print $1}'` if test x"$sh_modlist_mutex" = x; then AC_MSG_RESULT(no) else sh_modlist_mutex="0x${sh_modlist_mutex}" AC_MSG_RESULT([${sh_modlist_mutex}]) AC_DEFINE_UNQUOTED(SH_MODLIST_MUTEX, ${sh_modlist_mutex}, [The address of the modules list mutex]) fi sh_list_modules=`egrep 'd modules$' ${khidemap} | awk '{print $1}'` if test x"$sh_list_modules" = x; then AC_MSG_ERROR([Option --enable-khide cannot be used, since the symbol modules was not found in ${khidemap}.]) fi sh_list_modules="0x${sh_list_modules}" AC_DEFINE_UNQUOTED(SH_LIST_MODULES, ${sh_list_modules}, [The address of the modules list]) AC_DEFINE(LINUX26, 1, [Define if kernel is 2.6]) sh_insmod_cmd="modprobe ${install_name}_hide" sh_lkm="samhain_hide.ko" else sh_insmod_cmd="insmod ${install_name}_hide; insmod ${install_name}_erase; rmmod ${install_name}_erase" sh_lkm="samhain_hide.o samhain_erase.o" fi # -- END NEW -- kvers=`uname -r` if test -f /lib/modules/${kvers}/build/include/linux/kernel.h; then lkm_inc="-I/lib/modules/${kvers}/build/include" else AC_MSG_WARN([--enable-khide: /lib/modules/${kvers}/build/include/linux not found]) AC_MSG_WARN([--enable-khide: You may need to install the kernel-source]) AC_MSG_WARN([--enable-khide: headers for the currently-running kernel.]) fi AC_MSG_CHECKING([for 2.4 vanilla kernel]) sh_is_vanilla_kernel=yes if test -f /lib/modules/${kvers}/build/include/linux/sched.h; then grep 'next_task,' /lib/modules/${kvers}/build/include/linux/sched.h >/dev/null 2>&1 || sh_is_vanilla_kernel=no fi if test x"${sh_is_vanilla_kernel}" = xno; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) AC_DEFINE(SH_VANILLA_KERNEL) fi fi ] ) AC_SUBST(install_name) AC_SUBST(INSTALL_NAME) AC_SUBST(stegin_prg) AC_SUBST(xor_code) AC_DEFINE_UNQUOTED(XOR_CODE, ${xor_code}) AC_DEFINE_UNQUOTED(SH_SYSCALLTABLE, ${sh_syscalltable}) exepack_state0=`${srcdir}/c_random.sh 2>/dev/null` exepack_state1=`${srcdir}/c_random.sh 2>/dev/null` exepack_state2=`${srcdir}/c_random.sh 2>/dev/null` AC_DEFINE_UNQUOTED(EXEPACK_STATE_0, ${exepack_state0}) AC_DEFINE_UNQUOTED(EXEPACK_STATE_1, ${exepack_state1}) AC_DEFINE_UNQUOTED(EXEPACK_STATE_2, ${exepack_state2}) AC_ARG_ENABLE(suidcheck, [ --enable-suidcheck check for suid/sgid files [[no]]], [ if test "x${enableval}" = "xyes"; then AC_DEFINE(SH_USE_SUIDCHK) fi ] ) systemmap="/boot/System.map" sh_libkvm="" AC_ARG_WITH(kcheck, [ --with-kcheck[[=SYSTEM_MAP]] check Linux/FreeBSD/OpenBSD kernel integrity [[/boot/System.map]]], [ if test "x${withval}" != "xno"; then AC_DEFINE(SH_USE_KERN) kernel_numeric=`uname -r | sed 's%-%.%g' | sed 's%_%.%g' | awk -F. '{ print $1*65536+$2*256+$3 }'` AC_DEFINE_UNQUOTED(SH_KERNEL_NUMBER, ${kernel_numeric}, [Kernel number]) kernelversion=`uname -r` AC_DEFINE_UNQUOTED(SH_KERNEL_VERSION, _("${kernelversion}"), [Define the kernel version]) if test "x${withval}" != "xyes"; then systemmap="${withval}" fi if test "x${cross_compiling}" = xyes; then : elif test "x$selectconfig" = "xfreebsd"; then LIBS="$LIBS -lkvm" sh_libkvm="-lkvm" elif test -f "${systemmap}"; then test_kmap_open=no if test -c /dev/kmem; then AC_MSG_CHECKING([whether /dev/kmem is useable]) dd bs=4 count=16 if=/dev/kmem of=/dev/null >/dev/null 2>&1 if test $? -eq 0; then test_kmap_open=yes fi AC_MSG_RESULT([${test_kmap_open}]) fi if test x"${test_kmap_open}" = xno; then # need kernel module if test -f /lib/modules/${kernelversion}/build/include/linux/kernel.h; then lkm_inc="-I/lib/modules/${kernelversion}/build/include" else AC_MSG_WARN([--enable-khide: /lib/modules/${kernelversion}/build/include/linux not found]) AC_MSG_WARN([--enable-khide: You may need to install the kernel-source]) AC_MSG_WARN([--enable-khide: headers for the currently-running kernel.]) fi AC_MSG_CHECKING([for vmlist_lock]) sh_vmlist_lock=`egrep ['[bdBD] vmlist_lock$'] ${systemmap} | awk '{print $1}'` if test x"$sh_vmlist_lock" = x; then AC_MSG_RESULT(no) else sh_vmlist_lock="0x${sh_vmlist_lock}" AC_MSG_RESULT([${sh_vmlist_lock}]) AC_DEFINE_UNQUOTED(SH_VMLIST_LOCK, ${sh_vmlist_lock}, [The address of the vmlist spinlock]) fi AC_MSG_CHECKING([for vmlist]) sh_vmlist=`egrep ['[bdBD] vmlist$'] ${systemmap} | awk '{print $1}'` if test x"$sh_vmlist" = x; then AC_MSG_RESULT(no) else sh_vmlist="0x${sh_vmlist}" AC_MSG_RESULT([${sh_vmlist}]) AC_DEFINE_UNQUOTED(SH_VMLIST, ${sh_vmlist}, [The address of the vmlist]) fi sh_lkm="${sh_lkm} samhain_kmem.ko" sh_insmod_pre="modprobe ${install_name}_kmem" fi else AC_MSG_ERROR([Option --with-kcheck=systemmap cannot be used, because system map ${systemmap} does not exist.]) fi fi ] ) AC_SUBST(lkm_inc) AC_SUBST(sh_lkm) AC_SUBST(sh_insmod_cmd) AC_SUBST(sh_insmod_pre) AC_SUBST(systemmap) AC_SUBST(sh_libkvm) AC_ARG_ENABLE(base, [ --enable-base=B1,B2 base key (0...2147483647)], [ AC_MSG_CHECKING(base key setting) my_key_A=`echo ${enableval} | awk 'BEGIN{FS=","}{print $1}'` my_key_B=`echo ${enableval} | awk 'BEGIN{FS=","}{print $2}'` AC_MSG_RESULT(${my_key_A} ${my_key_B}) if test "x${my_key_A}" = x; then AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid first base key (zero length).]) fi if test "x${my_key_B}" = x; then AC_MSG_ERROR([Option --enable-base=B1,B2 used with invalid second base key (zero length).]) fi echo "${my_key_A}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647.]) echo "${my_key_B}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647.]) ], [ AC_MSG_CHECKING(base key setting .. collecting entropy) my_key_1=`${srcdir}/c_random.sh 2>/dev/null` my_key_2=`${srcdir}/c_random.sh 2>/dev/null` my_key_3=`${srcdir}/c_random.sh 2>/dev/null` my_key_4=`${srcdir}/c_random.sh 2>/dev/null` my_key_A=`expr $my_key_1 \* 32767` my_key_A=`echo ${my_key_A} | sed 's%^0*%%g' 2>/dev/null` my_key_A=`expr $my_key_A \+ $my_key_2` my_key_B=`expr $my_key_3 \* 32767` my_key_B=`echo ${my_key_B} | sed 's%^0*%%g' 2>/dev/null` my_key_B=`expr $my_key_B \+ $my_key_4` AC_MSG_RESULT(${my_key_A} ${my_key_B}) ] ) AC_SUBST(my_key_A) AC_SUBST(my_key_B) dnl low bytes my_key_1=`expr $my_key_A \% 65536` dnl high bytes my_key_2=`expr $my_key_A \/ 65536` dnl low bytes my_key_3=`expr $my_key_B \% 65536` dnl high bytes my_key_4=`expr $my_key_B \/ 65536` dnl echo ${my_key_1} ${my_key_2} ${my_key_3} ${my_key_4} dnl touch ./sh_MK.h dnl echo "#ifndef SH_MK_H" >> ./sh_MK.h dnl echo "#define SH_MK_H" >> ./sh_MK.h dnl ${srcdir}/c_bits.sh ${my_key_1} MKB >> ./sh_MK.h dnl ${srcdir}/c_bits.sh ${my_key_2} MKA >> ./sh_MK.h dnl ${srcdir}/c_bits.sh ${my_key_3} MKC >> ./sh_MK.h dnl ${srcdir}/c_bits.sh ${my_key_4} MKD >> ./sh_MK.h dnl echo "#endif" >> ./sh_MK.h AC_SUBST(my_key_1) AC_SUBST(my_key_2) AC_SUBST(my_key_3) AC_SUBST(my_key_4) AC_MSG_CHECKING(key position) pos_tf_1=`${srcdir}/c_random.sh 2>/dev/null` pos_tf_2=`expr $pos_tf_1 \% 8` pos_tf=`expr $pos_tf_2 + 1` AC_MSG_RESULT(${pos_tf}) AC_DEFINE_UNQUOTED(POS_TF, ${pos_tf} ) mykeybase=`echo ${my_key_A},${my_key_B}` AC_DEFINE_UNQUOTED(DEFKEY, ${mykeybase} ) AC_SUBST(mykeybase) dnl dnl GPG/PGP options dnl AC_ARG_WITH(gpg, [ --with-gpg=PATH use GnuPG to verify database/config [[no]]], [ if test "x${withval}" != "xno"; then if test "x${cross_compiling}" = xyes; then mygpg="${withval}" else if test -f "${withval}"; then mygpg="${withval}" mychk0=`${withval} --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` if test "x$?" != "x0"; then mychktest=no for sampre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do if test x"${mychktest}" = xyes then : else if test -f ${sampre} then echo "use existing ${sampre} for gpg checksum" mychk0=`${sampre} -H ${withval} 2>/dev/null` if test "x$?" != "x0"; then if test "x${nocl_code}" != "x"; then mychk0=`echo -H ${withval} | ${sampre} ${nocl_code} 2>/dev/null` if test "x$?" != "x0"; then : else mychk="${mychk0}" mychktest=yes fi fi else mychk="${mychk0}" mychktest=yes fi fi fi done if test x${mychktest} = xno; then AC_MSG_WARN([--with-gpg: cannot determine TIGER192 checksum of ${withval}]) echo "-------------------------------------------------------------" echo " Your gpg binary does not support the TIGER192 checksum, " echo " and I cannot find an existing samhain binary to use instead." echo " You can:" echo " (a) run make to compile a samhain binary, then repeat" echo " ./configure and make" echo " (b) ignore the failure. The checksum of the gpg binary" echo " will not get compiled in, thus allowing an attacker" echo " to replace gpg with a trojan and subverting the gpg" echo " signature verification of configure and database files." echo echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" echo "-------------------------------------------------------------" fi else mychk="${mychk0}" fi else AC_MSG_ERROR([--with-gpg: cannot find GnuPG PATH=${withval}]) fi fi AC_DEFINE(WITH_GPG) AC_DEFINE_UNQUOTED(DEFAULT_GPG_PATH, _("${mygpg}") ) AC_SUBST(mygpg) fi ] ) AC_ARG_WITH(keyid, [ --with-keyid=KEYID specify KeyID (0x...) for GPG/PGP functions [[none]]], [ if test "x${withval}" != "x"; then echo "${withval}" | awk '{if((length($0)==10)||(length($0)==18)){exit 2}else{exit 0}}' && AC_MSG_ERROR([--with-keyid:${withval} must be "0x" + 8|16 hex digits]) echo "${withval}" | grep ['[^0][^x][^0123456789ABCDEFabcdef]'] >/dev/null 2>&1 && AC_MSG_ERROR([--with-keyid:${withval} must be "0x" + 8|16 hex digits]) mykeyid="$withval" mykeytag="--default-key" else mykeyid="" mykeytag="" fi AC_SUBST(mykeyid) AC_SUBST(mykeytag) ] ) dnl AC_ARG_WITH(pgp, dnl [ --with-pgp=PATH Use PGP to verify database/config (no).], dnl [myppg="$withval" dnl AC_DEFINE(WITH_PGP) dnl AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") ) dnl ]) AC_ARG_WITH(checksum, [ --with-checksum=CHKSUM compile in gpg/pgp checksum [[yes]]], [ if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then if test "x${mychk}" != "x"; then if test "x${mychk}" != "x${withval}"; then AC_MSG_WARN([--with-checksum: possible gpg CHKSUM problem]) AC_MSG_WARN([--with-checksum: CHKSUM=${withval}]) AC_MSG_WARN([--with-checksum: autodetected=${mychk}]) fi fi mychk="${withval}" else if test "x${mychk}" = "x"; then AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.]) fi fi AC_DEFINE(HAVE_GPG_CHECKSUM) AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h fi ], [ if test "x${mygpg}" != "x"; then if test "x${mychk}" != "x"; then AC_DEFINE(HAVE_GPG_CHECKSUM) AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h fi fi ] ) AC_ARG_WITH(fp, [ --with-fp=FINGERPRINT compile in public key fingerprint [[no]]], [ if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then withval0=`echo ${withval} | sed 's% %%g'` echo "${withval0}" | \ grep ['[^0123456789abcdefABCDEF]'] >/dev/null 2>&1 && AC_MSG_ERROR([In option --with-fp=FINGERPRINT, there is an invalid character(s) in FINGERPRINT=${withval0}.]) sh_len=`echo ${withval0} | wc -c | sed 's% %%g'` sh_len0=`expr ${sh_len} \- 1` if test "x${sh_len0}" = "x40" || test "x${sh_len0}" = "x32" then myfp="${withval0}" AC_DEFINE(USE_FINGERPRINT) AC_DEFINE_UNQUOTED(SH_GPG_FP, _("${myfp}") ) echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h else AC_MSG_ERROR([In option --with-fp=FINGERPRINT, the length (${sh_len0}) of FINGERPRINT ${withval0} is incorrect.]) fi else AC_MSG_ERROR([For option --with-fp=FINGERPRINT, FINGERPRINT=yes is invalid, please specify a valid key fingerprint.]) fi fi ]) dnl dnl MAIL OPTIONS dnl AC_ARG_WITH(recipient, [ --with-recipient=ADDR set recipient(s) for e-mail [[none]]], [ withval0=`echo ${withval} | sed 's%,% %g'` for sh_item in ${withval0} do case ${sh_item} in *@localhost) ;; *@*.*) sh_tmp=`echo ${sh_item} | awk '{ if ($1 ~ [/^[a-zA-Z0-9][a-zA-Z0-9\-_\.]*@[a-zA-Z0-9\-\.]+\.([a-zA-Z]+|[0-9]+)$/]) {print 1; } else { print 0}}'` if test "x${sh_tmp}" != "x1" then AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.]) fi ;; *) AC_MSG_ERROR([Option --with-recipient=ADDR used with invalid mail address ${sh_item}.]) ;; esac done myrcp="$withval0" ], [myrcp="NULL"]) AC_DEFINE_UNQUOTED(DEFAULT_MAILADDRESS, _("${myrcp}") ) AC_ARG_WITH(sender, [ --with-sender=SENDER set sender for e-mail [[daemon]]], [ mysender="${withval}" ], [ mysender="daemon" ]) AC_DEFINE_UNQUOTED(DEFAULT_SENDER, _("${mysender}") ) dnl dnl PATHS dnl AC_ARG_WITH(trusted, [ --with-trusted=UID Set uid(s) of trusted users [[0]]], [ sh_tmp_test=no sh_tmp=`echo ${withval} | sed 's%,% %g'` for sh_tmp1 in ${sh_tmp} do echo "${sh_tmp1}" | grep ['[^0123456789]'] >/dev/null 2>&1 && AC_MSG_ERROR([Option --with-trusted=UID used with non-numeric UID in ${withval}.]) if test "x${sh_tmp1}" = "x0" then sh_tmp_test=yes fi done if test "x${sh_tmp_test}" = "xno" then withval="0,${withval}" fi mytrust="${withval}" ], [mytrust="0"] ) AC_DEFINE_UNQUOTED(SL_ALWAYS_TRUSTED, ${mytrust} ) AC_SUBST(mytrust) mytmpdir= AC_ARG_WITH(tmp-dir, [ --with-tmp-dir=PFX set directory for temporary files [[HOME]]], [ if test "x${cross_compiling}" = xyes; then mytmpdir="$withval" AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${mytmpdir}") ) else if test -d "${withval}"; then mytmpdir="$withval" AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${mytmpdir}") ) else mytmpdir="$withval" AC_DEFINE_UNQUOTED(SH_TMPDIR, _("${mytmpdir}") ) AC_MSG_WARN([--with-tmp-dir: tmp directory ${withval} does not exist]) fi fi ] ) AC_SUBST(mytmpdir) dnl dnl PATH DEFAULTS dnl if test "x${ac_prefix_set}" = xyes then if test "x${exec_prefix}" = xNONE then exec_prefix="${prefix}" fi if test "x${prefix}" = xOPT then tmp_sbindir="/opt/${install_name}/bin" tmp_sysconfdir="/etc/opt" tmp_mandir="/opt/${install_name}/man" tmp_localstatedir="/var/opt/${install_name}" elif test "x${prefix}" = xUSR then tmp_sbindir="/usr/sbin" tmp_sysconfdir="/etc" tmp_mandir="/usr/share/man" tmp_localstatedir="/var" else tmp_sbindir=`eval echo ${sbindir}` tmp_sysconfdir=`eval echo ${sysconfdir}` tmp_mandir=`eval echo ${mandir}` tmp_localstatedir=`eval echo ${localstatedir}` fi else prefix="" if test "x${ac_exec_prefix_set}" = xyes then tmp_sbindir=`eval echo ${sbindir}` else tmp_sbindir="/usr/local/sbin" fi tmp_sysconfdir="/etc" # share/man -> man (FHS) 11.10.2002 tmp_mandir="/usr/local/man" tmp_localstatedir="/var" fi if test "x${ac_sbindir_set}" = xyes then : else sbindir=`eval echo ${tmp_sbindir}` fi if test "x${ac_sysconfdir_set}" = xyes then : else sysconfdir=`eval echo ${tmp_sysconfdir}` fi if test "x${ac_mandir_set}" = xyes then : else mandir=`eval echo ${tmp_mandir}` fi if test "x${ac_localstatedir_set}" = xyes then : else localstatedir=`eval echo ${tmp_localstatedir}` fi AC_ARG_WITH(config-file, [ --with-config-file=FILE configuration file [[/etc/{install_name}rc]]], [ myconffile="${withval}" changequote(<<, >>)dnl tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` sysconfdir=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` myrpmconffile="${tmp}" changequote([, ])dnl ], [ myconffile="${sysconfdir}/${install_name}rc" myrpmconffile="${myconffile}" ] ) AC_DEFINE_UNQUOTED(DEFAULT_CONFIGFILE, _("${myconffile}") ) AC_SUBST(myconffile) AC_SUBST(myrpmconffile) AC_ARG_WITH(log-file, [ --with-log-file=FILE path of log file [[/var/log/{install_name}_log]]], [ mylogfile="$withval" changequote(<<, >>)dnl mylogdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` changequote([, ])dnl ], [ if test "x${mytclient}" = "x-DSH_WITH_SERVER"; then mylogfile="${localstatedir}/log/${install_name}/${install_name}_log" mylogdir="${localstatedir}/log/${install_name}" else mylogfile="${localstatedir}/log/${install_name}_log" mylogdir="${localstatedir}/log" fi ] ) AC_DEFINE_UNQUOTED(DEFAULT_ERRFILE, _("${mylogfile}") ) AC_DEFINE_UNQUOTED(DEFAULT_LOGDIR, _("${mylogdir}") ) AC_SUBST(mylogfile) AC_SUBST(mylogdir) AC_ARG_WITH(pid-file, [ --with-pid-file=FILE set path of pid file [[/var/run/{install_name}.pid]]], [ mylockfile="$withval" changequote(<<, >>)dnl mylockdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` changequote([, ])dnl ], [ if test -h /var/run && test -d /run; then mylockfile="/run/${install_name}.pid" mylockdir="/run" else mylockfile="${localstatedir}/run/${install_name}.pid" mylockdir="${localstatedir}/run" fi ] ) AC_DEFINE_UNQUOTED(DEFAULT_ERRLOCK, _("${mylockfile}") ) AC_DEFINE_UNQUOTED(DEFAULT_PIDDIR, _("${mylockdir}") ) AC_SUBST(mylockfile) AC_SUBST(mylockdir) AC_ARG_WITH(state-dir, [ --with-state-dir=PFX set state data directory [[/var/lib/{install_name}]]], [ mydataroot="$withval" ], [ mydataroot="${localstatedir}/lib/${install_name}" ] ) AC_ARG_WITH(data-file, [ --with-data-file=FILE set path of data file], [ mydatafile="$withval" changequote(<<, >>)dnl tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` mydataroot=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` myrpmdatafile="${tmp}" changequote([, ])dnl if test x"${tmp}" = x then echo "No local path in data file ${withval}" echo "This will not work for initializing the database." if test x"${withval}" = xREQ_FROM_SERVER then echo "It should be REQ_FROM_SERVER/some/local/path" fi AC_MSG_ERROR([Option --with-data-file=FILE used with invalid path ${withval}.]) fi ], [ mydatafile="${mydataroot}/${install_name}_file" myrpmdatafile="${mydatafile}" ]) AC_DEFINE_UNQUOTED(DEFAULT_DATA_FILE, _("${mydatafile}") ) AC_SUBST(mydatafile) AC_SUBST(myrpmdatafile) AC_DEFINE_UNQUOTED(DEFAULT_DATAROOT, _("${mydataroot}") ) AC_SUBST(mydataroot) AC_DEFINE_UNQUOTED(DEFAULT_QDIR, _("${mydataroot}/.quarantine") ) AC_SUBST(myqdir) AC_ARG_WITH(html-file, [ --with-html-file=FILE set path of html file,], [ myhtmlfile="$withval" ], [ myhtmlfile="${mylogdir}/${install_name}.html" ]) AC_DEFINE_UNQUOTED(DEFAULT_HTML_FILE, _("${myhtmlfile}") ) AC_SUBST(myhtmlfile) mydefargs=$ac_configure_args # if test -z "`echo "$mydefargs" | grep "\-\-enable\-static" 2> /dev/null`" # then # mydefargs="--enable-static $mydefargs" # fi if test -z "`echo "$mydefargs" | grep "\-\-enable\-base" 2> /dev/null`" then mydefargs="--enable-base=${mykeybase} $mydefargs" fi AC_SUBST(mydefargs) AC_DEFINE_UNQUOTED(SH_INSTALL_DIR, _("${sbindir}")) AC_DEFINE_UNQUOTED(SH_INSTALL_PATH, _("${sbindir}/${install_name}")) AC_DEFINE_UNQUOTED(SH_INSTALL_NAME, _("${install_name}")) AC_CONFIG_HEADER(config.h) AC_OUTPUT( [ Makefile samhain-install.sh init/samhain.startLSB init/samhain.startLinux init/samhain.startGentoo init/samhain.startFreeBSD init/samhain.startSolaris init/samhain.startHPUX init/samhain.startIRIX init/samhain.startMACOSX samhain.spec rules.deb rules.deb-light hp_ux.psf scripts/logrotate scripts/samhain.spec scripts/redhat_i386.client.spec scripts/samhain.ebuild scripts/samhain.ebuild-light scripts/samhainadmin.pl scripts/yuleadmin.pl scripts/check_samhain.pl deploy.sh ], [ echo timestamp > stamp-h chmod +x samhain-install.sh chmod +x scripts/samhainadmin.pl chmod +x scripts/yuleadmin.pl chmod +x scripts/check_samhain.pl ] ) chmod +x deploy.sh if test "x${cross_compiling}" = xyes then echo "--------------------------------------------------------------" echo echo "You are using a cross-compiler. The following system dependent" echo "values may have been set to default values that may be" echo "incorrect for your target system: " echo echo "ac_cv_c_bigendian bigendian byte order ${ac_cv_c_bigendian}" echo "ac_cv_c_long_double long double exists ${ac_cv_c_long_double}" echo "ac_cv_sizeof_char_p size of pointer to char ${ac_cv_sizeof_char_p}" echo "ac_cv_sizeof_char_p size of size_t ${ac_cv_sizeof_size_t}" echo "ac_cv_sizeof_unsigned_int size of unsigned int ${ac_cv_sizeof_unsigned_int}" echo "ac_cv_sizeof_unsigned_long size of unsigned long ${ac_cv_sizeof_unsigned_long}" echo "ac_cv_sizeof_unsigned_short size of unsigned short ${ac_cv_sizeof_unsigned_short}" echo echo "If these values are incorrect, change them in the file " echo "config.cache and run configure again." echo echo "--------------------------------------------------------------" fi if test x${silent} != xyes then # A=`eval echo ${sbindir}` ; A=`eval echo ${A}` # B=`eval echo ${myconffile}` ; B=`eval echo ${B}` # C=`eval echo ${mandir}` ; C=`eval echo ${C}` # D=`eval echo ${mylockfile}` ; D=`eval echo ${D}` # E=`eval echo ${mylogfile}` ; E=`eval echo ${E}` # F=`eval echo ${mydataroot}` ; F=`eval echo ${F}` echo echo " samhain has been configured as follows:" echo " System binaries: ${sbindir}" echo " Configuration file: ${myconffile}" echo " Manual pages: ${mandir}" echo " Data: ${mydataroot}" echo " PID file: ${mylockfile}" echo " Log file: ${mylogfile}" echo " Base key: ${mykeybase}" if test x"$mykeyid" != x then echo " target GPG/PGP key: ${mykeyid}" fi echo if test x"$mytclient" = x"-DSH_WITH_SERVER" then echo " Selected rc file: yulerc" else echo " Selected rc file: samhainrc.${selectconfig}" fi fi samhain-3.1.0/config.guess0000755000175000017500000012763711664647021012423 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. timestamp='2009-12-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner. Please send patches (context # diff format) to and include a ChangeLog # entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else echo ${UNAME_MACHINE}-unknown-linux-gnueabi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: samhain-3.1.0/c_bits.sh0000755000175000017500000000436710132006064011660 00000000000000#! /bin/sh # get bits of $1 # make sure it fits in 16 bit ORIG=`expr $1 \% 65536` # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # 1 2 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 N=0 N=`expr $ORIG \/ 32768` N_16=$N if test "x$N" = "x1"; then echo "#define $2_16 1" fi ORIG=`expr $ORIG \- $N_16 \* 32768` N=`expr $ORIG / 16384` N_15=$N if test "x$N" = "x1"; then echo "#define $2_15 1" fi ORIG=`expr $ORIG \- $N_15 \* 16384` N=`expr $ORIG \/ 8192` N_14=$N if test "x$N" = "x1"; then echo "#define $2_14 1" fi ORIG=`expr $ORIG \- $N_14 \* 8192` N=`expr $ORIG \/ 4096` N_13=$N if test "x$N" = "x1"; then echo "#define $2_13 1" fi ORIG=`expr $ORIG \- $N_13 \* 4096` N=`expr $ORIG \/ 2048` N_12=$N if test "x$N" = "x1"; then echo "#define $2_12 1" fi ORIG=`expr $ORIG \- $N_12 \* 2048` N=`expr $ORIG \/ 1024` N_11=$N if test "x$N" = "x1"; then echo "#define $2_11 1" fi ORIG=`expr $ORIG \- $N_11 \* 1024` N=`expr $ORIG \/ 512` N_10=$N if test "x$N" = "x1"; then echo "#define $2_10 1" fi ORIG=`expr $ORIG \- $N_10 \* 512` N=`expr $ORIG \/ 256` N_09=$N if test "x$N" = "x1"; then echo "#define $2_09 1" fi ORIG=`expr $ORIG \- $N_09 \* 256` N=`expr $ORIG \/ 128` N_08=$N if test "x$N" = "x1"; then echo "#define $2_08 1" fi ORIG=`expr $ORIG \- $N_08 \* 128` N=`expr $ORIG \/ 64` N_07=$N if test "x$N" = "x1"; then echo "#define $2_07 1" fi ORIG=`expr $ORIG \- $N_07 \* 64` N=`expr $ORIG \/ 32` N_06=$N if test "x$N" = "x1"; then echo "#define $2_06 1" fi ORIG=`expr $ORIG \- $N_06 \* 32` N=`expr $ORIG \/ 16` N_05=$N if test "x$N" = "x1"; then echo "#define $2_05 1" fi ORIG=`expr $ORIG \- $N_05 \* 16` N=`expr $ORIG \/ 8` N_04=$N if test "x$N" = "x1"; then echo "#define $2_04 1" fi ORIG=`expr $ORIG \- $N_04 \* 8` N=`expr $ORIG \/ 4` N_03=$N if test "x$N" = "x1"; then echo "#define $2_03 1" fi ORIG=`expr $ORIG \- $N_03 \* 4` N=`expr $ORIG \/ 2` N_02=$N if test "x$N" = "x1"; then echo "#define $2_02 1" fi ORIG=`expr $ORIG \- $N_02 \* 2` N=`expr $ORIG \/ 1` N_01=$N if test "x$N" = "x1"; then echo "#define $2_01 1" fi ORIG=`expr $ORIG \- $N_01 \* 1` # # obsolete # # echo ${N_01} ${N_02} ${N_03} ${N_04} ${N_05} ${N_06} ${N_07} ${N_08} ${N_09} ${N_10} ${N_11} ${N_12} ${N_13} ${N_14} ${N_15} ${N_16} exit 0 samhain-3.1.0/samhainrc.aix5.2.00000644000175000017500000001274011705341273013116 00000000000000##################################################################### # # AIX 5.2.0 configuration file for Samhain. # #################################################################### # # Date : 23.10.2003 # Author : Christoph Kiefer (chkiefer@intergga.ch) # Comment : Samhain client configuration file. Should work # for AIX 5.1.0. The Samhain version is 1.7.12 # This configuration fits MY needs, YOU will # probably have to modify it. # # Changes : Date Name Remarks # 23.10.2003 Christoph Kiefer Initial Version # ##################################################################### # # -- empty lines and lines starting with '#', ';' or '//' are ignored # -- boolean options can be Yes/No or True/False or 1/0 # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # SETUP for file system checking: # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) Section [EventSeverity]: # To each policy, you can assign a severity (further below). # (iii) Section [Log]: # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). ##################################################################### ##################################################################### # # Files are defined with: file = /absolute/path # # Directories are defined with: dir = /absolute/path # or with an optional recursion depth (N <= 99): dir = N/absolute/path # # Directory inodes are checked. If you only want to check files # in a directory, but not the directory inode itself, use (e.g.): # # [ReadOnly] # dir = /some/directory # [IgnoreAll] # file = /some/directory # # You can use shell-style globbing patterns, like: file = /path/foo* # ###################################################################### [Misc] MessageHeader="" RedefLogFiles=-INO SetFilecheckTime=3600 SetLoopTime=3600 SetRecursionLevel=99 DigestAlgo=SHA1 ChecksumTest=check SetTimeServer=localhost ReportFullDetail=no Daemon=yes HideSetup=yes ReportOnlyOnce=yes UseLocalTime=yes ## The Prelude-IDS profile to use for reporting ## default value is "samhain" # # PreludeProfile = samhain ## Map these samhain severities to impact severity 'info' severity # # PreludeMapToInfo = ## Map these samhain severities to impact severity 'low' severity # # PreludeMapToLow = debug info ## Map these samhain severities to impact severity 'medium' severity # # PreludeMapToMedium = notice warn err ## Map these samhain severities to impact severity 'high' severity # # PreludeMapToHigh = crit alert [IgnoreAll] dir=-1/etc/objrepos dir=-1/etc/vg dir=-1/dev/.SRC-unix dir=-1/dev/pts dir=-1/opt dir=-1/tmp dir=-1/usr/share/lib/objrepos dir=-1/usr/share/man dir=-1/var/adm/cron dir=-1/var/tmp file=/dev/log* [Attributes] file=/etc/lpp/diagnostics/data/* file=/audit/auditb file=/dev # file=/etc/bootpd.dump file=/etc/bootptab file=/etc/inittab file=/etc/xtab dir=/dev dir=/usr/dt dir=/usr/lib/instl dir=/usr/lib/lpd dir=/usr/lib/mh dir=/usr/lib/sa dir=/usr/lpp [LogFiles] file=/etc/rmtab file=/etc/security/failedlogin file=/etc/security/lastlog file=/etc/security/portlog file=/etc/utmp # file=/smit.log file=/var/adm/*log* file=/var/adm/ras/*log* file=/var/adm/wtmp file=/var/log/*log* [IgnoreNone] file=/etc/tsh_profile [ReadOnly] dir=/etc/security/ldap file=/etc/*.cnf file=/etc/*conf* file=/etc/aliases file=/etc/dumpdates file=/etc/environment file=/etc/exports file=/etc/filesystems file=/etc/ftpusers file=/etc/group file=/etc/hosts* file=/etc/motd file=/etc/passwd file=/etc/profile file=/etc/protocols file=/etc/publickey file=/etc/rc.* file=/etc/rpc file=/etc/security/acl file=/etc/security/environ file=/etc/security/group file=/etc/security/limits file=/etc/security/login.cfg file=/etc/security/passwd file=/etc/security/roles file=/etc/security/smitacl.* file=/etc/security/user* file=/etc/sendmail.cf file=/etc/services file=/etc/sudoers file=/etc/swapspaces file=/etc/vfs # file=/smit.script dir=/etc/mail dir=/etc/rc.d dir=/etc/security/audit dir=/home/root dir=/sbin dir=/usr/X11R6 dir=/usr/bin dir=/usr/ccs dir=/usr/etc dir=/usr/include dir=/usr/lib/boot dir=/usr/lib/methods dir=/usr/lib/microcode dir=/usr/lib/security dir=/usr/lib/smit dir=/usr/local/bin dir=/usr/sbin dir=/usr/share dir=/usr/ucb [EventSeverity] SeverityAttributes=crit SeverityDirs=err SeverityFiles=err SeverityGrowingLogs=warn SeverityIgnoreNone=crit SeverityLogFiles=crit SeverityReadOnly=crit SeverityIgnoreAll=info SeverityNames=info [Log] ExportClass=RUN FIL PANIC ERR ENET EINPUT LogSeverity=none MailSeverity=none PrintSeverity=none ExportSeverity=warn SyslogSeverity=warn ## Logging to a Prelude-IDS ## # PreludeSeverity = crit [SuidCheck] SuidCheckExclude=/proc SuidCheckActive=1 SuidCheckInterval=1800 SuidCheckFps=250 #SuidCheckYield=no SeveritySuidCheck=alert #SuidCheckQuarantineFiles=yes #SuidCheckQuarantineMethod=0 # SuidCheckQuarantineDelete = yes [Utmp] LoginCheckActive=1 LoginCheckInterval=30 SeverityLogin=info SeverityLogout=info SeverityLoginMulti=warn [EOF] samhain-3.1.0/c_random.sh0000755000175000017500000001427610253543750012213 00000000000000#! /bin/sh # this program collects some entropy from the system # into the file "my_random_file" and outputs the 16-bit # Unix 'sum' checksum (seems to be the only portable way # to get true entropy with a shell script). # Apparently, on FreeBSD /dev/random does not block (???), must make sure # we really got something rather than nothing. rnd_tst=no /bin/rm -f ./my_random_file 2>/dev/null if test -r "/dev/urandom"; then if test -c "/dev/urandom"; then dd if=/dev/urandom ibs=1 count=4 > my_random_file 2>/dev/null nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` if test x$nsum != x; then rnd_tst=yes fi fi fi if test x$rnd_tst = xno; then if test -r "/dev/srandom"; then if test -c "/dev/srandom"; then dd if=/dev/srandom ibs=1 count=4 > my_random_file 2>/dev/null nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` if test x$nsum != x; then rnd_tst=yes fi fi fi fi if test x$rnd_tst = xno; then # touch ./my_random_file # if test -r "/usr/ucb/vmstat"; then /usr/ucb/vmstat >> my_random_file 2>/dev/null fi if test -r "/bin/vmstat"; then /bin/vmstat >> my_random_file 2>/dev/null fi if test -r "/sbin/vmstat"; then /sbin/vmstat >> my_random_file 2>/dev/null fi if test -r "/usr/bin/vmstat"; then /usr/bin/vmstat >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/vmstat"; then /usr/sbin/vmstat >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/vmstat"; then /usr/local/bin/vmstat >> my_random_file 2>/dev/null fi # if test -r "/usr/ucb/netstat"; then /usr/ucb/netstat -n >> my_random_file 2>/dev/null fi if test -r "/bin/netstat"; then /bin/netstat -n >> my_random_file 2>/dev/null fi if test -r "/sbin/netstat"; then /sbin/netstat -n >> my_random_file 2>/dev/null fi if test -r "/usr/bin/netstat"; then /usr/bin/netstat -n >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/netstat"; then /usr/sbin/netstat -n >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/netstat"; then /usr/local/bin/netstat -n >> my_random_file 2>/dev/null fi # # if test -r "/usr/ucb/ps"; then /usr/ucb/ps -ef >> my_random_file 2>/dev/null fi if test -r "/bin/ps"; then /bin/ps -ef >> my_random_file 2>/dev/null fi if test -r "/sbin/ps"; then /sbin/ps -ef >> my_random_file 2>/dev/null fi if test -r "/usr/bin/ps"; then /usr/bin/ps -ef >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/ps"; then /usr/sbin/ps -ef >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/ps"; then /usr/local/bin/ps -ef >> my_random_file 2>/dev/null fi # # if test -r "/usr/ucb/arp"; then /usr/ucb/arp -a >> my_random_file 2>/dev/null fi if test -r "/bin/arp"; then /bin/arp -a >> my_random_file 2>/dev/null fi if test -r "/sbin/arp"; then /sbin/arp -a >> my_random_file 2>/dev/null fi if test -r "/usr/bin/arp"; then /usr/bin/arp -a >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/arp"; then /usr/sbin/arp -a >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/arp"; then /usr/local/bin/arp -a >> my_random_file 2>/dev/null fi # # if test -r "/usr/ucb/w"; then /usr/ucb/w >> my_random_file 2>/dev/null fi if test -r "/bin/w"; then /bin/w >> my_random_file 2>/dev/null fi if test -r "/sbin/w"; then /sbin/w >> my_random_file 2>/dev/null fi if test -r "/usr/bin/w"; then /usr/bin/w >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/w"; then /usr/sbin/w >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/w"; then /usr/local/bin/w >> my_random_file 2>/dev/null fi # # Don't use (NFS problems ahead) # # if test -r "/usr/ucb/df"; then # /usr/ucb/df >> my_random_file 2>/dev/null # fi # if test -r "/bin/df"; then # /bin/df >> my_random_file 2>/dev/null # fi # if test -r "/sbin/df"; then # /sbin/df >> my_random_file 2>/dev/null # fi # if test -r "/usr/bin/df"; then # /usr/bin/df >> my_random_file 2>/dev/null # fi # if test -r "/usr/sbin/df"; then # /usr/sbin/df >> my_random_file 2>/dev/null # fi # if test -r "/usr/local/bin/df"; then # /usr/local/bin/df >> my_random_file 2>/dev/null # fi # # if test -r "/usr/ucb/free"; then /usr/ucb/free >> my_random_file 2>/dev/null fi if test -r "/bin/free"; then /bin/free >> my_random_file 2>/dev/null fi if test -r "/sbin/free"; then /sbin/free >> my_random_file 2>/dev/null fi if test -r "/usr/bin/free"; then /usr/bin/free >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/free"; then /usr/sbin/free >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/free"; then /usr/local/bin/free >> my_random_file 2>/dev/null fi # # if test -r "/usr/ucb/uptime"; then /usr/ucb/uptime >> my_random_file 2>/dev/null fi if test -r "/bin/uptime"; then /bin/uptime >> my_random_file 2>/dev/null fi if test -r "/sbin/uptime"; then /sbin/uptime >> my_random_file 2>/dev/null fi if test -r "/usr/bin/uptime"; then /usr/bin/uptime >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/uptime"; then /usr/sbin/uptime >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/uptime"; then /usr/local/bin/uptime >> my_random_file 2>/dev/null fi # # if test -r "/usr/ucb/procinfo"; then /usr/ucb/procinfo -a >> my_random_file 2>/dev/null fi if test -r "/bin/procinfo"; then /bin/procinfo -a >> my_random_file 2>/dev/null fi if test -r "/sbin/procinfo"; then /sbin/procinfo -a >> my_random_file 2>/dev/null fi if test -r "/usr/bin/procinfo"; then /usr/bin/procinfo -a >> my_random_file 2>/dev/null fi if test -r "/usr/sbin/procinfo"; then /usr/sbin/procinfo -a >> my_random_file 2>/dev/null fi if test -r "/usr/local/bin/procinfo"; then /usr/local/bin/procinfo -a >> my_random_file 2>/dev/null fi # nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` # fi # # 'sum' is portable, but only 16 bit # /bin/rm -f ./my_random_file 2>/dev/null echo $nsum samhain-3.1.0/aclocal.m40000644000175000017500000017650612222040634011726 00000000000000dnl aclocal.m4 generated automatically by aclocal 1.3 dnl Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc. dnl This Makefile.in is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl This program is distributed in the hope that it will be useful, dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A dnl PARTICULAR PURPOSE. # # Check to make sure that the build environment is sane. # AC_DEFUN([AM_INIT_AUTOMAKE], [ AC_REQUIRE([AC_PROG_INSTALL]) PACKAGE=[$1] AC_SUBST(PACKAGE) VERSION=[$2] AC_SUBST(VERSION) dnl test to see if srcdir already configured if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi ifelse([$3],, AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") AC_DEFINE_UNQUOTED(VERSION, "$VERSION")) AC_REQUIRE([AC_PROG_MAKE_SET])]) # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_SUBST($1_TRUE) AC_SUBST($1_FALSE) if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi]) AC_DEFUN([sh_run_prog], [if test "$cross_compiling" = "yes"; then AC_MSG_ERROR([Can not probe non-portable values when cross compiling]) fi cat > conftest.$ac_ext </dev/null)` then dnl Don't remove the temporary files here, so they can be examined. ifelse([$3], , :, [$3]) else echo "configure: failed program was:" >&AC_FD_CC cat conftest.$ac_ext >&AC_FD_CC ifelse([$4], , , [ rm -fr conftest* $4 ]) fi rm -fr conftest* ]) dnl fs type number of the proc filing system AC_DEFUN([sh_procfs_id], [AC_MSG_CHECKING([f_type of /proc]) AC_CACHE_VAL([sh_cv_proc_fstype], [sh_run_prog( changequote(<<, >>)dnl <<#include #ifdef HAVE_STDLIB_H #include #endif /* HAVE_STDLIB_H */ #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ #ifdef HAVE_SYS_VFS_H #include #endif #ifndef Q #define __Q(x) #x #define Q(x) __Q(x) #endif int main(void) { struct statfs fsbuf; long ft; if (statfs("/", &fsbuf)!=0) exit(1); ft=fsbuf.f_type; if (statfs("/proc/1", &fsbuf)!=0) exit(1); if (ft!=fsbuf.f_type) printf("0x%08lx", fsbuf.f_type); else puts("statfs useless"); exit(0); } >> changequote([, ]), sh_cv_proc_fstype,, sh_cv_proc_fstype="a fatal error occured")]) AC_MSG_RESULT($sh_cv_proc_fstype) if test "${sh_cv_proc_fstype}" = "a fatal error occured"; then $1=$2 $4 else if test "${sh_cv_proc_fstype}" = "statfs useless"; then $1=$2 $4 else $1=$sh_cv_proc_fstype $3 fi; fi ]) # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock # is not called from uid 0 (not tested whether uid 0 works) dnl AC_CHECK_MLOCK dnl define([AC_CHECK_MLOCK], [ AC_CHECK_FUNCS(mlock) if test "$ac_cv_func_mlock" = "yes"; then AC_MSG_CHECKING(whether mlock is broken) AC_CACHE_VAL(ac_cv_have_broken_mlock, AC_TRY_RUN([ #include #include #include #include #include #include int main() { char *pool; int err; long int pgsize = getpagesize(); pool = malloc( 4096 + pgsize ); if( !pool ) return 2; pool += (pgsize - ((long int)pool % pgsize)); err = mlock( pool, 4096 ); if( !err || errno == EPERM ) return 0; /* okay */ return 1; /* hmmm */ } ], ac_cv_have_broken_mlock="no", ac_cv_have_broken_mlock="yes", ac_cv_have_broken_mlock="assume-no" ) ) if test "$ac_cv_have_broken_mlock" = "yes"; then AC_DEFINE(HAVE_BROKEN_MLOCK) AC_MSG_RESULT(yes) else if test "$ac_cv_have_broken_mlock" = "no"; then AC_MSG_RESULT(no) else AC_MSG_RESULT(assuming no) fi fi fi ]) dnl @synopsis AC_FUNC_VSNPRINTF dnl dnl Check whether there is a reasonably sane vsnprintf() function installed. dnl "Reasonably sane" in this context means never clobbering memory beyond dnl the buffer supplied, and having a sensible return value. It is dnl explicitly allowed not to NUL-terminate the return value, however. dnl dnl @version $Id: ac_func_vsnprintf.m4,v 1.1 2001/07/26 02:00:21 guidod Exp $ dnl @author Gaute Strokkenes dnl AC_DEFUN([SL_CHECK_VSNPRINTF], [AC_CACHE_CHECK(for working vsnprintf, ac_cv_func_vsnprintf, [AC_TRY_RUN( [#include #include int doit(char * s, ...) { char buffer[32]; va_list args; int r; buffer[5] = 'X'; va_start(args, s); r = vsnprintf(buffer, 5, s, args); va_end(args); /* -1 is pre-C99, 7 is C99. R.W. 17.01.2003 disallow -1 */ if (r != 7) exit(1); /* We deliberately do not care if the result is NUL-terminated or not, since this is easy to work around like this. */ buffer[4] = 0; /* Simple sanity check. */ if (strcmp(buffer, "1234")) exit(1); if (buffer[5] != 'X') exit(1); exit(0); } int main(void) { doit("1234567"); exit(1); }], ac_cv_func_vsnprintf=yes, ac_cv_func_vsnprintf=no, ac_cv_func_vsnprintf=no)]) dnl Note that the default is to be pessimistic in the case dnl of cross compilation. dnl If you know that the target has a sensible vsnprintf(), dnl you can get around this dnl by setting ac_func_vsnprintf to yes, as described in the Autoconf manual. if test $ac_cv_func_vsnprintf = yes; then : else AC_DEFINE(HAVE_BROKEN_VSNPRINTF, 1, [Define if you have a broken version of the `vsnprintf' function.]) fi ])# AC_FUNC_VSNPRINTF dnl SH_CHECK_TYPEDEF(TYPE, HAVE_NAME) dnl Check whether a typedef exists and create a #define $2 if it exists dnl AC_DEFUN([SH_CHECK_TYPEDEF], [ AC_MSG_CHECKING(for $1 typedef) sh_cv_typedef_foo=`echo sh_cv_typedef_$1 | sed -e 's% %_%g'` AC_CACHE_VAL( $sh_cv_typedef_foo, [AC_TRY_COMPILE([ #include #include #ifdef HAVE_STDINT_H #include #endif #ifdef HAVE_INTTYPES_H #include #endif], [ #undef $1 int a = sizeof($1); ], sh_cv_typedef=yes, sh_cv_typedef=no )]) AC_MSG_RESULT($sh_cv_typedef) if test "$sh_cv_typedef" = yes; then AC_DEFINE($2) sh_$2=yes else sh_$2=no fi ]) dnl ********************** dnl *** va_copy checks *** dnl ********************** AC_DEFUN([SL_CHECK_VA_COPY], [AC_MSG_CHECKING(for va_copy()) AC_CACHE_VAL(sh_cv_va_copy,[ AC_TRY_RUN([ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); va_copy (args2, args1); if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; }], sh_cv_va_copy=yes , sh_cv_va_copy=no , sh_cv_va_copy=no) ]) AC_MSG_RESULT($sh_cv_va_copy) AC_MSG_CHECKING(for __va_copy()) AC_CACHE_VAL(sh_cv___va_copy,[ AC_TRY_RUN([ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); __va_copy (args2, args1); if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; }], sh_cv___va_copy=yes , sh_cv___va_copy=no , sh_cv___va_copy=no) ]) AC_MSG_RESULT($sh_cv___va_copy) AC_MSG_CHECKING(whether va_lists can be copied by value) AC_CACHE_VAL(sh_cv_va_val_copy,[ AC_TRY_RUN([ #include void f (int i, ...) { va_list args1, args2; va_start (args1, i); args2 = args1; if (va_arg (args2, int) != 42) exit (1); if (va_arg (args1, int) != 42) exit (1); va_end (args1); va_end (args2); } int main() { f (0, 42); return 0; }], sh_cv_va_val_copy=yes , sh_cv_va_val_copy=no , sh_cv_va_val_copy=no) ]) if test "x$sh_cv_va_copy" = "xyes"; then AC_DEFINE(VA_COPY, va_copy) else if test "x$sh_cv___va_copy" = "xyes"; then AC_DEFINE(VA_COPY, __va_copy) fi fi if test "x$sh_cv_va_val_copy" = "xno"; then AC_DEFINE(VA_COPY_AS_ARRAY) fi AC_MSG_RESULT($sh_cv_va_val_copy) ]) dnl SH_INIT_PARSE_ARGS() m4_define([SH_INIT_PARSE_ARGS], [ m4_divert_push([PARSE_ARGS])dnl as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # Sed expression to map a string onto a valid CPP name. as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[[^_$as_cr_alnum]]%_%g" as_tr_sh="eval sed 'y%*+%pp%;s%[[^_$as_cr_alnum]]%_%g'" # IFS # We need space, tab and new line, in precisely that order. as_nl=' ' IFS=" $as_nl" # CDPATH. $as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; } # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null AC_SUBST(exec_prefix, NONE)dnl no_create= no_recursion= AC_SUBST(prefix, NONE)dnl program_prefix=NONE program_suffix=NONE AC_SUBST(program_transform_name, [s,x,x,])dnl silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE DESTDIR= SH_ENABLE_OPTS="asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. dnl Use braces instead of parens because sh, perl, etc. also accept them. sbindir='${exec_prefix}/sbin' sysconfdir='${prefix}/etc' localstatedir='${prefix}/var' mandir='${prefix}/share/man' AC_SUBST([sbindir], ['${exec_prefix}/sbin'])dnl AC_SUBST([sysconfdir], ['${prefix}/etc'])dnl AC_SUBST([localstatedir], ['${prefix}/var'])dnl AC_SUBST([mandir], ['${prefix}/share/man'])dnl # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in changequote(, )dnl *=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; changequote([, ])dnl *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; --config-cache | -C) cache_file=config.cache ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && AC_MSG_ERROR([invalid feature name: $ac_feature]) ac_feature=`echo $ac_feature | sed 's/-/_/g'` ac_enable_check_opt=no for f in ${SH_ENABLE_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_feature}" then ac_enable_check_opt=yes fi done if test x${ac_enable_check_opt} = xno then AC_MSG_ERROR([unrecognized option: $ac_option Try `$[0] --help' for more information.]) fi eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([[^=]]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : "[.*[^-_$as_cr_alnum]]" >/dev/null && AC_MSG_ERROR([invalid feature name: $ac_feature]) ac_feature=`echo $ac_feature | sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac ac_enable_check_opt=no for f in ${SH_ENABLE_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_feature}" then ac_enable_check_opt=yes fi done if test x${ac_enable_check_opt} = xno then AC_MSG_ERROR([unrecognized option: $ac_option Try `$[0] --help' for more information.]) fi eval "enable_$ac_feature='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ac_exec_prefix_set="yes" ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ac_exec_prefix_set="yes" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ac_localstatedir_set="yes" ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ac_localstatedir_set="yes" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ac_mandir_set="yes" ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ac_mandir_set="yes" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ac_prefix_set="yes" ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ac_prefix_set="yes" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ac_sbindir_set="yes" ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ac_sbindir_set="yes" ;; -bindir | --bindir | --bindi | --bind | --bin | --bi | --b) echo "WARNING: bindir will be ignored, use sbindir" ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* \ | --bi=* | --b=*) echo "WARNING: bindir will be ignored, use sbindir" ;; -datadir | --datadir) echo "WARNING: datadir will be ignored" ;; -datadir=* | --datadir=*) echo "WARNING: datadir will be ignored" ;; -includedir | --includedir) echo "WARNING: includedir will be ignored" ;; -includedir=* | --includedir=*) echo "WARNING: includedir will be ignored" ;; -infodir | --infodir) echo "WARNING: infodir will be ignored" ;; -infodir=* | --infodir=*) echo "WARNING: infodir will be ignored" ;; -libdir | --libdir) echo "WARNING: libdir will be ignored" ;; -libdir=* | --libdir=*) echo "WARNING: libdir will be ignored" ;; -libexecdir | --libexecdir) echo "WARNING: libexecdir will be ignored" ;; -libexecdir=* | --libexecdir=*) echo "WARNING: libexecdir will be ignored" ;; -sharedstatedir | --sharedstatedir) echo "WARNING: sharedstatedir will be ignored" ;; -sharedstatedir=* | --sharedstatedir=*) echo "WARNING: sharedstatedir will be ignored" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ac_sysconfdir_set="yes" ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ac_sysconfdir_set="yes" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([[^=]]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && AC_MSG_ERROR([invalid package name: $ac_package]) ac_package=`echo $ac_package| sed 's/-/_/g'` case $ac_option in *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac ac_with_check_opt=no for f in ${SH_WITH_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_package}" then ac_with_check_opt=yes fi done if test x${ac_with_check_opt} = xno then AC_MSG_ERROR([unrecognized option: $ac_option Try `$[0] --help' for more information.]) fi eval "with_$ac_package='$ac_optarg'" ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : "[.*[^-_$as_cr_alnum]]" >/dev/null && AC_MSG_ERROR([invalid package name: $ac_package]) ac_package=`echo $ac_package | sed 's/-/_/g'` ac_with_check_opt=no for f in ${SH_WITH_OPTS} do f=`echo $f | sed 's/-/_/g'` if test x${f} = x"${ac_package}" then ac_with_check_opt=yes fi done if test x${ac_with_check_opt} = xno then AC_MSG_ERROR([unrecognized option: $ac_option Try `$[0] --help' for more information.]) fi eval "with_$ac_package=no" ;; -*) AC_MSG_ERROR([unrecognized option: $ac_option Try `$[0] --help' for more information.]) ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([[^=]]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : "[.*[^_$as_cr_alnum]]" >/dev/null && AC_MSG_ERROR([invalid variable name: $ac_envvar]) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` eval "$ac_envvar='$ac_optarg'" export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. AC_MSG_WARN([you should use --build, --host, --target]) expr "x$ac_option" : "[.*[^-._$as_cr_alnum]]" >/dev/null && AC_MSG_WARN([invalid host type: $ac_option]) : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then AC_MSG_ERROR(missing argument to --`echo $ac_prev | sed 's/_/-/g'`) fi # Be sure to have absolute paths. for ac_var in prefix exec_prefix do eval ac_val=$`echo $ac_var` case $ac_val in [[\\/$]]* | ?:[[\\/]]* | NONE | '' | OPT | USR ) ;; *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; esac done # Be sure to have absolute paths. for ac_var in sbindir sysconfdir localstatedir mandir do eval ac_val=$`echo $ac_var` case $ac_val in [[\\/$]]* | ?:[[\\/]]* ) ;; *) AC_MSG_ERROR([expected an absolute directory name for --$ac_var: $ac_val]);; esac done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe AC_MSG_WARN([If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used.]) elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec AS_MESSAGE_FD>/dev/null m4_divert_pop([PARSE_ARGS])dnl ])# SH_INIT_PARSE_ARGS m4_define([SH_INIT_HELP], [m4_divert_push([HELP_BEGIN])dnl # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures m4_ifset([AC_PACKAGE_STRING], [AC_PACKAGE_STRING], [this package]) to adapt to many kinds of systems. Usage: $[0] [[OPTION]]... [[VAR=VALUE]]... [To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] _ACEOF cat <<_ACEOF Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install binaries in \`/usr/local/sbin', the config file in \`/etc', manpage in \`/usr/local/share/man', and state data in \`/var/lib/INSTALL_NAME' (FSH layout). You can specify other FSH compliant layouts with \`--prefix=OPT' or \`--prefix=USR', or you can specify a directory with \`--prefix=DIR' to install in \`DIR/sbin', \`DIR/etc', etc. For better control, use the options below. Fine tuning of the installation directories: --sbindir=DIR system admin executables [EPREFIX/sbin] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --mandir=DIR man documentation [PREFIX/man] For even finer tuning, paths can be specified for individual files (see below) _ACEOF cat <<\_ACEOF] m4_divert_pop([HELP_BEGIN])dnl dnl The order of the diversions here is dnl - HELP_BEGIN dnl which may be prolongated by extra generic options such as with X or dnl AC_ARG_PROGRAM. Displayed only in long --help. dnl dnl - HELP_CANON dnl Support for cross compilation (--build, --host and --target). dnl Display only in long --help. dnl dnl - HELP_ENABLE dnl which starts with the trailer of the HELP_BEGIN, HELP_CANON section, dnl then implements the header of the non generic options. dnl dnl - HELP_WITH dnl dnl - HELP_VAR dnl dnl - HELP_VAR_END dnl dnl - HELP_END dnl initialized below, in which we dump the trailer (handling of the dnl recursion for instance). m4_divert_push([HELP_ENABLE])dnl _ACEOF fi if test -n "$ac_init_help"; then m4_ifset([AC_PACKAGE_STRING], [ case $ac_init_help in short | recursive ) echo "Configuration of AC_PACKAGE_STRING:";; esac]) cat <<\_ACEOF m4_divert_pop([HELP_ENABLE])dnl m4_divert_push([HELP_END])dnl m4_ifset([AC_PACKAGE_BUGREPORT], [ Report bugs to .]) _ACEOF fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. ac_popdir=`pwd` for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d $ac_dir || continue _AC_SRCPATHS(["$ac_dir"]) cd $ac_dir # Check for guested configure; otherwise get Cygnus style configure. if test -f $ac_srcdir/configure.gnu; then echo $SHELL $ac_srcdir/configure.gnu --help=recursive elif test -f $ac_srcdir/configure; then echo $SHELL $ac_srcdir/configure --help=recursive elif test -f $ac_srcdir/configure.ac || test -f $ac_srcdir/configure.in; then echo $ac_configure --help else AC_MSG_WARN([no configuration information is in $ac_dir]) fi cd $ac_popdir done fi test -n "$ac_init_help" && exit 0 m4_divert_pop([HELP_END])dnl ])# SH_INIT_HELP # Check whether sa_sigaction works. # Rainer Wichmann , 2003. # # This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License. # serial 1 AC_DEFUN([AM_SA_SIGACTION_WORKS], [ am_cv_val_SA_SIGACTION=no AC_CHECK_HEADER(signal.h, [ AM_SI_USER AM_SA_SIGINFO if test $am_cv_val_SI_USER = yes && test $am_cv_val_SA_SIGINFO = yes then AC_TRY_RUN([ #include #include #include #include volatile int xnum = 0; volatile int xcode = 0; jmp_buf Buf; int xsig = SIGSEGV; void sighandler (int xsignam, siginfo_t * xsiginfo, void * xsigadd) { static sigset_t x; if (xsiginfo == NULL) exit(__LINE__); if (xsiginfo->si_signo != xsignam) exit(__LINE__); ++xnum; xcode = xsiginfo->si_code; sigemptyset (&x); sigprocmask(SIG_SETMASK, &x, NULL); longjmp ( Buf, 1); } int main () { struct sigaction newact; newact.sa_sigaction = sighandler; sigemptyset (&newact.sa_mask); newact.sa_flags = SA_SIGINFO; if (0 != sigaction (xsig, &newact, NULL)) exit (__LINE__); if(setjmp ( Buf)) { if (xnum > 1) goto Third; goto Second; } memcpy((void *) 0x0, "test", 5); Second: if (xcode == SI_USER) exit (__LINE__); raise(xsig); Third: if (xcode != SI_USER) exit (__LINE__); if (xnum != 2) exit (__LINE__); return (0); }], am_cv_val_SA_SIGACTION=yes, am_cv_val_SA_SIGACTION=no, am_cv_val_SA_SIGACTION=no) fi ]) AC_MSG_CHECKING([whether sa_sigaction is supported]) if test $am_cv_val_SA_SIGACTION = yes then AC_MSG_RESULT(yes) AC_DEFINE([SA_SIGACTION_WORKS], 1, [Define if sa_sigaction works]) else AC_MSG_RESULT(no) fi ]) # Check whether SI_USER is available in . # Rainer Wichmann , 2003. # # This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License. # serial 1 AC_DEFUN([AM_SI_USER], [if test $ac_cv_header_signal_h = yes; then AC_CACHE_CHECK([for SI_USER in signal.h], am_cv_val_SI_USER, [AC_TRY_LINK([#include ], [return SI_USER], am_cv_val_SI_USER=yes, am_cv_val_SI_USER=no)]) if test $am_cv_val_SI_USER = yes; then AC_DEFINE([HAVE_SI_USER], 1, [Define if you have SI_USER]) fi fi]) # Check whether SA_SIGINFO is available in . # Rainer Wichmann , 2003. # # This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License. # serial 1 AC_DEFUN([AM_SA_SIGINFO], [if test $ac_cv_header_signal_h = yes; then AC_CACHE_CHECK([for SA_SIGINFO in signal.h], am_cv_val_SA_SIGINFO, [AC_TRY_LINK([#include ], [return SA_SIGINFO], am_cv_val_SA_SIGINFO=yes, am_cv_val_SA_SIGINFO=no)]) if test $am_cv_val_SA_SIGINFO = yes; then AC_DEFINE([HAVE_SA_SIGINFO], 1, [Define if you have SA_SIGINFO]) fi fi]) dnl dnl Useful macros for autoconf to check for ssp-patched gcc dnl 1.0 - September 2003 - Tiago Sousa dnl 1.1 - August 2006 - Ted Percival dnl * Stricter language checking (C or C++) dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary dnl * Caches all results dnl * Uses macros to ensure correct ouput in quiet/silent mode dnl 1.2 - April 2007 - Ted Percival dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS dnl dnl About ssp: dnl GCC extension for protecting applications from stack-smashing attacks dnl http://www.research.ibm.com/trl/projects/security/ssp/ dnl dnl Usage: dnl Most people will simply call GCC_STACK_PROTECTOR. dnl If you only use one of C or C++, you can save time by only calling the dnl macro appropriate for that language. In that case you should also call dnl GCC_STACK_PROTECT_LIB first. dnl dnl GCC_STACK_PROTECTOR dnl Tries to turn on stack protection for C and C++ by calling the following dnl three macros with the right languages. dnl dnl GCC_STACK_PROTECT_CC dnl checks -fstack-protector with the C compiler, if it exists then updates dnl CFLAGS and defines ENABLE_SSP_CC dnl dnl GCC_STACK_PROTECT_CXX dnl checks -fstack-protector with the C++ compiler, if it exists then updates dnl CXXFLAGS and defines ENABLE_SSP_CXX dnl dnl GCC_STACK_PROTECT_LIB dnl adds -lssp to LIBS if it is available dnl ssp is usually provided as part of libc, but was previously a separate lib dnl It does not hurt to add -lssp even if libc provides SSP - in that case dnl libssp will simply be ignored. dnl AC_DEFUN([GCC_STACK_PROTECT_LIB],[ AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib, [ssp_old_libs="$LIBS" LIBS="$LIBS -lssp" AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no) LIBS="$ssp_old_libs" ]) if test $ssp_cv_lib = yes; then LIBS="$LIBS -lssp" fi ]) AC_DEFUN([GCC_STACK_PROTECT_CC],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -fstack-protector-all" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) if test $ssp_cv_cc = no; then AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -fstack-protector" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) if test $ssp_cv_cc = yes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" LDFLAGS="$LDFLAGS -fstack-protector" AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) fi else if test $ssp_cv_cc = yes; then CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" LDFLAGS="$LDFLAGS -fstack-protector-all" AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) fi fi fi ]) AC_DEFUN([GCC_STACK_PROTECT_CXX],[ AC_LANG_ASSERT(C++) if test "X$CXX" != "X"; then AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector], ssp_cv_cxx, [ssp_old_cxxflags="$CXXFLAGS" CXXFLAGS="$CXXFLAGS -fstack-protector" AC_TRY_COMPILE(,, ssp_cv_cxx=yes, ssp_cv_cxx=no) CXXFLAGS="$ssp_old_cxxflags" ]) if test $ssp_cv_cxx = yes; then CXXFLAGS="$CXXFLAGS -fstack-protector" AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.]) fi fi ]) AC_DEFUN([GCC_STACK_PROTECTOR],[ GCC_STACK_PROTECT_LIB AC_LANG_PUSH([C]) GCC_STACK_PROTECT_CC AC_LANG_POP([C]) AC_LANG_PUSH([C++]) GCC_STACK_PROTECT_CXX AC_LANG_POP([C++]) ]) AC_DEFUN([GCC_PIE_CC],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then AC_CACHE_CHECK([whether ${CC} accepts -pie -fPIE], pie_cv_cc, [pie_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -pie -fPIE" AC_TRY_COMPILE(,, pie_cv_cc=yes, pie_cv_cc=no) CFLAGS="$pie_old_cflags" ]) if test $pie_cv_cc = yes; then case "$host_os" in *cygwin*) ;; *) PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-pie" ;; esac fi fi ]) AC_DEFUN([GCC_STACK_CHECK_CC],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then AC_CACHE_CHECK([whether ${CC} accepts -fstack-check], stackcheck_cv_cc, [stackcheck_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -fstack-check" AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no) CFLAGS="$stackcheck_old_cflags" ]) if test $stackcheck_cv_cc = yes; then CFLAGS="$CFLAGS -fstack-check" fi fi ]) AC_DEFUN([GCC_WEMPTY_BODY],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then AC_CACHE_CHECK([whether ${CC} accepts -Wno-empty-body], empty_cv_body, [empty_body_cflags="$CFLAGS" CFLAGS="$CFLAGS -Wno-empty-body" AC_TRY_COMPILE(,, empty_cv_body=yes, empty_cv_body=no) CFLAGS="$empty_body_cflags" ]) if test $empty_cv_body = yes; then CFLAGS="$CFLAGS -Wno-empty-body" fi fi ]) AC_DEFUN([SAMHAIN_POSIX],[ AC_MSG_CHECKING([whether _POSIX_SOURCE is necessary]) AC_TRY_COMPILE([#include void fileno(int);int fdopen(int, char *); ],, [ AC_MSG_RESULT(yes) AC_DEFINE([_POSIX_SOURCE],1,[Define if POSIX functions are required]) ], [AC_MSG_RESULT(no)]) ])dnl dnl checks for a known 64 bit programming environment dnl AC_RUN_IFELSE(PROGRAM, dnl [ACTION-IF-TRUE], [ACTION-IF-FALSE], dnl [ACTION-IF-CROSS-COMPILING = RUNTIME-ERROR]) dnl AC_DEFUN([SAMHAIN_PRG_ENV],[ AC_MSG_CHECKING([for a known 64 bit programming environment]) # Compile and run a program that determines the programming environment AC_RUN_IFELSE([ AC_LANG_SOURCE([[ #include int main(int argc,char **argv) { if (argc > 1) { #if defined(__arch64__) printf("__arch64__\n"); #elif defined(__ia64__) printf("__ia64__\n"); #elif defined(__x86_64__) printf("__x86_64__\n"); #elif defined(__LP64__) printf("__LP64__\n"); #elif defined(__64BIT__) printf("__64BIT__\n"); #elif defined(_LP64) printf("_LP64\n"); #elif defined(_M_IA64) printf("_M_IA64\n"); #elif defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64) printf("_MIPS_64\n"); #else choke me #endif } return 0; } ]]) ],[ # Program compiled and ran, so get version by adding argument. samhain_prg_ENV=`./conftest$ac_exeext x` samhain_64=yes AC_MSG_RESULT([$samhain_prg_ENV]) ],[ AC_MSG_RESULT([none]) ],[ AC_MSG_RESULT([none]) ]) ])dnl AC_DEFUN([SAMHAIN_X86_64],[ AC_MSG_CHECKING([for x86_64]) AC_TRY_RUN([ int main() { __asm__ volatile ( "movq %rax, %rax" ); return 0; } ], [ AC_MSG_RESULT(yes) samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes ], [ AC_MSG_RESULT([no]) ],[ AC_MSG_RESULT([no]) ]) ])dnl AC_DEFUN([SAMHAIN_64],[ samhain_64=no tiger_src=sh_tiger1.c samhain_64_asm=no # # if sizeof(unsigned long) = 4, try compiler macros for 64bit # if test "x$ac_cv_sizeof_unsigned_long" = x4; then if test "x$ac_cv_sizeof_unsigned_long_long" = x8; then SAMHAIN_PRG_ENV if test "x$samhain_64" = xyes; then tiger_src=sh_tiger1_64.c fi # # if GCC and __i386__, use precompiled assembler # if test "x$GCC" = xyes; then AC_MSG_CHECKING([for non-apple non-cygwin i386]) samhain_i386=no $CC -E -dM - < /dev/null | egrep '__i386__' >/dev/null 2>&1 if test $? = 0; then case "$host_os" in *linux*) # apples gcc does not understand the assembly we provide $CC -E -dM - < /dev/null | egrep '(__sun__|__APPLE__|__CYGWIN__)' >/dev/null 2>&1 || samhain_i386=yes ;; *) ;; esac fi AC_MSG_RESULT([$samhain_i386]) if test "x$samhain_i386" = xyes; then GCC_PIE_CC if test $pie_cv_cc = yes; then tiger_src=sh_tiger1.s AC_DEFINE([TIGER_32_BIT_S],1,[Define to use tiger 32 bit i386 assembler]) fi fi fi # # # else samhain_64=no tiger_src=sh_tiger1.c fi else # # sizeof(unsigned long) = 8 # tiger_src=sh_tiger1_64.c samhain_64=yes # # check for x86_64 (enables assembly optimizations) # if test "x$GCC" = xyes; then case "$host_os" in *linux*) SAMHAIN_X86_64 ;; *bsd*) SAMHAIN_X86_64 ;; *) SAMHAIN_X86_64 ;; esac fi fi if test "x$samhain_64" = xyes; then AC_DEFINE([TIGER_64_BIT],1,[Define to use tiger 64 bit implementation]) fi AC_MSG_CHECKING([for 64 bit environment]) AC_MSG_RESULT([$samhain_64]) AC_MSG_CHECKING([for tiger source to use]) AC_MSG_RESULT([$tiger_src]) AC_SUBST(tiger_src) ])dnl AC_DEFUN([sh_CHECK_POSIX_ACL], [ AC_CHECK_HEADERS(sys/acl.h) if test $ac_cv_header_sys_acl_h = yes; then AC_CHECK_LIB([acl], [acl_get_file], sh_lacl=yes, sh_lacl=no) if test x"$sh_lacl" = xyes; then LIBACL=-lacl else LIBACL= fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBACL" AC_CHECK_FUNCS([acl_free acl_get_file acl_get_fd], [sh_facl=yes],[sh_facl=no]) LIBS="$OLDLIBS" if test x"$sh_facl" = xyes; then AC_DEFINE(USE_ACL, 1, [Define if you want ACL support.]) LIBS="$LIBS $LIBACL" fi fi ]) AC_DEFUN([sh_CHECK_XATTR], [ AC_CHECK_HEADERS(attr/xattr.h) if test $ac_cv_header_attr_xattr_h = yes; then AC_CHECK_LIB([attr], [getxattr], sh_lattr=yes, sh_lattr=no) if test x"$sh_lattr" = xyes; then LIBATTR=-lattr else LIBATTR= fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBATTR" AC_CHECK_FUNCS([getxattr lgetxattr fgetxattr], [sh_fattr=yes],[sh_fattr=no]) LIBS="$OLDLIBS" if test x"$sh_fattr" = xyes; then AC_DEFINE(USE_XATTR, 1, [Define if you want extended attributes support.]) LIBS="$LIBS $LIBATTR" fi fi ]) dnl Autoconf macros for libprelude dnl $id$ # Modified for LIBPRELUDE -- Yoann Vandoorselaere # Modified for LIBGNUTLS -- nmav # Configure paths for LIBGCRYPT # Shamelessly stolen from the one of XDELTA by Owen Taylor # Werner Koch 99-12-09 dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS dnl AC_DEFUN([AM_PATH_LIBPRELUDE], [dnl dnl Get the cflags and libraries from the libprelude-config script dnl dnl AC_ARG_WITH(libprelude-prefix, dnl [ --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional)], dnl libprelude_config_prefix="$withval", libprelude_config_prefix="") dnl dnl if test x$libprelude_config_prefix != x ; then dnl if test x${LIBPRELUDE_CONFIG+set} != xset ; then dnl LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config dnl fi dnl fi dnl dnl AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) min_libprelude_version=ifelse([$1], ,0.1.0,$1) AC_MSG_CHECKING(for libprelude - version >= $min_libprelude_version) no_libprelude="" if test "$LIBPRELUDE_CONFIG" = "no" ; then no_libprelude=yes else LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` ac_save_CFLAGS="$CFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" dnl dnl Now check if the installed libprelude is sufficiently new. Also sanity dnl checks the results of libprelude-config to some extent dnl rm -f conf.libpreludetest AC_TRY_RUN([ #include #include #include #include int main () { system ("touch conf.libpreludetest"); if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) { printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", "$libprelude_config_version", prelude_check_version(NULL) ); printf("*** was found! If libprelude-config was correct, then it is best\n"); printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); printf("*** before re-running configure\n"); } else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) { printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); printf("*** library (version %s)\n", prelude_check_version(NULL) ); } else { if ( prelude_check_version( "$min_libprelude_version" ) ) { return 0; } else { printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", prelude_check_version(NULL) ); printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", "$min_libprelude_version" ); printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); printf("*** \n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } ],, no_libprelude=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" LDFLAGS="$ac_save_LDFLAGS" fi if test "x$no_libprelude" = x ; then AC_MSG_RESULT(yes) ifelse([$2], , :, [$2]) else if test -f conf.libpreludetest ; then : else AC_MSG_RESULT(no) fi if test "$LIBPRELUDE_CONFIG" = "no" ; then echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" echo "*** full path to libprelude-config." else if test -f conf.libpreludetest ; then : else echo "*** Could not run libprelude test program, checking why..." CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" AC_TRY_LINK([ #include #include #include #include ], [ return !!prelude_check_version(NULL); ], [ echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" echo "***" ], [ echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" ]) CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" LIBS="$ac_save_LIBS" fi fi LIBPRELUDE_CFLAGS="" LIBPRELUDE_LDFLAGS="" LIBPRELUDE_LIBS="" ifelse([$3], , :, [$3]) fi rm -f conf.libpreludetest AC_SUBST(LIBPRELUDE_CFLAGS) AC_SUBST(LIBPRELUDE_PTHREAD_CFLAGS) AC_SUBST(LIBPRELUDE_LDFLAGS) AC_SUBST(LIBPRELUDE_LIBS) AC_SUBST(LIBPRELUDE_PREFIX) AC_SUBST(LIBPRELUDE_CONFIG_PREFIX) ]) ##### http://autoconf-archive.cryp.to/acx_pthread.html # # SYNOPSIS # # ACX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) # # DESCRIPTION # # This macro figures out how to build C programs using POSIX threads. # It sets the PTHREAD_LIBS output variable to the threads library and # linker flags, and the PTHREAD_CFLAGS output variable to any special # C compiler flags that are needed. (The user can also force certain # compiler flags/libs to be tested by setting these environment # variables.) # # Also sets PTHREAD_CC to any special C compiler that is needed for # multi-threaded programs (defaults to the value of CC otherwise). # (This is necessary on AIX to use the special cc_r compiler alias.) # # NOTE: You are assumed to not only compile your program with these # flags, but also link it with them as well. e.g. you should link # with $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS # $LIBS # # If you are only building threads programs, you may wish to use # these variables in your default LIBS, CFLAGS, and CC: # # LIBS="$PTHREAD_LIBS $LIBS" # CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # CC="$PTHREAD_CC" # # In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute # constant has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to # that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). # # ACTION-IF-FOUND is a list of shell commands to run if a threads # library is found, and ACTION-IF-NOT-FOUND is a list of commands to # run it if it is not found. If ACTION-IF-FOUND is not specified, the # default action will define HAVE_PTHREAD. # # Please let the authors know if this macro fails on any platform, or # if you have any other suggestions or comments. This macro was based # on work by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) # (with help from M. Frigo), as well as ac_pthread and hb_pthread # macros posted by Alejandro Forero Cuervo to the autoconf macro # repository. We are also grateful for the helpful feedback of # numerous users. # # LAST MODIFICATION # # 2007-07-29 # # COPYLEFT # # Copyright (c) 2007 Steven G. Johnson # # This program is free software: you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see # . # # As a special exception, the respective Autoconf Macro's copyright # owner gives unlimited permission to copy, distribute and modify the # configure scripts that are the output of Autoconf when processing # the Macro. You need not follow the terms of the GNU General Public # License when using or distributing such scripts, even though # portions of the text of the Macro appear in them. The GNU General # Public License (GPL) does govern all other use of the material that # constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the # Autoconf Macro released by the Autoconf Macro Archive. When you # make and distribute a modified version of the Autoconf Macro, you # may extend this special exception to the GPL to apply to your # modified version as well. AC_DEFUN([ACX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_LANG_SAVE AC_LANG_C acx_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h # requires special compiler flags (e.g. on True64 or Sequent). # It gets checked for in the link test anyway. # First of all, check if the user has set any of the PTHREAD_LIBS, # etcetera environment variables, and if threads linking works using # them: if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) AC_TRY_LINK_FUNC(pthread_join, acx_pthread_ok=yes) AC_MSG_RESULT($acx_pthread_ok) if test x"$acx_pthread_ok" = xno; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" fi LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" fi # We must check for the threads library under a number of different # names; the ordering is very important because some systems # (e.g. DEC) have both -lpthread and -lpthreads, where one of the # libraries is broken (non-POSIX). # Create a list of thread flags to try. Items starting with a "-" are # C compiler flags, and other items are library names, except for "none" # which indicates that we try without any flags at all, and "pthread-config" # which is a program returning the flags for the Pth emulation library. acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" # The ordering *is* (sometimes) important. Some notes on the # individual items follow: # pthreads: AIX (must check this before -lpthread) # none: in case threads are in libc; should be tried before -Kthread and # other compiler flags to prevent continual compiler warnings # -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) # -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) # -pthreads: Solaris/gcc # -mthreads: Mingw32/gcc, Lynx/gcc # -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it # doesn't hurt to check since this sometimes defines pthreads too; # also defines -D_REENTRANT) # ... -mt is also the pthreads flag for HP/aCC # pthread: Linux, etcetera # --thread-safe: KAI C++ # pthread-config: use pthread-config program (for GNU Pth library) case "${host_cpu}-${host_os}" in *solaris*) # On Solaris (at least, for some versions), libc contains stubbed # (non-functional) versions of the pthreads routines, so link-based # tests will erroneously succeed. (We need to link with -pthreads/-mt/ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather # a function called by this macro, so we could check for that, but # who knows whether they'll stub that too in a future libc.) So, # we'll just look for -pthreads and -lpthread first: acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags" ;; esac if test x"$acx_pthread_ok" = xno; then for flag in $acx_pthread_flags; do case $flag in none) AC_MSG_CHECKING([whether pthreads work without any flags]) ;; -pthread) AC_MSG_CHECKING([whether pthreads work with $flag]) PTHREAD_CFLAGS="$flag" ;; -*) AC_MSG_CHECKING([whether pthreads work with $flag]) PTHREAD_CFLAGS="$flag" ;; pthread-config) AC_CHECK_PROG(acx_pthread_config, pthread-config, yes, no) if test x"$acx_pthread_config" = xno; then continue; fi PTHREAD_CFLAGS="`pthread-config --cflags`" PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ;; *) AC_MSG_CHECKING([for the pthreads library -l$flag]) PTHREAD_LIBS="-l$flag" ;; esac save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" save_LDFLAGS="$LDFLAGS" LIBS="$PTHREAD_LIBS $LIBS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $PTHREAD_CFLAGS" # Check for various functions. We must include pthread.h, # since some functions may be macros. (On the Sequent, we # need a special flag -Kthread to make this header compile.) # We check for pthread_join because it is in -lpthread on IRIX # while pthread_create is in libc. We check for pthread_attr_init # due to DEC craziness with -lpthreads. We check for # pthread_cleanup_push because it is one of the few pthread # functions on Solaris that doesn't have a non-functional libc stub. # We try pthread_create on general principles. AC_TRY_LINK([#include ], [pthread_t th; pthread_join(th, 0); pthread_attr_init(0); pthread_cleanup_push(0, 0); pthread_create(0,0,0,0); pthread_cleanup_pop(0); ], [acx_pthread_ok=yes]) LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" CFLAGS="$save_CFLAGS" AC_MSG_RESULT($acx_pthread_ok) if test "x$acx_pthread_ok" = xyes; then break; fi PTHREAD_LIBS="" PTHREAD_CFLAGS="" done fi # Various other checks: if test "x$acx_pthread_ok" = xyes; then save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. AC_MSG_CHECKING([for joinable pthread attribute]) attr_name=unknown for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do AC_TRY_LINK([#include ], [int attr=$attr; return attr;], [attr_name=$attr; break]) done AC_MSG_RESULT($attr_name) if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, [Define to necessary symbol if this constant uses a non-standard name on your system.]) fi # Solaris lossage: default is obsolete semantics for getpwnam_r, # getpwuid_r, getgrgid_r, unless _POSIX_PTHREAD_SEMANTICS is defined AC_MSG_CHECKING([if more special flags are required for pthreads]) flag=no case "${host_cpu}-${host_os}" in *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; *-osf* | *-hpux*) flag="-D_REENTRANT";; *solaris*) flag="-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT";; esac AC_MSG_RESULT(${flag}) if test "x$flag" != xno; then PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" fi # Detect PTHREAD_MUTEX_RECURSIVE AC_MSG_CHECKING([for recursive mutexes]) mutex_recursive=no AC_TRY_LINK([ #define _XOPEN_SOURCE 500 #include ], [ pthread_mutexattr_t mta; pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE); return 0;],[mutex_recursive=yes]) if test "x$mutex_recursive" = "xyes" then AC_DEFINE(HAVE_PTHREAD_MUTEX_RECURSIVE,1,[Define if you have recursive mutexes.]) fi AC_MSG_RESULT($mutex_recursive) LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" # More AIX lossage: must compile with xlc_r or cc_r if test x"$GCC" != xyes; then AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) else PTHREAD_CC=$CC fi else PTHREAD_CC="$CC" fi if test x"$acx_pthread_ok" = xyes; then PTHREAD_CFLAGS="${PTHREAD_CFLAGS} -DUSE_MALLOC_LOCK=1" fi AC_SUBST(PTHREAD_LIBS) AC_SUBST(PTHREAD_CFLAGS) AC_SUBST(PTHREAD_LDFLAGS) AC_SUBST(PTHREAD_CC) # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test x"$acx_pthread_ok" = xyes; then ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) : else acx_pthread_ok=no $2 fi AC_LANG_RESTORE ])dnl ACX_PTHREAD dnl Copyright © 2004 Loic Dachary dnl dnl This program is free software; you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 2 of the License, or (at dnl your option) any later version. dnl dnl Use ZLIB_HOME instead of option AC_DEFUN([CHECK_ZLIB],[ if test "x${ZLIB_HOME}" = "x"; then ZLIB_HOME=/usr/local if test ! -f "${ZLIB_HOME}/include/zlib.h" then ZLIB_HOME=/usr fi fi zlib_found=no ZLIB_OLD_LDFLAGS=$LDFLAGS ZLIB_OLD_CPPFLAGS=$LDFLAGS if test "x${ZLIB_HOME}" = "x/usr"; then : else LDFLAGS="$LDFLAGS -L${ZLIB_HOME}/lib" CPPFLAGS="$CPPFLAGS -I${ZLIB_HOME}/include" fi AC_LANG_SAVE AC_LANG_C AC_CHECK_LIB(z, inflateEnd, [zlib_cv_libz=yes], [zlib_cv_libz=no]) AC_CHECK_HEADER(zlib.h, [zlib_cv_zlib_h=yes], [zlib_cv_zlib_h=no]) AC_LANG_RESTORE if test "$zlib_cv_libz" = "yes" -a "$zlib_cv_zlib_h" = "yes" then # # If both library and header were found, use them # AC_CHECK_LIB(z, inflateEnd) AC_MSG_CHECKING([zlib in ${ZLIB_HOME}]) AC_MSG_RESULT(ok) AC_CHECK_FUNCS([compressBound]) zlib_found=yes else # # If either header or library was not found, revert and bomb # AC_MSG_CHECKING(zlib in ${ZLIB_HOME}) LDFLAGS="$ZLIB_OLD_LDFLAGS" CPPFLAGS="$ZLIB_OLD_CPPFLAGS" AC_MSG_RESULT(failed) AC_MSG_WARN([zlib not found in ZLIB_HOME, /usr/local, or /usr]) fi ]) # SH_PROG_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([SH_PROG_LD], [ AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac else AC_MSG_CHECKING([for ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 #include int main() { struct tm tm; char tt[64]; memset(&tm, 0, sizeof(tm)); strftime(tt, sizeof(tt), "%z", &tm); if (strlen(tt) != 5) return 1; return 0; } ], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_STRFTIME_Z, 1, [strftime supports %z]) ], [ AC_MSG_RESULT([no]) ],[ AC_MSG_RESULT([no]) ])]) AC_DEFUN([SH_GCC_VERSION], [ GCC_VERSION="" gcc_VERSION_MAJOR=0 gcc_VERSION_MINOR=0 AC_MSG_CHECKING([for gcc version]) if test "x$GCC" = "xyes" then $CC -dumpversion >/dev/null 2>&1 if test $? -eq 0 then GCC_VERSION=`$CC -dumpversion` gcc_VERSION_MAJOR=`echo $GCC_VERSION | cut -d'.' -f1` gcc_VERSION_MINOR=`echo $GCC_VERSION | cut -d'.' -f2` AC_DEFINE_UNQUOTED(GCC_VERSION_MAJOR, [${gcc_VERSION_MAJOR}], [gcc version major]) AC_DEFINE_UNQUOTED(GCC_VERSION_MINOR, [${gcc_VERSION_MINOR}], [gcc version minor]) AC_MSG_RESULT([$GCC_VERSION]) else AC_MSG_RESULT([$CC -dumpversion working]) fi else AC_MSG_RESULT([compiler is not gcc]) fi ]) dnl *-*wedit:notab*-* Please keep this as the last line. samhain-3.1.0/samhainrc.linux0000644000175000017500000003703211705341273013112 00000000000000##################################################################### # # Configuration file template for samhain. # ##################################################################### # # -- empty lines and lines starting with '#', ';' or '//' are ignored # -- boolean options can be Yes/No or True/False or 1/0 # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # # SETUP for file system checking: # # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) Section [EventSeverity]: # To each policy, you can assign a severity (further below). # (iii) Section [Log]: # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### ##################################################################### # # Files are defined with: file = /absolute/path # # Directories are defined with: dir = /absolute/path # or with an optional recursion depth (N <= 99): dir = N/absolute/path # # Directory inodes are checked. If you only want to check files # in a directory, but not the directory inode itself, use (e.g.): # # [ReadOnly] # dir = /some/directory # [IgnoreAll] # file = /some/directory # # You can use shell-style globbing patterns, like: file = /path/foo* # ###################################################################### [Misc] ## ## Add or subtract tests from the policies ## - if you want to change their definitions, ## you need to do that before using the policies ## # RedefReadOnly = (no default) # RedefAttributes=(no default) # RedefLogFiles=(no default) # RedefGrowingLogFiles=(no default) # RedefIgnoreAll=(no default) # RedefIgnoreNone=(no default) # RedefUser0=(no default) # RedefUser1=(no default) # # --------- / -------------- # [ReadOnly] dir = 0/ [Attributes] file = /tmp file = /dev file = /media file = /proc file = /sys # # --------- /etc ----------- # [ReadOnly] ## ## for these files, only access time is ignored ## dir = 99/etc [Attributes] ## ## check permission and ownership ## file = /etc/mtab file = /etc/adjtime file = /etc/motd file = /etc/lvm/.cache # On Ubuntu, these are in /var/lib rather than /etc file = /etc/cups/certs file = /etc/cups/certs/0 # managed by fstab-sync on Fedora Core file = /etc/fstab # modified when booting file = /etc/sysconfig/hwconf # There are files in /etc that might change, thus changing the directory # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. file = /etc # # --------- /boot ----------- # [ReadOnly] dir = 99/boot # # --------- /bin, /sbin ----------- # [ReadOnly] dir = 99/bin dir = 99/sbin # # --------- /lib ----------- # [ReadOnly] dir = 99/lib # # --------- /dev ----------- # [Attributes] dir = 99/dev [IgnoreAll] ## ## pseudo terminals are created/removed as needed ## dir = -1/dev/pts # dir = -1/dev/.udevdb file = /dev/ppp # # --------- /usr ----------- # [ReadOnly] dir = 99/usr # # --------- /var ----------- # [ReadOnly] dir = 99/var [IgnoreAll] dir = -1/var/cache dir = -1/var/backups dir = -1/var/games dir = -1/var/gdm dir = -1/var/lock dir = -1/var/mail dir = -1/var/run dir = -1/var/spool dir = -1/var/tmp dir = -1/var/lib/texmf dir = -1/var/lib/scrollkeeper [Attributes] dir = /var/lib/nfs dir = /var/lib/pcmcia # /var/lib/rpm changes if packets are installed; # /var/lib/rpm/__db.00[123] even more frequently file = /var/lib/rpm/__db.00? file = /var/lib/acpi-support/vbestate file = /var/lib/alsa/asound.state file = /var/lib/apt/lists/lock file = /var/lib/apt/lists/partial file = /var/lib/cups/certs file = /var/lib/cups/certs/0 file = /var/lib/dpkg/lock file = /var/lib/gdm file = /var/lib/gdm/.cookie file = /var/lib/gdm/.gdmfifo file = /var/lib/gdm/:0.Xauth file = /var/lib/gdm/:0.Xservers file = /var/lib/logrotate/status file = /var/lib/mysql file = /var/lib/mysql/ib_logfile0 file = /var/lib/mysql/ibdata1 file = /var/lib/slocate file = /var/lib/slocate/slocate.db file = /var/lib/slocate/slocate.db.tmp file = /var/lib/urandom file = /var/lib/urandom/random-seed file = /var/lib/random-seed file = /var/lib/xkb [GrowingLogFiles] ## ## For these files, changes in signature, timestamps, and increase in size ## are ignored. Logfile rotation will cause a report because of shrinking ## size and different inode. ## dir = 99/var/log [Attributes] # # rotated logs will change inode # file = /var/log/*.[0-9].gz file = /var/log/*.[0-9].log file = /var/log/*.[0-9] file = /var/log/*.old file = /var/log/*/*.[0-9].gz file = /var/log/*/*.[0-9][0-9].gz file = /var/log/*/*.log.[0-9] [Misc] # # Various naming schemes for rotated logs # IgnoreAdded = /var/log/.*\.[0-9]+$ IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ IgnoreAdded = /var/log/.*\.[0-9]+\.log$ # # Subdirectories # IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+$ IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.gz$ IgnoreAdded = /var/log/[[:alnum:]]+/.*\.[0-9]+\.log$ # IgnoreAdded = /var/lib/slocate/slocate.db.tmp IgnoreMissing = /var/lib/slocate/slocate.db.tmp # # --------- other policies ----------- # [IgnoreNone] ## ## for these files, all modifications (even access time) are reported ## - you may create some interesting-looking file (like /etc/safe_passwd), ## just to watch whether someone will access it ... ## [Prelink] ## ## Use for prelinked files or directories holding them ## [User0] [User1] ## User0 and User1 are sections for files/dirs with user-definable checking ## (see the manual) [EventSeverity] ## ## Here you can assign severities to policy violations. ## If this severity exceeds the treshold of a log facility (see below), ## a policy violation will be logged to that facility. ## ## Severity for verification failures. ## # SeverityReadOnly=crit # SeverityLogFiles=crit # SeverityGrowingLogs=crit # SeverityIgnoreNone=crit # SeverityAttributes=crit # SeverityUser0=crit # SeverityUser1=crit # SeverityIgnoreAll=crit ## Files : file access problems # SeverityFiles=crit ## Dirs : directory access problems # SeverityDirs=crit ## Names : suspect (non-printable) characters in a pathname # SeverityNames=crit [Log] ## ## Switch on/OFF log facilities and set their threshold severity ## ## Values: debug, info, notice, warn, mark, err, crit, alert, none. ## 'mark' is used for timestamps. ## ## ## Use 'none' to SWITCH OFF a log facility ## ## By default, everything equal to and above the threshold is logged. ## The specifiers '*', '!', and '=' are interpreted as ## 'all', 'all but', and 'only', respectively (like syslogd(8) does, ## at least on Linux). Examples: ## MailSeverity=* ## MailSeverity=!warn ## MailSeverity==crit ## E-mail ## # MailSeverity=none ## Console ## # PrintSeverity=info ## Logfile ## # LogSeverity=mark ## Syslog ## # SyslogSeverity=none ## Remote server (yule) ## # ExportSeverity=none ## External script or program ## # ExternalSeverity = none ## Logging to a database ## # DatabaseSeverity = none ## Logging to a Prelude-IDS ## # PreludeSeverity = crit ##################################################### # # Optional modules # ##################################################### # [SuidCheck] ## ## --- Check the filesystem for SUID/SGID binaries ## ## Switch on # # SuidCheckActive = yes ## Interval for check (seconds) # # SuidCheckInterval = 7200 ## Alternative: crontab-like schedule # # SuidCheckSchedule = NULL ## Directory to exclude # # SuidCheckExclude = NULL ## Limit on files per second (0 == no limit) # # SuidCheckFps = 0 ## Alternative: yield after every file # # SuidCheckYield = no ## Severity of a detection # # SeveritySuidCheck = crit ## Quarantine SUID/SGID files if found # # SuidCheckQuarantineFiles = yes ## Method for Quarantining files: # 0 - Delete or truncate the file. # 1 - Remove SUID/SGID permissions from file. # 2 - Move SUID/SGID file to quarantine dir. # # SuidCheckQuarantineMethod = 0 ## For method 1 and 3, really delete instead of truncating # # SuidCheckQuarantineDelete = yes #[Kernel] ## ## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) ## ## Switch on/off # # KernelCheckActive = True ## Check interval (seconds); btw., the check is VERY fast # # KernelCheckInterval = 300 ## Severity # # SeverityKernel = crit # [Utmp] ## ## --- Logging of login/logout events ## ## Switch on/off # # LoginCheckActive = True ## Severity for logins, multiple logins, logouts # # SeverityLogin=info # SeverityLoginMulti=warn # SeverityLogout=info ## Interval for login/logout checks # # LoginCheckInterval = 300 # [Database] ## ## --- Logging to a relational database ## ## Database name # # SetDBName = samhain ## Database table # # SetDBTable = log ## Database user # # SetDBUser = samhain ## Database password # # SetDBPassword = (default: none) ## Database host # # SetDBHost = localhost ## Log the server timestamp for received messages # # SetDBServerTstamp = True ## Use a persistent connection # # UsePersistent = True # [External] ## ## Interface to call external scripts/programs for logging ## ## The absolute path to the command ## - Each invocation of this directive will end the definition of the ## preceding command, and start the definition of ## an additional, new command # # OpenCommand = (no default) ## Type (log or rv) ## - log for log messages, srv for messages received by the server # # SetType = log ## The command (full command line) to execute # # SetCommandLine = (no default) ## The environment (KEY=value; repeat for more) # # SetEnviron = TZ=(your timezone) ## The TIGER192 checksum (optional) # # SetChecksum = (no default) ## User who runs the command # # SetCredentials = (default: samhain process uid) ## Words not allowed in message # # SetFilterNot = (none) ## Words required (ALL of them) # # SetFilterAnd = (none) ## Words required (at least one) # # SetFilterOr = (none) ## Deadtime between consecutive calls # # SetDeadtime = 0 ## Add default environment (HOME, PATH, SHELL) # # SetDefault = no ##################################################### # # Miscellaneous configuration options # ##################################################### [Misc] ## whether to become a daemon process ## (this is not honoured on database initialisation) # # Daemon = no Daemon = yes ## whether to test signature of files (init/check/none) ## - if 'none', then we have to decide this on the command line - # # ChecksumTest = none ChecksumTest=check ## Set nice level (-19 to 19, see 'man nice'), ## and I/O limit (kilobytes per second; 0 == off) ## to reduce load on host. # # SetNiceLevel = 0 # SetIOLimit = 0 ## The version string to embed in file signature databases # # VersionString = NULL ## Interval between time stamp messages # # SetLoopTime = 60 SetLoopTime = 600 ## Interval between file checks # # SetFileCheckTime = 600 SetFileCheckTime = 7200 ## Alternative: crontab-like schedule # # FileCheckScheduleOne = NULL ## Alternative: crontab-like schedule(2) # # FileCheckScheduleTwo = NULL ## Report only once on modified files ## Setting this to 'FALSE' will generate a report for any policy ## violation (old and new ones) each time the daemon checks the file system. # # ReportOnlyOnce = True ## Report in full detail # # ReportFullDetail = False ## Report file timestamps in local time rather than GMT # # UseLocalTime = No ## The console device (can also be a file or named pipe) ## - There are two console devices. Accordingly, you can use ## this directive a second time to set the second console device. ## If you have not defined the second device at compile time, ## and you don't want to use it, then: ## setting it to /dev/null is less effective than just leaving ## it alone (setting to /dev/null will waste time by opening ## /dev/null and writing to it) # # SetConsole = /dev/console ## Activate the SysV IPC message queue # # MessageQueueActive = False ## If false, skip reverse lookup when connecting to a host known ## by name rather than IP address (i.e. trust the DNS) # # SetReverseLookup = True ## --- E-Mail --- # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # SetMailTime = 86400 ## Maximum number of mails to queue # # SetMailNum = 10 ## Recipient (max. 8) # # SetMailAddress=root@localhost ## Mail relay (IP address) # # SetMailRelay = NULL ## Custom subject format # # MailSubject = NULL ## --- end E-Mail --- ## Path to the prelink executable # # SetPrelinkPath = /usr/sbin/prelink ## TIGER192 checksum of the prelink executable # # SetPrelinkChecksum = (no default) ## Path to the executable. If set, will be checksummed after startup ## and before exit. # # SamhainPath = (no default) ## The IP address of the log server # # SetLogServer = (default: compiled-in) ## The IP address of the time server # # SetTimeServer = (default: compiled-in) ## Trusted Users (comma delimited list of user names) # # TrustedUser = (no default; this adds to the compiled-in list) ## Path to the file signature database # # SetDatabasePath = (default: compiled-in) ## Path to the log file # # SetLogfilePath = (default: compiled-in) ## Path to the PID file # # SetLockfilePath = (default: compiled-in) ## The digest/checksum/hash algorithm # # DigestAlgo = TIGER192 ## Custom format for message header. ## CAREFUL if you use XML logfile format. ## ## %S severity ## %T timestamp ## %C class ## ## %F source file ## %L source line # # MessageHeader="%S %T " ## Don't log path to config/database file on startup # # HideSetup = False ## The syslog facility, if you log to syslog # # SyslogFacility = LOG_AUTHPRIV SyslogFacility=LOG_LOCAL2 ## The message authentication method ## - If you change this, you *must* change it ## on client *and* server # # MACType = HMAC-TIGER ## The Prelude-IDS profile to use for reporting ## default value is "samhain" # # PreludeProfile = samhain ## Map these samhain severities to impact severity 'info' severity # # PreludeMapToInfo = ## Map these samhain severities to impact severity 'low' severity # # PreludeMapToLow = debug info ## Map these samhain severities to impact severity 'medium' severity # # PreludeMapToMedium = notice warn err ## Map these samhain severities to impact severity 'high' severity # # PreludeMapToHigh = crit alert ## everything below is ignored [EOF] ##################################################################### # This would be the proper syntax for parts that should only be # included for certain hosts. # You may enclose anything in a @HOSTNAME/@end bracket, as long as the # result still has the proper syntax for the config file. # You may have any number of @HOSTNAME/@end brackets. # HOSTNAME should be the fully qualified 'official' name # (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. # No IP number - except if samhain cannot determine the # fully qualified hostname. # # @HOSTNAME # file=/foo/bar # @end # # These are two examples for conditional inclusion/exclusion # of a machine based on the output from 'uname -srm' # $Linux:2.*.7:i666 # file=/foo/bar3 # $end # # !$Linux:2.*.7:i686 # file=/foo/bar2 # $end # ##################################################################### samhain-3.1.0/samhain-install.sh.in0000644000175000017500000012161112224350466014107 00000000000000#! /bin/sh purge= verbose= express= force= act= prefix=@prefix@ exec_prefix=@exec_prefix@ sbindir=@sbindir@ samhain=@install_name@ mandir=@mandir@ sysconfdir=@sysconfdir@ configfile=@myconffile@ pid_file=@mylockfile@ pid_dir=@mylockdir@ data_root=@mydataroot@ mydatafile=@mydatafile@ mylogfile=@mylogfile@ mylogdir=@mylogdir@ myhtmlfile=@myhtmlfile@ datarootdir=@datarootdir@ INSTALL_SHELL="$0 --install-sh -m 700" INSTALL_DATA="$0 --install-sh -m 600" mkinstalldirs="$0 --mkinstalldirs" DESTDIR= user= # # Only call rmdir with an absolute path # SH_RMDIR=echo SPATH="/bin:/usr/bin:/sbin:/usr/sbin" OLD_IFS=${IFS} IFS=':'; export IFS for ff in ${SPATH}; do if test -x $ff/rmdir; then SH_RMDIR=`eval echo ${ff}/rmdir` fi done IFS=${OLD_IFS}; export IFS case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in *c*,-n*) ECHO_N= ECHO_C=' ' ECHO_T=' ' ;; *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; *) ECHO_N= ECHO_C='\c' ECHO_T= ;; esac if [ x"$1" = x ] then echo 'samhain-install.sh [--destdir=DESTDIR][--verbose][--express][--force] action' echo 'action = install-boot|install-data|install-user' echo ' uninstall|purge|uninstall-boot' echo ' uninstall-data|uninstall-man|uninstall-program|uninstall-lkm' echo 'samhain-install.sh --print-config ' echo 'item = name | basekey | prefix | exec_prefix | sbin_dir | man_dir' echo ' config_dir | config_file | pid_dir | log_dir | log_file' echo ' data_dir | data_file' exit 1 fi while [ x"$1" != x ]; do case $1 in -v|--verbose) verbose=yes shift continue;; -e|--express) express=yes shift continue;; -f|--force) force=yes shift continue;; -d) shift DESTDIR="$1" if test "x${DESTDIR}" = "x/"; then DESTDIR= fi shift continue;; --destdir=*) DESTDIR=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` if test "x${DESTDIR}" = "x/"; then DESTDIR= fi shift continue;; --install-sh) shift # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 # ----- END OF INSTALL-SH ----- ;; --mkinstalldirs) shift # mkinstalldirs --- make directory hierarchy # Author: Noah Friedman # Created: 1993-05-16 # Public domain # $Id: mkinstalldirs,v 1.10 1996/05/03 07:37:52 friedman Exp $ errstatus=0 for file do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift pathcomp= for d do pathcomp="$pathcomp$d" case "$pathcomp" in -* ) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" 1>&2 mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr fi fi pathcomp="$pathcomp/" done done exit $errstatus # mkinstalldirs ends here ;; install-deploy) if test -f ./samhainrc.USEME then tmpconfigfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` if test x"${tmpconfigfile}" = x then echo " No local path for configfile defined." exit 0 else cp samhainrc.USEME "${tmpconfigfile}" && chmod 0600 "${tmpconfigfile}" fi fi if test -f postinstall.USEME then /bin/sh ./postinstall.USEME fi exit 0 ;; print-config|--print-config) shift pwhat=$1 if test x"$1" = x then echo "$0: Missing argument to print-config" exit 1 fi case $pwhat in basekey) echo "@mykeybase@" ;; prefix) echo $prefix ;; exec_prefix) echo $exec_prefix ;; sbin_dir) echo $sbindir ;; name) echo $samhain ;; man_dir) echo $mandir ;; config_dir) echo $sysconfdir ;; config_file) echo $configfile | sed 's%^REQ_FROM_SERVER%%' ;; pid_file) echo ${pid_file} ;; pid_dir) echo ${pid_dir} ;; data_dir) echo @mydataroot@ ;; data_file) echo @mydatafile@ | sed 's%^REQ_FROM_SERVER%%' ;; log_file) echo @mylogfile@ ;; log_dir) echo @mylogdir@ ;; *) echo "$0: Unknown item \"$pwhat\"" exit 1 ;; esac exit 0 ;; install-user) act=user shift user=$1 break;; install-boot) act=boot break;; uninstall-boot) act=uboot break;; install-data) act=data break;; uninstall-data) act=udata break;; uninstall-man) act=uman break;; uninstall-program) act=uprogram break;; uninstall-lkm) act=ulkm break;; uninstall | remove | purge) opts= test x"$verbose" = "xyes" && opts="$opts --verbose" test x"$express" = "xyes" && opts="$opts --express" test x"$force" = "xyes" && opts="$opts --force" test x"$DESTDIR" = "x" || opts="$opts --destdir=$DESTDIR" test x"$1" = "xpurge" && purge=yes echo "$0 $opts uninstall-lkm" eval $0 $opts uninstall-lkm echo "$0 $opts uninstall-program" eval $0 $opts uninstall-program echo "$0 $opts uninstall-man" eval $0 $opts uninstall-man if test x"$force" = "x"; then test "x$purge" = xyes && opts="$opts --force" fi echo "$0 $opts uninstall-data" eval $0 $opts uninstall-data echo echo " To uninstall the runlevel scripts, use $0 $opts uninstall-boot" echo exit 0 ;; *) echo "Unknown option $1" exit 1 ;; esac done if test x"$act" = xuser then # -- the routines for installing a new user are adapted from # the OpenPKG bootstrap installation script, which is distributed # under the following license: ## Shell-based package for OpenPKG BINARY bootstrap installation ## Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH ## Copyright (c) 2000-2002 The OpenPKG Project ## Copyright (c) 2000-2002 Ralf S. Engelschall ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. if test x"$user" = x then echo "**ERROR**: No username specified" exit 1 fi s=`uname -s 2>/dev/null` || s='Unknown' r=`uname -r 2>/dev/null` || r='0.0' platform="${s}/${r}" if test x"$user" = xnobody; then case "$platform" in HP-UX/* ) group="nogroup" ;; *) group="nobody" ;; esac else group="$user" fi shell=/bin/false if test -f /etc/shells then grep "^/usr/bin/false" /etc/shells >/dev/null 2>&1 && shell=/usr/bin/false grep "^/bin/nologin" /etc/shells >/dev/null 2>&1 && shell=/bin/nologin grep "^/sbin/nologin" /etc/shells >/dev/null 2>&1 && shell=/sbin/nologin fi home="${data_root}" xuid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${user}:" | awk -F: '{ print $3; }'` if test "x$xuid" = x then # seek for a reasonable uid/gid pair xuid=1000 ok=0 while test "x$ok" = x0 do eval "u_exists=\$u_exists_$xuid" if test "x$u_exists" = x then u_exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` fi eval "g_exists=\$g_exists_$xuid" if test "x$g_exists" = x then g_exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^[^:]*:[^:]*:$xuid:"` fi if [ "x$u_exists" = x -a "x$g_exists" = x ]; then ok=1 break fi xuid=`expr $xuid + 1` done eval "u_exists_$xuid=yes" eval "g_exists_$xuid=yes" else # user exists xgid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${user}:" | awk -F: '{ print $4; }'` fi if test "x$xgid" = x then xgid=`(cat /etc/group; ypcat group) 2>/dev/null |\ grep "^${group}:" | awk -F: '{ print $3; }'` fi if test "x$xgid" = x then xgid="$xuid" g_exists=no else g_exists=yes fi uid=$xuid gid=$xgid if test -f /etc/shells then exists=`cat /etc/shells 2>/dev/null | grep "^$shell"` if test "x$exists" = x; then echo "${shell}" >>/etc/shells test -z "$verbose" || echo " Added ${shell} to /etc/shells" fi fi exists=`(cat /etc/passwd; ypcat passwd) 2>/dev/null | grep "^$user:"` if test x"$exists" = x; then # add entry to passwd database realname="$user" case "$platform" in FreeBSD/* | NetBSD/* | OpenBSD/* ) file=/etc/master.passwd entry="${user}:*:${uid}:${gid}::0:0:${realname}:${home}:${shell}" update="(PATH=\$PATH:/usr/sbin; pwd_mkdb -p /etc/master.passwd)" break ;; Linux/* ) file=/etc/passwd entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" update="(PATH=\$PATH:/usr/sbin; pwconv)" break ;; SunOS/5.* ) file=/etc/passwd entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" update="(PATH=\$PATH:/usr/sbin; pwconv)" break ;; OSF1/V5.* ) file=/etc/passwd entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" update="(PATH=\$PATH:/usr/sbin; mkpasswd /etc/passwd)" break ;; HP-UX/* ) file=/etc/passwd entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" update=":" break ;; IRIX*/* ) file=/etc/passwd entry="${user}:*:${uid}:${gid}:${realname}:${home}:${shell}" update=":" break ;; *) echo "install-user: Unsupported system $platform" echo "Please add user $user / group $group manually" echo " and re-run make install-user" exit 1 ;; esac cp $file $file.bak && \ (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file rm -f $file.bak >/dev/null 2>&1 eval $update test -z "$verbose" || echo " Added user: ${user} uid: ${uid} shell: ${shell}" else test -z "$verbose" || echo " User ${user} exists already" fi # check whether group already exists # FIXME exists=`(cat /etc/group; ypcat group) 2>/dev/null | grep "^$group:"` if test x"$exists" = x then # # user has a valid GID # if test g_exists = xyes; then exists=yes fi fi if test x"$exists" = x then # add entry to group database file=/etc/group entry="${group}:*:${gid}:${user}" cp $file $file.bak && \ (grep -v '^+:' $file.bak; echo $entry; grep '^+:' $file.bak) >$file rm -f $file.bak >/dev/null 2>&1 test -z "$verbose" || echo " Added group: ${group} gid: ${gid} user: ${user}" fi exit 0 fi if test x"$act" = xboot || test x"$act" = xuboot then s=`uname -s 2>/dev/null` || s='Unknown' r=`uname -r 2>/dev/null` || r='0.0' platform="${s}/${r}" case "$platform" in Darwin/*) DVER="MACOSX" test -z "$verbose" || echo "MacOS X system detected" rc_main="/Library/StartupItems/${samhain}" ${mkinstalldirs} ${rc_main} rc_dirz= rc_inst="(cd /Library/StartupItems/${samhain} && echo '{' >StartupParameters.plist && echo ' Description = \"@install_name@\";' >>StartupParameters.plist && echo ' Provides = (\"@install_name@\");' >>StartupParameters.plist && echo ' Requires = (\"Network\");' >>StartupParameters.plist && echo ' OrderPreference = \"Last\";' >>StartupParameters.plist && echo '}' >>StartupParameters.plist && chmod 644 StartupParameters.plist; )" rc_uinst="rm -rf /Library/StartupItems/@install_name@" ;; IRIX*/*) DVER="IRIX" test -z "$verbose" || echo " IRIX system detected" rc_main=${DESTDIR}/etc/init.d rc_dirz= rc_inst="chmod 755 /etc/init.d/@install_name@; chown root /etc/init.d/@install_name@; chkconfig -f @install_name@ on; (cd /etc; ln -f -s init.d/@install_name@ rc2.d/S99@install_name@; ln -f -s init.d/@install_name@ rc0.d/K10@install_name@; )" rc_uinst="rm -f /etc/init.d/@install_name@; rm -f /etc/rc2.d/S99@install_name@; rm -f /etc/rc0.d/K10@install_name@; chkconfig @install_name@ off" ;; AIX/*) DVER="AIX" test -z "$verbose" || echo " AIX system detected" ln -f -s @sbindir@/@install_name@ samhain.startAIX rc_main=@sbindir@ rc_dirz= rc_inst="/usr/sbin/mkitab '@install_name@:2:wait:@sbindir@/@install_name@ start >/dev/console 2>&1'" rc_uinst="/usr/sbin/rmitab @install_name@" ;; HP-UX/*) DVER="HPUX" test -z "$verbose" || echo " HP-UX system detected" rc_main=${DESTDIR}/sbin/init.d rc_dirz= rc_inst="chmod 555 /sbin/init.d/@install_name@; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin && ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@ && ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" rc_uinst="rm -f /sbin/init.d/@install_name@; rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" ;; OpenBSD/*) test -z "$verbose" || echo " OpenBSD system detected" grep '^## begin @install_name@' /etc/rc.local >/dev/null 2>&1 if [ $? -eq 0 ]; then RCLOCALTMP=`mktemp /etc/rc.local.XXXXXXXXXX` || exit 1 sed "/^## begin @install_name@/,/^## end @install_name@/d" /etc/rc.local >$RCLOCALTMP || exit 1 cat $RCLOCALTMP >/etc/rc.local || exit 1 rm -f $RCLOCALTMP || exit 1 if test x"$act" = xuboot; then echo " uninstalling from /etc/rc.local completed" fi fi if test x"$act" = xboot; then echo "## begin @install_name@" >>/etc/rc.local || exit 1 echo "if [ -x @sbindir@/@install_name@ ]; then" >>/etc/rc.local || exit 1 echo " @sbindir@/@install_name@ start" >>/etc/rc.local || exit 1 echo "fi" >>/etc/rc.local || exit 1 echo "## end @install_name@" >>/etc/rc.local || exit 1 echo " installing to /etc/rc.local completed" fi exit 0 ;; NetBSD/*) test -z "$verbose" || echo " NetBSD system detected" if test -f /etc/rc.subr; then DVER="FreeBSD" rc_main=${DESTDIR}/etc/rc.d rc_dirz= rc_inst="chmod 755 /etc/rc.d/@install_name@" rc_uinst="rm -f /etc/rc.d/@install_name@" else echo "${0}: unsupported platform ${platform} (too old)" exit 1 fi ;; FreeBSD/* ) test -z "$verbose" || echo " FreeBSD system detected" if test -f /etc/rc.subr; then DVER="FreeBSD" rc_main=${DESTDIR}/etc/rc.d rc_dirz= rc_inst="chmod 755 /etc/rc.d/@install_name@" rc_uinst="rm -f /etc/rc.d/@install_name@" else DVER="Solaris" rc_main=${DESTDIR}/usr/local/etc/rc.d rc_dirz= rc_inst="mv /usr/local/etc/rc.d/@install_name@ /usr/local/etc/rc.d/@install_name@.sh && chmod 755 /usr/local/etc/rc.d/@install_name@.sh" rc_uinst="rm -f /usr/local/etc/rc.d/@install_name@.sh" fi if test x"$act" = xboot then if [ ! -d ${rc_main} ]; then test x"$act" = xboot && mkdir ${rc_main} fi if test "x$DVER" = "xSolaris"; then ( . /etc/defaults/rc.conf . /etc/rc.conf found=0 for p in ${local_startup-x}; do if test "x$p" = "x${rc_main}"; then found=1 break fi done if test "x$found" = x0; then cp -p /etc/rc.conf /etc/rc.conf.bak ( grep -v local_startup /etc/rc.conf.bak echo "local_startup=\"${rc_main} $local_startup\"" ) >/etc/rc.conf fi ) fi fi ;; SunOS/5.* ) DVER="Solaris" DVER_REAL="Solaris" test -z "$verbose" || echo " Solaris system detected" rc_dirz= rc_main=${DESTDIR}/etc/init.d rc_inst="chmod 755 ${DESTDIR}/etc/init.d/@install_name@; chown root:sys ${DESTDIR}/etc/init.d/@install_name@; (cd ${DESTDIR}/etc; ln init.d/@install_name@ rc3.d/S99@install_name@; ln init.d/@install_name@ rc0.d/K10@install_name@; ln init.d/@install_name@ rc1.d/K10@install_name@; )" rc_uinst="rm -f ${DESTDIR}/etc/init.d/@install_name@; rm -f ${DESTDIR}/etc/rc0.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc1.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc3.d/S99@install_name@" ;; Linux/*) rlv="2 3 4 5" linkopt="-f -s" # find rc directories if test -f /usr/lib/lsb/install_initd && test -d /etc/init.d then test -z "$verbose" || echo " Linux Standard Base system detected" DVER=LSB if test x"$DESTDIR" = x then rc_main=/etc/init.d rc_dirz= rc_inst="/usr/lib/lsb/install_initd /etc/init.d/@install_name@" rc_uinst="/usr/lib/lsb/remove_initd /etc/init.d/@install_name@" else rc_inst= rc_uinst= rc_main=${DESTDIR}/etc/init.d rc_dirz= # test -d /etc/init.d/rc2.d && rc_dirz=${DESTDIR}/etc/init.d/rc # test -d /etc/rc.d/rc2.d && rc_dirz=${DESTDIR}/etc/rc.d/rc # test -d /etc/rc2.d && rc_dirz=${DESTDIR}/etc/rc fi elif test -f /etc/SuSE-release then test -z "$verbose" || echo " SuSE system detected" DVER="Linux" rc_inst= rc_uinst= if test -d /sbin/init.d && test -d /sbin/init.d/rc2.d then test -z "$verbose" || echo " SuSE 6.x system detected" rc_main=${DESTDIR}/sbin/init.d rc_dirz=${DESTDIR}/sbin/init.d/rc elif test -d /etc/init.d && test -d /etc/init.d/rc2.d then test -z "$verbose" || echo " SuSE 7.x or newer detected" rc_main=${DESTDIR}/etc/init.d rc_dirz=${DESTDIR}/etc/init.d/rc else echo "${0}: unknown system" exit 1 fi elif test -d /sbin/init.d && test -d /sbin/init.d/rc2.d then DVER="Linux" rc_inst= rc_uinst= test -z "$verbose" || echo " SuSE 5.x system detected" rc_main=${DESTDIR}/sbin/init.d rc_dirz=${DESTDIR}/sbin/init.d/rc elif test -f /etc/debian_version then DVER="Linux" test -z "$verbose" || echo " Debian based system detected" if test x"$DESTDIR" = x then rc_main=/etc/init.d rc_dirz= rc_uinst="/usr/sbin/update-rc.d -f @install_name@ remove" rc_inst="/usr/sbin/update-rc.d @install_name@ defaults 99 10" else rc_inst= rc_uinst= rc_main=${DESTDIR}/etc/init.d # rc_dirz=${DESTDIR}/etc/rc rc_dirz= fi elif test -f /etc/redhat-release then DVER="Linux" test -z "$verbose" || echo " Redhat based system detected" rc_uinst= rc_inst= rc_main=${DESTDIR}/etc/rc.d/init.d rc_dirz=${DESTDIR}/etc/rc.d/rc elif test -f /etc/mandrake-release then DVER="Linux" test -z "$verbose" || echo " Mandrake based system detected" rc_uinst= rc_inst= rc_main=${DESTDIR}/etc/rc.d/init.d rc_dirz=${DESTDIR}/etc/rc.d/rc elif test -f /etc/yellowdog-release then DVER="Linux" test -z "$verbose" || echo " Yellow Dog based system detected" rc_uinst= rc_inst= rc_main=${DESTDIR}/etc/rc.d/init.d rc_dirz=${DESTDIR}/etc/rc.d/rc elif test -f /etc/slackware-version && test -f /etc/rc.d/rc.sysvinit then DVER="Linux" test -z "$verbose" || echo " Slackware based system detected" rc_uinst= rc_inst= rc_main=${DESTDIR}/etc/rc.d rc_dirz=${DESTDIR}/etc/rc.d/rc elif test -f /etc/gentoo-release then DVER="Gentoo" test -z "$verbose" || echo " Gentoo based system detected" rc_uinst="/sbin/rc-update del @install_name@" rc_inst="/sbin/rc-update add @install_name@ default" rc_main=${DESTDIR}/etc/init.d rc_dirz= else echo "${0}: unknown Linux distribution" rc_uinst= rc_inst= rc_main= rc_dirz= for ff in /etc/rc.d/init.d /etc/init.d /sbin/init.d; do if test -d $ff; then rc_main="$ff" break fi done for fg in /etc/rc.d/rc2.d /etc/rc2.d /sbin/init.d/rc2.d; do if test -d $fg; then rc_dirz="`echo $fg | sed -e 's,2.*,,'`" break fi done if [ x"${rc_dirz}" = x ]; then echo "${0}: no install directory for runlevel scripts found" exit 1 fi if [ x"${rc_main}" = x ]; then echo "${0}: no install directory for runlevel scripts found" exit 1 fi DVER="Linux" rc_main="${DESTDIR}${rc_main}" rc_dirz="${DESTDIR}${rc_dirz}" fi ;; *) echo "${0}: unsupported platform ${platform}" exit 1 ;; esac if test x"${rc_main}" = x then echo "${0}: no install directory for runlevel scripts found" exit 1 fi if test x"${act}" = xboot then startscript=NONE if test -f init/samhain.start${DVER} then startscript=`eval echo init/samhain.start${DVER}` elif test -f samhain.start${DVER} then startscript=`eval echo samhain.start${DVER}` else echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" exit 1 fi if test "x${startscript}" = xNONE; then echo "${0}: cannot find samhain.start${DVER} in ./ or ./init" exit 1 else if test -f ${rc_main}/${samhain} && test x"$force" != xyes then echo " ${rc_main}/${samhain} exists ... not overwritten (or use --force)" else if test x"$DESTDIR" = x then : else ${mkinstalldirs} ${rc_main} # if test x"${DVER_REAL}" = xSolaris; then ${mkinstalldirs} ${DESTDIR}/etc/rc0.d ${mkinstalldirs} ${DESTDIR}/etc/rc1.d ${mkinstalldirs} ${DESTDIR}/etc/rc3.d fi # fi test -z "$verbose" || echo " ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain}" if test -f "@INSTALL@"; then ${INSTALL_SHELL} ${startscript} ${rc_main}/${samhain} else cp ${startscript} ${rc_main}/${samhain} && chmod 0700 ${rc_main}/${samhain} fi fi fi if test x"${rc_dirz}" != x then for ff in $rlv do if test x"${DESTDIR}" = x then rldir="${rc_dirz}${ff}.d/" test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}" (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} S99${samhain}) test -z "$verbose" || echo " cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}" (cd ${rldir} && ln ${linkopt} ${rc_main}/${samhain} K10${samhain}) else : # ${mkinstalldirs} ${rc_dirz}${ff}.d fi done fi if test x"${rc_inst}" != x then if test x"${DESTDIR}" = x then test -z "$verbose" || echo " ${rc_inst}" eval ${rc_inst} fi fi echo "installing init scripts completed" fi if test x"${act}" = xuboot then if test x"${rc_uinst}" != x then test -z "$verbose" || echo " ${rc_uinst}" echo eval ${rc_uinst} fi if test x"${rc_dirz}" != x then for ff in $rlv do test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" rm -f ${rc_dirz}${ff}.d/S99${samhain} test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" rm -f ${rc_dirz}${ff}.d/K10${samhain} done fi test -z "$verbose" || echo " rm -f ${rc_main}/${samhain}" rm -f ${rc_main}/${samhain} echo " uninstalling init scripts completed" fi # boot_install|boot_uninstall completed exit 0 fi if test x"${act}" = xulkm then RVER=`uname -r` if test "x@sh_lkm@" != "x"; then if test -d /lib/modules/$RVER; then MODDIR="/lib/modules/$RVER" elif test -d /lib/modules/misc; then MODDIR="/lib/modules/misc" elif test -d /lib/modules; then MODDIR="/lib/modules/misc" fi # -- NEW -- ALLMODS="@sh_lkm@" for p in $ALLMODS; do test -z "$verbose" || echo " rm -f ${DESTDIR}${MODDIR}/`echo $p|sed ' s%samhain%@install_name@%'`" rm -f ${DESTDIR}${MODDIR}/`echo $p|sed 's%samhain%@install_name@%'` done fi fi if test x"${act}" = xuprogram then PROGRAMS="@setpwd_prg@ @stegin_prg@ @yulectl_prg@ @sh_main_prg@" for p in $PROGRAMS; do test -z "$verbose" || echo " rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`" rm -f ${DESTDIR}${sbindir}/`echo $p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'` done test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sbindir} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${sbindir} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi exit 0 fi if test x"${act}" = xuman then test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man8/@install_name@.8" rm -f ${DESTDIR}${mandir}/man8/@install_name@.8 test -z "$verbose" || echo " rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5" rm -f ${DESTDIR}${mandir}/man5/@install_name@rc.5 OLD_IFS=${IFS} IFS=':'; export IFS for ff in ${MANPATH}; do if test x"$ff/man8" = x"${DESTDIR}${mandir}/man8"; then echo " man directory ${DESTDIR}${mandir} is in your MANPATH" echo " -- will not try to remove" IFS=${OLD_IFS}; export IFS exit 0 fi done IFS=${OLD_IFS}; export IFS test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man8 ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${mandir}/man8 >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir}/man5 ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${mandir}/man5 >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mandir} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${mandir} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi exit 0 fi if test x"${act}" = xudata then test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%`" rm -f ${DESTDIR}`echo ${mydatafile}|sed s%REQ_FROM_SERVER%%` test -z "$verbose" || echo " rm -f ${DESTDIR}${pid_file}" rm -f ${DESTDIR}${pid_file} test -z "$verbose" || echo " rm -f ${DESTDIR}${mylogfile}" rm -f ${DESTDIR}${mylogfile} test -z "$verbose" || echo " rm -f ${DESTDIR}${myhtmlfile}" rm -f ${DESTDIR}${myhtmlfile} test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${pid_dir} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${pid_dir} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${mylogdir} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${mylogdir} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${data_root} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${data_root} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi if test -d /etc/logrotate.d; then if test -f /etc/logrotate.d/@install_name@; then test -z "$verbose" || echo $ECHO_N " rm -f /etc/logrotate.d/@install_name@ ... $ECHO_C" rm -f /etc/logrotate.d/@install_name@; if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed" fi fi fi if test x"$force" = "xyes" then test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` elif test x"$purge" = "xyes" then test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` elif test x"$express" = x; then echo " Do you want to remove the configuration file [y/n] ?" while [ "1" = "1" ]; do read ff case "$ff" in Y* | y* ) test -z "$verbose" || echo " rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%`" rm -f ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` break ;; N* | n* ) test -z "$verbose" || echo " ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` NOT removed" break ;; *) echo " Enter y[es] or n[o]" ;; esac done else test -z "$verbose" || echo " NOT REMOVED: config file ${DESTDIR}`echo ${configfile}|sed s%REQ_FROM_SERVER%%` (use --force to remove)" fi test -z "$verbose" || echo $ECHO_N " ${SH_RMDIR} ${DESTDIR}${sysconfdir} ... $ECHO_C" ${SH_RMDIR} ${DESTDIR}${sysconfdir} >/dev/null 2>&1 if test x$? = x0; then test -z "$verbose" || echo "${ECHO_T}done" else test -z "$verbose" || echo "${ECHO_T}failed (not empty ?)" fi exit 0 fi if test x"${act}" = xdata then STEGIN=@stegin_prg@ CONVERT= GPGPATH=@mygpg@ TARGETKEYID=@mykeyid@ KEYTAG=@mykeytag@ NTEST=@mytclient@ if test x"${NTEST}" = "x-DSH_WITH_SERVER" then RCFILE=yulerc if test -f $RCFILE then : else if test -f yulerc.template then cp yulerc.template $RCFILE fi fi else RCFILE=samhainrc IN_RCFILE=samhainrc.@selectconfig@ if test -f ${RCFILE} then : else if test -f ${IN_RCFILE} then test -z "$verbose" || echo " cp ${IN_RCFILE} ${RCFILE}" cp ${IN_RCFILE} ${RCFILE} fi fi fi if test -f $RCFILE then : else echo "${0}: cannot find configuration file $RCFILE" exit 1 fi if test x"${GPGPATH}" != x then echo echo "You need to sign the config file now" echo test -z "$verbose" || echo " ${GPGPATH} -a ${KEYTAG} ${TARGETKEYID} --clearsign $RCFILE" if test x"${NTEST}" = "x-DSH_WITH_SERVER" then myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${samhain}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" != x then DOT_GNUPG=`eval echo ~${samhain}/.gnupg` test -z "$verbose" || echo " using --homedir ${DOT_GNUPG}" ${GPGPATH} --homedir ${DOT_GNUPG} -a ${KEYTAG} ${TARGETKEYID} --clearsign $RCFILE else ${GPGPATH} -a ${KEYTAG} ${TARGETKEYID} --clearsign $RCFILE fi else ${GPGPATH} -a ${KEYTAG} ${TARGETKEYID} --clearsign $RCFILE fi if test -f ${RCFILE}.asc then test -z "$verbose" || echo " mv -f ${RCFILE}.asc samhainrc.pre" mv -f ${RCFILE}.asc samhainrc.pre else echo "**********************************************************" echo echo "${0}: ERROR: cannot find signed file ${RCFILE}.asc" echo echo " --- You need to sign the configuration file ---" echo echo "**********************************************************" cp ${RCFILE} samhainrc.pre fi else test -z "$verbose" || echo " cp $RCFILE samhainrc.pre" cp $RCFILE samhainrc.pre fi if test x"${STEGIN}" != x then test -z "$verbose" || echo " searching for ImageMagick convert utility" OPATH=${PATH} PATH="/usr/local/bin:/usr/X11R6/bin:"${PATH} OIFS=${IFS} IFS=":" for dd in ${PATH} do if test -f "${dd}/convert" then "${dd}/convert" --help | grep ImageMagick >/dev/null 2>&1 && \ CONVERT="${dd}/convert" test -z "$verbose" || echo " CONVERT=${dd}/convert" fi done IFS=${OIFS} if test -f stealth_template.ps then PATH=${OPATH} else if test x"${CONVERT}" = x then echo "${0}: cannot find ImageMagick convert utility in PATH=${PATH}" exit 1 fi PATH=${OPATH} if test -f stealth_template.jpg then test -z "$verbose" || echo " ${CONVERT} +compress stealth_template.jpg stealth_template.ps" "${CONVERT}" +compress stealth_template.jpg stealth_template.ps else echo "${0}: cannot find file stealth_template.jpg" exit 1 fi fi if test -f stealth_template.ps then : else echo "${0}: file stealth_template.ps not created" exit 1 fi if test -f samhainrc.pre then : else echo "${0}: cannot find configuration file samhainrc.pre" exit 1 fi if test -f ./samhain_stealth then : else echo "${0}: cannot find utility ./samhain_stealth" exit 1 fi ccount=`./samhain_stealth -o samhainrc.pre 2>&1 | awk '{ print $1 }'` mcount=`./samhain_stealth -i stealth_template.ps 2>&1 | awk '{ print $7 }'` if test ${mcount} -lt ${ccount} then echo "${0}: configuration file samhainrc too big," echo " need a larger image stealth_template.jpg to store" exit 1 fi test -z "$verbose" || echo " ./samhain_stealth -s stealth_template.ps samhainrc.pre" ./samhain_stealth -s stealth_template.ps samhainrc.pre test -z "$verbose" || echo " mv -f stealth_template.ps samhainrc.install" mv -f stealth_template.ps samhainrc.install else test -z "$verbose" || echo " mv -f samhainrc.pre samhainrc.install" mv -f samhainrc.pre samhainrc.install fi tmp_configfile=`echo ${configfile} | sed 's%^REQ_FROM_SERVER%%'` if test x"${tmp_configfile}" = x then echo " No local configfile to install." exit 0 fi if test -f ${DESTDIR}${tmp_configfile} && test x"$force" = x then echo " ${DESTDIR}${tmp_configfile} exists ... not overwritten (or use --force)" else test -z "$verbose" || echo " ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile}" ${INSTALL_DATA} samhainrc.install ${DESTDIR}${tmp_configfile} fi if test x"${NTEST}" = "x-DSH_WITH_SERVER" then test -z "$verbose" || echo " chown @myident@ ${DESTDIR}${tmp_configfile}" chown @myident@ ${DESTDIR}${tmp_configfile} fi # # Changed: don't check if DESTDIR is set, as these are not # the true install locations anyway # if test -f trustfile && test x"${DESTDIR}" = x then test -z "$verbose" || echo " checking whether paths are trustworthy" RESULT=`./trustfile ${DESTDIR}${tmp_configfile} 2>&1` if test x$? != x0 then echo ./trustfile ${DESTDIR}${tmp_configfile} echo else test -z "$verbose" || echo " configuration file ${DESTDIR}${tmp_configfile} ... OK" fi RESULT=`./trustfile ${DESTDIR}${pid_dir} >/dev/null 2>&1` if test x$? != x0 then echo ./trustfile ${DESTDIR}${pid_dir} echo else test -z "$verbose" || echo " state directory ${DESTDIR}${pid_dir} ... OK" fi RESULT=`./trustfile ${DESTDIR}${mylogdir} >/dev/null 2>&1` if test x$? != x0 then echo ./trustfile ${DESTDIR}${mylogdir} echo else test -z "$verbose" || echo " state directory ${DESTDIR}${mylogdir} ... OK" fi RESULT=`./trustfile ${DESTDIR}${data_root} >/dev/null 2>&1` if test x$? != x0 then echo ./trustfile ${DESTDIR}${data_root} echo else test -z "$verbose" || echo " data directory ${DESTDIR}${data_root} ... OK" fi fi # install_data exit 0 fi samhain-3.1.0/COPYING0000644000175000017500000003707611137357604011133 00000000000000 SAMHAIN distributed host monitoring system ------------------------------------------ Copyright (C) 1999-2009 Rainer Wichmann This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA Incorporated code ----------------- (i) Support for the TIGER cryptographic checksum algorithm is provided by the reference implementation, which includes the following statement: * Tiger: A Fast New Hash Function * * Ross Anderson and Eli Biham * * Tiger has no usage restrictions nor patents. It can be used freely, * with the reference implementation, * with other implementations or with * a modification to the reference implementation (as long as it still * implements Tiger). We only ask you to let us know about your * implementation and to cite the origin of Tiger and of the reference * implementation. * * The authors' home pages can be found both in * http://www.cs.technion.ac.il/~biham/ and in * http://www.cl.cam.ac.uk/users/rja14/. * The authors' email addresses are biham@cs.technion.ac.il * and rja14@cl.cam.ac.uk. (ii) Support for testing write access by untrusted users to any element in the path of a file is provided by the public domain trustfile library, which includes the following statement: * Author information: * Matt Bishop * Department of Computer Science * University of California at Davis * Davis, CA 95616-8562 * phone (916) 752-8060 * email bishop@cs.ucdavis.edu * * This code is placed in the public domain. I do ask that * you keep my name associated with it, that you not represent * it as written by you, and that you preserve these comments. * This software is provided "as is" and without any guarantees * of any sort. (iii) Support for big integer arithmetic is provided by the bignum package (v. 1.2) by Henrik.Johansson@Nexus.Comm.SE, which includes the following statement: * Everyone is allowed to distribute this package to anyone * else, as long as all changes are recorded and mentioned. * If you are including this in a commercial product, be sure * to distribute _all_ of the package with the product. * * (...writing more stuff here later, but I guess everyone * knows the approximate contents of it - no warranty, no * charge, and so on. I guess it is like the GNU concept. * Read that for further details...) (iv) Support for compression is provided by the (mini) LZO library, which includes the following statement: * Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer * Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer * Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer * Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer * * The LZO library is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. * * The LZO library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with the LZO library; see the file COPYING. * If not, write to the Free Software Foundation, Inc., * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * * Markus F.X.J. Oberhumer * * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html (v) Support for determining the type of a file system is provided by code from the GNU find(1) utility which includes the following statement: /* fstype.c -- determine type of filesystems that files are on Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ /* Written by David MacKenzie . */ (vi) Support for the MD5 hash algorithm is provided by code from busybox which is distributed under the GPL. /* md5.c - Functions to compute MD5 message digest of files or memory blocks * according to the definition of MD5 in RFC 1321 from April 1992. * Copyright (C) 1995, 1996 Free Software Foundation, Inc. * * NOTE: The canonical source of this file is maintained with the GNU C * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2, or (at your option) any * later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ /* Written by Ulrich Drepper , 1995. */ (vi) Support for the SHA-1 hash algorithm is provided by code from mhash which includes the following statement: /* sha.c - Implementation of the Secure Hash Algorithm * * Copyright (C) 1995, A.M. Kuchling * * Distribute and use freely; there are no restrictions on further * dissemination and usage except those imposed by the laws of your * country of residence. * * Adapted to pike and some cleanup by Niels Möller. */ /* $Id: sha1.c,v 1.2 2001/01/24 08:20:29 nmav Exp $ */ /* SHA: NIST's Secure Hash Algorithm */ /* Based on SHA code originally posted to sci.crypt by Peter Gutmann in message <30ajo5$oe8@ccu2.auckland.ac.nz>. Modified to test for endianness on creation of SHA objects by AMK. Also, the original specification of SHA was found to have a weakness by NSA/NIST. This code implements the fixed version of SHA. */ (vii) Support for AVL Trees is provided by code from AVLTree which includes the following statement: /* zAVLTree.h: Header file for zAVLTrees. * Copyright (C) 1998,2001 Michael H. Buselli * This is version 0.1.3 (alpha). * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library General Public License for more details. * * You should have received a copy of the GNU Library General Public * License along with this library; if not, write to the Free * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * * The author of this library can be reached at the following address: * Michael H. Buselli * 30051 N. Waukegan Rd. Apt. 103 * Lake Bluff, IL 60044-5412 * * Or you can send email to . * The official web page for this product is: * http://www.cosine.org/project/AVLTree/ */ (viii) The modules sh_userfiles.c and sh_mounts.c have been contributed by Eircom Net Computer Incident Response Team and are authored by Jerry Connolly and Cian Synnott, respectively. They are released under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version: "Feel free to GPL those files - they were fully released by our company to the project. Cian -- Cian Synnott Eircom Net Computer Incident Response Team" (ix) Enhanced functionality for the SUID check has been contributed with a patch copyright by Rob Rati . The patch is licensed under the GPL with the following statement: "Here is the patch with the aforementioned feature enhancements, and I license all changes within this patch under the GNU Public License (GPL) GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version." (x) Unit testing uses the 'cutest' framework by Asim Jalis, (files CuTest.h, CuTest.c, make-tests.sh) which is licensed under the zlib license: * Copyright (c) 2003 Asim Jalis * * This software is provided 'as-is', without any express or implied * warranty. In no event will the authors be held liable for any damages * arising from the use of this software. * * Permission is granted to anyone to use this software for any purpose, * including commercial applications, and to alter it and redistribute it * freely, subject to the following restrictions: * * 1. The origin of this software must not be misrepresented; you must not * claim that you wrote the original software. If you use this software in * a product, an acknowledgment in the product documentation would be * appreciated but is not required. * * 2. Altered source versions must be plainly marked as such, and must not * be misrepresented as being the original software. * * 3. This notice may not be removed or altered from any source * distribution. (xi) The dnmalloc library used by samhain is Copyright (C) 2005, Yves Younan, Wouter Joosen and Frank Piessens, and licensed under the LGPL: * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Other ----- Depending on the compilation options used, samhain may use the SRP authentication algorithm (in an independent implementation, without any use of code from the SRP software). The original SRP software contains the following license statement: The SRP License --------------- SRP and all related technologies are free for both commercial and non-commercial use. They are distributed under a standard X11-style Open Source license which is shown below. The SRP distribution contains parts from various freeware packages; these parts fall under both the SRP Open Source license and any existing licenses. Care has been taken to ensure that these licenses are compatible with Open Source distribution, but it is the responsibility of the licensee to comply with these licenses. The file "Copyrights" contains a list of the copyrights incorporated by portions of the software. This software is covered under the following copyright: /* * Copyright (c) 1997-1999 The Stanford SRP Authentication Project * All Rights Reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * In addition, the following conditions apply: * * 1. Any software that incorporates the SRP authentication technology * must display the following acknowlegment: * "This product uses the 'Secure Remote Password' cryptographic * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." * * 2. Any software that incorporates all or part of the SRP distribution * itself must also display the following acknowledgment: * "This product includes software developed by Tom Wu and Eugene * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." * * 3. Redistributions in source or binary form must retain an intact copy * of this copyright notice and list of conditions. */ samhain-3.1.0/stealth_template.jpg0000644000175000017500000001625710132006064014120 00000000000000JFIFGGCreated with The GIMPC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222"<!1"AQaq#23BRb$r4c*!1A"Qa2#3q ?<(+1Iܦ{}wNW3IsWS_n>:fKyY)g4fTn`*ţis*\KH{U쭒oް!:aP9`V w~OW^ԯD{|[zKNYibG'!CʭXE&[VAQ|S؏TFMW6B; ?O'^#qkm&h4xm,Oh듂3G}*ۖo|u2MҊ|m-4z1(ٕgLܜa&\#0EYmT?9֊ncTļϭ]t(@xqL AӍ\ʔ^gGkf3$kZQ+ yXC^pO=˔J*aRJJ*1J*EJ*=% qRV@NEQ[@D9U#Sb7w|VL#ԧ̠ղ ` .hmXýyi{`(I5>$"ZFpy,N?+m/2yfOwʬ]B΋SȺ2tLP]B$Ք;QhTeUD[ Hil0yٮYh.ʤhiTat}=gȑr 䌏qnǁ=x멾dQxɪ3rzx50jr {P7>k'G$3(`<{42f[ \֛MHJ 3WF+If%7U~_Wdh#\~mb]_$Nq)S=0ic`D<S]; :Lr7-Fc=TCwv1EtUĩsgmW}Ю[?ky<נiMT=WbJt!RJJ*bXtTRc&*jJhFOd,YB8+zPTu'f;=0yk)9὏J=Ò*6z3YwxiHHHOү]co^IsB8U7zۯ {t4X4]:++e,ǫԶ[zmB"Ut4p5:{xV"rhi.չ'$W$޵v{3çyOΠOhQ;~>uovɭ*uB2]-%R3,>曓[wupL Rߕ/YJZ΍;c>/#Ϊ٨7>Evò2sG./ƳU-'J\5z:3gLgubD12[dWqG4=4裸PQ..NI clcqxhoiؒO+.x3vU9kN|~B!QԒx֎'_jk>OVdfM{tz55,`Ti"I}q.ckltɨ#T$zc Lp[cdGgi#8jG zO`mc~irC[5WP>) Iɩypÿ,jY3ޜ$prWx{w ,N0˸ig8it|?,ks)NgXҧqmȸI]jtb;ynjB^>GVk+Yؖxt*!:ȶȋ㲺HF+#Nbm9կ61'MUgXc%e(cPp1mWzۮ ;<- N9(ԞW4EǷY r $Wh02mi-=kCvt2sRR{i f7l⍱cghm :GBLLQXBnrp~*Rxzy`̊ ɢ1GP@c4W4S*ܘ^{3ce1[gUw6y ¼@gԞi>g;8=p Y6i12˜x)5̞( sVK7xe\xUMvQE,FCÒ<֗}6^T%ƕm0|`mn%qTRοB-ubW/YdePC+{MlO5f8.cb,z3!Ǯ+p@d>kLr/lqRsXt*zKW4#޾`VAEaۖڜ`ezht-I&F<>ǃJ>,N98#I UDQ;A#wUn7͚٣ή-hTSX=ƣoYdQ I3N[7s&8JڃI)]`t⛹$DZ3Ango&<򇡦.P;hݗ״Պ+xaXacW$H퓌\1Ƥ>ݦ-\HCD_R*ˏ y3 :pW| zs=s]keS=zoT.dy @'VәmR١tAuΊ[$q 94UT dXԜ,G%-_@ #[Lл?Q(V6ܶee'[jVoQѷ[ W`==j\@OG!h%R)"][ml/qQf |!%f+5&݃d&6i<]|rlX85kL$SFsVy&Enyv&T󫜶 Y3.6'bS*qZ^b9:k6Gk}FpÐhdvFarC⤥(,ܩ^OpjI2Z>-2C 7j$]ϗ>ړ1M"Fyxzc2"6(ۓ([MfQF6OR(?Zk3ݏ1>Oj8O3kx废lJ]| dYv}QMSd`D r}8XnȒA<ƞ.-$I'GW=CRl`iwY,X5n$ew_=c[:ЄJߴX;m |hyUCYt[Zm6xed\GG["" UƷnQNZ5hHqCɤ˷>՛cYtm XH²0@w_UJFصGCzbd$StK[ JnQ"2!|8GQ?!S YArq_k)cw)2ipuZߜ['tFs5`UojVG.6v1M1w= J*/+.%|P[rGYfB T͌!XmS8r,PMi #/ڬ!(wkܥC~W8/v/^ j&(U D{ 4]+_U>$%d%驭 nէRŚ+V ΅pA8#_1+\lRKCI<K9)mJ9kTޤw^. (Օzz?[ ]X]9zO`r*eusB5%˟ % |*n+_=Ca^ej*Ȯe%t'C2 Ѿ+\/^U'%aW1v~ |[98SSk7, ./sstrip echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip if ! test x$(PASSWORD) = x; then \ if test -f samhain_setpwd; then \ ./samhain_setpwd samhain new $(PASSWORD); \ rm samhain; \ mv samhain.new samhain; \ fi; \ fi touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp -[ -f Makefile ] && $(MAKE) distclean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # Fix the permissions #chmod o-rX `pwd`/debian/tmp/var/log/samhain \ # `pwd`/debian/tmp/var/run/samhain \ # `pwd`/debian/tmp/var/state/samhain \ # `pwd`/debian/tmp/etc/samhain # $(MAKE) install install-boot DESTDIR=`pwd`/debian/tmp $(MAKE) install install-boot DESTDIR=`pwd`/debian/@install_name@ # However, remove the rc.d links -rm -rf `pwd`/debian/tmp/etc/rc?.d # install -m 755 encode `pwd`/debian/tmp/usr/bin/samhain_encode # install -m 644 profiles/debianlinux_i386/samhainrc `pwd`/debian/tmp@myconffile@ # install -m 644 debian/samhain.logrotate `pwd`/debian/tmp/etc/logrotate.d/samhain # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install # dh_testversion dh_testdir dh_testroot dh_installdebconf dh_installdocs [ -f debian/@install_name@/usr/share/doc/@install_name@/MANUAL-2_3.html.tar ] && \ cd debian/@install_name@/usr/share/doc/@install_name@ && \ tar xf MANUAL-2_3.html.tar && mv MANUAL-2_3 manual.html && \ rm -f MANUAL-2_3.html.tar && \ mv MANUAL-2_3.pdf manual.pdf dh_installexamples @top_srcdir@/scripts/example_pager.pl \ @top_srcdir@/scripts/example_sms.pl \ @top_srcdir@/scripts/concat.pl \ @top_srcdir@/scripts/samhain.logrotator \ @top_srcdir@/scripts/samhainadmin.pl \ @top_srcdir@/scripts/check_samhain.pl \ @top_srcdir@/yulerc.template \ @top_srcdir@/samhainrc.linux dh_installmenu dh_installinit -- defaults 19 [ -f debian/@install_name@.postinst.debhelper ] && \ cd debian && \ cat @install_name@.postinst.debhelper | \ sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ mv postinst.tmp @install_name@.postinst.debhelper [ -f debian/@install_name@.postinst.debhelper ] && \ cd debian && \ cat @install_name@.postinst.debhelper | \ sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ mv postinst.tmp @install_name@.postinst.debhelper [ -f debian/@install_name@.prerm.debhelper ] && \ cd debian && \ cat @install_name@.prerm.debhelper | \ sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ mv prerm.tmp @install_name@.prerm.debhelper [ -f debian/@install_name@.prerm.debhelper ] && \ cd debian && \ cat @install_name@.prerm.debhelper | \ sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ mv prerm.tmp @install_name@.prerm.debhelper # dh_installmanpages dh_installchangelogs @top_srcdir@/docs/Changelog dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb define checkdir test -f debian/rules endef binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install samhain-3.1.0/install-sh0000755000175000017500000001272010132006064012052 00000000000000#!/bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 samhain-3.1.0/man/0000755000175000017500000000000010777701121010712 500000000000000samhain-3.1.0/man/samhain.80000644000175000017500000005100510777701015012346 00000000000000.TH SAMHAIN 8 "07 August 2004" "" "Samhain manual" .SH NAME samhain \- check file integrity .SH SYNOPSIS .SS "INITIALIZING, UPDATING, AND CHECKING" .PP .B samhain { .I \-t init|\-\-set\-checksum\-test=init } [\-\-init2stdout] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] .B samhain { .I \-t update|\-\-set\-checksum\-test=update } [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH|\-\-recursion=DEPTH] [log-options] .B samhain { .I \-t check|\-\-set\-checksum\-test=check } [\-D | \-\-daemon | \-\-foreground] [\-\-forever] [\-r DEPTH,\-\-recursion=DEPTH] [log-options] .SS "LISTING THE DATABASE" .PP .B samhain [\-a | \-\-full\-detail] [\-\-delimited] \-d .IR file | .RI \-\-list\-database= file .SS "VERIFYING AN AUDIT TRAIL" .PP .B samhain [\-j | \-\-just\-list] \-L .IR logfile | .RI \-\-verify\-log= logfile .B samhain \-M .IR mailbox | .RI \-\-verify\-mail= mailbox .SS "MISCELLANEOUS" .PP .B samhain .RI \-\-server\-port= portnumber .B samhain \-H .I string | .RI \-\-hash\-string= string .B samhain \-c | \-\-copyright .B samhain \-v | \-\-version .B samhain \-h | \-\-help .B samhain \-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable .SS "SERVER STARTUP" .PP .B yule [\-q | \-\-qualified] [ .RI \-\-chroot= chrootdir ] [\-D | \-\-daemon | \-\-foreground] [log-options] .SS "SERVER MISCELLANEOUS" .PP .B yule [\-P .I password | .RI \-\-password= password ] .B yule [\-G | \-\-gen-password] .SS "LOG OPTIONS" .PP [\-s .I threshold | .RI \-\-set\-syslog\-severity= threshold ] [\-l .I threshold | .RI \-\-set\-log\-severity= threshold ] [\-m .I threshold | .RI \-\-set\-mail\-severity= threshold ] [\-e .I threshold | .RI \-\-set\-export\-severity= threshold ] [\-p .I threshold | .RI \-\-set\-print\-severity= threshold ] [\-x .I threshold | .RI \-\-set\-external\-severity= threshold ] [ .RI \-\-set\-prelude\-severity= threshold ] [ .RI \-\-set\-database\-severity= threshold ] [ .RI \-\-enable\-trace ] [ .RI \-\-trace\-logfile= tracefile ] .SH WARNING .PP The information in this man page is not always up to date. The authoritative documentation is the user manual. .SH DESCRIPTION .PP .B samhain is a file integrity / intrusion detection system both for single hosts and networks. It consists of a monitoring application .RB ( samhain ) running on individual hosts, and (optionally) a central log server .RB ( yule ). Currently, samhain can monitor the integrity of files/directories, and (optionally) also check for kernel rootkits (Linux and FreeBSD only), search the disk for SUID/SGID, and watch for login/logout events. .PP .B samhain/yule can log by email, to a tamper-resistant, signed log file, to syslog, to the Prelude IDS, to a MySQL/PostgreSQL/Oracle database, and/or to stdout .RI ( /dev/console if run as daemon). .B samhain/yule can run as a daemon, and can use a time server instead of the host's system clock. Most of the functionality is defined by a configuration file that is read at startup. .PP Most options of these usually would be set in the configuration file. Options given on the command line will override those in the configuration file. .SS "OPTIONS FOR INITIALIZING, UPDATING, AND CHECKING" .PP .B samhain .I "\-t init, \-\-set\-checksum-test=init" .RI [ options ] Initialize the database of file signatures. The path to the database is compiled in, and initializing will .B append to the respective file (or create it, if it does not exist). .B "It is ok to append to e.g. a JPEG image, but it is an error" .B "to append to an already existing file signature database." .PP .TP [\-\-init2stdout] Write the database to stdout. .TP [\-r DEPTH|\-\-recursion=DEPTH] Set the (global) recursion depth. .PP .B samhain .I "\-t update, \-\-set\-checksum-test=update" .RI [ options ] Update the database of file signatures. The path to the database is compiled in, and updating will .B overwrite the database, starting from the start of the database (which may not be identical to the start of the file \- see above). .PP .TP [\-r DEPTH|\-\-recursion=DEPTH] Set the (global) recursion depth. .TP [\-D|\-\-daemon] Run as daemon. File checks are performed as specified by the timing options in the configuration file. Updates are saved after each file check. .TP [\-\-foreground] Run in the foreground. This will cause samhain to exit after the update, unless the option .I "\-\-forever" is used. .TP [\-\-forever] If not running as daemon, do not exit after finishing the update, but loop forever, and perform checks with corresponding database updates according to the timing options in the configuration file. .PP .B samhain .I "\-t check, \-\-set\-checksum-test=check" .RI [ options ] Check the filesystem against the database of file signatures. The path to the database is compiled in. .PP .TP [\-r DEPTH|\-\-recursion=DEPTH] Set the (global) recursion depth. .TP [\-D|\-\-daemon] Run as daemon. File checks are performed as specified by the timing options in the configuration file. .TP [\-\-foreground] Run in the foreground. This will cause samhain to exit after the file check, unless the option .I "\-\-forever" is used. .TP [\-\-forever] If not running as daemon, do not exit after finishing the check, but loop forever, and perform checks according to the timing options in the configuration file. .SS "OPTIONS FOR LISTING THE DATABASE" .PP .B samhain [\-a | \-\-full\-detail] [\-\-delimited] \-d .IR file | .RI \-\-list\-database= file List the entries in the file signature database in a .B ls \-l like format. .PP .TP [\-a | \-\-full\-detail] List all informations for each file, not only those you would get with ls \-l. Must precede the \-d option. .TP [\-\-delimited] List all informations for each file, in a comma-separated format. Must precede the \-d option. .TP .RI [\-\-list\-file= file ] List the literal content of the given file as stored in the database. Content is not stored by default, must be enabled in the runtime configuration file. Must precede the \-d option. .SS "OPTIONS TO VERIFY AN AUDIT TRAIL" .PP These options will only work, if the executable used for verifying the audit trail is compiled with the same \-\-enable\-base=... option as the executable of the reporting process. .B samhain [\-j | \-\-just\-list] \-L .IR logfile | .RI \-\-verify\-log= logfile Verify the integrity of a signed logfile. The signing key is auto\-generated on startup, and sent by email. .B samhain will ask for the key. Instead of entering the key, you can also enter the path to the mailbox holding the respective email message. .PP .TP [\-j | \-\-just\-list] Just list the logfile, do not verify it. This option must come .BR first . It is mainly intended for listing the content of an obfuscated logfile, if .B samhain is compiled with the .B stealth option. .B samhain \-M .IR mailbox | .RI \-\-verify\-mail= mailbox Verify the integrity of the email reports from samhain. All reports must be in the same file. .SS "MISCELLANEOUS OPTIONS" .PP .B samhain .RI \-\-server\-port= portnumber Choose the port on the server host to which the client will connect. .B samhain \-H .I string | .RI \-\-hash\-string= string Compute the TIGER192 checksum of a string. If the string starts with a '/', it is considered as a pathname, and the checksum of the corresponding file will be computed. .B samhain \-c | \-\-copyright Print the copyright statement. .B samhain \-v | \-\-version Show version and compiled-in options. .B samhain \-h | \-\-help Print supported command line options (depending on compilation options). .B samhain \-V key@/path/to/executable | \-\-add\-key=key@/path/to/executable See the section "SECURITY" below. .SS "SERVER STARTUP OPTIONS" .PP .B yule [\-q | \-\-qualified] [ .RI \-\-chroot= chrootdir ] [\-D | \-\-daemon | \-\-foreground] [log-options] Start the server, which is named .B yule by default. If the server is started with superuser privileges, it will drop them after startup. .PP .TP [\-q | \-\-qualified] Log client hostnames with fully qualified path. The default is to log only the leftmost domain label (i.e. the hostname). .TP [ .RI \-\-chroot= chrootdir ] Chroot to the listed directory after startup. .TP [\-D | \-\-daemon] Run as daemon. .TP [\-\-foreground] Run in the foreground. .SS "MISCELLANEOUS SERVER OPTIONS" .PP .B yule [\-G | \-\-gen-password] Generate a random 8\-byte password and print it out in hexadecimal notation. .B yule [\-P .I password | .RI \-\-password= password ] Use the given .I password and generate an entry suitable for the [Clients] section of the configuration file. .SS "LOGGING OPTIONS" .PP Depending on the compilation options, some logging facilities may not be available in your executable. .PP .TP .I "\-s threshold, \-\-set\-syslog\-severity=threshold" Set the threshold for logging events via syslogd(8). Possible values are .IR debug , .IR info , .IR notice , .IR warn , .IR mark , .IR err , .IR crit , .IR alert , and .IR none . By default, everything equal to and above the threshold will be logged. Time stamps have the priority .IR warn , system\-level errors have the priority .IR err , and important start\-up messages the priority .IR alert . The signature key for the log file will never be logged to syslog or the log file itself. .TP .I "\-l threshold, \-\-set\-log\-severity=threshold" Set the threshold for logging events to the log file. .TP .I "\-m threshold, \-\-set\-mail\-severity=threshold" Set the threshold for logging events via e\-mail. .TP .I "\-e threshold, \-\-set\-export\-severity=threshold" Set the threshold for forwarding events via TCP to a log server. .TP .I "\-x threshold, \-\-set\-extern\-severity=threshold" Set the threshold for calling external logging programs/scripts (if any are defined in the configuration file). .TP .I "\-p threshold, \-\-set\-print\-severity=threshold" Set the threshold for logging events to stdout. If .B samhain runs as a daemon, this is redirected to /dev/console. .TP .I "\-\-set\-prelude\-severity=threshold" Set the threshold for logging events to the Prelude IDS. .TP .I "\-\-set\-database\-severity=threshold" Set the threshold for logging events to the MySQL/PostgreSQL/Oracle database. .SH SIGNALS .TP .I SIGUSR1 Switch on/off maximum verbosity for console output. .TP .I SIGUSR2 Suspend/continue the process, and (on suspend) send a message to the server. This message has the same priority as timestamps. This signal allows to run .I samhain -t init -e none on the client to regenerate the database, with download of the configuration file from the server, while the daemon is suspended (normally you would get errors because of concurrent access to the server by two processes from the .IR "same host" ")." .TP .I SIGHUP Reread the configuration file. .TP .I SIGTERM Terminate. .TP .I SIGQUIT Terminate after processing all pending requests from clients. .TP .I SIGABRT Unlock the log file, pause for three seconds, then proceed, eventually re-locking the log file and starting a fresh audit trail on next access. .TP .I SIGTTOU Force a file check (only client/standalone, and only in daemon mode). .SH DATABASE The database (default name .IR samhain_file ) is a binary file, which can be created or updated using the .B \-t .I init or the .B \-t .I update option. If you use .B \-t .IR init , you need to .I remove the old database first, otherwise the new version will be .I appended to the old one. The file may be (clear text) signed by PGP/GnuPG. .br It is recommended to use GnuPG with the options .B gpg .I -a --clearsign --not-dash-escaped .br .B samhain will check the signature, if compiled with support for that. .PP At startup .B samhain will compute the checksum of the database, and verify it for each further access. This checksum is not stored on disk (i.e. is lost after program termination), as there is no secure way to store it. .SH LOG FILE .PP Each entry in the log file has the format .BR "Severity : [Timestamp] Message" , where the timestamp may be obtained from a time server rather than from the system clock, if .B samhain has been compiled with support for this. Each entry is followed by a .IR signature , which is computed as .BR "Hash(Entry Key_N)" , and .B Key_N is computed as .BR "Hash(Key_N\-1)" , i.e. only knowledge of the first signature key in this chain allows to verify the integrity of the log file. This first key is autogenerated and e\-mailed to the designated recipient. .PP The default name of the log file is .IR samhain_log . To prevent multiple instances of .B samhain from writing to the same log file, the log file is locked by creating a .IR "lock file" , which is normally deleted at program termination. The default name of the .I "lock file" is .IR samhain.lock . If .B samhain is terminated abnormally, i.e. with kill \-9, a stale lock file might remain, but usually .B samhain will be able to recognize that and remove the stale lock file on the next startup. .PP .SH EMAIL .PP E\-mails are sent (using built-in SMTP code) to one recipient only. The subject line contains timestamp and hostname, which are repeated in the message body. The body of the mail contains a line with a .I signature similar to that in the log file, computed from the message and a key. The key is iterated by a hash chain, and the initial key is revealed in the first email sent. Obviously, you have to believe that this first e\-mail is authentical ... .PP .SH CLIENT/SERVER USAGE .PP To monitor several machines, and collecting data by a central log server, .B samhain may be compiled as a client/server application. The log server .RB ( yule ) will accept connection requests from registered clients only. With each client, the server will first engage in a challenge/response protocol for .I authentication of the client and .I establishing a .IR "session key" . .PP This protocol requires on the client side a .IR "password" , and on the server side a .IR "verifier" that is computed from the .IR "password" . .PP To .I register a client, simply do the following: .br First, with the included utility program .B samhain_setpwd re\-set the compiled\-in default password of the client executable to your preferred value (with no option, a short usage help is printed). To allow for non-printable chars, the new value must be given as a 16\-digit hexadecimal string (only 0123456789ABCDEF in string), corresponding to an 8-byte password. .br Second, after re\-setting the password in the client executable, you can use the server's convenience function .B yule .B \-P .I password that will take as input the (16\-digit hex) password, compute the corresponding verifier, and outputs a default configuration file entry to register the client. .br Third, in the configuration file for the server, under the [Clients] section, enter the suggested registration entry of the form .IR "Client=hostname@salt@verifier" , where .I hostname must be the (fully qualified) hostname of the machine on which the client will run. .B "Don't forget to reload the server configuration thereafter." .PP If a connection attempt is made, the server will lookup the entry for the connecting host, and use the corresponding value for the .I verifier to engage in the session key exchange. Failure to verify the client's response(s) will result in aborting the connection. .PP .SH STEALTH .PP .B samhain may be compiled with support for a .I stealth mode of operation, meaning that the program can be run without any obvious trace of its presence on disk. The supplied facilities are simple - they are more sophisticated than just running the program under a different name, and might thwart efforts using 'standard' Unix commands, but they will not resist a search using dedicated utilities. .PP In this mode, the runtime executable will hold no printable strings, and the configuration file is expected to be a postscript file with .I uncompressed image data, wherein the configuration data are hidden by steganography. To create such a file from an existing image, you may use e.g. the program .BR convert (1), which is part of the .BR ImageMagick (1) package, such as: .B "convert +compress" .IR "ima.jpg ima.ps" . .PP To hide/extract the configuration data within/from the postscript file, a utility program .B samhain_stealth is provided. Use it without options to get help. .PP Database and log file may be e.g. existing image files, to which data are appended, xor'ed with some constant to mask them as binary data. .PP The user is responsible by herself for re-naming the compiled executable(s) to unsuspicious names, and choosing (at compile time) likewise unsuspicious names for config file, database, and log (+lock) file. .PP .SH SECURITY .PP For security reasons, .B samhain will not write log or data files in a directory, remove the lock file, or read the configuration file, if any element in the path is owned or writeable by an untrusted user (including group-writeable files with untrusted users in the group, and world-writeable files). .br .I root and the .I effective user are always trusted. You can add more users in the configuration file. .PP Using a .I "numerical host address" in the e\-mail address is more secure than using the hostname (does not require DNS lookup). .PP If you use a .I precompiled .B samhain executable (e.g. from a binary distribution), in principle a prospective intruder could easily obtain a copy of the executable and analyze it in advance. This will enable her/him to generate fake audit trails and/or generate a trojan for this particular binary distribution. .br For this reason, it is possible for the user to add more key material into the binary executable. This is done with the command: .PP .BI "samhain " \-\-add\-key=key@/path/to/executable .PP This will read the file .I /path/to/executable, add the key .I key, which should not contain a '@' (because it has a special meaning, separating key from path), overwrite any key previously set by this command, and write the new binary to the location .I /path/to/executable.out (i.e. with .out appended). You should then copy the new binary to the location of the old one (i.e. overwrite the old one). .PP .B Note that using a precompiled samhain executable from a binary .B package distribution is not recommended unless you add in key material as .B described here. .PP .SH NOTES .PP For initializing the key(s), .I "/dev/random" is used, if available. This is a device supplying cryptographically strong (non-deterministic) random noise. Because it is slow, .B samhain might appear to hang at startup. Doing some random things (performing rain dances, spilling coffee, hunting the mouse) might speed up things. If you do not have .IR "/dev/random" , lots of statistics from .BR vmstat (8) and the like will be pooled and mixed by a hash function. .PP Some hosts might check whether the sender of the mail is valid. Use only .I "login names" for the sender. .br For sending mails, you may need to set a relay host for the sender domain in the configuration file. .PP .SH BUGS .PP Whoever has the original signature key may change the log file and send fake e\-mails. The signature keys are e\-mailed at program startup with a one\-time pad encryption. This should be safe against an eavesdropper on the network, but not against someone with read access to the binary, .I if she has caught the e\-mail. .PP .SH FILES .PP .I /etc/samhainrc .br .I /usr/local/man/man8/samhain.8 .br .I /usr/local/man/man5/samhainrc.5 .br .I /var/log/samhain_log .br .I /var/lib/samhain/samhain_file .br .I /var/lib/samhain/samhain.html .br .I /var/run/samhain.pid .SH SEE ALSO .PP .BR samhainrc (5) .SH AUTHOR .PP Rainer Wichmann (http://la\-samhna.de) .SH BUG REPORTS .PP If you find a bug in .BR samhain , please send electronic mail to .IR support@la\-samhna.de . Please include your operating system and its revision, the version of .BR samhain , what C compiler you used to compile it, your 'configure' options, and any information that you deem helpful. .PP .SH COPYING PERMISSIONS .PP Copyright (\(co) 1999, 2004 Rainer Wichmann .PP Permission is granted to make and distribute verbatim copies of this manual page provided the copyright notice and this permission notice are preserved on all copies. .ig Permission is granted to process this file through troff and print the results, provided the printed document carries copying permission notice identical to this one except for the removal of this paragraph (this paragraph not being relevant to the printed manual page). .. .PP Permission is granted to copy and distribute modified versions of this manual page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. samhain-3.1.0/man/samhainrc.50000644000175000017500000005272310777701121012676 00000000000000.TH SAMHAINRC 5 "Jul 29, 2004" "" "samhainrc manual" .SH NAME samhainrc \- samhain(8) configuration file .SH WARNING .PP The information in this man page is not always up to date. The authoritative documentation is the user manual. .SH DESCRIPTION .PP The configuration file for .BR samhain (8) is named .I samhainrc and located in .I /etc by default. .PP It contains several sections, indicated by headings in square brackets. Each section may hold zero or more .BI key= value pairs. Blank lines and lines starting with '#' are comments. Everything before the first section and after an .I "[EOF]" is ignored. The file may be (clear text) signed by PGP/GnuPG, and .B samhain may invoke GnuPG to check the signature if compiled with support for it. .PP Conditional inclusion of entries for some host(s) is supported via any number of .BI @ hostname /@ end directives. .BI @ hostname and .BI @ end must each be on separate lines. Lines in between will only be read if .I "hostname" (which may be a regular expression) matches the local host. .PP Likewise, conditional inclusion of entries based on system type is supported via any number of .BI $ sysname:release:machine /$ end directives. .br .I "sysname:release:machine" can be inferred from .I "uname -srm" and may be a regular expression. .PP Filenames/directories to check may be wildcard patterns. .PP Options given on the command line will override those in the configuration file. The recognized sections in the configuration file are as follows: .PP Boolean options can be set with any of 1|true|yes or 0|false|no. .TP .I "[ReadOnly]" This section may contain .br .BI file= PATH and .br .BI dir= [depth]PATH entries for files and directories to check. All modifications except access times will be reported for these files. .I [depth] (use without brackets) is an optional parameter to define a per\-directory recursion depth. .TP .I "[LogFiles]" As above, but modifications of timestamps, file size, and signature will be ignored. .TP .I "[GrowingLogFiles]" As above, but modifications of file size will only be ignored if the size has .IR increased . .TP .I "[Attributes]" As above, but only modifications of ownership and access permissions will be checked. .TP .I "[IgnoreAll]" As above, but report no modifications for these files/directories. Access failures will still be reported. .TP .I "[IgnoreNone]" As above, but report all modifications for these files/directories, including access time. .TP .I "[User0]" .TP .I "[User1]" .TP .I "[User2]" .TP .I "[User3]" .TP .I "[User4]" These are reserved for user-defined policies. .TP .I "[Prelink]" For prelinked executables / libraries or directories holding them. .TP .I "[Log]" This section defines the filtering rules for logging. It may contain the following entries: .br .BI MailSeverity= val where the threshold value .I val may be one of .IR debug , .IR info , .IR notice , .IR warn , .IR mark , .IR err , .IR crit , .IR alert , or .IR none . By default, everything equal to and above the threshold will be logged. The specifiers .IR * , .IR ! , and .I = are interpreted as 'all', 'all but', and 'only', respectively (like in the Linux version of syslogd(8)). Time stamps have the priority .IR warn , system\-level errors have the priority .IR err , and important start\-up messages the priority .IR alert . The signature key for the log file will never be logged to syslog or the log file itself. For failures to verify file integrity, error levels are defined in the next section. .br .BI PrintSeverity= val, .br .BI LogSeverity= val, .br .BI ExportSeverity= val, .br .BI ExternalSeverity= val, .br .BI PreludeSeverity= val, .br .BI DatabaseSeverity= val, and .br .BI SyslogSeverity= val set the thresholds for logging via stdout (or .IR /dev/console ), log file, TCP forwarding, calling external programs, and .BR syslog (3). .TP .I "[EventSeverity]" .BI SeverityReadOnly= val, .br .BI SeverityLogFiles= val, .br .BI SeverityGrowingLogs= val, .br .BI SeverityIgnoreNone= val, .br .BI SeverityIgnoreAll= val, .br .BI SeverityPrelink= val, .br .BI SeverityUser0= val, .br .BI SeverityUser1= val, .br .BI SeverityUser2= val, .br .BI SeverityUser3= val, and .br .BI SeverityUser4= val define the error levels for failures to verify the integrity of files/directories of the respective types. I.e. if such a file shows unexpected modifications, an error of level .I val will be generated, and logged to all facilities with a threshold of at least .IR val . .br .BI SeverityFiles= val sets the error level for file access problems, and .br .BI SeverityDirs= val for directory access problems. .br .BI SeverityNames= val sets the error level for obscure file names (e.g. non\-printable characters), and for files with invalid UIDs/GIDs. .TP .I "[External]" .BI OpenCommand= path Start the definition of an external logging program|script. .br .BI SetType= log|srv Type/purpose of program (log for logging). .br .BI SetCommandline= list Command line options. .br .BI SetEnviron= KEY=val Environment for external program. .br .BI SetChecksum= val Checksum of the external program (checked before invoking). .br .BI SetCredentials= username User as who the program will run. .br .BI SetFilterNot= list Words not allowed in message. .br .BI SetFilterAnd= list Words required (ALL) in message. .br .BI SetFilterOr= list Words required (at least one) in message. .br .BI SetDeadtime= seconds Time between consecutive calls. .TP .I "[Utmp]" Configuration for watching login/logout events. .br .BI LoginCheckActive= 0|1 Switch off/on login/logout reporting. .br .BI LoginCheckInterval= val Interval (seconds) between checks for login/logout events. .br .BI SeverityLogin= val .br .BI SeverityLoginMulti= val .br .BI SeverityLogout= val Severity levels for logins, multiple logins by same user, and logouts. .TP .I "[Kernel]" Configuration for detecting kernel rootkits. .br .BI KernelCheckActive= 0|1 Switch off/on checking of kernel syscalls to detect kernel module rootkits. .br .BI KernelCheckInterval= val Interval (seconds) between checks. .br .BI SeverityKernel= val Severity level for clobbered kernel syscalls. .br .BI KernelCheckIDT= 0|1 Whether to check the interrrupt descriptor table. .br .BI KernelSystemCall= address The address of system_call (grep system_call System.map). Required after a kernel update. .br .BI KernelProcRoot= address The address of proc_root (grep ' proc_root$' System.map). Required after a kernel update. .br .BI KernelProcRootIops= address The address of proc_root_inode_operations (grep proc_root_inode_operations System.map). Required after a kernel update. .br .BI KernelProcRootLookup= address The address of proc_root_lookup (grep proc_root_lookup System.map). Required after a kernel update. .TP .I "[SuidCheck]" Settings for finding SUID/SGID files on disk. .br .BI SuidCheckActive= 0|1 Switch off/on the check. .br .BI SuidCheckExclude= path A directory (and its subdirectories) to exclude from the check. Only one directory can be specified this way. .br .BI SuidCheckSchedule= schedule Crontab-like schedule for checks. .br .BI SeveritySuidCheck= severity Severity for events. .br .BI SuidCheckFps= fps Limit files per seconds for SUID check. .br .BI SuidCheckNosuid= 0|1 Check filesystems mounted as nosuid. Defaults to not. .br .BI SuidCheckQuarantineFiles= 0|1 Whether to quarantine files. Defaults to not. .br .BI SuidCheckQuarantineMethod= 0|1|2 Quarantine method. Delete = 1, remove suid/sgid flags = 1, move to quarantine directory = 2. Defaults to 1 (remove suid/sgid flags). .br .BI .TP .I "[Mounts]" Configuration for checking mounts. .br .BI MountCheckActive= 0|1 Switch off/on this module. .br .BI MountCheckInterval= seconds The interval between checks (default 300). .br .BI SeverityMountMissing= severity Severity for reports on missing mounts. .br .BI SeverityOptionMissing= severity Severity for reports on missing mount options. .br .BI CheckMount= path [mount_options] .br Mount point to check. Mount options must be given as comma-separated list, separated by a blank from the preceding mount point. .TP .I "[UserFiles]" Configuration for checking paths relative to user home directories. .br .BI UserFilesActive= 0|1 Switch off/on this module. .br .BI UserFilesName= filename policy .br Files to check for under each $HOME. Allowed values for 'policy' are: allignore, attributes, logfiles, loggrow, noignore (default), readonly, user0, user1, user2, user3, and user4. .br .BI UserFilesCheckUids= uid_list A list of UIDs where we want to check. The default is all. Ranges (e.g. 100-500) are allowed. If there is an open range (e.g. 1000-), it must be last in the list. .TP .I "[ProcessCheck]" Settings for finding hidden/fake,required processes on the local host. .br .BI ProcessCheckActive= 0|1 Switch off/on the check. .br .BI ProcessCheckInterval= seconds The interval between checks (default 300). .br .BI SeverityProcessCheck= severity Severity for events (default crit). .br .BI ProcessCheckMinPID= pid The minimum PID to check (default 0). .br .BI ProcessCheckMaxPID= pid The maximum PID to check (default 32767). .br .BI ProcessCheckPSPath= path The path to ps (autodetected at compile time). .br .BI ProcessCheckPSArg= argument The argument to ps (autodetected at compile time). Must yield PID in first column. .br .BI ProcessCheckExists= regular_expression Check for existence of a process matching the given regular expression. .TP .I "[PortCheck]" Settings for checking open ports on the local host. .br .BI PortCheckActive= 0|1 Switch off/on the check. .br .BI PortCheckInterval= seconds The interval between checks (default 300). .br .BI PortCheckUDP= yes|no Whether to check UPD ports as well (default yes). .br .BI SeverityPortCheck= severity Severity for events (default crit). .br .BI PortCheckInterface= ip_address Additional interface to check. .br .BI PortCheckOptional= ip_address:list Ports that may, but need not be open. The ip_address is the one of the interface, the list must be comma or whitespace separated, each item must be (port|service)/protocol, e.g. 22/tcp,nfs/tcp/nfs/udp. .br .BI PortCheckRequired= ip_address:list Ports that are required to be open. The ip_address is the one of the interface, the list must be comma or whitespace separated, each item must be (port|service)/protocol, e.g. 22/tcp,nfs/tcp/nfs/udp. .TP .I "[Database]" Settings for .I logging to a database. .br .BI SetDBHost= db_host Host where the DB server runs (default: localhost). Should be a numeric IP address for PostgreSQL. .br .BI SetDBName= db_name Name of the database (default: samhain). .br .BI SetDBTable= db_table Name of the database table (default: log). .br .BI SetDBUser= db_user Connect as this user (default: samhain). .br .BI SetDBPassword= db_password Use this password (default: none). .br .BI SetDBServerTstamp= true|false Log server timestamp for client messages (default: true). .br .BI UsePersistent= true|false Use a persistent connection (default: true). .TP .I "[Misc]" .BI Daemon= no|yes Detach from controlling terminal to become a daemon. .br .BI MessageHeader= format Costom format for message header. Replacements: .I %F source file name, .I %L source file line, .I %S severity, .I %T timestamp, .I %C message class. .br .BI VersionString= string Set version string to include in file signature database (along with hostname and date). .br .BI SetReverseLookup= true|false If false, skip reverse lookups when connecting to a host known by name rather than IP address. .br .BI HideSetup= yes|no Don't log name of config/database files on startup. .br .BI SyslogFacility= facility Set the syslog facility to use. Default is LOG_AUTHPRIV. .br .BI MACType= HASH-TIGER|HMAC-TIGER Set type of message authentication code (HMAC). Must be identical on client and server. .br .BI SetLoopTime= val Defines the interval (in seconds) for timestamps. .br .BI SetConsole= device Set the console device (default /dev/console). .br .BI MessageQueueActive= 1|0 Whether to use a SysV IPC message queue. .br .BI PreludeMapToInfo= list of severities The severities (see section .IR [Log] ) that should be mapped to impact severity .I info in prelude. .br .BI PreludeMapToLow= list of severities The severities (see section .IR [Log] ) that should be mapped to impact severity .I low in prelude. .br .BI PreludeMapToMedium= list of severities The severities (see section .IR [Log] ) that should be mapped to impact severity .I medium in prelude. .br .BI PreludeMapToHigh= list of severities The severities (see section .IR [Log] ) that should be mapped to impact severity .I high in prelude. .br .BI SetMailTime= val defines the maximum interval (in seconds) between succesive e\-mail reports. Mail might be empty if there are no events to report. .br .BI SetMailNum= val defines the maximum number of messages that are stored before e\-mailing them. Messages of highest priority are always sent immediately. .br .BI SetMailAddress= username @ host sets the recipient address for mailing. .I "No aliases should be used." For security, you should prefer a numerical host address. .br .BI SetMailRelay= server sets the hostname for the mail relay server (if you need one). If no relay server is given, mail is sent directly to the host given in the mail address, otherwise it is sent to the relay server, who should forward it to the given address. .br .BI SetMailSubject= val defines a custom format for the subject of an email message. .br .BI SetMailSender= val defines the sender for the 'From:' field of a message. .br .BI SetMailFilterAnd= list defines a list of strings all of which must match a message, otherwise it will not be mailed. .br .BI SetMailFilterOr= list defines a list of strings at least one of which must match a message, otherwise it will not be mailed. .br .BI SetMailFilterNot= list defines a list of strings none of which should match a message, otherwise it will not be mailed. .br .BI SamhainPath= /path/to/binary sets the path to the samhain binary. If set, samhain will checksum its own binary both on startup and termination, and compare both. .br .BI SetBindAddress= IP_address The IP address (i.e. interface on multi-interface box) to use for outgoing connections. .br .BI SetTimeServer= server sets the hostname for the time server. .br .BI TrustedUser= name|uid Add a user to the set of trusted users (root and the effective user are always trusted. You can add up to 7 more users). .br .BI SetLogfilePath= AUTO|/path Path to logfile (AUTO to tack hostname on compiled-in path). .br .BI SetLockfilePath= AUTO|/path Path to lockfile (AUTO to tack hostname on compiled-in path). .TP .B Standalone or client only .br .BI SetNiceLevel= -19..19 Set scheduling priority during file check. .br .BI SetIOLimit= bps Set IO limits (kilobytes per second) for file check. .br .BI SetFilecheckTime= val Defines the interval (in seconds) between succesive file checks. .br .BI FileCheckScheduleOne= schedule Crontab-like schedule for file checks. If used, .I SetFilecheckTime is ignored. .br .BI UseHardlinkCheck= yes|no Compare number of hardlinks to number of subdirectories for directories. .br .BI HardlinkOffset= N:/path Exception (use multiple times for multiple exceptions). N is offset (actual - expected hardlinks) for /path. .br .BI AddOKChars= N1,N2,.. List of additional acceptable characters (byte value(s)) for the check for weird filenames. Nn may be hex (leading '0x': 0xNN), octal (leading zero: 0NNN), or decimal. Use .I all for all. .br .BI FilenamesAreUTF8= yes|no Whether filenames are UTF-8 encoded (defaults to no). If yes, filenames are checked for invalid UTF-8 encoding and for ending in invisible characters. .br .BI IgnoreAdded= path_regex Ignore if this file/directory is added/created. .br .BI IgnoreMissing= path_regex Ignore if this file/directory is missing/deleted. .br .BI ReportOnlyOnce= yes|no Report only once on a modified file (default yes). .br .BI ReportFullDetail= yes|no Report in full detail on modified files (not only modified items). .br .BI UseLocalTime= yes|no Report file timestamps in local time rather than GMT (default no). Do not use this with Beltane. .br .BI ChecksumTest= {init|update|check|none} defines whether to initialize/update the database or verify files against it. If 'none', you should supply the required option on the command line. .br .BI SetPrelinkPath= path Path of the prelink executable (default /usr/sbin/prelink). .br .BI SetPrelinkChecksum= checksum TIGER192 checksum of the prelink executable (no default). .br .BI SetLogServer= server sets the hostname for the log server. .br .BI SetServerPort= portnumber sets the port on the server to connect to. .br .BI SetDatabasePath= AUTO|/path Path to database (AUTO to tack hostname on compiled-in path). .br .BI DigestAlgo= SHA1|MD5 Use SHA1 or MD5 instead of the TIGER checksum (default: TIGER192). .br .BI RedefReadOnly= +/-XXX,+/-YYY,... Add or subtract tests XXX from the ReadOnly policy. Tests are: CHK (checksum), TXT (store literal content), LNK (link), HLN (hardlink), INO (inode), USR (user), GRP (group), MTM (mtime), ATM (atime), CTM (ctime), SIZ (size), RDEV (device numbers) and/or MOD (file mode). .br .BI RedefAttributes= +/-XXX,+/-YYY,... Add or subtract tests XXX from the Attributes policy. .br .BI RedefLogFiles= +/-XXX,+/-YYY,... Add or subtract tests XXX from the LogFiles policy. .br .BI RedefGrowingLogFiles= +/-XXX,+/-YYY,... Add or subtract tests XXX from the GrowingLogFiles policy. .br .BI RedefIgnoreAll= +/-XXX,+/-YYY,... Add or subtract tests XXX from the IgnoreAll policy. .br .BI RedefIgnoreNone= +/-XXX,+/-YYY,... Add or subtract tests XXX from the IgnoreNone policy. .br .BI RedefUser0= +/-XXX,+/-YYY,... Add or subtract tests XXX from the User0 policy. .br .BI RedefUser1= +/-XXX,+/-YYY,... Add or subtract tests XXX from the User1 policy. .br .BI RedefUser2= +/-XXX,+/-YYY,... Add or subtract tests XXX from the User2 policy. .br .BI RedefUser3= +/-XXX,+/-YYY,... Add or subtract tests XXX from the User3 policy. .br .BI RedefUser4= +/-XXX,+/-YYY,... Add or subtract tests XXX from the User4 policy. .TP .B Server Only .br .BI SetUseSocket= yes|no If unset, do not open the command socket. The default is no. .br .BI SetSocketAllowUid= UID Which user can connect to the command socket. The default is 0 (root). .br .BI SetSocketPassword= password Password (max. 14 chars, no '@') for password-based authentication on the command socket (only if the OS does not support passing credentials via sockets). .br .BI SetChrootDir= path If set, chroot to this directory after startup. .br .BI SetStripDomain= yes|no Whether to strip the domain from the client hostname when logging client messages (default: yes). .br .BI SetClientFromAccept= true|false If true, use client address as known to the communication layer. Else (default) use client name as claimed by the client, try to verify against the address known to the communication layer, and accept (with a warning message) even if this fails. .br .BI UseClientSeverity= yes|no Use the severity of client messages. .br .BI UseClientClass= yes|no Use the class of client messages. .br .BI SetServerPort= number The port that the server should use for listening (default is 49777). .br .BI SetServerInterface= IPaddress The IP address (i.e. interface on multi-interface box) that the server should use for listening (default is all). Use INADDR_ANY to reset to all. .br .BI SeverityLookup= severity Severity of the message on client address != socket peer. .br .BI UseSeparateLogs= true|false If true, messages from different clients will be logged to separate log files (the name of the client will be appended to the name of the main log file to construct the logfile name). .br .BI SetClientTimeLimit= seconds The maximum time between client messages. If exceeded, a warning will be issued (the default is 86400 sec = 1 day). .br .BI SetUDPActive= yes|no yule 1.2.8+: Also listen on 514/udp (syslog). .TP .I "[Clients]" This section is only relevant if .B samhain is run as a log server for clients running on another (or the same) machine. .br .BI Client= hostname @ salt @ verifier registers a client at host .I hostname (fully qualified hostname required) for access to the log server. Log entries from unregistered clients will not be accepted. To generate a salt and a valid verifier, use the command .B "samhain -P" .IR "password" , where .I password is the password of the client. A simple utility program .B samhain_setpwd is provided to re\-set the compiled\-in default password of the client executable to a user\-defined value. .TP .I "[EOF]" An optional end marker. Everything below is ignored. .SH SEE ALSO .PP .BR samhain (8) .SH AUTHOR .PP Rainer Wichmann (http://la\-samhna.de) .SH BUG REPORTS .PP If you find a bug in .BR samhain , please send electronic mail to .IR support@la\-samhna.de . Please include your operating system and its revision, the version of .BR samhain , what C compiler you used to compile it, your 'configure' options, and anything else you deem helpful. .SH COPYING PERMISSIONS .PP Copyright (\(co) 2000, 2004, 2005 Rainer Wichmann .PP Permission is granted to make and distribute verbatim copies of this manual page provided the copyright notice and this permission notice are preserved on all copies. .ig Permission is granted to process this file through troff and print the results, provided the printed document carries copying permission notice identical to this one except for the removal of this paragraph (this paragraph not being relevant to the printed manual page). .. .PP Permission is granted to copy and distribute modified versions of this manual page under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. samhain-3.1.0/samhainrc.freebsd0000644000175000017500000003431311705341273013364 00000000000000##################################################################### # # FreeBSD Configuration file for samhain. # ##################################################################### # # -- empty lines and lines starting with '#', ';' or '//' are ignored # -- boolean options can be Yes/No or True/False or 1/0 # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # SETUP for file system checking: # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) Section [EventSeverity]: # To each policy, you can assign a severity (further below). # (iii) Section [Log]: # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). ##################################################################### ##################################################################### # # Files are defined with: file = /absolute/path # # Directories are defined with: dir = /absolute/path # or with an optional recursion depth (N <= 99): dir = N/absolute/path # # Directory inodes are checked. If you only want to check files # in a directory, but not the directory inode itself, use (e.g.): # # [ReadOnly] # dir = /some/directory # [IgnoreAll] # file = /some/directory # # You can use shell-style globbing patterns, like: file = /path/foo* # ###################################################################### [Misc] ## ## Add or subtract tests from the policies ## - if you want to change their definitions, ## you need to do that before using the policies ## # RedefReadOnly = (no default) # RedefAttributes=(no default) # RedefLogFiles=(no default) # RedefGrowingLogFiles=(no default) # RedefIgnoreAll=(no default) # RedefIgnoreNone=(no default) # RedefUser0=(no default) # RedefUser1=(no default) # # --------- / -------------- # [ReadOnly] dir = 0/ [Attributes] file = / file = /proc file = /entropy file = /tmp file = /var # # --------- /dev ----------- # [Attributes] dir = 99/dev [IgnoreAll] file = /dev/ttyp? [Misc] ## ## pseudo terminals are created/removed as needed ## IgnoreAdded = /dev/(p|t)typ.* IgnoreMissing = /dev/(p|t)typ.* # # --------- /etc ----------- # [ReadOnly] ## ## for these files, only access time is ignored ## dir = 99/etc # # --------- /boot ----------- # [ReadOnly] dir = 99/boot # # --------- /bin, /sbin ----------- # [ReadOnly] dir = 99/bin dir = 99/sbin # # --------- /lib ----------- # [ReadOnly] dir = 99/lib # # --------- /libexec ----------- # [ReadOnly] dir = 99/libexec # # --------- /rescue ----------- # [ReadOnly] dir = 99/rescue # # --------- /root ----------- # [Attributes] ## ## for these files, only changes in permissions and ownership are checked ## dir = 99/root # # --------- /stand ----------- # [ReadOnly] dir = 99/stand # # --------- /usr ----------- # [ReadOnly] dir = 99/usr [Attributes] dir = /usr/.snap dir = /usr/share/man/cat? file = /usr/compat/linux/etc file = /usr/compat/linux/etc/ld.so.cache [IgnoreAll] dir = -1/usr/home # # --------- /var ----------- # [Attributes] dir = 0/var [LogFiles] ## ## for these files, changes in signature, timestamps, and size are ignored ## file=/var/run/utmp [GrowingLogFiles] ## ## For these files, changes in signature, timestamps, and increase in size ## are ignored. Logfile rotation will cause a report because of shrinking ## size and different inode. ## dir = 99/var/log [Attributes] # # rotated logs will change inode # file = /var/log/*.[0-9].bz2 file = /var/log/*.[0-9].log file = /var/log/*.[0-9] file = /var/log/*.[0-9][0-9] file = /var/log/*.old file = /var/log/sendmail.st [Misc] # # Various naming schemes for rotated logs # IgnoreAdded = /var/log/.*\.[0-9]+$ IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ IgnoreAdded = /var/log/.*\.[0-9]+\.bz2$ IgnoreAdded = /var/log/.*\.[0-9]+\.log$ [IgnoreNone] ## ## for these files, all modifications (even access time) are reported ## - you may create some interesting-looking file (like /etc/safe_passwd), ## just to watch whether someone will access it ... ## [User0] [User1] ## User0 and User1 are sections for files/dirs with user-definable checking ## (see the manual) [EventSeverity] ## ## Here you can assign severities to policy violations. ## If this severity exceeds the treshold of a log facility (see below), ## a policy violation will be logged to that facility. ## # # Severity for verification failures. # # SeverityReadOnly=crit # SeverityLogFiles=crit # SeverityGrowingLogs=crit # SeverityIgnoreNone=crit # SeverityAttributes=crit # SeverityUser0=crit # SeverityUser1=crit ## We have a file in IgnoreAll that might or might not be present. ## Setting the severity to 'info' prevents messages about deleted/new file. ## # SeverityIgnoreAll=crit SeverityIgnoreAll=info ## Files : file access problems # SeverityFiles=crit ## Dirs : directory access problems # SeverityDirs=crit ## Names : suspect (non-printable) characters in a pathname # SeverityNames=crit [Log] ## ## Switch on/OFF log facilities and set their threshold severity ## ## Values: debug, info, notice, warn, mark, err, crit, alert, none. ## 'mark' is used for timestamps. ## ## Use 'none' to SWITCH OFF a log facility ## ## By default, everything equal to and above the threshold is logged. ## The specifiers '*', '!', and '=' are interpreted as ## 'all', 'all but', and 'only', respectively (like syslogd(8) does, ## at least on Linux). Examples: ## MailSeverity=* ## MailSeverity=!warn ## MailSeverity==crit ## E-mail ## # MailSeverity=none ## Console ## # PrintSeverity=info ## Logfile ## # LogSeverity=mark ## Syslog ## # SyslogSeverity=none ## Remote server (yule) ## # ExportSeverity=none ## External script or program ## # ExternalSeverity = none ## Logging to a database ## # DatabaseSeverity = none ## Logging to a Prelude-IDS ## # PreludeSeverity = crit ##################################################### # # Optional modules # ##################################################### # [SuidCheck] ## ## --- Check the filesystem for SUID/SGID binaries ## ## Switch on # # SuidCheckActive = yes ## Interval for check (seconds) # # SuidCheckInterval = 7200 ## Alternative: crontab-like schedule # # SuidCheckSchedule = NULL ## Directory to exclude # # SuidCheckExclude = NULL ## Limit on files per second (0 == no limit) # # SuidCheckFps = 0 ## Alternative: yield after every file # # SuidCheckYield = no ## Severity of a detection # # SeveritySuidCheck = crit ## Quarantine SUID/SGID files if found # # SuidCheckQuarantineFiles = yes ## Method for Quarantining files: # 0 - Delete the file. # 1 - Remove SUID/SGID permissions from file. # 2 - Move SUID/SGID file to quarantine dir. # # SuidCheckQuarantineMethod = 0 ## For method 1 and 3, really delete instead of truncating # # SuidCheckQuarantineDelete = yes # [Kernel] ## ## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) ## ## Switch on/off # # KernelCheckActive = True ## Check interval (seconds); btw., the check is VERY fast # # KernelCheckInterval = 300 ## Severity # # SeverityKernel = crit # [Utmp] ## ## --- Logging of login/logout events ## ## Switch on/off # # LoginCheckActive = True ## Severity for logins, multiple logins, logouts # # SeverityLogin=info # SeverityLoginMulti=warn # SeverityLogout=info ## Interval for login/logout checks # # LoginCheckInterval = 300 # [Database] ## ## --- Logging to a relational database ## ## Database name # # SetDBName = samhain ## Database table # # SetDBTable = log ## Database user # # SetDBUser = samhain ## Database password # # SetDBPassword = (default: none) ## Database host # # SetDBHost = localhost ## Log the server timestamp for received messages # # SetDBServerTstamp = True ## Use a persistent connection # # UsePersistent = True # [External] ## ## Interface to call external scripts/programs for logging ## ## The absolute path to the command ## - Each invocation of this directive will end the definition of the ## preceding command, and start the definition of ## an additional, new command # # OpenCommand = (no default) ## Type (log or srv) ## - log for log messages, srv for messages received by the server # # SetType = log ## The command (full command line) to execute # # SetCommandLine = (no default) ## The environment (KEY=value; repeat for more) # # SetEnviron = TZ=(your timezone) ## The TIGER192 checksum (optional) # # SetChecksum = (no default) ## User who runs the command # # SetCredentials = (default: samhain process uid) ## Words not allowed in message # # SetFilterNot = (none) ## Words required (ALL of them) # # SetFilterAnd = (none) ## Words required (at least one) # # SetFilterOr = (none) ## Deadtime between consecutive calls # # SetDeadtime = 0 ## Add default environment (HOME, PATH, SHELL) # # SetDefault = no ##################################################### # # Miscellaneous configuration options # ##################################################### [Misc] ## whether to become a daemon process ## (this is not honoured on database initialisation) # # Daemon = no Daemon = yes # whether to test signature of files (init/check/none) # - if 'none', then we have to decide this on the command line - # # ChecksumTest = none ChecksumTest=check # Set nice level (-19 to 19, see 'man nice'), # and I/O limit (kilobytes per second; 0 == off) # to reduce load on host. # # SetNiceLevel = 0 # SetIOLimit = 0 ## The version string to embed in file signature databases # # VersionString = NULL ## Interval between time stamp messages # # SetLoopTime = 60 SetLoopTime = 600 ## Interval between file checks # # SetFileCheckTime = 600 SetFileCheckTime = 7200 ## Alternative: crontab-like schedule # # FileCheckScheduleOne = NULL ## Alternative: crontab-like schedule(2) # # FileCheckScheduleTwo = NULL ## Report only once on modified files ## Setting this to 'FALSE' will generate a report for any policy ## violation (old and new ones) each time the daemon checks the file system. # # ReportOnlyOnce = True ## Report in full detail # # ReportFullDetail = False ## Report file timestamps in local time rather than GMT # # UseLocalTime = No ## The console device (can also be a file or named pipe) ## - There are two console devices. Accordingly, you can use ## this directive a second time to set the second console device. ## If you have not defined the second device at compile time, ## and you don't want to use it, then: ## setting it to /dev/null is less effective than just leaving ## it alone (setting to /dev/null will waste time by opening ## /dev/null and writing to it) # # SetConsole = /dev/console ## Activate the SysV IPC message queue # # MessageQueueActive = False ## If false, skip reverse lookup when connecting to a host known ## by name rather than IP address (i.e. trust the DNS) # # SetReverseLookup = True ## --- E-Mail --- # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # SetMailTime = 86400 ## Maximum number of mails to queue # # SetMailNum = 10 ## Recipient (max. 8) # # SetMailAddress=root@localhost ## Mail relay (IP address) # # SetMailRelay = NULL ## Custom subject format # # MailSubject = NULL ## --- end E-Mail --- ## Path to the executable. If set, will be checksummed after startup ## and before exit. # # SamhainPath = (no default) ## The IP address of the log server # # SetLogServer = (default: compiled-in) ## The IP address of the time server # # SetTimeServer = (default: compiled-in) ## Trusted Users (comma delimited list of user names) # # TrustedUser = (no default; this adds to the compiled-in list) ## Path to the file signature database # # SetDatabasePath = (default: compiled-in) ## Path to the log file # # SetLogfilePath = (default: compiled-in) ## Path to the PID file # # SetLockfilePath = (default: compiled-in) ## The digest/checksum/hash algorithm # # DigestAlgo = TIGER192 ## Custom format for message header. ## CAREFUL if you use XML logfile format. ## ## %S severity ## %T timestamp ## %C class ## ## %F source file ## %L source line # # MessageHeader="%S %T " ## Don't log path to config/database file on startup # # HideSetup = False ## The syslog facility, if you log to syslog # # SyslogFacility = LOG_AUTHPRIV SyslogFacility=LOG_LOCAL2 ## The message authentication method ## - If you change this, you *must* change it ## on client *and* server # # MACType = HMAC-TIGER ## The Prelude-IDS profile to use for reporting ## default value is "samhain" # # PreludeProfile = samhain ## Map these samhain severities to impact severity 'info' severity # # PreludeMapToInfo = ## Map these samhain severities to impact severity 'low' severity # # PreludeMapToLow = debug info ## Map these samhain severities to impact severity 'medium' severity # # PreludeMapToMedium = notice warn err ## Map these samhain severities to impact severity 'high' severity # # PreludeMapToHigh = crit alert # everything below is ignored [EOF] ##################################################################### # This would be the proper syntax for parts that should only be # included for certain hosts. # You may enclose anything in a @HOSTNAME/@end bracket, as long as the # result still has the proper syntax for the config file. # You may have any number of @HOSTNAME/@end brackets. # HOSTNAME should be the fully qualified 'official' name # (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. # No IP number - except if samhain cannot determine the # fully qualified hostname. # # @HOSTNAME # file=/foo/bar # @end # # These are two examples for conditional inclusion/exclusion # of a machine based on the output from 'uname -srm' # $Linux:2.*.7:i666 # file=/foo/bar3 # $end # # !$Linux:2.*.7:i686 # file=/foo/bar2 # $end # ##################################################################### samhain-3.1.0/init/0000755000175000017500000000000012234556154011106 500000000000000samhain-3.1.0/init/samhain.startSolaris.in0000644000175000017500000000210210473151110015444 00000000000000#!/bin/sh SBINDIR=@sbindir@ NAME=@install_name@ if [ ! -f ${SBINDIR}/${NAME} ]; then exit 0 fi log_stat_msg() { case "$1" in 0) echo "Service $NAME: Running"; break; ;; 1) echo "Service $NAME: Stopped and /var/run pid file exists"; break; ;; 3) echo "Service $NAME: Stopped"; break; ;; *) echo "Service $NAME: Status unknown"; break; ;; esac } case "$1" in start) echo "${NAME} starting." ;; stop) echo "${NAME} stopping." ;; restart) echo "${NAME} restarting." ;; reload|force-reload) echo "${NAME} reloading." ;; status) ${SBINDIR}/${NAME} $1 ERRNUM=$? log_stat_msg ${ERRNUM} exit ${ERRNUM} ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 ;; esac ${SBINDIR}/${NAME} $1 status=$? if [ $status != 0 ]; then echo $status exit 1 fi case "$1" in stop) if test -f @mylockfile@; then /bin/rm -f @mylockfile@ fi /bin/rm -f @mylockdir@/${NAME}.sock ;; *) exit 0 ;; esac exit 0 samhain-3.1.0/init/samhain.startIRIX.in0000644000175000017500000000221407660545750014634 00000000000000#! /bin/sh PATH=/usr/sbin:/usr/bin:/sbin export PATH rval=0 DAEMON=@sbindir@/@install_name@ NAME=@install_name@ if /sbin/chkconfig verbose; then verbose=1 else verbose=0 fi log_stat_msg () { case "$1" in 0) echo "Service $NAME: Running"; break; ;; 1) echo "Service $NAME: Stopped and /var/run pid file exists"; break; ;; 3) echo "Service $NAME: Stopped"; break; ;; *) echo "Service $NAME: Status unknown"; break; ;; esac } case "$1" in 'start') test $verbose = 1 && echo "Starting $NAME" $DAEMON start rval=$? exit $rval ;; stop) test $verbose = 1 && echo "Stopping $NAME" $DAEMON stop rval=$? # # Remove a stale lockfile, if found # if test -f @mylockfile@; then /bin/rm -f @mylockfile@ fi exit $rval ;; restart) test $verbose = 1 && echo "Restarting $NAME" $DAEMON restart rval=$? exit $rval ;; reload|force-reload) test $verbose = 1 && echo "Reloading $NAME" $DAEMON reload rval=$? exit $rval ;; status) ${DAEMON} status ERRNUM=$? log_stat_msg ${ERRNUM} exit ${ERRNUM} ;; *) echo "Usage: @install_name@ {start|stop|restart|reload}" exit 1 ;; esac exit $rval samhain-3.1.0/init/samhain.startLinux.in0000644000175000017500000001220511540471071015143 00000000000000#!/bin/bash # chkconfig: 2345 99 10 # description: File Integrity Checking Daemon # # processname: @install_name@ # config : @myconffile@ # logfile : @mylogfile@ # database: @mydatafile@ # # For Debian # FLAGS="defaults 99 10" NAME=@install_name@ DAEMON=@sbindir@/@install_name@ RETVAL=0 VERBOSE=yes PIDFILE=@mylockfile@ if [ -x $DAEMON ]; then : else echo "${0}: executable ${DAEMON} not found" exit 0 fi # Sort out sourcing in the distribution specific library functions # and the command to run them. if [ -f /etc/redhat-release ]; then . /etc/init.d/functions DISTRO=redhat elif [ -f /etc/mandrake-release ]; then . /etc/init.d/functions DISTRO=redhat elif [ -f /etc/yellowdog-release ]; then . /etc/init.d/functions DISTRO=redhat elif [ -f /etc/SuSE-release ]; then . /etc/rc.config . /etc/rc.status # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} # Force execution if not called by a runlevel directory. test $link = $base && START_@INSTALL_NAME@=yes # Check whether START_@INSTALL_NAME@ is in /etc/rc.config # If yes, abort unless its value is 'yes' if test "x${START_@INSTALL_NAME@}" != "x"; then test "${START_@INSTALL_NAME@}" = yes || exit 0 fi return=$rc_done DISTRO=suse elif [ -f /etc/debian_version ]; then # . /etc/default/rcS set -e DISTRO=debian elif [ -f /etc/slackware-version ]; then # . /etc/rc.d/rc.sysvinit DISTRO=generic else DISTRO=generic fi debian_end() { if [ $RETVAL -eq 0 ]; then echo "." else echo " failed." fi } # Generic function "a la Red Hat" MOVE_TO_COL="echo -en \\033[60G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_NORMAL="echo -en \\033[0;39m" echo_success() { $MOVE_TO_COL echo -n "[ " $SETCOLOR_SUCCESS echo -n "OK" $SETCOLOR_NORMAL echo -n " ]" echo -ne "\r" echo "" } echo_failure() { $MOVE_TO_COL echo -n "[" $SETCOLOR_FAILURE echo -n "FAILED" $SETCOLOR_NORMAL echo -n "]" echo -ne "\r" echo "" } # echo OK in green if is success, FAILED in red is failed generic_end() { if [ $RETVAL -eq 0 ]; then echo_success else echo_failure fi } log_stat_msg () { case "$1" in 0) echo "Service $NAME: Running"; ;; 1) echo "Service $NAME: Stopped and /var/run pid file exists"; ;; 3) echo "Service $NAME: Stopped"; ;; *) echo "Service $NAME: Status unknown"; ;; esac } case "$1" in start) # # Remove a stale PID file, if found # if test -f ${PIDFILE}; then /bin/rm -f ${PIDFILE} fi # # Preloaded kernel module # @sh_insmod_pre@ # case "$DISTRO" in debian) echo -n "Starting ${NAME}" ( /sbin/start-stop-daemon --start --quiet --exec $DAEMON ) RETVAL=$? debian_end ;; redhat) echo -n $"Starting ${NAME}: " daemon $DAEMON RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/${NAME} echo ;; suse) echo -n "Starting service ${NAME}" /sbin/startproc $DAEMON RETVAL=$? if [ $RETVAL -eq 0 ]; then return=$rc_done else return=$rc_failed fi echo -e "$return" ;; *) echo -n "Starting ${NAME} ... " $DAEMON start RETVAL=$? generic_end ;; esac # # The hiding kernel module # if [ $RETVAL -eq 0 ]; then @sh_insmod_cmd@ fi exit $RETVAL ;; stop) case "$DISTRO" in debian) echo -n "Stopping $NAME" ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) RETVAL=$? debian_end ;; redhat) echo -n $"Stopping ${NAME}: " killproc ${NAME} RETVAL=$? rm -f /var/lock/subsys/${NAME} echo ;; suse) echo -n "Shutting down service ${NAME}" /sbin/killproc -TERM $DAEMON RETVAL=$? if [ $RETVAL -eq 0 ]; then return=$rc_done else return=$rc_failed fi echo -e "$return" ;; *) if test x"$VERBOSE" != xno; then echo -n "Stopping ${NAME} ... " fi $DAEMON stop RETVAL=$? generic_end ;; esac # # Remove a stale PID file, if found # if test -f ${PIDFILE}; then /bin/rm -f ${PIDFILE} fi if test -S @mylockdir@/${NAME}.sock; then /bin/rm -f @mylockdir@/${NAME}.sock fi ;; restart) $0 stop sleep 3 $0 start RETVAL=$? ;; reload|force-reload) case "$DISTRO" in debian) echo -n "Reloading $NAME configuration files" ( /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON ) RETVAL=$? debian_end ;; redhat) echo -n $"Reloading ${NAME} configuration: " killproc ${NAME} -HUP RETVAL=$? echo ;; suse) echo -n "Reload service ${NAME}" /sbin/killproc -HUP $DAEMON RETVAL=$? if [ $RETVAL -eq 0 ]; then return=$rc_done else return=$rc_failed fi echo -e "$return" ;; *) echo -n "Reloading ${NAME} ... " $DAEMON reload RETVAL=$? generic_end ;; esac ;; status) case "$DISTRO" in redhat) status ${NAME} exit $? ;; suse) echo -n "Checking for service ${NAME}: " /sbin/checkproc $DAEMON RETVAL=$? if [ $RETVAL -eq 0 ]; then return="OK" else return="No process" fi echo "$return" exit $RETVAL ;; *) $DAEMON status ERRNUM=$? log_stat_msg ${ERRNUM} exit ${ERRNUM} ;; esac ;; *) echo "$0 usage: {start|stop|status|restart|reload}" exit 1 ;; esac exit $RETVAL samhain-3.1.0/init/samhain.startLSB.in0000755000175000017500000000435311540471051014472 00000000000000#! /bin/sh ### BEGIN INIT INFO # Provides: @install_name@ # Required-Start: $syslog $network # Required-Stop: $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Keep an eye on stuff # Description: Keep an eye on stuff ### END INIT INFO # source function library if test -f /lib/lsb/init-functions; then . /lib/lsb/init-functions else echo "File /lib/lsb/init-functions not found" exit 5 fi prefix="@prefix@" exec_prefix="@exec_prefix@" DAEMON=@sbindir@/@install_name@ NAME=@install_name@ if test ! -f ${DAEMON}; then log_failure_msg "Service $NAME is not installed" exit 5 fi if test "x$2" != "x" && test "x$1" != "xstatus"; then log_failure_msg "Excess arguments $@" exit 2 fi log_sh_msg () { case "$1" in 0) log_success_msg "Service $NAME $2" break; ;; 1) log_failure_msg "Service $NAME: Error" break; ;; 4) log_failure_msg "Service $NAME: Permission denied" break; ;; 5) log_failure_msg "Service $NAME is not installed" break; ;; 7) log_failure_msg "Service $NAME is not running" break; ;; *) log_failure_msg "Service $NAME: Error" break; ;; esac } log_stat_msg () { case "$1" in 0) echo "Service $NAME: Running"; break; ;; 1) echo "Service $NAME: Stopped and /var/run pid file exists"; break; ;; 3) echo "Service $NAME: Stopped"; break; ;; *) echo "Service $NAME: Status unknown"; break; ;; esac } case "$1" in start) # # Preloaded kernel module # @sh_insmod_pre@ # ${DAEMON} start ERRNUM=$? # # The hiding kernel module # if [ $ERRNUM -eq 0 ]; then @sh_insmod_cmd@ fi # SH_ACT="started" ;; stop) ${DAEMON} stop ERRNUM=$? if test -f @mylockfile@; then /bin/rm -f @mylockfile@ fi if test -S @mylockdir@/${NAME}.sock; then /bin/rm -f @mylockdir@/${NAME}.sock fi SH_ACT="stopped" ;; restart) ${DAEMON} restart ERRNUM=$? SH_ACT="restarted" ;; reload|force-reload) ${DAEMON} reload ERRNUM=$? SH_ACT="reloaded" ;; status) ${DAEMON} status ERRNUM=$? log_stat_msg ${ERRNUM} exit ${ERRNUM} ;; *) log_warning_msg "Usage: @install_name@ {start|stop|restart|(force-)reload|status}" exit 2 ;; esac log_sh_msg ${ERRNUM} "${SH_ACT}" exit ${ERRNUM} samhain-3.1.0/init/samhain.startFreeBSD.in0000644000175000017500000000123110475633515015264 00000000000000#!/bin/sh # PROVIDE: @install_name@ # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="@install_name@" rcvar=`set_rcvar` pidfile="@mylockfile@" # there are no required_files in general, # as they might be downloaded from the server # # required_files="@myconffile@ @mydatafile@" extra_commands="reload" stop_postcmd="remove_stale_files" command="@sbindir@/@install_name@" is_set() { eval "[ -n \"\${$1+X}\" ]" } remove_stale_files() { if test -f @mylockfile@; then /bin/rm -f @mylockfile@ fi /bin/rm -f @mylockdir@/${name}.sock } load_rc_config "$name" if ! is_set ${rcvar}; then eval "${rcvar}=YES" fi run_rc_command "$1" samhain-3.1.0/init/samhain.startHPUX.in0000644000175000017500000000334410275744140014640 00000000000000#!/sbin/sh # Allowed exit values # # 0 = success # 1 = failure # 2 = skip # 3 = reboot (now) # stdin is redirected from /dev/null # stderr, stdout are redirected to /etc/rc.log file (checklist mode) # or console (raw mode) # /usr, /var, /opt my not be available until run state 2 PATH=/usr/sbin:/usr/bin:/sbin export PATH rval=0 DAEMON=@sbindir@/@install_name@ NAME=@install_name@ run_the_command() { if test -f /etc/rc.config then . /etc/rc.config else echo "ERROR: /etc/rc.config defaults file MISSING" fi if test "x${CONTROL_@install_name@}" = x0 then rval=2 else ${DAEMON} $1 2>/dev/null ERRNUM=$? if test x"$ERRNUM" != x0 then echo "EXIT CODE: ${ERRNUM}" rval=1 fi fi } log_stat_msg () { case "$1" in 0) echo "Service $NAME: Running"; break; ;; 1) echo "Service $NAME: Stopped and /var/run pid file exists"; break; ;; 3) echo "Service $NAME: Stopped"; break; ;; *) echo "Service $NAME: Status unknown"; break; ;; esac } case "$1" in 'start_msg') echo "Starting the $NAME subsystem" ;; 'stop_msg') echo "Stopping the $NAME subsystem" ;; 'start') run_the_command start exit $rval ;; stop) run_the_command stop # # Remove a stale lockfile, if found # if test -f @mylockfile@; then /bin/rm -f @mylockfile@ fi /bin/rm -f @mylockdir@/${NAME}.sock exit $rval ;; restart) run_the_command restart exit $rval ;; reload|force-reload) run_the_command reload exit $rval ;; status) ${DAEMON} status ERRNUM=$? log_stat_msg ${ERRNUM} exit ${ERRNUM} ;; *) echo "Usage: @install_name@ {start_msg|stop_msg|start|stop|restart|reload|status}" exit 1 ;; esac exit $rval samhain-3.1.0/init/samhain.startMACOSX.in0000644000175000017500000000055510521465122015041 00000000000000#!/bin/sh . /etc/rc.common StartService() { ConsoleMessage "Starting service @install_name@." @sbindir@/@install_name@ start } StopService() { ConsoleMessage "Stopping service @install_name@." @sbindir@/@install_name@ stop } RestartService() { ConsoleMessage "Restarting service @install_name@." @sbindir@/@install_name@ restart } RunService "$1" samhain-3.1.0/init/samhain.startGentoo.in0000644000175000017500000000123011540471026015273 00000000000000#!/sbin/runscript opts="depend start stop reload" depend() { need clock hostname logger } start() { ebegin "Starting @install_name@" @sh_insmod_pre@ /sbin/start-stop-daemon --start --quiet --exec @sbindir@/@install_name@ eend $? @sh_insmod_cmd@ } stop() { ebegin "Stopping @install_name@" /sbin/start-stop-daemon --stop --quiet --retry 15 --exec @sbindir@/@install_name@ rm -f @mylockfile@ eend $? } reload() { if [ ! -f @mylockfile@ ]; then eerror "@install_name@ isn't running" return 1 fi ebegin "Reloading configuration" kill -HUP `cat @mylockfile@` &>/dev/null eend $? } samhain-3.1.0/init/samhain.start.in0000644000175000017500000000327207345244245014140 00000000000000#!/bin/sh # This file is public domain and comes with NO WARRANTY of any kind # samhain deamon start/stop script. # This should be put in /etc/init.d (at least on machines SYSV R4 # based systems) and linked to /etc/rc3.d/S99samhain. When this is done # the samhain daemon will be started when the machine is started. PATH=/sbin:/usr/bin:/usr/sbin:/bin basedir=/ prefix=@prefix@ exec_prefix=@exec_prefix@ bindir=@bindir@ samhain_daemon_user=root # Run samhain as this user. # If you use this, uncomment one of # the su rows below. export PATH mode=$1 # The following test may be removed if this script isn't to be run as root. if test ! -w / then echo "$0: this script must be run as root ... fatal error" exit 1 fi # Safeguard (relative paths, core dumps..) cd $basedir case "$mode" in 'start') # Start deamon if test -x ${bindir}/samhain then if test -x /sbin/startproc then # use startproc if available startproc ${bindir}/samhain -t check -D else # For Linux su -c -- $samhain_daemon_user $bindir/samhain -t check -D # For sun # su $samhain_daemon_user $bindir/samhain -t check -D fi else echo "Can't execute ${bindir}/samhain" fi ;; 'stop') if test -x ${bindir}/samhain then if test -x /sbin/killproc then # alternatively use the command below, if you have 'killproc' killproc -TERM ${bindir}/samhain else # Stop deamon - no PID file available, so search for the pid SH_PID=`ps aux | grep samhain | grep -v grep | awk '{print $2}'` kill ${SH_PID} fi fi ;; *) # usage echo "usage: $0 start|stop" exit 1 ;; esac samhain-3.1.0/docs/0000755000175000017500000000000012234450504011063 500000000000000samhain-3.1.0/docs/HOWTO-samhain-on-windows.html0000644000175000017500000003400711475404551016324 00000000000000 HOWTO Samhain on Windows

samhain file integrity scanner | online documentation


Using Samhain on Windows


This document aims to explain how to compile and run samhain on Windows with the Cygwin POSIX emulation layer, and how to install it as a service. These instructions have been written by Kris Dom, who has tested this on WinXP Professional, with additions by Geries Handal and Jorge Morgado.

Interix / Services For UNIX

Samhain can also be used with Interix/SFU 3.5. Note that in Interix, the Windows filesystem is referred as /dev/fs/C, while in Cygwin it is /cygdrive/c (both refers to the C: drive; other drives are analogous).

Older versions of samhain would need to be built with ./configure --disable-mail (i.e. without support for email logging) because Interix does not provide some of the required functionality to build the email module. This issue should be fixed as of samhain version 2.0.7 (not tested).
[Based on information kindly provided by Geries Handal].

Cygwin installation procedure to compile samhain

Cygwin download

  • Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin)
  • Surf to http://www.cygwin.com to download cygwin
  • Use the "install or update now (using setup.exe)" to download the installer in c:\temp\cygwin
  • Execute "setup.exe" in c:\temp\cygwin
  • Choose the "download from the Internet" option
  • Choose "c:\temp\cygwin" as 'Local Package Directory'
  • Choose an FTP site
  • Click on 'Default' just after 'All' to change the installation type from 'Default' to 'Install'. This will most likely install way too much stuff but I am not familiar with Cygwin, so this way I know that all libs and compilers are installed.
  • Let it download the stuff (there is a lot to download so be patient).

You don't need to download and install All packages. It is enough to keep the Default and then add the following additional packages:

Category Devel -> gcc: C compiler upgrade helper
Category Devel -> make: The GNU version of the 'make' utility
Category Libs -> minires: A simple synchronous non caching stub resolver

When selecting these packages, Cygwin installer will automatically add other packages based on their dependencies. The package minires is only necessary for a minimal Cygwin installation (below). [Kindly pointed out by Jorge Morgado].

Cygwin installation

  • When the download is complete you have the Cygwin software in the temporary directory, however, it still needs to be installed.
  • To install, execute the "setup.exe" in "c:\temp\cygwin"
  • Choose the "Install from local directory" option.
  • Choose "C:\Cygwin" as root directory (this will be the Unix '/')
  • Choose the Local Package Directory: "c:\temp\cygwin"
  • Click on 'Default' just after 'All' to change the installation type from 'Default' to 'Install'.
  • Let it install Cygwin (this will take some time so be patient).

Samhain install procedure (used 'samhain 1.8.7a' in this procedure)

(in the following procedure I use my personal preferences)

  • Start up Cygwin using the "Cygwin" icon on the desktop (a classic Unix environment will be started).
  • Download the 'samhain' gzip/tar (I always put in my home directory)
  • Make directories to install samhain (taking into account the configure options):
       $ mkdir /usr/local/sbin
       $ mkdir /usr/local/var
       $ mkdir /usr/local/log
       $ mkdir /usr/local/tmp
  • Go to the home directory:
       $ cd $HOME
  • Un-gzip and untar the samhain package:
       $ gunzip samhain-1.8.7a.tar.gz
       $ tar xvf samhain-1.8.7a.tar
  • Go to the samhain directory:
       $ cd samhain-1.8.7a
  • Configure:
       $ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var

    In my experience, the paths given in the 'configure' command should refer to the Cygwin filesystem view, i.e. /cygdrive/c/..., otherwise samhain may not work from a pure DOS shell, and may not run as a Windows service [Rainer Wichmann].

  • Make the binary:
       $ make
  • Install samhain:
       $ make install
  • Now configure the "/usr/local/etc/samhainrc" file.
    Remember: "C:\" -> "/cygdrive/c/"
  • Initialize the samhain local baseline database:
       $ /usr/local/sbin/samhain -t init
  • Start it up:
       $ /usr/local/sbin/samhain -t check

Cygwin minimal installation procedure to run samhain

  • Files needed to create a service (from NT/W2K Resource Kit):
    • instsrv.exe
    • srvany.exe
  • First copy these files to the "%winnt%\system32" directory.
  • Files needed to run the 'samhain.exe'. Copy the following .dll from the Cygwin setup (c:\Cygwin\bin) to the "%winnt%\system32" directory:
    • cygwin1.dll
    • cygminires.dll
  • Files needed from c:\Cygwin\bin to create the /etc/passwd and /etc/group files:
    • mkpasswd.exe
    • mkgroup.exe

    To generate these files on a minimal Cygwin installation execute - on a Windows Command Prompt:

       mkdir c:\etc
       path\to\mkpasswd.exe -l > c:\etc\passwd
       path\to\mkgroup.exe -l > c:\etc\group

    IMPORTANT NOTE: You should re-create these two files, each time the Windows users and groups accounts database changes. Failing to do this might generate critical log messages (depending on your configuration file).

  • Create a directory structure for samhain (following the compilation options you used)
       - in a DOS box (or via Windows Explorer)
       mkdir c:\usr
       mkdir c:\usr\local
       mkdir c:\usr\local\sbin
       mkdir c:\usr\local\var
       mkdir c:\usr\local\tmp
       mkdir c:\usr\local\log
       mkdir c:\usr\local\etc
  • Use the "instsrv.exe" binary to create a new service:
       instsrv.exe samhain c:\windows\system32\srvany.exe
       (this will create a service called "Samhain" that will start the "srvany.exe" process).
  • Now edit the registry to change the startup parameters for the newly created service:
    • regedit
    • HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Samhain
    • Add a String value (type: REG_SZ called: "Description") under the 'Samhain' key
    • Open the newly created "Description" value and fill in a description for the 'Samhain' service
    • Add a key to specify what file the "srvany.exe" process must start:
         Edit->New->Key called "Parameters"
    • Under the newly created "Parameters" key, add a new String value called "Application".
         The value for "Application" should be "c:\usr\local\sbin\samhain.exe".
  • Make sure that in the "samhainrc" file, you have used "/cygdrive/c" to refer to "c:"
  • Initialize the samhain baseline database first:
       c:\usr\local\sbin\samhain -t init
  • Reboot (it is Windows so ...)

It seems that start/stop/restart the service does not work if samhain is configured to run as a daemon, because the Windows service manager cannot track the forked daemon process.

Therefore, if you run Samhain as a Windows service, it might be better to configure it as a 'normal' process which does not fork a daemon:

  • Set 'Daemon = no' in the samhainrc configuration file.
  • Edit the key HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Samhain->Parameters to add a string value named 'AppParameters', with the value '--forever'.
[Rainer Wichmann].

Also see http://support.microsoft.com/kb/q137890/ for information regarding the creation of a user-defined service.

Note: the first time I tried to install samhain as an NT service, I first installed a default Cygwin on the system. This however made things much more complex. I think when there is no Cygwin installed, it is more easy to install Samhain as a service.

Troubleshooting samhain

[Rainer Wichmann] I had some problems at first getting it to run as a Windows service. Some tips:

  • Running samhain from a pure DOS shell (outside the Cygwin environment) helps to identify problems, in particular if it refuses to start as a Windows service.
  • I found it neccessary to put the cygwin1.dll DLL into the same directory as the samhain.exe executable. Also, you can use the command ldd ./samhain.exe to identify further Cygwin-specific DLL that may be required (if any).
  • Also, I found it neccessary to use Cygwin-style paths (/cygdrive/c/...) in the './configure ..' command when compiling samhain.

[Tip from Jorge Morgado] If you, like me, have a Windows server not part of any domain and (for security reasons) you even turn off DNS resolution, you might probably get the following error when initializing the baseline database: 

  ---------   sh_unix.c  ---   1487 ---------
  According to uname, your nodename is yourcomputername, but your resolver
  library cannot resolve this nodename to a FQDN.
  Rather, it resolves this to yourcomputername.
  For more information, see the entry about self-resolving under
  'Most frequently' in the FAQ that you will find in the docs/ subdirectory
  ----------------------------------------------

To fix this problem open the Registry Editor and create the following entries under the key HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

Name: Domain
Type: REG_SZ
Data: your.domain.name

Name: NV Domain
Type: REG_SZ
Data: your.domain.name

The NV Domain registry value contains the computer's primary DNS suffix while the Domain registry value contains the computer's primary DNS domain. This will make the warning message go away.

samhain-3.1.0/docs/HOWTO-client+server-troubleshooting.html0000644000175000017500000003253211475561215020611 00000000000000 HOWTO client+server troubleshooting

samhain file integrity scanner | online documentation


Samhain client/server: What can go wrong, and how can you fix it ?


  • Almost all problems can only be diagnosed correctly by checking the server logs.
  • If the server does not write logs, fix this first. For debugging, stop the server, then run it in the foreground with yule -p info --foreground
    • By default, the server logs to the file /var/log/yule/yule_log, and since the server drops root privileges on startup, the directory /var/log/yule must be writable for the nonprivileged user the server runs as (the first existing out of: yule, daemon, nobody).
    • Logging to the logfile must be enabled in the /etc/yulerc config file (e.g. LogSeverity=mark, or LogSeverity=info for enhanced verbosity).

This document aims to explain how to diagnose and fix common problems that may result from misunderstanding or misconfiguration when setting up a client/server samhain system. This document is divided in several sections more or less corresponding to the different stages when a client connects to a server. Each section starts with a brief explanation that should provide a basic understanding of what is going on.

This document does not discuss how to setup a client/server (for this, look into the manual and/or the HOWTO-client+server).

Table of Contents

Connecting to the server
Authentication
Downloading config/database files
Other connection problems

Connecting to the server

Client/server connections are always initiated from the client. The port is compiled in (there is a configure option to change the default). The default port is 49777.

Problem #1

The client reports: Connection refused. The server reports nothing.

The server is down, listens on the wrong port, or network failure.

Problem #2

The client reports: Connection error: Connection reset by peer, and later also Session key negotiation failed. The server reports: msg="Refused connection from ..." subroutine="libwrap".

The server is compiled with libwrap (TCP Wrapper) support, and the client is either in /etc/hosts.deny, or you have set yule: ALL in /etc/hosts.deny, and forgot to put the client in /etc/hosts.allow.

To fix: make proper entries in /etc/hosts.allow and/or /etc/hosts.deny. There is no need to restart/reload the server.

Authentication

The client has a password that is used to authenticate to the server. This password is located within the binary, and is set with the samhain_setpwd helper application, as explained e.g. in the manual or in the Client+Server HOWTO.

The server has a list of clients that are allowed to connect, and the verifiers corresponding to the passwords of these clients.

Upon successful authentication, client and server will negotiate a session key that is used for signing further messages from the client.

Problem #1

If the password is wrong, the client will report Session key negotiation failed. The server will report: Invalid connection attempt: Session key mismatch

To fix: make sure that the password has in fact been set, that you are using the correct executable for the client (the one where the password is set), and that the entry in the server config file is the one generated for this password (also look out for double entries for this client).

Problem #2

If the client name (as resolved on the server) is wrong, the client will report Session key negotiation failed. The server will report: Invalid connection attempt: Not in client list, and it will tell you in the same error message what name it has inferred for the connecting client (example): client="client.mydomain.com".

The fix depends on the nature of the problem. In principle, it should be sufficient to change the name of the client in the config file entry, which isn't really a solution if e.g. the server thinks the client is 'localhost'.

There are two different ways to determine the client name. Unfortunately, judging from customer feedback as well from common sense, both do not work very well with a messed up local DNS (including /etc/hosts files) and/or überparanoid or misconfigured firewalls (in case of connections across one).

  • First method: Determine client name on client, and try to cross-check on server

    This does not work for a number of people because

    1. the /etc/hosts file on the client machine has errors (yes, there are plenty machines with a completely messed up /etc/hosts file),
    2. the server cannot resolve the client address because the local DNS is misconfigured, or
    3. the client machine has multiple network interfaces, and the interface used is not the one the client name resolves to.

    If the client uses the wrong interface on a multi-interface machine, there is a config file option SetBindAddress=IP address that allows to choose the interface the client will use for outgoing connections.

    If you want to download the config file from the server, you should instead use the corresponding command line option --bind-address=IP address to select the interface.

    If you encounter problems, you may (1) fix your /etc/hosts file(s), (2) fix your local DNS, or (3) switch to the second method.

    Error messages related to name resolving/cross-checking can be suppressed by setting a very low severity (lower than the logging threshold), e.g.

    SeverityLookup=debug

    in the Misc section of the server configuration, if you prefer running unsafe at any speed instead of fixing the problem (you have been warned). Doing so will allow an attacker to pose as the client.

  • Second method: Use address of connecting entity as known to the communication layer

    This has been dropped as default long ago because it may not always be the address of the client machine. To enable this method, use

    SetClientFromAccept=true

    in the Misc section of the server configuration file. If the address cannot be resolved, or reverse lookup of the resolved name fails, no error message will be issued, but the numerical address will be used.

Downloading config/database files

The client does not tell the server the path to the requested file - it just tells the type of the file, i.e. either a configuration file or a database file. It is entirely the responsibility of the server to locate the correct file and send it.

The server has a data directory, which by default would be /var/lib/yule. Here the config/database files should be placed.

Configuration files: rc.client.mydomain.tld or simply rc (this can be used as a catchall file).

Database files: file.client.mydomain.tld or simply file (this can be used as a catchall file).

Problem #1

If the server cannot access the configuration (or database) file, either because it does not exist or the server has no read permission, the client will report File download failed. The server will report: File not accessible, and it will tell you in the same report the path where it would have expected the file (example): path="/var/lib/yule/rc.client.mydomain.com"

To fix: put the file in the correct location, make sure the permissions are ok.

  • Note that the server drops root privileges at startup and runs as an unprivileged user (the first existing out of: yule, daemon, nobody).
  • Also remember that to access a file, at least execute permission is required for every directory in the path.

Other connection problems

The server has a table with client names and their session keys. If another client process accesses the server from the same host, it will negotiate a fresh session key for that host. As a consequence, the session key of the first client process will become invalid.

Also, the server keeps track of the status of a client. If a client process does not announce its termination to the server, the server will not expect a startup message, and issue a warning for any such message.

Problem #1

The client reports: Invalid connection state. The server reports: Invalid connection attempt: Signature mismatch. This is a sign that a client has tried to connect using an invalid session key. Most probably, another instance of the client is/was started on the respective host.

To fix: if you need to have concurrent access to the server, suspend the first process with SIGUSR2 before starting the second. Use SIGUSR2 again to wake up the first process. Give the process a second or two to return into the main event loop and go into suspend mode. Do not just use SIGSTOP/SIGCONT: it is important that the client tells the server that it will go into suspend.

Problem #2

The server reports: Restart without prior exit for a client. This is a sign that a client has re-started without informing the server about a previous termination.

This would happen if the client was killed with SIGKILL, or if it terminated within the routine to send a message to the server (the routine is not re-entrant). You may want to investigate messages logged via another logging facility (e.g. the client's local logfile). Of course it may also be a segfault, which would be reported via syslog.

samhain-3.1.0/docs/MANUAL-2_3.html.tar0000644000175000017500000331400012234446621014022 00000000000000MANUAL-2_3/0000775000175000017500000000000012234446621011744 5ustar rainerrainerMANUAL-2_3/database.html0000775000175000017500000000725112234446603014406 0ustar rainerrainer Database
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.13. Database

Section heading:

[Database]

Entries:

SetDBHost=db_host — Host where the DB server runs (default: localhost). Should be numeric IP address for PostgreSQL.

SetDBName=db_name — Name of the database (default: samhain).

SetDBTable=db_table — Name of the database table (default: log).

SetDBUser=db_user — Connect as this user (default: samhain).

SetDBPassword=db_password — Use this password (default: none).

SetDBServerTstamp=boolean — Log server timestamp for client messages (default: true).

UsePersistent=boolean — Use a persistent connection (default: true).

AddToDBHash=field — Add a database field to the set of fields that are used for tagging the log record with an MD5 hash.

PrevHomeNext
Logfile monitoring/analysisUpMiscellaneous
MANUAL-2_3/client-server-connectivity.html0000775000175000017500000001160012234446603020131 0ustar rainerrainer Client/Server Connectivity
The Samhain Host Integrity Monitoring System
PrevAppendix A. List of options for the ./configure scriptNext

A.4. Client/Server Connectivity

--enable-network=client/server

Compile a client or server, rather than a standalone version.

--disable-encrypt

Disable encryption for client/server communication.

--enable-encrypt=1

Use version 1 encryption for client/server communication. Samhain 1.8.x introduces an enhanced version (version 2) of the client/server encryption. By default, the server is backward compatible, i.e. it can communicate with both version 1 (pre-1.8.x) and version 2 clients. Building the server with the --enable-encrypt=1 option makes it impossible to communicate with version 2 clients.

--disable-srp

Disable the use of the zero-knowledge SRP protocol to authenticate to log server, and use a (faster, but less secure) challenge-response protocol. This must be set to the same value for client and server, i.e. either disabled for client and server, or for none of both.

--with-libwrap[=PATH]

[SERVER ONLY] Build the server with support for libwrap (Wietse Venema's TCP wrappers library). In /etc/hosts.allow and/or /etc/hosts.deny, use 'yule' or the name defined with --enable-install-name=NAME for the name of the daemon.

--with-port=PORT

The port on which the server will listen (default is 49777), or to which the client will connect, respectively. This must be set to the same value for client and server. Only needed if this port is already used by some other application. Port numbers below 1024 require root privileges for the server.

--with-logserver=HOST

[CLIENT ONLY] The host address of the log server. This can be set in the configuration file. A compiled-in address is only required if you want to fetch the configuration file from the log server. An address in the configuration file will take precedence.

--with-altlogserver=HOST

[CLIENT ONLY] The host address of an alternative (backup) log server.

PrevHomeNext
OpenPGP Signatures on Configuration/Database FilesUpPaths
MANUAL-2_3/modules.html0000775000175000017500000000636112234446602014312 0ustar rainerrainer Modules
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.18. Modules

samhain has a programming interface that allows to add modules written in C. Basically, for each module a structure of type struct mod_type, as defined in sh_modules.h, must be added to the list in sh_modules.c.

This structure contains pointers to initialization, timing, checking, and cleanup functions, as well as information for parsing the configuration file.

For details, in the source code distribution check the files sh_modules.h, sh_modules.c, as well as e.g. utmp.c, utmp.h, which implement a module to monitor login/logout events. There is also a HOWTO written by eircom.net Computer Incident Response Team.

PrevHomeNext
Checking the Windows registryUpPerformance tuning
MANUAL-2_3/winreg.html0000775000175000017500000001751012234446602014133 0ustar rainerrainer Checking the Windows registry
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.17. Checking the Windows registry

Warning32bit vs. 64bit views
 

On 64bit Windows, the same key name may get mapped to different keys, depending on whether the lookup is done by a 32bit or 64bit application. Currently samhain does not check the alternate view.

This option is available with samhain version 2.8.0 and higher, when compiled on Cygwin/Windows. It enables samhain to verify the integrity of individual keys, or complete trees/hierarchies of keys, in the Windows registry.

NoteBe careful what you ask for
 

The Windows registry is huge, i.e. it may contain a huge amount of keys, for which baseline data will get stored in the samhain baseline database if you desire to monitor all of them. There is the potential to blow up the size of the baseline database in a quite spectacular way.

5.17.1. Options

All options for this module go into the section [Registry].

RegistryCheckActive=boolean switches this module on or off (default: off).

RegistryCheckInterval=seconds defines the interval (in seconds) between consecutive checks. The default is 300 seconds.

SeverityChange=severity defines the severity for reports on modifications to the registry.

IgnoreTimestampOnly=boolean to ignore changes where only the (write) timestamp has changed (default: off).

SingleKey=key defines a key to be monitored (of course it is possible to use this command multiple times). Valid key names must start with one of: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or HKEY_USERS. The Windows path separator ('\') must be used.

Hierarchy=key defines a key hierarchy in the registry, beginning at the specified key, to be monitored (of course it is possible to use this command multiple times). Valid key names must start with one of: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or HKEY_USERS. The Windows path separator ('\') must be used.

NoteEscaping the path separator
 

The following two directives (StopAtKey, IgnoreKey) take a (POSIX) regular expression as argument. This implies that the path separator must be escaped by doubling it, i.e. you need to write '\\' instead of '\', because the '\' is a metacharacter in regular expressions (see example below).

StopAtKey=regex means that the check of a hierarchy will stop at the specified key, i.e. nothing below this key will be checked or monitored (but the key itself where the check stops will). It is allowed to use a regular expression for the key. Valid key names must start with one of: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, or HKEY_USERS. The Windows path separator ('\') must be used.

IgnoreKey=regex differs from the StopAtKey option only insofar as the key where the check stops is not itself checked.

5.17.2. Example configuration

  [Registry]

  #
  # Switch on the module
  #
  RegistryCheckActive = yes

  # Check every 60 second
  #
  RegistryCheckInterval = 1

  # Check this and everything below
  #
  Hierarchy = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

  # Exclude this and anything below
  # IgnoreKey and StopAtKey have a regex as argument, hence
  # the path separator '\' must be escaped by doubling it.
  #
  IgnoreKey = HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion

  # Check this key
  #
  SingleKey = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters
PrevHomeNext
Logfile monitoring/analysisUpModules
MANUAL-2_3/file-content-store.html0000775000175000017500000001531112234446602016356 0ustar rainerrainer Storing the full content of a file (aka: WHAT has changed?)
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.20. Storing the full content of a file (aka: WHAT has changed?)

NoteConsider using a revision control system
 

One of the most frequently requested features is the ability to determine what has changed in a file. This is not really within the scope of a file integrity checker; rather it would be the task of a revision control system like SVN (subversion) or CVS.

While samhain, as of version 2.4.4, supports storing the full content of files in the baseline database, this feature is limited to small files (smaller than 9200 bytes after zlib compression). If you really think you need this feature, it is recommended to evaluate whether a revision control system does not fit your needs better.

As of version 2.4.4, samhain can optionally store the full literal content of regular files in the database, which allows to determine what has changed in a file. This feature will only get compiled if the required zlib development environment is available on the host where samhain is compiled (e.g. on Debian Linux, the package zlib1g-dev). This feature is subject to the following restrictions:

  • Only small files can be stored, where 'small' means less than 9200 bytes after zlib compression (and less than 92000 bytes before compression, i.e. files 10 times larger than the limit are assumed to not compress below the limit).

  • Only regular files can be stored; in particular, symlinks are not stored, since the content of a symlink inode actually is the target path (which is stored literally). It is safe to enable this for a directory, in the sense that it is silently ignored for file types where it does not apply.

  • The feature must be explicitely enabled in the runtime configuration file by adding the '+TXT' to the monitoring policy of a file or directory.

To enable this feature, modify a policy to include 'TXT', and place the desired files under this policy (see example below).

In order to show the stored content of a file, use the following command: 

  sh$ samhain --list-file path -d database_path

5.20.1. Example configuration


  [Misc]
  #
  # UserN policies default to ReadOnly + ATM (access time). This
  # makes the default (intentionally ;-) more or less useless.
  #
  # Redefine to ReadOnly + TXT (store file content)
  #
  RedefUser0 = -ATM, +TXT

  [User0]
  #
  # Files for which we want to store the full content in the
  # baseline database.
  #
  file=/etc/passwd
  file=/etc/group

5.20.2. Implementation details

File contents are zlib compressed (RFC 1950), and the compressed data are base64 encoded. To avoid internal conflicts, samhain uses the letters '(', ')' and '?' instead of the letters '+', '/', and '=' used in standard base64 encoding. E.g. in PHP the following will decode the data: 

  $tmp1 = strtr($data, "()?", "+/=");
  $tmp2 = base64_decode($tmp1);
  $tmp3 = gzuncompress($tmp2);
PrevHomeNext
Performance tuningUpInotify support on Linux (instantaneous reports, no I/O load)
MANUAL-2_3/files-to-check.html0000775000175000017500000000667712234446603015452 0ustar rainerrainer Files to check
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.2. Files to check

Allowed section headings (see Section 5.4.1> for more details) are:

[Attributes], [LogFiles], [GrowingLogFiles], [IgnoreAll], [IgnoreNone], [ReadOnly], [User0], [User1], and [User2], and [User3], and [User4], and [Prelink]

Placing an entry under one of these headings will select the respective policy for that entry (see Section 5.4.1>). Entries under the above section headings must be of the form:

dir=[optional numerical recursion depth]path

file=path

PrevHomeNext
Configuration file syntax and optionsUpSeverity of events
MANUAL-2_3/updating-the-file-signature-database.html0000775000175000017500000001147212234446601021707 0ustar rainerrainer Updating the file signature database
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.7. Updating the file signature database

The samhain daemon only reads the file signature database on startup (also see Section 5.4.4 on this). You can update the database while the daemon is running, as long as you don't interfere with its logging (i.e. you should run samhain -t update -l none to make sure the log file is not accessed). Interactive updates are supported with the command line flag --interactive, updates using a list of 'good' files are supported with the command line flag --listfile=path_to_listfile, where path_to_listfile should be the absolute path to a text file listing the 'good' files (absolute paths, one per line).

If you are using samhain in client/server mode and keep the baseline database on the server, then there are two ways to update the database:

  • The preferred method is to use the web-based (PHP4) beltane frontend, which allows to review client messages and to perform server-side updates of baseline databases.

  • Temporarily scp the baseline database to the client, run samhain -t update, and scp the baseline database back to the server. If you want to keep the client daemon running during the update, you need to avoid concurrent access to the log file (use '-l none' for the update process). Also, you need to avoid concurrent access to the server (use '-e none' for the update process).

    If you must access the server concurrently (e.g. to download the configuration file for the update process), you need to suspend the client daemon process temporarily using SIGUSR2 (note that SIGSTOP/SIGCONT will not do what you want, because the daemon must inform the server that it is about to suspend). Use SIGUSR2 again to wake up the daemon from suspend mode.

PrevHomeNext
Log file rotationUpImproving the signal-to-noise ratio
MANUAL-2_3/installation-customize.html0000775000175000017500000000754612234446600017367 0ustar rainerrainer Customize
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.7. Customize

samhain comes with default configuration files for several operating systems: samhainrc.linux, samhainrc.solaris, samhainrc.freebsd, samhainrc.aix5.2.0 (and yulerc for the server). The installation routine will choose the one matching closest your system, or fall back to samhainrc.linux, if no good match could be found. However, all these configuration files are kept very general, and most probably you want to adjust settings like:

  • which files/directories should be checked

  • which logging facilities should be used

The default location of the configuration file is /etc/samhainrc (see Section 2.10>). To customize, type: 

sh$ vi /etc/samhainrc

The default configuration file is heavily commented to help you. For a list of all runtime configuration directives, please have a look at Appendix C>.

If you have any typos or other errors in your configuration file, samhain will log warning messages upon startup including the corresponding line number of the configuration file.

PrevHomeNext
InstallUpInitialize the baseline database
MANUAL-2_3/signed-files.html0000775000175000017500000003421712234446602015214 0ustar rainerrainer Additional Features — Signed Configuration/Database Files
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 8. Additional Features — Signed Configuration/Database Files

Both the configuration file (see Section C.1>) and the database of file signatures (Section 5.8>) may always be cleartext signed by GnuGP (gpg). The recommended options are:

gpg -a --clearsign --not-dash-escaped FILE

If compiled with support for signatures, samhain will invoke gpg to verify the signature. To compile with gpg support, use the option:

./configure --with-gpg=/full/path/to/gpg [--with-keyid=0x<hex KeyID>]

  • The optional argument --with-keyid=0x<hex KeyID> allows to specify a key ID, if there is more than one key in your keyring. This is only used for the installation routine, and for configuring the samhainadmin.pl convenience script (see below).

    The installation routine ("[sudo] make install") will use the keyring of the user running it (in ~/.gnupg) for signing. At runtime, samhain will use the keyring of the runtime user (usually root) for verification.

  • samhain will check that the path to the gpg executable is writeable only by trusted users (see Section 2.10.1>).

  • The gpg program will be called without using the shell, with its full path (as compiled in), and with an environment that is limited to the HOME variable.

  • The public key must be in in the subdirectory HOME/.gnupg, where HOME is the home directory of the effective user (usually root).

  • From the command line, the signature must verify correctly with /path/to/gpg --status-fd 1 --verify FILE when invoked by the effective user of samhain (usually root).

TipTip
 

There is a Perl script samhainadmin.pl to facilitate some tasks related to the administration of signed configuration and database files (see Section 8.1>).

WarningCaveats
 

When signing, the option --not-dash-escaped is recommended, because otherwise the database might get corrupted. However, this implies that after a database update, you must remove the old signature first, before re-signing the database. Without 'dash escaping', gpg will not properly handle the old signature. See the tip just above.

The environment is limited to the HOME variable, since gpg may need it to find the the subdirectory HOME/.gnupg. If you need LD_LIBRARY_PATH, because your gpg executable relies on libraries that are not in the search path of the loader, you can either (i) use a wrapper script to set the environment and exec gpg (take care not to mess with file descriptors), (ii) update the system loader configuration file, or (iii) recompile with loader paths (-Wl,-r<path> or -Wl,-R<path>).

As signatures on files are only useful as long as you can trust the gpg executable, the configure script will determine the TIGER192 checksum of the gpg executable, which will be compiled into samhain. In case of an error, you can specify the checksum by hand with:

--with-checksum="CHECKSUM" — or — --without-checksum

CHECKSUM should be the checksum as printed by

gpg --load-extension tiger --print-md TIGER192 /path/to/gpg — or — samhain -H /path/to/gpg (the full line of output, with spaces).

Example: --with-checksum="/usr/bin/gpg: 1C739B6A F768C949 FABEF313 5F0B37F5 22ED4A27 60D59664"

WarningWARNING
 

Compiling in the GnuPG checksum will tie the samhain executable to the gpg executable. If you upgrade GnuPG, you will need to re-compile samhain. If you don't like this, use '--with-checksum=no' (or '--without-checksum', which is equivalent).

Likewise, it is highly recommended to compile in the key fingerprint of the signature key, which then will be verified after checking the signature itself:

--with-fp=FINGERPRINT

NoteNote
 

gpg --fingerprint will only list the fingerprint of primary keys. If you are signing with a secondary key, you need to repeat the '--fingerprint' option (i.e. run gpg gpg --fingerprint --fingerprint) in order to obtain the fingerprint for the signing (secondary) key. (If you don't know what a secondary key is, then this note is probably irrelevant for you.)

Example (spaces in FINGERPRINT do not matter): --with-fp="EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C"

TipTip
 

make install will gpg sign the configuration file before installation.

bash$ ./configure --with-gpg=/usr/bin/gpg --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C
bash$ make
bash$ su
bash$ make install
bash$ samhain -t init
bash$ gpg -a --clearsign /var/lib/samhain/samhain_file
bash$ mv /var/lib/samhain/samhain_file.asc /var/lib/samhain/samhain_file

samhain will report the signature key owner and the key fingerprint as obtained from gpg. If both files are present and checked (i.e. when checking files against the database), both must be signed with the same key. If the verification is successful, samhain will only report the signature on the configuration file. If the verification fails, or the key for the configuration file is different from that of the database file, an error message will result.

8.1. The samhainadmin script

In the subdirectory scripts/ of the source directory you will find a Perl script samhainadmin.pl to facilitate some tasks related to the administration of signed configuration and database files (e.g. examine/create/remove signatures). By default, this script is not installed. 

bash$ samhainadmin.pl --help
  samhainadmin.pl { -m F | --create-cfgfile }      [options] [in.cfgfile]
    Sign the configuration file. If in.cfgfile is given, sign it
    and install it as configuration file.

  samhainadmin.pl { -m f | --print-cfgfile }     [options] 
    Print the configuration file to stdout. Signatures are removed.

  samhainadmin.pl { -m D | --create-datafile }     [options] [in.datafile]
    Sign the database file. If in.datafile is given, sign it
    and install it as database file.

  samhainadmin.pl { -m d | --print-datafile }    [options] 
    Print the database file to stdout. Signatures are removed. Use
    option --list to list files in database rather than printing the raw file.

  samhainadmin.pl { -m R | --remove-signature }  [options] file1 [file2 ...]
    Remove cleartext signature from input file(s). The file
    is replaced by the non-signed file.

  samhainadmin.pl { -m E | --sign }              [options] file1 [file2 ...]
    Sign file(s) with a cleartext signature. The file
    is replaced by the signed file.

  samhainadmin.pl { -m e | --examine }           [options] file1 [file2 ...]
    Report signature status of file(s).

  samhainadmin.pl { -m G | --generate-keys }     [options] 
    Generate a PGP keypair to use for signing.

Options:
  -c cfgfile    --cfgfile cfgfile
    Select an alternate configuration file.

  -d datafile   --datafile datafile
    Select an alternate database file.

  -p passphrase --passphrase passphrase
    Set the passphrase for gpg. By default, gpg will ask.

  -p secretkeyring --secretkeyring secretkeyring
    Select an alternate secret keyring for gpg.
    Will use '$ENV{'HOME'}/.gnupg/secring.gpg' by default.

  -l            --list
    List the files in database rather than printing the raw file.

  -v            --verbose
    Verbose output.
PrevHomeNext
Calling external programs Additional Features — Stealth
MANUAL-2_3/finotify.html0000775000175000017500000001535612234446602014475 0ustar rainerrainer Inotify support on Linux (instantaneous reports, no I/O load)
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.21. Inotify support on Linux (instantaneous reports, no I/O load)

The Linux kernel offers an interface — called inotify — which allows an application to obtain change notifications for files and directories, if the application has registered watches for the files and directories it is interested in.

As of version 3.0, samhain optionally can use the inotify interface. The advantage of this is twofold: First, it is not neccessary to perform regular filesystem scans to detect file changes, i.e. the I/O load is drastically reduced. And second, changes can be reported immediately, thus allowing faster responses.

NotePlease note
 

Your system may be configured with a too low default for the maximum inotify watches per user. You can see the default with:

cat /proc/sys/fs/inotify/max_user_watches

You can change the default temporarily (i.e. until reboot) with:

echo 1048576 /proc/sys/fs/inotify/max_user_watches

You can change the default permanently by placing the following line in /etc/sysctl.conf (this will take effect at the next reboot):

fs.inotify.max_user_watches=1048576

Alternatively, samhain can be configured to reset the value by itself on startup (see example configuration below).

NoteFull scans
 

(1) On startup, samhain will perform a full scan, first to set the inotify watches, and second to recover changes that happened after initialisation of the baseline database, but before starting the file check.

(2) The kernel will queue inotify events. If the queue overflows because there are too many events in too short a time, the application will be notified. In this case, samhain will automatically trigger a full scan to recover lost file system changes.

(3) Finally, even if inotify is enabled, samhain will still honour the configured intervals or schedules for full scans. If you want to rely only on inotify, you may want to configure a very large interval for filesystem checks, e.g. 'SetFilecheckTime = 315360000' (10 years).

Note that currently, directories specified via wildcard patterns can only be detected in a full scan if they appear newly in the filesystem (unless of course the parent directory is monitored anyway). Wildcard patterns for files are checked every 10 seconds.

5.21.1. Example configuration

      [Inotify]
      #
      # Activate (default is off)
      #
      InotifyActive = yes
      
      # Optionally set the maximum number of watches allowed per user.
      # (default is leave as is). To see the default, use:
      # cat /proc/sys/fs/inotify/max_user_watches
      #
      InotifyWatches = 1048576
PrevHomeNext
Storing the full content of a file (aka: WHAT has changed?)UpConfiguring yule, the log server
MANUAL-2_3/pid-file.html0000775000175000017500000000507112234446601014327 0ustar rainerrainer PID file
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.5. PID file

samhain generates a PID file if it is run as a daemon process. You can configure the path to the PID file at compile time, either explicitely using the ./configure --with-pid-file=FILE option, or via the ./configure --prefix=PREFIX option.

PrevHomeNext
SignalsUpLog file rotation
MANUAL-2_3/installation-build.html0000775000175000017500000001002212234446600016423 0ustar rainerrainer Build
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.5. Build

After configuring the source, to build samhain you just have to type the command: 

sh$ make

The standalone/client executable (samhain) and the log server (yule) cannnot be compiled simultaneously. You need to run ./configure && make separately for both.

If you want to use your native package manager for installation, you might rather want to build a binary package. samhain has support for RPM (rpm), Debian (deb), Gentoo (tbz2), HP-UX (depot), and Solaris packages. Instead of simply typing make, you need to type:

sh$ make rpm|deb|tbz2|depot|solaris-pkg

This will create a custom binary package according to the options that you used when configuring the source (see previous section). For more details, see Section 10.2>.

If you don't want to include documentation, you can instead use:

sh$ make rpm-light|deb-light|depot-light|tbz2-light|solaris-pkg-light

Finally, the Makefile supports building a portable (Unix) binary installer package based on the makeself installer ((c) 1998-2004 Stephane Peter). There will be no documentation included. Just type:

sh$ make run
PrevHomeNext
Configuring the sourceUpInstall
MANUAL-2_3/libwrap.html0000775000175000017500000000713112234446602014276 0ustar rainerrainer Restrict access with libwrap (tcp wrappers)
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.10. Restrict access with libwrap (tcp wrappers)

As of version 1.8.0, yule can be build with support for libwrap, i.e. Wietse Venema's tcp wrappers libraries. To enable this, use the configure option --with-libwrap.

You can then restrict access to yule with appropriate entries in the /etc/hosts.allow and/or /etc/hosts.deny files.

NoteNote
 

If you use the configure option --enable-install-name=NAME, then yule will be installed as 'NAME', and this is what you then need to use as the daemons name in the /etc/hosts.allow and/or /etc/hosts.deny files.

PrevHomeNext
ChrootUpSending commands to clients
MANUAL-2_3/improving-the-signal-to-noise-ratio.html0000775000175000017500000000612412234446601021550 0ustar rainerrainer Improving the signal-to-noise ratio
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.8. Improving the signal-to-noise ratio

To get a good signal-to-noise ratio (i.e. few false alerts), you need to know which files should be checked, and which not (looking at the 'last modified' timestamp may be helpful, if in doubt).

To see how to set recursion depths, implement 'check all but xxx' policies etc., have a look at Section 5.4.1.

As samhain runs a a daemon, it is capable to 'remember' all file system changes, thus you won't get bothered twice about the same problem.

PrevHomeNext
Updating the file signature databaseUpRuntime options: command-line & configuration file
MANUAL-2_3/daemontool.html0000775000175000017500000000601112234446601014772 0ustar rainerrainer Using daemontool (or similar utilities)
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.2. Using daemontool (or similar utilities)

samhain does not auto-background itself (to become a daemon) unless explicitely specified in the config file or on the command line. However, normally it runs in single-shot mode if not used as daemon. To cause samhain to enter the main loop while running in the foreground (as required if you want to use daemontool), you need to start with the option -f or --forever. Note that yule, the server, will always loop.

PrevHomeNext
General usage notesUpControlling the daemon
MANUAL-2_3/logmon.html0000775000175000017500000006370412234446602014141 0ustar rainerrainer Logfile monitoring/analysis
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.16. Logfile monitoring/analysis

This option is available with samhain version 2.5.0 and higher. To compile with support for this option, use the configure option

./configure --enable-logfile-monitor

NotePCRE library required
 

This option requires the PCRE (Perl Compatible Regular Expressions) library. Many Linux distributions split library packages into a runtime package (required to run a dependent executable) and a development package (required to compile an executable). At least on the build host where samhain is compiled, the development package is required if you use this option.

This module enables samhain to monitor/analyze logfiles of other applications. Currently (samhain 2.5.0) the following logfile formats are supported:

  • Syslog

  • Apache (access and error log)

  • Samba

  • 'pacct' BSD-style process accounting (also available on Linux)

Logfile analysis will always start from the point the last one ended; the pointer into the file is stored persistently on disk. Logfile rotation is handled automatically as long as the rotated logfile remains in the same directory and is not compressed (usually log rotation tools can be configured to compress only after the second rotation, which is advisable for unrelated reasons - the logging application may still have an open file pointer after logfile rotation).

Logfile entries can be filtered with Perl-style regular expressions (filter rules). Regular expressions must match the whole logfile record. For efficiency, regular expressions can be grouped under a common regular expression, i.e. if the group expression fails to match, no RE in the group is tried. Furthermore, (groups of) regular expressions can be grouped by host, if the logfile(s) contain host information (such as host information in centralized syslog server logfiles, or virtual host information in Apache logfiles). Note that host->group->rule is supported (just as host->rule or group->rule), while group->host->rule isn't.

Each filtering rule (regular expression) is assigned to an output queue. Currently (samhain 2.5.0) queues only differ in the assigned severity of an event, but more options (per-queue mail addresses for alerts) are under development.

Filtering rules are processed in the order given in the configuration file, i.e. the first match wins.

NoteBlacklisting vs. whitelisting, and the 'trash' output queue
 

Output queues are labelled. The label 'trash' is reserved and refers to the trash bin (no output, throw away log entries if the matching rule is assigned to the 'trash' queue).

If a logfile entry does not match any rule, it is reported (i.e. the default is whitelisting known-good entries). To turn this into a blacklisting policy, simply add a catch-all rule at the end and assign it to the 'trash' queue.

5.16.1. Event Correlation

Sometimes it is desirable to report on the fact that several events happend at a similar time, possibly in a particular order. As of version 2.6.1, samhain supports this in the following way:

5.16.1.1. Marking individual events to be correlated

First, individual events to be correlated need to be marked for keeping them, under an arbitrary user-defined label, for an arbitrary user-defined time. So the rule for matching an event has to be modified like this:

LogmonRule=KEEP(seconds,label):queue_label:(perl)regex matches a logfile entry against the provided regular expression, AND keeps it for the specified time in seconds, with the specified label. In other words, processing of this rule will be no different than other rules, except for the fact that also a memory of the event is kept for the specified amount of time. So if you e.g. don't want a separate report for this individual event, just assign it to the trash queue.

5.16.1.2. Correlating the marked events

To correlate events labelled label_one, label_two, etc., just build a regular expression that matches the labels, in the temporal order you want to check for. E.g. if the temporal order is irrelevant, you may want to match (label_one.*label_two)|(label_two.*label_one). Use this expression in a rule maked as CORRELATE(description), like this:

LogmonRule=CORRELATE(description):queue_label:(perl)regex

NoteOld records in existing logfiles
 

Because the 'keep' timeout is relative to the current time, correlation of old entries in logfiles (i.e. when, at startup, an existing logfile with old entries is scanned) will only work if you specify 'keep' timeouts that are long enough to cover the whole timespan from the first logfile record until now.

5.16.2. Reporting non-occurence of an event

To check whether a given event occurs at least once within some given interval, the rule for matching an event can be modified like this:

LogmonRule=MARK(seconds,description):queue_label:(perl)regex matches a logfile entry against the provided regular expression, AND checks whether is occurs at least once within the specified interval (seconds).

Processing of this rule will be no different than other rules otherwise, so if you e.g. only want a report for this event if it is missing, just assign it to the trash queue. However, in the latter case the severity for reporting the messages must be set separately with the LogmonMarkSeverity directive, because the 'trash' queue has no severity assigned:

LogmonMarkSeverity=severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).

5.16.3. Reporting bursts of similar, repeated events

Samhain can automatically detect and report bursts of similar, repeated events in the monitored logfiles. Here similar, repeated events refers to events that differ (only) in details that can be expected to differ for events of the same kind: IP adresses, FQDNs, email adresses, and numbers. The event history goes back 12 minutes, and thus a report is triggered if the number of similar events within the last 12 minutes exceeds a given threshold (default: 24).

This feature is off by default. In order to switch it on, you need to set a reporting queue:

LogmonBurstQueue=queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).

In addition, there are two more configurable parameters, one to set the triggering threshold (i.e. the number of messages within 12 minutes that need to be exceeded to raise an alert), and another one to indicate whether messages from the cron daemon should be considered as well (default: no):

LogmonBurstThreshold=number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).

LogmonBurstCron=boolean — Whether to report also on bursts of repeated cron messages (default: false).

5.16.4. Options

LogmonActive=boolean switches this module on or off (default: off).

LogmonSaveDir=/absolute/path sets the directory where checkpoint data for logfiles is stored (default: same as for database file).

LogmonClean=boolean delete old checkpoint data unmodified for 30 days or more (default: off).

LogmonInterval=seconds sets the interval for logfile checking (default: 10 seconds).

LogmonMarkSeverity=severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).

LogmonBurstThreshold=number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).

LogmonBurstQueue=queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).

LogmonBurstCron=boolean — Whether to report also on bursts of repeated cron messages (defaul: false).

LogmonDeadtime=seconds — Do not report a correlated event again within the given time (default: 60 seconds).

LogmonWatch=TYPE:path[:format] advises the module to monitor the logfile with the specified path, which is of type 'TYPE' (logfile types are uppercase). Some logfile types (e.g. Apache access logs) can be customized, and hence some format information must be provided.

NoteDo not quote the format
 

Please note that it's neither required nor supported to add quotes around the format string. Likewise, quotes within the format should not be escaped. Wrong:

LogmonWatch=APACHE:/var/log/apache/access.log:"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\""

Correct:

LogmonWatch=APACHE:/var/log/apache/access.log:%h %l %u %t "%r" %>s %b "%{Referer}i"

Currently (samhain 2.6.4) the following logfile types are supported

SYSLOG

Standard UNIX style syslog files. Matching starts at the command (i.e. after the hostname). To select certain hostnames, place the rule under a LogmonHost directive (see below). If the LogmonHidePID option is used, the RE should not account for the process PID.

APACHE

Apache (or compatible) webserver access and/or error logs. Required format information: either one of combined, common, or error (error log), or the Apache custom log format specification used (also '%{X-Forwarded-For}i' is recognized). The whole log line is matched. If there are virtual hosts (%v), then the LogmonHost directive will match the virtual host.

In addition to the Apache format specifications, is possible to insert a literal regular expression as RE{regex} (samhain 2.8.4+).

SAMBA

Samba logfile format (multiline, timestamp and origin within samba source code on first line, log message on continuation lines). The RE will match the continuation line (with the log message) only.

PACCT

BSD style process accounting (also available on Linux). This is a binary logfile. The module will build a text line like the 'last' command does, and match it against the RE.

What is pacct good for? Note that pacct records contain only the executable name, not the arguments. This may look somewhat useless for shell accounts, but is quite useful for servers: how many different commands can e.g. postfix legitimately execute? Just a handful, indeed, and certainly none of them is /bin/sh! So if pacct says that the 'postfix' user has executed a shell, then this would be rather alarming...

SHELL

A shell command. The full output on stdout will be read and matched. The PATH environment variable will be set to /sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb, and the SHELL, IFS, and TZ variables will be defined. The command is executed via /bin/sh -c command.

LogmonHidePID=boolean is an option that only affects logfiles of type SYSLOG. It causes the PID to be stripped from the log line (before matching against the RE).

LogmonQueue=label:[interval]:(sum|report):severity[:alias] defines an output queue. Here, label is an arbitrary name which is used to assign rules to this queue; interval is the timespan over which messages are summarized if the queue is of type 'sum'; sum (summarize over some interval) or report (report each event seperately and immediately) are the two queue type supported, and severity is the severity assigned to an event. Furthermore, optionally it is possible to specify an alias (must be defined in the email configuration) to direct email for this rule to a specific list of recipients.

NoteEmail
 

If you spefify a list alias, email will still go to all defined email recipients unless filtered, e.g. with 

    SetMailFilterNot = \[Logfile\]

I.e. you may want to define recipients, filter them as above, and then define list aliases to be used in an event queue. See Section 4.4> for more information.

LogmonHost=(perl)regex causes the following rules to be applied only to entries for this host(s). It is ended implicitely by another LogmonHost directive, or explicitely by a LogmonEndHost directive.

LogmonEndHost explicitely ends a preceding LogmonHost directive.

LogmonGroup=(perl)regex causes the following rules to be applied only if the group regex matches (i.e. rules within the group are skipped if the group regex doesn't match. This can be used to improve speed/efficiency of matching, i.e. you can group regexes by a common prefix. A group is ended implicitely by another LogmonGroup directive, or explicitely by a LogmonEndGroup directive.

LogmonEndGroup explicitely ends a preceding LogmonGroup directive.

LogmonRule=queue_label:(perl)regex matches a logfile entry against the provided regular expression. If the expression matches, then captured subexpressions are replaced by '___', and the logfile entry is reported as specified for the queue referenced by queue_label. Non-captured subexpressions (i.e. subexpressions where the opening bracket is followed by '?:') are not replaced by '___', but reported literally.

LogmonRule=KEEP(seconds,label):queue_label:(perl)regex as above, but additionally keep the event label for seconds to perform event correlation.

LogmonRule=CORRELATE(description):queue_label:(perl)regex perform event correlation by matching the labels (as specified in KEEP rules) of a sequence of events against the given regular expression.

LogmonRule=MARK(seconds,description):queue_label:(perl)regex matches a logfile entry against the provided regular expression, AND checks whether is occurs at least once within the specified interval (seconds).

5.16.5. Example configuration

  [Logmon]

  #
  # Switch on the module
  #
  LogmonActive = yes

  # Check every second
  #
  LogmonInterval = 1

  # Strip PIDs from syslog messages
  #
  Logmonhidepid = true

  # Define a queue with severity 'crit'.
  # This is a 'report' queue, hence 'interval' (10)
  # will be ignored.
  #
  LogmonQueue = q1:10:report:crit

  # Define a second queue with severity 'alert'
  # 
  LogmonQueue = q2:10:report:alert

  # Monitor /var/log/messages, which is a syslog file
  #
  LogmonWatch = SYSLOG:/var/log/messages

  # Monitor /var/log/samba/log.nmbd, which is a samba
  # logfile
  #
  LogmonWatch = SAMBA:/var/log/samba/log.nmbd

  # Monitor /var/log/apache2/access.log, which is
  # an Apache logfile in 'combined' format
  #
  LogmonWatch = APACHE:/var/log/apache2/access.log:combined

  # Monitor disks to check for full /dev/sda1
  #
  LogmonWatch = SHELL:df -h

  # Syslog messages for the pppd deamon
  #
  LogmonGroup = g1:pppd.*
    #
    # Rules in this group
    #
    LogmonRule     = q1:pppd:\s+primary.*
    LogmonRule     = q1:pppd:\s+secondary.*
 #
 LogmonEndGroup

 # Warn about disk /dev/sda1 nearly full (80% or more. Use a 
 # non-capturing subexpression [the (?:8|9)] for the percentage full.
 #
 LogmonRule     = q1:/dev/sda1\s+[0-9GM.]+\s+[0-9GM.]+\s+[0-9GM.]+\s+(?:8|9).%.*

 # Messages starting with WARNING (some samba stuff)
 #
 LogmonGroup = g2:WARNING.*
   LogmonRule     = q2:.*interfaces.*
 LogmonEndGroup

 # Report on these events if happening within 120 seconds.
 # Set LogmonDeadtime to 120 seconds to avoid multiple reports.
 # Use the 'trash' queue for the keep rules to avoid reports on
 #   the individual events.
 #
 LogmonRule = KEEP(120,event1):trash:sshd: Accepted publickey for root.*
 LogmonRule = KEEP(120,event2):trash:sshd: pam_unix\(sshd:session\).*
 LogmonRule = CORRELATE(root_login):q1:(event1.*event2)|(event2.*event1)

 LogmonDeadtime = 120

 # Throw away all non-matching entries. This amounts
 # to a blacklist policy (only report known bad).
 #
 # Usually considered bad practice!!! Use whitelisting!
 #
 # 'trash' is a built in queue, no definition needed.
 #
 LogmonRule = trash:.*
PrevHomeNext
Checking for open portsUpChecking the Windows registry
MANUAL-2_3/paths.html0000775000175000017500000001334312234446603013760 0ustar rainerrainer Paths
The Samhain Host Integrity Monitoring System
PrevAppendix A. List of options for the ./configure scriptNext

A.5. Paths

Compiled-in paths may be as long as 255 chars. If the --with-stealth option is used, the limit is 127 chars. The paths to the database, log file, and pid/lock file can be overridden in the configuration file (see Section C.1>).

TipTip
 

If using NFS with clients on different hosts accesing the same files, you can set the database, log file, and pid/lock file names to "AUTO" in the configuration file to simply tack on the hostname on the compiled-in path. The same length limits apply.

--prefix=PREFIX

The install prefix. Default is none, and using the Filesystem Hierarchy Standard 2.2 directory layout. If you prefer the GNU layout (everything under /usr/local), use --prefix=/usr/local. See Section 2.10> for details.

--sbindir=DIR

The binary directory (default is /usr/local/sbin)

--localstatedir=DPFX

The state data directory prefix (default is /var). Data will be written to DPFX/lib/install_name.

--with-state-dir=DIR

The state data directory (default is DPFX/lib/install_name). Data will be written to this directory.

--mandir=MPREFIX

The man directory directory prefix (default is /usr/local/share/man).

--with-tmp-dir=TPFX

The directory where tmp files are created (config/database downloads from server, extracted PGP-signed parts of config/database files) (default is HOME).

--with-config-file=FILE

The full path of the configuration file (default is /etc/(install_name)rc).

--with-log-file=FILE

The path of the log file (default is DPFX/log/samhain_log).

--with-pid-file=FILE

The path of the PID file (default is DPFX/run/(install_name).pid).

--with-html-file=FILE

[SERVER ONLY] The path of the HTML status file where the current status of clients is displayed (default is DPFX/log/(install_name).html).

--with-console=PATH

The path of the console (default is /dev/console). This may be a FIFO.

--with-altconsole=PATH

The path of a second console (default is none). This may be a FIFO. If defined, console output will always go to both console devices (but note that console devices are only used when running as daemon).

PrevHomeNext
Client/Server ConnectivityUpList of command line options
MANUAL-2_3/nagios.html0000775000175000017500000001062312234446601014115 0ustar rainerrainer Using samhain with nagios
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.10. Using samhain with nagios

After running ./configure, you will find the script check_samhain.pl in the subdirectory scripts/ of the samhain distribution, which you can copy to the nagios libexec/ directory. Before doing so, you may want to edit the script to set the correct path to the libexec/ directory in the following line:

use lib  "/usr/local/nagios/libexec" ;

The following recipe to use this script has been kindly provided by kiarna:

Nagios runs as user 'nagios'. However, in order to check the filesystem, you typically want to run samhain as 'root'. You can use sudo to fix this problem. In your /etc/sudoers file, add the line:

 
nagios ALL = NOPASSWD:/path/to/check_samhain

Next, add the service to the nagios file objects/commands.cfg:

 
# 'check_samhain' command definition
define command{
command_name check_samhain
command_line /usr/bin/sudo -u root $USER1$/check_samhain -t 100
}

Another option would be to install the check_samhain script with SUID permissions instead of using sudo (this requires that the suidperl package is installed and that samhain has been compiled with ./configure --enable-suid ...

 
# 'check_samhain' command definition
define command{
command_name check_samhain
command_line $USER1$/check_samhain -t 100
}

Checking the filesystem may take some time, so you may want to increase the nagios plugin timeout by changing the following line in nagios.cfg from 60 to 600:

 
service_check_timeout=600

Then add the service to the appropriate section in the nagios service.cfg file.

PrevHomeNext
PreludeUpSyslog
MANUAL-2_3/hash-function.html0000775000175000017500000001117012234446601015401 0ustar rainerrainer Available checksum functions
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.2. Available checksum functions

A cryptographic hash function is a one-way function H(foo) such that it is easy to compute H(foo) from foo, but infeasible to compute foo from H(foo), or to find bar such that H(bar) = H(foo) (which would allow to replace foo with bar without changing the hash function).

One common usage of a such a hash function is the computation of checksums of files, such that any modification of a file can be noticed, as its checksum will change.

For computing checksums of files, and also for some other purposes, samhain uses the TIGER hash function developed by Ross Anderson and Eli Biham. The output of this function is 192 bits long, and the function can be implemented efficiently on 32-bit and 64-bit machines. Technical details can be found at this page.

As of version 1.2.10, also the MD5 and SHA-1 hash functions are available. (You need to set the option DigestAlgo=MD5 or DigestAlgo=SHA1 in the config file to enable this). Note that MD5 is somewhat faster, but because of security concerns it is not recommended anymore for new applications.

As of version 3.1.0, also the SHA2-256 hash function is available. (You need to set the option DigestAlgo=SHA256 in the config file to enable this).

PrevHomeNext
Configuring samhain, the host integrity monitorUpFile signatures
MANUAL-2_3/udp.html0000775000175000017500000000710612234446602013430 0ustar rainerrainer Syslog logging
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.12. Syslog logging

yule (version 1.2.8+) can listen on port 514/udp to collect reports from syslog clients. This must be enabled by using the --enable-udp configure option when compiling. In addition, in the Misc section of the configuration file, you must set the option SetUDPActive=yes.

This option requires to run yule either as root, or as SUID root. For security, yule will drop root privileges irrevocably immediately after binding to port 514/udp. It will assume the credentials of some compiled-in user. The default is 'yule', 'daemon', or 'nobody' (i.e. the first of these that exists on your system). You can override this with the --enable-identity=USER option. Note that each daemon should have its own user/group, such that an exploit will not give write access to files owned by other daemons.

PrevHomeNext
Sending commands to clientsUpServer-to-server relay
MANUAL-2_3/installation.html0000775000175000017500000001106412234446601015336 0ustar rainerrainer Compiling and installing
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 2. Compiling and installing

NoteSamhain as a client/server system
 

This chapter focuses on building a standalone samhain executable. For a client/server system, client and server executable are built from the same source, but with different options for the 'configure' script (see Section 2.4>).

Please refer to the chapter Chapter 6 for an explanation of the client/server setup.

2.1. Overview

Download: 

   sh$ wget http://la-samhna.de/samhain/samhain-current.tar.gz

Extract (and verify PGP signature): 

   sh$ gunzip -c samhain-current.tar.gz | tar xvf -
   sh$ gpg --verify samhain-N.N.N.tar.gz.asc samhain-N.N.N.tar
   sh$ gunzip -c samhain-N.N.N.tar.gz | tar xvf -
   sh$ cd samhain-N.N.N

Configure: 

   sh$ ./configure

Compile: 

   sh$ make

Install: 

   sh$ make install

Customize: 

   sh$ vi /etc/samhainrc

Initialize the baseline database: 

   sh$ samhain -t init

Start the samhain daemon: 

   sh$ samhain -t check -D

PrevHomeNext
Introduction Requirements
MANUAL-2_3/calling-external-programs.html0000775000175000017500000002362612234446602017726 0ustar rainerrainer Calling external programs
The Samhain Host Integrity Monitoring System
PrevChapter 7. Hooks for External ProgramsNext

7.3. Calling external programs

samhain may invoke external programs or scripts in order to implement logging capabilities that are not supported by samhain itself (e.g. pager support). This section provides an overview of this capability.

External programs/scripts invoked for logging will receive the formatted log message on stdin. The program should expect that stdout and stderr are closed, and that the working directory is the root directory.

Each external program must be defined in the configuration file, in a section starting with the header [External]. In addition, ExternalSeverity must be set to an appropriate threshold in the section [Log].

Each program definition starts with the line

OpenCommand=/full/path

Options for the program may follow. The definition of an external program is ended (a) when explicitely terminated with the line CloseCommand, (b) when the section ends, or (c) when another OpenCommand=/full/path line for the next command is encountered.

NoteEnvironment variables
 

By default, the environment is limited to the TZ (timezone) variable. If you need other variables (e.g. LD_LIBRARY_PATH), you can set them using the Setenviron=KEY=value option (see below).

  • There are several places in samhain where external programs may be called. Each such place is identified by a type. Currently, valid types are:

    • log — An external logging facility, which is handled like other logging facilities. The program will receive the logged message on stdin, followed by a newline, followed by the string [EOF] and another newline.

    • srv — Executed by the server, whenever the status of a client, as displayed in the HTML status table, has changed. The program will receive the client hostname, the timestamp, and the new status, followed by a newline, followed by [EOF] and another newline.

  • Any number of external programs may be defined in the configuration file. Each external program has a type, which is log by default. Whenever external programs are called, all programs of the appropriate type are executed. The type can be set with SetType=type

  • External programs must be on a trusted path (see Section 2.10.1>), i.e. must not be writeable by untrusted users.

  • For enhanced security, the (192-bit TIGER) checksum of the external program/script may be specified in the configuration file: SetChecksum=checksum (one string, no blanks in checksum)

  • Command line arguments and environment variables for each external program are configurable (the default is no command line arguments, and a clean environment containing only the TZ (timezone) variable:

    SetCommandline=full_command_line (full command line starting with the name of the program)

    Setenviron=KEY=value

  • The user whose credentials shall be used, can be specified: SetCredentials=username

  • Some filters are available to make the execution of an external program dependent on the message content:

    SetFilterNot=list If any regular expression in 'list' matches the message, the program is not executed, else

    SetFilterAnd=list if any regular expression in 'list' is not matching the message, the program is not executed, else

    SetFilterOr=list if none of the regular expressions in 'list' matches the message, the program is not executed.

    For all filters, list items can be quoted with single or double quotes. It is also possible to use each filter option multiple times, although this does not affect the order (not, and, or) in which filters are evaluated. A maximum of 32 filter patterns for each of (not, and. or) are supported per defined external program. Any filter not defined is not evaluated.

  • It is possible to set a 'deadtime'. Within that 'deadtime', the respective external program will be executed only once (if triggered): SetDeadtime=seconds

7.3.1. Example setup for paging

The distribution contains two example perl scripts for paging and SMS messages (example_pager.pl, example_sms.pl). The paging script will page via a web CGI script at www.pagemart.com (obviously will work only for their pagers), the SMS script is for any German 'free SMS' web site that outsources free SMS to pitcom (with a suitable query on Google you can find such sites; you can then inspect the HTML form to set proper values for the required form variables.)

If you know some Perl, both scripts can be adapted fairly easily to other providers. Below is an example setup for calling example_pager.pl as an external logging facility.

  [External]
  # start definition of first external program
  OpenCommand=/usr/local/bin/example_pager.pl 
    SetType=log 
    # arguments
    SetCommandline=example_pager.pl pager_id 
    # environment 
    SetEnviron=HOME=/home/moses 
    SetEnviron=PATH=/bin:/usr/bin:/usr/local/bin 
    # checksum 
    SetChecksum=FCBD3377B65F92F1701AFEEF3B5E8A80ED4936FD0D172C84 
    # credentials 
    SetCredentials=moses 
    # filter 
    SetFilterOr=POLICY 
    # deadtime 
    SetDeadtime=3600
  #Optional
  CloseCommand
PrevHomeNext
System V message queueUpAdditional Features — Signed Configuration/Database Files
MANUAL-2_3/suidchk.html0000775000175000017500000002345312234446602014275 0ustar rainerrainer Checking the file system for SUID/SGID binaries
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.9. Checking the file system for SUID/SGID binaries

To compile with support for this option, use the configure option

./configure --enable-suidcheck

If enabled, this will cause the samhain daemon to check the whole file system hierarchy for SUID/SGID files at user-defined intervals, and to report on any that are not included in the file database. Upon database initialization, all SUID/SGID files will automatically be included in the database. Excluded are nfs, proc, msdos, vfat, and iso9660 (CD-ROM) file systems, as well as file systems mounted with the 'nosuid' options (the latter is not supported on all OSes, but at least on Linux).

On Linux, files that are marked as candidates for mandatory locking (group-id bit set, group-execute bit cleared) will be ignored.

You can manually exclude one directory (see below); this should be used only for obscure problems (e.g.: /net/localhost on Solaris - the automounter will mirror the root directory twice, as '/net/localhost' and '/net/localhost/net/localhost', and any nfs file system in '/' will be labelled as ufs system in '/net/localhost/net/localhost' …).

NoteNote
 

The SUID check is very I/O expensive. Using 'nice' may not help, if the CPU is waiting for I/O all the time anyway. To limit the load, the following options are provided:

You can schedule execution at fixed times with SuidCheckSchedule=schedule.

You can limit I/O with the SuidCheckFps=fps option (fps: files per second).

As an alternative to the SuidCheckFps option, you can use SuidCheckYield=yes. This will cause the SuidCheck module to yield its time slice after each file. If SuidCheckYield is used, the SuidCheckFps option will not take effect.

The schedule should have the same syntax as a crontab entry (see crontab(5) and example below), with the following exceptions: (a) lists are not allowed, and (b) ranges of names are allowed. If a schedule is given, the SuidCheckInterval option will not take effect. You can specify a list of schedules with successive SuidCheckSchedule=... directives.

5.9.1. Quarantine SUID/SGID files

As of version 1.8.4, it is possible to quarantine new SUID/SGID files detected by samhain. To use this option, you must first enable it with SuidCheckQuarantineFiles=yes. This tells the SuidCheck module to quarantine any SUID/SGID files found after the initialization of the database using the method selected in SuidCheckQuarantineMethod (see next paragraph). If this is used, the file will be logged each time it is found and not added to the memory resident database.

You must also choose a method to be used to quarantine a SUID/SGID file: SuidCheckQuarantineMethod=0/1/2. Currently, there are 3 methods implemented: 0 - Delete the file from the system. 1 - Remove the SUID/SGID permissions from the file. 2 - Move the SUID/SGID file to a quarantine directory. The quarantine directory is DEFAULT_DATAROOT/.quarantine. Each file moved there has an additional file created that contains information about the SUID/SGID file. For example, if a file /foo is an unauthorized SUID/SGID file, then it will be removed and moved to /var/lib/samhain/.quarantine and another file, foo.info, will be created in /var/lib/samhain/.quarantine with information about /foo.

WarningImportant remarks
 

Methods 0 and 2 will by default not remove the original file, but rather truncate to zero size and remove suid/sgid properties. If you really want to remove the original file rather than truncate, you need to set the option SuidCheckQuarantineDelete=yes

The rationale for this behaviour is that removing a file in an arbitrary directory is considered to be dangerous, because the object that is unlinked may not be the same object anymore that has been determined to be a suid/sgid file before. You have been warned.

For additional security, samhain will recursively chdir into the parent directory of the file to make sure there are no symlinks in the path. Also, a file will not be truncated if it is a hardlink to another one.

No quarantining will be done if samhain is run in 'update' mode, since it is assumed that the current filesystem state is ok, and the database should be updated to reflect the current state.

5.9.2. Configuration

This facility is configured in the SuidCheck section of the configuration file. 

  [SuidCheck]  
  # activate (0 for switching off) 
  SuidCheckActive=1 
  # interval between checks (in seconds, default 7200)
  # SuidCheckInterval=86400 
  # scheduled check at 01:30 each night
  SuidCheckSchedule=30 1 * * * 
  # this is the severity (see Section 4.1.1>) 
  SeveritySuidCheck=crit 
  # you may manually exclude one directory 
  SuidCheckExclude=/net/localhost
  #
  # limit on files per seconds
  SuidCheckFps=250 
  # alternatively yield time slice after each file
  # SuidCheckYield=yes
  #
  # Quarantine detected SUID/SGID files
  # SuidCheckQuarantineFiles=no
  #
  # Quarantine Method
  # 0 - Delete the file from the system.
  # 1 - Remove the SUID/SGID permissions from the file.
  # 2 - Move the SUID/SGID file to a quarantine directory.  
  #     The quarantine directory is DEFAULT_DATAROOT/.quarantine.
  # SuidCheckQuarantineMethod = 1
  #
  # Really delete if using methods 0 or 2
  # SuidCheckQuarantineDelete = no

PrevHomeNext
The file signature databaseUpDetecting Kernel rootkits
MANUAL-2_3/signals.html0000775000175000017500000001223612234446601014277 0ustar rainerrainer Signals
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.4. Signals

On startup, all signals will be reset to their default. Then a signal handler will be installed for all signals that (i) can be trapped by a process and (ii) whose default action would be to stop, abort, or terminate the process, to allow for graceful termination.

For SIGSEGV, SIGILL, SIGBUS, and SIGFPE, a 'fast' termination will occur, with only minimal cleanup that may result in a stale pid file being left.

If the operating system supports the siginfo_t parameter for the signal handling routine (see man sigaction), the origin of the signal will be checked.

The following signals can be sent to the process to control it:

  • SIGUSR1 Switch on/off maximally verbose output to the console.

  • SIGUSR2 Suspend/continue the process, and (on suspend) send a message to the server. This message has the same priority as timestamps. This signal allows to run samhain -t init -e none on the client to regenerate the database, with download of the configuration file from the server, while the daemon is suspended (normally you would get errors because of concurrent access to the server by two processes from the same host).

  • SIGTERM Terminate the process.

  • SIGQUIT Terminate the server process after processing all currently pending requests from clients. Terminate the client process after finishing the current task (from the terminal, SIGQUIT usually is Ctrl-\).

  • SIGHUP Re-read the configuration file. Note that it is not possible to override command-line options given at startup.

  • SIGTTIN / SIGABRT Unlock the log file, wait three seconds, then proceed. At the next access, the log file will be locked again and a fresh audit trail -- with a fresh signature key -- will be started. This allows log rotation without splitting an audit trail. See Sect.~Section 4.5.1.

  • SIGTTOU Perform a file check. Only client/standalone, and only in daemon mode.

PrevHomeNext
Controlling the daemonUpPID file
MANUAL-2_3/logmon-check.html0000775000175000017500000001261712234446603015212 0ustar rainerrainer Logfile monitoring/analysis
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.12. Logfile monitoring/analysis

Section heading:

[Logmon]

LogmonActive=boolean — 'true' to switch on, 'false' to switch off.

LogmonSaveDir=/abslute/path sets the directory where checkpoint data for logfiles is stored (default: same as for pid file).

LogmonClean=boolean delete old checkpoint data unmodified for 30 days or more (default: off).

LogmonInterval=seconds — Interval between checks (default 10).

LogmonWatch=TYPE:path[:format] — File to monitor.

LogmonHidePID=boolean — Suppress PID in syslog messages, 'true' to switch on, 'false' to switch off.is an option

LogmonMarkSeverity=severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).

LogmonBurstThreshold=number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).

LogmonBurstQueue=queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).

LogmonBurstCron=boolean — Whether to report also on bursts of repeated cron messages (defaul: false).

LogmonDeadtime=seconds — Do not report a correlated event again within the given time (default: 60 seconds).

LogmonQueue=label:[interval]:(sum|report):severity[:alias] — defines an output queue.

LogmonHost=(perl)regex — Causes the following rules to be applied only to entries for this host(s).

LogmonEndHost — Explicitely ends a preceding LogmonHost directive.

LogmonGroup=(perl)regex — Causes the following rules to be applied only if the group regex matches.

LogmonEndGroup — Explicitely ends a preceding LogmonGroup directive.

LogmonRule=queue_label:(perl)regex — matches a logfile entry against the provided regular expression.

PrevHomeNext
Checking for open portsUpDatabase
MANUAL-2_3/keypad.html0000775000175000017500000001463612234446603014124 0ustar rainerrainer Integrity of the samhain executable
The Samhain Host Integrity Monitoring System
PrevChapter 11. Security DesignNext

11.2. Integrity of the samhain executable

Each samhain executable contains a compiled-in key, that is used when the signatures of emails and/or logfile entries are verified. By default, a cryptographically strong random key is generated by the configure script at compile time. Thus, each build is unique, and signature verification will fail if a different build is used, except if the compiled-in key was set to a common value for both builds.

To set a user-defined key, there is an option

./configure --enable-base=B1,B2

where B1,B2 should be two integers in the range 0...2147483647.

The key generated by configure is printed in the configure script's output. It is recommended that you save this key and use it for further builds.

Whenever you try to verify the integrity of e-mails or log file entries, this compiled-in key is used (to be more specific: the signature key is encrypted with a one-time pad generated from the message itself and the compiled-in key). As a result, if executable B is used to verify the integrity of e-mails sent by executable A, integrity verification will fail if the compiled-in keys of A and B do not match. This can be used to check the integrity of A in a straightforward way (check e-mails on another host, using a different executable compiled with the same key).

Obviously, this scheme can be broken, but it requires an intruder to disassemble/decompile and analyze the existing samhain executable, rather than simply replace it with a precompiled trojan.

However, if you use a precompiled samhain executable (e.g. from a binary distribution), in principle a prospective intruder could easily obtain a copy of the executable and analyze it in advance. This will enable her/him to generate fake audit trails and/or generate a trojan for this particular binary distribution.

For this reason, it is possible for the user to add more key material into the binary executable. This is done with the command:

samhain --add-key=key@/path/to/samhain_executable

This will read the file /path/to/samhain_executable, add the key key, which can be a string of arbitrary length, except that it should not contain a '@' (because it has a special meaning, separating key from path), and write the new binary to the location /path/to/executable.out (i.e. with .out appended).

NoteFor Clarification
 

Please note that --add-key does not replace a compiled-in key but only adds to it. Integrity verification depends on both the compiled-in and any added key material, and integrity verification using different binaries will therefore only work if all were compiled with the same key and had the same extra key material (if any) added in.

WarningWARNING
 

Using a precompiled samhain executable from a binary package distribution is not recommended unless you add in key material as described above.

PrevHomeNext
Security DesignUpClient executable integrity
MANUAL-2_3/mondef.html0000775000175000017500000001552412234446602014113 0ustar rainerrainer Monitoring login/logout events
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.11. Monitoring login/logout events

To compile with support for this option, use the configure option

./configure --enable-login-watch

samhain can be compiled to monitor login/logout events of system users. For initialization, the system utmp file is searched for users currently logged in. To recognize changes (i.e. logouts or logins), the system wtmp file is then used.

Optionally, it is possible to perform further checks for login events. All these additional checks are off by default. The following checks are provided:

First login

Report on the first login from a host or a domain / subnet. This option is configured with the directive:

LoginCheckFirst = no|yes|domain

If set to yes, samhain will issue a report when a user logs in from some host they haven't logged in from before. If set to domain, the domain (or C-class subnet, if the host cannot be resolved) is checked instead of the host.

Statistical outlier

Report unusual login times. This option will only take effect once a user has logged in several times, and a database of login times has been built which can be analyzed for statistical outlier detection. Since this is based on statistics, it will inevitably cause false positives (legitimate logins reported as outliers). This option is configured with the directive:

LoginCheckOutlier = no|yes|paranoid

If set to yes, samhain will issue a report when a login time is found to be an outlier with 99 per cent probability. If set to paranoid, the required outlier probability is lowered to 95 per cent, resulting in more reports and more false positives (legitimate logins reported as outliers).

Login date (global)

Report login events occuring outside some given date restrictions. This option is configured with the directive:

LoginCheckDate = date

Possible values for date are: always, never, and workdays|saturday|sunday(list of time ranges), e.g. workdays(8:00-10:00,13:00-16:00) or saturday(08:10-17:20). To set date restriction for workdays (Mo-Fr) and saturday and/or sunday, use LoginCheckDate multiple times. The internal time resolution is ten minutes, i.e. 8:09 will be interpreted as 8:00.

Login date (individual)

Report login events occuring outside some date restrictions defined for the given individual user. This option, if defined for a given user, overrides the global setting above, and is configured with the directive:

LoginCheckUserDate = user:date

Here, user must be the login name for a user, and date has to be given as in the global option.

This facility is configured in the Utmp section of the configuration file: 

  [Utmp]  
  #  
  # activate (0 for switching off) 
  # 
  LoginCheckActive=1 
  #  
  # interval between checks (in seconds)
  # 
  LoginCheckInterval=600 
  #  
  # these are the severities (see section Section 4.1.1) 
  # 
  SeverityLogin=info 
  SeverityLogout=info 
  #  
  # multiple logins by same user 
  # 
  SeverityLoginMulti=crit

PrevHomeNext
Detecting Kernel rootkitsUpChecking mounted filesystem policies
MANUAL-2_3/deployment.html0000775000175000017500000010514112234446603015017 0ustar rainerrainer Deployment to remote hosts
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 10. Deployment to remote hosts

10.1. Method A: The deployment system

samhain includes a system to facilitate deployment of the client to remote hosts. This system enables you to: build and store binary packages for different operating systems, install them, create baseline databases upon installation, update the server configuration, and maintain the client database required by the beltane web-based console.

The system comprises a shell script deploy.sh that will be installed in the same directory as the samhain/yule (by default, /usr/local/sbin), and a directory tree that will be installed below the samhain/yule data directory (see Section 10.1.2>). The script and the directory tree can be relocated freely. There is a configuration file ~/.deploy.conf that is created in the home directory of the user when deploy.sh is run for the first time, where you can specify the default for the top level directory of the system.

NoteNote
 

In the following, an architecture is just a label for some group of hosts, typically a particular operating system (or some particular installation thereof). As long as you know what the label means, you can choose it freely (alphanumeric + underscore).

The architecture for a build/install host (i.e. the association between a host and the architecture-specific configuration data) is currently specified via a command-line option.

The system allows to use per-architecture customized build options, as well as per-host customized runtime configuration files.

By default, the system will search for a sufficiently advanced incarnation of dialog to provide a nice user interface. You can switch this off in favour of a plain console interface, if you prefer (or if you want to run the script non-interactively).

To use this system, you must first install it with the command:

sh$ make install-deploy

TipInstallation tip
 

This system is somewhat tied to the server (yule). While you can safely install it later, installing it together with the server will take care that the defaults are already correct. Upon first invocation a configuration file ~/.deploy.conf will be written, where you can modify the defaults settings.

WarningBackward compatibility
 

The deployment system has been completely revised in version 2.0 of samhain. It will not work with samhain versions below 2.0 (i.e. you cannot install them using this system). However, the default location and format of the client database (used by the beltane web-based console) has not changed.

Installing the new version of the deploy system will not overwrite the old version (deploy.sh will be installed as deploy2.sh, if an old version is detected).

10.1.1. Requirements

  1. You must have compiled and installed the server (yule) on the local host where you use the deploy system.

  2. You must have installed the deployment system by using make deploy-install. This will install the script deploy.sh into the sbindir (default /usr/local/sbin, but depends on your configure options), and the deployment system into localstatedir/install_name/profiles (default /var/lib/yule/profiles, but depends on your configure options).

    If you already have installed the deprecated version 1 deployment system, the script will be installed as deploy2.sh.

  3. For each architecture that you define, there must be (at least) one build host where development tools (C compiler, make, strip) are available to build the client executable.

  4. On each remote where you want to build or install, you should be able to login as root with ssh using RSA authentication, such that ssh-agent can be used.

TipTip
 

To use RSA-based authentication in a secure way, you may proceed as follows:

Use ssh-keygen to create a public/private key pair. Don't forget to set a passphrase for the private key (ssh-keygen will ask for it).

Copy the public key (HOME/.ssh/identity.pub for the ssh protocol version 1, HOME/.ssh/id_rsa.pub for ssh protocol version 2) to HOME/.ssh/authorized_keys on any remote host where you want to log in. Do not copy the private key HOME/.ssh/identity (ssh protocol version 1) or HOME/.ssh/id_rsa (ssh protocol version 2) to any untrusted host !

On your central host, execute the commands (use "ssh-agent -c" if you are using a csh-style shell):

bash$eval `ssh-agent -s`
bash$ssh-add

You can then ssh/scp without typing the passphrase again, until you exit the current shell.

10.1.2. Layout of the deployment system

(localstatedir)/(install_name)/profiles/
                      |
                      |
                      |-- source ------------> (tarballs)
                      |
                      |-- configs -----------> (default configs)
                      |
                      |-- archpkg
                      |    | 
                      |    |-- architecture -> (compiled package, setup script)
                      |
                      |-- hosts
                      |    |
                      |    |-- hostname -----> (optional host-specific config)
                      |
                      |-- libexec -----------> (scripts)
                      |
                      |-- private -----------> (gpg key)
                      |
                      |-- tmp

10.1.2.1. The configs subdirectory

The configs subdirectory holds for each architecture at least two files (example files will be placed there upon installation of the deployment system):

<architecture>.configure (required)

The configure options for this architecture; one option per line, each enclosed in single quotes.

If this file does not exist, it will be copied from generic.configure, which is created upon installation, and holds (only) some minimum options.

<architecture>.samhainrc (required)

The default runtime configuration file for a client running on this architecture. It is possible to override this on installation with a file hosts/<hostname>/samhainrc.

<architecture>.preinstall (optional)

The shell script to run before installing a client. Typically this script would shutdown the running client, if there is one.

Defaults to libexec/preinstall.

<architecture>.postinstall (optional)

The shell script to run after installing a client. This script receives the client password as first (and only) argument, and typically would set the password in the client binary.

Defaults to libexec/postinstall.

<architecture>.initscript (optional)

The shell script to initialize/update the baseline database file installing a client.

Defaults to libexec/initscript.

10.1.2.2. The archpkg subdirectory

The archpkg directory holds for each architecture a subdirectory archpkg/<architecture>, where compiled binary installer packages are stored.

For each build, up to four files will be stored: (a) the binary installer package samhain-<version>.<format>, (b) the configure options used (configure-<version>.<format>), (c) the samhain-install.sh script generated during the build (install-<version>.<format>), and (only for packed executables) the client password set in the executable (PASSWD-<version>.<format>).

10.1.3. Customizing the system

10.1.3.1. Setting default options

If you want to change the default options, you can set some of them via a configuration file ~/.deploy.conf, which is created upon the first invocation of deploy.sh.

10.1.3.2. Adding support for an architecture

To add support for another architecture <arch>, just create the two files <arch>.configure (configure options) and <arch>.samhainrc (runtime configuration) in the configs directory of the deployment system (see Section 10.1.2>).

Upon installation of the system, a template file generic.configure is created, which contains the minimum options for a client.

10.1.3.3. Per-architecture pre-/postinstallation scripts

The default scripts for preinstallation (shutting down the running client) and postinstallation (setting the client password, fixing the local configuration file), and the script for database initialization are located in the libexec directory. You can override them for some (or all) architectures by storing architecture-specific files <arch>.preinstall, <arch>.postinstall, <arch>.initscrip in the configs directory.

10.1.3.4. Per-host runtime configuration

If you want to override the runtime configuration file configs/<arch>.samhainrc on a per-host basis, you need to store a host-specific runtime configuration file as hosts/<hostname>/samhainrc, before you run deploy.sh install.

10.1.4. Using the deploy.sh script

TipTip
 

When run for the first time, deploy.sh will create a configuration file ~/.deploy.conf with some default configuration options. You may want to review this file. Note that you can override all options there with command-line options; the configuration file is just for convenience, if you don't like the defaults and don't want to type the corresponding option on the command line every time.

deploy.sh can be invoked in three ways:

bash$deploy.sh --help
This will provide a general overview.
bash$deploy.sh --help command
This will provide help on a specific command (where command can be any of:
'clean', 'download', 'checksrc', 'build', or 'install'.
bash$deploy.sh [options] command
This will run 'command' with the specified options.

A log of the last run will be kept in tmp/logfile.lastrun

command can be any of the following:

info

Provides information on installed clients, or available installer packages.

clean

Removes source tarballs from the source subdirectory of the deploy system. Removes unused installer packages from the archpkg/<arch> subdirectories of the deploy system.

download

Download a source tarball from the distribution site, verify the GnuPG signature (gpg must be installed), and install it into the source subdirectory of the deploy system. Requires one of: wget, curl, links, lynx, fetch, or lwp-request.

checksrc

Check the GnuPG signatures of available source tarballs in the source subdirectory of the deploy system (gpg must be installed). Optionally delete tarballs with no/invalid signature.

build

Build a binary installer package for the chosen architecture from one of the tarballs in the source subdirectory, and store it in the archpkg/<architecture> subdirectory (which will be created if it does not exist yet). Requires a file <architecture>.configure and a file <architecture>.samhainrc in the configs subdirectory.

install

Copy a pre-built binary package (built with deploy.sh build) to a remote host, stop the client running there (if any), install the (new) client, update the server configuration file and reload the server, initialize the file signature database and fetch it from the remote host.

uninstall

Remove a samhain client that was previously installed with deploy.sh install.

10.1.4.1. General options

-q | --quiet | --quiet=2 Produce output suitable for logging. Note that --quiet=2 implies --yes (see below).

-s | --simulate Print what would be done, but do not actually change the system.

-y | --yes Assume yes as answer to all prompts and run non-interactively.

-o <file> | --logfile=<file> Specify an output file for messages that would go to stdout otherwise. Has no effect on stderr (error messages).

-d <dialog> | --dialog=<dialog> Specify your preferred "dialog" clone (e.g. Xdialog). Use "no" to force plain text.

10.1.5. deploy.sh info

This command will show information for hosts in the client database (default), or for available binary installer packages.

10.1.5.1. Specific options

--packages Show information for available installer packages rather than for clients.

10.1.6. deploy.sh clean

This command will clean unused files: source tarballs in the source subdirectory, and unused installer packages in the archpkg/<arch> subdirectories.

10.1.6.1. Specific options

There are no specific options for this command.

10.1.7. deploy.sh download

This command will download a source tarball from the distribution website, verify its GnuPG signature, and install it into the source subdirectory. This command requires that either wget or lynx is in your PATH.

NoteManual installation of source
 

This note applies if you want to download source manually instead. Samhain distribution tarballs contain exactly two files: first, a source tarball with the source code, and second, its GnuPG signature. For installation into the source subdirectory, the distribution tarball must be unpacked, and both the source source tarball and its GnuPG signature moved into the source subdirectory.

10.1.7.1. Specific options

--version=<version> The version of samhain to download. The default is "current" to download the current version.

10.1.8. deploy.sh checksrc

This command will check the GnuPG signatures of source tarballs in the source subdirectory.

10.1.8.1. Specific options

--delete Delete source tarballs if PGP signature cannot be verified.

10.1.9. deploy.sh build

This command will create a temporary directory on a remote build host, copy the selected version of the source there, build the selected format of the binary installer package, retrieve and store the package into the archpkg/<architecture> subdirectory, and remove the temporary build directory.

For each build, up to four files will be stored: (a) the binary installer package samhain-<version>.<format>, (b) the configure options used (configure-<version>.<format>), (c) the samhain-install.sh script generated during the build (install-<version>.<format>), and (only for packed executables) the client password set in the executable (PASSWD-<version>.<format>).

NotePackage formats
 

Note that the build host must provide the required tools if you want to build a package for the native package manager (i.e. deb, rpm, tbz2, depot (HP-UX), or solaris pkg). On RPM-based Linux distributions and Gentoo Linux, building of RPMs and tbz2s, respectively, should just work. Debian requires additional packages for building debs.

The "run" binary package format does not require additional tools (it is a self-extracting tar package based on the makeself application, which is included in the samhain distribution). Use /bin/sh <package> --help for details.

10.1.9.1. Specific options

--host=<hostname> The build host.

--arch=<arch> The architecture to build for. This is used to get the "./configure" options from the file configs/<arch>.configure, and to store the binary package into the directory archpkg/<arch>.

--version=<version> The version of samhain you want to build. Must be in the source subdirectory.

--format=<run|rpm|deb|tbz2|depot|solaris-pkg> The format of the binary installer package. "run" is a portable (Unix) package based on makeself, "deb" is a Debian package, "tbz2" is a binary Gentoo Linux package, "rpm" is an RPM package, "depot" is an HP-UX binary package, and "solaris-pkg" for Sun Solaris.

--packed=<password> Build a packed executable, and set the client password before packing.

--user=<username> Login as <username> on the build host (defaults to root).

--add-path=<path> Append <path> to the PATH variable on the build host.

--tmpdir=<path> Temporary directory to use on the build host (defaults to /tmp).

10.1.10. deploy.sh install

This command will create a temporary directory on a remote host, copy the selected version of the installer package, its corresponding samhain-install.sh script, the runtime configuration file, and the preinstall, postinstall, initscripts scripts there. It will then:

(A) run the preinstall script on the client, which shuts down the running samhain daemon (if there is any).

(B) install the binary installer package on the client.

(C) run the postinstall script on the client, which sets the client password (unless the binary is packed), and replaces the default runtime configuration file with the proper one. The latter step is required, because deploy.sh build builds from the pristine source, so the runtime configuration file in the installer package is just the default one.

(D) copy the proper client runtime configuration file to the server data directory (as rc.<client_name>), fix the server configuration file, and restart the server (which will fail non-fatally if the server is not running).

(E) run the initscript script on the client, which initializes (or updates) the baseline database.

(F) retrieve the baseline database, copy it to the server data directory (as file.<client_name>), and remove the temporary directory on the client.

NoteThe runtime configuration file
 

If hosts/<hostname>/<arch>.samhainrc or hosts/<hostname>/samhainrc exists, this will be used (in this order of preference), otherwise configs/<arch>.samhainrc will be used. If the latter does not exist, the command will fail.

NoteTransparent handling of particular build options
 

The build options '--enable-stealth=..' is handled by determining the argument from the configure options that were used for the build, and preparing the runtime configuration file appropriately. I.e., you should provide a 'normal', plain-text configuration file.

The build option '--with-nocl=..' is handled by determining the argument (which is required for database initialization) from the configure options that were used for the build, and passing it to the initscript script.

10.1.10.1. Specific options

--host=<hostname> The host on which to install.

--group=<foobar> The group to which you want to assign that client (default: none). This is used by the beltane web console to restrict access to users which are members of that group.

--arch=<arch> The architecture to install. This is used to get the installer package from the directory archpkg/<arch>/.

--version=<version> The version of samhain you want to install. An installer package for this version must exist in the archpkg/<arch>/ subdirectory.

--format=<run|rpm|deb|tbz2|depot|solaris-pkg> The format of the binary installer package. "run" is a portable (Unix) package based on makeself, "deb" is a Debian package, "tbz2" is a binary Gentoo Linux package, "rpm" is an RPM package, "depot" is an HP-UX binary package, and "solaris-pkg" for Sun Solaris.

--yule_exec=<path> Path to the yule executable.

--yule_conf=<path> Path to the yule configuration file.

--yule_data=<path> Path to the yule data directory.

--no-init Do not initialize the file signature (baseline) database (and consequentially, do not replace the file.<host> file on server.

--no-rcfile Do not replace the rc.<host> file on server.

--no-start Do not start up the client after installation.

--local=<command> An optional command executed locally (i.e. on the server) twice (with the last argument set to 'first' and 'second', respectively. First is after client config file installation (i.e. before baseline database initialisation on the client), second is just before client startup. The script will be called with the following five arguments:

  1. hostname, i.e. the host on which to install,

  2. arch, the architecture to install,

  3. the directory where the deployment system is installed (default is /var/lib/yule/profiles, but depends on your configure options),

  4. the server data directory where client configuration files and baseline databases are stored (default is /var/lib/yule, but depends on your configure options),

  5. the literal word 'first' if the script is called the first time during client installation, the literal word 'second' otherwise.

--tmpdir=<path> Temporary directory to use on the installation host (defaults to /tmp).

10.1.11. deploy.sh uninstall

This command will remove a samhain client that was previously installed by using deploy.sh install.

10.1.11.1. Specific options

--host=<hostname> The host on which to uninstall.

--tmpdir=<path> Temporary directory to use on this host (defaults to /tmp).

10.1.12. Usage notes

WarningWarning
 

On Solaris, the PATH environment variable on the remote host (where you build or deploy) may get set according to /etc/default/su, which may be different from what you would expect (noted by S. Bailey).

PrevHomeNext
Packing the executable Method B: The native package manager
MANUAL-2_3/installation-install.html0000775000175000017500000001330112234446600016775 0ustar rainerrainer Install
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.6. Install

After successful compilation, you can install samhain by typing:

sh$ make install

The installation routine will not overwrite your configuration file from a previous installation.

Executables will be stripped upon installation. On Linux i386 and FreeBSD i386, the sstrip utility (copyright 1999 by Brian Raiter, under the GNU GPL) will be used to strip the executable even more, to prevent debugging with the GNU gdb debugger.

After installation, you will be offered to run make install-boot in order to install the init scripts that are required to start samhain automatically when your system (re-)boots. For many operating systems (Linux, *BSD, Solaris, HP-UX, IRIX), configure will generate init scripts, and make install-boot will figure out which of them to install, and where (if the correct distribution cannot be determined, none of them will be installed).

sh$ make install-boot

2.6.1. Important make targets

sh$ make install

Create the required directories (if not existing already), and install the compiled executable and the configuration file.

bash$ make DESTDIR=/somedir install

Install as if /somedir is the root directory. Useful for creating packages or installing for chroot (server).

sh$ make install-boot

Install runlevel start/stop scripts or create inittab entry (AIX) in order to start the daemon upon system boot. Supported on Linux, *BSD, Solaris, HP-UX, AIX(*), IRIX(*) [(*) untested].

sh$ make uninstall

Uninstall the executable and remove directories if empty. Does not uninstall the configuration file.

sh$ make purge

As make uninstall, but also remove the the configuration file.

sh$ make uninstall-boot

Uninstall the runlevel start/stop scripts.

TipTip
 

You can save the script samhain-install.sh and use it for uninstalling if you ever want to remove samhain: 

sh$ samhain-install.sh purge
sh$ samhain-install.sh uninstall-boot

PrevHomeNext
BuildUpCustomize
MANUAL-2_3/intro.html0000775000175000017500000000637612234446600014001 0ustar rainerrainer Introduction
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 1. Introduction

samhain is a file and host integrity and intrusion alert system suitable for single hosts as well as for large, UNIX-based networks. samhain offers advanced features to support and facilitate centralized monitoring.

In particular, samhain can optionally be used as a client/server system with monitoring clients on individual hosts, and a central log server that collects the messages of all clients.

The configuration and database files for each client can be stored centrally and downloaded by clients from the log server. Using conditionals (based on hostname, machine type, OS, and OS release, all with regular expresions) a single configuration file for all hosts on the network can be constructed.

The client (or standalone) part is called samhain, while the server is referred to as yule. Both can run as daemon processes.

PrevHomeNext
The Samhain Host Integrity Monitoring System Compiling and installing
MANUAL-2_3/mod-db-fields.html0000775000175000017500000000615312234446603015250 0ustar rainerrainer Modules
The Samhain Host Integrity Monitoring System
PrevAppendix D. List of database fieldsNext

D.2. Modules

module

Name of a samhain module (e.g. the module to watch login/logout events). Used in initialization/error reports for a module.

return_code

Return code from a module. Used in initialization/error reports for a module.

syscall

ID of bad syscall. Kernel checking module.

ip

IP address. Login/logout watch. Also used in received syslog messages (see below).

tty

Terminal used. Login/logout watch.

time

Login/logout time. Also used in some other messages (e.g. time to complete file check).

fromhost

Host from which user is logged in. Login/logout watch.

PrevHomeNext
List of database fieldsUpSyslog
MANUAL-2_3/filedef.html0000775000175000017500000013426412234446601014243 0ustar rainerrainer Defining file check policies: what, and how, to monitor
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.4. Defining file check policies: what, and how, to monitor

This section explains how to specify in the configuration file, which files or directories should be monitored, and which monitoring policy should be used.

5.4.1. Monitoring policies

samhain offers several pre-defined monitoring policies. Each of these policies has its own section in the configuration file. Placing a file in one of these sections will select the respective policy for that file.

The available policies (section headings) are:

ReadOnly

All modifications except access times will be reported for these files.

Checked: owner, group, permissions, file type, device number, hardlinks, links, inode, checksum, size, mtime, ctime.

LogFiles

Modifications of timestamps, file size, and signature will be ignored.

Checked: owner, group, permissions, file type, device number, hardlinks, links, inode.

GrowingLogFiles

Modifications of timestamps, and signature will be ignored. Modification of the file size will only be ignored if the file size has increased.

Checked: owner, group, permissions, file type, device number, hardlinks, links, inode, size >= previous_size, checksum(file start up to previous size) equals previous checksum.

If the size has shrunk (e.g. because of log rotation), samhain will look for a file with the same inode as before and check whether it has a size >= previous_size, and checksum(file start up to previous size) equals previous checksum. No report will be issued if this check succeeds. Thus log rotation will be handled gracefully as long as the inode is kept (i.e. the old file is moved rather than copied) and the first rotated file is not compressed (the logrotate tool can be told to compress only after the second cycle, and on Debian this seems to be standard anyway).

Attributes

Only modifications of ownership, access permissions, and device number will be checked.

Checked: owner, group, permissions, file type, device number.

IgnoreAll

No modifications will be reported. However, the existence of the specified file or directory will still be checked.

IgnoreNone

All modifications, including access time, but excluding ctime, will be reported - checking atime and ctime would require to play with the system clock.

Checked: owner, group, permissions, file type, device number, hardlinks, links, inode, checksum, size, mtime, atime.

User0

Initialized to: report all modifications.

User1

Initialized to: report all modifications.

User2

Initialized to: report all modifications.

User3

Initialized to: report all modifications.

User4

Initialized to: report all modifications.

Prelink

Modifications of timestamps, size, and inode will be ignored Checksums will be verified by calling /usr/sbin/prelink --verify. This policy is intended for verification of prelinked executables/libraries and/or directories containing such files. For details and further configuration options see Section 5.4.8>.

Checked: owner, group, permissions, file type, device number, hardlinks, links, checksum.

NoteNote
 

Each policy can be modified in the config file section Misc with entries like RedefReadOnly=+XXX[,...] or RedefReadOnly=-XXX[,...] to add (+XXX) or remove (-XXX) a (a comma-separated list of) tests XXX, where XXX can be any of CHK (checksum), TXT (store file content in database), LNK (link), HLN (hardlink), INO (inode), USR (user), GRP (group), MTM (mtime), ATM (atime), CTM (ctime), SIZ (size), RDEV (device numbers), MOD (file mode), PRE (Linux; prelinked binary), SGROW (file size is allowed to grow), and/or AUDIT (Linux; report who changed the file)

This must come before any file policies are used in the config file.

5.4.2. File/directory specification

Entries for files have the following syntax:

file=/full/path/to/the/file

Entries for directories have the following syntax:

dir=[recursion depth]/full/path/to/the/directory

The specification of a (numerical) recursion depth is optional (see Section 5.4.5>). (Do not put the recursion depth in brackets — they just indicate that this is an optional argument!).

Wildcard patterns ('*', '?', '[...]') as in shell globbing are supported for paths. The leading '/' is mandatory. Since version 2.7.1, it is allowed to enclose the value of the directive (i.e. the path for files, the optional recursion depth and the path for directories) within matching single or double quotes, which allows to have trailing blanks (note: it is not neccessary to escape quotes in between - the algorithm does not scan forward to find the matching quote, rather it uses the last character). Also since version 2.7.1, C quoting style is supported ('\a' [bell], '\b' [backspace], '\f' [form feed], '\n' [newline], '\r' [carriage return], '\t' [horizontal tab], '\v' [vertical tab], '\\' [backslash], '\'' [single quote], '\"' [double quote], '\nnn' [dree digit octal value], \xNN' [two digit hexadecimal value]). Example:

[ReadOnly]
# valid examples
dir = /u01/oracle/archive00
dir = 7/u01/oracle/archive02
dir = "7/u01/oracle/archive03  "
dir = "7/u01/oracle/archi"ve"
dir = /u01/oracle/archive\v04
dir = /u01/oracle/archive\\04
dir = /u01/oracle/archive\076
file = '/u01/oracle/archive\x0a'

# valid (no quote at start, thus quote at end
#        is considered part of filename)
file = /u01/oracle/archive_0"

#invalid (no matching quote at end)
file = "/u01/oracle/archive_0

#invalid (\03 is bad, must be 3 digits [octal]
#         or \x03 for hexadecimal)
file = /u01/oracle/archive_\03

#invalid (\g is undefined escape sequence)
file = /u01/oracle/archive_\g

NoteNote on directories
 

A directory is (a) a collection of files, with (b) a directory special file where a listing of all files in the directories is kept. This directory special file will be modified in case of a file addition, removal, or renaming. Depending on the chosen policy, samhain will report on such modifications of the directory special file.

The addition and/or deletion of files from a directory modifies the directory special file (mtime/ctime). The addition/deletion of subdirectories will also modify the number of hardlinks of the directory special file. A modification of a file may modify a directory special file (mtime/ctime), if this modification is done by first creating a temporary file, followed by renaming this temporary file to the original one.

5.4.2.1. Rules

  1. For the file check, samhain does not follow symlinks. If the argument for a file=... directive is a symlink, then the symlink itself is checked, not the location it points to.

  2. The argument for a dir=... directive must be a directory. Using a symlink to a directory as argument is incorrect.

  3. Precedence is given to the most specific location in the filesystem regardless of the order listed in the config file. I.e.,

    • a policy for a specific file overrides the policy for its directory

    • a policy for a subdirectory overrides the policy for its parent directory

    • if a directory or file path are explicitly listed twice in two different policy sections, Samhain will print a warning and honor only the first stanza processed. "First matching rule wins." Note however that it is perfectly ok to list a directory both as file=/path and dir=/path (see next rules).

  4. Checking a directory with dir=... will check both the content of the directory as well as the directory special file itself, honoring a local and global recursion depth, giving local preference.

  5. Using a directory as argument for both a file=... and a dir=... directive will have the effect that

    • the file=... directive will override the dir=... directive for the directory special file itself,

    • while the dir=... directive remains in effect for the directory content.

  6. The presence of a file=/parent/subdir, which is more specific of a path entry than that of the parent directory in another policy section with a "deeper" recursion depth as dir=N/parent will not prevent Samhain from descending into /parent/subdir and applying the higher level directory with the "deeper" recursion policy to the contents of /parent/subdir The more-specific rule will only apply to the directory special file and does not "truncate" the higher level policy in any way.

  7. To determine if you config file syntax is working as expected, increase the verbosity of debugging when running samhain with "-t init" using "-p info" or even "-p debug".

Example 1: If you only want to check files in a directory, but not the directory inode itself, use:

[ReadOnly]
dir = /u01/oracle/archive00
[IgnoreAll]
file = /u01/oracle/archive00

# Note: /u01/oracle/archive00/archive01.dbf -> archive99.dbf *should* be
# mounted in the DB as a read-only tablespace and should never be
# changed, however, the DBA thinks he's God and does not need to consult
# with the Admin, so he may be adding new, deleting, or renaming the
# DBFs using SQLPlus without consulting with the admin, so tell me about
# changes to the files inside that we know about at Samhain INIT but
# such as when he adds a file.

Example 2: If you want to monitor a directory, but not the dynamic contents inside it:

[Attributes]
file = /var/spool/mqueue
file = /tmp
[IgnoreAll]
dir=-1/var/spool/mqueue
dir=-1/tmp

Example 3: If you want to monitor a directory special file, while ensuring no files within are removed but not the actual attributes of those files:

[Attributes]
file = /root
[IgnoreAll]
dir=0/root

Thanks to Brian A. Seklecki for his effort to clarify these rules and provide examples.

5.4.3. Suppress messages about new/deleted/modified files

If you want to suppress messages about the creation of certain files (e.g. rotated log files), you can use the options IgnoreAdded=/fullpath/with_some_regex_inside and/or IgnoreMissing=/fullpath/with_some_regex_inside (to be placed in the [Misc] section of the configuration files. If you want to add more regular expressions, you can use these options multiple times. Since transient files might get modified during their lifetime, there is also the option IgnoreModified=/fullpath/with_some_regex_inside

TipNote
 

The argument to IgnoreAdded, IgnoreMissing, and IgnoreModified must be a regular expression that matches the full path. In particular, it has to start with a forward slash.. To test your regex before putting in samhain, you do something like this:

# This regex matches all files added by logrotate (e.g: messages.1 or messages.2.gz, etc.)
cd /var/log
for file in *; do echo $file| egrep "(cron|ksyms|maillog|messages|rpmpkgs|secure|spooler|up2date|wmtp)\.[0-9](\.gz)?$" ; done

Once it's work this way, you can add it to your samhainrc file, but don't forget to add the full path. e.g: 

IgnoreAdded = /var/log/(cron|ksyms|maillog|messages|rpmpkgs|secure|spooler|up2date|wmtp)\.[0-9](\.gz)?$

This tip has been provided by jim at aegis hyphen corp dot org.

TipAlternative
 

If a directory is added to [Attributes] as a file=/dir, then only the directory special file is monitored for permissions/ownership. The advantage is that additions/removals of files to that subdirectory can happen without recourse, but the integrity of that directory is defended. Assuming the administrator doesn't want to get granular level of detail.

Good for such directories as: /var/mail /var/cron/tabs /var/tmp /tmp

This tip has been provided by Brian A. Seklecki

5.4.4. Dynamic database update (modified/disappeared/new files)

samhain reads the file signature database at startup and creates an in-memory copy. This in-memory copy is then dynamically updated to reflect changes in the file system.

I.e. for each modified/disappeared/new file you will receive an alarm, then the in-memory copy of the file signature database is updated, and you will only receive another alarm for that file if it is modified again (or disappears/appears again).

Note that the on-disk file signature database is not updated (if you have signed it, the daemon could not do that anyway). However, as long as the machine is not rebooted, there should be no need to update the on-disk file signature database.

If files disappear after initialization, you will get an error message with the severity specified for file access errors (except if the file is placed under the IgnoreAll policy, in which case a message of SeverityIgnoreAll — see Section 4.1.1> — is generated).

If new files appear in a monitored directory after initialization, you will get an error message with the severity specified for that directory's file policy (except if the file is placed under the IgnoreAll policy, in which case a message of SeverityIgnoreAll — see Section 4.1.1> — is generated).

The special treatment of files under the IgnoreAll policy allows to handle cases where a file might be deleted and/or recreated by the system more or less frequently.

5.4.5. Recursion depth(s)

Directories can be monitored up to a maximum recursion depth of 99 (i.e. 99 levels of subdirectories. The recursion depth actually used is defined in the following order of priority:

  1. The recursion depth specified for that individual directory (Section 5.4>). As a special case, for directories with the policy IgnoreAll, the recursion depth should be set to 0, if you want to monitor (the existence of) the files within that directory, but to -1, if you do not want samhain to look into that directory.

  2. The global default recursion depth specified in the configuration file. This is done in the configuration file section Misc with the entry SetRecursionLevel=number

  3. The default recursion depth, which is zero.

5.4.6. Hardlink check

As of version 1.8.4, samhain will by default compare the number of hardlinks of a directory to the number of its subdirectories (including "." and ".."). Normally, these numbers should be equal. The idea here is that a (kernel) rootkit may hide a directory, but fail to "fix" the parent directory hardlink count (actually, I am not aware of any kernel rootkit that would care to fix the hardlink count of the parent directory). This is an experimental feature; if there are any problems, it can be disabled with the option UseHardlinkCheck=no in the [Misc] section of the configuration file.

Errors will be reported at the same severity as directory access errors option SeverityDirs=severity in section [EventSeverity]).

NoteMacOS X
 

This feature is not supported on MacOS X (because the resource fork is implemented as an invisible directory, it modifies the parent directory hardlink count.)

5.4.6.1. Specify exceptions for the hardlink check

Some filesystems do not always follow the rule mentioned above (directory hardlink equals number of subdirectories). E.g. the root directory of reiserfs partitions generally seems to have two additional hardlinks. To account for such exceptions, you can specify exceptions with the option HardlinkOffset=N:/path in the [Misc] section of the configuration file. Here, N is the numerical offset (actual - expected hardlinks) for /path. For multiple exceptions, use this options multiple times (note that '/path N:/path2' would itself be a valid path, so using the option only once with multiple exceptions on the same line would be ambiguous).

NoteNote
 

Please note that samhain will not check for an exception if the standard rule (offset = 0) is true for a directory. Thus it will not warn if a directory that once was exceptional is not anymore.

5.4.7. Check for weird filenames

Samhain checks for weird filenames (containing control/nonprintable characters, newlines or tabs) and warns about them at a severity level that is set with SeverityNames=severity in section [EventSeverity]. The rationale is: most of the time, such names are either the result of user errors, buggy scripts, or questionable activity.

If you want to add characters to the set of 'good' ones, you can do so with the option: AddOKChars=N1, N2, ... in the [Misc] section of the configuration file. Nn should be the unsigned byte value of the character(s) in hex (leading '0x': 0xNN), octal (leading zero: 0NNN), or decimal.

TipUTF-8 filenames
 

To specify that filenames are UTF-8 rather than ASCII, use FileNamesAreUTF8=yes. Samhain will check for invalid UTF-8 sequences, and for filenames ending with invisible characters.

TipTip
 

This check will not be performed for files under the IgnoreAll policy. To completely disable this check, use AddOKChars=all.

5.4.8. Support for prelink

prelink is a tool available on modern Linux systems that can significantly reduce the startup time of applications. It does this by performing some of the work of the dynamic linker in advance. As this changes both executables and shared libraries, file integrity verification will fail unless prelink is supported, in particular as prelinking has to be redone if libraries are updated (so initializing the checksum database after prelinking may not be good enough).

The disadvantage is that prelinking modifies libraries and executables, and may need to be redone (potentially modifying all or many executables again) if a library is updated. This is a major problem for file integrity checkers.

Version 2.0 of samhain and later support prelink. To use this support, you need to place prelinked executables and libraries (or directories holding them) under the [Prelink] policy rather than under the (e.g.) [ReadOnly] policy. For all files under the [Prelink] policy, inode, size, and timestamps will be ignored (prelinking changes them). In addition, for ELF binaries under the [Prelink] policy, /usr/sbin/prelink --verify will be used to compute checksums (i.e. the checksum will be computed on the output of this command). For other files, checksums are computed as usual.

NoteSpeed
 

Obviously, invoking prelink results in a significant overhead, and slows down file integrity checking (tests indicate a factor of three - your mileage may vary).

NoteVerification failures (zero checksum)
 

It seems that prelink --verify fails if the dependencies of a prelinked binary have changed. This results in a zero checksum, and can be fixed by re-prelinking the affected binary.

There are two configuration options in the [Misc] section that can are relevant for prelink support:

SetPrelinkPath=fullpath sets the path to the prelink executable. The default is /usr/sbin/prelink.

SetPrelinkChecksum=checksum sets the TIGER192 checksum for the prelink executable. You can compute this with samhain -H /usr/sbin/prelink (remove whitespace from the computed checksum). If the checksum is set, samhain will verify the prelink executable immediately before using it, otherwise prelink will be used without this special precaution.

5.4.9. SELinux attributes and Posix ACLs

NoteNote for users of SQL database logging
 

You need to update the database scheme before using this feature, if you are upgrading from a version below 2.3.0. See Section 4.12.1> for details.

As of version 2.3, samhain supports checking and verifying of SELinux attributes and/or Posix ACLs, if the operating system supports these features. SELinux attributes are a Linux-specific feature, while Posix ACLs are supported by multiple operating systems.

These features will only get compiled if the required development environment is available on the host where samhain is compiled (e.g. on Debian Linux, packages libattr1-dev and libacl1-dev).

For backward compatibility, these features are disabled by default, even if they are compiled in. To enable them, use the configuration directives:

[Misc]
UseACLCheck = yes
UseSelinuxCheck = yes

5.4.10. Codes in messages about reported files

As of version 1.8.2, reports about modified files include a short code in the message field to describe which properties have been modified. The codes are: 'C' for 'checksum', 'L' for (soft) 'link', 'D' for 'device number', 'I' for 'inode', 'H' for (number of) 'hardlinks', 'M' for 'mode', 'U' for 'user' (owner), 'G' for 'group' (owner), 'T' for 'time' (any), and finally 'S' for 'size'.

As an example, 'C--I----TS' would indicate that a file has been replaced by one with different checksum, inode, timestamp, and size, but (e.g.) same mode (type and access permissions) and same ownership.

5.4.11. Loose directory checking

If files are added to, or removed from a directory, or modified by writing a temporary file and renaming it to the original, samhain will report the changed file as well as the changed directory inode. If you regard the report on the directory inode as redundant, you can suppress it with the option: LooseDirCheck=true in the [Misc] section of the configuration file. This will cause samhain to ignore modified directory inodes if nothing else but size and timestamps has changed.

5.4.12. Storing the full content of a file

This is discussed in Section 5.20>.

5.4.13. Who made changes to a file?

First of all, the UID of the user who changed or created a file is not stored in the file metadata, and hence in general not available. However, some operating systems may have non-standard security enhancements to log such information.

In particular, sufficiently recent versions of the Linux kernel provide an audit subsystem that can be used to gather such information if the required userspace tools are installed and the system is properly configured.

It should be noted that the Linux audit subsystem does NOT audit every file access by default. Rather, files are only audited if a watch is placed on them. What Samhain can do is making sure that watches are indeed placed on all files of interest for you (as defined in the Samhain configuration file), and collecting relevant information in case of an event.

NoteRequirements and Audit System Configuration
 

(1) If you want Samhain to report who changed a file, you need to have installed the Linux audit daemon (Debian: auditd, RedHat: audit). In addition, on the machine where Samhain gets compiled the audit development packages (Debian: libaudit-dev, RedHat: audit-libs-devel) are required.

(2) You are most likely interested in the auid, i.e. the audit UID which tracks the login user. This UID is only set correctly if you are using the pam_loginuid PAM module, and in a correct way even. Please read the man page for pam_loginuid carefully, and add the line

session required pam_loginuid.so

to the files /etc/pam.d/gdm, /etc/pam.d/login, /etc/pam.d/atd, /etc/pam.d/cron, /etc/pam.d/sshd.

Do NOT add this line to /etc/pam.d/su or /etc/pam.d/sudo, as that will set auid=0 and hence erase the track of the login user. If your system has a /etc/pam.d/common-session file, don't add it there if that file is included by the /etc/pam.d/su or /etc/pam.d/sudo file(s).

(3) The audit daemon enables the audit system in the kernel. Therefore all processes starting earlier than the audit daemon itself may get an auid=4294967295 (unknown). To avoid this problem, add audit=1 to the kernel boot parameters.

(4) The audit daemon must be running. You can check that with the command auditctl -s, which should show a non-zero PID for the audit daemon. If it says 'pid=0', you need to enable the audit daemon. First, make sure the daemon will autostart on boot: on RedHat/CentOS use chkconfig auditd on, on Debian/Ubuntu use update-rc.d auditd defaults. Second, start the daemon with /etc/init.d/auditd start.

Samhain supports the Linux audit system insofar as it can automatically mark files of interest for logging, and automatically collects and reports the log information after a change has been detected. This implies that you don't need to maintain two separate configurations (one for Samhain and one for the audit daemon).

In order to activate this feature for some particular file or directory, you have to add the AUDIT flag to the policy under which you place the file or directory (see Section 5.4.1>). Note that placing an audit rule on a directory will cause the whole file hierarchy under that directory to be audited. Also note that you cannot place an audit rule on the root directory itself. This is a limitation of the Linux audit system itself, not of Samhain. You have to place audit rules on the individual directories in the root directory.

  [Misc] 
  #  
  RedefReadOnly = +AUDIT
  # 
  [ReadOnly]
  #
  file = /etc/login.defs
  dir = /bin
  #

The rules set by Samhain are flagged with samhain, i.e. you can check them with auditctl -l -k samhain, and delete them manually with auditctl -D -k samhain. See the man page of the auditctl command for further reference.

If you want to verify that the audit system works properly, you can e.g. use ausearch -k samhain to see all audit log entries generated by rules flagged with 'samhain', i.e. inserted by Samhain.

NotePersistance of audit rules
 

If Samhain runs in the foreground, it will not delete the inserted rules upon exit. This is to ensure that file changes are still audited as desired when Samhain is run only occasionally or at fixed intervals (e.g. as a cron job). If you want to delete the rules, use the command auditctl -D -k samhain.

5.4.14. Skip checksumming for particular files

Checksumming can put a high I/O load on a machine, and in some cases one might want to skip this for particular files. As of version 2.8.2, Samhain allows to specify certain conditions for which checksumming of a file should be skipped. These are:

match_prefix( string )

Skip checksumming if the full path of the file starts with the given string (e.g.: /home/someuser).

match_regex( regular_expression )

Skip checksumming if the full path of the file matches the given POSIX regular expression (e.g.: .*\.mpg$).

size_exceeds( bytes )

Skip checksumming if the filesize exceeds the given size (in bytes).

match_permission( numeric_permission )

Skip checksumming if the file permissions exactly match the given one (as octal number, e.g. 0755 for rwxr-xr-x, or 4755 for rwsr-xr-x).

have_permission( numeric_permission )

Skip checksumming if the file permissions include the given one (as octal number, e.g. 0100 for execute by owner).

match_filetype( filetype )

Skip checksumming if the file is of some particular type. See appendix for a list of supported file types.

Files that should not be checksummed are specified with SkipChecksum=list of conditions in the [Misc] section of the configuration file. The following rules apply:

  1. To negate a condition, place an exclamation mark ('!') in front of it.

  2. All conditions in the given list are anded, i.e. checksumming for a file is skipped only if all conditions in the list are true. E.g. you can place a match_prefix(string) condition at the start of the list to avoid evaluation of the following condition(s) for files that should not be skipped.

  3. If more than one SkipChecksum=... directives are given, then they are ored, i.e. checksumming for a file is skipped if one of the directives matches.

5.4.14.1. User-defined file types

It is possible to add (at most 16) user-defined filetype descriptions to the compiled-in list. This can be done with the directive FileType=description where the format of description is 8 fields, separated by ':'.

The 8 fields are offset:type:length:G1:G2:G3:Name:Teststring, which describe:

  1. An optional offset into the file, can be at most 3072-length. Counting starts at 0, thus '6' would mean the 7th byte of the file.

  2. Type is 0 for a C string, 1 if binary, i.e. if the teststring contains NULL bytes,

  3. Length should be 0 if the type is 0, othewise the length of the teststring if it is of type 1 (binary).

  4. G1, G2, G2 give the filetype as GENERIC:MORE_SPECIFIC:EXACT, e.g. IMAGE:COMPRESSED:JPG

  5. The name field is currently unused and should hold a human-understandable description, e.g. 'Jpeg image'

  6. The teststring is a string or yte pattern that is found at the given offset in files of this type. You can use quoted-printable (qp) encoding (which is often used for e-mail) for arbitrary binary patterns. A qp-encoded character (byte) consists of 3 characters: a "=" followed by the two-digit hexadecimal value if the byte. Please note that NULL bytes MUST be qp-encoded as '=00', and the equal sign ('=') MUST be qp-encoded as '=3D'.

A valid example would be FileType=6:0:0:IMAGE:COMPRESSED:JPG:JFIF Jpeg:JFIF (this one is already compiled in). This would recognize any file with the string 'JFIF' starting at the 7th byte (counting starts at '0') as a Jpeg image.

5.4.15. Graceful handling of log rotation

Growing log files should be placed under the [GrowingLogFiles] policy which (as of 3.0.11+) uses the following logic to handle log rotation:

If the size has shrunk (e.g. because of log rotation), samhain will look for a file with the same inode as before and check whether it has a size >= previous_size, and checksum(file start up to previous size) equal to the previous checksum. No report will be issued if this check succeeds. Thus log rotation will be handled gracefully as long as the inode is kept (i.e. the old file is moved rather than copied) and the first rotated file is not compressed (the logrotate tool can be told to compress only after the second cycle, and on Debian this seems to be standard anyway).

PrevHomeNext
File signaturesUpExcluding files and/or subdirectories (All except …)
MANUAL-2_3/server-security.html0000775000175000017500000000610312234446603016010 0ustar rainerrainer The server
The Samhain Host Integrity Monitoring System
PrevChapter 11. Security DesignNext

11.4. The server

The server does not need root privileges. Therefore, if it is started with root privileges, it will drop them irrevocably after startup. If a privileged port (below 1024) must be opened, the server will first open it, then drop root, and only thereafter accept any connection on the port.

The server can be chrooted, and actually has a config file option to do so by itself (which means that you don't need to copy shared libraries into the chroot environment).

(If your clients are configured to download baseline databases and configuration files from the server:) The server does not need write access to the directory where client baseline databases and configuration files are stored, and it would be wise to deny such access (chown to some other user, and allow group read access for the server).

PrevHomeNext
Client executable integrityUpGeneral
MANUAL-2_3/databasefile.html0000775000175000017500000000655112234446602015247 0ustar rainerrainer The file signature database
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.8. The file signature database

The database file is named samhain_file by default, and placed into /usr/local/var/lib/samhain by default (name and location can be configured at compile time).

The database is a binary file. For security reasons, it is recommended to store a backup copy of the database on read-only media, otherwise you will not be able to recognize file modifications after its deletion (by accident or by some malicious person).

samhain will compute the checksum of the database at startup and verify it at each access. samhain will first open() the database, compute the checksum, rewind the file, and then read it. Thus it is not possible to modify the file between checksumming and reading.

PrevHomeNext
Initializing, updating, or checkingUpChecking the file system for SUID/SGID binaries
MANUAL-2_3/checking-for-suid-files.html0000775000175000017500000001017112234446603017236 0ustar rainerrainer Checking for SUID/SGID files
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.7. Checking for SUID/SGID files

Section heading:

[SuidCheck]

Entries:

SuidCheckActive=boolean — '1' to switch on, '0' to switch off.

SuidCheckExclude=path — A directory (and its subdirectories) to exclude from the check. Only one directory can be specified this way.

SuidCheckSchedule=schedule — Crontab-like schedule for checks.

SeveritySuidCheck=severity — Severity for events.

SuidCheckFps=fps — Limit files per seconds for SUID check.

SuidCheckNosuid=boolean — Check filesystems mounted as nosuid. Defaults to not.

SuidCheckQuarantineFiles=boolean — Whether to quarantine files. Defaults to not.

SuidCheckQuarantineMethod=0|1|2 — Quarantine method. Delete = 1, remove suid/sgid flags = 1, move to quarantine directory = 2. Defaults to 1 (remove suid/sgid flags).

SuidCheckQuarantineDelete=boolean — Whether to delete rather than truncate, if method 0 (delete) is chosen. Default is truncate.

PrevHomeNext
Checking for kernel module rootkitsUpChecking for mount options
MANUAL-2_3/installation-requirements.html0000775000175000017500000001161112234446600020054 0ustar rainerrainer Requirements
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.2. Requirements

POSIX environment

Samhain will only compile and run in a POSIX operating system, or an emulation thereof (e.g. the free Cygwin POSIX emulation for Windows XP/2000).

ANSI C compiler and build system

You need an ANSI C compiler to compile samhain. The GNU C compiler (GCC) from the Free Software Foundation (FSF) is fine. If your vendor's compiler is ANSI compliant, you should give it a try, since it might produce faster code. Also you will need to have standard tools like make in your PATH (the make tool is part of the POSIX standard).

[OPTIONAL] GnuPG

If you want to use signed configuration and database files (this is an optional feature), GnuPG (gpg) must be installed.

[OPTIONAL] libacl/libattr

Samhain can check and verify POSIX ACLs (access control lists, on operating systems supporting them) and SELinux attributes (Linux). This feature is only compiled in if the required libraries and header files are present (e.g. on Linux the libacl/libattr development packages; in Debian these are named libacl1-dev, libattr1-dev).

[OPTIONAL] libz

Samhain can store the content of files in the baseline database (for files smaller than 9200 bytes after zlib compression). This feature is only available if the zlib library and header files are present (e.g. on Linux the libz development package; in Debian this is named zlib1g-dev).

[OPTIONAL] PCRE

Samhain can monitor logfiles of other applications, e.g. Syslog, Apache (or other webservers with similar log formats), Samba, or pacct (BSD-style process accounting). This extension requires the PCRE (Perl Compatible Regular Expressions) library, e.g. on linux the libpcre package (and for compiling, also the libpcre development package). In Debian, this would be libpcre3 and libpcre3-dev.

PrevHomeNext
Compiling and installingUpDownload and extract
MANUAL-2_3/command-line.html0000775000175000017500000002346312234446603015210 0ustar rainerrainer List of command line options
The Samhain Host Integrity Monitoring System
PrevNext

Appendix B. List of command line options

B.1. General

  1. -D, --daemon Run as daemon.

  2. --foreground Stay in the foreground, do not run as daemon.

  3. -f, --forever Loop forever, even if not daemon.

  4. --bind-address=<IP-Address> Use this IP address (i.e. interface) for outgoing connections (e.g. on multi-interface machines).

  5. --server-port=<port number> Connect to this port on the server (client-side option for client-server connection).

  6. -s <arg>, --set-syslog-severity=<arg> Set the severity threshold for syslog. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  7. -l <arg>, --set-log-severity=<arg> Set the severity threshold for logfile. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  8. -m <arg>, --set-mail-severity=<arg> Set the severity threshold for e-mail. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  9. --set-database-severity=<arg> Set the severity threshold for logging to a RDBMS. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  10. --set-prelude-severity=<arg> Set the severity threshold for logging to the Prelude IDS system. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  11. -p <arg>, --set-print-severity=<arg> Set the severity threshold for terminal/console. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  12. -x <arg>, --set-extern-severity=<arg> Set the severity threshold for external program(s). arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  13. -L <arg>, --verify-log=<arg> Verify the integrity of the log file and print the entries (arg is the path of the log file).

  14. -j, --just-list Modify -L to just list the logfile, rather than verify (to de-obfuscate the logfile if you have compiled for stealth mode). Order matters: this must come before -L.

  15. -M <arg>, --verify-mail=<arg> Verify the integrity of e-mailed messages (arg is the path of the mail box).

  16. -V <arg>, --add-key=<arg> Add key material to the compiled-in key (see Section 11.2>). arg must be of the form key@/path/to/executable. Output will be written to /path/to/executable.out.

  17. -H <arg>, --hash-string=<arg> Print the hash of a string / the checksum of a file, and exit. If arg starts with a '/', it is assumed to be a file, otherwise a string. This function is useful to test the hash algorithm.

  18. -z <arg>, --tracelevel=<arg> If compiled with --enable-debug: arg > 0 to switch on debug output. If compiled with --enable-trace: arg > 0 max. level for call tracing.

  19. -i <arg>, --milestone=<arg> If compiled with --enable-trace: trace from milestone arg to arg+1. If arg = -1, trace all.

  20. -d <arg>, --list-database=<arg> List the database file arg (use ``default'' for the compiled-in path).

  21. --list-file=<path> Modify -d to list the literal content of a file, if this has been stored. Order matters: this must come before -d.

  22. -a, --full-detail Modify -d to list full details (numeric mode, owner, group, all three timestamps (ctime, mtime, atime), and the checksum. Order matters: this must come before -d.

  23. --delimited Same as --full-detail, but with comma-delimited fields.

  24. -c, --copyright Print copyright information and exit.

  25. -v, --version Show version information and compiled-in options.

  26. -h, --help Print a short help on command line options and exit.

  27. --trace-enable Print a trace of the execution flow.

  28. --trace-logfile=<arg> Use file arg to log the trace.

PrevHomeNext
Paths samhain
MANUAL-2_3/kerneldef.html0000775000175000017500000003501712234446602014601 0ustar rainerrainer Detecting Kernel rootkits
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.10. Detecting Kernel rootkits

This option is currently supported for Linux on the ix86 and x86_64 architectures, kernel versions 2.6.x (ix86, x86_64), and 2.4.x (ix86), and for FreeBSD/x86 (tested on FreeBSD 4.6.2, FreeBSD 5) and OpenBSD/ix86 (tested with OpenBSD 3.8).

WarningWarning
 

It is incorrect to assume that disabling support for loadable kernel modules protects against runtime kernel modifications. It is possible to modify the kernel via /dev/kmem as well, if this device is present and writeable.

To use this facility, you need to compile with the option:

./configure --with-kcheck=/path/to/System.map (Linux), or

./configure --with-kcheck (FreeBSD/OpenBSD).

On Linux, System.map is a file (sometimes with the kernel version appended to its name) that is generated when the kernel is compiled, and is usually installed in the same directory as your kernel (e.g. /boot), or in the root directory. To find it, you can use: locate System.map

NoteLinux distributions without /dev/kmem
 

Many Linux distributions (including Ubuntu, RedHat, and Fedora) compile their kernels without support for the /dev/kmem device. However, the samhain kernel integrity check relies on information obtained from this device. To work around this problem, as of version 2.7.0, samhain provides a loadable kernel module samhain_kmem.ko which generates a file /proc/kmem that provides exactly the same information as /dev/kmem would. If the kernel module is required, you will be prompted to compile and install it - using the following commands - during the compilation of samhain. 

  sh$ make samhain_kmem.ko
  sh$ sudo insmod samhain_kmem.ko

NoteUpdating the kernel
 

On Linux, after installing a new kernel, you need to configure five (5) addresses (see configuration example below), otherwise the kernel check will not work anymore (samhain needs to know the new position of some objects within the kernel). As explained below, you can easily obtain the required values by grepping them from the System.map of your new kernel, which should normally be installed into the /boot directory, together with the kernel.

If you need the samhain_kmem.ko kernel module because your kernel does not support the /dev/kmem device, you will need to recompile this module for your new kernel as well.

NoteUsing the hiding kernel module
 

If you also use the option ./configure --enable-khide to use a kernel module to hide the presence of samhain, the first detected modification of the sys_getdents syscall (to list directories) will only cause a warning (rather than an error), as it is presumed to be caused by the samhain_hide LKM).

You should NOT initialize the database with the samhain_hide LKM loaded (doing so might result in the non-detection of a real rootkit if it also only modifies the sys_getdents syscall).

5.10.1. Configuration

This facility is configured in the Kernel section of the configuration file. 

  [Kernel]  
  # activate (0 for switching off) 
  KernelCheckActive=1
  # interval between checks (in seconds, default 300)
  KernelCheckInterval=20 
  # also check the interrupt descriptor table (linux, default TRUE)
  KernelCheckIDT=TRUE 
  # also check the PCI expansion ROM (linux, default TRUE)
  KernelCheckPCI=TRUE 
  # also check the proc filesystem integrity (linux, default TRUE)
  KernelCheckPROC=TRUE 
  # this is the severity (see section Section 4.1.1) 
  SeverityKernel=crit 
  #
  # Only needed for Linux, after installing a new kernel. You need the address
  # (first item in the grepped line), prefixed with '0x' to indicate
  # hexadecimal format.
  #
  # this is the address of system_call (grep system_call System.map) 
  KernelSystemCall = 0xc0106cf8
  #
  # this is the address of sys_call_table (grep ' sys_call_table' System.map) 
  KernelSyscallTable = 0xc01efb98
  #
  # this is the address of proc_root (grep ' proc_root$' System.map) 
  KernelProcRoot = 0xc01efb98
  #
  # this is the address of proc_root_inode_operations 
  # (grep proc_root_inode_operations System.map) 
  KernelProcRootIops = 0xc01efb98
  #
  # this is the address of proc_root_lookup
  # (grep proc_root_lookup System.map) 
  KernelProcRootLookup = 0xc01efb98

5.10.2. What is a kernel rootkit ?

A rootkit is a set of programs installed to "keep a backdoor open" after an intruder has obtained root access to a system. Usually such rootkits are very easy to install, and provide facilities to hide the intrusion (e.g. erase all traces from audit logs, install a modified 'ps' that will not list certain programs, etc.).

While "normal" rootkits can be detected with checksums on programs, like samhain does (the modified 'ps' would have a different checksum than the original one), this method can be subverted by rootkits that modify the kernel at runtime, either with a loadable kernel module (LKM), i.e. a module that is loaded into the kernel at runtime, or by writing to /dev/kmem (this allows to 'patch' a kernel on-the-fly even if the kernel has no LKM support).

Kernel rootkits can modify the action of kernel syscalls. From a users viewpoint, these syscalls are the lowest level of system functions, and provide access to filesystems, network connections, and other goodies. By modifying kernel syscalls, kernel rootkits can hide files, directories, processes, or network connections without modifying any system binaries. Obviously, checksums are useless in this situation.

5.10.3. Implemented integrity checks

When a system call (e.g. open() to open a file) is made by an application, the flow of control looks like this:

  1. An interrupt is triggered, and execution continues at the interrupt handler defined for that interrupt. On Linux, interrupt 80 is used.

    A rootkit could replace the kernels interrupt handler by an own function.

    Samhain checks the Interrupt Descriptor Table for modifications.

  2. The interrupt handler (named system_call() on Linux) looks up the address of the requested syscall in the syscall table, and executes a jump to the respective address.

    A rootkit may (a) modify the interrupt handler to use a (rootkit-supplied) different syscall table, or (b) modify the entries in the syscall table to point to the rootkits replacement functions.

    Samhain checks (a) the interrupt handler, and (b) the syscall table for modifications.

  3. The syscall function is executed, and control returns to the application.

    A rootkit may overwrite the syscall function to place a jump to its own replacement function at the start of the syscall function.

    Samhain checks the first few bytes of each syscall function for modifications.

In addition to these checks, Samhain will check the /proc inode to detect the adore-ng rootkit, which does not modify any syscall execution, but rather the VFS (Virtual File System) layer of the kernel.

On FreeBSD/OpenBSD, currently only the syscall table (2b) and the system call (3) are checked.

5.10.4. Error messages

Error messages start with 'POLICY KERNEL'. There are four types of them: (a) 'IDT' signifies modified interrupts: old and new address, segment, privilege level, and type are listed, (b) SYSCALL: modified syscall table/syscall code interrupt handler, and (c) SYS_GATE: modified interrupt handler for syscalls. (d) PROC: modified /proc system

If an empty slot in the interrupt descriptor table (old address zero) has been modified, this indicates that a new interrupt has been installed. This cannot modify the behaviour of user applications (which would not use that interrupt), but could be used by a dedicated (rootkit-supplied) application to perform some action (e.g. elevate privileges).

Likewise, if an empty slot in the syscall table (syscall name sys_ni_syscall/_nosys) has been modified, this cannot modify the behaviour of user applications, but again could be used by a dedicated (rootkit-supplied) application to perform some action.

NoteNote
 

As of version 1.8.4, kernel info is stored in the baseline database by (mis-)using fields that normally describe some properties of files. You may therefore find that error messages have info appended that looks like properties you would normally expect for a file (e.g. mtime, ctime, link_path ...). This is required for server-side database update (if you use samhain as client/server system).

PrevHomeNext
Checking the file system for SUID/SGID binariesUpMonitoring login/logout events
MANUAL-2_3/system-v-message-queue.html0000775000175000017500000000711412234446602017172 0ustar rainerrainer System V message queue
The Samhain Host Integrity Monitoring System
PrevChapter 7. Hooks for External ProgramsNext

7.2. System V message queue

It is possible to have a SystemV IPC message queue (which is definitely more elegant than named pipes) as additional 'console' device. You need to compile with --enable-message-queue=MODE and use the option MessageQueueActive=T/F.

The default mode is 0700 (rwx------), but this is a compile option (message queues are kernel-resident, but have access permissions like files). To get the System V IPC key for the message queue, use ftok("/tmp", '#'); (man ftok, man msgctl, man msgrcv). Note that not all systems support SysV IPC.

TipTip
 

There is a demo application (a GNOME panel applet) available on the download site that uses the message queue.

PrevHomeNext
Hooks for External ProgramsUpCalling external programs
MANUAL-2_3/docbook.css0000640000175000017500000000701712234446621014075 0ustar rainerrainer.BOOK .TITLE { text-align: center } .BOOK .SUBTITLE { text-align: center } .BOOK .CORPAUTHOR { text-align: center } .BOOK .AUTHOR { text-align: center } .BOOK .AFFILIATION { text-align: center } .BOOK .EDITEDBY { text-align: center } .BOOK .EDITOR { text-align: center } .BOOK .GRAPHIC { text-align: center } .ARTICLE .TITLE { text-align: center } .ARTICLE .SUBTITLE { text-align: center } .ARTICLE .CORPAUTHOR { text-align: center } .ARTICLE .AUTHOR { text-align: center } .ARTICLE .AFFILIATION { text-align: center } .ARTICLE .EDITEDBY { text-align: center } .ARTICLE .EDITOR { text-align: center } .ARTICLE .GRAPHIC { text-align: center } .ARTICLE .ABSTRACT { margin-left: 0.5in; margin-right: 0.5in; font-style: italic } html { background: #fff; color: #000; } body { background: #fff; color: #000; margin: 0 2em 0 2em; padding: 1em; font-family: serif; font-size: 1em; line-height: 1.2em; } pre.screen { background: #b6c5f2; color: #000; padding: 2px 2px 2px 2px; } pre.programlisting { background: #b6c5f2; color: #000; border-width: 1px; border-style: solid; border-color: #2d4488; } div.block { background: #b6c5f2; color: #000; margin: 1em; padding: 0 1em 0 1em; border-width: 1px; border-style: solid; border-color: #2d4488; } div.warnblock { background: #b6c5f2; color: #000; margin: 1em; padding: 0 1em 0 1em; border-width: 1px; border-style: solid; border-color: #FF9900; } div.NOTE { border-width: 1px; border-style: solid; border-color: #999999; -moz-border-radius: 9px; margin-bottom: 3px; } div.TIP { border-width: 1px; border-style: solid; border-color: #999999; -moz-border-radius: 9px; margin-bottom: 3px; } div.WARNING { border-width: 1px; border-style: solid; border-color: #FF9900; -moz-border-radius: 9px; margin-bottom: 3px; } table,tr,th,td { background: #fff; color: #000; } table.calstable { margin: 1em; } td.calstable { border-width: 1px 1px 1px 1px; background: #F8F8F8; color: #000; border-style: solid; border-color: #C0C0C0; } th.calstable { border-width: 1px 1px 1px 1px; background: #F8F8F8; color: #000; border-style: solid; border-color: #C0C0C0; } /* body text, headings, and rules */ p { margin: 0; text-indent: 0em; margin: 0 0 0.5em 0 } h1, h2, h3, h4, h5, h6 { color: #206020; background: transparent; font-family: Optima, Arial, Helvetica, sans-serif; font-weight: normal; } h1 { font-size: 1.69em; margin: 1.4em 0 0.4em 0; } h2 { font-size: 1.44em; margin: 1.4em 0 0.4em 0; } h3 { font-size: 1.21em; margin: 1.4em 0 0.4em 0; } h4 { font-size: 1.00em; margin: 1.4em 0 0.4em 0; } h5 { font-size: 0.81em; margin: 1.4em 0 0.4em 0; } h6 { font-size: 0.64em; margin: 1.4em 0 0.4em 0; } hr { color: transparent; background: transparent; height: 0px; margin: 0.6em 0; border-width: 1px ; border-style: solid; border-color: #999; } /* bulleted lists and definition lists */ ul { margin: 0 1em 0.6em 2em; padding: 0; } li { margin: 0.4em 0 0 0; } dl { margin: 0.6em 1em 0.6em 2em; } dt { color: #285577; } tt { /* color: #602020; */ color: #2d4488; } /* links */ a.link { color: #33c; background: transparent; text-decoration: none; } a:hover { color: #000; background: transparent; } body > a { font-family: Optima, Arial, Helvetica, sans-serif; font-size: 0.81em; } h1, h2, h3, h4, h5, h6 { color: #2d5588; background: transparent; font-family: Optima, Arial, Helvetica, sans-serif; font-weight: normal; } MANUAL-2_3/preludedetails.html0000775000175000017500000002046312234446601015646 0ustar rainerrainer Prelude
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.9. Prelude

NoteREQUIREMENTS
 

This facility requires that you have compiled with the --with-prelude option to include support for prelude. Of course you need the libprelude client library for this to work.

NoteNote
 

The following configuration options can only be used. They should be placed the [Misc] section of the configuration file, if you use them. The 'PreludeMapTo...' options do not affect in any way whether a message is reported by samhain to the prelude manager (for this there is 'PreludeSeverity' in the [Log] section); they only affect the 'Impact severity' shown on the prelude side.

PreludeProfile

PreludeProfile=profile_name

Specify the profile to use. The default is 'samhain'.

PreludeMapToInfo

PreludeMapToInfo=list of samhain severities

The severities that should be mapped to impact severity 'info' for prelude. (default: none).

PreludeMapToLow

PreludeMapToInfo=list of samhain severities

The severities that should be mapped to impact severity 'low' for prelude. (default: debug, info).

PreludeMapToMedium

PreludeMapToMedium=list of samhain severities

The severities that should be mapped to impact severity 'medium' for prelude. (default: notice, warn, err).

PreludeMapToHigh

PreludeMapToHigh=list of samhain severities

The severities that should be mapped to impact severity 'high' for prelude. (default: crit, alert).

4.9.1. Prelude-specific command-line options

The following prelude-specific command-line options are accepted:

  1. --prelude Prelude generic options are following. This option must be given before the following options are used.

  2. --profile <arg> Profile to use for this analyzer

  3. --heartbeat-interval <arg> Number of seconds between two heartbeats

  4. --server-addr <arg> Address where this sensor should report to (addr:port)

  5. --analyzer-name <arg> Name for this analyzer

4.9.2. Registering to a Prelude manager

TipSensor name/profile
 

The default sensor name/profile is 'samhain'. However, version 2.0.6 of samhain still had 'Samhain' For versions of samhain later than 2.0.6, there is an option PreludeProfile=profile (in the [Misc] section) to set a user-defined name/profile.

In order to register samhain as a Prelude sensor, you need to run on the sensor host and on the manager host the prelude-admin command.

sensor # prelude-admin register samhain "idmef:w admin:r" <manager host> --uid=prelude --gid=prelude

You now need to start "prelude-admin" registration-server on 127.0.0.1:
example: "prelude-admin registration-server prelude-manager"

Enter the one-shot password provided on 127.0.0.1: 
manager # prelude-admin registration-server prelude-manager

The "76g4h8au" password will be requested by "prelude-admin register"
in order to connect. Please remove the quotes before using it.

Generating 1024 bits Diffie-Hellman key for anonymous authentication...
Waiting for peers install request on 0.0.0.0:5553...
Waiting for peers install request on :::5553...

You now have to type in the one-shot password generated on "manager" at the password prompt on "sensor", (twice, for confirmation). Then on "manager" you will be asked to approve the registration. Type 'y', and you are finished.

The configuration file for the samhain sensor is /etc/prelude/profile/samhain/config

PrevHomeNext
ConsoleUpUsing samhain with nagios
MANUAL-2_3/enabling-logging-to-the-server.html0000775000175000017500000000641012234446602020542 0ustar rainerrainer Enabling logging to the server
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.4. Enabling logging to the server

If the client is properly registered with the server, all you need to do is to set an appropriate threshold for remote logging in the client's configuration file, and give the IP address of the server (if not already compiled in). Of course, the client must be compiled with the --enable-network=client switch.

Example for client configuration:

  [Log] 
  #  
  # Threshold for forwarding to the log server
  # 
  ExportSeverity=crit
  
  [Misc]  
  
  SetLogServer=IP address

Example for server configuration:

  [Clients] 
  #  
  # Register a client to allow it to connect
  # 
  Client=client.mydomain.com@salt@verifier
PrevHomeNext
Registering a clientUpEnabling baseline database / configuration file download from the server
MANUAL-2_3/checking-ports.html0000775000175000017500000001022012234446603015550 0ustar rainerrainer Checking for open ports
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.11. Checking for open ports

Section heading:

[PortCheck]

Entries:

PortCheckActive=boolean — 'true' to switch on, 'false' to switch off.

SeverityPortCheck=severity — Severity for events (default is crit).

PortCheckRequired=interface:portlist — Services (open ports) that are required.

PortCheckOptional=interface:portlist — Services (open ports) that are optional (allowed, but not required).

PortCheckIgnore=interface:portlist — Services (open ports) that should be ignored (no reports for this port).

PortCheckInterface=(list of) IP adress(es) — Additional interface to scan (up to 15 interfaces).

PortCheckInterval=seconds — Interval between checks (default 300).

PortCheckUDP=boolean — Whether to scan UDP ports as well (default yes).

PortCheckMinPort=integer — The lowest port to be checked (defaults to 0).

PortCheckMaxPort=integer — The highest port to be checked (defaults to 65535).

PrevHomeNext
Checking for hidden/fake/required processesUpLogfile monitoring/analysis
MANUAL-2_3/configuration-logserver.html0000775000175000017500000001074112234446601017513 0ustar rainerrainer Log server
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.6. Log server

Server address

SetLogServer=my.server.address

You have to specify the server address, unless it is already compiled in. It is possible to specify a second server that will be used as backup.

NoteNote
 

If you want to store the configuration file on the server, the server address must be compiled in.

Throughput throttling

SetThrottle=milliseconds

An option to throttle the throughput when downloading the database from the server. The allowed maximum of 1000 msec throttles to about 64 kB/sec, less throttle means higher throughput.

4.6.1. Details

During temporary connection failures, messages are stored in a FIFO queue in memory. The maximum number of stored messages is 128. After a connection failure, samhain will make the next attempt only after a deadtime that starts with 1 sec and doubles after each unsuccessful attempt (max is 2048 sec). A re-connection attempt is actually only made for the next message after the deadtime -- you should send timestamps (i.e. set the threshold to mark) to ensure re-connection attempts for failed connections.

It is possible to specify two log servers in the client configuration file. The first one will be used by default (primary), and the second one as fallback in case of a connection failure with the primary log server.

PrevHomeNext
Log fileUpExternal facilities
MANUAL-2_3/checking-for-kernel-module-rootkits.html0000775000175000017500000001055712234446603021621 0ustar rainerrainer Checking for kernel module rootkits
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.6. Checking for kernel module rootkits

Section heading:

[Kernel]

Entries:

KernelCheckActive=boolean — 'true' to switch on, 'false' to switch off.

KernelCheckInterval=seconds — Interval between checks.

KernelCheckIDT=boolean — Check the Interrupt Descriptor Table (linux, default true).

KernelCheckPCI=boolean — Check PCI expansion ROMs (linux, default true).

KernelCheckPROC=boolean — Check proc file system (3.0.11+, linux, default true).

SeverityKernel=severity — Severity for events.

KernelSystemCall = address — the address of system_call (grep system_call System.map)

KernelSyscallTable = address — the address of sys_call_table (grep ' sys_call_table' System.map)

KernelProcRoot = address — the address of proc_root (grep ' proc_root$' System.map)

KernelProcRootIops = address — the address of proc_root_inode_operations (grep proc_root_inode_operations System.map)

KernelProcRootLookup = address — the address of proc_root_lookup (grep proc_root_lookup System.map)

PrevHomeNext
Watching login/logout eventsUpChecking for SUID/SGID files
MANUAL-2_3/extern.html0000775000175000017500000000561112234446602014144 0ustar rainerrainer Hooks for External Programs
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 7. Hooks for External Programs

samhain provides several hooks for external programs for (re-)processing the audit trail, including pipes, a System V message queue, and the option to call external programs.

7.1. Pipes

It is possible to use named pipes as 'console' device(s) (samhain supports up to two console devices, both of which may be named pipes. You can set the device path at compile time (see Section A.5>), and/or in the configuration file (see Section 4.8>).

PrevHomeNext
Performance tuning System V message queue
MANUAL-2_3/all-except.html0000775000175000017500000001007112234446601014670 0ustar rainerrainer Excluding files and/or subdirectories (All except …)
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.5. Excluding files and/or subdirectories (All except …)

To exclude individual files from a directory, place them under the policy IgnoreAll. Note that the existence of such files will still be checked (see next section).

To exclude subdirectories from a directory, place them under the policy IgnoreAll with an individual recursion depth of -1 (see Section 5.4.5>).

NoteNote
 

Changes in a directory may also modify the directory inode itself (i.e. the special file that holds the directory information). If you want to check all but a few files in a directory (say, /etc), and you expect some of the excluded files to get modified, you should use a setup like:

  [ReadOnly] 
  #  
  dir=/etc
  # 
  [Attributes]  
  #  
  # less restrictive policy for the directory file itself
  #  
  file=/etc
  # 
  [IgnoreAll]  
  #  
  # exclude these file and directories
  # 
  file=/etc/resolv.conf.save
  dir=-1/etc/calendar
  #

PrevHomeNext
Defining file check policies: what, and how, to monitorUpTiming file checks
MANUAL-2_3/sqldetails.html0000775000175000017500000003175512234446601015013 0ustar rainerrainer SQL Database
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.12. SQL Database

NoteRequirements
 

This facility requires that you have compiled with the --enable-xml-log option to format log messages in XML (also for the client, even if you do SQL logging on the server), and of course with the --with-database=XXX option (where 'XXX' may be any of: mysql, postgresql, oracle, or odbc).

If you are using the MessageHeader directive in the configuration file for a user-defined message header, make sure that the log messages are still valid XML, and that all the default entities are still present.

Currently MySQL, PostgreSQL, and Oracle are implemented and tested. Support for unixODBC is implemented, but not fully tested. If the header file 'mysql.h' ('libpq-fe.h') is not found during compilation ('mysql.h: No such file or directory'), you can use the option --with-cflags=-I/dir/where/mysql.h/is. If the library libmysqlclient.a (libpq.a) is not found ('/usr/bin/ld: cannot find -lmysqlclient'), you can use the option --with-libs=-L/dir/where/libmysqlclient.a/is.

NoteNote
 

PostgreSQL may fail with --enable-static. This is a postgresql bug.

By default, the database server is assumed to be on localhost, the db name is 'samhain', the db table is 'log', and inserting is possible for any user without password. To create the database/table with the required columns, the distribution includes the scripts 'samhain.mysql.init', 'samhain.postgres.init', and 'samhain.oracle.init'. E.g., for PostgreSQL you would setup the database like: 

      $ su postgres
      $ createdb samhain
      $ createuser -P samhain
      Enter password for new role: 
      Enter it again: 
      Shall the new role be a superuser? (y/n) n
      Shall the new role be allowed to create databases? (y/n) n
      Shall the new role be allowed to create more new roles? (y/n) n
      $ psql -d samhain < samhain.postgres.init
      $ exit

… and for MySQL: 

      $ mysql -p -u root < samhain.mysql.init
      $ mysql -p -u root
      > GRANT SELECT,INSERT ON samhain.log TO 'samhain'@'localhost';
      > SET PASSWORD for 'samhain'@'localhost' = PASSWORD('...');
      > FLUSH PRIVILEGES;

NotePermissions
 

The PostgreSQL init script will grant INSERT permission only to a user 'samhain'. Please take note that for PostgreSQL, inserting also requires SELECT and UPDATE permission for the sequence 'log_log_index_seq' (see bottom of init script). The MySQL init script will create the database, but not the user, and will not grant any permissions.

As with all logging facilities, logging to the SQL database must be enabled in the configuration file by setting an appropriate threshold, e.g.: 

 
  [Log]
  DatabaseSeverity=warn

In the Database section of the configuration file, you can modify the defaults via the following directives: 

 
  [Database]
  SetDBName=db_name 
  SetDBTable=db_table
  SetDBHost=db_host 
  SetDBUser=db_user 
  SetDBPassword=db_password
  UsePersistent=yes/no

The default is to use a persistent connection to the database. You can change this with UsePersistent=no

NoteNote re. PostgreSQL
 

For PostgreSQL, db_host must be a numerical IP address.

When logging client messages, yule will wrap them into a server <log sev=''RCVT'' tstamp=… > … </log> message. The parser will then create a separate database entry for this server timestamp. If you don't like this, you can use the option SetDBServerTstamp=false.

The table field 'log_ref' is NULL for client messages, 0 for server messages, and equal to 'log_index' of the client message for the aforementioned server timestamp of a client message.

Log records can be tagged via a special (indexed) table field 'log_hash', which is the MD5 checksum of (the concatenation of) any fields registered with AddToDBHash=field. The beltane web-based console can use these tags to filter messages. There is no default set of fields over which the MD5 hash is computed, so by default the tag is equal for all rows.

TipTip
 

For security, you may want to set up a user/password for insertion into the db. However, as the password is in cleartext in the config file (and the connection to the db server is not encrypted), for remote logging this facility is less secure than samhain's own client/server system (it is recommended to run the db server on the log host and have the log server, i.e. yule, log to the db).

4.12.1. Upgrade to samhain 2.3

Version 2.3 of Samhain supports checking of SELinux attributes and/or Posix ACLs. For backward compatibility, this is off by default. If you upgrade Samhain and enable this option, you need to update the database scheme as follows:

Mysql: 

 
        ALTER TABLE samhain.log ADD COLUMN acl_old BLOB;
        ALTER TABLE samhain.log ADD COLUMN acl_new BLOB;

PostgreSQL: 

 
        ALTER TABLE samhain.log ADD COLUMN acl_old TEXT;
        ALTER TABLE samhain.log ADD COLUMN acl_new TEXT;

Oracle: 

 
        ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000);
        ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000);
        DROP TRIGGER trigger_on_log;

4.12.2. Upgrade to samhain 2.4.4

Version 2.4.4 of Samhain supports storing the content of files. If you have created your Oracle database using the database scheme from a previous version, you need to change at least the 'link_old' and 'link_new' columns from VARCHAR2 to CLOB: 

 
      ALTER TABLE samhain.log ADD tmp_name CLOB;
      UPDATE samhain.log SET tmp_name=link_old;
      ALTER TABLE samhain.log DROP COLUMN link_old;
      ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_old;

      ALTER TABLE samhain.log ADD tmp_name CLOB;
      UPDATE samhain.log SET tmp_name=link_new;
      ALTER TABLE samhain.log DROP COLUMN link_new;
      ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_new;

4.12.3. MySQL configuration details

To pass the location of the MySQL Unix domain socket (for connections on localhost) to samhain, you can use the environment variable MYSQL_UNIX_PORT (the value must be the path of the socket).

Alternatively, as of samhain version 2.2, you can set options for the group "samhain" in my.cnf. See the MySQL manual for the proper syntax of the my.cnf file, as well as for possible options.

NoteNote
 

It is not possible for an application (like e.g. samhain) to detect whether my.cnf is readable (because the application does not know where the file resides). Interesting errors may result...

PrevHomeNext
SyslogUpConfiguring samhain, the host integrity monitor
MANUAL-2_3/configfacility.html0000775000175000017500000001167412234446601015636 0ustar rainerrainer Available logging facilities
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.2. Available logging facilities

samhain supports the following facilities for logging:

  • e-mailsamhain uses built-in SMTP code, rather than an external mailer program. E-mails are signed to prevent forging.

  • syslog — The system logging utility.

  • console — If running as daemon, /dev/console is used, otherwise stderr. /dev/console can be replaced by other devices, including a FIFO.

  • log file — Entries are signed to provide tamper-resistance.

  • log serversamhain uses TCP/IP with strong authentication and signed and encrypted messages.

  • externalsamhain can be configured to invoke external programs for logging and/or taking some action upon certain conditions.

  • SQL db — Currently samhain supports MySQL, PostgreSQL, Oracle, and unixODBC.

  • Preludesamhain can be compiled with support for the Prelude IDS, i.e. it can be used as a Prelude sensor.

Each of these logging facilities has to be activated by setting an appropriate threshold on the messages to be logged by this facility.

NoteNote
 

In addition, some of these facilities require proper settings in the configuration file (see next sections).

PrevHomeNext
Configuration of logging facilitiesUpActivating logging facilities and filtering messages
MANUAL-2_3/checking-processes.html0000775000175000017500000000767712234446603016435 0ustar rainerrainer Checking for hidden/fake/required processes
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.10. Checking for hidden/fake/required processes

Section heading:

[ProcessCheck]

Entries:

ProcessCheckActive=boolean — 'true' to switch on, 'false' to switch off.

SeverityProcessCheck=severity — Severity for events (default is crit).

ProcessCheckMinPID=integer — Minimum PID (default is 0).

ProcessCheckMaxPID=integer — Maximum PID (default is 32767).

ProcessCheckInterval=seconds — Interval between checks.

ProcessCheckExists=POSIX regular expression — A process that is required to run. Must match a substring in a line of the 'ps' output.

ProcessCheckPSPath=path — The path to ps (default: autodetected at compile time).

ProcessCheckPSArg=path — The argument to ps (default: autodetected at compile time). Note that the first column must be the PID, except on Linux, where the format 'PID SPID ...' is expected (spid = thread id), as shown by 'ps -eT'.

PrevHomeNext
Checking for user filesUpChecking for open ports
MANUAL-2_3/usage.html0000775000175000017500000000745112234446601013746 0ustar rainerrainer General usage notes
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 3. General usage notes

3.1. How to invoke

From the command line

  • samhain -t init [more options] — To initialize the database

  • samhain -t check [more options] — To check against the database

By default, samhain will not become a daemon, but stay in the foreground. Daemon mode must be set in the configuration file or on the command line. Also by default, samhain will neither initialize its file system database nor check the file system against it. The desired mode must be set in the configuration file or on the command line. A complete list of command line options is given in the appendix.

To start as daemon during the boot sequence

For Linux (Debian, Redhat, Gentoo, and SuSE), *BSD, Solaris, HP-UX, AIX, IRIX make install-boot will setup your system for starting the daemon upon system boot (if the correct OS/distribution cannot be determined, nothing will be done).

For any other system, you need to figure out by yourself how to start samhain during the boot sequence.

PrevHomeNext
The testsuite Using daemontool (or similar utilities)
MANUAL-2_3/installation-configure.html0000775000175000017500000002245212234446600017317 0ustar rainerrainer Configuring the source
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.4. Configuring the source

Before you can start to compile, it is neccessary to configure the source for your particular platform and your personal requirements. This is done by running the configure in the source directory. If you type ./configure with no options, the source will get configured with the default options. In particular, a standalone version of samhain will get built which uses the Filesystem Hierarchy Standard (FHS) for file/directory layout. This is not the standard GNU layout of 'everything under /usr/local'.

TipPaths
 

(A) samhain is a Filesystem Hierarchy Standard (FHS) compliant application. Thus the default directory layout is not the standard GNU layout (see Section 2.10>).

(B) samhain has a concept of trusted users, and will refuse to run if the path to critical files is writeable by users not in its list of trusted users (default: root, and the user who has started samhain). Please read Section 2.10.1> for details.

To change the defaults, ./configure accepts a variety of command-line options and environment variables (use ./configure --help for a complete list). The available command line options are listed and explained in Appendix A>.

To configure a standalone version of samhain: 

sh$ ./configure [more options]

NoteImportant remark on client/server use
 

Please read Chapter 6> if you intend to use samhain as a client/server system. Things will not work automagically just because you compiled a client and a server version of samhain. In particular, clients need to authenticate themselves to the server, and special configure options are required if you want to keep the configuration file(s) and the baseline database(s) on the central server.

To configure a client version of samhain that can connect to a central server: 

sh$ ./configure --enable-network=client [more options]

To configure a server version of samhain that will act as a central log server: 

sh$ ./configure --enable-network=server [more options]

2.4.1. Some more configuration options

If you want to use any options/modules that are not enabled by default (e.g. because the majority of users do not require them, or because they require additional programs and/or libraries), at this point you need to specify such options:

  • To compile in the module to check for SUID files (see Section 5.9>) use ./configure --enable-suidcheck

  • To compile in the module to detect kernel modifications/rootkits (see Section 5.10>) use ./configure --with-kcheck=/path/to/System.map

  • To compile in the module to monitor login/logout events (see Section 5.11>) use ./configure --enable-login-watch

  • To compile in the module to check mount options for mounted filesystems (see Section 5.12>) use ./configure --enable-mounts-check

  • To compile in the module to specify files relative to user home directories (see Section 5.13>) use ./configure --enable-userfiles

  • To compile in code for logging to an RDMS, (see Section 4.12>) use ./configure --enable-xml-log --with-database=oracle/mysql/postgresql

  • To compile in code for logging to the Prelude IDS, (see Section 4.9>) use ./configure --with-prelude

  • To use PGP-signed configuration files, (see Chapter 8>) use ./configure --with-gpg=/path/to/gpg. Please review Chapter 8> for further information and additional options to compile in the key fingerprint and/or the checksum of the gpg executable.

  • To compile samhain for use of the 'stealth' options to hide its presence, please review Chapter 9> for the available options.

  • To configure a server version of samhain that will act as a central log server, use ./configure --enable-network=server

  • To configure a client version of samhain that can connect to a central server, use ./configure --enable-network=client. Please refer to the chapter Chapter 6 for an explanation of the client/server setup, in particular further options that you need if you want to store configuration files and baseline databases on the server (see Section 6.5>).

PrevHomeNext
Download and extractUpBuild
MANUAL-2_3/clients.html0000775000175000017500000001517212234446602014303 0ustar rainerrainer Registering a client
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.3. Registering a client

Clients must be registered with yule to make a connection. Connection attempts by unknown clients will be rejected. The respective section in the server configuration file looks like:

  [Clients]  
  #  
  # A client 
  # 
  Client=HOSTNAME_CLIENT1@salt1@verifier1 
  #  
  # another one
  # 
  Client=HOSTNAME_CLIENT2@salt2@verifier2 
  #

These entries have to be computed in the following way:

  1. Choose a password (16 chars hexadecimal, i.e. only 0 -- 9, a -- f, A -- F allowed. To generate a random password, you may use: 

            sh$ yule --gen-password

  2. Use the program samhain_setpwd to reset the password in the compiled client binary (that is, samhain, not yule) to the one you have chosen. samhain_setpwd takes three arguments: (1) the binary name, (2) an extension to append to the new binary, and (3) the password. It will read the executable binary (argument 1), insert the password (argument 3), and write a modified binary with the specified extension (argument 2). Run samhain_setpwd without arguments for usage information. Example: 

            sh$ samhain_setpwd samhain EXT 0123456789ABCDEF

  3. Use the server's convenience function '-P' to create a registration entry. Example: 

            sh$ yule -P 0123456789ABCDEF

  4. The output will look like:

    Client=HOSTNAME@salt@verifier

    You now have to replace HOSTNAME with the fully qualified domain name of the host on which the client should run (exception: if the server cannot determine the fully qualified hostname, you may need to use the numerical address instead. You will see the problem in a 'Connection refused' message from the server).

  5. Put the registration entry into the servers's configuration file, under the section heading [Clients] (see Section 6.3>). You need to send SIGHUP to the server for the new entry to take effect.

  6. Repeat steps (1) -- (5) for any number of clients you need (actually, you need a registration entry for each client's host, but you don't neccesarily need different passwords for each client. I.e. you may skip steps (1) -- (3)).

If you have a default directory layout, a [Clients] section right at the end of the server config file, and your client is client.mydomain.com, then you could e.g. do:

bash$ PASSWD=`yule --gen-password`
bash$ samhain_setpwd samhain new $PASSWD
bash$ scp samhain.new  root@client.mydomain.com:/usr/local/sbin/samhain
bash$ ENTRY=`yule -P $PASSWD | sed s%HOSTNAME%client.mydomain.com%`
bash$ echo $ENTRY >> /etc/yulerc
bash$ kill -HUP `cat /var/run/yule.pid`

PrevHomeNext
Important installation notesUpEnabling logging to the server
MANUAL-2_3/droproot.html0000775000175000017500000001364612234446602014516 0ustar rainerrainer Important installation notes
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.2. Important installation notes

As of version 1.7.0, yule will always drop root privileges after startup and initialization. You can use a privileged port (port number below 1024), because setting up the listening socket will occur as long as yule still has root privileges.

There are some special considerations that need to be taken into account when setting up an installation of yule. In particular:

The unprivileged user

By default, configure will check (in this order) for the existance of a user yule, daemon, or nobody, and use the first match.

You can override this with the option configure --enable-identity=user. The user does not need to exist already; the install script knows how to create a new user (on Linux, FreeBSD, NetBSD, Solaris, HP-UX, OSF1).

After successful installation, you will be asked to run make install-user in order to: (i) create the user that you specified to configure if it does not exist already (make install-user will check for this), and (ii) chown/chmod some directories.

After running make install and make install-user, you should have a sane setup.

Logfile directory

The system logfile directory usually requires root privileges to write there (otherwise log files may easily get corrupted ...). To enable yule to write the log file and the HTML status file, a (sub-)directory should be used that is owned by yule. The configure script and the Makefile will do that automatically with the default layout (i.e. a directory /var/log/yule will be created).

Data files

The data file directory is now owned by root and world readable by default. If you chown it to a suitable group for the unprivileged yule user, you can make it group readable only. Note that it is not required, and weakens the security, if the data file directory is writeable for the server.

GnuPG signed configuration file

The unprivileged yule user must have a .gnupg subdirectory in its home directory, holding the public keyring with the key to verify the signature.

PID file

The PID file is written with before dropping root privileges. Therefore yule will not be able to overwrite it later (which is a GoodThing), or remove it upon exit (it will usually be able to recognize and handle a stale PID file on startup). Still, it may be a good idea to remove it after stopping yule. The provided start/stop scripts for various architectures will handle this.

PrevHomeNext
Configuring yule, the log serverUpRegistering a client
MANUAL-2_3/client-integrity.html0000775000175000017500000000617512234446603016140 0ustar rainerrainer Client executable integrity
The Samhain Host Integrity Monitoring System
PrevChapter 11. Security DesignNext

11.3. Client executable integrity

If you use samhain in a client/server setup, the client needs to authenticate to the server using a password that is located within the client executable, at one of several possible places (where the valid place for your particular build is chosen at random at compile time). If the password is set, the alternative places are filled with random values.

Upon authentication to the server, client and server negotiate ephemeral keys for signing and encrypting further communication.

This implies that an intruder needs to analyse the running process to obtain knowledge of the signing/encryption keys in order to successfully fake a valid communication with the server, or she needs to analyse/disassemble the executable in order to find the password.

PrevHomeNext
Integrity of the samhain executableUpThe server
MANUAL-2_3/thresholds.html0000775000175000017500000002020112234446601015005 0ustar rainerrainer Activating logging facilities and filtering messages
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.3. Activating logging facilities and filtering messages

All messages have a severity level (see Section 4.1.1>) and a class (see Section 4.1.2>), with somewhat orthogonal meaning:

The severity ranks messages with respect to their importance. Most events (e.g. timestamps, internal errors, program startup/exit) have fixed severities. However, as importance sometimes is a matter of taste, some events have configurable severities (see Section 4.1>).

Classes refer to the purpose/category of a message. As such, they should (ideally) be useful to exclude messages that are not interesting in some context (e.g. startup/stop messages may seem useless noise if samhain is run from cron).

Obviously, as severity is a rank, the most natural way to exclude unwanted messages is to set a threshold. On the other hand, as the message class is a category, the most natural way to exclude messages is to list those message classes that you want.

Messages are only logged to a log facility if their severity is at least as high as the threshold of that facility, and their class is one of those wanted (by default: all). Thresholds and class lists can be specified individually for each facility.

TipSwitching on/off
 

Most log facilities are off by default, and need to be enabled by setting an appropriate threshold.

A threshold of none switches off the respective facility.

TipLogging of client messages by the server
 

By default, messages received by the server are treated specially, and are always logged to the logfile, and never to mail or syslog. If you don't like that, use the option UseClientSeverity=yes (section [Misc]).

Thresholds and class lists are set in the Log section of the configuration file. For each threshold option FacilitySeverity there is also a corresponding option FacilityClass to limit that facility to messages within a given set of class. The argument must be a list of valid message classes, separated by space or comma.

Actually, the FacilitySeverity can take a list of severities with optional specifiers '*', '!', or '=', which are interpreted as 'all', 'excluding', and 'only', respectively. Examples: specifying '*' is equal to specify 'debug'; specifying '!*' is equal to specifying 'none'; 'info,!crit' is the range from 'info' to 'err' (excluding crit and above); and 'info,!=err' is info and above, but excluding (only) 'err'. This is the same scheme as used by the Linux syslogd (see man 5 syslogd).

System calls: certain system calls (execve, utime, unlink, dup (+ dup2), chdir, open, kill, exit (+ _exit), fork, setuid, setgid, pipe) can be logged (only to console and syslog). You can determine the set of system calls to log via the option LogCalls=call1, call2, .... By default, this is off (nothing is logged). The priority is notice, and the class is AUD.

Example:

  [Log]  
  #  
  # Threshold for E-mails (none = switched off)
  # 
  MailSeverity=none  
  #  
  # Threshold for log file 
  # 
  LogSeverity=err 
  LogClass=RUN FIL STAMP 
  #  
  # Threshold for console 
  # 
  PrintSeverity=info
  #  
  # Threshold for syslog (none = switched off)
  # 
  SyslogSeverity=none 
  #  
  # Threshold for logging to Prelude (none = switched off)
  # 
  PreludeSeverity=none 
  #  
  # Threshold for forwarding to the log server
  # 
  ExportSeverity=crit 
  #  
  # Threshold for invoking an external program
  # 
  ExternalSeverity=crit
  #  
  # Threshold for logging to a SQL database
  # 
  DatabaseSeverity=err
  #  
  # System calls to log
  # 
  LogCalls=open, kill
PrevHomeNext
Available logging facilitiesUpE-mail
MANUAL-2_3/external.html0000775000175000017500000001032612234446603014461 0ustar rainerrainer External
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.15. External

Definition of an arbitrary number of external programs/scripts (see Chapter 7>). Section heading:

[External]

Entries:

OpenCommand=/full/path/to/program — Starts new command definition.

CloseCommand — Ends new command definition (optional syntactic sugar).

SetType=log/srv — Type/purpose of the program.

SetCommandline=list — The command line.

SetEnviron=KEY=value — Environment variable (can be repeated).

SetChecksum=TIGER checksum — Checksum of the program.

SetCredentials=username — User whose credentials shall be used.

SetFilterNot=list — Regular expression patterns not allowed in message.

SetFilterAnd=list — Regular expression patterns required (ALL) in message.

SetFilterOr=list — Regular expression patterns required (at least one) in message.

SetDeadtime=seconds — Deadtime between consecutive calls.

SetDefault=boolean — Set default environment (HOME from /etc/passwd, SHELL=/bin/sh, PATH=/sbin:/usr/sbin:/bin:/usr/bin).

PrevHomeNext
MiscellaneousUpClients
MANUAL-2_3/file-monitor.html0000775000175000017500000001513412234446602015244 0ustar rainerrainer Configuring samhain, the host integrity monitor
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 5. Configuring samhain, the host integrity monitor

The samhain file monitor checks the integrity of files by comparing them against a database of file signatures, and notify the user of inconsistencies. The level of logging is configurable, and several logging facilities are provided.

samhain can be used as a client that forwards messages to the server part (yule) of the samhain system, or as a standalone program (for single hosts).

samhain can be run as a background process (i.e. a daemon), or it can be started at regular intervals by cron.

TipTip
 

It is recommended to run samhain as daemon, because

  • samhain can remember file changes, thus while running as a a daemon, it will not bother you with repetitive messages about the same problem, and

  • using cron opens up a security hole, because between consecutive invocations the executable could get modified or replaced by a rogue program.

5.1. Usage overview

To use samhain, the following steps must be followed:

  1. The configuration file must be prepared (Section 5.4>, Section 4.1>, and Section 5.11> for details).

    • All files and directories that you want to monitor must be listed. Wildcard patterns are supported.

    • The policies for monitoring them (i.e. which modifications are allowed and which not) must be chosen.

    • Optionally, the severity of a policy violation can be selected.

    • The logging facilities must be chosen, and the threshold level of logging should be defined To activate a logging facility, its threshold level must be different from none.

    • Eventually, the address of the e-mail recepient and/or the IP address of the log server must be given.

  2. The database must be initialized. If it already exists, it should be deleted (samhain will not overwrite, but append), or update instead of init should be used:

    samhain -t init|update

  3. Start samhain in check mode. Either select this mode in the configuration file, or use the command line option:

    samhain -t check

    To run samhain as a background process, use the command line option

    samhain -D -t check

PrevHomeNext
SQL Database Available checksum functions
MANUAL-2_3/installation-initialize.html0000775000175000017500000001022112234446600017466 0ustar rainerrainer Initialize the baseline database
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.8. Initialize the baseline database

samhain works by comparing the present state of the filesystem agains a baseline database. Of course, this baseline database must be initialized first (and preferably from a known good state !). To perform the initialization (i.e. create the baseline database), type:

sh$ samhain -t init -p info

(with -p info, messages of severity 'info' or higher will be printed to your terminal/console).

If the database file already exists, samhain -t init will append to it. This is a feature that is intended to help you operating samhain in a slightly more stealthy way: you can append the database e.g. to a JPEG picture (and the picture will still display normally - JPEG ignores appended 'garbage').

NoteNote:
 

It is usually an error to run samhain -t init twice, because (a) it will append a second baseline database to the existing one, and (b) only the first baseline database will be used. Use samhain -t update for updating the baseline database. Delete or rename the baseline database file if you really want to run samhain -t init a second time.

PrevHomeNext
CustomizeUpRun samhain
MANUAL-2_3/trustedexample.html0000775000175000017500000002177712234446601015717 0ustar rainerrainer Log file
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.5. Log file

Trusted users

TrustedUser=username

If some element in the path to the log file is writeable by someone else than root or the effective user of the process, you have to include that user in the list of trusted users (unless their UIDs are already compiled in).

Separate log files for clients

UseSeparateLogs=yes/no

Only relevant on the server. Use a separate log file for (reports from) each client. The root name of these log files will be the same as the main log file, with the client name appended.

4.5.1. The log file and its integrity

The log file is named samhain_log by default, and placed into /var/log by default (name and location can be configured at compile time). If samhain has been compiled with the ./configure --enable-xml-log option, it will be written in XML format.

NoteNote
 

If you have compiled for stealth (Chapter 9>), you won't see much, because if obfuscated, then both a 'normal' and an XML logfile look, well ... obfuscated. Use samhain -jL /path/to/logfile to view the logfile.

The log file is created if it does not exist, and locked by creating a lock file, which has the same path as the logfile, with a ".lock" appended. The lock file holds the PID of the process, which allows samhain to recognize and remove a stale lock if there is no process with that PID.

On the log server, it is possible to use separate log files for individual clients. This can be enabled with UseSeparateLogs=yes/no in the Misc section of the server configuration file. No locking will be performed for client files (only one instance of the server can listen on the TCP port, thus there will be no concurrent access).

The directory where the logfile and its lock file are located must be writeable only by trusted users (see Section 2.10.1>). This requirement refers to the complete path, i.e. all directories therein. By default, only root and the effective user of the process are trusted.

Audit trails (sequences of messages from individual runs of samhain) in the log file start with a [SOF] marker. Each message is followed by a signature, that is formed by hashing the message with a key.

The first key is generated at random, and sent by e-mail, encrypted with a one-time pad as described in the previous section on e-mail. Further keys are generated by a hash chain (i.e. the key is hashed to generate the next key). Thus, only by knowing the initial key the integrity of the log file can be assured.

The mail with the key looks like: 

  -----BEGIN MESSAGE-----  
  message    
  -----BEGIN LOGKEY----- 
  Key(48 chars)[timestamp]     
  -----BEGIN SIGNATURE----- 
  signature
  ID TRAIL_ID:hostname 
  -----END MESSAGE-----

TipIntegrity verification
 

To verify the log file's integrity, a convenience function is provided:

samhain -L /log/file/path

When encountering the start of an audit trail, you will then be asked for the key (as sent to you by e-mail). You can then: (i) hit return to skip signature verification, (ii) enter the key (without the appended timestamp), or (iii) enter the path to a file that contains the key (e.g. the mail box).

If you use option (iii), the path must be an absolute path (starting with a '/', not longer than 48 chars. For each audit trail, the file must contain a two-line block with the -----BEGIN LOGKEY----- line followed by the line (Key(48 chars)[timestamp]) from the mail. Additional lines before/after any such two-line block are ignored (in particular, if you collect all e-mails from samhain in a mailbox file, you can simply specify the path to that mailbox file).

WarningCAVEATS
 

Verification will fail, if the compiled-in key of the verifying executable is different from the one that generated the message(s) (see Section 11.2>).

If you use a pre-compiled executable from some binary distribution, be sure to read Section 11.2> carefully.

PrevHomeNext
E-mailUpLog server
MANUAL-2_3/checking-userfiles.html0000775000175000017500000000636712234446603016423 0ustar rainerrainer Checking for user files
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.9. Checking for user files

Section heading:

[UserFiles]

Entries:

UserfilesActive=boolean — '1' to switch on, '0' to switch off.

UserfilesName=filename policy — Files to check for under each $HOME. Allowed values for 'policy' are: allignore, attributes, logfiles, loggrow, noignore (default), readonly, user0, user1, user2, user3, and user4.

UserfilesCheckUids=uid list — A list of UIDs where we want to check. The default is all. Ranges (e.g. 100-500) are allowed. If there is an open range (e.g. 1000-), it must be last in the list.

PrevHomeNext
Checking for mount optionsUpChecking for hidden/fake/required processes
MANUAL-2_3/sys-db-fields.html0000775000175000017500000000536012234446603015306 0ustar rainerrainer Syslog
The Samhain Host Integrity Monitoring System
PrevAppendix D. List of database fieldsNext

D.3. Syslog

ip

IP of remote host received syslog reports. Also used in the login/logout watch module (see above).

facility

Syslog facility for received syslog reports.

priority

Syslog priority for received syslog reports.

syslog_msg

Syslog message for received syslog reports.

PrevHomeNext
ModulesUpList of recognized file types
MANUAL-2_3/support.html0000775000175000017500000001421212234446601014347 0ustar rainerrainer Support / Bugs / Problems
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.11. Support / Bugs / Problems

If you have problems getting samhain to run, or think that you have encountered a bug, then please check the FAQ first.

If your problem is not anwered there, you can visit the user forum (which is searchable, by the way) and ask there for help (recommended for questions of probably general interest), or send email to .

Please remember that a useful problem report should at least include the following three items:

  • What did you do?

  • What result did you expect?

  • What result did you obtain instead?

Please be sure to provide relevant details, such as:

  • your operating system, its release version, and the machine (uname -srm).

  • your operating system, its release version, and the machine (uname -srm).

  • the version of samhain that you are using, and the options that you have supplied to configure,

  • the command line options used to start samhain, and

  • the samhainrc runtime configuration file.

  • If you think you have encountered a bug, it is usually very helpful if you run samhain in the foreground (i.e. not as daemon) with the command line switch -p debug to get some more information about the problem.

    It would be even more helpful if you first re-compile samhain with configure --enable-debug, and then run it with the command line switch -p debug (again, not as daemon, but in the foreground).

    Please compress the output using gzip, and send it as attachment to .

3.11.1. If samhain appears to hang indefinitely

If you have the impression that samhain hangs indefinitely, this could be due to a deadlock caused by some rare circumstance (it is not possible to fully test all possible configurations of samhain).

The most useful thing to do then is to recompile samhain with --enable-debug=gdb, start it in the foreground under the control of the gdb debugger, and get a backtrace as soon as it seems to hang: 

    bash$ gdb ./samhain
    (gdb) run -t check -p info --foreground --forever
    (samhain output)
    [Ctrl-C]
    (gdb) thread apply all backtrace
PrevHomeNext
Remarks on the dnmalloc allocatorUpConfiguration of logging facilities
MANUAL-2_3/database-configuration-file-download.html0000775000175000017500000002310112234446602021764 0ustar rainerrainer Enabling baseline database / configuration file download from the server
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.5. Enabling baseline database / configuration file download from the server

A significant advantage of samhain is the option to store baseline databases and configuration files on the central log server (yule), from where they can be downloaded by clients upons startup. In order to use this option, clients must be configured to retrieve these files from the server rather than from the local filesystem.

TipTip
 

Obviously, retrieving the configuration file from the log server requires that the IP address of the log server is compiled in, using the option ./configure --with-logserver=HOST.

Downloaded files are written to a temporary file that is created in the home directory of the effective user (usually root. The filename is chosen at random, the file is opened for writing after checking that it does not exist already, and immediately thereafter unlinked. Thus the name of the file will be deleted from the filesystem, but the file itself will remain in existence until the file descriptor referring it is closed (see man unlink), or the process exits (on exit, all open file descriptors belonging to the process are closed).

6.5.1. Configuration file

If the compiled-in path to the configuration file begins with the special value ``REQ_FROM_SERVER'', the client will request to download the configuration file from yule (i.e. from the server).

If ``REQ_FROM_SERVER'' is followed by a path, the client will use the path following ``REQ_FROM_SERVER'' as a fallback if (and only if) it is initializing the database. This is a convenience feature to allow initializing the database(s) before the client is registered with the server.

Example: ./configure --with-config-file=REQ_FROM_SERVER/etc/conf.samhain In this case, the client will request to download the configuration file from the server. If the connection to the server fails, it will exit on error if run in 'check' mode, but fallback to /etc/conf.samhain as its configuration file, if run in 'init' mode.

NoteNote
 

For obvious security reasons, the client cannot specify the path to the configuration file on the server side. The server will lookup the configuration file using only the hostname of the client and the compiled-in path for the 'localstatedir' (see below). The default for 'localstatedir' is /var.

The server will search for the configuration file to send in the following order of priority (paths are explained in Section A.5>). CLIENTNAME is the hostname of the client's host, as listed in the server's config file in the Clients section:

  1. localstatedir/lib/yule/rc.CLIENTNAME

  2. localstatedir/lib/yule/rc

6.5.2. Database file

If the compiled-in path to the database file begins with the special value ``REQ_FROM_SERVER'', the client will request to download the database file from yule (i.e. from the server).

WarningCAVEAT
 

``REQ_FROM_SERVER'' must be followed by a path that will be used for writing the database file when initializing. Upon initialization, the database is always written to a local file, and must be copied with scp to the server (the client cannot upload the database file to the server, as this would open a security hole).

Example: --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain In this case, the client will request to download the database file from the server if checking, and will create a local database file /var/lib/samhain/data.samhain if initializing. You have to use scp to copy the file signature database to the server then.

NoteNote
 

For obvious security reasons, the client cannot specify the path to the database file on the server side. The server will lookup the databse file using only the hostname of the client and the compiled-in path for the 'localstatedir' (see below). The default for 'localstatedir' is /var.

The server will search for the database file to send in the following order of priority (see Section A.5>). CLIENTNAME is the hostname of the client's host, as listed in the server's config file in the Clients section:

  1. localstatedir/lib/yule/file.CLIENTNAME

  2. localstatedir/lib/yule/file

PrevHomeNext
Enabling logging to the serverUpRules for logging of client messages
MANUAL-2_3/chroot.html0000775000175000017500000001613012234446602014133 0ustar rainerrainer Chroot
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.9. Chroot

As of version 1.7.0, yuleis able to chroot itself after startup and initialization, either by using the command line option

bash$ yule --chroot=/chrootdir

or by requesting it in the configuration file:

[Misc]
SetChrootDir=path

In order to prepare for the chroot jail, the following is required:

TipTip
 

In the scripts subdirectory of the source directory there is a script chroot.sh to perform steps (4) and (5) (only for Linux).

  1. Compile normally. Make sure you use either dev/random (default if existing) or EGD (Entropy Gathering Daemon) for the entropy device. If dev/random does not exist, the default is the 'standard unix entropy gatherer', which uses the output of many system commands, and therefore is not suitable within a chroot jail.

  2. Install with the command(s): 

    bash$ make DESTDIR=/chrootdir install
bash$ make DESTDIR=/chrootdir install-user
bash$ make install-boot

  3. Fix the path to the yule binary in the runlevel start/stop script installed by the last command.

  4. Prepare the chroot environment. Basically, you need under /chrootdir

    (a) an entropy device, either dev/random, dev/urandom, or an EGD (Entropy Gathering Daemon) socket,

    (b) minimum etc/passwd, etc/group files, at least with entries for root and the unprivileged yule user. Replace passwords with an asterix, and make sure the homedirectory of the unprivileged yule user is correct within the chroot jail.

    (c) files required for DNS: etc/nsswitch.conf, etc/hosts, etc/host.conf, etc/resolv.conf, etc/services, etc/protocols.

  5. Create a symlink /etc/yulerc to /chrootdir/etc/yulerc (no, it will not work the other way round).

Because yule chroots after startup, there is no need to copy shared libraries into the chroot jail. They will be loaded upon startup, before the chroot() occurs.

TipTip
 

If you are using syslog logging, you need a dev/log socket in the chroot jail. Modern syslog incarnations will allow you to have an additional socket using the command:

bash$ syslogd -a /chrootdir/dev/log

TipTip
 

If you are using a GnuPG-signed configuration, you will need a working copy of gpg in the chroot jail.

PrevHomeNext
The HTML server status pageUpRestrict access with libwrap (tcp wrappers)
MANUAL-2_3/installation-download.html0000775000175000017500000001174212234446600017145 0ustar rainerrainer Download and extract
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.3. Download and extract

The current version of samhain can be downloaded from http://www.la-samhna.de/samhain/samhain-current.tar.gz. Older versions of samhain are available from the online archive. You should always make sure that you have a complete and unmodified version of samhain. This can be done by verifying the PGP signature (see below).

The downloaded tarball will contain exactly two files:

  1. A tarball named samhain-N.N.N.tar.gz (N.N.N is the version number) containing the source tree, and

  2. the PGP signature for this tarball, i.e. a file named samhain-N.N.N.tar.gz.asc. use of the dnmalloc allocator that is the default since samhain 2.4.5, and reverts to using the standard allocator provided by your system. 

sh$ wget http://la-samhna.de/samhain/samhain-current.tar.gz
sh$ gunzip -c samhain-current.tar.gz | tar tvf -
-rw-r--r-- 500/100      920753 2004-05-24 19:57:55 samhain-1.8.8.tar.gz
-rw-r--r-- 500/100         189 2004-05-24 19:58:29 samhain-1.8.8.tar.gz.asc

You might wish to verify the PGP signature now, in order to make sure that you have received a complete and unmodified version of samhain. All samhain releases are signed with the key 0F571F6C (Rainer Wichmann).

Key fingerprint = EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C

sh$ gpg --keyserver pgp.mit.edu --recv-keys 0F571F6C
sh$ gpg --verify samhain-N.N.N.tar.gz.asc samhain-N.N.N.tar.gz

Now you can proceed to extract the source tarball:

sh$ gunzip -c samhain-N.N.N.tar.gz | tar tvf -

This will create a new subdirectory samhain-N.N.N under your current directory. You should cd into this subdirectory to proceed with configuring the source:

sh$ cd samhain-N.N.N
PrevHomeNext
RequirementsUpConfiguring the source
MANUAL-2_3/index.html0000775000175000017500000003056512234446603013755 0ustar rainerrainer The Samhain Host Integrity Monitoring System

The Samhain Host Integrity Monitoring System

Copyright © 2002-2013 Rainer Wichmann

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. You may obtain a copy of the GNU Free Documentation License from the Free Software Foundation by visiting their Web site or by writing to: Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

This manual refers to version 3.1.0 of Samhain.

Table of Contents
1. Introduction
2. Compiling and installing
2.1. Overview
2.2. Requirements
2.3. Download and extract
2.4. Configuring the source
2.5. Build
2.6. Install
2.7. Customize
2.8. Initialize the baseline database
2.9. Run samhain
2.10. Files and directory layout
2.11. The testsuite
3. General usage notes
3.1. How to invoke
3.2. Using daemontool (or similar utilities)
3.3. Controlling the daemon
3.4. Signals
3.5. PID file
3.6. Log file rotation
3.7. Updating the file signature database
3.8. Improving the signal-to-noise ratio
3.9. Runtime options: command-line & configuration file
3.10. Remarks on the dnmalloc allocator
3.11. Support / Bugs / Problems
4. Configuration of logging facilities
4.1. General
4.2. Available logging facilities
4.3. Activating logging facilities and filtering messages
4.4. E-mail
4.5. Log file
4.6. Log server
4.7. External facilities
4.8. Console
4.9. Prelude
4.10. Using samhain with nagios
4.11. Syslog
4.12. SQL Database
5. Configuring samhain, the host integrity monitor
5.1. Usage overview
5.2. Available checksum functions
5.3. File signatures
5.4. Defining file check policies: what, and how, to monitor
5.5. Excluding files and/or subdirectories (All except …)
5.6. Timing file checks
5.7. Initializing, updating, or checking
5.8. The file signature database
5.9. Checking the file system for SUID/SGID binaries
5.10. Detecting Kernel rootkits
5.11. Monitoring login/logout events
5.12. Checking mounted filesystem policies
5.13. Checking sensitive files owned by users
5.14. Checking for hidden/fake/missing processes
5.15. Checking for open ports
5.16. Logfile monitoring/analysis
5.17. Checking the Windows registry
5.18. Modules
5.19. Performance tuning
5.20. Storing the full content of a file (aka: WHAT has changed?)
5.21. Inotify support on Linux (instantaneous reports, no I/O load)
6. Configuring yule, the log server
6.1. General
6.2. Important installation notes
6.3. Registering a client
6.4. Enabling logging to the server
6.5. Enabling baseline database / configuration file download from the server
6.6. Rules for logging of client messages
6.7. Detecting 'dead' clients
6.8. The HTML server status page
6.9. Chroot
6.10. Restrict access with libwrap (tcp wrappers)
6.11. Sending commands to clients
6.12. Syslog logging
6.13. Server-to-server relay
6.14. Performance tuning
7. Hooks for External Programs
7.1. Pipes
7.2. System V message queue
7.3. Calling external programs
8. Additional Features — Signed Configuration/Database Files
8.1. The samhainadmin script
9. Additional Features — Stealth
9.1. Hiding the executable
9.2. Packing the executable
10. Deployment to remote hosts
10.1. Method A: The deployment system
10.2. Method B: The native package manager
11. Security Design
11.1. Usage
11.2. Integrity of the samhain executable
11.3. Client executable integrity
11.4. The server
11.5. General
A. List of options for the ./configure script
A.1. General
A.2. Optional modules to perform additional checks
A.3. OpenPGP Signatures on Configuration/Database Files
A.4. Client/Server Connectivity
A.5. Paths
B. List of command line options
B.1. General
B.2. samhain
B.3. yule
C. Configuration file syntax and options
C.1. General
C.2. Files to check
C.3. Severity of events
C.4. Logging thresholds
C.5. Watching login/logout events
C.6. Checking for kernel module rootkits
C.7. Checking for SUID/SGID files
C.8. Checking for mount options
C.9. Checking for user files
C.10. Checking for hidden/fake/required processes
C.11. Checking for open ports
C.12. Logfile monitoring/analysis
C.13. Database
C.14. Miscellaneous
C.15. External
C.16. Clients
D. List of database fields
D.1. General
D.2. Modules
D.3. Syslog
E. List of recognized file types
  Next
  Introduction
MANUAL-2_3/consoledetails.html0000775000175000017500000001001512234446601015640 0ustar rainerrainer Console
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.8. Console

Up to two console devices are supported, both of which may also be named pipes. If running as daemon, samhain will use /dev/console for output, otherwise stdout. On Linux, _PATH_CONSOLE will be used instead of /dev/console, if it is defined in the file /usr/include/paths.h.

You can override this at compile time, or in the [Misc] section of the configuration file with the SetConsole=device option. Up to two console devices are supported, both of which may also be named pipes (use the SetConsole option twice to set both devices).

TipSwitching off
 

Invariably, some users set SetConsole=/dev/null to switch off console logging. This is highly ineffective, as the device will be opened, and the message written to it, for every log message. The correct way is to use PrintSeverity=none in the [Log] section of the configuration file (or the command line switch '-p none').

PrevHomeNext
External facilitiesUpPrelude
MANUAL-2_3/log-file-rotation.html0000775000175000017500000001016612234446601016172 0ustar rainerrainer Log file rotation
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.6. Log file rotation

samhain locks the logfile using a lock file. This lock file has the same path as the log file, with .lock appended. After sending SIGTTIN or SIGABRT to the samhain daemon, it will first finish its current tast (this may take some time), then unlock the log file (i.e. remove the logfile.lock file), wait three seconds, then proceed. Thus, to rotate the log file, you should use something like the following script:

#! /bin/sh

if test -f /usr/local/var/run/samhain.pid; then \
          PIN=`cat /usr/local/var/run/samhain.pid`; \
          /bin/kill -TTIN $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           AA=$(( AA + 1 )); \
           if test -f /usr/local/var/log/samhain_log.lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
	fi
        mv /usr/local/var/log/samhain_log /usr/local/var/log/oldlog

If you use the 'logrotate' tool, you could use the following (untested):

/usr/local/var/log/samhain_log {
    weekly
    rotate 52
    nocreate
    missingok
    compress

prerotate
        if test -f /usr/local/var/run/samhain.pid; then \
          PIN=`cat /usr/local/var/run/samhain.pid`; \
          /bin/kill -TTIN $PIN; \
          sleep 1; \
          AA=0; \
          while test "x$AA" != "x120"; do \
           AA=$(( AA + 1 )); \
           if test -f /usr/local/var/log/samhain_log.lock; then \
             sleep 1; \
           else \
             break; \
           fi \
          done; \
        fi
    endscript
}
PrevHomeNext
PID fileUpUpdating the file signature database
MANUAL-2_3/usercheck.html0000775000175000017500000000736612234446602014624 0ustar rainerrainer Checking sensitive files owned by users
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.13. Checking sensitive files owned by users

To compile with support for this option, use the configure option

./configure --enable-userfiles

samhain can be compiled to support checking of files that are specified as being relative to the a user's home directory. It is intended to detect interference with files that influence process behaviour such as .profile It simply adds the appropriate file entries to the main samhain list, at the specified alerting level. 

  [UserFiles]
  #
  # Activate (0 is off).
  #
  UserfilesActive=1

  #
  # Files to check for under each $HOME
  # A specific level can be specified.
  # The allowed values are:
  # allignore
  # attributes
  # logfiles
  # loggrow
  # noignore
  # readonly
  # user0
  # user1
  # user2
  # user3
  # user4
  # 
  # The default is noignore
  #
  UserfilesName=.login noignore
  UserfilesName=.profile readonly
  UserfilesName=.ssh/authorized_keys
  #
  # A list of UIDs where we want to check. 
  # The default is all.
  # IF THERE IS AN OPEN RANGE, IT MUST BE LAST
  #
  UserfilesCheckUids=0,100-500,1000-

This module by the eircom.net Computer Incident Response Team.

PrevHomeNext
Checking mounted filesystem policiesUpChecking for hidden/fake/missing processes
MANUAL-2_3/openpgp-signatures.html0000775000175000017500000000736112234446603016476 0ustar rainerrainer OpenPGP Signatures on Configuration/Database Files
The Samhain Host Integrity Monitoring System
PrevAppendix A. List of options for the ./configure scriptNext

A.3. OpenPGP Signatures on Configuration/Database Files

--with-gpg=PATH

Use GnuPG to verify database/configuration file. The public key of the effective user, usually root, (in ~/.gnupg/pubring.gpg) will be used.

--with-keyid=0x<hex KeyID>

This optional argument allows to specify a key ID, if there is more than one key in your keyring. This is only used for the installation routine, and for configuring the samhainadmin.pl convenience script.

--with-checksum=CHECKSUM

Compile in TIGER checksum of the gpg binary. CHECKSUM must be the full line output by samhain or gpg when computing the checksum.

--with-fp=FINGERPRINT

Compile in the fingerprint of the key used to sign the configuration/database file. If used, samhain will verify the fingerprint, but still report on the used public key.

PrevHomeNext
Optional modules to perform additional checksUpClient/Server Connectivity
MANUAL-2_3/layout.html0000775000175000017500000003326112234446601014155 0ustar rainerrainer Files and directory layout
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.10. Files and directory layout

TipTip
 

samhain has its own set of trusted users. Paths to critical files (e.g. the configuration file) must be writeable by trusted users only. Failure to ensure this (e.g. by compiling in an appropriate set of trusted users) is one of the most frequent reasons for problems. See below for details.

2.10.1. Trusted users and trusted paths

  • Trusted users are root and the effective user of the process (usually, the effective user will be root herself). Additional trusted users can be defined in the configuration file (see Sect. Section 4.5 for an example), or at compile time, with the option 

    bash$./configure --with-trusted=0,...

  • A trusted path is a path with all elements writeable only by trusted users. samhain requires the paths to the configuration and log file to be trusted paths, as well as the path to the pid file.

If a path element is group writeable, all group members must be trusted. If the path to the configuration file itself is writeable by other users than root and the effective user these must be defined as trusted already at compile time.

NoteNote
 

The list of group members in /etc/group may be incomplete or even empty. samhain will check /etc/passwd (where each user has a GID field) in addition to /etc/group to find all members of a group.

2.10.2. Directory layout

samhain conforms to the FHS, which mandates a directory layout that is different from the default GNU layout (everything in subdirectories under /etc/local).

TipTip
 

There is an option ./configure --enable-install-name=NAME. When this option is used, not only the executable is installed as NAME, but also in all the paths, samhain is replaced with NAME.

NoteNote
 

For the yule server, replace samhain with yule in the paths explained below.

The following table explains which directory layout results from ./configure --prefix=PREFIX

sbindirmandirsysconfdirlocalstatedir
PREFIX(none)  
/usr/local/sbin/usr/local/man/etc/var
PREFIXUSR (all capital)  
/usr/sbin/usr/share/man/etc/var
PREFIXOPT (all capital)  
/opt/samhain/bin/opt/samhain/man/etc/opt/var/opt/samhain
PREFIX/other  
/other/sbin/other/share/man/other/etc/other/var

The file signature database will be written to localstatedir/lib/samhain/samhain_file, the pid file to localstatedir/run/samhain.pid, and the log file to localstatedir/log/samhain_log. In addition, yule writes an HTML status file to localstatedir/log/yule/yule.html

To get a more fine-grained control on the layout, the following configure options are provided

  • --with-config-file=FILE — The path of the configuration file.

  • --with-log-file=FILE — The path of the log file.

  • --with-pid-file=FILE — The path of the pid file.

  • --with-data-file=FILE — The path of the file signature database file.

  • --with-html-file=FILE — The path of the HTML status file (server only).

2.10.3. Runtime files

2.10.3.1. Standalone or client

PurposeDirectory
Logfileslocalstatedir/log/
Data fileslocalstatedir/lib/samhain/
Pid filelocalstatedir/run/

2.10.3.2. Server

NoteNote
 

The server will drop root privileges after startup. I does not need write access to the data files, thus the data file directory is chmod 555 on installation. It does need write access to the log file directory. As the system logfile directory usually is owned by root, the install script will by default create a subdirectory and chown it to the unprivileged yule user. The PID file is written before dropping root.

PurposeDirectory
Logfileslocalstatedir/log/yule/
Data fileslocalstatedir/lib/yule/
Pid filelocalstatedir/run/

2.10.4. Installed files

2.10.4.1. Standalone or client

FileInstalled toMode
samhainsbindir/samhain700
samhainrcsysconfdir/samhainrc600
samhain.8mandir/man8/samhain.8644
samhainrc.5mandir/man5/samhainrc.5644
(samhain_setpwd)sbindir/samhain_setpwd700
(samhain_stealth)sbindir/samhain_stealth700

2.10.4.2. Server

FileInstalled toMode
yulesbindir/yule700
yulectlsbindir/yulectl700
yulercsysconfdir/yulerc600
samhain.8mandir/man8/yule.8644
samhainrc.5mandir/man5/yulerc.5644
samhain_setpwdsbindir/yule_setpwd700

PrevHomeNext
Run samhainUpThe testsuite
MANUAL-2_3/installation-running.html0000775000175000017500000000662012234446600017015 0ustar rainerrainer Run samhain
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.9. Run samhain

After successful initialization of the baseline database, you can run samhain in 'check' mode by typing:

sh$ samhain -t check

To run samhain as a daemon, you can either use the command line option '-D', or set daemon mode in the configuration file with the option 'Daemon=yes'.

TipTip
 

When testing samhain for the first time, you may want to use the command line option --foreground to run samhain in the foreground rather than as daemon. This allows to spot the reason for eventual problems much easier.

PrevHomeNext
Initialize the baseline databaseUpFiles and directory layout
MANUAL-2_3/gcm.html0000775000175000017500000000601112234446602013400 0ustar rainerrainer Detecting 'dead' clients
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.7. Detecting 'dead' clients

It is possible to set a time limit for the maximum time between two consecutive messages of a client (option SetClientTimeLimit in the [Misc] section of the configuration file). If the time limit is exceeded without a message from the client, the server will issue a warning. The default is 86400 seconds (one day); specifying a value of 0 will switch off this option.

You may want to set ExportSeverity = mark (or any lower threshold) in the client configuration file in order to log timestamp ('heartbeat') messages to the server.

PrevHomeNext
Rules for logging of client messagesUpThe HTML server status page
MANUAL-2_3/checking-mounts.html0000775000175000017500000000653512234446603015744 0ustar rainerrainer Checking for mount options
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.8. Checking for mount options

Section heading:

[Mounts]

Entries:

MountCheckActive=boolean — '1' to switch on, '0' to switch off.

MountCheckInterval=seconds — Interval between checks.

SeverityMountMissing=severity — Severity for missing mounts.

SeverityOptionMissing=severity — Severity for missing mount options.

CheckMount=/path [mount options] — Mount point to check. Mount options must be given as comma-separated list, separated by a blank from the preceding mount point.

PrevHomeNext
Checking for SUID/SGID filesUpChecking for user files
MANUAL-2_3/server-status-information.html0000775000175000017500000001434712234446602020017 0ustar rainerrainer The HTML server status page
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.8. The HTML server status page

yule writes the current status to a HTML file. The default name of this file is samhain.html, and by default it is placed in /var/log.

The file contains a header with the current status of the server (starting time, current time, open connections, total connections since start), and a table that lists the status of all registered clients.

There are a number of pre-defined events that may occur for a client:

Inactive

The client has not connected since server startup.

Started

The client has started. This message may be missing if the client was already running at server startup.

Exited

The client has exited.

Message

The client has sent a message.

File transfer

The client has fetched a file from the server.

ILLEGAL

Startup without prior exit. May indicate a preceding abnormal termination.

PANIC

The client has encountered a fatal error condition.

FAILED

An unsuccessful attempt to set up a session key or transfer a message.

POLICY

The client has discovered a policy violation.

TIME_EXCEEDED

No message (e.g. timestamp) has been received from the client for a defined amount of time (default 1 day, option SetClientTimeLimit).

For each client, the latest event of each given type is listed. Events are sorted by time. Events that have not occurred (yet) are not listed.

It is possible to specify templates for (i) the file header, (ii) a single table entry, and (iii) the file end. Templates must be named head.html, entry.html, and foot.html, respectively, and must be located in the data directory (i.e. localstatedir/lib/yule/, see Section A.5>). The distribution package includes two sample files head.html and foot.html.

The following replacements will be made in the head template:

PlaceholderSignificance
%TCurrent time.
%SStartup time.
%LTime of last connection.
%OOpen connections.
%ATotal connections since startup.
%MMaximum simultaneous connections.

The following replacements will be made in the entry template:

PlaceholderSignificance
%HHost name.
%SEvent.
%TTime of event.

TipTip
 

A literal '%' in the HTML output must be represented by a '% ' ('%' followed by space) in the template.

PrevHomeNext
Detecting 'dead' clientsUpChroot
MANUAL-2_3/stealthmode.html0000775000175000017500000004263312234446602015155 0ustar rainerrainer Additional Features — Stealth
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 9. Additional Features — Stealth

If an intruder does not know that samhain is running, s/he will make no attempt to subvert it. Hence, you may consider to run samhain in stealth mode, using some of the options discussed in this section.

9.1. Hiding the executable

samhain may be compiled with support for a stealth mode of operation, meaning that the program can be run without any obvious trace of its presence on disk. The following compile-time options are provided:

--enable-stealth=xor_val provides the following measures:

  1. All embedded strings are obfuscated by XORing them with some value xor_val chosen at compile time. The allowed range for xor_val is 128 to 255.

  2. The messages in the log file are obfuscated by XORing them with xor_val. The built-in routine for validating the log file (samhain -L /path/to/logfile) will handle this transparently. You may specify as path an already existing binary file (e.g. an executable, or a JPEG image), to which the log will get appended.

    TipTip
     

    Use samhain -jL /path/to/logfile if you just want to view rather than verify the logfile.

  3. Strings in the database file are obfuscated by XORing them with xor_val. You may append the database file to some binary file (e.g. an executable, or a JPEG image), if you like.

  4. The configuration file must be steganographically hidden in a postscript image file (the image data must be uncompressed). To create such a file from an existing image, you may use e.g. the program convert, which is part of the ImageMagick package, such as convert +compress ima.jpg ima.ps.

    TipTip
     

    make install will do this automatically before installation.

    To hide/extract the configuration data within/from the postscript file, a utility program samhain_stealth is provided. Use it without options to get help.

    NoteNote
     

    If --enable-stealth is used together with --with-gpg, then the config file must be signed before hiding it (rather than signing the PS image file afterwards).

--enable-micro-stealth=xor_val is like --enable-stealth, but uses a 'normal' configuration file (not hidden steganographically).

--enable-nocl[=ARG] will disables command line parsing. The optional argument is a 'magic' word that will enable reading command-line arguments from stdin. If the first command-line argument is not the 'magic' word, all command line arguments will be ignored. This allows to start the program with completely arbitrary command-line arguments.

--enable-install-name=NAME will rename every installed file from samhain to NAME when doing a make install (standalone/client installation), and likewise rename installed files from yule to NAME when doing a make install (server installation). Also, the boot scripts will be updated accordingly. Files created by samhain (e.g. the database) will also have samhain replaced by NAME in their filenames.

TipTip
 

The man pages have far too much specific information enabling an intruder to infer the presence of samhain. There is no point in changing samhain to NAME there — this would rather help an intruder to find out what NAME is. You probably want to avoid installing man8/samhain.8 and man5/samhainrc.5.

9.1.1. Using kernel modules to hide samhain (Linux/ix86 only)

NoteDoes NOT work on recent kernels
 

This module will not work on Linux 2.6.35 - and probably also not on slightly earlier version - because the system call table is now write protected.

NoteImportant
 

These modules modify the running kernel. Please read this section carefully (in particular the caveats noted at the end), and test the modules before installing. Without proper testing it may happen that you need to reboot into single user mode to remove the modules and to make your system useable again ...

If the configure option --enable-khide=SYSTEM_MAP is used, two (pre-2.6 kernel) or one (2.6 kernel) loadable kernel module(s) will be built. These are named samhain_hide.o / samhain_erase.o (pre-2.6) or samhain_hide.ko (2.6).

SYSTEM_MAP must be the path to the System.map file for your current kernel (e.g. /boot/System.map-rh-2.4.18-3). samhain_hide.o will hide every file/directory/process with the string NAME (from the configure option --enable-install-name=NAME). If the configure option --enable-install-name is not used, NAME is set to samhain. To hide the module itself, the second module samhain_erase.o is provided. Loading and immediately thereafter unloading this module will hide any module with the string NAME in its name. make install will install the kernel modules to the appropriate place. They will be loaded when booting into runlevel 2, 3, 4, or 5.

With 2.6 kernels, only one kernel module samhain_hide.ko will be build. This module is self-hiding, i.e. the separate samhain_erase module is not needed anymore. Otherwise it works as described above. Self-hiding can be switched off by passing the option 'removeme=0' to the module: insmod ./samhain_hide.ko removeme=0

Building a linux kernel module requires a proper build environment. You should have a link /lib/modules/`uname -r`/build which points to a functional build environment. Usually, you need to install the kernel sources for your kernel, and eventually (if compiling the modules fails) you may need to configure the kernel source for your kernel: 

  sh$ cd /your/kernel/source/directory
  sh$ make mrproper
  sh$ make cloneconfig
  sh$ make dep (obsolete for 2.6)
  sh$ make modules (only for 2.6)
  sh$ cd /lib/modules/`uname -r`
  sh$ ln -s /your/kernel/source/directory build

WarningCaveat no. 1
 

The hiding module will hide any process or file containing the name of the samhain executable. This implies that an intruder can hide herself if she can guess that name. You are strongly encouraged to use the ./configure option --enable-install-name=NAME to change the executable name to something really difficult to guess.

WarningCaveat no. 2
 

The modules are kernel-specific, and must be recompiled whenever the currently used kernel is recompiled or replaced by another one (even if the kernel version is identical). Failure to do so might lead to a kernel panic. The same is true if the System.map that you have specified at build time is not the one corresponding to your current kernel.

WarningCaveat no. 3
 

When the samhain_hide module is hidden, the kernel doesn't know anymore about its existence, thus it cannot be removed except by rebooting. On pre-2.6 kernels, hiding the samhain_hide.o module requires loading/unloading the samhain_erase.o module. On 2.6 kernels, the samhain_hide.ko module will automatically hide itself after loading, except if you pass the option 'removeme=0' to the module: insmod ./samhain_hide.ko removeme=0

WarningCaveat no. 4 - Important Linux 2.6 issue
 

The stealth module builds fine on Linux 2.6 (if the build system is properly configured — see above). It was tested on two systems: 2.6.5-7.104-smp (SuSE 9.1) and 2.6.6 (no SMP). It only worked on the latter system, while the first one was rendered unuseable (ls and ps didn't work anymore). Not sure about the reason.

Because on 2.6 the module will by default automatically hide itself, and cannot be removed then (except by rebooting), you should test the module with the option 'removeme=0', like e.g.: insmod ./samhain_hide.ko removeme=0

TipTip
 

Hidden files can still be accessed if their names are known, thus using the option --enable-install-name to rename installed files is recommended for security (also see caveat no. 1 above).

TipTip
 

Using the modules at system boot may cause problems with the GNOME (1.2) gdm display manager (seen on SuSE 7.4 with the Ximian desktop; no problems observed with kdm). In case of problems, you may need to reboot into single-user mode and edit the boot init script ...

PrevHomeNext
Additional Features — Signed Configuration/Database Files Packing the executable
MANUAL-2_3/server-logging.html0000775000175000017500000000773212234446602015577 0ustar rainerrainer Rules for logging of client messages
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.6. Rules for logging of client messages

As the log server may receive quite a large number of log messages from clients (depending on the number of clients and their threshold settings), client messages are treated specially and by default are only logged to facilities suitable for bulk logging: console, log file, relational database (if enabled), and external (if enabled).

To override this behavior, you can set the option UseClientSeverity=yes in the [Misc] section of the configuration file. In that case, the client message severity is used, and client messages are treated just like local messages (i.e. like those from the server itself).

If you also want to filter by message class, there is also an option UseClientClass=yes

All client messages are recorded in the main log file by default. However, it is possible to use separate log files for individual clients. This can be enabled with UseSeparateLogs=yes/no in the Misc section of the server configuration file. No locking will be performed for such separate client log files (only one instance of the server can listen on the TCP port, thus there will be no concurrent access).

PrevHomeNext
Enabling baseline database / configuration file download from the serverUpDetecting 'dead' clients
MANUAL-2_3/performance-tuning-server.html0000775000175000017500000001343012234446602017744 0ustar rainerrainer Performance tuning
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.14. Performance tuning

If connections time out because of slow network, you can raise the timeout with SetConnectionTimeout=seconds (the default is 900 seconds).

Even without tweaking, the server can probably handle some 100 connections per second on a 500Mhz i686. Depending on the verbosity of the logging that you wish, this should suffice even for some thousand clients.

Almost all time is spent (i) in the HMAC function that computes the message signatures, and (ii) if you do not have the gmp (GNU MP) multiple precision library, in the multiple precision arithmetic library (for SRP authentication).

The reason for (ii) is that samhain/yule will use a simple, portable, but not very efficient MP library that is included in the source code, if gmp is not present on your system.

To improve performance, you can:

  • install gmp, remove the file config.cache in the source directory (if you have run configure before), and then run configure and make again. The configure script should automatically detect the gmp library and link against it.

  • use a simple keyed hash (HASH-TIGER), which will compute signatures as HASH(message key) instead of the HMAC (HMAC-TIGER). This will save two of the three hash computations required for a HMAC signature.

    WarningCAVEAT
     

    Make sure you use the same signature type on server and client ! 

      [Misc]  
  #  
  # use simple keyed hash for message signatures
  # Make sure you set this both for client and server
  # 
  MACType=HASH-TIGER

  • build a static binary (use the --enable-static switch for configure). Static binaries are faster, and also more secure, because they cannot be subverted via libc.

    NoteNote
     

    Unfortunately this is not possible on Solaris. This is not a bug in samhain, but is because some functions in Solaris are only supplied by dynamic libraries.

  • change the compiler switches to optimize more aggressively.

  • if on a commercial UNIX, check whether the native compiler produces faster code than gcc (you need an ANSI C compiler). The configure script honours CC (compiler) and CFLAGS environment variables.

PrevHomeNext
Server-to-server relayUpHooks for External Programs
MANUAL-2_3/yule.html0000775000175000017500000001445112234446602013617 0ustar rainerrainer Configuring yule, the log server
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 6. Configuring yule, the log server

yule is the log server within the samhain file integrity monitoring system. yule is part of the distribution package. It is only required if you intend to use the client/server capability of the samhain system for centralized logging to yule.

WarningImportant
 

Client and server are distict applications, and must be built seperately. By default, installation names and paths (e.g. the configuration file) are different. Do not blame us if you abuse './configure' options to cause name clashes, if you install both on the same host.

To compile yule, you must use ./configure --enable-network=server. To compile a samhain client, you must use ./configure --enable-network=client.

6.1. General

yule is a non-forking server. Instead of forking a new process for each incoming logging request, it multiplexes connections internally. Apart from samhain client reports (see below), yule (version 1.2.8+) can also collect syslog reports by listening on port 514/udp, if compiled with this option enabled (see also man syslogd.

Each potential client must be registered with yule to make a connection (see Section 5.1> and the example below). The client tells its host name to the server, and the server verifies it against the peer of the connecting socket. On the first connection made by a client, an authentication protocol is performed. This protocol provides mutual authentication of client and server, as well as a fresh session key .

By default, all messages are encrypted using Rijndael (selected as the Advanced Encryption Standard (AES) algorithm). The 192-bit key version of the algorithm is used. There is a compile-time option to switch off encryption, if your local lawmakers don't allow to use it (see Appendix).

yule keeps track of all clients and their session keys. As connections are dropped after successful completion of message delivery, there is no limit on the total number of clients. There is, however, a limit on the maximum number of simultaneous connections. This limit depends on the operating system, but may be of order 1000.

Session key expire after two hours. If its session key is expired, the client is forced to repeat the authentication protocol to set up a fresh session key.

Incoming messages are signed by the client. On receipt, yule will:

  1. check the signature,

  2. accept the message if the signature can be verified, otherwise discard it and issue an error message,

  3. discard the clients signature,

  4. log the message, and the client's hostname, to the console and the log file, and

  5. add its own signature to the log file entry.

PrevHomeNext
Inotify support on Linux (instantaneous reports, no I/O load) Important installation notes
MANUAL-2_3/filetypes-defined.html0000775000175000017500000000746612234446603016252 0ustar rainerrainer List of recognized file types
The Samhain Host Integrity Monitoring System
Prev 

Appendix E. List of recognized file types

Filetypes have hierarchical names of the form G1:G2:G3, and in the "match(filetype)" condition you can specify filetypes as G1:G2:G3, or G1:G2 (less specific), or G1 (generic). The list of currently (version 2.8.2) recognized filetypes comprises:

  IMAGE:COMPRESSED:JPG 
  IMAGE:COMPRESSED:PNG 
  IMAGE:COMPRESSED:JPG 
  IMAGE:COMPRESSED:GIF 
  IMAGE:COMPRESSED:TIFF 
  IMAGE:COMPRESSED:PCX 
  IMAGE:RAW:BMP 
  IMAGE:RAW:XPM 
  IMAGE:SPECIAL:AUTOCAD 
  IMAGE:SPECIAL:COREL 
  IMAGE:SPECIAL:FITS 
  IMAGE:SPECIAL:VISIO 
  IMAGE:SPECIAL:DICM 
  IMAGE:SPECIAL:PHS 
  IMAGE:SPECIAL:XCF 

  MOVIE:COMPRESSED:RIFF 
  MOVIE:RAW:MOV 
  MOVIE:COMPRESSED:MPG 
  MOVIE:COMPRESSED:QT 
  MOVIE:COMPRESSED:FLI 
  MOVIE:COMPRESSED:FLASH 
  MOVIE:COMPRESSED:WMV 

  AUDIO:RAW:SND 
  AUDIO:RAW:EMOD 
  AUDIO:RAW:MOD 
  AUDIO:RAW:WAVE 
  AUDIO:RAW:DEC 
  AUDIO:STANDARD:MIDI 
  AUDIO:COMPRESSED:REAL 
  AUDIO:COMPRESSED:OGG 
  AUDIO:COMPRESSED:FLAC
  AUDIO:COMPRESSED:MP3

  ARCHIVE:COMPRESSED:LHA 
  ARCHIVE:COMPRESSED:RAR 
  ARCHIVE:COMPRESSED:ZIP 
  ARCHIVE:COMPRESSED:7Z
  ARCHIVE:COMPRESSED:COMPRESS 
  ARCHIVE:COMPRESSED:GZIP 
  ARCHIVE:COMPRESSED:BZIP2
  ARCHIVE:COMPRESSED:ARJ 
  ARCHIVE:COMPRESSED:HPAK 
  ARCHIVE:COMPRESSED:JAM 
  ARCHIVE:COMPRESSED:SQUISH 
  ARCHIVE:COMPRESSED:CAB 
  ARCHIVE:COMPRESSED:ZOO 
  ARCHIVE:COMPRESSED:XPK 
  ARCHIVE:PACKAGE:RPM 
  ARCHIVE:PACKAGE:DEB 
  ARCHIVE:UNIX:AR 
  ARCHIVE:UNIX:TAR 

  LIBRARY:JAVA:CLASS 

  DOCUMENT:OFFICE:WORD 
  DOCUMENT:OFFICE:EXCEL 
  DOCUMENT:OFFICE:WORD 
  DOCUMENT:OFFICE:ALL 
  DOCUMENT:ADOBE:PDF 
  DOCUMENT:ADOBE:EPS 
  DOCUMENT:STANDARD:RTF 
  DOCUMENT:ID:VCARD 

  EXECUTABLE:DOS:EXE 
  EXECUTABLE:DOS:COM 
  EXECUTABLE:UNIX:SHELL 
  EXECUTABLE:UNIX:ELF 
  EXECUTABLE:DOS:COM 
  EXECUTABLE:AMIGAOS:EXECUTABLE 

  DATABASE:ANY:ACCESS 
  DATABASE:ANY:MYSQL
PrevHome 
Syslog  
MANUAL-2_3/configfile-clients.html0000775000175000017500000001035312234446603016403 0ustar rainerrainer Clients
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.16. Clients

This section is relevant for yule only. Section heading:

[Clients]

Entries must be of the form:

Client=hostname@salt@verifier

See Section 6.3> on how to compute a valid entry.

The hostname must be the same name that the client retrieves from the host on which it runs. Usually, this will be a fully qualified hostname, no numerical address. However, there is no method that guarantees to yield the fully qualified hostname (it is not even guaranteed that a host has one ...). The only way to know for sure is to set up the client, and check whether the connection is refused by the server with a message like Connection attempt from unregistered host hostname In that case, hostname is what you should use.

WarningCAVEAT
 

Problems and oddities encountered in client/server setups (like client messages from 127.0.0.1, server warnings about unknown/unresolved peer, etc. are always (at least so far) due to incorrect configuration of the DNS or the /etc/hosts file.

A surprisingly large number of hosts are not able to determine the own hostname, or reverse lookup adresses on the own local network. Don't bother asking about such problems — fix your DNS.

PrevHomeNext
ExternalUpList of database fields
MANUAL-2_3/initializing-updating-checking.html0000775000175000017500000000755112234446602020720 0ustar rainerrainer Initializing, updating, or checking
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.7. Initializing, updating, or checking

In the Misc section of the configuration file, you can choose between initializing the database, updating it, or checking the files against the existing database:

ChecksumTest=init|update|check|none

If you use the mode none, you should specify on the command line one of init, update, or check, like: samhain -t check

As of version 1.8.1, there is a new command line flag --interactive to enable interactive updates. If you use this flag together with -t update, you will be asked if the database entry should be updated, whenever samhain encounters a modified file.

As of version 2.8.6, updates can also be done using a text file listing paths (one per line) of files to update, with the command line flag --listfile=path_to_listfile

PrevHomeNext
Timing file checksUpThe file signature database
MANUAL-2_3/portcheck.html0000775000175000017500000002161412234446602014622 0ustar rainerrainer Checking for open ports
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.15. Checking for open ports

To compile with support for this option, use the configure option

./configure --enable-port-check

This module enables samhain to check for open ports (services) on the local machine, and report ports that are open, but not listed in the configuration. Reports are like:

interface:portnumber/protocol (maybe_servicename)

This is a non-RPC service, e.g. 192.168.1.2:22/tcp (maybe_ssh). The service name is taken from /etc/services, and prepended by maybe_, because samhain cannot determine whether it really is the SSH daemon that is listening on this port.

interface:portnumber/protocol (servicename)

This is an RPC service, e.g. 192.168.1.2:2049/tcp (nfs). The service name is obtained by querying the portmapper daemon. The portmapper daemon may return a service name as listed in /etc/rpc, or just a number (if there is no name for the service). If the portmapper daemon only returns the number of the RPC service, samhain will list RPC_number as servicename.

5.15.1. Options

By default, (only) the interface corresponding to the 'official name' of the host will be scanned. Additional interfaces can be added via the option PortCheckInterface=(list of) IP address(es), where 'IP address' is the address of the interface that should be scanned. You can use this options multiple times to specify up to 15 additional interfaces, or supply a list of interfaces.

NoteDon't specify external interfaces
 

While it is possible to misuse this option to specify an external IP address, the check will only work for interfaces on the local machine.

Services (open ports) that are required or optional (allowed, but not required) can be specified with the options PortCheckRequired=interface:service list, and/or PortCheckOptional=interface:service list.

Services (open ports) that should be completely ignored can be specified with the option PortCheckIgnore=interface:service list.

Here, 'interface' should be the IP address of an interface, and 'service list' the comma-separated list of required/optional services. Each service must be listed as 'port/protocol' (e.g. 22/tcp) for a non-RPC service, and 'name/protocol' for an RPC service (e.g. portmapper/tcp). If an RPC service has no name, but just an RPC program number, then the name must be given as 'RPC_number' (e.g. RPC_100075).

By default, both TCP and UDP ports are scanned. To disable UDP scanning, the option PortCheckUDP=boolean can be used.

Ports that should be skipped during the check can be specified with the option PortCheckSkip=interface:port list.

Here, 'interface' should be the IP address of an interface, and 'service list' the comma-separated list 'port/protocol' pairs (e.g.: 22/tcp,514/udp,...) to skip.

This option is different from PortCheckIgnore=... in two ways: (i) since it allows to skip ports only, it does not work for RPC services which have no fixed port, and (ii) since the port is not probed, you can avoid error messages by obnoxious deamons.

TipMySQL (port 3306)
 

MySQL counts unsuccessful connection attempts and may refuse further connection if some limit is exceeded. You may want to use the PortCheckSkip option to avoid probing the MySQL port.

By default, all ports from 0 to 65535 are scanned. To change these limits, the options PortCheckMinPort=integer and PortCheckMaxPort=integer can be used.

5.15.2. Example configuration

  [PortCheck]
  #
  # Activate (default is on)
  #
  PortCheckActive = yes

  # The severity of reports: debug/info/notice/warn/err/crit/alert
  # (default is crit)
  #
  SeverityPortCheck = crit

  # These are the defaults
  #
  PortCheckMinPort = 0
  PortCheckMaxPort = 65535
 
  # Services that are required. This example specifies ssl (22/tcp), 
  # smtp (25/tcp), http (80/tcp), and portmapper.
  #
  PortCheckRequired = 192.168.1.128:22/tcp,25/tcp,80/tcp,portmapper/tcp,portmapper/udp

  # Services that are optional. This example specifies 
  # mysql (3306/tcp).
  #
  PortCheckOptional = 192.168.1.128:3306/tcp

  # Additional interfaces to scan. This example presumes that
  # the 'official hostname' corresponds to 192.168.1.128, and
  # that the machine has three more interfaces.
  # 127.0.0.1 (localhost) is not listed, hence not scanned.
  #
  PortCheckInterface = 192.168.1.129
  PortCheckInterface = 192.168.1.130
  PortCheckInterface = 192.168.1.131

  # The interval (in seconds) for port checks (default is 300 sec)
  #
  PortCheckInterval = 300

  # By default, UDP ports are checked as well as TCP ports.
  #
  PortCheckUDP = yes
PrevHomeNext
Checking for hidden/fake/missing processesUpLogfile monitoring/analysis
MANUAL-2_3/native-packages.html0000775000175000017500000002713212234446603015704 0ustar rainerrainer Method B: The native package manager
The Samhain Host Integrity Monitoring System
PrevChapter 10. Deployment to remote hostsNext

10.2. Method B: The native package manager

Samhain provides an easy method to create custom binary packages with the native package manager of your operating system. Basically, this works like:

bash$./configure [your preferred options]
bash$make rpm|deb|tbz2|depot|solaris-pkg

I.e. the binary package will be built with the compile options chosen in the preceding ./configure command. Supported package formats are: rpm (e.g. Redhat, SuSE, ...), deb (Debian), tbz2 (Gentoo Linux), depot (HP-UX), and solaris-pkg (Solaris).

TipCustomization
 

The binary package will use the OS-specific samhainrc.OS configuration file from the source directory, thus if you customize this, your package will contain your customized version.

TipBaseline initialization
 

Upon installation, the package will not automatically initialize the baseline database, and not start the daemon (though it will install the runlevel script to start upon boot).

TipClient packages
 

Samhain uses a password embedded in the binary for client/server authentication (for details see Section 6.3>). To avoid the need for changing the binary after installation (to set the password), it is possible to compile it in during package building (for RPM and DEB packages only). To do so, export the password in the PASSWORD environment variable before running the command make rpm or make deb.

NoteNote
 

For reasons explained in Section 11.2>, we do not recommend to distribute binary packages to third parties. On the other hand, it is perfectly ok to use a self-built binary package to install/distribute samhain on your machine/within your own network.

10.2.1. Building an RPM

10.2.1.1. Custom RPM

If you run ./configure in the source directory, a spec file samhain.spec will be created from samhain.spec.in. You can then use make rpm to create source and binary RPMs, or make srpm to create just the source RPM.

The RPM will be located in /usr/src/(distribution-specific)/RPMS/i386. Installing the RPM will not initialize the database automatically.

If anything fails during the build (and after installation has begun), just cd into the build directory and do a make uninstall && make uninstall-boot. If building for a non-RedHat system, the error messages will tell you which file paths in the spec file were incorrect.

10.2.1.2. Single-host

If you want to create an RPM for a single-host version of samhain without any fancy options, you can just run 

bash$ rpmbuild -ta samhain-version.tar.gz

on the tarball (there is a default spec file in there).

The RPM will be located in /usr/src/(distribution-specific)/RPMS/i386. Installing the RPM will not initialize the baseline database automatically.

10.2.2. Building an HP-UX package

First run ./configure in the source directory with your preferred options, then do a make depot. The result should be a package named samhain.depot, that can be installed with swinstall. Installing the package will not initialize the baseline database automatically.

10.2.3. Building a Solaris package

NoteNote
 

This is experimental and not well tested. Constructive feedback from experienced Solaris administrators is welcome.

First run ./configure in the source directory with your preferred options, then do a make solaris-pkg. The result should be a package named samhain.pkg.

10.2.4. Building a Gentoo Linux package

First run ./configure [your preferred options] in the source directory (reminder: use ./configure --prefix=USR, NOT ./configure --prefix=/usr for standard paths), then do a make tbz2. The .tbz2 package will be in /usr/portage/packages/All (this is just how Gentoo package building works).

The Gentoo package thus created will not initialize the database automatically upon installation. The .tbz2 package file will be in /usr/portage/packages/All (this is just how Gentoo package building works).

NoteNote
 

If you just want to install on your own system, rather than building a package for other machines, you can use the command make emerge (after running ./configure, of course).

10.2.5. Building a Debian package

First run ./configure in the source directory (reminder: use ./configure --prefix=USR, NOT ./configure --prefix=/usr for standard paths), then do a make deb. The .deb package and the corresponding .dsc file will be in the directory above the source directory (this is just how Debian package building works).

You will need the following additional Debian packages in order to build a Debian packages: apt-get fakeroot, apt-get debmake, apt-get debhelper, apt-get devscripts, and apt-get cpio.

The Debian package thus created will not initialize the database automatically upon installation. It will be located in the parent directory of the source directory (that's just the way the Debian build system works).

PrevHomeNext
Deployment to remote hostsUpSecurity Design
MANUAL-2_3/server-to-server.html0000775000175000017500000000537212234446602016075 0ustar rainerrainer Server-to-server relay
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.13. Server-to-server relay

As of version 2.2.0, it is possible to relay messages from one yule server to another. This is implemented in the same way as client-to-server connectivity, i.e. the relaying server and the endpoint server must be set up in the same way as a samhain client and a server, respectively (see Section 6.3>).

PrevHomeNext
Syslog loggingUpPerformance tuning
MANUAL-2_3/design.html0000775000175000017500000001223612234446603014112 0ustar rainerrainer General
The Samhain Host Integrity Monitoring System
PrevChapter 11. Security DesignNext

11.5. General

Obviously, a security application should not open up security holes by itself. Therefore, an inportant aspect in the development of samhain has been the security of the program itself. While samhain comes with no warranty (see the license), much effort has been invested to identify security problems and avoid them.

As the client requires root privileges, while the server does not, the clients has no open socket to listen on the network. Consequently, all client/server connections are initiated by the client.

To avoid buffer overflows, only secure string handling functions are used to limit the amount of data copied into a buffer to the size of the respective buffer (unless it is known in advance that the data will fit into the buffer).

On startup, the timezone is saved, and all environment variables are set to zero thereafter. Signal handlers, timers, and file creation mask are reset, and the core dump size is set to zero. If started as daemon, all file descriptors are closed, and the first three streams are opened to /dev/null.

If external programs are used (in the entropy gatherer, if /dev/random is not available), they are invoked directly (without using the shell), with the full path, and with a limited environment (by default only the timezone). Privileged credentials are dropped before calling the external program.

With respect to its own files (configuration, database, the log file, and its lock), on access samhain checks the complete path for write access by untrusted users. Some care has been taken to avoid race conditions on file access as far as possible.

Critical information, including session keys and data read from files for computing checksums, is kept in memory for which paging is disabled (if the operating system supports this). This way it is avoided that such information is transfered to a persistent swap store medium, where it might be accessible to unauthorized users.

Random numbers are generated from a pseudo-random number generator (PRNG) with a period of 2^88 (actually by mixing the output from three instances of the PRNG). The internal state of the PRNG is seeded from a strong entropy source (if available, /dev/random is used, else lots of system statistics is pooled and mixed with a hash function). The PRNG is re-seeded from the entropy source at regular intervals (one hour).

Numbers generated from a PRNG can be predicted, if the internal state of the PRNG can be inferred. To avoid this, the internal state of the PRNG is hidden by hashing the output with a hash function.

PrevHomeNext
The serverUpList of options for the ./configure script
MANUAL-2_3/security-design.html0000775000175000017500000001322612234446603015757 0ustar rainerrainer Security Design
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 11. Security Design

11.1. Usage

It is recommended to:

  • compile a static binary (not linked to shared libraries), using the configure option --enable-static if possible (not possible on Solaris — this is a Solaris problem, not a problem of samhain)

  • strip the binary (on i386 Linux/FreeBSD, also use the provided sstrip utility: strip samhain && sstrip samhain). This will help somewhat against intruders that try to run it under a debugger ...

    NoteNote
     

    make install will always strip the excutables. Trying to strip again by hand may corrupt the executable.

  • use signed database/configuration files using the configure option --with-gpg=PATH_TO_GPG, and compile in the fingerprint of the signing key ( --with-fp=...)

  • take a look at the stealth options - while 'security by obscurity' only is a very bad idea, it certainly helps if an intruder does not know what defenses you have in place

  • read the next chapter to understand how the integrity of the samhain executable can be verified.

11.1.1. Client security in a client/server system

In a client/server Samhain system, if an intruder has obtained root privileges on the server he may modify configuration files that are stored on the server and downloaded by the clients. Thus, if the client executes shell commands given in the configuration file (via the shell expansion option, or by logging events to external commands specified in the configuration file), this may allow the intruder to take over the clients as well.

As of version 2.8.5, there are two ways to protect against this scenario:

first, you can use the option --with-gpg=PATH to use signed configuration (and baseline database) files. The signature is checked on the client, after downloading the configuration file from the server. It is thus not possible to make the client perform any actions if the configuration file is not signed correctly (note that in versions before 2.8.5, the signature would be checked too late to prevent the attack).

second, you can just forego any execution of external programs by compiling with the options --disable-shellexpand --disable-external-scripts. No shell expansion will be performed on configuration file directives, and no logging to external programs will be supported.

PrevHomeNext
Method B: The native package manager Integrity of the samhain executable
MANUAL-2_3/testsuite.html0000775000175000017500000001622412234446601014671 0ustar rainerrainer The testsuite
The Samhain Host Integrity Monitoring System
PrevChapter 2. Compiling and installingNext

2.11. The testsuite

Samhain comes with a suite of verification/regression tests located in the test/ subdirectory of the source tree.

The driver script is test/test.sh. Calling it without arguments will provide some usage information. The script should be called as:

test.sh [options] <test_number>

The driver script is test/test.sh. Calling it without arguments will provide some usage information. The script should be called as:

bash$ test/test.sh [options] <test_number>

The possible tests are:

  1  -- Compile with many different options
  2  -- Hash function            
  3  -- Standalone init/check
  4  -- Microstealth init/check
  5  -- External program call    
  6  -- Controlling the daemon (signal handling)
  7  -- GnuPG signed files / prelude log
  8  -- Suidcheck
 10  -- Test client/server init/check      
 11  -- Test full client/server init/check 
 12  -- Test full client/server w/gpg      
 13  -- Test full client/server w/mysql    (only with --really-all)
 14  -- Test full client/server w/postgres (only with --really-all)
 all -- All tests (non-applicable tests will be skipped)

The recognized options are as follows:

  1. -q|--quiet No output; success/failure is reported vi exit status only.

  2. -v|--verbose Report additional information.

  3. -s|--stoponerr Stop when a test fails.

  4. --no-cleanup Don't clean up generated test data (useful to investigate the reason for a failure).

  5. --srcdir=... Tell the script the location of the source tree (not necessary if run from the top source directory).

  6. --color=always|never|auto Whether to use colour for output. Default is 'auto' (no colour if stdout is not a terminal).

  7. --really-all This option enable additional test that are not run usually (see below).

NoteThe --really-all option
 

This option enables the following additional tests:

  1. smatch As part of the compile test suite (test 1), the smatch checker will be used (see smatch.sourceforge.net). Requires a appropriate setup (patched gcc in /usr/local/gcc-smatch/bin/, smatch scripts in ../sm_scripts.

  2. prelude logging Logging to prelude will be tested as part of test 7. Requires prelude-manager, and requires that samhain is already registered as analyzer. This test is designed such that it should not interfere with an eventually running instance of prelude-manager.

  3. mysql/postgresql logging Logging to mysql and/or postgresqlwill be tested with tests 13/14. Requires a running database with an existing default setup (database/user/password = samhain/samhain/samhain, table = log).

WarningCAVEAT
 

The database tests (13/14) with --really-all will modify (i.e. log to) the database. These are the only tests that are not confined to the directory where the test is run.

PrevHomeNext
Files and directory layoutUpGeneral usage notes
MANUAL-2_3/severity-of-events.html0000775000175000017500000001026512234446603016417 0ustar rainerrainer Severity of events
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.3. Severity of events

Section heading (see Section 4.1.1> for more details):

[EventSeverity]

Entries:

SeverityReadOnly=severity

SeverityLogFiles=severity

SeverityGrowingLogs=severity

SeverityIgnoreNone=severity

SeverityIgnoreAll=severity

SeverityAttributes=severity

SeverityUser0=severity

SeverityUser1=severity

SeverityUser2=severity

SeverityUser3=severity

SeverityUser4=severity

SeverityPrelink=severity

SeverityFiles=severity

SeverityDirs=severity

SeverityNames=severity

severity may be one of none, debug, info, notice, warn, mark, err, crit, alert.

PrevHomeNext
Files to checkUpLogging thresholds
MANUAL-2_3/command-line-yule.html0000775000175000017500000000674412234446603016167 0ustar rainerrainer yule
The Samhain Host Integrity Monitoring System
PrevAppendix B. List of command line optionsNext

B.3. yule

  1. -S, --server Run as server. Only required if the binary is dual-purpose.

  2. -q, --qualified Log received messages with the fully qualified name of client host.

  3. --chroot=<arg> Chroot to to the directory arg (should be an absolute path.

  4. -G, --gen-password Generate a random password suitable for use in the following option (16 hexadecimal digits).

  5. -P <arg>, --password=<arg> Compute a client registry entry. arg is the chosen password (16 hexadecimal digits).

PrevHomeNext
samhainUpConfiguration file syntax and options
MANUAL-2_3/controlling-the-daemon.html0000775000175000017500000001326712234446601017215 0ustar rainerrainer Controlling the daemon
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.3. Controlling the daemon

As part of their boot concept, some systems have individual start/stop scripts for each service (daemon). As a minimum, these scripts take either 'start' or 'stop' as argument, sometimes also e.g. 'reload' (to reload the configuration), 'restart', or 'status' (check whether the daemon is running). While this is convenient, there are also a number of problems:

  • Some systems do not have such start/stop scripts.

  • There is no standard for the location of these scripts.

  • There is no standard for the arguments such a script may take, neither for their interpretation (e.g.: on Linux distribution XYZ, do the start/stop scripts take 'status' as argument, and if, is the status reported by printing a message or by the exit status ?)

To provide a portable interface for controlling the samhain daemon, the executable itself can serve for this purpose (only if invoked by the superuser) The supported actions, which must be given as first argument on the command line, are:

  • start Start samhain. Arguments after 'start' are passed to the process. Daemon mode will be enforced, as well as running in 'check' mode, irrespective of command line or config file settings.

  • stop Stop the daemon. On Linux and Solaris, actually all running instances of samhain are stopped, even if no pid file is available.

  • restart Stop and start.

  • reload or force-reload Reload the configuration file.

  • status Check whether the daemon is running.

Success/failure is reported via the exit status as follows: 0 Success. (On Linux/Solaris, stop will always be successful, on other systems only if the pid file is found.) 1 Unspecified error. 4 User had insufficient privilege. 5 Program is not installed. 7 Program is not running.

If the status command is given: 0 Program is running. 1 Program is dead and /var/run pid file exists. 3 Program is stopped. 4 Program status is unknown.

I.e., this interface behaves as mandated by the LSB Standard for init scripts.

PrevHomeNext
Using daemontool (or similar utilities)UpSignals
MANUAL-2_3/samhain-command-line.html0000775000175000017500000001137012234446603016620 0ustar rainerrainer samhain
The Samhain Host Integrity Monitoring System
PrevAppendix B. List of command line optionsNext

B.2. samhain

  1. -t <arg>, --set-checksum-test=<arg> Set file checking to init, update, or check. Use init to create the database, update to update it, and check to check files against the database.

    TipTip
     

    Yes, it is normal that update takes much more time than init.

  2. -i, --interactive Use interactive mode for update (ask before updating an entry).

  3. --listfile=<path> Use a text file comprising a list of files to update (one file per line).

  4. -e <arg>, --set-export-severity=<arg> Set the severity threshold for forwarding messages to the log server. arg may be one of none, debug, info, notice, warn, mark, err, crit, alert.

  5. -r <arg>, --recursion=<arg> Set the default recursion level for directories (0 -- 99).

  6. --init2stdout Write the database to stdout when performing the initialization.

PrevHomeNext
List of command line optionsUpyule
MANUAL-2_3/send-commands.html0000775000175000017500000001537612234446602015400 0ustar rainerrainer Sending commands to clients
The Samhain Host Integrity Monitoring System
PrevChapter 6. Configuring yule, the log serverNext

6.11. Sending commands to clients

It is generally not possible to send commands to clients, because the client does not listen on the network (the client needs root privileges to perform its tasks, and you don't want a root network daemon).

However, it is possible to send a command if and when a client connects to deliver a message. As of version 1.8.0, clients use a new version of the client/server protocol, which includes a set of pre-defined commands that are understood by the client. Currently implemented are RELOAD to reload the configuration, SCAN to request a file system check (ouside the regular schedule), and STOP to terminate the client.

Pre-1.8.0 clients, or clients build with the (optional) old protocol version, will simply ignore such commands.

6.11.1. Communicating with the server

As of version 1.8.0, yule can send a command to a client if and when a client connects to deliver a message, e.g. a timestamp message (clients are not listening on the network, and thus commands can only be sent together with the confirmation when a message is received).

Of course the server needs to know which (if any) command to send. Therefore it can open a unix domain socket upon startup (in the same directory as the PID file). Opening this command interface must be requested explicitely with the option SetUseSocket=yes (in the [Misc] section).

A separate application yulectl is compiled together with the server that provides a command-line interface to access this facility. Use yulectl -h for help.

6.11.2. Authenticating to the server

There are two methods to authenticate to the server. If supported by the OS, authentication is done by passing the credentials of the socket peer to the server (this is a special feature of unix domain sockets), and requiring the UID of the the socket peer (i.e. the user using the yulectl program) to match a UID as set with the SetSocketAllowUid=UID option (default is 0, i.e. only root can use the interface).

NoteNote
 

If passing credentials over the socket is supported by the OS, it is not possible to fake these credentials - they are supplied by the kernel. Therefore, the server can rely on the fact that the user process writing to the socket has indeed the UID passed via the socket. Thus, the access rights to the socket are basically not important (on some systems, they are not even recognized/respected at all).

As of version 1.8.12, if (and only if) passing credentials over the socket is not supported, you can specify a password with the SetSocketPassword=password option. The password must be 14 characters or less, and must not include the '@' character.

Of course you must supply the password to yulectl if you want to communicate with the server. To do so, create a file .yulectl_cred in your home directory, and place the password there.

NoteNote
 

Password authentication is not supported if the OS supports the aforementioned method. You can use yule -v to find out which of the two authentication methods is supported.

PrevHomeNext
Restrict access with libwrap (tcp wrappers)UpSyslog logging
MANUAL-2_3/configuration-external.html0000775000175000017500000000510512234446601017323 0ustar rainerrainer External facilities
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.7. External facilities

samhain can invoke external scripts/programs for logging (i.e. to implement support for pagers etc.). This is explained in detail in Chapter 7>.

PrevHomeNext
Log serverUpConsole
MANUAL-2_3/logging-thresholds.html0000775000175000017500000001014712234446603016443 0ustar rainerrainer Logging thresholds
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.4. Logging thresholds

Section heading (see Section 4.3> for more details):

[Log]

Entries:

MailSeverity=list of [optional specifier]threshold

PrintSeverity=list of [optional specifier]threshold

LogSeverity=list of [optional specifier]threshold

SyslogSeverity=list of [optional specifier]threshold

PreludeSeverity=list of [optional specifier]threshold

ExportSeverity=list of [optional specifier]threshold

ExternalSeverity=list of [optional specifier]threshold

DatabaseSeverity=list of [optional specifier]threshold

threshold may be one of none, debug, info, notice, warn, mark, err, crit, alert.

The optional specifier may be one of '*', '!', or '=', which are interpreted as 'all', 'excluding', and 'only', respectively. Examples: specifying '*' is equal to specify 'debug'; specifying '!*' is equal to specifying 'none'; 'info,!alert' is the range from 'info' to 'crit'; and 'info,!=mark' is info and above, but excluding 'mark'.

PrevHomeNext
Severity of eventsUpWatching login/logout events
MANUAL-2_3/file-signatures.html0000775000175000017500000000756512234446601015751 0ustar rainerrainer File signatures
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.3. File signatures

samhain works by generating a database of file signatures, and later comparing file against that database to recognize file modifications and/or added/deleted files.

File signatures include:

  • a 192-bit cryptographic checksum computed using the TIGER hash algorithm (alternatively SHA-1, MD5, or SHA2-256 can be used),

  • the inode of the file,

  • the type of the file,

  • owner and group,

  • access permissions,

  • on Linux only: flags of the ext2 file system (see man chattr),

  • the timestamps of the file,

  • the file size,

  • the number of hard links,

  • minor and major device number (devices only)

  • and the name of the linked file (if the file is a symbolic link).

Depending on the policy chosen for a particular file, only a subset of these may be checked for modifications (see Section 5.4.1>), but usually all these informations are collected.

PrevHomeNext
Available checksum functionsUpDefining file check policies: what, and how, to monitor
MANUAL-2_3/compilation-options.html0000775000175000017500000002336512234446603016655 0ustar rainerrainer List of options for the ./configure script
The Samhain Host Integrity Monitoring System
PrevNext

Appendix A. List of options for the ./configure script

A.1. General

--with-rnd=egd/dev/unix/default

The entropy gatherer to use. 'egd' is the Entropy Gathering Daemon (EGD), 'dev' is /dev/random, 'unix' is the built-in Unix entropy gatherer (similar to EGD), and 'default' will check for /dev/random first, and use 'unix' as fallback.

--with-egd-socket=NAME

The path to the EGD socket. Default is localstatedir/lib/samhain/entropy (see Section A.5).

--enable-identity=USER

The username to use when dropping root privileges (default nobody).

--with-sender=SENDER

The username of the sender for e-mail, or a complete e-mail address. If only a username is given, SENDER@{FQDN_of_local_host} will be used for the sender. Default is daemon.

--with-recipient=ADDR

The recepient(s) for e-mail, seperated by whitespace (max. 8). You can add recepients in the configuration file as well.

--with-trusted=UID

Trusted users (must be a comma-separated list of numerical UIDs). Only required if the configuration file must be on a path writeable by others than root and the effective user.

--with-timeserver=HOST

Set host address for time server (default is to use own clock). You can set this in the configuration file as well. An address in the configuration file will take precedence. Note that the simple 'time' service (port 37/tcp) is used.

--with-alttimeserver=HOST

Set host address for an alternative (backup) time server.

--enable-stealth=XOR_VAL

Enable stealth mode, and set XOR_VAL. XOR_VAL must be decimal, in the range 127 -- 255, and will be used to obfuscate literal strings.

--enable-micro-stealth=XOR_VAL

As --with-stealth, but without steganographic hidden configuration file.

--enable-nocl=PW

Command line parsing is disabled, but command-line arguments will be read from STDIN if the first command line argument is PW. PW="" (empty string) will disable command line parsing completely. This option may be used as addition to --enable(-micro)-stealth to prevent interactive enforcement of telltale output.

--enable-install-name=NAME

Upon installation, rename every file from samhain (or yule for the server) to NAME. To be used in conjunction with --with-(micro-)stealth.

--enable-khide=SYSTEM_MAP

(Linux only) compile kernel modules to hide all files with NAME (from --enable-install-name=NAME) within the path. By default, NAME is 'samhain' for the client/standalone version, and 'yule' for the server. SYSTEM_MAP must be the path to the System.map file corresponding to the kernel.

--enable-base=B1,B2

Set compiled-in key for email and logfile signature verification. ONE string (no space) made of TWO comma-separated integers in the range 0 -- 2147483647. See Section 11.2> for details on this option.

--enable-db-reload

[CLIENT ONLY] Enable reload of file database on SIGHUP (otherwise, only the config file will be read again).

--enable-xml-log

Enable XML format for the log file.

--with-database=mysql/postgresql/oracle/odbc

Support logging to a relational database (MySQL, PostgreSQL, Oracle or unixODBC). Oracle and unixODBC are not fully tested.

--with-prelude

Support logging to the Prelude IDS system. Requires the libprelude library.

--with-libprelude-prefix=PFX

Prefix where libprelude is installed. This will be used to search libprelude-config in the PFX/bin/ directory.

--disable-ipv6

Disable IPv6 support.

--enable-debug[=gdb]

Enable debugging. Will slow down things, increase resource usage, and may leak information that should be kept secure. Will dump 'core' and 'samhain_backtrace' in the root directory on segfault. Do not use in production code.

If used as --enable-debug=gdb, will only compile in debugging symbols for the GNU gdb compiler. This is more suitable for debugging the code itself.

--enable-ptrace

Periodically check whether a debugger is attached, and abort if yes. Only takes effect if --enable-debug is not used. Only tested on Linux.

--with-cflags=FLAGS

Additional flags to pass to the compiler.

--with-libs=LIBS

Additional libraries to link with.

--disable-largefile

Disable support for large files (> 2GB). Large file support is enabled automatically if your system supports it.

--enable-udp

This options enables code to listen on port 514/upd, i.e. the syslog port. Thus the server can receive syslog reports from remote hosts (if they are configured to send), and log them to any of the log facilities supported by samhain. If you compile in support for this, you still need to enable it in the runtime configuration file.

--disable-dnmalloc

This options disables use of the dnmalloc allocator that is the default since samhain 2.4.5, and reverts to using the standard allocator provided by your system.

--disable-ssp

This options disables use of the GCC stack protector.

--enable-suid

With this option, samhain will honour the SUID bit instead of resetting all privileges to the real UID of the process. Required for Nagios if samhain is invoked by the Nagios plugin itself, unless you want to use sudo instead.

--disable-shellexpand

This options disables the expansion of shell commands in the configuration file.

--disable-external-scripts

This options disables the possibility to call an external program to log an event (or perform active response).

--enable-message-queue[=MODE]

This options enables logging to a POSIX message queue, where MODE should be the octal permission for the queue (default is 0700).

PrevHomeNext
General Optional modules to perform additional checks
MANUAL-2_3/options-configuration-file.html0000775000175000017500000000632412234446601020115 0ustar rainerrainer Runtime options: command-line & configuration file
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.9. Runtime options: command-line & configuration file

All command line options are described in Appendix B>. Note that depending on the ./configure options used for compiling, not all options may be available. You can get a list of valid options with samhain --help.

All settings in the configuration file, are described in Appendix C>. Note that depending on the ./configure options used for compiling, not all options may be available. If you are using unsupported options, samhain will log warning messages upon startup, including the line number of the offending line in the configuration file.

PrevHomeNext
Improving the signal-to-noise ratioUpRemarks on the dnmalloc allocator
MANUAL-2_3/watching-login-logout-events.html0000775000175000017500000000642612234446603020370 0ustar rainerrainer Watching login/logout events
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.5. Watching login/logout events

Section heading:

[Utmp]

Entries:

LoginCheckActive=boolean — '1' to switch on, '0' to switch off.

LoginCheckInterval=seconds — Interval between checks.

SeverityLogin=severity — Severity for login events.

SeverityLoginMulti=severity — Severity for multiple logins by same user.

SeverityLogout=severity — Severity for logout events.

PrevHomeNext
Logging thresholdsUpChecking for kernel module rootkits
MANUAL-2_3/mountcheck.html0000775000175000017500000000723312234446602015001 0ustar rainerrainer Checking mounted filesystem policies
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.12. Checking mounted filesystem policies

To compile with support for this option, use the configure option

./configure --enable-mounts-check

samhain can be compiled to check if certain filesystems are mounted, and if they are mounted with the appropriate options. This module currently supports Linux, Solaris, HP-UX (mount options as in /etc/mnttab), and FreeBSD. The configuration of the module is done in the Mounts section of the configuration file: 

  [Mounts]
  #
  # Activate (0 is off).
  #
  MountCheckActive=1
  #
  # Interval between checks.
  #
  MountCheckInterval=7200
  #
  # Logging severities. We have two checks: to see if a mount is there, and to
  # see if it is mounted with the correct options.
  #
  SeverityMountMissing=warn
  SeverityOptionMissing=warn
  #
  # Mounts to check for, followed by lists of options to check on them.
  #
  checkmount=/
  checkmount=/var
  checkmount=/usr
  checkmount=/tmp noexec,nosuid,nodev 
  checkmount=/home noexec,nosuid,nodev

This module by the eircom.net Computer Incident Response Team.

PrevHomeNext
Monitoring login/logout eventsUpChecking sensitive files owned by users
MANUAL-2_3/stylesheet-images/0000755000175000017500000000000010211417007015363 5ustar rainerrainerMANUAL-2_3/stylesheet-images/up.gif0000644000175000017500000000163210211417007016500 0ustar rainerrainerGIF87a#!!))11BBcckkƌΔ޵,##H*\p Dh` @ D(d ,(`KF@Pq̩PB "0PTrL jNjjMsB|4˶m€;MANUAL-2_3/stylesheet-images/warning.gif0000644000175000017500000000203410211417007017516 0ustar rainerrainerGIF87a!)1BJRZks{{{RRZZ{{99JJ11))))))!!,yC p`6Da p#ǏQ\̈#E S@q#PL"K"NJSpT9@2C^!3 3sh@7 z {5kdeKv5+͚C рJYg0@,Sjuf 8@a@3T G;P}@NNI2C"t́ag}Q;m7fD>ou;w ;MANUAL-2_3/stylesheet-images/prev.gif0000644000175000017500000000166010211417007017031 0ustar rainerrainerGIF87a#!!))11BBJJRRkkssƌΔΥ֭,#)H*\ȰCH|bP(@":(P`D@ 4  Ӟ>A,J$ (u U0"A zh@#XA@ H@W߿; ;MANUAL-2_3/stylesheet-images/toc-blank.gif0000644000175000017500000000013710211417007017725 0ustar rainerrainerGIF89a , ɇ8۪`%_ƕtf;MANUAL-2_3/stylesheet-images/toc-plus.gif0000644000175000017500000000151610211417007017623 0ustar rainerrainerGIF89a , 38P*LPC6tx0hH1LJ)6)qD ;MANUAL-2_3/stylesheet-images/home.gif0000644000175000017500000000174310211417007017007 0ustar rainerrainerGIF87a#!!))11BBJJccssƌΔΥ޵,#%H*\ȰC4p A24 @`42D@` P J F` I(%X`@p@ XAPJ``@:H:)֜\ E٠$P6-Y傐`U{ ֔&d@HAA+^!A.la\ͺ;MANUAL-2_3/stylesheet-images/toc-minus.gif0000644000175000017500000000151310211417007017770 0ustar rainerrainerGIF89a , 08P*LPÆ641:ܘPč?V"A;MANUAL-2_3/stylesheet-images/tip.gif0000644000175000017500000000200510211417007016643 0ustar rainerrainerGIF87a  !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~, HA*xX)J"Btvoa{&!%J,2M3QUQsj)TK!s W&tV{{BYTI7yFЛх*^Uh k`֔x˞ )Hv[?]m&V'^BxpBÀ#DẂV2 g-Oz3& kQ«k='ۘɔ=x"m|_@;MANUAL-2_3/stylesheet-images/important.gif0000644000175000017500000000207110211417007020067 0ustar rainerrainerGIF87a)))999BB1BBBJJJRRRZZ)ccccRccckkBkkkssR{{{9{ZZc{c!9k{JRZZsRck!19R!)1Zc{1B19J!,HpA*ܲĆ ""Bae!A+3,|ҤcG,0$WRTC dd͔ML9& |ܰs 5WR@ARM< $J rSG 8Pܼ"i'c9,""LdOW`+D2ͫ2$pиa (e|QGE(YaD`P 8j,XEJt@P?MeHL)%d)؝ JCgep`-[ tYb 16|o "ؕd=H)UDFW4  热-XċBݐ'ơ:o ;MANUAL-2_3/stylesheet-images/note.gif0000644000175000017500000000205610211417007017022 0ustar rainerrainerGIF87a  !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~, HA*ثR:[1F{1J&R<(Zʓ[Hi&L5 :+ub)LS`QzRAJ5kr͚3F Ftn9 <Ҙ9Mu lFQE=5k-5Szҿw=QbsT¸$eJ{Jq\ǫ=@W˚Z!l3ƦR<-%3!c[B*'{ƚxyǨ^Sj lĊQ9o;6$H;MANUAL-2_3/stylesheet-images/next.gif0000644000175000017500000000170410211417007017032 0ustar rainerrainerGIF87a#!!))11BBJJRRcckkƌΔΥ֭޵,#+H*\ȰÂL(!ć %pQ "8T@( Configuration of logging facilities
The Samhain Host Integrity Monitoring System
PrevNext

Chapter 4. Configuration of logging facilities

The configuration file for samhain is named samhainrc by default. Also by default, it is placed in /etc. (Name and location is configurable at compile time). The distribution package comes with a commented sample configuration file. The layout of the configuration file is described in more details in Section C.1.

4.1. General

Events (e.g. unauthorized modifications of files monitored by samhain) will generate messages of some severity. These messages will be logged to all logging facilities, whose threshold is equal to, or lower than, the severity of the message.

4.1.1. Severity levels

The following severity levels are defined:

LevelSignificance
noneKeyword to switch off a looging facility (*).
debugDebugging-level messages.
infoInformational message.
noticeNormal conditions.
warnWarning conditions.
markTimestamps.
errError conditions.
critCritical conditions.
alertProgram startup/normal exit, or fatal error, causing abnormal program termination.
inetIncoming messages from clients (server only).

(*) the keyword 'none' can only be used as a threshold for logging facilities, to indicate that no messages shall be logged via that facility.

Most events (e.g. timestamps, internal errors, program startup/exit) have fixed severities. The following events have configurable severities: (*) the keyword 'none' can only be used as a threshold for logging facilities, to indicate that no messages shall be logged via that facility.

  • (server only) failure to resolve a client address (section [Misc], option SeverityLookup)

  • policy violations (for monitored files)

  • access errors for files

  • access errors for directories

  • obscure file names (with non-printable characters) and/or invalid UIDs/GIDs (no such user/group)

  • login/logout events (if samhain is configured to monitor them)

Severity levels for events (see Section 4.1.1>) are set in the EventSeverity and (for login/logout events) the Utmp sections of the configuration file.

In the configuration file, these can be set as follows:

  [EventSeverity]  
  #  
  # these are policies  
  # 
  SeverityReadOnly=crit 
  SeverityLogFiles=crit
  SeverityGrowingLogs=warn 
  SeverityIgnoreNone=crit 
  SeverityIgnoreAll=info 
  #  
  # these are access errors 
  # 
  SeverityFiles=err 
  SeverityDirs=err 
  #  
  # these are obscure file names 
  # and/or invalid UIDs/GIDs (no such user/group) 
  # 
  SeverityNames=info 
  #  
  # This is the section for login/logout monitoring 
  # 
  [Utmp]  
  SeverityLogin=notice
  SeverityLogout=notice 
  # multiple logins by same user 
  SeverityLoginMulti=err

4.1.2. Classes

Events of related type are grouped into classes. For each logging facility, it is possible to restrict logging to a subset of these classes (see Section 4.3>). The available classes are:

ClassSignificance
EVENTEvents to be reported (i.e. policy violations, login/logout).
STARTStartup/stop messages.
STAMPTimestamp (heartbeat) messages.
LOGKEYThe key to verify the signed log file.
ERRORError messages.
OTHEREverything else (e.g. informational messages).
AUDSystem calls (for debugging).

The aforementioned classes represent a new, simplified classification scheme since version 1.8.2. The previous scheme (listed below) will still work, and both can be mixed.

ClassSignificance
AUDSystem calls.
RUNNormal run messages (e.g. startup, exit, ...)
STAMPTimestamps and alike.
FILMessages related to file integrity checking.
TCPMessages from the client/server subsystem.
PANICFatal errors, leading to program termination.
ERRError messages (general).
ENETError messages (network).
EINPUTError messages (input, e.g. configuration file).

4.1.3. Error message customization

It is possible to customize the initial part (the header of messages via the MessageHeader="format" directive. Enclosing quotes are only required to protect leading/trailing space, and there is no need to escape quotes within the format string. The following placeholders are recognized:

%S

Severity of the message.

%T

Timestamp of the message.

%C

Class of the message.

%F

Source file where the message originates from.

%L

Line number (in the source file) where the message originates from.

%E

An error code that may provide additional information in case of internal errors.

In the configuration file, these can be set as follows:

[Misc]
#
# This is the default without XML
#
MessageHeader="%S %T "
#
# Default for XML-style messages.
# Note that quotes within the format strings are NOT escaped in any way.
#
# MessageHeader="<log sev="%S" tstamp="%T" "
PrevHomeNext
Support / Bugs / Problems Available logging facilities
MANUAL-2_3/miscellaneous.html0000775000175000017500000005416112234446603015507 0ustar rainerrainer Miscellaneous
The Samhain Host Integrity Monitoring System
PrevAppendix C. Configuration file syntax and optionsNext

C.14. Miscellaneous

Section heading:

[Misc]

Entries:

Daemon=boolean — Whether to become a daemon (default: no)

MessageHeader="%S %T " — Specify custom format for message header. The following placeholders are supported: %S for the message severity, %T for the timestamp, %C for the message class, %F for the source file, %L for the source line number, and %E for the status (might provide additional information in case of internal errors).

VersionString=string — Set version string to include in file signature database (along with hostname and date).

SetReverseLookup=boolean — If false, skip reverse lookups when connecting to a host known by name rather than IP address.

AvoidBlock=boolean — Run stat/lstat system calls in a subprocess to avoid that a flaky NFS mount blocks the process (defaults to off for the server, on for the client/standalone executable).

HideSetup=boolean — Don't log names of config/database files on startup.

SyslogFacility=LOG_xxx — Set syslog facility (default is LOG_AUTHPRIV).

SyslogMapStampTo=LOG_xxx — Set syslog priority for heartbeat messages (timestamps). Default is LOG_ERR.

MACType=HASH-TIGER/HMAC-TIGER — Set type of message authentication code (HMAC). Must be identical on client and server.

SetLoopTime=seconds — Interval between timestamp messages (60).

SetConsole=device — Set the console device (/dev/console).

SetReportFile=path — Set the path for file check reports (none). Can be an absolute path or 'none' to disable. Format is lines comprised of a timestamp string followed by number of seconds since the Epoch followed by six integers: bytes hashed, dirs checked, files checked, files reported, errors, files that should be but aren't directories.

SetReportGroup=group — Set the unix group (numeric or name, defaults to 0) for the file check reports.

SetSigtrapMaxDuration=microseconds — This directive allows to configure the timeout for handling the sigtrap signal in the antidebug code (enabled with the --enable-ptrace configure option) (500000, equal to 500ms). Set to a higher value if the antidebug handler is triggered under high load. Note that for security, you can set this value only once while the daemon runs.

MessageQueueActive=boolean — Use SysV IPC message queue (false).

PreludeMapToInfo=list of samhain severities — The severities that should be mapped to impact severity 'info' in prelude reports (default: none). This option is only available with libprelude 0.9.

PreludeMapToLow=list of samhain severities — The severities that should be mapped to impact severity 'low' in prelude reports (default: none). This option is only available with libprelude 0.9.

PreludeMapToMedium=list of samhain severities — The severities that should be mapped to impact severity 'medium' in prelude reports (default: none). This option is only available with libprelude 0.9.

PreludeMapToHigh=list of samhain severities — The severities that should be mapped to impact severity 'high' in prelude reports (default: none). This option is only available with libprelude 0.9.

PreludeProfile=profile — Set the profile (sensor name) for use with the Prelude IDS. This option is only available with libprelude 0.9. Default is 'samhain' (prelude 0.9) or 'Samhain' (prelude 0.8).

SetMailAddress=recepient — Add a recepient e-mail address.

SetMailAlias=listname:username@hostname — Add a list of recepient e-mail address.

SetAddrSeverity=severity — Defines a severity threshold for an individual recipient (list). Must be a subset of the global MailSeverity setting. Applies to the last defined recipient (list).

SetMailFilterAnd=list — Defines a list of strings all of which must match a message, otherwise it will not be mailed. Applies to the last defined recipient (list).

SetMailFilterOr=list — Defines a list of strings at least one of which must match a message, otherwise it will not be mailed. Applies to the last defined recipient (list).

SetMailFilterNot=list — Defines a list of strings none of which should match a message, otherwise it will not be mailed. Applies to the last defined recipient (list).

CloseAddress — Explicitely closes the definition of a recipient (list).

SetMailTime=seconds — Maximum time interval between mail messages (86400 sec).

SetMailNum=0 -- 16383 — Maximum number of pending mails on internal queue (10).

SetMailRelay=IP address — The mail relay (for offsite mail; default: none).

MailSubject=string — Custom format for the email subject (none).

SetMailSender=string — Sender for the 'From:' field.

SetMailPort=port number — Port number to use for SMTP (default: 25).

SamhainPath=path — The path of the process image.

SetBindAddress=IP address — The IP address (i.e. interface on multi-interface box) to use for outgoing connections (e.g. e-mail).

SetTimeServer=IP address — The time server. Note that the simple 'time' service (port 37/tcp) is used.

TrustedUser=username(,username,..). — List of additional trusted users.

SetLogfilePath=AUTO or /path — Path to log file (AUTO to tack hostname on compiled-in path).

SetLockfilePath=AUTO or /path— Path to lock file (AUTO to tack hostname on compiled-in path).

The following options are only relevant for standalone or client executables:

SetNiceLevel=-19..19 — Set scheduling priority during file check. — (see 'man nice').

SetIOLimit=bps — Set IO limits (kilobytes per second) for file check.

SetDropCache=boolean — Drop checksummed files from cache (unless they were cached before). Defaults to false for performance reasons.

SetFilecheckTime=seconds — Interval between file checks (600).

FileCheckScheduleOne=schedule— Crontab-like schedule for file checks.

UseRsrcCheck=boolean— Check the ..namedfork/rsrc file on Mac OS X (defaults to no since this mechanism is deprecated by Apple).

UseHardlinkCheck=boolean— Compare number of hardlinks to number of subdirectories for directories.

HardlinkOffset=N:/path — Exception (use multiple times for multiple exceptions). N is offset (actual - expected hardlinks) for /path.

AddOKChars=N1, N2, .. — List of acceptable characters (byte value(s)) for the check for weird filenames. Nn may be hex (leading '0x': 0xNN), octal (leading zero: 0NNN), or decimal. Use 'all' for all.

FilenamesAreUTF8=boolean — If set, samhain will check for invalid UTF-8 encoding and for filenames ending in invisible characters.

IgnoreAdded=path_regex — Ignore if this file/directory is added/created. The path_regex argument has to start with a forward slash and has to match the full path..

IgnoreMissing=path_regex — Ignore if this file/directory is missing/deleted. the path_regex argument has to start with a forward slash and has to match the full path.

IgnoreModified=path_regex — Ignore if this file/directory is modified (3.0.11+, useful for transient files that get modified during their lifetime). the path_regex argument has to start with a forward slash and has to match the full path.

LooseDirCheck=boolean — Ignore changes of directory inodes if nothing but size and timestamps have changed.

SkipChecksum=list of conditions — Skip checksumming if the list of condition holds true

FileType=definition — User-defined file type specification (to be used for the SkipChecksum=... command).

ReportOnlyOnce=boolean — Report only once on a modified file (yes).

ReportFullDetail=boolean — Report in full detail on modified files (no).

UseLocalTime=boolean — Report file timestamps in local time rather than GMT (no). Do not use this with Beltane.

ChecksumTest=none/init/update/check — The default action (default is none).

SetPrelinkPath=path — The path to the prelink binary (default is /usr/sbin/prelink).

SetPrelinkChecksum=checksum — The checksum of the prelink binary.

SetLogServer=IP address — The log server.

SetServerPort=port number — The port on the log server (defaults to the compiled-in port, which is 49777 unless redefined at compile time).

SetThrottle=milliseconds — An option to throttle the network throughput when downloading the database from the server. The allowed maximum of 1000 msec throttles to about 64 kB/sec, less is faster.

SetDatabasePath=AUTO or /path— Path to database (AUTO to tack hostname on compiled-in path).

DigestAlgo=TIGER192/SHA1/MD5/SHA256 — Use SHA1, MD5, or SHA2-256 instead of the TIGER checksum (default: TIGER192).

RedefReadOnly=+XXX or -XXX — Add or subtract test XXX from the ReadOnly policy.

RedefAttributes=+XXX or -XXX — Add or subtract test XXX from the Attributes policy.

RedefLogFiles=+XXX or -XXX — Add or subtract test XXX from the LogFiles policy.

RedefGrowingLogFiles=-XXX or ~XXX — Add or subtract test XXX from the GrowingLogFiles policy.

RedefIgnoreAll=+XXX or -XXX — Add or subtract test XXX from the IgnoreAll policy.

RedefIgnoreNone=+XXX or -XXX — Add or subtract test XXX from the IgnoreNone policy.

RedefUser0=+XXX or -XXX — Add or subtract test XXX from the User0 policy.

RedefUser1=+XXX or -XXX — Add or subtract test XXX from the User1 policy.

RedefUser2=+XXX or -XXX — Add or subtract test XXX from the User2 policy.

RedefUser3=+XXX or -XXX — Add or subtract test XXX from the User3 policy.

RedefUser4=+XXX or -XXX — Add or subtract test XXX from the User4 policy.

UseACLCheck=boolean — Check ACL policies for files.

UseSelinuxCheck=boolean — Check SELINUX attributes for files.

The following options are only relevant for the server:

SetUseSocket=boolean — If unset, do not open the command socket (server only). This socket allows to advise the server to transmit commands to clients as soon as they connect to the server next time.

SetSocketAllowUid=UID — Which user can connect to the command socket. The default is 0 (root).

SetSocketPassword=password — Password (max. 14 chars, no '@') for password-based authentication on the command socket (only if the OS does not support passing credentials via sockets).

SetChrootDir=path — If set, chroot to this directory (server only).

SetStripDomain=boolean — Whether to strip the domain from the client hostname when logging client messages (server only; default: yes).

SetClientFromAccept=boolean — If true, use client address as known to the communication layer. Else (default) use client name as claimed by the client, try to verify against the address known to the communication layer, and accept (with a warning message) even if this fails.

UseClientSeverity=boolean — If set to 'yes', don't assign a special severity (priority) to client messages.

UseClientClass=boolean — If set to 'yes', don't assign a special class to client messages.

SetServerPort=port number — The port that the server should use for listening (default is 49777).

SetServerInterface=IP address — The IP address (i.e. interface on multi-interface box) that the server should use for listening (default is all). Use INADDR_ANY to reset to all.

SeverityLookup=severity — Severity for name lookup errors when verifying (on the server side) that the socket peer matches the hostname claimed by the client. See the preceding option.

UseSeparateLogs=boolean — If true, messages from different clients will be logged to separate log files (the name of the client will be appended to the name of the main log file to construct the logfile name). Default: false.

SetClientTimeLimit=seconds — Maximum time limit until next client message (server-only). If no message is received from a client within that limit, the respective client will be reported as dead.

SetConnectionTimeout=seconds — Timeout after which a currently active connection to a client will be closed by the server (900 seconds). This timeout has the purpose to prevent bad clients from hogging server resources.

SetUDPActive=boolean — yule 1.2.8+: Listen on 514/udp (syslog). Default: false.

Remarks: (i) root and the effective user are always trusted. (ii) If no time server is given, the local host clock is used. (iii) If the path of the process image is given, the process image will be checksummed at startup and exit, and both checksums compared.

PrevHomeNext
DatabaseUpExternal
MANUAL-2_3/compilation-checks.html0000775000175000017500000000737312234446603016423 0ustar rainerrainer Optional modules to perform additional checks
The Samhain Host Integrity Monitoring System
PrevAppendix A. List of options for the ./configure scriptNext

A.2. Optional modules to perform additional checks

These are all client-only options, as the server does not perform any checks (if you want to run checks on the log server host, you need to run a client there as well).

--enable-login-watch

[CLIENT ONLY] Compile in the module to watch for login/logout events.

--enable-mounts-check

[CLIENT ONLY] Compile in the module to check for correct mount options.

--enable-userfiles

[CLIENT ONLY] Compile in the module to check for files in user home directories (i.e. with paths relative to $HOME for all users).

--enable-suidcheck

[CLIENT ONLY] Compile in the module to check file system for SUID/SGID binaries not in the database.

--with-kcheck=SYSTEM_MAP

[CLIENT ONLY] (Linux/FreeBSD/OpenBSD only) Compile in the module to check for runtime kernel modifications (e.g. clobbered kernel syscalls) to detect kernel-level rootkits. SYSTEM_MAP must be the path to the System.map file corresponding to the kernel.

PrevHomeNext
List of options for the ./configure scriptUpOpenPGP Signatures on Configuration/Database Files
MANUAL-2_3/the-configuration-file.html0000775000175000017500000003121712234446603017203 0ustar rainerrainer Configuration file syntax and options
The Samhain Host Integrity Monitoring System
PrevNext

Appendix C. Configuration file syntax and options

C.1. General

The configuration file for samhain is named samhainrc by default. Also by default, it is placed in /etc. (Name and location is configurable at compile time). The distribution package comes with a commented sample configuration file.

This section introduces the general structure of the configuration file. Details on individual entries in the configuration files are discussed in Section 5.4> (which files to monitor), Section 4.1> (what should be logged, which logging facilities should be used, and how these facilities are properly configured), and Section 5.11> (monitoring login/logout events).

The configuration file contains several sections, indicated by headings in square brackets (e.g. [Database]). Sections exist to group related directives and avoid eventual name clashes among options. Any particular section may occur multiple times.

Each section may hold zero or more key=value pairs. Keys are not case sensitive, and space around the '=' is allowed, as well as before the key and after the value. More specifically: the line is processed by splitting into key and value at the first '=', trimming whitespace from the beginning and end of both key and value, and converting the key to lowercase.

Blank lines and lines starting with '#' are comments. Everything before the first section and after an [EOF] is ignored. The [EOF] end-of-file marker is optional. The file thus looks like:

  # this is a comment       
  [Section heading]   
  key1=value     
  key2=value     
  
  [Another section]    
  key3=value     
  key4=value

For boolean values the following are equivalent (case-insensitive): True, Yes, or 1. Likewise, the following are equivalent (case-insensitive): False, No, or 0.

In lists, values can be separated by space, tabs, or commas.

TipTip
 

Each section may occur multiple times.

NoteNote
 

You can explicitely end the configuration file with an [EOF] (on a separate line), but this is not required, unless there is some junk beyond that may confuse the parser. A PGP signature does not qualify as 'junk' if samhain is compiled to verify the signature.

C.1.1. Shell expansion

As of version 2.5.3, it is possible to use shell expansion to define the value of an option. For any configuration file option written as Key = $( shell_command ), the string contained within the $() will be passed literally to the shell (by invoking /bin/sh -c shell_command), and the first line returned by the shell - after stripping the newline char - will replace the $(..). If there is no output within 120 seconds, samhain will ignore the configuration option (and report an error).

NoteNote
 

You cannot define just part of an option value this way. You need to write the shell expression such that it covers the whole option value (e.g. by including an 'echo -n foobar').

The PATH environment variable will be set to "/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb", the SHELL variable to "/bin/sh", the IFS variable to " \t\n", and the TZ variable will be copied from the startup environment. No other environment variables will be set.

In case you are unsure about the need for escaping: yes, the whole string will be passed as a single argument to the shell, like calling /bin/sh -c 'shell_command' from the shell, BUT since this is done from within a C program rather than from a shell, there are no single quotes surrounding the whole string.

In the following example, we parse the output of ifconfig to supply a list of all interfaces to the "PortCheckInterface" option.

#
# Lines broken for display purposes. Must be ONE line in config file!!!

# Linux/Solaris, FreeBSD, OpenBSD

$Linux:.*:.*
PortCheckInterface=$( /sbin/ifconfig | grep 'inet addr:' | 
    sed 's/.*r:\([0-9.]*\).*/\1 /' | tr -d '\n'; echo )
$end

# Solaris, FreeBSD, OpenBSD

$(SunOS|FreeBSD|OpenBSD):.*:.*
PortCheckInterface = $( /sbin/ifconfig -a| grep 'inet ' | 
    sed 's/.*t \([0-9.]*\) .*/\1 /' | tr -d '\n';echo )
$end

C.1.2. Conditionals

Conditional inclusion of entries for some host(s) is supported via any number of @if.. / @else / @fi directives. @if.., @else, and @fi must each be on separate lines. Configuration options in the @if.. (or the optional @else) branch will be read or ignored depending on the result of the test.

Supported tests are as follows:

hostname_matches

@if hostname_matches regex will succeed if the hostname matches the regular expression given.

system_matches

@if system_matches regex will succeed if the string sysname:release:machine — i.e. $(uname -s):$(uname -r):$uname - m) — matches the regular expression given.

file_exists

@if file_exists path will succeed if a file with the given absolute path exists. Wildcards/regular expression are not supported.

interface_exists

@if interface_exists address will succeed if a network interface with the given address exists.

command_succeeds

@if command_succeeds command will execute /bin/sh -c command and succeed if the exit status is zero. The PATH environment variable will be set to "/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb", the SHELL variable to "/bin/sh", the IFS variable to " \t\n", and the TZ variable will be copied from the startup environment. No other environment variables will be set.

You can negate a test by saying '@if not ..'. The 'not' may be replaced by a '!'. The following are all valid: '@if not file_exists /etc/motd', '@if !file_exists /etc/motd', and '@if ! file_exists /etc/motd'.

NoteNote on backward compatibility
 

For backward compatibility, instead of @if hostname_matches hostname you can also say @hostname.

Likewise, instead of @if system_matches sysname:release:machine you can also say $sysname:release:machine.

Also, the old method of negating by prepending a '!' to the '@' ('$') is still supported, as well as the use of '@end' ('$end') instead of '@fi'. 

  @if hostname_matches foobar                                   
  # only read if hostname is 'foobar'
  @else
  # read if hostname is NOT 'foobar'
  @fi
                                              
  @if not hostname_matches foobar                                 
  # not read if hostname is 'foobar'    
  @fi                                               

  @if system_matches Linux:2.6.24-21-generic:i686
  # only read if $(uname -s):$(uname -r):$(uname -m)
  #   matches Linux:2.6.24-21-generic:i686
  @fi

  @if !system_matches Linux:2.6.24-21-generic:i686         
  # not read if $(uname -s):$(uname -r):$(uname -m)
  #   matches Linux:2.6.24-21-generic:i686
  @fi
PrevHomeNext
yule Files to check
MANUAL-2_3/timing-file-checks.html0000775000175000017500000001420012234446601016272 0ustar rainerrainer Timing file checks
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.6. Timing file checks

In the Misc section of the configuration file, you can set the interval (in seconds) between succesive file checks:

SetFilecheckTime=value

Alternatively, you can specify a crontab-like schedule with:

FileCheckScheduleOne=schedule

The schedule follows the same rules as crontab(5) entries, with two noteable exceptions: (a) lists are not allowed, and (b) ranges of names (like Mon-Fri) are allowed. See man 5 crontab for details. You can specify a list of schedules, with separate FileCheckScheduleOne=… directives on separate lines.

NoteNote
 

If you need a list in your schedule, you can either use steps (like */2 for 'every two minutes/hours/...), or you can specify a list of schedules, with separate FileCheckScheduleOne=… directives on separate lines.

5.6.1. Using a second schedule

If you want to check some files rather often, while doing a more extensive check only sometimes, this is supported as follows:

  • Enclose all directories for the more extensive check in a %SCHEDULE_TWO ... !%SCHEDULE_TWO block like: 

      %SCHEDULE_TWO
  dir=/check/only/once/per/day
  !%SCHEDULE_TWO

  • Define an optional second schedule as follows (similar to FileCheckSchedule, you can specify a list of schedules):

    FileCheckScheduleTwo=schedule2

Rules:

  1. All files and directories will always be checked at FileCheckScheduleTwo.

  2. All single files (file=…) will always be checked at both FileCheckScheduleOne and FileCheckScheduleTwo (rationale: this is required to check for missing/added files in directories).

  3. All directories outside the %SCHEDULE_TWO block will be checked at both FileCheckScheduleOne and FileCheckScheduleTwo.

  4. All directories inside the %SCHEDULE_TWO block will be checked at FileCheckScheduleTwo only.

NoteMissing files
 

If you are using a second schedule, the full check for missing files will only be done at FileCheckScheduleTwo. For paths directly defined in the configuration, e.g. with file=..., samhain will detect immediately if the file is missing, if the path is checked at FileCheckScheduleOne.

PrevHomeNext
Excluding files and/or subdirectories (All except …)UpInitializing, updating, or checking
MANUAL-2_3/packing-the-executable.html0000775000175000017500000001027212234446602017147 0ustar rainerrainer Packing the executable
The Samhain Host Integrity Monitoring System
PrevChapter 9. Additional Features — StealthNext

9.2. Packing the executable

For even more stealthyness, it is possible to pack and encrypt the samhain executable. The packer is just moderately effective, but portable. Note that the encryption key of course must be present in the packed executable, thus this is no secure encryption, but rather is intended for obfuscation of the executable. There is a make target for packing the samhain executable:

make samhain.pk

On execution, samhain.pk will unpack into a temporary file and execute this, passing along all command line arguments. The temporary file is created in /tmp, if the sticky bit is set on this directory, and in /usr/bin otherwise. The filename is chosen at random, and the file is only opened if it does not exist already (otherwise a new random filename will be tried). The file permission is set to 700.

The directory entry for the unpacked executable will be deleted after executing it, but on systems with a /proc filesystem, the deleted entry may show up there. In particular, this is the case for Linux. You should be aware that this may raise suspicion.

On Linux, the /proc filesystem is used to call the unpacked executable without a race condition, by executing /proc/self/fd/NN, where NN is the file descriptor to which the unpacked executable has been written. On other systems, the filename of the unpacked executable must be used, which creates a race condition (the file may be modified between creation and execution).

The packed executable will not honour the SUID bit.

PrevHomeNext
Additional Features — StealthUpDeployment to remote hosts
MANUAL-2_3/database-fields.html0000775000175000017500000001356712234446603015661 0ustar rainerrainer List of database fields
The Samhain Host Integrity Monitoring System
PrevNext

Appendix D. List of database fields

The database may hold (i) internal message from yule, the log server, and (ii) client messages. The latter result in two rows: one for the client message, and one for the server message recording the arrival of the client message, the originating remote host, and the timestamp. The different message types can be recognized by the log_ref field (see below).

Many database fields record details of files (see man stat), before (_old) and after (_new) a detected modification. For some items, both numeric (iXXX) and string values are reported, because the translation between both is host-specific. This allows to perform updates of the file signature database(s) on the server side. Other fields are listed below. Basically, most of the fields supply additional information for log_msg if relevant.

D.1. General

log_index

Unique index of the message (primary key).

log_ref

Zero for internal server messages, NULL for messages received from a client, log_index(client_message) for server timestamp of client message.

log_host

The host where the message originates.

log_time

The timestamp of the message.

log_sev

The severity/priority of the message.

log_msg

The message itself.

log_hash

A checksum over the union of user-defineable fields.

entry_status

NEW for new entries. Used by the Beltane frontend to track the status of a message.

path

Path of a file (whenever a message refers to a file).

userid

UID of the current user if relevant (e.g. if access to a file fails).

grp

Name of a group (for messages reporting problems with a GID, e.g. no entry in /etc/group).

program

Name of the current process (startup message).

subroutine

Name of an internal subroutine (in messages reporting failure of a subroutine).

status

Exit status value of samhain.

hash

Checksum of configuration file (if gpg not used). Startup message.

path_data, hash_data

Path and checksum of data file (if gpg not used). Startup message.

key_uid, key_id

User ID and key id of GPG key used to sign the configuration file. Startup message.

key_uid_data

User ID of GPG key used to sign the data file (different keys for configuration and data file cause program abort). Startup failure message.

peer

Address of a connecting host.

obj

Generic field to hold additional information. Occasionally used.

interface

Name of a library routine/interface (error messages).

dir

Name of a directory, if relevant.

linked_path

In reports about dangling symlinks.

port

Port number (in reports about connections errors).

service

Logging facility or remote service (failure reports).

PrevHomeNext
Clients Modules
MANUAL-2_3/dnmalloc.html0000775000175000017500000001330212234446601014423 0ustar rainerrainer Remarks on the dnmalloc allocator
The Samhain Host Integrity Monitoring System
PrevChapter 3. General usage notesNext

3.10. Remarks on the dnmalloc allocator

As a proactive security measure, since version 2.4.5, samhain ships with dnmalloc (Dnmalloc Site), a safer allocator that isn't vulnerable by heap buffer overflows and/or double free errors. I.e. with dnmalloc, it's not possible to exploit such errors to run arbitrary code.

If you want to disable dnmalloc, you can do so at compile time with ./configure --disable-dnmalloc [more options].

NoteUnsupported operating systems
 

The dnmalloc allocator doesn't work on: OpenBSD (problems with pthread internals), Cygwin (also pthread internals), and 64bit FreeBSD. On 64bit AIX, you need to compile as a 32bit application, or to forego dnmalloc.

Speed and memory overhead of dnmalloc:

Speed

Dnmalloc is as fast, or sometimes faster than, the GNU libc allocator (which is based on ptmalloc).

Memory overhead

TipReserved memory
 

"Reserved momory" is the amount of memory that the operating system has reserved for an application, is backed by physical reasources (RAM or swap), and hence is not available for other applications. In other words, "reserved momory" is the actual resource usage of an application.

Because of deferred memory allocation, reserved memory can be less than what an application has asked for, since memory is only reseved when it is used.

The actual memory overhead of dnmalloc is in the range of 20 per cent or less.

On top of that, dnmalloc allocates a huge (128MB/256MB for 32bit/64bit systems) table on startup. This is basically a non-issue, since this table is only sparsely used, and hence contributes very little to the "reserved memory", i.e. the actual resource usage of dnmalloc.

Both 'top' and 'ps' include this table in the 'virtual size' (columns VIRT/VSZ in top/ps) of an application using dnmalloc, thus giving the incorrect impression that physical swap storage would be required to back this table, if it's not resident in RAM (columns RES/RSS in top/ps). In fact, since most parts of this table are never used, no physical storage (neither RAM nor swap) is ever reserved for them. Note that this is not true anymore if (on Linux) you've switched off overcommiting completely (echo 2 > /proc/sys/vm/overcommit_memory).

PrevHomeNext
Runtime options: command-line & configuration fileUpSupport / Bugs / Problems
MANUAL-2_3/performance-tuning.html0000775000175000017500000001213112234446602016435 0ustar rainerrainer Performance tuning
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.19. Performance tuning

File checking is basically I/O-limited, i.e. typically most of the time the application waits for data from the disk. Most of the application runtime is spent in the checksum algorithm, but as the application is I/O-limited, using a faster algorithm does not neccessarily result in any noticable speed improvement.

Logging can be very expensive, so you should avoid enabling many different logging facilities. You should also avoid low logging thresholds (info/debug) on production systems — it tends to drown real problems in the noise of purely informational messages, and reduces performance quite noticably.

Other things you can do are:

  • Build a static binary (use the --enable-static switch for configure). Static binaries are faster, and also more secure, because they cannot be subverted via libc.

    NoteNote
     

    Unfortunately this is not possible on Solaris. This is not a bug in samhain, but is because some functions in Solaris are only supplied by dynamic libraries.

  • Change the compiler switches to optimize more aggressively.

  • If on a commercial UNIX, check whether the native compiler produces faster code (you need an ANSI C compiler). The ./configure script honours CC (compiler) and CFLAGS environment variables.

On the other side, if you want to reduce the load caused by file checking, you can change the scheduling priority (see man nice), and/or limit the I/O: 

  [Misc]
  # low priority (positive argument means lower priority)
  SetNiceLevel=19 
  # kilobytes per second
  SetIOLimit=1000

If you want to avoid thrashing the file cache, you can tell samhain to drop checksummed files from the cache (unless they were already cached). For performance reasons, this defaults to 'false'. 

  [Misc]
  # drop checksummed files from cache
  SetDropCache = True

Similarly, for the SUID check, you can limit the files per seconds: 

  [SuidCheck]  
  # limit on files per seconds
  SuidCheckFps=250

PrevHomeNext
ModulesUpStoring the full content of a file (aka: WHAT has changed?)
MANUAL-2_3/processcheck.html0000775000175000017500000001462612234446602015321 0ustar rainerrainer Checking for hidden/fake/missing processes
The Samhain Host Integrity Monitoring System
PrevChapter 5. Configuring samhain, the host integrity monitorNext

5.14. Checking for hidden/fake/missing processes

To compile with support for this option, use the configure option

./configure --enable-process-check

This module enables samhain to check for processes that are:

(a) hidden from ps, i.e. running processes that are not listed by ps,

(b) fake, i.e. listed by ps although they don't exist, and

(c) missing, i.e. processes that are required to run (as specified by the user), but are actually not running.

The module works by searching the complete range of possible PIDs for processes, and comparing the list of processes thus found against the output of ps. Note that the range of possible PIDs is OS-specific, and in general must be configured by the user (except for Linux, where it is determined automatically).

NoteThreads
 

Threads (including kernel threads) may be detected as well; thus ps must be called with the proper argument such that threads are listed as well, otherwise they will be reported as hidden. On Linux, this is handled automatically by the code, for other operating systems, you can use the configuration option ProcessCheckPSArg=arg to set the argument to ps.

E.g. OpenBSD needs ProcessCheckPSArg=axk such that kernel threads are listed as well.

NoteOpenVZ
 

The OpenVZ virtualisation has one hidden process for each visible process (within the container). If you run samhain within an OpenVZ container, use ProcessCheckIsOpenVZ=true to automatically avoid false positives.

5.14.1. Example configuration

  [ProcessCheck]
  #
  # Activate (default is on)
  #
  ProcessCheckActive = yes

  # The severity of reports: debug/info/notice/warn/err/crit/alert
  # (default is crit)
  #
  SeverityProcessCheck = crit
 
  # The PID range (default is 0 to 32767)
  #
  ProcessCheckMinPID = 0
  ProcessCheckMaxPID = 32767

  # The interval (in seconds) for process checks (default is 300 sec)
  #
  ProcessCheckInterval = 300

  # Specify a process that is required to run. The argument
  # must be a POSIX regular expression that matches the
  # output of ps (samhain will check whether the PID in the
  # output of 'ps' actually runs). You can use this option 
  # multiple times. Note that each matching substring in a line
  # from the 'ps' output is considered a successful match.
  #
  ProcessCheckExists = syslogd

  # The 'configure' script determines automatically
  # the location of 'ps' as well as whether it is 
  # Posix or BSD style. Therefore, these options may
  # not be required. For 'ProcesscheckPSArg', note
  # that the first column must be the PID, except on
  # Linux, where the format 'PID SPID ...' is expected
  # (spid = thread id), as shown by 'ps -eT'
  #
  # ProcessCheckPSPath = /usr/bin/ps
  # ProcessCheckPSArg = -e
PrevHomeNext
Checking sensitive files owned by usersUpChecking for open ports
MANUAL-2_3/syslogdetails.html0000775000175000017500000001001312234446601015514 0ustar rainerrainer Syslog
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.11. Syslog

samhain will translate its own severities into syslog priorities as follows:

SeveritySyslog priority
debugLOG_DEBUG
infoLOG_INFO
noticeLOG_NOTICE
warnLOG_WARNING
markLOG_ERR
errLOG_ERR
critLOG_CRIT
alertLOG_ALERT

Messages larger than 959 chars will be split into several messages. By default, samhain will use the identity 'samhain', the syslog facility LOG_AUTHPRIV, and will log its PID (process identification number) in addition to the message.

The syslog facility can be modified via the directive SyslogFacility=command>LOG_xxx in the Misc section of the configuration file.

The syslog priority to be used for heartbeat messages (timestamps) can be selected with the directive SyslogMapStampTo=command>LOG_xxx in the Misc section of the configuration file. The default is LOG_ERR.

PrevHomeNext
Using samhain with nagiosUpSQL Database
MANUAL-2_3/configuration-email.html0000775000175000017500000003757712234446601016612 0ustar rainerrainer E-mail
The Samhain Host Integrity Monitoring System
PrevChapter 4. Configuration of logging facilitiesNext

4.4. E-mail

It is possible to define email recipients at compile-time, but it is also possible to define recipients, or aliases (lists of recipients) in the configuration file. Each recipient (list) definition starts with either:

SetMailAddress=recipient

or:

SetMailAlias=listname:addresslist

Filters and/or a threshold severity for the recipient (list) may follow. The definition of a recipient is ended (a) explicitely when terminated with the line CloseAddress, or (b) implicitely when another recipient (list) definition is started.

Items that can/must be configured are:

Recipients address

SetMailAddress=username@hostname

Each address must on a separate line in the configuration file.

TipTip
 

it is recommended to use numerical IP addresses instead of host names (to avoid DNS lookups).

Recipients address list

SetMailAlias=listname:addresslist

Define an alias for a list of (already defined) recipients. The format is listname ":" addresslist, where addresses in addresslist can be separated by comma, tab, or space. Logging threshold and filters (see below) can be set for a list as for an individual recipient, but will take effect only for email that is specifically targeted at the list (e.g. via a per-queue rule in the logfile monitoring module).

Logging threshold

SetAddrSeverity=severity

This defines a logging threshold severity for the last defined recipient (list). The syntax is the same as for MailSeverity.

NoteMailSeverity and SetAddrSeverity
 

The MailSeverity setting in the [Log] section defines an upper bound for all recipients. Messages not included by the MailSeverity setting will never be emailed.

NOT Filter

SetMailFilterNot=list_of_regexes

Defines a filtering condition for the last defined recipient (list). If there is no recipient (list) defined yet, it applies to the compiled-in recipients.

List items are POSIX regular expressions. As whitespace (blank or tab) is a valid separator in a list, strings with whitespace must be enclosed in single or double quotes. If a string begins with a double quote, enclose it in single quotes (and vice versa).

If used, then NONE of the regular expressions in list can occur in a message, otherwise it will not be sent by email.

AND Filter

SetMailFilterAnd=list

NoteOrder of evaluation
 

AND conditions are evaluated after all NOT conditions.

If used, then ALL strings in list must occur in a message, otherwise it will not be sent by email. The syntax is the same as for SetMailFilterNot.

OR Filter

SetMailFilterOr=list

NoteOrder of evaluation
 

OR conditions are evaluated after all AND conditions.

If used, then AT LEAST ONE of the strings in list must occur in a message, otherwise it will not be sent by email. The syntax is the same as for SetMailFilterNot.

Closing a recipient (list) definition

CloseAddress

This explicitely closes the definition of a recipient (list). However, this is optional syntactic sugar (i.e. not really required), since recipient (list) definitions are closed implicitely by the beginning of another recipient (list) definition (i.e. SetMailAddress or SetMailAlias).

Relay host / Mail exchanger

SetMailRelay=mail.some_domain.com

You may need this option because some sites don't allow outbound e-mail connections from any arbitrary host. If the recipient is offsite, and your site uses a mail relay host to route outbound e-mails, you need to specify the relay host.

Maximum interval

SetMailTime=86400

You may want to set a maximum interval between any two consecutive e-mails, to be sure that samhain is still 'alive'.

Maximum pending

SetMailNum=10

Messages can be queued to send several messages in one e-mail. You may want to set the the maximum number of messages to queue. (Note: messages of highest priority (alert) are always sent immediately. At most 128 messages can be queued.

Multiple recipients

MailSingle=yes/no

If there are multiple recipients, whether to send a single mail with the recipient list, or send multiple mails. If all recipients are on same domain, a single mail may suffice, otherwise it depends on whether the mail server supports forwarding (for security, most don't).

Subject line

MailSubject=string

Here, string may contain the placeholders %T, %H, %S, and/or %M that will get replaced by the time, hostname, message severity and message text, respectively. The default subject line is equivalent to "%T %H". This option may be useful if you want to send emails to an email-to-sms gateway.

Sender

SetMailSender=string

Here, string is the address that is inserted in the From: field. If a name without domain is given (i.e. without '@xyz.tld'), the FQDN of the local host will be added automatically.

SMTP port

SetMailPort=port_number

This option allows to specify a custom port for SMTP (the default is 25).

Example:

  [Misc]  
  #
  # Do not send messages about added files, and startup messages.
  # We have no recipient defined yet, thus this applies to
  # compiled-in recipients only (if there are any).
  #
  SetMailFilterNot = 'POLICY ADDED', START
  # 
  # E-mail recipient (offsite in this case). 
  # 
  SetMailAddress=username@host.some_domain.com
     SetMailFilterNot = LOGKEY
  CloseAddress
  # 
  # Need a relay host for outgoing mail. 
  # 
  SetMailRelay=relay.mydomain.com 
  #  
  # Number of pending mails. 
  # 
  SetMailNum=10 
  #  
  # Maximum time between e-mails. 
  # Want a message every day, just to be sure that the 
  # program still runs. 
  # 
  SetMailTime=86400
  #
  # Do not send messages about added files, and startup messages
  #
  SetMailFilterNot = 'POLICY ADDED', START
  #
  # To all recipients in a single mail. 
  MailSingle=yes

4.4.1. E-mail reports and their integrity

The subject line contains timestamp and local hostname, which are repeated in the message body. samhain uses its own built-in SMTP code rather than the system mailer, because in case of temporary connection failures, the system mailer (e.g. sendmail) would queue the message on disk, where it may become visible to unauthorized persons.

During temporary connection failures, messages are stored in memory. The maximum number of stored messages is 128. samhain will re-try to mail every hour for at most 48 hours. In conformance with RFC 821, samhain will keep the responsibility for the message delivery until the recipient's mail server has confirmed receipt of the e-mail (except that, as noted above, after 48 hours it will assume a permanent connection failure, i.e. e-mailing will be switched off).

The body of the mail may consist of several messages that were pending on the internal queue (see Section 4.2>), followed by a signature that is computed from the message and a key. The key is initialized with a random number, and for each e-mail iterated by a hash chain.

The initial key is revealed in the first email sent (obviously, you have to believe that this first e-mail is authentic). This initial key is not transmitted in cleartext, but encrypted with a one-time pad (Section 11.2>).

The signature is followed by a unique identification string. This is used to identify seperate audit trails (here, a trail is a sequence of e-mails from the same run of samhain), and to enumerate individual e-mails within a trail.

The mail thus looks like:

  -----BEGIN MESSAGE-----
  first message    
  second message    
  ... 
  -----BEGIN SIGNATURE-----
  signature 
  ID TRAIL_ID:hostname 
  -----END MESSAGE-----

TipIntegrity verification
 

To verify the integrity of an e-mail audit trail, a convenience function is provided:

samhain -M /mailbox/file/path

The mailbox file may contain multiple and/or overlapping audit trails from different runs of samhain and/or different clients (hosts).

WarningCAVEATS
 

Verification will fail, if the compiled-in key of the verifying executable is different from the one that generated the message(s) (see Section 11.2>).

If you use a pre-compiled executable from some binary distribution, be sure to read Section 11.2> carefully.

PrevHomeNext
Activating logging facilities and filtering messagesUpLog file
samhain-3.1.0/docs/samhain_german.pdf0000644000175000017500000034331010311115742014447 00000000000000%PDF-1.3 % 4 0 obj << /Type /Info /Producer (null) >> endobj 5 0 obj << /Length 543 /Filter /FlateDecode >> stream xϓ09g~'ױt[gP{@ Y 6ֿATNk %|?|Mc(VQcs)"B}tt1@(1V_+GlwSn(' X8&i7}.Z7o~|h#0Qp&E(hxF1%DVp%QSqnm u.ͧ1u`4zXiUm"}b=:W5P¼wzWh5ɓbӘ v*u_-g[Փ'va@/IitXQ$?1CvBYYAi٢qso˚- zˏDCUk8’*جoC{NWӕs^\nˮ:J}t}KC(ZCv4ftFTUtW^y;&31`,mzt)xֵ̌׌!JV}",'9+,emT殺E]䠵JwrpGAb&LVc30ĆE endstream endobj 6 0 obj <> stream xk#G͑0a0a̞sv</(7]Lhveq vOY + (a{A?hT?OW-ϛCQ]O}멧.=uNNәsu#ύg$4%uRG!`|7jo|)]ymg+.]~aeS)sa6l\yʶ.l4ڽހJ ?lC5[B[/Y~_7v^})Ԓh\S!JQK[HExEx`(cFX<h&ҏ ^N1H2~`|fS|۳/h`dVnDIYda1cV4 tB0d^#$a[%cnXbAT ##,JAUVJut<0hWyAUd^#h64+~?_KiRGXֵl6ppqY1ƽ\ #EH )̗l3v_M;FYȓҖ s8's}·42nWo4*qR[E4Z$9) }R&aٜy9M{S3g,/_66nZǍWI"S\Qpȸ(heK }Rd3(\NOPN[eXݘ;}:.9 z; BwH2̹ܿSVl*SH"#|LPc}׿xPF$$}$,Y)t!i[[ehrZ=Pkˮ$ldHRۣ^]Z:O[LL޶7W_=5ӬlI#T;3C\\X.-˓{Qg4fXh%@i,nsA@2C|Re_‡đ L"`+2gn )Y^,((Dž ,C.PV+>hq$ڽ JA#$]SEhKXjZЌfQq:#>#/֯g Y UI$H""t NDX:/#Q4fAYET1w'v &L4^ޙLÏ޾KmzGÁob%eё R6'}#5idbQ,UԾ@c!'~GVt43 lWV4EυSe^dY485mBF'.b)gcc PP%9S~ˑpڧ#l4$[ ,4Oo+Um| nm@nuc]0gϞL8Pլ!N,? vR>Xu3m ӏ# ;]V"AG2*FH&FM0p,#Ѩ;:T6ko?t'2d ߢAL06~Pq ofљ"q qjfdCw;@:66 @ 7 !|h<TC@g)>R8ѱ1!;>4_Xbn5Ʀ$yԀ[H&[ L#49ϱ ~\Uّ}ez6)'ۙF\;ˣ"]fcBw :C [ݗ72k+N43 'z-49ffpj Ay Iė/bl.{s7^uBI@b4~#v˟K_ߡ<ɀI)Qla 2 c"J]\HWSuE^Y/"XG:±?-F<%!03d\8WY ƒf1%H\js_:7|vMj'.X\z&<4?vF*(wkr:] 3dOw,ηs9sFvE2!C䳈|oZrpZ@>HɁ|#m{Q,:%K~Š*i'9a A2o5Q{ø]\\’gn_|(wƾ;ϩGF?1㋥יbOBkGq| Ԛ"`>dn~ n t+BɎ@aѮ5FaM%ȣ9"W5;CHE2P)Jl6|9}RJ5]wȺo y.Wxrt 5-7tnI21f/%g/ARLBGŹ!2 Ƞ&Ci씕ȟs{yef˜N4j3j9ޜ9VIHZaCL[lN#4+;Pm͗0  f0L_*&L3bUͪ!3+љ,9E81;ɃF[qFzGfmk;Z?3TYzX/1Zr) `:N6D{lx'G^F[, ,{P=iOw͈k:AR^*NXz>bۑ*E?>Ob)R_X9 h6_#-vJe,"F0pZwfgkʲ cͻͪ/|~;%D#aFG APt^faс] %>a|G7,IsཱྀHa3KCxƧA˵^|Wba"2F s%Mr5V)BsWvM&# ?¨` `R獩XˁvcxI&kz=O%y#$.0&5AfI<:c4-2&uL`=U$aИX ؋0,12O~ Zސ T0g`01/u9l Ig$v}"RN`IA*Rd$s"`MA' }=21M75lx"aYb&D bE$Ǫ&ClfBgdʂ`.,q}4<+¾PhE@Ec1NCei֮aodϸ`?[q%SnH5(ũQ ƎϢLF )G˓Y vCy0S}Mvf争)eKY1>X(Ǹ JK VHPpB{KLfcULS@ Scm &zDM^'cE`ҀB|d7$(ޕ;؎e/nvШGp'En(9(l(\$6l<#ؓZZ:Oa_-.=S,=S|Fa GIp>:hft"gXPVʙ_l.sYky!& w"djT}.| rlX.oE\(jʓO_PZ'6"N΅FO̲܊ %{rɾC_P.>Ut5ۜ r|H}(!v}ERW ’psGd LbȮ\/ٛz7jTPI;JITqqLhة5Lw0bd1Μ" {0) N.-eQSH|EB[1?)l="/|@(IMEj&N㎊*S OwsZ +>Tэ瓖bÎxc*@2rA.@Ø"9#&9YU4\h\7U ۢ 򅕋,a1_oYz4 UFiAceRs;9v0v7v4N5}=f,כ3Iu >& MY & !HE A"id^w"""4$0@͡wwWĬ^'Ywa!O@' Cv]/Ms'Hz b]xáWžzDP.crJ5kξww߿'" a I_>;s]pa0IhǺ&u{/;ZɏA qz>>ԜjԝSwNݩ;uGޅl AlC"[O5g(ILrۥp\VÛҽ 3KqʦQ\%dH"r͏J)dC1px?HF$%:%dO樔l)x2jx@EJGDl9T8M 2q":6Ξ Z^PGy:KyWuR^]!r0M(y }7 !}3 e38t#M 19{I7'ѹNBӅW/i}njvnw3z> B%l;S}@ɸ `a; ȅVkggpB,%7OO~^ڽ0:jNg'~PlPs$$'Om]ކ0 / endstream endobj 8 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 5 0 R >> endobj 9 0 obj << /Length 1203 /Filter /FlateDecode >> stream xXr6}Wўhc=vZnVj:m)@(Hw)"y[0^.u;ܼ=7'WLO~?%7/Wzʾy>y dEO\{S6^Kj]1W =`gi#?t%}^KwuwW=]ymگ%~hqp7[\_p;F}A*S*Vչ,j?k¦V sYt }ahqƶAm >S~Y,D[j'i09p8aؘ3;aD(l+U@¥W<D*8nB2LfT2+ xPY-畃rLb+3< 8maH5S?-!w6] =ȄAo4O;䯕jUb_,  q qFਧIhnűLРl{hJG"J@h:o\t#Cu"@%K!%{#d~2k]fIֶ)};)By)VWnӷ YPn>cka·@v[Z!{9l=|2!ՇY\jGܡO[HWb`4??5ٌ1OC4Ɛ~Xȅ<9iv-$tŶiDW΋Qq Vn(AŠ}K-jqSմmiR/ǾcfVJ <ֱ;PJ<9:?X/ Y9TgYN1Mf-uFN{[ٹ>&-E'sJ[BvX~ci.TqB,JgP.֍5޵DI>&ҳ/_$z0e*X+؉vrT,U#57pDa~xqȷ]Mr%G ɭۦ֣] Y(VGj4DL'L?84^$(I)CImˆdO5Rx?L>~G1XdxOG7;; 9EȾȏKË:U(u4~|6 endstream endobj 10 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 9 0 R /Annots 11 0 R >> endobj 11 0 obj [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R 30 0 R 32 0 R 34 0 R 36 0 R 38 0 R 40 0 R 42 0 R 44 0 R 46 0 R 48 0 R 50 0 R 52 0 R 54 0 R 56 0 R 58 0 R 60 0 R 62 0 R 64 0 R 66 0 R 68 0 R 70 0 R 72 0 R 74 0 R 76 0 R 78 0 R 80 0 R 82 0 R 84 0 R 86 0 R 88 0 R 90 0 R 92 0 R ] endobj 12 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 676.035 122.826 666.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 13 0 R /H /I >> endobj 14 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 660.225 343.916 650.225 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 15 0 R /H /I >> endobj 16 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 639.225 275.636 629.225 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 17 0 R /H /I >> endobj 18 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 623.415 142.866 613.415 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 19 0 R /H /I >> endobj 20 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 612.415 213.106 602.415 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 21 0 R /H /I >> endobj 22 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 601.415 154.526 591.415 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 23 0 R /H /I >> endobj 24 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 590.415 153.976 580.415 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 25 0 R /H /I >> endobj 26 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 569.415 195.586 559.415 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 27 0 R /H /I >> endobj 28 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 553.605 158.126 543.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 29 0 R /H /I >> endobj 30 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 542.605 233.956 532.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 31 0 R /H /I >> endobj 32 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 531.605 184.506 521.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 33 0 R /H /I >> endobj 34 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 520.605 216.996 510.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 35 0 R /H /I >> endobj 36 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 509.605 295.606 499.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 37 0 R /H /I >> endobj 38 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 498.605 237.556 488.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 40 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 487.605 253.956 477.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 41 0 R /H /I >> endobj 42 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 466.605 257.266 456.605 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 43 0 R /H /I >> endobj 44 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 450.795 227.016 440.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 45 0 R /H /I >> endobj 46 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 439.795 202.856 429.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 47 0 R /H /I >> endobj 48 0 obj << /Type /Annot /Subtype /Link /Rect [ 94.866 428.795 234.846 418.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 49 0 R /H /I >> endobj 50 0 obj << /Type /Annot /Subtype /Link /Rect [ 94.866 417.795 301.766 407.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 51 0 R /H /I >> endobj 52 0 obj << /Type /Annot /Subtype /Link /Rect [ 94.866 406.795 180.136 396.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 53 0 R /H /I >> endobj 54 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 395.795 244.516 385.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 55 0 R /H /I >> endobj 56 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 384.795 174.246 374.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 57 0 R /H /I >> endobj 58 0 obj << /Type /Annot /Subtype /Link /Rect [ 94.866 373.795 141.256 363.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 59 0 R /H /I >> endobj 60 0 obj << /Type /Annot /Subtype /Link /Rect [ 94.866 362.795 160.686 352.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 61 0 R /H /I >> endobj 62 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 341.795 380.296 331.795 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 63 0 R /H /I >> endobj 64 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 325.985 183.686 315.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 65 0 R /H /I >> endobj 66 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 314.985 170.076 304.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 67 0 R /H /I >> endobj 68 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 303.985 160.636 293.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 69 0 R /H /I >> endobj 70 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 292.985 218.106 282.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 71 0 R /H /I >> endobj 72 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 281.985 311.146 271.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 73 0 R /H /I >> endobj 74 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 270.985 153.136 260.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 75 0 R /H /I >> endobj 76 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 259.985 218.116 249.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 77 0 R /H /I >> endobj 78 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 248.985 188.406 238.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 79 0 R /H /I >> endobj 80 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 237.985 213.396 227.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 81 0 R /H /I >> endobj 82 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 216.985 233.906 206.985 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 83 0 R /H /I >> endobj 84 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 201.175 239.206 191.175 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 85 0 R /H /I >> endobj 86 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 190.175 197.846 180.175 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 87 0 R /H /I >> endobj 88 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 179.175 235.056 169.175 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 89 0 R /H /I >> endobj 90 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 168.175 327.536 158.175 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 91 0 R /H /I >> endobj 92 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 157.175 218.966 147.175 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 93 0 R /H /I >> endobj 94 0 obj << /Length 669 /Filter /FlateDecode >> stream xMS0:!$C $ز#S__:eNf2Fzʛ_HD*0<$@">D4CdqChG#**싰H]5!km2<|.mjS:qˍ8)7:*|OtU7:޸B 2ijAtyk!DWV6P=u;wen*[lP4 9uT緫|yy-Fm.iS=JwTד! #˧@jd:$s`UwGav$)jTWvt:Q:ܠhB :6޺0΍NSex4FX Jc7o 15G0 W>t}.qOiF+||J܁i7R(ya!%S I.  KM9{\g8> endobj 96 0 obj [ 97 0 R 99 0 R 101 0 R 103 0 R 105 0 R 107 0 R 109 0 R 111 0 R 113 0 R 115 0 R 117 0 R 119 0 R 121 0 R 123 0 R 125 0 R 127 0 R 129 0 R 131 0 R ] endobj 97 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 703.331 233.086 693.331 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 98 0 R /H /I >> endobj 99 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 687.521 292.556 677.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 101 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 676.521 208.956 666.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 102 0 R /H /I >> endobj 103 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 665.521 203.386 655.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 104 0 R /H /I >> endobj 105 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 654.521 277.276 644.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 106 0 R /H /I >> endobj 107 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 643.521 230.056 633.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 108 0 R /H /I >> endobj 109 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 622.521 234.776 612.521 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 110 0 R /H /I >> endobj 111 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 606.711 191.466 596.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 112 0 R /H /I >> endobj 113 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 595.711 179.776 585.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 114 0 R /H /I >> endobj 115 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 584.711 241.186 574.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 116 0 R /H /I >> endobj 117 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 573.711 213.966 563.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 118 0 R /H /I >> endobj 119 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 562.711 279.506 552.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 120 0 R /H /I >> endobj 121 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 551.711 198.946 541.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 122 0 R /H /I >> endobj 123 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 540.711 235.056 530.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 124 0 R /H /I >> endobj 125 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 529.711 261.716 519.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 126 0 R /H /I >> endobj 127 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 518.711 156.176 508.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 128 0 R /H /I >> endobj 129 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 507.711 165.356 497.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 130 0 R /H /I >> endobj 131 0 obj << /Type /Annot /Subtype /Link /Rect [ 82.866 496.711 131.206 486.711 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 132 0 R /H /I >> endobj 133 0 obj << /Length 2515 /Filter /FlateDecode >> stream xYYsF~ׯ]%øAVxcJP(v0wgn@`Szzf~=lowzzy௲֡S*|&ZU]^{x}R/ pYGtKJ.jK{|;)hY&>60QSi_ƨqFNŢ 1N~[ab{}=aE^c)SO{Dž\ixd㮜2?<nT[ Erʘ+bfJt 3JfԽ$;SO'#24 m:s.4I=J*=g=LCfg՝Oo6Ƈ^<\E~%c䭣U'Q®ي8 91A3y,QXtBJfMb%I(ؚ^^[_;s?YcIgl`5Ҹ@!@tw!P&*u xnp5^T*UNFOnIj"8cv7ؿ@ ד0A9QEڒgӨIஂhZ;OG1bUO'n*0XHo9rч/ /o7N7WpEpl1`Dk%8Q%51U ˚{[nTY5;B_3ұ$ X,mӊ4>KmTh&, )Ǟ*9ϺʐͦF]G@gվ.GvUٟ3DL%tcQP0n.hZĨ/p%ʾ5%jAUgա,P|)"Y@JM8ɒH:IKQ\<0P!Xq@U<.o>kBz(th+DxX9E$ v5,}-  _ Zиtݩ 8ʔXweu(6v|3}[S{8 `M v9JS_T$`yZo=Ww5&mGĚNLZJTWt`{'3uy6FԶТ(BB^y:՞i-sN_mBNb}e_l[:PKۈS8@f 5mO>REֵSm訠}*0P)D"cU#IZO6n^#a"%FU[y:}߈o׭`X=: _\̅LAjڟ'5>tswCWmؾ|{Ҁ@ڈB"OL5푘DnhD*Yv.i3vb c7clK> endobj 135 0 obj << /Length 2050 /Filter /FlateDecode >> stream xYms6_v:gyn:MXΥ׺ӁEH"UX?߂ "mvX!B1TkNe@Ix3h翕[ \XgQaF=vGm-|~z\j|Xk~r#Ϗuu*R؁\Ⱂj)&AA 䇥0MGPu2m󻙤*EUti0WkUk.ֱMkcd/_o5> b !Kd|ƏfG7=cTqK elq4k1~9k)KYq2nQd!sGXtFpJ;͆sWsCSBR$PZl6;|3ł熟\q5_%nl5[к ngԄ%7 BkJUPu&/lk 0-}w7Z#M.F BĠ)\`p4 =9 2KZ- =0h=WyÁNKذ<ƭh*117Ps,63/ԙB[=*5 endstream endobj 136 0 obj <> stream xc`&83iTD` endstream endobj 137 0 obj <> stream x{Gkg%ےzϟ?#_q+͕Rg7'_:t]w 63> endobj 139 0 obj [ 140 0 R 141 0 R 142 0 R 143 0 R 144 0 R 145 0 R ] endobj 140 0 obj << /Type /Annot /Subtype /Link /Rect [ 187.456 660.035 417.416 650.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A << /URI (http://www.la-samhna.de/samhain/samhain-current.tar.gz) /S /URI >> /H /I >> endobj 141 0 obj << /Type /Annot /Subtype /Link /Rect [ 338.9 628.035 468.05 618.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 45 0 R /H /I >> endobj 142 0 obj << /Type /Annot /Subtype /Link /Rect [ 513.998 628.035 545.648 618.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 98 0 R /H /I >> endobj 143 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 617.035 182.516 607.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 98 0 R /H /I >> endobj 144 0 obj << /Type /Annot /Subtype /Link /Rect [ 518.186 606.035 554.296 596.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 145 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 595.035 226.946 585.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 146 0 obj << /Length 2474 /Filter /FlateDecode >> stream xYY6~ׯ`M^E\LNMbgrڢDE9ߞE4 3wU ?4-^[wx" (M,< 8!~G^^GiaQQgdnlB" V0yWz]~y]-BzY*W*RX!t熵ǧ/޻`6 ӿFEVÞƞvJ.z-Ӏzyܗ7P퇲i&`S?Ϳ;^} UDބ?s.:}RR4 Ei7tH!b55oh;$q"灒pEϽ'k ء5;L0 vgK$O,zw]=!UP bUh .#hͮlQL hkEKc'//ׇ͛c[E9v]7KrM[ e7T͚CΨdRV6 .OZ"[y '#.5CAv(۪(?DQjA.SjGy<o˜$XIX$8Bs;g? ů3}hO9x:" LM3.Ǟxo[)+\4Xa^a˚"ה C1AHf$ZgjEeq-W"/2~X.l-n#B}q)(A,t Z1L0R ;4V<;ʸwyr0!E ‚"' 6:ww HV d˱hGA'n6e# 3gH 0My < z{S(W2LW8C o̠F4ggGǤ6P=\ve>q]vGgV 4XX18\uR#*CQRCw 5JUDŤE3оl3Jk;f'<  =^᣿'ۖAZ0yBsٍ8C_ۡhh%q&ɗ ݵ!UR׺b{f@5[UibQw VV4j%[y`aQqX(vI04㳙7~O;5k[L 0.~,rO!h> ;\,F]ve3_S9鳺ݐ RiO. o5qՅ!H;H'COU0ic[UU)/7<'zfE퐟ɔӓF>:_O}ŭ5WY ;6pop9TlYJGl!pbj0[_bf1A A戕| ekݩM>A!u0@__bQPs ;*"Xa[Zvo!E.Kű)s{L ӪU=BX?y(Ux "y+.'8o|â$цckg+ى"?UK ao THxת,2oD{2d]׊+տ!N;:jN;c\-cb̕ZƾIU |@xk'3t' ᄤ*o`bO}y` C7$.@:|mcG?zx}~GHb?Т%6WTd*om)AsE6gx5ٚ7]2~=uP7Z#tC>5XgZeFFMԡaf̮=[5l￷PUx`?ZW&!0I C$3ʯMQk.]N85f.e{2f(M W_TP۲ieUqfB+9id L8U̖CK+lZ&KEVpAE*'7Y2{Qih6BʛaT$;1qg& GLq,B..C(;LPͅ Txo e r xS)(CzGXP䝸A:=IaHDt`lfB!$^r&LM\aCŹ[MTv_`n5a3?{/1}iD?zoC4_s;'aX17> endobj 148 0 obj [ 149 0 R 150 0 R 151 0 R ] endobj 149 0 obj << /Type /Annot /Subtype /Link /Rect [ 221.356 386.667 389.656 376.667 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 43 0 R /H /I >> endobj 150 0 obj << /Type /Annot /Subtype /Link /Rect [ 393.816 364.667 465.746 354.667 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 63 0 R /H /I >> endobj 151 0 obj << /Type /Annot /Subtype /Link /Rect [ 90.866 353.667 298.326 343.667 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 63 0 R /H /I >> endobj 152 0 obj << /Length 2469 /Filter /FlateDecode >> stream xYYs~ׯ`Uځ}TZˊƣ8[GC桉ߞA!gǻ0Dj4?| <\\};4"p:.S'v2($P8?]o:3V0^_nXٵ]q~v&DI˜Ğ'! r*-+iF NG6-7i) xgb8&뺞syƖlԼF2}im\BC/ 4q:s<I܈]UWMZR^#xK{5O5+8Vۂ$sg0r wc.vL*󌕭PN.\qX4\.7嗪4!r^uჰnY eJRY/׌Eҏot4ڐ!أ` v;' Kġm-J8hACUni-,_Jy+{nyuFOK4Vک`U j6*}wNTu)X7H4Tk(gm!<:eiwF)j[B+4mv +.^@f M n$X*42T ]M+u#)L6.ŚsP \B@]rF)nf~vQA6e5 K`05in48.tTh8D-\ Ŭ#6:} "y%rK Sfju0L.Дb$zkIJNa& FCZp 7)@`мiFk4 죩R 7481-] x=+K^>b~ `R}ԭ>sPYh`)4-ϺZͤGD>vѼ|.!skz'Y|q,;L@pe,O7a(;2vCTH| }[eWτom+V>^˙@x$Gs"-!}3 Q{W~C؃"I_ihisXu yfGTF@QgI5̥<⁷cnSuH! 5%aԷ"HZ3s]DDevhげ9[S%o JIO7 C&.zˁp܋~j}Qu+qo :gL뒺CL3USt^ʚuCT_{ޫ? ;0#.dU+<$:5KM.~:]}]LaSi Ä,ԅR$r66]3 :@/% tx/,`H] uη \I0Y endstream endobj 153 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 152 0 R /Annots 154 0 R >> endobj 154 0 obj [ 155 0 R 156 0 R 157 0 R 158 0 R ] endobj 155 0 obj << /Type /Annot /Subtype /Link /Rect [ 316.056 503.063 365.766 493.063 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 156 0 obj << /Type /Annot /Subtype /Link /Rect [ 93.366 459.063 242.776 449.063 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 83 0 R /H /I >> endobj 157 0 obj << /Type /Annot /Subtype /Link /Rect [ 466.532 325.231 538.462 315.231 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 43 0 R /H /I >> endobj 158 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 314.231 164.736 304.231 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 43 0 R /H /I >> endobj 159 0 obj << /Length 2089 /Filter /FlateDecode >> stream xYKs6ϯ`^*D|f/Jn&[n*eрD|(|H)Ǡ!5c)%a.WW\'[ pB7"3{ܡujᤫ.j_D!CگbDZqiG1b:]$P;uhI08pu|zSWUu.3s/\LA=vg:po?%Ԅum =^˲urOzPV9'z-`Ľ \2H$TL3?IQQ2ш}+`DidգRZ4GQneVӒ؈2MԝZF '"6hZ#J`l& ?j7$X^:blE :ɐ=126BbM#v+n O7JXؕتF\Z@1 <</!MRaoN!E5"sWØ{3< wZsشIۦE{Tj4<|XDU911'.vJ.r)ca튤v.EW .(.8UsP,*d.GيbA΍hZY4>L&VA"ȟR g2ou},Ra$HoxPĘWwInb ֛7I4$7nh)#-]d!{N\9AH?\6Fy4{7U^E.Y<IƯS!uzd{[iQ41#2Be "bR [: DAICU4鲱NsTG[x9}z2 5/LG憮ED 8!qKurZ"K=^"^6I'!vηFJal 6ɗw3>|px9rl>NE(ί7o\@V#m:h9lgyR5|PS5I.bk +xeś۱Bq&>JULuxIJ( MߚԦ2czaZũChD1rPЗ5*nwSs`Zl}^CV(5|M0:-4*n<pw IG1/<H+>Εl< 6x:21^\?8&?pu˅)@8丣磈a<Vת|anգf﫺Hڛ3aҍGZ7@c$K^#]VL۾vH6/Ix[ꡯOre N=B7Gzy[4  g 2{7}ײAshE&y:\~i Ȓo7VWsBZO#,S_G'4AQ]߄G\Є;.DCS#Єz==xzz~S+=s3Y*+iYc A,%@yy{/C$'v 4Z=tZL >Lt("<B<>)<1O€v|h>KQF#'c1>M0> endobj 161 0 obj [ 162 0 R 163 0 R 164 0 R ] endobj 162 0 obj << /Type /Annot /Subtype /Link /Rect [ 169.136 601.471 318.546 591.471 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 83 0 R /H /I >> endobj 163 0 obj << /Type /Annot /Subtype /Link /Rect [ 252.186 323.807 408.276 313.807 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 41 0 R /H /I >> endobj 164 0 obj << /Type /Annot /Subtype /Link /Rect [ 252.186 157.975 408.276 147.975 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 41 0 R /H /I >> endobj 165 0 obj << /Length 1120 /Filter /FlateDecode >> stream xWKo6Wk/b$-XރlQ2IN%:חib4}f8/nV_x0ɪ\Z?J8c )H$&vAL8FTr}r.U7Ͱ=Yf ibFƘ#&Ȓ5!t#^lKYױԳ9y[]Ѭ >W\@PuB;C@zM8{Y0]ɍZj0_|6d?4N#><.z#g/ ?D3dRH\mmC'T=hT$45Q ɤ\|^ܬiha0E ɦۄOa8a5O!Q ^{ A(DfD M:w#Vx{( UV~Dǭ}ܫSX7'#ǣke.{1qJ>9o"bL|F)r)|SzP ?cJiy|lgdB<1LCpmvo6{y0b@p:?pN7|#32 8݄٦WbEkbΨyӾZZ*پR+ʽu1o8@a=Gi 2LQDwl;n5Xy&b^zեw#0Jv:7jl<,X ujlV@ր[#nb^0|KWv2ੱ! mSQ WoaUI^ce)= 4ȡjt@߇<^JyT{*?5RvM% v(ubS<9i+@ Wm4;"5Ά$9kL3Џw`%<#|-kcjif~4q#t0щlw[L1scc N5ΉSssr?b}4ŁOiO6cj?=)I endstream endobj 166 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 165 0 R /Annots 167 0 R >> endobj 167 0 obj [ 168 0 R 169 0 R ] endobj 168 0 obj << /Type /Annot /Subtype /Link /Rect [ 221.762 565.779 419.502 555.779 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 37 0 R /H /I >> endobj 169 0 obj << /Type /Annot /Subtype /Link /Rect [ 162.51 554.779 302.2 544.779 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 170 0 obj << /Length 2157 /Filter /FlateDecode >> stream xr6]_GgƢIg;}HjmINfe:IpA2v] H;u ^],7zrʵwȱ0ĵ7KZ{~=;thz5/Ssl\/P .(;{[ t5IٱHUWez@eZ4zqҲFgewvsd Hrw$_ݑ I("ӧ„77ݶ xSO/m4k+ۣh9jт )BOf98M |#^̥aUA2zNI#&¼"<7Cy5Uja<7?S_]^Ŷ#o >ّDd;!vҷ.ի2 莰4/3(!k۹@E #_FL*3I x3;N.Gf %ˏ`H %rzQ춧~Ų`3AE* di\ Z,I|rk?퇖Ed,RO|sbSʿ$;׷Nߤ43&2Q'틝ꆞPL:P̦j'}ʒ]0Xhc;> 5PR$N> [%nN<}=${-Y{HEڵϳMbHBH05!"!?)#x%UV(3m~y]ݴNx+uv4fY[i2efI4yvJďmwQ 4K]{nJh&$7h7 Aw_؎kyڃoOxdwww=M5+Do^.h^ѱj%Н2ېdKNN= Vu -^cЁ?- @XI):/=H6#Ѫnَ"ijw6 Ɂu Ԫ%l,R\4*Qs 0+@nq)rMڎ3mtKH GM\1kĠMUyD6mۋM[.x*?2B63+vF(#~'Po:'!׫ӯR,9=G0ƂL)cQlG@Zo<,^P%k1ٙ"九`E wkћіэSߌHd) G؉憶Ƀz؊Ď_ҽE~,ENхiuұ~X}(x!K+ |'!iǺ6 };hH@>.oYݯ^ 20 endstream endobj 171 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 170 0 R /Annots 172 0 R >> endobj 172 0 obj [ 173 0 R ] endobj 173 0 obj << /Type /Annot /Subtype /Link /Rect [ 358.266 515.063 430.756 505.063 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 83 0 R /H /I >> endobj 174 0 obj << /Length 1526 /Filter /FlateDecode >> stream xXKo8WCR fė(ȡA i[g$٦m"_#2i- s8~ǧM.&O|o= bq8FKo5crjvvEh*ȏޤkhT8=nUaχ#@/ػzǧXxU/yݯ?_w(r E3HeD󟉿 "!E "so64C@F^X`(A06dG\Gi;o_N?*X(M6dWk~f.`gc,Y"h8jϹJQ*]ew^ul BV8]A0P˸jP#}" M)~8Ξ qnXj֓mߟ|!#(b_'Ly> q)X˟ AGx<`Wtd( Nq7[ =B"HS|8jWj˕q. M]?_@ٮA;|Wskh/_3DN3puu&bu%n12LOnJ&k8cft\. OFlݱ`}{]U|RvDx^_+ϊeYi@\*Pp/4]SW ;e^"b3^|]idR[$el9-oǑjL>ͻBRGW3(z#wb>B@ߢaThN)" l{"Nxm`Z8CQ݄hWId*Fӱm!b?(r3 (=p>ӰUAT\]mƊe/Oף;L#JU"щ + \/6**lιKBB.(cesU{#ˆT Ss'sבnA_u!j3":.)ٛip>`Gм0h볗8 ð š:ryr̩M:,c >LxQNg[w|v TIbZuc`kb=DI8tPZ9ȟ˦e #&rWG0^d rqh$I^hc ڌ8e'fS_4A'Oa / endstream endobj 175 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 174 0 R >> endobj 176 0 obj << /Length 1471 /Filter /FlateDecode >> stream xXIs6Wpg&$ZNujɴVIPJR_ (Zo[?r6:"יFaDž?.<;y8.n?q>|@_!$JBq:?zko>|+biL-7X>T6Nԥf_E-i~I-1[ll߈#p]3QH QE2:=anr6rqqҵӜQ:rk6:zBaaf A>m&wFv&i"^SVI!(B"kݎX9Kd#dKjK"rB ֍@<3E2دc} Ψ~vi'e2) 0@^܁S.%t)Tȵ6Ue*t9Ωcl)m=ZQwDR94(:u@\:2qQh!X1(RYM_j'k"BEسSԲn>JiQٲ:-C"#}+kk簝HS|;{0.vNnL f72 9R< ]Ue ^fVſm=[Q M+1ߢBCnXԐ8w0%zg.#`z42``O*G^Ppk.BzDEq'essv.y%Hta,C>I]w3d} (!~ZP^]9R3wDw$/@CrZ-b| o@BWhKϓ?gS^c ŽZX &ra{a))*ojПJhKb=K!h`2isr=qPrX=:xS!,@A`p+sW[RUL/[]c:pNƧՏ'Xe0ju.0z IUp2%L;xϖ1k%$RFuZ? endstream endobj 177 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 176 0 R /Annots 178 0 R >> endobj 178 0 obj [ 179 0 R 180 0 R ] endobj 179 0 obj << /Type /Annot /Subtype /Link /Rect [ 432.426 692.331 496.576 682.331 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 180 0 obj << /Type /Annot /Subtype /Link /Rect [ 170.866 681.331 243.906 671.331 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 181 0 obj << /Length 1660 /Filter /FlateDecode >> stream xX[o6~ϯ@ÈRaKЦv]m@<6-sL$ߑ-YG0%st=={==u3I }G 8uLj'CdYvvݝ;JqQ~$ڈFt܈ϡ.lMWCq:̗1O\:r~eHlܹu?KH9N;ݍOo5TzAe<^JyxmJ#m2t= ?5_|q[7tv"sd.|r͌Kiv],jW&hT-*s$i6ţ2K[.^Z!vOT̻ZTǿo}Q=E}bZrx^x0_!`*3w1JGߙ+m^ i~RI]Ff[j 0=|Hzǁq=Hn9CXgz.zԣʖxiWTQX(Ø@(pBuA\۱ $4qPBN/Mǃr*Ы^4I'FI'q B0,ɝTlAØuncV:.3y,Δ٪6e%*jF2IZtHNw<=#? «r'>+]yߌ;%ef۽qQCma f 5'z7Ҏߦ:U ||'(tジt؊&fDc/v^ l:uq%I9Kޫ:-4`: +v-QԠ3Z.o]Fc ot>@u%Gj|AVshL2"כv3ZQuWȀfkF:o?4bAGR)1ojQ7oZ!Ah|[\%VkdдIL_h(gP{'/T/kzKKZ2(y: Oa6FԢF`c/$8G R{/Ũltۀ;Q6!-”(ŐufɵAxLYlv¨"<dC_Ő ?~$Cw = ~ϱcOMR4a@#X0]?l2X77KVPp$XCMX,|R:VO +eՋk#@%/Pib$/ 9EB[HGf-8 ^xc#7BC:u@7, jWx ϠC8q~;sPaHB(3^h7CO koI0S'Nʠe^-;mʜWf"EH҃uڑ-^H02"\ ưf'ٍTΤ3SԤ`|;f=t2oNV).\mm,߆ endstream endobj 182 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 181 0 R >> endobj 183 0 obj << /Length 2368 /Filter /FlateDecode >> stream xY[S~WW-BKN&N NChV;4H&_4-} U4.Nߤs;wovyіY$׬#}E "L<]G E+o3i&~,:BWёf~&v|O2%nrN[ѮPd{^KnxÞ Cшۢ)>m])@CikgѦQ_x&Ք%4Veύ,+ȲKw7 >(`0ŋ>P.CGgN}E lEтAٮ %[AYhV 6aH+pQQTj#Gu:;7 BK౻DJY>+;SK2Og%I`τv }m/*◂5eMвF*m^b⚵%{٠ˁQU̷:s7+F'r#]L= H1/ uM, D^͢}~HklC MْFfQuri%2?iQHԖamUjCx|,݃C}ڄLM!v-mi猊3ehDa [s0Ñ A,]=n,yޖc"ԇ0A] |([Rx)L`2$8NU aU0$lXV33ZX367&{չ㉣ׂ[VUVM y(^x8%G{/rfGn<`8*8.A!K;ׂle!זԡmXIg  ]5NXP9c Eוj2Pt/+ L1yޒܥFBQ D(V@EKUCB%,bXK .L46Bn,"Z]ꕬ5!m&06o7Dj[Bj1RHz:g1b)͈Mjv4ItxԄ>Т;lx4|Qu-75mA!jjVߙWc/J Ʀ,ܱǁ~-Xq" 5>,Sx{|8Ь|ILjgk9.-emYj寬:K,1;2o6Q01[Ax] oIV9,P2DvX:2XSh"އ>6)wҡ#m-X ,ܶϭj%[˕=fcYQXy/hf' / i BU_%|/wd߮8O<;x  KB~j Zs݇۷nE#P& (uZN$(\KU5Ob?ei 3@Q")^37Z Xpu9-G5%8i/a^:Xc'{*<$*6\J'B6K0xHs&ʡ̳3(; _vީke)STe|Gu0Zj,$AA&iYE6KS{_A*iRl(VNÕ⬞ Y{ϸSM"煢1 J fT !x%} A(o u9D 8͢М|r^N!Uh)!KCveU+7g}=2C19XhHzh" |A0, No,hLv<Q  h':Msӡ`\ޣAt,`hMiýFnv/)Kޅ{ڋ0+l@3vP|.~04Ә(4hrФ ?h؊]F>rO2k3s0`3&kpZ&9^{ێ :Z' UBipEuuw963'eA<4'M\'\-fySFtre#=o\LFHȎٹ }h揆 y2I擁z30@^ < d endstream endobj 184 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 183 0 R >> endobj 185 0 obj << /Length 1786 /Filter /FlateDecode >> stream xYKs6WpCēdgrH&6M`@\>4 $@ZLbavWyqy߳0"A(8` hQ2؞y{m^[k_D&'Z~i5' R\>hU Kݍ]lYNIp'?{ِɩiqkRۜ;Ak&("2/a|R$NQ`Xݯ-dX0!v$3 x _ݧM# ! )Wtq?OfN΄LNy(;|T}30$@r&kvtrW0{n[blJ.هBڧ0)zc}8w`G0ܹ5')[261JKkG#/P65e_`٫SY}nq'D sxwJojm*w3a /ZA%;eYm2m:IPB-7Z]R0̴);[)Ufin+܊F@U]]*ӥY6w.̠iMwV0 w:tUڙFrٻק 9l<ɠSTn{vS7/ 'Qe2"`} 3ݦ7-|;s2‘`3g@љyU@׽*5|jxZF&t$dz^\rwTh{iC1<[5t볭;ۥZt.4|2Zu%Xeo?*5O_A* O> endobj 187 0 obj << /Length 2698 /Filter /FlateDecode >> stream x[W<_sG-߻{(|>-m~n8 =>3͌FH]"׹bs\9(\/o˖/&i8*ihv $C1m[?7#5ܐ))wYo'j56+2KJ;ٖRW[n|?fY'qo1 C'#u]o(m[D 2W.FiIᜒFCNsb@yvCi/Q{[ oH mS,6q<m=mK UV5MH#fwΦlDVsEjpPXzN,65knpvSks~rk͚\{f$awXgҘi($XP5xu}r5-;DBIx u vţ΍4!Ʃ( m P~9hdl0i |a{=c=PZ|'\ԟs0 trN"idi}bkA-Zz(:úY,o[~+S8[Ԍ/S( ۬>'14џP[^hڂxh j&RjbEMFX$EdKCb~%v!R!6vxRcV8RgٓL)1+Ѐ cUCtn MWdU95Qw٢PU_},vaRz `2&;-NL7؝0(<8PZ̃)D ZbdVjE\R`ѵ[9`kI`2@WkAehc]n|G~d9YeV:]ݷSFk-M *VK7!z:?ſvP<࠮jYQ8^!溫R"x,WˇWA"7UHuW. 2~ P(3PJ9gut'<)/R2eKHP0SK$k* zJx#Qi5D(LXO,w&妩5ˈjUɮ"VN'U|Y'd7̍C%ң?˗/BOu Ų]}H\ׅ1@o jZ(yCN Q -ӄs; 5)ԯY^h F)lk~jNҸ{ VX/5{ ?K"c:覢0;}3V{f;_+~0jV+Yͅ~P$1?-h)S^xuiڷlڷu@(ϯmJȓ'wR# ZY":tyČ XlORL-j &z$ίOXmrɘ􋚹+$7oaX+NJl%]VۘcRˇnUd9/]M7keo ɘLq'PFQ@2IOfoi+EWRəzpAT4z"tʀS/n0x:pgC [)GwH[.w fW #rTU [JmlAhQ mW|K{X|-EC{Kt*//π|f$!@ |ę{ڠv5eԌ ! n,Z$W7]#c^=lDS_ߚR*,* q$}aip+Fl$ dlϣ(qEX Xn$cEcgXv@o4׸$Y~Q?5-gfVScD䔀ȗVO <땐\NFk" r@A< )F1*%~fnіLjdf#-~ۮZr)lp-yȋ C$^[ t|^%!)%`T%w?F B8O !u{~9GkZ]'NugEU)$(DZ^4XyW{:p$~"%/p }j !5LB7Ow7C,I<ڐpD.`p{)L6B$#©NjB3лaz)=4S> 4fY;K=.TiOhE5K2z(vSFp,|<47{{%`) bKf-{6a/q1{(FcBXGQC`eᜭ04p ۺ*Fq0 _7x䪥QcG؍g"]OJO` X]%N(s;<]bRz q'H&(Vj^4}^>(tB zQa ^=9WJўy@`cXY"| H9{ TZop/ endstream endobj 188 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 187 0 R >> endobj 189 0 obj << /Length 1142 /Filter /FlateDecode >> stream xWn6}W( 8%^aI-]]qPm蔒_ߡ.& о F7>b{|b/QĘ}I= (3 y5Qëd&RvXg k8 9_mحu^2d*zoMa2=[Y҇.T,skٸ,M~sߗKMQNt.p߭ōn9NuaP`2S]*ϥ\Mlix> zzz1"ӈO+1C7M&8?۰?,g'! b$+[Ev&I7zr-姵*Js2M48 eqc));>^;8Mr1nNMź'g QtliHH3a'uu$Ƶdkj㔘-`dTBG$f_-Umv-vRb!gtt0 Zk1uԈH`〠G |0)u:EDU"θ S^QA0p"Tҽ7>n> endobj 191 0 obj << /Length 2471 /Filter /FlateDecode >> stream xYYsF~ׯࣜмqJ:[RIz=xhyh6A_lIjڬhr#۱ng]+v$hk7nK蕵B&XgY^e4h9m4osϾW߭Ar!)A؞#%)u^Ҽh:kHY9}[s%?hiW͚A6RMUxƏD3#T##5*|tFSF1 =CsSaI?ԈhASo5qd/svLǗ;&4Gi5ۜ6O-%=4 a/{ZRH }4ty}uE xA,[@a)Wf .sy~v5hJsU≭Go K/FWC*a5} i AZ,@nҀ==T2nrlHcs&U4 Wnc؇'B5ր#y;,3Wq ږlL< sv0#sge55nh oY-Fu];v,x[Ə@X[_ޜ9rw}[C6O)rfjtY/bܑo6<.+a,z'39Q_La! ٰpV۔tcq4!b3%YXpgXtWV.\[ᩦ "̚NVmIur%vB"U$'fs73q2Kb%1r@OZt "Ib3cfC?@r擼\Nn":X#l@^u`uw9DT4[ĉ. rǐXN5L.51(57cCEA^mH:˷ x;k![UGZ#Z{C.A?,0:>=aR=7on Bώ=_Vn;-q97E[>A+?H8Q v</=g0%h` v$Qc%yM xu0]k{Co Yiͱ^r}x:K/v~/ZtUX7wo[~ pD RX`o5T-SY)vEDMYYk>Q1#Po =EO'IQ!h|w$UJdMP7γ^qFX(~}p { O=B|׷R탨J+ E`5d-!/\ %QPqKl5qdÌH8 MD, :>xqA[rT16."ml^j`<\Jv I!yA3w1&5<>Ph{:ׇ3/ITY=gA+9ޒ3dg!G.'NbKƖv GV>jMMC @N2R.Ϫ c{-rΖ>"H4"C O3Rb8Z'6dlVqF qƖ6NM'2 N۳%×.`;/dE+^,>rTŅeqhB"~0$kjN4t[*]Htmp {z1xge(HJv1AURj]h!a\ż$7A0즿Hp)y3z92N0sE6˱xd嗄cID$ xXag+{^Kh^Mk,6WFtU E@6v!yBPy,h ?Ăt~g(! qD^B nOm1@! 6`E QL"sX%ϴ;r{} RB c]% endstream endobj 192 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 191 0 R /Annots 193 0 R >> endobj 193 0 obj [ 194 0 R ] endobj 194 0 obj << /Type /Annot /Subtype /Link /Rect [ 122.756 330.063 243.856 320.063 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 93 0 R /H /I >> endobj 195 0 obj << /Length 2624 /Filter /FlateDecode >> stream xYmo8_!P=$"JZ-u&;5B)[$oHQ"HޠÙ<7'۱nڝ ˁ/|lYlAMn}zWqJ-PؕO M\&7WgTXM~ut誗=mf&cq;ũֳ.)MoS^ʰ`YygWpM]YmM_>6u2S9pz En`ʡhLmx|n8MyS$`qSMƇĘm ܝ]ꋹz]cLTż`2bo dz;}v6MY$,I/G lo,%͐s.,ܞA& BkSûI,S^bd1_k"Llf;-<6ښ-2_Mim\k-dXfKi8zn ;//O q!0WvC0W;7 2ZΙZIHfOD;}a0L4*屢>:< 6:y^; DLAMz=@ a~yhN"NwE(*p&ƥM^CVPoE`c68'W:Fu=)[ B@!&񌢵ɒA <#bPkk5U*PًZ1iK VZL_QYA床TTuT Mǣu3" 5pvYNG( B3ޗy~(;3S_}zxfI,^%e6h$[ݜۑz ՐM'r ˓_N7 |YCj0+Th=')փu݊d/-p5*nZ0xugc7 \_vYqzaYv#[1 vO5츌2tKF 'cK7 0 KTÒۗW!&8/) 8s]zc< &T Z,R>4q[H?hql+vd }cڷFs% czVSI@S7<>8GVѿydhJj>>-5-uKl%td<$eY\z *(&lVݲۏ3ARA@zP>%|(ԅxB0VbkShblJƺ؁RX')e1%UzxZjx÷ Dyp 7$G?́loe,&3˃?|i?+0;'̓9T,rWy{%fNQmdGQmF*׮HJk(B;vd.YRCX|eWQORJX`{ hdQE;pR8լ8oO¢#0:ԧHy::ŵMuU{q?<5FW)ޢN}H댻}j(Ycoӫwx{2XVEtZщnF˪4R\Ɏ3QmM?mG 6-g Zn =|;ռu%p 1~m%c +[z>G?}Y7qm.-!^{ Hau'7cݦlCwfs.Ih $x)Aef(NJJ$hmxPaGF~ZAɃ>)l&];u[/gYmh.lk"E1#&|һp쵅X7ɛz*Il}qI#6cB&fWhaLc䆐o3lQJn#7'|/y<ͺ'5AV@ Z67eBKG ȇ_&!c?߶CT¥"VEkY( &s \G2tfc A-DĿ`KFAtBQ0r# % ` ArB_y D.nkB.YH@D^[,9%]`z`B)4Z_%`'bbi{m^,ZEb"\EdCİb%` #E,F<}VN_j܋!H!o"㫋`Hːoyn``OD<˅<ԽIW7 ڛOaWzJ<uLVHݧؘqFurmFĻR<ΒD :'BJ endstream endobj 196 0 obj <> stream xKθueM73<_y]Mm㒒&O[Y{܂[z>ji_˞lz;-Mw Out:Wxeo,X'76qr>TD޾]~fedu@YzAw}of`8p\ 6o|D=˛Y3o:;_56~-_Bd [SuuuYO>sfJ @2O&M9ŋEK>]kLᔋn endstream endobj 197 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 195 0 R /Annots 198 0 R >> endobj 198 0 obj [ 199 0 R ] endobj 199 0 obj << /Type /Annot /Subtype /Link /Rect [ 297.436 549.359 426.036 539.359 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A << /URI (http://srp.stanford.edu/) /S /URI >> /H /I >> endobj 200 0 obj << /Length 1976 /Filter /FlateDecode >> stream xX[w6~ׯ# I&M+{v<D"CZuN4`.fvq*|vb=q/YYs>^һJ,b}y}n;en'?gOn>FK$PV"+r{Q-R#YHDNe8N-;'bTzv- Y@7NxwMoa=S/8Xa7f(!o%OԨS<%zbB RXQ*;\(ufBe]1L[VŗUJ'"ۢB4֗d~[F{u@e7/o.RCF 87 2imJx7ůu.IDz"^)P\Asv,3xLqQh{l`]2rI{Fs p@֘n?RJE=UU wPNtt:1#ێkGd:F=HfD˻V')ZF9e\G?i;Y@gH!Wyٮ/XpΤLP5AOqӛɺyԙJҒE T#7YP9 %jƸ D4-8X|HqhG >0X0Pk™7 4|ÈoJv#}J<"Ɓ>'[?~751jV^ly1B'/C#VBGJLuh}&+0J!Oů}Wgp$S%Fc#,mǶ}}}PA$;Wt sI Ӻ?Wa x%p}Awq0ŧF (J8+l,?hHXFV^?ӯu5zi2[?f7=6>.w? 0l9 Y endstream endobj 201 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 200 0 R /Annots 202 0 R >> endobj 202 0 obj [ 203 0 R ] endobj 203 0 obj << /Type /Annot /Subtype /Link /Rect [ 73.458 437.387 153.458 427.387 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 47 0 R /H /I >> endobj 204 0 obj << /Length 2800 /Filter /FlateDecode >> stream xrF]_)TE[J@rHa' 0=C@Dz 1GO݃24H`6vgİmEA`1b׹q0߆?ҴEE'ۆD$') ~6wv~h+vZ")U;`J\[l$ئJ, O$7=NX+H; ٖcßèvư0]ˎ|$ 6?^`ES u#m\7V>hOz#`ks)cPUIVXwj"$`MP`{\#KLu)iYr.Qޤl|Սy aFZ|cVSYح(zǮdQ6<5 v`6;̉{ORR؝vĜ8if-`'Dq*$C}{d|iڱ PZN:SP4?n}F ̝ٛ|W웟x;NӁm /~"FnfuF,ߛ^'G@HWNu M:eg5ͰCIRwէ*-vǃ'{xOŽmkĞvo_/f֮hٱ]V'Er#mb9ms 悴ÃEkǐyv01M8tY>,AdEvȪ,gű6v"vn4ZE]ożSmUyR<w=<vZѨ8zjc5昐-g\L@lv&m;SY7ksH2N|]zk!ahR&N)WXtȒG$0 Flѥ\"(KCBY"bqr?1.DD*2?Rk ,dR.w}wDlGe5[dJ="״ٛw/!IǎNS2 HdA%)%D.Z%Mծx Z+C'dA4UIq'r2D*F?у(O-RuD9UEͽ }9#d-dSsQ* =?ZA_p ˂?,eD9-\|xOb|ǹRy^oj\rW%0 " Zy.U~R|a5zz%+e!vx(zvEZ:P zH9]^nzL{(iYMNҎ^!(dBkk$RFg^gP=举kqcO֤;$$pj44`#Z 2E%$rQVZءS ` LMdi-~(x%&n 8>wsQF nqdcnjhЀN#=o$gںb&s'DIK?rp;P[OA_o *e~hμw` wfBt~Ql鴻Oqgv$A)ɒZ7p,?pX{A`JEُghG"kv=b8BEpn%8YZ=9̤&,OV&2Sps[ڃŸ)!#ST< 2K2 g#rt+1Ҿtå?Ak[/qŕ7wB998Gꑴo|XB JBr "h<&ICCKYFFEKHࠤI֠Z6 妭Y'*'e^x-zx[ H2%r]υt./]BuɊxaDE^:G>ȏ-2?_2}ctbq=8jͼ#a#"-mHV5,3$o W_M^AJ,|JvtT@Im-Q&:huK"kDrt(CvBKĨo쨒iTkpKPN2msl%^z0ˢ\g/OcP=^jھ|4)٧7U_yRlJ 0,b%'X ,ڼڵ /U5Pnvz5ǃ|ֶϓ]jWDDzj.C˨W"\n*l,ΌV]lpea-oQN#I+q4;J5nJT3OUi<ۺ4>; NntMY^*WMq$$eu!A2䁺!)摶>iq`E!މ!$oŸ"&?GWR3z M46 FцJYϤY%prZ^z#q;P=A'83==fշv<=]J $+I6YèUZk\=&S߀?**؞»C"#suu~6{;UN5c7/u}UKm(}>!0sǷ.#>ζXp,Dt endstream endobj 205 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 204 0 R >> endobj 206 0 obj << /Length 2348 /Filter /FlateDecode >> stream xYYs~ׯCDqIA)vծR0gI b=8=!U&2=i5칉z#ѶMX>_H~:pᰊ~;X#hշʜvrMKY Z!nhbN\?4nj:g`zM4f/^s*zra9Xܖ4aH;'VK}/H,) }&V:9eHe󜭴ºv4A29Ў4KiyӑNsfzv4qt5[вo֬U.8h\j F7KbzRFpҵi.H[!+h ۩f-{MC+ ^ěۮ]5tٗuS݄Q5%%a3 lW9C={GG ՈewnR9uS8HQ<ސ4;җn΄WX/}]/ x$UՋKu97ڦ)oUfU8p":D&zT/fq$aٳeZ_='ϴyA__[|w A`Cd0 dƛ[ <}~>O9}MC 󨷔}}KSH! (c7Ւl^`VT-ؼ"ȿ GG"閷%mYStFnVG-X-Nt،4#[XiKԎhr.z$EK'#F0M`c/M>a!i ,vSn1^ܺ؉] x)Dr`3m?Є0 cM4NCjo UGÑ}S l`7Kw; z Y L'p bOx0F]YIqM!?,EZN\!(˲tV!P"_g*^YJ.| 1xly |#!ǒ3pcHRO}SZdz̅Q;Ju0K|R1.Æ  ׅ7LA:R06-uw]L5(!mWĀY_Qa4OL%L`z5~>"/fgk >!P|?(3.(rH02(A8|gt̸PbRNv BޑZHb]T6 oaQxMJWy~}# ce"еv!>x\ѫM.!UކPS t;-={~$Ka Hʶ[+8գ?i?6$saZ Q0 8Z$+M#`xW8H 0Ժ&@q^5PICMdyuPYtA?P&HP0TM/@du}uuh:泋ѲhZ]07 Lgب .yS5c "MF[Adrszm-ǜ /TI ˞TARpf/S4MUă/ E\s@鍂75vfX#`(kIL )ɺ1z&Tdlv } -hh~ '3_7*]UHqqh_wb}]/W~ nKNdPFi$\)V'W*/p<3uѳYO U*?1 5JՅt)QM20n\ >yՍ7VJN+0^? Kd8cICɐwhmGF^! Vckr!s5 XʯR2<3'C7.I`'W! 8 lKbP2Ī7'9IW.b=?t|$ʜdǓY(pSϿbd8 (Y -偀u-Xyvg |<(^\Q׆LO;Ђ&M endstream endobj 207 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 206 0 R >> endobj 208 0 obj << /Length 2110 /Filter /FlateDecode >> stream xYms_9ߌ#^tM{%g'7ɈI)_ EtZK>]&!N{sHD'{zJT[b̚]S毝yz=4cdrFJā1Cuc ({U-jH R2kƪ}GNMʼErUV4fEe+WmcQL"%krU}"1M`FfRҋם,W@N/pd, 6 Jy[pj.;|@Йy֕ٞ@fA@92Y頢$2QVNhͷBV͖V9VNvsF]M0Hr_G0 & sbM/$󇵼WA aoMwsp6\_'CBFh}jY>VFt}r#r[﷎h']O'W^iݔނ s/Tٿg1 /ALS:H`||;yz|' 0Uk } "-Od(F`&ɓL'|ڏ!-31ENUe)„ai,-+[bk4akZ.)~ѡVs*Xӵ;](B?) 2^m4cQM!_~v@#'_asVl%H~+;ؚnvPr6S}JˢEi #e%_ QDBحVf:+W`>XGZB_7XS2ߟrOonn+(A[50 ؇^2Yc~k.բck9fYKnIT}x ׼kUod~2Bem[9tߤ;6;}jJE'Bdl/hYaIi_UA:{vx.Ճ̾-1Mo]ՀТU Np9ml$:㬐'x iӑB'bLP}h/Cב~hm=oJSϬL!ĤeV`w5U٬%蕋IGcͤv\ 1O~TA(Plt840 nt؎֣̌ $L537bV pB9f}`)ǜt)>^S(A ڄb5O)٭=3[S4[XbfQkX"{?d-BJ"^DafJз~c^Va)^ } :vY9+Vcq9kyH^0͛T3grB5tlcIbu!Ѥ{U4S51I0G%cx PtȾT 4HOИֵetׯjm߷釯OaO}BOƢ DjWvڧ][ 02"i2sޭ?1fěi"H6wFgkj'`;MĎ endstream endobj 209 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 208 0 R /Annots 210 0 R >> endobj 210 0 obj [ 211 0 R 212 0 R ] endobj 211 0 obj << /Type /Annot /Subtype /Link /Rect [ 430.144 564.035 532.904 554.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 212 0 obj << /Type /Annot /Subtype /Link /Rect [ 70.866 553.035 160.296 543.035 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 100 0 R /H /I >> endobj 213 0 obj << /Length 1455 /Filter /FlateDecode >> stream xXKs6 8_zC33ɤI=ԛhWcr)Ai% A~{r/=`tlE  0 }y8ׅssA$yEI"E%,PIr-TT BfFsauqw"@1Oq h0b8b/s^X^aD1IGgNo |pl̗2펶z|soa^37B?^eGlZHR-pnDE D3Z`1֬kHVK@"4^HU5<,uu/!N4Q(IlQfxuMUZh."&&☏w٫䥨8@l{u4.`3s{]Hű1{/&WdI>°7B {{Awk9,eUZ^( Ϡ ?(s2(1$>lu?PD‰Xf?lcV ĿuIE(Z"K@3g ̄"3Nz0nBnE<"=Ѳ΃RHW ;޺U\b6v~.h;giWb56/<ەEQE(t/9-{]I1DHś"N>Ƿ2ٗfxu7򨼴A=!^-yҏ@z3T<JuPwS0&9EY' JHZrNReUKJGٴm|k7/3UgZPMĞ,}ٛ>6!bu>hvBUUS /հBfpV}3W" 9taQ{)CiflLmJM(ceΔ'Wh{c_Y8BXf3Zc$R'M YMЯ!s>*XmwƉsM$g|` bsh{PjQItcDS,>=g"2+HTiy(S9;G[q6X+kYZ Jvװ3NZj wa&1&@3V;)6JazDHX? L7PdM aja]#BW[D|FM;k98M讴N#Lw.3Uj ,~-g ^EQEPnק QlTgZi]n0C,Ů1} uWr.2By md9rI@ۀ̽dK9)XBAB'cBxh?Su> endobj 215 0 obj [ 216 0 R 217 0 R ] endobj 216 0 obj << /Type /Annot /Subtype /Link /Rect [ 297.53 708.331 323.09 698.331 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 65 0 R /H /I >> endobj 217 0 obj << /Type /Annot /Subtype /Link /Rect [ 206.916 654.331 269.686 644.331 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 69 0 R /H /I >> endobj 218 0 obj << /Length 1908 /Filter /FlateDecode >> stream xXmo8_!>4Fe68^EDd*+u_CF. \ p™C}<=}:IDN$P:wV'9y]ơ\g `"qkhYǍqe‡:,FNuq>^p:Z<(SD9N;}Í3e9=xg<1paI`hkOE[SZ`&NIJc6.1Ԇ jοJom$\˜Hk`sz+O?j.׊wTq%;]-ȯ:J&[ʼ#})fl>ȏ{uWעlzGQ-rT/R(Ցޕr%m*8rV*C﫚KX'])!%i'b s#ȿ B:;Qeg!R#-ri; y~6~ٽUf$0IO(Ht5Y`mrө.%L, ^yrsrq񝫲ixwii7UFv׏77/B(RVj[W0%ZG|Ҿw0Y84ċZOSZ:-hL |(N>ywW+<(}Oi$RCJfvfP8|׸c3eicyBs'3W%GNm_tom4 h{C4ԁVx{ֺpvSbSu> OBTf9 ]ԪOH }Z17h H2%uQiMaĒ8b(X{b viI2ACh98K"UFbmQ ȝˢrIaa8s]/#\^IeҚ[whLy`A2sbã,Dbr;yKs} 5նhO̚ (?^>bkP(\//yY=Qo:g"'=w7fb~|.4A\ 9O8W} ~ @?n‚c۾ؽL p~S#G1TME (G<8+Lf E}yd ?\Ԫ?{fWL@@>WpR6n,6isM9BH^qQoߜ_nWX8\oAz.xWvjr\\)ƃN$(>Ʈ>4+Eݿ`ss3g{#~#0rL?'{Ja^{wμ4<}[@~A@Bjbu'KK?< endstream endobj 219 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 218 0 R /Annots 220 0 R >> endobj 220 0 obj [ 221 0 R 222 0 R 223 0 R 224 0 R ] endobj 221 0 obj << /Type /Annot /Subtype /Link /Rect [ 325.942 452.823 407.602 442.823 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 49 0 R /H /I >> endobj 222 0 obj << /Type /Annot /Subtype /Link /Rect [ 502.278 452.823 565.048 442.823 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 53 0 R /H /I >> endobj 223 0 obj << /Type /Annot /Subtype /Link /Rect [ 432.426 243.823 496.576 233.823 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 224 0 obj << /Type /Annot /Subtype /Link /Rect [ 170.866 232.823 243.906 222.823 ] /C [ 0 0 0 ] /Border [ 0 0 0 ] /A 39 0 R /H /I >> endobj 225 0 obj << /Length 1705 /Filter /FlateDecode >> stream xYYoF~ׯ`(@P8]MRP(iEmLQ._p%+R;pv[lt>;p"8ZdP6%2-#aj譪m msvI nBv\@4[ #dXqM]Ӳ1WG-&iY4c2}/D/<,] m RKoxee]s<*WM9]bzM=KxtlxFGo_%Y#JMJ٠M8"i~_G3ՎEAvz9rYOgge}~y/(Gʠӧ4ڳ$Ʌk =LcUn=sl kB%ba# |l`Ku*h0H)5P$B)<^6Xf`ÓFŸբ΂4gy(e'Z-(etS)mZK9PaĸpJ\(hEOGوED m N0߰8jh0t۰N [PSs<1uZf;Y[f=Mih5@U\¸x΀K!_5DPXBM*,V-yi:lR|O$~Vp؉ vב~)r][bkyв/A7t$Pu\K̍(]ǡyl# 88<-%ijac5|6XW+hK+.Z.wM~iEP6ҶRV- 3ٶ2 !=; ؙlA]BI7PmG9;%J'_q;\ Lʯ^ "(΢g{%b3`l+ƻ7) ѥ? L(YNEo0^ +..R1m]u{@b^J4!A:_#AG<PD mr endstream endobj 226 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 225 0 R >> endobj 227 0 obj << /Length 1701 /Filter /FlateDecode >> stream xXYoF~ׯ >8vEHCl#D"UYrI./ERAܳ͌-&K&2zb 6LbȱmvmdX쌛Ec8{cL%9OΚǷD `HV"i{5iỊ,fqg,~cXdˏa"*?_#dDAm-Y)xIjxi&vhkG훎JgcQ7"͙^Ax/O9BdZ٦ AcUNsI_h*,28HM5;Bh \ӡ0M-4j[$"tԂE[HfsD7luLd,v[/_w4CؤJ1}|`҄܍spTJX$WTægrvg9axS޹T&Pv Y#|6Rwe"y3b0Zbŵ,WU {.|xb\wZ =k'ĦFku$ n-C1.SLµ#Mp@;dz珐:A:ǺDSqY繿Guu>:{$ae`]G:d#T5KzTz Uuɓ@$Yh"VIE;mvVU8L ^mny*݁x0jlۈPA։J͟{镞4V޳S[_"`xo ܠP@c#h~,/zDLtYwiUS( R6O+!.Bkx'P<̇io)gZKv`=HW@'*;G@.ێ^cxy 6Rʖ"'ugw,:4i<>b_ +lRDN31cT^Rynu8ʼe%At{9œaf{/'׮h~-~6yy A#=d€8s\p96E/VMٰ+vST"ZLA5G۟TCx3уs!6EQQ(1I ]4*&Nzڈj4K]R+Y )f7H{}7ԇ(S42A[GvDv@}s me"=n!Br<]S#J#a{{A39a,=+Ck8ƦKM7nGѹ]T}tʜ_x Xu ?g?|@Iתgv/pDO$ FK/vSmj0#H9 .W[VϵRWmEBmVޡ> endobj 229 0 obj << /Length 2236 /Filter /FlateDecode >> stream xYKs8WTE4 S'8g٭8H$F$4Hl@TMr__7Kϰ-2fX؆m# ?MϲYf|=cNjOyY1&NkΊɔf VCbmY9|H+o&wx`Ei];[ oU~ֲDɟߌٿ{^TuƊ\ƫy\Dk%K \DGs1ۻӻ;fk7y:aimEc|%!`v͗X;ONeЇq00\2y~)ǒZA?XRw-K㪭t.ź©Aߵ)# .4iv;ȯ=@/ DV\rxދϦ8BLc1Xzr1Cv7.oȊ^w:#":X8븨X`%f2?a+C^Cw @0FslN ^lorv*mw& OdԄoag[}wf埩ɞRf.L#qFPbϙQ9kn0RAiXyaeI0n4TCYK:_nw0/0Bz3VhFRE0aP^ ]qLMKڢgC\YD ߎ  D~#:+j k9Å)0;/lJgSZ/vHwk >bSٌi0|IxRB]<5O3-6"Gȕzise ,߱$U`'(_fSj M2]C?6U=MZ :afSYᆬ@nq::JwUUMS~j%V ".0 5t_hiAsr!`JֶCj I^W^jcɦPN00M=9i=6e:H"{H/b hImR7m!V ,;ŶXou&&U# h--vusHA6P&ndA[JzN|\al\XU2g+;0f"X:ϷD3 #GnDڬ@q׿{l4+& ҳJ"GBv D۰kA[^O eѹ M%bxq)ŠmҞz,C;#o:i<&H`ti72}8as]# "pNp6O`gv(9๴g>.}% ks\q;]ҸK 5uUݽmgTJĜz5 RwiwE8ZaJ}o'AhĚBx޹!qEvrvcN57l. ~bLByop8AkEJڌ;imt~L_-߃N &Bb endstream endobj 230 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 229 0 R >> endobj 231 0 obj << /Length 2069 /Filter /FlateDecode >> stream xYioF_!(%W~#n}R UQň#Β8Kq%AvǛ73of#F#Hpt͵ٚ(^߰WhlRE3îa .B.`<O7ek5@'|Z7ڬiV&m2m?7|$g9DL}<3AGLǤ$c5 dհ`2' lƯ[F2NyaUn"l~\W%/E悒HdJxĘz_S@LyhMf-C]8t"L8R 4u0-#k; y̺}(̋ {"w%eBK' J40lyNwȋ7iػvQ8joޜʭyxjwSƝF GD(1lۺAbs0K&DzQ";A0Ɏxwr?*\V֜5vAkyJ=5qH3媩7n,fp85$9xYDwYJ[" y gR;G @q}r'L~!͠\msgx۠6=aV hU.1 9.Sk&-g?7?D5~$Υѕ4zڎ[Zd+HqM\i( 4¢\^(W*n{)y26}dH߆>$FQ>[vI,CY or.RɄ%[CqD90(3&3Ȁ]%d#%e%><E*8&rSU0ǏUWUX bFi `-+48R;ЍUø:n-2#:2|A*_) U̠y&.u[_1W ⁐AuzfCI p6{>.jbJqaO.@6\KoASK~֊fA*[0 #9I'Gg3CwRg8.3N b>s(=j}V|_"u"ͨ^[w)(ӞfJT n 蕝>{vZj-uƲTsHTos-&nk^tzxJB I3>JJ$/ !G4Bl3Xb][{&\DIL\`v~ ˗ib˴x3uI&`tk`jk1Z1{ĐY3D3tGZu6:H(wAJ 9ٛGǗ;M~;:$.C"lY!+џf : mg߲7(ofZkYmZ7U}]+I_\ endstream endobj 232 0 obj << /Type /Page /Parent 1 0 R /MediaBox [ 0 0 595 842 ] /Resources 3 0 R /Contents 231 0 R >> endobj 233 0 obj << /Length 2150 /Filter /FlateDecode >> stream xYYs۶~ׯc<(;Ƀlٍ;&Q( P vɏ7P:3ap,>_&W ۑE#L}iD GLϴ]nHc9,-׍b-3=9wxfHVϟ|,$fgU K.嘞k@+}u<ݴ:j`&hmغgv6})K˳#tc /HUg*p-y7i4^%\ߍL\-&L?p\ pLvzx>woWqkz orx9>-9ْYAl|*𞖖mbLF8::R$@e0-퉰k"הvY <U)BY[ŷ빐F8+@Վ|Aqmsc*_QhR61~ )ulI9P? Ҡc;^ĄKziK\[_!/>aNj LT4#<.#CX lMnjޱxs kaw* z `zZ&S}ZPJU,RoCk˳ q?>dBIݑX#ʁ| Fbej7%InR3LJ9OP`ο/ OF; 4A_0gTbƟKd%0-~4\tmjUj| A$ҳ`z-Im$7D&9uVIBX+ިT \2E5aؖMnU6x'Xf0m%JypιX|2t:e)6ώ,)}m<6S-*-L8}z ^x CNP&IUȆʴ]Yg#}>•%@HPvF[Y"w.vb&5!dW =/L`%T"nX  2a3I~-?QHΡ9o]NаuԆT 9tɥ7pOYz31Q^2 qlYފ |Ґ ڵzM9yħ% riM8Ȟ=g9,8E Zux&ݗ'nXڮVip7!(u[.k2k^If}u ap1<98`,>y_*|a 乺Φ"m>B  Ly҈IYX5 -e޹3Q'ndε=>@%Fk}yګU'T4_`V&Ly"=#z`XnSU{񵜏hCU]grX%/GAgJ94X`6l?I1:@Zo"ďL/Dmg&b&D2ݠe";=YiD6>yr2p(9Ŋ?+g{jFۓ26}OQ熒`%,R#lĴ)` GǝyݶW__mb^Eix6Ar1{$bvAxo"_x> endobj 235 0 obj << /Length 1525 /Filter /FlateDecode >> stream xnF]_AÀ8uFj6J\IKwIʉяpy쐦m p~̮2i,6N,Äa& }#xe,RI.c y[,QScj{ɟe–~23-7[& g w3/hQ"iJ}p& Ĺt\W [sVҔ8Zȅ~yQȪWZ3g'$/z;=ĞLZv "utVGqR3b, f3q^G|wyy}Qd P$,8̊造'%r<49hkM ,8u*"#7rTnߣH)6˷LN>j,I5T'bԳ-O,#,ɶjJD@zEglW:fE#]~ChnV󃮙kql_320TV8P=czvO!ne=C.yx;#.o.f9ge.\q]Vp˪UdXߝ-FP7Uj;$vyڂw3nt~9r<<ն_oPwIASϿ}> endobj 239 0 obj << /Title (\376\377\0\123\0\141\0\155\0\150\0\141\0\151\0\156) /Parent 237 0 R /Next 241 0 R /A 238 0 R >> endobj 241 0 obj << /Title (\376\377\0\111\0\156\0\150\0\141\0\154\0\164\0\163\0\166\0\145\0\162\0\172\0\145\0\151\0\143\0\150\0\156\0\151\0\163) /Parent 237 0 R /Prev 239 0 R /Next 242 0 R /A 240 0 R >> endobj 242 0 obj << /Title (\376\377\0\61\0\40\0\105\0\151\0\156\0\154\0\145\0\151\0\164\0\165\0\156\0\147) /Parent 237 0 R /First 243 0 R /Last 243 0 R /Prev 241 0 R /Next 244 0 R /Count -1 /A 13 0 R >> endobj 243 0 obj << /Title (\376\377\0\61\0\56\0\61\0\40\0\125\0\156\0\164\0\145\0\162\0\163\0\143\0\150\0\151\0\145\0\144\0\40\0\172\0\165\0\40\0\141\0\156\0\144\0\145\0\162\0\145\0\156\0\40\0\105\0\151\0\156\0\142\0\162\0\165\0\143\0\150\0\163\0\145\0\162\0\153\0\145\0\156\0\156\0\165\0\156\0\147\0\163\0\163\0\171\0\163\0\164\0\145\0\155\0\145\0\156\0\40\0\50\0\111\0\104\0\123\0\51) /Parent 242 0 R /A 15 0 R >> endobj 244 0 obj << /Title (\376\377\0\62\0\40\0\111\0\156\0\163\0\164\0\141\0\154\0\154\0\141\0\164\0\151\0\157\0\156\0\54\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\40\0\165\0\156\0\144\0\40\0\111\0\156\0\151\0\164\0\151\0\141\0\154\0\151\0\163\0\151\0\145\0\162\0\165\0\156\0\147) /Parent 237 0 R /First 245 0 R /Last 248 0 R /Prev 242 0 R /Next 249 0 R /Count -4 /A 17 0 R >> endobj 245 0 obj << /Title (\376\377\0\62\0\56\0\61\0\40\0\111\0\156\0\163\0\164\0\141\0\154\0\154\0\141\0\164\0\151\0\157\0\156) /Parent 244 0 R /Next 246 0 R /A 19 0 R >> endobj 246 0 obj << /Title (\376\377\0\62\0\56\0\62\0\40\0\126\0\145\0\162\0\164\0\162\0\141\0\165\0\145\0\156\0\163\0\167\0\374\0\162\0\144\0\151\0\147\0\145\0\40\0\102\0\145\0\156\0\165\0\164\0\172\0\145\0\162) /Parent 244 0 R /Prev 245 0 R /Next 247 0 R /A 21 0 R >> endobj 247 0 obj << /Title (\376\377\0\62\0\56\0\63\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156) /Parent 244 0 R /Prev 246 0 R /Next 248 0 R /A 23 0 R >> endobj 248 0 obj << /Title (\376\377\0\62\0\56\0\64\0\40\0\111\0\156\0\151\0\164\0\151\0\141\0\154\0\151\0\163\0\151\0\145\0\162\0\165\0\156\0\147) /Parent 244 0 R /Prev 247 0 R /A 25 0 R >> endobj 249 0 obj << /Title (\376\377\0\63\0\40\0\101\0\154\0\154\0\147\0\145\0\155\0\145\0\151\0\156\0\145\0\163\0\40\0\172\0\165\0\162\0\40\0\102\0\145\0\156\0\165\0\164\0\172\0\165\0\156\0\147) /Parent 237 0 R /First 250 0 R /Last 256 0 R /Prev 244 0 R /Next 257 0 R /Count -7 /A 27 0 R >> endobj 250 0 obj << /Title (\376\377\0\63\0\56\0\61\0\40\0\104\0\151\0\145\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153) /Parent 249 0 R /Next 251 0 R /A 29 0 R >> endobj 251 0 obj << /Title (\376\377\0\63\0\56\0\62\0\40\0\126\0\145\0\162\0\151\0\146\0\151\0\153\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\162\0\40\0\123\0\171\0\163\0\164\0\145\0\155\0\55\0\111\0\156\0\164\0\145\0\147\0\162\0\151\0\164\0\344\0\164) /Parent 249 0 R /Prev 250 0 R /Next 252 0 R /A 31 0 R >> endobj 252 0 obj << /Title (\376\377\0\63\0\56\0\63\0\40\0\120\0\146\0\154\0\145\0\147\0\145\0\40\0\144\0\145\0\162\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153) /Parent 249 0 R /Prev 251 0 R /Next 253 0 R /A 33 0 R >> endobj 253 0 obj << /Title (\376\377\0\63\0\56\0\64\0\40\0\111\0\156\0\150\0\141\0\154\0\164\0\40\0\144\0\145\0\162\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153\0\40\0\141\0\156\0\163\0\145\0\150\0\145\0\156) /Parent 249 0 R /Prev 252 0 R /Next 254 0 R /A 35 0 R >> endobj 254 0 obj << /Title (\376\377\0\63\0\56\0\65\0\40\0\126\0\145\0\162\0\151\0\146\0\151\0\153\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\162\0\40\0\105\0\155\0\141\0\151\0\154\0\55\0\116\0\141\0\143\0\150\0\162\0\151\0\143\0\150\0\164\0\145\0\156\0\40\0\166\0\157\0\156\0\40\0\123\0\141\0\155\0\150\0\141\0\151\0\156) /Parent 249 0 R /Prev 253 0 R /Next 255 0 R /A 37 0 R >> endobj 255 0 obj << /Title (\376\377\0\63\0\56\0\66\0\40\0\126\0\145\0\162\0\151\0\146\0\151\0\153\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\162\0\40\0\154\0\157\0\153\0\141\0\154\0\145\0\156\0\40\0\114\0\157\0\147\0\55\0\104\0\141\0\164\0\145\0\151) /Parent 249 0 R /Prev 254 0 R /Next 256 0 R /A 39 0 R >> endobj 256 0 obj << /Title (\376\377\0\63\0\56\0\67\0\40\0\126\0\145\0\162\0\151\0\146\0\151\0\153\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\163\0\40\0\123\0\141\0\155\0\150\0\141\0\151\0\156\0\55\0\120\0\162\0\157\0\147\0\162\0\141\0\155\0\155\0\145\0\163) /Parent 249 0 R /Prev 255 0 R /A 41 0 R >> endobj 257 0 obj << /Title (\376\377\0\64\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\162\0\40\0\114\0\157\0\147\0\147\0\151\0\156\0\147\0\55\0\105\0\151\0\147\0\145\0\156\0\163\0\143\0\150\0\141\0\146\0\164\0\145\0\156) /Parent 237 0 R /First 258 0 R /Last 264 0 R /Prev 249 0 R /Next 267 0 R /Count -9 /A 43 0 R >> endobj 258 0 obj << /Title (\376\377\0\64\0\56\0\61\0\40\0\125\0\156\0\164\0\145\0\162\0\163\0\164\0\374\0\164\0\172\0\164\0\145\0\40\0\114\0\157\0\147\0\55\0\115\0\366\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\145\0\156) /Parent 257 0 R /Next 259 0 R /A 45 0 R >> endobj 259 0 obj << /Title (\376\377\0\64\0\56\0\62\0\40\0\106\0\151\0\154\0\164\0\145\0\162\0\156\0\40\0\166\0\157\0\156\0\40\0\114\0\157\0\147\0\55\0\102\0\145\0\162\0\151\0\143\0\150\0\164\0\145\0\156) /Parent 257 0 R /First 260 0 R /Last 262 0 R /Prev 258 0 R /Next 263 0 R /Count -3 /A 47 0 R >> endobj 260 0 obj << /Title (\376\377\0\64\0\56\0\62\0\56\0\61\0\40\0\114\0\145\0\166\0\145\0\154\0\163\0\40\0\50\0\104\0\162\0\151\0\156\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\163\0\163\0\164\0\165\0\146\0\145\0\156\0\51) /Parent 259 0 R /Next 261 0 R /A 49 0 R >> endobj 261 0 obj << /Title (\376\377\0\64\0\56\0\62\0\56\0\62\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\151\0\145\0\162\0\142\0\141\0\162\0\145\0\40\0\114\0\145\0\166\0\145\0\154\0\163\0\40\0\50\0\104\0\162\0\151\0\156\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\163\0\163\0\164\0\165\0\146\0\145\0\156\0\51) /Parent 259 0 R /Prev 260 0 R /Next 262 0 R /A 51 0 R >> endobj 262 0 obj << /Title (\376\377\0\64\0\56\0\62\0\56\0\63\0\40\0\105\0\162\0\145\0\151\0\147\0\156\0\151\0\163\0\153\0\154\0\141\0\163\0\163\0\145\0\156) /Parent 259 0 R /Prev 261 0 R /A 53 0 R >> endobj 263 0 obj << /Title (\376\377\0\64\0\56\0\63\0\40\0\101\0\165\0\163\0\163\0\143\0\150\0\141\0\154\0\164\0\145\0\156\0\40\0\166\0\157\0\156\0\40\0\114\0\157\0\147\0\55\0\115\0\366\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\145\0\156) /Parent 257 0 R /Prev 259 0 R /Next 264 0 R /A 55 0 R >> endobj 264 0 obj << /Title (\376\377\0\64\0\56\0\64\0\40\0\123\0\160\0\145\0\172\0\151\0\145\0\154\0\154\0\145\0\40\0\117\0\160\0\164\0\151\0\157\0\156\0\145\0\156) /Parent 257 0 R /First 265 0 R /Last 266 0 R /Prev 263 0 R /Count -2 /A 57 0 R >> endobj 265 0 obj << /Title (\376\377\0\64\0\56\0\64\0\56\0\61\0\40\0\105\0\155\0\141\0\151\0\154) /Parent 264 0 R /Next 266 0 R /A 59 0 R >> endobj 266 0 obj << /Title (\376\377\0\64\0\56\0\64\0\56\0\62\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153) /Parent 264 0 R /Prev 265 0 R /A 61 0 R >> endobj 267 0 obj << /Title (\376\377\0\65\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\40\0\144\0\145\0\162\0\40\0\111\0\156\0\164\0\145\0\147\0\162\0\151\0\164\0\344\0\164\0\163\0\145\0\151\0\147\0\145\0\156\0\163\0\143\0\150\0\141\0\146\0\164\0\145\0\156\0\40\0\151\0\156\0\156\0\145\0\162\0\150\0\141\0\154\0\142\0\40\0\144\0\145\0\163\0\40\0\104\0\141\0\164\0\145\0\151\0\163\0\171\0\163\0\164\0\145\0\155\0\163) /Parent 237 0 R /First 268 0 R /Last 276 0 R /Prev 257 0 R /Next 277 0 R /Count -9 /A 63 0 R >> endobj 268 0 obj << /Title (\376\377\0\65\0\56\0\61\0\40\0\126\0\157\0\162\0\144\0\145\0\146\0\151\0\156\0\151\0\145\0\162\0\164\0\145\0\40\0\120\0\157\0\154\0\151\0\143\0\171\0\163) /Parent 267 0 R /Next 269 0 R /A 65 0 R >> endobj 269 0 obj << /Title (\376\377\0\65\0\56\0\62\0\40\0\127\0\141\0\150\0\154\0\40\0\145\0\151\0\156\0\145\0\162\0\40\0\120\0\157\0\154\0\151\0\143\0\171) /Parent 267 0 R /Prev 268 0 R /Next 270 0 R /A 67 0 R >> endobj 270 0 obj << /Title (\376\377\0\65\0\56\0\63\0\40\0\122\0\145\0\153\0\165\0\162\0\163\0\151\0\157\0\156\0\163\0\164\0\151\0\145\0\146\0\145) /Parent 267 0 R /Prev 269 0 R /Next 271 0 R /A 69 0 R >> endobj 271 0 obj << /Title (\376\377\0\65\0\56\0\64\0\40\0\125\0\156\0\164\0\145\0\162\0\166\0\145\0\162\0\172\0\145\0\151\0\143\0\150\0\156\0\151\0\163\0\163\0\145\0\40\0\151\0\147\0\156\0\157\0\162\0\151\0\145\0\162\0\145\0\156) /Parent 267 0 R /Prev 270 0 R /Next 272 0 R /A 71 0 R >> endobj 272 0 obj << /Title (\376\377\0\65\0\56\0\65\0\40\0\113\0\145\0\151\0\156\0\145\0\40\0\102\0\145\0\156\0\141\0\143\0\150\0\162\0\151\0\143\0\150\0\164\0\151\0\147\0\165\0\156\0\147\0\40\0\374\0\142\0\145\0\162\0\40\0\156\0\145\0\165\0\145\0\57\0\147\0\145\0\154\0\366\0\163\0\143\0\150\0\164\0\145\0\40\0\104\0\141\0\164\0\145\0\151\0\145\0\156) /Parent 267 0 R /Prev 271 0 R /Next 273 0 R /A 73 0 R >> endobj 273 0 obj << /Title (\376\377\0\65\0\56\0\66\0\40\0\110\0\141\0\162\0\144\0\154\0\151\0\156\0\153\0\40\0\124\0\145\0\163\0\164) /Parent 267 0 R /Prev 272 0 R /Next 274 0 R /A 75 0 R >> endobj 274 0 obj << /Title (\376\377\0\65\0\56\0\67\0\40\0\124\0\145\0\163\0\164\0\40\0\141\0\165\0\146\0\40\0\163\0\145\0\154\0\164\0\163\0\141\0\155\0\145\0\40\0\104\0\141\0\164\0\145\0\151\0\156\0\141\0\155\0\145\0\156) /Parent 267 0 R /Prev 273 0 R /Next 275 0 R /A 77 0 R >> endobj 275 0 obj << /Title (\376\377\0\65\0\56\0\70\0\40\0\304\0\156\0\144\0\145\0\162\0\165\0\156\0\147\0\40\0\145\0\151\0\156\0\145\0\162\0\40\0\120\0\157\0\154\0\151\0\143\0\171) /Parent 267 0 R /Prev 274 0 R /Next 276 0 R /A 79 0 R >> endobj 276 0 obj << /Title (\376\377\0\65\0\56\0\71\0\40\0\132\0\145\0\151\0\164\0\145\0\156\0\40\0\144\0\145\0\162\0\40\0\111\0\156\0\164\0\145\0\147\0\162\0\151\0\164\0\344\0\164\0\163\0\160\0\162\0\374\0\146\0\165\0\156\0\147) /Parent 267 0 R /Prev 275 0 R /A 81 0 R >> endobj 277 0 obj << /Title (\376\377\0\66\0\40\0\114\0\157\0\147\0\147\0\151\0\156\0\147\0\40\0\172\0\165\0\40\0\145\0\151\0\156\0\145\0\155\0\40\0\114\0\157\0\147\0\55\0\123\0\145\0\162\0\166\0\145\0\162\0\40\0\50\0\131\0\165\0\154\0\145\0\51) /Parent 237 0 R /First 278 0 R /Last 282 0 R /Prev 267 0 R /Next 283 0 R /Count -5 /A 83 0 R >> endobj 278 0 obj << /Title (\376\377\0\66\0\56\0\61\0\40\0\334\0\142\0\145\0\162\0\163\0\145\0\164\0\172\0\145\0\156\0\40\0\144\0\145\0\163\0\40\0\114\0\157\0\147\0\55\0\123\0\145\0\162\0\166\0\145\0\162\0\163\0\40\0\50\0\131\0\165\0\154\0\145\0\51) /Parent 277 0 R /Next 279 0 R /A 85 0 R >> endobj 279 0 obj << /Title (\376\377\0\66\0\56\0\62\0\40\0\334\0\142\0\145\0\162\0\163\0\145\0\164\0\172\0\145\0\156\0\40\0\166\0\157\0\156\0\40\0\123\0\141\0\155\0\150\0\141\0\151\0\156) /Parent 277 0 R /Prev 278 0 R /Next 280 0 R /A 87 0 R >> endobj 280 0 obj << /Title (\376\377\0\66\0\56\0\63\0\40\0\101\0\165\0\164\0\150\0\145\0\156\0\164\0\151\0\146\0\151\0\172\0\151\0\145\0\162\0\165\0\156\0\147\0\40\0\147\0\145\0\147\0\145\0\156\0\374\0\142\0\145\0\162\0\40\0\131\0\165\0\154\0\145) /Parent 277 0 R /Prev 279 0 R /Next 281 0 R /A 89 0 R >> endobj 281 0 obj << /Title (\376\377\0\66\0\56\0\64\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153\0\55\0\40\0\165\0\156\0\144\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\163\0\144\0\141\0\164\0\145\0\151\0\40\0\141\0\165\0\146\0\40\0\144\0\145\0\155\0\40\0\114\0\157\0\147\0\55\0\123\0\145\0\162\0\166\0\145\0\162) /Parent 277 0 R /Prev 280 0 R /Next 282 0 R /A 91 0 R >> endobj 282 0 obj << /Title (\376\377\0\66\0\56\0\65\0\40\0\102\0\145\0\163\0\157\0\156\0\144\0\145\0\162\0\150\0\145\0\151\0\164\0\145\0\156\0\40\0\142\0\145\0\151\0\155\0\40\0\114\0\157\0\147\0\147\0\151\0\156\0\147) /Parent 277 0 R /Prev 281 0 R /A 93 0 R >> endobj 283 0 obj << /Title (\376\377\0\67\0\40\0\127\0\145\0\151\0\164\0\145\0\162\0\145\0\40\0\105\0\151\0\147\0\145\0\156\0\163\0\143\0\150\0\141\0\146\0\164\0\145\0\156\0\40\0\166\0\157\0\156\0\40\0\123\0\141\0\155\0\150\0\141\0\151\0\156) /Parent 237 0 R /First 284 0 R /Last 288 0 R /Prev 277 0 R /Next 289 0 R /Count -5 /A 98 0 R >> endobj 284 0 obj << /Title (\376\377\0\67\0\56\0\61\0\40\0\123\0\151\0\147\0\156\0\151\0\145\0\162\0\164\0\145\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153\0\55\0\40\0\165\0\156\0\144\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\163\0\144\0\141\0\164\0\145\0\151\0\145\0\156) /Parent 283 0 R /Next 285 0 R /A 100 0 R >> endobj 285 0 obj << /Title (\376\377\0\67\0\56\0\62\0\40\0\123\0\164\0\145\0\141\0\154\0\164\0\150\0\40\0\50\0\166\0\145\0\162\0\163\0\164\0\145\0\143\0\153\0\164\0\145\0\162\0\40\0\115\0\157\0\144\0\165\0\163\0\51) /Parent 283 0 R /Prev 284 0 R /Next 286 0 R /A 102 0 R >> endobj 286 0 obj << /Title (\376\377\0\67\0\56\0\63\0\40\0\334\0\142\0\145\0\162\0\167\0\141\0\143\0\150\0\165\0\156\0\147\0\40\0\144\0\145\0\163\0\40\0\113\0\145\0\162\0\156\0\145\0\154\0\163) /Parent 283 0 R /Prev 285 0 R /Next 287 0 R /A 104 0 R >> endobj 287 0 obj << /Title (\376\377\0\67\0\56\0\64\0\40\0\334\0\142\0\145\0\162\0\167\0\141\0\143\0\150\0\165\0\156\0\147\0\40\0\166\0\157\0\156\0\40\0\114\0\157\0\147\0\151\0\156\0\57\0\114\0\157\0\147\0\157\0\165\0\164\0\55\0\126\0\157\0\162\0\147\0\344\0\156\0\147\0\145\0\156) /Parent 283 0 R /Prev 286 0 R /Next 288 0 R /A 106 0 R >> endobj 288 0 obj << /Title (\376\377\0\67\0\56\0\65\0\40\0\123\0\165\0\143\0\150\0\145\0\40\0\156\0\141\0\143\0\150\0\40\0\123\0\125\0\111\0\104\0\57\0\123\0\107\0\111\0\104\0\55\0\104\0\141\0\164\0\145\0\151\0\145\0\156) /Parent 283 0 R /Prev 287 0 R /A 108 0 R >> endobj 289 0 obj << /Title (\376\377\0\70\0\40\0\117\0\160\0\164\0\151\0\157\0\156\0\145\0\156\0\40\0\151\0\156\0\40\0\144\0\145\0\162\0\40\0\113\0\157\0\156\0\146\0\151\0\147\0\165\0\162\0\141\0\164\0\151\0\157\0\156\0\163\0\144\0\141\0\164\0\145\0\151) /Parent 237 0 R /First 290 0 R /Last 300 0 R /Prev 283 0 R /Count -11 /A 110 0 R >> endobj 290 0 obj << /Title (\376\377\0\70\0\56\0\61\0\40\0\102\0\145\0\144\0\151\0\156\0\147\0\164\0\145\0\40\0\101\0\156\0\167\0\145\0\151\0\163\0\165\0\156\0\147\0\145\0\156) /Parent 289 0 R /Next 291 0 R /A 112 0 R >> endobj 291 0 obj << /Title (\376\377\0\70\0\56\0\62\0\40\0\334\0\142\0\145\0\162\0\167\0\141\0\143\0\150\0\164\0\145\0\40\0\104\0\141\0\164\0\145\0\151\0\145\0\156) /Parent 289 0 R /Prev 290 0 R /Next 292 0 R /A 114 0 R >> endobj 292 0 obj << /Title (\376\377\0\70\0\56\0\63\0\40\0\104\0\162\0\151\0\156\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\163\0\163\0\164\0\165\0\146\0\145\0\40\0\166\0\157\0\156\0\40\0\105\0\162\0\145\0\151\0\147\0\156\0\151\0\163\0\163\0\145\0\156) /Parent 289 0 R /Prev 291 0 R /Next 293 0 R /A 116 0 R >> endobj 293 0 obj << /Title (\376\377\0\70\0\56\0\64\0\40\0\106\0\151\0\154\0\164\0\145\0\162\0\40\0\146\0\374\0\162\0\40\0\114\0\157\0\147\0\55\0\115\0\366\0\147\0\154\0\151\0\143\0\150\0\153\0\145\0\151\0\164\0\145\0\156) /Parent 289 0 R /Prev 292 0 R /Next 294 0 R /A 118 0 R >> endobj 294 0 obj << /Title (\376\377\0\70\0\56\0\65\0\40\0\334\0\142\0\145\0\162\0\167\0\141\0\143\0\150\0\165\0\156\0\147\0\40\0\166\0\157\0\156\0\40\0\114\0\157\0\147\0\151\0\156\0\57\0\114\0\157\0\147\0\157\0\165\0\164\0\55\0\105\0\162\0\145\0\151\0\147\0\156\0\151\0\163\0\163\0\145\0\156) /Parent 289 0 R /Prev 293 0 R /Next 295 0 R /A 120 0 R >> endobj 295 0 obj << /Title (\376\377\0\70\0\56\0\66\0\40\0\334\0\142\0\145\0\162\0\160\0\162\0\374\0\146\0\165\0\156\0\147\0\40\0\144\0\145\0\163\0\40\0\113\0\145\0\162\0\156\0\145\0\154\0\163) /Parent 289 0 R /Prev 294 0 R /Next 296 0 R /A 122 0 R >> endobj 296 0 obj << /Title (\376\377\0\70\0\56\0\67\0\40\0\123\0\165\0\143\0\150\0\145\0\156\0\40\0\156\0\141\0\143\0\150\0\40\0\123\0\125\0\111\0\104\0\57\0\123\0\107\0\111\0\104\0\55\0\104\0\141\0\164\0\145\0\151\0\145\0\156) /Parent 289 0 R /Prev 295 0 R /Next 297 0 R /A 124 0 R >> endobj 297 0 obj << /Title (\376\377\0\70\0\56\0\70\0\40\0\114\0\157\0\147\0\147\0\151\0\156\0\147\0\40\0\172\0\165\0\40\0\145\0\151\0\156\0\145\0\162\0\40\0\162\0\145\0\154\0\141\0\164\0\151\0\157\0\156\0\141\0\154\0\145\0\156\0\40\0\104\0\141\0\164\0\145\0\156\0\142\0\141\0\156\0\153) /Parent 289 0 R /Prev 296 0 R /Next 298 0 R /A 126 0 R >> endobj 298 0 obj << /Title (\376\377\0\70\0\56\0\71\0\40\0\126\0\145\0\162\0\163\0\143\0\150\0\151\0\145\0\144\0\145\0\156\0\145\0\163) /Parent 289 0 R /Prev 297 0 R /Next 299 0 R /A 128 0 R >> endobj 299 0 obj << /Title (\376\377\0\70\0\56\0\61\0\60\0\40\0\105\0\170\0\164\0\145\0\162\0\156\0\145\0\40\0\123\0\153\0\162\0\151\0\160\0\164\0\145) /Parent 289 0 R /Prev 298 0 R /Next 300 0 R /A 130 0 R >> endobj 300 0 obj << /Title (\376\377\0\70\0\56\0\61\0\61\0\40\0\103\0\154\0\151\0\145\0\156\0\164\0\163) /Parent 289 0 R /Prev 299 0 R /A 132 0 R >> endobj 301 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 302 0 obj << /Type /Font /Subtype /Type1 /Name /F5 /BaseFont /Times-Roman /Encoding /WinAnsiEncoding >> endobj 303 0 obj << /Type /Font /Subtype /Type1 /Name /F6 /BaseFont /Times-Italic /Encoding /WinAnsiEncoding >> endobj 304 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 305 0 obj << /Type /Font /Subtype /Type1 /Name /F9 /BaseFont /Courier /Encoding /WinAnsiEncoding >> endobj 306 0 obj << /Type /Font /Subtype /Type1 /Name /F7 /BaseFont /Times-Bold /Encoding /WinAnsiEncoding >> endobj 1 0 obj << /Type /Pages /Count 31 /Kids [8 0 R 10 0 R 95 0 R 134 0 R 138 0 R 147 0 R 153 0 R 160 0 R 166 0 R 171 0 R 175 0 R 177 0 R 182 0 R 184 0 R 186 0 R 188 0 R 190 0 R 192 0 R 197 0 R 201 0 R 205 0 R 207 0 R 209 0 R 214 0 R 219 0 R 226 0 R 228 0 R 230 0 R 232 0 R 234 0 R 236 0 R ] >> endobj 2 0 obj << /Type /Catalog /Pages 1 0 R /Outlines 237 0 R /PageMode /UseOutlines >> endobj 3 0 obj << /Font << /F3 301 0 R /F5 302 0 R /F1 304 0 R /F6 303 0 R /F9 305 0 R /F7 306 0 R >> /ProcSet [ /PDF /ImageC /Text ] /XObject <> >> endobj 13 0 obj << /S /GoTo /D [134 0 R /XYZ 65.866 709.331 null] >> endobj 15 0 obj << /S /GoTo /D [134 0 R /XYZ 65.866 499.035 null] >> endobj 17 0 obj << /S /GoTo /D [138 0 R /XYZ 65.866 709.331 null] >> endobj 19 0 obj << /S /GoTo /D [138 0 R /XYZ 65.866 575.035 null] >> endobj 21 0 obj << /S /GoTo /D [147 0 R /XYZ 65.866 668.611 null] >> endobj 23 0 obj << /S /GoTo /D [147 0 R /XYZ 65.866 554.639 null] >> endobj 25 0 obj << /S /GoTo /D [147 0 R /XYZ 65.866 322.667 null] >> endobj 27 0 obj << /S /GoTo /D [153 0 R /XYZ 65.866 709.331 null] >> endobj 29 0 obj << /S /GoTo /D [153 0 R /XYZ 65.866 672.035 null] >> endobj 31 0 obj << /S /GoTo /D [153 0 R /XYZ 65.866 439.063 null] >> endobj 33 0 obj << /S /GoTo /D [153 0 R /XYZ 65.866 200.511 null] >> endobj 35 0 obj << /S /GoTo /D [160 0 R /XYZ 65.866 581.471 null] >> endobj 37 0 obj << /S /GoTo /D [160 0 R /XYZ 65.866 469.639 null] >> endobj 39 0 obj << /S /GoTo /D [160 0 R /XYZ 65.866 303.807 null] >> endobj 41 0 obj << /S /GoTo /D [166 0 R /XYZ 65.866 709.331 null] >> endobj 43 0 obj << /S /GoTo /D [171 0 R /XYZ 65.866 709.331 null] >> endobj 45 0 obj << /S /GoTo /D [171 0 R /XYZ 65.866 608.035 null] >> endobj 47 0 obj << /S /GoTo /D [171 0 R /XYZ 65.866 418.063 null] >> endobj 49 0 obj << /S /GoTo /D [171 0 R /XYZ 65.866 336.091 null] >> endobj 51 0 obj << /S /GoTo /D [175 0 R /XYZ 65.866 508.571 null] >> endobj 53 0 obj << /S /GoTo /D [175 0 R /XYZ 65.866 210.063 null] >> endobj 55 0 obj << /S /GoTo /D [177 0 R /XYZ 65.866 450.563 null] >> endobj 57 0 obj << /S /GoTo /D [177 0 R /XYZ 65.866 390.591 null] >> endobj 59 0 obj << /S /GoTo /D [177 0 R /XYZ 65.866 341.619 null] >> endobj 61 0 obj << /S /GoTo /D [182 0 R /XYZ 65.866 500.683 null] >> endobj 63 0 obj << /S /GoTo /D [184 0 R /XYZ 65.866 709.331 null] >> endobj 65 0 obj << /S /GoTo /D [184 0 R /XYZ 65.866 449.739 null] >> endobj 67 0 obj << /S /GoTo /D [184 0 R /XYZ 65.866 237.767 null] >> endobj 69 0 obj << /S /GoTo /D [186 0 R /XYZ 65.866 579.563 null] >> endobj 71 0 obj << /S /GoTo /D [186 0 R /XYZ 65.866 394.151 null] >> endobj 73 0 obj << /S /GoTo /D [186 0 R /XYZ 65.866 240.739 null] >> endobj 75 0 obj << /S /GoTo /D [186 0 R /XYZ 65.866 158.767 null] >> endobj 77 0 obj << /S /GoTo /D [188 0 R /XYZ 65.866 612.331 null] >> endobj 79 0 obj << /S /GoTo /D [188 0 R /XYZ 65.866 509.359 null] >> endobj 81 0 obj << /S /GoTo /D [188 0 R /XYZ 65.866 212.067 null] >> endobj 83 0 obj << /S /GoTo /D [192 0 R /XYZ 65.866 709.331 null] >> endobj 85 0 obj << /S /GoTo /D [192 0 R /XYZ 65.866 467.035 null] >> endobj 87 0 obj << /S /GoTo /D [192 0 R /XYZ 65.866 310.063 null] >> endobj 89 0 obj << /S /GoTo /D [197 0 R /XYZ 65.866 611.331 null] >> endobj 91 0 obj << /S /GoTo /D [201 0 R /XYZ 65.866 591.331 null] >> endobj 93 0 obj << /S /GoTo /D [201 0 R /XYZ 65.866 488.359 null] >> endobj 98 0 obj << /S /GoTo /D [205 0 R /XYZ 65.866 709.331 null] >> endobj 100 0 obj << /S /GoTo /D [205 0 R /XYZ 65.866 672.035 null] >> endobj 102 0 obj << /S /GoTo /D [205 0 R /XYZ 65.866 302.623 null] >> endobj 104 0 obj << /S /GoTo /D [207 0 R /XYZ 65.866 513.331 null] >> endobj 106 0 obj << /S /GoTo /D [207 0 R /XYZ 65.866 399.359 null] >> endobj 108 0 obj << /S /GoTo /D [207 0 R /XYZ 65.866 296.387 null] >> endobj 110 0 obj << /S /GoTo /D [209 0 R /XYZ 65.866 709.331 null] >> endobj 112 0 obj << /S /GoTo /D [209 0 R /XYZ 65.866 490.035 null] >> endobj 114 0 obj << /S /GoTo /D [209 0 R /XYZ 65.866 194.191 null] >> endobj 116 0 obj << /S /GoTo /D [214 0 R /XYZ 65.866 480.899 null] >> endobj 118 0 obj << /S /GoTo /D [219 0 R /XYZ 65.866 492.795 null] >> endobj 120 0 obj << /S /GoTo /D [226 0 R /XYZ 65.866 595.339 null] >> endobj 122 0 obj << /S /GoTo /D [226 0 R /XYZ 65.866 357.375 null] >> endobj 124 0 obj << /S /GoTo /D [228 0 R /XYZ 65.866 477.787 null] >> endobj 126 0 obj << /S /GoTo /D [228 0 R /XYZ 65.866 198.487 null] >> endobj 128 0 obj << /S /GoTo /D [230 0 R /XYZ 65.866 465.339 null] >> endobj 130 0 obj << /S /GoTo /D [234 0 R /XYZ 65.866 230.331 null] >> endobj 132 0 obj << /S /GoTo /D [236 0 R /XYZ 65.866 535.331 null] >> endobj 237 0 obj << /First 239 0 R /Last 289 0 R >> endobj 238 0 obj << /S /GoTo /D [8 0 R /XYZ 65.866 776.023 null] >> endobj 240 0 obj << /S /GoTo /D [10 0 R /XYZ 65.866 719.331 null] >> endobj xref 0 307 0000000000 65535 f 0000105312 00000 n 0000105609 00000 n 0000105702 00000 n 0000000015 00000 n 0000000065 00000 n 0000000681 00000 n 0000007474 00000 n 0000008199 00000 n 0000008305 00000 n 0000009582 00000 n 0000009704 00000 n 0000010011 00000 n 0000105923 00000 n 0000010149 00000 n 0000105992 00000 n 0000010287 00000 n 0000106061 00000 n 0000010425 00000 n 0000106130 00000 n 0000010563 00000 n 0000106199 00000 n 0000010701 00000 n 0000106268 00000 n 0000010839 00000 n 0000106337 00000 n 0000010977 00000 n 0000106406 00000 n 0000011115 00000 n 0000106475 00000 n 0000011253 00000 n 0000106544 00000 n 0000011391 00000 n 0000106613 00000 n 0000011529 00000 n 0000106682 00000 n 0000011667 00000 n 0000106751 00000 n 0000011805 00000 n 0000106820 00000 n 0000011943 00000 n 0000106889 00000 n 0000012081 00000 n 0000106958 00000 n 0000012219 00000 n 0000107027 00000 n 0000012357 00000 n 0000107096 00000 n 0000012495 00000 n 0000107165 00000 n 0000012633 00000 n 0000107234 00000 n 0000012771 00000 n 0000107303 00000 n 0000012909 00000 n 0000107372 00000 n 0000013047 00000 n 0000107441 00000 n 0000013185 00000 n 0000107510 00000 n 0000013323 00000 n 0000107579 00000 n 0000013461 00000 n 0000107648 00000 n 0000013599 00000 n 0000107717 00000 n 0000013737 00000 n 0000107786 00000 n 0000013875 00000 n 0000107855 00000 n 0000014013 00000 n 0000107924 00000 n 0000014151 00000 n 0000107993 00000 n 0000014289 00000 n 0000108062 00000 n 0000014427 00000 n 0000108131 00000 n 0000014565 00000 n 0000108200 00000 n 0000014703 00000 n 0000108269 00000 n 0000014841 00000 n 0000108338 00000 n 0000014979 00000 n 0000108407 00000 n 0000015117 00000 n 0000108476 00000 n 0000015255 00000 n 0000108545 00000 n 0000015393 00000 n 0000108614 00000 n 0000015531 00000 n 0000108683 00000 n 0000015669 00000 n 0000016412 00000 n 0000016535 00000 n 0000016697 00000 n 0000108752 00000 n 0000016835 00000 n 0000108821 00000 n 0000016974 00000 n 0000108891 00000 n 0000017114 00000 n 0000108961 00000 n 0000017254 00000 n 0000109031 00000 n 0000017394 00000 n 0000109101 00000 n 0000017534 00000 n 0000109171 00000 n 0000017674 00000 n 0000109241 00000 n 0000017814 00000 n 0000109311 00000 n 0000017954 00000 n 0000109381 00000 n 0000018094 00000 n 0000109451 00000 n 0000018234 00000 n 0000109521 00000 n 0000018374 00000 n 0000109591 00000 n 0000018514 00000 n 0000109661 00000 n 0000018654 00000 n 0000109731 00000 n 0000018794 00000 n 0000109801 00000 n 0000018934 00000 n 0000109871 00000 n 0000019074 00000 n 0000109941 00000 n 0000019214 00000 n 0000021805 00000 n 0000021915 00000 n 0000024041 00000 n 0000024239 00000 n 0000024586 00000 n 0000024712 00000 n 0000024781 00000 n 0000024990 00000 n 0000025127 00000 n 0000025267 00000 n 0000025406 00000 n 0000025547 00000 n 0000025687 00000 n 0000028237 00000 n 0000028363 00000 n 0000028408 00000 n 0000028548 00000 n 0000028688 00000 n 0000028827 00000 n 0000031372 00000 n 0000031498 00000 n 0000031551 00000 n 0000031692 00000 n 0000031831 00000 n 0000031971 00000 n 0000032110 00000 n 0000034275 00000 n 0000034401 00000 n 0000034446 00000 n 0000034586 00000 n 0000034726 00000 n 0000034866 00000 n 0000036062 00000 n 0000036188 00000 n 0000036225 00000 n 0000036365 00000 n 0000036502 00000 n 0000038735 00000 n 0000038861 00000 n 0000038890 00000 n 0000039030 00000 n 0000040632 00000 n 0000040742 00000 n 0000042289 00000 n 0000042415 00000 n 0000042452 00000 n 0000042592 00000 n 0000042732 00000 n 0000044468 00000 n 0000044578 00000 n 0000047022 00000 n 0000047132 00000 n 0000048994 00000 n 0000049104 00000 n 0000051878 00000 n 0000051988 00000 n 0000053206 00000 n 0000053316 00000 n 0000055863 00000 n 0000055989 00000 n 0000056018 00000 n 0000056158 00000 n 0000058858 00000 n 0000059337 00000 n 0000059463 00000 n 0000059492 00000 n 0000059671 00000 n 0000061723 00000 n 0000061849 00000 n 0000061878 00000 n 0000062017 00000 n 0000064893 00000 n 0000065003 00000 n 0000067427 00000 n 0000067537 00000 n 0000069723 00000 n 0000069849 00000 n 0000069886 00000 n 0000070027 00000 n 0000070167 00000 n 0000071698 00000 n 0000071824 00000 n 0000071861 00000 n 0000071999 00000 n 0000072139 00000 n 0000074123 00000 n 0000074249 00000 n 0000074302 00000 n 0000074442 00000 n 0000074582 00000 n 0000074722 00000 n 0000074862 00000 n 0000076643 00000 n 0000076753 00000 n 0000078530 00000 n 0000078640 00000 n 0000080952 00000 n 0000081062 00000 n 0000083207 00000 n 0000083317 00000 n 0000085543 00000 n 0000085653 00000 n 0000087254 00000 n 0000110011 00000 n 0000110065 00000 n 0000087364 00000 n 0000110133 00000 n 0000087492 00000 n 0000087701 00000 n 0000087913 00000 n 0000088333 00000 n 0000088763 00000 n 0000088940 00000 n 0000089215 00000 n 0000089413 00000 n 0000089608 00000 n 0000089908 00000 n 0000090090 00000 n 0000090411 00000 n 0000090649 00000 n 0000090934 00000 n 0000091325 00000 n 0000091645 00000 n 0000091957 00000 n 0000092340 00000 n 0000092623 00000 n 0000092932 00000 n 0000093218 00000 n 0000093614 00000 n 0000093819 00000 n 0000094134 00000 n 0000094388 00000 n 0000094533 00000 n 0000094702 00000 n 0000095263 00000 n 0000095493 00000 n 0000095713 00000 n 0000095923 00000 n 0000096216 00000 n 0000096631 00000 n 0000096828 00000 n 0000097113 00000 n 0000097357 00000 n 0000097634 00000 n 0000097983 00000 n 0000098280 00000 n 0000098530 00000 n 0000098840 00000 n 0000099271 00000 n 0000099536 00000 n 0000099883 00000 n 0000100261 00000 n 0000100540 00000 n 0000100797 00000 n 0000101142 00000 n 0000101412 00000 n 0000101758 00000 n 0000101983 00000 n 0000102211 00000 n 0000102540 00000 n 0000102826 00000 n 0000103183 00000 n 0000103440 00000 n 0000103731 00000 n 0000104082 00000 n 0000104281 00000 n 0000104496 00000 n 0000104649 00000 n 0000104763 00000 n 0000104874 00000 n 0000104986 00000 n 0000105095 00000 n 0000105202 00000 n trailer << /Size 307 /Root 2 0 R /Info 4 0 R >> startxref 110202 %%EOF samhain-3.1.0/docs/README.LZO0000644000175000017500000001032507466015371012341 00000000000000-----BEGIN PGP SIGNED MESSAGE----- ============================================================================ miniLZO -- mini subset of the LZO real-time data compression library ============================================================================ Author : Markus Franz Xaver Johannes Oberhumer http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html Version : 1.06 Date : 29-Nov-1999 I've created miniLZO for projects where it is inconvenient to include (or require) the full LZO source code just because you want to add a little bit of data compression to your application. miniLZO implements the LZO1X-1 compressor and both the standard and safe LZO1X decompressor. Apart from fast compression it also useful for situations where you want to use pre-compressed data files (which must have been compressed with LZO1X-999). miniLZO consists of one C source file and two header files: minilzo.c minilzo.h lzoconf.h To use miniLZO just copy these files into your source directory, add minilzo.c to your Makefile and #include minilzo.h from your program. Note: you also must distribute this file (`README.LZO') with your project. minilzo.o compiles to about 6 kB (using gcc or Watcom C on a i386), and the sources are about 14 kB when packed with zip - so there's no more excuse that your application doesn't support data compression :-) For more information, documentation, example programs and other support files (like Makefiles and build scripts) please download the full LZO package from http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html Have fun, Markus P.S. minilzo.c is generated automatically from the LZO sources and therefore functionality is completely identical Appendix A: building miniLZO ---------------------------- miniLZO is written such a way that it should compile and run out-of-the-box on most machines. If you are running on a very unusual architecture and lzo_init() fails then you should first recompile with `-DLZO_DEBUG' to see what causes the failure. The most probable case is something like `sizeof(char *) != sizeof(long)'. After identifying the problem you can compile by adding some defines like `-DSIZEOF_CHAR_P=8' to your Makefile. The best solution is (of course) using Autoconf - if your project uses Autoconf anyway just add `-DMINILZO_HAVE_CONFIG_H' to your compiler flags when compiling minilzo.c. See the LZO distribution for an example how to set up configure.in. Appendix B: list of public functions available in miniLZO --------------------------------------------------------- Library initialization lzo_init() Compression lzo1x_1_compress() Decompression lzo1x_decompress() lzo1x_decompress_safe() Checksum functions lzo_adler32() Version functions lzo_version() lzo_version_string() lzo_version_date() Portable (but slow) string functions lzo_memcmp() lzo_memcpy() lzo_memmove() lzo_memset() Appendix C: suggested macros for `configure.in' when using Autoconf ------------------------------------------------------------------- Checks for typedefs and structures AC_CHECK_TYPE(ptrdiff_t,long) AC_TYPE_SIZE_T AC_CHECK_SIZEOF(unsigned short) AC_CHECK_SIZEOF(unsigned) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(char *) AC_CHECK_SIZEOF(ptrdiff_t) AC_CHECK_SIZEOF(size_t) Checks for compiler characteristics AC_C_CONST Checks for library functions AC_CHECK_FUNCS(memcmp memcpy memmove memset) Appendix D: Copyright --------------------- LZO and miniLZO are Copyright (C) 1996-1999 Markus Franz Xaver Johannes Oberhumer LZO and miniLZO are distributed under the terms of the GNU General Public License (GPL). See the file COPYING. Special licenses for commercial and other applications which are not willing to accept the GNU General Public License are available by contacting the author. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBOEK5Km10fyLu8beJAQE2oAQAovSZ1KDXJKdbfUmGHhRAoU/BdQXydYKr tGDtC0i8EfC2cjrbJANbZq8GQM0PMZSAgyW9/BaUmRZ/d5pxpF0eBBpUp87i/ZM6 BoPE3uu7Rwu05SSR3FRFe1lCrMDn/yHkyV9T+DUY6XaBLONdaPh7BayQ93MnCFoD 9gs3grhALsM= =uuXN -----END PGP SIGNATURE----- samhain-3.1.0/docs/README.gcc_bug0000644000175000017500000000236607466015371013274 00000000000000 GCC Compiler Bug ---------------- Reference: http://boudicca.tux.org/hypermail/linux-kernel/2000week05/0983.html From: Johan Kullstam (kullstam@ne.mediaone.net) Date: Thu Jan 27 2000 - 18:00:28 EST Horst von Brand writes: > My question in this vein would be the -fno-strength-reduce. The gcc bug > that placed this in the kernel was in gcc-2.7.2, and was worked around in > 2.7.2.3 by just making this option unconditional. Both 2.2.15pre4 and > 2.3.41pre2 at least demand gcc-2.7.2.3 as minimal version. just when you thought it was safe to go into the water... strength-reduction is broken again in gcc-2.95.2 (aka the current release). i'm not sure about what versions actually do work. for fun, try this one out. cut and paste the program bug.c. $ gcc -O2 bug.c -o b0 $ gcc -O2 -fno-strength-reduce bug.c -o b1 run b1. notice it finish immediately. now run b0. notice how b0 never terminates (until you ^C it). -- bug.c ----------------------------------------- static void bug(int size, int tries) { int i; int num = 0; while (num < size) { for (i = 1; i < tries; i++) num++; } } int main() { bug(5, 10); return 0; } -- bug.c ----------------------------------------- samhain-3.1.0/docs/README.UPGRADE0000644000175000017500000000673111463240264012763 00000000000000to 2.8.0 and higher: samhain supports IPv6 now, which means that the size of the 'ip' column in the database must be increased from VARCHAR(16) to VARCHAR(46). BE SURE TO MAKE A BACKUP BEFORE THIS! -- mysql: alter table samhain.log modify ip VARCHAR(46); -- postgresql: alter table samhain.log alter column ip type varchar(46); -- oracle: alter table samhain.log modify ip VARCHAR2(46); to 2.4.4 and higher: it is possible now to store the full content of small files in the baseline database. To support this feature with logging to an RDBMS, the DB schema for Oracle needs to be adjusted by converting the link_old, link_new columns from VARCHAR2 to CLOB: -- Oracle: ALTER TABLE samhain.log ADD tmp_name CLOB; UPDATE samhain.log SET tmp_name=link_old; ALTER TABLE samhain.log DROP COLUMN link_old; ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_old; ALTER TABLE samhain.log ADD tmp_name CLOB; UPDATE samhain.log SET tmp_name=link_new; ALTER TABLE samhain.log DROP COLUMN link_new; ALTER TABLE samhain.log RENAME COLUMN tmp_name to link_new; -- Samhain server (yule): if you are logging to the RDBMS via the server (yule), as recommended, you need to also upgrade the server, because earlier versions had a too restrictive limit on the maximum length of an SQL query. to 2.3.3 and higher: a bug has been fixed that resulted in an additional slash at the beginning of the linked path of symlinks in the root directory (symlinks in other directories were not affected) -- this may cause spurious warnings about modified links, if you check against a database created with an earlier version of samhain from lower to 2.3.x: the database scheme has changed slightly. To upgrade, use the following SQL commands in the command-line client of your database: -- MySQL: ALTER TABLE samhain.log ADD COLUMN acl_old BLOB; ALTER TABLE samhain.log ADD COLUMN acl_new BLOB; -- PostgreSQL: ALTER TABLE samhain.log ADD COLUMN acl_old TEXT; ALTER TABLE samhain.log ADD COLUMN acl_new TEXT; -- Oracle: ALTER TABLE samhain.log ADD acl_old VARCHAR2(4000); ALTER TABLE samhain.log ADD acl_new VARCHAR2(4000); DROP TRIGGER trigger_on_log; since 2.2.0: server-to-server relay is possible -- this implies that problems will arise if your server is misconfigured to connect to itself (SetExportSeverity is explicitely set to a threshold different from 'none', and the logserver is set to localhost). The server may deadlock in this case. since 2.1.0: update and daemon mode can be combined -- this implies that '-t update' will start a daemon process if running as daemon is the default specified in the config file. use '--foreground' to avoid starting a daemon process from 1.7.x to 1.8.x: client/server encryption protocol has been enhanced -- 1.7.x clients can connect to a 1.8.x server -- 1.8.x clients can only connect to a 1.7.x server, if they are built with --enable-encrypt=1 from 1.6.x to 1.7.x: things to watch out for -- the log server drops root privileges after startup; it needs a logfile directory with write access for the unprivileged user now -- the PID file does not double as lock for the log file anymore; the log file has its own lock now (same path, with .lock appended) -- by default, the HTML status page of the server is in the log directory now; this allows to make the data directory read-only for the server samhain-3.1.0/docs/README.win2K0000644000175000017500000000265007646616227012700 00000000000000 Using SAMHAIN on Win2K ---------------------- samhain builds and runs on Win2K (and maybe other M$ products) with the (free, GPL) Cygwin environment. Fabio Paracchini writes: (UPDATE: note that some configure options have changed since this has been written. Check the manual and/or run './configure --help' for available options.) The configuration I'm testing now is a server on OpenBSD 2.8 and a client on W2K, using the latest Cygwin. I was able to compile the client on a W2K Cygwin development machine using those configuration flags: --enable-static --enable-network --with-tmp-dir=/tmp --with-data-file=REQ_FROM_SERVER/samhain.db --with-config-file=REQ_FROM_SERVER/etc/samhainrc --with-logserver=x.x.x.x --with-lock-file=/cygdrive/c/samhain.lck --with-log-file=/cygdrive/c/samhain.log I was able to successfully compile and sign the executable, upload to the production server with the cygwin1.dll in the same directory and run both samhain -t init and samhain -t check. If you need a stealthy configuration you could change lock & log file to something more obscure, only pay attention that in Cygwin if you need to access drive C: you have to prefix your path with /cygdrive/c. The configuration is kept on the server where Yule runs; I registered the client and I'm in the process of tuning the exceptions for the files modified by Windows. samhain-3.1.0/docs/BUGS0000644000175000017500000000252211203760677011501 00000000000000AIX: --- Samhain must either be compiled as 32bit application, or with the --disable-dnmalloc configure flag, because the OS provides no way to enforce usage of 32bit address space. MacOS X: ------- (1) Pointed out by David: static linking is not supported on MacOS X, see http://developer.apple.com/qa/qa2001/qa1118.html Solaris: ------- (1) This was pointed out by rog [at] iis dot fhg dot de (Ingo Rogalsky): "It isn't possible, to link samhain statically with Solaris. This is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem." Linux, maybe others: ------------------- (1) With gdm (the GNOME display manager), GNOME version 1.2, using the file hiding kernel module (configure option --enable-khide) at system boot may cause problems (keyboard locked up). No problem observed with kdm (the KDE display manager). In case of problems, you may need to reboot into single-user mode and edit the boot init script ... it should be noted that on the test system, gdm sometimes locked up the keyboard on other occasions (e.g. after a fsck). (2) With gcc 2.95.2 (and glibc 2.1.3), it is not possible to use --with-database and --enable-debug at the same time (the code will segfault). This is apparently a compiler bug, and it does not happen with gcc 3.0. samhain-3.1.0/docs/Changelog0000644000175000017500000031313212233260312012613 00000000000000 * Add support for SHA2-256 checksum function * Drop support for --enable-khide on kernel version 3.x and above * Fix IgnoreAdded to anchor regex at beginning of path (reported by R.Lindner) * Add check to detect availability of pmap_getmaps() (missing in static library on recent Linux systems as reported by Ian Baldwin) * Fixes for Ubuntu 13.4: - no error msg for failing stat on /run/user/Username/gvfs in suidcheck - no error message for failing hardlink check on /run/user/Username - eliminate compiler warnings * Add option '--disable-asm' to work around a gcc issue in Debian unstable (reported by micah) * Remove option '-i' from mkitab in samhain-install.sh.in (reported by N. Kerski) 3.0.13: * Fix detection of nonfunctional /dev/kmem * Fix race condition in GrowingLogfiles policy that causes spurious reports (problem noticed by J. Daubert) 3.0.12: * Fix compiler warning in bignum.c (unused parameter) * Detect if /var/run is a symlink and /run exists * Fix for broken support for audit subsystem (reported by isquish) * Fix for incorrect use of sh_inotify_add_watch_later which causes a steady increase in memory usage (issue reported by Maxime V) * Fix for potential minor memory leak * Fix for bug in negated conditionals for config file (reported by M. Ward) 3.0.11: * Fix for compile error on HP-UX (reported by P. Alves) * Propagate ERANGE error from getgrxxx_r (issue raised by C. Feikes) * Fix reconnecting to database for Oracle * Add better logrotate handling for the GrowingLogs policy (search rotated log and verify it, don't report if this succeeds) * Add ability to create debian packages with preset password (use env var PASSWORD) * Add option KernelCheckProc (bool) to suppress kernel /proc test * Add option IgnoreModified to cover transient files that not only get added/deleted but also modified 3.0.10: * Revert to previous logic in samhain.c because it will block otherwise (reported by Alexandr Sabitov) 3.0.9: * Fixed a Cygwin compile warning * Change logic in samhain.c to make sure inotify doesn't cause excessive full scans * Add option IgnoreTimestampsOnly in Windows registry check (ignore changes if only timestamp has changed) * Fix the probe command (misses clients if their startup message has been missed) * Fix the RPM spec file for --enable-network=client and no password (reported by Mitch St Martin) * Fix build error with Linux audit (reported by Andy Jack) * Fix detection of utmpx.h (reported by D. Thiel) 3.0.8: * rename to 3.0.8 for release * useful exit status for samhainadmin.pl --examine 3.0.7a: * add ability to create RPM with preset password (use env var PASSWORD) * fix the rpm-light makefile target * fix minor bug in samhain_setpwd.c (incorrect error message) 3.0.7: * update documentation for prelude * fix configure to properly search for Oracle Instantclient SDK * pass through TNS_ADMIN environment variable for Oracle * optimize audit rules automatically * zero out the html status file at server exit * don't check for assembly optimization unless linux or *BSD 3.0.6: * install logrotate script if /etc/logrotate.d is detected * new option --enable-suid for nagios * fix for --enable-ptrace: make the save_tv variable thread specific * fix bug in inotify code which made it follow symlinks (by [anonymous]) * fix two missing SH_MUTEX_LOCK(mutex_thread_nolog) (by [anonymous]) * fix for 'no such process' message from sh_fInotify_init_internal() (by [anonymous]) * fix for --enable-ptrace with threads (by [anonymous]) * option SetReportFile for writing out summary after file check 3.0.5: * fix xml format templates for registry check * fix database download on registry check init (reported by ldieu) 3.0.4: * fix verbosity of message for alerts on already deleted watches (set it to debug - suggested by xrx) * fix extraneous error messages about file not found from sh_fInotify_init_internal() (bug reports by xrx and aj) 3.0.3 (28-03-2012): * fix potential deadlock in sh_ext_popen() * make sure sh_processes_readps cannot hang forever * fix for deadlock if sh_processes_readps hangs * fix for deadlock if suid check and inotify are used together (reported by A. Jack) * fixed problem with samhain_stealth.c (handle input config files that don't end with a newline) * fixed compiler warnings for yulectl.c with stealth * fixed lacking support for O_NOATIME on 64bit linux 3.0.2a (23-02-2012): * Fix compile error on Solaris 10 3.0.2 (16-02-2012): * change sql init scripts to make bigint fields unsigned (problem reported by A. Sabitov) * patch by Andy Jack for issue with the --with-gpg option (hangs with high cpu load at startup) * call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the RPM spec file, because /var might be mounted noexec (reported by GC) * fixed configure.ac for the case that --with-gpg and --enable-nocl are used (./samhain for gpg checksum; problem report by Andy Jack) * fixed a potential NULL pointer dereference in sh_inotify.c on systems where inotify is not available (reported by ) * fixed: the config file template mentions (in a comment) the non-existent directive SetLockPath instead of the correct SetLockfilePath (reported by Curtis). * fixed: the definition of O_NOATIME isn't seen in sh_files.c. 3.0.1 (07-12-2011): * fix a memory leak (reported by C. Westlake) * fix an uninitialized variable in the suidcheck code (problem reports by T- Luettgert and Kai) * fix a bug in the port check with --disable-ipv6 (reported by C. Westlake) * fix potential deadlock in sh_files.c (reported by S. Mirolo) * change Makefile.in to stop on compile error rather than at link stage (suggested by S. Mirolo) * fix compile errors caused by missing #define (pthread disabled) and wrong function call (OSX specific code), reported by S. Mirolo * fix warning by the llvm/clang static checker * fix compile issues on freebsd * handle (ignore) SIGPIPE more thoroughly * update config.guess, config.sub 3.0.0a (06-10-2011): * Fix compile-time issues on RHEL5 (reported by Thomas) 3.0.0 (01-11-2011): * Add support for the inotify API * If --disable-shellexpand is used, also disable setting the prelink/ps paths * Fix missing check_mask storage for glob pattern * Add support for integer keys in zAVL * Fix compiler warnings with gcc 4.6.1 (variables that get set but then remain unused) * Add more server-side debugging for IPv6 * Make kern_head compile with 3.x kernels 2.8.6 (20-09-2011): * Manual updated. * Added an option LogmonDeadtime to avoid repetitive reporting on correlated events. * Fix problems with timestamp handling in logfile correlation (problem reported by D. Dearmore) * List the policy under which a directory/file is checked * Option to use a textfile with a list of files for update * Fix --enable-db-reload option (reported by David L.) * Fix samhain_kmem compilation, need to compile under chosen name if --enable-install-name is used (reported by David L.) * Fix uninitialized string in error message (reported by mimox) 2.8.5a (16-06-2011): * Fix autolocal.m4 for new configure option 2.8.5 (15-06-2011): * Detect non-working /dev/kmem in configure script, and fix a bug in the samhain_kmem kernel module. * Fix wrong handler for LogmonMarkSeverity (reported by S. Chittenden) * Better protection against the 'intruder on server' scenario pointed out by xrx. Add option to disable shell expansion in configuration files, and check gpg signature earlier. * Support /opt/local/bin in the Unix entropy gatherer (suggestion by Sean Chittenden) * Cache timeserver response for one second (suggestion by Sean Chittenden) 2.8.4a (11-05-2011): * Fix for compile error with --with-prelude (reported by Sean Chittenden), missing regression test added * Fix for compile error with --enable-udp (reported by Sean Chittenden), missing regression test added 2.8.4 (30-04-2011): * Fix another reload bug in the log monitoring module * Add unit tests for IgnoreAdded/IgnoreDeleted configuration directives * Fix deadlock after reload when compiled with --enable-login-watch (reported by M. Teege and O. Cobanoglu) * Fix compile error for samhain_hide.ko with recent kernel * Include patch by J. Graumann to specify the location of the secret keyring with samhainadmin.pl * Fix potential timeout problem in sh_sub_stat_int() and propagate the error (issue reported by mtg) * Add support for X-Forwarded-For in apache logfile parser, add option 'RE{regex}' to insert arbitrary regex * New options PortcheckMinPort, PortcheckMaxPort for the open ports check 2.8.3a (23-03-2011): * Fix two 'label at end of compound statement' errors on FreeBSD (reported by David E. Thiel) 2.8.3 (22-03-2011): * init scripts: load samhain_kmem.ko before samhain starts * slib.c: eliminate mutex from sl_create_ticket() * sh_entropy.c: move pthread usage out of child * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete() needs deadlock detection, may be called from within sh_hash_init() via atexit handler on error condition * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat() to use with relative path after chdir() * samhain.c, sh_calls.c, sh_calls.h: only run (l)stat() in subprocess after reading config file (to allow disabling) * sh_unix.c: run sh_sub_kill() in parent after forking the daemon * fix zeroing of result from getnameinfo() (problem reported by Richard) * fix spurious warnings about unsupported address family (reported by N Silverman) * option to run lstat/stat in subprocess to avoid hanging on NFS mounts (off by default) * fix Windows/Cygwin compile error (reported by A. Schmidt) 2.8.2 (16-02-2011): * add function to skip checksumming * Fix missing check for recursion depth >= 0 if not IgnoreAll * Fix hardcoded path for temp directory in deployment scripts * Fix bad compile on CentOS 4.8 with gcc 4.1.2 * Fix minor bug in check_samhain.pl (pointed out by J.-S. Eon long ago) 2.8.1 (17-11-2010): * Document handling of missing files with secondary schedule * Fix incorrect handling of missing files when secondary schedule is used (reported by Sergey) * Fix null pointer dereference in config parse handler for SetMailAlias (reported by Sergey) * Fix incorrect memset() in sh_kern.c (passed struct by value...), reported by Roman and Stefan * Fix 'make install' to create user-defined directory * fix minor issues noticed by T. Luettgert (test code assumes port 0/tcp is unused, wrong ifdef order (without impact on compilation)) * fix compile error on AIX 5.3 with --enable-login-watch, reported by M. El Nahass (time.h missing in src/sh_login_track.c) 2.8.0 (01-11-2010): * Support IPv6 * Add registry checking * Use auditd records to find out who did it 2.7.2c (23-09-2010): * Fix uppercase hostname problem in client/server communication 2.7.2b (05-09-2010): * Fix compile errors on Solaris 10 (reported by A. Saheba) 2.7.2a (23-08-2010): * rewrote rijndaelKeySched() in a more conservative way to fix compile problem on SLES 11. 2.7.2 (16-08-2010): * sh_utils.c: fixed an endianess issue that prevented cross-verification of email signatures (reported by A. Zangerl) * sh_login_track.c: fix compiler warning (ignored return value of fwrite) * sh_readconf.c: fix comparison of SeverityUserX string (reported by max__) * sh_processcheck.c: sh_prochk_set_maxpid: set retval on success (reported by max__) * fixed some compiler warnings on cygwin * sh_extern.c: As reported by T. Luettgert, gcc 4.4.4 on Fedora 13 will throw a warning if execve is called with a NULL argv pointer. Need to provide a dummy argp[]. 2.7.1 (07-06-2010): * samhain_kmem.c: fix compile problems * fix problems with config file parser: increase max. line length, support quoting/escaping of filenames (as in 'ls --quoting-style=c') * check for pcre_dfa_exec (not available in old versions of libpcre, reported by Shinoj) * patch to allow server to log client reports to prelude (by J. Ventura) 2.7.0a (09-05-2010): * fix /dev/kmem detection (reported by S. Clormann) 2.7.0 (01-05-2010): * sh_utmp.c, sh_login_track.c: additional login checks * sh_unix.c: use SIGTTIN as alternative for SIGABRT (SIGABRT seems not to work on AIX, reported by Peter) * sh_utmp.c: fix compile error without pthreads (inotify_watch used) * sh_kern.c, kern_head.c: fix some 64bit issues * dnmalloc.c: fix compiler warning (ignored ret value) * Fix LSB init script for kernel module * samhain_kmem kernel module for /proc/kmem added 2.6.4 (22-03-2010): * Don't read proc_root_iops in sh_kern.c (Problem report by H. R.) * Logfile check can check output of shell commands * Use data directory as default for logfile checkpoints * Fix broken checkpoint save/restore for logfiles 2.6.3 (10-03-2010): * Fix bug in mail module, recipients incorrectly flagged as aliases, which breaks immediate mail for 'alert' (reported by Jesse) 2.6.2 (28-01-2010): * Makefile.in: fix problem in deploy system caused by adding build number for debs in 2.5.9 (reported by roman) * add option for per-rule email alias in log monitoring module * sh_readconf.c: make keywords case-independent * sh_mail.c: on error, report full reply of mail server * sh_mail.c: report smtp transcript at debug level * make sure mail aliases are not emailed twice, and recipients cannot be defined after aliasing them * handle named pipes in log monitoring module (open in nonblocking mode, ignore read error if empty) * fix bug in the server function to probe for necessity of configuration reload for client 2.6.1b (23-12-2009): * fix missing include for sh_inotify.h in sh_inotify.c (reported by Ack) 2.6.1a (22-12-2009): * fix typo in code for older inotify versions without inotify_init1(), reported by Forll 2.6.1 (21-12-2009): * add a routine to log monitoring module to guess the proper year for timestamps without year (standard syslog) * add feature to automatically detect and report bursts of similar messages in log monitoring module * add feature to check for missing heartbeat messages in log monitoring module * cache UIDs/GIDs to reduce the number of lookups * use inotify to track login/logout (sh_inotify.c, sh_utmp.c) * support event correlation in log monitoring module * make sure host matching is done in a case insensitive way (reported by Tracy) * fix invalid use of mutex_mlock in src/sh_unix.c, function sh_unix_count_mlock() (reported by Remco Landegge). 2.6.0 (01-11-2009): * don't use statvfs() for process checking on FreeBSD * fix bug with parallel compilation of cutest in Makefile * sh_mem.c: fix deadlock in debug-only code * Evaluate glob patterns for each run of file check * Add compile option to disable compiling with SSP * Run SUID check in seperate thread * By default disable scanning ..namedfork/rsrc (deprecated by Apple) 2.5.10 (12-10-2009): * sh_suidchk.c: handle $HOME/.gvfs mount gracefully * slib.c: fix race condition caused by closing a stream and the fd 2.5.9c (01-10-2009): * move stale file record error message closer to problem zone * sh_port2proc.c: fix flawed logic for interpreting /proc/net/udp,tcp 2.5.9b (22-09-2009): * remove stale file record when creating handle, and raise diagnostic error to find origin of stale record * sh_port2proc.c: check /proc/net/upd6 for IPv6-only UDP sockets 2.5.9a (17-09-2009): * fixed a race condition in closing of file handles 2.5.9 (11-09-2009): * added code to generate directory for pid file, since it would get cleaned if /var/run is a tmpfs mount (problem reported by M. Athanasiou) * fixed a bug that prevented reporting of user/executable path for open UDP ports (issue reported by N. Rath) * added more debugging code 2.5.8a (18-08-2009): * fixed a bug in sh_files.c that would prevent samhain from running on MacOS X (reported by David) 2.5.8 (06-08-2009): * fixed a bug in the MX resolver routine which causes it to fail sometimes (issue reported by N. Rath). * fixed deadlock with mutex_listall in sh_nmail_test_recipients() if error occurs within sh_nmail_flush (problem reported by N. Rath) 2.5.7 (21-07-2009): * sh_userfiles.c: set userUids = NULL at reconfiguration (issue reported by U. Melzer) * if available, use %z to print timezone as hour offset from GMT in email date headers (problem reported by NP, solution suggested by TimB). * eliminate C99-style comments (problem reported by venkat) * fix bad variable name for AC_CACHE_CHECK * fix potential deadlock when external programm is called (problem reported by A. Dunkel) 2.5.6 (09-06-2009): * recognize fdesc filesystem on MacOS X for suid check (Problem reported by David) 2.5.5 (01-05-2009): * fix some warnings from gcc 4.4 (strict aliasing) * fix minor memory leak in process check * t-test1.c: change function names because of clashes with an AIX system header file * fix warnings with -fstack-check (too large stack frames) * fix for incorrect handling of hostnames in database insertion (reported by byron) 2.5.4 (04-03-2009): * fix for incorrect input check in SRP implementation (discovered by Thomas Ptacek) * option KernelCheckPCI to switch off check of PCI expansion ROMs 2.5.3 (25-02-2009): * disable dnmalloc on MacOS X, doesn't work properly * stat -> lstat in sh_unix_file_exists (OS X nameforks, report by David) * Fix problem in standalone trustfile, does not work correctly on group-writeable files (reported by David). * Option SetThrottle to throttle throughput for db download * Option SetConnectionTimeout to configure the client connection timeout configurable * Provide getrpcbynumber, getservbyname implementations to avoid dependencies with static linkage * Fix missing sh.host.(system|release|machine) on FreeBSD, reported by D.Lowry * New option SetMailPort to allow setting of SMTP port (patch by lucas sizzo org) * allow POSIX regexes for filters * consolidate filtering code from sh_extern.c, sh_(n)mail.c * rewrite mail subsystem to allow individual filtering for recipients * allow shell expansion for values of config file options * allow list as value for option PortCheckInterface * fix bug in trustfile.c (with slapping on "/../" for symlinks) * lock baseline database upon writing 2.5.2b (29-01-2009): * turn warnings into errors in the compile test suite * fix missing define in sh_portcheck.c to eliminate compiler warning (reported by joerg) 2.5.2a (26-01-2009): * fix problem building deb package (bit rot; reported by joerg) 2.5.2 (22-01-2009): * samhain.c: report module failure with positive offset * sh_database.c: parse numerical fields into ulong * fix regression test script for postgresql * fix regression test script for SELinux/ACL test * fix reporting of user for open ports to prelude * report process pid for open ports * replace _exit() by raise(SIGKILL) b/o pthread problem * new option LooseDirCheck ([false]/true), request by Alexander * improved help output of samhain_stealth (as suggested by Michael Athanasiou) * new option ProcessCheckIsOpenVZ ([false]/true) 2.5.1 (07-12-2008): * workaround for freebsd7 amd64 lossage (compiler toolchain, no mmap to 32bit address space) * samhain-install.sh: check for presence of stealth_template.ps before trying to create it * use -Wno-empty-body if supported to suppress warnings about glibc pthread_cleanup_pop implementation * fix text relocations for i386 in src/sh_tiger1.s * implement server->client SCAN command to initiate file check * implement @if / @else conditionals with more tests in config file * new option SetDropCache to drop checksummed files from cache * report process/user for open ports on FreeBSD (code lifted from FreeBSD sockstat.c) * fix for config reload issue with stealth mode (reported by siim) * add -fstack-protector flags to LDFLAGS * cygwin fix: don't use dnmalloc, doesn't work with pthreads * cygwin fix: make trust check in samhain-install.sh return zero * improved diagnostics for file read errors * fixed script permissions (754 -> 755), reported by Christoph * constness patch by Joe MacDonald * GnuPG key ID patch by Jim Dutton * sh_kern.c: more error checking for reads from kernel 2.5.0 (01-11-2008): * dnmalloc.c: fix inconsistent chunksize on 64bit systems * fix improved error reporting for failed fstat in checksumming * report process/user for open ports (Linux only currently) * fix deadlock on exit in sh_hash_init() * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore) * log monitoring support * fixed constness in trustfile interface * remove libprelude 0.8 support (obsolete) * sh_forward.c: increase TIME_OUT_DEF to 900 secs * dnmalloc.c: initialize rc in dnmalloc_fork_child(), reported by B. Podlipnik 2.4.6a (09-10-2008): * fix compile problem on Fedora 9 (reported by pierpaolo), 'struct ucred' in sh_socket.c requires _GNU_SOURCE 2.4.6 (27-08-2008): * fix compile failure on win2k/cygwin (sh_unix_mlock prototype), reported by jhamilton * fix potential deadlock with dnmalloc upon fork() * fix non-portable use of 'hostname -f' in regression test suite (reported by Borut Podlipnik) 2.4.5a (18-08-2008): * fix compile problem in dnmalloc.c (remove prototypes for memset/memcpy), problem reported by Juergen Daubert 2.4.5 (07-08-2008): * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10 bails out on a chmod on a dangling link * fix bug in check_samhain.pl nagios script (J.-S. Eon) * use the UNO static checker * compile as position independent executable (PIE) * handle EINPROGRESS error (Windows/cygwin issue) * make sure every function uses less than one page of stack (proactive security against gap jumping, Gael Delalleau) * use dnmalloc instead of system malloc (proactive security against heap buffer overflows) * fix dnmalloc bugs and portability problems * check for compressBound, since older zlibs don't have it 2.4.4 (30-04-2008): * sh_database.c: fix maximum size of sql query string, maximum size of strings in struct dbins_ * sh_hash.c: fix maximum size of message string * fix typo in the base64 decoder * fix 'make cutest' for parallel compiling * fix compile warnings with -Wstrict-prototypes * sh_static.c: override getgrgid, getpwuid for libacl * fix more warnings about variables clobbered by 'longjmp' or 'vfork' (due to library internal handling of mutexes) * fix configure warning about unused datarootdir * configure.ac: warn, but accept nonexistent tmp dir (Problem reported by Brian) * sh_unix.c: undef P_ALL, P_PID, P_PGID before including sys/wait.h (compile problem reported by Reputation) * syslog function tested ok with Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008 * slib.c: call fflush when writing trace to file * sh_readconf.c: don't set OnlyStderr to false if gpg (problem reported by Irene Reed) * fix unconditional removal of pid file in atexit handler (bug reported by Brian) * fix invalid free() in sh_unix_checksum_size() * sh_processcheck.c: workaround for stupid OpenBSD bug (returns ENODEV instead of EAGAIN, because fgetc does fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem reported by Roman R. * fix buf that cause incomplete reporting of modified symlink if symlink has changed and both old and new paths are >48 bytes * fix bug that prevented mount check from running in one-shot mode * enable mount check for openbsd * fix processcheck default options and test script for openbsd * option --list-file to list content of file (if saved) * sh_tools.c: use strcasecmp in reverse lookup since DNS is case insensitive (bug reported by Phil) * fill content if MODI_TXT, zlib compress, base64 encode and add as link_path in sh_unix.c; add to report in sh_hash.c * testsuite: add test for gpg fingerprint option * sh_extern.c: add 'CloseCommand' for syntactic sugar, add in testsuite 2.4.3a (12-02-2008): * fix compile error caused by open() with O_CREAT and no third argument (reported by J.-S. Eon) 2.4.3 (31-01-2008): * sh_kern.c: don't require asm/segment.h for kernel check module * use global var with pid of initial thread instead of getpid(), since LinuxThreads returns different value in each thread (problem reported by Steffen Mueller) * sh_kern.c: no inode check for pci rom (creates spurious messages) * slib.c: eliminate prototype for vsnprintf (compile problem reported by eddy_cs) * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS) (reported by Matthias Ehrmann) 2.4.2 (17-01-2008): * fix broken option --with-checksum (reported by halosfan), regression test added * change HP-UX default optimization to +O2 since +O3 breaks cutest unit testing framework * put result vector of rng in skey struct * fix more compiler warnings, and a potential (compiler-dependent) NULL dereference in the unix entropy collector * fix some compiler warnings * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead of -fstack-protector * always add PTHREAD_CFLAGS to LDFLAGS * sh_tiger0.c: checksum functions return length of file hashed, needed to fix GrowingLogfile bug (researched by siim at p6drad dash teel dot net) * sh_static.c: fix more 'label at end of compound statement' (SH_MUTEX_UNLOCK closing brace; reported anonymously) * make sh_hash.c thread-safe * remove plenty of tiny allocations * improve sh_mem_dump * modify port check to run as thread * new option PortCheckSkip to skip ports * fix unsetting of sh_thread_pause_flag (was too early) 2.4.1a (28-11-2007): * fix overwrite of ErrFlags (functionality bug) 2.4.1 (26-11-2007): * security fix: regression in the seeding routine for the PRNG (detected by C. Mueller) * regression test added for PRNG seeding routine * fix problem with PCI ROM check (spurious messages about modified timestamps, reported by S. Clormann) 2.4.0a (08-11-2007): * fix compile failure with --enable-static (reported by S. Clormann) * fix potential deadlock if SIGHUP is received while suspended 2.4.0 (01-11-2007): * eliminate alarm() for I/O timeout (replaced by select) * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, rand_r, strtok_r if available * protect readdir(), getpwent(), gethostname() with mutexes (readdir_r considered harmful) * make checksum/hash, entropy, rng functions reentrant * use thread-specific conversion buffer for globber() * fixed compile problems and problems with test suite * modify login watch to run as thread * modify process check to run as thread 2.3.8 (03-10-2007): * new option PortCheckIgnore = interface:portlist 2.3.7 (13-09-2007): * Makefile.in: fix 'make deb' target, wrong name of config file written to debian/conffiles (reported by marc) * configure.ac: fix incorrect order of with-prelude, enable-static (libprelude test was always without -static) 2.3.6 (06-09-2007): * added yuleadmin.pl script contributed by Riccardo Murri * fix compile error with -f-stack-protector on some systems (reported by marc); we now check for libssp * fix local DoS attack on BSD systems lacking getpeereid() (reported by Rob Holland). * fix yulectl password reading from $HOME/.yulectl_cred, erroneously rejected passwords with exactly 14 chars (reported by Jerry Brown) * introduce 'fflags' flag for suid files to detect new files already found in regular file check (problem reported by J. Crutchfield); also add regression test to ascertain that files in baseline database are not quarantined erroneously * sh_hash.c: replace check for prefix 'K' with check for not prefix'/' to allow for arbitrary module-specific store/lookup in db * replace 'visited', 'reported', 'allignore' with generic 'fflags' field * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if port checking is used on same host as server (reported by kadafax) * Install.sh: don't use --separate-output with non-checklist widgets (problem discovered by D. Denton) * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers 2.3.5 (20-06-2007): * sh_portcheck.c: try to tear down connections more gracefully (request by S. Petersen) * fix incorrect handling of files with zero size in GrowingLogFiles (problem reported by S. Petersen) * fix incorrect encoding of null checksums in stealth mode * sh_hash.c: fix repeated printing of acl/attributes in database dump * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and useselinuxcheck are supported 2.3.4 (01-05-2007): * sh_processcheck.c: fix missing init of sh_prochk_res array before check (leads to degrading functionality over time and 'fake pid' warnings; reported by D. Ossenbrueggen and soren dot petersen at musiker dot nu) * sh_processcheck.c: fix memory leak * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible anymore? proc_root_inode.lookup != proc_root_lookup) * sh_extern.c: flush streams before forking (problem if [Prelink] used together with prelude logging, reported by M. deJong) * fixed compilation of kern_head (regression cause by cross-compiling fix; problem reported by S. Clormann) * more typos fixed (reported by John Horne) 2.3.3 (27-03-2007): * fixed typos in configure.ac and manual (reported by John Horne) * don't use mysql_options on x86_64, since libmysql is broken * fixed cross-compiling (patch by Joe MacDonald) * refactor sh_kern.c, sh_suidchk.c * fix bug with leading slashes in linked path of symlinks within the root directory * sh_kern.c: check PCI ROM (Linux), refactor code * move file descriptor closing more towards program startup * kernel check: support OpenBSD 4.0 (wishlist) * fix samhain_hide module (in-)compatibility with recent kernels (reported by Jonny Halfmoon) 2.3.2 (29-01-2007): * fix regression in full stealth mode (incorrect comparison of bytes read vs. maximum capacity), reported by B. Fleming 2.3.1a (21-01-2007): * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used (reported by zeroXten) 2.3.1 (21-01-2007): * fix bug that may cause accidental closure of yule TCP socket (problem reported by B. Masuda) * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann) * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump (reported by B. Masuda) * rm report.pl from rules.deb.in (reported by B. Masuda) * samhainctl(): longer timeout (bad status reporting at startup, reported by Phil and by Dan Track) * sh_portcheck.c: make connect errors more descriptive * sh_portcheck.c: fix ignored setting of PortCheckActive * sh_processcheck.c: add statvfs, and wrap for EINTR * sh_portcheck.c: add wrappers for EINTR * report user and executable for hidden processes * fix update failure if reportonlyonce = false (reported by D. Strine) * fix compile error in sh_portcheck.c (problem on cygwin reported by J. D. Fiori) * check filenames ending in space (also for utf8 spaces) * check and escape csv formatted db listing * cache results of sl_trustfile_euid() * trustfile: use 4096 for MAXFILENAME, switch to strncpy * CL option -v|--version for info on version and compiled-in options 2.3.0a (01-11-2006): * fix compile failure with portcheck + stealth (reported by lucas) 2.3.0 (01-11-2006): * fix concurrency for inserts in oracle db * add acl_(new|old) to database schema * check for selix attributes and/or posix acl * new option UseSelinuxCheck (bool) * new option UseAclCheck (bool) * regression tests for above * add module to check for open ports * add module to check processes (hidden/fake/missing) * use const char* for argument of module configuration callbacks 2.2.6 (31-10-2006): * fix missing support for MacOX X init script (reported by Daniel Kowalewski) * fix error about non-readable file with no checksum required * fix server warning about 'no server name known' * fix 'make deb' makefile target * fix default export severity for server 2.2.5 (05-10-2006): * fix broken Install.sh, reported by Alexander Kraemer * workaround for glob(3) sillyness on MacOS X (reported by David) * fix for broken resorce fork check (reported by David) * fix for broken compilation on cygwin (reported by Elias) 2.2.4 (03-09-2006): * add regression test for the GrowingLogFiles issue to test suite * fixed sh_unix.c: bug in database init if GrowingLogFiles used with signed database (reported by Timothy Stotts) * bug in manual fixed (incorrect documentation of --enable-user, noticed by M. Brown) * rc.subr compatible init script for FreeBSD/NetBSD * improve routine to find rpm after build * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip) * fix error in manual (location of lock file) * fix bug with SuidExclude (files in directory were still checked) 2.2.3 (31-07-2006): * fix samhainadmin.pl: check for gpg-agent running if use-agent is set (ticket #28 by anonymous) * fix stealth mode (regression in parser), problem reported by Joschi Kuphal * fix minor typo in sh_database.c (compile problem reported by Joschi Kuphal) 2.2.2 (17-07-2006) * minor fixes for regression test scripts * minor updates to the manual (suggested by Brian A. Seklecki) * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+ (problem reported by Leonhard Maylein) * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM is not defined 2.2.1c (11-07-2006) * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early (Solaris 8 build failure reported by Jesse) * fix sh_unix.c: wrong prototype for sh_unix_mlock() if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by Jonathan Kaufman) 2.2.1b (20-06-2006): * fix compile error on SuSE 10.1 (reported by Leonhard Maylein) 2.2.1a (15-06-2006): * fix compile error on i686/MacOS X (reported by Andreas Neth) 2.2.1 (13-06-2006): * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808) * fix compiling with Oracle (noticed by Colapinto Giovanni) * fix configure.ac for most recent autoconf version (debian bug #369503) * fix a regression that would make impossible local updates w/clients * fix a few missing '\n' in sh_getopt.c * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem * fix Solaris package creation * recognize Solaris doors and event ports * fix the idmef_inode_t patch: provide required info to avoid stat() * fix bug on database update: fill in dev and rdev fields * fix get_file_infos() in sh_prelude.c: avoid premature return * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK * deploy.sh: allow to set a group for hosts upon installation * patch by Yoann: fix an issue when setting the idmef_inode_t object * fix memory leaks in error paths in sh_prelude.c * fix concurrent inserts with postgres in sh_database.c * code cleanup * fix manual version in spec file, first noticed by Imre Gergely 2.2.0 (01-05-2006): * patch by Jim Simmons for samhainadmin.pl.in * fix testsuite portability problems * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 * fix potential NULL dereference in sh_utmp_endutent() * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) * fix bug in sh_utils_obscurename (check isascii) * scan h_aliases for FQDN if h_name is not * add copyright/license info to test scripts * add copyright/license info to deployment system scripts * support server-to-server relay * new CL option --server-port * minor improvements in manual * patch by Yoann Vandoorselaere for sh_prelude.c * allow --longopt arg as well as --longopt=arg * verify checksum of growing log files (up to previous size) * rewrite of the test suite * added a bit of unit testing * minor optimizations in various places * optimized implementation of tiger checksum algorithm * read in 64k blocks (faster than 4k) * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux file attribute code * kern_head: fix compilation of kernel check module on OpenBSD * updated samhainrc.linux, samhainrc.freebsd * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..) * sh_files.c: fix missing use of flag_err_info * sh_tiger0.c: remove repetitive use of mlock * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), add function sl_read_timeout_prep 2.1.3 (13-03-2006): * fix compile problem in slib.c (reported by Lawrence Bowie) * fix bug with combination of one-shot update mode and file check schedule (reportedby Dan Track) * improved the windows howto according to suggestions by Jorge Morgado * fix samhain_hide kernel module for new linux kernel versions * fix minor problem with dead client detection (problem reported by Michal Kustosik) 2.1.2 (10-01-2006): * fix startup error with combination of gpg+prelude 2.1.1a (22-12-2005): * fixed a stupid bug in sh_files.c (break if file = dir) 2.1.1 (21-12-2005): * sh_calls.c: protect sh_calls_set_bind_addr against overriding * comINSTALL, updateDB: use locking * samhainadmin.pl: use locking * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) * improve zAVLSearch (remove redundant strcmp) * use AVL tree in sh_files.c instead of linked list (better scaling) * fix bug with suidcheck (no update/check in one-shot mode with schedule instead of check interval; noticed by R. Rati) * fix for problem with '-t update -i' if daemon mode (problem report by Peter van der Does) * fix for bug in sh_util_ask_update (two returns were required ...) 2.1.0 (31-10-2005): * minor fix for cross-compiling with --with-kcheck * sh_forward.c: handle bad fds in the select() fd sets (reported by hmy) * sh_extern.c: fix debugging code * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME (reported by Gabor Kiss) * makefile.in: fix for solaris package creation * sh_mail.c, sh_readconf.c: mail filtering options * sh_database.c: Oracle reconnect on connection failure (bug report by Alexander A. Sobyanin) * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable (problem reported by Peter) * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix * fixes for gcc 4.0.2 compiler warnings * ability to use daemon mode together with update (wishlist Yoan Vandoorselaere) * fixes for debugging 2.0.10a (22-08-2005): * fix for overlapping directory check specification (reported by Bub) 2.0.10 (21-08-2005): * fix for segfault (free() on a constant string) with libprelude (problem reported by Grae Noble) * upgrade FreeBSD kernel check to 5.4, minor fixes * useful script for users of Linux kernel check (contributed by marc heisterkamp) * documentation improvements (suggested by Brian Seklecki and Robby) 2.0.9 (25-08-2005): * samhain_erase.c: add #define for NULL * sh_suidchk.c: fix incorrect use of escaped filename * sh_prelude.[ch], sh_readconf.c: configurable mapping from samhain severity to prelude severity * sh_unix.h: second arg of gettimeofday should be NULL * sh_files.c: fix checking of directory special file (use specified policy, not that of parent dir, problem found by Brian A. Seklecki) * sh_entropy.c: longer timeout for entropy collector * sh_socket.c, sh_forward.c: allow probing of clients for necessity of configuration reload * yulectl: minor fixes, option -v (verbose), new command PROBE * fix 'File not found' messages for files flagged with IgnoreMissing * sh_database.c: strip newline from oracle error messages * sh_files.c: fix rsrc fork issue with MacOS X Tiger (reported by A. Koren) * never compute checksum if not checked (problem report by D.Hughes) * sh_prelude.c: cleanup and bugfix by Yoann * sh_hash.c: for prelude, make sure mode is supplied with user/group and vice versa * sh_prelude.c: provide proper FileAccess objects (bug report by Mihai Ilinca) 2.0.8 (03-07-2005): * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than $LIBPRELUDE_CFLAGS (bugfix by Yoann) * samhain.spec.in: remove support for chkconfig (it's too buggy). Strangely, if invoked as install_initd it behaves sanely ... * src/sh_err_log.c: fix key input (this time for real) * fix --with-altlogserver (bug from 2.0.7b) * remove server socket in start/stop script 2.0.7e (not released): * Makefile.in: introduce a total of 6 sec delay for 'make' utilities that use 1 sec resolution, and consider target out-of-date if timestamp(target) = timestamp(dependency) ... * src/sh_err_log.c: fix key input * another fix for yulectl (use pwent->pw_dir) * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH 2.0.7d (not released): * one more fix for the spec file (stupid rpm finds tags in comments!!!) 2.0.7c (not released): * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes * samhain-install.sh.in: fix test -z $verbose * sh_hash.c: speedup database reading * Makefile.in: fix the problem that BSD make would make too much * deploy: yulerc.clients -> yulerc.install.db, provide $defdatabase for backward compatibility * deploy: allow for comma in client_install_date 2.0.7b (not released): * hp_ux.psf.in: fix psf file * dsys/comINSTALL: fix $yule_date -> $yule_data * Makefile.in: fix 'make depot' * sh_tools.c, sh_unix.c: fix detection of open file limit * sh_readconf.c: reset read_mode after reading conf file * yulectl.c: better error messages, use homedir from getpwuid(geteuid) * init/samhain.startLSB.in: fix misleading message in lsb init script * sh_forward.c: better display for nonce u in debug mode * sh_tiger*.c: fix checksum for HP-UX 64bit * samhain.c: don't fetch database twice * configure.ac: accept nodename for --with-logserver=... * samhain_setpwd.c: return proper exit status for samhain_setpwd * respond to SIGTERM on initializing * fix problems with samhainadmin.pl * sh_utils.c: fix bug with AddOKChars (found by Karol) 2.0.7a (not released): * remove 'df' from entropy gatherer (NFS may hang) * modify va_copy check (doesn't work with HP-UX PA64 compiler) * fix compile warnings in sh_database.c * samhain-install.sh.in: check for /usr/bin/false in /etc/shells * fix install-boot on HP-UX * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE 2.0.7 (11-06-2005): * yet another fix for the spec file (use internal dependency generator) * sh_error.c, sh_prelude.c: init libprelude after open fds are closed * error message if queue is full * fix two compiler warnings on HP-UX * fix sh_mail.c for Interix (no resolver routines) * fix sh_unix_initgroups2() if no initgroups() function (bug reported by Geries Handal) * remove references to 'struct timezone' (Interix; problem reported by Geries Handal) * init/stop for prelude on SIGHUP * sh_cat.h: fix a stupid bug with messages classes * manual: new section on nagios (with help from kiarna), more on prelude * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere) * default prelude profile name now is 'samhain' (lowercase) * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere) * remove obsolete check for linux/module.h, linux/unistd.h * remove dependency on virtual/glibc in gentoo ebuild (problem reported by Willis Sarka) 2.0.6 (01-03-2005): * sh_prelude.c, configure.ac, aclocal.m4: support for libprelude 0.9 (Yoann Vandoorselaere) * sh_html.c: fix bug with entry.html template (reported by Stephane Sanchez) * Install.sh: fix mandir option (reported by Rodney Smith) * Fixed Linux/64bit bug in definition of EUIDSLOT * New targets 'make depot', 'make depot-light' (HP-UX, untested) * Use sstrip for RPMs and DEBs (automatic stripping disabled) * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al., problem noticed by Yoann Vandoorselaere) * Modify samhain.spec.in to disable automatic stripping upon install * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb' for '--with-khide' (problems reported by Mark) * Fix compile error in sh_tools.c on HP-UX 10.20 (problem reported by Dennis Boylan) * Runtime configuration of server listening port (wishlist) * Runtime configuration of server listening interface (wishlist) * Ignore SIGTTIN (consistency) * Use SIGTTOU to force file check (wishlist) 2.0.5b (01-04-2005): * Fix build problem b/o timestamp on stamp file 2.0.5a (16-03-2005): * Fix problem with 'make rpm' (reported by Dirk Brmmer) 2.0.5 (02-03-2005): * Fix bug with partial reads from clients in server (bug report by Brian) * Support gpg checksum bootstrap with yule * Support mount option check on HP-UX * For MAIL FROM, use 'example.com' as domain part if hostname is numeric (problem reported by Eric Raymond) * The HOWTO-write-modules has been updated. * Convenience functions to insert data in database have been added. * Use int0x03 only on i386 in sh_derr() (portability problem reported by John Mandeville) 2.0.4 (09-02-2005): * Fixed broken 'make deb' (problem report by olfi) * Fixed minor bug in test scripts (detection of gmake vs. make) * Fixed Tru64/OSF compile warnings (reported by B. Terp) * Normalize list parsing to allow comma, space, and tab as separators * Some more descriptive error messages in kern_head.c * Absolute path to utilities in init/samhain.startLinux.in * Fixed is_root variable in deploy.sh * Fixed 'deploy.sh info' * Fixed 'deploy.sh install' client startup * Fixed 'make tbz': don't remove ebuild scripts in 'make dist' (issue reported by W. Sarky) 2.0.3 (14-12-2004): * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith) * Fix missing sys/time.h include in slib.c (reported by Jonas) * Workaround for file closing problem with Prelude+GPG * Fixed memory leak with Prelude. * Fixed bug in samhain_stealth (PGP signature not correctly retrieved from hidden configuration; report and patch by V. Tuska) * Added Perl script to concatenate file signature database files * Fix compile error with combination of --enable-nocl and --enable-stealth (reported by Zdenek Polach) * Fix bug in dsys/initscript with --enable-nocl * Fix declaration of sh_kern_timer() * Fix missing Mounts+Userfiles options in appendix of manual * Updated the README (bug report by H. Franzke) * Fix some compiler warnings 2.0.2a (09-11-2004): * Fixed OoM condition when client rc file not found (reported by Eilko) 2.0.2 (08-11-2004): * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code) * Fixed uninitialized variable in sh_mail_msg() (problem reported by Michael Milvich) * Fixed potential NULL pointer dereference in sh_hash_compdata() 2.0.1 (01-11-2004): * Fixed compilation bug reported by jue (--with-kcheck broken). * Fixed start option (bug reported by sanek). Behaviour wrt. environment variables depended on the way the daemon was started. 2.0.0 (31-10-2004): * The deployment system has been rewritten from scratch in a cleaner and more modular and extensible way. Deployment of native packages is supported now. * The build system has been revised. Building outside the source directory is supported now. * Support for checksumming of prelinked executables / libraries has been added. * The configure script now checks for the SSP/ProPolice patch in GCC, and enables it if present. * The install-boot option in samhain-install.sh has been fixed (use absolute paths for sbin utilities). * A nagios plugin (scripts/check_samhain.pl) has been added. * The LSB (Linux Standard Base) init script has been fixed (the output was incorrect). * Fetching of built binary packages has been fixed ($(PACKAGE)->@install_name@). * For files in proc, the timeout has been reduced, and no error messages are issued upon timeout. * A function has been added to print out full details for missing files if encountered while in sh_files(). * The reporting for SuidCheck has been fixed (incorrect policy noticed by JiM). * On Linux, SuidCheck does not report on files marked as candidates for mandatory locking (group-id bit set, group-execute bit cleared). * Fix for oracle init script (by Matt Warner) 1.8.12b (11-10-2004): * fix bug in MSG_MSTAMP (%ld -> %lu) * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL, mkdir mode for quarantine directory * fix the fix for modlist_lock search in System.map 1.8.12a (01-10-2004): * fix bug in samhain-install.sh.in (only occurs on Solaris), reported by J. Roland 1.8.12 (27-09-2004): * fix compile bug with --enable-static + --with-database=postgresql * fix search for modlist_lock in System.map * password auth for yule command socket (request by D. Kocic) * more info about pending/sent commands to clients 1.8.11 (30-08-2004): * fix static linking on Linux by use of replacement routines from uClib - however, this means, there is no NIS support anymore * new option AddOKChars=... to modify the set of characters for filenames considered 'obscure' * new option HardlinkOffset=... to specify an offset from the canonical hardlink count for a directory * fix some warning with HP 11.23 native compiler * fix minor OpenBSD portability problems (EIDRM, compiler warning) * samhainrc.5, samhain.8: updated the man pages * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name' for AllIgnore * sh_kern.c: fix 'update' to display modifications * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized fields) * stealth kernel modules: fix for linux 2.6, fix redefine of KERNEL_VERSION * warn about stealth kernel module problem with 2.6 in manual * sh_unix.c: remove some cruft * fix a typo in the manual (noticed by J. Rubin) * configure.ac: re-order output from libprelude-config (required for static linking - problem reported by E. Neber) * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel 1.8.10b (13-07-2004): * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported by Pat Smith) 1.8.10a (13-07-2004): * depend-gen.c: fix for FreeBSD 'make' which does not understand the dependencies ... (problem reported by David Thiel) 1.8.10 (13-07-2004): * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy (bug report by VZoubkov) * fix some warnings (unreachable statement) with HP-UX native compiler * kern_check.c: silence warning about 'sendfile' for 4.10 (noticed by Ryan Beasley) * modify depend-gen.c to ignore sh_gpg_chksum.h * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h) * .. and for fingerprint * sh_suidchk.c: fix some compiler warnings on solaris * allow commas to separate multiple entries in a RedefXXX= directive * replace sleep/usleep with nanosleep wrapper function * replace alarm() for read timeout with select() in sl_read_timeout (should fix bug reported by Scott Kelley) * increase lstat/open timeout to 6 sec 1.8.9 (16-06-2004): * made 'no action specified' error message more informative (suggested by Stephen Gill) * fix memory leak in mysql sh_database_query() (bug report by Dejan) * remove some cruft from the code * sh_files.c: check MacOS X resource forks (idea from Osiris) * sh_files.c: no hardlink check for MacOS X * sh_util_ask_update: fix bug with no terminal in non-interactive mode (report and debug data by Kris Dom) * manual refactored * fix redundant messages when updating with suidcheck * allow interactive update for suid files * don't remove the TZ environment variable to guard against misconfigured hosts * also use gethostname if uname returns possibly truncated name * fix improper file descriptor handling in sh_mail.c (bug report by Alex Weiss) * cleanup MBLK cruft * use SH_ALLOC/SH_FREE in sh_prelude.c * update sstrip to Version 2.0 1.8.8 (25-05-2004): * fix compilation problem on AIX 5.2 (nameser_compat.h; report by Tim Evans and Ian McCulloch) * don't check for trusted paths on Cygwin * add Windows HOWTO written by Kris Dom * kern_check.h: extend FreeBSD syscall table for 5.x 1.8.7a (03-05-2004): * sh_mail.c: fix subject length * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom) * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug (compile problem reported by Kris Dom) 1.8.7 (01-05-2004): * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing empty mails (introduced with segfault fix in 1.8.6, report by Kris Dom) * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal, try to reopen on controlling terminal if not * sh_utmp.c: fix order of options (problem report by Uri) * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop (may cause segfault on null dereference for missing files) * sh_unix.c: patch by Marc Schtz (order of sh_unix_getinfo_type, sh_unix_getinfo_attr) * don't use dh_installmanpages in 'make deb' (samhain/yule conflict reported by xavier) * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c (suggested by Kris) * include nameser_compat.h in sh_mail.c (for MacOS X, suggestion by jna) * sh_utmp.c: fix time for logout events (reported by Erich van der Velde) 1.8.6 (15-04-2004): * add CL option to set threshold for prelude and RDBMS * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer dereference; reported by Micha Silver) * fix compiling with --disable-encrypt (reported by Pat Smith) * fix minor problem in scheduler (don't return before all schedules are tested, to set last_exec correctly) 1.8.5 (05-04-2004): * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD problem (endless loop; report and debugging aid by Joe MacDonald) * fix hardlink check (null dereference in error message, segfaults on solaris - noticed by Bob Bloom) * sh_suidcheck: don't truncate quarantined file if nlink > 1 * fix Install.sh (no --seperate-output with --radiolist); patch by Greg Kimberly 1.8.4 (17-03-2004): * add Prelude patch by Patrice Bourgin * add license statement to sh_mounts.c, sh_userfiles.c after receiving a clarifying e-mail from Cian Synnott * support UsePersistent = no for Oracle (problem spotted and fix tested by Michael Somers) * fix bug in samhainadmin.pl * sh_gpg.c: describe type of gpg error (if any) * fix persistent connections with postgresql (reported by Erwin Van de Velde) * prelude: local 'meaning' shadows global in sh_prelude_alert (spotted by David Maciejak) * uname: workaround for cases where nodename would be a possibly truncated FQDN (problem reported by Cian Synnott) * re-write parts of sh_kern.c, store kernel info in baseline database -> no need to recompile after kernel upgrade * modify timeouts in sh_unix_getinfo, add timeout warning * change handling of dangling symlinks (store in db) * fix typo with MSG_FI_OBSC2 (double slash) * remove redundant operation in sh_utils_safe_name * fix occasional random start bytes of long messages in sh_error_string (sl_strlcat -> sl_strlcpy) * provide details for missing files (as for added files) * remove duplicate message for no such group/user * add fixes for samhain.oracle.init (supplied by Michael Somers) * fix date insertion for Oracle (fix by Michael Somers) * manual: fix incorrect statement about RPM (noticed by Lars Kellogg-Stedman) 1.8.3 (02-02-2004): * add a HOWTO-client+server-troubleshooting document * fix another bug with SIGUSR2 (suspend mode) * new option SetBindAddress (--bind-address=...) to force interface for outgoing connections on multi-interface box * don't link against libgmp if not required (i.e. standalone) * test for ext2fs/ext2_fs.h or linux/ext2_fs.h * new make targets 'emerge' and 'tbz2' for gentoo * update rules.deb.in based on the Debian package by Javier Fernandez-Sanguino * updated config.guess, config.sub to version 2002-09-05 * external command: report failure only once * console: reset failure status after success * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility * use persistent connection to database by default * option UsePersistent=no to switch off persistent connection 1.8.2 (19-01-2004): * sh_userfiles.c: new option UserfilesCheckUids (requested) * sh_error.c: server: don't log to logfile before dropping root * new script scripts/samhainadmin.pl (administrative tasks for signed config/database files) * add changes code to log_msg for reports on modified files * change default log threshold to 'mark', as 'none' tends to confuse new users * faster response time for SIGUSR2 * revised (mostly backward-compatible) message classes * fix missing check of mailTime in server select loop * add support for libprelude (version 0.8.10) * fix format for MSG_E_GRNULL (reported by Stefan Hudson) * fix Bourne shell incompatibility (export) in samhain-install.sh (first reported by David Thiel) * fix typo in spec file (first reported by Christian Vanguers) * remove some cruft (signal handler, memory handling) * return from sigterm handler, rather than exit directly (re-entrancy problem causes more problems than it's worth) 1.8.1 (03-12-2003): * fix gmp detection (problem pointed out by Nix) * fix/improve the error message if test compiling with mysql fails * new CL option --interactive for interactive db update * fix some compiler warnings from IRIX MIPS compiler * kern_head.h, kern_head.c: option to disable IDT check * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6) * sh_utmp.c: count number of logins (request by Erwin Van De Velde) * change username -> userid, remove (long) userid (bug noticed by Erwin Van De Velde) * emit ADDED message for new SUID/SGID files * add trailing slash to excluded directory if there is none 1.8.0a (04-11-2003): * sh_error.c: remove two debug printf's 1.8.0 (31-10-2003): * manual: make ps file fit on both a4 and letter paper * sh_socket.c, sh_socket.h, sh_forward.c: socket interface to send (quit/reload) commands to clients * sh_forward.c, configure.ac: enable build with libwrap (Wietse Venema's TCP Wrappers library) * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c: new option to suppress messages for new and/or deleted files * samhainrc.aix5.2.0: contributed by Christoph Kiefer * samhain.c: fix compile warning on solaris (noticed by Ian Hunt) * sh_database.c: undef debug code for oracle * samhain.oracle.init: contributed by Joern Michael Krueger * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c, sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h: check-mounts and userfiles modules contributed by eircom.net * sh_utils.c: fix off-by-one bug in sh_util_compress() * sh_forward.c, sh_tools.c, configure.ac: version 2 client/server protocol * sh_mail.c: add %S to include severity in subject (user request) * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline for --enable-ptrace * samhain.c: lower priority for 'uninitialized module' message * sh_entropy.c: lower priority for message if /dev/random blocks and /dev/urandom is available * improved error messages in sh_readconf.c * print system error message for getpwuid, getgrgid * fix missing module init after SIGHUP (noticed by Cian Synnott) 1.7.12 (13-10-2003): * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10) thanks to bug reports by Jason Martin and Matthew P. Cox 1.7.11 (01-09-2003): * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h: - change SIG_USR1 to switch between dbg on/off - change SIG_USR2 to switch between suspend on/off - fix CLT_ILLEGAL to actually work - introduce new state CLT_SUSPEND - force reauthentication after suspend * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024 * sh_suidchk.c: better AIX fs detection (Christoph) * sh_entropy.c: increase buffer size for unix entropy gatherer (problem reported by D. Danielson) * default config files: add lots of comments, list more options * sh_error.c: set default severities to 'crit' * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config file syntax, issue warnings (triggered by C. Kiefer) * Makefile.in: handle depend-gen errors more gracefully * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens) * configure.ac: workaround for mysql_config weird output (reported by G. Faron) * sh_unix.c, sh_tiger0.c: check IO limit during read of large files * depend-gen.c: close streams before attempting to rename (Cygwin) * Makefile.in: fail gracefully if depend-gen fails * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER 1.7.10 (27-07-2003): * FreeBSD init script: define $pidfile (reported by D. Thiel) * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2 * sh_schedule.c: fix bad array size * samhain.c: fix pid_t <> int casts * sh_kern.c: fix repetitive messages * configure.ac: try to bootstrap if TIGER192 not supported by gpg, provide a detailed error message * configure.ac: try harder to locate mysql * docs/Changelog: retroactively add release dates, if known * sh_mail.c: fix potential message truncation in mailer * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable * sh_readconf.c: fix segfault (dereference of uninitialized pointer) if --with-gpg and --enable-stealth are used together (reported by Anthony Caetano) * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive error messages (larger GLOB_LEN, stat fills aud_err_message) 1.7.9 (30-06-2003): * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory), problems with SIGABRT noticed by Brian and Alf B Lervg * deploy.sh.in: fix some bugs (found by Alf B Lervg) * scripts/chroot.sh: fix typo (found by Alf B Lervg) * configure.ac (khide): search also for 'd sys_call_table' (noted by cuek_saja) * strip whitespace before checking gpg checksum (noted by D. Thiel) * manual (faq section): explain how to stop console output * Makefile.in: fix re-naming of yule with --enable-install-name * HOWTO-client+server.html: fix typo (noted by xavier renaut) * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1) 1.7.8 (28-05-2003): * sh_unix.c: new mlock implementation with reference count and page alignment (fix for solaris problem) * kern_head.c: search also for 'xxxxxxxx d sys_call_table' * sh_html.c: write status comment (for Beltane 2) * add CL option --delimited for comma-delimited signature database dump * sh_mail.c: check exit status of push_list to fix counting bug (bug reported by Alan Moore) * configure.ac: add error message to --with-libs * fix spelling of $DAEMON in init script (noted by C. Grigoriu) * fix missing initgroups() 1.7.7 (06-05-2003): * sh_forward.c: fix bug if compiled with --enable-udp, but disabled in config file (found by Andy OBrien) * sh_database.c: sh_database_entry(): size -> c_size (two places) to fix writing of '\0' to arbitrary places :( (problem pointed out by Stefan Giesen) * profiles/*/configopts: fix --with-base -> --enable-base 1.7.6 (24-04-2003): * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen * fix samhain_hide for the O(1) scheduler used by RedHat: configure.ac, acconfig.h: check for next_task in struct task_struct samhain_hide.c: use find_task_by_pid if no next_task in task_struct * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning 1.7.5 (15-04-2003): * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag * manual: point out the bmaxdata problem on AIX in faq section * trustfile.c: don't check symlinks (permissions of directory count) * sh_schedule.c: fix problem with daylight saving switchover * sh_samhain.c: close all open fd's >2 before reading the conf file * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing user * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error * sh_forward.c: place timestamp code before select() timeout handler * fix incorrect class of timestamp messages (conflict with manual) * sh_readconf.c, sh_forward.c: new config option SetStripDomain * configure.ac: add warning if /lib/modules/`uname -r`/build/include not found * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table address from System.map) * sh_err_syslog.c: fix for Solaris * samhain.spec.in: strip REQ_FROM_SERVER from config file install path 1.7.4 (21-03-2003): * configure.ac: fix bug in defargs (--with-base > --enable-base) * aclocal.ac: detect unsupported options * kern_check: add syscalls, skip unused syscalls * fix Manual (--enable.../--with... inconsistency) * add two HOWTOs (signed files, server/client) * moved manual into new subdirectory docs/ * add admin scripts by S.Bailey/M.Redinger * option to have a version string in db file 1.7.3 (23-02-2003): * samhain-install.sh: use yule user key for signing on install * fix a bug in sh_err_console.c (attempted write to const char) * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg * Makefile.in: make target 'trustfile' depend on config.h * configure.ac: don't use install_name before it is defined ... * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2 * samhain.c: make sure daemon cannot be forced into 'update' mode * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile) 1.7.2 (04-02-2003): * sh_kern.c: use sys_call_table address from System.map * fix for reserved SQL keyword 'group' * add AC_SYS_LARGEFILE to configure.ac * allow separate client-specific log files for server * sstrip.c: compile sstrip code only for i386 * sh_unix.c: closeall: don't close trace file * slib.c: don't trace sl_is_suid (leads to recursion in trace handler) * samhain-install.sh.in: fix detection of LSB compliant systems * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd (may block otherwise, for no good reason apparently ...) * samhain.spec.in: replace %configure with ./configure * sh_unix.c: re-write signal handling (use __malloc_hook et al. to check whether we are in the middle of a free/malloc/realloc/memalign) * sh_unix.c: use new safe_logger() function to log from signal handler * sh_err_log.c: fix xml * * fix Makefile.in to exit non-zero on compile failure * database init: create index on log_host, entry_status * sh_suidchk.c: fix path building * sh_tiger0.c: read larger blocks * sh_hash.c: cast inode to UINT32 * sh_tools.c: check that config/database files size fits in uint * sh_error.c: export flag_err_debug to avoid unnecessary calls * sh_unix.c: save the open() call in sh_unix_getinfo_attr() * profiles/redhat_i386/bootscript: add # description field * deploy.sh.in: set owner + permissions for files in yule_filedir * profiles/debianlinux_i386: fix bootscript * Makefile.in: fix deploy file lists and targets (include init+scripts) * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h) * sh_err_syslog.c: split long messages rather than truncating * sh_error.c: allocate msg to fix truncation limit * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited filedescriptors may exceed FOPEN_MAX, causing problems in sl_open_file) * sh_err_console.c: avoid stdio * trustfile: dirz: make swp[] static * slib.c: speed up sl_strlcat * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX) * remove some unused code * slib.c: support long long int in the snprintf replacement * configure.ac: new configure macro to check whether sa_sigaction works * Makefile.in: make sstrip, encode dependent on config.h 1.7.1a (08-01-2003): * fix a syntax error in samhain-install.sh.in 1.7.1 (07-01-2003): * search runlevel scripts in ./init or ./ * handle all distro-specific Linux runlevel script issues within a single script * support install-boot on Yellow Dog Linux and Slackware * samhain-install.sh: fix a bug for unknown Linux ('"' not closed, DVER not set) * samhain-install.sh: check for /etc/yellowdog-release * sh_database.c: fix missing entry for 'userid' in attr_tab[] * fix debian.rules.in (disable sstrip) * update make targets: 'srpm', 'srpm-dist', 'rpm' * check for zlib if mysql is used * workaround for NetBSD bug with libresolve * fixed problems with spec files 1.7.0 (22-12-2002): * improved spec files (Andre Oliveira da Costa ) * sh_unix.c: fix a dereferenced static pointer in tf_trust_check * runlevel scripts: remove pid file after stop * make the data directory read-only for the daemon * treat 'localhost' specially in MX resolver * sh_err_log.c: set sh.flag.log_start == TRUE after writing * deploy.sh.in: fix quoting (fix by Simon Bailey) * slib.c: make sl_get_euid et al. behave well if uids not stored * trustfile.c: use euid = uid(SH_IDENT) if server * sh_mail.c: include an MX resolver * Makefile.in: install-user routine for user installation * have yule drop root * sh_tools.c: open_temp use logdir if server * unified options for runlevel script * HP-UX, IRIX runlevel scripts * AIX inittab entry 1.6.6 (13-12-2002): * configure.ac: solaris cc -O2 -> -xO2 * sstrip.c: avoid alpha architecture * profiles/solaris/configopts: no --enable-static * sh_forward.c: sh_forward_req_file: copy argument to local array 1.6.5 (04-12-2002): * sh_utmp.c: set userlist = NULL in sh_utmp_end () * sh_unix.c: do not assume that environ is sane * exit handler: write * sh_log_file(NULL): test sh.flag.log_start != S_TRUE * FreeBSD rc script does not blindly accept content of pid file * configure.ac: allow 'localhost' for log server * sh_calls.c: retry_connect: ntohs (port) * testrun_2[abc].sh: --with-logserver=localhost for client 1.6.4 (12-11-2002): * sh_tools.c: fix error when escaping '=<' * fix the 'make srpm' target * deploy.sh.in: avoid that client is named 'yule' * define memset to sl_memset * fix type cast of uid_t, gid_t 1.6.3 (31-10-2002): * fix options for Sun/Solaris native compiler * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error * test sstrip on freebsd * default config file for freebsd * make target to build .deb packages * sh_readconf.c: fix bug in error message * samhain.c, sh_suidchk.c: fix initialization of suidchk * samhain-install.sh.in: don't remove config file by default * samhain-install.sh.in: support complete de-installation * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris * samhain-install.sh.in: check more paths * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue] * sh_calls.c: save error message in retry_lstat() 1.6.2 (04-10-2002): * make target to build rpms * update samhain.spec.in, samhain.startRedHat * support DESTDIR, as in 'make DESTDIR=/what/ever install' * explicitely set -fno-omit-frame-pointer b/o gcc bug * mv configure.in to configure.ac to benefit from autoconf wrapper * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP * slib.c: fix debug messages (no msgs for dlogActive <= 1) * sh_schedule.c, samhain.c, sh_suidchk.c: scheduler may accept multiple schedules 1.6.1 (04-09-2002): * sh_schedule.c: bugfix (executes only after first day) * rm obsolete WITH_TRACE stuff * new dlog() function for debug logging * some more descriptive error messages 1.6.0 (27-08-2002): * omit the -fomit-frame-pointer option (bugs in some gcc versions ?) * sh_error.c: fix escape mode when logging to database * sh_forward.c: fix error (twice escape) in recv_syslog_socket * sh_tools.c: change escape mode for server-received data * sh_mem.c: change ulong -> size_t in sh_mem_malloc() * configure.in: fix localstatedir if --prefix=USR * sh_hash.c: snprintf() -> sl_snprintf() 1.5.5 (07-08-2002): * sh_err_log.c: fix incorrect xml syntax for client messages logged by server * sh_err_log.c: fix incorrect '' entries on client EXIT * sh_files.c: introduce file_class_next this fixes the problem that a policy for the directory inode erroneously becomes a policy for the directory itself. 1.5.4 (17-07-2002): * sh_hash.c: fix buffer overflow with (micro-)stealth * sh_database.c: set path[] 1024 -> 12288 * sh_database.c: set query[] 2048 -> 16383 * sh_database.c: set values[] 1024 -> 16383 * sh_forward.c: larger limit for message size (16 kB) * trustfile.c: set MAXFILENAME 2048 -> 4096 * fixed a bug in the handling of filenames with embedded newlines * sh_files.c: fix missing sh_util_safe_name() in debug output * --with-sender can specify a full address * fix xml log in a backwards compatible way 1.5.3 (03-07-2002): * fix combination of stealth and sql logging * fix some more places where invalid UIDs/GIDs trigger errors 1.5.2 (01-07-2002): * include solaris config file from (sean [at] boran d.o.t com) * test for files/dirz defined twice in the configuration file * option to disable reverse lookup on outbound connections * option to use socket peer as client name (with name resolving) * sh_html.c: fix an HTML bug (twice ) * sh_suidchk.c: fix warning on AIX b/o dirname() * allow logging server -> syslog if yule is NOT configured to receive syslog messages * define PRIi64 to "lld" if undefined * invalid UIDs: use gid/uid as name, error level SeverityNames * minor fixes for connect_port * sh_hash.c: flush output of db listing before _exit() * configure.in: fix incorrect default ${install_name} for server * configure.in: try harder to find mysql.h / libpq-fe.h * sh_files.c: sh_files_checkdir: closedir() early to not exhaust OPEN_MAX 1.5.1a (30-05-2002): * fix missing LSB init script 1.5.1 (27-05-2002): * fix '-t update' option 1.5.0a (23-05-2002): * fix configure.in 1.5.0 (22-05-2002): * include solaris nosuid patch from (nathoo [at] co d.o.t ru) * similar fix for bsd nosuid * speed up -t update * convert manual to DocBook, distribute html and ps * fix some more problems with configure.in, Makefile.in * fix testsuite, add tests for udp, mysql * MSG_TCP_MSG: host -> remote_host * convert to autoconf 2.53 * make c_bits.sh exit with status 0 * sh_database.c #include "mysql.h" --> , ditto libpq-fe.h to avoid dependency tracking problems * samhain.c remove *YULE* #ifdefs * acconfig.h remove *YULE* #undefs * samhain.c: procdirSamhain: lstat --> stat (allow symlink) * configure.in: add checks for correct user input * Makefile.in: add automatic dependency tracking * depend-gen: tool to figure out dependencies * chkconfig comments in redhat start scripts 1.4.8: * sh_database.c: fix missing attr_old, attr_new, (from)host columns * configure.in, Makefile.in: fix an error in the configfile definition with REQ_FROM_SERVER * sh_err_console, sh_err_log: avoid recurrent failure messages * timeout on read from files (/proc) * fix errrors with setjmp/longjmp/alarm * fix memory leak in server (~20 byte/file download in sh_tools, 930) * check gpg signature for files downloaded from server, add a regression test * fix chown in solaris bootscript * provide second scheduler for file check * provide scheduler for file check * provide scheduler for SUID check 1.4.7 (08-04-2002): * make daemon control LSB-compliant (arguments, exit status) * set log_ref = 0 for server messages * boolean option SetDBServerTstamp to disable entering server timestamps for received client messages into database * sh_suidcheck: check for "nosuid" mount option if getmntent is used * fix logrotate script in manual (reported by Scott Worthington) * don't strip numerical IP addresses * check item->status_now != CLT_TOOLONG in client_time_check() * set log_host to client in db client message 1.4.6a (20-03-2002): * define prefix in deploy.sh 1.4.6 (19-03-2002): * modify samhain_hide.c to hide processes on new Linux kernels * better error diagnostics in kern_head.c * fix compile error in all_items () * check length of install-name in enable-khide (max is 15) * define exec_prefix in deploy.sh.in * make configure a bit more cross-compiler friendly 1.4.5 (07-03-2002): * Make sure missing file is reported even if ptr->reported == S_TRUE because the file has been added. * propagate 'reported' flag from sh_files_checkdir() into file list * close checkfd in sh_gpg_check_file_sign() * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...) * use sh.srvcons.name in dbg() to get debugging info from daemon * option to log file timestamps with localtime instead of GMT * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk() to make sure re-disappearing will get reported * new function sh_hash_set_missing() to remove file record without (duplicate) 'missing' message * make sure all items are reported for added files * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h) * clarify in the documentation which gpg options to use for signing 1.4.4 (11-02-2002): * check that parent process has exited before writing PID file * promote MGG_W_CHDIR to SH_ERR_ERR * add error message to sh_unix_testlock * fix missing _() macro in sh_aud_set_functions 1.4.3 (05-02-2002): * don't check attributes for symlinks (may cause device access) * add USE mysql; USE samhain; to samhain.mysql.init * point out the MessageHeader/mysql problem in manual * add -lz to LIBS for mysql * strip after install, avoid double strip 1.4.2 (27-01-2002): * support for EGD * fix some more problems with install-deploy / deploy.sh * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_) * fixed the 'external logging' test (init rather than none in rc file) 1.4.1: * SuSE: include run level 4+5 * install location of hiding kernel modules changed - some insmod variants do not test for /lib/modules/$(uname -r)/module_name.o * new make targets 'install-deploy', 'uninstall-deploy' * fixed make targets 'deploydir', 'deploydirfast' * bail on unsupported CL option in deploy.sh * fix various bugs in deploy.sh 1.4.0 (16-01-2002): * fixed missing 'dirname' on Mac OS X * fixed && tested for/with postgres * 'user=' -> 'userid=' (reserved word in sql) * fix the endianess + size of file database; this changes db format for any non-Linux OS * --enable-old-format for old (V1.3) database format * getopt, samhain.c, samhain.h: option -f to loop if not daemon * sh_hash: list numeric + char data to allow file db update on server side * sh_database: modify handling of integer (long) data * sh_database: datetime in database * sh_database: hash field in database * sh_database: rewrite database insert string construction [use INSERT INTO log (fields) VALUES (values);] * makefile suse 7.x runlevel entries 1.3.7 (06-01-2002): * fix incorrect escape in sh_tools_safe_name * fix sh_error_handle (4. argument) in sh_extern.c 1.3.6c: * fix segfault in sh_database (mysql logging) on solaris 1.3.6b (03-01-2002): * fix syntax error ('==') in Makefile.in * fix configure.in (path for /lib/modules/$(uname -r)/build/include) * fix sh_kern.c (redeclaration of 'j') 1.3.6 (03-01-2002): * sh_kern.c: check integrity of int 80h vector (SucKIT rootkit - Phrack 58) * make sure childs in sh_kern are wait()'ed for * provide start/stop/restart/reload/status interface * fix a potential segfault (dereferenced NULL pointer) in the server * use sh_util_flagval for sh_unix_setdaemon * documentation for logging to SQL database * configure.in: check for -I/lib/modules/$(uname -r)/build/include * fix trustfile.c to ignore invalid users * separate 'make install-samhain' and 'make install-yule' * separate default log/pid/config files for server/client - less problems running server and client on same host * rewrite deploy.sh(.in): - don't use (make|install) if deploying - use command line options - better integrate into server environment - write install db * always write a pidfile if daemon * don't use server's config file as fallback for downloading client * don't overwrite config file when doing 'make install' 1.3.5 (28-12-2001): * fix --enable-message-queue for newer glibc versions * log to SQL database: implemented, but undocumented yet, needs to be tested further * xml: escape received syslog messages * xml: rename 'time' to 'tstamp' * make targets: make [un]install-[boot-]yule (for server-only installation) * fix samhain_hide.c for 2.4 kernel * fix sh_kern for updated samhain_hide.c * new option -j to just list the logfile * sh_getopt.c: recognize -Dt check for -D -t check * sh_tiger0.c: fix compiler warning (memmove) on Solaris 1.3.4 (12-12-2001): * sh_suidchk.c: option to limit files per second * sh_unix.c: option to limit (kilo)bytes per second * sh_hash.c: fix potential problem with '\n' in filename (not backward compatible if there are filenames with '=') 1.3.3 (03-12-2001): * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c: option SetNiceLevel to set scheduling priority * sh_hash.c: bugfix for database listing on Solaris * taus_seed: bugfix for emergency backup rng seed * sh_util_safe_name: fix for XML * sh_utmp_set_login_activate: use sh_util_flagval * sh_utils.c: sh_util_obscurename: rm 'space' from list * more backtrace macros * sh_util_flagval: fix bug to recognize 1/0 * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5) * rm stray debug fprintf in sh_srp.c 1.3.2 (27-11-2001): * sh_hash.c: fix an error introduced in 1.3.1 * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug 1.3.1 (25-11-2001): * slib.c: get backtrace with --enable-debug * sh_unix.c: allow core dumps when --enable-debug * configure.in: fix default message queue permissions * sh_suidchk.c: automatically include suid/sgid files in database * sh_suidchk.c: check all suid/sgid files * sh_hash.c: don't insert duplicates when reading the database * sh_utmp, sh_kern, samhain: fix 1sec offset in timer * sh_unix.c: don't require /dev/random to be non-world-writeable * server: fix segfault in zAVLTree.c if avltree == NULL (no clients) * client: fix segfault on Solaris if path_conf == NULL * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed 1.3.0 (31-10-2001): * support compiling with GNU gmp library * set 3 sec timer on client_time_check to avoid excessive (and unnecessary) calls under heavy load * replace sl_strlen with a macro * store client_t structure in AVL tree * database format incompatible with previous format, up the magic# * sh_html.c: cache entry template for speedup * slib.c: reset islong(double) in sl_printf_count * sh_hash.c: report on rdev change * sh_hash.c: print size in 64 bit * sh_hash.c: save in absolute size types * sh_unix.c: get values as appropriate type (time_t, dev_t, ...) 1.2.10: * update MANUAL * sh_unix.c: tiger_hash -> tiger_generic_hash * sh_readcon.c: DigestAlgo option * sh_tiger0.c: add MD5 and SHA1 * sh_unix.c: fix minor problem with win2k/cygwin 1.2.9 (17-10-2001): * fix problem with entry template/empty hostname * fix MASK_USER_ (MTM -> ATM) * typo fixed in configure.in (${install_name} -> {install_name}) * bugfix group_old -> size_old in XML code * skip armor header in signed files 1.2.8 (29-09-2001): * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid obscure compiler warning * Mac OS X: fix test scripts * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org * implement deadtime in syslog recv code to protect against flooding * sh_err_log: sl_close(fd) if lock|forward fails * compliance with Filesystem Hierarchy Standard -- Version 2.2 final * add policies User0, User1 * fix compile problem (FreeBSD) in sh_suidchk.c * macro to check for debugger breakpoints (linux/i386) * check for solaris (does not work) in sh_derr (--enable-ptrace) * option to listen on 514/udp for syslog, drop root irrevocably if compiled thus * use (check_mask & MODI_ATM) to decide whether to reset utime * reset the policy masks on sighup * option to write XML log messages * cleanup of message catalog * modified error messages for BADCONN * error messages for Rijndael * block recursive error messages within sh_error_handler() - would hang the machine ... - 1.2.7: * sh_files, sh_utils: check top level directory * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess for reading from /dev/kmem * include /boot in default samhainrc * change source distribution signing/packaging system * Makefile, README, MANUAL: adhere to file system standard, document new locations * fix a bug in samhain_hide.c 1.2.6: * reset list of trusted users before config file re-read * TrustedUser=... can be a list * fix severity for files missing from IgnoreAll 1.2.5: * include example_pager.pl, example_sms.pl scripts * explain paging/sms setup in docs * allow manual exclusion of a directory in suidcheck * automatically track all file changes * remove missing files from in-memory database * add $(KERN) to DEPLOYFILES 1.2.4: * log IP address for login/logout events, if supported by the OS * release block in globerr (callback) ------------- 1.2.3: * fix problem with reading stealth configuration * fix a few formats in sh_cat.c * always use strncmp for file system type check in sh_suidchk.c (trailing 'fs' may be system specific for some types) * no bare LF in messages (RFC 2822) * no lines longer than 998 chars (RFC 2822) * fix error in testrc_1 1.2.2: * make tmp file directory a compile time option * fix minor bugs in tmp file allocator (potential memory leak, double slash if root directory) * obsolete testpipe script removed 1.2.1: * fix memory alignment in rijndael-api-fst.c: blockEncrypt() * fix byte order in HMAC code (compatibility fix for Linux/HP-UX) * removed a debug fprintf() 1.2.0: * fix a bug in the HMAC implementation (thanks to Cesar Tascon for help in tracking down this one) * module to check the file system for SUID/SGID files 1.1.16 (never released): * fix the recursion depth -1 option as described in the manual * optional database reload on SIGHUP * fix a race condition when checking that /dev/random is a charakter device * redirect stderr to /dev/null for c_random (AIX may segfault in netstat...) * check whether /dev/random is a charakter device in c_random.sh (we know at least one sysadmin who has set up a fake /dev/random ...) * don't give NULL as 2. and 3. arg to execve if not Linux - some Unices (notably Solaris) don't like it * init ptr = NULL in my_malloc (compiler warning) * make the bitmask for tests configureable (suggestion by A. Dunkel) * make the bitmask for tests a static variable * make (database/logfile/lockfile) path configurable (to run multiple instances of samhain from an NFS share - on the wishlist of J. Patton) 1.1.15 (never released): * fix minor error in testcompile.sh (rm test_log only at start) * return from subroutines on sig_terminate == 1 (faster exit on SIGTERM) * fix re-configuration of addresses * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate * SysV message queue as compile option * config file option to set console device * removed the pre 1.1.9 code bloat * don't print the LOGKEY to the console 1.1.14: * fix an error in the setup consistency check * make target to uninstall runtime files * trustfile.c: check return code of readlink(), fix off-by-one error * sh_files.c: fix placement of terminator after readlink() call * sh_files.c: fix a missing set_suid()/unset_suid() - suid should work, but is not recommended - * more debug statements in c/s code * avoid re-entry in sh_unix_sigexit * put a block around free() and malloc() in wrapper functions * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose() - i.e. avoid corrupting the heap from a signal handler - 1.1.13: * optimized the size of the configure script somewhat * modify the compile and hash test scripts * read '\0's in sh_unix_getline * exponential schedule for connection attempts * make stealth working properly with signed files - config file should be signed now before embedding in picture - * fix a race in using signed files * updated err messages for PWNULL, GRNULL * add missing shell script for test 11 * add mandatory source file/line info with -p debug * add mandatory source line info with BADCONN * fix a latex error in the manual 1.1.12: * debug output to console if compiled with --enable-debug and running as daemon * make reportonlyonce=true the default * make sure state changes of a file are always reported, even with reportonlyonce=true * Linux kernel modules (samhain_hide, samhain_erase) * fixed incorrect return value of sh_util_flagval * fixed an error in sh_files.c: happens with -t init and first file that is checked does not exist * revised install/uninstall targets in the Makefile * module to check for clobbered kernel syscalls (tested on Linux 2.2) * more diagnostic error messages in sh_gpg.c * more diagnostic error messages in sh_mail.c * error in mail.c fixed (address -> address_list[i] for multiple recipients) * docs updated, better(?) explanation of signed files * skip over path in gpg checksum output * check client name against IP address and FQDN * fix for --disable-* in config file * fixed a server crash (MSG_TCP_OKMSG without arg) if the server is run with debug level output threshold * catch EAGAIN in sh_gpg.c pipe reader * fix the 'external logging' test to make it work on BSD * error message if no local path to init DB * check for i86/Solaris in configure (vsnprintf prototype) * make SRP the default 1.1.11: * make log file verification more convenient * fix problem with message classes in stealth mode * linux: do not try to read file attributes for devices * handle the root directory correctly (avoid "//" in listing) * fix problems with blockin on FIFOs/char dev pointed out by I. Rogalsky (rog@iis.fhg.de) - open in nonblocking mode for read, then set to blocking - open file only if regular * fix alignment in memory profiler 1.1.10: * minor code cleanup * fix an error in trustfile.c (handling of empty/incomplete group entries in /etc/group, bug report by A. Capriotti ) 1.1.9: * compatibility option for old behaviour (plain hash instead of HMAC, ECB instead of CBC mode) * use CBC rather than ECB mode for encryption * use HMAC-TIGER for message authentication codes * handle NULL data in sh_tiger_hash * option to set syslog facility (default is LOG_AUTHPRIV) * longer timeout (300 sec) on /dev/random if no /dev/urandom * fix minor output error with stealth option * option not to log names of config/database files on startup 1.1.8: * fix error in syslog routine * fix missing 'test' in configure.in * fix error in replace_tab() in sh_html.c * fix minor memory leak in sh_util_regcmp() 1.1.7: * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom) * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in * fix for Alpha: format string in sh_tiger0.sh * on Linux, now compiles cleanly with -Wall -W -Wstrict-prototypes -Wcast-align * fix problem with recursion depth (pointed out by Vic ) * #include "sh_tools.h" in sh_unix.c and fix the --with-timeserver option (reported by Vic ) * place read_port(), MSG_TCP_NETRP outside ifdefs * close fd/zero skey before execve * verify client name against socket peer * ... with configureable error priority * use strcmp() rather than strncmp() in search_register() * fix race between lstat() and open() for checksum (reported by dynamo , JJohnson ) * enable globbing for filenames * fix Solaris problem: siginfo_t may be NULL * fix missing SL_EBADGID in tf_trust_check * test case for external scripts, fix flushing pipe * fix a typo in sh_ext_type * do an fdexec w/checksum on Linux if calling external program * even safer tmp file creation * allow db update * fix compile options for --enable-debug * fixed a spelling error in the output * test program for full CS support (config/database download) * tell which file is searched for cs download 1.1.6: * fix bug in sh_readconf_line (segfault on erroneous config lines) 1.1.5: * sh_unix.c: sh_unix_getinfo_attr: f -> flags * use gettimeofday as last resort 1.1.4: * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash to (char *) * configure: add static link flags for some more os (from tar) * don't strip twice (some stupid systems abort) * fix for reading from /dev/random on non-Linux systems (untested) * sh_mail.c: end all message lines with \r\n * stealth: ignore \r, \" * take out tracing from --enable-debug (presently useless anyway) * fix some remaining cleartext with debug && stealth combined * fixed a small memory leak in sh_err_log.c 1.1.3: * fixed circular logic in taus_seed() (fallback method only) * fix for missing _SC_OPEN_MAX (runaway close()) 1.1.2: * implement message classes * let server recognize client message severity and class * secondary log server * keep database in memory (allows to close file if retrieved from server) * encrypt client/server communication 1.1.1: * Compilation problems with native Solaris compiler fixed * fill in euid/ruid variable * manual.pdf --> MANUAL.pdf * debug sh_util_formatted() * http refresh 120sec for server stat page * trace/debug options * fixed problem with utmp.c options * fixed problem with sh_mail_setaddress * option for custom message header * fixed problem in compdata * fixed problem in mail verification * remove eventual trailing '/' in file names * fixed problem with report string for modified files * option to report in full detail 1.1.0: * Move error messages to catalog * Make error message format more uniform * Wrap sytem calls that could be interrupted by signals * Warn on append to database * Option for full details on mod. files * Option to report only once on mod. files * Generally speaking, major modifications with potential new bugs 0.9.5: * sh_hash.c: fixed erroneous checksum for config file * sh_html.c: fixed erroneous timestamp (last) * sh_tools.c: fixed connect_port (set port for cached address) * sh_srp.c: fix for '00' (='\0') in pw (last two fixes by Andreas Piesk) 0.9.4: * samhain.c: fcntl(1, ..) -> fcntl(2, ..) * sh_hash.c: copy 12 instead of 10 byte for c_attributes * 'empty directory' WARN -> INFO 0.9.3: * FreeBSD fixes: - c_random.sh: make sure /dev/random provides something rather than nothing - check for and include it - include early - sh_utmp.c: fixed an occurence of ut_user - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif - sh_forward.c: EBADMSG -> ENOMSG * sh_unix.c: check return value of gethostbyname * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for more than 30 sec * ... and fix the timestamp format ... 0.9.2: * ISO 8601 timestamps * Bugfix in sh_utmp (timestring overwrite) * don't use siginfo_t on Linux (garbage as of 2.2.14) * check for Linux capabilities bug when dropping root * include README for gcc compiler bug (pointed out by A. Piesk) * explicitely set -fno-strength-reduce with gcc * fixed ignoring missing files with the IgnoreAll policy 0.9.1: * more ext2flags (breaks backward database compatibility on Linux) * IgnoreAll policy modified - missing/added files reported with SeverityIgnoreAll (to handle files that may or may not be present) * Check all files, not only regular ones (bug in sh_files, originally introduced because checksum of regular files only is computed) 0.9: * use O_NOATIME if supported * --with-nocl takes argument (PW to re-enable CL parsing) * no daemon mode if initializing database * fixed segfault in yule with 'unknown file type' request * enlarged MAX_GLOBS 24 -> 32 and made the array linear * server uses last registry entry for any given client now * deploy.sh script to deploy clients to remote hosts * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP * allow y/Y/n/N for login monitoring (in addition to 0/1) * external logging scripts/programs * trustfile.c: define STICKY on Linux * reset signal mask when initializing * EINTR_RETRY wrapper * slib: sl_read, sl_write EINTR update * use sstrip when installing * more compact database format (breaks backward database compatibility) * larger download packets * TcpFlags unsigned char * cast to (char *) head in write_port * m(un)lock cast to (char *) * (1 << 31) --> (1UL << 31) * support e2fs attributes on Linux * fixes for AIX and Solaris native compilers * fixed Makefile for non-GNU make (pattern rule --> suffix rule) 0.8.1: * fixed 'is_numeric()' return value 0.8: * added option for static compilation * added option for stealth with non-hidden config file * added option for disabling command line parsing * all options can be set in the configuration file now * stealth: xor strings in database file * fixed bug in mailer code ([] in HELO) * print timestamp when asking for key * 'micro' stealth mode (no hidden configuration file) * simplified slib * int->long for uids/gids in trustfile * moved mailkey from data to code * shell script for entropy (stronger default key) * general code cleanup * better error checking in client/server code * detect out-of-sync messages * check state across protocol passes in server * make sure authentication is mutual * file download to client * reserve six file descriptors in server * mlock queue buffer if LOG_KEY * improved robustness in bignum (don't fail on free()) * per-directory recursion depths * RFC821 compliance: empty line at end of header, To field, Date field * RFC821 compliance: make e-mail transfer relieable * fix detection of hardlink changes * checksum verification for calling gpg/pgp * CL option '-S' not required for server-only binary * eliminate CL options that may leak privileged information if the program is SUID * skip leading white space in configuration file * allow nested conditionals in configuration file * allow whitespace before and after '=' in configuration file * don't leak file descriptors to child processes * make message transfer relieable * always report error on abnormal termination of connection 0.7: * support for alpha machines * stop TCP logging after exit message * limit connections in server (DoS attacks) * move string handling to slib * move file handling to slib * timestring without space * changed report format * SUID bugfix - use euid when checking logfile ownership * SUID bugfix - get root for lstat() * SUID bugfix - get root for opendir() * store number of hardlinks * send no message if polling empty queue * include tiger 64-bit implementation (portability) * codes for error conditions * mail check: handle multiple, overlapping audit trails * security fix: no append to database if SUID * fix sh_entropy.c (BUFSIZ -> BUF_ENT) * read command line before config file * PGP signing of config/database files * checksum of config file reported * checking for attributes only 0.6: * more syslogish priority specification * fixed segfault in sh_mem_check, apparently this was also the reason for the segfault in atexit() * allow for compilation with SRP authentication * fixed tiger checksum computation * fixed broken logfile verification for second and further audit trails * test program added * documentation improved * sh_forward_make_client: bug fixed in[8]->in[i] * sh_error.h: fixed missing #include * configure.in: fixed missing strerror() test * sh_utmp.c: check logins/logouts * check for missing files * only reset access time if necessary * O_EXCL in open() * limit environment to TZ in execve (sh_entropy.c, not used on Linux) * use trustfile() to determine whether logfile dir is trustworthy * strip head instead of tail for numerical address * store messages in fifo during log server outage * re-init session key after server outage 0.5 (21-12-1999): * added option for mail relay server * own popen() implementation in sh_entropy() (portability) * fixed error in sh_util_basename() (returned NULL for base == "/") * fixed segfault in strlcpy/strlcat (check for src == NULL) * FILENAME_MAX -> PATH_MAX (HP-UX 10.20) * use TIGER for 32-byte compilers (portability) * fixed hash function (do not include stdlib.h) * flush buffer before write in mailer code (IBM AIX 4.1) * make mailer code non-forking * cast argument of is...() to int (portability) * return() after _exit() for braindead compilers (portability) * optionally use inet_addr (portability) * check for broken mlock() (HP-UX 10.20) * minor code cleanups * fixed incorrect size of munlock()'ed memory in sh_error_string() * fixed a buffer overflow in the error printing routine * fixed a buffer overflow in sh_util_safe_name () * implement SRP session key exchange * implement client/server facility * implement @host/@end construct in configuration file * preferably use uname(), and do gethostbyname() for FQDN * make vernam cipher base numeric * make OnlyStderr private in sh_error * test -e "/dev/random" --> test -r "/dev/random" (portability) * check for libsocket (portability) * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability) * eliminate superfluous /proc test * some unreachable code removed * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash() * check for setresuid() if no seteuid() (HP-UX 10.20) 0.4 (09-11-1999): * make sure output from /dev/random has no NULL's * one-time pad encryption for emailed keys (better than nothing ...) 0.3 (04-11-1999): * logfile readable for group * verify signatures for any file * signature block in tarball * use select() in time server routine * better protection for session keys (mlock) 0.2: * fixed incorrect man page * fixed incorrect example rc file * recursive error logging should work now 0.1: * initial release -- on Samhain 1999, of course development start: * probably 29-06-1999 samhain-3.1.0/docs/sh_userfiles.txt0000644000175000017500000000156307742565573014271 00000000000000Checking sensitive files owned by users. ------------------------------------ samhain can be compiled to support checking of files that are specified as being relative to the a user's home directory. It is intended to detect interference with files that influence process behaviour such as .profile It simply adds the appropriate file entries to the main samhain list, at the specified alerting level. -------->8--------- [UserFiles] # # Activate (0 is off). # UserfilesActive=1 # # Files to check for under each $HOME # A specific level can be specified. # The allowed values are: # allignore # attributes # logfiles # loggrow # noignore # readonly # user0 # user1 # # The default is noignore UserfilesName=.login noignore UserfilesName=.profile readonly UserfilesName=.ssh/authorized_keys -------->8--------- This module by the eircom.net Computer Incident Response Team. samhain-3.1.0/docs/HOWTO-samhain+GnuPG.html0000644000175000017500000002757610131154323015176 00000000000000 HOWTO samhain+GnuPG

samhain file integrity scanner | online documentation


Using samhain with GnuPG


This document aims to explain how to use samhain with signed configuration and database files which are checked by invoking GnuPG.

Introduction

Samhain can be compiled to recognize PGP signatures on configuration and database files and to invoke GnuPG in order to check such signatures. (Note: while the application usually is referred to as GnuPG, the executable itself is called gpg).

If samhain is compiled with this option, then

  1. both the configuration file and the file signature database must be signed, and
  2. for both files the signatures must verify correctly,
  3. otherwise samhain will abort.

Prerequisites

  • Obviously you need gpg (GnuPG), and you must have created a key pair with:

       gpg --gen-key

    (it does not really matter which type of key, the defaults are ok).

    GnuPG uses a public-key algorithm: the key pair consists of

    • a secret key that is used for signing and stored in ~user/.gnupg/secring.gpg, and
    • a public key used for verifying the signature, and stored in ~user/.gnupg/pubring.gpg.

    The secret key obviously should be kept secret, while the public key can be published.

  • You need to compile samhain with support for GnuPG:

       ./configure --with-gpg=/path/to/gpg [more options]

Note 1: If compiled with support for GnuPG, the TIGER192 checksum of the gpg executable will be compiled into samhain, and the gpg executable will be checksummed (to verify its integrity) before invoking it. If you don't like this, you should add the configure option:

   --with-checksum=no

Compiling in the GnuPG checksum will tie the samhain executable to the gpg executable. If you upgrade GnuPG, you will need to re-compile samhain. If you don't like this, use '--with-checksum=no'.

Note 2: The mere fact that the signature is correct does not prove that it has been signed by you with your key - it just proves that it has been signed by somebody. Samhain can optionally check the fingerprint of the key that has been used to sign the files, to verify that your key has been used to sign the file(s). To enable this, use the configure option

   --with-fingerprint=FINGERPRINT

where FINGERPRINT is the hexadecimal fingerprint of the key as listed with

   gpg --fingerprint

Example


rainer$ gpg --fingerprint rainer
pub  1024D/0F571F6C 1999-10-31 Rainer Wichmann
     Key fingerprint = EF6C EF54 701A 0AFD B86A  F4C3 1AAD 26C8 0F57 1F6C
uid                            Rainer Wichmann
sub  1024g/9DACAC30 1999-10-31

rainer$ which gpg
/usr/bin/gpg

rainer$ ./configure --with-gpg=/usr/bin/gpg --with-fingerprint=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C

Signing the files

The configuration file and the file signature database (created by running samhain -t init) must be signed manually using the command:

   gpg -a --clearsign --not-dash-escaped /etc/samhainrc
   mv /etc/samhainrc.asc /etc/samhainrc

Gpg will create a signed copy of the file, named file.asc. You need to rename (cp/mv) this signed copy to the original filename. After signing the configuration file, you can initialize the database and sign it likewise.

Note 1: The installation script will ask you to sign the configuration file upon installation.

Note 2: The gpg option --not-dash-escaped does not harm if used with the configuration file, but is only required for the file signature database.

TIP

In the subdirectory scripts/ of the source directory you will find a Perl script samhainadmin.pl to facilitate some tasks related to the administration of signed configuration and database files (e.g. examine/create/remove signatures). Use with --help to get usage information.

CAVEAT

When signing, the option --not-dash-escaped is recommended, because otherwise the database might get corrupted. However, this implies that after a database update, you must remove the old signature first, before re-signing the database. Without 'dash escaping', gpg will not properly handle the old signature. See the tip just above.

Example


root# gpg -a --clearsign --not-dash-escaped /etc/samhainrc

You need a passphrase to unlock the secret key for
user: "Rainer Wichmann"
1024-bit DSA key, ID 0F571F6C, created 1999-10-31

root# mv  /etc/samhainrc.asc /etc/samhainrc
root# samhain -t init
root# gpg -a --clearsign --not-dash-escaped /var/lib/samhain/samhain_file

You need a passphrase to unlock the secret key for
user: "Rainer Wichmann"
1024-bit DSA key, ID 0F571F6C, created 1999-10-31

root# mv /var/lib/samhain/samhain_file.asc /var/lib/samhain/samhain_file
root# samhain -D -t check

Make samhain verify the signature

This is the part where some people run into problems. The point is, when gpg is invoked by samhain, it must find the public key needed for verification. Gpg expects public keys in a file located at ~user/.gnupg/pubring.gpg where ~user is the home directory of the user as that gpg is running.

It is therefore crucial to include the public key corresponding to te secret key used for signing into the correct pubring.gpg file (this file can hold many public keys, e.g. of people sending you emails signed by them).

So which is the correct file? Here we have to consider two seperate cases:

  1. The client (or standalone) samhain daemon runs with UID 0 (i.e. root), thus the public key must be in ~root/.gnupg/pubring.gpg
  2. The server (yule) always drops root privileges (if started with), and runs as a non-root user. The username to use is compiled in, either with the configure option --enable-identity=USER, or by default as determined by configure (the first existing user out of the list yule, daemon, nobody). Thus, the public key must be in ~root/.gnupg/pubring.gpg (for startup) and in ~non_root_user/.gnupg/pubring.gpg (for reload with SIGHUP).

To import a public key into the public keyring (pubring.gpg) of another user, you can do:

   gpg --export KEY-ID > filename
   su another_user
   gpg --import filename

Note: samhain will invoke gpg with the options:

   --status-fd 1 --verify --homedir /homedir/.gnupg --no-tty -

and pipe the configuration/database file into gpg, similar to:

cat filename | /usr/bin/gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty -

(of course samhain does not invoke cat, or the shell; the example above just shows how to do the same from the shell command prompt).

Example for signature check

If you want to check the signature the same way samhain does, it should look like (note the GOODSIG and VALIDSIG keywords in the output): 


root# cat /etc/samhainrc | gpg --status-fd 1 --verify --homedir /root/.gnupg --no-tty -
gpg: Signature made Sat Mar 15 16:08:21 2003 CET using DSA key ID 0F571F6C
[GNUPG:] SIG_ID 9hQvRhgjWLqyFzVOHi2b0uDmBFo 2003-03-15 1047740901
[GNUPG:] GOODSIG 1AAD26C80F571F6C Rainer Wichmann
gpg: Good signature from "Rainer Wichmann"
gpg:                 aka "Rainer Wichmann"
[GNUPG:] VALIDSIG EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C 2003-03-15 1047740901
[GNUPG:] TRUST_ULTIMATE

Troubleshooting

First and foremost, run samhain (or yule) from the command line, in non-daemon mode, and with the command-line option -p debug for debug-level output. This will print descriptive information on setup errors and/or relevant output from the GnuPG subprocess.

Output from the GnuPG subprocess is marked by [GNUPG:], and may show the following errors:

  • ERRSIG and/or NO_PUBKEY indicates that gpg did not find the public key to verify the signature. You should import that key into the keyrings of root and (for yule additionaly) the yule user.
  • BADSIG indicates that the public key was found by gpg, but the signature is invalid. Either the file has been modified after signing, or a previous signature has not been removed.
  • NODATA indicates that there is no signed data, i.e. the configuration or database file is not signed at all.
samhain-3.1.0/docs/sh_mounts.txt0000644000175000017500000000326307742565573013614 00000000000000Documentation for sh_mounts, the samhain "Mounts" module. --------------------------------------------------------- sh_mounts implements functionality we had in a policy-checking Perl script we have here at eircom; basically, all it does is ensure that certain mounts are there (for example, /, /tmp, /var, /usr, /home) and that certain options are specified on those mounts (for example noexec,nosuid on /tmp). All quite simple. It wouldn't be too hard to extend this module somewhat, to report any NFS mounts found, for example, or to test that _only_ the mounts specified are mounted on the machine. Here's a bit for the manual: Checking mounted filesystem policies ------------------------------------ samhain can be compiled to check if certain filesystems are mounted, and if they are mounted with the appropriate options. This module currently supports Linux, Solaris and FreeBSD. The configuration of the module is done in the Mounts section of the configuration file: -------->8--------- [Mounts] # # Activate (0 is off). # MountCheckActive=1 # # Interval between checks. # MountCheckInterval=7200 # # Logging severities. We have two checks: to see if a mount is there, and to # see if it is mounted with the correct options. # SeverityMountMissing=warn SeverityOptionMissing=warn # # Mounts to check for, followed by lists of options to check on them. # checkmount=/ checkmount=/var checkmount=/usr checkmount=/tmp noexec,nosuid,nodev checkmount=/home noexec,nosuid,nodev -------->8--------- The module is enabled as part of the compilation of samhain by specifying --enable-mounts-check This module by the eircom.net Computer Incident Response Team samhain-3.1.0/docs/TODO0000644000175000017500000000003211105126235011463 00000000000000 Patch for 'setmailport' samhain-3.1.0/docs/FAQ.html0000644000175000017500000011544710610166752012321 00000000000000 Frequently Asked Questions for Samhain

samhain file integrity scanner | online documentation


Frequently Asked Questions for Samhain


Rainer Wichmann

  • If you encounter problems after installing samhain, disable daemon mode and run it in the foreground with samhain --foreground [more options] for debugging.
  • If you have problems getting client/server mode to work, please check the HOWTO client+server troubleshooting document.

FAQ Revised: Saturday 14 April 2007 17:05:58

Table of Contents

1. Most frequently
2. Build and install
3. File checking
4. Client/Server
5. Email
6. Misc
7. Database

1. Most frequently

1.1. Owner not trustworthy / Group writeable and member not trustworthy
An untrusted user (might be an untrusted group member for group writeable files/directories) owns or can write to an element in the path listed in the error message. This concerns the configuration file, the log file, and the database file. The offending element in the path is identified as obj=/xxx in the error message. To fix the problem, see next entry.

1.2. samhain exits with the message "Untrusted path" for config/log/pid/database files
Paths to critical files (e.g. the configuration file) must be writeable by trusted users only. If a path element is group writeable, all group members must be trusted. By default, only root and the (effective) user of the program are trusted. To add trusted users, use the compile time option 
$ ./configure --with-trusted=0,...
or the configure file option: 
[Misc]
TrustedUser=username
If the path to the configuration file itself is writeable by other users than root and the effective user these must be defined as trusted already at compile time.

1.3. It does not log anything / Can't stop logging to console
(1) There is a section in the manual dealing with logging and filtering.
(2) To log to the console: 
$ samhain -p info ...
or in the configuration file: 
[Log]
PrintSeverity=info
To stop logging to the console: 
$ samhain -p none ...
or in the configuration file: 
[Log]
PrintSeverity=none
Defining /dev/null as console device works as well, but is a bad idea, because samhain will open the device and write (i.e. it is a very inefficient method).

1.4. Client cannot self-resolve, but nslookup works fine
  • Nslookup is a program to query Internet domain name servers.
  • Applications (like samhain) are not supposed to query DNS servers directly. Rather, they are supposed to query the resolver library that:
    • is provided by the operating system,
    • configured by the system administrator,
    • may use several different method to determine host names, as configured in /etc/nsswitch.conf, and
    • usually is configured to give precedence to the /etc/hosts file.
  • Therefore, whether nslookup gives correct answers may be completely irrelevant. For self-resolving the own hostname, the resolver library probably will use /etc/hosts, rather than querying a DNS server.

Below you can find some examples of good and bad /etc/hosts files: 

        # CORRECT
	#
        127.0.0.1  localhost
        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost

        # CORRECT
	#
        127.0.0.1  localhost.localdomain localhost
        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost

        # BAD
	#
        127.0.0.1  myhost.mydomain.tld  localhost
        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost

        # BAD
	#
        127.0.0.1  localhost myhost
        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost


2. Build and install

2.1. [Fedora Core] Cannot compile with --enable-khide
The Fedora Core kernel is patched to unconditionally deny reading from /dev/kmem. Compiling the stealth kernel modules is not possible under these circumstances.

2.2. [Fedora Core] Cannot compile with --with-kcheck
The Fedora Core kernel is patched to unconditionally deny reading from /dev/kmem. Checking the kernel for the presence of rootkits is not possible under these circumstances.

2.3. "make" loops infinitely !
This may happen (e.g. when building via NFS for multiple architectures) if the relative timestamps in the source directory are wrong (time not in sync on different machines) or some intermediate target is unusable (up-to-date, but built for a different OS). Use "touch * && make distclean" in the source directory to recover.

2.4. Why does static compiling (--enable-static) on Solaris fail ?
Ingo Rogalsky has provided the following information: It isn't possible to link Samhain statically with Solaris. This is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.

2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'
For Linux, this is a known problem with --enable-static if you compile in MySQL support. The problem is that the mysql_config that comes as part of the MySQL distribution script incorrectly lists dependencies on the libnss_files and libnss_dns libraries which are only available as shared libraries, so the linker cannot find the static libraries. You can check this by inspecting the output of mysql_config --libs. The version of mysql_config that comes with the RedHat mysql RPM (RedHat 9) does not have this bug; the one distributed by the MySQL people has. You can fix the problem by editing mysql_config: search for the client_libs variable, and remove all instances of -lnss_files and -lnss_dns.

2.6. The executable is corrupted after installation
The executable will get stripped during the installation. On suitable systems (i386 Linux/FreeBSD currently), additionally the "sstrip" utility (copyright 1999 by Brian Raiter, under the GNU GPL) will be used to strip the executable even more, to prevent debugging with the GNU "gdb" debugger. The "strip" utility cannot handle the resulting executable, therefore trying to strip manually after installation will corrupt the executable.

2.7. --enable-xml-log has no effect
If you have compiled for stealth, you won't see much, because if obfuscated, then both a 'normal' and an XML logfile look, well ... obfuscated. Use samhain -jL /path/to/logfile to view the logfile.

2.8. ./install-sh: strip: not found (Solaris)
Install the SUNWbtool package.

2.9. What is sh_tiger1.s?
This is a precompiled assembly file for the i386 architecture generated from sh_tiger1.c using gcc 3.4.0 with the following options, that were found to generate the fastest code: 
 -O1 -fno-delayed-branch -fexpensive-optimizations -fstrength-reduce 
     -fpeephole2 -fschedule-insns2 -fregmove -frename-registers -fweb 
     -momit-leaf-frame-pointer -funroll-loops
These options were determined using acovea 5.1.1 by Scott Robert Ladd. The file is provided as precompiled assembly because different versions of gcc can have very different performance, require different options to compile optimal code, and it would be impossible to maintain a library of optimal compile options for every version of gcc.

2.10. Why does static compiling (--enable-static) on MaxOS X fail ?
Static linking is not supported on MacOS X, see Technical Q&A QA1118. This is a MacOS X issue and not a bug in samhain.

2.11. Why does compiling with MySQL fail on Solaris ?
The reason is often the shell script 'mysql_config' that comes as part of MySQL. This script is intended to print appropriate compiler flags for compiling applications that use MySQL. Unfortunately, since Sun compiles MySQL with the Solaris compiler, this script outputs options for the Solaris compiler (i.e. unsuitable for gcc). To solve this problem, you need to move this script (i.e. 'mysql_config') out of your PATH before running ./configure (unless of course you are using the Solaris compiler rather than gcc).

3. File checking

3.1. How can I exclude a (sub-)directory ?
[IgnoreAll]
dir=-1/ignore/this/subdirectory


3.2. In messages about policy violations, what does the code after POLICY [XYZ] mean ?
This code indicates which items are modified (e.g. C = checksum). You can find a description in section 5.4.9 in the user manual. It is there because then you can see in the message list of the Beltane web console what has been modified, without the need to look at the message in detail.

3.3. Does samhain support prelink ?
Yes. There is a special checking policy [Prelink]. Directories with prelinked executables / shared libraries (see /etc/prelink.conf) should be placed under this policy, rather than under the [ReadOnly] policy.

3.4. I get error messages about 'subdirectory count != hardlinks'
Some filesystems do not always follow the rule that the number of directory hardlinks equals the number of subdirectories. E.g. the root directory of reiserfs partitions generally seems to have two additional hardlinks. To account for such exceptions, you can either switch off the hardlink check globally, or specify exceptions: 
[Misc]
# Switch off hardlink check
#
UseHardlinkCheck=no

[Misc]
# Specify exceptions for the hardlink check
#
HardlinkOffset=N:/path
Here, N is the numerical offset (actual - expected hardlinks) for '/path'. For multiple exceptions, use this options multiple times (note that '/path N:/path2' would itself be a valid path, so using the option only once with multiple exceptions on the same line would be ambiguous).

4. Client/Server

4.1. I don't want to poke a hole into my firewall to let the client connect to the server !
Pat Smith has posted the following solution. On the client, create an iptable rule as follows (note: you probably don't need this if you configure / compile in 127.0.0.1 as the server address): 
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 49777 -d server-ip -j REDIRECT
On the server, create an ssh tunnel for each client outside the firewall: 
ssh -f -C -R 49777:localhost:49777 -N client-ip
It is necessary that each client has a distinct name, and that the server knows the name of the client. With the setup above, each client will appear as "localhost" to the server, thus the server needs to trust the client name as reported by the client itself, and suppress all errors on resolving this name to the apparent address. In the server configuration: 
[Misc]
SetClientFromAccept = false
SeverityLookup = debug
Obviously, self-resolving must work on the client machine, otherwise you are in trouble (see next issue).

4.2. The client sends 127.0.0.1 (or some other numerical address) as its name to the log server
See 'Client cannot self-resolve' in the 'Most frequently' section

4.3. The server wants to send rc.ip-adress rather than rc.fqdn to the client
The client self-resolves to its ip address. See 'Client cannot self-resolve' in the 'Most frequently' section

4.4. Cannot resolve client name host=XXX
The server must be able to determine the client name.
This is because only authenticated connections from registered 
clients are allowed, and
the server must be able to check the client hostname against the list of
allowed hosts, and look up the password verifier for that
host.
There are two different ways to accomplish this. Unfortunately, judging from customer feedback as well from common sense, both do not work very well with a messed up local DNS (including /etc/hosts files) and/or überparanoid or misconfigured firewalls (in case of connections across one).

  • First method: Determine client name on client, and try to cross-check on server

    This does not work for a number of people because (1) the /etc/hosts file on the client machine has errors (yes, there are plenty machines with a completely messed up /etc/hosts file), (2) the server cannot resolve the client address because the local DNS is f***ed up, or (3) the client machine has multiple network interfaces, and the interface used is not the one the client name resolves to.

    If the client uses the wrong interface on a multi-interface machine, there is a config file option SetBindAddress=IP address that allows to choose the interface the client will use for outgoing connections.

    If you want to download the config file from the server, you should instead use the corresponding command line --bind-address=IP address to select the interface.

    If you encounter problems, you may (1) fix your /etc/hosts file(s), (2) fix your local DNS, or (3) switch to the second method.

    Errors in name resolving/cross-checking can be avoided by setting a very low severity (lower than the logging threshold), e.g.

    SeverityLookup=debug

    in the Misc section of the server configuration, if you prefer running unsafe at any speed instead of fixing the problem (you have been warned). Doing so will allow an attacker to pose as the client.

  • Second method: Use address of connecting entity as known to the communication layer

    This has been dropped as default long ago because it may not always be the address of the client machine. To enable this method, use

    SetClientFromAccept=true

    in the Misc section of the server configuration file. If the address cannot be resolved, or reverse lookup of the resolved name fails, no error message will be issued, but the numerical address will be used.



4.5. Cannot resolve socket peer IP for client host=XXX peer=YYY
See above

4.6. Reverse lookup of socket peer failed host=XXX peer=YYY obj=ZZZ
See above

4.7. No socket peer alias matches client name host=XXX peer=YYY
See above

4.8. Session key negotiation failed
See the document HOWTO client+server troubleshooting

4.9. Invalid connection attempt: Not in client list
See the document HOWTO client+server troubleshooting

4.10. Invalid connection attempt: Session key mismatch
See the document HOWTO client+server troubleshooting

4.11. How do I update the file signature database ?
If you keep the file signature database on the server, the database is supposed to be updated on the server, using the beltane web-based console (currently in beta) and the log messages from the client.

Alternatively, you can scp the database to the client, run samhain -t update -l none --foreground (you need to avoid logging because otherwise you will get in conflict with the running samhain daemon), and then scp the database back to the server. Actually, with a properly set up "ssh", using RSA/DSA authentication and ssh-agent you could write a script to automate this.

4.12. Time limit exceeded
The respective client for that this message is generated has not sent anything for some interval of time (default 84600 sec = 1 day). The interval can be set as follows: 
        [Misc]
	# unit is seconds
        SetClientTimeLimit=NNN
This feature has the purpose to detect if a client is dead. You might want to ensure that timestamps are sent to the server: 
        [Log]
	ExportSeverity=mark
If you don't want to use this feature, set the time limit to some very large value.

4.13. Invalid connection attempt: Signature mismatch
Clients sign their messages using a session key negotiated with the server. The message indicates that the server could not verify the signature. This may be caused by a running two instances of samhain on the same client machine, both of them accessing the server (and negotiating different session keys ...). The system will recover automatically from the problem by forcing the failed client to negotiate a fresh session key.

4.14. [Server] PANIC .. Address already in use   subroutine=bind
The server cannot bind to its port because the port is already used. Maybe you have accidentially already an instance of the server running.

5. Email

5.1. Reverse lookup failed
Fix your DNS (reverse lookup: numerical IP address to FQDN, to verify FQDN to numerical IP address). 
Whether "nslookup" works is not very informative, because 
"nslookup" does not use the resolver library of the operating
system. Therefore,
it is not exactly the
best tool for debugging name resolving problems (see the book
"DNS and bind").


5.2. From daemon@example.com
samhain fails to resolve the self-address of the host. See 'Client cannot self-resolve' in the 'Most frequently' section.

5.3. How do I define more than one email addresses ?
Use SetMailAddress=... multiple times (upt to eight addresses are possible, with at most 63 characters per address): 
[Misc]
SetMailAddress=aaa@foo.com
SetMailAddress=bbb@foo.com


6. Misc

6.1. Error message: "Invalid line XYZ in configuration file"
This message indicates that line XYZ in the configuration file contains an unrecognized directive. The primary reasons are:
(a) The directive should be placed into a particular section of the configuration file, but the section header is not present (or you forgot to uncomment it).
(b) Samhain is compiled without support for this directive.
(c) You have a typo in the directive.


6.2. Why do I get a local logfile if I log to the server ?
Because you can use all log facilities in parallel. You should switch off in the config file what you don't want/need: 
        [Log]
        # local log file
        LogSeverity=none


6.3. Why is there no NIS support with a static samhain executable on Linux ?
Some functions (including NIS) require libraries that are only available as shared libraries with modern GLIBC versions. While you can always compile a static executable, normally it would still open the shared library at runtime. As of version 1.8.11, samhain avoids this by providing replacement functions from uClibc. However, these do not include NIS support.

6.4. Why do I get hundreds of messages about modified CTIME ?
This happens because some backup applications reset the atime/mtime timestamps, which causes the ctime timestamp to be modified (rootkits avoid this by temporarily resetting the system clock to the original ctime ...).

To fix this problem, read the manual of your backup application, or redefine the ReadOnly policy to not check the ctime timestamp: 

        [Misc]
        RedefReadOnly=-CTM

        Order matters - you must first redefine 
        ReadOnly before you use it


6.5. PANIC — File not accessible
Most likely permission denied because of unsufficient privileges.

6.6. How can I avoid error messages for invalid UIDs (no such user) ?
Set SeverityNames to a low value 
[EventSeverity]
SeverityNames=debug


6.7. [Redhat] The /etc/init.d/(samhain|yule) init script hangs
Redhat uses "initlog" (see man initlog) in initscripts. If it hangs, most probably samhain/yule runs in the foreground rather than as daemon. Set daemon mode in the configuration file: 
[Misc]
Daemon=yes


6.8. The /etc/init.d/(samhain|yule) init script exits with: execvp: No such file or directory
Either the program is not installed, or it is not in the PATH (the one used by the init script, which may be different from your PATH).

6.9. Why am I not receiving the "BEGIN LOGKEY" message by email ?
This message (which contains the key to verify the log file) is generated when logging to the log file starts. It has the severity "ALRT", thus you should make sure that you have set the logging threshold for email correctly to receive it.

6.10. Why does console logging fail if I compile with --enable-(micro-)stealth ?
The default logging options are more "stealthy". Set the threshold explicitely rather than relying on the default.

6.11. I need a list for my schedule !
You can have the same effect with a list of schedules. See the section "Timing file checks" in the manual.

6.12. The hiding kernel module has no effect !
Most probably you compiled using the wrong "System.map" file.

6.13. What does the message "Large lstat/open overhead" mean ?
Your system needs several seconds to proceed from an lstat() system call to an open() system call. This is a tremenduous overhead, and indicates that either your system has a really severe performance problem, or someone tries to slow down samhain.

6.14. What does the message "Device not available path=/dev/random" mean ? I have /dev/random !
/dev/random blocks unless there is some entropy it can deliver. Samhain will time out and fall back on /dev/urandom after some seconds to avoid hanging for a potentially long time. It will try /dev/random again next time it needs entropy.

6.15. Logging to an external program fails; the program receives no data on stdin !
Probably your program is not designed to wait for input, but exits if reading fails (because there is no data yet). You may want to let your program wait for the terminating "[EOF]" line.

6.16. SIGILL on AIX
For each scanned file, samhain needs to store some information in memory (e.g. to recognize changes that have already been reported, and avoid duplicate reports). On AIX, if you are checking a really huge number of files, memory usage may exceed the default limit of 256 MB, and the process may terminate with SIGILL.

The problem can be solved by linking with the flag -bmaxdata:0x80000000. This allows the application to access up to 8 segments (where each segment is 256MB).

If you are using gcc, you need to use instead the flag -Wl,bmaxdata:0x80000000, which tells gcc to pass on the bmaxdata flag to the AIX linker. You can use the LDFLAGS environment variable to pass linker flags to the configure script: 

     export LDFLAGS="-Wl,bmaxdata:0x80000000"


7. Database

7.1. Why are client messages corrupted / incompletely stored in the DB ?
Because the messages are not in XML format, and therefore incorrectly parsed. The most frequent reasons are: 
        1.) Your server is compiled with --enable-xml-log, but your client(s)
        is/are not.

        2.) In your client or server configuration file, you are using
        the option for a custom message header, but without paying attention
        to preserving the XML format.


7.2. I want / don't want the server timestamps (for client messages) in the SQL database
[Database]
SetDBServerTstamp = true/false
This will enable/disable logging of the server timestamp for client messages. The server timestamp will be written to a seperate record, with log_ref set to the value of log_index of the corresponding client message.

7.3. I don't want the client TIMESTAMP messages in the SQL database
     Sending timestamps from the client allows the server to detect if
     a client is not running anymore (use SetClientTimeLimit=NNN in the
     [Misc] section of the server config file to set the number of seconds
     after which the server will issue an error message if no timestamp has
     been received).
However, you might not want to log these timestamps to the database (or other log facilities). To filter them, you can use two methods (examples are for the SQL database). The first one has the disadvantage that only messages of severity err or higher will be logged: 
     [Misc]
     UseClientSeverity=yes

     [Log]
     DatabaseSeverity=err
The second method is more specific — log everything not belonging to the STAMP class of messages: 
     [Misc]
     UseClientClass=yes

     [Log]
     DatabaseClass=PANIC RUN FIL TCP ERR ENET EINPUT


7.4. What does the log_ref field mean ?
NULL are client messages. Nonzero integer is a server timestamp for a client message (where log_ref indicates the log_index entry number of the corresponding client message). Zero indicates a message by the server itself (e.g. the server's start message).

7.5. How can I check what is in the database ?
Use a command line client to login to the database and query it: 
     sh$ mysql -u <user_name> -p <database_name>
     Enter password: ****
     mysql> SELECT log_index,log_ref,log_host,log_sev,log_msg,path FROM <table_name> WHERE entry_status = 'NEW' ORDER BY log_index;
     ....
     mysql> \q


Copyright (c) 2004 Rainer Wichmann

This list of questions and answers was generated by makefaq.

samhain-3.1.0/docs/README.sstrip0000644000175000017500000000427707466015371013232 00000000000000sstrip is a small utility that removes the contents at the end of an ELF file that are not part of the program's memory image. Most ELF executables are built with both a program header table and a section header table. However, only the former is required in order for the OS to load, link and execute a program. sstrip attempts to extract the ELF header, the program header table, and its contents, leaving everything else in the bit bucket. It can only remove parts of the file that occur at the end, after the parts to be saved. However, this almost always includes the section header table, and occasionally a few random sections that are not used when running a program. It should be noted that the GNU bfd library is (understandably) dependent on the section header table as an index to the file's contents. Thus, an executable file that has no section header table cannot be used with gdb, objdump, or any other program based upon the bfd library, at all. In fact, the program will not even recognize the file as a valid executable. (This limitation is noted in the source code comments for bfd, and is marked "FIXME", so this may change at some future date. However, I would imagine that it is a pretty low-priority item, as executables without a section header table are rare in the extreme.) This probably also explains why strip doesn't offer the option to do this. Shared library files may also have their section header table removed. Such a library will still function; however, it will no longer be possible for a compiler to link a new program against it. As an added bonus, sstrip also tries to removes trailing zero bytes from the end of the file. (This normally cannot be done with an executable that has a section header table.) sstrip is a very simplistic program. It depends upon the common practice of putting the parts of the file that contribute to the memory image at the front, and the remaining material at the end. This permits it to discard the latter material without affecting file offsets and memory addresses in what remains. However, the ELF standard permits files to be organized in almost any order. So although this procedure usually works in practice, it is not meant to be taken too seriously. samhain-3.1.0/docs/HOWTO-write-modules.html0000644000175000017500000005651210745665217015416 00000000000000 HOWTO Write Samhain Modules

samhain file integrity scanner | online documentation


Writing modules for samhain


This document should help anyone who is sitting down to write a module for the samhain host intrusion detection system. We give an overview of samhain's structure from the point of view of the module author, and describe some of the samhain utility and interface functions available. Lastly, we explain how to integrate your module into the samhain autoconf build tools.

Introduction

Samhain is a rather useful file integrity and host intrusion detection system. It is written entirely in C, and much care has been given to making it robust and secure. Additionally, it has been written with extensibility in mind, and so interfaces for adding user-contributed modules have been provided. A module author can easily extend the configuration file syntax and have his checking code run on a regular basis as one of samhain's internal checks.

Prerequisites

You'll need to know how to read and write C. You'll need the latest source for samhain. You'll need to have read all of samhain's other documentation. Finally, if you want to make your module build as part of the samhain tree (you do), you'll need GNU's autoconf package.

An overview of samhain's execution

Here's what happens when samhain starts:

  • Check if samhain has been called with one of the "init.d" type commands - start, stop, reload, status. If so, these are handled as you might expect. Nice feature.
  • Initialise all global structures and parse command-line options.
  • Read the configuration file. This is handled in sh_readconf_read(). This includes attempting to download the file if samhain has been compiled to do so.
  • Drop privileges if server.
  • Test the checksum on the database if client or standalone.
  • Now test if samhain has been compiled as a client or a server.
    • If server, enter server main loop sh_receive() in sh_forward.c. This is simple enough; apart from checks for signals received, the server just accepts incoming connections, verifies that they are from an authorised client, and logs the message received.
    • If client or standalone, we run the rest of main() in samhain.c, which follows:
  • Initialise modules - that is, call the mod_init() function on each module. Note that if the module intialisation routine returns a nonzero value, you should also have it free anything that's been allocated by the configuration file reading functions, since this method is always called after an sh_readconf_read(), i.e. when the configuration file is re-read after a SIGHUP.
  • Test the setup that's been read from the configuration - for example, check if any files or directories have been defined twice.
  • Enter the main loop (which runs just once if samhain is not configured as a daemon). Test if any signals have been received, and handle them appropriately:
    • On reconfiguration (SIGHUP), clear internal file lists etc. and call the mod_reconf() function on each module. This should clean up anything internal to the module before the configuration file is re-read. Then read the configuration file again and set things up as before, including a new call to mod_init().
    • On SIGIOT (SIGABRT), shut down the log-file for a moment to allow for rotation.
    • On SIGQUIT, terminate. Note that any call to exit() will invoke the exit_handler() defined in samhain.c; the first thing this does is to call mod_cleanup() on all modules. Then it cleans up everything else in samhain and exits.
    • On SIGUSR1 turn toggle debugging on/off.
    • On SIGUSR2 suspend the daemon an notify the server to allow a second instance of samhain downloading its configuration file without triggering an alert (restart without exit) on the server.
  • If it's time to check files, check directories and then files, and then flush the mail queue.
  • Execute modules. For each module, if mod_timer(tcurrent) returns a nonzero value, then execute mod_check().
  • Do various maintenance operations such as logging a timestamp/sending some mail if it's time, seeding/re-seeding the PRNG, etc.
You'll note that in the text above I refer to a couple of module functions - mod_init(), mod_check(), etc. These are function pointers that act as hooks for attaching modules to samhain. Next we'll describe how they are used.

Samhain's module interface

Here we'll describe the interface samhain provides to module authors.

The module list

In sh_modules.h, the following structure is defined: 


typedef struct mod_type
{
  /* The name of the module                                    */
  char * name;      

  /* Set by samhain to 1 on successful initialization, else 0  */
  int    initval; 

  /* The initialization function. Return 0 on success.         */
  int (* mod_init)    (void);  
                             
  /* The timer function. Return 0 if NOT time to check.        */
  int (* mod_timer)   (unsigned long tcurrent); 

  /* The check function. Return 0 on success.                  */
  int (* mod_check)   (void); 

  /* The cleanup function. Return 0 on success.                */
  int (* mod_cleanup) (void);

  /* The preparation for reconfiguration. Return 0 on success. */
  int (* mod_reconf) (void);

  /* Section header in config file                             */
  char * conf_section; 

  /* A table of key/handler_function for config file entries   */
  sh_rconf * conf_table; 

} sh_mtype;

This is the structure used to hook modules into samhain. There is a list of these structures (modList), defined in sh_modules.c, containing pointers to the functions to be used for each module compiled into samhain. For example, 


sh_mtype modList[] = {
#ifdef SH_USE_UTMP
  {
    N_("UTMP"),
    0,
    sh_utmp_init,
    sh_utmp_timer,
    sh_utmp_check,
    sh_utmp_end,
    sh_utmp_null,

    N_("[Utmp]"),
    sh_utmp_table,
  },
#endif

is the beginning of that table. The author of the sh_utmp module has initialised the structure with the name of the module (note that N_() is just a macro used to delimit strings here), a 0 to signify that the module has not yet been initialised, and then pointers to _init(), _timer(), _check(), _cleanup() and _reconf() functions for the module. Finally, the last two structure elements are for configuration file parsing: the first is the section heading in the configuration file for this module, and the second is a table of type 


typedef struct rconf
{
  char * the_opt;
  int (*func)(char * opt);
} sh_rconf;

(also defined in sh_modules.h). This structure is for storing options for this module to be found in the configuration file, as well as the functions that will be used to parse them when found. In the sh_utmp example above, we can see that this table has been set to sh_utmp_table - this is a reference to a list of the Utmp module's configuration options declared in sh_utmp.h. It should be clear now that one of the changes you will need to make to samhain's source files is to include your header file in sh_modules.c and add a modList entry like the above.

For a description of when during samhain's execution these various module hooks are called, see the overview above. It would likely be helpful to you now to read through the source for one of the modules provided with samhain and see the above actually implemented. You should also be able to use one of these modules as a template for your own.

The message catalogue

Most module authors will want to log messages in their own specified format; samhain stores all of its message formats in a "messages catalogue" found in sh_cat.h and sh_cat.c. For example, for the sh_suidchk module we find the following entries in sh_cat.h, as part of an enum: 


#ifdef SH_USE_SUIDCHK
 MSG_SUID_POLICY,
 MSG_SUID_FOUND,
 MSG_SUID_STAT,
 MSG_SUID_SUMMARY,
#endif

Correspondingly in sh_cat.c we find 


#ifdef SH_USE_SUIDCHK
  { MSG_SUID_POLICY, SH_ERR_SEVERE,  RUN,   N_("msg=\"POLICY SUIDCHK  %s\" path=\"%s\"") },
  { MSG_SUID_FOUND,  SH_ERR_INFO,    RUN,   N_("msg=\"Found suid/sgid file\" path=\"%s\"") },
  { MSG_SUID_STAT,   SH_ERR_ERR,     ERR,   N_("msg=\"stat: %s\" path=\"%s\"") },
  { MSG_SUID_SUMMARY,SH_ERR_INFO,    RUN,   N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") },
#endif

as part of the table msg_cat[] of type cat_entry: 


typedef struct foo_cat_entry {
  unsigned long id;
  unsigned long priority;
  unsigned long class;
  char *        format;
} cat_entry;

The first member of this structure is the message type's ID, as defined in the enum in sh_cat.h. The second is the default priority of such messages, defined as in the samhain documentation. The third is the class of the message, again defined as in the samhain documentation. Finally we have the message format itself, which is a printf() style format string.

This catalogue is used by the logging functions in samhain; you will need to add your own message types and formats to sh_cat.h and sh_cat.c. Note that because samhain can be compiled for XML style logging, you will actually need to make two entries in sh_cat.c for each message; see the file itself for details.

Note that there is a generic message format with the ID 'MSG_E_SUBGEN' and the default priority 'SH_ERR_ERR'. If you are using this message format, then you can log (a) a string, and (b) the name of the subroutine.

This completes our description of samhain's module interface.

Samhain's utility functions

Here we'll describe the main utility functions available to samhain module authors.

String wrapping macros

Constant strings should be wrapped in the _(string) macro. Initialisation strings that cannot be replaced with a function should be wrapped in a N_(string) macro, and the variable thus initialized should be wrapped in a _(var) macro whereever used. This is important for the 'stealth' functionality of samhain.

Logging messages

#include "sh_error.h"

void sh_error_handle(int severity, char * file, long line, long status,
                     unsigned long msg_id, ...)

This is samhain's logging/reporting function, so the name is a little misleading - errors are not the only thing we should handle with this. The first four arguments are simple enough: severity is the logging severity, defined in the enum ShErrLevel from sh_error.h; file and line are the current file and line - usually you'll be using FIL__ and __LINE__ for these; status is not very important - for module authors it'll do to always pass 0 to this. The final named argument is msg_id, which should be one of the message IDs defined in sh_cat.h; these correspond to message format strings in printf() format, which will be interpolated with the following arguments to form the log message.

The '__LINE__' macro is provided by the C preprocessor. The FIL__ macro should be #defined to '_("sourcefile_name")' (see 'String wrapping macros' above).

Example of use: 

#undef
#define FIL__ _("sh_mounts.c")

sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS,
                 cfgmnt->path);

See cat.c for the definition of MSG_MNT_MNTMISS: 


{ MSG_MNT_MNTMISS, SH_ERR_WARN,    RUN,   N_("msg=\"Mount missing\" path=\"%s\"")},

So we print this out at severity ShMountsSevMnt, which in this case is a configured value read from the samhain configuration file (see sh_mounts.c). If we wanted to print it at the default severity (SH_ERR_WARN), we could pass -1 as the severity.

Checking files for modification

#include "sh_files.h"

int  sh_files_pushdir_?? (char * dirName);
int  sh_files_pushfile_?? (char * fileName);

These functions push directories and files onto the stack of those to check for the specified policy (see the samhain documentation for further information):
sh_files_pushdir_user0 pushes the directory at USER0
... _user1USER1
... _attrATTR
... _roREADONLY
... _logLOGFILE
... _glogGROWING LOGFILE
... _noigIGNORE NONE
... _alligIGNORE ALL
So if you're writing a module that adds particular files to check, like the sh_userfiles module for example, these are the functions to use.

Managing memory

#include "sh_mem.h"

#define SH_FREE(a)  ...
#define SH_ALLOC(a) ...

These are the macros to use when you're allocating/freeing memory in samhain. They do all the error checking/reporting you need, so when you get memory from SH_ALLOC you can just get to using it right away.

Parsing strings

#include "sh_utils.h"

char * sh_util_strdup    (const char * str);
char * sh_util_strsep    (char **str, const char *delim);
char * sh_util_strconcat (const char * arg1, ...);

int sh_util_flagval(char * c, int * fval);
int sh_util_isnum (char *str);

#include "slib.h"

int sl_strlcpy (char * dst, const char * src, size_t siz);
int sl_strlcat (char * dst, const char * src, size_t siz);
int sl_snprintf(char *str, size_t n, const char *format, ... );

These functions are the samhain internal functions for string handling. The first three act like their C library counterparts, except using samhain's memory management functions and error checking. sh_util_flagval converts the passed string into a truth value - the value is stored in fval as 1 or 0 - and returns 0 on success, -1 on failure. sh_util_isnum just checks if the passed string is all numeric.

The functions sl_strlcpy and sl_strlcat work similar to the C library strncpy/strncat functions, except that the destination string is always null terminated, and the third argument must be the full length of the destination buffer, not the remaining space. On success, the return value is 0.

The function sl_snprintf provides either the system snprintf, or a replacement, if the system has no or a buggy snprintf.

Tracing execution

#include "slib.h"

#define SL_ENTER(s) ...
#define SL_RETURN(retval, s) ...

These macros are for tracing execution through samhain functions. You should use SL_ENTER with the name of the function for each function entered, and SL_RETURN with the return value and the name of the function for each exit if you want to maintain compatibility with the rest of samhain.

Executing external programs (popen)

#include "sh_extern.h"


sh_tas_t task;
/* Prepare task */
sh_ext_tas_init(&task);
sh_ext_tas_command(&task, char * command);
sh_ext_tas_add_argv(&task, char * val);
sh_ext_tas_add_envv (&task, char * environment_variable, char * value);

int sh_ext_popen(&task);
int sh_ext_pclose(&task);

To prepare a task to run, use 'sh_ext_tas_init' to initialise the task structure. With 'sh_ext_tas_command' the command (absolute path) is set, with 'sh_ext_tas_add_argv' command line options are added. Environment variables can be set with 'sh_ext_tas_add_envv'.

To open for read, set "task.rw = 'r';", to open for write use "task.rw = 'w';".

To run the task with privileges dropped to another UID, set "task.privileged = 0;" and task.run_user_uid, task.run_user_gid to the desired UID/GID.

To verify the checksum of the called executable, set task.checksum[KEY_LEN+1] to the TIGER192 checksum of the executable.

After successful execution of sh_ext_popen (return status 0), task.pipe is the stream opened for read or write, and task.pipeFD its associated file descriptor.

Inserting arbitrary data into the baseline database


#include "sh_hash.c"

void sh_hash_push2db (char * key, unsigned long val1, 
		      unsigned long val2, unsigned long val3,
		      unsigned char * str, int size);

char * sh_hash_db2pop (char * key, unsigned long * val1, 
		       unsigned long * val2, unsigned long * val3,
		       int * size);

The baseline database has a fixed record format. To enter data, these need to be prepared in the required format. To retrieve the data, the 'filepath' is used as key (if your data is not a file, you would provide a dummy pathname as key). For convenience, the two functions noted below are provided.

When checking files, samhain will walk the database to find files that are in the database, but have been deleted from the disk. If you enter data, you need to mark it as such by using a key that starts with something else but '/', otherwise samhain will complain if it has not been checked during the file check. 


#include "sh_hash.c"

void sh_hash_push2db (char * key, unsigned long val1, 
		      unsigned long val2, unsigned long val3,
		      unsigned char * str, int size);

char * sh_hash_db2pop (char * key, unsigned long * val1, 
		       unsigned long * val2, unsigned long * val3,
		       int * size);

To insert data, use 'sh_hash_push2db'. You can insert up to three long integers (val1, val2, val3) and/or a binary string of length size (max. (PATH_MAX-1)/2). As noted above, you need to supply a key (stored as the 'filepath', which should start with a character different from '/'). To retrieve data, you can use 'sh_hash_db2pop'. The return value is either NULL (if no string was stored under this key), or the stored string (length returned in 'size').

A string to store may consist of any characters, including NULLs, and need not be NULL terminated. The returned string is always NULL terminated (the terminating NULL is not included in 'size'), and should be freed with SH_FREE() if not required anymore.

If the key is not found in the database, size is set to -1.

Incorporating modules into the samhain build

This is a somewhat secondary but important part of writing a module for samhain: how to incorporate it into the samhain configuration and build process. This just involves hacking the autoconf and makefile setup to include your module. We'll present this file-by-file.

Makefile.in

You need to add a few bits to this file. First, add your header, source and object filenames to the HEADERS, SOURCES and OBJECTS variables. Then add your header to the dependencies for sh_modules.o and ./sh_modules.o. Finally add dependency lines for your module object file sh_whatever.o and ./sh_whatever.o, modelling them on the other module object dependency lines.

acconfig.h

The config.h.in will be generated from this file by 'autoheader'. You just need to add a line like 

#undef SH_USE_MOUNTS
that will be defined by the ./configure code if the user specifies the module as enabled.

aclocal.m4

This file is used by 'autoconf' to help generate ./configure. You need to add your module's ./configure option to the SH_ENABLE_OPTS variable; for example, to add the option --enable-mounts-check, we added the string 'mounts-check' to this variable.

configure.ac

This is the other file used by 'autoconf' to generate ./configure. You need to add an AC_ARG_ENABLE call to this file, along the lines of those for other modules. For example, we added 
AC_ARG_ENABLE(mounts-check,
        [  --enable-mounts-check        check mount options on filesystems [[no]
]],
        [
        if test "x${enable_mounts_check}" = xyes; then
                AC_DEFINE(SH_USE_MOUNTS)
        fi
        ]
)
for the sh_mounts module. This causes the #undef from acconfig.h above to be defined when ./configure is run with the --enable-mounts-check argument.

This is all that you need. Once you've done the above, you'll need to run 'autoheader' and 'autoconfig' to generate config.h.in and the ./configure script. Then your module will build as part of the samhain source.

Conclusion

Armed with the above information, any proficient C programmer should be able to adapt and extend samhain to do whatever it is they need. We hope that this document has been reasonably clear, easy to follow and useful; please feel free to update it for clarity, accuracy and completeness and resubmit it to the samhain project.

This document was written by the eircom.net Computer Incident Response Team. Updated with CSS by Rainer Wichmann.

samhain-3.1.0/docs/MANUAL-2_3.pdf0000644000175000017500000512402012234446621013045 00000000000000%PDF-1.4 % 1 0 obj << /S /GoTo /D (1.0) >> endobj 4 0 obj (The Samhain Host Integrity Monitoring System) endobj 5 0 obj << /S /GoTo /D (2.0) >> endobj 8 0 obj (Table of Contents) endobj 9 0 obj << /S /GoTo /D (3.0) >> endobj 12 0 obj (Chapter 1. Introduction) endobj 13 0 obj << /S /GoTo /D (4.0) >> endobj 16 0 obj (Chapter 2. Compiling and installing) endobj 17 0 obj << /S /GoTo /D (4.1.1) >> endobj 20 0 obj (2.1. Overview) endobj 21 0 obj << /S /GoTo /D (4.2.1) >> endobj 24 0 obj (2.2. Requirements) endobj 25 0 obj << /S /GoTo /D (4.3.1) >> endobj 28 0 obj (2.3. Download and extract) endobj 29 0 obj << /S /GoTo /D (4.4.1) >> endobj 32 0 obj (2.4. Configuring the source) endobj 33 0 obj << /S /GoTo /D (4.4.1.2) >> endobj 36 0 obj (2.4.1. Some more configuration options) endobj 37 0 obj << /S /GoTo /D (4.5.1) >> endobj 40 0 obj (2.5. Build) endobj 41 0 obj << /S /GoTo /D (4.6.1) >> endobj 44 0 obj (2.6. Install) endobj 45 0 obj << /S /GoTo /D (4.6.2.2) >> endobj 48 0 obj (2.6.1. Important make targets) endobj 49 0 obj << /S /GoTo /D (4.7.1) >> endobj 52 0 obj (2.7. Customize) endobj 53 0 obj << /S /GoTo /D (4.8.1) >> endobj 56 0 obj (2.8. Initialize the baseline database) endobj 57 0 obj << /S /GoTo /D (4.9.1) >> endobj 60 0 obj (2.9. Run samhain) endobj 61 0 obj << /S /GoTo /D (4.10.1) >> endobj 64 0 obj (2.10. Files and directory layout) endobj 65 0 obj << /S /GoTo /D (4.10.3.2) >> endobj 68 0 obj (2.10.1. Trusted users and trusted paths) endobj 69 0 obj << /S /GoTo /D (4.10.4.2) >> endobj 72 0 obj (2.10.2. Directory layout) endobj 73 0 obj << /S /GoTo /D (4.10.5.2) >> endobj 76 0 obj (2.10.3. Runtime files) endobj 77 0 obj << /S /GoTo /D (4.10.5.1.3) >> endobj 80 0 obj (2.10.3.1. Standalone or client) endobj 81 0 obj << /S /GoTo /D (4.10.5.2.3) >> endobj 84 0 obj (2.10.3.2. Server) endobj 85 0 obj << /S /GoTo /D (4.10.6.2) >> endobj 88 0 obj (2.10.4. Installed files) endobj 89 0 obj << /S /GoTo /D (4.10.6.3.3) >> endobj 92 0 obj (2.10.4.1. Standalone or client) endobj 93 0 obj << /S /GoTo /D (4.10.6.4.3) >> endobj 96 0 obj (2.10.4.2. Server) endobj 97 0 obj << /S /GoTo /D (4.11.1) >> endobj 100 0 obj (2.11. The testsuite) endobj 101 0 obj << /S /GoTo /D (5.0) >> endobj 104 0 obj (Chapter 3. General usage notes) endobj 105 0 obj << /S /GoTo /D (5.12.1) >> endobj 108 0 obj (3.1. How to invoke) endobj 109 0 obj << /S /GoTo /D (5.13.1) >> endobj 112 0 obj (3.2. Using daemontool \(or similar utilities\)) endobj 113 0 obj << /S /GoTo /D (5.14.1) >> endobj 116 0 obj (3.3. Controlling the daemon) endobj 117 0 obj << /S /GoTo /D (5.15.1) >> endobj 120 0 obj (3.4. Signals) endobj 121 0 obj << /S /GoTo /D (5.16.1) >> endobj 124 0 obj (3.5. PID file) endobj 125 0 obj << /S /GoTo /D (5.17.1) >> endobj 128 0 obj (3.6. Log file rotation) endobj 129 0 obj << /S /GoTo /D (5.18.1) >> endobj 132 0 obj (3.7. Updating the file signature database) endobj 133 0 obj << /S /GoTo /D (5.19.1) >> endobj 136 0 obj (3.8. Improving the signaltonoise ratio) endobj 137 0 obj << /S /GoTo /D (5.20.1) >> endobj 140 0 obj (3.9. Runtime options: commandline configuration file) endobj 141 0 obj << /S /GoTo /D (5.21.1) >> endobj 144 0 obj (3.10. Remarks on the dnmalloc allocator) endobj 145 0 obj << /S /GoTo /D (5.22.1) >> endobj 148 0 obj (3.11. Support / Bugs / Problems) endobj 149 0 obj << /S /GoTo /D (5.22.7.2) >> endobj 152 0 obj (3.11.1. If samhain appears to hang indefinitely) endobj 153 0 obj << /S /GoTo /D (6.0) >> endobj 156 0 obj (Chapter 4. Configuration of logging facilities) endobj 157 0 obj << /S /GoTo /D (6.23.1) >> endobj 160 0 obj (4.1. General) endobj 161 0 obj << /S /GoTo /D (6.23.8.2) >> endobj 164 0 obj (4.1.1. Severity levels) endobj 165 0 obj << /S /GoTo /D (6.23.9.2) >> endobj 168 0 obj (4.1.2. Classes) endobj 169 0 obj << /S /GoTo /D (6.23.10.2) >> endobj 172 0 obj (4.1.3. Error message customization) endobj 173 0 obj << /S /GoTo /D (6.24.1) >> endobj 176 0 obj (4.2. Available logging facilities) endobj 177 0 obj << /S /GoTo /D (6.25.1) >> endobj 180 0 obj (4.3. Activating logging facilities and filtering messages) endobj 181 0 obj << /S /GoTo /D (6.26.1) >> endobj 184 0 obj (4.4. Email) endobj 185 0 obj << /S /GoTo /D (6.26.11.2) >> endobj 188 0 obj (4.4.1. Email reports and their integrity) endobj 189 0 obj << /S /GoTo /D (6.27.1) >> endobj 192 0 obj (4.5. Log file) endobj 193 0 obj << /S /GoTo /D (6.27.12.2) >> endobj 196 0 obj (4.5.1. The log file and its integrity) endobj 197 0 obj << /S /GoTo /D (6.28.1) >> endobj 200 0 obj (4.6. Log server) endobj 201 0 obj << /S /GoTo /D (6.28.13.2) >> endobj 204 0 obj (4.6.1. Details) endobj 205 0 obj << /S /GoTo /D (6.29.1) >> endobj 208 0 obj (4.7. External facilities) endobj 209 0 obj << /S /GoTo /D (6.30.1) >> endobj 212 0 obj (4.8. Console) endobj 213 0 obj << /S /GoTo /D (6.31.1) >> endobj 216 0 obj (4.9. Prelude) endobj 217 0 obj << /S /GoTo /D (6.31.14.2) >> endobj 220 0 obj (4.9.1. Preludespecific commandline options) endobj 221 0 obj << /S /GoTo /D (6.31.15.2) >> endobj 224 0 obj (4.9.2. Registering to a Prelude manager) endobj 225 0 obj << /S /GoTo /D (6.32.1) >> endobj 228 0 obj (4.10. Using samhain with nagios) endobj 229 0 obj << /S /GoTo /D (6.33.1) >> endobj 232 0 obj (4.11. Syslog) endobj 233 0 obj << /S /GoTo /D (6.34.1) >> endobj 236 0 obj (4.12. SQL Database) endobj 237 0 obj << /S /GoTo /D (6.34.16.2) >> endobj 240 0 obj (4.12.1. Upgrade to samhain 2.3) endobj 241 0 obj << /S /GoTo /D (6.34.17.2) >> endobj 244 0 obj (4.12.2. Upgrade to samhain 2.4.4) endobj 245 0 obj << /S /GoTo /D (6.34.18.2) >> endobj 248 0 obj (4.12.3. MySQL configuration details) endobj 249 0 obj << /S /GoTo /D (7.0) >> endobj 252 0 obj (Chapter 5. Configuring samhain, the host integrity monitor) endobj 253 0 obj << /S /GoTo /D (7.35.1) >> endobj 256 0 obj (5.1. Usage overview) endobj 257 0 obj << /S /GoTo /D (7.36.1) >> endobj 260 0 obj (5.2. Available checksum functions) endobj 261 0 obj << /S /GoTo /D (7.37.1) >> endobj 264 0 obj (5.3. File signatures) endobj 265 0 obj << /S /GoTo /D (7.38.1) >> endobj 268 0 obj (5.4. Defining file check policies: what, and how, to monitor) endobj 269 0 obj << /S /GoTo /D (7.38.19.2) >> endobj 272 0 obj (5.4.1. Monitoring policies) endobj 273 0 obj << /S /GoTo /D (7.38.20.2) >> endobj 276 0 obj (5.4.2. File/directory specification) endobj 277 0 obj << /S /GoTo /D (7.38.20.5.3) >> endobj 280 0 obj (5.4.2.1. Rules) endobj 281 0 obj << /S /GoTo /D (7.38.21.2) >> endobj 284 0 obj (5.4.3. Suppress messages about new/deleted/modified files) endobj 285 0 obj << /S /GoTo /D (7.38.22.2) >> endobj 288 0 obj (5.4.4. Dynamic database update \(modified/disappeared/new files\)) endobj 289 0 obj << /S /GoTo /D (7.38.23.2) >> endobj 292 0 obj (5.4.5. Recursion depth\(s\)) endobj 293 0 obj << /S /GoTo /D (7.38.24.2) >> endobj 296 0 obj (5.4.6. Hardlink check) endobj 297 0 obj << /S /GoTo /D (7.38.24.6.3) >> endobj 300 0 obj (5.4.6.1. Specify exceptions for the hardlink check) endobj 301 0 obj << /S /GoTo /D (7.38.25.2) >> endobj 304 0 obj (5.4.7. Check for weird filenames) endobj 305 0 obj << /S /GoTo /D (7.38.26.2) >> endobj 308 0 obj (5.4.8. Support for prelink) endobj 309 0 obj << /S /GoTo /D (7.38.27.2) >> endobj 312 0 obj (5.4.9. SELinux attributes and Posix ACLs) endobj 313 0 obj << /S /GoTo /D (7.38.28.2) >> endobj 316 0 obj (5.4.10. Codes in messages about reported files) endobj 317 0 obj << /S /GoTo /D (7.38.29.2) >> endobj 320 0 obj (5.4.11. Loose directory checking) endobj 321 0 obj << /S /GoTo /D (7.38.30.2) >> endobj 324 0 obj (5.4.12. Storing the full content of a file) endobj 325 0 obj << /S /GoTo /D (7.38.31.2) >> endobj 328 0 obj (5.4.13. Who made changes to a file?) endobj 329 0 obj << /S /GoTo /D (7.38.32.2) >> endobj 332 0 obj (5.4.14. Skip checksumming for particular files) endobj 333 0 obj << /S /GoTo /D (7.38.32.7.3) >> endobj 336 0 obj (5.4.14.1. Userdefined file types) endobj 337 0 obj << /S /GoTo /D (7.38.33.2) >> endobj 340 0 obj (5.4.15. Graceful handling of log rotation) endobj 341 0 obj << /S /GoTo /D (7.39.1) >> endobj 344 0 obj (5.5. Excluding files and/or subdirectories \(All except \)) endobj 345 0 obj << /S /GoTo /D (7.40.1) >> endobj 348 0 obj (5.6. Timing file checks) endobj 349 0 obj << /S /GoTo /D (7.40.34.2) >> endobj 352 0 obj (5.6.1. Using a second schedule) endobj 353 0 obj << /S /GoTo /D (7.41.1) >> endobj 356 0 obj (5.7. Initializing, updating, or checking) endobj 357 0 obj << /S /GoTo /D (7.42.1) >> endobj 360 0 obj (5.8. The file signature database) endobj 361 0 obj << /S /GoTo /D (7.43.1) >> endobj 364 0 obj (5.9. Checking the file system for SUID/SGID binaries) endobj 365 0 obj << /S /GoTo /D (7.43.35.2) >> endobj 368 0 obj (5.9.1. Quarantine SUID/SGID files) endobj 369 0 obj << /S /GoTo /D (7.43.36.2) >> endobj 372 0 obj (5.9.2. Configuration) endobj 373 0 obj << /S /GoTo /D (7.44.1) >> endobj 376 0 obj (5.10. Detecting Kernel rootkits) endobj 377 0 obj << /S /GoTo /D (7.44.37.2) >> endobj 380 0 obj (5.10.1. Configuration) endobj 381 0 obj << /S /GoTo /D (7.44.38.2) >> endobj 384 0 obj (5.10.2. What is a kernel rootkit ?) endobj 385 0 obj << /S /GoTo /D (7.44.39.2) >> endobj 388 0 obj (5.10.3. Implemented integrity checks) endobj 389 0 obj << /S /GoTo /D (7.44.40.2) >> endobj 392 0 obj (5.10.4. Error messages) endobj 393 0 obj << /S /GoTo /D (7.45.1) >> endobj 396 0 obj (5.11. Monitoring login/logout events) endobj 397 0 obj << /S /GoTo /D (7.46.1) >> endobj 400 0 obj (5.12. Checking mounted filesystem policies) endobj 401 0 obj << /S /GoTo /D (7.47.1) >> endobj 404 0 obj (5.13. Checking sensitive files owned by users) endobj 405 0 obj << /S /GoTo /D (7.48.1) >> endobj 408 0 obj (5.14. Checking for hidden/fake/missing processes) endobj 409 0 obj << /S /GoTo /D (7.48.41.2) >> endobj 412 0 obj (5.14.1. Example configuration) endobj 413 0 obj << /S /GoTo /D (7.49.1) >> endobj 416 0 obj (5.15. Checking for open ports) endobj 417 0 obj << /S /GoTo /D (7.49.42.2) >> endobj 420 0 obj (5.15.1. Options) endobj 421 0 obj << /S /GoTo /D (7.49.43.2) >> endobj 424 0 obj (5.15.2. Example configuration) endobj 425 0 obj << /S /GoTo /D (7.50.1) >> endobj 428 0 obj (5.16. Logfile monitoring/analysis) endobj 429 0 obj << /S /GoTo /D (7.50.44.2) >> endobj 432 0 obj (5.16.1. Event Correlation) endobj 433 0 obj << /S /GoTo /D (7.50.44.8.3) >> endobj 436 0 obj (5.16.1.1. Marking individual events to be correlated) endobj 437 0 obj << /S /GoTo /D (7.50.44.9.3) >> endobj 440 0 obj (5.16.1.2. Correlating the marked events) endobj 441 0 obj << /S /GoTo /D (7.50.45.2) >> endobj 444 0 obj (5.16.2. Reporting nonoccurence of an event) endobj 445 0 obj << /S /GoTo /D (7.50.46.2) >> endobj 448 0 obj (5.16.3. Reporting bursts of similar, repeated events) endobj 449 0 obj << /S /GoTo /D (7.50.47.2) >> endobj 452 0 obj (5.16.4. Options) endobj 453 0 obj << /S /GoTo /D (7.50.48.2) >> endobj 456 0 obj (5.16.5. Example configuration) endobj 457 0 obj << /S /GoTo /D (7.51.1) >> endobj 460 0 obj (5.17. Checking the Windows registry) endobj 461 0 obj << /S /GoTo /D (7.51.49.2) >> endobj 464 0 obj (5.17.1. Options) endobj 465 0 obj << /S /GoTo /D (7.51.50.2) >> endobj 468 0 obj (5.17.2. Example configuration) endobj 469 0 obj << /S /GoTo /D (7.52.1) >> endobj 472 0 obj (5.18. Modules) endobj 473 0 obj << /S /GoTo /D (7.53.1) >> endobj 476 0 obj (5.19. Performance tuning) endobj 477 0 obj << /S /GoTo /D (7.54.1) >> endobj 480 0 obj (5.20. Storing the full content of a file \(aka: WHAT has changed?\)) endobj 481 0 obj << /S /GoTo /D (7.54.51.2) >> endobj 484 0 obj (5.20.1. Example configuration) endobj 485 0 obj << /S /GoTo /D (7.54.52.2) >> endobj 488 0 obj (5.20.2. Implementation details) endobj 489 0 obj << /S /GoTo /D (7.55.1) >> endobj 492 0 obj (5.21. Inotify support on Linux \(instantaneous reports, no I/O load\)) endobj 493 0 obj << /S /GoTo /D (7.55.53.2) >> endobj 496 0 obj (5.21.1. Example configuration) endobj 497 0 obj << /S /GoTo /D (8.0) >> endobj 500 0 obj (Chapter 6. Configuring yule, the log server) endobj 501 0 obj << /S /GoTo /D (8.56.1) >> endobj 504 0 obj (6.1. General) endobj 505 0 obj << /S /GoTo /D (8.57.1) >> endobj 508 0 obj (6.2. Important installation notes) endobj 509 0 obj << /S /GoTo /D (8.58.1) >> endobj 512 0 obj (6.3. Registering a client) endobj 513 0 obj << /S /GoTo /D (8.59.1) >> endobj 516 0 obj (6.4. Enabling logging to the server) endobj 517 0 obj << /S /GoTo /D (8.60.1) >> endobj 520 0 obj (6.5. Enabling baseline database / configuration file download from the server) endobj 521 0 obj << /S /GoTo /D (8.60.54.2) >> endobj 524 0 obj (6.5.1. Configuration file) endobj 525 0 obj << /S /GoTo /D (8.60.55.2) >> endobj 528 0 obj (6.5.2. Database file) endobj 529 0 obj << /S /GoTo /D (8.61.1) >> endobj 532 0 obj (6.6. Rules for logging of client messages) endobj 533 0 obj << /S /GoTo /D (8.62.1) >> endobj 536 0 obj (6.7. Detecting 'dead' clients) endobj 537 0 obj << /S /GoTo /D (8.63.1) >> endobj 540 0 obj (6.8. The HTML server status page) endobj 541 0 obj << /S /GoTo /D (8.64.1) >> endobj 544 0 obj (6.9. Chroot) endobj 545 0 obj << /S /GoTo /D (8.65.1) >> endobj 548 0 obj (6.10. Restrict access with libwrap \(tcp wrappers\)) endobj 549 0 obj << /S /GoTo /D (8.66.1) >> endobj 552 0 obj (6.11. Sending commands to clients) endobj 553 0 obj << /S /GoTo /D (8.66.56.2) >> endobj 556 0 obj (6.11.1. Communicating with the server) endobj 557 0 obj << /S /GoTo /D (8.66.57.2) >> endobj 560 0 obj (6.11.2. Authenticating to the server) endobj 561 0 obj << /S /GoTo /D (8.67.1) >> endobj 564 0 obj (6.12. Syslog logging) endobj 565 0 obj << /S /GoTo /D (8.68.1) >> endobj 568 0 obj (6.13. Servertoserver relay) endobj 569 0 obj << /S /GoTo /D (8.69.1) >> endobj 572 0 obj (6.14. Performance tuning) endobj 573 0 obj << /S /GoTo /D (9.0) >> endobj 576 0 obj (Chapter 7. Hooks for External Programs) endobj 577 0 obj << /S /GoTo /D (9.70.1) >> endobj 580 0 obj (7.1. Pipes) endobj 581 0 obj << /S /GoTo /D (9.71.1) >> endobj 584 0 obj (7.2. System V message queue) endobj 585 0 obj << /S /GoTo /D (9.72.1) >> endobj 588 0 obj (7.3. Calling external programs) endobj 589 0 obj << /S /GoTo /D (9.72.58.2) >> endobj 592 0 obj (7.3.1. Example setup for paging) endobj 593 0 obj << /S /GoTo /D (10.0) >> endobj 596 0 obj (Chapter 8. Additional Features Signed Configuration/Database Files) endobj 597 0 obj << /S /GoTo /D (10.73.1) >> endobj 600 0 obj (8.1. The samhainadmin script) endobj 601 0 obj << /S /GoTo /D (11.0) >> endobj 604 0 obj (Chapter 9. Additional Features Stealth) endobj 605 0 obj << /S /GoTo /D (11.74.1) >> endobj 608 0 obj (9.1. Hiding the executable) endobj 609 0 obj << /S /GoTo /D (11.74.59.2) >> endobj 612 0 obj (9.1.1. Using kernel modules to hide samhain \(Linux/ix86 only\)) endobj 613 0 obj << /S /GoTo /D (11.75.1) >> endobj 616 0 obj (9.2. Packing the executable) endobj 617 0 obj << /S /GoTo /D (12.0) >> endobj 620 0 obj (Chapter 10. Deployment to remote hosts) endobj 621 0 obj << /S /GoTo /D (12.76.1) >> endobj 624 0 obj (10.1. Method A: The deployment system) endobj 625 0 obj << /S /GoTo /D (12.76.60.2) >> endobj 628 0 obj (10.1.1. Requirements) endobj 629 0 obj << /S /GoTo /D (12.76.61.2) >> endobj 632 0 obj (10.1.2. Layout of the deployment system) endobj 633 0 obj << /S /GoTo /D (12.76.61.10.3) >> endobj 636 0 obj (10.1.2.1. The configs subdirectory) endobj 637 0 obj << /S /GoTo /D (12.76.61.11.3) >> endobj 640 0 obj (10.1.2.2. The archpkg subdirectory) endobj 641 0 obj << /S /GoTo /D (12.76.62.2) >> endobj 644 0 obj (10.1.3. Customizing the system) endobj 645 0 obj << /S /GoTo /D (12.76.62.12.3) >> endobj 648 0 obj (10.1.3.1. Setting default options) endobj 649 0 obj << /S /GoTo /D (12.76.62.13.3) >> endobj 652 0 obj (10.1.3.2. Adding support for an architecture) endobj 653 0 obj << /S /GoTo /D (12.76.62.14.3) >> endobj 656 0 obj (10.1.3.3. Perarchitecture pre/postinstallation scripts) endobj 657 0 obj << /S /GoTo /D (12.76.62.15.3) >> endobj 660 0 obj (10.1.3.4. Perhost runtime configuration) endobj 661 0 obj << /S /GoTo /D (12.76.63.2) >> endobj 664 0 obj (10.1.4. Using the deploy.sh script) endobj 665 0 obj << /S /GoTo /D (12.76.63.16.3) >> endobj 668 0 obj (10.1.4.1. General options) endobj 669 0 obj << /S /GoTo /D (12.76.64.2) >> endobj 672 0 obj (10.1.5. deploy.sh info) endobj 673 0 obj << /S /GoTo /D (12.76.64.17.3) >> endobj 676 0 obj (10.1.5.1. Specific options) endobj 677 0 obj << /S /GoTo /D (12.76.65.2) >> endobj 680 0 obj (10.1.6. deploy.sh clean) endobj 681 0 obj << /S /GoTo /D (12.76.65.18.3) >> endobj 684 0 obj (10.1.6.1. Specific options) endobj 685 0 obj << /S /GoTo /D (12.76.66.2) >> endobj 688 0 obj (10.1.7. deploy.sh download) endobj 689 0 obj << /S /GoTo /D (12.76.66.19.3) >> endobj 692 0 obj (10.1.7.1. Specific options) endobj 693 0 obj << /S /GoTo /D (12.76.67.2) >> endobj 696 0 obj (10.1.8. deploy.sh checksrc) endobj 697 0 obj << /S /GoTo /D (12.76.67.20.3) >> endobj 700 0 obj (10.1.8.1. Specific options) endobj 701 0 obj << /S /GoTo /D (12.76.68.2) >> endobj 704 0 obj (10.1.9. deploy.sh build) endobj 705 0 obj << /S /GoTo /D (12.76.68.21.3) >> endobj 708 0 obj (10.1.9.1. Specific options) endobj 709 0 obj << /S /GoTo /D (12.76.69.2) >> endobj 712 0 obj (10.1.10. deploy.sh install) endobj 713 0 obj << /S /GoTo /D (12.76.69.22.3) >> endobj 716 0 obj (10.1.10.1. Specific options) endobj 717 0 obj << /S /GoTo /D (12.76.70.2) >> endobj 720 0 obj (10.1.11. deploy.sh uninstall) endobj 721 0 obj << /S /GoTo /D (12.76.70.23.3) >> endobj 724 0 obj (10.1.11.1. Specific options) endobj 725 0 obj << /S /GoTo /D (12.76.71.2) >> endobj 728 0 obj (10.1.12. Usage notes) endobj 729 0 obj << /S /GoTo /D (12.77.1) >> endobj 732 0 obj (10.2. Method B: The native package manager) endobj 733 0 obj << /S /GoTo /D (12.77.72.2) >> endobj 736 0 obj (10.2.1. Building an RPM) endobj 737 0 obj << /S /GoTo /D (12.77.72.24.3) >> endobj 740 0 obj (10.2.1.1. Custom RPM) endobj 741 0 obj << /S /GoTo /D (12.77.72.25.3) >> endobj 744 0 obj (10.2.1.2. Singlehost) endobj 745 0 obj << /S /GoTo /D (12.77.73.2) >> endobj 748 0 obj (10.2.2. Building an HPUX package) endobj 749 0 obj << /S /GoTo /D (12.77.74.2) >> endobj 752 0 obj (10.2.3. Building a Solaris package) endobj 753 0 obj << /S /GoTo /D (12.77.75.2) >> endobj 756 0 obj (10.2.4. Building a Gentoo Linux package) endobj 757 0 obj << /S /GoTo /D (12.77.76.2) >> endobj 760 0 obj (10.2.5. Building a Debian package) endobj 761 0 obj << /S /GoTo /D (13.0) >> endobj 764 0 obj (Chapter 11. Security Design) endobj 765 0 obj << /S /GoTo /D (13.78.1) >> endobj 768 0 obj (11.1. Usage) endobj 769 0 obj << /S /GoTo /D (13.78.77.2) >> endobj 772 0 obj (11.1.1. Client security in a client/server system) endobj 773 0 obj << /S /GoTo /D (13.79.1) >> endobj 776 0 obj (11.2. Integrity of the samhain executable) endobj 777 0 obj << /S /GoTo /D (13.80.1) >> endobj 780 0 obj (11.3. Client executable integrity) endobj 781 0 obj << /S /GoTo /D (13.81.1) >> endobj 784 0 obj (11.4. The server) endobj 785 0 obj << /S /GoTo /D (13.82.1) >> endobj 788 0 obj (11.5. General) endobj 789 0 obj << /S /GoTo /D (14.0) >> endobj 792 0 obj (Appendix A. List of options for the ./configure script) endobj 793 0 obj << /S /GoTo /D (14.83.1) >> endobj 796 0 obj (A.1. General) endobj 797 0 obj << /S /GoTo /D (14.84.1) >> endobj 800 0 obj (A.2. Optional modules to perform additional checks) endobj 801 0 obj << /S /GoTo /D (14.85.1) >> endobj 804 0 obj (A.3. OpenPGP Signatures on Configuration/Database Files) endobj 805 0 obj << /S /GoTo /D (14.86.1) >> endobj 808 0 obj (A.4. Client/Server Connectivity) endobj 809 0 obj << /S /GoTo /D (14.87.1) >> endobj 812 0 obj (A.5. Paths) endobj 813 0 obj << /S /GoTo /D (15.0) >> endobj 816 0 obj (Appendix B. List of command line options) endobj 817 0 obj << /S /GoTo /D (15.88.1) >> endobj 820 0 obj (B.1. General) endobj 821 0 obj << /S /GoTo /D (15.89.1) >> endobj 824 0 obj (B.2. samhain) endobj 825 0 obj << /S /GoTo /D (15.90.1) >> endobj 828 0 obj (B.3. yule) endobj 829 0 obj << /S /GoTo /D (16.0) >> endobj 832 0 obj (Appendix C. Configuration file syntax and options) endobj 833 0 obj << /S /GoTo /D (16.91.1) >> endobj 836 0 obj (C.1. General) endobj 837 0 obj << /S /GoTo /D (16.91.78.2) >> endobj 840 0 obj (C.1.1. Shell expansion) endobj 841 0 obj << /S /GoTo /D (16.91.79.2) >> endobj 844 0 obj (C.1.2. Conditionals) endobj 845 0 obj << /S /GoTo /D (16.92.1) >> endobj 848 0 obj (C.2. Files to check) endobj 849 0 obj << /S /GoTo /D (16.93.1) >> endobj 852 0 obj (C.3. Severity of events) endobj 853 0 obj << /S /GoTo /D (16.94.1) >> endobj 856 0 obj (C.4. Logging thresholds) endobj 857 0 obj << /S /GoTo /D (16.95.1) >> endobj 860 0 obj (C.5. Watching login/logout events) endobj 861 0 obj << /S /GoTo /D (16.96.1) >> endobj 864 0 obj (C.6. Checking for kernel module rootkits) endobj 865 0 obj << /S /GoTo /D (16.97.1) >> endobj 868 0 obj (C.7. Checking for SUID/SGID files) endobj 869 0 obj << /S /GoTo /D (16.98.1) >> endobj 872 0 obj (C.8. Checking for mount options) endobj 873 0 obj << /S /GoTo /D (16.99.1) >> endobj 876 0 obj (C.9. Checking for user files) endobj 877 0 obj << /S /GoTo /D (16.100.1) >> endobj 880 0 obj (C.10. Checking for hidden/fake/required processes) endobj 881 0 obj << /S /GoTo /D (16.101.1) >> endobj 884 0 obj (C.11. Checking for open ports) endobj 885 0 obj << /S /GoTo /D (16.102.1) >> endobj 888 0 obj (C.12. Logfile monitoring/analysis) endobj 889 0 obj << /S /GoTo /D (16.103.1) >> endobj 892 0 obj (C.13. Database) endobj 893 0 obj << /S /GoTo /D (16.104.1) >> endobj 896 0 obj (C.14. Miscellaneous) endobj 897 0 obj << /S /GoTo /D (16.105.1) >> endobj 900 0 obj (C.15. External) endobj 901 0 obj << /S /GoTo /D (16.106.1) >> endobj 904 0 obj (C.16. Clients) endobj 905 0 obj << /S /GoTo /D (17.0) >> endobj 908 0 obj (Appendix D. List of database fields) endobj 909 0 obj << /S /GoTo /D (17.107.1) >> endobj 912 0 obj (D.1. General) endobj 913 0 obj << /S /GoTo /D (17.108.1) >> endobj 916 0 obj (D.2. Modules) endobj 917 0 obj << /S /GoTo /D (17.109.1) >> endobj 920 0 obj (D.3. Syslog) endobj 921 0 obj << /S /GoTo /D (18.0) >> endobj 924 0 obj (Appendix E. List of recognized file types) endobj 925 0 obj << /S /GoTo /D [926 0 R /Fit ] >> endobj 928 0 obj << /Length 134 /Filter /FlateDecode >> stream x3PHW0Pp2N!\nF F&z !i fz& zFFF !) !FyG~q W^YR`bgikl4bo~^fI~Qf^:Ԝ\jK`k)K endstream endobj 926 0 obj << /Type /Page /Contents 928 0 R /Resources 927 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R >> endobj 929 0 obj << /D [926 0 R /XYZ -1.269 814.22 null] >> endobj 930 0 obj << /D [926 0 R /XYZ 71.731 718.306 null] >> endobj 931 0 obj << /D [926 0 R /XYZ 71.731 718.306 null] >> endobj 2 0 obj << /D [926 0 R /XYZ 408.092 667.995 null] >> endobj 927 0 obj << /Font << /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 936 0 obj << /Length 656 /Filter /FlateDecode >> stream xڭUQo ~-pl쾵uZjq7Mc"p6mO3  N[/ʓA gA$yPlYcKڵ y'{mkZq)ulac F)a.6B0+nG8EC'SaȫBLQ(D. 6Q#sTKayo׵Fm7Zڵr)EYڣZUa8hfϨgeɚ7{zZVCDŽ5'[M^c\ s;"JPE |R=+&zJ c9BL= 4zf`^dȺ*P4teP>LJpa} ڿ(By6K &M1n%\ŨƓS߃%F녒BǗrvڋ2"0dɣN[gTj m:?8QW^hbBHTmk ǧ7|ì89=Lal6vM#MksFתSR9z3vn7rfI@~a&{snW͋Q[r>f0tcm/2c}i}my endstream endobj 935 0 obj << /Type /Page /Contents 936 0 R /Resources 934 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R >> endobj 937 0 obj << /D [935 0 R /XYZ -1.269 814.22 null] >> endobj 934 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1034 0 obj << /Length 2047 /Filter /FlateDecode >> stream xo8{ 6VDknv1v[ifݿ~Rj5/I{Ob`H>x/^> 哣0O<^&,^D~r6[`&O"j|fNǟMeUe^8ʽ/0ݿdy( `\^oݮ6յa4G !BL|*8FVYlզ;պ{+|~#qF~!\ݯfb./x8 /яV7꿭VaUq/G4(r\J#7~ 㣭ʎci#gz᦭:x{'i}($?&gfY\`F8h@M\HF/{oAXGNY_=6lFFuq~4r>٨RWh-dt>rS#0?\GVnϤ(%`⌬\?֥jnֵZYSKɴH&"0+~ݪ6jnGWE[_]O(7z*U˲;hqy2?4 o5H`p81@?=7ݣq0̼}бtL;CmާkƸwAéVfbIIcgMYvy eNOKoxEi@E)VSiV.y*? ;ʶ>ء(8;xH>qn0wa6s.n'R.YTF7~p_(bN ӓK1qpM[YuĜ2ne^r4˦ ŝH9e ߨ߻w6VYҚz%!a055޶禶Q4~6'ڎngO8G['W'^)0ci6\T\<τč/UjYKĆf{qEnk3lԮmϺgh31#sZLf}ƷlFw!ы:wj|_'ϥ'BLʧSCq{_a-OEďՍ=7m}ݑ=sLcgjSk4f|g͂]ӱ+8^,KqXߤT}վw &gKՉ߯T?g.ҷԥ<)]:_ݺjeFN/yMI+#umk]0e\ptm޴{znJҪm0u&3պ3d֗ I9w :'$COUٮo|77[iOֺVײ]OKU>Թ߽ 1 :" ']!(xgx8nOo~']Z_'K endstream endobj 1033 0 obj << /Type /Page /Contents 1034 0 R /Resources 1032 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R /Annots [ 940 0 R 941 0 R 942 0 R 943 0 R 944 0 R 945 0 R 946 0 R 947 0 R 948 0 R 949 0 R 950 0 R 951 0 R 952 0 R 953 0 R 954 0 R 955 0 R 956 0 R 957 0 R 958 0 R 959 0 R 960 0 R 961 0 R 962 0 R 963 0 R 964 0 R 965 0 R 966 0 R 967 0 R 968 0 R 969 0 R 970 0 R 971 0 R 972 0 R 973 0 R 974 0 R 975 0 R 976 0 R 977 0 R 978 0 R 979 0 R 980 0 R 981 0 R 982 0 R 983 0 R 984 0 R 985 0 R 986 0 R 987 0 R 988 0 R 989 0 R 990 0 R 991 0 R 992 0 R 993 0 R 994 0 R 995 0 R 996 0 R 997 0 R 998 0 R 999 0 R 1000 0 R 1001 0 R 1002 0 R 1003 0 R 1004 0 R 1005 0 R 1006 0 R 1007 0 R 1008 0 R 1009 0 R 1010 0 R 1011 0 R 1012 0 R 1013 0 R 1014 0 R 1015 0 R 1016 0 R 1017 0 R 1018 0 R 1019 0 R 1020 0 R 1021 0 R 1022 0 R 1023 0 R 1024 0 R 1025 0 R 1026 0 R 1027 0 R 1028 0 R 1029 0 R ] >> endobj 940 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 685.037 184.577 694.014] /A << /S /GoTo /D (0:INTRO) >> >> endobj 941 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 685.037 522.316 694.014] /A << /S /GoTo /D (0:INTRO) >> >> endobj 942 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 667.792 235.705 678.671] /A << /S /GoTo /D (0:INSTALLATION) >> >> endobj 943 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 667.792 522.316 678.671] /A << /S /GoTo /D (0:INSTALLATION) >> >> endobj 944 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 654.372 200.777 663.219] /A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> >> endobj 945 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 654.372 522.316 663.219] /A << /S /GoTo /D (0:INSTALLATION-OVERVIEW) >> >> endobj 946 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 639.364 217.235 650.268] /A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> >> endobj 947 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 639.364 522.316 650.268] /A << /S /GoTo /D (0:INSTALLATION-REQUIREMENTS) >> >> endobj 948 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 628.469 249.474 637.316] /A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> >> endobj 949 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 628.469 522.316 637.316] /A << /S /GoTo /D (0:INSTALLATION-DOWNLOAD) >> >> endobj 950 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 613.461 253.21 624.365] /A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> >> endobj 951 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 613.461 522.316 624.365] /A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> >> endobj 952 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 602.567 184.04 611.413] /A << /S /GoTo /D (0:INSTALLATION-BUILD) >> >> endobj 953 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 602.567 522.316 611.413] /A << /S /GoTo /D (0:INSTALLATION-BUILD) >> >> endobj 954 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 589.615 186.799 598.462] /A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> >> endobj 955 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 589.615 522.316 598.462] /A << /S /GoTo /D (0:INSTALLATION-INSTALL) >> >> endobj 956 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 576.544 204.512 585.51] /A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> >> endobj 957 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 576.544 522.316 585.51] /A << /S /GoTo /D (0:INSTALLATION-CUSTOMIZE) >> >> endobj 958 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 563.593 283.903 572.559] /A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> >> endobj 959 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [515.342 563.593 522.316 572.559] /A << /S /GoTo /D (0:INSTALLATION-INITIALIZE) >> >> endobj 960 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 550.641 214.196 559.608] /A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> >> endobj 961 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 550.641 522.316 559.608] /A << /S /GoTo /D (0:INSTALLATION-RUNNING) >> >> endobj 962 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 535.752 268.98 546.656] /A << /S /GoTo /D (0:LAYOUT) >> >> endobj 963 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 535.752 522.316 546.656] /A << /S /GoTo /D (0:LAYOUT) >> >> endobj 964 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 524.858 217.513 533.705] /A << /S /GoTo /D (0:TESTSUITE) >> >> endobj 965 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 524.858 522.316 533.705] /A << /S /GoTo /D (0:TESTSUITE) >> >> endobj 966 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 507.593 215.74 518.472] /A << /S /GoTo /D (0:USAGE) >> >> endobj 967 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 507.593 522.316 518.472] /A << /S /GoTo /D (0:USAGE) >> >> endobj 968 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 494.173 220.164 503.02] /A << /S /GoTo /D (0:HOW-TO-INVOKE) >> >> endobj 969 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 494.173 522.316 503.02] /A << /S /GoTo /D (0:HOW-TO-INVOKE) >> >> endobj 970 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 479.164 315.206 490.068] /A << /S /GoTo /D (0:DAEMONTOOL) >> >> endobj 971 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 479.164 522.316 490.068] /A << /S /GoTo /D (0:DAEMONTOOL) >> >> endobj 972 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 466.213 256.537 477.117] /A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> >> endobj 973 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 466.213 522.316 477.117] /A << /S /GoTo /D (0:CONTROLLING-THE-DAEMON) >> >> endobj 974 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 453.261 191.232 464.165] /A << /S /GoTo /D (0:SIGNALS) >> >> endobj 975 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 453.261 522.316 464.165] /A << /S /GoTo /D (0:SIGNALS) >> >> endobj 976 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 442.367 193.165 451.214] /A << /S /GoTo /D (0:PID-FILE) >> >> endobj 977 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 442.367 522.316 451.214] /A << /S /GoTo /D (0:PID-FILE) >> >> endobj 978 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 427.359 226.649 438.263] /A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> >> endobj 979 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 427.359 522.316 438.263] /A << /S /GoTo /D (0:LOG-FILE-ROTATION) >> >> endobj 980 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 414.407 304.666 425.311] /A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> >> endobj 981 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 414.407 522.316 425.311] /A << /S /GoTo /D (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) >> >> endobj 982 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 401.456 300.93 412.36] /A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> >> endobj 983 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 401.456 522.316 412.36] /A << /S /GoTo /D (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) >> >> endobj 984 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 388.504 371.943 399.408] /A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> >> endobj 985 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 388.504 522.316 399.408] /A << /S /GoTo /D (0:OPTIONS-CONFIGURATION-FILE) >> >> endobj 986 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 377.61 306.33 386.457] /A << /S /GoTo /D (0:DNMALLOC) >> >> endobj 987 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 377.61 522.316 386.457] /A << /S /GoTo /D (0:DNMALLOC) >> >> endobj 988 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 362.601 272.049 373.505] /A << /S /GoTo /D (0:SUPPORT) >> >> endobj 989 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 362.601 522.316 373.505] /A << /S /GoTo /D (0:SUPPORT) >> >> endobj 990 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 347.393 272.487 358.273] /A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> >> endobj 991 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 347.393 522.316 358.273] /A << /S /GoTo /D (0:BASIC-CONFIGURATION) >> >> endobj 992 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 333.974 193.424 342.82] /A << /S /GoTo /D (0:LOGDEF) >> >> endobj 993 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 333.974 522.316 342.82] /A << /S /GoTo /D (0:LOGDEF) >> >> endobj 994 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 318.965 269.279 329.869] /A << /S /GoTo /D (0:CONFIGFACILITY) >> >> endobj 995 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 318.965 522.316 329.869] /A << /S /GoTo /D (0:CONFIGFACILITY) >> >> endobj 996 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 306.014 364.132 316.918] /A << /S /GoTo /D (0:THRESHOLDS) >> >> endobj 997 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 306.014 522.316 316.918] /A << /S /GoTo /D (0:THRESHOLDS) >> >> endobj 998 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 295 189.011 303.966] /A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> >> endobj 999 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 295 522.316 303.966] /A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> >> endobj 1000 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 280.111 193.165 291.015] /A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> >> endobj 1001 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 280.111 522.316 291.015] /A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> >> endobj 1002 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 267.159 204.622 278.063] /A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> >> endobj 1003 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 267.159 522.316 278.063] /A << /S /GoTo /D (0:CONFIGURATION-LOGSERVER) >> >> endobj 1004 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 256.265 232.347 265.112] /A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> >> endobj 1005 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 256.265 522.316 265.112] /A << /S /GoTo /D (0:CONFIGURATION-EXTERNAL) >> >> endobj 1006 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 243.314 194.55 252.16] /A << /S /GoTo /D (0:CONSOLEDETAILS) >> >> endobj 1007 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 243.314 522.316 252.16] /A << /S /GoTo /D (0:CONSOLEDETAILS) >> >> endobj 1008 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 230.243 192.328 239.209] /A << /S /GoTo /D (0:PRELUDEDETAILS) >> >> endobj 1009 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 230.243 522.316 239.209] /A << /S /GoTo /D (0:PRELUDEDETAILS) >> >> endobj 1010 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 215.354 275.077 226.258] /A << /S /GoTo /D (0:NAGIOS) >> >> endobj 1011 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 215.354 522.316 226.258] /A << /S /GoTo /D (0:NAGIOS) >> >> endobj 1012 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 202.402 194.002 213.306] /A << /S /GoTo /D (0:SYSLOGDETAILS) >> >> endobj 1013 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 202.402 522.316 213.306] /A << /S /GoTo /D (0:SYSLOGDETAILS) >> >> endobj 1014 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 189.824 224.697 200.355] /A << /S /GoTo /D (0:SQLDETAILS) >> >> endobj 1015 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 189.824 522.316 200.355] /A << /S /GoTo /D (0:SQLDETAILS) >> >> endobj 1016 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 174.243 334.753 185.122] /A << /S /GoTo /D (0:FILE-MONITOR) >> >> endobj 1017 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 174.243 522.316 185.122] /A << /S /GoTo /D (0:FILE-MONITOR) >> >> endobj 1018 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 158.766 225.803 169.67] /A << /S /GoTo /D (0:BASCLT) >> >> endobj 1019 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 158.766 522.316 169.67] /A << /S /GoTo /D (0:BASCLT) >> >> endobj 1020 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 147.872 281.543 156.718] /A << /S /GoTo /D (0:HASH-FUNCTION) >> >> endobj 1021 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 147.872 522.316 156.718] /A << /S /GoTo /D (0:HASH-FUNCTION) >> >> endobj 1022 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 132.863 220.283 143.767] /A << /S /GoTo /D (0:FILE-SIGNATURES) >> >> endobj 1023 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 132.863 522.316 143.767] /A << /S /GoTo /D (0:FILE-SIGNATURES) >> >> endobj 1024 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 119.912 380.71 130.816] /A << /S /GoTo /D (0:FILEDEF) >> >> endobj 1025 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 119.912 522.316 130.816] /A << /S /GoTo /D (0:FILEDEF) >> >> endobj 1026 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 106.96 372.919 117.864] /A << /S /GoTo /D (0:ALL-EXCEPT) >> >> endobj 1027 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 106.96 522.316 117.864] /A << /S /GoTo /D (0:ALL-EXCEPT) >> >> endobj 1028 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 94.009 235.705 104.913] /A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> >> endobj 1029 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 94.009 522.316 104.913] /A << /S /GoTo /D (0:TIMING-FILE-CHECKS) >> >> endobj 1035 0 obj << /D [1033 0 R /XYZ -1.269 814.22 null] >> endobj 6 0 obj << /D [1033 0 R /XYZ 244.332 703.236 null] >> endobj 1032 0 obj << /Font << /F25 932 0 R /F38 1036 0 R /F31 938 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1176 0 obj << /Length 2042 /Filter /FlateDecode >> stream x]oF| Uj/%fqn jEӋ15fTrWf(Y1UE]y 6KbB? :Ny,Y<;i/M3uA$Qg{`ЙL;tQ47ZY%r?o^Z-nM]zɯ>_Np5 @8 q7ܯAgͽt<3vyfr%7|(wj]poĥ(eH2GBR^#{o)\l>59_zs9TZJ[& q-~pa؝ZQ x?:l&O(MgP(7V4r)͵4UzTti^fUWOݶ=-ŵqr_~:E 9IEj<w^DIg2Fq/ a/ěyatm@Yz@YQ,x;h>1H)1;q70F>0WRB<8nh{͢z&|C<VtXZ; [U_%=)dp%Y҆/Sk,NZ.v=_jqy879\PMZ {֥(%zesԯ]γnw7W_WMc0/m -_e?8v]_ܘn~,K16bA˅M%ՙ2uf RLq1)O7: P~_;}=yUͱ֏[l\[e ?M-zo˜(' _s\ zn@i 2Cet뾟rՉS!ۍ[l(ɒ~z9l;1/EuY,w<];/nz_D؟Bu9a\@֭Q=t9i7ʶsC?,fX_kxH"NK(Lf(:{T?1~.r5F~EEp5B,0+כ-M2ɖ2W38gqz;yV2sg o+5lp\y.]c/D|]VUD]1,WK̩xR?*7>NUvUvu[+](@5rR Q3ať(ݚH$D3n=xl\bq%ӅP”aNzmU lS%+&_RXGERZmw~pSs;9[Yq7^ @0m i "3Y4Xx2}0paL.ssںi6uƺyeJ[ (|`+:k'綠2{9*Aw'IhM׀ O$RF]~ªR7;Kdԅϋ])s8|#޹GA/IKv0%xsVݗgK endstream endobj 1175 0 obj << /Type /Page /Contents 1176 0 R /Resources 1174 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R /Annots [ 1030 0 R 1031 0 R 1082 0 R 1083 0 R 1084 0 R 1085 0 R 1086 0 R 1087 0 R 1088 0 R 1089 0 R 1090 0 R 1091 0 R 1092 0 R 1093 0 R 1094 0 R 1095 0 R 1096 0 R 1097 0 R 1098 0 R 1099 0 R 1100 0 R 1101 0 R 1102 0 R 1103 0 R 1104 0 R 1105 0 R 1106 0 R 1107 0 R 1108 0 R 1109 0 R 1110 0 R 1111 0 R 1112 0 R 1113 0 R 1114 0 R 1115 0 R 1116 0 R 1117 0 R 1118 0 R 1119 0 R 1120 0 R 1121 0 R 1122 0 R 1123 0 R 1124 0 R 1125 0 R 1126 0 R 1127 0 R 1128 0 R 1129 0 R 1130 0 R 1131 0 R 1132 0 R 1133 0 R 1134 0 R 1135 0 R 1136 0 R 1137 0 R 1138 0 R 1139 0 R 1140 0 R 1141 0 R 1142 0 R 1143 0 R 1144 0 R 1145 0 R 1146 0 R 1147 0 R 1148 0 R 1149 0 R 1150 0 R 1151 0 R 1152 0 R 1153 0 R 1154 0 R 1155 0 R 1156 0 R 1157 0 R 1158 0 R 1159 0 R 1160 0 R 1161 0 R 1162 0 R 1163 0 R ] >> endobj 1030 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 705.191 297.204 716.095] /A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> >> endobj 1031 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 705.191 522.316 716.095] /A << /S /GoTo /D (0:INITIALIZING-UPDATING-CHECKING) >> >> endobj 1082 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 692.239 268.412 703.143] /A << /S /GoTo /D (0:DATABASEFILE) >> >> endobj 1083 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 692.239 522.316 703.143] /A << /S /GoTo /D (0:DATABASEFILE) >> >> endobj 1084 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 679.288 360.018 690.192] /A << /S /GoTo /D (0:SUIDCHK) >> >> endobj 1085 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 679.288 522.316 690.192] /A << /S /GoTo /D (0:SUIDCHK) >> >> endobj 1086 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 666.336 267.894 677.24] /A << /S /GoTo /D (0:KERNELDEF) >> >> endobj 1087 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 666.336 522.316 677.24] /A << /S /GoTo /D (0:KERNELDEF) >> >> endobj 1088 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 653.385 291.017 664.289] /A << /S /GoTo /D (0:MONDEF) >> >> endobj 1089 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 653.385 522.316 664.289] /A << /S /GoTo /D (0:MONDEF) >> >> endobj 1090 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 640.433 318.803 651.337] /A << /S /GoTo /D (0:MOUNTCHECK) >> >> endobj 1091 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 640.433 522.316 651.337] /A << /S /GoTo /D (0:MOUNTCHECK) >> >> endobj 1092 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 627.482 325.338 638.386] /A << /S /GoTo /D (0:USERCHECK) >> >> endobj 1093 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 627.482 522.316 638.386] /A << /S /GoTo /D (0:USERCHECK) >> >> endobj 1094 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 614.531 342.932 625.435] /A << /S /GoTo /D (0:PROCESSCHECK) >> >> endobj 1095 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 614.531 522.316 625.435] /A << /S /GoTo /D (0:PROCESSCHECK) >> >> endobj 1096 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 601.579 263.441 612.483] /A << /S /GoTo /D (0:PORTCHECK) >> >> endobj 1097 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 601.579 522.316 612.483] /A << /S /GoTo /D (0:PORTCHECK) >> >> endobj 1098 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 588.628 277.299 599.532] /A << /S /GoTo /D (0:LOGMON) >> >> endobj 1099 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 588.628 522.316 599.532] /A << /S /GoTo /D (0:LOGMON) >> >> endobj 1100 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 575.676 292.532 586.58] /A << /S /GoTo /D (0:WINREG) >> >> endobj 1101 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 575.676 522.316 586.58] /A << /S /GoTo /D (0:WINREG) >> >> endobj 1102 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 564.663 201.743 573.629] /A << /S /GoTo /D (0:MODULES) >> >> endobj 1103 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 564.663 522.316 573.629] /A << /S /GoTo /D (0:MODULES) >> >> endobj 1104 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 549.773 245.728 560.677] /A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> >> endobj 1105 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 549.773 522.316 560.677] /A << /S /GoTo /D (0:PERFORMANCE-TUNING) >> >> endobj 1106 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 536.822 404.82 547.726] /A << /S /GoTo /D (0:FILE-CONTENT-STORE) >> >> endobj 1107 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 536.822 522.316 547.726] /A << /S /GoTo /D (0:FILE-CONTENT-STORE) >> >> endobj 1108 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 523.871 408.994 534.775] /A << /S /GoTo /D (0:FINOTIFY) >> >> endobj 1109 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 523.871 522.316 534.775] /A << /S /GoTo /D (0:FINOTIFY) >> >> endobj 1110 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 508.663 264.527 519.542] /A << /S /GoTo /D (0:YULE) >> >> endobj 1111 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 508.663 522.316 519.542] /A << /S /GoTo /D (0:YULE) >> >> endobj 1112 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 495.123 193.424 504.09] /A << /S /GoTo /D (0:GENERAL) >> >> endobj 1113 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 495.123 522.316 504.09] /A << /S /GoTo /D (0:GENERAL) >> >> endobj 1114 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 480.234 271.48 491.138] /A << /S /GoTo /D (0:DROPROOT) >> >> endobj 1115 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 480.234 522.316 491.138] /A << /S /GoTo /D (0:DROPROOT) >> >> endobj 1116 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 467.283 239.222 478.187] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 1117 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 467.283 522.316 478.187] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 1118 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 454.331 282.39 465.235] /A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> >> endobj 1119 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 454.331 522.316 465.235] /A << /S /GoTo /D (0:ENABLING-LOGGING-TO-THE-SERVER) >> >> endobj 1120 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 441.38 450.637 452.284] /A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> >> endobj 1121 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [510.361 441.38 522.316 452.284] /A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> >> endobj 1122 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 428.428 307.166 439.332] /A << /S /GoTo /D (0:SERVER-LOGGING) >> >> endobj 1123 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 428.428 522.316 439.332] /A << /S /GoTo /D (0:SERVER-LOGGING) >> >> endobj 1124 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 415.477 256.567 426.381] /A << /S /GoTo /D (0:GCM) >> >> endobj 1125 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 415.477 522.316 426.381] /A << /S /GoTo /D (0:GCM) >> >> endobj 1126 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 402.526 281.264 413.43] /A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> >> endobj 1127 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 402.526 522.316 413.43] /A << /S /GoTo /D (0:SERVER-STATUS-INFORMATION) >> >> endobj 1128 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 391.512 189.569 400.478] /A << /S /GoTo /D (0:CHROOT) >> >> endobj 1129 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 391.512 522.316 400.478] /A << /S /GoTo /D (0:CHROOT) >> >> endobj 1130 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 376.623 339.236 387.527] /A << /S /GoTo /D (0:LIBWRAP) >> >> endobj 1131 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 376.623 522.316 387.527] /A << /S /GoTo /D (0:LIBWRAP) >> >> endobj 1132 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 363.671 283.934 374.575] /A << /S /GoTo /D (0:SEND-COMMANDS) >> >> endobj 1133 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 363.671 522.316 374.575] /A << /S /GoTo /D (0:SEND-COMMANDS) >> >> endobj 1134 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 350.72 226.938 361.624] /A << /S /GoTo /D (0:UDP) >> >> endobj 1135 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 350.72 522.316 361.624] /A << /S /GoTo /D (0:UDP) >> >> endobj 1136 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 337.768 253.509 348.672] /A << /S /GoTo /D (0:SERVER-TO-SERVER) >> >> endobj 1137 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 337.768 522.316 348.672] /A << /S /GoTo /D (0:SERVER-TO-SERVER) >> >> endobj 1138 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 324.817 245.728 335.721] /A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> >> endobj 1139 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 324.817 522.316 335.721] /A << /S /GoTo /D (0:PERFORMANCE-TUNING-SERVER) >> >> endobj 1140 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 309.609 256.388 320.488] /A << /S /GoTo /D (0:EXTERN) >> >> endobj 1141 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 309.609 522.316 320.488] /A << /S /GoTo /D (0:EXTERN) >> >> endobj 1142 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 294.132 183.482 305.036] /A << /S /GoTo /D (0:PIPES) >> >> endobj 1143 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 294.132 522.316 305.036] /A << /S /GoTo /D (0:PIPES) >> >> endobj 1144 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 281.181 263.441 292.085] /A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> >> endobj 1145 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 281.181 522.316 292.085] /A << /S /GoTo /D (0:SYSTEM-V-MESSAGE-QUEUE) >> >> endobj 1146 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 268.229 265.782 279.133] /A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> >> endobj 1147 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 268.229 522.316 279.133] /A << /S /GoTo /D (0:CALLING-EXTERNAL-PROGRAMS) >> >> endobj 1148 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 253.021 385.532 263.9] /A << /S /GoTo /D (0:SIGNED-FILES) >> >> endobj 1149 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 253.021 522.316 263.9] /A << /S /GoTo /D (0:SIGNED-FILES) >> >> endobj 1150 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 237.544 262.614 248.448] /A << /S /GoTo /D (0:SAMHAINADMIN) >> >> endobj 1151 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 237.544 522.316 248.448] /A << /S /GoTo /D (0:SAMHAINADMIN) >> >> endobj 1152 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 224.239 259.874 233.215] /A << /S /GoTo /D (0:STEALTHMODE) >> >> endobj 1153 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 224.239 522.316 233.215] /A << /S /GoTo /D (0:STEALTHMODE) >> >> endobj 1154 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 206.859 249.025 217.763] /A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> >> endobj 1155 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 206.859 522.316 217.763] /A << /S /GoTo /D (0:HIDING-THE-EXECUTABLE) >> >> endobj 1156 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 193.908 253.299 204.812] /A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> >> endobj 1157 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 193.908 522.316 204.812] /A << /S /GoTo /D (0:PACKING-THE-EXECUTABLE) >> >> endobj 1158 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 178.7 254.006 189.579] /A << /S /GoTo /D (0:DEPLOYMENT) >> >> endobj 1159 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 178.7 522.316 189.579] /A << /S /GoTo /D (0:DEPLOYMENT) >> >> endobj 1160 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 163.223 307.904 174.127] /A << /S /GoTo /D (0:DEPLOY.SH) >> >> endobj 1161 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 163.223 522.316 174.127] /A << /S /GoTo /D (0:DEPLOY.SH) >> >> endobj 1162 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 150.272 326.116 161.176] /A << /S /GoTo /D (0:NATIVE-PACKAGES) >> >> endobj 1163 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 150.272 522.316 161.176] /A << /S /GoTo /D (0:NATIVE-PACKAGES) >> >> endobj 1177 0 obj << /D [1175 0 R /XYZ -1.269 814.22 null] >> endobj 1174 0 obj << /Font << /F31 938 0 R /F38 1036 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1288 0 obj << /Length 1572 /Filter /FlateDecode >> stream xoH{ $QWZ)T{뗪ٿ~ҎtՒ|/!ΧI#3XczgL麖vc:7> 0g;Y]u5yLNμ!N΄ ~8(0, q&myaES`|̣/ ʖ퇭+"Ū7i!,oEXdIWQVuA"M%ePpjaV&:L\&L mN=> 3*Si#/Lih[u p-SE /tok}.6yqTmXyuZ@eJe E0hY̲xS~a|gc&͈ͳːtmo_ռLdZq#E4LJ1[\c'B^*fd?xvxFE5oG>沽ވFn:޽i,^,^޶p7o6mS9+f/iZiN gQ׸>Kg. ~3^G鼺HT~+lhieÍ;me3XCwGTA΋L^DpuPWgA]]=C+I3.-M B)}! Al!7_ GC)BQ0vxi0l 'vV-q׫WW*5\mF> ƃmm?x̒9OSnA9:`WMR U|mRTk5/2ϱ>V!/ZzF;B||3\G^ǍFN,TVeZ;W\ cWˬ:!g*yb+W|.b[*L2WgLyǍO vED.:B&؅}%ÜU*&QF]kCC7Vy}:ITDQ.# ϡ$}Kwq>IR;cxys9k!4JM.6~]{o'T$q/2У#4C8l3:5mǮIjͩqt d?yu} z&oIu2~ː- 9[񝚗c|YZؽ:&fs]!Zx*G ĕ"` gj7Rw1WmPutA>voK:~9֫ endstream endobj 1287 0 obj << /Type /Page /Contents 1288 0 R /Resources 1286 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R /Annots [ 1164 0 R 1165 0 R 1166 0 R 1167 0 R 1168 0 R 1169 0 R 1170 0 R 1171 0 R 1172 0 R 1173 0 R 1220 0 R 1221 0 R 1222 0 R 1223 0 R 1224 0 R 1225 0 R 1226 0 R 1227 0 R 1228 0 R 1229 0 R 1230 0 R 1231 0 R 1232 0 R 1233 0 R 1234 0 R 1235 0 R 1236 0 R 1237 0 R 1238 0 R 1239 0 R 1240 0 R 1241 0 R 1242 0 R 1243 0 R 1244 0 R 1245 0 R 1246 0 R 1247 0 R 1248 0 R 1249 0 R 1250 0 R 1251 0 R 1252 0 R 1253 0 R 1254 0 R 1255 0 R 1256 0 R 1257 0 R 1258 0 R 1259 0 R 1260 0 R 1261 0 R 1262 0 R 1263 0 R 1264 0 R 1265 0 R 1266 0 R 1267 0 R 1268 0 R 1269 0 R 1270 0 R 1271 0 R 1272 0 R 1273 0 R 1274 0 R 1275 0 R 1276 0 R 1277 0 R 1278 0 R 1279 0 R 1280 0 R 1281 0 R 1282 0 R 1283 0 R 1284 0 R 1285 0 R ] >> endobj 1164 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 705.325 202.181 716.204] /A << /S /GoTo /D (0:SECURITY-DESIGN) >> >> endobj 1165 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 705.325 522.316 716.204] /A << /S /GoTo /D (0:SECURITY-DESIGN) >> >> endobj 1166 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 689.848 191.771 700.752] /A << /S /GoTo /D (0:SECURITY-USAGE) >> >> endobj 1167 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 689.848 522.316 700.752] /A << /S /GoTo /D (0:SECURITY-USAGE) >> >> endobj 1168 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 676.897 306.977 687.801] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 1169 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 676.897 522.316 687.801] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 1170 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 663.945 272.128 674.849] /A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> >> endobj 1171 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 663.945 522.316 674.849] /A << /S /GoTo /D (0:CLIENT-INTEGRITY) >> >> endobj 1172 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 653.051 209.046 661.898] /A << /S /GoTo /D (0:SERVER-SECURITY) >> >> endobj 1173 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 653.051 522.316 661.898] /A << /S /GoTo /D (0:SERVER-SECURITY) >> >> endobj 1220 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 640.1 198.406 648.946] /A << /S /GoTo /D (0:DESIGN) >> >> endobj 1221 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 640.1 522.316 648.946] /A << /S /GoTo /D (0:DESIGN) >> >> endobj 1222 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 622.834 298.608 633.714] /A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> >> endobj 1223 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 622.834 522.316 633.714] /A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> >> endobj 1224 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 609.415 195.636 618.261] /A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> >> endobj 1225 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 609.415 522.316 618.261] /A << /S /GoTo /D (0:COMPILATION-OPTIONS-GENERAL) >> >> endobj 1226 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 594.406 351.988 605.31] /A << /S /GoTo /D (0:COMPILATION-CHECKS) >> >> endobj 1227 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 594.406 522.316 605.31] /A << /S /GoTo /D (0:COMPILATION-CHECKS) >> >> endobj 1228 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 581.455 379.953 592.359] /A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> >> endobj 1229 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 581.455 522.316 592.359] /A << /S /GoTo /D (0:OPENPGP-SIGNATURES) >> >> endobj 1230 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 568.503 270.803 579.407] /A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> >> endobj 1231 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 568.503 522.316 579.407] /A << /S /GoTo /D (0:CLIENT-SERVER-CONNECTIVITY) >> >> endobj 1232 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 557.609 185.544 566.456] /A << /S /GoTo /D (0:PATHS) >> >> endobj 1233 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 557.609 522.316 566.456] /A << /S /GoTo /D (0:PATHS) >> >> endobj 1234 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 540.344 255.61 551.223] /A << /S /GoTo /D (0:COMMAND-LINE) >> >> endobj 1235 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 540.344 522.316 551.223] /A << /S /GoTo /D (0:COMMAND-LINE) >> >> endobj 1236 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 526.924 195.088 535.771] /A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> >> endobj 1237 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 526.924 522.316 535.771] /A << /S /GoTo /D (0:COMMAND-LINE-GENERAL) >> >> endobj 1238 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 513.973 196.762 522.819] /A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> >> endobj 1239 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 513.973 522.316 522.819] /A << /S /GoTo /D (0:SAMHAIN-COMMAND-LINE) >> >> endobj 1240 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 498.964 180.712 509.868] /A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> >> endobj 1241 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 498.964 522.316 509.868] /A << /S /GoTo /D (0:COMMAND-LINE-YULE) >> >> endobj 1242 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 483.756 289.941 494.635] /A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> >> endobj 1243 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 483.756 522.316 494.635] /A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> >> endobj 1244 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 470.336 195.088 479.183] /A << /S /GoTo /D (0:CONFIGFILE) >> >> endobj 1245 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 470.336 522.316 479.183] /A << /S /GoTo /D (0:CONFIGFILE) >> >> endobj 1246 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 457.385 218.898 466.232] /A << /S /GoTo /D (0:FILES-TO-CHECK) >> >> endobj 1247 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 457.385 522.316 466.232] /A << /S /GoTo /D (0:FILES-TO-CHECK) >> >> endobj 1248 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 442.376 234.699 453.28] /A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> >> endobj 1249 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 442.376 522.316 453.28] /A << /S /GoTo /D (0:SEVERITY-OF-EVENTS) >> >> endobj 1250 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 429.425 240.766 440.329] /A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> >> endobj 1251 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 429.425 522.316 440.329] /A << /S /GoTo /D (0:LOGGING-THRESHOLDS) >> >> endobj 1252 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 416.473 280.248 427.377] /A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> >> endobj 1253 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 416.473 522.316 427.377] /A << /S /GoTo /D (0:WATCHING-LOGIN-LOGOUT-EVENTS) >> >> endobj 1254 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 403.522 308.452 414.426] /A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> >> endobj 1255 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 403.522 522.316 414.426] /A << /S /GoTo /D (0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) >> >> endobj 1256 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 390.57 286.694 401.474] /A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> >> endobj 1257 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 390.57 522.316 401.474] /A << /S /GoTo /D (0:CHECKING-FOR-SUID-FILES) >> >> endobj 1258 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 377.619 275.635 388.523] /A << /S /GoTo /D (0:CHECKING-MOUNTS) >> >> endobj 1259 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 377.619 522.316 388.523] /A << /S /GoTo /D (0:CHECKING-MOUNTS) >> >> endobj 1260 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 364.668 254.036 375.572] /A << /S /GoTo /D (0:CHECKING-USERFILES) >> >> endobj 1261 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 364.668 522.316 375.572] /A << /S /GoTo /D (0:CHECKING-USERFILES) >> >> endobj 1262 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 351.716 346.788 362.62] /A << /S /GoTo /D (0:CHECKING-PROCESSES) >> >> endobj 1263 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 351.716 522.316 362.62] /A << /S /GoTo /D (0:CHECKING-PROCESSES) >> >> endobj 1264 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 338.765 265.105 349.669] /A << /S /GoTo /D (0:CHECKING-PORTS) >> >> endobj 1265 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 338.765 522.316 349.669] /A << /S /GoTo /D (0:CHECKING-PORTS) >> >> endobj 1266 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 325.813 278.962 336.717] /A << /S /GoTo /D (0:LOGMON-CHECK) >> >> endobj 1267 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 325.813 522.316 336.717] /A << /S /GoTo /D (0:LOGMON-CHECK) >> >> endobj 1268 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 314.919 205.051 323.766] /A << /S /GoTo /D (0:DATABASE) >> >> endobj 1269 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 314.919 522.316 323.766] /A << /S /GoTo /D (0:DATABASE) >> >> endobj 1270 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 301.968 226.091 310.814] /A << /S /GoTo /D (0:MISCELLANEOUS) >> >> endobj 1271 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 301.968 522.316 310.814] /A << /S /GoTo /D (0:MISCELLANEOUS) >> >> endobj 1272 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 288.897 202.291 297.863] /A << /S /GoTo /D (0:EXTERNAL) >> >> endobj 1273 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 288.897 522.316 297.863] /A << /S /GoTo /D (0:EXTERNAL) >> >> endobj 1274 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 275.945 196.771 284.912] /A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> >> endobj 1275 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 275.945 522.316 284.912] /A << /S /GoTo /D (0:CONFIGFILE-CLIENTS) >> >> endobj 1276 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 260.702 224.886 269.679] /A << /S /GoTo /D (0:DATABASE-FIELDS) >> >> endobj 1277 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 260.702 522.316 269.679] /A << /S /GoTo /D (0:DATABASE-FIELDS) >> >> endobj 1278 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 245.38 195.636 254.227] /A << /S /GoTo /D (0:GEN-DB-FIELDS) >> >> endobj 1279 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 245.38 522.316 254.227] /A << /S /GoTo /D (0:GEN-DB-FIELDS) >> >> endobj 1280 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 232.429 198.973 241.275] /A << /S /GoTo /D (0:MOD-DB-FIELDS) >> >> endobj 1281 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 232.429 522.316 241.275] /A << /S /GoTo /D (0:MOD-DB-FIELDS) >> >> endobj 1282 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [142.466 217.42 191.233 228.324] /A << /S /GoTo /D (0:SYS-DB-FIELDS) >> >> endobj 1283 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 217.42 522.316 228.324] /A << /S /GoTo /D (0:SYS-DB-FIELDS) >> >> endobj 1284 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 202.212 247.66 213.091] /A << /S /GoTo /D (0:FILETYPES-DEFINED) >> >> endobj 1285 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [505.38 202.212 522.316 213.091] /A << /S /GoTo /D (0:FILETYPES-DEFINED) >> >> endobj 1289 0 obj << /D [1287 0 R /XYZ -1.269 814.22 null] >> endobj 1286 0 obj << /Font << /F38 1036 0 R /F31 938 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1330 0 obj << /Length 748 /Filter /FlateDecode >> stream x}UMo0 Wh8v֡;mVbadHr׏(5I2%|s䝽xx<%D.+2p8ˣ4Lҝw`v}FI˪+ "uypKvmI}IS&GLەg%ITvSKm043.ntsjCw̐ q LB9[8\I'* LW۷#\(SutSd*@(%SύtV:%>)ѕx"SHT@G$,?c-Q]w;HJ }oα`GLH!(97T}⅙|ѡm%D&*֓ΪIW Ȍ1%ZgjsZLx59AM,n>\~BΝ"vz`64ia{PRdckK=#QD^wcx:d`Y㌼g;J;ȢɈ9K*H&L`4smuYW*)]Lc'*LnZUVC񬭦 -j藉JY q A.KCtЖ#у`p) y6)EQD8sq86y`"qJ0?Z:]ަEo /=|xw endstream endobj 1329 0 obj << /Type /Page /Contents 1330 0 R /Resources 1328 0 R /MediaBox [0 0 593.051 789.041] /Parent 933 0 R >> endobj 1037 0 obj << /D [1329 0 R /XYZ 71.731 718.306 null] >> endobj 10 0 obj << /D [1329 0 R /XYZ 298.58 703.236 null] >> endobj 1331 0 obj << /D [1329 0 R /XYZ 71.731 672.579 null] >> endobj 1332 0 obj << /D [1329 0 R /XYZ 71.731 672.579 null] >> endobj 1333 0 obj << /D [1329 0 R /XYZ 239.063 650.952 null] >> endobj 1334 0 obj << /D [1329 0 R /XYZ 71.731 615.919 null] >> endobj 1335 0 obj << /D [1329 0 R /XYZ 173.1 605.124 null] >> endobj 1336 0 obj << /D [1329 0 R /XYZ 71.731 570.09 null] >> endobj 1337 0 obj << /D [1329 0 R /XYZ 71.731 511.311 null] >> endobj 1338 0 obj << /D [1329 0 R /XYZ 278.085 500.516 null] >> endobj 1339 0 obj << /D [1329 0 R /XYZ 446.422 500.516 null] >> endobj 1328 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1344 0 obj << /Length 754 /Filter /FlateDecode >> stream xڭVn0+t(h>$JΡI-違), zIЏ/X2@ &e3{ػ0~^^oiQxD2bbF3D+ѿ^,qSjSB{MTv ?,|(0pbF73Bɲv Ҿ\(a2B"B´D`Vd3*[ peXANEUJx暁 ABt2A41͗LNXBHCo-f*z$Xng4?7wxĬ6n֭gDNi[Mj}Nuk7[&^6oԫSUَL c.C`p[iɽ{K25!{O,Ao8 dR@U$w!0 ~lD(e Q=*;{/Ned3f,74$%`hII@5Ec;9 }C,tQn %覦(KeXʢ+h|到Pm! ?N2޹@'C/r1]W_LroP'E8YC~5"5uȤRً{wVDڜHԛ嫪 u;7y#5NbUl!cbߑ8ZH;ge> endobj 1340 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [384.443 643.876 431.293 654.458] /A << /S /GoTo /D (0:INSTALLATION-CONFIGURE) >> >> endobj 1341 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [246.362 627.346 287.726 637.821] /A << /S /GoTo /D (0:YULE) >> >> endobj 1038 0 obj << /D [1343 0 R /XYZ 71.731 718.306 null] >> endobj 14 0 obj << /D [1343 0 R /XYZ 418.398 703.236 null] >> endobj 1345 0 obj << /D [1343 0 R /XYZ 71.731 692.184 null] >> endobj 1346 0 obj << /D [1343 0 R /XYZ 71.731 677.24 null] >> endobj 1348 0 obj << /D [1343 0 R /XYZ 71.731 639.891 null] >> endobj 1039 0 obj << /D [1343 0 R /XYZ 76.712 612.297 null] >> endobj 18 0 obj << /D [1343 0 R /XYZ 181.702 567.043 null] >> endobj 1349 0 obj << /D [1343 0 R /XYZ 71.731 546.902 null] >> endobj 1350 0 obj << /D [1343 0 R /XYZ 71.731 524.104 null] >> endobj 1351 0 obj << /D [1343 0 R /XYZ 135.691 512.547 null] >> endobj 1353 0 obj << /D [1343 0 R /XYZ 155.059 512.547 null] >> endobj 1355 0 obj << /D [1343 0 R /XYZ 71.731 458.051 null] >> endobj 1356 0 obj << /D [1343 0 R /XYZ 71.731 432.981 null] >> endobj 1357 0 obj << /D [1343 0 R /XYZ 135.691 423.481 null] >> endobj 1358 0 obj << /D [1343 0 R /XYZ 155.059 423.481 null] >> endobj 1359 0 obj << /D [1343 0 R /XYZ 135.691 411.825 null] >> endobj 1360 0 obj << /D [1343 0 R /XYZ 155.059 411.825 null] >> endobj 1361 0 obj << /D [1343 0 R /XYZ 135.691 400.169 null] >> endobj 1362 0 obj << /D [1343 0 R /XYZ 155.059 400.169 null] >> endobj 1363 0 obj << /D [1343 0 R /XYZ 135.691 388.512 null] >> endobj 1364 0 obj << /D [1343 0 R /XYZ 155.059 388.512 null] >> endobj 1365 0 obj << /D [1343 0 R /XYZ 71.731 334.017 null] >> endobj 1366 0 obj << /D [1343 0 R /XYZ 71.731 308.946 null] >> endobj 1367 0 obj << /D [1343 0 R /XYZ 135.691 299.446 null] >> endobj 1368 0 obj << /D [1343 0 R /XYZ 155.059 299.446 null] >> endobj 1369 0 obj << /D [1343 0 R /XYZ 71.731 244.951 null] >> endobj 1370 0 obj << /D [1343 0 R /XYZ 71.731 219.88 null] >> endobj 1371 0 obj << /D [1343 0 R /XYZ 135.691 210.38 null] >> endobj 1372 0 obj << /D [1343 0 R /XYZ 155.059 210.38 null] >> endobj 1373 0 obj << /D [1343 0 R /XYZ 71.731 155.885 null] >> endobj 1374 0 obj << /D [1343 0 R /XYZ 71.731 132.871 null] >> endobj 1375 0 obj << /D [1343 0 R /XYZ 135.691 121.314 null] >> endobj 1376 0 obj << /D [1343 0 R /XYZ 155.059 121.314 null] >> endobj 1377 0 obj << /D [1343 0 R /XYZ 71.731 48.817 null] >> endobj 1342 0 obj << /Font << /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1381 0 obj << /Length 1073 /Filter /FlateDecode >> stream xڵVM6С@%`MSVno],vAS9h%Z&".Iq}I%m7E{HI7oސN@tN$H IafqlK磻7 b@ pI_sR &\u;hB8 \D,6Z.h@otCg`Ofiά+3&3[{BwD1y1a6c cԙ$)T[8%&؛KΑҼ՗OZ3qwQsGgG"?GY`&G@>ҙbDzY;3v/Ra$J;$2 i"1eQf׵QR:]蟵6c0̏<,kuj!qUX.'.PsoP1 dݴ\KI_~Nc@T@r&D eǐ-NѦ4whgXǤ^G?~XO5 G:i21GD _-!o$`p%)iYKAoh4XCb4TJc[Gj^Ûxo=(;/llP7o1i(1oDlΦ_]6}y%15pdv{'Ev endstream endobj 1380 0 obj << /Type /Page /Contents 1381 0 R /Resources 1379 0 R /MediaBox [0 0 593.051 789.041] /Parent 1378 0 R >> endobj 1382 0 obj << /D [1380 0 R /XYZ -1.269 814.22 null] >> endobj 1383 0 obj << /D [1380 0 R /XYZ 71.731 741.22 null] >> endobj 1384 0 obj << /D [1380 0 R /XYZ 155.059 653.848 null] >> endobj 1385 0 obj << /D [1380 0 R /XYZ 71.731 599.352 null] >> endobj 1386 0 obj << /D [1380 0 R /XYZ 71.731 576.339 null] >> endobj 1387 0 obj << /D [1380 0 R /XYZ 135.691 564.782 null] >> endobj 1388 0 obj << /D [1380 0 R /XYZ 155.059 564.782 null] >> endobj 1389 0 obj << /D [1380 0 R /XYZ 71.731 510.286 null] >> endobj 1390 0 obj << /D [1380 0 R /XYZ 71.731 487.273 null] >> endobj 1391 0 obj << /D [1380 0 R /XYZ 135.691 475.716 null] >> endobj 1392 0 obj << /D [1380 0 R /XYZ 155.059 475.716 null] >> endobj 1040 0 obj << /D [1380 0 R /XYZ 71.731 439.9 null] >> endobj 22 0 obj << /D [1380 0 R /XYZ 220.023 394.646 null] >> endobj 1393 0 obj << /D [1380 0 R /XYZ 71.731 371.157 null] >> endobj 1394 0 obj << /D [1380 0 R /XYZ 71.731 371.157 null] >> endobj 1395 0 obj << /D [1380 0 R /XYZ 71.731 356.213 null] >> endobj 1396 0 obj << /D [1380 0 R /XYZ 71.731 346.726 null] >> endobj 1397 0 obj << /D [1380 0 R /XYZ 139.477 328.893 null] >> endobj 1398 0 obj << /D [1380 0 R /XYZ 139.477 328.893 null] >> endobj 1399 0 obj << /D [1380 0 R /XYZ 299.426 328.893 null] >> endobj 1400 0 obj << /D [1380 0 R /XYZ 172.114 315.941 null] >> endobj 1401 0 obj << /D [1380 0 R /XYZ 71.731 303.822 null] >> endobj 1402 0 obj << /D [1380 0 R /XYZ 71.731 290.87 null] >> endobj 1403 0 obj << /D [1380 0 R /XYZ 139.477 275.094 null] >> endobj 1404 0 obj << /D [1380 0 R /XYZ 191.223 275.094 null] >> endobj 1405 0 obj << /D [1380 0 R /XYZ 363.017 275.094 null] >> endobj 1406 0 obj << /D [1380 0 R /XYZ 353.821 262.143 null] >> endobj 1407 0 obj << /D [1380 0 R /XYZ 479.18 236.24 null] >> endobj 1408 0 obj << /D [1380 0 R /XYZ 204.692 223.289 null] >> endobj 1409 0 obj << /D [1380 0 R /XYZ 71.731 211.169 null] >> endobj 1410 0 obj << /D [1380 0 R /XYZ 71.731 198.776 null] >> endobj 1411 0 obj << /D [1380 0 R /XYZ 139.477 182.442 null] >> endobj 1412 0 obj << /D [1380 0 R /XYZ 483.035 182.442 null] >> endobj 1413 0 obj << /D [1380 0 R /XYZ 71.731 157.371 null] >> endobj 1414 0 obj << /D [1380 0 R /XYZ 71.731 144.977 null] >> endobj 1415 0 obj << /D [1380 0 R /XYZ 139.477 128.644 null] >> endobj 1379 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1418 0 obj << /Length 1567 /Filter /FlateDecode >> stream xڭX[o6~ϯl %Y;$.mL[Bu(<(m @J9;9Lˋz*f?Y `/| f78IQ0>sНD7Uq5bF{#Kg9b>wG+b˸-^"ުJJ[cK [ m=glq3H*ώ"u48V>&Gߕr,l"c-\eF OrNit\ ɡw)ߍQk`4 'R Dϵ`nj;Y7˞{$V2^((ku`uc> endobj 1419 0 obj << /D [1417 0 R /XYZ -1.269 814.22 null] >> endobj 1420 0 obj << /D [1417 0 R /XYZ 71.731 670.879 null] >> endobj 1421 0 obj << /D [1417 0 R /XYZ 139.477 654.545 null] >> endobj 1422 0 obj << /D [1417 0 R /XYZ 71.731 616.523 null] >> endobj 1423 0 obj << /D [1417 0 R /XYZ 71.731 604.13 null] >> endobj 1424 0 obj << /D [1417 0 R /XYZ 139.477 587.796 null] >> endobj 1041 0 obj << /D [1417 0 R /XYZ 71.731 516.812 null] >> endobj 26 0 obj << /D [1417 0 R /XYZ 283.599 471.558 null] >> endobj 1425 0 obj << /D [1417 0 R /XYZ 71.731 451.417 null] >> endobj 1426 0 obj << /D [1417 0 R /XYZ 210.699 438.681 null] >> endobj 1427 0 obj << /D [1417 0 R /XYZ 119.552 425.73 null] >> endobj 1428 0 obj << /D [1417 0 R /XYZ 423.947 425.73 null] >> endobj 1429 0 obj << /D [1417 0 R /XYZ 156.074 412.778 null] >> endobj 1430 0 obj << /D [1417 0 R /XYZ 347.605 399.827 null] >> endobj 1431 0 obj << /D [1417 0 R /XYZ 71.731 364.793 null] >> endobj 1432 0 obj << /D [1417 0 R /XYZ 339.036 353.998 null] >> endobj 1433 0 obj << /D [1417 0 R /XYZ 71.731 350.596 null] >> endobj 1434 0 obj << /D [1417 0 R /XYZ 137.484 333.575 null] >> endobj 1435 0 obj << /D [1417 0 R /XYZ 71.731 319.184 null] >> endobj 1436 0 obj << /D [1417 0 R /XYZ 137.484 302.691 null] >> endobj 1437 0 obj << /D [1417 0 R /XYZ 71.731 264.669 null] >> endobj 1438 0 obj << /D [1417 0 R /XYZ 71.731 264.669 null] >> endobj 1439 0 obj << /D [1417 0 R /XYZ 138.919 255.169 null] >> endobj 1440 0 obj << /D [1417 0 R /XYZ 71.731 254.076 null] >> endobj 1441 0 obj << /D [1417 0 R /XYZ 138.919 243.513 null] >> endobj 1442 0 obj << /D [1417 0 R /XYZ 71.731 177.361 null] >> endobj 1443 0 obj << /D [1417 0 R /XYZ 265.782 151.458 null] >> endobj 1444 0 obj << /D [1417 0 R /XYZ 319.191 151.458 null] >> endobj 1445 0 obj << /D [1417 0 R /XYZ 71.731 116.798 null] >> endobj 1416 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R /F51 1354 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1452 0 obj << /Length 1869 /Filter /FlateDecode >> stream xڭXM6@l` $A7IA"Ɂi[,CJm>Hq͛7C{[yEF؏"Hb" |Fb[|\:jG'>5EYT}˪X^|~VwHg&ģ> ByH`.ͥ 1zoeAshȩfF5M?ǯp eM)KY v:Z#ױ&oNE%zwʏsA*=h:W4Z~Zw@}BA`[ 6O/{\`6Bh?DTZ:KG~+$]ݞG^g1t(IDCcYOB?5jgro[^ahiRoi*u_pt!mBP ip$HEeHY8lz,#QWj*k$ eBߦ4ƵnN v.~c+֗8.F 季@jJYN%ifu^ub+/u"Gzę{Hq?7oY ١2򃲲Et>yw\$Q$%(^ɀu]͠.d qUw34 =K!̎1E*U.-^B,qcy׋sV>#V,Ge k?&S_(Pt}*Fnhpee=eaó~<ܹqR<˂)]$Q7^Lv9 XgZLYx9z P '9k \[!8wZG n|BɤC4&Yb$C(_^ 呹yV9DVtPp~tR3(E> ipZO`o?) S9Zh+ R8؀SBIOf1gJJFݜ^$7e!(}W,9^-uȪ^^ `xQgL)֬-xwveZÙ;Uyrr敬E[WB7v+يmKS5%Edv\ m?{W|>;ӄ$P64%7',jCUD7Ŭ}ٺЌS\idYz^O₰EjW|s^\pNcMl~YI[huhxA< x pn (RQqSw/(ZzRqqLP#,Op_#X>v*cmr˝< ,؆:51-_JAe"pLz^&WtY[$>ndt-dʭc'3 "ڂr={r :D_Y9+~ endstream endobj 1451 0 obj << /Type /Page /Contents 1452 0 R /Resources 1450 0 R /MediaBox [0 0 593.051 789.041] /Parent 1378 0 R /Annots [ 1446 0 R 1447 0 R 1448 0 R 1449 0 R ] >> endobj 1446 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [376.104 380.754 427.94 391.228] /A << /S /GoTo /D (0:LAYOUT) >> >> endobj 1447 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [230.672 340.804 289.985 351.278] /A << /S /GoTo /D (0:DEFTRUST) >> >> endobj 1448 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [186.749 263.822 237.718 274.726] /A << /S /GoTo /D (0:COMPILATION-OPTIONS) >> >> endobj 1449 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [354.836 178.014 396.199 188.489] /A << /S /GoTo /D (0:YULE) >> >> endobj 1453 0 obj << /D [1451 0 R /XYZ -1.269 814.22 null] >> endobj 1454 0 obj << /D [1451 0 R /XYZ 71.731 741.22 null] >> endobj 1455 0 obj << /D [1451 0 R /XYZ 71.731 718.306 null] >> endobj 1456 0 obj << /D [1451 0 R /XYZ 71.731 718.306 null] >> endobj 1457 0 obj << /D [1451 0 R /XYZ 138.919 708.344 null] >> endobj 1458 0 obj << /D [1451 0 R /XYZ 71.731 707.25 null] >> endobj 1459 0 obj << /D [1451 0 R /XYZ 138.919 696.687 null] >> endobj 1460 0 obj << /D [1451 0 R /XYZ 71.731 675.669 null] >> endobj 1461 0 obj << /D [1451 0 R /XYZ 71.731 651.691 null] >> endobj 1462 0 obj << /D [1451 0 R /XYZ 71.731 651.691 null] >> endobj 1463 0 obj << /D [1451 0 R /XYZ 138.919 642.192 null] >> endobj 1464 0 obj << /D [1451 0 R /XYZ 71.731 620.249 null] >> endobj 1465 0 obj << /D [1451 0 R /XYZ 262.066 609.315 null] >> endobj 1466 0 obj << /D [1451 0 R /XYZ 499.036 609.315 null] >> endobj 1467 0 obj << /D [1451 0 R /XYZ 71.731 584.244 null] >> endobj 1468 0 obj << /D [1451 0 R /XYZ 71.731 584.244 null] >> endobj 1469 0 obj << /D [1451 0 R /XYZ 138.919 574.745 null] >> endobj 1042 0 obj << /D [1451 0 R /XYZ 71.731 563.721 null] >> endobj 30 0 obj << /D [1451 0 R /XYZ 294.273 519.528 null] >> endobj 1470 0 obj << /D [1451 0 R /XYZ 71.731 495.772 null] >> endobj 1471 0 obj << /D [1451 0 R /XYZ 362.22 473.7 null] >> endobj 1472 0 obj << /D [1451 0 R /XYZ 156.632 460.748 null] >> endobj 1473 0 obj << /D [1451 0 R /XYZ 256.786 447.797 null] >> endobj 1474 0 obj << /D [1451 0 R /XYZ 312.147 434.845 null] >> endobj 1475 0 obj << /D [1451 0 R /XYZ 71.731 421.794 null] >> endobj 1476 0 obj << /D [1451 0 R /XYZ 71.731 406.85 null] >> endobj 1477 0 obj << /D [1451 0 R /XYZ 183.546 395.294 null] >> endobj 1478 0 obj << /D [1451 0 R /XYZ 240.688 383.637 null] >> endobj 1480 0 obj << /D [1451 0 R /XYZ 71.731 376.769 null] >> endobj 1481 0 obj << /D [1451 0 R /XYZ 153.922 367 null] >> endobj 1482 0 obj << /D [1451 0 R /XYZ 258.585 367 null] >> endobj 1483 0 obj << /D [1451 0 R /XYZ 139.477 343.687 null] >> endobj 1484 0 obj << /D [1451 0 R /XYZ 71.731 305.829 null] >> endobj 1485 0 obj << /D [1451 0 R /XYZ 214.106 292.878 null] >> endobj 1486 0 obj << /D [1451 0 R /XYZ 176.846 279.926 null] >> endobj 1487 0 obj << /D [1451 0 R /XYZ 71.731 244.893 null] >> endobj 1488 0 obj << /D [1451 0 R /XYZ 266.908 234.098 null] >> endobj 1489 0 obj << /D [1451 0 R /XYZ 71.731 221.979 null] >> endobj 1490 0 obj << /D [1451 0 R /XYZ 71.731 221.979 null] >> endobj 1491 0 obj << /D [1451 0 R /XYZ 138.919 212.479 null] >> endobj 1492 0 obj << /D [1451 0 R /XYZ 71.731 211.386 null] >> endobj 1493 0 obj << /D [1451 0 R /XYZ 71.731 191.461 null] >> endobj 1494 0 obj << /D [1451 0 R /XYZ 480.508 180.898 null] >> endobj 1495 0 obj << /D [1451 0 R /XYZ 232.986 157.585 null] >> endobj 1496 0 obj << /D [1451 0 R /XYZ 383.896 157.585 null] >> endobj 1450 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F51 1354 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1512 0 obj << /Length 1381 /Filter /FlateDecode >> stream xYMo8W@mI@ )큑iIT)i")KjR1y3fB's9 HB:E!B߉< ;sxb.0wYLIiIe44#E#v\@+Z/czW!Y'` FV-Qa| )sd#jؼmT^lDQF@'0L"ev D3Bh$eJ2mVuiE V}5Px[r+V|`n(AOrgex>D,1^ URyU8 !8& |T D↗TjF9i̸Nڪ2- ޏ3/ʭHJhJ ;XWhLޙ]6t #̤Mɠ͠$q!j6A9ԆDЯ]f';'Kf6j3Afਕݱ`wFi2,Rm̊3C*jij9]ӥ;oY1I||i%1h?)0w:iz[ Ϳx( 9zԁ;,~W`BXC<'IRdZx/2o tlM9qsCPzUQQbgT=yφ~/׺ks&T䝄kPBԪ&mjii JR M+3V俼ā)NAg;(8Vj>'z3J&zjV()1v 7uKyNA?kGJhM^B.:\7Cd9Ne+~?ԁ}/ꎔo^\L͆ p+1yx77;Ue)Ғ;ْ˞V%$-|l7m&p+kȲk8]{ d ՊI\_vU/R;f:">I : 2X^r=30e} ?N6|9xݲzS:IIwãʨ7,kӕG y@2EuyHv8p4?<LAGoCMA)LOe3KUmKd/C&{,z:+3_l睼@h zBSi𛾷>-z ~>w%uwc SIGsEbkIIMpNbHX ɺ ըjx"?q/6ϡSWN endstream endobj 1511 0 obj << /Type /Page /Contents 1512 0 R /Resources 1510 0 R /MediaBox [0 0 593.051 789.041] /Parent 1378 0 R /Annots [ 1498 0 R 1499 0 R 1500 0 R 1501 0 R 1502 0 R 1503 0 R 1504 0 R 1505 0 R 1506 0 R 1507 0 R 1508 0 R ] >> endobj 1498 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [346.588 431.796 393.412 442.809] /A << /S /GoTo /D (0:SUIDCHK) >> >> endobj 1499 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [405.446 400.912 457.252 411.816] /A << /S /GoTo /D (0:KERNELDEF) >> >> endobj 1500 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [374.722 370.027 426.528 381.041] /A << /S /GoTo /D (0:MONDEF) >> >> endobj 1501 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [445.675 339.143 497.481 350.047] /A << /S /GoTo /D (0:MOUNTCHECK) >> >> endobj 1502 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [442.756 308.259 494.561 319.163] /A << /S /GoTo /D (0:USERCHECK) >> >> endobj 1503 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [328.337 277.375 380.142 288.388] /A << /S /GoTo /D (0:SQLDETAILS) >> >> endobj 1504 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [351.849 246.491 398.673 257.504] /A << /S /GoTo /D (0:PRELUDEDETAILS) >> >> endobj 1505 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [302.883 215.607 343.888 226.62] /A << /S /GoTo /D (0:SIGNED-FILES) >> >> endobj 1506 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [305.709 202.655 346.715 213.669] /A << /S /GoTo /D (0:SIGNED-FILES) >> >> endobj 1507 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [471.428 171.771 512.434 182.675] /A << /S /GoTo /D (0:STEALTHMODE) >> >> endobj 1508 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [341.317 97.051 382.323 108.065] /A << /S /GoTo /D (0:YULE) >> >> endobj 1513 0 obj << /D [1511 0 R /XYZ -1.269 814.22 null] >> endobj 1514 0 obj << /D [1511 0 R /XYZ 71.731 663.348 null] >> endobj 1515 0 obj << /D [1511 0 R /XYZ 71.731 663.348 null] >> endobj 1516 0 obj << /D [1511 0 R /XYZ 138.919 653.848 null] >> endobj 1517 0 obj << /D [1511 0 R /XYZ 71.731 611.009 null] >> endobj 1518 0 obj << /D [1511 0 R /XYZ 248.487 598.057 null] >> endobj 1519 0 obj << /D [1511 0 R /XYZ 71.731 585.938 null] >> endobj 1520 0 obj << /D [1511 0 R /XYZ 71.731 585.938 null] >> endobj 1521 0 obj << /D [1511 0 R /XYZ 138.919 576.438 null] >> endobj 1522 0 obj << /D [1511 0 R /XYZ 76.712 553.524 null] >> endobj 34 0 obj << /D [1511 0 R /XYZ 388.999 514.152 null] >> endobj 1523 0 obj << /D [1511 0 R /XYZ 71.731 491.035 null] >> endobj 1524 0 obj << /D [1511 0 R /XYZ 71.731 453.216 null] >> endobj 1525 0 obj << /D [1511 0 R /XYZ 71.731 451.97 null] >> endobj 1526 0 obj << /D [1511 0 R /XYZ 129.514 434.949 null] >> endobj 1527 0 obj << /D [1511 0 R /XYZ 419.614 434.949 null] >> endobj 1528 0 obj << /D [1511 0 R /XYZ 71.731 421.878 null] >> endobj 1529 0 obj << /D [1511 0 R /XYZ 129.514 404.065 null] >> endobj 1530 0 obj << /D [1511 0 R /XYZ 129.514 391.113 null] >> endobj 1531 0 obj << /D [1511 0 R /XYZ 241.274 391.113 null] >> endobj 1533 0 obj << /D [1511 0 R /XYZ 71.731 389.091 null] >> endobj 1534 0 obj << /D [1511 0 R /XYZ 129.514 373.181 null] >> endobj 1535 0 obj << /D [1511 0 R /XYZ 452.729 373.181 null] >> endobj 1536 0 obj << /D [1511 0 R /XYZ 71.731 358.207 null] >> endobj 1537 0 obj << /D [1511 0 R /XYZ 129.514 342.296 null] >> endobj 1538 0 obj << /D [1511 0 R /XYZ 129.514 329.345 null] >> endobj 1539 0 obj << /D [1511 0 R /XYZ 71.731 327.323 null] >> endobj 1540 0 obj << /D [1511 0 R /XYZ 129.514 311.412 null] >> endobj 1541 0 obj << /D [1511 0 R /XYZ 129.514 298.461 null] >> endobj 1542 0 obj << /D [1511 0 R /XYZ 71.731 296.438 null] >> endobj 1543 0 obj << /D [1511 0 R /XYZ 129.514 280.528 null] >> endobj 1544 0 obj << /D [1511 0 R /XYZ 406.344 280.528 null] >> endobj 1545 0 obj << /D [1511 0 R /XYZ 273.822 267.577 null] >> endobj 1546 0 obj << /D [1511 0 R /XYZ 71.731 265.554 null] >> endobj 1547 0 obj << /D [1511 0 R /XYZ 129.514 249.644 null] >> endobj 1548 0 obj << /D [1511 0 R /XYZ 424.874 249.644 null] >> endobj 1549 0 obj << /D [1511 0 R /XYZ 71.731 234.67 null] >> endobj 1550 0 obj << /D [1511 0 R /XYZ 129.514 218.76 null] >> endobj 1551 0 obj << /D [1511 0 R /XYZ 370.09 218.76 null] >> endobj 1552 0 obj << /D [1511 0 R /XYZ 179.466 205.808 null] >> endobj 1553 0 obj << /D [1511 0 R /XYZ 402.658 192.857 null] >> endobj 1554 0 obj << /D [1511 0 R /XYZ 71.731 190.7 null] >> endobj 1555 0 obj << /D [1511 0 R /XYZ 129.514 174.924 null] >> endobj 1556 0 obj << /D [1511 0 R /XYZ 71.731 159.816 null] >> endobj 1557 0 obj << /D [1511 0 R /XYZ 129.514 144.04 null] >> endobj 1558 0 obj << /D [1511 0 R /XYZ 258.45 144.04 null] >> endobj 1559 0 obj << /D [1511 0 R /XYZ 450.747 144.04 null] >> endobj 1560 0 obj << /D [1511 0 R /XYZ 71.731 130.969 null] >> endobj 1561 0 obj << /D [1511 0 R /XYZ 129.514 113.156 null] >> endobj 1562 0 obj << /D [1511 0 R /XYZ 256.398 113.156 null] >> endobj 1563 0 obj << /D [1511 0 R /XYZ 450.617 113.156 null] >> endobj 1510 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F25 932 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1567 0 obj << /Length 1247 /Filter /FlateDecode >> stream xڭWM6СHm⊔C& qIL[J Rl?HJ,g63o޼ W/wW7ae Q^ ^"FWni>*Ibz%Wϻ7W9Js|M@>'JB5'5VDNDln3gDY*WT7eU,?v(^%\߈ }:}A qg05ւka"6gSS*:H9O"YLeE =DBg6<`cŨuX`/20 .Slç 8!|x-ޑ٬~k!Gȃ @0 "i2Ϗ3B"ŏ$]{+%^q@1^ֵ9L_`՟mp]`K!wu^kxlյO:(RY$0c#0Nlj|OE 1톐<Wk]1Q;Iʘ5U Ǯ"SJ9v?"kUHeUk:^=heBIB5.àg\Ux%k99CnvNL`AZ$A`Dt"@Sޞɂ:L:N;3Fф{ X穼ng=d3;.O9X3ܲKBAݾ}Fx43{;ҩmj&d_b:=$8c[9mЯBXVPIPDu+%2ZBds^)1rjP(ZņВH {)Ӓ%M$!R>=q ܟ%Nn CYUFZ"RK?jCsb> endobj 1509 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [315.794 692.359 362.618 703.143] /A << /S /GoTo /D (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) >> >> endobj 1564 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [338.667 382.576 390.473 393.48] /A << /S /GoTo /D (0:NATIVE-PACKAGES) >> >> endobj 1568 0 obj << /D [1566 0 R /XYZ -1.269 814.22 null] >> endobj 1569 0 obj << /D [1566 0 R /XYZ 207.112 708.344 null] >> endobj 1043 0 obj << /D [1566 0 R /XYZ 71.731 678.411 null] >> endobj 38 0 obj << /D [1566 0 R /XYZ 148.27 635.194 null] >> endobj 1570 0 obj << /D [1566 0 R /XYZ 71.731 615.054 null] >> endobj 1571 0 obj << /D [1566 0 R /XYZ 270.156 602.317 null] >> endobj 1572 0 obj << /D [1566 0 R /XYZ 71.731 590.198 null] >> endobj 1573 0 obj << /D [1566 0 R /XYZ 71.731 590.198 null] >> endobj 1574 0 obj << /D [1566 0 R /XYZ 138.919 580.698 null] >> endobj 1575 0 obj << /D [1566 0 R /XYZ 71.731 537.859 null] >> endobj 1576 0 obj << /D [1566 0 R /XYZ 255.65 524.908 null] >> endobj 1577 0 obj << /D [1566 0 R /XYZ 371.425 524.908 null] >> endobj 1578 0 obj << /D [1566 0 R /XYZ 250.081 511.956 null] >> endobj 1579 0 obj << /D [1566 0 R /XYZ 71.731 489.874 null] >> endobj 1580 0 obj << /D [1566 0 R /XYZ 185.115 466.128 null] >> endobj 1581 0 obj << /D [1566 0 R /XYZ 307.714 453.177 null] >> endobj 1582 0 obj << /D [1566 0 R /XYZ 71.731 441.057 null] >> endobj 1583 0 obj << /D [1566 0 R /XYZ 71.731 441.057 null] >> endobj 1584 0 obj << /D [1566 0 R /XYZ 138.919 431.558 null] >> endobj 1585 0 obj << /D [1566 0 R /XYZ 71.731 409.615 null] >> endobj 1586 0 obj << /D [1566 0 R /XYZ 71.731 363.647 null] >> endobj 1587 0 obj << /D [1566 0 R /XYZ 71.731 340.733 null] >> endobj 1588 0 obj << /D [1566 0 R /XYZ 71.731 340.733 null] >> endobj 1589 0 obj << /D [1566 0 R /XYZ 138.919 331.234 null] >> endobj 1590 0 obj << /D [1566 0 R /XYZ 71.731 309.291 null] >> endobj 1591 0 obj << /D [1566 0 R /XYZ 119.552 285.406 null] >> endobj 1592 0 obj << /D [1566 0 R /XYZ 71.731 260.335 null] >> endobj 1593 0 obj << /D [1566 0 R /XYZ 71.731 260.335 null] >> endobj 1594 0 obj << /D [1566 0 R /XYZ 138.919 250.835 null] >> endobj 1044 0 obj << /D [1566 0 R /XYZ 71.731 239.812 null] >> endobj 42 0 obj << /D [1566 0 R /XYZ 154.983 195.618 null] >> endobj 1595 0 obj << /D [1566 0 R /XYZ 71.731 175.478 null] >> endobj 1596 0 obj << /D [1566 0 R /XYZ 71.731 150.622 null] >> endobj 1597 0 obj << /D [1566 0 R /XYZ 71.731 150.622 null] >> endobj 1598 0 obj << /D [1566 0 R /XYZ 138.919 141.123 null] >> endobj 1599 0 obj << /D [1566 0 R /XYZ 71.731 120.136 null] >> endobj 1565 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R /F51 1354 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1602 0 obj << /Length 1438 /Filter /FlateDecode >> stream xڽXK6С9X1"CM-6zI\XJIw(nI{M 9;[w\X^<}NFrIL8t4br|t_xX仌KYT>/'/fu݋_/|TzH&ħ !(zmA#WچEm.{Y7** JռeVe 4>,N8F!%[ugʍ}d1abmjZ8!i;e$aGJV ow1fY9w\[oxsqmkF"}tM,rve祏Q^!^_!w- n{rnƧShh|$z\u(rAYKO'B> \C=Y~n:jY7BihM,M 1Ix ͑'R {⚗9PycâY2Ŗ+<ğmNiĕ;nm#  @nDه-u# IiPc(_@vOQVBSzRbΙP O&Fk;_\1+Y~}hBFhSsVډs]lt >&)DXGS4`X8ND,"v}Xd<*{'u%+[8r]L6D^ӱ=0a- k48gib@L"IC@Ԁx ͐xPhhc.YАa̺v zHLΏ$upwzfc Ge={ekܥE}JoӪØ c՞}%81!L+w|>,#Ȇp_Y^]i- zh8 buъIͪW:S"p1R6StX7nJL ZFHu2)L'ǃBͲ` T-Ngj?OFV3|QG:#Fzn<;O|隋ҽgrcu̓A1٘?nFY?|d5-+ӃHAkC3uLQT8ݮi[+SU[`bq(?$2 [jy>}m<=s=[2C[3#cAXǂz4˪E5_Avl&r+}xwf,S,rhp #!,W> | A?2̅(&*<<c" 3N 9hT1TNNZ^Z1 endstream endobj 1601 0 obj << /Type /Page /Contents 1602 0 R /Resources 1600 0 R /MediaBox [0 0 593.051 789.041] /Parent 1650 0 R >> endobj 1603 0 obj << /D [1601 0 R /XYZ -1.269 814.22 null] >> endobj 1604 0 obj << /D [1601 0 R /XYZ 71.731 718.306 null] >> endobj 1605 0 obj << /D [1601 0 R /XYZ 461.157 708.344 null] >> endobj 1606 0 obj << /D [1601 0 R /XYZ 290.509 682.441 null] >> endobj 1607 0 obj << /D [1601 0 R /XYZ 71.731 660.359 null] >> endobj 1608 0 obj << /D [1601 0 R /XYZ 296.666 649.564 null] >> endobj 1609 0 obj << /D [1601 0 R /XYZ 199.78 636.613 null] >> endobj 1610 0 obj << /D [1601 0 R /XYZ 311.879 623.661 null] >> endobj 1611 0 obj << /D [1601 0 R /XYZ 471.917 623.661 null] >> endobj 1612 0 obj << /D [1601 0 R /XYZ 71.731 586.013 null] >> endobj 1613 0 obj << /D [1601 0 R /XYZ 71.731 586.013 null] >> endobj 1614 0 obj << /D [1601 0 R /XYZ 138.919 576.139 null] >> endobj 1615 0 obj << /D [1601 0 R /XYZ 71.731 575.078 null] >> endobj 46 0 obj << /D [1601 0 R /XYZ 318.287 536.767 null] >> endobj 1616 0 obj << /D [1601 0 R /XYZ 71.731 523.613 null] >> endobj 1617 0 obj << /D [1601 0 R /XYZ 71.731 523.613 null] >> endobj 1618 0 obj << /D [1601 0 R /XYZ 138.919 515.148 null] >> endobj 1619 0 obj << /D [1601 0 R /XYZ 71.731 494.162 null] >> endobj 1620 0 obj << /D [1601 0 R /XYZ 71.731 457.201 null] >> endobj 1621 0 obj << /D [1601 0 R /XYZ 71.731 457.201 null] >> endobj 1622 0 obj << /D [1601 0 R /XYZ 148.603 447.701 null] >> endobj 1623 0 obj << /D [1601 0 R /XYZ 71.731 426.715 null] >> endobj 1624 0 obj << /D [1601 0 R /XYZ 166.315 414.824 null] >> endobj 1625 0 obj << /D [1601 0 R /XYZ 71.731 390.127 null] >> endobj 1626 0 obj << /D [1601 0 R /XYZ 71.731 390.127 null] >> endobj 1627 0 obj << /D [1601 0 R /XYZ 138.919 380.254 null] >> endobj 1628 0 obj << /D [1601 0 R /XYZ 71.731 359.268 null] >> endobj 1629 0 obj << /D [1601 0 R /XYZ 71.731 322.306 null] >> endobj 1630 0 obj << /D [1601 0 R /XYZ 71.731 322.306 null] >> endobj 1631 0 obj << /D [1601 0 R /XYZ 138.919 312.807 null] >> endobj 1632 0 obj << /D [1601 0 R /XYZ 71.731 291.821 null] >> endobj 1633 0 obj << /D [1601 0 R /XYZ 71.731 267.811 null] >> endobj 1634 0 obj << /D [1601 0 R /XYZ 71.731 267.811 null] >> endobj 1635 0 obj << /D [1601 0 R /XYZ 138.919 258.311 null] >> endobj 1636 0 obj << /D [1601 0 R /XYZ 71.731 237.293 null] >> endobj 1637 0 obj << /D [1601 0 R /XYZ 133.111 225.435 null] >> endobj 1638 0 obj << /D [1601 0 R /XYZ 71.731 213.315 null] >> endobj 1639 0 obj << /D [1601 0 R /XYZ 71.731 213.315 null] >> endobj 1640 0 obj << /D [1601 0 R /XYZ 138.919 203.816 null] >> endobj 1641 0 obj << /D [1601 0 R /XYZ 71.731 182.829 null] >> endobj 1642 0 obj << /D [1601 0 R /XYZ 71.731 168.782 null] >> endobj 1643 0 obj << /D [1601 0 R /XYZ 71.731 153.838 null] >> endobj 1644 0 obj << /D [1601 0 R /XYZ 252.568 144.339 null] >> endobj 1645 0 obj << /D [1601 0 R /XYZ 71.731 122.617 null] >> endobj 1646 0 obj << /D [1601 0 R /XYZ 71.731 122.617 null] >> endobj 1647 0 obj << /D [1601 0 R /XYZ 156.908 112.229 null] >> endobj 1648 0 obj << /D [1601 0 R /XYZ 71.731 111.245 null] >> endobj 1649 0 obj << /D [1601 0 R /XYZ 156.908 101.739 null] >> endobj 1600 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F51 1354 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1655 0 obj << /Length 1710 /Filter /FlateDecode >> stream xڭXMo6WlD}P 49ꞒwZ!%NDIKro޼9mn&#YLq$1pO7%w{y[JF4]UWɼ0U+x塩w4 ~jC I %?IoDS [WaBRXמ&Y.YS5<>V4O?`C6j?{= =SKm]h{VzA>KygM O;s_X SYb߬l2 >%״5+w0zud o%"BgF%DܙzC|e $Ii. p8A8s#aɜ3b>p˼BH>4ұ(aD>Ggk!Vp^brpOC[ 3m$-C])nƣڂ矅ΧyVB1GKdSI ,cW4l:V'͙5†Łg f}`J>ԕLdc(ȣ!).ϲD?=U^.d춨z+WVdьᖟ<77q5E KO.-/t,G,_)r%4%^أrߺZɦj3ͧ/%w6i\v)`BYAȱrdzBy:7v>-d=Ng|)n{ޗu^'_ cKv?lfBoxxȒםK]V[Ъ1[jɪ&I$՜RPߗJE~:c!9gb/ώ)B.덀GWWB8,ڵR,̵oF@C'ى˵ WCgp;﹄5o!TCVv!ֶMЂܱGc @ f8YiG(E:LAxNp[O_Kؘ Nh vͳ`z\ϩNJ;!?\= z,P3p%؋fq4,)v=K[峣 KWW Tsg-[DqJk^Q_:(33~0]FnNcB3ީcERkRn˒LwjY} 71n10k j B~s}'([\A:"Eʽh0ux+s wyY*S6nC(rƿ-lCHVKS~uCcGtC@e#=Vw]4%T~ɉ&M޾GVB&=O,{,* Oт8Aۃo{3LLIeNdzTIw>VY ЫJT) R>)ca^ˈ0cSuT^!Evd#7lo͹X2r~1ot + nO)}`-m2;JZx4$~X QYLtF3> endobj 1651 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [402.957 476.711 454.762 487.615] /A << /S /GoTo /D (0:LAYOUT) >> >> endobj 1652 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [302.633 396.313 353.054 407.217] /A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> >> endobj 1656 0 obj << /D [1654 0 R /XYZ -1.269 814.22 null] >> endobj 1045 0 obj << /D [1654 0 R /XYZ 71.731 670.486 null] >> endobj 50 0 obj << /D [1654 0 R /XYZ 192.444 625.231 null] >> endobj 1657 0 obj << /D [1654 0 R /XYZ 71.731 605.091 null] >> endobj 1658 0 obj << /D [1654 0 R /XYZ 71.731 605.091 null] >> endobj 1659 0 obj << /D [1654 0 R /XYZ 429.516 592.355 null] >> endobj 1660 0 obj << /D [1654 0 R /XYZ 119.552 579.403 null] >> endobj 1661 0 obj << /D [1654 0 R /XYZ 215.99 579.403 null] >> endobj 1662 0 obj << /D [1654 0 R /XYZ 312.428 579.403 null] >> endobj 1663 0 obj << /D [1654 0 R /XYZ 431.95 579.403 null] >> endobj 1664 0 obj << /D [1654 0 R /XYZ 119.552 553.5 null] >> endobj 1665 0 obj << /D [1654 0 R /XYZ 381.806 540.549 null] >> endobj 1666 0 obj << /D [1654 0 R /XYZ 71.731 534.949 null] >> endobj 1667 0 obj << /D [1654 0 R /XYZ 129.514 515.73 null] >> endobj 1668 0 obj << /D [1654 0 R /XYZ 71.731 515.63 null] >> endobj 1669 0 obj << /D [1654 0 R /XYZ 129.514 497.797 null] >> endobj 1670 0 obj << /D [1654 0 R /XYZ 307.614 479.865 null] >> endobj 1671 0 obj << /D [1654 0 R /XYZ 71.731 454.794 null] >> endobj 1672 0 obj << /D [1654 0 R /XYZ 71.731 454.794 null] >> endobj 1673 0 obj << /D [1654 0 R /XYZ 138.919 445.294 null] >> endobj 1674 0 obj << /D [1654 0 R /XYZ 71.731 424.308 null] >> endobj 1675 0 obj << /D [1654 0 R /XYZ 71.731 377.384 null] >> endobj 1676 0 obj << /D [1654 0 R /XYZ 371.675 366.589 null] >> endobj 1046 0 obj << /D [1654 0 R /XYZ 71.731 350.236 null] >> endobj 54 0 obj << /D [1654 0 R /XYZ 357.038 307.138 null] >> endobj 1677 0 obj << /D [1654 0 R /XYZ 71.731 286.998 null] >> endobj 1678 0 obj << /D [1654 0 R /XYZ 71.731 286.998 null] >> endobj 1679 0 obj << /D [1654 0 R /XYZ 71.731 236.239 null] >> endobj 1680 0 obj << /D [1654 0 R /XYZ 71.731 236.239 null] >> endobj 1681 0 obj << /D [1654 0 R /XYZ 138.919 226.74 null] >> endobj 1682 0 obj << /D [1654 0 R /XYZ 71.731 205.721 null] >> endobj 1683 0 obj << /D [1654 0 R /XYZ 143.073 193.863 null] >> endobj 1684 0 obj << /D [1654 0 R /XYZ 71.731 171.781 null] >> endobj 1685 0 obj << /D [1654 0 R /XYZ 254.693 160.986 null] >> endobj 1686 0 obj << /D [1654 0 R /XYZ 337.173 160.986 null] >> endobj 1687 0 obj << /D [1654 0 R /XYZ 206.993 148.035 null] >> endobj 1688 0 obj << /D [1654 0 R /XYZ 71.731 132.927 null] >> endobj 1689 0 obj << /D [1654 0 R /XYZ 71.731 117.983 null] >> endobj 1690 0 obj << /D [1654 0 R /XYZ 274.141 108.483 null] >> endobj 1691 0 obj << /D [1654 0 R /XYZ 434.439 108.483 null] >> endobj 1653 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F38 1036 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1695 0 obj << /Length 1639 /Filter /FlateDecode >> stream xXK6KR9IHOEcEBGE)[wHeI>z뉤LoCaEW?UN'~ hd1_mǣh{m5'vTmy*]V8rCQW'aJh$"1ͬ"%(kf렷ZCMd9,~uMX`< %2\lX&'y=du|$0r]c$Sk7J w{;7,lO"Q};6|j MF3ʼn cY$$Ek@A28j9Mԅż}{_P_Q2cx^z=zcϩ[TQc u4ݽy[t_Qx3xtx%ڗS^Mh=#Ad%O $ɢ]:!>SWU`,d≧\g.rgJ<]Q4fjIRx}[X|y4k^;.QSwӓtH#nWe1M6'3@1QzvE&{*Y=5w FksWLrif/n\Ԟ4zaBcE68AS_+?ɠ% Ҙpى7> endstream endobj 1694 0 obj << /Type /Page /Contents 1695 0 R /Resources 1693 0 R /MediaBox [0 0 593.051 789.041] /Parent 1650 0 R /Annots [ 1692 0 R ] >> endobj 1692 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [458.059 240.206 504.883 251.11] /A << /S /GoTo /D (0:TRUSTEDEXAMPLE) >> >> endobj 1696 0 obj << /D [1694 0 R /XYZ -1.269 814.22 null] >> endobj 1697 0 obj << /D [1694 0 R /XYZ 139.477 708.344 null] >> endobj 1698 0 obj << /D [1694 0 R /XYZ 247.932 696.687 null] >> endobj 1047 0 obj << /D [1694 0 R /XYZ 71.731 668.792 null] >> endobj 58 0 obj << /D [1694 0 R /XYZ 213.326 623.538 null] >> endobj 1699 0 obj << /D [1694 0 R /XYZ 71.731 603.397 null] >> endobj 1700 0 obj << /D [1694 0 R /XYZ 388.759 590.661 null] >> endobj 1701 0 obj << /D [1694 0 R /XYZ 71.731 565.59 null] >> endobj 1702 0 obj << /D [1694 0 R /XYZ 71.731 565.59 null] >> endobj 1703 0 obj << /D [1694 0 R /XYZ 138.919 556.091 null] >> endobj 1704 0 obj << /D [1694 0 R /XYZ 71.731 535.104 null] >> endobj 1705 0 obj << /D [1694 0 R /XYZ 148.085 523.214 null] >> endobj 1706 0 obj << /D [1694 0 R /XYZ 71.731 508.106 null] >> endobj 1707 0 obj << /D [1694 0 R /XYZ 71.731 493.162 null] >> endobj 1708 0 obj << /D [1694 0 R /XYZ 139.477 472.006 null] >> endobj 1048 0 obj << /D [1694 0 R /XYZ 71.731 432.454 null] >> endobj 62 0 obj << /D [1694 0 R /XYZ 322.763 387.2 null] >> endobj 1709 0 obj << /D [1694 0 R /XYZ 71.731 383.636 null] >> endobj 1710 0 obj << /D [1694 0 R /XYZ 71.731 368.693 null] >> endobj 1711 0 obj << /D [1694 0 R /XYZ 158.405 360.6 null] >> endobj 1712 0 obj << /D [1694 0 R /XYZ 266.412 360.6 null] >> endobj 1713 0 obj << /D [1694 0 R /XYZ 230.305 337.287 null] >> endobj 1497 0 obj << /D [1694 0 R /XYZ 76.712 319.354 null] >> endobj 66 0 obj << /D [1694 0 R /XYZ 385.269 279.982 null] >> endobj 1714 0 obj << /D [1694 0 R /XYZ 71.731 277.012 null] >> endobj 1715 0 obj << /D [1694 0 R /XYZ 71.731 274.143 null] >> endobj 1716 0 obj << /D [1694 0 R /XYZ 129.514 256.311 null] >> endobj 1717 0 obj << /D [1694 0 R /XYZ 129.514 256.311 null] >> endobj 1718 0 obj << /D [1694 0 R /XYZ 199.979 256.311 null] >> endobj 1719 0 obj << /D [1694 0 R /XYZ 250.35 256.311 null] >> endobj 1720 0 obj << /D [1694 0 R /XYZ 71.731 223.27 null] >> endobj 1721 0 obj << /D [1694 0 R /XYZ 71.731 223.27 null] >> endobj 1722 0 obj << /D [1694 0 R /XYZ 153.724 213.77 null] >> endobj 1723 0 obj << /D [1694 0 R /XYZ 71.731 212.677 null] >> endobj 1724 0 obj << /D [1694 0 R /XYZ 129.514 195.838 null] >> endobj 1725 0 obj << /D [1694 0 R /XYZ 139.198 195.838 null] >> endobj 1726 0 obj << /D [1694 0 R /XYZ 423.11 195.838 null] >> endobj 1727 0 obj << /D [1694 0 R /XYZ 71.731 160.804 null] >> endobj 1728 0 obj << /D [1694 0 R /XYZ 339.534 137.058 null] >> endobj 1729 0 obj << /D [1694 0 R /XYZ 389.905 137.058 null] >> endobj 1730 0 obj << /D [1694 0 R /XYZ 71.731 121.95 null] >> endobj 1693 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1733 0 obj << /Length 2127 /Filter /FlateDecode >> stream xڵZ[~_#TI-ޔv*ەHb"2j |-Nf'x?16IPhx00(C:Y'MݦFVxJ~[Ysk3ȊIs?` 5$08eXsȿ͟xzcvS(On̨|6͌iUv'wKY&+e%BY&$B\6F"(!ދ]:cxz4a -l}YT~p* ݾ9x?tM3KʃI@<PVfOJ@IӺ~YEφq_t5C-m&35312_ m\&+]S NP% eQhEjmF8֤a!TEi GGTLӖwY%W*;SU~yh]FZ+gQ,'&tZsYjsVW=`G3zf^0dLizv4yzTXke{Y d(GU;_gTϿ^b)Ielk>,P'8B!w4sȐHɩmi L@#dK}D`H.iby_[@s(",,ҥJs.A7ZԙI^>}^;LϭS&(Hh Ҕ]δȏΠl\mּ4BĘ&TO^*83Om&E|n^`U=b>OW.ԗ`4z)~vG#J{'U9z\5Y / O+șH{KKn< WKEY]z;)J㤽cQ"Z`EAn?ʴ/D~W [:m[0ÄU9V}g[b\b?ӿF+xB aPd{q>`F k`󈜇|զ=+v D#{CHyO藬S6u;؈殈w&#K1+>y=uGm=`QR-N/y8`Cp \0K,vlJpj<aB*u9aT+Bx7pn jDWmY!Q ~o=i~Vl=+:%-p`s؁hCӋ5^ਥM7dqlϰKmZ8^;\P0vPo*=;Ԉ.(#m%nGmxO`l }P#`F7QJD-3.# ErHv\PZ ^(;V(Ix]4`? 68M&`7&GuD[$^nT,Ԥ`'$DP.;T_̍Pҿ+3UCUQވδfDbt$y_Ho^_ >M°MTUW` ?Ė endstream endobj 1732 0 obj << /Type /Page /Contents 1733 0 R /Resources 1731 0 R /MediaBox [0 0 593.051 789.041] /Parent 1650 0 R >> endobj 1734 0 obj << /D [1732 0 R /XYZ -1.269 814.22 null] >> endobj 1735 0 obj << /D [1732 0 R /XYZ 71.731 718.306 null] >> endobj 1736 0 obj << /D [1732 0 R /XYZ 280.893 708.344 null] >> endobj 1737 0 obj << /D [1732 0 R /XYZ 469.678 708.344 null] >> endobj 1738 0 obj << /D [1732 0 R /XYZ 165.21 696.687 null] >> endobj 1739 0 obj << /D [1732 0 R /XYZ 410.832 696.687 null] >> endobj 1740 0 obj << /D [1732 0 R /XYZ 71.731 657.136 null] >> endobj 70 0 obj << /D [1732 0 R /XYZ 276.124 617.763 null] >> endobj 1741 0 obj << /D [1732 0 R /XYZ 71.731 594.869 null] >> endobj 1742 0 obj << /D [1732 0 R /XYZ 71.731 594.869 null] >> endobj 1743 0 obj << /D [1732 0 R /XYZ 312.835 571.935 null] >> endobj 1744 0 obj << /D [1732 0 R /XYZ 71.731 569.778 null] >> endobj 1745 0 obj << /D [1732 0 R /XYZ 71.731 554.834 null] >> endobj 1746 0 obj << /D [1732 0 R /XYZ 232.663 545.335 null] >> endobj 1747 0 obj << /D [1732 0 R /XYZ 375.818 545.335 null] >> endobj 1748 0 obj << /D [1732 0 R /XYZ 274.814 533.679 null] >> endobj 1749 0 obj << /D [1732 0 R /XYZ 402.928 533.679 null] >> endobj 1750 0 obj << /D [1732 0 R /XYZ 139.477 522.022 null] >> endobj 1751 0 obj << /D [1732 0 R /XYZ 76.712 505.385 null] >> endobj 1752 0 obj << /D [1732 0 R /XYZ 71.731 485.46 null] >> endobj 1753 0 obj << /D [1732 0 R /XYZ 195.507 473.803 null] >> endobj 1754 0 obj << /D [1732 0 R /XYZ 275.827 473.803 null] >> endobj 1755 0 obj << /D [1732 0 R /XYZ 330.785 473.803 null] >> endobj 1756 0 obj << /D [1732 0 R /XYZ 71.731 435.945 null] >> endobj 1757 0 obj << /D [1732 0 R /XYZ 378.976 422.994 null] >> endobj 1758 0 obj << /D [1732 0 R /XYZ 463.439 422.994 null] >> endobj 1759 0 obj << /D [1732 0 R /XYZ 71.731 420.837 null] >> endobj 1760 0 obj << /D [1732 0 R /XYZ 71.731 409.629 null] >> endobj 1761 0 obj << /D [1732 0 R /XYZ 71.731 409.629 null] >> endobj 1762 0 obj << /D [1732 0 R /XYZ 71.731 251.223 null] >> endobj 1763 0 obj << /D [1732 0 R /XYZ 299.405 241.261 null] >> endobj 1765 0 obj << /D [1732 0 R /XYZ 129.793 228.309 null] >> endobj 1766 0 obj << /D [1732 0 R /XYZ 344.51 228.309 null] >> endobj 1767 0 obj << /D [1732 0 R /XYZ 157.19 215.358 null] >> endobj 1768 0 obj << /D [1732 0 R /XYZ 296.934 215.358 null] >> endobj 1769 0 obj << /D [1732 0 R /XYZ 71.731 193.276 null] >> endobj 1770 0 obj << /D [1732 0 R /XYZ 370.857 182.481 null] >> endobj 1771 0 obj << /D [1732 0 R /XYZ 499.753 182.481 null] >> endobj 1772 0 obj << /D [1732 0 R /XYZ 71.731 179.079 null] >> endobj 1773 0 obj << /D [1732 0 R /XYZ 129.514 162.058 null] >> endobj 1774 0 obj << /D [1732 0 R /XYZ 129.514 162.058 null] >> endobj 1775 0 obj << /D [1732 0 R /XYZ 71.731 159.901 null] >> endobj 1776 0 obj << /D [1732 0 R /XYZ 129.514 144.125 null] >> endobj 1777 0 obj << /D [1732 0 R /XYZ 129.514 144.125 null] >> endobj 1778 0 obj << /D [1732 0 R /XYZ 71.731 141.968 null] >> endobj 1779 0 obj << /D [1732 0 R /XYZ 129.514 126.192 null] >> endobj 1780 0 obj << /D [1732 0 R /XYZ 129.514 126.192 null] >> endobj 1781 0 obj << /D [1732 0 R /XYZ 71.731 124.035 null] >> endobj 1782 0 obj << /D [1732 0 R /XYZ 129.514 108.259 null] >> endobj 1783 0 obj << /D [1732 0 R /XYZ 129.514 108.259 null] >> endobj 1784 0 obj << /D [1732 0 R /XYZ 71.731 106.103 null] >> endobj 1731 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R /F31 938 0 R /F60 1532 0 R /F55 1479 0 R /F38 1036 0 R /F68 1764 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1787 0 obj << /Length 1735 /Filter /FlateDecode >> stream xڵZn6+t17]hSNv3BX,`J"!yE&xUr^RϷnfi`6Ҽ~vOG"]„B#Ci rVeo, ꆑQ6}\mmU}Om WK۶erqMĢNVgOp ˆp8c'I,E E#ǼJwb'("! #:ā|@8+rSE&yer+P8 !-1EvGQ<'w'"ɠ_0F @mĹ0ކ,'(.a_ 0J)%C/@1s 4H>M FHdbh:;R D(X<&-aBpXZg:l҃gQQIgh`qxSABªK\fwqW>q0TnUƻm}f0D&? 3w8 w鼃/?_6%Q ($|A]x"٭kh]$#94)? K*{[YTOIޖ qe[|_SW4lks(u(ʶX?,yHJ{1 58Ԅ5 7X]0O +.^=^]E5^`<6[Brp;@|e 0ڛ`0Ruec !lcȑtSXn2?2o H#a*͂.cԥJZ_ʳOel;/v,0.%u`c^ xK姓cޜtqz쐱}u;75p>$q| ntH9^ǼuX騧h2fZ|yފtS(^%O;;␜]V}ړщd>c: ,;kH^#r&D~Nd8 'AP݄|”AQ2ު|NDd8U`!rt2Q yQ0/|K$Q > HU$ji #Eo3u2G.(X#1==لWk4*#:mBx]ۢ.^qJ:(sR=?!f/k2%+DlCTp% ZgB |v!P`!rTltS0݆('t/g*̲Ȓ#~ re 42"uޥMe jקELm6Ces CDt&s)81׸^uB?"{ bJ=ٸl5.k6d{]c2 Dd(1ٸ^CKE1x.\l\6CJ{\68!O,&q3$z6.i&VL͐km^cr6xFsEC';)jrq8^׵h -͐s-Sk rD3j$DXUIUL7tm"]gn5kS0h! zB. endstream endobj 1786 0 obj << /Type /Page /Contents 1787 0 R /Resources 1785 0 R /MediaBox [0 0 593.051 789.041] /Parent 1650 0 R >> endobj 1788 0 obj << /D [1786 0 R /XYZ -1.269 814.22 null] >> endobj 1789 0 obj << /D [1786 0 R /XYZ 129.514 708.344 null] >> endobj 1790 0 obj << /D [1786 0 R /XYZ 129.514 708.344 null] >> endobj 1791 0 obj << /D [1786 0 R /XYZ 71.731 689.166 null] >> endobj 74 0 obj << /D [1786 0 R /XYZ 257.488 649.793 null] >> endobj 1792 0 obj << /D [1786 0 R /XYZ 71.731 649.614 null] >> endobj 78 0 obj << /D [1786 0 R /XYZ 283.431 615.323 null] >> endobj 1793 0 obj << /D [1786 0 R /XYZ 71.731 615.173 null] >> endobj 1794 0 obj << /D [1786 0 R /XYZ 71.731 602.82 null] >> endobj 1795 0 obj << /D [1786 0 R /XYZ 71.731 602.82 null] >> endobj 1796 0 obj << /D [1786 0 R /XYZ 71.731 531.089 null] >> endobj 82 0 obj << /D [1786 0 R /XYZ 206.739 498.61 null] >> endobj 1797 0 obj << /D [1786 0 R /XYZ 71.731 498.461 null] >> endobj 1798 0 obj << /D [1786 0 R /XYZ 71.731 483.517 null] >> endobj 1799 0 obj << /D [1786 0 R /XYZ 76.712 407.452 null] >> endobj 1800 0 obj << /D [1786 0 R /XYZ 71.731 387.527 null] >> endobj 1801 0 obj << /D [1786 0 R /XYZ 71.731 387.527 null] >> endobj 1802 0 obj << /D [1786 0 R /XYZ 71.731 305.834 null] >> endobj 86 0 obj << /D [1786 0 R /XYZ 258.306 269.45 null] >> endobj 1803 0 obj << /D [1786 0 R /XYZ 71.731 269.271 null] >> endobj 90 0 obj << /D [1786 0 R /XYZ 283.431 234.979 null] >> endobj 1804 0 obj << /D [1786 0 R /XYZ 71.731 234.83 null] >> endobj 1805 0 obj << /D [1786 0 R /XYZ 71.731 222.476 null] >> endobj 1806 0 obj << /D [1786 0 R /XYZ 71.731 222.476 null] >> endobj 1807 0 obj << /D [1786 0 R /XYZ 71.731 104.718 null] >> endobj 1785 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F68 1764 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1810 0 obj << /Length 1509 /Filter /FlateDecode >> stream xˎ6~ -,L/RQh$m-ƻIm %GL9)Yp]7eMcoal o|)̓>E*ovѡVÂr<\CFybi^Q>0!(ƃaBǁDև )pޮffaic"H0g%su1#_PhgߟaDrF;C!cF[TB) l.K(gKzyTR%u2?K~H8EȜH+:*6hވϭFZ|GKE  ¸Ls[xbkN$m'YDah-hAa| .Bs.o$V#-Y,DC7'::N/a8^h A؍|jgIrL* k:Vqo|kBɈ/W=^wkb0oV#-]p%4]p%n.h]I>zmH1W=cwgl`l: uu2!;m@Rdefywb6t~f.e0{ R0i.`lֽحF4hd4Z2@RڕXdKjjCmr/)6(q[v5ޖI$AN8 B{)^UuդrI~g}/<́O\UeiAbbc21:-ewRUܚnmHOK :Ҵ#%]Y(H :p$Y3 +2եR:GRw[m2=6ʑHq2U;GN3swFg⌏T7Q@٫eu( 4iTPjjhk!Lk.<4-bwdk<Μtxկa@eOhQ'?lI6 7䈈_fVݏ(ɂ3"C&BkU_l72SsυOHPbҾua4 y^gd :Xw13z,LX-R "$X͑27f--M+I7Ujխ| 6NzfSx6e6걆k)zT哝eQ*ʺLoUGe77GWⅢy]v/;H~'qn{W;Z+Py}4=QZi.T$6غ5h$ق#_ YV,Z*_8S5MeZ"Y}^nNRf^|-%@N(vmrzub Q秋 u"_DCѺ[_]Ea5=T982%21}mC`j endstream endobj 1809 0 obj << /Type /Page /Contents 1810 0 R /Resources 1808 0 R /MediaBox [0 0 593.051 789.041] /Parent 1650 0 R >> endobj 1811 0 obj << /D [1809 0 R /XYZ -1.269 814.22 null] >> endobj 94 0 obj << /D [1809 0 R /XYZ 206.739 708.344 null] >> endobj 1812 0 obj << /D [1809 0 R /XYZ 71.731 708.194 null] >> endobj 1813 0 obj << /D [1809 0 R /XYZ 71.731 695.841 null] >> endobj 1814 0 obj << /D [1809 0 R /XYZ 71.731 695.841 null] >> endobj 1049 0 obj << /D [1809 0 R /XYZ 71.731 558.157 null] >> endobj 98 0 obj << /D [1809 0 R /XYZ 220.987 515.892 null] >> endobj 1815 0 obj << /D [1809 0 R /XYZ 71.731 495.751 null] >> endobj 1816 0 obj << /D [1809 0 R /XYZ 71.731 495.751 null] >> endobj 1817 0 obj << /D [1809 0 R /XYZ 411.732 483.015 null] >> endobj 1818 0 obj << /D [1809 0 R /XYZ 71.731 450.039 null] >> endobj 1819 0 obj << /D [1809 0 R /XYZ 197.18 437.187 null] >> endobj 1820 0 obj << /D [1809 0 R /XYZ 71.731 412.116 null] >> endobj 1822 0 obj << /D [1809 0 R /XYZ 71.731 381.311 null] >> endobj 1823 0 obj << /D [1809 0 R /XYZ 197.18 369.74 null] >> endobj 1824 0 obj << /D [1809 0 R /XYZ 71.731 344.669 null] >> endobj 1825 0 obj << /D [1809 0 R /XYZ 71.731 344.669 null] >> endobj 1826 0 obj << /D [1809 0 R /XYZ 148.603 335.169 null] >> endobj 1828 0 obj << /D [1809 0 R /XYZ 71.731 314.151 null] >> endobj 1829 0 obj << /D [1809 0 R /XYZ 71.731 290.173 null] >> endobj 1808 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F68 1764 0 R /F50 1352 0 R /F74 1821 0 R /F51 1354 0 R /F91 1827 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1832 0 obj << /Length 1634 /Filter /FlateDecode >> stream xڕXߏ6~,Rb M4?*UU*.aaK`3Å _n~ެ?0m&RoOIgɒWoy Q"bo)>؟y7eۼ_&DW^4$afmQ*ШlR])\ヽ*GA88pp8 J.E4w])Ze@(ݸ%ڦk?tWBާ:.Fx_ګiRh˺:i `pp,zFPRHz2vIK^:a 6@M!3j@[Z(1#!+-B#z}0n)XZE%k23_4[!~0A$#]bL$wV|1 v?Y!\3\ڝ#5!B^)Osxg|UJtR“mGUЅ*vEC<7٩1y%9:#hBu+%O3Fu FdP%D,V sX-d%z[8dqM1 7G: GMuByNʹbK6wji{a$p0MkwijtHpթrkU@c;gI ƃ=:uaiJ,WdǼu!A Qd|+4?DRh z;3JIzxyf5A@6W9ڤ$fA ڏL |:g{?w;J 3f=03oA?l !}'aC8uP5$aC{4 ŴH~#^{Ň&E jrrf1YGQ3 J~ 7Gs77OPJ$:dW5DX% Ȥ\Nǂb!1?%!@O/|U {qF2AxRJ endstream endobj 1831 0 obj << /Type /Page /Contents 1832 0 R /Resources 1830 0 R /MediaBox [0 0 593.051 789.041] /Parent 1878 0 R >> endobj 1833 0 obj << /D [1831 0 R /XYZ -1.269 814.22 null] >> endobj 1834 0 obj << /D [1831 0 R /XYZ 71.731 718.306 null] >> endobj 1835 0 obj << /D [1831 0 R /XYZ 71.731 706.187 null] >> endobj 1836 0 obj << /D [1831 0 R /XYZ 71.731 704.942 null] >> endobj 1837 0 obj << /D [1831 0 R /XYZ 137.484 687.92 null] >> endobj 1838 0 obj << /D [1831 0 R /XYZ 137.484 687.92 null] >> endobj 1839 0 obj << /D [1831 0 R /XYZ 71.731 685.763 null] >> endobj 1840 0 obj << /D [1831 0 R /XYZ 137.484 669.988 null] >> endobj 1841 0 obj << /D [1831 0 R /XYZ 137.484 669.988 null] >> endobj 1842 0 obj << /D [1831 0 R /XYZ 71.731 667.831 null] >> endobj 1843 0 obj << /D [1831 0 R /XYZ 137.484 652.055 null] >> endobj 1844 0 obj << /D [1831 0 R /XYZ 137.484 652.055 null] >> endobj 1845 0 obj << /D [1831 0 R /XYZ 71.731 649.898 null] >> endobj 1846 0 obj << /D [1831 0 R /XYZ 137.484 634.122 null] >> endobj 1847 0 obj << /D [1831 0 R /XYZ 137.484 634.122 null] >> endobj 1848 0 obj << /D [1831 0 R /XYZ 71.731 631.965 null] >> endobj 1849 0 obj << /D [1831 0 R /XYZ 137.484 616.189 null] >> endobj 1850 0 obj << /D [1831 0 R /XYZ 137.484 616.189 null] >> endobj 1851 0 obj << /D [1831 0 R /XYZ 71.731 601.081 null] >> endobj 1852 0 obj << /D [1831 0 R /XYZ 137.484 585.305 null] >> endobj 1853 0 obj << /D [1831 0 R /XYZ 137.484 585.305 null] >> endobj 1854 0 obj << /D [1831 0 R /XYZ 71.731 570.57 null] >> endobj 1855 0 obj << /D [1831 0 R /XYZ 137.484 554.421 null] >> endobj 1856 0 obj << /D [1831 0 R /XYZ 137.484 554.421 null] >> endobj 1857 0 obj << /D [1831 0 R /XYZ 71.731 552.264 null] >> endobj 1858 0 obj << /D [1831 0 R /XYZ 71.731 537.32 null] >> endobj 1859 0 obj << /D [1831 0 R /XYZ 71.731 525.826 null] >> endobj 1860 0 obj << /D [1831 0 R /XYZ 71.731 520.844 null] >> endobj 1861 0 obj << /D [1831 0 R /XYZ 157.41 501.22 null] >> endobj 1862 0 obj << /D [1831 0 R /XYZ 157.41 501.22 null] >> endobj 1863 0 obj << /D [1831 0 R /XYZ 364.731 501.22 null] >> endobj 1864 0 obj << /D [1831 0 R /XYZ 414.293 489.564 null] >> endobj 1865 0 obj << /D [1831 0 R /XYZ 157.41 477.908 null] >> endobj 1866 0 obj << /D [1831 0 R /XYZ 357.673 477.908 null] >> endobj 1867 0 obj << /D [1831 0 R /XYZ 71.731 476.021 null] >> endobj 1868 0 obj << /D [1831 0 R /XYZ 157.41 461.27 null] >> endobj 1869 0 obj << /D [1831 0 R /XYZ 157.41 461.27 null] >> endobj 1870 0 obj << /D [1831 0 R /XYZ 266.054 461.27 null] >> endobj 1871 0 obj << /D [1831 0 R /XYZ 71.731 424.306 null] >> endobj 1872 0 obj << /D [1831 0 R /XYZ 157.41 409.664 null] >> endobj 1873 0 obj << /D [1831 0 R /XYZ 157.41 409.664 null] >> endobj 1874 0 obj << /D [1831 0 R /XYZ 303.192 409.664 null] >> endobj 1875 0 obj << /D [1831 0 R /XYZ 356.873 409.664 null] >> endobj 1876 0 obj << /D [1831 0 R /XYZ 76.712 369.714 null] >> endobj 1877 0 obj << /D [1831 0 R /XYZ 166.376 314.237 null] >> endobj 1830 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1881 0 obj << /Length 1564 /Filter /FlateDecode >> stream xڵXݓ6_3C`ݷ|6tNΙf&Ƀ :[s(q}Wh%4}1 ~+aA?=x}{u.bJ&]nYD$Zd4!q^#k4o06˄O-+MX!g\w?[Dte0]"CGf.gʖZ9 b5Y.:ؔA%QL)VrY4>t-39͓kO>+qĐRM.`v& %ە_7*>I%".=UJ]gvmWns&Ek#8=9ޅư<-/EU;tt#䚻NygI]Aq ѩ[ix]d&tJ`; lNƵr׊ps> z_D}uOK̑;^ZJn^w>KodZ(?{뤷~@{} I2Zy]$,>H N__]c{ٵq2t -ϵu ͜o7O o+}䬮Y8`XqV~&{ġz&6wHgő>-wdPP\Grtmx9JSqQuLWf욒-27En[Q2Q򽲻hŀIYVJqբ ,'zf)$W>Np;۩c3ָ=8Y%WI?|mJ KLjx.L\J"x߁X[3{lԼh0>mU#$: ̕nL11oGsZq 4KD6Z/K)+Im1zJt`LacφQ ٩j=8nj)Q`:˶m31NV&r( ~N$\“b0*bW3]ɯϼQ@'x g> endobj 1882 0 obj << /D [1880 0 R /XYZ -1.269 814.22 null] >> endobj 1050 0 obj << /D [1880 0 R /XYZ 71.731 718.306 null] >> endobj 102 0 obj << /D [1880 0 R /XYZ 381.708 703.236 null] >> endobj 1051 0 obj << /D [1880 0 R /XYZ 71.731 692.184 null] >> endobj 106 0 obj << /D [1880 0 R /XYZ 220.471 651.526 null] >> endobj 1883 0 obj << /D [1880 0 R /XYZ 71.731 631.386 null] >> endobj 1884 0 obj << /D [1880 0 R /XYZ 71.731 631.386 null] >> endobj 1885 0 obj << /D [1880 0 R /XYZ 71.731 618.53 null] >> endobj 1886 0 obj << /D [1880 0 R /XYZ 71.731 617.284 null] >> endobj 1887 0 obj << /D [1880 0 R /XYZ 129.514 598.226 null] >> endobj 1888 0 obj << /D [1880 0 R /XYZ 129.514 598.226 null] >> endobj 1889 0 obj << /D [1880 0 R /XYZ 71.731 596.203 null] >> endobj 1890 0 obj << /D [1880 0 R /XYZ 129.514 580.293 null] >> endobj 1891 0 obj << /D [1880 0 R /XYZ 129.514 580.293 null] >> endobj 1892 0 obj << /D [1880 0 R /XYZ 71.731 558.211 null] >> endobj 1893 0 obj << /D [1880 0 R /XYZ 166.216 547.416 null] >> endobj 1894 0 obj << /D [1880 0 R /XYZ 219.904 547.416 null] >> endobj 1895 0 obj << /D [1880 0 R /XYZ 394.787 534.465 null] >> endobj 1896 0 obj << /D [1880 0 R /XYZ 448.475 534.465 null] >> endobj 1897 0 obj << /D [1880 0 R /XYZ 213.637 521.513 null] >> endobj 1898 0 obj << /D [1880 0 R /XYZ 71.731 473.528 null] >> endobj 1899 0 obj << /D [1880 0 R /XYZ 71.731 473.528 null] >> endobj 1900 0 obj << /D [1880 0 R /XYZ 71.731 440.771 null] >> endobj 1901 0 obj << /D [1880 0 R /XYZ 456.994 429.857 null] >> endobj 1902 0 obj << /D [1880 0 R /XYZ 71.731 381.872 null] >> endobj 1903 0 obj << /D [1880 0 R /XYZ 394.887 371.078 null] >> endobj 1052 0 obj << /D [1880 0 R /XYZ 71.731 354.724 null] >> endobj 110 0 obj << /D [1880 0 R /XYZ 414.21 311.627 null] >> endobj 1904 0 obj << /D [1880 0 R /XYZ 71.731 287.871 null] >> endobj 1905 0 obj << /D [1880 0 R /XYZ 71.731 287.871 null] >> endobj 1906 0 obj << /D [1880 0 R /XYZ 193.331 252.847 null] >> endobj 1907 0 obj << /D [1880 0 R /XYZ 167.322 239.895 null] >> endobj 1908 0 obj << /D [1880 0 R /XYZ 354.11 239.895 null] >> endobj 1909 0 obj << /D [1880 0 R /XYZ 374.932 239.895 null] >> endobj 1910 0 obj << /D [1880 0 R /XYZ 454.323 239.895 null] >> endobj 1053 0 obj << /D [1880 0 R /XYZ 71.731 223.542 null] >> endobj 114 0 obj << /D [1880 0 R /XYZ 298.094 180.444 null] >> endobj 1911 0 obj << /D [1880 0 R /XYZ 71.731 156.689 null] >> endobj 1879 0 obj << /Font << /F25 932 0 R /F33 939 0 R /F31 938 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1914 0 obj << /Length 1706 /Filter /FlateDecode >> stream xXKs6WfiFKIcO:IR:}$L(q  i9nC/6Iq,^6HPbwXx \D]ş7'RՔnYzG %ɻ +,>eMWҨZP9XqaLJN亁>myVZţYt/YiLNd:/rIO&ވ{YU 45b`zg Oʗ;Q,aBk)2³P'>/SRʃY/͙g }QI [>@&azONPtD vQ)W%&j>M/XP3='ۃzr}݈k彘H)*k;C rL3Uk$U<+bъ AJaTQYJ_Ym)nA(جb՗RQi*tăI(iYԼsC r>z. -%Pa-h*%J\Lt9^ %1|OTY:UvɞȄh*OiV,vCyFEvn{ J eyn^<(J- z^$@Nڕq\.b^?IPb糩@f髋,؉D4 zO`[3J|lTjKN2!9."NY=& (jXžJb+Ig[b+Id4[@f7EajPWuz^-Ω( &^程qu ZK>wZ߅[$sILGC*/吝Ƹ-s™BɆ(B@Z,(ӦZjZTLIikN=b4԰2%h>Y1#$yN24(n ;29}Fn|W=cE}{#@7OnP:z bۤ6݈f<ڳFyvp~f: 9D"B~Z:Q?Xd1?U eLr}0@ʇޣ{,=4"sgCLߖ.1ơl qC sX¤u9TS4#?!Lg +VXoOAF29詻W;9f&2xΦ4H#|ҰV $Dq(Zc3=^ _Oդ6 Nw1[7X@uqi\jgec _;4z4- %l: g $ \SR4%nF4^Qrzt) Q੒ơoK ~ endstream endobj 1913 0 obj << /Type /Page /Contents 1914 0 R /Resources 1912 0 R /MediaBox [0 0 593.051 789.041] /Parent 1878 0 R >> endobj 1915 0 obj << /D [1913 0 R /XYZ -1.269 814.22 null] >> endobj 1916 0 obj << /D [1913 0 R /XYZ 71.731 718.306 null] >> endobj 1917 0 obj << /D [1913 0 R /XYZ 71.731 718.306 null] >> endobj 1918 0 obj << /D [1913 0 R /XYZ 71.731 718.306 null] >> endobj 1919 0 obj << /D [1913 0 R /XYZ 129.514 708.344 null] >> endobj 1920 0 obj << /D [1913 0 R /XYZ 71.731 706.187 null] >> endobj 1921 0 obj << /D [1913 0 R /XYZ 129.514 690.411 null] >> endobj 1922 0 obj << /D [1913 0 R /XYZ 71.731 688.254 null] >> endobj 1923 0 obj << /D [1913 0 R /XYZ 129.514 672.478 null] >> endobj 1924 0 obj << /D [1913 0 R /XYZ 71.731 608.717 null] >> endobj 1925 0 obj << /D [1913 0 R /XYZ 319.371 595.766 null] >> endobj 1926 0 obj << /D [1913 0 R /XYZ 187.895 582.814 null] >> endobj 1927 0 obj << /D [1913 0 R /XYZ 119.552 569.863 null] >> endobj 1928 0 obj << /D [1913 0 R /XYZ 71.731 547.9 null] >> endobj 1929 0 obj << /D [1913 0 R /XYZ 71.731 547.9 null] >> endobj 1930 0 obj << /D [1913 0 R /XYZ 71.731 546.655 null] >> endobj 1931 0 obj << /D [1913 0 R /XYZ 129.514 529.514 null] >> endobj 1932 0 obj << /D [1913 0 R /XYZ 129.514 529.514 null] >> endobj 1933 0 obj << /D [1913 0 R /XYZ 171.765 529.514 null] >> endobj 1934 0 obj << /D [1913 0 R /XYZ 71.731 514.406 null] >> endobj 1935 0 obj << /D [1913 0 R /XYZ 129.514 498.63 null] >> endobj 1936 0 obj << /D [1913 0 R /XYZ 129.514 498.63 null] >> endobj 1937 0 obj << /D [1913 0 R /XYZ 440.824 498.63 null] >> endobj 1938 0 obj << /D [1913 0 R /XYZ 71.731 483.522 null] >> endobj 1939 0 obj << /D [1913 0 R /XYZ 129.514 467.746 null] >> endobj 1940 0 obj << /D [1913 0 R /XYZ 129.514 467.746 null] >> endobj 1941 0 obj << /D [1913 0 R /XYZ 71.731 465.589 null] >> endobj 1942 0 obj << /D [1913 0 R /XYZ 129.514 449.813 null] >> endobj 1943 0 obj << /D [1913 0 R /XYZ 129.514 449.813 null] >> endobj 1944 0 obj << /D [1913 0 R /XYZ 71.731 447.656 null] >> endobj 1945 0 obj << /D [1913 0 R /XYZ 129.514 431.88 null] >> endobj 1946 0 obj << /D [1913 0 R /XYZ 129.514 431.88 null] >> endobj 1947 0 obj << /D [1913 0 R /XYZ 71.731 394.022 null] >> endobj 1948 0 obj << /D [1913 0 R /XYZ 344.565 381.071 null] >> endobj 1949 0 obj << /D [1913 0 R /XYZ 465.769 381.071 null] >> endobj 1950 0 obj << /D [1913 0 R /XYZ 391.359 368.12 null] >> endobj 1951 0 obj << /D [1913 0 R /XYZ 472.704 368.12 null] >> endobj 1952 0 obj << /D [1913 0 R /XYZ 206.624 355.168 null] >> endobj 1953 0 obj << /D [1913 0 R /XYZ 314 355.168 null] >> endobj 1954 0 obj << /D [1913 0 R /XYZ 71.731 333.086 null] >> endobj 1955 0 obj << /D [1913 0 R /XYZ 143.342 322.291 null] >> endobj 1956 0 obj << /D [1913 0 R /XYZ 247.002 322.291 null] >> endobj 1957 0 obj << /D [1913 0 R /XYZ 336.386 322.291 null] >> endobj 1958 0 obj << /D [1913 0 R /XYZ 119.552 309.34 null] >> endobj 1959 0 obj << /D [1913 0 R /XYZ 208.936 309.34 null] >> endobj 1960 0 obj << /D [1913 0 R /XYZ 71.731 287.258 null] >> endobj 1054 0 obj << /D [1913 0 R /XYZ 71.731 273.061 null] >> endobj 118 0 obj << /D [1913 0 R /XYZ 166.466 229.964 null] >> endobj 1961 0 obj << /D [1913 0 R /XYZ 71.731 206.208 null] >> endobj 1962 0 obj << /D [1913 0 R /XYZ 71.731 149.102 null] >> endobj 1912 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 1966 0 obj << /Length 1944 /Filter /FlateDecode >> stream xڥX[~P ء~i'-]kIPp%J"v4~osfcR$\sc:ջW^m&ɪ"UqT)ɳ|U$1)x;~^frYN5ekZۍNMO[Lm~U]4bEF0EJns}F:ejޜOYivu׶Bj5|fJEiJ*zxsxu,PR,͖Jza^3T?P{@`K9ʱheBt /1VA$ɂ(&p{E,xx:0Qq}|Fl@P>.00)rtE]M%ﲞ>ziO)}`{t/- _!V#cp!I2qͯү?ܾp-;H +w#3قuAy4~ZןL0 sK)AQ%jFS0"@/U3}5;ղ5Mǖ]h/=OyF\@PL7YL;seQڠ0T)B;9F?hzi՘UPRe,D}l>ԅfX Ui|TA(Vp BiZz_sribE=ɌeO&S}p>Pn>V`'mb@KƧ pjvjp2f4\ӏg^0A=恲ÚwrEϤ8xLJ!KY{=0wR,F9 KAQKVId1$z% r/^El\:7f%?MJP617 w2#ˌ4~-gDzJ^"˓Fz&u k=18\64M"eψS3 n:{Qᠩzo^27 `NҌIubVY: }|e@0T^` DET0tJLV$ʣ/|I;HF,oMCQ niA$ < ‡z <h\M!PV'oy[[}w-ǭ{[Bj2hoF5:#d>ŀjQ욾Zϸ4}4)\7ӊϤ{jrdpz:k)liwJJʑl8Fԗ}[;XFssa{gVoyKHGbDWm0g$:fo_Zw\tT|fy$L͗ƈ'KTei[{@kh{3WƝEȴ}g&qQ%HZT OI<‡E~W@+HG8 DeKx;?.gL33Lfzo_D}:~=Q?W#u *d]` 5sNԤcXxBE"A<"YC`ojy։7YsN<^4ʓ97oo$Wp(V'[@74'mOAnĠ/@I&0#FaȞ /=VzY4a,rR$1z\#ٴs)֯TvFNztM6+NmBƞ`QW*=h&Z5 Zr=ڻBIGJ\Fa>}]Dt/a8hHtg!դ(^0/H8Z#}e,'*jw1 ؋`!yxO zj>v^~y]znKәub<7?i!t٪!릩_ ;mWl;%Zor m&z+> yqH+Rbɛݫpbi endstream endobj 1965 0 obj << /Type /Page /Contents 1966 0 R /Resources 1964 0 R /MediaBox [0 0 593.051 789.041] /Parent 1878 0 R /Annots [ 1963 0 R ] >> endobj 1963 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [391.03 412.787 445.326 423.691] /A << /S /GoTo /D (0:LOGFILE) >> >> endobj 1967 0 obj << /D [1965 0 R /XYZ -1.269 814.22 null] >> endobj 1968 0 obj << /D [1965 0 R /XYZ 71.731 718.306 null] >> endobj 1969 0 obj << /D [1965 0 R /XYZ 264.546 708.344 null] >> endobj 1970 0 obj << /D [1965 0 R /XYZ 486.083 708.344 null] >> endobj 1971 0 obj << /D [1965 0 R /XYZ 71.731 673.31 null] >> endobj 1972 0 obj << /D [1965 0 R /XYZ 71.731 640.433 null] >> endobj 1973 0 obj << /D [1965 0 R /XYZ 71.731 640.433 null] >> endobj 1974 0 obj << /D [1965 0 R /XYZ 71.731 639.188 null] >> endobj 1975 0 obj << /D [1965 0 R /XYZ 129.514 622.167 null] >> endobj 1976 0 obj << /D [1965 0 R /XYZ 129.514 622.167 null] >> endobj 1977 0 obj << /D [1965 0 R /XYZ 71.731 620.01 null] >> endobj 1978 0 obj << /D [1965 0 R /XYZ 129.514 604.234 null] >> endobj 1979 0 obj << /D [1965 0 R /XYZ 129.514 604.234 null] >> endobj 1980 0 obj << /D [1965 0 R /XYZ 413.456 591.283 null] >> endobj 1981 0 obj << /D [1965 0 R /XYZ 263.172 552.428 null] >> endobj 1982 0 obj << /D [1965 0 R /XYZ 71.731 550.272 null] >> endobj 1983 0 obj << /D [1965 0 R /XYZ 129.514 534.496 null] >> endobj 1984 0 obj << /D [1965 0 R /XYZ 129.514 534.496 null] >> endobj 1985 0 obj << /D [1965 0 R /XYZ 71.731 532.339 null] >> endobj 1986 0 obj << /D [1965 0 R /XYZ 129.514 516.563 null] >> endobj 1987 0 obj << /D [1965 0 R /XYZ 129.514 516.563 null] >> endobj 1988 0 obj << /D [1965 0 R /XYZ 474.954 503.611 null] >> endobj 1989 0 obj << /D [1965 0 R /XYZ 169.922 490.66 null] >> endobj 1990 0 obj << /D [1965 0 R /XYZ 169.922 490.66 null] >> endobj 1991 0 obj << /D [1965 0 R /XYZ 190.943 490.66 null] >> endobj 1992 0 obj << /D [1965 0 R /XYZ 71.731 488.503 null] >> endobj 1993 0 obj << /D [1965 0 R /XYZ 129.514 472.727 null] >> endobj 1994 0 obj << /D [1965 0 R /XYZ 129.514 472.727 null] >> endobj 1995 0 obj << /D [1965 0 R /XYZ 71.731 457.619 null] >> endobj 1996 0 obj << /D [1965 0 R /XYZ 129.514 441.843 null] >> endobj 1997 0 obj << /D [1965 0 R /XYZ 129.514 441.843 null] >> endobj 1998 0 obj << /D [1965 0 R /XYZ 71.731 413.783 null] >> endobj 1999 0 obj << /D [1965 0 R /XYZ 129.514 398.007 null] >> endobj 2000 0 obj << /D [1965 0 R /XYZ 129.514 398.007 null] >> endobj 1055 0 obj << /D [1965 0 R /XYZ 71.731 378.829 null] >> endobj 122 0 obj << /D [1965 0 R /XYZ 163.591 333.575 null] >> endobj 2001 0 obj << /D [1965 0 R /XYZ 71.731 313.435 null] >> endobj 2002 0 obj << /D [1965 0 R /XYZ 71.731 313.435 null] >> endobj 2003 0 obj << /D [1965 0 R /XYZ 310.065 287.747 null] >> endobj 2004 0 obj << /D [1965 0 R /XYZ 119.552 274.796 null] >> endobj 1056 0 obj << /D [1965 0 R /XYZ 71.731 271.393 null] >> endobj 126 0 obj << /D [1965 0 R /XYZ 234.966 228.296 null] >> endobj 2005 0 obj << /D [1965 0 R /XYZ 71.731 204.54 null] >> endobj 2006 0 obj << /D [1965 0 R /XYZ 71.731 204.54 null] >> endobj 2007 0 obj << /D [1965 0 R /XYZ 496.454 195.419 null] >> endobj 2008 0 obj << /D [1965 0 R /XYZ 340.708 182.468 null] >> endobj 2009 0 obj << /D [1965 0 R /XYZ 403.334 169.516 null] >> endobj 2010 0 obj << /D [1965 0 R /XYZ 71.731 131.494 null] >> endobj 1964 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2015 0 obj << /Length 997 /Filter /FlateDecode >> stream xWo6Ђ&)Q7 kC3EۂidŰ}")JC)}>E]@?/(Xe“` eLiI&x΃TjrAgU [L̤sFg;VijeqN uIԅ314~pi#yP:[4Zhzq/EՔ +{YT䟾T,&2wH]Q.֞,\o>y9V+u$ꚾ@/$ үn(-7#D OZoxAs v۱vZW k']U9(IVB]r[z"MnJDXYH5>KctA:$,%lG:]¦hgӴ ~7.MAdejY7xj~;bݘFI͜CQ ¦trlyiy%+0,p 6Ry*­apcJYc5G$bcHZ/</X2T~Zڏa) 2^Tũ~_uXJ8~ڈSqf CEIDfN}7_`qK)׸ŮuS+;iD]nU-hKu46%T @v8=KBDX fjS- 1uNº9ӵB QK*1۪ƲOr endstream endobj 2014 0 obj << /Type /Page /Contents 2015 0 R /Resources 2013 0 R /MediaBox [0 0 593.051 789.041] /Parent 1878 0 R /Annots [ 2012 0 R ] >> endobj 2012 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [434.806 142.975 489.102 153.879] /A << /S /GoTo /D (0:DYNUP) >> >> endobj 2016 0 obj << /D [2014 0 R /XYZ -1.269 814.22 null] >> endobj 2017 0 obj << /D [2014 0 R /XYZ 71.731 535.506 null] >> endobj 2018 0 obj << /D [2014 0 R /XYZ 71.731 511.816 null] >> endobj 1057 0 obj << /D [2014 0 R /XYZ 71.731 223.273 null] >> endobj 130 0 obj << /D [2014 0 R /XYZ 401.782 179.005 null] >> endobj 2019 0 obj << /D [2014 0 R /XYZ 71.731 155.249 null] >> endobj 2020 0 obj << /D [2014 0 R /XYZ 137.534 146.128 null] >> endobj 2021 0 obj << /D [2014 0 R /XYZ 244.642 120.225 null] >> endobj 2022 0 obj << /D [2014 0 R /XYZ 365.128 107.274 null] >> endobj 2013 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2029 0 obj << /Length 1704 /Filter /FlateDecode >> stream xڵXM6𩶁oZ )4=$AhDAߡ!QJ2EμyfFrWovjUQū$QCNڭG&@[R#/R>z,߇?\u"獎s$BE"7ϔk7KؤژuMC[Nry{-E^ZѪµ,jb Y#K|/C07qʂqyryRX=N JTn0|xTD?4@p쾐V/G ٧+^a|lG>]hW*d>2Zv\݉~WDDaeϓmoF3‚ֽ;+Gy ]}". Rx4Aah@4&}Vf323'u)7߅T S83_1*5~bvlEj ''v!(Cy7ߏJt'5-9]~꺘Zʦf^f>1щPr<B^8o^vuGTbG(';x׿87Қ:7]d*pYҭm! Ge i ӯC*h[-ҏ(B@nVKZ( eձ4!hO,iZ0/ib2mQ>-H8BY1 ^< x xQԜciíۘhzR1]J/p9l $[~!{H"H pRj4&7q9&VC6ZwH\&$;H-rBY*YyRSꮨ&>B&/Zee럼.y6-qj\y_8F1xȊpH>˹[N 7 :#\Jz]R:Zܵc6ĥ0En4i'43XCi v_>LDO|)χn>|t^OU71!jgx^>lPm]_"|zNi%mL0iV0èB,zS$G63 QKmRainUM^d<.XqqpԴ`aO"A]aL5K@2;F{Z4nN=~~ /L65k֠2(]H&OѦ™U$6+&0&=HB+E ?C݅ͩ+1orͱi0Fc u8[jɌjJRYKtKYlhYdR{^TkJj 3Q"٠ g/Y5[axdrS=]O@@N\|`-)'B <>~@Yr-22=#j8R-ˏ1]h+Ղ6""야SlՆÓv]Un>tj1dI^kxo|!RVMf朰-GvgQy3%/JTgxUxwA!?6ߪnH| Gc3#iThA3vn=E,m=NgF\-%{{N?Tw{sn.}E \͜ S??w8)({{w#A endstream endobj 2028 0 obj << /Type /Page /Contents 2029 0 R /Resources 2027 0 R /MediaBox [0 0 593.051 789.041] /Parent 1878 0 R /Annots [ 2024 0 R 2025 0 R ] >> endobj 2024 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 304.584 172.851 313.431] /A << /S /GoTo /D (0:POLICY) >> >> endobj 2025 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [290.389 154.942 340.81 165.956] /A << /S /GoTo /D (0:COMMAND-LINE) >> >> endobj 2030 0 obj << /D [2028 0 R /XYZ -1.269 814.22 null] >> endobj 2031 0 obj << /D [2028 0 R /XYZ 335.659 708.344 null] >> endobj 2032 0 obj << /D [2028 0 R /XYZ 373.437 708.344 null] >> endobj 2033 0 obj << /D [2028 0 R /XYZ 119.552 695.392 null] >> endobj 2034 0 obj << /D [2028 0 R /XYZ 71.731 660.359 null] >> endobj 2035 0 obj << /D [2028 0 R /XYZ 184.846 649.564 null] >> endobj 2036 0 obj << /D [2028 0 R /XYZ 306.997 649.564 null] >> endobj 2037 0 obj << /D [2028 0 R /XYZ 71.731 634.456 null] >> endobj 2038 0 obj << /D [2028 0 R /XYZ 71.731 633.211 null] >> endobj 2039 0 obj << /D [2028 0 R /XYZ 129.514 616.189 null] >> endobj 2040 0 obj << /D [2028 0 R /XYZ 346.15 616.189 null] >> endobj 2041 0 obj << /D [2028 0 R /XYZ 389.128 603.238 null] >> endobj 2042 0 obj << /D [2028 0 R /XYZ 71.731 590.187 null] >> endobj 2043 0 obj << /D [2028 0 R /XYZ 129.514 572.354 null] >> endobj 2044 0 obj << /D [2028 0 R /XYZ 181.11 572.354 null] >> endobj 2045 0 obj << /D [2028 0 R /XYZ 351.828 572.354 null] >> endobj 2046 0 obj << /D [2028 0 R /XYZ 450.627 572.354 null] >> endobj 2047 0 obj << /D [2028 0 R /XYZ 71.731 511.417 null] >> endobj 2048 0 obj << /D [2028 0 R /XYZ 156.075 500.623 null] >> endobj 1058 0 obj << /D [2028 0 R /XYZ 71.731 442.59 null] >> endobj 134 0 obj << /D [2028 0 R /XYZ 387.682 397.336 null] >> endobj 2049 0 obj << /D [2028 0 R /XYZ 71.731 373.58 null] >> endobj 2050 0 obj << /D [2028 0 R /XYZ 71.731 329.426 null] >> endobj 2051 0 obj << /D [2028 0 R /XYZ 71.731 285.655 null] >> endobj 2052 0 obj << /D [2028 0 R /XYZ 133.111 272.803 null] >> endobj 1059 0 obj << /D [2028 0 R /XYZ 71.731 256.449 null] >> endobj 138 0 obj << /D [2028 0 R /XYZ 96.607 190.972 null] >> endobj 2053 0 obj << /D [2028 0 R /XYZ 71.731 170.831 null] >> endobj 2054 0 obj << /D [2028 0 R /XYZ 460.819 158.095 null] >> endobj 2055 0 obj << /D [2028 0 R /XYZ 119.552 132.192 null] >> endobj 2027 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2059 0 obj << /Length 1511 /Filter /FlateDecode >> stream xڝXMo8WbFM[t@ t{e"H!9/]DΛHスyx+-ۮõxmKm{{_s^k,Wa/"oEdKU|'ܣJjqEX., ӄ~ 71K[U.кʍ]u3Ym.$5OJq{؉}j>}Uעݜד)?@EpMiutC9﭂m) 6 2&*NY`i-dm*;:Ȇs̎<_yBqJ"I~[eC Cup[e)T\Ss*﹠ K|~CK.:ʂXƔ#t wVQdQR\V=ݬ]Z !\DR{1l Tib@]uYdv ATrtXF(c3m jl&)\Xuֽ\Wv;GtO4E>V+Jf*yܓYv7]6F:iQKVsP_ [0-ݴ?K\&b@>UagOB̀zV>h_~i >I6~mcFʕ:bq:d fC`3'\X9˜(.i]ddB15:Oz43 wvvi+sSr\U&TwLT}1h~ RplQkfԄ=z&Ady.&N);9޷N 3ou5;w힤C4LeXNը ,,C[N@ 'O7 8ޤa4<(Ѥ֎1֫WG1 }> endobj 2026 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [330.518 705.191 380.939 716.095] /A << /S /GoTo /D (0:THE-CONFIGURATION-FILE) >> >> endobj 2060 0 obj << /D [2058 0 R /XYZ -1.269 814.22 null] >> endobj 2061 0 obj << /D [2058 0 R /XYZ 71.731 741.22 null] >> endobj 2062 0 obj << /D [2058 0 R /XYZ 71.731 718.306 null] >> endobj 2063 0 obj << /D [2058 0 R /XYZ 119.552 695.392 null] >> endobj 2064 0 obj << /D [2058 0 R /XYZ 205.618 682.441 null] >> endobj 1060 0 obj << /D [2058 0 R /XYZ 71.731 666.087 null] >> endobj 142 0 obj << /D [2058 0 R /XYZ 400.851 622.99 null] >> endobj 2065 0 obj << /D [2058 0 R /XYZ 71.731 602.849 null] >> endobj 2066 0 obj << /D [2058 0 R /XYZ 330.937 590.113 null] >> endobj 2067 0 obj << /D [2058 0 R /XYZ 409.81 590.113 null] >> endobj 2068 0 obj << /D [2058 0 R /XYZ 452.699 590.113 null] >> endobj 2069 0 obj << /D [2058 0 R /XYZ 71.731 542.128 null] >> endobj 2070 0 obj << /D [2058 0 R /XYZ 393.123 531.333 null] >> endobj 2071 0 obj << /D [2058 0 R /XYZ 71.731 516.36 null] >> endobj 2072 0 obj << /D [2058 0 R /XYZ 71.731 501.416 null] >> endobj 2073 0 obj << /D [2058 0 R /XYZ 71.731 430.611 null] >> endobj 2074 0 obj << /D [2058 0 R /XYZ 293.289 417.66 null] >> endobj 2075 0 obj << /D [2058 0 R /XYZ 71.731 395.578 null] >> endobj 2076 0 obj << /D [2058 0 R /XYZ 71.731 382.626 null] >> endobj 2077 0 obj << /D [2058 0 R /XYZ 139.477 366.85 null] >> endobj 2078 0 obj << /D [2058 0 R /XYZ 71.731 341.779 null] >> endobj 2079 0 obj << /D [2058 0 R /XYZ 71.731 328.828 null] >> endobj 2080 0 obj << /D [2058 0 R /XYZ 141.968 314.347 null] >> endobj 2081 0 obj << /D [2058 0 R /XYZ 71.731 299.403 null] >> endobj 2082 0 obj << /D [2058 0 R /XYZ 71.731 245.802 null] >> endobj 2083 0 obj << /D [2058 0 R /XYZ 71.731 163.712 null] >> endobj 2057 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2087 0 obj << /Length 1603 /Filter /FlateDecode >> stream xXn6}W,] ˕EҸHMF ) ^DlCF@X̙3g- olz]d(xqsf!xlFfcCIjDr aȏ+[j&XygNq0+B~K"/R5ݚ˧u_W,YWӟQc/ }{ e֥`G&G!I%`oƻlj8Y\ RB /`A7HaAsp8f 5_GvKuN,Nvv(`.jٛp7wиsVKNw;+7ۖTJkd>3A^`H񉱄"&kp.[9XZnڀ[X 4$_0Yi+?Ut;3Q|뉡+役M{Flj{˛'f h}c&)OڢB~ [D8'I Z5p{oMǎ{%d̤N7|Glh?[VXpq6/*h)9=૗oիC@s4n;sy5P 1ոnantv5{(~eM(ĘOÄ́5Ԛӄv2 V&0eu8-}$]^MӅ p#hb4+g;ed rƪ0AieT1lՉuhX&zb5t9vpIy,fD5z˗J~\.lYGp<VYmйccTNl.S۪r!el)Za^c'nJZ3E gL7A0_me"Qtz7! gNq֨ccqD R6P H?O-NZE>) Pd+ô# _ rL4*Hc?Q'.khͩ(skB!𝦸uӌŽCm9CVNUŢv:BvX.Pа(=4'XWmF@C\->A؅{$cǮFk -gaA;ʜ th {N:u5\Ō X{"^v7Ӈje-u2zbrm'`O)ljEɾ^Y?(_vd6T=p> endobj 2088 0 obj << /D [2086 0 R /XYZ -1.269 814.22 null] >> endobj 2089 0 obj << /D [2086 0 R /XYZ 71.731 741.22 null] >> endobj 2090 0 obj << /D [2086 0 R /XYZ 71.731 718.306 null] >> endobj 2091 0 obj << /D [2086 0 R /XYZ 171.576 695.392 null] >> endobj 1061 0 obj << /D [2086 0 R /XYZ 71.731 551.432 null] >> endobj 146 0 obj << /D [2086 0 R /XYZ 330.82 506.178 null] >> endobj 2092 0 obj << /D [2086 0 R /XYZ 71.731 482.422 null] >> endobj 2093 0 obj << /D [2086 0 R /XYZ 236.801 473.301 null] >> endobj 2094 0 obj << /D [2086 0 R /XYZ 71.731 438.641 null] >> endobj 2095 0 obj << /D [2086 0 R /XYZ 338.688 427.473 null] >> endobj 2096 0 obj << /D [2086 0 R /XYZ 158.844 414.522 null] >> endobj 2097 0 obj << /D [2086 0 R /XYZ 255.401 401.57 null] >> endobj 2098 0 obj << /D [2086 0 R /XYZ 71.731 379.488 null] >> endobj 2099 0 obj << /D [2086 0 R /XYZ 71.731 346.611 null] >> endobj 2100 0 obj << /D [2086 0 R /XYZ 71.731 346.611 null] >> endobj 2101 0 obj << /D [2086 0 R /XYZ 71.731 345.366 null] >> endobj 2102 0 obj << /D [2086 0 R /XYZ 129.514 328.345 null] >> endobj 2103 0 obj << /D [2086 0 R /XYZ 71.731 326.188 null] >> endobj 2104 0 obj << /D [2086 0 R /XYZ 129.514 310.412 null] >> endobj 2105 0 obj << /D [2086 0 R /XYZ 71.731 308.255 null] >> endobj 2106 0 obj << /D [2086 0 R /XYZ 129.514 292.479 null] >> endobj 2107 0 obj << /D [2086 0 R /XYZ 71.731 254.621 null] >> endobj 2108 0 obj << /D [2086 0 R /XYZ 71.731 254.621 null] >> endobj 2109 0 obj << /D [2086 0 R /XYZ 71.731 219.707 null] >> endobj 2110 0 obj << /D [2086 0 R /XYZ 71.731 219.707 null] >> endobj 2111 0 obj << /D [2086 0 R /XYZ 71.731 218.462 null] >> endobj 2112 0 obj << /D [2086 0 R /XYZ 129.514 201.321 null] >> endobj 2113 0 obj << /D [2086 0 R /XYZ 370.359 201.321 null] >> endobj 2114 0 obj << /D [2086 0 R /XYZ 71.731 199.164 null] >> endobj 2115 0 obj << /D [2086 0 R /XYZ 129.514 183.388 null] >> endobj 2116 0 obj << /D [2086 0 R /XYZ 370.359 183.388 null] >> endobj 2117 0 obj << /D [2086 0 R /XYZ 71.731 181.231 null] >> endobj 2118 0 obj << /D [2086 0 R /XYZ 129.514 165.456 null] >> endobj 2119 0 obj << /D [2086 0 R /XYZ 186.64 165.456 null] >> endobj 2120 0 obj << /D [2086 0 R /XYZ 464.117 165.456 null] >> endobj 2121 0 obj << /D [2086 0 R /XYZ 71.731 163.299 null] >> endobj 2122 0 obj << /D [2086 0 R /XYZ 129.514 147.523 null] >> endobj 2123 0 obj << /D [2086 0 R /XYZ 285.866 147.523 null] >> endobj 2124 0 obj << /D [2086 0 R /XYZ 71.731 145.366 null] >> endobj 2125 0 obj << /D [2086 0 R /XYZ 129.514 129.59 null] >> endobj 2126 0 obj << /D [2086 0 R /XYZ 144.179 129.59 null] >> endobj 2127 0 obj << /D [2086 0 R /XYZ 71.731 127.433 null] >> endobj 2085 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2130 0 obj << /Length 1189 /Filter /FlateDecode >> stream xڭWK6ϯC4xm6((Y%74`Yu~}/h6EeArt 76״]J24G]NB*]f\/5~ǧQ5ӧ{=V ofAo?Ql%>qEJ?kMk endstream endobj 2129 0 obj << /Type /Page /Contents 2130 0 R /Resources 2128 0 R /MediaBox [0 0 593.051 789.041] /Parent 2084 0 R >> endobj 2131 0 obj << /D [2129 0 R /XYZ -1.269 814.22 null] >> endobj 2132 0 obj << /D [2129 0 R /XYZ 129.514 708.344 null] >> endobj 2133 0 obj << /D [2129 0 R /XYZ 343.69 708.344 null] >> endobj 2134 0 obj << /D [2129 0 R /XYZ 435.285 708.344 null] >> endobj 2135 0 obj << /D [2129 0 R /XYZ 470.981 708.344 null] >> endobj 2136 0 obj << /D [2129 0 R /XYZ 379.823 695.392 null] >> endobj 2137 0 obj << /D [2129 0 R /XYZ 340.302 649.564 null] >> endobj 2138 0 obj << /D [2129 0 R /XYZ 396.201 649.564 null] >> endobj 2139 0 obj << /D [2129 0 R /XYZ 295.55 636.613 null] >> endobj 2140 0 obj << /D [2129 0 R /XYZ 442.597 636.613 null] >> endobj 2141 0 obj << /D [2129 0 R /XYZ 71.731 614.531 null] >> endobj 2142 0 obj << /D [2129 0 R /XYZ 264.277 603.736 null] >> endobj 2143 0 obj << /D [2129 0 R /XYZ 399.867 603.736 null] >> endobj 2144 0 obj << /D [2129 0 R /XYZ 76.712 571.606 null] >> endobj 150 0 obj << /D [2129 0 R /XYZ 432.453 532.234 null] >> endobj 2145 0 obj << /D [2129 0 R /XYZ 71.731 509.117 null] >> endobj 2146 0 obj << /D [2129 0 R /XYZ 245.143 499.357 null] >> endobj 2147 0 obj << /D [2129 0 R /XYZ 452.718 486.406 null] >> endobj 2148 0 obj << /D [2129 0 R /XYZ 71.731 464.324 null] >> endobj 2149 0 obj << /D [2129 0 R /XYZ 313.263 453.529 null] >> endobj 2150 0 obj << /D [2129 0 R /XYZ 369.163 453.529 null] >> endobj 2151 0 obj << /D [2129 0 R /XYZ 262.166 440.578 null] >> endobj 2152 0 obj << /D [2129 0 R /XYZ 71.731 428.458 null] >> endobj 2153 0 obj << /D [2129 0 R /XYZ 141.071 418.959 null] >> endobj 2154 0 obj << /D [2129 0 R /XYZ 170.122 418.959 null] >> endobj 2155 0 obj << /D [2129 0 R /XYZ 141.071 407.303 null] >> endobj 2156 0 obj << /D [2129 0 R /XYZ 170.122 407.303 null] >> endobj 2157 0 obj << /D [2129 0 R /XYZ 141.071 372.334 null] >> endobj 2158 0 obj << /D [2129 0 R /XYZ 170.122 372.334 null] >> endobj 2128 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F25 932 0 R /F51 1354 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2162 0 obj << /Length 1848 /Filter /FlateDecode >> stream xڵYKs6W)c |ֺI&}dڱgzHs)X츿H!{1iob:3l?ߜ]~ < E<](acUeqN6 ' w2yz:fNdywl_o~)J#)LM`l$|"{jƼ܈[D)W ̈)0Pr06وznwjbWtȌTysnm ~fń!A)ֹݘ$D<"g+?hE YXtr./%H-k]. ^"&֞RZXXYYlhKYuL@նx9*VzgWT-N쳒mQeH*\\\2)<ħK1?wuY@4.SJ\!Y80LK"'AV}9Q AO-:CH  )cV+. 4`Yws+Po!o}+L>WadjSh*)=՜T˪g,aSAA%;Kg˱ʌlS ̾sE-굏^}PoMsCN^\r\+FT!R#⟹ّ>'YQZ3*gcqWɓ!T$S7ϩB$(JY$iaYwֱٜ9<;i<]\(,yN bՐNKeB(;(dsp=}?z݈Ҟi;teիGz .͉t38Xvk,n}N6e^rGlgO<O=(MyR1;TSե'w-Y iec/:U #/aB@H&e0hem#o QM!Fި˲7¢[6EֵID;66A=] nr2Tq9Vcwz3NSߩ\<:Vikvhn;כZANY˜.[YuEdPǚ&Io{ru ;D@|k4Kbq24&#ύK:ʄ;ͩHJƒڿ3=03$0h=LNj:} l$k0I39o>f( țvQ>h endstream endobj 2161 0 obj << /Type /Page /Contents 2162 0 R /Resources 2160 0 R /MediaBox [0 0 593.051 789.041] /Parent 2084 0 R /Annots [ 2159 0 R ] >> endobj 2159 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [157.299 623.953 205.787 632.8] /A << /S /GoTo /D (0:CONFIGFILE) >> >> endobj 2163 0 obj << /D [2161 0 R /XYZ -1.269 814.22 null] >> endobj 1062 0 obj << /D [2161 0 R /XYZ 71.731 718.306 null] >> endobj 154 0 obj << /D [2161 0 R /XYZ 507.703 703.236 null] >> endobj 2164 0 obj << /D [2161 0 R /XYZ 71.731 672.259 null] >> endobj 2165 0 obj << /D [2161 0 R /XYZ 222.485 663.903 null] >> endobj 2166 0 obj << /D [2161 0 R /XYZ 296.367 663.903 null] >> endobj 2167 0 obj << /D [2161 0 R /XYZ 119.552 650.952 null] >> endobj 1063 0 obj << /D [2161 0 R /XYZ 71.731 624.95 null] >> endobj 158 0 obj << /D [2161 0 R /XYZ 169.341 579.795 null] >> endobj 2168 0 obj << /D [2161 0 R /XYZ 71.731 559.655 null] >> endobj 2169 0 obj << /D [2161 0 R /XYZ 71.731 559.655 null] >> endobj 2170 0 obj << /D [2161 0 R /XYZ 365.826 546.918 null] >> endobj 2171 0 obj << /D [2161 0 R /XYZ 459.065 546.918 null] >> endobj 2172 0 obj << /D [2161 0 R /XYZ 143.042 533.967 null] >> endobj 2173 0 obj << /D [2161 0 R /XYZ 427.179 533.967 null] >> endobj 2174 0 obj << /D [2161 0 R /XYZ 71.731 518.858 null] >> endobj 162 0 obj << /D [2161 0 R /XYZ 258.693 481.643 null] >> endobj 2175 0 obj << /D [2161 0 R /XYZ 71.731 458.748 null] >> endobj 2176 0 obj << /D [2161 0 R /XYZ 289.224 448.766 null] >> endobj 2177 0 obj << /D [2161 0 R /XYZ 71.731 433.778 null] >> endobj 2178 0 obj << /D [2161 0 R /XYZ 71.731 433.778 null] >> endobj 2179 0 obj << /D [2161 0 R /XYZ 71.731 211.81 null] >> endobj 2180 0 obj << /D [2161 0 R /XYZ 71.731 163.825 null] >> endobj 2181 0 obj << /D [2161 0 R /XYZ 409.461 153.031 null] >> endobj 2182 0 obj << /D [2161 0 R /XYZ 208.81 140.079 null] >> endobj 2183 0 obj << /D [2161 0 R /XYZ 71.731 105.046 null] >> endobj 2184 0 obj << /D [2161 0 R /XYZ 71.731 105.046 null] >> endobj 2185 0 obj << /D [2161 0 R /XYZ 71.731 103.8 null] >> endobj 2160 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2190 0 obj << /Length 1157 /Filter /FlateDecode >> stream xWn8+tc5MR`&m 0uWnLȤ!%nF+Ϲ:m9UF%q!EYL2n6ŮaxBc*n崈QKvt]?JyM*v3 Ђh:0=Ul7dȭAc[vrö%=(ù~u-vfyb`޾f ̒=N:](:O80LQxtH]`XawXpF/Imh4#xGcH([{RХȒ Yt.d`8MS{yM3.cdai F)4P*ę"!0ɻI=<=l HZRbu OC_;r}ˁ/W׏E-^Z~-@J.֘^U\3'zlb껗@/}Smr\^臎^GzlBūJ6sv϶pFX}^ZȆ2L{~nUw.Ѻ 1<%"/榷4HP(GaϵTQ}6IMU(eq[[SCC뻡;@cg"V{@|wQd3׭.k ޝV{iOYqo N*}945/,F8sC[xy騟"+[p!mጺfW&&dy;Lp4O&z_|] endstream endobj 2189 0 obj << /Type /Page /Contents 2190 0 R /Resources 2188 0 R /MediaBox [0 0 593.051 789.041] /Parent 2084 0 R /Annots [ 2186 0 R 2187 0 R ] >> endobj 2186 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [239.371 564.717 293.667 575.621] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 2187 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [278.484 99.044 325.308 109.948] /A << /S /GoTo /D (0:THRESHOLDS) >> >> endobj 2191 0 obj << /D [2189 0 R /XYZ -1.269 814.22 null] >> endobj 2192 0 obj << /D [2189 0 R /XYZ 129.514 708.344 null] >> endobj 2193 0 obj << /D [2189 0 R /XYZ 350.722 708.344 null] >> endobj 2194 0 obj << /D [2189 0 R /XYZ 410.776 708.344 null] >> endobj 2195 0 obj << /D [2189 0 R /XYZ 71.731 706.187 null] >> endobj 2196 0 obj << /D [2189 0 R /XYZ 129.514 690.411 null] >> endobj 2197 0 obj << /D [2189 0 R /XYZ 71.731 688.254 null] >> endobj 2198 0 obj << /D [2189 0 R /XYZ 129.514 672.478 null] >> endobj 2199 0 obj << /D [2189 0 R /XYZ 71.731 672.379 null] >> endobj 2200 0 obj << /D [2189 0 R /XYZ 129.514 654.545 null] >> endobj 2201 0 obj << /D [2189 0 R /XYZ 71.731 654.446 null] >> endobj 2202 0 obj << /D [2189 0 R /XYZ 129.514 636.613 null] >> endobj 2203 0 obj << /D [2189 0 R /XYZ 71.731 634.456 null] >> endobj 2204 0 obj << /D [2189 0 R /XYZ 129.514 618.68 null] >> endobj 2205 0 obj << /D [2189 0 R /XYZ 220.163 618.68 null] >> endobj 2206 0 obj << /D [2189 0 R /XYZ 71.731 580.822 null] >> endobj 2207 0 obj << /D [2189 0 R /XYZ 357.218 567.87 null] >> endobj 2208 0 obj << /D [2189 0 R /XYZ 165.081 554.919 null] >> endobj 2209 0 obj << /D [2189 0 R /XYZ 71.731 532.837 null] >> endobj 2210 0 obj << /D [2189 0 R /XYZ 71.731 509.923 null] >> endobj 2211 0 obj << /D [2189 0 R /XYZ 71.731 186.017 null] >> endobj 166 0 obj << /D [2189 0 R /XYZ 213.661 148.025 null] >> endobj 2212 0 obj << /D [2189 0 R /XYZ 71.731 127.92 null] >> endobj 2213 0 obj << /D [2189 0 R /XYZ 71.731 127.92 null] >> endobj 2214 0 obj << /D [2189 0 R /XYZ 276.422 115.148 null] >> endobj 2188 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2217 0 obj << /Length 1979 /Filter /FlateDecode >> stream xڵZ[o6~ϯ U{.ZwAG,ܬ;HYUvDm<=quq1/BO}ou1/"/`z}e/8jOOf_.XuZ?K'7͏wqfij6\.>]=!"/^WF, }㘂 >g_@/w1s-KEDzb"ej,ѳaerD)}nTїy"O,#?(0`pDbhHt~4Ƽfugj9IYu\oes-(knN4{wWdi|wj%u #*+`_b_A_wɋ=ZA3!Féoa|e l2b'>^y [ɯﮪ5Uod5Fdmh 2q [Py># +{dbu6oe7|Or*BߑoW7 7#g8z׿=սU%;ܦ&C>QAºL39W2%`pD;ah&w >adwKoލxz˲(`vӮ JP̔1Ƥo#d!+wdVCXhc4+ʭk?Pa3:93vB}6RŇF` zjm8M,K#|\'Y? eh`(1`! MweHss咊l2/`L}}T=ȳϨκ>BDP)-3W,VfVP= U~|PBQ~4s|Q[}6[p*k~\"!AT>42F!=kP3XbϝL?`Pť D!f \ă0>Ǯ0>+1`1';h2Y!cD p3B [2oTe"jP}V5uuwZ!1@%ui y "ve٭Gte/Qrid ;ڝA4G'p3# %#.ee4ۋzoʴ6s(ܒP?Y D",#CϞ9ZI{]YliIBqUҔ&o+G)g,(rCz&2'7/?gm讀U&ug2^ ve)c"ܦnǜ`33v#gSv~f:@O\Pmd.8{d2]j2 Xq>SgZc, e'x4m;vڒSgהz9U H&cر(8+ChQ9:BL)iYj6G.IkbӘ,wD.Ց3;/yiFieOTUzkklj-<Bx걀!r+}7*BBi):Փd]3u8\IVTmUi_veqdظ34~ڧ͇q9b IޗDW67NSI]i4kvq";Ϭ]}䅝k"$e=ۑ 5R!ఎ 33y^G.Z={}UNC<߾WkDyv,.pK6 QHqnBNJlю3 ( K =8>?/? endstream endobj 2216 0 obj << /Type /Page /Contents 2217 0 R /Resources 2215 0 R /MediaBox [0 0 593.051 789.041] /Parent 2084 0 R >> endobj 2218 0 obj << /D [2216 0 R /XYZ -1.269 814.22 null] >> endobj 2219 0 obj << /D [2216 0 R /XYZ 71.731 741.22 null] >> endobj 2220 0 obj << /D [2216 0 R /XYZ 71.731 718.306 null] >> endobj 2221 0 obj << /D [2216 0 R /XYZ 71.731 718.306 null] >> endobj 2222 0 obj << /D [2216 0 R /XYZ 71.731 718.306 null] >> endobj 2223 0 obj << /D [2216 0 R /XYZ 71.731 718.306 null] >> endobj 2224 0 obj << /D [2216 0 R /XYZ 71.731 542.366 null] >> endobj 2225 0 obj << /D [2216 0 R /XYZ 71.731 494.381 null] >> endobj 2226 0 obj << /D [2216 0 R /XYZ 71.731 494.381 null] >> endobj 2227 0 obj << /D [2216 0 R /XYZ 71.731 483.173 null] >> endobj 2228 0 obj << /D [2216 0 R /XYZ 71.731 483.173 null] >> endobj 2229 0 obj << /D [2216 0 R /XYZ 71.731 308.18 null] >> endobj 170 0 obj << /D [2216 0 R /XYZ 360.048 268.808 null] >> endobj 2230 0 obj << /D [2216 0 R /XYZ 71.731 245.691 null] >> endobj 2231 0 obj << /D [2216 0 R /XYZ 301.915 235.931 null] >> endobj 2232 0 obj << /D [2216 0 R /XYZ 119.552 222.98 null] >> endobj 2233 0 obj << /D [2216 0 R /XYZ 192.736 222.98 null] >> endobj 2234 0 obj << /D [2216 0 R /XYZ 277.707 222.98 null] >> endobj 2235 0 obj << /D [2216 0 R /XYZ 238.504 197.077 null] >> endobj 2236 0 obj << /D [2216 0 R /XYZ 71.731 179.976 null] >> endobj 2237 0 obj << /D [2216 0 R /XYZ 71.731 169.082 null] >> endobj 2238 0 obj << /D [2216 0 R /XYZ 139.477 151.249 null] >> endobj 2239 0 obj << /D [2216 0 R /XYZ 71.731 139.129 null] >> endobj 2240 0 obj << /D [2216 0 R /XYZ 71.731 128.235 null] >> endobj 2241 0 obj << /D [2216 0 R /XYZ 139.477 110.402 null] >> endobj 2215 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2244 0 obj << /Length 1292 /Filter /FlateDecode >> stream xڵWo8~_T b{e]OpvLb svB$v[B|3fuVyi~6F΄LB:3]'Q23Om .=T䏮KW{A4L=~|e&,NH}"@5P (F0I ik}:l3"2g )SlRlʼn> vnJD)ci|Ȍ5Rk3f`a/kUdJ4=pr%ucĠz[x%͗ߺ'T}VA— kQ˿7#Y戋ypjgwQp1+EEifJ+&If W3+ܡg\l .=wuJCoPbmw&"^xXwj[U&K΀ ߇a *{)flŠ*I&p$ ~DsZ"b5iVB%c=i-\&j4)r=L9ɑ>R/ojj5 DA ]gFWRY 2͊p; %V(Ak[>.?N롤$۠_UѺyU2orʦgq} ;mEto\1`KtW 9l4uzb[|ß g M2 ]ϛ45Mbƶq7[;,jDn{ ֆEw R}]=Xbs/T,>g04w?MKN@sA B2s\V endstream endobj 2243 0 obj << /Type /Page /Contents 2244 0 R /Resources 2242 0 R /MediaBox [0 0 593.051 789.041] /Parent 2291 0 R >> endobj 2245 0 obj << /D [2243 0 R /XYZ -1.269 814.22 null] >> endobj 2246 0 obj << /D [2243 0 R /XYZ 71.731 718.306 null] >> endobj 2247 0 obj << /D [2243 0 R /XYZ 71.731 708.244 null] >> endobj 2248 0 obj << /D [2243 0 R /XYZ 139.477 690.411 null] >> endobj 2249 0 obj << /D [2243 0 R /XYZ 71.731 667.397 null] >> endobj 2250 0 obj << /D [2243 0 R /XYZ 139.477 649.564 null] >> endobj 2251 0 obj << /D [2243 0 R /XYZ 71.731 637.445 null] >> endobj 2252 0 obj << /D [2243 0 R /XYZ 71.731 626.551 null] >> endobj 2253 0 obj << /D [2243 0 R /XYZ 139.477 608.717 null] >> endobj 2254 0 obj << /D [2243 0 R /XYZ 71.731 596.598 null] >> endobj 2255 0 obj << /D [2243 0 R /XYZ 71.731 585.704 null] >> endobj 2256 0 obj << /D [2243 0 R /XYZ 139.477 567.87 null] >> endobj 2257 0 obj << /D [2243 0 R /XYZ 71.731 530.012 null] >> endobj 2258 0 obj << /D [2243 0 R /XYZ 71.731 504.942 null] >> endobj 1064 0 obj << /D [2243 0 R /XYZ 71.731 369.229 null] >> endobj 174 0 obj << /D [2243 0 R /XYZ 320.077 325.356 null] >> endobj 2259 0 obj << /D [2243 0 R /XYZ 71.731 301.6 null] >> endobj 2260 0 obj << /D [2243 0 R /XYZ 71.731 301.6 null] >> endobj 2261 0 obj << /D [2243 0 R /XYZ 71.731 270.397 null] >> endobj 2262 0 obj << /D [2243 0 R /XYZ 71.731 270.397 null] >> endobj 2263 0 obj << /D [2243 0 R /XYZ 71.731 269.152 null] >> endobj 2264 0 obj << /D [2243 0 R /XYZ 129.514 252.131 null] >> endobj 2265 0 obj << /D [2243 0 R /XYZ 129.514 252.131 null] >> endobj 2266 0 obj << /D [2243 0 R /XYZ 169.922 252.131 null] >> endobj 2267 0 obj << /D [2243 0 R /XYZ 71.731 237.022 null] >> endobj 2268 0 obj << /D [2243 0 R /XYZ 129.514 221.246 null] >> endobj 2269 0 obj << /D [2243 0 R /XYZ 129.514 221.246 null] >> endobj 2270 0 obj << /D [2243 0 R /XYZ 71.731 219.09 null] >> endobj 2271 0 obj << /D [2243 0 R /XYZ 129.514 203.314 null] >> endobj 2272 0 obj << /D [2243 0 R /XYZ 129.514 203.314 null] >> endobj 2273 0 obj << /D [2243 0 R /XYZ 264.816 203.314 null] >> endobj 2274 0 obj << /D [2243 0 R /XYZ 432.586 203.314 null] >> endobj 2275 0 obj << /D [2243 0 R /XYZ 71.731 188.205 null] >> endobj 2276 0 obj << /D [2243 0 R /XYZ 129.514 172.429 null] >> endobj 2277 0 obj << /D [2243 0 R /XYZ 129.514 172.429 null] >> endobj 2278 0 obj << /D [2243 0 R /XYZ 71.731 170.273 null] >> endobj 2279 0 obj << /D [2243 0 R /XYZ 129.514 154.497 null] >> endobj 2280 0 obj << /D [2243 0 R /XYZ 129.514 154.497 null] >> endobj 2281 0 obj << /D [2243 0 R /XYZ 184.29 154.497 null] >> endobj 2282 0 obj << /D [2243 0 R /XYZ 71.731 152.34 null] >> endobj 2283 0 obj << /D [2243 0 R /XYZ 129.514 136.564 null] >> endobj 2284 0 obj << /D [2243 0 R /XYZ 129.514 136.564 null] >> endobj 2285 0 obj << /D [2243 0 R /XYZ 176.916 136.564 null] >> endobj 2286 0 obj << /D [2243 0 R /XYZ 71.731 121.456 null] >> endobj 2287 0 obj << /D [2243 0 R /XYZ 129.514 105.68 null] >> endobj 2288 0 obj << /D [2243 0 R /XYZ 129.514 105.68 null] >> endobj 2289 0 obj << /D [2243 0 R /XYZ 215.302 105.68 null] >> endobj 2290 0 obj << /D [2243 0 R /XYZ 71.731 103.523 null] >> endobj 2242 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2297 0 obj << /Length 1865 /Filter /FlateDecode >> stream xڥXێ6}W6`sE4mS4MlMY3왚7,KXX87f z)U><0;yG.k;k8^ZO; 1C[rycAͨʙڿ.Zmkkdfpvi4^ӪLE8 Av&nn4$ߐtUypqIv=Βkd1r'~bB#ar%B\\vd_H*2=x#̎v=7#b2([bQfŚ\%+3Oxuaϱw={IV2`ajU6=lڝua1(ueʪoZ#\8G]8+`phQmbp١6>O NAQT\:oIRY5T,AEJ fN`Yl;QKï,CI AcMݱkm!]OCy_%@)SbiE,c}Ч3 0 J^\U=\pO+vA_aP+mCn/]\;  Y OhG5aԅqV0Ab mPZN5ص,G%M3væ1zwN %⺓^UUqul;Sx7=+ Zy;v[kaS[7&fhJ)[ 3Ts1 @` D KmЌ'M{*YK&0rЋYɀټإk{9[Ka:v}]0w@X`/ "BKOPFVOaY;=7 mx-2gWD(IOM Dl>vΠr[oW{ :~`K5S=5EŬmGdXB(3Ȟٛ$5_eRcHIIhKreE :vG{/oB'w-sxkC; ͮaT yS X`rwm5c}`4S>̽PY%/?j\;0#B Oe@ucK('Ƿ\T)AO4%K] * .KP[H>?Is endstream endobj 2296 0 obj << /Type /Page /Contents 2297 0 R /Resources 2295 0 R /MediaBox [0 0 593.051 789.041] /Parent 2291 0 R /Annots [ 2292 0 R 2293 0 R 2294 0 R ] >> endobj 2292 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [275.077 484.195 329.373 495.099] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 2293 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [403.543 484.195 457.839 495.099] /A << /S /GoTo /D (0:CLASSES) >> >> endobj 2294 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [324.77 412.584 371.594 423.368] /A << /S /GoTo /D (0:LOGDEF) >> >> endobj 2298 0 obj << /D [2296 0 R /XYZ -1.269 814.22 null] >> endobj 2299 0 obj << /D [2296 0 R /XYZ 71.731 741.22 null] >> endobj 2300 0 obj << /D [2296 0 R /XYZ 129.514 708.344 null] >> endobj 2301 0 obj << /D [2296 0 R /XYZ 129.514 708.344 null] >> endobj 2302 0 obj << /D [2296 0 R /XYZ 175.631 708.344 null] >> endobj 2303 0 obj << /D [2296 0 R /XYZ 71.731 657.534 null] >> endobj 2304 0 obj << /D [2296 0 R /XYZ 71.731 629.475 null] >> endobj 2305 0 obj << /D [2296 0 R /XYZ 71.731 614.531 null] >> endobj 1065 0 obj << /D [2296 0 R /XYZ 71.731 565.479 null] >> endobj 178 0 obj << /D [2296 0 R /XYZ 519.912 520.225 null] >> endobj 2306 0 obj << /D [2296 0 R /XYZ 71.731 496.47 null] >> endobj 2307 0 obj << /D [2296 0 R /XYZ 202.759 487.348 null] >> endobj 2308 0 obj << /D [2296 0 R /XYZ 363.594 487.348 null] >> endobj 2309 0 obj << /D [2296 0 R /XYZ 71.731 452.315 null] >> endobj 2310 0 obj << /D [2296 0 R /XYZ 137.534 441.52 null] >> endobj 2311 0 obj << /D [2296 0 R /XYZ 255.451 428.569 null] >> endobj 2312 0 obj << /D [2296 0 R /XYZ 214.814 415.617 null] >> endobj 2313 0 obj << /D [2296 0 R /XYZ 71.731 393.655 null] >> endobj 2314 0 obj << /D [2296 0 R /XYZ 71.731 393.655 null] >> endobj 2315 0 obj << /D [2296 0 R /XYZ 71.731 335.129 null] >> endobj 2316 0 obj << /D [2296 0 R /XYZ 176.04 323.961 null] >> endobj 2317 0 obj << /D [2296 0 R /XYZ 119.552 311.01 null] >> endobj 2318 0 obj << /D [2296 0 R /XYZ 300.412 311.01 null] >> endobj 2319 0 obj << /D [2296 0 R /XYZ 179.048 298.058 null] >> endobj 2320 0 obj << /D [2296 0 R /XYZ 71.731 275.976 null] >> endobj 2321 0 obj << /D [2296 0 R /XYZ 71.731 237.122 null] >> endobj 2322 0 obj << /D [2296 0 R /XYZ 71.731 222.178 null] >> endobj 2323 0 obj << /D [2296 0 R /XYZ 300.538 212.678 null] >> endobj 2324 0 obj << /D [2296 0 R /XYZ 71.731 194.154 null] >> endobj 2325 0 obj << /D [2296 0 R /XYZ 197.291 184.385 null] >> endobj 2326 0 obj << /D [2296 0 R /XYZ 76.712 167.747 null] >> endobj 2327 0 obj << /D [2296 0 R /XYZ 71.731 147.822 null] >> endobj 2328 0 obj << /D [2296 0 R /XYZ 233.999 112.853 null] >> endobj 2329 0 obj << /D [2296 0 R /XYZ 360.531 112.853 null] >> endobj 2295 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2332 0 obj << /Length 1423 /Filter /FlateDecode >> stream xڵXKo6W(A[>8]H4(h%,*)_\h|R97sJs~>y;* -&ANy N gW8_Vv7A"~/HeO~&zA"k[nJ9p[zi ?B ^lY` dPLUu5EjPX#Hhs]~qQ*gƥay'd刖 tU_&GlapH-r@'.5AF=9}$ْLacrbOI=.Q"J]ScoxԔۙ Ѭw /MfֻJ`,GزR 9ڬ2kl^:#HY ҇j :< G!ǜ'G l)l~e|õ]7nnCѷ^ lGC:L$-jW8QJ ڒI2GjPJ ԰EtS&M8ThT@?E3=/o 4i^#fy4PSH_ur x+*[Kt^U-DTs~a:g1Ws4rEOgad7qRo$%Ӵ K'{<#= H:efb6e'z܋~.bA;.8,"e-jZȥ_;9IL +> endobj 2333 0 obj << /D [2331 0 R /XYZ -1.269 814.22 null] >> endobj 2334 0 obj << /D [2331 0 R /XYZ 147.507 662.516 null] >> endobj 2335 0 obj << /D [2331 0 R /XYZ 147.507 662.516 null] >> endobj 2336 0 obj << /D [2331 0 R /XYZ 372.925 662.516 null] >> endobj 2337 0 obj << /D [2331 0 R /XYZ 372.925 662.516 null] >> endobj 2338 0 obj << /D [2331 0 R /XYZ 71.731 614.531 null] >> endobj 2339 0 obj << /D [2331 0 R /XYZ 172.861 603.736 null] >> endobj 2340 0 obj << /D [2331 0 R /XYZ 172.861 603.736 null] >> endobj 2341 0 obj << /D [2331 0 R /XYZ 71.731 529.848 null] >> endobj 2342 0 obj << /D [2331 0 R /XYZ 71.731 529.848 null] >> endobj 2343 0 obj << /D [2331 0 R /XYZ 277.567 493.151 null] >> endobj 2344 0 obj << /D [2331 0 R /XYZ 321.442 493.151 null] >> endobj 2345 0 obj << /D [2331 0 R /XYZ 259.854 480.199 null] >> endobj 2346 0 obj << /D [2331 0 R /XYZ 71.731 458.117 null] >> endobj 2347 0 obj << /D [2331 0 R /XYZ 71.731 458.117 null] >> endobj 2348 0 obj << /D [2331 0 R /XYZ 71.731 435.323 null] >> endobj 2330 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F60 1532 0 R /F38 1036 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2351 0 obj << /Length 1005 /Filter /FlateDecode >> stream xڭVo6~_!`/2P%RR[Ӥ uD)ѐwIHfKbR4Co$ T0‚}1ZYBPNI-#?uYE0EvGܬbN*.T]; [PԠHQ0IŹq@\măhdj pgvOE#q=6=jU{؉|tڎ??I;X E_ě/m'*;s9F2w}6Io'ٻ%43Dbjs@sD!’OQ,oKgID?r֎'ݶr21c) j*z{y9w:I%NV]ڭ'r`1f([@> endobj 2352 0 obj << /D [2350 0 R /XYZ -1.269 814.22 null] >> endobj 1066 0 obj << /D [2350 0 R /XYZ 71.731 603.75 null] >> endobj 182 0 obj << /D [2350 0 R /XYZ 156.894 559.876 null] >> endobj 2353 0 obj << /D [2350 0 R /XYZ 71.731 539.736 null] >> endobj 2354 0 obj << /D [2350 0 R /XYZ 71.731 491.966 null] >> endobj 2355 0 obj << /D [2350 0 R /XYZ 71.731 491.966 null] >> endobj 2356 0 obj << /D [2350 0 R /XYZ 193.125 481.172 null] >> endobj 2357 0 obj << /D [2350 0 R /XYZ 71.731 460.031 null] >> endobj 2358 0 obj << /D [2350 0 R /XYZ 71.731 428.27 null] >> endobj 2359 0 obj << /D [2350 0 R /XYZ 71.731 428.27 null] >> endobj 2360 0 obj << /D [2350 0 R /XYZ 180.024 415.418 null] >> endobj 2361 0 obj << /D [2350 0 R /XYZ 226.416 415.418 null] >> endobj 2362 0 obj << /D [2350 0 R /XYZ 71.731 395.314 null] >> endobj 2363 0 obj << /D [2350 0 R /XYZ 325.258 369.59 null] >> endobj 2364 0 obj << /D [2350 0 R /XYZ 71.731 334.557 null] >> endobj 2365 0 obj << /D [2350 0 R /XYZ 276.989 323.762 null] >> endobj 2366 0 obj << /D [2350 0 R /XYZ 71.731 306.661 null] >> endobj 2367 0 obj << /D [2350 0 R /XYZ 71.731 293.71 null] >> endobj 2368 0 obj << /D [2350 0 R /XYZ 139.477 277.934 null] >> endobj 2369 0 obj << /D [2350 0 R /XYZ 139.477 277.934 null] >> endobj 2370 0 obj << /D [2350 0 R /XYZ 213.05 277.934 null] >> endobj 2371 0 obj << /D [2350 0 R /XYZ 71.731 257.829 null] >> endobj 2372 0 obj << /D [2350 0 R /XYZ 71.731 242.9 null] >> endobj 2373 0 obj << /D [2350 0 R /XYZ 71.731 227.956 null] >> endobj 2374 0 obj << /D [2350 0 R /XYZ 71.731 155.991 null] >> endobj 2375 0 obj << /D [2350 0 R /XYZ 71.731 140.883 null] >> endobj 2376 0 obj << /D [2350 0 R /XYZ 139.477 125.107 null] >> endobj 2377 0 obj << /D [2350 0 R /XYZ 139.477 125.107 null] >> endobj 2378 0 obj << /D [2350 0 R /XYZ 199.949 125.107 null] >> endobj 2379 0 obj << /D [2350 0 R /XYZ 246.341 125.107 null] >> endobj 2349 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2382 0 obj << /Length 1445 /Filter /FlateDecode >> stream xڭWnF+$]y)\(HIP"$bbƖ$ PKa,qxec6Y7nL_hDyqm̆\庇C-TXabhCa"9\0Q!\*2oy1šv5鬵>dQ`91A2kwYtrsvB .k^'CζkjpUK9-~Wm!:V["cJTǮ*K[ G 1{Xg@Bp5 A[N(λ=9z)\iSCwTP{}rbZBQnv6 tɱ/6v,8Be`nSiSGQkńg#b1{4ƺ W{ KĜX>,gLIj>V+]vl0%,ѽ) AN Ȥ1=/z?r]ǃ` w|gζ^qUFEEG\7D%4dˁo5f[Y5hsadwi th֋fDq 2P>"<~jQ#7U38oQlţ' \0bɥ u+Jv{Ul@('LmQ'{S= 97(PԳ5vl+s{_b7xP jBʚx؁=-hW/DP/EHj#&ǧ lV7 lv[ \tW1\J^+||JES&6 K'H!So(%nӚrç\vnno>o"(/t9BqBLWu{nC(>q{%. ;_(θWe>Ÿ)#y]3B6[+z7mhH!,A&Yݝnՠ־=7 u\cb!5)͞ )Ʋ$zH;knR ?uIk~|e v2(R6M;)jd$6:W>,/z endstream endobj 2381 0 obj << /Type /Page /Contents 2382 0 R /Resources 2380 0 R /MediaBox [0 0 593.051 789.041] /Parent 2291 0 R >> endobj 2383 0 obj << /D [2381 0 R /XYZ -1.269 814.22 null] >> endobj 2384 0 obj << /D [2381 0 R /XYZ 71.731 718.306 null] >> endobj 2385 0 obj << /D [2381 0 R /XYZ 417.81 708.344 null] >> endobj 2386 0 obj << /D [2381 0 R /XYZ 467.453 708.344 null] >> endobj 2387 0 obj << /D [2381 0 R /XYZ 217.215 695.392 null] >> endobj 2388 0 obj << /D [2381 0 R /XYZ 71.731 632.379 null] >> endobj 2389 0 obj << /D [2381 0 R /XYZ 71.731 617.27 null] >> endobj 2390 0 obj << /D [2381 0 R /XYZ 139.477 601.494 null] >> endobj 2391 0 obj << /D [2381 0 R /XYZ 139.477 601.494 null] >> endobj 2392 0 obj << /D [2381 0 R /XYZ 215.74 601.494 null] >> endobj 2393 0 obj << /D [2381 0 R /XYZ 71.731 579.547 null] >> endobj 2394 0 obj << /D [2381 0 R /XYZ 187.337 555.666 null] >> endobj 2395 0 obj << /D [2381 0 R /XYZ 71.731 553.644 null] >> endobj 2396 0 obj << /D [2381 0 R /XYZ 71.731 538.7 null] >> endobj 2397 0 obj << /D [2381 0 R /XYZ 237.391 517.41 null] >> endobj 2398 0 obj << /D [2381 0 R /XYZ 71.731 454.944 null] >> endobj 2399 0 obj << /D [2381 0 R /XYZ 71.731 441.893 null] >> endobj 2400 0 obj << /D [2381 0 R /XYZ 139.477 424.06 null] >> endobj 2401 0 obj << /D [2381 0 R /XYZ 139.477 424.06 null] >> endobj 2402 0 obj << /D [2381 0 R /XYZ 217.643 424.06 null] >> endobj 2403 0 obj << /D [2381 0 R /XYZ 71.731 402.92 null] >> endobj 2404 0 obj << /D [2381 0 R /XYZ 71.731 356.15 null] >> endobj 2405 0 obj << /D [2381 0 R /XYZ 71.731 297.37 null] >> endobj 2406 0 obj << /D [2381 0 R /XYZ 336.726 286.575 null] >> endobj 2407 0 obj << /D [2381 0 R /XYZ 71.731 249.465 null] >> endobj 2408 0 obj << /D [2381 0 R /XYZ 71.731 236.414 null] >> endobj 2409 0 obj << /D [2381 0 R /XYZ 139.477 218.58 null] >> endobj 2410 0 obj << /D [2381 0 R /XYZ 139.477 218.58 null] >> endobj 2411 0 obj << /D [2381 0 R /XYZ 220.422 218.58 null] >> endobj 2412 0 obj << /D [2381 0 R /XYZ 71.731 218.401 null] >> endobj 2413 0 obj << /D [2381 0 R /XYZ 71.731 203.457 null] >> endobj 2414 0 obj << /D [2381 0 R /XYZ 71.731 154.122 null] >> endobj 2415 0 obj << /D [2381 0 R /XYZ 252.651 141.171 null] >> endobj 2416 0 obj << /D [2381 0 R /XYZ 257.623 128.219 null] >> endobj 2380 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2419 0 obj << /Length 1239 /Filter /FlateDecode >> stream xڥW[o6~ϯ[m fH],,: eXh$"~!-9V$/&-ܿv3:]dVv',#lSvR:O[oTh׵ ιqjJ--/d%z l2a4MBR;7>9w z(-YFf0'nEg9+%$OrP TR:LP+BEDe,wU}GDwI_μ>V-TSJ+ 4ViꔊϷƛU6:t#lq4cc}Lo\WnV.ٽy*&Q6j[VToH9RFԻflGӉ"]ؚp6ĥjJb3kІX!0Q 0m]4Q ?3ֽ҃;*?iz{PG?84Ӽ;x?%n/|_9RO`(+$zXעBWl:t5SPOr8|?؏kbl$r- endstream endobj 2418 0 obj << /Type /Page /Contents 2419 0 R /Resources 2417 0 R /MediaBox [0 0 593.051 789.041] /Parent 2291 0 R >> endobj 2420 0 obj << /D [2418 0 R /XYZ -1.269 814.22 null] >> endobj 2421 0 obj << /D [2418 0 R /XYZ 71.731 718.306 null] >> endobj 2422 0 obj << /D [2418 0 R /XYZ 71.731 708.244 null] >> endobj 2423 0 obj << /D [2418 0 R /XYZ 139.477 690.411 null] >> endobj 2424 0 obj << /D [2418 0 R /XYZ 139.477 690.411 null] >> endobj 2425 0 obj << /D [2418 0 R /XYZ 214.325 690.411 null] >> endobj 2426 0 obj << /D [2418 0 R /XYZ 71.731 690.232 null] >> endobj 2427 0 obj << /D [2418 0 R /XYZ 71.731 675.288 null] >> endobj 2428 0 obj << /D [2418 0 R /XYZ 71.731 625.953 null] >> endobj 2429 0 obj << /D [2418 0 R /XYZ 327.361 613.001 null] >> endobj 2430 0 obj << /D [2418 0 R /XYZ 342.852 600.05 null] >> endobj 2431 0 obj << /D [2418 0 R /XYZ 71.731 575.89 null] >> endobj 2432 0 obj << /D [2418 0 R /XYZ 71.731 560.782 null] >> endobj 2433 0 obj << /D [2418 0 R /XYZ 139.477 545.006 null] >> endobj 2434 0 obj << /D [2418 0 R /XYZ 139.477 545.006 null] >> endobj 2435 0 obj << /D [2418 0 R /XYZ 71.731 524.961 null] >> endobj 2436 0 obj << /D [2418 0 R /XYZ 342.155 486.227 null] >> endobj 2437 0 obj << /D [2418 0 R /XYZ 423.329 486.227 null] >> endobj 2438 0 obj << /D [2418 0 R /XYZ 71.731 462.067 null] >> endobj 2439 0 obj << /D [2418 0 R /XYZ 71.731 446.959 null] >> endobj 2440 0 obj << /D [2418 0 R /XYZ 139.477 431.183 null] >> endobj 2441 0 obj << /D [2418 0 R /XYZ 139.477 431.183 null] >> endobj 2442 0 obj << /D [2418 0 R /XYZ 202.709 431.183 null] >> endobj 2443 0 obj << /D [2418 0 R /XYZ 71.731 409.235 null] >> endobj 2444 0 obj << /D [2418 0 R /XYZ 71.731 348.244 null] >> endobj 2445 0 obj << /D [2418 0 R /XYZ 71.731 335.193 null] >> endobj 2446 0 obj << /D [2418 0 R /XYZ 139.477 317.36 null] >> endobj 2447 0 obj << /D [2418 0 R /XYZ 139.477 317.36 null] >> endobj 2448 0 obj << /D [2418 0 R /XYZ 200.318 317.36 null] >> endobj 2449 0 obj << /D [2418 0 R /XYZ 71.731 297.255 null] >> endobj 2450 0 obj << /D [2418 0 R /XYZ 139.477 271.532 null] >> endobj 2451 0 obj << /D [2418 0 R /XYZ 71.731 247.372 null] >> endobj 2452 0 obj << /D [2418 0 R /XYZ 71.731 232.264 null] >> endobj 2453 0 obj << /D [2418 0 R /XYZ 139.477 216.488 null] >> endobj 2454 0 obj << /D [2418 0 R /XYZ 139.477 216.488 null] >> endobj 2455 0 obj << /D [2418 0 R /XYZ 199.392 216.488 null] >> endobj 2456 0 obj << /D [2418 0 R /XYZ 71.731 196.384 null] >> endobj 2417 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2459 0 obj << /Length 1221 /Filter /FlateDecode >> stream xڵW[o6~ϯZd]vkl10mQesDMx#[t+bRҹ;vl,"#g9(\8Gwqr!C< Yy cS/xi>̬9zxnX6/3IFlQQx{Q!jMM.YSc -eҞEOmq-Ta,U҈zHb#FsuH%Zp lG86/6TkY}nVAԚ/ڰAer9ط=aBZG޳RgrǩyȎVsHR7)WH [ɦ~8`K(ktDŽbmJ+ү[A "5dNiO8ٮIS3FZp!!h'Rx `b6hu?pcl1 .dSC!ޟI~sݵ:T4IB7+$+t)Ac"JTAk**93,\B$)ZH*d1$c$7փ!y7)`a? {h/GXhAG.CX=zy<=CxS=]ɠ *ɔ^$Į7v'v3Pt\;R6{dk٭R-#e^Fe GJ(cv]al㿼'0~mJNfK,7x*gRipϩbEk隁J6vw#.X\\-y=85o?ˋ#xJ[K\GY&@)vLšSuzC ^/fp"ՀVߋ}ÿ_?QOn\.: endstream endobj 2458 0 obj << /Type /Page /Contents 2459 0 R /Resources 2457 0 R /MediaBox [0 0 593.051 789.041] /Parent 2490 0 R >> endobj 2460 0 obj << /D [2458 0 R /XYZ -1.269 814.22 null] >> endobj 2461 0 obj << /D [2458 0 R /XYZ 71.731 718.306 null] >> endobj 2462 0 obj << /D [2458 0 R /XYZ 71.731 706.187 null] >> endobj 2463 0 obj << /D [2458 0 R /XYZ 139.477 690.411 null] >> endobj 2464 0 obj << /D [2458 0 R /XYZ 139.477 690.411 null] >> endobj 2465 0 obj << /D [2458 0 R /XYZ 191.103 690.411 null] >> endobj 2466 0 obj << /D [2458 0 R /XYZ 71.731 668.463 null] >> endobj 2467 0 obj << /D [2458 0 R /XYZ 71.731 607.472 null] >> endobj 2468 0 obj << /D [2458 0 R /XYZ 71.731 592.364 null] >> endobj 2469 0 obj << /D [2458 0 R /XYZ 139.477 576.588 null] >> endobj 2470 0 obj << /D [2458 0 R /XYZ 139.477 576.588 null] >> endobj 2471 0 obj << /D [2458 0 R /XYZ 197.18 576.588 null] >> endobj 2472 0 obj << /D [2458 0 R /XYZ 71.731 554.64 null] >> endobj 2473 0 obj << /D [2458 0 R /XYZ 163.816 543.711 null] >> endobj 2474 0 obj << /D [2458 0 R /XYZ 71.731 480.697 null] >> endobj 2475 0 obj << /D [2458 0 R /XYZ 71.731 467.646 null] >> endobj 2476 0 obj << /D [2458 0 R /XYZ 139.477 449.813 null] >> endobj 2477 0 obj << /D [2458 0 R /XYZ 139.477 449.813 null] >> endobj 2478 0 obj << /D [2458 0 R /XYZ 208.248 449.813 null] >> endobj 2479 0 obj << /D [2458 0 R /XYZ 71.731 428.673 null] >> endobj 2480 0 obj << /D [2458 0 R /XYZ 163.816 416.936 null] >> endobj 2481 0 obj << /D [2458 0 R /XYZ 71.731 379.826 null] >> endobj 2482 0 obj << /D [2458 0 R /XYZ 71.731 364.717 null] >> endobj 2483 0 obj << /D [2458 0 R /XYZ 139.477 348.941 null] >> endobj 2484 0 obj << /D [2458 0 R /XYZ 139.477 348.941 null] >> endobj 2485 0 obj << /D [2458 0 R /XYZ 196.971 348.941 null] >> endobj 2486 0 obj << /D [2458 0 R /XYZ 71.731 327.801 null] >> endobj 2487 0 obj << /D [2458 0 R /XYZ 71.731 264.01 null] >> endobj 2488 0 obj << /D [2458 0 R /XYZ 71.731 264.01 null] >> endobj 2489 0 obj << /D [2458 0 R /XYZ 71.731 239.059 null] >> endobj 2457 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2495 0 obj << /Length 1449 /Filter /FlateDecode >> stream xڕXnF}WC$bxuypԎI"ÒI*wiG^vs˙93gF'I8$l2^NIe8Xd[L>M쨡4.sEi. wYYN{rr^rAqz /opF˅A10Hk,4\{T(jPv7G] ^.|1d'7&p^.xC:N0((whҬgtKL=^|Zֳ#\ BDa4«mN2҂ʲB' Y%n"Xѵzچp4c@): 0x\h\}ISgtm1.&JɅKQ'CBtC]UpڟFrҚg&,Ne:*UF%~ gq:}߳z@ӎwdeA ;ǦNJCq"+tN Q A98}HC[vZE()`s}Y49lsbΔM ‰\}]Ffksj"++t 胬G _?^o-w]bTZXA%kzE)3LA;|x?(^W~e%\6 8Ztdk,c{ 7x#Z_ΊƂko`GOp<4$dta3X@ɿ<;+YN=DZgƲF<QRwgT4~ˁ6nKgci5Z>iÔ!)P6Ð[umvfLA S;#>|^+٪JnBF1@hr![j{׾ֵZZ :Z0pWA<\i%}YEN MmVǦ ]--ެyL[wRŠBճ+-VQ+t-D(?u7ä+T7I$7+wQ|?,] 7%RD̬Rp٨rx )ymꑡG>!TR#F!D_GׇE*kGURPק~4IM$4+aM? $x\ endstream endobj 2494 0 obj << /Type /Page /Contents 2495 0 R /Resources 2493 0 R /MediaBox [0 0 593.051 789.041] /Parent 2490 0 R /Annots [ 2491 0 R 2492 0 R ] >> endobj 2491 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 218.795 165.379 229.699] /A << /S /GoTo /D (0:CONFIGFACILITY) >> >> endobj 2492 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [121.873 147.437 173.678 157.968] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 2496 0 obj << /D [2494 0 R /XYZ -1.269 814.22 null] >> endobj 2497 0 obj << /D [2494 0 R /XYZ 71.731 741.22 null] >> endobj 2498 0 obj << /D [2494 0 R /XYZ 71.731 462.181 null] >> endobj 186 0 obj << /D [2494 0 R /XYZ 381.337 424.189 null] >> endobj 2499 0 obj << /D [2494 0 R /XYZ 71.731 401.072 null] >> endobj 2500 0 obj << /D [2494 0 R /XYZ 119.552 378.361 null] >> endobj 2501 0 obj << /D [2494 0 R /XYZ 336.924 365.41 null] >> endobj 2502 0 obj << /D [2494 0 R /XYZ 71.731 330.376 null] >> endobj 2503 0 obj << /D [2494 0 R /XYZ 215.57 306.63 null] >> endobj 2504 0 obj << /D [2494 0 R /XYZ 181.001 293.679 null] >> endobj 2505 0 obj << /D [2494 0 R /XYZ 71.731 245.694 null] >> endobj 2506 0 obj << /D [2494 0 R /XYZ 388.361 208.996 null] >> endobj 2507 0 obj << /D [2494 0 R /XYZ 71.731 186.914 null] >> endobj 2493 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2512 0 obj << /Length 1464 /Filter /FlateDecode >> stream xڝWn8}W*DQ MxKX(6e%WCYrbpngxD}@m"bJ2$]M~T^yOA&"&RF`mu㼱&:AVMٙߐoMQ`:@0}uUGPƄg NV;mjCDbG|fMJy"ƀo}CfR]$ $IDBhenh^ݯ?„;ެ>mWϸdp;\$P'FDU_W73jFPE؀y SٛЇlL'C",mN2F8ZӑT8ռrO׎f1hYy[%]sΫJ#`-NW dBqzOMm@P뙌jZDg8|4ɤ!,^x_W.)39 Qǝ4p[0+M4;eO^FUݸwe~:ԷZ7mBac*ُP9hS8i඄v7 5ctqY|_08,` #Q&lN`{\SBɲ(hTP,ъXLR05d^ 7iJ"1M5Ytf*8'FS~6j^RF0ҽ$y0DDDFt.Ԩ͠DOnU.m;SmF:΃l32è+Wr,^UZgo8Nl~hzP#/BhC^KIO&ֺw?L&ϩQO3N35L[qQW9 ޝF `{λGTj32ݨ|ҁpUeu2#109}r$ ɈED"U%w~23X©,_jvcB})MtJ2psDk2FkoK]`N%G Z{X{JutCHkfB{2ȈsG)9֞*on:PdYbYN `ݜ]}nmX1w#(єDsT 0ph?/ܑ @2e;;7 *u &Z.;U͘lg32Je8]CַH" t>d&_MK3RFtG`@  $'0] endstream endobj 2511 0 obj << /Type /Page /Contents 2512 0 R /Resources 2510 0 R /MediaBox [0 0 593.051 789.041] /Parent 2490 0 R /Annots [ 2508 0 R 2509 0 R ] >> endobj 2508 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [362.646 359.943 414.482 370.525] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 2509 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [185.814 316.813 237.65 327.287] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 2513 0 obj << /D [2511 0 R /XYZ -1.269 814.22 null] >> endobj 2514 0 obj << /D [2511 0 R /XYZ 71.731 741.22 null] >> endobj 2515 0 obj << /D [2511 0 R /XYZ 71.731 718.306 null] >> endobj 2516 0 obj << /D [2511 0 R /XYZ 174.325 695.392 null] >> endobj 2517 0 obj << /D [2511 0 R /XYZ 377.551 695.392 null] >> endobj 2518 0 obj << /D [2511 0 R /XYZ 71.731 639.502 null] >> endobj 2519 0 obj << /D [2511 0 R /XYZ 71.731 546.212 null] >> endobj 2520 0 obj << /D [2511 0 R /XYZ 71.731 526.287 null] >> endobj 2521 0 obj << /D [2511 0 R /XYZ 230.655 514.77 null] >> endobj 2522 0 obj << /D [2511 0 R /XYZ 71.731 496.245 null] >> endobj 2523 0 obj << /D [2511 0 R /XYZ 71.731 496.245 null] >> endobj 2524 0 obj << /D [2511 0 R /XYZ 191.293 486.476 null] >> endobj 2525 0 obj << /D [2511 0 R /XYZ 71.731 480.401 null] >> endobj 2526 0 obj << /D [2511 0 R /XYZ 139.477 458.182 null] >> endobj 2527 0 obj << /D [2511 0 R /XYZ 76.712 441.544 null] >> endobj 2528 0 obj << /D [2511 0 R /XYZ 166.376 386.068 null] >> endobj 2529 0 obj << /D [2511 0 R /XYZ 166.376 341.014 null] >> endobj 1067 0 obj << /D [2511 0 R /XYZ 71.731 291.657 null] >> endobj 190 0 obj << /D [2511 0 R /XYZ 166.449 253.271 null] >> endobj 2530 0 obj << /D [2511 0 R /XYZ 71.731 229.516 null] >> endobj 2531 0 obj << /D [2511 0 R /XYZ 71.731 229.516 null] >> endobj 2532 0 obj << /D [2511 0 R /XYZ 71.731 214.572 null] >> endobj 2533 0 obj << /D [2511 0 R /XYZ 71.731 205.351 null] >> endobj 2534 0 obj << /D [2511 0 R /XYZ 139.477 187.518 null] >> endobj 2535 0 obj << /D [2511 0 R /XYZ 139.477 187.518 null] >> endobj 2536 0 obj << /D [2511 0 R /XYZ 198.096 187.518 null] >> endobj 2537 0 obj << /D [2511 0 R /XYZ 71.731 167.414 null] >> endobj 2538 0 obj << /D [2511 0 R /XYZ 442.746 154.641 null] >> endobj 2539 0 obj << /D [2511 0 R /XYZ 487.03 154.641 null] >> endobj 2540 0 obj << /D [2511 0 R /XYZ 387.006 141.69 null] >> endobj 2510 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F55 1479 0 R /F48 1347 0 R /F60 1532 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2545 0 obj << /Length 1856 /Filter /FlateDecode >> stream xڥXY6~_a%6> @flIPp%fW&]w((m/3|PjV^NU")V7UEU&ʓM~y'If:C%g(ٟ&XR z?Pw/7]D"&I⨄ QHNX`IfIeE1(ar[eqjc}Z꺈VL+25QR%0WaDfV!Zz{=j;&-פ# {̤`)۞{@kd6Ei4lgQ rBZH?X|M6XCD _籶Ѧ 3- QQ[hGS]U)!xDXKZ;$J4+!6wԔ ,.eep m\8V_lu$ *MsAOڏzު@Eل ؟jEcoMdj;i0ũ 1_?* W>WX\-(O^XS/4:x|`6M1KxaIDՅ;{Rj}nJSȦv)0;J{ip% vdm-ĕ](&T>U}zc#G,b#a:N;f74Q֮YMx77I6 wM %Py4:| *9{.6ĘrT̹% >5ݹ<$qIڏs{ 6tT4q~w@B(C' ɦz= п󒸛yCG#E(|b\$>t,[@ɢu@v{z$Xsw4a NYK=nҖH EXkWT&JkG?LͰh[7f~ tz AǺò> endobj 2541 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [292.602 484.818 333.965 495.292] /A << /S /GoTo /D (0:STEALTHMODE) >> >> endobj 2542 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [137.086 266.964 196.363 277.868] /A << /S /GoTo /D (0:DEFTRUST) >> >> endobj 2546 0 obj << /D [2544 0 R /XYZ -1.269 814.22 null] >> endobj 2547 0 obj << /D [2544 0 R /XYZ 71.731 741.22 null] >> endobj 2548 0 obj << /D [2544 0 R /XYZ 71.731 718.306 null] >> endobj 2549 0 obj << /D [2544 0 R /XYZ 71.731 706.187 null] >> endobj 2550 0 obj << /D [2544 0 R /XYZ 139.477 690.411 null] >> endobj 2551 0 obj << /D [2544 0 R /XYZ 139.477 690.411 null] >> endobj 2552 0 obj << /D [2544 0 R /XYZ 218.759 690.411 null] >> endobj 2011 0 obj << /D [2544 0 R /XYZ 76.712 612.453 null] >> endobj 194 0 obj << /D [2544 0 R /XYZ 345.974 573.081 null] >> endobj 2553 0 obj << /D [2544 0 R /XYZ 71.731 549.964 null] >> endobj 2554 0 obj << /D [2544 0 R /XYZ 206.166 540.204 null] >> endobj 2555 0 obj << /D [2544 0 R /XYZ 376.197 540.204 null] >> endobj 2556 0 obj << /D [2544 0 R /XYZ 306.867 527.253 null] >> endobj 2557 0 obj << /D [2544 0 R /XYZ 454.074 527.253 null] >> endobj 2558 0 obj << /D [2544 0 R /XYZ 71.731 512.145 null] >> endobj 2559 0 obj << /D [2544 0 R /XYZ 71.731 497.201 null] >> endobj 2560 0 obj << /D [2544 0 R /XYZ 414.211 476.045 null] >> endobj 2561 0 obj << /D [2544 0 R /XYZ 139.477 464.389 null] >> endobj 2562 0 obj << /D [2544 0 R /XYZ 71.731 426.531 null] >> endobj 2563 0 obj << /D [2544 0 R /XYZ 384.376 413.579 null] >> endobj 2564 0 obj << /D [2544 0 R /XYZ 119.552 387.676 null] >> endobj 2565 0 obj << /D [2544 0 R /XYZ 71.731 365.594 null] >> endobj 2566 0 obj << /D [2544 0 R /XYZ 139.756 341.848 null] >> endobj 2567 0 obj << /D [2544 0 R /XYZ 219.038 341.848 null] >> endobj 2568 0 obj << /D [2544 0 R /XYZ 71.731 294.237 null] >> endobj 2569 0 obj << /D [2544 0 R /XYZ 330.19 270.117 null] >> endobj 2570 0 obj << /D [2544 0 R /XYZ 172.303 257.166 null] >> endobj 2571 0 obj << /D [2544 0 R /XYZ 222.674 257.166 null] >> endobj 2572 0 obj << /D [2544 0 R /XYZ 71.731 235.084 null] >> endobj 2573 0 obj << /D [2544 0 R /XYZ 359.2 224.289 null] >> endobj 2574 0 obj << /D [2544 0 R /XYZ 119.552 211.337 null] >> endobj 2575 0 obj << /D [2544 0 R /XYZ 71.731 176.304 null] >> endobj 2543 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F50 1352 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2580 0 obj << /Length 1777 /Filter /FlateDecode >> stream xڝXmo6_o&I5˰P@K-D<$˿ߑ<ŖbSw{#u7i=[޺8pk\uH;:v|:}W_)uvm`7YYVNˊ~IgM&ŷ3l`80#>ЋxK1B!mz5vO53T:%!lF[tszX_nnkn3zA5߉ѧpz_>|ԋdϫ^/MJ~8~;{^qdvoJL-zY^zv_MӮZ:1aA`.#~([UY#FgQe`h H PxsXA5D`;=Q74Bbe؋Pa!JrmA"A۶H%R*tׁfPBCb$]vۄ  Yl<R (qGW[oEX^DtzCw858Rw#~bM52Mqq 8J EOꝫEN:JL.)? F4*D% L,NBӦgCՁQQ>=A3 8'?* M_+lfEOWL2 l˜iV7%S( Lw*Jl31/Ŗ Az2XH+pv6 0ߛNKJ3ntB8@qSzGQ= fA;G~"u/>\ p@N)du"s,:,3@vH# ڥtb$ jG 6c7'^mQь+ZݔoMJKL`:iDJaܥ]Stڒ]y]_U{q>ݯAN }JD P< endstream endobj 2579 0 obj << /Type /Page /Contents 2580 0 R /Resources 2578 0 R /MediaBox [0 0 593.051 789.041] /Parent 2490 0 R /Annots [ 2576 0 R 2577 0 R ] >> endobj 2576 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [362.646 355.46 414.482 366.042] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 2577 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [185.814 312.33 237.65 322.804] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 2581 0 obj << /D [2579 0 R /XYZ -1.269 814.22 null] >> endobj 2582 0 obj << /D [2579 0 R /XYZ 71.731 718.306 null] >> endobj 2583 0 obj << /D [2579 0 R /XYZ 71.731 604.992 null] >> endobj 2584 0 obj << /D [2579 0 R /XYZ 71.731 585.067 null] >> endobj 2585 0 obj << /D [2579 0 R /XYZ 230.655 573.549 null] >> endobj 2586 0 obj << /D [2579 0 R /XYZ 71.731 566.573 null] >> endobj 2587 0 obj << /D [2579 0 R /XYZ 71.731 566.573 null] >> endobj 2588 0 obj << /D [2579 0 R /XYZ 189.302 556.912 null] >> endobj 2589 0 obj << /D [2579 0 R /XYZ 71.731 550.837 null] >> endobj 2590 0 obj << /D [2579 0 R /XYZ 250.838 528.618 null] >> endobj 2591 0 obj << /D [2579 0 R /XYZ 71.731 509.985 null] >> endobj 2592 0 obj << /D [2579 0 R /XYZ 424.487 488.668 null] >> endobj 2593 0 obj << /D [2579 0 R /XYZ 236.976 477.011 null] >> endobj 2594 0 obj << /D [2579 0 R /XYZ 451.045 465.355 null] >> endobj 2595 0 obj << /D [2579 0 R /XYZ 76.712 437.061 null] >> endobj 2596 0 obj << /D [2579 0 R /XYZ 166.376 381.584 null] >> endobj 2597 0 obj << /D [2579 0 R /XYZ 166.376 336.531 null] >> endobj 1068 0 obj << /D [2579 0 R /XYZ 71.731 287.174 null] >> endobj 198 0 obj << /D [2579 0 R /XYZ 193.425 248.788 null] >> endobj 2598 0 obj << /D [2579 0 R /XYZ 71.731 225.033 null] >> endobj 2599 0 obj << /D [2579 0 R /XYZ 71.731 225.033 null] >> endobj 2600 0 obj << /D [2579 0 R /XYZ 71.731 210.089 null] >> endobj 2601 0 obj << /D [2579 0 R /XYZ 71.731 200.868 null] >> endobj 2602 0 obj << /D [2579 0 R /XYZ 139.477 183.035 null] >> endobj 2603 0 obj << /D [2579 0 R /XYZ 139.477 183.035 null] >> endobj 2604 0 obj << /D [2579 0 R /XYZ 203.058 183.035 null] >> endobj 2605 0 obj << /D [2579 0 R /XYZ 71.731 161.087 null] >> endobj 2606 0 obj << /D [2579 0 R /XYZ 71.731 135.05 null] >> endobj 2607 0 obj << /D [2579 0 R /XYZ 71.731 120.106 null] >> endobj 2578 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F55 1479 0 R /F48 1347 0 R /F60 1532 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2611 0 obj << /Length 1301 /Filter /FlateDecode >> stream xڍWMo8WhM}ˇ]M,fzO%"BZ#ԗ˒{3F9:fmc?vv'1>J#η]AjEGx"}wc۬hE~!ëUG@2ƙbTu#7}y8q [m)WwǶF6ӑMz B_k/]uoCa- eC8gfʥ^<۬v;D`q@#=lڏV rȞHswhD9[ idF0 z>Fp^WWVecl^.Ө4X68ukJKIIe^XcoM!M p(cŒ?P͞@H'KbCOm3OZ49[Hfˇ.jPykc-2(XMI-)i)M.Mꪶj4SsƇC O7qKRz}*)-E$}Ui:MɕS9%beo(*i„g 0r[qO)dfk[6CkšG_b0χEZ_`͐LP96%mK[P v0f\W9S60 h8(k9Evn,YCMte1oӤy^dX]?`%P J}]JQb "\MGYJ[C\ڌT=!^}btM;AoFRY뀰ynZ6OYYsZY&dRhlR!lECs/:?7=db1,] &a)8Evg#ฌ3cʄҍ_/,447Ų6Sm f$V"ZHiYMiڪ&rR/46xpi߲79}do"'[!(a391T ʄd̪vAA @8 j珻/_>/x׊*@B{q _%DQfc3Miï*F;<_8RieaUۜnj 3EMd< PB)ĥ7z[f endstream endobj 2610 0 obj << /Type /Page /Contents 2611 0 R /Resources 2609 0 R /MediaBox [0 0 593.051 789.041] /Parent 2490 0 R /Annots [ 2608 0 R ] >> endobj 2608 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [234.081 252.444 275.087 263.348] /A << /S /GoTo /D (0:EXTERN) >> >> endobj 2612 0 obj << /D [2610 0 R /XYZ -1.269 814.22 null] >> endobj 2613 0 obj << /D [2610 0 R /XYZ 71.731 675.467 null] >> endobj 2614 0 obj << /D [2610 0 R /XYZ 71.731 660.359 null] >> endobj 2615 0 obj << /D [2610 0 R /XYZ 139.477 644.583 null] >> endobj 2616 0 obj << /D [2610 0 R /XYZ 139.477 644.583 null] >> endobj 2617 0 obj << /D [2610 0 R /XYZ 193.673 644.583 null] >> endobj 2618 0 obj << /D [2610 0 R /XYZ 71.731 624.478 null] >> endobj 2619 0 obj << /D [2610 0 R /XYZ 76.712 553.674 null] >> endobj 202 0 obj << /D [2610 0 R /XYZ 206.474 514.301 null] >> endobj 2620 0 obj << /D [2610 0 R /XYZ 71.731 494.197 null] >> endobj 2621 0 obj << /D [2610 0 R /XYZ 409.701 468.473 null] >> endobj 2622 0 obj << /D [2610 0 R /XYZ 339.823 429.619 null] >> endobj 2623 0 obj << /D [2610 0 R /XYZ 71.731 396.643 null] >> endobj 1069 0 obj << /D [2610 0 R /XYZ 71.731 346.58 null] >> endobj 206 0 obj << /D [2610 0 R /XYZ 246.843 301.426 null] >> endobj 2624 0 obj << /D [2610 0 R /XYZ 71.731 281.285 null] >> endobj 2625 0 obj << /D [2610 0 R /XYZ 71.731 281.285 null] >> endobj 1070 0 obj << /D [2610 0 R /XYZ 71.731 252.195 null] >> endobj 210 0 obj << /D [2610 0 R /XYZ 173.146 209.098 null] >> endobj 2626 0 obj << /D [2610 0 R /XYZ 71.731 188.957 null] >> endobj 2627 0 obj << /D [2610 0 R /XYZ 156.074 163.27 null] >> endobj 2628 0 obj << /D [2610 0 R /XYZ 225.533 163.27 null] >> endobj 2629 0 obj << /D [2610 0 R /XYZ 119.552 150.318 null] >> endobj 2630 0 obj << /D [2610 0 R /XYZ 292.302 150.318 null] >> endobj 2631 0 obj << /D [2610 0 R /XYZ 119.552 137.367 null] >> endobj 2609 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2634 0 obj << /Length 1603 /Filter /FlateDecode >> stream xXM6bH}+E/ I:" MDeI]wR,c/k3y!/ ͛p< z#Β8_a8X/weAWwu`j=^w[֞૽=N*Ud}[zB@0SD,'V}BKd۪:=-*kuS])oR6rId9x_|P}7v=YNnG|zzkNY/[etu)5 _d&8`i [6r&0[7AbsC>9]Lzg|2v\;5MrK$<6RAmhXiy6O煟,R_Uq[Q+%, b <FSx, @/! [Q1a?HXB>"6fT^:FaCrEOz<5E[]}8Z \ﯽ# $3z \늽]M;^df JPVKd9-"e:(YiDE,'vZYsTeCMtw׏s$MY24!&`ZIeKA:jczN•ݜ6ë\s4^7'kyfUF](b<ʧ\jc "Ocy~u}&!CNΠPIyYJd RɪwPs6/Hgؚ5ebD Al2/Ǜ9PKʾ#<8=[l+'TN.P,6W@3z|$ڂ{te]Rn~('*$3x9CZm^sWߩ/ ~dJ| Әx(T5rg(`$F,^hyIͳaua+P0|eJG)l["NF˅IN٪r} C:)gikl=5u|]& &kp@[zH.I]ܚA1S缦}}L)Fn|qCj\5$Ewؙ\=tֶ׿VK:pÔ !&@ծЅW{y`iis#0TbH8ޅ0 ͩЗؒ)6ks1+ ^];]^, *qTnM:gÕl[ww\/w1]a>OWNU KWH]06t;G׵3.5 %Efs7[iZiϚ}☌R8%-2ca6Yqc endstream endobj 2633 0 obj << /Type /Page /Contents 2634 0 R /Resources 2632 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2635 0 obj << /D [2633 0 R /XYZ -1.269 814.22 null] >> endobj 2636 0 obj << /D [2633 0 R /XYZ 71.731 741.22 null] >> endobj 2637 0 obj << /D [2633 0 R /XYZ 71.731 718.306 null] >> endobj 2638 0 obj << /D [2633 0 R /XYZ 309.358 708.344 null] >> endobj 2639 0 obj << /D [2633 0 R /XYZ 119.552 695.392 null] >> endobj 2640 0 obj << /D [2633 0 R /XYZ 172.273 695.392 null] >> endobj 2641 0 obj << /D [2633 0 R /XYZ 205.877 682.441 null] >> endobj 2642 0 obj << /D [2633 0 R /XYZ 71.731 680.284 null] >> endobj 2643 0 obj << /D [2633 0 R /XYZ 71.731 665.34 null] >> endobj 2644 0 obj << /D [2633 0 R /XYZ 306.386 655.841 null] >> endobj 2645 0 obj << /D [2633 0 R /XYZ 360.946 655.841 null] >> endobj 2646 0 obj << /D [2633 0 R /XYZ 296.907 632.528 null] >> endobj 2647 0 obj << /D [2633 0 R /XYZ 357.321 632.528 null] >> endobj 2648 0 obj << /D [2633 0 R /XYZ 403.637 632.528 null] >> endobj 1071 0 obj << /D [2633 0 R /XYZ 71.731 592.976 null] >> endobj 214 0 obj << /D [2633 0 R /XYZ 168.377 547.722 null] >> endobj 2649 0 obj << /D [2633 0 R /XYZ 71.731 547.507 null] >> endobj 2650 0 obj << /D [2633 0 R /XYZ 71.731 532.563 null] >> endobj 2651 0 obj << /D [2633 0 R /XYZ 426.039 521.122 null] >> endobj 2652 0 obj << /D [2633 0 R /XYZ 76.712 492.828 null] >> endobj 2653 0 obj << /D [2633 0 R /XYZ 71.731 472.903 null] >> endobj 2654 0 obj << /D [2633 0 R /XYZ 71.731 376.763 null] >> endobj 2655 0 obj << /D [2633 0 R /XYZ 71.731 376.763 null] >> endobj 2656 0 obj << /D [2633 0 R /XYZ 71.731 356.838 null] >> endobj 2657 0 obj << /D [2633 0 R /XYZ 71.731 343.787 null] >> endobj 2658 0 obj << /D [2633 0 R /XYZ 139.477 325.954 null] >> endobj 2659 0 obj << /D [2633 0 R /XYZ 139.477 325.954 null] >> endobj 2660 0 obj << /D [2633 0 R /XYZ 206.226 325.954 null] >> endobj 2661 0 obj << /D [2633 0 R /XYZ 71.731 304.813 null] >> endobj 2662 0 obj << /D [2633 0 R /XYZ 71.731 268.918 null] >> endobj 2663 0 obj << /D [2633 0 R /XYZ 71.731 253.809 null] >> endobj 2664 0 obj << /D [2633 0 R /XYZ 139.477 238.033 null] >> endobj 2665 0 obj << /D [2633 0 R /XYZ 139.477 238.033 null] >> endobj 2666 0 obj << /D [2633 0 R /XYZ 226.281 238.033 null] >> endobj 2667 0 obj << /D [2633 0 R /XYZ 71.731 216.086 null] >> endobj 2668 0 obj << /D [2633 0 R /XYZ 71.731 180.997 null] >> endobj 2669 0 obj << /D [2633 0 R /XYZ 71.731 165.889 null] >> endobj 2670 0 obj << /D [2633 0 R /XYZ 139.477 150.113 null] >> endobj 2671 0 obj << /D [2633 0 R /XYZ 139.477 150.113 null] >> endobj 2672 0 obj << /D [2633 0 R /XYZ 226.281 150.113 null] >> endobj 2673 0 obj << /D [2633 0 R /XYZ 71.731 128.165 null] >> endobj 2632 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2677 0 obj << /Length 1479 /Filter /FlateDecode >> stream xX[o6~ϯ0@Đ؊f݀ ꗡcіY$9Yw(ʔnP/D|߹. m.RF_GJخ\+Cϲ^1jowj[E_niEE@ ip1"ibx;lV sx%<\.Ei+,OS$2"on#H@B$ T >._֚g**<7 ql%nrm\#efA5ƵШm?+ɮ^)n,HG*iwGu,]kc0NRɬ)ֶ;uۂF" clط>ys/Ad %9܂ KGnna&H("nAD&&ARŒ8qd][UeAYTڮԍIsxƮ.!ݏcBi3M3y F[ -[One%cY8|W\)v g 4t0^W@4nϠ~U5 E;z\TF:>,I*6)@*H#澼bܠz3rXHI31J8qT* pHTT)@qBt×kZAQA~Pu #>LpAuu G< B9՝xH>%^Y0V.e팙RW+wy)>uoMSo46?~1 t | K(+u (!,:%:C@JDZ3@j, SM*bl? һ1`ޱ  7̀1朵!1U9mæۅS&!x^]okS? F)`켶;p8`;Až(K y[s3û|+W~nƛ0e=:54ą$P`aW7!6`>Πޑ趟[t?qR(Umi`Y9@$V7K. $2F^L,IW*S}1D7ѩP55~kA|TcxgIL8@9 4_bKaK1r63|wJDI!_P3F";~ g722\a㒝%ɨ;@\AY<=UcjAN BT@"dX0.fW5Zn}ͼ_`UCKvk7숉2C桄GrSgn ^҉-|S|1bQ*ѨFu#Y?`ބu !Bq`rMFN\ b endstream endobj 2676 0 obj << /Type /Page /Contents 2677 0 R /Resources 2675 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2678 0 obj << /D [2676 0 R /XYZ -1.269 814.22 null] >> endobj 2679 0 obj << /D [2676 0 R /XYZ 71.731 718.306 null] >> endobj 2680 0 obj << /D [2676 0 R /XYZ 71.731 706.187 null] >> endobj 2681 0 obj << /D [2676 0 R /XYZ 139.477 690.411 null] >> endobj 2682 0 obj << /D [2676 0 R /XYZ 139.477 690.411 null] >> endobj 2683 0 obj << /D [2676 0 R /XYZ 244.791 690.411 null] >> endobj 2684 0 obj << /D [2676 0 R /XYZ 71.731 620.423 null] >> endobj 2685 0 obj << /D [2676 0 R /XYZ 71.731 605.315 null] >> endobj 2686 0 obj << /D [2676 0 R /XYZ 139.477 589.539 null] >> endobj 2687 0 obj << /D [2676 0 R /XYZ 139.477 589.539 null] >> endobj 2688 0 obj << /D [2676 0 R /XYZ 229.857 589.539 null] >> endobj 2689 0 obj << /D [2676 0 R /XYZ 71.731 567.592 null] >> endobj 2690 0 obj << /D [2676 0 R /XYZ 76.712 524.533 null] >> endobj 218 0 obj << /D [2676 0 R /XYZ 427.288 485.161 null] >> endobj 2691 0 obj << /D [2676 0 R /XYZ 71.731 462.266 null] >> endobj 2692 0 obj << /D [2676 0 R /XYZ 71.731 450.127 null] >> endobj 2693 0 obj << /D [2676 0 R /XYZ 71.731 448.882 null] >> endobj 2694 0 obj << /D [2676 0 R /XYZ 137.484 431.861 null] >> endobj 2695 0 obj << /D [2676 0 R /XYZ 137.484 431.861 null] >> endobj 2696 0 obj << /D [2676 0 R /XYZ 71.731 416.752 null] >> endobj 2697 0 obj << /D [2676 0 R /XYZ 137.484 400.976 null] >> endobj 2698 0 obj << /D [2676 0 R /XYZ 137.484 400.976 null] >> endobj 2700 0 obj << /D [2676 0 R /XYZ 71.731 398.82 null] >> endobj 2701 0 obj << /D [2676 0 R /XYZ 137.484 383.044 null] >> endobj 2702 0 obj << /D [2676 0 R /XYZ 137.484 383.044 null] >> endobj 2703 0 obj << /D [2676 0 R /XYZ 71.731 381.006 null] >> endobj 2704 0 obj << /D [2676 0 R /XYZ 137.484 365.111 null] >> endobj 2705 0 obj << /D [2676 0 R /XYZ 137.484 365.111 null] >> endobj 2706 0 obj << /D [2676 0 R /XYZ 71.731 362.954 null] >> endobj 2707 0 obj << /D [2676 0 R /XYZ 137.484 347.178 null] >> endobj 2708 0 obj << /D [2676 0 R /XYZ 137.484 347.178 null] >> endobj 2709 0 obj << /D [2676 0 R /XYZ 71.731 340.04 null] >> endobj 222 0 obj << /D [2676 0 R /XYZ 388.238 302.824 null] >> endobj 2710 0 obj << /D [2676 0 R /XYZ 71.731 299.632 null] >> endobj 2711 0 obj << /D [2676 0 R /XYZ 71.731 284.689 null] >> endobj 2712 0 obj << /D [2676 0 R /XYZ 139.477 264.568 null] >> endobj 2713 0 obj << /D [2676 0 R /XYZ 311.889 264.568 null] >> endobj 2714 0 obj << /D [2676 0 R /XYZ 139.477 252.912 null] >> endobj 2715 0 obj << /D [2676 0 R /XYZ 205.325 252.912 null] >> endobj 2716 0 obj << /D [2676 0 R /XYZ 71.731 215.054 null] >> endobj 2717 0 obj << /D [2676 0 R /XYZ 196.313 202.102 null] >> endobj 2718 0 obj << /D [2676 0 R /XYZ 249.712 202.102 null] >> endobj 2719 0 obj << /D [2676 0 R /XYZ 190.106 189.151 null] >> endobj 2720 0 obj << /D [2676 0 R /XYZ 71.731 177.031 null] >> endobj 2721 0 obj << /D [2676 0 R /XYZ 71.731 177.031 null] >> endobj 2722 0 obj << /D [2676 0 R /XYZ 163.128 167.532 null] >> endobj 2675 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F11 2699 0 R /F48 1347 0 R /F50 1352 0 R /F51 1354 0 R /F91 1827 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2725 0 obj << /Length 1616 /Filter /FlateDecode >> stream xڵXmo6_al%Q!}Pt֡%"(55ERd% bJ&{{hoy7W e(q<[mfA8fIQ٪x#VKG"D_<ojG R3b?KŶVܐfT.\r țȋDp0%QƞpU0b[T-uՂu$[ivUe+HY-$# @X>p#RމOw,jM-o 55G#^̴T6!B`7*kJ-g.8yǒ)ߋf][ 5Qlc  }'*mC#FK0꼥e .n1Hx6^)|&줺t2R57~7N3@<]EQZ ^ف:UpIjDk%waG[|W5Gx0oD\_8 lN>bw$bg ѭKSE'4'iTb;)*K1,0ʠ[r)gz/;SFF-rMNվMւ=ZUMBm͵~'15ޞh^,Ce mǹbTԚa~E7%,~Glig K54bJ.ٰ G^q"?fN06~ %!<Ⴧ;VjH0A)>tMj8WwdYlCnk{N Q/̉gUbbP n(Zl;~5@rF(af] Sy?MIwEc;LT5*)v,ߍܕn{q%~`Adk[prN-t95>ynek)Ƒ>)`t2 I:ޕJAZ]tKPtj-h@c1Zp#R=%j-ؙ.AFVn)rR:Aofﯫ}0j- L숴v[Ƌu=¶"'W7ЖmA \s탹oo5TZe![f\2(tG?li|0T5iT)!#.)Pc({#옚q02FyI' ;β} A(R @80Cgm>_?~UtdzC;ŪnF0T=LAbb*GzII hCBøUHo@n;/c'_OkOEթ aĘ~Kg; 0DV\ 0n^?Xo}˛pD8C=7e1m*taB`uKS3)A%-lXK3[t3nF4YiK'ZD:PN\2/(qzj;G^. endstream endobj 2724 0 obj << /Type /Page /Contents 2725 0 R /Resources 2723 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2726 0 obj << /D [2724 0 R /XYZ -1.269 814.22 null] >> endobj 2727 0 obj << /D [2724 0 R /XYZ 71.731 718.306 null] >> endobj 2728 0 obj << /D [2724 0 R /XYZ 71.731 718.306 null] >> endobj 2729 0 obj << /D [2724 0 R /XYZ 167.97 708.344 null] >> endobj 2730 0 obj << /D [2724 0 R /XYZ 71.731 605.444 null] >> endobj 2731 0 obj << /D [2724 0 R /XYZ 233.245 593.873 null] >> endobj 2732 0 obj << /D [2724 0 R /XYZ 71.731 545.888 null] >> endobj 2733 0 obj << /D [2724 0 R /XYZ 309.926 535.093 null] >> endobj 1072 0 obj << /D [2724 0 R /XYZ 71.731 521.729 null] >> endobj 226 0 obj << /D [2724 0 R /XYZ 336.57 478.631 null] >> endobj 2734 0 obj << /D [2724 0 R /XYZ 71.731 454.876 null] >> endobj 2735 0 obj << /D [2724 0 R /XYZ 176.548 445.754 null] >> endobj 2736 0 obj << /D [2724 0 R /XYZ 319.171 445.754 null] >> endobj 2737 0 obj << /D [2724 0 R /XYZ 119.552 432.803 null] >> endobj 2738 0 obj << /D [2724 0 R /XYZ 384.217 432.803 null] >> endobj 2739 0 obj << /D [2724 0 R /XYZ 412.72 432.803 null] >> endobj 2740 0 obj << /D [2724 0 R /XYZ 427.145 419.852 null] >> endobj 2741 0 obj << /D [2724 0 R /XYZ 71.731 394.781 null] >> endobj 2742 0 obj << /D [2724 0 R /XYZ 71.731 363.975 null] >> endobj 2743 0 obj << /D [2724 0 R /XYZ 71.731 330.322 null] >> endobj 2744 0 obj << /D [2724 0 R /XYZ 119.552 306.576 null] >> endobj 2745 0 obj << /D [2724 0 R /XYZ 243.844 306.576 null] >> endobj 2746 0 obj << /D [2724 0 R /XYZ 375.021 306.576 null] >> endobj 2747 0 obj << /D [2724 0 R /XYZ 71.731 294.457 null] >> endobj 2748 0 obj << /D [2724 0 R /XYZ 71.731 251.995 null] >> endobj 2749 0 obj << /D [2724 0 R /XYZ 274.629 240.424 null] >> endobj 2750 0 obj << /D [2724 0 R /XYZ 71.731 228.305 null] >> endobj 2751 0 obj << /D [2724 0 R /XYZ 71.731 139.613 null] >> endobj 2752 0 obj << /D [2724 0 R /XYZ 377.162 114.696 null] >> endobj 2753 0 obj << /D [2724 0 R /XYZ 119.552 101.744 null] >> endobj 2723 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F51 1354 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2756 0 obj << /Length 1630 /Filter /FlateDecode >> stream xڵ]o6+@lfIfiM."`lO?HՕvy^< ;;'/g\ Q)wkeq/t|b|nŮٜzxʐ<ͳ?1}1#TTq Z&Fq-qWqT>-~`3g<0 (D]0~9ӓ6Z~.Eqv\i*q YqF]Zjg]g"[7$VɇKY4'ױ?ҠM$\ Mm?KweTܙ6ayj4zZ?A/*Ŵe2:D&6q^w~gJ3(,"<:O7b7@q1`S?FECoUKVH Y|q84H!OEw=FPo A=#ǡG#7gH_SW|r~  `QnBRlj$ŌMW[a WMM풸j.azF/YhT e}4K4^EY%UՑN:B!A}8qQpN2۳цEzsmzxWKȗif&=Ѷ`}zBZѰAu^&º"Ӣ*릮4_1Gf8P]Ņt6k$9h$bih,kbԟN|rlx2~AR>8r_b"eG~hNǭ߲l,ƻM\\#%K޷(HTEz_.+z[d~ꃷ [YHylX  mXQ/xNgPKtVnPnusC#.p* iT endstream endobj 2755 0 obj << /Type /Page /Contents 2756 0 R /Resources 2754 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2757 0 obj << /D [2755 0 R /XYZ -1.269 814.22 null] >> endobj 2758 0 obj << /D [2755 0 R /XYZ 71.731 718.306 null] >> endobj 2759 0 obj << /D [2755 0 R /XYZ 71.731 629.151 null] >> endobj 2760 0 obj << /D [2755 0 R /XYZ 254.345 604.234 null] >> endobj 2761 0 obj << /D [2755 0 R /XYZ 71.731 592.115 null] >> endobj 2762 0 obj << /D [2755 0 R /XYZ 71.731 549.855 null] >> endobj 2763 0 obj << /D [2755 0 R /XYZ 361.651 538.082 null] >> endobj 1073 0 obj << /D [2755 0 R /XYZ 71.731 534.68 null] >> endobj 230 0 obj << /D [2755 0 R /XYZ 171.252 491.583 null] >> endobj 2764 0 obj << /D [2755 0 R /XYZ 71.731 467.827 null] >> endobj 2765 0 obj << /D [2755 0 R /XYZ 71.731 467.827 null] >> endobj 2766 0 obj << /D [2755 0 R /XYZ 298.498 458.706 null] >> endobj 2767 0 obj << /D [2755 0 R /XYZ 71.731 456.669 null] >> endobj 2768 0 obj << /D [2755 0 R /XYZ 71.731 445.461 null] >> endobj 2769 0 obj << /D [2755 0 R /XYZ 71.731 445.461 null] >> endobj 2770 0 obj << /D [2755 0 R /XYZ 71.731 287.055 null] >> endobj 2771 0 obj << /D [2755 0 R /XYZ 434.029 277.092 null] >> endobj 2772 0 obj << /D [2755 0 R /XYZ 211.426 264.141 null] >> endobj 2773 0 obj << /D [2755 0 R /XYZ 71.731 229.107 null] >> endobj 2774 0 obj << /D [2755 0 R /XYZ 328.516 218.313 null] >> endobj 2775 0 obj << /D [2755 0 R /XYZ 393.173 218.313 null] >> endobj 2776 0 obj << /D [2755 0 R /XYZ 501.894 218.313 null] >> endobj 2777 0 obj << /D [2755 0 R /XYZ 71.731 183.279 null] >> endobj 2778 0 obj << /D [2755 0 R /XYZ 119.552 159.533 null] >> endobj 2779 0 obj << /D [2755 0 R /XYZ 210.669 159.533 null] >> endobj 2780 0 obj << /D [2755 0 R /XYZ 319.391 159.533 null] >> endobj 1074 0 obj << /D [2755 0 R /XYZ 71.731 144.156 null] >> endobj 2754 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2783 0 obj << /Length 1904 /Filter /FlateDecode >> stream xX[s6~ϯH1!I$qlRl)D*ѿJ鴙N_D|h;rG_^ ќc?FA8giV迓7;~E9uȝ oM9 e~U1||#%Afh%Pq~ ynr5$,[^5&g86D%aiĽRE^Wx&LD̏#^dl;AُR"%Gǩ6hpzԏ&W6 p(%@*D*.C8"kMR ^9)(nR#'= 8!+z1:QD¤5ґ.A1 "MC.x܉x|ǵ(pjKjϊt>UmrB]/_m|&AǭlіdI8HՐ׸գZ_=cD0H#3p@$3HM-3Tbstntய@GTc@h:WT@006`;9c_4V)uBYu7L%.riEy[Dţvl8o*Ӟ W陝` : 4*Nd"f$ = <%s屝X?Yx?@ uֳ*gkTvڪ%a3IV=񌙓%d槭EKpMQ͏XqTڒߩ]Rktj F~Pyk};ma3Fh#HҐ!^c;3QKWrmۮ|~cMKw x`*,)Lۇ~6~6ɼރ`sMwfhVQ<[9mSfWOl,TDZ$F5zM)beme;|VTYb r~݈G?N_hq;[7 *:tc8sIk+*Ό 8( ~˷rHδqz8Zӗ[DuM:rjĐ`KQN6űJ/!*&E +Y7VZ77⋬ʎ m{A2>{ ik:o44݁5XQxBGIx&eP.  _ݬrqxY.i+p-~ǶP{ܖw9[.HWϷo{1z=hKƘB ]@~^_,j͡usEo8DP|.>.ϵ~& }Ѷ~:LӟZzP4zZO0Z.ԛc|qHqr<9<ªo$ w3\ )~5@_>v)(xNՋiU endstream endobj 2782 0 obj << /Type /Page /Contents 2783 0 R /Resources 2781 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2784 0 obj << /D [2782 0 R /XYZ -1.269 814.22 null] >> endobj 234 0 obj << /D [2782 0 R /XYZ 231.523 705.748 null] >> endobj 2785 0 obj << /D [2782 0 R /XYZ 71.731 704.853 null] >> endobj 2786 0 obj << /D [2782 0 R /XYZ 71.731 689.909 null] >> endobj 2787 0 obj << /D [2782 0 R /XYZ 413.683 679.147 null] >> endobj 2788 0 obj << /D [2782 0 R /XYZ 258.522 667.491 null] >> endobj 2789 0 obj << /D [2782 0 R /XYZ 212.238 655.835 null] >> endobj 2790 0 obj << /D [2782 0 R /XYZ 71.731 637.31 null] >> endobj 2791 0 obj << /D [2782 0 R /XYZ 218.048 627.541 null] >> endobj 2792 0 obj << /D [2782 0 R /XYZ 71.731 566.37 null] >> endobj 2793 0 obj << /D [2782 0 R /XYZ 119.552 514.565 null] >> endobj 2794 0 obj << /D [2782 0 R /XYZ 119.552 488.662 null] >> endobj 2795 0 obj << /D [2782 0 R /XYZ 71.731 486.624 null] >> endobj 2796 0 obj << /D [2782 0 R /XYZ 71.731 471.681 null] >> endobj 2797 0 obj << /D [2782 0 R /XYZ 71.731 424.204 null] >> endobj 2798 0 obj << /D [2782 0 R /XYZ 388.645 398.301 null] >> endobj 2799 0 obj << /D [2782 0 R /XYZ 71.731 360.278 null] >> endobj 2800 0 obj << /D [2782 0 R /XYZ 71.731 224.768 null] >> endobj 2801 0 obj << /D [2782 0 R /XYZ 71.731 200.876 null] >> endobj 2802 0 obj << /D [2782 0 R /XYZ 71.731 143.765 null] >> endobj 2803 0 obj << /D [2782 0 R /XYZ 71.731 123.84 null] >> endobj 2781 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2806 0 obj << /Length 1832 /Filter /FlateDecode >> stream xڕXY6~_᷵(r4mMmEDBdI8e&ۇ]Kp873f̛vluu2 g9ɓ 60H4 HU9{?`b<"y~ ?SQwmo-|o^u[ -5㋏?<-(e E˔EQ4-S}ٳoMW}¿-/8ӔNn[\ 8{|VWǷ޹{P7z*FCAݥSգ)gh'ZEYۉ3|6Դ-Ϗ{G[azw绚sp$OŅG9g#+rC-Jd T#LPNJAYunυzZuJRgl 8ŕ䓀䱯ZgBX٨F~FSƷ]SjOv7 j#)d2 I&w] -ʆZoth'F(rj8ŃDq:MF(HSCYq㏱6˱kRc]W֛07BךlA- ƲPf$b2雷Lxحb tyI"8$iO-NԄWɓsو@Iފz ?:q~`(=)n(1 IzM, 2UĮ|׽y[k1.]P]4_k`N)D[ ٲvMm}o);SԌөN5NX Hl,)I#kZhy!_-t4t<32e%IB7:"QxnP .1䃒,=Os=@x GSކZ}A*tQ/JIn{9+e^/|h u֟1Fp`d%]0%e*V*4֎:IحL%,gF ȡ%ܒg IXkzk߼;w2;#=w_>яZ1P]?Ԇ]JwS&&ah=>x1p'% (hJXIU%5E(x=+jiȓcMQWGcWúEqV}.[X[V|Y"(Ҹ. [g&AB^p6H*9BiYy0+vM3]) ].Y#hk[/J!A ɽI<:k γ$lm-vޡѝ7q1pr(]̌\Ke *rlaĉ2[WhL/"Ih6v"DSy7Ok |d{U#(k(@= /݄H/{u[}p@sb/?9Du+K4JEf^؊u *!V@袅p sZ:#R}/0TUnٙ\dɫ {e~adѱhܪ鈉G0k h$^O0ЫZQ'Rc-Wd01S"ݖ`%7]զȉjuwvނBd_C}:;~]]n~n endstream endobj 2805 0 obj << /Type /Page /Contents 2806 0 R /Resources 2804 0 R /MediaBox [0 0 593.051 789.041] /Parent 2674 0 R >> endobj 2807 0 obj << /D [2805 0 R /XYZ -1.269 814.22 null] >> endobj 2808 0 obj << /D [2805 0 R /XYZ 71.731 658.829 null] >> endobj 2809 0 obj << /D [2805 0 R /XYZ 71.731 620.807 null] >> endobj 2810 0 obj << /D [2805 0 R /XYZ 71.731 556.413 null] >> endobj 2811 0 obj << /D [2805 0 R /XYZ 145.006 543.462 null] >> endobj 2812 0 obj << /D [2805 0 R /XYZ 71.731 520.448 null] >> endobj 2813 0 obj << /D [2805 0 R /XYZ 184.11 485.579 null] >> endobj 2814 0 obj << /D [2805 0 R /XYZ 189.489 473.923 null] >> endobj 2815 0 obj << /D [2805 0 R /XYZ 184.11 462.267 null] >> endobj 2816 0 obj << /D [2805 0 R /XYZ 184.11 450.61 null] >> endobj 2817 0 obj << /D [2805 0 R /XYZ 205.629 438.954 null] >> endobj 2818 0 obj << /D [2805 0 R /XYZ 205.629 427.298 null] >> endobj 2819 0 obj << /D [2805 0 R /XYZ 71.731 395.716 null] >> endobj 2820 0 obj << /D [2805 0 R /XYZ 119.552 369.813 null] >> endobj 2821 0 obj << /D [2805 0 R /XYZ 71.731 369.694 null] >> endobj 2822 0 obj << /D [2805 0 R /XYZ 71.731 354.75 null] >> endobj 2823 0 obj << /D [2805 0 R /XYZ 71.731 305.355 null] >> endobj 2824 0 obj << /D [2805 0 R /XYZ 246.006 292.404 null] >> endobj 2825 0 obj << /D [2805 0 R /XYZ 298.31 266.501 null] >> endobj 2826 0 obj << /D [2805 0 R /XYZ 391.778 266.501 null] >> endobj 2827 0 obj << /D [2805 0 R /XYZ 71.731 244.419 null] >> endobj 2828 0 obj << /D [2805 0 R /XYZ 71.731 198.59 null] >> endobj 2829 0 obj << /D [2805 0 R /XYZ 322.887 174.844 null] >> endobj 2830 0 obj << /D [2805 0 R /XYZ 393.532 174.844 null] >> endobj 2831 0 obj << /D [2805 0 R /XYZ 443.789 174.844 null] >> endobj 2832 0 obj << /D [2805 0 R /XYZ 286.036 148.942 null] >> endobj 2833 0 obj << /D [2805 0 R /XYZ 71.731 146.785 null] >> endobj 2834 0 obj << /D [2805 0 R /XYZ 71.731 131.841 null] >> endobj 2804 0 obj << /Font << /F33 939 0 R /F48 1347 0 R /F31 938 0 R /F50 1352 0 R /F68 1764 0 R /F38 1036 0 R /F25 932 0 R /F11 2699 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2837 0 obj << /Length 976 /Filter /FlateDecode >> stream xڽW]S8}W {YJ!@ 3Ċ]6~,&-о+Y`#6qqp;1@F0#CP#F%],zæ8WI\홴Hx>Sn،?I'iR$LX¿.}we=md .p_{8) N7ƜjŲEjՃL.2lwxf,XrL'ZR݂'Y#]?b6f2eG l$Pl5pH9>'aq}RgyR =" []9X1AWKhrThb#y*˶mK4g/Z$iD5 f%7hƓ$+SZy28np\sDoZ.pr"4;%?HO8d*Mg_~ Ota8% p1Rބ:Z'~3X1xvNvjs ;@E3Wg, 7ܨȜgˊv@>J[=2J@fjŨ]R<-l-rBuΤ}Ox{UUP=Y\KF"eTxd&ٽdaG?fUi5iD8Z35[ō@v]I` b˨}|{}6 `kL^s/䶴k9^nc!ߙ8ȱ;x9 y WF~uƭ4y`<_Kr#a endstream endobj 2836 0 obj << /Type /Page /Contents 2837 0 R /Resources 2835 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R >> endobj 2838 0 obj << /D [2836 0 R /XYZ -1.269 814.22 null] >> endobj 2839 0 obj << /D [2836 0 R /XYZ 472.124 708.344 null] >> endobj 2840 0 obj << /D [2836 0 R /XYZ 76.712 678.755 null] >> endobj 238 0 obj << /D [2836 0 R /XYZ 329.247 639.382 null] >> endobj 2841 0 obj << /D [2836 0 R /XYZ 71.731 616.265 null] >> endobj 2842 0 obj << /D [2836 0 R /XYZ 178.211 606.506 null] >> endobj 2843 0 obj << /D [2836 0 R /XYZ 323.047 593.554 null] >> endobj 2844 0 obj << /D [2836 0 R /XYZ 71.731 558.521 null] >> endobj 2845 0 obj << /D [2836 0 R /XYZ 71.731 535.607 null] >> endobj 2846 0 obj << /D [2836 0 R /XYZ 71.731 481.489 null] >> endobj 2847 0 obj << /D [2836 0 R /XYZ 71.731 457.798 null] >> endobj 2848 0 obj << /D [2836 0 R /XYZ 71.731 403.68 null] >> endobj 2849 0 obj << /D [2836 0 R /XYZ 71.731 382.047 null] >> endobj 2850 0 obj << /D [2836 0 R /XYZ 71.731 324.178 null] >> endobj 242 0 obj << /D [2836 0 R /XYZ 341.212 286.187 null] >> endobj 2851 0 obj << /D [2836 0 R /XYZ 71.731 263.07 null] >> endobj 2852 0 obj << /D [2836 0 R /XYZ 185.683 253.31 null] >> endobj 2853 0 obj << /D [2836 0 R /XYZ 71.731 216.264 null] >> endobj 2835 0 obj << /Font << /F33 939 0 R /F48 1347 0 R /F25 932 0 R /F31 938 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2857 0 obj << /Length 866 /Filter /FlateDecode >> stream xڝUn0 }W}Fem:tغKS`:$Fe˳Q4Y{("yIzzgo"Y,k/攤bFy˕?ߊm0g 9\׷MQ⋮5k\"oOYoPEʮ&0.%^ISfӘ3f $FIHlgiw#Ŕʘ(WF-,C 1FR#p1 oDN]x`61~H1;&PYJ\_N%a1;a4Kk nu7C{۵iT9o)*AwNq!;VJݭ+\pPEYiȆd4{ @sf#VA9  u/ W< µ%dZ[O(3[iʕ4XAsY$MO(dEn2{W!)<|7 h=Y<98n9p endstream endobj 2856 0 obj << /Type /Page /Contents 2857 0 R /Resources 2855 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R >> endobj 2858 0 obj << /D [2856 0 R /XYZ -1.269 814.22 null] >> endobj 2859 0 obj << /D [2856 0 R /XYZ 71.731 718.306 null] >> endobj 246 0 obj << /D [2856 0 R /XYZ 361.913 707.841 null] >> endobj 2860 0 obj << /D [2856 0 R /XYZ 71.731 684.724 null] >> endobj 2861 0 obj << /D [2856 0 R /XYZ 476.44 674.964 null] >> endobj 2862 0 obj << /D [2856 0 R /XYZ 71.731 627.353 null] >> endobj 2863 0 obj << /D [2856 0 R /XYZ 197.548 616.185 null] >> endobj 2864 0 obj << /D [2856 0 R /XYZ 469.704 616.185 null] >> endobj 2865 0 obj << /D [2856 0 R /XYZ 258.005 603.233 null] >> endobj 2866 0 obj << /D [2856 0 R /XYZ 145.006 590.282 null] >> endobj 2867 0 obj << /D [2856 0 R /XYZ 252.821 590.282 null] >> endobj 2868 0 obj << /D [2856 0 R /XYZ 71.731 575.173 null] >> endobj 2869 0 obj << /D [2856 0 R /XYZ 71.731 560.229 null] >> endobj 2870 0 obj << /D [2856 0 R /XYZ 336.433 550.73 null] >> endobj 2871 0 obj << /D [2856 0 R /XYZ 446.424 550.73 null] >> endobj 2855 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2877 0 obj << /Length 1579 /Filter /FlateDecode >> stream xڵWK6WhkC6HuC-2J$j>vŤdoޅ_߄vCe1ݝ.<ƻEf|'/acڼHs%}0OJ*} >y2tLehZL(PE)1»C\8>= G̓?y`mU8;#R4s3#u<"@v)6> n{:j3WDG%愵kʈ2 vT>pj=hd?q0pe&ZhSUpbM G=Y8b.(d} 6V,J1r5WLe}8)[}mAqL<`7S2E8acBb Jʧ̀BĚ=WwOLZ1SSpFʳP_B !H~ZzZ]IowHB'1Ĉ귊FtBE4}KQ-7v[!}a[VJTgI]تRBӗvEN̹P<[SE~͢T !ɠcU=E #4h|#6xs,Vh$PZyUB_ uk C䘯ZD/m^6UĊqG(1XQEi_5Pʫbmy?K,^EzvmԱAlW }m S 3 =컣A(*QǠvkmc >S>rHo *Z3]w=Yv&v \ _tX!!,mpNrUT1uܶP7J@x^m.ct.s1ʵ̊]Ԫ Uҋf(:ŵUw{̠!? ƻVߗ 7T bqo]衁n`%4Pi8NO؍=/Dپ/BnXCKl"˽΍ &bӛ endstream endobj 2876 0 obj << /Type /Page /Contents 2877 0 R /Resources 2875 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R /Annots [ 2872 0 R 2873 0 R 2874 0 R ] >> endobj 2872 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [299.735 277.606 346.559 288.51] /A << /S /GoTo /D (0:FILEDEF) >> >> endobj 2873 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [355.166 277.606 401.99 288.51] /A << /S /GoTo /D (0:LOGDEF) >> >> endobj 2874 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [427.474 277.606 479.28 288.51] /A << /S /GoTo /D (0:MONDEF) >> >> endobj 2878 0 obj << /D [2876 0 R /XYZ -1.269 814.22 null] >> endobj 1075 0 obj << /D [2876 0 R /XYZ 71.731 718.306 null] >> endobj 250 0 obj << /D [2876 0 R /XYZ 235.861 676.38 null] >> endobj 2879 0 obj << /D [2876 0 R /XYZ 71.731 645.402 null] >> endobj 2880 0 obj << /D [2876 0 R /XYZ 137.534 637.047 null] >> endobj 2881 0 obj << /D [2876 0 R /XYZ 71.731 589.062 null] >> endobj 2882 0 obj << /D [2876 0 R /XYZ 71.731 589.062 null] >> endobj 2883 0 obj << /D [2876 0 R /XYZ 414.781 578.268 null] >> endobj 2884 0 obj << /D [2876 0 R /XYZ 463.199 578.268 null] >> endobj 2885 0 obj << /D [2876 0 R /XYZ 71.731 543.234 null] >> endobj 2886 0 obj << /D [2876 0 R /XYZ 71.731 543.234 null] >> endobj 2887 0 obj << /D [2876 0 R /XYZ 132.005 519.488 null] >> endobj 2888 0 obj << /D [2876 0 R /XYZ 71.731 517.331 null] >> endobj 2889 0 obj << /D [2876 0 R /XYZ 71.731 502.387 null] >> endobj 2890 0 obj << /D [2876 0 R /XYZ 260.198 492.888 null] >> endobj 2891 0 obj << /D [2876 0 R /XYZ 384.794 492.888 null] >> endobj 2892 0 obj << /D [2876 0 R /XYZ 71.731 489.786 null] >> endobj 2893 0 obj << /D [2876 0 R /XYZ 149.44 473.76 null] >> endobj 2894 0 obj << /D [2876 0 R /XYZ 149.44 473.76 null] >> endobj 2895 0 obj << /D [2876 0 R /XYZ 71.731 460.108 null] >> endobj 2896 0 obj << /D [2876 0 R /XYZ 149.44 445.466 null] >> endobj 2897 0 obj << /D [2876 0 R /XYZ 173.281 445.466 null] >> endobj 1076 0 obj << /D [2876 0 R /XYZ 76.712 399.239 null] >> endobj 254 0 obj << /D [2876 0 R /XYZ 234.931 353.985 null] >> endobj 2898 0 obj << /D [2876 0 R /XYZ 71.731 330.229 null] >> endobj 2899 0 obj << /D [2876 0 R /XYZ 148.085 321.108 null] >> endobj 2900 0 obj << /D [2876 0 R /XYZ 71.731 299.026 null] >> endobj 2901 0 obj << /D [2876 0 R /XYZ 71.731 299.026 null] >> endobj 2902 0 obj << /D [2876 0 R /XYZ 71.731 297.781 null] >> endobj 2903 0 obj << /D [2876 0 R /XYZ 137.484 280.759 null] >> endobj 2904 0 obj << /D [2876 0 R /XYZ 71.731 246.099 null] >> endobj 2905 0 obj << /D [2876 0 R /XYZ 71.731 246.099 null] >> endobj 2906 0 obj << /D [2876 0 R /XYZ 71.731 246.099 null] >> endobj 2907 0 obj << /D [2876 0 R /XYZ 147.447 229.95 null] >> endobj 2908 0 obj << /D [2876 0 R /XYZ 162.67 229.95 null] >> endobj 2909 0 obj << /D [2876 0 R /XYZ 71.731 214.842 null] >> endobj 2910 0 obj << /D [2876 0 R /XYZ 147.447 199.066 null] >> endobj 2911 0 obj << /D [2876 0 R /XYZ 165.43 199.066 null] >> endobj 2912 0 obj << /D [2876 0 R /XYZ 71.731 186.015 null] >> endobj 2913 0 obj << /D [2876 0 R /XYZ 147.447 168.181 null] >> endobj 2914 0 obj << /D [2876 0 R /XYZ 209.065 168.181 null] >> endobj 2915 0 obj << /D [2876 0 R /XYZ 71.731 166.025 null] >> endobj 2916 0 obj << /D [2876 0 R /XYZ 147.447 150.249 null] >> endobj 2917 0 obj << /D [2876 0 R /XYZ 165.43 150.249 null] >> endobj 2918 0 obj << /D [2876 0 R /XYZ 332.93 150.249 null] >> endobj 2919 0 obj << /D [2876 0 R /XYZ 417.83 137.297 null] >> endobj 2920 0 obj << /D [2876 0 R /XYZ 71.731 135.14 null] >> endobj 2921 0 obj << /D [2876 0 R /XYZ 147.447 119.365 null] >> endobj 2922 0 obj << /D [2876 0 R /XYZ 209.464 119.365 null] >> endobj 2923 0 obj << /D [2876 0 R /XYZ 377.592 119.365 null] >> endobj 2875 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F48 1347 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2926 0 obj << /Length 1614 /Filter /FlateDecode >> stream xڽXK6ִHzal/E-6YDE{CM6mZ1738g͋u T$w3Slk:.FsKY"?ޛWLԷ[w UgDE̫E'n"k% :[qn#(;x9v.߲mߎ'gʆ;D'X%[ػ]ɪ5/0)TnU O6<{+qSD# yqUeji&A;CP͂D󓳰ix sZQ%1t94ܮL F[&jՁĹ F4J8Sxtk:)}f7A `"NgK,' \ hþ4Xxh߽Ǐ2 Fr&OC.DYHiy$=XG喙rʦn4\6m=GYX|e#eD*޳ƅ߫yp0RQDmF>ĦZe,^/r0Ŝݞ814d}+OΡ%W.D,_['@ tV&&MHb i(uԥhdN?4㘨fjnU/t4owԾ У;Ktr߲ J[:'wehYYF$@ĸxkv(ir( >t pO_u* 3e'Ls6D9 hfʣ5J0ȀVފ}O bS/`\,ʽ~iO6 1q6•U絮P9NEްvƏP8Go%OVOSÂsh q-}Rrz9ªJ.AZTd*z.>ih[.^ji88lփjI=pX{ a IuIBLj'hV)i5Ru"j}&e4+)CkE.}Qm(AD\ rxMv IS!^İJYyJ]{ٜFȡ4ݛfX,q#O%7>ml?}/VmޏJV9qq)4ca6HUNg^QByD_X&ur'SwY/<UEgZrw Uotgޮjh|QEuͳ|>/R:GB^Y#V"Q般FZ1=oW}InD];+'1=?#>[*S-w9M.\AL_:lZ]8E aŃE^{ݡ|xY xPdԊ<2O^=Y/4&̗Ȏ˯P=Pa `$ݠehP*q熗̏pKg(m9Tm3Y35M%LQ18!ҧ`߉#p@^sP|Bpq; G # )aM`_n endstream endobj 2925 0 obj << /Type /Page /Contents 2926 0 R /Resources 2924 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R >> endobj 2927 0 obj << /D [2925 0 R /XYZ -1.269 814.22 null] >> endobj 2928 0 obj << /D [2925 0 R /XYZ 124.533 694.147 null] >> endobj 2929 0 obj << /D [2925 0 R /XYZ 137.484 676.214 null] >> endobj 2930 0 obj << /D [2925 0 R /XYZ 430.91 676.214 null] >> endobj 2931 0 obj << /D [2925 0 R /XYZ 243.227 663.263 null] >> endobj 2932 0 obj << /D [2925 0 R /XYZ 314.34 663.263 null] >> endobj 2933 0 obj << /D [2925 0 R /XYZ 71.731 641.181 null] >> endobj 2934 0 obj << /D [2925 0 R /XYZ 71.731 641.181 null] >> endobj 2935 0 obj << /D [2925 0 R /XYZ 185.085 630.386 null] >> endobj 2936 0 obj << /D [2925 0 R /XYZ 124.533 616.189 null] >> endobj 2937 0 obj << /D [2925 0 R /XYZ 137.484 598.257 null] >> endobj 2938 0 obj << /D [2925 0 R /XYZ 158.794 598.257 null] >> endobj 2939 0 obj << /D [2925 0 R /XYZ 204.731 598.257 null] >> endobj 2940 0 obj << /D [2925 0 R /XYZ 71.731 563.223 null] >> endobj 2941 0 obj << /D [2925 0 R /XYZ 71.731 563.223 null] >> endobj 2942 0 obj << /D [2925 0 R /XYZ 185.085 552.428 null] >> endobj 2943 0 obj << /D [2925 0 R /XYZ 71.731 532.324 null] >> endobj 2944 0 obj << /D [2925 0 R /XYZ 166.017 519.552 null] >> endobj 2945 0 obj << /D [2925 0 R /XYZ 71.731 497.47 null] >> endobj 2946 0 obj << /D [2925 0 R /XYZ 71.731 497.47 null] >> endobj 2947 0 obj << /D [2925 0 R /XYZ 198.087 486.675 null] >> endobj 1077 0 obj << /D [2925 0 R /XYZ 71.731 453.3 null] >> endobj 258 0 obj << /D [2925 0 R /XYZ 350.343 408.046 null] >> endobj 2948 0 obj << /D [2925 0 R /XYZ 71.731 387.905 null] >> endobj 2949 0 obj << /D [2925 0 R /XYZ 331.943 375.169 null] >> endobj 2950 0 obj << /D [2925 0 R /XYZ 343.012 375.169 null] >> endobj 2951 0 obj << /D [2925 0 R /XYZ 487.745 375.169 null] >> endobj 2952 0 obj << /D [2925 0 R /XYZ 498.814 375.169 null] >> endobj 2953 0 obj << /D [2925 0 R /XYZ 141.41 362.218 null] >> endobj 2954 0 obj << /D [2925 0 R /XYZ 265.822 362.218 null] >> endobj 2955 0 obj << /D [2925 0 R /XYZ 306.31 362.218 null] >> endobj 2956 0 obj << /D [2925 0 R /XYZ 317.378 362.218 null] >> endobj 2957 0 obj << /D [2925 0 R /XYZ 381.037 362.218 null] >> endobj 2958 0 obj << /D [2925 0 R /XYZ 438.176 362.218 null] >> endobj 2959 0 obj << /D [2925 0 R /XYZ 449.245 362.218 null] >> endobj 2960 0 obj << /D [2925 0 R /XYZ 479.786 362.218 null] >> endobj 2961 0 obj << /D [2925 0 R /XYZ 490.854 362.218 null] >> endobj 2962 0 obj << /D [2925 0 R /XYZ 242.878 349.266 null] >> endobj 2963 0 obj << /D [2925 0 R /XYZ 281.712 349.266 null] >> endobj 2964 0 obj << /D [2925 0 R /XYZ 71.731 327.184 null] >> endobj 2965 0 obj << /D [2925 0 R /XYZ 389.886 316.39 null] >> endobj 2966 0 obj << /D [2925 0 R /XYZ 71.731 281.356 null] >> endobj 2967 0 obj << /D [2925 0 R /XYZ 395.833 270.561 null] >> endobj 2968 0 obj << /D [2925 0 R /XYZ 166.864 231.707 null] >> endobj 2969 0 obj << /D [2925 0 R /XYZ 71.731 209.625 null] >> endobj 2970 0 obj << /D [2925 0 R /XYZ 147.507 185.879 null] >> endobj 2971 0 obj << /D [2925 0 R /XYZ 232.716 185.879 null] >> endobj 2972 0 obj << /D [2925 0 R /XYZ 71.731 137.894 null] >> endobj 2973 0 obj << /D [2925 0 R /XYZ 119.552 114.148 null] >> endobj 1078 0 obj << /D [2925 0 R /XYZ 71.731 110.746 null] >> endobj 2924 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F68 1764 0 R >> /ProcSet [ /PDF /Text ] >> endobj 2977 0 obj << /Length 1206 /Filter /FlateDecode >> stream xWM6ϯhW5 RnV69 2($>LR$'ׯ_w?^o7P{pp(H$(w($;߷q9--AՋ Wtgo5e_;{ApG !ڧ{X$(#*Fwz%X9TBl$(A) -IG d <%miO 蟂Hr$Of)A LU-mlV1JOC)i GΛ9Am,"R< %!`Łd9/[>~ s a) Z tϓa8a + z ,E|,Qel㧯^W_ û#3lIWܪh(fd~p )LQRꒃtBl boF ctS G";/-u*]Xsb % 8J깵jн|kwdTh0!TrFv?vdxo˝c<$x&TiO{I'%#(5M36,@iY(-:gBAYu(CY INd>>۶ K@Ez;XjmM-+!{TKf ^%dґG<'[םibyĥ9ڎCe6Go=h[h[۪~ jb j^:wI/Y>Ԥ}t8 *PbMC.xSNڔ ldy& g2Ջ;G(XJwfaNK;RI|6^װ3-nz CmpGQY??}OUN\;A:WW 裾uM"N_׾KSXT\%yҰ1nuxCe)$u}hNB;ݐ3ŝV3O;7c 0@T| wg§O2︒ZVbg&:$Cjf(LQ>$‘ J?ej=1z+lԹz@,+Zmr,m![^IKDapX|yNSKKKogf _PU S5Sw\iXi6Tʏ>QfJ6Jgy8%, endstream endobj 2976 0 obj << /Type /Page /Contents 2977 0 R /Resources 2975 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R /Annots [ 2974 0 R ] >> endobj 2974 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [193.822 327.501 248.118 338.405] /A << /S /GoTo /D (0:POLICY) >> >> endobj 2978 0 obj << /D [2976 0 R /XYZ -1.269 814.22 null] >> endobj 262 0 obj << /D [2976 0 R /XYZ 226.737 705.748 null] >> endobj 2979 0 obj << /D [2976 0 R /XYZ 71.731 681.992 null] >> endobj 2980 0 obj << /D [2976 0 R /XYZ 71.731 681.992 null] >> endobj 2981 0 obj << /D [2976 0 R /XYZ 293.478 672.871 null] >> endobj 2982 0 obj << /D [2976 0 R /XYZ 71.731 637.837 null] >> endobj 2983 0 obj << /D [2976 0 R /XYZ 71.731 604.961 null] >> endobj 2984 0 obj << /D [2976 0 R /XYZ 71.731 604.961 null] >> endobj 2985 0 obj << /D [2976 0 R /XYZ 71.731 603.715 null] >> endobj 2986 0 obj << /D [2976 0 R /XYZ 129.514 586.694 null] >> endobj 2987 0 obj << /D [2976 0 R /XYZ 71.731 571.96 null] >> endobj 2988 0 obj << /D [2976 0 R /XYZ 129.514 555.81 null] >> endobj 2989 0 obj << /D [2976 0 R /XYZ 71.731 554.37 null] >> endobj 2990 0 obj << /D [2976 0 R /XYZ 129.514 537.877 null] >> endobj 2991 0 obj << /D [2976 0 R /XYZ 71.731 535.72 null] >> endobj 2992 0 obj << /D [2976 0 R /XYZ 129.514 519.944 null] >> endobj 2993 0 obj << /D [2976 0 R /XYZ 71.731 517.788 null] >> endobj 2994 0 obj << /D [2976 0 R /XYZ 129.514 502.012 null] >> endobj 2995 0 obj << /D [2976 0 R /XYZ 71.731 499.855 null] >> endobj 2996 0 obj << /D [2976 0 R /XYZ 129.514 484.079 null] >> endobj 2997 0 obj << /D [2976 0 R /XYZ 321.413 484.079 null] >> endobj 2998 0 obj << /D [2976 0 R /XYZ 71.731 481.922 null] >> endobj 2999 0 obj << /D [2976 0 R /XYZ 129.514 466.146 null] >> endobj 3000 0 obj << /D [2976 0 R /XYZ 71.731 463.989 null] >> endobj 3001 0 obj << /D [2976 0 R /XYZ 129.514 448.213 null] >> endobj 3002 0 obj << /D [2976 0 R /XYZ 71.731 446.774 null] >> endobj 3003 0 obj << /D [2976 0 R /XYZ 129.514 430.281 null] >> endobj 3004 0 obj << /D [2976 0 R /XYZ 71.731 428.841 null] >> endobj 3005 0 obj << /D [2976 0 R /XYZ 129.514 412.348 null] >> endobj 3006 0 obj << /D [2976 0 R /XYZ 71.731 410.191 null] >> endobj 3007 0 obj << /D [2976 0 R /XYZ 129.514 394.415 null] >> endobj 3008 0 obj << /D [2976 0 R /XYZ 71.731 356.557 null] >> endobj 1079 0 obj << /D [2976 0 R /XYZ 71.731 327.252 null] >> endobj 266 0 obj << /D [2976 0 R /XYZ 135.806 261.775 null] >> endobj 3009 0 obj << /D [2976 0 R /XYZ 71.731 241.634 null] >> endobj 2056 0 obj << /D [2976 0 R /XYZ 71.731 213.79 null] >> endobj 270 0 obj << /D [2976 0 R /XYZ 290.958 176.574 null] >> endobj 3010 0 obj << /D [2976 0 R /XYZ 71.731 153.457 null] >> endobj 3011 0 obj << /D [2976 0 R /XYZ 71.731 153.457 null] >> endobj 2975 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3014 0 obj << /Length 1213 /Filter /FlateDecode >> stream xX[o6~ϯУ Ĝ.%؀[[ ~[$j$#E,I1`K"R9Ε{oo~|& ep06H$ Q>\.pXo_돾[ݒ*0oJ>\*jE[uLVkXw4`ibbonQua¬ćm7dQiWؗ(k\E6algO~"3Ђe,6gBG &JN ?1rp phnW\-Ŋ+;%ɴW-p6Jٞ)&xVh.}%E%ŅfG oK(ΒÄ ;}HBjӕqC;e~ fD{4lu'|Jh hT|pG  WRc C v7Pqo:,!?0CTIJ+9-!c\7)x2~'N)JЪL}zskGe!سq^H 2i+_};WWx׍:wv2zP |qbRul ԅ)*ȤԄg& ]RΦCP_Jb9i6;n(BQM T_Pl5}>F6/k;RmrFFgt݌, df&;,aPL WYærKN'1(ޢ@&NQ~f/~ x endstream endobj 3013 0 obj << /Type /Page /Contents 3014 0 R /Resources 3012 0 R /MediaBox [0 0 593.051 789.041] /Parent 2854 0 R >> endobj 3015 0 obj << /D [3013 0 R /XYZ -1.269 814.22 null] >> endobj 3016 0 obj << /D [3013 0 R /XYZ 71.731 718.306 null] >> endobj 3017 0 obj << /D [3013 0 R /XYZ 304.197 708.344 null] >> endobj 3018 0 obj << /D [3013 0 R /XYZ 71.731 691.243 null] >> endobj 3019 0 obj << /D [3013 0 R /XYZ 71.731 678.291 null] >> endobj 3020 0 obj << /D [3013 0 R /XYZ 139.477 662.516 null] >> endobj 3021 0 obj << /D [3013 0 R /XYZ 71.731 640.433 null] >> endobj 3022 0 obj << /D [3013 0 R /XYZ 71.731 592.528 null] >> endobj 3023 0 obj << /D [3013 0 R /XYZ 71.731 577.42 null] >> endobj 3024 0 obj << /D [3013 0 R /XYZ 139.477 561.644 null] >> endobj 3025 0 obj << /D [3013 0 R /XYZ 71.731 539.562 null] >> endobj 3026 0 obj << /D [3013 0 R /XYZ 71.731 504.608 null] >> endobj 3027 0 obj << /D [3013 0 R /XYZ 71.731 489.499 null] >> endobj 3028 0 obj << /D [3013 0 R /XYZ 139.477 473.724 null] >> endobj 3029 0 obj << /D [3013 0 R /XYZ 276.721 460.772 null] >> endobj 3030 0 obj << /D [3013 0 R /XYZ 71.731 438.69 null] >> endobj 3031 0 obj << /D [3013 0 R /XYZ 71.731 392.862 null] >> endobj 3032 0 obj << /D [3013 0 R /XYZ 71.731 293.151 null] >> endobj 3033 0 obj << /D [3013 0 R /XYZ 71.731 280.1 null] >> endobj 3034 0 obj << /D [3013 0 R /XYZ 139.477 262.267 null] >> endobj 3035 0 obj << /D [3013 0 R /XYZ 71.731 240.184 null] >> endobj 3036 0 obj << /D [3013 0 R /XYZ 71.731 205.23 null] >> endobj 3037 0 obj << /D [3013 0 R /XYZ 71.731 190.122 null] >> endobj 3038 0 obj << /D [3013 0 R /XYZ 139.477 174.346 null] >> endobj 3039 0 obj << /D [3013 0 R /XYZ 334.056 174.346 null] >> endobj 3040 0 obj << /D [3013 0 R /XYZ 71.731 151.333 null] >> endobj 3041 0 obj << /D [3013 0 R /XYZ 71.731 136.324 null] >> endobj 3042 0 obj << /D [3013 0 R /XYZ 139.477 120.548 null] >> endobj 3043 0 obj << /D [3013 0 R /XYZ 139.477 107.597 null] >> endobj 3012 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3047 0 obj << /Length 1338 /Filter /FlateDecode >> stream xWKs6W(MCSJi'q(riLB&!(X̸=t|"oxN~]LG7#4L ieQHI- tͶ-o~i]j׈je$۬ޘv`]֌DqVhfjSWo'L8!Ø$b1 Fxk$0=Vn@ mqFH)J_"v8]p%AT6kY9XTu@Pŧ!Y+ mp 71Scl&eRjJkٯgӌ"+X wgjn/,7  qG?_ _x9S/1 BlϣUzf(,{n{4FGl ,AښtF`N6y/ɶXG ܣ7 &)M L@ۺ‹Ϋd[nfl=4S+7IDĕ'-,ߵrR53{m!CjXcݴ,QN 3> endobj 3044 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [241.145 394.107 295.441 405.011] /A << /S /GoTo /D (0:PRELINK) >> >> endobj 3048 0 obj << /D [3046 0 R /XYZ -1.269 814.22 null] >> endobj 3049 0 obj << /D [3046 0 R /XYZ 71.731 741.22 null] >> endobj 3050 0 obj << /D [3046 0 R /XYZ 71.731 718.306 null] >> endobj 3051 0 obj << /D [3046 0 R /XYZ 71.731 671.233 null] >> endobj 3052 0 obj << /D [3046 0 R /XYZ 71.731 658.182 null] >> endobj 3053 0 obj << /D [3046 0 R /XYZ 139.477 640.349 null] >> endobj 3054 0 obj << /D [3046 0 R /XYZ 71.731 628.229 null] >> endobj 3055 0 obj << /D [3046 0 R /XYZ 71.731 617.335 null] >> endobj 3056 0 obj << /D [3046 0 R /XYZ 139.477 599.502 null] >> endobj 3057 0 obj << /D [3046 0 R /XYZ 71.731 587.382 null] >> endobj 3058 0 obj << /D [3046 0 R /XYZ 71.731 576.488 null] >> endobj 3059 0 obj << /D [3046 0 R /XYZ 139.477 558.655 null] >> endobj 3060 0 obj << /D [3046 0 R /XYZ 71.731 546.536 null] >> endobj 3061 0 obj << /D [3046 0 R /XYZ 71.731 535.641 null] >> endobj 3062 0 obj << /D [3046 0 R /XYZ 139.477 517.808 null] >> endobj 3063 0 obj << /D [3046 0 R /XYZ 71.731 505.689 null] >> endobj 3064 0 obj << /D [3046 0 R /XYZ 71.731 494.795 null] >> endobj 3065 0 obj << /D [3046 0 R /XYZ 139.477 476.961 null] >> endobj 3066 0 obj << /D [3046 0 R /XYZ 71.731 464.842 null] >> endobj 3067 0 obj << /D [3046 0 R /XYZ 71.731 453.948 null] >> endobj 3068 0 obj << /D [3046 0 R /XYZ 139.477 436.115 null] >> endobj 3069 0 obj << /D [3046 0 R /XYZ 169.085 423.163 null] >> endobj 3070 0 obj << /D [3046 0 R /XYZ 71.731 375.178 null] >> endobj 3071 0 obj << /D [3046 0 R /XYZ 76.712 333.549 null] >> endobj 3072 0 obj << /D [3046 0 R /XYZ 71.731 318.605 null] >> endobj 3073 0 obj << /D [3046 0 R /XYZ 374.689 306.949 null] >> endobj 3074 0 obj << /D [3046 0 R /XYZ 139.477 295.293 null] >> endobj 3075 0 obj << /D [3046 0 R /XYZ 211.342 295.293 null] >> endobj 3076 0 obj << /D [3046 0 R /XYZ 272.716 295.293 null] >> endobj 3077 0 obj << /D [3046 0 R /XYZ 344.581 295.293 null] >> endobj 3078 0 obj << /D [3046 0 R /XYZ 71.731 230.035 null] >> endobj 3079 0 obj << /D [3046 0 R /XYZ 71.731 230.035 null] >> endobj 3080 0 obj << /D [3046 0 R /XYZ 71.731 192.478 null] >> endobj 274 0 obj << /D [3046 0 R /XYZ 341.355 153.106 null] >> endobj 3081 0 obj << /D [3046 0 R /XYZ 71.731 130.211 null] >> endobj 3045 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3087 0 obj << /Length 1627 /Filter /FlateDecode >> stream xڥXK6pE,aiv-іt$jw_!9+'Fr0H3y|3:'87h5&Qp=YǑ&dOn79JZQxo7AoRM) % j&\2U)Of x)E5qZSi?]%y 5J}W$Rч)4b08Y,XN]ɨ)m _ ;.Fӝ@eE3d,L<:}'([/$O/QAt8݂*MUtGY?7|+#wc 4+3")jQHp$o*3#4մ۔jt8*bjJ{PO:ofb66FWťmEϳ0Dh #mZ`Av$|'r1u"oT%3Rh-n2e9n}߿!#u亠 53:9E%i>H(ɝb<ЍGhl:U⡠O%PɶN"hW)IhՔ3&a>(ZG7T*n+/>sF,5>5c 0D"Q0cV+B4[6:_!E}ˊ̝e@kV ׮ Bӗw,uMuFdT>Rsmߋ?a{,qt ]!7BųȪ()6^MmpU$7SW["NC?Wm-۝&^Z8,]oZZʓvKv %8u;P#ho;I~Q[<a'Cra#jEwڃwOpd;[{]\Xrvwa7gr=VfJGvsM..H1Cgt (k<q@``yg՘e (0:% 37U[OUGZJ0sY4YB 8i`"˜V?x3Sn. G/>y+t=e lKrAwz DR]Vs!Yy'j]-^?b}\_aCQI4$Voomt_]<$ŊQ"Z`촮XiGH Dڶug6(5@@ Ob NYjݜYQ]s+iL;'Afz9҃x'Ruf?t UL(U'o |n̳fHV$+ԟFr@i2R^ `uR_уPW#EBEW-=B=A׵B@ xQ2;AHY63f!PÉ}uz`aEs\ Pu_G4ob_ns?AL endstream endobj 3086 0 obj << /Type /Page /Contents 3087 0 R /Resources 3085 0 R /MediaBox [0 0 593.051 789.041] /Parent 3082 0 R /Annots [ 3084 0 R ] >> endobj 3084 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [383.061 606.56 437.357 617.464] /A << /S /GoTo /D (0:RECDEP) >> >> endobj 3088 0 obj << /D [3086 0 R /XYZ -1.269 814.22 null] >> endobj 3089 0 obj << /D [3086 0 R /XYZ 71.731 718.306 null] >> endobj 3090 0 obj << /D [3086 0 R /XYZ 71.731 718.306 null] >> endobj 3091 0 obj << /D [3086 0 R /XYZ 137.962 708.344 null] >> endobj 3092 0 obj << /D [3086 0 R /XYZ 71.731 653.385 null] >> endobj 3093 0 obj << /D [3086 0 R /XYZ 71.731 653.385 null] >> endobj 3094 0 obj << /D [3086 0 R /XYZ 137.962 642.59 null] >> endobj 3095 0 obj << /D [3086 0 R /XYZ 71.731 621.45 null] >> endobj 3096 0 obj << /D [3086 0 R /XYZ 71.731 574.68 null] >> endobj 3097 0 obj << /D [3086 0 R /XYZ 299.923 525.031 null] >> endobj 3098 0 obj << /D [3086 0 R /XYZ 71.731 448.155 null] >> endobj 3099 0 obj << /D [3086 0 R /XYZ 71.731 169.18 null] >> endobj 3100 0 obj << /D [3086 0 R /XYZ 71.731 149.254 null] >> endobj 3085 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3104 0 obj << /Length 2076 /Filter /FlateDecode >> stream xڵYI60=iK tIs%&"$S\%Rz[#}p*[VIU(U(cp.. 61yz=pA^:mmNQ(Xwe dJ".ޏbG}ˤLb4UE¨Ձu ߰Zs˛c\}mY*gIzip[Sn8|bH%[93˪(oF}lԢ;Эm-H|ĝ誆пzxC"ux  RܲWx~yB ab+6- <%7Ax}\`#`͝Jj :YUDMa(n`s#JĚg7>WôhF¾z"Tu!L+.9vG8D( HGoW6R`~,5~IPu{]AHi m-BKjp_a60-;MZ [xO:m J *]4W&Bٞ*jE4=q?A+I_WQhHu/KSt4՞\x- cms +5v%sR gMm/Ў k-;ӻ2c應5ZJe&S\k<%i&+m(Gq2=EЮt2;̡؄HܐX2(]Ǣk5[ۭ#F5ZvCO>Ih/ZeM|t 5ztn'fen8$ܚWBF'eS(X+Ў$~.._@?N9|/W?(|(:hMƞY\5kB*ξyGձUW|0d@GqxV> endobj 3105 0 obj << /D [3103 0 R /XYZ -1.269 814.22 null] >> endobj 3106 0 obj << /D [3103 0 R /XYZ 71.731 718.306 null] >> endobj 3107 0 obj << /D [3103 0 R /XYZ 328.476 685.031 null] >> endobj 3108 0 obj << /D [3103 0 R /XYZ 76.712 643.786 null] >> endobj 278 0 obj << /D [3103 0 R /XYZ 195.31 608.319 null] >> endobj 3109 0 obj << /D [3103 0 R /XYZ 71.731 608.169 null] >> endobj 3110 0 obj << /D [3103 0 R /XYZ 71.731 605.778 null] >> endobj 3111 0 obj << /D [3103 0 R /XYZ 137.484 585.604 null] >> endobj 3112 0 obj << /D [3103 0 R /XYZ 71.731 570.496 null] >> endobj 3113 0 obj << /D [3103 0 R /XYZ 137.484 554.72 null] >> endobj 3114 0 obj << /D [3103 0 R /XYZ 320.706 554.72 null] >> endobj 3115 0 obj << /D [3103 0 R /XYZ 71.731 539.612 null] >> endobj 3116 0 obj << /D [3103 0 R /XYZ 137.484 523.836 null] >> endobj 3117 0 obj << /D [3103 0 R /XYZ 227.695 510.884 null] >> endobj 3118 0 obj << /D [3103 0 R /XYZ 71.731 508.727 null] >> endobj 3119 0 obj << /D [3103 0 R /XYZ 147.447 492.951 null] >> endobj 3120 0 obj << /D [3103 0 R /XYZ 71.731 490.795 null] >> endobj 3121 0 obj << /D [3103 0 R /XYZ 147.447 475.019 null] >> endobj 3122 0 obj << /D [3103 0 R /XYZ 71.731 472.862 null] >> endobj 3123 0 obj << /D [3103 0 R /XYZ 147.447 457.086 null] >> endobj 3124 0 obj << /D [3103 0 R /XYZ 71.731 411.467 null] >> endobj 3125 0 obj << /D [3103 0 R /XYZ 137.484 395.318 null] >> endobj 3126 0 obj << /D [3103 0 R /XYZ 348.969 395.318 null] >> endobj 3127 0 obj << /D [3103 0 R /XYZ 137.484 382.366 null] >> endobj 3128 0 obj << /D [3103 0 R /XYZ 71.731 380.209 null] >> endobj 3129 0 obj << /D [3103 0 R /XYZ 137.484 364.433 null] >> endobj 3130 0 obj << /D [3103 0 R /XYZ 515.254 364.433 null] >> endobj 3131 0 obj << /D [3103 0 R /XYZ 71.731 362.277 null] >> endobj 3132 0 obj << /D [3103 0 R /XYZ 147.447 346.501 null] >> endobj 3133 0 obj << /D [3103 0 R /XYZ 71.731 344.344 null] >> endobj 3134 0 obj << /D [3103 0 R /XYZ 147.447 328.568 null] >> endobj 3135 0 obj << /D [3103 0 R /XYZ 71.731 321.43 null] >> endobj 3136 0 obj << /D [3103 0 R /XYZ 137.484 305.654 null] >> endobj 3137 0 obj << /D [3103 0 R /XYZ 210.359 305.654 null] >> endobj 3138 0 obj << /D [3103 0 R /XYZ 228.769 305.654 null] >> endobj 3139 0 obj << /D [3103 0 R /XYZ 441.978 292.702 null] >> endobj 3140 0 obj << /D [3103 0 R /XYZ 460.388 292.702 null] >> endobj 3141 0 obj << /D [3103 0 R /XYZ 309.199 279.751 null] >> endobj 3142 0 obj << /D [3103 0 R /XYZ 386.179 266.8 null] >> endobj 3143 0 obj << /D [3103 0 R /XYZ 71.731 238.74 null] >> endobj 3144 0 obj << /D [3103 0 R /XYZ 137.484 222.964 null] >> endobj 3145 0 obj << /D [3103 0 R /XYZ 71.731 187.93 null] >> endobj 3146 0 obj << /D [3103 0 R /XYZ 71.731 187.93 null] >> endobj 3147 0 obj << /D [3103 0 R /XYZ 71.731 165.016 null] >> endobj 3102 0 obj << /Font << /F33 939 0 R /F48 1347 0 R /F55 1479 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3150 0 obj << /Length 1816 /Filter /FlateDecode >> stream xڽX[۶~ϯ0YkZw=6mSW6+ђ`Iԡ.;$u8/)ofޢ\x_پX ņl Ylw I䧋4 Hmxdb b&&{^PJjmEd̠4ly7ѼjyWK.m-2D Ob%bD$2*-̤SVߘ'ibŻSÆ渋vxPq>*SpI]Ɋ[3A}ξ=+̋ $gjKy7t%C- (wE] ' 6` \X+w+㛷8L[f(MWWiP3Ii\ƛkIƮn췺q;ㇹ@3 3yۻ-Ka+ۇu[.^z=E}|ن(#~}zYz.F24e4H5=z+>05y_HORGp.;3Bx ^b n?|#jú 2 b 8ZMCuS^Mv ?"aK8.ĐPN3kaDsY5e5촰ZW5V[^ʵ@k ,lYB~ںWpI-' 9Mshed;9pb{K%6 ^:`{:6X#Cs֙.+T..I@$n]Qِc'APj7wcTVk޲{O#d VzZ oOP^xB s~p#Rr:-I?N^H7^̉SnدޣL;{yMCKD>X,fe@Dy-m.xwv8nɪw}5qOL>(bC+{{?ȃ<[}o YǮwM&&wSttR1! 2DL#ċ"MqHjEᆩN7"7SS<|T^I'M-NOb?x./*ZGsC eXeh8tv}f~ endstream endobj 3149 0 obj << /Type /Page /Contents 3150 0 R /Resources 3148 0 R /MediaBox [0 0 593.051 789.041] /Parent 3082 0 R >> endobj 3151 0 obj << /D [3149 0 R /XYZ -1.269 814.22 null] >> endobj 3152 0 obj << /D [3149 0 R /XYZ 71.731 741.22 null] >> endobj 3153 0 obj << /D [3149 0 R /XYZ 71.731 629.85 null] >> endobj 3154 0 obj << /D [3149 0 R /XYZ 71.731 629.85 null] >> endobj 3155 0 obj << /D [3149 0 R /XYZ 71.731 605.066 null] >> endobj 3156 0 obj << /D [3149 0 R /XYZ 71.731 515.979 null] >> endobj 3157 0 obj << /D [3149 0 R /XYZ 71.731 515.979 null] >> endobj 3158 0 obj << /D [3149 0 R /XYZ 71.731 481.395 null] >> endobj 3159 0 obj << /D [3149 0 R /XYZ 71.731 414.236 null] >> endobj 3160 0 obj << /D [3149 0 R /XYZ 71.731 388.628 null] >> endobj 282 0 obj << /D [3149 0 R /XYZ 148.258 332.762 null] >> endobj 3161 0 obj << /D [3149 0 R /XYZ 71.731 312.658 null] >> endobj 3162 0 obj << /D [3149 0 R /XYZ 181.818 286.934 null] >> endobj 3163 0 obj << /D [3149 0 R /XYZ 243.775 286.934 null] >> endobj 3164 0 obj << /D [3149 0 R /XYZ 119.552 273.983 null] >> endobj 3165 0 obj << /D [3149 0 R /XYZ 186.49 273.983 null] >> endobj 3166 0 obj << /D [3149 0 R /XYZ 119.552 235.128 null] >> endobj 3167 0 obj << /D [3149 0 R /XYZ 191.471 235.128 null] >> endobj 3168 0 obj << /D [3149 0 R /XYZ 71.731 233.106 null] >> endobj 3169 0 obj << /D [3149 0 R /XYZ 71.731 218.162 null] >> endobj 3170 0 obj << /D [3149 0 R /XYZ 233.156 208.528 null] >> endobj 3171 0 obj << /D [3149 0 R /XYZ 293.347 208.528 null] >> endobj 3172 0 obj << /D [3149 0 R /XYZ 376.563 208.528 null] >> endobj 3173 0 obj << /D [3149 0 R /XYZ 290.217 196.872 null] >> endobj 3174 0 obj << /D [3149 0 R /XYZ 71.731 173.258 null] >> endobj 3175 0 obj << /D [3149 0 R /XYZ 71.731 131.801 null] >> endobj 3148 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3180 0 obj << /Length 1694 /Filter /FlateDecode >> stream xXIoFWP `QܗiMznvcrDNMrXЪYEtt!9{2vW]zڽ UdFN%$4Wbu~[~#w9COR 1TWXTqFZ7.{Oj-|zjXwJ7i녑:*Lʖ(pƮ~'jZ{ڞ٩a f Kvf8z|f5Cl{AܹP~?~'0ޅ)@8P]9)003IלtBzVu=xH[o]Q/'.ͮ&y]evʁ- оtZ? S7hojpr8y/yNŰHhQ9k%*a 0&ցcQfjzl@.zk2mX6zpNP=VXjöx.JymTH-I7[ܳ DkGMdxr$^Yr7JrQg9Xb6*W+{F]g(=^A5t8G4[El]k@KC%Ÿ8K064*OG >(lR,V?HBL ZU`4v@g. y5AI`, M,'R0S"8z`1tK=W!OFevc?8MI^a+DP`h'k*&?O5$"01-"ը"u7 "dp #]+}H [j#)bYN142+9*I|`[昙QSI d^WќvBM i'Nf|'ASnw2.$"7]V>-Jϣ`0<-8t)rߎKVDњ=Ha (߅N4&#jD4D߷R>zgDC[ڗRRcu/X~Mzh #7Lf\l9zˆ^e3ƶev&!t yewx ?ע'l.:= ɚW endstream endobj 3179 0 obj << /Type /Page /Contents 3180 0 R /Resources 3178 0 R /MediaBox [0 0 593.051 789.041] /Parent 3082 0 R /Annots [ 3176 0 R 3177 0 R ] >> endobj 3176 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [218.479 259.024 272.775 269.928] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 3177 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [358.234 200.244 412.53 211.148] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 3181 0 obj << /D [3179 0 R /XYZ -1.269 814.22 null] >> endobj 3182 0 obj << /D [3179 0 R /XYZ 71.731 718.306 null] >> endobj 3183 0 obj << /D [3179 0 R /XYZ 76.712 670.087 null] >> endobj 3184 0 obj << /D [3179 0 R /XYZ 71.731 650.162 null] >> endobj 3185 0 obj << /D [3179 0 R /XYZ 71.731 596.56 null] >> endobj 3186 0 obj << /D [3179 0 R /XYZ 256.451 586.899 null] >> endobj 3187 0 obj << /D [3179 0 R /XYZ 302.52 586.899 null] >> endobj 3188 0 obj << /D [3179 0 R /XYZ 372.798 586.899 null] >> endobj 3189 0 obj << /D [3179 0 R /XYZ 414.025 586.899 null] >> endobj 3190 0 obj << /D [3179 0 R /XYZ 71.731 580.675 null] >> endobj 2023 0 obj << /D [3179 0 R /XYZ 71.731 542.366 null] >> endobj 286 0 obj << /D [3179 0 R /XYZ 341.758 484.344 null] >> endobj 3191 0 obj << /D [3179 0 R /XYZ 71.731 461.449 null] >> endobj 3192 0 obj << /D [3179 0 R /XYZ 71.731 461.449 null] >> endobj 3193 0 obj << /D [3179 0 R /XYZ 71.731 416.433 null] >> endobj 3194 0 obj << /D [3179 0 R /XYZ 71.731 357.654 null] >> endobj 3195 0 obj << /D [3179 0 R /XYZ 306.05 346.859 null] >> endobj 3196 0 obj << /D [3179 0 R /XYZ 71.731 298.874 null] >> endobj 3197 0 obj << /D [3179 0 R /XYZ 176.527 275.128 null] >> endobj 3198 0 obj << /D [3179 0 R /XYZ 320.376 275.128 null] >> endobj 3199 0 obj << /D [3179 0 R /XYZ 119.552 262.177 null] >> endobj 3200 0 obj << /D [3179 0 R /XYZ 71.731 240.095 null] >> endobj 3201 0 obj << /D [3179 0 R /XYZ 328.187 216.349 null] >> endobj 3202 0 obj << /D [3179 0 R /XYZ 472.036 216.349 null] >> endobj 3203 0 obj << /D [3179 0 R /XYZ 259.306 203.397 null] >> endobj 3204 0 obj << /D [3179 0 R /XYZ 71.731 181.315 null] >> endobj 3205 0 obj << /D [3179 0 R /XYZ 277.537 170.521 null] >> endobj 3101 0 obj << /D [3179 0 R /XYZ 71.731 154.167 null] >> endobj 3178 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F48 1347 0 R /F25 932 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3209 0 obj << /Length 1956 /Filter /FlateDecode >> stream xڵX[o6~ϯ0R-e؀K[ 40 -6IDMwx(N7`/E\>[/np, n1b(}xX=#j2Fz^[ZzD90ީ*vjb5X|˅պ 0JOb&V V(l'ʏZ zTdX #7%'ڒ4P2BR/D hUIF wL=JB/|:/lL M)"HQYU/HݕHX(lEj8z\KTL(vceɄ_m0"ugR&0vp^lPY#Δ>rg<`oHNFk؆_A?i6kڅ;`~AΊ7mx*ǜxht1+8_:a%EP<%(3N{ap$or& J̞X_j_olN!'fRgʛQ&BYOt:Y,E+.[k{#uNLJ:@T9bVC%Qz y>`i=WRdK(z֬.gEW2h4;k$K&!H)-8mmT/G)} YP9z09Vcq'& TKM_]# NIRwt0T;}2~UeR~&W$YYՖL["t0@`Q@ ߤeH>ȐqDswX~T#P@r1x$J香vYL8p+mhgؐ!#vZK,I /ѥ֠.$"fB&mSZmp*Lx֤J}XH k@  XZ\t9my"g`-gY%mֹ,bV5LVLB qR)i," iz0Myg5zqoHK+`͎own?8iZ-IM6 l63q[Pab1bo3PZf,< P;'Bz-x>l!r<DK춱#^ncQdқe-?m6p7jmùh8Kb>Q8 ןh@u7jb38)9Y8Ta;77ʸYEs@o ?ށ$]qDhI!N#[`L5`>rx4V㯄 Ƥo*U[ky Q6'}XݙV vѥT_>u~hXc<:-陸ѱZnπ'XЩg 1@.XU8A3DC`->U/5 `hCJYy˝;-YUȐjUp3鎾c{yCRO6̧wdo8,e: ʇw5;|iyےpBjL #5E C驡B9iw\BTt_&S;=S3XFV|QU}E!rsXh*U+Uڪn$m+6֜xj@Lqэu̖3"n]ψQ8<=ge(ʗw-?Lis(l GOjgY.m+13^}uu16/.Ap3ۚCcuZ2PIvpY RWkep"e$︤ʙ1)掕 #na>;#$5ɬy֤jK=%S"dAJ!#8v_j endstream endobj 3208 0 obj << /Type /Page /Contents 3209 0 R /Resources 3207 0 R /MediaBox [0 0 593.051 789.041] /Parent 3082 0 R /Annots [ 3206 0 R ] >> endobj 3206 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [372.531 618.511 419.355 629.415] /A << /S /GoTo /D (0:FILEDEF) >> >> endobj 3210 0 obj << /D [3208 0 R /XYZ -1.269 814.22 null] >> endobj 290 0 obj << /D [3208 0 R /XYZ 289.939 707.841 null] >> endobj 3211 0 obj << /D [3208 0 R /XYZ 71.731 684.946 null] >> endobj 3212 0 obj << /D [3208 0 R /XYZ 71.731 639.931 null] >> endobj 3213 0 obj << /D [3208 0 R /XYZ 71.731 639.931 null] >> endobj 3214 0 obj << /D [3208 0 R /XYZ 71.731 638.685 null] >> endobj 3215 0 obj << /D [3208 0 R /XYZ 137.484 621.664 null] >> endobj 3216 0 obj << /D [3208 0 R /XYZ 244.143 608.713 null] >> endobj 3217 0 obj << /D [3208 0 R /XYZ 430.562 608.713 null] >> endobj 3218 0 obj << /D [3208 0 R /XYZ 387.743 595.761 null] >> endobj 3219 0 obj << /D [3208 0 R /XYZ 476.47 595.761 null] >> endobj 3220 0 obj << /D [3208 0 R /XYZ 71.731 580.653 null] >> endobj 3221 0 obj << /D [3208 0 R /XYZ 137.484 564.877 null] >> endobj 3222 0 obj << /D [3208 0 R /XYZ 239.042 551.926 null] >> endobj 3223 0 obj << /D [3208 0 R /XYZ 318.733 551.926 null] >> endobj 3224 0 obj << /D [3208 0 R /XYZ 403.853 551.926 null] >> endobj 3225 0 obj << /D [3208 0 R /XYZ 71.731 549.769 null] >> endobj 3226 0 obj << /D [3208 0 R /XYZ 137.484 533.993 null] >> endobj 3227 0 obj << /D [3208 0 R /XYZ 71.731 514.815 null] >> endobj 294 0 obj << /D [3208 0 R /XYZ 260.774 475.442 null] >> endobj 3228 0 obj << /D [3208 0 R /XYZ 71.731 455.338 null] >> endobj 3229 0 obj << /D [3208 0 R /XYZ 162.171 377.808 null] >> endobj 3230 0 obj << /D [3208 0 R /XYZ 249.772 377.808 null] >> endobj 3231 0 obj << /D [3208 0 R /XYZ 71.731 355.726 null] >> endobj 3232 0 obj << /D [3208 0 R /XYZ 119.552 331.98 null] >> endobj 3233 0 obj << /D [3208 0 R /XYZ 178.101 331.98 null] >> endobj 3234 0 obj << /D [3208 0 R /XYZ 71.731 329.823 null] >> endobj 3235 0 obj << /D [3208 0 R /XYZ 71.731 314.88 null] >> endobj 3236 0 obj << /D [3208 0 R /XYZ 76.712 275.791 null] >> endobj 298 0 obj << /D [3208 0 R /XYZ 397.601 240.324 null] >> endobj 3237 0 obj << /D [3208 0 R /XYZ 71.731 217.924 null] >> endobj 3238 0 obj << /D [3208 0 R /XYZ 119.552 168.593 null] >> endobj 3239 0 obj << /D [3208 0 R /XYZ 190.544 168.593 null] >> endobj 3240 0 obj << /D [3208 0 R /XYZ 200.398 168.593 null] >> endobj 3241 0 obj << /D [3208 0 R /XYZ 274.628 155.642 null] >> endobj 3242 0 obj << /D [3208 0 R /XYZ 71.731 127.582 null] >> endobj 3207 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3245 0 obj << /Length 1912 /Filter /FlateDecode >> stream xڍXKs6WiBLnS89@$$! ( `>L'= }~ V?amuq م*#'j_ϴUl$X'͇ N}Ǜݒ>S\'ufvqRobjp%ϯ4mr)i.!׻6ڑ$ȭMBԛ]>z9Ęڌ,_7p®ԙ*B*]gVl`>7q}x/kŏNj6%JdW (QC'6 IdEؒ+te^ b6 g.+Y4K Sh8vEجDwid1m(` }?Od4DN?.ATLZMq8*`եa<-]֋^X2n$A!|NToѴPZ*ӎP+aHS')SGL#rd@"ZH6xD|ָ;+hFNrWg l>٠^Cs3}ǁ|ʮ,E&Wt֛4\RD$O8W Էxy򙓒A 5:($&56Z1kAx MVpM+t\Lc b $ 1]A,8 ִN5{9 (o(uqZZQb,DVL +.J6ֳIsGEQ.Q0xBeE.40H sھmM[-¶c>}'D)&*Ϋa.] HM Q^b)?tO:e_TS}; ߯a<89̛=bTUP/D酿 4/Y 86FތMC 99A.%K}?tpmAn똢0-O}QZ ŊWഐn^ŠѩH3g%*z>}[Ra;Wš˘aoM=^8@=;Vsl|M1OgM9D)zbӂ 4uQaheWWw iY{+\Q e0xR9kWNݸ;Nu2_I+@iN$v!& C/ň>$zzbMv[ؼWeyۊ&ڀv\ kSpo?Ϣ*ZYwb($#燏t8[?.LDN2BcGǗ]7 KuFgq@f9 3O= MuY23 H/i.F٭pU60K/^F u+G3ivj.# 8R?_: endstream endobj 3244 0 obj << /Type /Page /Contents 3245 0 R /Resources 3243 0 R /MediaBox [0 0 593.051 789.041] /Parent 3273 0 R >> endobj 3246 0 obj << /D [3244 0 R /XYZ -1.269 814.22 null] >> endobj 3247 0 obj << /D [3244 0 R /XYZ 71.731 718.306 null] >> endobj 3248 0 obj << /D [3244 0 R /XYZ 232.17 708.344 null] >> endobj 3249 0 obj << /D [3244 0 R /XYZ 71.731 658.829 null] >> endobj 302 0 obj << /D [3244 0 R /XYZ 336.363 619.457 null] >> endobj 3250 0 obj << /D [3244 0 R /XYZ 71.731 599.353 null] >> endobj 3251 0 obj << /D [3244 0 R /XYZ 71.731 599.353 null] >> endobj 3252 0 obj << /D [3244 0 R /XYZ 341.676 573.629 null] >> endobj 3253 0 obj << /D [3244 0 R /XYZ 410.737 573.629 null] >> endobj 3254 0 obj << /D [3244 0 R /XYZ 71.731 525.644 null] >> endobj 3255 0 obj << /D [3244 0 R /XYZ 119.552 501.898 null] >> endobj 3256 0 obj << /D [3244 0 R /XYZ 185.015 501.898 null] >> endobj 3257 0 obj << /D [3244 0 R /XYZ 71.731 475.895 null] >> endobj 3258 0 obj << /D [3244 0 R /XYZ 71.731 460.952 null] >> endobj 3259 0 obj << /D [3244 0 R /XYZ 139.477 437.738 null] >> endobj 3260 0 obj << /D [3244 0 R /XYZ 76.712 409.445 null] >> endobj 3261 0 obj << /D [3244 0 R /XYZ 71.731 389.519 null] >> endobj 3262 0 obj << /D [3244 0 R /XYZ 201.093 366.207 null] >> endobj 3083 0 obj << /D [3244 0 R /XYZ 71.731 338.311 null] >> endobj 306 0 obj << /D [3244 0 R /XYZ 288.562 298.939 null] >> endobj 3263 0 obj << /D [3244 0 R /XYZ 71.731 276.044 null] >> endobj 3264 0 obj << /D [3244 0 R /XYZ 71.731 276.044 null] >> endobj 3265 0 obj << /D [3244 0 R /XYZ 466.108 240.159 null] >> endobj 3266 0 obj << /D [3244 0 R /XYZ 71.731 192.174 null] >> endobj 3267 0 obj << /D [3244 0 R /XYZ 71.731 133.395 null] >> endobj 3268 0 obj << /D [3244 0 R /XYZ 178.211 122.6 null] >> endobj 3269 0 obj << /D [3244 0 R /XYZ 283.356 122.6 null] >> endobj 3270 0 obj << /D [3244 0 R /XYZ 377.392 109.649 null] >> endobj 3271 0 obj << /D [3244 0 R /XYZ 157.728 96.697 null] >> endobj 3272 0 obj << /D [3244 0 R /XYZ 324.471 96.697 null] >> endobj 3243 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3277 0 obj << /Length 1884 /Filter /FlateDecode >> stream xڕXY6~ϯ \Q)n7im$EH_!9Uɓ.|3Q_{u.)I#?Z ? ɖƋ8I]~y!,D64 I%P{\ey^ӲWwU'&Q4CeYsk XW͞WY*][w(+č(X~iWAԸ>AJ|Ϸ O(\q|2Hz0#$aD{!EӮhb3(7ǧE/ 4 aYW$.f;ѕ'Lx`G!&c"5jfIG bU _mtkX=`b=kONז bꇋm[þmD"a,mnPH q}=;Qu9dc84Dl=:Lu{w )Kshœtj Ppn1iܖ/_*>anC֩R %x#Ń H %HrM Lb҇nYǾU⛔oIG-4P􀡭k?gLԢ2#4vrks+fĖ5njm(j%WwKmnmV.I]X D_̂CEoŜUbޞ6gܻmaóXs&W4xQߊA T R[Tplw>j”f [o4giĎY$$+ , KVNuA nm[n0֥xmkSq%P]|iE+[oOLM@_{CSd(dVݱJxۺ_ | uF2s? &ȉ7U:kwT"XCY> )wZgmㅘyǑaԝP&Bo˜\۶T=9ȀD:fê>ڵg"e欒L( [P!?Le Z&sy³ꤺ[%ǯNT9 >GSvR endstream endobj 3276 0 obj << /Type /Page /Contents 3277 0 R /Resources 3275 0 R /MediaBox [0 0 593.051 789.041] /Parent 3273 0 R /Annots [ 3274 0 R ] >> endobj 3274 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [420.935 322.418 480.249 333.001] /A << /S /GoTo /D (0:DB-UPGRADE) >> >> endobj 3278 0 obj << /D [3276 0 R /XYZ -1.269 814.22 null] >> endobj 3279 0 obj << /D [3276 0 R /XYZ 430.553 708.344 null] >> endobj 3280 0 obj << /D [3276 0 R /XYZ 119.552 695.392 null] >> endobj 3281 0 obj << /D [3276 0 R /XYZ 71.731 680.284 null] >> endobj 3282 0 obj << /D [3276 0 R /XYZ 71.731 665.34 null] >> endobj 3283 0 obj << /D [3276 0 R /XYZ 250.112 655.841 null] >> endobj 3284 0 obj << /D [3276 0 R /XYZ 76.712 627.547 null] >> endobj 3285 0 obj << /D [3276 0 R /XYZ 71.731 607.621 null] >> endobj 3286 0 obj << /D [3276 0 R /XYZ 354.434 595.965 null] >> endobj 3287 0 obj << /D [3276 0 R /XYZ 71.731 534.795 null] >> endobj 3288 0 obj << /D [3276 0 R /XYZ 289.622 521.843 null] >> endobj 3289 0 obj << /D [3276 0 R /XYZ 446.542 521.843 null] >> endobj 3290 0 obj << /D [3276 0 R /XYZ 71.731 499.761 null] >> endobj 3291 0 obj << /D [3276 0 R /XYZ 71.731 499.761 null] >> endobj 3292 0 obj << /D [3276 0 R /XYZ 189.708 488.966 null] >> endobj 3293 0 obj << /D [3276 0 R /XYZ 312.014 488.966 null] >> endobj 3294 0 obj << /D [3276 0 R /XYZ 119.552 476.015 null] >> endobj 3295 0 obj << /D [3276 0 R /XYZ 71.731 454.709 null] >> endobj 3296 0 obj << /D [3276 0 R /XYZ 71.731 454.709 null] >> endobj 3297 0 obj << /D [3276 0 R /XYZ 214.714 443.138 null] >> endobj 3298 0 obj << /D [3276 0 R /XYZ 410.64 443.138 null] >> endobj 3299 0 obj << /D [3276 0 R /XYZ 193.444 430.187 null] >> endobj 3300 0 obj << /D [3276 0 R /XYZ 258.997 417.235 null] >> endobj 3301 0 obj << /D [3276 0 R /XYZ 353.482 417.235 null] >> endobj 3302 0 obj << /D [3276 0 R /XYZ 195.376 404.284 null] >> endobj 3303 0 obj << /D [3276 0 R /XYZ 71.731 400.882 null] >> endobj 310 0 obj << /D [3276 0 R /XYZ 397.807 363.666 null] >> endobj 3304 0 obj << /D [3276 0 R /XYZ 71.731 363.487 null] >> endobj 3305 0 obj << /D [3276 0 R /XYZ 71.731 348.543 null] >> endobj 3306 0 obj << /D [3276 0 R /XYZ 71.731 275.895 null] >> endobj 3307 0 obj << /D [3276 0 R /XYZ 193.006 262.944 null] >> endobj 3308 0 obj << /D [3276 0 R /XYZ 71.731 214.959 null] >> endobj 3309 0 obj << /D [3276 0 R /XYZ 165.479 191.213 null] >> endobj 3310 0 obj << /D [3276 0 R /XYZ 71.731 169.131 null] >> endobj 3311 0 obj << /D [3276 0 R /XYZ 71.731 133.265 null] >> endobj 3275 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3315 0 obj << /Length 1854 /Filter /FlateDecode >> stream xڍXM6WfX+,m6I d@KED"ڤ{X2?f߼?;ٛ^|^϶6 0 ؋l4g|yqWr"_|?<65GH ߘofP̈qE8L]̣JpDoz:gA䭣$F$$ cf59fȸdiǟ^4 kz+v` g+fcN%`>-xAk7/B E{+Ѐ;n&pa&7Gi'-JO+ٞj?gAmc`YajqbhRA!j)c_,AvhNfFQ[3 ,YA'Tsr.Ӿ/Ag`K.r {Z>ϗ-0^|c7՞n+?o2{ 1zεҭύK,/gNk}&jc-Ӽwrj2HUpMKo=sR6BC"XbQ}wRJ&ޭV+gM YFŸ jE&̐rd֒d{vř)9;h\M] 2͂+Fu<i`쳽6 :^*[bvDG,MAMI-T۫;^o:3*`'PaA{Is`ajiע|12}}IaB1A] ϩS< &Ќ2*fgjQ (V^I0Vmd˅vE+~R_!D* SCv/jvdf7ԋ -~- Ôc-8)'k;&ߒݦh.qÝ#6qj"jhjM焫љ lNڅ"܅>l!qR3ikۄo\g_ğ0=M|#Ϗt?g2jD\فHwcN#,s.Q39&NF ߴ( !K|Cr#5&s G|ZJ:ZGTrb*bf;F2[;3 m. Jcc/GooO2i_ JLxϥ5GrBu0n>>?C`]XzbBP'2= 4\{=BHʑia%O2i &?ִ" R<鲔HP\++1UkF6A9\SF+9R C}X5 mtQLT-/j "7*'c?;b(y䣩=88R^/hݔ+rjamU1Ҷ3}Vɾ[4g)T#\=z,}\W]iB,n~0z"7^-נ&*tك1ԾNo(1M#~6xeEg6˹uX9ux J927`c!pUo)N#1ۅ&۵o;I엀 ?ǭ:r]%cy"|[nG<A^VIƒ?v/ endstream endobj 3314 0 obj << /Type /Page /Contents 3315 0 R /Resources 3313 0 R /MediaBox [0 0 593.051 789.041] /Parent 3273 0 R /Annots [ 3312 0 R ] >> endobj 3312 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [198.813 377.44 250.619 386.287] /A << /S /GoTo /D (0:FILE-CONTENT-STORE) >> >> endobj 3316 0 obj << /D [3314 0 R /XYZ -1.269 814.22 null] >> endobj 3317 0 obj << /D [3314 0 R /XYZ 71.731 741.22 null] >> endobj 3318 0 obj << /D [3314 0 R /XYZ 71.731 718.306 null] >> endobj 314 0 obj << /D [3314 0 R /XYZ 439.554 707.841 null] >> endobj 3319 0 obj << /D [3314 0 R /XYZ 71.731 684.724 null] >> endobj 3320 0 obj << /D [3314 0 R /XYZ 71.731 614.028 null] >> endobj 3321 0 obj << /D [3314 0 R /XYZ 71.731 573.928 null] >> endobj 318 0 obj << /D [3314 0 R /XYZ 340.925 536.713 null] >> endobj 3322 0 obj << /D [3314 0 R /XYZ 71.731 513.595 null] >> endobj 3323 0 obj << /D [3314 0 R /XYZ 228.582 490.884 null] >> endobj 3324 0 obj << /D [3314 0 R /XYZ 150.276 464.982 null] >> endobj 3325 0 obj << /D [3314 0 R /XYZ 222.365 464.982 null] >> endobj 3326 0 obj << /D [3314 0 R /XYZ 119.552 452.03 null] >> endobj 3327 0 obj << /D [3314 0 R /XYZ 71.731 448.628 null] >> endobj 322 0 obj << /D [3314 0 R /XYZ 378.64 411.412 null] >> endobj 3328 0 obj << /D [3314 0 R /XYZ 71.731 388.295 null] >> endobj 3329 0 obj << /D [3314 0 R /XYZ 71.731 377.191 null] >> endobj 326 0 obj << /D [3314 0 R /XYZ 365.112 337.918 null] >> endobj 3330 0 obj << /D [3314 0 R /XYZ 71.731 314.801 null] >> endobj 3331 0 obj << /D [3314 0 R /XYZ 145.275 292.09 null] >> endobj 3332 0 obj << /D [3314 0 R /XYZ 71.731 257.056 null] >> endobj 3333 0 obj << /D [3314 0 R /XYZ 71.731 198.277 null] >> endobj 3334 0 obj << /D [3314 0 R /XYZ 251.964 174.531 null] >> endobj 3335 0 obj << /D [3314 0 R /XYZ 377.163 174.531 null] >> endobj 3336 0 obj << /D [3314 0 R /XYZ 415.22 161.579 null] >> endobj 3337 0 obj << /D [3314 0 R /XYZ 71.731 146.471 null] >> endobj 3338 0 obj << /D [3314 0 R /XYZ 71.731 131.527 null] >> endobj 3339 0 obj << /D [3314 0 R /XYZ 402.951 122.028 null] >> endobj 3313 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3343 0 obj << /Length 2309 /Filter /FlateDecode >> stream xڝY[۸~ϯ0Ї蘣%@ bwl"(8m#^j:{(^DѴ% y3갊VݫiQ]$j_%U\i 2lIs~߳(J@iđ#B=^M/ӉTa" CV*Td6rTgm<&M@*Zk&?xj] +H"*R IHMK6z"Ng^Իt@0椎s.mg[⑶%,SD6qFAM_L 8ZkвɄѧv`T9(Ueek\#哙i 6(* rƐ@a W/R nj\ek3>[ե61xqh;vAyq94x=Ҷ{ NN;k|6q{}ПRniӀcFB()^2p95ŤM,F.hy0duΨK3KQZؘ'#Q{hOU>H@ " O)q),QVߓ$b^CX?&-(e.rΑd([dݟ>=MBLQ9I | )Clȋ#pdزH߮J [+I|u^mޑ Q%0w\@*65Zǽ^QB#QYXTM1uq YSv5E##ngqwjnBw4G~P2 NԆ}hBž/~tU`\x0TQKI-T*NIF(y.ZLNON(>T4h"tt2Mޜ@@\`C.S,0%ux"t{dU6L䬓YRguQ&u>3ӱ oCw_ Ϩ[6?)q*"roPqj=`L~͉YNUU,K:M0'}&O}F!4GA,B^1܋zaHjۖ,%(J(2)m _,Ci- C]~&'ÂDz<~Y jKϲ ˞9]] @.LjHӘFD(؜ˋ7Ow\m 9>FFw{oԚeÑʷ@D >U05dر-5c qadӘh?W=䑋M4ؔ,xz䃵 XI`',hsez虞z+0OND /ʃTLFȺG`x9#2NyrWm3+)L\l.7a Vd\s _'*f*W]+ӱ:OzF.Xsgi~*oUa툻}l)ή@<,[vXzh^C熆j)o~ ]t&8g(ZU?~7C j=9i ,<C-;ѳ_GfK -f^T\ԨM_)/M~._IlctrQ@Y#}֜9QZĻ> endobj 3340 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [361.333 329.998 415.629 340.902] /A << /S /GoTo /D (0:POLICY) >> >> endobj 3344 0 obj << /D [3342 0 R /XYZ -1.269 814.22 null] >> endobj 3345 0 obj << /D [3342 0 R /XYZ 303.944 708.344 null] >> endobj 3346 0 obj << /D [3342 0 R /XYZ 436.51 708.344 null] >> endobj 3347 0 obj << /D [3342 0 R /XYZ 454.447 680.05 null] >> endobj 3348 0 obj << /D [3342 0 R /XYZ 314.202 668.394 null] >> endobj 3349 0 obj << /D [3342 0 R /XYZ 283.753 656.737 null] >> endobj 3350 0 obj << /D [3342 0 R /XYZ 71.731 649.761 null] >> endobj 3351 0 obj << /D [3342 0 R /XYZ 71.731 649.761 null] >> endobj 3352 0 obj << /D [3342 0 R /XYZ 71.731 633.123 null] >> endobj 3353 0 obj << /D [3342 0 R /XYZ 182.838 623.462 null] >> endobj 3354 0 obj << /D [3342 0 R /XYZ 255.609 623.462 null] >> endobj 3355 0 obj << /D [3342 0 R /XYZ 338.063 623.462 null] >> endobj 3356 0 obj << /D [3342 0 R /XYZ 410.834 623.462 null] >> endobj 3357 0 obj << /D [3342 0 R /XYZ 139.477 611.806 null] >> endobj 3358 0 obj << /D [3342 0 R /XYZ 71.731 605.582 null] >> endobj 3359 0 obj << /D [3342 0 R /XYZ 71.731 605.582 null] >> endobj 3360 0 obj << /D [3342 0 R /XYZ 234.797 595.168 null] >> endobj 3361 0 obj << /D [3342 0 R /XYZ 310.697 595.168 null] >> endobj 3362 0 obj << /D [3342 0 R /XYZ 351.789 583.512 null] >> endobj 3363 0 obj << /D [3342 0 R /XYZ 296.789 571.856 null] >> endobj 3364 0 obj << /D [3342 0 R /XYZ 372.689 571.856 null] >> endobj 3365 0 obj << /D [3342 0 R /XYZ 71.731 564.987 null] >> endobj 3366 0 obj << /D [3342 0 R /XYZ 194.117 531.905 null] >> endobj 3367 0 obj << /D [3342 0 R /XYZ 71.731 525.037 null] >> endobj 3368 0 obj << /D [3342 0 R /XYZ 449.566 515.268 null] >> endobj 3369 0 obj << /D [3342 0 R /XYZ 477.54 491.955 null] >> endobj 3370 0 obj << /D [3342 0 R /XYZ 276.338 480.299 null] >> endobj 3371 0 obj << /D [3342 0 R /XYZ 139.477 468.643 null] >> endobj 3372 0 obj << /D [3342 0 R /XYZ 71.731 430.785 null] >> endobj 3373 0 obj << /D [3342 0 R /XYZ 71.731 430.785 null] >> endobj 3374 0 obj << /D [3342 0 R /XYZ 444.958 391.93 null] >> endobj 3375 0 obj << /D [3342 0 R /XYZ 71.731 357.27 null] >> endobj 3376 0 obj << /D [3342 0 R /XYZ 223.052 294.296 null] >> endobj 3377 0 obj << /D [3342 0 R /XYZ 71.731 269.226 null] >> endobj 3378 0 obj << /D [3342 0 R /XYZ 71.731 146.264 null] >> endobj 3379 0 obj << /D [3342 0 R /XYZ 185.404 133.599 null] >> endobj 3380 0 obj << /D [3342 0 R /XYZ 289.443 133.599 null] >> endobj 3381 0 obj << /D [3342 0 R /XYZ 444.949 133.599 null] >> endobj 3382 0 obj << /D [3342 0 R /XYZ 285.866 120.648 null] >> endobj 3383 0 obj << /D [3342 0 R /XYZ 484.27 120.648 null] >> endobj 3341 0 obj << /Font << /F33 939 0 R /F48 1347 0 R /F55 1479 0 R /F25 932 0 R /F50 1352 0 R /F68 1764 0 R /F31 938 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3386 0 obj << /Length 1608 /Filter /FlateDecode >> stream xXKo6W@EPo9@(vP`w`dbH;%9 bQyQ;xǫ_ےm$ D~a@8w՛MULMS48R3XU0QߘfP43#Qw|Ad]#;:m$&Y{ "1͌R{xTט_k?^q)'~'pNT+gF>+ʦ!b/JE_j}‰]qy' 22>h@k0:m&S ձ:٪ٛwf(s#wKQ\}̫6VC6}AI<(aT78%bA#3hIb2mP'Uy1Js-X^3JGoy=YYՍ  eRBtu,x}OEFѨtf4uyQ3%HaR2[UZ9ȐZ_~ࣷQ!HL M0:O?XM>J@ï` ga37gO w0"U{ @+7GswjBMM(5uP7.jۼ0(*u_A;}% Эcmq:~ꦹ.[/ JBa )\=}ː5C#l6;V9^2S'ƦʔX44Sljxn;cQ aܽoFբjǘn/|͹% %|h(cM{U671۷igW ~{n-F<ΝlZi`B 46lm:`4s\[7F.Ty7fJ_X#Zm;:<Mu(03I7G3`B`Vu2Ind-l mr\r|7C+{.|_X|Rs P]bchBgK~~@ endstream endobj 3385 0 obj << /Type /Page /Contents 3386 0 R /Resources 3384 0 R /MediaBox [0 0 593.051 789.041] /Parent 3273 0 R >> endobj 3387 0 obj << /D [3385 0 R /XYZ -1.269 814.22 null] >> endobj 3388 0 obj << /D [3385 0 R /XYZ 71.731 718.306 null] >> endobj 3389 0 obj << /D [3385 0 R /XYZ 420.152 708.344 null] >> endobj 3390 0 obj << /D [3385 0 R /XYZ 446.881 695.392 null] >> endobj 3391 0 obj << /D [3385 0 R /XYZ 71.731 693.235 null] >> endobj 3392 0 obj << /D [3385 0 R /XYZ 71.731 678.291 null] >> endobj 3393 0 obj << /D [3385 0 R /XYZ 261.158 668.792 null] >> endobj 3394 0 obj << /D [3385 0 R /XYZ 469.255 657.136 null] >> endobj 3395 0 obj << /D [3385 0 R /XYZ 196.287 633.823 null] >> endobj 3396 0 obj << /D [3385 0 R /XYZ 71.731 605.928 null] >> endobj 330 0 obj << /D [3385 0 R /XYZ 430.874 566.555 null] >> endobj 3397 0 obj << /D [3385 0 R /XYZ 71.731 543.438 null] >> endobj 3398 0 obj << /D [3385 0 R /XYZ 276.84 520.727 null] >> endobj 3399 0 obj << /D [3385 0 R /XYZ 338.419 507.776 null] >> endobj 3400 0 obj << /D [3385 0 R /XYZ 71.731 490.675 null] >> endobj 3401 0 obj << /D [3385 0 R /XYZ 71.731 477.724 null] >> endobj 3402 0 obj << /D [3385 0 R /XYZ 139.477 461.948 null] >> endobj 3403 0 obj << /D [3385 0 R /XYZ 71.731 437.25 null] >> endobj 3404 0 obj << /D [3385 0 R /XYZ 71.731 423.925 null] >> endobj 3405 0 obj << /D [3385 0 R /XYZ 139.477 408.149 null] >> endobj 3406 0 obj << /D [3385 0 R /XYZ 71.731 383.079 null] >> endobj 3407 0 obj << /D [3385 0 R /XYZ 71.731 370.127 null] >> endobj 3408 0 obj << /D [3385 0 R /XYZ 139.477 354.351 null] >> endobj 3409 0 obj << /D [3385 0 R /XYZ 71.731 342.232 null] >> endobj 3410 0 obj << /D [3385 0 R /XYZ 71.731 329.28 null] >> endobj 3411 0 obj << /D [3385 0 R /XYZ 139.477 313.504 null] >> endobj 3412 0 obj << /D [3385 0 R /XYZ 311.609 313.504 null] >> endobj 3413 0 obj << /D [3385 0 R /XYZ 71.731 288.807 null] >> endobj 3414 0 obj << /D [3385 0 R /XYZ 71.731 275.482 null] >> endobj 3415 0 obj << /D [3385 0 R /XYZ 139.477 259.706 null] >> endobj 3416 0 obj << /D [3385 0 R /XYZ 311.609 259.706 null] >> endobj 3417 0 obj << /D [3385 0 R /XYZ 71.731 234.635 null] >> endobj 3418 0 obj << /D [3385 0 R /XYZ 71.731 221.684 null] >> endobj 3419 0 obj << /D [3385 0 R /XYZ 139.477 205.908 null] >> endobj 3420 0 obj << /D [3385 0 R /XYZ 71.731 155.098 null] >> endobj 3421 0 obj << /D [3385 0 R /XYZ 187.914 142.147 null] >> endobj 3422 0 obj << /D [3385 0 R /XYZ 347.464 142.147 null] >> endobj 3423 0 obj << /D [3385 0 R /XYZ 417.361 142.147 null] >> endobj 3424 0 obj << /D [3385 0 R /XYZ 413.725 129.196 null] >> endobj 3425 0 obj << /D [3385 0 R /XYZ 71.731 125.793 null] >> endobj 3426 0 obj << /D [3385 0 R /XYZ 137.484 108.772 null] >> endobj 3427 0 obj << /D [3385 0 R /XYZ 150.247 108.772 null] >> endobj 3428 0 obj << /D [3385 0 R /XYZ 71.731 106.615 null] >> endobj 3384 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3431 0 obj << /Length 1794 /Filter /FlateDecode >> stream xڝXnF}W}"Wvb " 5P$K;˽\vRؐxݝ9š0ó?wo <˛3+pc3߶PZ]CcJ0JhnG߾̈́%Igt?ej\S iخPM d_Em Wҵ :D<&Je]\7TpdjA55uC*q?&gFXE*`A}EGCejG-j-WIfb(Ӎ.ਏVQ{22T"=t=GM_^ qZѨdVeu` hw^LBEڑKf d1\r29UDC,>svDk˝&Xϒe!d<_Dp2;?r;52 +_5c\ʢJ8PXQ MY%uT@f 8iFc#.31\w6kH-[2\E,sg<9qBnwr"*K ] Vu$#Ij"v~n;- ,x^v|s$#0NzmI kڄaFC[3Zߑ# qFcFɐM4)(-hcL2)v$-SNQ3fJf}͛%c޶ܛ & ßZ ّe<<5Bݚ_~Mwse*%t״"k*]斦98) nzX |MǛ{z,^*7]Ntao LוԺd͊\[f[h ig)|ZcdWo vn76w%m`3Ⱥ] e Ny&\߼ /ْUvhdch͡Gq—G"HrcZ 1Qex?1Ɋ#9 [2y4{h$0~fTNeySE&Ds -%8qa{GE``w%Ɔǚ(RHlb!CTL8kp4:Q> endobj 3432 0 obj << /D [3430 0 R /XYZ -1.269 814.22 null] >> endobj 3433 0 obj << /D [3430 0 R /XYZ 137.484 708.344 null] >> endobj 3434 0 obj << /D [3430 0 R /XYZ 275.176 708.344 null] >> endobj 3435 0 obj << /D [3430 0 R /XYZ 489.899 708.344 null] >> endobj 3436 0 obj << /D [3430 0 R /XYZ 71.731 680.284 null] >> endobj 3437 0 obj << /D [3430 0 R /XYZ 137.484 664.508 null] >> endobj 3438 0 obj << /D [3430 0 R /XYZ 206.097 664.508 null] >> endobj 3439 0 obj << /D [3430 0 R /XYZ 421.955 664.508 null] >> endobj 3440 0 obj << /D [3430 0 R /XYZ 224.926 651.557 null] >> endobj 3441 0 obj << /D [3430 0 R /XYZ 76.712 633.624 null] >> endobj 334 0 obj << /D [3430 0 R /XYZ 297.383 599.153 null] >> endobj 3442 0 obj << /D [3430 0 R /XYZ 71.731 576.753 null] >> endobj 3443 0 obj << /D [3430 0 R /XYZ 225.125 553.325 null] >> endobj 3444 0 obj << /D [3430 0 R /XYZ 267.705 553.325 null] >> endobj 3445 0 obj << /D [3430 0 R /XYZ 410.833 553.325 null] >> endobj 3446 0 obj << /D [3430 0 R /XYZ 71.731 518.291 null] >> endobj 3447 0 obj << /D [3430 0 R /XYZ 439.857 507.497 null] >> endobj 3448 0 obj << /D [3430 0 R /XYZ 71.731 504.095 null] >> endobj 3449 0 obj << /D [3430 0 R /XYZ 137.484 487.073 null] >> endobj 3450 0 obj << /D [3430 0 R /XYZ 71.731 471.965 null] >> endobj 3451 0 obj << /D [3430 0 R /XYZ 137.484 456.189 null] >> endobj 3452 0 obj << /D [3430 0 R /XYZ 71.731 454.032 null] >> endobj 3453 0 obj << /D [3430 0 R /XYZ 137.484 438.257 null] >> endobj 3454 0 obj << /D [3430 0 R /XYZ 71.731 436.1 null] >> endobj 3455 0 obj << /D [3430 0 R /XYZ 137.484 420.324 null] >> endobj 3456 0 obj << /D [3430 0 R /XYZ 71.731 407.273 null] >> endobj 3457 0 obj << /D [3430 0 R /XYZ 137.484 389.44 null] >> endobj 3458 0 obj << /D [3430 0 R /XYZ 71.731 374.331 null] >> endobj 3459 0 obj << /D [3430 0 R /XYZ 137.484 358.555 null] >> endobj 3460 0 obj << /D [3430 0 R /XYZ 71.731 268.892 null] >> endobj 3461 0 obj << /D [3430 0 R /XYZ 226.689 255.94 null] >> endobj 3462 0 obj << /D [3430 0 R /XYZ 269.269 255.94 null] >> endobj 3463 0 obj << /D [3430 0 R /XYZ 71.731 216.673 null] >> endobj 338 0 obj << /D [3430 0 R /XYZ 389.515 179.457 null] >> endobj 3464 0 obj << /D [3430 0 R /XYZ 71.731 156.34 null] >> endobj 3429 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3468 0 obj << /Length 1402 /Filter /FlateDecode >> stream xڽWKo6W؋ D(v[h}. Z-"TwH%ֶɥf( A|j:` "% ̓|"M<,>y 4Z(}'ڽRP3޺']sn%Z͗IwBABnmMnO̧f))4ㄤQ᜺]Qoo)ܪ}tQqG﷼dBytR3-L)E#$ļ(n=(&~=1Y{}[Q[5/sA-ZvBϱYBik=JC u՗%Bڛ5e5^_d3\Xw}`۰Ao>3 cpK prqN6u{ ul> NObŬ(x5m1yq(YYQ8+D"%kX!h_F^1b3qC%K9T6W XUXWy}+;|8 hNb&A1 4#IrRy^,>+G@W,Yv귕x -{G[G/2,.F4.lY\Dyo` CWu|5N -t):6iCJQo<e#\~= سVC]P /=P5ӣkc!bZE(ے-H%ިFzR j9BaU(=tYcyy*;IksDdE܎u`AxN FV˵yB`70vI,xpI LaRS)FnI ,2Ec =Cg c/D'wr|`-+]ץYjśmpIb@Kԑ5M1!FRJ˻Fʧ M9=x2.{l\eFiQ#AftM3l*綘0#4meP50w\3UAdgEJoIrJ"Ad{ 7.mEej&z뱾ng Z q#rk;ò Jk M,l|7I 3ID`F/M; K=(yu'6 Rةɬ`~-@OmX^=^2 YD/_9`-~sK◾ۂ<\YorG{3LCjKp3$~7/;cńBم$qPəϛ8 endstream endobj 3467 0 obj << /Type /Page /Contents 3468 0 R /Resources 3466 0 R /MediaBox [0 0 593.051 789.041] /Parent 3483 0 R /Annots [ 3465 0 R ] >> endobj 3465 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [222.853 469.935 277.149 480.839] /A << /S /GoTo /D (0:RECDEP) >> >> endobj 3469 0 obj << /D [3467 0 R /XYZ -1.269 814.22 null] >> endobj 3470 0 obj << /D [3467 0 R /XYZ 71.731 741.22 null] >> endobj 3471 0 obj << /D [3467 0 R /XYZ 71.731 718.306 null] >> endobj 1080 0 obj << /D [3467 0 R /XYZ 71.731 630.222 null] >> endobj 342 0 obj << /D [3467 0 R /XYZ 100.394 564.744 null] >> endobj 3472 0 obj << /D [3467 0 R /XYZ 71.731 541.255 null] >> endobj 3473 0 obj << /D [3467 0 R /XYZ 409.472 531.867 null] >> endobj 3474 0 obj << /D [3467 0 R /XYZ 119.552 518.916 null] >> endobj 3475 0 obj << /D [3467 0 R /XYZ 71.731 497.208 null] >> endobj 3476 0 obj << /D [3467 0 R /XYZ 406.105 486.039 null] >> endobj 3477 0 obj << /D [3467 0 R /XYZ 194.53 473.088 null] >> endobj 3478 0 obj << /D [3467 0 R /XYZ 71.731 470.931 null] >> endobj 3479 0 obj << /D [3467 0 R /XYZ 71.731 455.987 null] >> endobj 3480 0 obj << /D [3467 0 R /XYZ 491.994 434.831 null] >> endobj 3481 0 obj << /D [3467 0 R /XYZ 71.731 416.199 null] >> endobj 3482 0 obj << /D [3467 0 R /XYZ 71.731 406.236 null] >> endobj 1081 0 obj << /D [3467 0 R /XYZ 71.731 180.376 null] >> endobj 3466 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3486 0 obj << /Length 1336 /Filter /FlateDecode >> stream xڝWm6~ `tڽ^WTUmU٠cqm;Ǽ$lu/gg^y^pjuޚfY)˝QeWiU)Q:A8D 6;m?"]F Z>qAuJcY*SOOm/lb. Nue`?~>q?z۪V&_=7>9 Iloщƒ*qV7]G$iy\uF]3ei:PZۉZ=ֈų9# (Z@#YTӵ2FgDIۗFwxpREeZ2L܆=Tl}D,1Gwg+ڐ!>I%fT'/QP1C JO{:; wԡ8i|ko 46rQ]l |d[)Փ|"- w;kNd2/R[*샀U_G־ m:Т x):t4LƵ?3ay_] 1\HgQw 'Ჺ8rdJ Z-J;eV{pcbiXd8z7L .FmY(ŷoI8X(E,h"[k!8ibQ 3J9Ӥ JT`ovnہpcΚ[qi*ȩCvtwrr}!ps[;+pl6CM}`7'ݾ"v}FMդǽ>3`E Vi:})>ܯ\r4e 9e):Sڳ6q7o?|7 W/?Zճt>0' %8n)7~J:v-N3lĻ W(s'4UE ,!.Fz㋁?uU}йJ*? C)%&[H\Lba$&lg^G~EA_f9ԿPJlle<\ xa endstream endobj 3485 0 obj << /Type /Page /Contents 3486 0 R /Resources 3484 0 R /MediaBox [0 0 593.051 789.041] /Parent 3483 0 R >> endobj 3487 0 obj << /D [3485 0 R /XYZ -1.269 814.22 null] >> endobj 346 0 obj << /D [3485 0 R /XYZ 253.971 705.748 null] >> endobj 3488 0 obj << /D [3485 0 R /XYZ 71.731 681.992 null] >> endobj 3489 0 obj << /D [3485 0 R /XYZ 145.006 672.871 null] >> endobj 3490 0 obj << /D [3485 0 R /XYZ 71.731 606.938 null] >> endobj 3491 0 obj << /D [3485 0 R /XYZ 71.731 572.084 null] >> endobj 3492 0 obj << /D [3485 0 R /XYZ 71.731 572.084 null] >> endobj 3493 0 obj << /D [3485 0 R /XYZ 224.307 561.289 null] >> endobj 3494 0 obj << /D [3485 0 R /XYZ 71.731 541.185 null] >> endobj 3495 0 obj << /D [3485 0 R /XYZ 487.866 528.413 null] >> endobj 3496 0 obj << /D [3485 0 R /XYZ 201.492 515.461 null] >> endobj 3497 0 obj << /D [3485 0 R /XYZ 396.536 515.461 null] >> endobj 3498 0 obj << /D [3485 0 R /XYZ 71.731 500.353 null] >> endobj 3499 0 obj << /D [3485 0 R /XYZ 71.731 485.409 null] >> endobj 3500 0 obj << /D [3485 0 R /XYZ 76.712 434.664 null] >> endobj 350 0 obj << /D [3485 0 R /XYZ 331.5 395.292 null] >> endobj 3501 0 obj << /D [3485 0 R /XYZ 71.731 372.175 null] >> endobj 3502 0 obj << /D [3485 0 R /XYZ 71.731 327.382 null] >> endobj 3503 0 obj << /D [3485 0 R /XYZ 71.731 327.382 null] >> endobj 3504 0 obj << /D [3485 0 R /XYZ 71.731 326.136 null] >> endobj 3505 0 obj << /D [3485 0 R /XYZ 129.514 309.115 null] >> endobj 3506 0 obj << /D [3485 0 R /XYZ 71.731 290.002 null] >> endobj 3507 0 obj << /D [3485 0 R /XYZ 71.731 244.557 null] >> endobj 3508 0 obj << /D [3485 0 R /XYZ 129.514 226.624 null] >> endobj 3509 0 obj << /D [3485 0 R /XYZ 71.731 191.965 null] >> endobj 3510 0 obj << /D [3485 0 R /XYZ 71.731 191.965 null] >> endobj 3511 0 obj << /D [3485 0 R /XYZ 234.539 180.796 null] >> endobj 3512 0 obj << /D [3485 0 R /XYZ 71.731 128.742 null] >> endobj 3513 0 obj << /D [3485 0 R /XYZ 71.731 128.742 null] >> endobj 3484 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3516 0 obj << /Length 1570 /Filter /FlateDecode >> stream xڵXK6Х hCM-Z=$ł(,zd"?×$mRe17 7^xf& e1mᑔ'^Rmso>"A@}#e#խ~\u鑨:աEt+71>6<4AiF=D6#g^m,ƒU{8V/.`û.x?G}q(}ɷlR e2 ^XekCfa+V;g zj!I s;ANTi8>anz6\|(V]+r>K~y]֠^ֱ1~_ oe 7"MǺ*/똮37z)lGR0ʲϯm6I-^Q:YJ3DQ &5\qG-*Jrl,_c?i`P IL͇u5`~1HF7&kʜ(O :{Hi;5̺B3Şsibō)aBb`Q42Fj*B A$ʼnya 86$sPsށcƏӉu)cuBw `1e%pIl'*88A @!)E*`k4?~/#gOT9?O0 }IbPF+V::d~a[I$H3I#LFqiy.*TVYi[9؎ <L,fΜoK^谦+͆Y*ޟE;o 27!Q:#+v/8d&b.__*)*ס: WS/#Zę8C4ݳcݗg֐+NC-0(,Y 酧@-(Q,%vFz)tnvA%[Yؖ( 8v9] ]×XF!Gunb3q0 eF%QZ7?Iyxiۨ2 %C>$]jJ2ũ0OKზζ?CiL(J^w_8L-hoL~۱nj΂!T)dn Y4xBg-T]sRni +8b{Ⱦe\D )}"M(u";Ilk׹|"zutS,'5¶oB7lx8HڏRkSӛٴ U$TK0A> endobj 3517 0 obj << /D [3515 0 R /XYZ -1.269 814.22 null] >> endobj 3518 0 obj << /D [3515 0 R /XYZ 71.731 718.306 null] >> endobj 3519 0 obj << /D [3515 0 R /XYZ 71.731 718.306 null] >> endobj 3520 0 obj << /D [3515 0 R /XYZ 71.731 718.306 null] >> endobj 3521 0 obj << /D [3515 0 R /XYZ 137.484 708.344 null] >> endobj 3522 0 obj << /D [3515 0 R /XYZ 71.731 706.187 null] >> endobj 3523 0 obj << /D [3515 0 R /XYZ 137.484 690.411 null] >> endobj 3524 0 obj << /D [3515 0 R /XYZ 71.731 662.725 null] >> endobj 3525 0 obj << /D [3515 0 R /XYZ 137.484 646.575 null] >> endobj 3526 0 obj << /D [3515 0 R /XYZ 71.731 633.524 null] >> endobj 3527 0 obj << /D [3515 0 R /XYZ 137.484 615.691 null] >> endobj 3528 0 obj << /D [3515 0 R /XYZ 76.712 586.102 null] >> endobj 3529 0 obj << /D [3515 0 R /XYZ 71.731 571.158 null] >> endobj 3530 0 obj << /D [3515 0 R /XYZ 488.623 547.846 null] >> endobj 3531 0 obj << /D [3515 0 R /XYZ 139.477 536.189 null] >> endobj 1178 0 obj << /D [3515 0 R /XYZ 71.731 486.675 null] >> endobj 354 0 obj << /D [3515 0 R /XYZ 377.353 441.421 null] >> endobj 3532 0 obj << /D [3515 0 R /XYZ 71.731 417.665 null] >> endobj 3533 0 obj << /D [3515 0 R /XYZ 145.006 408.544 null] >> endobj 3534 0 obj << /D [3515 0 R /XYZ 71.731 373.51 null] >> endobj 3535 0 obj << /D [3515 0 R /XYZ 71.731 373.51 null] >> endobj 3536 0 obj << /D [3515 0 R /XYZ 187.406 362.716 null] >> endobj 3537 0 obj << /D [3515 0 R /XYZ 71.731 340.549 null] >> endobj 3538 0 obj << /D [3515 0 R /XYZ 201.175 329.839 null] >> endobj 3539 0 obj << /D [3515 0 R /XYZ 417.283 329.839 null] >> endobj 3540 0 obj << /D [3515 0 R /XYZ 435.733 329.839 null] >> endobj 3541 0 obj << /D [3515 0 R /XYZ 478.622 329.839 null] >> endobj 3542 0 obj << /D [3515 0 R /XYZ 139.656 316.888 null] >> endobj 3543 0 obj << /D [3515 0 R /XYZ 187.257 316.888 null] >> endobj 3544 0 obj << /D [3515 0 R /XYZ 71.731 296.783 null] >> endobj 3545 0 obj << /D [3515 0 R /XYZ 334.424 284.011 null] >> endobj 3546 0 obj << /D [3515 0 R /XYZ 242.42 271.06 null] >> endobj 3547 0 obj << /D [3515 0 R /XYZ 160.368 258.108 null] >> endobj 3548 0 obj << /D [3515 0 R /XYZ 71.731 238.083 null] >> endobj 3549 0 obj << /D [3515 0 R /XYZ 262.614 212.28 null] >> endobj 3550 0 obj << /D [3515 0 R /XYZ 300.391 212.28 null] >> endobj 1179 0 obj << /D [3515 0 R /XYZ 71.731 208.878 null] >> endobj 358 0 obj << /D [3515 0 R /XYZ 327.188 165.78 null] >> endobj 3551 0 obj << /D [3515 0 R /XYZ 71.731 142.025 null] >> endobj 3552 0 obj << /D [3515 0 R /XYZ 227.735 132.904 null] >> endobj 3553 0 obj << /D [3515 0 R /XYZ 119.552 119.952 null] >> endobj 3514 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3556 0 obj << /Length 2070 /Filter /FlateDecode >> stream xڥYKs6WfiF)ҝڤ6Z9t`0& AV~}.f& "vo:o~<}M ^ ܝ_M`uWߞYf\VVx^pQ#3|k Rf$ovԈbl6~y!,09~I`F^b@h)&dQT4܂#?ZKI 5)Y)4CӍɲUsS&`β6L[8,?pSr$YY\#|jT|.R.\;-)D&vh/^@F#gY&r^!&UY!2!;<Ҽ|DyHkٙgO+#@+RYRLYqL9C8n;ɗ% J Ysm=ۯyKEvy&ۙzDE29)H[ y-W$L#7gN8Ȟj!Ӟ'hvn45x"7զ;modv' ,jyiG=1|yxwkA+d"mcL&( Y"յlGʞL: _X`#do_t'k\8rN}HLb=Yo&][0I4hdPL=e@(F]oXRMmwbf=n4- ]O:Xr̊a2UZglr9h5^TYy$("kY-Y3Q^VֵLKӗR+O/㵃k麑KKz3kJq ;O|mk:ٸڭ/at `cySIu7DVZ;`PՌ/'taɠGnV .WQu/e.f%ktlE -X -rٓ-SFv#r5(a&p/}t}]0֮/  T?U5nkチʁa֐n< `Qq[D ٗ~| ̲|+Uf $(z\Apޙoo!DY@DDΌx=[*"o$Q}Yd|Յll\M& z5"廹 ,IkVfs\%P㾷e]2U>ݓeԇ=/:Of7d%4ol>*T3.fH" μ7aY#ST$u8m{pV8@ފG{tiK!J6*$˷gX ?j>ɐz'wT0*C!cFFcN;#杩}3J M4֚{y^hJ@N?t/rf!@ެ=X^M}׏ӯ3biv'`7ncMC7C Fzv/}0knZ~Gsr!el)(ӘRҞPϪkJCىS޴~ }[-.}3mU Z =8cU7xAla3Duu,讋W(#9>!}7젮q4Y endstream endobj 3555 0 obj << /Type /Page /Contents 3556 0 R /Resources 3554 0 R /MediaBox [0 0 593.051 789.041] /Parent 3483 0 R >> endobj 3557 0 obj << /D [3555 0 R /XYZ -1.269 814.22 null] >> endobj 3558 0 obj << /D [3555 0 R /XYZ 71.731 718.306 null] >> endobj 3559 0 obj << /D [3555 0 R /XYZ 71.731 660.359 null] >> endobj 3560 0 obj << /D [3555 0 R /XYZ 71.731 660.359 null] >> endobj 3561 0 obj << /D [3555 0 R /XYZ 480.464 649.564 null] >> endobj 1180 0 obj << /D [3555 0 R /XYZ 71.731 620.259 null] >> endobj 362 0 obj << /D [3555 0 R /XYZ 497.739 577.162 null] >> endobj 3562 0 obj << /D [3555 0 R /XYZ 71.731 553.406 null] >> endobj 3563 0 obj << /D [3555 0 R /XYZ 71.731 522.203 null] >> endobj 3564 0 obj << /D [3555 0 R /XYZ 71.731 522.203 null] >> endobj 3565 0 obj << /D [3555 0 R /XYZ 71.731 489.461 null] >> endobj 3566 0 obj << /D [3555 0 R /XYZ 71.731 392.066 null] >> endobj 3567 0 obj << /D [3555 0 R /XYZ 71.731 345.864 null] >> endobj 3568 0 obj << /D [3555 0 R /XYZ 71.731 294.058 null] >> endobj 3569 0 obj << /D [3555 0 R /XYZ 71.731 279.114 null] >> endobj 3570 0 obj << /D [3555 0 R /XYZ 71.731 250.982 null] >> endobj 3571 0 obj << /D [3555 0 R /XYZ 173.612 241.321 null] >> endobj 3572 0 obj << /D [3555 0 R /XYZ 325.989 241.321 null] >> endobj 3573 0 obj << /D [3555 0 R /XYZ 417.158 241.321 null] >> endobj 3574 0 obj << /D [3555 0 R /XYZ 71.731 236.178 null] >> endobj 3575 0 obj << /D [3555 0 R /XYZ 173.612 224.683 null] >> endobj 3576 0 obj << /D [3555 0 R /XYZ 240.316 224.683 null] >> endobj 3577 0 obj << /D [3555 0 R /XYZ 307.653 224.683 null] >> endobj 3578 0 obj << /D [3555 0 R /XYZ 71.731 217.815 null] >> endobj 3579 0 obj << /D [3555 0 R /XYZ 233.676 208.046 null] >> endobj 3580 0 obj << /D [3555 0 R /XYZ 378.338 208.046 null] >> endobj 3581 0 obj << /D [3555 0 R /XYZ 451.162 208.046 null] >> endobj 3582 0 obj << /D [3555 0 R /XYZ 405.646 196.39 null] >> endobj 3583 0 obj << /D [3555 0 R /XYZ 139.477 184.733 null] >> endobj 3584 0 obj << /D [3555 0 R /XYZ 71.731 177.865 null] >> endobj 3585 0 obj << /D [3555 0 R /XYZ 278.077 144.783 null] >> endobj 3586 0 obj << /D [3555 0 R /XYZ 76.712 115.194 null] >> endobj 3554 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R /F48 1347 0 R /F55 1479 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3589 0 obj << /Length 2013 /Filter /FlateDecode >> stream xڥY[6~_@{}d,6-8E(hDGd_"DL>y9|߹Ѿw|炙vOa$OhObd1u.=o471ײyhEs֟:VL4[_r=(ehz͹Ue#znםo= "F UBIL$`@KJ4:5h~Oo: ,}}^izχNK%OevB6C@2je]d׉Ce96o$ :H~+]?Iq:L^Q=?oo@M=ps8Ja@I;%*(/=hAp@x-M@K}}il$ 0uɏfT(4 &ѸtZz]9H)ALjg'ahGƸE-B{|~Q__$NM*Ӥ:Nf(=|ٚ4v8#Ҕy J~+~Ǎ`) C.׹e>2h"ߪg$Q`U|F9;fGQuGA#$Vbl Zމ7 Aƨh9}o RJĝY3(ȁv{0neKU#]!MH6ж`MLAhYT_*^j^q=w=^Ūtܩ6:,k okѩ\}(-9:G[= .]:k BQ48_5bX7Oa_;bmvb$a̛ml9zPU[[yi!)##lk+ijY &y˱b99oNӜDkkA1s@CV|?IُePUn$k pSP^UK}Ϻ쾰vWΔL/,$:]+$jA(1WlO7JĐԫ$fw4!a-L6y7F$4_%  ! V^Pě;e> ty^a;w@Sh4H^˽ݯ+TҳjHr>Yh3abE{[_F1Cge'3u0~1Ի)Z_?4a@ÀκqO\cɺ`"7:37l`YP75Sj+wB Nz9B 6s f*0['a\rcםriE" @'#e,%yU"ո#*c3M nr CuDm8/\:/!t4uk4UǮ$OuCKnz-8KD}?fNi䥜! dJ/BGi̩.0Qbf2j~'4q%l0h ?1-vTPoi֊Q~ӚY\ =|P=id,jH##DeZ#!0\,kÖ6 Ŝ/b%VN!rGP70\?;+Fb]7ԓCM.8dtlG9=+jrͬ &CU8d!ְX&S#ךZ.ɭ"՝_JUlRA>ABId@Svp6箚HKq8mjv뾼^j, ;Ġ:N`qzw ABbu$ -Y_^ endstream endobj 3588 0 obj << /Type /Page /Contents 3589 0 R /Resources 3587 0 R /MediaBox [0 0 593.051 789.041] /Parent 3483 0 R >> endobj 3590 0 obj << /D [3588 0 R /XYZ -1.269 814.22 null] >> endobj 366 0 obj << /D [3588 0 R /XYZ 345.185 707.841 null] >> endobj 3591 0 obj << /D [3588 0 R /XYZ 71.731 687.17 null] >> endobj 3592 0 obj << /D [3588 0 R /XYZ 263.032 674.964 null] >> endobj 3593 0 obj << /D [3588 0 R /XYZ 446.921 674.964 null] >> endobj 3594 0 obj << /D [3588 0 R /XYZ 280.905 662.013 null] >> endobj 3595 0 obj << /D [3588 0 R /XYZ 402.278 662.013 null] >> endobj 3596 0 obj << /D [3588 0 R /XYZ 196.751 636.11 null] >> endobj 3597 0 obj << /D [3588 0 R /XYZ 71.731 601.076 null] >> endobj 3598 0 obj << /D [3588 0 R /XYZ 119.552 577.33 null] >> endobj 3599 0 obj << /D [3588 0 R /XYZ 254.205 577.33 null] >> endobj 3600 0 obj << /D [3588 0 R /XYZ 119.552 538.476 null] >> endobj 3601 0 obj << /D [3588 0 R /XYZ 399.011 525.525 null] >> endobj 3602 0 obj << /D [3588 0 R /XYZ 340.053 512.573 null] >> endobj 3603 0 obj << /D [3588 0 R /XYZ 169.633 499.622 null] >> endobj 3604 0 obj << /D [3588 0 R /XYZ 289.035 499.622 null] >> endobj 3605 0 obj << /D [3588 0 R /XYZ 144.179 486.67 null] >> endobj 3606 0 obj << /D [3588 0 R /XYZ 71.731 485.962 null] >> endobj 3607 0 obj << /D [3588 0 R /XYZ 166.376 432.985 null] >> endobj 3608 0 obj << /D [3588 0 R /XYZ 166.376 389.329 null] >> endobj 3609 0 obj << /D [3588 0 R /XYZ 292.012 389.329 null] >> endobj 3610 0 obj << /D [3588 0 R /XYZ 166.376 368.31 null] >> endobj 3611 0 obj << /D [3588 0 R /XYZ 244.122 346.091 null] >> endobj 3612 0 obj << /D [3588 0 R /XYZ 166.376 302.75 null] >> endobj 3613 0 obj << /D [3588 0 R /XYZ 166.376 247.856 null] >> endobj 3614 0 obj << /D [3588 0 R /XYZ 71.731 194.914 null] >> endobj 370 0 obj << /D [3588 0 R /XYZ 253.472 162.41 null] >> endobj 3615 0 obj << /D [3588 0 R /XYZ 71.731 139.293 null] >> endobj 3616 0 obj << /D [3588 0 R /XYZ 249.513 129.533 null] >> endobj 3617 0 obj << /D [3588 0 R /XYZ 71.731 107.451 null] >> endobj 3587 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3621 0 obj << /Length 1367 /Filter /FlateDecode >> stream xڕWm8_龴k=H=iaYw [t:B&u$N{)mO$g&ό'{j|1,co4"!K$Ib}XdGt\_'J>jy沺BInup'+%&!?4RQYWRfRӔEa4~H""\XV)c$|dS:湒[^Fv>ͦ}*_XVp LhwxC֯B= Qk[ղBi)V+ O9TazqOM @]!lҬ[ʞ6]kUa.;e$|EF8C?@sAJh:Ҧέf@^̶B x}T ~zHaGlc ^,MwnSu($Eԕ,efw1/Qw>u Si'A!K[6 yCM_H/2Tt߲r$/#OD x+%/"|W+nfn zUU}:_Fu`Kpˍ(k}d⮩ڵJB{QcGRm۳~5(r!.O}T%.ߎs Yayy{۷+ߣދ} ZpBpB,v&ww}9V֏<ExG)Ro1Ba<1fG$bı&,C[zE;q„>zIlZH+Y5TaGl4-IBo^˪nTG3ƸՃ'_>l`Auh8a -e,bObbݛ_zw:!6B.p{W'^D{Vb'ۍCy#oYj㦶F/o#N<3d糔0r_>L АdY5[ޝbAF uZx:IU2S&tH0XDznW¼4 Mt01&* LM̝BjFwuo+oNߥٚ۷K8v˓) V \ E͗VZ{ +k=7Mym?hS]%Ri\ꃎp к|hˇ8丙yKQd(,s`YU3 BC[ 9L t>&x& #O`]$?N2A2 ,#E׵=;W:;> endobj 3618 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [279.95 624.373 351.88 633.48] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 3622 0 obj << /D [3620 0 R /XYZ -1.269 814.22 null] >> endobj 3623 0 obj << /D [3620 0 R /XYZ 71.731 741.22 null] >> endobj 3624 0 obj << /D [3620 0 R /XYZ 71.731 718.306 null] >> endobj 1181 0 obj << /D [3620 0 R /XYZ 71.731 336.189 null] >> endobj 374 0 obj << /D [3620 0 R /XYZ 318.907 290.935 null] >> endobj 3625 0 obj << /D [3620 0 R /XYZ 71.731 267.18 null] >> endobj 3626 0 obj << /D [3620 0 R /XYZ 71.731 229.999 null] >> endobj 3627 0 obj << /D [3620 0 R /XYZ 166.376 176.491 null] >> endobj 3628 0 obj << /D [3620 0 R /XYZ 71.731 116.674 null] >> endobj 3619 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3631 0 obj << /Length 2107 /Filter /FlateDecode >> stream xڝYIϯ!=U>xؙX>l "!I0\˯OXO'nzw7wAPxwƻVC!%Qe-A~~^jR@* Gfo8?n6WٰUIg]u)T}7?wR$g4DDK Hx(F4MвW+3uUG5ʚQ Hn{5Rϟ<s_ 3kƂzЈ 4, z,CI"eQJ_x;65V\mYBǞ5؏^ r+Fes=^#:# rbDЂ$)Qe -ֽ mtG/3$'kv(k_D*CԌ-Jiۧ4<+䡚 ^?$+OWW%DŨID&ɡ顔ڮ0]jXNԿ( \zz>|WVlj,T-WA0>lx!QƑvB1 }*xQenoR=@sV~sBDg[xaX2# .T\) aoBkI>1K%XE1V.騅!qnXEZW%j FWMkJ" kH0ʈ%qMTNMazi<˿;$)AY%q[/M@BFGS & ;c+/rDSΩ$ V/Y6g`_]HP*U/hV~Z1\_PnUZ, tT{d1|mŠZL:ًmBj[j/MVQԻoj4 OOWoe`C "2Nu  РhU򅁖8W)m7xyP4J'lQ5dl;ŴKovko<VB.&a(1S޵7l7s`uQ! 2kuT کL4YOih҉l]A#b{a.&o:JƾѬ6^&6i3X9 P @\)?wڶU4{—o ܶUi2$Gڢ1rBCG]-dh,q+:/h'MS,<|3{Rehs~|\% gtH`:#fr7:s}QfolD8raL d(W~#e0F  ">֙v?T֖-YA-/h|` Fϛ3|cDu40g ]a폑q?NWSv|y endstream endobj 3630 0 obj << /Type /Page /Contents 3631 0 R /Resources 3629 0 R /MediaBox [0 0 593.051 789.041] /Parent 3672 0 R >> endobj 3632 0 obj << /D [3630 0 R /XYZ -1.269 814.22 null] >> endobj 3633 0 obj << /D [3630 0 R /XYZ 71.731 718.306 null] >> endobj 3634 0 obj << /D [3630 0 R /XYZ 71.731 718.306 null] >> endobj 3635 0 obj << /D [3630 0 R /XYZ 231.311 708.344 null] >> endobj 3636 0 obj << /D [3630 0 R /XYZ 71.731 653.385 null] >> endobj 3637 0 obj << /D [3630 0 R /XYZ 162.999 642.59 null] >> endobj 3638 0 obj << /D [3630 0 R /XYZ 139.746 616.687 null] >> endobj 3639 0 obj << /D [3630 0 R /XYZ 363.047 616.687 null] >> endobj 3640 0 obj << /D [3630 0 R /XYZ 71.731 614.531 null] >> endobj 3641 0 obj << /D [3630 0 R /XYZ 71.731 599.587 null] >> endobj 3642 0 obj << /D [3630 0 R /XYZ 366.493 578.431 null] >> endobj 3643 0 obj << /D [3630 0 R /XYZ 139.477 566.775 null] >> endobj 3644 0 obj << /D [3630 0 R /XYZ 271.137 555.118 null] >> endobj 3645 0 obj << /D [3630 0 R /XYZ 446.284 555.118 null] >> endobj 3646 0 obj << /D [3630 0 R /XYZ 228.593 543.462 null] >> endobj 3647 0 obj << /D [3630 0 R /XYZ 461.447 543.462 null] >> endobj 3648 0 obj << /D [3630 0 R /XYZ 328.566 520.149 null] >> endobj 3649 0 obj << /D [3630 0 R /XYZ 71.731 513.173 null] >> endobj 3650 0 obj << /D [3630 0 R /XYZ 71.731 503.211 null] >> endobj 3651 0 obj << /D [3630 0 R /XYZ 149.161 494.715 null] >> endobj 3652 0 obj << /D [3630 0 R /XYZ 166.591 494.715 null] >> endobj 3653 0 obj << /D [3630 0 R /XYZ 149.161 484.224 null] >> endobj 3654 0 obj << /D [3630 0 R /XYZ 166.591 484.224 null] >> endobj 3655 0 obj << /D [3630 0 R /XYZ 76.712 435.477 null] >> endobj 3656 0 obj << /D [3630 0 R /XYZ 71.731 415.552 null] >> endobj 3657 0 obj << /D [3630 0 R /XYZ 438.645 368.927 null] >> endobj 3658 0 obj << /D [3630 0 R /XYZ 358.334 357.27 null] >> endobj 3659 0 obj << /D [3630 0 R /XYZ 71.731 350.294 null] >> endobj 3660 0 obj << /D [3630 0 R /XYZ 201.111 340.633 null] >> endobj 3661 0 obj << /D [3630 0 R /XYZ 139.477 328.976 null] >> endobj 3662 0 obj << /D [3630 0 R /XYZ 76.712 312.339 null] >> endobj 3663 0 obj << /D [3630 0 R /XYZ 71.731 292.414 null] >> endobj 3664 0 obj << /D [3630 0 R /XYZ 380.481 280.757 null] >> endobj 3665 0 obj << /D [3630 0 R /XYZ 299.506 269.101 null] >> endobj 3666 0 obj << /D [3630 0 R /XYZ 71.731 238.92 null] >> endobj 3667 0 obj << /D [3630 0 R /XYZ 185.573 229.151 null] >> endobj 3668 0 obj << /D [3630 0 R /XYZ 76.712 199.562 null] >> endobj 378 0 obj << /D [3630 0 R /XYZ 261.448 160.189 null] >> endobj 3669 0 obj << /D [3630 0 R /XYZ 71.731 137.072 null] >> endobj 3670 0 obj << /D [3630 0 R /XYZ 249.513 127.313 null] >> endobj 3671 0 obj << /D [3630 0 R /XYZ 71.731 115.193 null] >> endobj 3629 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F51 1354 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3676 0 obj << /Length 1289 /Filter /FlateDecode >> stream xXmo6_!dl1K>C5C)-QY4H*q*K.F}"i{x:uVy:$9L3 |3ϜoY7a8#wW5J຀+^ =)z+Fw֤œguyN,0Ei!h?AVi. {<-H$y.~k9Zn֜҃M]qHIuc bD| <;h;e;*قF>fЂlv8$&nȆߑ^<֛80Ouk?t &[AL')C˶td@P9M V+,&xj3"n9QA%@G*}͏4/jie\(]QfmV1]P5m IK![Ya4Ȓ6ޚS@r`2 E|طLSUm`+ z:-vaj O#/"jd/] N&>%C0%,)yGlJ<$Ɏn8?3s\} Sk%dm d.:t[ 7e~aՊ*ETF㌉(c;tTZv^ɦ> endobj 3673 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [322.989 589.404 394.919 598.511] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 3677 0 obj << /D [3675 0 R /XYZ -1.269 814.22 null] >> endobj 3678 0 obj << /D [3675 0 R /XYZ 71.731 741.22 null] >> endobj 3679 0 obj << /D [3675 0 R /XYZ 71.731 287.871 null] >> endobj 382 0 obj << /D [3675 0 R /XYZ 337.725 248.498 null] >> endobj 3680 0 obj << /D [3675 0 R /XYZ 71.731 228.394 null] >> endobj 3681 0 obj << /D [3675 0 R /XYZ 129.235 215.622 null] >> endobj 3682 0 obj << /D [3675 0 R /XYZ 71.731 154.685 null] >> endobj 3683 0 obj << /D [3675 0 R /XYZ 420.878 143.891 null] >> endobj 3684 0 obj << /D [3675 0 R /XYZ 353.551 117.988 null] >> endobj 3674 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3687 0 obj << /Length 1301 /Filter /FlateDecode >> stream xڝWMs6WiƂo$;i顚!t(Q v p)ۓEޯ77wa> p,Fzi,C}|V19qpeg)7YQN/$FxsT^`J.~0$FY{ B1T˾Pu(Fj4cLr;,xxC#5LFL҆(0zIЭWo5{BDq"EcyWǻ40ѡc XV~^|ěX\;ZoB@m)s*9);O[?fsZ$nIw2~ ,W*hQ<0}r!w?PPg8ފY+tYp IOx kjvPVHh^DGa>A+KNUc(X.HXr;36!YZk^ԳAΠY ?ZGZ3~vF䓖yD3†\"cz˙H2eݮ},а1K*j.8$ЬF&#/'*+UN R5mM{ &^ T~J Oa*ۓdŘцM\ D@[S/cbٶ5-uǛPn)Hk[/)nJK>=,^9:,}Ϧ3V.5)L)O ^S(`Sj[%3b"6Z!~j Kd5 ,6i WuKlW wy/|rLBVZQL=d!0: `nᙝIWoɸ;76PJu+ϳ: Cu@^bla|yE?Qw {r_U|k"}¨ Iu&kr 5V{CIr שkipNSejm.rgi*rDrU;n_]9`ݕt̎Q4׺Xp;9&KtFLjqUgBW*> endobj 3688 0 obj << /D [3686 0 R /XYZ -1.269 814.22 null] >> endobj 3689 0 obj << /D [3686 0 R /XYZ 376.952 708.344 null] >> endobj 3690 0 obj << /D [3686 0 R /XYZ 275.824 695.392 null] >> endobj 3691 0 obj << /D [3686 0 R /XYZ 71.731 609.365 null] >> endobj 386 0 obj << /D [3686 0 R /XYZ 368.684 570.092 null] >> endobj 3692 0 obj << /D [3686 0 R /XYZ 71.731 546.975 null] >> endobj 3693 0 obj << /D [3686 0 R /XYZ 71.731 504.239 null] >> endobj 3694 0 obj << /D [3686 0 R /XYZ 71.731 504.239 null] >> endobj 3695 0 obj << /D [3686 0 R /XYZ 71.731 502.994 null] >> endobj 3696 0 obj << /D [3686 0 R /XYZ 137.484 483.915 null] >> endobj 3697 0 obj << /D [3686 0 R /XYZ 71.731 448.882 null] >> endobj 3698 0 obj << /D [3686 0 R /XYZ 71.731 416.005 null] >> endobj 3699 0 obj << /D [3686 0 R /XYZ 71.731 416.005 null] >> endobj 3700 0 obj << /D [3686 0 R /XYZ 124.533 391.014 null] >> endobj 3701 0 obj << /D [3686 0 R /XYZ 137.484 373.081 null] >> endobj 3702 0 obj << /D [3686 0 R /XYZ 71.731 338.047 null] >> endobj 3703 0 obj << /D [3686 0 R /XYZ 71.731 292.219 null] >> endobj 3704 0 obj << /D [3686 0 R /XYZ 71.731 292.219 null] >> endobj 3705 0 obj << /D [3686 0 R /XYZ 124.533 267.228 null] >> endobj 3706 0 obj << /D [3686 0 R /XYZ 137.484 249.295 null] >> endobj 3707 0 obj << /D [3686 0 R /XYZ 71.731 227.213 null] >> endobj 3708 0 obj << /D [3686 0 R /XYZ 71.731 181.385 null] >> endobj 3709 0 obj << /D [3686 0 R /XYZ 71.731 181.385 null] >> endobj 3685 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3712 0 obj << /Length 1702 /Filter /FlateDecode >> stream xڭX[o6~[m %Yi2tڢ1 cI~nVۋMR9sS0O//l_,Ɇl(l':!qY'dO^hiͣ$&_J5}ػ%MŅsƍ0lӽ䖎Rp#/T t ;:4!4̣$)N84ϹgF6k<>;ARNE7yEyUY\'d :qK*{j!ˍ Z93,3|h.{恛 +,^dAD6><;@ɴ i<9Gt'3-f7òfQ0P Iyµ*SQ{ | ;Ke/t=BPP Vqr?]+ܾ]|(4 bh~НWZwIxN#[v.jSr%0&8,Y8 iNHzj=R^TnzdZS+ HbyR'$H޽Dц* ^~pvlM_ol`޽<5N޹KԄAin\?TUenJYLȠr䅮?7pTܾhk]E-vbH0uCEko^yi׼sZ.zKYM 0v֡V, \;x($iI{hyga6"aWaeHxwM0tX ٤,ϙ/y7Z*:ҹwd ā11I\sQ3@Q/:BK;; Ea?6b44؁N_iO ZnAryk1lhǰQ9:VΎ5bʩZo;ו5uxܱI#WS2IBˣYўg>LlV~:DzpdjpSQn=n.sa?c af#ژB\lqd{i+fFW탦}]mQ5N#Xɚn`sB)"% 3!Fowa0Q .pS=#s X]Q/O\{PM ~g< I`(\(PD%SsdA) g|,V,Ҿ-ѨCGv͍1,|4^{YcցQLBYpw?ThR7.tNfVh.pͅ?kzfj#;w%VLqqapQ*ް\^5<eeU.*~ʿ]psT@^f Y T@ MiV$ ڇ銬t2_/IFM1Ӎr~eg}ǚxEQﷶs::˦kߤ* 촘;[뾏orȢ: S>3as׼~D;N6c=~/\':Z w/AuI||m_"9igTˀi~eXM674.kU}# Z|pɵ꣭7o{7_ivȤX&T4]jjF`T.'1 bݩ 9:koO父Z Yol,d'!o\m_ aB endstream endobj 3711 0 obj << /Type /Page /Contents 3712 0 R /Resources 3710 0 R /MediaBox [0 0 593.051 789.041] /Parent 3672 0 R >> endobj 3713 0 obj << /D [3711 0 R /XYZ -1.269 814.22 null] >> endobj 3714 0 obj << /D [3711 0 R /XYZ 71.731 718.306 null] >> endobj 3715 0 obj << /D [3711 0 R /XYZ 230.783 708.344 null] >> endobj 3716 0 obj << /D [3711 0 R /XYZ 326.523 708.344 null] >> endobj 3717 0 obj << /D [3711 0 R /XYZ 431.728 708.344 null] >> endobj 3718 0 obj << /D [3711 0 R /XYZ 71.731 662.416 null] >> endobj 3719 0 obj << /D [3711 0 R /XYZ 71.731 646.162 null] >> endobj 390 0 obj << /D [3711 0 R /XYZ 275.564 608.946 null] >> endobj 3720 0 obj << /D [3711 0 R /XYZ 71.731 585.829 null] >> endobj 3721 0 obj << /D [3711 0 R /XYZ 321.711 537.215 null] >> endobj 3722 0 obj << /D [3711 0 R /XYZ 71.731 515.133 null] >> endobj 3723 0 obj << /D [3711 0 R /XYZ 71.731 443.402 null] >> endobj 3724 0 obj << /D [3711 0 R /XYZ 71.731 404.548 null] >> endobj 3725 0 obj << /D [3711 0 R /XYZ 71.731 389.604 null] >> endobj 1182 0 obj << /D [3711 0 R /XYZ 71.731 295.621 null] >> endobj 394 0 obj << /D [3711 0 R /XYZ 366.095 250.367 null] >> endobj 3726 0 obj << /D [3711 0 R /XYZ 71.731 226.612 null] >> endobj 3727 0 obj << /D [3711 0 R /XYZ 71.731 195.408 null] >> endobj 3728 0 obj << /D [3711 0 R /XYZ 71.731 195.408 null] >> endobj 3729 0 obj << /D [3711 0 R /XYZ 71.731 162.666 null] >> endobj 3730 0 obj << /D [3711 0 R /XYZ 71.731 162.666 null] >> endobj 3731 0 obj << /D [3711 0 R /XYZ 149.718 138.786 null] >> endobj 3732 0 obj << /D [3711 0 R /XYZ 197.04 125.834 null] >> endobj 3710 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3735 0 obj << /Length 1588 /Filter /FlateDecode >> stream xڵXK#5 ϯȍjc8RPPKsNI\tڃީPmH>òO'q~4]դ.bpX%UN\iBtY`S2"%>֗RW1pBVML`XGަ YU#meICڒԡ8tT%I<,jexUPeCqw61UB=qIȿ0YQMZߗgłf9alk9X͛ [G&TT"gCCd]ģ>/  מBμuP9aQ;oV٣dW4k9ʻ oeN_ gvWct;{0mm/Z` n>#B mF 2g] FY yILL$" endstream endobj 3734 0 obj << /Type /Page /Contents 3735 0 R /Resources 3733 0 R /MediaBox [0 0 593.051 789.041] /Parent 3672 0 R >> endobj 3736 0 obj << /D [3734 0 R /XYZ -1.269 814.22 null] >> endobj 3737 0 obj << /D [3734 0 R /XYZ 71.731 741.22 null] >> endobj 3738 0 obj << /D [3734 0 R /XYZ 71.731 718.306 null] >> endobj 3739 0 obj << /D [3734 0 R /XYZ 71.731 693.235 null] >> endobj 3740 0 obj << /D [3734 0 R /XYZ 71.731 678.291 null] >> endobj 3741 0 obj << /D [3734 0 R /XYZ 71.731 665.34 null] >> endobj 3742 0 obj << /D [3734 0 R /XYZ 139.477 649.564 null] >> endobj 3743 0 obj << /D [3734 0 R /XYZ 71.731 616.588 null] >> endobj 3744 0 obj << /D [3734 0 R /XYZ 71.731 616.588 null] >> endobj 3745 0 obj << /D [3734 0 R /XYZ 222.644 603.736 null] >> endobj 3746 0 obj << /D [3734 0 R /XYZ 71.731 581.569 null] >> endobj 3747 0 obj << /D [3734 0 R /XYZ 172.335 570.859 null] >> endobj 3748 0 obj << /D [3734 0 R /XYZ 234.333 557.908 null] >> endobj 3749 0 obj << /D [3734 0 R /XYZ 71.731 520.797 null] >> endobj 3750 0 obj << /D [3734 0 R /XYZ 71.731 507.746 null] >> endobj 3751 0 obj << /D [3734 0 R /XYZ 139.477 489.913 null] >> endobj 3752 0 obj << /D [3734 0 R /XYZ 71.731 428.976 null] >> endobj 3753 0 obj << /D [3734 0 R /XYZ 71.731 428.976 null] >> endobj 3754 0 obj << /D [3734 0 R /XYZ 233.164 418.182 null] >> endobj 3755 0 obj << /D [3734 0 R /XYZ 71.731 396.015 null] >> endobj 3756 0 obj << /D [3734 0 R /XYZ 172.403 385.305 null] >> endobj 3757 0 obj << /D [3734 0 R /XYZ 239.551 372.354 null] >> endobj 3758 0 obj << /D [3734 0 R /XYZ 71.731 335.243 null] >> endobj 3759 0 obj << /D [3734 0 R /XYZ 71.731 320.135 null] >> endobj 3760 0 obj << /D [3734 0 R /XYZ 139.477 304.359 null] >> endobj 3761 0 obj << /D [3734 0 R /XYZ 71.731 271.382 null] >> endobj 3762 0 obj << /D [3734 0 R /XYZ 71.731 271.382 null] >> endobj 3763 0 obj << /D [3734 0 R /XYZ 222.086 258.531 null] >> endobj 3764 0 obj << /D [3734 0 R /XYZ 71.731 236.583 null] >> endobj 3765 0 obj << /D [3734 0 R /XYZ 216.776 225.654 null] >> endobj 3766 0 obj << /D [3734 0 R /XYZ 258.071 225.654 null] >> endobj 3767 0 obj << /D [3734 0 R /XYZ 290.658 225.654 null] >> endobj 3768 0 obj << /D [3734 0 R /XYZ 334.583 225.654 null] >> endobj 3769 0 obj << /D [3734 0 R /XYZ 71.731 162.64 null] >> endobj 3770 0 obj << /D [3734 0 R /XYZ 71.731 147.532 null] >> endobj 3771 0 obj << /D [3734 0 R /XYZ 139.477 131.756 null] >> endobj 3733 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F68 1764 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3775 0 obj << /Length 1005 /Filter /FlateDecode >> stream xڥVKo8WE"D= Цm-@`4Ym(HTSlIvO"7o?>ae q쭷N P%!)޺} -LO;x7tٙ>9kNYy/̊5.":& [<ĔN0(" G`w}OOVJ6^*đR [_EC4ee$17>ӎ^[DTZ;zpГ8U%ln{n>ڈ rޔp!"#Usx;Z SΉ:oʬy+o2DdT&13h@Rk,ܟb2Z5>Mau{'NjaoO|:"ȏRꤢj25Y!Hq&}F F1:KLLe te])YPa83CSA H5J Nj@oiBEQ,Tmtpv/} endstream endobj 3774 0 obj << /Type /Page /Contents 3775 0 R /Resources 3773 0 R /MediaBox [0 0 593.051 789.041] /Parent 3672 0 R /Annots [ 3772 0 R ] >> endobj 3772 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [344.508 488.229 416.438 496.942] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 3776 0 obj << /D [3774 0 R /XYZ -1.269 814.22 null] >> endobj 3777 0 obj << /D [3774 0 R /XYZ 71.731 718.306 null] >> endobj 3778 0 obj << /D [3774 0 R /XYZ 71.731 718.306 null] >> endobj 3779 0 obj << /D [3774 0 R /XYZ 242.002 708.344 null] >> endobj 3780 0 obj << /D [3774 0 R /XYZ 342.697 675.467 null] >> endobj 3781 0 obj << /D [3774 0 R /XYZ 71.731 641.345 null] >> endobj 3782 0 obj << /D [3774 0 R /XYZ 249.513 628.394 null] >> endobj 3783 0 obj << /D [3774 0 R /XYZ 71.731 616.274 null] >> endobj 1183 0 obj << /D [3774 0 R /XYZ 71.731 372.802 null] >> endobj 398 0 obj << /D [3774 0 R /XYZ 427.295 327.548 null] >> endobj 3784 0 obj << /D [3774 0 R /XYZ 71.731 303.792 null] >> endobj 3785 0 obj << /D [3774 0 R /XYZ 71.731 272.589 null] >> endobj 3786 0 obj << /D [3774 0 R /XYZ 71.731 272.589 null] >> endobj 3787 0 obj << /D [3774 0 R /XYZ 71.731 239.847 null] >> endobj 3788 0 obj << /D [3774 0 R /XYZ 71.731 239.847 null] >> endobj 3789 0 obj << /D [3774 0 R /XYZ 418.956 203.015 null] >> endobj 3790 0 obj << /D [3774 0 R /XYZ 71.731 177.944 null] >> endobj 3773 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F68 1764 0 R /F50 1352 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3793 0 obj << /Length 1078 /Filter /FlateDecode >> stream xڕVK6d`"lEEID[D$R %lyp7 8[>V(u6;'"')CێϏM8ѾM)[UW=􌲎xqNzv\x7ƭc89'?LG1J\;N(M2{=TW(&-qOCTj!ɁH7!z̺#דB]-?]n 1#C5'ҨTDbhuW_W&[1u]5d\B(񶣜A7 _3`?b愿 *:9y^Ow\,쬮ц=鱦j$WMr6֠/XeotMeK㲧% %9A2 d^(K֎f(M*O? lOW@(x,4m?+hI9rc47^Xga%N(L4Wʣv cX+] ^?4i$LVOY-D=2U>jU'=% .šˡtxK-2Iٷ-&f(aSa1"ZL.5e)LCZ a#1!Cx¯T]\ꎱ`}awW*x`\эeRX拀JCC3_"yX hշ ?ˤvßo19&VhF3(\ՓL ._?ͅk.*1;Z \Mݒ$)ьՍ˞ta&dУ{wP[TrFyo?;s5|Wy~q8Y> endobj 3794 0 obj << /D [3792 0 R /XYZ -1.269 814.22 null] >> endobj 3795 0 obj << /D [3792 0 R /XYZ 71.731 479.004 null] >> endobj 1184 0 obj << /D [3792 0 R /XYZ 71.731 462.65 null] >> endobj 402 0 obj << /D [3792 0 R /XYZ 443.684 419.553 null] >> endobj 3796 0 obj << /D [3792 0 R /XYZ 71.731 395.797 null] >> endobj 3797 0 obj << /D [3792 0 R /XYZ 71.731 364.594 null] >> endobj 3798 0 obj << /D [3792 0 R /XYZ 71.731 364.594 null] >> endobj 3799 0 obj << /D [3792 0 R /XYZ 71.731 331.852 null] >> endobj 3800 0 obj << /D [3792 0 R /XYZ 71.731 331.852 null] >> endobj 3801 0 obj << /D [3792 0 R /XYZ 150.976 295.02 null] >> endobj 3802 0 obj << /D [3792 0 R /XYZ 71.731 269.949 null] >> endobj 3791 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3806 0 obj << /Length 1012 /Filter /FlateDecode >> stream xڝVKo6W6єl=\`f.- Z-/)Gζ"93| }v5Ͻ%Zae/L#/(B/+?&%iZ*~Ix+Wm'%E0~mڒI)Tkgtd.ՂV+ fwR)^L~E( ԂiO$%(~8JNtJ|؟a1.}aL !]r!ÆUT=C2~AոT#@Rtm)$^0pSW䥤p8 ;%wN ](m'p`xau 2; Fh 7Yc?}#K>8*y?('hҸl *)k u 笠jW M-Njd$( "[aE ytbxGl̯d40 Y͔N6?S!6/q\LS-bakoxam k!э&GhZ&\cKy fiN@)'Mڻ?2>v4V:cWJn4K""/.& FP*E ZHv%v~B6ꏡh13_ θZQFmC  뷾i]`{d@MwL:.[;R93w3]wnm{Bt.J'닉;u MQ"rHꫛ· 7Ќ/3GT4j'c &;lDԉms A<;S'.֥O9cl)T_nr됓LrڜOwz:{Y3N(釋Ir&[<_(őL;^It"ʮ + endstream endobj 3805 0 obj << /Type /Page /Contents 3806 0 R /Resources 3804 0 R /MediaBox [0 0 593.051 789.041] /Parent 3803 0 R >> endobj 3807 0 obj << /D [3805 0 R /XYZ -1.269 814.22 null] >> endobj 3808 0 obj << /D [3805 0 R /XYZ 71.731 455.691 null] >> endobj 1185 0 obj << /D [3805 0 R /XYZ 71.731 439.338 null] >> endobj 406 0 obj << /D [3805 0 R /XYZ 479.061 396.24 null] >> endobj 3809 0 obj << /D [3805 0 R /XYZ 71.731 372.485 null] >> endobj 3810 0 obj << /D [3805 0 R /XYZ 71.731 341.281 null] >> endobj 3811 0 obj << /D [3805 0 R /XYZ 71.731 341.281 null] >> endobj 3812 0 obj << /D [3805 0 R /XYZ 71.731 308.539 null] >> endobj 3813 0 obj << /D [3805 0 R /XYZ 204.502 297.61 null] >> endobj 3814 0 obj << /D [3805 0 R /XYZ 71.731 275.528 null] >> endobj 3815 0 obj << /D [3805 0 R /XYZ 184.567 264.733 null] >> endobj 3816 0 obj << /D [3805 0 R /XYZ 371.066 264.733 null] >> endobj 3817 0 obj << /D [3805 0 R /XYZ 71.731 242.651 null] >> endobj 3818 0 obj << /D [3805 0 R /XYZ 206.784 231.857 null] >> endobj 3819 0 obj << /D [3805 0 R /XYZ 71.731 209.774 null] >> endobj 3820 0 obj << /D [3805 0 R /XYZ 71.731 163.946 null] >> endobj 3821 0 obj << /D [3805 0 R /XYZ 329.253 140.2 null] >> endobj 3822 0 obj << /D [3805 0 R /XYZ 71.731 112.141 null] >> endobj 3804 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3825 0 obj << /Length 1555 /Filter /FlateDecode >> stream xڭXYo6~ϯ0ˀM밮y#)Rtb,=*)%O"iq曏Pv'ۉ;byM֛hœ8Qu>%lC zo;FZaZլ5ռU#Zdr-A-uEۚ;p5N Q, DaZ9Ul\^+a /8qKrfjUuO-xAMz%YKr5E1qr&( Ȇ( #J)v ͓E<8ͅ۞h3@Ս Xfۮ$ʻ̾umds5!{`0F7,suDhGTB|OZI~ҹ(WWy,ں-ҽE|'s2Bg!O,*Yy?A%m>u j,ϖ:`fA]iz9~,d-~3 ȶj~7Jc? Dݠ1e(rmVi {6IQEE"BZP ؋PpHؐ{5R0IOqzh,UH94KS T|ZX}{^Gk㪇x~?KcHsqqQTu )6(|RBQOfhtw FW;D*ąn;Vv)btOn?mmkfɾaM!<(EMԓkfl;!GĂڃԋ;0)h0 j"2ѣf((1aJ;O[dHeeiIWݒNodNM hgau#}lɫ+Nsb Lhv= i|C)P{ n(GPR4HmAYn:wц]+I={HrT{(1GѢR 7Gr8#hB`ʌrm0LYltnM$%[:7EWVR?eĜ,[QO=7 ԕԖ;;BM9EPkqdJ\P$|W?iV[j x; oJ endstream endobj 3824 0 obj << /Type /Page /Contents 3825 0 R /Resources 3823 0 R /MediaBox [0 0 593.051 789.041] /Parent 3803 0 R >> endobj 3826 0 obj << /D [3824 0 R /XYZ -1.269 814.22 null] >> endobj 3827 0 obj << /D [3824 0 R /XYZ 71.731 718.306 null] >> endobj 3828 0 obj << /D [3824 0 R /XYZ 438.654 708.344 null] >> endobj 3829 0 obj << /D [3824 0 R /XYZ 252.03 673.375 null] >> endobj 3830 0 obj << /D [3824 0 R /XYZ 345.97 673.375 null] >> endobj 3831 0 obj << /D [3824 0 R /XYZ 453.293 673.375 null] >> endobj 3832 0 obj << /D [3824 0 R /XYZ 71.731 666.399 null] >> endobj 3833 0 obj << /D [3824 0 R /XYZ 227.696 656.737 null] >> endobj 3834 0 obj << /D [3824 0 R /XYZ 321.636 656.737 null] >> endobj 3835 0 obj << /D [3824 0 R /XYZ 76.712 640.1 null] >> endobj 3836 0 obj << /D [3824 0 R /XYZ 71.731 620.174 null] >> endobj 3837 0 obj << /D [3824 0 R /XYZ 392.648 596.862 null] >> endobj 3838 0 obj << /D [3824 0 R /XYZ 501.176 596.862 null] >> endobj 3839 0 obj << /D [3824 0 R /XYZ 76.712 567.273 null] >> endobj 410 0 obj << /D [3824 0 R /XYZ 322.06 527.9 null] >> endobj 3840 0 obj << /D [3824 0 R /XYZ 71.731 514.746 null] >> endobj 3823 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3843 0 obj << /Length 1549 /Filter /FlateDecode >> stream xڭX]o6}ϯ@EV>ٺu/ ð,YT~:ɲL^s奱`wRF^쏎( JB2kzn]/ě[^{ZV?W]v*3Vꇒw~buO])T5Ǖ*% _O2Sۣ=鍜^mwM{j딝!NT6gtV$+2&k֨f(z4[#H yXWJ@f2R49|lI{ժS%3ՠXiّxcO#C>Mycە|_,ty6渕2yV^+pIԒ Z-܂ qh{ J_LԂTxLat%`XB׿h^n}k:ڦY@(5 Z룠A~hk+/:KV$ hm>~>hK({LQ ˭T[tmG^bʢxX Z i3I@5Y%a$ :A|"?롈>ƣ{[031]3+ٜ'lڶkx]LyӮ^oΠ7O:ﻢ`rk0+ƣH.6r$M!Hx{^uղbɷzb4O# *V~R3?j;s$~r,Xe^lc)"qH)_ @ v}H2?_jqՕ| ooʇI%rzY}oN8khΎCcHqXhQ&N6+Uv)g5N׽ u,$-i| u7:r#*?5R#Iu:j'iƛFZHAIDҭ.$Aq+ʏr1Xᒨ /I@b\$"iǚf/ց;ܿH4h%*(1TOԼZ(IӍlJSt\gZz)xӢ/JRNgXU݌WZE]V 8t.+$[F5kt!ɺ8;}: _ŝaP%B04I)Zc$ n,ںԠckO y endstream endobj 3842 0 obj << /Type /Page /Contents 3843 0 R /Resources 3841 0 R /MediaBox [0 0 593.051 789.041] /Parent 3803 0 R >> endobj 3844 0 obj << /D [3842 0 R /XYZ -1.269 814.22 null] >> endobj 1186 0 obj << /D [3842 0 R /XYZ 71.731 653.45 null] >> endobj 414 0 obj << /D [3842 0 R /XYZ 313.416 608.195 null] >> endobj 3845 0 obj << /D [3842 0 R /XYZ 71.731 584.44 null] >> endobj 3846 0 obj << /D [3842 0 R /XYZ 71.731 553.236 null] >> endobj 3847 0 obj << /D [3842 0 R /XYZ 71.731 553.236 null] >> endobj 3848 0 obj << /D [3842 0 R /XYZ 71.731 520.494 null] >> endobj 3849 0 obj << /D [3842 0 R /XYZ 204.502 509.565 null] >> endobj 3850 0 obj << /D [3842 0 R /XYZ 71.731 494.457 null] >> endobj 3851 0 obj << /D [3842 0 R /XYZ 71.731 479.513 null] >> endobj 3852 0 obj << /D [3842 0 R /XYZ 71.731 466.561 null] >> endobj 3853 0 obj << /D [3842 0 R /XYZ 139.477 450.786 null] >> endobj 3854 0 obj << /D [3842 0 R /XYZ 161.335 437.834 null] >> endobj 3855 0 obj << /D [3842 0 R /XYZ 309.569 437.834 null] >> endobj 3856 0 obj << /D [3842 0 R /XYZ 379.556 437.834 null] >> endobj 3857 0 obj << /D [3842 0 R /XYZ 71.731 412.763 null] >> endobj 3858 0 obj << /D [3842 0 R /XYZ 71.731 399.812 null] >> endobj 3859 0 obj << /D [3842 0 R /XYZ 139.477 384.036 null] >> endobj 3860 0 obj << /D [3842 0 R /XYZ 149.718 358.133 null] >> endobj 3861 0 obj << /D [3842 0 R /XYZ 385.76 345.182 null] >> endobj 3862 0 obj << /D [3842 0 R /XYZ 71.731 343.025 null] >> endobj 418 0 obj << /D [3842 0 R /XYZ 221.609 305.809 null] >> endobj 3863 0 obj << /D [3842 0 R /XYZ 71.731 282.914 null] >> endobj 3864 0 obj << /D [3842 0 R /XYZ 317.557 259.981 null] >> endobj 3865 0 obj << /D [3842 0 R /XYZ 407.688 259.981 null] >> endobj 3866 0 obj << /D [3842 0 R /XYZ 71.731 231.921 null] >> endobj 3867 0 obj << /D [3842 0 R /XYZ 71.731 216.977 null] >> endobj 3868 0 obj << /D [3842 0 R /XYZ 71.731 157.964 null] >> endobj 3869 0 obj << /D [3842 0 R /XYZ 166.047 132.061 null] >> endobj 3870 0 obj << /D [3842 0 R /XYZ 257.124 132.061 null] >> endobj 3871 0 obj << /D [3842 0 R /XYZ 119.552 119.109 null] >> endobj 3872 0 obj << /D [3842 0 R /XYZ 208.607 119.109 null] >> endobj 3841 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3875 0 obj << /Length 1524 /Filter /FlateDecode >> stream xXM60&%Qȡ٦m." Zm6~š>l&9ғ(y36&t0,2j; RN"L0 )&f/JyGJ]]|禌8ʯ[nצr#WrTճ:\U}ZrA`b=Lss|2"i@Ae83){+tYb@fƍ/ +y@DjRLզڟJ܆H(,eu팥S$qdw&Kq6Vdڸ,1ӃD;1~3K2!)M&s[$v~]:'3FasOٔ`a'+ M^8!(Q̍,D)*_iRS+(G0 dH3x] nQҙ>\vĔd`QeḘƮau>f,e8SY1lQ,=F~c#i-kLmjCPRq}\xtx`;5 akrO6RQJRK.Jܒ$^*b;? ?^v@rf)t:QFF[HX$FԫZD 66,'Iq>L]u|V@^N8l0%`fd+rN39OBB0u?5B /WEzS\Bzfx "6VPI-qq/xp#Ng= Gr gsݥ@ua+/y&Hp/9nCrrXoxeU.?KGn{+͓IbthOda< -\>z h%ڲ*t/҇z;ҵgp6Ȁt{ _a_6a'M!mVlлebN뼩8l gO=]ap^Jewm &'1G:iQa K)rGsԣF{iq^ JH%]ZrĶʏ$~,Y{mouܓ7ibv薑DC͠W†6c22,./]S@!΄QfDs򯾮d{N45󍿤nUݝc%[$9.ƔV< bI”%˗,"aMEK"kofn>y$߶׼8}·U^G7ds:|fu hh)&lۧ>jgc1߸dz4~K<=6A'[,e m#n^QTޅ8Ȳz%õ~- |579<`MA̋] )LhI=&`˻ſ'1 endstream endobj 3874 0 obj << /Type /Page /Contents 3875 0 R /Resources 3873 0 R /MediaBox [0 0 593.051 789.041] /Parent 3803 0 R >> endobj 3876 0 obj << /D [3874 0 R /XYZ -1.269 814.22 null] >> endobj 3877 0 obj << /D [3874 0 R /XYZ 71.731 718.306 null] >> endobj 3878 0 obj << /D [3874 0 R /XYZ 119.552 695.392 null] >> endobj 3879 0 obj << /D [3874 0 R /XYZ 199.003 695.392 null] >> endobj 3880 0 obj << /D [3874 0 R /XYZ 71.731 673.445 null] >> endobj 3881 0 obj << /D [3874 0 R /XYZ 71.731 589.001 null] >> endobj 3882 0 obj << /D [3874 0 R /XYZ 119.552 564.882 null] >> endobj 3883 0 obj << /D [3874 0 R /XYZ 191.432 564.882 null] >> endobj 3884 0 obj << /D [3874 0 R /XYZ 71.731 544.777 null] >> endobj 3885 0 obj << /D [3874 0 R /XYZ 119.552 519.054 null] >> endobj 3886 0 obj << /D [3874 0 R /XYZ 190.346 519.054 null] >> endobj 3887 0 obj << /D [3874 0 R /XYZ 71.731 497.106 null] >> endobj 3888 0 obj << /D [3874 0 R /XYZ 71.731 451.143 null] >> endobj 3889 0 obj << /D [3874 0 R /XYZ 235.247 440.349 null] >> endobj 3890 0 obj << /D [3874 0 R /XYZ 71.731 412.289 null] >> endobj 3891 0 obj << /D [3874 0 R /XYZ 71.731 397.345 null] >> endobj 3892 0 obj << /D [3874 0 R /XYZ 387.224 376.189 null] >> endobj 3893 0 obj << /D [3874 0 R /XYZ 71.731 326.675 null] >> endobj 3894 0 obj << /D [3874 0 R /XYZ 119.552 300.772 null] >> endobj 3895 0 obj << /D [3874 0 R /XYZ 207.282 300.772 null] >> endobj 3896 0 obj << /D [3874 0 R /XYZ 264.792 300.772 null] >> endobj 3897 0 obj << /D [3874 0 R /XYZ 354.176 300.772 null] >> endobj 3898 0 obj << /D [3874 0 R /XYZ 71.731 298.312 null] >> endobj 422 0 obj << /D [3874 0 R /XYZ 322.06 260.154 null] >> endobj 3899 0 obj << /D [3874 0 R /XYZ 71.731 247 null] >> endobj 3873 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3902 0 obj << /Length 1175 /Filter /FlateDecode >> stream xڥWY6~_! MJ$C-tu>p%"+:%53^Ia")ouՇ^`qego{zڜs_(N],5"O*a֦iٴ0RE+-Oj_`)/ Ֆ+6Zl &qN ,N#uW>珪0c (5.1p-!8 ghxU,@qQKKjR{ȫ w5Q z&'ʩmڸ#v,4y[d$/uDWE䢪dMq{u yay;0]K_V* W_7i|4($.@p'1iTDHŢ@U˦DNEf<UM>"oaZEsgm\ĩ*py- -U ?699+cQT(SM+!dC~aQXξ)w.!(fɣ F&:&vU i&DEKo{m?*! OD!w ͪ q'e˕~"g@izb! GG$QQs{y27f77”Fb͚mH"YBJ(> endobj 3903 0 obj << /D [3901 0 R /XYZ -1.269 814.22 null] >> endobj 1187 0 obj << /D [3901 0 R /XYZ 71.731 350.386 null] >> endobj 426 0 obj << /D [3901 0 R /XYZ 338.395 305.132 null] >> endobj 3904 0 obj << /D [3901 0 R /XYZ 71.731 281.376 null] >> endobj 3905 0 obj << /D [3901 0 R /XYZ 235.057 272.255 null] >> endobj 3906 0 obj << /D [3901 0 R /XYZ 71.731 237.222 null] >> endobj 3907 0 obj << /D [3901 0 R /XYZ 71.731 237.222 null] >> endobj 3908 0 obj << /D [3901 0 R /XYZ 71.731 224.405 null] >> endobj 3909 0 obj << /D [3901 0 R /XYZ 71.731 209.461 null] >> endobj 3910 0 obj << /D [3901 0 R /XYZ 234.492 164.858 null] >> endobj 3900 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3913 0 obj << /Length 1979 /Filter /FlateDecode >> stream xڵXIϯЭ͝S*d&qyM%d n˿>{"g)X}oA9m_~xݻ,cMz(<6UF"<4_oά3\ioQ8NOOrf_zG5|ۓ.Fݿ*F@d">)P}GE|B=EOG4Ļx%g8jvwe;nd ;7:)jfj{25oDU>ELW:>I#Y1(5[0!-E;F BqtH?a^8/w |?J2L#, )`bN2 dmx󗵽D: ҼŪdF ;hew#"`P⁤sYO%gLLG,8F8\55B2 2&wBA؞$ITVVNj F\@̣صϝ"~0V){jsZ=A6(ӹKULls8;YSY,9OfVs9JsC%:nuͧ :#bPx{ A&&( "lVUEWSUdaД?s- hr$CoΫ"Ѣ}{/sX2Pro9*. /g%;mұVw!<,TşlւuW1ڍWNZ dhJ@Yv!p~ZNDUO ;ֶ"\_`9xxs+Mw4wDϰu,r?aLW!C2>uUJ/Q!E2J2"{n-ř콯0njѤGB_)40+&INcfeiLiQWĻ0H J˨(=TOESj";~m^Ts`*J7|.0LoJ{K[Q̣*WoPHA֏#CI󧖠@!/t[I716+lsQ| Q#\ykEXKsc@hϩ&'Zw~!l=vމK@P4֤_S0eLrm&44ÓLd!Nܸ}bc/F&֓XDzwmI~G;#( m@s,^KV[ y}ٽb(m8O>^ Aw#Ι{9D48ωZ*7@˥y}>͎t@߹A2We pɰEB7 5YfpTp|trZYM/vًB.w Ԗ{X v@!VotpD Ժ1sǬMH;ITgeT. x_5)aVCqO| s> endobj 3914 0 obj << /D [3912 0 R /XYZ -1.269 814.22 null] >> endobj 3915 0 obj << /D [3912 0 R /XYZ 71.731 718.306 null] >> endobj 3916 0 obj << /D [3912 0 R /XYZ 204.502 708.344 null] >> endobj 3917 0 obj << /D [3912 0 R /XYZ 480.384 708.344 null] >> endobj 3918 0 obj << /D [3912 0 R /XYZ 323.515 695.392 null] >> endobj 3919 0 obj << /D [3912 0 R /XYZ 71.731 683.273 null] >> endobj 3920 0 obj << /D [3912 0 R /XYZ 129.514 652.553 null] >> endobj 3921 0 obj << /D [3912 0 R /XYZ 71.731 650.396 null] >> endobj 3922 0 obj << /D [3912 0 R /XYZ 129.514 634.62 null] >> endobj 3923 0 obj << /D [3912 0 R /XYZ 71.731 632.463 null] >> endobj 3924 0 obj << /D [3912 0 R /XYZ 129.514 616.687 null] >> endobj 3925 0 obj << /D [3912 0 R /XYZ 71.731 616.588 null] >> endobj 3926 0 obj << /D [3912 0 R /XYZ 129.514 598.755 null] >> endobj 3927 0 obj << /D [3912 0 R /XYZ 71.731 560.897 null] >> endobj 3928 0 obj << /D [3912 0 R /XYZ 231.302 522.042 null] >> endobj 3929 0 obj << /D [3912 0 R /XYZ 71.731 474.057 null] >> endobj 3930 0 obj << /D [3912 0 R /XYZ 168.258 450.311 null] >> endobj 3931 0 obj << /D [3912 0 R /XYZ 71.731 363.472 null] >> endobj 3932 0 obj << /D [3912 0 R /XYZ 444.918 352.677 null] >> endobj 3933 0 obj << /D [3912 0 R /XYZ 71.731 304.692 null] >> endobj 3934 0 obj << /D [3912 0 R /XYZ 71.731 291.741 null] >> endobj 3935 0 obj << /D [3912 0 R /XYZ 71.731 276.797 null] >> endobj 3936 0 obj << /D [3912 0 R /XYZ 71.731 237.009 null] >> endobj 3937 0 obj << /D [3912 0 R /XYZ 425.813 227.347 null] >> endobj 3938 0 obj << /D [3912 0 R /XYZ 245.404 215.691 null] >> endobj 3939 0 obj << /D [3912 0 R /XYZ 76.712 186.102 null] >> endobj 430 0 obj << /D [3912 0 R /XYZ 286.984 146.73 null] >> endobj 3940 0 obj << /D [3912 0 R /XYZ 71.731 126.625 null] >> endobj 3941 0 obj << /D [3912 0 R /XYZ 283.755 100.902 null] >> endobj 3942 0 obj << /D [3912 0 R /XYZ 71.731 98.745 null] >> endobj 3911 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3946 0 obj << /Length 1955 /Filter /FlateDecode >> stream xڽYێ6}W-vfDvK&l"J]R@?ëEYM4K4˙hE=yE*Tq>Y2C).fE2g7;*82}E]%Iv smpٙ+vtF`ݝYu\,Qdz"f*SfKg̳2NQF arFam>'[sO8m'}-55nIG|͖Ea}.A [ kT/ ~Z -uW7w`T|m*{wVm\Hk-w@eؘKx=ˆn-ۋƧ͞gdtlG-d2D#;o+E94oǛČ&L>!/χ_NA_^]}e(f%| [5oy}8EIOO{B(ݻSўY5<U%PZ9/A ySus2*7̊MSX;֬ڕT0 K݆dMHkL-308*D\)I!DJ`sGwU'm!_!7:-{>+ o/0F8ID@qٲTagуme&@0:@yJ4 P4jȼ6q $M }?}ҶRMBNofQBG|oL\ exKG6>VSY)J|ZT%BDVmYTqڹW4s'|<b'QBvtwȏϴ0A1iln'&[}^>`,N?K)c:@|v>M'X2# h=+!Nu@U [ 2%2z9rDHr|s}}i~su]!OZ}49)MQ!b)$~4@ဇ8cLz^KR?XI"(\Go MlHw<TLi9t{;Ӛj+ļҩZP X!J ["KU3+L G _EKGͽ:C&aC5Kb*p"n-;}@C9VYxp 3T]3LShYܩPjuwo}':yz6 ha-[:eV+WFPp(0Cf=j]<NH`9<;\+_:[.y hmMCv~nx򓦾?%qDtX[2KcV KZ5iu@FfHg6II檇 \Jji0\gPg~' ]<7IPYVI}G1) +dFLW_8QH(h[ݎwDy`+5؊`!NLNC^a yQ>8:vق=xk(o5zQ>|m)K_&&itnP/@pPpc;;hOĞ6OGpFeG6J|ru? endstream endobj 3945 0 obj << /Type /Page /Contents 3946 0 R /Resources 3944 0 R /MediaBox [0 0 593.051 789.041] /Parent 3943 0 R >> endobj 3947 0 obj << /D [3945 0 R /XYZ -1.269 814.22 null] >> endobj 434 0 obj << /D [3945 0 R /XYZ 408.397 708.344 null] >> endobj 3948 0 obj << /D [3945 0 R /XYZ 71.731 685.759 null] >> endobj 3949 0 obj << /D [3945 0 R /XYZ 71.731 629.539 null] >> endobj 3950 0 obj << /D [3945 0 R /XYZ 71.731 629.539 null] >> endobj 3951 0 obj << /D [3945 0 R /XYZ 211.028 616.687 null] >> endobj 3952 0 obj << /D [3945 0 R /XYZ 287.6 616.687 null] >> endobj 3953 0 obj << /D [3945 0 R /XYZ 350.096 616.687 null] >> endobj 3954 0 obj << /D [3945 0 R /XYZ 434.936 603.736 null] >> endobj 3955 0 obj << /D [3945 0 R /XYZ 157.424 590.785 null] >> endobj 3956 0 obj << /D [3945 0 R /XYZ 386.657 564.882 null] >> endobj 3957 0 obj << /D [3945 0 R /XYZ 71.731 561.48 null] >> endobj 438 0 obj << /D [3945 0 R /XYZ 341.293 528.169 null] >> endobj 3958 0 obj << /D [3945 0 R /XYZ 71.731 505.584 null] >> endobj 3959 0 obj << /D [3945 0 R /XYZ 231.232 495.293 null] >> endobj 3960 0 obj << /D [3945 0 R /XYZ 275.505 495.293 null] >> endobj 3961 0 obj << /D [3945 0 R /XYZ 134.217 482.341 null] >> endobj 3962 0 obj << /D [3945 0 R /XYZ 198.037 469.39 null] >> endobj 3963 0 obj << /D [3945 0 R /XYZ 220.174 456.438 null] >> endobj 3964 0 obj << /D [3945 0 R /XYZ 71.731 434.476 null] >> endobj 3965 0 obj << /D [3945 0 R /XYZ 71.731 434.476 null] >> endobj 3966 0 obj << /D [3945 0 R /XYZ 246.056 423.562 null] >> endobj 3967 0 obj << /D [3945 0 R /XYZ 311.995 423.562 null] >> endobj 3968 0 obj << /D [3945 0 R /XYZ 374.49 423.562 null] >> endobj 3969 0 obj << /D [3945 0 R /XYZ 71.731 421.539 null] >> endobj 3970 0 obj << /D [3945 0 R /XYZ 71.731 406.595 null] >> endobj 3971 0 obj << /D [3945 0 R /XYZ 71.731 324.135 null] >> endobj 442 0 obj << /D [3945 0 R /XYZ 421.765 284.762 null] >> endobj 3972 0 obj << /D [3945 0 R /XYZ 71.731 261.645 null] >> endobj 3973 0 obj << /D [3945 0 R /XYZ 71.731 218.909 null] >> endobj 3974 0 obj << /D [3945 0 R /XYZ 71.731 218.909 null] >> endobj 3975 0 obj << /D [3945 0 R /XYZ 215.441 206.057 null] >> endobj 3976 0 obj << /D [3945 0 R /XYZ 324.418 206.057 null] >> endobj 3977 0 obj << /D [3945 0 R /XYZ 386.914 206.057 null] >> endobj 3978 0 obj << /D [3945 0 R /XYZ 71.731 158.072 null] >> endobj 3979 0 obj << /D [3945 0 R /XYZ 339.444 134.326 null] >> endobj 3944 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 3982 0 obj << /Length 1583 /Filter /FlateDecode >> stream xXKs6Wi&A8MNH 1 wA<ڽғ@ vۅnnb)J|)YlۊZ&W$[aLL)z(o^bfP ՚oZJ yh᭐?7?^akTlY& Jqa('*?U."dݼodF10fb_feNK2-#$7)?%5ٽHvUA49GbT[F-G=0&H ] {`Qژd稴S8а.ZEŲTU_;57fvNÛH'ѠuQLQ(j7 tmWImA97yM*fz_D5N4 pkWEްU/g=BH$3l V%pphZ~$S^}kr"%(Ya_O9\ -=oJ~)%"SWy^5q `I;wH \K4c \oތ"ts۪Sf3='8wK~80 vx\$`o3/FTctJg~|t$^|JHl.a\霢rJ5J% $h%mxln>Y:-+46Əa4P fR/oɓ(JhUOzc֮ J _AMa9GQ ل@&e Wh,b {S]5!ZC' sc`iese[.Fmn>蓄+nz[.܉J*\]O5ሡiG2a/ NF ̎OiRzNxHʕm-53!xmimF<(vCγm/qL$E$w&9 dF1iIEf;Arijy`u5BCLvci>UQo*nx A<ǹ$97OiO5 楣mAҢYq\ٲyk`Yc|"͂/FhB)24ym Qw} Υ&y NLysP^\+Ibo$";A'÷T>Ez)N!/Nj /ܗ f$-~TS ǿ%ZD ?/0@z@+`:/VZ_"@kz.{(!PVɟV]ZP,B$6Fdx endstream endobj 3981 0 obj << /Type /Page /Contents 3982 0 R /Resources 3980 0 R /MediaBox [0 0 593.051 789.041] /Parent 3943 0 R >> endobj 3983 0 obj << /D [3981 0 R /XYZ -1.269 814.22 null] >> endobj 3984 0 obj << /D [3981 0 R /XYZ 71.731 718.306 null] >> endobj 3985 0 obj << /D [3981 0 R /XYZ 71.731 718.306 null] >> endobj 3986 0 obj << /D [3981 0 R /XYZ 219.616 708.344 null] >> endobj 3987 0 obj << /D [3981 0 R /XYZ 71.731 691.99 null] >> endobj 446 0 obj << /D [3981 0 R /XYZ 466.668 654.775 null] >> endobj 3988 0 obj << /D [3981 0 R /XYZ 71.731 631.657 null] >> endobj 3989 0 obj << /D [3981 0 R /XYZ 71.731 631.657 null] >> endobj 3990 0 obj << /D [3981 0 R /XYZ 175.72 608.946 null] >> endobj 3991 0 obj << /D [3981 0 R /XYZ 71.731 548.01 null] >> endobj 3992 0 obj << /D [3981 0 R /XYZ 179.038 537.215 null] >> endobj 3993 0 obj << /D [3981 0 R /XYZ 71.731 515.133 null] >> endobj 3994 0 obj << /D [3981 0 R /XYZ 71.731 515.133 null] >> endobj 3995 0 obj << /D [3981 0 R /XYZ 212.134 504.339 null] >> endobj 3996 0 obj << /D [3981 0 R /XYZ 71.731 469.305 null] >> endobj 3997 0 obj << /D [3981 0 R /XYZ 264.805 432.608 null] >> endobj 3998 0 obj << /D [3981 0 R /XYZ 71.731 410.526 null] >> endobj 3999 0 obj << /D [3981 0 R /XYZ 71.731 410.526 null] >> endobj 4000 0 obj << /D [3981 0 R /XYZ 228.014 399.731 null] >> endobj 4001 0 obj << /D [3981 0 R /XYZ 71.731 364.697 null] >> endobj 4002 0 obj << /D [3981 0 R /XYZ 71.731 364.697 null] >> endobj 4003 0 obj << /D [3981 0 R /XYZ 206.415 353.903 null] >> endobj 4004 0 obj << /D [3981 0 R /XYZ 71.731 337.923 null] >> endobj 450 0 obj << /D [3981 0 R /XYZ 221.609 300.334 null] >> endobj 4005 0 obj << /D [3981 0 R /XYZ 71.731 277.439 null] >> endobj 4006 0 obj << /D [3981 0 R /XYZ 71.731 277.439 null] >> endobj 4007 0 obj << /D [3981 0 R /XYZ 187.566 267.457 null] >> endobj 4008 0 obj << /D [3981 0 R /XYZ 71.731 245.509 null] >> endobj 4009 0 obj << /D [3981 0 R /XYZ 71.731 245.509 null] >> endobj 4010 0 obj << /D [3981 0 R /XYZ 194.62 234.58 null] >> endobj 4011 0 obj << /D [3981 0 R /XYZ 71.731 199.92 null] >> endobj 4012 0 obj << /D [3981 0 R /XYZ 71.731 199.92 null] >> endobj 4013 0 obj << /D [3981 0 R /XYZ 185.564 188.752 null] >> endobj 4014 0 obj << /D [3981 0 R /XYZ 71.731 166.67 null] >> endobj 4015 0 obj << /D [3981 0 R /XYZ 71.731 166.67 null] >> endobj 4016 0 obj << /D [3981 0 R /XYZ 194.769 155.875 null] >> endobj 4017 0 obj << /D [3981 0 R /XYZ 71.731 133.793 null] >> endobj 4018 0 obj << /D [3981 0 R /XYZ 71.731 133.793 null] >> endobj 4019 0 obj << /D [3981 0 R /XYZ 219.616 122.999 null] >> endobj 3980 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4022 0 obj << /Length 1865 /Filter /FlateDecode >> stream xڵX[6~ϯ0 ɤMf/ҢGmbeѡ=(/ErsPb?>aE- R4]lv '$EQ't.~_^IsZ$X&>d>UۮL7}q-Qk^ }oZhؔlZiB4YiL F{C9U/ys{ŋ4XB 'qJanjopSn{J3kgvmOOia{ط;Q !p8"YB!lt7h_cC*pҊK-~$V!,VC ,&TWy$ɽ3>a3p⋘.rs8=XK@:\8n7`'Ñ]Bw@#b88dECR@5V&>O3{U䲞4O!A"֍g q@h< wpT`'|-JOHs!zj_B9g[-SR `!XZ/f^)U_dykrn~,c!Sx܋4 tH wa4'iʛ^__>~ )wdT k)l{+ m[q4:4*&11L͉Lt&&SE)o9?$ 75 J4@LBߟsyO38)kO'J撠{+ 0s' 1(̳+,!I]`8z,C%<-^8GrʆʼP/ƢxRdʭik M UY 6mAcg."%E } p_B 68 $^xQC+TGdn vjmE0$i'eJ"s2,l4t3psj`no-opoJb~2^:ށ/g<&i 28" -2g]t}yq¦˧gi,*|>g{?lqc=bޟWFYJ58oH<qXІC uuߓ^=Z%){bU%+#צJ1ȷ}ˏۋ{.aUvd ~+n }ckhƶ_Fۖf_LOZSHˍh5;e!oݙG+@܇+qw4 9);)/F,l䯋[a"}P ͹#tq 0x9'm[w5,!Ib) O(.J+e᪠g&s!]S1-JET1wo,8ΕrMS|jF᳌aMKq"k,KlC2#MS<`p#joЏHTd})p}krKݮLy1. Y/LH+w,uRWˡ's%a8چu-4G!]/2Iga+` G2ԝE@FʂK*ϘuDpRg$M_Q@]z,h4zOe endstream endobj 4021 0 obj << /Type /Page /Contents 4022 0 R /Resources 4020 0 R /MediaBox [0 0 593.051 789.041] /Parent 3943 0 R >> endobj 4023 0 obj << /D [4021 0 R /XYZ -1.269 814.22 null] >> endobj 4024 0 obj << /D [4021 0 R /XYZ 71.731 718.306 null] >> endobj 4025 0 obj << /D [4021 0 R /XYZ 71.731 718.306 null] >> endobj 4026 0 obj << /D [4021 0 R /XYZ 228.014 708.344 null] >> endobj 4027 0 obj << /D [4021 0 R /XYZ 71.731 673.31 null] >> endobj 4028 0 obj << /D [4021 0 R /XYZ 71.731 673.31 null] >> endobj 4029 0 obj << /D [4021 0 R /XYZ 212.134 662.516 null] >> endobj 4030 0 obj << /D [4021 0 R /XYZ 71.731 627.482 null] >> endobj 4031 0 obj << /D [4021 0 R /XYZ 71.731 627.482 null] >> endobj 4032 0 obj << /D [4021 0 R /XYZ 206.415 616.687 null] >> endobj 4033 0 obj << /D [4021 0 R /XYZ 71.731 582.027 null] >> endobj 4034 0 obj << /D [4021 0 R /XYZ 71.731 582.027 null] >> endobj 4035 0 obj << /D [4021 0 R /XYZ 201.603 570.859 null] >> endobj 4036 0 obj << /D [4021 0 R /XYZ 71.731 536.199 null] >> endobj 4037 0 obj << /D [4021 0 R /XYZ 71.731 536.199 null] >> endobj 4038 0 obj << /D [4021 0 R /XYZ 188.234 525.031 null] >> endobj 4039 0 obj << /D [4021 0 R /XYZ 157.459 512.08 null] >> endobj 4040 0 obj << /D [4021 0 R /XYZ 347.515 499.128 null] >> endobj 4041 0 obj << /D [4021 0 R /XYZ 71.731 496.971 null] >> endobj 4042 0 obj << /D [4021 0 R /XYZ 71.731 482.027 null] >> endobj 4043 0 obj << /D [4021 0 R /XYZ 71.731 453.895 null] >> endobj 4044 0 obj << /D [4021 0 R /XYZ 71.731 453.895 null] >> endobj 4045 0 obj << /D [4021 0 R /XYZ 206.527 444.234 null] >> endobj 4046 0 obj << /D [4021 0 R /XYZ 71.731 426.737 null] >> endobj 4047 0 obj << /D [4021 0 R /XYZ 71.731 410.775 null] >> endobj 4048 0 obj << /D [4021 0 R /XYZ 71.731 410.775 null] >> endobj 4049 0 obj << /D [4021 0 R /XYZ 206.527 399.303 null] >> endobj 4050 0 obj << /D [4021 0 R /XYZ 71.731 349.788 null] >> endobj 4051 0 obj << /D [4021 0 R /XYZ 163.546 336.837 null] >> endobj 4052 0 obj << /D [4021 0 R /XYZ 391.031 336.837 null] >> endobj 4053 0 obj << /D [4021 0 R /XYZ 71.731 314.755 null] >> endobj 4054 0 obj << /D [4021 0 R /XYZ 71.731 303.861 null] >> endobj 4055 0 obj << /D [4021 0 R /XYZ 139.477 286.027 null] >> endobj 4056 0 obj << /D [4021 0 R /XYZ 71.731 248.005 null] >> endobj 4057 0 obj << /D [4021 0 R /XYZ 71.731 237.111 null] >> endobj 4058 0 obj << /D [4021 0 R /XYZ 139.477 219.278 null] >> endobj 4059 0 obj << /D [4021 0 R /XYZ 417.292 219.278 null] >> endobj 4060 0 obj << /D [4021 0 R /XYZ 167.143 206.326 null] >> endobj 4061 0 obj << /D [4021 0 R /XYZ 215.522 206.326 null] >> endobj 4062 0 obj << /D [4021 0 R /XYZ 263.571 206.326 null] >> endobj 4063 0 obj << /D [4021 0 R /XYZ 71.731 158.341 null] >> endobj 4064 0 obj << /D [4021 0 R /XYZ 210.321 147.547 null] >> endobj 4065 0 obj << /D [4021 0 R /XYZ 417.571 147.547 null] >> endobj 4066 0 obj << /D [4021 0 R /XYZ 150.266 134.595 null] >> endobj 4067 0 obj << /D [4021 0 R /XYZ 168.03 134.595 null] >> endobj 4068 0 obj << /D [4021 0 R /XYZ 205.29 134.595 null] >> endobj 4020 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R /F68 1764 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4072 0 obj << /Length 2004 /Filter /FlateDecode >> stream xڍXے6}W(O#U0T;$d*;DB*$س vIEH\9h[WWo_ݼՎ Y=VAOWi,Viϭh6 1[U5>+ͫ5ړI[n&F/RlU+M[?YīmШ?لd}|?e;jqR%xPMȏ^U]R"+[^GYclOꚜUA-Uͼ}4%8[#Wu+뎷Ҿ1 i'-%4#lylpl8)5X˗MY?zkY `_6X}}=޾XZύ"-Ug;R+ &\|_0;:-J'S@ƝIײҘg'-:ޡ+ˉwѷKzRQ08ڌ}^!A4yZ!iΐ`>JH%-<%A|kR' ƞ ! .Q.þeV6NQZMȽѧ@iA.dp88q$=1 %`fl[u6IɊ`ږ 16˹a|ûj__0s@ P]{9UFy x.t`~@xM\.%7Z[)V$$2)KYlr ۛ uM5|/bIuFƭOdLO5{q"ĖvbP~Esk[hli7>eUB_CAK VzNYAg@eASrsp}"('SU <+xikM5 %bQTr<8 G ,l2,׬ FF, bxnp՞^K 0IaǢ&ڟ]'0z KaڟUJw;,]M f)` l,(4/k){C<̀8^mF]OI~t[lECJ\VO:R:Sfc◃@~Çؔ;94S-֨QDy+lF endstream endobj 4071 0 obj << /Type /Page /Contents 4072 0 R /Resources 4070 0 R /MediaBox [0 0 593.051 789.041] /Parent 3943 0 R /Annots [ 4069 0 R ] >> endobj 4069 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [254.495 165.375 301.346 175.85] /A << /S /GoTo /D (0:CONFIGURATION-EMAIL) >> >> endobj 4073 0 obj << /D [4071 0 R /XYZ -1.269 814.22 null] >> endobj 4074 0 obj << /D [4071 0 R /XYZ 71.731 741.22 null] >> endobj 4075 0 obj << /D [4071 0 R /XYZ 71.731 718.306 null] >> endobj 4076 0 obj << /D [4071 0 R /XYZ 71.731 708.244 null] >> endobj 4077 0 obj << /D [4071 0 R /XYZ 139.477 690.411 null] >> endobj 4078 0 obj << /D [4071 0 R /XYZ 71.731 652.389 null] >> endobj 4079 0 obj << /D [4071 0 R /XYZ 71.731 641.494 null] >> endobj 4080 0 obj << /D [4071 0 R /XYZ 139.477 623.661 null] >> endobj 4081 0 obj << /D [4071 0 R /XYZ 71.731 588.628 null] >> endobj 4082 0 obj << /D [4071 0 R /XYZ 71.731 588.628 null] >> endobj 4083 0 obj << /D [4071 0 R /XYZ 298.619 551.93 null] >> endobj 4084 0 obj << /D [4071 0 R /XYZ 71.731 501.868 null] >> endobj 4085 0 obj << /D [4071 0 R /XYZ 71.731 488.817 null] >> endobj 4086 0 obj << /D [4071 0 R /XYZ 139.477 470.984 null] >> endobj 4087 0 obj << /D [4071 0 R /XYZ 227.375 458.032 null] >> endobj 4088 0 obj << /D [4071 0 R /XYZ 394.588 445.081 null] >> endobj 4089 0 obj << /D [4071 0 R /XYZ 436.112 445.081 null] >> endobj 4090 0 obj << /D [4071 0 R /XYZ 71.731 407.223 null] >> endobj 4091 0 obj << /D [4071 0 R /XYZ 71.731 407.223 null] >> endobj 4092 0 obj << /D [4071 0 R /XYZ 198.296 394.271 null] >> endobj 4093 0 obj << /D [4071 0 R /XYZ 71.731 359.238 null] >> endobj 4094 0 obj << /D [4071 0 R /XYZ 71.731 359.238 null] >> endobj 4095 0 obj << /D [4071 0 R /XYZ 188.333 348.443 null] >> endobj 4096 0 obj << /D [4071 0 R /XYZ 172.662 335.492 null] >> endobj 4097 0 obj << /D [4071 0 R /XYZ 449.381 335.492 null] >> endobj 4098 0 obj << /D [4071 0 R /XYZ 427.763 322.54 null] >> endobj 4099 0 obj << /D [4071 0 R /XYZ 189.857 309.589 null] >> endobj 4100 0 obj << /D [4071 0 R /XYZ 180.702 296.638 null] >> endobj 4101 0 obj << /D [4071 0 R /XYZ 162.709 283.686 null] >> endobj 4102 0 obj << /D [4071 0 R /XYZ 71.731 268.578 null] >> endobj 4103 0 obj << /D [4071 0 R /XYZ 71.731 253.634 null] >> endobj 4104 0 obj << /D [4071 0 R /XYZ 71.731 220.521 null] >> endobj 4105 0 obj << /D [4071 0 R /XYZ 71.731 191.572 null] >> endobj 4070 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F68 1764 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4108 0 obj << /Length 1513 /Filter /FlateDecode >> stream xXo6~_a`) C]׮E ˴-T5JJ~G/ivؓ(;~ǣn^r}b3f( p8 }"Jfכه>)k.KB9Ey)Gv̊T%}[zUGYQEw2(Zŧ< bZbFQlIDHN`o`ZfaZ0|0NQ2'|0HiTc+\,v,&smf'eg|_Dߏ񢖙]*'&B!6SJo|~ WKk\41e=GNםFP(lCRo@e#f TB7Xo0LV}ʲ^N~^*f޷06V^psK GSh`9ߪ(}L3^w0ض1@Lqt`t/=C8xv|7&O<YY}Nq(e[@fUN3lmd y9f+f`jnwo{̃+!k*:I30,ƖKAǀPr9 "z\Xj5@l"qO;8<O:'[%/Z\$ạ\Ncx @,`r]7Řxve=)IjѲj/CKb8.OܳaƇ.h.}B̧?H,דul6Y iҵ(՚&/v$ƈL nV_t < Kyb^WЦI݊a ;bWWwz ʨ QІWJOe ; U ~|b-g8DğHotL)|?E x'AfP?f;SsWPah\ "H4ָݠ)4e)enSe{؃L1te/]8X#F'.<#5rE6o> endobj 4109 0 obj << /D [4107 0 R /XYZ -1.269 814.22 null] >> endobj 4110 0 obj << /D [4107 0 R /XYZ 71.731 718.306 null] >> endobj 4111 0 obj << /D [4107 0 R /XYZ 71.731 718.306 null] >> endobj 4112 0 obj << /D [4107 0 R /XYZ 180.582 708.344 null] >> endobj 4113 0 obj << /D [4107 0 R /XYZ 71.731 627.482 null] >> endobj 4114 0 obj << /D [4107 0 R /XYZ 71.731 627.482 null] >> endobj 4115 0 obj << /D [4107 0 R /XYZ 188.712 616.687 null] >> endobj 4116 0 obj << /D [4107 0 R /XYZ 71.731 544.857 null] >> endobj 4117 0 obj << /D [4107 0 R /XYZ 71.731 544.857 null] >> endobj 4118 0 obj << /D [4107 0 R /XYZ 71.731 509.923 null] >> endobj 4119 0 obj << /D [4107 0 R /XYZ 71.731 509.923 null] >> endobj 4120 0 obj << /D [4107 0 R /XYZ 180.582 499.128 null] >> endobj 4121 0 obj << /D [4107 0 R /XYZ 293.01 486.177 null] >> endobj 4122 0 obj << /D [4107 0 R /XYZ 376.017 473.225 null] >> endobj 4123 0 obj << /D [4107 0 R /XYZ 464.196 460.274 null] >> endobj 4124 0 obj << /D [4107 0 R /XYZ 71.731 425.24 null] >> endobj 4125 0 obj << /D [4107 0 R /XYZ 71.731 425.24 null] >> endobj 4126 0 obj << /D [4107 0 R /XYZ 211.028 414.446 null] >> endobj 4127 0 obj << /D [4107 0 R /XYZ 287.6 414.446 null] >> endobj 4128 0 obj << /D [4107 0 R /XYZ 179.088 401.494 null] >> endobj 4129 0 obj << /D [4107 0 R /XYZ 215.621 401.494 null] >> endobj 4130 0 obj << /D [4107 0 R /XYZ 71.731 379.412 null] >> endobj 4131 0 obj << /D [4107 0 R /XYZ 71.731 379.412 null] >> endobj 4132 0 obj << /D [4107 0 R /XYZ 246.056 368.618 null] >> endobj 4133 0 obj << /D [4107 0 R /XYZ 311.995 368.618 null] >> endobj 4134 0 obj << /D [4107 0 R /XYZ 374.49 368.618 null] >> endobj 4135 0 obj << /D [4107 0 R /XYZ 231.889 355.666 null] >> endobj 4136 0 obj << /D [4107 0 R /XYZ 71.731 320.633 null] >> endobj 4137 0 obj << /D [4107 0 R /XYZ 71.731 320.633 null] >> endobj 4138 0 obj << /D [4107 0 R /XYZ 215.441 309.838 null] >> endobj 4139 0 obj << /D [4107 0 R /XYZ 324.418 309.838 null] >> endobj 4140 0 obj << /D [4107 0 R /XYZ 386.914 309.838 null] >> endobj 4141 0 obj << /D [4107 0 R /XYZ 71.731 280.533 null] >> endobj 454 0 obj << /D [4107 0 R /XYZ 322.06 243.318 null] >> endobj 4142 0 obj << /D [4107 0 R /XYZ 71.731 230.163 null] >> endobj 4106 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4145 0 obj << /Length 962 /Filter /FlateDecode >> stream xڭWn8}W( ۊ&p"鶍`䁖 j]JQ؏_Jl)]sHjf i'o'wy-# 09eݜ%MulS o!q> endobj 4146 0 obj << /D [4144 0 R /XYZ -1.269 814.22 null] >> endobj 4143 0 obj << /Font << /F33 939 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4150 0 obj << /Length 1603 /Filter /FlateDecode >> stream xڕXo6_`X!OCöݲ }hh,:ţ,J۽?~w9[{ 2fwX!M$`~1.>ͮ բ/XDfokUm-]j಺_vRFۙdۥVݯga]844&~F"}GELVlU\Uv͍S,*ع\يCm>wRoRF7ӂR??}`OZnPVǻYN7mugWLl&t͛xjE+p[TԖeP4e*2oy9|%;!zuxmnn~'^t")|ѫ䫦)+{M V4`>2{#OJi )Hb?JGBYOc|4nM#!E`&i`~ۛon6cReա{Wfպjea A VV aVH$IWFhXI az}. F0ʐV;%eņR@m75$r.cgl bW sR;dDd"!%@9@7ER"gZfIv[#][YjG~pOa\$Tx"IhP2>w,h3N(h^2ȇ#P ͖?X&՜F]cjP2w錂ģ,#/HKlsf6* Zx?nH%u$ݥdG kPS5/`R[ 5)Ъaa:,& \)D7uB8W?{P[>nzsZ>&+!*cW@Za.zlv.sUnU}!04 6֔crj\%tX- Gw8 %{"n*LWtЏR#CYjBK, fjkZN`%0d`MggdzQ7{}ܮrm: V> endobj 4151 0 obj << /D [4149 0 R /XYZ -1.269 814.22 null] >> endobj 4152 0 obj << /D [4149 0 R /XYZ 71.731 741.22 null] >> endobj 1188 0 obj << /D [4149 0 R /XYZ 71.731 443.636 null] >> endobj 458 0 obj << /D [4149 0 R /XYZ 370.742 398.382 null] >> endobj 4153 0 obj << /D [4149 0 R /XYZ 71.731 394.552 null] >> endobj 4154 0 obj << /D [4149 0 R /XYZ 166.376 344.057 null] >> endobj 4155 0 obj << /D [4149 0 R /XYZ 205.236 309.267 null] >> endobj 4156 0 obj << /D [4149 0 R /XYZ 71.731 281.228 null] >> endobj 4157 0 obj << /D [4149 0 R /XYZ 234.719 274.473 null] >> endobj 4158 0 obj << /D [4149 0 R /XYZ 160.498 261.522 null] >> endobj 4159 0 obj << /D [4149 0 R /XYZ 71.731 246.413 null] >> endobj 4160 0 obj << /D [4149 0 R /XYZ 71.731 231.469 null] >> endobj 4161 0 obj << /D [4149 0 R /XYZ 348.023 210.314 null] >> endobj 4162 0 obj << /D [4149 0 R /XYZ 76.712 169.068 null] >> endobj 462 0 obj << /D [4149 0 R /XYZ 221.609 129.696 null] >> endobj 4163 0 obj << /D [4149 0 R /XYZ 71.731 106.801 null] >> endobj 4164 0 obj << /D [4149 0 R /XYZ 305.801 96.819 null] >> endobj 4148 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4167 0 obj << /Length 1631 /Filter /FlateDecode >> stream xXYo8~ϯ0Ї@R@"v@[LDdI;tYn-7CzG2?{Q"G )`͗O +^L.\U~] m7LpJ?ׅ6KE/ΰQ t [:]8>EOG(R|-ʪ8\mx|WbWRڋ> "?j"R=8<܀q^T QZXn&.gL񒯤VlT/;Cৃ]{ E ש5%C;X&-ˉq®3)c>WeŶMN* ߦUXK^)zIcAXe55,ʶe S@LCX/o>'/D>5 ӷ{RC7 aPTy+Jɳ bVo.ζ[[aoUTՄ?&e sRowP@\ Xy;l6rs#IϕبgJva~q6=oIzwsuqKj43"e&fy[DzH VY2`?;{`2fX`*r 4#}Q[Nymu7>yWNLo߈ˈfe) TTᛴoVeeVZ w0V1BO)/FfQ=of5 %/\j5/8@\Rѐݖүs@6 y"F7<*+|W qzؘ&,g#zMj?ʸK >FكKUKM@ B+)aiYqf&)h3E~|WUyF{ }EN\SR|BKH`RʘiyqmD}6TM.|fLN?ɻr|0sgF+};0aAOpevLgT endstream endobj 4166 0 obj << /Type /Page /Contents 4167 0 R /Resources 4165 0 R /MediaBox [0 0 593.051 789.041] /Parent 4147 0 R >> endobj 4168 0 obj << /D [4166 0 R /XYZ -1.269 814.22 null] >> endobj 4169 0 obj << /D [4166 0 R /XYZ 71.731 718.306 null] >> endobj 4170 0 obj << /D [4166 0 R /XYZ 71.731 718.306 null] >> endobj 4171 0 obj << /D [4166 0 R /XYZ 215.222 708.344 null] >> endobj 4172 0 obj << /D [4166 0 R /XYZ 71.731 642.491 null] >> endobj 4173 0 obj << /D [4166 0 R /XYZ 71.731 642.491 null] >> endobj 4174 0 obj << /D [4166 0 R /XYZ 192.498 629.639 null] >> endobj 4175 0 obj << /D [4166 0 R /XYZ 71.731 607.557 null] >> endobj 4176 0 obj << /D [4166 0 R /XYZ 71.731 607.557 null] >> endobj 4177 0 obj << /D [4166 0 R /XYZ 222.285 596.762 null] >> endobj 4178 0 obj << /D [4166 0 R /XYZ 71.731 562.102 null] >> endobj 4179 0 obj << /D [4166 0 R /XYZ 71.731 562.102 null] >> endobj 4180 0 obj << /D [4166 0 R /XYZ 168.159 550.934 null] >> endobj 4181 0 obj << /D [4166 0 R /XYZ 71.731 489.998 null] >> endobj 4182 0 obj << /D [4166 0 R /XYZ 71.731 489.998 null] >> endobj 4183 0 obj << /D [4166 0 R /XYZ 168.617 479.203 null] >> endobj 4184 0 obj << /D [4166 0 R /XYZ 71.731 438.192 null] >> endobj 4185 0 obj << /D [4166 0 R /XYZ 71.731 423.248 null] >> endobj 4186 0 obj << /D [4166 0 R /XYZ 71.731 340.922 null] >> endobj 4187 0 obj << /D [4166 0 R /XYZ 71.731 340.922 null] >> endobj 4188 0 obj << /D [4166 0 R /XYZ 172.024 327.97 null] >> endobj 4189 0 obj << /D [4166 0 R /XYZ 484.848 315.019 null] >> endobj 4190 0 obj << /D [4166 0 R /XYZ 71.731 254.082 null] >> endobj 4191 0 obj << /D [4166 0 R /XYZ 71.731 254.082 null] >> endobj 4192 0 obj << /D [4166 0 R /XYZ 170.181 243.288 null] >> endobj 4193 0 obj << /D [4166 0 R /XYZ 264.965 243.288 null] >> endobj 4194 0 obj << /D [4166 0 R /XYZ 128.687 230.336 null] >> endobj 4195 0 obj << /D [4166 0 R /XYZ 71.731 228.971 null] >> endobj 466 0 obj << /D [4166 0 R /XYZ 322.06 189.719 null] >> endobj 4196 0 obj << /D [4166 0 R /XYZ 71.731 176.564 null] >> endobj 4165 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4199 0 obj << /Length 1517 /Filter /FlateDecode >> stream xڕWo6~_a`ZOK~C%K֦)cE-Q(*HeS"Owlίh֫p5faxq($m_ˊ2Ly_|?,{xiMi*k;SJtʎWtR2Fp\GX׉?*֘Ax-K̂e\W;OTpgGs /[%[~l\YGZNɽqz `_#pȋ{PT:;"u|Kkbd7J"j?Bsˋww7ﯾQptьX.E'vj;}A^ݖ\HO<(^^'ܑ؇%@}CzK(v6Ӄ%h~+WvD.'-E[Y~[gʛ0Ǔ@0ei>1^g3_RBc_~~|/%ġ~>?l^()jro2PN}~& "d^͖Yk<B(wk+H`ԂPP4G+E HAִj"/r괍0?%^N,23yS;oHr_9NRWCNBo(`}zVCdb|?Sχxx8ȃ,XP8-c#MO +ࠫ1L^5>~_=!nOՠ&|p Ed$8Ue{z"ژқt*ė0;afH! j5Z\ajkJx"zkIi]c a>6fzvC Qχ;m頣DZ^ܸ6 Xot9sQPY7.BU1&kIrb' h gJ ; &Ȇ 6O>^MKgsݫrDe&S& FaT  cM[Shb g53E9^ϨV'DpyME%0_D"5 /di~n IEqʹizsVس#Z=sH6dq#^ypp>,"X mk. s]/kDi[s,Y5TV.7pU%=1aHMc;(2ՆvR4'>"βTC]<\7HR5 64q0Q%{A,BPtƅ>8L]_+1i?[[ --^gQXpDY 7TX2ӳoaڋ ]KBK CoՆ3Ccxc5B!>/a TxSUJEzXfx^PK,RȢ@9gY+N}!- ~xtց \l=Zr9ՕF endstream endobj 4198 0 obj << /Type /Page /Contents 4199 0 R /Resources 4197 0 R /MediaBox [0 0 593.051 789.041] /Parent 4147 0 R >> endobj 4200 0 obj << /D [4198 0 R /XYZ -1.269 814.22 null] >> endobj 1189 0 obj << /D [4198 0 R /XYZ 71.731 478.605 null] >> endobj 470 0 obj << /D [4198 0 R /XYZ 184.629 433.351 null] >> endobj 4201 0 obj << /D [4198 0 R /XYZ 71.731 413.211 null] >> endobj 4202 0 obj << /D [4198 0 R /XYZ 71.731 413.211 null] >> endobj 4203 0 obj << /D [4198 0 R /XYZ 226.629 387.523 null] >> endobj 4204 0 obj << /D [4198 0 R /XYZ 348.381 387.523 null] >> endobj 4205 0 obj << /D [4198 0 R /XYZ 129.793 374.571 null] >> endobj 4206 0 obj << /D [4198 0 R /XYZ 71.731 353.467 null] >> endobj 4207 0 obj << /D [4198 0 R /XYZ 71.731 306.661 null] >> endobj 4208 0 obj << /D [4198 0 R /XYZ 348.624 295.867 null] >> endobj 4209 0 obj << /D [4198 0 R /XYZ 147.105 282.915 null] >> endobj 1190 0 obj << /D [4198 0 R /XYZ 71.731 266.562 null] >> endobj 474 0 obj << /D [4198 0 R /XYZ 276.558 223.464 null] >> endobj 4210 0 obj << /D [4198 0 R /XYZ 71.731 199.708 null] >> endobj 4211 0 obj << /D [4198 0 R /XYZ 71.731 129.651 null] >> endobj 4197 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4214 0 obj << /Length 1349 /Filter /FlateDecode >> stream xڝWMo8WCmbDYrhME69hz%&*ZRr;IYRlh$ 3w~%( pϼ8@>fCqͶ|uL<@uC#(;O2-)e[}$8rYk,|w~>O%gbmǍk҂p/'`x> X'%HZhໂgJcR=eZSάÒH4,׆ y"2BuP`%>k;sdW(PxdM4!μFrnRÏE(\ ~x^­??505i{GY* t/n6[7q3!"l};aqKJ]/_iu@۠1@q3NNXÛTTZ(AA {[Z7dlߑ,`.3{ZqRD eH` G@r*a-jZȘ @³d2tNpRP~_Dd/s6_/V_CO{`f2b&H|ܬ)vRadA5[xN&$яuLЪFVKlFCluQߗ~'L$6Z/Q'f#ΠJcbi<kV7~4^ưz_=rG VbA릒G lt#$QtJP~(%жͦYvOvp'37yT?̾uU Wm\ToJ 'д|iJ*5T>ZcF:ԏ9'o|wQ0ߣ{îN `EpQ-ӏhlĄGۮQ^ǯgJ:nϋnT75CW#HGgUN s_;s|X#ׇw*߷7rt endstream endobj 4213 0 obj << /Type /Page /Contents 4214 0 R /Resources 4212 0 R /MediaBox [0 0 593.051 789.041] /Parent 4147 0 R >> endobj 4215 0 obj << /D [4213 0 R /XYZ -1.269 814.22 null] >> endobj 4216 0 obj << /D [4213 0 R /XYZ 71.731 673.31 null] >> endobj 4217 0 obj << /D [4213 0 R /XYZ 71.731 640.433 null] >> endobj 4218 0 obj << /D [4213 0 R /XYZ 71.731 640.433 null] >> endobj 4219 0 obj << /D [4213 0 R /XYZ 71.731 639.188 null] >> endobj 4220 0 obj << /D [4213 0 R /XYZ 129.514 622.167 null] >> endobj 4221 0 obj << /D [4213 0 R /XYZ 246.285 622.167 null] >> endobj 4222 0 obj << /D [4213 0 R /XYZ 71.731 607.059 null] >> endobj 4223 0 obj << /D [4213 0 R /XYZ 71.731 592.115 null] >> endobj 4224 0 obj << /D [4213 0 R /XYZ 428.729 582.615 null] >> endobj 4225 0 obj << /D [4213 0 R /XYZ 124.533 530.112 null] >> endobj 4226 0 obj << /D [4213 0 R /XYZ 129.514 512.179 null] >> endobj 4227 0 obj << /D [4213 0 R /XYZ 71.731 510.023 null] >> endobj 4228 0 obj << /D [4213 0 R /XYZ 129.514 494.247 null] >> endobj 4229 0 obj << /D [4213 0 R /XYZ 226.081 481.295 null] >> endobj 4230 0 obj << /D [4213 0 R /XYZ 71.731 430.486 null] >> endobj 4231 0 obj << /D [4213 0 R /XYZ 216.118 404.583 null] >> endobj 4232 0 obj << /D [4213 0 R /XYZ 71.731 392.463 null] >> endobj 4233 0 obj << /D [4213 0 R /XYZ 71.731 281.843 null] >> endobj 4234 0 obj << /D [4213 0 R /XYZ 71.731 243.821 null] >> endobj 4235 0 obj << /D [4213 0 R /XYZ 71.731 156.513 null] >> endobj 4236 0 obj << /D [4213 0 R /XYZ 71.731 131.442 null] >> endobj 4212 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4239 0 obj << /Length 1856 /Filter /FlateDecode >> stream xڥXY6~_kkHӦMQ1mQm";9a;^Voӊrwu2~W~KVI4W|UZŻ֏:"?OfK`~0ofQ4R߄t}:jͯ5k?Zy (Fm}/ qY@2Zj[t$+ű/K:4V9'3DqQȞ߾dt3oH0p$H2<DxC q$!8$Amj)! ~kW7^ hыnucݒgxܨ Ӊ:/b0vc羻U&7:Z g ?S}ǥ&[Ե<G(M|%;ٮA.0fM=qZVZ HB v" zZdx|ٴxAtM=n1?%ۗm9oBo3$ęOt,NNd+E\-;<=N[.&tAa3BA`(QuB>_Ҁd 4r&gj"] R\0doHj+a(- Ț[Iec]j=D՞ DuLl xJT K:>zhfl ŤJ- 8 kO[, 4h1xX&[e is&kYa$\4x ~/[-.gex ñ`)k(܃V&"S !0Ftmw Z_yPϛJvsHj$:(hϛ8Ԉ%1K^K'K{-TgkIa4aj)"Xۖ{B}(m),tۤ Ǯ5Ô[,]p?wYwRd ج?ϧ)vims8jmRX4!}@rq<ϔ/mChC=V޽v0MAYr̹qu=hnF ||V.YH؎ǸopF;Y\%)#\g%Cv rY2 $Q#gGY|fOzӓ bwmtsZLz-Tۣ(-YJԏኧ-&i/G/$n8>j5E.> endobj 4240 0 obj << /D [4238 0 R /XYZ -1.269 814.22 null] >> endobj 1191 0 obj << /D [4238 0 R /XYZ 71.731 684.184 null] >> endobj 478 0 obj << /D [4238 0 R /XYZ 158.772 616.55 null] >> endobj 4241 0 obj << /D [4238 0 R /XYZ 71.731 612.72 null] >> endobj 4242 0 obj << /D [4238 0 R /XYZ 71.731 597.776 null] >> endobj 4243 0 obj << /D [4238 0 R /XYZ 232.394 578.293 null] >> endobj 4244 0 obj << /D [4238 0 R /XYZ 493.213 578.293 null] >> endobj 4245 0 obj << /D [4238 0 R /XYZ 332.115 566.637 null] >> endobj 4246 0 obj << /D [4238 0 R /XYZ 441.157 566.637 null] >> endobj 4247 0 obj << /D [4238 0 R /XYZ 139.477 554.981 null] >> endobj 4248 0 obj << /D [4238 0 R /XYZ 71.731 549.816 null] >> endobj 4249 0 obj << /D [4238 0 R /XYZ 275.127 526.687 null] >> endobj 4250 0 obj << /D [4238 0 R /XYZ 453.188 515.031 null] >> endobj 4251 0 obj << /D [4238 0 R /XYZ 71.731 465.516 null] >> endobj 4252 0 obj << /D [4238 0 R /XYZ 266.499 439.613 null] >> endobj 4253 0 obj << /D [4238 0 R /XYZ 422.114 426.662 null] >> endobj 4254 0 obj << /D [4238 0 R /XYZ 520.813 413.711 null] >> endobj 4255 0 obj << /D [4238 0 R /XYZ 71.731 401.591 null] >> endobj 4256 0 obj << /D [4238 0 R /XYZ 129.514 370.871 null] >> endobj 4257 0 obj << /D [4238 0 R /XYZ 71.731 342.812 null] >> endobj 4258 0 obj << /D [4238 0 R /XYZ 129.514 327.036 null] >> endobj 4259 0 obj << /D [4238 0 R /XYZ 447.718 327.036 null] >> endobj 4260 0 obj << /D [4238 0 R /XYZ 71.731 298.976 null] >> endobj 4261 0 obj << /D [4238 0 R /XYZ 129.514 283.2 null] >> endobj 4262 0 obj << /D [4238 0 R /XYZ 71.731 232.391 null] >> endobj 4263 0 obj << /D [4238 0 R /XYZ 71.731 184.406 null] >> endobj 4264 0 obj << /D [4238 0 R /XYZ 71.731 161.491 null] >> endobj 4265 0 obj << /D [4238 0 R /XYZ 130.311 151.992 null] >> endobj 4266 0 obj << /D [4238 0 R /XYZ 149.679 151.992 null] >> endobj 4267 0 obj << /D [4238 0 R /XYZ 246.516 151.992 null] >> endobj 4268 0 obj << /D [4238 0 R /XYZ 283.415 151.992 null] >> endobj 4269 0 obj << /D [4238 0 R /XYZ 76.712 117.422 null] >> endobj 4237 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4272 0 obj << /Length 1329 /Filter /FlateDecode >> stream xڕWko6_atl#1-QO,Z0 Fm$T^aKq "/=y:ƥ~̀ <.lfҀ~`$ͺJ&%5-ȶirٳr ۢ;<|}l>gyqBH圫l^3)4U[j8Lꗚ}ջtvc9WLR #OIvP$u5f[!\Qhk2|dH`)7uYjBY9)YDؔzGW K -=L9@Zp_:xخ+TTF=w!!eq/Ss:]*Ú;b!e~ߺ*jJޝI{Qs1;gkHը}q$+;r>QRŰV܅Ǖ^ͷZ󩛯3!ԏ\gQJ3&iGRb;k4Ъ#ZmA_uW6ǫVᆻ ek2?FQܺ„[n,@ j⅓5Hdʣ[,3Q(ML s!Yxpiu! cu W k>0TR+ۢo-ٖ "{$m4 =Zp9\4> endobj 4273 0 obj << /D [4271 0 R /XYZ -1.269 814.22 null] >> endobj 4274 0 obj << /D [4271 0 R /XYZ 71.731 741.22 null] >> endobj 482 0 obj << /D [4271 0 R /XYZ 322.06 707.841 null] >> endobj 4275 0 obj << /D [4271 0 R /XYZ 71.731 694.686 null] >> endobj 4276 0 obj << /D [4271 0 R /XYZ 71.731 478.102 null] >> endobj 486 0 obj << /D [4271 0 R /XYZ 322.863 438.73 null] >> endobj 4277 0 obj << /D [4271 0 R /XYZ 71.731 415.835 null] >> endobj 4278 0 obj << /D [4271 0 R /XYZ 215.451 392.902 null] >> endobj 4279 0 obj << /D [4271 0 R /XYZ 71.731 367.831 null] >> endobj 1192 0 obj << /D [4271 0 R /XYZ 71.731 303.437 null] >> endobj 490 0 obj << /D [4271 0 R /XYZ 166.432 235.803 null] >> endobj 4280 0 obj << /D [4271 0 R /XYZ 71.731 212.314 null] >> endobj 4281 0 obj << /D [4271 0 R /XYZ 304.457 202.926 null] >> endobj 4282 0 obj << /D [4271 0 R /XYZ 426.527 189.975 null] >> endobj 4283 0 obj << /D [4271 0 R /XYZ 71.731 156.999 null] >> endobj 4284 0 obj << /D [4271 0 R /XYZ 193.006 144.147 null] >> endobj 4285 0 obj << /D [4271 0 R /XYZ 318.354 144.147 null] >> endobj 4286 0 obj << /D [4271 0 R /XYZ 71.731 103.136 null] >> endobj 4270 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F50 1352 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4290 0 obj << /Length 1614 /Filter /FlateDecode >> stream xXM60Cl`Mv [@ E\Ȓ+Ru; kw[})KÙ fY0!g[͢l+f&eImh>Yf`2/AFVeu3}88JHVZ,`~hS]I]7_rk %Ƨel̖Q`>^ ͼxm,M4eqIƟ_RW ''d5=޹H}Njk"LEaxNkZaE[BB@fK},K,u~ 8 2* .T W#n\5!$cYL䜞_EK+sU]aq"gw3hx~E߁3 kq%Q%HɄj+-K6Ɱ5<'FEd((VJ;@4><B͖$l)+Ԋxd5!JhAKTLĺǽ`G0 [J@DM("B}D8CYkbP%l7NOIy[R-W\˿0K{S#Kv1)1e+nZqJ6rY[J|@\ KQ0,Pk6 $$8<ٰ(ܢ֑ ~5Uܓ-p.?Nw\J5̠]a F! $8z*zpGSh+[TQCM,(KϢrvK%/UaRW^VZv:h-<IU~gJ/ QY@)&1jh,cTr U]nh݀,b~+DkBtؠS"yǮ w05M}4*DbV'X-ey pp̺!vRs b ~BVq'YY{QL$*ns~x+ߩzn+m9<<%=MAJCLcuEg@B>#׈$T*3$%RLjaKQBKP,؛A785(ysS e@ 6ѥxZԯR(C^!,tg/qYW]c8P(Gsu=o;D{ֺ^8񧠽1.og(޺YT wn}.N ]u nt2~.F!K7PͲWtMqq9m<J ^C>q}| #۝%] \Hd$m˟^)0v5I6 {O^V7;N/L@|pa).B\=ܮCs>XSBdR֚Sh4UZ,!3osɹ333b# CEaMrZ'orEB Ql}w>Mvs[TѰ. X/I39GaM< ._$]3m1r{^?`p~T}4)+\SYnY e&#޶< endstream endobj 4289 0 obj << /Type /Page /Contents 4290 0 R /Resources 4288 0 R /MediaBox [0 0 593.051 789.041] /Parent 4287 0 R >> endobj 4291 0 obj << /D [4289 0 R /XYZ -1.269 814.22 null] >> endobj 4292 0 obj << /D [4289 0 R /XYZ 71.731 689.819 null] >> endobj 4293 0 obj << /D [4289 0 R /XYZ 71.731 689.819 null] >> endobj 4294 0 obj << /D [4289 0 R /XYZ 71.731 673.213 null] >> endobj 4295 0 obj << /D [4289 0 R /XYZ 71.731 656.436 null] >> endobj 4296 0 obj << /D [4289 0 R /XYZ 71.731 656.436 null] >> endobj 4297 0 obj << /D [4289 0 R /XYZ 71.731 639.937 null] >> endobj 4298 0 obj << /D [4289 0 R /XYZ 422.174 630.137 null] >> endobj 4299 0 obj << /D [4289 0 R /XYZ 71.731 611.612 null] >> endobj 4300 0 obj << /D [4289 0 R /XYZ 71.731 611.612 null] >> endobj 4301 0 obj << /D [4289 0 R /XYZ 71.731 595.006 null] >> endobj 4302 0 obj << /D [4289 0 R /XYZ 192.396 585.206 null] >> endobj 4303 0 obj << /D [4289 0 R /XYZ 76.712 556.912 null] >> endobj 4304 0 obj << /D [4289 0 R /XYZ 71.731 536.986 null] >> endobj 4305 0 obj << /D [4289 0 R /XYZ 249.152 525.33 null] >> endobj 4306 0 obj << /D [4289 0 R /XYZ 71.731 495.041 null] >> endobj 4307 0 obj << /D [4289 0 R /XYZ 416.166 473.724 null] >> endobj 4308 0 obj << /D [4289 0 R /XYZ 71.731 455.091 null] >> endobj 4309 0 obj << /D [4289 0 R /XYZ 282.919 445.43 null] >> endobj 4310 0 obj << /D [4289 0 R /XYZ 71.731 415.141 null] >> endobj 4311 0 obj << /D [4289 0 R /XYZ 216.82 405.48 null] >> endobj 4312 0 obj << /D [4289 0 R /XYZ 262.467 382.167 null] >> endobj 4313 0 obj << /D [4289 0 R /XYZ 76.712 364.234 null] >> endobj 494 0 obj << /D [4289 0 R /XYZ 322.06 324.862 null] >> endobj 4314 0 obj << /D [4289 0 R /XYZ 71.731 311.707 null] >> endobj 4288 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4318 0 obj << /Length 1943 /Filter /FlateDecode >> stream xڝXɒ6Wf"ap?$U㤜K*0$$1ק8O܀^_n0 Az뛇_HI (p"QE9Gv ?uV h(B.>K$ܽ{rAOEE$By^es'?D0K" !*]z5ʋ1Hx&<ㄠ0NfP%Y>3cLAVw(-TSn ܽ8+Pe6xz~d]f7IXꎵm)&,{S}i-܉羕$;2m☤'vd[O0N׾d'fB\(z}TX\17eQhYi4ZSy8 ]1Ô(M7I82G;$zKMv##7 3ьk],YOUS< MJp|ezQNh f!JbW mUJpը4B>9AԔ\gE m'}>wg[ee I6pYgFIIH4|T>,%~2j#NC̯%]DM<#8ef(~Džh s7桖ϜbOvT핐>rذ+uSc khڤ:uג..C':(G^8 ڰɝ$ظy8č$&[9+nq}70ذ.q2wcC-Ea89~|Ψxw}GmHcܳW piEm#񿩽G endstream endobj 4317 0 obj << /Type /Page /Contents 4318 0 R /Resources 4316 0 R /MediaBox [0 0 593.051 789.041] /Parent 4287 0 R /Annots [ 4315 0 R ] >> endobj 4315 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [424.445 341.713 471.269 352.617] /A << /S /GoTo /D (0:BASCLT) >> >> endobj 4319 0 obj << /D [4317 0 R /XYZ -1.269 814.22 null] >> endobj 1193 0 obj << /D [4317 0 R /XYZ 71.731 718.306 null] >> endobj 498 0 obj << /D [4317 0 R /XYZ 489.793 703.236 null] >> endobj 4320 0 obj << /D [4317 0 R /XYZ 71.731 672.259 null] >> endobj 4321 0 obj << /D [4317 0 R /XYZ 71.731 672.259 null] >> endobj 4322 0 obj << /D [4317 0 R /XYZ 247.52 663.903 null] >> endobj 4323 0 obj << /D [4317 0 R /XYZ 413.974 663.903 null] >> endobj 4324 0 obj << /D [4317 0 R /XYZ 119.552 638.001 null] >> endobj 4325 0 obj << /D [4317 0 R /XYZ 288.895 638.001 null] >> endobj 4326 0 obj << /D [4317 0 R /XYZ 71.731 635.844 null] >> endobj 4327 0 obj << /D [4317 0 R /XYZ 166.376 582.867 null] >> endobj 4328 0 obj << /D [4317 0 R /XYZ 252.129 574.18 null] >> endobj 4329 0 obj << /D [4317 0 R /XYZ 166.376 517.398 null] >> endobj 4330 0 obj << /D [4317 0 R /XYZ 211.638 507.629 null] >> endobj 4331 0 obj << /D [4317 0 R /XYZ 288.613 507.629 null] >> endobj 4332 0 obj << /D [4317 0 R /XYZ 207.235 495.973 null] >> endobj 4333 0 obj << /D [4317 0 R /XYZ 325.07 495.973 null] >> endobj 1194 0 obj << /D [4317 0 R /XYZ 71.731 487.752 null] >> endobj 502 0 obj << /D [4317 0 R /XYZ 169.341 449.474 null] >> endobj 4334 0 obj << /D [4317 0 R /XYZ 71.731 429.333 null] >> endobj 4335 0 obj << /D [4317 0 R /XYZ 71.731 429.333 null] >> endobj 4336 0 obj << /D [4317 0 R /XYZ 307.873 403.645 null] >> endobj 4337 0 obj << /D [4317 0 R /XYZ 449.281 403.645 null] >> endobj 4338 0 obj << /D [4317 0 R /XYZ 190.096 377.743 null] >> endobj 4339 0 obj << /D [4317 0 R /XYZ 71.731 355.795 null] >> endobj 4340 0 obj << /D [4317 0 R /XYZ 237.707 344.866 null] >> endobj 4341 0 obj << /D [4317 0 R /XYZ 299.933 344.866 null] >> endobj 4342 0 obj << /D [4317 0 R /XYZ 258.579 306.012 null] >> endobj 4343 0 obj << /D [4317 0 R /XYZ 119.552 293.06 null] >> endobj 4344 0 obj << /D [4317 0 R /XYZ 71.731 271.097 null] >> endobj 4345 0 obj << /D [4317 0 R /XYZ 71.731 212.198 null] >> endobj 4346 0 obj << /D [4317 0 R /XYZ 71.731 212.198 null] >> endobj 4347 0 obj << /D [4317 0 R /XYZ 254.604 175.501 null] >> endobj 4348 0 obj << /D [4317 0 R /XYZ 71.731 140.467 null] >> endobj 4349 0 obj << /D [4317 0 R /XYZ 71.731 48.817 null] >> endobj 4316 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F48 1347 0 R /F55 1479 0 R /F38 1036 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4352 0 obj << /Length 1671 /Filter /FlateDecode >> stream xڭXK66⊴)zhn"i d H{J\L$w$>HLQ6Aekޙ?9aĚYLW,on3lt Km=/вa4cŋLss IOb1?,+:mtk% !8MMSxe J<"](;%TDž6iR! u/} I ;Js+{$(^laz(N'zZd#XDwP?r ,V=KJpiqDyvV-TiWiN b,q Ƈ7'㰌I[ff^ ĵa"]Hf"PO>^M RdS@/[mp1^.wm9dҶ {]9ƒw;? x`2aZgW1`|hJ-.UV@R"90Χ^9Hx5$@4](TǑ ЅbM/IyrL $8}׵=}xRM33mR/~ҰeD endstream endobj 4351 0 obj << /Type /Page /Contents 4352 0 R /Resources 4350 0 R /MediaBox [0 0 593.051 789.041] /Parent 4287 0 R >> endobj 4353 0 obj << /D [4351 0 R /XYZ -1.269 814.22 null] >> endobj 4354 0 obj << /D [4351 0 R /XYZ 71.731 718.306 null] >> endobj 4355 0 obj << /D [4351 0 R /XYZ 344.496 708.344 null] >> endobj 4356 0 obj << /D [4351 0 R /XYZ 71.731 665.838 null] >> endobj 4357 0 obj << /D [4351 0 R /XYZ 137.484 650.062 null] >> endobj 4358 0 obj << /D [4351 0 R /XYZ 71.731 634.954 null] >> endobj 4359 0 obj << /D [4351 0 R /XYZ 137.484 619.178 null] >> endobj 4360 0 obj << /D [4351 0 R /XYZ 71.731 617.021 null] >> endobj 4361 0 obj << /D [4351 0 R /XYZ 137.484 601.245 null] >> endobj 4362 0 obj << /D [4351 0 R /XYZ 71.731 599.089 null] >> endobj 4363 0 obj << /D [4351 0 R /XYZ 137.484 583.313 null] >> endobj 1195 0 obj << /D [4351 0 R /XYZ 71.731 564.134 null] >> endobj 506 0 obj << /D [4351 0 R /XYZ 331.319 518.88 null] >> endobj 4364 0 obj << /D [4351 0 R /XYZ 71.731 495.391 null] >> endobj 4365 0 obj << /D [4351 0 R /XYZ 200.478 486.003 null] >> endobj 4366 0 obj << /D [4351 0 R /XYZ 238.116 486.003 null] >> endobj 4367 0 obj << /D [4351 0 R /XYZ 150.545 460.101 null] >> endobj 4368 0 obj << /D [4351 0 R /XYZ 71.731 438.019 null] >> endobj 4369 0 obj << /D [4351 0 R /XYZ 177.115 414.272 null] >> endobj 4370 0 obj << /D [4351 0 R /XYZ 71.731 412.116 null] >> endobj 4371 0 obj << /D [4351 0 R /XYZ 71.731 397.172 null] >> endobj 4372 0 obj << /D [4351 0 R /XYZ 71.731 384.22 null] >> endobj 4373 0 obj << /D [4351 0 R /XYZ 139.477 368.444 null] >> endobj 4374 0 obj << /D [4351 0 R /XYZ 186.142 368.444 null] >> endobj 4375 0 obj << /D [4351 0 R /XYZ 434.269 368.444 null] >> endobj 4376 0 obj << /D [4351 0 R /XYZ 455.847 368.444 null] >> endobj 4377 0 obj << /D [4351 0 R /XYZ 139.477 355.493 null] >> endobj 4378 0 obj << /D [4351 0 R /XYZ 71.731 333.53 null] >> endobj 4379 0 obj << /D [4351 0 R /XYZ 289.443 322.616 null] >> endobj 4380 0 obj << /D [4351 0 R /XYZ 407.569 322.616 null] >> endobj 4381 0 obj << /D [4351 0 R /XYZ 71.731 275.005 null] >> endobj 4382 0 obj << /D [4351 0 R /XYZ 354.1 263.837 null] >> endobj 4383 0 obj << /D [4351 0 R /XYZ 256.248 250.885 null] >> endobj 4384 0 obj << /D [4351 0 R /XYZ 407.28 250.885 null] >> endobj 4385 0 obj << /D [4351 0 R /XYZ 71.731 216.225 null] >> endobj 4386 0 obj << /D [4351 0 R /XYZ 196.473 205.057 null] >> endobj 4387 0 obj << /D [4351 0 R /XYZ 267.496 205.057 null] >> endobj 4388 0 obj << /D [4351 0 R /XYZ 71.731 180.898 null] >> endobj 4389 0 obj << /D [4351 0 R /XYZ 71.731 165.789 null] >> endobj 4390 0 obj << /D [4351 0 R /XYZ 139.477 150.013 null] >> endobj 4391 0 obj << /D [4351 0 R /XYZ 297.214 137.062 null] >> endobj 4392 0 obj << /D [4351 0 R /XYZ 330.352 124.111 null] >> endobj 4393 0 obj << /D [4351 0 R /XYZ 370.245 124.111 null] >> endobj 4394 0 obj << /D [4351 0 R /XYZ 381.765 111.159 null] >> endobj 4350 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4397 0 obj << /Length 1730 /Filter /FlateDecode >> stream xڥXI6ϯl`Ĉ=@4E{Jh,Zq}EL$z۾s_z< ~lNnN(|g;oW;ڬ]?V1[^<7:ȭs_k *%_coZ<=﷿]yJ']ߠǰQR_HG eI[ t0G[-H>CfoYNE+םm8TIʛR6dYs9 2җ2勽"+O%qO*GKE۞u36wj4YъߏPrϛ7n'*\)9Vƫ򼎣ZO0JF wTKL:s0VFSu?=zaڙiZA(tui~FY pxhKXCq(W8;\g&IxeH[倂}o N ڟ<<'P#X{PaA DI~7w`?^$enp, Pv4dThc+Y4JL#,!OIL{Eީ`Ya+|[6@.tT68ac3kRףz}ۓ<*`bY*`URK#cղ]UMB^ۺ\RV2c"Nv 5"IbDƔ=kX$D0kw7Y(DtsL-U"ѐ8A(8 ("'5=L俒Ѫ[gaRC1 vH/\/m1NҎ31[@YXAd[Cq4&mP_}p2ÐuGņ7pRcX etCꙀ UgerT}/4.B!sJcC#3V)`m&zӍ=oL>2So/qw/iK?}0rt!%^xES7ˬz %FMl*Ol?t\heX yY},CJ6qC0rI0)9༵[!+``Hü&m{ChKCQj"Q{pGh Er#1d;4ʓו͵4^m?+bm/2S1tB+ !6q JS;=4Qa9!Ĕ*= ay`(?*J<))eHw]U~uEț* 3A;4|NMRM2nɱ Ү>-A" ?cys~"8p &c˞}ܟz&۱n]u2׵jâFNA}=D3c_d)/f285c]қyF~t4r0T֑(=q endstream endobj 4396 0 obj << /Type /Page /Contents 4397 0 R /Resources 4395 0 R /MediaBox [0 0 593.051 789.041] /Parent 4287 0 R >> endobj 4398 0 obj << /D [4396 0 R /XYZ -1.269 814.22 null] >> endobj 4399 0 obj << /D [4396 0 R /XYZ 71.731 718.306 null] >> endobj 4400 0 obj << /D [4396 0 R /XYZ 71.731 708.244 null] >> endobj 4401 0 obj << /D [4396 0 R /XYZ 139.477 690.411 null] >> endobj 4402 0 obj << /D [4396 0 R /XYZ 172.961 677.46 null] >> endobj 4403 0 obj << /D [4396 0 R /XYZ 280.029 677.46 null] >> endobj 4404 0 obj << /D [4396 0 R /XYZ 470.623 677.46 null] >> endobj 4405 0 obj << /D [4396 0 R /XYZ 71.731 652.508 null] >> endobj 4406 0 obj << /D [4396 0 R /XYZ 71.731 639.437 null] >> endobj 4407 0 obj << /D [4396 0 R /XYZ 139.477 623.661 null] >> endobj 4408 0 obj << /D [4396 0 R /XYZ 298.38 623.661 null] >> endobj 4409 0 obj << /D [4396 0 R /XYZ 71.731 598.59 null] >> endobj 4410 0 obj << /D [4396 0 R /XYZ 71.731 587.696 null] >> endobj 4411 0 obj << /D [4396 0 R /XYZ 139.477 569.863 null] >> endobj 4412 0 obj << /D [4396 0 R /XYZ 421.855 569.863 null] >> endobj 4413 0 obj << /D [4396 0 R /XYZ 176.289 531.009 null] >> endobj 1196 0 obj << /D [4396 0 R /XYZ 71.731 523.871 null] >> endobj 510 0 obj << /D [4396 0 R /XYZ 263.698 480.773 null] >> endobj 4414 0 obj << /D [4396 0 R /XYZ 71.731 457.018 null] >> endobj 4415 0 obj << /D [4396 0 R /XYZ 245.866 447.896 null] >> endobj 4416 0 obj << /D [4396 0 R /XYZ 355.335 447.896 null] >> endobj 4417 0 obj << /D [4396 0 R /XYZ 71.731 422.825 null] >> endobj 4418 0 obj << /D [4396 0 R /XYZ 71.731 288.207 null] >> endobj 4419 0 obj << /D [4396 0 R /XYZ 71.731 253.461 null] >> endobj 4420 0 obj << /D [4396 0 R /XYZ 71.731 253.461 null] >> endobj 4421 0 obj << /D [4396 0 R /XYZ 71.731 252.215 null] >> endobj 4422 0 obj << /D [4396 0 R /XYZ 137.484 235.194 null] >> endobj 4423 0 obj << /D [4396 0 R /XYZ 176.777 235.194 null] >> endobj 4424 0 obj << /D [4396 0 R /XYZ 71.731 215.104 null] >> endobj 4425 0 obj << /D [4396 0 R /XYZ 180.523 205.605 null] >> endobj 4426 0 obj << /D [4396 0 R /XYZ 199.89 205.605 null] >> endobj 4427 0 obj << /D [4396 0 R /XYZ 71.731 193.949 null] >> endobj 4428 0 obj << /D [4396 0 R /XYZ 137.484 176.016 null] >> endobj 4429 0 obj << /D [4396 0 R /XYZ 206.375 176.016 null] >> endobj 4430 0 obj << /D [4396 0 R /XYZ 430.423 176.016 null] >> endobj 4431 0 obj << /D [4396 0 R /XYZ 137.484 163.065 null] >> endobj 4432 0 obj << /D [4396 0 R /XYZ 190.894 163.065 null] >> endobj 4433 0 obj << /D [4396 0 R /XYZ 326.674 163.065 null] >> endobj 4434 0 obj << /D [4396 0 R /XYZ 326.424 124.21 null] >> endobj 4395 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F51 1354 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4438 0 obj << /Length 1676 /Filter /FlateDecode >> stream xڭXn8}WEduh[fmnFm!-%5Cr(Ky5f3g m- kdu1'X7 ׋DuH;ubѺe|i:eD=_UWrʭ=Qv"e ]XE6P7 "/L#)#{호AZZhVհާK3,-S/²0_| 0;1XryO ]wiK7%MrYXMW&mʷSU!gŽT=8ZYrz-?,TE30޾K,a' V4/(lT:U],5[\ei#TCtop~tBq Jm ϔet|c^vt$YS]7m"n}}&ty~P˿;SJV, 7-t7 5AwY2c!.G˼C_-ߚ '㏄w${X)JDhYV\ʀۊd/|8~Qq,KEAQMt5;Qv0o5YٴXcKaS5nrVh%AIq"OK6`!6cLT+të0CrI=*y/e{* y6ܐ2o4=8V1D.PەXYrܽ$w4(itPQDQDj=3l]J\]}rely:CUT2n؈8=ذ] E0.(mY-ɸ"TO!CANKqzQ LW^T%*h&-B.;{wR%C0zJv:ٓoU'0}y#Վ% k($GO q6^$i3Cz 1ɞ۬&N$DXz5t_ G Xs.oQqe5r :Td]ŕ>>*u7"J\g:@FaQm&5R8Y+HqPI8ޗ.[<#[nj0{ʉ:?qpa|qu׃ܲҔx^i$_1DjHyS/OM"HxUgRs+VMVϣ,\ _A癎c9 x#Kv:%Ugsd%BV`2&u"ZN _iԙ/($ǂn(02Kz#X+WWnVޯ{l) }B#f_."Gnu=fʚ0n> endobj 4435 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [155.018 479.686 201.842 490.59] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 4439 0 obj << /D [4437 0 R /XYZ -1.269 814.22 null] >> endobj 4440 0 obj << /D [4437 0 R /XYZ 71.731 718.306 null] >> endobj 4441 0 obj << /D [4437 0 R /XYZ 180.523 708.344 null] >> endobj 4442 0 obj << /D [4437 0 R /XYZ 199.89 708.344 null] >> endobj 4443 0 obj << /D [4437 0 R /XYZ 71.731 696.687 null] >> endobj 4444 0 obj << /D [4437 0 R /XYZ 137.484 678.755 null] >> endobj 4445 0 obj << /D [4437 0 R /XYZ 71.731 671.617 null] >> endobj 4446 0 obj << /D [4437 0 R /XYZ 180.523 662.117 null] >> endobj 4447 0 obj << /D [4437 0 R /XYZ 199.89 662.117 null] >> endobj 4448 0 obj << /D [4437 0 R /XYZ 71.731 650.461 null] >> endobj 4449 0 obj << /D [4437 0 R /XYZ 137.484 632.528 null] >> endobj 4450 0 obj << /D [4437 0 R /XYZ 71.731 610.446 null] >> endobj 4451 0 obj << /D [4437 0 R /XYZ 71.731 610.446 null] >> endobj 4452 0 obj << /D [4437 0 R /XYZ 71.731 577.689 null] >> endobj 4453 0 obj << /D [4437 0 R /XYZ 237.877 566.775 null] >> endobj 4454 0 obj << /D [4437 0 R /XYZ 251.765 553.823 null] >> endobj 4455 0 obj << /D [4437 0 R /XYZ 124.533 513.724 null] >> endobj 4456 0 obj << /D [4437 0 R /XYZ 137.484 495.791 null] >> endobj 4457 0 obj << /D [4437 0 R /XYZ 485.336 495.791 null] >> endobj 4458 0 obj << /D [4437 0 R /XYZ 71.731 480.683 null] >> endobj 4459 0 obj << /D [4437 0 R /XYZ 137.484 464.907 null] >> endobj 4460 0 obj << /D [4437 0 R /XYZ 71.731 401.146 null] >> endobj 4461 0 obj << /D [4437 0 R /XYZ 278.733 388.194 null] >> endobj 4462 0 obj << /D [4437 0 R /XYZ 71.731 353.161 null] >> endobj 4463 0 obj << /D [4437 0 R /XYZ 71.731 343.198 null] >> endobj 4464 0 obj << /D [4437 0 R /XYZ 71.731 343.198 null] >> endobj 4465 0 obj << /D [4437 0 R /XYZ 149.141 333.699 null] >> endobj 4466 0 obj << /D [4437 0 R /XYZ 71.731 332.605 null] >> endobj 4467 0 obj << /D [4437 0 R /XYZ 149.141 322.042 null] >> endobj 4468 0 obj << /D [4437 0 R /XYZ 71.731 320.949 null] >> endobj 4469 0 obj << /D [4437 0 R /XYZ 149.141 310.386 null] >> endobj 4470 0 obj << /D [4437 0 R /XYZ 71.731 309.293 null] >> endobj 4471 0 obj << /D [4437 0 R /XYZ 149.141 298.73 null] >> endobj 4472 0 obj << /D [4437 0 R /XYZ 71.731 296.712 null] >> endobj 4473 0 obj << /D [4437 0 R /XYZ 149.141 287.073 null] >> endobj 4474 0 obj << /D [4437 0 R /XYZ 71.731 285.98 null] >> endobj 4475 0 obj << /D [4437 0 R /XYZ 149.141 275.417 null] >> endobj 1197 0 obj << /D [4437 0 R /XYZ 71.731 251.258 null] >> endobj 514 0 obj << /D [4437 0 R /XYZ 352.821 206.004 null] >> endobj 4476 0 obj << /D [4437 0 R /XYZ 71.731 182.248 null] >> endobj 4477 0 obj << /D [4437 0 R /XYZ 398.463 147.224 null] >> endobj 4478 0 obj << /D [4437 0 R /XYZ 71.731 114.248 null] >> endobj 4436 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F51 1354 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4481 0 obj << /Length 1467 /Filter /FlateDecode >> stream xڕXn6}W u$m괻"mbe,hD.;/Xn_"e̙3a_C/\l ?X#ƋPL6]|r2zlX\y;!R;Q>cڊ5unsv^\,]5^᜗+M'xa _yn"K \h24cgUD^TDZd 7ͷ'{xsMYw}G^'/s_X>u޾KAz;z8g% bbG.ʟH=]krʦ~>&(BKt@\+|K4?e뭺T(Ż;=WEC#Ãv%DDR?MIwչb>h`( 3jtդ`.x׌O שM}# 5R/ly5(D(\/PryBeM_q`LAbW"Ԁד$GQv4ҟȠe:I5m|=&^hH ͍ BOWվ`SƌXvgS}x!$T*@L{3UA{em U/G^iUj,5H5 hfli\L ,Sl!r>\fEb¦oLFa yv%KRxFRz}mB=kQ؇Z f#(g0@E1JmkdLlIGM2|\a7 ,tR詮|FPiKː8דŋš/-~R X;=hbryn5~&)˙e،EV{ҩcۼ~j@Ŋ-('2ao#}dTlϪg&TJ{׌iCb֖:03Ĭt 8rDwޔci %߂֒c2frQ,4FmZ>5 tȏuu{v;;SR:29B\|ڐԞe#Ki5TlrϞ?n| qc#| u. ]K3,ז18 L/C[1 <ﻝZY ~ɏv=k裘h*і_a endstream endobj 4480 0 obj << /Type /Page /Contents 4481 0 R /Resources 4479 0 R /MediaBox [0 0 593.051 789.041] /Parent 4500 0 R >> endobj 4482 0 obj << /D [4480 0 R /XYZ -1.269 814.22 null] >> endobj 4483 0 obj << /D [4480 0 R /XYZ 71.731 718.306 null] >> endobj 4484 0 obj << /D [4480 0 R /XYZ 71.731 593.787 null] >> endobj 4485 0 obj << /D [4480 0 R /XYZ 71.731 570.097 null] >> endobj 1198 0 obj << /D [4480 0 R /XYZ 71.731 502.629 null] >> endobj 518 0 obj << /D [4480 0 R /XYZ 281.757 436.376 null] >> endobj 4486 0 obj << /D [4480 0 R /XYZ 71.731 416.235 null] >> endobj 4487 0 obj << /D [4480 0 R /XYZ 226.659 403.499 null] >> endobj 4488 0 obj << /D [4480 0 R /XYZ 221.488 390.547 null] >> endobj 4489 0 obj << /D [4480 0 R /XYZ 71.731 362.488 null] >> endobj 4490 0 obj << /D [4480 0 R /XYZ 71.731 347.544 null] >> endobj 4491 0 obj << /D [4480 0 R /XYZ 205.298 326.388 null] >> endobj 4492 0 obj << /D [4480 0 R /XYZ 321.568 326.388 null] >> endobj 4493 0 obj << /D [4480 0 R /XYZ 71.731 288.53 null] >> endobj 4494 0 obj << /D [4480 0 R /XYZ 173.23 262.627 null] >> endobj 4495 0 obj << /D [4480 0 R /XYZ 220.532 223.773 null] >> endobj 4496 0 obj << /D [4480 0 R /XYZ 71.731 208.665 null] >> endobj 522 0 obj << /D [4480 0 R /XYZ 278.19 171.449 null] >> endobj 4497 0 obj << /D [4480 0 R /XYZ 71.731 148.332 null] >> endobj 4498 0 obj << /D [4480 0 R /XYZ 243.167 125.621 null] >> endobj 4499 0 obj << /D [4480 0 R /XYZ 476.37 125.621 null] >> endobj 4479 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4504 0 obj << /Length 1964 /Filter /FlateDecode >> stream xڭY[o6~ϯ[l fHJԥdY:tX;4 P2 U$Of~W&C_b"w80 24ֻ 24HBRF6C'2OӛcST7zX3~(% 3{ 6*d 1CNovz'J__/#W/OTwW9e{#ρwE)詴BT7TTMqbe[1rtȔ(d,X2g[ϰt9/ ϿXbg % F,̬2 E'](+xY29d;0I޻5$7S-DɥT B]u~)Y`UJz5fՍbj`htSP4*`Pn#A,[ e(VD[xJ8?:8qIsWK.{W+~[ɿ$T :].V{^T3q1A ԨMejtˆ0΅yA4⟣hͰ vD+ʦ4DSߎ֌- %W"Ze ^p u tPEٞћ2ۈrceI{9/"fIyǐ,Pe8H!q,ň..ȁ,DY5aOhR[rJ  hbỺe(*Zw.j忻>z9 TtzVL脁WUmۃȋh9P=4(g|py- :j{V%SIj2S[zHlʺr<UYu9vľnߪdQj+NZ*_CQN u˶ͩU_!Y <  %nf%|IcE;(CgU73 iƮLm,F$ʂL2=s=}#4jorGP¬EVXQT#>Ѡl&)CSԍ.7CZd-#hfW#C|T~hGA/{snnI۫0@"j۳ѹbGG<~OJ1f|P$ ԇ>C6Ӑ8_Rc @zϵ:|σ QY =WGb.x!b:>/͹lHΛP0={hi7ALwGp0Ƚ&+-bxPPH~2CRO`clZpBQ/Y]ۙW8SyX<^+HO(e{*daN' HL+3 oO䇐b }PD*JȮҳ PuFRJ5~&R`riH:@ C$M `tڬҾU}y aWCAnQ^s#gmigX>h|¶S#*V=5RpSCmr/9O@ө7B Qԓ%e^n:Ϟԭ0ĐfB^KrÈ՝|-Ky3eG\=W03TÙs$ 5rӄ]\Y!F4d7f4 8 Xf"ețofکv},k _I!qw3Ͼ.#%?Csf'!OVepz@2$~靉ȝlnzsKw$!Jw$9˺:wݎ&)r`/r_h.a3KemۖC C:z$cM/:aIְYNAܿ?K!-*UPc-/`el1 {ye?,ȵ0}⦲@LH8C5?$28 g[8fXt endstream endobj 4503 0 obj << /Type /Page /Contents 4504 0 R /Resources 4502 0 R /MediaBox [0 0 593.051 789.041] /Parent 4500 0 R /Annots [ 4501 0 R ] >> endobj 4501 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [169.873 493.883 218.908 504.787] /A << /S /GoTo /D (0:PATHS) >> >> endobj 4505 0 obj << /D [4503 0 R /XYZ -1.269 814.22 null] >> endobj 4506 0 obj << /D [4503 0 R /XYZ 71.731 718.306 null] >> endobj 4507 0 obj << /D [4503 0 R /XYZ 338.1 708.344 null] >> endobj 4508 0 obj << /D [4503 0 R /XYZ 290.091 695.392 null] >> endobj 4509 0 obj << /D [4503 0 R /XYZ 71.731 660.359 null] >> endobj 4510 0 obj << /D [4503 0 R /XYZ 160.229 649.564 null] >> endobj 4511 0 obj << /D [4503 0 R /XYZ 399.688 623.661 null] >> endobj 4512 0 obj << /D [4503 0 R /XYZ 71.731 608.553 null] >> endobj 4513 0 obj << /D [4503 0 R /XYZ 71.731 593.609 null] >> endobj 4514 0 obj << /D [4503 0 R /XYZ 496.333 560.797 null] >> endobj 4515 0 obj << /D [4503 0 R /XYZ 71.731 522.939 null] >> endobj 4516 0 obj << /D [4503 0 R /XYZ 231.83 497.036 null] >> endobj 4517 0 obj << /D [4503 0 R /XYZ 220.403 484.085 null] >> endobj 4518 0 obj << /D [4503 0 R /XYZ 71.731 462.003 null] >> endobj 4519 0 obj << /D [4503 0 R /XYZ 71.731 462.003 null] >> endobj 4520 0 obj << /D [4503 0 R /XYZ 71.731 460.757 null] >> endobj 4521 0 obj << /D [4503 0 R /XYZ 137.484 443.736 null] >> endobj 4522 0 obj << /D [4503 0 R /XYZ 137.484 443.736 null] >> endobj 4523 0 obj << /D [4503 0 R /XYZ 71.731 442.355 null] >> endobj 4524 0 obj << /D [4503 0 R /XYZ 137.484 425.803 null] >> endobj 4525 0 obj << /D [4503 0 R /XYZ 137.484 425.803 null] >> endobj 4526 0 obj << /D [4503 0 R /XYZ 71.731 406.625 null] >> endobj 526 0 obj << /D [4503 0 R /XYZ 247.934 367.253 null] >> endobj 4527 0 obj << /D [4503 0 R /XYZ 71.731 347.148 null] >> endobj 4528 0 obj << /D [4503 0 R /XYZ 134.217 321.425 null] >> endobj 4529 0 obj << /D [4503 0 R /XYZ 348.59 321.425 null] >> endobj 4530 0 obj << /D [4503 0 R /XYZ 71.731 319.268 null] >> endobj 4531 0 obj << /D [4503 0 R /XYZ 166.376 268.773 null] >> endobj 4532 0 obj << /D [4503 0 R /XYZ 266.879 257.295 null] >> endobj 4533 0 obj << /D [4503 0 R /XYZ 287.115 245.639 null] >> endobj 4534 0 obj << /D [4503 0 R /XYZ 378.67 233.983 null] >> endobj 4535 0 obj << /D [4503 0 R /XYZ 219.205 222.327 null] >> endobj 4536 0 obj << /D [4503 0 R /XYZ 71.731 182.631 null] >> endobj 4537 0 obj << /D [4503 0 R /XYZ 160.229 175.767 null] >> endobj 4538 0 obj << /D [4503 0 R /XYZ 398.333 162.815 null] >> endobj 4539 0 obj << /D [4503 0 R /XYZ 193.424 149.864 null] >> endobj 4540 0 obj << /D [4503 0 R /XYZ 360.507 149.864 null] >> endobj 4541 0 obj << /D [4503 0 R /XYZ 474.189 149.864 null] >> endobj 4542 0 obj << /D [4503 0 R /XYZ 71.731 134.756 null] >> endobj 4502 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4546 0 obj << /Length 1808 /Filter /FlateDecode >> stream xڭXYs6~Л }θn&x:"! 5EiG$ X _zj}Ei.6EOE(OŦZ|ԑv Kǚ|?-mjF Q-8iA+_EJ1J\):F[hw@u| 5ce{ϔ\MpR$j%/aF(aP֔4azOl w=fKsKxcֈ ʚU4ɔM\z^GmVD(ύ˹ֵՌ='~.z*5|42M5TYY֤Zf8뚕HEk}swl@^l0wTEXם̣\/~Zd2[1d &vD(VQ,NG_C"m-&uH n˃X;˽ yIϏX  fmeTV%BE`Or鑔ț臨0r '51?9Jr>la~|p,5vg6P<.+_/pXOՔN^qRSe\5&E0 a`(X?Xee3yAa+J3(V1pMf~Hy!2MyZo9 bҶXH;X'L 8qֻIBxfTst=Lu}!3iPXNJ"cPE{'3AaTSs/2цdPĻe9bac;܀u_( ߉\O iWi4uĭiA#PDZtfjFsҳo?Јԏ'9;` 0dqg5Nm3> endobj 4543 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [472.026 631.069 522.316 641.973] /A << /S /GoTo /D (0:PATHS) >> >> endobj 4551 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [70.735 618.117 135.213 629.021] /A << /S /GoTo /D (0:PATHS) >> >> endobj 4547 0 obj << /D [4545 0 R /XYZ -1.269 814.22 null] >> endobj 4548 0 obj << /D [4545 0 R /XYZ 71.731 718.306 null] >> endobj 4549 0 obj << /D [4545 0 R /XYZ 463.929 685.031 null] >> endobj 4550 0 obj << /D [4545 0 R /XYZ 71.731 647.173 null] >> endobj 4552 0 obj << /D [4545 0 R /XYZ 148.134 621.27 null] >> endobj 4553 0 obj << /D [4545 0 R /XYZ 119.552 608.319 null] >> endobj 4554 0 obj << /D [4545 0 R /XYZ 71.731 588.274 null] >> endobj 4555 0 obj << /D [4545 0 R /XYZ 71.731 588.274 null] >> endobj 4556 0 obj << /D [4545 0 R /XYZ 71.731 587.029 null] >> endobj 4557 0 obj << /D [4545 0 R /XYZ 137.484 567.97 null] >> endobj 4558 0 obj << /D [4545 0 R /XYZ 137.484 567.97 null] >> endobj 4559 0 obj << /D [4545 0 R /XYZ 71.731 566.589 null] >> endobj 4560 0 obj << /D [4545 0 R /XYZ 137.484 550.037 null] >> endobj 4561 0 obj << /D [4545 0 R /XYZ 137.484 550.037 null] >> endobj 1199 0 obj << /D [4545 0 R /XYZ 71.731 520.897 null] >> endobj 530 0 obj << /D [4545 0 R /XYZ 404.76 475.642 null] >> endobj 4562 0 obj << /D [4545 0 R /XYZ 71.731 451.887 null] >> endobj 4563 0 obj << /D [4545 0 R /XYZ 71.731 382.203 null] >> endobj 4564 0 obj << /D [4545 0 R /XYZ 313.09 371.035 null] >> endobj 4565 0 obj << /D [4545 0 R /XYZ 394.882 371.035 null] >> endobj 4566 0 obj << /D [4545 0 R /XYZ 438.258 371.035 null] >> endobj 4567 0 obj << /D [4545 0 R /XYZ 71.731 323.05 null] >> endobj 4568 0 obj << /D [4545 0 R /XYZ 380.938 312.255 null] >> endobj 4569 0 obj << /D [4545 0 R /XYZ 450.815 312.255 null] >> endobj 4570 0 obj << /D [4545 0 R /XYZ 71.731 290.173 null] >> endobj 4571 0 obj << /D [4545 0 R /XYZ 378.846 266.427 null] >> endobj 4572 0 obj << /D [4545 0 R /XYZ 458.128 266.427 null] >> endobj 4573 0 obj << /D [4545 0 R /XYZ 119.552 253.475 null] >> endobj 1200 0 obj << /D [4545 0 R /XYZ 71.731 224.544 null] >> endobj 534 0 obj << /D [4545 0 R /XYZ 295.804 181.073 null] >> endobj 4574 0 obj << /D [4545 0 R /XYZ 71.731 157.317 null] >> endobj 4575 0 obj << /D [4545 0 R /XYZ 150.824 135.245 null] >> endobj 4544 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4578 0 obj << /Length 1119 /Filter /FlateDecode >> stream xڭWMo6W2+T4nS8e큖X(*i}"\797of {BOIAǹ;xIZa^x$,vӐ^QZYo(4K/cK/T5LZBn|?w^؏fq\Y$ 0"Aȋ6utP3 ?4HD}8҃]yƑթ,8MGY:2EiYyPhm 7A4 q0X%t Zl5H83$xr&MXRgKXE0SbZ03YB0ql-'5{ s&_+| ]fA&t a2WӒp\8PU5tB- EKku%@D;4?6}I6=go^t)Iۻ/U{5*aZ')E˪'&ڣ>OrxSv]ZaQ-.;s endstream endobj 4577 0 obj << /Type /Page /Contents 4578 0 R /Resources 4576 0 R /MediaBox [0 0 593.051 789.041] /Parent 4500 0 R >> endobj 4579 0 obj << /D [4577 0 R /XYZ -1.269 814.22 null] >> endobj 4580 0 obj << /D [4577 0 R /XYZ 71.731 741.22 null] >> endobj 4581 0 obj << /D [4577 0 R /XYZ 71.731 718.306 null] >> endobj 4582 0 obj << /D [4577 0 R /XYZ 203.307 708.344 null] >> endobj 1201 0 obj << /D [4577 0 R /XYZ 71.731 691.99 null] >> endobj 538 0 obj << /D [4577 0 R /XYZ 345.522 648.893 null] >> endobj 4583 0 obj << /D [4577 0 R /XYZ 71.731 625.137 null] >> endobj 4584 0 obj << /D [4577 0 R /XYZ 71.731 625.137 null] >> endobj 4585 0 obj << /D [4577 0 R /XYZ 425.094 616.016 null] >> endobj 4586 0 obj << /D [4577 0 R /XYZ 205.508 603.064 null] >> endobj 4587 0 obj << /D [4577 0 R /XYZ 71.731 580.982 null] >> endobj 4588 0 obj << /D [4577 0 R /XYZ 71.731 535.154 null] >> endobj 4589 0 obj << /D [4577 0 R /XYZ 71.731 522.203 null] >> endobj 4590 0 obj << /D [4577 0 R /XYZ 71.731 507.259 null] >> endobj 4591 0 obj << /D [4577 0 R /XYZ 71.731 496.365 null] >> endobj 4592 0 obj << /D [4577 0 R /XYZ 139.477 478.531 null] >> endobj 4593 0 obj << /D [4577 0 R /XYZ 71.731 466.412 null] >> endobj 4594 0 obj << /D [4577 0 R /XYZ 71.731 455.518 null] >> endobj 4595 0 obj << /D [4577 0 R /XYZ 139.477 437.685 null] >> endobj 4596 0 obj << /D [4577 0 R /XYZ 71.731 412.614 null] >> endobj 4597 0 obj << /D [4577 0 R /XYZ 71.731 401.72 null] >> endobj 4598 0 obj << /D [4577 0 R /XYZ 139.477 383.886 null] >> endobj 4599 0 obj << /D [4577 0 R /XYZ 71.731 373.824 null] >> endobj 4600 0 obj << /D [4577 0 R /XYZ 71.731 358.816 null] >> endobj 4601 0 obj << /D [4577 0 R /XYZ 139.477 343.04 null] >> endobj 4602 0 obj << /D [4577 0 R /XYZ 71.731 330.92 null] >> endobj 4603 0 obj << /D [4577 0 R /XYZ 71.731 320.026 null] >> endobj 4604 0 obj << /D [4577 0 R /XYZ 139.477 302.193 null] >> endobj 4605 0 obj << /D [4577 0 R /XYZ 71.731 292.131 null] >> endobj 4606 0 obj << /D [4577 0 R /XYZ 71.731 279.179 null] >> endobj 4607 0 obj << /D [4577 0 R /XYZ 139.477 261.346 null] >> endobj 4608 0 obj << /D [4577 0 R /XYZ 71.731 249.226 null] >> endobj 4609 0 obj << /D [4577 0 R /XYZ 71.731 238.332 null] >> endobj 4610 0 obj << /D [4577 0 R /XYZ 139.477 220.499 null] >> endobj 4611 0 obj << /D [4577 0 R /XYZ 71.731 210.437 null] >> endobj 4612 0 obj << /D [4577 0 R /XYZ 71.731 197.585 null] >> endobj 4613 0 obj << /D [4577 0 R /XYZ 139.477 179.652 null] >> endobj 4614 0 obj << /D [4577 0 R /XYZ 71.731 167.533 null] >> endobj 4615 0 obj << /D [4577 0 R /XYZ 71.731 156.639 null] >> endobj 4616 0 obj << /D [4577 0 R /XYZ 139.477 138.805 null] >> endobj 4576 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4620 0 obj << /Length 1841 /Filter /FlateDecode >> stream xڵZmo6_ j5C(؀.K!0-Fcbz$Yw_,9gW'3=|^ȏڣAp{(}o>̮7|ۈjC<~^G]%{qlndP3|Zr t/|?A!Zw7q}sOCoAJ`F_K-6uBq7h$|lxDZ7(ts?}p&V*٦Ec>b\?VB٫y^lrFM >JB't^$efQwQ83v/,ַnYi82(j,׌iQ 悧Ğ黷0+-ǭA2XHWw]V~_lx3 h{U?MwUee(E`7bZFZ̛?mY.3qz+R5;)E^ G. | -/AQ'kXN U]Ū E7B9Y;?w֚<W!b Q"" f6M鮽 ( |,@I~ +%)O d:lNUEY! =؏) 32n‮olXݚz0b%U[ vY]eJHBBDt^K7XySKy׎v Cоny dfAXaOz]vS%9ҰzCCv",Gguf 6JZLE21H'RǪ-[7ˋ/QG<L EAŇO[7&̽Ov^ 0, %GA; 0mdסA MS(Sܔd8=+P)SH|B*GMy 2%W(Ahz\sD'Mf֜#N rz <\< ^q,HcPDixdE&_qƎۆWn{g0@`1N`q,Hb#?Nan#4N jOMLmEsc7hɦ;jRG@+֞@Dǘ<[c7α -`Oqn/p9PeWr mxPwMLj>[#cwֱ -plvV ߞ//!zwrj^rWn`q2@ 2I~C:G#dF@Ǔ(qB]=駞W`Ld4HK&%(IЏsuv.mN.?D5?`0d2%D(4$* ):B]g 0=`8X?Li`^>jZx=[J#_bv<&rB_Cq+4}Wx Vc,Xj~n> endobj 4617 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [394.18 569.699 443.216 580.603] /A << /S /GoTo /D (0:PATHS) >> >> endobj 4621 0 obj << /D [4619 0 R /XYZ -1.269 814.22 null] >> endobj 4622 0 obj << /D [4619 0 R /XYZ 71.731 741.22 null] >> endobj 4623 0 obj << /D [4619 0 R /XYZ 71.731 718.306 null] >> endobj 4624 0 obj << /D [4619 0 R /XYZ 71.731 707.163 null] >> endobj 4625 0 obj << /D [4619 0 R /XYZ 139.477 690.411 null] >> endobj 4626 0 obj << /D [4619 0 R /XYZ 71.731 609.549 null] >> endobj 4627 0 obj << /D [4619 0 R /XYZ 225.663 585.803 null] >> endobj 4628 0 obj << /D [4619 0 R /XYZ 279.062 585.803 null] >> endobj 4629 0 obj << /D [4619 0 R /XYZ 354.718 585.803 null] >> endobj 4630 0 obj << /D [4619 0 R /XYZ 251.246 572.852 null] >> endobj 4631 0 obj << /D [4619 0 R /XYZ 257.523 559.9 null] >> endobj 4632 0 obj << /D [4619 0 R /XYZ 325.308 559.9 null] >> endobj 4633 0 obj << /D [4619 0 R /XYZ 71.731 537.818 null] >> endobj 4634 0 obj << /D [4619 0 R /XYZ 71.731 524.867 null] >> endobj 4635 0 obj << /D [4619 0 R /XYZ 71.731 513.659 null] >> endobj 4636 0 obj << /D [4619 0 R /XYZ 71.731 513.659 null] >> endobj 4637 0 obj << /D [4619 0 R /XYZ 71.731 385.938 null] >> endobj 4638 0 obj << /D [4619 0 R /XYZ 71.731 373.819 null] >> endobj 4639 0 obj << /D [4619 0 R /XYZ 71.731 362.611 null] >> endobj 4640 0 obj << /D [4619 0 R /XYZ 71.731 362.611 null] >> endobj 4641 0 obj << /D [4619 0 R /XYZ 71.731 300.842 null] >> endobj 4642 0 obj << /D [4619 0 R /XYZ 71.731 280.917 null] >> endobj 1202 0 obj << /D [4619 0 R /XYZ 71.731 232.698 null] >> endobj 542 0 obj << /D [4619 0 R /XYZ 161.302 187.444 null] >> endobj 4643 0 obj << /D [4619 0 R /XYZ 71.731 167.303 null] >> endobj 4644 0 obj << /D [4619 0 R /XYZ 200.478 154.567 null] >> endobj 4645 0 obj << /D [4619 0 R /XYZ 71.731 129.496 null] >> endobj 4646 0 obj << /D [4619 0 R /XYZ 71.731 129.496 null] >> endobj 4647 0 obj << /D [4619 0 R /XYZ 143.761 119.997 null] >> endobj 4648 0 obj << /D [4619 0 R /XYZ 216.389 119.997 null] >> endobj 4618 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R /F51 1354 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4651 0 obj << /Length 1654 /Filter /FlateDecode >> stream xXK6@l`%%Q$ h"-Ɂ鵺wdr( bp^oxWo6W7p,f 8]$aR,6kZ.We󭨿`:[O}{BՒǚ-D`_.Cݰ`|Z{>I,SY]Vg#yäs{h(d^p4]>^Tw wC=b)G fcG{QgGrY4(L@mwfjC>+BGQfD's}6's;s $t ic%:Hfb4'.^Vz#?.\7N/~Sލ^ul!M 'MCFSZɖgW(dY YtE.?G-NQtv)n)yOd&;I(bjǟn$/l1 'Vuek{'oGRr_y.4lTZ{ J!y6W [buf>9w~?P~;]}0-Nʄe FJxarg黺x`Ê.Ӹ|?6*&Jm:IxxV689S(Pǝruhű}3hٶt!J{a%w'ks 3:Zl.๲GGqz: NEL~9AaTGcܻO#%:Rh(XˡpR{L;WxM"R?y q(3{![B*ɐl~aϷ!pLu'ݻ&<^hdW8\.FAuި7޳0 "S[oj4k꟧lUJQWP\]}THʃE$k7HAƗbjj"9Fl`wiy%IHF^p, Nyue$'\f4>#r:`  3LOTvu_էގUQUWXJ)`*o)nӼ9Ve8= 8BC`#qqh)x}i6tu# EAnq@"cA0uN~M򡢀aBQSCT_'UcKh,}~o>z8os!s`8M!/11a3n47xtFL eE4^LS1c of;,5_ɕ(.q6SIS6(sf5R"dn j0 d@$p t~4ձ*qFD+0ԓ|i7" "rofLEQN_jlWG~t5081X3$:!յSݢ979ӦWq._~2M׌s0*MPb+X!;/9f9p;Tѧ&/|'CD><:0P z[6W%H endstream endobj 4650 0 obj << /Type /Page /Contents 4651 0 R /Resources 4649 0 R /MediaBox [0 0 593.051 789.041] /Parent 4500 0 R >> endobj 4652 0 obj << /D [4650 0 R /XYZ -1.269 814.22 null] >> endobj 4653 0 obj << /D [4650 0 R /XYZ 71.731 741.22 null] >> endobj 4654 0 obj << /D [4650 0 R /XYZ 71.731 718.306 null] >> endobj 4655 0 obj << /D [4650 0 R /XYZ 71.731 654.05 null] >> endobj 4656 0 obj << /D [4650 0 R /XYZ 71.731 640.035 null] >> endobj 4657 0 obj << /D [4650 0 R /XYZ 71.731 625.091 null] >> endobj 4658 0 obj << /D [4650 0 R /XYZ 183.331 615.592 null] >> endobj 4659 0 obj << /D [4650 0 R /XYZ 426.191 615.592 null] >> endobj 4660 0 obj << /D [4650 0 R /XYZ 71.731 566.077 null] >> endobj 4661 0 obj << /D [4650 0 R /XYZ 71.731 566.077 null] >> endobj 4662 0 obj << /D [4650 0 R /XYZ 71.731 556.115 null] >> endobj 4663 0 obj << /D [4650 0 R /XYZ 137.484 523.238 null] >> endobj 4664 0 obj << /D [4650 0 R /XYZ 316.96 523.238 null] >> endobj 4665 0 obj << /D [4650 0 R /XYZ 320.835 510.286 null] >> endobj 4666 0 obj << /D [4650 0 R /XYZ 71.731 482.227 null] >> endobj 4667 0 obj << /D [4650 0 R /XYZ 137.484 466.451 null] >> endobj 4668 0 obj << /D [4650 0 R /XYZ 71.731 459.686 null] >> endobj 4669 0 obj << /D [4650 0 R /XYZ 71.731 459.686 null] >> endobj 4670 0 obj << /D [4650 0 R /XYZ 161.694 449.813 null] >> endobj 4671 0 obj << /D [4650 0 R /XYZ 229.479 449.813 null] >> endobj 4672 0 obj << /D [4650 0 R /XYZ 71.731 448.752 null] >> endobj 4673 0 obj << /D [4650 0 R /XYZ 161.694 438.157 null] >> endobj 4674 0 obj << /D [4650 0 R /XYZ 229.479 438.157 null] >> endobj 4675 0 obj << /D [4650 0 R /XYZ 71.731 437.096 null] >> endobj 4676 0 obj << /D [4650 0 R /XYZ 161.694 426.501 null] >> endobj 4677 0 obj << /D [4650 0 R /XYZ 71.731 425.44 null] >> endobj 4678 0 obj << /D [4650 0 R /XYZ 137.484 408.568 null] >> endobj 4679 0 obj << /D [4650 0 R /XYZ 212.482 408.568 null] >> endobj 4680 0 obj << /D [4650 0 R /XYZ 71.731 406.411 null] >> endobj 4681 0 obj << /D [4650 0 R /XYZ 137.484 390.635 null] >> endobj 4682 0 obj << /D [4650 0 R /XYZ 373.278 390.635 null] >> endobj 4683 0 obj << /D [4650 0 R /XYZ 71.731 368.553 null] >> endobj 4684 0 obj << /D [4650 0 R /XYZ 251.665 357.758 null] >> endobj 4685 0 obj << /D [4650 0 R /XYZ 310.445 357.758 null] >> endobj 4686 0 obj << /D [4650 0 R /XYZ 71.731 323.098 null] >> endobj 4687 0 obj << /D [4650 0 R /XYZ 192.836 311.93 null] >> endobj 4688 0 obj << /D [4650 0 R /XYZ 251.616 311.93 null] >> endobj 4689 0 obj << /D [4650 0 R /XYZ 137.484 298.979 null] >> endobj 4690 0 obj << /D [4650 0 R /XYZ 189.937 286.027 null] >> endobj 4691 0 obj << /D [4650 0 R /XYZ 71.731 263.945 null] >> endobj 4692 0 obj << /D [4650 0 R /XYZ 245.11 253.151 null] >> endobj 4693 0 obj << /D [4650 0 R /XYZ 341.548 253.151 null] >> endobj 4694 0 obj << /D [4650 0 R /XYZ 394.948 253.151 null] >> endobj 4695 0 obj << /D [4650 0 R /XYZ 137.484 240.199 null] >> endobj 4696 0 obj << /D [4650 0 R /XYZ 223.163 240.199 null] >> endobj 4697 0 obj << /D [4650 0 R /XYZ 292.702 240.199 null] >> endobj 4698 0 obj << /D [4650 0 R /XYZ 124.533 226.003 null] >> endobj 4699 0 obj << /D [4650 0 R /XYZ 137.484 208.07 null] >> endobj 4700 0 obj << /D [4650 0 R /XYZ 207.491 208.07 null] >> endobj 4701 0 obj << /D [4650 0 R /XYZ 279.401 208.07 null] >> endobj 4702 0 obj << /D [4650 0 R /XYZ 71.731 157.26 null] >> endobj 4703 0 obj << /D [4650 0 R /XYZ 155.237 144.309 null] >> endobj 4704 0 obj << /D [4650 0 R /XYZ 71.731 129.201 null] >> endobj 4649 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4707 0 obj << /Length 1649 /Filter /FlateDecode >> stream xڵXK6ڀMz;@4IS4$F遖6C̤$r|3\oq\x7w?ﶯ`#؏E$I}cĪ׫y˘ߗyEy4mfٜYrE%nP~9Єk?Z?HIƀ^Sa:La $lYʘ KuU5,a8Zr;@Nw/Y9jF1 S2:4&fN/& bdn,'NJI%F(3'X#d̹( 4'>@ P?s2rn?y>2ч5!~ hy$w1a$+{DAaBvAhoMsQ;DN;*B?ϛRPFciAvux>(^i&UldgkVWߤsĠTMp#y¤CWlkJBOFd؎DPЊL'FD}e>j좦aB@ͫh"d#z ARJ*%nv.}ό-k۔26Υe^q!Tc)QN,Rg'.='b-p,KHёϜjWFjy=B3Y+܂iJAO~w6;'̼۶mD[B$xqV6%ϚYs^ghqh 7'"lz`6]2Xىk3M6Lk l͊6a6nUM5A j5֖pSxpuZnm]Ó-lq ~Vkzkc8@^A{?oﮣ \3N^ }'[ĭ9qO?|x0D_AmW[&Y1`ug'8De(VmX-"BZ.!zH̟|knܟgQsMֱwG'M`RA_EJ(U]s0{M1s豔쪅r2oi 0F?' 'g^) endstream endobj 4706 0 obj << /Type /Page /Contents 4707 0 R /Resources 4705 0 R /MediaBox [0 0 593.051 789.041] /Parent 4740 0 R >> endobj 4708 0 obj << /D [4706 0 R /XYZ -1.269 814.22 null] >> endobj 4709 0 obj << /D [4706 0 R /XYZ 71.731 718.306 null] >> endobj 4710 0 obj << /D [4706 0 R /XYZ 330.494 708.344 null] >> endobj 4711 0 obj << /D [4706 0 R /XYZ 495.814 708.344 null] >> endobj 4712 0 obj << /D [4706 0 R /XYZ 161.265 676.234 null] >> endobj 4713 0 obj << /D [4706 0 R /XYZ 213.557 676.234 null] >> endobj 4714 0 obj << /D [4706 0 R /XYZ 76.712 654.615 null] >> endobj 4715 0 obj << /D [4706 0 R /XYZ 71.731 634.69 null] >> endobj 4716 0 obj << /D [4706 0 R /XYZ 473.604 623.034 null] >> endobj 1203 0 obj << /D [4706 0 R /XYZ 71.731 583.482 null] >> endobj 546 0 obj << /D [4706 0 R /XYZ 468.524 538.228 null] >> endobj 4717 0 obj << /D [4706 0 R /XYZ 71.731 514.739 null] >> endobj 4718 0 obj << /D [4706 0 R /XYZ 200.478 505.351 null] >> endobj 4719 0 obj << /D [4706 0 R /XYZ 337.802 505.351 null] >> endobj 4720 0 obj << /D [4706 0 R /XYZ 248.248 492.4 null] >> endobj 4721 0 obj << /D [4706 0 R /XYZ 318.364 492.4 null] >> endobj 4722 0 obj << /D [4706 0 R /XYZ 71.731 470.317 null] >> endobj 4723 0 obj << /D [4706 0 R /XYZ 242.4 459.523 null] >> endobj 4724 0 obj << /D [4706 0 R /XYZ 384.067 459.523 null] >> endobj 4725 0 obj << /D [4706 0 R /XYZ 119.552 446.571 null] >> endobj 4726 0 obj << /D [4706 0 R /XYZ 71.731 445.191 null] >> endobj 4727 0 obj << /D [4706 0 R /XYZ 71.731 430.247 null] >> endobj 4728 0 obj << /D [4706 0 R /XYZ 221.025 419.971 null] >> endobj 4729 0 obj << /D [4706 0 R /XYZ 291.285 419.971 null] >> endobj 4730 0 obj << /D [4706 0 R /XYZ 432.221 419.971 null] >> endobj 4731 0 obj << /D [4706 0 R /XYZ 139.477 396.659 null] >> endobj 4732 0 obj << /D [4706 0 R /XYZ 247.351 396.659 null] >> endobj 1204 0 obj << /D [4706 0 R /XYZ 71.731 368.763 null] >> endobj 550 0 obj << /D [4706 0 R /XYZ 358.399 323.509 null] >> endobj 4733 0 obj << /D [4706 0 R /XYZ 71.731 299.753 null] >> endobj 4734 0 obj << /D [4706 0 R /XYZ 71.731 243.021 null] >> endobj 4735 0 obj << /D [4706 0 R /XYZ 456.007 205.95 null] >> endobj 4736 0 obj << /D [4706 0 R /XYZ 219.715 192.998 null] >> endobj 4737 0 obj << /D [4706 0 R /XYZ 119.552 180.047 null] >> endobj 4738 0 obj << /D [4706 0 R /XYZ 71.731 160.002 null] >> endobj 4739 0 obj << /D [4706 0 R /XYZ 71.731 134.119 null] >> endobj 4705 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R /F51 1354 0 R /F60 1532 0 R /F31 938 0 R /F38 1036 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4743 0 obj << /Length 1795 /Filter /FlateDecode >> stream xڝX[o6~[mfEYu[ $}b`$&"D%~śHYDswq8,/~{v(Pn&|(O]|w$j2C;|0t9W硦k(T=|>|UMx>N8A$8.P3xHQ C#,5r|:h94$BiOLՓR4k+-6Nx+#^\tIF(GڹJJ= I;jFVh>istɛVf85FtǨHu(O䉢T 9>>|HNpm]zA: ' =q.S?4(ySՁ{j LTT0h`L(xxuwhI' &KmLw7~YL5VAF.<XytYpR҈g0'|Q{nDbA":3L*҆ԉ''T1*郓~ȉ⚪/n đ3` 0^ZIJ:[C/|VÏ1Fվ\;κ^\OG4AId[mwK 8]F#0%Vv r 6R(00!9v9) AN95XL-ɎqՐUs$ж|pqȊ-FZ`2 :>Lx>źsA)KZ75IA\5mW!:5 ovrFtiH.kŎ+4َR3-k&Gﳦ&,k *## [a063 ä8E NޓXmBmNd=gLO3@ҲW6\`懆֚71.< FH#^oXq7a鳝c~_qETy?*+G̪χgѱ^=zyt|Idmaa4}ӸN4%o@OgPC{mSpxk#] {w}yt G Kͤo;@x ܪ~/ـt|%gFʬ|mV鎬ҟNq"i47(Ff.._niaτYQxa#2n|X%cHTns@>8CLO>IhaQA ]#\a9lګzrr<]N8-Pu3Mi}|Б0@wa܎x%no:gaowa!.bm8Q(.|_Ek endstream endobj 4742 0 obj << /Type /Page /Contents 4743 0 R /Resources 4741 0 R /MediaBox [0 0 593.051 789.041] /Parent 4740 0 R >> endobj 4744 0 obj << /D [4742 0 R /XYZ -1.269 814.22 null] >> endobj 554 0 obj << /D [4742 0 R /XYZ 380.907 707.841 null] >> endobj 4745 0 obj << /D [4742 0 R /XYZ 71.731 684.724 null] >> endobj 4746 0 obj << /D [4742 0 R /XYZ 200.478 674.964 null] >> endobj 4747 0 obj << /D [4742 0 R /XYZ 71.731 626.979 null] >> endobj 4748 0 obj << /D [4742 0 R /XYZ 301.208 590.282 null] >> endobj 4749 0 obj << /D [4742 0 R /XYZ 363.783 590.282 null] >> endobj 4750 0 obj << /D [4742 0 R /XYZ 71.731 568.2 null] >> endobj 4751 0 obj << /D [4742 0 R /XYZ 211.127 557.405 null] >> endobj 4752 0 obj << /D [4742 0 R /XYZ 262.294 544.454 null] >> endobj 4753 0 obj << /D [4742 0 R /XYZ 71.731 541.051 null] >> endobj 558 0 obj << /D [4742 0 R /XYZ 357.638 503.836 null] >> endobj 4754 0 obj << /D [4742 0 R /XYZ 71.731 480.719 null] >> endobj 4755 0 obj << /D [4742 0 R /XYZ 173.957 445.056 null] >> endobj 4756 0 obj << /D [4742 0 R /XYZ 426.657 445.056 null] >> endobj 4757 0 obj << /D [4742 0 R /XYZ 232.716 432.105 null] >> endobj 4758 0 obj << /D [4742 0 R /XYZ 320.107 432.105 null] >> endobj 4759 0 obj << /D [4742 0 R /XYZ 71.731 417.37 null] >> endobj 4760 0 obj << /D [4742 0 R /XYZ 71.731 402.426 null] >> endobj 4761 0 obj << /D [4742 0 R /XYZ 71.731 308.07 null] >> endobj 4762 0 obj << /D [4742 0 R /XYZ 232.617 282.167 null] >> endobj 4763 0 obj << /D [4742 0 R /XYZ 320.456 282.167 null] >> endobj 4764 0 obj << /D [4742 0 R /XYZ 71.731 247.851 null] >> endobj 4765 0 obj << /D [4742 0 R /XYZ 294.335 236.339 null] >> endobj 4766 0 obj << /D [4742 0 R /XYZ 194.251 223.388 null] >> endobj 4767 0 obj << /D [4742 0 R /XYZ 71.731 221.231 null] >> endobj 4768 0 obj << /D [4742 0 R /XYZ 71.731 206.287 null] >> endobj 4769 0 obj << /D [4742 0 R /XYZ 190.558 185.131 null] >> endobj 1205 0 obj << /D [4742 0 R /XYZ 71.731 147.273 null] >> endobj 4741 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4773 0 obj << /Length 1747 /Filter /FlateDecode >> stream xڝXKo6-63z.)EInDJJJq_ߡ8>î)i8faa-޿ͻ0\l6 ~F[%Ed|iy{uj2!VT=/8W,#3B|o<4]/~iA0L^d,Hs q0kڵ|D)b]ISHhlʏL*.*' |sFCUpmk!kt]^Q,C ɴ2{)J: ΪF!OGePɎi/5}`9Drw6+t4 >>^:5Q֎\'$V8sgQ7DXRQ be 1_P9摣xo0%#1؂Gsd;p4$q!jb?I%ڸ|o\NE;bD qHly~Jk0Ugb&b[&$P Ԍ~B/2x x\}fu w%Sm՗Y1"P5/?H8S "+D3os ,;HH8eBL I8KꝮv29؞xEaVX}T(LUXK p"% *ʒ6̾{DZ;^Um,.ݺkFSڒM[F?&J t|1ZU/C`:ui[%64WJRVjJD~ꉙF&Rի?v[_jVj3\v֋-Cܝk=AeF1O..y~#rS\C#f2XqiF,QEZ#)l7_y`!t*# E[_6;B0 D*r*2ЌRװ2h4șda퉞ӌ'É)DۭMB;h%Z7b:ɊN,8/ff+O*J5`:^xԑU?MIQo6Z`%˺`%$}7hjRZ:urv=a0*!#W. t@8U>*+ݣm<,s:#{ Iga_;iUϏ8XU  Zjh;ʉrV!w]RʘдՏOwq@#+Zyi T_#k r5m4wN.ͭ3iv:z$J+|n&<@ b:w{܀պxQH4CP;> endobj 4770 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 428.324 165.379 438.854] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 4774 0 obj << /D [4772 0 R /XYZ -1.269 814.22 null] >> endobj 562 0 obj << /D [4772 0 R /XYZ 238.03 705.748 null] >> endobj 4775 0 obj << /D [4772 0 R /XYZ 71.731 681.992 null] >> endobj 4776 0 obj << /D [4772 0 R /XYZ 71.731 681.992 null] >> endobj 4777 0 obj << /D [4772 0 R /XYZ 204.055 659.92 null] >> endobj 4778 0 obj << /D [4772 0 R /XYZ 471.281 659.92 null] >> endobj 4779 0 obj << /D [4772 0 R /XYZ 313.821 646.968 null] >> endobj 4780 0 obj << /D [4772 0 R /XYZ 379.425 646.968 null] >> endobj 4781 0 obj << /D [4772 0 R /XYZ 71.731 624.886 null] >> endobj 4782 0 obj << /D [4772 0 R /XYZ 228.303 614.091 null] >> endobj 4783 0 obj << /D [4772 0 R /XYZ 283.914 614.091 null] >> endobj 4784 0 obj << /D [4772 0 R /XYZ 326.812 614.091 null] >> endobj 4785 0 obj << /D [4772 0 R /XYZ 425.073 614.091 null] >> endobj 4786 0 obj << /D [4772 0 R /XYZ 310.743 575.237 null] >> endobj 4787 0 obj << /D [4772 0 R /XYZ 386.707 575.237 null] >> endobj 1206 0 obj << /D [4772 0 R /XYZ 71.731 545.932 null] >> endobj 566 0 obj << /D [4772 0 R /XYZ 292.43 502.835 null] >> endobj 4788 0 obj << /D [4772 0 R /XYZ 71.731 479.346 null] >> endobj 4789 0 obj << /D [4772 0 R /XYZ 364.291 469.958 null] >> endobj 4790 0 obj << /D [4772 0 R /XYZ 327.928 444.055 null] >> endobj 1207 0 obj << /D [4772 0 R /XYZ 71.731 428.075 null] >> endobj 570 0 obj << /D [4772 0 R /XYZ 276.558 384.604 null] >> endobj 4791 0 obj << /D [4772 0 R /XYZ 71.731 360.848 null] >> endobj 4792 0 obj << /D [4772 0 R /XYZ 119.552 338.776 null] >> endobj 4793 0 obj << /D [4772 0 R /XYZ 223.013 338.776 null] >> endobj 4794 0 obj << /D [4772 0 R /XYZ 71.731 317.067 null] >> endobj 4795 0 obj << /D [4772 0 R /XYZ 71.731 259.971 null] >> endobj 4796 0 obj << /D [4772 0 R /XYZ 200.279 234.168 null] >> endobj 4797 0 obj << /D [4772 0 R /XYZ 71.731 199.135 null] >> endobj 4798 0 obj << /D [4772 0 R /XYZ 221.369 188.34 null] >> endobj 4799 0 obj << /D [4772 0 R /XYZ 257.343 188.34 null] >> endobj 4800 0 obj << /D [4772 0 R /XYZ 268.691 175.389 null] >> endobj 4801 0 obj << /D [4772 0 R /XYZ 71.731 153.306 null] >> endobj 4802 0 obj << /D [4772 0 R /XYZ 71.731 120.43 null] >> endobj 4803 0 obj << /D [4772 0 R /XYZ 71.731 120.43 null] >> endobj 4804 0 obj << /D [4772 0 R /XYZ 71.731 119.184 null] >> endobj 4771 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4807 0 obj << /Length 1404 /Filter /FlateDecode >> stream xڥWn6}W YChviDyuI~}PloپXc9`7a$OxA&Yd1Vz/lKyB֟(廾Qz熞Rrf(s|^6B,HIRfXr%`D$ d]uZNVDYw#kd!#O5h )D+}@{Ytu}Tmw^,8ڤds  B7,'?֍8.f_?}`vDls%$K?$a48-Pi DyEKDI]]N@#<ԍG`f0s| au#<)(!LTG9> G%!(ݗEb3Vs$7HwWwo_9^8Q+wLNod[Ӹ3n+ٶbwĂM(IQZDPq@'՞FޞhhB]o<˥u;k_z Ltr& 1^f_f Ҁ, jf^ 62*NrX*7; "{G8` #` }Kj_9j.ʂ 5bˌp8Cn@8@ټ$dFjGY0fOjptuFQ*;gpo$b߂%pS?{ ۘ@b%<7%jIĽq2eB}/maqX}-jvnXCsFgX;ԟSoWpY 唤4Y6pQ`z/VZ;AuʡA˥b]%<pIdQ(UݴqZbwSh]w~&N>(1\q6kL2]F K{[ѱwXPd(OT.8a7/Z;Cj<!)M*㈻qS{pwdI.fHf ܾ 2*};&!`(Kz̀vEqT8#Z5-}UWwrƤ/4yi.Zçz=jo~m;phUdu:{Zu&ib8P0JhUh:Y=ʿ endstream endobj 4806 0 obj << /Type /Page /Contents 4807 0 R /Resources 4805 0 R /MediaBox [0 0 593.051 789.041] /Parent 4740 0 R >> endobj 4808 0 obj << /D [4806 0 R /XYZ -1.269 814.22 null] >> endobj 4809 0 obj << /D [4806 0 R /XYZ 129.514 708.344 null] >> endobj 4810 0 obj << /D [4806 0 R /XYZ 156.363 708.344 null] >> endobj 4811 0 obj << /D [4806 0 R /XYZ 451.484 708.344 null] >> endobj 4812 0 obj << /D [4806 0 R /XYZ 215.551 695.392 null] >> endobj 4813 0 obj << /D [4806 0 R /XYZ 274.589 695.392 null] >> endobj 4814 0 obj << /D [4806 0 R /XYZ 344.716 695.392 null] >> endobj 4815 0 obj << /D [4806 0 R /XYZ 144.179 682.441 null] >> endobj 4816 0 obj << /D [4806 0 R /XYZ 71.731 680.284 null] >> endobj 4817 0 obj << /D [4806 0 R /XYZ 129.514 664.508 null] >> endobj 4818 0 obj << /D [4806 0 R /XYZ 71.731 636.448 null] >> endobj 4819 0 obj << /D [4806 0 R /XYZ 204.234 585.953 null] >> endobj 4820 0 obj << /D [4806 0 R /XYZ 71.731 556.292 null] >> endobj 4821 0 obj << /D [4806 0 R /XYZ 71.731 480.62 null] >> endobj 4822 0 obj << /D [4806 0 R /XYZ 129.514 462.687 null] >> endobj 4823 0 obj << /D [4806 0 R /XYZ 244.422 462.687 null] >> endobj 4824 0 obj << /D [4806 0 R /XYZ 71.731 447.579 null] >> endobj 4825 0 obj << /D [4806 0 R /XYZ 71.731 432.635 null] >> endobj 4826 0 obj << /D [4806 0 R /XYZ 428.729 423.136 null] >> endobj 4827 0 obj << /D [4806 0 R /XYZ 124.533 370.633 null] >> endobj 4828 0 obj << /D [4806 0 R /XYZ 129.514 352.7 null] >> endobj 4829 0 obj << /D [4806 0 R /XYZ 71.731 350.543 null] >> endobj 4830 0 obj << /D [4806 0 R /XYZ 129.514 334.767 null] >> endobj 4831 0 obj << /D [4806 0 R /XYZ 259.277 321.816 null] >> endobj 4805 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4836 0 obj << /Length 1488 /Filter /FlateDecode >> stream xڭWn6}Wۇ@Ĉ-Z`f/v7E>0mDUw(^t1Ӵ@939sfx{/^zy{q Pgy)Fi4 o[x_V7]$V)R;!:5ݭI7ZRkoVo@mHmQ2=?ܠ0$J[G5Uӊ5W`Zؚ\eC`%L250`ؑ^}LM^k)/Ԝy _`; \c6HT ?u=*GZ_GvdH],MυvL/ԘӲ|HySDpIQ\&I)beiNמڳޗln 5"}]=^D.BLA6JwlẔkOk NS* X0bu{wj<x*&\k,MЌͬ_xF F;Uísy&`LE#p^xg €k&T cKGr&E(snm6Df?a0}Hj,dXRJSznKkyJ J+߯cEs5f@ZAp )>%d@2sç_n1%J$Uzc{ntpcU+SpK=N7 "E7q,2{C2vdTIeo0R94&u(*0>ZfN+{mse.}֬[A{1 eYڊCbZBɕ)3uX:%aĎZmsW;̈́=n\Ȼip;GV8"&^xݥP-APf(Jlv^ F }ޗ.LHvUq4Gۜ6UzbnwҌ8Tw#*J5& | Goy5 XK5UC*乩 wí6jzuc¤6w iSJyaH[ޘHmyDbbO6P `~U-5pMaך]+w#3GC)M[wIao|%Nz(9ڴxZ'/r4|`\/fODrtE{chlN5mٰAj v?ӽ :>q,)pJa`aL{WିZJ0XۺD%( ipRt8eV^O&h%;t񸁜},dF"@"q0n/_"# endstream endobj 4835 0 obj << /Type /Page /Contents 4836 0 R /Resources 4834 0 R /MediaBox [0 0 593.051 789.041] /Parent 4740 0 R /Annots [ 4832 0 R 4833 0 R ] >> endobj 4832 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [456.983 556.717 506.019 567.62] /A << /S /GoTo /D (0:PATHS) >> >> endobj 4833 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [260.781 543.765 307.605 554.669] /A << /S /GoTo /D (0:CONSOLEDETAILS) >> >> endobj 4837 0 obj << /D [4835 0 R /XYZ -1.269 814.22 null] >> endobj 1208 0 obj << /D [4835 0 R /XYZ 71.731 718.306 null] >> endobj 574 0 obj << /D [4835 0 R /XYZ 463.515 703.236 null] >> endobj 4838 0 obj << /D [4835 0 R /XYZ 71.731 672.259 null] >> endobj 4839 0 obj << /D [4835 0 R /XYZ 71.731 672.259 null] >> endobj 1209 0 obj << /D [4835 0 R /XYZ 71.731 648.795 null] >> endobj 578 0 obj << /D [4835 0 R /XYZ 151.162 605.698 null] >> endobj 4840 0 obj << /D [4835 0 R /XYZ 71.731 582.209 null] >> endobj 4841 0 obj << /D [4835 0 R /XYZ 343.419 572.821 null] >> endobj 1210 0 obj << /D [4835 0 R /XYZ 71.731 543.516 null] >> endobj 582 0 obj << /D [4835 0 R /XYZ 316.686 500.419 null] >> endobj 4842 0 obj << /D [4835 0 R /XYZ 71.731 476.663 null] >> endobj 4843 0 obj << /D [4835 0 R /XYZ 374.702 454.59 null] >> endobj 4844 0 obj << /D [4835 0 R /XYZ 481.65 454.59 null] >> endobj 4845 0 obj << /D [4835 0 R /XYZ 177.942 441.639 null] >> endobj 4846 0 obj << /D [4835 0 R /XYZ 274.17 441.639 null] >> endobj 4847 0 obj << /D [4835 0 R /XYZ 71.731 419.557 null] >> endobj 4848 0 obj << /D [4835 0 R /XYZ 164.094 382.859 null] >> endobj 4849 0 obj << /D [4835 0 R /XYZ 244.592 382.859 null] >> endobj 4850 0 obj << /D [4835 0 R /XYZ 288.038 382.859 null] >> endobj 4851 0 obj << /D [4835 0 R /XYZ 341.996 382.859 null] >> endobj 4852 0 obj << /D [4835 0 R /XYZ 71.731 367.751 null] >> endobj 4853 0 obj << /D [4835 0 R /XYZ 71.731 352.807 null] >> endobj 1211 0 obj << /D [4835 0 R /XYZ 71.731 303.756 null] >> endobj 586 0 obj << /D [4835 0 R /XYZ 317.013 258.502 null] >> endobj 4854 0 obj << /D [4835 0 R /XYZ 71.731 234.746 null] >> endobj 4855 0 obj << /D [4835 0 R /XYZ 71.731 234.746 null] >> endobj 4856 0 obj << /D [4835 0 R /XYZ 189.011 212.674 null] >> endobj 4857 0 obj << /D [4835 0 R /XYZ 71.731 177.64 null] >> endobj 4858 0 obj << /D [4835 0 R /XYZ 474.288 166.845 null] >> endobj 4859 0 obj << /D [4835 0 R /XYZ 230.634 153.894 null] >> endobj 4860 0 obj << /D [4835 0 R /XYZ 274.539 153.894 null] >> endobj 4834 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4864 0 obj << /Length 1853 /Filter /FlateDecode >> stream xڭXYo8~ϯ E@ufѢ5hӢe&_Cih_,=Ovμ+F6˩̕&ZP#<9֡ ˷ƾrvDlD (DR.DB~?:b̏F8ao[ڇ.4+IIԞSFg>VIr~@=^/EcFM$Z1GnEԡFW7~,=/4QڂeOr,`S;IΩňaFuO&sqAĂA7_"r,W־;>FL^ Ft,ZXF R9fޱbFMYJ3!c-)BrtG c8&NousnᤖזUׄL$}*"%KyFUF:7BSI},T}D;- (&QLy(GtRyu$%'G/xenjul Ⱥ~lw):,܆H)wYH8fQu”`^m@C8:}Q{ ɡtL}YS_hKL[7Y"F=1ѠMv[Obm?QٺJft=K)kIAV,G;6,a!ފ'MC- a0mr凷cBu4.v Y'3&RINjsÄ[cWq/By3\h٨xoSp0Q&R4EPW\w8Fu_FkV5`g0l5:>5oJ@,J> endobj 4861 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [325.796 209.699 385.074 220.603] /A << /S /GoTo /D (0:DEFTRUST) >> >> endobj 4865 0 obj << /D [4863 0 R /XYZ -1.269 814.22 null] >> endobj 4866 0 obj << /D [4863 0 R /XYZ 71.731 718.306 null] >> endobj 4867 0 obj << /D [4863 0 R /XYZ 119.552 695.392 null] >> endobj 4868 0 obj << /D [4863 0 R /XYZ 216.527 695.392 null] >> endobj 4869 0 obj << /D [4863 0 R /XYZ 119.552 682.441 null] >> endobj 4870 0 obj << /D [4863 0 R /XYZ 71.731 660.493 null] >> endobj 4871 0 obj << /D [4863 0 R /XYZ 71.731 627.482 null] >> endobj 4872 0 obj << /D [4863 0 R /XYZ 71.731 627.482 null] >> endobj 4873 0 obj << /D [4863 0 R /XYZ 193.314 616.687 null] >> endobj 4874 0 obj << /D [4863 0 R /XYZ 71.731 594.74 null] >> endobj 4875 0 obj << /D [4863 0 R /XYZ 261.358 570.859 null] >> endobj 4876 0 obj << /D [4863 0 R /XYZ 119.552 557.908 null] >> endobj 4877 0 obj << /D [4863 0 R /XYZ 193.314 557.908 null] >> endobj 4878 0 obj << /D [4863 0 R /XYZ 71.731 555.885 null] >> endobj 4879 0 obj << /D [4863 0 R /XYZ 71.731 540.942 null] >> endobj 4880 0 obj << /D [4863 0 R /XYZ 139.477 507.995 null] >> endobj 4881 0 obj << /D [4863 0 R /XYZ 190.513 507.995 null] >> endobj 4882 0 obj << /D [4863 0 R /XYZ 71.731 470.137 null] >> endobj 4883 0 obj << /D [4863 0 R /XYZ 71.731 470.137 null] >> endobj 4884 0 obj << /D [4863 0 R /XYZ 71.731 460.174 null] >> endobj 4885 0 obj << /D [4863 0 R /XYZ 129.514 427.298 null] >> endobj 4886 0 obj << /D [4863 0 R /XYZ 237.827 427.298 null] >> endobj 4887 0 obj << /D [4863 0 R /XYZ 189.011 414.346 null] >> endobj 4888 0 obj << /D [4863 0 R /XYZ 71.731 392.264 null] >> endobj 4889 0 obj << /D [4863 0 R /XYZ 71.731 392.264 null] >> endobj 4890 0 obj << /D [4863 0 R /XYZ 71.731 392.264 null] >> endobj 4891 0 obj << /D [4863 0 R /XYZ 139.477 376.488 null] >> endobj 4892 0 obj << /D [4863 0 R /XYZ 139.477 376.488 null] >> endobj 4893 0 obj << /D [4863 0 R /XYZ 488.913 363.537 null] >> endobj 4894 0 obj << /D [4863 0 R /XYZ 71.731 350.486 null] >> endobj 4895 0 obj << /D [4863 0 R /XYZ 139.477 332.653 null] >> endobj 4896 0 obj << /D [4863 0 R /XYZ 139.477 332.653 null] >> endobj 4897 0 obj << /D [4863 0 R /XYZ 310.564 306.75 null] >> endobj 4898 0 obj << /D [4863 0 R /XYZ 124.533 274.62 null] >> endobj 4899 0 obj << /D [4863 0 R /XYZ 129.514 256.687 null] >> endobj 4900 0 obj << /D [4863 0 R /XYZ 152.199 243.736 null] >> endobj 4901 0 obj << /D [4863 0 R /XYZ 209.753 243.736 null] >> endobj 4902 0 obj << /D [4863 0 R /XYZ 177.374 230.785 null] >> endobj 4903 0 obj << /D [4863 0 R /XYZ 269.189 230.785 null] >> endobj 4904 0 obj << /D [4863 0 R /XYZ 350.255 230.785 null] >> endobj 4905 0 obj << /D [4863 0 R /XYZ 390.065 230.785 null] >> endobj 4906 0 obj << /D [4863 0 R /XYZ 71.731 228.628 null] >> endobj 4907 0 obj << /D [4863 0 R /XYZ 129.514 212.852 null] >> endobj 4908 0 obj << /D [4863 0 R /XYZ 71.731 199.801 null] >> endobj 4909 0 obj << /D [4863 0 R /XYZ 129.514 181.968 null] >> endobj 4910 0 obj << /D [4863 0 R /XYZ 265.941 169.016 null] >> endobj 4911 0 obj << /D [4863 0 R /XYZ 329.731 169.016 null] >> endobj 4912 0 obj << /D [4863 0 R /XYZ 71.731 166.859 null] >> endobj 4913 0 obj << /D [4863 0 R /XYZ 129.514 151.083 null] >> endobj 4862 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4916 0 obj << /Length 1673 /Filter /FlateDecode >> stream xڵXێ6}߯0ЇVW[JIݤmk( %&VQZg3b9IŦ(sfPl?sgw/6׷A0Kdf,bK:8gla@֋_s pW_aYIr^ќ/6 Wy$S_mx9 ?ZOLz!-3-]TWa)/!,g߈ߵ-CdƎzf"k\Mg%jiIݷ)4(7遊iF*y>@5 { {^fq ?d=0  =x =$x 0Qř0ARXd;H^ <"?I]=D aPNT P?FsKp:&ߛzoەBoZ3 f\QDa@(eE)%t &͊'TښDIzpoe_uZy*!ܯ۽a2N{̠w4mFufb?f5e0づqqj[j(W&onB++b?Ԡ& q(c'ڪ h(j/a~igK1_$VXt N8pjT [+?a,+ax^jҋNW'd-XÔH ?PY;묎fLߑ?QJ1lRbLu^9QC wt#XPhe2 _K9!\F @D u R(ZpH[:Py bxZFFk Xf[ܧaEɻgqTh_fU3N֊^z*Sd!hTyGŢ }?:8P=22#ݪ˻7;(?)o#@C?2 A8b-:C V6̠ua宦N# )_9o:nbu0HvWk*9*aRxIW7|o^?VT}73[zo4A:̄TKazO lq;l1Oũk +~iYmhVI ֏NsmQ(xgW:rܶF$>iHi0V MR"`_[k[ylŚ &샘Bhh-{؜;P,g͓LvEQ=YGusV'O(xi&e\ۏftJ^B)ɔ:[ںnE}szk1Aq> endobj 4917 0 obj << /D [4915 0 R /XYZ -1.269 814.22 null] >> endobj 4918 0 obj << /D [4915 0 R /XYZ 71.731 718.306 null] >> endobj 4919 0 obj << /D [4915 0 R /XYZ 71.731 718.306 null] >> endobj 4920 0 obj << /D [4915 0 R /XYZ 208.806 708.344 null] >> endobj 4921 0 obj << /D [4915 0 R /XYZ 71.731 673.31 null] >> endobj 4922 0 obj << /D [4915 0 R /XYZ 71.731 673.31 null] >> endobj 4923 0 obj << /D [4915 0 R /XYZ 180.552 662.516 null] >> endobj 4924 0 obj << /D [4915 0 R /XYZ 124.533 648.319 null] >> endobj 4925 0 obj << /D [4915 0 R /XYZ 129.514 630.386 null] >> endobj 4926 0 obj << /D [4915 0 R /XYZ 365.517 630.386 null] >> endobj 4927 0 obj << /D [4915 0 R /XYZ 433.551 630.386 null] >> endobj 4928 0 obj << /D [4915 0 R /XYZ 71.731 628.229 null] >> endobj 4929 0 obj << /D [4915 0 R /XYZ 129.514 612.453 null] >> endobj 4930 0 obj << /D [4915 0 R /XYZ 71.731 579.477 null] >> endobj 4931 0 obj << /D [4915 0 R /XYZ 71.731 579.477 null] >> endobj 4932 0 obj << /D [4915 0 R /XYZ 187.755 566.625 null] >> endobj 4933 0 obj << /D [4915 0 R /XYZ 71.731 532.309 null] >> endobj 4934 0 obj << /D [4915 0 R /XYZ 71.731 532.309 null] >> endobj 4935 0 obj << /D [4915 0 R /XYZ 190.535 520.797 null] >> endobj 4936 0 obj << /D [4915 0 R /XYZ 71.731 486.481 null] >> endobj 4937 0 obj << /D [4915 0 R /XYZ 71.731 486.481 null] >> endobj 4938 0 obj << /D [4915 0 R /XYZ 184.438 474.969 null] >> endobj 4939 0 obj << /D [4915 0 R /XYZ 71.731 441.993 null] >> endobj 4940 0 obj << /D [4915 0 R /XYZ 124.533 376.09 null] >> endobj 4941 0 obj << /D [4915 0 R /XYZ 129.514 358.157 null] >> endobj 4942 0 obj << /D [4915 0 R /XYZ 265.055 345.205 null] >> endobj 4943 0 obj << /D [4915 0 R /XYZ 324.96 345.205 null] >> endobj 4944 0 obj << /D [4915 0 R /XYZ 76.712 327.273 null] >> endobj 590 0 obj << /D [4915 0 R /XYZ 334.383 287.9 null] >> endobj 4945 0 obj << /D [4915 0 R /XYZ 71.731 264.783 null] >> endobj 4946 0 obj << /D [4915 0 R /XYZ 71.731 181.136 null] >> endobj 4947 0 obj << /D [4915 0 R /XYZ 71.731 145.27 null] >> endobj 4914 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4951 0 obj << /Length 412 /Filter /FlateDecode >> stream xڅM0z؆JM\ZI *d{bFG'զ\R#,8@PcF@Y_^vVݠ<ڗ~vUfΏg}1To+CG6&v@1 C !Oӥpu!gbCfF[WtF?wp͞ƀ@tv8T#vT6:llrsx[`A)eY^K-TfR!6ɄH,^ˢtÊx"er,HGt5V,nLs|y-\}ҪF?(_)WM׮j;PfƗ,Po! Q!܍1i*? endstream endobj 4950 0 obj << /Type /Page /Contents 4951 0 R /Resources 4949 0 R /MediaBox [0 0 593.051 789.041] /Parent 4948 0 R >> endobj 4952 0 obj << /D [4950 0 R /XYZ -1.269 814.22 null] >> endobj 4949 0 obj << /Font << /F33 939 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 4959 0 obj << /Length 1676 /Filter /FlateDecode >> stream xڭXɎ8+l ER$@,񭓃ڦm"dhIǗ|E$Ţ%XpB|~"lFB3f,(x!=բ\$svVֲLiݔ>'ve'LqfM0$L廴NoJ{2c0ly>*&r2J'xjKoX8B76qRɄmBb2i?}n[}`,_|;xۭDx2s!~ l Z1cFw'=nmp2X`6^wN ۳~~ț} 3p~1 G Lw!&s)Go5G$q拓YoZ&o P $ 5Ϡ}uMC Mzጃ8ҫS'l7υ%7pI9 +!^܎2݂7Q8 @˯b"6$DZ%օMIrwsԖQDn?hFOD)ԙ$ b,4f\X(prdևe],nLYn_lުzEaf &p:iڝQ'7Il\1 e_3;GOV&}HBs,JGhB X8M9R|[Vnrc3;$̫ۓˢe.^ S5tbWR|lь#+R_+b= iV*E˥7V6<~aVZ<0dp4?m] X  ^e箟Ǝ<+Dd\.!:߽cڹSˣ{U6U1U`|XE= *nZѽB5Q zn/B4I(#vZGWm6 Ù⮔h_?sW9UEi]6Um @:(p(Mijj?8|z7 ^8< R{Jy8)Eϩ,ezRÝ:FXxe/E RK=Z dL&A3H?jY."i-2y<}ڷ?Iഔ=~elU@ey<1mn3m!'|`gbs%p(Z9^䲜‰Uˌ0jpn +7*d evbڝTzȅX;5yz*bD)ϯ#@*>xtQLC֐c٦(U^:^ŪvuO1AHT8N o-e[/gfJъP,/kOc嚷O%B0?Jڋ.1媚,Z ɜM#%,Ԗ=h q nBkeۿ;#a(ޕ̺[P`#3 \1U:U kj;>jE;v556(fIO/]jAX:μpY7]^>VӇƀJIbր1_?# endstream endobj 4958 0 obj << /Type /Page /Contents 4959 0 R /Resources 4957 0 R /MediaBox [0 0 593.051 789.041] /Parent 4948 0 R /Annots [ 4953 0 R 4954 0 R 4955 0 R 4956 0 R ] >> endobj 4953 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [244.462 633.894 292.95 644.798] /A << /S /GoTo /D (0:CONFIGFILE) >> >> endobj 4954 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [442.935 633.894 489.76 644.798] /A << /S /GoTo /D (0:DATABASEFILE) >> >> endobj 4955 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [128.518 339.623 187.795 350.153] /A << /S /GoTo /D (0:DEFTRUST) >> >> endobj 4956 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [326.288 191.864 373.138 202.446] /A << /S /GoTo /D (0:SAMHAINADMIN) >> >> endobj 4960 0 obj << /D [4958 0 R /XYZ -1.269 814.22 null] >> endobj 1212 0 obj << /D [4958 0 R /XYZ 71.731 718.306 null] >> endobj 594 0 obj << /D [4958 0 R /XYZ 357.56 676.38 null] >> endobj 4961 0 obj << /D [4958 0 R /XYZ 71.731 645.402 null] >> endobj 4962 0 obj << /D [4958 0 R /XYZ 274.699 624.096 null] >> endobj 4963 0 obj << /D [4958 0 R /XYZ 316.482 624.096 null] >> endobj 4964 0 obj << /D [4958 0 R /XYZ 71.731 602.014 null] >> endobj 4965 0 obj << /D [4958 0 R /XYZ 71.731 602.014 null] >> endobj 4966 0 obj << /D [4958 0 R /XYZ 278.384 591.219 null] >> endobj 4967 0 obj << /D [4958 0 R /XYZ 71.731 569.271 null] >> endobj 4968 0 obj << /D [4958 0 R /XYZ 280.317 558.342 null] >> endobj 4969 0 obj << /D [4958 0 R /XYZ 362.917 558.342 null] >> endobj 4970 0 obj << /D [4958 0 R /XYZ 139.756 545.391 null] >> endobj 4971 0 obj << /D [4958 0 R /XYZ 71.731 523.309 null] >> endobj 4972 0 obj << /D [4958 0 R /XYZ 71.731 523.309 null] >> endobj 4973 0 obj << /D [4958 0 R /XYZ 71.731 490.567 null] >> endobj 4974 0 obj << /D [4958 0 R /XYZ 71.731 490.567 null] >> endobj 4975 0 obj << /D [4958 0 R /XYZ 71.731 489.321 null] >> endobj 4976 0 obj << /D [4958 0 R /XYZ 129.514 472.166 null] >> endobj 4977 0 obj << /D [4958 0 R /XYZ 222.585 472.166 null] >> endobj 4978 0 obj << /D [4958 0 R /XYZ 192.607 446.263 null] >> endobj 4979 0 obj << /D [4958 0 R /XYZ 71.731 424.181 null] >> endobj 4980 0 obj << /D [4958 0 R /XYZ 129.514 400.434 null] >> endobj 4981 0 obj << /D [4958 0 R /XYZ 275.217 400.434 null] >> endobj 4982 0 obj << /D [4958 0 R /XYZ 124.533 373.286 null] >> endobj 4983 0 obj << /D [4958 0 R /XYZ 129.514 355.354 null] >> endobj 4984 0 obj << /D [4958 0 R /XYZ 285.577 355.354 null] >> endobj 4985 0 obj << /D [4958 0 R /XYZ 397.058 355.354 null] >> endobj 4986 0 obj << /D [4958 0 R /XYZ 71.731 340.619 null] >> endobj 4987 0 obj << /D [4958 0 R /XYZ 129.514 324.469 null] >> endobj 4988 0 obj << /D [4958 0 R /XYZ 147.497 324.469 null] >> endobj 4989 0 obj << /D [4958 0 R /XYZ 129.514 311.518 null] >> endobj 4990 0 obj << /D [4958 0 R /XYZ 71.731 311.398 null] >> endobj 4991 0 obj << /D [4958 0 R /XYZ 129.514 293.585 null] >> endobj 4992 0 obj << /D [4958 0 R /XYZ 312.726 293.585 null] >> endobj 4993 0 obj << /D [4958 0 R /XYZ 245.339 280.634 null] >> endobj 4994 0 obj << /D [4958 0 R /XYZ 71.731 278.477 null] >> endobj 4995 0 obj << /D [4958 0 R /XYZ 129.514 262.701 null] >> endobj 4996 0 obj << /D [4958 0 R /XYZ 389.746 262.701 null] >> endobj 4997 0 obj << /D [4958 0 R /XYZ 163.437 249.75 null] >> endobj 4998 0 obj << /D [4958 0 R /XYZ 410.001 249.75 null] >> endobj 4999 0 obj << /D [4958 0 R /XYZ 76.712 233.112 null] >> endobj 5000 0 obj << /D [4958 0 R /XYZ 71.731 218.168 null] >> endobj 5001 0 obj << /D [4958 0 R /XYZ 242.583 206.512 null] >> endobj 5002 0 obj << /D [4958 0 R /XYZ 76.712 178.218 null] >> endobj 5003 0 obj << /D [4958 0 R /XYZ 71.731 48.817 null] >> endobj 4957 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F33 939 0 R /F60 1532 0 R /F11 2699 0 R /F50 1352 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5006 0 obj << /Length 2107 /Filter /FlateDecode >> stream xڭX[6~_!el`DԽ,03nM'.vQh,FTIdYIӢ/%sswv>[z$䡳: gyw֙>ZQ/]EL2d+"2 "mҋ1_<2rW̬J`*27i>`!s ?({>:a!#^8 |gs8Sx#I9pg?͜ hL8<#e=ÁOOǜ0$'Uj|嵸[?vb0i#. q=Fmq/ P5 F Y2{z2@AjnQn6{W43Bl ZlAȐؤGPcNxOh ϲi{v}k;MYNGRFRYyB,=z a*Sn 4RM%;V.StQgćH@Ǧ1.d<}B`sV٢E_@= 5!e/hse\1ϑڙųs|EU0N_̧}Zd3E [Y_&Շ(fȯ @R|YenG"A:K[׏7j (+'E1qCAbdtqH^K!,َ)oc M-S&!ND P)*gTX]qv3X <;LP0NG7}z|T ]l|HLG#6Ƕ3⾏e.j33M[YL*zW6޼LQfk"!UaP ? sMB)FѤfZU(A0q[dVYg~%a~RU~Vh21PCS4ʿ [@SG3XNNaP~40P=Nq[^(`a,ԷڌV{xw7#C'72:qbWQʓ޶ =N"֧mWhɚTLJc [0s&̎N ipwJn"d(#WF k`yko}NGKAûx?uQuP}`,z&.s,~_P;(5DFߎ\A0N3m k'[hz[𜾿i͠Rͭz6湗}dz^w<{DٵtjHAkD/Z4E\ۏ;Hd{:xE̗ehK:58mOϺ6FӶ]9̶m2LJw žJzTɭx endstream endobj 5005 0 obj << /Type /Page /Contents 5006 0 R /Resources 5004 0 R /MediaBox [0 0 593.051 789.041] /Parent 4948 0 R >> endobj 5007 0 obj << /D [5005 0 R /XYZ -1.269 814.22 null] >> endobj 5008 0 obj << /D [5005 0 R /XYZ 166.376 672.792 null] >> endobj 5009 0 obj << /D [5005 0 R /XYZ 267.551 661.315 null] >> endobj 5010 0 obj << /D [5005 0 R /XYZ 254.792 638.003 null] >> endobj 5011 0 obj << /D [5005 0 R /XYZ 322.29 626.346 null] >> endobj 5012 0 obj << /D [5005 0 R /XYZ 166.376 592.77 null] >> endobj 5013 0 obj << /D [5005 0 R /XYZ 247.879 571.452 null] >> endobj 5014 0 obj << /D [5005 0 R /XYZ 459.593 478.267 null] >> endobj 5015 0 obj << /D [5005 0 R /XYZ 265.931 465.316 null] >> endobj 5016 0 obj << /D [5005 0 R /XYZ 332.252 465.316 null] >> endobj 5017 0 obj << /D [5005 0 R /XYZ 119.552 452.365 null] >> endobj 5018 0 obj << /D [5005 0 R /XYZ 71.731 430.282 null] >> endobj 5019 0 obj << /D [5005 0 R /XYZ 71.731 430.282 null] >> endobj 5020 0 obj << /D [5005 0 R /XYZ 201.593 419.488 null] >> endobj 5021 0 obj << /D [5005 0 R /XYZ 289.432 419.488 null] >> endobj 5022 0 obj << /D [5005 0 R /XYZ 71.731 399.383 null] >> endobj 5023 0 obj << /D [5005 0 R /XYZ 71.731 399.383 null] >> endobj 5024 0 obj << /D [5005 0 R /XYZ 71.731 364.529 null] >> endobj 5025 0 obj << /D [5005 0 R /XYZ 71.731 364.529 null] >> endobj 5026 0 obj << /D [5005 0 R /XYZ 327.928 353.734 null] >> endobj 5027 0 obj << /D [5005 0 R /XYZ 431.327 353.734 null] >> endobj 5028 0 obj << /D [5005 0 R /XYZ 119.552 340.783 null] >> endobj 5029 0 obj << /D [5005 0 R /XYZ 280.235 340.783 null] >> endobj 5030 0 obj << /D [5005 0 R /XYZ 71.731 318.701 null] >> endobj 5031 0 obj << /D [5005 0 R /XYZ 71.731 318.701 null] >> endobj 5032 0 obj << /D [5005 0 R /XYZ 160.219 307.906 null] >> endobj 5033 0 obj << /D [5005 0 R /XYZ 71.731 294.835 null] >> endobj 5034 0 obj << /D [5005 0 R /XYZ 166.376 244.34 null] >> endobj 5035 0 obj << /D [5005 0 R /XYZ 239.819 209.55 null] >> endobj 5036 0 obj << /D [5005 0 R /XYZ 347.414 209.55 null] >> endobj 5037 0 obj << /D [5005 0 R /XYZ 71.731 169.855 null] >> endobj 5038 0 obj << /D [5005 0 R /XYZ 334.123 163.1 null] >> endobj 5039 0 obj << /D [5005 0 R /XYZ 71.731 128.067 null] >> endobj 5040 0 obj << /D [5005 0 R /XYZ 71.731 128.067 null] >> endobj 5041 0 obj << /D [5005 0 R /XYZ 71.731 115.25 null] >> endobj 5004 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F50 1352 0 R /F74 1821 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5044 0 obj << /Length 1778 /Filter /FlateDecode >> stream xڵXKo8W%=i\dEzOm-"K$' v g(KڸKHS$g8x=o0 |`z|w[t13WqTI~G?Ԫ:#/V?nH&1ͯ+k&U?LR ]|z؝ ߉Hٷy_%a474Q\3žH /̧QY(B9I梇$Mx4KY4az:ѮF.KDB-z/~deIh@B6%^YU#869[xO@x(a $B7݇șaŴy"'D@̳@cI1/b `e\c=żiX;Odye92@X-gŚ=Dqڨd謷rhK;l%ES܏\He b(l山9MI7_nn›;^l3bN}o4Q4٩ $D )2qB+f</̃kfOi:f5^E KW|6p>h#np5sSqzb`9ԝ%.++4nBWP3Ng_5JC<)oZj澭-HE`RapE7bP\fž&_L@ui^Ne1Y&"H҆!U2 {A+ְԍX~Kۚkبb+K*ժ ƅɽ*&iFv{"*WgkJfAg0~ /8QHA>a`H 9f6*; 6L6"d^@5<[Dً\SHa\gp"3kK&+VIY.u5s+0֙%>Pմ` "6#(Qb]6Tt @ 4in,[]AŪ>p;t+ڱaE\ZBq}Y)iSu,8V~͎)YI WE/R xZ1tֺ8<_x =Hӭ.ҨF~yH+Q72gOi("WOI\B鑐ܡ.VV6HUOhMF\yuఌBxl$ܺ9Ѵ~Ar' ['ۼe~(VZh:N&sq+?mu9^>n2j{z7tI ˕*JK*T6+ӵF<FXtԝٯcb#D'ޠzRyPtvRA kBV"†b^SRPz {nhZ+/tchG㜆ǀ?^7}0Ǐ/?G}6JGA[ue 'f%3x&%͏ƩqfkjQOc'a]w`5)N .l;wO燊Po@g:9{_foY\=tL5_ωt<^9ӝ*Sc~UL YBbm:>=߷ S1Feb:t4J^ &IH9mY\'! endstream endobj 5043 0 obj << /Type /Page /Contents 5044 0 R /Resources 5042 0 R /MediaBox [0 0 593.051 789.041] /Parent 4948 0 R >> endobj 5045 0 obj << /D [5043 0 R /XYZ -1.269 814.22 null] >> endobj 5046 0 obj << /D [5043 0 R /XYZ 71.731 718.306 null] >> endobj 5047 0 obj << /D [5043 0 R /XYZ 164.878 708.344 null] >> endobj 5048 0 obj << /D [5043 0 R /XYZ 423.285 696.687 null] >> endobj 5049 0 obj << /D [5043 0 R /XYZ 71.731 635.517 null] >> endobj 5050 0 obj << /D [5043 0 R /XYZ 71.731 635.517 null] >> endobj 5051 0 obj << /D [5043 0 R /XYZ 327.908 622.565 null] >> endobj 5052 0 obj << /D [5043 0 R /XYZ 71.731 609.494 null] >> endobj 5053 0 obj << /D [5043 0 R /XYZ 71.731 594.551 null] >> endobj 5054 0 obj << /D [5043 0 R /XYZ 158.405 583.014 null] >> endobj 5055 0 obj << /D [5043 0 R /XYZ 71.731 555.118 null] >> endobj 5056 0 obj << /D [5043 0 R /XYZ 71.731 555.118 null] >> endobj 5057 0 obj << /D [5043 0 R /XYZ 149.141 543.462 null] >> endobj 5058 0 obj << /D [5043 0 R /XYZ 71.731 542.369 null] >> endobj 5059 0 obj << /D [5043 0 R /XYZ 149.141 531.806 null] >> endobj 5060 0 obj << /D [5043 0 R /XYZ 71.731 530.745 null] >> endobj 5061 0 obj << /D [5043 0 R /XYZ 149.141 520.149 null] >> endobj 5062 0 obj << /D [5043 0 R /XYZ 71.731 519.088 null] >> endobj 5063 0 obj << /D [5043 0 R /XYZ 149.141 508.493 null] >> endobj 5064 0 obj << /D [5043 0 R /XYZ 71.731 507.432 null] >> endobj 5065 0 obj << /D [5043 0 R /XYZ 149.141 496.837 null] >> endobj 5066 0 obj << /D [5043 0 R /XYZ 71.731 495.776 null] >> endobj 5067 0 obj << /D [5043 0 R /XYZ 149.141 485.181 null] >> endobj 5068 0 obj << /D [5043 0 R /XYZ 71.731 484.087 null] >> endobj 5069 0 obj << /D [5043 0 R /XYZ 149.141 473.524 null] >> endobj 5070 0 obj << /D [5043 0 R /XYZ 71.731 452.506 null] >> endobj 5071 0 obj << /D [5043 0 R /XYZ 71.731 452.506 null] >> endobj 5072 0 obj << /D [5043 0 R /XYZ 459.135 440.648 null] >> endobj 5073 0 obj << /D [5043 0 R /XYZ 322.429 414.745 null] >> endobj 1213 0 obj << /D [5043 0 R /XYZ 71.731 386.685 null] >> endobj 598 0 obj << /D [5043 0 R /XYZ 312.83 343.588 null] >> endobj 5074 0 obj << /D [5043 0 R /XYZ 71.731 320.099 null] >> endobj 5075 0 obj << /D [5043 0 R /XYZ 197.299 310.711 null] >> endobj 5076 0 obj << /D [5043 0 R /XYZ 438.732 310.711 null] >> endobj 5077 0 obj << /D [5043 0 R /XYZ 360.555 284.808 null] >> endobj 5078 0 obj << /D [5043 0 R /XYZ 71.731 272.689 null] >> endobj 5079 0 obj << /D [5043 0 R /XYZ 71.731 272.689 null] >> endobj 5080 0 obj << /D [5043 0 R /XYZ 149.141 263.189 null] >> endobj 5042 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F51 1354 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5083 0 obj << /Length 760 /Filter /FlateDecode >> stream xڭV]o }ϯä8L;ڥmڨ{H@cXul H?Lj/-/.p9Iz' 8p汃}0 `L3{d|a1(JeZ4AH\FeB[o0u*Mri@Vn_wTۈiο;<#+!8H F+zEӜF4B@[R7l]<0O(a.(n9V.>}mA@@-3FdOR;gƼ0Ӽ7@>h|Ŷ}f*> endobj 5084 0 obj << /D [5082 0 R /XYZ -1.269 814.22 null] >> endobj 5081 0 obj << /Font << /F33 939 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5087 0 obj << /Length 1804 /Filter /FlateDecode >> stream xڽXٮ6}WFh !-K8@h+KHߡf4@ѾXL g9sfFq7/9 7%Qi{$Moo*XxshlSקsPXϞsK@iRAzJ҈F & 6ߧxܫ[VUT|^>Z⾪w4>*y.٥`J1o]U|g Q{mmHV;/~?5 EpWV44&^!uEVWRpˇ+(Wi܊Დ`R_8Gۺѡ42UALo'CꅁcGĔx)/EO.9;UɿJ8Fٳ aq4K#ޔ>`5Mmt s UmX7e7*4j8eԴeY=T>q$/\1AګZw .oj;T2o*# dFy|t(,1uxd(q5<`MIyWD&WQË _g`x rC٪WxD0 /hv$(#M{ O-eˑ繅T-b4CO̘Ir[LaX}iO@8J{nh7ng ؈5=xy]*0ZXWVU:ϝEĦ_+I[6<'Lfk +[r Kbuu\-)%7gQ^y€ՎgC!bo#::MQcM+ , TBx "1s# I&,!"ϸx *ü'|7|Ճv1]3~\oV'p킡DяA"dZzwSYz`eؔN AAƲ#?g(!F,u|aF&)u8py'LxGe}dv_N0'h 6]ד~,myQʵqH!s`26T2k{z;8YA{Lͮ=c0h_rKx`WebTS[_ւ:%^ѻE vY#>,o{_/J -DnªЪD7vݔg#,25OF"{ΉĆiܿ]#+};Vp6Ԁ#Gۢ1d'Iw6Ä9a%)x٬ÃkZCBHӊ3]Ĺv,S|ʞ7NZw7o Sjʲ-6lm.L,i;!8JmhγÓ>A endstream endobj 5086 0 obj << /Type /Page /Contents 5087 0 R /Resources 5085 0 R /MediaBox [0 0 593.051 789.041] /Parent 5128 0 R >> endobj 5088 0 obj << /D [5086 0 R /XYZ -1.269 814.22 null] >> endobj 1214 0 obj << /D [5086 0 R /XYZ 71.731 718.306 null] >> endobj 602 0 obj << /D [5086 0 R /XYZ 472.151 703.236 null] >> endobj 5089 0 obj << /D [5086 0 R /XYZ 71.731 672.579 null] >> endobj 5090 0 obj << /D [5086 0 R /XYZ 252.392 663.903 null] >> endobj 5091 0 obj << /D [5086 0 R /XYZ 218.144 650.952 null] >> endobj 1215 0 obj << /D [5086 0 R /XYZ 71.731 648.795 null] >> endobj 606 0 obj << /D [5086 0 R /XYZ 282.566 605.698 null] >> endobj 5092 0 obj << /D [5086 0 R /XYZ 71.731 581.942 null] >> endobj 5093 0 obj << /D [5086 0 R /XYZ 71.731 581.942 null] >> endobj 5094 0 obj << /D [5086 0 R /XYZ 71.731 524.836 null] >> endobj 5095 0 obj << /D [5086 0 R /XYZ 71.731 524.836 null] >> endobj 5096 0 obj << /D [5086 0 R /XYZ 191.082 514.041 null] >> endobj 5097 0 obj << /D [5086 0 R /XYZ 71.731 491.959 null] >> endobj 5098 0 obj << /D [5086 0 R /XYZ 71.731 491.959 null] >> endobj 5099 0 obj << /D [5086 0 R /XYZ 71.731 490.714 null] >> endobj 5100 0 obj << /D [5086 0 R /XYZ 137.484 473.693 null] >> endobj 5101 0 obj << /D [5086 0 R /XYZ 424.176 473.693 null] >> endobj 5102 0 obj << /D [5086 0 R /XYZ 285.259 460.741 null] >> endobj 5103 0 obj << /D [5086 0 R /XYZ 71.731 458.585 null] >> endobj 5104 0 obj << /D [5086 0 R /XYZ 137.484 442.809 null] >> endobj 5105 0 obj << /D [5086 0 R /XYZ 402.568 442.809 null] >> endobj 5106 0 obj << /D [5086 0 R /XYZ 242.111 429.857 null] >> endobj 5107 0 obj << /D [5086 0 R /XYZ 71.731 401.797 null] >> endobj 5108 0 obj << /D [5086 0 R /XYZ 71.731 386.853 null] >> endobj 5109 0 obj << /D [5086 0 R /XYZ 194.772 377.354 null] >> endobj 5110 0 obj << /D [5086 0 R /XYZ 124.533 336.507 null] >> endobj 5111 0 obj << /D [5086 0 R /XYZ 137.484 318.574 null] >> endobj 5112 0 obj << /D [5086 0 R /XYZ 396.759 318.574 null] >> endobj 5113 0 obj << /D [5086 0 R /XYZ 71.731 303.466 null] >> endobj 5114 0 obj << /D [5086 0 R /XYZ 137.484 287.69 null] >> endobj 5115 0 obj << /D [5086 0 R /XYZ 173.728 261.787 null] >> endobj 5116 0 obj << /D [5086 0 R /XYZ 289.712 261.787 null] >> endobj 5117 0 obj << /D [5086 0 R /XYZ 416.695 261.787 null] >> endobj 5118 0 obj << /D [5086 0 R /XYZ 137.484 248.836 null] >> endobj 5119 0 obj << /D [5086 0 R /XYZ 71.731 247.621 null] >> endobj 5120 0 obj << /D [5086 0 R /XYZ 71.731 232.677 null] >> endobj 5121 0 obj << /D [5086 0 R /XYZ 176.337 222.236 null] >> endobj 5122 0 obj << /D [5086 0 R /XYZ 71.731 184.378 null] >> endobj 5123 0 obj << /D [5086 0 R /XYZ 137.484 158.475 null] >> endobj 5124 0 obj << /D [5086 0 R /XYZ 71.731 156.318 null] >> endobj 5125 0 obj << /D [5086 0 R /XYZ 71.731 141.374 null] >> endobj 5126 0 obj << /D [5086 0 R /XYZ 190.289 131.875 null] >> endobj 5127 0 obj << /D [5086 0 R /XYZ 343.674 131.875 null] >> endobj 5085 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F33 939 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5131 0 obj << /Length 2015 /Filter /FlateDecode >> stream xڥX]6}ϯ[e%JyHۤb)Zⵉ+K%CqH}Xٺ%̜9s8d;9:]N&.bdݥ%c^OY)K˦yO'x?}z3_?RU~lfܧQBhSF03}_T * 3;k]2X"yNX`qF}ET08Vy shB4SBFqiOoYnԕW_?=kORi( t燔,4>,pe)p&xw3Y" ^U7I릨~{߈:F"+dG);=].-0O-WH?7g|$y+, EQA [_83yk"5JZ8O>A?TsEhE)+pzXv0'`oo1ꚯWj`uUfhKl@ #!lIwrګ`pKl`Y ݶ`x't,k8[4-bQDR>XnUx1~8#I>XnJf,d J(mBs ]Ub&e/30qC6-?G$ezG/}\ס]f$% *-T:uB= p}?l04 I*щ@'d7AhO淸=e$6$orkw;b-O[b E) <$ؐL1TyU9d!$ڇ3s^̀f>i@Ba~݇Ӥrmytq"t#K(P#CbĠRf0;CM$:n@azq$Ā9E7Pقa)D,l9K\#҄6Ќtƚ=`~S]ϘotABXMݦ1TȒԄ9l7$ЌgR`I0 ?n)sXW\xL8{ I|Ĥ[f%.ݣ^cXE؋ނ[vTe|Rm%ȧ*(Th1@\ nW'õluJ< ^+e\]N PPqmowD_Mui9zѭG.9 Ť8%#:t4آ,ˀ)ovn[Q[wlXQ,ka#zF$> rlh^a V`% }?g' p@2lJ.MFϞ$܉YK~8}T`(m@oTnjAs8: 6M-Yzj$ V2UfaMsVnBNVtԹ{|]l]6ƔIx G.Zd;^(Pl`E$}3lX; 1;hH:43{ei9c+o7..,Qn4q}rwGdu;trl 5"L"6(2_`iJ`kϡй@| u[EON0{ ^9oqH endstream endobj 5130 0 obj << /Type /Page /Contents 5131 0 R /Resources 5129 0 R /MediaBox [0 0 593.051 789.041] /Parent 5128 0 R >> endobj 5132 0 obj << /D [5130 0 R /XYZ -1.269 814.22 null] >> endobj 5133 0 obj << /D [5130 0 R /XYZ 71.731 670.486 null] >> endobj 5134 0 obj << /D [5130 0 R /XYZ 71.731 670.486 null] >> endobj 5135 0 obj << /D [5130 0 R /XYZ 219.117 657.534 null] >> endobj 5136 0 obj << /D [5130 0 R /XYZ 285.737 657.534 null] >> endobj 5137 0 obj << /D [5130 0 R /XYZ 71.731 622.501 null] >> endobj 5138 0 obj << /D [5130 0 R /XYZ 71.731 622.501 null] >> endobj 5139 0 obj << /D [5130 0 R /XYZ 341.557 598.755 null] >> endobj 5140 0 obj << /D [5130 0 R /XYZ 71.731 550.77 null] >> endobj 5141 0 obj << /D [5130 0 R /XYZ 71.731 550.77 null] >> endobj 5142 0 obj << /D [5130 0 R /XYZ 215.441 539.975 null] >> endobj 5143 0 obj << /D [5130 0 R /XYZ 387.425 539.975 null] >> endobj 5144 0 obj << /D [5130 0 R /XYZ 433.92 539.975 null] >> endobj 5145 0 obj << /D [5130 0 R /XYZ 119.552 527.024 null] >> endobj 5146 0 obj << /D [5130 0 R /XYZ 460.847 527.024 null] >> endobj 5147 0 obj << /D [5130 0 R /XYZ 490.177 527.024 null] >> endobj 5148 0 obj << /D [5130 0 R /XYZ 175.721 514.072 null] >> endobj 5149 0 obj << /D [5130 0 R /XYZ 185.125 501.121 null] >> endobj 5150 0 obj << /D [5130 0 R /XYZ 353.273 501.121 null] >> endobj 5151 0 obj << /D [5130 0 R /XYZ 438.213 501.121 null] >> endobj 5152 0 obj << /D [5130 0 R /XYZ 71.731 488.07 null] >> endobj 5153 0 obj << /D [5130 0 R /XYZ 71.731 473.126 null] >> endobj 5154 0 obj << /D [5130 0 R /XYZ 345.306 449.913 null] >> endobj 5155 0 obj << /D [5130 0 R /XYZ 391.801 449.913 null] >> endobj 5156 0 obj << /D [5130 0 R /XYZ 267.703 438.257 null] >> endobj 5157 0 obj << /D [5130 0 R /XYZ 76.712 408.668 null] >> endobj 610 0 obj << /D [5130 0 R /XYZ 153.609 350.645 null] >> endobj 5158 0 obj << /D [5130 0 R /XYZ 71.731 347.676 null] >> endobj 5159 0 obj << /D [5130 0 R /XYZ 71.731 332.732 null] >> endobj 5160 0 obj << /D [5130 0 R /XYZ 76.712 295.751 null] >> endobj 5161 0 obj << /D [5130 0 R /XYZ 71.731 275.826 null] >> endobj 5162 0 obj << /D [5130 0 R /XYZ 71.731 191.342 null] >> endobj 5163 0 obj << /D [5130 0 R /XYZ 211.416 178.391 null] >> endobj 5164 0 obj << /D [5130 0 R /XYZ 379.504 165.44 null] >> endobj 5165 0 obj << /D [5130 0 R /XYZ 251.148 152.488 null] >> endobj 5166 0 obj << /D [5130 0 R /XYZ 71.731 130.406 null] >> endobj 5167 0 obj << /D [5130 0 R /XYZ 119.552 106.66 null] >> endobj 5168 0 obj << /D [5130 0 R /XYZ 278.485 106.66 null] >> endobj 5129 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5171 0 obj << /Length 2004 /Filter /FlateDecode >> stream xڵYY#~_,+d70 bNqSݔDLr;ֿO,53N۔b]_}U%}|8 #YB4Ar <?w]We=) 릖~d:O'nW=遢~Pf< OASY=*Vq7?|ꨠ綩VySD) -~܌0!DguRt,sjU:yy0ax~&8(8\qP&e$y)I-Nwv w ~!5:O!n}ՅZ\5PZ*6S ĪXa=4H82ŜpoNf#iHX#qk=`{>ň6U -{UGZ%c u9쯠¹ pyduYC(kce:t=(![ 'tUigAl#"",?%v3ZBճet &RʃvMA9^|*ͩi1|*[ȧs9SQ3g 6$q>}`81GWS ℄1[yz ^dXoe1͢&"օ\`=gk$t'8,foxpѣK⫕V5/u7Ri0 <Ѳ >Yɓ &0E|rY_l AWFs6x<㖻ɮ{I\hk&vޠZU3;ѯPY7.s {]Dq ;Ӟ;iHv5+Yïևө~tD=B}JBۦT#g& ~Uy˵}Op^EX`;!twh>YH4G~y{9u>>up}F,oJj6" mtL wr֖jTH]vf~[Y%,}1sg8 D4 J<YxdhGgɱ*o;1 a@;]|m~i#^!%>vH?>`F&0 3ܴ2Wn(4#Y ݐbEH͛1wЩE-Pg\` W2V*>8#Qyb8-fqKWY_ d \U-*;`&*P˃\m_N6lpN TLĄ_&⌈o\@ޠ76MCV]<ƴTmfwڊ t]]aBfiGCCWU[}4'JU͇qփʼt ɧiU ~kh-Ӹ3%yf7-C;w ,Z:Y ߽7SvUXq}"pJ%fJn Aw#xS}/PaX0IH4pzUJ6#(fwcgvi9c^;{,ǡL `wkix!F }ktX +\6lOu֢+$6)eZ&+q endstream endobj 5170 0 obj << /Type /Page /Contents 5171 0 R /Resources 5169 0 R /MediaBox [0 0 593.051 789.041] /Parent 5128 0 R >> endobj 5172 0 obj << /D [5170 0 R /XYZ -1.269 814.22 null] >> endobj 5173 0 obj << /D [5170 0 R /XYZ 71.731 741.22 null] >> endobj 5174 0 obj << /D [5170 0 R /XYZ 318.992 708.344 null] >> endobj 5175 0 obj << /D [5170 0 R /XYZ 147.507 695.392 null] >> endobj 5176 0 obj << /D [5170 0 R /XYZ 352.216 695.392 null] >> endobj 5177 0 obj << /D [5170 0 R /XYZ 182.087 682.441 null] >> endobj 5178 0 obj << /D [5170 0 R /XYZ 378.906 669.489 null] >> endobj 5179 0 obj << /D [5170 0 R /XYZ 71.731 634.456 null] >> endobj 5180 0 obj << /D [5170 0 R /XYZ 286.913 623.661 null] >> endobj 5181 0 obj << /D [5170 0 R /XYZ 232.158 610.71 null] >> endobj 5182 0 obj << /D [5170 0 R /XYZ 119.552 584.807 null] >> endobj 5183 0 obj << /D [5170 0 R /XYZ 71.731 563.602 null] >> endobj 5184 0 obj << /D [5170 0 R /XYZ 119.552 538.979 null] >> endobj 5185 0 obj << /D [5170 0 R /XYZ 71.731 500.956 null] >> endobj 5186 0 obj << /D [5170 0 R /XYZ 130.311 491.457 null] >> endobj 5187 0 obj << /D [5170 0 R /XYZ 149.679 491.457 null] >> endobj 5188 0 obj << /D [5170 0 R /XYZ 130.311 479.801 null] >> endobj 5189 0 obj << /D [5170 0 R /XYZ 149.679 479.801 null] >> endobj 5190 0 obj << /D [5170 0 R /XYZ 130.311 468.144 null] >> endobj 5191 0 obj << /D [5170 0 R /XYZ 149.679 468.144 null] >> endobj 5192 0 obj << /D [5170 0 R /XYZ 130.311 456.488 null] >> endobj 5193 0 obj << /D [5170 0 R /XYZ 149.679 456.488 null] >> endobj 5194 0 obj << /D [5170 0 R /XYZ 130.311 444.832 null] >> endobj 5195 0 obj << /D [5170 0 R /XYZ 149.679 444.832 null] >> endobj 5196 0 obj << /D [5170 0 R /XYZ 130.311 433.176 null] >> endobj 5197 0 obj << /D [5170 0 R /XYZ 149.679 433.176 null] >> endobj 5198 0 obj << /D [5170 0 R /XYZ 130.311 421.519 null] >> endobj 5199 0 obj << /D [5170 0 R /XYZ 149.679 421.519 null] >> endobj 5200 0 obj << /D [5170 0 R /XYZ 71.731 409.863 null] >> endobj 5201 0 obj << /D [5170 0 R /XYZ 166.376 354.386 null] >> endobj 5202 0 obj << /D [5170 0 R /XYZ 277.002 342.909 null] >> endobj 5203 0 obj << /D [5170 0 R /XYZ 166.376 331.253 null] >> endobj 5204 0 obj << /D [5170 0 R /XYZ 270.151 319.597 null] >> endobj 5205 0 obj << /D [5170 0 R /XYZ 396.526 319.597 null] >> endobj 5206 0 obj << /D [5170 0 R /XYZ 166.376 307.94 null] >> endobj 5207 0 obj << /D [5170 0 R /XYZ 71.731 288.063 null] >> endobj 5208 0 obj << /D [5170 0 R /XYZ 166.376 232.586 null] >> endobj 5209 0 obj << /D [5170 0 R /XYZ 315.781 221.109 null] >> endobj 5210 0 obj << /D [5170 0 R /XYZ 239.765 186.14 null] >> endobj 5211 0 obj << /D [5170 0 R /XYZ 71.731 166.262 null] >> endobj 5169 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F51 1354 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5214 0 obj << /Length 1860 /Filter /FlateDecode >> stream xڵXێ6}߯[l`͐K>4E٢JZD}7YC$$g9#.ѻ7W/qT"itbP()n~EQ7rׯk%y~fl#x?t8~4sw{+-HDREIQLl1g,"(ꗕ]!"r PˆKK<-2/Y xmGXvPT,CAH?a؅Scd%i՚^˿u%VL1/nU54^kwg渥x򶑢q+%|#;JeBw4?ZY/ 4LP&Fjo>պѕAZr)~vn|܂YSXlynkyԉEuϽ^`'NxpS"l! #|u⟡ǤQX~9H;0$!q3;]/3Ռ%s/S Y\uӸ)U7}]y&:Qk5xA1?&v1-jo_x\EaGGg"zV~+/9jqbcH&԰mB/gԲS΃i3NN,{qr L(ܕP MŸ ' 6q1ؘ:iϥ_} 7çE[ZbU=z MH9 |}PwiO>`C 5 ?v.1NLc2ЀSTT*i@^́8;Bmע±8Y{C|h( l^<9 h0PcP^}Pt襘Q,mV:c=``P;J!RLfW>&c>v:3zܡU1$?e9"&-0` i;1Y0⁻ORt7v?3{E( RZBPu=Hކsx'㿼=GljfK6nYD!dxA>{踝c@ kLG+Ul+@ù)yBJnV3wMZKpɣwPHCQuok)߆SRnx k4`ooΐDr^|vmYcL@4.@\žH~:Q%W/˜ V1s{8=v:^B_1t~Ϛ,kR$<5-7X虨OF7MP-% B s$0o.QVK񲐭2|2\Mpfb2Bd(GU}k&E[ ~аwaE]^6PsNJ{,)/ahLɲ{8.ciU|\nr{. /֋P3JC|{acaoދyG>M-Dx|dN~ajԎ>ކ: ʳiRFǐBUdYe 0{ _PYv?蒟Q ,#"C=\mI(<0q>&> endobj 5215 0 obj << /D [5213 0 R /XYZ -1.269 814.22 null] >> endobj 5216 0 obj << /D [5213 0 R /XYZ 166.376 672.792 null] >> endobj 5217 0 obj << /D [5213 0 R /XYZ 207.244 661.315 null] >> endobj 5218 0 obj << /D [5213 0 R /XYZ 241.54 638.003 null] >> endobj 5219 0 obj << /D [5213 0 R /XYZ 166.376 626.346 null] >> endobj 5220 0 obj << /D [5213 0 R /XYZ 353.906 626.346 null] >> endobj 5221 0 obj << /D [5213 0 R /XYZ 315.879 614.69 null] >> endobj 5222 0 obj << /D [5213 0 R /XYZ 283.924 603.034 null] >> endobj 5223 0 obj << /D [5213 0 R /XYZ 166.376 537.464 null] >> endobj 5224 0 obj << /D [5213 0 R /XYZ 166.376 462.124 null] >> endobj 5225 0 obj << /D [5213 0 R /XYZ 370.224 438.915 null] >> endobj 5226 0 obj << /D [5213 0 R /XYZ 289.59 427.258 null] >> endobj 5227 0 obj << /D [5213 0 R /XYZ 71.731 419.037 null] >> endobj 5228 0 obj << /D [5213 0 R /XYZ 71.731 399.111 null] >> endobj 5229 0 obj << /D [5213 0 R /XYZ 139.477 380.86 null] >> endobj 5230 0 obj << /D [5213 0 R /XYZ 76.712 352.566 null] >> endobj 5231 0 obj << /D [5213 0 R /XYZ 71.731 332.641 null] >> endobj 5232 0 obj << /D [5213 0 R /XYZ 471.39 320.985 null] >> endobj 1216 0 obj << /D [5213 0 R /XYZ 71.731 259.814 null] >> endobj 614 0 obj << /D [5213 0 R /XYZ 294.169 214.56 null] >> endobj 5233 0 obj << /D [5213 0 R /XYZ 71.731 190.804 null] >> endobj 5234 0 obj << /D [5213 0 R /XYZ 380.441 181.683 null] >> endobj 5235 0 obj << /D [5213 0 R /XYZ 320.377 142.829 null] >> endobj 5236 0 obj << /D [5213 0 R /XYZ 71.731 120.747 null] >> endobj 5237 0 obj << /D [5213 0 R /XYZ 71.731 120.747 null] >> endobj 5212 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F50 1352 0 R /F55 1479 0 R /F31 938 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5240 0 obj << /Length 964 /Filter /FlateDecode >> stream xڝVK6Q4I=}lB"=9mDH@Rpߗ2 eŵ(!L|xpxeK\&K3TuSȨ=G`-Lp"DOrU)U1곦7"#JkAk/n;T?(sB89"CGWuzec#i5ZMQH"]u➺JԽS{R?zq_s#B #9h0=>ܡ:}ʵr̜:l㧑2r-NLjS8a:a@#P]kwAfYKtYPp dLF S`Yj LJ~cTP^")A^k- kX;L ,u|T|གྷJ> Jli+Ka2 mFCp^5l~O2ښ6lT8S\.) ܫʾ1ڰs!W;#mȖ48\B\+r;l1*LtlAף͖K ~eܯZ`7PXbқ#NOiU9L cG| )(F6Ѳy F-f8;7+Ζ W)}=Np1'/߆ X_fmͅ%%mbw endstream endobj 5239 0 obj << /Type /Page /Contents 5240 0 R /Resources 5238 0 R /MediaBox [0 0 593.051 789.041] /Parent 5128 0 R >> endobj 5241 0 obj << /D [5239 0 R /XYZ -1.269 814.22 null] >> endobj 5242 0 obj << /D [5239 0 R /XYZ 71.731 718.306 null] >> endobj 5243 0 obj << /D [5239 0 R /XYZ 177.634 708.344 null] >> endobj 5244 0 obj << /D [5239 0 R /XYZ 352.346 695.392 null] >> endobj 5245 0 obj << /D [5239 0 R /XYZ 186.968 682.441 null] >> endobj 5246 0 obj << /D [5239 0 R /XYZ 71.731 636.513 null] >> endobj 5247 0 obj << /D [5239 0 R /XYZ 146.67 610.71 null] >> endobj 5248 0 obj << /D [5239 0 R /XYZ 71.731 575.676 null] >> endobj 5249 0 obj << /D [5239 0 R /XYZ 177.663 564.882 null] >> endobj 5250 0 obj << /D [5239 0 R /XYZ 160.478 551.93 null] >> endobj 5251 0 obj << /D [5239 0 R /XYZ 71.731 503.945 null] >> endobj 5238 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5255 0 obj << /Length 1764 /Filter /FlateDecode >> stream xڝXI4ϯȁCR$j/q*jf8( IT8ydqP,[}rzZx}z},Y.4$i &Q|X7%]f0 f-v[e\[̺l?N? ”Daת.mQrC-Gs=(XP+oRxZ>%YvqD45$K2 ּɫ`QsAqzMs^qE1%Mg+qS^q szs5faD vk{+,WzBV3ouGgd=M/LuLPśrkaVs`3 UTG;m 0. ^7ώMsPK1P/`狧qgt 0ݕ+r֜|B``>"|мr'< ,eVX/\Ým\`ZCiӻshG'i` 97yM DۙGuo#"ޑ;͔ћ 4[_p :A|p>Cn$@vqH,nnqQ`myiIfLՇó0N}J^Fq#0ם;l_G#G g=ngm7f1FF+`|)iPfGl,ч_;1Mޓ>̼$#K4 n:W$#JfkoFn ͑%H ]R#YɔҐQfp<1Ovt0 o;3> endstream endobj 5254 0 obj << /Type /Page /Contents 5255 0 R /Resources 5253 0 R /MediaBox [0 0 593.051 789.041] /Parent 5128 0 R /Annots [ 5252 0 R ] >> endobj 5252 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [250.25 517.862 309.527 528.766] /A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> >> endobj 5256 0 obj << /D [5254 0 R /XYZ -1.269 814.22 null] >> endobj 1217 0 obj << /D [5254 0 R /XYZ 71.731 718.306 null] >> endobj 618 0 obj << /D [5254 0 R /XYZ 468.494 703.236 null] >> endobj 1218 0 obj << /D [5254 0 R /XYZ 71.731 692.504 null] >> endobj 622 0 obj << /D [5254 0 R /XYZ 399.509 651.526 null] >> endobj 5257 0 obj << /D [5254 0 R /XYZ 71.731 628.037 null] >> endobj 5258 0 obj << /D [5254 0 R /XYZ 71.731 628.037 null] >> endobj 5259 0 obj << /D [5254 0 R /XYZ 182.356 579.795 null] >> endobj 5260 0 obj << /D [5254 0 R /XYZ 71.731 557.713 null] >> endobj 5261 0 obj << /D [5254 0 R /XYZ 263.44 546.918 null] >> endobj 5262 0 obj << /D [5254 0 R /XYZ 119.552 533.967 null] >> endobj 5263 0 obj << /D [5254 0 R /XYZ 223.491 533.967 null] >> endobj 5264 0 obj << /D [5254 0 R /XYZ 119.552 521.015 null] >> endobj 5265 0 obj << /D [5254 0 R /XYZ 259.735 508.064 null] >> endobj 5266 0 obj << /D [5254 0 R /XYZ 162.71 495.112 null] >> endobj 5267 0 obj << /D [5254 0 R /XYZ 71.731 480.004 null] >> endobj 5268 0 obj << /D [5254 0 R /XYZ 71.731 465.06 null] >> endobj 5269 0 obj << /D [5254 0 R /XYZ 241.728 455.561 null] >> endobj 5270 0 obj << /D [5254 0 R /XYZ 71.731 425.38 null] >> endobj 5271 0 obj << /D [5254 0 R /XYZ 71.731 366.096 null] >> endobj 5272 0 obj << /D [5254 0 R /XYZ 71.731 318.111 null] >> endobj 5273 0 obj << /D [5254 0 R /XYZ 423.03 307.317 null] >> endobj 5274 0 obj << /D [5254 0 R /XYZ 71.731 259.332 null] >> endobj 5275 0 obj << /D [5254 0 R /XYZ 71.731 236.418 null] >> endobj 5276 0 obj << /D [5254 0 R /XYZ 71.731 236.418 null] >> endobj 5277 0 obj << /D [5254 0 R /XYZ 138.919 226.918 null] >> endobj 5278 0 obj << /D [5254 0 R /XYZ 71.731 225.825 null] >> endobj 5279 0 obj << /D [5254 0 R /XYZ 71.731 205.899 null] >> endobj 5280 0 obj << /D [5254 0 R /XYZ 297.956 172.024 null] >> endobj 5281 0 obj << /D [5254 0 R /XYZ 76.712 143.73 null] >> endobj 5282 0 obj << /D [5254 0 R /XYZ 71.731 48.817 null] >> endobj 5253 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F48 1347 0 R /F55 1479 0 R /F51 1354 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5286 0 obj << /Length 2118 /Filter /FlateDecode >> stream xڥY[~_jcZ$u6[X4>Iez$,9<<.CgXs'8ݷwۏG)2ELjg1wYsFv)я8_oXhLynI}:ٯynԠ~]~p8(E4#&Qy?piDIQ]i#3ˮ|FPX@TBx1m&K(I< 0>ߊrӋw;Pڌd,Ѣ6yJц"PIAZx倂U d+^vQܟe+V21{\{Ex<,tڋd9ȃeNTIMI/*3~;2%I #I~@/:<:)-9DIIV ~4_kJ1tQX_*9}EglG.U\J=x7-:٧JթyQrܪig1R% ,/0ظTfNn2*4Vqz:tw2I ouZs(0JJoKTH)3@o;m -kqDKq۾c ~lm$.By?8TZ pT;6`v#9ɋݘX&H!Eq+ L/0zh ,zJG)j:58wXxch8cgO%CHH}SdHk@=YBp@/M]Bݳ# JI,'CYf1Ciݱ}J8"OF ;F`F5u `֕,ǹT0Vmi'N~ߝ'良Zd*d?BS߾k[t W..HL=_o=*O+d]k6 >UK pV{RlޘuN?JS ktr?I^U<,>JXE9T]6'*N2. Kx$`Fy>tˋjX +HdFխ MtNoqׇ##I^4 ی@W"F F '.a`θaPJ-Pf\\hyEMIqdN/L=ook?cfs| r662x)]ɦш^ ˠ 3!I=ꏸN1}g De}~퐤e[?T\ΠH"ݐ endstream endobj 5285 0 obj << /Type /Page /Contents 5286 0 R /Resources 5284 0 R /MediaBox [0 0 593.051 789.041] /Parent 5331 0 R >> endobj 5287 0 obj << /D [5285 0 R /XYZ -1.269 814.22 null] >> endobj 5288 0 obj << /D [5285 0 R /XYZ 166.376 670.002 null] >> endobj 5289 0 obj << /D [5285 0 R /XYZ 227.66 649.659 null] >> endobj 5290 0 obj << /D [5285 0 R /XYZ 280.83 626.346 null] >> endobj 5291 0 obj << /D [5285 0 R /XYZ 166.376 604.426 null] >> endobj 626 0 obj << /D [5285 0 R /XYZ 263.069 542.491 null] >> endobj 5292 0 obj << /D [5285 0 R /XYZ 71.731 519.596 null] >> endobj 5293 0 obj << /D [5285 0 R /XYZ 71.731 519.596 null] >> endobj 5294 0 obj << /D [5285 0 R /XYZ 71.731 516.727 null] >> endobj 5295 0 obj << /D [5285 0 R /XYZ 137.484 498.894 null] >> endobj 5296 0 obj << /D [5285 0 R /XYZ 336.217 498.894 null] >> endobj 5297 0 obj << /D [5285 0 R /XYZ 71.731 483.786 null] >> endobj 5298 0 obj << /D [5285 0 R /XYZ 137.484 468.01 null] >> endobj 5299 0 obj << /D [5285 0 R /XYZ 365.906 468.01 null] >> endobj 5300 0 obj << /D [5285 0 R /XYZ 176.776 455.059 null] >> endobj 5301 0 obj << /D [5285 0 R /XYZ 260.343 455.059 null] >> endobj 5302 0 obj << /D [5285 0 R /XYZ 333.867 455.059 null] >> endobj 5303 0 obj << /D [5285 0 R /XYZ 137.484 429.156 null] >> endobj 5304 0 obj << /D [5285 0 R /XYZ 361.643 429.156 null] >> endobj 5305 0 obj << /D [5285 0 R /XYZ 71.731 394.122 null] >> endobj 5306 0 obj << /D [5285 0 R /XYZ 184.527 370.376 null] >> endobj 5307 0 obj << /D [5285 0 R /XYZ 124.533 356.18 null] >> endobj 5308 0 obj << /D [5285 0 R /XYZ 137.484 338.247 null] >> endobj 5309 0 obj << /D [5285 0 R /XYZ 398.234 338.247 null] >> endobj 5310 0 obj << /D [5285 0 R /XYZ 71.731 323.139 null] >> endobj 5311 0 obj << /D [5285 0 R /XYZ 137.484 307.363 null] >> endobj 5312 0 obj << /D [5285 0 R /XYZ 76.712 277.774 null] >> endobj 5313 0 obj << /D [5285 0 R /XYZ 71.731 262.83 null] >> endobj 5314 0 obj << /D [5285 0 R /XYZ 310.831 251.173 null] >> endobj 5315 0 obj << /D [5285 0 R /XYZ 71.731 244.305 null] >> endobj 5316 0 obj << /D [5285 0 R /XYZ 157.912 234.536 null] >> endobj 5317 0 obj << /D [5285 0 R /XYZ 187.859 222.879 null] >> endobj 5318 0 obj << /D [5285 0 R /XYZ 71.731 215.903 null] >> endobj 5319 0 obj << /D [5285 0 R /XYZ 222.388 206.242 null] >> endobj 5320 0 obj << /D [5285 0 R /XYZ 139.477 194.586 null] >> endobj 5321 0 obj << /D [5285 0 R /XYZ 353.924 194.586 null] >> endobj 5322 0 obj << /D [5285 0 R /XYZ 290.666 182.929 null] >> endobj 5323 0 obj << /D [5285 0 R /XYZ 401.986 182.929 null] >> endobj 5324 0 obj << /D [5285 0 R /XYZ 225.956 171.273 null] >> endobj 5325 0 obj << /D [5285 0 R /XYZ 71.731 164.404 null] >> endobj 5326 0 obj << /D [5285 0 R /XYZ 71.731 131.129 null] >> endobj 5327 0 obj << /D [5285 0 R /XYZ 71.731 131.129 null] >> endobj 5328 0 obj << /D [5285 0 R /XYZ 161.265 122.526 null] >> endobj 5329 0 obj << /D [5285 0 R /XYZ 71.731 121.542 null] >> endobj 5330 0 obj << /D [5285 0 R /XYZ 161.265 112.035 null] >> endobj 5284 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F51 1354 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5334 0 obj << /Length 1152 /Filter /FlateDecode >> stream xWKo6W(+b}آG_nQ02mDHmb?CT$ "crnAʌfFȂ]Z*v~>)lfQQKX$(Ņ5$8#(ɋb]蚻R^U}yv2^tY.zT_;C;3}ӢˎXB_a;vy IPdt @za+rD3d ߘ1VpA M'9rc4o/R!e־7bL`ͮ`iX˧~'p7ZB 9i{f~kKF.0ud' 2^Jv'qV G~bcWc*6Tux%D^ɑT$48,dC)vg#;.\[V6è1Z쵐k^d#JD,"h[ zgA|cܟ#//AP9|)J|Eđaf$}&a|FlI nbeۃ?s٨r QYPd|m%W/h.O%U];aqJÙ7̓aow͘XK}oH<oXe"1SHy/c/;r| Dƹ [&/D { 8#We9*x#9t]%k. 9&:BAPϑ 3&kVg] ҈ΰG gj8QuD!ߏ]?~>];e!*=:j!'v~* ilR(˕;> ن+cIP4N8'jèn'ӂ k/4ػMl]D;@'8G/Wa c^a&i̜i$6e,67s1 hl;[Mz^*%-Ŵ4faG~mu64sy 1*0M"{+' 9hPxC'+zQd)+di-EϛO `\ Jwxu?Ϳ endstream endobj 5333 0 obj << /Type /Page /Contents 5334 0 R /Resources 5332 0 R /MediaBox [0 0 593.051 789.041] /Parent 5331 0 R >> endobj 5335 0 obj << /D [5333 0 R /XYZ -1.269 814.22 null] >> endobj 5336 0 obj << /D [5333 0 R /XYZ 71.731 718.306 null] >> endobj 5283 0 obj << /D [5333 0 R /XYZ 71.731 680.448 null] >> endobj 630 0 obj << /D [5333 0 R /XYZ 394.464 641.076 null] >> endobj 5337 0 obj << /D [5333 0 R /XYZ 71.731 628.144 null] >> endobj 5338 0 obj << /D [5333 0 R /XYZ 71.731 395.746 null] >> endobj 634 0 obj << /D [5333 0 R /XYZ 312.35 362.521 null] >> endobj 5339 0 obj << /D [5333 0 R /XYZ 71.731 339.935 null] >> endobj 5340 0 obj << /D [5333 0 R /XYZ 137.534 329.644 null] >> endobj 5341 0 obj << /D [5333 0 R /XYZ 71.731 314.536 null] >> endobj 5342 0 obj << /D [5333 0 R /XYZ 71.731 299.592 null] >> endobj 5343 0 obj << /D [5333 0 R /XYZ 71.731 286.64 null] >> endobj 5344 0 obj << /D [5333 0 R /XYZ 139.477 270.864 null] >> endobj 5345 0 obj << /D [5333 0 R /XYZ 71.731 248.782 null] >> endobj 5346 0 obj << /D [5333 0 R /XYZ 329.163 237.988 null] >> endobj 5347 0 obj << /D [5333 0 R /XYZ 71.731 200.877 null] >> endobj 5348 0 obj << /D [5333 0 R /XYZ 71.731 185.769 null] >> endobj 5349 0 obj << /D [5333 0 R /XYZ 139.477 169.993 null] >> endobj 5350 0 obj << /D [5333 0 R /XYZ 293.318 157.041 null] >> endobj 5332 0 obj << /Font << /F33 939 0 R /F48 1347 0 R /F25 932 0 R /F50 1352 0 R /F31 938 0 R /F11 2699 0 R /F74 1821 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5354 0 obj << /Length 1285 /Filter /FlateDecode >> stream xXMo6Wh1MR()SC-$#YHJNݜDp8͛ϛ{1Cz(ADI?3V^0 */^-^te{V6m{ 4ۮr\j;DD?I&Z]܉Հ};gvj.ey XV( 1>UB2MfdܚkZT =]Y5 Q;ӏ$2&eJ$rDsEkr⩰ì1Aҳb@o}k e5C6vw m3@/pAXXMML嶔 9xrMgN`K)ǹ1Yyj+@qd68g8xa N\[4pQ"%*|!o&Bٺr8n{z(hXZP9rkbgFFu<[EN䩑ڮ&߮j7̎Ofv*QTxXl0i9!~u#kƐTؐD'>o̘ 'dBX;LufC3OBrL+k$z*%{>Ǻ%7 e~:%tE'jt"B B&9@=/x-ˠQ6&MkhJzJ KF7b< ۠N4K['lXm L *-Gg"b@PW"zߜ+_ $n0 @e7N̓Wn96-?uKM!c`-;չ̅Xv%~I2VO;t'dŠ 7A6Cc{0g CPj[)awUyz_<2q.{p_}mݻp~ O6^W˧f&K~ \" endstream endobj 5353 0 obj << /Type /Page /Contents 5354 0 R /Resources 5352 0 R /MediaBox [0 0 593.051 789.041] /Parent 5331 0 R >> endobj 5355 0 obj << /D [5353 0 R /XYZ -1.269 814.22 null] >> endobj 5356 0 obj << /D [5353 0 R /XYZ 71.731 718.306 null] >> endobj 5357 0 obj << /D [5353 0 R /XYZ 71.731 706.187 null] >> endobj 5358 0 obj << /D [5353 0 R /XYZ 139.477 690.411 null] >> endobj 5359 0 obj << /D [5353 0 R /XYZ 71.731 655.377 null] >> endobj 5360 0 obj << /D [5353 0 R /XYZ 185.862 644.583 null] >> endobj 5361 0 obj << /D [5353 0 R /XYZ 71.731 620.423 null] >> endobj 5362 0 obj << /D [5353 0 R /XYZ 71.731 605.315 null] >> endobj 5363 0 obj << /D [5353 0 R /XYZ 139.477 589.539 null] >> endobj 5364 0 obj << /D [5353 0 R /XYZ 71.731 554.506 null] >> endobj 5365 0 obj << /D [5353 0 R /XYZ 185.862 543.711 null] >> endobj 5366 0 obj << /D [5353 0 R /XYZ 71.731 519.552 null] >> endobj 5367 0 obj << /D [5353 0 R /XYZ 71.731 504.443 null] >> endobj 5368 0 obj << /D [5353 0 R /XYZ 139.477 488.667 null] >> endobj 5369 0 obj << /D [5353 0 R /XYZ 71.731 466.585 null] >> endobj 5370 0 obj << /D [5353 0 R /XYZ 185.862 455.791 null] >> endobj 5371 0 obj << /D [5353 0 R /XYZ 71.731 436.613 null] >> endobj 638 0 obj << /D [5353 0 R /XYZ 315.985 401.146 null] >> endobj 5372 0 obj << /D [5353 0 R /XYZ 71.731 378.561 null] >> endobj 5373 0 obj << /D [5353 0 R /XYZ 137.534 368.269 null] >> endobj 5374 0 obj << /D [5353 0 R /XYZ 383.788 368.269 null] >> endobj 5375 0 obj << /D [5353 0 R /XYZ 71.731 333.235 null] >> endobj 5376 0 obj << /D [5353 0 R /XYZ 119.552 309.489 null] >> endobj 5377 0 obj << /D [5353 0 R /XYZ 122.869 296.538 null] >> endobj 5378 0 obj << /D [5353 0 R /XYZ 122.869 283.587 null] >> endobj 5379 0 obj << /D [5353 0 R /XYZ 182.326 270.635 null] >> endobj 5380 0 obj << /D [5353 0 R /XYZ 71.731 257.644 null] >> endobj 642 0 obj << /D [5353 0 R /XYZ 332.418 220.055 null] >> endobj 5381 0 obj << /D [5353 0 R /XYZ 71.731 216.863 null] >> endobj 646 0 obj << /D [5353 0 R /XYZ 298.925 185.584 null] >> endobj 5382 0 obj << /D [5353 0 R /XYZ 71.731 162.999 null] >> endobj 5383 0 obj << /D [5353 0 R /XYZ 119.552 139.756 null] >> endobj 5384 0 obj << /D [5353 0 R /XYZ 376.895 139.756 null] >> endobj 5385 0 obj << /D [5353 0 R /XYZ 71.731 136.354 null] >> endobj 5352 0 obj << /Font << /F33 939 0 R /F11 2699 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F74 1821 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5388 0 obj << /Length 1773 /Filter /FlateDecode >> stream xYI6WP`l`!+-tKuPII=qbR$zP2}|Oޝ^|{q: Ix&,0@Yx{@[?`?j5kF QDxc F6FLJ1e\L7}p1NPYY·،~MRo$_'FId-P1:? B![ ] ad[$ὕ?'=mWa$XΜ0Ҫ,{Y ],Tꮲ |-dXz^<+FeR<:E>/y~^פVyKNLPJۆx$N7*wfR݄PA t^ZpGu{i67f(QYqҡ,%VKàx7I hm^.WIGzKfʄVdk(TC4@_3-Ȋx&$-:8PS[o?y9l١ٔ,[ U5KغL75&~dC .Rz,&f}+Tn Qt}%W]| m}9N9H z9͛QǾÕ^f2 ][%K&M0Uv9ELbUw7> endobj 5351 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [231.351 646.411 290.628 657.315] /A << /S /GoTo /D (0:DEPLOY-LAYOUT) >> >> endobj 5389 0 obj << /D [5387 0 R /XYZ -1.269 814.22 null] >> endobj 5390 0 obj << /D [5387 0 R /XYZ 71.731 741.22 null] >> endobj 650 0 obj << /D [5387 0 R /XYZ 366.208 708.344 null] >> endobj 5391 0 obj << /D [5387 0 R /XYZ 71.731 685.759 null] >> endobj 5392 0 obj << /D [5387 0 R /XYZ 409.437 675.467 null] >> endobj 5393 0 obj << /D [5387 0 R /XYZ 215.013 662.516 null] >> endobj 5394 0 obj << /D [5387 0 R /XYZ 427.803 662.516 null] >> endobj 5395 0 obj << /D [5387 0 R /XYZ 71.731 627.482 null] >> endobj 5396 0 obj << /D [5387 0 R /XYZ 308.002 616.687 null] >> endobj 5397 0 obj << /D [5387 0 R /XYZ 71.731 600.334 null] >> endobj 654 0 obj << /D [5387 0 R /XYZ 420.232 567.024 null] >> endobj 5398 0 obj << /D [5387 0 R /XYZ 71.731 544.624 null] >> endobj 5399 0 obj << /D [5387 0 R /XYZ 71.731 524.698 null] >> endobj 5400 0 obj << /D [5387 0 R /XYZ 175.72 488.319 null] >> endobj 5401 0 obj << /D [5387 0 R /XYZ 221.916 475.367 null] >> endobj 5402 0 obj << /D [5387 0 R /XYZ 321.93 475.367 null] >> endobj 5403 0 obj << /D [5387 0 R /XYZ 427.323 475.367 null] >> endobj 5404 0 obj << /D [5387 0 R /XYZ 144.458 462.416 null] >> endobj 5405 0 obj << /D [5387 0 R /XYZ 71.731 459.014 null] >> endobj 658 0 obj << /D [5387 0 R /XYZ 344.163 425.704 null] >> endobj 5406 0 obj << /D [5387 0 R /XYZ 71.731 403.118 null] >> endobj 5407 0 obj << /D [5387 0 R /XYZ 332.491 392.827 null] >> endobj 5408 0 obj << /D [5387 0 R /XYZ 119.552 366.924 null] >> endobj 5409 0 obj << /D [5387 0 R /XYZ 329.124 366.924 null] >> endobj 5410 0 obj << /D [5387 0 R /XYZ 71.731 353.559 null] >> endobj 662 0 obj << /D [5387 0 R /XYZ 345.343 316.344 null] >> endobj 5411 0 obj << /D [5387 0 R /XYZ 71.731 313.152 null] >> endobj 5412 0 obj << /D [5387 0 R /XYZ 71.731 298.208 null] >> endobj 5413 0 obj << /D [5387 0 R /XYZ 266.268 289.743 null] >> endobj 5414 0 obj << /D [5387 0 R /XYZ 427.231 289.743 null] >> endobj 5415 0 obj << /D [5387 0 R /XYZ 71.731 205.26 null] >> endobj 5416 0 obj << /D [5387 0 R /XYZ 71.731 205.26 null] >> endobj 5417 0 obj << /D [5387 0 R /XYZ 71.731 180.189 null] >> endobj 5418 0 obj << /D [5387 0 R /XYZ 71.731 180.189 null] >> endobj 5419 0 obj << /D [5387 0 R /XYZ 143.761 170.69 null] >> endobj 5420 0 obj << /D [5387 0 R /XYZ 71.731 157.653 null] >> endobj 5421 0 obj << /D [5387 0 R /XYZ 143.761 147.377 null] >> endobj 5422 0 obj << /D [5387 0 R /XYZ 71.731 123.078 null] >> endobj 5423 0 obj << /D [5387 0 R /XYZ 143.761 112.408 null] >> endobj 5386 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F11 2699 0 R /F74 1821 0 R /F50 1352 0 R /F38 1036 0 R /F48 1347 0 R /F51 1354 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5426 0 obj << /Length 1655 /Filter /FlateDecode >> stream xڽXKo6"Fދ>zhEnmDDdR+JP$%SbQ9 ~޼s)V*Rw( Q,"(OZpMM@pCdYSӑμwc:W]ds6֚3ѝl@ I<zc9Bxg>I#OѤ_.X_͜^2GI fǹ^6 µnSlVMku`UFo*ڱ2Z[Rh\/>@3 `2ے*Clg!8Vki-Ul3L1B3?gx/^~wh^0Xը d FPeDžѕaL5{0fŒsJhaDGFJ RHqfOW7(FCNyCT Uj_~G@bbߓT ± ʪw컦Tϻ"Z?d:iocSWAprC >l}kue$ݢf.P @qN>.07]MQA=xsNc91+&(乩.Td zוifi-8g٘)+j\B=ymWI5@ Mf2^ )pp)#_"{q([Y0'o͏o/ endstream endobj 5425 0 obj << /Type /Page /Contents 5426 0 R /Resources 5424 0 R /MediaBox [0 0 593.051 789.041] /Parent 5331 0 R >> endobj 5427 0 obj << /D [5425 0 R /XYZ -1.269 814.22 null] >> endobj 5428 0 obj << /D [5425 0 R /XYZ 71.731 718.306 null] >> endobj 5429 0 obj << /D [5425 0 R /XYZ 261.687 708.344 null] >> endobj 5430 0 obj << /D [5425 0 R /XYZ 71.731 673.31 null] >> endobj 5431 0 obj << /D [5425 0 R /XYZ 71.731 658.366 null] >> endobj 5432 0 obj << /D [5425 0 R /XYZ 71.731 647.472 null] >> endobj 5433 0 obj << /D [5425 0 R /XYZ 139.477 629.639 null] >> endobj 5434 0 obj << /D [5425 0 R /XYZ 71.731 617.519 null] >> endobj 5435 0 obj << /D [5425 0 R /XYZ 71.731 606.625 null] >> endobj 5436 0 obj << /D [5425 0 R /XYZ 139.477 588.792 null] >> endobj 5437 0 obj << /D [5425 0 R /XYZ 275.585 588.792 null] >> endobj 5438 0 obj << /D [5425 0 R /XYZ 249.593 575.841 null] >> endobj 5439 0 obj << /D [5425 0 R /XYZ 71.731 563.721 null] >> endobj 5440 0 obj << /D [5425 0 R /XYZ 71.731 552.827 null] >> endobj 5441 0 obj << /D [5425 0 R /XYZ 139.477 534.994 null] >> endobj 5442 0 obj << /D [5425 0 R /XYZ 265.951 522.042 null] >> endobj 5443 0 obj << /D [5425 0 R /XYZ 440.634 522.042 null] >> endobj 5444 0 obj << /D [5425 0 R /XYZ 139.477 509.091 null] >> endobj 5445 0 obj << /D [5425 0 R /XYZ 164.373 509.091 null] >> endobj 5446 0 obj << /D [5425 0 R /XYZ 186.51 509.091 null] >> endobj 5447 0 obj << /D [5425 0 R /XYZ 211.984 509.091 null] >> endobj 5448 0 obj << /D [5425 0 R /XYZ 235.237 509.091 null] >> endobj 5449 0 obj << /D [5425 0 R /XYZ 272.029 509.091 null] >> endobj 5450 0 obj << /D [5425 0 R /XYZ 71.731 497.106 null] >> endobj 5451 0 obj << /D [5425 0 R /XYZ 71.731 486.077 null] >> endobj 5452 0 obj << /D [5425 0 R /XYZ 139.477 468.244 null] >> endobj 5453 0 obj << /D [5425 0 R /XYZ 391.37 468.244 null] >> endobj 5454 0 obj << /D [5425 0 R /XYZ 71.731 443.173 null] >> endobj 5455 0 obj << /D [5425 0 R /XYZ 71.731 432.279 null] >> endobj 5456 0 obj << /D [5425 0 R /XYZ 139.477 414.446 null] >> endobj 5457 0 obj << /D [5425 0 R /XYZ 139.477 401.494 null] >> endobj 5458 0 obj << /D [5425 0 R /XYZ 300.053 401.494 null] >> endobj 5459 0 obj << /D [5425 0 R /XYZ 354.877 388.543 null] >> endobj 5460 0 obj << /D [5425 0 R /XYZ 154.7 375.592 null] >> endobj 5461 0 obj << /D [5425 0 R /XYZ 314.788 375.592 null] >> endobj 5462 0 obj << /D [5425 0 R /XYZ 71.731 363.472 null] >> endobj 5463 0 obj << /D [5425 0 R /XYZ 71.731 352.578 null] >> endobj 5464 0 obj << /D [5425 0 R /XYZ 139.477 334.745 null] >> endobj 5465 0 obj << /D [5425 0 R /XYZ 314.13 334.745 null] >> endobj 5466 0 obj << /D [5425 0 R /XYZ 71.731 296.722 null] >> endobj 5467 0 obj << /D [5425 0 R /XYZ 71.731 285.828 null] >> endobj 5468 0 obj << /D [5425 0 R /XYZ 139.477 267.995 null] >> endobj 5469 0 obj << /D [5425 0 R /XYZ 378.189 267.995 null] >> endobj 5470 0 obj << /D [5425 0 R /XYZ 71.731 265.838 null] >> endobj 666 0 obj << /D [5425 0 R /XYZ 260.417 233.524 null] >> endobj 5471 0 obj << /D [5425 0 R /XYZ 71.731 211.124 null] >> endobj 5472 0 obj << /D [5425 0 R /XYZ 71.731 211.124 null] >> endobj 5473 0 obj << /D [5425 0 R /XYZ 71.731 165.988 null] >> endobj 5474 0 obj << /D [5425 0 R /XYZ 71.731 165.988 null] >> endobj 5475 0 obj << /D [5425 0 R /XYZ 71.731 132.737 null] >> endobj 5476 0 obj << /D [5425 0 R /XYZ 71.731 132.737 null] >> endobj 5424 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F38 1036 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5479 0 obj << /Length 1379 /Filter /FlateDecode >> stream xڭXێ6}߯IV I݃@o٠@umhEW8CYe-j9cSgPÛwAd$y6NSBIN҈;~'l)P?fS_5o16 'iA)_?(\ Nf!ă1(_ BԐ0f.f8N rs2)|;Xhx(^81*p.vqUͱl%):>c!3$y/pȍ#w#s˦ GT5# RtMbdN)#A͜P8<& sLEnI^bvfW-of'>q % 3J 0:,;XsaIڜ<Rvg^FT X%&jW"qsߋ8U|)MA`EWZ::3ؤXvnR-4Of'se%Qqt9κEsi*khuM f0! v1C iwX4 "ow]Dđw|­M%8i.R7I^/Ϳ\$l qǾ[+Xc[d)ʪX LDKBFx6 NȑjuQ6 G4 `yқպp0MT4}c&&dv`di! ={k3G2+JY4 )l @{#Ӡa09$ XWJ* c&:kJ6j?l\d-;Ӗx]ȹ.6}i[e3w)4^(^֯ȿz}#r0΅' Hq+8t\-=Bu?-ŃoU/έ/c]?OIC'`p P*{i ņ.&L.ߚбMQ ް6ߓIpv7 hL%Ǩ /LuRf~gZ0_aKE7TݍPȻs 3\R8j q>cшٝ۝qsU M _[$$\[^xx6p$Yy6"!PP4Β)0O{A0XDL?+3`$ TN"__5?øVZ\n^q1s_*X }d`O}Ї'4?ppXk,?^> endobj 5480 0 obj << /D [5478 0 R /XYZ -1.269 814.22 null] >> endobj 5481 0 obj << /D [5478 0 R /XYZ 71.731 718.306 null] >> endobj 5482 0 obj << /D [5478 0 R /XYZ 71.731 718.306 null] >> endobj 5483 0 obj << /D [5478 0 R /XYZ 71.731 673.31 null] >> endobj 5484 0 obj << /D [5478 0 R /XYZ 71.731 673.31 null] >> endobj 5485 0 obj << /D [5478 0 R /XYZ 71.731 636.199 null] >> endobj 670 0 obj << /D [5478 0 R /XYZ 262.94 598.984 null] >> endobj 5486 0 obj << /D [5478 0 R /XYZ 71.731 576.089 null] >> endobj 5487 0 obj << /D [5478 0 R /XYZ 71.731 550.999 null] >> endobj 674 0 obj << /D [5478 0 R /XYZ 261.745 518.685 null] >> endobj 5488 0 obj << /D [5478 0 R /XYZ 71.731 496.285 null] >> endobj 5489 0 obj << /D [5478 0 R /XYZ 71.731 496.285 null] >> endobj 5490 0 obj << /D [5478 0 R /XYZ 71.731 472.443 null] >> endobj 678 0 obj << /D [5478 0 R /XYZ 273.327 435.228 null] >> endobj 5491 0 obj << /D [5478 0 R /XYZ 71.731 412.333 null] >> endobj 5492 0 obj << /D [5478 0 R /XYZ 360.844 402.351 null] >> endobj 5493 0 obj << /D [5478 0 R /XYZ 218.051 389.4 null] >> endobj 5494 0 obj << /D [5478 0 R /XYZ 71.731 387.243 null] >> endobj 682 0 obj << /D [5478 0 R /XYZ 261.745 354.929 null] >> endobj 5495 0 obj << /D [5478 0 R /XYZ 71.731 332.529 null] >> endobj 5496 0 obj << /D [5478 0 R /XYZ 71.731 308.687 null] >> endobj 686 0 obj << /D [5478 0 R /XYZ 303.669 271.472 null] >> endobj 5497 0 obj << /D [5478 0 R /XYZ 71.731 248.577 null] >> endobj 5498 0 obj << /D [5478 0 R /XYZ 245.468 225.644 null] >> endobj 5499 0 obj << /D [5478 0 R /XYZ 473.55 225.644 null] >> endobj 5500 0 obj << /D [5478 0 R /XYZ 119.552 212.692 null] >> endobj 5501 0 obj << /D [5478 0 R /XYZ 71.731 210.536 null] >> endobj 5502 0 obj << /D [5478 0 R /XYZ 71.731 195.592 null] >> endobj 5503 0 obj << /D [5478 0 R /XYZ 422.425 162.78 null] >> endobj 5504 0 obj << /D [5478 0 R /XYZ 239.791 139.467 null] >> endobj 5505 0 obj << /D [5478 0 R /XYZ 76.712 121.534 null] >> endobj 5477 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F11 2699 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R /F74 1821 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5508 0 obj << /Length 1701 /Filter /FlateDecode >> stream xXYD~_aӌmvD%LjLczlc7ï}xHm]UWMAۋ/oLjH۾O }#plzM_W_jy6m,J tE+m)~le6߷^P3,D7Lۥs\|  ŪE0Az[8R;jp5L>iޯ-u_5:Ħ|Ol1  #00r%x3)S]{Sb~rm{"/YB|=Ⱥ/F̸.[ 3 u|ôl KAj"|Ej]⸾-qJFڦ:+ҤuƧ<ƿ55 aT,*`R\H!s RS)ۢ܊&;j.Qc9e幜S"zq-\~tIxGllӞv3 E)ŴQdQWEkiqU ^3&}Ǫ.zT$tͼRWt~, |14u|Wf<ھ扞 V4-HAmAU8asq mI©>SeuVwk11pGa7`{>GaC§Äy_͂`##?D9Mq^lYW*% \ZU&`OĹC\iN^eZi}Ox9>ҭYh A&] -?. d񠋶L Ws(4Kt8gĎ  ##eruVJ}.IWgah[Ģ4^Bd^,3| D|>mcP"? vnqCNX?Zºy5BXyX2PLV/9X$g۷?ߘϲS0BWyp> endobj 5509 0 obj << /D [5507 0 R /XYZ -1.269 814.22 null] >> endobj 690 0 obj << /D [5507 0 R /XYZ 261.745 708.344 null] >> endobj 5510 0 obj << /D [5507 0 R /XYZ 71.731 685.944 null] >> endobj 5511 0 obj << /D [5507 0 R /XYZ 71.731 685.944 null] >> endobj 5512 0 obj << /D [5507 0 R /XYZ 71.731 651.208 null] >> endobj 694 0 obj << /D [5507 0 R /XYZ 298.418 611.935 null] >> endobj 5513 0 obj << /D [5507 0 R /XYZ 71.731 589.04 null] >> endobj 5514 0 obj << /D [5507 0 R /XYZ 411.195 579.059 null] >> endobj 5515 0 obj << /D [5507 0 R /XYZ 71.731 576.902 null] >> endobj 698 0 obj << /D [5507 0 R /XYZ 261.745 544.588 null] >> endobj 5516 0 obj << /D [5507 0 R /XYZ 71.731 522.188 null] >> endobj 5517 0 obj << /D [5507 0 R /XYZ 71.731 522.188 null] >> endobj 5518 0 obj << /D [5507 0 R /XYZ 71.731 498.346 null] >> endobj 702 0 obj << /D [5507 0 R /XYZ 270.916 461.131 null] >> endobj 5519 0 obj << /D [5507 0 R /XYZ 71.731 438.236 null] >> endobj 5520 0 obj << /D [5507 0 R /XYZ 187.337 402.351 null] >> endobj 5521 0 obj << /D [5507 0 R /XYZ 71.731 367.318 null] >> endobj 5522 0 obj << /D [5507 0 R /XYZ 119.552 343.572 null] >> endobj 5523 0 obj << /D [5507 0 R /XYZ 122.869 330.62 null] >> endobj 5524 0 obj << /D [5507 0 R /XYZ 122.869 317.669 null] >> endobj 5525 0 obj << /D [5507 0 R /XYZ 182.326 304.717 null] >> endobj 5526 0 obj << /D [5507 0 R /XYZ 71.731 302.934 null] >> endobj 5527 0 obj << /D [5507 0 R /XYZ 71.731 287.99 null] >> endobj 5528 0 obj << /D [5507 0 R /XYZ 71.731 236.172 null] >> endobj 5529 0 obj << /D [5507 0 R /XYZ 230.018 214.854 null] >> endobj 5530 0 obj << /D [5507 0 R /XYZ 139.477 203.198 null] >> endobj 5531 0 obj << /D [5507 0 R /XYZ 76.712 185.265 null] >> endobj 706 0 obj << /D [5507 0 R /XYZ 261.745 149.798 null] >> endobj 5532 0 obj << /D [5507 0 R /XYZ 71.731 127.398 null] >> endobj 5533 0 obj << /D [5507 0 R /XYZ 71.731 127.398 null] >> endobj 5506 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F38 1036 0 R /F11 2699 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5537 0 obj << /Length 1717 /Filter /FlateDecode >> stream xڥYَ6}0Iڋ@&mAmVc*Eu||/E>$SsC l&xORF4?'$)JB:&yoY%r>{#u6vKSԏ|D7Xo {&=g4(yBMgOI-/I`%kjj 5 )%"$f`FԷ[WƗBK|bJ]3> CO62:_ lr/YcnCVʚ}D1E x2#Kib(CpYs2P`64fU=5~5AzU]ZX\Ո' Gvf _(t"u* 19) =prCsÛKd*_dYEYl3G(Rbhn[v\32"[._q#%_d#g$Zw[˽|QdyG~IG.ÖF,(Ge^dž ||e;?~}dؾ^v# >5%ܵELx08᫬Ve #_կ1u)g}.c۪M UM宰jnLk;nEqv1_ppH322'P^?iY.]z$)w'<DbY9nQCu'mUV3N#Y̘MUä6c8 xN p\L4V~|}UUy?EC/; XrwTڧiJWSB7k nE8WW0O&z19+4gw2I er9$gܡ(m'C+@~Q-SP!4*}H R'8VD*>Lzkz4iْ??zkul`ՋX|gv$5#'ծ9T[= a<+V` LP0K^Te$(.QܲGLX?ՉX6Zkz;#j1|R}KwvyObL Z~gS/U'y"vBt>nꉒSS_G-mc[1c1 R*X+L0@сHBlUp{fpV?ɍ\CvrXDPO^:^"d4M9j] 8±S261[c>~]5ۑŊp~?2a?$"Zjd,TL+%(M 9U vWveTG =NԚvm',ăkQM#@D{ߠo~yPK )9*ʔi[NTۮN >\.x=L?sJ/aPZ"Ǘ4Yp*?XBJ%>}sAx+f,LvqqƠD׻aة$LR8faU2MZ$e`|!GI8͢tVb endstream endobj 5536 0 obj << /Type /Page /Contents 5537 0 R /Resources 5535 0 R /MediaBox [0 0 593.051 789.041] /Parent 5534 0 R >> endobj 5538 0 obj << /D [5536 0 R /XYZ -1.269 814.22 null] >> endobj 5539 0 obj << /D [5536 0 R /XYZ 71.731 741.22 null] >> endobj 5540 0 obj << /D [5536 0 R /XYZ 71.731 718.306 null] >> endobj 5541 0 obj << /D [5536 0 R /XYZ 71.731 718.306 null] >> endobj 5542 0 obj << /D [5536 0 R /XYZ 134.774 695.392 null] >> endobj 5543 0 obj << /D [5536 0 R /XYZ 119.552 682.441 null] >> endobj 5544 0 obj << /D [5536 0 R /XYZ 71.731 661.135 null] >> endobj 5545 0 obj << /D [5536 0 R /XYZ 71.731 661.135 null] >> endobj 5546 0 obj << /D [5536 0 R /XYZ 442.254 649.564 null] >> endobj 5547 0 obj << /D [5536 0 R /XYZ 71.731 614.531 null] >> endobj 5548 0 obj << /D [5536 0 R /XYZ 71.731 614.531 null] >> endobj 5549 0 obj << /D [5536 0 R /XYZ 296.447 590.785 null] >> endobj 5550 0 obj << /D [5536 0 R /XYZ 71.731 542.8 null] >> endobj 5551 0 obj << /D [5536 0 R /XYZ 71.731 542.8 null] >> endobj 5552 0 obj << /D [5536 0 R /XYZ 71.731 509.923 null] >> endobj 5553 0 obj << /D [5536 0 R /XYZ 71.731 509.923 null] >> endobj 5554 0 obj << /D [5536 0 R /XYZ 71.731 477.046 null] >> endobj 5555 0 obj << /D [5536 0 R /XYZ 71.731 477.046 null] >> endobj 5556 0 obj << /D [5536 0 R /XYZ 71.731 444.169 null] >> endobj 5557 0 obj << /D [5536 0 R /XYZ 71.731 444.169 null] >> endobj 5558 0 obj << /D [5536 0 R /XYZ 426.125 433.375 null] >> endobj 5559 0 obj << /D [5536 0 R /XYZ 71.731 420.01 null] >> endobj 710 0 obj << /D [5536 0 R /XYZ 286.367 382.795 null] >> endobj 5560 0 obj << /D [5536 0 R /XYZ 71.731 359.9 null] >> endobj 5561 0 obj << /D [5536 0 R /XYZ 71.731 301.933 null] >> endobj 5562 0 obj << /D [5536 0 R /XYZ 166.306 291.138 null] >> endobj 5563 0 obj << /D [5536 0 R /XYZ 71.731 256.105 null] >> endobj 5564 0 obj << /D [5536 0 R /XYZ 71.731 223.228 null] >> endobj 5565 0 obj << /D [5536 0 R /XYZ 165.758 212.433 null] >> endobj 5566 0 obj << /D [5536 0 R /XYZ 191.545 186.531 null] >> endobj 5567 0 obj << /D [5536 0 R /XYZ 71.731 151.497 null] >> endobj 5568 0 obj << /D [5536 0 R /XYZ 119.552 127.751 null] >> endobj 5535 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F11 2699 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5571 0 obj << /Length 1854 /Filter /FlateDecode >> stream xY[o6~ϯ0R.kmmP)0` ZmȏM7Ӎa@Sn.~EȋۅahJBoqYqOxb/hWzn+W~ERYyžhO 0 @ P{ը]Sv}EQ 0EAr-+Ydխ:.f&r ԻRw{P3ϴQ/&7 z& Y`oqE/|$܌H-gtO+7\ҳYU\4k+~T&(\䥞!xrME(Ic#7uJRP X"7X?A0zhAJCW}'^T +--CȌƤ‘. /$Z[,NᷬYUuL/ś>U#`%$ގXQ+b9jV·4i8Pc&H~bQF $%2=(yL5VsQ@ 8s| )0f>_OqݳFXZ[oЍ1rvp~kNbiQjc q.):[-) ]3Шm jn˪UԮf벪(T hz AV DNR65:=@Cn͎A!Hˉz7˵(U-B]coNQL;zx8$rFN$o䈗O֨`!,51,qleQ]W|lyU "w'zϜ*V'UjυJxxO>]'"!Q25j 5Q~$ET :.jLlc`AfO9*o\HcA>sl7;c_cVٌW914M5+ac&rM4MOPZv&uѩ Q)˭GE없/(: }%HQriaٔ-U&O~X3/ T, ka0AkDfM9@id{e(a,HPI! BBqz tx;NLc&GtEN(V0]6Akc> P%O~8#}~% ߭EṰJJ `!~>?a:I%}0[v`353 ^nLR!SC:L.+f_KSh葛n=xT0$UffζAޕ ]? }pN8k/9p+EGt[X߆ٍ lK2_6oCjғȓJv?\N,YԵiyRYom%e]3RNA}#yn +{+297ZWS>7λߏd *l#ùņsV>t9@ifw(0=kҞH~moDHp!8ɐub[7-t;?r<*(Hqdۋ5` endstream endobj 5570 0 obj << /Type /Page /Contents 5571 0 R /Resources 5569 0 R /MediaBox [0 0 593.051 789.041] /Parent 5534 0 R >> endobj 5572 0 obj << /D [5570 0 R /XYZ -1.269 814.22 null] >> endobj 5573 0 obj << /D [5570 0 R /XYZ 71.731 741.22 null] >> endobj 5574 0 obj << /D [5570 0 R /XYZ 71.731 718.306 null] >> endobj 5575 0 obj << /D [5570 0 R /XYZ 165.2 708.344 null] >> endobj 5576 0 obj << /D [5570 0 R /XYZ 71.731 660.359 null] >> endobj 5577 0 obj << /D [5570 0 R /XYZ 71.731 645.415 null] >> endobj 5578 0 obj << /D [5570 0 R /XYZ 278.974 635.915 null] >> endobj 5579 0 obj << /D [5570 0 R /XYZ 139.477 624.259 null] >> endobj 5580 0 obj << /D [5570 0 R /XYZ 139.477 612.603 null] >> endobj 5581 0 obj << /D [5570 0 R /XYZ 76.712 595.965 null] >> endobj 5582 0 obj << /D [5570 0 R /XYZ 71.731 576.04 null] >> endobj 5583 0 obj << /D [5570 0 R /XYZ 71.731 522.438 null] >> endobj 5584 0 obj << /D [5570 0 R /XYZ 154.433 489.465 null] >> endobj 5585 0 obj << /D [5570 0 R /XYZ 76.712 471.532 null] >> endobj 714 0 obj << /D [5570 0 R /XYZ 268.392 436.065 null] >> endobj 5586 0 obj << /D [5570 0 R /XYZ 71.731 413.665 null] >> endobj 5587 0 obj << /D [5570 0 R /XYZ 71.731 413.665 null] >> endobj 5588 0 obj << /D [5570 0 R /XYZ 71.731 382.873 null] >> endobj 5589 0 obj << /D [5570 0 R /XYZ 71.731 382.873 null] >> endobj 5590 0 obj << /D [5570 0 R /XYZ 146.67 357.36 null] >> endobj 5591 0 obj << /D [5570 0 R /XYZ 71.731 335.278 null] >> endobj 5592 0 obj << /D [5570 0 R /XYZ 71.731 335.278 null] >> endobj 5593 0 obj << /D [5570 0 R /XYZ 158.007 311.532 null] >> endobj 5594 0 obj << /D [5570 0 R /XYZ 71.731 289.45 null] >> endobj 5595 0 obj << /D [5570 0 R /XYZ 71.731 289.45 null] >> endobj 5596 0 obj << /D [5570 0 R /XYZ 219.157 265.704 null] >> endobj 5597 0 obj << /D [5570 0 R /XYZ 71.731 243.622 null] >> endobj 5598 0 obj << /D [5570 0 R /XYZ 71.731 243.622 null] >> endobj 5599 0 obj << /D [5570 0 R /XYZ 296.447 219.875 null] >> endobj 5600 0 obj << /D [5570 0 R /XYZ 71.731 171.891 null] >> endobj 5601 0 obj << /D [5570 0 R /XYZ 71.731 171.891 null] >> endobj 5602 0 obj << /D [5570 0 R /XYZ 71.731 139.014 null] >> endobj 5603 0 obj << /D [5570 0 R /XYZ 71.731 139.014 null] >> endobj 5569 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F25 932 0 R /F48 1347 0 R /F91 1827 0 R /F38 1036 0 R /F11 2699 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5606 0 obj << /Length 1459 /Filter /FlateDecode >> stream xXMo6WRQt n ԷmQ02%Wu}")2l?=73oFs=4*PiG4i,?u]obW#x+NUs93]ckıy>4S_?a{-ܙ F&zͥͥį;7;BfEyafg6CYR 'VHh6ZZv`'nÏkVڒ;Xa^ەlE5e )"6qłef[D0SWOgc矒5v'D%kk2o=ޙUՀZBRh !1*1JP{Ҕ9{Y K^v)ʋb t NŐ)>J'D6%Ttr@q`@5Wz}w қvpPG.2$Id2G&$qRu L7794džeZMYQ~AYálꠓʅUS*g-lG]׆^Ɵ4ך$]5' WYCHʾ*x @֖i(R+.dz,t,UI1PH&Y湟FtӫUݽ {XJ\ȴ\le\`?`]]l p;K}g,drHrM`Eugu.냼Rbq}ӣOm' b0}f!ѲEch#݈G;gĥ[_.Fҍ+S>&қS2!1[O5r\)943^Dqp(@RXN$(!~ǣTAٵ Yo]Zz1Xo[X'.N}; <^ 2N}VkCY*qc"0nh'H7a' :{jZ*hQPN;{%nq`BP̀10 :o-1Z4(j)q,?>PsYnj yOrÐI62s7+VZcLJwlRxಶ]º;X7b ^Y5:{+:(%E@셄yŌq,EbfCh$ħܑ̦Rpi T +}F~ b@x^5) H3\8Y> endobj 5607 0 obj << /D [5605 0 R /XYZ -1.269 814.22 null] >> endobj 5608 0 obj << /D [5605 0 R /XYZ 71.731 718.306 null] >> endobj 5609 0 obj << /D [5605 0 R /XYZ 71.731 718.306 null] >> endobj 5610 0 obj << /D [5605 0 R /XYZ 134.217 662.516 null] >> endobj 5611 0 obj << /D [5605 0 R /XYZ 71.731 642.133 null] >> endobj 5612 0 obj << /D [5605 0 R /XYZ 71.731 642.133 null] >> endobj 5613 0 obj << /D [5605 0 R /XYZ 239.72 629.639 null] >> endobj 5614 0 obj << /D [5605 0 R /XYZ 71.731 607.557 null] >> endobj 5615 0 obj << /D [5605 0 R /XYZ 71.731 607.557 null] >> endobj 5616 0 obj << /D [5605 0 R /XYZ 71.731 574.68 null] >> endobj 5617 0 obj << /D [5605 0 R /XYZ 71.731 574.68 null] >> endobj 5618 0 obj << /D [5605 0 R /XYZ 317.687 525.031 null] >> endobj 5619 0 obj << /D [5605 0 R /XYZ 71.731 521.629 null] >> endobj 5620 0 obj << /D [5605 0 R /XYZ 137.484 504.608 null] >> endobj 5621 0 obj << /D [5605 0 R /XYZ 137.484 504.608 null] >> endobj 5622 0 obj << /D [5605 0 R /XYZ 71.731 503.168 null] >> endobj 5623 0 obj << /D [5605 0 R /XYZ 137.484 486.675 null] >> endobj 5624 0 obj << /D [5605 0 R /XYZ 137.484 486.675 null] >> endobj 5625 0 obj << /D [5605 0 R /XYZ 71.731 485.235 null] >> endobj 5626 0 obj << /D [5605 0 R /XYZ 137.484 468.742 null] >> endobj 5627 0 obj << /D [5605 0 R /XYZ 399.598 468.742 null] >> endobj 5628 0 obj << /D [5605 0 R /XYZ 71.731 453.634 null] >> endobj 5629 0 obj << /D [5605 0 R /XYZ 137.484 437.858 null] >> endobj 5630 0 obj << /D [5605 0 R /XYZ 179.994 424.907 null] >> endobj 5631 0 obj << /D [5605 0 R /XYZ 71.731 422.75 null] >> endobj 5632 0 obj << /D [5605 0 R /XYZ 137.484 406.974 null] >> endobj 5633 0 obj << /D [5605 0 R /XYZ 71.731 356.164 null] >> endobj 5634 0 obj << /D [5605 0 R /XYZ 71.731 356.164 null] >> endobj 5635 0 obj << /D [5605 0 R /XYZ 450.124 343.213 null] >> endobj 5636 0 obj << /D [5605 0 R /XYZ 71.731 329.848 null] >> endobj 718 0 obj << /D [5605 0 R /XYZ 303.898 292.633 null] >> endobj 5637 0 obj << /D [5605 0 R /XYZ 71.731 269.738 null] >> endobj 5638 0 obj << /D [5605 0 R /XYZ 450.902 259.756 null] >> endobj 5639 0 obj << /D [5605 0 R /XYZ 71.731 257.599 null] >> endobj 722 0 obj << /D [5605 0 R /XYZ 268.392 225.285 null] >> endobj 5640 0 obj << /D [5605 0 R /XYZ 71.731 202.885 null] >> endobj 5641 0 obj << /D [5605 0 R /XYZ 71.731 202.885 null] >> endobj 5642 0 obj << /D [5605 0 R /XYZ 71.731 172.094 null] >> endobj 5643 0 obj << /D [5605 0 R /XYZ 71.731 172.094 null] >> endobj 5644 0 obj << /D [5605 0 R /XYZ 405.572 159.532 null] >> endobj 5645 0 obj << /D [5605 0 R /XYZ 71.731 146.167 null] >> endobj 5604 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F11 2699 0 R /F31 938 0 R /F50 1352 0 R /F74 1821 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5650 0 obj << /Length 1961 /Filter /FlateDecode >> stream xڍXK6СX"r(ͣ4ޠhEU7"?Cr(KŦ(r͌`7w7wQ$OY^yӉv`I8!q7Aԝ{oQ6 W~ K(Na`qH(6 (pVi8+^ <7P 4)%Qi0dAq1/"ey"6u raa/YU`˂4IfNq8m-띑r.^+0u[)KI`Qm*L9޺nSξ?=QIFӜ%3Oỏ ihk63L{gCBF`Dꄷԏ*~K)(=)n@V/xQ4s*],Ǫ[#^ 1=SʭJy;m[ux7VmSG0iD1 H|mM2K0?C[荳Yp*x!mŐ7#&63JI1/+1SN>Q2Un. z⌬P!C?ae퀤iɄ'YBonuhrds̊l y4ϴ2 VgQ=1'I? QSD` ^c^uw]'u'w\˂WVjiTagF3HCsr1:8[, Uohp# ''Y6؊5bUIU&X/f/_Fu_Wn•=a,H9sYXW:ʪ#(Bc\G5 ,>k`B}T* ,.J"8eN M(XcӨAݹ[xtwy(pτ tEWAv(o0뷸$P`}vB0LqL,߈5дD )9 O (R>JcM\c  gCy'D*)?Qrz 멿"cCkw/k ۝Kfڞ}m1WMRRqK_ul:߃O` Ys^hB1:4KI|* U )y F/ BBhM;S 2 \2S^k 7GVr;Ѹhc_wQWۯ\=Փ Y9#~T2&p:&a5 "kI^.ic/kA)[#(]= 3+:5.i>+y͎wl d QloC^I>z{G5̎=fP33l+gtCl/e^X`$Tw \}>@)?CIVOmKwjm4Ď(K߮Q`'ʼvGF!$h) *'!1On)$:;3ݵv8T T<ӵ c%ޝF0H?ywRۏs7ű|2.³-(hdO/^NSlU2.wĵkN*]rp;4)^2ؕpFo\FPSx@NML]Q})!` ҾE\!,cf)db Þ޻a]Srk5UJ; n"teet{`Xl|Ő!`)ehݗX=y(Svmk-D"xi˫j&/)sԳO0V$c); endstream endobj 5649 0 obj << /Type /Page /Contents 5650 0 R /Resources 5648 0 R /MediaBox [0 0 593.051 789.041] /Parent 5534 0 R /Annots [ 5646 0 R 5647 0 R ] >> endobj 5646 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [257.821 231.053 304.672 241.636] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 5647 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [264.008 147.973 315.844 158.448] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 5651 0 obj << /D [5649 0 R /XYZ -1.269 814.22 null] >> endobj 726 0 obj << /D [5649 0 R /XYZ 260.688 708.149 null] >> endobj 5652 0 obj << /D [5649 0 R /XYZ 71.731 704.957 null] >> endobj 5653 0 obj << /D [5649 0 R /XYZ 166.376 651.449 null] >> endobj 1219 0 obj << /D [5649 0 R /XYZ 71.731 591.633 null] >> endobj 730 0 obj << /D [5649 0 R /XYZ 438.76 553.248 null] >> endobj 5654 0 obj << /D [5649 0 R /XYZ 71.731 529.492 null] >> endobj 5655 0 obj << /D [5649 0 R /XYZ 71.731 529.492 null] >> endobj 5656 0 obj << /D [5649 0 R /XYZ 294.544 520.371 null] >> endobj 5657 0 obj << /D [5649 0 R /XYZ 71.731 495.3 null] >> endobj 5658 0 obj << /D [5649 0 R /XYZ 71.731 495.3 null] >> endobj 5659 0 obj << /D [5649 0 R /XYZ 143.761 485.8 null] >> endobj 5660 0 obj << /D [5649 0 R /XYZ 71.731 484.707 null] >> endobj 5661 0 obj << /D [5649 0 R /XYZ 143.761 474.144 null] >> endobj 5662 0 obj << /D [5649 0 R /XYZ 71.731 452.201 null] >> endobj 5663 0 obj << /D [5649 0 R /XYZ 461.078 441.267 null] >> endobj 5664 0 obj << /D [5649 0 R /XYZ 292.751 428.316 null] >> endobj 5665 0 obj << /D [5649 0 R /XYZ 407.589 428.316 null] >> endobj 5666 0 obj << /D [5649 0 R /XYZ 464.854 428.316 null] >> endobj 5667 0 obj << /D [5649 0 R /XYZ 151.651 415.365 null] >> endobj 5668 0 obj << /D [5649 0 R /XYZ 235.387 415.365 null] >> endobj 5669 0 obj << /D [5649 0 R /XYZ 71.731 413.327 null] >> endobj 5670 0 obj << /D [5649 0 R /XYZ 71.731 398.383 null] >> endobj 5671 0 obj << /D [5649 0 R /XYZ 383.216 388.764 null] >> endobj 5672 0 obj << /D [5649 0 R /XYZ 76.712 348.814 null] >> endobj 5673 0 obj << /D [5649 0 R /XYZ 71.731 328.889 null] >> endobj 5674 0 obj << /D [5649 0 R /XYZ 76.712 277.282 null] >> endobj 5675 0 obj << /D [5649 0 R /XYZ 71.731 257.357 null] >> endobj 5676 0 obj << /D [5649 0 R /XYZ 290.074 199.076 null] >> endobj 5677 0 obj << /D [5649 0 R /XYZ 345.387 199.076 null] >> endobj 5678 0 obj << /D [5649 0 R /XYZ 76.712 182.438 null] >> endobj 5679 0 obj << /D [5649 0 R /XYZ 71.731 162.513 null] >> endobj 5680 0 obj << /D [5649 0 R /XYZ 213.681 127.544 null] >> endobj 5681 0 obj << /D [5649 0 R /XYZ 76.712 109.611 null] >> endobj 5648 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F31 938 0 R /F50 1352 0 R /F51 1354 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5684 0 obj << /Length 1414 /Filter /FlateDecode >> stream xXˎ6WhQ6|eN-Z4]=R#KHe:^KT}}TݵA} ]Ͳd%p tTi )PuP!cpWjd9l1%2g픋V5o/k sOu?p 2pUؽ&a! 0HL'IU>FiM ,nS-^tlcO~^q]\"݇%yR0w,ʦ>¢Q"CkC0/^y]
Lg%oB RP;xl FRmJ 1P[)ޣ/kC͂%`wf#MjW Q!u^hNeKK7Djwl:}g7Ÿ~63/4~HI/uyK9gsO0/,e{q)pe}Ni#uI,yUE,Z pfŠ yJ`J鮓B~;4Yw9g|vz=$:&~e>覇k> endobj 5685 0 obj << /D [5683 0 R /XYZ -1.269 814.22 null] >> endobj 734 0 obj << /D [5683 0 R /XYZ 281.389 707.841 null] >> endobj 5686 0 obj << /D [5683 0 R /XYZ 71.731 704.649 null] >> endobj 738 0 obj << /D [5683 0 R /XYZ 243.788 673.37 null] >> endobj 5687 0 obj << /D [5683 0 R /XYZ 71.731 653.295 null] >> endobj 5688 0 obj << /D [5683 0 R /XYZ 161.883 640.493 null] >> endobj 5689 0 obj << /D [5683 0 R /XYZ 345.333 640.493 null] >> endobj 5690 0 obj << /D [5683 0 R /XYZ 119.552 627.542 null] >> endobj 5691 0 obj << /D [5683 0 R /XYZ 275.516 627.542 null] >> endobj 5692 0 obj << /D [5683 0 R /XYZ 472.317 627.542 null] >> endobj 5693 0 obj << /D [5683 0 R /XYZ 71.731 592.508 null] >> endobj 5694 0 obj << /D [5683 0 R /XYZ 232.457 581.714 null] >> endobj 5695 0 obj << /D [5683 0 R /XYZ 161.075 568.762 null] >> endobj 5696 0 obj << /D [5683 0 R /XYZ 71.731 546.68 null] >> endobj 5697 0 obj << /D [5683 0 R /XYZ 155.796 522.934 null] >> endobj 5698 0 obj << /D [5683 0 R /XYZ 71.731 506.581 null] >> endobj 742 0 obj << /D [5683 0 R /XYZ 234.499 473.27 null] >> endobj 5699 0 obj << /D [5683 0 R /XYZ 71.731 450.685 null] >> endobj 5700 0 obj << /D [5683 0 R /XYZ 71.731 415.323 null] >> endobj 5701 0 obj << /D [5683 0 R /XYZ 71.731 415.323 null] >> endobj 5702 0 obj << /D [5683 0 R /XYZ 148.603 405.823 null] >> endobj 5703 0 obj << /D [5683 0 R /XYZ 250.281 405.823 null] >> endobj 5704 0 obj << /D [5683 0 R /XYZ 71.731 384.805 null] >> endobj 5705 0 obj << /D [5683 0 R /XYZ 71.731 350.865 null] >> endobj 5706 0 obj << /D [5683 0 R /XYZ 232.457 340.07 null] >> endobj 5707 0 obj << /D [5683 0 R /XYZ 161.075 327.119 null] >> endobj 5708 0 obj << /D [5683 0 R /XYZ 71.731 313.754 null] >> endobj 746 0 obj << /D [5683 0 R /XYZ 355.257 276.538 null] >> endobj 5709 0 obj << /D [5683 0 R /XYZ 71.731 253.421 null] >> endobj 5710 0 obj << /D [5683 0 R /XYZ 156.084 243.661 null] >> endobj 5711 0 obj << /D [5683 0 R /XYZ 448.645 243.661 null] >> endobj 5712 0 obj << /D [5683 0 R /XYZ 256.228 230.71 null] >> endobj 5713 0 obj << /D [5683 0 R /XYZ 433.253 230.71 null] >> endobj 5714 0 obj << /D [5683 0 R /XYZ 187.337 217.759 null] >> endobj 5715 0 obj << /D [5683 0 R /XYZ 71.731 214.356 null] >> endobj 750 0 obj << /D [5683 0 R /XYZ 349.704 177.141 null] >> endobj 5716 0 obj << /D [5683 0 R /XYZ 71.731 173.949 null] >> endobj 5717 0 obj << /D [5683 0 R /XYZ 71.731 159.005 null] >> endobj 5682 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F51 1354 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5720 0 obj << /Length 1482 /Filter /FlateDecode >> stream xX[o6~ϯlfx%u-: eCZc-hHRPdKf XLC&ћ2471i%T躈/~ʽQrE^WSqsݳYdv(7ִˏ?_`t+18uJ_M%7]mötb*l _.s]t͒ w* tQ7]qQ6*79]intEnoF5*TM(ԋ/|Xd",,%hhpƢ(Օlv ;C_5*v[V/;p$p[MDdF^S+w[Y(l,%Iz_AED8b<@iB@!&[ P[7t+oL@n (Dƒŭ/aؙqT'τ~Ò R,Z1VAQiPnԮ \W]X$NL '%V%[cAϋw.9@2 <~$3ŗ]ۄ1dm?ȺM1l[yR8g)D?PZ2f"yE!ǼB\!;vBIޕU5MK"x^uc@̥^ALȎ3۲nȦ)q&cfmSvHmrCM+.xO]sנZp/B0Z6#gSyI G-R77L RY<R-bLӉX*PYh)"vR o/a> 졆KJ<\I!0Up}W]U6'^ɢ(m!`P?}0ᩛg] n⣨/%ZDެn(rMQkPcN\'UtzEI{0aIIުjBđmAMwa6 -Ҡ|_Pk%2+KiG`v$?g89-U:?:wQ>1ǂ5x;n:w6QrI'wK!g7JIfoOH }왥lָF>;8 I)QݔNɦ/a endstream endobj 5719 0 obj << /Type /Page /Contents 5720 0 R /Resources 5718 0 R /MediaBox [0 0 593.051 789.041] /Parent 5759 0 R >> endobj 5721 0 obj << /D [5719 0 R /XYZ -1.269 814.22 null] >> endobj 5722 0 obj << /D [5719 0 R /XYZ 71.731 718.306 null] >> endobj 5723 0 obj << /D [5719 0 R /XYZ 156.084 708.344 null] >> endobj 5724 0 obj << /D [5719 0 R /XYZ 448.645 708.344 null] >> endobj 5725 0 obj << /D [5719 0 R /XYZ 326.245 695.392 null] >> endobj 5726 0 obj << /D [5719 0 R /XYZ 71.731 691.99 null] >> endobj 754 0 obj << /D [5719 0 R /XYZ 394.178 654.775 null] >> endobj 5727 0 obj << /D [5719 0 R /XYZ 71.731 631.657 null] >> endobj 5728 0 obj << /D [5719 0 R /XYZ 156.084 621.898 null] >> endobj 5729 0 obj << /D [5719 0 R /XYZ 461.038 621.898 null] >> endobj 5730 0 obj << /D [5719 0 R /XYZ 204.064 608.946 null] >> endobj 5731 0 obj << /D [5719 0 R /XYZ 426.319 608.946 null] >> endobj 5732 0 obj << /D [5719 0 R /XYZ 493.178 608.946 null] >> endobj 5733 0 obj << /D [5719 0 R /XYZ 194.809 595.995 null] >> endobj 5734 0 obj << /D [5719 0 R /XYZ 71.731 561.335 null] >> endobj 5735 0 obj << /D [5719 0 R /XYZ 272.825 550.167 null] >> endobj 5736 0 obj << /D [5719 0 R /XYZ 119.552 537.215 null] >> endobj 5737 0 obj << /D [5719 0 R /XYZ 239.421 537.215 null] >> endobj 5738 0 obj << /D [5719 0 R /XYZ 71.731 522.107 null] >> endobj 5739 0 obj << /D [5719 0 R /XYZ 71.731 507.163 null] >> endobj 5740 0 obj << /D [5719 0 R /XYZ 290.164 486.007 null] >> endobj 5741 0 obj << /D [5719 0 R /XYZ 405.873 486.007 null] >> endobj 5742 0 obj << /D [5719 0 R /XYZ 71.731 458.112 null] >> endobj 758 0 obj << /D [5719 0 R /XYZ 349.69 418.74 null] >> endobj 5743 0 obj << /D [5719 0 R /XYZ 71.731 395.623 null] >> endobj 5744 0 obj << /D [5719 0 R /XYZ 156.084 385.863 null] >> endobj 5745 0 obj << /D [5719 0 R /XYZ 355.674 385.863 null] >> endobj 5746 0 obj << /D [5719 0 R /XYZ 119.552 372.912 null] >> endobj 5747 0 obj << /D [5719 0 R /XYZ 341.806 372.912 null] >> endobj 5748 0 obj << /D [5719 0 R /XYZ 405.905 372.912 null] >> endobj 5749 0 obj << /D [5719 0 R /XYZ 179.038 359.96 null] >> endobj 5750 0 obj << /D [5719 0 R /XYZ 71.731 324.927 null] >> endobj 5751 0 obj << /D [5719 0 R /XYZ 491.442 314.132 null] >> endobj 5752 0 obj << /D [5719 0 R /XYZ 160.219 301.181 null] >> endobj 5753 0 obj << /D [5719 0 R /XYZ 236.213 301.181 null] >> endobj 5754 0 obj << /D [5719 0 R /XYZ 316.183 301.181 null] >> endobj 5755 0 obj << /D [5719 0 R /XYZ 413.427 301.181 null] >> endobj 5756 0 obj << /D [5719 0 R /XYZ 71.731 279.233 null] >> endobj 5757 0 obj << /D [5719 0 R /XYZ 272.267 268.304 null] >> endobj 5758 0 obj << /D [5719 0 R /XYZ 205.608 255.352 null] >> endobj 5718 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5762 0 obj << /Length 1728 /Filter /FlateDecode >> stream xڭXI6W#R{4i -2d}ŲXDgj.>< ً$YI,ֻEQEFDb]|GU@|127Yyj:U{k'g$EPldv'OIW8\V~ GHIw ^AylN%ڲRٲyK-Pj( # !ty4Pb8kfΡ"U4PS'(Fka[FEG*IteW`BP{H4\-JcOГnM%(Rn̩%kP9 4."6c6*X#8JB58>ִdG+eO M'+ߕTWl4v~h4$]*eb;>z2\ϵ8(]6l)mchV!?y0nx[s1Oĕ&jOW@R 7 v!SK/b֡oJ:\io[MpŔej2,Ali qt3Dͦ,Lf͸֑5Ul#*Y`R7$n z LiHaGx endstream endobj 5761 0 obj << /Type /Page /Contents 5762 0 R /Resources 5760 0 R /MediaBox [0 0 593.051 789.041] /Parent 5759 0 R >> endobj 5763 0 obj << /D [5761 0 R /XYZ -1.269 814.22 null] >> endobj 1290 0 obj << /D [5761 0 R /XYZ 71.731 718.306 null] >> endobj 762 0 obj << /D [5761 0 R /XYZ 346.114 703.236 null] >> endobj 1291 0 obj << /D [5761 0 R /XYZ 71.731 692.184 null] >> endobj 766 0 obj << /D [5761 0 R /XYZ 166.466 651.526 null] >> endobj 5764 0 obj << /D [5761 0 R /XYZ 71.731 627.77 null] >> endobj 5765 0 obj << /D [5761 0 R /XYZ 71.731 598.624 null] >> endobj 5766 0 obj << /D [5761 0 R /XYZ 71.731 598.624 null] >> endobj 5767 0 obj << /D [5761 0 R /XYZ 71.731 597.379 null] >> endobj 5768 0 obj << /D [5761 0 R /XYZ 129.514 578.3 null] >> endobj 5769 0 obj << /D [5761 0 R /XYZ 129.514 578.3 null] >> endobj 5770 0 obj << /D [5761 0 R /XYZ 455.937 578.3 null] >> endobj 5771 0 obj << /D [5761 0 R /XYZ 451.912 565.349 null] >> endobj 5772 0 obj << /D [5761 0 R /XYZ 71.731 563.192 null] >> endobj 5773 0 obj << /D [5761 0 R /XYZ 129.514 547.416 null] >> endobj 5774 0 obj << /D [5761 0 R /XYZ 129.514 547.416 null] >> endobj 5775 0 obj << /D [5761 0 R /XYZ 384.785 547.416 null] >> endobj 5776 0 obj << /D [5761 0 R /XYZ 440.146 547.416 null] >> endobj 5777 0 obj << /D [5761 0 R /XYZ 71.731 532.308 null] >> endobj 5778 0 obj << /D [5761 0 R /XYZ 71.731 517.364 null] >> endobj 5779 0 obj << /D [5761 0 R /XYZ 174.841 507.865 null] >> endobj 5780 0 obj << /D [5761 0 R /XYZ 124.533 455.362 null] >> endobj 5781 0 obj << /D [5761 0 R /XYZ 129.514 437.429 null] >> endobj 5782 0 obj << /D [5761 0 R /XYZ 129.514 437.429 null] >> endobj 5783 0 obj << /D [5761 0 R /XYZ 393.921 437.429 null] >> endobj 5784 0 obj << /D [5761 0 R /XYZ 129.514 424.477 null] >> endobj 5785 0 obj << /D [5761 0 R /XYZ 328.496 424.477 null] >> endobj 5786 0 obj << /D [5761 0 R /XYZ 71.731 422.321 null] >> endobj 5787 0 obj << /D [5761 0 R /XYZ 129.514 406.545 null] >> endobj 5788 0 obj << /D [5761 0 R /XYZ 129.514 406.545 null] >> endobj 5789 0 obj << /D [5761 0 R /XYZ 383.997 406.545 null] >> endobj 5790 0 obj << /D [5761 0 R /XYZ 71.731 391.436 null] >> endobj 5791 0 obj << /D [5761 0 R /XYZ 129.514 375.66 null] >> endobj 5792 0 obj << /D [5761 0 R /XYZ 305.632 375.66 null] >> endobj 5793 0 obj << /D [5761 0 R /XYZ 76.712 357.728 null] >> endobj 770 0 obj << /D [5761 0 R /XYZ 436.77 318.355 null] >> endobj 5794 0 obj << /D [5761 0 R /XYZ 71.731 295.46 null] >> endobj 5795 0 obj << /D [5761 0 R /XYZ 71.731 213.648 null] >> endobj 5796 0 obj << /D [5761 0 R /XYZ 71.731 178.714 null] >> endobj 5797 0 obj << /D [5761 0 R /XYZ 232.178 167.919 null] >> endobj 5760 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F33 939 0 R /F38 1036 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5800 0 obj << /Length 1690 /Filter /FlateDecode >> stream xڭXM66`i%Y&mzh5CSDLdI!l_ߡȡ$JR_Ùyo ,N`f4J"~nMgI?I#)_yQ,׋?hr&'*ةZ.0t80EYo-h^WZ֭^ҋzu9]Tkxݓ8%YmBEJ}Wc&/ +YuҗOLJ(B eFsyPROiYү mDO79gD̅ϢLf ; '&ro4plV͇ N-'}V՝+d(Y~/_7t뀙z/ڦ%pGaw:$@Tζ}%ɐ.;~ /, *HEjqOMUlzӷ$7mNH̫$d&C:ï?uhާr$FәVUr*"Vvs X8ğV3DzS!|4EVУ \F*3IY5+eQ'ZQ+{aJǴO g*TtA>`ah0`j?X*R尊~-bXvd1h*S.7,߇VolB!$ +f$Lй~#|k OojW߭d-M+Mw3&PVoq3 C9I^trEà'E;qb3:^YO t0vrg C_j tCs_U'rVIp CRRQ*99cRUrx2ᡗov|~y-3^{6=axʶ`jg{r!.|y^ea kk[Dљ(Mzmً߅11}D!gz=<I(G,iP}I4au\1q{=kHna7jf~PϿx`@'xwÎ-͝-=x[`Qu^ Tŭs)R' :LHNqo6;b{ Wb7Kw*]8Uc'a΀B0tp Ɋ&#&<C6O0K LP77/Fyz۽WkaGK~ͯWt endstream endobj 5799 0 obj << /Type /Page /Contents 5800 0 R /Resources 5798 0 R /MediaBox [0 0 593.051 789.041] /Parent 5759 0 R >> endobj 5801 0 obj << /D [5799 0 R /XYZ -1.269 814.22 null] >> endobj 5802 0 obj << /D [5799 0 R /XYZ 71.731 718.306 null] >> endobj 5803 0 obj << /D [5799 0 R /XYZ 119.552 695.392 null] >> endobj 1292 0 obj << /D [5799 0 R /XYZ 71.731 669.076 null] >> endobj 774 0 obj << /D [5799 0 R /XYZ 402.16 625.979 null] >> endobj 5804 0 obj << /D [5799 0 R /XYZ 71.731 602.223 null] >> endobj 5805 0 obj << /D [5799 0 R /XYZ 134.217 567.199 null] >> endobj 5806 0 obj << /D [5799 0 R /XYZ 71.731 532.165 null] >> endobj 5807 0 obj << /D [5799 0 R /XYZ 71.731 499.289 null] >> endobj 5808 0 obj << /D [5799 0 R /XYZ 71.731 499.289 null] >> endobj 5809 0 obj << /D [5799 0 R /XYZ 229.1 488.494 null] >> endobj 5810 0 obj << /D [5799 0 R /XYZ 71.731 466.546 null] >> endobj 5811 0 obj << /D [5799 0 R /XYZ 71.731 433.535 null] >> endobj 5812 0 obj << /D [5799 0 R /XYZ 207.83 422.741 null] >> endobj 5813 0 obj << /D [5799 0 R /XYZ 71.731 387.707 null] >> endobj 5814 0 obj << /D [5799 0 R /XYZ 207.511 338.058 null] >> endobj 5815 0 obj << /D [5799 0 R /XYZ 71.731 290.073 null] >> endobj 5816 0 obj << /D [5799 0 R /XYZ 201.025 266.327 null] >> endobj 5817 0 obj << /D [5799 0 R /XYZ 71.731 244.245 null] >> endobj 5818 0 obj << /D [5799 0 R /XYZ 208.697 233.451 null] >> endobj 5819 0 obj << /D [5799 0 R /XYZ 260.891 233.451 null] >> endobj 5820 0 obj << /D [5799 0 R /XYZ 71.731 174.571 null] >> endobj 5821 0 obj << /D [5799 0 R /XYZ 71.731 128.743 null] >> endobj 5822 0 obj << /D [5799 0 R /XYZ 71.731 128.743 null] >> endobj 5823 0 obj << /D [5799 0 R /XYZ 204.562 115.891 null] >> endobj 5798 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5826 0 obj << /Length 1792 /Filter /FlateDecode >> stream xڝXK6 -ZӲ{j6ÙNh2R6 dV>K?>lߥipdA~WE< UmMڎ&ɣUv-{ɺT _u!B`:$}9,0fZxfMcWʮşQ4T߾ˣ`Vw/"㌱mKzۉ"ך07NvN^4`*xYj;]0w4 W25ϋ(s^q`?ʆZa5e`70%5;4 LAZIIÖ:HƵAQSHCߒRox" -+sr xy5 UHmK>.{D9QPsНDNBSV^-"2dE_һĉ$O"L*y`6ˡ %4ty#)TxȢ3 fD03bp] ? t(7[Eg틛1q֙KRNzxw c>VEKBn&5h5r|F7 S?Ϛ_趛Z;5ijȞkTe8KV x%ϣtsT߶Be-h$׈(J> endobj 5827 0 obj << /D [5825 0 R /XYZ -1.269 814.22 null] >> endobj 5828 0 obj << /D [5825 0 R /XYZ 71.731 718.306 null] >> endobj 5829 0 obj << /D [5825 0 R /XYZ 207.272 708.344 null] >> endobj 5830 0 obj << /D [5825 0 R /XYZ 405.677 708.344 null] >> endobj 5831 0 obj << /D [5825 0 R /XYZ 344.277 682.441 null] >> endobj 5832 0 obj << /D [5825 0 R /XYZ 71.731 667.333 null] >> endobj 5833 0 obj << /D [5825 0 R /XYZ 71.731 652.389 null] >> endobj 5834 0 obj << /D [5825 0 R /XYZ 76.712 591.283 null] >> endobj 5835 0 obj << /D [5825 0 R /XYZ 166.376 535.806 null] >> endobj 1293 0 obj << /D [5825 0 R /XYZ 71.731 494.596 null] >> endobj 778 0 obj << /D [5825 0 R /XYZ 328.496 456.21 null] >> endobj 5836 0 obj << /D [5825 0 R /XYZ 71.731 432.455 null] >> endobj 5837 0 obj << /D [5825 0 R /XYZ 161.883 423.334 null] >> endobj 5838 0 obj << /D [5825 0 R /XYZ 71.731 362.397 null] >> endobj 5839 0 obj << /D [5825 0 R /XYZ 71.731 316.569 null] >> endobj 1294 0 obj << /D [5825 0 R /XYZ 71.731 276.47 null] >> endobj 782 0 obj << /D [5825 0 R /XYZ 202.05 233.372 null] >> endobj 5840 0 obj << /D [5825 0 R /XYZ 71.731 213.232 null] >> endobj 5841 0 obj << /D [5825 0 R /XYZ 71.731 152.51 null] >> endobj 5824 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R /F25 932 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5844 0 obj << /Length 1923 /Filter /FlateDecode >> stream xڍYKQሔ(Q%x+9.g|*  k}A"k~s7_>ˏ]Niz:7CUeym6~nɠ=~{7dFKy$쐗p}d/:wa!5gʽIq+Z_ވ~gC4+(oRD3ѻEӫ?<09/ :GQu[*[rk~EEQp/h#uMQh$- ɝ1! SP07}0EǛL.`1R>Jt^x'>+J8w"M 3GIEW!8Li/?&?gE^G!T*mSI:Kh|vz}e(~ߝ-3 guGN ?s)cX, ]Rp HW`FStSX..Z2HԎ~~Iҭk8׺EF @'+J% DW{ 9@\V tZdf{⎕/8Hvͻ EJLZ)~dcUOXBwӧU9 {%w+Vx)z]@ X (=$dlZmY4#!qyUx7㐆z`i\ЈLj @ޮ_ tW:l 2 V3r`(Z̪㚡֪7\zmbSuz,yha1#WL:@X\_ a\иR顉fHK~H.,e,&E?wgdmjD9FdteeEf LI#0D$[+KPW }Qn S SZ 1ݐB,m>o r1mf+oDؚZۂZs! vX!R(J:%=%]*(GnS7pȊ)+ 0*Я/4ʎy_:>Nr8{Ğo話 cuCR jwBGyvx]1(ʬ@%&t &t> 3n# Vى=[F9+9<*:^<)MOeGzL'|r5"k@ҏV*yi(YeN;Ԣ`7.r&țO ЃG@-Wksp6 C>3lS|LK9XrS]kb<"e,[Z/Nq8IF1 L} {@ YTH$IM9Ģ߰/B))>/p0ql.0knCU\ʱV$;z/Cgt8tJjr: A›)-!h pƆ)[ꝲ5AwI Mk pkl wn5-Ȁ1j@PSnbЛ 3bحNfzd\MAyg Pqε1ӽݸ!q'F<˅vחm^L4ٯ^^U8Rk5>7sYQ+@X (z0XYrw=j C&+hRI'ШQȚ.lAJX᜝ς.) 2+\,er39<ރbx,|Xpu]Eaܫ"nHp <0DI"a7H=W"Gd HAրMc_|Y?:eUq> endobj 5845 0 obj << /D [5843 0 R /XYZ -1.269 814.22 null] >> endobj 5846 0 obj << /D [5843 0 R /XYZ 71.731 718.306 null] >> endobj 1295 0 obj << /D [5843 0 R /XYZ 71.731 666.087 null] >> endobj 786 0 obj << /D [5843 0 R /XYZ 178.913 622.99 null] >> endobj 5847 0 obj << /D [5843 0 R /XYZ 71.731 602.849 null] >> endobj 5848 0 obj << /D [5843 0 R /XYZ 236.193 577.162 null] >> endobj 5849 0 obj << /D [5843 0 R /XYZ 471.1 577.162 null] >> endobj 5850 0 obj << /D [5843 0 R /XYZ 71.731 529.177 null] >> endobj 5851 0 obj << /D [5843 0 R /XYZ 71.731 483.349 null] >> endobj 5852 0 obj << /D [5843 0 R /XYZ 71.731 424.943 null] >> endobj 5853 0 obj << /D [5843 0 R /XYZ 436.071 387.871 null] >> endobj 5854 0 obj << /D [5843 0 R /XYZ 71.731 365.789 null] >> endobj 5855 0 obj << /D [5843 0 R /XYZ 345.433 354.995 null] >> endobj 5856 0 obj << /D [5843 0 R /XYZ 71.731 307.01 null] >> endobj 5857 0 obj << /D [5843 0 R /XYZ 475.852 296.215 null] >> endobj 5858 0 obj << /D [5843 0 R /XYZ 71.731 248.23 null] >> endobj 5859 0 obj << /D [5843 0 R /XYZ 71.731 178.556 null] >> endobj 5860 0 obj << /D [5843 0 R /XYZ 357.228 139.802 null] >> endobj 5842 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5863 0 obj << /Length 316 /Filter /FlateDecode >> stream x]Rn ,1) }MŤi5]tpئ_ՉF}s)E Y MZы%V8!ǝPx};!PXSN- ( u O񪦓O"~(f\ 9\g-aƔVSv.fm+ zy%FMLvjx&8=p(Os' nw endstream endobj 5862 0 obj << /Type /Page /Contents 5863 0 R /Resources 5861 0 R /MediaBox [0 0 593.051 789.041] /Parent 5759 0 R >> endobj 5864 0 obj << /D [5862 0 R /XYZ -1.269 814.22 null] >> endobj 5865 0 obj << /D [5862 0 R /XYZ 71.731 718.306 null] >> endobj 5861 0 obj << /Font << /F33 939 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5869 0 obj << /Length 1325 /Filter /FlateDecode >> stream xڽWn6}Wmm %@SISl4q"%&"*EoERht{y %9sfpqє`4 MnMIfú\aEZ>LxgϔWf&1Dv}|q_Hh^ԫہc P a%/YxVԄ 6M@,x؊d@p 4#HX3]_XJoRϘR[YGjHykX̽D< ꈚ~o2>ħho8quu/v%P1}"TK2X#wEm@1$- TYv3 U("sjuXi,xMרPZrl]iqŊF.>Y/GK%UcK'_fZK%amdI+y,r˻߀RwswC9c )P9m@pUjvLahBN}*^W%G.gn(!Zۤzf&&FAv9aުVo/ױZPUj] RRfbzc ˵+jF(AR`~%\VS=׭M@#u:xSr!-\lR+oMCJ|jVzP>6Ǻ`^@"aO@uVkdJĬPQ KbC_Mk{/!{y> endobj 5866 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [138.481 496.361 187.516 506.891] /A << /S /GoTo /D (0:PATHS) >> >> endobj 5870 0 obj << /D [5868 0 R /XYZ -1.269 814.22 null] >> endobj 1296 0 obj << /D [5868 0 R /XYZ 71.731 718.306 null] >> endobj 790 0 obj << /D [5868 0 R /XYZ 127.983 676.38 null] >> endobj 1297 0 obj << /D [5868 0 R /XYZ 71.731 665.648 null] >> endobj 794 0 obj << /D [5868 0 R /XYZ 172.199 624.67 null] >> endobj 5871 0 obj << /D [5868 0 R /XYZ 71.731 624.455 null] >> endobj 5872 0 obj << /D [5868 0 R /XYZ 71.731 609.511 null] >> endobj 5873 0 obj << /D [5868 0 R /XYZ 71.731 594.617 null] >> endobj 5874 0 obj << /D [5868 0 R /XYZ 139.477 578.841 null] >> endobj 5875 0 obj << /D [5868 0 R /XYZ 71.731 541.536 null] >> endobj 5876 0 obj << /D [5868 0 R /XYZ 71.731 527.868 null] >> endobj 5877 0 obj << /D [5868 0 R /XYZ 139.477 512.092 null] >> endobj 5878 0 obj << /D [5868 0 R /XYZ 296.716 512.092 null] >> endobj 5879 0 obj << /D [5868 0 R /XYZ 71.731 487.394 null] >> endobj 5880 0 obj << /D [5868 0 R /XYZ 71.731 474.069 null] >> endobj 5881 0 obj << /D [5868 0 R /XYZ 139.477 458.294 null] >> endobj 5882 0 obj << /D [5868 0 R /XYZ 379.973 458.294 null] >> endobj 5883 0 obj << /D [5868 0 R /XYZ 71.731 446.174 null] >> endobj 5884 0 obj << /D [5868 0 R /XYZ 71.731 435.28 null] >> endobj 5885 0 obj << /D [5868 0 R /XYZ 139.477 417.447 null] >> endobj 5886 0 obj << /D [5868 0 R /XYZ 166.197 404.495 null] >> endobj 5887 0 obj << /D [5868 0 R /XYZ 460.5 404.495 null] >> endobj 5888 0 obj << /D [5868 0 R /XYZ 71.731 392.376 null] >> endobj 5889 0 obj << /D [5868 0 R /XYZ 71.731 379.424 null] >> endobj 5890 0 obj << /D [5868 0 R /XYZ 139.477 363.648 null] >> endobj 5891 0 obj << /D [5868 0 R /XYZ 71.731 338.578 null] >> endobj 5892 0 obj << /D [5868 0 R /XYZ 71.731 327.683 null] >> endobj 5893 0 obj << /D [5868 0 R /XYZ 139.477 309.85 null] >> endobj 5894 0 obj << /D [5868 0 R /XYZ 381.597 296.899 null] >> endobj 5895 0 obj << /D [5868 0 R /XYZ 431.967 296.899 null] >> endobj 5896 0 obj << /D [5868 0 R /XYZ 71.731 284.779 null] >> endobj 5897 0 obj << /D [5868 0 R /XYZ 71.731 273.885 null] >> endobj 5898 0 obj << /D [5868 0 R /XYZ 139.477 256.052 null] >> endobj 5899 0 obj << /D [5868 0 R /XYZ 71.731 218.03 null] >> endobj 5900 0 obj << /D [5868 0 R /XYZ 71.731 207.135 null] >> endobj 5901 0 obj << /D [5868 0 R /XYZ 139.477 189.302 null] >> endobj 5902 0 obj << /D [5868 0 R /XYZ 71.731 177.183 null] >> endobj 5903 0 obj << /D [5868 0 R /XYZ 71.731 165.208 null] >> endobj 5904 0 obj << /D [5868 0 R /XYZ 139.477 148.455 null] >> endobj 5905 0 obj << /D [5868 0 R /XYZ 71.731 48.817 null] >> endobj 5867 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5910 0 obj << /Length 1492 /Filter /FlateDecode >> stream xڭX[s8~ϯ`%f&`U OXǭ*tvǤ=PfW$:'Ұ7gXwwNS򄖘$FqS +)DVt%2K Rxy?ܝOwBBJ[c:{߷9̫bK5"tD$<˴FSx@'Gymj۱J-PCV{NLrJ{lУu6} \SC &Ut] XwyғoE\GkmKCx=|y^rIh%&;ޞDnWŲ,"qfT!T Sn"P1~]U* 9Ix*JʫX\꾯x}9rŏCh)IcdJ%)L|ih cyt, Q)W˾_ iLQ>~;N?Jed'nv"Aŷ9ђ.k\78$$پ\A뗔-Q:OwK7P9pvc߼Q?unXp9WӠ˥G7wg^؅qk|.6Hc\"CL?Gpt}z{ܨ,Okx" ..bT"&'?ޭ:g:A |Jjg"hB99M ulʛ%O O!HŷdgE e3VYy]y&uϢd_KY}T'+A(y~y%6RFd)5K4SWI Sa*'jMWvp& k悆dw3CLJ=̳z^^8?ŕ<%h"EodxIN{^F,:|_;>$g5gY8tϜ;su輪:ArtKtlBMizQj3M?ǟA'  Ezy$0l\ endstream endobj 5909 0 obj << /Type /Page /Contents 5910 0 R /Resources 5908 0 R /MediaBox [0 0 593.051 789.041] /Parent 5906 0 R /Annots [ 5907 0 R ] >> endobj 5907 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [407.988 420.259 459.793 431.163] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 5911 0 obj << /D [5909 0 R /XYZ -1.269 814.22 null] >> endobj 5912 0 obj << /D [5909 0 R /XYZ 71.731 718.306 null] >> endobj 5913 0 obj << /D [5909 0 R /XYZ 71.731 707.163 null] >> endobj 5914 0 obj << /D [5909 0 R /XYZ 139.477 690.411 null] >> endobj 5915 0 obj << /D [5909 0 R /XYZ 153.036 690.411 null] >> endobj 5916 0 obj << /D [5909 0 R /XYZ 71.731 667.397 null] >> endobj 5917 0 obj << /D [5909 0 R /XYZ 139.477 649.564 null] >> endobj 5918 0 obj << /D [5909 0 R /XYZ 71.731 598.59 null] >> endobj 5919 0 obj << /D [5909 0 R /XYZ 71.731 587.696 null] >> endobj 5920 0 obj << /D [5909 0 R /XYZ 139.477 569.863 null] >> endobj 5921 0 obj << /D [5909 0 R /XYZ 306.479 569.863 null] >> endobj 5922 0 obj << /D [5909 0 R /XYZ 360.735 569.863 null] >> endobj 5923 0 obj << /D [5909 0 R /XYZ 453.756 569.863 null] >> endobj 5924 0 obj << /D [5909 0 R /XYZ 71.731 544.792 null] >> endobj 5925 0 obj << /D [5909 0 R /XYZ 71.731 532.817 null] >> endobj 5926 0 obj << /D [5909 0 R /XYZ 139.477 516.065 null] >> endobj 5927 0 obj << /D [5909 0 R /XYZ 139.477 477.21 null] >> endobj 5928 0 obj << /D [5909 0 R /XYZ 71.731 465.091 null] >> endobj 5929 0 obj << /D [5909 0 R /XYZ 71.731 452.857 null] >> endobj 5930 0 obj << /D [5909 0 R /XYZ 139.477 436.364 null] >> endobj 5931 0 obj << /D [5909 0 R /XYZ 71.731 398.341 null] >> endobj 5932 0 obj << /D [5909 0 R /XYZ 71.731 387.447 null] >> endobj 5933 0 obj << /D [5909 0 R /XYZ 139.477 369.614 null] >> endobj 5934 0 obj << /D [5909 0 R /XYZ 71.731 344.543 null] >> endobj 5935 0 obj << /D [5909 0 R /XYZ 71.731 331.592 null] >> endobj 5936 0 obj << /D [5909 0 R /XYZ 139.477 315.816 null] >> endobj 5937 0 obj << /D [5909 0 R /XYZ 71.731 303.696 null] >> endobj 5938 0 obj << /D [5909 0 R /XYZ 71.731 290.745 null] >> endobj 5939 0 obj << /D [5909 0 R /XYZ 139.477 274.969 null] >> endobj 5940 0 obj << /D [5909 0 R /XYZ 71.731 249.898 null] >> endobj 5941 0 obj << /D [5909 0 R /XYZ 71.731 236.947 null] >> endobj 5942 0 obj << /D [5909 0 R /XYZ 139.477 221.171 null] >> endobj 5943 0 obj << /D [5909 0 R /XYZ 71.731 209.051 null] >> endobj 5944 0 obj << /D [5909 0 R /XYZ 71.731 196.1 null] >> endobj 5945 0 obj << /D [5909 0 R /XYZ 139.477 180.324 null] >> endobj 5946 0 obj << /D [5909 0 R /XYZ 392.386 180.324 null] >> endobj 5947 0 obj << /D [5909 0 R /XYZ 139.477 167.372 null] >> endobj 5948 0 obj << /D [5909 0 R /XYZ 71.731 155.253 null] >> endobj 5949 0 obj << /D [5909 0 R /XYZ 71.731 142.301 null] >> endobj 5950 0 obj << /D [5909 0 R /XYZ 139.477 126.526 null] >> endobj 5908 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5953 0 obj << /Length 1340 /Filter /FlateDecode >> stream xڽXn6}Ww^\Å>AaITIk}G␺lO̙s#tn.?llWj^l:MuU2a/kG?Tz/{.BeT/˘bg.L^ۆN̖~DFZ.iIv9]&ty~Jݷ%y`ΏByIYb,Bwq|G/N XP"Ѱ"ƷZ>R&zQW)y26 i1,= i*#{:G;;t9ׂNEW1||EsI Qy1aƊ j Et`%u-M"J̴1O :vDie94s#ax!pj_qW@U2b^T,0 KZxp>~ VJ!)Лh|Z5Nk:[,&hNID ֎y#uV-iNoT09'h8d R2l`b%J8Fv\ rJL٧UD }=0?1&8m}$بTF_$٬00e -8 ptϧ:IX< M!&nEgiv' A#@9+ w$L̉XxyJ,ʒjڶYҼD&7h4pQ`XT/r?4䙻{BCFb#ZjI:Lf:6AkӞw*wo0hSr:fr(.^֕i(1ת%8D;fp-;xnn@Ӵb2yMJYxc/Ҹ0?\Kc)Vlb 5C)ɍ)!ѸZ,`:|?5،X3z&YR6BH;4 /i g8{\*;*:,[#R]*VtÌVI ))  ZhP-ue%Q]Ȩgt00!Ax#פ:-Xxd ,LQ̒1Ff=뤊HYoŸ{h#GW0&#*1QЃOKQ/N2m O(-1F+;c[5vX>&(ʘJ3Nme|$)rxw٤)Gt~&Nv޾u tuhW@%AOwFs rz-lk/|0jl[C'4yxH>U endstream endobj 5952 0 obj << /Type /Page /Contents 5953 0 R /Resources 5951 0 R /MediaBox [0 0 593.051 789.041] /Parent 5906 0 R >> endobj 5954 0 obj << /D [5952 0 R /XYZ -1.269 814.22 null] >> endobj 5955 0 obj << /D [5952 0 R /XYZ 71.731 718.306 null] >> endobj 5956 0 obj << /D [5952 0 R /XYZ 71.731 706.187 null] >> endobj 5957 0 obj << /D [5952 0 R /XYZ 139.477 690.411 null] >> endobj 5958 0 obj << /D [5952 0 R /XYZ 71.731 642.426 null] >> endobj 5959 0 obj << /D [5952 0 R /XYZ 283.785 631.631 null] >> endobj 5960 0 obj << /D [5952 0 R /XYZ 71.731 594.521 null] >> endobj 5961 0 obj << /D [5952 0 R /XYZ 71.731 579.412 null] >> endobj 5962 0 obj << /D [5952 0 R /XYZ 139.477 563.636 null] >> endobj 5963 0 obj << /D [5952 0 R /XYZ 139.477 550.685 null] >> endobj 5964 0 obj << /D [5952 0 R /XYZ 71.731 538.565 null] >> endobj 5965 0 obj << /D [5952 0 R /XYZ 71.731 525.614 null] >> endobj 5966 0 obj << /D [5952 0 R /XYZ 139.477 509.838 null] >> endobj 5967 0 obj << /D [5952 0 R /XYZ 71.731 497.719 null] >> endobj 5968 0 obj << /D [5952 0 R /XYZ 71.731 486.824 null] >> endobj 5969 0 obj << /D [5952 0 R /XYZ 139.477 468.991 null] >> endobj 5970 0 obj << /D [5952 0 R /XYZ 71.731 458.929 null] >> endobj 5971 0 obj << /D [5952 0 R /XYZ 71.731 443.92 null] >> endobj 5972 0 obj << /D [5952 0 R /XYZ 139.477 428.144 null] >> endobj 5973 0 obj << /D [5952 0 R /XYZ 71.731 403.074 null] >> endobj 5974 0 obj << /D [5952 0 R /XYZ 71.731 390.122 null] >> endobj 5975 0 obj << /D [5952 0 R /XYZ 139.477 374.346 null] >> endobj 5976 0 obj << /D [5952 0 R /XYZ 71.731 323.372 null] >> endobj 5977 0 obj << /D [5952 0 R /XYZ 71.731 312.478 null] >> endobj 5978 0 obj << /D [5952 0 R /XYZ 139.477 294.645 null] >> endobj 5979 0 obj << /D [5952 0 R /XYZ 71.731 269.574 null] >> endobj 5980 0 obj << /D [5952 0 R /XYZ 71.731 256.623 null] >> endobj 5981 0 obj << /D [5952 0 R /XYZ 139.477 240.847 null] >> endobj 5982 0 obj << /D [5952 0 R /XYZ 71.731 228.727 null] >> endobj 5983 0 obj << /D [5952 0 R /XYZ 71.731 217.833 null] >> endobj 5984 0 obj << /D [5952 0 R /XYZ 139.477 200 null] >> endobj 5985 0 obj << /D [5952 0 R /XYZ 71.731 161.978 null] >> endobj 5986 0 obj << /D [5952 0 R /XYZ 71.731 149.026 null] >> endobj 5987 0 obj << /D [5952 0 R /XYZ 139.477 133.25 null] >> endobj 5951 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F11 2699 0 R >> /ProcSet [ /PDF /Text ] >> endobj 5990 0 obj << /Length 1221 /Filter /FlateDecode >> stream xWKo6WЃ DDY}!צH,2YtE/!z1EY~7áccݝ}YMn=Ϛyk։4<Hз}gt@yVɖ&1:Nb#=g&۝O7Y6"ߙ)TPm2bJRQf+scό FC489q` hy05Q(Wc^\݅K?[,&f;)۽p] r+Q\f N0"6,`XMK2(%_2/TypJBbuz@D9Wϯ;RVюUY746a.pP$Zql.2:NMxZO}aO3~Ȥp6ZHH`gIF1Oz%GB+cjGb W@:4 -; MFZqFA6˳c':Q?;8)4 3AYٕ<|m7\S]Vҁԛ0)|(Lxku/{$lVTQӨ%Y֤yKˎ], uMF6ѭܮP@ ےf_3:7 }L&PyU JNl:A@\'EA#3LԔM6A{_.eʹSf}/ endstream endobj 5989 0 obj << /Type /Page /Contents 5990 0 R /Resources 5988 0 R /MediaBox [0 0 593.051 789.041] /Parent 5906 0 R >> endobj 5991 0 obj << /D [5989 0 R /XYZ -1.269 814.22 null] >> endobj 5992 0 obj << /D [5989 0 R /XYZ 71.731 718.306 null] >> endobj 5993 0 obj << /D [5989 0 R /XYZ 71.731 706.187 null] >> endobj 5994 0 obj << /D [5989 0 R /XYZ 139.477 690.411 null] >> endobj 5995 0 obj << /D [5989 0 R /XYZ 71.731 665.34 null] >> endobj 5996 0 obj << /D [5989 0 R /XYZ 71.731 652.389 null] >> endobj 5997 0 obj << /D [5989 0 R /XYZ 139.477 636.613 null] >> endobj 1298 0 obj << /D [5989 0 R /XYZ 71.731 616.523 null] >> endobj 798 0 obj << /D [5989 0 R /XYZ 492.575 573.426 null] >> endobj 5998 0 obj << /D [5989 0 R /XYZ 71.731 549.937 null] >> endobj 5999 0 obj << /D [5989 0 R /XYZ 71.731 525.441 null] >> endobj 6000 0 obj << /D [5989 0 R /XYZ 71.731 510.497 null] >> endobj 6001 0 obj << /D [5989 0 R /XYZ 71.731 497.545 null] >> endobj 6002 0 obj << /D [5989 0 R /XYZ 139.477 481.769 null] >> endobj 6003 0 obj << /D [5989 0 R /XYZ 71.731 469.65 null] >> endobj 6004 0 obj << /D [5989 0 R /XYZ 71.731 458.756 null] >> endobj 6005 0 obj << /D [5989 0 R /XYZ 139.477 440.923 null] >> endobj 6006 0 obj << /D [5989 0 R /XYZ 71.731 428.803 null] >> endobj 6007 0 obj << /D [5989 0 R /XYZ 71.731 417.909 null] >> endobj 6008 0 obj << /D [5989 0 R /XYZ 139.477 400.076 null] >> endobj 6009 0 obj << /D [5989 0 R /XYZ 71.731 375.005 null] >> endobj 6010 0 obj << /D [5989 0 R /XYZ 71.731 364.111 null] >> endobj 6011 0 obj << /D [5989 0 R /XYZ 139.477 346.277 null] >> endobj 6012 0 obj << /D [5989 0 R /XYZ 71.731 323.264 null] >> endobj 6013 0 obj << /D [5989 0 R /XYZ 71.731 309.231 null] >> endobj 6014 0 obj << /D [5989 0 R /XYZ 139.477 292.479 null] >> endobj 6015 0 obj << /D [5989 0 R /XYZ 300.82 266.576 null] >> endobj 1299 0 obj << /D [5989 0 R /XYZ 71.731 259.438 null] >> endobj 802 0 obj << /D [5989 0 R /XYZ 110.964 193.961 null] >> endobj 6016 0 obj << /D [5989 0 R /XYZ 71.731 193.746 null] >> endobj 6017 0 obj << /D [5989 0 R /XYZ 71.731 178.802 null] >> endobj 6018 0 obj << /D [5989 0 R /XYZ 71.731 163.908 null] >> endobj 6019 0 obj << /D [5989 0 R /XYZ 139.477 148.132 null] >> endobj 6020 0 obj << /D [5989 0 R /XYZ 174.067 135.181 null] >> endobj 5988 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6023 0 obj << /Length 1722 /Filter /FlateDecode >> stream xڵXYo8~ϯ[e uQ^ M66 EYm"2_Ce95xM9fHs7/׎3 Qd8B<؞,* KƦq=-J9ꛗ4cθ["hgiڛOPEi^N-0Zif.r`2]@j5i=M-DY8da毭~# \;GZJٮ\[qʜk<0G!8޹Ң(">cSSގ4J2S~ILH~:Α.倮p.36bJ)FNHj!`̲C4Sq}m.7҃ ȑ $jVHHYURF.nm1$.MKvۈ(Qt43CګΛ]XL%,>Dhi=@[?nqh ]]g훛9Ԣi;C[YaaCQDcU cE԰RjA\Jo8(y.(e"v[7g5-Qc@f h"tFo w|j!<\OVZ]֠6c4'QsnJTo׭˱fOuevƭRTp(!צh-ͫUJc0qvD5z&O@ N!#~aŷ#qI0/G Uჰh#^hE,+'C 5!}R^`o ~MP dzТ6XEYS^ɍ4 7űt*FXX+8vnX(@?4q%#݁i|ǻ"JAgAQmتlYw5JJ ϵℑ]b V!vc,9tcҋ؜E\<ݜ| ⪺q{ B;m{O.JG&X`3l◃4}qRA}B$ x afu1 A7^Bӎ,'MKNLJ<K}qxS44N')  Uرoe=z$)oQi$KE\cTdj_>Bֹ͌ #-`}6J9}iWlqgF"eh!< Fڭg?VD=H}iN('c*#6MNõ@7D^{l19F[8c#]m,/&蕶 endstream endobj 6022 0 obj << /Type /Page /Contents 6023 0 R /Resources 6021 0 R /MediaBox [0 0 593.051 789.041] /Parent 5906 0 R >> endobj 6024 0 obj << /D [6022 0 R /XYZ -1.269 814.22 null] >> endobj 6025 0 obj << /D [6022 0 R /XYZ 71.731 718.306 null] >> endobj 6026 0 obj << /D [6022 0 R /XYZ 71.731 706.187 null] >> endobj 6027 0 obj << /D [6022 0 R /XYZ 139.477 690.411 null] >> endobj 6028 0 obj << /D [6022 0 R /XYZ 447.408 677.46 null] >> endobj 6029 0 obj << /D [6022 0 R /XYZ 71.731 652.389 null] >> endobj 6030 0 obj << /D [6022 0 R /XYZ 71.731 641.494 null] >> endobj 6031 0 obj << /D [6022 0 R /XYZ 139.477 623.661 null] >> endobj 6032 0 obj << /D [6022 0 R /XYZ 286.136 623.661 null] >> endobj 6033 0 obj << /D [6022 0 R /XYZ 139.477 610.71 null] >> endobj 6034 0 obj << /D [6022 0 R /XYZ 185.962 610.71 null] >> endobj 6035 0 obj << /D [6022 0 R /XYZ 71.731 598.59 null] >> endobj 6036 0 obj << /D [6022 0 R /XYZ 71.731 585.639 null] >> endobj 6037 0 obj << /D [6022 0 R /XYZ 139.477 569.863 null] >> endobj 1300 0 obj << /D [6022 0 R /XYZ 71.731 549.773 null] >> endobj 806 0 obj << /D [6022 0 R /XYZ 322.556 506.676 null] >> endobj 6038 0 obj << /D [6022 0 R /XYZ 71.731 503.112 null] >> endobj 6039 0 obj << /D [6022 0 R /XYZ 71.731 488.168 null] >> endobj 6040 0 obj << /D [6022 0 R /XYZ 71.731 478.681 null] >> endobj 6041 0 obj << /D [6022 0 R /XYZ 139.477 460.848 null] >> endobj 6042 0 obj << /D [6022 0 R /XYZ 71.731 448.728 null] >> endobj 6043 0 obj << /D [6022 0 R /XYZ 71.731 435.777 null] >> endobj 6044 0 obj << /D [6022 0 R /XYZ 139.477 420.001 null] >> endobj 6045 0 obj << /D [6022 0 R /XYZ 71.731 407.882 null] >> endobj 6046 0 obj << /D [6022 0 R /XYZ 71.731 394.93 null] >> endobj 6047 0 obj << /D [6022 0 R /XYZ 139.477 379.154 null] >> endobj 6048 0 obj << /D [6022 0 R /XYZ 71.731 317.286 null] >> endobj 6049 0 obj << /D [6022 0 R /XYZ 71.731 302.278 null] >> endobj 6050 0 obj << /D [6022 0 R /XYZ 139.477 286.502 null] >> endobj 6051 0 obj << /D [6022 0 R /XYZ 350.145 273.55 null] >> endobj 6052 0 obj << /D [6022 0 R /XYZ 71.731 248.599 null] >> endobj 6053 0 obj << /D [6022 0 R /XYZ 71.731 235.528 null] >> endobj 6054 0 obj << /D [6022 0 R /XYZ 139.477 219.752 null] >> endobj 6055 0 obj << /D [6022 0 R /XYZ 185.125 206.8 null] >> endobj 6056 0 obj << /D [6022 0 R /XYZ 301.638 206.8 null] >> endobj 6057 0 obj << /D [6022 0 R /XYZ 71.731 183.787 null] >> endobj 6058 0 obj << /D [6022 0 R /XYZ 71.731 168.778 null] >> endobj 6059 0 obj << /D [6022 0 R /XYZ 139.477 153.002 null] >> endobj 6060 0 obj << /D [6022 0 R /XYZ 191.551 140.051 null] >> endobj 6061 0 obj << /D [6022 0 R /XYZ 435.043 127.099 null] >> endobj 6021 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R /F38 1036 0 R /F25 932 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6066 0 obj << /Length 1533 /Filter /FlateDecode >> stream xXn6}WyW\M 1 " Zzk%޿*>iG49:spd׺\o%! 򰇒ܮG̯ WXzp|Z`׵2,iQwQg62r}02 Lˉ˞0*Ub`"t0aWZ`cUY?L]vx^lZjmt|v3 cТ%|6gQtx֝7$<&"[ ?QvㄮeC=0n$LyDp& zbݵ򃨱>l ;Ln>qIIF%GwxGeqgߙ9kq:&@ldɖ3LPɄi%2"gw]-%~AGYJgkWH}Q3dzj J\#eQѬ~l>u`ZNSfxy{4}i^SNFt}7^Atv}x1׷x&$ wx7nV 7O<Ar֦KqzP<}n[iH?Ї}7'ёɿ* endstream endobj 6065 0 obj << /Type /Page /Contents 6066 0 R /Resources 6064 0 R /MediaBox [0 0 593.051 789.041] /Parent 5906 0 R /Annots [ 6062 0 R 6063 0 R ] >> endobj 6062 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [137.086 511.867 185.573 522.397] /A << /S /GoTo /D (0:CONFIGFILE) >> >> endobj 6063 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [138.481 368.992 190.286 377.839] /A << /S /GoTo /D (0:LAYOUT) >> >> endobj 6067 0 obj << /D [6065 0 R /XYZ -1.269 814.22 null] >> endobj 6068 0 obj << /D [6065 0 R /XYZ 71.731 741.22 null] >> endobj 6069 0 obj << /D [6065 0 R /XYZ 71.731 718.306 null] >> endobj 6070 0 obj << /D [6065 0 R /XYZ 71.731 706.187 null] >> endobj 6071 0 obj << /D [6065 0 R /XYZ 139.477 690.411 null] >> endobj 6072 0 obj << /D [6065 0 R /XYZ 71.731 652.389 null] >> endobj 6073 0 obj << /D [6065 0 R /XYZ 71.731 639.437 null] >> endobj 6074 0 obj << /D [6065 0 R /XYZ 139.477 623.661 null] >> endobj 1301 0 obj << /D [6065 0 R /XYZ 71.731 616.523 null] >> endobj 810 0 obj << /D [6065 0 R /XYZ 154.45 573.426 null] >> endobj 6075 0 obj << /D [6065 0 R /XYZ 71.731 553.285 null] >> endobj 6076 0 obj << /D [6065 0 R /XYZ 336.486 540.549 null] >> endobj 6077 0 obj << /D [6065 0 R /XYZ 71.731 512.863 null] >> endobj 6078 0 obj << /D [6065 0 R /XYZ 71.731 497.919 null] >> endobj 6079 0 obj << /D [6065 0 R /XYZ 76.712 446.8 null] >> endobj 6080 0 obj << /D [6065 0 R /XYZ 71.731 426.875 null] >> endobj 6081 0 obj << /D [6065 0 R /XYZ 71.731 411.767 null] >> endobj 6082 0 obj << /D [6065 0 R /XYZ 139.477 395.991 null] >> endobj 6083 0 obj << /D [6065 0 R /XYZ 71.731 360.026 null] >> endobj 6084 0 obj << /D [6065 0 R /XYZ 71.731 347.075 null] >> endobj 6085 0 obj << /D [6065 0 R /XYZ 139.477 329.241 null] >> endobj 6086 0 obj << /D [6065 0 R /XYZ 266.37 329.241 null] >> endobj 6087 0 obj << /D [6065 0 R /XYZ 71.731 317.122 null] >> endobj 6088 0 obj << /D [6065 0 R /XYZ 71.731 306.228 null] >> endobj 6089 0 obj << /D [6065 0 R /XYZ 139.477 288.395 null] >> endobj 6090 0 obj << /D [6065 0 R /XYZ 303.928 288.395 null] >> endobj 6091 0 obj << /D [6065 0 R /XYZ 467.353 288.395 null] >> endobj 6092 0 obj << /D [6065 0 R /XYZ 71.731 276.275 null] >> endobj 6093 0 obj << /D [6065 0 R /XYZ 71.731 265.381 null] >> endobj 6094 0 obj << /D [6065 0 R /XYZ 139.477 247.548 null] >> endobj 6095 0 obj << /D [6065 0 R /XYZ 278.265 247.548 null] >> endobj 6096 0 obj << /D [6065 0 R /XYZ 71.731 222.477 null] >> endobj 6097 0 obj << /D [6065 0 R /XYZ 71.731 211.583 null] >> endobj 6098 0 obj << /D [6065 0 R /XYZ 139.477 193.749 null] >> endobj 6099 0 obj << /D [6065 0 R /XYZ 322.26 193.749 null] >> endobj 6100 0 obj << /D [6065 0 R /XYZ 71.731 181.63 null] >> endobj 6101 0 obj << /D [6065 0 R /XYZ 71.731 168.679 null] >> endobj 6102 0 obj << /D [6065 0 R /XYZ 139.477 152.903 null] >> endobj 6103 0 obj << /D [6065 0 R /XYZ 351.609 139.951 null] >> endobj 6104 0 obj << /D [6065 0 R /XYZ 71.731 127.832 null] >> endobj 6105 0 obj << /D [6065 0 R /XYZ 71.731 114.88 null] >> endobj 6106 0 obj << /D [6065 0 R /XYZ 139.477 99.104 null] >> endobj 6107 0 obj << /D [6065 0 R /XYZ 332.242 99.104 null] >> endobj 6064 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R /F38 1036 0 R /F48 1347 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6110 0 obj << /Length 662 /Filter /FlateDecode >> stream xڵU]o0}ϯ#HNmLZmhU1L0]Xxh^H|9ދ>>3N)H`k@1 %0fqRL>a9}\ZYԲPu.>['_BdT.^Umi,- qp@#d(Yy^ꭗby1"0ΧXe'}!g(k#7@me 0hcBDcáx~=H-ꮅNbAD)SoF~H! M$0ȆRfoglH 5mR՚;)5B< $MxB :mV׹r# /K9?ov~^\7_VMU O\cÍ 3Y9?쥭)qt2jݝjC0S"(&[e> uat&9s1NzؖxƐdgNՇfY<oFږO-އb~58E(4c2ۙe”^`[U+wDJd&.=5{:o;[SQt3<ȕw r=(Os ߅ʭ M=Y5Rc/\qTR٫[]{u:,Gx0^}t- љt& endstream endobj 6109 0 obj << /Type /Page /Contents 6110 0 R /Resources 6108 0 R /MediaBox [0 0 593.051 789.041] /Parent 6130 0 R >> endobj 6111 0 obj << /D [6109 0 R /XYZ -1.269 814.22 null] >> endobj 6112 0 obj << /D [6109 0 R /XYZ 71.731 718.306 null] >> endobj 6113 0 obj << /D [6109 0 R /XYZ 71.731 706.187 null] >> endobj 6114 0 obj << /D [6109 0 R /XYZ 139.477 690.411 null] >> endobj 6115 0 obj << /D [6109 0 R /XYZ 275.515 690.411 null] >> endobj 6116 0 obj << /D [6109 0 R /XYZ 71.731 665.34 null] >> endobj 6117 0 obj << /D [6109 0 R /XYZ 139.477 649.564 null] >> endobj 6118 0 obj << /D [6109 0 R /XYZ 278.833 649.564 null] >> endobj 6119 0 obj << /D [6109 0 R /XYZ 71.731 637.445 null] >> endobj 6120 0 obj << /D [6109 0 R /XYZ 71.731 626.551 null] >> endobj 6121 0 obj << /D [6109 0 R /XYZ 139.477 608.717 null] >> endobj 6122 0 obj << /D [6109 0 R /XYZ 222.664 595.766 null] >> endobj 6123 0 obj << /D [6109 0 R /XYZ 71.731 583.646 null] >> endobj 6124 0 obj << /D [6109 0 R /XYZ 71.731 572.752 null] >> endobj 6125 0 obj << /D [6109 0 R /XYZ 139.477 554.919 null] >> endobj 6126 0 obj << /D [6109 0 R /XYZ 277.996 554.919 null] >> endobj 6127 0 obj << /D [6109 0 R /XYZ 71.731 542.8 null] >> endobj 6128 0 obj << /D [6109 0 R /XYZ 71.731 531.905 null] >> endobj 6129 0 obj << /D [6109 0 R /XYZ 139.477 514.072 null] >> endobj 6108 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6134 0 obj << /Length 1974 /Filter /FlateDecode >> stream xZKs6Wi&  Ni4;$="$1CGm.)(؎s"E].r'ˉ;y'G,`ńc=<ᮇO.ɇZqr=sH]OVwB]EEy~I.uy5v5܉`A9FX~-rQF){ Q_Ne OJT ƌ^C`)N'DVJ>¾ՄRW5ma! av*9@-gQ3OŌe9lZ4B o1XP?QZb<0ObaYr*̤ԍڢd1n2z.eV 152. rssB>`L"I i^܌)g4r9lRڶ@D.N<y([Er'x^B[_|weKRcl O%w]|WQs?gQފ"hۉBy6'zx[`Q]Fv(\KXQFsfp֮#!E8~'Ǡ%bBJ(\eb"vD~I}^8yylLkһ ,D@ d(=ãƇrmx>p.{K!#յ($#8WŎ7#HYEd@ ُ&|hX@8@#CXpmg@d !ZZTwbYFȭŅ*mz!!~@B8q^aĩ 0!1]kG)ǭ^x꧴Ul^WQ ԍj{qnT8 2\GpL&UVJqdի1C+k޷֡h0=8j'G- Ru}S=rKUX6YV~WSPOx~K> \$e!xc#3 X?Sa\ݙ1k㘵r2HDUEKQۿ9VuJ " LIF5n7^AW\ Cޞ%=`űYU> endobj 6131 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [440.397 179.22 492.203 190.124] /A << /S /GoTo /D (0:KEYPAD) >> >> endobj 6135 0 obj << /D [6133 0 R /XYZ -1.269 814.22 null] >> endobj 1302 0 obj << /D [6133 0 R /XYZ 71.731 718.306 null] >> endobj 814 0 obj << /D [6133 0 R /XYZ 484.959 703.236 null] >> endobj 1303 0 obj << /D [6133 0 R /XYZ 71.731 692.504 null] >> endobj 818 0 obj << /D [6133 0 R /XYZ 172.199 651.526 null] >> endobj 6136 0 obj << /D [6133 0 R /XYZ 71.731 631.386 null] >> endobj 6137 0 obj << /D [6133 0 R /XYZ 71.731 631.386 null] >> endobj 6138 0 obj << /D [6133 0 R /XYZ 71.731 627.942 null] >> endobj 6139 0 obj << /D [6133 0 R /XYZ 137.484 606.782 null] >> endobj 6140 0 obj << /D [6133 0 R /XYZ 137.484 606.782 null] >> endobj 6141 0 obj << /D [6133 0 R /XYZ 71.731 605.487 null] >> endobj 6142 0 obj << /D [6133 0 R /XYZ 137.484 588.849 null] >> endobj 6143 0 obj << /D [6133 0 R /XYZ 137.484 588.849 null] >> endobj 6144 0 obj << /D [6133 0 R /XYZ 71.731 586.692 null] >> endobj 6145 0 obj << /D [6133 0 R /XYZ 137.484 570.916 null] >> endobj 6146 0 obj << /D [6133 0 R /XYZ 137.484 570.916 null] >> endobj 6147 0 obj << /D [6133 0 R /XYZ 71.731 568.759 null] >> endobj 6148 0 obj << /D [6133 0 R /XYZ 137.484 552.983 null] >> endobj 6149 0 obj << /D [6133 0 R /XYZ 137.484 552.983 null] >> endobj 6150 0 obj << /D [6133 0 R /XYZ 71.731 538.249 null] >> endobj 6151 0 obj << /D [6133 0 R /XYZ 137.484 522.099 null] >> endobj 6152 0 obj << /D [6133 0 R /XYZ 137.484 522.099 null] >> endobj 6153 0 obj << /D [6133 0 R /XYZ 71.731 507.365 null] >> endobj 6154 0 obj << /D [6133 0 R /XYZ 137.484 491.215 null] >> endobj 6155 0 obj << /D [6133 0 R /XYZ 137.484 491.215 null] >> endobj 6156 0 obj << /D [6133 0 R /XYZ 446.922 491.215 null] >> endobj 6157 0 obj << /D [6133 0 R /XYZ 137.484 478.264 null] >> endobj 6158 0 obj << /D [6133 0 R /XYZ 71.731 476.241 null] >> endobj 6159 0 obj << /D [6133 0 R /XYZ 137.484 460.331 null] >> endobj 6160 0 obj << /D [6133 0 R /XYZ 137.484 460.331 null] >> endobj 6161 0 obj << /D [6133 0 R /XYZ 433.642 460.331 null] >> endobj 6162 0 obj << /D [6133 0 R /XYZ 137.484 447.379 null] >> endobj 6163 0 obj << /D [6133 0 R /XYZ 71.731 445.357 null] >> endobj 6164 0 obj << /D [6133 0 R /XYZ 137.484 429.447 null] >> endobj 6165 0 obj << /D [6133 0 R /XYZ 137.484 429.447 null] >> endobj 6166 0 obj << /D [6133 0 R /XYZ 443.136 429.447 null] >> endobj 6167 0 obj << /D [6133 0 R /XYZ 137.484 416.495 null] >> endobj 6168 0 obj << /D [6133 0 R /XYZ 71.731 414.473 null] >> endobj 6169 0 obj << /D [6133 0 R /XYZ 137.484 398.563 null] >> endobj 6170 0 obj << /D [6133 0 R /XYZ 137.484 398.563 null] >> endobj 6171 0 obj << /D [6133 0 R /XYZ 473.965 398.563 null] >> endobj 6172 0 obj << /D [6133 0 R /XYZ 165.151 385.611 null] >> endobj 6173 0 obj << /D [6133 0 R /XYZ 71.731 383.589 null] >> endobj 6174 0 obj << /D [6133 0 R /XYZ 137.484 367.678 null] >> endobj 6175 0 obj << /D [6133 0 R /XYZ 137.484 367.678 null] >> endobj 6176 0 obj << /D [6133 0 R /XYZ 137.484 354.727 null] >> endobj 6177 0 obj << /D [6133 0 R /XYZ 212.652 354.727 null] >> endobj 6178 0 obj << /D [6133 0 R /XYZ 71.731 352.57 null] >> endobj 6179 0 obj << /D [6133 0 R /XYZ 137.484 336.794 null] >> endobj 6180 0 obj << /D [6133 0 R /XYZ 137.484 336.794 null] >> endobj 6181 0 obj << /D [6133 0 R /XYZ 483.544 336.794 null] >> endobj 6182 0 obj << /D [6133 0 R /XYZ 177.046 323.843 null] >> endobj 6183 0 obj << /D [6133 0 R /XYZ 71.731 321.82 null] >> endobj 6184 0 obj << /D [6133 0 R /XYZ 137.484 305.91 null] >> endobj 6185 0 obj << /D [6133 0 R /XYZ 137.484 305.91 null] >> endobj 6186 0 obj << /D [6133 0 R /XYZ 500.59 305.91 null] >> endobj 6187 0 obj << /D [6133 0 R /XYZ 196.692 292.959 null] >> endobj 6188 0 obj << /D [6133 0 R /XYZ 71.731 290.802 null] >> endobj 6189 0 obj << /D [6133 0 R /XYZ 137.484 275.026 null] >> endobj 6190 0 obj << /D [6133 0 R /XYZ 137.484 275.026 null] >> endobj 6191 0 obj << /D [6133 0 R /XYZ 484.232 275.026 null] >> endobj 6192 0 obj << /D [6133 0 R /XYZ 71.731 259.918 null] >> endobj 6193 0 obj << /D [6133 0 R /XYZ 137.484 244.142 null] >> endobj 6194 0 obj << /D [6133 0 R /XYZ 137.484 244.142 null] >> endobj 6195 0 obj << /D [6133 0 R /XYZ 288.487 231.19 null] >> endobj 6196 0 obj << /D [6133 0 R /XYZ 71.731 229.033 null] >> endobj 6197 0 obj << /D [6133 0 R /XYZ 137.484 213.257 null] >> endobj 6198 0 obj << /D [6133 0 R /XYZ 137.484 213.257 null] >> endobj 6199 0 obj << /D [6133 0 R /XYZ 443.804 213.257 null] >> endobj 6200 0 obj << /D [6133 0 R /XYZ 71.731 198.523 null] >> endobj 6201 0 obj << /D [6133 0 R /XYZ 137.484 182.373 null] >> endobj 6202 0 obj << /D [6133 0 R /XYZ 137.484 182.373 null] >> endobj 6203 0 obj << /D [6133 0 R /XYZ 505.124 182.373 null] >> endobj 6204 0 obj << /D [6133 0 R /XYZ 218.56 169.422 null] >> endobj 6205 0 obj << /D [6133 0 R /XYZ 137.484 156.47 null] >> endobj 6206 0 obj << /D [6133 0 R /XYZ 71.731 155.09 null] >> endobj 6207 0 obj << /D [6133 0 R /XYZ 137.484 138.538 null] >> endobj 6208 0 obj << /D [6133 0 R /XYZ 137.484 138.538 null] >> endobj 6209 0 obj << /D [6133 0 R /XYZ 137.484 125.586 null] >> endobj 6210 0 obj << /D [6133 0 R /XYZ 71.731 110.478 null] >> endobj 6132 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F33 939 0 R /F11 2699 0 R /F38 1036 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6213 0 obj << /Length 2119 /Filter /FlateDecode >> stream xZo~b!)@h R\E݊%N+IC񗤥V$iM3|326x7o|Cl Tp7w(MMP36|M%?owᛷ\2wөl*PF?l~߻vewdM*p7)b87^^LRT)eU2@<#5fsd(K 7IvsCr?O&5۩nKM7.2;PB?3g#0 +5,kaI_4Z*~Kp, y܂@jBG`3j͵v1W sTdd#΃}_\)dO5O!6?ݷ5O1F$aoKG[rIJ "ӫ|"mTdܛˁ}D2 f@" ,&ZCn/,4-dy'1PZbЮ*U+`(GuAqf_0)@l11u~ ~jJJo a< 69dcy5%sGbf?+a ًXOnS[GjRݎ6J4 mTNcn+47w޼f= NT(7bA< c&Y _wq $|ѣwB/ cl^\ߩG4&;\s"vut.cDT.#y$ܐ Ae *4 %pRͿd: ."^{smL! J6?ciʦ6t*{?[?`FTAokt"v~2rY/)O/D'p^/7"'H~kw4O.YŲ-]sdsa"^Fp.~)4CC1 {ӾH,V=ѕV`@=:' ͔عHi!9ҋ8EfdW,-|dkYT;7;AgҠ^g::Z-|&nD"r" }e!4|>CR'c ^E$I.Gmm@SW>%|ۘ]w}_dżtNKo- |t ʵP٘wyeDOW ]|ޭ>6{7S9oZGeފae߅_NEF)2=N} u_7qB(.}P_±=t>XINI0ע1<_f!;XPųLa39G*L?x9z!,k~i>i]!Bq0|}nB݃b r14^nGZ~zpm\ٔڽPֻН[ϧ ʧea9vLcUXq*Z['nc,qmu/!%oc?߽f˛ endstream endobj 6212 0 obj << /Type /Page /Contents 6213 0 R /Resources 6211 0 R /MediaBox [0 0 593.051 789.041] /Parent 6130 0 R >> endobj 6214 0 obj << /D [6212 0 R /XYZ -1.269 814.22 null] >> endobj 6215 0 obj << /D [6212 0 R /XYZ 137.484 708.344 null] >> endobj 6216 0 obj << /D [6212 0 R /XYZ 137.484 708.344 null] >> endobj 6217 0 obj << /D [6212 0 R /XYZ 71.731 693.235 null] >> endobj 6218 0 obj << /D [6212 0 R /XYZ 137.484 677.46 null] >> endobj 6219 0 obj << /D [6212 0 R /XYZ 137.484 677.46 null] >> endobj 6220 0 obj << /D [6212 0 R /XYZ 71.731 662.351 null] >> endobj 6221 0 obj << /D [6212 0 R /XYZ 137.484 646.575 null] >> endobj 6222 0 obj << /D [6212 0 R /XYZ 137.484 646.575 null] >> endobj 6223 0 obj << /D [6212 0 R /XYZ 363.187 646.575 null] >> endobj 6224 0 obj << /D [6212 0 R /XYZ 71.731 631.467 null] >> endobj 6225 0 obj << /D [6212 0 R /XYZ 137.484 615.691 null] >> endobj 6226 0 obj << /D [6212 0 R /XYZ 137.484 615.691 null] >> endobj 6227 0 obj << /D [6212 0 R /XYZ 481.805 615.691 null] >> endobj 6228 0 obj << /D [6212 0 R /XYZ 71.731 602.62 null] >> endobj 6229 0 obj << /D [6212 0 R /XYZ 137.484 584.807 null] >> endobj 6230 0 obj << /D [6212 0 R /XYZ 137.484 584.807 null] >> endobj 6231 0 obj << /D [6212 0 R /XYZ 305.164 571.856 null] >> endobj 6232 0 obj << /D [6212 0 R /XYZ 71.731 570.072 null] >> endobj 6233 0 obj << /D [6212 0 R /XYZ 137.484 553.923 null] >> endobj 6234 0 obj << /D [6212 0 R /XYZ 137.484 553.923 null] >> endobj 6235 0 obj << /D [6212 0 R /XYZ 308.003 553.923 null] >> endobj 6236 0 obj << /D [6212 0 R /XYZ 71.731 552.483 null] >> endobj 6237 0 obj << /D [6212 0 R /XYZ 137.484 535.99 null] >> endobj 6238 0 obj << /D [6212 0 R /XYZ 137.484 535.99 null] >> endobj 6239 0 obj << /D [6212 0 R /XYZ 71.731 533.833 null] >> endobj 6240 0 obj << /D [6212 0 R /XYZ 137.484 518.057 null] >> endobj 6241 0 obj << /D [6212 0 R /XYZ 137.484 518.057 null] >> endobj 6242 0 obj << /D [6212 0 R /XYZ 71.731 515.9 null] >> endobj 6243 0 obj << /D [6212 0 R /XYZ 137.484 500.125 null] >> endobj 6244 0 obj << /D [6212 0 R /XYZ 137.484 500.125 null] >> endobj 6245 0 obj << /D [6212 0 R /XYZ 71.731 497.968 null] >> endobj 6246 0 obj << /D [6212 0 R /XYZ 137.484 482.192 null] >> endobj 6247 0 obj << /D [6212 0 R /XYZ 137.484 482.192 null] >> endobj 6248 0 obj << /D [6212 0 R /XYZ 71.731 482.072 null] >> endobj 6249 0 obj << /D [6212 0 R /XYZ 137.484 464.259 null] >> endobj 6250 0 obj << /D [6212 0 R /XYZ 137.484 464.259 null] >> endobj 6251 0 obj << /D [6212 0 R /XYZ 263.955 464.259 null] >> endobj 1304 0 obj << /D [6212 0 R /XYZ 71.731 445.081 null] >> endobj 822 0 obj << /D [6212 0 R /XYZ 177.932 399.827 null] >> endobj 6252 0 obj << /D [6212 0 R /XYZ 71.731 399.612 null] >> endobj 6253 0 obj << /D [6212 0 R /XYZ 71.731 396.168 null] >> endobj 6254 0 obj << /D [6212 0 R /XYZ 137.484 375.008 null] >> endobj 6255 0 obj << /D [6212 0 R /XYZ 137.484 375.008 null] >> endobj 6256 0 obj << /D [6212 0 R /XYZ 373.887 375.008 null] >> endobj 6257 0 obj << /D [6212 0 R /XYZ 392.337 375.008 null] >> endobj 6258 0 obj << /D [6212 0 R /XYZ 435.226 375.008 null] >> endobj 6259 0 obj << /D [6212 0 R /XYZ 480.685 375.008 null] >> endobj 6260 0 obj << /D [6212 0 R /XYZ 217.703 362.056 null] >> endobj 6261 0 obj << /D [6212 0 R /XYZ 314.001 362.056 null] >> endobj 6262 0 obj << /D [6212 0 R /XYZ 71.731 359.899 null] >> endobj 6263 0 obj << /D [6212 0 R /XYZ 71.731 344.956 null] >> endobj 6264 0 obj << /D [6212 0 R /XYZ 258.89 335.456 null] >> endobj 6265 0 obj << /D [6212 0 R /XYZ 399.35 335.456 null] >> endobj 6266 0 obj << /D [6212 0 R /XYZ 76.712 294.609 null] >> endobj 6267 0 obj << /D [6212 0 R /XYZ 137.484 276.676 null] >> endobj 6268 0 obj << /D [6212 0 R /XYZ 137.484 276.676 null] >> endobj 6269 0 obj << /D [6212 0 R /XYZ 300.999 276.676 null] >> endobj 6270 0 obj << /D [6212 0 R /XYZ 71.731 274.52 null] >> endobj 6271 0 obj << /D [6212 0 R /XYZ 137.484 258.744 null] >> endobj 6272 0 obj << /D [6212 0 R /XYZ 137.484 258.744 null] >> endobj 6273 0 obj << /D [6212 0 R /XYZ 377.348 258.744 null] >> endobj 6274 0 obj << /D [6212 0 R /XYZ 71.731 256.587 null] >> endobj 6275 0 obj << /D [6212 0 R /XYZ 137.484 240.811 null] >> endobj 6276 0 obj << /D [6212 0 R /XYZ 137.484 240.811 null] >> endobj 6277 0 obj << /D [6212 0 R /XYZ 195.995 227.86 null] >> endobj 6278 0 obj << /D [6212 0 R /XYZ 271.162 227.86 null] >> endobj 6279 0 obj << /D [6212 0 R /XYZ 71.731 225.703 null] >> endobj 6280 0 obj << /D [6212 0 R /XYZ 137.484 209.927 null] >> endobj 6281 0 obj << /D [6212 0 R /XYZ 137.484 209.927 null] >> endobj 6282 0 obj << /D [6212 0 R /XYZ 71.731 207.889 null] >> endobj 6283 0 obj << /D [6212 0 R /XYZ 137.484 191.994 null] >> endobj 6284 0 obj << /D [6212 0 R /XYZ 137.484 191.994 null] >> endobj 1305 0 obj << /D [6212 0 R /XYZ 71.731 184.856 null] >> endobj 826 0 obj << /D [6212 0 R /XYZ 142.537 141.758 null] >> endobj 6285 0 obj << /D [6212 0 R /XYZ 71.731 138.195 null] >> endobj 6286 0 obj << /D [6212 0 R /XYZ 71.731 134.752 null] >> endobj 6287 0 obj << /D [6212 0 R /XYZ 137.484 116.939 null] >> endobj 6288 0 obj << /D [6212 0 R /XYZ 137.484 116.939 null] >> endobj 6289 0 obj << /D [6212 0 R /XYZ 71.731 114.783 null] >> endobj 6290 0 obj << /D [6212 0 R /XYZ 137.484 99.007 null] >> endobj 6291 0 obj << /D [6212 0 R /XYZ 137.484 99.007 null] >> endobj 6292 0 obj << /D [6212 0 R /XYZ 71.731 96.85 null] >> endobj 6211 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6295 0 obj << /Length 537 /Filter /FlateDecode >> stream xڭTM0 ϯRJݪ;RC`  A~lb?{1;<<1(iegE(J*Uʗ / gk }䪴T R+><[(Oʇ(q -rW Egg " o ûk$D4g LDy0@! {pQv6e+۸nA?7h̀&eYsl=n0'W(WΞnv, bC!@h~;ɻƂaW*rctr F$sRU skzP̤튬{wI3!?. &g4DUϺmu@,U}[_H+S/tB^ʉ0 yy uGm{ϯ[Z$(y?:Nת~[[cD^q&W)ZY)4^3ع~sm M١ҬV4TjOr" 7z[qR*=$JI/V} endstream endobj 6294 0 obj << /Type /Page /Contents 6295 0 R /Resources 6293 0 R /MediaBox [0 0 593.051 789.041] /Parent 6130 0 R >> endobj 6296 0 obj << /D [6294 0 R /XYZ -1.269 814.22 null] >> endobj 6297 0 obj << /D [6294 0 R /XYZ 137.484 708.344 null] >> endobj 6298 0 obj << /D [6294 0 R /XYZ 137.484 708.344 null] >> endobj 6299 0 obj << /D [6294 0 R /XYZ 313.977 708.344 null] >> endobj 6300 0 obj << /D [6294 0 R /XYZ 71.731 706.187 null] >> endobj 6301 0 obj << /D [6294 0 R /XYZ 137.484 690.411 null] >> endobj 6302 0 obj << /D [6294 0 R /XYZ 137.484 690.411 null] >> endobj 6303 0 obj << /D [6294 0 R /XYZ 71.731 675.303 null] >> endobj 6304 0 obj << /D [6294 0 R /XYZ 137.484 659.527 null] >> endobj 6305 0 obj << /D [6294 0 R /XYZ 137.484 659.527 null] >> endobj 6306 0 obj << /D [6294 0 R /XYZ 394.121 659.527 null] >> endobj 6293 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F11 2699 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6312 0 obj << /Length 1558 /Filter /FlateDecode >> stream xڵXKo8W!63z.H}uéh$$w(>K3Hw|\?\}/QloeQe~(wz߶)&̶\YcIYJE87M)w&L61Y d( XZ# /!Wz ݡ]jGmx(D, ZXthȸ.15TkkRhmfڣ 28MޜxvJZqA_ᮒHw 2k+>,܄a06AvIA\4 P8*?bȡ`,vQҚq*֡-EgƜ@֤פMz=9MiVك NHΊ.="yˎg8~LV`0Y=ТผZ4:/Q^FCpNi9Rnoc$(ɬ~걤y`P:YC%*O._5ESc7J%*s}:TZF_9t^R NT]y^s~YKxu^ CRho9G(xo&\/LY>AN^,%d4o\ F}XN,w.*I}8/HRBIpYEq꺂e)\q~0_GIq^KvХ(NnG( 4_n?aXv]t[f=k@]OkY[NjL1+ ~-Rˑ[Q^aQ:E' &n&kl 4*Fygjhȴ21y3`K*Kf_4R3(  rւh|UG:šSbʭ~Wc|3QlGǖiGwNyZ CT vp; kMW΁S$@jr Gf;awϤ-9?Bђ*l_E/5P9 bD9F)tT S{ C8wtP8IF:rVz@ 5E67v90;1i`<P3(\%bu~ps?lG5!0t^5mgYy9ӄ,7 0 _+>]+EO *FSi ٰa͸טimk`Wej}^h]ԿfУzޤҦl;{b[7<)A3 -Iޓspx=p4P-Y^_?pMEY%A*Y_r̲qW{gBY9Ս070[8 Q8Nq9mv>$".Y%aNĕC#Mh!^m82_~ks / ֘֔#An3ꨯ?OבS3ZW(X(74y Q]xP(V '{no endstream endobj 6311 0 obj << /Type /Page /Contents 6312 0 R /Resources 6310 0 R /MediaBox [0 0 593.051 789.041] /Parent 6130 0 R /Annots [ 6307 0 R 6308 0 R 6309 0 R ] >> endobj 6307 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [273.513 516.909 320.337 527.813] /A << /S /GoTo /D (0:FILEDEF) >> >> endobj 6308 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [425.8 516.909 472.624 527.813] /A << /S /GoTo /D (0:LOGDEF) >> >> endobj 6309 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [186.341 491.006 238.146 501.91] /A << /S /GoTo /D (0:MONDEF) >> >> endobj 6313 0 obj << /D [6311 0 R /XYZ -1.269 814.22 null] >> endobj 1306 0 obj << /D [6311 0 R /XYZ 71.731 718.306 null] >> endobj 830 0 obj << /D [6311 0 R /XYZ 146.328 676.38 null] >> endobj 1307 0 obj << /D [6311 0 R /XYZ 71.731 665.648 null] >> endobj 834 0 obj << /D [6311 0 R /XYZ 172.199 624.67 null] >> endobj 6314 0 obj << /D [6311 0 R /XYZ 71.731 604.529 null] >> endobj 6315 0 obj << /D [6311 0 R /XYZ 222.485 591.793 null] >> endobj 6316 0 obj << /D [6311 0 R /XYZ 296.367 591.793 null] >> endobj 6317 0 obj << /D [6311 0 R /XYZ 119.552 578.841 null] >> endobj 6318 0 obj << /D [6311 0 R /XYZ 71.731 543.808 null] >> endobj 6319 0 obj << /D [6311 0 R /XYZ 71.731 472.077 null] >> endobj 6320 0 obj << /D [6311 0 R /XYZ 274.38 461.282 null] >> endobj 6321 0 obj << /D [6311 0 R /XYZ 362.926 461.282 null] >> endobj 6322 0 obj << /D [6311 0 R /XYZ 411.633 461.282 null] >> endobj 6323 0 obj << /D [6311 0 R /XYZ 119.552 448.331 null] >> endobj 6324 0 obj << /D [6311 0 R /XYZ 71.731 413.297 null] >> endobj 6325 0 obj << /D [6311 0 R /XYZ 265.912 402.503 null] >> endobj 6326 0 obj << /D [6311 0 R /XYZ 286.434 402.503 null] >> endobj 6327 0 obj << /D [6311 0 R /XYZ 71.731 341.566 null] >> endobj 6328 0 obj << /D [6311 0 R /XYZ 119.552 317.82 null] >> endobj 6329 0 obj << /D [6311 0 R /XYZ 211.695 317.82 null] >> endobj 6330 0 obj << /D [6311 0 R /XYZ 71.731 305.701 null] >> endobj 6331 0 obj << /D [6311 0 R /XYZ 71.731 193.301 null] >> endobj 6332 0 obj << /D [6311 0 R /XYZ 71.731 146.697 null] >> endobj 6333 0 obj << /D [6311 0 R /XYZ 71.731 133.746 null] >> endobj 6334 0 obj << /D [6311 0 R /XYZ 71.731 118.802 null] >> endobj 6310 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6337 0 obj << /Length 1971 /Filter /FlateDecode >> stream xڭXێ8}W8=l/ڴz$L6 ОLmmt Hՙ`wIIT::7yeq, ZƖ-p{??U$B`=$K1/^Ò.~%kZG W\dA!ӈ$q`|nYX>ϕs#!8 n!Lҏ [c Ix@f <,qsEa |Y)ab@w7u\ēx0j:ҝaD$4'Օ֞p-&ȣUZ5@v#fh>V3&kz%x:9$;ҏ$)?i8>0$W-s~Q> MLf35z RD./h ܹW|@'&vMو5}@r*hnGH,E4!⬚Ii- Va;:r8, u!w 3J?yG3};$o1~QR>y4yNز؂K*0ri yh^.nl\};N,W`;>EB#BWqUm6H ~=y#)eeP.6?!mMEUR3WS0Q_%$֫J:n{147?~vꈟ[meRZoo Anԟb*[_Ǯsr?+L4m=1F ir&G8GQ\kD8Qoݎƨ *BԦٶm6gAgE;8Xo @0 >E>u{Jm NoK1H "]F+ΧIR~D|#zNMѵKدXWm.1:r_Y/W+Q à;C>/˰sc{Z±ϊ nMQ~z&5u(*r낣B {ҷ1"wZU3S?$^a9-ۺ›YFftr xп.,axˢ!.>nzu任75.W4Sbnz.?,W1Ȏ QnEucs dVKbdMk1Wr\Q.p5WW`lVe}SU*S/oOk^` d3=- bo\Y-I4_@4湹juI_k~9׿4)DjnǩM!]8LMd}ŕ*#̨5'SD ]404ȲuIK͓tݔ)8<&?BF ||Ku-MFE0csV[t3ҝ$C0dc5ps^o w endstream endobj 6336 0 obj << /Type /Page /Contents 6337 0 R /Resources 6335 0 R /MediaBox [0 0 593.051 789.041] /Parent 6130 0 R >> endobj 6338 0 obj << /D [6336 0 R /XYZ -1.269 814.22 null] >> endobj 6339 0 obj << /D [6336 0 R /XYZ 76.712 708.344 null] >> endobj 6340 0 obj << /D [6336 0 R /XYZ 71.731 688.418 null] >> endobj 6341 0 obj << /D [6336 0 R /XYZ 371.084 676.762 null] >> endobj 6342 0 obj << /D [6336 0 R /XYZ 161.408 653.45 null] >> endobj 6343 0 obj << /D [6336 0 R /XYZ 247.43 653.45 null] >> endobj 6344 0 obj << /D [6336 0 R /XYZ 76.712 635.517 null] >> endobj 838 0 obj << /D [6336 0 R /XYZ 270.83 596.144 null] >> endobj 6345 0 obj << /D [6336 0 R /XYZ 71.731 573.25 null] >> endobj 6346 0 obj << /D [6336 0 R /XYZ 259.854 550.316 null] >> endobj 6347 0 obj << /D [6336 0 R /XYZ 298.21 550.316 null] >> endobj 6348 0 obj << /D [6336 0 R /XYZ 311.28 537.365 null] >> endobj 6349 0 obj << /D [6336 0 R /XYZ 352.804 537.365 null] >> endobj 6350 0 obj << /D [6336 0 R /XYZ 462.976 537.365 null] >> endobj 6351 0 obj << /D [6336 0 R /XYZ 201.464 511.462 null] >> endobj 6352 0 obj << /D [6336 0 R /XYZ 71.731 509.305 null] >> endobj 6353 0 obj << /D [6336 0 R /XYZ 71.731 494.361 null] >> endobj 6354 0 obj << /D [6336 0 R /XYZ 254.837 484.862 null] >> endobj 6355 0 obj << /D [6336 0 R /XYZ 274.401 473.205 null] >> endobj 6356 0 obj << /D [6336 0 R /XYZ 71.731 435.347 null] >> endobj 6357 0 obj << /D [6336 0 R /XYZ 174.495 396.493 null] >> endobj 6358 0 obj << /D [6336 0 R /XYZ 71.731 376.448 null] >> endobj 6359 0 obj << /D [6336 0 R /XYZ 255.142 350.665 null] >> endobj 6360 0 obj << /D [6336 0 R /XYZ 299.983 350.665 null] >> endobj 6361 0 obj << /D [6336 0 R /XYZ 71.731 302.68 null] >> endobj 6362 0 obj << /D [6336 0 R /XYZ 315.605 291.885 null] >> endobj 6363 0 obj << /D [6336 0 R /XYZ 71.731 266.815 null] >> endobj 6335 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F48 1347 0 R /F55 1479 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6366 0 obj << /Length 1748 /Filter /FlateDecode >> stream xڭXmo6_l1-z;+uC1 ak[,"~JbRx #)ey(Js%9付b9"h<&fs hجޗ\GUQ~ڃ5#|‚i}!L_jƐFFnn5Qw-PPŹ"Mvdܔ47NЀCw`søufqcB 6 ]Y7V9kkJݜ59R͙]i-0UpSojF&FL`ʣ~Oq9Fsm29dagk#ܦ91X4ަB<҄ـCpYz^Vxaas׊D 5'>D|/4FLH}b )[zMD!{vE˄s<1%K'hE9h4}E߿WS\ә=?i OW ZqiRE˦vkv{5{AD!]luvmt :G}'zu/ endstream endobj 6365 0 obj << /Type /Page /Contents 6366 0 R /Resources 6364 0 R /MediaBox [0 0 593.051 789.041] /Parent 6413 0 R >> endobj 6367 0 obj << /D [6365 0 R /XYZ -1.269 814.22 null] >> endobj 6368 0 obj << /D [6365 0 R /XYZ 71.731 685.546 null] >> endobj 842 0 obj << /D [6365 0 R /XYZ 248.694 647.352 null] >> endobj 6369 0 obj << /D [6365 0 R /XYZ 71.731 627.248 null] >> endobj 6370 0 obj << /D [6365 0 R /XYZ 71.731 566.491 null] >> endobj 6371 0 obj << /D [6365 0 R /XYZ 71.731 553.539 null] >> endobj 6372 0 obj << /D [6365 0 R /XYZ 71.731 538.595 null] >> endobj 6373 0 obj << /D [6365 0 R /XYZ 71.731 526.62 null] >> endobj 6374 0 obj << /D [6365 0 R /XYZ 139.477 509.868 null] >> endobj 6375 0 obj << /D [6365 0 R /XYZ 139.477 509.868 null] >> endobj 6376 0 obj << /D [6365 0 R /XYZ 240.607 509.868 null] >> endobj 6377 0 obj << /D [6365 0 R /XYZ 71.731 484.797 null] >> endobj 6378 0 obj << /D [6365 0 R /XYZ 71.731 471.846 null] >> endobj 6379 0 obj << /D [6365 0 R /XYZ 139.477 456.07 null] >> endobj 6380 0 obj << /D [6365 0 R /XYZ 139.477 456.07 null] >> endobj 6381 0 obj << /D [6365 0 R /XYZ 228.422 456.07 null] >> endobj 6382 0 obj << /D [6365 0 R /XYZ 71.731 430.999 null] >> endobj 6383 0 obj << /D [6365 0 R /XYZ 71.731 419.024 null] >> endobj 6384 0 obj << /D [6365 0 R /XYZ 139.477 402.271 null] >> endobj 6385 0 obj << /D [6365 0 R /XYZ 139.477 402.271 null] >> endobj 6386 0 obj << /D [6365 0 R /XYZ 200.766 402.271 null] >> endobj 6387 0 obj << /D [6365 0 R /XYZ 71.731 377.201 null] >> endobj 6388 0 obj << /D [6365 0 R /XYZ 71.731 365.225 null] >> endobj 6389 0 obj << /D [6365 0 R /XYZ 139.477 348.473 null] >> endobj 6390 0 obj << /D [6365 0 R /XYZ 139.477 348.473 null] >> endobj 6391 0 obj << /D [6365 0 R /XYZ 225.525 348.473 null] >> endobj 6392 0 obj << /D [6365 0 R /XYZ 71.731 336.354 null] >> endobj 6393 0 obj << /D [6365 0 R /XYZ 71.731 324.379 null] >> endobj 6394 0 obj << /D [6365 0 R /XYZ 139.477 307.626 null] >> endobj 6395 0 obj << /D [6365 0 R /XYZ 139.477 307.626 null] >> endobj 6396 0 obj << /D [6365 0 R /XYZ 243.376 307.626 null] >> endobj 6397 0 obj << /D [6365 0 R /XYZ 334.53 307.626 null] >> endobj 6398 0 obj << /D [6365 0 R /XYZ 376.053 307.626 null] >> endobj 6399 0 obj << /D [6365 0 R /XYZ 422.363 268.772 null] >> endobj 6400 0 obj << /D [6365 0 R /XYZ 71.731 235.776 null] >> endobj 6401 0 obj << /D [6365 0 R /XYZ 71.731 208.553 null] >> endobj 6402 0 obj << /D [6365 0 R /XYZ 71.731 193.609 null] >> endobj 6403 0 obj << /D [6365 0 R /XYZ 430.62 183.392 null] >> endobj 6404 0 obj << /D [6365 0 R /XYZ 225.589 171.736 null] >> endobj 6405 0 obj << /D [6365 0 R /XYZ 335.674 171.736 null] >> endobj 6406 0 obj << /D [6365 0 R /XYZ 344.416 171.736 null] >> endobj 6407 0 obj << /D [6365 0 R /XYZ 71.731 164.867 null] >> endobj 6408 0 obj << /D [6365 0 R /XYZ 219.716 155.098 null] >> endobj 6409 0 obj << /D [6365 0 R /XYZ 311.091 155.098 null] >> endobj 6410 0 obj << /D [6365 0 R /XYZ 139.477 143.442 null] >> endobj 6411 0 obj << /D [6365 0 R /XYZ 144.462 143.442 null] >> endobj 6412 0 obj << /D [6365 0 R /XYZ 71.731 137.367 null] >> endobj 6364 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6419 0 obj << /Length 925 /Filter /FlateDecode >> stream xڭW]o0}߯T"?bשbm M(k6"ǎݮiCױ>ٹOȹΏ>21̢("dQ`):>̈́: 0 ¨ x<:ƹ) Z ? ip0C?Q3Ywn_`r|Fa-: `G NX: 0(md>L֑Rwy`-d,%˅U"&dȷm6ԢmqqebiD6""yfhdW_n;YAV/&oaN*q'Po\jBxAڑ܃Lj>FgF 0^(Je .ϊҽM㠃lA$hM.EӼnIYQ&6QhYt]/] hcWT'SU e |> CЮO;}0Qd޵` ԸkVJb|s.x\JlwAs(>W_Rf=)Bxh$a JV+b~jQ6 %xPBxds [q-p~ m/I|xHσL/ۀ@mGi2؏b? iP&#?+M\jXihO*gNݻ\TY bC$7[Z5B޻=Љ]_ZB-W;s!ӹpK`CEbWVĭy|ykq(ffr;ͤS 7'I<"nOf$e.' JAt[81,HW-x^Ǵ%sFyzﺐu(\?9>؍"iLqpj JgNGn[ endstream endobj 6418 0 obj << /Type /Page /Contents 6419 0 R /Resources 6417 0 R /MediaBox [0 0 593.051 789.041] /Parent 6413 0 R /Annots [ 6414 0 R 6415 0 R 6416 0 R ] >> endobj 6414 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [242.26 397.321 296.556 408.225] /A << /S /GoTo /D (0:POLICY) >> >> endobj 6415 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [118.555 305.665 172.851 316.569] /A << /S /GoTo /D (0:POLICY) >> >> endobj 6416 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [203.496 160.535 257.792 171.439] /A << /S /GoTo /D (0:SEVERITYDEF) >> >> endobj 6420 0 obj << /D [6418 0 R /XYZ -1.269 814.22 null] >> endobj 6421 0 obj << /D [6418 0 R /XYZ 71.731 741.22 null] >> endobj 6422 0 obj << /D [6418 0 R /XYZ 71.731 718.306 null] >> endobj 1308 0 obj << /D [6418 0 R /XYZ 71.731 478.466 null] >> endobj 846 0 obj << /D [6418 0 R /XYZ 221.434 433.351 null] >> endobj 6423 0 obj << /D [6418 0 R /XYZ 71.731 413.211 null] >> endobj 6424 0 obj << /D [6418 0 R /XYZ 71.731 378.392 null] >> endobj 6425 0 obj << /D [6418 0 R /XYZ 71.731 378.392 null] >> endobj 6426 0 obj << /D [6418 0 R /XYZ 174.684 367.598 null] >> endobj 6427 0 obj << /D [6418 0 R /XYZ 222.833 367.598 null] >> endobj 6428 0 obj << /D [6418 0 R /XYZ 308.342 367.598 null] >> endobj 6429 0 obj << /D [6418 0 R /XYZ 360.735 367.598 null] >> endobj 6430 0 obj << /D [6418 0 R /XYZ 422.532 367.598 null] >> endobj 6431 0 obj << /D [6418 0 R /XYZ 477.326 367.598 null] >> endobj 6432 0 obj << /D [6418 0 R /XYZ 119.552 354.646 null] >> endobj 6433 0 obj << /D [6418 0 R /XYZ 172.941 354.646 null] >> endobj 6434 0 obj << /D [6418 0 R /XYZ 226.33 354.646 null] >> endobj 6435 0 obj << /D [6418 0 R /XYZ 279.72 354.646 null] >> endobj 6436 0 obj << /D [6418 0 R /XYZ 333.109 354.646 null] >> endobj 6437 0 obj << /D [6418 0 R /XYZ 71.731 333.236 null] >> endobj 6438 0 obj << /D [6418 0 R /XYZ 71.731 286.736 null] >> endobj 6439 0 obj << /D [6418 0 R /XYZ 71.731 286.736 null] >> endobj 6440 0 obj << /D [6418 0 R /XYZ 137.962 275.941 null] >> endobj 6441 0 obj << /D [6418 0 R /XYZ 71.731 254.801 null] >> endobj 6442 0 obj << /D [6418 0 R /XYZ 71.731 254.801 null] >> endobj 6443 0 obj << /D [6418 0 R /XYZ 137.962 243.065 null] >> endobj 1309 0 obj << /D [6418 0 R /XYZ 71.731 240.604 null] >> endobj 850 0 obj << /D [6418 0 R /XYZ 254.918 196.565 null] >> endobj 6444 0 obj << /D [6418 0 R /XYZ 71.731 173.076 null] >> endobj 6445 0 obj << /D [6418 0 R /XYZ 71.731 141.606 null] >> endobj 6446 0 obj << /D [6418 0 R /XYZ 71.731 141.606 null] >> endobj 6447 0 obj << /D [6418 0 R /XYZ 71.731 108.864 null] >> endobj 6417 0 obj << /Font << /F33 939 0 R /F50 1352 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6451 0 obj << /Length 633 /Filter /FlateDecode >> stream xڽo0W1q@*N 4uhS%Fٱ˚ɍ{>;grbr10DPaJSP%'`h+.SQt o#D:<ڢn~-7f0k7V7/b!O1%@*3`#6SYCQ=P.שׂ@@YB&Y6ꡳp>+6$ V(U"%Jǐrte) pJ(W:C?*C%pp0gڬ, >vN9m]EmHGjTB!0^9X33 y }wwBo ]MN8:{-  "rAǢR|Tڜp8L(^$H &QH ;eעn}2lAӛ67NVЛS]}̺tw~:NIg+f@0ㆠpb*̻\N)wbKNx mꉌLMqmmU%'oQWOiU.Q[1H_hnecچKRUc۬( Tw{Hۢ9 bB\b[- endstream endobj 6450 0 obj << /Type /Page /Contents 6451 0 R /Resources 6449 0 R /MediaBox [0 0 593.051 789.041] /Parent 6413 0 R /Annots [ 6448 0 R ] >> endobj 6448 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [203.496 132.664 250.32 143.568] /A << /S /GoTo /D (0:THRESHOLDS) >> >> endobj 6452 0 obj << /D [6450 0 R /XYZ -1.269 814.22 null] >> endobj 6453 0 obj << /D [6450 0 R /XYZ 71.731 741.22 null] >> endobj 6454 0 obj << /D [6450 0 R /XYZ 71.731 718.306 null] >> endobj 6455 0 obj << /D [6450 0 R /XYZ 71.731 718.306 null] >> endobj 6456 0 obj << /D [6450 0 R /XYZ 203.018 708.344 null] >> endobj 6457 0 obj << /D [6450 0 R /XYZ 71.731 653.519 null] >> endobj 6458 0 obj << /D [6450 0 R /XYZ 71.731 653.519 null] >> endobj 6459 0 obj << /D [6450 0 R /XYZ 217.683 642.59 null] >> endobj 6460 0 obj << /D [6450 0 R /XYZ 71.731 620.643 null] >> endobj 6461 0 obj << /D [6450 0 R /XYZ 71.731 620.643 null] >> endobj 6462 0 obj << /D [6450 0 R /XYZ 210.022 609.714 null] >> endobj 6463 0 obj << /D [6450 0 R /XYZ 71.731 587.766 null] >> endobj 6464 0 obj << /D [6450 0 R /XYZ 71.731 587.766 null] >> endobj 6465 0 obj << /D [6450 0 R /XYZ 200.617 576.837 null] >> endobj 6466 0 obj << /D [6450 0 R /XYZ 71.731 554.889 null] >> endobj 6467 0 obj << /D [6450 0 R /XYZ 71.731 554.889 null] >> endobj 6468 0 obj << /D [6450 0 R /XYZ 203.356 543.96 null] >> endobj 6469 0 obj << /D [6450 0 R /XYZ 71.731 522.012 null] >> endobj 6470 0 obj << /D [6450 0 R /XYZ 71.731 522.012 null] >> endobj 6471 0 obj << /D [6450 0 R /XYZ 184.737 511.083 null] >> endobj 6472 0 obj << /D [6450 0 R /XYZ 71.731 489.136 null] >> endobj 6473 0 obj << /D [6450 0 R /XYZ 71.731 489.136 null] >> endobj 6474 0 obj << /D [6450 0 R /XYZ 184.737 478.207 null] >> endobj 6475 0 obj << /D [6450 0 R /XYZ 71.731 456.259 null] >> endobj 6476 0 obj << /D [6450 0 R /XYZ 71.731 456.259 null] >> endobj 6477 0 obj << /D [6450 0 R /XYZ 184.737 445.33 null] >> endobj 6478 0 obj << /D [6450 0 R /XYZ 71.731 423.382 null] >> endobj 6479 0 obj << /D [6450 0 R /XYZ 71.731 423.382 null] >> endobj 6480 0 obj << /D [6450 0 R /XYZ 184.737 412.453 null] >> endobj 6481 0 obj << /D [6450 0 R /XYZ 71.731 390.506 null] >> endobj 6482 0 obj << /D [6450 0 R /XYZ 71.731 390.506 null] >> endobj 6483 0 obj << /D [6450 0 R /XYZ 184.737 379.577 null] >> endobj 6484 0 obj << /D [6450 0 R /XYZ 71.731 357.629 null] >> endobj 6485 0 obj << /D [6450 0 R /XYZ 71.731 357.629 null] >> endobj 6486 0 obj << /D [6450 0 R /XYZ 191.212 346.7 null] >> endobj 6487 0 obj << /D [6450 0 R /XYZ 71.731 324.752 null] >> endobj 6488 0 obj << /D [6450 0 R /XYZ 71.731 324.752 null] >> endobj 6489 0 obj << /D [6450 0 R /XYZ 179.765 313.823 null] >> endobj 6490 0 obj << /D [6450 0 R /XYZ 71.731 291.875 null] >> endobj 6491 0 obj << /D [6450 0 R /XYZ 71.731 291.875 null] >> endobj 6492 0 obj << /D [6450 0 R /XYZ 178.101 280.946 null] >> endobj 6493 0 obj << /D [6450 0 R /XYZ 71.731 258.999 null] >> endobj 6494 0 obj << /D [6450 0 R /XYZ 71.731 258.999 null] >> endobj 6495 0 obj << /D [6450 0 R /XYZ 188.612 248.07 null] >> endobj 6496 0 obj << /D [6450 0 R /XYZ 71.731 226.122 null] >> endobj 6497 0 obj << /D [6450 0 R /XYZ 71.731 226.122 null] >> endobj 6498 0 obj << /D [6450 0 R /XYZ 212.084 215.193 null] >> endobj 1310 0 obj << /D [6450 0 R /XYZ 71.731 211.791 null] >> endobj 854 0 obj << /D [6450 0 R /XYZ 268.605 168.693 null] >> endobj 6499 0 obj << /D [6450 0 R /XYZ 71.731 144.938 null] >> endobj 6500 0 obj << /D [6450 0 R /XYZ 71.731 113.735 null] >> endobj 6501 0 obj << /D [6450 0 R /XYZ 71.731 113.735 null] >> endobj 6449 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6504 0 obj << /Length 983 /Filter /FlateDecode >> stream xڭKo8I"fI꽋ԻhhʤWbw(̙ؔ{[{\}X\;)MƋ(AETxYDQPoh;d1>!IJ)mͺ9 Ŭ k EQLQgQs2.y'F2_VV_{ x]ӭKXk#J"nQ,ŀ1U9U)yv5ovZO̬u)YH48jRܞ(/KY}=5yLibrq&u,B/ fǃϪ #]> endobj 6505 0 obj << /D [6503 0 R /XYZ -1.269 814.22 null] >> endobj 6506 0 obj << /D [6503 0 R /XYZ 71.731 741.22 null] >> endobj 6507 0 obj << /D [6503 0 R /XYZ 71.731 718.306 null] >> endobj 6508 0 obj << /D [6503 0 R /XYZ 71.731 653.519 null] >> endobj 6509 0 obj << /D [6503 0 R /XYZ 71.731 653.519 null] >> endobj 6510 0 obj << /D [6503 0 R /XYZ 181.977 642.59 null] >> endobj 6511 0 obj << /D [6503 0 R /XYZ 71.731 620.643 null] >> endobj 6512 0 obj << /D [6503 0 R /XYZ 71.731 620.643 null] >> endobj 6513 0 obj << /D [6503 0 R /XYZ 176.448 609.714 null] >> endobj 6514 0 obj << /D [6503 0 R /XYZ 71.731 587.766 null] >> endobj 6515 0 obj << /D [6503 0 R /XYZ 71.731 587.766 null] >> endobj 6516 0 obj << /D [6503 0 R /XYZ 186.968 576.837 null] >> endobj 6517 0 obj << /D [6503 0 R /XYZ 71.731 554.889 null] >> endobj 6518 0 obj << /D [6503 0 R /XYZ 71.731 554.889 null] >> endobj 6519 0 obj << /D [6503 0 R /XYZ 192.866 543.96 null] >> endobj 6520 0 obj << /D [6503 0 R /XYZ 71.731 522.012 null] >> endobj 6521 0 obj << /D [6503 0 R /XYZ 71.731 522.012 null] >> endobj 6522 0 obj << /D [6503 0 R /XYZ 189.728 511.083 null] >> endobj 6523 0 obj << /D [6503 0 R /XYZ 71.731 489.136 null] >> endobj 6524 0 obj << /D [6503 0 R /XYZ 71.731 489.136 null] >> endobj 6525 0 obj << /D [6503 0 R /XYZ 196.771 478.207 null] >> endobj 6526 0 obj << /D [6503 0 R /XYZ 71.731 456.259 null] >> endobj 6527 0 obj << /D [6503 0 R /XYZ 71.731 456.259 null] >> endobj 6528 0 obj << /D [6503 0 R /XYZ 199.133 445.33 null] >> endobj 6529 0 obj << /D [6503 0 R /XYZ 71.731 423.382 null] >> endobj 6530 0 obj << /D [6503 0 R /XYZ 71.731 423.382 null] >> endobj 6531 0 obj << /D [6503 0 R /XYZ 218.789 412.453 null] >> endobj 6532 0 obj << /D [6503 0 R /XYZ 71.731 390.371 null] >> endobj 1311 0 obj << /D [6503 0 R /XYZ 71.731 337.32 null] >> endobj 858 0 obj << /D [6503 0 R /XYZ 347.055 294.223 null] >> endobj 6533 0 obj << /D [6503 0 R /XYZ 71.731 270.467 null] >> endobj 6534 0 obj << /D [6503 0 R /XYZ 71.731 239.264 null] >> endobj 6535 0 obj << /D [6503 0 R /XYZ 71.731 239.264 null] >> endobj 6536 0 obj << /D [6503 0 R /XYZ 71.731 206.522 null] >> endobj 6537 0 obj << /D [6503 0 R /XYZ 71.731 175.568 null] >> endobj 6538 0 obj << /D [6503 0 R /XYZ 71.731 175.568 null] >> endobj 6539 0 obj << /D [6503 0 R /XYZ 204.173 162.716 null] >> endobj 6540 0 obj << /D [6503 0 R /XYZ 71.731 140.768 null] >> endobj 6541 0 obj << /D [6503 0 R /XYZ 71.731 140.768 null] >> endobj 6542 0 obj << /D [6503 0 R /XYZ 211.376 129.839 null] >> endobj 6543 0 obj << /D [6503 0 R /XYZ 71.731 107.891 null] >> endobj 6544 0 obj << /D [6503 0 R /XYZ 71.731 107.891 null] >> endobj 6545 0 obj << /D [6503 0 R /XYZ 184.757 96.962 null] >> endobj 6502 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6548 0 obj << /Length 944 /Filter /FlateDecode >> stream xڵWQs8~ϯf s* f7koMC@vcAV} ?KA[#PE}5Ec9Wo ܼO+fo31YZ3hSQyQbD-"@ 5\3>@gM~ %Umv} =|đAS!Q{aF  o0NL*<],:p= t.Ҭo̶m'Y~D%juVѵ. IgG6%oE 8)VpT> endobj 6549 0 obj << /D [6547 0 R /XYZ -1.269 814.22 null] >> endobj 6550 0 obj << /D [6547 0 R /XYZ 71.731 741.22 null] >> endobj 6551 0 obj << /D [6547 0 R /XYZ 71.731 718.306 null] >> endobj 6552 0 obj << /D [6547 0 R /XYZ 71.731 718.306 null] >> endobj 6553 0 obj << /D [6547 0 R /XYZ 208.557 708.344 null] >> endobj 1312 0 obj << /D [6547 0 R /XYZ 71.731 672.065 null] >> endobj 862 0 obj << /D [6547 0 R /XYZ 401.695 628.967 null] >> endobj 6554 0 obj << /D [6547 0 R /XYZ 71.731 605.212 null] >> endobj 6555 0 obj << /D [6547 0 R /XYZ 71.731 574.009 null] >> endobj 6556 0 obj << /D [6547 0 R /XYZ 71.731 574.009 null] >> endobj 6557 0 obj << /D [6547 0 R /XYZ 71.731 541.804 null] >> endobj 6558 0 obj << /D [6547 0 R /XYZ 71.731 510.312 null] >> endobj 6559 0 obj << /D [6547 0 R /XYZ 71.731 510.312 null] >> endobj 6560 0 obj << /D [6547 0 R /XYZ 208.188 497.461 null] >> endobj 6561 0 obj << /D [6547 0 R /XYZ 71.731 476.096 null] >> endobj 6562 0 obj << /D [6547 0 R /XYZ 71.731 476.096 null] >> endobj 6563 0 obj << /D [6547 0 R /XYZ 215.391 464.584 null] >> endobj 6564 0 obj << /D [6547 0 R /XYZ 71.731 444.479 null] >> endobj 6565 0 obj << /D [6547 0 R /XYZ 71.731 444.479 null] >> endobj 6566 0 obj << /D [6547 0 R /XYZ 198.993 431.707 null] >> endobj 6567 0 obj << /D [6547 0 R /XYZ 71.731 409.625 null] >> endobj 6568 0 obj << /D [6547 0 R /XYZ 71.731 409.625 null] >> endobj 6569 0 obj << /D [6547 0 R /XYZ 198.435 398.83 null] >> endobj 6570 0 obj << /D [6547 0 R /XYZ 71.731 376.748 null] >> endobj 6571 0 obj << /D [6547 0 R /XYZ 71.731 376.748 null] >> endobj 6572 0 obj << /D [6547 0 R /XYZ 209.205 365.954 null] >> endobj 6573 0 obj << /D [6547 0 R /XYZ 71.731 343.872 null] >> endobj 6574 0 obj << /D [6547 0 R /XYZ 71.731 343.872 null] >> endobj 6575 0 obj << /D [6547 0 R /XYZ 188.771 333.077 null] >> endobj 6576 0 obj << /D [6547 0 R /XYZ 71.731 310.995 null] >> endobj 6577 0 obj << /D [6547 0 R /XYZ 71.731 310.995 null] >> endobj 6578 0 obj << /D [6547 0 R /XYZ 207.292 300.2 null] >> endobj 6579 0 obj << /D [6547 0 R /XYZ 71.731 278.118 null] >> endobj 6580 0 obj << /D [6547 0 R /XYZ 71.731 278.118 null] >> endobj 6581 0 obj << /D [6547 0 R /XYZ 211.924 267.324 null] >> endobj 6582 0 obj << /D [6547 0 R /XYZ 71.731 232.29 null] >> endobj 6583 0 obj << /D [6547 0 R /XYZ 71.731 232.29 null] >> endobj 6584 0 obj << /D [6547 0 R /XYZ 199.352 221.495 null] >> endobj 6585 0 obj << /D [6547 0 R /XYZ 71.731 199.413 null] >> endobj 6586 0 obj << /D [6547 0 R /XYZ 71.731 199.413 null] >> endobj 6587 0 obj << /D [6547 0 R /XYZ 217.623 188.619 null] >> endobj 6588 0 obj << /D [6547 0 R /XYZ 71.731 153.585 null] >> endobj 6589 0 obj << /D [6547 0 R /XYZ 71.731 153.585 null] >> endobj 6590 0 obj << /D [6547 0 R /XYZ 232.577 142.791 null] >> endobj 1313 0 obj << /D [6547 0 R /XYZ 71.731 126.437 null] >> endobj 6546 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6593 0 obj << /Length 970 /Filter /FlateDecode >> stream xڵVn8+ IT LE) "BhMzhk?HږM'i0"a4`]D9)t%<#`M>Z_7*B<"q %vld[8BVvF}y;L"F$5@ 0L-ku ^0۝Y.&\L޽K =)FeZrfJxt=]8Tt2 yajoe[ ޼WKIaiM;X+>( ֮e}ŘYo;i і 5ySR: $1B9H(;Ag S]"@ %ԕ*Q밪z㓔mBqL/eА)7nqڍYVNdJCG;ad1*Ƀރ5/a^yc!a،(oDe9 BYt]+]x3qYՄ%! OamE2:7,OT^%Dc*k_ٞ"DɰM7ef[֡ƅ2@wv+7b(k@7Tj9x);QFOQf]?~hӴ|T'[_۔=W7|IeY64AB .d+$L2h’sມCl z鞔=KƢEI (/jͺt2}Bz K޺v@vJ6@ʊh$ż@xЄѹϣO[_?ywώ !`i;Z<|./u֝,;|u;>R #eg.f pyzOA}^원=n@?SLv{lݱ ؙ@ tngw% endstream endobj 6592 0 obj << /Type /Page /Contents 6593 0 R /Resources 6591 0 R /MediaBox [0 0 593.051 789.041] /Parent 6413 0 R >> endobj 6594 0 obj << /D [6592 0 R /XYZ -1.269 814.22 null] >> endobj 6595 0 obj << /D [6592 0 R /XYZ 71.731 741.22 null] >> endobj 866 0 obj << /D [6592 0 R /XYZ 344.644 705.748 null] >> endobj 6596 0 obj << /D [6592 0 R /XYZ 71.731 681.992 null] >> endobj 6597 0 obj << /D [6592 0 R /XYZ 71.731 618.585 null] >> endobj 6598 0 obj << /D [6592 0 R /XYZ 71.731 587.093 null] >> endobj 6599 0 obj << /D [6592 0 R /XYZ 71.731 587.093 null] >> endobj 6600 0 obj << /D [6592 0 R /XYZ 198.644 574.241 null] >> endobj 6601 0 obj << /D [6592 0 R /XYZ 71.731 552.876 null] >> endobj 6602 0 obj << /D [6592 0 R /XYZ 71.731 552.876 null] >> endobj 6603 0 obj << /D [6592 0 R /XYZ 206.056 541.364 null] >> endobj 6604 0 obj << /D [6592 0 R /XYZ 71.731 506.331 null] >> endobj 6605 0 obj << /D [6592 0 R /XYZ 71.731 506.331 null] >> endobj 6606 0 obj << /D [6592 0 R /XYZ 209.932 495.536 null] >> endobj 6607 0 obj << /D [6592 0 R /XYZ 71.731 475.431 null] >> endobj 6608 0 obj << /D [6592 0 R /XYZ 71.731 475.431 null] >> endobj 6609 0 obj << /D [6592 0 R /XYZ 206.345 462.659 null] >> endobj 6610 0 obj << /D [6592 0 R /XYZ 71.731 440.577 null] >> endobj 6611 0 obj << /D [6592 0 R /XYZ 71.731 440.577 null] >> endobj 6612 0 obj << /D [6592 0 R /XYZ 187.237 429.783 null] >> endobj 6613 0 obj << /D [6592 0 R /XYZ 71.731 407.7 null] >> endobj 6614 0 obj << /D [6592 0 R /XYZ 71.731 407.7 null] >> endobj 6615 0 obj << /D [6592 0 R /XYZ 201.633 396.906 null] >> endobj 6616 0 obj << /D [6592 0 R /XYZ 71.731 374.824 null] >> endobj 6617 0 obj << /D [6592 0 R /XYZ 71.731 374.824 null] >> endobj 6618 0 obj << /D [6592 0 R /XYZ 240.925 364.029 null] >> endobj 6619 0 obj << /D [6592 0 R /XYZ 71.731 341.947 null] >> endobj 6620 0 obj << /D [6592 0 R /XYZ 71.731 341.947 null] >> endobj 6621 0 obj << /D [6592 0 R /XYZ 254.205 331.152 null] >> endobj 6622 0 obj << /D [6592 0 R /XYZ 71.731 296.119 null] >> endobj 6623 0 obj << /D [6592 0 R /XYZ 71.731 296.119 null] >> endobj 6624 0 obj << /D [6592 0 R /XYZ 247.55 285.324 null] >> endobj 1314 0 obj << /D [6592 0 R /XYZ 71.731 269.344 null] >> endobj 870 0 obj << /D [6592 0 R /XYZ 336.949 225.873 null] >> endobj 6625 0 obj << /D [6592 0 R /XYZ 71.731 202.118 null] >> endobj 6626 0 obj << /D [6592 0 R /XYZ 71.731 170.914 null] >> endobj 6627 0 obj << /D [6592 0 R /XYZ 71.731 170.914 null] >> endobj 6628 0 obj << /D [6592 0 R /XYZ 71.731 138.71 null] >> endobj 6591 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6631 0 obj << /Length 1059 /Filter /FlateDecode >> stream xڽWKo6WP 6$%=ۤsiLzͿ/C?e{(o曏~ir5(GyJh2bJP)&ypZI=UGGJλzH@;[J?nu+`S?Vvq3:t!GLjb⌛A| Uۏ Y;ʞ gN@~\up1+2ϯ=a(I1mȫJah6t2(5m 6e dNm0`K1jJԢFjZ^^K_*u eUBN*B}(7\G G%晢$ϡ>(Ԑjff1¼tWZlz! C}'^?}usZ*mQOsDȅ|Mǹ9~~Tef&ڬJUH cB=u 'JJ;۲,u8*`ݚ-2]mgC6E-?,\W֐Rkee5m'iʛ Wr̮l+uyΘÆufd=="'5mN\\< Tb4?V6uϧ y[9qIPͦ'-Cy-Ds0M01m6٘ \E:*S['<IT{)EQ@m|/LͳīNծͿڭ-dfޗc9?šo9A)afou'/: > endobj 6632 0 obj << /D [6630 0 R /XYZ -1.269 814.22 null] >> endobj 6633 0 obj << /D [6630 0 R /XYZ 71.731 741.22 null] >> endobj 6634 0 obj << /D [6630 0 R /XYZ 71.731 718.306 null] >> endobj 6635 0 obj << /D [6630 0 R /XYZ 71.731 718.306 null] >> endobj 6636 0 obj << /D [6630 0 R /XYZ 208.039 708.344 null] >> endobj 6637 0 obj << /D [6630 0 R /XYZ 71.731 655.362 null] >> endobj 6638 0 obj << /D [6630 0 R /XYZ 71.731 655.362 null] >> endobj 6639 0 obj << /D [6630 0 R /XYZ 221.837 642.59 null] >> endobj 6640 0 obj << /D [6630 0 R /XYZ 71.731 620.508 null] >> endobj 6641 0 obj << /D [6630 0 R /XYZ 71.731 620.508 null] >> endobj 6642 0 obj << /D [6630 0 R /XYZ 222.953 609.714 null] >> endobj 6643 0 obj << /D [6630 0 R /XYZ 71.731 587.631 null] >> endobj 6644 0 obj << /D [6630 0 R /XYZ 71.731 587.631 null] >> endobj 6645 0 obj << /D [6630 0 R /XYZ 181.13 576.837 null] >> endobj 1315 0 obj << /D [6630 0 R /XYZ 71.731 560.483 null] >> endobj 874 0 obj << /D [6630 0 R /XYZ 292.998 517.386 null] >> endobj 6646 0 obj << /D [6630 0 R /XYZ 71.731 493.63 null] >> endobj 6647 0 obj << /D [6630 0 R /XYZ 71.731 462.427 null] >> endobj 6648 0 obj << /D [6630 0 R /XYZ 71.731 462.427 null] >> endobj 6649 0 obj << /D [6630 0 R /XYZ 71.731 430.223 null] >> endobj 6650 0 obj << /D [6630 0 R /XYZ 71.731 398.731 null] >> endobj 6651 0 obj << /D [6630 0 R /XYZ 71.731 398.731 null] >> endobj 6652 0 obj << /D [6630 0 R /XYZ 188.662 385.879 null] >> endobj 6653 0 obj << /D [6630 0 R /XYZ 71.731 364.514 null] >> endobj 6654 0 obj << /D [6630 0 R /XYZ 71.731 364.514 null] >> endobj 6655 0 obj << /D [6630 0 R /XYZ 186.649 353.002 null] >> endobj 6656 0 obj << /D [6630 0 R /XYZ 71.731 305.735 null] >> endobj 6657 0 obj << /D [6630 0 R /XYZ 71.731 305.735 null] >> endobj 6658 0 obj << /D [6630 0 R /XYZ 208.248 294.223 null] >> endobj 1316 0 obj << /D [6630 0 R /XYZ 71.731 277.869 null] >> endobj 878 0 obj << /D [6630 0 R /XYZ 485.741 234.772 null] >> endobj 6659 0 obj << /D [6630 0 R /XYZ 71.731 211.016 null] >> endobj 6660 0 obj << /D [6630 0 R /XYZ 71.731 179.813 null] >> endobj 6661 0 obj << /D [6630 0 R /XYZ 71.731 179.813 null] >> endobj 6662 0 obj << /D [6630 0 R /XYZ 71.731 147.608 null] >> endobj 6663 0 obj << /D [6630 0 R /XYZ 71.731 116.117 null] >> endobj 6664 0 obj << /D [6630 0 R /XYZ 71.731 116.117 null] >> endobj 6665 0 obj << /D [6630 0 R /XYZ 211.167 103.265 null] >> endobj 6629 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6669 0 obj << /Length 1143 /Filter /FlateDecode >> stream xWK663$e9lb1j $9m %UvÇU6H'93p~i}{BzS"?ONOӛyfs-"17ՌXEn6j&̸~el/ybE׳/_5gv)  `n Y aFTT|Zj>-ob}=…E'!jo>9Sh{3X JVfuWTfp˺@SvM&bj7 dm&{sƌ-C|y `\\X1 %VW#X08 40{lA<- 쬔tq|&81-v#Zǃ 83+! Uvn~?$wnkY~\9O+o2q*+ ntc>e0ySGdaWr҇J+І"2L1EQKdXn,?5ZViznNJ]k]n5lx> endobj 6670 0 obj << /D [6668 0 R /XYZ -1.269 814.22 null] >> endobj 6671 0 obj << /D [6668 0 R /XYZ 71.731 741.22 null] >> endobj 6672 0 obj << /D [6668 0 R /XYZ 71.731 718.306 null] >> endobj 6673 0 obj << /D [6668 0 R /XYZ 71.731 718.306 null] >> endobj 6674 0 obj << /D [6668 0 R /XYZ 218.868 708.344 null] >> endobj 6675 0 obj << /D [6668 0 R /XYZ 71.731 653.758 null] >> endobj 6676 0 obj << /D [6668 0 R /XYZ 71.731 653.758 null] >> endobj 6677 0 obj << /D [6668 0 R /XYZ 220.781 642.59 null] >> endobj 6678 0 obj << /D [6668 0 R /XYZ 71.731 620.882 null] >> endobj 6679 0 obj << /D [6668 0 R /XYZ 71.731 620.882 null] >> endobj 6680 0 obj << /D [6668 0 R /XYZ 218.37 609.714 null] >> endobj 6681 0 obj << /D [6668 0 R /XYZ 71.731 589.609 null] >> endobj 6682 0 obj << /D [6668 0 R /XYZ 71.731 589.609 null] >> endobj 6683 0 obj << /D [6668 0 R /XYZ 209.722 576.837 null] >> endobj 6684 0 obj << /D [6668 0 R /XYZ 71.731 541.803 null] >> endobj 6685 0 obj << /D [6668 0 R /XYZ 71.731 541.803 null] >> endobj 6686 0 obj << /D [6668 0 R /XYZ 215.71 531.009 null] >> endobj 6687 0 obj << /D [6668 0 R /XYZ 71.731 508.927 null] >> endobj 6688 0 obj << /D [6668 0 R /XYZ 71.731 508.927 null] >> endobj 6689 0 obj << /D [6668 0 R /XYZ 212.383 498.132 null] >> endobj 1317 0 obj << /D [6668 0 R /XYZ 71.731 468.827 null] >> endobj 882 0 obj << /D [6668 0 R /XYZ 316.274 425.73 null] >> endobj 6690 0 obj << /D [6668 0 R /XYZ 71.731 401.974 null] >> endobj 6691 0 obj << /D [6668 0 R /XYZ 71.731 370.771 null] >> endobj 6692 0 obj << /D [6668 0 R /XYZ 71.731 370.771 null] >> endobj 6693 0 obj << /D [6668 0 R /XYZ 71.731 338.566 null] >> endobj 6694 0 obj << /D [6668 0 R /XYZ 71.731 307.075 null] >> endobj 6695 0 obj << /D [6668 0 R /XYZ 71.731 307.075 null] >> endobj 6696 0 obj << /D [6668 0 R /XYZ 197.867 294.223 null] >> endobj 6697 0 obj << /D [6668 0 R /XYZ 71.731 272.858 null] >> endobj 6698 0 obj << /D [6668 0 R /XYZ 71.731 272.858 null] >> endobj 6699 0 obj << /D [6668 0 R /XYZ 205.568 261.346 null] >> endobj 6700 0 obj << /D [6668 0 R /XYZ 71.731 239.264 null] >> endobj 6701 0 obj << /D [6668 0 R /XYZ 71.731 239.264 null] >> endobj 6702 0 obj << /D [6668 0 R /XYZ 210.629 228.469 null] >> endobj 6703 0 obj << /D [6668 0 R /XYZ 71.731 206.387 null] >> endobj 6704 0 obj << /D [6668 0 R /XYZ 71.731 206.387 null] >> endobj 6705 0 obj << /D [6668 0 R /XYZ 208.607 195.593 null] >> endobj 6706 0 obj << /D [6668 0 R /XYZ 71.731 160.559 null] >> endobj 6707 0 obj << /D [6668 0 R /XYZ 71.731 160.559 null] >> endobj 6708 0 obj << /D [6668 0 R /XYZ 199.003 149.764 null] >> endobj 6667 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6711 0 obj << /Length 1205 /Filter /FlateDecode >> stream xWn8}W64qm TڇN;j*UjVU@C^cI;J =\`oa/+bsʽ)A{OQĨ7ϼf#x(Ó duc)a-JPBj02=7j><&#cF1E~ @ G:)M{uՊf7c/o؛)B~0౏Rxb$H*2(xR(BOBԩCȄFԕ4`7C.o]BҢK"!kHs@!aS=@ZbO,qF@{‚#hoʾ; YxW<+D}5ynJOB;c.bO\PdNr1oc*x1#!'ha"`dpıNAA0|W뺮nju(3yh!.%cZDs\$9;b,f=$?ts;ӣy0 y0k>MI4iN|zq66US}6<:{j}.J!c4ԻD-@/A a>ie׊M!EP"; eV4[lπ?⦆736ѣemD-SB@( "P+\J5WgfYcv~K֥5"BUl8 U?D)Zg]foU:+TH|l'o ^e][L:{:x 5FI䈣<<ߧ\ui~"x4::2g:ib~FwU/1cS&Aent0vm6om*mC-0-Y P|ͧ$mFHwoy'e})ڭN18g~PhCGY.ڝqn^f/u!%\íش c֍.˝5k`ZRdYlŪc5߈O'_r/]#yި-D(U^8{,\Gz,֖$كRi Uu: R-|>֝ml֗s*Dv]FHgօ*G# f>!|  endstream endobj 6710 0 obj << /Type /Page /Contents 6711 0 R /Resources 6709 0 R /MediaBox [0 0 593.051 789.041] /Parent 6666 0 R >> endobj 6712 0 obj << /D [6710 0 R /XYZ -1.269 814.22 null] >> endobj 6713 0 obj << /D [6710 0 R /XYZ 71.731 741.22 null] >> endobj 6714 0 obj << /D [6710 0 R /XYZ 71.731 718.306 null] >> endobj 6715 0 obj << /D [6710 0 R /XYZ 71.731 718.306 null] >> endobj 6716 0 obj << /D [6710 0 R /XYZ 209.683 708.344 null] >> endobj 6717 0 obj << /D [6710 0 R /XYZ 71.731 640.807 null] >> endobj 6718 0 obj << /D [6710 0 R /XYZ 71.731 640.807 null] >> endobj 6719 0 obj << /D [6710 0 R /XYZ 191.432 629.639 null] >> endobj 6720 0 obj << /D [6710 0 R /XYZ 71.731 607.557 null] >> endobj 6721 0 obj << /D [6710 0 R /XYZ 71.731 607.557 null] >> endobj 6722 0 obj << /D [6710 0 R /XYZ 207.282 596.762 null] >> endobj 6723 0 obj << /D [6710 0 R /XYZ 71.731 574.68 null] >> endobj 6724 0 obj << /D [6710 0 R /XYZ 71.731 574.68 null] >> endobj 6725 0 obj << /D [6710 0 R /XYZ 208.936 563.885 null] >> endobj 1318 0 obj << /D [6710 0 R /XYZ 71.731 560.483 null] >> endobj 886 0 obj << /D [6710 0 R /XYZ 341.253 517.386 null] >> endobj 6726 0 obj << /D [6710 0 R /XYZ 71.731 493.63 null] >> endobj 6727 0 obj << /D [6710 0 R /XYZ 71.731 462.427 null] >> endobj 6728 0 obj << /D [6710 0 R /XYZ 71.731 462.427 null] >> endobj 6729 0 obj << /D [6710 0 R /XYZ 71.731 429.685 null] >> endobj 6730 0 obj << /D [6710 0 R /XYZ 71.731 429.685 null] >> endobj 6731 0 obj << /D [6710 0 R /XYZ 187.566 418.756 null] >> endobj 6732 0 obj << /D [6710 0 R /XYZ 71.731 396.808 null] >> endobj 6733 0 obj << /D [6710 0 R /XYZ 71.731 396.808 null] >> endobj 6734 0 obj << /D [6710 0 R /XYZ 194.62 385.879 null] >> endobj 6735 0 obj << /D [6710 0 R /XYZ 71.731 350.845 null] >> endobj 6736 0 obj << /D [6710 0 R /XYZ 71.731 350.845 null] >> endobj 6737 0 obj << /D [6710 0 R /XYZ 185.564 340.051 null] >> endobj 6738 0 obj << /D [6710 0 R /XYZ 71.731 317.969 null] >> endobj 6739 0 obj << /D [6710 0 R /XYZ 71.731 317.969 null] >> endobj 6740 0 obj << /D [6710 0 R /XYZ 194.769 307.174 null] >> endobj 6741 0 obj << /D [6710 0 R /XYZ 71.731 285.226 null] >> endobj 6742 0 obj << /D [6710 0 R /XYZ 71.731 285.226 null] >> endobj 6743 0 obj << /D [6710 0 R /XYZ 188.234 274.297 null] >> endobj 6744 0 obj << /D [6710 0 R /XYZ 71.731 252.35 null] >> endobj 6745 0 obj << /D [6710 0 R /XYZ 71.731 252.35 null] >> endobj 6746 0 obj << /D [6710 0 R /XYZ 198.296 241.421 null] >> endobj 6747 0 obj << /D [6710 0 R /XYZ 71.731 206.387 null] >> endobj 6748 0 obj << /D [6710 0 R /XYZ 71.731 206.387 null] >> endobj 6749 0 obj << /D [6710 0 R /XYZ 219.616 195.593 null] >> endobj 6750 0 obj << /D [6710 0 R /XYZ 71.731 160.559 null] >> endobj 6751 0 obj << /D [6710 0 R /XYZ 71.731 160.559 null] >> endobj 6752 0 obj << /D [6710 0 R /XYZ 228.014 149.764 null] >> endobj 6709 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6755 0 obj << /Length 1128 /Filter /FlateDecode >> stream xڽWɎ6W`HrH/I0̤ - EEz), r)H{6^ 2$V[/ eA%AiDU~iV|A"v?|];ьʒ[1ϵf#s2gqHG~,OP&Qڑ/kޱ9vơڙw̴UG Vw$ZHf7LE0;-kx+9Յ[}ʚğ)7~̷(eE͞='[^@-Pf%#?g9J.59t&vL12ǔB'\^^LcƁ%jyh 4I#B?w lcGMTTܵ3!OѦ%W3JKƌ]2r Umx䔬KDͥ(-<9f*Ym-9$diy,ήuTâ(G3e)$6k&51b )JҁƊY-kZ/'}`-V%)9SfV)ul: 0xҗw Ċ?BְRZV'ɒS WWJ?ҤB3nkcM*m\zA|ݫ+_rȼ$ܽ` :W9')%^3ziZaA%"@4@qgZ_Ol~ofs_ ~1^x 0<,o{iP栾1MPS؝SdJ0E"'Ţ"E jRL%tMkƓɍ6[qvH׸.e8wDPBFE =v<ˆĎ<1Ԯ]-Zͬ~]O@gnotDd :sQo(Zv z'_{jH`bMS8p{/A;H"MՀ(pwI# *4S3d endstream endobj 6754 0 obj << /Type /Page /Contents 6755 0 R /Resources 6753 0 R /MediaBox [0 0 593.051 789.041] /Parent 6666 0 R >> endobj 6756 0 obj << /D [6754 0 R /XYZ -1.269 814.22 null] >> endobj 6757 0 obj << /D [6754 0 R /XYZ 71.731 741.22 null] >> endobj 6758 0 obj << /D [6754 0 R /XYZ 71.731 718.306 null] >> endobj 6759 0 obj << /D [6754 0 R /XYZ 71.731 718.306 null] >> endobj 6760 0 obj << /D [6754 0 R /XYZ 212.134 708.344 null] >> endobj 6761 0 obj << /D [6754 0 R /XYZ 71.731 627.856 null] >> endobj 6762 0 obj << /D [6754 0 R /XYZ 71.731 627.856 null] >> endobj 6763 0 obj << /D [6754 0 R /XYZ 201.603 616.687 null] >> endobj 6764 0 obj << /D [6754 0 R /XYZ 71.731 582.027 null] >> endobj 6765 0 obj << /D [6754 0 R /XYZ 71.731 582.027 null] >> endobj 6766 0 obj << /D [6754 0 R /XYZ 188.333 570.859 null] >> endobj 6767 0 obj << /D [6754 0 R /XYZ 71.731 535.826 null] >> endobj 6768 0 obj << /D [6754 0 R /XYZ 71.731 535.826 null] >> endobj 6769 0 obj << /D [6754 0 R /XYZ 180.582 525.031 null] >> endobj 6770 0 obj << /D [6754 0 R /XYZ 71.731 490.371 null] >> endobj 6771 0 obj << /D [6754 0 R /XYZ 71.731 490.371 null] >> endobj 6772 0 obj << /D [6754 0 R /XYZ 71.731 457.121 null] >> endobj 6773 0 obj << /D [6754 0 R /XYZ 71.731 457.121 null] >> endobj 6774 0 obj << /D [6754 0 R /XYZ 188.712 446.326 null] >> endobj 6775 0 obj << /D [6754 0 R /XYZ 71.731 413.35 null] >> endobj 6776 0 obj << /D [6754 0 R /XYZ 71.731 413.35 null] >> endobj 6777 0 obj << /D [6754 0 R /XYZ 71.731 378.416 null] >> endobj 6778 0 obj << /D [6754 0 R /XYZ 71.731 378.416 null] >> endobj 6779 0 obj << /D [6754 0 R /XYZ 180.582 367.621 null] >> endobj 1319 0 obj << /D [6754 0 R /XYZ 71.731 351.268 null] >> endobj 890 0 obj << /D [6754 0 R /XYZ 194.2 308.17 null] >> endobj 6780 0 obj << /D [6754 0 R /XYZ 71.731 288.03 null] >> endobj 6781 0 obj << /D [6754 0 R /XYZ 71.731 253.212 null] >> endobj 6782 0 obj << /D [6754 0 R /XYZ 71.731 253.212 null] >> endobj 6783 0 obj << /D [6754 0 R /XYZ 71.731 221.007 null] >> endobj 6784 0 obj << /D [6754 0 R /XYZ 71.731 189.515 null] >> endobj 6785 0 obj << /D [6754 0 R /XYZ 71.731 189.515 null] >> endobj 6786 0 obj << /D [6754 0 R /XYZ 172.273 176.664 null] >> endobj 6787 0 obj << /D [6754 0 R /XYZ 71.731 141.63 null] >> endobj 6788 0 obj << /D [6754 0 R /XYZ 71.731 141.63 null] >> endobj 6789 0 obj << /D [6754 0 R /XYZ 177.245 130.835 null] >> endobj 6790 0 obj << /D [6754 0 R /XYZ 71.731 109.127 null] >> endobj 6791 0 obj << /D [6754 0 R /XYZ 71.731 109.127 null] >> endobj 6792 0 obj << /D [6754 0 R /XYZ 175.79 97.959 null] >> endobj 6753 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6795 0 obj << /Length 1382 /Filter /FlateDecode >> stream xڥXMo8W CQ> !it7- Zm!2iRl)t^"!f{O C w հ·Jũx)eřw$1=wMHשTJvV()M>?DIZI};#*Up!„:̶?4>Y2lyQ,fˋk6^‚Ȣȥ*y*PF`kؒ9ct]6N"NVY*4sPs~8θ-7R¾vG뇠oFjXErR{Y F(YeУiyo!KZ؍0'А夘PDlխxtKc/E^̥Z@Ǘ Ŭ.hg: i0FFh\{!"f޵ IHyzǤclUZݕv@[O'd9cpڭ.yguB;e /f\}nwA(yGЮ,.*y<C>b/Jt_` :U9+]s4.&ɓ.GLO+⯫lѐj?,F(7phꨓg:>^nF3((ǝ68y :~*,;\MJQBYNXh ث֚/gGت_N =bd;}򲂫4v n~6I'WuZ9rPz>=<"2p[e6 MNAL{,NUEY endstream endobj 6794 0 obj << /Type /Page /Contents 6795 0 R /Resources 6793 0 R /MediaBox [0 0 593.051 789.041] /Parent 6666 0 R >> endobj 6796 0 obj << /D [6794 0 R /XYZ -1.269 814.22 null] >> endobj 6797 0 obj << /D [6794 0 R /XYZ 71.731 718.306 null] >> endobj 6798 0 obj << /D [6794 0 R /XYZ 71.731 718.306 null] >> endobj 6799 0 obj << /D [6794 0 R /XYZ 172.164 708.344 null] >> endobj 6800 0 obj << /D [6794 0 R /XYZ 71.731 653.385 null] >> endobj 6801 0 obj << /D [6794 0 R /XYZ 71.731 653.385 null] >> endobj 6802 0 obj << /D [6794 0 R /XYZ 213.02 642.59 null] >> endobj 6803 0 obj << /D [6794 0 R /XYZ 71.731 620.508 null] >> endobj 6804 0 obj << /D [6794 0 R /XYZ 71.731 620.508 null] >> endobj 6805 0 obj << /D [6794 0 R /XYZ 182.574 609.714 null] >> endobj 6806 0 obj << /D [6794 0 R /XYZ 71.731 587.631 null] >> endobj 6807 0 obj << /D [6794 0 R /XYZ 71.731 587.631 null] >> endobj 6808 0 obj << /D [6794 0 R /XYZ 190.196 576.837 null] >> endobj 1320 0 obj << /D [6794 0 R /XYZ 71.731 562.541 null] >> endobj 894 0 obj << /D [6794 0 R /XYZ 235.344 517.386 null] >> endobj 6809 0 obj << /D [6794 0 R /XYZ 71.731 497.245 null] >> endobj 6810 0 obj << /D [6794 0 R /XYZ 71.731 462.427 null] >> endobj 6811 0 obj << /D [6794 0 R /XYZ 71.731 462.427 null] >> endobj 6812 0 obj << /D [6794 0 R /XYZ 71.731 430.223 null] >> endobj 6813 0 obj << /D [6794 0 R /XYZ 71.731 398.731 null] >> endobj 6814 0 obj << /D [6794 0 R /XYZ 71.731 398.731 null] >> endobj 6815 0 obj << /D [6794 0 R /XYZ 160.647 385.879 null] >> endobj 6816 0 obj << /D [6794 0 R /XYZ 71.731 364.17 null] >> endobj 6817 0 obj << /D [6794 0 R /XYZ 71.731 364.17 null] >> endobj 6818 0 obj << /D [6794 0 R /XYZ 192.736 353.002 null] >> endobj 6819 0 obj << /D [6794 0 R /XYZ 71.731 292.439 null] >> endobj 6820 0 obj << /D [6794 0 R /XYZ 71.731 292.439 null] >> endobj 6821 0 obj << /D [6794 0 R /XYZ 184.009 281.271 null] >> endobj 6822 0 obj << /D [6794 0 R /XYZ 71.731 246.611 null] >> endobj 6823 0 obj << /D [6794 0 R /XYZ 71.731 246.611 null] >> endobj 6824 0 obj << /D [6794 0 R /XYZ 205.23 235.443 null] >> endobj 6825 0 obj << /D [6794 0 R /XYZ 71.731 202.467 null] >> endobj 6826 0 obj << /D [6794 0 R /XYZ 71.731 202.467 null] >> endobj 6827 0 obj << /D [6794 0 R /XYZ 173.957 189.615 null] >> endobj 6828 0 obj << /D [6794 0 R /XYZ 71.731 154.581 null] >> endobj 6829 0 obj << /D [6794 0 R /XYZ 71.731 154.581 null] >> endobj 6830 0 obj << /D [6794 0 R /XYZ 170.072 143.787 null] >> endobj 6831 0 obj << /D [6794 0 R /XYZ 71.731 121.705 null] >> endobj 6832 0 obj << /D [6794 0 R /XYZ 71.731 121.705 null] >> endobj 6833 0 obj << /D [6794 0 R /XYZ 184.208 110.91 null] >> endobj 6793 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6836 0 obj << /Length 1506 /Filter /FlateDecode >> stream xXn6}W-6P3u/Ї4[nۗnQmDDmP$eIa(l^LI̜9gf<ٕb$w38(vYdNgϫ){\,H3d ǟ'R}osS)0)S5,\t)`G4cI0AnC>!OMIQ16gWE:A¾ݪ\0}&$TSa̗qU3^3vV&D(h${(|,6h>H\HfKuP{0 (63i@R* ԊE͟*jNji8}s~\^_ޝݬ/(pWpn~+2Z 0eSz _xL1>rc2gWT95* KkktT|Ds E8!m薗icqs oK!" #†J=^Xf}Y:E$,@ ϭ1V+R3"F0wg8_/z'ъ Ш7JDfҌxm0Ìo5;q*yIHJmCRZ@sީT #h)]8|5֬I69]I0dL[^@kh:rba#jV ye ڍNe[lh=(D=pAb,c_V|uNc1IOn7s0K|f57>@h]Le”P4otL͂ykWMSDo9 G9.)\rV6T^ل#? J[2h ZeRPCqBwyn"*T 1ZawNUe y`ۚ\ ZK)XgF*ĬK]L0@1:Eʖ"I,BFJˠL潨@P2pJu"OK4lZP@ =rV/+Z`>!?م`2FĒVX9il^ ۹(cfl{kzu0 / ! 2-ȳuI ( vnϵOQ49X4|4i]Xz/Ҟ{Tʛ V㎝%g)+ܖ; Aƽ8r2&)D*{_! FmH 6JX1i@!Dt?gzTLگCU)`,)Iq3M^9S, F7[?r5~>bbEv% }[p+_є݀ S p{! =wń )Pt@[dnjZuo[ Fn _ızDeToQKqsVY7[  њ?* endstream endobj 6835 0 obj << /Type /Page /Contents 6836 0 R /Resources 6834 0 R /MediaBox [0 0 593.051 789.041] /Parent 6666 0 R >> endobj 6837 0 obj << /D [6835 0 R /XYZ -1.269 814.22 null] >> endobj 6838 0 obj << /D [6835 0 R /XYZ 71.731 718.306 null] >> endobj 6839 0 obj << /D [6835 0 R /XYZ 71.731 718.306 null] >> endobj 6840 0 obj << /D [6835 0 R /XYZ 210.669 708.344 null] >> endobj 6841 0 obj << /D [6835 0 R /XYZ 71.731 674.286 null] >> endobj 6842 0 obj << /D [6835 0 R /XYZ 71.731 674.286 null] >> endobj 6843 0 obj << /D [6835 0 R /XYZ 169.325 662.516 null] >> endobj 6844 0 obj << /D [6835 0 R /XYZ 71.731 629.539 null] >> endobj 6845 0 obj << /D [6835 0 R /XYZ 71.731 629.539 null] >> endobj 6846 0 obj << /D [6835 0 R /XYZ 182.615 616.687 null] >> endobj 6847 0 obj << /D [6835 0 R /XYZ 71.731 594.605 null] >> endobj 6848 0 obj << /D [6835 0 R /XYZ 71.731 594.605 null] >> endobj 6849 0 obj << /D [6835 0 R /XYZ 172.273 583.811 null] >> endobj 6850 0 obj << /D [6835 0 R /XYZ 71.731 562.102 null] >> endobj 6851 0 obj << /D [6835 0 R /XYZ 71.731 562.102 null] >> endobj 6852 0 obj << /D [6835 0 R /XYZ 184.438 550.934 null] >> endobj 6853 0 obj << /D [6835 0 R /XYZ 71.731 492.055 null] >> endobj 6854 0 obj << /D [6835 0 R /XYZ 71.731 492.055 null] >> endobj 6855 0 obj << /D [6835 0 R /XYZ 196.443 479.203 null] >> endobj 6856 0 obj << /D [6835 0 R /XYZ 71.731 444.169 null] >> endobj 6857 0 obj << /D [6835 0 R /XYZ 71.731 444.169 null] >> endobj 6858 0 obj << /D [6835 0 R /XYZ 228.173 433.375 null] >> endobj 6859 0 obj << /D [6835 0 R /XYZ 386.926 420.423 null] >> endobj 6860 0 obj << /D [6835 0 R /XYZ 71.731 372.438 null] >> endobj 6861 0 obj << /D [6835 0 R /XYZ 71.731 372.438 null] >> endobj 6862 0 obj << /D [6835 0 R /XYZ 215.78 361.644 null] >> endobj 6863 0 obj << /D [6835 0 R /XYZ 71.731 339.562 null] >> endobj 6864 0 obj << /D [6835 0 R /XYZ 71.731 339.562 null] >> endobj 6865 0 obj << /D [6835 0 R /XYZ 206.355 328.767 null] >> endobj 6866 0 obj << /D [6835 0 R /XYZ 71.731 282.72 null] >> endobj 6867 0 obj << /D [6835 0 R /XYZ 71.731 282.72 null] >> endobj 6868 0 obj << /D [6835 0 R /XYZ 207.611 269.988 null] >> endobj 6869 0 obj << /D [6835 0 R /XYZ 71.731 223.94 null] >> endobj 6870 0 obj << /D [6835 0 R /XYZ 71.731 223.94 null] >> endobj 6871 0 obj << /D [6835 0 R /XYZ 224.866 211.208 null] >> endobj 6872 0 obj << /D [6835 0 R /XYZ 71.731 163.223 null] >> endobj 6873 0 obj << /D [6835 0 R /XYZ 71.731 163.223 null] >> endobj 6874 0 obj << /D [6835 0 R /XYZ 209.932 152.428 null] >> endobj 6834 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6877 0 obj << /Length 1380 /Filter /FlateDecode >> stream xXYo6~ϯ[l(*Eb dk~k [BcERM'-Pltof8gxջ՛[f19ÌQb"Fl=eŒxkYcLm g7U=Qϖs&b'M?ȞϿ,(Hdq.F]|Xf~yDS3{Gz$'!8lc0(qަ1F̉Yɝ<*Y4Csa22v`>QA-h!S=(Ô110 b@Vχrbr쏘XQY(CZ%FY+5GkKpՁd+.cǡғNlSPy*mEǾv][76)E6Sd'+>+nack/ ߨbo)G)O,f:J<Y-Rr3yBk@'cb.6j\Ot<ɲǃm޺yҸlv2zT]G?QeVtrwo7S ^(@|mA"=~dϹ,tSM;ujJj gY# O?5d0Gf(A/PQ(ivSKE4PƳ+w, Ή>2wd96pg zyB#kѹ@QD1|mU7/@$Wd[VD F@)pM=M=;nd9?|<'۸90:3Bʍa'g> endobj 6878 0 obj << /D [6876 0 R /XYZ -1.269 814.22 null] >> endobj 6879 0 obj << /D [6876 0 R /XYZ 71.731 741.22 null] >> endobj 6880 0 obj << /D [6876 0 R /XYZ 71.731 718.306 null] >> endobj 6881 0 obj << /D [6876 0 R /XYZ 71.731 718.306 null] >> endobj 6882 0 obj << /D [6876 0 R /XYZ 186.301 708.344 null] >> endobj 6883 0 obj << /D [6876 0 R /XYZ 71.731 673.31 null] >> endobj 6884 0 obj << /D [6876 0 R /XYZ 71.731 673.31 null] >> endobj 6885 0 obj << /D [6876 0 R /XYZ 193.125 662.516 null] >> endobj 6886 0 obj << /D [6876 0 R /XYZ 71.731 640.433 null] >> endobj 6887 0 obj << /D [6876 0 R /XYZ 71.731 640.433 null] >> endobj 6888 0 obj << /D [6876 0 R /XYZ 180.024 629.639 null] >> endobj 6889 0 obj << /D [6876 0 R /XYZ 226.416 629.639 null] >> endobj 6890 0 obj << /D [6876 0 R /XYZ 71.731 607.557 null] >> endobj 6891 0 obj << /D [6876 0 R /XYZ 71.731 607.557 null] >> endobj 6892 0 obj << /D [6876 0 R /XYZ 195.815 596.762 null] >> endobj 6893 0 obj << /D [6876 0 R /XYZ 71.731 561.729 null] >> endobj 6894 0 obj << /D [6876 0 R /XYZ 71.731 561.729 null] >> endobj 6895 0 obj << /D [6876 0 R /XYZ 200.497 550.934 null] >> endobj 6896 0 obj << /D [6876 0 R /XYZ 71.731 515.9 null] >> endobj 6897 0 obj << /D [6876 0 R /XYZ 71.731 515.9 null] >> endobj 6898 0 obj << /D [6876 0 R /XYZ 194.4 505.106 null] >> endobj 6899 0 obj << /D [6876 0 R /XYZ 71.731 470.072 null] >> endobj 6900 0 obj << /D [6876 0 R /XYZ 71.731 470.072 null] >> endobj 6901 0 obj << /D [6876 0 R /XYZ 197.718 459.278 null] >> endobj 6902 0 obj << /D [6876 0 R /XYZ 71.731 424.244 null] >> endobj 6903 0 obj << /D [6876 0 R /XYZ 71.731 424.244 null] >> endobj 6904 0 obj << /D [6876 0 R /XYZ 71.731 391.367 null] >> endobj 6905 0 obj << /D [6876 0 R /XYZ 71.731 391.367 null] >> endobj 6906 0 obj << /D [6876 0 R /XYZ 180.393 380.573 null] >> endobj 6907 0 obj << /D [6876 0 R /XYZ 71.731 358.491 null] >> endobj 6908 0 obj << /D [6876 0 R /XYZ 71.731 358.491 null] >> endobj 6909 0 obj << /D [6876 0 R /XYZ 179.466 347.696 null] >> endobj 6910 0 obj << /D [6876 0 R /XYZ 71.731 325.614 null] >> endobj 6911 0 obj << /D [6876 0 R /XYZ 71.731 325.614 null] >> endobj 6912 0 obj << /D [6876 0 R /XYZ 182.784 314.819 null] >> endobj 6913 0 obj << /D [6876 0 R /XYZ 71.731 292.737 null] >> endobj 6914 0 obj << /D [6876 0 R /XYZ 71.731 292.737 null] >> endobj 6915 0 obj << /D [6876 0 R /XYZ 177.255 281.943 null] >> endobj 6916 0 obj << /D [6876 0 R /XYZ 71.731 259.861 null] >> endobj 6917 0 obj << /D [6876 0 R /XYZ 71.731 259.861 null] >> endobj 6918 0 obj << /D [6876 0 R /XYZ 188.323 249.066 null] >> endobj 6919 0 obj << /D [6876 0 R /XYZ 71.731 227.926 null] >> endobj 6920 0 obj << /D [6876 0 R /XYZ 71.731 227.926 null] >> endobj 6921 0 obj << /D [6876 0 R /XYZ 177.046 216.189 null] >> endobj 6922 0 obj << /D [6876 0 R /XYZ 71.731 194.481 null] >> endobj 6923 0 obj << /D [6876 0 R /XYZ 71.731 194.481 null] >> endobj 6924 0 obj << /D [6876 0 R /XYZ 182.704 183.313 null] >> endobj 6925 0 obj << /D [6876 0 R /XYZ 71.731 161.23 null] >> endobj 6926 0 obj << /D [6876 0 R /XYZ 71.731 161.23 null] >> endobj 6927 0 obj << /D [6876 0 R /XYZ 193.693 150.436 null] >> endobj 6875 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6931 0 obj << /Length 1609 /Filter /FlateDecode >> stream xڥXMo6WRZ4iME=D7I}")K61͛y'\Iȋ&JtJBo*&Mo{ͽOoW罘pzZR=ouY]od9{6='1 DHՌ$SVG 7AOjO"  }ػ[ye60PJdpb!6z^]m+-jLéc[;qvdW\*fXN-v!n0xF9B%FI=y/icC(dGzjS--0AI-*Ӯ+YG8]m9o /)BdAM[{%˭9#ơ.5(nd 9X#oVK.u  1KoEV-OK}JK"S奞aY\ jK.yհsViP 7FF&ݏA}Dp@Gi* @RaG@iƠJRF( (1Ce#<1(yeg^8}aX4}ExGn$LƷ YkPMSWWClH7菒LbcCvw)PgK\:;T)ݵ"?u֤3r<8Kne&G|T*jV3Yٶ=,h#hڈ44%=|(@wgANbpWk+YܚarLuJdEt@Bl$uhҴOc~N~plშ5\^B5blR#(3tCb031@,von><XpTU9 \71GwX~KSTBD=J r_6ڝ[s9Bؑd\X\EV5)afp: _P& "jeS'm ͖-;-(^~CX(; d?Tpj1^%JcܓeVR;LxGҫyK2_;Z{+b5ʬf̀rP'2fؒTKɳ:Le☢$Is將˜$[ e,:gS> endobj 6932 0 obj << /D [6930 0 R /XYZ -1.269 814.22 null] >> endobj 6933 0 obj << /D [6930 0 R /XYZ 71.731 741.22 null] >> endobj 6934 0 obj << /D [6930 0 R /XYZ 71.731 718.306 null] >> endobj 6935 0 obj << /D [6930 0 R /XYZ 71.731 718.306 null] >> endobj 6936 0 obj << /D [6930 0 R /XYZ 188.482 708.344 null] >> endobj 6937 0 obj << /D [6930 0 R /XYZ 71.731 641.635 null] >> endobj 6938 0 obj << /D [6930 0 R /XYZ 71.731 641.635 null] >> endobj 6939 0 obj << /D [6930 0 R /XYZ 187.676 629.639 null] >> endobj 6940 0 obj << /D [6930 0 R /XYZ 71.731 607.557 null] >> endobj 6941 0 obj << /D [6930 0 R /XYZ 71.731 607.557 null] >> endobj 6942 0 obj << /D [6930 0 R /XYZ 192.657 596.762 null] >> endobj 6943 0 obj << /D [6930 0 R /XYZ 71.731 561.729 null] >> endobj 6944 0 obj << /D [6930 0 R /XYZ 71.731 528.852 null] >> endobj 6945 0 obj << /D [6930 0 R /XYZ 71.731 528.852 null] >> endobj 6946 0 obj << /D [6930 0 R /XYZ 180.313 518.057 null] >> endobj 6947 0 obj << /D [6930 0 R /XYZ 71.731 495.975 null] >> endobj 6948 0 obj << /D [6930 0 R /XYZ 71.731 495.975 null] >> endobj 6949 0 obj << /D [6930 0 R /XYZ 173.937 485.181 null] >> endobj 6950 0 obj << /D [6930 0 R /XYZ 71.731 463.098 null] >> endobj 6951 0 obj << /D [6930 0 R /XYZ 71.731 463.098 null] >> endobj 6952 0 obj << /D [6930 0 R /XYZ 187.028 452.304 null] >> endobj 6953 0 obj << /D [6930 0 R /XYZ 71.731 417.27 null] >> endobj 6954 0 obj << /D [6930 0 R /XYZ 71.731 417.27 null] >> endobj 6955 0 obj << /D [6930 0 R /XYZ 200.866 406.476 null] >> endobj 6956 0 obj << /D [6930 0 R /XYZ 71.731 384.767 null] >> endobj 6957 0 obj << /D [6930 0 R /XYZ 71.731 384.767 null] >> endobj 6958 0 obj << /D [6930 0 R /XYZ 224.307 373.599 null] >> endobj 6959 0 obj << /D [6930 0 R /XYZ 71.731 353.494 null] >> endobj 6960 0 obj << /D [6930 0 R /XYZ 71.731 353.494 null] >> endobj 6961 0 obj << /D [6930 0 R /XYZ 187.576 340.722 null] >> endobj 6962 0 obj << /D [6930 0 R /XYZ 71.731 305.689 null] >> endobj 6963 0 obj << /D [6930 0 R /XYZ 71.731 305.689 null] >> endobj 6964 0 obj << /D [6930 0 R /XYZ 207.152 294.894 null] >> endobj 6965 0 obj << /D [6930 0 R /XYZ 71.731 261.918 null] >> endobj 6966 0 obj << /D [6930 0 R /XYZ 71.731 261.918 null] >> endobj 6967 0 obj << /D [6930 0 R /XYZ 190.544 249.066 null] >> endobj 6968 0 obj << /D [6930 0 R /XYZ 200.398 249.066 null] >> endobj 6969 0 obj << /D [6930 0 R /XYZ 249.702 236.115 null] >> endobj 6970 0 obj << /D [6930 0 R /XYZ 71.731 214.032 null] >> endobj 6971 0 obj << /D [6930 0 R /XYZ 71.731 214.032 null] >> endobj 6972 0 obj << /D [6930 0 R /XYZ 185.015 203.238 null] >> endobj 6973 0 obj << /D [6930 0 R /XYZ 71.731 157.31 null] >> endobj 6974 0 obj << /D [6930 0 R /XYZ 71.731 157.31 null] >> endobj 6975 0 obj << /D [6930 0 R /XYZ 209.165 144.458 null] >> endobj 6929 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 6978 0 obj << /Length 1524 /Filter /FlateDecode >> stream xXI6ϯFcCHA㞚H%DZ:>6Ƥ$"{«w77;[%( iV%(UQtVoO'.fK~S/cWoHfm!VKߛg2sLȓlz*G^7^1 d% 4h593в|{*hY?+ 0Mɚ|ٍkSxn=c,8te9ڂ<2cq7{Qc48:8|5e䗰O"ib/ƞb) !*By3I^jA!^>Հ `]3ZZonYW~-of9J|޷pNs?ӫ;)<}t"d{L8cDh~0iıG>ȃ^ !3Ą5!=̰Z)1wkW@N8Ë3uʃqZLXzo5]LP˒!ʢ]C{36 ~$A^rJSKޏ-@i> " dY>wUV8s(~wYS &Bhδ^+dWa.3vO-H7riY`%|G٘o9NğGhT|ʪNL8F]7~uIϟD~_Z!ȱo)oZy^Fϼh ! п:,(/H6m,2efܹn3N!#X43(AܫBRFc,t8sA >mޚl=DI8B/mu5/[& ʖ&k;B Siם2Dv}&u*L{z^Hm3`]i,e> endobj 6979 0 obj << /D [6977 0 R /XYZ -1.269 814.22 null] >> endobj 6980 0 obj << /D [6977 0 R /XYZ 71.731 718.306 null] >> endobj 6981 0 obj << /D [6977 0 R /XYZ 71.731 718.306 null] >> endobj 6982 0 obj << /D [6977 0 R /XYZ 181.509 708.344 null] >> endobj 6983 0 obj << /D [6977 0 R /XYZ 428.231 708.344 null] >> endobj 6984 0 obj << /D [6977 0 R /XYZ 440.435 662.516 null] >> endobj 6985 0 obj << /D [6977 0 R /XYZ 71.731 627.602 null] >> endobj 6986 0 obj << /D [6977 0 R /XYZ 71.731 627.602 null] >> endobj 6987 0 obj << /D [6977 0 R /XYZ 191.471 616.687 null] >> endobj 6988 0 obj << /D [6977 0 R /XYZ 334.015 603.736 null] >> endobj 6989 0 obj << /D [6977 0 R /XYZ 71.731 568.822 null] >> endobj 6990 0 obj << /D [6977 0 R /XYZ 71.731 568.822 null] >> endobj 6991 0 obj << /D [6977 0 R /XYZ 191.641 557.908 null] >> endobj 6992 0 obj << /D [6977 0 R /XYZ 71.731 522.874 null] >> endobj 6993 0 obj << /D [6977 0 R /XYZ 71.731 522.874 null] >> endobj 6994 0 obj << /D [6977 0 R /XYZ 189.449 512.08 null] >> endobj 6995 0 obj << /D [6977 0 R /XYZ 71.731 489.998 null] >> endobj 6996 0 obj << /D [6977 0 R /XYZ 71.731 489.998 null] >> endobj 6997 0 obj << /D [6977 0 R /XYZ 162.131 479.203 null] >> endobj 6998 0 obj << /D [6977 0 R /XYZ 119.552 466.252 null] >> endobj 6999 0 obj << /D [6977 0 R /XYZ 189.449 466.252 null] >> endobj 7000 0 obj << /D [6977 0 R /XYZ 71.731 444.304 null] >> endobj 7001 0 obj << /D [6977 0 R /XYZ 71.731 444.304 null] >> endobj 7002 0 obj << /D [6977 0 R /XYZ 198.286 433.375 null] >> endobj 7003 0 obj << /D [6977 0 R /XYZ 71.731 411.293 null] >> endobj 7004 0 obj << /D [6977 0 R /XYZ 71.731 411.293 null] >> endobj 7005 0 obj << /D [6977 0 R /XYZ 197.728 400.498 null] >> endobj 7006 0 obj << /D [6977 0 R /XYZ 71.731 378.416 null] >> endobj 7007 0 obj << /D [6977 0 R /XYZ 71.731 378.416 null] >> endobj 7008 0 obj << /D [6977 0 R /XYZ 186.48 367.621 null] >> endobj 7009 0 obj << /D [6977 0 R /XYZ 71.731 334.645 null] >> endobj 7010 0 obj << /D [6977 0 R /XYZ 71.731 334.645 null] >> endobj 7011 0 obj << /D [6977 0 R /XYZ 187.406 321.793 null] >> endobj 7012 0 obj << /D [6977 0 R /XYZ 71.731 300.085 null] >> endobj 7013 0 obj << /D [6977 0 R /XYZ 71.731 300.085 null] >> endobj 7014 0 obj << /D [6977 0 R /XYZ 189.708 288.917 null] >> endobj 7015 0 obj << /D [6977 0 R /XYZ 390.001 288.917 null] >> endobj 7016 0 obj << /D [6977 0 R /XYZ 71.731 266.834 null] >> endobj 7017 0 obj << /D [6977 0 R /XYZ 71.731 266.834 null] >> endobj 7018 0 obj << /D [6977 0 R /XYZ 214.714 256.04 null] >> endobj 7019 0 obj << /D [6977 0 R /XYZ 71.731 233.958 null] >> endobj 7020 0 obj << /D [6977 0 R /XYZ 71.731 233.958 null] >> endobj 7021 0 obj << /D [6977 0 R /XYZ 183.133 223.163 null] >> endobj 7022 0 obj << /D [6977 0 R /XYZ 71.731 201.081 null] >> endobj 7023 0 obj << /D [6977 0 R /XYZ 71.731 201.081 null] >> endobj 7024 0 obj << /D [6977 0 R /XYZ 185.135 190.286 null] >> endobj 7025 0 obj << /D [6977 0 R /XYZ 71.731 155.253 null] >> endobj 7026 0 obj << /D [6977 0 R /XYZ 71.731 155.253 null] >> endobj 7027 0 obj << /D [6977 0 R /XYZ 173.748 144.458 null] >> endobj 6976 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7030 0 obj << /Length 1042 /Filter /FlateDecode >> stream xXMo6WhMR(-7_MnAh[X4$:M.%Eʶl6dhrFgp f N~ O8@$O#Yb Rq5-\}a ]!AJ)3Zqk7B15 8Ƒn0 N60@:U~7stD5h O9!ƙDa@=omåv~1ښA1x?[s{IGQHztp'߬5yuMbYVJap")@z"A֭Aa Y2MQ9U3b刎N/QW#j LBHޗ՚:!LySԜ;Rph:|Y-6|&ŪRh)ј~uK BTĊk+2#% 6*>VD9) ZZ.6:F-eUNL> 8BfY?_Z#6ps{ fe$?I>gɐ̓rv7WA2cP?Mf]cJ HI֜=)rᴖ!=쮚0:A&'L|TUM@Lʑ$G$)B]'AƞJ_w5Y) Ʊ)hDiHM=_i{"M~6,(=mJY\x0TuH;L;!l) @-.+^buXW!{ WgݚSQIʪZZ^!溽w'jgu3Omtom䔚>q (#/5y+pzµB=;Dt{X=h7߆F+>p^6{vm nw.̻1N$]<yqW}-67y SfQ*;T% ldU`kvt"=#pDzo~7_az_JPz>Tm endstream endobj 7029 0 obj << /Type /Page /Contents 7030 0 R /Resources 7028 0 R /MediaBox [0 0 593.051 789.041] /Parent 6928 0 R >> endobj 7031 0 obj << /D [7029 0 R /XYZ -1.269 814.22 null] >> endobj 7032 0 obj << /D [7029 0 R /XYZ 71.731 741.22 null] >> endobj 7033 0 obj << /D [7029 0 R /XYZ 71.731 718.306 null] >> endobj 7034 0 obj << /D [7029 0 R /XYZ 71.731 718.306 null] >> endobj 7035 0 obj << /D [7029 0 R /XYZ 197.628 708.344 null] >> endobj 7036 0 obj << /D [7029 0 R /XYZ 71.731 673.31 null] >> endobj 7037 0 obj << /D [7029 0 R /XYZ 71.731 673.31 null] >> endobj 7038 0 obj << /D [7029 0 R /XYZ 171.716 662.516 null] >> endobj 7039 0 obj << /D [7029 0 R /XYZ 71.731 627.856 null] >> endobj 7040 0 obj << /D [7029 0 R /XYZ 71.731 627.856 null] >> endobj 7041 0 obj << /D [7029 0 R /XYZ 193.304 616.687 null] >> endobj 7042 0 obj << /D [7029 0 R /XYZ 71.731 594.605 null] >> endobj 7043 0 obj << /D [7029 0 R /XYZ 71.731 594.605 null] >> endobj 7044 0 obj << /D [7029 0 R /XYZ 193.643 583.811 null] >> endobj 7045 0 obj << /D [7029 0 R /XYZ 71.731 561.729 null] >> endobj 7046 0 obj << /D [7029 0 R /XYZ 71.731 561.729 null] >> endobj 7047 0 obj << /D [7029 0 R /XYZ 186.659 550.934 null] >> endobj 7048 0 obj << /D [7029 0 R /XYZ 71.731 528.852 null] >> endobj 7049 0 obj << /D [7029 0 R /XYZ 71.731 528.852 null] >> endobj 7050 0 obj << /D [7029 0 R /XYZ 224.019 518.057 null] >> endobj 7051 0 obj << /D [7029 0 R /XYZ 71.731 483.024 null] >> endobj 7052 0 obj << /D [7029 0 R /XYZ 71.731 483.024 null] >> endobj 7053 0 obj << /D [7029 0 R /XYZ 190.903 472.229 null] >> endobj 7054 0 obj << /D [7029 0 R /XYZ 71.731 450.147 null] >> endobj 7055 0 obj << /D [7029 0 R /XYZ 71.731 450.147 null] >> endobj 7056 0 obj << /D [7029 0 R /XYZ 200.308 439.352 null] >> endobj 7057 0 obj << /D [7029 0 R /XYZ 71.731 417.27 null] >> endobj 7058 0 obj << /D [7029 0 R /XYZ 71.731 417.27 null] >> endobj 7059 0 obj << /D [7029 0 R /XYZ 175.023 406.476 null] >> endobj 7060 0 obj << /D [7029 0 R /XYZ 71.731 384.394 null] >> endobj 7061 0 obj << /D [7029 0 R /XYZ 71.731 384.394 null] >> endobj 7062 0 obj << /D [7029 0 R /XYZ 175.023 373.599 null] >> endobj 7063 0 obj << /D [7029 0 R /XYZ 71.731 351.517 null] >> endobj 7064 0 obj << /D [7029 0 R /XYZ 71.731 351.517 null] >> endobj 7065 0 obj << /D [7029 0 R /XYZ 175.023 340.722 null] >> endobj 7066 0 obj << /D [7029 0 R /XYZ 71.731 318.64 null] >> endobj 7067 0 obj << /D [7029 0 R /XYZ 71.731 318.64 null] >> endobj 7068 0 obj << /D [7029 0 R /XYZ 175.023 307.846 null] >> endobj 7069 0 obj << /D [7029 0 R /XYZ 71.731 285.763 null] >> endobj 7070 0 obj << /D [7029 0 R /XYZ 71.731 285.763 null] >> endobj 7071 0 obj << /D [7029 0 R /XYZ 175.023 274.969 null] >> endobj 7072 0 obj << /D [7029 0 R /XYZ 71.731 252.887 null] >> endobj 7073 0 obj << /D [7029 0 R /XYZ 71.731 252.887 null] >> endobj 7074 0 obj << /D [7029 0 R /XYZ 188.323 242.092 null] >> endobj 7075 0 obj << /D [7029 0 R /XYZ 71.731 220.01 null] >> endobj 7076 0 obj << /D [7029 0 R /XYZ 71.731 220.01 null] >> endobj 7077 0 obj << /D [7029 0 R /XYZ 199.401 209.215 null] >> endobj 7078 0 obj << /D [7029 0 R /XYZ 71.731 189.111 null] >> endobj 7079 0 obj << /D [7029 0 R /XYZ 71.731 154.257 null] >> endobj 7080 0 obj << /D [7029 0 R /XYZ 71.731 154.257 null] >> endobj 7081 0 obj << /D [7029 0 R /XYZ 182.126 143.462 null] >> endobj 7028 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7084 0 obj << /Length 1737 /Filter /FlateDecode >> stream xڭX]o6}ϯ[l,aoiÀeq;dȺ`qP 0mER$ezu>(sϽ$mgxϫ7ȷ9UPDHLux)WW^`m v8+CiO i}\^Xͻb"qā_j qȌX;TpBJyQдV5a|W[Ug.R/VjX0F~ M'bǏ8ZiG98DϮȂC@UȖS(o@)GH T~ן@|h/b8=yTq|զ;"+/j/[T.Tx&mMM{B:.JGCY: i[ڝ[$-;zsyLQ^Y5eE[͊^PLZEr3#&^GWoKuɷ;xX2ak;_ŧ[NPxNrQ _M3iIy$N4a{Ԩ4Mj 6˫3謁TN`% @ƎȺ2P\ʘ1# fiwn)ozrqήpltKTkH;%j4 H'呃HG@z =,\YcX%/ @.Y>~ CBO &惎<VjqyǛm~; DWk:6HMsu~Gn9@cb0YeX;9ԔC1J,b^,^|]P?4࢚N}v!zTe*! 䭫Lz0(oOtgjn; @!:\B Mn|?ҒR{j{ 7۸F =~CE'jƱ,⾦}ml0pyA !;oh?6SΙ?)Ld1՝h҉LN0g@,GzKJ{grC'`{V cт+7ĺȗi S@jk}2[Dï>`Hc\hJ2 Y^ٔF jiJi7x578`s(-̑Qy[.@Oyc=;{%_K2a] IʳȾhr7t fFO$Z1`٪;M4O(y5QP9I&E6[Yz;}`5u@<-?^誾q?`#iuM:.p7MVPx o7n,J(o5Ny endstream endobj 7083 0 obj << /Type /Page /Contents 7084 0 R /Resources 7082 0 R /MediaBox [0 0 593.051 789.041] /Parent 6928 0 R >> endobj 7085 0 obj << /D [7083 0 R /XYZ -1.269 814.22 null] >> endobj 7086 0 obj << /D [7083 0 R /XYZ 71.731 718.306 null] >> endobj 7087 0 obj << /D [7083 0 R /XYZ 71.731 718.306 null] >> endobj 7088 0 obj << /D [7083 0 R /XYZ 206.943 708.344 null] >> endobj 7089 0 obj << /D [7083 0 R /XYZ 71.731 627.856 null] >> endobj 7090 0 obj << /D [7083 0 R /XYZ 71.731 627.856 null] >> endobj 7091 0 obj << /D [7083 0 R /XYZ 183.153 616.687 null] >> endobj 7092 0 obj << /D [7083 0 R /XYZ 71.731 594.605 null] >> endobj 7093 0 obj << /D [7083 0 R /XYZ 71.731 594.605 null] >> endobj 7094 0 obj << /D [7083 0 R /XYZ 193.862 583.811 null] >> endobj 7095 0 obj << /D [7083 0 R /XYZ 71.731 548.777 null] >> endobj 7096 0 obj << /D [7083 0 R /XYZ 71.731 548.777 null] >> endobj 7097 0 obj << /D [7083 0 R /XYZ 217.454 537.983 null] >> endobj 7098 0 obj << /D [7083 0 R /XYZ 71.731 489.998 null] >> endobj 7099 0 obj << /D [7083 0 R /XYZ 71.731 489.998 null] >> endobj 7100 0 obj << /D [7083 0 R /XYZ 201.344 479.203 null] >> endobj 7101 0 obj << /D [7083 0 R /XYZ 71.731 444.169 null] >> endobj 7102 0 obj << /D [7083 0 R /XYZ 71.731 444.169 null] >> endobj 7103 0 obj << /D [7083 0 R /XYZ 189.429 433.375 null] >> endobj 7104 0 obj << /D [7083 0 R /XYZ 71.731 411.293 null] >> endobj 7105 0 obj << /D [7083 0 R /XYZ 71.731 411.293 null] >> endobj 7106 0 obj << /D [7083 0 R /XYZ 185.135 400.498 null] >> endobj 7107 0 obj << /D [7083 0 R /XYZ 71.731 378.416 null] >> endobj 7108 0 obj << /D [7083 0 R /XYZ 71.731 378.416 null] >> endobj 7109 0 obj << /D [7083 0 R /XYZ 205.249 367.621 null] >> endobj 7110 0 obj << /D [7083 0 R /XYZ 71.731 332.588 null] >> endobj 7111 0 obj << /D [7083 0 R /XYZ 71.731 332.588 null] >> endobj 7112 0 obj << /D [7083 0 R /XYZ 193.065 321.793 null] >> endobj 7113 0 obj << /D [7083 0 R /XYZ 71.731 286.76 null] >> endobj 7114 0 obj << /D [7083 0 R /XYZ 71.731 286.76 null] >> endobj 7115 0 obj << /D [7083 0 R /XYZ 198.834 275.965 null] >> endobj 7116 0 obj << /D [7083 0 R /XYZ 71.731 227.98 null] >> endobj 7117 0 obj << /D [7083 0 R /XYZ 71.731 227.98 null] >> endobj 7118 0 obj << /D [7083 0 R /XYZ 210.28 217.186 null] >> endobj 7119 0 obj << /D [7083 0 R /XYZ 71.731 182.152 null] >> endobj 7120 0 obj << /D [7083 0 R /XYZ 71.731 182.152 null] >> endobj 7121 0 obj << /D [7083 0 R /XYZ 223.013 171.357 null] >> endobj 7122 0 obj << /D [7083 0 R /XYZ 71.731 123.372 null] >> endobj 7123 0 obj << /D [7083 0 R /XYZ 71.731 123.372 null] >> endobj 7124 0 obj << /D [7083 0 R /XYZ 185.155 112.578 null] >> endobj 7082 0 obj << /Font << /F33 939 0 R /F38 1036 0 R /F60 1532 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7128 0 obj << /Length 1231 /Filter /FlateDecode >> stream xWn6+"wHd:iS$̂i[D'K_40E&/Ϲ܇) e1 (AYyI@QQo:GMżx_nt1F-jߖWef#nb5> (ภ M&DN{ bE]s"\ц`?(J(X騮[p &]8@lW_i4Z-ͫj4X9&x?]SS-=EY]Tu\C coD-0M"h2U~a+_ }A kW&G:-* pj(n7aFzf/*n" Q2v́>hjK4Pj ࠍhQ J)k "vf&o-ˁ>mI:DM(a&fE+|7骙]3Z.%rY4Zqs+ִnrbֆQ˓ vټKGRbC4>oV\W7uUAX1RXo•(/h4Rf)zL5(kVpA nZq)(cD1l5osZt7g 0Jgȟ㌎DŽW4w# cKq5a&|583 , endstream endobj 7127 0 obj << /Type /Page /Contents 7128 0 R /Resources 7126 0 R /MediaBox [0 0 593.051 789.041] /Parent 6928 0 R /Annots [ 7125 0 R ] >> endobj 7125 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [386.508 599.911 427.514 610.815] /A << /S /GoTo /D (0:EXTERN) >> >> endobj 7129 0 obj << /D [7127 0 R /XYZ -1.269 814.22 null] >> endobj 7130 0 obj << /D [7127 0 R /XYZ 71.731 741.22 null] >> endobj 7131 0 obj << /D [7127 0 R /XYZ 71.731 718.306 null] >> endobj 7132 0 obj << /D [7127 0 R /XYZ 172.124 708.344 null] >> endobj 1321 0 obj << /D [7127 0 R /XYZ 71.731 679.039 null] >> endobj 898 0 obj << /D [7127 0 R /XYZ 185.592 635.941 null] >> endobj 7133 0 obj << /D [7127 0 R /XYZ 71.731 615.801 null] >> endobj 7134 0 obj << /D [7127 0 R /XYZ 71.731 580.982 null] >> endobj 7135 0 obj << /D [7127 0 R /XYZ 71.731 580.982 null] >> endobj 7136 0 obj << /D [7127 0 R /XYZ 71.731 548.778 null] >> endobj 7137 0 obj << /D [7127 0 R /XYZ 71.731 517.286 null] >> endobj 7138 0 obj << /D [7127 0 R /XYZ 71.731 517.286 null] >> endobj 7139 0 obj << /D [7127 0 R /XYZ 193.314 504.434 null] >> endobj 7140 0 obj << /D [7127 0 R /XYZ 71.731 482.487 null] >> endobj 7141 0 obj << /D [7127 0 R /XYZ 71.731 482.487 null] >> endobj 7142 0 obj << /D [7127 0 R /XYZ 71.731 449.476 null] >> endobj 7143 0 obj << /D [7127 0 R /XYZ 71.731 449.476 null] >> endobj 7144 0 obj << /D [7127 0 R /XYZ 159.362 438.681 null] >> endobj 7145 0 obj << /D [7127 0 R /XYZ 71.731 416.599 null] >> endobj 7146 0 obj << /D [7127 0 R /XYZ 71.731 416.599 null] >> endobj 7147 0 obj << /D [7127 0 R /XYZ 198.844 405.804 null] >> endobj 7148 0 obj << /D [7127 0 R /XYZ 71.731 385.7 null] >> endobj 7149 0 obj << /D [7127 0 R /XYZ 71.731 385.7 null] >> endobj 7150 0 obj << /D [7127 0 R /XYZ 172.812 372.928 null] >> endobj 7151 0 obj << /D [7127 0 R /XYZ 71.731 350.845 null] >> endobj 7152 0 obj << /D [7127 0 R /XYZ 71.731 350.845 null] >> endobj 7153 0 obj << /D [7127 0 R /XYZ 183.342 340.051 null] >> endobj 7154 0 obj << /D [7127 0 R /XYZ 71.731 317.969 null] >> endobj 7155 0 obj << /D [7127 0 R /XYZ 71.731 317.969 null] >> endobj 7156 0 obj << /D [7127 0 R /XYZ 187.586 307.174 null] >> endobj 7157 0 obj << /D [7127 0 R /XYZ 71.731 287.07 null] >> endobj 7158 0 obj << /D [7127 0 R /XYZ 71.731 287.07 null] >> endobj 7159 0 obj << /D [7127 0 R /XYZ 177.793 274.297 null] >> endobj 7160 0 obj << /D [7127 0 R /XYZ 71.731 252.215 null] >> endobj 7161 0 obj << /D [7127 0 R /XYZ 71.731 252.215 null] >> endobj 7162 0 obj << /D [7127 0 R /XYZ 180.572 241.421 null] >> endobj 7163 0 obj << /D [7127 0 R /XYZ 71.731 219.339 null] >> endobj 7164 0 obj << /D [7127 0 R /XYZ 71.731 219.339 null] >> endobj 7165 0 obj << /D [7127 0 R /XYZ 174.475 208.544 null] >> endobj 7166 0 obj << /D [7127 0 R /XYZ 71.731 186.462 null] >> endobj 7167 0 obj << /D [7127 0 R /XYZ 71.731 186.462 null] >> endobj 7168 0 obj << /D [7127 0 R /XYZ 179.456 175.667 null] >> endobj 7169 0 obj << /D [7127 0 R /XYZ 71.731 155.563 null] >> endobj 7170 0 obj << /D [7127 0 R /XYZ 71.731 155.563 null] >> endobj 7171 0 obj << /D [7127 0 R /XYZ 170.052 142.791 null] >> endobj 1322 0 obj << /D [7127 0 R /XYZ 71.731 126.811 null] >> endobj 7126 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F38 1036 0 R /F25 932 0 R /F60 1532 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7175 0 obj << /Length 1321 /Filter /FlateDecode >> stream xڍWMs6WViƆ3u6=tڱK%B"$d.Et$۷o+;yj!d1 %YyIH1oWxw3E}s"}OpSnhλJ Ar\NY͗ݟ+l?ȣ a4 5mH$!-{Bc}|늋l>БaBRF[B؅RP˖`\tQvr?RԗMf%ϋJ~FH?E Y@Lck B;uˤ+LHu@vDк4|QƈRWgٕrҵ˻^G~Tt$HӘ`^Dq ?RIT?:'13F#1݁ӿlW=᝹% R.R.WO@ ޴RZ/*gƒkE=Ւ& !}R*'# T[j31LIJ1\4'4/ endstream endobj 7174 0 obj << /Type /Page /Contents 7175 0 R /Resources 7173 0 R /MediaBox [0 0 593.051 789.041] /Parent 7193 0 R /Annots [ 7172 0 R ] >> endobj 7172 0 obj << /Type /Annot /Subtype /Link /Border[0 0 0]/H/I/C[1 0 0] /Rect [135.432 538.211 182.256 549.115] /A << /S /GoTo /D (0:CLIENTS) >> >> endobj 7176 0 obj << /D [7174 0 R /XYZ -1.269 814.22 null] >> endobj 902 0 obj << /D [7174 0 R /XYZ 175.057 705.748 null] >> endobj 7177 0 obj << /D [7174 0 R /XYZ 71.731 685.607 null] >> endobj 7178 0 obj << /D [7174 0 R /XYZ 227.794 672.871 null] >> endobj 7179 0 obj << /D [7174 0 R /XYZ 71.731 618.585 null] >> endobj 7180 0 obj << /D [7174 0 R /XYZ 71.731 587.093 null] >> endobj 7181 0 obj << /D [7174 0 R /XYZ 71.731 587.093 null] >> endobj 7182 0 obj << /D [7174 0 R /XYZ 151.242 574.241 null] >> endobj 7183 0 obj << /D [7174 0 R /XYZ 71.731 554.136 null] >> endobj 7184 0 obj << /D [7174 0 R /XYZ 71.731 519.282 null] >> endobj 7185 0 obj << /D [7174 0 R /XYZ 241.593 456.682 null] >> endobj 7186 0 obj << /D [7174 0 R /XYZ 427.823 456.682 null] >> endobj 7187 0 obj << /D [7174 0 R /XYZ 119.552 443.73 null] >> endobj 7188 0 obj << /D [7174 0 R /XYZ 71.731 441.573 null] >> endobj 7189 0 obj << /D [7174 0 R /XYZ 166.376 391.078 null] >> endobj 7190 0 obj << /D [7174 0 R /XYZ 230.153 367.945 null] >> endobj 7191 0 obj << /D [7174 0 R /XYZ 198.591 356.289 null] >> endobj 7192 0 obj << /D [7174 0 R /XYZ 166.376 324.523 null] >> endobj 7173 0 obj << /Font << /F33 939 0 R /F25 932 0 R /F31 938 0 R /F38 1036 0 R /F60 1532 0 R /F48 1347 0 R /F55 1479 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7196 0 obj << /Length 1201 /Filter /FlateDecode >> stream xڥWMo6bE,Km,P4hHJRu}>$bQ6͛8Q}zE87YE}8OQ'iM?ۖ}[p^,~\"[]}VDG}$֕Z-r7: UZiexk.K% >}e\SISh.wT](*.QrNnCwQGTl_M -B8.3ZM4@[$U]=rM:&nĚg1E{Xl~ r iXh7Ւ?FUsT8>LdWwe`!فq[I肥fp&M;ȜUT{*2O-U.v8`~<,N2Z,Q8 8f{yhl0 AZ\gGRh}ԓ}.йmѝ¸7b&(OpÞ%i(T]񮡒 ~2hUK%2>vӓ*PKU}3|V;w(;ܻR q=kAUTPV4.lvlyis#y])VQ$8r KhDD}29+^T׶`9RU$7E }<<<,. 4:~/{մ\ pNV OfCrc'ʩ/eI7c6c8Jlv_`>2i%ktPu? ;!7hC_w*.*/\]|SwSC՜Fn积`9\cg.75-rn}} E 5M_˽̸*S0o8W ?9;LA,DL+Z?Qw2;ݓޅ }N㡅zK,V5SXO+A`fN]&beĝCkMx/Jq]ρ+~4- R1DG~5i ~8@xdx7+ e6%Lv,?o endstream endobj 7195 0 obj << /Type /Page /Contents 7196 0 R /Resources 7194 0 R /MediaBox [0 0 593.051 789.041] /Parent 7193 0 R >> endobj 7197 0 obj << /D [7195 0 R /XYZ -1.269 814.22 null] >> endobj 1323 0 obj << /D [7195 0 R /XYZ 71.731 718.306 null] >> endobj 906 0 obj << /D [7195 0 R /XYZ 414.349 703.236 null] >> endobj 7198 0 obj << /D [7195 0 R /XYZ 71.731 672.579 null] >> endobj 7199 0 obj << /D [7195 0 R /XYZ 317.099 663.903 null] >> endobj 7200 0 obj << /D [7195 0 R /XYZ 177.384 650.952 null] >> endobj 7201 0 obj << /D [7195 0 R /XYZ 244.602 625.049 null] >> endobj 7202 0 obj << /D [7195 0 R /XYZ 71.731 602.967 null] >> endobj 7203 0 obj << /D [7195 0 R /XYZ 310.862 592.172 null] >> endobj 7204 0 obj << /D [7195 0 R /XYZ 225.533 540.367 null] >> endobj 1324 0 obj << /D [7195 0 R /XYZ 71.731 538.329 null] >> endobj 910 0 obj << /D [7195 0 R /XYZ 171.682 495.112 null] >> endobj 7205 0 obj << /D [7195 0 R /XYZ 71.731 494.897 null] >> endobj 7206 0 obj << /D [7195 0 R /XYZ 71.731 479.953 null] >> endobj 7207 0 obj << /D [7195 0 R /XYZ 71.731 465.06 null] >> endobj 7208 0 obj << /D [7195 0 R /XYZ 139.477 449.284 null] >> endobj 7209 0 obj << /D [7195 0 R /XYZ 71.731 437.165 null] >> endobj 7210 0 obj << /D [7195 0 R /XYZ 71.731 424.213 null] >> endobj 7211 0 obj << /D [7195 0 R /XYZ 139.477 408.437 null] >> endobj 7212 0 obj << /D [7195 0 R /XYZ 71.731 383.367 null] >> endobj 7213 0 obj << /D [7195 0 R /XYZ 71.731 370.415 null] >> endobj 7214 0 obj << /D [7195 0 R /XYZ 139.477 354.639 null] >> endobj 7215 0 obj << /D [7195 0 R /XYZ 71.731 342.52 null] >> endobj 7216 0 obj << /D [7195 0 R /XYZ 71.731 329.568 null] >> endobj 7217 0 obj << /D [7195 0 R /XYZ 139.477 313.792 null] >> endobj 7218 0 obj << /D [7195 0 R /XYZ 71.731 301.673 null] >> endobj 7219 0 obj << /D [7195 0 R /XYZ 71.731 288.721 null] >> endobj 7220 0 obj << /D [7195 0 R /XYZ 139.477 272.946 null] >> endobj 7221 0 obj << /D [7195 0 R /XYZ 71.731 260.826 null] >> endobj 7222 0 obj << /D [7195 0 R /XYZ 71.731 247.875 null] >> endobj 7223 0 obj << /D [7195 0 R /XYZ 139.477 232.099 null] >> endobj 7224 0 obj << /D [7195 0 R /XYZ 71.731 219.979 null] >> endobj 7225 0 obj << /D [7195 0 R /XYZ 71.731 207.028 null] >> endobj 7226 0 obj << /D [7195 0 R /XYZ 139.477 191.252 null] >> endobj 7227 0 obj << /D [7195 0 R /XYZ 71.731 181.19 null] >> endobj 7228 0 obj << /D [7195 0 R /XYZ 71.731 166.181 null] >> endobj 7229 0 obj << /D [7195 0 R /XYZ 139.477 150.405 null] >> endobj 7230 0 obj << /D [7195 0 R /XYZ 279.222 150.405 null] >> endobj 7231 0 obj << /D [7195 0 R /XYZ 71.731 138.286 null] >> endobj 7232 0 obj << /D [7195 0 R /XYZ 71.731 125.334 null] >> endobj 7233 0 obj << /D [7195 0 R /XYZ 139.477 109.558 null] >> endobj 7234 0 obj << /D [7195 0 R /XYZ 71.731 48.817 null] >> endobj 7194 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F33 939 0 R /F38 1036 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7237 0 obj << /Length 807 /Filter /FlateDecode >> stream xڽW[o0}ϯ1N[ӴUZNxl~6BZ|9绹;}؍fsgn`|ÝCuQ`d o| B?"(`9ֻ8E|kyҝr7K  7_1#]_~ g܍D^qw"!*Tf1N?nv(œy0MėIʥU$Vw/4 ~24cE c-"gXo )̏H:6w7WRKltza*/0nc>Wi ȄH8^.FZmfzײ]CRG1|]` (J>1ښ/g]%iy,@ G̺^2KiUqۼmji3җP${La(B~8/ūK"C,eR + óU 3ׄ[&M.IŰ9qg'+~;"H,n:d˅zRի։%')J_S`iGmH({٥\8n1s3QAA KVh- NZM-nQ ڑoͬ뤹31v|xa.!"K`|.%T ګ~?> endobj 7238 0 obj << /D [7236 0 R /XYZ -1.269 814.22 null] >> endobj 1325 0 obj << /D [7236 0 R /XYZ 71.731 741.22 null] >> endobj 7239 0 obj << /D [7236 0 R /XYZ 71.731 718.306 null] >> endobj 7240 0 obj << /D [7236 0 R /XYZ 71.731 708.244 null] >> endobj 7241 0 obj << /D [7236 0 R /XYZ 139.477 690.411 null] >> endobj 7242 0 obj << /D [7236 0 R /XYZ 71.731 665.34 null] >> endobj 7243 0 obj << /D [7236 0 R /XYZ 139.477 649.564 null] >> endobj 7244 0 obj << /D [7236 0 R /XYZ 71.731 637.445 null] >> endobj 7245 0 obj << /D [7236 0 R /XYZ 71.731 624.493 null] >> endobj 7246 0 obj << /D [7236 0 R /XYZ 139.477 608.717 null] >> endobj 7247 0 obj << /D [7236 0 R /XYZ 71.731 596.598 null] >> endobj 7248 0 obj << /D [7236 0 R /XYZ 71.731 585.704 null] >> endobj 7249 0 obj << /D [7236 0 R /XYZ 139.477 567.87 null] >> endobj 7250 0 obj << /D [7236 0 R /XYZ 71.731 555.751 null] >> endobj 7251 0 obj << /D [7236 0 R /XYZ 71.731 544.857 null] >> endobj 7252 0 obj << /D [7236 0 R /XYZ 139.477 527.024 null] >> endobj 7253 0 obj << /D [7236 0 R /XYZ 71.731 516.961 null] >> endobj 7254 0 obj << /D [7236 0 R /XYZ 71.731 504.01 null] >> endobj 7255 0 obj << /D [7236 0 R /XYZ 139.477 486.177 null] >> endobj 7256 0 obj << /D [7236 0 R /XYZ 71.731 474.057 null] >> endobj 7257 0 obj << /D [7236 0 R /XYZ 71.731 461.106 null] >> endobj 7258 0 obj << /D [7236 0 R /XYZ 139.477 445.33 null] >> endobj 7259 0 obj << /D [7236 0 R /XYZ 71.731 433.211 null] >> endobj 7260 0 obj << /D [7236 0 R /XYZ 71.731 420.259 null] >> endobj 7261 0 obj << /D [7236 0 R /XYZ 139.477 404.483 null] >> endobj 7262 0 obj << /D [7236 0 R /XYZ 71.731 392.364 null] >> endobj 7263 0 obj << /D [7236 0 R /XYZ 71.731 379.412 null] >> endobj 7264 0 obj << /D [7236 0 R /XYZ 139.477 363.636 null] >> endobj 7265 0 obj << /D [7236 0 R /XYZ 71.731 338.565 null] >> endobj 7266 0 obj << /D [7236 0 R /XYZ 71.731 325.614 null] >> endobj 7267 0 obj << /D [7236 0 R /XYZ 139.477 309.838 null] >> endobj 7268 0 obj << /D [7236 0 R /XYZ 71.731 297.719 null] >> endobj 7269 0 obj << /D [7236 0 R /XYZ 71.731 284.767 null] >> endobj 7270 0 obj << /D [7236 0 R /XYZ 139.477 268.991 null] >> endobj 7271 0 obj << /D [7236 0 R /XYZ 71.731 256.872 null] >> endobj 7272 0 obj << /D [7236 0 R /XYZ 71.731 245.978 null] >> endobj 7273 0 obj << /D [7236 0 R /XYZ 139.477 228.144 null] >> endobj 7274 0 obj << /D [7236 0 R /XYZ 71.731 216.025 null] >> endobj 7275 0 obj << /D [7236 0 R /XYZ 71.731 205.131 null] >> endobj 7276 0 obj << /D [7236 0 R /XYZ 139.477 187.298 null] >> endobj 7277 0 obj << /D [7236 0 R /XYZ 71.731 175.178 null] >> endobj 7278 0 obj << /D [7236 0 R /XYZ 71.731 162.227 null] >> endobj 7279 0 obj << /D [7236 0 R /XYZ 139.477 146.451 null] >> endobj 7280 0 obj << /D [7236 0 R /XYZ 71.731 134.331 null] >> endobj 7281 0 obj << /D [7236 0 R /XYZ 71.731 121.38 null] >> endobj 7282 0 obj << /D [7236 0 R /XYZ 139.477 105.604 null] >> endobj 7235 0 obj << /Font << /F33 939 0 R /F31 938 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7285 0 obj << /Length 723 /Filter /FlateDecode >> stream xڵVr0+X2/L'M_iӸAMHr#x8cb]sν)yxYIA` : $@`!g;܋9-Q仗T*wfͱ[,y\z?6ͨQ%@)!'9 Vh9KTCoyQк0yw]QFՃ'*HŕEP#߄Qv۽BI ՕN"-8I;( K/]F>"&`42U{>O"JLkbOyPL(nVq-J[tȽ`䒺S$y4M` H#h`Ӛ*1ԧUܖ/l+ϳr }. ͹o3?C/mF܂W'O P2Ìͧ!"'YQf$YXt D-<D;&qDnA2B(- Dm/0}quȍ1P!;o@ъ0RDW{F;3iͬ\_%[-.aNKYhiPٛW1Yg}`t<uc=^cahF[w{ZK3h'\oy@;|H7#oȳUz^P.^ J/f>-Xw(ih} &Q27 endstream endobj 7284 0 obj << /Type /Page /Contents 7285 0 R /Resources 7283 0 R /MediaBox [0 0 593.051 789.041] /Parent 7193 0 R >> endobj 7286 0 obj << /D [7284 0 R /XYZ -1.269 814.22 null] >> endobj 7287 0 obj << /D [7284 0 R /XYZ 71.731 718.306 null] >> endobj 7288 0 obj << /D [7284 0 R /XYZ 71.731 708.244 null] >> endobj 7289 0 obj << /D [7284 0 R /XYZ 139.477 690.411 null] >> endobj 914 0 obj << /D [7284 0 R /XYZ 177.398 640.175 null] >> endobj 7290 0 obj << /D [7284 0 R /XYZ 71.731 639.96 null] >> endobj 7291 0 obj << /D [7284 0 R /XYZ 71.731 625.016 null] >> endobj 7292 0 obj << /D [7284 0 R /XYZ 71.731 612.18 null] >> endobj 7293 0 obj << /D [7284 0 R /XYZ 139.477 594.347 null] >> endobj 7294 0 obj << /D [7284 0 R /XYZ 71.731 569.276 null] >> endobj 7295 0 obj << /D [7284 0 R /XYZ 71.731 557.301 null] >> endobj 7296 0 obj << /D [7284 0 R /XYZ 139.477 540.549 null] >> endobj 7297 0 obj << /D [7284 0 R /XYZ 71.731 528.429 null] >> endobj 7298 0 obj << /D [7284 0 R /XYZ 71.731 515.478 null] >> endobj 7299 0 obj << /D [7284 0 R /XYZ 139.477 499.702 null] >> endobj 7300 0 obj << /D [7284 0 R /XYZ 71.731 487.583 null] >> endobj 7301 0 obj << /D [7284 0 R /XYZ 71.731 474.631 null] >> endobj 7302 0 obj << /D [7284 0 R /XYZ 139.477 458.855 null] >> endobj 7303 0 obj << /D [7284 0 R /XYZ 71.731 446.736 null] >> endobj 7304 0 obj << /D [7284 0 R /XYZ 71.731 433.784 null] >> endobj 7305 0 obj << /D [7284 0 R /XYZ 139.477 418.008 null] >> endobj 7306 0 obj << /D [7284 0 R /XYZ 71.731 405.889 null] >> endobj 7307 0 obj << /D [7284 0 R /XYZ 71.731 394.995 null] >> endobj 7308 0 obj << /D [7284 0 R /XYZ 139.477 377.162 null] >> endobj 7309 0 obj << /D [7284 0 R /XYZ 71.731 365.042 null] >> endobj 7310 0 obj << /D [7284 0 R /XYZ 71.731 354.148 null] >> endobj 7311 0 obj << /D [7284 0 R /XYZ 139.477 336.315 null] >> endobj 1326 0 obj << /D [7284 0 R /XYZ 71.731 329.177 null] >> endobj 918 0 obj << /D [7284 0 R /XYZ 164.022 286.079 null] >> endobj 7312 0 obj << /D [7284 0 R /XYZ 71.731 282.249 null] >> endobj 7313 0 obj << /D [7284 0 R /XYZ 71.731 267.305 null] >> endobj 7314 0 obj << /D [7284 0 R /XYZ 71.731 256.027 null] >> endobj 7315 0 obj << /D [7284 0 R /XYZ 139.477 240.251 null] >> endobj 7316 0 obj << /D [7284 0 R /XYZ 71.731 215.554 null] >> endobj 7317 0 obj << /D [7284 0 R /XYZ 71.731 202.229 null] >> endobj 7318 0 obj << /D [7284 0 R /XYZ 139.477 186.453 null] >> endobj 7319 0 obj << /D [7284 0 R /XYZ 71.731 174.333 null] >> endobj 7320 0 obj << /D [7284 0 R /XYZ 71.731 161.382 null] >> endobj 7321 0 obj << /D [7284 0 R /XYZ 139.477 145.606 null] >> endobj 7322 0 obj << /D [7284 0 R /XYZ 71.731 133.486 null] >> endobj 7323 0 obj << /D [7284 0 R /XYZ 71.731 120.535 null] >> endobj 7324 0 obj << /D [7284 0 R /XYZ 139.477 104.759 null] >> endobj 7283 0 obj << /Font << /F33 939 0 R /F31 938 0 R /F25 932 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7327 0 obj << /Length 683 /Filter /FlateDecode >> stream xڍ]s0+ҙ% A@K2t ʌvg_`*5W{sr (8w{)@U-M, U! zx<6YӴܲY`cA=KE mAVͷ -ɽ]:@C$ <XP;]QƋHeG/)=줴d&d-UvЋX#;[ٜMӑox,ߠYj%}c6͛cά(!0R4^nh.vlqlUsyq}8-3Z-]:y-=nts.jGQlڵ2XF'r)WC"NNc$^&DTUEPC&#i+_ endstream endobj 7326 0 obj << /Type /Page /Contents 7327 0 R /Resources 7325 0 R /MediaBox [0 0 593.051 789.041] /Parent 7193 0 R >> endobj 7328 0 obj << /D [7326 0 R /XYZ -1.269 814.22 null] >> endobj 1327 0 obj << /D [7326 0 R /XYZ 71.731 718.306 null] >> endobj 922 0 obj << /D [7326 0 R /XYZ 469.134 703.236 null] >> endobj 7329 0 obj << /D [7326 0 R /XYZ 71.731 672.259 null] >> endobj 7330 0 obj << /D [7326 0 R /XYZ 71.731 625.881 null] >> endobj 7325 0 obj << /Font << /F25 932 0 R /F31 938 0 R /F50 1352 0 R /F33 939 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7333 0 obj << /Length 420 /Filter /FlateDecode >> stream xڝMs  9Vl%Rv~j%NirhK;]Yᄏ  27CW*K()E)ȭ!lzsŜ 5<}X:l=(>> endobj 7334 0 obj << /D [7332 0 R /XYZ -1.269 814.22 null] >> endobj 7331 0 obj << /Font << /F33 939 0 R /F50 1352 0 R >> /ProcSet [ /PDF /Text ] >> endobj 7335 0 obj [777.8 500 777.8] endobj 7336 0 obj [826.4 531.3 826.4] endobj 7337 0 obj [799.4 513.9 799.4] endobj 7339 0 obj [600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] endobj 7340 0 obj [600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] endobj 7341 0 obj [500 500 167 333 556 222 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 191 278 278 355 556 556 889 667 222 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 584 584 584 556 1015 667 667 722 722 667 611 778 722 278 500 667 556 833 722 778 667 778 722 667 611 722 667 944 667 667 611 278 278 278 469 556 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500] endobj 7342 0 obj [600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] endobj 7343 0 obj [600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600] endobj 7344 0 obj [500 500 167 333 556 222 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 191 278 278 355 556 556 889 667 222 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 584 584 584 556 1015 667 667 722 722 667 611 778 722 278 500 667 556 833 722 778 667 778 722 667 611 722 667 944 667 667 611 278 278 278 469 556 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 334 260 334 584 0 0 0 222 556 333 1000 556 556 333 1000 667 333 1000 0 0 0 0 0 0 333 333 350 556 1000] endobj 7345 0 obj [556 556 167 333 667 278 333 333 0 333 570 0 667 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 278 250 333 555 500 500 1000 833 333 333 333 500 570 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 570 570 570 500 930 722 667 722 722 667 611 778 778 389 500 778 667 944 722 778 611 778 722 556 667 722 722 1000 722 722 667 333 278 333 581 500 333 500 556 444 556 444 333 500 556 278 333 556 278 833 556 500 556 556 444 389 333 556 500 722 500 500 444 394 220 394 520 0 0 0 333 500 500 1000 500 500 333 1000 556 333 1000 0 0 0 0 0 0 500 500 350 500 1000] endobj 7346 0 obj [500 500 167 333 556 278 333 333 0 333 675 0 556 389 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 214 250 333 420 500 500 833 778 333 333 333 500 675 250 333 250 278 500 500 500 500 500 500 500 500 500 500 333 333 675 675 675 500 920 611 611 667 722 611 611 722 722 333 444 667 556 833 667 722 611 722 611 500 556 722 611 833 611 556 556 389 278 389 422 500 333 500 500 444 500 444 278 500 500 278 278 444 278 722 500 500 500 500 389 389 278 500 444 667 444 444 389 400 275 400 541 0 0 0 333 500 556 889 500 500 333 1000 500 333 944 0 0 0 0 0 0 556 556 350 500 889] endobj 7347 0 obj [556 556 167 333 611 278 333 333 0 333 564 0 611 444 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 180 250 333 408 500 500 833 778 333 333 333 500 564 250 333 250 278 500 500 500 500 500 500 500 500 500 500 278 278 564 564 564 444 921 722 667 667 722 611 556 722 722 333 389 722 611 889 722 722 556 722 667 556 611 722 722 944 722 722 611 333 278 333 469 500 333 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 500 333 389 278 500 500 722 500 500 444 480 200 480 541 0 0 0 333 500 444 1000 500 500 333 1000 556 333 889 0 0 0 0 0 0 444 444 350 500 1000 333 980 389 333 722 0 0 722 0 333 500 500 500 500 200 500 333 760] endobj 7348 0 obj [611 611 167 333 611 278 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 238 278 333 474 556 556 889 722 278 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 333 333 584 584 584 611 975 722 722 722 722 667 611 778 722 278 556 722 611 833 722 778 667 778 722 667 611 722 667 944 667 667 611 333 278 333 584 556 278 556 611 556 611 556 333 611 611 278 278 556 278 889 611 611 611 611 389 556 333 611 556 778 556 556 500 389 280 389 584 0 0 0 278 556 500 1000 556 556 333 1000 667 333 1000 0 0 0 0 0 0 500 500 350 556 1000] endobj 7349 0 obj << /Length1 1438 /Length2 6052 /Length3 0 /Length 7022 /Filter /FlateDecode >> stream xڍwT}?RPIf*p)c m#TRDBR@ABBExz?s?9{v|=q޼kįh!X~H A aHi Ǻ8Mah e4 T X.z  bR`q)(IDKU p{P aH7 %% *p(ԅ``nP+ ðH-Ţ=== n$Qu00xq&;1 FH' p( <@@|uPCvpp`HG @H7 G80 {A_8B\1H|<w~)!xah8 ]/0 ^*^C`1Thނ@z"|{ P& o# I Ka@I𢀱7 P1(|0~O?% C@;#wv[ ZA=YfDz׈U2_F%%Ї_X/$ A"@q?FK{dD8 %.Po$gox,7-A ( ނ_!?_d_=pue!npW?xB?C_~o.X~IxE@"p f:&p#`wŃˆ= rgk2 jCE_줐FCxJ%Q0_ X|D.-&tǀ7ցM\(Q Ʒ&V]0 @B[+=WdHͅ ɰݪ6 FYS&jmzJ9sv|kkE&/'ܚl$xb&U&EN.omIWuDO.5qʒ,zI/ Mv}+ ~r ZH˸-zHZb x#K*Ǣ"rt鵟4>v /yR7nr';&9DXQ3tJiH0v^ig:\\'VmΑS5-{&Ȟ.|JWe *}φC}q3! 4csjarku{/=imUrBDjf|3 oBӫqn^V:nB2\ׅԏR@gm1 ʦJ J^ҿA . 97=S)ָiz0h_>@^iq!夨ԝcPXޙ i>4.cr;pqӐ6WGm`i觯ye>:\~lɥourS˵y =3al-6yD+Kk~ya)Aͷݱ ~4#I<Fc7hd0B-ATWbMC|cJ+)!W@C~OP7?8ыED^T)3صE^Ph'C] KT*u7)NNzw*ӆr?4F68.%H7bTdbn`>>i܋!yEϑy+ӎ&wE+]{mݹ+ۅbYq_lT(}wfY7q4yU59wgJ&( ҇u.5 (ӟ!GqGEC 1hȯi-6!G.<8Ǹ&sU]y3ZrT#y`=X  :˩TT4n׉k?|oZ s=6`CygvLzzbBg"!CV Uf\S^9W2S{B]$t楍a5\GQkGAmB"b^ yހjOG5v.?Uy#;Kʯ6zFd]ǃ!ߜcH툔gAtH I;k(KKC/ǮWU .$au]/2V# r 47GXmxTa@EU^TzQyۦY[!P'kCת wʣAD^D4|&ȳhɖO9J"UgD _^ĢI(7F9 S F}jTN} Pg?Yal ɾ͉U"ߕO]Z^6.f+wU)PkCv;0rq 3nɽYzҷHGJZQ-Ջ$˭|5+ ԾM]q`vYJ؀3"Nc1fˏ;JS2+w9PDe=랝>x@xNq+{!~O*+>pXҕtR'̭ç|RaSeidxrSr>OPӈq#1W LR7\gr8\n*KH3k]/>nTd6%07C(7B3G}sXR3iywd+pT_-FV>$ \'Pۊ\zjN3F~e9]ћO'0Gb3JxyE{U&HQ;.Oة't?PSSYOr~-˲[bUdq=~ Eb_)~'t*Fc(B^ےhMpeWU*5Rܬr5{?< s3ZQ8br'O;1 t6AԜ%`J/R]E9Y]ڇId4ppmYVgԎm-(zqո|FM#{<3:ְ**Pje*yU-V[ Y>#[x{F??($o'8sr"3O>ʣ }CPB:5fAX15(`YfPr))*c%<|]{!f͵ިuT46pVhmtUb P#"BsgML㦴7RGJ{n2pd69)nJu T 1^HW+^$QM>;]̚};X]/g$*=ulӭqVͅ.M'UޠB+48j7G'_3fo_- #N? LO>8n21 tY ÿG0xb~wLWy>[1'f:1]dzHV fjE|' nwL=$rƢ>rEW@,|UeVW3t ١n qx_i'煐w9I;(|+:TԹp}ԄY:Le|r#6dx_H? 6Zz={uF'<1v+h;DM7ȵa-Fƴٓ> endobj 7351 0 obj << /Length1 1430 /Length2 6052 /Length3 0 /Length 7024 /Filter /FlateDecode >> stream xڍtTk.H(RJ/ 3ttw9 0Cw#!t **HIt HtuΚyY׀Oe SA!1|~&B` 1!&f3y(rPA1XB!uO `0 ^p{@PG!ahb6E - wy0 hA1N0WlE;(0@ar`$h~ / 804 f hC]aNp XnCH{-i:n0g?_w@!IWDp` #8hc|0i@P/(: P,]}ʎo*CN P]~Fɓ#XzCf֒Olǩar v9bJNbgyn~_25T[/e46ZЛ毞Z}H9cmvOA6.KrdnX246[e(DF%[b/g` VU 0hU|qN!(z{+U{f+ 870Xt ̵ LSf%xZ|&[@Q~'l$Y:d,߽O~>$Rn\IKNø{؁yX{r%6DžAB7`M^9un#egѮF:7掃FiߊhgE5Q)QdvҪ|4*4~v*'VD{|RmTL$\ΚAOi%ꃈ-˔F+lI 6ij_ =aw( 3 ='T;S񹊽էUVơ~s lć8;=>xjCA)䖧ɜDZf] 8cU/X9/ٮEy*%dTv _.m+7h(jiw7\U$ez4ͳdAlG!\1̫]&>\3 }$4-QDtggvÙ@V߾ ]iXi0>9F]Щ H u3p@.N,U Y%M h^QPy)g4˕l&~2zaDޥRˎb{C{EI1 3'RfTd:ER|W8z[t,N.WxNj-e˽W ,Z/Z&[hS>~j呱vX>dlz̜\Y AB.-wG6aԎys]&Lu>\d3b@w[(frLN}ɑf+|?i<͖u{7>ݵܭl}B߼(1{#wl6盇% ͥTH;_151S.X%`9x#zp S}^ݤBݙmAۜk4f+^dI|F0usgEMK| ZsFtIS7#M x4s]x\D"8ήk6賮~-@HOZqJ5Qog1>㾙TڴxTr+YVE+ ARSFC rp}~Ff]ADҊY0]/Inۮ7)69<b^v(#szpuFjݷ0݋MYĕq iYȋMҙl%777*rnFP'Y]!x&uOeURZp&??]ϯDLݕ{}S.f r8ʻuS?"zfCL`*,QA{7{ Id{_AjvS7ŀuKvU3)=|/..w$0zVch lPfӟs̶Rd$6R%}Ptk +5SGLu*ߝ] E̅AB-%/ڵ>6E:=[-]_Hg}PSCb޴j~ FMTWm74z6t~c>EMdEyNG;?[Gd:C\{47ܨ>jG~Ԭa)ηicJpnv7Ċv+JDqgw8Feu?j&_U+8!W6|~$3[>ؕ޵+ MdH ~gk^j/3 ,^2/߉#L{k -$F˖&3Ր=w|Xܑ,_镆&RƝo6F_v8?L;>NM㚫rG|\i<%"~A3e3(6^RXb/ZEo{'_Ogj8t:ǥ(; nC`/X[@"d47Ydؤ䈿oĨibvT Վ[W-UR_1 %(Wdk ]ǩ|pXԢD;/N /5/@+>=ͥ51dc "d~:I?~z q81Sѝ(~Уȅ]S}eCUHF~~2v<$< L u:V+( <7$$2@Y/WȮ3"A*.A<b1N$$BwJ)珥t0a%nﺆSs?ajeށ y/gv<!} ^%vh3"6XwW}u7_drK66jTRm~d|a2|*h*a6-k3 mRc %PCO=٬HV'w-yᗴۡ)#O|޳T #?A~ۭ4#C/mwRW2P"_ [zI=(Z&Hr}vI9-}S i>c1ϲ5Y|X I ?E𬹝mBpLdU޸5 9CsGy5)|hJ}vu$qt/{4z+_EMt1/fTĔ`LDξvP &'1rP+ʪ+yu:2Ew+$ ei(WZ,vlk @>DqAdgEdnM)e4dp՚\mF?'jPYT^Tk}k`*)Nm TD~-Oèфz e7/1z͘S:*2 Qr]#+,YobfOZ9Sn"YA#[Z?ϭ 68NxN,0-$ϲr̓>,*x}Q8bδ-Htl'ءWT\7%yA~񌀄3+ )/֦k d<1љ&9K3N/E|途TQZ(l#iGP=1p'g*?Xdw͒Bг~Πtg+`2zD־\담=0P2?.{짚6xNYDv;!3R%wJWjcd3S_*(YVƝ>[r"*khN"h ?QZoț<<}9RR^p4˲7>rrnb#B$1`XVN: Ɖ~ˏL߾nwA7iadNEtfCD͛bB;K >CG)c&kcM<4/R5M'rpQ۶xWě.&qJ1sXw~M[yXYVr[\IBhAIfޏ-He7MC* dX?2 .Y7Ӧ$x n(KX+6p;8Q²{E EmHt})3CԮ4u!6{*%0f+U`zhy{]bmP"&n@_ꚇiVAgΥPքʼvI]|+Zޑ~Ls!afeu|䓓ދ掲Xvͧ-CqjziZN/(%fG q DULFł{ ?%j)}GYL`tzAk)`ʷisj&\Fqd9vn{.i]N:Ue(s-4!sM/>(.|I(ƃQ7hc0wJtZ`NTNp7^mȍNe#fp Of-h˟l0W|5̟y$}}:> endobj 7353 0 obj << /Length1 1430 /Length2 6052 /Length3 0 /Length 7024 /Filter /FlateDecode >> stream xڍT4k(RB"5j FB*jמ-joEjj(J=n:s=9ٟ<_N6]} D` 0@AKKM @B䜜p쏘BÑ3P@ Li!u7'0@.XP @ (0@hԑS⅂cpi:<A 1_9g  Z= q#p_!%1?͏DI<{}r~hCas r}-p'8@<60 q!~k6 @_p#~9CP GlN0&? l~BH?wX ~U( 8ࡡ( ͏;(3 J3 AOAqm=YGb Ga"`D`(H\LX\s<?x~)q|].[/#FCa  lP fG'㆏{@8 @?,pA"15_uGzB( wK )OD5-7\vHaoAqr߈3,H闚!p'?8.ap{m?M~Z5 r;ǁ"?݅0]8jI "O ngoA̯p[:Pu P/r!p7Q nom`G 18/"9Bo 8o ePr~W__/ O!*=˃[IB.O iZ]3fǿ{cnV{o*ݴ>`a~ ~ӽ~LƮKve8.|e1F4M z^e=ۙQAKS5$c=ʮNth Pw\xQˢ(rh%ikZok6]Es< ڻu ;*S#bebʿǘ?Ey 8f{1E= lĂN8&J7Ѣʅv=['t(yxNP_/+<AFL&Y KxWr?b[kJx:;oOExmСb@#vYX<.+'y1Ґi7kiRMAU:H&G?8J -!O,4:11 rD>'ąS)՛/,!ZG,IWʣ`.gE^>-)vSܩ{,*ya\3UQFb^yMvcċmJYN-tz~ FR}.?ke&#)0g|`nCii cit^OkfdQnN1E|?Ft75 bZ=Xؤ9fp]Ȫ}\t\;q?׵9˾zMp捜./9' զUyu8ev:*\Q_>Q5Sa߯fa긤7Zk !LEY 񭜽Q2 7{JKRXIw1[hȊ||pXukw,<Ɛ3Z>rOg]SDۉu;:lM(;JgdɺD?B.[5k" F ; .mGf[Dw9;e\c{^E7hwLdEX\&⏑Th"VE.ziO,)}'}s4_gd\1mc{7F7\``:L{*Z=Maf9nR!3tW$[e˕++p #4e~)\[1p*YH{Ν[=o+r *]LP XP-N^ -joi8SWxR;0ǖ}>c!KAٶ5<-2I/~|rOBϼ!EIV+CK6f~lvܸm9; WdDJMHv7hȕ?iVT1;)aXHP4mvrf3[qA̸Ф"4!|8cG~(_f! Ogk7Xi dܿh߰:?2w7d2Hy `* VuY;do*q)<@5! O * z d]C?&7D,DLND"ɜN_-z].b>HZv\μ^hH,ҵT`P\*Tdi^Gv99/(9# d閍`!8V+1Ĝ<#D?+GUrvҦ<&y4W觫()烵@1 mZhj0o\<wyǿ}J#sV21Gt [Ԁ0(ڙwH²$KbUK"P Z{kؒHާ Q}~RϰMv!fH|ivQ}Seg -xP3?~SAޱLS3jܔw˅I5_;~jl M#ۈ8_Z H\Cd<,AGK`5M*J5O- Xs KKߺ6 -t>B(Yy8Szdd9CgjҫCz3έʬ.`đs ƻnÖŊe.Y Wt_+s1P3{4pu=#|ܐm2ӎjE,SWM 7ES= oR Yjlue,=Y9XnRzR&Ȉ5h*9ŐЁ;XPGdF9GS/? ˙(oj= jg~ +||UI&6jMi㝯wa(F-FSlĀcŶ`YHDK0dzFT7M=!6ݳ]dBĀftJW-xHo%$PWy+ }3K&n;u ȱ=JE.)УtBg9hY>pNWyjj0k(,e|Zo@D2jntm)&a` D6Hzk L±K"V5|_p.=<5wB^ 6ؠtZ cfjs.{$o>~zc ,PLMIЇbo{y#qǑYQOD$2Z2>!v=a֝>Ü=fn[-,}Oh߆ J5h#tJͷF:F.Kζ9MD(]Yn-?~\B\KPz@1KlYX˝ݞ -L;K$ uf'Iv_{bC,\v2~ŧ N.=ɀЕe L|boH߾t obBTmlWF31F,K깐_o3rZ(NK.ГHsɇo]l @dS͉H q\➧ Es[Tj-|w/=#BYVmJk4],#nY>؆ ENNE%6ڷQ..'s>>.lY3[V ?#/x'}yҖmn:UfHSGQMqAf˥Ko .JU0b<%FN@ -in+LE7$9H3otpJWX-!+0de|EzA3-O"{)# Vu1ؼai#=-@ ;l}o&3$(*XUH}LwEHkl ^lZr~7]-Q\ Y|nUU͛;}z+2n wp27{uw~l![hXh4V]zN}wN3wߍ&Tho ,a_g-/˨JzljD uubtd8x[y{Z Dv!d:%;"UMC(fLxL|q{>ŸU@CpY{?v%|bZs.c*fccKA{׏RY;zR[ >fnA,hu4>(:}"z4WPt3'982nuXfigf 'St.as-MY5Wy/c;ҞD< r-ggf_|x%onnd>$jPPpCD$]Iˣ(Sgo% V7_In6Q_`6ȢԜxᚢwuz{V(]|Jyz \B 7hjjgK;ᥭRN՟nzݗ+;r)=劁,H[W ݂Z&ze:Y*rzśZi R%BK_|,p/"hV6Y!RzVt>ۡoyEXޥ~дEgyzd4ׯ:!Zˎ2#U6Ƴۭ/09:Z,z5RvӤ9u]o*OJG-~ӞK< Qi]Tǫ}[s)4?,'jnO9:.;^2Mp3ʞSv@|?wdS*ME1M7"5W({V%qsrrq"Bg01rRQ%7l߷C_߯ɘJaW%ȍH ݐ6˯ g'9S-s;j{yOf_a̶V2BoI S1D&uO^l߻G@v8 %wQ|~e/Vݦ1PFGLo>d;L9\31 %iBDDYo[pJʐ9uEoOɖH5X5aol2I2DæW]jPM!oU՗b Z9ӌ;љu^) +KŬRK* endstream endobj 7354 0 obj << /Type /FontDescriptor /FontName /YJCLWH+CMMI9 /Flags 4 /FontBBox [-29 -250 1075 750] /Ascent 694 /CapHeight 683 /Descent -194 /ItalicAngle -14 /StemV 74 /XHeight 431 /CharSet (/greater/less) /FontFile 7353 0 R >> endobj 7355 0 obj << /Length1 1606 /Length2 17081 /Length3 0 /Length 17895 /Filter /FlateDecode >> stream xڬctg_-ضt_lvұm۶c;{>{>15kVZkMFL+hlkqec"36tv2&kd!#v8ڈ8 EFLL0d¶vfNJiOhnjCH`ekg q Q t2[4$ )T 6+BgC+s#Bs##ց B#[cJs%Hh@h02 fEChp6wtNhHh``N6FVk7!;ۿ}lfU7O'3r;uښ45r:8:ܜe 46w2p/h8;ۘ'B/_uYk#ʄoN#Mm`I[BFۍQ33TIXL`l$SNGMq_s3;`021Xks+&"d 6`cQ ``ddFhb`GmW iO柦1/2ʢ6W_՝T_u !![7BOZfBZ&vB6FBvF&ۿ`s-k`Fd\Q#[D`_=uq `lkdT3<):lWҠRWmYQL8tfy p݊'pMB՗EN}@[v+zQ&nt3K*QJ},Z'R#Jm9'ᡞ[Xh2n 3D'w}/7vga^?֦b$?N[y-Һ*_eLʅNe:A5x آd&'kijxV z70]|7z@"lz# 1DPYK.pfmdQq.<rwN׷5^HռJ(>H.8``7#2-P>h\xaeC v0M=py2ʁ3bFce>Pl9nu#nQ|[A98kS- WzEXul=yݵ:'m4z1k".ȍťiE^F':k\VLxarfZWŒ!"nm_kE_-Tv Gҁ!oYC^E#MЄij ,~ US6zpP_#{cZ䤟@wuPRk8u쑵͍vצoyc =ҢET| b_8 c# OߥQH1xªEs՛~6ǣ:%.3` \j/Б5еRZ5lf&.2& R_" RU#լA?L;ܚ^C*P'uK!D23SDhcn`U`\IpXAy?N"L,G J `|"̨Ѯ}#R=@]H UA >o_FO*u0u4Dpu mKv.HrTfnk)FPwq6z6dF.+ x8Ԏe^E&8rh N5{wbz,J΄'AgrY{8ijݫ؛NɟII=&dAy?$2sLf@~ ,(ndPcŚb _lBGxdlhGɠ@5}8s~~wq,F/C3EIɀ}"ݩZxvGR]+sNkmrp}A-) g. Oh3#tO-4t2Oj~ܰoH@On/KD )k,# #~xZV~xc/.9 W!{p~f( FR3}u [f/4$2 qț?`tY@]#Ws 2/vugQ+DCR:Nbǵ8Xo)櫎o>EٵYsS {Vn'wXM*(PB:9Mޙ+ ͹d!:Y ^:O8XKkhdBϻ9Sߨ]fgQٌ=4> U?"JUc鯫!L"gg$Q F'mZ.]w6pڎ]ۘ}i;DHg} 6 W?3phۖ~1 d Q-՞bSc,Fa 2j3 p۟嘎[ZAŵp]>W ~6Q1cN$&ߜY)%65Ћ"jОmwR;*%.{gorN `xHʰ)P ()aIRt'= M6 |q2-8()-C`'McBU +YlUa˚ >ڣ8I`Q#fVJpn{1['HbL#5yN^u|+#Fw,wN5ҤP&i7a]> )pZ6gKwSV@}7C$=+{)/I ϊ>ڰ[[1qdNTGcZQH{,>Oi C%zy(l6a$LP3N[ďJ$Ε{De]m=̳՗a9 ^V TLTʽpS$WEpoqޗb<-%;=w=uzKD~=LMRmD\4 Qk}来hhA uS0 4umƬI c J:%KK;>Qrd~)AOqDF!B-ux[(VVU7+tZ{OZ_ RȒ93Q֮qmY7И=@F/cF1C4ch9ț#$k~7lű$z|No<< eKD.SRhlR 7wr]{hyp.H9:ܑO%h !Y1YGvjU{j!^`s+c!aSU;R-.xff_bzç/9 ;Of9:z<%1T7ˑ-cpKh7KѣBŖ9*Ip(=KjWf'P upR L32wA۳0=yBEgz-Ε&p RPr*"ym8'ړ(Y3IpE?N#Mp[Kk+ ذP^U=_zE>+0l$,Z!s)E"kĒMbCot^K#FnbYz pf0zlVi!޾( Cx64,$ooS=\㊠2yJE%O'}G/5 ~ʣb,>hӷFYTze9OI@T܅) ۅ6YPLq<.B 30JzrK' 8h-ֆw}u-s0'~rG:9 =~;0'MXT"~(8ѷo }y;ha}ZDcu(ڜ)5mSV#Wg&2҇wl!dXrCNmhǒDEYq,~ w/=; H}̐)G^QFXm!=RA& KDl\y{"lprd$5#խTM*Zm7xj^䱏Iu֯D# Efjl 6SL-=OsTd?L.Ľd\>%Nzr[ZZ>:){;:1}O\mO)ދ\ |bXN.S(ƻ8)dҠ|z@/F烘8xG60 !N 3 j08VݐXkȆF*QXS%Wg2?Ƃ3E>SD̵@놤꒛v{ SN@{F,Yhm0Ƃv"%_&*DP36Zލ%H}$>LMpDjd!oYNQ2PdxOLmR_Yw?*%ZohWA;#wIct 깡12qs6$㉹4̀ӂXhlJ'-gҎߺK]w* uu\$ζH&joJ~V;l4BO" Cℇ 5FŴd!tiTBMx+)SMs4 c58#p~Q]xq|,NY4՜]ieOU٨Np%;YʅҢH̏읥NRj:Zf=3JbcUqH^4nجn0{mhV-T?/X3􎇭bGN{X*^e{vlj:Ij h/wXP;STIGHf(BKk. O$\}?5N',$?+;P!~Fb{:XpH67xn " %m ?r#n`¯ ڍS66u7нﻴz7bf)6_v,rXE Ndza\` V*r~iEFbitOTySiL$u1hYg%ǰ2p vO^$UâK1l ƨFkv4OrBvm& gdd,}78X҆\ˡWK)_UL#|g /iDEvK_EϑaOu]p~Ǫؕt # Ym3cj#ty75PHmGn XbFQ%w gwz)n$ޔI>@Yx|cfw8 &aYI..,PԚBA^&bΫ"Z}*ޗXEGOLĂ¹؝>N8#)ÙFjll]5v74$k{.r"X?4%Zސr. ~R2n& n^EvGKjEvb:G< !CY`Z2h.s=^ؙ~gF(FBhp=\L'EԆ[C~jMW֬?c7$|̙1#8[ sLދ~~Nwcp- [ܟ$~IwwmrI˅gw0ohqI5h*L|KCc=3*zn}[eJt?z?1sQP%#biᏜ+=a9;r"LW j/Wc*C<#Hw톪uZbl$]koh[dC5W^7MC>*7 q4e#PO3wE ]]zYXS co=٪vx?}i3|$'ΐfj Ԏꍸ{b,q[jpx{:3gh'ۖhi_#B==`+`u2Y5=tE˝i`, -:XMX;!9R_ # "ѷh-i֠|O?im6D݉%E#`v6`\lSFn \nk74j!cf4D ~TNZ('ʅ3HE yt*~yD:PY/@-/i啸UVxBT,`Vm DuL77 !Q:,3@Px7W2q^+s_2LY x'7-F861;J_Zd2hMIzĨ UPHh(/(@M+Z"w[tpa~}8o'Hwb?$՝!/d@"ҺטKd/ĄX{(eUR·6i bφF"*)uZa&B}{߷/ZD!abr+s~jBX S(1H"/BwS? ii:KwK]ó߬SYo Z1sdgqmx|.%A&E:7}pS1-{|>-(&\eu[8L0U b1ЍsD9ScnVVΠW㮵)|.!bftq>[Ez唙uD:*1L vET8J^&ΰg*L}c_<߈s/OwnyRXuiEmģUI~|C,3?9˄ zVmɯaAzqx=6c:lViNW-836Dǻݩz]R̷:"oҮ;/4:'rlyl>0h.hA5nNS4Ze:qHqڦ0RW j [8 "D"XAAlx,>`w[]RůJdjҨzW:U\si {+GHp))n[!ٖ{񪃖)q4pt(Ξ]呢`.Dּ9aߑd˲NjunUw2&+#'Psobo`K6qR h`=^`CQXGoJ۠S_zf\̍W)I̮y)z|FgʪQچrCSS0q~]MDmBSTy~{@nupR A2~5lTYsM"뉽fFf{yPӕRî!#|]'*a5e$r]YcVNw }llqh ^ al۳QdP$ Tۊ>UklFu4Ơ1zld 'I~tWSDu<ъsI h薻=_AMQ.;R#T۔UbQعח;wJ5juc}Gc:$(K1C@Q;?! eJg9yLC`sF1}HU`sVo>7ZB,Z1caBm[i@4S)FNm{B Pͧ#!]|nX34!4L+Htd p9|/nP\ B6AjAN6")LHyzY[%pφbL$}ݑrbJ= y\F-b?m^ +B/gBr:95덱p-xsyHe DM 0F-)D mvc+9+Jڡi%2m"oa kw69'5h-[|7{A}kwӞ]+.\Or//<]6Y^=r"kD6䗄Eo SYt oq8HئmW<`BM8#LF 8+bNELhf9r0%|_7@MhcW4ȑ^L0f)珸24k[DEՔ갽7H?M'-_c_(P9*^@bmbv=k\ 'Χ .d } %*irf~K,vh2$\ݹ\"Z60pY obE}Z- v9 t:o`/*7iIR6; c2p>)F/9gd%#uIzK EiK:.jMZiIyq|-*/$ڲeqC76N0gRS !l=Y椙Q}o9 en aZzҫn sʏMo:r 1 ]* *F{ۆ`uuP|Gar}D*ݾTlgVU6@؂~;Ճ.}A q tw:)q}v7yYqK+?bo`LBkJ`TF|{T`{d!X%&k61g3y0v-8$s"mV`C3Pr8Mӛ;cS?>vՈ$~Ŷ?#A;c$ @Kv~Gj7݊2Θ.l`EK*)HQ^&ʬ!7NxVC|" ,,^N*Zr+<_e^-gv]GRN ½ߊxJ?%kP&ƘS*o[=& 0Ԟ(gwo#Κ=IQ.~m8%=.3U=1~(K]ŵ7~7XN#H%@:LC.?ʟk@p+QqCz եTq ~Oq̆q -U},FtV!|-I4,: MoQm6S;!_XCī)3[33Y'}Tap1ӊsFY4}^*&j͕P3o, _zEtjIm\]m Ř5,f&k%栌B `XbY7Tϥ6}vV!*I&yN- wCo 7EH 9`4VϞ;?&POp`8"+~)Jv"?t[:l[ oE0v_-,{>X2hm$KȢU, ViAhV> 2dO5\ԯIiX-ٛaK ƝA~V0n'j`yCU&c s9BDz^FI,"KjԎihsW6毿)e Dgl `gJ[a9kC#r+trmF!Or k `! X H=9 9Ąn2݄=C?'HsYsֈzUY*lvXVEƱ.4EogrFT{e+pm9RCpw''Ɉ=H^ '}L>CLig9Q+PP5)HQ RԞ*K9;4R,O#xwN\'{tNB A^7s@4Z쀩8(B]bY{~h| k1"l]G!#%dGa2T/ƪX-+֕`L3Ggwog;R&P*?KDn o)Gr::LSϓ1% b9iY /HgNbP48'IOH֤&5#fᄁ )DZGl5J|t"?FVR_'2T|r% >'KyL{P5J}dB_^t;%"cL}I J"]dI]앸;Un)Z@j>})<՘/ڀI%j*,޺r{GQZMh<$0um =Xkz`褒Vv"329E\l2_ƂT %LK[ M~wgs.sjK1mOJyȲX_~Cfm"JOB KȷサqsWQ 94@U:-!sMcOLrVc;ܖ؍Į{}TM 0ōX@gQI;Ǭ|Usf5Êؚ,m&[X(B{I־"Q_Kjd7xz1$a: ϣaEN8*l}=5-(٬1D)MI y.wHr с,k"&VB'{ rN$ԓ78~lumRgWscx4O gϸ g<_ \bcp"ZAΒݖ6:bdݡF[k[BmO[d,Q%4B߉d'zGM<Ka YODS F)x&5bko.2ETgrOb G⽍6[l` {Ê/bqRk|Zp}_x:/'dG5<jK9_AݍB [NI. /Q!}' څtV,qp_5R(CUE76 ;zg4܍-_7{!U1":D_]}SRذqqIpz0[PJ1b́4piY䑈"Kx)]9)$gkFn߀$k˸b`dhbV_k6E ]8V+B;Ue9UFOR 쾬-܎2C!nS<合pr ՆSH9 YV0Ӱf\aWÈ[)Vjs E\ItXsӾ}?{DJI8 d f)S?#44K:71=dWBs$fU.)wC1=L,LcFb(N|uu^gS<7ȴ4ז/K˹3U'z~/*7#]el.Ej1qveQyx/|"A,.@7ugA8-Il41{y"3 .[}ZMfBacy}͸LxoΙA炊 cL [vˋrD>I=J+r٦ƽz$WRom! c6CR \~֏7Lx4J"+URh A[vʆH.O(#ē\Ѧ(X3EA&{m]"a.t\x1@-2U5 rz9&4ϫzciw+"p_r@2YGgk<3^&`Tr+Imely0o-RohxΏ )-N Qus#skᔀ(fn[Rx:5- 0߅RĜ endstream endobj 7356 0 obj << /Type /FontDescriptor /FontName /CLZSEX+NimbusMonL-Bold /Flags 4 /FontBBox [-43 -278 681 871] /Ascent 624 /CapHeight 552 /Descent -126 /ItalicAngle 0 /StemV 101 /XHeight 439 /CharSet (/A/B/C/D/E/F/H/I/M/N/O/P/R/S/T/U/W/X/Y/a/at/b/bar/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/equal/f/five/four/g/greater/h/hyphen/i/k/l/m/n/nine/o/one/p/percent/period/quotedbl/quoteleft/r/s/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) /FontFile 7355 0 R >> endobj 7357 0 obj << /Length1 1624 /Length2 17559 /Length3 0 /Length 18409 /Filter /FlateDecode >> stream xڬceݲ-\i۶*mYi۶mҶ6+m[߹Ώ#zm)( :13r,m\dleM䍬-622GSCgK;[QCgSn @ `!{8Z[8(Uԩhhh 㿐Nv6)MM3KkSRBN ajkhh Ppۊ1@ɔ `f`lgkbOkN'{Sc˿aƦ@{SGK'K'8,m]L)_;%Ssrv2vwͪ *:- dؙ43vaiΆNgSwrL, =Kfh2\,mZ_Lo[{+_^Kg'Sk3z&96agYlLjQ3T0409M SNG}ZZe2?'Ĥ C$tL6[:[(X:[ N_vU[SGkK[ӿkS4i ښgW br4_ wYQ3_x^tL:fN'+#_4L}5tvth3322OA#fklg(;ښ]e6vqtM_ ojnj lgl\72%=:b_֨R\ˮ/=|6icX5EoU U!y'a ^|ƹz;ޔ^L'#3?k?=qZCzRJ]9yp-x.Mn4!oQC+ >uO7ڌu,i 4UiF*WxJANP;F? 2S۵+?-u51Ñ J;@v# *' !2t\BYRz9 QA4FM0 x$.T9'Co\zsUئvDHMVo{=mKucR{?jµ"LpHJݷ'>TP"pB'}VŕoaVۆ3(dJ({#-ԇπX &f {V%UOVNxUOr1(_VF (7L^7x@X= #ZF$T1@5NV0Usag_uߖ~-kSW%5iakㅋNϣ6,5èQJyy_wD7CX%;l5 ^p M\x5s?X T"vfXܡEN'Iq*ϴtPk3 (J1Ƅ[TZ 1ۮ7"T-DQkcE2f&@A#*.tb Vn1M(tFYi*KLlCkEcڢɫy]61d=^Wy;k2eȝSKOD'a@xa | ʀ.F*GE_Heq<*q[Tvzɼ r,[MP\]B9Qk%=n~W /%a٨:7ePp~wC4[ɏ:]:ogb1Mz5 3(.#gCY~/a #W}lFj=N&䋮WԠ;!*ڼN7gO>;n EC"-'4:.Qpj\IO&Q>˨SܛY.@3Mko2޶ (wv+((BCM\w,M+ӎ82!E_&ɉfҟ0p(9w&uc] Gl;2VE&"KY/%7?Z6hh|ۣ$͉5AD4&T9P1" 1ͼ#]'>[ DgмFwJ걜e0>]8D1;cl%;ovXyLZm'PT|9YP8ژknt>GT$P5e_秭̮5ܽCG ^&)Pq0r&Ȝ顕_(cc` V K/+^:˥(]ta=R}+MQ۠d3$r(oܶs9C6(ߌ>KK˚Mg,GIĔJ^0ZdݓυXZdiTq0h g,Ap^SvBҺD9aaDȲ-դi%K<" ,(C 7:"P,b*iizs崃-e쎴ŊH/fH&KHrѲL$ ;8&ZǑl .OLdAi̾a`T:_ ~YJZSP0hVmj" >=K_k18&N?qƜ4z#{V7U&EizK0|Hܣ.WEEHoO+uQP<.čPO67S&y1s>3Yߺv3׈Z"?0J9v3 H@wjT KCvRz$_00_4}ۜݼ{HNDȩ!+aLT%Mӫݹ(Bd'2&;q i! J xd׊Ǔ{Ӳ4ƆŠ"}JIc;u}3oV<ĸ+^`&C8h>OoӯYD>v*-_1?p޹4KXfEE~p +1,)*.!1'ޜ~H"@8 *kDETEDcw#Z#㉌RFy`Tv$Ῠ*(M g *%O6l&|LVHqLLJx!v_c+r`2"c)ǍrHVωc Yz^j>'>d{Rt9.kLv 1Yw'n`^67 |ל;5YR (gDy8@;9YrxdHXOK:_![ܒG^#wG6GAGWTCY ju/w,L9o]fG| oμ&.F"RfTue,t^ZOY5zju}zGۧ#!B!>7$^/[s^ e9hqt#:*X{'EjD(("/ThIv[xwwB/q>x׶rBR~^\?N"4QmEEݭ|2ǔgcr G >_zv_P#TM X᧌9~MVnÇwlMsLȑ hX5!%nUsc#bթ39 vPJ/D9aC%H6FRQkқ<;#r]sN.mRvL.$N#&xA`!6Ѩq}yLҸ4U-з}ױH; i` ܶ ?r9X̩bG~W&4_su ˆ 7n^qM |,mO@)AB2]`l]jSv_Vg[N@[?1xI~+: sK( %1BCj5d'V*wXߛTyGKw8КdWϘI-̲%.^iPZ7 8 ~CI;ܿb^߼:Ri/D:DnUHg#0q_Du'OA ߾?tO}2i;uaNtxKL[w!:3.aL b|8;nϵ>e6dVF\k,:dƚ>4V.*"0ֽ˷/\X#balh ,nIvPfdO @˔pJA.r. >v2iӸȢ"R 5{gTML%Οϡc J@M=00CG쮸L(MGnvŵrla[d6{S ZQ=G)̶v7a O( @_WT!:dZR_|ݐQ_4p!^NdDa1FU(o'qy_Cs~ZoR̅QHXcXMH ^#gq] $ '(V?+(@yMT:;s?CV͆(.QֽqD\ cuثo&3{DR/CxjiAOgMyCyn|KV/#j,1h$.mӛawl5ĺ%ܴj{,#y&050"8~uVٝDASM% Hh֐iTVIy9Cu&Pvfj 9Gxer%AӋ[v< }\pNo8Vx;9tC^Ma.o!@Aq?է֥``e - mj Y?6ȉxۍxC1̦:.)a{?8`sQd").:4 <4&iF(]QiI_R,#)Pff@^\ {Eiex~\j]+ ]XC&\/c6xPL& v4>FA98yԍ.$Kf=?(w+T}b ae !PzaL촵!;cNr|(dcU<-RQ wA8Ig-W u1fSduL X<8@7 b~Kn(ttD#MU2HƇID+KgDc_mޅ{ r&4Q3X۪- ANehFSTC"֚Y TL#39so'5x'ٴRrK{/NѤ!DIң9/nB|\O%_P yzq_jV-jlӭaI͜Ixo⻑߀n[*Kz:bk<|9 و!uTw29?uPZ!RTZ7'FY5}|Z2K_!}.acfD]+/ĐGmW*La( =l"vgIķphق"Qn"ߘ4c4"ޟڞʵ3g}!NA1KlۂZ ׃u0RT9IS3<ׇ@Bj;c`llSm2Qr͔^`j73KeIB 8`ՌE*#Gÿ蜍Cx'c B2nQ^l"Z4,._V\DssMj[e$egu<+˳A2c7?>j:<ϼT-DLxkpS" <;b2bM&JR_^D=j$nTpRH9ӼJ͛MOIEGjI&3w fӑ'*}(%|$O6<>3ȸ$EZhtyz֍ jrG/eΆk8ĩot lK84rggq?ȕO%;ϜJ&G+/$7Jv]%>`:Nmf]mI J9RN$SCݜ tz[<\aR\&؆p,A}Is[5dHEafQz<e_T5}ܠDc#iqs K*Gޛ~_2zHg/DhUv^B`l*c3S_9y7#ة0譲T*"u]e6f$S5sQp'rXlc+fbUr {n! !t~ OUQOC;fL`A-pxV=yWKG?3-x W:xVVm>s=Lw ټ^wwMΜi.*,N2㓧׊A.ƍPAwߡ&2( b8Pc_Ft[T{<]]tULX'L#ޙ j\k5jʃnZZ0Ǭ38E|/˂)su|n&$'M-f%Xmm6 ,]O:ثWR'o$CmU]p&#dw5 &dU]7냲Xb F$xՄ۰6>Fk/f&6ưQ ń /gÍnQW;cH,@Bۆ#ޡ{ M{)=^MrBǨo}@;2S2`= %xŖ\{k= (~Ad֗$?gp$%)"ƿ&e01nܳurR JӉb+|TT4NKJ*j[3Y0"S |354% .jw&8Z/ %D;p|pT[(#^ČrN@ +4/"Qp~w͟ ?fwIϩ|2.R \讀+El?N3!y[muiwR ϽKz¢[lwF'ylIa~I|8\i"I ݒVĪejҖ9a]3tyy}G3np LpwT l* 5%fjrFZfMQ#B$3Y䴣|$KuE]3Xl`,=MZ-3V+pVmJ<29̏y,L.Nb3໌K84tQ:/$O)-N TN)C=մ~VQq.ѬCU6F`- TO.ɕFu`"aPv?|_GD4> _ڡkV傪 i[tW)ND9Gly$./K$j>$ﶎz G0\Cm~+ mp= vw*t X 'fׇ̥e ̀CVg{@1o倵?:ٺiiʺʻnVO\39 LN̤ CLYIY<ٽ*qN5IJA+L:OA\raH"y~}=Gc*g$[.gDΊBT} G:j۴LkLQr"4I18F ΤӪ҇-?tL-{`m`zp`#Õ({#*e/_W g䒊`ČYg,ę'&[d)~L@BB4^q ^"|$o|._Ž2RaVPLH *8w6lE;u9qJ3G[ۣ/+Նc \-^l*ʒ7D3ag! j[)| CSeSTvMvq~4;gi?/w'k9[˞0y=U ?ᮌmYJ `/cytw+nsF-w+mb{WL,HW,}.t8:p24LN]抗O6HG u<crj_Y,Es-v:ΪB| xo=)IZ c*+'lٹSp^7- U8 /G@ޟ2. E&_vdň]d>$ w~uIɭ0C/r~O xebc:gu蓍&A}\fPJVղYHF7d-Rޞ@5R 51*Yi<:ي-SE)"Q  )۽ ׷I3 (8tt?&8*S)%XZM<ظ@/YLktmY`Di9CBѪ~A s^%K mFؓ{KTmb ˟+8?)wZX#څCh,r+0FMUʛo? @Bh*:Lu~dWB[e=u#k9zC &Ԩv7ƅl+}ǵI%j1<@BW<~<&pjWn²ޑ4M>1M@2nB,F<$>mr <ۢCENy mtt^;S:/@p3מד>w?A \ы MmӨFaU/$EƸrO&@MG5f&QH8񪻠8߱-gW|z=K1bb-L.!^Q 9+/߰)+t5'8'nf,~rkA"<4j&N?e ToE9Y / kXxNgM>4|pZj #;Qxus*X䔭јpdϲX"kj=I[R% C!#}yџ eA-c!B%>d Lh1"Ӯ@84_BmĶ׻չ-: xJ knR;mڑR51f ý5+L3Lo&%BB&jKyi ;"O_('2%Ӝ@lP]QΚ(4Lv)3yʎt}7O/ HF9' G9|[$4ߎ/ƲS7Xh SOv8ZNQ6+tvO ? ;Mŭp^8Cwem}ʚ9BVn>3hޖS CQFr .QYڪЙ/ fa~q"2Y:B2)P0}Wɝn\&~:*6*D-~iUEEyS7Ksy}j+}9`pzМq_5y~y9ƺ${lxCA?onӵ#ER5j_IH$K?GǮI絵1TƝ(IY-$Z\Wrz]PӸ RO ,'ߛKTSM>(}uAG#}5EtLhߚ:f"Ver(Qp\b? } YVYa4!93ӯUZƷ~QyϧAKn ˅ԘaC.Oj*c[BQ)yi̋gKeeQ C)ϣͽ΅M .αT|H }0IH>_25H]ʳ/IxE(ܟ7ǡ[`.9xCs; Y8]%>9M @y6 j[I׽2_d`Zb0!Thm-M,ġqvs4DD z5&s2rdS7waN;_lzG'\KCAK:}3}CDrlG,)h:of[{.=nآp6ܾȞķ{N?|%lU6&MYD֤.;m:x5w Pr)1[~g.~7[v hE'mphT`.a-~a,Ɣ>PR2ZZL%cpʍTp>\\K1%ovvScr;|SUwgB1O:AՈttZ$AnoF;xģm-P@ +OXIu LX4T@ےC/i꽠d]Ӥ u&93,XqR ξI9RwX@ Wݥh~]V(VbM=#O7 V7(؅. YoĖ5U\k쏉J&bd-+Ə"nS}TIN}ʿO G{@Y-bv}؇\Y]u50{# Q€?e ^g%*j3i/}Amip0KQUq7Zׇtq |9 6gS PJa_Iס1Sf4 c+=[;.bו-ND 17z o-I%кt:"=GN!|Ben4VE%]54!cTzM3~ QB=K4Qm9q'D-0g=:"~G f($5Kip0 VrI8~O[nmcի(wɣY)fR6/gm)TZS8x+@o.ceb!A4i)]g%YI0 bPŢcEJ>))Hqũ;'zxJ6vpT&l\)fVZe@˰V=t(/7jMX4;-,H0ISҠ#aQo0rzLo!5ol|k  j ^L4BVU* ~b2L{:O{s(Uٻ%z#^*LT@8pNJse옩cL|nHMY. 6zW'jS~0N.K~F"۬!jįcEƮ9EtjJ1gac7OO~P(|xѼj.9:'wF [ jPeO*Tu$c75U_s7 sc~Jy1; a3gTmN IƔ$oZh̥j?ZcG[*QPH)g&qO8?EZ:q)SW=0VE.;猓O`IHr>_@bؓ&PƼ5 D]o/ r*|EPi$.BXg 3qJ<ѬDH֚XO_#inY"#JѨI6C?,)J#,vjggGU5/&Z[\|9 =]f~O!JUQMYm5w3EnaHOPuQs<ɀj;Q5e+[v+ii DQ޺|*J{N/s{ %.N~@E\uq4Z<&!v\x^*{Z+3C1Z b .`L^Lep6uO hf{/ OAU}L4{5"f{m۲P\=Yi UDٺpWʋV r e R@J٠_Rv6wQI6/ce')ʔ K<1o2&+uBv[A'ʧ]顪f^+ r[b@~4^ZL[Ɋ&/.wio8ZX}jgE#VO60<~.i'K8#1npCdQG $B*uN)( KIDZsWMh"W/hbfAoawB+ Gk(ؕP_^vg"9cҦIh;-<&+4$W"|ТqeHp--{uI 'K bAl&1DsJI%Q{G VSiVA !t55V8{RƳPIOng"R?k%X/@qOBZBgzi!VϛH,*̇АZT>)OtoQ=4%G Rn3TpT9Dxy9\hB3}ʅO'Fk ijL$볥ϝU}Ygj27Dyw>773t0C]L(ܹB@4EMj4-tC 삹6j&:Z LY?oG*QyOa҂O/ӉU 0ť1 $;qUIE 1f2QLۦ|SGue. bg11:Wg7g脑nƂOW<4|P!0ӕ0Ů&"Ng *Ef/7nB~[bXUX|uy}*gwhsH+]UebkN1+ "+.?\W\s_'Dq+dz)&Psi4hf[1 ѩ]}= ] {@BM9斟MDD&}$!`{;?bMjT WϰWHncM"o]ddW'1O>ME U[d9[{L*=XTlt~Q^}l5G~x˥C&1 AktBbLEOP T|y@NOhz;!<=sBTS=s=h<3 _T┾ Q\6T t|GjԃA\M^Z2`utP5>N[ohpԯ?OGnH5(o _~K-&65| nN8ֈ vaς%Fz+ͭ{H, Q!gdL|X%/0fxi :8I$GÒ|a)nա@[5=| ")!WAřÜ$ _:w5BN $S 'ij(w-~PL(_%)jSG_uosP_ M +~>Z_NL({~E;펌 zFǶCBJӕZف7:`S{BR+'}>#AVG)דk2o/0rx<ҴX"DPHkaއSIViK|;2TJK5JyoEx~Vg8.ksLr7}Q3A9SU\13 zS0~e,&*dk.D#;ݾR)hvlH|6A'Kp> endobj 7359 0 obj << /Length1 1612 /Length2 19098 /Length3 0 /Length 19926 /Filter /FlateDecode >> stream xڬctf]&;ظc۶mVl۶m۶+mb']|>?{95q5}=6)23-#@IVVW CJ*hblag+blP710a;{G 3sg:%55J1zN' 3[Wk;{[ML&S k8B\N nbkh` Pp10X:PL^l-I͉/dobdw?*{o F.WnjZSsrv2rw "8 dW 3kilgOJu6u8;`ldom_0{GdakM M:'_ebpv26ado3 [Eo\MU zovcSz9;.w,@ -_9yb.r6wdka5T7w?8!hk: -,M,+/_FUL-#ѩ[YSzLlkIWRr2"uJ/*?BBv/ڿ'!#ۿ`s-kh2~Q[#;zEo{/?j#GǿM?jtw#e;#`˴t:ܑI>FБF^]JivsC)>tk|\b-Nv@zR hE0-6IE%ݒNfGgJbT'{_Ԇ8.& 'ߣ#ý89qФIF_on{܊AUtIm>c7Â^`#-s~9CʹL Ś)nz7MФ?w iZx6bݣXl#n;$.]:bsցk 2˙e7 NL8J&w{s)髥_p7eiCMYu`&h#+4?AQـfӒR:[[Q)|Is'X0ף,w1=io4 GP2;FF̒>jyHħB8{7pn'Vc.tJTERx/xMNm7P*ZRA)Ui3!.MPc77V!EKke )Nc?XV) ?[El 7U5%wxM38۾_; 2S۴#^8Ǭ:DꙦmYRm,i9v;d/\{[}!դ闈'S݉u ,%zN/Ld'vg uwEΔEIξy =*_DҌduR!BPFC*яd )u+X rpbHu9l?`Nq7~0y?; R6&u5EgՃPd1Ɉ>zTy6 ܫ{3;׬7!c9 _uZA>Y$+9pWkyh}ٙu:DVilbH!TRVՕ'K Bw-4Z+k 2np3tq(CV'd-^2Ne]G4(z3Ql*lN!7p^@䖆Aƴ/LA~7C?˷88enƨ}?h@~TxO)|%{k `ip fׇY [PL֊ozvAE$l1a.>}(Zhm,8Ï@'ss'RYBY/$*ʈ~_Җ'߁yqEDm*q$̙O\)h$@hL\6?W*,a&:kJ 1^Z7w6M#&ظQ$"GBUJT@»ֺr˖BNm61vyq0;?I>pP}L킑 U[^7c{.2ޒ}qo5򉧸2ܙ$lNX}({(4whɩP ~{'w KMN hl`e F6.5x" gv)|}# )1'[W&qN~(2[Ta%#͗Q[݉q<O lVe㰫VfB<>L_K"`ƃ0I ;/CCܜ*dx1ʅ@x$(ɱpi'0jӅc0j;4WeQ֭:dӀD)*6_"φ1kPi]OP{݁3JMģ_Jfo\4ٵS*k'E]o!"O#Gf3TEӁ4U_l;rt?呜%1`d O\_kdrJV2OL<;(j,*0ˆ`C21ZmSƫ"PfgZ7taԪ4W0_/~LT3άν3#uF@ItzE޾Jpn@s Vg`<76@WC7j0}e1CNOeVYV!ORޒ"UR< Y>c7CH",+?˯P iT$L.1P[;T^?U҅b3qŶGT_VUcW&7̜~l=X;Q»ǙZ$!O 49YN)+|pՒ#TUNF)WԢ榓Z|:R;\6X>4ϾD[oEj!Y𓾚P&7M=3nIs~a$"-'C~فm_G{Z8AO~9q Κ}]q3>ĩ ^{QV0F?yA[~,:y;W2ު״TLJ?k f`V!ݗWn=V-b-F"uΉf\S:EIqRxr\SZXۣvo5o@ ,u`lOK8#J\$D(=+"&tnr:w H@[M!2X.bڮ]c ^i\Y牑3cQ3K0XHLKze`o\PWWAk)e+EսS1>*UER.y/$)Z'/2qt|&2*Obarp=(jfS$&1vMVGa[PI)XJ=./96JX5*[''TsJ96"Ɇ@'Q F2:}gm&ĜF a0=_םB/Rh3W^KT5#Uѱ`A.IM:,88٢l ~';>' *\?jE_yi. "tQ `[_1t+W)u4f6jvE/h9|, eOv$Z$"n巈L} ^6h}q>KΫ&cKR*qB$+طUܐW3Þ; !lF9#*jNV #x3 9NZ>e++^7a %^҉"Nt?H X=޼zǁm| ܄ q#sUAHb;[F Zƭ[/.ͩ\~7ZwtaEtƞųRn&R2QKdt1 DVDsied`.Ol1=>24I7@h5QW_#6WC^'TS$w5 VjY}S)?S>r ,ЮN)əBtI]X;FLHrƆ\P҂$Qu<{@|67(|re2ok,٬#r%-ە%ї8H>*!ӯGu6^(#Ky%xo쏟0 gNbŘ-j!70n^ JT=1?.-RKmKk_@݊9/ߓhvǽ8,ٷƣz཯D]0=*@8AW$@Vz.~YvIRJ7\< !kz@-X^]09kS>cf F/~,@^K46ͩOy=kOADZBoT1 9W 2Z߃Mz"rNY"j*;(R#`׷{<]^^V,3$pásm[&Vr\gѿ75I5515AeEC g` nxcʴ1U]r  Ҋ%"T\2##b*4 w5GNDiO5_tRNoBC7ݧmNd.nH;RM 4/z% 0mc`L5WS ~'5=^xZ|qI`x142hñ;z.(wˎ7t_2u/]pYOB ֕4 0A 7<'G1lD[2s xցֱV9GUƷC5?+MwHf:fռMMׄJ]K wz1{XI UwȾ|"mðN( nz.UUDO4Jk~cŬ*.@̜Ʀ5Hمnz壇xsmjiщ^I8M+SA/9(}`Sdkߐ ؽ/+&[LMǤW q-wJ5( .cQ ҘL%fG];/-F;:W␅]oKut3V)F3ٱƾQ! ]1L&J!Tpsy*%ol~:+ws+8ӽgQb OvzMVᖨfMJFB_ZxeU<Moqv/aESZ*WgU0W<Ň=05b6D#KC oib;utR˺|A/Z&}K3*hx?͵#9o5˅]&83riUbLkFY*窛sL6*`MUM/mɪy gbdD\(A ـi(v\.ݢ{S׹P0B,nVz<Ьlgh$R̗=)VK;lƛ*bPs3f1Yn[j 62`"2W"^ ^Ȏ/+VտS.@Ϊ+7ߘrn{Z3޷qc]C9Էg%QmAR+Y~;,~8<:Lل[7E ]*3PY7^B$tj~_,mC-OaGuTHM?f}; $lͻć,-"$t6 AP.1jn@C?2F,uscm;`NfL;+va=RLSZ }*QU+D7'&_Un0+2G)ϴs܊P5$Z/^_D!D?~J9\c6Y Խ6Z筒UpDΉ,ep,]~cM^1N;TeIͪm`yc7N,,RЫt.+[[m쒐?S&|c4R,8M7j*R+ԝ38pȳ1HzUJ1P&^ߠA1G7X n GF@bXV=k+'M6kR'|35/ ^ ˣf%Nܹ'C4y\\*(ўC%ӝzH%1& !Z/G;_N-an7*`47E,õVseTc]QIqmJ *d4Xr7,j"8ؘ.sp.ǷbgxF[eM\6@ť+Փ0{4"QBI}H #Eٿ׻w8u^p iv.,I HTBb`_Y G%geY>/ g^%M fI#㔧CNA*gUybZ'&TaV$o =)gF{6+DqV+[oy3a>.0{+VVƆb:IytO"܄~uo C?KWZԱCʵ@?Q{Gv{}H]R)#GuQ뿛KzX-^g-a^*lK䣟ζ#ᑵʹԍkkYO`I^CK|;}ʈz9PL32{4W~[$ZY(u4脰̣c NfF^#a%.% _'C` ۋuv8+!I3fӂ~n.`uqx=d}6J-W~8ba"Grd(cfaKp?ՏJ&XiFӌ$Wj&ɜDRhuI#0ZOJސDe[ߎ]K=ź 'a;9ƪ2J\*XԲKͅ{LP]E~FJşW{yXF&.yp5N;>5}P|B,HoO9)D;7Ւ!PbY,šxn*jl~TNS[L&4|aekDាsrfuAThbeLu#mߤT]LnmJ:#ϋG}fRؘWJ`{qW !>y _$Ofyh*q l-mHn.$tYx_V{ڦ b~z3-;潐ŸN%9-\;dhM#^Hm%SQ ;/ n(+@(!_%pn琋 92PA2Ivi1ZH_{Sb0m8™xTĆ- JUIc(Cjr!$O&gZa dAؿUr~'_'ex0ɑ>y~apYyvtl6o6&Oeȑ!) &&rǤI+J}ʼJeX+ 4TA[1&V竵b}PM .嫅O^UD&?׻V=LK֨s^幪3V3'hcg aS lBѐ4 N jQ/*[NZ{5"ߦ[8^V>R %}:TGWcˎ^4bp{H0ʊrmP]GYnD;-RG0R2/}|{C%*лQX\o m2*mljFx.M?1/(ǭdq$riD[HTp9gyĔKJAxŕDK_3\ٽ쬞R~? I اUA5.r:Tjڧ:-rv WzxEBe꾖A_N%^q8BnĨG#x0Ymij8vOnyRA\Y]佃 5LIQkQk00ڮ}Ji|yQ;U= nl<ƾTqbXWby]aw" a9, /C$.wЎ;}1zH8BHHUn^dEO?3=f/Gqdmbԡ`c-*1ܵ]=C7~v ,2ym%=DŽڞ)oi1Pj%TCͤa zwVl PDשY "_ܷ*#$iPܺ@dœRu:j#?NtjCiNr4}dArH|r4 $>8 UId18T{^|i83j5Y '2|Hg'$uTqv='Z0ɢ Bҫ@b*vmyW3sp t_.j9™ISt->MFLqsIOLOB27Y9uAS;G r=_0?x!\x4gz4# '*}>ܦ?YZgԂсg } &Sw`?wsD"̌ΕO8XLӥ<_70{ A[U-yRZ߸SDoUDR} ꢫp込}~nYPu|QͭPdk*\, Fs |S}CZC=ŋ+ uCDsXQ._ hgΩkJ@QU2O*甒k+bf؍̻=Ȅ5m^J_zn>/,J^0ҧeu;¿$Y@&ԫvhp;c DC]˓Tb%md(,lї.uy U.\ h*4%P!4|#+P=$/9ze\7(s [`clxUXa/[~Ӈ*6+A\^V뷩?T.?N¬]FDKI>LܔMf. N`9mn6\W_4HEζ M{k1ϰ>bK{TSk2} DZy}s7 bAn/{^tD ~B b1^2j(%^݁u3t0j KHϧ,9y*~UoOW^Qf*͋rmmJ.^`:oPu? רγw^uI>hĔ^2I#,#XuϔSm'i| kPaY.z-%Y j%TA@rJB{Vγ̹"ie%fɞGk& 0ƍZq톟Xi ʳE\kɂQ %]U{Dj{SFs`$vP 2hչaY~VG D58!@v6j|੨˳ŏ) \^H(fqg߿N >6b%:(TFyRPkmp*c*^仁}#QiSYAl^b ^qg(<*H6CNO4jFb>̳WGΆymt^m;tDEΝ<%g)nZ:? X2Tpӗ<[_>wz`7҆شwzS/MLH$ 8K8ZѤs3Hs>|U1!Fmh0u ydxIX%"&}C虠Y_2 yt 0QiTT]j@G C$Lfo=s> GM6JnX81YF+(SwaR|wRIV2V{;Y.64fx]d'$1QdH{k:O?yhʍhtF BZ.t/2_挋ϐ8%S{y4d& VLP>^G FirQRpRm #fku!MC$KI4^ιo\1**`NGT*RUKu=},u%D2Ɛ$1ų135n.GjBxJWئg{d_rKX@ilYuTd[ŚA.֕ѥЬmN>~ T[/ ϺEoqB_w7FZ0*ݲ)KI] !h:%~&uqgfbc PȗwmG_d#eydAчAl#Ref3``Lg?݅Jpc.q&SǴTRlpa,th&pY wg&2'ߍase {lV:4pd} Zar@f[Zynq]J:?5gEH8Ro,t\$?q=׮?ȩwPFqBX iP3I))Ywƭ }poa,QXȟ6U`=- xvA|D۝u#=6g间wmj:э6b\I%+D׆N 0 0KWV1;/`5>- ?]㓋B+yԸ輊6|9KBx0] alcI[[!.iٍ9#ߟ*֪yQ<6]{tVJdƃԵ* fv}?<43 mLǍd8S]fRmסT+G\OJjCw篟p{#Bej'9ń|\7SEV@?SQQ?w] C!b,|Θ.wx(YdҴ;@_UC+uD_xT}f:#G)Ρ5nEBkˉO&cibnM% 7lAX=?V7^>:}l.hhx2#Ğ݌I ZGM1$,gL,#h'wU* H3r*M#a=;[qRzM IXZ~0#|sթW]je4{>>I iEAZχ8IZ\U2(g 4V?s hرVAWA :9fm.e/K](ڟ㩌5D 22J8O} 7g^QZ ;S.=_{@:(sC9խfAԍ[;fctl V ph_Wc9 \wꈳ$rbenTрG}qa4\SVg!&hz@ ۴!9(9_rg rπ:_ wB5[d<4/A#Q@ elr ޸}L/.ʍv#iԯ^akm$;\ +oHAaOysT9yXKہ\%JU?@nǹܙg㿱ylSHLґxBkmB#q fJ,rutQI%}]{>"vOʢzwޅv!^Uɜ #:,^f<#!dNF|,OqVT =2;gqudz ԢU[iG.qh$o6~*{$ҽ۰mE*UBçk`},@ g`=j|m_@Y!"dO_J,WdmL}=:tWRA5 ؟vk-JS(9j%Hp>DKY16N J0 M"VPl(y]IȈ^,&G׃,u r oztw.wtg.gmͥΰׄcý\pƠ>^',m5ڍh^&)ˡWcGpv}0o0 } endstream endobj 7360 0 obj << /Type /FontDescriptor /FontName /JNQQLD+NimbusMonL-Regu /Flags 4 /FontBBox [-12 -237 650 811] /Ascent 625 /CapHeight 557 /Descent -147 /ItalicAngle 0 /StemV 41 /XHeight 426 /CharSet (/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/a/asciitilde/asterisk/at/b/backslash/bar/braceleft/braceright/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/equal/exclam/f/five/four/g/greater/h/hyphen/i/j/k/l/less/m/n/nine/numbersign/o/one/p/parenleft/parenright/percent/period/plus/q/question/quotedbl/quoteleft/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) /FontFile 7359 0 R >> endobj 7361 0 obj << /Length1 1630 /Length2 7271 /Length3 0 /Length 8102 /Filter /FlateDecode >> stream xڭTeX)I[J@f@VN S:SAF\zF}y[ HEK6pMTGdmE75 >F$ [S (a(\1,]6^@#`{(8{s>@8v`c`W2 7k@ @ A   ߭yk߇^A.!n  p5q? ! pt`pvA=Op0_p@n~Os{:?vqxg ` DCq~/*ng@wk[i)7ys"$'5{NhY;/_ 4[_a`׿ 1b*~(P{axy2 [0j r{m>o-_jS<׿{axo4ƚ0~((^^ xbbqΚ7K9?/?F }5~i 5sڃ@/A@iP*1%=QI;Լ]7ĥ ?u?ͪDF/[.7j$^/3GG.kF e~q)t3Q~!]=kLf!g=r_>>u!&Wǐ֢Wmm8;ei;XʌfKbL@xYo1.=<פtx"} =Wor)YRu3%Y9#Lb liQ8 499tLe~QoGCb[6QhzW<|$?~YKNw3",)u])+u0s@sŔ=(-0rͱhz!eaMܻ g>%cHg鉃SAZH˵C3 mq کF@e=XٚKŒՉU mfHWRZK)+A]2ӵ^;5(A%,ޡQbSZ RDe\P(_٨ qu^j G.z| ٌ?)H=hH0=镁Wƙ O>$5b߉7N80$dqytZSkGGƜ7iuuCyeӥ< = $S]ogt~8S\!>1+v-D;b(P)0 褚bR78aG7q\F|S Ʈ+u ] Fٹi{9apImu KDȷU,wJL 5-(iI6w3YlNjdkx3uɐ>tngbc^^p, iuFFHVd\rج\vs$E%yk _Wfb4Aqqe֫[bUxKy W*N ̿P?buG\ WNQ52.sM!UgA:<W oP[ DI|v \}cūO|EʜPONf\di}ߡŒh({fTNu$Qt45DCLP1S~et䮆XF_ҜUȼ7yy/e36Ǥ];q+MͼGzE!Rrw< /ҴJh;$Z`s*age҇K$12Bw*G(]Pqְ͔.Nq̨Ő޴-k'N ^^FuGDڈ̜']Ii[ﲤeyAQ^.rwX찣8 g}|bL'hVE/V eEeݔ͉D(*Ce)g"B[̨l-NS"QKQxBs(aږ݋7v)e T[U]&b_lVw>,6O'WʬܓH|-?RCl>憨c2}n}!uZGk[xlf}wil>nv 7™24_v67|׺4G>ҨnȑR%8 y;rM)UNҖ^&*#,)}aGՐf+{»ps%Q4;MU0uM> 蒻c߈h!acqYϤāI@UOXzck(_w#B,zl >C|<ܗ4"("qkb㮨ed HkRTJR7᨟h/gքI n^!f΢.ga콻Bx>e*si&`J3{V}yIf \c q~ xu9JV0k3K;]bɸRcZmbDzxB4ND>m$;ATU "~06MRYy|F;25V>Q?VQ֢ Ö3HL Alyҟ^lvaa%9L`;~x\IL.L" >S79Y!vj ޭw_ؘIlJWdz$6,T%,ƚ8X,4(ci9c=~k`݂Xƈ C8dbϢѺt34(E!OW}g*RFВ1`JQ5> - f㊗-/H>WA16],oԕ,gS?_KM* :%ak?ꌡmc5+8WUylc6;XzՈVZެڳ%/i@`YvZGU#WI)sLSR1ZMQʏ4Qwk8n9uiuˍ6N N$ӵ(_POϜ#fCݗYjt$z՗ʰo- 'J .W>' 7*BmQww|boV_Cv̗9~uNNY-GU)B*':7 PB/ߓd6plɸ Ob7a1,7UfDd36p,0kԙ{ EִLG0j\HcO\C6fxmg/*֧}ि7U$ǍCJb;;y@" zqq{ +w$QǢab d#/{/PxNt=`Ur~;6<+w$!)Ps93~/0Vb5;B(QrjeLcGQi)LY|!F%*wjyq=O~r,[^;yw)f-)zOX\;-%2ߟb@#bG<}]}3߮]WujjBX|d-bjk+/s5􉱅h[/U&=WHdN\ P$e7IV,4-+-J^CM,FBOi3D伷]]P8=SӜӴUTlm9,S LbX}qޠb"/&GIj͝>h$(W px:tQЪꅾNީgāI0tȺwfEfBPzС{5;qx>78mz|6ў2*v%c5Y7e@9̭lAm'&4dIZSngdQh4JbkiyìBDz<0Ϩ|tcgjc{FL( RV{ /ʴk[ϲ8WC^ .i-\3lJ~5Em02s $#{/JZʞWvh1/QBT#X9,<κ[E yO,_0'f45ŏ}U(LPU1W?Lt%ܭ*w"ju})C-L^)^Ӽ圉v@@R "f2xLX*D/XBFIQ0bl RoWeڕVL4h,*p.MdiGAbEvBWk޽uveѧt ;%&} 'V+M#Czn2 F2^sޣ62},9W!/&v.k'޼;mS2tx/bLxsШmO6q؉mV.8 wY˶&[QSʱ*(qa=OON2f͍N:w^! ࢼz/bQ3/>iRxb+v&)6/jOw#2w?51͹h<*z~+<nas-X*P2jzsCj%RB5F4ѓ~z چ|%ik4ern<))DbyM+%}$?XEbLk2%?t\t?tnx)Nz47։(ң l=W?eGo4u˹k>1ٰ9<ʌ)ǐTMsFQ^%kօfoIg $>h2.ָ*r5ڹ>hA[a4'$+Ȑ: }@E` SZ}VָdT/BeJY,}e>& -qPMZ5.W%zݭns E|CMS#Ũ ^G,Ypjv/,9R9K쿻TFpt)V6eG3AP9<~֭~dИ(XcX+ڶFdn_i\t`y^ yGFuJ(3NwE'/37j'JBs_tRsq:Ub?+s'̳Xqib! \x[y#g`lw$pTh !W馳,g;*S';ǭ)|1#msbxRC0Z,fuǎ%_鼏4 {0}mQ:ʢ6-aGITc: l$G?q'bQܒߟ6%&C9,f?ԙX "Ih@?DPOGu~xKgÔάDr򧵞wgF-$d%cdΒ̊T0.STtՋs1M΂'?b%->y[ZM@qCJ (hMҟ~l~ѬZvJs8{: HWheJ&woE00N_N'}~kvtѝfl^VX}wSMlwҩH(ϧR]uˤNn]Ftkq#ϡ:c?,^ Εp]tؕFOVhĿ*hRVNw î_73џRxm \4|2el.*:9j M}x$y8uCkZ,h;ͩ`PBk<JE37OʣFga s+Peowl$|Be.٥2%^#DZˬGlxێLLq1zlJo$iE'qs),KM&.:LNg:.XgyRF H` (Q |4UE%Ff)*:DA?KD`qSz$ Lɋz𡽨l-O0SWCLIJ8&͚Lp!C/dIwY#e68Zl^ͯ8կs/%ݏ_):W]nXbcJ6+l*vګP(p[QYa ؃%FОXuR=nHsZ#1(L}(+ JJsL(uڪ%$(ךnMMCxMȊa┌)RdTԭQGN7̉ҩ|,o>?}͍UB,1"b@!2Euʜ(-=^,ru)]*WVCVI3Qߺ׆Ub90+)ȭ~cIq5ɔC[T$>Xzk,}'SխVţK"pB(;zr| RTW@sdޣ̻ĵ÷CfkAväXtX#@(4(lݨ݂),Gt7_'_Ṷ9Ϩ(]E%X-ӑХ^HS+o^ endstream endobj 7362 0 obj << /Type /FontDescriptor /FontName /VNPYLE+NimbusMonL-ReguObli /Flags 4 /FontBBox [-61 -237 774 811] /Ascent 625 /CapHeight 557 /Descent -147 /ItalicAngle -12 /StemV 43 /XHeight 426 /CharSet (/a/b/c/colon/d/e/f/h/i/l/m/n/o/p/period/r/s/slash/t/u/underscore/w/y) /FontFile 7361 0 R >> endobj 7363 0 obj << /Length1 1608 /Length2 13084 /Length3 0 /Length 13917 /Filter /FlateDecode >> stream xڭwctݖu*۶Ym;9YQmVTl;*}ow_Ys͵{CNB/l`l&`B3vҋ8ؚ>fF.VbF.f< 3S  KupttP)kPW ?#'V73[G;3{OA33 %-/ WHٛ9]mLV&f@3j3ր X@hfby XF.3pqXٛغEo7!Gg 'hl(&.F.Z}柙&w3bdeyU `jt5 l7 W?,Mm̀OO쿦>{#GG[ϿO;_\f ,5M\>k[X2(fM]3fOFS3sXFyϒ > [_5ozZVs>_ @Yza->`b` (aafhbb 07~5{S3g[+{O-#_bV&6 2oތr2Z'C0DD<̜zV& f O[4߭޿ۛ8'*.F_&Ο}?[O%7303]]r0 NLwe u,mT-*qO 4| ehyo\CEy֑v'ukPZ}#(ҫ""9SB-X,_,Vs*H1~jꆱA{I:||Us澶 Ķ{l7a؋JӸ*>j7W\c9j_bj߸2<}71!p>6-l/g{mbF$kP$kýX (P ]x$M]}&aJsIYL<};2VqszӏcԮzNfKH4weGJPL}<=o VĴwh^Hu:Y~?Mcu-P8*e^`hԼ ^ #cgspHX . Ia`)T1}r`9 k-t@'2~U^wN4Ih,RJC7tn"m$!Ŗ; ֯5-.4^(GreLx.|ݢ SUF5Dkk+ )6m~dC? ^d5;we\JF3^wݩX3<a]@j סNocmZ-ngu5gA!I|/Œ@q;v00^!>M1~!z0 r?'z/0VƞU\Gw>*7,eMkB%E*/q(҈mt|"u"(I:nZ}5o\$#c1q0~fiUb5E|)D/JF2\RD9|<{bEȱNqN7fBX2ai~j:C0@d)|s$#Y ˅U,B1IM{ âznf͚2\$ccͰ+=)6ղ6OTD=]q"z.ӶH g<;\pݵc;7J ŵ if7JCMrvZu)dYžTkór]hN-Or~xdv Qou}'9i0$Q@iY4S'sx"\?uY7ǀ0@V8CLQdsW& {CY\eOI= q4E@6~䦎xe)GJI/Y; i%njF'y݇rW{ewMk L^ M$&ի$ky.U{dP1s#Qދk+mb֋ uQw#BʭfXEط8Bv(v/h%> P BT/b{DS{uUM=@$x$ (MA+\i_C8,8D7!:l~:7Ifz nMV$‹S(2;兇ӵfw=6V$fV>>rUg=aw$l|xIq\mA9]i-Uaf{R ^f~tB0POoQ%3AmlL 6Z&oT7)Dc*b!` U <_kP MEN[`gp0Qd{ 22nt:=+7΀aC ra3jÚpURL5Dwz1wxLU& Y.( ^H`)1zح>G q e&C:Ajg(O׆o5S1MD8OحIbg4iG(nZir0mɉE,35!%.`T@? cz ^A>~3u"Q<xsy1VH_vd?Lzc؄o_v/YIIpGV0{v),'"_:},AKY6®Ҏjll~̯Bw5A ۵EA{U)4`Kdľ4K >% R`umRgf;C/(6&ȍtϿs҂tx\WN|Rr )$V.| 0:6}zY?>HvNOLcIs4lsk xr M[%TEt;[s۟ߎ۵I.!FQ>nwAD)NPij~wV$Ʀ\=-~23ŻXr&ɻ븝2d%1#o#̓ Շ FDW!QDzc1k5XU 5a O?!FCIœEJ'٨{eOBN ^=u&i5k&ƃkz߾NB:(i򥲹 sB,A-Fp.;i(qVO j4`rVe)pn]qaX%VWgޤG=قI([:Ҵ|;H6YM%sJZP-`b$ CIF\ML {[ghB?|\*~X#~u4.^-5rvRp6[[_G`&0{"OiM땷wLʮm#u&v$cXՠ> }O\sTgN)7 $9ph2Dlb%^6ڊ;F9e٢?5q=`"eSXoJ m#LԱГ7n'7=3ê8<35ODٻ(zjgdrP ?X&JxRxl>5kMMGv$SV5˄9p)181qح#8wQWJsVi L{QG?0s&9y8.Bǻs?$FD6p8n07|*.Ey6f{3#b31q2q}F7)oC-P}ZcۍУa7uKC@L1F#kh!*8ktLև.$*CtKZ-0lB2BfDVdau|X ь)0X$hTs2SكTSc[I WlV QJWO8QE/m[1w!F_Յ( VqbhҾU(7(}dC\z+c:%v" "ԕt]i`֨9w4,OQi'zQ@ǹvd4@*Ŕd&IԨbpQڟ`nI(VFqȢ!x3/<0,nJ UukLђ'qڞ^DxQ ]f m((uHu#|t?IY:W+ KeVk{1$LLx!;f&dz*_LOB_0 -" -ɤfxjghm堖fc##V. yLn ht&B O- Ûޜy6^ۛ'R?ǖɋF槯Vk RAw:wx3׺ 8={Nu۫X,cJ j˄n V{3bF/osxp qt) 7m=0}tqij<*аF8ӲգўߢF3: Y.ZmO f=_KR,6%X=;e~+%LAy=ٰLUsW_eMo-ٸ ,2Nh~xX( ҾnBr}ǹ!uaYZ{\%KuL(EnusֱzE8:OQ&k؟ssV.;WK8'SYsPƥ]$^ l9>Vôn"5y˫q[d־P\M۸;c_#&*4(Du\ ~TIRs@[X" n^zssnN%锻kdc${(^ } ~lNҦ RW[FXVḎNv:m]c(ͯQ4tYX&oq,FXg" r_CդtO3ov%"-WA+vka bjTߺX|$m_Rꪒ7qX5&w[߭AsRtIH4JVioѤgA,aYEn V3Ufal/\KWL FniP~v6( ehw̐IM l0 gJg0Yl'܋7ndlY 9o_՞d&Y%R ֖ .Y+~}<02e2nͮl ׇB/ǀ0ڜPua n܈ j>Sz Ej9_,'UXToq#֔jN6+񦝔rx2hM~5b${Ptf&Θ:(l DOfb+lwHYÅ6Ly%h=q['k_(V?8Z쇘З\|K<Bj)4q{i;Y,)&itrarN+z+ݚ* # );f'-׏C¹N#XV^S %b$_cr#lFagap|s8;R|"  e= ,1Y:ӫۺ;/=[ iC~4xgwW3?^gxh_bEEۗ(Dp!M9 ^'c79Sw:qjV^D&,.Il7Pdzzhx9x@{[~J7Xi9ʪڹ/8oI2A*iiQZ%QSM?;\855UÄ74u¬|#:BdA19YKqL4x~d[g: V?ck+ .0+0x&B',-8=F\Iυc@H{͜ѶVNԿ I/J3Z/1؞\yN3jHC3K0eB,$@ZUb/݅u(ؤ*%Be~$b|nj~(K4pgZ*ԥ~K"[1!ـa/y9"܇[Ĩ4'x|){Jxch?,$8iaج] <}PQA?K4làZeHA.E߇8U5X,0rORXBXEpH?1Cꓭ!wnX-*jm}9+ 8Qݍ9݅j- qg!ě#lktpn)Zڳ$DfC:}}ՃDOadipMӥwq#8w-2G?L:jx0[1-ã{{i;NH %})cmx;piNVr6hNb Q QҒ{cjoB9uŵ?ͣ.@]jb]ik ^yUC YHl0:Ep%[jvll׶;-%-}ۅ nqx؋S C5jЦ1  -'ڰ} z ݚ9Tצ}H G (n"8[PֿS)Cc )!D)e,bW#Q6!*򽏙pP܃XyDwHfZ*Kvt嘬uϘE#mn4-U(mb>9X_d[8)xnf\N^4tV16xsNn,K\- ;U~wg1\%̫DLbL(󝌞~]S x֚1b94}*cM_>=ܒ*jx]ɥB :=Ӹ6dQ&4Rqr{7z@FrOYHiE=΍f#VP` S"52wJcN_zɷdŏyUͯcl,L6&IqA\ә bO+zԥlbPf>բ.J˸4)XwCGvw̆z&uޚ*](+o6ړO?l߀qj2U"Ӯhn  bro |/l|kP2AGXہv׈=c2cZU>OmT݊ҹܮ-THs8/ Y6B>(EYS% N1kXB)N]ȴ ̺ݰju<wÜM@"ƺ:heW-bg%7eUf`hddtxJ#:"F;٠D򁐄P8H-fV:x6DKc&XdCU4NhN̴.,C/:M .| ca*ӛ޶OeS"wYR dj\be@T\(@Dk&?JU7r?|WlM=Yvh˘:ZW7Hyg#Aj|Lb= yȉG3 sqO9 D!j<~nj"_]ya>@7(&T$7h8,am͸M8hکHvnمׯ%OUAcYR8N2r#}AӦׂ i^+;8ƕj H1a%u5y9DʯFz3mO}ivJ$Q[|~R+d@B"wpERmc;Έ{h>t%ӛSLŨ86;|Cmٮ2qUnm0{ϡV\Lz%+-;Q9p :apùEiq6kMe~-~@jK9PF.aHfI{P1 yB ¾ NřAFrDXJPU& uJU1xA' Y|.S\iTCiܔوP‘F ԁ>7_H*5m u+0T(:N25Kpap;/YT~bgAa윛g4S® vE/I6qr[V|*-UuS%jC(~L &a]XʶSi` c˛;;P?m2[n#d zIT t}yĴۇЇeSp!?4Y. Ɔc0I JlH>` -5__:P㽚cJɍ0čgٮ< 8$)C**[lL\s{ZU'MYĸE6!~/OQ_ fd38+r񘲏R~9!O+T~|~c@=/01ӼxM1> endobj 7365 0 obj << /Length1 1166 /Length2 11153 /Length3 0 /Length 11931 /Filter /FlateDecode >> stream xuweT[-;wwww g@p  .!ӯoԏZkί>kUTdLbf@iG+3+?@EȤrL4m\E!$@SWG^ d XYyY9m@W t4ws\5ܜm@G79Ѕ` ptXYh?100ayH]l@? w_?M[ji*ea׸ZkWW'~'KSŒteӨB.i&iʋ?u9z| Y= ('@Ƭ.VvV>Vv4fo/d4wX}\L݁W% `ac 0Z9g-W2uxYYY]Z9P G׿ÕMmMUqi_QR2py8OF>./-ߨ)@G&og~eGWs 1`b?7R_5VrP)Ml3s51YK&iO?O-~.6&6.4m@@?g7YGI) Ǖ`n`y>?soiA hh.l[P+Fc[ݍ1r_Ϯ3[긵p>4dhT x3<fl s2?%A|4^JΡװ9Yŝ.$F#v !IEA:>3Y{5~nIV۠$柏4zH'U]& (\s2fe<ݓ=O] ݐE4,HospxkȨxxS\]?iGy@&f5eٹxn2۫]KV#X k3%v& H Ԉk܅|4 Ҹes 7`tWe% eOi]Q2V ,Tq9*v,*+m"VzřHH&5ϻxiBAwDngrAG`j Iuq!Nut{O1Ы2QM%kVϹ45xo"}L(tJ5"RpQa"]j*< MSp ĸ<-C'.S7nD[JIÊo5l%x5K(&L67tշr_l!b;Bf}R̭W\_܊fA w%mU^/+ n˻Û,VܾEh?9;)e?MW-WLଭ,ej+VfXzGT0I.]=}5V;_{?iGPv /:'Ku!5N`QǮLhzW-9|T+K9W"@kA=Ii㓵M$DƏY5ULUd+CDX$єsk#,\+7vי@:{]*a&3Cb߱,U=:lNe='H-"S3 ->LKO`9eO_ԮsRE&UuTóyh.''^6GGX bC2VhBZ"$nlUɤTx@hrW [VI'G.'\i&hM.K4`2\ NU⎉֡"gjL>Zp;x';v?߻}z#wp~͕!,,W4鱷Ԁ)u(mB|',M%`-be"#a*N]m@.}0m۬/* Ԭ{UI\eҽðof] <וnJPT>̎)Lsf~w;O575"Q5%E|xxe U FBGwznL˘YU<VL-ci~W!@x}D%XBbd TinsLTD?!hP.rq+[8!/)1~[bU}S9M[bsL7xG":#GruEZ ];(B9P)jp3Y2XBXUB*VB$9T1Hmf,8J|[:6 ʻpV-ժԻe$[PaoK|4ՀD4R}Tc5 sWH k(&:1q9&]^*&UoD-~g2]Z^OfXȕŢX/Ь}kzv]W Ϣ 9 DT6LsfmK Nc""oB (qr>Cyudb$Z-\Gn[rNq^Z*[ɚGH/‚pCk{x;I0eݑa;)âL& !Г'N"#̂)t]L/؇rIDzd0Dߪ <{G3 ,,K/n;Oᓎ.D5rgY!6[%n)[ (?LnԶ9Y롡J@\i3EdAKY%E>s#c3/׸rK(=:f"A1,-WT` VE'coBOTGgюeV2 fXVn*½ɹ\ۋ=#)3Ӑ检@\{X9 JfT|Ht"l&`,칂p"b4EI媗D=ɝ7a?gjV_ l!^CqFZ}K-p| ˰TS=k˨I\gsёR]^?"k iM?;;+qՁe v[]|w4g 2k/ε.uwonX }4޳.MݰTpb=ZYW{-? KT$S:jXkQ?GMV{Xn}n4xp#]tdzex4'4Iq=/#^cl":|u*qEUOtjD ͓FR.ٵw pwPt0B:dk-e7B& VBXCRv)yji{3doY ksU n1Nؤ8$rp}1&alLF0kQ::맩QO}#g#T~f{CgEYLO[tEOYR]U^kɘs![1s+ X~Z`4VO%}3nlC9*^y0 gGRK|:Viœ:qQzFBG?)= nTT#kgr:wF")!ԶzgaUL( AcKħ$b(1CڪscCG[ۯL䩿4!LI6`տ$E6U.igIj4?FbC/%5x/7tD qzPLi{y`^L%K!*MxPS7XjI֑~yxRem`9f{ LgM\RBDQC$5@ˏd8uK H;7v;"D$&(?Z>C俷EksI0Ph8]7A&7>lmG/vD<Ìy*@F+/{Ki-6 :kuD#cMc)&v!Ն D<'=$E}k). nv4WH* k}n ^TsݑZ>>aKT0p#-0$x-Jgmr|񾔇c\?.!^k!]9&bĊ&Ue'hDVP5!*q z2o19-_yi&>ksm! Ŝ/&!2^H2QІ$lK]j\ 3DtގS1+{Bdkv@.DغEp D:'4w>wܪ?_[% J+v(bX1eTi&v]#x۝{Wu4C@5/˩fŝPuBa("OO_[z@;^\\kqbO@B2'Wn~8Qк_Qi}T =P~gWμ Y,툅0L^"|5% RzZun_|%ٷy沺L^VthfwJX }wk9wd:^bEnyE&i<_b6KԊY&a&bg(=/D^>qR̭zX7d(/ʞ!=ћH\&O78]sX=/8+籶(HNF/J:^-\no6 l ~] `5v}kW%k'-zHm_/K -R2a>c}swEoɖ&d݈SUX,賅 =[hD,MmB}(OAD<>J =FgŅ#Qڜge07޻tgd֥E\Zh|fțmt  %g8QS'Y!Mv< 8dě:ds+a x3*{[1!/G6 lW4R2 5T7=}7uXl ʿQEZ5I5#ojg/3-OpZ-Dj50B~gm2: jxDwU_[ &oj \QECk`2ŷw2X pglg\@ebp췜$k,VZ.I"~cѿH$:g#=Iw<% b$ Tyz}J&;[hu/5&;8d OǏoM̀PİyDxi<.("d,lwR ϔZ :19qB/0vZU>mzCNK"]^|;"?M,kT8n Q(D;595LпH'jT7{/'Z,o=/ ^z!S;5-E3-1}TmMU%u0,ѥE(SWKW52H  ouwK|,bY" p*8>\m*3|F͢T?T3Hl=p;Lb *u|2Tg;WJ7Gw)(-j:912W<~馛~{ zEk\w3[DO}ܩpB tEj:TA,D-Ec]?v\zwa<5"$a{Z{v$W:;{tIN< PrٙŨG'!NPېFRnnRqLT}D 5CЧeJSՇ!M@߸d s}JU '|)҅qF«AMx 0''/kqr'Upcv-C",Sa$}_rp堆7/#'My\@()pQ{^]6ڝ*arz-(Zq7]VxCr$^V FWa`&.$؜GM$:%Μ!X5*1z[xR-c\?^>M+f3:Oڻʸ'0ֺD;jiˁN^o'׵:;׫?[p(Yǂ2K"iȑx(jl0\$5ֽ"5y{Gf虸-$%a ]FRNI-=Xt~To+M,: s.v^.^Jl3%UOZhl)MMJ>_RpJLx$if;i|!`.ΩP.E] Mf2kQY|0\ӳQ6Erb?JT#ĒcD,h G6 ~Ϸ37ڟ%Ki?ƛTq݈ x}ݼl<>sKlz95L^6R`]:u#1֤)}0Xe'犊vw~DڒF`qb0D]i+Y=;\6G?isoH+Y&Etx~ף̥7VM;R"6ŲҼ T ,L ,G/j'P LWOtAc̙ﶩ~J!Nrr/X3%H]DQnk ],F{+cF^M㳙RP}LҘ;NQ!dW> Г#MCa957#{zD>Mcl)!6%PY'~j?OSy}uڲyzfjv{Cֆ%-[!7~FlOs}}òmÜ罹eƙxɈaD`W'o(X"*F*}ogq:aM,d-N8d-c;?T}]nՐS4+ѵY$F2sEГ=% Ų r"~eD%ʹDU*|ދKWVv ,e[^ dnڂ*}%8嫱HP3>JݩZ}As"sNUu+"9vcި!'cgnPbX&$~{8Rh7Vdwog 6|xxpq&=6e/kX D{j^|%ZYomy\l^U~pS$U;7.fTMf.!m]0XaVtTHuH '*H^⾙pmpCQoUL%d2,wGuCZ* w.p~ ,yc1y{8%8cbm>z=& =#ʆӖ_fNmדTrk X8ly^`dcc[B$2ӫ.{YdT W=)X< h GnҤEfhn݌G9p\! KRi\[M@:a8*f+[<Kʋ|Ouh}|EILVb^YWc)OϖjXot,:sS:COv"#n2k)Tq12H^qEK{~,1VE&@8phշ'5~DO/F>Ɔل$#CY 1*u`M|*u*/n:BE_06VN>6~Y4%?5R(XPѬ^,|9yntuԒj}$PZbM%xٖc6- l`W/E$5LCoK{ ĊKҕ fI//lwX5"~?-Lv|@2M]h 2L O ")52" !?p$ uvX3ؿ-i5T}uQĦ6~r:U35~8;5i#54fV| bF$?g,JVvabeZ Bum@!n sZتÝy# A=6 QHl]yGǟCx,unni갅ʄA'Ewh؏XJ7IJ0DhxQ e7W061uXi]B;ʻsܔ &1+Յ/F_@]Xfn8jA7)y& :޼+[aKs endstream endobj 7366 0 obj << /Type /FontDescriptor /FontName /VKTPBF+NimbusSanL-Regu /Flags 4 /FontBBox [-174 -285 1001 953] /Ascent 712 /CapHeight 712 /Descent -213 /ItalicAngle 0 /StemV 85 /XHeight 523 /CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/a/asterisk/at/b/backslash/bracketleft/bracketright/bullet/c/colon/comma/d/dollar/e/eight/emdash/equal/exclam/f/fi/five/fl/four/g/greater/h/hyphen/i/j/k/l/m/n/nine/o/one/p/parenleft/parenright/percent/period/plus/q/quotedbl/quotedblleft/quotedblright/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) /FontFile 7365 0 R >> endobj 7367 0 obj << /Length1 1199 /Length2 8438 /Length3 0 /Length 9220 /Filter /FlateDecode >> stream xmsu\6 RC7 10 1Ctw (ҍtHI !>o?k7>,nQR9A&O; @O6^M;EOg ߆pw1;ЁxBܝ'Jny{:C!`=!{3~P{O^QQQ @gٞB(C`؁P?:xzځ O7 T" ,w#)@!ON0,);( g{`/WC /'?= E7ց~?I?`  w؁= P;+ x{A_oX0`zD!v5AP_}xz\0s- m"jORNWX'"}ST[AU+?!Uavp_-=iw[wY9lB#s i~8^o%/g?aK& 8?-@m?/ B+E;C\|P%/ukvBt?VE8 (R*l`(4 w?h[/w'|'߿vЧ!_- V<ܱ&Z҇k}GыV+q[#@HFΰT&2bd2b\;7:qJ=Z -1# c`x7~}*te&LRDgW[nh4e*0fDIoUtЦ;aQYj ,j {Dg OG*cyP|qhW@!-) 4yZ "9PA y[ E_'XqDdaֻ6U>K 2{i+/.\5 ϶N-I>Mȵ{(rUڴBZ'8΢zKNVn߲tkBr->aP(zJtT'z\c4;ymhگ ^wkN̛(0>1<6Q2JalԚxXJlIo<&oߠFݠ5}9ai+,(x#6( hTX<"~ b!1IHtĨS$7s.]yKԎ_HL#2VT= X!/ 8Fd_an e宜JxF Mls3J"Qdyܤ3u+e_^Qs:݃ -]Rk "x}v1$8g< _WML[f,;q҆O%eAxvqƐtHHJ֦Y UiL={ ~ ׻l^ۣXEJ=cIf:J2Uit \[|4SZ\͂yhqdMw8b^;me5;"XI`2Z.j9|E_,f›CѬIM}km5Jfag %*=a@jy ^^ [j%!_a7lf#DCMși%\#/N9\ϡfCral_I,H[IP?L6A[:x=ARE]Ih%S%61K|z7]t cu|%j91l/OAEmquBQF?(@Y{v҈@ $$ު}IY&\G)^eRY-rd i-#/Y>qZ@_79$T=~/X[X$D/@X󫾲:ٽAro e.O^#zm{+̰!){WGD>g|EgSӌܳ\‡$BՈD=h9ʐ68&FI$+;| !޻ZB=y!"6#B"RJ]01H7i.P>Fֻ!2$ ~ijLAEq];U* mc}ͷb"ƫy 9Vdsp:/:qhY+TkFͨFEA5Y\ڂP ke8V']|H3idꅑε]w7-ki*u$3DfdILلhdƔ&@$>$E17N.-Jqis0qTkl*E]5N\f۴5^ ʘar[+T÷ _~F0i ;P|n'sMflB>](R@<f~ZQ3~ϵ>V[ *Q;K1O" t̃8g1OQ'k\,dG` +n_oEzA-Q#qRƪ4K7u lnmS3ĬsP"da/B5~v;3f"93 fXJtp9PJ}mowFzezH[/bV7P "h¾$gW6f̴Bh:mwPWgb6,srƕ?kyNL3AqW:OP**RlD}wYu6i\Rzn4ウ8/7Mg6_xb@w:VN>nJ,H٣}d%aT S m6~=܎adfDa8qZgB9j~)һjkOq\ρqGaXigT,wj8PQƮ(DH|(&aYW}M U2PQcnTES0 :x6z@a&gS(m̓Y ou_+ׄEa/Q-Kn r ڨǵBTif`,JR$j.x1Ň3Tj0 1菻CBImjnF"#fpɍ|.[˼Aâ)4(m4&T ;/߂DFZC/RÅhd~+(.{ݥ Q|&XBthm: sO^|J|üIZ1_`2my7Lx~'Bd>[\/?KCvpNq=/y"λhп<"Gk 5[ZCRyvAhGښcwo݋sզSÊ|S|kU dևZ [㓥}1T*@oJk.5+E98x9myzn$vopW3>`u]SF(d8i)Ǐҳ$GW;w1ܼv6'`z{dNQU¶_+qkkWyq@f )f} C Y5?"5ܴ{v[ҝYDEX5y!Q|˦Ȑjlh & $* mg[T%צ -cX!1${mi`@2y}3Y _ц6az%ydlڡu+(u!~= q ,\2=:S2tNtXHzW8g7| gG,}V\WqR S.^ӶvA}MA'ƟqW6bP- IIf&-F%8rwd*ƿ0r}X}}ԜYq0;Ç3_SW ;îQ/+}ܘM}c*tuӸ _(7H.hz׭ 2v9rb 5q[m ~܌,t_J,f)Q6H @)~4v(˥C d#+]'GxYSpё9MJ4E6>? nw= Y/^ ^f>Oƨ^M}ҝ?hY' T%߽$7YAoD)6B 8-DA3:k΀_)%`ɌX҅1bف$NUp1̢bWI{zb}B=^Vu_T|7IB:wu;lcwg)dKG*.(r&tH5RgPxaq:oƉC_ɋ\ 53ge,M|Dz4zEUh _,,}y cՏ=c_EqweWl4&Fq=+4'՗.{34WvY6ywXQD>^2gX(wYvy\9Vr䞿n[==nW*raͼ:z u|X E_UXߔe3|)=Wܘe$reQE{# jRԺWUnYi``w+8OĮADf8Ɵ"2LE+I^j޿pq>.%NݜwB3:/p飦 Jmҙ5\,Io)L:- L2J= 0 2$'3/xopm\z[S;f#kPL̋oyjgtS4@ `Ѝ8EHM0*:kpmMFa/WB673ph*;}+*r$u$h<0 EGg8iˇU9],+rހMA=)Znt,*E2Oe묙VlDwBu]u;Y=Z?.Ժ HN[ט G[R҈z_P om:,OpS&6^F;ϯ1mxS t{_> 6-hHL2 K&%[|R %QI:`גon+T=e0 #%N H[|ԡϤNl{UF0kueY"Zɣ"kc$@6vKa:?Ӝ"`xnKӂiI{Չ˾=n!6%qz!aJBnhEӂ-]UWp:~) ^uj 337Kv&ҩA=]8SGw=I,!$^~6D\uuX6vSCc{f:e!$?ڮ߷ή#% X.{jj{3Y봎~8-m#Ӊ )6U@Uq&ΝzThVua,OęBҊL]'Xbr27e*dХU>3m￵B"HCozW?iUW]PGv kHmue6gxv~K'"YrMF,fDs t9cO|ń܌#?O8q+6PSzEW4irW[t:৳*Fq/s*б%v|-doBk@7 P*J~< mhk`:k}J%I?ie+T& wcMb{oH [Ti0RvjzHJ/͆ٙ'?:y~&,ZFFNwNPYec]n",0[?xۺwɗ7)MdygLz/@ﰷY֬K钙0^Qvf_]KW@s2Z Ʃ/~TI";1q-[n~"\)!A&&m>RC&aL⛑:?kjjK֧#ӖwS3fCx}{#ͳw^)jy^K8E.tK7\v-8n.F9qjd.^ƌ+t)!~gfYO{~.>eP@ޡ7>zjZH=4s$mM/uf>7 v0x Fql균qG*n5o(.zt_=y$C='.rrSWfWoz`s B"周"MBݣ!UVzrPO$N*щm;R^M\$P݁:\eq-О2sFc`{|ٕRM(]Nm8ӴQH>sGqFq-=Ƒ=Ck}̂ /0DN, k=/5RǢ8wҲ[U~g_Vr@O{0Cp+"\V-ϱxW,5*^vF<25׬ºmn. y8-]xQhZTb9Z%JۖLY@l"wѵFma'^)f[Pԇر#WEVzT6*߯4~/]j8ep4ۑT`z6R7?8秨QD3 +E-]zvp"|"p8>>k]YSRiϸ4je eS*AIL*_{S 4k Le%/r(MeB?[~ endstream endobj 7368 0 obj << /Type /FontDescriptor /FontName /OYAIWK+NimbusSanL-ReguItal /Flags 4 /FontBBox [-178 -284 1108 953] /Ascent 712 /CapHeight 712 /Descent -213 /ItalicAngle -12 /StemV 88 /XHeight 523 /CharSet (/A/B/C/D/E/G/H/I/K/L/M/N/O/S/T/U/X/Y/a/b/bracketleft/bracketright/c/comma/d/e/eight/equal/f/fi/four/g/h/hyphen/i/k/l/m/n/o/one/p/parenleft/parenright/period/q/quoteright/r/s/seven/slash/t/two/u/v/w/x/y/z/zero) /FontFile 7367 0 R >> endobj 7369 0 obj << /Length1 1626 /Length2 18236 /Length3 0 /Length 19086 /Filter /FlateDecode >> stream xڬctem&m۶81*6*mbbbܾ=z'9α*(wgf`(Xٙ:@r@3+_9;oN@c+  4M,,fnnnoQ J]E$Lkm)Eᡞk}|ڜXoؾ'$I.FNw P/n`꣮:2+ fMU4~UZ ;5vQ"v%bʮ5Gsu-` q$eP/qM.a3L쌵P2T`Đ?e=F'Oԙ+ dv >|0bZU{M-ر3I#ǽjsWDWh;Qm·\ꙣUk8Ox))ZwKA _ghω?$PD,L $eqn5v.DG> /;VRSӎ0%i\^~MʟE0_83٨Kyvh+'+'+B휁@kvJ+VhNEJ`#.vsV_ʳe67zAL 7BCHoQ=/h%.߾gB`euLC'.;+f˜S|QhH>%MyCj]F]ýr *X;ʹ>dڤ՝֝[3{%>gy 8ڈ0'{5> M*Pk*sC_7ɽ(!*6\FVTy.K=Ͻ~"3xz)>}T&TKB@/̲Ta?MV:j<$ڢy,,i1, @.swY7MLqVg"?qleU\?8H#|~Eʏv( b\~]|NgҧPvnײ}O.иC;S+֤ҋfcb&f9*_% 㦨aLC͵_Vd J`J\-}]y>G#␇G&Bq#~^hXs,%VNH>$X"Ί?V40Srq+1 3j(M3̙4CGD?%F:OJYnm&΋?& ;"ZZ!vat2׻] Q96c`b;8{ d. "Ȕc*8T)x_4wK XcqQZڏg<~,),5^9ZQI|4؞QaȞ:v0M|t{+\el&zwfjRÍꃐWšQz Mml;)!;y)k@4tK1>8 q <6,]TW_eiֹ4at]"ACN0m>S5T3rLj+iJ-23:?i0_uZ} 5&Bهiicsћ-sCBRg7qFQY`#i͚63%`vLNS Xr3,o1CSBnfS3R4P'r% Mݜuhx:}vѱ Һa|2F)0I"P8sNwkJ^=tcNl wBup|;[7}wq(KĔkjX&>az3P΋9]2wuqPqԯVM?j) 3HU ~}[EK0}&&gN8Mv#E+cQf&e'KW+;Qh^:^=~֓uM$. @k&![Z}Na'({]txdo0G07'jeFފ+XiH8>[3=0ԆJ q[gJCT}*v ),[ny0LJtM|U`tdx. C X03ԥ j򵭣qnJ9=q soSA  V`Ӓt`XE u&84e︽j꬧.4@su:hr>>x(S]i^*+y$C X7[,DCx HKw ?KJA'V tzYx]?6L1$+saAs}$Ҵ8 7@a/i@<' iU~GkiZ- [LuCf) !PTNȔ \aS}@{mO+yKW+] ɸ8nQ\u* 1?ͤŜ;DQxCpOeq3WO"ejQ;\z;kظh_9AaB۬^⯧KC:>حֲ݉77娕 |گpe'ԚfǫeVBqWv["iu8CRumt\b_'ӰM)-QB}yq~uZR/.$i[Q[3^]w4fа SIff`XT|Oi 6쪍s9<`{2]LEE~- ['bTm'[H),˭=p\3Um_w!%v$$ʉc< F&Y_׻] 6ym@g 1`ݸN{>љQl}]iQyzMp{ _ʾfaڸ@/TsIGJ{N}29) nWZ&Kb$]{΁k61~hZ n"̤Y:<:bM9kDr¥oY"ϥiUWÂ9@ g?Kph۾L"cf6w'}cԛ*C:WVh k,ϩ.LXLx'DvJG J^ͨs=r:{H ;0 0T JIXJoe˜k:B7Mf?fnH'ϣ{1>(!Ve⾎A[B63yؤƟ. ; "؄榢Øv歹d(cڅ|lm sji!b R0BH ?6֘ާf*od+3Û?ˢe/bf5 ]ZoZZA_L*asf4<ɪ:&ȭa!X+ @]9]w ³/z;VK m IЯj*V:gLss>FίMh2!c`&O(X_9ȰY!meⶽK5̈թp6@.m;.1T#XB`U4akڠ@`o;Iz5wvR.[!2T^Cbk^R",K h9`L*I&$/*B4>"ʨ&*r'%ߡo_Orw(*ԤQ@.t/V|y"a 4~#xd5s&p iw*Nv֤ ,e.MI2yhAjsgX$z癅J۸ [S MpOH}δA y[ٌՋ!H )Ah#.tjj1I߁lmN0ާ`x( m!s@zj0zWs.iWMjooJJ۬A}ߎz%JϺ4tW:[H057})g(" ']2ۈ27\Ħl$ᗵX&6M`~l2fAĀHH N~ѼKBX eݯ" >rʛlH#>])u9}w}L/שS;^Z]W'-9 yzT4uOd8^Q \3#ȟv-GޓI>ĶGd }&]魴By 5]R9+f}3g^lǸa'uqG6*;y.@;5LH 8t6D\?r0>?țtv)umMZM-&сGR4 ee=|t|} UXUWVV"HށjFS 6gQ6Մe-9Lδ5~ü6XQ,\^039UʥT©a!2O1;ILbU]3R_ӠedL,ZWL4.Gxw>!b E-f%3ع윲ͱI= T o~)/v =ED!Ķw*#bd)PAz6m#'[&wL =+1| G|#j9KsɧܩK_8 i(bѱ:0R3P'C3qԴF=K_vC/]o_^N ^oOX(s0d[3%[Ƨ n;nÄ0HŨQύ|F%z5hg] _vhHxL3t@*O<4pS3m%%`Klկ,џ1p0ByS~5$MeB?k D9twUS3ؚ w_М"pv$4qMH׽¿f#PADJ@ Ooa sXv #/!ؒtu9.KV:wj}U'H͗9ïOu屇8CIzp9 9lCymD"YJaq ǪG+'Yi-6{|u媮X%թ;}rAR={ZjcLam_Ś>{Z9=zh&7E`QrK3õbx7>' T'>v=Yȫ\RD=,*H߰fz]Um^h¨mr\G (}>ebҏ;2BTew#az6@٧jJ459J#m;?N'?yqLZ%g-[0 h%j ̩?k̏ ᚃޭ} f.r5AeU)UBǒIO@j(ruD6AxX -3k.UkFE=uJ0٩h ~,52o,\_;Y gkWX-;Tv|Ud4ke:<-q0{_ p}:`mq|‚` '* X( B\ɫ0@ѫA‚p%`Pr;lj- xFPw% NJ/~p4?5?zY OuD #.BpP{ȿ;et{a6+02tzjGsҲ)s]F dk1)V\pa=ӈ\(kG"sn G\<եs=uzEl7]cǥM:nS-/d4@NbkF}w3 u;PB,8iOre}y` S2KbKh`bn} b{HV{ r3+cybϑŔz⎡ԫ@<}qan, pqbdJ554{۠KG~LaDu<gsUn\,-Pvos;BuZҽOa8ř_d脋*Ӷ.IiM8W,aV}>YOW.8Uw;ΦrHAIog:i7#,juRbu3,<}<^x(XAe?n O s<58;@`< ⫒0(bq.\쑛rj[GMv9s}Q2+=1D<fg ~.εچf;"y&2=B7xN& &U۶b!/N-+:e3%5]MFBOmZ}\"IQ؟ Nj,Fuub:Jm׸h0$P[/[);<VvVLx맻!nKʟ=G__=\PSBE0k_]8v"'sD|2v {!{jUkG- t L;qUG4gο~ B=uHK~;4?K qS6Q5/ ctNɈ}҂1|d$U:8DLBk= <|EBK| K 4Ƿ<lH1v2WrW$Mz/;Nrο E"5M;.hdD}JHf8~aq>V58#|j&GH-}ɟG @T),Q?Ju?lSLA UoRL[5dͅ+K9z\Wil7,R]a_*_~O1;X5M7}ZGsW8Ug+rOPe1)isZKJB(NT`YH ŭ}(K"~+v}"=ٌCqVvv$2.$c;5ZxMlɪD.//|bzR) aD6~Y8@zLS3yVwKBmh6X7u?k}\j)̎--S9r̟Y2=Luԥwg;uMN(]0)h@EYy,G2pi$90гG/jp%\YG):Ew1It)A> n4 W6(i ziSÓ?n=}F_ՙ'g fV3[_7Dg[NTn}$ Aap yy;8$C9AE;^n}Pۢ !rtԨv77Ts`% /XNp)2)SB 3;%S>=GgxN}$dRY5vhO >(wu+XGcy$^,> ۃip&TMKQp5a$ٗJ rQdgtE6%p_@ۂas;nVۈ]3zMj0A,itL9@_(S&gҨSFz?TTs9aOנ,6MΦn `݂].궡wAJ$:"f'<6nRܚhen[aB/)<&{95f'p?\5remV "aռ/9l!h;E5^%袭oDI.>8 ԿW?`,ԑc*,]EYhSrX+\ CjRf E}1 eߝʢИϢ!l#L5ah$-JJ$x[a t@'U-C%&,O'F nq"3:g`o̐ Rk?n$4nr$QqTVe/RC&XEd3[Ӧ{NwbkN-'|/Lf%=2 @I^YpP~2׷+U\ |674t:WJ1vK屺|iƿ 8Te&O2Iѽ³E Me߯eyI6nۖٳ@z1}R"5HlOzOku.6ء0[xxcc+$zgpR؆BB_a8.8 jkw͹x?'X=E-84pBxf,-J_,KVvޣE FpCRO75uװ_J}g+KG8AZӰMm Hb_.K)^4 x  %)I֘4~Jm d^"KaȎA2QD9SUj$/7rħS~??hqsON6uv/[V֞=1~+Ch!S@|z_^<^`ע69+XUt'OwNָY޼r ۹[K+b?!:s#VkL]ԒԺ!J$wi\܅ϲo%s`KpeAlÜ ZA-iwk};8{z!ǜhivoocb[RA!@F!Qc,`f .v佞3aBф'5-=~ADbh.:亮SX ͝2<ڵύJMyŶxCðC)՟cɣ ōU.搊0apYP'pBjܒEx䌖z= ˬX Qgy3j9}X5Mr3%%τIKCR'ky1|Z=9t Z, 8Sd|en^-M ]bؽz8bq4HaP$g/U UmhX!^. JK߹zO.L\g]9ca4?Spӵ 6Fxx4Dm6ڃ`E,VŧYsv_Zb^zI6͐Uq=T3q]=|4mekn2 OwRǏ#vCRw?"G}j\vYmJ?lƒ㠱cSPBM*LY 鲏Wf4z^|z_ (77I{4╣ 75x$P1E6.8~e!d0ϧC(7CL˝3@O.~/y.-7w^nF_:ލWChd" '.e"iخҜT*jn?6*˫3W4C@%ad)GC 8TbKgNk&(F>1?nJzp57 Zp沖EHWfJ,ҊA8iӞh+oo#nm!ܲBsktC 宾$8`=Jm,w"y2˺4`M.k0yZ"C\-!FSsOnY_,2MQU=.<-+b3LcIxk(QdJޚn!D JS%SEK U55KCPTQe/~N/%&NJemuL^M5+\THRq?^|GAZ)~8 tRc=wn|5u_ y2;+6QUq$H㈻@(K Z>)mֶv*3dO_b>$GcNnLD@!O,\b ԎtP ZWT0J^1'|p,3#ޗ?*ҰFZp]X(3Q:x"unw;fGV[Z&Et8$c܇^Oj$jKDcyC#c,"vúohK+ٳE1s~PJhZUkܤ~a.GԈV;ԑPe:KAc^M+a,* Iڝ_#aTu8!z]pj=PY|0ں'WvCbJ1Snk8){}J}P6kLYXM:HfUv,n.35喔Jp~h< tpH5!ͧ*aGV{ל|x2a]٬I:H&d/y>c8( (yGJŵrk"&}I \Xk&&i^co}\rC"s 27FR CwUZ-}λ!^evyP8BhC&Rs0z-$.BEt^2˿T/rs?Fc%΋4̗0G?Ď˖tܭC$Pw48; a9q}&vrfD {mvO#ց^,ɶ,e0:ޗ]on[ŨYTz6I~,Љ;i=91LPɓKGĘ4u aFztt*.cwOS+x(Ȉa~+=+:bܟڭnV3}_AD! 31^ErvIyi@G̙>x>m P|_)k JD `RZ扻M. *c! 1w+3<8./yb$5F2 lɑ!#Q9"m⽤gF ~{po{ay:PD8/޿^|d2 ﳥ=  d18@-RiX33N&DBџm,*mQ Яuӈ[ő[h7tI|єa욒H*KH( iΣCcQhrl2gI BwgHjwrYq ppR6l[i#7%tDR|vL)CH\z(&|؏a7nދӪk`.5L J5 ;W1f3{*lH`st䔪trvxOV8pRZxspf%FHm $Ut'0z, h-m6Xst)Ӡ)6_MjE,㻠/7FF~T;KpId%Cn $֋rX@ף!ˀLxPЅ/M-FGJڄ]?ţkO\6 !^M kw@@wm2K('Fv/w{٠Nw{=A`ɇJsAWX*<į<4fIs~ ], |?;)4LFֻX BfW8s xa!:[t O:Iq~*9梷yU757=()?S$aJy}N}4 2q~I.C B^݆!(lwwcgU.͞.Vgi ZhNA!T=Kì4vt:WSPk}C5 %nt56s={<_(ꆢXpq N?(\C >`F(oTĝ^3_gl0UGŖT\ϙ2t@J4L7u6 J&?H&<'/VP6aImJկ {lAyDJ=zy4W>({\a0%5Wl8)9I%aMή Ȭj"pwUە$Ҏ4#Q 8NzJ|gP tLoľ endstream endobj 7370 0 obj << /Type /FontDescriptor /FontName /BAVSGM+NimbusRomNo9L-Medi /Flags 4 /FontBBox [-168 -341 1000 960] /Ascent 690 /CapHeight 690 /Descent -209 /ItalicAngle 0 /StemV 140 /XHeight 461 /CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/a/ampersand/at/b/backslash/bar/braceleft/braceright/bracketleft/bracketright/c/colon/comma/d/dollar/e/eight/emdash/equal/f/fi/five/four/g/greater/h/hyphen/i/j/k/l/m/n/nine/numbersign/o/one/p/parenleft/parenright/period/plus/q/quotedbl/quoteright/r/s/semicolon/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) /FontFile 7369 0 R >> endobj 7371 0 obj << /Length1 1630 /Length2 21297 /Length3 0 /Length 22146 /Filter /FlateDecode >> stream xڬStfm&۶m۶Ķm۶mbm~_=}ҽ랸&yuȉULv.tLDƮ\tsWr6rr' H`J$ 0!bf&b!'wt4p!TS֠O?&DƞlinGD `c` s X,mD" ZRDjD; @EdfDd?9r&2"rvXuxQ9l-Y:;ٹ큋=? +!'u]M,\FUw.F.v&7kijoOIu1s&rx@dj`c7_0'lig9̍Lmabӝ_9X8la4qY3'bb?tn5򟙡') AoH";Hoz/>WhqWy#ۿCw3DD,#ZkLo[RHoTĂo%W38Xr112?$[3_3(ʨHK(o G5r7;'3'7!.fVM1Y҃Ho݌L`\1q c.I%)2*س"uƾqϝag {"AZ¶N)(9h*ȉ7ڈ#@.Ə-0Y'XKT1ܘ{H7g Jt((eF}\'ϋ݂!\5cU0)׋\.su@,mB#O~sޯۗ!(`8{2"S<%w T!'_ǚ}d\?BGw5nNpZv~ ~65+>ZaO0(kŸIGsFS:M&"nh,(1[x=ُ-HwujNh rh7儂Zt҃^ׁVT`LR]LY7ʹc :|40`T^ViJ|7U'){,F M)i樿dSlh--m`XAG:ғGc""Q׃&(eK- *x%2AH޾ iXGS]A%^]9 4R`-8.^ީl=nǑq~eZ|'b@.'=F0)ٖP'KLe`@)J G\`_q%(F6ȯ/#8r?GNz: ҝr 2U^N X^jvKr|fk՘8yn>%γ[gpYЙ6|d@A&#hq֢Yhl3֍8fiMJa1#ߝr4՜ 7ȓM{͵%}GF/Of鉹lYAq~+ѻ?389;C[%[) )(bt& R+U:dUX1_i-KY?gz 4J{'k\/ORMecmMBHerϝ>.Wpi;j/@"<DiAH ?<71a'?m57sm0W'uW3wnmNƯAۺo\ɋHCg<1n茣7 Fx kh&l;c]_3ޒ&| +jE8_;ܵeioټ&#S^˼k03VS$wlucw𯈜D|0߫dO k rҰ ~Y)aE/j4~~HU~Z0go G?Y=bgxL㸤i<>.=1gYѬzD#'8g~ ScY$/]7F$'5}-q31mZ,cKLO<'yig"ȴxP?DɘxRaNm5SE޶jS#jyL!@X裾t֩:bJIdpu5>W.Bh2LK_LaAۑG;f߆23Ĕyckx>3!Pg2V}=s)SwS}_ ~r5Armž [m@(l*$bEjH^cK3J(/+CIRôj-Z95{V +lB;zj}ZĴTEbpݷҍ[q̡ȂnHG]0Zjp:ױ{2_NyW/@`1sW؅^%0~|mg[W%R ")s9c/ _;~rvyU]Xx}sNe-خщ,pp<ď^훠< y,fؾڐhY'Fhs&%t7g_YkQd [ LYg0^uK)b*{[\ap=~qr64=2wT•|xwB xPj ߳v 6Ȳ 4bBBw5ґ=%'21#!QV@%OERF-/A# T7hASkP1_xN"[9?k>÷ӤQ_= uW?&(n@d='AM-tUsLX@l,dqw#^_aM ɩ 53=bCզp3by3CTtZ=Y{M͋?1pT"*\m6- K;48"(}&NetDS7C?3; ;zT#)v߯.UfPd׉ .C) 33ɺal!iBΨo~_E&hp&FkkQr.,@6(Æcջ$ϳ}ȯH @Y=vuWpJ^7IHq.li:aVٵR?׸ !p:6&(_Fk4F2<322µ(mv 4%sUτqcϯ${Y `Iz;,b~E)_X'lv?4. v˩IJ2&~1uБ^6 *'~z4+qU ˜ .(:3olI=`Ot޽E;;F]&*SW}ӯ 㳪*^G3^E6X*N3c2&p(Ȁ?lėU  <\u2}aYd%n͋iOA]0Y2Mxpd8!!hM5hnQ;s`K6mIk*N TV~iugކa[G~tzfRlzۼ*)&L= ppף#[Ni:҂Ę쓑nbe=r׋ FlJHhQF'$E‹`m4WLf_(/; C@B'^.;íC4 }5,/P`cTjc=nq:ҜG3ku΅i gibRT._:Q)i"f/|o7 $MgCp}KǣASz{J,\>uoF7'z!d/ڬLsFV7kڎ:!i4X԰M3Glk݆uO%+:uML3[ڙ↊e'<(D^SU>bdj0o'PXbtD•|FBWh3sFVN&=_wA#sB~5_8HA5kWn׃0O9"\:`R xPqFfםtot>~|jR'JLOӌ-7!Dλ {R ޡU2o԰Y|Z<6YX;To4|0qQmN5eYSVxJˡ@Xb\mMݔ;/Ͱ9w){8-0f۴̎\bV~'7SD[+EbqաÊ`9vy"Av!U^75J1Btjv}I4av'Xp,yNLsIIV0_=nWG(RQSeB=fa-ij!mc U>b)aSfyԒa#9 EOg~=k 11uCh6E=EsdIZꏏ nu7QUN9UAx%5ϋpfg C(g6b"ڒʡrA8{;BaĪ^Z ɃcP¢ *f4mb+o= dK-ZP,!g@wjyO6Us^n۪dmDu\i?0xg Zu;M4$p7Xg0[P7j V ?A`co'7䀙3}&pF玚9d% 9ewS \ Xiz3!q,ƖgTVo|Vc损{tt9En l"Z bai ϶].K:`;ГzpPIă$"$n^8"grZO'+EI' _EWccxD@Ok%fjhoZY$Q^^k}%Y^ raWr6?;,u&} Nnqp9o?w | W&vm azT}YGS*ާvyX4IK8&":nSM&p?bͩJ?>SEiDU!hF - EPI8|u$ B;0* 1."y-sd%gK$(d{UǟINid).ھ1f(S " ~jkܐG%[2([R6%eL Ǵ'@BϡZF$N5 jϬo\Elq@|H"`X½*-׼FIBh4TdɑNN>GVuqG7+Ʃy\ȺO{ BMWW7=^\-y 1 hs  YT<1cf!Ԟ"%(+_ה~WcPBEL9i?Hna̍B RR39Es>c7B:S>\ UwEUSj }omv =u LWLpcsO-9Praa>LR2cV(k߻pI$ f{ޘ Cg:1^>g7 7C8ާZ2.Av.0}hS g|txb=zviq53kLCbRoؼ6׊)P<UztɪYjȸ ~%┝}owG d@/N$Q:D?a<3~ ӟfaX)oxd3n?Q0`C Q> IwPGOcZ^9oN5oD Y6wV􂧁9&hrjo4kaZޙ Q'Oء&ιĢ*Ssi#Ǖ'J+؅%n#lߍ8n叾Q-R XG[6#V-uaoSyA*wG)_]` r9hā'$Mk!؇ZŪȱAʁ5b{|*e &̕Wo7Il۞GBNCox8o%ϴGhRZXyO\UGgaOZՃKZˡW4nyxjӯSwRv!Y~&s:鶺] 0?Eogt0K]$,`RRzRF3LL,U n i'͙<=)|:I}9nI?ң]Fuuq_"}H|l3-q :^}i[%ߏ~.gY!ƒ ܐ,AzRsyr@6p(W`m-\ _w6aArw[G.qN^`1IW{Ǫx ;vM- tXRbʂ1% sIu^t $#"2`neK$ AcT9z N>P$_W{:~ROGެޅga/ _5Xc+.O \{eٛ WᙗO&g'F-ykcB DǜN9Cs"u:#tăcÇ ?bĔHzxqwp}l{1J|pd2**^=O*2HL,7/3ZO#=+*ikRět1 :HOݱp*ShI.+/[ݛuV60ߡ=w7LXetz nsY .qdء|ez?4뿝CqO۠j4(\6S2|Sp &K捷ӣo. ?Q*a$#)>֩3p> ̅\%ΓbʹI%1/"U_1y/v+rЦsƒ[tu} 1cTC$ܭA`3zJX܂ Ha3A9ӽ؍SbA wJK%F,eٺp)frK rlR ̌ d@ xu  FfMRVW97YɅn~55QR֬$Rh]WЇsT31^&󩸿,݃tߢ#j^ٞ8s@*}. .VQ/r،\:ʓ٦bIh K?KcFy63/ungF|^g::t蝮*Ph"EKT:>k[Qߣ;k?Qp8:4KGM >]`MrtIso}Ձ/P5/g c;^/' Ek%oJ.?&[!ߤ:B9XW<6 pC|ƥVpHP'mM7jPńŕ4_k] 45\B M?;NO~|V<@YxLMhe+ J E Ё4WebLͣQgX )~WF >qB{W=xmZXMkb ;y71ntuA``pw_jwe&"4ά:agu~L< %RWGrCt+:4+=̝{bQ2&XTUi&-u.ѾGBKjo96~GpNJA_ c ^?=1G|!˛Ƅ\jY9-*JY6|T䍌4Nb~ƒ:UV |E}Af j _o41E]6>*I?Qeg2f.l@rq"d&E!{n'AńȡOD_+n F.M8MYz(!RYAoOq-PWh'@sѦ[5a:h=Pӄx~Iċ- t1]֟jY^A "g%*g*ɝj}g/#R{%+$j< PYtmA#QpmF[@U*-DK} 奈OÓ^ Ot"0꿗`(/>0ui~Roƍ' 7ln B/2+6Vi_ƙCot꠸}9 ^Ngk+^Axi }\Y0 HvsVsI! 8FϚaoK_e5{ `|E1/X?V_@H?-]2О;q { >iasM ݒ(8?e'"D"!,|DOhs|5#w`Y\n%~@']*S(a#ux9,J,87Egƹc, |k>d;==>t8`ݛ >PQG[lfǥܧUXEq Yӹ8rubةYgz[[5;_xᕳz#1.MX5GYs/ۮ֙`fh :ȸp\I ,Nnncu4X؋Lxw .i./P^G"8B|+]OPz1-Q `85璋}t7S6ay{9dšZnP)]a)DfaDa,سK$y_y1CՄ ^-v XZܖé0~aXcC?Ӿ#K20k+:*M'ieZBķpN 7Q"H*lgSKAcmhedpjгK:8W2@?@5vpVGE<8޺Eפhw=&[в"^J!S܆"ktY] n\ 7}sݰ듔*eE⩋-ci5xCommyЌr+)&@叇sO;4zVQ@}TA!ȹo337SV9Xo,WK;+ W$kXQV?lLDle':w,@Zu&sph7QY8jYhhDFE ߊg n w߿\6N mh8be.1]N 灗=ytpRy.WIAD?VP?Hl&P6:%4sUmz& &2- ěirB3?цe,A]˺V>YyN2x1iVv;& 7(q*ihRUp@7SI?Hƾљ}>tu.~V%UJw3sle[,PGϽɇ@|+Th@>5]}yhxDgjם d?}xt"Wݝ"R :y9 )mn41h+IY r0<߯Ŧd0I7u: T",UqbH=m5G)>k Xš#C8z1_Eƫ&^FWgldzlIfwqFrۣ䌘sMu3L?B@VfB;E,,%.pZ \pq+H323" nE AfS]-B_TAbZ@nfwsb#{'AG96Ưq7ba#wᘟrJVԣJ&u1ā&ۗ#JUsJj+=ݻ6e/tr_H˄%RXef ͪQpJ d7X:wv-2v'G=Gf0,nYuț#$ٵQ.ThFvh`)L2bw"U'`}{+XiύG KWi"Qk!~zn 8n@Pޔ(")ate&QN|ш/2`v{I)]^9/UdO_D=}g0cb)q<\p#Xh,|jr۹`1\MWNaTuRRotyfR}"hC8E1D wG3vpmz<J]q $;X#rHj^jSuC p泛[sFQshhȍDy޻ ُIXP'doҕ+uH1@0/ JZ`4x`>.vh2ҭC҇!Χ>gHF\lc sULǒl"8qGh l?a$&<"E#HC ݔY | 3GȲo(POhG3$I#PTs$.lm}GwC>&e?l}8u!@{=>ll,Ɇ>1KOgQJ^w*5(_#TGl.@}h>%7G`:fRMY)؁$RIg64KWsf0ƵUՎ IT=<, i#T$u= >ChNdIki/+̕^ i)qi.p5 >,{i?]QRiJ7T) P kwM@<o]'35nf Px!"Ƃ:0ܼ)N.r`zߗ5۝cvy pfϒd>i.Knc*gh- vE']b.Qa?Ѝc'DG7 Ե fBحɬN_M=ܸ[TIh$)` N[kL"jvmYNN3/amg@J>6Iy苢;ycZ-\P;ÄnMEwf@v GrDSX_I D K]Pϔ Z1!SaW#V㢚BI3ebM29Aw@JXu&|WVSA >_L=<9&F#$#ÐfQЍBN pP ͅI>O60\xH M_8݀zT#)B ">Pc̍s𢽔^Fs}Fu??f\L $q-o&A7/D!ddOܰ5TЈ7PmIn O4·>(䵐6˱T7Vu`rղ~$ 4`,ܝD }tg݀k*WY9w}A&4!EiH0BN"pDQ6Ֆf T²U Zcn!m=dǸ4."I[Гr{;\*²oD~]_-#&~Wiel8j37Oڊv WMR@ o1 `mڕbif0SrJ _ 5Pm1):(LTƱˈj }+{7 o 'dCxL=?K+diwX d@g `ٛ-wdiF\L78q*`~{*I^ 20!S+iV xp'QCRg!aj1 eJ\׶`ĭ[8ŅPw RuFJݨ] -CY .Thuk)4ܪ@V'h]o&(|kONfOcuT~ah߄s[BP MK26Ypwk{,H?ujdocqYK>s~`Wl^TgWqNK^ Ո[rs[T8X,ЎM8tSz`!o;wYTК$]kxbҀ˵+Hpviq"RP[TC2-,¡qRnܨGjR53 9/-~*kW&rd—!ן8ʢorOrn"ol|yKWO:]# xE6XMtnFurXQB#'jǔΉ-Zq@_kh!O^um7Vl; p62xE +Wyxfr5K~Re۸o  C#@JLa2nqij ͋IHe%jq`#?PY+8hs!3ڢh[=2j8Cbn*\eCw ռCbџL nz}¦lq\q@Kކ$fmJJ`b.WkqQ_hL LW\[SGFD+mקÞ5^-SDĶK;l/+V[tPZnĿ9 ,]S%~i(} afUh j(1*_%xG\C86Y+C$o4XYuff4spDn٢gޯ3/bF0b.bkIm3^#>MԠ`WFyvj̮}Ic7FgR_8{Ex\/1: ԏ$qg)lv[n)Rj~(g\ȩ6)ys n ўvaNs[NX명u4Ic}C@X:;\v!Z -Dxx. [5:gBQhƛ'-3T`u]uJ,&X%%j3"V;*~ҵ@E$|1 Dv`2 uu-m;O>u:0i6E$ȍndi>QA&4\| E1;MV-*zo[^ yp$76ˤbYQ1vvG'ucᖢ^gĸ"ȣ׬|cZzOaWVo2X))hwVj4iWÖA"M>%0x@ ƭ`peЍ( #Ðˢ6D)Ƅ~˶g9[%%Pÿ1E)^kW ?b# &ރ۰,h&YMd]j!Ƕ5S4\qzwUZ8dH34ehlz^PC k-Ut. `8mFE^H-|\9yl$*ެ..U>Q`-KpYO;Wth`?̻ 0k<$X+"+K/}#w;rQ0l%$~'^T{s1Xcp\!1:dK iʯT͎օ@vFTf[p2^NpS@io r{q E~9}Є ۩'ޏR|~\%4;NAG>Mg7޷Dоg-|EZJt2:t-Wmlp|<C1A`vB`&zHO7h 3kTEuL8 P:"%Yڿm9IQ;;Z*hhXGIlzM̑ tVѨtvRqeW\SwRd̥JKUc%^idFTx|GW#U%7ƈ}pݺh6-ǻwsr|A#ZD"B1B[_YGá]P%(Kqq%^"G+c˯I;ά@|@!j\:8>DIȄr`¾"e1, u r#lf^~i;{O4%X-7+.S*oZne%h!a@SWUP|^bװ} afoŒZ Vxg > endobj 7373 0 obj << /Length1 1647 /Length2 17978 /Length3 0 /Length 18843 /Filter /FlateDecode >> stream xڬsx_&vvl۶͎c۶:V'ضm;c;psuo9}=UwUV=CA b`b.` Pڙ:):3[ɸbpbƮ@{qcWs^@ `ၣ98z9-\Z4ttig ?.@K{ws[G;s{׿׎jW+s #(RHۛ;-Bh ۻ,^L̀K` pq47u345w8;]\>.Kgc{׿gڛں_ÿrtv/L UY\yZ8Xi`OIE].WsOb̀.^c%st+ 7f@p64v65wqK:[Ǝ^v׮ւoLS׿-pL􋌽v37͝u@ $mfpLCTfA[j]_%lm6 15y?\퀶^'[YO ;_X89mH=͔V cۿ/-:߿NSǿ!s{Z_U8ak߮pUr4HZ fk'2<~?aEkcWg'@?~_h$M#5Wc{ n4[u =MWLB33]L 968dDT׆16~{-9~aR_; f2(E<׊^߁d<ܛRQ5(y"ds~ $s/ rD7MoHBiAyvNjh|td./?$՝ =Í,Ȟ4A{k ug}ȌhKUȃ =7H,4` uNV#];q- W-B8_XݪOrZu0^IM$# wuj`7A^*-p|DWaT} 6;)ӅjYf!sIz{*FzL-s+KKM}v7Ny\X5'<~ZTS=Xe~D܃|E`;#XIe#6vjȂz8|B:nU Xt5(^FLq^+&4ោA^B:^S$P~--'P\Dp輚Hҫn&Uށ{4"l,~NNS]#~*hҘQ>UFI@ۓb4/D<% Yfwd ~ܙb U!vY[[|bC:^OfL<%|Pr&BZ"-`}tSS-UvZ+淑aj@|4ؑ)r:| *n'\ 5 d˪kaDI{<]x. ZWg3%'>td2;yd-gMYM_M㎦cd(sJҚRc>kZ6gfx©fDIRi +P L m-qx>nlĪ!Y$ x=:XmCwؚ}nTGNn0ztWnOW .+h ]{qJRcaHW A}K>G9bQi{*|TL.sۘD -W!'7LciF7 9Ȝ5H>@bAF/Ne1 MeE 42v̂g o'ˋ{.3 GALs2SjsG$β˱#ǑgfہOS1^'m=Ƈ Z EǶ Q>ƕ~nsxe–*Beܚfu Ho7 䪠o+B,Ns}7*0*&qnJ 2p@5I;B]O yNZfA!oll@u sI' Ţ I=cDρ{lP L S1%|ž"{8!Ѱa$q. L˯x,l|R8S[!5`^uK],)y@֖u2׊$?#Wl^ l0g|rPJ8We|.53V}vy7A*cA+twz\XS9Gj)drk r慼=,hR$Ipp _~Ӽ#]{nh17KFO˸1#ƷM3&؏ڴ(  ȃHԐ<v׃Pi_ۦFJF57? 7%Dӷ֭P_9hd(˖fy^S-%jdUyZn/N9Tyq}g}uޛ{o3^U!0D-q}FOvDχpI!]T7^κ<,>bJASTϠ7//)ɓhGZ|߹]&??Y8xL ȹy^1)}>dۈ$5R?L+~Y a3RM\WXu'wK]j sVjiʗ)2<$M\J돍r P-#2 淙OIn%1ԎN}.g'nEtc<-kd2$t0/„a7$6 簹1[_6v]-~A,ޡ.j,-M jO3--*ZL HFgCE!#:#I_JL83o/k*c*O[^|!OqE0]!#|s*%X7Ô >&aJJk)+IH>Agv`'L]z!HEYzChC i% B_ek-gtH;gz_!5W)\nۆ[֫&1UŐG%FQx FG -־EX ^)ܦ(ok፽~n Hzkc9HZ7VIµ55T|#k""6L~SպS͚">0}]/TPXAjS1g /EZ){m#4r24/j2.tM~HyW+9x&ہ˟[f+@nE*N /HTi1K{pjXιHXнszxJե&w8iPzl*sUUabI %cJ6y_ZԐBӴ|uQB42<腛b{!)C,I%ۊB5Dq-OIyțk]z0l`⍒$n1 q>ɮ8p-n;RAO1«i7Y~LpIYY0޴4OO+Fqj@$5fe[ N*a>m<_~c=d1C#kۡ;H= % +8 <&7n. pzI@y.UH0dtL,2~̷8J_vϑv.BVNFO\JcʟJ| ~rb7q*o !Z[j 433^<|QZܡO )gX0dº(;Y 7ZT6}SΈ-ζZ%-Xio;AZ; ( j_B|ndl$W +%on(f]c М)6thsz72#;1yd;$^_·A4qb5eVoV1]d|a;Zs`5m~d+<C-hƔ+TI:^_N&'$fzS$fP&ʱk*h.=X4H߷g#1s 0m&؈Ln Ŀ"!.Vqp V"2^*UF8n RpJt[Q:3a]S`&Flq;GöJU 1j+f8}ݩ0n]1 $ 3IVqB)/%Y]XcPV32jڻ֪lvE @F gKrԈO moмD**"lbJ78vnP~JB E\e\U1N?R6uvDwX@CǔJ3|e̪%#;MYJUuNȝM\Fref'cB:Mȃ|5x sFtJ\S~4@!:R>ިxtk-aX&{(Jõ9܉+G}L2tdGFP,,Xl%8CL|{۳m#^Qd)TKu&>ݡ{aQ(ƁMWS ÿ ߸Qfa-ӚKҦ/rm8Y~@ɦ-u\!ǭj+>c.sj9uCA&\q&RN9s֥{yԾn;U~CC ¹ҽt'a(P֞g:iiv?|m\y6L[{$rRDMX Ί7M2AF)ʥCFV]uQcJg('F2*3L4>^jm\%GzïLi\6VK_a w'ܦZY 4 XF{Y04?Qۗ%:iQ+;U=?満BTX+#E\!Hw;^xvNc׫5#d2ՑdHF?m 9 kRjz^U ez 'a%}H!ĹN3.=8Wq=}ωW1E?%"Pbmzyr;6ǓL΂ r<>z˟cn:.O4"Z9ߏw-j|@U OWaB/3;/Ґ\t.&[pMFY{#~!VLh]_D̓D4ݾLU/arl82})$u `n/~VF6ء=l?<-+i y̬+g=~[ #ᨷwpk0")G[B򧺯|/noS{km*j'z GEj3փdgL]h}:Og0:*z@@/@EW$ԖWؚGY.Ӊ \=بF\X3m bAޠ,0t_b6crs^h-bV(y\? _sϹ '9Fhָ%0Fͱ69ۤE{<ɶAmp}r]PoiIWzcGjvN?aoT} 2,i{U8uY<>ޏrAO+m*(ؠxW 'ЮG$^Gj@:}D;6B%˼OA{ {Jc,vBy շm}[Qm -_ac$Ms͟l}8K[c;ޜ9GX|j/*]?h{9~H/F'"(}5[ X.Ő3Atj<ֈ U[խ?4s"ݍ\qxjy1uEcGb.i#oYwJ'S&g)K.zww=cz " g>B{c6;2Dps٭}؀t4v%~+1u- y[/U,;I:Si:I2A-<9ijdDx/ -fX VY$6 "-8C"TA|.ʫ++6kڐ=iҖgM'M!y=^>ͽQ.V؇i0299(0UEpô:gqAl=8dEaX+o6R %Jm;9m|*SL!eѪ@(q 끗%S0J`:FӼ%l%>{WTc-SO[]PmOL[X=! Zéh Ɨ?-863z%RFgy"r?nBUC ttToL+հ83Wa4i`W_Ul$6~9w唟cگ@i ^ٹrthoZE/lDF &~齣N{KoL?G[KShOs8T@}ܡg6k*~E! XV?4%0X((mSo^6CȵD{9 /;Ph^Єj>z%A lI>'&dF*$\+H׈OA[ٷ L~pKH8J+Iad$}BKi}S-. FV A5?"AґuJJneY.qsI(a :4DDF*6Uc`nhpy#+v!c? Ճ-dꖩMuϋ1W-f:N=GZq?~ 4Ђ{wO t0ľt{21oHP v0ݢK^vBHm\J0fKj_ɏK< ȟ(]QJjO{7̈́ߔ^+T6| xA -;`_ M ӓvx4-ܫS 1A`B<СZ=sV ; Pyv.A\57.`F4HR%v."W} E#YʞwIR_C|WDڌ՝t ;5הj:^rnb(nfaOL*u&ayJЀef4dGw<ByY+21nlzpvs$H'iwTWʟIo |YC"q Tº{6#pl?)>?Մ鸠ez>C~i+)U55cQ|Z^E6/Xh>tA ^G_ FWFpT>W)J%:OhApn_{PfL2R$u|au:Rq/5e#κJ~r$"8F YI045/_GшPs~AAG`I#̶1T @5n2[j*,!C֡^lORv;0c~/՚ipӭGE5IS]-v-R|k6bc ^{'5K :AF/mr'po4 ^)`tW3C[O)b,b+3c-8TIwN_JAa-e"fKSМ>& @"M|0 U5O>Q?{sW x/_6*@VĢQl<7We I<1VqXI=KKO.a%!B\0;&7cU_9UVK+ Ů7nsdG u>i(4κ '6"31jE)f ?ұ;M'*q[ v3AZ ֫\ :ӧ PEڥ BCDjMsvHN=p*w 5w04@Vz6aEG ^_d9d <5k+ssHewpq.zoRD{>CZ܆# Bd4rc#PGށs>[q6")3hGBgѸX蘃T8gL/ŇiW1& =5}";/!PKʭ [qQŴ9& vk`~r2J/0?a1-Сul`5(mׄlDlK#  ^pS `JDLQLx^&xV"f*+=X/\jrY]'`?^^k['`U`V![xIL,Q`H3ϙ Ke֕m-yQ,ѵ!>0fyA5U3CԔb>Wzh_@QPUUWLjZ|:V+ڒʓ7dAְ?n@%Fyl(y_.?Pi7}?A.h(@#c[Mx8 OTCv|PRS@^ ¨'$>fIrA]!qD(nNyYhv5Z@GŬ1 S?'VKZ2y}v4.Y U7A\4*?~`0{ST3ڔlk@ )l*1(kDLZ AO$4:o^6 c)"x!ffc!lC<6~~$֠TJ.ƑG%=ub"uN"(oޑD ZI~Ll*ˊ}soQ?lPP7*z$,qXK,*#<+-0T^-Q鬺,pSA1D$6]d^8̌qգu#R btIi Rf%L!Ԉ3ˏ{҈;_r"9zg\XTSk-}) 9!Y8JWnGirI|ZVA]S呅)pR&ZRЊP]o1%}$;)ތl~:q~ |EG-)qGJs(7vų’)( kqk:M+:|$klJڵܧ./94%0̛| 4_q A\5`jIO$dCȑIn i):-p7mm"!_wȍmM~ 'K+ӿZ>"XN  00g9}>IN#U?݃4a_f-yP;_jD8*lHxpc?b|^suPXA %k V]4RtgY8oqp.KI{}/[R5{y*ZdizhT^*l^<>dPl7`q1"{M}c*Y_ f1ѨYm'%9\*1G26h}1"f;ϣ0xM l%FkQ+xMO[x4[NMxU𿇻4n[͡.eH%tZˢכΞpU U9q7,9_#ڠ'T+3wŸ*G‰NB{ (؅[/_1ĦGwzt|3K߮7ZUh2l<0?Gͺ3m$d' Xur9-.[qOBs[Jw-Y%jVjEFW>Ѷ)ꫴ㡪SqQKqd nBV`j3: S0qѻj F&HO߀8@G$rx#'R`ZO͑(ifbi8e {vE`78wU_K7BAMM}y[Pƭ>ߩSKmGBn$WUD^}WwI*驓J,8 <^Hq7r,[Tώ{[q}*%,DԦoͧs*`H*עg> ܀SU=*-qv"2/UvS#!WCth}CjN$1JOe~ɯZ&8ך lttϻ&9# i)8akwⲮ͎~jLI!WШX|{Q (ŏ?|mk6~BH#-ɅOöC6 d͈J;/m҆~>eCI3u0.+B9w)o6J7,K8D&7$]N$\!,+ihMG~5@}H{0J>o`@ts}4bڒ}3ticlBWQ.sN5 &_<͹ɾ]A.(6A3$8!eO0lN|heK;)K!pZDVl2C?lRxNvxW Mr/5.Ɏ[DZ741&X^q3尿]eդ/Juz<\å=*Fݢnx%bօw D$g`,hbQpHOTvv10%6~ϸ7R?26G\;LYU{M+= ;9qa"|y`8 \P(Ji{\%Oݞю>ygn&St)RKu,8r42VJ"#ʏ![ |1/%~rwM_Yʀ$Ŵfgkb$MZe*U5A-Di\qK=;g@LO{^Y ]:g'a.X~'*ibTkKPA{(1' x T~Sv LPsxT0~XwۉA@1@{ a>'A3Ċ50ѓv31)(z^~]G ?̫k A^G.7YGtQ?;摊)&SK%j6\O<u"Hao7A"sSó_Cu\~Ǥl-AVu:\p{`ϗm҈Xxd<:]yIq2ǥP^ݭφ36{o,d8T>@p9} Jm1"D֊(Rs\5X]r!GɠrE3:Kpʘ/BRbo׹G]#aЎ芈$hՉTT6nǻD)~ev+r*Tn1ϦSN٩2F C^ gq|1 FiyOAtbr=ObYH Cі!F_[iKg&9eS_KgI\VB~Wq, 7V"  iZjWhe5{O Ʋk"m-(֖p?ᩂWD2u]u[>qR,R,l(ܷNQuIN"bUJ^AupȂ:Įx༰!ʲDuӢw3p9E˾%MLb|SSB=W1ӕEO*BlQ|$-~-J[Juaxؑx+b䩉2y.]=>ָ}S3ڂ-VO얶ݰn_ᅿ֬U\uI?x4 WEgfZbYGO+,Y:Mئ8tkX(!E5Q뵌bUJ6Se7AH7tSfQ!2\#G^9@" \#(N|F\)ø{fo2wPh3*v>&fW+UfZYmit( MV%sA_+2>vyr.Ճ)΂y zDzcXN;֬vqO6ʨ6#&w]S^ItY/Ggt昭$wOxg-'bnmOݲ ݬb*p9Rd:TߜFgAPQBfDyJ#qXY BW<=*puݫm\^|<>ιd5;P”rL*史B}?./.bjaKIq&q{uRK<~ uut[X*zm31V5p}c=6yB$E-DT#3‚|.ˉ,.Ŷg_.V^hEKkd6s;تB#8E*M'jDB/싪ȆqFjƍl6 й [6.\?e= Htjŭ&NoH+ Ǹg1-ݡ4IOC.}TX$]4ܗx9l7pS %$ӜUq0/ yUh|Iaڱ/֒Aɿr?"3+_Xbu0m֫oPR^۬ھ^|=@ءE nQ39Yf%^J4 BS0C/ow:bӑSxgV#,>.HXdq径z,afva$zM-rmR%2&tIm~jY0j~:ad8/:;AVUS$DJbU\O^+E`p+Sjrx "Z5)QQiϔȘYE,H5rb.+W);J0;8V;BhtNp`R]Z~z;: uم5{dۙN[8{WVt[#19AŕkfeZyoȋŨZB:P r%ƳHuh&]'1#A›6Oclˤ.i} Pu(/NR͉g9q0>hNmZҹ1ۓ}5C*{mY%TNY:mHy`4]J}-XfS=[(yT]8^(>)W'Ka"ޜa}3- :~Q=* kl%Q c kɡkgBp[,cӘ ULAƌ]p2pf+R9@~qM1|B ;Rj/u| D@tLt@M_kSyv8d|AeV,Sdk bɹ … !.>}e2u*ZN֥ )ٗI'uTVүoȌFYl"rA3:s@QMv+P@@Q*J\f2HZd4vXIjSZ)gsn>f&r eZ !l#WC6{>C9z 4!)xp/!m%NyJs}*/׷Y}Z(vA{הKNh+VcXrws}s#ߚ:v7 l#)9s\Sm͍]v( r͛\[q EqsNrTA:t!\r8G5$GKD+R*吖ǔꥆ O`. wDKqTXi`M//{wk+%{U\lSd qP I\P  )D vVb)X?.E5< Ol~.Uh`+{ 0!;^q2YmcgcYnBӬ"8{~S[%n䵖ڃOa6vh~4y7w(1O]`kh5+:6`Is?QݮZfP]NJ -vL3/m$uWa n92 cBLq( .Xeh9ɧ~O-ܫɌ%ZȖR1L,5Z ;E>o0}!- 6:_<pfvVf'pޕO0;,z*hOO_@9oVk91K[:cOמj#;xןYTn_mE@>`>'a0{D`9zȮ`U{c$wt&5PSrj+no3 f㉄3|"UQAM.e/.1EM~Bgʿ4nd9LUW% }yDti׵[rlKowi TÓ,o~%9 }ZLQ;0qbYIlBɣ;}1ԆB.|!NUe뒚;M^-{tlē ~Jg@7Ջ6 #DжhEqq\V$ oaeL:0 A1>U*O-s,N`Xҡ:Z 8ًi_0`L+šr7!cx־֥r#C.GW* J5hQb H-ijon,|/2"E8mܞRuh3Vjl endstream endobj 7374 0 obj << /Type /FontDescriptor /FontName /DWGWFD+NimbusRomNo9L-ReguItal /Flags 4 /FontBBox [-169 -270 1010 924] /Ascent 668 /CapHeight 668 /Descent -193 /ItalicAngle -15 /StemV 78 /XHeight 441 /CharSet (/A/B/C/D/E/F/G/H/I/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/a/asterisk/at/b/bar/braceleft/braceright/bracketleft/bracketright/c/colon/comma/d/e/eight/emdash/equal/f/fi/five/fl/four/g/h/hyphen/i/j/k/l/m/n/nine/o/one/p/parenleft/parenright/period/q/question/r/s/seven/six/slash/t/three/two/u/underscore/v/w/x/y/z/zero) /FontFile 7373 0 R >> endobj 7338 0 obj << /Type /Encoding /Differences [2/fi/fl 33/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 147/quotedblleft/quotedblright/bullet 151/emdash 169/copyright] >> endobj 2699 0 obj << /Type /Font /Subtype /Type1 /BaseFont /SYFPBV+CMMI10 /FontDescriptor 7350 0 R /FirstChar 60 /LastChar 62 /Widths 7335 0 R >> endobj 1827 0 obj << /Type /Font /Subtype /Type1 /BaseFont /ZRLUIR+CMMI8 /FontDescriptor 7352 0 R /FirstChar 60 /LastChar 62 /Widths 7336 0 R >> endobj 1821 0 obj << /Type /Font /Subtype /Type1 /BaseFont /YJCLWH+CMMI9 /FontDescriptor 7354 0 R /FirstChar 60 /LastChar 62 /Widths 7337 0 R >> endobj 1354 0 obj << /Type /Font /Subtype /Type1 /BaseFont /CLZSEX+NimbusMonL-Bold /FontDescriptor 7356 0 R /FirstChar 34 /LastChar 124 /Widths 7342 0 R /Encoding 7338 0 R >> endobj 1532 0 obj << /Type /Font /Subtype /Type1 /BaseFont /FGGENB+NimbusMonL-BoldObli /FontDescriptor 7358 0 R /FirstChar 34 /LastChar 126 /Widths 7340 0 R /Encoding 7338 0 R >> endobj 1352 0 obj << /Type /Font /Subtype /Type1 /BaseFont /JNQQLD+NimbusMonL-Regu /FontDescriptor 7360 0 R /FirstChar 33 /LastChar 126 /Widths 7343 0 R /Encoding 7338 0 R >> endobj 1764 0 obj << /Type /Font /Subtype /Type1 /BaseFont /VNPYLE+NimbusMonL-ReguObli /FontDescriptor 7362 0 R /FirstChar 46 /LastChar 121 /Widths 7339 0 R /Encoding 7338 0 R >> endobj 932 0 obj << /Type /Font /Subtype /Type1 /BaseFont /MNJGYN+NimbusSanL-Bold /FontDescriptor 7364 0 R /FirstChar 2 /LastChar 151 /Widths 7348 0 R /Encoding 7338 0 R >> endobj 1347 0 obj << /Type /Font /Subtype /Type1 /BaseFont /VKTPBF+NimbusSanL-Regu /FontDescriptor 7366 0 R /FirstChar 2 /LastChar 151 /Widths 7344 0 R /Encoding 7338 0 R >> endobj 1479 0 obj << /Type /Font /Subtype /Type1 /BaseFont /OYAIWK+NimbusSanL-ReguItal /FontDescriptor 7368 0 R /FirstChar 2 /LastChar 122 /Widths 7341 0 R /Encoding 7338 0 R >> endobj 1036 0 obj << /Type /Font /Subtype /Type1 /BaseFont /BAVSGM+NimbusRomNo9L-Medi /FontDescriptor 7370 0 R /FirstChar 2 /LastChar 151 /Widths 7345 0 R /Encoding 7338 0 R >> endobj 938 0 obj << /Type /Font /Subtype /Type1 /BaseFont /PKSJGQ+NimbusRomNo9L-Regu /FontDescriptor 7372 0 R /FirstChar 2 /LastChar 169 /Widths 7347 0 R /Encoding 7338 0 R >> endobj 939 0 obj << /Type /Font /Subtype /Type1 /BaseFont /DWGWFD+NimbusRomNo9L-ReguItal /FontDescriptor 7374 0 R /FirstChar 2 /LastChar 151 /Widths 7346 0 R /Encoding 7338 0 R >> endobj 933 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [926 0 R 935 0 R 1033 0 R 1175 0 R 1287 0 R 1329 0 R] >> endobj 1378 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [1343 0 R 1380 0 R 1417 0 R 1451 0 R 1511 0 R 1566 0 R] >> endobj 1650 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [1601 0 R 1654 0 R 1694 0 R 1732 0 R 1786 0 R 1809 0 R] >> endobj 1878 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [1831 0 R 1880 0 R 1913 0 R 1965 0 R 2014 0 R 2028 0 R] >> endobj 2084 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [2058 0 R 2086 0 R 2129 0 R 2161 0 R 2189 0 R 2216 0 R] >> endobj 2291 0 obj << /Type /Pages /Count 6 /Parent 7375 0 R /Kids [2243 0 R 2296 0 R 2331 0 R 2350 0 R 2381 0 R 2418 0 R] >> endobj 2490 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [2458 0 R 2494 0 R 2511 0 R 2544 0 R 2579 0 R 2610 0 R] >> endobj 2674 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [2633 0 R 2676 0 R 2724 0 R 2755 0 R 2782 0 R 2805 0 R] >> endobj 2854 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [2836 0 R 2856 0 R 2876 0 R 2925 0 R 2976 0 R 3013 0 R] >> endobj 3082 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [3046 0 R 3086 0 R 3103 0 R 3149 0 R 3179 0 R 3208 0 R] >> endobj 3273 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [3244 0 R 3276 0 R 3314 0 R 3342 0 R 3385 0 R 3430 0 R] >> endobj 3483 0 obj << /Type /Pages /Count 6 /Parent 7376 0 R /Kids [3467 0 R 3485 0 R 3515 0 R 3555 0 R 3588 0 R 3620 0 R] >> endobj 3672 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [3630 0 R 3675 0 R 3686 0 R 3711 0 R 3734 0 R 3774 0 R] >> endobj 3803 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [3792 0 R 3805 0 R 3824 0 R 3842 0 R 3874 0 R 3901 0 R] >> endobj 3943 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [3912 0 R 3945 0 R 3981 0 R 4021 0 R 4071 0 R 4107 0 R] >> endobj 4147 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [4144 0 R 4149 0 R 4166 0 R 4198 0 R 4213 0 R 4238 0 R] >> endobj 4287 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [4271 0 R 4289 0 R 4317 0 R 4351 0 R 4396 0 R 4437 0 R] >> endobj 4500 0 obj << /Type /Pages /Count 6 /Parent 7377 0 R /Kids [4480 0 R 4503 0 R 4545 0 R 4577 0 R 4619 0 R 4650 0 R] >> endobj 4740 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [4706 0 R 4742 0 R 4772 0 R 4806 0 R 4835 0 R 4863 0 R] >> endobj 4948 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [4915 0 R 4950 0 R 4958 0 R 5005 0 R 5043 0 R 5082 0 R] >> endobj 5128 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [5086 0 R 5130 0 R 5170 0 R 5213 0 R 5239 0 R 5254 0 R] >> endobj 5331 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [5285 0 R 5333 0 R 5353 0 R 5387 0 R 5425 0 R 5478 0 R] >> endobj 5534 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [5507 0 R 5536 0 R 5570 0 R 5605 0 R 5649 0 R 5683 0 R] >> endobj 5759 0 obj << /Type /Pages /Count 6 /Parent 7378 0 R /Kids [5719 0 R 5761 0 R 5799 0 R 5825 0 R 5843 0 R 5862 0 R] >> endobj 5906 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [5868 0 R 5909 0 R 5952 0 R 5989 0 R 6022 0 R 6065 0 R] >> endobj 6130 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [6109 0 R 6133 0 R 6212 0 R 6294 0 R 6311 0 R 6336 0 R] >> endobj 6413 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [6365 0 R 6418 0 R 6450 0 R 6503 0 R 6547 0 R 6592 0 R] >> endobj 6666 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [6630 0 R 6668 0 R 6710 0 R 6754 0 R 6794 0 R 6835 0 R] >> endobj 6928 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [6876 0 R 6930 0 R 6977 0 R 7029 0 R 7083 0 R 7127 0 R] >> endobj 7193 0 obj << /Type /Pages /Count 6 /Parent 7379 0 R /Kids [7174 0 R 7195 0 R 7236 0 R 7284 0 R 7326 0 R 7332 0 R] >> endobj 7375 0 obj << /Type /Pages /Count 36 /Parent 7380 0 R /Kids [933 0 R 1378 0 R 1650 0 R 1878 0 R 2084 0 R 2291 0 R] >> endobj 7376 0 obj << /Type /Pages /Count 36 /Parent 7380 0 R /Kids [2490 0 R 2674 0 R 2854 0 R 3082 0 R 3273 0 R 3483 0 R] >> endobj 7377 0 obj << /Type /Pages /Count 36 /Parent 7380 0 R /Kids [3672 0 R 3803 0 R 3943 0 R 4147 0 R 4287 0 R 4500 0 R] >> endobj 7378 0 obj << /Type /Pages /Count 36 /Parent 7380 0 R /Kids [4740 0 R 4948 0 R 5128 0 R 5331 0 R 5534 0 R 5759 0 R] >> endobj 7379 0 obj << /Type /Pages /Count 36 /Parent 7380 0 R /Kids [5906 0 R 6130 0 R 6413 0 R 6666 0 R 6928 0 R 7193 0 R] >> endobj 7380 0 obj << /Type /Pages /Count 180 /Kids [7375 0 R 7376 0 R 7377 0 R 7378 0 R 7379 0 R] >> endobj 7381 0 obj << /Type /Outlines /First 3 0 R /Last 923 0 R /Count 18 >> endobj 923 0 obj << /Title 924 0 R /A 921 0 R /Parent 7381 0 R /Prev 907 0 R >> endobj 919 0 obj << /Title 920 0 R /A 917 0 R /Parent 907 0 R /Prev 915 0 R >> endobj 915 0 obj << /Title 916 0 R /A 913 0 R /Parent 907 0 R /Prev 911 0 R /Next 919 0 R >> endobj 911 0 obj << /Title 912 0 R /A 909 0 R /Parent 907 0 R /Next 915 0 R >> endobj 907 0 obj << /Title 908 0 R /A 905 0 R /Parent 7381 0 R /Prev 831 0 R /Next 923 0 R /First 911 0 R /Last 919 0 R /Count -3 >> endobj 903 0 obj << /Title 904 0 R /A 901 0 R /Parent 831 0 R /Prev 899 0 R >> endobj 899 0 obj << /Title 900 0 R /A 897 0 R /Parent 831 0 R /Prev 895 0 R /Next 903 0 R >> endobj 895 0 obj << /Title 896 0 R /A 893 0 R /Parent 831 0 R /Prev 891 0 R /Next 899 0 R >> endobj 891 0 obj << /Title 892 0 R /A 889 0 R /Parent 831 0 R /Prev 887 0 R /Next 895 0 R >> endobj 887 0 obj << /Title 888 0 R /A 885 0 R /Parent 831 0 R /Prev 883 0 R /Next 891 0 R >> endobj 883 0 obj << /Title 884 0 R /A 881 0 R /Parent 831 0 R /Prev 879 0 R /Next 887 0 R >> endobj 879 0 obj << /Title 880 0 R /A 877 0 R /Parent 831 0 R /Prev 875 0 R /Next 883 0 R >> endobj 875 0 obj << /Title 876 0 R /A 873 0 R /Parent 831 0 R /Prev 871 0 R /Next 879 0 R >> endobj 871 0 obj << /Title 872 0 R /A 869 0 R /Parent 831 0 R /Prev 867 0 R /Next 875 0 R >> endobj 867 0 obj << /Title 868 0 R /A 865 0 R /Parent 831 0 R /Prev 863 0 R /Next 871 0 R >> endobj 863 0 obj << /Title 864 0 R /A 861 0 R /Parent 831 0 R /Prev 859 0 R /Next 867 0 R >> endobj 859 0 obj << /Title 860 0 R /A 857 0 R /Parent 831 0 R /Prev 855 0 R /Next 863 0 R >> endobj 855 0 obj << /Title 856 0 R /A 853 0 R /Parent 831 0 R /Prev 851 0 R /Next 859 0 R >> endobj 851 0 obj << /Title 852 0 R /A 849 0 R /Parent 831 0 R /Prev 847 0 R /Next 855 0 R >> endobj 847 0 obj << /Title 848 0 R /A 845 0 R /Parent 831 0 R /Prev 835 0 R /Next 851 0 R >> endobj 843 0 obj << /Title 844 0 R /A 841 0 R /Parent 835 0 R /Prev 839 0 R >> endobj 839 0 obj << /Title 840 0 R /A 837 0 R /Parent 835 0 R /Next 843 0 R >> endobj 835 0 obj << /Title 836 0 R /A 833 0 R /Parent 831 0 R /Next 847 0 R /First 839 0 R /Last 843 0 R /Count -2 >> endobj 831 0 obj << /Title 832 0 R /A 829 0 R /Parent 7381 0 R /Prev 815 0 R /Next 907 0 R /First 835 0 R /Last 903 0 R /Count -16 >> endobj 827 0 obj << /Title 828 0 R /A 825 0 R /Parent 815 0 R /Prev 823 0 R >> endobj 823 0 obj << /Title 824 0 R /A 821 0 R /Parent 815 0 R /Prev 819 0 R /Next 827 0 R >> endobj 819 0 obj << /Title 820 0 R /A 817 0 R /Parent 815 0 R /Next 823 0 R >> endobj 815 0 obj << /Title 816 0 R /A 813 0 R /Parent 7381 0 R /Prev 791 0 R /Next 831 0 R /First 819 0 R /Last 827 0 R /Count -3 >> endobj 811 0 obj << /Title 812 0 R /A 809 0 R /Parent 791 0 R /Prev 807 0 R >> endobj 807 0 obj << /Title 808 0 R /A 805 0 R /Parent 791 0 R /Prev 803 0 R /Next 811 0 R >> endobj 803 0 obj << /Title 804 0 R /A 801 0 R /Parent 791 0 R /Prev 799 0 R /Next 807 0 R >> endobj 799 0 obj << /Title 800 0 R /A 797 0 R /Parent 791 0 R /Prev 795 0 R /Next 803 0 R >> endobj 795 0 obj << /Title 796 0 R /A 793 0 R /Parent 791 0 R /Next 799 0 R >> endobj 791 0 obj << /Title 792 0 R /A 789 0 R /Parent 7381 0 R /Prev 763 0 R /Next 815 0 R /First 795 0 R /Last 811 0 R /Count -5 >> endobj 787 0 obj << /Title 788 0 R /A 785 0 R /Parent 763 0 R /Prev 783 0 R >> endobj 783 0 obj << /Title 784 0 R /A 781 0 R /Parent 763 0 R /Prev 779 0 R /Next 787 0 R >> endobj 779 0 obj << /Title 780 0 R /A 777 0 R /Parent 763 0 R /Prev 775 0 R /Next 783 0 R >> endobj 775 0 obj << /Title 776 0 R /A 773 0 R /Parent 763 0 R /Prev 767 0 R /Next 779 0 R >> endobj 771 0 obj << /Title 772 0 R /A 769 0 R /Parent 767 0 R >> endobj 767 0 obj << /Title 768 0 R /A 765 0 R /Parent 763 0 R /Next 775 0 R /First 771 0 R /Last 771 0 R /Count -1 >> endobj 763 0 obj << /Title 764 0 R /A 761 0 R /Parent 7381 0 R /Prev 619 0 R /Next 791 0 R /First 767 0 R /Last 787 0 R /Count -5 >> endobj 759 0 obj << /Title 760 0 R /A 757 0 R /Parent 731 0 R /Prev 755 0 R >> endobj 755 0 obj << /Title 756 0 R /A 753 0 R /Parent 731 0 R /Prev 751 0 R /Next 759 0 R >> endobj 751 0 obj << /Title 752 0 R /A 749 0 R /Parent 731 0 R /Prev 747 0 R /Next 755 0 R >> endobj 747 0 obj << /Title 748 0 R /A 745 0 R /Parent 731 0 R /Prev 735 0 R /Next 751 0 R >> endobj 743 0 obj << /Title 744 0 R /A 741 0 R /Parent 735 0 R /Prev 739 0 R >> endobj 739 0 obj << /Title 740 0 R /A 737 0 R /Parent 735 0 R /Next 743 0 R >> endobj 735 0 obj << /Title 736 0 R /A 733 0 R /Parent 731 0 R /Next 747 0 R /First 739 0 R /Last 743 0 R /Count -2 >> endobj 731 0 obj << /Title 732 0 R /A 729 0 R /Parent 619 0 R /Prev 623 0 R /First 735 0 R /Last 759 0 R /Count -5 >> endobj 727 0 obj << /Title 728 0 R /A 725 0 R /Parent 623 0 R /Prev 719 0 R >> endobj 723 0 obj << /Title 724 0 R /A 721 0 R /Parent 719 0 R >> endobj 719 0 obj << /Title 720 0 R /A 717 0 R /Parent 623 0 R /Prev 711 0 R /Next 727 0 R /First 723 0 R /Last 723 0 R /Count -1 >> endobj 715 0 obj << /Title 716 0 R /A 713 0 R /Parent 711 0 R >> endobj 711 0 obj << /Title 712 0 R /A 709 0 R /Parent 623 0 R /Prev 703 0 R /Next 719 0 R /First 715 0 R /Last 715 0 R /Count -1 >> endobj 707 0 obj << /Title 708 0 R /A 705 0 R /Parent 703 0 R >> endobj 703 0 obj << /Title 704 0 R /A 701 0 R /Parent 623 0 R /Prev 695 0 R /Next 711 0 R /First 707 0 R /Last 707 0 R /Count -1 >> endobj 699 0 obj << /Title 700 0 R /A 697 0 R /Parent 695 0 R >> endobj 695 0 obj << /Title 696 0 R /A 693 0 R /Parent 623 0 R /Prev 687 0 R /Next 703 0 R /First 699 0 R /Last 699 0 R /Count -1 >> endobj 691 0 obj << /Title 692 0 R /A 689 0 R /Parent 687 0 R >> endobj 687 0 obj << /Title 688 0 R /A 685 0 R /Parent 623 0 R /Prev 679 0 R /Next 695 0 R /First 691 0 R /Last 691 0 R /Count -1 >> endobj 683 0 obj << /Title 684 0 R /A 681 0 R /Parent 679 0 R >> endobj 679 0 obj << /Title 680 0 R /A 677 0 R /Parent 623 0 R /Prev 671 0 R /Next 687 0 R /First 683 0 R /Last 683 0 R /Count -1 >> endobj 675 0 obj << /Title 676 0 R /A 673 0 R /Parent 671 0 R >> endobj 671 0 obj << /Title 672 0 R /A 669 0 R /Parent 623 0 R /Prev 663 0 R /Next 679 0 R /First 675 0 R /Last 675 0 R /Count -1 >> endobj 667 0 obj << /Title 668 0 R /A 665 0 R /Parent 663 0 R >> endobj 663 0 obj << /Title 664 0 R /A 661 0 R /Parent 623 0 R /Prev 643 0 R /Next 671 0 R /First 667 0 R /Last 667 0 R /Count -1 >> endobj 659 0 obj << /Title 660 0 R /A 657 0 R /Parent 643 0 R /Prev 655 0 R >> endobj 655 0 obj << /Title 656 0 R /A 653 0 R /Parent 643 0 R /Prev 651 0 R /Next 659 0 R >> endobj 651 0 obj << /Title 652 0 R /A 649 0 R /Parent 643 0 R /Prev 647 0 R /Next 655 0 R >> endobj 647 0 obj << /Title 648 0 R /A 645 0 R /Parent 643 0 R /Next 651 0 R >> endobj 643 0 obj << /Title 644 0 R /A 641 0 R /Parent 623 0 R /Prev 631 0 R /Next 663 0 R /First 647 0 R /Last 659 0 R /Count -4 >> endobj 639 0 obj << /Title 640 0 R /A 637 0 R /Parent 631 0 R /Prev 635 0 R >> endobj 635 0 obj << /Title 636 0 R /A 633 0 R /Parent 631 0 R /Next 639 0 R >> endobj 631 0 obj << /Title 632 0 R /A 629 0 R /Parent 623 0 R /Prev 627 0 R /Next 643 0 R /First 635 0 R /Last 639 0 R /Count -2 >> endobj 627 0 obj << /Title 628 0 R /A 625 0 R /Parent 623 0 R /Next 631 0 R >> endobj 623 0 obj << /Title 624 0 R /A 621 0 R /Parent 619 0 R /Next 731 0 R /First 627 0 R /Last 727 0 R /Count -12 >> endobj 619 0 obj << /Title 620 0 R /A 617 0 R /Parent 7381 0 R /Prev 603 0 R /Next 763 0 R /First 623 0 R /Last 731 0 R /Count -2 >> endobj 615 0 obj << /Title 616 0 R /A 613 0 R /Parent 603 0 R /Prev 607 0 R >> endobj 611 0 obj << /Title 612 0 R /A 609 0 R /Parent 607 0 R >> endobj 607 0 obj << /Title 608 0 R /A 605 0 R /Parent 603 0 R /Next 615 0 R /First 611 0 R /Last 611 0 R /Count -1 >> endobj 603 0 obj << /Title 604 0 R /A 601 0 R /Parent 7381 0 R /Prev 595 0 R /Next 619 0 R /First 607 0 R /Last 615 0 R /Count -2 >> endobj 599 0 obj << /Title 600 0 R /A 597 0 R /Parent 595 0 R >> endobj 595 0 obj << /Title 596 0 R /A 593 0 R /Parent 7381 0 R /Prev 575 0 R /Next 603 0 R /First 599 0 R /Last 599 0 R /Count -1 >> endobj 591 0 obj << /Title 592 0 R /A 589 0 R /Parent 587 0 R >> endobj 587 0 obj << /Title 588 0 R /A 585 0 R /Parent 575 0 R /Prev 583 0 R /First 591 0 R /Last 591 0 R /Count -1 >> endobj 583 0 obj << /Title 584 0 R /A 581 0 R /Parent 575 0 R /Prev 579 0 R /Next 587 0 R >> endobj 579 0 obj << /Title 580 0 R /A 577 0 R /Parent 575 0 R /Next 583 0 R >> endobj 575 0 obj << /Title 576 0 R /A 573 0 R /Parent 7381 0 R /Prev 499 0 R /Next 595 0 R /First 579 0 R /Last 587 0 R /Count -3 >> endobj 571 0 obj << /Title 572 0 R /A 569 0 R /Parent 499 0 R /Prev 567 0 R >> endobj 567 0 obj << /Title 568 0 R /A 565 0 R /Parent 499 0 R /Prev 563 0 R /Next 571 0 R >> endobj 563 0 obj << /Title 564 0 R /A 561 0 R /Parent 499 0 R /Prev 551 0 R /Next 567 0 R >> endobj 559 0 obj << /Title 560 0 R /A 557 0 R /Parent 551 0 R /Prev 555 0 R >> endobj 555 0 obj << /Title 556 0 R /A 553 0 R /Parent 551 0 R /Next 559 0 R >> endobj 551 0 obj << /Title 552 0 R /A 549 0 R /Parent 499 0 R /Prev 547 0 R /Next 563 0 R /First 555 0 R /Last 559 0 R /Count -2 >> endobj 547 0 obj << /Title 548 0 R /A 545 0 R /Parent 499 0 R /Prev 543 0 R /Next 551 0 R >> endobj 543 0 obj << /Title 544 0 R /A 541 0 R /Parent 499 0 R /Prev 539 0 R /Next 547 0 R >> endobj 539 0 obj << /Title 540 0 R /A 537 0 R /Parent 499 0 R /Prev 535 0 R /Next 543 0 R >> endobj 535 0 obj << /Title 536 0 R /A 533 0 R /Parent 499 0 R /Prev 531 0 R /Next 539 0 R >> endobj 531 0 obj << /Title 532 0 R /A 529 0 R /Parent 499 0 R /Prev 519 0 R /Next 535 0 R >> endobj 527 0 obj << /Title 528 0 R /A 525 0 R /Parent 519 0 R /Prev 523 0 R >> endobj 523 0 obj << /Title 524 0 R /A 521 0 R /Parent 519 0 R /Next 527 0 R >> endobj 519 0 obj << /Title 520 0 R /A 517 0 R /Parent 499 0 R /Prev 515 0 R /Next 531 0 R /First 523 0 R /Last 527 0 R /Count -2 >> endobj 515 0 obj << /Title 516 0 R /A 513 0 R /Parent 499 0 R /Prev 511 0 R /Next 519 0 R >> endobj 511 0 obj << /Title 512 0 R /A 509 0 R /Parent 499 0 R /Prev 507 0 R /Next 515 0 R >> endobj 507 0 obj << /Title 508 0 R /A 505 0 R /Parent 499 0 R /Prev 503 0 R /Next 511 0 R >> endobj 503 0 obj << /Title 504 0 R /A 501 0 R /Parent 499 0 R /Next 507 0 R >> endobj 499 0 obj << /Title 500 0 R /A 497 0 R /Parent 7381 0 R /Prev 251 0 R /Next 575 0 R /First 503 0 R /Last 571 0 R /Count -14 >> endobj 495 0 obj << /Title 496 0 R /A 493 0 R /Parent 491 0 R >> endobj 491 0 obj << /Title 492 0 R /A 489 0 R /Parent 251 0 R /Prev 479 0 R /First 495 0 R /Last 495 0 R /Count -1 >> endobj 487 0 obj << /Title 488 0 R /A 485 0 R /Parent 479 0 R /Prev 483 0 R >> endobj 483 0 obj << /Title 484 0 R /A 481 0 R /Parent 479 0 R /Next 487 0 R >> endobj 479 0 obj << /Title 480 0 R /A 477 0 R /Parent 251 0 R /Prev 475 0 R /Next 491 0 R /First 483 0 R /Last 487 0 R /Count -2 >> endobj 475 0 obj << /Title 476 0 R /A 473 0 R /Parent 251 0 R /Prev 471 0 R /Next 479 0 R >> endobj 471 0 obj << /Title 472 0 R /A 469 0 R /Parent 251 0 R /Prev 459 0 R /Next 475 0 R >> endobj 467 0 obj << /Title 468 0 R /A 465 0 R /Parent 459 0 R /Prev 463 0 R >> endobj 463 0 obj << /Title 464 0 R /A 461 0 R /Parent 459 0 R /Next 467 0 R >> endobj 459 0 obj << /Title 460 0 R /A 457 0 R /Parent 251 0 R /Prev 427 0 R /Next 471 0 R /First 463 0 R /Last 467 0 R /Count -2 >> endobj 455 0 obj << /Title 456 0 R /A 453 0 R /Parent 427 0 R /Prev 451 0 R >> endobj 451 0 obj << /Title 452 0 R /A 449 0 R /Parent 427 0 R /Prev 447 0 R /Next 455 0 R >> endobj 447 0 obj << /Title 448 0 R /A 445 0 R /Parent 427 0 R /Prev 443 0 R /Next 451 0 R >> endobj 443 0 obj << /Title 444 0 R /A 441 0 R /Parent 427 0 R /Prev 431 0 R /Next 447 0 R >> endobj 439 0 obj << /Title 440 0 R /A 437 0 R /Parent 431 0 R /Prev 435 0 R >> endobj 435 0 obj << /Title 436 0 R /A 433 0 R /Parent 431 0 R /Next 439 0 R >> endobj 431 0 obj << /Title 432 0 R /A 429 0 R /Parent 427 0 R /Next 443 0 R /First 435 0 R /Last 439 0 R /Count -2 >> endobj 427 0 obj << /Title 428 0 R /A 425 0 R /Parent 251 0 R /Prev 415 0 R /Next 459 0 R /First 431 0 R /Last 455 0 R /Count -5 >> endobj 423 0 obj << /Title 424 0 R /A 421 0 R /Parent 415 0 R /Prev 419 0 R >> endobj 419 0 obj << /Title 420 0 R /A 417 0 R /Parent 415 0 R /Next 423 0 R >> endobj 415 0 obj << /Title 416 0 R /A 413 0 R /Parent 251 0 R /Prev 407 0 R /Next 427 0 R /First 419 0 R /Last 423 0 R /Count -2 >> endobj 411 0 obj << /Title 412 0 R /A 409 0 R /Parent 407 0 R >> endobj 407 0 obj << /Title 408 0 R /A 405 0 R /Parent 251 0 R /Prev 403 0 R /Next 415 0 R /First 411 0 R /Last 411 0 R /Count -1 >> endobj 403 0 obj << /Title 404 0 R /A 401 0 R /Parent 251 0 R /Prev 399 0 R /Next 407 0 R >> endobj 399 0 obj << /Title 400 0 R /A 397 0 R /Parent 251 0 R /Prev 395 0 R /Next 403 0 R >> endobj 395 0 obj << /Title 396 0 R /A 393 0 R /Parent 251 0 R /Prev 375 0 R /Next 399 0 R >> endobj 391 0 obj << /Title 392 0 R /A 389 0 R /Parent 375 0 R /Prev 387 0 R >> endobj 387 0 obj << /Title 388 0 R /A 385 0 R /Parent 375 0 R /Prev 383 0 R /Next 391 0 R >> endobj 383 0 obj << /Title 384 0 R /A 381 0 R /Parent 375 0 R /Prev 379 0 R /Next 387 0 R >> endobj 379 0 obj << /Title 380 0 R /A 377 0 R /Parent 375 0 R /Next 383 0 R >> endobj 375 0 obj << /Title 376 0 R /A 373 0 R /Parent 251 0 R /Prev 363 0 R /Next 395 0 R /First 379 0 R /Last 391 0 R /Count -4 >> endobj 371 0 obj << /Title 372 0 R /A 369 0 R /Parent 363 0 R /Prev 367 0 R >> endobj 367 0 obj << /Title 368 0 R /A 365 0 R /Parent 363 0 R /Next 371 0 R >> endobj 363 0 obj << /Title 364 0 R /A 361 0 R /Parent 251 0 R /Prev 359 0 R /Next 375 0 R /First 367 0 R /Last 371 0 R /Count -2 >> endobj 359 0 obj << /Title 360 0 R /A 357 0 R /Parent 251 0 R /Prev 355 0 R /Next 363 0 R >> endobj 355 0 obj << /Title 356 0 R /A 353 0 R /Parent 251 0 R /Prev 347 0 R /Next 359 0 R >> endobj 351 0 obj << /Title 352 0 R /A 349 0 R /Parent 347 0 R >> endobj 347 0 obj << /Title 348 0 R /A 345 0 R /Parent 251 0 R /Prev 343 0 R /Next 355 0 R /First 351 0 R /Last 351 0 R /Count -1 >> endobj 343 0 obj << /Title 344 0 R /A 341 0 R /Parent 251 0 R /Prev 267 0 R /Next 347 0 R >> endobj 339 0 obj << /Title 340 0 R /A 337 0 R /Parent 267 0 R /Prev 331 0 R >> endobj 335 0 obj << /Title 336 0 R /A 333 0 R /Parent 331 0 R >> endobj 331 0 obj << /Title 332 0 R /A 329 0 R /Parent 267 0 R /Prev 327 0 R /Next 339 0 R /First 335 0 R /Last 335 0 R /Count -1 >> endobj 327 0 obj << /Title 328 0 R /A 325 0 R /Parent 267 0 R /Prev 323 0 R /Next 331 0 R >> endobj 323 0 obj << /Title 324 0 R /A 321 0 R /Parent 267 0 R /Prev 319 0 R /Next 327 0 R >> endobj 319 0 obj << /Title 320 0 R /A 317 0 R /Parent 267 0 R /Prev 315 0 R /Next 323 0 R >> endobj 315 0 obj << /Title 316 0 R /A 313 0 R /Parent 267 0 R /Prev 311 0 R /Next 319 0 R >> endobj 311 0 obj << /Title 312 0 R /A 309 0 R /Parent 267 0 R /Prev 307 0 R /Next 315 0 R >> endobj 307 0 obj << /Title 308 0 R /A 305 0 R /Parent 267 0 R /Prev 303 0 R /Next 311 0 R >> endobj 303 0 obj << /Title 304 0 R /A 301 0 R /Parent 267 0 R /Prev 295 0 R /Next 307 0 R >> endobj 299 0 obj << /Title 300 0 R /A 297 0 R /Parent 295 0 R >> endobj 295 0 obj << /Title 296 0 R /A 293 0 R /Parent 267 0 R /Prev 291 0 R /Next 303 0 R /First 299 0 R /Last 299 0 R /Count -1 >> endobj 291 0 obj << /Title 292 0 R /A 289 0 R /Parent 267 0 R /Prev 287 0 R /Next 295 0 R >> endobj 287 0 obj << /Title 288 0 R /A 285 0 R /Parent 267 0 R /Prev 283 0 R /Next 291 0 R >> endobj 283 0 obj << /Title 284 0 R /A 281 0 R /Parent 267 0 R /Prev 275 0 R /Next 287 0 R >> endobj 279 0 obj << /Title 280 0 R /A 277 0 R /Parent 275 0 R >> endobj 275 0 obj << /Title 276 0 R /A 273 0 R /Parent 267 0 R /Prev 271 0 R /Next 283 0 R /First 279 0 R /Last 279 0 R /Count -1 >> endobj 271 0 obj << /Title 272 0 R /A 269 0 R /Parent 267 0 R /Next 275 0 R >> endobj 267 0 obj << /Title 268 0 R /A 265 0 R /Parent 251 0 R /Prev 263 0 R /Next 343 0 R /First 271 0 R /Last 339 0 R /Count -15 >> endobj 263 0 obj << /Title 264 0 R /A 261 0 R /Parent 251 0 R /Prev 259 0 R /Next 267 0 R >> endobj 259 0 obj << /Title 260 0 R /A 257 0 R /Parent 251 0 R /Prev 255 0 R /Next 263 0 R >> endobj 255 0 obj << /Title 256 0 R /A 253 0 R /Parent 251 0 R /Next 259 0 R >> endobj 251 0 obj << /Title 252 0 R /A 249 0 R /Parent 7381 0 R /Prev 155 0 R /Next 499 0 R /First 255 0 R /Last 491 0 R /Count -21 >> endobj 247 0 obj << /Title 248 0 R /A 245 0 R /Parent 235 0 R /Prev 243 0 R >> endobj 243 0 obj << /Title 244 0 R /A 241 0 R /Parent 235 0 R /Prev 239 0 R /Next 247 0 R >> endobj 239 0 obj << /Title 240 0 R /A 237 0 R /Parent 235 0 R /Next 243 0 R >> endobj 235 0 obj << /Title 236 0 R /A 233 0 R /Parent 155 0 R /Prev 231 0 R /First 239 0 R /Last 247 0 R /Count -3 >> endobj 231 0 obj << /Title 232 0 R /A 229 0 R /Parent 155 0 R /Prev 227 0 R /Next 235 0 R >> endobj 227 0 obj << /Title 228 0 R /A 225 0 R /Parent 155 0 R /Prev 215 0 R /Next 231 0 R >> endobj 223 0 obj << /Title 224 0 R /A 221 0 R /Parent 215 0 R /Prev 219 0 R >> endobj 219 0 obj << /Title 220 0 R /A 217 0 R /Parent 215 0 R /Next 223 0 R >> endobj 215 0 obj << /Title 216 0 R /A 213 0 R /Parent 155 0 R /Prev 211 0 R /Next 227 0 R /First 219 0 R /Last 223 0 R /Count -2 >> endobj 211 0 obj << /Title 212 0 R /A 209 0 R /Parent 155 0 R /Prev 207 0 R /Next 215 0 R >> endobj 207 0 obj << /Title 208 0 R /A 205 0 R /Parent 155 0 R /Prev 199 0 R /Next 211 0 R >> endobj 203 0 obj << /Title 204 0 R /A 201 0 R /Parent 199 0 R >> endobj 199 0 obj << /Title 200 0 R /A 197 0 R /Parent 155 0 R /Prev 191 0 R /Next 207 0 R /First 203 0 R /Last 203 0 R /Count -1 >> endobj 195 0 obj << /Title 196 0 R /A 193 0 R /Parent 191 0 R >> endobj 191 0 obj << /Title 192 0 R /A 189 0 R /Parent 155 0 R /Prev 183 0 R /Next 199 0 R /First 195 0 R /Last 195 0 R /Count -1 >> endobj 187 0 obj << /Title 188 0 R /A 185 0 R /Parent 183 0 R >> endobj 183 0 obj << /Title 184 0 R /A 181 0 R /Parent 155 0 R /Prev 179 0 R /Next 191 0 R /First 187 0 R /Last 187 0 R /Count -1 >> endobj 179 0 obj << /Title 180 0 R /A 177 0 R /Parent 155 0 R /Prev 175 0 R /Next 183 0 R >> endobj 175 0 obj << /Title 176 0 R /A 173 0 R /Parent 155 0 R /Prev 159 0 R /Next 179 0 R >> endobj 171 0 obj << /Title 172 0 R /A 169 0 R /Parent 159 0 R /Prev 167 0 R >> endobj 167 0 obj << /Title 168 0 R /A 165 0 R /Parent 159 0 R /Prev 163 0 R /Next 171 0 R >> endobj 163 0 obj << /Title 164 0 R /A 161 0 R /Parent 159 0 R /Next 167 0 R >> endobj 159 0 obj << /Title 160 0 R /A 157 0 R /Parent 155 0 R /Next 175 0 R /First 163 0 R /Last 171 0 R /Count -3 >> endobj 155 0 obj << /Title 156 0 R /A 153 0 R /Parent 7381 0 R /Prev 103 0 R /Next 251 0 R /First 159 0 R /Last 235 0 R /Count -12 >> endobj 151 0 obj << /Title 152 0 R /A 149 0 R /Parent 147 0 R >> endobj 147 0 obj << /Title 148 0 R /A 145 0 R /Parent 103 0 R /Prev 143 0 R /First 151 0 R /Last 151 0 R /Count -1 >> endobj 143 0 obj << /Title 144 0 R /A 141 0 R /Parent 103 0 R /Prev 139 0 R /Next 147 0 R >> endobj 139 0 obj << /Title 140 0 R /A 137 0 R /Parent 103 0 R /Prev 135 0 R /Next 143 0 R >> endobj 135 0 obj << /Title 136 0 R /A 133 0 R /Parent 103 0 R /Prev 131 0 R /Next 139 0 R >> endobj 131 0 obj << /Title 132 0 R /A 129 0 R /Parent 103 0 R /Prev 127 0 R /Next 135 0 R >> endobj 127 0 obj << /Title 128 0 R /A 125 0 R /Parent 103 0 R /Prev 123 0 R /Next 131 0 R >> endobj 123 0 obj << /Title 124 0 R /A 121 0 R /Parent 103 0 R /Prev 119 0 R /Next 127 0 R >> endobj 119 0 obj << /Title 120 0 R /A 117 0 R /Parent 103 0 R /Prev 115 0 R /Next 123 0 R >> endobj 115 0 obj << /Title 116 0 R /A 113 0 R /Parent 103 0 R /Prev 111 0 R /Next 119 0 R >> endobj 111 0 obj << /Title 112 0 R /A 109 0 R /Parent 103 0 R /Prev 107 0 R /Next 115 0 R >> endobj 107 0 obj << /Title 108 0 R /A 105 0 R /Parent 103 0 R /Next 111 0 R >> endobj 103 0 obj << /Title 104 0 R /A 101 0 R /Parent 7381 0 R /Prev 15 0 R /Next 155 0 R /First 107 0 R /Last 147 0 R /Count -11 >> endobj 99 0 obj << /Title 100 0 R /A 97 0 R /Parent 15 0 R /Prev 63 0 R >> endobj 95 0 obj << /Title 96 0 R /A 93 0 R /Parent 87 0 R /Prev 91 0 R >> endobj 91 0 obj << /Title 92 0 R /A 89 0 R /Parent 87 0 R /Next 95 0 R >> endobj 87 0 obj << /Title 88 0 R /A 85 0 R /Parent 63 0 R /Prev 75 0 R /First 91 0 R /Last 95 0 R /Count -2 >> endobj 83 0 obj << /Title 84 0 R /A 81 0 R /Parent 75 0 R /Prev 79 0 R >> endobj 79 0 obj << /Title 80 0 R /A 77 0 R /Parent 75 0 R /Next 83 0 R >> endobj 75 0 obj << /Title 76 0 R /A 73 0 R /Parent 63 0 R /Prev 71 0 R /Next 87 0 R /First 79 0 R /Last 83 0 R /Count -2 >> endobj 71 0 obj << /Title 72 0 R /A 69 0 R /Parent 63 0 R /Prev 67 0 R /Next 75 0 R >> endobj 67 0 obj << /Title 68 0 R /A 65 0 R /Parent 63 0 R /Next 71 0 R >> endobj 63 0 obj << /Title 64 0 R /A 61 0 R /Parent 15 0 R /Prev 59 0 R /Next 99 0 R /First 67 0 R /Last 87 0 R /Count -4 >> endobj 59 0 obj << /Title 60 0 R /A 57 0 R /Parent 15 0 R /Prev 55 0 R /Next 63 0 R >> endobj 55 0 obj << /Title 56 0 R /A 53 0 R /Parent 15 0 R /Prev 51 0 R /Next 59 0 R >> endobj 51 0 obj << /Title 52 0 R /A 49 0 R /Parent 15 0 R /Prev 43 0 R /Next 55 0 R >> endobj 47 0 obj << /Title 48 0 R /A 45 0 R /Parent 43 0 R >> endobj 43 0 obj << /Title 44 0 R /A 41 0 R /Parent 15 0 R /Prev 39 0 R /Next 51 0 R /First 47 0 R /Last 47 0 R /Count -1 >> endobj 39 0 obj << /Title 40 0 R /A 37 0 R /Parent 15 0 R /Prev 31 0 R /Next 43 0 R >> endobj 35 0 obj << /Title 36 0 R /A 33 0 R /Parent 31 0 R >> endobj 31 0 obj << /Title 32 0 R /A 29 0 R /Parent 15 0 R /Prev 27 0 R /Next 39 0 R /First 35 0 R /Last 35 0 R /Count -1 >> endobj 27 0 obj << /Title 28 0 R /A 25 0 R /Parent 15 0 R /Prev 23 0 R /Next 31 0 R >> endobj 23 0 obj << /Title 24 0 R /A 21 0 R /Parent 15 0 R /Prev 19 0 R /Next 27 0 R >> endobj 19 0 obj << /Title 20 0 R /A 17 0 R /Parent 15 0 R /Next 23 0 R >> endobj 15 0 obj << /Title 16 0 R /A 13 0 R /Parent 7381 0 R /Prev 11 0 R /Next 103 0 R /First 19 0 R /Last 99 0 R /Count -11 >> endobj 11 0 obj << /Title 12 0 R /A 9 0 R /Parent 7381 0 R /Prev 7 0 R /Next 15 0 R >> endobj 7 0 obj << /Title 8 0 R /A 5 0 R /Parent 7381 0 R /Prev 3 0 R /Next 11 0 R >> endobj 3 0 obj << /Title 4 0 R /A 1 0 R /Parent 7381 0 R /Next 7 0 R >> endobj 7382 0 obj << /Names [(0:100) 1415 0 R (0:102) 1383 0 R (0:103) 1420 0 R (0:1035) 2179 0 R (0:1036) 2180 0 R (0:1037) 2181 0 R] /Limits [(0:100) (0:1037)] >> endobj 7383 0 obj << /Names [(0:1038) 2182 0 R (0:1039) 2183 0 R (0:104) 1421 0 R (0:1040) 2184 0 R (0:1041) 2185 0 R (0:1042) 2192 0 R] /Limits [(0:1038) (0:1042)] >> endobj 7384 0 obj << /Names [(0:1043) 2193 0 R (0:1044) 2194 0 R (0:1045) 2195 0 R (0:1046) 2196 0 R (0:1047) 2197 0 R (0:1048) 2198 0 R] /Limits [(0:1043) (0:1048)] >> endobj 7385 0 obj << /Names [(0:1049) 2199 0 R (0:1050) 2200 0 R (0:1051) 2201 0 R (0:1052) 2202 0 R (0:1053) 2203 0 R (0:1054) 2204 0 R] /Limits [(0:1049) (0:1054)] >> endobj 7386 0 obj << /Names [(0:1055) 2205 0 R (0:1056) 2206 0 R (0:1058) 2207 0 R (0:1059) 2208 0 R (0:106) 1422 0 R (0:1060) 2209 0 R] /Limits [(0:1055) (0:1060)] >> endobj 7387 0 obj << /Names [(0:1061) 2210 0 R (0:1064) 2212 0 R (0:1065) 2213 0 R (0:1066) 2214 0 R (0:1068) 2220 0 R (0:1069) 2221 0 R] /Limits [(0:1061) (0:1069)] >> endobj 7388 0 obj << /Names [(0:107) 1423 0 R (0:1070) 2222 0 R (0:108) 1424 0 R (0:1097) 2224 0 R (0:1098) 2225 0 R (0:1099) 2226 0 R] /Limits [(0:107) (0:1099)] >> endobj 7389 0 obj << /Names [(0:1100) 2227 0 R (0:111) 1425 0 R (0:112) 1426 0 R (0:113) 1427 0 R (0:1135) 2230 0 R (0:1136) 2231 0 R] /Limits [(0:1100) (0:1136)] >> endobj 7390 0 obj << /Names [(0:1137) 2232 0 R (0:1138) 2233 0 R (0:1139) 2234 0 R (0:114) 1428 0 R (0:1140) 2235 0 R (0:1142) 2236 0 R] /Limits [(0:1137) (0:1142)] >> endobj 7391 0 obj << /Names [(0:1143) 2237 0 R (0:1144) 2238 0 R (0:1146) 2239 0 R (0:1147) 2240 0 R (0:1148) 2241 0 R (0:115) 1429 0 R] /Limits [(0:1143) (0:115)] >> endobj 7392 0 obj << /Names [(0:1150) 2246 0 R (0:1151) 2247 0 R (0:1152) 2248 0 R (0:1154) 2219 0 R (0:1155) 2249 0 R (0:1156) 2250 0 R] /Limits [(0:1150) (0:1156)] >> endobj 7393 0 obj << /Names [(0:1158) 2251 0 R (0:1159) 2252 0 R (0:116) 1430 0 R (0:1160) 2253 0 R (0:1162) 2254 0 R (0:1163) 2255 0 R] /Limits [(0:1158) (0:1163)] >> endobj 7394 0 obj << /Names [(0:1164) 2256 0 R (0:1165) 2257 0 R (0:1166) 2258 0 R (0:1169) 2259 0 R (0:117) 1431 0 R (0:1170) 2260 0 R] /Limits [(0:1164) (0:1170)] >> endobj 7395 0 obj << /Names [(0:1171) 2261 0 R (0:1172) 2262 0 R (0:1173) 2263 0 R (0:1174) 2264 0 R (0:1175) 2265 0 R (0:1176) 2266 0 R] /Limits [(0:1171) (0:1176)] >> endobj 7396 0 obj << /Names [(0:1177) 2267 0 R (0:1178) 2268 0 R (0:1179) 2269 0 R (0:118) 1432 0 R (0:1180) 2270 0 R (0:1181) 2271 0 R] /Limits [(0:1177) (0:1181)] >> endobj 7397 0 obj << /Names [(0:1182) 2272 0 R (0:1183) 2273 0 R (0:1184) 2274 0 R (0:1185) 2275 0 R (0:1186) 2276 0 R (0:1187) 2277 0 R] /Limits [(0:1182) (0:1187)] >> endobj 7398 0 obj << /Names [(0:1188) 2278 0 R (0:1189) 2279 0 R (0:119) 1433 0 R (0:1190) 2280 0 R (0:1191) 2281 0 R (0:1192) 2282 0 R] /Limits [(0:1188) (0:1192)] >> endobj 7399 0 obj << /Names [(0:1193) 2283 0 R (0:1194) 2284 0 R (0:1195) 2285 0 R (0:1196) 2286 0 R (0:1197) 2287 0 R (0:1198) 2288 0 R] /Limits [(0:1193) (0:1198)] >> endobj 7400 0 obj << /Names [(0:1199) 2289 0 R (0:120) 1434 0 R (0:1200) 2290 0 R (0:1201) 2300 0 R (0:1202) 2301 0 R (0:1203) 2302 0 R] /Limits [(0:1199) (0:1203)] >> endobj 7401 0 obj << /Names [(0:1204) 2303 0 R (0:1205) 2304 0 R (0:1207) 2305 0 R (0:121) 1435 0 R (0:1210) 2306 0 R (0:1211) 2307 0 R] /Limits [(0:1204) (0:1211)] >> endobj 7402 0 obj << /Names [(0:1213) 2308 0 R (0:1215) 2309 0 R (0:1216) 2310 0 R (0:1217) 2311 0 R (0:1218) 2312 0 R (0:122) 1436 0 R] /Limits [(0:1213) (0:122)] >> endobj 7403 0 obj << /Names [(0:1220) 2313 0 R (0:1221) 2314 0 R (0:1222) 2315 0 R (0:1223) 2316 0 R (0:1224) 2317 0 R (0:1225) 2318 0 R] /Limits [(0:1220) (0:1225)] >> endobj 7404 0 obj << /Names [(0:1226) 2319 0 R (0:1227) 2320 0 R (0:1228) 2321 0 R (0:123) 1437 0 R (0:1230) 2322 0 R (0:1231) 2323 0 R] /Limits [(0:1226) (0:1231)] >> endobj 7405 0 obj << /Names [(0:1232) 2324 0 R (0:1233) 2325 0 R (0:1234) 2326 0 R (0:1236) 2327 0 R (0:1237) 2328 0 R (0:1238) 2329 0 R] /Limits [(0:1232) (0:1238)] >> endobj 7406 0 obj << /Names [(0:1239) 2299 0 R (0:124) 1438 0 R (0:1241) 2334 0 R (0:1242) 2335 0 R (0:1243) 2336 0 R (0:1244) 2337 0 R] /Limits [(0:1239) (0:1244)] >> endobj 7407 0 obj << /Names [(0:1245) 2338 0 R (0:1246) 2339 0 R (0:1247) 2340 0 R (0:1248) 2341 0 R (0:1249) 2342 0 R (0:125) 1439 0 R] /Limits [(0:1245) (0:125)] >> endobj 7408 0 obj << /Names [(0:1250) 2343 0 R (0:1251) 2344 0 R (0:1252) 2345 0 R (0:1253) 2346 0 R (0:1254) 2347 0 R (0:1255) 2348 0 R] /Limits [(0:1250) (0:1255)] >> endobj 7409 0 obj << /Names [(0:1258) 2353 0 R (0:1259) 2354 0 R (0:126) 1440 0 R (0:1260) 2355 0 R (0:1261) 2356 0 R (0:1262) 2357 0 R] /Limits [(0:1258) (0:1262)] >> endobj 7410 0 obj << /Names [(0:1263) 2358 0 R (0:1264) 2359 0 R (0:1265) 2360 0 R (0:1266) 2361 0 R (0:1267) 2362 0 R (0:1268) 2363 0 R] /Limits [(0:1263) (0:1268)] >> endobj 7411 0 obj << /Names [(0:1269) 2364 0 R (0:127) 1441 0 R (0:1270) 2365 0 R (0:1272) 2366 0 R (0:1273) 2367 0 R (0:1274) 2368 0 R] /Limits [(0:1269) (0:1274)] >> endobj 7412 0 obj << /Names [(0:1275) 2369 0 R (0:1276) 2370 0 R (0:1277) 2371 0 R (0:1278) 2372 0 R (0:128) 1442 0 R (0:1280) 2373 0 R] /Limits [(0:1275) (0:1280)] >> endobj 7413 0 obj << /Names [(0:1282) 2374 0 R (0:1283) 2375 0 R (0:1284) 2376 0 R (0:1285) 2377 0 R (0:1286) 2378 0 R (0:1287) 2379 0 R] /Limits [(0:1282) (0:1287)] >> endobj 7414 0 obj << /Names [(0:1288) 2384 0 R (0:1289) 2385 0 R (0:129) 1443 0 R (0:1290) 2386 0 R (0:1291) 2387 0 R (0:1293) 2388 0 R] /Limits [(0:1288) (0:1293)] >> endobj 7415 0 obj << /Names [(0:1294) 2389 0 R (0:1295) 2390 0 R (0:1296) 2391 0 R (0:1297) 2392 0 R (0:1298) 2393 0 R (0:1299) 2394 0 R] /Limits [(0:1294) (0:1299)] >> endobj 7416 0 obj << /Names [(0:130) 1444 0 R (0:1300) 2395 0 R (0:1302) 2396 0 R (0:1303) 2397 0 R (0:1305) 2398 0 R (0:1306) 2399 0 R] /Limits [(0:130) (0:1306)] >> endobj 7417 0 obj << /Names [(0:1307) 2400 0 R (0:1308) 2401 0 R (0:1309) 2402 0 R (0:131) 1445 0 R (0:1310) 2403 0 R (0:1311) 2404 0 R] /Limits [(0:1307) (0:1311)] >> endobj 7418 0 obj << /Names [(0:1312) 2405 0 R (0:1313) 2406 0 R (0:1315) 2407 0 R (0:1316) 2408 0 R (0:1317) 2409 0 R (0:1318) 2410 0 R] /Limits [(0:1312) (0:1318)] >> endobj 7419 0 obj << /Names [(0:1319) 2411 0 R (0:132) 1455 0 R (0:1320) 2412 0 R (0:1322) 2413 0 R (0:1323) 2414 0 R (0:1324) 2415 0 R] /Limits [(0:1319) (0:1324)] >> endobj 7420 0 obj << /Names [(0:1325) 2416 0 R (0:1327) 2421 0 R (0:1328) 2422 0 R (0:1329) 2423 0 R (0:133) 1456 0 R (0:1330) 2424 0 R] /Limits [(0:1325) (0:1330)] >> endobj 7421 0 obj << /Names [(0:1331) 2425 0 R (0:1332) 2426 0 R (0:1334) 2427 0 R (0:1335) 2428 0 R (0:1336) 2429 0 R (0:1337) 2430 0 R] /Limits [(0:1331) (0:1337)] >> endobj 7422 0 obj << /Names [(0:1339) 2431 0 R (0:134) 1457 0 R (0:1340) 2432 0 R (0:1341) 2433 0 R (0:1342) 2434 0 R (0:1343) 2435 0 R] /Limits [(0:1339) (0:1343)] >> endobj 7423 0 obj << /Names [(0:1344) 2436 0 R (0:1345) 2437 0 R (0:1347) 2438 0 R (0:1348) 2439 0 R (0:1349) 2440 0 R (0:135) 1458 0 R] /Limits [(0:1344) (0:135)] >> endobj 7424 0 obj << /Names [(0:1350) 2441 0 R (0:1351) 2442 0 R (0:1352) 2443 0 R (0:1354) 2444 0 R (0:1355) 2445 0 R (0:1356) 2446 0 R] /Limits [(0:1350) (0:1356)] >> endobj 7425 0 obj << /Names [(0:1357) 2447 0 R (0:1358) 2448 0 R (0:1359) 2449 0 R (0:136) 1459 0 R (0:1360) 2450 0 R (0:1362) 2451 0 R] /Limits [(0:1357) (0:1362)] >> endobj 7426 0 obj << /Names [(0:1363) 2452 0 R (0:1364) 2453 0 R (0:1365) 2454 0 R (0:1366) 2455 0 R (0:1367) 2456 0 R (0:1369) 2461 0 R] /Limits [(0:1363) (0:1369)] >> endobj 7427 0 obj << /Names [(0:137) 1460 0 R (0:1370) 2462 0 R (0:1371) 2463 0 R (0:1372) 2464 0 R (0:1373) 2465 0 R (0:1374) 2466 0 R] /Limits [(0:137) (0:1374)] >> endobj 7428 0 obj << /Names [(0:1376) 2467 0 R (0:1377) 2468 0 R (0:1378) 2469 0 R (0:1379) 2470 0 R (0:138) 1461 0 R (0:1380) 2471 0 R] /Limits [(0:1376) (0:1380)] >> endobj 7429 0 obj << /Names [(0:1381) 2472 0 R (0:1382) 2473 0 R (0:1384) 2474 0 R (0:1385) 2475 0 R (0:1386) 2476 0 R (0:1387) 2477 0 R] /Limits [(0:1381) (0:1387)] >> endobj 7430 0 obj << /Names [(0:1388) 2478 0 R (0:1389) 2479 0 R (0:139) 1462 0 R (0:1390) 2480 0 R (0:1392) 2481 0 R (0:1393) 2482 0 R] /Limits [(0:1388) (0:1393)] >> endobj 7431 0 obj << /Names [(0:1394) 2483 0 R (0:1395) 2484 0 R (0:1396) 2485 0 R (0:1397) 2486 0 R (0:1398) 2487 0 R (0:1399) 2488 0 R] /Limits [(0:1394) (0:1399)] >> endobj 7432 0 obj << /Names [(0:140) 1463 0 R (0:1400) 2489 0 R (0:1403) 2499 0 R (0:1404) 2500 0 R (0:1405) 2501 0 R (0:1406) 2502 0 R] /Limits [(0:140) (0:1406)] >> endobj 7433 0 obj << /Names [(0:1407) 2503 0 R (0:1408) 2504 0 R (0:1409) 2505 0 R (0:141) 1464 0 R (0:1411) 2506 0 R (0:1412) 2507 0 R] /Limits [(0:1407) (0:1412)] >> endobj 7434 0 obj << /Names [(0:1414) 2515 0 R (0:1415) 2516 0 R (0:1416) 2517 0 R (0:1417) 2497 0 R (0:1418) 2518 0 R (0:1419) 2519 0 R] /Limits [(0:1414) (0:1419)] >> endobj 7435 0 obj << /Names [(0:142) 1465 0 R (0:1421) 2520 0 R (0:1422) 2521 0 R (0:1423) 2522 0 R (0:1424) 2523 0 R (0:1425) 2524 0 R] /Limits [(0:142) (0:1425)] >> endobj 7436 0 obj << /Names [(0:1426) 2525 0 R (0:1427) 2526 0 R (0:1428) 2527 0 R (0:143) 1466 0 R (0:1430) 2528 0 R (0:1432) 2529 0 R] /Limits [(0:1426) (0:1432)] >> endobj 7437 0 obj << /Names [(0:1436) 2530 0 R (0:1437) 2531 0 R (0:1439) 2532 0 R (0:144) 1467 0 R (0:1440) 2533 0 R (0:1441) 2534 0 R] /Limits [(0:1436) (0:1441)] >> endobj 7438 0 obj << /Names [(0:1442) 2535 0 R (0:1443) 2536 0 R (0:1444) 2537 0 R (0:1445) 2538 0 R (0:1446) 2539 0 R (0:1447) 2540 0 R] /Limits [(0:1442) (0:1447)] >> endobj 7439 0 obj << /Names [(0:1449) 2548 0 R (0:145) 1468 0 R (0:1450) 2549 0 R (0:1451) 2550 0 R (0:1452) 2551 0 R (0:1453) 2552 0 R] /Limits [(0:1449) (0:1453)] >> endobj 7440 0 obj << /Names [(0:1454) 2514 0 R (0:1458) 2553 0 R (0:1459) 2554 0 R (0:146) 1469 0 R (0:1460) 2555 0 R (0:1461) 2556 0 R] /Limits [(0:1454) (0:1461)] >> endobj 7441 0 obj << /Names [(0:1462) 2557 0 R (0:1463) 2558 0 R (0:1465) 2559 0 R (0:1467) 2560 0 R (0:1468) 2561 0 R (0:1469) 2562 0 R] /Limits [(0:1462) (0:1469)] >> endobj 7442 0 obj << /Names [(0:1470) 2563 0 R (0:1471) 2564 0 R (0:1472) 2565 0 R (0:1473) 2566 0 R (0:1474) 2567 0 R (0:1475) 2568 0 R] /Limits [(0:1470) (0:1475)] >> endobj 7443 0 obj << /Names [(0:1477) 2569 0 R (0:1478) 2570 0 R (0:1479) 2571 0 R (0:1480) 2572 0 R (0:1481) 2573 0 R (0:1482) 2574 0 R] /Limits [(0:1477) (0:1482)] >> endobj 7444 0 obj << /Names [(0:1483) 2575 0 R (0:1484) 2582 0 R (0:1485) 2547 0 R (0:1486) 2583 0 R (0:1488) 2584 0 R (0:1489) 2585 0 R] /Limits [(0:1483) (0:1489)] >> endobj 7445 0 obj << /Names [(0:149) 1470 0 R (0:1490) 2586 0 R (0:1491) 2587 0 R (0:1492) 2588 0 R (0:1493) 2589 0 R (0:1494) 2590 0 R] /Limits [(0:149) (0:1494)] >> endobj 7446 0 obj << /Names [(0:1495) 2591 0 R (0:1496) 2592 0 R (0:1497) 2593 0 R (0:1498) 2594 0 R (0:1499) 2595 0 R (0:15) 1331 0 R] /Limits [(0:1495) (0:15)] >> endobj 7447 0 obj << /Names [(0:150) 1471 0 R (0:1501) 2596 0 R (0:1503) 2597 0 R (0:1507) 2598 0 R (0:1508) 2599 0 R (0:151) 1472 0 R] /Limits [(0:150) (0:151)] >> endobj 7448 0 obj << /Names [(0:1510) 2600 0 R (0:1511) 2601 0 R (0:1512) 2602 0 R (0:1513) 2603 0 R (0:1514) 2604 0 R (0:1515) 2605 0 R] /Limits [(0:1510) (0:1515)] >> endobj 7449 0 obj << /Names [(0:1516) 2606 0 R (0:1518) 2607 0 R (0:152) 1473 0 R (0:1520) 2613 0 R (0:1521) 2614 0 R (0:1522) 2615 0 R] /Limits [(0:1516) (0:1522)] >> endobj 7450 0 obj << /Names [(0:1523) 2616 0 R (0:1524) 2617 0 R (0:1525) 2618 0 R (0:1528) 2620 0 R (0:1529) 2621 0 R (0:153) 1474 0 R] /Limits [(0:1523) (0:153)] >> endobj 7451 0 obj << /Names [(0:1530) 2622 0 R (0:1531) 2623 0 R (0:1534) 2624 0 R (0:1535) 2625 0 R (0:1539) 2626 0 R (0:154) 1475 0 R] /Limits [(0:1530) (0:154)] >> endobj 7452 0 obj << /Names [(0:1540) 2627 0 R (0:1541) 2628 0 R (0:1542) 2629 0 R (0:1543) 2630 0 R (0:1544) 2631 0 R (0:1545) 2637 0 R] /Limits [(0:1540) (0:1545)] >> endobj 7453 0 obj << /Names [(0:1546) 2638 0 R (0:1547) 2639 0 R (0:1548) 2640 0 R (0:1549) 2641 0 R (0:1550) 2642 0 R (0:1552) 2643 0 R] /Limits [(0:1546) (0:1552)] >> endobj 7454 0 obj << /Names [(0:1553) 2644 0 R (0:1554) 2645 0 R (0:1555) 2646 0 R (0:1556) 2647 0 R (0:1557) 2648 0 R (0:156) 1476 0 R] /Limits [(0:1553) (0:156)] >> endobj 7455 0 obj << /Names [(0:1560) 2649 0 R (0:1562) 2650 0 R (0:1563) 2651 0 R (0:1564) 2652 0 R (0:1566) 2653 0 R (0:1567) 2654 0 R] /Limits [(0:1560) (0:1567)] >> endobj 7456 0 obj << /Names [(0:1568) 2655 0 R (0:157) 1477 0 R (0:1570) 2656 0 R (0:1571) 2657 0 R (0:1572) 2658 0 R (0:1573) 2659 0 R] /Limits [(0:1568) (0:1573)] >> endobj 7457 0 obj << /Names [(0:1574) 2660 0 R (0:1575) 2661 0 R (0:1577) 2662 0 R (0:1578) 2663 0 R (0:1579) 2664 0 R (0:158) 1478 0 R] /Limits [(0:1574) (0:158)] >> endobj 7458 0 obj << /Names [(0:1580) 2665 0 R (0:1581) 2666 0 R (0:1582) 2667 0 R (0:1584) 2668 0 R (0:1585) 2669 0 R (0:1586) 2670 0 R] /Limits [(0:1580) (0:1586)] >> endobj 7459 0 obj << /Names [(0:1587) 2671 0 R (0:1588) 2672 0 R (0:1589) 2673 0 R (0:1591) 2679 0 R (0:1592) 2680 0 R (0:1593) 2681 0 R] /Limits [(0:1587) (0:1593)] >> endobj 7460 0 obj << /Names [(0:1594) 2682 0 R (0:1595) 2683 0 R (0:1596) 2636 0 R (0:1598) 2684 0 R (0:1599) 2685 0 R (0:16) 1332 0 R] /Limits [(0:1594) (0:16)] >> endobj 7461 0 obj << /Names [(0:160) 1480 0 R (0:1600) 2686 0 R (0:1601) 2687 0 R (0:1602) 2688 0 R (0:1603) 2689 0 R (0:1606) 2691 0 R] /Limits [(0:160) (0:1606)] >> endobj 7462 0 obj << /Names [(0:1607) 2692 0 R (0:1608) 2693 0 R (0:1609) 2694 0 R (0:161) 1481 0 R (0:1610) 2695 0 R (0:1611) 2696 0 R] /Limits [(0:1607) (0:1611)] >> endobj 7463 0 obj << /Names [(0:1612) 2697 0 R (0:1613) 2698 0 R (0:1614) 2700 0 R (0:1615) 2701 0 R (0:1616) 2702 0 R (0:1617) 2703 0 R] /Limits [(0:1612) (0:1617)] >> endobj 7464 0 obj << /Names [(0:1618) 2704 0 R (0:1619) 2705 0 R (0:162) 1482 0 R (0:1620) 2706 0 R (0:1621) 2707 0 R (0:1622) 2708 0 R] /Limits [(0:1618) (0:1622)] >> endobj 7465 0 obj << /Names [(0:1625) 2710 0 R (0:1627) 2711 0 R (0:1628) 2712 0 R (0:1629) 2713 0 R (0:163) 1483 0 R (0:1630) 2714 0 R] /Limits [(0:1625) (0:1630)] >> endobj 7466 0 obj << /Names [(0:1631) 2715 0 R (0:1632) 2716 0 R (0:1633) 2717 0 R (0:1634) 2718 0 R (0:1635) 2719 0 R (0:1636) 2720 0 R] /Limits [(0:1631) (0:1636)] >> endobj 7467 0 obj << /Names [(0:1637) 2721 0 R (0:1638) 2722 0 R (0:1639) 2727 0 R (0:1640) 2728 0 R (0:1641) 2729 0 R (0:1642) 2730 0 R] /Limits [(0:1637) (0:1642)] >> endobj 7468 0 obj << /Names [(0:1643) 2731 0 R (0:1644) 2732 0 R (0:1645) 2733 0 R (0:1648) 2734 0 R (0:1649) 2735 0 R (0:165) 1484 0 R] /Limits [(0:1643) (0:165)] >> endobj 7469 0 obj << /Names [(0:1650) 2736 0 R (0:1651) 2737 0 R (0:1652) 2738 0 R (0:1653) 2739 0 R (0:1654) 2740 0 R (0:1655) 2741 0 R] /Limits [(0:1650) (0:1655)] >> endobj 7470 0 obj << /Names [(0:1656) 2742 0 R (0:1657) 2743 0 R (0:1658) 2744 0 R (0:1659) 2745 0 R (0:166) 1485 0 R (0:1660) 2746 0 R] /Limits [(0:1656) (0:1660)] >> endobj 7471 0 obj << /Names [(0:1661) 2747 0 R (0:1662) 2748 0 R (0:1663) 2749 0 R (0:1664) 2750 0 R (0:1665) 2751 0 R (0:1666) 2752 0 R] /Limits [(0:1661) (0:1666)] >> endobj 7472 0 obj << /Names [(0:1667) 2753 0 R (0:1668) 2758 0 R (0:1669) 2759 0 R (0:167) 1486 0 R (0:1670) 2760 0 R (0:1671) 2761 0 R] /Limits [(0:1667) (0:1671)] >> endobj 7473 0 obj << /Names [(0:1672) 2762 0 R (0:1673) 2763 0 R (0:1676) 2764 0 R (0:1677) 2765 0 R (0:1678) 2766 0 R (0:1679) 2767 0 R] /Limits [(0:1672) (0:1679)] >> endobj 7474 0 obj << /Names [(0:1680) 2768 0 R (0:169) 1487 0 R (0:17) 1333 0 R (0:170) 1488 0 R (0:171) 1489 0 R (0:1710) 2770 0 R] /Limits [(0:1680) (0:1710)] >> endobj 7475 0 obj << /Names [(0:1711) 2771 0 R (0:1712) 2772 0 R (0:1713) 2773 0 R (0:1714) 2774 0 R (0:1715) 2775 0 R (0:1716) 2776 0 R] /Limits [(0:1711) (0:1716)] >> endobj 7476 0 obj << /Names [(0:1717) 2777 0 R (0:1718) 2778 0 R (0:1719) 2779 0 R (0:172) 1490 0 R (0:1720) 2780 0 R (0:1723) 2785 0 R] /Limits [(0:1717) (0:1723)] >> endobj 7477 0 obj << /Names [(0:1725) 2786 0 R (0:1726) 2787 0 R (0:1727) 2788 0 R (0:1728) 2789 0 R (0:1729) 2790 0 R (0:173) 1491 0 R] /Limits [(0:1725) (0:173)] >> endobj 7478 0 obj << /Names [(0:1730) 2791 0 R (0:1731) 2792 0 R (0:1732) 2793 0 R (0:1733) 2794 0 R (0:1734) 2795 0 R (0:1736) 2796 0 R] /Limits [(0:1730) (0:1736)] >> endobj 7479 0 obj << /Names [(0:1737) 2797 0 R (0:1738) 2798 0 R (0:1739) 2799 0 R (0:174) 1492 0 R (0:1740) 2800 0 R (0:1741) 2801 0 R] /Limits [(0:1737) (0:1741)] >> endobj 7480 0 obj << /Names [(0:1742) 2802 0 R (0:1744) 2803 0 R (0:1745) 2808 0 R (0:1746) 2809 0 R (0:1747) 2810 0 R (0:1748) 2811 0 R] /Limits [(0:1742) (0:1748)] >> endobj 7481 0 obj << /Names [(0:1749) 2812 0 R (0:1750) 2813 0 R (0:1751) 2814 0 R (0:1752) 2815 0 R (0:1753) 2816 0 R (0:1754) 2817 0 R] /Limits [(0:1749) (0:1754)] >> endobj 7482 0 obj << /Names [(0:1755) 2818 0 R (0:1756) 2819 0 R (0:1757) 2820 0 R (0:1758) 2821 0 R (0:176) 1493 0 R (0:1760) 2822 0 R] /Limits [(0:1755) (0:1760)] >> endobj 7483 0 obj << /Names [(0:1761) 2823 0 R (0:1762) 2824 0 R (0:1763) 2825 0 R (0:1764) 2826 0 R (0:1765) 2827 0 R (0:1766) 2828 0 R] /Limits [(0:1761) (0:1766)] >> endobj 7484 0 obj << /Names [(0:1767) 2829 0 R (0:1768) 2830 0 R (0:1769) 2831 0 R (0:1770) 2832 0 R (0:1771) 2833 0 R (0:1773) 2834 0 R] /Limits [(0:1767) (0:1773)] >> endobj 7485 0 obj << /Names [(0:1774) 2839 0 R (0:1777) 2841 0 R (0:1778) 2842 0 R (0:1779) 2843 0 R (0:178) 1494 0 R (0:1780) 2844 0 R] /Limits [(0:1774) (0:1780)] >> endobj 7486 0 obj << /Names [(0:1781) 2845 0 R (0:1782) 2846 0 R (0:1783) 2847 0 R (0:1784) 2848 0 R (0:1785) 2849 0 R (0:1788) 2851 0 R] /Limits [(0:1781) (0:1788)] >> endobj 7487 0 obj << /Names [(0:1789) 2852 0 R (0:179) 1495 0 R (0:1790) 2853 0 R (0:1793) 2860 0 R (0:1794) 2861 0 R (0:1795) 2862 0 R] /Limits [(0:1789) (0:1795)] >> endobj 7488 0 obj << /Names [(0:1796) 2863 0 R (0:1797) 2864 0 R (0:1798) 2865 0 R (0:1799) 2866 0 R (0:18) 1334 0 R (0:180) 1496 0 R] /Limits [(0:1796) (0:180)] >> endobj 7489 0 obj << /Names [(0:1800) 2867 0 R (0:1801) 2868 0 R (0:1803) 2869 0 R (0:1804) 2870 0 R (0:1805) 2871 0 R (0:1809) 2879 0 R] /Limits [(0:1800) (0:1809)] >> endobj 7490 0 obj << /Names [(0:181) 1454 0 R (0:1810) 2880 0 R (0:1811) 2881 0 R (0:1812) 2882 0 R (0:1813) 2883 0 R (0:1814) 2884 0 R] /Limits [(0:181) (0:1814)] >> endobj 7491 0 obj << /Names [(0:1815) 2885 0 R (0:1816) 2886 0 R (0:1817) 2887 0 R (0:1818) 2888 0 R (0:1820) 2889 0 R (0:1821) 2890 0 R] /Limits [(0:1815) (0:1821)] >> endobj 7492 0 obj << /Names [(0:1822) 2891 0 R (0:1823) 2892 0 R (0:1824) 2893 0 R (0:1825) 2894 0 R (0:1826) 2895 0 R (0:1827) 2896 0 R] /Limits [(0:1822) (0:1827)] >> endobj 7493 0 obj << /Names [(0:1828) 2897 0 R (0:183) 1514 0 R (0:1831) 2898 0 R (0:1832) 2899 0 R (0:1833) 2900 0 R (0:1834) 2901 0 R] /Limits [(0:1828) (0:1834)] >> endobj 7494 0 obj << /Names [(0:1835) 2902 0 R (0:1836) 2903 0 R (0:184) 1515 0 R (0:1840) 2904 0 R (0:1841) 2905 0 R (0:1842) 2906 0 R] /Limits [(0:1835) (0:1842)] >> endobj 7495 0 obj << /Names [(0:1843) 2907 0 R (0:1844) 2908 0 R (0:1845) 2909 0 R (0:1846) 2910 0 R (0:1847) 2911 0 R (0:1848) 2912 0 R] /Limits [(0:1843) (0:1848)] >> endobj 7496 0 obj << /Names [(0:1849) 2913 0 R (0:185) 1516 0 R (0:1850) 2914 0 R (0:1851) 2915 0 R (0:1852) 2916 0 R (0:1853) 2917 0 R] /Limits [(0:1849) (0:1853)] >> endobj 7497 0 obj << /Names [(0:1854) 2918 0 R (0:1855) 2919 0 R (0:1856) 2920 0 R (0:1857) 2921 0 R (0:1858) 2922 0 R (0:1859) 2923 0 R] /Limits [(0:1854) (0:1859)] >> endobj 7498 0 obj << /Names [(0:186) 1517 0 R (0:1860) 2928 0 R (0:1861) 2929 0 R (0:1862) 2930 0 R (0:1863) 2931 0 R (0:1864) 2932 0 R] /Limits [(0:186) (0:1864)] >> endobj 7499 0 obj << /Names [(0:1865) 2933 0 R (0:1866) 2934 0 R (0:1867) 2935 0 R (0:1868) 2936 0 R (0:1869) 2937 0 R (0:187) 1518 0 R] /Limits [(0:1865) (0:187)] >> endobj 7500 0 obj << /Names [(0:1870) 2938 0 R (0:1871) 2939 0 R (0:1872) 2940 0 R (0:1873) 2941 0 R (0:1874) 2942 0 R (0:1875) 2943 0 R] /Limits [(0:1870) (0:1875)] >> endobj 7501 0 obj << /Names [(0:1876) 2944 0 R (0:1877) 2945 0 R (0:1878) 2946 0 R (0:1879) 2947 0 R (0:188) 1519 0 R (0:1882) 2948 0 R] /Limits [(0:1876) (0:1882)] >> endobj 7502 0 obj << /Names [(0:1883) 2949 0 R (0:1884) 2950 0 R (0:1885) 2951 0 R (0:1886) 2952 0 R (0:1887) 2953 0 R (0:1888) 2954 0 R] /Limits [(0:1883) (0:1888)] >> endobj 7503 0 obj << /Names [(0:1889) 2955 0 R (0:189) 1520 0 R (0:1890) 2956 0 R (0:1891) 2957 0 R (0:1892) 2958 0 R (0:1893) 2959 0 R] /Limits [(0:1889) (0:1893)] >> endobj 7504 0 obj << /Names [(0:1894) 2960 0 R (0:1895) 2961 0 R (0:1896) 2962 0 R (0:1897) 2963 0 R (0:1898) 2964 0 R (0:1899) 2965 0 R] /Limits [(0:1894) (0:1899)] >> endobj 7505 0 obj << /Names [(0:19) 1335 0 R (0:190) 1521 0 R (0:1900) 2966 0 R (0:1901) 2967 0 R (0:1902) 2968 0 R (0:1903) 2969 0 R] /Limits [(0:19) (0:1903)] >> endobj 7506 0 obj << /Names [(0:1904) 2970 0 R (0:1905) 2971 0 R (0:1906) 2972 0 R (0:1907) 2973 0 R (0:191) 1522 0 R (0:1910) 2979 0 R] /Limits [(0:1904) (0:1910)] >> endobj 7507 0 obj << /Names [(0:1911) 2980 0 R (0:1912) 2981 0 R (0:1913) 2982 0 R (0:1914) 2983 0 R (0:1915) 2984 0 R (0:1916) 2985 0 R] /Limits [(0:1911) (0:1916)] >> endobj 7508 0 obj << /Names [(0:1917) 2986 0 R (0:1918) 2987 0 R (0:1919) 2988 0 R (0:1920) 2989 0 R (0:1921) 2990 0 R (0:1922) 2991 0 R] /Limits [(0:1917) (0:1922)] >> endobj 7509 0 obj << /Names [(0:1923) 2992 0 R (0:1924) 2993 0 R (0:1925) 2994 0 R (0:1926) 2995 0 R (0:1927) 2996 0 R (0:1928) 2997 0 R] /Limits [(0:1923) (0:1928)] >> endobj 7510 0 obj << /Names [(0:1929) 2998 0 R (0:193) 1523 0 R (0:1930) 2999 0 R (0:1931) 3000 0 R (0:1932) 3001 0 R (0:1933) 3002 0 R] /Limits [(0:1929) (0:1933)] >> endobj 7511 0 obj << /Names [(0:1934) 3003 0 R (0:1935) 3004 0 R (0:1936) 3005 0 R (0:1937) 3006 0 R (0:1938) 3007 0 R (0:1939) 3008 0 R] /Limits [(0:1934) (0:1939)] >> endobj 7512 0 obj << /Names [(0:194) 1524 0 R (0:1943) 3009 0 R (0:1946) 3010 0 R (0:1947) 3011 0 R (0:1948) 3016 0 R (0:1949) 3017 0 R] /Limits [(0:194) (0:1949)] >> endobj 7513 0 obj << /Names [(0:195) 1525 0 R (0:1951) 3018 0 R (0:1952) 3019 0 R (0:1953) 3020 0 R (0:1954) 3021 0 R (0:1956) 3022 0 R] /Limits [(0:195) (0:1956)] >> endobj 7514 0 obj << /Names [(0:1957) 3023 0 R (0:1958) 3024 0 R (0:1959) 3025 0 R (0:196) 1526 0 R (0:1961) 3026 0 R (0:1962) 3027 0 R] /Limits [(0:1957) (0:1962)] >> endobj 7515 0 obj << /Names [(0:1963) 3028 0 R (0:1964) 3029 0 R (0:1965) 3030 0 R (0:1966) 3031 0 R (0:1968) 3032 0 R (0:1969) 3033 0 R] /Limits [(0:1963) (0:1969)] >> endobj 7516 0 obj << /Names [(0:1970) 3034 0 R (0:1971) 3035 0 R (0:1973) 3036 0 R (0:1974) 3037 0 R (0:1975) 3038 0 R (0:1976) 3039 0 R] /Limits [(0:1970) (0:1976)] >> endobj 7517 0 obj << /Names [(0:1978) 3040 0 R (0:1979) 3041 0 R (0:198) 1527 0 R (0:1980) 3042 0 R (0:1981) 3043 0 R (0:1982) 3050 0 R] /Limits [(0:1978) (0:1982)] >> endobj 7518 0 obj << /Names [(0:1984) 3051 0 R (0:1985) 3052 0 R (0:1986) 3053 0 R (0:1988) 3054 0 R (0:1989) 3055 0 R (0:199) 1528 0 R] /Limits [(0:1984) (0:199)] >> endobj 7519 0 obj << /Names [(0:1990) 3056 0 R (0:1992) 3057 0 R (0:1993) 3058 0 R (0:1994) 3059 0 R (0:1996) 3060 0 R (0:1997) 3061 0 R] /Limits [(0:1990) (0:1997)] >> endobj 7520 0 obj << /Names [(0:1998) 3062 0 R (0:20) 1336 0 R (0:200) 1529 0 R (0:2000) 3063 0 R (0:2001) 3064 0 R (0:2002) 3065 0 R] /Limits [(0:1998) (0:2002)] >> endobj 7521 0 obj << /Names [(0:2004) 3066 0 R (0:2005) 3067 0 R (0:2006) 3068 0 R (0:2007) 3069 0 R (0:2009) 3070 0 R (0:2010) 3071 0 R] /Limits [(0:2004) (0:2010)] >> endobj 7522 0 obj << /Names [(0:2012) 3072 0 R (0:2013) 3073 0 R (0:2014) 3074 0 R (0:2015) 3075 0 R (0:2016) 3076 0 R (0:2017) 3077 0 R] /Limits [(0:2012) (0:2017)] >> endobj 7523 0 obj << /Names [(0:2018) 3078 0 R (0:2019) 3079 0 R (0:202) 1530 0 R (0:2022) 3081 0 R (0:2023) 3089 0 R (0:2024) 3090 0 R] /Limits [(0:2018) (0:2024)] >> endobj 7524 0 obj << /Names [(0:2025) 3091 0 R (0:2026) 3049 0 R (0:2027) 3092 0 R (0:2028) 3093 0 R (0:2029) 3094 0 R (0:203) 1531 0 R] /Limits [(0:2025) (0:203)] >> endobj 7525 0 obj << /Names [(0:2030) 3095 0 R (0:2032) 3096 0 R (0:2033) 3097 0 R (0:2034) 3098 0 R (0:2035) 3099 0 R (0:2037) 3100 0 R] /Limits [(0:2030) (0:2037)] >> endobj 7526 0 obj << /Names [(0:2038) 3106 0 R (0:2039) 3107 0 R (0:204) 1533 0 R (0:2042) 3109 0 R (0:2043) 3110 0 R (0:2044) 3111 0 R] /Limits [(0:2038) (0:2044)] >> endobj 7527 0 obj << /Names [(0:2045) 3112 0 R (0:2046) 3113 0 R (0:2047) 3114 0 R (0:2048) 3115 0 R (0:2049) 3116 0 R (0:205) 1534 0 R] /Limits [(0:2045) (0:205)] >> endobj 7528 0 obj << /Names [(0:2050) 3117 0 R (0:2051) 3118 0 R (0:2052) 3119 0 R (0:2053) 3120 0 R (0:2054) 3121 0 R (0:2055) 3122 0 R] /Limits [(0:2050) (0:2055)] >> endobj 7529 0 obj << /Names [(0:2056) 3123 0 R (0:2057) 3124 0 R (0:2058) 3125 0 R (0:2059) 3126 0 R (0:2060) 3127 0 R (0:2061) 3128 0 R] /Limits [(0:2056) (0:2061)] >> endobj 7530 0 obj << /Names [(0:2062) 3129 0 R (0:2063) 3130 0 R (0:2064) 3131 0 R (0:2065) 3132 0 R (0:2066) 3133 0 R (0:2067) 3134 0 R] /Limits [(0:2062) (0:2067)] >> endobj 7531 0 obj << /Names [(0:2068) 3135 0 R (0:2069) 3136 0 R (0:207) 1535 0 R (0:2070) 3137 0 R (0:2071) 3138 0 R (0:2072) 3139 0 R] /Limits [(0:2068) (0:2072)] >> endobj 7532 0 obj << /Names [(0:2073) 3140 0 R (0:2074) 3141 0 R (0:2075) 3142 0 R (0:2076) 3143 0 R (0:2077) 3144 0 R (0:2078) 3145 0 R] /Limits [(0:2073) (0:2078)] >> endobj 7533 0 obj << /Names [(0:2079) 3146 0 R (0:208) 1536 0 R (0:2080) 3147 0 R (0:2081) 3153 0 R (0:2082) 3154 0 R (0:2083) 3155 0 R] /Limits [(0:2079) (0:2083)] >> endobj 7534 0 obj << /Names [(0:2084) 3156 0 R (0:2085) 3157 0 R (0:2086) 3158 0 R (0:2087) 3159 0 R (0:209) 1537 0 R (0:2090) 3161 0 R] /Limits [(0:2084) (0:2090)] >> endobj 7535 0 obj << /Names [(0:2091) 3162 0 R (0:2092) 3163 0 R (0:2093) 3164 0 R (0:2094) 3165 0 R (0:2095) 3166 0 R (0:2096) 3167 0 R] /Limits [(0:2091) (0:2096)] >> endobj 7536 0 obj << /Names [(0:2097) 3168 0 R (0:2099) 3169 0 R (0:21) 1337 0 R (0:2100) 3170 0 R (0:2101) 3171 0 R (0:2102) 3172 0 R] /Limits [(0:2097) (0:2102)] >> endobj 7537 0 obj << /Names [(0:2103) 3173 0 R (0:2104) 3174 0 R (0:2105) 3175 0 R (0:2106) 3182 0 R (0:2107) 3152 0 R (0:2108) 3183 0 R] /Limits [(0:2103) (0:2108)] >> endobj 7538 0 obj << /Names [(0:211) 1538 0 R (0:2110) 3184 0 R (0:2111) 3185 0 R (0:2112) 3186 0 R (0:2113) 3187 0 R (0:2114) 3188 0 R] /Limits [(0:211) (0:2114)] >> endobj 7539 0 obj << /Names [(0:2115) 3189 0 R (0:2116) 3190 0 R (0:2119) 3191 0 R (0:212) 1539 0 R (0:2120) 3192 0 R (0:2121) 3193 0 R] /Limits [(0:2115) (0:2121)] >> endobj 7540 0 obj << /Names [(0:2122) 3194 0 R (0:2123) 3195 0 R (0:2124) 3196 0 R (0:2125) 3197 0 R (0:2126) 3198 0 R (0:2127) 3199 0 R] /Limits [(0:2122) (0:2127)] >> endobj 7541 0 obj << /Names [(0:2129) 3200 0 R (0:213) 1540 0 R (0:2130) 3201 0 R (0:2131) 3202 0 R (0:2132) 3203 0 R (0:2134) 3204 0 R] /Limits [(0:2129) (0:2134)] >> endobj 7542 0 obj << /Names [(0:2135) 3205 0 R (0:2138) 3211 0 R (0:2139) 3212 0 R (0:2140) 3213 0 R (0:2141) 3214 0 R (0:2142) 3215 0 R] /Limits [(0:2135) (0:2142)] >> endobj 7543 0 obj << /Names [(0:2144) 3216 0 R (0:2145) 3217 0 R (0:2146) 3218 0 R (0:2147) 3219 0 R (0:2148) 3220 0 R (0:2149) 3221 0 R] /Limits [(0:2144) (0:2149)] >> endobj 7544 0 obj << /Names [(0:215) 1541 0 R (0:2150) 3222 0 R (0:2151) 3223 0 R (0:2152) 3224 0 R (0:2153) 3225 0 R (0:2154) 3226 0 R] /Limits [(0:215) (0:2154)] >> endobj 7545 0 obj << /Names [(0:2157) 3228 0 R (0:2158) 3229 0 R (0:2159) 3230 0 R (0:216) 1542 0 R (0:2160) 3231 0 R (0:2161) 3232 0 R] /Limits [(0:2157) (0:2161)] >> endobj 7546 0 obj << /Names [(0:2162) 3233 0 R (0:2163) 3234 0 R (0:2165) 3235 0 R (0:2168) 3237 0 R (0:2169) 3238 0 R (0:217) 1543 0 R] /Limits [(0:2162) (0:217)] >> endobj 7547 0 obj << /Names [(0:2170) 3239 0 R (0:2171) 3240 0 R (0:2172) 3241 0 R (0:2173) 3242 0 R (0:2175) 3247 0 R (0:2176) 3248 0 R] /Limits [(0:2170) (0:2176)] >> endobj 7548 0 obj << /Names [(0:2179) 3250 0 R (0:2180) 3251 0 R (0:2181) 3252 0 R (0:2182) 3253 0 R (0:2183) 3254 0 R (0:2184) 3255 0 R] /Limits [(0:2179) (0:2184)] >> endobj 7549 0 obj << /Names [(0:2185) 3256 0 R (0:2186) 3257 0 R (0:2188) 3258 0 R (0:2189) 3259 0 R (0:219) 1544 0 R (0:2190) 3260 0 R] /Limits [(0:2185) (0:2190)] >> endobj 7550 0 obj << /Names [(0:2192) 3261 0 R (0:2193) 3262 0 R (0:2196) 3263 0 R (0:2197) 3264 0 R (0:2198) 3265 0 R (0:2199) 3266 0 R] /Limits [(0:2192) (0:2199)] >> endobj 7551 0 obj << /Names [(0:22) 1338 0 R (0:220) 1545 0 R (0:2200) 3267 0 R (0:2201) 3268 0 R (0:2202) 3269 0 R (0:2203) 3270 0 R] /Limits [(0:22) (0:2203)] >> endobj 7552 0 obj << /Names [(0:2204) 3271 0 R (0:2205) 3272 0 R (0:2206) 3279 0 R (0:2207) 3280 0 R (0:2208) 3281 0 R (0:221) 1546 0 R] /Limits [(0:2204) (0:221)] >> endobj 7553 0 obj << /Names [(0:2210) 3282 0 R (0:2211) 3283 0 R (0:2212) 3284 0 R (0:2214) 3285 0 R (0:2215) 3286 0 R (0:2216) 3287 0 R] /Limits [(0:2210) (0:2216)] >> endobj 7554 0 obj << /Names [(0:2217) 3288 0 R (0:2218) 3289 0 R (0:2219) 3290 0 R (0:222) 1547 0 R (0:2220) 3291 0 R (0:2221) 3292 0 R] /Limits [(0:2217) (0:2221)] >> endobj 7555 0 obj << /Names [(0:2222) 3293 0 R (0:2223) 3294 0 R (0:2224) 3295 0 R (0:2225) 3296 0 R (0:2226) 3297 0 R (0:2227) 3298 0 R] /Limits [(0:2222) (0:2227)] >> endobj 7556 0 obj << /Names [(0:2228) 3299 0 R (0:2229) 3300 0 R (0:2230) 3301 0 R (0:2231) 3302 0 R (0:2234) 3304 0 R (0:2236) 3305 0 R] /Limits [(0:2228) (0:2236)] >> endobj 7557 0 obj << /Names [(0:2238) 3306 0 R (0:2239) 3307 0 R (0:224) 1548 0 R (0:2240) 3308 0 R (0:2241) 3309 0 R (0:2242) 3310 0 R] /Limits [(0:2238) (0:2242)] >> endobj 7558 0 obj << /Names [(0:2243) 3311 0 R (0:2246) 3319 0 R (0:2247) 3320 0 R (0:225) 1549 0 R (0:2250) 3322 0 R (0:2251) 3323 0 R] /Limits [(0:2243) (0:2251)] >> endobj 7559 0 obj << /Names [(0:2252) 3324 0 R (0:2253) 3325 0 R (0:2254) 3326 0 R (0:2257) 3328 0 R (0:226) 1550 0 R (0:2261) 3330 0 R] /Limits [(0:2252) (0:2261)] >> endobj 7560 0 obj << /Names [(0:2262) 3331 0 R (0:2263) 3332 0 R (0:2264) 3333 0 R (0:2265) 3334 0 R (0:2266) 3335 0 R (0:2267) 3336 0 R] /Limits [(0:2262) (0:2267)] >> endobj 7561 0 obj << /Names [(0:2268) 3337 0 R (0:2270) 3338 0 R (0:2271) 3339 0 R (0:2272) 3345 0 R (0:2273) 3346 0 R (0:2274) 3317 0 R] /Limits [(0:2268) (0:2274)] >> endobj 7562 0 obj << /Names [(0:2276) 3347 0 R (0:2277) 3348 0 R (0:2278) 3349 0 R (0:2279) 3350 0 R (0:228) 1551 0 R (0:2280) 3351 0 R] /Limits [(0:2276) (0:2280)] >> endobj 7563 0 obj << /Names [(0:2281) 3352 0 R (0:2282) 3353 0 R (0:2283) 3354 0 R (0:2284) 3355 0 R (0:2285) 3356 0 R (0:2286) 3357 0 R] /Limits [(0:2281) (0:2286)] >> endobj 7564 0 obj << /Names [(0:2287) 3358 0 R (0:2288) 3359 0 R (0:2289) 3360 0 R (0:229) 1552 0 R (0:2290) 3361 0 R (0:2291) 3362 0 R] /Limits [(0:2287) (0:2291)] >> endobj 7565 0 obj << /Names [(0:2292) 3363 0 R (0:2293) 3364 0 R (0:2294) 3365 0 R (0:2295) 3366 0 R (0:2296) 3367 0 R (0:2297) 3368 0 R] /Limits [(0:2292) (0:2297)] >> endobj 7566 0 obj << /Names [(0:2298) 3369 0 R (0:2299) 3370 0 R (0:23) 1339 0 R (0:2300) 3371 0 R (0:2301) 3372 0 R (0:2302) 3373 0 R] /Limits [(0:2298) (0:2302)] >> endobj 7567 0 obj << /Names [(0:2303) 3374 0 R (0:2304) 3375 0 R (0:2306) 3376 0 R (0:2307) 3377 0 R (0:2308) 3378 0 R (0:2309) 3379 0 R] /Limits [(0:2303) (0:2309)] >> endobj 7568 0 obj << /Names [(0:231) 1553 0 R (0:2310) 3380 0 R (0:2311) 3381 0 R (0:2312) 3382 0 R (0:2313) 3383 0 R (0:2314) 3388 0 R] /Limits [(0:231) (0:2314)] >> endobj 7569 0 obj << /Names [(0:2315) 3389 0 R (0:2316) 3390 0 R (0:2317) 3391 0 R (0:2319) 3392 0 R (0:232) 1554 0 R (0:2320) 3393 0 R] /Limits [(0:2315) (0:2320)] >> endobj 7570 0 obj << /Names [(0:2321) 3394 0 R (0:2322) 3395 0 R (0:2325) 3397 0 R (0:2326) 3398 0 R (0:2327) 3399 0 R (0:2329) 3400 0 R] /Limits [(0:2321) (0:2329)] >> endobj 7571 0 obj << /Names [(0:233) 1555 0 R (0:2330) 3401 0 R (0:2331) 3402 0 R (0:2333) 3403 0 R (0:2334) 3404 0 R (0:2335) 3405 0 R] /Limits [(0:233) (0:2335)] >> endobj 7572 0 obj << /Names [(0:2337) 3406 0 R (0:2338) 3407 0 R (0:2339) 3408 0 R (0:2341) 3409 0 R (0:2342) 3410 0 R (0:2343) 3411 0 R] /Limits [(0:2337) (0:2343)] >> endobj 7573 0 obj << /Names [(0:2344) 3412 0 R (0:2346) 3413 0 R (0:2347) 3414 0 R (0:2348) 3415 0 R (0:2349) 3416 0 R (0:235) 1556 0 R] /Limits [(0:2344) (0:235)] >> endobj 7574 0 obj << /Names [(0:2351) 3417 0 R (0:2352) 3418 0 R (0:2353) 3419 0 R (0:2354) 3420 0 R (0:2355) 3421 0 R (0:2356) 3422 0 R] /Limits [(0:2351) (0:2356)] >> endobj 7575 0 obj << /Names [(0:2357) 3423 0 R (0:2358) 3424 0 R (0:2359) 3425 0 R (0:236) 1557 0 R (0:2360) 3426 0 R (0:2361) 3427 0 R] /Limits [(0:2357) (0:2361)] >> endobj 7576 0 obj << /Names [(0:2362) 3428 0 R (0:2363) 3433 0 R (0:2364) 3434 0 R (0:2365) 3435 0 R (0:2366) 3436 0 R (0:2367) 3437 0 R] /Limits [(0:2362) (0:2367)] >> endobj 7577 0 obj << /Names [(0:2368) 3438 0 R (0:2369) 3439 0 R (0:237) 1558 0 R (0:2370) 3440 0 R (0:2373) 3442 0 R (0:2374) 3443 0 R] /Limits [(0:2368) (0:2374)] >> endobj 7578 0 obj << /Names [(0:2375) 3444 0 R (0:2376) 3445 0 R (0:2377) 3446 0 R (0:2378) 3447 0 R (0:2379) 3448 0 R (0:238) 1559 0 R] /Limits [(0:2375) (0:238)] >> endobj 7579 0 obj << /Names [(0:2380) 3449 0 R (0:2381) 3450 0 R (0:2382) 3451 0 R (0:2383) 3452 0 R (0:2384) 3453 0 R (0:2385) 3454 0 R] /Limits [(0:2380) (0:2385)] >> endobj 7580 0 obj << /Names [(0:2386) 3455 0 R (0:2387) 3456 0 R (0:2388) 3457 0 R (0:2389) 3458 0 R (0:239) 1560 0 R (0:2390) 3459 0 R] /Limits [(0:2386) (0:2390)] >> endobj 7581 0 obj << /Names [(0:2391) 3460 0 R (0:2392) 3461 0 R (0:2393) 3462 0 R (0:2396) 3464 0 R (0:2397) 3471 0 R (0:240) 1561 0 R] /Limits [(0:2391) (0:240)] >> endobj 7582 0 obj << /Names [(0:2400) 3472 0 R (0:2401) 3473 0 R (0:2402) 3474 0 R (0:2403) 3475 0 R (0:2404) 3476 0 R (0:2405) 3477 0 R] /Limits [(0:2400) (0:2405)] >> endobj 7583 0 obj << /Names [(0:2407) 3478 0 R (0:2409) 3479 0 R (0:241) 1562 0 R (0:2410) 3480 0 R (0:2411) 3481 0 R (0:2412) 3482 0 R] /Limits [(0:2407) (0:2412)] >> endobj 7584 0 obj << /Names [(0:2415) 3488 0 R (0:2416) 3489 0 R (0:2417) 3470 0 R (0:242) 1563 0 R (0:2420) 3490 0 R (0:2421) 3491 0 R] /Limits [(0:2415) (0:2421)] >> endobj 7585 0 obj << /Names [(0:2422) 3492 0 R (0:2423) 3493 0 R (0:2424) 3494 0 R (0:2425) 3495 0 R (0:2426) 3496 0 R (0:2427) 3497 0 R] /Limits [(0:2422) (0:2427)] >> endobj 7586 0 obj << /Names [(0:2428) 3498 0 R (0:2430) 3499 0 R (0:2433) 3501 0 R (0:2434) 3502 0 R (0:2435) 3503 0 R (0:2436) 3504 0 R] /Limits [(0:2428) (0:2436)] >> endobj 7587 0 obj << /Names [(0:2437) 3505 0 R (0:2438) 3506 0 R (0:2439) 3507 0 R (0:244) 1569 0 R (0:2440) 3508 0 R (0:2441) 3509 0 R] /Limits [(0:2437) (0:2441)] >> endobj 7588 0 obj << /Names [(0:2442) 3510 0 R (0:2443) 3511 0 R (0:2444) 3512 0 R (0:2445) 3513 0 R (0:2446) 3518 0 R (0:2447) 3519 0 R] /Limits [(0:2442) (0:2447)] >> endobj 7589 0 obj << /Names [(0:2448) 3520 0 R (0:2449) 3521 0 R (0:2450) 3522 0 R (0:2451) 3523 0 R (0:2452) 3524 0 R (0:2453) 3525 0 R] /Limits [(0:2448) (0:2453)] >> endobj 7590 0 obj << /Names [(0:2454) 3526 0 R (0:2455) 3527 0 R (0:2456) 3528 0 R (0:2458) 3529 0 R (0:2459) 3530 0 R (0:2460) 3531 0 R] /Limits [(0:2454) (0:2460)] >> endobj 7591 0 obj << /Names [(0:2463) 3532 0 R (0:2464) 3533 0 R (0:2465) 3534 0 R (0:2466) 3535 0 R (0:2467) 3536 0 R (0:2468) 3537 0 R] /Limits [(0:2463) (0:2468)] >> endobj 7592 0 obj << /Names [(0:2469) 3538 0 R (0:2470) 3539 0 R (0:2471) 3540 0 R (0:2472) 3541 0 R (0:2473) 3542 0 R (0:2474) 3543 0 R] /Limits [(0:2469) (0:2474)] >> endobj 7593 0 obj << /Names [(0:2475) 3544 0 R (0:2476) 3545 0 R (0:2477) 3546 0 R (0:2478) 3547 0 R (0:2479) 3548 0 R (0:248) 1570 0 R] /Limits [(0:2475) (0:248)] >> endobj 7594 0 obj << /Names [(0:2480) 3549 0 R (0:2481) 3550 0 R (0:2484) 3551 0 R (0:2485) 3552 0 R (0:2486) 3553 0 R (0:2487) 3558 0 R] /Limits [(0:2480) (0:2487)] >> endobj 7595 0 obj << /Names [(0:2488) 3559 0 R (0:2489) 3560 0 R (0:249) 1571 0 R (0:2490) 3561 0 R (0:2493) 3562 0 R (0:2494) 3563 0 R] /Limits [(0:2488) (0:2494)] >> endobj 7596 0 obj << /Names [(0:2495) 3564 0 R (0:2496) 3565 0 R (0:2497) 3566 0 R (0:2498) 3567 0 R (0:2499) 3568 0 R (0:250) 1572 0 R] /Limits [(0:2495) (0:250)] >> endobj 7597 0 obj << /Names [(0:2501) 3569 0 R (0:2502) 3570 0 R (0:2503) 3571 0 R (0:2504) 3572 0 R (0:2505) 3573 0 R (0:2506) 3574 0 R] /Limits [(0:2501) (0:2506)] >> endobj 7598 0 obj << /Names [(0:2507) 3575 0 R (0:2508) 3576 0 R (0:2509) 3577 0 R (0:251) 1573 0 R (0:2510) 3578 0 R (0:2511) 3579 0 R] /Limits [(0:2507) (0:2511)] >> endobj 7599 0 obj << /Names [(0:2512) 3580 0 R (0:2513) 3581 0 R (0:2514) 3582 0 R (0:2515) 3583 0 R (0:2516) 3584 0 R (0:2517) 3585 0 R] /Limits [(0:2512) (0:2517)] >> endobj 7600 0 obj << /Names [(0:252) 1574 0 R (0:2520) 3591 0 R (0:2521) 3592 0 R (0:2522) 3593 0 R (0:2523) 3594 0 R (0:2524) 3595 0 R] /Limits [(0:252) (0:2524)] >> endobj 7601 0 obj << /Names [(0:2525) 3596 0 R (0:2526) 3597 0 R (0:2527) 3598 0 R (0:2528) 3599 0 R (0:2529) 3600 0 R (0:253) 1575 0 R] /Limits [(0:2525) (0:253)] >> endobj 7602 0 obj << /Names [(0:2530) 3601 0 R (0:2531) 3602 0 R (0:2532) 3603 0 R (0:2533) 3604 0 R (0:2534) 3605 0 R (0:2535) 3606 0 R] /Limits [(0:2530) (0:2535)] >> endobj 7603 0 obj << /Names [(0:2537) 3607 0 R (0:2538) 3608 0 R (0:2539) 3609 0 R (0:254) 1576 0 R (0:2540) 3610 0 R (0:2541) 3611 0 R] /Limits [(0:2537) (0:2541)] >> endobj 7604 0 obj << /Names [(0:2542) 3612 0 R (0:2543) 3613 0 R (0:2546) 3615 0 R (0:2547) 3616 0 R (0:2548) 3617 0 R (0:2549) 3624 0 R] /Limits [(0:2542) (0:2549)] >> endobj 7605 0 obj << /Names [(0:255) 1577 0 R (0:2553) 3625 0 R (0:2554) 3626 0 R (0:2556) 3627 0 R (0:2557) 3628 0 R (0:2558) 3633 0 R] /Limits [(0:255) (0:2558)] >> endobj 7606 0 obj << /Names [(0:2559) 3634 0 R (0:256) 1578 0 R (0:2560) 3635 0 R (0:2561) 3623 0 R (0:2563) 3636 0 R (0:2564) 3637 0 R] /Limits [(0:2559) (0:2564)] >> endobj 7607 0 obj << /Names [(0:2565) 3638 0 R (0:2566) 3639 0 R (0:2567) 3640 0 R (0:257) 1579 0 R (0:2570) 3641 0 R (0:2571) 3642 0 R] /Limits [(0:2565) (0:2571)] >> endobj 7608 0 obj << /Names [(0:2572) 3643 0 R (0:2573) 3644 0 R (0:2574) 3645 0 R (0:2575) 3646 0 R (0:2576) 3647 0 R (0:2577) 3648 0 R] /Limits [(0:2572) (0:2577)] >> endobj 7609 0 obj << /Names [(0:2578) 3649 0 R (0:2579) 3650 0 R (0:258) 1580 0 R (0:2580) 3651 0 R (0:2581) 3652 0 R (0:2582) 3653 0 R] /Limits [(0:2578) (0:2582)] >> endobj 7610 0 obj << /Names [(0:2583) 3654 0 R (0:2584) 3655 0 R (0:2586) 3656 0 R (0:2587) 3657 0 R (0:2588) 3658 0 R (0:2589) 3659 0 R] /Limits [(0:2583) (0:2589)] >> endobj 7611 0 obj << /Names [(0:259) 1581 0 R (0:2590) 3660 0 R (0:2591) 3661 0 R (0:2592) 3662 0 R (0:2594) 3663 0 R (0:2595) 3664 0 R] /Limits [(0:259) (0:2595)] >> endobj 7612 0 obj << /Names [(0:2596) 3665 0 R (0:2597) 3666 0 R (0:2598) 3667 0 R (0:26) 1345 0 R (0:260) 1582 0 R (0:2601) 3669 0 R] /Limits [(0:2596) (0:2601)] >> endobj 7613 0 obj << /Names [(0:2602) 3670 0 R (0:2603) 3671 0 R (0:2607) 3680 0 R (0:2608) 3681 0 R (0:2609) 3682 0 R (0:261) 1583 0 R] /Limits [(0:2602) (0:261)] >> endobj 7614 0 obj << /Names [(0:2610) 3683 0 R (0:2611) 3684 0 R (0:2612) 3689 0 R (0:2613) 3690 0 R (0:2614) 3678 0 R (0:2618) 3692 0 R] /Limits [(0:2610) (0:2618)] >> endobj 7615 0 obj << /Names [(0:2619) 3693 0 R (0:262) 1584 0 R (0:2620) 3694 0 R (0:2621) 3695 0 R (0:2622) 3696 0 R (0:2623) 3697 0 R] /Limits [(0:2619) (0:2623)] >> endobj 7616 0 obj << /Names [(0:2624) 3698 0 R (0:2625) 3699 0 R (0:2626) 3700 0 R (0:2627) 3701 0 R (0:2628) 3702 0 R (0:2629) 3703 0 R] /Limits [(0:2624) (0:2629)] >> endobj 7617 0 obj << /Names [(0:263) 1585 0 R (0:2630) 3704 0 R (0:2631) 3705 0 R (0:2632) 3706 0 R (0:2633) 3707 0 R (0:2634) 3708 0 R] /Limits [(0:263) (0:2634)] >> endobj 7618 0 obj << /Names [(0:2635) 3709 0 R (0:2636) 3714 0 R (0:2637) 3715 0 R (0:2638) 3716 0 R (0:2639) 3717 0 R (0:2640) 3718 0 R] /Limits [(0:2635) (0:2640)] >> endobj 7619 0 obj << /Names [(0:2643) 3720 0 R (0:2644) 3721 0 R (0:2645) 3722 0 R (0:2646) 3723 0 R (0:2647) 3724 0 R (0:2649) 3725 0 R] /Limits [(0:2643) (0:2649)] >> endobj 7620 0 obj << /Names [(0:265) 1586 0 R (0:2652) 3726 0 R (0:2653) 3727 0 R (0:2654) 3728 0 R (0:2655) 3729 0 R (0:2656) 3730 0 R] /Limits [(0:265) (0:2656)] >> endobj 7621 0 obj << /Names [(0:2657) 3731 0 R (0:2658) 3732 0 R (0:2659) 3738 0 R (0:266) 1587 0 R (0:2660) 3739 0 R (0:2662) 3740 0 R] /Limits [(0:2657) (0:2662)] >> endobj 7622 0 obj << /Names [(0:2663) 3741 0 R (0:2664) 3742 0 R (0:2665) 3743 0 R (0:2666) 3744 0 R (0:2667) 3745 0 R (0:2668) 3746 0 R] /Limits [(0:2663) (0:2668)] >> endobj 7623 0 obj << /Names [(0:2669) 3747 0 R (0:267) 1588 0 R (0:2670) 3748 0 R (0:2672) 3749 0 R (0:2673) 3750 0 R (0:2674) 3751 0 R] /Limits [(0:2669) (0:2674)] >> endobj 7624 0 obj << /Names [(0:2675) 3752 0 R (0:2676) 3753 0 R (0:2677) 3754 0 R (0:2678) 3755 0 R (0:2679) 3756 0 R (0:268) 1589 0 R] /Limits [(0:2675) (0:268)] >> endobj 7625 0 obj << /Names [(0:2680) 3757 0 R (0:2682) 3758 0 R (0:2683) 3759 0 R (0:2684) 3760 0 R (0:2685) 3761 0 R (0:2686) 3762 0 R] /Limits [(0:2680) (0:2686)] >> endobj 7626 0 obj << /Names [(0:2687) 3763 0 R (0:2688) 3764 0 R (0:2689) 3765 0 R (0:269) 1590 0 R (0:2690) 3766 0 R (0:2691) 3767 0 R] /Limits [(0:2687) (0:2691)] >> endobj 7627 0 obj << /Names [(0:2692) 3768 0 R (0:2694) 3769 0 R (0:2695) 3770 0 R (0:2696) 3771 0 R (0:2697) 3777 0 R (0:2698) 3778 0 R] /Limits [(0:2692) (0:2698)] >> endobj 7628 0 obj << /Names [(0:2699) 3779 0 R (0:270) 1591 0 R (0:2700) 3737 0 R (0:2702) 3780 0 R (0:2703) 3781 0 R (0:2704) 3782 0 R] /Limits [(0:2699) (0:2704)] >> endobj 7629 0 obj << /Names [(0:2705) 3783 0 R (0:2709) 3784 0 R (0:271) 1592 0 R (0:2710) 3785 0 R (0:2711) 3786 0 R (0:2712) 3787 0 R] /Limits [(0:2705) (0:2712)] >> endobj 7630 0 obj << /Names [(0:2713) 3788 0 R (0:2714) 3789 0 R (0:2715) 3790 0 R (0:2716) 3795 0 R (0:2719) 3796 0 R (0:272) 1593 0 R] /Limits [(0:2713) (0:272)] >> endobj 7631 0 obj << /Names [(0:2720) 3797 0 R (0:2721) 3798 0 R (0:2722) 3799 0 R (0:2723) 3800 0 R (0:2724) 3801 0 R (0:2725) 3802 0 R] /Limits [(0:2720) (0:2725)] >> endobj 7632 0 obj << /Names [(0:2726) 3808 0 R (0:2729) 3809 0 R (0:273) 1594 0 R (0:2730) 3810 0 R (0:2731) 3811 0 R (0:2732) 3812 0 R] /Limits [(0:2726) (0:2732)] >> endobj 7633 0 obj << /Names [(0:2733) 3813 0 R (0:2734) 3814 0 R (0:2735) 3815 0 R (0:2736) 3816 0 R (0:2737) 3817 0 R (0:2738) 3818 0 R] /Limits [(0:2733) (0:2738)] >> endobj 7634 0 obj << /Names [(0:2739) 3819 0 R (0:2740) 3820 0 R (0:2741) 3821 0 R (0:2742) 3822 0 R (0:2744) 3827 0 R (0:2745) 3828 0 R] /Limits [(0:2739) (0:2745)] >> endobj 7635 0 obj << /Names [(0:2746) 3829 0 R (0:2747) 3830 0 R (0:2748) 3831 0 R (0:2749) 3832 0 R (0:2750) 3833 0 R (0:2751) 3834 0 R] /Limits [(0:2746) (0:2751)] >> endobj 7636 0 obj << /Names [(0:2752) 3835 0 R (0:2754) 3836 0 R (0:2755) 3837 0 R (0:2756) 3838 0 R (0:2757) 3839 0 R (0:2759) 3840 0 R] /Limits [(0:2752) (0:2759)] >> endobj 7637 0 obj << /Names [(0:276) 1595 0 R (0:2762) 3845 0 R (0:2763) 3846 0 R (0:2764) 3847 0 R (0:2765) 3848 0 R (0:2766) 3849 0 R] /Limits [(0:276) (0:2766)] >> endobj 7638 0 obj << /Names [(0:2767) 3850 0 R (0:2769) 3851 0 R (0:277) 1596 0 R (0:2770) 3852 0 R (0:2771) 3853 0 R (0:2772) 3854 0 R] /Limits [(0:2767) (0:2772)] >> endobj 7639 0 obj << /Names [(0:2773) 3855 0 R (0:2774) 3856 0 R (0:2776) 3857 0 R (0:2777) 3858 0 R (0:2778) 3859 0 R (0:2779) 3860 0 R] /Limits [(0:2773) (0:2779)] >> endobj 7640 0 obj << /Names [(0:278) 1597 0 R (0:2780) 3861 0 R (0:2781) 3862 0 R (0:2783) 3863 0 R (0:2784) 3864 0 R (0:2785) 3865 0 R] /Limits [(0:278) (0:2785)] >> endobj 7641 0 obj << /Names [(0:2786) 3866 0 R (0:2788) 3867 0 R (0:2789) 3868 0 R (0:279) 1598 0 R (0:2790) 3869 0 R (0:2791) 3870 0 R] /Limits [(0:2786) (0:2791)] >> endobj 7642 0 obj << /Names [(0:2792) 3871 0 R (0:2793) 3872 0 R (0:2794) 3877 0 R (0:2795) 3878 0 R (0:2796) 3879 0 R (0:2797) 3880 0 R] /Limits [(0:2792) (0:2797)] >> endobj 7643 0 obj << /Names [(0:2798) 3881 0 R (0:2799) 3882 0 R (0:28) 1346 0 R (0:280) 1599 0 R (0:2800) 3883 0 R (0:2801) 3884 0 R] /Limits [(0:2798) (0:2801)] >> endobj 7644 0 obj << /Names [(0:2802) 3885 0 R (0:2803) 3886 0 R (0:2804) 3887 0 R (0:2805) 3888 0 R (0:2806) 3889 0 R (0:2807) 3890 0 R] /Limits [(0:2802) (0:2807)] >> endobj 7645 0 obj << /Names [(0:2809) 3891 0 R (0:281) 1604 0 R (0:2810) 3892 0 R (0:2811) 3893 0 R (0:2812) 3894 0 R (0:2813) 3895 0 R] /Limits [(0:2809) (0:2813)] >> endobj 7646 0 obj << /Names [(0:2814) 3896 0 R (0:2815) 3897 0 R (0:2816) 3898 0 R (0:2818) 3899 0 R (0:282) 1605 0 R (0:2821) 3904 0 R] /Limits [(0:2814) (0:2821)] >> endobj 7647 0 obj << /Names [(0:2822) 3905 0 R (0:2823) 3906 0 R (0:2824) 3907 0 R (0:2825) 3908 0 R (0:2827) 3909 0 R (0:2828) 3910 0 R] /Limits [(0:2822) (0:2828)] >> endobj 7648 0 obj << /Names [(0:2829) 3915 0 R (0:283) 1606 0 R (0:2830) 3916 0 R (0:2831) 3917 0 R (0:2832) 3918 0 R (0:2833) 3919 0 R] /Limits [(0:2829) (0:2833)] >> endobj 7649 0 obj << /Names [(0:2834) 3920 0 R (0:2835) 3921 0 R (0:2836) 3922 0 R (0:2837) 3923 0 R (0:2838) 3924 0 R (0:2839) 3925 0 R] /Limits [(0:2834) (0:2839)] >> endobj 7650 0 obj << /Names [(0:284) 1607 0 R (0:2840) 3926 0 R (0:2841) 3927 0 R (0:2842) 3928 0 R (0:2843) 3929 0 R (0:2844) 3930 0 R] /Limits [(0:284) (0:2844)] >> endobj 7651 0 obj << /Names [(0:2845) 3931 0 R (0:2846) 3932 0 R (0:2847) 3933 0 R (0:2848) 3934 0 R (0:285) 1608 0 R (0:2850) 3935 0 R] /Limits [(0:2845) (0:2850)] >> endobj 7652 0 obj << /Names [(0:2851) 3936 0 R (0:2852) 3937 0 R (0:2853) 3938 0 R (0:2854) 3939 0 R (0:2856) 3940 0 R (0:2857) 3941 0 R] /Limits [(0:2851) (0:2857)] >> endobj 7653 0 obj << /Names [(0:2858) 3942 0 R (0:286) 1609 0 R (0:2860) 3948 0 R (0:2861) 3949 0 R (0:2862) 3950 0 R (0:2863) 3951 0 R] /Limits [(0:2858) (0:2863)] >> endobj 7654 0 obj << /Names [(0:2864) 3952 0 R (0:2865) 3953 0 R (0:2866) 3954 0 R (0:2867) 3955 0 R (0:2868) 3956 0 R (0:2869) 3957 0 R] /Limits [(0:2864) (0:2869)] >> endobj 7655 0 obj << /Names [(0:287) 1610 0 R (0:2871) 3958 0 R (0:2872) 3959 0 R (0:2873) 3960 0 R (0:2874) 3961 0 R (0:2875) 3962 0 R] /Limits [(0:287) (0:2875)] >> endobj 7656 0 obj << /Names [(0:2876) 3963 0 R (0:2877) 3964 0 R (0:2878) 3965 0 R (0:2879) 3966 0 R (0:288) 1611 0 R (0:2880) 3967 0 R] /Limits [(0:2876) (0:2880)] >> endobj 7657 0 obj << /Names [(0:2881) 3968 0 R (0:2882) 3969 0 R (0:2884) 3970 0 R (0:2885) 3971 0 R (0:2887) 3972 0 R (0:2888) 3973 0 R] /Limits [(0:2881) (0:2888)] >> endobj 7658 0 obj << /Names [(0:2889) 3974 0 R (0:289) 1612 0 R (0:2890) 3975 0 R (0:2891) 3976 0 R (0:2892) 3977 0 R (0:2893) 3978 0 R] /Limits [(0:2889) (0:2893)] >> endobj 7659 0 obj << /Names [(0:2894) 3979 0 R (0:2895) 3984 0 R (0:2896) 3985 0 R (0:2897) 3986 0 R (0:2898) 3987 0 R (0:290) 1613 0 R] /Limits [(0:2894) (0:290)] >> endobj 7660 0 obj << /Names [(0:2900) 3988 0 R (0:2901) 3989 0 R (0:2902) 3990 0 R (0:2903) 3991 0 R (0:2904) 3992 0 R (0:2905) 3993 0 R] /Limits [(0:2900) (0:2905)] >> endobj 7661 0 obj << /Names [(0:2906) 3994 0 R (0:2907) 3995 0 R (0:2908) 3996 0 R (0:2909) 3997 0 R (0:291) 1614 0 R (0:2910) 3998 0 R] /Limits [(0:2906) (0:2910)] >> endobj 7662 0 obj << /Names [(0:2911) 3999 0 R (0:2912) 4000 0 R (0:2913) 4001 0 R (0:2914) 4002 0 R (0:2915) 4003 0 R (0:2916) 4004 0 R] /Limits [(0:2911) (0:2916)] >> endobj 7663 0 obj << /Names [(0:2918) 4005 0 R (0:2919) 4006 0 R (0:2920) 4007 0 R (0:2921) 4008 0 R (0:2922) 4009 0 R (0:2923) 4010 0 R] /Limits [(0:2918) (0:2923)] >> endobj 7664 0 obj << /Names [(0:2924) 4011 0 R (0:2925) 4012 0 R (0:2926) 4013 0 R (0:2927) 4014 0 R (0:2928) 4015 0 R (0:2929) 4016 0 R] /Limits [(0:2924) (0:2929)] >> endobj 7665 0 obj << /Names [(0:2930) 4017 0 R (0:2931) 4018 0 R (0:2932) 4019 0 R (0:2933) 4024 0 R (0:2934) 4025 0 R (0:2935) 4026 0 R] /Limits [(0:2930) (0:2935)] >> endobj 7666 0 obj << /Names [(0:2936) 4027 0 R (0:2937) 4028 0 R (0:2938) 4029 0 R (0:2939) 4030 0 R (0:294) 1616 0 R (0:2940) 4031 0 R] /Limits [(0:2936) (0:2940)] >> endobj 7667 0 obj << /Names [(0:2941) 4032 0 R (0:2942) 4033 0 R (0:2943) 4034 0 R (0:2944) 4035 0 R (0:2945) 4036 0 R (0:2946) 4037 0 R] /Limits [(0:2941) (0:2946)] >> endobj 7668 0 obj << /Names [(0:2947) 4038 0 R (0:2948) 4039 0 R (0:2949) 4040 0 R (0:295) 1617 0 R (0:2950) 4041 0 R (0:2952) 4042 0 R] /Limits [(0:2947) (0:2952)] >> endobj 7669 0 obj << /Names [(0:2953) 4043 0 R (0:2954) 4044 0 R (0:2955) 4045 0 R (0:2956) 4046 0 R (0:2957) 4047 0 R (0:2958) 4048 0 R] /Limits [(0:2953) (0:2958)] >> endobj 7670 0 obj << /Names [(0:2959) 4049 0 R (0:296) 1618 0 R (0:2960) 4050 0 R (0:2961) 4051 0 R (0:2962) 4052 0 R (0:2964) 4053 0 R] /Limits [(0:2959) (0:2964)] >> endobj 7671 0 obj << /Names [(0:2965) 4054 0 R (0:2966) 4055 0 R (0:2968) 4056 0 R (0:2969) 4057 0 R (0:297) 1619 0 R (0:2970) 4058 0 R] /Limits [(0:2965) (0:2970)] >> endobj 7672 0 obj << /Names [(0:2971) 4059 0 R (0:2972) 4060 0 R (0:2973) 4061 0 R (0:2974) 4062 0 R (0:2975) 4063 0 R (0:2976) 4064 0 R] /Limits [(0:2971) (0:2976)] >> endobj 7673 0 obj << /Names [(0:2977) 4065 0 R (0:2978) 4066 0 R (0:2979) 4067 0 R (0:298) 1620 0 R (0:2980) 4068 0 R (0:2982) 4075 0 R] /Limits [(0:2977) (0:2982)] >> endobj 7674 0 obj << /Names [(0:2983) 4076 0 R (0:2984) 4077 0 R (0:2986) 4078 0 R (0:2987) 4079 0 R (0:2988) 4080 0 R (0:2989) 4081 0 R] /Limits [(0:2983) (0:2989)] >> endobj 7675 0 obj << /Names [(0:299) 1621 0 R (0:2990) 4082 0 R (0:2991) 4083 0 R (0:2993) 4084 0 R (0:2994) 4085 0 R (0:2995) 4086 0 R] /Limits [(0:299) (0:2995)] >> endobj 7676 0 obj << /Names [(0:2996) 4087 0 R (0:2997) 4088 0 R (0:2998) 4089 0 R (0:2999) 4090 0 R (0:30) 1348 0 R (0:300) 1622 0 R] /Limits [(0:2996) (0:300)] >> endobj 7677 0 obj << /Names [(0:3000) 4091 0 R (0:3001) 4092 0 R (0:3002) 4093 0 R (0:3003) 4094 0 R (0:3004) 4095 0 R (0:3005) 4096 0 R] /Limits [(0:3000) (0:3005)] >> endobj 7678 0 obj << /Names [(0:3006) 4097 0 R (0:3007) 4098 0 R (0:3008) 4099 0 R (0:3009) 4100 0 R (0:301) 1623 0 R (0:3010) 4101 0 R] /Limits [(0:3006) (0:3010)] >> endobj 7679 0 obj << /Names [(0:3011) 4102 0 R (0:3013) 4103 0 R (0:3014) 4104 0 R (0:3015) 4105 0 R (0:3017) 4110 0 R (0:3018) 4111 0 R] /Limits [(0:3011) (0:3018)] >> endobj 7680 0 obj << /Names [(0:3019) 4112 0 R (0:302) 1624 0 R (0:3020) 4074 0 R (0:3022) 4113 0 R (0:3023) 4114 0 R (0:3024) 4115 0 R] /Limits [(0:3019) (0:3024)] >> endobj 7681 0 obj << /Names [(0:3025) 4116 0 R (0:3026) 4117 0 R (0:3027) 4118 0 R (0:3028) 4119 0 R (0:3029) 4120 0 R (0:303) 1625 0 R] /Limits [(0:3025) (0:303)] >> endobj 7682 0 obj << /Names [(0:3030) 4121 0 R (0:3031) 4122 0 R (0:3032) 4123 0 R (0:3033) 4124 0 R (0:3034) 4125 0 R (0:3035) 4126 0 R] /Limits [(0:3030) (0:3035)] >> endobj 7683 0 obj << /Names [(0:3036) 4127 0 R (0:3037) 4128 0 R (0:3038) 4129 0 R (0:3039) 4130 0 R (0:304) 1626 0 R (0:3040) 4131 0 R] /Limits [(0:3036) (0:3040)] >> endobj 7684 0 obj << /Names [(0:3041) 4132 0 R (0:3042) 4133 0 R (0:3043) 4134 0 R (0:3044) 4135 0 R (0:3045) 4136 0 R (0:3046) 4137 0 R] /Limits [(0:3041) (0:3046)] >> endobj 7685 0 obj << /Names [(0:3047) 4138 0 R (0:3048) 4139 0 R (0:3049) 4140 0 R (0:305) 1627 0 R (0:3050) 4141 0 R (0:3052) 4142 0 R] /Limits [(0:3047) (0:3052)] >> endobj 7686 0 obj << /Names [(0:3055) 4153 0 R (0:3057) 4154 0 R (0:3058) 4155 0 R (0:3059) 4156 0 R (0:306) 1628 0 R (0:3060) 4157 0 R] /Limits [(0:3055) (0:3060)] >> endobj 7687 0 obj << /Names [(0:3061) 4158 0 R (0:3062) 4159 0 R (0:3064) 4160 0 R (0:3065) 4161 0 R (0:3066) 4162 0 R (0:3068) 4163 0 R] /Limits [(0:3061) (0:3068)] >> endobj 7688 0 obj << /Names [(0:3069) 4164 0 R (0:307) 1629 0 R (0:3070) 4169 0 R (0:3071) 4170 0 R (0:3072) 4171 0 R (0:3073) 4152 0 R] /Limits [(0:3069) (0:3073)] >> endobj 7689 0 obj << /Names [(0:3076) 4172 0 R (0:3077) 4173 0 R (0:3078) 4174 0 R (0:3079) 4175 0 R (0:308) 1630 0 R (0:3080) 4176 0 R] /Limits [(0:3076) (0:3080)] >> endobj 7690 0 obj << /Names [(0:3081) 4177 0 R (0:3082) 4178 0 R (0:3083) 4179 0 R (0:3084) 4180 0 R (0:3085) 4181 0 R (0:3086) 4182 0 R] /Limits [(0:3081) (0:3086)] >> endobj 7691 0 obj << /Names [(0:3087) 4183 0 R (0:3088) 4184 0 R (0:309) 1631 0 R (0:3090) 4185 0 R (0:3091) 4186 0 R (0:3092) 4187 0 R] /Limits [(0:3087) (0:3092)] >> endobj 7692 0 obj << /Names [(0:3093) 4188 0 R (0:3094) 4189 0 R (0:3095) 4190 0 R (0:3096) 4191 0 R (0:3097) 4192 0 R (0:3098) 4193 0 R] /Limits [(0:3093) (0:3098)] >> endobj 7693 0 obj << /Names [(0:3099) 4194 0 R (0:310) 1632 0 R (0:3100) 4195 0 R (0:3102) 4196 0 R (0:3105) 4201 0 R (0:3106) 4202 0 R] /Limits [(0:3099) (0:3106)] >> endobj 7694 0 obj << /Names [(0:3107) 4203 0 R (0:3108) 4204 0 R (0:3109) 4205 0 R (0:311) 1633 0 R (0:3110) 4206 0 R (0:3111) 4207 0 R] /Limits [(0:3107) (0:3111)] >> endobj 7695 0 obj << /Names [(0:3112) 4208 0 R (0:3113) 4209 0 R (0:3116) 4210 0 R (0:3117) 4211 0 R (0:3118) 4216 0 R (0:3119) 4217 0 R] /Limits [(0:3112) (0:3119)] >> endobj 7696 0 obj << /Names [(0:312) 1634 0 R (0:3120) 4218 0 R (0:3121) 4219 0 R (0:3122) 4220 0 R (0:3123) 4221 0 R (0:3124) 4222 0 R] /Limits [(0:312) (0:3124)] >> endobj 7697 0 obj << /Names [(0:3126) 4223 0 R (0:3127) 4224 0 R (0:3128) 4225 0 R (0:3129) 4226 0 R (0:313) 1635 0 R (0:3130) 4227 0 R] /Limits [(0:3126) (0:3130)] >> endobj 7698 0 obj << /Names [(0:3131) 4228 0 R (0:3132) 4229 0 R (0:3133) 4230 0 R (0:3134) 4231 0 R (0:3135) 4232 0 R (0:3136) 4233 0 R] /Limits [(0:3131) (0:3136)] >> endobj 7699 0 obj << /Names [(0:3137) 4234 0 R (0:3138) 4235 0 R (0:3139) 4236 0 R (0:314) 1636 0 R (0:3142) 4241 0 R (0:3144) 4242 0 R] /Limits [(0:3137) (0:3144)] >> endobj 7700 0 obj << /Names [(0:3145) 4243 0 R (0:3146) 4244 0 R (0:3147) 4245 0 R (0:3148) 4246 0 R (0:3149) 4247 0 R (0:315) 1637 0 R] /Limits [(0:3145) (0:315)] >> endobj 7701 0 obj << /Names [(0:3150) 4248 0 R (0:3151) 4249 0 R (0:3152) 4250 0 R (0:3153) 4251 0 R (0:3154) 4252 0 R (0:3155) 4253 0 R] /Limits [(0:3150) (0:3155)] >> endobj 7702 0 obj << /Names [(0:3156) 4254 0 R (0:3157) 4255 0 R (0:3158) 4256 0 R (0:3159) 4257 0 R (0:316) 1638 0 R (0:3160) 4258 0 R] /Limits [(0:3156) (0:3160)] >> endobj 7703 0 obj << /Names [(0:3161) 4259 0 R (0:3162) 4260 0 R (0:3163) 4261 0 R (0:3164) 4262 0 R (0:3165) 4263 0 R (0:3166) 4264 0 R] /Limits [(0:3161) (0:3166)] >> endobj 7704 0 obj << /Names [(0:3167) 4265 0 R (0:3168) 4266 0 R (0:3169) 4267 0 R (0:317) 1639 0 R (0:3170) 4268 0 R (0:3171) 4269 0 R] /Limits [(0:3167) (0:3171)] >> endobj 7705 0 obj << /Names [(0:3173) 4275 0 R (0:3174) 4276 0 R (0:3176) 4277 0 R (0:3177) 4278 0 R (0:3178) 4279 0 R (0:318) 1640 0 R] /Limits [(0:3173) (0:318)] >> endobj 7706 0 obj << /Names [(0:3181) 4280 0 R (0:3182) 4281 0 R (0:3183) 4282 0 R (0:3184) 4283 0 R (0:3185) 4284 0 R (0:3186) 4285 0 R] /Limits [(0:3181) (0:3186)] >> endobj 7707 0 obj << /Names [(0:3187) 4286 0 R (0:3189) 4274 0 R (0:319) 1641 0 R (0:3190) 4292 0 R (0:3191) 4293 0 R (0:3192) 4294 0 R] /Limits [(0:3187) (0:3192)] >> endobj 7708 0 obj << /Names [(0:3193) 4295 0 R (0:3194) 4296 0 R (0:3195) 4297 0 R (0:3196) 4298 0 R (0:3197) 4299 0 R (0:3198) 4300 0 R] /Limits [(0:3193) (0:3198)] >> endobj 7709 0 obj << /Names [(0:3199) 4301 0 R (0:320) 1642 0 R (0:3200) 4302 0 R (0:3201) 4303 0 R (0:3203) 4304 0 R (0:3204) 4305 0 R] /Limits [(0:3199) (0:3204)] >> endobj 7710 0 obj << /Names [(0:3205) 4306 0 R (0:3206) 4307 0 R (0:3207) 4308 0 R (0:3208) 4309 0 R (0:3209) 4310 0 R (0:3210) 4311 0 R] /Limits [(0:3205) (0:3210)] >> endobj 7711 0 obj << /Names [(0:3211) 4312 0 R (0:3212) 4313 0 R (0:3214) 4314 0 R (0:3218) 4320 0 R (0:3219) 4321 0 R (0:322) 1643 0 R] /Limits [(0:3211) (0:322)] >> endobj 7712 0 obj << /Names [(0:3220) 4322 0 R (0:3221) 4323 0 R (0:3222) 4324 0 R (0:3223) 4325 0 R (0:3224) 4326 0 R (0:3226) 4327 0 R] /Limits [(0:3220) (0:3226)] >> endobj 7713 0 obj << /Names [(0:3227) 4328 0 R (0:3228) 4329 0 R (0:3229) 4330 0 R (0:323) 1644 0 R (0:3230) 4331 0 R (0:3231) 4332 0 R] /Limits [(0:3227) (0:3231)] >> endobj 7714 0 obj << /Names [(0:3232) 4333 0 R (0:3235) 4334 0 R (0:3236) 4335 0 R (0:3237) 4336 0 R (0:3238) 4337 0 R (0:3239) 4338 0 R] /Limits [(0:3232) (0:3239)] >> endobj 7715 0 obj << /Names [(0:324) 1645 0 R (0:3240) 4339 0 R (0:3241) 4340 0 R (0:3242) 4341 0 R (0:3244) 4342 0 R (0:3245) 4343 0 R] /Limits [(0:324) (0:3245)] >> endobj 7716 0 obj << /Names [(0:3246) 4344 0 R (0:3247) 4345 0 R (0:3248) 4346 0 R (0:3249) 4347 0 R (0:325) 1646 0 R (0:3250) 4348 0 R] /Limits [(0:3246) (0:3250)] >> endobj 7717 0 obj << /Names [(0:3251) 4354 0 R (0:3252) 4355 0 R (0:3253) 4349 0 R (0:3257) 4356 0 R (0:3258) 4357 0 R (0:3259) 4358 0 R] /Limits [(0:3251) (0:3259)] >> endobj 7718 0 obj << /Names [(0:326) 1647 0 R (0:3260) 4359 0 R (0:3261) 4360 0 R (0:3262) 4361 0 R (0:3263) 4362 0 R (0:3264) 4363 0 R] /Limits [(0:326) (0:3264)] >> endobj 7719 0 obj << /Names [(0:3267) 4364 0 R (0:3268) 4365 0 R (0:3269) 4366 0 R (0:327) 1648 0 R (0:3270) 4367 0 R (0:3271) 4368 0 R] /Limits [(0:3267) (0:3271)] >> endobj 7720 0 obj << /Names [(0:3272) 4369 0 R (0:3273) 4370 0 R (0:3275) 4371 0 R (0:3276) 4372 0 R (0:3277) 4373 0 R (0:3278) 4374 0 R] /Limits [(0:3272) (0:3278)] >> endobj 7721 0 obj << /Names [(0:3279) 4375 0 R (0:328) 1649 0 R (0:3280) 4376 0 R (0:3281) 4377 0 R (0:3282) 4378 0 R (0:3283) 4379 0 R] /Limits [(0:3279) (0:3283)] >> endobj 7722 0 obj << /Names [(0:3284) 4380 0 R (0:3285) 4381 0 R (0:3286) 4382 0 R (0:3287) 4383 0 R (0:3288) 4384 0 R (0:3289) 4385 0 R] /Limits [(0:3284) (0:3289)] >> endobj 7723 0 obj << /Names [(0:3290) 4386 0 R (0:3291) 4387 0 R (0:3293) 4388 0 R (0:3294) 4389 0 R (0:3295) 4390 0 R (0:3296) 4391 0 R] /Limits [(0:3290) (0:3296)] >> endobj 7724 0 obj << /Names [(0:3297) 4392 0 R (0:3298) 4393 0 R (0:3299) 4394 0 R (0:3301) 4399 0 R (0:3302) 4400 0 R (0:3303) 4401 0 R] /Limits [(0:3297) (0:3303)] >> endobj 7725 0 obj << /Names [(0:3304) 4402 0 R (0:3305) 4403 0 R (0:3306) 4404 0 R (0:3308) 4405 0 R (0:3309) 4406 0 R (0:331) 1657 0 R] /Limits [(0:3304) (0:331)] >> endobj 7726 0 obj << /Names [(0:3310) 4407 0 R (0:3311) 4408 0 R (0:3313) 4409 0 R (0:3314) 4410 0 R (0:3315) 4411 0 R (0:3316) 4412 0 R] /Limits [(0:3310) (0:3316)] >> endobj 7727 0 obj << /Names [(0:3317) 4413 0 R (0:332) 1658 0 R (0:3320) 4414 0 R (0:3321) 4415 0 R (0:3322) 4416 0 R (0:3323) 4417 0 R] /Limits [(0:3317) (0:3323)] >> endobj 7728 0 obj << /Names [(0:3324) 4418 0 R (0:3325) 4419 0 R (0:3326) 4420 0 R (0:3327) 4421 0 R (0:3328) 4422 0 R (0:3329) 4423 0 R] /Limits [(0:3324) (0:3329)] >> endobj 7729 0 obj << /Names [(0:333) 1659 0 R (0:3330) 4424 0 R (0:3331) 4425 0 R (0:3332) 4426 0 R (0:3333) 4427 0 R (0:3334) 4428 0 R] /Limits [(0:333) (0:3334)] >> endobj 7730 0 obj << /Names [(0:3335) 4429 0 R (0:3336) 4430 0 R (0:3337) 4431 0 R (0:3338) 4432 0 R (0:3339) 4433 0 R (0:334) 1660 0 R] /Limits [(0:3335) (0:334)] >> endobj 7731 0 obj << /Names [(0:3340) 4434 0 R (0:3341) 4440 0 R (0:3342) 4441 0 R (0:3343) 4442 0 R (0:3344) 4443 0 R (0:3345) 4444 0 R] /Limits [(0:3340) (0:3345)] >> endobj 7732 0 obj << /Names [(0:3346) 4445 0 R (0:3347) 4446 0 R (0:3348) 4447 0 R (0:3349) 4448 0 R (0:335) 1661 0 R (0:3350) 4449 0 R] /Limits [(0:3346) (0:3350)] >> endobj 7733 0 obj << /Names [(0:3351) 4450 0 R (0:3352) 4451 0 R (0:3353) 4452 0 R (0:3354) 4453 0 R (0:3355) 4454 0 R (0:3356) 4455 0 R] /Limits [(0:3351) (0:3356)] >> endobj 7734 0 obj << /Names [(0:3357) 4456 0 R (0:3358) 4457 0 R (0:336) 1662 0 R (0:3360) 4458 0 R (0:3361) 4459 0 R (0:3362) 4460 0 R] /Limits [(0:3357) (0:3362)] >> endobj 7735 0 obj << /Names [(0:3363) 4461 0 R (0:3364) 4462 0 R (0:3365) 4463 0 R (0:3366) 4464 0 R (0:3367) 4465 0 R (0:3368) 4466 0 R] /Limits [(0:3363) (0:3368)] >> endobj 7736 0 obj << /Names [(0:3369) 4467 0 R (0:337) 1663 0 R (0:3370) 4468 0 R (0:3371) 4469 0 R (0:3372) 4470 0 R (0:3373) 4471 0 R] /Limits [(0:3369) (0:3373)] >> endobj 7737 0 obj << /Names [(0:3374) 4472 0 R (0:3375) 4473 0 R (0:3376) 4474 0 R (0:3377) 4475 0 R (0:338) 1664 0 R (0:3380) 4476 0 R] /Limits [(0:3374) (0:3380)] >> endobj 7738 0 obj << /Names [(0:3381) 4477 0 R (0:3382) 4478 0 R (0:3383) 4483 0 R (0:3384) 4484 0 R (0:3385) 4485 0 R (0:3388) 4486 0 R] /Limits [(0:3381) (0:3388)] >> endobj 7739 0 obj << /Names [(0:3389) 4487 0 R (0:339) 1665 0 R (0:3390) 4488 0 R (0:3391) 4489 0 R (0:3393) 4490 0 R (0:3394) 4491 0 R] /Limits [(0:3389) (0:3394)] >> endobj 7740 0 obj << /Names [(0:3395) 4492 0 R (0:3396) 4493 0 R (0:3397) 4494 0 R (0:3398) 4495 0 R (0:34) 1349 0 R (0:340) 1666 0 R] /Limits [(0:3395) (0:340)] >> endobj 7741 0 obj << /Names [(0:3401) 4497 0 R (0:3402) 4498 0 R (0:3403) 4499 0 R (0:3404) 4506 0 R (0:3405) 4507 0 R (0:3406) 4508 0 R] /Limits [(0:3401) (0:3406)] >> endobj 7742 0 obj << /Names [(0:3407) 4509 0 R (0:3408) 4510 0 R (0:3409) 4511 0 R (0:341) 1667 0 R (0:3410) 4512 0 R (0:3412) 4513 0 R] /Limits [(0:3407) (0:3412)] >> endobj 7743 0 obj << /Names [(0:3413) 4514 0 R (0:3414) 4515 0 R (0:3416) 4516 0 R (0:3417) 4517 0 R (0:3418) 4518 0 R (0:3419) 4519 0 R] /Limits [(0:3413) (0:3419)] >> endobj 7744 0 obj << /Names [(0:342) 1668 0 R (0:3420) 4520 0 R (0:3421) 4521 0 R (0:3422) 4522 0 R (0:3423) 4523 0 R (0:3424) 4524 0 R] /Limits [(0:342) (0:3424)] >> endobj 7745 0 obj << /Names [(0:3425) 4525 0 R (0:3428) 4527 0 R (0:3429) 4528 0 R (0:343) 1669 0 R (0:3430) 4529 0 R (0:3431) 4530 0 R] /Limits [(0:3425) (0:3431)] >> endobj 7746 0 obj << /Names [(0:3433) 4531 0 R (0:3434) 4532 0 R (0:3435) 4533 0 R (0:3436) 4534 0 R (0:3437) 4535 0 R (0:3438) 4536 0 R] /Limits [(0:3433) (0:3438)] >> endobj 7747 0 obj << /Names [(0:3439) 4537 0 R (0:344) 1670 0 R (0:3440) 4538 0 R (0:3441) 4539 0 R (0:3442) 4540 0 R (0:3443) 4541 0 R] /Limits [(0:3439) (0:3443)] >> endobj 7748 0 obj << /Names [(0:3444) 4542 0 R (0:3446) 4548 0 R (0:3447) 4549 0 R (0:3448) 4550 0 R (0:3450) 4552 0 R (0:3451) 4553 0 R] /Limits [(0:3444) (0:3451)] >> endobj 7749 0 obj << /Names [(0:3452) 4554 0 R (0:3453) 4555 0 R (0:3454) 4556 0 R (0:3455) 4557 0 R (0:3456) 4558 0 R (0:3457) 4559 0 R] /Limits [(0:3452) (0:3457)] >> endobj 7750 0 obj << /Names [(0:3458) 4560 0 R (0:3459) 4561 0 R (0:346) 1671 0 R (0:3462) 4562 0 R (0:3463) 4563 0 R (0:3464) 4564 0 R] /Limits [(0:3458) (0:3464)] >> endobj 7751 0 obj << /Names [(0:3465) 4565 0 R (0:3466) 4566 0 R (0:3467) 4567 0 R (0:3468) 4568 0 R (0:3469) 4569 0 R (0:347) 1672 0 R] /Limits [(0:3465) (0:347)] >> endobj 7752 0 obj << /Names [(0:3470) 4570 0 R (0:3471) 4571 0 R (0:3472) 4572 0 R (0:3473) 4573 0 R (0:3476) 4574 0 R (0:3477) 4575 0 R] /Limits [(0:3470) (0:3477)] >> endobj 7753 0 obj << /Names [(0:3478) 4581 0 R (0:3479) 4582 0 R (0:348) 1673 0 R (0:3482) 4583 0 R (0:3483) 4584 0 R (0:3484) 4585 0 R] /Limits [(0:3478) (0:3484)] >> endobj 7754 0 obj << /Names [(0:3485) 4586 0 R (0:3486) 4587 0 R (0:3487) 4588 0 R (0:3488) 4589 0 R (0:349) 1674 0 R (0:3490) 4590 0 R] /Limits [(0:3485) (0:3490)] >> endobj 7755 0 obj << /Names [(0:3491) 4591 0 R (0:3492) 4592 0 R (0:3494) 4593 0 R (0:3495) 4594 0 R (0:3496) 4595 0 R (0:3498) 4596 0 R] /Limits [(0:3491) (0:3498)] >> endobj 7756 0 obj << /Names [(0:3499) 4597 0 R (0:35) 1350 0 R (0:3500) 4598 0 R (0:3502) 4599 0 R (0:3503) 4600 0 R (0:3504) 4601 0 R] /Limits [(0:3499) (0:3504)] >> endobj 7757 0 obj << /Names [(0:3506) 4602 0 R (0:3507) 4603 0 R (0:3508) 4604 0 R (0:351) 1675 0 R (0:3510) 4605 0 R (0:3511) 4606 0 R] /Limits [(0:3506) (0:3511)] >> endobj 7758 0 obj << /Names [(0:3512) 4607 0 R (0:3514) 4608 0 R (0:3515) 4609 0 R (0:3516) 4610 0 R (0:3518) 4611 0 R (0:3519) 4612 0 R] /Limits [(0:3512) (0:3519)] >> endobj 7759 0 obj << /Names [(0:352) 1676 0 R (0:3520) 4613 0 R (0:3522) 4614 0 R (0:3523) 4615 0 R (0:3524) 4616 0 R (0:3526) 4623 0 R] /Limits [(0:352) (0:3526)] >> endobj 7760 0 obj << /Names [(0:3527) 4624 0 R (0:3528) 4625 0 R (0:3529) 4580 0 R (0:3530) 4626 0 R (0:3531) 4627 0 R (0:3532) 4628 0 R] /Limits [(0:3527) (0:3532)] >> endobj 7761 0 obj << /Names [(0:3533) 4629 0 R (0:3534) 4630 0 R (0:3536) 4631 0 R (0:3537) 4632 0 R (0:3538) 4633 0 R (0:3539) 4634 0 R] /Limits [(0:3533) (0:3539)] >> endobj 7762 0 obj << /Names [(0:3540) 4635 0 R (0:355) 1677 0 R (0:356) 1678 0 R (0:3564) 4637 0 R (0:3565) 4638 0 R (0:3566) 4639 0 R] /Limits [(0:3540) (0:3566)] >> endobj 7763 0 obj << /Names [(0:357) 1679 0 R (0:358) 1680 0 R (0:3581) 4641 0 R (0:3583) 4642 0 R (0:3586) 4643 0 R (0:3587) 4644 0 R] /Limits [(0:357) (0:3587)] >> endobj 7764 0 obj << /Names [(0:3588) 4645 0 R (0:3589) 4646 0 R (0:359) 1681 0 R (0:3590) 4647 0 R (0:3591) 4648 0 R (0:3592) 4654 0 R] /Limits [(0:3588) (0:3592)] >> endobj 7765 0 obj << /Names [(0:3593) 4622 0 R (0:3596) 4655 0 R (0:3597) 4656 0 R (0:3599) 4657 0 R (0:36) 1351 0 R (0:360) 1682 0 R] /Limits [(0:3593) (0:360)] >> endobj 7766 0 obj << /Names [(0:3600) 4658 0 R (0:3601) 4659 0 R (0:3602) 4660 0 R (0:3603) 4661 0 R (0:3604) 4662 0 R (0:3605) 4663 0 R] /Limits [(0:3600) (0:3605)] >> endobj 7767 0 obj << /Names [(0:3606) 4664 0 R (0:3607) 4665 0 R (0:3608) 4666 0 R (0:3609) 4667 0 R (0:361) 1683 0 R (0:3610) 4668 0 R] /Limits [(0:3606) (0:3610)] >> endobj 7768 0 obj << /Names [(0:3611) 4669 0 R (0:3612) 4670 0 R (0:3613) 4671 0 R (0:3614) 4672 0 R (0:3615) 4673 0 R (0:3616) 4674 0 R] /Limits [(0:3611) (0:3616)] >> endobj 7769 0 obj << /Names [(0:3617) 4675 0 R (0:3618) 4676 0 R (0:3619) 4677 0 R (0:362) 1684 0 R (0:3620) 4678 0 R (0:3621) 4679 0 R] /Limits [(0:3617) (0:3621)] >> endobj 7770 0 obj << /Names [(0:3622) 4680 0 R (0:3623) 4681 0 R (0:3624) 4682 0 R (0:3625) 4683 0 R (0:3626) 4684 0 R (0:3627) 4685 0 R] /Limits [(0:3622) (0:3627)] >> endobj 7771 0 obj << /Names [(0:3628) 4686 0 R (0:3629) 4687 0 R (0:363) 1685 0 R (0:3630) 4688 0 R (0:3631) 4689 0 R (0:3632) 4690 0 R] /Limits [(0:3628) (0:3632)] >> endobj 7772 0 obj << /Names [(0:3633) 4691 0 R (0:3634) 4692 0 R (0:3635) 4693 0 R (0:3636) 4694 0 R (0:3637) 4695 0 R (0:3638) 4696 0 R] /Limits [(0:3633) (0:3638)] >> endobj 7773 0 obj << /Names [(0:3639) 4697 0 R (0:364) 1686 0 R (0:3640) 4698 0 R (0:3641) 4699 0 R (0:3642) 4700 0 R (0:3643) 4701 0 R] /Limits [(0:3639) (0:3643)] >> endobj 7774 0 obj << /Names [(0:3644) 4702 0 R (0:3645) 4703 0 R (0:3646) 4704 0 R (0:3648) 4709 0 R (0:3649) 4710 0 R (0:365) 1687 0 R] /Limits [(0:3644) (0:365)] >> endobj 7775 0 obj << /Names [(0:3650) 4711 0 R (0:3651) 4653 0 R (0:3653) 4712 0 R (0:3654) 4713 0 R (0:3655) 4714 0 R (0:3657) 4715 0 R] /Limits [(0:3650) (0:3657)] >> endobj 7776 0 obj << /Names [(0:3658) 4716 0 R (0:366) 1688 0 R (0:3661) 4717 0 R (0:3662) 4718 0 R (0:3663) 4719 0 R (0:3664) 4720 0 R] /Limits [(0:3658) (0:3664)] >> endobj 7777 0 obj << /Names [(0:3665) 4721 0 R (0:3666) 4722 0 R (0:3667) 4723 0 R (0:3668) 4724 0 R (0:3669) 4725 0 R (0:3670) 4726 0 R] /Limits [(0:3665) (0:3670)] >> endobj 7778 0 obj << /Names [(0:3672) 4727 0 R (0:3673) 4728 0 R (0:3674) 4729 0 R (0:3675) 4730 0 R (0:3676) 4731 0 R (0:3677) 4732 0 R] /Limits [(0:3672) (0:3677)] >> endobj 7779 0 obj << /Names [(0:368) 1689 0 R (0:3680) 4733 0 R (0:3681) 4734 0 R (0:3682) 4735 0 R (0:3683) 4736 0 R (0:3684) 4737 0 R] /Limits [(0:368) (0:3684)] >> endobj 7780 0 obj << /Names [(0:3685) 4738 0 R (0:3688) 4745 0 R (0:3689) 4746 0 R (0:369) 1690 0 R (0:3690) 4747 0 R (0:3691) 4748 0 R] /Limits [(0:3685) (0:3691)] >> endobj 7781 0 obj << /Names [(0:3692) 4749 0 R (0:3693) 4750 0 R (0:3694) 4751 0 R (0:3695) 4752 0 R (0:3698) 4754 0 R (0:3699) 4755 0 R] /Limits [(0:3692) (0:3699)] >> endobj 7782 0 obj << /Names [(0:37) 1353 0 R (0:370) 1691 0 R (0:3700) 4756 0 R (0:3701) 4757 0 R (0:3702) 4758 0 R (0:3703) 4759 0 R] /Limits [(0:37) (0:3703)] >> endobj 7783 0 obj << /Names [(0:3705) 4760 0 R (0:3706) 4761 0 R (0:3707) 4762 0 R (0:3708) 4763 0 R (0:3709) 4764 0 R (0:371) 1697 0 R] /Limits [(0:3705) (0:371)] >> endobj 7784 0 obj << /Names [(0:3710) 4765 0 R (0:3711) 4766 0 R (0:3712) 4767 0 R (0:3714) 4768 0 R (0:3715) 4769 0 R (0:3718) 4775 0 R] /Limits [(0:3710) (0:3718)] >> endobj 7785 0 obj << /Names [(0:3719) 4776 0 R (0:372) 1698 0 R (0:3720) 4777 0 R (0:3721) 4778 0 R (0:3722) 4779 0 R (0:3723) 4780 0 R] /Limits [(0:3719) (0:3723)] >> endobj 7786 0 obj << /Names [(0:3724) 4781 0 R (0:3725) 4782 0 R (0:3726) 4783 0 R (0:3727) 4784 0 R (0:3728) 4785 0 R (0:3729) 4786 0 R] /Limits [(0:3724) (0:3729)] >> endobj 7787 0 obj << /Names [(0:3730) 4787 0 R (0:3733) 4788 0 R (0:3734) 4789 0 R (0:3735) 4790 0 R (0:3739) 4791 0 R (0:3740) 4792 0 R] /Limits [(0:3730) (0:3740)] >> endobj 7788 0 obj << /Names [(0:3741) 4793 0 R (0:3742) 4794 0 R (0:3743) 4795 0 R (0:3744) 4796 0 R (0:3745) 4797 0 R (0:3746) 4798 0 R] /Limits [(0:3741) (0:3746)] >> endobj 7789 0 obj << /Names [(0:3747) 4799 0 R (0:3748) 4800 0 R (0:3749) 4801 0 R (0:375) 1699 0 R (0:3750) 4802 0 R (0:3751) 4803 0 R] /Limits [(0:3747) (0:3751)] >> endobj 7790 0 obj << /Names [(0:3752) 4804 0 R (0:3753) 4809 0 R (0:3754) 4810 0 R (0:3755) 4811 0 R (0:3756) 4812 0 R (0:3757) 4813 0 R] /Limits [(0:3752) (0:3757)] >> endobj 7791 0 obj << /Names [(0:3758) 4814 0 R (0:3759) 4815 0 R (0:376) 1700 0 R (0:3760) 4816 0 R (0:3761) 4817 0 R (0:3762) 4818 0 R] /Limits [(0:3758) (0:3762)] >> endobj 7792 0 obj << /Names [(0:3764) 4819 0 R (0:3765) 4820 0 R (0:3766) 4821 0 R (0:3767) 4822 0 R (0:3768) 4823 0 R (0:3769) 4824 0 R] /Limits [(0:3764) (0:3769)] >> endobj 7793 0 obj << /Names [(0:377) 1701 0 R (0:3771) 4825 0 R (0:3772) 4826 0 R (0:3773) 4827 0 R (0:3774) 4828 0 R (0:3775) 4829 0 R] /Limits [(0:377) (0:3775)] >> endobj 7794 0 obj << /Names [(0:3776) 4830 0 R (0:3777) 4831 0 R (0:378) 1702 0 R (0:3780) 4838 0 R (0:3781) 4839 0 R (0:3784) 4840 0 R] /Limits [(0:3776) (0:3784)] >> endobj 7795 0 obj << /Names [(0:3785) 4841 0 R (0:379) 1703 0 R (0:3790) 4842 0 R (0:3791) 4843 0 R (0:3792) 4844 0 R (0:3793) 4845 0 R] /Limits [(0:3785) (0:3793)] >> endobj 7796 0 obj << /Names [(0:3794) 4846 0 R (0:3795) 4847 0 R (0:3796) 4848 0 R (0:3797) 4849 0 R (0:3798) 4850 0 R (0:3799) 4851 0 R] /Limits [(0:3794) (0:3799)] >> endobj 7797 0 obj << /Names [(0:38) 1355 0 R (0:380) 1704 0 R (0:3800) 4852 0 R (0:3802) 4853 0 R (0:3805) 4854 0 R (0:3806) 4855 0 R] /Limits [(0:38) (0:3806)] >> endobj 7798 0 obj << /Names [(0:3807) 4856 0 R (0:3808) 4857 0 R (0:3809) 4858 0 R (0:381) 1705 0 R (0:3810) 4859 0 R (0:3811) 4860 0 R] /Limits [(0:3807) (0:3811)] >> endobj 7799 0 obj << /Names [(0:3812) 4866 0 R (0:3813) 4867 0 R (0:3814) 4868 0 R (0:3815) 4869 0 R (0:3816) 4870 0 R (0:3817) 4871 0 R] /Limits [(0:3812) (0:3817)] >> endobj 7800 0 obj << /Names [(0:3818) 4872 0 R (0:3819) 4873 0 R (0:382) 1706 0 R (0:3820) 4874 0 R (0:3821) 4875 0 R (0:3822) 4876 0 R] /Limits [(0:3818) (0:3822)] >> endobj 7801 0 obj << /Names [(0:3823) 4877 0 R (0:3824) 4878 0 R (0:3826) 4879 0 R (0:3827) 4880 0 R (0:3828) 4881 0 R (0:3829) 4882 0 R] /Limits [(0:3823) (0:3829)] >> endobj 7802 0 obj << /Names [(0:3830) 4883 0 R (0:3831) 4884 0 R (0:3832) 4885 0 R (0:3833) 4886 0 R (0:3834) 4887 0 R (0:3835) 4888 0 R] /Limits [(0:3830) (0:3835)] >> endobj 7803 0 obj << /Names [(0:3836) 4889 0 R (0:3837) 4890 0 R (0:3838) 4891 0 R (0:3839) 4892 0 R (0:384) 1707 0 R (0:3840) 4893 0 R] /Limits [(0:3836) (0:3840)] >> endobj 7804 0 obj << /Names [(0:3841) 4894 0 R (0:3842) 4895 0 R (0:3843) 4896 0 R (0:3844) 4897 0 R (0:3845) 4898 0 R (0:3846) 4899 0 R] /Limits [(0:3841) (0:3846)] >> endobj 7805 0 obj << /Names [(0:3847) 4900 0 R (0:3848) 4901 0 R (0:3849) 4902 0 R (0:385) 1708 0 R (0:3850) 4903 0 R (0:3851) 4904 0 R] /Limits [(0:3847) (0:3851)] >> endobj 7806 0 obj << /Names [(0:3852) 4905 0 R (0:3853) 4906 0 R (0:3854) 4907 0 R (0:3856) 4908 0 R (0:3857) 4909 0 R (0:3858) 4910 0 R] /Limits [(0:3852) (0:3858)] >> endobj 7807 0 obj << /Names [(0:3859) 4911 0 R (0:3860) 4912 0 R (0:3861) 4913 0 R (0:3862) 4918 0 R (0:3863) 4919 0 R (0:3864) 4920 0 R] /Limits [(0:3859) (0:3864)] >> endobj 7808 0 obj << /Names [(0:3865) 4921 0 R (0:3866) 4922 0 R (0:3867) 4923 0 R (0:3868) 4924 0 R (0:3869) 4925 0 R (0:3870) 4926 0 R] /Limits [(0:3865) (0:3870)] >> endobj 7809 0 obj << /Names [(0:3871) 4927 0 R (0:3872) 4928 0 R (0:3873) 4929 0 R (0:3874) 4930 0 R (0:3875) 4931 0 R (0:3876) 4932 0 R] /Limits [(0:3871) (0:3876)] >> endobj 7810 0 obj << /Names [(0:3877) 4933 0 R (0:3878) 4934 0 R (0:3879) 4935 0 R (0:388) 1709 0 R (0:3880) 4936 0 R (0:3881) 4937 0 R] /Limits [(0:3877) (0:3881)] >> endobj 7811 0 obj << /Names [(0:3882) 4938 0 R (0:3883) 4939 0 R (0:3884) 4940 0 R (0:3885) 4941 0 R (0:3886) 4942 0 R (0:3887) 4943 0 R] /Limits [(0:3882) (0:3887)] >> endobj 7812 0 obj << /Names [(0:3890) 4945 0 R (0:3891) 4946 0 R (0:3892) 4947 0 R (0:3895) 4961 0 R (0:3898) 4962 0 R (0:3899) 4963 0 R] /Limits [(0:3890) (0:3899)] >> endobj 7813 0 obj << /Names [(0:39) 1356 0 R (0:390) 1710 0 R (0:3900) 4964 0 R (0:3901) 4965 0 R (0:3902) 4966 0 R (0:3903) 4967 0 R] /Limits [(0:39) (0:3903)] >> endobj 7814 0 obj << /Names [(0:3904) 4968 0 R (0:3905) 4969 0 R (0:3906) 4970 0 R (0:3907) 4971 0 R (0:3908) 4972 0 R (0:3909) 4973 0 R] /Limits [(0:3904) (0:3909)] >> endobj 7815 0 obj << /Names [(0:391) 1711 0 R (0:3910) 4974 0 R (0:3911) 4975 0 R (0:3912) 4976 0 R (0:3913) 4977 0 R (0:3914) 4978 0 R] /Limits [(0:391) (0:3914)] >> endobj 7816 0 obj << /Names [(0:3915) 4979 0 R (0:3916) 4980 0 R (0:3917) 4981 0 R (0:3918) 4982 0 R (0:3919) 4983 0 R (0:392) 1712 0 R] /Limits [(0:3915) (0:392)] >> endobj 7817 0 obj << /Names [(0:3920) 4984 0 R (0:3921) 4985 0 R (0:3923) 4986 0 R (0:3924) 4987 0 R (0:3925) 4988 0 R (0:3926) 4989 0 R] /Limits [(0:3920) (0:3926)] >> endobj 7818 0 obj << /Names [(0:3927) 4990 0 R (0:3928) 4991 0 R (0:3929) 4992 0 R (0:393) 1713 0 R (0:3930) 4993 0 R (0:3931) 4994 0 R] /Limits [(0:3927) (0:3931)] >> endobj 7819 0 obj << /Names [(0:3932) 4995 0 R (0:3933) 4996 0 R (0:3934) 4997 0 R (0:3935) 4998 0 R (0:3936) 4999 0 R (0:3938) 5000 0 R] /Limits [(0:3932) (0:3938)] >> endobj 7820 0 obj << /Names [(0:3939) 5001 0 R (0:3941) 5002 0 R (0:3943) 5008 0 R (0:3944) 5009 0 R (0:3945) 5010 0 R (0:3946) 5011 0 R] /Limits [(0:3939) (0:3946)] >> endobj 7821 0 obj << /Names [(0:3947) 5012 0 R (0:3948) 5013 0 R (0:3949) 5003 0 R (0:3951) 5014 0 R (0:3952) 5015 0 R (0:3953) 5016 0 R] /Limits [(0:3947) (0:3953)] >> endobj 7822 0 obj << /Names [(0:3954) 5017 0 R (0:3955) 5018 0 R (0:3956) 5019 0 R (0:3957) 5020 0 R (0:3958) 5021 0 R (0:3959) 5022 0 R] /Limits [(0:3954) (0:3959)] >> endobj 7823 0 obj << /Names [(0:396) 1714 0 R (0:3960) 5023 0 R (0:3961) 5024 0 R (0:3962) 5025 0 R (0:3963) 5026 0 R (0:3964) 5027 0 R] /Limits [(0:396) (0:3964)] >> endobj 7824 0 obj << /Names [(0:3965) 5028 0 R (0:3966) 5029 0 R (0:3967) 5030 0 R (0:3968) 5031 0 R (0:3969) 5032 0 R (0:397) 1715 0 R] /Limits [(0:3965) (0:397)] >> endobj 7825 0 obj << /Names [(0:3970) 5033 0 R (0:3972) 5034 0 R (0:3973) 5035 0 R (0:3974) 5036 0 R (0:3975) 5037 0 R (0:3976) 5038 0 R] /Limits [(0:3970) (0:3976)] >> endobj 7826 0 obj << /Names [(0:3977) 5039 0 R (0:3978) 5040 0 R (0:3979) 5041 0 R (0:398) 1716 0 R (0:3981) 5046 0 R (0:3982) 5047 0 R] /Limits [(0:3977) (0:3982)] >> endobj 7827 0 obj << /Names [(0:3983) 5048 0 R (0:3984) 5049 0 R (0:3985) 5050 0 R (0:3986) 5051 0 R (0:3987) 5052 0 R (0:3989) 5053 0 R] /Limits [(0:3983) (0:3989)] >> endobj 7828 0 obj << /Names [(0:399) 1717 0 R (0:3990) 5054 0 R (0:3991) 5055 0 R (0:3992) 5056 0 R (0:3993) 5057 0 R (0:3994) 5058 0 R] /Limits [(0:399) (0:3994)] >> endobj 7829 0 obj << /Names [(0:3995) 5059 0 R (0:3996) 5060 0 R (0:3997) 5061 0 R (0:3998) 5062 0 R (0:3999) 5063 0 R (0:40) 1357 0 R] /Limits [(0:3995) (0:40)] >> endobj 7830 0 obj << /Names [(0:400) 1718 0 R (0:4000) 5064 0 R (0:4001) 5065 0 R (0:4002) 5066 0 R (0:4003) 5067 0 R (0:4004) 5068 0 R] /Limits [(0:400) (0:4004)] >> endobj 7831 0 obj << /Names [(0:4005) 5069 0 R (0:4006) 5070 0 R (0:4007) 5071 0 R (0:4008) 5072 0 R (0:4009) 5073 0 R (0:401) 1719 0 R] /Limits [(0:4005) (0:401)] >> endobj 7832 0 obj << /Names [(0:4012) 5074 0 R (0:4013) 5075 0 R (0:4014) 5076 0 R (0:4015) 5077 0 R (0:4016) 5078 0 R (0:4017) 5079 0 R] /Limits [(0:4012) (0:4017)] >> endobj 7833 0 obj << /Names [(0:4018) 5080 0 R (0:4021) 5089 0 R (0:4022) 5090 0 R (0:4023) 5091 0 R (0:4026) 5092 0 R (0:4027) 5093 0 R] /Limits [(0:4018) (0:4027)] >> endobj 7834 0 obj << /Names [(0:4028) 5094 0 R (0:4029) 5095 0 R (0:403) 1720 0 R (0:4030) 5096 0 R (0:4031) 5097 0 R (0:4032) 5098 0 R] /Limits [(0:4028) (0:4032)] >> endobj 7835 0 obj << /Names [(0:4033) 5099 0 R (0:4034) 5100 0 R (0:4035) 5101 0 R (0:4036) 5102 0 R (0:4037) 5103 0 R (0:4038) 5104 0 R] /Limits [(0:4033) (0:4038)] >> endobj 7836 0 obj << /Names [(0:4039) 5105 0 R (0:404) 1721 0 R (0:4040) 5106 0 R (0:4041) 5107 0 R (0:4043) 5108 0 R (0:4044) 5109 0 R] /Limits [(0:4039) (0:4044)] >> endobj 7837 0 obj << /Names [(0:4045) 5110 0 R (0:4046) 5111 0 R (0:4047) 5112 0 R (0:4048) 5113 0 R (0:4049) 5114 0 R (0:405) 1722 0 R] /Limits [(0:4045) (0:405)] >> endobj 7838 0 obj << /Names [(0:4050) 5115 0 R (0:4051) 5116 0 R (0:4052) 5117 0 R (0:4053) 5118 0 R (0:4054) 5119 0 R (0:4056) 5120 0 R] /Limits [(0:4050) (0:4056)] >> endobj 7839 0 obj << /Names [(0:4057) 5121 0 R (0:4058) 5122 0 R (0:4059) 5123 0 R (0:406) 1723 0 R (0:4060) 5124 0 R (0:4062) 5125 0 R] /Limits [(0:4057) (0:4062)] >> endobj 7840 0 obj << /Names [(0:4063) 5126 0 R (0:4064) 5127 0 R (0:4065) 5133 0 R (0:4066) 5134 0 R (0:4067) 5135 0 R (0:4068) 5136 0 R] /Limits [(0:4063) (0:4068)] >> endobj 7841 0 obj << /Names [(0:4069) 5137 0 R (0:407) 1724 0 R (0:4070) 5138 0 R (0:4071) 5139 0 R (0:4072) 5140 0 R (0:4073) 5141 0 R] /Limits [(0:4069) (0:4073)] >> endobj 7842 0 obj << /Names [(0:4074) 5142 0 R (0:4075) 5143 0 R (0:4076) 5144 0 R (0:4077) 5145 0 R (0:4078) 5146 0 R (0:4079) 5147 0 R] /Limits [(0:4074) (0:4079)] >> endobj 7843 0 obj << /Names [(0:408) 1725 0 R (0:4080) 5148 0 R (0:4081) 5149 0 R (0:4082) 5150 0 R (0:4083) 5151 0 R (0:4084) 5152 0 R] /Limits [(0:408) (0:4084)] >> endobj 7844 0 obj << /Names [(0:4086) 5153 0 R (0:4087) 5154 0 R (0:4088) 5155 0 R (0:4089) 5156 0 R (0:409) 1726 0 R (0:4092) 5158 0 R] /Limits [(0:4086) (0:4092)] >> endobj 7845 0 obj << /Names [(0:4094) 5159 0 R (0:4095) 5160 0 R (0:4097) 5161 0 R (0:4098) 5162 0 R (0:4099) 5163 0 R (0:41) 1358 0 R] /Limits [(0:4094) (0:41)] >> endobj 7846 0 obj << /Names [(0:410) 1727 0 R (0:4100) 5164 0 R (0:4101) 5165 0 R (0:4102) 5166 0 R (0:4103) 5167 0 R (0:4104) 5168 0 R] /Limits [(0:410) (0:4104)] >> endobj 7847 0 obj << /Names [(0:4105) 5174 0 R (0:4106) 5175 0 R (0:4107) 5176 0 R (0:4108) 5177 0 R (0:4109) 5178 0 R (0:411) 1728 0 R] /Limits [(0:4105) (0:411)] >> endobj 7848 0 obj << /Names [(0:4110) 5179 0 R (0:4111) 5180 0 R (0:4112) 5181 0 R (0:4113) 5182 0 R (0:4114) 5183 0 R (0:4115) 5184 0 R] /Limits [(0:4110) (0:4115)] >> endobj 7849 0 obj << /Names [(0:4116) 5185 0 R (0:4117) 5186 0 R (0:4118) 5187 0 R (0:4119) 5188 0 R (0:412) 1729 0 R (0:4120) 5189 0 R] /Limits [(0:4116) (0:4120)] >> endobj 7850 0 obj << /Names [(0:4121) 5190 0 R (0:4122) 5191 0 R (0:4123) 5192 0 R (0:4124) 5193 0 R (0:4125) 5194 0 R (0:4126) 5195 0 R] /Limits [(0:4121) (0:4126)] >> endobj 7851 0 obj << /Names [(0:4127) 5196 0 R (0:4128) 5197 0 R (0:4129) 5198 0 R (0:413) 1730 0 R (0:4130) 5199 0 R (0:4131) 5200 0 R] /Limits [(0:4127) (0:4131)] >> endobj 7852 0 obj << /Names [(0:4133) 5201 0 R (0:4134) 5202 0 R (0:4135) 5203 0 R (0:4136) 5204 0 R (0:4137) 5205 0 R (0:4138) 5206 0 R] /Limits [(0:4133) (0:4138)] >> endobj 7853 0 obj << /Names [(0:4139) 5207 0 R (0:4141) 5208 0 R (0:4142) 5209 0 R (0:4143) 5210 0 R (0:4144) 5211 0 R (0:4146) 5216 0 R] /Limits [(0:4139) (0:4146)] >> endobj 7854 0 obj << /Names [(0:4147) 5217 0 R (0:4148) 5218 0 R (0:4149) 5219 0 R (0:415) 1735 0 R (0:4150) 5220 0 R (0:4151) 5221 0 R] /Limits [(0:4147) (0:4151)] >> endobj 7855 0 obj << /Names [(0:4152) 5222 0 R (0:4153) 5173 0 R (0:4155) 5223 0 R (0:4156) 5224 0 R (0:4157) 5225 0 R (0:4158) 5226 0 R] /Limits [(0:4152) (0:4158)] >> endobj 7856 0 obj << /Names [(0:4159) 5227 0 R (0:416) 1736 0 R (0:4161) 5228 0 R (0:4162) 5229 0 R (0:4163) 5230 0 R (0:4165) 5231 0 R] /Limits [(0:4159) (0:4165)] >> endobj 7857 0 obj << /Names [(0:4166) 5232 0 R (0:4169) 5233 0 R (0:417) 1737 0 R (0:4170) 5234 0 R (0:4171) 5235 0 R (0:4172) 5236 0 R] /Limits [(0:4166) (0:4172)] >> endobj 7858 0 obj << /Names [(0:4173) 5237 0 R (0:4174) 5242 0 R (0:4175) 5243 0 R (0:4176) 5244 0 R (0:4177) 5245 0 R (0:4178) 5246 0 R] /Limits [(0:4173) (0:4178)] >> endobj 7859 0 obj << /Names [(0:4179) 5247 0 R (0:418) 1738 0 R (0:4180) 5248 0 R (0:4181) 5249 0 R (0:4182) 5250 0 R (0:4183) 5251 0 R] /Limits [(0:4179) (0:4183)] >> endobj 7860 0 obj << /Names [(0:4188) 5257 0 R (0:4189) 5258 0 R (0:419) 1739 0 R (0:4190) 5259 0 R (0:4191) 5260 0 R (0:4192) 5261 0 R] /Limits [(0:4188) (0:4192)] >> endobj 7861 0 obj << /Names [(0:4193) 5262 0 R (0:4194) 5263 0 R (0:4195) 5264 0 R (0:4197) 5265 0 R (0:4198) 5266 0 R (0:4199) 5267 0 R] /Limits [(0:4193) (0:4199)] >> endobj 7862 0 obj << /Names [(0:42) 1359 0 R (0:4201) 5268 0 R (0:4202) 5269 0 R (0:4203) 5270 0 R (0:4204) 5271 0 R (0:4205) 5272 0 R] /Limits [(0:42) (0:4205)] >> endobj 7863 0 obj << /Names [(0:4206) 5273 0 R (0:4207) 5274 0 R (0:4208) 5275 0 R (0:4209) 5276 0 R (0:4210) 5277 0 R (0:4211) 5278 0 R] /Limits [(0:4206) (0:4211)] >> endobj 7864 0 obj << /Names [(0:4213) 5279 0 R (0:4214) 5280 0 R (0:4215) 5281 0 R (0:4217) 5288 0 R (0:4218) 5289 0 R (0:4219) 5290 0 R] /Limits [(0:4213) (0:4219)] >> endobj 7865 0 obj << /Names [(0:422) 1741 0 R (0:4220) 5291 0 R (0:4223) 5292 0 R (0:4224) 5293 0 R (0:4225) 5294 0 R (0:4226) 5295 0 R] /Limits [(0:422) (0:4226)] >> endobj 7866 0 obj << /Names [(0:4227) 5296 0 R (0:4228) 5297 0 R (0:4229) 5298 0 R (0:423) 1742 0 R (0:4230) 5299 0 R (0:4231) 5300 0 R] /Limits [(0:4227) (0:4231)] >> endobj 7867 0 obj << /Names [(0:4232) 5301 0 R (0:4233) 5302 0 R (0:4234) 5303 0 R (0:4235) 5304 0 R (0:4236) 5305 0 R (0:4237) 5306 0 R] /Limits [(0:4232) (0:4237)] >> endobj 7868 0 obj << /Names [(0:4238) 5307 0 R (0:4239) 5308 0 R (0:424) 1743 0 R (0:4240) 5309 0 R (0:4241) 5310 0 R (0:4242) 5311 0 R] /Limits [(0:4238) (0:4242)] >> endobj 7869 0 obj << /Names [(0:4243) 5312 0 R (0:4245) 5313 0 R (0:4246) 5314 0 R (0:4247) 5315 0 R (0:4248) 5316 0 R (0:4249) 5317 0 R] /Limits [(0:4243) (0:4249)] >> endobj 7870 0 obj << /Names [(0:425) 1744 0 R (0:4250) 5318 0 R (0:4251) 5319 0 R (0:4252) 5320 0 R (0:4253) 5321 0 R (0:4254) 5322 0 R] /Limits [(0:425) (0:4254)] >> endobj 7871 0 obj << /Names [(0:4255) 5323 0 R (0:4256) 5324 0 R (0:4257) 5325 0 R (0:4258) 5326 0 R (0:4259) 5327 0 R (0:4260) 5328 0 R] /Limits [(0:4255) (0:4260)] >> endobj 7872 0 obj << /Names [(0:4261) 5329 0 R (0:4262) 5330 0 R (0:4263) 5336 0 R (0:4266) 5337 0 R (0:4269) 5339 0 R (0:427) 1745 0 R] /Limits [(0:4261) (0:427)] >> endobj 7873 0 obj << /Names [(0:4270) 5340 0 R (0:4271) 5341 0 R (0:4273) 5342 0 R (0:4274) 5343 0 R (0:4275) 5344 0 R (0:4276) 5345 0 R] /Limits [(0:4270) (0:4276)] >> endobj 7874 0 obj << /Names [(0:4277) 5346 0 R (0:4279) 5347 0 R (0:428) 1746 0 R (0:4280) 5348 0 R (0:4281) 5349 0 R (0:4282) 5350 0 R] /Limits [(0:4277) (0:4282)] >> endobj 7875 0 obj << /Names [(0:4284) 5356 0 R (0:4285) 5357 0 R (0:4286) 5358 0 R (0:4287) 5359 0 R (0:4288) 5360 0 R (0:429) 1747 0 R] /Limits [(0:4284) (0:429)] >> endobj 7876 0 obj << /Names [(0:4290) 5361 0 R (0:4291) 5362 0 R (0:4292) 5363 0 R (0:4293) 5364 0 R (0:4294) 5365 0 R (0:4296) 5366 0 R] /Limits [(0:4290) (0:4296)] >> endobj 7877 0 obj << /Names [(0:4297) 5367 0 R (0:4298) 5368 0 R (0:4299) 5369 0 R (0:43) 1360 0 R (0:430) 1748 0 R (0:4300) 5370 0 R] /Limits [(0:4297) (0:4300)] >> endobj 7878 0 obj << /Names [(0:4303) 5372 0 R (0:4304) 5373 0 R (0:4305) 5374 0 R (0:4306) 5375 0 R (0:4307) 5376 0 R (0:4308) 5377 0 R] /Limits [(0:4303) (0:4308)] >> endobj 7879 0 obj << /Names [(0:4309) 5378 0 R (0:431) 1749 0 R (0:4310) 5379 0 R (0:4313) 5381 0 R (0:4315) 5382 0 R (0:4316) 5383 0 R] /Limits [(0:4309) (0:4316)] >> endobj 7880 0 obj << /Names [(0:4317) 5384 0 R (0:4318) 5385 0 R (0:432) 1750 0 R (0:4320) 5391 0 R (0:4321) 5392 0 R (0:4322) 5393 0 R] /Limits [(0:4317) (0:4322)] >> endobj 7881 0 obj << /Names [(0:4323) 5394 0 R (0:4325) 5395 0 R (0:4326) 5396 0 R (0:4327) 5397 0 R (0:4329) 5398 0 R (0:433) 1751 0 R] /Limits [(0:4323) (0:433)] >> endobj 7882 0 obj << /Names [(0:4330) 5399 0 R (0:4331) 5400 0 R (0:4332) 5401 0 R (0:4333) 5402 0 R (0:4334) 5403 0 R (0:4335) 5404 0 R] /Limits [(0:4330) (0:4335)] >> endobj 7883 0 obj << /Names [(0:4336) 5405 0 R (0:4338) 5406 0 R (0:4339) 5407 0 R (0:4340) 5408 0 R (0:4341) 5409 0 R (0:4344) 5411 0 R] /Limits [(0:4336) (0:4344)] >> endobj 7884 0 obj << /Names [(0:4346) 5412 0 R (0:4347) 5413 0 R (0:4348) 5414 0 R (0:4349) 5415 0 R (0:435) 1752 0 R (0:4350) 5416 0 R] /Limits [(0:4346) (0:4350)] >> endobj 7885 0 obj << /Names [(0:4351) 5417 0 R (0:4352) 5418 0 R (0:4353) 5419 0 R (0:4354) 5420 0 R (0:4355) 5421 0 R (0:4356) 5422 0 R] /Limits [(0:4351) (0:4356)] >> endobj 7886 0 obj << /Names [(0:4357) 5423 0 R (0:4358) 5428 0 R (0:4359) 5429 0 R (0:436) 1753 0 R (0:4360) 5390 0 R (0:4362) 5430 0 R] /Limits [(0:4357) (0:4362)] >> endobj 7887 0 obj << /Names [(0:4364) 5431 0 R (0:4365) 5432 0 R (0:4366) 5433 0 R (0:4368) 5434 0 R (0:4369) 5435 0 R (0:437) 1754 0 R] /Limits [(0:4364) (0:437)] >> endobj 7888 0 obj << /Names [(0:4370) 5436 0 R (0:4371) 5437 0 R (0:4372) 5438 0 R (0:4374) 5439 0 R (0:4375) 5440 0 R (0:4376) 5441 0 R] /Limits [(0:4370) (0:4376)] >> endobj 7889 0 obj << /Names [(0:4377) 5442 0 R (0:4378) 5443 0 R (0:4379) 5444 0 R (0:438) 1755 0 R (0:4380) 5445 0 R (0:4381) 5446 0 R] /Limits [(0:4377) (0:4381)] >> endobj 7890 0 obj << /Names [(0:4382) 5447 0 R (0:4383) 5448 0 R (0:4384) 5449 0 R (0:4386) 5450 0 R (0:4387) 5451 0 R (0:4388) 5452 0 R] /Limits [(0:4382) (0:4388)] >> endobj 7891 0 obj << /Names [(0:4389) 5453 0 R (0:439) 1756 0 R (0:4391) 5454 0 R (0:4392) 5455 0 R (0:4393) 5456 0 R (0:4394) 5457 0 R] /Limits [(0:4389) (0:4394)] >> endobj 7892 0 obj << /Names [(0:4395) 5458 0 R (0:4396) 5459 0 R (0:4397) 5460 0 R (0:4398) 5461 0 R (0:44) 1361 0 R (0:440) 1757 0 R] /Limits [(0:4395) (0:440)] >> endobj 7893 0 obj << /Names [(0:4400) 5462 0 R (0:4401) 5463 0 R (0:4402) 5464 0 R (0:4403) 5465 0 R (0:4405) 5466 0 R (0:4406) 5467 0 R] /Limits [(0:4400) (0:4406)] >> endobj 7894 0 obj << /Names [(0:4407) 5468 0 R (0:4408) 5469 0 R (0:441) 1758 0 R (0:4411) 5471 0 R (0:4412) 5472 0 R (0:4413) 5473 0 R] /Limits [(0:4407) (0:4413)] >> endobj 7895 0 obj << /Names [(0:4414) 5474 0 R (0:4415) 5475 0 R (0:4416) 5476 0 R (0:4417) 5481 0 R (0:4418) 5482 0 R (0:4419) 5483 0 R] /Limits [(0:4414) (0:4419)] >> endobj 7896 0 obj << /Names [(0:442) 1759 0 R (0:4420) 5484 0 R (0:4423) 5486 0 R (0:4426) 5488 0 R (0:4427) 5489 0 R (0:443) 1760 0 R] /Limits [(0:442) (0:443)] >> endobj 7897 0 obj << /Names [(0:4430) 5491 0 R (0:4431) 5492 0 R (0:4432) 5493 0 R (0:4435) 5495 0 R (0:4438) 5497 0 R (0:4439) 5498 0 R] /Limits [(0:4430) (0:4439)] >> endobj 7898 0 obj << /Names [(0:4440) 5499 0 R (0:4441) 5500 0 R (0:4442) 5501 0 R (0:4444) 5502 0 R (0:4445) 5503 0 R (0:4446) 5504 0 R] /Limits [(0:4440) (0:4446)] >> endobj 7899 0 obj << /Names [(0:4449) 5510 0 R (0:4450) 5511 0 R (0:4453) 5513 0 R (0:4454) 5514 0 R (0:4457) 5516 0 R (0:4458) 5517 0 R] /Limits [(0:4449) (0:4458)] >> endobj 7900 0 obj << /Names [(0:4461) 5519 0 R (0:4462) 5520 0 R (0:4463) 5521 0 R (0:4464) 5522 0 R (0:4465) 5523 0 R (0:4466) 5524 0 R] /Limits [(0:4461) (0:4466)] >> endobj 7901 0 obj << /Names [(0:4467) 5525 0 R (0:4468) 5526 0 R (0:4470) 5527 0 R (0:4471) 5528 0 R (0:4472) 5529 0 R (0:4473) 5530 0 R] /Limits [(0:4467) (0:4473)] >> endobj 7902 0 obj << /Names [(0:4476) 5532 0 R (0:4477) 5533 0 R (0:4478) 5540 0 R (0:4479) 5541 0 R (0:4480) 5542 0 R (0:4481) 5543 0 R] /Limits [(0:4476) (0:4481)] >> endobj 7903 0 obj << /Names [(0:4482) 5544 0 R (0:4483) 5545 0 R (0:4484) 5546 0 R (0:4485) 5547 0 R (0:4486) 5548 0 R (0:4487) 5549 0 R] /Limits [(0:4482) (0:4487)] >> endobj 7904 0 obj << /Names [(0:4488) 5550 0 R (0:4489) 5551 0 R (0:4490) 5552 0 R (0:4491) 5553 0 R (0:4492) 5554 0 R (0:4493) 5555 0 R] /Limits [(0:4488) (0:4493)] >> endobj 7905 0 obj << /Names [(0:4494) 5556 0 R (0:4495) 5557 0 R (0:4496) 5558 0 R (0:4499) 5560 0 R (0:45) 1362 0 R (0:4500) 5561 0 R] /Limits [(0:4494) (0:4500)] >> endobj 7906 0 obj << /Names [(0:4501) 5562 0 R (0:4502) 5563 0 R (0:4503) 5564 0 R (0:4504) 5565 0 R (0:4505) 5566 0 R (0:4506) 5567 0 R] /Limits [(0:4501) (0:4506)] >> endobj 7907 0 obj << /Names [(0:4507) 5568 0 R (0:4508) 5574 0 R (0:4509) 5575 0 R (0:4510) 5539 0 R (0:4512) 5576 0 R (0:4514) 5577 0 R] /Limits [(0:4507) (0:4514)] >> endobj 7908 0 obj << /Names [(0:4515) 5578 0 R (0:4516) 5579 0 R (0:4517) 5580 0 R (0:4518) 5581 0 R (0:4520) 5582 0 R (0:4521) 5583 0 R] /Limits [(0:4515) (0:4521)] >> endobj 7909 0 obj << /Names [(0:4522) 5584 0 R (0:4525) 5586 0 R (0:4526) 5587 0 R (0:4527) 5588 0 R (0:4528) 5589 0 R (0:4529) 5590 0 R] /Limits [(0:4522) (0:4529)] >> endobj 7910 0 obj << /Names [(0:4530) 5591 0 R (0:4531) 5592 0 R (0:4532) 5593 0 R (0:4533) 5594 0 R (0:4534) 5595 0 R (0:4535) 5596 0 R] /Limits [(0:4530) (0:4535)] >> endobj 7911 0 obj << /Names [(0:4536) 5597 0 R (0:4537) 5598 0 R (0:4538) 5599 0 R (0:4539) 5600 0 R (0:4540) 5601 0 R (0:4541) 5602 0 R] /Limits [(0:4536) (0:4541)] >> endobj 7912 0 obj << /Names [(0:4542) 5603 0 R (0:4543) 5608 0 R (0:4544) 5609 0 R (0:4545) 5573 0 R (0:4547) 5610 0 R (0:4548) 5611 0 R] /Limits [(0:4542) (0:4548)] >> endobj 7913 0 obj << /Names [(0:4549) 5612 0 R (0:4550) 5613 0 R (0:4551) 5614 0 R (0:4552) 5615 0 R (0:4553) 5616 0 R (0:4554) 5617 0 R] /Limits [(0:4549) (0:4554)] >> endobj 7914 0 obj << /Names [(0:4555) 5618 0 R (0:4556) 5619 0 R (0:4557) 5620 0 R (0:4558) 5621 0 R (0:4559) 5622 0 R (0:4560) 5623 0 R] /Limits [(0:4555) (0:4560)] >> endobj 7915 0 obj << /Names [(0:4561) 5624 0 R (0:4562) 5625 0 R (0:4563) 5626 0 R (0:4564) 5627 0 R (0:4565) 5628 0 R (0:4566) 5629 0 R] /Limits [(0:4561) (0:4566)] >> endobj 7916 0 obj << /Names [(0:4567) 5630 0 R (0:4568) 5631 0 R (0:4569) 5632 0 R (0:4570) 5633 0 R (0:4571) 5634 0 R (0:4572) 5635 0 R] /Limits [(0:4567) (0:4572)] >> endobj 7917 0 obj << /Names [(0:4575) 5637 0 R (0:4576) 5638 0 R (0:4579) 5640 0 R (0:4580) 5641 0 R (0:4581) 5642 0 R (0:4582) 5643 0 R] /Limits [(0:4575) (0:4582)] >> endobj 7918 0 obj << /Names [(0:4583) 5644 0 R (0:4586) 5652 0 R (0:4588) 5653 0 R (0:4591) 5654 0 R (0:4592) 5655 0 R (0:4593) 5656 0 R] /Limits [(0:4583) (0:4593)] >> endobj 7919 0 obj << /Names [(0:4594) 5657 0 R (0:4595) 5658 0 R (0:4596) 5659 0 R (0:4597) 5660 0 R (0:4598) 5661 0 R (0:4599) 5662 0 R] /Limits [(0:4594) (0:4599)] >> endobj 7920 0 obj << /Names [(0:46) 1363 0 R (0:4600) 5663 0 R (0:4601) 5664 0 R (0:4602) 5665 0 R (0:4603) 5666 0 R (0:4604) 5667 0 R] /Limits [(0:46) (0:4604)] >> endobj 7921 0 obj << /Names [(0:4605) 5668 0 R (0:4606) 5669 0 R (0:4608) 5670 0 R (0:4609) 5671 0 R (0:4610) 5672 0 R (0:4612) 5673 0 R] /Limits [(0:4605) (0:4612)] >> endobj 7922 0 obj << /Names [(0:4613) 5674 0 R (0:4615) 5675 0 R (0:4617) 5676 0 R (0:4618) 5677 0 R (0:4619) 5678 0 R (0:4621) 5679 0 R] /Limits [(0:4613) (0:4621)] >> endobj 7923 0 obj << /Names [(0:4623) 5680 0 R (0:4628) 5687 0 R (0:4629) 5688 0 R (0:4630) 5689 0 R (0:4631) 5690 0 R (0:4632) 5691 0 R] /Limits [(0:4623) (0:4632)] >> endobj 7924 0 obj << /Names [(0:4633) 5692 0 R (0:4634) 5693 0 R (0:4635) 5694 0 R (0:4636) 5695 0 R (0:4637) 5696 0 R (0:4638) 5697 0 R] /Limits [(0:4633) (0:4638)] >> endobj 7925 0 obj << /Names [(0:4641) 5699 0 R (0:4642) 5700 0 R (0:4643) 5701 0 R (0:4644) 5702 0 R (0:4645) 5703 0 R (0:4646) 5704 0 R] /Limits [(0:4641) (0:4646)] >> endobj 7926 0 obj << /Names [(0:4647) 5705 0 R (0:4648) 5706 0 R (0:4649) 5707 0 R (0:4652) 5709 0 R (0:4653) 5710 0 R (0:4654) 5711 0 R] /Limits [(0:4647) (0:4654)] >> endobj 7927 0 obj << /Names [(0:4655) 5712 0 R (0:4656) 5713 0 R (0:4657) 5714 0 R (0:4660) 5716 0 R (0:4662) 5717 0 R (0:4663) 5722 0 R] /Limits [(0:4655) (0:4663)] >> endobj 7928 0 obj << /Names [(0:4664) 5723 0 R (0:4665) 5724 0 R (0:4666) 5725 0 R (0:4669) 5727 0 R (0:4670) 5728 0 R (0:4671) 5729 0 R] /Limits [(0:4664) (0:4671)] >> endobj 7929 0 obj << /Names [(0:4672) 5730 0 R (0:4673) 5731 0 R (0:4674) 5732 0 R (0:4675) 5733 0 R (0:4676) 5734 0 R (0:4677) 5735 0 R] /Limits [(0:4672) (0:4677)] >> endobj 7930 0 obj << /Names [(0:4678) 5736 0 R (0:4679) 5737 0 R (0:4680) 5738 0 R (0:4682) 5739 0 R (0:4683) 5740 0 R (0:4684) 5741 0 R] /Limits [(0:4678) (0:4684)] >> endobj 7931 0 obj << /Names [(0:4687) 5743 0 R (0:4688) 5744 0 R (0:4689) 5745 0 R (0:4690) 5746 0 R (0:4691) 5747 0 R (0:4692) 5748 0 R] /Limits [(0:4687) (0:4692)] >> endobj 7932 0 obj << /Names [(0:4693) 5749 0 R (0:4694) 5750 0 R (0:4695) 5751 0 R (0:4696) 5752 0 R (0:4697) 5753 0 R (0:4698) 5754 0 R] /Limits [(0:4693) (0:4698)] >> endobj 7933 0 obj << /Names [(0:4699) 5755 0 R (0:47) 1364 0 R (0:4700) 5756 0 R (0:4701) 5757 0 R (0:4702) 5758 0 R (0:4707) 5764 0 R] /Limits [(0:4699) (0:4707)] >> endobj 7934 0 obj << /Names [(0:4708) 5765 0 R (0:4709) 5766 0 R (0:4710) 5767 0 R (0:4711) 5768 0 R (0:4712) 5769 0 R (0:4713) 5770 0 R] /Limits [(0:4708) (0:4713)] >> endobj 7935 0 obj << /Names [(0:4714) 5771 0 R (0:4715) 5772 0 R (0:4716) 5773 0 R (0:4717) 5774 0 R (0:4718) 5775 0 R (0:4719) 5776 0 R] /Limits [(0:4714) (0:4719)] >> endobj 7936 0 obj << /Names [(0:4720) 5777 0 R (0:4722) 5778 0 R (0:4723) 5779 0 R (0:4724) 5780 0 R (0:4725) 5781 0 R (0:4726) 5782 0 R] /Limits [(0:4720) (0:4726)] >> endobj 7937 0 obj << /Names [(0:4727) 5783 0 R (0:4728) 5784 0 R (0:4729) 5785 0 R (0:4730) 5786 0 R (0:4731) 5787 0 R (0:4732) 5788 0 R] /Limits [(0:4727) (0:4732)] >> endobj 7938 0 obj << /Names [(0:4733) 5789 0 R (0:4734) 5790 0 R (0:4735) 5791 0 R (0:4736) 5792 0 R (0:4739) 5794 0 R (0:4740) 5795 0 R] /Limits [(0:4733) (0:4740)] >> endobj 7939 0 obj << /Names [(0:4741) 5796 0 R (0:4742) 5797 0 R (0:4743) 5802 0 R (0:4744) 5803 0 R (0:4747) 5804 0 R (0:4748) 5805 0 R] /Limits [(0:4741) (0:4748)] >> endobj 7940 0 obj << /Names [(0:4749) 5806 0 R (0:4750) 5807 0 R (0:4751) 5808 0 R (0:4752) 5809 0 R (0:4753) 5810 0 R (0:4754) 5811 0 R] /Limits [(0:4749) (0:4754)] >> endobj 7941 0 obj << /Names [(0:4755) 5812 0 R (0:4756) 5813 0 R (0:4757) 5814 0 R (0:4758) 5815 0 R (0:4759) 5816 0 R (0:4760) 5817 0 R] /Limits [(0:4755) (0:4760)] >> endobj 7942 0 obj << /Names [(0:4761) 5818 0 R (0:4762) 5819 0 R (0:4763) 5820 0 R (0:4764) 5821 0 R (0:4765) 5822 0 R (0:4766) 5823 0 R] /Limits [(0:4761) (0:4766)] >> endobj 7943 0 obj << /Names [(0:4767) 5828 0 R (0:4768) 5829 0 R (0:4769) 5830 0 R (0:4770) 5831 0 R (0:4771) 5832 0 R (0:4773) 5833 0 R] /Limits [(0:4767) (0:4773)] >> endobj 7944 0 obj << /Names [(0:4774) 5834 0 R (0:4776) 5835 0 R (0:4779) 5836 0 R (0:4780) 5837 0 R (0:4781) 5838 0 R (0:4782) 5839 0 R] /Limits [(0:4774) (0:4782)] >> endobj 7945 0 obj << /Names [(0:4785) 5840 0 R (0:4786) 5841 0 R (0:4787) 5846 0 R (0:4790) 5847 0 R (0:4791) 5848 0 R (0:4792) 5849 0 R] /Limits [(0:4785) (0:4792)] >> endobj 7946 0 obj << /Names [(0:4793) 5850 0 R (0:4794) 5851 0 R (0:4795) 5852 0 R (0:4796) 5853 0 R (0:4797) 5854 0 R (0:4798) 5855 0 R] /Limits [(0:4793) (0:4798)] >> endobj 7947 0 obj << /Names [(0:4799) 5856 0 R (0:48) 1365 0 R (0:4800) 5857 0 R (0:4801) 5858 0 R (0:4802) 5859 0 R (0:4803) 5860 0 R] /Limits [(0:4799) (0:4803)] >> endobj 7948 0 obj << /Names [(0:4804) 5865 0 R (0:4809) 5871 0 R (0:4811) 5872 0 R (0:4812) 5873 0 R (0:4813) 5874 0 R (0:4815) 5875 0 R] /Limits [(0:4804) (0:4815)] >> endobj 7949 0 obj << /Names [(0:4816) 5876 0 R (0:4817) 5877 0 R (0:4818) 5878 0 R (0:4821) 5879 0 R (0:4822) 5880 0 R (0:4823) 5881 0 R] /Limits [(0:4816) (0:4823)] >> endobj 7950 0 obj << /Names [(0:4824) 5882 0 R (0:4826) 5883 0 R (0:4827) 5884 0 R (0:4828) 5885 0 R (0:4829) 5886 0 R (0:4830) 5887 0 R] /Limits [(0:4824) (0:4830)] >> endobj 7951 0 obj << /Names [(0:4832) 5888 0 R (0:4833) 5889 0 R (0:4834) 5890 0 R (0:4836) 5891 0 R (0:4837) 5892 0 R (0:4838) 5893 0 R] /Limits [(0:4832) (0:4838)] >> endobj 7952 0 obj << /Names [(0:4839) 5894 0 R (0:4840) 5895 0 R (0:4842) 5896 0 R (0:4843) 5897 0 R (0:4844) 5898 0 R (0:4846) 5899 0 R] /Limits [(0:4839) (0:4846)] >> endobj 7953 0 obj << /Names [(0:4847) 5900 0 R (0:4848) 5901 0 R (0:4850) 5902 0 R (0:4851) 5903 0 R (0:4852) 5904 0 R (0:4854) 5912 0 R] /Limits [(0:4847) (0:4854)] >> endobj 7954 0 obj << /Names [(0:4855) 5913 0 R (0:4856) 5914 0 R (0:4857) 5915 0 R (0:4859) 5905 0 R (0:4860) 5916 0 R (0:4861) 5917 0 R] /Limits [(0:4855) (0:4861)] >> endobj 7955 0 obj << /Names [(0:4863) 5918 0 R (0:4864) 5919 0 R (0:4865) 5920 0 R (0:4866) 5921 0 R (0:4867) 5922 0 R (0:4868) 5923 0 R] /Limits [(0:4863) (0:4868)] >> endobj 7956 0 obj << /Names [(0:4870) 5924 0 R (0:4871) 5925 0 R (0:4872) 5926 0 R (0:4873) 5927 0 R (0:4875) 5928 0 R (0:4876) 5929 0 R] /Limits [(0:4870) (0:4876)] >> endobj 7957 0 obj << /Names [(0:4877) 5930 0 R (0:4880) 5931 0 R (0:4881) 5932 0 R (0:4882) 5933 0 R (0:4884) 5934 0 R (0:4885) 5935 0 R] /Limits [(0:4877) (0:4885)] >> endobj 7958 0 obj << /Names [(0:4886) 5936 0 R (0:4888) 5937 0 R (0:4889) 5938 0 R (0:4890) 5939 0 R (0:4892) 5940 0 R (0:4893) 5941 0 R] /Limits [(0:4886) (0:4893)] >> endobj 7959 0 obj << /Names [(0:4894) 5942 0 R (0:4896) 5943 0 R (0:4897) 5944 0 R (0:4898) 5945 0 R (0:4899) 5946 0 R (0:49) 1366 0 R] /Limits [(0:4894) (0:49)] >> endobj 7960 0 obj << /Names [(0:4900) 5947 0 R (0:4902) 5948 0 R (0:4903) 5949 0 R (0:4904) 5950 0 R (0:4906) 5955 0 R (0:4907) 5956 0 R] /Limits [(0:4900) (0:4907)] >> endobj 7961 0 obj << /Names [(0:4908) 5957 0 R (0:4909) 5958 0 R (0:491) 1762 0 R (0:4910) 5959 0 R (0:4912) 5960 0 R (0:4913) 5961 0 R] /Limits [(0:4908) (0:4913)] >> endobj 7962 0 obj << /Names [(0:4914) 5962 0 R (0:4915) 5963 0 R (0:4917) 5964 0 R (0:4918) 5965 0 R (0:4919) 5966 0 R (0:492) 1763 0 R] /Limits [(0:4914) (0:492)] >> endobj 7963 0 obj << /Names [(0:4921) 5967 0 R (0:4922) 5968 0 R (0:4923) 5969 0 R (0:4925) 5970 0 R (0:4926) 5971 0 R (0:4927) 5972 0 R] /Limits [(0:4921) (0:4927)] >> endobj 7964 0 obj << /Names [(0:4929) 5973 0 R (0:493) 1765 0 R (0:4930) 5974 0 R (0:4931) 5975 0 R (0:4933) 5976 0 R (0:4934) 5977 0 R] /Limits [(0:4929) (0:4934)] >> endobj 7965 0 obj << /Names [(0:4935) 5978 0 R (0:4937) 5979 0 R (0:4938) 5980 0 R (0:4939) 5981 0 R (0:494) 1766 0 R (0:4941) 5982 0 R] /Limits [(0:4935) (0:4941)] >> endobj 7966 0 obj << /Names [(0:4942) 5983 0 R (0:4943) 5984 0 R (0:4945) 5985 0 R (0:4946) 5986 0 R (0:4947) 5987 0 R (0:4949) 5992 0 R] /Limits [(0:4942) (0:4949)] >> endobj 7967 0 obj << /Names [(0:495) 1767 0 R (0:4950) 5993 0 R (0:4951) 5994 0 R (0:4953) 5995 0 R (0:4954) 5996 0 R (0:4955) 5997 0 R] /Limits [(0:495) (0:4955)] >> endobj 7968 0 obj << /Names [(0:4958) 5998 0 R (0:4959) 5999 0 R (0:496) 1768 0 R (0:4961) 6000 0 R (0:4962) 6001 0 R (0:4963) 6002 0 R] /Limits [(0:4958) (0:4963)] >> endobj 7969 0 obj << /Names [(0:4965) 6003 0 R (0:4966) 6004 0 R (0:4967) 6005 0 R (0:4969) 6006 0 R (0:497) 1769 0 R (0:4970) 6007 0 R] /Limits [(0:4965) (0:4970)] >> endobj 7970 0 obj << /Names [(0:4971) 6008 0 R (0:4973) 6009 0 R (0:4974) 6010 0 R (0:4975) 6011 0 R (0:4977) 6012 0 R (0:4978) 6013 0 R] /Limits [(0:4971) (0:4978)] >> endobj 7971 0 obj << /Names [(0:4979) 6014 0 R (0:498) 1770 0 R (0:4980) 6015 0 R (0:4983) 6016 0 R (0:4985) 6017 0 R (0:4986) 6018 0 R] /Limits [(0:4979) (0:4986)] >> endobj 7972 0 obj << /Names [(0:4987) 6019 0 R (0:4988) 6020 0 R (0:499) 1771 0 R (0:4990) 6025 0 R (0:4991) 6026 0 R (0:4992) 6027 0 R] /Limits [(0:4987) (0:4992)] >> endobj 7973 0 obj << /Names [(0:4993) 6028 0 R (0:4995) 6029 0 R (0:4996) 6030 0 R (0:4997) 6031 0 R (0:4998) 6032 0 R (0:4999) 6033 0 R] /Limits [(0:4993) (0:4999)] >> endobj 7974 0 obj << /Names [(0:50) 1367 0 R (0:500) 1772 0 R (0:5000) 6034 0 R (0:5002) 6035 0 R (0:5003) 6036 0 R (0:5004) 6037 0 R] /Limits [(0:50) (0:5004)] >> endobj 7975 0 obj << /Names [(0:5007) 6038 0 R (0:5009) 6039 0 R (0:501) 1773 0 R (0:5010) 6040 0 R (0:5011) 6041 0 R (0:5013) 6042 0 R] /Limits [(0:5007) (0:5013)] >> endobj 7976 0 obj << /Names [(0:5014) 6043 0 R (0:5015) 6044 0 R (0:5017) 6045 0 R (0:5018) 6046 0 R (0:5019) 6047 0 R (0:502) 1774 0 R] /Limits [(0:5014) (0:502)] >> endobj 7977 0 obj << /Names [(0:5021) 6048 0 R (0:5022) 6049 0 R (0:5023) 6050 0 R (0:5024) 6051 0 R (0:5026) 6052 0 R (0:5027) 6053 0 R] /Limits [(0:5021) (0:5027)] >> endobj 7978 0 obj << /Names [(0:5028) 6054 0 R (0:5029) 6055 0 R (0:503) 1775 0 R (0:5030) 6056 0 R (0:5032) 6057 0 R (0:5033) 6058 0 R] /Limits [(0:5028) (0:5033)] >> endobj 7979 0 obj << /Names [(0:5034) 6059 0 R (0:5035) 6060 0 R (0:5036) 6061 0 R (0:5038) 6069 0 R (0:5039) 6070 0 R (0:504) 1776 0 R] /Limits [(0:5034) (0:504)] >> endobj 7980 0 obj << /Names [(0:5040) 6071 0 R (0:5042) 6072 0 R (0:5043) 6073 0 R (0:5044) 6074 0 R (0:5047) 6075 0 R (0:5048) 6076 0 R] /Limits [(0:5040) (0:5048)] >> endobj 7981 0 obj << /Names [(0:505) 1777 0 R (0:5050) 6077 0 R (0:5052) 6078 0 R (0:5053) 6079 0 R (0:5055) 6080 0 R (0:5056) 6081 0 R] /Limits [(0:505) (0:5056)] >> endobj 7982 0 obj << /Names [(0:5057) 6082 0 R (0:506) 1778 0 R (0:5060) 6083 0 R (0:5061) 6084 0 R (0:5062) 6085 0 R (0:5063) 6086 0 R] /Limits [(0:5057) (0:5063)] >> endobj 7983 0 obj << /Names [(0:5065) 6087 0 R (0:5066) 6088 0 R (0:5067) 6089 0 R (0:5068) 6090 0 R (0:5069) 6091 0 R (0:507) 1779 0 R] /Limits [(0:5065) (0:507)] >> endobj 7984 0 obj << /Names [(0:5071) 6092 0 R (0:5072) 6093 0 R (0:5073) 6094 0 R (0:5074) 6095 0 R (0:5076) 6096 0 R (0:5077) 6097 0 R] /Limits [(0:5071) (0:5077)] >> endobj 7985 0 obj << /Names [(0:5078) 6098 0 R (0:5079) 6099 0 R (0:508) 1780 0 R (0:5081) 6100 0 R (0:5082) 6101 0 R (0:5083) 6102 0 R] /Limits [(0:5078) (0:5083)] >> endobj 7986 0 obj << /Names [(0:5084) 6103 0 R (0:5086) 6104 0 R (0:5087) 6105 0 R (0:5088) 6106 0 R (0:5089) 6107 0 R (0:509) 1781 0 R] /Limits [(0:5084) (0:509)] >> endobj 7987 0 obj << /Names [(0:5091) 6112 0 R (0:5092) 6113 0 R (0:5093) 6114 0 R (0:5094) 6115 0 R (0:5096) 6068 0 R (0:5097) 6116 0 R] /Limits [(0:5091) (0:5097)] >> endobj 7988 0 obj << /Names [(0:5098) 6117 0 R (0:5099) 6118 0 R (0:51) 1368 0 R (0:510) 1782 0 R (0:5101) 6119 0 R (0:5102) 6120 0 R] /Limits [(0:5098) (0:5102)] >> endobj 7989 0 obj << /Names [(0:5103) 6121 0 R (0:5104) 6122 0 R (0:5106) 6123 0 R (0:5107) 6124 0 R (0:5108) 6125 0 R (0:5109) 6126 0 R] /Limits [(0:5103) (0:5109)] >> endobj 7990 0 obj << /Names [(0:511) 1783 0 R (0:5111) 6127 0 R (0:5112) 6128 0 R (0:5113) 6129 0 R (0:5118) 6136 0 R (0:5119) 6137 0 R] /Limits [(0:511) (0:5119)] >> endobj 7991 0 obj << /Names [(0:512) 1784 0 R (0:5120) 6138 0 R (0:5121) 6139 0 R (0:5122) 6140 0 R (0:5123) 6141 0 R (0:5124) 6142 0 R] /Limits [(0:512) (0:5124)] >> endobj 7992 0 obj << /Names [(0:5125) 6143 0 R (0:5126) 6144 0 R (0:5127) 6145 0 R (0:5128) 6146 0 R (0:5129) 6147 0 R (0:513) 1789 0 R] /Limits [(0:5125) (0:513)] >> endobj 7993 0 obj << /Names [(0:5130) 6148 0 R (0:5131) 6149 0 R (0:5132) 6150 0 R (0:5133) 6151 0 R (0:5134) 6152 0 R (0:5135) 6153 0 R] /Limits [(0:5130) (0:5135)] >> endobj 7994 0 obj << /Names [(0:5136) 6154 0 R (0:5137) 6155 0 R (0:5138) 6156 0 R (0:5139) 6157 0 R (0:514) 1790 0 R (0:5140) 6158 0 R] /Limits [(0:5136) (0:5140)] >> endobj 7995 0 obj << /Names [(0:5141) 6159 0 R (0:5142) 6160 0 R (0:5143) 6161 0 R (0:5144) 6162 0 R (0:5145) 6163 0 R (0:5146) 6164 0 R] /Limits [(0:5141) (0:5146)] >> endobj 7996 0 obj << /Names [(0:5147) 6165 0 R (0:5148) 6166 0 R (0:5149) 6167 0 R (0:5150) 6168 0 R (0:5151) 6169 0 R (0:5152) 6170 0 R] /Limits [(0:5147) (0:5152)] >> endobj 7997 0 obj << /Names [(0:5153) 6171 0 R (0:5154) 6172 0 R (0:5155) 6173 0 R (0:5156) 6174 0 R (0:5157) 6175 0 R (0:5158) 6176 0 R] /Limits [(0:5153) (0:5158)] >> endobj 7998 0 obj << /Names [(0:5159) 6177 0 R (0:5160) 6178 0 R (0:5161) 6179 0 R (0:5162) 6180 0 R (0:5163) 6181 0 R (0:5164) 6182 0 R] /Limits [(0:5159) (0:5164)] >> endobj 7999 0 obj << /Names [(0:5165) 6183 0 R (0:5166) 6184 0 R (0:5167) 6185 0 R (0:5168) 6186 0 R (0:5169) 6187 0 R (0:5170) 6188 0 R] /Limits [(0:5165) (0:5170)] >> endobj 8000 0 obj << /Names [(0:5171) 6189 0 R (0:5172) 6190 0 R (0:5173) 6191 0 R (0:5174) 6192 0 R (0:5175) 6193 0 R (0:5176) 6194 0 R] /Limits [(0:5171) (0:5176)] >> endobj 8001 0 obj << /Names [(0:5177) 6195 0 R (0:5178) 6196 0 R (0:5179) 6197 0 R (0:5180) 6198 0 R (0:5181) 6199 0 R (0:5182) 6200 0 R] /Limits [(0:5177) (0:5182)] >> endobj 8002 0 obj << /Names [(0:5183) 6201 0 R (0:5184) 6202 0 R (0:5186) 6203 0 R (0:5187) 6204 0 R (0:5188) 6205 0 R (0:5189) 6206 0 R] /Limits [(0:5183) (0:5189)] >> endobj 8003 0 obj << /Names [(0:519) 1793 0 R (0:5190) 6207 0 R (0:5191) 6208 0 R (0:5192) 6209 0 R (0:5193) 6210 0 R (0:5194) 6215 0 R] /Limits [(0:519) (0:5194)] >> endobj 8004 0 obj << /Names [(0:5195) 6216 0 R (0:5196) 6217 0 R (0:5197) 6218 0 R (0:5198) 6219 0 R (0:5199) 6220 0 R (0:52) 1369 0 R] /Limits [(0:5195) (0:52)] >> endobj 8005 0 obj << /Names [(0:520) 1794 0 R (0:5200) 6221 0 R (0:5201) 6222 0 R (0:5202) 6223 0 R (0:5203) 6224 0 R (0:5204) 6225 0 R] /Limits [(0:520) (0:5204)] >> endobj 8006 0 obj << /Names [(0:5205) 6226 0 R (0:5206) 6227 0 R (0:5207) 6228 0 R (0:5208) 6229 0 R (0:5209) 6230 0 R (0:5210) 6231 0 R] /Limits [(0:5205) (0:5210)] >> endobj 8007 0 obj << /Names [(0:5211) 6232 0 R (0:5212) 6233 0 R (0:5213) 6234 0 R (0:5214) 6235 0 R (0:5215) 6236 0 R (0:5216) 6237 0 R] /Limits [(0:5211) (0:5216)] >> endobj 8008 0 obj << /Names [(0:5217) 6238 0 R (0:5218) 6239 0 R (0:5219) 6240 0 R (0:5220) 6241 0 R (0:5221) 6242 0 R (0:5222) 6243 0 R] /Limits [(0:5217) (0:5222)] >> endobj 8009 0 obj << /Names [(0:5223) 6244 0 R (0:5224) 6245 0 R (0:5225) 6246 0 R (0:5226) 6247 0 R (0:5227) 6248 0 R (0:5228) 6249 0 R] /Limits [(0:5223) (0:5228)] >> endobj 8010 0 obj << /Names [(0:5229) 6250 0 R (0:5230) 6251 0 R (0:5234) 6252 0 R (0:5235) 6253 0 R (0:5236) 6254 0 R (0:5237) 6255 0 R] /Limits [(0:5229) (0:5237)] >> endobj 8011 0 obj << /Names [(0:5238) 6256 0 R (0:5239) 6257 0 R (0:5240) 6258 0 R (0:5241) 6259 0 R (0:5242) 6260 0 R (0:5243) 6261 0 R] /Limits [(0:5238) (0:5243)] >> endobj 8012 0 obj << /Names [(0:5244) 6262 0 R (0:5246) 6263 0 R (0:5247) 6264 0 R (0:5248) 6265 0 R (0:5249) 6266 0 R (0:5250) 6267 0 R] /Limits [(0:5244) (0:5250)] >> endobj 8013 0 obj << /Names [(0:5251) 6268 0 R (0:5252) 6269 0 R (0:5253) 6270 0 R (0:5254) 6271 0 R (0:5255) 6272 0 R (0:5256) 6273 0 R] /Limits [(0:5251) (0:5256)] >> endobj 8014 0 obj << /Names [(0:5257) 6274 0 R (0:5258) 6275 0 R (0:5259) 6276 0 R (0:5260) 6277 0 R (0:5261) 6278 0 R (0:5262) 6279 0 R] /Limits [(0:5257) (0:5262)] >> endobj 8015 0 obj << /Names [(0:5263) 6280 0 R (0:5264) 6281 0 R (0:5265) 6282 0 R (0:5266) 6283 0 R (0:5267) 6284 0 R (0:5271) 6285 0 R] /Limits [(0:5263) (0:5271)] >> endobj 8016 0 obj << /Names [(0:5272) 6286 0 R (0:5273) 6287 0 R (0:5274) 6288 0 R (0:5275) 6289 0 R (0:5276) 6290 0 R (0:5277) 6291 0 R] /Limits [(0:5272) (0:5277)] >> endobj 8017 0 obj << /Names [(0:5278) 6292 0 R (0:5279) 6297 0 R (0:5280) 6298 0 R (0:5281) 6299 0 R (0:5282) 6300 0 R (0:5283) 6301 0 R] /Limits [(0:5278) (0:5283)] >> endobj 8018 0 obj << /Names [(0:5284) 6302 0 R (0:5285) 6303 0 R (0:5286) 6304 0 R (0:5287) 6305 0 R (0:5288) 6306 0 R (0:5293) 6314 0 R] /Limits [(0:5284) (0:5293)] >> endobj 8019 0 obj << /Names [(0:5294) 6315 0 R (0:5295) 6316 0 R (0:5296) 6317 0 R (0:5297) 6318 0 R (0:53) 1370 0 R (0:5301) 6319 0 R] /Limits [(0:5294) (0:5301)] >> endobj 8020 0 obj << /Names [(0:5302) 6320 0 R (0:5303) 6321 0 R (0:5304) 6322 0 R (0:5305) 6323 0 R (0:5306) 6324 0 R (0:5307) 6325 0 R] /Limits [(0:5302) (0:5307)] >> endobj 8021 0 obj << /Names [(0:5308) 6326 0 R (0:5309) 6327 0 R (0:5310) 6328 0 R (0:5311) 6329 0 R (0:5312) 6330 0 R (0:5313) 6331 0 R] /Limits [(0:5308) (0:5313)] >> endobj 8022 0 obj << /Names [(0:5314) 6332 0 R (0:5315) 6333 0 R (0:5317) 6334 0 R (0:5318) 6339 0 R (0:5320) 6340 0 R (0:5321) 6341 0 R] /Limits [(0:5314) (0:5321)] >> endobj 8023 0 obj << /Names [(0:5322) 6342 0 R (0:5323) 6343 0 R (0:5326) 6345 0 R (0:5327) 6346 0 R (0:5328) 6347 0 R (0:5329) 6348 0 R] /Limits [(0:5322) (0:5329)] >> endobj 8024 0 obj << /Names [(0:5330) 6349 0 R (0:5331) 6350 0 R (0:5332) 6351 0 R (0:5333) 6352 0 R (0:5335) 6353 0 R (0:5336) 6354 0 R] /Limits [(0:5330) (0:5336)] >> endobj 8025 0 obj << /Names [(0:5337) 6355 0 R (0:5338) 6356 0 R (0:5339) 6357 0 R (0:5340) 6358 0 R (0:5341) 6359 0 R (0:5342) 6360 0 R] /Limits [(0:5337) (0:5342)] >> endobj 8026 0 obj << /Names [(0:5343) 6361 0 R (0:5344) 6362 0 R (0:5345) 6363 0 R (0:5348) 6369 0 R (0:5349) 6370 0 R (0:5350) 6371 0 R] /Limits [(0:5343) (0:5350)] >> endobj 8027 0 obj << /Names [(0:5352) 6372 0 R (0:5353) 6373 0 R (0:5354) 6374 0 R (0:5355) 6375 0 R (0:5356) 6376 0 R (0:5358) 6377 0 R] /Limits [(0:5352) (0:5358)] >> endobj 8028 0 obj << /Names [(0:5359) 6378 0 R (0:5360) 6379 0 R (0:5361) 6380 0 R (0:5362) 6381 0 R (0:5364) 6382 0 R (0:5365) 6383 0 R] /Limits [(0:5359) (0:5365)] >> endobj 8029 0 obj << /Names [(0:5366) 6384 0 R (0:5367) 6385 0 R (0:5368) 6386 0 R (0:5370) 6387 0 R (0:5371) 6388 0 R (0:5372) 6389 0 R] /Limits [(0:5366) (0:5372)] >> endobj 8030 0 obj << /Names [(0:5373) 6390 0 R (0:5374) 6391 0 R (0:5376) 6392 0 R (0:5377) 6393 0 R (0:5378) 6394 0 R (0:5379) 6395 0 R] /Limits [(0:5373) (0:5379)] >> endobj 8031 0 obj << /Names [(0:5380) 6396 0 R (0:5381) 6397 0 R (0:5382) 6398 0 R (0:5383) 6399 0 R (0:5384) 6400 0 R (0:5385) 6401 0 R] /Limits [(0:5380) (0:5385)] >> endobj 8032 0 obj << /Names [(0:5387) 6402 0 R (0:5388) 6403 0 R (0:5389) 6404 0 R (0:5390) 6405 0 R (0:5391) 6406 0 R (0:5392) 6407 0 R] /Limits [(0:5387) (0:5392)] >> endobj 8033 0 obj << /Names [(0:5393) 6408 0 R (0:5394) 6409 0 R (0:5395) 6410 0 R (0:5396) 6411 0 R (0:5397) 6412 0 R (0:5398) 6422 0 R] /Limits [(0:5393) (0:5398)] >> endobj 8034 0 obj << /Names [(0:54) 1371 0 R (0:540) 1797 0 R (0:5401) 6423 0 R (0:5403) 6424 0 R (0:5404) 6425 0 R (0:5405) 6426 0 R] /Limits [(0:54) (0:5405)] >> endobj 8035 0 obj << /Names [(0:5406) 6427 0 R (0:5407) 6428 0 R (0:5408) 6429 0 R (0:5409) 6430 0 R (0:5410) 6431 0 R (0:5411) 6432 0 R] /Limits [(0:5406) (0:5411)] >> endobj 8036 0 obj << /Names [(0:5412) 6433 0 R (0:5413) 6434 0 R (0:5414) 6435 0 R (0:5415) 6436 0 R (0:5416) 6437 0 R (0:5418) 6438 0 R] /Limits [(0:5412) (0:5418)] >> endobj 8037 0 obj << /Names [(0:5419) 6439 0 R (0:542) 1798 0 R (0:5420) 6440 0 R (0:5421) 6441 0 R (0:5422) 6442 0 R (0:5423) 6443 0 R] /Limits [(0:5419) (0:5423)] >> endobj 8038 0 obj << /Names [(0:5426) 6444 0 R (0:5428) 6445 0 R (0:5429) 6446 0 R (0:543) 1799 0 R (0:5430) 6447 0 R (0:5431) 6454 0 R] /Limits [(0:5426) (0:5431)] >> endobj 8039 0 obj << /Names [(0:5432) 6455 0 R (0:5433) 6456 0 R (0:5434) 6421 0 R (0:5437) 6457 0 R (0:5438) 6458 0 R (0:5439) 6459 0 R] /Limits [(0:5432) (0:5439)] >> endobj 8040 0 obj << /Names [(0:544) 1800 0 R (0:5440) 6460 0 R (0:5441) 6461 0 R (0:5442) 6462 0 R (0:5443) 6463 0 R (0:5444) 6464 0 R] /Limits [(0:544) (0:5444)] >> endobj 8041 0 obj << /Names [(0:5445) 6465 0 R (0:5446) 6466 0 R (0:5447) 6467 0 R (0:5448) 6468 0 R (0:5449) 6469 0 R (0:5450) 6470 0 R] /Limits [(0:5445) (0:5450)] >> endobj 8042 0 obj << /Names [(0:5451) 6471 0 R (0:5452) 6472 0 R (0:5453) 6473 0 R (0:5454) 6474 0 R (0:5455) 6475 0 R (0:5456) 6476 0 R] /Limits [(0:5451) (0:5456)] >> endobj 8043 0 obj << /Names [(0:5457) 6477 0 R (0:5458) 6478 0 R (0:5459) 6479 0 R (0:5460) 6480 0 R (0:5461) 6481 0 R (0:5462) 6482 0 R] /Limits [(0:5457) (0:5462)] >> endobj 8044 0 obj << /Names [(0:5463) 6483 0 R (0:5464) 6484 0 R (0:5465) 6485 0 R (0:5466) 6486 0 R (0:5467) 6487 0 R (0:5468) 6488 0 R] /Limits [(0:5463) (0:5468)] >> endobj 8045 0 obj << /Names [(0:5469) 6489 0 R (0:5470) 6490 0 R (0:5471) 6491 0 R (0:5472) 6492 0 R (0:5473) 6493 0 R (0:5474) 6494 0 R] /Limits [(0:5469) (0:5474)] >> endobj 8046 0 obj << /Names [(0:5475) 6495 0 R (0:5476) 6496 0 R (0:5477) 6497 0 R (0:5478) 6498 0 R (0:5481) 6499 0 R (0:5483) 6500 0 R] /Limits [(0:5475) (0:5483)] >> endobj 8047 0 obj << /Names [(0:5484) 6501 0 R (0:5485) 6507 0 R (0:5486) 6453 0 R (0:5489) 6508 0 R (0:5490) 6509 0 R (0:5491) 6510 0 R] /Limits [(0:5484) (0:5491)] >> endobj 8048 0 obj << /Names [(0:5492) 6511 0 R (0:5493) 6512 0 R (0:5494) 6513 0 R (0:5495) 6514 0 R (0:5496) 6515 0 R (0:5497) 6516 0 R] /Limits [(0:5492) (0:5497)] >> endobj 8049 0 obj << /Names [(0:5498) 6517 0 R (0:5499) 6518 0 R (0:55) 1372 0 R (0:5500) 6519 0 R (0:5501) 6520 0 R (0:5502) 6521 0 R] /Limits [(0:5498) (0:5502)] >> endobj 8050 0 obj << /Names [(0:5503) 6522 0 R (0:5504) 6523 0 R (0:5505) 6524 0 R (0:5506) 6525 0 R (0:5507) 6526 0 R (0:5508) 6527 0 R] /Limits [(0:5503) (0:5508)] >> endobj 8051 0 obj << /Names [(0:5509) 6528 0 R (0:5510) 6529 0 R (0:5511) 6530 0 R (0:5512) 6531 0 R (0:5513) 6532 0 R (0:5516) 6533 0 R] /Limits [(0:5509) (0:5516)] >> endobj 8052 0 obj << /Names [(0:5517) 6534 0 R (0:5518) 6535 0 R (0:5519) 6536 0 R (0:5520) 6537 0 R (0:5521) 6538 0 R (0:5522) 6539 0 R] /Limits [(0:5517) (0:5522)] >> endobj 8053 0 obj << /Names [(0:5523) 6540 0 R (0:5524) 6541 0 R (0:5525) 6542 0 R (0:5526) 6543 0 R (0:5527) 6544 0 R (0:5528) 6545 0 R] /Limits [(0:5523) (0:5528)] >> endobj 8054 0 obj << /Names [(0:5529) 6551 0 R (0:5530) 6552 0 R (0:5531) 6553 0 R (0:5532) 6506 0 R (0:5537) 6554 0 R (0:5538) 6555 0 R] /Limits [(0:5529) (0:5538)] >> endobj 8055 0 obj << /Names [(0:5539) 6556 0 R (0:5540) 6557 0 R (0:5541) 6558 0 R (0:5542) 6559 0 R (0:5543) 6560 0 R (0:5544) 6561 0 R] /Limits [(0:5539) (0:5544)] >> endobj 8056 0 obj << /Names [(0:5545) 6562 0 R (0:5546) 6563 0 R (0:5547) 6564 0 R (0:5548) 6565 0 R (0:5549) 6566 0 R (0:5550) 6567 0 R] /Limits [(0:5545) (0:5550)] >> endobj 8057 0 obj << /Names [(0:5551) 6568 0 R (0:5552) 6569 0 R (0:5553) 6570 0 R (0:5554) 6571 0 R (0:5555) 6572 0 R (0:5556) 6573 0 R] /Limits [(0:5551) (0:5556)] >> endobj 8058 0 obj << /Names [(0:5557) 6574 0 R (0:5558) 6575 0 R (0:5559) 6576 0 R (0:5560) 6577 0 R (0:5561) 6578 0 R (0:5562) 6579 0 R] /Limits [(0:5557) (0:5562)] >> endobj 8059 0 obj << /Names [(0:5563) 6580 0 R (0:5564) 6581 0 R (0:5565) 6582 0 R (0:5566) 6583 0 R (0:5567) 6584 0 R (0:5568) 6585 0 R] /Limits [(0:5563) (0:5568)] >> endobj 8060 0 obj << /Names [(0:5569) 6586 0 R (0:5570) 6587 0 R (0:5571) 6588 0 R (0:5572) 6589 0 R (0:5573) 6590 0 R (0:5576) 6596 0 R] /Limits [(0:5569) (0:5576)] >> endobj 8061 0 obj << /Names [(0:5577) 6550 0 R (0:5579) 6597 0 R (0:5580) 6598 0 R (0:5581) 6599 0 R (0:5582) 6600 0 R (0:5583) 6601 0 R] /Limits [(0:5577) (0:5583)] >> endobj 8062 0 obj << /Names [(0:5584) 6602 0 R (0:5585) 6603 0 R (0:5586) 6604 0 R (0:5587) 6605 0 R (0:5588) 6606 0 R (0:5589) 6607 0 R] /Limits [(0:5584) (0:5589)] >> endobj 8063 0 obj << /Names [(0:5590) 6608 0 R (0:5591) 6609 0 R (0:5592) 6610 0 R (0:5593) 6611 0 R (0:5594) 6612 0 R (0:5595) 6613 0 R] /Limits [(0:5590) (0:5595)] >> endobj 8064 0 obj << /Names [(0:5596) 6614 0 R (0:5597) 6615 0 R (0:5598) 6616 0 R (0:5599) 6617 0 R (0:56) 1373 0 R (0:5600) 6618 0 R] /Limits [(0:5596) (0:5600)] >> endobj 8065 0 obj << /Names [(0:5601) 6619 0 R (0:5602) 6620 0 R (0:5603) 6621 0 R (0:5604) 6622 0 R (0:5605) 6623 0 R (0:5606) 6624 0 R] /Limits [(0:5601) (0:5606)] >> endobj 8066 0 obj << /Names [(0:5609) 6625 0 R (0:5610) 6626 0 R (0:5611) 6627 0 R (0:5612) 6628 0 R (0:5613) 6634 0 R (0:5614) 6635 0 R] /Limits [(0:5609) (0:5614)] >> endobj 8067 0 obj << /Names [(0:5615) 6636 0 R (0:5616) 6595 0 R (0:5619) 6637 0 R (0:5620) 6638 0 R (0:5621) 6639 0 R (0:5622) 6640 0 R] /Limits [(0:5615) (0:5622)] >> endobj 8068 0 obj << /Names [(0:5623) 6641 0 R (0:5624) 6642 0 R (0:5625) 6643 0 R (0:5626) 6644 0 R (0:5627) 6645 0 R (0:5630) 6646 0 R] /Limits [(0:5623) (0:5630)] >> endobj 8069 0 obj << /Names [(0:5631) 6647 0 R (0:5632) 6648 0 R (0:5633) 6649 0 R (0:5634) 6650 0 R (0:5635) 6651 0 R (0:5636) 6652 0 R] /Limits [(0:5631) (0:5636)] >> endobj 8070 0 obj << /Names [(0:5637) 6653 0 R (0:5638) 6654 0 R (0:5639) 6655 0 R (0:5640) 6656 0 R (0:5641) 6657 0 R (0:5642) 6658 0 R] /Limits [(0:5637) (0:5642)] >> endobj 8071 0 obj << /Names [(0:5645) 6659 0 R (0:5646) 6660 0 R (0:5647) 6661 0 R (0:5648) 6662 0 R (0:5649) 6663 0 R (0:5650) 6664 0 R] /Limits [(0:5645) (0:5650)] >> endobj 8072 0 obj << /Names [(0:5651) 6665 0 R (0:5652) 6672 0 R (0:5653) 6673 0 R (0:5654) 6674 0 R (0:5655) 6633 0 R (0:5658) 6675 0 R] /Limits [(0:5651) (0:5658)] >> endobj 8073 0 obj << /Names [(0:5659) 6676 0 R (0:566) 1804 0 R (0:5660) 6677 0 R (0:5661) 6678 0 R (0:5662) 6679 0 R (0:5663) 6680 0 R] /Limits [(0:5659) (0:5663)] >> endobj 8074 0 obj << /Names [(0:5664) 6681 0 R (0:5665) 6682 0 R (0:5666) 6683 0 R (0:5667) 6684 0 R (0:5668) 6685 0 R (0:5669) 6686 0 R] /Limits [(0:5664) (0:5669)] >> endobj 8075 0 obj << /Names [(0:567) 1805 0 R (0:5670) 6687 0 R (0:5671) 6688 0 R (0:5672) 6689 0 R (0:5675) 6690 0 R (0:5676) 6691 0 R] /Limits [(0:567) (0:5676)] >> endobj 8076 0 obj << /Names [(0:5677) 6692 0 R (0:5678) 6693 0 R (0:5679) 6694 0 R (0:5680) 6695 0 R (0:5681) 6696 0 R (0:5682) 6697 0 R] /Limits [(0:5677) (0:5682)] >> endobj 8077 0 obj << /Names [(0:5683) 6698 0 R (0:5684) 6699 0 R (0:5685) 6700 0 R (0:5686) 6701 0 R (0:5687) 6702 0 R (0:5688) 6703 0 R] /Limits [(0:5683) (0:5688)] >> endobj 8078 0 obj << /Names [(0:5689) 6704 0 R (0:5690) 6705 0 R (0:5691) 6706 0 R (0:5692) 6707 0 R (0:5693) 6708 0 R (0:5694) 6714 0 R] /Limits [(0:5689) (0:5694)] >> endobj 8079 0 obj << /Names [(0:5695) 6715 0 R (0:5696) 6716 0 R (0:5697) 6671 0 R (0:57) 1374 0 R (0:5700) 6717 0 R (0:5701) 6718 0 R] /Limits [(0:5695) (0:5701)] >> endobj 8080 0 obj << /Names [(0:5702) 6719 0 R (0:5703) 6720 0 R (0:5704) 6721 0 R (0:5705) 6722 0 R (0:5706) 6723 0 R (0:5707) 6724 0 R] /Limits [(0:5702) (0:5707)] >> endobj 8081 0 obj << /Names [(0:5708) 6725 0 R (0:5711) 6726 0 R (0:5712) 6727 0 R (0:5713) 6728 0 R (0:5714) 6729 0 R (0:5715) 6730 0 R] /Limits [(0:5708) (0:5715)] >> endobj 8082 0 obj << /Names [(0:5716) 6731 0 R (0:5717) 6732 0 R (0:5718) 6733 0 R (0:5719) 6734 0 R (0:5720) 6735 0 R (0:5721) 6736 0 R] /Limits [(0:5716) (0:5721)] >> endobj 8083 0 obj << /Names [(0:5722) 6737 0 R (0:5723) 6738 0 R (0:5724) 6739 0 R (0:5725) 6740 0 R (0:5726) 6741 0 R (0:5727) 6742 0 R] /Limits [(0:5722) (0:5727)] >> endobj 8084 0 obj << /Names [(0:5728) 6743 0 R (0:5729) 6744 0 R (0:5730) 6745 0 R (0:5731) 6746 0 R (0:5732) 6747 0 R (0:5733) 6748 0 R] /Limits [(0:5728) (0:5733)] >> endobj 8085 0 obj << /Names [(0:5734) 6749 0 R (0:5735) 6750 0 R (0:5736) 6751 0 R (0:5737) 6752 0 R (0:5738) 6758 0 R (0:5739) 6759 0 R] /Limits [(0:5734) (0:5739)] >> endobj 8086 0 obj << /Names [(0:5740) 6760 0 R (0:5741) 6713 0 R (0:5744) 6761 0 R (0:5745) 6762 0 R (0:5746) 6763 0 R (0:5747) 6764 0 R] /Limits [(0:5740) (0:5747)] >> endobj 8087 0 obj << /Names [(0:5748) 6765 0 R (0:5749) 6766 0 R (0:5750) 6767 0 R (0:5751) 6768 0 R (0:5752) 6769 0 R (0:5753) 6770 0 R] /Limits [(0:5748) (0:5753)] >> endobj 8088 0 obj << /Names [(0:5754) 6771 0 R (0:5755) 6772 0 R (0:5756) 6773 0 R (0:5757) 6774 0 R (0:5758) 6775 0 R (0:5759) 6776 0 R] /Limits [(0:5754) (0:5759)] >> endobj 8089 0 obj << /Names [(0:5760) 6777 0 R (0:5761) 6778 0 R (0:5762) 6779 0 R (0:5765) 6780 0 R (0:5766) 6781 0 R (0:5767) 6782 0 R] /Limits [(0:5760) (0:5767)] >> endobj 8090 0 obj << /Names [(0:5768) 6783 0 R (0:5769) 6784 0 R (0:5770) 6785 0 R (0:5771) 6786 0 R (0:5772) 6787 0 R (0:5773) 6788 0 R] /Limits [(0:5768) (0:5773)] >> endobj 8091 0 obj << /Names [(0:5774) 6789 0 R (0:5775) 6790 0 R (0:5776) 6791 0 R (0:5777) 6792 0 R (0:5778) 6797 0 R (0:5779) 6798 0 R] /Limits [(0:5774) (0:5779)] >> endobj 8092 0 obj << /Names [(0:5780) 6799 0 R (0:5781) 6757 0 R (0:5784) 6800 0 R (0:5785) 6801 0 R (0:5786) 6802 0 R (0:5787) 6803 0 R] /Limits [(0:5780) (0:5787)] >> endobj 8093 0 obj << /Names [(0:5788) 6804 0 R (0:5789) 6805 0 R (0:5790) 6806 0 R (0:5791) 6807 0 R (0:5792) 6808 0 R (0:5795) 6809 0 R] /Limits [(0:5788) (0:5795)] >> endobj 8094 0 obj << /Names [(0:5796) 6810 0 R (0:5797) 6811 0 R (0:5798) 6812 0 R (0:5799) 6813 0 R (0:58) 1375 0 R (0:5800) 6814 0 R] /Limits [(0:5796) (0:5800)] >> endobj 8095 0 obj << /Names [(0:5801) 6815 0 R (0:5802) 6816 0 R (0:5803) 6817 0 R (0:5804) 6818 0 R (0:5805) 6819 0 R (0:5806) 6820 0 R] /Limits [(0:5801) (0:5806)] >> endobj 8096 0 obj << /Names [(0:5807) 6821 0 R (0:5808) 6822 0 R (0:5809) 6823 0 R (0:5810) 6824 0 R (0:5811) 6825 0 R (0:5812) 6826 0 R] /Limits [(0:5807) (0:5812)] >> endobj 8097 0 obj << /Names [(0:5813) 6827 0 R (0:5814) 6828 0 R (0:5815) 6829 0 R (0:5816) 6830 0 R (0:5817) 6831 0 R (0:5818) 6832 0 R] /Limits [(0:5813) (0:5818)] >> endobj 8098 0 obj << /Names [(0:5819) 6833 0 R (0:5820) 6838 0 R (0:5821) 6839 0 R (0:5822) 6840 0 R (0:5823) 6841 0 R (0:5824) 6842 0 R] /Limits [(0:5819) (0:5824)] >> endobj 8099 0 obj << /Names [(0:5825) 6843 0 R (0:5826) 6844 0 R (0:5827) 6845 0 R (0:5828) 6846 0 R (0:5829) 6847 0 R (0:5830) 6848 0 R] /Limits [(0:5825) (0:5830)] >> endobj 8100 0 obj << /Names [(0:5831) 6849 0 R (0:5832) 6850 0 R (0:5833) 6851 0 R (0:5834) 6852 0 R (0:5835) 6853 0 R (0:5836) 6854 0 R] /Limits [(0:5831) (0:5836)] >> endobj 8101 0 obj << /Names [(0:5837) 6855 0 R (0:5838) 6856 0 R (0:5839) 6857 0 R (0:5840) 6858 0 R (0:5841) 6859 0 R (0:5842) 6860 0 R] /Limits [(0:5837) (0:5842)] >> endobj 8102 0 obj << /Names [(0:5843) 6861 0 R (0:5844) 6862 0 R (0:5845) 6863 0 R (0:5846) 6864 0 R (0:5847) 6865 0 R (0:5848) 6866 0 R] /Limits [(0:5843) (0:5848)] >> endobj 8103 0 obj << /Names [(0:5849) 6867 0 R (0:5850) 6868 0 R (0:5851) 6869 0 R (0:5852) 6870 0 R (0:5853) 6871 0 R (0:5854) 6872 0 R] /Limits [(0:5849) (0:5854)] >> endobj 8104 0 obj << /Names [(0:5855) 6873 0 R (0:5856) 6874 0 R (0:5857) 6880 0 R (0:5858) 6881 0 R (0:5859) 6882 0 R (0:5860) 6883 0 R] /Limits [(0:5855) (0:5860)] >> endobj 8105 0 obj << /Names [(0:5861) 6884 0 R (0:5862) 6885 0 R (0:5863) 6886 0 R (0:5864) 6887 0 R (0:5865) 6888 0 R (0:5866) 6889 0 R] /Limits [(0:5861) (0:5866)] >> endobj 8106 0 obj << /Names [(0:5867) 6890 0 R (0:5868) 6891 0 R (0:5869) 6892 0 R (0:5870) 6893 0 R (0:5871) 6894 0 R (0:5872) 6895 0 R] /Limits [(0:5867) (0:5872)] >> endobj 8107 0 obj << /Names [(0:5873) 6896 0 R (0:5874) 6897 0 R (0:5875) 6898 0 R (0:5876) 6899 0 R (0:5877) 6900 0 R (0:5878) 6901 0 R] /Limits [(0:5873) (0:5878)] >> endobj 8108 0 obj << /Names [(0:5879) 6902 0 R (0:5880) 6903 0 R (0:5881) 6904 0 R (0:5882) 6905 0 R (0:5883) 6906 0 R (0:5884) 6907 0 R] /Limits [(0:5879) (0:5884)] >> endobj 8109 0 obj << /Names [(0:5885) 6908 0 R (0:5886) 6909 0 R (0:5887) 6910 0 R (0:5888) 6911 0 R (0:5889) 6912 0 R (0:5890) 6913 0 R] /Limits [(0:5885) (0:5890)] >> endobj 8110 0 obj << /Names [(0:5891) 6914 0 R (0:5892) 6915 0 R (0:5893) 6916 0 R (0:5894) 6917 0 R (0:5895) 6918 0 R (0:5896) 6919 0 R] /Limits [(0:5891) (0:5896)] >> endobj 8111 0 obj << /Names [(0:5897) 6920 0 R (0:5898) 6921 0 R (0:5899) 6922 0 R (0:59) 1376 0 R (0:5900) 6923 0 R (0:5901) 6924 0 R] /Limits [(0:5897) (0:5901)] >> endobj 8112 0 obj << /Names [(0:5902) 6925 0 R (0:5903) 6926 0 R (0:5904) 6927 0 R (0:5905) 6934 0 R (0:5906) 6935 0 R (0:5907) 6936 0 R] /Limits [(0:5902) (0:5907)] >> endobj 8113 0 obj << /Names [(0:5908) 6879 0 R (0:5911) 6937 0 R (0:5912) 6938 0 R (0:5913) 6939 0 R (0:5914) 6940 0 R (0:5915) 6941 0 R] /Limits [(0:5908) (0:5915)] >> endobj 8114 0 obj << /Names [(0:5916) 6942 0 R (0:5917) 6943 0 R (0:5918) 6944 0 R (0:5919) 6945 0 R (0:5920) 6946 0 R (0:5921) 6947 0 R] /Limits [(0:5916) (0:5921)] >> endobj 8115 0 obj << /Names [(0:5922) 6948 0 R (0:5923) 6949 0 R (0:5924) 6950 0 R (0:5925) 6951 0 R (0:5926) 6952 0 R (0:5927) 6953 0 R] /Limits [(0:5922) (0:5927)] >> endobj 8116 0 obj << /Names [(0:5928) 6954 0 R (0:5929) 6955 0 R (0:5930) 6956 0 R (0:5931) 6957 0 R (0:5932) 6958 0 R (0:5933) 6959 0 R] /Limits [(0:5928) (0:5933)] >> endobj 8117 0 obj << /Names [(0:5934) 6960 0 R (0:5935) 6961 0 R (0:5936) 6962 0 R (0:5937) 6963 0 R (0:5938) 6964 0 R (0:5939) 6965 0 R] /Limits [(0:5934) (0:5939)] >> endobj 8118 0 obj << /Names [(0:5940) 6966 0 R (0:5941) 6967 0 R (0:5942) 6968 0 R (0:5943) 6969 0 R (0:5944) 6970 0 R (0:5945) 6971 0 R] /Limits [(0:5940) (0:5945)] >> endobj 8119 0 obj << /Names [(0:5946) 6972 0 R (0:5947) 6973 0 R (0:5948) 6974 0 R (0:5949) 6975 0 R (0:5950) 6980 0 R (0:5951) 6981 0 R] /Limits [(0:5946) (0:5951)] >> endobj 8120 0 obj << /Names [(0:5952) 6982 0 R (0:5953) 6983 0 R (0:5954) 6933 0 R (0:5957) 6984 0 R (0:5958) 6985 0 R (0:5959) 6986 0 R] /Limits [(0:5952) (0:5959)] >> endobj 8121 0 obj << /Names [(0:5960) 6987 0 R (0:5961) 6988 0 R (0:5962) 6989 0 R (0:5963) 6990 0 R (0:5964) 6991 0 R (0:5965) 6992 0 R] /Limits [(0:5960) (0:5965)] >> endobj 8122 0 obj << /Names [(0:5966) 6993 0 R (0:5967) 6994 0 R (0:5968) 6995 0 R (0:5969) 6996 0 R (0:5970) 6997 0 R (0:5971) 6998 0 R] /Limits [(0:5966) (0:5971)] >> endobj 8123 0 obj << /Names [(0:5972) 6999 0 R (0:5973) 7000 0 R (0:5974) 7001 0 R (0:5975) 7002 0 R (0:5976) 7003 0 R (0:5977) 7004 0 R] /Limits [(0:5972) (0:5977)] >> endobj 8124 0 obj << /Names [(0:5978) 7005 0 R (0:5979) 7006 0 R (0:5980) 7007 0 R (0:5981) 7008 0 R (0:5982) 7009 0 R (0:5983) 7010 0 R] /Limits [(0:5978) (0:5983)] >> endobj 8125 0 obj << /Names [(0:5984) 7011 0 R (0:5985) 7012 0 R (0:5986) 7013 0 R (0:5987) 7014 0 R (0:5988) 7015 0 R (0:5989) 7016 0 R] /Limits [(0:5984) (0:5989)] >> endobj 8126 0 obj << /Names [(0:5990) 7017 0 R (0:5991) 7018 0 R (0:5992) 7019 0 R (0:5993) 7020 0 R (0:5994) 7021 0 R (0:5995) 7022 0 R] /Limits [(0:5990) (0:5995)] >> endobj 8127 0 obj << /Names [(0:5996) 7023 0 R (0:5997) 7024 0 R (0:5998) 7025 0 R (0:5999) 7026 0 R (0:60) 1377 0 R (0:6000) 7027 0 R] /Limits [(0:5996) (0:6000)] >> endobj 8128 0 obj << /Names [(0:6001) 7033 0 R (0:6002) 7034 0 R (0:6003) 7035 0 R (0:6004) 7036 0 R (0:6005) 7037 0 R (0:6006) 7038 0 R] /Limits [(0:6001) (0:6006)] >> endobj 8129 0 obj << /Names [(0:6007) 7039 0 R (0:6008) 7040 0 R (0:6009) 7041 0 R (0:6010) 7042 0 R (0:6011) 7043 0 R (0:6012) 7044 0 R] /Limits [(0:6007) (0:6012)] >> endobj 8130 0 obj << /Names [(0:6013) 7045 0 R (0:6014) 7046 0 R (0:6015) 7047 0 R (0:6016) 7048 0 R (0:6017) 7049 0 R (0:6018) 7050 0 R] /Limits [(0:6013) (0:6018)] >> endobj 8131 0 obj << /Names [(0:6019) 7051 0 R (0:6020) 7052 0 R (0:6021) 7053 0 R (0:6022) 7054 0 R (0:6023) 7055 0 R (0:6024) 7056 0 R] /Limits [(0:6019) (0:6024)] >> endobj 8132 0 obj << /Names [(0:6025) 7057 0 R (0:6026) 7058 0 R (0:6027) 7059 0 R (0:6028) 7060 0 R (0:6029) 7061 0 R (0:6030) 7062 0 R] /Limits [(0:6025) (0:6030)] >> endobj 8133 0 obj << /Names [(0:6031) 7063 0 R (0:6032) 7064 0 R (0:6033) 7065 0 R (0:6034) 7066 0 R (0:6035) 7067 0 R (0:6036) 7068 0 R] /Limits [(0:6031) (0:6036)] >> endobj 8134 0 obj << /Names [(0:6037) 7069 0 R (0:6038) 7070 0 R (0:6039) 7071 0 R (0:6040) 7072 0 R (0:6041) 7073 0 R (0:6042) 7074 0 R] /Limits [(0:6037) (0:6042)] >> endobj 8135 0 obj << /Names [(0:6043) 7075 0 R (0:6044) 7076 0 R (0:6045) 7077 0 R (0:6046) 7078 0 R (0:6047) 7079 0 R (0:6048) 7080 0 R] /Limits [(0:6043) (0:6048)] >> endobj 8136 0 obj << /Names [(0:6049) 7081 0 R (0:6050) 7086 0 R (0:6051) 7087 0 R (0:6052) 7088 0 R (0:6053) 7032 0 R (0:6056) 7089 0 R] /Limits [(0:6049) (0:6056)] >> endobj 8137 0 obj << /Names [(0:6057) 7090 0 R (0:6058) 7091 0 R (0:6059) 7092 0 R (0:606) 1812 0 R (0:6060) 7093 0 R (0:6061) 7094 0 R] /Limits [(0:6057) (0:6061)] >> endobj 8138 0 obj << /Names [(0:6062) 7095 0 R (0:6063) 7096 0 R (0:6064) 7097 0 R (0:6065) 7098 0 R (0:6066) 7099 0 R (0:6067) 7100 0 R] /Limits [(0:6062) (0:6067)] >> endobj 8139 0 obj << /Names [(0:6068) 7101 0 R (0:6069) 7102 0 R (0:607) 1813 0 R (0:6070) 7103 0 R (0:6071) 7104 0 R (0:6072) 7105 0 R] /Limits [(0:6068) (0:6072)] >> endobj 8140 0 obj << /Names [(0:6073) 7106 0 R (0:6074) 7107 0 R (0:6075) 7108 0 R (0:6076) 7109 0 R (0:6077) 7110 0 R (0:6078) 7111 0 R] /Limits [(0:6073) (0:6078)] >> endobj 8141 0 obj << /Names [(0:6079) 7112 0 R (0:6080) 7113 0 R (0:6081) 7114 0 R (0:6082) 7115 0 R (0:6083) 7116 0 R (0:6084) 7117 0 R] /Limits [(0:6079) (0:6084)] >> endobj 8142 0 obj << /Names [(0:6085) 7118 0 R (0:6086) 7119 0 R (0:6087) 7120 0 R (0:6088) 7121 0 R (0:6089) 7122 0 R (0:6090) 7123 0 R] /Limits [(0:6085) (0:6090)] >> endobj 8143 0 obj << /Names [(0:6091) 7124 0 R (0:6092) 7131 0 R (0:6093) 7132 0 R (0:6096) 7133 0 R (0:6098) 7134 0 R (0:6099) 7135 0 R] /Limits [(0:6091) (0:6099)] >> endobj 8144 0 obj << /Names [(0:6100) 7136 0 R (0:6101) 7137 0 R (0:6102) 7138 0 R (0:6103) 7139 0 R (0:6104) 7140 0 R (0:6105) 7141 0 R] /Limits [(0:6100) (0:6105)] >> endobj 8145 0 obj << /Names [(0:6106) 7142 0 R (0:6107) 7143 0 R (0:6108) 7144 0 R (0:6109) 7145 0 R (0:6110) 7146 0 R (0:6111) 7147 0 R] /Limits [(0:6106) (0:6111)] >> endobj 8146 0 obj << /Names [(0:6112) 7148 0 R (0:6113) 7149 0 R (0:6114) 7150 0 R (0:6115) 7151 0 R (0:6116) 7152 0 R (0:6117) 7153 0 R] /Limits [(0:6112) (0:6117)] >> endobj 8147 0 obj << /Names [(0:6118) 7154 0 R (0:6119) 7155 0 R (0:6120) 7156 0 R (0:6121) 7157 0 R (0:6122) 7158 0 R (0:6123) 7159 0 R] /Limits [(0:6118) (0:6123)] >> endobj 8148 0 obj << /Names [(0:6124) 7160 0 R (0:6125) 7161 0 R (0:6126) 7162 0 R (0:6127) 7163 0 R (0:6128) 7164 0 R (0:6129) 7165 0 R] /Limits [(0:6124) (0:6129)] >> endobj 8149 0 obj << /Names [(0:6130) 7166 0 R (0:6131) 7167 0 R (0:6132) 7168 0 R (0:6133) 7169 0 R (0:6134) 7170 0 R (0:6135) 7171 0 R] /Limits [(0:6130) (0:6135)] >> endobj 8150 0 obj << /Names [(0:6138) 7177 0 R (0:6139) 7178 0 R (0:6140) 7130 0 R (0:6142) 7179 0 R (0:6143) 7180 0 R (0:6144) 7181 0 R] /Limits [(0:6138) (0:6144)] >> endobj 8151 0 obj << /Names [(0:6145) 7182 0 R (0:6146) 7183 0 R (0:6148) 7184 0 R (0:6149) 7185 0 R (0:6150) 7186 0 R (0:6151) 7187 0 R] /Limits [(0:6145) (0:6151)] >> endobj 8152 0 obj << /Names [(0:6152) 7188 0 R (0:6154) 7189 0 R (0:6155) 7190 0 R (0:6156) 7191 0 R (0:6157) 7192 0 R (0:6160) 7198 0 R] /Limits [(0:6152) (0:6160)] >> endobj 8153 0 obj << /Names [(0:6161) 7199 0 R (0:6162) 7200 0 R (0:6163) 7201 0 R (0:6164) 7202 0 R (0:6165) 7203 0 R (0:6166) 7204 0 R] /Limits [(0:6161) (0:6166)] >> endobj 8154 0 obj << /Names [(0:6169) 7205 0 R (0:6171) 7206 0 R (0:6172) 7207 0 R (0:6173) 7208 0 R (0:6175) 7209 0 R (0:6176) 7210 0 R] /Limits [(0:6169) (0:6176)] >> endobj 8155 0 obj << /Names [(0:6177) 7211 0 R (0:6179) 7212 0 R (0:6180) 7213 0 R (0:6181) 7214 0 R (0:6183) 7215 0 R (0:6184) 7216 0 R] /Limits [(0:6177) (0:6184)] >> endobj 8156 0 obj << /Names [(0:6185) 7217 0 R (0:6187) 7218 0 R (0:6188) 7219 0 R (0:6189) 7220 0 R (0:6191) 7221 0 R (0:6192) 7222 0 R] /Limits [(0:6185) (0:6192)] >> endobj 8157 0 obj << /Names [(0:6193) 7223 0 R (0:6195) 7224 0 R (0:6196) 7225 0 R (0:6197) 7226 0 R (0:6199) 7227 0 R (0:6200) 7228 0 R] /Limits [(0:6193) (0:6200)] >> endobj 8158 0 obj << /Names [(0:6201) 7229 0 R (0:6202) 7230 0 R (0:6204) 7231 0 R (0:6205) 7232 0 R (0:6206) 7233 0 R (0:6208) 7239 0 R] /Limits [(0:6201) (0:6208)] >> endobj 8159 0 obj << /Names [(0:6209) 7240 0 R (0:6210) 7241 0 R (0:6212) 7234 0 R (0:6213) 7242 0 R (0:6214) 7243 0 R (0:6216) 7244 0 R] /Limits [(0:6209) (0:6216)] >> endobj 8160 0 obj << /Names [(0:6217) 7245 0 R (0:6218) 7246 0 R (0:6220) 7247 0 R (0:6221) 7248 0 R (0:6222) 7249 0 R (0:6224) 7250 0 R] /Limits [(0:6217) (0:6224)] >> endobj 8161 0 obj << /Names [(0:6225) 7251 0 R (0:6226) 7252 0 R (0:6228) 7253 0 R (0:6229) 7254 0 R (0:6230) 7255 0 R (0:6232) 7256 0 R] /Limits [(0:6225) (0:6232)] >> endobj 8162 0 obj << /Names [(0:6233) 7257 0 R (0:6234) 7258 0 R (0:6236) 7259 0 R (0:6237) 7260 0 R (0:6238) 7261 0 R (0:6240) 7262 0 R] /Limits [(0:6233) (0:6240)] >> endobj 8163 0 obj << /Names [(0:6241) 7263 0 R (0:6242) 7264 0 R (0:6244) 7265 0 R (0:6245) 7266 0 R (0:6246) 7267 0 R (0:6248) 7268 0 R] /Limits [(0:6241) (0:6248)] >> endobj 8164 0 obj << /Names [(0:6249) 7269 0 R (0:6250) 7270 0 R (0:6252) 7271 0 R (0:6253) 7272 0 R (0:6254) 7273 0 R (0:6256) 7274 0 R] /Limits [(0:6249) (0:6256)] >> endobj 8165 0 obj << /Names [(0:6257) 7275 0 R (0:6258) 7276 0 R (0:6260) 7277 0 R (0:6261) 7278 0 R (0:6262) 7279 0 R (0:6264) 7280 0 R] /Limits [(0:6257) (0:6264)] >> endobj 8166 0 obj << /Names [(0:6265) 7281 0 R (0:6266) 7282 0 R (0:6268) 7287 0 R (0:6269) 7288 0 R (0:6270) 7289 0 R (0:6273) 7290 0 R] /Limits [(0:6265) (0:6273)] >> endobj 8167 0 obj << /Names [(0:6275) 7291 0 R (0:6276) 7292 0 R (0:6277) 7293 0 R (0:6279) 7294 0 R (0:6280) 7295 0 R (0:6281) 7296 0 R] /Limits [(0:6275) (0:6281)] >> endobj 8168 0 obj << /Names [(0:6283) 7297 0 R (0:6284) 7298 0 R (0:6285) 7299 0 R (0:6287) 7300 0 R (0:6288) 7301 0 R (0:6289) 7302 0 R] /Limits [(0:6283) (0:6289)] >> endobj 8169 0 obj << /Names [(0:6291) 7303 0 R (0:6292) 7304 0 R (0:6293) 7305 0 R (0:6295) 7306 0 R (0:6296) 7307 0 R (0:6297) 7308 0 R] /Limits [(0:6291) (0:6297)] >> endobj 8170 0 obj << /Names [(0:6299) 7309 0 R (0:63) 1384 0 R (0:6300) 7310 0 R (0:6301) 7311 0 R (0:6304) 7312 0 R (0:6306) 7313 0 R] /Limits [(0:6299) (0:6306)] >> endobj 8171 0 obj << /Names [(0:6307) 7314 0 R (0:6308) 7315 0 R (0:6310) 7316 0 R (0:6311) 7317 0 R (0:6312) 7318 0 R (0:6314) 7319 0 R] /Limits [(0:6307) (0:6314)] >> endobj 8172 0 obj << /Names [(0:6315) 7320 0 R (0:6316) 7321 0 R (0:6318) 7322 0 R (0:6319) 7323 0 R (0:6320) 7324 0 R (0:6323) 7329 0 R] /Limits [(0:6315) (0:6323)] >> endobj 8173 0 obj << /Names [(0:6324) 7330 0 R (0:64) 1385 0 R (0:646) 1815 0 R (0:647) 1816 0 R (0:648) 1817 0 R (0:649) 1818 0 R] /Limits [(0:6324) (0:649)] >> endobj 8174 0 obj << /Names [(0:65) 1386 0 R (0:650) 1819 0 R (0:651) 1820 0 R (0:652) 1822 0 R (0:653) 1823 0 R (0:654) 1824 0 R] /Limits [(0:65) (0:654)] >> endobj 8175 0 obj << /Names [(0:655) 1825 0 R (0:656) 1826 0 R (0:657) 1828 0 R (0:658) 1829 0 R (0:659) 1834 0 R (0:66) 1387 0 R] /Limits [(0:655) (0:66)] >> endobj 8176 0 obj << /Names [(0:660) 1835 0 R (0:661) 1836 0 R (0:662) 1837 0 R (0:663) 1838 0 R (0:664) 1839 0 R (0:665) 1840 0 R] /Limits [(0:660) (0:665)] >> endobj 8177 0 obj << /Names [(0:666) 1841 0 R (0:667) 1842 0 R (0:668) 1843 0 R (0:669) 1844 0 R (0:67) 1388 0 R (0:670) 1845 0 R] /Limits [(0:666) (0:670)] >> endobj 8178 0 obj << /Names [(0:671) 1846 0 R (0:672) 1847 0 R (0:673) 1848 0 R (0:674) 1849 0 R (0:675) 1850 0 R (0:676) 1851 0 R] /Limits [(0:671) (0:676)] >> endobj 8179 0 obj << /Names [(0:677) 1852 0 R (0:678) 1853 0 R (0:679) 1854 0 R (0:68) 1389 0 R (0:680) 1855 0 R (0:681) 1856 0 R] /Limits [(0:677) (0:681)] >> endobj 8180 0 obj << /Names [(0:682) 1857 0 R (0:684) 1858 0 R (0:685) 1859 0 R (0:686) 1860 0 R (0:687) 1861 0 R (0:688) 1862 0 R] /Limits [(0:682) (0:688)] >> endobj 8181 0 obj << /Names [(0:689) 1863 0 R (0:69) 1390 0 R (0:690) 1864 0 R (0:691) 1865 0 R (0:692) 1866 0 R (0:693) 1867 0 R] /Limits [(0:689) (0:693)] >> endobj 8182 0 obj << /Names [(0:694) 1868 0 R (0:695) 1869 0 R (0:696) 1870 0 R (0:697) 1871 0 R (0:698) 1872 0 R (0:699) 1873 0 R] /Limits [(0:694) (0:699)] >> endobj 8183 0 obj << /Names [(0:70) 1391 0 R (0:700) 1874 0 R (0:701) 1875 0 R (0:702) 1876 0 R (0:704) 1877 0 R (0:709) 1883 0 R] /Limits [(0:70) (0:709)] >> endobj 8184 0 obj << /Names [(0:71) 1392 0 R (0:710) 1884 0 R (0:711) 1885 0 R (0:712) 1886 0 R (0:713) 1887 0 R (0:714) 1888 0 R] /Limits [(0:71) (0:714)] >> endobj 8185 0 obj << /Names [(0:715) 1889 0 R (0:716) 1890 0 R (0:717) 1891 0 R (0:718) 1892 0 R (0:719) 1893 0 R (0:720) 1894 0 R] /Limits [(0:715) (0:720)] >> endobj 8186 0 obj << /Names [(0:721) 1895 0 R (0:722) 1896 0 R (0:723) 1897 0 R (0:724) 1898 0 R (0:725) 1899 0 R (0:726) 1900 0 R] /Limits [(0:721) (0:726)] >> endobj 8187 0 obj << /Names [(0:727) 1901 0 R (0:728) 1902 0 R (0:729) 1903 0 R (0:732) 1904 0 R (0:733) 1905 0 R (0:734) 1906 0 R] /Limits [(0:727) (0:734)] >> endobj 8188 0 obj << /Names [(0:735) 1907 0 R (0:736) 1908 0 R (0:737) 1909 0 R (0:738) 1910 0 R (0:74) 1393 0 R (0:741) 1911 0 R] /Limits [(0:735) (0:741)] >> endobj 8189 0 obj << /Names [(0:742) 1916 0 R (0:743) 1917 0 R (0:744) 1918 0 R (0:745) 1919 0 R (0:746) 1920 0 R (0:747) 1921 0 R] /Limits [(0:742) (0:747)] >> endobj 8190 0 obj << /Names [(0:748) 1922 0 R (0:749) 1923 0 R (0:75) 1394 0 R (0:750) 1924 0 R (0:751) 1925 0 R (0:752) 1926 0 R] /Limits [(0:748) (0:752)] >> endobj 8191 0 obj << /Names [(0:753) 1927 0 R (0:754) 1928 0 R (0:755) 1929 0 R (0:756) 1930 0 R (0:757) 1931 0 R (0:758) 1932 0 R] /Limits [(0:753) (0:758)] >> endobj 8192 0 obj << /Names [(0:759) 1933 0 R (0:760) 1934 0 R (0:761) 1935 0 R (0:762) 1936 0 R (0:763) 1937 0 R (0:764) 1938 0 R] /Limits [(0:759) (0:764)] >> endobj 8193 0 obj << /Names [(0:765) 1939 0 R (0:766) 1940 0 R (0:767) 1941 0 R (0:768) 1942 0 R (0:769) 1943 0 R (0:77) 1395 0 R] /Limits [(0:765) (0:77)] >> endobj 8194 0 obj << /Names [(0:770) 1944 0 R (0:771) 1945 0 R (0:772) 1946 0 R (0:773) 1947 0 R (0:774) 1948 0 R (0:775) 1949 0 R] /Limits [(0:770) (0:775)] >> endobj 8195 0 obj << /Names [(0:776) 1950 0 R (0:777) 1951 0 R (0:778) 1952 0 R (0:779) 1953 0 R (0:78) 1396 0 R (0:780) 1954 0 R] /Limits [(0:776) (0:780)] >> endobj 8196 0 obj << /Names [(0:781) 1955 0 R (0:782) 1956 0 R (0:783) 1957 0 R (0:784) 1958 0 R (0:785) 1959 0 R (0:786) 1960 0 R] /Limits [(0:781) (0:786)] >> endobj 8197 0 obj << /Names [(0:789) 1961 0 R (0:79) 1397 0 R (0:790) 1962 0 R (0:791) 1968 0 R (0:792) 1969 0 R (0:793) 1970 0 R] /Limits [(0:789) (0:793)] >> endobj 8198 0 obj << /Names [(0:794) 1971 0 R (0:795) 1972 0 R (0:796) 1973 0 R (0:797) 1974 0 R (0:798) 1975 0 R (0:799) 1976 0 R] /Limits [(0:794) (0:799)] >> endobj 8199 0 obj << /Names [(0:80) 1398 0 R (0:800) 1977 0 R (0:801) 1978 0 R (0:802) 1979 0 R (0:803) 1980 0 R (0:804) 1981 0 R] /Limits [(0:80) (0:804)] >> endobj 8200 0 obj << /Names [(0:805) 1982 0 R (0:806) 1983 0 R (0:807) 1984 0 R (0:808) 1985 0 R (0:809) 1986 0 R (0:81) 1399 0 R] /Limits [(0:805) (0:81)] >> endobj 8201 0 obj << /Names [(0:810) 1987 0 R (0:811) 1988 0 R (0:812) 1989 0 R (0:813) 1990 0 R (0:814) 1991 0 R (0:815) 1992 0 R] /Limits [(0:810) (0:815)] >> endobj 8202 0 obj << /Names [(0:816) 1993 0 R (0:817) 1994 0 R (0:818) 1995 0 R (0:819) 1996 0 R (0:82) 1400 0 R (0:820) 1997 0 R] /Limits [(0:816) (0:820)] >> endobj 8203 0 obj << /Names [(0:822) 1998 0 R (0:823) 1999 0 R (0:824) 2000 0 R (0:827) 2001 0 R (0:828) 2002 0 R (0:829) 2003 0 R] /Limits [(0:822) (0:829)] >> endobj 8204 0 obj << /Names [(0:830) 2004 0 R (0:833) 2005 0 R (0:834) 2006 0 R (0:835) 2007 0 R (0:836) 2008 0 R (0:837) 2009 0 R] /Limits [(0:830) (0:837)] >> endobj 8205 0 obj << /Names [(0:838) 2010 0 R (0:839) 2017 0 R (0:84) 1401 0 R (0:840) 2018 0 R (0:843) 2019 0 R (0:844) 2020 0 R] /Limits [(0:838) (0:844)] >> endobj 8206 0 obj << /Names [(0:846) 2021 0 R (0:847) 2022 0 R (0:848) 2031 0 R (0:849) 2032 0 R (0:85) 1402 0 R (0:850) 2033 0 R] /Limits [(0:846) (0:850)] >> endobj 8207 0 obj << /Names [(0:851) 2034 0 R (0:852) 2035 0 R (0:853) 2036 0 R (0:854) 2037 0 R (0:855) 2038 0 R (0:856) 2039 0 R] /Limits [(0:851) (0:856)] >> endobj 8208 0 obj << /Names [(0:857) 2040 0 R (0:858) 2041 0 R (0:859) 2042 0 R (0:86) 1403 0 R (0:860) 2043 0 R (0:861) 2044 0 R] /Limits [(0:857) (0:861)] >> endobj 8209 0 obj << /Names [(0:862) 2045 0 R (0:863) 2046 0 R (0:864) 2047 0 R (0:865) 2048 0 R (0:868) 2049 0 R (0:869) 2050 0 R] /Limits [(0:862) (0:869)] >> endobj 8210 0 obj << /Names [(0:87) 1404 0 R (0:871) 2051 0 R (0:872) 2052 0 R (0:875) 2053 0 R (0:877) 2054 0 R (0:878) 2055 0 R] /Limits [(0:87) (0:878)] >> endobj 8211 0 obj << /Names [(0:879) 2062 0 R (0:88) 1405 0 R (0:881) 2063 0 R (0:882) 2064 0 R (0:885) 2065 0 R (0:886) 2066 0 R] /Limits [(0:879) (0:886)] >> endobj 8212 0 obj << /Names [(0:887) 2067 0 R (0:888) 2068 0 R (0:889) 2069 0 R (0:89) 1406 0 R (0:890) 2070 0 R (0:891) 2071 0 R] /Limits [(0:887) (0:891)] >> endobj 8213 0 obj << /Names [(0:893) 2072 0 R (0:894) 2073 0 R (0:895) 2074 0 R (0:897) 2075 0 R (0:898) 2076 0 R (0:899) 2077 0 R] /Limits [(0:893) (0:899)] >> endobj 8214 0 obj << /Names [(0:90) 1407 0 R (0:901) 2078 0 R (0:902) 2079 0 R (0:903) 2080 0 R (0:905) 2081 0 R (0:906) 2082 0 R] /Limits [(0:90) (0:906)] >> endobj 8215 0 obj << /Names [(0:907) 2083 0 R (0:908) 2090 0 R (0:909) 2091 0 R (0:91) 1408 0 R (0:910) 2061 0 R (0:914) 2092 0 R] /Limits [(0:907) (0:914)] >> endobj 8216 0 obj << /Names [(0:915) 2093 0 R (0:916) 2094 0 R (0:917) 2095 0 R (0:918) 2096 0 R (0:919) 2097 0 R (0:920) 2098 0 R] /Limits [(0:915) (0:920)] >> endobj 8217 0 obj << /Names [(0:921) 2099 0 R (0:922) 2100 0 R (0:923) 2101 0 R (0:924) 2102 0 R (0:925) 2103 0 R (0:926) 2104 0 R] /Limits [(0:921) (0:926)] >> endobj 8218 0 obj << /Names [(0:927) 2105 0 R (0:928) 2106 0 R (0:929) 2107 0 R (0:93) 1409 0 R (0:930) 2108 0 R (0:931) 2109 0 R] /Limits [(0:927) (0:931)] >> endobj 8219 0 obj << /Names [(0:932) 2110 0 R (0:933) 2111 0 R (0:934) 2112 0 R (0:935) 2113 0 R (0:936) 2114 0 R (0:937) 2115 0 R] /Limits [(0:932) (0:937)] >> endobj 8220 0 obj << /Names [(0:938) 2116 0 R (0:939) 2117 0 R (0:94) 1410 0 R (0:940) 2118 0 R (0:941) 2119 0 R (0:942) 2120 0 R] /Limits [(0:938) (0:942)] >> endobj 8221 0 obj << /Names [(0:943) 2121 0 R (0:944) 2122 0 R (0:945) 2123 0 R (0:946) 2124 0 R (0:947) 2125 0 R (0:948) 2126 0 R] /Limits [(0:943) (0:948)] >> endobj 8222 0 obj << /Names [(0:949) 2127 0 R (0:95) 1411 0 R (0:950) 2132 0 R (0:951) 2133 0 R (0:952) 2134 0 R (0:953) 2135 0 R] /Limits [(0:949) (0:953)] >> endobj 8223 0 obj << /Names [(0:954) 2136 0 R (0:955) 2089 0 R (0:957) 2137 0 R (0:958) 2138 0 R (0:959) 2139 0 R (0:96) 1412 0 R] /Limits [(0:954) (0:96)] >> endobj 8224 0 obj << /Names [(0:960) 2140 0 R (0:961) 2141 0 R (0:962) 2142 0 R (0:963) 2143 0 R (0:964) 2144 0 R (0:966) 2145 0 R] /Limits [(0:960) (0:966)] >> endobj 8225 0 obj << /Names [(0:967) 2146 0 R (0:968) 2147 0 R (0:969) 2148 0 R (0:970) 2149 0 R (0:971) 2150 0 R (0:972) 2151 0 R] /Limits [(0:967) (0:972)] >> endobj 8226 0 obj << /Names [(0:973) 2152 0 R (0:974) 2153 0 R (0:975) 2154 0 R (0:976) 2155 0 R (0:977) 2156 0 R (0:978) 2157 0 R] /Limits [(0:973) (0:978)] >> endobj 8227 0 obj << /Names [(0:979) 2158 0 R (0:98) 1413 0 R (0:982) 2164 0 R (0:983) 2165 0 R (0:984) 2166 0 R (0:985) 2167 0 R] /Limits [(0:979) (0:985)] >> endobj 8228 0 obj << /Names [(0:989) 2168 0 R (0:99) 1414 0 R (0:990) 2169 0 R (0:991) 2170 0 R (0:992) 2171 0 R (0:993) 2172 0 R] /Limits [(0:989) (0:993)] >> endobj 8229 0 obj << /Names [(0:994) 2173 0 R (0:997) 2175 0 R (0:998) 2176 0 R (0:999) 2177 0 R (0:ACLCHECK) 3303 0 R (0:ALL-EXCEPT) 1080 0 R] /Limits [(0:994) (0:ALL-EXCEPT)] >> endobj 8230 0 obj << /Names [(0:ATTACKBYSERVER) 5793 0 R (0:AUTH-CRED) 4753 0 R (0:BASCLT) 1076 0 R (0:BASIC-CONFIGURATION) 1062 0 R (0:CALLING-EXTERNAL-PROGRAMS) 1211 0 R (0:CHANGE-CODES) 3318 0 R] /Limits [(0:ATTACKBYSERVER) (0:CHANGE-CODES)] >> endobj 8231 0 obj << /Names [(0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) 1312 0 R (0:CHECKING-FOR-SUID-FILES) 1313 0 R (0:CHECKING-MOUNTS) 1314 0 R (0:CHECKING-PORTS) 1317 0 R (0:CHECKING-PROCESSES) 1316 0 R (0:CHECKING-USERFILES) 1315 0 R] /Limits [(0:CHECKING-FOR-KERNEL-MODULE-ROOTKITS) (0:CHECKING-USERFILES)] >> endobj 8232 0 obj << /Names [(0:CHROOT) 1202 0 R (0:CLASSES) 2211 0 R (0:CLIENT-INTEGRITY) 1293 0 R (0:CLIENT-SERVER-CONNECTIVITY) 1300 0 R (0:CLIENTS) 1196 0 R (0:COMMAND-LINE) 1302 0 R] /Limits [(0:CHROOT) (0:COMMAND-LINE)] >> endobj 8233 0 obj << /Names [(0:COMMAND-LINE-GENERAL) 1303 0 R (0:COMMAND-LINE-YULE) 1305 0 R (0:COMPILATION-CHECKS) 1298 0 R (0:COMPILATION-OPTIONS) 1296 0 R (0:COMPILATION-OPTIONS-GENERAL) 1297 0 R (0:CONDITIONALS) 6368 0 R] /Limits [(0:COMMAND-LINE-GENERAL) (0:CONDITIONALS)] >> endobj 8234 0 obj << /Names [(0:CONFIGFACILITY) 1064 0 R (0:CONFIGFILE) 1307 0 R (0:CONFIGFILE-CLIENTS) 1322 0 R (0:CONFIGURATION-EMAIL) 1066 0 R (0:CONFIGURATION-EXTERNAL) 1069 0 R (0:CONFIGURATION-FILE-DOWNLOAD) 4496 0 R] /Limits [(0:CONFIGFACILITY) (0:CONFIGURATION-FILE-DOWNLOAD)] >> endobj 8235 0 obj << /Names [(0:CONFIGURATION-LOGSERVER) 1068 0 R (0:CONSOLEDETAILS) 1070 0 R (0:CONTROLLING-THE-DAEMON) 1053 0 R (0:CUSTOMFTYPE) 3441 0 R (0:CUSTOMRPM) 5686 0 R (0:DAEMONTOOL) 1052 0 R] /Limits [(0:CONFIGURATION-LOGSERVER) (0:DAEMONTOOL)] >> endobj 8236 0 obj << /Names [(0:DATABASE) 1319 0 R (0:DATABASE-CONFIGURATION-FILE-DOWNLOAD) 1198 0 R (0:DATABASE-FIELDS) 1323 0 R (0:DATABASE-FILE-DOWNLOAD) 4526 0 R (0:DATABASEFILE) 1179 0 R (0:DB-UPGRADE) 2840 0 R] /Limits [(0:DATABASE) (0:DB-UPGRADE)] >> endobj 8237 0 obj << /Names [(0:DB-UPGRADE2) 2850 0 R (0:DEB) 5742 0 R (0:DEFTRUST) 1497 0 R (0:DEPLOY-BUILD) 5518 0 R (0:DEPLOY-BUILD-OPT) 5531 0 R (0:DEPLOY-CHECKSRC) 5512 0 R] /Limits [(0:DB-UPGRADE2) (0:DEPLOY-CHECKSRC)] >> endobj 8238 0 obj << /Names [(0:DEPLOY-CHECKSRC-OPT) 5515 0 R (0:DEPLOY-CLEAN) 5490 0 R (0:DEPLOY-CLEAN-OPT) 5494 0 R (0:DEPLOY-CUSTOMIZE) 5380 0 R (0:DEPLOY-DOWNLOAD) 5496 0 R (0:DEPLOY-DOWNLOAD-OPT) 5505 0 R] /Limits [(0:DEPLOY-CHECKSRC-OPT) (0:DEPLOY-DOWNLOAD-OPT)] >> endobj 8239 0 obj << /Names [(0:DEPLOY-INFO) 5485 0 R (0:DEPLOY-INFO-OPT) 5487 0 R (0:DEPLOY-INSTALL) 5559 0 R (0:DEPLOY-INSTALL-OPT) 5585 0 R (0:DEPLOY-LAYOUT) 5283 0 R (0:DEPLOY-LAYOUT-ARCHPKG) 5371 0 R] /Limits [(0:DEPLOY-INFO) (0:DEPLOY-LAYOUT-ARCHPKG)] >> endobj 8240 0 obj << /Names [(0:DEPLOY-LAYOUT-CONFIGS) 5338 0 R (0:DEPLOY-MISC) 5645 0 R (0:DEPLOY-REQ) 5282 0 R (0:DEPLOY-SCRIPT) 5410 0 R (0:DEPLOY-SH-GENERAL) 5470 0 R (0:DEPLOY-UNINSTALL) 5636 0 R] /Limits [(0:DEPLOY-LAYOUT-CONFIGS) (0:DEPLOY-UNINSTALL)] >> endobj 8241 0 obj << /Names [(0:DEPLOY-UNINSTALL-OPT) 5639 0 R (0:DEPLOY.SH) 1218 0 R (0:DEPLOYMENT) 1217 0 R (0:DESIGN) 1295 0 R (0:DNMALLOC) 1060 0 R (0:DROPROOT) 1195 0 R] /Limits [(0:DEPLOY-UNINSTALL-OPT) (0:DROPROOT)] >> endobj 8242 0 obj << /Names [(0:DYNUP) 2023 0 R (0:EHEAD-CUSOM) 2229 0 R (0:EMAILDETAILS) 2498 0 R (0:ENABLING-LOGGING-TO-THE-SERVER) 1197 0 R (0:EXPANSION) 6344 0 R (0:EXTERN) 1208 0 R] /Limits [(0:DYNUP) (0:EXTERN)] >> endobj 8243 0 obj << /Names [(0:EXTERNAL) 1321 0 R (0:FILE-CONTENT-STORE) 1191 0 R (0:FILE-MONITOR) 1075 0 R (0:FILE-SIGNATURES) 1078 0 R (0:FILE-SPECIFICATION) 3080 0 R (0:FILEDEF) 1079 0 R] /Limits [(0:EXTERNAL) (0:FILEDEF)] >> endobj 8244 0 obj << /Names [(0:FILES-TO-CHECK) 1308 0 R (0:FILETYPES-DEFINED) 1327 0 R (0:FINOTIFY) 1192 0 R (0:FULLSTORE) 3327 0 R (0:GCM) 1200 0 R (0:GEN-DB-FIELDS) 1324 0 R] /Limits [(0:FILES-TO-CHECK) (0:GEN-DB-FIELDS)] >> endobj 8245 0 obj << /Names [(0:GENERAL) 1194 0 R (0:HARDLINKCHECK) 3227 0 R (0:HASH-FUNCTION) 1077 0 R (0:HIDING-THE-EXECUTABLE) 1215 0 R (0:HLOFFSETS) 3236 0 R (0:HOW-TO-INVOKE) 1051 0 R] /Limits [(0:GENERAL) (0:HOW-TO-INVOKE)] >> endobj 8246 0 obj << /Names [(0:HPUX) 5708 0 R (0:IMPROVING-THE-SIGNAL-TO-NOISE-RATIO) 1058 0 R (0:INDEX) 931 0 R (0:INITIALIZING-UPDATING-CHECKING) 1178 0 R (0:INSTALLATION) 1038 0 R (0:INSTALLATION-BUILD) 1043 0 R] /Limits [(0:HPUX) (0:INSTALLATION-BUILD)] >> endobj 8247 0 obj << /Names [(0:INSTALLATION-CONFIGURE) 1042 0 R (0:INSTALLATION-CUSTOMIZE) 1045 0 R (0:INSTALLATION-DOWNLOAD) 1041 0 R (0:INSTALLATION-FILES) 1802 0 R (0:INSTALLATION-INITIALIZE) 1046 0 R (0:INSTALLATION-INSTALL) 1044 0 R] /Limits [(0:INSTALLATION-CONFIGURE) (0:INSTALLATION-INSTALL)] >> endobj 8248 0 obj << /Names [(0:INSTALLATION-OVERVIEW) 1039 0 R (0:INSTALLATION-REQUIREMENTS) 1040 0 R (0:INSTALLATION-RUNNING) 1047 0 R (0:INSTALLED-CLIENT) 1803 0 R (0:INSTALLED-SERVER) 1807 0 R (0:INTRO) 1037 0 R] /Limits [(0:INSTALLATION-OVERVIEW) (0:INTRO)] >> endobj 8249 0 obj << /Names [(0:KERNELDEF) 1181 0 R (0:KERNELDEF-CONFIG) 3668 0 R (0:KERNELDEF-ERRORS) 3719 0 R (0:KERNELDEF-HOW) 3691 0 R (0:KERNELDEF-WHAT) 3679 0 R (0:KEYPAD) 1292 0 R] /Limits [(0:KERNELDEF) (0:KEYPAD)] >> endobj 8250 0 obj << /Names [(0:KHIDE) 5157 0 R (0:LAYOUT) 1048 0 R (0:LAYOUT-DETAILS) 1740 0 R (0:LIBWRAP) 1203 0 R (0:LOG-FILE-ROTATION) 1056 0 R (0:LOGDEF) 1063 0 R] /Limits [(0:KHIDE) (0:LOGDEF)] >> endobj 8251 0 obj << /Names [(0:LOGFILE) 2011 0 R (0:LOGGING-THRESHOLDS) 1310 0 R (0:LOGMON) 1187 0 R (0:LOGMON-CHECK) 1318 0 R (0:LOGROTATION) 3463 0 R (0:LOGSERVERDETAILS) 2619 0 R] /Limits [(0:LOGFILE) (0:LOGSERVERDETAILS)] >> endobj 8252 0 obj << /Names [(0:LOOSEDIRCHECK) 3321 0 R (0:MISCELLANEOUS) 1320 0 R (0:MOD-DB-FIELDS) 1325 0 R (0:MODULES) 1189 0 R (0:MONDEF) 1182 0 R (0:MOUNTCHECK) 1183 0 R] /Limits [(0:LOOSEDIRCHECK) (0:MOUNTCHECK)] >> endobj 8253 0 obj << /Names [(0:MYSQL-CFG) 2859 0 R (0:NAGIOS) 1072 0 R (0:NATIVE-PACKAGES) 1219 0 R (0:OBSCURE) 3249 0 R (0:OPENPGP-SIGNATURES) 1299 0 R (0:OPTIONS-CONFIGURATION-FILE) 1059 0 R] /Limits [(0:MYSQL-CFG) (0:OPTIONS-CONFIGURATION-FILE)] >> endobj 8254 0 obj << /Names [(0:PACKING-THE-EXECUTABLE) 1216 0 R (0:PAGING) 4944 0 R (0:PATHS) 1301 0 R (0:PERFORMANCE-TUNING) 1190 0 R (0:PERFORMANCE-TUNING-SERVER) 1207 0 R (0:PID-FILE) 1055 0 R] /Limits [(0:PACKING-THE-EXECUTABLE) (0:PID-FILE)] >> endobj 8255 0 obj << /Names [(0:PIPES) 1209 0 R (0:POLICY) 2056 0 R (0:POLRULES) 3108 0 R (0:PORTCHECK) 1186 0 R (0:PRELINK) 3083 0 R (0:PRELUDE9) 2709 0 R] /Limits [(0:PIPES) (0:PRELUDE9)] >> endobj 8256 0 obj << /Names [(0:PRELUDECL) 2690 0 R (0:PRELUDEDETAILS) 1071 0 R (0:PROCESSCHECK) 1185 0 R (0:RECDEP) 3101 0 R (0:RPM) 5681 0 R (0:RUNTIME-CLIENT) 1792 0 R] /Limits [(0:PRELUDECL) (0:RUNTIME-CLIENT)] >> endobj 8257 0 obj << /Names [(0:RUNTIME-FILES) 1791 0 R (0:RUNTIME-SERVER) 1796 0 R (0:SAMHAIN-COMMAND-LINE) 1304 0 R (0:SAMHAINADMIN) 1213 0 R (0:SECOND-SCHEDULE) 3500 0 R (0:SECURITY-DESIGN) 1290 0 R] /Limits [(0:RUNTIME-FILES) (0:SECURITY-DESIGN)] >> endobj 8258 0 obj << /Names [(0:SECURITY-USAGE) 1291 0 R (0:SEND-COMMANDS) 1204 0 R (0:SERVER-LOGGING) 1199 0 R (0:SERVER-SECURITY) 1294 0 R (0:SERVER-STATUS-INFORMATION) 1201 0 R (0:SERVER-TO-SERVER) 1206 0 R] /Limits [(0:SECURITY-USAGE) (0:SERVER-TO-SERVER)] >> endobj 8259 0 obj << /Names [(0:SEVERITY-OF-EVENTS) 1309 0 R (0:SEVERITYDEF) 2174 0 R (0:SIGNALS) 1054 0 R (0:SIGNED-FILES) 1212 0 R (0:SKIPCHECKSUM) 3396 0 R (0:SOL) 5715 0 R] /Limits [(0:SEVERITY-OF-EVENTS) (0:SOL)] >> endobj 8260 0 obj << /Names [(0:SQLDETAILS) 1074 0 R (0:STEALTHMODE) 1214 0 R (0:SUIDCHK) 1180 0 R (0:SUIDCHK-CONFIG) 3614 0 R (0:SUIDCHK-QUARANTINE) 3586 0 R (0:SUPPLY-COMMANDS) 4739 0 R] /Limits [(0:SQLDETAILS) (0:SUPPLY-COMMANDS)] >> endobj 8261 0 obj << /Names [(0:SUPPORT) 1061 0 R (0:SUPPRESS) 3160 0 R (0:SYS-DB-FIELDS) 1326 0 R (0:SYSLOGDETAILS) 1073 0 R (0:SYSTEM-V-MESSAGE-QUEUE) 1210 0 R (0:TARGETS) 1615 0 R] /Limits [(0:SUPPORT) (0:TARGETS)] >> endobj 8262 0 obj << /Names [(0:TBZ2) 5726 0 R (0:TESTSUITE) 1049 0 R (0:THE-CONFIGURATION-FILE) 1306 0 R (0:THRESHOLDS) 1065 0 R (0:TIMING-FILE-CHECKS) 1081 0 R (0:TRUSTEDEXAMPLE) 1067 0 R] /Limits [(0:TBZ2) (0:TRUSTEDEXAMPLE)] >> endobj 8263 0 obj << /Names [(0:UDP) 1205 0 R (0:UPDATING-THE-FILE-SIGNATURE-DATABASE) 1057 0 R (0:USAGE) 1050 0 R (0:USERCHECK) 1184 0 R (0:VANILLARPM) 5698 0 R (0:WATCHING-LOGIN-LOGOUT-EVENTS) 1311 0 R] /Limits [(0:UDP) (0:WATCHING-LOGIN-LOGOUT-EVENTS)] >> endobj 8264 0 obj << /Names [(0:WHODIDIT) 3329 0 R (0:WINREG) 1188 0 R (0:YULE) 1193 0 R (1.0) 2 0 R (10.0) 594 0 R (10.73.1) 598 0 R] /Limits [(0:WHODIDIT) (10.73.1)] >> endobj 8265 0 obj << /Names [(11.0) 602 0 R (11.74.1) 606 0 R (11.74.59.2) 610 0 R (11.75.1) 614 0 R (12.0) 618 0 R (12.76.1) 622 0 R] /Limits [(11.0) (12.76.1)] >> endobj 8266 0 obj << /Names [(12.76.60.2) 626 0 R (12.76.61.10.3) 634 0 R (12.76.61.11.3) 638 0 R (12.76.61.2) 630 0 R (12.76.62.12.3) 646 0 R (12.76.62.13.3) 650 0 R] /Limits [(12.76.60.2) (12.76.62.13.3)] >> endobj 8267 0 obj << /Names [(12.76.62.14.3) 654 0 R (12.76.62.15.3) 658 0 R (12.76.62.2) 642 0 R (12.76.63.16.3) 666 0 R (12.76.63.2) 662 0 R (12.76.64.17.3) 674 0 R] /Limits [(12.76.62.14.3) (12.76.64.17.3)] >> endobj 8268 0 obj << /Names [(12.76.64.2) 670 0 R (12.76.65.18.3) 682 0 R (12.76.65.2) 678 0 R (12.76.66.19.3) 690 0 R (12.76.66.2) 686 0 R (12.76.67.2) 694 0 R] /Limits [(12.76.64.2) (12.76.67.2)] >> endobj 8269 0 obj << /Names [(12.76.67.20.3) 698 0 R (12.76.68.2) 702 0 R (12.76.68.21.3) 706 0 R (12.76.69.2) 710 0 R (12.76.69.22.3) 714 0 R (12.76.70.2) 718 0 R] /Limits [(12.76.67.20.3) (12.76.70.2)] >> endobj 8270 0 obj << /Names [(12.76.70.23.3) 722 0 R (12.76.71.2) 726 0 R (12.77.1) 730 0 R (12.77.72.2) 734 0 R (12.77.72.24.3) 738 0 R (12.77.72.25.3) 742 0 R] /Limits [(12.76.70.23.3) (12.77.72.25.3)] >> endobj 8271 0 obj << /Names [(12.77.73.2) 746 0 R (12.77.74.2) 750 0 R (12.77.75.2) 754 0 R (12.77.76.2) 758 0 R (13.0) 762 0 R (13.78.1) 766 0 R] /Limits [(12.77.73.2) (13.78.1)] >> endobj 8272 0 obj << /Names [(13.78.77.2) 770 0 R (13.79.1) 774 0 R (13.80.1) 778 0 R (13.81.1) 782 0 R (13.82.1) 786 0 R (14.0) 790 0 R] /Limits [(13.78.77.2) (14.0)] >> endobj 8273 0 obj << /Names [(14.83.1) 794 0 R (14.84.1) 798 0 R (14.85.1) 802 0 R (14.86.1) 806 0 R (14.87.1) 810 0 R (15.0) 814 0 R] /Limits [(14.83.1) (15.0)] >> endobj 8274 0 obj << /Names [(15.88.1) 818 0 R (15.89.1) 822 0 R (15.90.1) 826 0 R (16.0) 830 0 R (16.100.1) 878 0 R (16.101.1) 882 0 R] /Limits [(15.88.1) (16.101.1)] >> endobj 8275 0 obj << /Names [(16.102.1) 886 0 R (16.103.1) 890 0 R (16.104.1) 894 0 R (16.105.1) 898 0 R (16.106.1) 902 0 R (16.91.1) 834 0 R] /Limits [(16.102.1) (16.91.1)] >> endobj 8276 0 obj << /Names [(16.91.78.2) 838 0 R (16.91.79.2) 842 0 R (16.92.1) 846 0 R (16.93.1) 850 0 R (16.94.1) 854 0 R (16.95.1) 858 0 R] /Limits [(16.91.78.2) (16.95.1)] >> endobj 8277 0 obj << /Names [(16.96.1) 862 0 R (16.97.1) 866 0 R (16.98.1) 870 0 R (16.99.1) 874 0 R (17.0) 906 0 R (17.107.1) 910 0 R] /Limits [(16.96.1) (17.107.1)] >> endobj 8278 0 obj << /Names [(17.108.1) 914 0 R (17.109.1) 918 0 R (18.0) 922 0 R (2.0) 6 0 R (3.0) 10 0 R (4.0) 14 0 R] /Limits [(17.108.1) (4.0)] >> endobj 8279 0 obj << /Names [(4.1.1) 18 0 R (4.10.1) 62 0 R (4.10.3.2) 66 0 R (4.10.4.2) 70 0 R (4.10.5.1.3) 78 0 R (4.10.5.2) 74 0 R] /Limits [(4.1.1) (4.10.5.2)] >> endobj 8280 0 obj << /Names [(4.10.5.2.3) 82 0 R (4.10.6.2) 86 0 R (4.10.6.3.3) 90 0 R (4.10.6.4.3) 94 0 R (4.11.1) 98 0 R (4.2.1) 22 0 R] /Limits [(4.10.5.2.3) (4.2.1)] >> endobj 8281 0 obj << /Names [(4.3.1) 26 0 R (4.4.1) 30 0 R (4.4.1.2) 34 0 R (4.5.1) 38 0 R (4.6.1) 42 0 R (4.6.2.2) 46 0 R] /Limits [(4.3.1) (4.6.2.2)] >> endobj 8282 0 obj << /Names [(4.7.1) 50 0 R (4.8.1) 54 0 R (4.9.1) 58 0 R (5.0) 102 0 R (5.12.1) 106 0 R (5.13.1) 110 0 R] /Limits [(4.7.1) (5.13.1)] >> endobj 8283 0 obj << /Names [(5.14.1) 114 0 R (5.15.1) 118 0 R (5.16.1) 122 0 R (5.17.1) 126 0 R (5.18.1) 130 0 R (5.19.1) 134 0 R] /Limits [(5.14.1) (5.19.1)] >> endobj 8284 0 obj << /Names [(5.20.1) 138 0 R (5.21.1) 142 0 R (5.22.1) 146 0 R (5.22.7.2) 150 0 R (6.0) 154 0 R (6.23.1) 158 0 R] /Limits [(5.20.1) (6.23.1)] >> endobj 8285 0 obj << /Names [(6.23.10.2) 170 0 R (6.23.8.2) 162 0 R (6.23.9.2) 166 0 R (6.24.1) 174 0 R (6.25.1) 178 0 R (6.26.1) 182 0 R] /Limits [(6.23.10.2) (6.26.1)] >> endobj 8286 0 obj << /Names [(6.26.11.2) 186 0 R (6.27.1) 190 0 R (6.27.12.2) 194 0 R (6.28.1) 198 0 R (6.28.13.2) 202 0 R (6.29.1) 206 0 R] /Limits [(6.26.11.2) (6.29.1)] >> endobj 8287 0 obj << /Names [(6.30.1) 210 0 R (6.31.1) 214 0 R (6.31.14.2) 218 0 R (6.31.15.2) 222 0 R (6.32.1) 226 0 R (6.33.1) 230 0 R] /Limits [(6.30.1) (6.33.1)] >> endobj 8288 0 obj << /Names [(6.34.1) 234 0 R (6.34.16.2) 238 0 R (6.34.17.2) 242 0 R (6.34.18.2) 246 0 R (7.0) 250 0 R (7.35.1) 254 0 R] /Limits [(6.34.1) (7.35.1)] >> endobj 8289 0 obj << /Names [(7.36.1) 258 0 R (7.37.1) 262 0 R (7.38.1) 266 0 R (7.38.19.2) 270 0 R (7.38.20.2) 274 0 R (7.38.20.5.3) 278 0 R] /Limits [(7.36.1) (7.38.20.5.3)] >> endobj 8290 0 obj << /Names [(7.38.21.2) 282 0 R (7.38.22.2) 286 0 R (7.38.23.2) 290 0 R (7.38.24.2) 294 0 R (7.38.24.6.3) 298 0 R (7.38.25.2) 302 0 R] /Limits [(7.38.21.2) (7.38.25.2)] >> endobj 8291 0 obj << /Names [(7.38.26.2) 306 0 R (7.38.27.2) 310 0 R (7.38.28.2) 314 0 R (7.38.29.2) 318 0 R (7.38.30.2) 322 0 R (7.38.31.2) 326 0 R] /Limits [(7.38.26.2) (7.38.31.2)] >> endobj 8292 0 obj << /Names [(7.38.32.2) 330 0 R (7.38.32.7.3) 334 0 R (7.38.33.2) 338 0 R (7.39.1) 342 0 R (7.40.1) 346 0 R (7.40.34.2) 350 0 R] /Limits [(7.38.32.2) (7.40.34.2)] >> endobj 8293 0 obj << /Names [(7.41.1) 354 0 R (7.42.1) 358 0 R (7.43.1) 362 0 R (7.43.35.2) 366 0 R (7.43.36.2) 370 0 R (7.44.1) 374 0 R] /Limits [(7.41.1) (7.44.1)] >> endobj 8294 0 obj << /Names [(7.44.37.2) 378 0 R (7.44.38.2) 382 0 R (7.44.39.2) 386 0 R (7.44.40.2) 390 0 R (7.45.1) 394 0 R (7.46.1) 398 0 R] /Limits [(7.44.37.2) (7.46.1)] >> endobj 8295 0 obj << /Names [(7.47.1) 402 0 R (7.48.1) 406 0 R (7.48.41.2) 410 0 R (7.49.1) 414 0 R (7.49.42.2) 418 0 R (7.49.43.2) 422 0 R] /Limits [(7.47.1) (7.49.43.2)] >> endobj 8296 0 obj << /Names [(7.50.1) 426 0 R (7.50.44.2) 430 0 R (7.50.44.8.3) 434 0 R (7.50.44.9.3) 438 0 R (7.50.45.2) 442 0 R (7.50.46.2) 446 0 R] /Limits [(7.50.1) (7.50.46.2)] >> endobj 8297 0 obj << /Names [(7.50.47.2) 450 0 R (7.50.48.2) 454 0 R (7.51.1) 458 0 R (7.51.49.2) 462 0 R (7.51.50.2) 466 0 R (7.52.1) 470 0 R] /Limits [(7.50.47.2) (7.52.1)] >> endobj 8298 0 obj << /Names [(7.53.1) 474 0 R (7.54.1) 478 0 R (7.54.51.2) 482 0 R (7.54.52.2) 486 0 R (7.55.1) 490 0 R (7.55.53.2) 494 0 R] /Limits [(7.53.1) (7.55.53.2)] >> endobj 8299 0 obj << /Names [(8.0) 498 0 R (8.56.1) 502 0 R (8.57.1) 506 0 R (8.58.1) 510 0 R (8.59.1) 514 0 R (8.60.1) 518 0 R] /Limits [(8.0) (8.60.1)] >> endobj 8300 0 obj << /Names [(8.60.54.2) 522 0 R (8.60.55.2) 526 0 R (8.61.1) 530 0 R (8.62.1) 534 0 R (8.63.1) 538 0 R (8.64.1) 542 0 R] /Limits [(8.60.54.2) (8.64.1)] >> endobj 8301 0 obj << /Names [(8.65.1) 546 0 R (8.66.1) 550 0 R (8.66.56.2) 554 0 R (8.66.57.2) 558 0 R (8.67.1) 562 0 R (8.68.1) 566 0 R] /Limits [(8.65.1) (8.68.1)] >> endobj 8302 0 obj << /Names [(8.69.1) 570 0 R (9.0) 574 0 R (9.70.1) 578 0 R (9.71.1) 582 0 R (9.72.1) 586 0 R (9.72.58.2) 590 0 R] /Limits [(8.69.1) (9.72.58.2)] >> endobj 8303 0 obj << /Names [(Doc-Start) 930 0 R (page.1) 929 0 R (page.10) 1696 0 R (page.100) 4547 0 R (page.101) 4579 0 R (page.102) 4621 0 R] /Limits [(Doc-Start) (page.102)] >> endobj 8304 0 obj << /Names [(page.103) 4652 0 R (page.104) 4708 0 R (page.105) 4744 0 R (page.106) 4774 0 R (page.107) 4808 0 R (page.108) 4837 0 R] /Limits [(page.103) (page.108)] >> endobj 8305 0 obj << /Names [(page.109) 4865 0 R (page.11) 1734 0 R (page.110) 4917 0 R (page.111) 4952 0 R (page.112) 4960 0 R (page.113) 5007 0 R] /Limits [(page.109) (page.113)] >> endobj 8306 0 obj << /Names [(page.114) 5045 0 R (page.115) 5084 0 R (page.116) 5088 0 R (page.117) 5132 0 R (page.118) 5172 0 R (page.119) 5215 0 R] /Limits [(page.114) (page.119)] >> endobj 8307 0 obj << /Names [(page.12) 1788 0 R (page.120) 5241 0 R (page.121) 5256 0 R (page.122) 5287 0 R (page.123) 5335 0 R (page.124) 5355 0 R] /Limits [(page.12) (page.124)] >> endobj 8308 0 obj << /Names [(page.125) 5389 0 R (page.126) 5427 0 R (page.127) 5480 0 R (page.128) 5509 0 R (page.129) 5538 0 R (page.13) 1811 0 R] /Limits [(page.125) (page.13)] >> endobj 8309 0 obj << /Names [(page.130) 5572 0 R (page.131) 5607 0 R (page.132) 5651 0 R (page.133) 5685 0 R (page.134) 5721 0 R (page.135) 5763 0 R] /Limits [(page.130) (page.135)] >> endobj 8310 0 obj << /Names [(page.136) 5801 0 R (page.137) 5827 0 R (page.138) 5845 0 R (page.139) 5864 0 R (page.14) 1833 0 R (page.140) 5870 0 R] /Limits [(page.136) (page.140)] >> endobj 8311 0 obj << /Names [(page.141) 5911 0 R (page.142) 5954 0 R (page.143) 5991 0 R (page.144) 6024 0 R (page.145) 6067 0 R (page.146) 6111 0 R] /Limits [(page.141) (page.146)] >> endobj 8312 0 obj << /Names [(page.147) 6135 0 R (page.148) 6214 0 R (page.149) 6296 0 R (page.15) 1882 0 R (page.150) 6313 0 R (page.151) 6338 0 R] /Limits [(page.147) (page.151)] >> endobj 8313 0 obj << /Names [(page.152) 6367 0 R (page.153) 6420 0 R (page.154) 6452 0 R (page.155) 6505 0 R (page.156) 6549 0 R (page.157) 6594 0 R] /Limits [(page.152) (page.157)] >> endobj 8314 0 obj << /Names [(page.158) 6632 0 R (page.159) 6670 0 R (page.16) 1915 0 R (page.160) 6712 0 R (page.161) 6756 0 R (page.162) 6796 0 R] /Limits [(page.158) (page.162)] >> endobj 8315 0 obj << /Names [(page.163) 6837 0 R (page.164) 6878 0 R (page.165) 6932 0 R (page.166) 6979 0 R (page.167) 7031 0 R (page.168) 7085 0 R] /Limits [(page.163) (page.168)] >> endobj 8316 0 obj << /Names [(page.169) 7129 0 R (page.17) 1967 0 R (page.170) 7176 0 R (page.171) 7197 0 R (page.172) 7238 0 R (page.173) 7286 0 R] /Limits [(page.169) (page.173)] >> endobj 8317 0 obj << /Names [(page.174) 7328 0 R (page.175) 7334 0 R (page.18) 2016 0 R (page.19) 2030 0 R (page.2) 937 0 R (page.20) 2060 0 R] /Limits [(page.174) (page.20)] >> endobj 8318 0 obj << /Names [(page.21) 2088 0 R (page.22) 2131 0 R (page.23) 2163 0 R (page.24) 2191 0 R (page.25) 2218 0 R (page.26) 2245 0 R] /Limits [(page.21) (page.26)] >> endobj 8319 0 obj << /Names [(page.27) 2298 0 R (page.28) 2333 0 R (page.29) 2352 0 R (page.3) 1382 0 R (page.30) 2383 0 R (page.31) 2420 0 R] /Limits [(page.27) (page.31)] >> endobj 8320 0 obj << /Names [(page.32) 2460 0 R (page.33) 2496 0 R (page.34) 2513 0 R (page.35) 2546 0 R (page.36) 2581 0 R (page.37) 2612 0 R] /Limits [(page.32) (page.37)] >> endobj 8321 0 obj << /Names [(page.38) 2635 0 R (page.39) 2678 0 R (page.4) 1419 0 R (page.40) 2726 0 R (page.41) 2757 0 R (page.42) 2784 0 R] /Limits [(page.38) (page.42)] >> endobj 8322 0 obj << /Names [(page.43) 2807 0 R (page.44) 2838 0 R (page.45) 2858 0 R (page.46) 2878 0 R (page.47) 2927 0 R (page.48) 2978 0 R] /Limits [(page.43) (page.48)] >> endobj 8323 0 obj << /Names [(page.49) 3015 0 R (page.5) 1453 0 R (page.50) 3048 0 R (page.51) 3088 0 R (page.52) 3105 0 R (page.53) 3151 0 R] /Limits [(page.49) (page.53)] >> endobj 8324 0 obj << /Names [(page.54) 3181 0 R (page.55) 3210 0 R (page.56) 3246 0 R (page.57) 3278 0 R (page.58) 3316 0 R (page.59) 3344 0 R] /Limits [(page.54) (page.59)] >> endobj 8325 0 obj << /Names [(page.6) 1513 0 R (page.60) 3387 0 R (page.61) 3432 0 R (page.62) 3469 0 R (page.63) 3487 0 R (page.64) 3517 0 R] /Limits [(page.6) (page.64)] >> endobj 8326 0 obj << /Names [(page.65) 3557 0 R (page.66) 3590 0 R (page.67) 3622 0 R (page.68) 3632 0 R (page.69) 3677 0 R (page.7) 1568 0 R] /Limits [(page.65) (page.7)] >> endobj 8327 0 obj << /Names [(page.70) 3688 0 R (page.71) 3713 0 R (page.72) 3736 0 R (page.73) 3776 0 R (page.74) 3794 0 R (page.75) 3807 0 R] /Limits [(page.70) (page.75)] >> endobj 8328 0 obj << /Names [(page.76) 3826 0 R (page.77) 3844 0 R (page.78) 3876 0 R (page.79) 3903 0 R (page.8) 1603 0 R (page.80) 3914 0 R] /Limits [(page.76) (page.80)] >> endobj 8329 0 obj << /Names [(page.81) 3947 0 R (page.82) 3983 0 R (page.83) 4023 0 R (page.84) 4073 0 R (page.85) 4109 0 R (page.86) 4146 0 R] /Limits [(page.81) (page.86)] >> endobj 8330 0 obj << /Names [(page.87) 4151 0 R (page.88) 4168 0 R (page.89) 4200 0 R (page.9) 1656 0 R (page.90) 4215 0 R (page.91) 4240 0 R] /Limits [(page.87) (page.91)] >> endobj 8331 0 obj << /Names [(page.92) 4273 0 R (page.93) 4291 0 R (page.94) 4319 0 R (page.95) 4353 0 R (page.96) 4398 0 R (page.97) 4439 0 R] /Limits [(page.92) (page.97)] >> endobj 8332 0 obj << /Names [(page.98) 4482 0 R (page.99) 4505 0 R (page.iii) 1035 0 R (page.iv) 1177 0 R (page.v) 1289 0 R (table.1) 1761 0 R] /Limits [(page.98) (table.1)] >> endobj 8333 0 obj << /Names [(table.10) 4636 0 R (table.11) 4640 0 R (table.2) 1795 0 R (table.3) 1801 0 R (table.4) 1806 0 R (table.5) 1814 0 R] /Limits [(table.10) (table.5)] >> endobj 8334 0 obj << /Names [(table.6) 2178 0 R (table.7) 2223 0 R (table.8) 2228 0 R (table.9) 2769 0 R] /Limits [(table.6) (table.9)] >> endobj 8335 0 obj << /Kids [7382 0 R 7383 0 R 7384 0 R 7385 0 R 7386 0 R 7387 0 R] /Limits [(0:100) (0:1069)] >> endobj 8336 0 obj << /Kids [7388 0 R 7389 0 R 7390 0 R 7391 0 R 7392 0 R 7393 0 R] /Limits [(0:107) (0:1163)] >> endobj 8337 0 obj << /Kids [7394 0 R 7395 0 R 7396 0 R 7397 0 R 7398 0 R 7399 0 R] /Limits [(0:1164) (0:1198)] >> endobj 8338 0 obj << /Kids [7400 0 R 7401 0 R 7402 0 R 7403 0 R 7404 0 R 7405 0 R] /Limits [(0:1199) (0:1238)] >> endobj 8339 0 obj << /Kids [7406 0 R 7407 0 R 7408 0 R 7409 0 R 7410 0 R 7411 0 R] /Limits [(0:1239) (0:1274)] >> endobj 8340 0 obj << /Kids [7412 0 R 7413 0 R 7414 0 R 7415 0 R 7416 0 R 7417 0 R] /Limits [(0:1275) (0:1311)] >> endobj 8341 0 obj << /Kids [7418 0 R 7419 0 R 7420 0 R 7421 0 R 7422 0 R 7423 0 R] /Limits [(0:1312) (0:135)] >> endobj 8342 0 obj << /Kids [7424 0 R 7425 0 R 7426 0 R 7427 0 R 7428 0 R 7429 0 R] /Limits [(0:1350) (0:1387)] >> endobj 8343 0 obj << /Kids [7430 0 R 7431 0 R 7432 0 R 7433 0 R 7434 0 R 7435 0 R] /Limits [(0:1388) (0:1425)] >> endobj 8344 0 obj << /Kids [7436 0 R 7437 0 R 7438 0 R 7439 0 R 7440 0 R 7441 0 R] /Limits [(0:1426) (0:1469)] >> endobj 8345 0 obj << /Kids [7442 0 R 7443 0 R 7444 0 R 7445 0 R 7446 0 R 7447 0 R] /Limits [(0:1470) (0:151)] >> endobj 8346 0 obj << /Kids [7448 0 R 7449 0 R 7450 0 R 7451 0 R 7452 0 R 7453 0 R] /Limits [(0:1510) (0:1552)] >> endobj 8347 0 obj << /Kids [7454 0 R 7455 0 R 7456 0 R 7457 0 R 7458 0 R 7459 0 R] /Limits [(0:1553) (0:1593)] >> endobj 8348 0 obj << /Kids [7460 0 R 7461 0 R 7462 0 R 7463 0 R 7464 0 R 7465 0 R] /Limits [(0:1594) (0:1630)] >> endobj 8349 0 obj << /Kids [7466 0 R 7467 0 R 7468 0 R 7469 0 R 7470 0 R 7471 0 R] /Limits [(0:1631) (0:1666)] >> endobj 8350 0 obj << /Kids [7472 0 R 7473 0 R 7474 0 R 7475 0 R 7476 0 R 7477 0 R] /Limits [(0:1667) (0:173)] >> endobj 8351 0 obj << /Kids [7478 0 R 7479 0 R 7480 0 R 7481 0 R 7482 0 R 7483 0 R] /Limits [(0:1730) (0:1766)] >> endobj 8352 0 obj << /Kids [7484 0 R 7485 0 R 7486 0 R 7487 0 R 7488 0 R 7489 0 R] /Limits [(0:1767) (0:1809)] >> endobj 8353 0 obj << /Kids [7490 0 R 7491 0 R 7492 0 R 7493 0 R 7494 0 R 7495 0 R] /Limits [(0:181) (0:1848)] >> endobj 8354 0 obj << /Kids [7496 0 R 7497 0 R 7498 0 R 7499 0 R 7500 0 R 7501 0 R] /Limits [(0:1849) (0:1882)] >> endobj 8355 0 obj << /Kids [7502 0 R 7503 0 R 7504 0 R 7505 0 R 7506 0 R 7507 0 R] /Limits [(0:1883) (0:1916)] >> endobj 8356 0 obj << /Kids [7508 0 R 7509 0 R 7510 0 R 7511 0 R 7512 0 R 7513 0 R] /Limits [(0:1917) (0:1956)] >> endobj 8357 0 obj << /Kids [7514 0 R 7515 0 R 7516 0 R 7517 0 R 7518 0 R 7519 0 R] /Limits [(0:1957) (0:1997)] >> endobj 8358 0 obj << /Kids [7520 0 R 7521 0 R 7522 0 R 7523 0 R 7524 0 R 7525 0 R] /Limits [(0:1998) (0:2037)] >> endobj 8359 0 obj << /Kids [7526 0 R 7527 0 R 7528 0 R 7529 0 R 7530 0 R 7531 0 R] /Limits [(0:2038) (0:2072)] >> endobj 8360 0 obj << /Kids [7532 0 R 7533 0 R 7534 0 R 7535 0 R 7536 0 R 7537 0 R] /Limits [(0:2073) (0:2108)] >> endobj 8361 0 obj << /Kids [7538 0 R 7539 0 R 7540 0 R 7541 0 R 7542 0 R 7543 0 R] /Limits [(0:211) (0:2149)] >> endobj 8362 0 obj << /Kids [7544 0 R 7545 0 R 7546 0 R 7547 0 R 7548 0 R 7549 0 R] /Limits [(0:215) (0:2190)] >> endobj 8363 0 obj << /Kids [7550 0 R 7551 0 R 7552 0 R 7553 0 R 7554 0 R 7555 0 R] /Limits [(0:2192) (0:2227)] >> endobj 8364 0 obj << /Kids [7556 0 R 7557 0 R 7558 0 R 7559 0 R 7560 0 R 7561 0 R] /Limits [(0:2228) (0:2274)] >> endobj 8365 0 obj << /Kids [7562 0 R 7563 0 R 7564 0 R 7565 0 R 7566 0 R 7567 0 R] /Limits [(0:2276) (0:2309)] >> endobj 8366 0 obj << /Kids [7568 0 R 7569 0 R 7570 0 R 7571 0 R 7572 0 R 7573 0 R] /Limits [(0:231) (0:235)] >> endobj 8367 0 obj << /Kids [7574 0 R 7575 0 R 7576 0 R 7577 0 R 7578 0 R 7579 0 R] /Limits [(0:2351) (0:2385)] >> endobj 8368 0 obj << /Kids [7580 0 R 7581 0 R 7582 0 R 7583 0 R 7584 0 R 7585 0 R] /Limits [(0:2386) (0:2427)] >> endobj 8369 0 obj << /Kids [7586 0 R 7587 0 R 7588 0 R 7589 0 R 7590 0 R 7591 0 R] /Limits [(0:2428) (0:2468)] >> endobj 8370 0 obj << /Kids [7592 0 R 7593 0 R 7594 0 R 7595 0 R 7596 0 R 7597 0 R] /Limits [(0:2469) (0:2506)] >> endobj 8371 0 obj << /Kids [7598 0 R 7599 0 R 7600 0 R 7601 0 R 7602 0 R 7603 0 R] /Limits [(0:2507) (0:2541)] >> endobj 8372 0 obj << /Kids [7604 0 R 7605 0 R 7606 0 R 7607 0 R 7608 0 R 7609 0 R] /Limits [(0:2542) (0:2582)] >> endobj 8373 0 obj << /Kids [7610 0 R 7611 0 R 7612 0 R 7613 0 R 7614 0 R 7615 0 R] /Limits [(0:2583) (0:2623)] >> endobj 8374 0 obj << /Kids [7616 0 R 7617 0 R 7618 0 R 7619 0 R 7620 0 R 7621 0 R] /Limits [(0:2624) (0:2662)] >> endobj 8375 0 obj << /Kids [7622 0 R 7623 0 R 7624 0 R 7625 0 R 7626 0 R 7627 0 R] /Limits [(0:2663) (0:2698)] >> endobj 8376 0 obj << /Kids [7628 0 R 7629 0 R 7630 0 R 7631 0 R 7632 0 R 7633 0 R] /Limits [(0:2699) (0:2738)] >> endobj 8377 0 obj << /Kids [7634 0 R 7635 0 R 7636 0 R 7637 0 R 7638 0 R 7639 0 R] /Limits [(0:2739) (0:2779)] >> endobj 8378 0 obj << /Kids [7640 0 R 7641 0 R 7642 0 R 7643 0 R 7644 0 R 7645 0 R] /Limits [(0:278) (0:2813)] >> endobj 8379 0 obj << /Kids [7646 0 R 7647 0 R 7648 0 R 7649 0 R 7650 0 R 7651 0 R] /Limits [(0:2814) (0:2850)] >> endobj 8380 0 obj << /Kids [7652 0 R 7653 0 R 7654 0 R 7655 0 R 7656 0 R 7657 0 R] /Limits [(0:2851) (0:2888)] >> endobj 8381 0 obj << /Kids [7658 0 R 7659 0 R 7660 0 R 7661 0 R 7662 0 R 7663 0 R] /Limits [(0:2889) (0:2923)] >> endobj 8382 0 obj << /Kids [7664 0 R 7665 0 R 7666 0 R 7667 0 R 7668 0 R 7669 0 R] /Limits [(0:2924) (0:2958)] >> endobj 8383 0 obj << /Kids [7670 0 R 7671 0 R 7672 0 R 7673 0 R 7674 0 R 7675 0 R] /Limits [(0:2959) (0:2995)] >> endobj 8384 0 obj << /Kids [7676 0 R 7677 0 R 7678 0 R 7679 0 R 7680 0 R 7681 0 R] /Limits [(0:2996) (0:303)] >> endobj 8385 0 obj << /Kids [7682 0 R 7683 0 R 7684 0 R 7685 0 R 7686 0 R 7687 0 R] /Limits [(0:3030) (0:3068)] >> endobj 8386 0 obj << /Kids [7688 0 R 7689 0 R 7690 0 R 7691 0 R 7692 0 R 7693 0 R] /Limits [(0:3069) (0:3106)] >> endobj 8387 0 obj << /Kids [7694 0 R 7695 0 R 7696 0 R 7697 0 R 7698 0 R 7699 0 R] /Limits [(0:3107) (0:3144)] >> endobj 8388 0 obj << /Kids [7700 0 R 7701 0 R 7702 0 R 7703 0 R 7704 0 R 7705 0 R] /Limits [(0:3145) (0:318)] >> endobj 8389 0 obj << /Kids [7706 0 R 7707 0 R 7708 0 R 7709 0 R 7710 0 R 7711 0 R] /Limits [(0:3181) (0:322)] >> endobj 8390 0 obj << /Kids [7712 0 R 7713 0 R 7714 0 R 7715 0 R 7716 0 R 7717 0 R] /Limits [(0:3220) (0:3259)] >> endobj 8391 0 obj << /Kids [7718 0 R 7719 0 R 7720 0 R 7721 0 R 7722 0 R 7723 0 R] /Limits [(0:326) (0:3296)] >> endobj 8392 0 obj << /Kids [7724 0 R 7725 0 R 7726 0 R 7727 0 R 7728 0 R 7729 0 R] /Limits [(0:3297) (0:3334)] >> endobj 8393 0 obj << /Kids [7730 0 R 7731 0 R 7732 0 R 7733 0 R 7734 0 R 7735 0 R] /Limits [(0:3335) (0:3368)] >> endobj 8394 0 obj << /Kids [7736 0 R 7737 0 R 7738 0 R 7739 0 R 7740 0 R 7741 0 R] /Limits [(0:3369) (0:3406)] >> endobj 8395 0 obj << /Kids [7742 0 R 7743 0 R 7744 0 R 7745 0 R 7746 0 R 7747 0 R] /Limits [(0:3407) (0:3443)] >> endobj 8396 0 obj << /Kids [7748 0 R 7749 0 R 7750 0 R 7751 0 R 7752 0 R 7753 0 R] /Limits [(0:3444) (0:3484)] >> endobj 8397 0 obj << /Kids [7754 0 R 7755 0 R 7756 0 R 7757 0 R 7758 0 R 7759 0 R] /Limits [(0:3485) (0:3526)] >> endobj 8398 0 obj << /Kids [7760 0 R 7761 0 R 7762 0 R 7763 0 R 7764 0 R 7765 0 R] /Limits [(0:3527) (0:360)] >> endobj 8399 0 obj << /Kids [7766 0 R 7767 0 R 7768 0 R 7769 0 R 7770 0 R 7771 0 R] /Limits [(0:3600) (0:3632)] >> endobj 8400 0 obj << /Kids [7772 0 R 7773 0 R 7774 0 R 7775 0 R 7776 0 R 7777 0 R] /Limits [(0:3633) (0:3670)] >> endobj 8401 0 obj << /Kids [7778 0 R 7779 0 R 7780 0 R 7781 0 R 7782 0 R 7783 0 R] /Limits [(0:3672) (0:371)] >> endobj 8402 0 obj << /Kids [7784 0 R 7785 0 R 7786 0 R 7787 0 R 7788 0 R 7789 0 R] /Limits [(0:3710) (0:3751)] >> endobj 8403 0 obj << /Kids [7790 0 R 7791 0 R 7792 0 R 7793 0 R 7794 0 R 7795 0 R] /Limits [(0:3752) (0:3793)] >> endobj 8404 0 obj << /Kids [7796 0 R 7797 0 R 7798 0 R 7799 0 R 7800 0 R 7801 0 R] /Limits [(0:3794) (0:3829)] >> endobj 8405 0 obj << /Kids [7802 0 R 7803 0 R 7804 0 R 7805 0 R 7806 0 R 7807 0 R] /Limits [(0:3830) (0:3864)] >> endobj 8406 0 obj << /Kids [7808 0 R 7809 0 R 7810 0 R 7811 0 R 7812 0 R 7813 0 R] /Limits [(0:3865) (0:3903)] >> endobj 8407 0 obj << /Kids [7814 0 R 7815 0 R 7816 0 R 7817 0 R 7818 0 R 7819 0 R] /Limits [(0:3904) (0:3938)] >> endobj 8408 0 obj << /Kids [7820 0 R 7821 0 R 7822 0 R 7823 0 R 7824 0 R 7825 0 R] /Limits [(0:3939) (0:3976)] >> endobj 8409 0 obj << /Kids [7826 0 R 7827 0 R 7828 0 R 7829 0 R 7830 0 R 7831 0 R] /Limits [(0:3977) (0:401)] >> endobj 8410 0 obj << /Kids [7832 0 R 7833 0 R 7834 0 R 7835 0 R 7836 0 R 7837 0 R] /Limits [(0:4012) (0:405)] >> endobj 8411 0 obj << /Kids [7838 0 R 7839 0 R 7840 0 R 7841 0 R 7842 0 R 7843 0 R] /Limits [(0:4050) (0:4084)] >> endobj 8412 0 obj << /Kids [7844 0 R 7845 0 R 7846 0 R 7847 0 R 7848 0 R 7849 0 R] /Limits [(0:4086) (0:4120)] >> endobj 8413 0 obj << /Kids [7850 0 R 7851 0 R 7852 0 R 7853 0 R 7854 0 R 7855 0 R] /Limits [(0:4121) (0:4158)] >> endobj 8414 0 obj << /Kids [7856 0 R 7857 0 R 7858 0 R 7859 0 R 7860 0 R 7861 0 R] /Limits [(0:4159) (0:4199)] >> endobj 8415 0 obj << /Kids [7862 0 R 7863 0 R 7864 0 R 7865 0 R 7866 0 R 7867 0 R] /Limits [(0:42) (0:4237)] >> endobj 8416 0 obj << /Kids [7868 0 R 7869 0 R 7870 0 R 7871 0 R 7872 0 R 7873 0 R] /Limits [(0:4238) (0:4276)] >> endobj 8417 0 obj << /Kids [7874 0 R 7875 0 R 7876 0 R 7877 0 R 7878 0 R 7879 0 R] /Limits [(0:4277) (0:4316)] >> endobj 8418 0 obj << /Kids [7880 0 R 7881 0 R 7882 0 R 7883 0 R 7884 0 R 7885 0 R] /Limits [(0:4317) (0:4356)] >> endobj 8419 0 obj << /Kids [7886 0 R 7887 0 R 7888 0 R 7889 0 R 7890 0 R 7891 0 R] /Limits [(0:4357) (0:4394)] >> endobj 8420 0 obj << /Kids [7892 0 R 7893 0 R 7894 0 R 7895 0 R 7896 0 R 7897 0 R] /Limits [(0:4395) (0:4439)] >> endobj 8421 0 obj << /Kids [7898 0 R 7899 0 R 7900 0 R 7901 0 R 7902 0 R 7903 0 R] /Limits [(0:4440) (0:4487)] >> endobj 8422 0 obj << /Kids [7904 0 R 7905 0 R 7906 0 R 7907 0 R 7908 0 R 7909 0 R] /Limits [(0:4488) (0:4529)] >> endobj 8423 0 obj << /Kids [7910 0 R 7911 0 R 7912 0 R 7913 0 R 7914 0 R 7915 0 R] /Limits [(0:4530) (0:4566)] >> endobj 8424 0 obj << /Kids [7916 0 R 7917 0 R 7918 0 R 7919 0 R 7920 0 R 7921 0 R] /Limits [(0:4567) (0:4612)] >> endobj 8425 0 obj << /Kids [7922 0 R 7923 0 R 7924 0 R 7925 0 R 7926 0 R 7927 0 R] /Limits [(0:4613) (0:4663)] >> endobj 8426 0 obj << /Kids [7928 0 R 7929 0 R 7930 0 R 7931 0 R 7932 0 R 7933 0 R] /Limits [(0:4664) (0:4707)] >> endobj 8427 0 obj << /Kids [7934 0 R 7935 0 R 7936 0 R 7937 0 R 7938 0 R 7939 0 R] /Limits [(0:4708) (0:4748)] >> endobj 8428 0 obj << /Kids [7940 0 R 7941 0 R 7942 0 R 7943 0 R 7944 0 R 7945 0 R] /Limits [(0:4749) (0:4792)] >> endobj 8429 0 obj << /Kids [7946 0 R 7947 0 R 7948 0 R 7949 0 R 7950 0 R 7951 0 R] /Limits [(0:4793) (0:4838)] >> endobj 8430 0 obj << /Kids [7952 0 R 7953 0 R 7954 0 R 7955 0 R 7956 0 R 7957 0 R] /Limits [(0:4839) (0:4885)] >> endobj 8431 0 obj << /Kids [7958 0 R 7959 0 R 7960 0 R 7961 0 R 7962 0 R 7963 0 R] /Limits [(0:4886) (0:4927)] >> endobj 8432 0 obj << /Kids [7964 0 R 7965 0 R 7966 0 R 7967 0 R 7968 0 R 7969 0 R] /Limits [(0:4929) (0:4970)] >> endobj 8433 0 obj << /Kids [7970 0 R 7971 0 R 7972 0 R 7973 0 R 7974 0 R 7975 0 R] /Limits [(0:4971) (0:5013)] >> endobj 8434 0 obj << /Kids [7976 0 R 7977 0 R 7978 0 R 7979 0 R 7980 0 R 7981 0 R] /Limits [(0:5014) (0:5056)] >> endobj 8435 0 obj << /Kids [7982 0 R 7983 0 R 7984 0 R 7985 0 R 7986 0 R 7987 0 R] /Limits [(0:5057) (0:5097)] >> endobj 8436 0 obj << /Kids [7988 0 R 7989 0 R 7990 0 R 7991 0 R 7992 0 R 7993 0 R] /Limits [(0:5098) (0:5135)] >> endobj 8437 0 obj << /Kids [7994 0 R 7995 0 R 7996 0 R 7997 0 R 7998 0 R 7999 0 R] /Limits [(0:5136) (0:5170)] >> endobj 8438 0 obj << /Kids [8000 0 R 8001 0 R 8002 0 R 8003 0 R 8004 0 R 8005 0 R] /Limits [(0:5171) (0:5204)] >> endobj 8439 0 obj << /Kids [8006 0 R 8007 0 R 8008 0 R 8009 0 R 8010 0 R 8011 0 R] /Limits [(0:5205) (0:5243)] >> endobj 8440 0 obj << /Kids [8012 0 R 8013 0 R 8014 0 R 8015 0 R 8016 0 R 8017 0 R] /Limits [(0:5244) (0:5283)] >> endobj 8441 0 obj << /Kids [8018 0 R 8019 0 R 8020 0 R 8021 0 R 8022 0 R 8023 0 R] /Limits [(0:5284) (0:5329)] >> endobj 8442 0 obj << /Kids [8024 0 R 8025 0 R 8026 0 R 8027 0 R 8028 0 R 8029 0 R] /Limits [(0:5330) (0:5372)] >> endobj 8443 0 obj << /Kids [8030 0 R 8031 0 R 8032 0 R 8033 0 R 8034 0 R 8035 0 R] /Limits [(0:5373) (0:5411)] >> endobj 8444 0 obj << /Kids [8036 0 R 8037 0 R 8038 0 R 8039 0 R 8040 0 R 8041 0 R] /Limits [(0:5412) (0:5450)] >> endobj 8445 0 obj << /Kids [8042 0 R 8043 0 R 8044 0 R 8045 0 R 8046 0 R 8047 0 R] /Limits [(0:5451) (0:5491)] >> endobj 8446 0 obj << /Kids [8048 0 R 8049 0 R 8050 0 R 8051 0 R 8052 0 R 8053 0 R] /Limits [(0:5492) (0:5528)] >> endobj 8447 0 obj << /Kids [8054 0 R 8055 0 R 8056 0 R 8057 0 R 8058 0 R 8059 0 R] /Limits [(0:5529) (0:5568)] >> endobj 8448 0 obj << /Kids [8060 0 R 8061 0 R 8062 0 R 8063 0 R 8064 0 R 8065 0 R] /Limits [(0:5569) (0:5606)] >> endobj 8449 0 obj << /Kids [8066 0 R 8067 0 R 8068 0 R 8069 0 R 8070 0 R 8071 0 R] /Limits [(0:5609) (0:5650)] >> endobj 8450 0 obj << /Kids [8072 0 R 8073 0 R 8074 0 R 8075 0 R 8076 0 R 8077 0 R] /Limits [(0:5651) (0:5688)] >> endobj 8451 0 obj << /Kids [8078 0 R 8079 0 R 8080 0 R 8081 0 R 8082 0 R 8083 0 R] /Limits [(0:5689) (0:5727)] >> endobj 8452 0 obj << /Kids [8084 0 R 8085 0 R 8086 0 R 8087 0 R 8088 0 R 8089 0 R] /Limits [(0:5728) (0:5767)] >> endobj 8453 0 obj << /Kids [8090 0 R 8091 0 R 8092 0 R 8093 0 R 8094 0 R 8095 0 R] /Limits [(0:5768) (0:5806)] >> endobj 8454 0 obj << /Kids [8096 0 R 8097 0 R 8098 0 R 8099 0 R 8100 0 R 8101 0 R] /Limits [(0:5807) (0:5842)] >> endobj 8455 0 obj << /Kids [8102 0 R 8103 0 R 8104 0 R 8105 0 R 8106 0 R 8107 0 R] /Limits [(0:5843) (0:5878)] >> endobj 8456 0 obj << /Kids [8108 0 R 8109 0 R 8110 0 R 8111 0 R 8112 0 R 8113 0 R] /Limits [(0:5879) (0:5915)] >> endobj 8457 0 obj << /Kids [8114 0 R 8115 0 R 8116 0 R 8117 0 R 8118 0 R 8119 0 R] /Limits [(0:5916) (0:5951)] >> endobj 8458 0 obj << /Kids [8120 0 R 8121 0 R 8122 0 R 8123 0 R 8124 0 R 8125 0 R] /Limits [(0:5952) (0:5989)] >> endobj 8459 0 obj << /Kids [8126 0 R 8127 0 R 8128 0 R 8129 0 R 8130 0 R 8131 0 R] /Limits [(0:5990) (0:6024)] >> endobj 8460 0 obj << /Kids [8132 0 R 8133 0 R 8134 0 R 8135 0 R 8136 0 R 8137 0 R] /Limits [(0:6025) (0:6061)] >> endobj 8461 0 obj << /Kids [8138 0 R 8139 0 R 8140 0 R 8141 0 R 8142 0 R 8143 0 R] /Limits [(0:6062) (0:6099)] >> endobj 8462 0 obj << /Kids [8144 0 R 8145 0 R 8146 0 R 8147 0 R 8148 0 R 8149 0 R] /Limits [(0:6100) (0:6135)] >> endobj 8463 0 obj << /Kids [8150 0 R 8151 0 R 8152 0 R 8153 0 R 8154 0 R 8155 0 R] /Limits [(0:6138) (0:6184)] >> endobj 8464 0 obj << /Kids [8156 0 R 8157 0 R 8158 0 R 8159 0 R 8160 0 R 8161 0 R] /Limits [(0:6185) (0:6232)] >> endobj 8465 0 obj << /Kids [8162 0 R 8163 0 R 8164 0 R 8165 0 R 8166 0 R 8167 0 R] /Limits [(0:6233) (0:6281)] >> endobj 8466 0 obj << /Kids [8168 0 R 8169 0 R 8170 0 R 8171 0 R 8172 0 R 8173 0 R] /Limits [(0:6283) (0:649)] >> endobj 8467 0 obj << /Kids [8174 0 R 8175 0 R 8176 0 R 8177 0 R 8178 0 R 8179 0 R] /Limits [(0:65) (0:681)] >> endobj 8468 0 obj << /Kids [8180 0 R 8181 0 R 8182 0 R 8183 0 R 8184 0 R 8185 0 R] /Limits [(0:682) (0:720)] >> endobj 8469 0 obj << /Kids [8186 0 R 8187 0 R 8188 0 R 8189 0 R 8190 0 R 8191 0 R] /Limits [(0:721) (0:758)] >> endobj 8470 0 obj << /Kids [8192 0 R 8193 0 R 8194 0 R 8195 0 R 8196 0 R 8197 0 R] /Limits [(0:759) (0:793)] >> endobj 8471 0 obj << /Kids [8198 0 R 8199 0 R 8200 0 R 8201 0 R 8202 0 R 8203 0 R] /Limits [(0:794) (0:829)] >> endobj 8472 0 obj << /Kids [8204 0 R 8205 0 R 8206 0 R 8207 0 R 8208 0 R 8209 0 R] /Limits [(0:830) (0:869)] >> endobj 8473 0 obj << /Kids [8210 0 R 8211 0 R 8212 0 R 8213 0 R 8214 0 R 8215 0 R] /Limits [(0:87) (0:914)] >> endobj 8474 0 obj << /Kids [8216 0 R 8217 0 R 8218 0 R 8219 0 R 8220 0 R 8221 0 R] /Limits [(0:915) (0:948)] >> endobj 8475 0 obj << /Kids [8222 0 R 8223 0 R 8224 0 R 8225 0 R 8226 0 R 8227 0 R] /Limits [(0:949) (0:985)] >> endobj 8476 0 obj << /Kids [8228 0 R 8229 0 R 8230 0 R 8231 0 R 8232 0 R 8233 0 R] /Limits [(0:989) (0:CONDITIONALS)] >> endobj 8477 0 obj << /Kids [8234 0 R 8235 0 R 8236 0 R 8237 0 R 8238 0 R 8239 0 R] /Limits [(0:CONFIGFACILITY) (0:DEPLOY-LAYOUT-ARCHPKG)] >> endobj 8478 0 obj << /Kids [8240 0 R 8241 0 R 8242 0 R 8243 0 R 8244 0 R 8245 0 R] /Limits [(0:DEPLOY-LAYOUT-CONFIGS) (0:HOW-TO-INVOKE)] >> endobj 8479 0 obj << /Kids [8246 0 R 8247 0 R 8248 0 R 8249 0 R 8250 0 R 8251 0 R] /Limits [(0:HPUX) (0:LOGSERVERDETAILS)] >> endobj 8480 0 obj << /Kids [8252 0 R 8253 0 R 8254 0 R 8255 0 R 8256 0 R 8257 0 R] /Limits [(0:LOOSEDIRCHECK) (0:SECURITY-DESIGN)] >> endobj 8481 0 obj << /Kids [8258 0 R 8259 0 R 8260 0 R 8261 0 R 8262 0 R 8263 0 R] /Limits [(0:SECURITY-USAGE) (0:WATCHING-LOGIN-LOGOUT-EVENTS)] >> endobj 8482 0 obj << /Kids [8264 0 R 8265 0 R 8266 0 R 8267 0 R 8268 0 R 8269 0 R] /Limits [(0:WHODIDIT) (12.76.70.2)] >> endobj 8483 0 obj << /Kids [8270 0 R 8271 0 R 8272 0 R 8273 0 R 8274 0 R 8275 0 R] /Limits [(12.76.70.23.3) (16.91.1)] >> endobj 8484 0 obj << /Kids [8276 0 R 8277 0 R 8278 0 R 8279 0 R 8280 0 R 8281 0 R] /Limits [(16.91.78.2) (4.6.2.2)] >> endobj 8485 0 obj << /Kids [8282 0 R 8283 0 R 8284 0 R 8285 0 R 8286 0 R 8287 0 R] /Limits [(4.7.1) (6.33.1)] >> endobj 8486 0 obj << /Kids [8288 0 R 8289 0 R 8290 0 R 8291 0 R 8292 0 R 8293 0 R] /Limits [(6.34.1) (7.44.1)] >> endobj 8487 0 obj << /Kids [8294 0 R 8295 0 R 8296 0 R 8297 0 R 8298 0 R 8299 0 R] /Limits [(7.44.37.2) (8.60.1)] >> endobj 8488 0 obj << /Kids [8300 0 R 8301 0 R 8302 0 R 8303 0 R 8304 0 R 8305 0 R] /Limits [(8.60.54.2) (page.113)] >> endobj 8489 0 obj << /Kids [8306 0 R 8307 0 R 8308 0 R 8309 0 R 8310 0 R 8311 0 R] /Limits [(page.114) (page.146)] >> endobj 8490 0 obj << /Kids [8312 0 R 8313 0 R 8314 0 R 8315 0 R 8316 0 R 8317 0 R] /Limits [(page.147) (page.20)] >> endobj 8491 0 obj << /Kids [8318 0 R 8319 0 R 8320 0 R 8321 0 R 8322 0 R 8323 0 R] /Limits [(page.21) (page.53)] >> endobj 8492 0 obj << /Kids [8324 0 R 8325 0 R 8326 0 R 8327 0 R 8328 0 R 8329 0 R] /Limits [(page.54) (page.86)] >> endobj 8493 0 obj << /Kids [8330 0 R 8331 0 R 8332 0 R 8333 0 R 8334 0 R] /Limits [(page.87) (table.9)] >> endobj 8494 0 obj << /Kids [8335 0 R 8336 0 R 8337 0 R 8338 0 R 8339 0 R 8340 0 R] /Limits [(0:100) (0:1311)] >> endobj 8495 0 obj << /Kids [8341 0 R 8342 0 R 8343 0 R 8344 0 R 8345 0 R 8346 0 R] /Limits [(0:1312) (0:1552)] >> endobj 8496 0 obj << /Kids [8347 0 R 8348 0 R 8349 0 R 8350 0 R 8351 0 R 8352 0 R] /Limits [(0:1553) (0:1809)] >> endobj 8497 0 obj << /Kids [8353 0 R 8354 0 R 8355 0 R 8356 0 R 8357 0 R 8358 0 R] /Limits [(0:181) (0:2037)] >> endobj 8498 0 obj << /Kids [8359 0 R 8360 0 R 8361 0 R 8362 0 R 8363 0 R 8364 0 R] /Limits [(0:2038) (0:2274)] >> endobj 8499 0 obj << /Kids [8365 0 R 8366 0 R 8367 0 R 8368 0 R 8369 0 R 8370 0 R] /Limits [(0:2276) (0:2506)] >> endobj 8500 0 obj << /Kids [8371 0 R 8372 0 R 8373 0 R 8374 0 R 8375 0 R 8376 0 R] /Limits [(0:2507) (0:2738)] >> endobj 8501 0 obj << /Kids [8377 0 R 8378 0 R 8379 0 R 8380 0 R 8381 0 R 8382 0 R] /Limits [(0:2739) (0:2958)] >> endobj 8502 0 obj << /Kids [8383 0 R 8384 0 R 8385 0 R 8386 0 R 8387 0 R 8388 0 R] /Limits [(0:2959) (0:318)] >> endobj 8503 0 obj << /Kids [8389 0 R 8390 0 R 8391 0 R 8392 0 R 8393 0 R 8394 0 R] /Limits [(0:3181) (0:3406)] >> endobj 8504 0 obj << /Kids [8395 0 R 8396 0 R 8397 0 R 8398 0 R 8399 0 R 8400 0 R] /Limits [(0:3407) (0:3670)] >> endobj 8505 0 obj << /Kids [8401 0 R 8402 0 R 8403 0 R 8404 0 R 8405 0 R 8406 0 R] /Limits [(0:3672) (0:3903)] >> endobj 8506 0 obj << /Kids [8407 0 R 8408 0 R 8409 0 R 8410 0 R 8411 0 R 8412 0 R] /Limits [(0:3904) (0:4120)] >> endobj 8507 0 obj << /Kids [8413 0 R 8414 0 R 8415 0 R 8416 0 R 8417 0 R 8418 0 R] /Limits [(0:4121) (0:4356)] >> endobj 8508 0 obj << /Kids [8419 0 R 8420 0 R 8421 0 R 8422 0 R 8423 0 R 8424 0 R] /Limits [(0:4357) (0:4612)] >> endobj 8509 0 obj << /Kids [8425 0 R 8426 0 R 8427 0 R 8428 0 R 8429 0 R 8430 0 R] /Limits [(0:4613) (0:4885)] >> endobj 8510 0 obj << /Kids [8431 0 R 8432 0 R 8433 0 R 8434 0 R 8435 0 R 8436 0 R] /Limits [(0:4886) (0:5135)] >> endobj 8511 0 obj << /Kids [8437 0 R 8438 0 R 8439 0 R 8440 0 R 8441 0 R 8442 0 R] /Limits [(0:5136) (0:5372)] >> endobj 8512 0 obj << /Kids [8443 0 R 8444 0 R 8445 0 R 8446 0 R 8447 0 R 8448 0 R] /Limits [(0:5373) (0:5606)] >> endobj 8513 0 obj << /Kids [8449 0 R 8450 0 R 8451 0 R 8452 0 R 8453 0 R 8454 0 R] /Limits [(0:5609) (0:5842)] >> endobj 8514 0 obj << /Kids [8455 0 R 8456 0 R 8457 0 R 8458 0 R 8459 0 R 8460 0 R] /Limits [(0:5843) (0:6061)] >> endobj 8515 0 obj << /Kids [8461 0 R 8462 0 R 8463 0 R 8464 0 R 8465 0 R 8466 0 R] /Limits [(0:6062) (0:649)] >> endobj 8516 0 obj << /Kids [8467 0 R 8468 0 R 8469 0 R 8470 0 R 8471 0 R 8472 0 R] /Limits [(0:65) (0:869)] >> endobj 8517 0 obj << /Kids [8473 0 R 8474 0 R 8475 0 R 8476 0 R 8477 0 R 8478 0 R] /Limits [(0:87) (0:HOW-TO-INVOKE)] >> endobj 8518 0 obj << /Kids [8479 0 R 8480 0 R 8481 0 R 8482 0 R 8483 0 R 8484 0 R] /Limits [(0:HPUX) (4.6.2.2)] >> endobj 8519 0 obj << /Kids [8485 0 R 8486 0 R 8487 0 R 8488 0 R 8489 0 R 8490 0 R] /Limits [(4.7.1) (page.20)] >> endobj 8520 0 obj << /Kids [8491 0 R 8492 0 R 8493 0 R] /Limits [(page.21) (table.9)] >> endobj 8521 0 obj << /Kids [8494 0 R 8495 0 R 8496 0 R 8497 0 R 8498 0 R 8499 0 R] /Limits [(0:100) (0:2506)] >> endobj 8522 0 obj << /Kids [8500 0 R 8501 0 R 8502 0 R 8503 0 R 8504 0 R 8505 0 R] /Limits [(0:2507) (0:3903)] >> endobj 8523 0 obj << /Kids [8506 0 R 8507 0 R 8508 0 R 8509 0 R 8510 0 R 8511 0 R] /Limits [(0:3904) (0:5372)] >> endobj 8524 0 obj << /Kids [8512 0 R 8513 0 R 8514 0 R 8515 0 R 8516 0 R 8517 0 R] /Limits [(0:5373) (0:HOW-TO-INVOKE)] >> endobj 8525 0 obj << /Kids [8518 0 R 8519 0 R 8520 0 R] /Limits [(0:HPUX) (table.9)] >> endobj 8526 0 obj << /Kids [8521 0 R 8522 0 R 8523 0 R 8524 0 R 8525 0 R] /Limits [(0:100) (table.9)] >> endobj 8527 0 obj << /Dests 8526 0 R >> endobj 8528 0 obj << /Type /Catalog /Pages 7380 0 R /Outlines 7381 0 R /Names 8527 0 R /PageMode/UseOutlines/PageLabels<>1<>2<>3<>4<>5<>6<>7<>8<>9<>10<>11<>12<>13<>14<>15<>16<>17<>18<>19<>20<>21<>22<>23<>24<>25<>26<>27<>28<>29<>30<>31<>32<>33<>34<>35<>36<>37<>38<>39<>40<>41<>42<>43<>44<>45<>46<>47<>48<>49<>50<>51<>52<>53<>54<>55<>56<>57<>58<>59<>60<>61<>62<>63<>64<>65<>66<>67<>68<>69<>70<>71<>72<>73<>74<>75<>76<>77<>78<>79<>80<>81<>82<>83<>84<>85<>86<>87<>88<>89<>90<>91<>92<>93<>94<>95<>96<>97<>98<>99<>100<>101<>102<>103<>104<>105<>106<>107<>108<>109<>110<>111<>112<>113<>114<>115<>116<>117<>118<>119<>120<>121<>122<>123<>124<>125<>126<>127<>128<>129<>130<>131<>132<>133<>134<>135<>136<>137<>138<>139<>140<>141<>142<>143<>144<>145<>146<>147<>148<>149<>150<>151<>152<>153<>154<>155<>156<>157<>158<>159<>160<>161<>162<>163<>164<>165<>166<>167<>168<>169<>170<>171<>172<>173<>174<>175<>176<>177<>178<>179<>]>> /OpenAction 925 0 R >> endobj 8529 0 obj << /Author()/Title()/Subject()/Creator(LaTeX with hyperref package)/Producer(pdfTeX-1.40.10)/Keywords() /CreationDate (D:20131031133109+01'00') /ModDate (D:20131031133109+01'00') /Trapped /False /PTEX.Fullbanner (This is pdfTeX, Version 3.1415926-1.40.10-2.2 (TeX Live 2009/Debian) kpathsea version 5.0.0) >> endobj xref 0 8530 0000000000 65535 f 0000000015 00000 n 0000022718 00000 n 0000994903 00000 n 0000000054 00000 n 0000000116 00000 n 0000041353 00000 n 0000994818 00000 n 0000000155 00000 n 0000000190 00000 n 0000073931 00000 n 0000994731 00000 n 0000000229 00000 n 0000000271 00000 n 0000076030 00000 n 0000994603 00000 n 0000000311 00000 n 0000000365 00000 n 0000076343 00000 n 0000994529 00000 n 0000000407 00000 n 0000000439 00000 n 0000080295 00000 n 0000994442 00000 n 0000000481 00000 n 0000000517 00000 n 0000084157 00000 n 0000994355 00000 n 0000000559 00000 n 0000000603 00000 n 0000089559 00000 n 0000994231 00000 n 0000000645 00000 n 0000000691 00000 n 0000095470 00000 n 0000994170 00000 n 0000000735 00000 n 0000000792 00000 n 0000100237 00000 n 0000994083 00000 n 0000000834 00000 n 0000000863 00000 n 0000101946 00000 n 0000993959 00000 n 0000000905 00000 n 0000000936 00000 n 0000104933 00000 n 0000993898 00000 n 0000000980 00000 n 0000001028 00000 n 0000109694 00000 n 0000993811 00000 n 0000001070 00000 n 0000001103 00000 n 0000111085 00000 n 0000993724 00000 n 0000001145 00000 n 0000001201 00000 n 0000114545 00000 n 0000993637 00000 n 0000001243 00000 n 0000001278 00000 n 0000115302 00000 n 0000993513 00000 n 0000001321 00000 n 0000001372 00000 n 0000115739 00000 n 0000993439 00000 n 0000001417 00000 n 0000001475 00000 n 0000119807 00000 n 0000993352 00000 n 0000001520 00000 n 0000001563 00000 n 0000124978 00000 n 0000993228 00000 n 0000001608 00000 n 0000001648 00000 n 0000125103 00000 n 0000993154 00000 n 0000001695 00000 n 0000001744 00000 n 0000125415 00000 n 0000993080 00000 n 0000001791 00000 n 0000001826 00000 n 0000125854 00000 n 0000992969 00000 n 0000001871 00000 n 0000001913 00000 n 0000125978 00000 n 0000992895 00000 n 0000001960 00000 n 0000002009 00000 n 0000128195 00000 n 0000992821 00000 n 0000002056 00000 n 0000002091 00000 n 0000128509 00000 n 0000992746 00000 n 0000002134 00000 n 0000002173 00000 n 0000136281 00000 n 0000992613 00000 n 0000002214 00000 n 0000002264 00000 n 0000136407 00000 n 0000992534 00000 n 0000002308 00000 n 0000002346 00000 n 0000137866 00000 n 0000992441 00000 n 0000002390 00000 n 0000002456 00000 n 0000138436 00000 n 0000992348 00000 n 0000002500 00000 n 0000002547 00000 n 0000143559 00000 n 0000992255 00000 n 0000002591 00000 n 0000002623 00000 n 0000148391 00000 n 0000992162 00000 n 0000002667 00000 n 0000002700 00000 n 0000148771 00000 n 0000992069 00000 n 0000002744 00000 n 0000002786 00000 n 0000150966 00000 n 0000991976 00000 n 0000002830 00000 n 0000002891 00000 n 0000154929 00000 n 0000991883 00000 n 0000002935 00000 n 0000002993 00000 n 0000155307 00000 n 0000991790 00000 n 0000003037 00000 n 0000003109 00000 n 0000157971 00000 n 0000991697 00000 n 0000003153 00000 n 0000003212 00000 n 0000161483 00000 n 0000991579 00000 n 0000003256 00000 n 0000003307 00000 n 0000166239 00000 n 0000991514 00000 n 0000003353 00000 n 0000003420 00000 n 0000169690 00000 n 0000991380 00000 n 0000003461 00000 n 0000003527 00000 n 0000170070 00000 n 0000991262 00000 n 0000003571 00000 n 0000003603 00000 n 0000170578 00000 n 0000991183 00000 n 0000003649 00000 n 0000003691 00000 n 0000174481 00000 n 0000991090 00000 n 0000003737 00000 n 0000003771 00000 n 0000177783 00000 n 0000991011 00000 n 0000003818 00000 n 0000003872 00000 n 0000181178 00000 n 0000990918 00000 n 0000003916 00000 n 0000003969 00000 n 0000186533 00000 n 0000990825 00000 n 0000004013 00000 n 0000004090 00000 n 0000192351 00000 n 0000990693 00000 n 0000004134 00000 n 0000004164 00000 n 0000207792 00000 n 0000990628 00000 n 0000004211 00000 n 0000004271 00000 n 0000211678 00000 n 0000990496 00000 n 0000004315 00000 n 0000004348 00000 n 0000215515 00000 n 0000990431 00000 n 0000004395 00000 n 0000004452 00000 n 0000220649 00000 n 0000990299 00000 n 0000004496 00000 n 0000004531 00000 n 0000223699 00000 n 0000990234 00000 n 0000004578 00000 n 0000004612 00000 n 0000224078 00000 n 0000990141 00000 n 0000004656 00000 n 0000004700 00000 n 0000224330 00000 n 0000990048 00000 n 0000004744 00000 n 0000004776 00000 n 0000227675 00000 n 0000989916 00000 n 0000004820 00000 n 0000004852 00000 n 0000231987 00000 n 0000989837 00000 n 0000004899 00000 n 0000004961 00000 n 0000233192 00000 n 0000989758 00000 n 0000005008 00000 n 0000005067 00000 n 0000236669 00000 n 0000989665 00000 n 0000005111 00000 n 0000005162 00000 n 0000240483 00000 n 0000989572 00000 n 0000005206 00000 n 0000005238 00000 n 0000244002 00000 n 0000989454 00000 n 0000005282 00000 n 0000005320 00000 n 0000250784 00000 n 0000989375 00000 n 0000005367 00000 n 0000005417 00000 n 0000251478 00000 n 0000989282 00000 n 0000005464 00000 n 0000005516 00000 n 0000253053 00000 n 0000989203 00000 n 0000005563 00000 n 0000005618 00000 n 0000256405 00000 n 0000989069 00000 n 0000005659 00000 n 0000005737 00000 n 0000257732 00000 n 0000988990 00000 n 0000005781 00000 n 0000005820 00000 n 0000262765 00000 n 0000988897 00000 n 0000005864 00000 n 0000005917 00000 n 0000266335 00000 n 0000988804 00000 n 0000005961 00000 n 0000006001 00000 n 0000268360 00000 n 0000988671 00000 n 0000006045 00000 n 0000006125 00000 n 0000268548 00000 n 0000988592 00000 n 0000006172 00000 n 0000006218 00000 n 0000276007 00000 n 0000988460 00000 n 0000006265 00000 n 0000006320 00000 n 0000281799 00000 n 0000988395 00000 n 0000006369 00000 n 0000006403 00000 n 0000287150 00000 n 0000988302 00000 n 0000006450 00000 n 0000006527 00000 n 0000291273 00000 n 0000988209 00000 n 0000006574 00000 n 0000006659 00000 n 0000294876 00000 n 0000988116 00000 n 0000006706 00000 n 0000006753 00000 n 0000296019 00000 n 0000987984 00000 n 0000006800 00000 n 0000006841 00000 n 0000296650 00000 n 0000987919 00000 n 0000006890 00000 n 0000006960 00000 n 0000299619 00000 n 0000987826 00000 n 0000007007 00000 n 0000007059 00000 n 0000300570 00000 n 0000987733 00000 n 0000007106 00000 n 0000007152 00000 n 0000305321 00000 n 0000987640 00000 n 0000007199 00000 n 0000007259 00000 n 0000308476 00000 n 0000987547 00000 n 0000007306 00000 n 0000007372 00000 n 0000308728 00000 n 0000987454 00000 n 0000007419 00000 n 0000007471 00000 n 0000309172 00000 n 0000987361 00000 n 0000007518 00000 n 0000007580 00000 n 0000309360 00000 n 0000987268 00000 n 0000007627 00000 n 0000007682 00000 n 0000318042 00000 n 0000987136 00000 n 0000007729 00000 n 0000007795 00000 n 0000322911 00000 n 0000987071 00000 n 0000007844 00000 n 0000007896 00000 n 0000324367 00000 n 0000986992 00000 n 0000007943 00000 n 0000008004 00000 n 0000326650 00000 n 0000986899 00000 n 0000008048 00000 n 0000008126 00000 n 0000329218 00000 n 0000986767 00000 n 0000008170 00000 n 0000008213 00000 n 0000330105 00000 n 0000986702 00000 n 0000008260 00000 n 0000008310 00000 n 0000333932 00000 n 0000986609 00000 n 0000008354 00000 n 0000008414 00000 n 0000335262 00000 n 0000986516 00000 n 0000008458 00000 n 0000008510 00000 n 0000338324 00000 n 0000986384 00000 n 0000008554 00000 n 0000008626 00000 n 0000342409 00000 n 0000986305 00000 n 0000008673 00000 n 0000008726 00000 n 0000343997 00000 n 0000986226 00000 n 0000008773 00000 n 0000008813 00000 n 0000346416 00000 n 0000986094 00000 n 0000008857 00000 n 0000008908 00000 n 0000351520 00000 n 0000986015 00000 n 0000008955 00000 n 0000008996 00000 n 0000353816 00000 n 0000985922 00000 n 0000009043 00000 n 0000009097 00000 n 0000356070 00000 n 0000985829 00000 n 0000009144 00000 n 0000009200 00000 n 0000359736 00000 n 0000985750 00000 n 0000009247 00000 n 0000009289 00000 n 0000360241 00000 n 0000985657 00000 n 0000009333 00000 n 0000009389 00000 n 0000367046 00000 n 0000985564 00000 n 0000009433 00000 n 0000009495 00000 n 0000369177 00000 n 0000985471 00000 n 0000009539 00000 n 0000009604 00000 n 0000371214 00000 n 0000985339 00000 n 0000009648 00000 n 0000009716 00000 n 0000374933 00000 n 0000985274 00000 n 0000009763 00000 n 0000009812 00000 n 0000377063 00000 n 0000985142 00000 n 0000009856 00000 n 0000009905 00000 n 0000378266 00000 n 0000985063 00000 n 0000009952 00000 n 0000009987 00000 n 0000382310 00000 n 0000984984 00000 n 0000010034 00000 n 0000010083 00000 n 0000384092 00000 n 0000984852 00000 n 0000010127 00000 n 0000010180 00000 n 0000388572 00000 n 0000984734 00000 n 0000010227 00000 n 0000010272 00000 n 0000391187 00000 n 0000984655 00000 n 0000010321 00000 n 0000010393 00000 n 0000391883 00000 n 0000984576 00000 n 0000010442 00000 n 0000010501 00000 n 0000392834 00000 n 0000984483 00000 n 0000010548 00000 n 0000010610 00000 n 0000395649 00000 n 0000984390 00000 n 0000010657 00000 n 0000010729 00000 n 0000396787 00000 n 0000984297 00000 n 0000010776 00000 n 0000010811 00000 n 0000411537 00000 n 0000984218 00000 n 0000010858 00000 n 0000010907 00000 n 0000415116 00000 n 0000984086 00000 n 0000010951 00000 n 0000011006 00000 n 0000415814 00000 n 0000984007 00000 n 0000011053 00000 n 0000011088 00000 n 0000419753 00000 n 0000983928 00000 n 0000011135 00000 n 0000011184 00000 n 0000421881 00000 n 0000983835 00000 n 0000011228 00000 n 0000011261 00000 n 0000422579 00000 n 0000983742 00000 n 0000011305 00000 n 0000011349 00000 n 0000428156 00000 n 0000983610 00000 n 0000011393 00000 n 0000011480 00000 n 0000431888 00000 n 0000983531 00000 n 0000011527 00000 n 0000011576 00000 n 0000432076 00000 n 0000983452 00000 n 0000011623 00000 n 0000011673 00000 n 0000432391 00000 n 0000983334 00000 n 0000011717 00000 n 0000011806 00000 n 0000436283 00000 n 0000983269 00000 n 0000011853 00000 n 0000011902 00000 n 0000438983 00000 n 0000983135 00000 n 0000011943 00000 n 0000012006 00000 n 0000439999 00000 n 0000983056 00000 n 0000012050 00000 n 0000012082 00000 n 0000443854 00000 n 0000982963 00000 n 0000012126 00000 n 0000012179 00000 n 0000449036 00000 n 0000982870 00000 n 0000012223 00000 n 0000012268 00000 n 0000455037 00000 n 0000982777 00000 n 0000012312 00000 n 0000012367 00000 n 0000457418 00000 n 0000982645 00000 n 0000012411 00000 n 0000012508 00000 n 0000458178 00000 n 0000982566 00000 n 0000012555 00000 n 0000012600 00000 n 0000462320 00000 n 0000982487 00000 n 0000012647 00000 n 0000012687 00000 n 0000466849 00000 n 0000982394 00000 n 0000012731 00000 n 0000012792 00000 n 0000467736 00000 n 0000982301 00000 n 0000012836 00000 n 0000012885 00000 n 0000469719 00000 n 0000982208 00000 n 0000012929 00000 n 0000012981 00000 n 0000475727 00000 n 0000982115 00000 n 0000013025 00000 n 0000013056 00000 n 0000484188 00000 n 0000982022 00000 n 0000013100 00000 n 0000013171 00000 n 0000485328 00000 n 0000981890 00000 n 0000013215 00000 n 0000013268 00000 n 0000488080 00000 n 0000981811 00000 n 0000013315 00000 n 0000013372 00000 n 0000488713 00000 n 0000981732 00000 n 0000013419 00000 n 0000013475 00000 n 0000492198 00000 n 0000981639 00000 n 0000013519 00000 n 0000013559 00000 n 0000493150 00000 n 0000981546 00000 n 0000013603 00000 n 0000013649 00000 n 0000493466 00000 n 0000981467 00000 n 0000013693 00000 n 0000013737 00000 n 0000499974 00000 n 0000981334 00000 n 0000013778 00000 n 0000013836 00000 n 0000500226 00000 n 0000981255 00000 n 0000013880 00000 n 0000013910 00000 n 0000500479 00000 n 0000981162 00000 n 0000013954 00000 n 0000014001 00000 n 0000501365 00000 n 0000981044 00000 n 0000014045 00000 n 0000014095 00000 n 0000511154 00000 n 0000980979 00000 n 0000014142 00000 n 0000014193 00000 n 0000514990 00000 n 0000980846 00000 n 0000014235 00000 n 0000014321 00000 n 0000526551 00000 n 0000980781 00000 n 0000014366 00000 n 0000014414 00000 n 0000530463 00000 n 0000980648 00000 n 0000014456 00000 n 0000014514 00000 n 0000530780 00000 n 0000980530 00000 n 0000014559 00000 n 0000014605 00000 n 0000537141 00000 n 0000980465 00000 n 0000014653 00000 n 0000014736 00000 n 0000546264 00000 n 0000980386 00000 n 0000014781 00000 n 0000014828 00000 n 0000551051 00000 n 0000980253 00000 n 0000014870 00000 n 0000014928 00000 n 0000551177 00000 n 0000980134 00000 n 0000014973 00000 n 0000015030 00000 n 0000555691 00000 n 0000980055 00000 n 0000015078 00000 n 0000015118 00000 n 0000559947 00000 n 0000979923 00000 n 0000015166 00000 n 0000015225 00000 n 0000560136 00000 n 0000979844 00000 n 0000015276 00000 n 0000015330 00000 n 0000563680 00000 n 0000979765 00000 n 0000015381 00000 n 0000015435 00000 n 0000564316 00000 n 0000979633 00000 n 0000015483 00000 n 0000015533 00000 n 0000564442 00000 n 0000979554 00000 n 0000015584 00000 n 0000015637 00000 n 0000567197 00000 n 0000979461 00000 n 0000015688 00000 n 0000015752 00000 n 0000567705 00000 n 0000979368 00000 n 0000015803 00000 n 0000015877 00000 n 0000568275 00000 n 0000979289 00000 n 0000015928 00000 n 0000015987 00000 n 0000568656 00000 n 0000979157 00000 n 0000016035 00000 n 0000016089 00000 n 0000574375 00000 n 0000979092 00000 n 0000016140 00000 n 0000016185 00000 n 0000576917 00000 n 0000978960 00000 n 0000016233 00000 n 0000016275 00000 n 0000577105 00000 n 0000978895 00000 n 0000016326 00000 n 0000016372 00000 n 0000577357 00000 n 0000978763 00000 n 0000016420 00000 n 0000016463 00000 n 0000577672 00000 n 0000978698 00000 n 0000016514 00000 n 0000016560 00000 n 0000577861 00000 n 0000978566 00000 n 0000016608 00000 n 0000016654 00000 n 0000580632 00000 n 0000978501 00000 n 0000016705 00000 n 0000016751 00000 n 0000580884 00000 n 0000978369 00000 n 0000016799 00000 n 0000016845 00000 n 0000581136 00000 n 0000978304 00000 n 0000016896 00000 n 0000016942 00000 n 0000581388 00000 n 0000978172 00000 n 0000016990 00000 n 0000017033 00000 n 0000582275 00000 n 0000978107 00000 n 0000017084 00000 n 0000017130 00000 n 0000585940 00000 n 0000977975 00000 n 0000017178 00000 n 0000017224 00000 n 0000589669 00000 n 0000977910 00000 n 0000017275 00000 n 0000017322 00000 n 0000594612 00000 n 0000977778 00000 n 0000017370 00000 n 0000017418 00000 n 0000594865 00000 n 0000977713 00000 n 0000017469 00000 n 0000017516 00000 n 0000598026 00000 n 0000977634 00000 n 0000017564 00000 n 0000017604 00000 n 0000598279 00000 n 0000977516 00000 n 0000017649 00000 n 0000017711 00000 n 0000601949 00000 n 0000977398 00000 n 0000017759 00000 n 0000017802 00000 n 0000602075 00000 n 0000977319 00000 n 0000017853 00000 n 0000017893 00000 n 0000602900 00000 n 0000977240 00000 n 0000017944 00000 n 0000017984 00000 n 0000603595 00000 n 0000977147 00000 n 0000018032 00000 n 0000018084 00000 n 0000604102 00000 n 0000977054 00000 n 0000018132 00000 n 0000018186 00000 n 0000606527 00000 n 0000976961 00000 n 0000018234 00000 n 0000018293 00000 n 0000607609 00000 n 0000976882 00000 n 0000018341 00000 n 0000018394 00000 n 0000610890 00000 n 0000976749 00000 n 0000018436 00000 n 0000018483 00000 n 0000611016 00000 n 0000976631 00000 n 0000018528 00000 n 0000018559 00000 n 0000612980 00000 n 0000976566 00000 n 0000018607 00000 n 0000018676 00000 n 0000615569 00000 n 0000976473 00000 n 0000018721 00000 n 0000018782 00000 n 0000619654 00000 n 0000976380 00000 n 0000018827 00000 n 0000018880 00000 n 0000620031 00000 n 0000976287 00000 n 0000018925 00000 n 0000018961 00000 n 0000622662 00000 n 0000976208 00000 n 0000019006 00000 n 0000019039 00000 n 0000626282 00000 n 0000976075 00000 n 0000019081 00000 n 0000019155 00000 n 0000626407 00000 n 0000975996 00000 n 0000019200 00000 n 0000019232 00000 n 0000639052 00000 n 0000975903 00000 n 0000019277 00000 n 0000019347 00000 n 0000640316 00000 n 0000975810 00000 n 0000019392 00000 n 0000019467 00000 n 0000643684 00000 n 0000975717 00000 n 0000019512 00000 n 0000019563 00000 n 0000648049 00000 n 0000975638 00000 n 0000019608 00000 n 0000019638 00000 n 0000654985 00000 n 0000975505 00000 n 0000019680 00000 n 0000019740 00000 n 0000655111 00000 n 0000975426 00000 n 0000019785 00000 n 0000019817 00000 n 0000664886 00000 n 0000975333 00000 n 0000019862 00000 n 0000019894 00000 n 0000667110 00000 n 0000975254 00000 n 0000019939 00000 n 0000019968 00000 n 0000671757 00000 n 0000975120 00000 n 0000020010 00000 n 0000020079 00000 n 0000671882 00000 n 0000975002 00000 n 0000020124 00000 n 0000020156 00000 n 0000676047 00000 n 0000974923 00000 n 0000020204 00000 n 0000020246 00000 n 0000679562 00000 n 0000974844 00000 n 0000020294 00000 n 0000020333 00000 n 0000684452 00000 n 0000974751 00000 n 0000020378 00000 n 0000020417 00000 n 0000685912 00000 n 0000974658 00000 n 0000020462 00000 n 0000020505 00000 n 0000690414 00000 n 0000974565 00000 n 0000020550 00000 n 0000020593 00000 n 0000693811 00000 n 0000974472 00000 n 0000020638 00000 n 0000020691 00000 n 0000696349 00000 n 0000974379 00000 n 0000020736 00000 n 0000020796 00000 n 0000700239 00000 n 0000974286 00000 n 0000020841 00000 n 0000020894 00000 n 0000702196 00000 n 0000974193 00000 n 0000020939 00000 n 0000020990 00000 n 0000704847 00000 n 0000974100 00000 n 0000021035 00000 n 0000021083 00000 n 0000705794 00000 n 0000974007 00000 n 0000021129 00000 n 0000021198 00000 n 0000709099 00000 n 0000973914 00000 n 0000021244 00000 n 0000021293 00000 n 0000712846 00000 n 0000973821 00000 n 0000021339 00000 n 0000021392 00000 n 0000717652 00000 n 0000973728 00000 n 0000021438 00000 n 0000021472 00000 n 0000721127 00000 n 0000973635 00000 n 0000021518 00000 n 0000021557 00000 n 0000752750 00000 n 0000973542 00000 n 0000021603 00000 n 0000021637 00000 n 0000757228 00000 n 0000973463 00000 n 0000021683 00000 n 0000021716 00000 n 0000759994 00000 n 0000973330 00000 n 0000021758 00000 n 0000021813 00000 n 0000760566 00000 n 0000973251 00000 n 0000021859 00000 n 0000021891 00000 n 0000767824 00000 n 0000973158 00000 n 0000021937 00000 n 0000021969 00000 n 0000769341 00000 n 0000973079 00000 n 0000022015 00000 n 0000022046 00000 n 0000771340 00000 n 0000972999 00000 n 0000022088 00000 n 0000022149 00000 n 0000022416 00000 n 0000022778 00000 n 0000022201 00000 n 0000022536 00000 n 0000022596 00000 n 0000022657 00000 n 0000967387 00000 n 0000968445 00000 n 0000023767 00000 n 0000023587 00000 n 0000022850 00000 n 0000023707 00000 n 0000968089 00000 n 0000968265 00000 n 0000026879 00000 n 0000027029 00000 n 0000027179 00000 n 0000027336 00000 n 0000027493 00000 n 0000027659 00000 n 0000027825 00000 n 0000027995 00000 n 0000028165 00000 n 0000028331 00000 n 0000028497 00000 n 0000028663 00000 n 0000028830 00000 n 0000028992 00000 n 0000029155 00000 n 0000029320 00000 n 0000029485 00000 n 0000029651 00000 n 0000029817 00000 n 0000029985 00000 n 0000030153 00000 n 0000030318 00000 n 0000030483 00000 n 0000030633 00000 n 0000030784 00000 n 0000030938 00000 n 0000031092 00000 n 0000031241 00000 n 0000031391 00000 n 0000031548 00000 n 0000031705 00000 n 0000031860 00000 n 0000032015 00000 n 0000032182 00000 n 0000032349 00000 n 0000032501 00000 n 0000032653 00000 n 0000032806 00000 n 0000032959 00000 n 0000033121 00000 n 0000033283 00000 n 0000033464 00000 n 0000033645 00000 n 0000033823 00000 n 0000034002 00000 n 0000034173 00000 n 0000034344 00000 n 0000034495 00000 n 0000034647 00000 n 0000034799 00000 n 0000034951 00000 n 0000035115 00000 n 0000035279 00000 n 0000035429 00000 n 0000035579 00000 n 0000035738 00000 n 0000035897 00000 n 0000036052 00000 n 0000036207 00000 n 0000036367 00000 n 0000036527 00000 n 0000036687 00000 n 0000036847 00000 n 0000037016 00000 n 0000037185 00000 n 0000037353 00000 n 0000037521 00000 n 0000037679 00000 n 0000037838 00000 n 0000037998 00000 n 0000038158 00000 n 0000038310 00000 n 0000038462 00000 n 0000038621 00000 n 0000038780 00000 n 0000038936 00000 n 0000039092 00000 n 0000039250 00000 n 0000039408 00000 n 0000039559 00000 n 0000039710 00000 n 0000039869 00000 n 0000040028 00000 n 0000040189 00000 n 0000040350 00000 n 0000040502 00000 n 0000040655 00000 n 0000040810 00000 n 0000040965 00000 n 0000041128 00000 n 0000044542 00000 n 0000044718 00000 n 0000041414 00000 n 0000025994 00000 n 0000023865 00000 n 0000041291 00000 n 0000967912 00000 n 0000073868 00000 n 0000075967 00000 n 0000076280 00000 n 0000080234 00000 n 0000084094 00000 n 0000089496 00000 n 0000100174 00000 n 0000101883 00000 n 0000109631 00000 n 0000111022 00000 n 0000114482 00000 n 0000115239 00000 n 0000128446 00000 n 0000136218 00000 n 0000136344 00000 n 0000137803 00000 n 0000138373 00000 n 0000143496 00000 n 0000148328 00000 n 0000148708 00000 n 0000150903 00000 n 0000154867 00000 n 0000155244 00000 n 0000157908 00000 n 0000161420 00000 n 0000169627 00000 n 0000170008 00000 n 0000181115 00000 n 0000186470 00000 n 0000192289 00000 n 0000211615 00000 n 0000220586 00000 n 0000224016 00000 n 0000224267 00000 n 0000227612 00000 n 0000236606 00000 n 0000240421 00000 n 0000241626 00000 n 0000256342 00000 n 0000257669 00000 n 0000262704 00000 n 0000264484 00000 n 0000268297 00000 n 0000326587 00000 n 0000327410 00000 n 0000044894 00000 n 0000045052 00000 n 0000045210 00000 n 0000045363 00000 n 0000045516 00000 n 0000045670 00000 n 0000045824 00000 n 0000045976 00000 n 0000046128 00000 n 0000046284 00000 n 0000046440 00000 n 0000046595 00000 n 0000046750 00000 n 0000046908 00000 n 0000047066 00000 n 0000047221 00000 n 0000047376 00000 n 0000047528 00000 n 0000047680 00000 n 0000047831 00000 n 0000047982 00000 n 0000048135 00000 n 0000048288 00000 n 0000048452 00000 n 0000048616 00000 n 0000048779 00000 n 0000048943 00000 n 0000049097 00000 n 0000049251 00000 n 0000049401 00000 n 0000049551 00000 n 0000049703 00000 n 0000049855 00000 n 0000050008 00000 n 0000050162 00000 n 0000050315 00000 n 0000050468 00000 n 0000050643 00000 n 0000050819 00000 n 0000051000 00000 n 0000051181 00000 n 0000051341 00000 n 0000051500 00000 n 0000051649 00000 n 0000051797 00000 n 0000051967 00000 n 0000052136 00000 n 0000052288 00000 n 0000052439 00000 n 0000052592 00000 n 0000052744 00000 n 0000052903 00000 n 0000053061 00000 n 0000053209 00000 n 0000053356 00000 n 0000053518 00000 n 0000053679 00000 n 0000053850 00000 n 0000054020 00000 n 0000054172 00000 n 0000054323 00000 n 0000054474 00000 n 0000054624 00000 n 0000054792 00000 n 0000054959 00000 n 0000055130 00000 n 0000055300 00000 n 0000055456 00000 n 0000055611 00000 n 0000055769 00000 n 0000055926 00000 n 0000056083 00000 n 0000056239 00000 n 0000056406 00000 n 0000056572 00000 n 0000056740 00000 n 0000056907 00000 n 0000057061 00000 n 0000057214 00000 n 0000057369 00000 n 0000057523 00000 n 0000057684 00000 n 0000060479 00000 n 0000060640 00000 n 0000060800 00000 n 0000060960 00000 n 0000061119 00000 n 0000061271 00000 n 0000061422 00000 n 0000061584 00000 n 0000061745 00000 n 0000061906 00000 n 0000057906 00000 n 0000043651 00000 n 0000041527 00000 n 0000057844 00000 n 0000333869 00000 n 0000335199 00000 n 0000338261 00000 n 0000346353 00000 n 0000360178 00000 n 0000366983 00000 n 0000369115 00000 n 0000371151 00000 n 0000377001 00000 n 0000384029 00000 n 0000415053 00000 n 0000421818 00000 n 0000422516 00000 n 0000428093 00000 n 0000432328 00000 n 0000438920 00000 n 0000439936 00000 n 0000443791 00000 n 0000448973 00000 n 0000454974 00000 n 0000457355 00000 n 0000466786 00000 n 0000467673 00000 n 0000469657 00000 n 0000475664 00000 n 0000484125 00000 n 0000485265 00000 n 0000489791 00000 n 0000493087 00000 n 0000493403 00000 n 0000499911 00000 n 0000500163 00000 n 0000500416 00000 n 0000501302 00000 n 0000514927 00000 n 0000526488 00000 n 0000530400 00000 n 0000530717 00000 n 0000546201 00000 n 0000550988 00000 n 0000551114 00000 n 0000598216 00000 n 0000062066 00000 n 0000062216 00000 n 0000062365 00000 n 0000062530 00000 n 0000062694 00000 n 0000062867 00000 n 0000063039 00000 n 0000063202 00000 n 0000063364 00000 n 0000063528 00000 n 0000063691 00000 n 0000063863 00000 n 0000064034 00000 n 0000064185 00000 n 0000064335 00000 n 0000064492 00000 n 0000064649 00000 n 0000064815 00000 n 0000064980 00000 n 0000065146 00000 n 0000065311 00000 n 0000065474 00000 n 0000065636 00000 n 0000065804 00000 n 0000065971 00000 n 0000066127 00000 n 0000066282 00000 n 0000066442 00000 n 0000066601 00000 n 0000066764 00000 n 0000066926 00000 n 0000067090 00000 n 0000067253 00000 n 0000067427 00000 n 0000067600 00000 n 0000067781 00000 n 0000067961 00000 n 0000068129 00000 n 0000068296 00000 n 0000068457 00000 n 0000068617 00000 n 0000068781 00000 n 0000068944 00000 n 0000069107 00000 n 0000069269 00000 n 0000069429 00000 n 0000069588 00000 n 0000069746 00000 n 0000069903 00000 n 0000070057 00000 n 0000070210 00000 n 0000070369 00000 n 0000070527 00000 n 0000070681 00000 n 0000070834 00000 n 0000070998 00000 n 0000071161 00000 n 0000071322 00000 n 0000071482 00000 n 0000071640 00000 n 0000071797 00000 n 0000071956 00000 n 0000072114 00000 n 0000072272 00000 n 0000072429 00000 n 0000072591 00000 n 0000072815 00000 n 0000059660 00000 n 0000058006 00000 n 0000072753 00000 n 0000610827 00000 n 0000610953 00000 n 0000615506 00000 n 0000619591 00000 n 0000619969 00000 n 0000622599 00000 n 0000626219 00000 n 0000626344 00000 n 0000638989 00000 n 0000640253 00000 n 0000643621 00000 n 0000647986 00000 n 0000654922 00000 n 0000655048 00000 n 0000664823 00000 n 0000667047 00000 n 0000671694 00000 n 0000671819 00000 n 0000684389 00000 n 0000685849 00000 n 0000690351 00000 n 0000693749 00000 n 0000696286 00000 n 0000698749 00000 n 0000702133 00000 n 0000704784 00000 n 0000705731 00000 n 0000709036 00000 n 0000712783 00000 n 0000717589 00000 n 0000721064 00000 n 0000752687 00000 n 0000755275 00000 n 0000759931 00000 n 0000760503 00000 n 0000763713 00000 n 0000769278 00000 n 0000771277 00000 n 0000074560 00000 n 0000073745 00000 n 0000072915 00000 n 0000073992 00000 n 0000074055 00000 n 0000074118 00000 n 0000074182 00000 n 0000074245 00000 n 0000074307 00000 n 0000074369 00000 n 0000074432 00000 n 0000074496 00000 n 0000075649 00000 n 0000075817 00000 n 0000078118 00000 n 0000075495 00000 n 0000074659 00000 n 0000076092 00000 n 0000076155 00000 n 0000967560 00000 n 0000076217 00000 n 0000076405 00000 n 0000076468 00000 n 0000076531 00000 n 0000967033 00000 n 0000076595 00000 n 0000966679 00000 n 0000076659 00000 n 0000076722 00000 n 0000076785 00000 n 0000076849 00000 n 0000076913 00000 n 0000076977 00000 n 0000077041 00000 n 0000077105 00000 n 0000077169 00000 n 0000077233 00000 n 0000077297 00000 n 0000077360 00000 n 0000077423 00000 n 0000077487 00000 n 0000077551 00000 n 0000077614 00000 n 0000077676 00000 n 0000077739 00000 n 0000077802 00000 n 0000077865 00000 n 0000077928 00000 n 0000077992 00000 n 0000078056 00000 n 0000968567 00000 n 0000081816 00000 n 0000079414 00000 n 0000078259 00000 n 0000079538 00000 n 0000079600 00000 n 0000079662 00000 n 0000079726 00000 n 0000079789 00000 n 0000079852 00000 n 0000079916 00000 n 0000079980 00000 n 0000080043 00000 n 0000080106 00000 n 0000080170 00000 n 0000080357 00000 n 0000080420 00000 n 0000080483 00000 n 0000080546 00000 n 0000080609 00000 n 0000080673 00000 n 0000080737 00000 n 0000080801 00000 n 0000080865 00000 n 0000080928 00000 n 0000080990 00000 n 0000081054 00000 n 0000081118 00000 n 0000081182 00000 n 0000081246 00000 n 0000081308 00000 n 0000081372 00000 n 0000081435 00000 n 0000081498 00000 n 0000081562 00000 n 0000081626 00000 n 0000081689 00000 n 0000081752 00000 n 0000085552 00000 n 0000083592 00000 n 0000081943 00000 n 0000083716 00000 n 0000083778 00000 n 0000083841 00000 n 0000083905 00000 n 0000083968 00000 n 0000084030 00000 n 0000084219 00000 n 0000084282 00000 n 0000084346 00000 n 0000084409 00000 n 0000084472 00000 n 0000084536 00000 n 0000084600 00000 n 0000084663 00000 n 0000084727 00000 n 0000084790 00000 n 0000084854 00000 n 0000084917 00000 n 0000084981 00000 n 0000085044 00000 n 0000085107 00000 n 0000085171 00000 n 0000085234 00000 n 0000085298 00000 n 0000085361 00000 n 0000085425 00000 n 0000085489 00000 n 0000087802 00000 n 0000087953 00000 n 0000088107 00000 n 0000088272 00000 n 0000091263 00000 n 0000087630 00000 n 0000085679 00000 n 0000088422 00000 n 0000088484 00000 n 0000088546 00000 n 0000088609 00000 n 0000088672 00000 n 0000088736 00000 n 0000088798 00000 n 0000088862 00000 n 0000088925 00000 n 0000088988 00000 n 0000089051 00000 n 0000089115 00000 n 0000089178 00000 n 0000089242 00000 n 0000089306 00000 n 0000089369 00000 n 0000089432 00000 n 0000089621 00000 n 0000089684 00000 n 0000089745 00000 n 0000089809 00000 n 0000089873 00000 n 0000089937 00000 n 0000090000 00000 n 0000090062 00000 n 0000090126 00000 n 0000967734 00000 n 0000090190 00000 n 0000090253 00000 n 0000090313 00000 n 0000090373 00000 n 0000090437 00000 n 0000090500 00000 n 0000090564 00000 n 0000090628 00000 n 0000090691 00000 n 0000090755 00000 n 0000090818 00000 n 0000090881 00000 n 0000090945 00000 n 0000091008 00000 n 0000091071 00000 n 0000091135 00000 n 0000091199 00000 n 0000115676 00000 n 0000093130 00000 n 0000093283 00000 n 0000093438 00000 n 0000093590 00000 n 0000093746 00000 n 0000093901 00000 n 0000094057 00000 n 0000094217 00000 n 0000094374 00000 n 0000094532 00000 n 0000094689 00000 n 0000099706 00000 n 0000098068 00000 n 0000092895 00000 n 0000091432 00000 n 0000094838 00000 n 0000094900 00000 n 0000094963 00000 n 0000095026 00000 n 0000095090 00000 n 0000095153 00000 n 0000095217 00000 n 0000095280 00000 n 0000095343 00000 n 0000095407 00000 n 0000095532 00000 n 0000095595 00000 n 0000095658 00000 n 0000095720 00000 n 0000095784 00000 n 0000095848 00000 n 0000095911 00000 n 0000095975 00000 n 0000096039 00000 n 0000966854 00000 n 0000096103 00000 n 0000096166 00000 n 0000096230 00000 n 0000096294 00000 n 0000096357 00000 n 0000096421 00000 n 0000096485 00000 n 0000096548 00000 n 0000096612 00000 n 0000096676 00000 n 0000096739 00000 n 0000096803 00000 n 0000096867 00000 n 0000096931 00000 n 0000096994 00000 n 0000097058 00000 n 0000097122 00000 n 0000097184 00000 n 0000097247 00000 n 0000097309 00000 n 0000097373 00000 n 0000097437 00000 n 0000097498 00000 n 0000097562 00000 n 0000097625 00000 n 0000097688 00000 n 0000097750 00000 n 0000097813 00000 n 0000097876 00000 n 0000097940 00000 n 0000098004 00000 n 0000099888 00000 n 0000102324 00000 n 0000099552 00000 n 0000098223 00000 n 0000100048 00000 n 0000100110 00000 n 0000100298 00000 n 0000100361 00000 n 0000100425 00000 n 0000100488 00000 n 0000100551 00000 n 0000100615 00000 n 0000100678 00000 n 0000100741 00000 n 0000100805 00000 n 0000100869 00000 n 0000100932 00000 n 0000100996 00000 n 0000101060 00000 n 0000101123 00000 n 0000101186 00000 n 0000101250 00000 n 0000101313 00000 n 0000101376 00000 n 0000101439 00000 n 0000101502 00000 n 0000101566 00000 n 0000101629 00000 n 0000101693 00000 n 0000101756 00000 n 0000101819 00000 n 0000102008 00000 n 0000102071 00000 n 0000102134 00000 n 0000102197 00000 n 0000102261 00000 n 0000107148 00000 n 0000103985 00000 n 0000102465 00000 n 0000104109 00000 n 0000104171 00000 n 0000104234 00000 n 0000104298 00000 n 0000104362 00000 n 0000104425 00000 n 0000104489 00000 n 0000104552 00000 n 0000104616 00000 n 0000104680 00000 n 0000104743 00000 n 0000104806 00000 n 0000104870 00000 n 0000104995 00000 n 0000105058 00000 n 0000105121 00000 n 0000105185 00000 n 0000105248 00000 n 0000105311 00000 n 0000105374 00000 n 0000105438 00000 n 0000105501 00000 n 0000105565 00000 n 0000105628 00000 n 0000105691 00000 n 0000105755 00000 n 0000105818 00000 n 0000105881 00000 n 0000105944 00000 n 0000106008 00000 n 0000106071 00000 n 0000106134 00000 n 0000106197 00000 n 0000106261 00000 n 0000106324 00000 n 0000106388 00000 n 0000106451 00000 n 0000106514 00000 n 0000106578 00000 n 0000106641 00000 n 0000106704 00000 n 0000106767 00000 n 0000106831 00000 n 0000106894 00000 n 0000106957 00000 n 0000107021 00000 n 0000107084 00000 n 0000968692 00000 n 0000109249 00000 n 0000109401 00000 n 0000112098 00000 n 0000109095 00000 n 0000107303 00000 n 0000109569 00000 n 0000109756 00000 n 0000109819 00000 n 0000109882 00000 n 0000109946 00000 n 0000110010 00000 n 0000110073 00000 n 0000110137 00000 n 0000110200 00000 n 0000110262 00000 n 0000110326 00000 n 0000110389 00000 n 0000110452 00000 n 0000110514 00000 n 0000110578 00000 n 0000110642 00000 n 0000110705 00000 n 0000110768 00000 n 0000110832 00000 n 0000110895 00000 n 0000110958 00000 n 0000111147 00000 n 0000111210 00000 n 0000111273 00000 n 0000111336 00000 n 0000111399 00000 n 0000111462 00000 n 0000111525 00000 n 0000111589 00000 n 0000111652 00000 n 0000111716 00000 n 0000111780 00000 n 0000111844 00000 n 0000111907 00000 n 0000111970 00000 n 0000112034 00000 n 0000114133 00000 n 0000116876 00000 n 0000113988 00000 n 0000112267 00000 n 0000114292 00000 n 0000114354 00000 n 0000114418 00000 n 0000114607 00000 n 0000114670 00000 n 0000114734 00000 n 0000114796 00000 n 0000114858 00000 n 0000114922 00000 n 0000114985 00000 n 0000115049 00000 n 0000115112 00000 n 0000115175 00000 n 0000115362 00000 n 0000115425 00000 n 0000115488 00000 n 0000115550 00000 n 0000115612 00000 n 0000115801 00000 n 0000115864 00000 n 0000115927 00000 n 0000115991 00000 n 0000116055 00000 n 0000116119 00000 n 0000116182 00000 n 0000116244 00000 n 0000116306 00000 n 0000116369 00000 n 0000116432 00000 n 0000116496 00000 n 0000116560 00000 n 0000116623 00000 n 0000116686 00000 n 0000116750 00000 n 0000116814 00000 n 0000122601 00000 n 0000119240 00000 n 0000117031 00000 n 0000119364 00000 n 0000119426 00000 n 0000119489 00000 n 0000119553 00000 n 0000119617 00000 n 0000119680 00000 n 0000119744 00000 n 0000119869 00000 n 0000119932 00000 n 0000119995 00000 n 0000120059 00000 n 0000120122 00000 n 0000120185 00000 n 0000120249 00000 n 0000120313 00000 n 0000120377 00000 n 0000120441 00000 n 0000120505 00000 n 0000120568 00000 n 0000120630 00000 n 0000120694 00000 n 0000120758 00000 n 0000120822 00000 n 0000120885 00000 n 0000120949 00000 n 0000121013 00000 n 0000121076 00000 n 0000121139 00000 n 0000121202 00000 n 0000121265 00000 n 0000967208 00000 n 0000121329 00000 n 0000121393 00000 n 0000121456 00000 n 0000121519 00000 n 0000121583 00000 n 0000121646 00000 n 0000121710 00000 n 0000121774 00000 n 0000121837 00000 n 0000121901 00000 n 0000121965 00000 n 0000122028 00000 n 0000122092 00000 n 0000122156 00000 n 0000122219 00000 n 0000122283 00000 n 0000122347 00000 n 0000122410 00000 n 0000122474 00000 n 0000122538 00000 n 0000126291 00000 n 0000124601 00000 n 0000122784 00000 n 0000124725 00000 n 0000124787 00000 n 0000124851 00000 n 0000124915 00000 n 0000125040 00000 n 0000125165 00000 n 0000125228 00000 n 0000125290 00000 n 0000125352 00000 n 0000125476 00000 n 0000125539 00000 n 0000125602 00000 n 0000125665 00000 n 0000125728 00000 n 0000125791 00000 n 0000125915 00000 n 0000126040 00000 n 0000126102 00000 n 0000126165 00000 n 0000126228 00000 n 0000129391 00000 n 0000128009 00000 n 0000126418 00000 n 0000128133 00000 n 0000128257 00000 n 0000128320 00000 n 0000128383 00000 n 0000128571 00000 n 0000128634 00000 n 0000128697 00000 n 0000128761 00000 n 0000128824 00000 n 0000128887 00000 n 0000966534 00000 n 0000128950 00000 n 0000129013 00000 n 0000129075 00000 n 0000129138 00000 n 0000129201 00000 n 0000966389 00000 n 0000129265 00000 n 0000129328 00000 n 0000134245 00000 n 0000131276 00000 n 0000129560 00000 n 0000131400 00000 n 0000131462 00000 n 0000131525 00000 n 0000131588 00000 n 0000131651 00000 n 0000131714 00000 n 0000131777 00000 n 0000131840 00000 n 0000131904 00000 n 0000131968 00000 n 0000132031 00000 n 0000132095 00000 n 0000132159 00000 n 0000132222 00000 n 0000132286 00000 n 0000132350 00000 n 0000132413 00000 n 0000132477 00000 n 0000132541 00000 n 0000132604 00000 n 0000132668 00000 n 0000132732 00000 n 0000132794 00000 n 0000132858 00000 n 0000132922 00000 n 0000132985 00000 n 0000133047 00000 n 0000133110 00000 n 0000133173 00000 n 0000133235 00000 n 0000133297 00000 n 0000133360 00000 n 0000133424 00000 n 0000133487 00000 n 0000133551 00000 n 0000133614 00000 n 0000133676 00000 n 0000133738 00000 n 0000133801 00000 n 0000133864 00000 n 0000133927 00000 n 0000133990 00000 n 0000134054 00000 n 0000134118 00000 n 0000134181 00000 n 0000968817 00000 n 0000138562 00000 n 0000136032 00000 n 0000134386 00000 n 0000136156 00000 n 0000136470 00000 n 0000136533 00000 n 0000136596 00000 n 0000136658 00000 n 0000136721 00000 n 0000136785 00000 n 0000136849 00000 n 0000136912 00000 n 0000136976 00000 n 0000137040 00000 n 0000137103 00000 n 0000137167 00000 n 0000137231 00000 n 0000137295 00000 n 0000137359 00000 n 0000137423 00000 n 0000137486 00000 n 0000137549 00000 n 0000137612 00000 n 0000137676 00000 n 0000137739 00000 n 0000137928 00000 n 0000137991 00000 n 0000138054 00000 n 0000138118 00000 n 0000138182 00000 n 0000138245 00000 n 0000138309 00000 n 0000138499 00000 n 0000143748 00000 n 0000140463 00000 n 0000138675 00000 n 0000140587 00000 n 0000140649 00000 n 0000140712 00000 n 0000140775 00000 n 0000140838 00000 n 0000140902 00000 n 0000140965 00000 n 0000141029 00000 n 0000141092 00000 n 0000141156 00000 n 0000141219 00000 n 0000141283 00000 n 0000141347 00000 n 0000141411 00000 n 0000141472 00000 n 0000141533 00000 n 0000141596 00000 n 0000141660 00000 n 0000141724 00000 n 0000141788 00000 n 0000141851 00000 n 0000141914 00000 n 0000141977 00000 n 0000142040 00000 n 0000142103 00000 n 0000142167 00000 n 0000142231 00000 n 0000142294 00000 n 0000142358 00000 n 0000142422 00000 n 0000142485 00000 n 0000142548 00000 n 0000142611 00000 n 0000142674 00000 n 0000142738 00000 n 0000142802 00000 n 0000142865 00000 n 0000142928 00000 n 0000142992 00000 n 0000143052 00000 n 0000143115 00000 n 0000143179 00000 n 0000143243 00000 n 0000143307 00000 n 0000143370 00000 n 0000143433 00000 n 0000143622 00000 n 0000143685 00000 n 0000146018 00000 n 0000149213 00000 n 0000145873 00000 n 0000143847 00000 n 0000146170 00000 n 0000146232 00000 n 0000146295 00000 n 0000146359 00000 n 0000146423 00000 n 0000146485 00000 n 0000146548 00000 n 0000146611 00000 n 0000146674 00000 n 0000146738 00000 n 0000146802 00000 n 0000146864 00000 n 0000146928 00000 n 0000146992 00000 n 0000147056 00000 n 0000147120 00000 n 0000147183 00000 n 0000147247 00000 n 0000147311 00000 n 0000147374 00000 n 0000147438 00000 n 0000147502 00000 n 0000147566 00000 n 0000147629 00000 n 0000147692 00000 n 0000147755 00000 n 0000147818 00000 n 0000147882 00000 n 0000147946 00000 n 0000148009 00000 n 0000148073 00000 n 0000148137 00000 n 0000148200 00000 n 0000148264 00000 n 0000148454 00000 n 0000148517 00000 n 0000148580 00000 n 0000148644 00000 n 0000148834 00000 n 0000148896 00000 n 0000148958 00000 n 0000149022 00000 n 0000149086 00000 n 0000149150 00000 n 0000215452 00000 n 0000150564 00000 n 0000151284 00000 n 0000150419 00000 n 0000149340 00000 n 0000150715 00000 n 0000150777 00000 n 0000150840 00000 n 0000151029 00000 n 0000151092 00000 n 0000151156 00000 n 0000151220 00000 n 0000291210 00000 n 0000153351 00000 n 0000153503 00000 n 0000157425 00000 n 0000155560 00000 n 0000153197 00000 n 0000151411 00000 n 0000153660 00000 n 0000153722 00000 n 0000153786 00000 n 0000153850 00000 n 0000153914 00000 n 0000153977 00000 n 0000154041 00000 n 0000154105 00000 n 0000154168 00000 n 0000154231 00000 n 0000154295 00000 n 0000154358 00000 n 0000154422 00000 n 0000154485 00000 n 0000154549 00000 n 0000154612 00000 n 0000154676 00000 n 0000154740 00000 n 0000154803 00000 n 0000154992 00000 n 0000155054 00000 n 0000155117 00000 n 0000155180 00000 n 0000155369 00000 n 0000155432 00000 n 0000155496 00000 n 0000268486 00000 n 0000159233 00000 n 0000157280 00000 n 0000155687 00000 n 0000157593 00000 n 0000157655 00000 n 0000157717 00000 n 0000157780 00000 n 0000157844 00000 n 0000158033 00000 n 0000158096 00000 n 0000158160 00000 n 0000158223 00000 n 0000158287 00000 n 0000158350 00000 n 0000158414 00000 n 0000158476 00000 n 0000158539 00000 n 0000158602 00000 n 0000158665 00000 n 0000158728 00000 n 0000158791 00000 n 0000158854 00000 n 0000158917 00000 n 0000158980 00000 n 0000159044 00000 n 0000159107 00000 n 0000159170 00000 n 0000968942 00000 n 0000163827 00000 n 0000161045 00000 n 0000159360 00000 n 0000161169 00000 n 0000161231 00000 n 0000161293 00000 n 0000161356 00000 n 0000161545 00000 n 0000161608 00000 n 0000161672 00000 n 0000161735 00000 n 0000161799 00000 n 0000161863 00000 n 0000161926 00000 n 0000161989 00000 n 0000162052 00000 n 0000162115 00000 n 0000162178 00000 n 0000162242 00000 n 0000162305 00000 n 0000162369 00000 n 0000162432 00000 n 0000162496 00000 n 0000162559 00000 n 0000162622 00000 n 0000162685 00000 n 0000162748 00000 n 0000162811 00000 n 0000162875 00000 n 0000162939 00000 n 0000163002 00000 n 0000163066 00000 n 0000163130 00000 n 0000163193 00000 n 0000163257 00000 n 0000163320 00000 n 0000163384 00000 n 0000163447 00000 n 0000163511 00000 n 0000163575 00000 n 0000163638 00000 n 0000163701 00000 n 0000163764 00000 n 0000167195 00000 n 0000165225 00000 n 0000163954 00000 n 0000165349 00000 n 0000165411 00000 n 0000165475 00000 n 0000165538 00000 n 0000165602 00000 n 0000165666 00000 n 0000165730 00000 n 0000165794 00000 n 0000165858 00000 n 0000165921 00000 n 0000165985 00000 n 0000166048 00000 n 0000166112 00000 n 0000166176 00000 n 0000166302 00000 n 0000166365 00000 n 0000166429 00000 n 0000166493 00000 n 0000166556 00000 n 0000166620 00000 n 0000166684 00000 n 0000166748 00000 n 0000166811 00000 n 0000166875 00000 n 0000166939 00000 n 0000167003 00000 n 0000167067 00000 n 0000167131 00000 n 0000169411 00000 n 0000171333 00000 n 0000169266 00000 n 0000167336 00000 n 0000169565 00000 n 0000169753 00000 n 0000169816 00000 n 0000169880 00000 n 0000169944 00000 n 0000170133 00000 n 0000170196 00000 n 0000170259 00000 n 0000170323 00000 n 0000170387 00000 n 0000170451 00000 n 0000170515 00000 n 0000170641 00000 n 0000170704 00000 n 0000170768 00000 n 0000170831 00000 n 0000170894 00000 n 0000170956 00000 n 0000171019 00000 n 0000171083 00000 n 0000171146 00000 n 0000171209 00000 n 0000171272 00000 n 0000172839 00000 n 0000172996 00000 n 0000174732 00000 n 0000172685 00000 n 0000171446 00000 n 0000173151 00000 n 0000173213 00000 n 0000173277 00000 n 0000173341 00000 n 0000173405 00000 n 0000173468 00000 n 0000173532 00000 n 0000173595 00000 n 0000173659 00000 n 0000173722 00000 n 0000173786 00000 n 0000173849 00000 n 0000173913 00000 n 0000173976 00000 n 0000174039 00000 n 0000174102 00000 n 0000174165 00000 n 0000174228 00000 n 0000174292 00000 n 0000174355 00000 n 0000174418 00000 n 0000174544 00000 n 0000174606 00000 n 0000174668 00000 n 0000178606 00000 n 0000176906 00000 n 0000174845 00000 n 0000177030 00000 n 0000177092 00000 n 0000177154 00000 n 0000177217 00000 n 0000177280 00000 n 0000177343 00000 n 0000177406 00000 n 0000177469 00000 n 0000177532 00000 n 0000177595 00000 n 0000177658 00000 n 0000177721 00000 n 0000177846 00000 n 0000177909 00000 n 0000177973 00000 n 0000178036 00000 n 0000178099 00000 n 0000178162 00000 n 0000178226 00000 n 0000178289 00000 n 0000178352 00000 n 0000178416 00000 n 0000178479 00000 n 0000178542 00000 n 0000183267 00000 n 0000180107 00000 n 0000178733 00000 n 0000180231 00000 n 0000180293 00000 n 0000180356 00000 n 0000180419 00000 n 0000180483 00000 n 0000180546 00000 n 0000180610 00000 n 0000180673 00000 n 0000180736 00000 n 0000180800 00000 n 0000180863 00000 n 0000180926 00000 n 0000180989 00000 n 0000181052 00000 n 0000181241 00000 n 0000181302 00000 n 0000181363 00000 n 0000181426 00000 n 0000181489 00000 n 0000181552 00000 n 0000181616 00000 n 0000181680 00000 n 0000181744 00000 n 0000181807 00000 n 0000181871 00000 n 0000181935 00000 n 0000181997 00000 n 0000182061 00000 n 0000182125 00000 n 0000182189 00000 n 0000182253 00000 n 0000182316 00000 n 0000182380 00000 n 0000182444 00000 n 0000182507 00000 n 0000182571 00000 n 0000182635 00000 n 0000182698 00000 n 0000182760 00000 n 0000182824 00000 n 0000182888 00000 n 0000182952 00000 n 0000183015 00000 n 0000183078 00000 n 0000183141 00000 n 0000183204 00000 n 0000969067 00000 n 0000185504 00000 n 0000185661 00000 n 0000185814 00000 n 0000188116 00000 n 0000185341 00000 n 0000183394 00000 n 0000185965 00000 n 0000186027 00000 n 0000186089 00000 n 0000186153 00000 n 0000186217 00000 n 0000186281 00000 n 0000186344 00000 n 0000186407 00000 n 0000186596 00000 n 0000186658 00000 n 0000186722 00000 n 0000186786 00000 n 0000186849 00000 n 0000186912 00000 n 0000186976 00000 n 0000187040 00000 n 0000187103 00000 n 0000187166 00000 n 0000187229 00000 n 0000187292 00000 n 0000187355 00000 n 0000187418 00000 n 0000187482 00000 n 0000187545 00000 n 0000187608 00000 n 0000187671 00000 n 0000187735 00000 n 0000187798 00000 n 0000187862 00000 n 0000187925 00000 n 0000187988 00000 n 0000188052 00000 n 0000190888 00000 n 0000189748 00000 n 0000188243 00000 n 0000189872 00000 n 0000189934 00000 n 0000189998 00000 n 0000190062 00000 n 0000190126 00000 n 0000190190 00000 n 0000190253 00000 n 0000190317 00000 n 0000190381 00000 n 0000190444 00000 n 0000190507 00000 n 0000190571 00000 n 0000190635 00000 n 0000190699 00000 n 0000190762 00000 n 0000190825 00000 n 0000194120 00000 n 0000192103 00000 n 0000191016 00000 n 0000192227 00000 n 0000192414 00000 n 0000192477 00000 n 0000192540 00000 n 0000192603 00000 n 0000192667 00000 n 0000192730 00000 n 0000192792 00000 n 0000192854 00000 n 0000192918 00000 n 0000192982 00000 n 0000193045 00000 n 0000193108 00000 n 0000193171 00000 n 0000193235 00000 n 0000193298 00000 n 0000193360 00000 n 0000193424 00000 n 0000193488 00000 n 0000193551 00000 n 0000193614 00000 n 0000193675 00000 n 0000193738 00000 n 0000193801 00000 n 0000193864 00000 n 0000193928 00000 n 0000193992 00000 n 0000194056 00000 n 0000198069 00000 n 0000195802 00000 n 0000194275 00000 n 0000195926 00000 n 0000195988 00000 n 0000196051 00000 n 0000196114 00000 n 0000196178 00000 n 0000196242 00000 n 0000196305 00000 n 0000196367 00000 n 0000196431 00000 n 0000196495 00000 n 0000196558 00000 n 0000196621 00000 n 0000196685 00000 n 0000196748 00000 n 0000196809 00000 n 0000196872 00000 n 0000196935 00000 n 0000196998 00000 n 0000197061 00000 n 0000197124 00000 n 0000197187 00000 n 0000197249 00000 n 0000197311 00000 n 0000197373 00000 n 0000197437 00000 n 0000197500 00000 n 0000197563 00000 n 0000197626 00000 n 0000197689 00000 n 0000197752 00000 n 0000197815 00000 n 0000197878 00000 n 0000197941 00000 n 0000198005 00000 n 0000202013 00000 n 0000199545 00000 n 0000198224 00000 n 0000199669 00000 n 0000199731 00000 n 0000199794 00000 n 0000199857 00000 n 0000199921 00000 n 0000199985 00000 n 0000200049 00000 n 0000200112 00000 n 0000200175 00000 n 0000200238 00000 n 0000200302 00000 n 0000200365 00000 n 0000200427 00000 n 0000200490 00000 n 0000200554 00000 n 0000200618 00000 n 0000200681 00000 n 0000200745 00000 n 0000200809 00000 n 0000200872 00000 n 0000200935 00000 n 0000200999 00000 n 0000201063 00000 n 0000201127 00000 n 0000201190 00000 n 0000201253 00000 n 0000201316 00000 n 0000201379 00000 n 0000201442 00000 n 0000201505 00000 n 0000201568 00000 n 0000201632 00000 n 0000201695 00000 n 0000201758 00000 n 0000201822 00000 n 0000201886 00000 n 0000201950 00000 n 0000205480 00000 n 0000203457 00000 n 0000202154 00000 n 0000203581 00000 n 0000203643 00000 n 0000203706 00000 n 0000203769 00000 n 0000203833 00000 n 0000203897 00000 n 0000203961 00000 n 0000204024 00000 n 0000204087 00000 n 0000204150 00000 n 0000204214 00000 n 0000204278 00000 n 0000204341 00000 n 0000204403 00000 n 0000204467 00000 n 0000204530 00000 n 0000204593 00000 n 0000204657 00000 n 0000204721 00000 n 0000204785 00000 n 0000204848 00000 n 0000204912 00000 n 0000204975 00000 n 0000205038 00000 n 0000205102 00000 n 0000205166 00000 n 0000205230 00000 n 0000205293 00000 n 0000205355 00000 n 0000205417 00000 n 0000969192 00000 n 0000207293 00000 n 0000207453 00000 n 0000208424 00000 n 0000207139 00000 n 0000205608 00000 n 0000207605 00000 n 0000207667 00000 n 0000207729 00000 n 0000207855 00000 n 0000207918 00000 n 0000207982 00000 n 0000208045 00000 n 0000208108 00000 n 0000208170 00000 n 0000208234 00000 n 0000208297 00000 n 0000208361 00000 n 0000210237 00000 n 0000210389 00000 n 0000212438 00000 n 0000210083 00000 n 0000208537 00000 n 0000210540 00000 n 0000210602 00000 n 0000210664 00000 n 0000210727 00000 n 0000210791 00000 n 0000210855 00000 n 0000210918 00000 n 0000210981 00000 n 0000211044 00000 n 0000211107 00000 n 0000211170 00000 n 0000211233 00000 n 0000211297 00000 n 0000211360 00000 n 0000211424 00000 n 0000211487 00000 n 0000211551 00000 n 0000211741 00000 n 0000211804 00000 n 0000211867 00000 n 0000211930 00000 n 0000211993 00000 n 0000212057 00000 n 0000212121 00000 n 0000212185 00000 n 0000212248 00000 n 0000212312 00000 n 0000212375 00000 n 0000214699 00000 n 0000214856 00000 n 0000217039 00000 n 0000214545 00000 n 0000212607 00000 n 0000215010 00000 n 0000215072 00000 n 0000215134 00000 n 0000215197 00000 n 0000215260 00000 n 0000215324 00000 n 0000215388 00000 n 0000215578 00000 n 0000215641 00000 n 0000215705 00000 n 0000215769 00000 n 0000215833 00000 n 0000215897 00000 n 0000215960 00000 n 0000216023 00000 n 0000216087 00000 n 0000216151 00000 n 0000216214 00000 n 0000216278 00000 n 0000216342 00000 n 0000216405 00000 n 0000216469 00000 n 0000216533 00000 n 0000216596 00000 n 0000216659 00000 n 0000216723 00000 n 0000216787 00000 n 0000216850 00000 n 0000216912 00000 n 0000216976 00000 n 0000219207 00000 n 0000219358 00000 n 0000221344 00000 n 0000219053 00000 n 0000217194 00000 n 0000219508 00000 n 0000219570 00000 n 0000219633 00000 n 0000219696 00000 n 0000219759 00000 n 0000219823 00000 n 0000219886 00000 n 0000219949 00000 n 0000220013 00000 n 0000220076 00000 n 0000220140 00000 n 0000220203 00000 n 0000220267 00000 n 0000220331 00000 n 0000220395 00000 n 0000220458 00000 n 0000220522 00000 n 0000220712 00000 n 0000220775 00000 n 0000220838 00000 n 0000220901 00000 n 0000220964 00000 n 0000221028 00000 n 0000221092 00000 n 0000221156 00000 n 0000221219 00000 n 0000221281 00000 n 0000223041 00000 n 0000224774 00000 n 0000222896 00000 n 0000221513 00000 n 0000223193 00000 n 0000223255 00000 n 0000223318 00000 n 0000223381 00000 n 0000223445 00000 n 0000223509 00000 n 0000223573 00000 n 0000223636 00000 n 0000223762 00000 n 0000223825 00000 n 0000223889 00000 n 0000223953 00000 n 0000224141 00000 n 0000224204 00000 n 0000224393 00000 n 0000224456 00000 n 0000224519 00000 n 0000224582 00000 n 0000224646 00000 n 0000224710 00000 n 0000229323 00000 n 0000226600 00000 n 0000224915 00000 n 0000226724 00000 n 0000226786 00000 n 0000226848 00000 n 0000226911 00000 n 0000226975 00000 n 0000227039 00000 n 0000227103 00000 n 0000227167 00000 n 0000227230 00000 n 0000227292 00000 n 0000227356 00000 n 0000227420 00000 n 0000227484 00000 n 0000227548 00000 n 0000227738 00000 n 0000227801 00000 n 0000227864 00000 n 0000227928 00000 n 0000227991 00000 n 0000228054 00000 n 0000228117 00000 n 0000228180 00000 n 0000228243 00000 n 0000228306 00000 n 0000228370 00000 n 0000228434 00000 n 0000228498 00000 n 0000228561 00000 n 0000228624 00000 n 0000228687 00000 n 0000228751 00000 n 0000228815 00000 n 0000228879 00000 n 0000228942 00000 n 0000229005 00000 n 0000229068 00000 n 0000229132 00000 n 0000229196 00000 n 0000229260 00000 n 0000969317 00000 n 0000234082 00000 n 0000231039 00000 n 0000229478 00000 n 0000231163 00000 n 0000231225 00000 n 0000231288 00000 n 0000231351 00000 n 0000231415 00000 n 0000231479 00000 n 0000231543 00000 n 0000231606 00000 n 0000231669 00000 n 0000231733 00000 n 0000231797 00000 n 0000231861 00000 n 0000231924 00000 n 0000232050 00000 n 0000232113 00000 n 0000232176 00000 n 0000232239 00000 n 0000232303 00000 n 0000232367 00000 n 0000232430 00000 n 0000232494 00000 n 0000966243 00000 n 0000232558 00000 n 0000232620 00000 n 0000232684 00000 n 0000232748 00000 n 0000232811 00000 n 0000232875 00000 n 0000232939 00000 n 0000233002 00000 n 0000233066 00000 n 0000233130 00000 n 0000233255 00000 n 0000233318 00000 n 0000233381 00000 n 0000233445 00000 n 0000233509 00000 n 0000233573 00000 n 0000233637 00000 n 0000233700 00000 n 0000233764 00000 n 0000233828 00000 n 0000233892 00000 n 0000233955 00000 n 0000234018 00000 n 0000238002 00000 n 0000235977 00000 n 0000234279 00000 n 0000236101 00000 n 0000236163 00000 n 0000236226 00000 n 0000236289 00000 n 0000236352 00000 n 0000236415 00000 n 0000236479 00000 n 0000236542 00000 n 0000236731 00000 n 0000236794 00000 n 0000236858 00000 n 0000236922 00000 n 0000236986 00000 n 0000237050 00000 n 0000237113 00000 n 0000237177 00000 n 0000237240 00000 n 0000237303 00000 n 0000237366 00000 n 0000237430 00000 n 0000237494 00000 n 0000237558 00000 n 0000237621 00000 n 0000237684 00000 n 0000237748 00000 n 0000237811 00000 n 0000237874 00000 n 0000237938 00000 n 0000241689 00000 n 0000239855 00000 n 0000238143 00000 n 0000239979 00000 n 0000240041 00000 n 0000240104 00000 n 0000240167 00000 n 0000240231 00000 n 0000240294 00000 n 0000240357 00000 n 0000240546 00000 n 0000240609 00000 n 0000240672 00000 n 0000240736 00000 n 0000240799 00000 n 0000240862 00000 n 0000240925 00000 n 0000240988 00000 n 0000241052 00000 n 0000241116 00000 n 0000241179 00000 n 0000241243 00000 n 0000241307 00000 n 0000241371 00000 n 0000241434 00000 n 0000241498 00000 n 0000241562 00000 n 0000245266 00000 n 0000243816 00000 n 0000241830 00000 n 0000243940 00000 n 0000244065 00000 n 0000244128 00000 n 0000244191 00000 n 0000244255 00000 n 0000244319 00000 n 0000244383 00000 n 0000244445 00000 n 0000244509 00000 n 0000244571 00000 n 0000244635 00000 n 0000244699 00000 n 0000244762 00000 n 0000244825 00000 n 0000244888 00000 n 0000244952 00000 n 0000245015 00000 n 0000245078 00000 n 0000245141 00000 n 0000245204 00000 n 0000249230 00000 n 0000247335 00000 n 0000245421 00000 n 0000247459 00000 n 0000247521 00000 n 0000247584 00000 n 0000247647 00000 n 0000247710 00000 n 0000247774 00000 n 0000247837 00000 n 0000247900 00000 n 0000247964 00000 n 0000248027 00000 n 0000248089 00000 n 0000248153 00000 n 0000248217 00000 n 0000248280 00000 n 0000248344 00000 n 0000248407 00000 n 0000248469 00000 n 0000248532 00000 n 0000248596 00000 n 0000248659 00000 n 0000248723 00000 n 0000248786 00000 n 0000248848 00000 n 0000248912 00000 n 0000248976 00000 n 0000249040 00000 n 0000249104 00000 n 0000249167 00000 n 0000251729 00000 n 0000250471 00000 n 0000249413 00000 n 0000250595 00000 n 0000250657 00000 n 0000250721 00000 n 0000250847 00000 n 0000250910 00000 n 0000250974 00000 n 0000251038 00000 n 0000251101 00000 n 0000251164 00000 n 0000251227 00000 n 0000251290 00000 n 0000251352 00000 n 0000251415 00000 n 0000251541 00000 n 0000251603 00000 n 0000251666 00000 n 0000969442 00000 n 0000253877 00000 n 0000252804 00000 n 0000251856 00000 n 0000252928 00000 n 0000252990 00000 n 0000253116 00000 n 0000253179 00000 n 0000253242 00000 n 0000253305 00000 n 0000253369 00000 n 0000253433 00000 n 0000253497 00000 n 0000253561 00000 n 0000253625 00000 n 0000253688 00000 n 0000253751 00000 n 0000253814 00000 n 0000255828 00000 n 0000255980 00000 n 0000256130 00000 n 0000259440 00000 n 0000255665 00000 n 0000254004 00000 n 0000256280 00000 n 0000256467 00000 n 0000256530 00000 n 0000256594 00000 n 0000256657 00000 n 0000256720 00000 n 0000256784 00000 n 0000256848 00000 n 0000256911 00000 n 0000256974 00000 n 0000257038 00000 n 0000257101 00000 n 0000257164 00000 n 0000257228 00000 n 0000257292 00000 n 0000257355 00000 n 0000257417 00000 n 0000257479 00000 n 0000257542 00000 n 0000257605 00000 n 0000257795 00000 n 0000257858 00000 n 0000257922 00000 n 0000257985 00000 n 0000258048 00000 n 0000258111 00000 n 0000258175 00000 n 0000258238 00000 n 0000258301 00000 n 0000258364 00000 n 0000258427 00000 n 0000258489 00000 n 0000258552 00000 n 0000258616 00000 n 0000258679 00000 n 0000258742 00000 n 0000258806 00000 n 0000258870 00000 n 0000258933 00000 n 0000258997 00000 n 0000259060 00000 n 0000259123 00000 n 0000259186 00000 n 0000259248 00000 n 0000259312 00000 n 0000259376 00000 n 0000264547 00000 n 0000261249 00000 n 0000259553 00000 n 0000261373 00000 n 0000261435 00000 n 0000261499 00000 n 0000261563 00000 n 0000261626 00000 n 0000261690 00000 n 0000261753 00000 n 0000261816 00000 n 0000261879 00000 n 0000261943 00000 n 0000262007 00000 n 0000262071 00000 n 0000262135 00000 n 0000262199 00000 n 0000262262 00000 n 0000262325 00000 n 0000262389 00000 n 0000262452 00000 n 0000262516 00000 n 0000262578 00000 n 0000262640 00000 n 0000262828 00000 n 0000262891 00000 n 0000262955 00000 n 0000263019 00000 n 0000263083 00000 n 0000263147 00000 n 0000263210 00000 n 0000263274 00000 n 0000263337 00000 n 0000263401 00000 n 0000263465 00000 n 0000263529 00000 n 0000263593 00000 n 0000263657 00000 n 0000263721 00000 n 0000263785 00000 n 0000263849 00000 n 0000263912 00000 n 0000263975 00000 n 0000264038 00000 n 0000264102 00000 n 0000264166 00000 n 0000264229 00000 n 0000264293 00000 n 0000264357 00000 n 0000264420 00000 n 0000266121 00000 n 0000268737 00000 n 0000265976 00000 n 0000264688 00000 n 0000266273 00000 n 0000266398 00000 n 0000266461 00000 n 0000266524 00000 n 0000266588 00000 n 0000266651 00000 n 0000266714 00000 n 0000266777 00000 n 0000266840 00000 n 0000266904 00000 n 0000266966 00000 n 0000267029 00000 n 0000267091 00000 n 0000267155 00000 n 0000267217 00000 n 0000267281 00000 n 0000267344 00000 n 0000267408 00000 n 0000267471 00000 n 0000267535 00000 n 0000267599 00000 n 0000267662 00000 n 0000267726 00000 n 0000267789 00000 n 0000267853 00000 n 0000267916 00000 n 0000267980 00000 n 0000268043 00000 n 0000268107 00000 n 0000268170 00000 n 0000268234 00000 n 0000268423 00000 n 0000268611 00000 n 0000268674 00000 n 0000272100 00000 n 0000270145 00000 n 0000268850 00000 n 0000270269 00000 n 0000270331 00000 n 0000270394 00000 n 0000270458 00000 n 0000270521 00000 n 0000270584 00000 n 0000270648 00000 n 0000270711 00000 n 0000270774 00000 n 0000270836 00000 n 0000270900 00000 n 0000270963 00000 n 0000271026 00000 n 0000271089 00000 n 0000271153 00000 n 0000271217 00000 n 0000271279 00000 n 0000271342 00000 n 0000271405 00000 n 0000271466 00000 n 0000271530 00000 n 0000271593 00000 n 0000271655 00000 n 0000271718 00000 n 0000271782 00000 n 0000271846 00000 n 0000271909 00000 n 0000271972 00000 n 0000272036 00000 n 0000273765 00000 n 0000276133 00000 n 0000273620 00000 n 0000272200 00000 n 0000273918 00000 n 0000273980 00000 n 0000274042 00000 n 0000274105 00000 n 0000274168 00000 n 0000274231 00000 n 0000274295 00000 n 0000274358 00000 n 0000274421 00000 n 0000274485 00000 n 0000274548 00000 n 0000274611 00000 n 0000274675 00000 n 0000274738 00000 n 0000274801 00000 n 0000274865 00000 n 0000274928 00000 n 0000274991 00000 n 0000275055 00000 n 0000275118 00000 n 0000275181 00000 n 0000275245 00000 n 0000275309 00000 n 0000275372 00000 n 0000275435 00000 n 0000275498 00000 n 0000275562 00000 n 0000275626 00000 n 0000275690 00000 n 0000275754 00000 n 0000275818 00000 n 0000275881 00000 n 0000275944 00000 n 0000276070 00000 n 0000969567 00000 n 0000300507 00000 n 0000278142 00000 n 0000279110 00000 n 0000277997 00000 n 0000276288 00000 n 0000278293 00000 n 0000278355 00000 n 0000278418 00000 n 0000278481 00000 n 0000278545 00000 n 0000278608 00000 n 0000278671 00000 n 0000278734 00000 n 0000278796 00000 n 0000278858 00000 n 0000278922 00000 n 0000278985 00000 n 0000279047 00000 n 0000292288 00000 n 0000284333 00000 n 0000281423 00000 n 0000279265 00000 n 0000281547 00000 n 0000281609 00000 n 0000281672 00000 n 0000281736 00000 n 0000281861 00000 n 0000281924 00000 n 0000281987 00000 n 0000282051 00000 n 0000282114 00000 n 0000282177 00000 n 0000282240 00000 n 0000282303 00000 n 0000282367 00000 n 0000282431 00000 n 0000282494 00000 n 0000282558 00000 n 0000282621 00000 n 0000282685 00000 n 0000282748 00000 n 0000282812 00000 n 0000282875 00000 n 0000282939 00000 n 0000283003 00000 n 0000283067 00000 n 0000283130 00000 n 0000283194 00000 n 0000283258 00000 n 0000283321 00000 n 0000283385 00000 n 0000283448 00000 n 0000283512 00000 n 0000283574 00000 n 0000283638 00000 n 0000283702 00000 n 0000283766 00000 n 0000283830 00000 n 0000283894 00000 n 0000283958 00000 n 0000284020 00000 n 0000284082 00000 n 0000284146 00000 n 0000284208 00000 n 0000284270 00000 n 0000288167 00000 n 0000286400 00000 n 0000284502 00000 n 0000286524 00000 n 0000286586 00000 n 0000286648 00000 n 0000286710 00000 n 0000286772 00000 n 0000286835 00000 n 0000286898 00000 n 0000286961 00000 n 0000287024 00000 n 0000287087 00000 n 0000287213 00000 n 0000287276 00000 n 0000287340 00000 n 0000287404 00000 n 0000287468 00000 n 0000287531 00000 n 0000287595 00000 n 0000287659 00000 n 0000287722 00000 n 0000287785 00000 n 0000287849 00000 n 0000287913 00000 n 0000287977 00000 n 0000288041 00000 n 0000288104 00000 n 0000290266 00000 n 0000290423 00000 n 0000292351 00000 n 0000290112 00000 n 0000288336 00000 n 0000290579 00000 n 0000290641 00000 n 0000290704 00000 n 0000290767 00000 n 0000290830 00000 n 0000290892 00000 n 0000290956 00000 n 0000291019 00000 n 0000291083 00000 n 0000291147 00000 n 0000291336 00000 n 0000291399 00000 n 0000291462 00000 n 0000291525 00000 n 0000291588 00000 n 0000291651 00000 n 0000291714 00000 n 0000291778 00000 n 0000291842 00000 n 0000291906 00000 n 0000291969 00000 n 0000292033 00000 n 0000292097 00000 n 0000292161 00000 n 0000292224 00000 n 0000294661 00000 n 0000297095 00000 n 0000294516 00000 n 0000292478 00000 n 0000294814 00000 n 0000294939 00000 n 0000295002 00000 n 0000295065 00000 n 0000295128 00000 n 0000295191 00000 n 0000295255 00000 n 0000295319 00000 n 0000295383 00000 n 0000295447 00000 n 0000295510 00000 n 0000295573 00000 n 0000295637 00000 n 0000295701 00000 n 0000295765 00000 n 0000295829 00000 n 0000295892 00000 n 0000295956 00000 n 0000296082 00000 n 0000296145 00000 n 0000296209 00000 n 0000296273 00000 n 0000296336 00000 n 0000296399 00000 n 0000296462 00000 n 0000296525 00000 n 0000296587 00000 n 0000296713 00000 n 0000296776 00000 n 0000296840 00000 n 0000296904 00000 n 0000296968 00000 n 0000297032 00000 n 0000301263 00000 n 0000299244 00000 n 0000297250 00000 n 0000299368 00000 n 0000299430 00000 n 0000299493 00000 n 0000299556 00000 n 0000299682 00000 n 0000299745 00000 n 0000299808 00000 n 0000299872 00000 n 0000299936 00000 n 0000299999 00000 n 0000300063 00000 n 0000300127 00000 n 0000300190 00000 n 0000300253 00000 n 0000300317 00000 n 0000300380 00000 n 0000300443 00000 n 0000300633 00000 n 0000300696 00000 n 0000300759 00000 n 0000300823 00000 n 0000300886 00000 n 0000300949 00000 n 0000301011 00000 n 0000301073 00000 n 0000301137 00000 n 0000301200 00000 n 0000969692 00000 n 0000303515 00000 n 0000305890 00000 n 0000303370 00000 n 0000301404 00000 n 0000303671 00000 n 0000303733 00000 n 0000303797 00000 n 0000303861 00000 n 0000303924 00000 n 0000303986 00000 n 0000304050 00000 n 0000304113 00000 n 0000304176 00000 n 0000304240 00000 n 0000304303 00000 n 0000304367 00000 n 0000304431 00000 n 0000304494 00000 n 0000304557 00000 n 0000304621 00000 n 0000304685 00000 n 0000304749 00000 n 0000304812 00000 n 0000304875 00000 n 0000304939 00000 n 0000305002 00000 n 0000305066 00000 n 0000305130 00000 n 0000305194 00000 n 0000305258 00000 n 0000305384 00000 n 0000305447 00000 n 0000305510 00000 n 0000305573 00000 n 0000305637 00000 n 0000305700 00000 n 0000305764 00000 n 0000305827 00000 n 0000308126 00000 n 0000310056 00000 n 0000307981 00000 n 0000306045 00000 n 0000308289 00000 n 0000308351 00000 n 0000308413 00000 n 0000308539 00000 n 0000308602 00000 n 0000308665 00000 n 0000308791 00000 n 0000308854 00000 n 0000308918 00000 n 0000308982 00000 n 0000309046 00000 n 0000309109 00000 n 0000309234 00000 n 0000309297 00000 n 0000309423 00000 n 0000309486 00000 n 0000309549 00000 n 0000309612 00000 n 0000309675 00000 n 0000309739 00000 n 0000309803 00000 n 0000309866 00000 n 0000309929 00000 n 0000309992 00000 n 0000312733 00000 n 0000315425 00000 n 0000312588 00000 n 0000310197 00000 n 0000312885 00000 n 0000312947 00000 n 0000313011 00000 n 0000313074 00000 n 0000313137 00000 n 0000313201 00000 n 0000313265 00000 n 0000313328 00000 n 0000313391 00000 n 0000313454 00000 n 0000313518 00000 n 0000313582 00000 n 0000313646 00000 n 0000313710 00000 n 0000313774 00000 n 0000313837 00000 n 0000313900 00000 n 0000313964 00000 n 0000314028 00000 n 0000314092 00000 n 0000314156 00000 n 0000314220 00000 n 0000314283 00000 n 0000314347 00000 n 0000314410 00000 n 0000314474 00000 n 0000314537 00000 n 0000314601 00000 n 0000314665 00000 n 0000314728 00000 n 0000314791 00000 n 0000314854 00000 n 0000314916 00000 n 0000314980 00000 n 0000315043 00000 n 0000315106 00000 n 0000315170 00000 n 0000315234 00000 n 0000315298 00000 n 0000315362 00000 n 0000320134 00000 n 0000317284 00000 n 0000315594 00000 n 0000317408 00000 n 0000317470 00000 n 0000317533 00000 n 0000317597 00000 n 0000317661 00000 n 0000317724 00000 n 0000317787 00000 n 0000317851 00000 n 0000317915 00000 n 0000317979 00000 n 0000318105 00000 n 0000318168 00000 n 0000318231 00000 n 0000318295 00000 n 0000318358 00000 n 0000318421 00000 n 0000318485 00000 n 0000318547 00000 n 0000318610 00000 n 0000318674 00000 n 0000318737 00000 n 0000318800 00000 n 0000318864 00000 n 0000318927 00000 n 0000318989 00000 n 0000319053 00000 n 0000319117 00000 n 0000319180 00000 n 0000319243 00000 n 0000319307 00000 n 0000319371 00000 n 0000319434 00000 n 0000319497 00000 n 0000319561 00000 n 0000319624 00000 n 0000319688 00000 n 0000319752 00000 n 0000319816 00000 n 0000319880 00000 n 0000319943 00000 n 0000320007 00000 n 0000320071 00000 n 0000324492 00000 n 0000322151 00000 n 0000320275 00000 n 0000322275 00000 n 0000322337 00000 n 0000322401 00000 n 0000322465 00000 n 0000322529 00000 n 0000322592 00000 n 0000322656 00000 n 0000322720 00000 n 0000322784 00000 n 0000322848 00000 n 0000322974 00000 n 0000323037 00000 n 0000323101 00000 n 0000323165 00000 n 0000323229 00000 n 0000323292 00000 n 0000323356 00000 n 0000323419 00000 n 0000323483 00000 n 0000323546 00000 n 0000323610 00000 n 0000323673 00000 n 0000323737 00000 n 0000323798 00000 n 0000323862 00000 n 0000323925 00000 n 0000323988 00000 n 0000324051 00000 n 0000324115 00000 n 0000324178 00000 n 0000324241 00000 n 0000324304 00000 n 0000324430 00000 n 0000326248 00000 n 0000327473 00000 n 0000326103 00000 n 0000324619 00000 n 0000326400 00000 n 0000326462 00000 n 0000326524 00000 n 0000326713 00000 n 0000326776 00000 n 0000326840 00000 n 0000326904 00000 n 0000326967 00000 n 0000327031 00000 n 0000327094 00000 n 0000327157 00000 n 0000327220 00000 n 0000327284 00000 n 0000327347 00000 n 0000969817 00000 n 0000330988 00000 n 0000329032 00000 n 0000327614 00000 n 0000329156 00000 n 0000329281 00000 n 0000329344 00000 n 0000329408 00000 n 0000329471 00000 n 0000329534 00000 n 0000329597 00000 n 0000329661 00000 n 0000329724 00000 n 0000329788 00000 n 0000329852 00000 n 0000329916 00000 n 0000329979 00000 n 0000330042 00000 n 0000330166 00000 n 0000330229 00000 n 0000330292 00000 n 0000330355 00000 n 0000330418 00000 n 0000330482 00000 n 0000330545 00000 n 0000330608 00000 n 0000330672 00000 n 0000330735 00000 n 0000330798 00000 n 0000330862 00000 n 0000330925 00000 n 0000335515 00000 n 0000332795 00000 n 0000331143 00000 n 0000332919 00000 n 0000332981 00000 n 0000333044 00000 n 0000333107 00000 n 0000333170 00000 n 0000333234 00000 n 0000333297 00000 n 0000333361 00000 n 0000333424 00000 n 0000333488 00000 n 0000333551 00000 n 0000333615 00000 n 0000333678 00000 n 0000333741 00000 n 0000333805 00000 n 0000333995 00000 n 0000334058 00000 n 0000334122 00000 n 0000334184 00000 n 0000334246 00000 n 0000334310 00000 n 0000334373 00000 n 0000334437 00000 n 0000334501 00000 n 0000334565 00000 n 0000334629 00000 n 0000334693 00000 n 0000334757 00000 n 0000334820 00000 n 0000334884 00000 n 0000334946 00000 n 0000335010 00000 n 0000335073 00000 n 0000335136 00000 n 0000335324 00000 n 0000335387 00000 n 0000335451 00000 n 0000339973 00000 n 0000337822 00000 n 0000335670 00000 n 0000337946 00000 n 0000338008 00000 n 0000338071 00000 n 0000338134 00000 n 0000338197 00000 n 0000338387 00000 n 0000338450 00000 n 0000338513 00000 n 0000338576 00000 n 0000338639 00000 n 0000338702 00000 n 0000338765 00000 n 0000338828 00000 n 0000338891 00000 n 0000338954 00000 n 0000339018 00000 n 0000339082 00000 n 0000339146 00000 n 0000339209 00000 n 0000339273 00000 n 0000339337 00000 n 0000339401 00000 n 0000339464 00000 n 0000339528 00000 n 0000339592 00000 n 0000339656 00000 n 0000339719 00000 n 0000339783 00000 n 0000339846 00000 n 0000339910 00000 n 0000344249 00000 n 0000342223 00000 n 0000340128 00000 n 0000342347 00000 n 0000342472 00000 n 0000342534 00000 n 0000342598 00000 n 0000342662 00000 n 0000342726 00000 n 0000342790 00000 n 0000342853 00000 n 0000342916 00000 n 0000342979 00000 n 0000343042 00000 n 0000343106 00000 n 0000343170 00000 n 0000343234 00000 n 0000343298 00000 n 0000343362 00000 n 0000343425 00000 n 0000343488 00000 n 0000343552 00000 n 0000343616 00000 n 0000343680 00000 n 0000343743 00000 n 0000343807 00000 n 0000343870 00000 n 0000343934 00000 n 0000344059 00000 n 0000344122 00000 n 0000344186 00000 n 0000346012 00000 n 0000346731 00000 n 0000345867 00000 n 0000344418 00000 n 0000346166 00000 n 0000346228 00000 n 0000346290 00000 n 0000346479 00000 n 0000346541 00000 n 0000346604 00000 n 0000346668 00000 n 0000351773 00000 n 0000349047 00000 n 0000346858 00000 n 0000349171 00000 n 0000349233 00000 n 0000349296 00000 n 0000349359 00000 n 0000349423 00000 n 0000349486 00000 n 0000349549 00000 n 0000349613 00000 n 0000349677 00000 n 0000349740 00000 n 0000349803 00000 n 0000349867 00000 n 0000349931 00000 n 0000349995 00000 n 0000350059 00000 n 0000350123 00000 n 0000350187 00000 n 0000350251 00000 n 0000350314 00000 n 0000350377 00000 n 0000350441 00000 n 0000350505 00000 n 0000350569 00000 n 0000350633 00000 n 0000350696 00000 n 0000350759 00000 n 0000350823 00000 n 0000350886 00000 n 0000350949 00000 n 0000351013 00000 n 0000351077 00000 n 0000351140 00000 n 0000351203 00000 n 0000351267 00000 n 0000351331 00000 n 0000351393 00000 n 0000351457 00000 n 0000351583 00000 n 0000351646 00000 n 0000351710 00000 n 0000969942 00000 n 0000353472 00000 n 0000354197 00000 n 0000353327 00000 n 0000351956 00000 n 0000353629 00000 n 0000353691 00000 n 0000353753 00000 n 0000353879 00000 n 0000353942 00000 n 0000354006 00000 n 0000354069 00000 n 0000354133 00000 n 0000357272 00000 n 0000355693 00000 n 0000354310 00000 n 0000355817 00000 n 0000355879 00000 n 0000355943 00000 n 0000356007 00000 n 0000356133 00000 n 0000356196 00000 n 0000356259 00000 n 0000356322 00000 n 0000356385 00000 n 0000356449 00000 n 0000356512 00000 n 0000356575 00000 n 0000356638 00000 n 0000356702 00000 n 0000356766 00000 n 0000356829 00000 n 0000356892 00000 n 0000356955 00000 n 0000357019 00000 n 0000357083 00000 n 0000357146 00000 n 0000357209 00000 n 0000360746 00000 n 0000359169 00000 n 0000357385 00000 n 0000359293 00000 n 0000359355 00000 n 0000359418 00000 n 0000359482 00000 n 0000359546 00000 n 0000359610 00000 n 0000359673 00000 n 0000359799 00000 n 0000359862 00000 n 0000359926 00000 n 0000359989 00000 n 0000360052 00000 n 0000360115 00000 n 0000360304 00000 n 0000360367 00000 n 0000360430 00000 n 0000360493 00000 n 0000360556 00000 n 0000360619 00000 n 0000360683 00000 n 0000364960 00000 n 0000362557 00000 n 0000360887 00000 n 0000362681 00000 n 0000362743 00000 n 0000362805 00000 n 0000362868 00000 n 0000362931 00000 n 0000362994 00000 n 0000363056 00000 n 0000363120 00000 n 0000363183 00000 n 0000363246 00000 n 0000363310 00000 n 0000363373 00000 n 0000363437 00000 n 0000363501 00000 n 0000363564 00000 n 0000363627 00000 n 0000363691 00000 n 0000363754 00000 n 0000363817 00000 n 0000363881 00000 n 0000363944 00000 n 0000364008 00000 n 0000364072 00000 n 0000364135 00000 n 0000364198 00000 n 0000364262 00000 n 0000364325 00000 n 0000364388 00000 n 0000364452 00000 n 0000364515 00000 n 0000364579 00000 n 0000364643 00000 n 0000364707 00000 n 0000364771 00000 n 0000364833 00000 n 0000364896 00000 n 0000366320 00000 n 0000367551 00000 n 0000366175 00000 n 0000365088 00000 n 0000366477 00000 n 0000366539 00000 n 0000366602 00000 n 0000366665 00000 n 0000366729 00000 n 0000366793 00000 n 0000366856 00000 n 0000366920 00000 n 0000367109 00000 n 0000367172 00000 n 0000367235 00000 n 0000367298 00000 n 0000367361 00000 n 0000367424 00000 n 0000367488 00000 n 0000369681 00000 n 0000368866 00000 n 0000367706 00000 n 0000368990 00000 n 0000369052 00000 n 0000369240 00000 n 0000369303 00000 n 0000369366 00000 n 0000369429 00000 n 0000369492 00000 n 0000369555 00000 n 0000369618 00000 n 0000970067 00000 n 0000372160 00000 n 0000370902 00000 n 0000369808 00000 n 0000371026 00000 n 0000371088 00000 n 0000371276 00000 n 0000371339 00000 n 0000371402 00000 n 0000371465 00000 n 0000371528 00000 n 0000371591 00000 n 0000371654 00000 n 0000371718 00000 n 0000371782 00000 n 0000371845 00000 n 0000371909 00000 n 0000371972 00000 n 0000372035 00000 n 0000372097 00000 n 0000375056 00000 n 0000373924 00000 n 0000372287 00000 n 0000374048 00000 n 0000374110 00000 n 0000374173 00000 n 0000374237 00000 n 0000374300 00000 n 0000374363 00000 n 0000374427 00000 n 0000374490 00000 n 0000374554 00000 n 0000374618 00000 n 0000374679 00000 n 0000374742 00000 n 0000374806 00000 n 0000374870 00000 n 0000374993 00000 n 0000378965 00000 n 0000376815 00000 n 0000375184 00000 n 0000376939 00000 n 0000377126 00000 n 0000377188 00000 n 0000377251 00000 n 0000377314 00000 n 0000377377 00000 n 0000377441 00000 n 0000377504 00000 n 0000377567 00000 n 0000377630 00000 n 0000377694 00000 n 0000377758 00000 n 0000377822 00000 n 0000377886 00000 n 0000377949 00000 n 0000378012 00000 n 0000378076 00000 n 0000378140 00000 n 0000378203 00000 n 0000378329 00000 n 0000378392 00000 n 0000378456 00000 n 0000378520 00000 n 0000378583 00000 n 0000378646 00000 n 0000378709 00000 n 0000378773 00000 n 0000378837 00000 n 0000378901 00000 n 0000382431 00000 n 0000380726 00000 n 0000379120 00000 n 0000380850 00000 n 0000380912 00000 n 0000380975 00000 n 0000381039 00000 n 0000381103 00000 n 0000381166 00000 n 0000381229 00000 n 0000381293 00000 n 0000381357 00000 n 0000381420 00000 n 0000381484 00000 n 0000381548 00000 n 0000381611 00000 n 0000381674 00000 n 0000381738 00000 n 0000381801 00000 n 0000381864 00000 n 0000381928 00000 n 0000381991 00000 n 0000382055 00000 n 0000382119 00000 n 0000382183 00000 n 0000382247 00000 n 0000382372 00000 n 0000384598 00000 n 0000383843 00000 n 0000382586 00000 n 0000383967 00000 n 0000384155 00000 n 0000384218 00000 n 0000384282 00000 n 0000384345 00000 n 0000384408 00000 n 0000384471 00000 n 0000384534 00000 n 0000388823 00000 n 0000386800 00000 n 0000384739 00000 n 0000386924 00000 n 0000386986 00000 n 0000387049 00000 n 0000387113 00000 n 0000387177 00000 n 0000387241 00000 n 0000387304 00000 n 0000387368 00000 n 0000387431 00000 n 0000387494 00000 n 0000387557 00000 n 0000387621 00000 n 0000387684 00000 n 0000387748 00000 n 0000387811 00000 n 0000387875 00000 n 0000387938 00000 n 0000388002 00000 n 0000388065 00000 n 0000388129 00000 n 0000388192 00000 n 0000388255 00000 n 0000388318 00000 n 0000388381 00000 n 0000388445 00000 n 0000388509 00000 n 0000388634 00000 n 0000388697 00000 n 0000388761 00000 n 0000970192 00000 n 0000393405 00000 n 0000391001 00000 n 0000388964 00000 n 0000391125 00000 n 0000391250 00000 n 0000391313 00000 n 0000391376 00000 n 0000391439 00000 n 0000391503 00000 n 0000391565 00000 n 0000391629 00000 n 0000391693 00000 n 0000391757 00000 n 0000391821 00000 n 0000391946 00000 n 0000392009 00000 n 0000392073 00000 n 0000392137 00000 n 0000392201 00000 n 0000392264 00000 n 0000392328 00000 n 0000392391 00000 n 0000392454 00000 n 0000392518 00000 n 0000392582 00000 n 0000392645 00000 n 0000392708 00000 n 0000392771 00000 n 0000392897 00000 n 0000392960 00000 n 0000393023 00000 n 0000393086 00000 n 0000393150 00000 n 0000393214 00000 n 0000393278 00000 n 0000393341 00000 n 0000397794 00000 n 0000395211 00000 n 0000393546 00000 n 0000395335 00000 n 0000395397 00000 n 0000395460 00000 n 0000395523 00000 n 0000395587 00000 n 0000395712 00000 n 0000395775 00000 n 0000395838 00000 n 0000395901 00000 n 0000395963 00000 n 0000396027 00000 n 0000396090 00000 n 0000396153 00000 n 0000396217 00000 n 0000396280 00000 n 0000396344 00000 n 0000396407 00000 n 0000396470 00000 n 0000396534 00000 n 0000396597 00000 n 0000396660 00000 n 0000396724 00000 n 0000396850 00000 n 0000396913 00000 n 0000396976 00000 n 0000397040 00000 n 0000397103 00000 n 0000397166 00000 n 0000397228 00000 n 0000397290 00000 n 0000397352 00000 n 0000397416 00000 n 0000397478 00000 n 0000397540 00000 n 0000397604 00000 n 0000397667 00000 n 0000397730 00000 n 0000402906 00000 n 0000399868 00000 n 0000397921 00000 n 0000399992 00000 n 0000400054 00000 n 0000400117 00000 n 0000400180 00000 n 0000400244 00000 n 0000400306 00000 n 0000400368 00000 n 0000400432 00000 n 0000400495 00000 n 0000400558 00000 n 0000400622 00000 n 0000400685 00000 n 0000400748 00000 n 0000400812 00000 n 0000400875 00000 n 0000400938 00000 n 0000401002 00000 n 0000401065 00000 n 0000401129 00000 n 0000401192 00000 n 0000401255 00000 n 0000401318 00000 n 0000401381 00000 n 0000401445 00000 n 0000401508 00000 n 0000401571 00000 n 0000401634 00000 n 0000401698 00000 n 0000401761 00000 n 0000401825 00000 n 0000401889 00000 n 0000401952 00000 n 0000402015 00000 n 0000402079 00000 n 0000402142 00000 n 0000402205 00000 n 0000402269 00000 n 0000402333 00000 n 0000402397 00000 n 0000402461 00000 n 0000402525 00000 n 0000402588 00000 n 0000402652 00000 n 0000402716 00000 n 0000402780 00000 n 0000402843 00000 n 0000405306 00000 n 0000407560 00000 n 0000405161 00000 n 0000403075 00000 n 0000405470 00000 n 0000405532 00000 n 0000405594 00000 n 0000405657 00000 n 0000405720 00000 n 0000405784 00000 n 0000405847 00000 n 0000405910 00000 n 0000405974 00000 n 0000406037 00000 n 0000406100 00000 n 0000406163 00000 n 0000406226 00000 n 0000406289 00000 n 0000406353 00000 n 0000406417 00000 n 0000406481 00000 n 0000406545 00000 n 0000406608 00000 n 0000406671 00000 n 0000406735 00000 n 0000406798 00000 n 0000406861 00000 n 0000406925 00000 n 0000406989 00000 n 0000407053 00000 n 0000407116 00000 n 0000407180 00000 n 0000407244 00000 n 0000407308 00000 n 0000407371 00000 n 0000407434 00000 n 0000407497 00000 n 0000411662 00000 n 0000409324 00000 n 0000407729 00000 n 0000409448 00000 n 0000409510 00000 n 0000409573 00000 n 0000409636 00000 n 0000409700 00000 n 0000409763 00000 n 0000409826 00000 n 0000409890 00000 n 0000409953 00000 n 0000410016 00000 n 0000410079 00000 n 0000410142 00000 n 0000410206 00000 n 0000410269 00000 n 0000410333 00000 n 0000410397 00000 n 0000410459 00000 n 0000410521 00000 n 0000410585 00000 n 0000410647 00000 n 0000410711 00000 n 0000410775 00000 n 0000410838 00000 n 0000410901 00000 n 0000410965 00000 n 0000411029 00000 n 0000411092 00000 n 0000411156 00000 n 0000411219 00000 n 0000411282 00000 n 0000411346 00000 n 0000411410 00000 n 0000411474 00000 n 0000411599 00000 n 0000413033 00000 n 0000412847 00000 n 0000411803 00000 n 0000412971 00000 n 0000970317 00000 n 0000416003 00000 n 0000414805 00000 n 0000413120 00000 n 0000414929 00000 n 0000414991 00000 n 0000415179 00000 n 0000415242 00000 n 0000415306 00000 n 0000415370 00000 n 0000415433 00000 n 0000415497 00000 n 0000415561 00000 n 0000415624 00000 n 0000415687 00000 n 0000415751 00000 n 0000415877 00000 n 0000415940 00000 n 0000419878 00000 n 0000417857 00000 n 0000416144 00000 n 0000417981 00000 n 0000418043 00000 n 0000418106 00000 n 0000418169 00000 n 0000418233 00000 n 0000418296 00000 n 0000418359 00000 n 0000418423 00000 n 0000418486 00000 n 0000418549 00000 n 0000418613 00000 n 0000418676 00000 n 0000418739 00000 n 0000418803 00000 n 0000418866 00000 n 0000418929 00000 n 0000418993 00000 n 0000419056 00000 n 0000419119 00000 n 0000419182 00000 n 0000419245 00000 n 0000419308 00000 n 0000419372 00000 n 0000419435 00000 n 0000419498 00000 n 0000419562 00000 n 0000419626 00000 n 0000419690 00000 n 0000419815 00000 n 0000422768 00000 n 0000421632 00000 n 0000420033 00000 n 0000421756 00000 n 0000421944 00000 n 0000422007 00000 n 0000422070 00000 n 0000422134 00000 n 0000422198 00000 n 0000422262 00000 n 0000422325 00000 n 0000422388 00000 n 0000422452 00000 n 0000422642 00000 n 0000422705 00000 n 0000425828 00000 n 0000424312 00000 n 0000422881 00000 n 0000424436 00000 n 0000424498 00000 n 0000424560 00000 n 0000424623 00000 n 0000424686 00000 n 0000424749 00000 n 0000424813 00000 n 0000424877 00000 n 0000424940 00000 n 0000425003 00000 n 0000425067 00000 n 0000425131 00000 n 0000425195 00000 n 0000425258 00000 n 0000425322 00000 n 0000425386 00000 n 0000425449 00000 n 0000425513 00000 n 0000425576 00000 n 0000425639 00000 n 0000425702 00000 n 0000425765 00000 n 0000430060 00000 n 0000427907 00000 n 0000425969 00000 n 0000428031 00000 n 0000428218 00000 n 0000428280 00000 n 0000428343 00000 n 0000428407 00000 n 0000428471 00000 n 0000428535 00000 n 0000428599 00000 n 0000428663 00000 n 0000428726 00000 n 0000428790 00000 n 0000428854 00000 n 0000428917 00000 n 0000428981 00000 n 0000429045 00000 n 0000429109 00000 n 0000429172 00000 n 0000429236 00000 n 0000429299 00000 n 0000429363 00000 n 0000429427 00000 n 0000429490 00000 n 0000429552 00000 n 0000429615 00000 n 0000429678 00000 n 0000429741 00000 n 0000429805 00000 n 0000429869 00000 n 0000429933 00000 n 0000429997 00000 n 0000432899 00000 n 0000431640 00000 n 0000430229 00000 n 0000431764 00000 n 0000431826 00000 n 0000431950 00000 n 0000432013 00000 n 0000432138 00000 n 0000432201 00000 n 0000432265 00000 n 0000432454 00000 n 0000432517 00000 n 0000432581 00000 n 0000432645 00000 n 0000432708 00000 n 0000432772 00000 n 0000432836 00000 n 0000970442 00000 n 0000436408 00000 n 0000434708 00000 n 0000433012 00000 n 0000434832 00000 n 0000434894 00000 n 0000434957 00000 n 0000435020 00000 n 0000435083 00000 n 0000435146 00000 n 0000435209 00000 n 0000435272 00000 n 0000435336 00000 n 0000435399 00000 n 0000435462 00000 n 0000435525 00000 n 0000435589 00000 n 0000435652 00000 n 0000435715 00000 n 0000435778 00000 n 0000435841 00000 n 0000435905 00000 n 0000435968 00000 n 0000436031 00000 n 0000436094 00000 n 0000436156 00000 n 0000436220 00000 n 0000436345 00000 n 0000438706 00000 n 0000441076 00000 n 0000438561 00000 n 0000436536 00000 n 0000438858 00000 n 0000439046 00000 n 0000439109 00000 n 0000439172 00000 n 0000439235 00000 n 0000439299 00000 n 0000439363 00000 n 0000439427 00000 n 0000439490 00000 n 0000439554 00000 n 0000439617 00000 n 0000439681 00000 n 0000439745 00000 n 0000439809 00000 n 0000439873 00000 n 0000440062 00000 n 0000440125 00000 n 0000440188 00000 n 0000440252 00000 n 0000440316 00000 n 0000440380 00000 n 0000440443 00000 n 0000440507 00000 n 0000440571 00000 n 0000440635 00000 n 0000440698 00000 n 0000440761 00000 n 0000440824 00000 n 0000440887 00000 n 0000440951 00000 n 0000441014 00000 n 0000445885 00000 n 0000442970 00000 n 0000441217 00000 n 0000443094 00000 n 0000443156 00000 n 0000443219 00000 n 0000443283 00000 n 0000443346 00000 n 0000443410 00000 n 0000443473 00000 n 0000443537 00000 n 0000443600 00000 n 0000443664 00000 n 0000443727 00000 n 0000443916 00000 n 0000443979 00000 n 0000444043 00000 n 0000444107 00000 n 0000444171 00000 n 0000444234 00000 n 0000444298 00000 n 0000444361 00000 n 0000444424 00000 n 0000444486 00000 n 0000444550 00000 n 0000444614 00000 n 0000444678 00000 n 0000444742 00000 n 0000444806 00000 n 0000444868 00000 n 0000444932 00000 n 0000444996 00000 n 0000445059 00000 n 0000445121 00000 n 0000445185 00000 n 0000445248 00000 n 0000445311 00000 n 0000445375 00000 n 0000445439 00000 n 0000445502 00000 n 0000445565 00000 n 0000445629 00000 n 0000445693 00000 n 0000445757 00000 n 0000445821 00000 n 0000450433 00000 n 0000447838 00000 n 0000446026 00000 n 0000447962 00000 n 0000448024 00000 n 0000448087 00000 n 0000448150 00000 n 0000448214 00000 n 0000448277 00000 n 0000448340 00000 n 0000448403 00000 n 0000448466 00000 n 0000448529 00000 n 0000448593 00000 n 0000448656 00000 n 0000448718 00000 n 0000448781 00000 n 0000448845 00000 n 0000448909 00000 n 0000449099 00000 n 0000449162 00000 n 0000449226 00000 n 0000449290 00000 n 0000449353 00000 n 0000449416 00000 n 0000449479 00000 n 0000449542 00000 n 0000449605 00000 n 0000449669 00000 n 0000449733 00000 n 0000449796 00000 n 0000449860 00000 n 0000449923 00000 n 0000449986 00000 n 0000450050 00000 n 0000450114 00000 n 0000450178 00000 n 0000450242 00000 n 0000450306 00000 n 0000450370 00000 n 0000452477 00000 n 0000455290 00000 n 0000452332 00000 n 0000450574 00000 n 0000452629 00000 n 0000452691 00000 n 0000452754 00000 n 0000452818 00000 n 0000452881 00000 n 0000452944 00000 n 0000453008 00000 n 0000453071 00000 n 0000453135 00000 n 0000453198 00000 n 0000453261 00000 n 0000453325 00000 n 0000453388 00000 n 0000453451 00000 n 0000453514 00000 n 0000453578 00000 n 0000453642 00000 n 0000453706 00000 n 0000453770 00000 n 0000453834 00000 n 0000453897 00000 n 0000453961 00000 n 0000454024 00000 n 0000454088 00000 n 0000454151 00000 n 0000454214 00000 n 0000454277 00000 n 0000454341 00000 n 0000454404 00000 n 0000454468 00000 n 0000454531 00000 n 0000454595 00000 n 0000454658 00000 n 0000454721 00000 n 0000454784 00000 n 0000454848 00000 n 0000454910 00000 n 0000455100 00000 n 0000455163 00000 n 0000455227 00000 n 0000458430 00000 n 0000456980 00000 n 0000455431 00000 n 0000457104 00000 n 0000457166 00000 n 0000457229 00000 n 0000457292 00000 n 0000457481 00000 n 0000457544 00000 n 0000457608 00000 n 0000457672 00000 n 0000457735 00000 n 0000457798 00000 n 0000457862 00000 n 0000457926 00000 n 0000457988 00000 n 0000458051 00000 n 0000458115 00000 n 0000458240 00000 n 0000458303 00000 n 0000458367 00000 n 0000970567 00000 n 0000460776 00000 n 0000463401 00000 n 0000460631 00000 n 0000458585 00000 n 0000460927 00000 n 0000460989 00000 n 0000461052 00000 n 0000461114 00000 n 0000461178 00000 n 0000461241 00000 n 0000461305 00000 n 0000461369 00000 n 0000461432 00000 n 0000461495 00000 n 0000461559 00000 n 0000461622 00000 n 0000461685 00000 n 0000461749 00000 n 0000461812 00000 n 0000461875 00000 n 0000461938 00000 n 0000462002 00000 n 0000462066 00000 n 0000462129 00000 n 0000462193 00000 n 0000462257 00000 n 0000462383 00000 n 0000462446 00000 n 0000462510 00000 n 0000462573 00000 n 0000462636 00000 n 0000462700 00000 n 0000462764 00000 n 0000462828 00000 n 0000462891 00000 n 0000462955 00000 n 0000463018 00000 n 0000463082 00000 n 0000463146 00000 n 0000463210 00000 n 0000463274 00000 n 0000463338 00000 n 0000465600 00000 n 0000467926 00000 n 0000465446 00000 n 0000463556 00000 n 0000465901 00000 n 0000465963 00000 n 0000466026 00000 n 0000466090 00000 n 0000465751 00000 n 0000466153 00000 n 0000466216 00000 n 0000466280 00000 n 0000466343 00000 n 0000466406 00000 n 0000466469 00000 n 0000466532 00000 n 0000466595 00000 n 0000466658 00000 n 0000466722 00000 n 0000466911 00000 n 0000466974 00000 n 0000467037 00000 n 0000467100 00000 n 0000467164 00000 n 0000467228 00000 n 0000467290 00000 n 0000467354 00000 n 0000467418 00000 n 0000467481 00000 n 0000467545 00000 n 0000467609 00000 n 0000467799 00000 n 0000467862 00000 n 0000471932 00000 n 0000469282 00000 n 0000468081 00000 n 0000469406 00000 n 0000469468 00000 n 0000469530 00000 n 0000469593 00000 n 0000469782 00000 n 0000469845 00000 n 0000469908 00000 n 0000469972 00000 n 0000470036 00000 n 0000470099 00000 n 0000470162 00000 n 0000470225 00000 n 0000470288 00000 n 0000470351 00000 n 0000470415 00000 n 0000470478 00000 n 0000470541 00000 n 0000470605 00000 n 0000470668 00000 n 0000470730 00000 n 0000470794 00000 n 0000470857 00000 n 0000470920 00000 n 0000470983 00000 n 0000471045 00000 n 0000471108 00000 n 0000471172 00000 n 0000471235 00000 n 0000471298 00000 n 0000471362 00000 n 0000471425 00000 n 0000471488 00000 n 0000471552 00000 n 0000471615 00000 n 0000471678 00000 n 0000471742 00000 n 0000471805 00000 n 0000471868 00000 n 0000474127 00000 n 0000476171 00000 n 0000473982 00000 n 0000472059 00000 n 0000474277 00000 n 0000474339 00000 n 0000474401 00000 n 0000474464 00000 n 0000474527 00000 n 0000474591 00000 n 0000474654 00000 n 0000474718 00000 n 0000474782 00000 n 0000474846 00000 n 0000474910 00000 n 0000474972 00000 n 0000475034 00000 n 0000475097 00000 n 0000475160 00000 n 0000475223 00000 n 0000475286 00000 n 0000475349 00000 n 0000475412 00000 n 0000475475 00000 n 0000475538 00000 n 0000475601 00000 n 0000475790 00000 n 0000475853 00000 n 0000475917 00000 n 0000475980 00000 n 0000476043 00000 n 0000476107 00000 n 0000481545 00000 n 0000478062 00000 n 0000476326 00000 n 0000478186 00000 n 0000478248 00000 n 0000478310 00000 n 0000478373 00000 n 0000478435 00000 n 0000478498 00000 n 0000478561 00000 n 0000478625 00000 n 0000478689 00000 n 0000478752 00000 n 0000478815 00000 n 0000478878 00000 n 0000478942 00000 n 0000479005 00000 n 0000479069 00000 n 0000479132 00000 n 0000479196 00000 n 0000479259 00000 n 0000479322 00000 n 0000479386 00000 n 0000479450 00000 n 0000479513 00000 n 0000479577 00000 n 0000479641 00000 n 0000479704 00000 n 0000479768 00000 n 0000479830 00000 n 0000479894 00000 n 0000479958 00000 n 0000480021 00000 n 0000480085 00000 n 0000480149 00000 n 0000480212 00000 n 0000480276 00000 n 0000480340 00000 n 0000480403 00000 n 0000480466 00000 n 0000480529 00000 n 0000480593 00000 n 0000480657 00000 n 0000480720 00000 n 0000480783 00000 n 0000480847 00000 n 0000480911 00000 n 0000480975 00000 n 0000481039 00000 n 0000481103 00000 n 0000481167 00000 n 0000481230 00000 n 0000481293 00000 n 0000481356 00000 n 0000481418 00000 n 0000481482 00000 n 0000485834 00000 n 0000483431 00000 n 0000481700 00000 n 0000483555 00000 n 0000483617 00000 n 0000483680 00000 n 0000483744 00000 n 0000483808 00000 n 0000483872 00000 n 0000483936 00000 n 0000483999 00000 n 0000484061 00000 n 0000484251 00000 n 0000484314 00000 n 0000484378 00000 n 0000484442 00000 n 0000484504 00000 n 0000484566 00000 n 0000484629 00000 n 0000484691 00000 n 0000484755 00000 n 0000484819 00000 n 0000484882 00000 n 0000484945 00000 n 0000485009 00000 n 0000485073 00000 n 0000485137 00000 n 0000485201 00000 n 0000485391 00000 n 0000485454 00000 n 0000485517 00000 n 0000485580 00000 n 0000485644 00000 n 0000485708 00000 n 0000485771 00000 n 0000970692 00000 n 0000489854 00000 n 0000487894 00000 n 0000486017 00000 n 0000488018 00000 n 0000488143 00000 n 0000488206 00000 n 0000488270 00000 n 0000488333 00000 n 0000488397 00000 n 0000488461 00000 n 0000488522 00000 n 0000488586 00000 n 0000488650 00000 n 0000488776 00000 n 0000488839 00000 n 0000488903 00000 n 0000488967 00000 n 0000489031 00000 n 0000489095 00000 n 0000489157 00000 n 0000489220 00000 n 0000489282 00000 n 0000489346 00000 n 0000489410 00000 n 0000489473 00000 n 0000489537 00000 n 0000489601 00000 n 0000489664 00000 n 0000489727 00000 n 0000491983 00000 n 0000494413 00000 n 0000491838 00000 n 0000490009 00000 n 0000492136 00000 n 0000492260 00000 n 0000492323 00000 n 0000492386 00000 n 0000492449 00000 n 0000492512 00000 n 0000492576 00000 n 0000492640 00000 n 0000492703 00000 n 0000492767 00000 n 0000492831 00000 n 0000492895 00000 n 0000492959 00000 n 0000493023 00000 n 0000493212 00000 n 0000493275 00000 n 0000493339 00000 n 0000493529 00000 n 0000493592 00000 n 0000493656 00000 n 0000493720 00000 n 0000493783 00000 n 0000493846 00000 n 0000493910 00000 n 0000493973 00000 n 0000494036 00000 n 0000494099 00000 n 0000494163 00000 n 0000494226 00000 n 0000494288 00000 n 0000494350 00000 n 0000497674 00000 n 0000496026 00000 n 0000494540 00000 n 0000496150 00000 n 0000496212 00000 n 0000496276 00000 n 0000496340 00000 n 0000496404 00000 n 0000496468 00000 n 0000496532 00000 n 0000496596 00000 n 0000496660 00000 n 0000496723 00000 n 0000496787 00000 n 0000496850 00000 n 0000496914 00000 n 0000496977 00000 n 0000497039 00000 n 0000497103 00000 n 0000497167 00000 n 0000497230 00000 n 0000497293 00000 n 0000497357 00000 n 0000497421 00000 n 0000497483 00000 n 0000497546 00000 n 0000497610 00000 n 0000499539 00000 n 0000499689 00000 n 0000501872 00000 n 0000499385 00000 n 0000497815 00000 n 0000499849 00000 n 0000500037 00000 n 0000500100 00000 n 0000500289 00000 n 0000500352 00000 n 0000500542 00000 n 0000500605 00000 n 0000500668 00000 n 0000500730 00000 n 0000500794 00000 n 0000500857 00000 n 0000500920 00000 n 0000500984 00000 n 0000501048 00000 n 0000501112 00000 n 0000501176 00000 n 0000501239 00000 n 0000501428 00000 n 0000501491 00000 n 0000501554 00000 n 0000501618 00000 n 0000501680 00000 n 0000501744 00000 n 0000501808 00000 n 0000504093 00000 n 0000507361 00000 n 0000503948 00000 n 0000502013 00000 n 0000504247 00000 n 0000504309 00000 n 0000504372 00000 n 0000504436 00000 n 0000504500 00000 n 0000504564 00000 n 0000504627 00000 n 0000504690 00000 n 0000504753 00000 n 0000504817 00000 n 0000504879 00000 n 0000504943 00000 n 0000505007 00000 n 0000505071 00000 n 0000505134 00000 n 0000505197 00000 n 0000505261 00000 n 0000505325 00000 n 0000505388 00000 n 0000505451 00000 n 0000505514 00000 n 0000505578 00000 n 0000505642 00000 n 0000505706 00000 n 0000505769 00000 n 0000505832 00000 n 0000505895 00000 n 0000505959 00000 n 0000506023 00000 n 0000506087 00000 n 0000506150 00000 n 0000506214 00000 n 0000506278 00000 n 0000506341 00000 n 0000506404 00000 n 0000506468 00000 n 0000506532 00000 n 0000506596 00000 n 0000506660 00000 n 0000506724 00000 n 0000506788 00000 n 0000506852 00000 n 0000506915 00000 n 0000506979 00000 n 0000507042 00000 n 0000507106 00000 n 0000507170 00000 n 0000507234 00000 n 0000507297 00000 n 0000511403 00000 n 0000509257 00000 n 0000507502 00000 n 0000509381 00000 n 0000509443 00000 n 0000509506 00000 n 0000509569 00000 n 0000509633 00000 n 0000509695 00000 n 0000509757 00000 n 0000509821 00000 n 0000509885 00000 n 0000509949 00000 n 0000510013 00000 n 0000510077 00000 n 0000510140 00000 n 0000510204 00000 n 0000510267 00000 n 0000510330 00000 n 0000510394 00000 n 0000510457 00000 n 0000510520 00000 n 0000510584 00000 n 0000510647 00000 n 0000510710 00000 n 0000510774 00000 n 0000510837 00000 n 0000510900 00000 n 0000510964 00000 n 0000511028 00000 n 0000511091 00000 n 0000511215 00000 n 0000511278 00000 n 0000511341 00000 n 0000970817 00000 n 0000512224 00000 n 0000512038 00000 n 0000511544 00000 n 0000512162 00000 n 0000514241 00000 n 0000514396 00000 n 0000514553 00000 n 0000514707 00000 n 0000517783 00000 n 0000514069 00000 n 0000512311 00000 n 0000514865 00000 n 0000515051 00000 n 0000515114 00000 n 0000515178 00000 n 0000515242 00000 n 0000515305 00000 n 0000515368 00000 n 0000515432 00000 n 0000515495 00000 n 0000515559 00000 n 0000515623 00000 n 0000515687 00000 n 0000515750 00000 n 0000515813 00000 n 0000515876 00000 n 0000515939 00000 n 0000516002 00000 n 0000516066 00000 n 0000516130 00000 n 0000516194 00000 n 0000516257 00000 n 0000516321 00000 n 0000516385 00000 n 0000516449 00000 n 0000516513 00000 n 0000516577 00000 n 0000516641 00000 n 0000516704 00000 n 0000516768 00000 n 0000516832 00000 n 0000516896 00000 n 0000516959 00000 n 0000517023 00000 n 0000517087 00000 n 0000517151 00000 n 0000517214 00000 n 0000517278 00000 n 0000517342 00000 n 0000517405 00000 n 0000517468 00000 n 0000517531 00000 n 0000517594 00000 n 0000517658 00000 n 0000517721 00000 n 0000522482 00000 n 0000520141 00000 n 0000517952 00000 n 0000520265 00000 n 0000520327 00000 n 0000520391 00000 n 0000520455 00000 n 0000520519 00000 n 0000520582 00000 n 0000520645 00000 n 0000520709 00000 n 0000520773 00000 n 0000520837 00000 n 0000520901 00000 n 0000520965 00000 n 0000521028 00000 n 0000521091 00000 n 0000521155 00000 n 0000521219 00000 n 0000521282 00000 n 0000521345 00000 n 0000521408 00000 n 0000521471 00000 n 0000521535 00000 n 0000521599 00000 n 0000521663 00000 n 0000521727 00000 n 0000521790 00000 n 0000521853 00000 n 0000521917 00000 n 0000521980 00000 n 0000522043 00000 n 0000522106 00000 n 0000522169 00000 n 0000522232 00000 n 0000522294 00000 n 0000522357 00000 n 0000522420 00000 n 0000527058 00000 n 0000524525 00000 n 0000522665 00000 n 0000524649 00000 n 0000524711 00000 n 0000524774 00000 n 0000524838 00000 n 0000524902 00000 n 0000524965 00000 n 0000525028 00000 n 0000525092 00000 n 0000525155 00000 n 0000525218 00000 n 0000525282 00000 n 0000525345 00000 n 0000525408 00000 n 0000525472 00000 n 0000525535 00000 n 0000525599 00000 n 0000525662 00000 n 0000525726 00000 n 0000525789 00000 n 0000525853 00000 n 0000525916 00000 n 0000525980 00000 n 0000526043 00000 n 0000526107 00000 n 0000526170 00000 n 0000526234 00000 n 0000526297 00000 n 0000526360 00000 n 0000526424 00000 n 0000526613 00000 n 0000526676 00000 n 0000526740 00000 n 0000526804 00000 n 0000526868 00000 n 0000526931 00000 n 0000526994 00000 n 0000528241 00000 n 0000528055 00000 n 0000527213 00000 n 0000528179 00000 n 0000533130 00000 n 0000530214 00000 n 0000528328 00000 n 0000530338 00000 n 0000530526 00000 n 0000530589 00000 n 0000530653 00000 n 0000530843 00000 n 0000530906 00000 n 0000530969 00000 n 0000531032 00000 n 0000531095 00000 n 0000531159 00000 n 0000531222 00000 n 0000531285 00000 n 0000531348 00000 n 0000531412 00000 n 0000531476 00000 n 0000531540 00000 n 0000531603 00000 n 0000531667 00000 n 0000531731 00000 n 0000531795 00000 n 0000531858 00000 n 0000531921 00000 n 0000531985 00000 n 0000532049 00000 n 0000532113 00000 n 0000532177 00000 n 0000532240 00000 n 0000532303 00000 n 0000532367 00000 n 0000532431 00000 n 0000532495 00000 n 0000532559 00000 n 0000532622 00000 n 0000532685 00000 n 0000532749 00000 n 0000532812 00000 n 0000532876 00000 n 0000532939 00000 n 0000533002 00000 n 0000533066 00000 n 0000970942 00000 n 0000537899 00000 n 0000535368 00000 n 0000533271 00000 n 0000535492 00000 n 0000535554 00000 n 0000535617 00000 n 0000535680 00000 n 0000535744 00000 n 0000535808 00000 n 0000535871 00000 n 0000535934 00000 n 0000535998 00000 n 0000536060 00000 n 0000536122 00000 n 0000536186 00000 n 0000536250 00000 n 0000536313 00000 n 0000536377 00000 n 0000536441 00000 n 0000536505 00000 n 0000536569 00000 n 0000536633 00000 n 0000536697 00000 n 0000536761 00000 n 0000536823 00000 n 0000536886 00000 n 0000536950 00000 n 0000537014 00000 n 0000537078 00000 n 0000537204 00000 n 0000537267 00000 n 0000537330 00000 n 0000537393 00000 n 0000537456 00000 n 0000537519 00000 n 0000537583 00000 n 0000537646 00000 n 0000537710 00000 n 0000537773 00000 n 0000537836 00000 n 0000542825 00000 n 0000540154 00000 n 0000538068 00000 n 0000540278 00000 n 0000540340 00000 n 0000540402 00000 n 0000540466 00000 n 0000540530 00000 n 0000540594 00000 n 0000540658 00000 n 0000540722 00000 n 0000540785 00000 n 0000540849 00000 n 0000540912 00000 n 0000540976 00000 n 0000541039 00000 n 0000541103 00000 n 0000541166 00000 n 0000541230 00000 n 0000541294 00000 n 0000541358 00000 n 0000541422 00000 n 0000541486 00000 n 0000541550 00000 n 0000541614 00000 n 0000541678 00000 n 0000541742 00000 n 0000541806 00000 n 0000541870 00000 n 0000541934 00000 n 0000541998 00000 n 0000542062 00000 n 0000542125 00000 n 0000542189 00000 n 0000542253 00000 n 0000542317 00000 n 0000542381 00000 n 0000542445 00000 n 0000542508 00000 n 0000542571 00000 n 0000542635 00000 n 0000542699 00000 n 0000542762 00000 n 0000546643 00000 n 0000544936 00000 n 0000542994 00000 n 0000545060 00000 n 0000545122 00000 n 0000545186 00000 n 0000545250 00000 n 0000545313 00000 n 0000545377 00000 n 0000545441 00000 n 0000545504 00000 n 0000545568 00000 n 0000545632 00000 n 0000545696 00000 n 0000545760 00000 n 0000545823 00000 n 0000545886 00000 n 0000545949 00000 n 0000546012 00000 n 0000546075 00000 n 0000546138 00000 n 0000546326 00000 n 0000546389 00000 n 0000546453 00000 n 0000546517 00000 n 0000546580 00000 n 0000548663 00000 n 0000547844 00000 n 0000546798 00000 n 0000547968 00000 n 0000548030 00000 n 0000548093 00000 n 0000548157 00000 n 0000548221 00000 n 0000548285 00000 n 0000548348 00000 n 0000548410 00000 n 0000548473 00000 n 0000548537 00000 n 0000548600 00000 n 0000550768 00000 n 0000552882 00000 n 0000550623 00000 n 0000548777 00000 n 0000550926 00000 n 0000551240 00000 n 0000551303 00000 n 0000551366 00000 n 0000551430 00000 n 0000551493 00000 n 0000551556 00000 n 0000551620 00000 n 0000551684 00000 n 0000551748 00000 n 0000551812 00000 n 0000551875 00000 n 0000551938 00000 n 0000552000 00000 n 0000552064 00000 n 0000552126 00000 n 0000552189 00000 n 0000552252 00000 n 0000552315 00000 n 0000552378 00000 n 0000552441 00000 n 0000552504 00000 n 0000552568 00000 n 0000552631 00000 n 0000552694 00000 n 0000552758 00000 n 0000552820 00000 n 0000559884 00000 n 0000558232 00000 n 0000555251 00000 n 0000553051 00000 n 0000555375 00000 n 0000555437 00000 n 0000555501 00000 n 0000555564 00000 n 0000555627 00000 n 0000555754 00000 n 0000555817 00000 n 0000555880 00000 n 0000555943 00000 n 0000556007 00000 n 0000556071 00000 n 0000556134 00000 n 0000556197 00000 n 0000556260 00000 n 0000556324 00000 n 0000556388 00000 n 0000556452 00000 n 0000556516 00000 n 0000556580 00000 n 0000556643 00000 n 0000556707 00000 n 0000556770 00000 n 0000556834 00000 n 0000556898 00000 n 0000556961 00000 n 0000557025 00000 n 0000557088 00000 n 0000557150 00000 n 0000557214 00000 n 0000557277 00000 n 0000557341 00000 n 0000557405 00000 n 0000557468 00000 n 0000557532 00000 n 0000557596 00000 n 0000557660 00000 n 0000557724 00000 n 0000557788 00000 n 0000557852 00000 n 0000557915 00000 n 0000557978 00000 n 0000558041 00000 n 0000558105 00000 n 0000558168 00000 n 0000971067 00000 n 0000560958 00000 n 0000559635 00000 n 0000558401 00000 n 0000559759 00000 n 0000559821 00000 n 0000560010 00000 n 0000560073 00000 n 0000560198 00000 n 0000560261 00000 n 0000560325 00000 n 0000560388 00000 n 0000560451 00000 n 0000560513 00000 n 0000560577 00000 n 0000560640 00000 n 0000560704 00000 n 0000560767 00000 n 0000560830 00000 n 0000560894 00000 n 0000566914 00000 n 0000564759 00000 n 0000562480 00000 n 0000561113 00000 n 0000562604 00000 n 0000562666 00000 n 0000562729 00000 n 0000562792 00000 n 0000562856 00000 n 0000562919 00000 n 0000562983 00000 n 0000563046 00000 n 0000563109 00000 n 0000563173 00000 n 0000563236 00000 n 0000563300 00000 n 0000563363 00000 n 0000563426 00000 n 0000563490 00000 n 0000563553 00000 n 0000563617 00000 n 0000563743 00000 n 0000563806 00000 n 0000563870 00000 n 0000563934 00000 n 0000563997 00000 n 0000564061 00000 n 0000564125 00000 n 0000564189 00000 n 0000564253 00000 n 0000564379 00000 n 0000564505 00000 n 0000564568 00000 n 0000564632 00000 n 0000564696 00000 n 0000569540 00000 n 0000566769 00000 n 0000564914 00000 n 0000567073 00000 n 0000567135 00000 n 0000567260 00000 n 0000567323 00000 n 0000567387 00000 n 0000567451 00000 n 0000567515 00000 n 0000567578 00000 n 0000567642 00000 n 0000567768 00000 n 0000567831 00000 n 0000567894 00000 n 0000567957 00000 n 0000568021 00000 n 0000568084 00000 n 0000568148 00000 n 0000568212 00000 n 0000568338 00000 n 0000568401 00000 n 0000568465 00000 n 0000568529 00000 n 0000568593 00000 n 0000568719 00000 n 0000568782 00000 n 0000568845 00000 n 0000568909 00000 n 0000568973 00000 n 0000569035 00000 n 0000569097 00000 n 0000569160 00000 n 0000569223 00000 n 0000569286 00000 n 0000569349 00000 n 0000569413 00000 n 0000569476 00000 n 0000574816 00000 n 0000571460 00000 n 0000569723 00000 n 0000571584 00000 n 0000571646 00000 n 0000571709 00000 n 0000571773 00000 n 0000571835 00000 n 0000571898 00000 n 0000571961 00000 n 0000572025 00000 n 0000572088 00000 n 0000572151 00000 n 0000572215 00000 n 0000572279 00000 n 0000572343 00000 n 0000572406 00000 n 0000572469 00000 n 0000572533 00000 n 0000572597 00000 n 0000572661 00000 n 0000572725 00000 n 0000572789 00000 n 0000572852 00000 n 0000572916 00000 n 0000572980 00000 n 0000573044 00000 n 0000573107 00000 n 0000573170 00000 n 0000573234 00000 n 0000573297 00000 n 0000573360 00000 n 0000573423 00000 n 0000573487 00000 n 0000573551 00000 n 0000573615 00000 n 0000573679 00000 n 0000573741 00000 n 0000573805 00000 n 0000573868 00000 n 0000573931 00000 n 0000573995 00000 n 0000574058 00000 n 0000574121 00000 n 0000574184 00000 n 0000574248 00000 n 0000574312 00000 n 0000574438 00000 n 0000574501 00000 n 0000574564 00000 n 0000574627 00000 n 0000574690 00000 n 0000574753 00000 n 0000578494 00000 n 0000576418 00000 n 0000574957 00000 n 0000576542 00000 n 0000576604 00000 n 0000576667 00000 n 0000576730 00000 n 0000576792 00000 n 0000576854 00000 n 0000576979 00000 n 0000577042 00000 n 0000577168 00000 n 0000577231 00000 n 0000577294 00000 n 0000577420 00000 n 0000577483 00000 n 0000577547 00000 n 0000577609 00000 n 0000577735 00000 n 0000577798 00000 n 0000577924 00000 n 0000577987 00000 n 0000578051 00000 n 0000578114 00000 n 0000578178 00000 n 0000578241 00000 n 0000578304 00000 n 0000578367 00000 n 0000578431 00000 n 0000582464 00000 n 0000580446 00000 n 0000578663 00000 n 0000580570 00000 n 0000580695 00000 n 0000580758 00000 n 0000580821 00000 n 0000580947 00000 n 0000581009 00000 n 0000581073 00000 n 0000581199 00000 n 0000581262 00000 n 0000581325 00000 n 0000581451 00000 n 0000581514 00000 n 0000581578 00000 n 0000581641 00000 n 0000581705 00000 n 0000581768 00000 n 0000581832 00000 n 0000581896 00000 n 0000581959 00000 n 0000582021 00000 n 0000582084 00000 n 0000582148 00000 n 0000582212 00000 n 0000582338 00000 n 0000582401 00000 n 0000971192 00000 n 0000586572 00000 n 0000584432 00000 n 0000582633 00000 n 0000584556 00000 n 0000584618 00000 n 0000584680 00000 n 0000584743 00000 n 0000584806 00000 n 0000584870 00000 n 0000584934 00000 n 0000584997 00000 n 0000585060 00000 n 0000585124 00000 n 0000585187 00000 n 0000585250 00000 n 0000585314 00000 n 0000585375 00000 n 0000585436 00000 n 0000585499 00000 n 0000585562 00000 n 0000585625 00000 n 0000585688 00000 n 0000585751 00000 n 0000585814 00000 n 0000585878 00000 n 0000586003 00000 n 0000586064 00000 n 0000586127 00000 n 0000586191 00000 n 0000586254 00000 n 0000586317 00000 n 0000586381 00000 n 0000586445 00000 n 0000586508 00000 n 0000590866 00000 n 0000588663 00000 n 0000586727 00000 n 0000588787 00000 n 0000588849 00000 n 0000588911 00000 n 0000588974 00000 n 0000589036 00000 n 0000589099 00000 n 0000589162 00000 n 0000589226 00000 n 0000589290 00000 n 0000589354 00000 n 0000589417 00000 n 0000589479 00000 n 0000589542 00000 n 0000589606 00000 n 0000589732 00000 n 0000589795 00000 n 0000589858 00000 n 0000589921 00000 n 0000589984 00000 n 0000590046 00000 n 0000590109 00000 n 0000590172 00000 n 0000590236 00000 n 0000590298 00000 n 0000590360 00000 n 0000590424 00000 n 0000590487 00000 n 0000590550 00000 n 0000590614 00000 n 0000590677 00000 n 0000590740 00000 n 0000590803 00000 n 0000595307 00000 n 0000592590 00000 n 0000591049 00000 n 0000592714 00000 n 0000592776 00000 n 0000592839 00000 n 0000592902 00000 n 0000592966 00000 n 0000593029 00000 n 0000593092 00000 n 0000593155 00000 n 0000593218 00000 n 0000593281 00000 n 0000593343 00000 n 0000593405 00000 n 0000593469 00000 n 0000593532 00000 n 0000593596 00000 n 0000593660 00000 n 0000593723 00000 n 0000593787 00000 n 0000593851 00000 n 0000593914 00000 n 0000593978 00000 n 0000594042 00000 n 0000594105 00000 n 0000594169 00000 n 0000594233 00000 n 0000594295 00000 n 0000594359 00000 n 0000594422 00000 n 0000594485 00000 n 0000594549 00000 n 0000594675 00000 n 0000594738 00000 n 0000594802 00000 n 0000594928 00000 n 0000594991 00000 n 0000595054 00000 n 0000595117 00000 n 0000595180 00000 n 0000595244 00000 n 0000597659 00000 n 0000597812 00000 n 0000600112 00000 n 0000597505 00000 n 0000595462 00000 n 0000597964 00000 n 0000598089 00000 n 0000598152 00000 n 0000598341 00000 n 0000598404 00000 n 0000598467 00000 n 0000598531 00000 n 0000598592 00000 n 0000598653 00000 n 0000598715 00000 n 0000598778 00000 n 0000598842 00000 n 0000598905 00000 n 0000598969 00000 n 0000599033 00000 n 0000599097 00000 n 0000599161 00000 n 0000599225 00000 n 0000599289 00000 n 0000599352 00000 n 0000599415 00000 n 0000599479 00000 n 0000599542 00000 n 0000599605 00000 n 0000599668 00000 n 0000599731 00000 n 0000599795 00000 n 0000599859 00000 n 0000599922 00000 n 0000599985 00000 n 0000600049 00000 n 0000604291 00000 n 0000601763 00000 n 0000600267 00000 n 0000601887 00000 n 0000602012 00000 n 0000602137 00000 n 0000602200 00000 n 0000602264 00000 n 0000602328 00000 n 0000602392 00000 n 0000602456 00000 n 0000602520 00000 n 0000602583 00000 n 0000602647 00000 n 0000602711 00000 n 0000602773 00000 n 0000602837 00000 n 0000602962 00000 n 0000603025 00000 n 0000603088 00000 n 0000603151 00000 n 0000603215 00000 n 0000603279 00000 n 0000603342 00000 n 0000603405 00000 n 0000603468 00000 n 0000603532 00000 n 0000603658 00000 n 0000603721 00000 n 0000603785 00000 n 0000603849 00000 n 0000603912 00000 n 0000603975 00000 n 0000604039 00000 n 0000604165 00000 n 0000604228 00000 n 0000608690 00000 n 0000606024 00000 n 0000604460 00000 n 0000606148 00000 n 0000606210 00000 n 0000606273 00000 n 0000606337 00000 n 0000606401 00000 n 0000606465 00000 n 0000606590 00000 n 0000606653 00000 n 0000606717 00000 n 0000606781 00000 n 0000606845 00000 n 0000606909 00000 n 0000606973 00000 n 0000607037 00000 n 0000607100 00000 n 0000607164 00000 n 0000607228 00000 n 0000607292 00000 n 0000607355 00000 n 0000607418 00000 n 0000607482 00000 n 0000607546 00000 n 0000607670 00000 n 0000607733 00000 n 0000607797 00000 n 0000607861 00000 n 0000607925 00000 n 0000607989 00000 n 0000608053 00000 n 0000608116 00000 n 0000608179 00000 n 0000608243 00000 n 0000608307 00000 n 0000608371 00000 n 0000608435 00000 n 0000608499 00000 n 0000608562 00000 n 0000608626 00000 n 0000971317 00000 n 0000613294 00000 n 0000610641 00000 n 0000608831 00000 n 0000610765 00000 n 0000611079 00000 n 0000611141 00000 n 0000611204 00000 n 0000611267 00000 n 0000611330 00000 n 0000611392 00000 n 0000611454 00000 n 0000611516 00000 n 0000611580 00000 n 0000611643 00000 n 0000611707 00000 n 0000611771 00000 n 0000611835 00000 n 0000611899 00000 n 0000611962 00000 n 0000612025 00000 n 0000612089 00000 n 0000612153 00000 n 0000612217 00000 n 0000612281 00000 n 0000612345 00000 n 0000612409 00000 n 0000612473 00000 n 0000612536 00000 n 0000612600 00000 n 0000612664 00000 n 0000612728 00000 n 0000612791 00000 n 0000612854 00000 n 0000612917 00000 n 0000613042 00000 n 0000613104 00000 n 0000613167 00000 n 0000613230 00000 n 0000616896 00000 n 0000615193 00000 n 0000613421 00000 n 0000615317 00000 n 0000615379 00000 n 0000615442 00000 n 0000615631 00000 n 0000615694 00000 n 0000615758 00000 n 0000615821 00000 n 0000615884 00000 n 0000615947 00000 n 0000616009 00000 n 0000616072 00000 n 0000616135 00000 n 0000616198 00000 n 0000616261 00000 n 0000616325 00000 n 0000616388 00000 n 0000616452 00000 n 0000616515 00000 n 0000616579 00000 n 0000616643 00000 n 0000616706 00000 n 0000616769 00000 n 0000616832 00000 n 0000620218 00000 n 0000618897 00000 n 0000617023 00000 n 0000619021 00000 n 0000619083 00000 n 0000619146 00000 n 0000619210 00000 n 0000619274 00000 n 0000619338 00000 n 0000619401 00000 n 0000619464 00000 n 0000619527 00000 n 0000619716 00000 n 0000619779 00000 n 0000619843 00000 n 0000619906 00000 n 0000620093 00000 n 0000620156 00000 n 0000623608 00000 n 0000622350 00000 n 0000620345 00000 n 0000622474 00000 n 0000622536 00000 n 0000622724 00000 n 0000622787 00000 n 0000622851 00000 n 0000622913 00000 n 0000622976 00000 n 0000623039 00000 n 0000623102 00000 n 0000623166 00000 n 0000623229 00000 n 0000623293 00000 n 0000623355 00000 n 0000623419 00000 n 0000623481 00000 n 0000623544 00000 n 0000624368 00000 n 0000624119 00000 n 0000623721 00000 n 0000624243 00000 n 0000624305 00000 n 0000626006 00000 n 0000628683 00000 n 0000625861 00000 n 0000624454 00000 n 0000626157 00000 n 0000626469 00000 n 0000626532 00000 n 0000626595 00000 n 0000626658 00000 n 0000626722 00000 n 0000626785 00000 n 0000626848 00000 n 0000626912 00000 n 0000626976 00000 n 0000627039 00000 n 0000627102 00000 n 0000627166 00000 n 0000627230 00000 n 0000627293 00000 n 0000627355 00000 n 0000627419 00000 n 0000627483 00000 n 0000627545 00000 n 0000627608 00000 n 0000627671 00000 n 0000627735 00000 n 0000627798 00000 n 0000627861 00000 n 0000627924 00000 n 0000627988 00000 n 0000628052 00000 n 0000628115 00000 n 0000628178 00000 n 0000628242 00000 n 0000628304 00000 n 0000628367 00000 n 0000628431 00000 n 0000628494 00000 n 0000628557 00000 n 0000628621 00000 n 0000971442 00000 n 0000630515 00000 n 0000633200 00000 n 0000630370 00000 n 0000628796 00000 n 0000630667 00000 n 0000630729 00000 n 0000630792 00000 n 0000630855 00000 n 0000630919 00000 n 0000630983 00000 n 0000631046 00000 n 0000631110 00000 n 0000631172 00000 n 0000631235 00000 n 0000631299 00000 n 0000631363 00000 n 0000631427 00000 n 0000631491 00000 n 0000631554 00000 n 0000631617 00000 n 0000631681 00000 n 0000631744 00000 n 0000631807 00000 n 0000631870 00000 n 0000631934 00000 n 0000631997 00000 n 0000632060 00000 n 0000632124 00000 n 0000632187 00000 n 0000632250 00000 n 0000632314 00000 n 0000632377 00000 n 0000632440 00000 n 0000632504 00000 n 0000632567 00000 n 0000632630 00000 n 0000632694 00000 n 0000632757 00000 n 0000632818 00000 n 0000632882 00000 n 0000632946 00000 n 0000633010 00000 n 0000633073 00000 n 0000633136 00000 n 0000637007 00000 n 0000634736 00000 n 0000633314 00000 n 0000634860 00000 n 0000634922 00000 n 0000634985 00000 n 0000635048 00000 n 0000635112 00000 n 0000635175 00000 n 0000635239 00000 n 0000635302 00000 n 0000635365 00000 n 0000635429 00000 n 0000635493 00000 n 0000635556 00000 n 0000635619 00000 n 0000635683 00000 n 0000635746 00000 n 0000635809 00000 n 0000635873 00000 n 0000635936 00000 n 0000635998 00000 n 0000636062 00000 n 0000636125 00000 n 0000636188 00000 n 0000636252 00000 n 0000636315 00000 n 0000636378 00000 n 0000636442 00000 n 0000636505 00000 n 0000636568 00000 n 0000636632 00000 n 0000636695 00000 n 0000636758 00000 n 0000636818 00000 n 0000636881 00000 n 0000636944 00000 n 0000640696 00000 n 0000638424 00000 n 0000637121 00000 n 0000638548 00000 n 0000638610 00000 n 0000638673 00000 n 0000638736 00000 n 0000638800 00000 n 0000638862 00000 n 0000638925 00000 n 0000639115 00000 n 0000639178 00000 n 0000639241 00000 n 0000639304 00000 n 0000639367 00000 n 0000639431 00000 n 0000639493 00000 n 0000639556 00000 n 0000639620 00000 n 0000639683 00000 n 0000639746 00000 n 0000639810 00000 n 0000639873 00000 n 0000639936 00000 n 0000640000 00000 n 0000640063 00000 n 0000640126 00000 n 0000640190 00000 n 0000640379 00000 n 0000640442 00000 n 0000640505 00000 n 0000640568 00000 n 0000640632 00000 n 0000645264 00000 n 0000642613 00000 n 0000640809 00000 n 0000642737 00000 n 0000642799 00000 n 0000642862 00000 n 0000642925 00000 n 0000642989 00000 n 0000643052 00000 n 0000643115 00000 n 0000643178 00000 n 0000643242 00000 n 0000643306 00000 n 0000643369 00000 n 0000643432 00000 n 0000643494 00000 n 0000643557 00000 n 0000643747 00000 n 0000643810 00000 n 0000643873 00000 n 0000643936 00000 n 0000644000 00000 n 0000644063 00000 n 0000644126 00000 n 0000644190 00000 n 0000644253 00000 n 0000644315 00000 n 0000644379 00000 n 0000644442 00000 n 0000644505 00000 n 0000644569 00000 n 0000644632 00000 n 0000644695 00000 n 0000644758 00000 n 0000644822 00000 n 0000644884 00000 n 0000644946 00000 n 0000645009 00000 n 0000645072 00000 n 0000645136 00000 n 0000645200 00000 n 0000647174 00000 n 0000647330 00000 n 0000650197 00000 n 0000647020 00000 n 0000645405 00000 n 0000647482 00000 n 0000647544 00000 n 0000647606 00000 n 0000647669 00000 n 0000647732 00000 n 0000647796 00000 n 0000647859 00000 n 0000647922 00000 n 0000648111 00000 n 0000648174 00000 n 0000648238 00000 n 0000648301 00000 n 0000648364 00000 n 0000648425 00000 n 0000648488 00000 n 0000648551 00000 n 0000648615 00000 n 0000648678 00000 n 0000648741 00000 n 0000648805 00000 n 0000648868 00000 n 0000648931 00000 n 0000648994 00000 n 0000649058 00000 n 0000649122 00000 n 0000649186 00000 n 0000649249 00000 n 0000649312 00000 n 0000649376 00000 n 0000649440 00000 n 0000649503 00000 n 0000649566 00000 n 0000649630 00000 n 0000649693 00000 n 0000649755 00000 n 0000649818 00000 n 0000649882 00000 n 0000649946 00000 n 0000650009 00000 n 0000650071 00000 n 0000650134 00000 n 0000652408 00000 n 0000651082 00000 n 0000650338 00000 n 0000651206 00000 n 0000651268 00000 n 0000651331 00000 n 0000651394 00000 n 0000651458 00000 n 0000651522 00000 n 0000651584 00000 n 0000651648 00000 n 0000651712 00000 n 0000651775 00000 n 0000651838 00000 n 0000651902 00000 n 0000651966 00000 n 0000652029 00000 n 0000652092 00000 n 0000652156 00000 n 0000652220 00000 n 0000652281 00000 n 0000652344 00000 n 0000971567 00000 n 0000654709 00000 n 0000659944 00000 n 0000654564 00000 n 0000652508 00000 n 0000654860 00000 n 0000655174 00000 n 0000655237 00000 n 0000655300 00000 n 0000655363 00000 n 0000655427 00000 n 0000655491 00000 n 0000655554 00000 n 0000655618 00000 n 0000655682 00000 n 0000655745 00000 n 0000655809 00000 n 0000655873 00000 n 0000655936 00000 n 0000656000 00000 n 0000656064 00000 n 0000656127 00000 n 0000656191 00000 n 0000656255 00000 n 0000656318 00000 n 0000656382 00000 n 0000656446 00000 n 0000656510 00000 n 0000656574 00000 n 0000656637 00000 n 0000656701 00000 n 0000656765 00000 n 0000656829 00000 n 0000656893 00000 n 0000656956 00000 n 0000657020 00000 n 0000657084 00000 n 0000657148 00000 n 0000657212 00000 n 0000657275 00000 n 0000657339 00000 n 0000657403 00000 n 0000657467 00000 n 0000657531 00000 n 0000657594 00000 n 0000657658 00000 n 0000657722 00000 n 0000657786 00000 n 0000657850 00000 n 0000657912 00000 n 0000657976 00000 n 0000658040 00000 n 0000658104 00000 n 0000658168 00000 n 0000658230 00000 n 0000658293 00000 n 0000658356 00000 n 0000658418 00000 n 0000658482 00000 n 0000658545 00000 n 0000658609 00000 n 0000658673 00000 n 0000658737 00000 n 0000658800 00000 n 0000658864 00000 n 0000658928 00000 n 0000658991 00000 n 0000659054 00000 n 0000659118 00000 n 0000659182 00000 n 0000659246 00000 n 0000659309 00000 n 0000659373 00000 n 0000659437 00000 n 0000659501 00000 n 0000659564 00000 n 0000659627 00000 n 0000659689 00000 n 0000659753 00000 n 0000659817 00000 n 0000659881 00000 n 0000667677 00000 n 0000662286 00000 n 0000660085 00000 n 0000662410 00000 n 0000662472 00000 n 0000662536 00000 n 0000662600 00000 n 0000662663 00000 n 0000662726 00000 n 0000662789 00000 n 0000662852 00000 n 0000662916 00000 n 0000662980 00000 n 0000663044 00000 n 0000663107 00000 n 0000663171 00000 n 0000663235 00000 n 0000663299 00000 n 0000663361 00000 n 0000663425 00000 n 0000663489 00000 n 0000663553 00000 n 0000663616 00000 n 0000663680 00000 n 0000663744 00000 n 0000663808 00000 n 0000663871 00000 n 0000663934 00000 n 0000663997 00000 n 0000664060 00000 n 0000664124 00000 n 0000664188 00000 n 0000664249 00000 n 0000664313 00000 n 0000664377 00000 n 0000664440 00000 n 0000664504 00000 n 0000664568 00000 n 0000664631 00000 n 0000664695 00000 n 0000664759 00000 n 0000664949 00000 n 0000665012 00000 n 0000665075 00000 n 0000665139 00000 n 0000665203 00000 n 0000665267 00000 n 0000665331 00000 n 0000665395 00000 n 0000665459 00000 n 0000665523 00000 n 0000665587 00000 n 0000665650 00000 n 0000665713 00000 n 0000665776 00000 n 0000665839 00000 n 0000665902 00000 n 0000665966 00000 n 0000666030 00000 n 0000666094 00000 n 0000666156 00000 n 0000666220 00000 n 0000666284 00000 n 0000666348 00000 n 0000666411 00000 n 0000666475 00000 n 0000666539 00000 n 0000666602 00000 n 0000666665 00000 n 0000666728 00000 n 0000666792 00000 n 0000666856 00000 n 0000666919 00000 n 0000666983 00000 n 0000667173 00000 n 0000667236 00000 n 0000667299 00000 n 0000667363 00000 n 0000667427 00000 n 0000667490 00000 n 0000667553 00000 n 0000667616 00000 n 0000669275 00000 n 0000668451 00000 n 0000667832 00000 n 0000668575 00000 n 0000668637 00000 n 0000668701 00000 n 0000668765 00000 n 0000668829 00000 n 0000668892 00000 n 0000668956 00000 n 0000669020 00000 n 0000669083 00000 n 0000669147 00000 n 0000669211 00000 n 0000671178 00000 n 0000671331 00000 n 0000671481 00000 n 0000673275 00000 n 0000671015 00000 n 0000669375 00000 n 0000671632 00000 n 0000671944 00000 n 0000672007 00000 n 0000672071 00000 n 0000672135 00000 n 0000672199 00000 n 0000672262 00000 n 0000672325 00000 n 0000672388 00000 n 0000672452 00000 n 0000672516 00000 n 0000672580 00000 n 0000672643 00000 n 0000672707 00000 n 0000672771 00000 n 0000672834 00000 n 0000672897 00000 n 0000672960 00000 n 0000673023 00000 n 0000673086 00000 n 0000673149 00000 n 0000673212 00000 n 0000677314 00000 n 0000675483 00000 n 0000673430 00000 n 0000675607 00000 n 0000675669 00000 n 0000675732 00000 n 0000675795 00000 n 0000675859 00000 n 0000675922 00000 n 0000675984 00000 n 0000676109 00000 n 0000676171 00000 n 0000676235 00000 n 0000676298 00000 n 0000676361 00000 n 0000676425 00000 n 0000676489 00000 n 0000676553 00000 n 0000676616 00000 n 0000676679 00000 n 0000676743 00000 n 0000676807 00000 n 0000676870 00000 n 0000676934 00000 n 0000676997 00000 n 0000677061 00000 n 0000677125 00000 n 0000677187 00000 n 0000677251 00000 n 0000682417 00000 n 0000679313 00000 n 0000677483 00000 n 0000679437 00000 n 0000679499 00000 n 0000679625 00000 n 0000679688 00000 n 0000679751 00000 n 0000679814 00000 n 0000679877 00000 n 0000679939 00000 n 0000680003 00000 n 0000680067 00000 n 0000680131 00000 n 0000680194 00000 n 0000680257 00000 n 0000680320 00000 n 0000680383 00000 n 0000680446 00000 n 0000680509 00000 n 0000680572 00000 n 0000680636 00000 n 0000680700 00000 n 0000680764 00000 n 0000680827 00000 n 0000680890 00000 n 0000680954 00000 n 0000681018 00000 n 0000681082 00000 n 0000681145 00000 n 0000681208 00000 n 0000681272 00000 n 0000681336 00000 n 0000681400 00000 n 0000681463 00000 n 0000681527 00000 n 0000681591 00000 n 0000681654 00000 n 0000681717 00000 n 0000681780 00000 n 0000681843 00000 n 0000681907 00000 n 0000681971 00000 n 0000682035 00000 n 0000682098 00000 n 0000682162 00000 n 0000682226 00000 n 0000682290 00000 n 0000682354 00000 n 0000971692 00000 n 0000683742 00000 n 0000683893 00000 n 0000684045 00000 n 0000686227 00000 n 0000683579 00000 n 0000682572 00000 n 0000684202 00000 n 0000684264 00000 n 0000684326 00000 n 0000684515 00000 n 0000684578 00000 n 0000684641 00000 n 0000684704 00000 n 0000684768 00000 n 0000684832 00000 n 0000684896 00000 n 0000684960 00000 n 0000685024 00000 n 0000685088 00000 n 0000685152 00000 n 0000685216 00000 n 0000685279 00000 n 0000685342 00000 n 0000685406 00000 n 0000685469 00000 n 0000685532 00000 n 0000685595 00000 n 0000685659 00000 n 0000685722 00000 n 0000685785 00000 n 0000685975 00000 n 0000686038 00000 n 0000686101 00000 n 0000686164 00000 n 0000687228 00000 n 0000690666 00000 n 0000687083 00000 n 0000686368 00000 n 0000687383 00000 n 0000687445 00000 n 0000687507 00000 n 0000687570 00000 n 0000687633 00000 n 0000687697 00000 n 0000687760 00000 n 0000687823 00000 n 0000687886 00000 n 0000687949 00000 n 0000688012 00000 n 0000688076 00000 n 0000688139 00000 n 0000688202 00000 n 0000688266 00000 n 0000688329 00000 n 0000688392 00000 n 0000688455 00000 n 0000688518 00000 n 0000688581 00000 n 0000688645 00000 n 0000688708 00000 n 0000688771 00000 n 0000688835 00000 n 0000688898 00000 n 0000688961 00000 n 0000689024 00000 n 0000689087 00000 n 0000689150 00000 n 0000689214 00000 n 0000689277 00000 n 0000689340 00000 n 0000689404 00000 n 0000689467 00000 n 0000689530 00000 n 0000689592 00000 n 0000689655 00000 n 0000689718 00000 n 0000689782 00000 n 0000689845 00000 n 0000689908 00000 n 0000689972 00000 n 0000690035 00000 n 0000690098 00000 n 0000690161 00000 n 0000690224 00000 n 0000690287 00000 n 0000690477 00000 n 0000690540 00000 n 0000690603 00000 n 0000694695 00000 n 0000691858 00000 n 0000690793 00000 n 0000691982 00000 n 0000692044 00000 n 0000692106 00000 n 0000692169 00000 n 0000692232 00000 n 0000692295 00000 n 0000692358 00000 n 0000692421 00000 n 0000692484 00000 n 0000692548 00000 n 0000692611 00000 n 0000692674 00000 n 0000692738 00000 n 0000692801 00000 n 0000692864 00000 n 0000692927 00000 n 0000692990 00000 n 0000693053 00000 n 0000693117 00000 n 0000693180 00000 n 0000693243 00000 n 0000693307 00000 n 0000693370 00000 n 0000693433 00000 n 0000693496 00000 n 0000693559 00000 n 0000693622 00000 n 0000693686 00000 n 0000693874 00000 n 0000693937 00000 n 0000694000 00000 n 0000694063 00000 n 0000694126 00000 n 0000694189 00000 n 0000694252 00000 n 0000694316 00000 n 0000694379 00000 n 0000694442 00000 n 0000694506 00000 n 0000694569 00000 n 0000694632 00000 n 0000698812 00000 n 0000695848 00000 n 0000694822 00000 n 0000695972 00000 n 0000696034 00000 n 0000696096 00000 n 0000696159 00000 n 0000696222 00000 n 0000696412 00000 n 0000696475 00000 n 0000696538 00000 n 0000696601 00000 n 0000696664 00000 n 0000696727 00000 n 0000696790 00000 n 0000696854 00000 n 0000696917 00000 n 0000696980 00000 n 0000697044 00000 n 0000697107 00000 n 0000697170 00000 n 0000697234 00000 n 0000697297 00000 n 0000697360 00000 n 0000697423 00000 n 0000697486 00000 n 0000697549 00000 n 0000697613 00000 n 0000697676 00000 n 0000697739 00000 n 0000697803 00000 n 0000697866 00000 n 0000697929 00000 n 0000697991 00000 n 0000698054 00000 n 0000698117 00000 n 0000698181 00000 n 0000698243 00000 n 0000698305 00000 n 0000698369 00000 n 0000698432 00000 n 0000698495 00000 n 0000698559 00000 n 0000698622 00000 n 0000698685 00000 n 0000702510 00000 n 0000699991 00000 n 0000698939 00000 n 0000700115 00000 n 0000700177 00000 n 0000700302 00000 n 0000700365 00000 n 0000700428 00000 n 0000700491 00000 n 0000700554 00000 n 0000700618 00000 n 0000700681 00000 n 0000700744 00000 n 0000700808 00000 n 0000700871 00000 n 0000700934 00000 n 0000700998 00000 n 0000701061 00000 n 0000701124 00000 n 0000701188 00000 n 0000701251 00000 n 0000701314 00000 n 0000701378 00000 n 0000701439 00000 n 0000701500 00000 n 0000701564 00000 n 0000701627 00000 n 0000701690 00000 n 0000701754 00000 n 0000701817 00000 n 0000701880 00000 n 0000701944 00000 n 0000702007 00000 n 0000702070 00000 n 0000702259 00000 n 0000702322 00000 n 0000702385 00000 n 0000702448 00000 n 0000706299 00000 n 0000703778 00000 n 0000702637 00000 n 0000703902 00000 n 0000703964 00000 n 0000704026 00000 n 0000704089 00000 n 0000704152 00000 n 0000704216 00000 n 0000704279 00000 n 0000704342 00000 n 0000704405 00000 n 0000704468 00000 n 0000704531 00000 n 0000704595 00000 n 0000704658 00000 n 0000704721 00000 n 0000704910 00000 n 0000704972 00000 n 0000705035 00000 n 0000705098 00000 n 0000705161 00000 n 0000705224 00000 n 0000705287 00000 n 0000705351 00000 n 0000705414 00000 n 0000705477 00000 n 0000705541 00000 n 0000705604 00000 n 0000705667 00000 n 0000705857 00000 n 0000705920 00000 n 0000705983 00000 n 0000706046 00000 n 0000706109 00000 n 0000706172 00000 n 0000706235 00000 n 0000971817 00000 n 0000710363 00000 n 0000707651 00000 n 0000706426 00000 n 0000707775 00000 n 0000707837 00000 n 0000707899 00000 n 0000707962 00000 n 0000708025 00000 n 0000708089 00000 n 0000708152 00000 n 0000708215 00000 n 0000708278 00000 n 0000708341 00000 n 0000708404 00000 n 0000708467 00000 n 0000708530 00000 n 0000708593 00000 n 0000708657 00000 n 0000708720 00000 n 0000708783 00000 n 0000708846 00000 n 0000708909 00000 n 0000708972 00000 n 0000709161 00000 n 0000709224 00000 n 0000709287 00000 n 0000709350 00000 n 0000709413 00000 n 0000709476 00000 n 0000709539 00000 n 0000709603 00000 n 0000709666 00000 n 0000709729 00000 n 0000709793 00000 n 0000709856 00000 n 0000709919 00000 n 0000709983 00000 n 0000710046 00000 n 0000710109 00000 n 0000710173 00000 n 0000710236 00000 n 0000710299 00000 n 0000714614 00000 n 0000711777 00000 n 0000710490 00000 n 0000711901 00000 n 0000711963 00000 n 0000712025 00000 n 0000712088 00000 n 0000712151 00000 n 0000712215 00000 n 0000712278 00000 n 0000712341 00000 n 0000712405 00000 n 0000712468 00000 n 0000712531 00000 n 0000712595 00000 n 0000712657 00000 n 0000712719 00000 n 0000712909 00000 n 0000712971 00000 n 0000713034 00000 n 0000713097 00000 n 0000713160 00000 n 0000713223 00000 n 0000713287 00000 n 0000713350 00000 n 0000713413 00000 n 0000713476 00000 n 0000713539 00000 n 0000713602 00000 n 0000713666 00000 n 0000713729 00000 n 0000713792 00000 n 0000713856 00000 n 0000713919 00000 n 0000713982 00000 n 0000714046 00000 n 0000714108 00000 n 0000714170 00000 n 0000714234 00000 n 0000714297 00000 n 0000714360 00000 n 0000714424 00000 n 0000714487 00000 n 0000714550 00000 n 0000718529 00000 n 0000715951 00000 n 0000714741 00000 n 0000716075 00000 n 0000716137 00000 n 0000716199 00000 n 0000716262 00000 n 0000716325 00000 n 0000716389 00000 n 0000716452 00000 n 0000716515 00000 n 0000716579 00000 n 0000716642 00000 n 0000716705 00000 n 0000716769 00000 n 0000716832 00000 n 0000716895 00000 n 0000716959 00000 n 0000717022 00000 n 0000717085 00000 n 0000717148 00000 n 0000717211 00000 n 0000717275 00000 n 0000717337 00000 n 0000717399 00000 n 0000717462 00000 n 0000717525 00000 n 0000717712 00000 n 0000717774 00000 n 0000717837 00000 n 0000717900 00000 n 0000717963 00000 n 0000718026 00000 n 0000718089 00000 n 0000718153 00000 n 0000718215 00000 n 0000718277 00000 n 0000718341 00000 n 0000718404 00000 n 0000718467 00000 n 0000722768 00000 n 0000720120 00000 n 0000718656 00000 n 0000720244 00000 n 0000720306 00000 n 0000720369 00000 n 0000720432 00000 n 0000720496 00000 n 0000720559 00000 n 0000720622 00000 n 0000720684 00000 n 0000720747 00000 n 0000720810 00000 n 0000720874 00000 n 0000720937 00000 n 0000721000 00000 n 0000721190 00000 n 0000721253 00000 n 0000721316 00000 n 0000721379 00000 n 0000721442 00000 n 0000721505 00000 n 0000721568 00000 n 0000721632 00000 n 0000721694 00000 n 0000721756 00000 n 0000721820 00000 n 0000721883 00000 n 0000721946 00000 n 0000722010 00000 n 0000722073 00000 n 0000722136 00000 n 0000722199 00000 n 0000722262 00000 n 0000722325 00000 n 0000722389 00000 n 0000722452 00000 n 0000722515 00000 n 0000722579 00000 n 0000722642 00000 n 0000722705 00000 n 0000727008 00000 n 0000724483 00000 n 0000722895 00000 n 0000724607 00000 n 0000724669 00000 n 0000724732 00000 n 0000724795 00000 n 0000724859 00000 n 0000724922 00000 n 0000724985 00000 n 0000725049 00000 n 0000725112 00000 n 0000725175 00000 n 0000725239 00000 n 0000725302 00000 n 0000725365 00000 n 0000725429 00000 n 0000725492 00000 n 0000725555 00000 n 0000725619 00000 n 0000725682 00000 n 0000725745 00000 n 0000725809 00000 n 0000725872 00000 n 0000725935 00000 n 0000725999 00000 n 0000726063 00000 n 0000726126 00000 n 0000726189 00000 n 0000726252 00000 n 0000726315 00000 n 0000726378 00000 n 0000726442 00000 n 0000726504 00000 n 0000726566 00000 n 0000726630 00000 n 0000726692 00000 n 0000726754 00000 n 0000726818 00000 n 0000726881 00000 n 0000726944 00000 n 0000731862 00000 n 0000728584 00000 n 0000727122 00000 n 0000728708 00000 n 0000728770 00000 n 0000728832 00000 n 0000728895 00000 n 0000728958 00000 n 0000729022 00000 n 0000729084 00000 n 0000729146 00000 n 0000729210 00000 n 0000729273 00000 n 0000729336 00000 n 0000729400 00000 n 0000729464 00000 n 0000729527 00000 n 0000729590 00000 n 0000729654 00000 n 0000729717 00000 n 0000729780 00000 n 0000729844 00000 n 0000729905 00000 n 0000729966 00000 n 0000730028 00000 n 0000730091 00000 n 0000730154 00000 n 0000730218 00000 n 0000730281 00000 n 0000730344 00000 n 0000730407 00000 n 0000730470 00000 n 0000730534 00000 n 0000730597 00000 n 0000730660 00000 n 0000730724 00000 n 0000730787 00000 n 0000730850 00000 n 0000730914 00000 n 0000730977 00000 n 0000731040 00000 n 0000731104 00000 n 0000731167 00000 n 0000731230 00000 n 0000731294 00000 n 0000731357 00000 n 0000731420 00000 n 0000731484 00000 n 0000731547 00000 n 0000731610 00000 n 0000731674 00000 n 0000731736 00000 n 0000731798 00000 n 0000971942 00000 n 0000736572 00000 n 0000733667 00000 n 0000731976 00000 n 0000733791 00000 n 0000733853 00000 n 0000733915 00000 n 0000733978 00000 n 0000734041 00000 n 0000734105 00000 n 0000734168 00000 n 0000734231 00000 n 0000734295 00000 n 0000734358 00000 n 0000734421 00000 n 0000734485 00000 n 0000734548 00000 n 0000734611 00000 n 0000734674 00000 n 0000734738 00000 n 0000734801 00000 n 0000734864 00000 n 0000734928 00000 n 0000734991 00000 n 0000735054 00000 n 0000735118 00000 n 0000735180 00000 n 0000735242 00000 n 0000735306 00000 n 0000735369 00000 n 0000735432 00000 n 0000735496 00000 n 0000735559 00000 n 0000735622 00000 n 0000735686 00000 n 0000735749 00000 n 0000735812 00000 n 0000735876 00000 n 0000735939 00000 n 0000736002 00000 n 0000736066 00000 n 0000736130 00000 n 0000736194 00000 n 0000736257 00000 n 0000736320 00000 n 0000736384 00000 n 0000736446 00000 n 0000736508 00000 n 0000741533 00000 n 0000738306 00000 n 0000736700 00000 n 0000738430 00000 n 0000738492 00000 n 0000738555 00000 n 0000738618 00000 n 0000738682 00000 n 0000738746 00000 n 0000738810 00000 n 0000738873 00000 n 0000738936 00000 n 0000739000 00000 n 0000739064 00000 n 0000739127 00000 n 0000739190 00000 n 0000739254 00000 n 0000739317 00000 n 0000739380 00000 n 0000739443 00000 n 0000739506 00000 n 0000739569 00000 n 0000739633 00000 n 0000739697 00000 n 0000739761 00000 n 0000739824 00000 n 0000739887 00000 n 0000739951 00000 n 0000740014 00000 n 0000740077 00000 n 0000740141 00000 n 0000740204 00000 n 0000740267 00000 n 0000740330 00000 n 0000740393 00000 n 0000740456 00000 n 0000740520 00000 n 0000740583 00000 n 0000740646 00000 n 0000740710 00000 n 0000740774 00000 n 0000740837 00000 n 0000740900 00000 n 0000740963 00000 n 0000741026 00000 n 0000741089 00000 n 0000741153 00000 n 0000741216 00000 n 0000741279 00000 n 0000741343 00000 n 0000741406 00000 n 0000741469 00000 n 0000746128 00000 n 0000742785 00000 n 0000741661 00000 n 0000742909 00000 n 0000742971 00000 n 0000743033 00000 n 0000743096 00000 n 0000743159 00000 n 0000743223 00000 n 0000743285 00000 n 0000743347 00000 n 0000743411 00000 n 0000743474 00000 n 0000743537 00000 n 0000743601 00000 n 0000743664 00000 n 0000743727 00000 n 0000743791 00000 n 0000743854 00000 n 0000743917 00000 n 0000743981 00000 n 0000744044 00000 n 0000744107 00000 n 0000744171 00000 n 0000744234 00000 n 0000744297 00000 n 0000744361 00000 n 0000744424 00000 n 0000744487 00000 n 0000744551 00000 n 0000744613 00000 n 0000744675 00000 n 0000744739 00000 n 0000744802 00000 n 0000744865 00000 n 0000744929 00000 n 0000744992 00000 n 0000745055 00000 n 0000745119 00000 n 0000745181 00000 n 0000745243 00000 n 0000745307 00000 n 0000745370 00000 n 0000745433 00000 n 0000745497 00000 n 0000745560 00000 n 0000745623 00000 n 0000745687 00000 n 0000745749 00000 n 0000745811 00000 n 0000745875 00000 n 0000745938 00000 n 0000746001 00000 n 0000746064 00000 n 0000750712 00000 n 0000748061 00000 n 0000746242 00000 n 0000748185 00000 n 0000748247 00000 n 0000748310 00000 n 0000748373 00000 n 0000748437 00000 n 0000748500 00000 n 0000748563 00000 n 0000748627 00000 n 0000748690 00000 n 0000748753 00000 n 0000748817 00000 n 0000748880 00000 n 0000748943 00000 n 0000749007 00000 n 0000749070 00000 n 0000749133 00000 n 0000749197 00000 n 0000749260 00000 n 0000749323 00000 n 0000749387 00000 n 0000749450 00000 n 0000749513 00000 n 0000749577 00000 n 0000749640 00000 n 0000749703 00000 n 0000749767 00000 n 0000749830 00000 n 0000749893 00000 n 0000749957 00000 n 0000750019 00000 n 0000750081 00000 n 0000750145 00000 n 0000750207 00000 n 0000750269 00000 n 0000750332 00000 n 0000750395 00000 n 0000750458 00000 n 0000750522 00000 n 0000750585 00000 n 0000750648 00000 n 0000752284 00000 n 0000755338 00000 n 0000752139 00000 n 0000750826 00000 n 0000752436 00000 n 0000752498 00000 n 0000752560 00000 n 0000752623 00000 n 0000752813 00000 n 0000752876 00000 n 0000752939 00000 n 0000753002 00000 n 0000753065 00000 n 0000753128 00000 n 0000753191 00000 n 0000753255 00000 n 0000753318 00000 n 0000753381 00000 n 0000753444 00000 n 0000753507 00000 n 0000753571 00000 n 0000753634 00000 n 0000753697 00000 n 0000753761 00000 n 0000753822 00000 n 0000753883 00000 n 0000753947 00000 n 0000754010 00000 n 0000754073 00000 n 0000754137 00000 n 0000754200 00000 n 0000754263 00000 n 0000754327 00000 n 0000754389 00000 n 0000754451 00000 n 0000754515 00000 n 0000754578 00000 n 0000754641 00000 n 0000754705 00000 n 0000754768 00000 n 0000754831 00000 n 0000754895 00000 n 0000754958 00000 n 0000755021 00000 n 0000755085 00000 n 0000755148 00000 n 0000755211 00000 n 0000757013 00000 n 0000758307 00000 n 0000756868 00000 n 0000755465 00000 n 0000757166 00000 n 0000757291 00000 n 0000757354 00000 n 0000757418 00000 n 0000757481 00000 n 0000757544 00000 n 0000757607 00000 n 0000757671 00000 n 0000757734 00000 n 0000757797 00000 n 0000757861 00000 n 0000757925 00000 n 0000757988 00000 n 0000758051 00000 n 0000758115 00000 n 0000758179 00000 n 0000758243 00000 n 0000972067 00000 n 0000762525 00000 n 0000759745 00000 n 0000758462 00000 n 0000759869 00000 n 0000760057 00000 n 0000760120 00000 n 0000760184 00000 n 0000760248 00000 n 0000760312 00000 n 0000760375 00000 n 0000760439 00000 n 0000760629 00000 n 0000760692 00000 n 0000760755 00000 n 0000760817 00000 n 0000760881 00000 n 0000760944 00000 n 0000761007 00000 n 0000761071 00000 n 0000761134 00000 n 0000761197 00000 n 0000761261 00000 n 0000761323 00000 n 0000761386 00000 n 0000761450 00000 n 0000761513 00000 n 0000761576 00000 n 0000761640 00000 n 0000761703 00000 n 0000761766 00000 n 0000761830 00000 n 0000761893 00000 n 0000761956 00000 n 0000762020 00000 n 0000762082 00000 n 0000762145 00000 n 0000762209 00000 n 0000762273 00000 n 0000762336 00000 n 0000762399 00000 n 0000762463 00000 n 0000766557 00000 n 0000763527 00000 n 0000762638 00000 n 0000763651 00000 n 0000763775 00000 n 0000763838 00000 n 0000763901 00000 n 0000763965 00000 n 0000764027 00000 n 0000764091 00000 n 0000764154 00000 n 0000764217 00000 n 0000764281 00000 n 0000764344 00000 n 0000764407 00000 n 0000764470 00000 n 0000764533 00000 n 0000764596 00000 n 0000764660 00000 n 0000764723 00000 n 0000764785 00000 n 0000764849 00000 n 0000764912 00000 n 0000764975 00000 n 0000765038 00000 n 0000765101 00000 n 0000765164 00000 n 0000765228 00000 n 0000765291 00000 n 0000765354 00000 n 0000765418 00000 n 0000765481 00000 n 0000765544 00000 n 0000765608 00000 n 0000765671 00000 n 0000765734 00000 n 0000765798 00000 n 0000765861 00000 n 0000765924 00000 n 0000765988 00000 n 0000766051 00000 n 0000766114 00000 n 0000766178 00000 n 0000766241 00000 n 0000766304 00000 n 0000766368 00000 n 0000766431 00000 n 0000766493 00000 n 0000770227 00000 n 0000767448 00000 n 0000766643 00000 n 0000767572 00000 n 0000767634 00000 n 0000767697 00000 n 0000767760 00000 n 0000767887 00000 n 0000767949 00000 n 0000768012 00000 n 0000768074 00000 n 0000768138 00000 n 0000768201 00000 n 0000768264 00000 n 0000768328 00000 n 0000768391 00000 n 0000768454 00000 n 0000768518 00000 n 0000768581 00000 n 0000768644 00000 n 0000768708 00000 n 0000768771 00000 n 0000768834 00000 n 0000768898 00000 n 0000768961 00000 n 0000769024 00000 n 0000769088 00000 n 0000769151 00000 n 0000769214 00000 n 0000769404 00000 n 0000769467 00000 n 0000769530 00000 n 0000769593 00000 n 0000769657 00000 n 0000769720 00000 n 0000769783 00000 n 0000769847 00000 n 0000769910 00000 n 0000769973 00000 n 0000770037 00000 n 0000770100 00000 n 0000770163 00000 n 0000771529 00000 n 0000771091 00000 n 0000770326 00000 n 0000771215 00000 n 0000771403 00000 n 0000771466 00000 n 0000772330 00000 n 0000772144 00000 n 0000771642 00000 n 0000772268 00000 n 0000772417 00000 n 0000772453 00000 n 0000772491 00000 n 0000965685 00000 n 0000772529 00000 n 0000772853 00000 n 0000773245 00000 n 0000773722 00000 n 0000774106 00000 n 0000774502 00000 n 0000775081 00000 n 0000775661 00000 n 0000776236 00000 n 0000776879 00000 n 0000777457 00000 n 0000784600 00000 n 0000784835 00000 n 0000791980 00000 n 0000792214 00000 n 0000799359 00000 n 0000799593 00000 n 0000817610 00000 n 0000818098 00000 n 0000836629 00000 n 0000837176 00000 n 0000857224 00000 n 0000857859 00000 n 0000866082 00000 n 0000866384 00000 n 0000880423 00000 n 0000880951 00000 n 0000893004 00000 n 0000893615 00000 n 0000902956 00000 n 0000903400 00000 n 0000922608 00000 n 0000923206 00000 n 0000945474 00000 n 0000946179 00000 n 0000965144 00000 n 0000972192 00000 n 0000972317 00000 n 0000972443 00000 n 0000972569 00000 n 0000972695 00000 n 0000972821 00000 n 0000972922 00000 n 0000994975 00000 n 0000995140 00000 n 0000995308 00000 n 0000995477 00000 n 0000995646 00000 n 0000995814 00000 n 0000995983 00000 n 0000996149 00000 n 0000996315 00000 n 0000996483 00000 n 0000996650 00000 n 0000996819 00000 n 0000996987 00000 n 0000997155 00000 n 0000997324 00000 n 0000997492 00000 n 0000997661 00000 n 0000997829 00000 n 0000997998 00000 n 0000998166 00000 n 0000998334 00000 n 0000998501 00000 n 0000998670 00000 n 0000998838 00000 n 0000999007 00000 n 0000999175 00000 n 0000999342 00000 n 0000999511 00000 n 0000999679 00000 n 0000999848 00000 n 0001000016 00000 n 0001000184 00000 n 0001000353 00000 n 0001000521 00000 n 0001000690 00000 n 0001000857 00000 n 0001001025 00000 n 0001001194 00000 n 0001001362 00000 n 0001001530 00000 n 0001001699 00000 n 0001001867 00000 n 0001002034 00000 n 0001002203 00000 n 0001002371 00000 n 0001002540 00000 n 0001002707 00000 n 0001002875 00000 n 0001003044 00000 n 0001003212 00000 n 0001003381 00000 n 0001003548 00000 n 0001003716 00000 n 0001003885 00000 n 0001004052 00000 n 0001004220 00000 n 0001004388 00000 n 0001004557 00000 n 0001004725 00000 n 0001004893 00000 n 0001005062 00000 n 0001005231 00000 n 0001005400 00000 n 0001005569 00000 n 0001005736 00000 n 0001005901 00000 n 0001006066 00000 n 0001006235 00000 n 0001006403 00000 n 0001006570 00000 n 0001006737 00000 n 0001006906 00000 n 0001007075 00000 n 0001007242 00000 n 0001007411 00000 n 0001007579 00000 n 0001007746 00000 n 0001007915 00000 n 0001008084 00000 n 0001008249 00000 n 0001008416 00000 n 0001008584 00000 n 0001008753 00000 n 0001008921 00000 n 0001009089 00000 n 0001009258 00000 n 0001009427 00000 n 0001009594 00000 n 0001009763 00000 n 0001009931 00000 n 0001010100 00000 n 0001010268 00000 n 0001010437 00000 n 0001010601 00000 n 0001010770 00000 n 0001010938 00000 n 0001011105 00000 n 0001011274 00000 n 0001011442 00000 n 0001011611 00000 n 0001011780 00000 n 0001011948 00000 n 0001012117 00000 n 0001012286 00000 n 0001012454 00000 n 0001012623 00000 n 0001012791 00000 n 0001012956 00000 n 0001013125 00000 n 0001013292 00000 n 0001013461 00000 n 0001013630 00000 n 0001013798 00000 n 0001013966 00000 n 0001014135 00000 n 0001014303 00000 n 0001014472 00000 n 0001014639 00000 n 0001014806 00000 n 0001014975 00000 n 0001015143 00000 n 0001015312 00000 n 0001015480 00000 n 0001015649 00000 n 0001015813 00000 n 0001015981 00000 n 0001016150 00000 n 0001016319 00000 n 0001016488 00000 n 0001016656 00000 n 0001016825 00000 n 0001016992 00000 n 0001017159 00000 n 0001017327 00000 n 0001017496 00000 n 0001017665 00000 n 0001017833 00000 n 0001018000 00000 n 0001018169 00000 n 0001018335 00000 n 0001018504 00000 n 0001018673 00000 n 0001018841 00000 n 0001019008 00000 n 0001019177 00000 n 0001019345 00000 n 0001019512 00000 n 0001019681 00000 n 0001019850 00000 n 0001020019 00000 n 0001020187 00000 n 0001020356 00000 n 0001020524 00000 n 0001020692 00000 n 0001020861 00000 n 0001021028 00000 n 0001021197 00000 n 0001021364 00000 n 0001021532 00000 n 0001021701 00000 n 0001021869 00000 n 0001022038 00000 n 0001022207 00000 n 0001022374 00000 n 0001022542 00000 n 0001022709 00000 n 0001022878 00000 n 0001023047 00000 n 0001023215 00000 n 0001023384 00000 n 0001023548 00000 n 0001023715 00000 n 0001023884 00000 n 0001024052 00000 n 0001024221 00000 n 0001024390 00000 n 0001024558 00000 n 0001024726 00000 n 0001024894 00000 n 0001025063 00000 n 0001025232 00000 n 0001025400 00000 n 0001025569 00000 n 0001025737 00000 n 0001025906 00000 n 0001026073 00000 n 0001026242 00000 n 0001026409 00000 n 0001026577 00000 n 0001026746 00000 n 0001026913 00000 n 0001027082 00000 n 0001027249 00000 n 0001027418 00000 n 0001027586 00000 n 0001027755 00000 n 0001027923 00000 n 0001028090 00000 n 0001028259 00000 n 0001028427 00000 n 0001028594 00000 n 0001028763 00000 n 0001028931 00000 n 0001029099 00000 n 0001029268 00000 n 0001029437 00000 n 0001029605 00000 n 0001029774 00000 n 0001029943 00000 n 0001030112 00000 n 0001030281 00000 n 0001030450 00000 n 0001030617 00000 n 0001030786 00000 n 0001030954 00000 n 0001031121 00000 n 0001031290 00000 n 0001031458 00000 n 0001031627 00000 n 0001031794 00000 n 0001031961 00000 n 0001032130 00000 n 0001032298 00000 n 0001032467 00000 n 0001032634 00000 n 0001032802 00000 n 0001032970 00000 n 0001033139 00000 n 0001033307 00000 n 0001033476 00000 n 0001033643 00000 n 0001033809 00000 n 0001033976 00000 n 0001034145 00000 n 0001034313 00000 n 0001034482 00000 n 0001034649 00000 n 0001034818 00000 n 0001034987 00000 n 0001035154 00000 n 0001035322 00000 n 0001035491 00000 n 0001035659 00000 n 0001035826 00000 n 0001035995 00000 n 0001036163 00000 n 0001036332 00000 n 0001036500 00000 n 0001036668 00000 n 0001036835 00000 n 0001037004 00000 n 0001037172 00000 n 0001037341 00000 n 0001037510 00000 n 0001037679 00000 n 0001037848 00000 n 0001038015 00000 n 0001038183 00000 n 0001038352 00000 n 0001038519 00000 n 0001038687 00000 n 0001038856 00000 n 0001039022 00000 n 0001039191 00000 n 0001039359 00000 n 0001039527 00000 n 0001039696 00000 n 0001039864 00000 n 0001040033 00000 n 0001040200 00000 n 0001040368 00000 n 0001040537 00000 n 0001040705 00000 n 0001040874 00000 n 0001041041 00000 n 0001041209 00000 n 0001041378 00000 n 0001041546 00000 n 0001041713 00000 n 0001041882 00000 n 0001042050 00000 n 0001042219 00000 n 0001042388 00000 n 0001042557 00000 n 0001042726 00000 n 0001042894 00000 n 0001043063 00000 n 0001043231 00000 n 0001043400 00000 n 0001043568 00000 n 0001043736 00000 n 0001043905 00000 n 0001044073 00000 n 0001044242 00000 n 0001044409 00000 n 0001044574 00000 n 0001044743 00000 n 0001044911 00000 n 0001045080 00000 n 0001045248 00000 n 0001045415 00000 n 0001045584 00000 n 0001045752 00000 n 0001045921 00000 n 0001046089 00000 n 0001046257 00000 n 0001046426 00000 n 0001046594 00000 n 0001046762 00000 n 0001046931 00000 n 0001047099 00000 n 0001047268 00000 n 0001047436 00000 n 0001047604 00000 n 0001047773 00000 n 0001047940 00000 n 0001048108 00000 n 0001048277 00000 n 0001048445 00000 n 0001048612 00000 n 0001048781 00000 n 0001048949 00000 n 0001049118 00000 n 0001049286 00000 n 0001049453 00000 n 0001049622 00000 n 0001049790 00000 n 0001049959 00000 n 0001050127 00000 n 0001050296 00000 n 0001050463 00000 n 0001050632 00000 n 0001050800 00000 n 0001050969 00000 n 0001051136 00000 n 0001051304 00000 n 0001051473 00000 n 0001051640 00000 n 0001051808 00000 n 0001051977 00000 n 0001052145 00000 n 0001052314 00000 n 0001052483 00000 n 0001052652 00000 n 0001052819 00000 n 0001052988 00000 n 0001053156 00000 n 0001053325 00000 n 0001053492 00000 n 0001053659 00000 n 0001053828 00000 n 0001053996 00000 n 0001054165 00000 n 0001054333 00000 n 0001054502 00000 n 0001054670 00000 n 0001054838 00000 n 0001055007 00000 n 0001055175 00000 n 0001055340 00000 n 0001055509 00000 n 0001055677 00000 n 0001055846 00000 n 0001056013 00000 n 0001056181 00000 n 0001056350 00000 n 0001056518 00000 n 0001056687 00000 n 0001056856 00000 n 0001057024 00000 n 0001057191 00000 n 0001057360 00000 n 0001057528 00000 n 0001057696 00000 n 0001057865 00000 n 0001058032 00000 n 0001058200 00000 n 0001058369 00000 n 0001058536 00000 n 0001058705 00000 n 0001058874 00000 n 0001059041 00000 n 0001059207 00000 n 0001059375 00000 n 0001059540 00000 n 0001059709 00000 n 0001059877 00000 n 0001060046 00000 n 0001060214 00000 n 0001060383 00000 n 0001060551 00000 n 0001060720 00000 n 0001060888 00000 n 0001061055 00000 n 0001061224 00000 n 0001061392 00000 n 0001061561 00000 n 0001061730 00000 n 0001061897 00000 n 0001062065 00000 n 0001062234 00000 n 0001062398 00000 n 0001062565 00000 n 0001062734 00000 n 0001062902 00000 n 0001063071 00000 n 0001063240 00000 n 0001063409 00000 n 0001063577 00000 n 0001063746 00000 n 0001063914 00000 n 0001064083 00000 n 0001064250 00000 n 0001064418 00000 n 0001064586 00000 n 0001064755 00000 n 0001064919 00000 n 0001065087 00000 n 0001065256 00000 n 0001065424 00000 n 0001065593 00000 n 0001065762 00000 n 0001065930 00000 n 0001066099 00000 n 0001066267 00000 n 0001066436 00000 n 0001066605 00000 n 0001066774 00000 n 0001066943 00000 n 0001067111 00000 n 0001067280 00000 n 0001067449 00000 n 0001067613 00000 n 0001067782 00000 n 0001067949 00000 n 0001068116 00000 n 0001068285 00000 n 0001068453 00000 n 0001068622 00000 n 0001068791 00000 n 0001068960 00000 n 0001069129 00000 n 0001069296 00000 n 0001069463 00000 n 0001069632 00000 n 0001069800 00000 n 0001069969 00000 n 0001070136 00000 n 0001070301 00000 n 0001070468 00000 n 0001070635 00000 n 0001070804 00000 n 0001070973 00000 n 0001071141 00000 n 0001071310 00000 n 0001071478 00000 n 0001071645 00000 n 0001071814 00000 n 0001071982 00000 n 0001072151 00000 n 0001072319 00000 n 0001072488 00000 n 0001072655 00000 n 0001072823 00000 n 0001072988 00000 n 0001073155 00000 n 0001073322 00000 n 0001073491 00000 n 0001073659 00000 n 0001073828 00000 n 0001073996 00000 n 0001074165 00000 n 0001074334 00000 n 0001074502 00000 n 0001074671 00000 n 0001074839 00000 n 0001075007 00000 n 0001075176 00000 n 0001075344 00000 n 0001075512 00000 n 0001075681 00000 n 0001075846 00000 n 0001076015 00000 n 0001076184 00000 n 0001076351 00000 n 0001076519 00000 n 0001076688 00000 n 0001076856 00000 n 0001077025 00000 n 0001077192 00000 n 0001077361 00000 n 0001077528 00000 n 0001077697 00000 n 0001077865 00000 n 0001078032 00000 n 0001078201 00000 n 0001078367 00000 n 0001078536 00000 n 0001078704 00000 n 0001078872 00000 n 0001079039 00000 n 0001079208 00000 n 0001079377 00000 n 0001079545 00000 n 0001079714 00000 n 0001079882 00000 n 0001080049 00000 n 0001080218 00000 n 0001080386 00000 n 0001080555 00000 n 0001080723 00000 n 0001080888 00000 n 0001081057 00000 n 0001081225 00000 n 0001081394 00000 n 0001081559 00000 n 0001081728 00000 n 0001081897 00000 n 0001082066 00000 n 0001082235 00000 n 0001082404 00000 n 0001082573 00000 n 0001082742 00000 n 0001082911 00000 n 0001083078 00000 n 0001083247 00000 n 0001083416 00000 n 0001083585 00000 n 0001083754 00000 n 0001083923 00000 n 0001084092 00000 n 0001084261 00000 n 0001084430 00000 n 0001084599 00000 n 0001084768 00000 n 0001084937 00000 n 0001085106 00000 n 0001085275 00000 n 0001085444 00000 n 0001085609 00000 n 0001085778 00000 n 0001085947 00000 n 0001086116 00000 n 0001086285 00000 n 0001086454 00000 n 0001086623 00000 n 0001086792 00000 n 0001086961 00000 n 0001087130 00000 n 0001087299 00000 n 0001087468 00000 n 0001087637 00000 n 0001087804 00000 n 0001087973 00000 n 0001088142 00000 n 0001088311 00000 n 0001088480 00000 n 0001088649 00000 n 0001088818 00000 n 0001088987 00000 n 0001089156 00000 n 0001089325 00000 n 0001089494 00000 n 0001089663 00000 n 0001089832 00000 n 0001090001 00000 n 0001090168 00000 n 0001090337 00000 n 0001090506 00000 n 0001090675 00000 n 0001090844 00000 n 0001091013 00000 n 0001091182 00000 n 0001091351 00000 n 0001091520 00000 n 0001091689 00000 n 0001091858 00000 n 0001092027 00000 n 0001092192 00000 n 0001092361 00000 n 0001092529 00000 n 0001092696 00000 n 0001092865 00000 n 0001093033 00000 n 0001093201 00000 n 0001093370 00000 n 0001093537 00000 n 0001093705 00000 n 0001093873 00000 n 0001094042 00000 n 0001094210 00000 n 0001094378 00000 n 0001094547 00000 n 0001094711 00000 n 0001094879 00000 n 0001095046 00000 n 0001095215 00000 n 0001095383 00000 n 0001095550 00000 n 0001095719 00000 n 0001095886 00000 n 0001096054 00000 n 0001096221 00000 n 0001096390 00000 n 0001096558 00000 n 0001096725 00000 n 0001096894 00000 n 0001097060 00000 n 0001097229 00000 n 0001097396 00000 n 0001097563 00000 n 0001097730 00000 n 0001097899 00000 n 0001098067 00000 n 0001098236 00000 n 0001098405 00000 n 0001098574 00000 n 0001098743 00000 n 0001098912 00000 n 0001099081 00000 n 0001099250 00000 n 0001099419 00000 n 0001099586 00000 n 0001099751 00000 n 0001099918 00000 n 0001100087 00000 n 0001100256 00000 n 0001100425 00000 n 0001100594 00000 n 0001100763 00000 n 0001100932 00000 n 0001101101 00000 n 0001101270 00000 n 0001101439 00000 n 0001101608 00000 n 0001101777 00000 n 0001101946 00000 n 0001102115 00000 n 0001102282 00000 n 0001102451 00000 n 0001102620 00000 n 0001102789 00000 n 0001102958 00000 n 0001103127 00000 n 0001103296 00000 n 0001103465 00000 n 0001103634 00000 n 0001103803 00000 n 0001103972 00000 n 0001104141 00000 n 0001104310 00000 n 0001104479 00000 n 0001104648 00000 n 0001104812 00000 n 0001104981 00000 n 0001105150 00000 n 0001105318 00000 n 0001105486 00000 n 0001105655 00000 n 0001105822 00000 n 0001105991 00000 n 0001106160 00000 n 0001106329 00000 n 0001106498 00000 n 0001106667 00000 n 0001106836 00000 n 0001107005 00000 n 0001107174 00000 n 0001107341 00000 n 0001107510 00000 n 0001107679 00000 n 0001107848 00000 n 0001108017 00000 n 0001108186 00000 n 0001108355 00000 n 0001108524 00000 n 0001108693 00000 n 0001108862 00000 n 0001109031 00000 n 0001109200 00000 n 0001109369 00000 n 0001109538 00000 n 0001109707 00000 n 0001109874 00000 n 0001110043 00000 n 0001110212 00000 n 0001110381 00000 n 0001110550 00000 n 0001110719 00000 n 0001110888 00000 n 0001111057 00000 n 0001111226 00000 n 0001111394 00000 n 0001111563 00000 n 0001111730 00000 n 0001111899 00000 n 0001112068 00000 n 0001112237 00000 n 0001112404 00000 n 0001112573 00000 n 0001112742 00000 n 0001112911 00000 n 0001113080 00000 n 0001113249 00000 n 0001113418 00000 n 0001113587 00000 n 0001113756 00000 n 0001113925 00000 n 0001114094 00000 n 0001114263 00000 n 0001114432 00000 n 0001114601 00000 n 0001114770 00000 n 0001114937 00000 n 0001115106 00000 n 0001115275 00000 n 0001115444 00000 n 0001115613 00000 n 0001115782 00000 n 0001115951 00000 n 0001116120 00000 n 0001116289 00000 n 0001116458 00000 n 0001116627 00000 n 0001116796 00000 n 0001116965 00000 n 0001117134 00000 n 0001117303 00000 n 0001117472 00000 n 0001117641 00000 n 0001117808 00000 n 0001117977 00000 n 0001118146 00000 n 0001118315 00000 n 0001118484 00000 n 0001118653 00000 n 0001118822 00000 n 0001118991 00000 n 0001119160 00000 n 0001119329 00000 n 0001119498 00000 n 0001119667 00000 n 0001119836 00000 n 0001120005 00000 n 0001120174 00000 n 0001120343 00000 n 0001120510 00000 n 0001120679 00000 n 0001120848 00000 n 0001121017 00000 n 0001121186 00000 n 0001121355 00000 n 0001121524 00000 n 0001121693 00000 n 0001121862 00000 n 0001122031 00000 n 0001122199 00000 n 0001122368 00000 n 0001122536 00000 n 0001122705 00000 n 0001122874 00000 n 0001123043 00000 n 0001123212 00000 n 0001123381 00000 n 0001123550 00000 n 0001123719 00000 n 0001123888 00000 n 0001124057 00000 n 0001124226 00000 n 0001124395 00000 n 0001124564 00000 n 0001124733 00000 n 0001124902 00000 n 0001125071 00000 n 0001125240 00000 n 0001125409 00000 n 0001125578 00000 n 0001125747 00000 n 0001125916 00000 n 0001126085 00000 n 0001126254 00000 n 0001126423 00000 n 0001126592 00000 n 0001126761 00000 n 0001126930 00000 n 0001127099 00000 n 0001127268 00000 n 0001127437 00000 n 0001127606 00000 n 0001127773 00000 n 0001127942 00000 n 0001128111 00000 n 0001128273 00000 n 0001128432 00000 n 0001128591 00000 n 0001128752 00000 n 0001128912 00000 n 0001129073 00000 n 0001129233 00000 n 0001129394 00000 n 0001129554 00000 n 0001129715 00000 n 0001129874 00000 n 0001130033 00000 n 0001130194 00000 n 0001130355 00000 n 0001130516 00000 n 0001130676 00000 n 0001130837 00000 n 0001130997 00000 n 0001131158 00000 n 0001131319 00000 n 0001131478 00000 n 0001131639 00000 n 0001131799 00000 n 0001131960 00000 n 0001132120 00000 n 0001132281 00000 n 0001132440 00000 n 0001132599 00000 n 0001132760 00000 n 0001132920 00000 n 0001133081 00000 n 0001133242 00000 n 0001133402 00000 n 0001133562 00000 n 0001133723 00000 n 0001133883 00000 n 0001134044 00000 n 0001134203 00000 n 0001134363 00000 n 0001134523 00000 n 0001134684 00000 n 0001134843 00000 n 0001135003 00000 n 0001135164 00000 n 0001135325 00000 n 0001135485 00000 n 0001135646 00000 n 0001135806 00000 n 0001135967 00000 n 0001136127 00000 n 0001136286 00000 n 0001136447 00000 n 0001136608 00000 n 0001136769 00000 n 0001136929 00000 n 0001137089 00000 n 0001137269 00000 n 0001137517 00000 n 0001137830 00000 n 0001138059 00000 n 0001138341 00000 n 0001138629 00000 n 0001138888 00000 n 0001139146 00000 n 0001139374 00000 n 0001139646 00000 n 0001139907 00000 n 0001140169 00000 n 0001140395 00000 n 0001140616 00000 n 0001140846 00000 n 0001141074 00000 n 0001141307 00000 n 0001141569 00000 n 0001141874 00000 n 0001142140 00000 n 0001142366 00000 n 0001142569 00000 n 0001142799 00000 n 0001143021 00000 n 0001143274 00000 n 0001143525 00000 n 0001143718 00000 n 0001143936 00000 n 0001144190 00000 n 0001144454 00000 n 0001144675 00000 n 0001144912 00000 n 0001145133 00000 n 0001145365 00000 n 0001145624 00000 n 0001145795 00000 n 0001145960 00000 n 0001146170 00000 n 0001146383 00000 n 0001146584 00000 n 0001146791 00000 n 0001146998 00000 n 0001147181 00000 n 0001147352 00000 n 0001147517 00000 n 0001147688 00000 n 0001147865 00000 n 0001148045 00000 n 0001148215 00000 n 0001148366 00000 n 0001148533 00000 n 0001148706 00000 n 0001148861 00000 n 0001149014 00000 n 0001149177 00000 n 0001149339 00000 n 0001149512 00000 n 0001149687 00000 n 0001149856 00000 n 0001150025 00000 n 0001150204 00000 n 0001150393 00000 n 0001150580 00000 n 0001150763 00000 n 0001150932 00000 n 0001151110 00000 n 0001151285 00000 n 0001151470 00000 n 0001151648 00000 n 0001151823 00000 n 0001151980 00000 n 0001152152 00000 n 0001152321 00000 n 0001152487 00000 n 0001152669 00000 n 0001152854 00000 n 0001153038 00000 n 0001153223 00000 n 0001153406 00000 n 0001153589 00000 n 0001153774 00000 n 0001153958 00000 n 0001154143 00000 n 0001154327 00000 n 0001154512 00000 n 0001154696 00000 n 0001154881 00000 n 0001155065 00000 n 0001155243 00000 n 0001155420 00000 n 0001155596 00000 n 0001155773 00000 n 0001155949 00000 n 0001156126 00000 n 0001156302 00000 n 0001156479 00000 n 0001156654 00000 n 0001156829 00000 n 0001157006 00000 n 0001157182 00000 n 0001157359 00000 n 0001157535 00000 n 0001157712 00000 n 0001157889 00000 n 0001158069 00000 n 0001158208 00000 n 0001158321 00000 n 0001158434 00000 n 0001158548 00000 n 0001158662 00000 n 0001158776 00000 n 0001158890 00000 n 0001159003 00000 n 0001159117 00000 n 0001159231 00000 n 0001159345 00000 n 0001159458 00000 n 0001159572 00000 n 0001159686 00000 n 0001159800 00000 n 0001159914 00000 n 0001160027 00000 n 0001160141 00000 n 0001160255 00000 n 0001160368 00000 n 0001160482 00000 n 0001160596 00000 n 0001160710 00000 n 0001160824 00000 n 0001160938 00000 n 0001161052 00000 n 0001161166 00000 n 0001161279 00000 n 0001161392 00000 n 0001161506 00000 n 0001161620 00000 n 0001161734 00000 n 0001161846 00000 n 0001161960 00000 n 0001162074 00000 n 0001162188 00000 n 0001162302 00000 n 0001162416 00000 n 0001162530 00000 n 0001162644 00000 n 0001162758 00000 n 0001162872 00000 n 0001162986 00000 n 0001163100 00000 n 0001163213 00000 n 0001163327 00000 n 0001163441 00000 n 0001163555 00000 n 0001163669 00000 n 0001163783 00000 n 0001163896 00000 n 0001164010 00000 n 0001164124 00000 n 0001164238 00000 n 0001164351 00000 n 0001164464 00000 n 0001164578 00000 n 0001164691 00000 n 0001164805 00000 n 0001164919 00000 n 0001165033 00000 n 0001165147 00000 n 0001165261 00000 n 0001165375 00000 n 0001165488 00000 n 0001165602 00000 n 0001165716 00000 n 0001165829 00000 n 0001165943 00000 n 0001166057 00000 n 0001166171 00000 n 0001166285 00000 n 0001166399 00000 n 0001166513 00000 n 0001166627 00000 n 0001166740 00000 n 0001166853 00000 n 0001166967 00000 n 0001167081 00000 n 0001167195 00000 n 0001167309 00000 n 0001167421 00000 n 0001167535 00000 n 0001167649 00000 n 0001167763 00000 n 0001167877 00000 n 0001167991 00000 n 0001168105 00000 n 0001168219 00000 n 0001168333 00000 n 0001168447 00000 n 0001168561 00000 n 0001168675 00000 n 0001168789 00000 n 0001168903 00000 n 0001169017 00000 n 0001169131 00000 n 0001169245 00000 n 0001169359 00000 n 0001169473 00000 n 0001169587 00000 n 0001169701 00000 n 0001169815 00000 n 0001169929 00000 n 0001170043 00000 n 0001170157 00000 n 0001170271 00000 n 0001170385 00000 n 0001170499 00000 n 0001170613 00000 n 0001170727 00000 n 0001170841 00000 n 0001170955 00000 n 0001171069 00000 n 0001171183 00000 n 0001171297 00000 n 0001171411 00000 n 0001171525 00000 n 0001171639 00000 n 0001171753 00000 n 0001171867 00000 n 0001171981 00000 n 0001172095 00000 n 0001172209 00000 n 0001172323 00000 n 0001172437 00000 n 0001172551 00000 n 0001172665 00000 n 0001172779 00000 n 0001172893 00000 n 0001173007 00000 n 0001173121 00000 n 0001173234 00000 n 0001173345 00000 n 0001173457 00000 n 0001173569 00000 n 0001173681 00000 n 0001173793 00000 n 0001173905 00000 n 0001174016 00000 n 0001174128 00000 n 0001174240 00000 n 0001174361 00000 n 0001174502 00000 n 0001174642 00000 n 0001174768 00000 n 0001174902 00000 n 0001175050 00000 n 0001175172 00000 n 0001175294 00000 n 0001175413 00000 n 0001175526 00000 n 0001175640 00000 n 0001175757 00000 n 0001175876 00000 n 0001175994 00000 n 0001176111 00000 n 0001176227 00000 n 0001176343 00000 n 0001176450 00000 n 0001176563 00000 n 0001176677 00000 n 0001176791 00000 n 0001176904 00000 n 0001177018 00000 n 0001177132 00000 n 0001177246 00000 n 0001177360 00000 n 0001177473 00000 n 0001177587 00000 n 0001177701 00000 n 0001177815 00000 n 0001177929 00000 n 0001178043 00000 n 0001178157 00000 n 0001178271 00000 n 0001178385 00000 n 0001178499 00000 n 0001178613 00000 n 0001178727 00000 n 0001178841 00000 n 0001178954 00000 n 0001179065 00000 n 0001179186 00000 n 0001179301 00000 n 0001179415 00000 n 0001179504 00000 n 0001179617 00000 n 0001179731 00000 n 0001179845 00000 n 0001179968 00000 n 0001180056 00000 n 0001180161 00000 n 0001180201 00000 n 0001182650 00000 n trailer << /Size 8530 /Root 8528 0 R /Info 8529 0 R /ID [ ] >> startxref 1182977 %%EOF samhain-3.1.0/docs/HOWTO-client+server.html0000644000175000017500000003010410141125772015346 00000000000000 HOWTO client+server

samhain file integrity scanner | online documentation


Setting up a client/server samhain system


This document aims to explain how to set up a client/server samhain system, where the client (samhain) runs on one machine to be monitored, and sends reports via TCP/IP to a remote server (yule).

Please note: the server (yule) does not perform any filesystem and/or kernel checks. If you want to perform such checks on the log server host, you need to run a samhain client on this host as well.

Client and server are distict applications, and must be built seperately. By default, installation names and paths (e.g. the configuration file) are different. Do not blame us if you abuse './configure' options to cause name clashes, if you install both on the same host.

Introduction

Samhain can be compiled for remote logging to a central server via a secure (AES-encrypted, signed, and authenticated) TCP/IP connection.

In addition, both the client configuration file and the file signature database can be stored on the server. The client will then pull them from the server upon startup.

This requires three basic steps:

  1. compile and install server and client,
  2. establish trust between client and server, and
  3. enable remote logging in the client's configuration file.

Compiling

The server - yule

Note: the server can be started with root privileges (e.g. to use a privileged port < 1024), but it will always drop root privileges irrevocably before accepting any connections, and run as a non-root user. This user can be specified explicitely with the configure option --enable-identity=USER. The default is the first existing user out of the list yule, daemon, nobody. 


bash$ ./configure --enable-network=server
bash$ make
bash$ make install

The client - samhain

  • If you just want remote logging:

       ./configure --enable-network=client --with-logserver=server.example.com

  • If you want configuration and database files on the server:

       ./configure --enable-network=client --with-logserver=server.example.com \
            --with-config-file=REQ_FROM_SERVER/etc/samhainrc \
            --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file

The path after the keyword REQ_FROM_SERVER has the following meaning:

  • for the configuration file:
    • if initializing, and the connection to the server fails, samhain will fall back on the local file (if given);
    • if in check mode, it is ignored. Samhain will abort if the connection to the server fails.
    Thus, the local path allows you to initialize the database from a local configuration file before the client is known to the server.
  • for the database file:
    • if initializing, the database is written to the local file;
    • if in check mode, the local path is ignored. Samhain will abort if the connection to the server fails.
    Thus, init (or update) always requires a local file that must be uploaded to the server thereafter. Note that if you use the Beltane web-based frontend, database updates can be performed on the server without ever running an update on the client.

Establishing trust between client and server

By default, samhain uses the SRP (Secure Remote Password) protocol, with a password that is embedded in the client binary, and a corresponding verifier that is in the server configuration file.

Embedding the password in the client, and register it with the server

To embed the password in the binary, there is a dummy password compiled in as placeholder, and a utility samhain_setpwd is provided that

  1. takes a password as input,
  2. searches the original binary for the correct place (i.e. the placeholder), and
  3. writes a copy of the original binary, with the placeholder replaced by the password. The original is left untouched. The copy cannot be changed to another password anymore.

For convenience, the server has functions to

  • generate a random password in the correct format:

       sh$ yule -G

  • and generate a corresponding entry for the server configuration file:

       sh$ yule -P PASSWORD.

  • The generated entry has a string 'HOSTNAME' that you should replace with the fully qualified name of the client. This entry must then be placed in the [Clients] section of the yule configuration file (e.g. /etc/yulerc).
  • Finally, you need to tell yule to reload the configuration (send SIGHUP, or use /etc/init.d/yule reload).

Example


rainer$ ./samhain_setpwd

Usage: samhain_setpwd <filename> <suffix> <new_password>

   This program is a utility that will:
    - search in the binary executable <filename> for samhain's
      compiled-in default password,
    - change it to <new_password>,
    - and output the modified binary to <filename>.<suffix>

   To allow for non-printable chars, <new_password> must be
   a 16-digit hexadecimal number (only 0-9,A-F allowed in input),
   thus corresponding   to an 8-byte password.

   Example: 'samhain_setpwd samhain new 4142434445464748'
   takes the file 'samhain', sets the password to 'ABCDEFGH'
   ('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result
   to 'samhain.new'.

rainer$ yule -G
5B5CDF18CE8D66A3

rainer$ ./samhain_setpwd samhain new 5B5CDF18CE8D66A3
INFO   old password found
INFO   replaced:  f7c312aaaa12c3f7  by:  5b5cdf18ce8d66a3
INFO   finished

rainer$ scp ./samhain.new root@client.example.com:/usr/local/sbin/samhain
samhain              100% |********************************|   592 KB    00:00

rainer$ yule -P 5B5CDF18CE8D66A3
Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\
A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\
6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\
977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0

rainer$ yule -P 5B5CDF18CE8D66A3 | sed s%HOSTNAME%client.example.com% >> /etc/yulerc

rainer$ tail -2 /etc/yulerc
[Clients]
Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F
6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393
295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB
0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0

rainer$ /etc/init.d/yule reload

Note 1: the verifier Client=client.example.com@..... must be in the [Clients] section of the server configuration file. It is convenient if this is the last section in the config file, because then you can just concatenate the output of yule -P PASSWORD to the configuration file. This allows for better automatisation with a simple script.

Note 2: samhain comes with a deploy system that handles the deployment of clients, including password embedding and server configuration, in a semi-automatic way. This deploy system is tested and used in a production system of more than 50 machines, and described in detail in Chapt. 10 of the MANUAL.

Enabling remote logging

Samhain has multiple independent logging facilities (such as a local logfile, syslog, e-mail, TCP/IP, etc.) that can be used in parallel. You therefore have to specify in the client's configuration file, which logging facility you want to use.

Selecting logging facilities is done by setting appropriate thresholds in the [Log] section of the configuration file: each message with a priority exceeding the threshold will be logged via the respective facility. Setting the threshold to none will disable a facility. For details, refer to Chapt. 4 in the MANUAL.

Example

To enable remote logging to the server for all messages of priority error or higher, use the following directive in the client configuration file: 


[Log]
ExportSeverity=err

Databases and config files on the server

The client does not tell the server the path to the requested file - it just requests a config or a database file. It's entirely the responsibility of the server to locate the correct file and send it.

The server has a data directory, which by default would be /var/lib/yule, but depends on your compile options.

Config files and baseline databases for clients must be located in this directory, and they must be named as follows:

Configuration files: rc.client.mydomain.tld or simply rc (this can be used as a catchall file).

Database files: file.client.mydomain.tld or simply file (this can be used as a catchall file).

samhain-3.1.0/docs/README0000644000175000017500000003651310153673254011702 00000000000000 CONTENT OF THIS DOCUMENT ------------------------ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ +++ +++ NOTE: The distribution package contains a much more detailed MANUAL +++ +++ +++ +++ ---- See the docs/ subdirectory ---- +++ +++ +++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - INSTALL basic install procedure - PGP SIGNATURES signing database and config file - CLIENT/SERVER how to install and use with client/server mode for distributed host monitoring - STEALTH how to install and use with stealth mode enabled - USAGE some usage examples - CAVEATS what the name says - START AT BOOT TIME how to start the daemon during the boot sequence - CONFIGURE OPTIONS overview of supported options, and defaults - TESTING test suite (also useful to see EXAMPLES) INSTALL: ------- Unpack the source with: gunzip -c samhain-current.tar.gz | tar xvf - This will drop two files in your current directory: samhain-{version}.tar.gz samhain-{version}.tar.gz.asc To check authenticity and integrity of the source code, verify the PGP signature on samhain-{version}.tar.gz (public PGP key for Rainer Wichmann at http://wwwkeys.pgp.net/): gpg --verify samhain-{version}.tar.gz.asc samhain-{version}.tar.gz Then unpack samhain-{version}.tar.gz: gunzip -c samhain-{version}.tar.gz | tar xvf - cd samhain-{version} If you have an incarnation of 'dialog' (xdialog, dialog, lxdialog) installed, you can use the GUI install tool: ./Install.sh Otherwise use the commands: ./configure [options] make su root make install At least the following executable will be built: +++ samhain +++ the monitoring agent, without any client/server support (i.e. local use only) Additional executables will be built if you compile in client/server and/or stealth mode (see below). The 'make install' target will strip the executable(s), i.e. discard symbols. PATHS: ----- For configuring the install paths/locations, see the MANUAL. WARNING: ------- Some versions of gcc have a bug that generates incorrect code if strength reducing is enabled. If you modify the compiler flags, always use the -fno-strength-reduce option with gcc, unless you are sure that your compiler does not suffer from the problem (see README.gcc_bug). Also, some gcc versions generate incorrect code unless the -fno-omit-frame-pointer option is used. The -fno-strength-reduce and the -fno-omit-frame-pointer options are enabled by default by the 'configure' script. PGP SIGNATURES: -------------- By default, samhain will report on the checksums of the database and configuration files on startup. You can always (clear)sign the database (once initialized) with GnuPG, as well as the configuration file (recommended: gpg -a --clearsign --not-dash-escaped FILE). However, to have samhain check these signatures, rather than ignoring them, you need GnuPG and you must compile samhain with the option ./configure --with-gpg=PATH where PATH is the path to the gpg/pgp binary. Samhain will invoke gpg only after checking that only trusted users (by default: root and the effective user) have write access to any element in the path. The public key for verification must be in the keyring of the effective user (usually root) For more security, it is possible to compile in the checksum of the GnuPG executable, and/or the key fingerprint. See the MANUAL for more details. The public key will be searched in the gpg home directory (~/.gnupg/) of the effective user (usually root). The key identification and fingerprint will be reported. CLIENT/SERVER: ------------- samhain supports logging to a central server via TCP/IP. To enable this option, use the ./configure option ./configure --enable-network=client|server [more options] NOTE: client and server are __distict__ applications, and must be built seperately. By default, installation names and paths are different. Do not blame us if you abuse './configure' options to cause name clashes, if you install both on the same host. The following executables are built: +++ samhain (client) +++ the monitoring agent, with client code included if --enable-network=client +++ yule (server) +++ the log server (no monitoring, just report collecting !!!) if --enable-network=server +++ samhain_setpwd +++ a utility program to set the password of a monitoring agent (see man page samhain.8). Use it without options to get help. To set up a monitoring agent, do the following: -- select a (16-digit hexadecimal) password. To generate a random password, you can use: ./yule -G -- use 'samhain_setpwd samhain ' to generate an agent 'samhain.suffix' with the selected password (you can rename the agent afterwards, of course) -- use 'yule -P password' to compute an entry to register the agent -- in the servers's configuration file, insert the computed entry (replace HOSTNAME with the host, on which the agent will run) in the section called [Clients] By default, client/server authentication is done with the SRP (Secure Remote Password) protocol. It is also possible to store configuration and database files on the server. See the manual for details. STEALTH: ------- samhain supports a 'stealth' mode of operation, meaning that the program can be run without any obvious trace of its presence on disk. The supplied facilities are more sophisticated than just running the program under a different name, and might thwart efforts using 'standard' Unix commands, but they will not resist a search using dedicated utilities. To enable this mode, use the ./configure option ./configure --enable-stealth=XOR_VAL [more options] XOR_VAL must be a decimal number in the range 0, 128..255 (using 0 will have no effect). The runtime executable will contain no printable strings revealing its nature or purpose (strings are xor'ed with XOR_VAL at compile time, and decoded at runtime). The configuration file is expected to be a postscript file with _uncompressed_ image data, wherein the configuration data are hidden by steganography. To create a suitable image file from an existing image, you may use e.g. the ImageMagick program 'convert', such as: convert +compress ima.jpg ima.ps The following additional executable will be built: +++ samhain_stealth +++ steganography utility program to hide/extract the configuration file data in/from a postscript file with _uncompressed_ image data. Use it without options to get help. Database and log file entries are xor'ed with XOR_VAL to 'mask' printable strings as binary data. No steganography is supported for them, as this would require image files of unreasonable large size. However, if the database/log file is an existing image (say, a .jpg file), the data will be appended to the end of the image data. The image will display normally, and on examination of the file, the add-on data will look like binary (image) data at first sight. The built-in utility to verify and print log file entries will handle this situation transparently. To re-name samhain to something unsuspicious, use the configure option ./configure --enable-install-name=NAME 'make install' will then re-name samhain upon installation. Also, database, log file, and pid file will have 'samhain' replaced by NAME. USAGE EXAMPLES: -------------- Review the default configuration file that comes with the source distribution. Read the man page (samhain.8). initialize database: samhain -t init check files: samhain -t check run as daemon: samhain -t check -D report to log server: samhain -t check -D -e warn start the log server: yule -S CAVEATS: ------- Permissions: ----------- samhain needs root permissions to check some system files. The log server does not require root permissions, unless you use a privileged port (port number below 1024). If you use --enable-udp to listen on the syslog socket, you need to start the log server with root permissions (it will drop them after binding to the port). Trust: ----- samhain checks the path to critical files (database, configuration) for write access by untrusted users. By default, only root and the effective user are trusted. More UIDs can be added as a compile options (some systems habe 'bin' as owner of the root directory). Integrity: --------- On startup, samhain will report on signatures or checksums of database and configuration files. You better check these reports. Both startup and exit will be reported. If you are using samhain as daemon and start it at boot time, you may want to check that startup/exit corresponds with scheduled reboots. If the path to the samhain binary is defined in the configuration file, samhain will checksum the binary at startup and compare at program termination. This will minimize the time available for an intruder to modify the binary. Mail address: ------------ For offsite mail, you may have to set a mail relay host in the configuration file. START AT BOOT TIME: ------------------ the easy way (supported on Linux, FreeBSD, HP-UX, AIX): su root make install-boot CONFIGURE OPTIONS: ----------------- ------------------- -- basic options -- ------------------- --enable-network Compile with client/server support. --enable-udp Enable the server to listen on port 514/udp (syslog). --enable-srp Use SRP protocol to authenticate to log server. --with-gpg=PATH Use GnuPG to verify database/config. The public key of the effective user (in ~/.gnupg/pubring.gpg) will be used. --enable-login-watch Watch for login/logout events. --enable-stealth=XOR_VAL Enable stealth mode, and set XOR_VAL. XOR_VAL must be decimal in 0..32 or 127..255 and will be used to 'mask' literal strings as binary data. (0 has no effect). --enable-micro-stealth=XOR_VAL As --with-stealth, but without steganographic hidden configuration file. --enable-nocl=PW Enable command line parsing ONLY if PW is the first argument on the command line. If PW is "" (empty string), command line parsing is completely disabled. --enable-base=BASE Set base for one-time pads. Must be ONE string (no space) made of TWO comma-separated integers in the range -2147483648...2147483647. (The default is compile time.) Binaries compiled with different values cannot verify the audit trail(s) of each other. THIS IS IMPORTANT IF YOU COMPILE MULTIPLE TIMES, E.G. ON DIFFERENT HOSTS. ------------------- -- paths -- ------------------- ${install_name} is "samhain" by default (see --with-install-name=NAME ) configuration: /etc/${install_name}rc state data: /var/lib/${install_name} log file: /var/log/${install_name}_log lock/pid file: /var/run/${install_name}.pid mandir: /usr/local/man bindir: /usr/local/sbin/ --exec-prefix=EPREFIX Set sbindir prefix (default is /usr/local, ie. binaries go to /usr/local/sbin) --prefix=PREFIX install directory (default is NONE) IF PREFIX = USR; then configuration: /etc/${install_name}rc state data: /var/lib/${install_name} log file: /var/log/${install_name}_log lock/pid file: /var/run/${install_name}.pid mandir: /usr/share/man bindir: /usr/sbin/ IF PREFIX = OPT; then configuration: /etc/opt/${install_name}rc state data: /var/opt/${install_name}/${install_name} log file: /var/opt/${install_name}/${install_name}_log lock/pid file: /var/opt/${install_name}/${install_name}.pid mandir: /opt/${install_name}/man bindir: /opt/${install_name}/bin/ IF PREFIX = (something else); then If EPREFIX is not set, it will be set to PREFIX. configuration: PREFIX/etc/${install_name}rc state data: PREFIX/var/lib/${install_name} log file: PREFIX/var/log/${install_name}_log lock/pid file: PREFIX/var/run/${install_name}.pid mandir: PREFIX/share/man bindir: PREFIX/sbin/ --with-config-file=FILE Set path of configuration file (default is PREFIX/etc/samhainrc) --with-data-file=FILE Set path of data file (PREFIX/var/lib/samhain/samhain_file) --with-html-file=FILE Set path of server status html file (PREFIX/var/lib/samhain/samhain.html) --with-log-file=FILE Set path of log file (PREFIX/var/log/samhain_log) --with-pid-file=FILE Set path of lock file (PREFIX/var/run/samhain.pid) ------------------- -- other -- ------------------- --with-checksum=CHECKSUM Compile in TIGER checksum of the gpg/pgp binary. CHECKSUM must be the full line output by samhain or GnuPG when computing the checksum. --with-fp=FINGERPRINT Compile in public key fingerprint. FINGERPRINT must be without spaces. Only useful in combination with '--with-gpg'. If used, samhain will check the fingerprint, but still report on the used public key. --enable-identity=USER Set user when dropping root privileges (default is the user "nobody"). Only needed if there is no user 'nobody' on your system (check /etc/passwd) --with-port=PORT Set port number for TCP/IP (default is 49777). Only needed if this port is already used by some other application. --with-logserver=HOST Set host address for log server (default is NULL). You can set this in the configuration file as well. --with-timeserver=HOST Set host address for time server (default is NULL - use own clock). You can set this in the configuration file as well. --with-sender=SENDER Set sender for e-mail (default is daemon). --enable-xml-log Use XML format for log file. --enable-debug Enable extended debugging --enable-ptrace Use anti-debugging code. --with-trusted=UID Comma-separated list of UID's of users that are always trusted (default is 0 = root). You will need this only if the path to the config file has directories owned neither by 'root' nor by the (effective) user of the program. TESTING: ------- For testing compilation etc., you may use the test suite: ./test/test.sh n [hostname] The argument 'n' is the number of the test to run. Some tests require that the (fully qualified) hostname be given as second argument. Without options, you will get a short help/usage message, listing each test, its purpose, and the name of the configuration file used. You may want to review the respective configuration file before running a test. Also listed are the scripts used for each test. If you have problems getting samhain to run, you may use these scripts as examples. samhain-3.1.0/Makefile.in0000664000175000017500000023633312234417521012136 00000000000000# # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # --- boiler-plate stuff --- # SHELL = /bin/sh srcdir = @srcdir@ srcsrc = @srcdir@/src srcinc = @srcdir@/include top_srcdir = @top_srcdir@ # Don't use VPATH - it's a portability mess # # VPATH = $(top_srcdir)/src prefix = @prefix@ exec_prefix = @exec_prefix@ sbindir = @sbindir@ sysconfdir = @sysconfdir@ localstatedir = @localstatedir@ mandir = @mandir@ datarootdir = @datarootdir@ mytmpdir = @mytmpdir@ configfile = @myconffile@ mydatafile = @mydatafile@ mylockfile = @mylockfile@ mylogfile = @mylogfile@ mydatadir = @mydataroot@ mylogdir = @mylogdir@ mylockdir = @mylockdir@ selectconfig = @selectconfig@ top_builddir = . INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL@ -s -m 700 INSTALL_SHELL = @INSTALL@ -m 700 INSTALL_DATA = @INSTALL@ -m 600 INSTALL_MAN = @INSTALL@ -m 644 INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_NAME = @install_name@ INSTALL_DSYS = @INSTALL@ -m 755 PACKAGE = @PACKAGE@ VERSION = @VERSION@ BUILD_NUM = 1 DEFAULT_MAINTAINER = Nobody Nowhere VFLAG = @mytclient@ SETPWD = @setpwd_prg@ STEGIN = @stegin_prg@ SAMHAIN = @sh_main_prg@ YULECTL = @yulectl_prg@ XOR_CODE = @xor_code@ SH_LKM = @sh_lkm@ TIGER_SRC = @tiger_src@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CC = @CC@ BUILD_CC = @BUILD_CC@ # DBGDEF = -pg -DSH_PROFILE=1 DBGDEF = @mydebugdef@ DEFS = $(DBGDEF) @DEFS@ -I. -I$(top_srcdir)/include CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ LIBS_TRY = @LIBS@ LIBS_SOCK = @sh_libsocket@ LIBS_KVM = @sh_libkvm@ CFLAGS = @CFLAGS@ CUTEST = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(CUTEST) LINK = $(CC) $(DBGDEF) -O $(LDFLAGS) -o $@ DESTDIR = TAR = tar GZIP = --best # For creating a packed client # CLIENTPASSWD = .SUFFIXES: # Delete the default suffixes # # --- Files ------- # HEADERS = samhain.h sh_unix.h sh_utils.h sh_error.h sh_error_min.h sh_files.h \ sh_getopt.h sh_readconf.h sh_tiger.h sh_hash.h \ sh_mail.h sh_mail_int.h sh_nmail.h sh_filter.h \ sh_mem.h sh_entropy.h sh_forward.h sh_modules.h sh_utmp.h \ sh_kern.h sh_suidchk.h sh_srp.h sh_fifo.h sh_html.h sh_tools.h \ sh_gpg.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \ sh_schedule.h bignum.h trustfile.h slib.h zAVLTree.h \ lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \ rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \ sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h \ sh_processcheck.h sh_portcheck.h sh_pthread.h sh_string.h \ sh_log_check.h sh_log_evalrule.h sh_log_correlate.h \ sh_log_mark.h sh_log_repeat.h sh_inotify.h sh_registry.h sh_ipvx.h \ sh_restrict.h sh_sub.h sh_fInotify.h sh_checksum.h SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ $(srcsrc)/sh_utils.c $(srcsrc)/sh_error.c \ $(srcsrc)/sh_files.c $(srcsrc)/sh_getopt.c \ $(srcsrc)/sh_readconf.c $(srcsrc)/sh_tiger0.c \ $(srcsrc)/sh_tiger1.c $(srcsrc)/sh_tiger2.c \ $(srcsrc)/sh_tiger1_64.c $(srcsrc)/sh_tiger2_64.c \ $(srcsrc)/sh_hash.c $(srcsrc)/sh_mail.c $(srcsrc)/sh_nmail.c \ $(srcsrc)/sh_mem.c $(srcsrc)/sh_entropy.c \ $(srcsrc)/sh_forward.c $(srcsrc)/sh_modules.c \ $(srcsrc)/sh_utmp.c $(srcsrc)/sh_login_track.c $(srcsrc)/sh_kern.c \ $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \ $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \ $(srcsrc)/sh_html.c $(srcsrc)/sh_gpg.c \ $(srcsrc)/sh_cat.c $(srcsrc)/sh_calls.c \ $(srcsrc)/sh_extern.c $(srcsrc)/sh_database.c \ $(srcsrc)/sh_err_log.c $(srcsrc)/sh_err_console.c \ $(srcsrc)/sh_err_syslog.c $(srcsrc)/sh_schedule.c \ $(srcsrc)/bignum.c $(srcsrc)/mkhdr.c \ $(srcsrc)/samhain_setpwd.c $(srcsrc)/samhain_stealth.c \ $(srcsrc)/encode.c $(srcsrc)/sstrip.c \ $(srcsrc)/trustfile.c $(srcsrc)/exepack.c \ $(srcsrc)/exepack_fill.c $(srcsrc)/exepack_mkdata.c \ $(srcsrc)/minilzo.c $(srcsrc)/slib.c \ $(srcsrc)/rijndael-alg-fst.c $(srcsrc)/rijndael-api-fst.c \ $(srcsrc)/zAVLTree.c $(srcsrc)/bignum.c \ $(srcsrc)/sh_socket.c $(srcsrc)/sh_ignore.c \ $(srcsrc)/yulectl.c $(srcsrc)/sh_mounts.c \ $(srcsrc)/sh_userfiles.c $(srcsrc)/sh_prelude.c \ $(srcsrc)/sh_prelink.c $(srcsrc)/sh_static.c \ $(srcsrc)/sh_portcheck.c $(srcsrc)/sh_port2proc.c\ $(srcsrc)/sh_processcheck.c $(srcsrc)/sh_filter.c \ $(srcsrc)/sh_pthread.c $(srcsrc)/sh_string.c \ $(srcsrc)/sh_log_parse_syslog.c $(srcsrc)/sh_log_parse_pacct.c \ $(srcsrc)/sh_log_parse_samba.c $(srcsrc)/sh_log_parse_generic.c \ $(srcsrc)/sh_log_parse_apache.c $(srcsrc)/sh_log_evalrule.c \ $(srcsrc)/sh_log_correlate.c $(srcsrc)/sh_log_mark.c \ $(srcsrc)/sh_log_check.c $(srcsrc)/dnmalloc.c \ $(srcsrc)/sh_inotify.c $(srcsrc)/sh_log_repeat.c \ $(srcsrc)/sh_audit.c $(srcsrc)/sh_registry.c \ $(srcsrc)/sh_ipvx.c $(srcsrc)/sh_restrict.c \ $(srcsrc)/sh_filetype.c $(srcsrc)/sh_sub.c $(srcsrc)/sh_fInotify.c\ $(srcsrc)/sh_checksum.c \ $(srcsrc)/t-test1.c OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ samhain.o sh_unix.o sh_utils.o sh_error.o \ sh_getopt.o sh_readconf.o sh_filter.o \ sh_hash.o sh_mail.o sh_nmail.o sh_mem.o sh_login_track.o \ sh_entropy.o sh_forward.o sh_modules.o sh_utmp.o sh_kern.o \ sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \ sh_cat.o sh_calls.o sh_extern.o sh_database.o sh_err_log.o \ sh_err_console.o sh_err_syslog.o sh_schedule.o bignum.o \ trustfile.o rijndael-alg-fst.o rijndael-api-fst.o slib.o \ zAVLTree.o sh_socket.o sh_ignore.o sh_prelude.o \ sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \ sh_processcheck.o sh_portcheck.o sh_port2proc.o \ sh_log_parse_syslog.o sh_log_parse_pacct.o sh_log_parse_apache.o \ sh_log_parse_samba.o sh_log_evalrule.o sh_log_check.o \ sh_log_parse_generic.o \ sh_log_correlate.o sh_log_mark.o sh_log_repeat.o \ sh_pthread.o sh_string.o sh_inotify.o dnmalloc.o \ sh_audit.o sh_registry.o sh_ipvx.o sh_restrict.o \ sh_filetype.o sh_sub.o sh_fInotify.o sh_checksum.o KERN = kern_head.h kern_head.c TESTSUITE = test.sh testcompile.sh testhash.sh testtiger.txt \ testtimesrv.sh \ testext.sh testrc_1ext.in test_ext.c.in testrun_1d.sh \ testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ testrun_2c.sh testrun_2d.sh DIST_COMMON = README COPYING LICENSE samhain.jpg \ samhainrc.linux samhainrc.solaris samhainrc.freebsd samhainrc.aix5.2.0 \ samhainrc.netbsd yulerc.template \ Install.sh DIST_NEEDED = Makefile.in deploy.sh.in samhain-install.sh.in \ samhain.spec.in rules.deb.in rules.deb-light.in samhain.spec hp_ux.psf.in \ stealth_template.jpg \ config.guess config.h.in stamp-h.in config.sub configure \ configure.ac acconfig.h aclocal.m4 install-sh missing mkinstalldirs \ c_random.sh c_bits.sh depend.sum depend.dep stamp-hdep DISTFILES = $(DIST_COMMON) $(DIST_NEEDED) \ src include man scripts init docs sql_init test dsys PROGRAMS = $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) #---------------------------------------------------------- # # the first target is the default one # #---------------------------------------------------------- all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) @sh_lkm@ sstrip #---------------------------------------------------------- # # rules for automatic updating of configuration information # after changing the configuration files # #---------------------------------------------------------- $(top_srcdir)/configure: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 cd $(srcdir) && autoconf # autoheader might not change config.h.in, so touch a stamp file. $(top_srcdir)/config.h.in: $(top_srcdir)/stamp-h.in touch $(top_srcdir)/config.h.in $(top_srcdir)/stamp-h.in: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4 cd $(top_srcdir) && autoheader echo timestamp > $(top_srcdir)/stamp-h.in config.h: stamp-h @sleep 1; \ touch config.h stamp-h: $(top_srcdir)/config.h.in config.status ./config.status Makefile: $(top_srcdir)/Makefile.in config.status ./config.status samhain-install.sh: $(top_srcdir)/samhain-install.sh.in config.status ./config.status config.status: $(top_srcdir)/configure ./config.status --recheck #---------------------------------------------------------- # # rules for automatic dependency tracking # #---------------------------------------------------------- depend-gen: $(srcsrc)/depend-gen.c @echo "$(BUILD_CC) -I. -o depend-gen $(srcsrc)/depend-gen.c"; \ $(BUILD_CC) -I. -o depend-gen $(srcsrc)/depend-gen.c 2>/dev/null || \ echo "failed to compile ... hope depend.dep is ok" # redo if sources change # $(top_srcdir)/depend.dep: depend-gen $(SOURCES) @echo "update depend.dep ..."; \ test -f $(srcdir)/depend.dep || echo > $(srcdir)/depend.dep; \ if test -f depend-gen; then \ failfiles=""; \ for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/depend.dep $$ff || \ failfiles="$${failfiles} $$ff"; \ done; \ if test x"$${failfiles}" != x; then \ echo "--------------------------------------------------------";\ echo " depend-gen failed to update depend.dep. You can safely"; \ echo " ignore this error, unless you have modified the source"; \ echo " files and changed their dependencies."; \ echo "--------------------------------------------------------";\ else \ echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ fi; \ else \ echo "depend-gen not found ... depend.dep not modified"; \ fi # only updated if depencies change # $(top_srcdir)/depend.sum: $(top_srcdir)/depend.dep @if test -f depend-gen; then \ nsum=`./depend-gen -c $(top_srcdir)/depend.dep|awk '{print $$1}'`; \ osum=`cat $(top_srcdir)/depend.sum 2>/dev/null`; \ if test "x$$osum" != "x$$nsum"; then \ echo "update $(top_srcdir)/depend.sum ..."; \ echo $$nsum > $(top_srcdir)/depend.sum; \ echo timestamp > $(top_srcdir)/stamp-hdep; \ fi; \ fi; $(top_srcdir)/stamp-hdep: touch $(top_srcdir)/stamp-hdep && touch $(top_srcdir)/Makefile.in $(top_srcdir)/Makefile.in: $(top_srcdir)/stamp-hdep @echo "update Makefile.in ..."; \ echo "cp Makefile.in Makefile.in.bak"; \ cp $(top_srcdir)/Makefile.in $(top_srcdir)/Makefile.in.bak; \ if test -f depend-gen; then \ failfiles=""; \ for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff || \ failfiles="$${failfiles} $$ff"; \ done; \ if test x"$${failfiles}" != x; then \ echo "--------------------------------------------------------";\ echo " depend-gen failed to update Makefile.in. You can safely"; \ echo " ignore this error, unless you have modified the source"; \ echo " files and changed their dependencies."; \ echo "--------------------------------------------------------";\ else \ echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ fi; \ fi # do it manually # depend: depend-gen @echo "update Makefile.in ..."; \ for ff in $(SOURCES) $(srcsrc)/kern_head.c; do \ ./depend-gen -i '$$(srcinc)/' -o $(top_srcdir)/Makefile.in $$ff; \ echo $(srcsrc) > $(top_srcdir)/stamp-dep; \ done #---------------------------------------------------------- # # CLEAN rules # #---------------------------------------------------------- # everything created by make # CLEANFILES = encode config_xor.h depend-gen sh_ks.h sh_ks_xor.h kern_head \ internal.h sh_MK.h trustfile sstrip samhain mkhdr encode cutest \ yule samhain_setpwd samhain_stealth samhainrc yulectl \ samhain_hide.ko samhain_kmem.ko clean: -rm -f core *.o @-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) # everything created by (./configure && make) # DISTCLEANFILES = Makefile samhain.spec sh_gpg_checksum.h sh_gpg_fp.h \ init/samhain.startLinux init/samhain.startGentoo \ init/samhain.startLSB init/samhain.startFreeBSD \ init/samhain.startSolaris init/samhain.startHPUX \ init/samhain.startIRIX init/samhain.startMACOSX \ deploy.sh sh_MK.h samhain-install.sh sh_gpg_chksum.h sh_gpg_fp.h \ rules.deb rules.deb-light \ scripts/samhainadmin.pl scripts/check_samhain.pl \ scripts/samhain.ebuild scripts/samhain.ebuild-light TESTCLEANFILES = samhain.build samhain.new yule.html \ test_ext test_ext.c test_ext.res testhash.tmp \ testrc1.signed testrc_1ext testrc_2 testrc_2.signed \ test_dnmalloc distclean: clean -rm -f config.status config.log configure.lineno config.h config.cache @-test -z "$(TESTCLEANFILES)" || rm -f $(TESTCLEANFILES) @-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) #---------------------------------------------------------- # # TEST rules # #---------------------------------------------------------- test14: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 14 `hostname -f` test13: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 13 `hostname -f` test12: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 12 `hostname -f` test11: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 11 `hostname -f` test10: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 10 `hostname -f` test7: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 7 test6: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 6 test5: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 5 test4: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 4 test3: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 3 test2: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 2 test1: test @cd test && TOP_SRCDIR=$(top_srcdir) && \ export TOP_SRCDIR && ./test.sh 1 test: @if test -f test; then \ :; \ else \ cp -pr $(top_srcdir)/test .; \ cat $(top_srcdir)/test/test.sh | \ sed 's%XXXSRCXXX%$(top_srcdir)%' > test/test.sh; \ chmod +x test/test.sh; \ fi test_dnmalloc: $(srcsrc)/t-test1.c dnmalloc.o $(COMPILE) $(VFLAG) -o t-test1.o -c $(srcsrc)/t-test1.c; \ $(LINK) t-test1.o dnmalloc.o $(LIBS_TRY) #---------------------------------------------------------- # # INSTALL rules # #---------------------------------------------------------- install: install-lkm install-program install-man install-data @echo; \ echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ echo " i.e. you might consider saving that script for future use";\ echo; \ echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ echo install-light: install-lkm install-program install-data @echo; \ echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \ echo " i.e. you might consider saving that script for future use";\ echo; \ echo " Use 'make install-boot' if you want @install_name@ to start on system boot"; \ echo purge: uninstall-lkm uninstall-program uninstall-man @echo "./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data"; \ ./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data remove: uninstall uninstall: uninstall-lkm uninstall-program uninstall-man uninstall-data @echo; \ echo " Use 'make purge' if you also want to uninstall the configuration file"; \ echo " Use 'make uninstall-boot' to uninstall the runlevel scripts"; \ echo # # --- boot --- # install-boot: samhain-install.sh ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-boot uninstall-boot: samhain-install.sh ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-boot # # --- program --- # # -- NEW -- install-lkm: @sh_lkm@ @RVER=`uname -r`; \ if test "x@sh_lkm@" != "x"; then \ if test -d /lib/modules/$$RVER; then \ MODDIR="/lib/modules/$$RVER"; \ elif test -d /lib/modules/misc; then \ MODDIR="/lib/modules/misc"; \ elif test -d /lib/modules; then \ MODDIR="/lib/modules/misc"; \ fi; \ $(mkinstalldirs) $(DESTDIR)$${MODDIR}; \ list='@sh_lkm@'; for p in $$list; do \ echo " cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`"; \ cp $$p $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'` ; \ chown root $(DESTDIR)$${MODDIR}/`echo $$p|sed 's%samhain%@install_name@%'`; \ done; \ if test "x$(DESTDIR)" = x; then \ echo " depmod -a || /sbin/depmod -a"; \ depmod -a || /sbin/depmod -a; \ fi; \ fi uninstall-lkm: @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm";\ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-lkm install-program: $(PROGRAMS) sstrip @$(mkinstalldirs) $(DESTDIR)$(sbindir) @if test x$(mytmpdir) != x; then \ $(mkinstalldirs) $(DESTDIR)$(mytmpdir); \ fi @list='$(PROGRAMS)'; for p in $$list; do \ if test -f $$p; then \ echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ chmod 0700 $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ echo " ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`"; \ ./sstrip $(DESTDIR)$(sbindir)/`echo $$p|sed 's%samhain%@install_name@%'|sed 's%yule%@install_name@%'`; \ else :; fi; \ done uninstall-program: @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program";\ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-program # # -- data files # install-user: @if test "x@need_user_install@" = x1; then \ echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@"; \ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-user @myident@; \ fi @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ echo " chown root $(DESTDIR)$(mydatadir)"; \ chown root $(DESTDIR)$(mydatadir); \ echo " chmod 755 $(DESTDIR)$(mydatadir)"; \ chmod 755 $(DESTDIR)$(mydatadir); \ echo " chown @myident@ $(DESTDIR)$(configfile)"; \ chown @myident@ $(DESTDIR)$(configfile); \ if test x"$(mylogdir)" = "x/var/log"; then \ if test x"@myident@" = xroot; then \ :; \ else \ echo; \ echo " ----------------------------------------------------------------"; \ echo " Directory $(mylogdir) (log file) looks like a system directory."; \ echo " You may run into problems (need write access for user @myident@)."; \ echo " ----------------------------------------------------------------"; \ echo; \ fi; \ else \ echo " chown @myident@ $(DESTDIR)$(mylogdir)"; \ chown @myident@ $(DESTDIR)$(mylogdir); \ fi; \ fi install-data: trustfile @$(mkinstalldirs) $(DESTDIR)$(sysconfdir) @$(mkinstalldirs) $(DESTDIR)$(mylockdir) @$(mkinstalldirs) $(DESTDIR)$(mylogdir) @$(mkinstalldirs) $(DESTDIR)$(mydatadir); \ chmod 700 $(DESTDIR)$(mydatadir) @if test -f samhainrc.$(selectconfig); then \ :; \ else \ if test -f $(srcdir)/samhainrc.$(selectconfig); then \ cp $(srcdir)/samhainrc.$(selectconfig) . ; \ fi; \ fi; \ if test -f yulerc; then \ :; \ else \ if test -f $(srcdir)/yulerc.template; then \ cp $(srcdir)/yulerc.template yulerc; \ fi; \ fi; \ if test -f stealth_template.jpg; then \ :; \ else \ if test -f $(srcdir)/stealth_template.jpg; then \ cp $(srcdir)/stealth_template.jpg . ; \ fi; \ fi @if test -d /etc/logrotate.d; then \ if test ! -d $(DESTDIR)/etc/logrotate.d; then \ $(mkinstalldirs) $(DESTDIR)/etc/logrotate.d; \ fi; \ if test ! -f $(DESTDIR)/etc/logrotate.d/@install_name@; then \ if test -w $(DESTDIR)/etc/logrotate.d; then \ cp $(srcdir)/scripts/logrotate $(DESTDIR)/etc/logrotate.d/@install_name@; \ else \ echo "$(DESTDIR)/etc/logrotate.d not writable"; \ fi; \ else \ echo "$(DESTDIR)/etc/logrotate.d/@install_name@ exists, not overwriting"; \ fi; \ fi @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data"; \ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose install-data || \ echo " ERROR: Failed to install the configuration file to $(DESTDIR)$(configfile). You need to install the configuration file manually." @if test x"$(VFLAG)" = "x-DSH_WITH_SERVER"; then \ echo;\ echo " -----------------------------------------------------";\ echo " The server will run as user @myident@ if started with";\ echo " root privileges, otherwise as the user of the parent ";\ echo " process (use --enable-identity=USER to change).";\ echo;\ echo " You may want to use: make install-user";\ echo;\ echo " - to add the user @myident@ (if not existing already)";\ echo " - to chown the data directory $(mydatadir)";\ echo " - to chown the log file directory $(mylogdir)";\ echo " - to chown the configuration file $(configfile)";\ echo " -----------------------------------------------------";\ else \ if test "x@need_user_install@" = x1; then \ echo;\ echo " -----------------------------------------------------";\ echo " You may want to use: make install-user";\ echo;\ echo " - to add the user @myident@ (if not existing already)";\ echo " -----------------------------------------------------";\ fi; \ fi uninstall-data: @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data"; \ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-data # # -- man files # install-man: $(mkinstalldirs) $(DESTDIR)$(mandir)/man8 $(mkinstalldirs) $(DESTDIR)$(mandir)/man5 @if test -f $(top_srcdir)/man/samhain.8 ; then \ echo " $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8"; \ $(INSTALL_MAN) $(top_srcdir)/man/samhain.8 $(DESTDIR)$(mandir)/man8/@install_name@.8; \ fi @if test -f $(top_srcdir)/man/samhainrc.5 ; then \ echo " $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5"; \ $(INSTALL_MAN) $(top_srcdir)/man/samhainrc.5 $(DESTDIR)$(mandir)/man5/@install_name@rc.5; \ fi uninstall-man: @echo "./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man";\ ./samhain-install.sh --destdir=$(DESTDIR) --express --verbose uninstall-man #---------------------------------------------------------- # # BUILD rules # #---------------------------------------------------------- run: run-light run-light: all @echo "Building $(PACKAGE)-$(VERSION).run"; \ STAGE=$(PACKAGE)-$(VERSION); \ mkdir $$STAGE; \ if test x"$$?" != x0; then \ echo "ERROR ... mkdir $$STAGE failed"; \ exit 1; \ fi; \ $(MAKE) DESTDIR=$$STAGE install-light; \ rm -f $$STAGE/@sbindir@/@install_name@_stealth; \ echo "#! /bin/sh" > $$STAGE/setup.sh; \ if test x$(mytmpdir) != x; then \ echo "./mkinstalldirs @mytmpdir@ || exit 1" >> $$STAGE/setup.sh; \ fi; \ echo "./mkinstalldirs @sbindir@ || exit 1" >> $$STAGE/setup.sh; \ echo "./mkinstalldirs @sysconfdir@ || exit 1" >> $$STAGE/setup.sh; \ echo "./mkinstalldirs @mylockdir@ || exit 1" >> $$STAGE/setup.sh; \ echo "./mkinstalldirs @mylogdir@ || exit 1" >> $$STAGE/setup.sh; \ echo "./mkinstalldirs @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ echo "chmod 700 @mydataroot@ || exit 1" >> $$STAGE/setup.sh; \ if test -f $$STAGE/lib/modules; then \ RVER=`uname -r`; \ echo "chown root:root lib/modules/$$RVER/*" >> $$STAGE/setup.sh; \ if test -d /lib/modules/$$RVER; then \ echo "./mkinstalldirs /lib/modules/$$RVER" >> $$STAGE/setup.sh; \ echo "cp -p lib/modules/$$RVER/* /lib/modules/$$RVER/" >> $$STAGE/setup.sh; \ elif test -d /lib/modules/misc; then \ echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ elif test -d /lib/modules; then \ echo "./mkinstalldirs /lib/modules/misc" >> $$STAGE/setup.sh; \ echo "cp -p lib/modules/misc/* /lib/modules/misc/" >> $$STAGE/setup.sh; \ fi; \ echo "/sbin/depmod -a" >> $$STAGE/setup.sh; \ fi; \ temp=`echo $(sbindir) | sed s,^/,,`; \ echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ echo "cp -p $$temp/* $(sbindir) || exit 1" >> $$STAGE/setup.sh; \ temp=`echo $(sysconfdir) | sed s,^/,,`; \ echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ configfile=`echo @myconffile@ | sed 's%^REQ_FROM_SERVER%%'`; \ echo "test -f $$configfile || cp -p $$temp/* $$configfile" >> $$STAGE/setup.sh; \ echo "./samhain-install.sh --express --verbose install-boot || echo 'Cannot install init script'" >> $$STAGE/setup.sh; \ cp $(top_srcdir)/mkinstalldirs $$STAGE/; \ cp $(top_srcdir)/install-sh $$STAGE/; \ cp ./samhain-install.sh $$STAGE/; \ cp -r init/ $$STAGE/; \ chmod +x $$STAGE/setup.sh; \ chmod +x $$STAGE/samhain-install.sh; \ chmod +x $$STAGE/mkinstalldirs; \ chmod +x $$STAGE/install-sh; \ $(top_srcdir)/scripts/makeself/makeself.sh --header $(top_srcdir)/scripts/makeself/makeself-header.sh --nocomp --nomd5 --notemp $$STAGE $(PACKAGE)-$(VERSION).run "$(PACKAGE)_$(VERSION)_self_extracting_installer" ./setup.sh && \ rm -r $(PACKAGE)-$(VERSION) emerge-prepare: dist @echo "Building $(PACKAGE)-$(VERSION)"; \ test -f /etc/make.globals && . /etc/make.globals; \ test -f /etc/make.conf && . /etc/make.conf; \ echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ if test "x$${PORTDIR_OVERLAY}" = "x"; then \ COPY_TO="$${PORTDIR}"; \ else \ COPY_TO="$${PORTDIR_OVERLAY}"; \ fi; \ $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ echo "$(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ $(INSTALL_MAN) scripts/samhain.ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; emerge-prepare-light: dist @echo "Building $(PACKAGE)-$(VERSION)"; \ test -f /etc/make.globals && . /etc/make.globals; \ test -f /etc/make.conf && . /etc/make.conf; \ echo "$(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz"; \ $(INSTALL_MAN) $(PACKAGE)-$(VERSION).tar.gz $${DISTDIR}/@install_name@-$(VERSION).tar.gz; \ if test "x$${PORTDIR_OVERLAY}" = "x"; then \ COPY_TO="$${PORTDIR}"; \ else \ COPY_TO="$${PORTDIR_OVERLAY}"; \ fi; \ $(mkinstalldirs) $${COPY_TO}/app-admin/@install_name@; \ echo "$(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild";\ $(INSTALL_MAN) scripts/samhain.ebuild-light $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild; \ test -f $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION) && rm $${COPY_TO}/app-admin/@install_name@/files/digest-@install_name@-$(VERSION);\ ebuild $${COPY_TO}/app-admin/@install_name@/@install_name@-$(VERSION).ebuild digest; tbz2: emerge-prepare @emerge --buildpkgonly @install_name@; \ test -f /etc/make.globals && . /etc/make.globals; \ test -f /etc/make.conf && . /etc/make.conf; \ echo; \ echo "@install_name@-$(VERSION).tbz2 should be in $${PKGDIR}/All"; \ if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ else \ echo "Error ... cannot find package."; \ exit 1; \ fi; \ echo tbz2-light: emerge-prepare-light @emerge --buildpkgonly @install_name@; \ test -f /etc/make.globals && . /etc/make.globals; \ test -f /etc/make.conf && . /etc/make.conf; \ echo; \ if test -f $${PKGDIR}/All/@install_name@-$(VERSION).tbz2; then \ echo "Package $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 built."; \ mv $${PKGDIR}/All/@install_name@-$(VERSION).tbz2 $(PACKAGE)-$(VERSION).tbz2; \ rm -f $${PKGDIR}/app-admin/@install_name@-$(VERSION).tbz2; \ rm -rf $${PORTAGE_TMPDIR}/portage/@install_name@-$(VERSION); \ else \ echo "Error ... cannot find package."; \ exit 1; \ fi; \ echo emerge: emerge $(PACKAGE); deb-light: @echo "creating subdirectory debian"; \ mkdir -p debian; \ cp rules.deb-light debian/rules; \ chmod +x debian/rules; \ echo $(sbindir) | sed s,^/,, > debian/dirs; \ if test x$(mytmpdir) != x; then \ echo $(mytmpdir) | sed s,^/,, >> debian/dirs; \ fi; \ echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ echo etc/init.d >> debian/dirs; \ echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ if test "x@sh_lkm@" != x; then \ RVER=`uname -r`; \ if test -d /lib/modules/$$RVER; then \ echo "lib/modules/$$RVER" >> debian/dirs; \ elif test -d /lib/modules/misc; then \ echo "lib/modules/misc" >> debian/dirs; \ elif test -d /lib/modules; then \ echo "lib/modules/misc" >> debian/dirs; \ fi; \ fi; \ $(MAKE) deb-run deb: @echo "creating subdirectory debian"; \ mkdir -p debian; \ cp rules.deb debian/rules; \ chmod +x debian/rules; \ echo $(sbindir) | sed s,^/,, > debian/dirs; \ if test x$(mytmpdir) != x; then \ echo $(mytmpdir) | sed s,^/,, >> debian/dirs; \ fi; \ echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ echo etc/init.d >> debian/dirs; \ echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ echo $(mandir)/man5 | sed s,^/,, >> debian/dirs; \ echo $(mandir)/man8 | sed s,^/,, >> debian/dirs; \ echo usr/share/doc/$(PACKAGE) >> debian/dirs; \ if test "x@sh_lkm@" != x; then \ RVER=`uname -r`; \ if test -d /lib/modules/$$RVER; then \ echo "lib/modules/$$RVER" >> debian/dirs; \ elif test -d /lib/modules/misc; then \ echo "lib/modules/misc" >> debian/dirs; \ elif test -d /lib/modules; then \ echo "lib/modules/misc" >> debian/dirs; \ fi; \ fi; \ echo $(top_srcdir)/README > debian/docs; \ echo $(top_srcdir)/test/testtiger.txt >> debian/docs; \ echo $(srcsrc)/simple-bignum.tar.bz2 >> debian/docs; \ echo $(top_srcdir)/scripts/head.html >> debian/docs; \ echo $(top_srcdir)/scripts/foot.html >> debian/docs; \ echo $(top_srcdir)/samhain.jpg >> debian/docs; \ echo $(top_srcdir)/docs/BUGS >> debian/docs; \ echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ echo $(top_srcdir)/docs/MANUAL-2_3.html.tar >> debian/docs; \ echo $(top_srcdir)/docs/MANUAL-2_3.pdf >> debian/docs; \ echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ echo $(top_srcdir)/docs/README.sstrip >> debian/docs; \ echo $(top_srcdir)/docs/README.UPGRADE >> debian/docs; \ echo $(top_srcdir)/docs/README.win2K >> debian/docs; \ echo $(top_srcdir)/docs/TODO >> debian/docs; \ $(MAKE) deb-run deb-run: @maintainer=`gpg --list-secret-keys | grep 'uid ' | cut -d" " -f 5- | sed 's/^ *//' | sed q1`;\ if test "x$$maintainer" = x; then \ maintainer="$(DEFAULT_MAINTAINER)"; \ fi; \ echo "$(PACKAGE) ($(VERSION)-$(BUILD_NUM)) stable; urgency=low" > debian/changelog; \ echo >> debian/changelog; \ echo " * Initial release." >> debian/changelog; \ echo >> debian/changelog; \ echo " -- $$maintainer `date -R`" >> debian/changelog; \ echo >> debian/changelog; \ echo "Local variables:" >> debian/changelog; \ echo "mode: debian-changelog" >> debian/changelog; \ echo "End:" >> debian/changelog; \ cp $(top_srcdir)/COPYING debian/copyright; \ touch debian/README.debian; \ echo "Document: @install_name@-manual" > debian/@install_name@.doc-base; \ echo "Title: @install_name@ Manual" >> debian/@install_name@.doc-base; \ echo "Author: Rainer Wichmann" >> debian/@install_name@.doc-base; \ echo "Abstract: This manual describes what @install_name@ is" >> debian/@install_name@.doc-base; \ echo " and how it can be used to check the file integrity of your" >> debian/@install_name@.doc-base; \ echo " server." >> debian/@install_name@.doc-base; \ echo "Section: System/Security" >> debian/@install_name@.doc-base; \ echo >> debian/@install_name@.doc-base; \ echo >> debian/@install_name@.doc-base; \ echo "Format: Postscript" >> debian/@install_name@.doc-base; \ echo "Files: /usr/share/doc/@install_name@/manual.pdf.gz" >> debian/@install_name@.doc-base; \ echo >> debian/@install_name@.doc-base; \ echo "Format: HTML" >> debian/@install_name@.doc-base; \ echo "Index: /usr/share/doc/@install_name@/manual.html/index.html" >> debian/@install_name@.doc-base; \ echo "Files: /usr/share/doc/@install_name@/manual.html/*.html" >> debian/@install_name@.doc-base; \ if test -f /usr/lib/lsb/install_initd; then \ cp init/samhain.startLSB debian/@install_name@.init; \ else \ cp init/samhain.startLinux debian/@install_name@.init; \ fi; \ echo "Source: samhain" > debian/control; \ echo "Section: admin" >> debian/control; \ echo "Priority: optional" >> debian/control; \ echo "Maintainer: $$maintainer" >> debian/control; \ echo "Standards-Version: 3.2.1" >> debian/control; \ echo >> debian/control; \ echo "Package: @install_name@" >> debian/control; \ echo "Architecture: any" >> debian/control; \ echo "Depends: libc6" >> debian/control; \ echo "Description: File integrity checker" >> debian/control; \ echo " A file integrity checker" >> debian/control; \ echo "running debuild -us -uc"; \ debuild --preserve-envvar=PASSWORD -us -uc -b; \ DEBFILE=`find ../ -follow -maxdepth 1 -cnewer ./debian/control 2>/dev/null | grep '@install_name@_$(VERSION)' | grep '\.deb'`; \ if test x"$$DEBFILE" = x; then \ echo "Error ... cannot find package file"; \ exit 1; \ else \ echo "Package $$DEBFILE built."; \ cp $$DEBFILE ./$(PACKAGE)-$(VERSION)-$(BUILD_NUM).deb; \ ln -s ./$(PACKAGE)-$(VERSION)-$(BUILD_NUM).deb ./$(PACKAGE)-$(VERSION).deb; \ fi; \ echo # # Check samhain.spec # rpmspec-full: @grep 'install-light' samhain.spec >/dev/null 2>&1; \ if test x"$$?" = "x0"; then \ echo "Your samhain.spec is from rpm-light. Please run"; \ echo " .config.status to re-create the original samhain.spec"; \ exit 1; \ fi # when editing the spec file, make an additional blank after 'make' # to avoid that it matches on a second processing # rpmspec-light: samhain.spec @echo "Stripping docs from samhain.spec"; \ cat samhain.spec | sed 's,make DESTDIR=$${RPM_BUILD_ROOT} install,make DESTDIR=$${RPM_BUILD_ROOT} install-light,' | sed s,shkeep=yes,shkeep=no, | sed s,%doc.*,, | sed '/logrotate/! { s,%attr.*,, }' > samhain.spec-light; \ mv samhain.spec-light samhain.spec rpm-light: rpmspec-light distrpm rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ echo "Searching the RPM package below $$RPMTOP ..."; \ RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ echo; \ if test x"$$RPMFILE" = x; then \ echo "Error ... cannot find package file"; \ exit 1; \ else \ echo "Package $$RPMFILE built."; \ echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ fi; \ echo rpm: rpmspec-full distrpm rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ echo "Searching the RPM package below $$RPMTOP ..."; \ RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ echo; \ if test x"$$RPMFILE" = x; then \ echo "Error ... cannot find package file"; \ exit 1; \ else \ echo "Package $$RPMFILE built."; \ echo "Copying it to ./$(PACKAGE)-$(VERSION).rpm"; \ cp $$RPMFILE ./$(PACKAGE)-$(VERSION).rpm; \ fi; \ echo srpm-dist: rpmspec-full samhain.spec @cat samhain.spec | \ sed s%\-\-with\-base=.*\,[0123456789]*%% | \ sed s%\'\'%% > samhain.spec.m; \ mv samhain.spec.m samhain.spec $(MAKE) distrpm rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz srpm: rpmspec-full distrpm rpmbuild -ts ./$(PACKAGE)-$(VERSION).tar.gz solaris-pkg-light: all @STAGE=/tmp/samhain-pkg-staging; \ mkdir $$STAGE; \ if test x"$$?" != x0; then \ echo "ERROR ... mkdir $$STAGE failed"; \ exit 1; \ fi; \ $(MAKE) DESTDIR=$$STAGE install-light; $(MAKE) solaris-pkg-finish solaris-pkg: all @STAGE=/tmp/samhain-pkg-staging; \ mkdir $$STAGE; \ if test x"$$?" != x0; then \ echo "ERROR ... mkdir $$STAGE failed"; \ exit 1; \ fi; \ $(MAKE) DESTDIR=$$STAGE install; $(MAKE) solaris-pkg-finish solaris-pkg-finish: @STAGE=/tmp/samhain-pkg-staging; \ $(mkinstalldirs) $$STAGE/etc/init.d; \ $(INSTALL_SHELL) init/samhain.startSolaris $$STAGE/etc/init.d/@install_name@; \ (echo 'i pkginfo'; pkgproto $$STAGE=/ ) >prototype; \ user=`id | sed s,uid=[0123456789]*\(,, | sed s,\).*,,`; \ group=`id | sed s,.*gid=[0123456789]*\(,, | sed s,\).*,,`; \ cat prototype | grep -v 'none / ' | \ sed s,$$user\ $$group,root\ sys,g > prototype.1; \ rm -f prototype.2; \ while read line; do \ echo "$${line}" | egrep '^d none' >/dev/null 2>&1; \ if [ $$? = 0 ]; then \ dir=`echo "$${line}" | awk '{ print $$3 }'`; \ if [ -d "$$dir" ]; then \ echo "d none $${dir} ? ? ?" >> prototype.2; \ else \ echo "$${line}" >> prototype.2; \ fi; \ else \ echo "$${line}" >> prototype.2; \ fi; \ done < prototype.1; \ rm -f prototype && rm prototype.1 && mv prototype.2 prototype; \ echo "d none /etc/rc0.d ? ? ?" >> prototype; \ echo "d none /etc/rc1.d ? ? ?" >> prototype; \ echo "d none /etc/rc3.d ? ? ?" >> prototype; \ echo "l none /etc/rc3.d/S99@install_name@=/etc/init.d/@install_name@" >> prototype; \ echo "l none /etc/rc0.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ echo "l none /etc/rc1.d/K10@install_name@=/etc/init.d/@install_name@" >> prototype; \ ARCH=`uname -p`; \ PSTAMP=`date '+%c%y%m%d%H%M%S'`; \ echo "PKG=@install_name@" > pkginfo; \ echo "NAME=file integrity check" >> pkginfo; \ echo "VERSION=$(VERSION)" >> pkginfo; \ echo "CATEGORY=system" >> pkginfo; \ echo "CLASSES=none" >> pkginfo; \ echo "VENDOR=http://la-samhna.de/samhain" >> pkginfo; \ echo "EMAIL=support@la-samhna.de" >> pkginfo; \ echo "ARCH=$$ARCH" >> pkginfo; \ echo "PSTAMP=$$PSTAMP" >> pkginfo; \ pkgmk -o; \ pkgtrans -s /var/spool/pkg /tmp/samhain-pkg-staging/@install_name@.pkg @install_name@; \ if test -f /tmp/samhain-pkg-staging/@install_name@.pkg; then \ echo; \ cp /tmp/samhain-pkg-staging/@install_name@.pkg $(PACKAGE)-$(VERSION).pkg; \ echo "Package $(PACKAGE)-$(VERSION).pkg is ready for installation"; \ echo "to install, use: pkgadd -n -d $(PACKAGE)-$(VERSION).pkg all"; \ echo; \ rm -rf /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging; \ else \ echo; \ echo "**************************************************************"; \ echo "Error ... cannot find /tmp/samhain-pkg-staging/@install_name@.pkg."; \ echo "Keeping /var/spool/pkg/@install_name@ /tmp/samhain-pkg-staging"; \ if test -d /var/spool/pkg; then \ echo "**************************************************************"; \ else \ echo "************** /var/spool/pkg is missing *********************"; \ fi; \ echo; \ exit 1; \ fi depot-prep: all STAGE=/tmp/samhain-pkg-staging; \ mkdir $$STAGE; \ if test x"$$?" != x0; then \ echo "ERROR ... mkdir $$STAGE failed"; \ exit 1; \ fi; \ $(MAKE) DESTDIR=$$STAGE install; \ $(MAKE) DESTDIR=$$STAGE install-boot; \ cp hp_ux.psf $$STAGE; \ mkdir $$STAGE/sc; \ echo "#!/sbin/sh" > $$STAGE/sc/configure; \ echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/configure; \ echo "chmod 555 /sbin/init.d/samhain; chown bin:bin /sbin/init.d/@install_name@; (cd /sbin; ln -f -s /sbin/init.d/@install_name@ rc2.d/S900@install_name@; ln -f -s /sbin/init.d/@install_name@ rc1.d/K100@install_name@; )" >> $$STAGE/sc/configure; \ chmod +x $$STAGE/sc/configure; \ echo "#!/sbin/sh" > $$STAGE/sc/unconfigure; \ echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/unconfigure; \ echo "rm -f /sbin/rc2.d/S900@install_name@; rm -f /sbin/rc1.d/K100@install_name@" >> $$STAGE/sc/unconfigure; \ chmod +x $$STAGE/sc/unconfigure; \ echo "#!/sbin/sh" > $$STAGE/sc/preremove; \ echo "PATH=\$$SW_PATH; export PATH" >> $$STAGE/sc/preremove; \ echo "/sbin/init.d/@install_name@ stop" >> $$STAGE/sc/preremove; \ echo "exit 0" >> $$STAGE/sc/preremove; \ chmod +x $$STAGE/sc/preremove; depot: depot-prep (cd /tmp/samhain-pkg-staging && /usr/sbin/swpackage -v -s ./hp_ux.psf -x media_type=tape @ $(PACKAGE)-$(VERSION).depot) cp /tmp/samhain-pkg-staging/$(PACKAGE)-$(VERSION).depot . rm -rf /tmp/samhain-pkg-staging depot-light: depot #--------------------------------------------------------------- trustfile: $(srcsrc)/trustfile.c config.h $(COMPILE) $(VFLAG) -DSH_IDENT=\"@myident@\" -DTRUST_MAIN -DSL_ALWAYS_TRUSTED=@mytrust@ -o trustfile $(srcsrc)/trustfile.c sh_MK.h: config.h @echo "creating sh_MK.h"; \ echo "#ifndef SH_MK_H" > sh_MK.h; \ echo "#define SH_MK_H" >> sh_MK.h; \ $(top_srcdir)/c_bits.sh @my_key_1@ MKB >> sh_MK.h; \ $(top_srcdir)/c_bits.sh @my_key_2@ MKA >> sh_MK.h; \ $(top_srcdir)/c_bits.sh @my_key_3@ MKC >> sh_MK.h; \ $(top_srcdir)/c_bits.sh @my_key_4@ MKD >> sh_MK.h; \ echo "#endif" >> sh_MK.h sstrip: $(srcsrc)/sstrip.c Makefile $(BUILD_CC) -I. -o sstrip $(srcsrc)/sstrip.c encode: $(srcsrc)/encode.c Makefile $(BUILD_CC) -I. -o encode $(srcsrc)/encode.c config_xor.h: config.h encode @echo 'encode $(XOR_CODE) config.h'; \ sleep 1; \ ./encode $(XOR_CODE) config.h; \ mv x_config.h config_xor.h #.c.o: # @echo "./encode $(XOR_CODE) $< --> x_`echo $< |sed 's%.*/%%'`"; \ # ./encode $(XOR_CODE) $<; \ # echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`"; \ # $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $< |sed 's%.*/%%'`; \ # rm x_`echo $< |sed 's%.*/%%'` $(OBJECTS): encode internal.h @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c && \ rm x_`echo $@ |sed 's%\.o$$%%'`.c sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h @echo "$(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC)";\ $(COMPILE) $(VFLAG) -o sh_tiger_i.o -c $(srcsrc)/$(TIGER_SRC); samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \ ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \ $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \ rm x_samhain_setpwd.c samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c @echo '$(COMPILE) -o samhain_stealth $(srcsrc)/samhain_stealth.c'; \ ./encode $(XOR_CODE) $(srcsrc)/samhain_stealth.c; \ $(COMPILE) -o samhain_stealth x_samhain_stealth.c; \ rm x_samhain_stealth.c yulectl: encode config_xor.h $(srcsrc)/yulectl.c @echo '$(COMPILE) -o yulectl $(srcsrc)/yulectl.c $(LIBS_SOCK)'; \ ./encode $(XOR_CODE) $(srcsrc)/yulectl.c; \ $(COMPILE) -o yulectl x_yulectl.c $(LIBS_SOCK); \ rm x_yulectl.c $(SAMHAIN): internal.h $(OBJECTS) sh_tiger_i.o @-rm -f $(SAMHAIN) @echo "$(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY)"; \ $(LINK) sh_tiger_i.o $(OBJECTS) $(LIBS_TRY) CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \ $(srcsrc)/cutest_sh_utils.c \ $(srcsrc)/cutest_sh_unix.c \ $(srcsrc)/cutest_slib.c \ $(srcsrc)/cutest_zAVLTree.c \ $(srcsrc)/cutest_sh_hash.c \ $(srcsrc)/cutest_sh_tiger0.c CUTEST_OBJECTS = cutest_sh_tools.o \ cutest_sh_utils.o \ cutest_sh_unix.o \ cutest_slib.o \ cutest_zAVLTree.o \ cutest_sh_hash.o \ cutest_sh_tiger0.o $(CUTEST_OBJECTS): $(CUTEST_SOURCES) config_xor.h internal.h @echo "./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c --> x_`echo $@ |sed 's%\.o$$%%'`.c"; \ ./encode $(XOR_CODE) $(srcsrc)/`echo $@ |sed 's%\.o$$%%'`.c; \ echo "$(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c"; \ $(COMPILE) $(VFLAG) -o `echo $@ |sed 's%.*/%%'` -c x_`echo $@ |sed 's%\.o$$%%'`.c; \ rm x_`echo $@ |sed 's%\.o$$%%'`.c cutest: $(SOURCES) $(CUTEST_SOURCES) @$(MAKE) CUTEST='-DSH_CUTEST=1' intcutest $(srcsrc)/CuTestMain.c: $(SOURCES) $(CUTEST_SOURCES) $(srcsrc)/make-tests.sh cd $(srcsrc)/ && ./make-tests.sh >CuTestMain.c; intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/CuTestMain.c @$(COMPILE) -o CuTestMain.o -c $(srcsrc)/CuTestMain.c; \ $(COMPILE) -o CuTest.o -c $(srcsrc)/CuTest.c; \ rm -f samhain.o; \ ./encode $(XOR_CODE) $(srcsrc)/samhain.c; \ $(COMPILE) $(VFLAG) -o samhain.o -c x_samhain.c; \ rm x_samhain.c; \ $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ test -f ./intcutest && mv ./intcutest ./cutest; \ ./cutest runcutest: gdb ./cutest samhain_hide.o: $(srcsrc)/samhain_hide.c samhain_erase.o gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_hide.c samhain_erase.o: $(srcsrc)/samhain_erase.c gcc @lkm_inc@ -I. -Wall -O2 -c $(srcsrc)/samhain_erase.c # -- NEW -- samhain_hide.ko: $(srcsrc)/samhain_hide.c @test -d m_comp || mkdir m_comp; \ echo "KVERSION := \$$(shell uname -r)" > m_comp/Makefile;\ echo "KSOURCE ?= /lib/modules/\$$(KVERSION)/build" >> m_comp/Makefile;\ echo "obj-m := samhain_hide.o" >> m_comp/Makefile;\ echo ".PHONY: modules install clean modules_add" >> m_comp/Makefile;\ echo "install : modules_add" >> m_comp/Makefile;\ echo "modules modules_install clean:" >> m_comp/Makefile;\ echo "T\$$(MAKE) -C \$$(KSOURCE) \$$@ SUBDIRS=\$$(CURDIR) KBUILD_VERBOSE=2" | tr T '\t' >> m_comp/Makefile;\ cp config.h m_comp/; \ cp $(srcsrc)/samhain_hide.c m_comp/; \ cd m_comp && $(MAKE) modules @if test -f m_comp/samhain_hide.ko; then \ cp -p m_comp/samhain_hide.ko samhain_hide.ko; \ rm -rf m_comp/; \ else \ echo "Kernel module samhain_hide.ko not build"; \ exit 1; \ fi # -- NEW -- samhain_kmem.ko: $(srcsrc)/samhain_kmem.c @test -d m_comp || mkdir m_comp; \ echo "KVERSION := \$$(shell uname -r)" > m_comp/Makefile;\ echo "KSOURCE ?= /lib/modules/\$$(KVERSION)/build" >> m_comp/Makefile;\ echo "obj-m := @install_name@_kmem.o" >> m_comp/Makefile;\ echo ".PHONY: modules install clean modules_add" >> m_comp/Makefile;\ echo "install : modules_add" >> m_comp/Makefile;\ echo "modules modules_install clean:" >> m_comp/Makefile;\ echo "T\$$(MAKE) -C \$$(KSOURCE) \$$@ SUBDIRS=\$$(CURDIR) KBUILD_VERBOSE=2" | tr T '\t' >> m_comp/Makefile;\ cp config.h m_comp/; \ cp $(srcsrc)/samhain_kmem.c m_comp/@install_name@_kmem.c; \ cd m_comp && $(MAKE) modules @if test -f m_comp/@install_name@_kmem.ko; then \ cp -p m_comp/@install_name@_kmem.ko samhain_kmem.ko; \ rm -rf m_comp/; \ else \ echo "Kernel module samhain_kmem.ko not build"; \ exit 1; \ fi # -- NEW -- lkm: @sh_lkm@ # For kernel syscall monitoring kern_head: Makefile $(top_srcdir)/include/kern_head.h $(srcsrc)/kern_head.c @echo "$(BUILD_CC) -I. -I./include -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM)"; \ $(BUILD_CC) -I. -I./include -DSYSTEMMAP=\"@systemmap@\" -o kern_head $(srcsrc)/kern_head.c $(LIBS_KVM) sh_ks.h: kern_head @sleep 1; \ ./kern_head > sh_ks.h sh_ks_xor.h: encode sh_ks.h @echo 'encode $(XOR_CODE) sh_ks.h'; \ sleep 1; \ ./encode $(XOR_CODE) sh_ks.h; \ mv x_sh_ks.h sh_ks_xor.h # For bignum internal.h: mkhdr @sleep 1; \ ./mkhdr bignum.o: internal.h # If your compiler can't handle long identifiers (> 6 chars), move the `#' to # the other line. mkhdr: $(srcsrc)/mkhdr.c config.h @echo "$(BUILD_CC) -I. -o mkhdr $(srcsrc)/mkhdr.c"; \ sleep 1; \ $(BUILD_CC) -I. -o mkhdr $(srcsrc)/mkhdr.c # $(COMPILE) -DBIG_SHORT_NAMES -o mkhdr $(srcdir)/mkhdr.c #---------------------------------------------------------- # # EXE PACKER rules # #---------------------------------------------------------- minilzo.o: $(srcsrc)/minilzo.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h config.h @echo "$(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c"; \ $(COMPILE) -DMINILZO_HAVE_CONFIG_H -o minilzo.o -c $(srcsrc)/minilzo.c exepack_mkdata: $(srcsrc)/exepack_mkdata.c $(srcinc)/lzoconf.h $(srcinc)/minilzo.h minilzo.o @echo "$(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c"; \ $(COMPILE) -o exepack_mkdata.o -c $(srcsrc)/exepack_mkdata.c; \ echo "$(LINK) exepack_mkdata.o minilzo.o"; \ $(LINK) exepack_mkdata.o minilzo.o # # prepare the data to be packed # exepack.data: $(SAMHAIN) exepack_mkdata sstrip @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ cp ./$(SAMHAIN) ./samhain.pk.data; \ echo "strip ./samhain.pk.data"; \ strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ echo "./sstrip ./samhain.pk.data"; \ ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ echo "./exepack_mkdata ./samhain.pk.data ./exepack.data 0"; \ ./exepack_mkdata ./samhain.pk.data ./exepack.data 0; \ echo "rm -f ./samhain.pk.data"; \ rm -f ./samhain.pk.data; exepack: $(srcsrc)/exepack.c minilzo.o exepack.data @echo "$(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c"; \ $(COMPILE) -o exepack.o -c $(srcsrc)/exepack.c; \ echo "$(LINK) exepack.o minilzo.o"; \ $(LINK) exepack.o minilzo.o; # # this program fills the data section with the binary # exepack_fill: $(srcsrc)/exepack_fill.c minilzo.o exepack @echo "$(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c"; \ $(COMPILE) -o exepack_fill.o -c $(srcsrc)/exepack_fill.c; \ echo "$(LINK) exepack_fill.o minilzo.o"; \ $(LINK) exepack_fill.o minilzo.o samhain.pk: $(SAMHAIN) exepack exepack_fill sstrip @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ cp ./$(SAMHAIN) ./samhain.pk.data; \ echo "strip ./samhain.pk.data"; \ strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ echo "./sstrip ./samhain.pk.data"; \ ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ test -f exepack.out && rm exepack.out; \ echo "./exepack_fill exepack samhain.pk.data exepack.out"; \ ./exepack_fill exepack samhain.pk.data exepack.out; \ chmod +x exepack.out; \ echo "strip exepack.out"; \ strip exepack.out > /dev/null 2>&1 || echo "... is already stripped"; \ ./sstrip exepack.out > /dev/null 2>&1 || echo "sstrip returned false"; \ echo "mv exepack.out samhain.pk"; \ rm -f samhain.pk; mv exepack.out samhain.pk samhain-packed: $(SAMHAIN) samhain_setpwd @echo "samhain_setpwd samhain new $(CLIENTPASSWD)"; \ samhain_setpwd samhain new $(CLIENTPASSWD); \ echo "rm -f samhain; mv samhain.new samhain"; \ rm -f samhain; mv samhain.new samhain; \ $(MAKE) samhain.pk; \ echo "rm -f samhain; mv samhain.pk samhain"; \ rm -f samhain; mv samhain.pk samhain #---------------------------------------------------------- # # DEPLOY rules # #---------------------------------------------------------- uninstall-deploy: rm -rf $(mydatadir)/profiles/source rm -rf $(mydatadir)/profiles/archpkg rm -rf $(mydatadir)/profiles/libexec rm -rf $(mydatadir)/profiles/tmp rm -rf $(mydatadir)/profiles/private @if test -f $(sbindir)/deploy.sh; then \ old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ if test x"$$old_deploy" = xold; then \ echo "rm -f $(sbindir)/deploy2.sh"; \ rm -f $(sbindir)/deploy2.sh; \ else \ echo "rm -f $(sbindir)/deploy.sh"; \ rm -f $(sbindir)/deploy.sh; \ fi; \ fi EXECFILES= comCHECKSRC comDOWNLOAD comBUILD comCLEAN comINSTALL \ funcDIALOG funcEXE funcPRINT funcSETUP funcBUILD funcINSTALL \ funcDB comUNINSTALL \ preinstall postinstall initscript # $(mydatadir)/profiles/ # | # | # |-- source -------------> (tarballs) # | # |-- configs ------------> (default configs) # | # |-- archpkg # | | # | |-- architecture -> (package, setup script) # | # |-- hosts # | | # | |-- hostname -----> (config) # | # |-- libexec ------------> (scripts) # | # |-- private ------------> (gpg key) # | # |-- tmp # install-deploy: deploy.sh samhain_stealth @echo "Creating directory tree under $(mydatadir)/profiles/"; \ $(mkinstalldirs) $(sbindir); \ $(mkinstalldirs) $(mydatadir)/profiles/source; \ $(mkinstalldirs) $(mydatadir)/profiles/configs; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/debian_i386; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/gentoo_i386; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/redhat_i386; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/linux_i386; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/freebsd_i386;\ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/solaris; \ $(mkinstalldirs) $(mydatadir)/profiles/archpkg/aix; \ $(mkinstalldirs) $(mydatadir)/profiles/hosts; \ $(mkinstalldirs) $(mydatadir)/profiles/libexec; \ $(mkinstalldirs) $(mydatadir)/profiles/private; \ $(mkinstalldirs) $(mydatadir)/profiles/tmp; \ if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc; then \ if test -f $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz; then \ echo "Installing source tarball"; \ $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz.asc \ $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz.asc; \ $(INSTALL_DATA) $(srcdir)/../$(PACKAGE)-$(VERSION).tar.gz \ $(mydatadir)/profiles/source/$(PACKAGE)-$(VERSION).tar.gz; \ fi; \ fi; \ echo "Installing default configs"; \ test -f $(mydatadir)/profiles/configs/freebsd_i386.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.freebsd \ $(mydatadir)/profiles/configs/freebsd_i386.samhainrc; \ test -f $(mydatadir)/profiles/configs/debian_i386.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ $(mydatadir)/profiles/configs/debian_i386.samhainrc; \ test -f $(mydatadir)/profiles/configs/gentoo_i386.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ $(mydatadir)/profiles/configs/gentoo_i386.samhainrc; \ test -f $(mydatadir)/profiles/configs/redhat_i386.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ $(mydatadir)/profiles/configs/redhat_i386.samhainrc; \ test -f $(mydatadir)/profiles/configs/linux_i386.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.linux \ $(mydatadir)/profiles/configs/linux_i386.samhainrc; \ test -f $(mydatadir)/profiles/configs/solaris.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.solaris \ $(mydatadir)/profiles/configs/solaris.samhainrc; \ test -f $(mydatadir)/profiles/configs/aix.samhainrc || \ $(INSTALL_DATA) $(srcdir)/samhainrc.aix5.2.0 \ $(mydatadir)/profiles/configs/aix.samhainrc; \ if test -f $(mydatadir)/profiles/configs/generic.configure; then \ :; \ else \ SH_FQDN_SYSTEM=`uname -n`; \ SH_FQDN_DOMAIN=`grep -i domain /etc/resolv.conf |grep -v "\#" |awk '{print $$2}' |head -1`; \ if test -n "$${SH_FQDN_SYSTEM}" -a -n "$${SH_FQDN_DOMAIN}"; then \ sh_thishost="$${SH_FQDN_SYSTEM}.$${SH_FQDN_DOMAIN}"; \ else \ sh_thishost="FQDN_MISSING"; \ fi; \ outfile=$(mydatadir)/profiles/configs/generic.configure; \ echo "'--enable-network=client'" > $$outfile; \ echo "'--with-logserver=$${sh_thishost}'" >> $$outfile; \ echo "'--with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file'" >> $$outfile; \ echo "'--with-config-file=REQ_FROM_SERVER/etc/samhainrc'" >> $$outfile; \ echo "'--enable-base=@mykeybase@'" >> $$outfile; \ fi; \ $(INSTALL_SHELL) $(srcdir)/mkinstalldirs \ $(mydatadir)/profiles/libexec; \ $(INSTALL_SHELL) $(srcdir)/install-sh \ $(mydatadir)/profiles/libexec; \ for ff in $(EXECFILES); do \ test -f $(srcdir)/dsys/$$ff && $(INSTALL_SHELL) $(srcdir)/dsys/$$ff \ $(mydatadir)/profiles/libexec; \ done; \ $(INSTALL_SHELL) samhain_stealth $(mydatadir)/profiles/libexec; \ test -f $(srcdir)/dsys/0F571F6C.asc && $(INSTALL_DATA) $(srcdir)/dsys/0F571F6C.asc \ $(mydatadir)/profiles/private; \ convert +compress $(srcdir)/stealth_template.jpg stealth_template.ps >/dev/null || \ { echo "*"; echo "* 'convert' not found or not working, not installing"; echo "* $(mydatadir)/profiles/private/stealth_template.ps"; echo "* (only required for installing packages built with --enable-stealth)"; echo "*"; }; \ if test -f stealth_template.ps; then \ if test -f $(mydatadir)/profiles/private/stealth_template.ps; then \ :; \ else \ $(INSTALL_DATA) stealth_template.ps $(mydatadir)/profiles/private; \ fi; \ fi; \ if test -f $(sbindir)/deploy.sh; then \ old_deploy=`grep 'VERSION2' $(sbindir)/deploy.sh >/dev/null 2>&1 || echo old`; \ if test x"$$old_deploy" = xold; then \ echo "*"; echo "* Version 1 of deploy.sh found"; echo "*"; \ echo "* Installing $(sbindir)/deploy2.sh"; echo "*"; \ $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy2.sh; \ else \ echo "Installing $(sbindir)/deploy.sh"; \ $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ fi; \ else \ echo "Installing $(sbindir)/deploy.sh"; \ $(INSTALL_SHELL) deploy.sh $(sbindir)/deploy.sh; \ fi #---------------------------------------------------------- # # DISTRIBUTION rules # #---------------------------------------------------------- distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. # # 1) make distribution tarfile # 2) unpack the tarfile into distdir # 3) create build and install directories # 4) do the build in the build dir, with sources from distdir # 5) check (there are no subdirs, thus does nothing) # 6) install # 7) installcheck (equal to check, does nothing) # distcheck: dist -rm -rf $(distdir) GZIP=$(GZIP) $(TAR) zxf $(distdir).tar.gz mkdir $(distdir)/=build mkdir $(distdir)/=inst dc_install_base=`cd $(distdir)/=inst && pwd`; \ cd $(distdir)/=build \ && ../configure --srcdir=.. --prefix=$$dc_install_base \ && $(MAKE) \ && $(MAKE) install -rm -rf $(distdir) -rm -f $(distdir).tar.gz.asc @gpg -a --detach-sign $(distdir).tar.gz; \ $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc; \ rm -f $(distdir).tar.gz; \ rm -f $(distdir).tar.gz.asc; \ gzip --best $(distdir).tar mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz @echo "========================"; \ echo "$(PACKAGE)_signed-$(VERSION).tar.gz is ready for distribution"; \ echo "========================" # # create a tarfile for the distibution # distrpm: distdirrpm -chmod -R a+r $(distdir) -rm -rf $(distdir).tar.gz -rm -rf $(distdir).tar $(TAR) chof $(distdir).tar $(distdir) gzip -c --best $(distdir).tar > $(distdir).tar.gz -rm -rf $(distdir) dist: distdir -chmod -R a+r $(distdir) -rm -rf $(distdir).tar.gz -rm -rf $(distdir).tar $(TAR) chof $(distdir).tar $(distdir) gzip -c --best $(distdir).tar > $(distdir).tar.gz -rm -rf $(distdir) # # create a tarfile for the distibution # dist-sign: distdir -rm -f $(distdir)/scripts/samhain.ebuild -rm -f $(distdir)/scripts/samhain.ebuild-light -chmod -R a+r $(distdir) -rm -rf $(distdir).tar.gz -rm -rf $(distdir).tar $(TAR) chof $(distdir).tar $(distdir) gzip --best $(distdir).tar -rm -rf $(distdir) -rm -f $(distdir).tar.gz.asc gpg -a --detach-sign $(distdir).tar.gz $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc -rm -f $(distdir).tar.gz -rm -f $(distdir).tar.gz.asc gzip --best $(distdir).tar mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz # # same as dist # dist-all: distdir -chmod -R a+r $(distdir) GZIP=$(GZIP) $(TAR) chozf $(distdir).tar.gz $(distdir) -rm -rf $(distdir) # # create distribution directory and copy files into it # INITFILES=samhain.startIRIX samhain.startFreeBSD samhain.startSolaris \ samhain.startLSB samhain.startGentoo samhain.startLinux samhain.startHPUX \ samhain.startIRIX samhain.startMACOSX SCRIPTFILES=redhat_i386.client.spec check_samhain.pl samhainadmin.pl \ yuleadmin.pl samhain.ebuild samhain.ebuild-light samhain.spec distdir: distfilecheck -rm -f $(top_srcdir)/init/*~ -rm -f $(top_srcdir)/sql_init/*~ -rm -f $(top_srcdir)/dsys/*~ -rm -f $(top_srcdir)/docs/*~ -rm -f $(top_srcdir)/include/*~ -rm -f $(top_srcdir)/src/*~ -rm -f $(top_srcdir)/test/*~ -rm -f $(top_srcdir)/scripts/*~ (cd $(top_srcdir)/init && rm -f $(INITFILES)) (cd $(top_srcdir)/scripts && rm -f $(SCRIPTFILES)) -rm -rf $(distdir) mkdir $(distdir) -chmod 777 $(distdir) @for file in $(DISTFILES); do \ d=$(top_srcdir); \ if test -f $$d/$$file || test -d $$d/$$file; then \ cp -pr $$d/$$file $(distdir)/$$file; \ fi; \ done; \ cp scripts/samhain.spec $(distdir)/samhain.spec; \ rm -f $(distdir)/scripts/*.spec # # as distdir, but don't copy spec file from scripts # distdirrpm: distfilecheck -rm -rf $(distdir) mkdir $(distdir) -chmod 777 $(distdir) @if test -f ./samhain.spec; then \ :; \ else \ echo "Error: ./samhain.spec not found, please run configure"; \ exit 1; \ fi @cp -p samhain.spec $(distdir)/samhain.spec; \ for file in $(DISTFILES); do \ d=$(top_srcdir); \ if test -f $$d/$$file || test -d $$d/$$file; then \ if test x"$$file" = "xsamhain.spec"; then \ :; \ else \ cp -pr $$d/$$file $(distdir)/$$file; \ fi; \ fi; \ done; \ rm -f $(distdir)/scripts/*.spec distfilecheck: $(top_srcdir)/config.h.in $(top_srcdir)/depend.sum @for file in $(DISTFILES); do \ d=$(top_srcdir); \ if test -f $$d/$$file || test -d $$d/$$file; then \ : \ else \ echo "File not found: $$d/$$file"; \ fi; \ done @for file in $(SOURCES); do \ if test -f $$file; then \ : \ else \ echo "File not found: $$file"; \ fi; \ done # DO NOT DELETE THIS LINE samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_forward.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h sh_MK.h $(srcinc)/sh_schedule.h sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_ignore.h sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_nmail.h $(srcinc)/sh_forward.h $(srcinc)/sh_prelude.h $(srcinc)/sh_pthread.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h $(srcinc)/sh_checksum.h sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_inotify.h $(srcinc)/zAVLTree.h $(srcinc)/CuTest.h sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_forward.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_checksum.h sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/sh_hash.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_forward.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/sh_nmail.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h $(srcinc)/sh_registry.h $(srcinc)/sh_fInotify.h sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_forward.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h encode.o: $(srcsrc)/encode.c Makefile sstrip.o: $(srcsrc)/sstrip.c Makefile config.h trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h exepack_mkdata.o: $(srcsrc)/exepack_mkdata.c Makefile config.h $(srcinc)/minilzo.h minilzo.o: $(srcsrc)/minilzo.c Makefile $(srcinc)/minilzo.h slib.o: $(srcsrc)/slib.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h rijndael-alg-fst.o: $(srcsrc)/rijndael-alg-fst.c Makefile config_xor.h $(srcinc)/rijndael-alg-fst.h $(srcinc)/rijndael-boxes-fst.h rijndael-api-fst.o: $(srcsrc)/rijndael-api-fst.c Makefile config_xor.h $(srcinc)/rijndael-api-fst.h zAVLTree.o: $(srcsrc)/zAVLTree.c Makefile $(srcinc)/zAVLTree.h sh_socket.o: $(srcsrc)/sh_socket.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_socket.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/zAVLTree.h $(srcinc)/sh_html.h $(srcinc)/sh_tools.h sh_ignore.o: $(srcsrc)/sh_ignore.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/CuTest.h yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h $(srcinc)/sh_pthread.h sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/CuTest.h sh_pthread.o: $(srcsrc)/sh_pthread.c Makefile config_xor.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_modules.h sh_string.o: $(srcsrc)/sh_string.c Makefile config_xor.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h $(srcinc)/CuTest.h dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/zAVLTree.h sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h sh_filter.o: $(srcsrc)/sh_filter.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_filter.h sh_inotify.o: $(srcsrc)/sh_inotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/slib.h $(srcinc)/zAVLTree.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/CuTest.h sh_log_correlate.o: $(srcsrc)/sh_log_correlate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h sh_log_mark.o: $(srcsrc)/sh_log_mark.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_string.h $(srcinc)/sh_error_min.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h sh_audit.o: $(srcsrc)/sh_audit.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h sh_registry.o: $(srcsrc)/sh_registry.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_modules.h $(srcinc)/sh_hash.h $(srcinc)/sh_tiger.h sh_ipvx.o: $(srcsrc)/sh_ipvx.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h sh_restrict.o: $(srcsrc)/sh_restrict.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error_min.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/CuTest.h sh_filetype.o: $(srcsrc)/sh_filetype.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error_min.h $(srcinc)/sh_utils.h sh_sub.o: $(srcsrc)/sh_sub.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h sh_fInotify.o: $(srcsrc)/sh_fInotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h sh_checksum.o: $(srcsrc)/sh_checksum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_checksum.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h samhain-3.1.0/sql_init/0000755000175000017500000000000012017702015011751 500000000000000samhain-3.1.0/sql_init/samhain.postgres.init0000644000175000017500000000535611716225137016066 00000000000000CREATE SEQUENCE log_log_index_seq START 1; CREATE TABLE log ( log_index INTEGER NOT NULL, log_ref BIGINT NULL, log_host VARCHAR(64) NOT NULL DEFAULT 'localhost', log_time TIMESTAMP NOT NULL, log_sev VARCHAR(4) NOT NULL, log_msg TEXT, log_hash VARCHAR(32), entry_status VARCHAR(16) NOT NULL DEFAULT 'NEW', path TEXT, userid VARCHAR(8), grp VARCHAR(8), program VARCHAR(8), subroutine VARCHAR(16), status VARCHAR(12), hash VARCHAR(50), path_data TEXT, hash_data VARCHAR(50), key_uid VARCHAR(64), key_uid_data VARCHAR(64), key_id VARCHAR(16), module VARCHAR(8), return_code INTEGER, syscall VARCHAR(16), ip VARCHAR(46), tty VARCHAR(16), peer VARCHAR(64), fromhost VARCHAR(64), obj TEXT, interface VARCHAR(64), time VARCHAR(64), dir TEXT, linked_path TEXT, port INTEGER, service VARCHAR(64), facility VARCHAR(32), priority VARCHAR(32), syslog_msg TEXT, mode_old VARCHAR(16), mode_new VARCHAR(16), attr_old VARCHAR(16), attr_new VARCHAR(16), device_old VARCHAR(16), device_new VARCHAR(16), owner_old VARCHAR(9), owner_new VARCHAR(9), group_old VARCHAR(9), group_new VARCHAR(9), ctime_old TIMESTAMP, ctime_new TIMESTAMP, atime_old TIMESTAMP, atime_new TIMESTAMP, mtime_old TIMESTAMP, mtime_new TIMESTAMP, chksum_old VARCHAR(50), chksum_new VARCHAR(50), link_old TEXT, link_new TEXT, size_old NUMERIC(20), size_new NUMERIC(20), hardlinks_old NUMERIC(20), hardlinks_new NUMERIC(20), inode_old NUMERIC(20), inode_new NUMERIC(20), imode_old NUMERIC(20), imode_new NUMERIC(20), iattr_old NUMERIC(20), iattr_new NUMERIC(20), idevice_old NUMERIC(20), idevice_new NUMERIC(20), iowner_old NUMERIC(20), iowner_new NUMERIC(20), igroup_old NUMERIC(20), igroup_new NUMERIC(20), acl_old TEXT, acl_new TEXT ); CREATE UNIQUE INDEX log_log_index_key on log (log_index); CREATE INDEX ix_hash ON log (log_hash); CREATE INDEX ix_log_host ON log (log_host); CREATE INDEX ix_entry_status ON log (entry_status); GRANT INSERT ON log TO samhain; GRANT UPDATE ON log_log_index_seq TO samhain; GRANT SELECT ON log_log_index_seq TO samhain; samhain-3.1.0/sql_init/samhain.oracle.init0000644000175000017500000000607312015223437015454 00000000000000CREATE SEQUENCE log_log_index_seq START WITH 1; CREATE TABLE log ( log_index INTEGER NOT NULL, log_ref NUMBER(20) NULL, log_host VARCHAR2(64) DEFAULT 'localhost' NOT NULL, log_time DATE NOT NULL, log_sev VARCHAR2(4) NOT NULL, log_msg VARCHAR2(4000), log_hash VARCHAR2(32), entry_status VARCHAR2(16) DEFAULT 'NEW' NOT NULL, path CLOB, userid VARCHAR2(8), grp VARCHAR2(8), program VARCHAR2(8), subroutine VARCHAR2(16), status VARCHAR2(12), hash VARCHAR2(50), path_data VARCHAR2(4000), hash_data VARCHAR2(50), key_uid VARCHAR2(64), key_uid_data VARCHAR2(64), key_id VARCHAR2(16), module VARCHAR2(8), return_code INTEGER, syscall VARCHAR2(16), ip VARCHAR2(46), tty VARCHAR2(16), peer VARCHAR2(64), fromhost VARCHAR2(64), obj VARCHAR2(4000), interface VARCHAR2(64), time VARCHAR2(64), dir CLOB, linked_path CLOB, port INTEGER, service VARCHAR2(64), facility VARCHAR2(32), priority VARCHAR2(32), syslog_msg VARCHAR2(4000), mode_old VARCHAR2(16), mode_new VARCHAR2(16), attr_old VARCHAR2(16), attr_new VARCHAR2(16), device_old VARCHAR2(16), device_new VARCHAR2(16), owner_old VARCHAR2(9), owner_new VARCHAR2(9), group_old VARCHAR2(9), group_new VARCHAR2(9), ctime_old VARCHAR2(25), ctime_new VARCHAR2(25), atime_old VARCHAR2(25), atime_new VARCHAR2(25), mtime_old VARCHAR2(25), mtime_new VARCHAR2(25), chksum_old VARCHAR2(50), chksum_new VARCHAR2(50), link_old CLOB, link_new CLOB, size_old NUMBER(20), size_new NUMBER(20), hardlinks_old NUMBER(20), hardlinks_new NUMBER(20), inode_old NUMBER(20), inode_new NUMBER(20), imode_old NUMBER(20), imode_new NUMBER(20), iattr_old NUMBER(20), iattr_new NUMBER(20), idevice_old NUMBER(20), idevice_new NUMBER(20), iowner_old NUMBER(20), iowner_new NUMBER(20), igroup_old NUMBER(20), igroup_new NUMBER(20), acl_old VARCHAR2(4000), acl_new VARCHAR2(4000) ); CREATE UNIQUE INDEX log_log_index_key on log (log_index); CREATE INDEX ix_hash ON log (log_hash); CREATE INDEX ix_log_host ON log (log_host); CREATE INDEX ix_log_ref ON log (log_ref); CREATE INDEX ix_entry_status ON log (entry_status); GRANT INSERT ON log TO samhain; GRANT ALTER ON log_log_index_seq TO samhain; GRANT SELECT ON log_log_index_seq TO samhain; samhain-3.1.0/sql_init/samhain.mysql.init0000644000175000017500000000551111716225026015353 00000000000000CREATE DATABASE samhain; USE mysql; INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N'); USE samhain; CREATE TABLE samhain.log ( log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY, log_ref BIGINT UNSIGNED NULL, log_host VARCHAR(64) NOT NULL DEFAULT "localhost", INDEX ix_log_host (log_host), log_time DATETIME NOT NULL, log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL, log_msg BLOB, log_hash VARCHAR(32) NOT NULL, KEY ix_hash (log_hash), entry_status VARCHAR(16) NOT NULL DEFAULT "NEW", INDEX ix_entry_status (entry_status), path BLOB, userid VARCHAR(8), grp VARCHAR(8), program VARCHAR(8), subroutine VARCHAR(16), status VARCHAR(12), hash VARCHAR(50), path_data BLOB, hash_data VARCHAR(50), key_uid VARCHAR(64), key_uid_data VARCHAR(64), key_id VARCHAR(16), module VARCHAR(8), return_code INTEGER, syscall VARCHAR(16), ip VARCHAR(46), tty VARCHAR(16), peer VARCHAR(64), fromhost VARCHAR(64), obj BLOB, interface VARCHAR(64), time VARCHAR(64), dir BLOB, linked_path BLOB, port INTEGER, service VARCHAR(64), facility VARCHAR(32), priority VARCHAR(32), syslog_msg BLOB, mode_old VARCHAR(16), mode_new VARCHAR(16), attr_old VARCHAR(16), attr_new VARCHAR(16), device_old VARCHAR(16), device_new VARCHAR(16), owner_old VARCHAR(9), owner_new VARCHAR(9), group_old VARCHAR(9), group_new VARCHAR(9), ctime_old DATETIME, ctime_new DATETIME, atime_old DATETIME, atime_new DATETIME, mtime_old DATETIME, mtime_new DATETIME, chksum_old VARCHAR(50), chksum_new VARCHAR(50), link_old BLOB, link_new BLOB, size_old BIGINT UNSIGNED, size_new BIGINT UNSIGNED, hardlinks_old BIGINT UNSIGNED, hardlinks_new BIGINT UNSIGNED, inode_old BIGINT UNSIGNED, inode_new BIGINT UNSIGNED, imode_old BIGINT UNSIGNED, imode_new BIGINT UNSIGNED, iattr_old BIGINT UNSIGNED, iattr_new BIGINT UNSIGNED, idevice_old BIGINT UNSIGNED, idevice_new BIGINT UNSIGNED, iowner_old BIGINT UNSIGNED, iowner_new BIGINT UNSIGNED, igroup_old BIGINT UNSIGNED, igroup_new BIGINT UNSIGNED, acl_old BLOB, acl_new BLOB ); samhain-3.1.0/test/0000755000175000017500000000000012234450504011112 500000000000000samhain-3.1.0/test/testtimesrv.sh0000755000175000017500000002163111524600355013767 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE PIDFILE="$PW_DIR/.samhain_lock"; export PIDFILE BASE="${PW_DIR}/testrun_testdata"; export BASE TDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; export TDIRS TFILES="x y z"; export TFILES prep_testdata () { if test -d "$BASE"; then chmod -f -R 0700 "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}"; return 1; } fi rm -rf "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; return 1; } mkdir "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; return 1; } for ff in $TDIRS; do mkdir "${BASE}/${ff}" || { [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; return 1; } chmod 0755 "${BASE}/${ff}" for gg in $TFILES; do echo "This is a test file" > "${BASE}/${ff}/${gg}" chmod 0644 "${BASE}/${ff}/${gg}" done done } mkconfig_misc () { test -f "${RCFILE}" || touch "${RCFILE}" cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" </dev/null fi # ${TOP_SRCDIR}/configure --quiet --enable-debug --enable-xml-log --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PIDFILE --with-data-file=$PW_DIR/.samhain_file # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi prep_init && prep_testdata && echo "$TESTPOLICY" >>$RCFILE if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "prepare..."; return 1 fi ./samhain -t init -p none if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi chmod 0555 "${BASE}/a/x" chmod 0555 "${BASE}/b/x" ./samhain -t check -p none -l info -D count=0 until [ -f $PIDFILE ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then break; fi done if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "start daemon..."; else [ -z "$quiet" ] && log_msg_fail "start daemon..."; return 1 fi return 0 } MAXTEST=14; export MAXTEST die () { test -z "$stoponerr" && return 0; PID=`cat $PIDFILE` kill -9 $PID } killdaemon () { if [ -f $PIDFILE ]; then PID=`cat $PIDFILE` kill -9 $PID fi } check_err () { if [ ${2} -ne 0 ]; then die; [ -z "$quiet" ] && log_fail ${1} ${MAXTEST} "${3}"; return 1 else [ -z "$quiet" ] && log_ok ${1} ${MAXTEST} "${3}"; fi } daemontest_started () { PID=`cat $PIDFILE` kill -0 $PID check_err ${1} $? "started" } daemontest_sigterm () { PID=`cat $PIDFILE` kill -15 $PID count=0 while [ `kill -0 $PID` ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sigterm" return 1 fi done check_err ${1} 0 "sigterm" } daemontest_sigusr2 () { PID=`cat $PIDFILE` tmp=`grep 'File check completed' $LOGFILE | wc -l` kill -USR2 $PID kill -TTOU $PID count=0 tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` while [ $tmp2 -ne $2 ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sigusr2: suspend" return 1 fi tmp2=`grep 'SUSPEND' $LOGFILE | wc -l` done kill -USR2 $PID count=0 tmp2=$tmp while [ $tmp2 -eq $tmp ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sigusr2: wakeup" return 1 fi tmp2=`grep 'File check completed' $LOGFILE | wc -l` done check_err ${1} 0 "sigusr2" } daemontest_sigttou () { PID=`cat $PIDFILE` tmp=`grep 'File check completed' $LOGFILE | wc -l` kill -TTOU $PID count=0 tmp2=$tmp while [ $tmp2 -eq $tmp ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sigttou" return 1 fi tmp2=`grep 'File check completed' $LOGFILE | wc -l` done check_err ${1} 0 "sigttou" } daemontest_sighup () { if [ $2 -eq 1 ]; then echo "dir=${BASE}/b" >>$RCFILE tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "policy count (before)"; return 1 fi fi PID=`cat $PIDFILE` kill -HUP $PID if [ $2 -eq 1 ]; then kill -TTOU $PID count=0 tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` while [ $tmp -lt 2 ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then [ -z "$verbose" ] || log_msg_fail "policy count (after)"; return 1 fi tmp=`grep CRIT $LOGFILE | grep -v Runtime | wc -l` done fi count=0 tmp2=0 while [ $tmp2 -ne $2 ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sighup" return 1 fi tmp2=`grep 'Runtime configuration reloaded' $LOGFILE | wc -l` done check_err ${1} 0 "sighup" } daemontest_sigabrt () { PID=`cat $PIDFILE` kill -${3} $PID count=0 while [ -f $LOGFILE.lock ]; do one_sec_sleep let "count = count + 1" >/dev/null if [ $count -gt 12 ]; then check_err ${1} 1 "sigabrt" return 1 fi done kill -TTOU $PID five_sec_sleep if [ -f $LOGFILE.lock ]; then tmp=`grep '' $LOGFILE | wc -l` tst=$2; let "tst = tst + 2" >/dev/null; if [ $tmp -eq $tst ]; then check_err ${1} 0 "sigabrt" return 0 fi fi check_err ${1} 1 "sigabrt" } testtime0 () { log_start "DAEMON CONTROL" testtime0_int; tcount=1 trap 'killdaemon' 1 3 15 daemontest_started $tcount; let "tcount = tcount + 1" >/dev/null daemontest_sigttou $tcount; let "tcount = tcount + 1" >/dev/null daemontest_sigttou $tcount; let "tcount = tcount + 1" >/dev/null daemontest_sigttou $tcount; let "tcount = tcount + 1" >/dev/null daemontest_sigusr2 $tcount 1; let "tcount = tcount + 1" >/dev/null daemontest_sigusr2 $tcount 2; let "tcount = tcount + 1" >/dev/null daemontest_sigusr2 $tcount 3; let "tcount = tcount + 1" >/dev/null daemontest_sigabrt $tcount 1 ABRT; let "tcount = tcount + 1" >/dev/null daemontest_sigabrt $tcount 2 TTIN; let "tcount = tcount + 1" >/dev/null daemontest_sigabrt $tcount 3 ABRT; let "tcount = tcount + 1" >/dev/null daemontest_sighup $tcount 1; let "tcount = tcount + 1" >/dev/null daemontest_sighup $tcount 2; let "tcount = tcount + 1" >/dev/null daemontest_sighup $tcount 3; let "tcount = tcount + 1" >/dev/null daemontest_sigterm $tcount; log_end "DAEMON CONTROL" } samhain-3.1.0/test/testrun_1c.sh0000755000175000017500000002333611716476540013503 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" export BUILDOPTS MAXTEST=7; export MAXTEST ## Quarantine SUID/SGID files if found # # SuidCheckQuarantineFiles = yes ## Method for Quarantining files: # 0 - Delete or truncate the file. # 1 - Remove SUID/SGID permissions from file. # 2 - Move SUID/SGID file to quarantine dir. # # SuidCheckQuarantineMethod = 0 ## For method 0 and 2, really delete instead of truncating # # SuidCheckQuarantineDelete = yes SUIDPOLICY_7=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckExclude = ${BASE}/a/a SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = no SuidCheckQuarantineMethod = 2 SuidCheckQuarantineDelete = yes " mod_suiddata_7 () { one_sec_sleep chmod 4444 "${BASE}/a/a/y" chmod 4444 "${BASE}/a/a/a/y" mkdir "${BASE}/a/abc" touch "${BASE}/a/abc/y" chmod 4444 "${BASE}/a/abc/y" } chk_suiddata_7 () { one_sec_sleep tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}' | cut -c 1-10` if [ "x$tmp" = "x-r-Sr--r--" ]; then egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; return 1 fi else [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; return 1 fi tmp=`ls -l "${BASE}/a/a/a/y" 2>/dev/null | awk '{ print $1}' | cut -c 1-10` if [ "x$tmp" = "x-r-Sr--r--" ]; then egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y"; return 1 fi else [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/y (suid not kept)"; return 1 fi tmp=`ls -l "${BASE}/a/abc/y" 2>/dev/null | awk '{ print $1}' | cut -c 1-10` if [ "x$tmp" = "x-r-Sr--r--" ]; then egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/abc/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y"; return 1 fi return 0; else [ -z "$verbose" ] || log_msg_fail "${BASE}/a/abc/y (suid not kept)"; return 1 fi } SUIDPOLICY_6=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = no SuidCheckQuarantineMethod = 2 SuidCheckQuarantineDelete = yes " mod_suiddata_6 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_6 () { one_sec_sleep tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}' | cut -c 1-10` if [ "x$tmp" = "x-rwsr-xr-x" ]; then egrep "CRIT.*POLICY \[SuidCheck\].*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; return 1 fi return 0; else [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not kept)"; return 1 fi } SUIDPOLICY_5=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = yes SuidCheckQuarantineMethod = 2 SuidCheckQuarantineDelete = yes " mod_suiddata_5 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_5 () { one_sec_sleep if [ ! -f "${BASE}/a/a/x" ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x (erroneously deleted)"; return 1 fi if [ -f "${BASE}/a/a/y" ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not deleted)"; return 1 fi if [ -f .quarantine/y ]; then if [ -f .quarantine/y.info ]; then return 0; else [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; return 1 fi else [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; return 1 fi } SUIDPOLICY_4=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = yes SuidCheckQuarantineMethod = 2 SuidCheckQuarantineDelete = no " mod_suiddata_4 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_4 () { one_sec_sleep tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; return 1 fi if [ -f .quarantine/y ]; then if [ -f .quarantine/y.info ]; then return 0; else [ -z "$verbose" ] || log_msg_fail ".quarantine/y.info (missing)"; return 1 fi else [ -z "$verbose" ] || log_msg_fail ".quarantine/y (missing)"; return 1 fi } SUIDPOLICY_3=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = yes SuidCheckQuarantineMethod = 1 SuidCheckQuarantineDelete = no " mod_suiddata_3 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_3 () { one_sec_sleep tmp=`ls -l "${BASE}/a/a/y" 2>/dev/null | awk '{ print $1}' | cut -c 1-10` if [ "x$tmp" = "x-rwxr-xr-x" ]; then return 0; else [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (suid not removed)"; return 1 fi } SUIDPOLICY_2=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = yes SuidCheckQuarantineMethod = 0 SuidCheckQuarantineDelete = no " mod_suiddata_2 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_2 () { one_sec_sleep tmp=`cat "${BASE}/a/a/y" 2>/dev/null | wc -c` if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not truncated)"; return 1 fi } SUIDPOLICY_1=" [ReadOnly] file=${BASE} [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 10 SeveritySuidCheck = crit SuidCheckQuarantineFiles = yes SuidCheckQuarantineMethod = 0 SuidCheckQuarantineDelete = yes " mod_suiddata_1 () { one_sec_sleep chmod 4755 "${BASE}/a/a/y" } chk_suiddata_1 () { one_sec_sleep if [ -f "${BASE}/a/a/y" ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y (not removed)"; return 1 fi } prep_suidpolicy () { test -f "${RCFILE}" || touch "${RCFILE}" eval echo '"$'"SUIDPOLICY_$1"'"' >>"${RCFILE}" if [ "x$1" = "x5" ]; then chmod 4755 "${BASE}/a/a/x" fi } testrun_internal_1c () { [ -z "$verbose" ] || echo Working directory: $PW_DIR [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } if test -r "Makefile"; then $MAKE distclean >/dev/null fi ${TOP_SRCDIR}/configure ${BUILDOPTS} # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make DBGDEF=-DSH_SUIDTESTDIR=${BASE} ..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } tcount=1 POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` until [ -z "$POLICY" ] do prep_init check_err $? ${tcount}; errval=$? if [ $errval -eq 0 ]; then prep_testdata check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then prep_suidpolicy ${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_init check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval mod_suiddata_${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval chk_suiddata_${tcount} check_err $? ${tcount}; errval=$? fi if [ $testrun1_setup -eq 0 ]; then if [ $errval -eq 0 ]; then run_update check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check_after_update check_err $? ${tcount}; errval=$? fi fi # if [ $errval -eq 0 ]; then [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi let "tcount = tcount + 1" >/dev/null POLICY=`eval echo '"$'"SUIDPOLICY_$tcount"'"'` done return 0 } testrun1c () { log_start "RUN STANDALONE W/SUIDCHK" testrun_internal_1c log_end "RUN STANDALONE W/SUIDCHK" return 0 } samhain-3.1.0/test/testrun_2.sh0000755000175000017500000005000412041445172013316 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE RCFILE="$PW_DIR/testrc_2"; export RCFILE HTML="$PW_DIR/yule.html"; export HTML do_test_1 () { [ -z "$verbose" ] || { echo; echo "${S}Start Server${E}: ./yule -l info -p none &"; echo; } rm -f test_log_valgrind ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind & PROC_Y2=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; echo; } ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ --server-port=49778 >/dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; else [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; kill $PROC_Y kill $PROC_Y2 return 1 fi kill $PROC_Y kill $PROC_Y2 five_sec_sleep # cp ${LOGFILE} triple_test # cp ${LOGFILE}2 triple_test_2 egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server #2 start"; return 1 fi egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; return 1 fi egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; return 1 fi egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } return 0 } do_test_2 () { ORIGINAL="UseSeparateLogs=no" REPLACEMENT="UseSeparateLogs=yes" ex -s $RCFILE </dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; else [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; kill $PROC_Y return 1 fi kill $PROC_Y five_sec_sleep if [ -f ${LOGFILE}.${SH_LOCALHOST} ]; then remhost=${SH_LOCALHOST} else remhost=`echo $SH_LOCALHOST | sed 's,\..*,,'` fi if [ -f ${LOGFILE}.${remhost} ]; then CLIENTLOG="${LOGFILE}.${remhost}" else tail -n 1 ${SCRIPTDIR}/test.sh >/dev/null 2>&1 if [ $? -eq 0 ]; then CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` else CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -1` fi fi egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "remote_host.*Checking.*/bin" ${CLIENTLOG} >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "remote_host.*EXIT.*Samhain" ${CLIENTLOG} >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } rm -f ${LOGFILE}.${remhost} return 0 } do_test_3 () { ORIGINAL_1="ExportSeverity=none" REPLACEMENT_1="ExportSeverity=mark" ORIGINAL_2="UseSeparateLogs=yes" REPLACEMENT_2="UseSeparateLogs=no" ORIGINAL_3="LogSeverity=none" REPLACEMENT_3="LogSeverity=debug" ORIGINAL_4="# SetClientTimeLimit=1800" REPLACEMENT_4="SetClientTimeLimit=20" # takes too much time if we leave that in ORIGINAL_5="dir=1" REPLACEMENT_5="#dir=1" ex -s $RCFILE </dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 &"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind & if test x$? = x0; then PROC_S=$! # echo "PID is ${PROC_S}" [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; five_sec_sleep # Redirect the shells (un-)helpful job monitoring messages. # The 'disown' buildin is not portable. { kill -9 ${PROC_S}; sleep 40; } >/dev/null 2>&1 else [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; kill $PROC_Y return 1 fi if [ -t 0 ]; then # enable monitor mode again if interactive set -m fi kill $PROC_Y five_sec_sleep egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "remote_host.*File check completed.*" ${LOGFILE} >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "Time limit exceeded" ${LOGFILE} >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client dead detection"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } rm -f ${LOGFILE} return 0 } do_test_4 () { # don't know what is supported on the test platform, so # prepare for both (password and socket credential) # 'id -u' is posix if test -f /usr/xpg4/bin/id then me=`/usr/xpg4/bin/id -u` else me=`id -u` fi ORIGINAL_1="SetSocketAllowUid=0" REPLACEMENT_1="SetSocketAllowUid=$me" ex -s $RCFILE </dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } $MAKE yulectl >/dev/null if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "make yulectl"; kill $PROC_Y return 1 fi ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null if [ $? -ne 0 ]; then YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD ./yulectl -v -c RELOAD foobar1 >test_log_yulectl if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi fi ./yulectl -v -c RELOAD foobar2 >test_yulectl_log if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi ./yulectl -v -c RELOAD foobar3 >test_log_yulectl if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi ./yulectl -v -c LISTALL dummy >test_log_yulectl if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi tmp=`cat test_log_yulectl | grep RELOAD | wc -l` if [ $tmp -ne 3 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "command confirmation"; return 1 fi ./yulectl -v -c CANCEL foobar3 >test_log_yulectl if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi ./yulectl -v -c LISTALL dummy >test_log_yulectl if [ $? -ne 0 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "yulectl"; return 1 fi tmp=`cat test_log_yulectl | grep RELOAD | wc -l` if [ $tmp -ne 2 ]; then kill ${PROC_Y} [ -z "$verbose" ] || log_msg_fail "command confirmation"; return 1 fi kill ${PROC_Y} one_sec_sleep one_sec_sleep kill -9 ${PROC_Y} >/dev/null 2>&1 [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } return 0 } do_test_5 () { [ -z "$verbose" ] || { echo; echo "${S}Start Server${E}: ./yule -l info -p none &"; echo; } ( cat < test Current time: %T
EOF ) >head.html ( cat <
EOF ) >foot.html ( cat < %H %S %T EOF ) >entry.html ${VALGRIND} ./yule -l info -p none -e none \ >/dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep egrep '' $HTML >/dev/null 2>&1 if [ $? -ne 0 ]; then # rm -f head.html; rm -f foot.html; rm -f entry.html; kill $PROC_Y [ -z "$verbose" ] || log_msg_fail "head.html (1)"; return 1 fi egrep '' $HTML >/dev/null 2>&1 if [ $? -ne 0 ]; then rm -f head.html; rm -f foot.html; rm -f entry.html; kill $PROC_Y [ -z "$verbose" ] || log_msg_fail "foot.html (1)"; return 1 fi [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; else kill $PROC_Y [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; return 1 fi cp $HTML ${HTML}.tmp kill $PROC_Y five_sec_sleep # rm -f head.html; rm -f foot.html; rm -f entry.html; egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "head.html"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "end head.html"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "entry.html"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "end entry.html"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "foot.html"; return 1 fi egrep '' ${HTML}.tmp >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "end foot.html"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } rm ${HTML}.tmp return 0 } testrun2_internal () { [ -z "$verbose" ] || { echo; echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo; } # # [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=client --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-encrypt=2 # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi # save binary and build server2 # cp samhain samhain.build || return 1 $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778 # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi # save binary and build server # cp yule yule.2 || return 1 $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2 # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi ##################################################################### # # rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock cp ${SCRIPTDIR}/testrc_2.in testrc_2 ./samhain.build -t init -p none if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi # Create a password SHPW=`./yule -G` if test x"$SHPW" = x; then [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" return 1 fi # Set in client ./samhain_setpwd samhain.build new $SHPW >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; else [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; return 1 fi mv samhain.build.new samhain.new || return 1 # Set in server ./samhain_setpwd yule new $SHPW >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; else [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; return 1 fi mv yule.new yule || return 1 # rm -f ./.samhain_log* rm -f ./.samhain_lock* SHCLT=`./yule -P $SHPW` if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; else [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; return 1 fi SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` AHOST=`find_hostname` SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` echo $SHCLT1 >> testrc_2 echo $SHCLT2 >> testrc_2 cp testrc_2 testrc_22 do_test_1 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client logging"; else [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client logging"; fi do_test_2 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, separate logfiles"; else [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, separate logfiles"; fi do_test_3 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Dead client detection"; else [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Dead client detection"; fi do_test_4 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket"; else [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket"; fi do_test_5 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file"; else [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file"; fi return $? } MAXTEST=5; export MAXTEST testrun2 () { log_start "RUN CLIENT/SERVER" if [ x"$1" = x ]; then [ -z "$quiet" ] && log_msg_fail "Missing hostname" fi # SH_LOCALHOST=$1; export SH_LOCALHOST # testrun2_internal # log_end "RUN CLIENT/SERVER" return 0 } samhain-3.1.0/test/testit.sh0000755000175000017500000000161311733675427012726 00000000000000#!/bin/sh # if test x$UID != x -a x$UID != x0; then TRUST="--with-trusted=0,2,$UID" else TRUST="--with-trusted=0,2,1000" fi export TRUST # PW_DIR=`pwd`; export PW_DIR RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE # OPTIONS="\ --enable-db-reload \ --enable-suidcheck \ --enable-login-watch \ --enable-mounts-check \ --enable-logfile-monitor \ --enable-process-check \ --enable-port-check \ --enable-xml-log \ --enable-userfiles \ --disable-shellexpand \ --disable-ipv6 \ " ./configure --quiet $TRUST \ --prefix=$PW_DIR \ --localstatedir=$PW_DIR \ --with-config-file=$RCFILE \ --with-log-file=$LOGFILE \ --with-pid-file=$PW_DIR/.samhain_lock \ --with-data-file=$PW_DIR/.samhain_file $OPTIONS if [ $? -ne 0 ]; then echo "Configure failed" exit 1 fi make samhain if [ $? -ne 0 ]; then echo "Make failed" exit 1 fi samhain-3.1.0/test/testrun_2b.sh0000755000175000017500000001434210743517235013474 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE RCFILE="$PW_DIR/testrc_2"; export RCFILE RCFILE_C="$PW_DIR/testrc_1.dyn"; export RCFILE_C SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS testrun2b_internal () { GPG="$1" [ -z "$verbose" ] || { echo; echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; echo; } [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } if test -r "Makefile"; then $MAKE distclean fi ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-checksum=no ${CLIENT_BUILDOPTS} >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 if [ $? -eq 0 ]; then tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ mv "./testrc.gpg.asc" "${RCFILE_C}" else tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ mv "./testrc.gpg.asc" "${RCFILE_C}" fi if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; else [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; return 1 fi # save binary and build server cp samhain samhain.build || return 1 $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi ##################################################################### # # rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} cp ${SCRIPTDIR}/testrc_2.in testrc_2 ./samhain.build -t init -p none if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi # Create a password SHPW=`./yule -G` if test x"$SHPW" = x; then [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" return 1 fi # Set in client ./samhain_setpwd samhain.build new $SHPW >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; else [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; return 1 fi mv samhain.build.new samhain.new || return 1 rm -f ./.samhain_log* rm -f ./.samhain_lock SHCLT=`./yule -P $SHPW` if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; else [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; return 1 fi SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` AHOST=`find_hostname` SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` echo $SHCLT1 >> testrc_2 echo $SHCLT2 >> testrc_2 cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} mv $PW_DIR/.samhain_file.asc ./file.${SH_LOCALHOST} ALTHOST=`find_hostname` cp "${RCFILE_C}" "./rc.${ALTHOST}" cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null } MAXTEST=1; export MAXTEST testrun2b () { log_start "RUN FULL CLIENT/SERVER W/GPG"; # if [ x"$1" = x ]; then [ -z "$quiet" ] && log_msg_fail "Missing hostname" fi # GPG=`find_path gpg` if [ -z "$GPG" ]; then log_skip 1 $MAXTEST 'gpg not found in $PATH' else eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null if [ $? -ne 0 ]; then log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' else SH_LOCALHOST=$1; export SH_LOCALHOST testrun2b_internal "$GPG" SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND do_test_1_a VALGRIND="${SAVE_VALGRIND}"; export VALGRIND if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; else [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging w/gpg"; fi if [ -n "$cleanup" ]; then rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} ALTHOST=`find_hostname` rm -f "./file.${ALTHOST}" rm -f "./rc.${ALTHOST}" fi fi fi log_end "RUN FULL CLIENT/SERVER W/GPG" } samhain-3.1.0/test/testrc_10000644000175000017500000001355510371412776012523 00000000000000##################################################################### # # Configuration file template for samhain. # ##################################################################### # # -- empty lines and lines starting with '#' are ignored # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # # SETUP for file system checking: # # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) To each policy, you can assign a severity (further below). # (iii) To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### [Misc] RedefUser0=-ATM [Attributes] # # for these files, only changes in permissions and ownership are checked # #file=/etc/mtab #file=/etc/ssh_random_seed #file=/etc/asound.conf #file=/etc/resolv.conf #file=/etc/localtime #file=/etc/ioctl.save #file=/etc/passwd.backup #file=/etc/shadow.backup # # There are files in /etc that might change (see above), # thus changing the timestamps on the directory special file. # Put it here as 'file', and in the ReadOnly section as 'dir'. # file=/etc [GrowingLogFiles] # # for these files, changes in signature, timestamps, and increase in size # are ignored # # Example for shell-style wildcard pattern # #file=/var/log/n* [IgnoreAll] #dir=-1/etc [IgnoreNone] #dir=-1/etc [Attributes] # dir=/opt/gnome/bin/ # file=/usr/bin/ssh [ReadOnly] # # for these files, only access time is ignored # #dir=/dev # dir=/usr/bin #dir=/usr/bin #dir=/lib #dir=/usr/lib #dir=/lib #dir=3/etc #dir=/tmp # file=/usr/bin/ssh # dir=1/home/rainer #[SuidCheck] #SuidCheckActive=T #SuidCheckExclude=/home [EventSeverity] # # Here you can assign severities to policy violations. # If this severity exceeds the treshold of a log facility (see below), # a policy violation will be logged to that facility. # # Severity for verification failures. # SeverityUser0=crit SeverityUser1=crit SeverityReadOnly=crit SeverityLogFiles=crit SeverityGrowingLogs=crit SeverityIgnoreNone=crit SeverityAttributes=crit # # We have a file in IgnoreAll that might or might not be present. # Setting the severity to 'info' prevents messages about deleted/new file. # SeverityIgnoreAll=warn # # Files : file access problems # Dirs : directory access problems # Names : suspect (non-printable) characters in a pathname # SeverityFiles=notice SeverityDirs=info SeverityNames=warn [Log] # # Set threshold severity for log facilities # Values: debug, info, notice, warn, mark, err, crit, alert, none. # 'mark' is used for timestamps. # # By default, everything equal to and above the threshold is logged. # The specifiers '*', '!', and '=' are interpreted as # 'all', 'all but', and 'only', respectively (like syslogd(8) does, # at least on Linux). # # MailSeverity=* # MailSeverity=!warn # MailSeverity==crit # MailSeverity=none LogSeverity=warn SyslogSeverity=none #ExportSeverity=none PrintSeverity=info # Restrict to certain classes of messages # MailClass = RUN #PreludeSeverity = err # Which system calls to log (execve, utime, unlink, dup, chdir, open, kill, # exit, fork, setuid, setgid, pipe) # # LogCalls = open #[Kernel] # # Setings this to 1/true/yes will activate the check for loadable # kernel module rootkits (Linux only) # #KernelCheckActive=1 #KernelCheckInterval = 20 #[Utmp] # # 0 to switch off, 1 to activate # #LoginCheckActive=1 # Severity for logins, multiple logins, logouts # #SeverityLogin=info #SeverityLoginMulti=warn #SeverityLogout=info # interval for login/logout checks # #LoginCheckInterval=60 [Misc] # # whether to become a daemon process Daemon=no # Custom format for message header # # %S severity # %T timestamp # %C class # # %F source file # %L source line # # MessageHeader="%S %T - %F - %L " # MessageHeader="/dev/null 2>&1 || COMP="gcc" fi fi fi log_start "EXTERNAL PROGRAM" [ -z "$verbose" ] || echo MAKE is $MAKE [ -z "$verbose" ] || { echo COMP is $COMP; echo; } # # standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } # if test -r "Makefile"; then ${MAKE} distclean >/dev/null fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/testrc_1ext --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi # # prepare the program # cat test/test_ext.c.in | sed -e "s%MYPWDIR%$PW_DIR/test_ext.res%g" > test_ext.c ${COMP} -o test_ext test_ext.c if test "x$?" != x0; then log_msg_fail "${COMP} -o test_ext test_ext.c" return 1 fi chmod +rx test_ext if test "x$?" != x0; then log_msg_fail "chmod +rx test_ext" return 1 fi # compute checksum and fix config file # cp test/testrc_1ext.in testrc_1ext CHKSUM=`./samhain -H $PW_DIR/test_ext | awk '{ print $2$3$4$5$6$7}'` echo "OpenCommand=$PW_DIR/test_ext" >> testrc_1ext echo "SetType=log" >> testrc_1ext echo "SetChecksum=$CHKSUM" >> testrc_1ext echo "SetEnviron=TZ=Europe/Berlin" >> testrc_1ext echo "SetFilterOr=ALERT" >> testrc_1ext echo "CloseCommand" >> testrc_1ext echo "OpenCommand=$PW_DIR/test_ext" >> testrc_1ext echo "SetType=log" >> testrc_1ext echo "SetChecksum=$CHKSUM" >> testrc_1ext echo "SetFilterOr=ALERT" >> testrc_1ext echo "CloseCommand" >> testrc_1ext rm -f $PW_DIR/test_ext.res rm -f $PW_DIR/pdbg.child rm -f $PW_DIR/pdbg.main ./samhain -p none # The shell is too fast ... one_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Logged by external C program test_ext (filtered: ALERT only):${E}"; echo; cat $PW_DIR/test_ext.res echo } tmp=`cat $PW_DIR/test_ext.res | wc -l` if [ $tmp -eq 8 ]; then tmp=`egrep 'RECV: \[EOF\]' $PW_DIR/test_ext.res | wc -l` if [ $tmp -eq 4 ]; then tmp=`egrep 'RECV: ALERT' $PW_DIR/test_ext.res | wc -l` if [ $tmp -eq 4 ]; then log_ok 1 ${MAXTEST}; else log_fail 1 ${MAXTEST}; fi else log_fail 1 ${MAXTEST}; fi else log_fail 1 ${MAXTEST}; fi ORIGINAL="SetChecksum=${CHKSUM}" REPLACEMENT="SetChecksum=DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF" ex -s "$PW_DIR/testrc_1ext" <|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # done for ff in $NDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi done } TESTPOLICY_15=" [Misc] DigestAlgo=SHA1 RedefReadOnly = +TXT [ReadOnly] dir=${BASE} " mod_testdata_15 () { mod_testdata_1 } chk_testdata_15 () { chk_testdata_1 } TESTPOLICY_14=" [Misc] DigestAlgo=MD5 RedefReadOnly = +TXT [ReadOnly] dir=${BASE} " mod_testdata_14 () { mod_testdata_1 } chk_testdata_14 () { chk_testdata_1 } # # combine file check schedule with one-shot mode # TESTPOLICY_13=" [ReadOnly] dir=99${BASE} " mod_testdata_13 () { one_sec_sleep echo "foobar" >"${BASE}/c/x"; # bad chmod 0555 "${BASE}/a/y"; # bad ORIGINAL='SetFilecheckTime=60' REPLACEMENT='FileCheckScheduleOne = 6 12 * * *' ex -s $RCFILE </dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; return 1 fi CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; NDIRS=""; test_dirs; return $? } TESTPOLICY_12=" [ReadOnly] dir=99${BASE} [IgnoreAll] dir=-1${BASE}/b [Attributes] dir=1${BASE}/a " mod_testdata_12 () { one_sec_sleep echo "foobar" >"${BASE}/b/x"; # ok echo "foobar" >"${BASE}/c/x"; # bad echo "foobar" >"${BASE}/a/x"; # ok chmod 0555 "${BASE}/a/a/x"; # bad chmod 0555 "${BASE}/a/a/a/x";# ok chmod 0555 "${BASE}/a/y"; # bad } chk_testdata_12 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 3 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; return 1 fi CDIRS="a a/a a/b a/c c"; NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; test_dirs; return $? } # # --- ACL/SELinux test case # TESTPOLICY_11=" [Misc] UseAclCheck=yes UseSelinuxCheck=yes [ReadOnly] dir=99${BASE} [IgnoreAll] dir=-1${BASE}/b [Attributes] dir=1${BASE}/a [Misc] UseSelinuxCheck = no UseAclCheck = no " mod_testdata_11 () { one_sec_sleep setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad } chk_testdata_11 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; return 1 fi CDIRS="a a/a a/b a/c c"; NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; test_dirs; return $? } TESTPOLICY_10=" [Misc] UseAclCheck=yes UseSelinuxCheck=yes [ReadOnly] dir=99${BASE} [IgnoreAll] dir=-1${BASE}/b [Attributes] dir=1${BASE}/a " mod_testdata_10 () { one_sec_sleep setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad } chk_testdata_10 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 5 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; return 1 fi CDIRS="a a/a a/b a/c c"; NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; test_dirs; return $? } TESTPOLICY_9=" [ReadOnly] dir=0${BASE}/b [Attributes] dir=2${BASE}/a/a " mod_testdata_9 () { echo "foobar" >"${BASE}/b/x"; echo "foobar" >"${BASE}/a/x"; echo "foobar" >"${BASE}/x"; } chk_testdata_9 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi CDIRS="b a/a a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; NDIRS="a c a/b a/c"; test_dirs; return $? } TESTPOLICY_8=" [ReadOnly] dir=1${BASE} [Attributes] dir=1${BASE}/a/a " mod_testdata_8 () { echo "foobar" >"${BASE}/a/x"; chmod 0555 "${BASE}/a/a/a/b/x"; } chk_testdata_8 () { # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi CDIRS="a b c a/a a/a/a a/a/b a/a/c"; NDIRS="a/b a/c a/a/a/a a/a/a/b a/a/a/c"; test_dirs; return $? } TESTPOLICY_7=" [ReadOnly] dir=${BASE} [Attributes] dir=${BASE}/a/a [GrowingLogFiles] dir=${BASE}/a/a/a [IgnoreAll] file=${BASE}/a/a/a/z dir=${BASE}/b [Misc] IgnoreMissing=${BASE}/a/[[:alnum:]]+/[[:alnum:]]+\$ IgnoreAdded=${BASE}/a/(b|c)/[[:alnum:]]+\$ " mod_testdata_7 () { one_sec_sleep echo "foobar" >"${BASE}/a/a/a/z" # ok echo "foobar" >"${BASE}/a/a/a/x" # bad echo "foobar" >"${BASE}/a/a/x" # ok echo "foobar" >"${BASE}/a/x" # bad chmod 0555 "${BASE}/a" # bad chmod 0555 "${BASE}/b" # ok rm "${BASE}/a/c/z" touch "${BASE}/a/c/zz2" } chk_testdata_7 () { tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 4 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi egrep "ERROR.*POLICY MISSING.*${BASE}/a/c/z" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/z"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/c/zz2" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/zz2"; return 1 fi egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/a/a/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/a/x"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; return 1 fi } TESTPOLICY_6=" [ReadOnly] dir=${BASE} [Attributes] file=${BASE}/a/y file=${BASE}/b/y file=${BASE}/c/y file=${BASE}/a/a/y file=${BASE}/a/b/y file=${BASE}/a/c/y file=${BASE}/a/a/a/y file=${BASE}/a/a/b/y file=${BASE}/a/a/c/y file=${BASE}/a/a/a/a/y file=${BASE}/a/a/a/b/y file=${BASE}/a/a/a/c/y " mod_testdata_6 () { one_sec_sleep for ff in $TDIRS; do echo "foobar" >"${BASE}/${ff}/x" chmod 0555 "${BASE}/${ff}/y" echo "foobar" >"${BASE}/${ff}/z" done } chk_testdata_6 () { count6=0 for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; fi tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; fi done egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/x"; return 1 fi let "count6 = count6 + 1" >/dev/null egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/${ff}/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/z"; return 1 fi let "count6 = count6 + 1" >/dev/null egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/${ff}/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/y"; return 1 fi let "count6 = count6 + 1" >/dev/null done tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne $count6 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi } TESTPOLICY_5=" [Attributes] dir=${BASE} file=${BASE}/a/a/c/x [ReadOnly] file=${BASE}/a/a/c/y [GrowingLogFiles] dir=${BASE}/a/a/c dir=${BASE}/a/a/b dir=${BASE}/a/b " mod_testdata_5 () { mod_testdata_4 echo "1 This is a xxxx file" > "${BASE}/a/a/b/x" # GrowingLogFiles echo "1 This is a test file" > "${BASE}/a/a/b/y" # GrowingLogFiles echo "2 This is a test file" >> "${BASE}/a/a/b/y" # GrowingLogFiles echo "1 This is a xxxx file bad" > "${BASE}/a/a/b/z" # GrowingLogFiles echo "2 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles echo "3 This is a xxxx file bad" >>"${BASE}/a/a/b/z" # GrowingLogFiles } chk_testdata_5 () { for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; fi tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; fi done done egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/x"; return 1 fi egrep "CRIT.*POLICY \[GrowingLogs\] C---------.*${BASE}/a/a/b/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/b/z"; return 1 fi egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; return 1 fi egrep "CRIT.*POLICY \[GrowingLogs\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; return 1 fi egrep "CRIT.*POLICY \[GrowingLogs\] C--------S.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; return 1 fi egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; return 1 fi egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; return 1 fi tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 9 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi } TESTPOLICY_4=" [Attributes] dir=${BASE} file=${BASE}/a/a/c/x [ReadOnly] file=${BASE}/a/a/c/y [LogFiles] dir=${BASE}/a/a/c dir=${BASE}/a/b " mod_testdata_4 () { one_sec_sleep echo "foobar" >> "${BASE}/a/a/x" # Attributes echo "foobar" > "${BASE}/a/a/c/foo" # new within LogFiles echo "foobar" >> "${BASE}/a/a/c/y" # ReadOnly echo "foobar" >> "${BASE}/a/a/c/x" # Attributes chmod 0555 "${BASE}/a/a/c/x" # Attributes chmod 0555 "${BASE}/a/a/c/z" # LogFiles echo "foobar" >> "${BASE}/a/b/x" # LogFiles echo "" > "${BASE}/a/b/y" # LogFiles chmod 0555 "${BASE}/a/b/z" # LogFiles touch "${BASE}/a/a/" # non-printable character in filename } chk_testdata_4 () { for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; fi tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; fi done done egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; return 1 fi egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; return 1 fi egrep "CRIT.*POLICY \[LogFiles\] -----M----.*${BASE}/a/a/c/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/z"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; return 1 fi egrep "CRIT.*POLICY ADDED.*033\[1;30m" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; return 1 fi egrep "WARN.*Weird filename.*033\[1;30m" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/\033[1;30m"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; return 1 fi tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 6 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi } TESTPOLICY_3=" [Attributes] dir=${BASE} file=${BASE}/a/a/c/x [ReadOnly] file=${BASE}/a/a/c/y [IgnoreAll] dir=${BASE}/a/a/c " mod_testdata_3 () { one_sec_sleep echo "foobar" > "${BASE}/a/b/foo" # new within Attributes chmod 0555 "${BASE}/a/b" echo "foobar" > "${BASE}/a/a/c/foo" # new within IgnoreAll echo "foobar" > "${BASE}/a/a/c/y" # ReadOnly chmod 0555 "${BASE}/a/a/c/x" # Attributes chmod 0555 "${BASE}/a/a/c/z" # IgnoreAll } chk_testdata_3 () { for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; fi tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; fi done done egrep "CRIT.*POLICY ADDED.*${BASE}/a/b/foo" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/foo"; return 1 fi egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; return 1 fi egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; return 1 fi tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 5 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi } TESTPOLICY_2=" [ReadOnly] dir=${BASE} file=${BASE}/a/a/c/x [IgnoreAll] dir=${BASE}/a/a/c " mod_testdata_2 () { # mod_testdata_1; one_sec_sleep touch "${BASE}/a/a/x" chmod 0555 "${BASE}/a/a/y" mv "${BASE}/a/b/y" "${BASE}/a/b/yy"; echo "1 This is a test file" > "${BASE}/a/b/y"; echo "2 This is a test file" >> "${BASE}/a/b/y"; echo "4 This is a test file" >> "${BASE}/a/b/z"; rm "${BASE}/a/b/yy"; # mv/rm to force new inode rm "${BASE}/a/b/l_y"; ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y"; echo "foobar" > "${BASE}/a/c/y" rm "${BASE}/a/a/c/y" echo "foobar" > "${BASE}/a/a/c/foo" chmod 0555 "${BASE}/a/a/c/x" chmod 0555 "${BASE}/a/a/c/z" } chk_testdata_2 () { for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then if [ x"${ff}/${gg}" = x"a/a/c/y" ]; then :; else [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checking)"; return 1 fi fi done done egrep "CRIT.*POLICY ADDED.*${BASE}/a/a/c/foo" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/foo"; return 1 fi egrep "CRIT.*POLICY MISSING.*${BASE}/a/a/c/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/y"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/c/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/c/x"; return 1 fi tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 10 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi } TESTPOLICY_1=" [Misc] RedefReadOnly = +TXT [ReadOnly] dir=${BASE} " mod_testdata_1 () { one_sec_sleep touch "${BASE}/a/a/x" chmod 0555 "${BASE}/a/a/y" mv "${BASE}/a/b/y" "${BASE}/a/b/yy"; echo "1 This is a test file" > "${BASE}/a/b/y"; echo "2 This is a test file" >> "${BASE}/a/b/y"; echo "4 This is a test file" >> "${BASE}/a/b/z"; rm "${BASE}/a/b/yy"; # mv/rm to force new inode rm "${BASE}/a/b/l_y"; ln -s "${BASE}/a/b/x" "${BASE}/a/b/l_y"; echo "foobar" > "${BASE}/a/c/y" # mv "${BASE}/b/x" "${BASE}/b/xx"; # mv/rm to force new inode mkdir "${BASE}/b/x" rm "${BASE}/b/xx"; # mv "${BASE}/b/y" "${BASE}/b/yy"; # mv/rm to force new inode ln -s "${BASE}/b/z" "${BASE}/b/y" rm "${BASE}/b/yy"; # rm "${BASE}/b/l_x"; echo "1 This is a test file" > "${BASE}/b/l_x"; } chk_testdata_1 () { for ff in $TDIRS; do # egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (checking)"; return 1 fi tmp=`egrep "Checking.*${BASE}/${ff}(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff} (multiple)"; return 1 fi # for gg in $TFILES; do egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then if [ "${BASE}/${ff}" != "${BASE}/b" ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (checksum)"; return 1 fi fi tmp=`egrep "Checksum.*${BASE}/${ff}/${gg}" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 1 ]; then if [ "${BASE}/${ff}" != "${BASE}/b" ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/${ff}/${gg} (multiple)"; return 1 fi fi done done # # # egrep "CRIT.*POLICY \[ReadOnly\] ----H---T-.*${BASE}/b" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/b"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] CL-I-M--TS.*${BASE}/b/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/b/y"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] CL-.-M--TS.*${BASE}/b/l_x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/b/l_x"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C--IHM--TS.*${BASE}/b/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/b/x"; return 1 fi # # # egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/a/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/y"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] ---I----T-.*${BASE}/a/b/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/y"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] -L-I----T-.*${BASE}/a/b/l_y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/l_y"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/a/b" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/b/z" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/b/z"; return 1 fi egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/a/c/y" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "${BASE}/a/c/y"; return 1 fi tmp=`grep CRIT $LOGFILE | wc -l` if [ $tmp -ne 11 ]; then [ -z "$verbose" ] || log_msg_fail "policy count"; return 1 fi for ff in x y z; do ./samhain --list-file "${BASE}/a/a/${ff}" -d "$PW_DIR/.samhain_file" > "$PW_DIR/.samhain_tmp" diff "$PW_DIR/.samhain_tmp" "${BASE}/a/a/${ff}" >/dev/null if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "diff $PW_DIR/.samhain_tmp ${BASE}/a/a/${ff}" return 1 fi done return 0 } ############################################################## # # Common subroutines # mkconfig_misc () { test -f "${RCFILE}" || touch "${RCFILE}" cat >> "${RCFILE}" <> "${RCFILE}" <> "${RCFILE}" <>"${RCFILE}" } prep_init () { rm -f ./.samhain_file rm -f "${LOGFILE}" rm -f ./.samhain_lock rm -f "${RCFILE}" mkconfig_sev mkconfig_log mkconfig_misc } run_init () { rm -f test_log_valgrind ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi } run_check () { if [ "x$1" = "x" ]; then logsev=debug else logsev=$1 fi ${VALGRIND} ./samhain -t check -p none -l $logsev 2>>test_log_valgrind if test x$? = x0; then ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv logfile..."; return 1 fi [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; return 1 fi } run_update () { ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "update..."; else [ -z "$quiet" ] && log_msg_fail "update..."; return 1 fi } run_check_after_update () { rm -rf $LOGFILE ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind if test x$? = x0; then # tmp=`./samhain -j -L $LOGFILE | grep CRIT | wc -l` if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "update not successful(?)"; return 1 fi # # wtmp may not be readable # tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l` if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "errors during check"; return 1 fi # [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } # [ -z "$verbose" ] || log_msg_ok "check(2)..."; else [ -z "$quiet" ] && log_msg_fail "check(2)..."; return 1 fi } prep_testdata () { if test -d "$BASE"; then if [ -d "${BASE}" ]; then chmod -f -R 0700 "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "chmod -f -R 0700 ${BASE}"; return 1; } fi fi rm -rf "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "rm -rf ${BASE}"; return 1; } mkdir "${BASE}" || { [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}"; return 1; } for ff in $TDIRS; do mkdir "${BASE}/${ff}" || { [ -z "$quiet" ] && log_msg_fail "mkdir ${BASE}/${ff}"; return 1; } chmod 0755 "${BASE}/${ff}" for gg in $TFILES; do echo "1 This is a test file" > "${BASE}/${ff}/${gg}" chmod 0644 "${BASE}/${ff}/${gg}" ln -s "${BASE}/${ff}/${gg}" "${BASE}/${ff}/l_${gg}" done echo "2 This is a test file" >> "${BASE}/${ff}/y" echo "2 This is a test file" >> "${BASE}/${ff}/z" echo "3 This is a test file" >> "${BASE}/${ff}/z" done } check_err () { if [ $1 -ne 0 ]; then log_fail ${2} ${MAXTEST}; return 1 fi return 0 } testrun_internal () { [ -z "$verbose" ] || echo Working directory: $PW_DIR [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } if test -r "Makefile"; then $MAKE distclean >/dev/null fi ${TOP_SRCDIR}/configure ${BUILDOPTS} # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } tcount=1 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` until [ -z "$POLICY" ] do prep_init check_err $? ${tcount}; errval=$? if [ $errval -eq 0 ]; then prep_testdata check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then prep_testpolicy ${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_init check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval mod_testdata_${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval chk_testdata_${tcount} check_err $? ${tcount}; errval=$? fi if [ $testrun1_setup -eq 0 ]; then if [ $errval -eq 0 ]; then run_update check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check_after_update check_err $? ${tcount}; errval=$? fi fi # if [ $errval -eq 0 ]; then [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi # let "tcount = tcount + 1" >/dev/null # if [ $tcount -eq 10 ]; then if [ -z "$doall" ]; then log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)' log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)' let "tcount = tcount + 2" >/dev/null else # 'id -u' is posix # if test -f /usr/xpg4/bin/id then my_uid=`/usr/xpg4/bin/id -u` else my_uid=`id -u` fi # if [ ${my_uid} -ne 0 ]; then log_skip 10 $MAXTEST 'ACL/SELinux test (you are not root)' log_skip 11 $MAXTEST 'ACL/SELinux test (you are not root)' let "tcount = tcount + 2" >/dev/null else SETFATTR=`find_path setfattr` if [ -z "$SETFATTR" ]; then log_skip 10 $MAXTEST 'ACL/SELinux test (setfattr not in path)' log_skip 11 $MAXTEST 'ACL/SELinux test (setfattr not in path)' let "tcount = tcount + 2" >/dev/null fi fi fi fi # POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` done return 0 } testrun1 () { log_start "RUN STANDALONE" testrun_internal log_end "RUN STANDALONE" return 0 } samhain-3.1.0/test/testrun_1d.sh0000755000175000017500000001311011653570756013475 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-process-check --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" export BUILDOPTS MAXTEST=3; export MAXTEST PROCPOLICY_3=" [ReadOnly] file=${BASE} [ProcessCheck] ProcessCheckActive = yes ProcessCheckPsPath = ${PW_DIR}/${SCRIPTDIR}/testrun_1d.sh ProcessCheckPsArg = --fake ProcessCheckMaxPid = 67000 " chk_procdata_3 () { one_sec_sleep egrep 'CRIT.*POLICY \[Process\] Fake pid: 66666[[:space:]]' $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Fake pid"; return 1 fi egrep 'CRIT.*POLICY \[Process\] Fake pid: [012345789]+[[:space:]]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Fake pids incorrect"; return 1 fi } PROCPOLICY_2=" [ReadOnly] file=${BASE} [ProcessCheck] ProcessCheckActive = yes " chk_procdata_2 () { one_sec_sleep egrep 'CRIT.*POLICY \[Process\] Hidden pid' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Hidden pids (ps)"; return 1 fi } PROCPOLICY_1=" [ReadOnly] file=${BASE} [ProcessCheck] ProcessCheckActive = yes ProcessCheckPsPath = ${PW_DIR}/${SCRIPTDIR}/testrun_1d.sh ProcessCheckPsArg = --hide " chk_procdata_1 () { one_sec_sleep egrep 'CRIT.*POLICY \[Process\] Hidden pid: [[:digit:]][[:space:]]' $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Hidden pids"; return 1 fi egrep 'CRIT.*POLICY \[Process\] Hidden pid: [[:digit:]][[:digit:]]+[[:space:]]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Hidden pids incorrect"; return 1 fi } prep_procpolicy () { test -f "${RCFILE}" || touch "${RCFILE}" eval echo '"$'"PROCPOLICY_$1"'"' >>"${RCFILE}" } testrun_internal_1d () { [ -z "$verbose" ] || echo Working directory: $PW_DIR [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } if test -r "Makefile"; then $MAKE distclean >/dev/null fi tcount=1 ${TOP_SRCDIR}/configure ${BUILDOPTS} # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } POLICY=`eval echo '"$'"PROCPOLICY_$tcount"'"'` until [ -z "$POLICY" ] do prep_init check_err $? ${tcount}; errval=$? if [ $errval -eq 0 ]; then prep_testdata check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then prep_procpolicy ${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_init check_err $? ${tcount}; errval=$? fi for iseq in 0 1 2 3 4 5 6 7 8 9; do rm -f "$LOGFILE" if [ $errval -eq 0 ]; then run_check info check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval chk_procdata_${tcount} check_err $? ${tcount}; errval=$? fi done # if [ $errval -eq 0 ]; then [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi let "tcount = tcount + 1" >/dev/null POLICY=`eval echo '"$'"PROCPOLICY_$tcount"'"'` done return 0 } testrun1d () { log_start "RUN STANDALONE W/PROCESSCHECK" testrun_internal_1d log_end "RUN STANDALONE W/PROCESSCHECK" return 0 } proc_pspath () { PS=ps for ff in /usr/ucb /bin /usr/bin; do if test -x "$ff/ps"; then PS="$ff/ps" break fi done echo "$PS" } proc_psarg () { OS=`uname -s` case $OS in *Linux*|*linux*) PSARG="-eT";; *OpenBSD*) PSARG="akx";; *) PS=`proc_pspath` $PS ax >/dev/null 2>&1 if test $? -eq 0; then one=`$PS ax | wc -l` else one=0 fi $PS -e >/dev/null 2>&1 if test $? -eq 0; then two=`$PS -e | wc -l` else two=0 fi if test $one -ge $two then PSARG="ax" else PSARG="-e" fi ;; esac echo "$PSARG" } proc_hide() { PSPATH=`proc_pspath` PSARG=`proc_psarg` "${PSPATH}" "${PSARG}" | egrep -v '^[[:space:]]*[[:digit:]]{1}[[:space:]]+' } proc_fake() { FAKE_PID=2 PSPATH=`proc_pspath` PSARG=`proc_psarg` "${PSPATH}" "${PSARG}" if [ x"${PSARG}" = x-eT ]; then echo "66666 66666 pts/2 S 0:14 THIS_IS_FAKE" else echo "66666 pts/2 S 0:14 THIS_IS_FAKE" fi } if [ "x$1" = "x--hide" ]; then proc_hide; exit 0; fi if [ "x$1" = "x--fake" ]; then proc_fake; exit 0; fi samhain-3.1.0/test/testrun_1e.sh0000755000175000017500000002122111665151347013472 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # BUILDOPTS="--quiet $TRUST --enable-debug=gdb --enable-xml-log --enable-port-check --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" export BUILDOPTS MAXTEST=5; export MAXTEST PORTPOLICY_5=" [ReadOnly] file=${BASE} [PortCheck] PortCheckActive = yes PortCheckUDP = no PortCheckInterface = 127.0.0.1 " chk_portdata_5 () { one_sec_sleep if [ -z "$PM" ]; then log_skip 5 $MAXTEST 'prelude-manager not found in $PATH' elif [ -z "$doall" ]; then log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' else tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' test_log_prelude 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; [ -z "$quiet" ] && log_fail 5 ${MAXTEST}; return 1 fi # [ -z "$quiet" ] && log_ok 5 ${MAXTEST}; fi return 0 } refine_portpolicy_5 () { echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" } PORTPOLICY_4=" [ReadOnly] file=${BASE} [PortCheck] PortCheckActive = yes PortCheckUDP = no " chk_portdata_4 () { one_sec_sleep egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Open ports"; return 1 fi } refine_portpolicy_4 () { cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ while read line; do echo "PortCheckSkip=$line" >>"${RCFILE}" done echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" } PORTPOLICY_3=" [ReadOnly] file=${BASE} [PortCheck] PortCheckActive = yes PortCheckUDP = no " chk_portdata_3 () { one_sec_sleep egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Open ports"; return 1 fi } refine_portpolicy_3 () { cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ while read line; do echo "PortCheckIgnore=$line" >>"${RCFILE}" done echo "PortCheckIgnore=2026/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2027/udp" >>"${RCFILE}" echo "PortCheckIgnore=2028/tcp" >>"${RCFILE}" echo "PortCheckIgnore=2029/udp" >>"${RCFILE}" } PORTPOLICY_2=" [ReadOnly] file=${BASE} [PortCheck] PortCheckActive = yes PortCheckUDP = no " chk_portdata_2 () { one_sec_sleep egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Open ports"; return 1 fi } refine_portpolicy_2 () { cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ while read line; do echo "PortCheckOptional=$line" >>"${RCFILE}" done } PORTPOLICY_1=" [ReadOnly] file=${BASE} [PortCheck] PortCheckActive = yes PortCheckUDP = no " chk_portdata_1 () { one_sec_sleep egrep 'CRIT.*POLICY \[ServiceNew\]' $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "Open ports"; return 1 fi } refine_portpolicy_1 () { cat "$LOGFILE" | grep ServiceNew | sed 's/.*port: //' | awk '{ print $1 }' | \ while read line; do echo "PortCheckRequired=$line" >>"${RCFILE}" done } prep_portpolicy () { test -f "${RCFILE}" || touch "${RCFILE}" eval echo '"$'"PORTPOLICY_$1"'"' >>"${RCFILE}" } run_check_prelude() { ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null if test x$? = x0; then ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv logfile..."; return 1 fi [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; return 1 fi } testrun_internal_1e () { [ -z "$verbose" ] || echo Working directory: $PW_DIR [ -z "$verbose" ] || { echo MAKE is $MAKE; echo; } # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } if test -r "Makefile"; then $MAKE distclean >/dev/null fi tcount=1 ${TOP_SRCDIR}/configure ${BUILDOPTS} # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi [ -z "$verbose" ] || { echo; echo "${S}Running test suite${E}"; echo; } POLICY=`eval echo '"$'"PORTPOLICY_$tcount"'"'` until [ -z "$POLICY" ] do prep_init check_err $? ${tcount}; errval=$? if [ $errval -eq 0 ]; then prep_testdata check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then prep_portpolicy ${tcount} check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_init check_err $? ${tcount}; errval=$? fi # if [ $errval -eq 0 ]; then eval refine_portpolicy_${tcount} check_err $? ${tcount}; errval=$? fi # rm -f "$LOGFILE" # PRELUDEPID=0 # if test ${tcount} -eq 5; then PM=`find_path prelude-manager` if [ -z "$PM" ]; then if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi elif [ -z "$doall" ]; then if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi else # # ${TOP_SRCDIR}/configure ${BUILDOPTS} --with-prelude # # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi # # if ! test -d /var/run/prelude-manager then [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; sudo mkdir /var/run/prelude-manager sudo chown prelude:rainer /var/run/prelude-manager sudo chmod 770 /var/run/prelude-manager fi if ! test -d /var/spool/prelude/samhain/global then [ -z "$verbose" ] || log_msg_ok "create /var/spool/prelude/samhain/global..."; sudo mkdir -p /var/spool/prelude/samhain/global sudo chown prelude:rainer /var/spool/prelude/samhain/global sudo chmod 770 /var/spool/prelude/samhain/global fi # # [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & PRELUDEPID=$! # # five_sec_sleep # # if [ $errval -eq 0 ]; then run_check_prelude check_err $? ${tcount}; errval=$? fi fi else if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi fi # if [ $errval -eq 0 ]; then eval chk_portdata_${tcount} check_err $? ${tcount}; errval=$? fi # if [ $errval -eq 0 ]; then if test ${tcount} -ne 5; then [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi fi let "tcount = tcount + 1" >/dev/null POLICY=`eval echo '"$'"PORTPOLICY_$tcount"'"'` if test $PRELUDEPID -ne 0; then kill $PRELUDEPID fi done return 0 } testrun1e () { log_start "RUN STANDALONE W/PORTCHECK" testrun_internal_1e log_end "RUN STANDALONE W/PORTCHECK" return 0 } samhain-3.1.0/test/testrun_2a.sh0000755000175000017500000002076611647310534013477 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE RCFILE="$PW_DIR/testrc_2"; export RCFILE SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="--quiet $TRUST --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --enable-suidcheck"; export CLIENT_BUILDOPTS do_test_1_a () { [ -z "$verbose" ] || { echo; echo "${S}Start Server${E}: ./yule -l info -p none &"; echo; } rm -f test_log_valgrind ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; else [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; kill $PROC_Y return 1 fi kill $PROC_Y five_sec_sleep egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "Checking.*/etc" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } return 0 } testrun2a_internal () { [ -z "$verbose" ] || { echo; echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo; } # # [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure ${CLIENT_BUILDOPTS} # # Limit suid check # BASE="${PW_DIR}"; export BASE # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE 'DBGDEF=-DSH_SUIDTESTDIR=\"${BASE}\"' > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi # save binary and build server # cp samhain samhain.build || return 1 $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi ##################################################################### # # rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} rm -f "./rc.${ALTHOST}" rm -f "./file.${ALTHOST}" cp ${SCRIPTDIR}/testrc_2.in testrc_2 ./samhain.build -t init -p none if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi # Create a password SHPW=`./yule -G` if test x"$SHPW" = x; then [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" return 1 fi # Set in client ./samhain_setpwd samhain.build new $SHPW >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; else [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; return 1 fi mv samhain.build.new samhain.new || return 1 rm -f ./.samhain_log* rm -f ./.samhain_lock SHCLT=`./yule -P $SHPW` if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; else [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; return 1 fi SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` AHOST=`find_hostname` SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` echo $SHCLT1 >> testrc_2 echo $SHCLT2 >> testrc_2 cp ./testrc_2 ./rc.${SH_LOCALHOST} mv ./.samhain_file ./file.${SH_LOCALHOST} chmod 644 ./rc.${SH_LOCALHOST} chmod 644 ./file.${SH_LOCALHOST} ALTHOST=`find_hostname` cp ./testrc_2 "./rc.${ALTHOST}" cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null chmod 644 ./rc.${ALTHOST} chmod 644 ./file.${ALTHOST} echo $SHPW > ./testpw } MAXTEST=5; export MAXTEST testrun2a () { log_start "RUN FULL CLIENT/SERVER"; # if [ x"$1" = x ]; then [ -z "$quiet" ] && log_msg_fail "Missing hostname" fi # SH_LOCALHOST=$1; export SH_LOCALHOST # testrun2a_internal do_test_1_a if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging"; else [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging"; fi # SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}" CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}" # SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp"; export CLIENT_BUILDOPTS # testrun2a_internal do_test_1_a if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "SRP disabled"; else [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled"; fi # SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt"; export CLIENT_BUILDOPTS # testrun2a_internal do_test_1_a if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Encryption disabled"; else [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled"; fi # SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"; export CLIENT_BUILDOPTS # testrun2a_internal do_test_1_a if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Encryption (v1)"; else [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)"; fi # SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"; export CLIENT_BUILDOPTS # testrun2a_internal do_test_1_a if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Encryption backward compat"; else [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat"; fi # if [ -n "$cleanup" ]; then rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} ALTHOST=`find_hostname` rm -f "./file.${ALTHOST}" rm -f "./rc.${ALTHOST}" fi # log_end "RUN FULL CLIENT/SERVER" } samhain-3.1.0/test/testhash.sh0000755000175000017500000001056611705342345013231 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE MAXTEST=2; export MAXTEST testhash () { log_start "HASH FUNCTION" C_LOGFILE="" ls /lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/lib/*/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/local/lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " fi fi fi fi if [ x"${C_LOGFILE}" = x ]; then log_msg_ok "Not testing --enable-logfile-monitor"; fi # # test standalone compilation # TEST="${S}standalone agent${E}" # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --enable-debug=gdb --quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-db-reload '--enable-login-watch' '--enable-mounts-check' ${C_LOGFILE} '--enable-port-check' '--enable-suidcheck' '--with-rnd=unix' # fail=0 # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>> test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; fail=1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; fail=1 fi # if [ $fail -eq 1 ]; then [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; return 1 fi # echo "Test results of the TIGER hash algorithm" > testhash.tmp echo >> testhash.tmp echo "(use samhain -H string to test)" >> testhash.tmp echo >> testhash.tmp ./samhain -H "" >> testhash.tmp ./samhain -H "abc" >> testhash.tmp ./samhain -H "Tiger" >> testhash.tmp ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789" >> testhash.tmp ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham" >> testhash.tmp ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge." >> testhash.tmp ./samhain -H "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proceedings of Fast Software Encryption 3, Cambridge, 1996." >> testhash.tmp ./samhain -H "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-" >> testhash.tmp # RESU=`diff testhash.tmp ${SCRIPTDIR}/testtiger.txt 2>/dev/null` if test "x${RESU}" = "x"; then [ -z "$quiet" ] && log_ok 1 ${MAXTEST}; else [ -z "$quiet" ] && log_fail 1 ${MAXTEST}; return 1 fi # # # TEST="${S}files${E}" # case $SCRIPTDIR in /*) testpath="${SCRIPTDIR}/testtiger.txt";; *) testpath="`pwd`/${SCRIPTDIR}/testtiger.txt";; esac # RESU=`./samhain -H ${testpath}` # if test x"$RESU" = x"${testpath}: 8125E439 4E7E20F9 24FD8E37 BC4D90C7 FC67F40C 1681F05D"; then [ -z "$quiet" ] && log_ok 2 ${MAXTEST}; else [ -z "$quiet" ] && log_fail 2 ${MAXTEST}; return 1 fi # log_end "HASH FUNCTION" return 0 } samhain-3.1.0/test/testcompile.sh0000755000175000017500000010121011664700312013715 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # dnmalloc + flawfinder + (36 * 3) MAXTEST=116; export MAXTEST run_dnmalloc () { fail=0 if test x$1 = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE clean > /dev/null 2>> test_log $MAKE test_dnmalloc > /dev/null 2>> test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make test_dnmalloc..."; else [ -z "$quiet" ] && log_msg_fail "make test_dnmalloc..."; fail=1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; if [ x"$3" = xskip ]; then [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "test dnmalloc"; fi fail=1 fi if [ $fail -eq 1 ]; then [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "test dnmalloc"; return 1 fi # fail=0 ./test_dnmalloc >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "run 1 completed..."; ./test_dnmalloc 300 12 3000 150000 400 >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "run 2 completed..."; ./test_dnmalloc 1 1 4000 10000000 1000 >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "run 3 completed..."; ./test_dnmalloc 1 1 4000 10000000 1000 >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "run 4 completed..."; else fail=1 fi else fail=1 fi else fail=1 fi else fail=1 fi # if test x$fail = x0; then [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "test dnmalloc"; return 0 else [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "test dnmalloc"; return 1 fi } run_uno () { if [ -z "$doall" ]; then [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (uno)"; return 0 fi # UNO=`find_path uno` # if [ -z "$UNO" ]; then log_skip $num $MAXTEST 'check w/uno (not in PATH)' return 0 fi # cd src/ stat=`uno -DHAVE_MMAP=1 -DUSE_UNO=1 -t -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` if [ $stat -ne 1 ]; then uno -DSH_WITH_CLIENT -DSH_WITH_SERVER -DHAVE_MMAP=1 -DUSE_UNO=1 -t -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 retval=1 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (uno)"; else retval=0 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (uno)"; fi cd .. return $retval } run_flawfinder () { flawfinder --minlevel=3 --quiet src/s*.c | \ egrep '^No hits found.' >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; else flawfinder --minlevel=3 --quiet src/s*.c >test_log 2>&1 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; return 1 fi } run_smatch () { export CDIR=`pwd`; if [ -z "$doall" ]; then [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; return 0 fi if [ ! -f "./x_samhain.c.sm" ]; then [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (skip sm)"; return 0 fi if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi if [ -f ../../static/sm_scripts/smatch.pm ]; then ( cd ../../static/sm_scripts; for i in ${CDIR}/*.c.sm ; do # echo $i; cat $i | ./unreached_code.pl | grep -v sh_threaded_module_run; cat $i | ./ampersand_missing.sh; cat $i | ./eqeq.pl; cat $i | ./for_bounds.pl; # doesn't work? cat $i | ./unchecked_returns.pl; cat $i | ./uninitialized.pl; # doesn't work? # from http://people.redhat.com/mstefani/wine/smatch/ if [ -f ./while_for_check.pl ]; then cat $i | ./while_for_check.pl; # works fi # --> end wine <-- # samhain specific modifications (list of free/malloc funcs) # doesn't seem to find anything useful if [ $memcheck = xsimple ]; then if [ -f ./samhain_unfree.pl ]; then cat $i | ./samhain_unfree.pl | \ egrep -v 'x_cutest_.*Test_' | \ egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; fi fi if [ $memcheck = xdebug ]; then if [ -f ./samhain_unfree_debug.pl ]; then cat $i | ./samhain_unfree_debug.pl | \ egrep -v 'x_cutest_.*Test_' | \ egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; fi fi # --> end samhain specific <-- echo malloc > list_null_funcs_uniq; echo getenv >> list_null_funcs_uniq; cat $i | ./deference_check.pl |\ egrep -v 'x_trustfile.c ... ... sl_trustfile' | \ egrep -v 'x_sh_mem.c '; rm -f list_null_funcs_uniq; # rm -f $i done ) >test_log_smatch 2>&1 if [ -f test_log_smatch ]; then lines=`cat test_log_smatch | wc -l` if [ $lines -ne 0 ]; then cat test_log_smatch rm -f test_log_smatch [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; return 1 fi fi [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; return 0 fi [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; return 0 } testmake () { fail=0 # # Compiler warnings can be OS specific, but at least # on Linux there should be none # isLinux=0 uname -a | grep Linux >/dev/null if [ $? -eq 0 ]; then isLinux=1 sed --in-place 's/-Wall/-Wall -Werror/' Makefile fi # if test x$1 = x0; then [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; $MAKE clean > /dev/null 2>> test_log $MAKE ${SMATCH} cutest > /dev/null 2>> test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; else [ -z "$quiet" ] && log_msg_fail "make cutest... $TEST"; fail=1 fi else [ -z "$quiet" ] && log_msg_fail "configure... $TEST"; if [ x"$3" = xskip ]; then [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST"; fi fail=1 fi if [ $isLinux -eq 1 ]; then sed --in-place 's/-Wall -Werror/-Wall/' Makefile fi if [ $fail -eq 1 ]; then [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; return 1 fi [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; return 0 } testcompile () { log_start "COMPILE" if [ "x$doall" = xon ]; then uname -a | grep x86_64 >/dev/null if [ $? -ne 0 ]; then if [ -f /usr/local/gcc-smatch/bin/gcc ]; then # FIXME SAVE_CC="${CC}" SMATCH="DBGDEF=--smatch"; export SMATCH SAVE_SMATCH="${SMATCH}"; export SAVE_SMATCH CC="/usr/local/gcc-smatch/bin/gcc"; export CC SMATCH_CC="${CC}" fi fi fi num=0 numfail=0 C_LOGFILE="" ls /lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/lib/*/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " else ls /usr/local/lib/libpcre* >/dev/null 2>&1 if [ $? -eq 0 ]; then C_LOGFILE=" --enable-logfile-monitor " fi fi fi fi if [ x"${C_LOGFILE}" = x ]; then log_msg_ok "Not testing --enable-logfile-monitor"; fi # # test dnmalloc # TEST="${S}check dnmalloc${E}" # ${TOP_SRCDIR}/configure --quiet > /dev/null 2>> test_log # let "num = num + 1" >/dev/null # run_dnmalloc 0 $num || let "numfail = numfail + 1" >/dev/null # # # test flawfinder # TEST="${S}check w/flawfinder${E}" # # let "num = num + 1" >/dev/null FLAWFINDER=`find_path flawfinder` # if [ -z "$FLAWFINDER" ]; then log_skip $num $MAXTEST 'check w/flawfinder (not in PATH)' else run_flawfinder 0 $num || let "numfail = numfail + 1" >/dev/null fi # # # test standalone compilation # TEST="${S}standalone w/suidcheck w/procchk${E}" # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck --enable-process-check > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone static w/suidcheck w/procchk${E}" # if test -r "Makefile"; then $MAKE distclean fi # [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-static --enable-suidcheck --enable-process-check ${C_LOGFILE} > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } # # test standalone compilation # TEST="${S}standalone w/procchk w/portchk${E}" # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone w/procchk w/portchk w/static${E}" # if test -r "Makefile"; then $MAKE distclean fi # [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check --enable-static > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } # # test standalone compilation # TEST="${S}standalone w/procchk w/portchk w/stealth${E}" # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-stealth=164 --enable-process-check --enable-port-check > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone w/mounts-check w/userfiles${E}" # if test -r "Makefile"; then $MAKE distclean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-mounts-check --enable-userfiles > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone w/timeserver and w/msgqueue${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-message-queue --with-timeserver=127.0.0.1 > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation with --with-nocl=PW # TEST="${S}standalone w/nocl w/logmon${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --enable-nocl="owl" --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test ${C_LOGFILE} > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/ debug # TEST="${S}standalone w/debug${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/ gpg # TEST="${S}standalone w/gpg${E}" # GPG=`find_path gpg` let "num = num + 1" >/dev/null # if [ -z "$GPG" ]; then log_skip $num $MAXTEST 'gpg not in PATH' let "num = num + 1" >/dev/null log_skip $num $MAXTEST 'gpg not in PATH' else if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null fi # # test standalone compilation w/stealth # TEST="${S}standalone w/stealth${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/loginwatch # TEST="${S}standalone w/login-watch${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/mysql # TEST="${S}standalone w/mysql${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/mysql and stealth # TEST="${S}standalone w/mysql+stealth${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=mysql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/postgresql # TEST="${S}standalone w/postgresql${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-xml-log --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation w/postgresql+stealth # TEST="${S}standalone w/postgresql+stealth${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-xml-log --enable-stealth=128 --with-database=postgresql --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone w/o mail w/unix_rnd${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-rnd=unix > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test standalone compilation # TEST="${S}standalone w/o external${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; # # test client/server compilation # TEST="${S}client/server application w/timeserver${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation w/prelude # TEST="${S}client/server application w/prelude${E}" # if [ -z "$doall" ]; then let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST"; let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST (smatch)"; let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST (uno)"; let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST"; let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST (smatch)"; let "num = num + 1" >/dev/null [ -z "$quiet" ] && log_skip $num ${MAXTEST} "$TEST (uno)"; else if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-prelude > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-prelude > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # fi # # test client/server compilation # TEST="${S}client/server application static w/timeserver${E}" # if test -r "Makefile"; then $MAKE clean fi # [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; SMATCH=""; export SMATCH; } # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 ${C_LOGFILE} > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-static --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-timeserver=127.0.0.1 > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # [ -z "${SMATCH_CC}" ] || { CC="${SMATCH_CC}"; export CC; SMATCH="${SAVE_SMATCH}"; export SMATCH; } # # test c/s compilation w/ gpg # TEST="${S}client/server application w/gpg${E}" # GPG=`find_path gpg` let "num = num + 1" >/dev/null # if [ -z "$GPG" ]; then log_skip $num $MAXTEST 'gpg not in PATH' let "num = num + 1" >/dev/null log_skip $num $MAXTEST 'gpg not in PATH' let "num = num + 1" >/dev/null log_skip $num $MAXTEST 'gpg not in PATH' let "num = num + 1" >/dev/null log_skip $num $MAXTEST 'gpg not in PATH' else if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --with-gpg=$GPG --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test ${C_LOGFILE} > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null fi # # test client/server compilation # TEST="${S}client/server application w/o srp, w/udp${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-udp --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation w/ debug # TEST="${S}client/server application w/debug${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test ${C_LOGFILE} > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation w/stealth # TEST="${S}client/server application w/stealth${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --enable-srp --enable-stealth=128 --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation w/logwatch # TEST="${S}client/server application w/login-watch,udp,no_ipv6${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --enable-udp --disable-ipv6 --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-ipv6 --enable-srp --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation # TEST="${S}client/server application w/o mail${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-mail --enable-srp --enable-stealth=128 --enable-debug --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # # test client/server compilation # TEST="${S}client/server application w/o external${E}" # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=server --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null # if test -r "Makefile"; then $MAKE clean fi # ${TOP_SRCDIR}/configure --quiet --enable-network=client --disable-srp --disable-external-scripts --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test > /dev/null 2>> test_log # let "num = num + 1" >/dev/null testmake $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_smatch $? $num || let "numfail = numfail + 1" >/dev/null let "num = num + 1" >/dev/null run_uno $? $num || let "numfail = numfail + 1" >/dev/null [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; } log_end "COMPILE" } samhain-3.1.0/test/test_log_db0000644000175000017500000000000011003133773013227 00000000000000samhain-3.1.0/test/testrun_2c.sh0000755000175000017500000003012612234420720013460 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE RCFILE="$PW_DIR/testrc_2"; export RCFILE HTML="$PW_DIR/yule.html"; export HTML SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS MAXTEST=4; export MAXTEST do_test_1_c () { [ -z "$verbose" ] || { echo; echo "${S}Start Server${E}: ./yule -l info -p none &"; echo; } rm -f test_log_valgrind ${VALGRIND} ./yule.2 -q -l info -p none >/dev/null 2>>test_log_valgrind & PROC_Y2=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; echo; } ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ --server-port=49778 >/dev/null 2>>test_log_valgrind & PROC_Y=$! five_sec_sleep [ -z "$verbose" ] || { echo; echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; echo; } ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; else [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; kill $PROC_Y kill $PROC_Y2 return 1 fi kill $PROC_Y kill $PROC_Y2 five_sec_sleep # cp ${LOGFILE} triple_test # cp ${LOGFILE}2 triple_test_2 egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server #2 start"; return 1 fi egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; return 1 fi egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; return 1 fi egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi [ -z "$VALGRIND" ] || { tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; if [ $tmp -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; cat test_log_valgrind return 1; fi; } return 0 } testrun_threesockets () { GPG="$1" [ -z "$verbose" ] || { echo; echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo GPG is $GPG; echo; } [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } if test -r "Makefile"; then $MAKE distclean fi ${TOP_SRCDIR}/configure --with-gpg=${GPG} --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C --with-checksum=no ${SERVER_BUILDOPTS} >/dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} cp ${SCRIPTDIR}/testrc_2.in testrc_2 ORIGINAL="DatabaseSeverity=none" REPLACEMENT="DatabaseSeverity=warn" ex -s $RCFILE < '"${DATE}"';" | mysql --password=samhain -u samhain samhain >test_log_db # egrep "START.*Yule" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start"; return 1 fi egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect"; return 1 fi egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check"; return 1 fi egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit"; return 1 fi return 0 } testrun2c () { log_start "RUN FULL CLIENT/SERVER W/MYSQL" # if [ -z "$doall" ]; then log_skip 1 $MAXTEST 'Client/server w/mysql (or use --really-all)' log_skip 2 $MAXTEST 'Client/server w/mysql (or use --really-all)' log_skip 3 $MAXTEST 'Client/server w/mysql (or use --really-all)' log_skip 4 $MAXTEST 'Client/server w/mysql (or use --really-all)' return 0 fi if [ x"$1" = x ]; then [ -z "$quiet" ] && log_msg_fail "Missing hostname" fi MYSQL=`find_path mysql` if [ -z "$MYSQL" ]; then log_skip 1 $MAXTEST "mysql not found"; log_skip 2 $MAXTEST "mysql not found"; log_skip 3 $MAXTEST "mysql not found"; log_skip 4 $MAXTEST "mysql not found"; return 1 else TEST=`echo "DESCRIBE log;" | mysql --password=samhain -u samhain samhain 2>/dev/null` if [ $? -ne 0 -o -z "$TEST" ]; then log_skip 1 $MAXTEST "mysql not default setup" log_skip 2 $MAXTEST "mysql not default setup" log_skip 3 $MAXTEST "mysql not default setup" log_skip 4 $MAXTEST "mysql not default setup" return 1 fi fi # SH_LOCALHOST=$1; export SH_LOCALHOST # DATE=`date '+%Y-%m-%d %T'` # testrun2a_internal # # BUILD Server 2 # cp ./yule ./yule.orig ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --with-port=49778 --with-database=mysql # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi cp yule yule.2 || return 1 # cp ./yule.orig ./yule # SHPW=`cat ./testpw` if test x"$SHPW" = x; then [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" return 1 fi rm -f ./testpw ./samhain_setpwd yule new $SHPW >/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; else [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; return 1 fi $MAKE clean >/dev/null || return 1 mv yule.new yule || return 1 # ORIGINAL="DatabaseSeverity=none" REPLACEMENT="DatabaseSeverity=info" ex -s $RCFILE </dev/null 2>>test_log five_sec_sleep netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Client/server w/mysql"; else NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l` if [ $NSOCK -ne 2 ]; then [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Three sockets open"; netstat -pand 2>/dev/null | grep yule else [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Three sockets open"; fi fi PID=`cat .samhain_lock` kill $PID else log_fail 3 ${MAXTEST} "Three sockets open"; fi # GPG=`find_path gpg` if [ -z "$GPG" ]; then log_skip 4 $MAXTEST 'gpg not found in $PATH' else eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null if [ $? -ne 0 ]; then log_skip 4 $MAXTEST 'public PGP key 0x0F571F6C not present' else testrun_threesockets "$GPG" if [ -f ./yule ]; then ./yule -D >/dev/null 2>>test_log five_sec_sleep netstat -pant 2>/dev/null | grep 49777 | grep yule >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Three sockets open (gpg)"; else NSOCK=`netstat -pand 2>/dev/null | grep STREAM | grep yule | wc -l` if [ $NSOCK -ne 2 ]; then [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Three sockets open (gpg)"; netstat -pand 2>/dev/null | grep yule else [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Three sockets open (gpg)"; fi fi PID=`cat .samhain_lock` kill $PID else log_fail 4 ${MAXTEST} "Three sockets open (gpg)"; fi fi fi # if [ -n "$cleanup" ]; then rm -f ./rc.${SH_LOCALHOST} rm -f ./file.${SH_LOCALHOST} ALTHOST=`find_hostname` rm -f "./file.${ALTHOST}" rm -f "./rc.${ALTHOST}" fi # log_end "RUN FULL CLIENT/SERVER W/MYSQL" } samhain-3.1.0/test/testrc_1ext.in0000644000175000017500000001061710026242021013622 00000000000000##################################################################### # # Configuration file template for samhain. # ##################################################################### # # -- empty lines and lines starting with '#' are ignored # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # # SETUP for file system checking: # # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) To each policy, you can assign a severity (further below). # (iii) To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### [Attributes] # # for these files, only changes in permissions and ownership are checked # # # There are files in /etc that might change, thus changing the directory # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. # [GrowingLogFiles] # # for these files, changes in signature, timestamps, and increase in size # are ignored # [ReadOnly] # # for these files, only access time is ignored # #dir=/usr/bin #dir=/bin #dir=3/etc [EventSeverity] # # Here you can assign severities to policy violations. # If this severity exceeds the treshold of a log facility (see below), # a policy violation will be logged to that facility. # # Severity for verification failures. # SeverityReadOnly=crit SeverityLogFiles=crit SeverityGrowingLogs=crit SeverityIgnoreNone=crit SeverityAttributes=crit # # We have a file in IgnoreAll that might or might not be present. # Setting the severity to 'info' prevents messages about deleted/new file. # SeverityIgnoreAll=info # # Files : file access problems # Dirs : directory access problems # Names : suspect (non-printable) characters in a pathname # SeverityFiles=crit SeverityDirs=crit SeverityNames=warn [Log] # # Set threshold severity for log facilities # Values: debug, info, notice, warn, mark, err, crit, alert, none. # 'mark' is used for timestamps. # # By default, everything equal to and above the threshold is logged. # The specifiers '*', '!', and '=' are interpreted as # 'all', 'all but', and 'only', respectively (like syslogd(8) does, # at least on Linux). # # MailSeverity=* # MailSeverity=!warn # MailSeverity==crit # MailSeverity=none PrintSeverity=none LogSeverity=none SyslogSeverity=none ExportSeverity=none ExternalSeverity=info [Utmp] # # 0 to switch off, 1 to activate # LoginCheckActive=1 # Severity for logins, multiple logins, logouts # SeverityLogin=info SeverityLoginMulti=warn SeverityLogout=info # interval for login/logout checks # LoginCheckInterval=60 [Misc] # # whether to become a daemon process Daemon=no # MessageHeader="%S %T - %F - %L :%C: " # the maximum time between client messages (seconds) # (this is a log server-only option; the default is 86400 sec = 1 day # # SetClientTimeLimit=1800 # time till next file check (seconds) SetFilecheckTime=600 # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # maximum time till next mail (seconds) SetMailTime=86400 # maximum number of queued mails SetMailNum=10 # where to send mail to SetMailAddress=root@localhost # mail relay host # SetMailRelay=relay.yourdomain.de # The binary. Setting the path will allow # samhain to check for modifications between # startup and exit. # # SamhainPath=/usr/local/bin/samhain # where to get time from # SetTimeServer=www.yourdomain.de # where to export logs to SetLogServer=localhost # timer for time stamps SetLoopTime=60 # report in full detail on modified files # ReportFullDetail = no # trusted users (root and the effective user are always trusted) # TrustedUser=bin # whether to test signature of files (init/check/none) # - if 'none', then we have to decide this on the command line - # ChecksumTest=init [External] samhain-3.1.0/test/testrc_2.in0000644000175000017500000001151211573754132013120 00000000000000-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ##################################################################### # # Configuration file template for samhain. # ##################################################################### # # -- empty lines and lines starting with '#' are ignored # -- you can PGP clearsign this file -- samhain will check (if compiled # with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### # # SETUP for file system checking: # # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) To each policy, you can assign a severity (further below). # (iii) To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # ##################################################################### [ReadOnly] # # for these files, only access time is ignored # # dir=/usr/bin # dir=/bin file = /var file = /bin file = /usr file = /tmp file = /etc dir=1/usr [EventSeverity] # # Here you can assign severities to policy violations. # If this severity exceeds the treshold of a log facility (see below), # a policy violation will be logged to that facility. # # Severity for verification failures. # SeverityReadOnly=crit SeverityLogFiles=crit SeverityGrowingLogs=crit SeverityIgnoreNone=crit SeverityAttributes=crit # # We have a file in IgnoreAll that might or might not be present. # Setting the severity to 'info' prevents messages about deleted/new file. # SeverityIgnoreAll=info # # Files : file access problems # Dirs : directory access problems # Names : suspect (non-printable) characters in a pathname # SeverityFiles=crit SeverityDirs=crit SeverityNames=warn [Log] # # Set threshold severity for log facilities # Values: debug, info, notice, warn, mark, err, crit, alert, none. # 'mark' is used for timestamps. # # By default, everything equal to and above the threshold is logged. # The specifiers '*', '!', and '=' are interpreted as # 'all', 'all but', and 'only', respectively (like syslogd(8) does, # at least on Linux). # # MailSeverity=* # MailSeverity=!warn # MailSeverity==crit # MailSeverity=none PrintSeverity=info #PRINTClass = "RUN FIL STAMP" LogSeverity=none SyslogSeverity=none ExportSeverity=none DatabaseSeverity=none #databaseseverity=info [Database] # setdbname=samhain # setdbtable=log setdbuser=samhain setdbpassword=samhain #AddToDBHash=log_msg # AddToDBHash=log_host UsePersistent = True [Utmp] # # 0 to switch off, 1 to activate # LoginCheckActive=1 # Severity for logins, multiple logins, logouts # SeverityLogin=info SeverityLoginMulti=warn SeverityLogout=info # interval for login/logout checks # LoginCheckInterval=60 [Misc] # # whether to become a daemon process Daemon=no SetOutgoingIP = 127.0.0.1 SetServerInterface = 127.0.0.1 UseSeparateLogs=no SetUseSocket = yes SetSocketAllowUid=0 SetSocketPassword=samhain SetClientFromAccept = yes SetUdpActive=no # the maximum time between client messages (seconds) # (this is a log server-only option; the default is 86400 sec = 1 day # # SetClientTimeLimit=1800 UseClientSeverity = yes UseClientClass = yes # Format for message headers # # MessageHeader="%S %T %F %L " # priority for peer != address as notified by client # (lookup may fail on firewalled client) # # SeverityLookup = warn # time till next file check (seconds) SetFilecheckTime=600 # Only highest-level (alert) reports will be mailed immediately, # others will be queued. Here you can define, when the queue will # be flushed (Note: the queue is automatically flushed after # completing a file check). # # maximum time till next mail (seconds) SetMailTime=86400 # maximum number of queued mails SetMailNum=10 # where to send mail to SetMailAddress=root@localhost # mail relay host # SetMailRelay=relay.yourdomain.de # The binary. Setting the path will allow # samhain to check for modifications between # startup and exit. # # SamhainPath=/usr/local/bin/samhain # where to get time from # SetTimeServer=www.yourdomain.de # where to export logs to SetLogServer=localhost # timer for time stamps SetLoopTime=10 # trusted users (root and the effective user are always trusted) # TrustedUser=bin # whether to test signature of files (init/check/none) # - if 'none', then we have to decide this on the command line - # ChecksumTest=check [Clients] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFsTXBGq0myA9XH2wRAju6AKDsNT3cVYHVs4z+ZHdFgPwOdvESewCfcIAY RsnSZyhwBGtlA+rf35/gcQw= =Rb0p -----END PGP SIGNATURE----- samhain-3.1.0/test/testrun_2d.sh0000755000175000017500000001031211131635471013462 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=postgresql"; export SERVER_BUILDOPTS CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS create_pgpass () { touch ~/.pgpass chmod 600 ~/.pgpass cat > ~/.pgpass << EOF localhost:*:samhain:samhain:samhain EOF } check_psql_log () { DATE="$1" rm -f test_log_db # PGPASSWORD=samhain; export PGPASSWORD create_pgpass psql -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" # egrep "START.*Yule" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server start (psql)"; return 1 fi egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client connect (psql)"; return 1 fi egrep "Checking.*/bin" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client file check (psql)"; return 1 fi egrep "EXIT.*Samhain" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Client exit (psql)"; return 1 fi egrep "EXIT.*Yule.*SIGTERM" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Server exit (psql)"; return 1 fi return 0 } MAXTEST=1; export MAXTEST testrun2d () { log_start "RUN FULL CLIENT/SERVER W/POSTGRESQL" # if [ -z "$doall" ]; then log_skip 1 $MAXTEST 'Client/server w/postgresql (or use --really-all)' return 0 fi if [ x"$1" = x ]; then [ -z "$quiet" ] && log_msg_fail "Missing hostname" fi PSQL=`find_path psql` if [ -z "$PSQL" ]; then log_skip 1 $MAXTEST "psql not found"; return 1 else # PGPASSWORD="samhain"; export PGPASSWORD create_pgpass TEST=`psql -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` if [ $? -ne 0 -o -z "$TEST" ]; then log_skip 1 $MAXTEST "psql not default setup" return 1 fi fi # SH_LOCALHOST=$1; export SH_LOCALHOST # DATE=`date '+%Y-%m-%d %T'` # testrun2a_internal # ORIGINAL="DatabaseSeverity=none" REPLACEMENT="DatabaseSeverity=info" ex -s $RCFILE </dev/null fi ${TOP_SRCDIR}/configure ${BUILDOPTS} if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE >/dev/null 2>>test_log if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi CONVERT=`find_path convert` if [ x"$CONVERT" = x ]; then [ -z "$verbose" ] || log_msg_fail "ImageMagick convert not found"; return 1 fi "$CONVERT" --help | grep ImageMagick >/dev/null 2>&1 if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Convert utility is not ImageMagick convert"; return 1 fi "${CONVERT}" +compress stealth_template.jpg stealth_template.ps if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "Converting stealth_template.jpg failed"; return 1 fi $MAKE samhain_stealth >/dev/null 2>>test_log if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "make samhain_stealth"; return 1 fi capacity=`./samhain_stealth -i stealth_template.ps | awk '{ print $7 }'` prep_init check_err $? ${tcount}; errval=$? if [ $errval -eq 0 ]; then prep_testdata check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then prep_testpolicy 1 check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then fill=`cat "${RCFILE}" | wc -c` check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then let "capacity = capacity - fill" >/dev/null let "capacity = capacity - 100" >/dev/null until [ "$capacity" -le 0 ] do echo "###############################" >>"${RCFILE}" let "capacity = capacity - 32" >/dev/null done ./samhain_stealth -s stealth_template.ps "${RCFILE}" >/dev/null check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then cp stealth_template.ps "${RCFILE}" check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_init check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval mod_testdata_1 check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then eval chk_testdata_1 check_err $? ${tcount}; errval=$? fi if [ $testrun1_setup -eq 0 ]; then if [ $errval -eq 0 ]; then run_update check_err $? ${tcount}; errval=$? fi if [ $errval -eq 0 ]; then run_check_after_update check_err $? ${tcount}; errval=$? fi fi if [ $errval -eq 0 ]; then [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; fi return 0 } testrun1a () { log_start "RUN STANDALONE W/STEALTH" # # micro-stealth # #BUILDOPTS="$PREBUILDOPTS --enable-micro-stealth=137"; export BUILDOPTS #testrun_internal CONVERT=`find_path convert` if [ x"$CONVERT" = x ]; then log_skip 1 ${MAXTEST} "ImageMagick convert not found"; return 0 fi BUILDOPTS="$PREBUILDOPTS --enable-stealth=137"; export BUILDOPTS testrun_stealth check_err $? ${tcount}; log_end "RUN STANDALONE W/STEALTH" return 0 } samhain-3.1.0/test/test_ext.c.in0000644000175000017500000000106010026242021013425 00000000000000#include #include #include #include #include #include int main () { char line[256]; int flags; FILE * foo = fopen ("MYPWDIR", "a"); flags = fcntl(STDIN_FILENO, F_GETFL); fcntl(STDIN_FILENO, F_SETFL, flags|O_NONBLOCK); xagain: errno = 0; while (NULL != fgets(line, 255, stdin)) { fprintf (foo, "RECV: %s", line); fflush (foo); } if (ferror(stdin) && errno == EAGAIN) { clearerr(stdin); goto xagain; } fclose(foo); return 0; } samhain-3.1.0/test/testrun_1b.sh0000755000175000017500000003473111573252760013500 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # MAXTEST=7; export MAXTEST LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE testrun1b_modrc () { ORIGINAL="\[EOF\]" REPLACEMENT="\[PortCheck\]" ex -s $RCFILE <>"$RCFILE" echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE" } testrun1b_internal () { BUILDOPTS="$1" # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } # if test -r "Makefile"; then $MAKE distclean >/dev/null >&1 fi # # Bootstrapping # ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; $MAKE > /dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; else [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; return 1 fi # # ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null | \ egrep 'use existing [./[:alnum:]]+ for gpg checksum' >/dev/null # # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi SKIP=`awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' ${SCRIPTDIR}/test.sh` tail -n "+$SKIP" ${SCRIPTDIR}/test.sh >/dev/null 2>&1 if [ $? -eq 0 ]; then tail -n "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ mv "./testrc.gpg.asc" "$RCFILE" else tail "+$SKIP" ${SCRIPTDIR}/test.sh | gunzip -c - 2>/dev/null | tar xf - && \ mv "./testrc.gpg.asc" "$RCFILE" fi if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "extract gpg signed files..."; else [ -z "$quiet" ] && log_msg_fail "extract gpg signed files..."; return 1 fi if test "x$2" = "x"; then : else CONVERT="$2" if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then [ -z "$verbose" ] || log_msg_ok "convert..." "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null else [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg" return 1 fi if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; return 1 fi [ -z "$verbose" ] || log_msg_ok "hide..." ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; return 1 fi mv -f stealth_template.ps "$RCFILE" if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE"; return 1 fi fi rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock ./samhain -t init -p none -l info if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi mv $PW_DIR/.samhain_file.asc $PW_DIR/.samhain_file } testrun1b_nogpg () { BUILDOPTS="$1" # # test standalone compilation # [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } # if test -r "Makefile"; then $MAKE distclean >/dev/null >&1 fi ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null # # if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; $MAKE > /dev/null 2>&1 if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "make..."; else [ -z "$quiet" ] && log_msg_fail "make..."; return 1 fi else [ -z "$quiet" ] && log_msg_fail "configure..."; return 1 fi rm -f ./.samhain_file rm -f ./.samhain_log rm -f ./.samhain_lock cp "${SCRIPTDIR}/testrc_1" "${RCFILE}" if test "x$2" = "xmodrc"; then [ -z "$verbose" ] || log_msg_ok "mod rc..."; testrun1b_modrc fi ./samhain -t init -p none -l info if test x$? = x0; then [ -z "$verbose" ] || log_msg_ok "init..."; else [ -z "$quiet" ] && log_msg_fail "init..."; return 1 fi } do_test_1b () { ./samhain -t check -p none -l info if test x$? = x0; then ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv logfile..."; return 1 fi [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; return 1 fi # tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 2 ]; then [ -z "$verbose" ] || log_msg_fail "/etc"; return 1 fi tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l` if [ $tmp -ne 10 ]; then [ -z "$verbose" ] || log_msg_fail "checking"; return 1 fi egrep "ADDED" $LOGFILE >/dev/null 2>&1 if [ $? -eq 0 ]; then [ -z "$verbose" ] || log_msg_fail "init was incomplete"; return 1 fi # return 0 } do_test_1b_2 () { rm -f $PW_DIR/test_log_prelude [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & PID=$! five_sec_sleep ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null if test x$? = x0; then ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" if [ $? -ne 0 ]; then [ -z "$quiet" ] && log_msg_fail "mv logfile..."; kill $PID return 1 fi [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; kill $PID return 1 fi # tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "/etc"; kill $PID return 1 fi tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "checking"; kill $PID return 1 fi # if test "x$2" = "xmodrc"; then tmp=`egrep 'Classification text: Service opened' test_log_prelude 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "service"; kill $PID return 1 fi tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; kill $PID return 1 fi fi # kill $PID return 0 } testrun1b () { log_start "RUN STANDALONE W/STEALTH W/GPG" GPG=`find_path gpg` if [ -z "$GPG" ]; then log_skip 1 $MAXTEST 'gpg not found in $PATH' log_skip 2 $MAXTEST 'gpg not found in $PATH' log_skip 3 $MAXTEST 'gpg not found in $PATH' log_skip 4 $MAXTEST 'gpg not found in $PATH' log_skip 5 $MAXTEST 'gpg not found in $PATH' log_skip 6 $MAXTEST 'gpg not found in $PATH' log_skip 7 $MAXTEST 'gpg not found in $PATH' else eval "$GPG" --list-keys 0F571F6C >/dev/null 2>/dev/null if [ $? -ne 0 ]; then log_skip 1 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 2 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 3 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 4 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 5 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 6 $MAXTEST 'public PGP key 0x0F571F6C not present' log_skip 7 $MAXTEST 'public PGP key 0x0F571F6C not present' else # # ------------- first test ------------- # BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_internal "${BUILDOPTS}" do_test_1b if [ $? -eq 0 ]; then log_ok 1 $MAXTEST 'gpg signed config/database files' else log_fail 1 $MAXTEST 'gpg signed config/database files' fi # # ------------- second test ------------- # BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_internal "${BUILDOPTS}" do_test_1b if [ $? -eq 0 ]; then log_ok 2 $MAXTEST 'gpg signed config/database files' else log_fail 2 $MAXTEST 'gpg signed config/database files' fi # # ------------- third test ------------- # BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --with-fp=EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_internal "${BUILDOPTS}" do_test_1b if [ $? -eq 0 ]; then log_ok 3 $MAXTEST 'gpg signed config/database files' else log_fail 3 $MAXTEST 'gpg signed config/database files' fi # # ------------- fourth test ------------- # PRECONV=`find_path convert` "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \ CONVERT="${PRECONV}" if [ -z "$CONVERT" ]; then log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH' else BUILDOPTS="--quiet $TRUST --enable-debug --with-gpg=${GPG} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_internal "${BUILDOPTS}" "$CONVERT" do_test_1b if [ $? -eq 0 ]; then log_ok 4 $MAXTEST 'gpg signed config/database files' else log_fail 4 $MAXTEST 'gpg signed config/database files' fi fi # # ------------- fifth test ------------- # if ! test -d /var/run/prelude-manager then [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; sudo mkdir /var/run/prelude-manager sudo chown prelude:rainer /var/run/prelude-manager sudo chmod 770 /var/run/prelude-manager fi # PM=`find_path prelude-manager` if [ -z "$PM" ]; then log_skip 5 $MAXTEST 'prelude-manager not found in $PATH' elif [ -z "$doall" ]; then log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' else BUILDOPTS="--quiet $TRUST --enable-debug --with-prelude --with-gpg=${GPG} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_internal "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" do_test_1b_2 if [ $? -eq 0 ]; then log_ok 5 $MAXTEST 'logging to prelude' else log_fail 5 $MAXTEST 'logging to prelude' fi fi # # ------------- sixth test ------------- # if ! test -d /var/run/prelude-manager then [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; sudo mkdir /var/run/prelude-manager sudo chown prelude:rainer /var/run/prelude-manager sudo chmod 770 /var/run/prelude-manager fi # PM=`find_path prelude-manager` if [ -z "$PM" ]; then log_skip 6 $MAXTEST 'prelude-manager not found in $PATH' elif [ -z "$doall" ]; then log_skip 6 $MAXTEST 'logging to prelude (or use --really-all)' else BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" do_test_1b_2 if [ $? -eq 0 ]; then log_ok 6 $MAXTEST 'logging to prelude' else log_fail 6 $MAXTEST 'logging to prelude' fi fi # # ------------- seventh test ----------- # if ! test -d /var/run/prelude-manager then [ -z "$verbose" ] || log_msg_ok "create /var/run/prelude-manager..."; sudo mkdir /var/run/prelude-manager sudo chown prelude:rainer /var/run/prelude-manager sudo chmod 770 /var/run/prelude-manager fi # PM=`find_path prelude-manager` if [ -z "$PM" ]; then log_skip 7 $MAXTEST 'prelude-manager not found in $PATH' elif [ -z "$doall" ]; then log_skip 7 $MAXTEST 'logging to prelude (or use --really-all)' else BUILDOPTS="--quiet $TRUST --with-prelude --enable-login-watch --enable-mounts-check --enable-process-check --enable-port-check --enable-suidcheck --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" testrun1b_nogpg "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1" "modrc" do_test_1b_2 if [ $? -eq 0 ]; then log_ok 7 $MAXTEST 'logging to prelude' else log_fail 7 $MAXTEST 'logging to prelude' fi fi fi fi log_end "RUN STANDALONE W/STEALTH W/GPG" return 0 } samhain-3.1.0/test/testtiger.txt0000644000175000017500000000234210026242021013574 00000000000000Test results of the TIGER hash algorithm (use samhain -H string to test) string=<>, hash=<24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A> string=, hash= string=, hash=<9F00F599072300DD276ABB38C8EB6DEC37790C116F9D2BDF> string=, hash=<87FB2A9083851CF7470D2CF810E6DF9EB586445034A5A386> string=, hash=<467DB80863EBCE488DF1CD1261655DE957896565975F9197> string=, hash=<0C410A042968868A1671DA5A3FD29A725EC1E457D3CDB303> string=, hash= string=, hash=<3D9AEB03D1BD1A6357B2774DFD6D5B24DD68151D503974FC> string=, hash=<00B83EB4E53440C576AC6AAEE0A7485825FD15E70A59FFE4> samhain-3.1.0/test/test.sh0000755000175000017500000004660111571451430012361 00000000000000#! /bin/sh # # Copyright Rainer Wichmann (2006) # # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # ----------------------------------------------------------------------- # Be Bourne compatible # ----------------------------------------------------------------------- if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then set -o posix fi # ----------------------------------------------------------------------- # Make sure we support functions (from the autoconf manual) # ----------------------------------------------------------------------- TSHELL="${TSHELL-/bin/sh}" if test x"$1" = "x--re-executed" then shift elif "$TSHELL" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 then : else for cmd in sh bash ash bsh ksh zsh sh5; do X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; OLD_IFS=${IFS} IFS=':'; export IFS for dir in $X; do shell="$dir/$cmd" if (test -f "$shell" || test -f "$shell.exe") then if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 then TSHELL="$shell"; export TSHELL IFS=${OLD_IFS}; export IFS exec "$shell" "$0" --re-executed ${1+"$@"} fi fi done IFS=${OLD_IFS}; export IFS done echo "-----------------------------------------------------------------" echo "ERROR: Unable to locate a shell interpreter with function support" >&2 echo "-----------------------------------------------------------------" { (exit 1); exit 1; } fi # ----------------------------------------------------------------------- # Make sure we support 'let' (from the autoconf manual) # ----------------------------------------------------------------------- TSHELL="${TSHELL-/bin/sh}" if test x"$1" = "x--re-run" then shift elif "$TSHELL" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 then : else for cmd in sh bash ash bsh ksh zsh sh5; do X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; OLD_IFS=${IFS} IFS=':'; export IFS for dir in $X; do shell="$dir/$cmd" if (test -f "$shell" || test -f "$shell.exe") then if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 then if "$shell" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 then TSHELL="$shell"; export TSHELL IFS=${OLD_IFS}; export IFS exec "$shell" "$0" --re-run ${1+"$@"} fi fi fi done IFS=${OLD_IFS}; export IFS done echo "-----------------------------------------------------------------" echo "ERROR: Unable to locate a shell interpreter with support for 'let'" >&2 echo "-----------------------------------------------------------------" { (exit 1); exit 1; } fi umask 0022 isok=`test -t 1 2>&1 | wc -c` if [ "$isok" -eq 0 ]; then test -t 1 isok=$? fi # The following two are the ANSI sequences for start and end embolden if [ x"$isok" = x0 ]; then case $TERM in vt*|ansi*|con*|xterm*|linux*|screen*|rxvt*) S='' R= G= B= E= ;; *) S= R= G= B= E= ;; esac fi usage() { echo "test.sh [options] [hostname]" echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [-n|--no-cleanup]" echo " [--srcdir=top_srcdir] [--color=always|never|auto]" echo echo " ${S}test.sh 1${E} -- Compile with many different options" echo " ${S}test.sh 2${E} -- Hash function (testrc_1)" echo " ${S}test.sh 3${E} -- Standalone init/check" echo " ${S}test.sh 4${E} -- Microstealth init/check" echo " ${S}test.sh 5${E} -- External program call (testrc_1ext.in)" echo " ${S}test.sh 6${E} -- Controlling the daemon" echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" echo " ${S}test.sh 8${E} -- Suidcheck" echo " ${S}test.sh 9${E} -- Process check" echo " ${S}test.sh 10${E} -- Port check" echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" echo " ${S}test.sh 22${E} -- Test full c/s w/gpg (testrc_2.in)" echo " ${S}test.sh 23${E} -- Test full c/s w/mysql (testrc_2.in)" echo " ${S}test.sh 24${E} -- Test full c/s w/postgres (testrc_2.in)" echo " ${S}test.sh all${E} -- All tests" } scripts () { echo echo "Scripts used by tests:" echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" echo " (9) testrun_1d.sh (10) testrun_1e.sh" echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" echo " (24) testrun_2d.sh" } # # Option parsing # verbose= quiet= stoponerr= color=auto cleanup=on doall= usevalgrind= while [ $# -gt 0 ] do case "$1" in -h|--help) usage; exit 0;; --scripts) usage; scripts; exit 0;; -v|--verbose) verbose=on; quiet= ;; -q|--quiet) quiet=on; verbose= ;; -s|--stoponerr) stoponerr=on;; -n|--no-cleanup) cleanup= ;; --really-all) doall=on;; --valgrind) usevalgrind=on;; --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; --color=*) arg=`echo $1 | sed s,--color=,,` case $arg in auto) ;; never|none|no) S= R= G= B= E= ;; always|yes) S='' R= G= G= E= ;; *) echo "Invalid argument $1"; exit 1;; esac ;; -*) echo "Invalid argument $1"; exit 1;; *) break;; esac shift done export verbose export quiet export stoponerr export cleanup export doall export S; export R; export G; export B; export E; SCRIPTDIR=. # # 'make test' will copy the 'test' subdirectory and replace TEST_SRCDIR # TEST_SRCDIR="XXXSRCXXX"; if test "x${TOP_SRCDIR}" = x; then # not within source tree, and not called with 'make testN' if test -f "${TEST_SRCDIR}/src/samhain.c"; then TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR if test -f test/testcompile.sh; then SCRIPTDIR=test fi # not within source tree, not called by 'make', and in 'test' subdir elif test -f "../${TEST_SRCDIR}/src/samhain.c"; then cd .. SCRIPTDIR=test TOP_SRCDIR="${TEST_SRCDIR}"; export TOP_SRCDIR # within source tree, and not called with 'make testN' else if test -f ../src/samhain.c; then cd .. SCRIPTDIR=test TOP_SRCDIR=. export TOP_SRCDIR elif test -f ./src/samhain.c; then SCRIPTDIR=test TOP_SRCDIR=. export TOP_SRCDIR else echo "Please use --srcdir=DIR, where DIR should be the" echo "top directory in the samhain source tree." exit 1 fi fi else # called by make, or with --srcdir=TOP_SRCDIR if test -f "${TOP_SRCDIR}/src/samhain.c"; then SCRIPTDIR="${TOP_SRCDIR}/test" elif test -f "../${TOP_SRCDIR}/src/samhain.c"; then cd ..; SCRIPTDIR="${TOP_SRCDIR}/test" else echo "Please use --srcdir=DIR, where DIR should be the" echo "top directory in the samhain source tree." exit 1 fi fi export SCRIPTDIR PW_DIR=`pwd`; export PW_DIR # # group/world writeable will cause problems # chmod go-w . # # # if test x$UID != x -a x$UID != x0; then TRUST="--with-trusted=0,2,$UID" else TRUST="--with-trusted=0,2,1000" fi export TRUST # # find a good 'make' # MAKE=`which gmake` if test "x$?" = x1 ; then MAKE="make -s -j 3" else MAKE=`which gmake | sed -e "s%\([a-z:]\) .*%\1%g"` if test "x$MAKE" = x; then MAKE="make -s" elif test "x$MAKE" = xno; then MAKE="make -s" else if test "x$MAKE" = "xwhich:"; then MAKE="make -s" else MAKE="gmake -s" gmake -v >/dev/null 2>&1 || MAKE="make -s" fi fi fi export MAKE failcount=0 okcount=0 skipcount=0 global_count=0 last_count=0 # args: #test, #total, status, optional msg log_msg () { if [ x"$COLUMNS" != x ]; then TERMWIDTH=$COLUMNS elif [ x"$COLS" != x ]; then TERMWIDTH=$COLS else TERMWIDTH=80 fi cols=66; # if [ $1 -eq 0 ]; then msg=" ${4}" else if [ ${1} -eq 1 ]; then global_count=${last_count} fi let "v = $1 + global_count" >/dev/null last_count=${v} dd=''; if [ $v -lt 10 ]; then dd=" "; fi dt=''; if [ $2 -lt 10 ]; then dt=" "; fi if [ -z "$4" ]; then msg=" test ${dd}${v}/${dt}${2}" else msg=" test ${dd}${v}/${dt}${2} ${4}" fi fi # if [ x"$3" = xfailure ]; then ccode=$R elif [ x"$3" = xsuccess ]; then ccode=$G else ccode=$B fi if [ -z "${R}" ]; then echo " [${3}] ${msg}" else # len=${#...} is not bourne shell # also, need to account for terminal control sequences len=`echo "$msg" | awk '/1;30m/ { print length()-10; }; !/1;30m/ { print length();}'` let "cols = cols - len" >/dev/null if [ $cols -ge 0 ]; then moveto='['$cols'C' echo "${msg}${moveto}${ccode}[${3}]${E}" else echo "${msg}${ccode}[${3}]${E}" fi fi } log_fail () { [ -z "$quiet" ] && log_msg "$1" "$2" failure "$3"; let "failcount = failcount + 1" >/dev/null; test -z "$stoponerr" || exit 1; } log_ok () { [ -z "$quiet" ] && log_msg "$1" "$2" success "$3"; let "okcount = okcount + 1" >/dev/null; } log_skip () { [ -z "$quiet" ] && log_msg "$1" "$2" skipped "$3"; let "skipcount = skipcount + 1" >/dev/null; } log_msg_fail () { log_msg 0 0 failure "$1"; } log_msg_ok () { log_msg 0 0 success "$1"; } log_msg_skip () { log_msg 0 0 skipped "$1"; } log_start () { if [ -z "$quiet" ]; then echo; echo "${S}__ START TEST ${1} __${E}"; echo; fi } log_end () { if [ -n "$verbose" ]; then echo; echo "${S}__ END TEST ${1} __${E}"; echo; fi } # This looks silly, but with solaris10/i386 on vmware, # 'sleep' occasionally does not sleep... one_sec_sleep () { onesdate=`date` onestest=0 while [ $onestest -eq 0 ]; do sleep 1 twosdate=`date` if [ "x$twosdate" = "x$onesdate" ]; then onestest=0 else onestest=1 fi done } five_sec_sleep () { for f in 1 2 3 4 5; do one_sec_sleep done } do_cleanup () { rm -f testrc_1.dyn rm -f testrc_2 rm -f testrc_22 rm -f testrc_1ext rm -f ./.samhain_file rm -f ./.samhain_log* rm -f ./.samhain_lock* test -d testrun_testdata && chmod -f -R 0700 testrun_testdata test -d .quarantine && rm -rf .quarantine rm -rf testrun_testdata rm -f test_log_db rm -f test_log_prelude rm -f test_log_valgrind* rm -f test_log_yulectl rm -f yule.html rm -f yule.html2 rm -f test_dnmalloc } print_summary () { # let "gcount = okcount + skipcount + failcount" >/dev/null; gcount=$MAXTEST; let "failcount = gcount - okcount - skipcount" >/dev/null; [ -z "$quiet" ] && { echo echo "__ ${S}Tests: ${gcount} Ok: ${okcount} Skipped: ${skipcount} Failed: ${failcount}${E}" } if [ $failcount -eq 0 ]; then [ -z "$quiet" ] && { echo "__ ${G}All tests passed successfully.${E}"; echo; } elif [ $failcount -eq 1 ]; then [ -z "$quiet" ] && { echo "__ ${R}There was 1 failure.${E}"; echo; } else [ -z "$quiet" ] && { echo "__ ${R}There were $failcount failures.${E}"; echo; } fi [ -z "$cleanup" ] || do_cleanup; } find_path () { ( save_IFS=$IFS; IFS=: for dir in $PATH; do IFS=$as_save_IFS test -z "$dir" && dir=. if test -f "$dir/$1"; then echo "$dir/$1"; break; fi done IFS=${save_IFS}; ); } find_hostname () { uname -a | grep Linux >/dev/null if [ $? -eq 0 ]; then tmp=`hostname -f 2>/dev/null` if [ $? -ne 0 ]; then tmp=`hostname 2>/dev/null` fi else tmp=`hostname 2>/dev/null` fi if [ -z "$tmp" ]; then tmp="localhost" fi # # first one is hostname, others are aliases # tmp2=`cat /etc/hosts | egrep "^ *[0123456789].* $tmp" | awk '{ print $2 }'` if [ -z "$tmp2" ]; then echo "$tmp" else echo "$tmp2" fi } rm -f ./test_log # first one is hostname, others are aliases # hostname=`cat /etc/hosts | egrep "^ *127.0.0.1" | awk '{ print $2 }'` if [ x"$hostname" = xlocalhost ]; then hostname="127.0.0.1" fi # Seems that 'valgrind' causes random hangs :-( # if [ -z "$usevalgrind" ]; then VALGRIND= else VALGRIND=`find_path valgrind`; fi [ -z "$VALGRIND" ] || { VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp"; export VALGRIND; [ -z "$verbose" ] || log_msg_ok "using valgrind" cat > ".test.supp" </dev/null . ${SCRIPTDIR}/testhash.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1a.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testext.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testtimesrv.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1b.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1c.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1d.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1e.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2a.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2b.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2c.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2d.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null # # ${SCRIPTDIR}/testtimesrv.sh # ${SCRIPTDIR}/testrun_1b.sh # ${SCRIPTDIR}/testrun_2.sh $2 # ${SCRIPTDIR}/testrun_2a.sh $2 # MAXTEST=${TEST_MAX}; export MAXTEST testcompile testhash # . ${SCRIPTDIR}/testrun_1.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1 # . ${SCRIPTDIR}/testrun_1a.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1a # testext0 # . ${SCRIPTDIR}/testtimesrv.sh MAXTEST=${TEST_MAX}; export MAXTEST testtime0 # . ${SCRIPTDIR}/testrun_1b.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1b # . ${SCRIPTDIR}/testrun_1.sh . ${SCRIPTDIR}/testrun_1c.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1c # . ${SCRIPTDIR}/testrun_1.sh . ${SCRIPTDIR}/testrun_1d.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1d # . ${SCRIPTDIR}/testrun_1.sh . ${SCRIPTDIR}/testrun_1e.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun1e # . ${SCRIPTDIR}/testrun_2.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2 $hostname # . ${SCRIPTDIR}/testrun_2a.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2a $hostname # . ${SCRIPTDIR}/testrun_2b.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2b $hostname # . ${SCRIPTDIR}/testrun_2c.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2c $hostname # . ${SCRIPTDIR}/testrun_2d.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2d $hostname # print_summary exit 0 fi usage; exit 1; # gpg -a --clearsign --not-dash-escaped testrc.gpg # gpg -a --clearsign --not-dash-escaped .samhain_file # tar czvf foo.tgz testrc.gpg.asc .samhain_file.asc # cat foo.tgz >>test/test.sh __ARCHIVE_FOLLOWS__ DoDǽ UbN\'8*:IӔJp-єBU!o2M z&f/#gGa%7U$ĉHU{ڨ $M۪.4ϛ3!39Τdn2;3.]zq.~7q\m<o'q&)+:2L|apa!(-aDp% Rd3K "Z' JO,JAIF$H CdGPCi1YVTF$ P74yi iG( LgeS։zGLd{Egi:K9%ikIє98r&-px\S'4no i0QѸc]_PUlCs?$T(*&+1e:`&VdE=ouyhcu1׏6W4ChTA/ ]n1P2kbCԁw!: 2I*"B~F@ݮ= .np ]GhsM]))z{(✸] NUiK'|p4{޹GCV}tE4wX0 )XDU n >s[:^{x^gBx1O:_y>^OE,>/G)7ٳ.>>>[p.|C'.(|u;.&;[?X\9fr ݧnNZfѶR]bزT5:FTkڭ]Q79끨ǭ(h|Ѩ(\b}xPjVZa7JŲJrb[TfV+TߏN$u?O߾p&hj ҴN˲[ZU/*]?,*AZXVn7;É:=cgrRZS\%c7{I`n+ D@MBgEa-^|7EgdF8(FdLOɄ `0 `0 `0 Fs(( samhain-3.1.0/rules.deb-light.in0000644000175000017500000000615212100460734013375 00000000000000#!/usr/bin/make -f # Samhain debian/rules # GNU copyright 20001 to 2003 by Javier Fernandez-Sanguino # based on # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Modified to use mydefargs by Rainer Wichmann. # # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # This is the debhelper compatability version to use. export DH_COMPAT=4 package=@install_name@ # CAVEAT: including the --enable-base= option is for packages to be # distributed INTERNALLY on your network, NOT for packages # to be distributed to THIRD PARTIES build: build-stamp build-stamp: dh_testdir @top_srcdir@/configure @mydefargs@ $(MAKE) echo '#!/bin/sh' > ./sstrip echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip if ! test x$(PASSWORD) = x; then \ if test -f samhain_setpwd; then \ ./samhain_setpwd samhain new $(PASSWORD); \ rm samhain; \ mv samhain.new samhain; \ fi; \ fi touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp -[ -f Makefile ] && $(MAKE) distclean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/@install_name@ # $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/tmp # However, remove the rc.d links -rm -rf `pwd`/debian/tmp/etc/rc?.d # Remove samhain_stealth for light install -rm -f `pwd`/debian/tmp/@sbindir@/@install_name@_stealth # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install # dh_testversion dh_testdir dh_testroot dh_installdebconf # dh_installdocs dh_installmenu dh_installinit -- defaults 19 [ -f debian/@install_name@.postinst.debhelper ] && \ cd debian && \ cat @install_name@.postinst.debhelper | \ sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ mv postinst.tmp @install_name@.postinst.debhelper [ -f debian/@install_name@.postinst.debhelper ] && \ cd debian && \ cat @install_name@.postinst.debhelper | \ sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ mv postinst.tmp @install_name@.postinst.debhelper [ -f debian/@install_name@.prerm.debhelper ] && \ cd debian && \ cat @install_name@.prerm.debhelper | \ sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ mv prerm.tmp @install_name@.prerm.debhelper [ -f debian/@install_name@.prerm.debhelper ] && \ cd debian && \ cat @install_name@.prerm.debhelper | \ sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ mv prerm.tmp @install_name@.prerm.debhelper # dh_installmanpages # dh_installchangelogs @top_srcdir@/docs/Changelog dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb define checkdir test -f debian/rules endef binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install samhain-3.1.0/stamp-hdep0000644000175000017500000000001212234417464012041 00000000000000timestamp samhain-3.1.0/depend.sum0000644000175000017500000000001312234417464012042 000000000000003369499701 samhain-3.1.0/acconfig.h0000644000175000017500000002720511457062344012012 00000000000000 #ifndef CONFIG_H #define CONFIG_H @TOP@ /* ---- compile options ------------ */ /* Define if you want database support */ #undef WITH_DATABASE /* Define if the database is unixODBC */ #undef WITH_ODBC /* Define if the database is oracle */ #undef WITH_ORACLE /* Define if the database is mysql */ #undef WITH_MYSQL /* Define if the database is postgresql */ #undef WITH_POSTGRES /* Define if the server may listen on 514/udp */ #undef INET_SYSLOG /* Define if you want logfile in XML format */ #undef SH_USE_XML /* Define if you want external programs. */ #undef WITH_EXTERNAL /* Define if you want to reload the database */ /* on SIGHUP. */ #undef RELOAD_DATABASE /* Define if you want SysV message queue. */ #undef WITH_MESSAGE_QUEUE /* Define the mode of the message queue. */ #undef MESSAGE_QUEUE_MODE /* Define which users are always trusted. */ /* default = 0 ( = root) */ #undef SL_ALWAYS_TRUSTED /* Define if you want network time. */ /* default = no */ #undef HAVE_NTIME /* The time server host address. */ /* default = "NULL" */ #undef DEFAULT_TIMESERVER #undef ALT_TIMESERVER /* Define if you want to use the mail code. */ /* default = yes */ #undef SH_WITH_MAIL /* Define if you want client/server encryption*/ #undef SH_ENCRYPT /* Define if you want version 2 encryption */ #undef SH_ENCRYPT_2 /* Define if you want to watch for login/-out.*/ /* default = no */ #undef SH_USE_UTMP /* Define if you want to check mount options on filesystems */ /* default = no */ #undef SH_USE_MOUNTS /* Define if you want to keep an eye on */ /* sensitive files that your users own */ #undef SH_USE_USERFILES /* Define if you want to watch for suid/sgid */ /* files */ #undef SH_USE_SUIDCHK /* Define if you want to check kernel syscall */ /* table to detect LKM rootkits. */ /* default = no */ #undef SH_USE_KERN /* Define if you want to use the Kernel */ /* module to hide samhain. */ #undef SH_USE_LKM /* Define if you have a vanilla Kernel */ /* (2.4 or 2.2) */ #undef SH_VANILLA_KERNEL /* Define to the name of the MAGIC_HIDE */ /* string if you use the Kernel module to */ /* hide samhain. */ #undef SH_MAGIC_HIDE /* Define if you want 'micro' stealth mode. */ /* default = no */ #undef SH_STEALTH_MICRO /* Define if you want to use stealth mode. */ /* default = no */ #undef SH_STEALTH /* Define if you want stealth w/o CL parsing. */ /* default = no */ #undef SH_STEALTH_NOCL /* The magic argv[1] to re-enable CL parsing. */ /* default = "yes" */ #undef NOCL_CODE /* XOR value to hide literal strings. */ /* default = 0 */ #undef XOR_CODE /* The port number for TCP/IP connection. */ /* default = 49777 */ #undef SH_DEFAULT_PORT /* The identity to assume when dropping root */ /* default = "nobody" */ #undef DEFAULT_IDENT /* Directory for tmp files */ #undef SH_TMPDIR /* The data root directory. */ /* default="/var/lib/samhain" */ #undef DEFAULT_DATAROOT /* The quarantine directory. */ /* default="/var/lib/samhain/.quarantine */ #undef DEFAULT_QDIR /* The location of the log file. */ /* default="/var/log/samhain_log" */ #undef DEFAULT_ERRFILE /* The directory of the log file. */ /* default="/var/log" */ #undef DEFAULT_LOGDIR /* The location of the pid file. */ /* default="/var/run/samhain.pid" */ #undef DEFAULT_ERRLOCK /* The location of the pid file directory. */ /* default="/var/run " */ #undef DEFAULT_PIDDIR /* The location of the configuration file. */ /* default="/etc/samhainrc" */ #undef DEFAULT_CONFIGFILE /* The location of the checksum data. */ /* default="/var/lib/samhain/samhain_file" */ #undef DEFAULT_DATA_FILE /* The location of the html report. */ /* default="/var/log/.samhain.html" */ #undef DEFAULT_HTML_FILE /* The install directory. */ /* default="/usr/local/sbin" */ #undef SH_INSTALL_DIR /* The install path. */ /* default="/usr/local/sbin/samhain" */ #undef SH_INSTALL_PATH #undef SH_INSTALL_YULE_PATH /* The install name. */ /* default="samhain" */ #undef SH_INSTALL_NAME /* The sender name to use. */ /* default = "daemon" */ #undef DEFAULT_SENDER /* The address to send mail to. */ /* default = "NULL" */ #undef DEFAULT_MAILADDRESS #undef ALT_MAILADDRESS /* The log server. */ /* default = "NULL" */ #undef DEFAULT_LOGSERVER #undef ALT_LOGSERVER /* The console. */ /* default = "NULL" */ #undef DEFAULT_CONSOLE #undef ALT_CONSOLE /* The default base for one-time pads. */ /* default = compile_time,compile_time */ #undef DEFKEY /* Define if you want more debug options. */ /* default = no */ #undef MEM_DEBUG /* Define if you want more debug output. */ /* default = no */ #undef WITH_TPT /* Define if you want tracing. */ /* default = no */ #undef WITH_TRACE /* Define if you want slib debug. */ /* default = no */ #undef SL_DEBUG /* Define if you want slib to abort on errors.*/ /* default = no */ #undef SL_FAIL_ON_ERROR /* Define if you want to use SRP authenticaton*/ #undef USE_SRP_PROTOCOL /* Define if you want to use GnuPG to */ /* verify database and configuation file. */ #undef WITH_GPG /* The full path to GnuPG */ #undef DEFAULT_GPG_PATH /* Define if using the gpg/pgp checksum. */ #undef HAVE_GPG_CHECKSUM /* The tiger checksum of the gpg/pgp binary. */ #undef GPG_HASH /* Define if you want to compile in the */ /* public key fingerprint. */ #undef USE_FINGERPRINT /* The public key fingerprint. */ #undef SH_GPG_FP /* Use ptrace - screw up signal handling. */ #undef SCREW_IT_UP /* ---- misc ------------ */ /* Define the package name. */ #undef PACKAGE /* Define the package version. */ #undef VERSION /* Define to the position of the key (1...8). */ #undef POS_TF /* Init key for exepack. */ #undef EXEPACK_STATE_0 #undef EXEPACK_STATE_1 #undef EXEPACK_STATE_2 /* ---- system-specific options ------------ */ /* Define to the address of sys_call_table */ #undef SH_SYSCALLTABLE /* Define to use SVR4 statvfs to get filesystem type. */ #undef FSTYPE_STATVFS /* Define to use SVR3.2 statfs to get filesystem type. */ #undef FSTYPE_USG_STATFS /* Define to use AIX3 statfs to get filesystem type. */ #undef FSTYPE_AIX_STATFS /* Define to use 4.3BSD getmntent to get filesystem type. */ #undef FSTYPE_MNTENT /* Define to use 4.4BSD and OSF1 statfs to get filesystem type. */ #undef FSTYPE_STATFS /* Define to use Ultrix getmnt to get filesystem type. */ #undef FSTYPE_GETMNT /* the basic type to which we can cast a uid */ #undef UID_CAST /* for ext2fs flags */ #undef HAVE_EXT2_IOCTLS #undef HAVE_STAT_FLAGS /* obvious */ #undef HOST_IS_LINUX #undef HOST_IS_I86LINUX /* obvious */ #undef HOST_IS_CYGWIN /* obvious */ #undef HOST_IS_DARWIN /* obvious */ #undef HOST_IS_FREEBSD /* obvious */ #undef HOST_IS_AIX /* obvious */ #undef HOST_IS_SOLARIS /* obvious */ #undef HOST_IS_I86SOLARIS /* obvious */ #undef HOST_IS_HPUX /* Define to the name of the random devices. */ #undef NAME_OF_DEV_RANDOM #undef NAME_OF_DEV_URANDOM /* Define if you have long long. */ #undef HAVE_LONG_LONG /* Define if short is 32 bits. */ #undef HAVE_SHORT_32 /* Define if int is 32 bits. */ #undef HAVE_INT_32 /* Define if long is 32 bits. */ #undef HAVE_LONG_32 /* Define if long is 64 bits. */ #undef HAVE_LONG_64 /* Define if UINT64 is 32 bits. */ #undef UINT64_IS_32 /* Define if you have uint64_t. */ #undef HAVE_UINT16_T /* Define if you have uint64_t. */ #undef HAVE_UINT64_T /* Define if you have utmpx.h. */ #undef HAVE_UTMPX_H /* Define if your struct utmpx has ut_xtime. */ #undef HAVE_UTXTIME /* Define if your struct utmp has ut_type. */ #undef HAVE_UTTYPE /* Define if your struct utmp has ut_host. */ #undef HAVE_UTHOST /* Define if your struct utmp has ut_addr. */ #undef HAVE_UTADDR /* Define if your struct utmp has ut_addr_v6 */ #undef HAVE_UTADDR_V6 /* Define if your includes are broken. */ #undef HAVE_BROKEN_INCLUDES /* Define if your getcwd uses 'popen'. */ #undef HAVE_BROKEN_GETCWD /* Define if your vsnprintf is broken. */ #undef HAVE_BROKEN_VSNPRINTF /* Define if you have va_copy. */ #undef VA_COPY /* Define if va_list may be copied as array. */ #undef VA_COPY_AS_ARRAY /* Define if you need unix entropy gatherer. */ #undef HAVE_UNIX_RANDOM /* Define if you have EGD. */ #undef HAVE_EGD_RANDOM /* Define if you have /dev/random. */ #undef HAVE_URANDOM /* Soket name for EGD. */ #undef EGD_SOCKET_NAME /* Define if your mlock() is broken. */ #undef HAVE_BROKEN_MLOCK /* Define the proc f_type. */ #undef SH_PROC_MAGIC /* Define if you have statfs. */ #undef HAVE_STATFS /* Define if statfs works. */ #undef STATFS_WORKS /* Define to long if not defined. */ #undef ptrdiff_t @BOTTOM@ /* dont modify this, unless you know what you do */ #define SRP_GENERATOR_1024 "2" #define SRP_MODULUS_1024_1 \ _("f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6") #define SRP_MODULUS_1024_2 \ _("f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212c") #define SRP_MODULUS_1024_3 \ _("b52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fab") #define SRP_MODULUS_1024_4 \ _("d00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7") #define SDG_0RETU _("return.\n") #define SDG_TERRO _("ERROR: file=<%s>, line=<%d>, reason=<%s>\n") #define SDG_AERRO _("ERROR: file=<%s>, line=<%d>, failed_assertion=<%s>\n") #define SDG_AFAIL _("FAILED: file=<%s>, line=<%d>, assertion=<%s>\n") #define SDG_ENTER _("enter=<%s>\n") #define SDG_RETUR _("return=<%s>.\n") #define SDG_ERROR _("error=<%ld>.\n") #ifdef SH_STEALTH char * globber(const char * string); #define _(string) globber(string) #define N_(string) string #else #define _(string) string #define N_(string) string #endif #endif samhain-3.1.0/src/0000755000175000017500000000000012234556154010732 500000000000000samhain-3.1.0/src/cutest_sh_utils.c0000644000175000017500000003464112233202364014235 00000000000000 #include "config_xor.h" #include #include "CuTest.h" #include "samhain.h" #include "sh_utils.h" void Test_sl_strlcpy (CuTest *tc) { int ret; char out[] = "aaaaaa"; char in[] = "bbb"; ret = sl_strlcpy (NULL, NULL, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcpy (NULL, in, 0); CuAssertIntEquals(tc, ret, SL_ENULL); ret = sl_strlcpy (out, NULL, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcpy (out, in, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcpy (out, NULL, 7); CuAssertIntEquals(tc, ret, SL_ENONE); CuAssertStrEquals(tc, "", out); out[0] = 'a'; ret = sl_strlcpy (out, in, 4); CuAssertIntEquals(tc, ret, SL_ENONE); CuAssertStrEquals(tc, "bbb", out); CuAssertStrEquals(tc, "aa", &out[4]); return; } void Test_sl_strlcat (CuTest *tc) { int ret; char out[16] = "aaaaaa"; char in[16] = "bbb"; ret = sl_strlcat (NULL, NULL, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcat (NULL, in, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcat (out, NULL, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcat (out, in, 0); CuAssertIntEquals(tc, ret, SL_ENONE); ret = sl_strlcat (out, NULL, sizeof(out)); CuAssertIntEquals(tc, ret, SL_ENONE); CuAssertStrEquals(tc, "aaaaaa", out); ret = sl_strlcat (out, in, 7); CuAssertIntEquals(tc, ret, SL_ETRUNC); CuAssertStrEquals(tc, "aaaaaa", out); ret = sl_strlcat (out, in, 8); CuAssertIntEquals(tc, ret, SL_ETRUNC); CuAssertStrEquals(tc, "aaaaaab", out); ret = sl_strlcat (out, in, sizeof(out)); CuAssertIntEquals(tc, ret, SL_ENONE); CuAssertStrEquals(tc, "aaaaaabbbb", out); CuAssertStrEquals(tc, "bbb", in); return; } void Test_sh_util_acl_compact (CuTest *tc) { char * ret = 0; char inp1[] = "user::r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; char inp2[] = "use\n\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; char inp3[] = "user:\177\145\177\122:r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; ret = sh_util_acl_compact (inp1, strlen(inp1)); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "u::r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", ret); ret = sh_util_acl_compact (inp2, strlen(inp2)); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "use,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", ret); ret = sh_util_acl_compact (inp3, strlen(inp3)); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "u:eR:r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", ret); return; } void Test_sh_util_strdup_ok (CuTest *tc) { char * ret = 0; char inp[] = "foobar"; ret = sh_util_strdup(inp); CuAssertPtrNotNull(tc, ret); CuAssert(tc, "expected inp != ret, but inp == ret", (inp != ret)); CuAssertStrEquals(tc, "foobar", ret); return; } void Test_sh_util_strconcat_ok (CuTest *tc) { char * ret = 0; ret = sh_util_strconcat("foo", NULL); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "foo", ret); ret = sh_util_strconcat("foo", "bar", NULL); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "foobar", ret); ret = sh_util_strconcat("/", "foo", "/", "bar", NULL); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, "/foo/bar", ret); return; } void Test_sh_util_base64_enc_ok (CuTest *tc) { unsigned char out[64]; unsigned char ou2[64]; int ret; unsigned char inp0[64] = ""; unsigned char inp1[64] = "A"; unsigned char inp2[64] = "AB"; unsigned char inp3[64] = "ABC"; unsigned char inp4[64] = "ABCD"; ret = sh_util_base64_enc (out, inp0, strlen((char*)inp0)); CuAssertIntEquals(tc, 0, ret); CuAssertStrEquals(tc, "", (char*)out); ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); CuAssertIntEquals(tc, ret, 0); CuAssertStrEquals(tc, (char*)inp0, (char*)ou2); ret = sh_util_base64_enc (out, inp1, strlen((char*)inp1)); CuAssertIntEquals(tc, ret, 4); CuAssertStrEquals(tc, "QQ??", (char*)out); ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); CuAssertStrEquals(tc, (char*)inp1, (char*)ou2); CuAssertIntEquals(tc, 1, ret); ret = sh_util_base64_enc (out, inp2, strlen((char*)inp2)); CuAssertIntEquals(tc, ret, 4); CuAssertStrEquals(tc, "QUI?", (char*)out); ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); CuAssertStrEquals(tc, (char*)inp2, (char*)ou2); CuAssertIntEquals(tc, 2, ret); ret = sh_util_base64_enc (out, inp3, strlen((char*)inp3)); CuAssertIntEquals(tc, ret, 4); CuAssertStrEquals(tc, "QUJD", (char*)out); ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); CuAssertStrEquals(tc, (char*)inp3, (char*)ou2); CuAssertIntEquals(tc, 3, ret); ret = sh_util_base64_enc (out, inp4, strlen((char*)inp4)); CuAssertIntEquals(tc, ret, 8); CuAssertStrEquals(tc, "QUJDRA??", (char*)out); ret = sh_util_base64_dec (ou2, out, strlen((char*)out)); CuAssertStrEquals(tc, (char*)inp4, (char*)ou2); CuAssertIntEquals(tc, 4, ret); return; } void Test_sh_util_dirname_ok (CuTest *tc) { char * ret = 0; char input0[] = "/foo/bar"; char res0[] = "/foo"; char input1[] = "/foo/bar/"; char res1[] = "/foo"; char input2[] = "/foo"; char res2[] = "/"; char input3[] = "/"; char res3[] = "/"; char input4[] = "///foo//bar"; char res4[] = "///foo"; char input5[] = "//foo///bar///"; char res5[] = "//foo"; char input6[] = "///"; char res6[] = "///"; char input7[] = "//f///b///"; char res7[] = "//f"; char input8[] = "/f/b/"; char res8[] = "/f"; char input9[] = "/e/b"; char res9[] = "/e"; ret = sh_util_dirname(input0); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res0, ret); ret = sh_util_dirname(input1); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res1, ret); ret = sh_util_dirname(input2); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res2, ret); ret = sh_util_dirname(input3); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res3, ret); ret = sh_util_dirname(input4); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res4, ret); ret = sh_util_dirname(input5); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res5, ret); ret = sh_util_dirname(input6); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res6, ret); ret = sh_util_dirname(input7); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res7, ret); ret = sh_util_dirname(input8); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res8, ret); ret = sh_util_dirname(input9); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res9, ret); return; } void Test_sh_util_basename_ok (CuTest *tc) { char * ret = 0; char input0[] = "/foo/bar"; char res0[] = "bar"; char input1[] = "/foo/"; char res1[] = "foo"; char input2[] = "/foo"; char res2[] = "foo"; char input3[] = "/"; char res3[] = "/"; char input4[] = "/foo/bar/"; char res4[] = "bar"; char input5[] = "/foo///bar///"; char res5[] = "bar"; char input6[] = "//foo"; char res6[] = "foo"; ret = sh_util_basename(input0); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res0, ret); ret = sh_util_basename(input1); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res1, ret); ret = sh_util_basename(input2); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res2, ret); ret = sh_util_basename(input3); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res3, ret); ret = sh_util_basename(input4); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res4, ret); ret = sh_util_basename(input5); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res5, ret); ret = sh_util_basename(input6); CuAssertPtrNotNull(tc, ret); CuAssertStrEquals(tc, res6, ret); return; } void Test_sh_util_utf8_ok (CuTest *tc) { int ret = 0; #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) unsigned char seq[16]; unsigned char input[16] = "foobar"; seq[0] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xed; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xef; seq[1] = 0xbf; seq[2] = 0xbd; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xf4; seq[1] = 0x90; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0xd7; seq[3] = 0x90; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_TRUE); /* cont. char */ seq[0] = 0x80; seq[1] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xbf; seq[1] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); /* overlong */ seq[0] = 0xc0; seq[1] = 0xaf; seq[2] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xe0; seq[1] = 0x8f; seq[2] = 0xaf; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0xaf; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); /* overlong */ seq[0] = 0xc1; seq[1] = 0xbf; seq[2] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xe0; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xf0; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); /* overlong */ seq[0] = 0xc0; seq[1] = 0x80; seq[2] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xe0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); /* cont missing */ seq[0] = 0xd7; seq[1] = 0x20; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x20; seq[3] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0x20; seq[4] = 0x00; ret = sh_util_valid_utf8(seq); CuAssertIntEquals(tc, ret, S_FALSE); /* switch on utf8 checking for sh_util_obscurename() */ ret = sh_util_obscure_utf8("Y"); CuAssertIntEquals(tc, ret, 0); ret = sh_util_obscure_ok ("0x01,0x02,0x03"); CuAssertIntEquals(tc, ret, 0); ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = '\t'; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_FALSE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[0] = 0x01; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0x02; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0x03; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0x04; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_FALSE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[0] = 'f'; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[5] = ' '; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_FALSE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[5] = 'r'; input[3] = ' '; ret = sh_util_valid_utf8 (input); CuAssertIntEquals(tc, ret, S_TRUE); ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); #else CuAssertIntEquals(tc, ret, 0); #endif } void Test_sh_util_obscure_ok (CuTest *tc) { int ret = 0; #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) char input[16] = "foobar"; /* switch off utf8 checking for sh_util_obscurename() */ ret = sh_util_obscure_utf8("N"); CuAssertIntEquals(tc, ret, 0); ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); CuAssertIntEquals(tc, ret, 0); ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = '\t'; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[0] = 0xA1; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0xA2; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0xA3; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[0] = 0xA4; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[0] = 'f'; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); input[5] = ' '; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, -1); input[5] = 'r'; input[3] = ' '; ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); CuAssertIntEquals(tc, ret, 0); #else CuAssertIntEquals(tc, ret, 0); #endif } samhain-3.1.0/src/sh_sub.c0000644000175000017500000002602012122444530012267 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2011 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" /* 0->1 for debug */ #if 0 #define SH_SUB_DBG 1 #endif #ifndef NULL #if !defined(__cplusplus) #define NULL ((void*)0) #else #define NULL (0) #endif #endif #include #include #include #include #include #include #include #include #include #include #include "samhain.h" #include "sh_pthread.h" #ifndef HAVE_LSTAT #define lstat stat #endif #define FIL__ _("sh_sub.c") static pid_t sh_child_pid = -1; static pid_t sh_wait_ret = 1; static int parent2child[2]; static int child2parent[2]; SH_MUTEX_STATIC(mutex_sub, PTHREAD_MUTEX_INITIALIZER); SH_MUTEX_STATIC(mutex_sub_work, PTHREAD_MUTEX_INITIALIZER); static void wait_for_command(); static ssize_t sh_sub_read(int fd, void *buf, size_t count); void sh_kill_sub() { SH_MUTEX_LOCK(mutex_sub); if (sh_child_pid != -1) { int status; #ifdef WCONTINUED int wflags = WNOHANG|WUNTRACED|WCONTINUED; #else int wflags = WNOHANG|WUNTRACED; #endif close (parent2child[1]); close (child2parent[0]); /* fprintf(stderr, "FIXME kill_sub %d\n", (int) sh_child_pid); */ /* Let's be rude. */ kill(sh_child_pid, SIGKILL); retry_msleep(1,0); if (sh_wait_ret == 0) sh_wait_ret = waitpid( -1, &status, wflags); else sh_wait_ret = waitpid(sh_child_pid, &status, wflags); sh_child_pid = -1; } SH_MUTEX_UNLOCK(mutex_sub); return; } static int sh_create_sub() { pid_t res; volatile int retval = 0; SH_MUTEX_LOCK(mutex_sub); #if !defined(O_NONBLOCK) #if defined(O_NDELAY) #define O_NONBLOCK O_NDELAY #else #define O_NONBLOCK 0 #endif #endif if (sh_child_pid == -1) { sigset_t signal_set_new; sigset_t signal_set_old; sigfillset ( &signal_set_new ); sigemptyset( &signal_set_old ); /* Create pipes. */ res = pipe (parent2child); if (res == 0) res = pipe (child2parent); if (res != 0) goto out; SH_SETSIGMASK(SIG_BLOCK, &signal_set_new, &signal_set_old); res = fork(); if (res == 0) { /* Child process. */ #ifdef _SC_OPEN_MAX int fdlimit = sysconf (_SC_OPEN_MAX); #else #ifdef OPEN_MAX int fdlimit = OPEN_MAX; #else int fdlimit = _POSIX_OPEN_MAX; #endif #endif int sflags, i, fd = 0; struct sigaction act; /* zero private information */ memset(skey, 0, sizeof(sh_key_t)); close (parent2child[1]); close (child2parent[0]); sflags = fcntl(parent2child[0], F_GETFL, 0); fcntl(parent2child[0], F_SETFL, sflags | O_NONBLOCK); sflags = fcntl(child2parent[1], F_GETFL, 0); fcntl(child2parent[1], F_SETFL, sflags | O_NONBLOCK); /* close inherited file descriptors */ if (fdlimit < 0) fdlimit = 20; /* POSIX lower limit */ while (fd < fdlimit) { if (fd != parent2child[0] && fd != child2parent[1]) close(fd); ++fd; } /* for (i = 0; i < 3; ++i) { if ( fcntl(i, F_GETFL, 0) == (-1)) (void) open(_("/dev/null"), O_RDWR, 0); } */ /* reset signal handling */ act.sa_handler = SIG_DFL; for (i = 0; i < NSIG; ++i) sigaction(i, &act, NULL); SH_SETSIGMASK(SIG_UNBLOCK, &signal_set_new, NULL); wait_for_command(); _exit(0); } else if (res > 0) { /* Parent process. */ int sflags; SH_SETSIGMASK(SIG_SETMASK, &signal_set_old, NULL); close (parent2child[0]); close (child2parent[1]); sflags = fcntl(parent2child[1], F_GETFL, 0); fcntl(parent2child[1], F_SETFL, sflags | O_NONBLOCK); sflags = fcntl(child2parent[0], F_GETFL, 0); fcntl(child2parent[0], F_SETFL, sflags | O_NONBLOCK); sh_child_pid = res; /* fprintf(stderr, "FIXME create_sub %d\n", (int) sh_child_pid); */ } else { /* Failure. */ SH_SETSIGMASK(SIG_SETMASK, &signal_set_old, NULL); close (parent2child[0]); close (parent2child[1]); close (child2parent[0]); close (child2parent[1]); retval = -1; } } out: ; /* 'label at end of compound statement' */ SH_MUTEX_UNLOCK(mutex_sub); return retval; } #define SH_SUB_BUF (PIPE_BUF-1) struct sh_sub_in { char command; char path[SH_SUB_BUF]; }; struct sh_sub_out { int retval; int errnum; struct stat sbuf; }; #define SH_COM_STAT 0 #define SH_COM_LSTAT 1 static ssize_t sh_sub_write(int fd, const void *buf, size_t count) { char * mbuf = (char *) buf; ssize_t rcount; int ttl = 5; /* 0, 1, 9, 81, 729 millisec */ int tti = 1; do { rcount = write(fd, mbuf, count); if (rcount > 0) { count -= rcount; mbuf += rcount; --ttl; } if (count > 0) { if (ttl > 0) { retry_msleep(0, tti); tti *= 9; } else { return -1; } } } while (count > 0 && (errno == EAGAIN || errno == EWOULDBLOCK)); if (count > 0) return -1; return 0; } static void wait_for_command() { int ret; struct pollfd fds; struct sh_sub_in inbuf; struct sh_sub_out outbuf; fds.fd = parent2child[0]; fds.events = POLLIN; do { /* fprintf(stderr, "FIXME wait_com polling..\n"); */ do { ret = poll(&fds, 1, -1); } while (ret < 0 && errno == EINTR); if (ret > 0) { ret = sh_sub_read(parent2child[0], &inbuf, sizeof(inbuf)); /* fprintf(stderr, "FIXME wait_com stat %s (%s)\n", inbuf.path, (inbuf.command == SH_COM_LSTAT) ? "lstat" : "stat"); */ if (ret == 0) { if (inbuf.command == SH_COM_LSTAT) { do { outbuf.retval = lstat(inbuf.path, &(outbuf.sbuf)); } while (outbuf.retval < 0 && errno == EAGAIN); } else { do { outbuf.retval = stat(inbuf.path, &(outbuf.sbuf)); } while (outbuf.retval < 0 && errno == EAGAIN); } outbuf.errnum = errno; /* fprintf(stderr, "FIXME wait_com writing..\n"); */ ret = sh_sub_write(child2parent[1], &outbuf, sizeof(outbuf)); if (ret < 0) { /* fprintf(stderr, "FIXME wait_com return 1\n"); */ return; } } else /* sh_sub_read() < 0 */ { /* fprintf(stderr, "FIXME wait_com return 2\n"); */ return; } } /* fprintf(stderr, "FIXME wait_com next..\n"); */ } while (1 == 1); } #ifndef ETIMEDOUT #define ETIMEDOUT EIO #endif static ssize_t sh_sub_read(int fd, void *buf, size_t count) { char * mbuf = (char *) buf; ssize_t rcount; int ttl = 5; /* 0, 1, 9, 81, 729 millisec */ int tti = 1; do { rcount = read(fd, mbuf, count); if (rcount > 0) { count -= rcount; mbuf += rcount; --ttl; } if (count > 0) { if (ttl > 0) { retry_msleep(0, tti); tti *= 9; } else { if (rcount >= 0) errno = ETIMEDOUT; return -1; } } } while (count > 0 && (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)); if (count > 0) return -1; return 0; } #ifdef SH_SUB_DBG #include static void debug_it (const char *fmt, ...) { char msg[256]; va_list ap; int fd = open("debug.it", O_CREAT|O_WRONLY|O_APPEND, 0666); va_start(ap, fmt); vsnprintf(msg, sizeof(msg), fmt, ap); /* flawfinder: ignore */ va_end(ap); write(fd, msg, strlen(msg)); write(fd, "\n", 1); close(fd); return; } #endif static int sh_sub_stat_int(const char *path, struct stat *buf, char command) { int retval; volatile int sflag = 0; struct sh_sub_in inbuf; struct sh_sub_out outbuf; struct pollfd pfds; size_t len = strlen(path) + 1; if (len > SH_SUB_BUF) { if (command == SH_COM_LSTAT) { do { retval = lstat(path, buf); } while (retval < 0 && errno == EAGAIN); return retval; } else { do { retval = stat(path, buf); } while (retval < 0 && errno == EAGAIN); return retval; } } sl_strlcpy(inbuf.path, path, SH_SUB_BUF); inbuf.command = command; start: #ifdef SH_SUB_DBG debug_it("%d sh_child_pid %d\n", (int)getpid(), (int) sh_child_pid); #endif if (sh_child_pid == -1) sh_create_sub(); #ifdef SH_SUB_DBG debug_it("%d stat_sub %s (%d)\n", (int)getpid(), inbuf.path, (int) sh_child_pid); #endif SH_MUTEX_LOCK(mutex_sub_work); retval = sh_sub_write(parent2child[1], &inbuf, sizeof(inbuf)); if (retval < 0) { int error = errno; sh_kill_sub(); errno = error; sflag = 1; goto end; } #ifdef SH_SUB_DBG debug_it("%d stat_sub polling..\n", (int)getpid()); #endif pfds.fd = child2parent[0]; pfds.events = POLLIN; do { retval = poll(&pfds, 1, 300 * 1000); } while (retval < 0 && errno == EINTR); if (retval <= 0) { int error = errno; sh_kill_sub(); errno = (retval == 0) ? ETIMEDOUT : error; sflag = -1; goto end; } #ifdef SH_SUB_DBG debug_it("%d stat_sub reading..\n", (int)getpid()); #endif retval = sh_sub_read (child2parent[0], &outbuf, sizeof(outbuf)); if (retval < 0) { int error = errno; sh_kill_sub(); errno = error; sflag = 1; goto end; } end: ; /* 'label at end of compound statement' */ SH_MUTEX_UNLOCK(mutex_sub_work); if (sflag == 0) { #ifdef SH_SUB_DBG debug_it("%d stat_sub done..\n", (int)getpid()); #endif memcpy(buf, &(outbuf.sbuf), sizeof(struct stat)); errno = outbuf.errnum; return outbuf.retval; } else if (sflag == 1) { #ifdef SH_SUB_DBG debug_it("%d stat_sub error..\n", (int)getpid()); #endif /* could not read, thus subprocess may have gone */ sflag = 0; goto start; } return -1; } int sh_sub_stat (const char *path, struct stat *buf) { return sh_sub_stat_int(path, buf, SH_COM_STAT); } int sh_sub_lstat(const char *path, struct stat *buf) { return sh_sub_stat_int(path, buf, SH_COM_LSTAT); } samhain-3.1.0/src/sh_filter.c0000644000175000017500000001472311346424120012772 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2009 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #ifdef HAVE_REGEX_H #include #endif #include "samhain.h" #include "sh_utils.h" #include "sh_mem.h" #include "sh_filter.h" #undef FIL__ #define FIL__ _("sh_filter.c") void sh_filter_free (sh_filter_type * filter) { int i; if (filter) { for (i = 0; i < filter->for_c; ++i) { #ifdef HAVE_REGEX_H if (filter->for_v[i]) regfree(filter->for_v[i]); #else if (filter->for_v[i]) SH_FREE(filter->for_v[i]); #endif filter->for_v[i] = NULL; } filter->for_c = 0; for (i = 0; i < filter->fand_c; ++i) { #ifdef HAVE_REGEX_H if (filter->fand_v[i]) regfree(filter->fand_v[i]); #else if (filter->fand_v[i]) SH_FREE(filter->fand_v[i]); #endif filter->fand_v[i] = NULL; } filter->fand_c = 0; for (i = 0; i < filter->fnot_c; ++i) { #ifdef HAVE_REGEX_H if (filter->fnot_v[i]) regfree(filter->fnot_v[i]); #else if (filter->fnot_v[i]) SH_FREE(filter->fnot_v[i]); #endif filter->fnot_v[i] = NULL; } filter->fnot_c = 0; } } int sh_filter_add (const char * str, sh_filter_type * filter, int type) { int i = 0; int flag = 0; size_t s; char * dupp; char * p; char * end; int * ntok; void ** stok; SL_ENTER(_("sh_filter_filteradd")); if (NULL == str || NULL == filter) { SL_RETURN((-1), _("sh_filter_filteradd")); } if (type == SH_FILT_OR) { ntok = &(filter->for_c); stok = filter->for_v; } else if (type == SH_FILT_AND) { ntok = &(filter->fand_c); stok = filter->fand_v; } else if (type == SH_FILT_NOT) { ntok = &(filter->fnot_c); stok = filter->fnot_v; } else { SL_RETURN((-1), _("sh_filter_filteradd")); } i = *ntok; if (i == SH_FILT_NUM) { SL_RETURN((-1), _("sh_filter_filteradd")); } dupp = sh_util_strdup(str); p = dupp; do { while (*p == ',' || *p == ' ' || *p == '\t') ++p; if (*p == '\0') break; end = p; ++end; if (*end == '\0') break; if (*p == '\'') { ++p; end = p; if (*end != '\'') ++end; if (*p == '\0' || *end == '\0') break; while (*end != '\0' && *end != '\'') ++end; } else if (*p == '"') { ++p; end = p; if (*end != '"') ++end; if (*p == '\0' || *end == '\0') break; while (*end != '\0' && *end != '"') ++end; } else { while (*end != '\0' && *end != ',' && *end != ' ' && *end != '\t') ++end; } if (*end == '\0') flag = 1; else *end = '\0'; s = strlen(p); if (s > 0) { ++s; #ifdef HAVE_REGEX_H if (stok[i] != NULL) regfree((regex_t *) stok[i]); { int status; stok[i] = SH_ALLOC(sizeof(regex_t)); status = regcomp((regex_t *) stok[i], p, REG_NOSUB|REG_EXTENDED); if (status != 0) { char * errbuf = SH_ALLOC(BUFSIZ); (void) regerror(status, (regex_t *) stok[i], errbuf, BUFSIZ); errbuf[BUFSIZ-1] = '\0'; sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX, errbuf, p); SH_FREE(errbuf); } } #else if (stok[i] != NULL) SH_FREE(stok[i]); stok[i] = SH_ALLOC(s); (void) sl_strlcpy((char *) stok[i], p, s); #endif ++i; } p = end; ++p; if (i == SH_FILT_NUM) break; } while (p != NULL && *p != '\0' && flag == 0); *ntok = i; SH_FREE(dupp); SL_RETURN (0, _("sh_filter_filteradd")); } #ifdef HAVE_REGEX_H static int sh_filter_cmp(const char * message, void * pattern) { int result; result = regexec((regex_t *)pattern, message, 0, NULL, 0); if (result != 0) return -1; /* Successful match. */ return 0; } #else static int sh_filter_cmp(const char * message, void * pattern) { if (NULL == sl_strstr(message, (char *)pattern)) return -1; /* Successful match. */ return 0; } #endif /* * -- Check filters. Returns 0 if message passes. */ int sh_filter_filter (const char * message, sh_filter_type * filter) { int i; SL_ENTER(_("sh_filter_filter")); if (filter) { /* Presence of any of these keywords prevents execution. */ if (filter->fnot_c > 0) { for (i = 0; i < filter->fnot_c; ++i) { if (0 == sh_filter_cmp(message, filter->fnot_v[i])) { SL_RETURN ((-1), _("sh_filter_filter")); } } } /* Presence of all of these keywords is required for execution. */ if (filter->fand_c > 0) { for (i = 0; i < filter->fand_c; ++i) { if (0 != sh_filter_cmp(message, filter->fand_v[i])) { SL_RETURN ((-1), _("sh_filter_filter")); } } } /* Presence of at least one of these keywords is required for execution. */ if (filter->for_c > 0) { for (i = 0; i < filter->for_c; ++i) { if (0 == sh_filter_cmp(message, filter->for_v[i])) { goto isok; } } SL_RETURN ((-1), _("sh_filter_filter")); } } isok: SL_RETURN ((0), _("sh_filter_filter")); } sh_filter_type * sh_filter_alloc(void) { sh_filter_type * filter = SH_ALLOC(sizeof(sh_filter_type)); memset(filter, '\0', sizeof(sh_filter_type)); filter->for_c = 0; filter->fand_c = 0; filter->fnot_c = 0; return filter; } samhain-3.1.0/src/kern_head.h.tmp0000644000175000017500000000000010064414023013513 00000000000000samhain-3.1.0/src/samhain.c0000644000175000017500000015022312137451474012442 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 1999, 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include /* samhainctl */ #include #include #include #include #include #if TIME_WITH_SYS_TIME #include #include #else #if HAVE_SYS_TIME_H #include #else #include #endif #endif #ifdef HAVE_MEMORY_H #include #endif #ifdef HAVE_SETPRIORITY #include #endif #ifndef HAVE_LSTAT #define lstat stat #endif /* for FLT_EPSILON */ #include #include "samhain.h" #include "sh_pthread.h" #include "sh_utils.h" #include "sh_error.h" #include "sh_unix.h" #include "sh_files.h" #include "sh_getopt.h" #include "sh_readconf.h" #include "sh_hash.h" #include "sh_restrict.h" #include "sh_nmail.h" #include "sh_tiger.h" #include "sh_gpg.h" #include "sh_mem.h" #include "sh_forward.h" #include "sh_tools.h" #include "sh_hash.h" #if defined(WITH_EXTERNAL) #include "sh_extern.h" #endif #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) #include "sh_modules.h" #include "sh_ignore.h" #include "sh_prelink.h" #endif #undef FIL__ #define FIL__ _("samhain.c") /************************************************** * * Needed to compile the key into the code. * **************************************************/ extern UINT32 ErrFlag[2]; #include "sh_MK.h" /************************************************** * * Variables for signal handling. * **************************************************/ volatile int sig_raised; volatile int sig_urgent; volatile int sig_debug_switch; /* SIGUSR1 */ volatile int sig_suspend_switch; /* SIGUSR2 */ volatile int sh_global_suspend_flag; volatile int sig_fresh_trail; /* SIGIOT */ volatile int sh_thread_pause_flag = S_FALSE; volatile int sig_config_read_again; /* SIGHUP */ volatile int sig_terminate; /* SIGQUIT */ volatile int sig_termfast; /* SIGTERM */ volatile int sig_force_check; /* SIGTTOU */ long int eintr__result; char sh_sig_msg[SH_MINIBUF]; #ifdef SH_STEALTH /************************************************** * * The following set of functions is required for * the 'stealth' mode. * **************************************************/ #ifndef SH_MAX_GLOBS #define SH_MAX_GLOBS 16 #endif #ifndef GLOB_LEN #define GLOB_LEN 511 #endif #ifdef HAVE_PTHREAD struct gt { size_t g_count; char * g_glob; }; pthread_key_t g_key; int sh_g_thread() { struct gt * ptr = malloc(sizeof(struct gt)); if (!ptr) return -1; ptr->g_count = 0; ptr->g_glob = calloc(1, SH_MAX_GLOBS * (GLOB_LEN+1)); if (!(ptr->g_glob)) return -1; return pthread_setspecific(g_key, ptr); } void sh_g_destroy(void * data) { struct gt * ptr = (struct gt *) data; free(ptr->g_glob); free(ptr); return; } void sh_g_init(void) { #if !defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK) extern int dnmalloc_pthread_init(void); dnmalloc_pthread_init(); #endif if (0 != pthread_key_create(&g_key, sh_g_destroy)) { perror("1"); exit(EXIT_FAILURE); } if (0 != sh_g_thread()) { perror("2"); exit(EXIT_FAILURE); } return; } #define SH_G_INIT sh_g_init() #else #define SH_G_INIT ((void)0) #endif char * globber(const char * str) { size_t i; size_t j; #ifndef HAVE_PTHREAD static size_t count = 0; static char glob[SH_MAX_GLOBS * (GLOB_LEN+1)]; #else struct gt * ptr = pthread_getspecific(g_key); size_t count; char * glob; if (ptr) { count = ptr->g_count; glob = ptr->g_glob; } else { return NULL; } #endif if (str != NULL) j = strlen(str); else return NULL; ASSERT((j <= GLOB_LEN), _("j <= GLOB_LEN")) if (j > GLOB_LEN) j = GLOB_LEN; /* Overwrap the buffer. */ if ( (count + j) >= (SH_MAX_GLOBS * (GLOB_LEN+1))) { count = 0; } for (i = 0; i < j; ++i) { if (str[i] != '\n' && str[i] != '\t' && str[i] != '\r' && str[i] != '"') glob[count + i] = str[i] ^ XOR_CODE; else glob[count + i] = str[i]; } glob[count + j] = '\0'; i = count; #ifdef HAVE_PTHREAD ptr->g_count = count + j + 1; #else count = count + j + 1; #endif return &glob[i]; } void sh_do_encode (char * str, int len) { register int i; /* this is a symmetric operation */ for (i = 0; i < len; ++i) { str[i] = str[i] ^ XOR_CODE; } return; } #else /* not stealth */ #define SH_G_INIT ((void)0) #endif /************************************************** * * Global variables. * **************************************************/ sh_struct sh; /*@null@*/ sh_key_t * skey = NULL; extern unsigned char TcpFlag[8][PW_LEN+1]; /************************************************** * * Initializing. * **************************************************/ static int is_samhainctl_init = S_FALSE; static void sh_init (void) { unsigned char * dez = NULL; int i; #if defined(SH_WITH_MAIL) char * p; char q[SH_PATHBUF]; #endif SL_ENTER(_("sh_init")); #ifdef MKA_09 ErrFlag[0] |= (1 << 8); #endif #ifdef MKA_10 ErrFlag[0] |= (1 << 9); #endif #ifdef MKA_11 ErrFlag[0] |= (1 << 10); #endif #ifdef MKA_12 ErrFlag[0] |= (1 << 11); #endif #ifdef MKA_13 ErrFlag[0] |= (1 << 12); #endif #ifdef MKA_14 ErrFlag[0] |= (1 << 13); #endif #ifdef MKA_15 ErrFlag[0] |= (1 << 14); #endif #ifdef MKA_16 ErrFlag[0] |= (1 << 15); #endif /* Signal handling. */ sig_raised = 0; sig_config_read_again = 0; /* SIGHUP */ sig_debug_switch = 0; /* SIGUSR1 */ sig_suspend_switch = 0; /* SIGUSR2 */ sh_global_suspend_flag = 0; /* SIGUSR2 */ sig_fresh_trail = 0; /* SIGIOT */ sig_terminate = 0; /* SIGQUIT */ sig_termfast = 0; /* SIGTERM */ sig_force_check = 0; /* SIGTTOU */ strcpy ( sh_sig_msg, _("None")); #ifdef MKB_01 ErrFlag[1] |= (1 << 0); #endif #ifdef MKB_02 ErrFlag[1] |= (1 << 1); #endif #ifdef MKB_03 ErrFlag[1] |= (1 << 2); #endif #ifdef MKB_04 ErrFlag[1] |= (1 << 3); #endif #ifdef MKB_05 ErrFlag[1] |= (1 << 4); #endif #ifdef MKB_06 ErrFlag[1] |= (1 << 5); #endif #ifdef MKB_07 ErrFlag[1] |= (1 << 6); #endif #ifdef MKB_08 ErrFlag[1] |= (1 << 7); #endif #if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) strncpy(sh.prg_name, _("Yule"), 8); sh.prg_name[4] = '\0'; #else strncpy(sh.prg_name, _("Samhain"), 8); sh.prg_name[7] = '\0'; #endif sh.pid = (UINT64) getpid(); /* The flags. */ if (is_samhainctl_init == S_FALSE) sh.flag.checkSum = SH_CHECK_NONE; sh.flag.update = S_FALSE; sh.flag.opts = S_FALSE; sh.flag.started = S_FALSE; if (is_samhainctl_init == S_FALSE) sh.flag.isdaemon = S_FALSE; sh.flag.isserver = S_FALSE; sh.flag.islocked = S_FALSE; sh.flag.smsg = S_FALSE; sh.flag.log_start = S_TRUE; sh.flag.reportonce = S_TRUE; sh.flag.fulldetail = S_FALSE; sh.flag.audit = S_FALSE; sh.flag.nice = 0; sh.flag.aud_mask = 0xFFFFFFFFUL; sh.flag.client_severity = S_FALSE; sh.flag.client_class = S_FALSE; sh.flag.hidefile = S_FALSE; sh.flag.loop = S_FALSE; sh.flag.inotify = 0; #ifdef MKB_09 ErrFlag[1] |= (1 << 8); #endif #ifdef MKB_10 ErrFlag[1] |= (1 << 9); #endif #ifdef MKB_11 ErrFlag[1] |= (1 << 10); #endif #ifdef MKB_12 ErrFlag[1] |= (1 << 11); #endif #ifdef MKB_13 ErrFlag[1] |= (1 << 12); #endif #ifdef MKB_14 ErrFlag[1] |= (1 << 13); #endif #ifdef MKB_15 ErrFlag[1] |= (1 << 14); #endif #ifdef MKB_16 ErrFlag[1] |= (1 << 15); #endif /* The stats. */ sh.statistics.bytes_speed = 0; sh.statistics.bytes_hashed = 0; sh.statistics.files_report = 0; sh.statistics.files_error = 0; sh.statistics.files_nodir = 0; sh.statistics.mail_success = 0; sh.statistics.mail_failed = 0; sh.statistics.time_start = time(NULL); sh.statistics.time_check = (time_t) 0; #ifdef MKC_01 ErrFlag[0] |= (1 << 16); #endif #ifdef MKC_02 ErrFlag[0] |= (1 << 17); #endif #ifdef MKC_03 ErrFlag[0] |= (1 << 18); #endif #ifdef MKC_04 ErrFlag[0] |= (1 << 19); #endif #ifdef MKC_05 ErrFlag[0] |= (1 << 20); #endif #ifdef MKC_06 ErrFlag[0] |= (1 << 21); #endif #ifdef MKC_07 ErrFlag[0] |= (1 << 22); #endif #ifdef MKC_08 ErrFlag[0] |= (1 << 23); #endif /* The local host. */ (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ sh.host.release[0] = '\0'; sh.host.machine[0] = '\0'; #ifdef MKC_09 ErrFlag[0] |= (1 << 24); #endif #ifdef MKC_10 ErrFlag[0] |= (1 << 25); #endif #ifdef MKC_11 ErrFlag[0] |= (1 << 26); #endif #ifdef MKC_12 ErrFlag[0] |= (1 << 27); #endif #ifdef MKC_13 ErrFlag[0] |= (1 << 28); #endif #ifdef MKC_14 ErrFlag[0] |= (1 << 29); #endif #ifdef MKC_15 ErrFlag[0] |= (1 << 30); #endif #ifdef MKC_16 ErrFlag[0] |= (1UL << 31); #endif /* The paths. */ (void) sl_strlcpy (sh.conf.path, DEFAULT_CONFIGFILE, SH_PATHBUF); sh.conf.hash[0] = '\0'; (void) sl_strlcpy (sh.data.path, DEFAULT_DATA_FILE, SH_PATHBUF); sh.data.hash[0] = '\0'; sh.exec.path[0] = '\0'; sh.exec.hash[0] = '\0'; #ifdef MKD_01 ErrFlag[1] |= (1 << 16); #endif #ifdef MKD_02 ErrFlag[1] |= (1 << 17); #endif #ifdef MKD_03 ErrFlag[1] |= (1 << 18); #endif #ifdef MKD_04 ErrFlag[1] |= (1 << 19); #endif #ifdef MKD_05 ErrFlag[1] |= (1 << 20); #endif #ifdef MKD_06 ErrFlag[1] |= (1 << 21); #endif #ifdef MKD_07 ErrFlag[1] |= (1 << 22); #endif #ifdef MKD_08 ErrFlag[1] |= (1 << 23); #endif /* The addresses. */ #if defined(SH_WITH_MAIL) if (0 != strcmp (DEFAULT_MAILADDRESS, _("NULL"))) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) char * saveptr; (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); p = strtok_r (q, ", \t", &saveptr); if (p) { (void) sh_nmail_add_compiled_recipient (p); while (NULL != (p = strtok_r (NULL, ", \t", &saveptr))) (void) sh_nmail_add_compiled_recipient (p); } #else (void) sl_strncpy(q, DEFAULT_MAILADDRESS, SH_PATHBUF); p = strtok (q, ", \t"); if (p) { (void) sh_nmail_add_compiled_recipient (p); while (NULL != (p = strtok (NULL, ", \t"))) (void) sh_nmail_add_compiled_recipient (p); } #endif } #endif if (0 == strcmp (ALT_TIMESERVER, _("NULL"))) sh.srvtime.alt[0] = '\0'; else (void) sl_strlcpy (sh.srvtime.alt, ALT_TIMESERVER, SH_PATHBUF); if (0 == strcmp (DEFAULT_TIMESERVER, _("NULL"))) sh.srvtime.name[0] = '\0'; else (void) sl_strlcpy (sh.srvtime.name, DEFAULT_TIMESERVER, SH_PATHBUF); if (0 == strcmp (ALT_LOGSERVER, _("NULL"))) sh.srvexport.alt[0] = '\0'; else (void) sl_strlcpy (sh.srvexport.alt, ALT_LOGSERVER, SH_PATHBUF); if (0 == strcmp (DEFAULT_LOGSERVER, _("NULL"))) sh.srvexport.name[0] = '\0'; else (void) sl_strlcpy (sh.srvexport.name, DEFAULT_LOGSERVER, SH_PATHBUF); if (0 == strcmp (DEFAULT_ERRLOCK, _("NULL"))) sh.srvlog.alt[0] = '\0'; else (void) sl_strlcpy (sh.srvlog.alt, DEFAULT_ERRLOCK, SH_PATHBUF); if (0 == strcmp (DEFAULT_ERRFILE, _("NULL"))) sh.srvlog.name[0] = '\0'; else (void) sl_strlcpy (sh.srvlog.name, DEFAULT_ERRFILE, SH_PATHBUF); if (0 == strcmp (ALT_CONSOLE, _("NULL"))) sh.srvcons.alt[0] = '\0'; else (void) sl_strlcpy (sh.srvcons.alt, ALT_CONSOLE, SH_PATHBUF); #ifndef DEFAULT_CONSOLE (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); #else if (0 == strcmp (DEFAULT_CONSOLE, _("NULL"))) (void) sl_strlcpy (sh.srvcons.name, _("/dev/console"), SH_PATHBUF); else (void) sl_strlcpy (sh.srvcons.name, DEFAULT_CONSOLE, SH_PATHBUF); #endif #ifdef MKD_09 ErrFlag[1] |= (1 << 24); #endif #ifdef MKD_10 ErrFlag[1] |= (1 << 25); #endif #ifdef MKD_11 ErrFlag[1] |= (1 << 26); #endif #ifdef MKD_12 ErrFlag[1] |= (1 << 27); #endif #ifdef MKD_13 ErrFlag[1] |= (1 << 28); #endif #ifdef MKD_14 ErrFlag[1] |= (1 << 29); #endif #ifdef MKD_15 ErrFlag[1] |= (1 << 30); #endif #ifdef MKD_16 ErrFlag[1] |= (1UL << 31); #endif /* The timers. */ sh.fileCheck.alarm_last = 0; sh.fileCheck.alarm_interval = 600; /* ten minutes */ sh.mailTime.alarm_last = 0; sh.mailTime.alarm_interval = 86400; sh.mailNum.alarm_last = 0; sh.mailNum.alarm_interval = 10; sh.looptime = 60; #ifdef SCREW_IT_UP sh.sigtrap_max_duration = 500000; /* 500ms */ #endif /* The struct to hold privileged information. */ skey = (sh_key_t *) malloc (sizeof(sh_key_t)); if (skey != NULL) { skey->mlock_failed = SL_FALSE; skey->rngI = BAD; /* properly initialized later */ skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17; skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17; skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17; for (i = 0; i < KEY_BYT; ++i) skey->poolv[i] = '\0'; skey->poolc = 0; skey->ErrFlag[0] = ErrFlag[0]; ErrFlag[0] = 0; skey->ErrFlag[1] = ErrFlag[1]; ErrFlag[1] = 0; dez = &(TcpFlag[POS_TF-1][0]); for (i = 0; i < PW_LEN; ++i) { skey->pw[i] = (char) (*dez); (*dez) = '\0'; ++dez; } skey->sh_sockpass[0] = '\0'; skey->sigkey_old[0] = '\0'; skey->sigkey_new[0] = '\0'; skey->mailkey_old[0] = '\0'; skey->mailkey_new[0] = '\0'; skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ skey->session[0] = '\0'; skey->vernam[0] = '\0'; } else { perror(_("sh_init")); _exit (EXIT_FAILURE); } sh_unix_memlock(); SL_RET0(_("sh_init")); } #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) #include #endif #if defined(SH_USE_XML) extern int sh_log_file (char * message, char * inet_peer); #endif /******************************************************* * * Exit Handler * *******************************************************/ static void exit_handler(void) { /* --- Clean up modules, if any. --- */ #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) int modnum; #endif #if defined(SH_WITH_SERVER) extern int sh_socket_remove (void); extern int sh_html_zero(); #endif SL_ENTER(_("exit_handler")); #if defined(SH_WITH_SERVER) sh_socket_remove (); #endif #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) for (modnum = 0; modList[modnum].name != NULL; ++modnum) { if (modList[modnum].initval == SH_MOD_ACTIVE) (void) modList[modnum].mod_cleanup(); } #ifdef HAVE_PTHREAD sh_pthread_cancel_all(); #endif #endif /* --- Push out all pending messages. --- */ #if defined(SH_WITH_MAIL) if (sh.mailNum.alarm_last > 0) { (void) sh_nmail_flush (); } #endif /* --- Write the server stat. --- */ #if defined(SH_WITH_SERVER) /* zero out the status file at exit, such that the status * of client becomes unknown in the beltane interface */ sh_html_zero(); /* sh_forward_html_write(); */ #endif /* --- Clean up memory to check for problems. --- */ #ifdef MEM_DEBUG #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) sh_files_deldirstack (); sh_files_delfilestack (); sh_files_delglobstack (); sh_hash_hashdelete(); sh_files_hle_reg (NULL); /* * Only flush on exit if running as deamon. * Otherwise we couldn't run another instance * while the deamon is running (would leave the * deamon with flushed ruleset). */ if (sh.flag.isdaemon == S_TRUE) { sh_audit_delete_all (); } #endif #if defined(SH_WITH_SERVER) sh_forward_free_all (); #endif #if defined(SH_WITH_MAIL) sh_nmail_free(); #endif delete_cache(); sh_userid_destroy (); sh_mem_stat(); #endif #ifdef MEM_DEBUG sh_unix_count_mlock(); #endif /* --- Checksum of executable. --- */ (void) sh_unix_self_check(); /* --- Exit Message. --- */ sh_error_handle ((-1), FIL__, __LINE__, sh.flag.exit, MSG_EXIT_NORMAL, sh.prg_name, sh_sig_msg); #ifdef SH_USE_XML (void) sh_log_file (NULL, NULL); #endif /* --- Restrict error logging to stderr. --- */ #ifdef WITH_MESSAGE_QUEUE close_ipc (); #endif sh_error_only_stderr (S_TRUE); /* --- Remove lock, delete critical information. --- */ (void) sh_unix_rm_lock_file (sh.srvlog.name); if (sh.flag.isdaemon == S_TRUE) (void) sh_unix_rm_pid_file (); if (skey != NULL) memset (skey, (int) '\0', sizeof(sh_key_t)); /* --- Exit. --- */ SL_RET0(_("exit_handler")); } /*********************************************************** * */ #ifndef SIGHUP #define SIGHUP 1 #endif #ifndef SIGTERM #define SIGTERM 15 #endif #ifndef SIGKILL #define SIGKILL 9 #endif #if defined(__linux__) || defined(sun) || defined(__sun) || defined(__sun__) #include static pid_t * procdirSamhain (void) { pid_t * pidlist; struct dirent * d; DIR * dp; long ino; struct stat buf; int i; pid_t pid, mypid = getpid(); char * tail; char exef[128]; if (0 != stat(SH_INSTALL_PATH, &buf)) { return NULL; } ino = (long) buf.st_ino; if (NULL == (dp = opendir(_("/proc")))) { return NULL; } SH_MUTEX_LOCK(mutex_readdir); pidlist = malloc(sizeof(pid_t) * 65535); if (!pidlist) goto unlock_and_out; for (i = 0; i < 65535; ++i) pidlist[i] = 0; i = 0; while (NULL != (d = readdir(dp)) && i < 65535) { if (0 != strcmp(d->d_name, ".") && 0 != strcmp(d->d_name, "..")) { errno = 0; pid = (pid_t) strtol (d->d_name, &tail, 0); if (*tail != '\0' || errno != 0) continue; if (pid == mypid) continue; #if defined(__linux__) sprintf(exef, _("/proc/%d/exe"), (int) pid); /* known to fit */ #else sprintf(exef, _("/proc/%d/object/a.out"), /* known to fit */ (int) pid); #endif if (0 == stat(exef, &buf) && ino == (long) buf.st_ino) { pidlist[i] = (pid_t) pid; ++i; } } } unlock_and_out: ; SH_MUTEX_UNLOCK(mutex_readdir); closedir(dp); return pidlist; } #else static pid_t * procdirSamhain (void) { return NULL; } #endif static int killprocSamhain (pid_t pid) { int i; /* fprintf(stderr, "Killing %d\n", pid); */ if (pid > 0 && 0 == kill (pid, SIGTERM)) { for (i = 0; i < 16; ++i) { (void) retry_msleep(1, 0); if (0 != kill (pid, 0) && errno == ESRCH) return (0); } (void) kill (pid, SIGKILL); return (0); } if (pid > 0) { if (errno == ESRCH) return 7; if (errno == EPERM) return 4; return 1; } else return (7); } static pid_t pidofSamhain (int flag) { FILE * fp; char line[256]; char * tail; char * p; pid_t pid; long inpid; struct stat buf; fp = fopen (DEFAULT_ERRLOCK, "r"); if (!fp) { if (errno != ENOENT) perror(_("fopen")); return 0; } if (NULL == fgets(line, sizeof(line), fp)) { perror(_("fgets")); (void) sl_fclose(FIL__, __LINE__, fp); return 0; } (void) sl_fclose(FIL__, __LINE__, fp); p = line; while (*p == ' ' || *p == '\f' || *p == '\n' || *p == '\r' || *p == '\t' || *p == '\v') ++p; errno = 0; inpid = strtol (p, &tail, 0); if (p == tail || errno != 0) { perror(_("strtol")); return 0; } pid = (pid_t) inpid; if (inpid != (long) pid) { perror(_("strtol")); return 0; } /* remove stale pid file */ if (flag == 1 && pid > 0 && 0 != kill(pid, 0) && errno == ESRCH) { if /*@-unrecog@*/ (0 == lstat (DEFAULT_ERRLOCK, &buf))/*@+unrecog@*/ { if /*@-usedef@*/(S_ISREG(buf.st_mode))/*@+usedef@*/ { (void) unlink(DEFAULT_ERRLOCK); } } else { perror(_("lstat")); return 0; } pid = 0; } return pid; } /* 1: start 2:stop 3:reload 4:status */ /*@-exitarg@*/ static int samhainctl(int ctl, int * argc, char * argv[]) { char * fullpath; pid_t pid; int status; int res; pid_t respid; int times; char * argp[32]; pid_t * pidlist; int i; #ifdef WCONTINUED int wflags = WNOHANG|WUNTRACED|WCONTINUED; #else int wflags = WNOHANG|WUNTRACED; #endif fullpath = strdup (SH_INSTALL_PATH); if (fullpath == NULL) { perror(_("strdup")); exit (1); } argp[0] = strdup (SH_INSTALL_PATH); if (argp[0] == NULL) { perror(_("strdup")); exit (1); } for (times = 1; times < 32; ++times) argp[times] = NULL; res = (*argc > 32) ? 32 : *argc; for (times = 2; times < res; ++times) { argp[times-1] = strdup (argv[times]); if (argp[times-1] == NULL) { perror(_("strdup")); exit (1); } } if (ctl == 1) { pid = pidofSamhain(1); if (pid != 0 && 0 == kill (pid, 0)) /* already started */ exit (0); pid = fork(); switch (pid) { case ((pid_t) -1): perror(_("fork")); exit (1); case 0: if (0 != sl_close_fd (FIL__, __LINE__, 0)) { _exit(4); } (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ if (errno == EPERM) _exit(4); else if (errno == ENOENT) _exit(5); _exit (1); default: times = 0; while (times < 300) { respid = waitpid(pid, &status, wflags); if ((pid_t)-1 == respid) { perror(_("waitpid")); exit (1); } else if (pid == respid) { #ifndef USE_UNO if (0 != WIFEXITED(status)) { res = WEXITSTATUS(status); exit (res == 0 ? 0 : res ); } else exit (1); #else exit (1); #endif } ++times; (void) retry_msleep(1, 0); } exit (0); /* assume that it runs ok */ } } pid = pidofSamhain(0); if (ctl == 2) /* stop */ { pidlist = procdirSamhain (); if (pid == 0 && NULL == pidlist) /* pid file not found */ { free(fullpath); return (0); } status = 0; if (pid != 0) status = killprocSamhain(pid); if (pidlist != NULL) { i = 0; while (i < 65535 && pidlist[i] != 0) { if (pidlist[i] != pid) status = killprocSamhain(pidlist[i]); ++i; } } free(fullpath); if (status == 7) return 0; else return status; } if (ctl == 3) /* reload */ { if (pid == 0) exit (7); if (0 == kill (pid, SIGHUP)) exit (0); else { if (errno == EPERM) exit (4); if (errno == ESRCH) exit (7); exit (1); } } if (ctl == 4) /* status */ { if (pid == 0) exit (3); if (0 == kill (pid, 0)) exit (0); else { if (errno == EPERM) exit (4); if (errno == ESRCH) exit (1); } } free(fullpath); /* silence smatch false positive */ exit (1); /* no exit handler installed yet */ /*@notreached@*/ return (0); } /*@+exitarg@*/ #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) #include "sh_schedule.h" static sh_schedule_t * FileSchedOne = NULL; static sh_schedule_t * FileSchedTwo = NULL; /* free a linked list of schedules */ static sh_schedule_t * free_sched (sh_schedule_t * isched) { sh_schedule_t * current = isched; sh_schedule_t * next = NULL; while (current != NULL) { next = current->next; SH_FREE(current); current = next; } return NULL; } /* Add a new schedule to the linked list of schedules */ static sh_schedule_t * sh_set_schedule_int (const char * str, sh_schedule_t * FileSchedIn, /*@out@*/ int * status) { sh_schedule_t * FileSched; SL_ENTER(_("sh_set_schedule_int")); if (0 == sl_strncmp(str, _("NULL"), 4)) { (void) free_sched(FileSchedIn); FileSchedIn = NULL; *status = 0; return NULL; } FileSched = SH_ALLOC(sizeof(sh_schedule_t)); *status = create_sched(str, FileSched); if (*status != 0) { SH_FREE(FileSched); FileSched = NULL; SL_RETURN(FileSchedIn , _("sh_set_schedule_int")); } FileSched->next = FileSchedIn; SL_RETURN(FileSched , _("sh_set_schedule_int")); } /* Add a new schedule to the linked list FileSchedOne */ int sh_set_schedule_one (const char * str) { int status; FileSchedOne = sh_set_schedule_int (str, FileSchedOne, &status); return status; } /* Add a new schedule to the linked list FileSchedTwo */ int sh_set_schedule_two (const char * str) { int status; FileSchedTwo = sh_set_schedule_int (str, FileSchedTwo, &status); return status; } #endif /******************************************************* * * Main program * *******************************************************/ #if !defined(SH_CUTEST) int main(int argc, char * argv[]) #else int undef_main(int argc, char * argv[]) #endif { #if defined(INET_SYSLOG) extern int create_syslog_socket (int flag); #endif #if defined(SH_WITH_SERVER) extern int sh_create_tcp_socket(void); #endif #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) int modnum; time_t runtim; float st_1, st_2; int status; volatile long cct = 0; /* main loop iterations */ volatile int flag_check_1 = 0; volatile int flag_check_2 = 0; int check_done = 0; #endif volatile time_t told; volatile time_t tcurrent; size_t tzlen; char * tzptr; int res; #if defined (SH_STEALTH_NOCL) char command_line[256]; int my_argc = 0; char * my_argv[32]; #endif #if !defined(USE_SYSTEM_MALLOC) typedef void assert_handler_tp(const char * error, const char *file, int line); extern assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new); (void) dnmalloc_set_handler(safe_fatal); #endif SH_G_INIT; /* Must precede any use of _() */ SL_ENTER(_("main")); /* --- Close all but first three file descriptors. --- */ sh_unix_closeall(3, -1, SL_FALSE); /* at program start */ if (argc >= 2 && 0 != getuid() && (0 == strcmp(argv[1], _("start")) || 0 == strcmp(argv[1], _("stop")) || 0 == strcmp(argv[1], _("reload")) || 0 == strcmp(argv[1], _("force-reload")) || 0 == strcmp(argv[1], _("status")) || 0 == strcmp(argv[1], _("restart")))) { return 4; } if (argc >= 2 && 0 == getuid()) { /* return codes: * 0 Success * 1 Can not send signal / start program * 2 Pid file does not exist */ if (0 == strcmp(argv[1], _("start"))) { (void) samhainctl (1, &argc, argv); /* does not return */ } else if (0 == strcmp(argv[1], _("stop"))) return (samhainctl (2, &argc, argv)); else if (0 == strcmp(argv[1], _("reload"))) (void) samhainctl (3, &argc, argv); /* does not return */ else if (0 == strcmp(argv[1], _("force-reload"))) (void) samhainctl (3, &argc, argv); /* does not return */ else if (0 == strcmp(argv[1], _("status"))) (void) samhainctl (4, &argc, argv); /* does not return */ else if (0 == strcmp(argv[1], _("restart"))) { res = samhainctl (2, &argc, argv); if (res == 0 || res == 7) { (void) samhainctl (1, &argc, argv); /* does not return */ } else return (res); } } /* if fd 0 is closed, presume that we want to be daemon and * run in check mode */ if ((-1) == retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) && errno == EBADF) { sh.flag.opts = S_TRUE; (void) sh_unix_setdeamon(NULL); #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) sh.flag.checkSum = SH_CHECK_CHECK; /* (void) sh_util_setchecksum(_("check")); */ #endif is_samhainctl_init = S_TRUE; sh.flag.opts = S_FALSE; } /* --- Install the exit handler. --- */ (void) atexit(exit_handler); /* --- Zero the mailer key, and fill it. --- */ memset (ErrFlag, 0, 2*sizeof(UINT32)); #ifdef MKA_01 ErrFlag[0] |= (1 << 0); #endif #ifdef MKA_02 ErrFlag[0] |= (1 << 1); #endif #ifdef MKA_03 ErrFlag[0] |= (1 << 2); #endif #ifdef MKA_04 ErrFlag[0] |= (1 << 3); #endif #ifdef MKA_05 ErrFlag[0] |= (1 << 4); #endif #ifdef MKA_06 ErrFlag[0] |= (1 << 5); #endif #ifdef MKA_07 ErrFlag[0] |= (1 << 6); #endif #ifdef MKA_08 ErrFlag[0] |= (1 << 7); #endif #if defined(SCREW_IT_UP) BREAKEXIT(sh_sigtrap_prepare); (void) sh_sigtrap_prepare(); #endif /* Save the timezone. */ if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ { tzlen = strlen(tzptr); if (tzlen < 1024) { sh.timezone = malloc (tzlen + 1); if (sh.timezone != NULL) (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); } else sh.timezone = NULL; } else sh.timezone = NULL; /* -------- INIT -------- */ sh_unix_ign_sigpipe(); /* Restrict error logging to stderr. */ sh_error_only_stderr (S_TRUE); /* Check that first three descriptors are open. */ if ( retry_fcntl(FIL__, __LINE__, 0, F_GETFL, 0) == (-1)) (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); if ( retry_fcntl(FIL__, __LINE__, 1, F_GETFL, 0) == (-1)) (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 1); if ( retry_fcntl(FIL__, __LINE__, 2, F_GETFL, 0) == (-1)) (void) aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 2); /* --- Set default values. --- */ BREAKEXIT(sh_init); sh_init (); /* we are still privileged here, so we can mlock skey */ #if (defined (SH_WITH_SERVER) && !defined (SH_WITH_CLIENT)) sh.flag.isserver = S_TRUE; #endif /* --- First check for an attached debugger (after setting sh.sigtrap_max_duration which has to be done before). --- */ BREAKEXIT(sh_derr); (void) sh_derr(); /* --- Get local hostname. --- */ BREAKEXIT(sh_unix_localhost); sh_unix_localhost(); /* --- Read the command line. --- */ sh.flag.opts = S_TRUE; #if !defined(SH_STEALTH_NOCL) sh_argc_store = argc; sh_argv_store = argv; (void) sh_getopt_get (argc, argv); #else if (argc > 1 && argv[1] != NULL && strlen(argv[1]) > 0 && strlen(NOCL_CODE) > 0) { if ( 0 == strcmp(argv[1], NOCL_CODE) ) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) char * saveptr; #endif my_argv[0] = argv[0]; ++my_argc; command_line[0] = '\0'; if (NULL != fgets (command_line, sizeof(command_line), stdin)) command_line[sizeof(command_line)-1] = '\0'; do { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) my_argv[my_argc] = strtok_r( (my_argc == 1) ? command_line : NULL, " \n", &saveptr); #else my_argv[my_argc] = strtok( (my_argc == 1) ? command_line : NULL, " \n"); #endif if (my_argv[my_argc] != NULL) { ++my_argc; } else { break; } } while (my_argc < 32); sh_argc_store = my_argc; sh_argv_store = my_argv; (void) sh_getopt_get (my_argc, my_argv); } else { /* discard command line */ /* _exit(EXIT_FAILURE) */ ; } } #endif sh.flag.opts = S_FALSE; /* --- Get user info. --- */ TPT((0, FIL__, __LINE__, _("msg=\n"))) if (0 != sh_unix_getUser ()) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); aud_exit(FIL__, __LINE__, EXIT_FAILURE); } /* ***************************** * * Read the configuration file. * * *****************************/ TPT((0, FIL__, __LINE__, _("msg=\n"))) BREAKEXIT(sh_readconf_read); (void) sh_readconf_read (); sh_calls_enable_sub(); #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) if (sh.flag.checkSum == SH_CHECK_NONE) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("No action specified: init, update, or check"), _("main")); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); aud_exit (FIL__, __LINE__, EXIT_FAILURE); } #endif /* do not append to database if run SUID */ if ((sh.flag.checkSum == SH_CHECK_INIT) && (0 != sl_is_suid())) { (void) dlog(1, FIL__, __LINE__, _("Cannot initialize database when running with SUID credentials.\nYou need to run this with the user ID %d.\nYour current user ID is %d."), (int) geteuid(), (int) sh.real.uid); sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_ACCESS, (long) sh.real.uid, sh.data.path); aud_exit(FIL__, __LINE__, EXIT_FAILURE); } /* avoid daemon mode for initialization */ if (sh.flag.checkSum == SH_CHECK_INIT) { sh.flag.isdaemon = S_FALSE; sh.flag.loop = S_FALSE; } /* --- load database; checksum of database */ #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) TPT((0, FIL__, __LINE__, _("msg=\n"))) if (sh.flag.checkSum == SH_CHECK_CHECK) { if (0 != sl_strcmp(file_path('D', 'R'), _("REQ_FROM_SERVER"))) { char hashbuf[KEYBUF_SIZE]; (void) sl_strlcpy(sh.data.hash, sh_tiger_hash (file_path('D', 'R'), TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } /* this eventually fetches the file from server to get checksum */ sh_hash_init (); } #endif /* --- initialize signal handling etc.; fork daemon */ if (sh_unix_init(sh.flag.isdaemon) == -1) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); aud_exit(FIL__, __LINE__, EXIT_FAILURE); } /* --- drop privileges eventually --- */ #if defined(SH_WITH_SERVER) sh_create_tcp_socket (); #if defined(INET_SYSLOG) create_syslog_socket (S_TRUE); #endif SL_REQUIRE(sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE, _("sl_policy_get_real(DEFAULT_IDENT) == SL_ENONE")); #else SL_REQUIRE(sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE, _("sl_policy_get_user(DEFAULT_IDENT) == SL_ENONE")); #endif /* --- Get user info (again). --- */ TPT((0, FIL__, __LINE__, _("msg=\n"))) if (0 != sh_unix_getUser ()) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); aud_exit(FIL__, __LINE__, EXIT_FAILURE); } /* --- now check whether we really wanted it; if not, close --- */ #if defined(INET_SYSLOG) && defined(SH_WITH_SERVER) create_syslog_socket (S_FALSE); #endif /* --- Enable full error logging --- */ sh_error_only_stderr (S_FALSE); sh.flag.started = S_TRUE; /**************************************************** * * SERVER * ****************************************************/ #if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) #if (defined(WITH_GPG) || defined(WITH_PGP)) /* log startup */ sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, sh.prg_name, (long) sh.real.uid, (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C','R'), sh.conf.hash); #endif #else /**************************************************** * * CLIENT/STANDALONE * ****************************************************/ BREAKEXIT(sh_error_handle); if (sh.flag.checkSum == SH_CHECK_CHECK) { #if (defined(WITH_GPG) || defined(WITH_PGP)) /* log startup */ sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H, sh.prg_name, (long) sh.real.uid, (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash, (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('D', 'R'), sh.data.hash); #endif } else { #if (defined(WITH_GPG) || defined(WITH_PGP)) /* log startup */ sh_gpg_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, sh.prg_name, (long) sh.real.uid, (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'), sh.conf.hash); #endif } #endif if ((skey == NULL) || (skey->mlock_failed == SL_TRUE)) sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK); /* timer */ tcurrent = time (NULL); told = tcurrent; sh.mailTime.alarm_last = told; /**************************************************** * * SERVER * ****************************************************/ #if defined(SH_WITH_SERVER) TPT((0, FIL__, __LINE__, _("msg=\n"))) #if defined (SH_WITH_CLIENT) if (sh.flag.isserver == S_TRUE) { sh_receive(); TPT((0, FIL__, __LINE__, _("msg=\n"))) aud_exit (FIL__, __LINE__, EXIT_SUCCESS); } #else sh_receive(); TPT((0, FIL__, __LINE__, _("msg=\n"))) aud_exit (FIL__, __LINE__, EXIT_SUCCESS); #endif #endif /**************************************************** * * CLIENT/STANDALONE * ****************************************************/ #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) /* --- Initialize modules. --- */ TPT((0, FIL__, __LINE__, _("msg=\n"))) for (modnum = 0; modList[modnum].name != NULL; ++modnum) { status = modList[modnum].mod_init(&(modList[modnum])); if ( status < 0 ) { if (status == (-1)) { sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, status, MSG_MOD_FAIL, _(modList[modnum].name), status+SH_MOD_OFFSET); } else { sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_FAIL, _(modList[modnum].name), status+SH_MOD_OFFSET); } modList[modnum].initval = SH_MOD_FAILED; } else { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, _(modList[modnum].name)); modList[modnum].initval = status; } } /* -------- TEST SETUP --------- */ (void) sh_files_setrec(); (void) sh_files_test_setup(); sh_audit_commit (); /* -------- NICE LEVEL --------- */ if (0 != sh.flag.nice) { #ifdef HAVE_SETPRIORITY /*@-unrecog@*/ (void) setpriority(PRIO_PROCESS, 0, sh.flag.nice); /*@+unrecog@*/ #else (void) nice(sh.flag.nice); #endif } /* -------- MAIN LOOP --------- */ sh.statistics.bytes_speed = 0; sh.statistics.bytes_hashed = 0; sh.statistics.files_report = 0; sh.statistics.files_error = 0; sh.statistics.files_nodir = 0; while (1 == 1) { ++cct; BREAKEXIT(sh_error_handle); TPT((0, FIL__, __LINE__, _("msg=, iter=<%ld>\n"), cct)) tcurrent = time (NULL); if (sig_raised > 0) { TPT((0, FIL__, __LINE__, _("msg=\n"))) if (sig_termfast == 1) /* SIGTERM */ { TPT((0, FIL__, __LINE__, _("msg=\n"))); /* strncpy (sh_sig_msg, _("SIGTERM"), 20); */ --sig_raised; --sig_urgent; aud_exit (FIL__, __LINE__, EXIT_SUCCESS); } if (sig_force_check == 1) /* SIGTTOU */ { TPT((0, FIL__, __LINE__, _("msg=\n"))); flag_check_1 = 1; flag_check_2 = 1; sig_force_check = 0; --sig_raised; } if (sig_config_read_again == 1 && /* SIGHUP */ sh_global_suspend_flag == 0) { TPT((0, FIL__, __LINE__, _("msg=\n"))) sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_RECONF); sh_thread_pause_flag = S_TRUE; #if defined(WITH_EXTERNAL) /* delete list of external tasks */ (void) sh_ext_cleanup(); #endif #if defined(SH_WITH_MAIL) sh_nmail_free(); #endif /* delete the file list, make all database * entries visible (allignore = FALSE) */ (void) sh_files_deldirstack (); (void) sh_files_delfilestack (); (void) sh_files_delglobstack (); (void) sh_ignore_clean (); (void) hash_full_tree (); sh_audit_delete_all (); #if defined(SH_WITH_CLIENT) reset_count_dev_server(); #endif #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) sh_restrict_purge (); FileSchedOne = free_sched(FileSchedOne); FileSchedTwo = free_sched(FileSchedTwo); for (modnum = 0; modList[modnum].name != NULL; ++modnum) { /* sh_thread_pause_flag is true, and we block in lock * until check has returned, so we are sure check will * not run until sh_thread_pause_flag is set to false */ /* if (modList[modnum].initval >= SH_MOD_ACTIVE) */ (void) modList[modnum].mod_reconf(); } #endif reset_count_dev_console(); reset_count_dev_time(); (void) sh_unix_maskreset(); /* Should this be included ??? * (i.e. should we reload the database ?) */ #ifdef RELOAD_DATABASE sh_hash_hashdelete(); if (0 != sl_strcmp(file_path('D', 'R'), _("REQ_FROM_SERVER"))) { char hashbuf[KEYBUF_SIZE]; (void) sl_strlcpy(sh.data.hash, sh_tiger_hash (file_path('D', 'R'), TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } #endif (void) sl_trust_purge_user(); (void) sh_files_hle_reg (NULL); (void) sh_prelink_run (NULL, NULL, 0); /* -------------------------- * --- READ CONFIGURATION --- * -------------------------- */ (void) sh_readconf_read (); sig_config_read_again = 0; (void) sh_files_setrec(); (void) sh_files_test_setup(); sh_audit_commit (); if (0 != sh.flag.nice) { #ifdef HAVE_SETPRIORITY setpriority(PRIO_PROCESS, 0, sh.flag.nice); #else nice(sh.flag.nice); #endif } if (sh.flag.checkSum == SH_CHECK_INIT) { sh.flag.isdaemon = S_FALSE; sh.flag.loop = S_FALSE; } /* --- Initialize modules. --- */ TPT((0, FIL__, __LINE__, _("msg=\n"))); for (modnum = 0; modList[modnum].name != NULL; ++modnum) { status = modList[modnum].mod_init(&(modList[modnum])); if (status < 0) { if (status == (-1)) { sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, status, MSG_MOD_FAIL, _(modList[modnum].name), status+SH_MOD_OFFSET); } else { sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_FAIL, _(modList[modnum].name), status+SH_MOD_OFFSET); } modList[modnum].initval = SH_MOD_FAILED; } else { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, _(modList[modnum].name)); modList[modnum].initval = status; } } /* module is properly set up now */ sh_thread_pause_flag = S_FALSE; --sig_raised; } if (sig_fresh_trail == 1) /* SIGIOT */ { if (sh_global_suspend_flag == 0) { SH_MUTEX_LOCK(mutex_thread_nolog); /* Logfile access */ #ifdef SH_USE_XML (void) sh_log_file (NULL, NULL); #endif TPT((0, FIL__, __LINE__, _("msg=\n"))); sh_error_only_stderr (S_TRUE); (void) sh_unix_rm_lock_file(sh.srvlog.name); (void) retry_msleep(3, 0); sh.flag.log_start = S_TRUE; sh_error_only_stderr (S_FALSE); sh_thread_pause_flag = S_FALSE; sig_fresh_trail = 0; --sig_raised; SH_MUTEX_UNLOCK(mutex_thread_nolog); } } if (sig_terminate == 1) /* SIGQUIT */ { TPT((0, FIL__, __LINE__, _("msg=\n"))); strncpy (sh_sig_msg, _("Quit"), 20); --sig_raised; --sig_urgent; aud_exit (FIL__, __LINE__, EXIT_SUCCESS); } if (sig_debug_switch == 1) /* SIGUSR1 */ { TPT((0, FIL__, __LINE__, _("msg=\n"))); sh_error_dbg_switch(); sig_debug_switch = 0; --sig_raised; } if (sig_suspend_switch > 0) /* SIGUSR2 */ { TPT((0, FIL__, __LINE__, _("msg=\n"))); if (sh_global_suspend_flag != 1) { SH_MUTEX_LOCK_UNSAFE(mutex_thread_nolog); sh_global_suspend_flag = 1; sh_error_handle((-1), FIL__, __LINE__, 0, MSG_SUSPEND, sh.prg_name); } else { sh_global_suspend_flag = 0; SH_MUTEX_UNLOCK_UNSAFE(mutex_thread_nolog); } --sig_suspend_switch; --sig_raised; --sig_urgent; } sig_raised = (sig_raised < 0) ? 0 : sig_raised; sig_urgent = (sig_urgent < 0) ? 0 : sig_urgent; TPT((0, FIL__, __LINE__, _("msg=\n"))); } if (sh_global_suspend_flag == 1) { (void) retry_msleep (1, 0); continue; } /* see whether its time to check files */ if (sh.flag.checkSum == SH_CHECK_INIT || (sh.flag.inotify & SH_INOTIFY_DOSCAN) != 0 || (sh.flag.checkSum == SH_CHECK_CHECK && (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE))) { flag_check_1 = 1; if (FileSchedTwo != NULL) flag_check_2 = 1; } else if (sh.flag.checkSum == SH_CHECK_CHECK || (sh.flag.update == S_TRUE && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE))) { if (FileSchedOne == NULL) { /* use interval if we have no schedule */ if (tcurrent - sh.fileCheck.alarm_last >= sh.fileCheck.alarm_interval) flag_check_1 = 1; } else { flag_check_1 = test_sched(FileSchedOne); if (FileSchedTwo != NULL) flag_check_2 = test_sched(FileSchedTwo); if (flag_check_2 == 1) flag_check_1 = 1; } } check_done = 0; if (sh.flag.checkSum != SH_CHECK_NONE && (flag_check_1 == 1 || flag_check_2 == 1)) { SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_INSCAN; ); /* Refresh list files matching glob patterns. */ if (sh.flag.checkSum != SH_CHECK_INIT) sh_files_check_globPatterns(); /* * check directories and files * ORDER IS IMPORTANT -- DIRZ FIRST */ sh.statistics.bytes_hashed = 0; sh.statistics.time_start = time (NULL); sh.statistics.dirs_checked = 0; sh.statistics.files_checked = 0; sh.statistics.files_report = 0; sh.statistics.files_error = 0; sh.statistics.files_nodir = 0; TPT((0, FIL__, __LINE__, _("msg=\n"))) BREAKEXIT(sh_dirs_chk); if (flag_check_1 == 1) { (void) sh_dirs_chk (1); #ifndef SH_PROFILE (void) retry_aud_chdir (FIL__, __LINE__, "/"); #endif } if (flag_check_2 == 1) { (void) sh_dirs_chk (2); #ifndef SH_PROFILE (void) retry_aud_chdir (FIL__, __LINE__, "/"); #endif } TPT((0, FIL__, __LINE__, _("msg=\n"))) BREAKEXIT(sh_files_chk); if (flag_check_1 == 1) (void) sh_files_chk (); if (sig_urgent > 0) continue; /* * check for files not visited */ if (flag_check_2 == 1 || FileSchedTwo == NULL) { TPT((0, FIL__, __LINE__, _("msg=\n"))) sh_hash_unvisited (ShDFLevel[SH_ERR_T_FILE]); } if (sig_urgent > 0) continue; /* reset */ TPT((0, FIL__, __LINE__, _("msg=\n"))) sh_dirs_reset (); if (sig_urgent > 0) continue; sh_files_reset (); flag_check_1 = 0; flag_check_2 = 0; check_done = 1; SH_INOTIFY_IFUSED( sh.flag.inotify &= ~SH_INOTIFY_INSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify &= ~SH_INOTIFY_DOSCAN; ); (void) sh_prelink_run (NULL, NULL, 0); if (sig_urgent > 0) continue; runtim = time(NULL) - sh.statistics.time_start; sh.statistics.time_check = runtim; if ((sh.statistics.dirs_checked == 0) && (sh.statistics.files_checked == 0)) sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_0); else { st_1 = (float) sh.statistics.bytes_hashed; st_2 = (float) runtim; if (st_1 > FLT_EPSILON && st_2 > FLT_EPSILON) st_1 = st_1/st_2; else if (st_1 > FLT_EPSILON) st_1 = (float) (st_1 * 1.0); else st_1 = 0.0; sh.statistics.bytes_speed = (unsigned long) st_1; sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_CHECK_1, (long) runtim, 0.001 * st_1); if (sh.flag.checkSum != SH_CHECK_INIT) sh_efile_report(); } sh.fileCheck.alarm_last = time (NULL); if (sig_urgent > 0) continue; /* * flush mail queue */ #if defined(SH_WITH_MAIL) TPT((0, FIL__, __LINE__, _("msg=\n"))) (void) sh_nmail_flush (); #endif } if (sig_urgent > 0) continue; /* execute modules */ TPT((0, FIL__, __LINE__, _("msg=\n"))) for (modnum = 0; modList[modnum].name != NULL; ++modnum) { if (modList[modnum].initval == SH_MOD_ACTIVE && 0 != modList[modnum].mod_timer(tcurrent)) if (0 != (status = modList[modnum].mod_check())) sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_EXEC, _(modList[modnum].name), (long) (status+SH_MOD_OFFSET)); } /* 27.05.2002 avoid empty database * 22.10.2002 moved here b/o suid check initialization */ if (sh.flag.checkSum == SH_CHECK_INIT) sh_hash_pushdata (NULL, NULL); /* write out database */ if (sh.flag.checkSum == SH_CHECK_CHECK && sh.flag.update == S_TRUE && check_done == 1) sh_hash_writeout (); /* no-op unless MEM_LOG is defined in sh_mem.c */ #ifdef MEM_DEBUG sh_mem_dump (); #endif { char * stale; stale = sl_check_stale(); if (stale) { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, stale, _("sl_check_stale")); } stale = sl_check_badfd(); if (stale) { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, stale, _("sl_check_stale")); } } /* no loop if not daemon */ if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) break; if (sig_urgent > 0) continue; /* see whether its time to send mail */ #if defined(SH_WITH_MAIL) if (tcurrent - sh.mailTime.alarm_last >= sh.mailTime.alarm_interval) { TPT((0, FIL__, __LINE__, _("msg=\n"))) (void) sh_nmail_flush (); sh.mailTime.alarm_last = time (NULL); } #endif if (sig_urgent > 0) continue; /* log the timestamp */ if ((int)(tcurrent - told) >= sh.looptime ) { TPT((0, FIL__, __LINE__, _("msg=\n"))) told = tcurrent; #ifdef MEM_DEBUG sh_mem_check(); sh_unix_count_mlock(); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_STAMP); #endif } /* seed / re-seed the PRNG if required */ (void) taus_seed(); if (sig_urgent > 0) continue; /* reset cache */ sh_userid_destroy(); /* go to sleep */ (void) retry_msleep (1, 0); BREAKEXIT(sh_derr); (void) sh_derr(); } /* ------ END ----------- */ /* * cleanup */ TPT((0, FIL__, __LINE__, _("msg=\n"))); sh_hash_hashdelete(); #if defined(SH_WITH_MAIL) if (sh.mailNum.alarm_last > 0) (void)sh_nmail_flush (); #endif /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ #endif #if 0 { char command[128]; sprintf(command, "/bin/cat /proc/%d/status", (int) getpid()); system(command); /* flawfinder: ignore *//* debug code */ malloc_stats(); } #endif aud_exit (FIL__, __LINE__, EXIT_SUCCESS); SL_RETURN(0, _("main")); } samhain-3.1.0/src/cutest_sh_unix.c0000644000175000017500000001115111226102724014047 00000000000000 #include "config_xor.h" #include #include "CuTest.h" #include "samhain.h" #include "sh_unix.h" int malloc_count = 0; void Test_dnmalloc (CuTest *tc) { const int nalloc = 64 /* original dnmalloc 1.0-beta5 fails for >= 45 */; int j, i; int sum; int i_malloc = malloc_count; char * buf; char * area[256]; /* test reuse of last freed chunk */ buf = malloc(1024); CuAssertPtrNotNull(tc, buf); free(buf); area[0] = malloc(1024); CuAssertTrue(tc, buf == area[0]); free(area[0]); /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); strcpy(buf, "testing realloc"); buf = realloc(buf, 32); strcat(buf, "testing realloc"); CuAssertStrEquals(tc, "testing realloctesting realloc", buf); i_malloc = malloc_count; for (j = 0; j < 64; ++j) { buf = malloc((j+1) * 1024); CuAssertPtrNotNull(tc, buf); #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, (i_malloc + 1)); #endif free(buf); #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, i_malloc); #endif } /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); strcpy(buf, "testing realloc"); buf = realloc(buf, 32); strcat(buf, "testing realloc"); CuAssertStrEquals(tc, "testing realloctesting realloc", buf); i_malloc = malloc_count; for (j = 0; j < 64; ++j) { buf = calloc(1, (j+1) * 1024); CuAssertPtrNotNull(tc, buf); #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, (i_malloc + 1)); #endif sum = 0; for (i = 0; i < ((j+1) * 1024); ++i) sum += buf[i]; CuAssertIntEquals (tc, 0, sum); free(buf); #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, i_malloc); #endif } /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); strcpy(buf, "testing realloc"); buf = realloc(buf, 32); strcat(buf, "testing realloc"); CuAssertStrEquals(tc, "testing realloctesting realloc", buf); for (j = 0; j < nalloc; ++j) { area[j] = malloc((j+1) * 1024); CuAssertPtrNotNull(tc, area[j]); #ifndef USE_SYSTEM_MALLOC /* CuAssertIntEquals (tc, malloc_count, (i_malloc + (j+1))); */ #endif memset(area[j], (unsigned char) ('a'+1), (j+1) * 1024); } i_malloc = malloc_count; for (j = 0; j < nalloc; ++j) { sum = 0; for (i = 0; i < ((j+1) * 1024); ++i) sum += area[j][i]; CuAssertIntEquals (tc, sum, ((j+1) * 1024 * ((unsigned char) ('a'+1)))); free(area[j]); #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, i_malloc - (j+1)); #endif } /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); strcpy(buf, "testing realloc"); buf = realloc(buf, 32); strcat(buf, "testing realloc"); CuAssertStrEquals(tc, "testing realloctesting realloc", buf); for (j = 0; j < 32; ++j) { i_malloc = malloc_count; buf = malloc((j+1) * 1024 * 1024); CuAssertPtrNotNull(tc, buf); for (i = 0; i < 32; ++i) { area[i] = malloc((i+1) * 1024); CuAssertPtrNotNull(tc, area[i]); } free(buf); for (i = 0; i < 32; ++i) { free(area[i]); } #ifndef USE_SYSTEM_MALLOC CuAssertIntEquals (tc, malloc_count, i_malloc); #endif } /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); strcpy(buf, "testing realloc"); buf = realloc(buf, 32); strcat(buf, "testing realloc"); CuAssertStrEquals(tc, "testing realloctesting realloc", buf); } void Test_sh_unix_lookup_page (CuTest *tc) { long pagesize = sh_unix_pagesize(); unsigned long base; int num_pages; CuAssert (tc, "pagesize > 0", (pagesize > 0)); /* base = sh_unix_lookup_page(in_addr, len, *num_pages); */ base = sh_unix_lookup_page(0, pagesize, &num_pages); CuAssert (tc, "base == 0", (base == 0)); CuAssertIntEquals (tc, num_pages, 1); base = sh_unix_lookup_page(0, pagesize+1, &num_pages); CuAssert (tc, "base == 0", (base == 0)); CuAssertIntEquals (tc, num_pages, 2); base = sh_unix_lookup_page((void*)pagesize, pagesize, &num_pages); CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); CuAssertIntEquals (tc, num_pages, 1); base = sh_unix_lookup_page((void*)pagesize, pagesize+1, &num_pages); CuAssert (tc, "base == 0", (base == (unsigned int)pagesize)); CuAssertIntEquals (tc, num_pages, 2); base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+1, &num_pages); CuAssert (tc, "base == 0", (base == 0)); CuAssertIntEquals (tc, num_pages, 2); base = sh_unix_lookup_page((void*)(pagesize-1), pagesize+2, &num_pages); CuAssert (tc, "base == 0", (base == 0)); CuAssertIntEquals (tc, num_pages, 3); } samhain-3.1.0/src/sh_tiger2_64.c0000644000175000017500000011725211263370661013223 00000000000000/* Tiger: A Fast New Hash Function * * Ross Anderson and Eli Biham * * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): * * Tiger has no usage restrictions nor patents. It can be used freely, * with the reference implementation, with other implementations or with * a modification to the reference implementation (as long as it still * implements Tiger). We only ask you to let us know about your * implementation and to cite the origin of Tiger and of the reference * implementation. * * * The authors' home pages can be found both in * http://www.cs.technion.ac.il/~biham/ and in * http://www.cl.cam.ac.uk/users/rja14/. * The authors' email addresses are biham@cs.technion.ac.il * and rja14@cl.cam.ac.uk. */ #include "config_xor.h" #if defined(TIGER_64_BIT) /* #if defined(HAVE_LONG_64) || defined(HAVE_LONG_LONG_64) */ /*@-type@*/ /* sboxes.c: Tiger S boxes */ #if defined(HAVE_LONG_64) typedef unsigned long int word64; #elif defined(HAVE_LONG_LONG_64) typedef unsigned long long int word64; #else #error No 64 bit type found ! #endif word64 tiger_table[4*256] = { 0x02AAB17CF7E90C5ELL /* 0 */, 0xAC424B03E243A8ECLL /* 1 */, 0x72CD5BE30DD5FCD3LL /* 2 */, 0x6D019B93F6F97F3ALL /* 3 */, 0xCD9978FFD21F9193LL /* 4 */, 0x7573A1C9708029E2LL /* 5 */, 0xB164326B922A83C3LL /* 6 */, 0x46883EEE04915870LL /* 7 */, 0xEAACE3057103ECE6LL /* 8 */, 0xC54169B808A3535CLL /* 9 */, 0x4CE754918DDEC47CLL /* 10 */, 0x0AA2F4DFDC0DF40CLL /* 11 */, 0x10B76F18A74DBEFALL /* 12 */, 0xC6CCB6235AD1AB6ALL /* 13 */, 0x13726121572FE2FFLL /* 14 */, 0x1A488C6F199D921ELL /* 15 */, 0x4BC9F9F4DA0007CALL /* 16 */, 0x26F5E6F6E85241C7LL /* 17 */, 0x859079DBEA5947B6LL /* 18 */, 0x4F1885C5C99E8C92LL /* 19 */, 0xD78E761EA96F864BLL /* 20 */, 0x8E36428C52B5C17DLL /* 21 */, 0x69CF6827373063C1LL /* 22 */, 0xB607C93D9BB4C56ELL /* 23 */, 0x7D820E760E76B5EALL /* 24 */, 0x645C9CC6F07FDC42LL /* 25 */, 0xBF38A078243342E0LL /* 26 */, 0x5F6B343C9D2E7D04LL /* 27 */, 0xF2C28AEB600B0EC6LL /* 28 */, 0x6C0ED85F7254BCACLL /* 29 */, 0x71592281A4DB4FE5LL /* 30 */, 0x1967FA69CE0FED9FLL /* 31 */, 0xFD5293F8B96545DBLL /* 32 */, 0xC879E9D7F2A7600BLL /* 33 */, 0x860248920193194ELL /* 34 */, 0xA4F9533B2D9CC0B3LL /* 35 */, 0x9053836C15957613LL /* 36 */, 0xDB6DCF8AFC357BF1LL /* 37 */, 0x18BEEA7A7A370F57LL /* 38 */, 0x037117CA50B99066LL /* 39 */, 0x6AB30A9774424A35LL /* 40 */, 0xF4E92F02E325249BLL /* 41 */, 0x7739DB07061CCAE1LL /* 42 */, 0xD8F3B49CECA42A05LL /* 43 */, 0xBD56BE3F51382F73LL /* 44 */, 0x45FAED5843B0BB28LL /* 45 */, 0x1C813D5C11BF1F83LL /* 46 */, 0x8AF0E4B6D75FA169LL /* 47 */, 0x33EE18A487AD9999LL /* 48 */, 0x3C26E8EAB1C94410LL /* 49 */, 0xB510102BC0A822F9LL /* 50 */, 0x141EEF310CE6123BLL /* 51 */, 0xFC65B90059DDB154LL /* 52 */, 0xE0158640C5E0E607LL /* 53 */, 0x884E079826C3A3CFLL /* 54 */, 0x930D0D9523C535FDLL /* 55 */, 0x35638D754E9A2B00LL /* 56 */, 0x4085FCCF40469DD5LL /* 57 */, 0xC4B17AD28BE23A4CLL /* 58 */, 0xCAB2F0FC6A3E6A2ELL /* 59 */, 0x2860971A6B943FCDLL /* 60 */, 0x3DDE6EE212E30446LL /* 61 */, 0x6222F32AE01765AELL /* 62 */, 0x5D550BB5478308FELL /* 63 */, 0xA9EFA98DA0EDA22ALL /* 64 */, 0xC351A71686C40DA7LL /* 65 */, 0x1105586D9C867C84LL /* 66 */, 0xDCFFEE85FDA22853LL /* 67 */, 0xCCFBD0262C5EEF76LL /* 68 */, 0xBAF294CB8990D201LL /* 69 */, 0xE69464F52AFAD975LL /* 70 */, 0x94B013AFDF133E14LL /* 71 */, 0x06A7D1A32823C958LL /* 72 */, 0x6F95FE5130F61119LL /* 73 */, 0xD92AB34E462C06C0LL /* 74 */, 0xED7BDE33887C71D2LL /* 75 */, 0x79746D6E6518393ELL /* 76 */, 0x5BA419385D713329LL /* 77 */, 0x7C1BA6B948A97564LL /* 78 */, 0x31987C197BFDAC67LL /* 79 */, 0xDE6C23C44B053D02LL /* 80 */, 0x581C49FED002D64DLL /* 81 */, 0xDD474D6338261571LL /* 82 */, 0xAA4546C3E473D062LL /* 83 */, 0x928FCE349455F860LL /* 84 */, 0x48161BBACAAB94D9LL /* 85 */, 0x63912430770E6F68LL /* 86 */, 0x6EC8A5E602C6641CLL /* 87 */, 0x87282515337DDD2BLL /* 88 */, 0x2CDA6B42034B701BLL /* 89 */, 0xB03D37C181CB096DLL /* 90 */, 0xE108438266C71C6FLL /* 91 */, 0x2B3180C7EB51B255LL /* 92 */, 0xDF92B82F96C08BBCLL /* 93 */, 0x5C68C8C0A632F3BALL /* 94 */, 0x5504CC861C3D0556LL /* 95 */, 0xABBFA4E55FB26B8FLL /* 96 */, 0x41848B0AB3BACEB4LL /* 97 */, 0xB334A273AA445D32LL /* 98 */, 0xBCA696F0A85AD881LL /* 99 */, 0x24F6EC65B528D56CLL /* 100 */, 0x0CE1512E90F4524ALL /* 101 */, 0x4E9DD79D5506D35ALL /* 102 */, 0x258905FAC6CE9779LL /* 103 */, 0x2019295B3E109B33LL /* 104 */, 0xF8A9478B73A054CCLL /* 105 */, 0x2924F2F934417EB0LL /* 106 */, 0x3993357D536D1BC4LL /* 107 */, 0x38A81AC21DB6FF8BLL /* 108 */, 0x47C4FBF17D6016BFLL /* 109 */, 0x1E0FAADD7667E3F5LL /* 110 */, 0x7ABCFF62938BEB96LL /* 111 */, 0xA78DAD948FC179C9LL /* 112 */, 0x8F1F98B72911E50DLL /* 113 */, 0x61E48EAE27121A91LL /* 114 */, 0x4D62F7AD31859808LL /* 115 */, 0xECEBA345EF5CEAEBLL /* 116 */, 0xF5CEB25EBC9684CELL /* 117 */, 0xF633E20CB7F76221LL /* 118 */, 0xA32CDF06AB8293E4LL /* 119 */, 0x985A202CA5EE2CA4LL /* 120 */, 0xCF0B8447CC8A8FB1LL /* 121 */, 0x9F765244979859A3LL /* 122 */, 0xA8D516B1A1240017LL /* 123 */, 0x0BD7BA3EBB5DC726LL /* 124 */, 0xE54BCA55B86ADB39LL /* 125 */, 0x1D7A3AFD6C478063LL /* 126 */, 0x519EC608E7669EDDLL /* 127 */, 0x0E5715A2D149AA23LL /* 128 */, 0x177D4571848FF194LL /* 129 */, 0xEEB55F3241014C22LL /* 130 */, 0x0F5E5CA13A6E2EC2LL /* 131 */, 0x8029927B75F5C361LL /* 132 */, 0xAD139FABC3D6E436LL /* 133 */, 0x0D5DF1A94CCF402FLL /* 134 */, 0x3E8BD948BEA5DFC8LL /* 135 */, 0xA5A0D357BD3FF77ELL /* 136 */, 0xA2D12E251F74F645LL /* 137 */, 0x66FD9E525E81A082LL /* 138 */, 0x2E0C90CE7F687A49LL /* 139 */, 0xC2E8BCBEBA973BC5LL /* 140 */, 0x000001BCE509745FLL /* 141 */, 0x423777BBE6DAB3D6LL /* 142 */, 0xD1661C7EAEF06EB5LL /* 143 */, 0xA1781F354DAACFD8LL /* 144 */, 0x2D11284A2B16AFFCLL /* 145 */, 0xF1FC4F67FA891D1FLL /* 146 */, 0x73ECC25DCB920ADALL /* 147 */, 0xAE610C22C2A12651LL /* 148 */, 0x96E0A810D356B78ALL /* 149 */, 0x5A9A381F2FE7870FLL /* 150 */, 0xD5AD62EDE94E5530LL /* 151 */, 0xD225E5E8368D1427LL /* 152 */, 0x65977B70C7AF4631LL /* 153 */, 0x99F889B2DE39D74FLL /* 154 */, 0x233F30BF54E1D143LL /* 155 */, 0x9A9675D3D9A63C97LL /* 156 */, 0x5470554FF334F9A8LL /* 157 */, 0x166ACB744A4F5688LL /* 158 */, 0x70C74CAAB2E4AEADLL /* 159 */, 0xF0D091646F294D12LL /* 160 */, 0x57B82A89684031D1LL /* 161 */, 0xEFD95A5A61BE0B6BLL /* 162 */, 0x2FBD12E969F2F29ALL /* 163 */, 0x9BD37013FEFF9FE8LL /* 164 */, 0x3F9B0404D6085A06LL /* 165 */, 0x4940C1F3166CFE15LL /* 166 */, 0x09542C4DCDF3DEFBLL /* 167 */, 0xB4C5218385CD5CE3LL /* 168 */, 0xC935B7DC4462A641LL /* 169 */, 0x3417F8A68ED3B63FLL /* 170 */, 0xB80959295B215B40LL /* 171 */, 0xF99CDAEF3B8C8572LL /* 172 */, 0x018C0614F8FCB95DLL /* 173 */, 0x1B14ACCD1A3ACDF3LL /* 174 */, 0x84D471F200BB732DLL /* 175 */, 0xC1A3110E95E8DA16LL /* 176 */, 0x430A7220BF1A82B8LL /* 177 */, 0xB77E090D39DF210ELL /* 178 */, 0x5EF4BD9F3CD05E9DLL /* 179 */, 0x9D4FF6DA7E57A444LL /* 180 */, 0xDA1D60E183D4A5F8LL /* 181 */, 0xB287C38417998E47LL /* 182 */, 0xFE3EDC121BB31886LL /* 183 */, 0xC7FE3CCC980CCBEFLL /* 184 */, 0xE46FB590189BFD03LL /* 185 */, 0x3732FD469A4C57DCLL /* 186 */, 0x7EF700A07CF1AD65LL /* 187 */, 0x59C64468A31D8859LL /* 188 */, 0x762FB0B4D45B61F6LL /* 189 */, 0x155BAED099047718LL /* 190 */, 0x68755E4C3D50BAA6LL /* 191 */, 0xE9214E7F22D8B4DFLL /* 192 */, 0x2ADDBF532EAC95F4LL /* 193 */, 0x32AE3909B4BD0109LL /* 194 */, 0x834DF537B08E3450LL /* 195 */, 0xFA209DA84220728DLL /* 196 */, 0x9E691D9B9EFE23F7LL /* 197 */, 0x0446D288C4AE8D7FLL /* 198 */, 0x7B4CC524E169785BLL /* 199 */, 0x21D87F0135CA1385LL /* 200 */, 0xCEBB400F137B8AA5LL /* 201 */, 0x272E2B66580796BELL /* 202 */, 0x3612264125C2B0DELL /* 203 */, 0x057702BDAD1EFBB2LL /* 204 */, 0xD4BABB8EACF84BE9LL /* 205 */, 0x91583139641BC67BLL /* 206 */, 0x8BDC2DE08036E024LL /* 207 */, 0x603C8156F49F68EDLL /* 208 */, 0xF7D236F7DBEF5111LL /* 209 */, 0x9727C4598AD21E80LL /* 210 */, 0xA08A0896670A5FD7LL /* 211 */, 0xCB4A8F4309EBA9CBLL /* 212 */, 0x81AF564B0F7036A1LL /* 213 */, 0xC0B99AA778199ABDLL /* 214 */, 0x959F1EC83FC8E952LL /* 215 */, 0x8C505077794A81B9LL /* 216 */, 0x3ACAAF8F056338F0LL /* 217 */, 0x07B43F50627A6778LL /* 218 */, 0x4A44AB49F5ECCC77LL /* 219 */, 0x3BC3D6E4B679EE98LL /* 220 */, 0x9CC0D4D1CF14108CLL /* 221 */, 0x4406C00B206BC8A0LL /* 222 */, 0x82A18854C8D72D89LL /* 223 */, 0x67E366B35C3C432CLL /* 224 */, 0xB923DD61102B37F2LL /* 225 */, 0x56AB2779D884271DLL /* 226 */, 0xBE83E1B0FF1525AFLL /* 227 */, 0xFB7C65D4217E49A9LL /* 228 */, 0x6BDBE0E76D48E7D4LL /* 229 */, 0x08DF828745D9179ELL /* 230 */, 0x22EA6A9ADD53BD34LL /* 231 */, 0xE36E141C5622200ALL /* 232 */, 0x7F805D1B8CB750EELL /* 233 */, 0xAFE5C7A59F58E837LL /* 234 */, 0xE27F996A4FB1C23CLL /* 235 */, 0xD3867DFB0775F0D0LL /* 236 */, 0xD0E673DE6E88891ALL /* 237 */, 0x123AEB9EAFB86C25LL /* 238 */, 0x30F1D5D5C145B895LL /* 239 */, 0xBB434A2DEE7269E7LL /* 240 */, 0x78CB67ECF931FA38LL /* 241 */, 0xF33B0372323BBF9CLL /* 242 */, 0x52D66336FB279C74LL /* 243 */, 0x505F33AC0AFB4EAALL /* 244 */, 0xE8A5CD99A2CCE187LL /* 245 */, 0x534974801E2D30BBLL /* 246 */, 0x8D2D5711D5876D90LL /* 247 */, 0x1F1A412891BC038ELL /* 248 */, 0xD6E2E71D82E56648LL /* 249 */, 0x74036C3A497732B7LL /* 250 */, 0x89B67ED96361F5ABLL /* 251 */, 0xFFED95D8F1EA02A2LL /* 252 */, 0xE72B3BD61464D43DLL /* 253 */, 0xA6300F170BDC4820LL /* 254 */, 0xEBC18760ED78A77ALL /* 255 */, 0xE6A6BE5A05A12138LL /* 256 */, 0xB5A122A5B4F87C98LL /* 257 */, 0x563C6089140B6990LL /* 258 */, 0x4C46CB2E391F5DD5LL /* 259 */, 0xD932ADDBC9B79434LL /* 260 */, 0x08EA70E42015AFF5LL /* 261 */, 0xD765A6673E478CF1LL /* 262 */, 0xC4FB757EAB278D99LL /* 263 */, 0xDF11C6862D6E0692LL /* 264 */, 0xDDEB84F10D7F3B16LL /* 265 */, 0x6F2EF604A665EA04LL /* 266 */, 0x4A8E0F0FF0E0DFB3LL /* 267 */, 0xA5EDEEF83DBCBA51LL /* 268 */, 0xFC4F0A2A0EA4371ELL /* 269 */, 0xE83E1DA85CB38429LL /* 270 */, 0xDC8FF882BA1B1CE2LL /* 271 */, 0xCD45505E8353E80DLL /* 272 */, 0x18D19A00D4DB0717LL /* 273 */, 0x34A0CFEDA5F38101LL /* 274 */, 0x0BE77E518887CAF2LL /* 275 */, 0x1E341438B3C45136LL /* 276 */, 0xE05797F49089CCF9LL /* 277 */, 0xFFD23F9DF2591D14LL /* 278 */, 0x543DDA228595C5CDLL /* 279 */, 0x661F81FD99052A33LL /* 280 */, 0x8736E641DB0F7B76LL /* 281 */, 0x15227725418E5307LL /* 282 */, 0xE25F7F46162EB2FALL /* 283 */, 0x48A8B2126C13D9FELL /* 284 */, 0xAFDC541792E76EEALL /* 285 */, 0x03D912BFC6D1898FLL /* 286 */, 0x31B1AAFA1B83F51BLL /* 287 */, 0xF1AC2796E42AB7D9LL /* 288 */, 0x40A3A7D7FCD2EBACLL /* 289 */, 0x1056136D0AFBBCC5LL /* 290 */, 0x7889E1DD9A6D0C85LL /* 291 */, 0xD33525782A7974AALL /* 292 */, 0xA7E25D09078AC09BLL /* 293 */, 0xBD4138B3EAC6EDD0LL /* 294 */, 0x920ABFBE71EB9E70LL /* 295 */, 0xA2A5D0F54FC2625CLL /* 296 */, 0xC054E36B0B1290A3LL /* 297 */, 0xF6DD59FF62FE932BLL /* 298 */, 0x3537354511A8AC7DLL /* 299 */, 0xCA845E9172FADCD4LL /* 300 */, 0x84F82B60329D20DCLL /* 301 */, 0x79C62CE1CD672F18LL /* 302 */, 0x8B09A2ADD124642CLL /* 303 */, 0xD0C1E96A19D9E726LL /* 304 */, 0x5A786A9B4BA9500CLL /* 305 */, 0x0E020336634C43F3LL /* 306 */, 0xC17B474AEB66D822LL /* 307 */, 0x6A731AE3EC9BAAC2LL /* 308 */, 0x8226667AE0840258LL /* 309 */, 0x67D4567691CAECA5LL /* 310 */, 0x1D94155C4875ADB5LL /* 311 */, 0x6D00FD985B813FDFLL /* 312 */, 0x51286EFCB774CD06LL /* 313 */, 0x5E8834471FA744AFLL /* 314 */, 0xF72CA0AEE761AE2ELL /* 315 */, 0xBE40E4CDAEE8E09ALL /* 316 */, 0xE9970BBB5118F665LL /* 317 */, 0x726E4BEB33DF1964LL /* 318 */, 0x703B000729199762LL /* 319 */, 0x4631D816F5EF30A7LL /* 320 */, 0xB880B5B51504A6BELL /* 321 */, 0x641793C37ED84B6CLL /* 322 */, 0x7B21ED77F6E97D96LL /* 323 */, 0x776306312EF96B73LL /* 324 */, 0xAE528948E86FF3F4LL /* 325 */, 0x53DBD7F286A3F8F8LL /* 326 */, 0x16CADCE74CFC1063LL /* 327 */, 0x005C19BDFA52C6DDLL /* 328 */, 0x68868F5D64D46AD3LL /* 329 */, 0x3A9D512CCF1E186ALL /* 330 */, 0x367E62C2385660AELL /* 331 */, 0xE359E7EA77DCB1D7LL /* 332 */, 0x526C0773749ABE6ELL /* 333 */, 0x735AE5F9D09F734BLL /* 334 */, 0x493FC7CC8A558BA8LL /* 335 */, 0xB0B9C1533041AB45LL /* 336 */, 0x321958BA470A59BDLL /* 337 */, 0x852DB00B5F46C393LL /* 338 */, 0x91209B2BD336B0E5LL /* 339 */, 0x6E604F7D659EF19FLL /* 340 */, 0xB99A8AE2782CCB24LL /* 341 */, 0xCCF52AB6C814C4C7LL /* 342 */, 0x4727D9AFBE11727BLL /* 343 */, 0x7E950D0C0121B34DLL /* 344 */, 0x756F435670AD471FLL /* 345 */, 0xF5ADD442615A6849LL /* 346 */, 0x4E87E09980B9957ALL /* 347 */, 0x2ACFA1DF50AEE355LL /* 348 */, 0xD898263AFD2FD556LL /* 349 */, 0xC8F4924DD80C8FD6LL /* 350 */, 0xCF99CA3D754A173ALL /* 351 */, 0xFE477BACAF91BF3CLL /* 352 */, 0xED5371F6D690C12DLL /* 353 */, 0x831A5C285E687094LL /* 354 */, 0xC5D3C90A3708A0A4LL /* 355 */, 0x0F7F903717D06580LL /* 356 */, 0x19F9BB13B8FDF27FLL /* 357 */, 0xB1BD6F1B4D502843LL /* 358 */, 0x1C761BA38FFF4012LL /* 359 */, 0x0D1530C4E2E21F3BLL /* 360 */, 0x8943CE69A7372C8ALL /* 361 */, 0xE5184E11FEB5CE66LL /* 362 */, 0x618BDB80BD736621LL /* 363 */, 0x7D29BAD68B574D0BLL /* 364 */, 0x81BB613E25E6FE5BLL /* 365 */, 0x071C9C10BC07913FLL /* 366 */, 0xC7BEEB7909AC2D97LL /* 367 */, 0xC3E58D353BC5D757LL /* 368 */, 0xEB017892F38F61E8LL /* 369 */, 0xD4EFFB9C9B1CC21ALL /* 370 */, 0x99727D26F494F7ABLL /* 371 */, 0xA3E063A2956B3E03LL /* 372 */, 0x9D4A8B9A4AA09C30LL /* 373 */, 0x3F6AB7D500090FB4LL /* 374 */, 0x9CC0F2A057268AC0LL /* 375 */, 0x3DEE9D2DEDBF42D1LL /* 376 */, 0x330F49C87960A972LL /* 377 */, 0xC6B2720287421B41LL /* 378 */, 0x0AC59EC07C00369CLL /* 379 */, 0xEF4EAC49CB353425LL /* 380 */, 0xF450244EEF0129D8LL /* 381 */, 0x8ACC46E5CAF4DEB6LL /* 382 */, 0x2FFEAB63989263F7LL /* 383 */, 0x8F7CB9FE5D7A4578LL /* 384 */, 0x5BD8F7644E634635LL /* 385 */, 0x427A7315BF2DC900LL /* 386 */, 0x17D0C4AA2125261CLL /* 387 */, 0x3992486C93518E50LL /* 388 */, 0xB4CBFEE0A2D7D4C3LL /* 389 */, 0x7C75D6202C5DDD8DLL /* 390 */, 0xDBC295D8E35B6C61LL /* 391 */, 0x60B369D302032B19LL /* 392 */, 0xCE42685FDCE44132LL /* 393 */, 0x06F3DDB9DDF65610LL /* 394 */, 0x8EA4D21DB5E148F0LL /* 395 */, 0x20B0FCE62FCD496FLL /* 396 */, 0x2C1B912358B0EE31LL /* 397 */, 0xB28317B818F5A308LL /* 398 */, 0xA89C1E189CA6D2CFLL /* 399 */, 0x0C6B18576AAADBC8LL /* 400 */, 0xB65DEAA91299FAE3LL /* 401 */, 0xFB2B794B7F1027E7LL /* 402 */, 0x04E4317F443B5BEBLL /* 403 */, 0x4B852D325939D0A6LL /* 404 */, 0xD5AE6BEEFB207FFCLL /* 405 */, 0x309682B281C7D374LL /* 406 */, 0xBAE309A194C3B475LL /* 407 */, 0x8CC3F97B13B49F05LL /* 408 */, 0x98A9422FF8293967LL /* 409 */, 0x244B16B01076FF7CLL /* 410 */, 0xF8BF571C663D67EELL /* 411 */, 0x1F0D6758EEE30DA1LL /* 412 */, 0xC9B611D97ADEB9B7LL /* 413 */, 0xB7AFD5887B6C57A2LL /* 414 */, 0x6290AE846B984FE1LL /* 415 */, 0x94DF4CDEACC1A5FDLL /* 416 */, 0x058A5BD1C5483AFFLL /* 417 */, 0x63166CC142BA3C37LL /* 418 */, 0x8DB8526EB2F76F40LL /* 419 */, 0xE10880036F0D6D4ELL /* 420 */, 0x9E0523C9971D311DLL /* 421 */, 0x45EC2824CC7CD691LL /* 422 */, 0x575B8359E62382C9LL /* 423 */, 0xFA9E400DC4889995LL /* 424 */, 0xD1823ECB45721568LL /* 425 */, 0xDAFD983B8206082FLL /* 426 */, 0xAA7D29082386A8CBLL /* 427 */, 0x269FCD4403B87588LL /* 428 */, 0x1B91F5F728BDD1E0LL /* 429 */, 0xE4669F39040201F6LL /* 430 */, 0x7A1D7C218CF04ADELL /* 431 */, 0x65623C29D79CE5CELL /* 432 */, 0x2368449096C00BB1LL /* 433 */, 0xAB9BF1879DA503BALL /* 434 */, 0xBC23ECB1A458058ELL /* 435 */, 0x9A58DF01BB401ECCLL /* 436 */, 0xA070E868A85F143DLL /* 437 */, 0x4FF188307DF2239ELL /* 438 */, 0x14D565B41A641183LL /* 439 */, 0xEE13337452701602LL /* 440 */, 0x950E3DCF3F285E09LL /* 441 */, 0x59930254B9C80953LL /* 442 */, 0x3BF299408930DA6DLL /* 443 */, 0xA955943F53691387LL /* 444 */, 0xA15EDECAA9CB8784LL /* 445 */, 0x29142127352BE9A0LL /* 446 */, 0x76F0371FFF4E7AFBLL /* 447 */, 0x0239F450274F2228LL /* 448 */, 0xBB073AF01D5E868BLL /* 449 */, 0xBFC80571C10E96C1LL /* 450 */, 0xD267088568222E23LL /* 451 */, 0x9671A3D48E80B5B0LL /* 452 */, 0x55B5D38AE193BB81LL /* 453 */, 0x693AE2D0A18B04B8LL /* 454 */, 0x5C48B4ECADD5335FLL /* 455 */, 0xFD743B194916A1CALL /* 456 */, 0x2577018134BE98C4LL /* 457 */, 0xE77987E83C54A4ADLL /* 458 */, 0x28E11014DA33E1B9LL /* 459 */, 0x270CC59E226AA213LL /* 460 */, 0x71495F756D1A5F60LL /* 461 */, 0x9BE853FB60AFEF77LL /* 462 */, 0xADC786A7F7443DBFLL /* 463 */, 0x0904456173B29A82LL /* 464 */, 0x58BC7A66C232BD5ELL /* 465 */, 0xF306558C673AC8B2LL /* 466 */, 0x41F639C6B6C9772ALL /* 467 */, 0x216DEFE99FDA35DALL /* 468 */, 0x11640CC71C7BE615LL /* 469 */, 0x93C43694565C5527LL /* 470 */, 0xEA038E6246777839LL /* 471 */, 0xF9ABF3CE5A3E2469LL /* 472 */, 0x741E768D0FD312D2LL /* 473 */, 0x0144B883CED652C6LL /* 474 */, 0xC20B5A5BA33F8552LL /* 475 */, 0x1AE69633C3435A9DLL /* 476 */, 0x97A28CA4088CFDECLL /* 477 */, 0x8824A43C1E96F420LL /* 478 */, 0x37612FA66EEEA746LL /* 479 */, 0x6B4CB165F9CF0E5ALL /* 480 */, 0x43AA1C06A0ABFB4ALL /* 481 */, 0x7F4DC26FF162796BLL /* 482 */, 0x6CBACC8E54ED9B0FLL /* 483 */, 0xA6B7FFEFD2BB253ELL /* 484 */, 0x2E25BC95B0A29D4FLL /* 485 */, 0x86D6A58BDEF1388CLL /* 486 */, 0xDED74AC576B6F054LL /* 487 */, 0x8030BDBC2B45805DLL /* 488 */, 0x3C81AF70E94D9289LL /* 489 */, 0x3EFF6DDA9E3100DBLL /* 490 */, 0xB38DC39FDFCC8847LL /* 491 */, 0x123885528D17B87ELL /* 492 */, 0xF2DA0ED240B1B642LL /* 493 */, 0x44CEFADCD54BF9A9LL /* 494 */, 0x1312200E433C7EE6LL /* 495 */, 0x9FFCC84F3A78C748LL /* 496 */, 0xF0CD1F72248576BBLL /* 497 */, 0xEC6974053638CFE4LL /* 498 */, 0x2BA7B67C0CEC4E4CLL /* 499 */, 0xAC2F4DF3E5CE32EDLL /* 500 */, 0xCB33D14326EA4C11LL /* 501 */, 0xA4E9044CC77E58BCLL /* 502 */, 0x5F513293D934FCEFLL /* 503 */, 0x5DC9645506E55444LL /* 504 */, 0x50DE418F317DE40ALL /* 505 */, 0x388CB31A69DDE259LL /* 506 */, 0x2DB4A83455820A86LL /* 507 */, 0x9010A91E84711AE9LL /* 508 */, 0x4DF7F0B7B1498371LL /* 509 */, 0xD62A2EABC0977179LL /* 510 */, 0x22FAC097AA8D5C0ELL /* 511 */, 0xF49FCC2FF1DAF39BLL /* 512 */, 0x487FD5C66FF29281LL /* 513 */, 0xE8A30667FCDCA83FLL /* 514 */, 0x2C9B4BE3D2FCCE63LL /* 515 */, 0xDA3FF74B93FBBBC2LL /* 516 */, 0x2FA165D2FE70BA66LL /* 517 */, 0xA103E279970E93D4LL /* 518 */, 0xBECDEC77B0E45E71LL /* 519 */, 0xCFB41E723985E497LL /* 520 */, 0xB70AAA025EF75017LL /* 521 */, 0xD42309F03840B8E0LL /* 522 */, 0x8EFC1AD035898579LL /* 523 */, 0x96C6920BE2B2ABC5LL /* 524 */, 0x66AF4163375A9172LL /* 525 */, 0x2174ABDCCA7127FBLL /* 526 */, 0xB33CCEA64A72FF41LL /* 527 */, 0xF04A4933083066A5LL /* 528 */, 0x8D970ACDD7289AF5LL /* 529 */, 0x8F96E8E031C8C25ELL /* 530 */, 0xF3FEC02276875D47LL /* 531 */, 0xEC7BF310056190DDLL /* 532 */, 0xF5ADB0AEBB0F1491LL /* 533 */, 0x9B50F8850FD58892LL /* 534 */, 0x4975488358B74DE8LL /* 535 */, 0xA3354FF691531C61LL /* 536 */, 0x0702BBE481D2C6EELL /* 537 */, 0x89FB24057DEDED98LL /* 538 */, 0xAC3075138596E902LL /* 539 */, 0x1D2D3580172772EDLL /* 540 */, 0xEB738FC28E6BC30DLL /* 541 */, 0x5854EF8F63044326LL /* 542 */, 0x9E5C52325ADD3BBELL /* 543 */, 0x90AA53CF325C4623LL /* 544 */, 0xC1D24D51349DD067LL /* 545 */, 0x2051CFEEA69EA624LL /* 546 */, 0x13220F0A862E7E4FLL /* 547 */, 0xCE39399404E04864LL /* 548 */, 0xD9C42CA47086FCB7LL /* 549 */, 0x685AD2238A03E7CCLL /* 550 */, 0x066484B2AB2FF1DBLL /* 551 */, 0xFE9D5D70EFBF79ECLL /* 552 */, 0x5B13B9DD9C481854LL /* 553 */, 0x15F0D475ED1509ADLL /* 554 */, 0x0BEBCD060EC79851LL /* 555 */, 0xD58C6791183AB7F8LL /* 556 */, 0xD1187C5052F3EEE4LL /* 557 */, 0xC95D1192E54E82FFLL /* 558 */, 0x86EEA14CB9AC6CA2LL /* 559 */, 0x3485BEB153677D5DLL /* 560 */, 0xDD191D781F8C492ALL /* 561 */, 0xF60866BAA784EBF9LL /* 562 */, 0x518F643BA2D08C74LL /* 563 */, 0x8852E956E1087C22LL /* 564 */, 0xA768CB8DC410AE8DLL /* 565 */, 0x38047726BFEC8E1ALL /* 566 */, 0xA67738B4CD3B45AALL /* 567 */, 0xAD16691CEC0DDE19LL /* 568 */, 0xC6D4319380462E07LL /* 569 */, 0xC5A5876D0BA61938LL /* 570 */, 0x16B9FA1FA58FD840LL /* 571 */, 0x188AB1173CA74F18LL /* 572 */, 0xABDA2F98C99C021FLL /* 573 */, 0x3E0580AB134AE816LL /* 574 */, 0x5F3B05B773645ABBLL /* 575 */, 0x2501A2BE5575F2F6LL /* 576 */, 0x1B2F74004E7E8BA9LL /* 577 */, 0x1CD7580371E8D953LL /* 578 */, 0x7F6ED89562764E30LL /* 579 */, 0xB15926FF596F003DLL /* 580 */, 0x9F65293DA8C5D6B9LL /* 581 */, 0x6ECEF04DD690F84CLL /* 582 */, 0x4782275FFF33AF88LL /* 583 */, 0xE41433083F820801LL /* 584 */, 0xFD0DFE409A1AF9B5LL /* 585 */, 0x4325A3342CDB396BLL /* 586 */, 0x8AE77E62B301B252LL /* 587 */, 0xC36F9E9F6655615ALL /* 588 */, 0x85455A2D92D32C09LL /* 589 */, 0xF2C7DEA949477485LL /* 590 */, 0x63CFB4C133A39EBALL /* 591 */, 0x83B040CC6EBC5462LL /* 592 */, 0x3B9454C8FDB326B0LL /* 593 */, 0x56F56A9E87FFD78CLL /* 594 */, 0x2DC2940D99F42BC6LL /* 595 */, 0x98F7DF096B096E2DLL /* 596 */, 0x19A6E01E3AD852BFLL /* 597 */, 0x42A99CCBDBD4B40BLL /* 598 */, 0xA59998AF45E9C559LL /* 599 */, 0x366295E807D93186LL /* 600 */, 0x6B48181BFAA1F773LL /* 601 */, 0x1FEC57E2157A0A1DLL /* 602 */, 0x4667446AF6201AD5LL /* 603 */, 0xE615EBCACFB0F075LL /* 604 */, 0xB8F31F4F68290778LL /* 605 */, 0x22713ED6CE22D11ELL /* 606 */, 0x3057C1A72EC3C93BLL /* 607 */, 0xCB46ACC37C3F1F2FLL /* 608 */, 0xDBB893FD02AAF50ELL /* 609 */, 0x331FD92E600B9FCFLL /* 610 */, 0xA498F96148EA3AD6LL /* 611 */, 0xA8D8426E8B6A83EALL /* 612 */, 0xA089B274B7735CDCLL /* 613 */, 0x87F6B3731E524A11LL /* 614 */, 0x118808E5CBC96749LL /* 615 */, 0x9906E4C7B19BD394LL /* 616 */, 0xAFED7F7E9B24A20CLL /* 617 */, 0x6509EADEEB3644A7LL /* 618 */, 0x6C1EF1D3E8EF0EDELL /* 619 */, 0xB9C97D43E9798FB4LL /* 620 */, 0xA2F2D784740C28A3LL /* 621 */, 0x7B8496476197566FLL /* 622 */, 0x7A5BE3E6B65F069DLL /* 623 */, 0xF96330ED78BE6F10LL /* 624 */, 0xEEE60DE77A076A15LL /* 625 */, 0x2B4BEE4AA08B9BD0LL /* 626 */, 0x6A56A63EC7B8894ELL /* 627 */, 0x02121359BA34FEF4LL /* 628 */, 0x4CBF99F8283703FCLL /* 629 */, 0x398071350CAF30C8LL /* 630 */, 0xD0A77A89F017687ALL /* 631 */, 0xF1C1A9EB9E423569LL /* 632 */, 0x8C7976282DEE8199LL /* 633 */, 0x5D1737A5DD1F7ABDLL /* 634 */, 0x4F53433C09A9FA80LL /* 635 */, 0xFA8B0C53DF7CA1D9LL /* 636 */, 0x3FD9DCBC886CCB77LL /* 637 */, 0xC040917CA91B4720LL /* 638 */, 0x7DD00142F9D1DCDFLL /* 639 */, 0x8476FC1D4F387B58LL /* 640 */, 0x23F8E7C5F3316503LL /* 641 */, 0x032A2244E7E37339LL /* 642 */, 0x5C87A5D750F5A74BLL /* 643 */, 0x082B4CC43698992ELL /* 644 */, 0xDF917BECB858F63CLL /* 645 */, 0x3270B8FC5BF86DDALL /* 646 */, 0x10AE72BB29B5DD76LL /* 647 */, 0x576AC94E7700362BLL /* 648 */, 0x1AD112DAC61EFB8FLL /* 649 */, 0x691BC30EC5FAA427LL /* 650 */, 0xFF246311CC327143LL /* 651 */, 0x3142368E30E53206LL /* 652 */, 0x71380E31E02CA396LL /* 653 */, 0x958D5C960AAD76F1LL /* 654 */, 0xF8D6F430C16DA536LL /* 655 */, 0xC8FFD13F1BE7E1D2LL /* 656 */, 0x7578AE66004DDBE1LL /* 657 */, 0x05833F01067BE646LL /* 658 */, 0xBB34B5AD3BFE586DLL /* 659 */, 0x095F34C9A12B97F0LL /* 660 */, 0x247AB64525D60CA8LL /* 661 */, 0xDCDBC6F3017477D1LL /* 662 */, 0x4A2E14D4DECAD24DLL /* 663 */, 0xBDB5E6D9BE0A1EEBLL /* 664 */, 0x2A7E70F7794301ABLL /* 665 */, 0xDEF42D8A270540FDLL /* 666 */, 0x01078EC0A34C22C1LL /* 667 */, 0xE5DE511AF4C16387LL /* 668 */, 0x7EBB3A52BD9A330ALL /* 669 */, 0x77697857AA7D6435LL /* 670 */, 0x004E831603AE4C32LL /* 671 */, 0xE7A21020AD78E312LL /* 672 */, 0x9D41A70C6AB420F2LL /* 673 */, 0x28E06C18EA1141E6LL /* 674 */, 0xD2B28CBD984F6B28LL /* 675 */, 0x26B75F6C446E9D83LL /* 676 */, 0xBA47568C4D418D7FLL /* 677 */, 0xD80BADBFE6183D8ELL /* 678 */, 0x0E206D7F5F166044LL /* 679 */, 0xE258A43911CBCA3ELL /* 680 */, 0x723A1746B21DC0BCLL /* 681 */, 0xC7CAA854F5D7CDD3LL /* 682 */, 0x7CAC32883D261D9CLL /* 683 */, 0x7690C26423BA942CLL /* 684 */, 0x17E55524478042B8LL /* 685 */, 0xE0BE477656A2389FLL /* 686 */, 0x4D289B5E67AB2DA0LL /* 687 */, 0x44862B9C8FBBFD31LL /* 688 */, 0xB47CC8049D141365LL /* 689 */, 0x822C1B362B91C793LL /* 690 */, 0x4EB14655FB13DFD8LL /* 691 */, 0x1ECBBA0714E2A97BLL /* 692 */, 0x6143459D5CDE5F14LL /* 693 */, 0x53A8FBF1D5F0AC89LL /* 694 */, 0x97EA04D81C5E5B00LL /* 695 */, 0x622181A8D4FDB3F3LL /* 696 */, 0xE9BCD341572A1208LL /* 697 */, 0x1411258643CCE58ALL /* 698 */, 0x9144C5FEA4C6E0A4LL /* 699 */, 0x0D33D06565CF620FLL /* 700 */, 0x54A48D489F219CA1LL /* 701 */, 0xC43E5EAC6D63C821LL /* 702 */, 0xA9728B3A72770DAFLL /* 703 */, 0xD7934E7B20DF87EFLL /* 704 */, 0xE35503B61A3E86E5LL /* 705 */, 0xCAE321FBC819D504LL /* 706 */, 0x129A50B3AC60BFA6LL /* 707 */, 0xCD5E68EA7E9FB6C3LL /* 708 */, 0xB01C90199483B1C7LL /* 709 */, 0x3DE93CD5C295376CLL /* 710 */, 0xAED52EDF2AB9AD13LL /* 711 */, 0x2E60F512C0A07884LL /* 712 */, 0xBC3D86A3E36210C9LL /* 713 */, 0x35269D9B163951CELL /* 714 */, 0x0C7D6E2AD0CDB5FALL /* 715 */, 0x59E86297D87F5733LL /* 716 */, 0x298EF221898DB0E7LL /* 717 */, 0x55000029D1A5AA7ELL /* 718 */, 0x8BC08AE1B5061B45LL /* 719 */, 0xC2C31C2B6C92703ALL /* 720 */, 0x94CC596BAF25EF42LL /* 721 */, 0x0A1D73DB22540456LL /* 722 */, 0x04B6A0F9D9C4179ALL /* 723 */, 0xEFFDAFA2AE3D3C60LL /* 724 */, 0xF7C8075BB49496C4LL /* 725 */, 0x9CC5C7141D1CD4E3LL /* 726 */, 0x78BD1638218E5534LL /* 727 */, 0xB2F11568F850246ALL /* 728 */, 0xEDFABCFA9502BC29LL /* 729 */, 0x796CE5F2DA23051BLL /* 730 */, 0xAAE128B0DC93537CLL /* 731 */, 0x3A493DA0EE4B29AELL /* 732 */, 0xB5DF6B2C416895D7LL /* 733 */, 0xFCABBD25122D7F37LL /* 734 */, 0x70810B58105DC4B1LL /* 735 */, 0xE10FDD37F7882A90LL /* 736 */, 0x524DCAB5518A3F5CLL /* 737 */, 0x3C9E85878451255BLL /* 738 */, 0x4029828119BD34E2LL /* 739 */, 0x74A05B6F5D3CECCBLL /* 740 */, 0xB610021542E13ECALL /* 741 */, 0x0FF979D12F59E2ACLL /* 742 */, 0x6037DA27E4F9CC50LL /* 743 */, 0x5E92975A0DF1847DLL /* 744 */, 0xD66DE190D3E623FELL /* 745 */, 0x5032D6B87B568048LL /* 746 */, 0x9A36B7CE8235216ELL /* 747 */, 0x80272A7A24F64B4ALL /* 748 */, 0x93EFED8B8C6916F7LL /* 749 */, 0x37DDBFF44CCE1555LL /* 750 */, 0x4B95DB5D4B99BD25LL /* 751 */, 0x92D3FDA169812FC0LL /* 752 */, 0xFB1A4A9A90660BB6LL /* 753 */, 0x730C196946A4B9B2LL /* 754 */, 0x81E289AA7F49DA68LL /* 755 */, 0x64669A0F83B1A05FLL /* 756 */, 0x27B3FF7D9644F48BLL /* 757 */, 0xCC6B615C8DB675B3LL /* 758 */, 0x674F20B9BCEBBE95LL /* 759 */, 0x6F31238275655982LL /* 760 */, 0x5AE488713E45CF05LL /* 761 */, 0xBF619F9954C21157LL /* 762 */, 0xEABAC46040A8EAE9LL /* 763 */, 0x454C6FE9F2C0C1CDLL /* 764 */, 0x419CF6496412691CLL /* 765 */, 0xD3DC3BEF265B0F70LL /* 766 */, 0x6D0E60F5C3578A9ELL /* 767 */, 0x5B0E608526323C55LL /* 768 */, 0x1A46C1A9FA1B59F5LL /* 769 */, 0xA9E245A17C4C8FFALL /* 770 */, 0x65CA5159DB2955D7LL /* 771 */, 0x05DB0A76CE35AFC2LL /* 772 */, 0x81EAC77EA9113D45LL /* 773 */, 0x528EF88AB6AC0A0DLL /* 774 */, 0xA09EA253597BE3FFLL /* 775 */, 0x430DDFB3AC48CD56LL /* 776 */, 0xC4B3A67AF45CE46FLL /* 777 */, 0x4ECECFD8FBE2D05ELL /* 778 */, 0x3EF56F10B39935F0LL /* 779 */, 0x0B22D6829CD619C6LL /* 780 */, 0x17FD460A74DF2069LL /* 781 */, 0x6CF8CC8E8510ED40LL /* 782 */, 0xD6C824BF3A6ECAA7LL /* 783 */, 0x61243D581A817049LL /* 784 */, 0x048BACB6BBC163A2LL /* 785 */, 0xD9A38AC27D44CC32LL /* 786 */, 0x7FDDFF5BAAF410ABLL /* 787 */, 0xAD6D495AA804824BLL /* 788 */, 0xE1A6A74F2D8C9F94LL /* 789 */, 0xD4F7851235DEE8E3LL /* 790 */, 0xFD4B7F886540D893LL /* 791 */, 0x247C20042AA4BFDALL /* 792 */, 0x096EA1C517D1327CLL /* 793 */, 0xD56966B4361A6685LL /* 794 */, 0x277DA5C31221057DLL /* 795 */, 0x94D59893A43ACFF7LL /* 796 */, 0x64F0C51CCDC02281LL /* 797 */, 0x3D33BCC4FF6189DBLL /* 798 */, 0xE005CB184CE66AF1LL /* 799 */, 0xFF5CCD1D1DB99BEALL /* 800 */, 0xB0B854A7FE42980FLL /* 801 */, 0x7BD46A6A718D4B9FLL /* 802 */, 0xD10FA8CC22A5FD8CLL /* 803 */, 0xD31484952BE4BD31LL /* 804 */, 0xC7FA975FCB243847LL /* 805 */, 0x4886ED1E5846C407LL /* 806 */, 0x28CDDB791EB70B04LL /* 807 */, 0xC2B00BE2F573417FLL /* 808 */, 0x5C9590452180F877LL /* 809 */, 0x7A6BDDFFF370EB00LL /* 810 */, 0xCE509E38D6D9D6A4LL /* 811 */, 0xEBEB0F00647FA702LL /* 812 */, 0x1DCC06CF76606F06LL /* 813 */, 0xE4D9F28BA286FF0ALL /* 814 */, 0xD85A305DC918C262LL /* 815 */, 0x475B1D8732225F54LL /* 816 */, 0x2D4FB51668CCB5FELL /* 817 */, 0xA679B9D9D72BBA20LL /* 818 */, 0x53841C0D912D43A5LL /* 819 */, 0x3B7EAA48BF12A4E8LL /* 820 */, 0x781E0E47F22F1DDFLL /* 821 */, 0xEFF20CE60AB50973LL /* 822 */, 0x20D261D19DFFB742LL /* 823 */, 0x16A12B03062A2E39LL /* 824 */, 0x1960EB2239650495LL /* 825 */, 0x251C16FED50EB8B8LL /* 826 */, 0x9AC0C330F826016ELL /* 827 */, 0xED152665953E7671LL /* 828 */, 0x02D63194A6369570LL /* 829 */, 0x5074F08394B1C987LL /* 830 */, 0x70BA598C90B25CE1LL /* 831 */, 0x794A15810B9742F6LL /* 832 */, 0x0D5925E9FCAF8C6CLL /* 833 */, 0x3067716CD868744ELL /* 834 */, 0x910AB077E8D7731BLL /* 835 */, 0x6A61BBDB5AC42F61LL /* 836 */, 0x93513EFBF0851567LL /* 837 */, 0xF494724B9E83E9D5LL /* 838 */, 0xE887E1985C09648DLL /* 839 */, 0x34B1D3C675370CFDLL /* 840 */, 0xDC35E433BC0D255DLL /* 841 */, 0xD0AAB84234131BE0LL /* 842 */, 0x08042A50B48B7EAFLL /* 843 */, 0x9997C4EE44A3AB35LL /* 844 */, 0x829A7B49201799D0LL /* 845 */, 0x263B8307B7C54441LL /* 846 */, 0x752F95F4FD6A6CA6LL /* 847 */, 0x927217402C08C6E5LL /* 848 */, 0x2A8AB754A795D9EELL /* 849 */, 0xA442F7552F72943DLL /* 850 */, 0x2C31334E19781208LL /* 851 */, 0x4FA98D7CEAEE6291LL /* 852 */, 0x55C3862F665DB309LL /* 853 */, 0xBD0610175D53B1F3LL /* 854 */, 0x46FE6CB840413F27LL /* 855 */, 0x3FE03792DF0CFA59LL /* 856 */, 0xCFE700372EB85E8FLL /* 857 */, 0xA7BE29E7ADBCE118LL /* 858 */, 0xE544EE5CDE8431DDLL /* 859 */, 0x8A781B1B41F1873ELL /* 860 */, 0xA5C94C78A0D2F0E7LL /* 861 */, 0x39412E2877B60728LL /* 862 */, 0xA1265EF3AFC9A62CLL /* 863 */, 0xBCC2770C6A2506C5LL /* 864 */, 0x3AB66DD5DCE1CE12LL /* 865 */, 0xE65499D04A675B37LL /* 866 */, 0x7D8F523481BFD216LL /* 867 */, 0x0F6F64FCEC15F389LL /* 868 */, 0x74EFBE618B5B13C8LL /* 869 */, 0xACDC82B714273E1DLL /* 870 */, 0xDD40BFE003199D17LL /* 871 */, 0x37E99257E7E061F8LL /* 872 */, 0xFA52626904775AAALL /* 873 */, 0x8BBBF63A463D56F9LL /* 874 */, 0xF0013F1543A26E64LL /* 875 */, 0xA8307E9F879EC898LL /* 876 */, 0xCC4C27A4150177CCLL /* 877 */, 0x1B432F2CCA1D3348LL /* 878 */, 0xDE1D1F8F9F6FA013LL /* 879 */, 0x606602A047A7DDD6LL /* 880 */, 0xD237AB64CC1CB2C7LL /* 881 */, 0x9B938E7225FCD1D3LL /* 882 */, 0xEC4E03708E0FF476LL /* 883 */, 0xFEB2FBDA3D03C12DLL /* 884 */, 0xAE0BCED2EE43889ALL /* 885 */, 0x22CB8923EBFB4F43LL /* 886 */, 0x69360D013CF7396DLL /* 887 */, 0x855E3602D2D4E022LL /* 888 */, 0x073805BAD01F784CLL /* 889 */, 0x33E17A133852F546LL /* 890 */, 0xDF4874058AC7B638LL /* 891 */, 0xBA92B29C678AA14ALL /* 892 */, 0x0CE89FC76CFAADCDLL /* 893 */, 0x5F9D4E0908339E34LL /* 894 */, 0xF1AFE9291F5923B9LL /* 895 */, 0x6E3480F60F4A265FLL /* 896 */, 0xEEBF3A2AB29B841CLL /* 897 */, 0xE21938A88F91B4ADLL /* 898 */, 0x57DFEFF845C6D3C3LL /* 899 */, 0x2F006B0BF62CAAF2LL /* 900 */, 0x62F479EF6F75EE78LL /* 901 */, 0x11A55AD41C8916A9LL /* 902 */, 0xF229D29084FED453LL /* 903 */, 0x42F1C27B16B000E6LL /* 904 */, 0x2B1F76749823C074LL /* 905 */, 0x4B76ECA3C2745360LL /* 906 */, 0x8C98F463B91691BDLL /* 907 */, 0x14BCC93CF1ADE66ALL /* 908 */, 0x8885213E6D458397LL /* 909 */, 0x8E177DF0274D4711LL /* 910 */, 0xB49B73B5503F2951LL /* 911 */, 0x10168168C3F96B6BLL /* 912 */, 0x0E3D963B63CAB0AELL /* 913 */, 0x8DFC4B5655A1DB14LL /* 914 */, 0xF789F1356E14DE5CLL /* 915 */, 0x683E68AF4E51DAC1LL /* 916 */, 0xC9A84F9D8D4B0FD9LL /* 917 */, 0x3691E03F52A0F9D1LL /* 918 */, 0x5ED86E46E1878E80LL /* 919 */, 0x3C711A0E99D07150LL /* 920 */, 0x5A0865B20C4E9310LL /* 921 */, 0x56FBFC1FE4F0682ELL /* 922 */, 0xEA8D5DE3105EDF9BLL /* 923 */, 0x71ABFDB12379187ALL /* 924 */, 0x2EB99DE1BEE77B9CLL /* 925 */, 0x21ECC0EA33CF4523LL /* 926 */, 0x59A4D7521805C7A1LL /* 927 */, 0x3896F5EB56AE7C72LL /* 928 */, 0xAA638F3DB18F75DCLL /* 929 */, 0x9F39358DABE9808ELL /* 930 */, 0xB7DEFA91C00B72ACLL /* 931 */, 0x6B5541FD62492D92LL /* 932 */, 0x6DC6DEE8F92E4D5BLL /* 933 */, 0x353F57ABC4BEEA7ELL /* 934 */, 0x735769D6DA5690CELL /* 935 */, 0x0A234AA642391484LL /* 936 */, 0xF6F9508028F80D9DLL /* 937 */, 0xB8E319A27AB3F215LL /* 938 */, 0x31AD9C1151341A4DLL /* 939 */, 0x773C22A57BEF5805LL /* 940 */, 0x45C7561A07968633LL /* 941 */, 0xF913DA9E249DBE36LL /* 942 */, 0xDA652D9B78A64C68LL /* 943 */, 0x4C27A97F3BC334EFLL /* 944 */, 0x76621220E66B17F4LL /* 945 */, 0x967743899ACD7D0BLL /* 946 */, 0xF3EE5BCAE0ED6782LL /* 947 */, 0x409F753600C879FCLL /* 948 */, 0x06D09A39B5926DB6LL /* 949 */, 0x6F83AEB0317AC588LL /* 950 */, 0x01E6CA4A86381F21LL /* 951 */, 0x66FF3462D19F3025LL /* 952 */, 0x72207C24DDFD3BFBLL /* 953 */, 0x4AF6B6D3E2ECE2EBLL /* 954 */, 0x9C994DBEC7EA08DELL /* 955 */, 0x49ACE597B09A8BC4LL /* 956 */, 0xB38C4766CF0797BALL /* 957 */, 0x131B9373C57C2A75LL /* 958 */, 0xB1822CCE61931E58LL /* 959 */, 0x9D7555B909BA1C0CLL /* 960 */, 0x127FAFDD937D11D2LL /* 961 */, 0x29DA3BADC66D92E4LL /* 962 */, 0xA2C1D57154C2ECBCLL /* 963 */, 0x58C5134D82F6FE24LL /* 964 */, 0x1C3AE3515B62274FLL /* 965 */, 0xE907C82E01CB8126LL /* 966 */, 0xF8ED091913E37FCBLL /* 967 */, 0x3249D8F9C80046C9LL /* 968 */, 0x80CF9BEDE388FB63LL /* 969 */, 0x1881539A116CF19ELL /* 970 */, 0x5103F3F76BD52457LL /* 971 */, 0x15B7E6F5AE47F7A8LL /* 972 */, 0xDBD7C6DED47E9CCFLL /* 973 */, 0x44E55C410228BB1ALL /* 974 */, 0xB647D4255EDB4E99LL /* 975 */, 0x5D11882BB8AAFC30LL /* 976 */, 0xF5098BBB29D3212ALL /* 977 */, 0x8FB5EA14E90296B3LL /* 978 */, 0x677B942157DD025ALL /* 979 */, 0xFB58E7C0A390ACB5LL /* 980 */, 0x89D3674C83BD4A01LL /* 981 */, 0x9E2DA4DF4BF3B93BLL /* 982 */, 0xFCC41E328CAB4829LL /* 983 */, 0x03F38C96BA582C52LL /* 984 */, 0xCAD1BDBD7FD85DB2LL /* 985 */, 0xBBB442C16082AE83LL /* 986 */, 0xB95FE86BA5DA9AB0LL /* 987 */, 0xB22E04673771A93FLL /* 988 */, 0x845358C9493152D8LL /* 989 */, 0xBE2A488697B4541ELL /* 990 */, 0x95A2DC2DD38E6966LL /* 991 */, 0xC02C11AC923C852BLL /* 992 */, 0x2388B1990DF2A87BLL /* 993 */, 0x7C8008FA1B4F37BELL /* 994 */, 0x1F70D0C84D54E503LL /* 995 */, 0x5490ADEC7ECE57D4LL /* 996 */, 0x002B3C27D9063A3ALL /* 997 */, 0x7EAEA3848030A2BFLL /* 998 */, 0xC602326DED2003C0LL /* 999 */, 0x83A7287D69A94086LL /* 1000 */, 0xC57A5FCB30F57A8ALL /* 1001 */, 0xB56844E479EBE779LL /* 1002 */, 0xA373B40F05DCBCE9LL /* 1003 */, 0xD71A786E88570EE2LL /* 1004 */, 0x879CBACDBDE8F6A0LL /* 1005 */, 0x976AD1BCC164A32FLL /* 1006 */, 0xAB21E25E9666D78BLL /* 1007 */, 0x901063AAE5E5C33CLL /* 1008 */, 0x9818B34448698D90LL /* 1009 */, 0xE36487AE3E1E8ABBLL /* 1010 */, 0xAFBDF931893BDCB4LL /* 1011 */, 0x6345A0DC5FBBD519LL /* 1012 */, 0x8628FE269B9465CALL /* 1013 */, 0x1E5D01603F9C51ECLL /* 1014 */, 0x4DE44006A15049B7LL /* 1015 */, 0xBF6C70E5F776CBB1LL /* 1016 */, 0x411218F2EF552BEDLL /* 1017 */, 0xCB0C0708705A36A3LL /* 1018 */, 0xE74D14754F986044LL /* 1019 */, 0xCD56D9430EA8280ELL /* 1020 */, 0xC12591D7535F5065LL /* 1021 */, 0xC83223F1720AEF96LL /* 1022 */, 0xC3A0396F7363A51FLL /* 1023 */}; #else void dummy_2_64 (int a) { (void) a; return; } #endif samhain-3.1.0/src/CuTestMain.c0000644000175000017500000001165412234453365013041 00000000000000 /* This is auto-generated code. Edit at your own peril. */ #include "config.h" #include #include "CuTest.h" extern void Test_quote_string_ok (CuTest*); extern void Test_unquote_string_ok (CuTest*); extern void Test_csv_escape_ok (CuTest*); extern void Test_tiger(CuTest*); extern void Test_tiger_file(CuTest*); extern void Test_tiger_file_with_length(CuTest*); extern void Test_sh_tools_safe_name_01(CuTest*); extern void Test_sh_tools_safe_name_02(CuTest*); extern void Test_sh_tools_safe_name_03(CuTest*); extern void Test_sh_tools_safe_name_04(CuTest*); extern void Test_sh_tools_safe_name_05(CuTest*); extern void Test_sh_tools_safe_name_06(CuTest*); extern void Test_sh_tools_safe_name_07(CuTest*); extern void Test_is_numeric_01(CuTest*); extern void Test_dnmalloc (CuTest*); extern void Test_sh_unix_lookup_page (CuTest*); extern void Test_sl_strlcpy (CuTest*); extern void Test_sl_strlcat (CuTest*); extern void Test_sh_util_acl_compact (CuTest*); extern void Test_sh_util_strdup_ok (CuTest*); extern void Test_sh_util_strconcat_ok (CuTest*); extern void Test_sh_util_base64_enc_ok (CuTest*); extern void Test_sh_util_dirname_ok (CuTest*); extern void Test_sh_util_basename_ok (CuTest*); extern void Test_sh_util_utf8_ok (CuTest*); extern void Test_sh_util_obscure_ok (CuTest*); extern void Test_sl_stale (CuTest*); extern void Test_sl_snprintf (CuTest*); extern void Test_sl_strcasecmp (CuTest*); extern void Test_zAVLTree(CuTest*); extern void Test_sha256 (CuTest*); extern void Test_entropy (CuTest*); extern void Test_file_dequote (CuTest*); extern void Test_ignore_ok (CuTest*); extern void Test_inotify(CuTest*); extern void Test_login (CuTest*); extern void Test_login (CuTest*); extern void Test_portcheck_lists (CuTest*); extern void Test_processcheck_watchlist_ok (CuTest*); extern void Test_processcheck_listhandle_ok (CuTest*); extern void Test_restrict (CuTest*); extern void Test_srp (CuTest*); extern void Test_string (CuTest*); int RunAllTests(void) { CuString *output = CuStringNew(); CuSuite* suite = CuSuiteNew(); SUITE_ADD_TEST(suite, Test_quote_string_ok ); SUITE_ADD_TEST(suite, Test_unquote_string_ok ); SUITE_ADD_TEST(suite, Test_csv_escape_ok ); SUITE_ADD_TEST(suite, Test_tiger); SUITE_ADD_TEST(suite, Test_tiger_file); SUITE_ADD_TEST(suite, Test_tiger_file_with_length); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_01); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_02); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_03); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_04); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_05); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_06); SUITE_ADD_TEST(suite, Test_sh_tools_safe_name_07); SUITE_ADD_TEST(suite, Test_is_numeric_01); SUITE_ADD_TEST(suite, Test_dnmalloc ); SUITE_ADD_TEST(suite, Test_sh_unix_lookup_page ); SUITE_ADD_TEST(suite, Test_sl_strlcpy ); SUITE_ADD_TEST(suite, Test_sl_strlcat ); SUITE_ADD_TEST(suite, Test_sh_util_acl_compact ); SUITE_ADD_TEST(suite, Test_sh_util_strdup_ok ); SUITE_ADD_TEST(suite, Test_sh_util_strconcat_ok ); SUITE_ADD_TEST(suite, Test_sh_util_base64_enc_ok ); SUITE_ADD_TEST(suite, Test_sh_util_dirname_ok ); SUITE_ADD_TEST(suite, Test_sh_util_basename_ok ); SUITE_ADD_TEST(suite, Test_sh_util_utf8_ok ); SUITE_ADD_TEST(suite, Test_sh_util_obscure_ok ); SUITE_ADD_TEST(suite, Test_sl_stale ); SUITE_ADD_TEST(suite, Test_sl_snprintf ); SUITE_ADD_TEST(suite, Test_sl_strcasecmp ); SUITE_ADD_TEST(suite, Test_zAVLTree); SUITE_ADD_TEST(suite, Test_sha256 ); SUITE_ADD_TEST(suite, Test_entropy ); SUITE_ADD_TEST(suite, Test_file_dequote ); SUITE_ADD_TEST(suite, Test_ignore_ok ); SUITE_ADD_TEST(suite, Test_inotify); SUITE_ADD_TEST(suite, Test_login ); SUITE_ADD_TEST(suite, Test_login ); SUITE_ADD_TEST(suite, Test_portcheck_lists ); SUITE_ADD_TEST(suite, Test_processcheck_watchlist_ok ); SUITE_ADD_TEST(suite, Test_processcheck_listhandle_ok ); SUITE_ADD_TEST(suite, Test_restrict ); SUITE_ADD_TEST(suite, Test_srp ); SUITE_ADD_TEST(suite, Test_string ); CuSuiteRun(suite); CuSuiteSummary(suite, output); CuSuiteDetails(suite, output); if (suite->failCount > 0) fprintf(stderr, "%s%c", output->buffer, 0x0A); else fprintf(stdout, "%s%c", output->buffer, 0x0A); return suite->failCount; } int main(void) { #if !defined(USE_SYSTEM_MALLOC) typedef void assert_handler_tp(const char * error, const char *file, int line); extern assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new); extern void safe_fatal (const char * details, const char *f, int l); #endif #if !defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK) extern int dnmalloc_pthread_init(void); dnmalloc_pthread_init(); #endif #if !defined(USE_SYSTEM_MALLOC) (void) dnmalloc_set_handler(safe_fatal); #endif int retval; retval = RunAllTests(); return (retval == 0) ? 0 : 1; } samhain-3.1.0/src/sh_fInotify.c0000644000175000017500000004466512137452173013314 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2011 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /*************************************************************************** * * This file provides a module for samhain to use inotify for file checking. * */ #include "config_xor.h" #if (defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)) #include "samhain.h" #include "sh_utils.h" #include "sh_modules.h" #include "sh_pthread.h" #include "sh_inotify.h" #include "sh_unix.h" #include "sh_hash.h" #include "sh_files.h" #include "sh_ignore.h" #define FIL__ _("sh_fInotify.c") sh_watches sh_file_watches = SH_INOTIFY_INITIALIZER; #if defined(HAVE_SYS_INOTIFY_H) static sh_watches sh_file_missing = SH_INOTIFY_INITIALIZER; #include /* --- Configuration ------- */ static int ShfInotifyActive = S_FALSE; static unsigned long ShfInotifyWatches = 0; static int sh_fInotify_active(const char *s) { int value; SL_ENTER(_("sh_fInotify_active")); value = sh_util_flagval(s, &ShfInotifyActive); if (value == 0 && ShfInotifyActive != S_FALSE) { sh.flag.inotify |= SH_INOTIFY_USE; sh.flag.inotify |= SH_INOTIFY_DOSCAN; sh.flag.inotify |= SH_INOTIFY_NEEDINIT; } if (value == 0 && ShfInotifyActive == S_FALSE) { sh.flag.inotify = 0; } SL_RETURN((value), _("sh_fInotify_active")); } static int sh_fInotify_watches(const char *s) { int retval = -1; char * foo; unsigned long value; SL_ENTER(_("sh_fInotify_watches")); value = strtoul(s, &foo, 0); if (*foo == '\0') { ShfInotifyWatches = (value > 2147483647) ? 2147483647 /* MAX_INT_32 */: value; retval = 0; } SL_RETURN((retval), _("sh_fInotify_watches")); } sh_rconf sh_fInotify_table[] = { { N_("inotifyactive"), sh_fInotify_active, }, { N_("inotifywatches"), sh_fInotify_watches, }, { NULL, NULL } }; /* --- End Configuration --- */ static int sh_fInotify_init_internal(void); static int sh_fInotify_process(struct inotify_event * event); static int sh_fInotify_report(struct inotify_event * event, char * filename, int class, unsigned long check_mask, int ftype, int rdepth); int sh_fInotify_init(struct mod_type * arg) { #ifndef HAVE_PTHREAD (void) arg; return SH_MOD_FAILED; #else if (ShfInotifyActive == S_FALSE) return SH_MOD_FAILED; if (sh.flag.checkSum == SH_CHECK_INIT) return SH_MOD_FAILED; if (arg != NULL && arg->initval < 0 && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { /* Init from main thread */ SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_DOSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_NEEDINIT; ); if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) { return SH_MOD_THREAD; } else { sh.flag.inotify = 0; return SH_MOD_FAILED; } } else if (arg != NULL && arg->initval < 0 && (sh.flag.isdaemon != S_TRUE && sh.flag.loop != S_TRUE)) { sh.flag.inotify = 0; return SH_MOD_FAILED; } else if (arg != NULL && arg->initval == SH_MOD_THREAD && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { /* Reconfigure from main thread */ /* sh_fInotify_init_internal(); */ SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_DOSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_NEEDINIT; ); return SH_MOD_THREAD; } /* Within thread, init */ return sh_fInotify_init_internal(); #endif } int sh_fInotify_run() { ssize_t len = -1; char * buffer; static int count = 0; static int count2 = 0; if (ShfInotifyActive == S_FALSE) { return SH_MOD_FAILED; } if ( (sh.flag.inotify & SH_INOTIFY_DOSCAN) || (sh.flag.inotify & SH_INOTIFY_NEEDINIT)) { if (0 != sh_fInotify_init_internal()) { return SH_MOD_FAILED; } } buffer = SH_ALLOC(16384); /* Blocking read from inotify file descriptor. */ len = sh_inotify_read_timeout(buffer, 16384, 1); if (len > 0) { struct inotify_event *event; int i = 0; while (i < len) { event = (struct inotify_event *) &(buffer[i]); sh_fInotify_process(event); i += sizeof (struct inotify_event) + event->len; } if ( (sh.flag.inotify & SH_INOTIFY_DOSCAN) || (sh.flag.inotify & SH_INOTIFY_NEEDINIT)) { if (0 != sh_fInotify_init_internal()) { SH_FREE(buffer); return SH_MOD_FAILED; } } } /* Re-scan 'dormant' list of sh_file_missing. */ sh_inotify_recheck_watches (&sh_file_watches, &sh_file_missing); ++count; ++count2; if (count >= 10) { count = 0; /* Re-expand glob patterns to discover added files. */ SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_INSCAN; ); sh_files_check_globFilePatterns(); SH_INOTIFY_IFUSED( sh.flag.inotify &= ~SH_INOTIFY_INSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_NEEDINIT; ); } if (count2 >= 300) { count2 = 0; /* Update baseline database. */ if (sh.flag.checkSum == SH_CHECK_CHECK && sh.flag.update == S_TRUE) sh_hash_writeout (); } SH_FREE(buffer); return 0; } /* We block in the read() call on the inotify descriptor, * so we always run. */ int sh_fInotify_timer(time_t tcurrent) { (void) tcurrent; return 1; } int sh_fInotify_cleanup() { sh_inotify_purge_dormant(&sh_file_watches); sh_inotify_remove(&sh_file_watches); sh_inotify_init(&sh_file_watches); return 0; } int sh_fInotify_reconf() { sh.flag.inotify = 0; ShfInotifyWatches = 0; ShfInotifyActive = 0; return sh_fInotify_cleanup(); } #define PROC_WATCHES_MAX _("/proc/sys/fs/inotify/max_user_watches") static void sh_fInotify_set_nwatches() { static int fails = 0; if (ShfInotifyWatches == 0 || fails == 1) return; if (0 == access(PROC_WATCHES_MAX, R_OK|W_OK)) /* flawfinder: ignore */ { FILE * fd; if (NULL != (fd = fopen(PROC_WATCHES_MAX, "r+"))) { char str[128]; char * ret; char * ptr; unsigned long wn; str[0] = '\0'; ret = fgets(str, 128, fd); if (ret && *str != '\0') { wn = strtoul(str, &ptr, 0); if (*ptr == '\0' || *ptr == '\n') { if (wn < ShfInotifyWatches) { sl_snprintf(str, sizeof(str), "%lu\n", ShfInotifyWatches); (void) fseek(fd, 0L, SEEK_SET); fputs(str, fd); } sl_fclose(FIL__, __LINE__, fd); return; } } sl_fclose(FIL__, __LINE__, fd); } } SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("Cannot set max_user_watches"), _("sh_fInotify_set_nwatches")); SH_MUTEX_UNLOCK(mutex_thread_nolog); fails = 1; return; } /* The watch fd is thread specific. To have it in the fInotify thread, * the main thread writes a list of files/dirs to watch, and here we * now pop files from the list to add watches for them. */ static int sh_fInotify_init_internal() { char * filename; int class; int type; int rdepth; unsigned long check_mask; int retval; int errnum; if (ShfInotifyActive == S_FALSE) return SH_MOD_FAILED; /* Wait until file scan is finished. */ while((sh.flag.inotify & SH_INOTIFY_DOSCAN) != 0) { retry_msleep(1,0); if (ShfInotifyActive == S_FALSE) return SH_MOD_FAILED; } sh_fInotify_set_nwatches(); while (NULL != (filename = sh_inotify_pop_dormant(&sh_file_watches, &class, &check_mask, &type, &rdepth))) { retval = sh_inotify_add_watch(filename, &sh_file_watches, &errnum, class, check_mask, type, rdepth); if (retval < 0) { char errbuf[SH_ERRBUF_SIZE]; sh_error_message(errnum, errbuf, sizeof(errbuf)); if ((errnum == ENOENT) || (errnum == EEXIST)) { /* (1) Did it exist at init ? */ if (sh_hash_have_it (filename) >= 0) { /* (2) Do we want to report on it ? */ if (S_FALSE == sh_ignore_chk_del(filename)) { char * epath = sh_util_safe_name (filename); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle( SH_ERR_ALL /* debug */, FIL__, __LINE__, errnum, MSG_E_SUBGPATH, errbuf, _("sh_fInotify_init_internal"), epath); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(epath); } } } else { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN, errbuf, _("sh_fInotify_init_internal")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } } SH_FREE(filename); } /* Need this because mod_check() may run after * DOSCAN is finished, hence wouldn't call init(). */ SH_INOTIFY_IFUSED( sh.flag.inotify &= ~SH_INOTIFY_NEEDINIT; ); return 0; } static void sh_fInotify_logmask(struct inotify_event * event) { char dbgbuf[256]; sl_strlcpy (dbgbuf, "inotify mask: ", sizeof(dbgbuf)); if (event->mask & IN_ACCESS) sl_strlcat(dbgbuf, "IN_ACCESS ", sizeof(dbgbuf)); if (event->mask & IN_ATTRIB) sl_strlcat(dbgbuf, "IN_ATTRIB ", sizeof(dbgbuf)); if (event->mask & IN_CLOSE_WRITE) sl_strlcat(dbgbuf, "IN_CLOSE_WRITE ", sizeof(dbgbuf)); if (event->mask & IN_CLOSE_NOWRITE) sl_strlcat(dbgbuf, "IN_CLOSE_NOWRITE ", sizeof(dbgbuf)); if (event->mask & IN_CREATE) sl_strlcat(dbgbuf, "IN_CREATE ", sizeof(dbgbuf)); if (event->mask & IN_DELETE) sl_strlcat(dbgbuf, "IN_DELETE ", sizeof(dbgbuf)); if (event->mask & IN_DELETE_SELF) sl_strlcat(dbgbuf, "IN_DELETE_SELF ", sizeof(dbgbuf)); if (event->mask & IN_MODIFY) sl_strlcat(dbgbuf, "IN_MODIFY ", sizeof(dbgbuf)); if (event->mask & IN_MOVE_SELF) sl_strlcat(dbgbuf, "IN_MOVE_SELF ", sizeof(dbgbuf)); if (event->mask & IN_MOVED_FROM) sl_strlcat(dbgbuf, "IN_MOVED_FROM ", sizeof(dbgbuf)); if (event->mask & IN_MOVED_TO) sl_strlcat(dbgbuf, "IN_MOVED_TO ", sizeof(dbgbuf)); if (event->mask & IN_OPEN) sl_strlcat(dbgbuf, "IN_OPEN ", sizeof(dbgbuf)); if (event->mask & IN_IGNORED) sl_strlcat(dbgbuf, "IN_IGNORED ", sizeof(dbgbuf)); if (event->mask & IN_ISDIR) sl_strlcat(dbgbuf, "IN_ISDIR ", sizeof(dbgbuf)); if (event->mask & IN_Q_OVERFLOW) sl_strlcat(dbgbuf, "IN_Q_OVERFLOW ", sizeof(dbgbuf)); if (event->mask & IN_UNMOUNT) sl_strlcat(dbgbuf, "IN_UNMOUNT ", sizeof(dbgbuf)); /* fprintf(stderr, "FIXME: %s\n", dbgbuf); */ SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, dbgbuf, _("sh_fInotify_process")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } static int sh_fInotify_process(struct inotify_event * event) { int class; int ftype; int rdepth; unsigned long check_mask; char * filename; extern int flag_err_debug; if (flag_err_debug == SL_TRUE) { sh_fInotify_logmask(event); } if (event->wd >= 0) { filename = sh_inotify_search_item(&sh_file_watches, event->wd, &class, &check_mask, &ftype, &rdepth); if (filename) { sh_fInotify_report(event, filename, class, check_mask, ftype, rdepth); SH_FREE(filename); } else if (sh.flag.inotify & SH_INOTIFY_NEEDINIT) { return 1; } else if ((event->mask & IN_UNMOUNT) == 0 && (event->mask & IN_IGNORED) == 0) { /* Remove watch ? Seems reasonable. */ sh_inotify_rm_watch(NULL, NULL, event->wd); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, event->wd, MSG_E_SUBGEN, _("Watch removed: file path unknown"), _("sh_fInotify_process")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } } else if ((event->mask & IN_Q_OVERFLOW) != 0) { SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_DOSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_NEEDINIT; ); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, event->wd, MSG_E_SUBGEN, _("Inotify queue overflow"), _("sh_fInotify_process")); SH_MUTEX_UNLOCK(mutex_thread_nolog); return 1; } return 0; } void sh_fInotify_report_add(char * path, int class, unsigned long check_mask) { if (S_FALSE == sh_ignore_chk_new(path)) { int reported = 0; sh_files_clear_file_reported(path); sh_files_search_file(path, &class, &check_mask, &reported); sh_files_filecheck (class, check_mask, path, NULL, &reported, 0); if (SH_FFLAG_REPORTED_SET(reported)) sh_files_set_file_reported(path); } return; } static void sh_fInotify_report_miss(char * name, int level) { char * tmp = sh_util_safe_name (name); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_MISS, tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); ++sh.statistics.files_report; SH_FREE(tmp); return; } static int sh_fInotify_report_change (struct inotify_event * event, char * path, char * filename, int class, unsigned long check_mask, int ftype) { int reported; int ret; if (S_FALSE == sh_ignore_chk_mod(path)) { ret = sh_files_search_file(path, &class, &check_mask, &reported); if ((ret == 0) && (event->len > 0) && (ftype == SH_INOTIFY_FILE)) { ; /* do nothing, watch was for directory monitored as file only */ } else { sh_files_filecheck (class, check_mask, filename, (event->len > 0) ? event->name : NULL, &reported, 0); } } return 0; } static int sh_fInotify_report_missing (struct inotify_event * event, char * path, int class, unsigned long check_mask, int ftype) { int reported; int isdir = (event->mask & IN_ISDIR); int level = (class == SH_LEVEL_ALLIGNORE) ? ShDFLevel[class] : ShDFLevel[(isdir == 0) ? SH_ERR_T_FILE : SH_ERR_T_DIR]; if (S_FALSE == sh_ignore_chk_del(path)) { if (0 != hashreport_missing(path, level)) { int ret = sh_files_search_file(path, &class, &check_mask, &reported); if ((ret == 0) && (event->len > 0) && (ftype == SH_INOTIFY_FILE)) { ; /* do nothing, watch was for directory monitored as file only */ } else { /* Removal of a directory triggers: * (1) IN_DELETE IN_ISDIR * (2) IN_DELETE_SELF */ if ((event->mask & IN_DELETE_SELF) == 0) sh_fInotify_report_miss(path, level); } } } #ifndef REPLACE_OLD sh_hash_set_visited_true(path); #else sh_hash_set_missing(path); #endif if (sh.flag.reportonce == S_TRUE) sh_files_set_file_reported(path); /* Move to 'dormant' list, if not file within directory. */ if (event->len == 0) sh_inotify_rm_watch(&sh_file_watches, &sh_file_missing, event->wd); return 0; } static int sh_fInotify_report_added (struct inotify_event * event, char * path, char * filename, int class, unsigned long check_mask, int ftype, int rdepth) { if (S_FALSE == sh_ignore_chk_new(path)) { int reported; int ret; int retD = 0; int rdepthD = rdepth; sh_files_clear_file_reported(path); ret = sh_files_search_file(path, &class, &check_mask, &reported); if ((ret == 0) && (event->len > 0) && (ftype == SH_INOTIFY_FILE)) { ; /* do nothing, watch was for directory monitored as file only */ } else { int classD = class; int reportedD = reported; unsigned long check_maskD = check_mask; if (event->mask & IN_ISDIR) { retD = sh_files_search_dir(path, &classD, &check_maskD, &reportedD, &rdepthD); if (retD != 0) { if (ret == 0) { class = classD; check_mask = check_maskD; } } } sh_files_filecheck (class, check_mask, filename, (event->len > 0) ? event->name : NULL, &reported, 0); if (event->mask & IN_ISDIR) { SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_INSCAN; ); sh_files_checkdir (classD, check_maskD, rdepthD, path, (event->len > 0) ? event->name : NULL); SH_INOTIFY_IFUSED( sh.flag.inotify &= ~SH_INOTIFY_INSCAN; ); SH_INOTIFY_IFUSED( sh.flag.inotify |= SH_INOTIFY_NEEDINIT; ); sh_dirs_reset (); sh_files_reset (); } } if (SH_FFLAG_REPORTED_SET(reported)) sh_files_set_file_reported(path); if ((ret != 0) || (event->mask & IN_ISDIR)) { sh_inotify_add_watch(path, &sh_file_watches, &ret, class, check_mask, (event->mask & IN_ISDIR)?SH_INOTIFY_DIR:SH_INOTIFY_FILE, rdepthD); } } return 0; } static int sh_fInotify_report(struct inotify_event * event, char * filename, int class, unsigned long check_mask, int ftype, int rdepth) { char * fullpath = NULL; char * path; if (event->len > 0) { fullpath = sh_util_strconcat(filename, "/", event->name, NULL); path = fullpath; } else { path = filename; } if ( (event->mask & (IN_ATTRIB|IN_MODIFY)) != 0) { sh_fInotify_report_change (event, path, filename, class, check_mask, ftype); } else if ((event->mask & (IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF|IN_MOVED_FROM)) != 0) { sh_fInotify_report_missing (event, path, class, check_mask, ftype); } else if((event->mask & (IN_CREATE|IN_MOVED_TO)) != 0) { sh_fInotify_report_added (event, path, filename, class, check_mask, ftype, rdepth); } if (fullpath) SH_FREE(fullpath); return 0; } #endif #endif samhain-3.1.0/src/sh_filetype.c0000644000175000017500000004525211525207212013327 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2011 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #ifndef NULL #if !defined(__cplusplus) #define NULL ((void*)0) #else #define NULL (0) #endif #endif #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) #include "samhain.h" #include "sh_mem.h" #include "sh_error_min.h" #include "sh_utils.h" #define FIL__ _("sh_filetype.c") #include #include #include /* #define SH_FILE_MAIN 1 */ #ifdef SH_FILE_MAIN #include #define _(a) a #define N_(a) a #define sl_strlcpy strncpy #endif #define SH_FTYPE_MAX 32 /* List of filetype description, in the format: * offset : type(0=text, 1=binary) : length(if binary) : G1 : G2 : G3 : Name : Teststring * * This list is mostly taken from the 'filetype' library by Paul L Daniels. * * Copyright (c) 2003, PLD * All rights reserved. * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the * following conditions are met: * * * Redistributions of source code must retain the above * copyright notice, this list of conditions and the following * disclaimer. * * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * * Neither the name of the PLD nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ char * sh_ftype_list[] = { N_("6:0:0:IMAGE:COMPRESSED:JPG:JFIF Jpeg:JFIF"), N_("0:0:0:IMAGE:COMPRESSED:PNG:PNG:=89PNG=0d=0a=1a=0a"), N_("0:0:0:IMAGE:COMPRESSED:JPG:JFIF Jpeg:=FF=D8=FF"), N_("0:0:0:IMAGE:COMPRESSED:GIF:GIF:GIF97a"), N_("0:0:0:IMAGE:COMPRESSED:GIF:GIF:GIF89a"), N_("0:0:0:IMAGE:COMPRESSED:GIF:GIF:GIF87a"), N_("0:1:4:IMAGE:COMPRESSED:TIFF:TIFF-LE:II=2A=00"), N_("0:1:4:IMAGE:COMPRESSED:TIFF:TIFF-BE:MM=00=2A"), N_("0:1:2:IMAGE:COMPRESSED:PCX:PCX25:=0A=00"), N_("0:1:2:IMAGE:COMPRESSED:PCX:PCX28WP:=0A=02"), N_("0:1:2:IMAGE:COMPRESSED:PCX:PCX28NP:=0A=03"), N_("0:1:2:IMAGE:COMPRESSED:PCX:PCX30:=0A=05"), N_("0:0:0:IMAGE:RAW:BMP:Bitmap:BM"), N_("0:0:0:IMAGE:RAW:XPM:XPM:/* XPM */"), N_("0:0:0:IMAGE:SPECIAL:AUTOCAD:DWT:AC=31=30=31"), N_("0:0:0:IMAGE:SPECIAL:AUTOCAD:DWF:(DWF V"), N_("0:0:0:IMAGE:SPECIAL:AUTOCAD:WMF:=D7=CD=C6=9A"), N_("0:0:0:IMAGE:SPECIAL:AUTOCAD:DWG:AC10"), N_("8:0:0:IMAGE:SPECIAL:COREL:CorelDraw:CDR"), N_("0:0:0:IMAGE:SPECIAL:FITS:Fits file:SIMPLE=20=20="), N_("1536:0:0:IMAGE:SPECIAL:VISIO:VisioDraw:Visio"), N_("128:0:0:IMAGE:SPECIAL:DICM:DICOM medical:DICM"), N_("0:0:0:IMAGE:SPECIAL:PHS:Photoshop:8BPS"), N_("0:0:0:IMAGE:SPECIAL:XCF:Gimp XCF:gimp xcf"), N_("0:0:0:MOVIE:COMPRESSED:RIFF:RIFF/AVI Movie:RIFF"), N_("0:0:0:MOVIE:RAW:MOV:SGI Movie:MOVI:.mov SGI Movie"), N_("0:1:4:MOVIE:COMPRESSED:MPG:Mpeg 2:=00=00=01=BA"), N_("0:1:4:MOVIE:COMPRESSED:MPG:Mpeg 2:=00=00=01=B3"), N_("4:0:0:MOVIE:COMPRESSED:QT:QuickTime:moov"), N_("4:0:0:MOVIE:COMPRESSED:QT:QuickTime:mdat"), N_("36:0:0:MOVIE:COMPRESSED:QT:QuickTime:moov"), N_("36:0:0:MOVIE:COMPRESSED:QT:QuickTime:mdat"), N_("68:0:0:MOVIE:COMPRESSED:QT:QuickTime:moov"), N_("68:0:0:MOVIE:COMPRESSED:QT:QuickTime:mdat"), N_("0:1:3:MOVIE:COMPRESSED:FLI:FLIC animation:=00=11=AF"), N_("0:0:0:MOVIE:COMPRESSED:FLASH:Flash data:FWS"), N_("0:0:0:MOVIE:COMPRESSED:FLASH:Flash data:CWS"), N_("0:0:0:MOVIE:COMPRESSED:FLASH:Flash video:FLV"), N_("0:0:0:MOVIE:COMPRESSED:WMV:WMV:=30=26=B2=75=8E=66=CF"), N_("0:0:0:AUDIO:RAW:SND:Sun Audio:.snd"), N_("0:0:0:AUDIO:RAW:EMOD:EMOD:Mod"), N_("1080:0:0:AUDIO:RAW:MOD:SoundTracker (.M.K):.M.K"), N_("1080:0:0:AUDIO:RAW:MOD:SoundTracker (M.K.):M.K."), N_("1080:0:0:AUDIO:RAW:MOD:NoiseTracker:N.T."), N_("1080:0:0:AUDIO:RAW:MOD:SoundTracker (M!K!):M!K!"), N_("1080:0:0:AUDIO:RAW:MOD:SoundTracker (M&K!):M&K!"), N_("8:0:0:AUDIO:RAW:WAVE:Wave:WAVE"), N_("0:1:4:AUDIO:RAW:DEC:DEC-Audio:=00=64=73=2E"), N_("0:0:0:AUDIO:STANDARD:MIDI:Midi:MThd"), N_("0:0:0:AUDIO:COMPRESSED:REAL:RealMedia:.RMF"), N_("0:0:0:AUDIO:COMPRESSED:OGG:Ogg Vorbis:OggS"), N_("0:0:0:AUDIO:COMPRESSED:FLAC:Flac:fLaC"), N_("0:1:5:AUDIO:COMPRESSED:MP3:MP3 Audio:=49=44=33=02=00"), N_("0:1:5:AUDIO:COMPRESSED:MP3:MP3 Audio:=49=44=33=03=00"), N_("0:1:5:AUDIO:COMPRESSED:MP3:MP3 Audio:=49=44=33=04=00"), N_("0:1:2:AUDIO:COMPRESSED:MP3:MP3 Audio:=ff=fb"), N_("0:1:2:AUDIO:COMPRESSED:MP3:MP3 Audio:=ff=fa"), N_("2:0:0:ARCHIVE:COMPRESSED:LHA:Lha 0:-lh0-"), N_("2:0:0:ARCHIVE:COMPRESSED:LHA:Lha 1:-lh1-"), N_("2:0:0:ARCHIVE:COMPRESSED:LHA:Lha 4:-lz4-"), N_("2:0:0:ARCHIVE:COMPRESSED:LHA:Lha z5:-lz5-"), N_("2:0:0:ARCHIVE:COMPRESSED:LHA:Lha 5:-lh5-"), N_("0:0:0:ARCHIVE:COMPRESSED:RAR:RarArchive:Rar!"), N_("0:0:0:ARCHIVE:COMPRESSED:ZIP:PkZip:PK=03=04"), N_("0:0:0:ARCHIVE:COMPRESSED:7Z:7-Zip:=37=7A=BC=AF=27=1C"), N_("0:0:0:ARCHIVE:COMPRESSED:COMPRESS:Compress:=1F=89"), N_("0:0:0:ARCHIVE:COMPRESSED:GZIP:Gzip:=1F=8B"), N_("0:0:0:ARCHIVE:COMPRESSED:BZIP2:Bzip2:BZh"), N_("0:0:0:ARCHIVE:COMPRESSED:ARJ:ARJ:=60=ea"), N_("0:0:0:ARCHIVE:COMPRESSED:ARJ:ARJ:=ea=60"), N_("0:0:0:ARCHIVE:COMPRESSED:HPAK:HPack:HPAK"), N_("0:0:0:ARCHIVE:COMPRESSED:JAM:Jam:=E9,=01JAM"), N_("0:0:0:ARCHIVE:COMPRESSED:SQUISH:Squish:SQSH"), N_("0:1:8:ARCHIVE:COMPRESSED:CAB:MS Cabinet:MSCF=00=00=00=00"), N_("20:0:0:ARCHIVE:COMPRESSED:ZOO:Zoo:=FD=C4=A7=DC"), N_("0:0:0:ARCHIVE:COMPRESSED:XPK:Amiga XPK Archive:XPKF"), N_("0:0:0:ARCHIVE:PACKAGE:RPM:RPM:=ED=AB=EE=DB"), N_("0:0:0:ARCHIVE:PACKAGE:DEB:DEB:!=0A""debian"), N_("0:0:0:ARCHIVE:UNIX:AR:AR:!"), N_("0:0:0:ARCHIVE:UNIX:AR:AR:"), N_("257:1:8:ARCHIVE:UNIX:TAR:TAR:ustar=20=20=00"), N_("257:1:6:ARCHIVE:UNIX:TAR:TAR:ustar=00"), N_("0:0:0:LIBRARY:JAVA:CLASS:Java:=CA=FE=BA=BE"), N_("2108:0:0:DOCUMENT:OFFICE:WORD:Word v5:MSWordDoc"), N_("2112:0:0:DOCUMENT:OFFICE:WORD:Word v5:MSWordDoc"), N_("2080:0:0:DOCUMENT:OFFICE:EXCEL:Excel v4:Microsoft Excel"), N_("2080:0:0:DOCUMENT:OFFICE:WORD:MS Word:Microsoft Word"), N_("0:0:0:DOCUMENT:OFFICE:WORD:Word:=94=A6=2E"), N_("512:1:19:DOCUMENT:OFFICE:WORD:Word:R=00o=00o=00t=00 =00""E=00n=00t=00r=00y"), N_("0:1:9:DOCUMENT:OFFICE:ALL:MSOffice:=D0=CF=11=E0=A1=B1=1A=E1=00"), N_("0:0:0:DOCUMENT:ADOBE:PDF:PortableDocument:%PDF-"), N_("0:0:0:DOCUMENT:ADOBE:EPS:EncapsulatedPS:%!PS-ADOBE EPS"), N_("0:0:0:DOCUMENT:STANDARD:RTF:RichText:{\\rtf"), N_("6:1:4:DOCUMENT:STANDARD:RTF:RichText Compressed:=00=00LZ"), N_("6:0:0:DOCUMENT:ID:VCARD:VCARD:vcard"), N_("0:0:0:EXECUTABLE:DOS:EXE:DosExe:MZ"), N_("0:0:0:EXECUTABLE:DOS:EXE:DosExe:LZ"), N_("0:0:0:EXECUTABLE:DOS:COM:DosCom 1:=E9"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#!/bin/sh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#! /bin/sh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#!/bin/bash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#! /bin/bash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#!/usr/bin/bash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Bourne:#! /usr/bin/bash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Csh:#!/usr/bin/csh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Csh:#! /usr/bin/csh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Csh:#!/bin/csh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Csh:#! /bin/csh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Korn:#! /usr/bin/ksh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Korn:#!/usr/bin/ksh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Korn:#! /bin/ksh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Korn:#!/bin/ksh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Tenex:#!/usr/bin/tcsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Tenex:#! /usr/bin/tcsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Tenex:#!/bin/tcsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Tenex:#! /bin/tcsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Zsh:#!/usr/bin/zsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Zsh:#! /usr/bin/zsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Zsh:#!/bin/zsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Zsh:#! /bin/zsh"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:ash:#!/usr/bin/ash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:ash:#! /usr/bin/ash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:ash:#!/bin/ash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:ash:#! /bin/ash"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#!/usr/bin/nawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#! /usr/bin/nawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#!/bin/nawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#! /bin/nawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#!/bin/gawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#! /bin/gawk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#!/bin/awk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:awk:#! /bin/awk"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:perl:#!/usr/bin/perl"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:perl:#! /usr/bin/perl"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:perl:#!/bin/perl"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:perl:#! /bin/perl"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Shell script:#!/"), N_("0:0:0:EXECUTABLE:UNIX:SHELL:Shell script:#! /"), N_("0:0:0:EXECUTABLE:UNIX:ELF:Linux ELF32:=7f""ELF=01"), N_("0:0:0:EXECUTABLE:UNIX:ELF:Linux ELF:=7f""ELF=02"), N_("0:0:0:EXECUTABLE:DOS:COM:DosCom 2:=8c"), N_("0:0:0:EXECUTABLE:DOS:COM:DosCom 3:=eb"), N_("0:0:0:EXECUTABLE:DOS:COM:DosCom 4:=b8"), N_("0:1:4:EXECUTABLE:AMIGAOS:EXECUTABLE:AmigaOS Executable:=00=00=03=F3"), N_("0:1:20:DATABASE:ANY:ACCESS:MSAccess:=00=01=00=00Standard=20Jet=20""DB=00"), N_("0:1:2:DATABASE:ANY:MYSQL:MySQL database:=fe=01"), N_("0:1:4:DATABASE:ANY:MYSQL:MySQL database:=fe=fe=03=00"), N_("0:1:4:DATABASE:ANY:MYSQL:MySQL database:=fe=fe=07=00"), N_("0:1:4:DATABASE:ANY:MYSQL:MySQL database:=fe=fe=05=00"), N_("0:1:4:DATABASE:ANY:MYSQL:MySQL database:=fe=fe=06=00"), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, }; static unsigned int sh_ftype_def = 0; #define SH_FTYPE_ADD 16 struct sh_ftype_rec { size_t offset; size_t length; char pattern[SH_FTYPE_MAX]; char type[SH_FTYPE_MAX]; }; struct sh_ftype_rec ** sh_ftype_arr = NULL; static unsigned int sh_ftype_nn = 0; #if !defined(SH_FILE_MAIN) static unsigned int sh_ftype_usr = 0; extern char * unquote_string (const char * str, size_t len); int sh_restrict_add_ftype(const char * str) { size_t len; char * cond; if (sh_ftype_def == 0) { while(sh_ftype_list[sh_ftype_def] != NULL) ++sh_ftype_def; } if (!str) { if (sh_ftype_usr > 0) { unsigned int i, j = sh_ftype_def; for (i = 0; i < sh_ftype_usr; ++i) { SH_FREE(sh_ftype_list[j+i]); sh_ftype_list[j+i] = NULL; } sh_ftype_usr = 0; } if (sh_ftype_arr) { unsigned int i = 0; while(sh_ftype_arr[i] != NULL) { SH_FREE(sh_ftype_arr[i]); ++i; } SH_FREE(sh_ftype_arr); sh_ftype_arr = NULL; } } else if (sh_ftype_usr < SH_FTYPE_ADD) { len = strlen(str); cond = unquote_string(str, len); sh_ftype_list[sh_ftype_def+sh_ftype_usr] = cond; ++sh_ftype_usr; } else { return -1; } return 0; } #endif static int init_record(unsigned int n, char * define, struct sh_ftype_rec * record) { unsigned int offset, dtype, length, i = 0, xn = 0; char type[SH_FTYPE_MAX]; char pattern[SH_FTYPE_MAX]; char * end; char * start; offset = strtoul(define, &end, 0); if (*end != ':') return -1; start = end; ++start; dtype = strtoul(start, &end, 0); if (*end != ':') return -1; start = end; ++start; length = strtoul(start, &end, 0); if (*end != ':') return -1; start = end; ++start; while (*start && (i < sizeof(type))) { type[i] = *start; ++start; if (type[i] == ':') ++xn; if (xn == 3) { type[i] = '\0'; break; } ++i; } if (xn != 3) return -1; start = strchr(start, ':'); if (!start) return -1; ++start; if (dtype == 0) { sl_strlcpy(pattern, start, sizeof(pattern)); length = strlen(pattern); } else if (length <= sizeof(pattern)) { memcpy(pattern, start, length); } else { return -1; } /* fprintf(stderr, "FIXME: %d %d %s ", dtype, length, type); */ /** if (dtype == 0) fprintf(stderr, "%s\n", pattern); else { int k; for (k = 0; k < length; ++k) fprintf(stderr, "0x%X", (unsigned int) (pattern[k])); fprintf(stderr, "\n"); } **/ for (i = 0; i < n; ++i) { if (sh_ftype_arr[i]->length <= length && sh_ftype_arr[i]->offset == offset) { if (0 == memcmp(sh_ftype_arr[i]->pattern, pattern, sh_ftype_arr[i]->length)) { #ifdef SH_FILE_MAIN fprintf(stderr, "Pattern %d (%s / %s) override by earlier pattern %d (%s / %s)\n", n, type, pattern, i, sh_ftype_arr[i]->type, sh_ftype_arr[i]->pattern); #else char errbuf[256]; sl_snprintf(errbuf, sizeof(errbuf), _("Pattern %d (%s) override by earlier pattern %d (%s)"), n, type, i, sh_ftype_arr[i]->type); sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, errbuf, _("init_record")); #endif } } } record->offset = offset; record->length = length; memcpy(record->pattern, pattern, length); sl_strlcpy(record->type, type, SH_FTYPE_MAX); return 0; } static void file_arr_init() { unsigned int i, nn = 0; if (sh_ftype_def == 0) { while(sh_ftype_list[sh_ftype_def] != NULL) ++sh_ftype_def; } while (sh_ftype_list[nn] != NULL) ++nn; #ifdef SH_FILE_MAIN printf("%d definitions found, defined = %d\n", nn, sh_ftype_def); #endif #ifdef SH_FILE_MAIN sh_ftype_arr = malloc((nn+1) * sizeof(struct sh_ftype_rec *)); #else sh_ftype_arr = SH_ALLOC((nn+1) * sizeof(struct sh_ftype_rec *)); #endif for(i = 0; i < nn; i++) { #ifdef SH_FILE_MAIN sh_ftype_arr[i] = malloc(sizeof(struct sh_ftype_rec)); #else sh_ftype_arr[i] = SH_ALLOC(sizeof(struct sh_ftype_rec)); #endif memset(sh_ftype_arr[i], 0, sizeof(struct sh_ftype_rec)); if (i < sh_ftype_def) { char * p = _(sh_ftype_list[i]); size_t len = strlen(p); char * cond = unquote_string(p, len); init_record(i, cond, sh_ftype_arr[i]); } else { init_record(i, sh_ftype_list[i], sh_ftype_arr[i]); } } sh_ftype_arr[nn] = NULL; sh_ftype_nn = nn; return; } static char * check_filetype(char * filetype, const char * buffer, size_t buflen) { unsigned int i; const char * p; if (!sh_ftype_arr) { file_arr_init(); } for (i = 0; i < sh_ftype_nn; ++i) { if (sh_ftype_arr[i]->length > 0 && (sh_ftype_arr[i]->length + sh_ftype_arr[i]->offset) < buflen) { p = &buffer[sh_ftype_arr[i]->offset]; #if 0 { int dd; /* fprintf(stderr, "FIXME: %03d comp %d:%d ", i, sh_ftype_arr[i]->offset, sh_ftype_arr[i]->length); */ for (dd = 0; dd < sh_ftype_arr[i]->length; ++dd) { fprintf(stderr, "0x%X ", sh_ftype_arr[i]->pattern[dd]); } for (dd = 0; dd < sh_ftype_arr[i]->length; ++dd) { fprintf(stderr, "0x%X ", p[dd]); } fprintf(stderr, "\n"); } #endif if (0 == memcmp(p, sh_ftype_arr[i]->pattern, sh_ftype_arr[i]->length)) { sl_strlcpy(filetype, sh_ftype_arr[i]->type, SH_FTYPE_MAX); return (filetype); } } } if (buflen > 0) { int flag = 0; p = buffer; for (i = 0; i < buflen; ++i) { if (*p == '\0') { sl_strlcpy(filetype, _("FILE:BINARY:UNKNOWN"), SH_FTYPE_MAX); goto out; } else if (!isgraph((int)*p) && !isspace((int)*p)) { flag = 1; } ++p; } if (flag == 0) { sl_strlcpy(filetype, _("FILE:TEXT:ASCII"), SH_FTYPE_MAX); goto out; } } sl_strlcpy(filetype, _("FILE:UNKNOWN:UNKNOWN"), SH_FTYPE_MAX); out: return filetype; } #if !defined(SH_FILE_MAIN) int matches_filetype(SL_TICKET ft, char * test_type) { char buffer[3072]; char filetype[SH_FTYPE_MAX]; long len; len = sl_read_timeout (ft, buffer, sizeof(buffer), 12, SL_TRUE); sl_rewind(ft); if (len > 0) { check_filetype(filetype, buffer, len); } else { sl_strlcpy(filetype, _("FILE:UNKNOWN:UNKNOWN"), SH_FTYPE_MAX); } if (0 == strcmp(filetype, test_type)) { return 1; } return 0; } #else /* SH_FILE_MAIN */ #include int main (int argc, char * argv[]) { char buffer[3072]; char filetype[SH_FTYPE_MAX]; size_t len; FILE * fh = fopen(argv[1], "r"); if (fh) { int fd = fileno(fh); len = read(fd, buffer, 3072); check_filetype(filetype, buffer, len); fprintf(stdout, "%s: %s\n", argv[1], filetype); return 0; } return 1; } #endif #endif /* #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) */ samhain-3.1.0/src/sh_pthread.c0000644000175000017500000001662112015467715013146 00000000000000#include "config_xor.h" #include "sh_pthread.h" #ifdef HAVE_PTHREAD #include #include "sh_calls.h" #include "sh_modules.h" extern volatile int sh_thread_pause_flag; SH_MUTEX_INIT(mutex_skey, PTHREAD_MUTEX_INITIALIZER); SH_MUTEX_INIT(mutex_resolv, PTHREAD_MUTEX_INITIALIZER); SH_MUTEX_INIT(mutex_pwent, PTHREAD_MUTEX_INITIALIZER); SH_MUTEX_INIT(mutex_readdir, PTHREAD_MUTEX_INITIALIZER); SH_MUTEX_INIT(mutex_thread_nolog, PTHREAD_MUTEX_INITIALIZER); int sh_pthread_setsigmask(int how, const void *set, void *oldset) { return pthread_sigmask(how, (const sigset_t *)set, (sigset_t *)oldset); } void sh_pthread_mutex_unlock (void *arg) { (void) pthread_mutex_unlock ((pthread_mutex_t *)arg); return; } int sh_pthread_init_threadspecific(void) { int rc = 0; #ifdef SH_STEALTH do { extern int sh_g_thread(void); rc = sh_g_thread(); } while (0); #endif return rc; } /* * ---- Utilities for modules ---- */ /* MODULES: init() * * #ifdef HAVE_PTHREAD * if (arg != NULL) * { * if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) * return SH_MOD_THREAD; * else * return SH_MOD_FAILED; * } * #else * return sh_utmp_init_internal(); * #endif * * * sh_threaded_module_run(module_struct) * -- calls internal init, * -- polls timer, * -- runs module check, * -- runs sh_pthread_testcancel() * -- returns (return == exit) */ #define SH_NUM_THREADS 16 static pthread_t threads[SH_NUM_THREADS]; static int ithread[SH_NUM_THREADS]; static pthread_mutex_t create_mutex = PTHREAD_MUTEX_INITIALIZER; int sh_pthread_create(void *(*start_routine)(void*), void *arg) { int rc, nthread = 1; sigset_t signal_set; int retval = 0; pthread_mutex_lock(&create_mutex); /* block all signals */ sigfillset( &signal_set ); #if defined(SCREW_IT_UP) /* * raise(SIGTRAP) sends to same thread, like * pthread_kill(pthread_self(), sig); so we need to unblock the * signal. */ sigdelset( &signal_set, SIGTRAP ); #endif pthread_sigmask( SIG_BLOCK, &signal_set, NULL ); /* find a free slot in threads[] */ while (nthread < SH_NUM_THREADS) { if (ithread[nthread] == 0) break; ++nthread; if (nthread == SH_NUM_THREADS) { retval = -1; goto err_out; } } rc = pthread_create(&threads[nthread], NULL, start_routine, arg); if (rc != 0) { retval = -1; goto err_out; } ithread[nthread] = 1; err_out: pthread_sigmask( SIG_UNBLOCK, &signal_set, NULL ); pthread_mutex_unlock(&create_mutex); return retval; } int sh_pthread_cancel_all() { int i; int ret = 0; SH_MUTEX_LOCK(create_mutex); for (i = 1; i < SH_NUM_THREADS; ++i) { if (ithread[i] != 0) if (0 != pthread_cancel(threads[i])) ithread[i] = 0; } for (i = 1; i < SH_NUM_THREADS; ++i) { if (ithread[i] != 0) pthread_join(threads[i], NULL); ithread[i] = 0; } SH_MUTEX_UNLOCK(create_mutex); return ret; } /* ---- Utility functions for modules ---- */ #undef S_TRUE #define S_TRUE 1 #undef S_FALSE #define S_FALSE 0 void sh_threaded_module_cleanup(void *arg) { sh_mtype * this_module = (sh_mtype *) arg; this_module->mod_cleanup(); this_module->initval = -1; return; } void * sh_threaded_module_run(void *arg) { sh_mtype * this_module = (sh_mtype *) arg; /* First we lock the module. This ensures that it cannot be * run twice. */ pthread_cleanup_push(sh_pthread_mutex_unlock, (void*) &(this_module->mod_mutex)); pthread_mutex_lock(&(this_module->mod_mutex)); if (0 == sh_pthread_init_threadspecific()) { if (0 == this_module->mod_init(NULL)) { pthread_cleanup_push(sh_threaded_module_cleanup, arg); while (1) { if (sh_thread_pause_flag != S_TRUE && 0 != this_module->mod_timer(time(NULL))) { /* If module has been de-activated on reconfigure, * mod_check() must return non-zero. * The mod_cleanup() routine must then enable the * module to be re-activated eventually. */ if (0 != this_module->mod_check()) break; pthread_testcancel(); } if (0 == (SH_MODFL_NOTIMER & this_module->flags)) retry_msleep(1,0); } pthread_cleanup_pop(1); /* notreached,but required */ } } pthread_cleanup_pop(1); return NULL; } /* * ---- Implementation of recursive mutexes from libxml2 ---- */ #if !defined(HAVE_PTHREAD_MUTEX_RECURSIVE) /** * libxml2 threads.c: set of generic threading related routines * * Gary Pennington * daniel@veillard.com * Except where otherwise noted in the source code (e.g. the files hash.c, * list.c and the trio files, which are covered by a similar licence but * with different Copyright notices) all the files are: * * Copyright (C) 1998-2003 Daniel Veillard. All Rights Reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is fur- * nished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- * NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- * NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * * Except as contained in this notice, the name of Daniel Veillard shall not * be used in advertising or otherwise to promote the sale, use or other deal- * ings in this Software without prior written authorization from him. */ /* Modified NewRMutex -> InitRMutex. We use a static structure, rather than * allocating one. Also dropped code for non-POSIX OSes. */ void sh_InitRMutex(struct sh_RMutex * tok) { pthread_mutex_init(&tok->lock, NULL); tok->held = 0; tok->waiters = 0; pthread_cond_init(&tok->cv, NULL); return; } void sh_RMutexLock(struct sh_RMutex * tok) { if (tok == NULL) return; pthread_mutex_lock(&tok->lock); if (tok->held) { if (pthread_equal(tok->tid, pthread_self())) { tok->held++; pthread_mutex_unlock(&tok->lock); return; } else { tok->waiters++; while (tok->held) pthread_cond_wait(&tok->cv, &tok->lock); tok->waiters--; } } tok->tid = pthread_self(); tok->held = 1; pthread_mutex_unlock(&tok->lock); } void sh_RMutexUnlock(void * arg) { struct sh_RMutex * tok = (struct sh_RMutex *) arg; if (tok == NULL) return; pthread_mutex_lock(&tok->lock); tok->held--; if (tok->held == 0) { if (tok->waiters) pthread_cond_signal(&tok->cv); tok->tid = 0; } pthread_mutex_unlock(&tok->lock); } #endif #else #include int sh_pthread_setsigmask(int how, const void *set, void *oldset) { return sigprocmask(how, (const sigset_t *)set, (sigset_t *)oldset); } #endif samhain-3.1.0/src/samhain_erase.c0000644000175000017500000000671612231162303013611 00000000000000/*************************************************************************** * * Purpose: * ------- * Hide loaded kernel modules with names including the string MAGIC_HIDE * * Configuration: * ------------- * If not building within the samhain system, you may remove the * line '#include "config.h"' and in the line * '#define MAGIC_HIDE SH_MAGIC_HIDE', replace SH_MAGIC_HIDE with * "someString" (in quotes !). */ #include "config.h" #define MAGIC_HIDE SH_MAGIC_HIDE /* #define MAGIC_HIDE "someString" */ /* define this if you have a modversioned kernel */ /* #define MODVERSIONS */ /* * Install: * ------- * gcc -Wall -O2 -c samhain_erase.c * mv samhain_hide.o /lib/modules/KERNEL_VERSION/misc/ * * (Replace KERNEL_VERSION with your kernel's version.) * * Usage: * ----- * To load the module: * insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide') * * To unload the module * rmmod samhain_hide (for improved safety: 'sync && rmmod samhain_hide') * * * Tested on: * --------- * Linux 2.2 * * Copyright: * --------- * Copyright (C) 2001 Rainer Wichmann (http://la-samhna.de) * * License: * ------- * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2, as * published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * ***************************************************************************/ #define __KERNEL__ #define MODULE /* The configure options (#defines) for the Kernel */ #define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) #if SH_KERNEL_NUMERIC >= KERNEL_VERSION(2,6,33) #include #else #if SH_KERNEL_NUMERIC >= KERNEL_VERSION(2,6,19) #include #else #include #ifdef CONFIG_MODVERSIONS #include #endif #endif #endif #include #include #include #define N_(string) string #include "config.h" #ifdef MODULE_LICENSE MODULE_LICENSE("GPL"); #endif #undef NULL #define NULL ((void *)0) int init_module() { struct module * ptr; struct module * prev; int found = 0; ptr = &(__this_module); prev = &(__this_module); /* skip this module to allow 'rmmod' */ ptr = ptr->next; while (ptr) { found = 0; if (ptr->name && ptr->name[0] != '\0') { /* printk("%s <%s>\n", ptr->name, SH_MAGIC_HIDE); */ if (NULL != strstr(ptr->name, SH_MAGIC_HIDE)) { prev->next = ptr->next; /* printk("-->HIDE\n"); */ found = 1; } } if (ptr->next) { if (found == 0) prev = ptr; ptr = ptr->next; } else break; } return 0; } void cleanup_module() { return; } samhain-3.1.0/src/sh_tools.c0000644000175000017500000014212312103731510012635 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 1999, 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include /* Must be early on FreeBSD */ #include #ifdef HAVE_MEMORY_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #ifdef HAVE_UNISTD_H #include #include #include #include #include #include #include #include #include #include #endif #include #ifdef HOST_IS_HPUX #define _XOPEN_SOURCE_EXTENDED #endif #include #include #include #ifndef FD_SET #define NFDBITS 32 #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) #endif /* !FD_SET */ #ifndef FD_SETSIZE #define FD_SETSIZE 32 #endif #ifndef FD_ZERO #define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) #endif #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) #include #endif #define SH_REAL_SET #include "samhain.h" #include "sh_mem.h" #include "sh_error.h" #include "sh_tools.h" #include "sh_utils.h" #include "sh_tiger.h" #define SH_NEED_GETHOSTBYXXX #include "sh_static.h" #include "sh_pthread.h" #include "sh_ipvx.h" #undef FIL__ #define FIL__ _("sh_tools.c") #ifdef SH_ENCRYPT #include "rijndael-api-fst.h" char * errorExplain (int err_num, char * buffer, size_t len) { char * p; if (err_num == BAD_KEY_DIR) p = (_("Key direction is invalid")); else if (err_num == BAD_KEY_MAT) p = (_("Key material not of correct length")); else if (err_num == BAD_KEY_INSTANCE) p = (_("Key passed is not valid")); else if (err_num == BAD_CIPHER_MODE) p = (_("Params struct passed to cipherInit invalid")); else if (err_num == BAD_CIPHER_STATE) p = (_("Cipher in wrong state")); else if (err_num == BAD_BLOCK_LENGTH) p = (_("Bad block length")); else if (err_num == BAD_CIPHER_INSTANCE) p = (_("Bad cipher instance")); else if (err_num == BAD_DATA) p = (_("Data contents are invalid")); else p = (_("Unknown error")); sl_strlcpy (buffer, p, len); return buffer; } #endif /* --- check for an interface --- */ int sh_tools_iface_is_present(char *str) { #if defined(USE_IPVX) struct addrinfo *ai; struct addrinfo hints; int res; memset (&hints, '\0', sizeof (hints)); hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; hints.ai_socktype = SOCK_STREAM; res = getaddrinfo (str, _("2543"), &hints, &ai); if (res == 0) { struct addrinfo *p = ai; while (p != NULL) { int fd = socket (p->ai_family, p->ai_socktype, p->ai_protocol); if (fd < 0) { freeaddrinfo (ai); return 0; } if (bind (fd, p->ai_addr, p->ai_addrlen) != 0) { /* bind() fails for access reasons, iface exists */ if (errno == EACCES || errno == EADDRINUSE) { sl_close_fd (FIL__, __LINE__, fd); freeaddrinfo (ai); return 1; } sl_close_fd (FIL__, __LINE__, fd); freeaddrinfo (ai); return 0; } sl_close_fd (FIL__, __LINE__, fd); freeaddrinfo (ai); return 1; /* p = p->ai_next; */ } } #else struct sockaddr_in sin; int sd; memset(&sin, '\0', sizeof(sin)); sin.sin_family = AF_INET; if (inet_aton(str, &(sin.sin_addr))) { sin.sin_port = htons(2543); if (-1 == (sd = socket(AF_INET, SOCK_STREAM, 0))) { return 0; } if (-1 == bind(sd, (struct sockaddr *)&sin, sizeof(sin))) { int retval = 0; /* bind() fails for access reasons, iface exists */ if (errno == EACCES || errno == EADDRINUSE) retval = 1; sl_close_fd (FIL__, __LINE__, sd); return retval; } /* bind() succeeds, iface exists */ sl_close_fd(FIL__, __LINE__, sd); return 1; } #endif return 0; } /* --- recode all \blah escapes to qp (quoted printable) '=XX' format, and * also code all remaining unprintable chars --- */ #define SH_PUT_4(p, a, b, c) (p)[0] = (a); (p)[1] = (b); (p)[2] = (c); char * sh_tools_safe_name (const char * instr, int flag) { unsigned char c, d; const char * p; char tmp[4]; char * outstr; size_t len = 1; int i = 0; unsigned char val_octal = '\0'; static char ctable[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; SL_ENTER(_("sh_tools_safe_name")); if (instr) { len = strlen(instr); if (sl_ok_muls (3, len) && sl_ok_adds ((3*len), 4)) { len = (3 * len) + 4; p = instr; } else { len = 1; p = NULL; } } else { p = NULL; } outstr = SH_ALLOC(len); outstr[0] = '\0'; tmp[3] = '\0'; #if !defined(SH_USE_XML) (void) flag; /* fix compiler warning */ #endif if (!p) goto end; while (*p) { c = *p; if (*p == '\n') { outstr[i] = ' '; ++i; ++p; continue; } #ifdef SH_USE_XML if (flag == 1) { if ((*p) == '"') { SH_PUT_4(&outstr[i], '=', '2', '2'); i+=3; ++p; continue; } else if ((*p) == '&') { SH_PUT_4(&outstr[i], '=', '2', '6'); i+=3; ++p; continue; } else if ((*p) == '<') { /* left angle */ SH_PUT_4(&outstr[i], '=', '3', 'c'); i+=3; ++p; continue; } else if ((*p) == '>') { /* right angle */ SH_PUT_4(&outstr[i], '=', '3', 'e'); i+=3; ++p; continue; } } #endif if ( (*p) != '\\' && (*p) != '&' && (*p) != '=' && (*p) != '\'') { outstr[i] = *p; ++i; ++p; if (c < 32 || c > 126) { --i; d = c % 16; c = c / 16; outstr[i] = '='; ++i; outstr[i] = ctable[c]; ++i; outstr[i] = ctable[d]; ++i; } continue; } else if ((*p) == '\'') { SH_PUT_4(&outstr[i], '=', '2', '7'); i+=3; ++p; } else if (*p == '=') { if (p[1] != '"' && p[1] != '<') { SH_PUT_4(&outstr[i], '=', '3', 'd'); i+=3; ++p; } else { outstr[i] = *p; ++i; ++p; } } else if (*p == '\\') { ++p; if (!p) break; if (!(*p)) break; switch (*p) { case '\\': SH_PUT_4(&outstr[i], '=', '5', 'c'); i+=3; ++p; break; case 'n': SH_PUT_4(&outstr[i], '=', '0', 'a'); i+=3; ++p; break; case 'b': SH_PUT_4(&outstr[i], '=', '0', '8'); i+=3; ++p; break; case 'r': SH_PUT_4(&outstr[i], '=', '0', 'd'); i+=3; ++p; break; case 't': SH_PUT_4(&outstr[i], '=', '0', '9'); i+=3; ++p; break; case 'v': SH_PUT_4(&outstr[i], '=', '0', 'b'); i+=3; ++p; break; case 'f': SH_PUT_4(&outstr[i], '=', '0', 'c'); i+=3; ++p; break; case '\'': SH_PUT_4(&outstr[i], '=', '2', '7'); i+=3; ++p; break; case '"': /* also encode quoted '"' */ SH_PUT_4(&outstr[i], '=', '2', '2'); i+=3; ++p; break; case ' ': SH_PUT_4(&outstr[i], '=', '2', '0'); i+=3; ++p; break; default: if (strlen(p) < 3) /* certainly not an octal number, skip */ { p += strlen(p); } else { tmp[0] = p[0]; tmp[1] = p[1]; tmp[2] = p[2]; val_octal = (unsigned char) strtoul(tmp, (char **)NULL, 8); if (val_octal != '\0') { c = val_octal; d = c % 16; c = c / 16; outstr[i] = '='; ++i; outstr[i] = ctable[c]; ++i; outstr[i] = ctable[d]; ++i; } p += 3; } } } else if (*p == '&') { ++p; if (!p || !(*p)) { outstr[i] = '&'; ++i; break; } if (p[0] == 'a' && p[1] == 'm' && p[2] == 'p' && p[3] == ';') { SH_PUT_4(&outstr[i], '=', '2', '6'); i+=3; p += 4; } else if (p[0] == 'q' && p[1] == 'u' && p[2] == 'o' && p[3] == 't' && p[4] == ';') { SH_PUT_4(&outstr[i], '=', '2', '2'); i+=3; p += 5; } else if (p[0] == 'l' && p[1] == 't' && p[2] == ';') { SH_PUT_4(&outstr[i], '=', '3', 'c'); i+=3; p += 3; } else if (p[0] == 'g' && p[1] == 't' && p[2] == ';') { SH_PUT_4(&outstr[i], '=', '3', 'e'); i+=3; p += 3; } else /* conserve the '&' */ { outstr[i] = '&'; ++i; } } else { outstr[i] = *p; ++i; ++p; } } /* while (p && *p) */ end: outstr[i] = '\0'; SL_RETURN( outstr, _("sh_tools_safe_name")); } /* extern int h_errno; */ char * sh_tools_errmessage (int tellme, char * errbuf, size_t len) { char * p = NULL; #ifdef HOST_NOT_FOUND if (tellme == HOST_NOT_FOUND) p = _("The specified host is unknown: "); #endif #ifdef NO_ADDRESS if (tellme == NO_ADDRESS) p = _("The requested name is valid but does not have an IP address: "); #endif #ifdef NO_RECOVERY if (tellme == NO_RECOVERY) p = _("A non-recoverable name server error occurred: "); #endif #ifdef TRY_AGAIN if (tellme == TRY_AGAIN) p = _("A temporary error occurred on an authoritative name server. The specified host is unknown: "); #endif if (!p) p = _("Unknown error"); sl_strlcpy(errbuf, p, len); return errbuf; } #if defined (SH_WITH_SERVER) int get_open_max () { int value; #ifdef _SC_OPEN_MAX value = sysconf (_SC_OPEN_MAX); #else #ifdef OPEN_MAX value = OPEN_MAX; #else value = _POSIX_OPEN_MAX; #endif #endif if (value < 0) value = 8; /* POSIX lower limit */ if (value > 4096) value = 4096; return value; } #endif typedef struct _sin_cache { char * address; struct sh_sockaddr saddr; struct _sin_cache * next; } sin_cache; static sin_cache * conn_cache = NULL; static int cached_addr = 0; void delete_cache() { sin_cache * check_cache = conn_cache; sin_cache * old_entry; SL_ENTER(_("delete_cache")); while (check_cache != NULL) { old_entry = check_cache; check_cache = check_cache->next; SH_FREE(old_entry->address); SH_FREE(old_entry); } cached_addr = 0; conn_cache = NULL; SL_RET0(_("delete_cache")); } int DoReverseLookup = S_TRUE; int set_reverse_lookup (const char * c) { return sh_util_flagval(c, &DoReverseLookup); } #if !defined(USE_IPVX) int connect_port (char * address, int port, char * ecall, int * errnum, char * errmsg, int errsiz) { struct in_addr haddr; /* host address from numeric */ /* host details returned by the DNS */ struct hostent *host_entry = NULL; struct sockaddr_in sinr; /* socket to the remote host */ char * host_name; volatile int fd = (-1); int status; volatile int fail = 0; int cached = 0; int retval; char errbuf[SH_ERRBUF_SIZE]; sin_cache * check_cache = conn_cache; SL_ENTER(_("connect_port")); if (errsiz > 0) errmsg[0] = '\0'; /* paranoia -- should not happen */ if (cached_addr > 128) delete_cache(); if (check_cache != NULL) { while (check_cache && check_cache->address) { if ( 0 == sl_strncmp(check_cache->address, address, sl_strlen(address)) ) { memcpy (&sinr, &((check_cache->saddr).sin), sizeof(struct sockaddr_in)); sinr.sin_family = AF_INET; sinr.sin_port = htons (port); cached = 1; break; } if (check_cache->next) check_cache = check_cache->next; else check_cache = NULL; } } /* only use gethostbyname() if neccessary */ if (cached == 0) { #ifdef HAVE_INET_ATON if (0 == inet_aton(address, &haddr)) #else if ((unsigned long)-1 == (haddr.s_addr = inet_addr(address))) #endif { SH_MUTEX_LOCK(mutex_resolv); host_name = NULL; host_entry = sh_gethostbyname(address); if (host_entry == NULL || host_entry->h_addr == NULL) { sl_strlcpy(ecall, _("gethostbyname"), SH_MINIBUF); #ifndef NO_H_ERRNO *errnum = h_errno; #else *errnum = 666; #endif (void) sh_tools_errmessage (*errnum, errmsg, errsiz); sl_strlcat(errmsg, address, errsiz); fail = (-1); } else { sinr.sin_family = AF_INET; sinr.sin_port = htons (port); sinr.sin_addr = *(struct in_addr *) host_entry->h_addr; /* reverse DNS lookup */ if (DoReverseLookup == S_TRUE) { if (host_entry->h_name == NULL) { host_name = SH_ALLOC(1); host_name[0] = '\0'; } else { host_name = sh_util_strdup(host_entry->h_name); } host_entry = sh_gethostbyaddr ((char *) &sinr.sin_addr, sizeof(struct in_addr), AF_INET); if (host_entry == NULL || host_entry->h_name == NULL) { sl_strlcpy(ecall, _("gethostbyaddr"), SH_MINIBUF); #ifndef NO_H_ERRNO *errnum = h_errno; #else *errnum = 666; #endif (void) sh_tools_errmessage (*errnum, errmsg, errsiz); sl_strlcat(errmsg, inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), errsiz); fail = (-1); } else { *errnum = 0; if (sl_strlen(host_entry->h_name) == 0 || (*errnum = sl_strcasecmp(host_name,host_entry->h_name)) != 0) { if (*errnum) sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF); else sl_strlcpy(ecall, _("strlen"), SH_MINIBUF); sl_strlcpy(errmsg, _("Reverse lookup failed: "), errsiz); sl_strlcat(errmsg, address, errsiz); sl_strlcat(errmsg, _(" vs "), errsiz); sl_strlcat(errmsg, inet_ntoa (*(struct in_addr *) &(sinr.sin_addr)), errsiz); fail = -1; } } } } SH_MUTEX_UNLOCK(mutex_resolv); if (host_name) SH_FREE(host_name); } else /* address was numeric */ { sinr.sin_family = AF_INET; sinr.sin_port = htons (port); sinr.sin_addr = haddr; } if (fail != -1) { /* put it into the cache */ check_cache = SH_ALLOC(sizeof(sin_cache)); check_cache->address = SH_ALLOC(sl_strlen(address) + 1); sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1); sh_ipvx_save(&(check_cache->saddr), AF_INET, (struct sockaddr *) &sinr); ++cached_addr; if (conn_cache) { if (conn_cache->next) check_cache->next = conn_cache->next; else check_cache->next = NULL; conn_cache->next = check_cache; } else { check_cache->next = NULL; conn_cache = check_cache; } } } if (fail != (-1)) { fd = socket(AF_INET, SOCK_STREAM, 0); if (fd < 0) { fail = (-1); status = errno; sl_strlcpy(ecall, _("socket"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); } } if (fail != (-1)) { if ( retry_connect(FIL__, __LINE__, fd, (struct sockaddr *) &sinr, sizeof(sinr)) < 0) { status = errno; sl_strlcpy(ecall, _("connect"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); sl_close_fd(FIL__, __LINE__, fd); fail = (-1); } } retval = (fail < 0) ? (-1) : fd; SL_RETURN(retval, _("connect_port")); } #else int connect_port (char * address, int port, char * ecall, int * errnum, char * errmsg, int errsiz) { struct sockaddr_in *sin; struct sockaddr_in6 *sin6; struct sh_sockaddr ss; sin_cache * check_cache = conn_cache; int cached = 0; int fail = 0; int fd = -1; int status = 0; int retval; char errbuf[SH_ERRBUF_SIZE]; SL_ENTER(_("connect_port")); /* paranoia -- should not happen */ if (cached_addr > 128) delete_cache(); if (check_cache != NULL) { while (check_cache && check_cache->address) { if ( 0 == sl_strcmp(check_cache->address, address) ) { memcpy (&ss, &(check_cache->saddr), sizeof(struct sh_sockaddr)); switch (ss.ss_family) { case AF_INET: sin = &(ss.sin); sin->sin_port = htons (port); cached = 1; break; case AF_INET6: sin6 = &(ss.sin6); sin6->sin6_port = htons (port); cached = 1; break; default: break; } break; } if (check_cache->next) check_cache = check_cache->next; else check_cache = NULL; } } if (cached != 0) { fd = socket(ss.ss_family, SOCK_STREAM, 0); if (fd < 0) { status = errno; fail = (-1); sl_strlcpy(ecall, _("socket"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); } if (fail != (-1)) { int addrlen = SH_SS_LEN(ss); if ( retry_connect(FIL__, __LINE__, fd, sh_ipvx_sockaddr_cast(&ss), addrlen) < 0) { status = errno; sl_strlcpy(ecall, _("connect"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); sl_close_fd(FIL__, __LINE__, fd); fail = (-1); } } if (fail != 0) { delete_cache(); cached = 0; } } if (cached == 0) { int res; char sport[32]; struct addrinfo *ai; struct addrinfo hints; memset (&hints, '\0', sizeof (hints)); hints.ai_flags = AI_ADDRCONFIG; #if defined(AI_CANONNAME) hints.ai_flags |= AI_CANONNAME; #endif hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; sl_snprintf(sport, sizeof(sport), "%d", port); res = getaddrinfo (address, sport, &hints, &ai); if (res != 0) { fail = (-1); status = errno; sl_strlcpy(ecall, _("getaddrinfo"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, gai_strerror (res), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); } if (fail != (-1) && (DoReverseLookup == S_TRUE) && !sh_ipvx_is_numeric(address)) { struct addrinfo *p = ai; int success = 0; char hostname[SH_BUFSIZE]; const char * canonical; #if defined(AI_CANONNAME) if (ai->ai_canonname && strlen(ai->ai_canonname) > 0) { canonical = ai->ai_canonname; } else { canonical = address; } #else canonical = address; #endif while (p != NULL) { int e = getnameinfo (p->ai_addr, p->ai_addrlen, hostname, sizeof(hostname), NULL, 0, NI_NAMEREQD); if (e == 0) { if (sl_strcasecmp(hostname, canonical) == 0) { success = 1; break; } } p = p->ai_next; } if (success == 0) { sl_strlcpy(ecall, _("strcmp"), SH_MINIBUF); sl_strlcpy(errmsg, _("Reverse lookup failed: "), errsiz); sl_strlcat(errmsg, address, errsiz); fail = -1; freeaddrinfo (ai); } } if (fail != (-1)) { struct addrinfo *p = ai; while (p != NULL) { if ( (SOCK_STREAM == p->ai_socktype) && ((p->ai_family == AF_INET) || (p->ai_family == AF_INET6)) ) { fd = socket(p->ai_family, SOCK_STREAM, 0); if (fd != (-1)) { if (retry_connect(FIL__, __LINE__, fd, p->ai_addr, p->ai_addrlen) >= 0) { /* put it into the cache */ check_cache = SH_ALLOC(sizeof(sin_cache)); check_cache->address = SH_ALLOC(sl_strlen(address) + 1); sl_strlcpy (check_cache->address, address, sl_strlen(address) + 1); sh_ipvx_save(&(check_cache->saddr), p->ai_family, p->ai_addr); ++cached_addr; if (conn_cache) { if (conn_cache->next) check_cache->next = conn_cache->next; else check_cache->next = NULL; conn_cache->next = check_cache; } else { check_cache->next = NULL; conn_cache = check_cache; } freeaddrinfo (ai); goto end; } status = errno; sl_close_fd(FIL__, __LINE__, fd); } else { status = errno; } } p = p->ai_next; } fail = (-1); freeaddrinfo (ai); sl_strlcpy(ecall, _("connect"), SH_MINIBUF); *errnum = status; sl_strlcpy(errmsg, sh_error_message (status, errbuf, sizeof(errbuf)), errsiz); sl_strlcat(errmsg, _(", address "), errsiz); sl_strlcat(errmsg, address, errsiz); } } end: retval = (fail < 0) ? (-1) : fd; SL_RETURN(retval, _("connect_port")); } #endif int connect_port_2 (char * address1, char * address2, int port, char * ecall, int * errnum, char * errmsg, int errsiz) { int retval = (-1); SL_ENTER(_("connect_port_2")); errmsg[0] = '\0'; *errnum = 0; if (address1 != NULL && address1[0] != '\0') retval = connect_port (address1, port, ecall, errnum, errmsg, errsiz); if (retval < 0 && address2 != NULL && address2[0] != '\0') { /* can't use sh_error_handle here, as this would cause an infinite * loop if called from sh_unix_time */ TPT(( 0, FIL__, __LINE__, _("msg=\n"), address2)); retval = connect_port (address2, port, ecall, errnum, errmsg, errsiz); } if ((retval < 0) && (address1 == NULL || address1[0] == '\0') && (address1 == NULL || address1[0] == '\0')) { sl_strlcpy(ecall, _("connect_port_2"), SH_MINIBUF); sl_strlcpy(errmsg, _("No server address known"), errsiz); } SL_RETURN(retval, _("connect_port_2")); /* return retval; */ } #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) static int sh_write_select(int type, int sockfd, char *buf, int nbytes, int * w_error, int timeout) { int countbytes, count; fd_set fds; struct timeval tv; int select_now; int num_sel; char errbuf[SH_ERRBUF_SIZE]; SL_ENTER(_("sh_write_select")); FD_ZERO(&fds); FD_SET(sockfd, &fds); countbytes = 0; tv.tv_sec = 1; tv.tv_usec = 0; select_now = 0; *w_error = 0; while ( countbytes < nbytes ) { FD_ZERO(&fds); FD_SET(sockfd, &fds); if (type == SH_DO_WRITE) { if ( (num_sel = select (sockfd+1, NULL, &fds, NULL, &tv)) == -1) { if (sig_raised == 1) { sig_raised = 2; continue; } if ( errno == EINTR || errno == EINPROGRESS ) /* try again */ continue; *w_error = errno; sh_error_message(*w_error, errbuf, sizeof(errbuf)); sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, errbuf, _("sh_write_select (ws)") ); TPT(( 0, FIL__, __LINE__, _("msg=\n"), errbuf )); SL_RETURN( countbytes, _("sh_write_select")); } } else { if ( (num_sel = select (sockfd+1, &fds, NULL, NULL, &tv)) == -1) { if (sig_raised == 1) { sig_raised = 2; continue; } if ( errno == EINTR || errno == EINPROGRESS ) /* try again */ continue; *w_error = errno; sh_error_message(*w_error, errbuf, sizeof(errbuf)); sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, errbuf, _("sh_write_select (rs)") ); TPT(( 0, FIL__, __LINE__, _("msg=\n"), errbuf )); SL_RETURN( countbytes, _("sh_write_select")); } } /* on Linux, timeout is modified to reflect the amount of * time not slept */ tv.tv_sec = 1; tv.tv_usec = 0; /* let's not hang on forever */ if (num_sel == 0) { ++select_now; /* timeout */ if ( select_now > timeout ) /* 5 minutes */ { #ifdef ETIMEDOUT *w_error = ETIMEDOUT; #else *w_error = 0; #endif TPT(( 0, FIL__, __LINE__, _("msg=\n"))); SL_RETURN( countbytes, _("sh_write_select")); } } if ( FD_ISSET (sockfd, &fds) ) { if (type == SH_DO_WRITE) count = write (sockfd, buf, nbytes-countbytes); else count = read (sockfd, buf, nbytes-countbytes); if (count > 0) { countbytes += count; buf += count; /* move buffer pointer forward */ if (countbytes < nbytes) FD_SET( sockfd, &fds ); } else if (count < 0 && errno == EINTR) { FD_SET( sockfd, &fds ); } else if (count < 0) { *w_error = errno; sh_error_message(*w_error, errbuf, sizeof(errbuf)); sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, errno, MSG_E_SUBGEN, errbuf, (type == SH_DO_WRITE) ? _("sh_write_select (w)") : _("sh_write_select (r)")); TPT(( 0, FIL__, __LINE__, _("msg=\n"))); SL_RETURN( countbytes, _("sh_write_select")); } else /* count == 0 */ { *w_error = errno; TPT(( 0, FIL__, __LINE__, _("msg=\n"))); SL_RETURN( countbytes, _("sh_write_select")); } } } *w_error = 0; TPT(( 0, FIL__, __LINE__, _("msg=\n"), countbytes)); SL_RETURN( countbytes, _("sh_write_select")); } #endif #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, int * w_error, int timeout) { unsigned long bytes; SL_ENTER(_("write_port")); bytes = sh_write_select(SH_DO_WRITE, sockfd, buf, nbytes, w_error, timeout); if (*w_error != 0) { char errbuf[SH_ERRBUF_SIZE]; sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, sh_error_message (*w_error, errbuf, sizeof(errbuf)), (long) sockfd, _("write_port")); } SL_RETURN( bytes, _("write_port")); } #endif #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, int * w_error, int timeout) { unsigned long bytes; SL_ENTER(_("read_port")); bytes = sh_write_select(SH_DO_READ, sockfd, buf, nbytes, w_error, timeout); if (*w_error != 0) { char errbuf[SH_ERRBUF_SIZE]; sh_error_handle((-1), FIL__, __LINE__, *w_error, MSG_TCP_NETRP, sh_error_message (*w_error, errbuf, sizeof(errbuf)), (long) sockfd, _("read_port")); } SL_RETURN( bytes, _("read_port")); } #endif #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) int check_request_nerr (char * have, char * need) { SL_ENTER(_("check_request_nerr")); ASSERT_RET((have != NULL && need != NULL), _("have != NULL && need != NULL"), (-1)) if ( (have[0] == need[0]) && (have[1] == need[1]) && (have[2] == need[2]) && (have[3] == need[3])) SL_RETURN(0, _("check_request_nerr")); SL_RETURN((-1), _("check_request_nerr")); } #endif #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) int check_request (char * have, char * need) { char first[21], second[5]; int i; SL_ENTER(_("check_request")); i = check_request_nerr (have, need); if (i == 0) SL_RETURN(0, _("check_request")); for (i = 0; i < 4; ++i) { second[i] = need[i]; sprintf(&first[i*4], _("%c%03o"), /* known to fit */ '\\', (unsigned char) have[i]); } first[20] = '\0'; second[4] = '\0'; sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST, second, first); SL_RETURN((-1), _("check_request")); } #endif #if defined (SH_WITH_SERVER) int check_request_s (char * have, char * need, char * clt) { char first[21], second[5]; int i; SL_ENTER(_("check_request_s")); i = check_request_nerr (have, need); if (i == 0) SL_RETURN( (0), _("check_request_s")); for (i = 0; i < 4; ++i) { second[i] = need[i]; sprintf(&first[i*4], _("%c%03o"), /* known to fit */ '\\', (unsigned char) have[i]); } first[20] = '\0'; second[4] = '\0'; sh_error_handle((-1), FIL__, __LINE__, EINVAL, MSG_E_NETST1, second, first, clt); SL_RETURN( (-1), _("check_request_s")); } #endif #if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER) void get_header (unsigned char * head, unsigned long * bytes, char * u) { SL_ENTER(_("get_header")); *bytes = (256 * (unsigned int)head[1] + (unsigned int)head[2]); if (u != NULL) { u[0] = head[3]; u[1] = head[4]; u[2] = head[5]; u[3] = head[6]; u[4] = '\0'; } SL_RET0(_("get_header")); } #endif #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) #ifdef SH_ENCRYPT_2 #define TRANS_BYTES 65120 #else #define TRANS_BYTES 65280 #endif void put_header (unsigned char * head, int protocol, unsigned long * length, char * u) { /* static long transfer_limit = (8 * SH_BUFSIZE); V0.8 */ static unsigned long transfer_limit = TRANS_BYTES + 6 + KEY_LEN; SL_ENTER(_("put_header")); head[0] = protocol; ASSERT((*length < transfer_limit), _("*length < transfer_limit")) if (*length > transfer_limit) *length = transfer_limit; head[1] = (unsigned int)(*length/256); head[2] = (unsigned int)(*length-256 * head[1]); if (u == NULL) { head[3] = 0x01; head[4] = 0x01; head[5] = 0x01; head[6] = 0x01; } else { head[3] = u[0]; head[4] = u[1]; head[5] = u[2]; head[6] = u[3]; } SL_RET0(_("put_header")); } #endif /* ------------------------------------------ * * version 2 client/server protocol * * ------------------------------------------ * * header : flag size[2] * * payload: random_pad[8] protocol[4] size[4] payload[payload_size] padding * * full_size <= 8192; payload_size <= 8176 (511*16); msg_size <= 8128 (508*16) * (msg_size = payload_size - key_len = payload_size - 48) */ /* * only SH_V2_FULLSIZE is used, and only once */ #if 0 #ifdef SH_WITH_SERVER #define SH_V2_FULLSIZE 240 #define SH_V2_PAYLOAD 224 #define SH_V2_MESSAGE 176 #else #define SH_V2_FULLSIZE 1024 #define SH_V2_PAYLOAD 1008 #define SH_V2_MESSAGE 960 #endif #endif #define SH_V2_FULLSIZE 1024 #ifdef SH_ENCRYPT #include "rijndael-api-fst.h" #endif void sh_tools_show_header (unsigned char * head, char sign) { #define SH_IS_ASCII(c) (((c) & ~0x7f) == 0) int msg_size = (256 * (unsigned int)head[1] + (unsigned int)head[2]); char code[32]; char * p = &code[0]; memset (code, ' ', 32); /* space */ if ((head[0] & SH_PROTO_SRP) != 0) { p[0]='S';p[1]='R';p[2]='P';} p += 4; if ((head[0] & SH_PROTO_MSG) != 0) { p[0]='M';p[1]='S';p[2]='G';} p += 4; if ((head[0] & SH_PROTO_BIG) != 0) { p[0]='B';p[1]='I';p[2]='G';} p += 4; if ((head[0] & SH_PROTO_END) != 0) { p[0]='E';p[1]='N';p[2]='D';} p += 4; if ((head[0] & SH_PROTO_ENC) != 0) { p[0]='E';p[1]='N';p[2]='C';} p += 4; if ((head[0] & SH_PROTO_EN2) != 0) { p[0]='E';p[1]='N';p[2]='2';} code[23] = '\0'; if (SH_IS_ASCII(head[3]) && isalpha(head[3]) && SH_IS_ASCII(head[4]) && isalpha(head[4]) && SH_IS_ASCII(head[5]) && isalpha(head[5]) && SH_IS_ASCII(head[6]) && isalpha(head[6])) { fprintf(stderr, "%c %3o %s %5d %c %c %c %c\n", sign, head[0], code, msg_size, head[3], head[4], head[5], head[6]); } else { fprintf(stderr, "%c %3o %s %5d %2X %2X %2X %2X\n", sign, head[0], code, msg_size, head[3], head[4], head[5], head[6]); } return; } #ifdef SH_ENCRYPT /* * #define DEBUG_EN2 * * ingest version 1 7-byte header and payload, return version2 header/payload * last 4 bytes of outgoing header are set to dummy value */ char * sh_tools_makePack (unsigned char * header, char * payload, unsigned long payload_size, keyInstance * keyInstE) { UINT32 rpad[3]; unsigned char head[16]; double epad; unsigned long i_epad = 0; unsigned long i_blk = payload_size / 16; unsigned long i_blkmax = SH_V2_FULLSIZE / 16; unsigned long pads = 0; size_t full_size; char * full_ret; char * p; RIJ_BYTE inBlock[B_SIZ]; RIJ_BYTE outBlock[B_SIZ]; int j; cipherInstance cipherInst; int err_num; int blkfac; int oflow = 0; /* SL_REQUIRE (i_blk*16 == payload_size, _("payload_size % 16 != 0")); */ if ((i_blk * 16) != payload_size) ++i_blk; #ifdef DEBUG_EN2 fprintf(stderr, "SEND <%d> blocks <%d>\n", payload_size, i_blk); #endif /* random_pad */ rpad[1] = taus_get (); memcpy (head, &rpad[1], 4); rpad[0] = taus_get (); memcpy (&head[4], &rpad[0], 4); rpad[2] = taus_get (); memcpy (&head[8], &rpad[2], 4); /* protocol */ /* memcpy (&head[8], &header[3], 4); */ /* size (payload) */ head[12] = header[1]; head[13] = header[2]; head[14] = '\0'; head[15] = '\0'; if (i_blk < i_blkmax) { pads = i_blkmax - i_blk; /* memcpy((char *) &rpad[2], &head[12], 4); */ epad = taus_get_double (&rpad); #ifdef DEBUG_EN2 fprintf(stderr, "PAD1 <%d> <%f>\n", pads, epad); #endif i_epad = (unsigned long) (pads * epad); #ifdef DEBUG_EN2 fprintf(stderr, "PAD2 <%d> <%d>\n", i_epad, (i_epad*16)); #endif } full_size = 16; /* head */ if (sl_ok_muls(i_blk, 16) && sl_ok_adds(full_size, (i_blk*16))) full_size = full_size + (i_blk*16); /* payload */ else oflow = 1; if (sl_ok_adds(full_size, (i_epad*16))) full_size = full_size + (i_epad*16); /* pad */ else i_epad = 0; if (oflow) { sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, _("integer overflow"), _("sh_tools_makePack")); } full_ret = SH_ALLOC(full_size); memcpy(full_ret, head, 16); if (payload != NULL && !oflow) { memcpy(&full_ret[16], payload, payload_size); } if ((i_blk*16) > payload_size && !oflow) { #ifdef DEBUG_EN2 fprintf(stderr, "SEN2 <%d>\n", (i_blk*16) - payload_size); #endif memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size); payload_size = i_blk * 16; } memset(&full_ret[16+payload_size], '\0', i_epad*16); #ifdef DEBUG_EN2 fprintf(stderr, "SEN3 <%d> <%d>\n", full_size, i_epad*16); #endif /* rewrite header */ header[1] = (unsigned int)(full_size/256); header[2] = (unsigned int)(full_size - (256 * header[1])); /* don't erase protocol from header memset(&header[3], '\0', 4); */ p = full_ret; blkfac = full_size / 16; err_num = cipherInit (&cipherInst, MODE_CBC, NULL); if (err_num < 0) { char expbuf[SH_ERRBUF_SIZE]; sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, errorExplain(err_num, expbuf, sizeof(expbuf)), _("sh_tools_makePack: cipherInit")); } for (j = 0; j < blkfac; ++j) { memcpy(inBlock, p, B_SIZ); err_num = blockEncrypt(&cipherInst, keyInstE, inBlock, 128 * BNUM, outBlock); if (err_num < 0) { char expbuf[SH_ERRBUF_SIZE]; sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, errorExplain(err_num, expbuf, sizeof(expbuf)), _("sh_tools_makePack: blockEncrypt")); } memcpy(p, outBlock, B_SIZ); p += B_SIZ; } return full_ret; } /* write a 7-byte header and return payload as expected by version 1 * last 4 bytes of incoming header are dummy */ char * sh_tools_revertPack (unsigned char * header, char * message, keyInstance * keyInstD, unsigned long message_size) { unsigned long msg_size; char * msg_ret; char * p; RIJ_BYTE inBlock[B_SIZ]; RIJ_BYTE outBlock[B_SIZ]; int j; cipherInstance cipherInst; int err_num; int blkfac; char expbuf[SH_ERRBUF_SIZE]; msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); #ifdef DEBUG_EN2 fprintf(stderr, "RECV <%lu>\n", msg_size); #endif if (msg_size > message_size) { msg_size = message_size; #ifdef DEBUG_EN2 fprintf(stderr, "RECV TRUNC1 <%lu>\n", msg_size); #endif } p = message; blkfac = msg_size / 16; err_num = cipherInit (&cipherInst, MODE_CBC, NULL); if (err_num < 0) { sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, errorExplain(err_num, expbuf, sizeof(expbuf)), _("sh_tools_revertPack: cipherInit")); } for (j = 0; j < blkfac; ++j) { memcpy(inBlock, p, B_SIZ); err_num = blockDecrypt(&cipherInst, keyInstD, inBlock, 128 * BNUM, outBlock); if (err_num < 0) { sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, errorExplain(err_num, expbuf, sizeof(expbuf)), _("sh_tools_revertPack: blockDecrypt")); } memcpy(p, outBlock, B_SIZ); p += B_SIZ; } /* rewrite size in header */ header[1] = message[12]; header[2] = message[13]; msg_size = (256 * (unsigned int)header[1] + (unsigned int)header[2]); if (msg_size > (message_size-16)) { msg_size = message_size-16; header[1] = (unsigned int)(msg_size/256); header[2] = (unsigned int)(msg_size - (256 * header[1])); #ifdef DEBUG_EN2 fprintf(stderr, "RECV TRUNC2 <%lu>\n", msg_size); #endif } #ifdef DEBUG_EN2 fprintf(stderr, "REC2 <%lu>\n", msg_size); #endif /* protocol */ /* memcpy(&header[3], &message[8], 4); */ /* payload */ msg_ret = SH_ALLOC(msg_size+1); if (msg_size > 0) { memcpy(msg_ret, &message[16], msg_size); } msg_ret[msg_size] = '\0'; #ifdef DEBUG_EN2 fprintf(stderr, "REC3 <%lu>\n", msg_size); #endif SH_FREE(message); return msg_ret; } #endif int sh_tools_hash_add(char * key, char * buf, int buflen) { char * theSig; char sigbuf[KEYBUF_SIZE]; SL_ENTER(_("sh_tools_hash_add")); theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); sl_strlcat(buf, theSig, buflen + KEY_LEN + 1); SL_RETURN((0), _("sh_tools_hash_add")); } /* return 0 (== FALSE) if no match, else 1 (== TRUE) */ int sh_tools_hash_vfy(char * key, char * buf, int buflen) { char hash[KEY_LEN+1]; register int i; char * theSig; char sigbuf[KEYBUF_SIZE]; SL_ENTER(_("sh_tools_hash_vfy")); theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); sl_strlcpy(hash, theSig, KEY_LEN+1); for (i = 0; i < KEY_LEN; ++i) { if (buf[buflen + i] != hash[i]) SL_RETURN((0), _("sh_tools_hash_vfy")); } SL_RETURN((1), _("sh_tools_hash_vfy")); } /* ------------------------------------------ */ #if defined (SH_WITH_SERVER) /* add a checksum to a buffer; put checksum in front */ char * hash_me (char * key, char * buf, int buflen) { char hash[KEY_LEN+1]; char * temp = NULL; register int i; int total = 0; char * theSig; char sigbuf[KEYBUF_SIZE]; SL_ENTER(_("hash_me")); #ifdef DEBUG_EN2 fprintf(stderr, "hash_me <%s> <%d>\n", (key == NULL) ? "NULL" : key, buflen); #endif /* key = H(NSRV,NCLT,SK) */ ASSERT_RET((key != NULL), _("key != NULL"), (NULL)); ASSERT_RET((buflen >= 0), _("buflen >= 0"), (NULL)); theSig = sh_util_siggen (key, buf, buflen, sigbuf, sizeof(sigbuf)); sl_strlcpy(hash, theSig, KEY_LEN+1); if (sl_ok_adds(buflen, KEY_LEN)) { total = KEY_LEN + buflen; temp = SH_ALLOC (total); for (i = 0; i < KEY_LEN; ++i) temp[i] = hash[i]; for (i = 0; i < buflen; ++i) temp[i+KEY_LEN] = buf[i]; } else { sh_error_handle((-1), FIL__, __LINE__, -1, MSG_E_SUBGEN, _("integer overflow"), _("hash_me")); temp = sh_util_strdup(buf); } SL_RETURN(temp, _("hash_me")); } #endif #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) /* verify the checksum of a buffer; checksum comes first */ int hash_check(char * key, char * buf, int buflen) { char hash[KEY_LEN+1]; register int i; char * theSig; char sigbuf[KEYBUF_SIZE]; SL_ENTER(_("hash_check")); #ifdef DEBUG_EN2 fprintf(stderr, "hash_check <%s> <%d>\n", (key == NULL) ? "NULL" : key, buflen); #endif theSig = sh_util_siggen (key, &buf[KEY_LEN], buflen-KEY_LEN, sigbuf, sizeof(sigbuf)); sl_strlcpy(hash, theSig, KEY_LEN+1); for (i = 0; i < KEY_LEN; ++i) { if (buf[i] != hash[i]) SL_RETURN((-1), _("hash_check")); } SL_RETURN((0), _("hash_check")); } #endif #if defined (SH_WITH_SERVER) char * get_client_conf_file (char * peer, unsigned long * length) { char * ret; int status; struct stat buf; char * base; size_t size; SL_ENTER(_("get_client_conf_file")); base = sh_util_strdup(DEFAULT_DATAROOT); size = sl_strlen(base); if (sl_ok_adds(size, sl_strlen(peer))) size += sl_strlen(peer); if (sl_ok_adds(size, 6)) size += 6; ret = SH_ALLOC(size); sl_strlcpy(ret, base, size); sl_strlcat(ret, _("/rc."), size); sl_strlcat(ret, peer, size); status = retry_stat (FIL__, __LINE__, ret, &buf); if (status == 0) goto lab_end; else sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, (long) sh.effective.uid, ret); sl_strlcpy(ret, base, size); sl_strlcat(ret, "/rc", size); status = retry_stat (FIL__, __LINE__, ret, &buf); if (status == 0) goto lab_end; else sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_ACCESS, (long) sh.effective.uid, ret); SH_FREE(base); SH_FREE(ret); *length=0; SL_RETURN(NULL, _("get_client_conf_file")); lab_end: if (buf.st_size > 0x7fffffff) { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, _("File too large"), _("get_client_conf_file")); SH_FREE(base); SL_RETURN(NULL, _("get_client_conf_file")); } *length = (unsigned long) buf.st_size; SH_FREE(base); SL_RETURN(ret, _("get_client_conf_file")); } char * get_client_data_file (char * peer, unsigned long * length) { char * ret; int status; struct stat buf; char * base; size_t size; SL_ENTER(_("get_client_data_file")); base = sh_util_strdup(DEFAULT_DATAROOT); size = sl_strlen(base); if (sl_ok_adds(size, sl_strlen(peer))) size += sl_strlen(peer); if (sl_ok_adds(size, 8)) size += 8; ret = SH_ALLOC(size); sl_strlcpy(ret, base, size); sl_strlcat(ret, _("/file."), size); sl_strlcat(ret, peer, size); status = retry_stat (FIL__, __LINE__, ret, &buf); if (status == 0) goto lab1_end; else sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, (long) sh.effective.uid, ret); sl_strlcpy(ret, base, size); sl_strlcat(ret, _("/file"), size); status = retry_stat (FIL__, __LINE__, ret, &buf); if (status == 0) goto lab1_end; else sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_ACCESS, (long) sh.effective.uid, ret); *length = 0; SH_FREE(base); SH_FREE(ret); SL_RETURN(NULL, _("get_client_data_file")); lab1_end: if (buf.st_size > 0x7fffffff) { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, _("File too large"), _("get_client_data_file")); SH_FREE(base); SL_RETURN(NULL, _("get_client_data_file")); } *length = (unsigned long) buf.st_size; SH_FREE(base); SL_RETURN(ret, _("get_client_data_file")); } #endif #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) /* --------- secure temporary file ------------ */ SL_TICKET open_tmp () { SL_TICKET fd; UINT32 ticks; char * file; struct stat buf; int error; int status = BAD; char * my_tmp_dir; char hashbuf[KEYBUF_SIZE]; SL_ENTER(_("open_tmp")); #if defined(SH_TMPDIR) my_tmp_dir = sh_util_strdup(SH_TMPDIR); #else #if defined(SH_WITH_SERVER) my_tmp_dir = sh_util_strdup(DEFAULT_LOGDIR); #else my_tmp_dir = sh_util_strdup(sh.effective.home); #endif #endif if (0 != tf_trust_check (my_tmp_dir, SL_YESPRIV)) { dlog(1, FIL__, __LINE__, _("The directory for temporary files: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), my_tmp_dir); sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, (long) sh.effective.uid, my_tmp_dir); SH_FREE(my_tmp_dir); aud_exit (FIL__, __LINE__, EXIT_FAILURE); } do { /* create random filename in effective users home directory */ ticks = taus_get (); if (my_tmp_dir[0] == '/' && my_tmp_dir[1] == '\0') file = sh_util_strconcat (my_tmp_dir, sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4, hashbuf, sizeof(hashbuf)), NULL); else file = sh_util_strconcat (my_tmp_dir, "/", sh_tiger_hash( (char *) &ticks, TIGER_DATA, 4, hashbuf, sizeof(hashbuf)), NULL); /* check whether it already exists (paranoia) */ errno = 0; status = retry_lstat(FIL__, __LINE__, file, &buf); error = errno; if ( (status < 0) && (error == ENOENT) ) /* file does not exist */ status = GOOD; else if (status < 0) /* unexpected error condition */ { SH_FREE (file); SH_FREE(my_tmp_dir); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, _("Error (lstat) while opening temporary file"), _("open_tmp")); TPT(( 0, FIL__, __LINE__, _("msg=\n"), error)); SL_RETURN((-1), _("open_tmp")); } else /* file exists */ { status = BAD; TPT(( 0, FIL__, __LINE__, _("msg=\n"))); } if (status == GOOD) { if (0 == tf_trust_check (file, SL_YESPRIV)) status = GOOD; else { status = BAD; TPT(( 0, FIL__, __LINE__, _("msg=\n"))); } } if (status == BAD) SH_FREE (file); } while (status == BAD); fd = sl_open_safe_rdwr (FIL__, __LINE__, file, SL_YESPRIV); if (SL_ISERROR(fd)) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, fd, MSG_E_SUBGEN, _("Error opening temporary file"), _("open_tmp")); TPT(( 0, FIL__, __LINE__, _("msg=\n"), fd, file)); } SH_FREE (file); SH_FREE(my_tmp_dir); if (!SL_ISERROR(fd)) { sl_unlink(fd); } if (!SL_ISERROR(fd)) SL_RETURN((fd), _("open_tmp")); else SL_RETURN((-1), _("open_tmp")); } int close_tmp (SL_TICKET fd) { SL_ENTER(_("close_tmp")); if (SL_ISERROR(sl_close (fd))) SL_RETURN((-1), _("close_tmp")); SL_RETURN((0), _("close_tmp")); } int rewind_tmp (SL_TICKET fd) { SL_ENTER(_("rewind_tmp")); if (SL_ISERROR(sl_rewind (fd))) SL_RETURN((-1), _("rewind_tmp")); SL_RETURN((0), _("rewind_tmp")); } #endif /******************************************************** * Search rotated logfile */ #include #include #include char * sh_rotated_log_search(const char * path, struct stat * buf) { size_t size; int i; char * searchpath; struct stat sbuf; DIR * dp; char * dname; char * bname; dname = sh_util_dirname(path); bname = sh_util_basename(path); size = strlen(dname) + strlen(bname) + 4; searchpath = SH_ALLOC(size); for (i = 0; i < 2; ++i) { snprintf(searchpath, size, "%s/%s.%1d", dname, bname, i); if (0 == stat(searchpath, &sbuf) && sbuf.st_ino == buf->st_ino) { SH_FREE(dname); SH_FREE(bname); return searchpath; } } SH_FREE(searchpath); if (NULL != (dp = opendir(dname))) { struct dirent * de; while (NULL != (de = readdir(dp))) { if (0 == strcmp(de->d_name, ".") || 0 == strcmp(de->d_name, "..")) continue; size = strlen(dname) + strlen(de->d_name) + 2; searchpath = SH_ALLOC(size); snprintf(searchpath, size, "%s/%s", dname, de->d_name); if (0 == stat(searchpath, &sbuf) && sbuf.st_ino == buf->st_ino) { SH_FREE(dname); SH_FREE(bname); closedir(dp); return searchpath; } SH_FREE(searchpath); } closedir(dp); } SH_FREE(dname); SH_FREE(bname); return NULL; } samhain-3.1.0/src/sh_extern.c0000644000175000017500000011236512210063132013004 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2000,2004 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #ifdef HAVE_MEMORY_H #include #endif /* replace #if 0 by #if 1 and set an appropriate path in front of '/pdbg.' * for debugging */ #if 0 #define PDGBFILE "/pdbg." #endif #if defined(PDGBFILE) static FILE * pdbg = NULL; static FILE * pdbgc = NULL; #define PDBG_OPEN if (pdbg == NULL) pdbg = fopen(PDGBFILE"main", "a") #define PDBG_CLOSE sl_fclose (FIL__, __LINE__, pdbg); pdbg = NULL #define PDBG(arg) fprintf(pdbg, "PDBG: step %d\n", arg); fflush(pdbg) #define PDBG_D(arg) fprintf(pdbg, "PDBG: %d\n", arg); fflush(pdbg) #define PDBG_S(arg) fprintf(pdbg, "PDBG: %s\n", arg); fflush(pdbg) #define PDBGC_OPEN if (pdbgc == NULL) pdbgc = fopen(PDGBFILE"child", "a") #define PDBGC_CLOSE sl_fclose (FIL__, __LINE__, pdbgc); pdbgc = NULL #define PDBGC(arg) fprintf(pdbgc, "PDBGC: step %d\n", arg); fflush(pdbgc) #define PDBGC_D(arg) fprintf(pdbgc, "PDBGC: %d\n", arg); fflush(pdbgc) #define PDBGC_S(arg) fprintf(pdbgc, "PDBGC: %s\n", arg); fflush(pdbgc) #else #define PDBG_OPEN #define PDBG_CLOSE #define PDBG(arg) #define PDBG_D(arg) #define PDBG_S(arg) #define PDBGC_OPEN #define PDBGC_CLOSE #define PDBGC(arg) #define PDBGC_D(arg) #define PDBGC_S(arg) #endif #include #include #include #include #include #include #include #include #include #if TIME_WITH_SYS_TIME #include #include #else #if HAVE_SYS_TIME_H #include #else #include #endif #endif #include "samhain.h" #include "sh_utils.h" #include "sh_unix.h" #include "sh_tiger.h" #include "sh_extern.h" #include "sh_calls.h" #include "sh_filter.h" #define SH_NEED_PWD_GRP 1 #include "sh_static.h" #undef FIL__ #define FIL__ _("sh_extern.c") extern int get_the_fd (SL_TICKET ticket); /* * -- generic safe popen */ int sh_ext_popen (sh_tas_t * task) { long status = 0; int flags; char * tmp; char * tmp2; int errnum; int pipedes[2]; FILE * outf = NULL; char * envp[1]; char * argp[2]; char * errfile; char errbuf[SH_ERRBUF_SIZE]; static int some_error = 0; #if defined (__linux__) SL_TICKET fd = -1; char pname[128]; int pfd = -1; #endif SL_ENTER(_("sh_ext_popen")); /* Linux, HP-UX and FreeBSD will happily accept envp = argp = NULL * (newer Linuxes (gcc 4.4.4) warn on argp == NULL, but accept it, * as reported by T. Luettgert) * Solaris (and probably some other Unices) * needs a valid *envp[] with envp[0] = NULL; * and similarly for argp * OpenBSD finally needs non-null argp[0] ... */ argp[0] = task->command; argp[1] = NULL; envp[0] = NULL; /* * -- check whether path is trustworthy */ status = sl_trustfile(task->command, NULL, NULL); #if 0 if ((uid_t) -1 != task->trusted_users[0]) { status = sl_trustfile(task->command, task->trusted_users, NULL); } #endif PDBG_OPEN; PDBG_D( (int) status); if ( SL_ENONE != status) { PDBG_S("SL_ENONE != status"); if (some_error == 0) { tmp = sh_util_safe_name (task->command); errfile = sl_trust_errfile(); if (errfile[0] != '\0') { tmp2 = sh_util_safe_name (sl_trust_errfile()); sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST2, sl_error_string((int)status), tmp, tmp2); SH_FREE(tmp2); } else { sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_TRUST1, sl_error_string((int)status), tmp); } SH_FREE(tmp); } some_error = 1; SL_RETURN ((-1), _("sh_ext_popen")); } PDBG(1); /* * -- check whether the checksum is correct; with linux emulate fdexec */ #if ( !defined(__linux__) || ( defined(__linux__) && defined(HAVE_PTHREAD)) ) && !defined(SL_DEBUG) if (task->checksum[0] != '\0') { char hashbuf[KEYBUF_SIZE]; PDBG_S("checksum test"); if (0 != sl_strcmp(task->checksum, sh_tiger_hash (task->command, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)) ) ) { PDBG_S("checksum mismatch"); if (some_error == 0) { tmp = sh_util_safe_name (task->command); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_HASH, tmp); SH_FREE(tmp); } some_error = 1; SL_RETURN ((-1), _("sh_ext_popen")); } } #endif some_error = 0; PDBG(2); /* * -- Create the pipe */ if (aud_pipe(FIL__, __LINE__, pipedes) < 0) { PDBG_S("pipe() failure"); errnum = errno; sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN, sh_error_message(errnum, errbuf, sizeof(errbuf)), _("pipe")); SL_RETURN ((-1), _("sh_ext_popen")); } PDBG(3); /* * -- Flush streams and fork */ fflush (NULL); task->pid = aud_fork(FIL__, __LINE__); if (task->pid == (pid_t) - 1) { PDBG_S("fork() failure"); /*@-usedef@*/ (void) sl_close_fd(FIL__, __LINE__, pipedes[0]); (void) sl_close_fd(FIL__, __LINE__, pipedes[1]); /*@+usedef@*/ errnum = errno; sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN, sh_error_message(errnum, errbuf, sizeof(errbuf)), _("fork")); SL_RETURN ((-1), _("sh_ext_popen")); } PDBG(4); if (task->pid == (pid_t) 0) { /* * -- fork again, if requested */ if (S_TRUE == task->fork_twice) { task->pid = fork(); if (task->pid == (pid_t) - 1) { _exit (EXIT_FAILURE); } } if (task->pid == (pid_t) 0) { int val_return; PDBGC_OPEN; PDBGC(1); /* * -- grandchild - make write side of the pipe stdin */ if (task->rw == 'w') { do { val_return = dup2 (pipedes[STDIN_FILENO], STDIN_FILENO); } while (val_return < 0 && errno == EINTR); if (val_return < 0) _exit(EXIT_FAILURE); } else { do { val_return = dup2 (pipedes[STDOUT_FILENO], STDOUT_FILENO); } while (val_return < 0 && errno == EINTR); if (val_return < 0) _exit(EXIT_FAILURE); } PDBGC(2); /* close the pipe descriptors */ (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]); (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); /* don't leak file descriptors */ #if !defined(PDGBFILE) sh_unix_closeall (3, task->com_fd, SL_TRUE); /* in child process */ #endif /* drop root privileges, if possible && requested */ if (task->privileged == 0 && 0 == getuid()) { PDBGC_S("privileged"); /* zero priv info */ memset(skey, 0, sizeof(sh_key_t)); if (setgid((gid_t) task->run_user_gid) != 0) _exit(EXIT_FAILURE); if (setuid((uid_t) task->run_user_uid) != 0) _exit(EXIT_FAILURE); /* make sure we cannot get root again */ if (setuid(0) >= 0) _exit(EXIT_FAILURE); } PDBGC(3); (void) fflush(NULL); if (task->rw == 'w') { PDBGC_S("w"); (void) fcntl (STDOUT_FILENO, F_SETFD, FD_CLOEXEC); (void) fcntl (STDERR_FILENO, F_SETFD, FD_CLOEXEC); /* freopen(_("/dev/null"), "r+", stderr); freopen(_("/dev/null"), "r+", stdout); */ } else { PDBGC_S("r"); do { val_return = dup2 (STDOUT_FILENO, STDERR_FILENO); } while (val_return < 0 && errno == EINTR); (void) fcntl (STDIN_FILENO, F_SETFD, FD_CLOEXEC); /* freopen(_("/dev/null"), "r+", stdin); */ } PDBGC(4); #if defined(__linux__) /* * -- emulate an fdexec with checksum testing */ #if !defined(HAVE_PTHREAD) if (task->checksum[0] != '\0') #endif { PDBGC_S("fexecve"); if (task->com_fd != (-1)) { do { val_return = dup (task->com_fd); } while (val_return < 0 && errno == EINTR); pfd = val_return; if (pfd < 0) { PDBGC_S("fexecve: dup failed"); _exit(EXIT_FAILURE); } } #if !defined(HAVE_PTHREAD) else { char hashbuf[KEYBUF_SIZE]; fd = sl_open_read(FIL__, __LINE__, task->command, task->privileged==0 ? SL_NOPRIV : SL_YESPRIV); if (0 != sl_strcmp(task->checksum, sh_tiger_hash (task->command, fd, TIGER_NOLIM, hashbuf, sizeof(hashbuf)))) { PDBGC_S("fexecve: checksum mismatch"); sl_close(fd); _exit(EXIT_FAILURE); } pfd = get_the_fd(fd); do { val_return = dup (pfd); } while (val_return < 0 && errno == EINTR); pfd = val_return; sl_close(fd); fd = -1; if (pfd < 0) { PDBGC_S("fexecve: dup (2) failed"); _exit(EXIT_FAILURE); } } #endif PDBGC(5); /* Cannot use sprintf because of deadlock in malloc/free */ { static char digit[] = "0123456789"; char str0[128]; char str1[128]; int ival = pfd; int n = 0; int m = 0; if (ival < 0) ival = -ival; do { str0[n] = digit[ival % 10]; ++n; ival /= 10; } while (ival); if (pfd < 0) { str0[n] = '-'; ++n; } str0[n] = '\0'; str1[n] = '\0'; while (n > 0) { str1[m] = str0[n-1]; ++m; --n; } sl_strlcpy(pname, _("/proc/self/fd/"), sizeof(pname)); sl_strlcat(pname, str1, sizeof(pname)); } if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */ { PDBGC(6); PDBGC_CLOSE; fcntl (pfd, F_SETFD, FD_CLOEXEC); do { val_return = execve (pname, (task->argc == 0) ? argp : task->argv, (task->envc == 0) ? NULL : task->envv ); } while (val_return < 0 && errno == EINTR); errnum = errno; PDBGC_OPEN; PDBGC_S(strerror(errnum)); PDBGC_S(task->command); PDBGC_S("fexecve: failed"); PDBGC_CLOSE; /* failed */ _exit((errnum == 0) ? (EXIT_SUCCESS) : (EXIT_FAILURE)); } PDBGC_S("fexecve: not working"); /* * procfs not working, go ahead; checksum is tested already */ if (fd != -1) sl_close(fd); else if (pfd != -1) sl_close_fd(FIL__, __LINE__, pfd); } #endif PDBGC_S(" -- non fexecve --"); /* * -- execute path if executable */ if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */ { PDBGC(5); PDBGC_CLOSE; do { val_return = execve (task->command, (task->argc == 0) ? argp : task->argv, (task->envc == 0) ? envp : task->envv ); } while (val_return < 0 && errno == EINTR); } errnum = errno; PDBGC_OPEN; PDBGC_S(strerror(errnum)); PDBGC_S(task->command); PDBGC_S("execve: failed"); PDBGC_CLOSE; /* failed */ _exit((errnum == 0) ? (EXIT_SUCCESS) : (EXIT_FAILURE)); } /* * if we have forked twice, this is parent::detached_subprocess */ if (S_TRUE == task->fork_twice) { _exit (0); } } /* * -- parent; task->pid is child pid; exit status is status of * grandchild if exited */ if (S_TRUE == task->fork_twice) { (void) waitpid (task->pid, NULL, 0); } PDBG(5); /* open an output stream on top of the write side of the pipe */ if (task->rw == 'w') { PDBG_S("is w"); (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]); (void) retry_fcntl (FIL__, __LINE__, pipedes[STDOUT_FILENO], F_SETFD, FD_CLOEXEC); outf = fdopen (pipedes[STDOUT_FILENO], "w"); } else { PDBG_S("is r"); (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); (void) retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC); outf = fdopen (pipedes[STDIN_FILENO], "r"); } if (outf == NULL) { errnum = errno; PDBG_S("outf == NULL"); tmp = sh_util_safe_name (task->command); if (task->privileged == 0 && 0 == getuid()) sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC, (UID_CAST) task->run_user_uid, tmp); else sh_error_handle((-1), FIL__, __LINE__, errnum, MSG_NOEXEC, (UID_CAST) getuid(), tmp); SH_FREE(tmp); (void) aud_kill (FIL__, __LINE__, task->pid, SIGKILL); (void) sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); (void) sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]); (void) waitpid (task->pid, NULL, 0); task->pid = 0; SL_RETURN ((-1), _("sh_ext_popen")); } if (task->rw == 'w') task->pipeFD = pipedes[STDOUT_FILENO]; else task->pipeFD = pipedes[STDIN_FILENO]; PDBG_D(task->pipeFD); task->pipeTI = sl_make_ticket(FIL__, __LINE__, task->pipeFD, _("pipe"), outf); flags = (int) retry_fcntl (FIL__, __LINE__, task->pipeFD, F_GETFL, 0); if (flags != (-1)) (void) retry_fcntl (FIL__, __LINE__, task->pipeFD, F_SETFL, flags|O_NONBLOCK); task->pipe = outf; PDBG_S("return from popen"); PDBG_CLOSE; SL_RETURN (0, _("sh_ext_popen")); } /* * -- close the pipe */ extern int flag_err_debug; int sh_ext_pclose (sh_tas_t * task) { int status = 0; int retry = 0; pid_t retval; char infomsg[256]; #ifdef WCONTINUED int wflags = WNOHANG|WUNTRACED|WCONTINUED; #else int wflags = WNOHANG|WUNTRACED; #endif SL_ENTER(_("sh_ext_pclose")); PDBG_OPEN; PDBG_S(" -> pclose"); (void) fflush(task->pipe); if (!SL_ISERROR(task->pipeTI)) (void) sl_close(task->pipeTI); task->pipe = NULL; task->pipeFD = (-1); task->pipeTI = SL_ETICKET; if (S_FALSE == task->fork_twice) { infomsg[0] = '\0'; nochmal: retval = waitpid(task->pid, &(task->exit_status), wflags); /*@-bufferoverflowhigh@*/ if (task->pid == retval) { #ifndef USE_UNO if (WIFEXITED(task->exit_status) != 0) { task->exit_status = WEXITSTATUS(task->exit_status); if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0)) sl_snprintf(infomsg, sizeof(infomsg), _("Subprocess exited normally with status %d"), task->exit_status); } else if (WIFSIGNALED(task->exit_status) != 0) { sl_snprintf(infomsg, sizeof(infomsg), _("Subprocess terminated by signal %d"), WTERMSIG(task->exit_status)); task->exit_status = EXIT_FAILURE; } else if (WIFSTOPPED(task->exit_status) != 0) { sl_snprintf(infomsg, sizeof(infomsg), _("Subprocess stopped by signal %d, killing"), WSTOPSIG(task->exit_status)); task->exit_status = EXIT_FAILURE; (void) aud_kill (FIL__, __LINE__, task->pid, 9); (void) retry_msleep (0, 30); (void) waitpid (task->pid, NULL, wflags); } else { sl_snprintf(infomsg, sizeof(infomsg), _("Subprocess exit status unknown")); task->exit_status = EXIT_FAILURE; } #else task->exit_status = EXIT_FAILURE; #endif } else if (0 == retval) { if (retry < 3) { ++retry; (void) retry_msleep(0, (retry * 30)); goto nochmal; } (void) aud_kill (FIL__, __LINE__, task->pid, 9); sl_snprintf(infomsg, sizeof(infomsg), _("Subprocess not yet exited, killing")); task->exit_status = EXIT_FAILURE; (void) waitpid (task->pid, NULL, 0); } else { sl_snprintf(infomsg, sizeof(infomsg), _("Waitpid returned error %d\n"), errno); task->exit_status = EXIT_FAILURE; } /*@+bufferoverflowhigh@*/ status = task->exit_status; if (flag_err_debug == SL_TRUE) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task->exit_status, MSG_E_SUBGEN, infomsg, _("sh_ext_pclose")); } else if (status != 0) { sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, task->exit_status, MSG_E_SUBGEN, infomsg, _("sh_ext_pclose")); } } task->pid = 0; task->exit_status = 0; PDBG_S(" <--"); PDBG_CLOSE; SL_RETURN (status, _("sh_ext_pclose")); } void sh_ext_tas_init (sh_tas_t * tas) { int i; tas->command = NULL; tas->argc = 0; tas->envc = 0; tas->checksum[0] = '\0'; tas->pipeFD = (-1); tas->pipeTI = SL_ETICKET; tas->pid = (pid_t) -1; tas->privileged = 1; tas->pipe = NULL; tas->rw = 'w'; tas->exit_status = 0; tas->fork_twice = S_TRUE; for (i = 0; i < 32; ++i) { tas->argv[i] = NULL; tas->envv[i] = NULL; #if 0 tas->trusted_users[i] = (uid_t) -1; #endif } tas->run_user_uid = (uid_t) getuid(); tas->run_user_gid = (gid_t) getgid(); tas->com_fd = -1; tas->com_ti = -1; return; } int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val) { size_t sk = 0, sv = 0; int si; SL_ENTER(_("sh_ext_tas_add_envv")); if (tas == NULL || (key == NULL && val == NULL) || tas->envc >= 30) { SL_RETURN (-1, _("sh_ext_tas_add_envv")); } if (key != NULL) sk = strlen(key) + 1; if (val != NULL) sv = strlen(val) + 1; if (!sl_ok_adds(sk, sv)) { SL_RETURN (-1, _("sh_ext_tas_add_envv")); } si = tas->envc; tas->envv[si] = SH_ALLOC(sk + sv); if (key != NULL) { (void) sl_strlcpy(tas->envv[si], key, sk+sv); (void) sl_strlcat(tas->envv[si], "=", sk+sv); if (val != NULL) (void) sl_strlcat(tas->envv[si], val, sk+sv); } else (void) sl_strlcpy(tas->envv[si], val, sv); ++(tas->envc); SL_RETURN ((tas->envc), _("sh_ext_tas_add_envv")); } int sh_ext_tas_rm_argv(sh_tas_t * tas) { int last; SL_ENTER(_("sh_ext_tas_rm_argv")); if (tas == NULL || tas->argc == 0) { SL_RETURN (-1, _("sh_ext_tas_rm_argv")); } last = (tas->argc - 1); --(tas->argc); SH_FREE(tas->argv[last]); tas->argv[last] = NULL; SL_RETURN ((tas->argc), _("sh_ext_tas_rm_argv")); } int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val) { size_t sv = 0; int si; SL_ENTER(_("sh_ext_tas_add_argv")); if (tas == NULL || val == NULL || tas->argc >= 30) { SL_RETURN (-1, _("sh_ext_tas_add_argv")); } if (val != NULL) sv = strlen(val) + 1; si = tas->argc; tas->argv[si] = SH_ALLOC(sv); (void) sl_strlcpy(tas->argv[si], val, sv); ++(tas->argc); SL_RETURN ((tas->argc), _("sh_ext_tas_add_argv")); } void sh_ext_tas_command(sh_tas_t * tas, const char * command) { size_t len = sl_strlen(command); tas->command = SH_ALLOC(len+1); (void) sl_strlcpy(tas->command, command, len+1); return; } void sh_ext_tas_free(sh_tas_t * tas) { int i; if (NULL != tas->command) SH_FREE(tas->command); for (i = 0; i < 32; ++i) { if (NULL != tas->argv[i]) SH_FREE(tas->argv[i]); if (NULL != tas->envv[i]) SH_FREE(tas->envv[i]); } if (tas->com_ti != (-1)) { (void) sl_close(tas->com_ti); tas->com_ti = -1; tas->com_fd = -1; } return; } static void task_init (sh_tas_t * task) { sh_ext_tas_init(task); (void) sh_ext_tas_add_envv (task, _("SHELL"), _("/bin/sh")); (void) sh_ext_tas_add_envv (task, _("PATH"), _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb")); (void) sh_ext_tas_add_envv (task, _("IFS"), " \n\t"); if (sh.timezone != NULL) { (void) sh_ext_tas_add_envv(task, "TZ", sh.timezone); } return; } int sh_ext_popen_init (sh_tas_t * task, char * command, char * argv0, ...) { va_list vl; int status; task_init (task); if (!argv0) { sh_ext_tas_command(task, _("/bin/sh")); (void) sh_ext_tas_add_argv(task, _("/bin/sh")); (void) sh_ext_tas_add_argv(task, _("-c")); (void) sh_ext_tas_add_argv(task, command); } else { char * s; sh_ext_tas_command(task, command); (void) sh_ext_tas_add_argv(task, argv0); va_start (vl, argv0); s = va_arg (vl, char * ); while (s != NULL) { (void) sh_ext_tas_add_argv(task, s); s = va_arg (vl, char * ); } va_end (vl); } task->rw = 'r'; task->fork_twice = S_FALSE; status = sh_ext_popen(task); return status; } /* Execute a system command */ int sh_ext_system (char * command, char * argv0, ...) { sh_tas_t task; int status; va_list vl; char * s; SL_ENTER(_("sh_ext_system")); task_init (&task); sh_ext_tas_command(&task, command); (void) sh_ext_tas_add_argv(&task, argv0); va_start (vl, argv0); s = va_arg (vl, char * ); while (s != NULL) { (void) sh_ext_tas_add_argv(&task, s); s = va_arg (vl, char * ); } va_end (vl); task.rw = 'r'; task.fork_twice = S_FALSE; status = sh_ext_popen(&task); if (status != 0) { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, _("Could not execute command"), _("sh_ext_system")); SL_RETURN ((-1), _("sh_ext_system")); } /* close pipe and return exit status */ (void) sh_ext_pclose(&task); sh_ext_tas_free (&task); SL_RETURN ((status), _("sh_ext_system")); } /* Execute command, return first line of output * ifconfig | grep -1 lo | tail -n 1 | sed s/.*inet addr:\([0-9.]*\)\(.*\)/\1/ */ char * sh_ext_popen_str (char * command) { sh_tas_t task; struct sigaction new_act; struct sigaction old_act; char * out = NULL; int status; SL_ENTER(_("sh_ext_popen_str")); status = sh_ext_popen_init (&task, command, NULL, NULL); if (status != 0) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, _("Could not open pipe"), _("sh_ext_popen_str")); SL_RETURN ((NULL), _("sh_ext_popen_str")); } /* ignore SIGPIPE (instead get EPIPE if connection is closed) */ new_act.sa_handler = SIG_IGN; (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); /* read from the open pipe */ if (task.pipe != NULL) { int try = 1200; /* 1000 * 0.1 = 120 sec */ sh_string * s = sh_string_new(0); do { sh_string_read(s, task.pipe, 0); if (sh_string_len(s) == 0) { --try; retry_msleep(0, 100); } } while (sh_string_len(s) == 0 && try != 0); if (sh_string_len(s) == 0) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, _("No output from command"), _("sh_ext_popen_str")); } out = sh_util_strdup(sh_string_str(s)); sh_string_destroy(&s); } /* restore old signal handler */ (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL); /* close pipe and return exit status */ (void) sh_ext_pclose(&task); sh_ext_tas_free (&task); SL_RETURN ((out), _("sh_ext_popen_str")); } /* --------------- EXTERN STUFF ------------------- */ #if defined(WITH_EXTERNAL) typedef struct _sh_com_t { char type[4]; sh_filter_type * filter; time_t deadtime; time_t last_run; sh_tas_t tas; struct _sh_com_t * next; } sh_com_t; static void set3 (char * pos, char c1, char c2, char c3) { pos[0] = c1; pos[1] = c2; pos[2] = c3; pos[3] = '\0'; return; } /* initialize the external command structure */ static sh_com_t * command_init(void) { uid_t ff_euid; sh_com_t * ext_com = NULL; SL_ENTER(_("command_init")); ext_com = (sh_com_t *) SH_ALLOC(sizeof(sh_com_t)); if (!ext_com) { SL_RETURN( NULL, _("command_init")); } sh_ext_tas_init (&(ext_com->tas)); (void) sl_get_euid(&ff_euid); #if 0 ext_com->tas.trusted_users[0] = (uid_t) 0; ext_com->tas.trusted_users[1] = (uid_t) (ff_euid); #endif /* ------------------------------------------------- */ set3(ext_com->type, 'l', 'o', 'g'); ext_com->filter = NULL; ext_com->deadtime = 0; ext_com->last_run = 0; ext_com->next = NULL; SL_RETURN( ext_com, _("command_init")); } /* the list of external commands */ static sh_com_t * ext_coms = NULL; /* if -1, allocation of last command has failed, * thus don't fill in options */ static int ext_failed = -1; static int sh_ext_add_envv(const char * key, const char * val) { int retval; SL_ENTER(_("sh_ext_add_envv")); if (ext_coms == NULL || ext_failed == (-1) || (key == NULL && val == NULL) || ext_coms->tas.envc >= 30) { SL_RETURN (-1, _("sh_ext_add_envv")); } retval = sh_ext_tas_add_envv(&(ext_coms->tas), key, val); if (retval >= 0) retval = 0; SL_RETURN (retval, _("sh_ext_add_envv")); } static int sh_ext_init(const char * command) { sh_com_t * retval; size_t size; SL_ENTER(_("sh_ext_init")); if (command == NULL) { SL_RETURN (-1, _("sh_ext_init")); } size = strlen(command); if (command[0] != '/' || size < 2) { SL_RETURN (-1, _("sh_ext_init")); } if (NULL == (retval = command_init())) { SL_RETURN (-1, _("sh_ext_init")); } sh_ext_tas_command(&(retval->tas), command); if (sh.timezone != NULL) { (void) sh_ext_add_envv( "TZ", sh.timezone); } retval->next = ext_coms; ext_coms = retval; SL_RETURN (0, _("sh_ext_init")); } static int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) { struct passwd * tempres; #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; char * buffer = SH_ALLOC(SH_PWBUF_SIZE); #endif SL_ENTER(_("sh_ext_uid")); *uid = (uid_t)-1; *gid = (gid_t)-1; if (user == NULL) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) SH_FREE(buffer); #endif SL_RETURN (-1, _("sh_ext_uid")); } #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else tempres = sh_getpwnam(user); #endif if (NULL != tempres) { *uid = tempres->pw_uid; *gid = tempres->pw_gid; #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) SH_FREE(buffer); #endif SL_RETURN (0, _("sh_ext_uid")); } #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) SH_FREE(buffer); #endif SL_RETURN (-1, _("sh_ext_uid")); } static int sh_ext_add (const char * argstring, int * ntok, char * stok[]) { int i = 0; size_t s; char * p; char * new; size_t len; SL_ENTER(_("sh_ext_add")); if (NULL == argstring) { SL_RETURN((-1), _("sh_ext_add")); } len = strlen(argstring) + 1; new = SH_ALLOC(len); sl_strlcpy(new, argstring, len); do { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) char * saveptr; if (i == 0) p = strtok_r (new, ", \t", &saveptr); else p = strtok_r (NULL, ", \t", &saveptr); #else if (i == 0) p = strtok (new, ", \t"); else p = strtok (NULL, ", \t"); #endif if (p == NULL) break; s = strlen(p) + 1; if (stok[i] != NULL) SH_FREE(stok[i]); stok[i] = SH_ALLOC(s); (void) sl_strlcpy(stok[i], p, s); ++i; if (i == 30) break; } while (p != NULL); *ntok = i; SH_FREE(new); SL_RETURN (0, _("sh_ext_add")); } /********************************************************* * * Public functions * * *********************************************************/ /* * -- start a new external command, and add it to the list */ int sh_ext_setcommand(const char * cmd) { int i; SL_ENTER(_("sh_ext_setcommand")); if ( (i = sh_ext_init(cmd)) < 0) ext_failed = -1; else ext_failed = 0; SL_RETURN( i, _("sh_ext_setcommand")); } /* * -- clean up the command list */ int sh_ext_cleanup(void) { sh_com_t * retval; SL_ENTER(_("sh_ext_cleanup")); while (ext_coms != NULL) { retval = ext_coms; ext_coms = retval->next; sh_ext_tas_free (&(retval->tas)); if (retval->filter) sh_filter_free (retval->filter); SH_FREE(retval); } SL_RETURN (0, _("sh_ext_cleanup")); } /* * -- explicitely close a command */ int sh_ext_close_command (const char * str) { (void) str; if (ext_coms == NULL || ext_failed == (-1)) return (-1); ext_failed = (-1); return 0; } /* * -- add keywords to the OR filter */ int sh_ext_add_or (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) return (-1); if (ext_coms->filter == NULL) ext_coms->filter = sh_filter_alloc(); return (sh_filter_add(str, ext_coms->filter, SH_FILT_OR)); } /* * -- add keywords to the AND filter */ int sh_ext_add_and (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) return (-1); if (ext_coms->filter == NULL) ext_coms->filter = sh_filter_alloc(); return (sh_filter_add(str, ext_coms->filter, SH_FILT_AND)); } /* * -- add keywords to the NOT filter */ int sh_ext_add_not (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) return (-1); if (ext_coms->filter == NULL) ext_coms->filter = sh_filter_alloc(); return (sh_filter_add(str, ext_coms->filter, SH_FILT_NOT)); } /* * -- add keywords to the CL argument list */ int sh_ext_add_argv (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) return (-1); return (sh_ext_add (str, &(ext_coms->tas.argc), ext_coms->tas.argv)); } /* * -- add a path to the environment */ int sh_ext_add_default (const char * dummy) { char * p = NULL; int i; char dir[SH_PATHBUF]; SL_ENTER(_("sh_ext_add_default")); if (dummy[0] == 'n' || dummy[0] == 'N' || dummy[0] == 'f' || dummy[0] == 'F' || dummy[0] == '0') { SL_RETURN(0, _("sh_ext_add_default")); } p = sh_unix_getUIDdir (SH_ERR_ERR, (uid_t) ext_coms->tas.run_user_uid, dir, sizeof(dir)); if (p) (void) sh_ext_add_envv (_("HOME"), p); (void) sh_ext_add_envv (_("SHELL"), _("/bin/sh")); (void) sh_ext_add_envv (_("PATH"), _("/sbin:/bin:/usr/sbin:/usr/bin")); (void) sh_ext_add_envv (_("IFS"), " \n\t"); i = (p == NULL ? (-1) : 0); SL_RETURN(i, _("sh_ext_add_default")); } /* * -- add an environment variable */ int sh_ext_add_environ (const char * str) { int i; SL_ENTER(_("sh_ext_add_environ")); i = sh_ext_add_envv (NULL, str); SL_RETURN(i, _("sh_ext_add_environ")); } /* * -- set deadtime */ int sh_ext_deadtime (const char * str) { long deadtime = 0; char * tail = NULL; SL_ENTER(_("sh_ext_deadtime")); if (ext_coms == NULL || ext_failed == (-1) || str == NULL) { SL_RETURN (-1, _("sh_ext_deadtime")); } deadtime = strtol(str, &tail, 10); if (tail == str || deadtime < 0 || deadtime == LONG_MAX) { SL_RETURN (-1, _("sh_ext_deadtime")); } ext_coms->deadtime = (time_t) deadtime; SL_RETURN (0, _("sh_ext_deadtime")); } /* * -- define type */ int sh_ext_type (const char * str) { SL_ENTER(_("sh_ext_type")); if (ext_coms == NULL || ext_failed == (-1) || str == NULL) { SL_RETURN((-1), _("sh_ext_type")); } if (strlen(str) != 3) { SL_RETURN((-1), _("sh_ext_type")); } set3(ext_coms->type, str[0], str[1], str[2]); if (str[0] == 'l' && str[1] == 'o' && str[2] == 'g') ext_coms->tas.rw = 'w'; else if (str[0] == 's' && str[1] == 'r' && str[2] == 'v') ext_coms->tas.rw = 'w'; else if (str[0] == 'm' && str[1] == 'o' && str[2] == 'n') ext_coms->tas.rw = 'r'; else { SL_RETURN((-1), _("sh_ext_type")); } SL_RETURN(0, _("sh_ext_type")); } /* * -- define checksum */ int sh_ext_checksum (const char * str) { SL_ENTER(_("sh_ext_checksum")); if (ext_coms == NULL || ext_failed == (-1) || str == NULL) { SL_RETURN((-1), _("sh_ext_checksum")); } if (sl_strlen(str) != KEY_LEN) { SL_RETURN((-1), _("sh_ext_checksum")); } (void) sl_strlcpy (ext_coms->tas.checksum, str, KEY_LEN+1); SL_RETURN((0), _("sh_ext_checksum")); } /* * -- choose privileges */ int sh_ext_priv (const char * c) { uid_t me_uid; gid_t me_gid; SL_ENTER(_("sh_ext_priv")); if (0 == sh_ext_uid (c, &me_uid, &me_gid)) { ext_coms->tas.run_user_uid = me_uid; ext_coms->tas.run_user_gid = me_gid; if (me_uid != (uid_t) 0) ext_coms->tas.privileged = 0; SL_RETURN((0), _("sh_ext_priv")); } SL_RETURN (-1, _("sh_ext_priv")); } /* * -- check filters */ static int sh_ext_filter (char * message, sh_com_t * task) { time_t now_time; SL_ENTER(_("sh_ext_filter")); if (task->filter) { if (0 != sh_filter_filter (message, task->filter)) { SL_RETURN ((-1), _("sh_ext_filter")); } } /* Filter passed, check deadtime */ if (task->deadtime != (time_t) 0) { now_time = time (NULL); if (task->last_run == (time_t) 0) { task->last_run = now_time; } else if ((time_t)(now_time-task->last_run) < task->deadtime) { SL_RETURN ((-1), _("sh_ext_filter")); } else { task->last_run = now_time; } } SL_RETURN ((0), _("sh_ext_filter")); } /* * -- execute external script/program */ int sh_ext_execute (char t1, char t2, char t3, /*@null@*/char * message, size_t msg_siz) { int caperr; sh_com_t * listval = ext_coms; int status = 0; char * tmp; char errbuf[SH_ERRBUF_SIZE]; static int some_error = 0; struct sigaction new_act; struct sigaction old_act; SL_ENTER(_("sh_ext_execute")); PDBG_OPEN; if (listval == NULL || message == NULL) { SL_RETURN ((-1), _("sh_ext_execute")); } PDBG(-1); if (msg_siz == 0) msg_siz = sl_strlen(message); /* ignore SIGPIPE (instead get EPIPE if connection is closed) */ new_act.sa_handler = SIG_IGN; (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); while (listval != NULL) { PDBG_OPEN; PDBG(-2); if (t1 == listval->type[0] && t2 == listval->type[1] && t3 == listval->type[2] && 0 == sh_ext_filter (message, listval)) { PDBG(-3); if (0 != (caperr = sl_get_cap_sub())) { sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_get_cap_sub")); } if (0 == sh_ext_popen (&(listval->tas))) { PDBG_OPEN; PDBG(-4); if (NULL != listval->tas.pipe && listval->tas.rw == 'w') { PDBG(-5); if (message != NULL) { PDBG(-6); status = (int) write (listval->tas.pipeFD, message, msg_siz); if (status >= 0) status = (int) write (listval->tas.pipeFD, "\n", 1); } PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "[", 1); PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "E", 1); PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "O", 1); PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "F", 1); PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "]", 1); PDBG_D(status); if (status >= 0) status = (int) write (listval->tas.pipeFD, "\n", 1); PDBG_D(status); if (status >= 0) { some_error = 0; } if ((status < 0) && (some_error == 0)) { some_error = 1; PDBG_S("some error"); PDBG_D(status); tmp = sh_util_safe_name (listval->tas.command); if (tmp) { if (listval->tas.privileged == 0 && (0 == getuid() || 0 != sl_is_suid()) ) sh_error_handle((-1), FIL__, __LINE__, 0, MSG_NOEXEC, (UID_CAST) listval->tas.run_user_uid, tmp); else sh_error_handle((-1), FIL__, __LINE__, 0, MSG_NOEXEC, (UID_CAST) getuid(), tmp); SH_FREE(tmp); } } PDBG(-7); (void) fflush(listval->tas.pipe); } PDBG(-8); (void) sh_ext_pclose(&(listval->tas)); } else { PDBG_OPEN; PDBG_S("0 != sh_ext_popen()"); } if (0 != (caperr = sl_drop_cap_sub())) { sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_drop_cap_sub")); } } listval = listval->next; } PDBG_OPEN; PDBG_S("no more commands"); /* restore old signal handler */ (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL); PDBG_S("return"); PDBG_CLOSE; SL_RETURN ((0), _("sh_ext_execute")); } /* #if defined(WITH_EXTERNAL) */ #endif samhain-3.1.0/src/sh_log_mark.c0000644000175000017500000001422711650104201013270 00000000000000#include "config_xor.h" #ifdef USE_LOGFILE_MONITOR #include #include #undef FIL__ #define FIL__ _("sh_log_mark.c") #include "samhain.h" #include "sh_pthread.h" #include "sh_mem.h" #include "sh_string.h" #include "sh_error_min.h" #include "sh_log_check.h" #include "sh_log_evalrule.h" #include "zAVLTree.h" /* #define DEBUG_MARK */ #ifdef DEBUG_MARK static void DEBUG(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); /* flawfinder: ignore *//* we control fmt string */ va_end(ap); return; } #else static void DEBUG(const char *fmt, ...) { (void) fmt; return; } #endif static zAVLTree * marklist = NULL; struct sh_mark_event { sh_string * label; sh_string * queue_id; time_t last_seen; time_t interval; time_t delay; time_t last_reported; }; static void sh_marklist_free(void * item) { struct sh_mark_event * event = (struct sh_mark_event *) item; if (!event) return; sh_string_destroy(&(event->label)); sh_string_destroy(&(event->queue_id)); SH_FREE(event); return; } void sh_log_mark_destroy() { zAVLFreeTree(marklist, sh_marklist_free); } static zAVLKey sh_log_mark_getkey(void const *item) { return ((struct sh_mark_event *)item)->label->str; } int sh_log_mark_add (const char * label, time_t interval, const char * qlabel) { struct sh_mark_event * event; if (!(marklist)) { marklist = zAVLAllocTree(sh_log_mark_getkey, zAVL_KEY_STRING); } event = (struct sh_mark_event *) zAVLSearch(marklist, label); if (event) { event->interval = interval; sh_string_destroy(&(event->queue_id)); event->queue_id = sh_string_new_from_lchar(qlabel, strlen(qlabel)); return 0; } event = SH_ALLOC(sizeof(struct sh_mark_event)); event->last_seen = time(NULL); event->interval = interval; event->delay = 0; event->last_reported = 0; event->label = sh_string_new_from_lchar(label, strlen(label)); event->queue_id = sh_string_new_from_lchar(qlabel, strlen(qlabel)); if (0 != zAVLInsert(marklist, event)) { sh_marklist_free(event); return -1; } return 0; } void sh_log_mark_update (sh_string * label, time_t timestamp) { struct sh_mark_event * event = (struct sh_mark_event *) zAVLSearch (marklist, sh_string_str(label)); DEBUG("debug: running mark update for %s\n", sh_string_str(label)); if (event) { DEBUG("debug: updating, timestamp %lu, last_seen %lu, interval %d\n", (unsigned long)timestamp, (unsigned long) event->last_seen, (int)event->interval); if ((timestamp > event->last_seen) && (event->interval < (timestamp - event->last_seen)) && (timestamp > event->last_reported) && (event->interval < (timestamp - event->last_reported))) { event->delay = timestamp - event->last_seen; DEBUG("debug: updating delay to %d\n", (int) event->delay); } event->last_seen = timestamp; } return; } /* This should allow to get all overdue labels with a for loop like: * for (label = sh_log_mark_first(); label; label = sh_log_mark_next()) {} */ static zAVLCursor mark_cursor; static struct sh_mark_event * sh_log_mark_cursor(time_t * delay, time_t now, struct sh_mark_event * event) { while (event) { DEBUG("debug: echeck, delay %d, now %lu, last_seen %lu, reported %lu\n", (int) event->delay, (unsigned long)now, (unsigned long) event->last_seen, (unsigned long)event->last_reported); if (event->delay > 0) { DEBUG("debug: event delay > 0, value %d\n", (int) event->delay); *delay = event->delay; event->delay = 0; event->last_reported = time(NULL); return event; } else if ((now > event->last_seen) && (now > event->last_reported) && (event->interval < (now - event->last_seen)) && (event->interval < (now - event->last_reported)) ) { DEBUG("debug: event delay 0, now %lu, last_seen %lu, reported %lu\n", (unsigned long)now, (unsigned long) event->last_seen, (unsigned long)event->last_reported); *delay = now - event->last_seen; event->delay = 0; /* Subtract 1 sec to prevent accumulation of the * one second offset. */ event->last_reported = time(NULL) - 1; return event; } event = (struct sh_mark_event *) zAVLNext(&mark_cursor); } return NULL; } struct sh_mark_event * sh_log_mark_first(time_t * delay, time_t now) { struct sh_mark_event * event = (struct sh_mark_event *) zAVLFirst(&mark_cursor, marklist); return sh_log_mark_cursor (delay, now, event); } struct sh_mark_event * sh_log_mark_next(time_t * delay, time_t now) { struct sh_mark_event * event = (struct sh_mark_event *) zAVLNext(&mark_cursor); return sh_log_mark_cursor (delay, now, event); } static int sh_mark_default_severity = SH_ERR_SEVERE; int sh_log_set_mark_severity (const char * str) { int val = sh_error_convert_level(str); if (val < 0) return -1; sh_mark_default_severity = val; return 0; } static struct sh_mark_event ** dummy_event; void sh_log_mark_check() { struct sh_mark_event * event; time_t now = time(NULL); time_t delay; /* variable 'event' might be clobbered by 'longjmp' or 'vfork' */ dummy_event = &event; DEBUG("debug: running mark check\n"); for (event = sh_log_mark_first(&delay, now); event; event = sh_log_mark_next (&delay, now)) { int severity; sh_string * alias; SH_MUTEX_LOCK(mutex_thread_nolog); severity = sh_log_lookup_severity(sh_string_str(event->queue_id)); if (severity < 0) severity = sh_mark_default_severity; DEBUG("debug: mark check: queue %s, severity %d\n", sh_string_str(event->queue_id), severity); sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_MARK, sh_string_str(event->label), (unsigned long) delay); alias = sh_log_lookup_alias(sh_string_str(event->queue_id)); if (alias) { sh_error_mail (sh_string_str(alias), severity, FIL__, __LINE__, 0, MSG_LOGMON_MARK, sh_string_str(event->label), (unsigned long) delay); } SH_MUTEX_UNLOCK(mutex_thread_nolog); } return; } #endif samhain-3.1.0/src/sh_err_console.c0000644000175000017500000002206611664725752014040 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include "samhain.h" #include "sh_error.h" #include "sh_utils.h" #undef FIL__ #define FIL__ _("sh_err_console.c") #include #include #include #include #include extern int OnlyStderr; #if !defined(O_NONBLOCK) #if defined(O_NDELAY) #define O_NONBLOCK O_NDELAY #else #define O_NONBLOCK 0 #endif #endif #if defined(WITH_MESSAGE_QUEUE) #if defined(HAVE_SYS_MSG_H) #include #include struct sh_msgbuf { long mtype; char mtext[1]; /* <-- sizeof(mtext) will be 1+MY_MAX_MSG */ }; static int msgq_enabled = S_FALSE; /* The identifier of the message queue */ static int msgid = -1; /* Open the SysV message queue, creating it when neccesary */ static int open_ipc(void) { key_t key; #if defined(WITH_TPT) int error = 0; char errbuf[SH_ERRBUF_SIZE]; #endif SL_ENTER(_("open_ipc")); /* get key */ key = ftok ("/tmp", '#'); if (key == (key_t) -1) { #if defined(WITH_TPT) error = errno; #endif TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), sh_error_message(error, errbuf, sizeof(errbuf)), error)); SL_RETURN(-1, _("open_ipc")); } /* get message identifier */ msgid = msgget (key, IPC_CREAT|MESSAGE_QUEUE_MODE); if (msgid < 0) { #if defined(WITH_TPT) error = errno; #endif TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), sh_error_message(error, errbuf, sizeof(errbuf)), error)); SL_RETURN(-1, _("open_ipc")); } SL_RETURN(0, _("open_ipc")); } /* Close the SysV message queue */ void close_ipc (void) { SL_ENTER(_("close_ipc")); if (msgid != (-1)) (void) msgctl (msgid, IPC_RMID, NULL); SL_RET0(_("close_ipc")); } /* Enable the message queue */ int enable_msgq(const char * foo) { int i; SL_ENTER(_("enable_msgq")); i = sh_util_flagval(foo, &msgq_enabled); SL_RETURN(i, _("enable_msgq")); } /* #define MY_MAX_MSG 254 */ #define MY_MAX_MSG 1022 static int push_message_queue (const char * msg) { struct sh_msgbuf* recv_msg = NULL; int rc = -1; static int status = -1; int count = 0; #if defined(WITH_TPT) int error = 0; char errbuf[SH_ERRBUF_SIZE]; #endif SL_ENTER(_("push_message_queue")); if (msgq_enabled == -1) { TPT(( 0, FIL__, __LINE__, _("msg=\n"))); SL_RETURN(0, _("push_message_queue")); } if (status < 0) { TPT(( 0, FIL__, __LINE__, _("msg=\n"))); status = open_ipc(); } if (status < 0) { TPT(( 0, FIL__, __LINE__, _("msg=\n"))); SL_RETURN(-1, _("push_message_queue")); } /* struct msgbuf { * long mtype; * char mtext[1]; <-- sizeof(mtext) will be 1+MY_MAX_MSG * } */ recv_msg = (struct sh_msgbuf*) SH_ALLOC(sizeof(struct sh_msgbuf)+MY_MAX_MSG); recv_msg->mtype = 1; sl_strlcpy (recv_msg->mtext, msg, MY_MAX_MSG+1); count = 0; send_it: if (count > 1) { SH_FREE(recv_msg); SL_RETURN(-1, _("push_message_queue")); } /* send the message */ do { errno = 0; rc = msgsnd(msgid, recv_msg, strlen(recv_msg->mtext)+1, IPC_NOWAIT); } while (rc < 0 && errno == EINTR); if (rc == -1 && errno != EAGAIN) { /* EIDRM is not in OpenBSD */ if (errno == EINVAL #if defined(EIDRM) || errno == EIDRM #endif ) { TPT(( 0, FIL__, __LINE__, _("msg=\n"))); status = open_ipc(); if (status == 0) { ++count; goto send_it; } } else { #if defined(WITH_TPT) error = errno; #endif TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), sh_error_message(error, errbuf, sizeof(errbuf)), error)); SH_FREE(recv_msg); SL_RETURN(-1, _("push_message_queue")); } } SH_FREE(recv_msg); SL_RETURN(0, _("push_message_queue")); } /* if defined(HAVE_SYS_MSG_H) */ #else #error ********************************************** #error #error The sys/msg.h header was not found, #error cannot compile with --enable-message-queue #error #error ********************************************** #endif #endif static int count_dev_console = 0; void reset_count_dev_console(void) { count_dev_console = 0; return; } /* ---- Set the console device. ---- */ int sh_log_set_console (const char * address) { SL_ENTER(_("sh_log_set_console")); if (address != NULL && count_dev_console < 2 && sl_strlen(address) < SH_PATHBUF) { if (count_dev_console == 0) (void) sl_strlcpy (sh.srvcons.name, address, SH_PATHBUF); else (void) sl_strlcpy (sh.srvcons.alt, address, SH_PATHBUF); ++count_dev_console; SL_RETURN(0, _("sh_log_set_console")); } SL_RETURN((-1), _("sh_log_set_console")); } #if defined(WITH_TRACE) || defined(WITH_TPT) char * sh_log_console_name (void) { if (! sh.srvcons.name || sh.srvcons.name[0] == '\0' || 0 == strcmp(sh.srvcons.name, _("NULL"))) return (_("/dev/console")); return sh.srvcons.name; } #endif #ifndef STDERR_FILENO #define STDERR_FILENO 2 #endif /* ---- Print out a message. ---- */ int sh_log_console (const /*@null@*/char *errmsg) { static int service_failure[2] = { 0, 0}; int fd[2] = { -1, -1}; int sflags; int cc; size_t len; int ccMax = 1; int retval = -1; /* static int logkey_seen = 0; */ int error; static int blockMe = 0; int val_return; SL_ENTER(_("sh_log_console")); if (errmsg == NULL || blockMe == 1) { SL_RETURN(0, _("sh_log_console")); } else blockMe = 1; #ifdef WITH_MESSAGE_QUEUE if (0 != push_message_queue (errmsg)) { TPT(( 0, FIL__, __LINE__, _("msg=\n"))); } #endif if (sh.flag.isdaemon == S_FALSE || OnlyStderr == S_TRUE) { len = strlen(errmsg); do { val_return = write(STDERR_FILENO, errmsg, len); } while (val_return < 0 && errno == EINTR); do { val_return = write(STDERR_FILENO, "\n", 1); } while (val_return < 0 && errno == EINTR); /* * fprintf (stderr, "%s\n", errmsg); */ blockMe = 0; SL_RETURN(0, _("sh_log_console")); } /* --- daemon && initialized --- */ if ( (OnlyStderr == S_FALSE) ) { fd[0] = open ( sh.srvcons.name, O_WRONLY|O_APPEND|O_NOCTTY|O_NONBLOCK); if (fd[0] >= 0) { sflags = (int) retry_fcntl(FIL__, __LINE__, fd[0], F_GETFL, 0); if (sflags >= 0) { (void) retry_fcntl(FIL__, __LINE__, fd[0], F_SETFL, sflags & ~O_NONBLOCK); } } if (sh.srvcons.alt != NULL && sh.srvcons.alt[0] != '\0') { fd[1] = open (sh.srvcons.alt, O_WRONLY|O_APPEND|O_NOCTTY|O_NONBLOCK); if (fd[1] >= 0) { sflags = (int) retry_fcntl(FIL__, __LINE__, fd[1], F_GETFL, 0); if (sflags >= 0) { (void) retry_fcntl(FIL__, __LINE__, fd[1], F_SETFL, sflags & ~O_NONBLOCK); } ccMax = 2; } } for (cc = 0; cc < ccMax; ++cc) { if (fd[cc] < 0 && service_failure[cc] == 0) { error = errno; sh_error_handle ((-1), FIL__, __LINE__, error, MSG_SRV_FAIL, _("console"), (cc == 0) ? sh.srvcons.name : sh.srvcons.alt); service_failure[cc] = 1; } if (fd[cc] >= 0) { do { val_return = write(fd[cc], errmsg, strlen(errmsg)); } while (val_return < 0 && errno == EINTR); do { val_return = write(fd[cc], "\r\n", 2); } while (val_return < 0 && errno == EINTR); (void) sl_close_fd(FIL__, __LINE__, fd[cc]); service_failure[cc] = 0; } } } else retval = 0; blockMe = 0; SL_RETURN(retval, _("sh_log_console")); } samhain-3.1.0/src/cutest_sh_tools.c0000644000175000017500000000622511537467553014255 00000000000000 #include "config_xor.h" #include #include "CuTest.h" #include "samhain.h" #include "sh_tools.h" #include "sh_ipvx.h" void Test_sh_tools_safe_name_01(CuTest *tc) { /* xml specific */ char* input = strdup("hellorld\"foo&"); char* actual = sh_tools_safe_name(input, 1); #ifdef SH_USE_XML char* expected = "hello=3cwo=3erld=22foo=26"; #else char* expected = "hellorld\"foo&"; #endif CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_02(CuTest *tc) { /* html entities */ char* input = strdup("hello&"><"); char* actual = sh_tools_safe_name(input, 0); char* expected = "hello=26=22=3e=3c"; CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_03(CuTest *tc) { char* input = strdup("\\\'hello\\"); char* actual = sh_tools_safe_name(input, 0); char* expected = "=27hello"; CuAssertStrEquals(tc, expected, actual); input = strdup("hello \"world\\\""); actual = sh_tools_safe_name(input, 0); expected = "hello \"world=22"; CuAssertStrEquals(tc, expected, actual); input = strdup("hello\\\\"); actual = sh_tools_safe_name(input, 0); expected = "hello=5c"; CuAssertStrEquals(tc, expected, actual); input = strdup("hello\\n"); actual = sh_tools_safe_name(input, 0); expected = "hello=0a"; CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_04(CuTest *tc) { /* invalid and valid octal code */ char* input = strdup("hello\\\n"); char* actual = sh_tools_safe_name(input, 0); char* expected = "hello"; CuAssertStrEquals(tc, expected, actual); input = strdup("hello\\100"); actual = sh_tools_safe_name(input, 0); expected = "hello=40"; CuAssertStrEquals(tc, expected, actual); input = strdup("h\\\"ello\\100a"); actual = sh_tools_safe_name(input, 0); expected = "h=22ello=40a"; CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_05(CuTest *tc) { /* encoding of '=' */ char* input = strdup("he=llo=\"foo\""); char* actual = sh_tools_safe_name(input, 0); char* expected = "he=3dllo=\"foo\""; CuAssertStrEquals(tc, expected, actual); input = strdup("he=llo="); actual = sh_tools_safe_name(input, 0); expected = "he=3dllo="; CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_06(CuTest *tc) { /* line break removal */ char* input = strdup("hello\nworld"); char* actual = sh_tools_safe_name(input, 0); char* expected = "hello world"; CuAssertStrEquals(tc, expected, actual); } void Test_sh_tools_safe_name_07(CuTest *tc) { /* non-printable chars */ char* input = strdup("hello world"); char* actual; char* expected; input[0] = 0x01; input[5] = 0xFF; input[10] = 0xF0; actual = sh_tools_safe_name(input, 0); expected = "=01ello=ffworl=f0"; CuAssertStrEquals(tc, expected, actual); } void Test_is_numeric_01(CuTest *tc) { char* input = strdup("hello world"); CuAssertTrue(tc, !sh_ipvx_is_numeric(input)); input = strdup("127.0.0.1"); CuAssertTrue(tc, sh_ipvx_is_numeric(input)); input = strdup("127.0.0.de"); CuAssertTrue(tc, !sh_ipvx_is_numeric(input)); input = strdup("127"); CuAssertTrue(tc, sh_ipvx_is_numeric(input)); } samhain-3.1.0/src/sh_userfiles.c0000644000175000017500000003140711263370661013514 00000000000000/* * File: sh_userfiles.c * Desc: A module for Samhain; adds files in user directories to the check list * Auth: Jerry Connolly */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include #include #include "samhain.h" #include "sh_modules.h" #include "sh_userfiles.h" #include "sh_utils.h" #include "sh_schedule.h" #include "sh_error.h" #include "sh_hash.h" #include "sh_files.h" #define SH_NEED_PWD_GRP 1 #include "sh_static.h" #include "sh_pthread.h" #ifdef SH_USE_USERFILES #define FIL__ _("sh_userfiles.c") /* We won't want to build this into yule */ #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) static int ShUserfilesActive = S_TRUE; struct userfileslist { char filename[PATH_MAX]; int level; struct userfileslist *next; }; struct userhomeslist { char *pw_dir; struct userhomeslist *next; }; struct useruidlist { unsigned long lower; unsigned long upper; struct useruidlist *next; }; static struct userfileslist *userFiles = NULL; static struct userhomeslist *userHomes = NULL; static struct useruidlist *userUids = NULL; static void sh_userfiles_free_fileslist(struct userfileslist *head); static void sh_userfiles_free_homeslist(struct userhomeslist *head); static void sh_userfiles_free_uidslist (struct useruidlist *head); sh_rconf sh_userfiles_table[] = { { N_("userfilesname"), sh_userfiles_add_file, }, { N_("userfilesactive"), sh_userfiles_set_active, }, { N_("userfilescheckuids"), sh_userfiles_set_uid, }, { NULL, NULL } }; static int sh_userfiles_check_uid (unsigned long uid) { struct useruidlist * uids = userUids; /* default is to include all */ if (userUids == NULL) return 1; while (uids) { if ((uids->upper != 0) && (uid >= uids->lower) && (uid <= uids->upper)) return 1; if ((uids->upper == 0) && (uid == uids->lower)) return 1; uids = uids->next; } return 0; } int sh_userfiles_set_uid (const char * str) { char * end; const char * p = str; unsigned long lower; unsigned long upper = 0; struct useruidlist * uids; while ((p != NULL) && (*p != '\0')) { lower = strtoul(p, &end, 10); if ( (lower == ULONG_MAX) || (end == p)) return -1; p = end; if (*p == '-') { ++p; if (*p == '\0') { upper = ULONG_MAX; p = NULL; } else { upper = strtoul(p, &end, 10); if ( (upper == ULONG_MAX) || (end == p)) return -1; p = end; if ( (*p != ',') && (*p != '\0')) return -1; if (*p != '\0') ++p; } } else if (*p == '\0') { upper = 0; p = NULL; } else if ((*p == ',') || (*p == ' ') || (*p == '\t')) { upper = 0; ++p; } else { upper = strtoul(p, &end, 10); if ( (upper == ULONG_MAX) || (end == p)) return -1; p = end; if ( (*p != ',') && (*p != ' ') && (*p != '\t') && (*p != '\0') ) return -1; if (*p != '\0') ++p; } uids = SH_ALLOC(sizeof(struct useruidlist)); uids->lower = lower; uids->upper = upper; uids->next = userUids; userUids = uids; /* fprintf(stderr, "range %lu %lu\n", lower, upper); */ } return 0; } /* Add 'c' to the list of files (userFiles) relative to any given HOME * directory that should be checked. */ int sh_userfiles_add_file(const char *c) { struct userfileslist *new; char *s, *orig; char *user_filename; int default_level = SH_LEVEL_NOIGNORE; char *separator = " "; SL_ENTER(_("sh_userfiles_add_file")); if( c == NULL ) SL_RETURN(-1, _("sh_userfiles_add_file") ); s = sh_util_strdup(c); /* Maybe c is needed elsewhere */ orig = s; user_filename = sh_util_strsep(&s, separator); if( user_filename == NULL || strlen(user_filename) > PATH_MAX ) SL_RETURN(-1, _("sh_userfiles_add_file") ); new = SH_ALLOC(sizeof(struct userfileslist)); (void) sl_strlcpy(new->filename, user_filename, PATH_MAX); new->next = userFiles; userFiles = new; /* order is important here, since 'log' would match on 'glog' * So, compare longest strings first */ if( s == NULL ) /* The default */ new->level = default_level; else if ( strstr(s, _("attributes"))!= NULL ) new->level = SH_LEVEL_ATTRIBUTES; else if ( strstr(s, _("allignore")) != NULL ) new->level = SH_LEVEL_ALLIGNORE; else if ( strstr(s, _("noignore")) != NULL ) new->level = SH_LEVEL_NOIGNORE; else if ( strstr(s, _("logfiles")) != NULL ) new->level = SH_LEVEL_LOGFILES; else if ( strstr(s, _("readonly")) != NULL ) new->level = SH_LEVEL_READONLY; else if ( strstr(s, _("loggrow")) != NULL ) new->level = SH_LEVEL_LOGGROW; else if ( strstr(s, _("user0")) != NULL ) new->level = SH_LEVEL_USER0; else if ( strstr(s, _("user1")) != NULL ) new->level = SH_LEVEL_USER1; else if ( strstr(s, _("user2")) != NULL ) new->level = SH_LEVEL_USER2; else if ( strstr(s, _("user3")) != NULL ) new->level = SH_LEVEL_USER3; else if ( strstr(s, _("user4")) != NULL ) new->level = SH_LEVEL_USER4; else if ( strstr(s, _("prelink")) != NULL ) new->level = SH_LEVEL_PRELINK; else /* The default */ new->level = default_level; SH_FREE(orig); SL_RETURN(0, _("sh_userfiles_add_file") ); } /* Decide if we're active. */ int sh_userfiles_set_active(const char *c) { int value; SL_ENTER(_("sh_userfiles_set_active")); value = sh_util_flagval(c, &ShUserfilesActive); SL_RETURN((value), _("sh_userfiles_set_active")); } /* Build the list of users, then use this to construct the filenames to * be checked. */ int sh_userfiles_init(struct mod_type * arg) { struct passwd *cur_user; struct userhomeslist *end; struct userhomeslist *new; struct userhomeslist *homes; char * filepath; (void) arg; SL_ENTER(_("sh_userfiles_init")); /* We need to free anything allocated by the configuration functions if * we find that the module is to be left inactive - otherwise _reconf() * won't quite work. */ if( ShUserfilesActive == S_FALSE ) { sh_userfiles_free_homeslist(userHomes); sh_userfiles_free_fileslist(userFiles); userHomes = NULL; userFiles = NULL; SL_RETURN(-1, _("sh_userfiles_init")); } /* We build a list in here because the samhain internals want to use * getpwent() too */ SH_MUTEX_LOCK(mutex_pwent); /*@-unrecog@*/ sh_setpwent(); /*@+unrecog@*/ while( ( cur_user = /*@-unrecog@*/sh_getpwent()/*@+unrecog@*/ ) != NULL ) { int found = 0; if (0 == sh_userfiles_check_uid( (unsigned long) cur_user->pw_uid)) continue; for( end = userHomes; end != NULL; end = end->next ) { if( sl_strcmp( end->pw_dir, cur_user->pw_dir) == 0 ) { found = 1; /* Found a match, so flag it and stop searching */ break; } } if( found == 0 ) { /* Didn't find it, so add to the front of the list */ new = SH_ALLOC(sizeof(struct userhomeslist) ); new->next = userHomes; new->pw_dir = sh_util_strdup(cur_user->pw_dir); userHomes = new; } } sh_endpwent(); SH_MUTEX_UNLOCK(mutex_pwent); filepath = SH_ALLOC(PATH_MAX); for (homes = userHomes; homes != NULL; homes = homes->next ) { struct userfileslist *file_ptr; for (file_ptr = userFiles; file_ptr != NULL; file_ptr = file_ptr->next) { (void) sl_strncpy(filepath, homes->pw_dir, PATH_MAX); (void) sl_strncat(filepath, "/", PATH_MAX); (void) sl_strncat(filepath, file_ptr->filename, PATH_MAX); switch(file_ptr->level) { case SH_LEVEL_READONLY: (void) sh_files_pushfile_ro(filepath); break; case SH_LEVEL_LOGFILES: (void) sh_files_pushfile_log(filepath); break; case SH_LEVEL_LOGGROW: (void) sh_files_pushfile_glog(filepath); break; case SH_LEVEL_NOIGNORE: (void) sh_files_pushfile_noig(filepath); break; case SH_LEVEL_ALLIGNORE: (void) sh_files_pushfile_allig(filepath); break; case SH_LEVEL_ATTRIBUTES: (void) sh_files_pushfile_attr(filepath); break; case SH_LEVEL_USER0: (void) sh_files_pushfile_user0(filepath); break; case SH_LEVEL_USER1: (void) sh_files_pushfile_user1(filepath); break; case SH_LEVEL_USER2: (void) sh_files_pushfile_user2(filepath); break; case SH_LEVEL_USER3: (void) sh_files_pushfile_user3(filepath); break; case SH_LEVEL_USER4: (void) sh_files_pushfile_user4(filepath); break; case SH_LEVEL_PRELINK: (void) sh_files_pushfile_prelink(filepath); break; default: /* Should not reach here */ break; } } } SH_FREE(filepath); SL_RETURN(0, _("sh_userfiles_init")); } /* This is pretty much NULL; we don't do anything in our checking routine, * so we never need to run it. Just use tcurrent to avoid compiler warnings. */ int sh_userfiles_timer(time_t tcurrent) { SL_ENTER(_("sh_userfiles_timer")); tcurrent = 0; SL_RETURN((int)tcurrent, _("sh_userfiles_timer")); } int sh_userfiles_check(void) { SL_ENTER(_("sh_userfiles_check")); SL_RETURN(0, _("sh_userfiles_check")); } /* Free our lists and the associated memory */ int sh_userfiles_cleanup(void) { SL_ENTER(_("sh_userfiles_cleanup")); sh_userfiles_free_homeslist(userHomes); sh_userfiles_free_fileslist(userFiles); sh_userfiles_free_uidslist (userUids); SL_RETURN(0, _("sh_userfiles_cleanup")); } /* As with sh_userfiles_cleanup, but in preparation for re-reading the * configuration files */ int sh_userfiles_reconf(void) { SL_ENTER(_("sh_userfiles_reconf")); sh_userfiles_free_homeslist(userHomes); sh_userfiles_free_fileslist(userFiles); sh_userfiles_free_uidslist (userUids); userHomes = NULL; userFiles = NULL; userUids = NULL; ShUserfilesActive = S_TRUE; SL_RETURN(0, _("sh_userfiles_reconf")); } /* Recurse to the end of the list and then free the data as we return * back up towards the start, making sure to free any strdupped strings */ static void sh_userfiles_free_homeslist(struct userhomeslist *head) { if( head != NULL ) { sh_userfiles_free_homeslist(head->next); SH_FREE(head->pw_dir); SH_FREE(head); } } /* Recurse to the end of the list and then free the data as we return * back up towards the start */ static void sh_userfiles_free_fileslist(struct userfileslist *head) { if( head != NULL ) { sh_userfiles_free_fileslist(head->next); SH_FREE(head); } } /* Recurse to the end of the list and then free the data as we return * back up towards the start */ static void sh_userfiles_free_uidslist(struct useruidlist *head) { if( head != NULL ) { sh_userfiles_free_uidslist(head->next); SH_FREE(head); } } /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ #endif /* #ifdef SH_USE_USERFILES */ #endif samhain-3.1.0/src/sh_mounts.c0000644000175000017500000004710511272257764013052 00000000000000/* * File: sh_mounts.c * Desc: A module for Samhain; checks for mounts present and options on them. * Auth: Cian Synnott * */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" /* Used in the call tracing macros to keep track of where we are in the code */ #undef FIL__ #define FIL__ _("sh_mounts.c") #include "samhain.h" #include "sh_utils.h" #include "sh_error.h" #include "sh_modules.h" #include "sh_mounts.h" #ifdef SH_USE_MOUNTS #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) /* * #ifdef HAVE_STRING_H * #include * #endif */ #ifdef TM_IN_SYS_TIME #include #else #include #endif /* Prototypes for configuration functions */ int sh_mounts_config_activate (const char * opt); int sh_mounts_config_timer (const char * opt); int sh_mounts_config_mount (const char * opt); int sh_mounts_config_sevmnt (const char * opt); int sh_mounts_config_sevopt (const char * opt); /* Prototype for the function to read info on mounted filesystems */ static struct sh_mounts_mnt *readmounts(void); /* Table for configuration options, and pointers to the functions that will * configure them. Each function is passed the string resulting from stripping * the option and the "equals" from the config file; e.g. MountCheckActive=1 in * the configuration file will result in the string "1" being passed to * sh_mounts_config_activate() */ sh_rconf sh_mounts_table[] = { { N_("mountcheckactive"), sh_mounts_config_activate }, { N_("mountcheckinterval"), sh_mounts_config_timer }, { N_("checkmount"), sh_mounts_config_mount }, { N_("severitymountmissing"), sh_mounts_config_sevmnt }, { N_("severityoptionmissing"), sh_mounts_config_sevopt }, { NULL, NULL }, }; /* Structures for storing my configuration information, and functions for * manipulating them */ struct sh_mounts_mnt { char * path; struct sh_mounts_opt * opts; struct sh_mounts_mnt * next; }; struct sh_mounts_opt { char * opt; struct sh_mounts_opt * next; }; /* Return the mount structure whose path matches 'mnt' or NULL if not found */ static struct sh_mounts_mnt *sh_mounts_mnt_member(struct sh_mounts_mnt *m, char *mnt) { struct sh_mounts_mnt *it; for (it = m; it != NULL; it = it->next) { if (0 == sl_strcmp(it->path, mnt)) { return it; } } return NULL; } /* Return the opt structure whose option matches 'opt' or NULL if not found */ static struct sh_mounts_opt *sh_mounts_opt_member(struct sh_mounts_opt *o, char *opt) { struct sh_mounts_opt *it; for (it = o; it != NULL; it = it->next) { /* if (!strcmp(it->opt, opt)) { */ if (0 == sl_strcmp(it->opt, opt)) { return it; } } return NULL; } static void sh_mounts_opt_free(struct sh_mounts_opt *o) { if (o != NULL) { sh_mounts_opt_free(o->next); SH_FREE(o->opt); SH_FREE(o); } } static void sh_mounts_mnt_free(struct sh_mounts_mnt *m) { if (m != NULL) { sh_mounts_mnt_free(m->next); sh_mounts_opt_free(m->opts); SH_FREE(m->path); SH_FREE(m); } } /* Some configuration variables I'll be using */ static time_t lastcheck = (time_t) 0; static int ShMountsActive = S_FALSE; static time_t ShMountsInterval = 86400; static int ShMountsSevMnt = 7; static int ShMountsSevOpt = 7; static struct sh_mounts_mnt *mountlist = NULL; /* Module initialisation * This is called once at the start of each samhain run. * Non-configuration setup code should be placed here. */ int sh_mounts_init (struct mod_type * arg) { (void) arg; SL_ENTER(_("sh_mounts_init")); /* This is a little odd. Because we've built the configured mount list at * this point, if we've set the module inactive, we need to free the list - * otherwise when we reconf() with it set active, we'll end up with a * duplicated list. Interesting. */ if (ShMountsActive == S_FALSE) { sh_mounts_mnt_free(mountlist); mountlist = NULL; SL_RETURN(-1, _("sh_mounts_init")); } SL_RETURN(0, _("sh_mounts_init")); } /* Module timer * This timer function is called periodically with the current time to see if * it is time to run the module's "check" function. On nonzero return, the * check is run. */ int sh_mounts_timer (time_t tcurrent) { SL_ENTER(_("sh_mounts_timer")); if ((time_t) (tcurrent - lastcheck) >= ShMountsInterval) { lastcheck = tcurrent; SL_RETURN(-1, _("sh_mounts_timer")); } SL_RETURN(0, _("sh_mounts_timer")); } /* Module check * The business end of things. This is the actual check code for this module. * Everything you want to do periodically should go here. */ int sh_mounts_check () { struct sh_mounts_mnt *memlist; struct sh_mounts_mnt *cfgmnt, *mnt; struct sh_mounts_opt *cfgopt, *opt; SL_ENTER(_("sh_mounts_check")); /* Log the check run. For each message type you want, you need to define it * as an enum in sh_cat.h, and then set it up in terms of priority and format * string in sh_cat.c */ sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_CHECK); /* Read the list of mounts from memory */ memlist = readmounts(); if (memlist == NULL) { sh_error_handle(-1, FIL__, __LINE__, 0, MSG_MNT_MEMLIST); } /* For each mount we are configured to check, run through the list of mounted * filesystems and compare the pathnames */ for (cfgmnt = mountlist; cfgmnt != NULL; cfgmnt = cfgmnt->next) { mnt = sh_mounts_mnt_member(memlist, cfgmnt->path); if (mnt) { for (cfgopt = cfgmnt->opts; cfgopt != NULL; cfgopt = cfgopt->next) { opt = sh_mounts_opt_member(mnt->opts, cfgopt->opt); if (!opt) { sh_error_handle(ShMountsSevOpt, FIL__, __LINE__, 0, MSG_MNT_OPTMISS, cfgmnt->path, cfgopt->opt); } } } else { sh_error_handle(ShMountsSevMnt, FIL__, __LINE__, 0, MSG_MNT_MNTMISS, cfgmnt->path); } } /* Make sure to clean up after ourselves */ sh_mounts_mnt_free(memlist); SL_RETURN(0, _("sh_mounts_check")); } /* Module cleanup * The end of the tour - when samhain is shutting down, this is run. */ int sh_mounts_cleanup () { SL_ENTER(_("sh_mounts_cleanup")); sh_mounts_mnt_free(mountlist); mountlist = NULL; SL_RETURN( (0), _("sh_mounts_cleanup")); } /* Module reconfiguration * Run on receipt of a HUP. */ int sh_mounts_reconf() { SL_ENTER(_("sh_mounts_null")); sh_mounts_mnt_free(mountlist); mountlist = NULL; /* re-set defaults */ ShMountsActive = S_FALSE; ShMountsInterval = 86400; ShMountsSevMnt = 7; ShMountsSevOpt = 7; SL_RETURN( (0), _("sh_mounts_null")); } /* Module configuration * These functions are called when the configuration file is being parsed. */ /* Configure to check a particular mount */ int sh_mounts_config_mount (const char * opt_in) { struct sh_mounts_mnt *m; struct sh_mounts_opt *o; char *sp, *temp, *opt; SL_ENTER(_("sh_mounts_config_mount")); /* It's probably best to make a copy of opt before messing about with it * via string functions. Good practice and all that. */ temp = sh_util_strdup(opt_in); /* Since we're going to "consume" this new buffer, it'll be good to have a * reference to it's allocated memory so we can free it later. Let's use * temp for that, and "opt" for consumption */ opt = temp; m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof(struct sh_mounts_mnt)); /* First, strip out the mount path. */ m->path = sh_util_strdup(sh_util_strsep(&opt, " \t")); m->opts = NULL; /* Now get all of the mount options - they can be delimited by comma or * whitespace */ while (opt != NULL) { sp = sh_util_strsep(&opt, ", \t"); /* This just catches multiple separators appearing together */ if (*sp == '\0') { continue; } o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); o->next = m->opts; m->opts = o; o->opt = sh_util_strdup(sp); } /* Add to the list of configured mounts */ m->next = mountlist; mountlist = m; /* Free the string buffer we allocated earlier */ SH_FREE(temp); SL_RETURN(0, _("sh_mounts_config_mount")); } /* Simply sets our boolean as to whether this module is active */ int sh_mounts_config_activate (const char * opt) { int i; SL_ENTER(_("sh_mounts_config_activate")); i = sh_util_flagval(opt, &ShMountsActive); SL_RETURN(i, _("sh_mounts_config_activate")); } /* Sets up our timer */ int sh_mounts_config_timer (const char * opt) { long val; int retval = 0; SL_ENTER(_("sh_mounts_config_timer")); val = strtol (opt, (char **)NULL, 10); if (val <= 0) { sh_error_handle (-1, FIL__, __LINE__, EINVAL, MSG_EINVALS, _("mounts timer"), opt); retval = -1; } val = (val <= 0 ? 86400 : val); ShMountsInterval = (time_t) val; SL_RETURN(retval, _("sh_mounts_config_timer")); } /* Configure severity for "mount missing" messages */ int sh_mounts_config_sevmnt (const char * opt) { int retval = 0; char tmp[32]; SL_ENTER(_("sh_mounts_config_sevmnt")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, opt, 32); retval = sh_error_set_level (tmp, &ShMountsSevMnt); SL_RETURN(retval, _("sh_mounts_config_sevmnt")); } int sh_mounts_config_sevopt (const char * opt) { int retval = 0; char tmp[32]; SL_ENTER(_("sh_mounts_config_sevopt")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, opt, 32); retval = sh_error_set_level (tmp, &ShMountsSevOpt); SL_RETURN(retval, _("sh_mounts_config_sevopt")); } /* * Below here we have the code for actually reading options on mounted fs's * I've just got code here to work on FreeBSD, Linux and Solaris. I'm sure * others could be added. Note that some small bits of the OS-specific code * are from mountlist.c in GNU fileutils. */ /* FreeBSD includes */ #if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) #include #include #include #endif /* Linux includes */ #ifdef HOST_IS_LINUX #include #include #endif /* Solaris includes */ #ifdef HOST_IS_SOLARIS #include #include #endif /* HP_UX includes */ #ifdef HOST_IS_HPUX #include #include #endif /* AIX includes and helper routines (from gnome-vfs-unix-mounts.c */ #if 0 #ifdef HOST_IS_AIX #include #include #include /* gnome-vfs-unix-mounts.c - read and monitor fstab/mtab Copyright (C) 2003 Red Hat, Inc The Gnome Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The Gnome Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the Gnome Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Author: Alexander Larsson */ /* read character, ignoring comments (begin with '*', end with '\n' */ static int aix_fs_getc (FILE *fd) { int c; while ((c = getc (fd)) == '*') { while (((c = getc (fd)) != '\n') && (c != EOF)) {} /* do nothing */ } } /* eat all continuous spaces in a file */ static int aix_fs_ignorespace (FILE *fd) { int c; while ((c = aix_fs_getc (fd)) != EOF) { if (! (isascii(c) && isspace (c)) ) { ungetc (c,fd); return c; } } return EOF; } /* read one word from file */ static int aix_fs_getword (FILE *fd, char *word, int len) { int c; int i = 0; --len; aix_fs_ignorespace (fd); while (((c = aix_fs_getc (fd)) != EOF) && !( isascii(c) && isspace(c) )) { if (c == '"') { while (((c = aix_fs_getc (fd)) != EOF) && (c != '"')) { *word++ = c; ++i; if (i == len) break; } } else { *word++ = c; ++i; } if (i == len) break; } *word = 0; return c; } /* PATH_MAX is in sys/limits.h, included via stdio.h */ typedef struct { char mnt_mount[PATH_MAX]; char mnt_special[PATH_MAX]; char mnt_fstype[16]; char mnt_options[128]; } AixMountTableEntry; /* read mount points properties */ static int aix_fs_get (FILE *fd, AixMountTableEntry *prop) { /* Need space for PATH_MAX + ':' (terminating '\0' is in PATH_MAX; SUSv3) */ static char word[PATH_MAX+1] = { 0 }; char value[PATH_MAX]; /* reset */ if (fd == NULL) { word[0] = '\0'; return 0; } /* read stanza */ if (word[0] == 0) { if (aix_fs_getword (fd, word, (PATH_MAX+1)) == EOF) return EOF; } word[strlen(word) - 1] = 0; sl_strlcpy (prop->mnt_mount, word, PATH_MAX); /* read attributes and value */ while (aix_fs_getword (fd, word, (PATH_MAX+1)) != EOF) { /* test if is attribute or new stanza */ if (word[strlen(word) - 1] == ':') { return 0; } /* read "=" */ aix_fs_getword (fd, value, PATH_MAX); /* read value */ aix_fs_getword (fd, value, PATH_MAX); if (strcmp (word, "dev") == 0) { sl_strlcpy (prop->mnt_special, value, PATH_MAX); } else if (strcmp (word, "vfs") == 0) { sl_strlcpy (prop->mnt_fstype, value, 16); } else if (strcmp (word, "options") == 0) { sl_strlcpy(prop->mnt_options, value, 128); } } return 0; } /* end AIX helper routines */ #endif #endif #if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) /* FreeBSD returns flags instead of strings as mount options, so we'll convert * them here. */ static struct sh_mounts_opt * getoptlist(int flags) { struct sh_mounts_opt *list, *o; int i; struct {char *opt; int flag;} table[] = { #ifdef MNT_RDONLY {"ro", MNT_RDONLY}, #endif #ifdef MNT_NOEXEC {"noexec", MNT_NOEXEC}, #endif #ifdef MNT_NOSUID {"nosuid", MNT_NOSUID}, #endif #ifdef MNT_NODEV {"nodev", MNT_NODEV}, #endif #ifdef MNT_SYNCHRONOUS {"sync", MNT_SYNCHRONOUS}, #endif #ifdef MNT_ASYNC {"async", MNT_ASYNC}, #endif #ifdef MNT_LOCAL {"local", MNT_LOCAL}, #endif #ifdef MNT_QUOTA {"quota", MNT_QUOTA}, #endif #ifdef MNT_NOATIME {"noatime", MNT_NOATIME}, #endif {"bound", -1} }; SL_ENTER(_("getoptlist")); list = NULL; /* Add any flags found to the list */ for (i = 0; table[i].flag != -1; i++) { if (flags & table[i].flag) { o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); o->opt = sh_util_strdup(table[i].opt); o->next = list; list = o; } } SL_RETURN(list, _("getoptlist")); } /* Solaris & Linux return identical option string formats */ #else /* We just separate the options out by parsing for commas */ static struct sh_mounts_opt * getoptlist(char *opt) { struct sh_mounts_opt *list, *o; char *sp, *temp; SL_ENTER(_("getoptlist")); /* See the comments in sh_mounts_config_mount() above for the reasons for * this arcane little zig-zag */ temp = sh_util_strdup(opt); opt = temp; list = NULL; /* For each option, add to the list */ while (opt != NULL) { sp = sh_util_strsep(&opt, ", \t"); if (*sp == '\0') { continue; } o = (struct sh_mounts_opt *) SH_ALLOC(sizeof(struct sh_mounts_opt)); o->next = list; list = o; o->opt = sh_util_strdup(sp); } SH_FREE(temp); SL_RETURN(list, _("getoptlist")); } #endif /* Read the list of mounts from whereever is appropriate to the OS and return * it. Return NULL on error. */ static struct sh_mounts_mnt * readmounts(void) { struct sh_mounts_mnt *list, *m; SL_ENTER(_("readmounts")); m = NULL; /* use it to avoid compiler warning */ list = m; /* The Open/FreeBSD way */ #if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) { struct statfs *fsp; int entries; entries = getmntinfo(&fsp, MNT_NOWAIT); if (entries < 0) { SL_RETURN((NULL), _("readmounts")); } for (; entries-- > 0; fsp++) { m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); m->path = sh_util_strdup(fsp->f_mntonname); m->opts = getoptlist(fsp->f_flags); m->next = list; list = m; } } #endif /* The Linux way */ #ifdef HOST_IS_LINUX { struct mntent *mp; FILE *tab = setmntent(_PATH_MOUNTED, "r"); if (tab == NULL) { SL_RETURN((NULL), _("readmounts")); } mp = getmntent(tab); while (mp != NULL) { m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); m->path = sh_util_strdup(mp->mnt_dir); m->opts = getoptlist(mp->mnt_opts); m->next = list; list = m; mp = getmntent(tab); } (void) endmntent(tab); } #endif /* The Solaris way */ #ifdef HOST_IS_SOLARIS { struct mnttab mp; FILE *tab = fopen(MNTTAB, "r"); if (tab == NULL) { SL_RETURN((NULL), _("readmounts")); } while (!getmntent(tab, &mp)) { m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); m->path = sh_util_strdup(mp.mnt_mountp); m->opts = getoptlist(mp.mnt_mntopts); m->next = list; list = m; } sl_fclose(FIL__, __LINE__, tab); } #endif /* The HP-UX way */ #ifdef HOST_IS_HPUX { struct mntent *mp; FILE *tab = setmntent(MNT_MNTTAB, "r"); if (tab == NULL) { SL_RETURN((NULL), _("readmounts")); } mp = getmntent(tab); while (mp != NULL) { m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); m->path = sh_util_strdup(mp->mnt_dir); m->opts = getoptlist(mp->mnt_opts); m->next = list; list = m; mp = getmntent(tab); } (void) endmntent(tab); } #endif /* The AIX way */ #if 0 #ifdef HOST_IS_AIX { AixMountTableEntry mntent; FILE *tab = fopen("/etc/filesystems", "r"); if (tab == NULL) { SL_RETURN((NULL), _("readmounts")); } while (!aix_fs_get (tab, &mntent)) { m = (struct sh_mounts_mnt *) SH_ALLOC(sizeof (struct sh_mounts_mnt)); m->path = sh_util_strdup(mntent.mnt_mount); m->opts = getoptlist(mntent.mnt_options); m->next = list; list = m; mntent.mnt_mount[0] = '\0'; mntent.mnt_special[0] = '\0'; mntent.mnt_fstype[0] = '\0'; mntent.mnt_options[0] = '\0'; } (void) sl_fclose(FIL__, __LINE__, tab); aix_fs_get (NULL, NULL); /* reset */ } #endif #endif SL_RETURN((list), _("readmounts")); } /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ #endif /* #ifdef SH_USE_MOUNTS */ #endif samhain-3.1.0/src/samhain_stealth.c0000644000175000017500000002466511724711651014175 00000000000000#include "config_xor.h" #ifdef HAVE_BROKEN_INCLUDES #define _ANSI_C_SOURCE #define _POSIX_SOURCE #endif #include #include #include #include #include #include #include #include #include #ifndef SH_BUFSIZE #define SH_BUFSIZE 1024 #endif #ifdef SH_STEALTH char * globber(const char * string); #define _(string) globber(string) #define N_(string) string #else #define _(string) string #define N_(string) string #endif #ifdef SH_STEALTH #ifndef SH_MAX_GLOBS #define SH_MAX_GLOBS 32 #endif #ifndef GLOB_LEN #define GLOB_LEN 511 #endif char * globber(const char * str) { register int i, j; static int count = -1; static char glob[SH_MAX_GLOBS][GLOB_LEN+1]; ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; j = strlen(str); if (j > GLOB_LEN) j = GLOB_LEN; for (i = 0; i < j; ++i) { if (str[i] != '\n' && str[i] != '\t') glob[count][i] = str[i] ^ XOR_CODE; else glob[count][i] = str[i]; } glob[count][j] = '\0'; return glob[count]; } #endif static unsigned long off_data; char sh_util_charhex( int c ) { if ( c >= 0 && c <= 9 ) return '0' + c; else if ( c >= 10 && c <= 15 ) return 'a' + (c - 10); else { fprintf(stderr, _("Out of range: %d\n"), c); return 'X'; } } int sh_util_hexchar( char c ) { if ( c >= '0' && c <= '9' ) return c - '0'; else if ( c >= 'a' && c <= 'f' ) return c - 'a' + 10; else if ( c >= 'A' && c <= 'F' ) return c - 'A' + 10; else return -1; } /* --------- third step ----------- * * get data from a block of hex data */ int hideout_hex_block(int fd, unsigned char * str, int len) { register int i, j, k; unsigned char c, e; register int num; unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; unsigned long here = 0; unsigned long retval = 0; i = 0; while (i < len) { for (j = 0; j < 8; ++j) { /* get a low byte, modify, read back */ for (k = 0; k < 2; ++k) { c = ' '; do { do { num = read (fd, &c, 1); } while (num == 0 && errno == EINTR); if (num == 0) return -1; ++here; } while (c == '\n' || c == '\t' || c == '\r' || c == ' '); } /* e is the value of the low byte */ e = (unsigned char) sh_util_hexchar( c ); if ((e & mask[7]) != 0) /* bit is set */ str[i] |= mask[j]; else /* bit is not set */ str[i] &= ~mask[j]; } if (str[i] == '\n') break; ++i; } str[i+1] = '\0'; retval += here; return retval; } /* --------- second step ----------- * * hide data in a block of hex data */ int hidein_hex_block(int fd, char * str, int len) { register int i, j, k; unsigned char c, d, e; register int num; unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; unsigned long here = 0; unsigned long retval = 0; for (i = 0; i < len; ++i) { d = str[i]; for (j = 0; j < 8; ++j) { /* get a low byte, modify, read back */ for (k = 0; k < 2; ++k) { c = ' '; do { do { num = read (fd, &c, 1); } while (num == 0 && errno == EINTR); if (num == 0) return -1; ++here; } while (c == '\n' || c == '\t' || c == '\r' || c == ' '); } /* e is the value of the low byte */ e = (unsigned char) sh_util_hexchar( c ); if ((d & mask[j]) != 0) /* bit is set */ e |= mask[7]; else /* bit is not set */ e &= ~mask[7]; e = sh_util_charhex ( e ); lseek(fd, -1, SEEK_CUR); do { num = write(fd, &e, 1); } while (num == 0 && errno == EINTR); } } retval += here; return retval; } /* --------- first step ----------- * * find first block of hex data */ unsigned long first_hex_block(int fd, unsigned long * max) { int i; register int num = 1; char c; int nothex = 0; unsigned long retval = 0; int this_line = 0; char theline[SH_BUFSIZE]; *max = 0; while (1) { theline[0] = '\0'; this_line = 0; c = '\0'; while (c != '\n' && num > 0) { do { num = read (fd, &c, 1); } while (num == 0 && errno == EINTR); if (num > 0) theline[this_line] = c; else return 0; this_line += num; } theline[this_line] = '\0'; /* not only 'newline' */ if (this_line > 60) { nothex = 0; i = 0; while (nothex == 0 && i < (this_line-1)) { if (! isxdigit((int)theline[i])) nothex = 1; ++i; } if (nothex == 1) retval += this_line; } else { nothex = 1; retval += this_line; } if (nothex == 0) { *max = 0; do { do { num = read (fd, theline, SH_BUFSIZE); } while (num == 0 && errno == EINTR); for (i = 0; i < num; ++i) { c = theline[i]; if (c == '\n' || c == '\t' || c == '\r' || c == ' ') ; else if (!isxdigit((int)c)) break; else *max += 1; } } while (num > 0); *max /= 16; return retval; } } /* return 0; *//* unreachable */ } static void usage () { fprintf(stdout, "%s", _("\nUsage: samhain_stealth -i|s|g|o "\ "[what]\n\n")); fprintf(stdout, "%s", _(" -i info on PS image 'where'\n")); fprintf(stdout, "%s", _(" (how much bytes can be hidden in it).\n")); fprintf(stdout, "%s", _(" -s hide file 'what' in PS image 'where'\n")); fprintf(stdout, "%s", _(" -g get hidden data from PS image 'where'\n")); fprintf(stdout, "%s", _(" (output to stdout)\n")); fprintf(stdout, "%s", _(" -o size of file 'where' = offset to "\ "end-of-file\n")); fprintf(stdout, "%s", _(" (same as wc -c).\n\n")); fprintf(stdout, "%s", _(" Example: let bar.ps be the ps file, and"\ "foo the config file\n")); fprintf(stdout, "%s", _(" 1) extract with: samhain_stealth "\ "-g bar.ps >foo\n")); fprintf(stdout, "%s", _(" 2) hide with: samhain_stealth "\ "-s bar.ps foo\n\n")); fprintf(stdout, "%s", _(" This program hides a file in an UNCOMPRESSED "\ "postscript\n")); fprintf(stdout, "%s", _(" image. To generate such an image, you may " \ "use e.g.:\n")); fprintf(stdout, "%s", _(" 'convert +compress foo.jpg bar.ps'.\n")); fprintf(stdout, "%s", _(" 'gimp' apparently saves postscript "\ "uncompressed by default\n")); fprintf(stdout, "%s", _(" (V 1.06 of the postscript plugin).\n")); fprintf(stdout, "%s", _(" 'xv' seems to save with run-length "\ "compression, which is unsuitable.\n")); fprintf(stdout, "%s", _(" The program does not check the "\ "compression type of the PS file.\n")); fprintf(stdout, "%s", _(" Just have a look at the result to check.\n")); return; } int main (int argc, char * argv[]) { int fd; int add_off; unsigned long max; char buf[1024]; FILE * infil; int pgp_flag = 0; if (argc == 2 && argv[1][0] == '-' && argv[1][1] == 'h') { usage(); return (0); } if (argc == 2 && 0 == strcmp(argv[1], _("--help"))) { usage(); return (0); } if (argc < 3 || argv[1][0] != '-' || (argv[1][1] != 'o' && argv[1][1] != 'i' && argv[1][1] != 's' && argv[1][1] != 'g')) { usage (); return (1); } /* offset to end */ if (argv[1][1] == 'o') { fd = open(argv[2], O_RDONLY); if (fd == -1) { fprintf(stderr, _("Error: could not open() %s for reading\n"), argv[2]); return (1); } off_data = lseek (fd, 0, SEEK_END); fprintf(stdout, _("%ld %s\n"), off_data, argv[2]); close (fd); return (0); } fd = open(argv[2], O_RDWR); if (fd == -1) { fprintf(stderr, _("Error: could not open() %s for read/write\n"), argv[2]); return (1); } /* find the first block of hex data */ if (argv[1][1] == 'i') { off_data = first_hex_block(fd, &max); fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), off_data, max); if (max > 0) return (0); else { fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); return (1); } } /* seek to the first block of fresh hex data and hide data */ if (argv[1][1] == 's') { infil = fopen(argv[3], "r"); if (infil == NULL) { fprintf(stderr, _("Error: could not open() %s\n"), argv[3]); return (8); } off_data = first_hex_block(fd, &max); fprintf(stdout, _("IMA START AT: %ld MAX. CAPACITY: %ld Bytes\n"), off_data, max); if (max == 0) { fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); return (1); } fprintf(stdout, _(" .. hide %s in %s .. \n"), argv[3], argv[2]); while (fgets(buf, sizeof(buf), infil)) { lseek(fd, off_data, SEEK_SET); add_off = hidein_hex_block(fd, buf, strlen(buf)); if (add_off == -1) { fprintf(stderr, _("Error: %s has insufficient capacity\n"), argv[2]); return (1); } off_data += add_off; } fclose(infil); /* * make sure there is a terminator */ lseek(fd, off_data, SEEK_SET); add_off = hidein_hex_block(fd, _("\n[EOF]\n"), 7); if (add_off == -1) { fprintf(stderr, _("Error: %s has insufficient capacity\n"), argv[2]); return (1); } fprintf(stdout, "%s", _(" .. finished\n")); return (0); } if (argv[1][1] == 'g') { off_data = first_hex_block(fd, &max); if (max == 0) { fprintf(stderr, _("Error: %s is probably not an uncompressed postscript image\n"), argv[2]); return (1); } lseek(fd, off_data, SEEK_SET); while (1 == 1) { add_off = hideout_hex_block(fd, (unsigned char *) buf, 1023); if (add_off == -1) { fprintf(stderr, _("Error: premature end of data in %s\n"), argv[2]); return (1); } if (0 == strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))) pgp_flag = 1; fprintf(stdout, "%s", buf); if (0 == strncmp(buf, _("[EOF]"), 5) && pgp_flag == 0) break; if (0 == strcmp(buf, _("-----END PGP SIGNATURE-----\n")) && pgp_flag == 1) break; off_data += add_off; lseek(fd, off_data, SEEK_SET); } return (0); } fprintf(stderr, _("Invalid mode of operation: %s"), argv[1]); return (1); } samhain-3.1.0/src/cutest_slib.c0000644000175000017500000000477011254755512013346 00000000000000 #include "config_xor.h" #include #include "CuTest.h" #include "samhain.h" void Test_sl_stale (CuTest *tc) { extern int get_the_fd (SL_TICKET ticket); int fd1, fd2, ret, line, val; SL_TICKET tfd1, tfd2; char * err1; char err2[128]; line = __LINE__; tfd1 = sl_open_read(__FILE__, __LINE__, "/etc/group", SL_NOPRIV); CuAssertTrue(tc, tfd1 > 0); fd1 = get_the_fd(tfd1); CuAssertTrue(tc, fd1 >= 0); ret = close(fd1); CuAssertTrue(tc, ret == 0); tfd2 = sl_open_read(__FILE__, __LINE__, "/etc/group", SL_NOPRIV); CuAssertTrue(tc, tfd2 > 0); CuAssertTrue(tc, tfd2 != tfd1); fd2 = get_the_fd(tfd2); CuAssertIntEquals(tc, fd1, fd2); err1 = sl_check_stale(); CuAssertTrue(tc, err1 != NULL); sl_snprintf(err2, sizeof(err2), "stale handle, %s, %d", __FILE__, line); val = strcmp(err1, err2); CuAssertIntEquals(tc, 0, val); } void Test_sl_snprintf (CuTest *tc) { int ret = 0; char input[16]; memset (&input, 'X', 16); ret = sl_snprintf(input, 10, "%s\n", "01234567890123456789"); CuAssertIntEquals(tc, ret, 0); CuAssertTrue(tc, input[9] == '\0'); CuAssertTrue(tc, input[10] == 'X'); memset (&input, 'X', 16); ret = sl_snprintf(input, 4, "%d\n", "012345"); CuAssertIntEquals(tc, ret, 0); CuAssertTrue(tc, input[3] == '\0'); CuAssertTrue(tc, input[4] == 'X'); } void Test_sl_strcasecmp (CuTest *tc) { char one[64], two[64]; int res; strcpy(one, "foo"); strcpy(two, "foo"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, 0, res); strcpy(one, "fo"); strcpy(two, "foo"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, -1, res); strcpy(one, "foo"); strcpy(two, "fo"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, 1, res); strcpy(one, "1234"); strcpy(two, "2345"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, -1, res); strcpy(one, "234"); strcpy(two, "123"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, 1, res); strcpy(one, ""); strcpy(two, "123"); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, -1, res); strcpy(one, "234"); strcpy(two, ""); res = sl_strcasecmp(one, two); CuAssertIntEquals(tc, 1, res); strcpy(one, ""); strcpy(two, ""); res = sl_strcasecmp(one, two); CuAssertTrue(tc, res == 0); #ifndef SL_FAIL_ON_ERROR res = sl_strcasecmp(NULL, two); CuAssertIntEquals(tc, -1, res); res = sl_strcasecmp(one, NULL); CuAssertIntEquals(tc, 1, res); res = sl_strcasecmp(NULL, NULL); CuAssertTrue(tc, res != 0); #endif } samhain-3.1.0/src/mkhdr.c0000644000175000017500000001155310232774201012117 00000000000000#include "config.h" #ifdef HAVE_BROKEN_INCLUDES #define _ANSI_C_SOURCE #define _POSIX_SOURCE #endif #include extern void exit(int status); extern int fclose(FILE *stream); #ifndef TRUE #define TRUE (1 == 1) #endif #ifndef FALSE #define FALSE (1 != 1) #endif struct description_int { int int_size; char int_name[20]; }; struct description_int int_descrs[] = { #ifdef LONGLONG { sizeof(unsigned long long), "unsigned long long" }, #endif { sizeof(unsigned long), "unsigned long" }, { sizeof(unsigned int), "unsigned int" }, { sizeof(unsigned short), "unsigned short" }, { sizeof(unsigned char), "unsigned char" } }; int size_count = sizeof(int_descrs) / sizeof(struct description_int); struct trnc_data { long a, b, q, r; }; struct trnc_data trunc_tbl[] = { { 13, 4, 3, 1 }, { 13, -4, -3, 1 }, { -13, 4, -3, -1 }, { -13, -4, 3, -1 }, { 15, 4, 3, 3 }, { 15, -4, -3, 3 }, { -15, 4, -3, -3 }, { -15, -4, 3, -3 } }; int size_trunc_tbl = sizeof(trunc_tbl) / sizeof(struct trnc_data); struct rand_data { unsigned long dig_size, a1, c1, a2, c2; }; struct rand_data rand_tbl[] = { { 8, 197, 11, 37, 37 }, { 16, 805, 345, 925, 767 }, { 18, 13405, 4801, 20325, 19777 }, { 32, 13405, 4801, 20325, 19777 } }; int size_rand_tbl = sizeof(rand_tbl) / sizeof(struct rand_data); int digit_bits; int div_trunc_p(void) { int i; for (i = 0; i < size_trunc_tbl; i++) { if (trunc_tbl[i].a / trunc_tbl[i].b != trunc_tbl[i].q) { printf("%ld / %ld = %ld, should have been %ld\n", trunc_tbl[i].a, trunc_tbl[i].b, trunc_tbl[i].a / trunc_tbl[i].b, trunc_tbl[i].q); printf("when division truncates towards zero.\n"); return FALSE; } if (trunc_tbl[i].a % trunc_tbl[i].b != trunc_tbl[i].r) { printf("%ld %% %ld = %ld, should have been %ld\n", trunc_tbl[i].a, trunc_tbl[i].b, trunc_tbl[i].a % trunc_tbl[i].b, trunc_tbl[i].r); printf("when division truncates towards zero.\n"); printf("Here a != q*b + r. Very strange!\n"); return FALSE; } } return TRUE; } int charsize(void) { int i = 0; unsigned char ch = 1; unsigned char oldch = 0; while (ch > oldch) { oldch = ch; ch <<= 1; i++; } return i; } void RandDefsOut(FILE *fpOut, int dig_size) { int i = 0; while ((i < size_rand_tbl) && (dig_size != (int)rand_tbl[i].dig_size)) { i++; } if (i == size_rand_tbl) { if (dig_size < (int) rand_tbl[0].dig_size) { printf("Digit size %d too small.\n", dig_size); exit(10); } while ((int) rand_tbl[--i].dig_size > dig_size) { /* Count down `i' */ } } fprintf(fpOut, "\n#define BIG_RAND_A1 %ld\n", rand_tbl[i].a1); fprintf(fpOut, "#define BIG_RAND_C1 %ld\n", rand_tbl[i].c1); fprintf(fpOut, "#define BIG_RAND_A2 %ld\n", rand_tbl[i].a2); fprintf(fpOut, "#define BIG_RAND_C2 %ld\n", rand_tbl[i].c2); } int main(void) { int i, j = 0, ints_found = FALSE, char_bits; FILE *fpOut; if (!div_trunc_p()) { printf("Can't do division on this machine!\n"); exit(10); } if ((fpOut = fopen("internal.h", "w")) == NULL) { printf("Could not create \"internal.h\".\n"); exit(10); } fprintf(fpOut, "#ifndef _BIGNUM_INTERNAL_H_\n"); fprintf(fpOut, "#define _BIGNUM_INTERNAL_H_\n\n"); char_bits = charsize(); for (i = 0; (i < size_count - 1) && !ints_found; i++) { for (j = i + 1; (j < size_count) && !ints_found; j++) { if (int_descrs[i].int_size >= 2 * int_descrs[j].int_size) { fprintf(fpOut, "#define BIGNUM_DIGIT %s\n", int_descrs[j].int_name); fprintf(fpOut, "#define BIGNUM_TWO_DIGITS %s\n\n", int_descrs[i].int_name); ints_found = TRUE; } } } if (!ints_found) { fprintf(stderr, "Strange, no integer type was two times bigger "); fprintf(stderr, "than another integer type.\n"); fprintf(stderr, "Can't create header file.\nExiting.\n"); exit(10); } if (i > 0) i--; if (j > 0) j--; digit_bits = char_bits * int_descrs[j].int_size; fprintf(fpOut, "#define BIG_CHARBITS %d\n", char_bits); fprintf(fpOut, "#define BIGNUM_DIGIT_BITS %d\n", digit_bits); fprintf(fpOut, "#define BIGNUM_TWO_DIGITS_BITS %d\n\n", char_bits * int_descrs[i].int_size); fprintf(fpOut, "struct big_struct\n{\n int sign;\n"); fprintf(fpOut, " unsigned long dgs_alloc;\n"); fprintf(fpOut, " unsigned long dgs_used;\n"); fprintf(fpOut, " BIGNUM_DIGIT *dp;\n};\n"); RandDefsOut(fpOut, char_bits * int_descrs[j].int_size); if (sizeof(long) == sizeof(int)) { fprintf(fpOut, "\n#define MEMCPY_LONG_COUNTER\n"); } #ifdef BIG_SHORT_NAMES fprintf(fpOut, "\n#define BIG_SHORT_NAMES\n"); #endif fprintf(fpOut, "\n#endif\n"); fclose(fpOut); exit(0); return 0; /* Keep gcc from complaining */ } samhain-3.1.0/src/encode.c0000644000175000017500000001061111525062270012243 00000000000000 /* #include "config.h" */ #include #include int main(int argv, char * argc[]) { int xor_base = -1; FILE * inf; FILE * ouf; char a, b; int i, j; char outfile[1024]; int inbracket = 0, quoted = 0; unsigned long count; /* char command[1024]; */ if ( argv < 3) { fprintf(stderr,"\nUsage: encode "\ "\n\n"); fprintf(stderr," This program will:\n"); fprintf(stderr," - take as input a source code file ,\n"); fprintf(stderr," - search for literal strings inclosed by _(), "\ "like '_(string)',\n"); fprintf(stderr," - replace _(string) by "\ "_(string XOR ),\n"); fprintf(stderr, " - and output the result to './x_'.\n\n"); fprintf(stderr," _() is supposed to be defined as a macro in "\ "the code, that\n"); fprintf(stderr," will allow the program to decode the xor'ed string "\ "at runtime.\n"); fprintf(stderr," The effect is that the compiled executable does "\ "not contain literal\n"); fprintf(stderr," strings that may trivially be found with the Unix "\ "'strings' command,\n"); fprintf(stderr," and thus reveal the nature of "\ "the program.\n"); return -1; } --argv; ++argc; xor_base = atoi(argc[0]); if (xor_base < 0 || (xor_base > 0 && xor_base < 128) || xor_base > 255) { fprintf(stderr, "\nERROR: encode: XOR_VAL=%d is out of "\ "range (0, 128..255)\n", xor_base); fprintf(stderr, "** please follow these steps to fix the problem:\n\n"); fprintf(stderr, " make clean\n"); fprintf(stderr, " ./configure [more options] "\ "--with-stealth=XOR_VAL (range 0, 128..255)\n"); fprintf(stderr, " make\n\n"); return -1; } /* fprintf(stderr, " %d\n", xor_base); */ --argv; ++argc; /* fprintf(stderr, "File: %d\n", argv); */ while (argv > 0) { inf = fopen(argc[0], "r"); if (inf == NULL) { fprintf(stderr, "Error opening %s\n", argc[0]); return -1; } /* outfile name */ i = 0; j = 0; while (argc[0][i] != '\0') { if (argc[0][i] == '/') j = i+1; ++i; } i = 0; outfile[0] = 'x'; outfile[1] = '_'; outfile[2] = '\0'; while (argc[0][j+i] != '\0') { outfile[i+2] = argc[0][j+i]; ++i; } outfile[i+2] = '\0'; ouf = fopen(outfile, "w"); if (ouf == NULL) { fprintf(stderr, "Error opening %s\n", outfile); return -1; } /* fprintf(stderr, "File: %s\n", argc[0]); */ count = 0; while (fread(&a, 1, 1, inf) != 0) { count++; if (a == '"' && quoted == 0) { quoted = 1; fwrite(&a, 1, 1, ouf); continue; } if (a == '"' && quoted == 1) { quoted = 0; fwrite(&a, 1, 1, ouf); continue; } if (a == '\n' && quoted == 1) { quoted = 0; fwrite(&a, 1, 1, ouf); continue; } /* macro start ? */ if (a == '_' && inbracket == 0 && quoted == 0) { fwrite(&a, 1, 1, ouf); b = '\0'; fread(&b, 1, 1, inf); count++; fwrite(&b, 1, 1, ouf); if (b == '(') inbracket = 1; continue; } /* macro end */ if (a == ')' && quoted == 0 && inbracket == 1) { inbracket = 0; /* fprintf(stdout, "\n"); */ fwrite(&a, 1, 1, ouf); continue; } /* in a bracket */ if (inbracket == 1 && quoted == 1) { /* fprintf(stdout, "%c", a); */ if (a == '\\') { fread(&b, 1, 1, inf); /* escape sequences */ if (b == 't' || b == 'n' || b == 'r' || b == '"') { fwrite(&a, 1, 1, ouf); fwrite(&b, 1, 1, ouf); } else { a ^= (char) xor_base; b ^= (char) xor_base; } } else { a ^= (char) xor_base; fwrite(&a, 1, 1, ouf); } continue; } fwrite(&a, 1, 1, ouf); } /* fprintf(stderr, "Bytes read: %ld\n", count); */ /* sprintf(command, "mv tempfile %s", argc[0]); */ /* system(command); */ fclose(ouf); fclose(inf); --argv; ++argc; } return 0; } samhain-3.1.0/src/sh_registry.c0000644000175000017500000006074312064546024013366 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2010 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /*************************************************************************** * * This file provides a module for samhain to check the MS Windows registry. * */ #include "config_xor.h" #ifdef USE_REGISTRY_CHECK #include #include #include #define FIL__ _("sh_registry.c") /* We don't want to build this into yule */ #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) #include #include #include "samhain.h" #include "sh_pthread.h" #include "sh_utils.h" #include "sh_unix.h" #include "sh_modules.h" #include "sh_hash.h" #include "sh_tiger.h" static int check_key (char * name, int isSingle); static int sh_reg_set_active (const char *s); static int sh_reg_set_interval (const char * c); static int sh_reg_set_severity (const char *s); static int sh_reg_add_key (const char *s); static int sh_reg_add_hierarchy (const char *s); static int sh_reg_add_stop (const char *s); static int sh_reg_add_ign (const char *s); static int sh_reg_ign_time (const char *s); #define STOP_FALSE 0 #define STOP_CHECK 1 #define STOP_IGN 2 sh_rconf sh_reg_check_table[] = { { N_("severitychange"), sh_reg_set_severity, }, { N_("registrycheckactive"), sh_reg_set_active, }, { N_("registrycheckinterval"), sh_reg_set_interval, }, { N_("ignoretimestamponly"), sh_reg_ign_time, }, { N_("singlekey"), sh_reg_add_key, }, { N_("hierarchy"), sh_reg_add_hierarchy, }, { N_("stopatkey"), sh_reg_add_stop, }, { N_("ignorekey"), sh_reg_add_ign, }, { NULL, NULL } }; /* Runtime configuration */ #define SH_REGISTRY_INTERVAL 300 static int ShRegCheckActive = S_FALSE; static time_t sh_reg_check_interval = SH_REGISTRY_INTERVAL; static int sh_reg_check_severity = SH_ERR_SEVERE; static int ShRegIgnTime = S_FALSE; struct regkeylist { char * name; int stop; int single; #ifdef HAVE_REGEX_H regex_t preg; #endif struct regkeylist *next; }; static struct regkeylist * keylist = NULL; static int sh_reg_set_active(const char *s) { int value; SL_ENTER(_("sh_reg_set_active")); value = sh_util_flagval(s, &ShRegCheckActive); SL_RETURN((value), _("sh_reg_set_active")); } static int sh_reg_ign_time(const char *s) { int value; SL_ENTER(_("sh_reg_ign_time")); value = sh_util_flagval(s, &ShRegIgnTime); SL_RETURN((value), _("sh_reg_ign_time")); } static int sh_reg_set_interval (const char * c) { int retval = 0; long val; SL_ENTER(_("sh_reg_set_interval")); val = strtol (c, (char **)NULL, 10); if (val <= 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("registry check interval"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); retval = -1; } sh_reg_check_interval = (time_t) val; SL_RETURN(0, _("sh_reg_set_interval")); } static int sh_reg_set_severity (const char *s) { char tmp[32]; tmp[0] = '='; tmp[1] = '\0'; sl_strlcat (tmp, s, 32); return sh_error_set_level (tmp, &sh_reg_check_severity); } static int sh_reg_add_key_int (const char *s, int isSingle, int isStop) { struct regkeylist * newkey; size_t len = sl_strlen(s); if (len > 0) { newkey = SH_ALLOC(sizeof(struct regkeylist)); newkey->single = isSingle; newkey->stop = isStop; newkey->name = NULL; if (STOP_FALSE == isStop) { newkey->name = SH_ALLOC(len + 1); sl_strlcpy(newkey->name, s, len+1); } else { #ifdef HAVE_REGEX_H int status = regcomp(&(newkey->preg), s, REG_NOSUB|REG_EXTENDED); if (status != 0) { char errbuf[512]; char *p; regerror(status, &(newkey->preg), errbuf, sizeof(errbuf)); sl_strlcat(errbuf, ": ", sizeof(errbuf)); p = sh_util_safe_name_keepspace(s); sl_strlcat(errbuf, p, sizeof(errbuf)); SH_FREE(p); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, errbuf, _("sh_reg_add_key_int")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(newkey); return -1; } #else newkey->name = SH_ALLOC(len + 1); sl_strlcpy(newkey->name, s, len+1); #endif } newkey->next = keylist; keylist = newkey; return 0; } return -1; } static int sh_reg_add_key (const char *s) { return sh_reg_add_key_int (s, S_TRUE, STOP_FALSE); } static int sh_reg_add_hierarchy (const char *s) { return sh_reg_add_key_int (s, S_FALSE, STOP_FALSE); } static int sh_reg_add_stop (const char *s) { return sh_reg_add_key_int (s, S_FALSE, STOP_CHECK); } static int sh_reg_add_ign (const char *s) { return sh_reg_add_key_int (s, S_FALSE, STOP_IGN); } /* Module functions */ int sh_reg_check_init(struct mod_type * arg) { #ifndef HAVE_PTHREAD (void) arg; #endif if (ShRegCheckActive == S_FALSE) return SH_MOD_FAILED; #ifdef HAVE_PTHREAD if (arg != NULL && arg->initval < 0 && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) return SH_MOD_THREAD; else return SH_MOD_FAILED; } else if (arg != NULL && arg->initval == SH_MOD_THREAD && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { return SH_MOD_THREAD; } #endif return 0; } int sh_reg_check_timer(time_t tcurrent) { static time_t lastcheck = 0; SL_ENTER(_("sh_reg_check_timer")); if ((time_t) (tcurrent - lastcheck) >= sh_reg_check_interval) { lastcheck = tcurrent; SL_RETURN((-1), _("sh_reg_check_timer")); } SL_RETURN(0, _("sh_reg_check_timer")); } #define SH_REGFORM_NEW 1 #define SH_REGFORM_OLD 2 static char * format_changes(int flag, char * buf, size_t len, time_t time_old, unsigned long size_old, unsigned long keys_old, unsigned long values_old, char * hash_old, time_t time_new, unsigned long size_new, unsigned long keys_new, unsigned long values_new, char * hash_new) { char timestr1[32]; char timestr2[32]; char timestr3[32]; char buf_old[512] = ""; char buf_new[512] = ""; if ((0 != (flag & SH_REGFORM_NEW)) && (NULL != hash_new)) { (void) sh_unix_gmttime (time_new, timestr1, sizeof(timestr1)); (void) sh_unix_gmttime (keys_new, timestr2, sizeof(timestr2)); (void) sh_unix_gmttime (values_new, timestr3, sizeof(timestr3)); #ifdef SH_USE_XML sl_snprintf(buf_new, sizeof(buf_new), "size_new=\"%lu\" mtime_new=\"%s\" ctime_new=\"%s\" atime_new=\"%s\" chksum_new=\"%s\"", size_new, timestr1, timestr2, timestr3, hash_new); #else sl_snprintf(buf_new, sizeof(buf_new), "size_new=<%lu>, mtime_new=<%s>, ctime_new=<%s>, atime_new=<%s>, chksum_new=<%s>", size_new, timestr1, timestr2, timestr3, hash_new); #endif } if ((0 != (flag & SH_REGFORM_OLD)) && (NULL != hash_old)) { (void) sh_unix_gmttime (time_old, timestr1, sizeof(timestr1)); (void) sh_unix_gmttime (keys_old, timestr2, sizeof(timestr2)); (void) sh_unix_gmttime (values_old, timestr3, sizeof(timestr3)); #ifdef SH_USE_XML sl_snprintf(buf_old, sizeof(buf_old), " size_old=\"%lu\" mtime_old=\"%s\" ctime_old=\"%s\" atime_old=\"%s\" chksum_old=\"%s\"", size_old, timestr1, timestr2, timestr3, hash_old); #else sl_snprintf(buf_old, sizeof(buf_old), " size_old=<%lu>, mtime_old=<%s>, ctime_old=<%s>, atime_old=<%s>, chksum_old=<%s>", size_old, timestr1, timestr2, timestr3, hash_old); #endif } sl_strlcpy(buf, buf_new, len); sl_strlcat(buf, buf_old, len); return buf; } static void report_missing_entry(const char * path) { char * infobuf = SH_ALLOC(1024); char * errbuf = SH_ALLOC(1024); char * tmp = sh_util_safe_name (path); char timestr[32]; struct store2db save; memset(&save, '\0', sizeof(struct store2db)); sh_hash_db2pop (path, &save); (void) sh_unix_gmttime (save.val1, timestr, sizeof(timestr)); sl_snprintf(infobuf, 1024, _("mtime=%s size=%lu subkeys=%lu values=%lu"), timestr, (unsigned long) save.val0, (unsigned long) save.val2, (unsigned long) save.val3); (void) format_changes (SH_REGFORM_OLD, errbuf, 1024, save.val1, save.val0, save.val2, save.val3, save.checksum, 0, 0, 0, 0, NULL); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(sh_reg_check_severity, FIL__, __LINE__, 0, MSG_REG_MISS, infobuf, tmp, errbuf); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(errbuf); SH_FREE(infobuf); return; } int sh_reg_check_run(void) { struct regkeylist *this = keylist; if (this) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("Checking the registry"), _("sh_reg_check_run")); SH_MUTEX_UNLOCK(mutex_thread_nolog); while (this) { if (STOP_FALSE == this->stop) { /* * -- Check key -- */ check_key (this->name, this->single); } this = this->next; } } sh_hash_unvisited_custom ('H', report_missing_entry); return 0; } int sh_reg_check_reconf(void) { struct regkeylist *this; while (keylist) { this = keylist; keylist = keylist->next; if (this->name) SH_FREE(this->name); #ifdef HAVE_REGEX_H if (STOP_FALSE != this->stop) regfree(&(this->preg)); #endif SH_FREE(this); } sh_reg_check_interval = SH_REGISTRY_INTERVAL; return 0; } int sh_reg_check_cleanup(void) { sh_reg_check_reconf(); return 0; } /* >>>>>>>>>>>> Main check function <<<<<<<<<<<< */ #include #define MAX_KEY_LENGTH (2*256) #define MAX_VALUE_NAME (2*16384) CHAR achValue[MAX_VALUE_NAME]; unsigned long nKeys = 0; unsigned long nVals = 0; static int CheckThisSubkey (HKEY key, char * subkey, char * path, int isSingle, int view); static time_t convertTime(FILETIME * ft) { time_t result; /* Shift high part up by 2^32 */ UINT64 date = ((UINT64)ft->dwHighDateTime) << 32; /* Add low part */ date |= (UINT64)ft->dwLowDateTime; /* Subtract difference between Jan 1, 1601 and Jan 1, 1970 */ date -= ((UINT64)116444736) * ((UINT64)100) * ((UINT64)10000000); /* Divide by number of 100-nanosecond intervals per second */ date /= ((UINT64)10000000); /* Convert to a time_t */ result = (time_t) date; return result; } #if !defined(KEY_WOW64_64KEY) #define KEY_WOW64_64KEY 0x0100; #endif #if !defined(KEY_WOW64_32KEY) #define KEY_WOW64_32KEY 0x0200; #endif #define SH_KEY_NULL _("000000000000000000000000000000000000000000000000") int QueryKey(HKEY hKey, char * path, size_t pathlen, int isSingle) { CHAR achKey[MAX_KEY_LENGTH]; /* buffer for subkey name */ DWORD cbName; /* size of name string */ /* CHAR achClass[MAX_PATH] = ""; *//* buffer for class name */ /* DWORD cchClassName = MAX_PATH/2;*//* size of class string */ DWORD cSubKeys=0; /* number of subkeys */ DWORD cbMaxSubKey; /* longest subkey size */ DWORD cchMaxClass; /* longest class string */ DWORD cValues; /* number of values for key */ DWORD cchMaxValue; /* longest value name */ DWORD cbMaxValueData; /* longest value data */ DWORD cbSecurityDescriptor; /* size of security descriptor */ FILETIME ftLastWriteTime; /* last write time */ DWORD lpType; /* type of data stored in value */ BYTE lpData[256]; /* buffer for data in value */ DWORD lpcbData; /* size of lpData buffer */ DWORD i, retCode; DWORD cchValue = MAX_VALUE_NAME/2; char hashbuf[KEYBUF_SIZE]; unsigned long totalSize = 0; time_t fTime = 0; char * tPath = NULL; int doUpdate = S_FALSE; retCode = RegQueryInfoKey( hKey, /* key handle */ NULL /* achClass */, /* buffer for class name */ NULL /* &cchClassName */,/* size of class string */ NULL, /* reserved */ &cSubKeys, /* number of subkeys */ &cbMaxSubKey, /* longest subkey size */ &cchMaxClass, /* longest class string */ &cValues, /* number of values for this key */ &cchMaxValue, /* longest value name */ &cbMaxValueData, /* longest value data */ &cbSecurityDescriptor, /* security descriptor */ &ftLastWriteTime); /* last write time */ if (retCode != ERROR_SUCCESS) { return -1; } ++nKeys; fTime = convertTime (&ftLastWriteTime); /* Enumerate the subkeys, until RegEnumKeyEx fails. */ if (cSubKeys) { /* * printf( "\nNumber of subkeys: %lu\n", (unsigned long) cSubKeys); */ for (i=0; i (PATH_MAX-1)) { char hashbuf2[KEYBUF_SIZE]; char * p = strchr(path, '\\'); if (p) { char *q = p; ++p; tPath = SH_ALLOC(256 + KEYBUF_SIZE); *q = '\0'; sl_strlcpy(tPath, path, 256); /* truncates */ *q = '\\'; sl_strlcat(tPath, "\\", 257); (void) sh_tiger_hash(p, TIGER_DATA, sl_strlen(p), hashbuf2, sizeof(hashbuf2)); sl_strlcat(tPath, hashbuf2, 256 + KEYBUF_SIZE); } } if (sh.flag.checkSum == SH_CHECK_CHECK || sh.flag.update == S_TRUE) { struct store2db save; memset(&save, '\0', sizeof(struct store2db)); if (tPath) { sh_hash_db2pop (tPath, &save); } else { sh_hash_db2pop (path, &save); } if (save.size == -1) { /* Not in database */ char * infobuf = SH_ALLOC(1024); char * errbuf = SH_ALLOC(1024); char * tmp = sh_util_safe_name ((tPath == NULL) ? path : tPath); char timestr[32]; (void) sh_unix_gmttime (fTime, timestr, sizeof(timestr)); sl_snprintf(infobuf, 1024, _("mtime=%s size=%lu subkeys=%lu values=%lu"), timestr, (unsigned long) totalSize, (unsigned long) cSubKeys, (unsigned long) cValues); (void) format_changes (SH_REGFORM_NEW, errbuf, 1024, 0, 0, 0, 0, NULL, fTime, totalSize, cSubKeys, cValues, hashbuf); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(sh_reg_check_severity, FIL__, __LINE__, 0, MSG_REG_NEW, infobuf, tmp, errbuf); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(errbuf); SH_FREE(infobuf); doUpdate = S_TRUE; } else if (save.val0 != totalSize || save.val2 != cSubKeys || save.val3 != cValues || 0 != strcmp(save.checksum, hashbuf) || ( (((time_t) save.val1) != fTime) && (ShRegIgnTime == S_FALSE)) ) { /* Change detected */ char * infobuf = SH_ALLOC(1024); char * errbuf = SH_ALLOC(1024); char * tmp = sh_util_safe_name ((tPath == NULL) ? path : tPath); char timestr_new[32]; (void) sh_unix_gmttime (fTime, timestr_new, sizeof(timestr_new)); sl_snprintf(infobuf, 1024, _("mtime=%s size %lu->%lu subkeys %lu->%lu values %lu->%lu checksum %s"), timestr_new, (unsigned long) save.val0, (unsigned long) totalSize, (unsigned long) save.val2, (unsigned long) cSubKeys, (unsigned long) save.val3, (unsigned long) cValues, (0 == strcmp(save.checksum, hashbuf)) ? _("good") : _("bad")); (void) format_changes (SH_REGFORM_OLD|SH_REGFORM_NEW, errbuf, 1024, save.val1, save.val0, save.val2, save.val3, save.checksum, fTime, totalSize, cSubKeys, cValues, hashbuf); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(sh_reg_check_severity, FIL__, __LINE__, 0, MSG_REG_CHANGE, infobuf, tmp, errbuf); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(errbuf); SH_FREE(infobuf); doUpdate = S_TRUE; } } if ( sh.flag.checkSum == SH_CHECK_INIT || doUpdate == S_TRUE /* change detected */ ) { struct store2db save; memset(&save, '\0', sizeof(struct store2db)); save.val0 = totalSize; save.val1 = fTime; save.val2 = cSubKeys; save.val3 = cValues; sl_strlcpy(save.checksum, hashbuf, KEY_LEN+1); if (tPath) { sh_hash_push2db (tPath, &save); } else { sh_hash_push2db (path, &save); } } /* Without this, freshly updated entries would get deleted * as 'not seen'. */ if (sh.flag.checkSum != SH_CHECK_INIT) { if (tPath) sh_hash_set_visited (tPath); else sh_hash_set_visited (path); } if (tPath) { SH_FREE(tPath); } return 0; } static int check_for_stop (char * name) { struct regkeylist *this = keylist; while (this) { if (STOP_FALSE != this->stop) { #ifdef HAVE_REGEX_H if (0 == regexec(&(this->preg), name, 0, NULL, 0)) return this->stop; #else if (0 == strcmp(this->name, name)) return this->stop; #endif } this = this->next; } return STOP_FALSE; } int CheckThisSubkey (HKEY key, char * subkey, char * path, int isSingle, int view) { HKEY hTestKey; LONG qError; char * newpath; size_t len; int retval = -1; len = strlen(path) + 1 + strlen(subkey) + 1; newpath = SH_ALLOC(len); snprintf(newpath, len, "%s\\%s", path, subkey); /* Check for stop condition, if not single key. * Set flag to isSingle = S_TRUE if we should stop here. */ if (S_TRUE != isSingle) { int isStop = check_for_stop(newpath); if (STOP_CHECK == isStop) { isSingle = S_TRUE; } else if (STOP_IGN == isStop) { SH_FREE(newpath); return 0; } } len = strlen(path) + 1 + strlen(subkey) + 1; newpath = SH_ALLOC(len); snprintf(newpath, len, "%s\\%s", path, subkey); qError = RegOpenKeyEx( key, subkey, 0, (KEY_READ | view), &hTestKey); if (qError == ERROR_SUCCESS) { QueryKey(hTestKey, newpath, len-1, isSingle); RegCloseKey(hTestKey); retval = 0; } else { /* Error message */ LPVOID lpMsgBuf; char * tmp = sh_util_safe_name (newpath); size_t tlen = sl_strlen(tmp); if (SL_TRUE == sl_ok_adds(64, tlen)) { char * errbuf; size_t elen; tlen += 64; elen = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, qError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR) &lpMsgBuf, 0, NULL ); if (elen > 0 && SL_TRUE == sl_ok_adds(elen, tlen)) { tlen += elen; errbuf = SH_ALLOC(elen + tlen); sl_snprintf(errbuf, 64+tlen, _("Failed to open key %s: %s"), tmp, lpMsgBuf); LocalFree(lpMsgBuf); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, errbuf, _("CheckThisSubkey")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(errbuf); } } sh_reg_add_ign (newpath); SH_FREE(tmp); } SH_FREE(newpath); return retval; } int check_key (char * key, int isSingle) { HKEY topKey; char * subkey; char path[20] = ""; int pos = 0; if (0 == strncmp(key, _("HKEY_CLASSES_ROOT"), 17)) { topKey = HKEY_CLASSES_ROOT; pos = 17; strncpy(path, _("HKEY_CLASSES_ROOT"), sizeof(path)); } else if (0 == strncmp(key, _("HKEY_CURRENT_USER"), 17)) { topKey = HKEY_CURRENT_USER; pos = 17; strncpy(path, _("HKEY_CURRENT_USER"), sizeof(path)); } else if (0 == strncmp(key, _("HKEY_LOCAL_MACHINE"), 18)) { topKey = HKEY_LOCAL_MACHINE; pos = 18; strncpy(path, _("HKEY_LOCAL_MACHINE"), sizeof(path)); } else if (0 == strncmp(key, _("HKEY_USERS"), 10)) { topKey = HKEY_USERS; pos = 10; strncpy(path, _("HKEY_USERS"), sizeof(path)); } if (pos > 0) { if (key[pos] == '\\') { ++pos; subkey = &key[pos]; } } else { char * tmp = sh_util_safe_name_keepspace(key); size_t tlen = sl_strlen(tmp); if (SL_TRUE == sl_ok_adds(64, tlen)) { char * errbuf = SH_ALLOC(64 + tlen); sl_snprintf(errbuf, 64+tlen, _("Invalid key %s"), tmp); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, errbuf, _("check_key")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(errbuf); } SH_FREE(tmp); return -1; } /************************ if (ShCheckBothViews) { CheckThisSubkey (topKey, subkey, path, isSingle, KEY_WOW64_32KEY); return CheckThisSubkey (topKey, subkey, path, isSingle, KEY_WOW64_64KEY); } *************************/ return CheckThisSubkey (topKey, subkey, path, isSingle, 0); } /* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ #endif /* #ifdef USE_REGISTRY_CHECK */ #endif samhain-3.1.0/src/samhain_setpwd.c0000644000175000017500000002724012042272301014013 00000000000000#include "config_xor.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) #include #endif #if defined(HAVE_INT_32) typedef unsigned int UINT32; #elif defined(HAVE_LONG_32) typedef unsigned long UINT32; #elif defined(HAVE_SHORT_32) typedef unsigned short UINT32; #endif #define TAUS_MAX 4294967295UL static UINT32 taus_state[3]; static UINT32 taus_get () { #define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); } static void taus_seed () { unsigned char buf[12]; unsigned char buf2[12]; unsigned char buf3[12]; ssize_t count; size_t nbytes = sizeof(buf); size_t where = 0; struct timeval t1, t2; UINT32 delta, k[3]; int i, j; int fd = open ("/dev/urandom", O_RDONLY); if (fd == -1) { gettimeofday(&t1, NULL); delta = t1.tv_usec; memcpy(&buf[0], &delta, 4); gettimeofday(&t1, NULL); delta = t1.tv_usec; memcpy(&buf[4], &delta, 4); gettimeofday(&t1, NULL); delta = t1.tv_usec; memcpy(&buf[8], &delta, 4); goto second; } do { count = read(fd, &buf[where], nbytes); if (count == -1 && errno == EINTR) continue; where += count; nbytes -= count; } while (nbytes); close(fd); second: for (i = 0; i < 12; ++i) { gettimeofday(&t1, NULL); if (0 == fork()) _exit(EXIT_SUCCESS); wait(NULL); gettimeofday(&t2, NULL); delta = t2.tv_usec - t1.tv_usec; buf2[i] = (unsigned char) delta; } for (i = 0; i < 12; ++i) { gettimeofday(&t1, NULL); for (j = 0; j < 32768; ++j) { if (0 == kill (j,0)) k[i % 3] ^= j; } gettimeofday(&t2, NULL); delta = t2.tv_usec - t1.tv_usec; buf3[i] ^= (unsigned char) delta; } memcpy(&taus_state[0], &buf3[0], 4); memcpy(&taus_state[1], &buf3[4], 4); memcpy(&taus_state[2], &buf3[8], 4); taus_state[0] ^= k[0]; taus_state[1] ^= k[1]; taus_state[2] ^= k[2]; memcpy(&k[0], &buf2[0], 4); memcpy(&k[1], &buf2[4], 4); memcpy(&k[2], &buf2[8], 4); taus_state[0] ^= k[0]; taus_state[1] ^= k[1]; taus_state[2] ^= k[2]; memcpy(&k[0], &buf[0], 4); memcpy(&k[1], &buf[4], 4); memcpy(&k[2], &buf[8], 4); taus_state[0] ^= k[0]; taus_state[1] ^= k[1]; taus_state[2] ^= k[2]; taus_state[0] |= (UINT32) 0x03; taus_state[1] |= (UINT32) 0x09; taus_state[2] |= (UINT32) 0x17; } #ifdef SH_STEALTH char * globber(const char * string); #define _(string) globber(string) #define N_(string) string #else #define _(string) string #define N_(string) string #endif #ifdef SH_STEALTH #ifndef SH_MAX_GLOBS #define SH_MAX_GLOBS 32 #endif char * globber(const char * str) { register int i, j; static int count = -1; static char glob[SH_MAX_GLOBS][128]; ++count; if (count > (SH_MAX_GLOBS-1) ) count = 0; j = strlen(str); if (j > 127) j = 127; for (i = 0; i < j; ++i) { if (str[i] != '\n' && str[i] != '\t') glob[count][i] = str[i] ^ XOR_CODE; else glob[count][i] = str[i]; } glob[count][j] = '\0'; return glob[count]; } #endif /* This is a very inefficient algorithm, but there is really no * need for anything more elaborated here. Can handle NULL's in haystack * (not in needle), which strstr() apparently cannot. */ char * my_strstr (char * haystack, char * needle, int haystack_size) { register int i = 0, j = 0; register int siz; register char * ptr = haystack; register int len; siz = strlen(needle); len = haystack_size - siz; while (j < len) { i = 0; while (i < siz) { if (needle[i] != ptr[i]) break; if (i == (siz-1)) return ptr; ++i; } ++ptr; ++j; } return NULL; } /* fread() does not return the number of chars read, thus we need to * read only a small number of bytes, in order not to expand the binary * too much with the last fwrite(). Too lazy to fix this now. */ #define GRAB_SIZE 1024 int readhexchar ( char c ) { if ( c >= '0' && c <= '9' ) return c - '0'; else if ( c >= 'a' && c <= 'f' ) return c - 'a' + 10; else if ( c >= 'A' && c <= 'F' ) return c - 'A' + 10; else return -1; } int main (int argc, char * argv[]) { /* the default password */ unsigned char TcpFlag[9] = { 0xF7,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xF7 }; unsigned char BadFlag[9] = { 0xFF,0xC3,0x12,0xAA,0xAA,0x12,0xC3,0xFF }; char * found_it; int i; int suc = 0; int badcnt = 0; char * newn; size_t nlen; int oldf; int newf; int ret; unsigned long bytecount; char in[9]; int j, k; char ccd; char * str; char * buf = (char *) malloc(GRAB_SIZE); size_t dat; char * newpwd = (char *) malloc(5 * 8 + 2); char * oldpwd = (char *) malloc(5 * 8 + 2); memset (newpwd, '\0', 5 * 8 + 2); memset (oldpwd, '\0', 5 * 8 + 2); if (argc < 4) { fprintf (stderr, "%s", _("\nUsage: samhain_setpwd "\ "\n\n")); fprintf (stderr, "%s", _(" This program is a utility that will:\n")); fprintf (stderr, "%s", _(" - search in the binary executable "\ " for samhain's\n")); fprintf (stderr, "%s", _(" compiled-in default password,\n")); fprintf (stderr, "%s", _(" - change it to ,\n")); fprintf (stderr, "%s", _(" - and output the modified binary to "\ ".\n\n")); fprintf (stderr, "%s", _(" To allow for non-printable chars, "\ " must be\n")); fprintf (stderr, "%s", _(" a 16-digit hexadecimal "\ "number (only 0-9,A-F allowed in input),\n")); fprintf (stderr, "%s", _(" thus corresponding"\ " to an 8-byte password.\n\n")); fprintf (stderr, "%s", _(" Example: 'samhain_setpwd samhain new "\ "4142434445464748'\n")); fprintf (stderr, "%s", _(" takes the file 'samhain', sets the "\ "password to 'ABCDEFGH'\n")); fprintf (stderr, "%s", _(" ('A' = 41 hex, 'B' = 42 hex, ...) "\ "and outputs the result\n")); fprintf (stderr, "%s", _(" to 'samhain.new'.\n")); return EXIT_FAILURE; } if (strlen(argv[3]) != 16) { fprintf (stdout, _("ERROR |%s| has not exactly 16 chars\n"), argv[3]); fflush(stdout); return EXIT_FAILURE; } str = &argv[3][0]; i = 0; while (i < 16) { k = i/2; j = 0; if (2*k == i) in[k] = 0; while (j < 16) { if (-1 != readhexchar(str[i])) { in[k] += readhexchar(str[i]) * (i == 2*k ? 16 : 1); break; } ++j; if (j == 16) { fprintf(stdout, _("ERROR Invalid char %c\n"), str[i]); fflush(stdout); return EXIT_FAILURE; } } ++i; } in[8] = '\0'; /* ---- initialize ----- */ (void) umask (0); taus_seed(); bytecount = 0; /* ---- open files ----- */ oldf = open(argv[1], O_RDONLY); nlen = strlen(argv[1])+strlen(argv[2])+2; newn = (char *) malloc (nlen); strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; strncat(newn, ".", nlen); newn[nlen-1] = '\0'; strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); if (oldf < 0) { fprintf(stdout, _("ERROR Cannot open input file %s.\n"), argv[1]); fflush(stdout); return EXIT_FAILURE; } if (newf < 0) { fprintf(stdout, _("ERROR Cannot open output file %s.\n"), newn); fflush(stdout); return EXIT_FAILURE; } /* ---- scan file ----- */ while (1) { dat = read (oldf, buf, GRAB_SIZE); if (dat == 0) break; bytecount += dat; while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) { suc = 1; fprintf (stdout, "%s", _("INFO old password found\n")); fflush(stdout); for (i = 0; i < 8; ++i) { sprintf(&oldpwd[i*2], _("%02x"), (unsigned char) *found_it); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) in[i]); *found_it = in[i]; ++found_it; } fprintf (stdout, _("INFO replaced: %s by: %s\n"), oldpwd, newpwd); fflush(stdout); } while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) { badcnt++; /* fprintf (stderr, _("INFO old filler found\n")); */ for (i = 0; i < 8; ++i) { sprintf(&oldpwd[i*2], _("%02x"), (unsigned char) *found_it); ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) ccd); *found_it = ccd; ++found_it; } /* fprintf (stderr, _("INFO replaced: %s by: %s\n"), oldpwd, newpwd); */ } ret = write (newf, buf, dat); if (dat > 0 && ret < 0) { fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); fflush(stdout); return EXIT_FAILURE; } } if (suc == 1 && badcnt == 7) { fprintf (stdout, "%s", _("INFO finished\n")); close (newf); close (oldf); fflush(stdout); return (0); } lseek (oldf, 0, SEEK_SET); lseek (newf, 0, SEEK_SET); fprintf (stdout, "%s", _("INFO Not found in first pass.\n")); fprintf (stdout, "%s", _("INFO Second pass ..\n")); /* offset the start point */ dat = read (oldf, buf, (GRAB_SIZE / 2)); ret = write (newf, buf, dat); if (dat > 0 && ret < 0) { fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); fflush(stdout); return EXIT_FAILURE; } bytecount = 0; suc = 0; badcnt = 0; while (1) { dat = read (oldf, buf, GRAB_SIZE); if (dat == 0) break; bytecount += dat; while ( (found_it = my_strstr(buf, (char *) TcpFlag, GRAB_SIZE)) != NULL) { suc = 1; fprintf (stdout, "%s", _("INFO old password found\n")); for (i = 0; i < 8; ++i) { sprintf(&oldpwd[i*2], _("%02x"), (unsigned char) *found_it); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) in[i]); *found_it = in[i]; ++found_it; } fprintf (stdout, _("INFO Replaced: %s by: %s\n"), oldpwd, newpwd); } while ( (found_it = my_strstr(buf, (char *) BadFlag, GRAB_SIZE)) != NULL) { badcnt++; /* fprintf (stderr, _("INFO old filler found\n")); */ for (i = 0; i < 8; ++i) { sprintf(&oldpwd[i*2], _("%02x"), (unsigned char) *found_it); ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) ccd); *found_it = ccd; ++found_it; } /* fprintf (stderr, _("INFO Replaced: %s by: %s\n"), oldpwd, newpwd);*/ } ret = write (newf, buf, dat); if (dat > 0 && ret < 0) { fprintf(stdout, _("ERROR Cannot write to output file %s.\n"), newn); fflush(stdout); return EXIT_FAILURE; } } close (newf); close (oldf); if (suc == 1 && badcnt == 7) { fprintf (stdout, "%s", _("INFO finished\n")); fflush(stdout); return 0; } if (suc == 0 || badcnt < 7) { fprintf (stdout, "%s", _("ERROR incomplete replacement\n")); } else { fprintf (stdout, "%s", _("ERROR bad replacement\n")); } fflush(stdout); return EXIT_FAILURE; } samhain-3.1.0/src/minilzo.c0000644000175000017500000017766010232774202012510 00000000000000/* minilzo.c -- mini subset of the LZO real-time data compression library This file is part of the LZO real-time data compression library. Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer The LZO library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The LZO library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with the LZO library; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Markus F.X.J. Oberhumer http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html */ /* * NOTE: * the full LZO package can be found at * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html */ #define _ANSI_C_SOURCE #define _POSIX_SOURCE #define __LZO_IN_MINILZO #ifdef MINILZO_HAVE_CONFIG_H # include #endif #undef LZO_HAVE_CONFIG_H #include "minilzo.h" #if !defined(MINILZO_VERSION) || (MINILZO_VERSION != 0x1060) # error "version mismatch in miniLZO source files" #endif #ifdef MINILZO_HAVE_CONFIG_H # define LZO_HAVE_CONFIG_H #endif #if !defined(LZO_NO_SYS_TYPES_H) # include #endif #include #ifndef __LZO_CONF_H #define __LZO_CONF_H #if !defined(__LZO_IN_MINILZO) # ifndef __LZOCONF_H # include # endif #endif #if !defined(LZO_HAVE_CONFIG_H) # include # include # if !defined(NO_STDLIB_H) # include # endif # define HAVE_MEMCMP # define HAVE_MEMCPY # define HAVE_MEMMOVE # define HAVE_MEMSET #else # include # if defined(STDC_HEADERS) # include # include # endif # if defined(HAVE_STDDEF_H) # include # endif # if defined(HAVE_MEMORY_H) # include # endif #endif #if defined(__LZO_DOS16) || defined(__LZO_WIN16) # define HAVE_MALLOC_H # define HAVE_HALLOC #endif #undef NDEBUG #if !defined(LZO_DEBUG) # define NDEBUG #endif #if defined(LZO_DEBUG) || !defined(NDEBUG) # if !defined(NO_STDIO_H) # include # endif #endif #include #if defined(__BOUNDS_CHECKING_ON) # include #else # define BOUNDS_CHECKING_OFF_DURING(stmt) stmt # define BOUNDS_CHECKING_OFF_IN_EXPR(expr) (expr) #endif #if !defined(LZO_UNUSED) # define LZO_UNUSED(parm) (parm = parm) #endif #if !defined(__inline__) && !defined(__GNUC__) # if defined(__cplusplus) # define __inline__ inline # else # define __inline__ # endif #endif #if defined(NO_MEMCMP) # undef HAVE_MEMCMP #endif #if !defined(HAVE_MEMCMP) # undef memcmp # define memcmp lzo_memcmp #endif #if !defined(HAVE_MEMCPY) # undef memcpy # define memcpy lzo_memcpy #endif #if !defined(HAVE_MEMMOVE) # undef memmove # define memmove lzo_memmove #endif #if !defined(HAVE_MEMSET) # undef memset # define memset lzo_memset #endif #if 1 # define LZO_BYTE(x) ((unsigned char) (x)) #else # define LZO_BYTE(x) ((unsigned char) ((x) & 0xff)) #endif #if 0 # define LZO_USHORT(x) ((unsigned short) (x)) #else # define LZO_USHORT(x) ((unsigned short) ((x) & 0xffff)) #endif #define LZO_MAX(a,b) ((a) >= (b) ? (a) : (b)) #define LZO_MIN(a,b) ((a) <= (b) ? (a) : (b)) #define LZO_MAX3(a,b,c) ((a) >= (b) ? LZO_MAX(a,c) : LZO_MAX(b,c)) #define LZO_MIN3(a,b,c) ((a) <= (b) ? LZO_MIN(a,c) : LZO_MIN(b,c)) #define lzo_sizeof(type) ((lzo_uint) (sizeof(type))) #define LZO_HIGH(array) ((lzo_uint) (sizeof(array)/sizeof(*(array)))) #define LZO_SIZE(bits) (1u << (bits)) #define LZO_MASK(bits) (LZO_SIZE(bits) - 1) #define LZO_LSIZE(bits) (1ul << (bits)) #define LZO_LMASK(bits) (LZO_LSIZE(bits) - 1) #define LZO_USIZE(bits) ((lzo_uint) 1 << (bits)) #define LZO_UMASK(bits) (LZO_USIZE(bits) - 1) #define LZO_STYPE_MAX(b) (((1l << (8*(b)-2)) - 1l) + (1l << (8*(b)-2))) #define LZO_UTYPE_MAX(b) (((1ul << (8*(b)-1)) - 1ul) + (1ul << (8*(b)-1))) #if !defined(SIZEOF_UNSIGNED) # if (UINT_MAX == 0xffff) # define SIZEOF_UNSIGNED 2 # elif (UINT_MAX == LZO_0xffffffffL) # define SIZEOF_UNSIGNED 4 # elif (UINT_MAX >= LZO_0xffffffffL) # define SIZEOF_UNSIGNED 8 # else # error SIZEOF_UNSIGNED # endif #endif #if !defined(SIZEOF_UNSIGNED_LONG) # if (ULONG_MAX == LZO_0xffffffffL) # define SIZEOF_UNSIGNED_LONG 4 # elif (ULONG_MAX >= LZO_0xffffffffL) # define SIZEOF_UNSIGNED_LONG 8 # else # error SIZEOF_UNSIGNED_LONG # endif #endif #if !defined(SIZEOF_SIZE_T) # define SIZEOF_SIZE_T SIZEOF_UNSIGNED #endif #if !defined(SIZE_T_MAX) # define SIZE_T_MAX LZO_UTYPE_MAX(SIZEOF_SIZE_T) #endif #if 1 && defined(__LZO_i386) && (UINT_MAX == LZO_0xffffffffL) # if !defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX == 0xffff) # define LZO_UNALIGNED_OK_2 # endif # if !defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX == LZO_0xffffffffL) # define LZO_UNALIGNED_OK_4 # endif #endif #if defined(LZO_UNALIGNED_OK_2) || defined(LZO_UNALIGNED_OK_4) # if !defined(LZO_UNALIGNED_OK) # define LZO_UNALIGNED_OK # endif #endif #if defined(__LZO_NO_UNALIGNED) # undef LZO_UNALIGNED_OK # undef LZO_UNALIGNED_OK_2 # undef LZO_UNALIGNED_OK_4 #endif #if defined(LZO_UNALIGNED_OK_2) && (USHRT_MAX != 0xffff) # error "LZO_UNALIGNED_OK_2 must not be defined on this system" #endif #if defined(LZO_UNALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) # error "LZO_UNALIGNED_OK_4 must not be defined on this system" #endif #if defined(__LZO_NO_ALIGNED) # undef LZO_ALIGNED_OK_4 #endif #if defined(LZO_ALIGNED_OK_4) && (LZO_UINT32_MAX != LZO_0xffffffffL) # error "LZO_ALIGNED_OK_4 must not be defined on this system" #endif #define LZO_LITTLE_ENDIAN 1234 #define LZO_BIG_ENDIAN 4321 #define LZO_PDP_ENDIAN 3412 #if !defined(LZO_BYTE_ORDER) # if defined(MFX_BYTE_ORDER) # define LZO_BYTE_ORDER MFX_BYTE_ORDER # elif defined(__LZO_i386) # define LZO_BYTE_ORDER LZO_LITTLE_ENDIAN # elif defined(BYTE_ORDER) # define LZO_BYTE_ORDER BYTE_ORDER # elif defined(__BYTE_ORDER) # define LZO_BYTE_ORDER __BYTE_ORDER # endif #endif #if defined(LZO_BYTE_ORDER) # if (LZO_BYTE_ORDER != LZO_LITTLE_ENDIAN) && \ (LZO_BYTE_ORDER != LZO_BIG_ENDIAN) # error "invalid LZO_BYTE_ORDER" # endif #endif #if defined(LZO_UNALIGNED_OK) && !defined(LZO_BYTE_ORDER) # error "LZO_BYTE_ORDER is not defined" #endif #define LZO_OPTIMIZE_GNUC_i386_IS_BUGGY #if defined(NDEBUG) && !defined(LZO_DEBUG) && !defined(__BOUNDS_CHECKING_ON) # if defined(__GNUC__) && defined(__i386__) # if !defined(LZO_OPTIMIZE_GNUC_i386_IS_BUGGY) # define LZO_OPTIMIZE_GNUC_i386 # endif # endif #endif __LZO_EXTERN_C int __lzo_init_done; __LZO_EXTERN_C const lzo_byte __lzo_copyright[]; LZO_EXTERN(const lzo_byte *) lzo_copyright(void); __LZO_EXTERN_C const lzo_uint32 _lzo_crc32_table[256]; #define _LZO_STRINGIZE(x) #x #define _LZO_MEXPAND(x) _LZO_STRINGIZE(x) #define _LZO_CONCAT2(a,b) a ## b #define _LZO_CONCAT3(a,b,c) a ## b ## c #define _LZO_CONCAT4(a,b,c,d) a ## b ## c ## d #define _LZO_CONCAT5(a,b,c,d,e) a ## b ## c ## d ## e #define _LZO_ECONCAT2(a,b) _LZO_CONCAT2(a,b) #define _LZO_ECONCAT3(a,b,c) _LZO_CONCAT3(a,b,c) #define _LZO_ECONCAT4(a,b,c,d) _LZO_CONCAT4(a,b,c,d) #define _LZO_ECONCAT5(a,b,c,d,e) _LZO_CONCAT5(a,b,c,d,e) #if 0 #define __LZO_IS_COMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) #define __LZO_QUERY_COMPRESS(i,il,o,ol,w,n,s) \ (*ol = (n)*(s), LZO_E_OK) #define __LZO_IS_DECOMPRESS_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) #define __LZO_QUERY_DECOMPRESS(i,il,o,ol,w,n,s) \ (*ol = (n)*(s), LZO_E_OK) #define __LZO_IS_OPTIMIZE_QUERY(i,il,o,ol,w) ((lzo_voidp)(o) == (w)) #define __LZO_QUERY_OPTIMIZE(i,il,o,ol,w,n,s) \ (*ol = (n)*(s), LZO_E_OK) #endif #ifndef __LZO_PTR_H #define __LZO_PTR_H #ifdef __cplusplus extern "C" { #endif #if defined(__LZO_DOS16) || defined(__LZO_WIN16) # include # if 1 && defined(__WATCOMC__) # include __LZO_EXTERN_C unsigned char _HShift; # define __LZO_HShift _HShift # elif 1 && defined(_MSC_VER) __LZO_EXTERN_C unsigned short __near _AHSHIFT; # define __LZO_HShift ((unsigned) &_AHSHIFT) # elif defined(__LZO_WIN16) # define __LZO_HShift 3 # else # define __LZO_HShift 12 # endif # if !defined(_FP_SEG) && defined(FP_SEG) # define _FP_SEG FP_SEG # endif # if !defined(_FP_OFF) && defined(FP_OFF) # define _FP_OFF FP_OFF # endif #endif #if (UINT_MAX >= LZO_0xffffffffL) typedef ptrdiff_t lzo_ptrdiff_t; #else typedef long lzo_ptrdiff_t; #endif #if !defined(__LZO_HAVE_PTR_T) # if defined(lzo_ptr_t) # define __LZO_HAVE_PTR_T # endif #endif #if !defined(__LZO_HAVE_PTR_T) # if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_LONG) # if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_LONG) typedef unsigned long lzo_ptr_t; typedef long lzo_sptr_t; # define __LZO_HAVE_PTR_T # endif # endif #endif #if !defined(__LZO_HAVE_PTR_T) # if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED) # if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED) typedef unsigned int lzo_ptr_t; typedef int lzo_sptr_t; # define __LZO_HAVE_PTR_T # endif # endif #endif #if !defined(__LZO_HAVE_PTR_T) # if defined(SIZEOF_CHAR_P) && defined(SIZEOF_UNSIGNED_SHORT) # if (SIZEOF_CHAR_P == SIZEOF_UNSIGNED_SHORT) typedef unsigned short lzo_ptr_t; typedef short lzo_sptr_t; # define __LZO_HAVE_PTR_T # endif # endif #endif #if !defined(__LZO_HAVE_PTR_T) # if defined(LZO_HAVE_CONFIG_H) || defined(SIZEOF_CHAR_P) # error "no suitable type for lzo_ptr_t" # else typedef unsigned long lzo_ptr_t; typedef long lzo_sptr_t; # define __LZO_HAVE_PTR_T # endif #endif #if defined(__LZO_DOS16) || defined(__LZO_WIN16) #define PTR(a) ((lzo_bytep) (a)) #define PTR_ALIGNED_4(a) ((_FP_OFF(a) & 3) == 0) #define PTR_ALIGNED2_4(a,b) (((_FP_OFF(a) | _FP_OFF(b)) & 3) == 0) #else #define PTR(a) ((lzo_ptr_t) (a)) #define PTR_LINEAR(a) PTR(a) #define PTR_ALIGNED_4(a) ((PTR_LINEAR(a) & 3) == 0) #define PTR_ALIGNED_8(a) ((PTR_LINEAR(a) & 7) == 0) #define PTR_ALIGNED2_4(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 3) == 0) #define PTR_ALIGNED2_8(a,b) (((PTR_LINEAR(a) | PTR_LINEAR(b)) & 7) == 0) #endif #define PTR_LT(a,b) (PTR(a) < PTR(b)) #define PTR_GE(a,b) (PTR(a) >= PTR(b)) #define PTR_DIFF(a,b) ((lzo_ptrdiff_t) (PTR(a) - PTR(b))) LZO_EXTERN(lzo_ptr_t) __lzo_ptr_linear(const lzo_voidp ptr); typedef union { char a_char; unsigned char a_uchar; short a_short; unsigned short a_ushort; int a_int; unsigned int a_uint; long a_long; unsigned long a_ulong; lzo_int a_lzo_int; lzo_uint a_lzo_uint; lzo_int32 a_lzo_int32; lzo_uint32 a_lzo_uint32; ptrdiff_t a_ptrdiff_t; lzo_ptrdiff_t a_lzo_ptrdiff_t; lzo_ptr_t a_lzo_ptr_t; char * a_charp; lzo_bytep a_lzo_bytep; lzo_bytepp a_lzo_bytepp; } lzo_align_t; #ifdef __cplusplus } #endif #endif #define LZO_DETERMINISTIC #define LZO_DICT_USE_PTR #if defined(__LZO_DOS16) || defined(__LZO_WIN16) || defined(__LZO_STRICT_16BIT) # undef LZO_DICT_USE_PTR #endif #if defined(LZO_DICT_USE_PTR) # define lzo_dict_t const lzo_bytep # define lzo_dict_p lzo_dict_t __LZO_MMODEL * #else # define lzo_dict_t lzo_uint # define lzo_dict_p lzo_dict_t __LZO_MMODEL * #endif #if !defined(lzo_moff_t) #define lzo_moff_t lzo_uint #endif #endif LZO_PUBLIC(lzo_ptr_t) __lzo_ptr_linear(const lzo_voidp ptr) { lzo_ptr_t p; #if defined(__LZO_DOS16) || defined(__LZO_WIN16) p = (((lzo_ptr_t)(_FP_SEG(ptr))) << (16 - __LZO_HShift)) + (_FP_OFF(ptr)); #else p = PTR_LINEAR(ptr); #endif return p; } LZO_PUBLIC(unsigned) __lzo_align_gap(const lzo_voidp ptr, lzo_uint size) { lzo_ptr_t p, s, n; assert(size > 0); p = __lzo_ptr_linear(ptr); s = (lzo_ptr_t) (size - 1); #if 0 assert((size & (size - 1)) == 0); n = ((p + s) & ~s) - p; #else n = (((p + s) / size) * size) - p; #endif assert((long)n >= 0); assert(n <= s); return (unsigned)n; } #ifndef __LZO_UTIL_H #define __LZO_UTIL_H #ifndef __LZO_CONF_H #endif #ifdef __cplusplus extern "C" { #endif #if 1 && defined(HAVE_MEMCPY) #if !defined(__LZO_DOS16) && !defined(__LZO_WIN16) #define MEMCPY8_DS(dest,src,len) \ memcpy(dest,src,len); \ dest += len; \ src += len #endif #endif #if 0 && !defined(MEMCPY8_DS) #define MEMCPY8_DS(dest,src,len) \ { do { \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ len -= 8; \ } while (len > 0); } #endif #if !defined(MEMCPY8_DS) #define MEMCPY8_DS(dest,src,len) \ { register lzo_uint __l = (len) / 8; \ do { \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ *dest++ = *src++; \ } while (--__l > 0); } #endif #define MEMCPY_DS(dest,src,len) \ do *dest++ = *src++; \ while (--len > 0) #define MEMMOVE_DS(dest,src,len) \ do *dest++ = *src++; \ while (--len > 0) #if 0 && defined(LZO_OPTIMIZE_GNUC_i386) #define BZERO8_PTR(s,l,n) \ __asm__ __volatile__( \ "movl %0,%%eax \n" \ "movl %1,%%edi \n" \ "movl %2,%%ecx \n" \ "cld \n" \ "rep \n" \ "stosl %%eax,(%%edi) \n" \ : \ :"g" (0),"g" (s),"g" (n) \ :"eax","edi","ecx", "memory", "cc" \ ) #elif (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) #if 1 #define BZERO8_PTR(s,l,n) memset((s),0,(lzo_uint)(l)*(n)) #else #define BZERO8_PTR(s,l,n) memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) #endif #else #define BZERO8_PTR(s,l,n) \ lzo_memset((lzo_voidp)(s),0,(lzo_uint)(l)*(n)) #endif #if 0 #if defined(__GNUC__) && defined(__i386__) unsigned char lzo_rotr8(unsigned char value, int shift); extern __inline__ unsigned char lzo_rotr8(unsigned char value, int shift) { unsigned char result; __asm__ __volatile__ ("movb %b1, %b0; rorb %b2, %b0" : "=a"(result) : "g"(value), "c"(shift)); return result; } unsigned short lzo_rotr16(unsigned short value, int shift); extern __inline__ unsigned short lzo_rotr16(unsigned short value, int shift) { unsigned short result; __asm__ __volatile__ ("movw %b1, %b0; rorw %b2, %b0" : "=a"(result) : "g"(value), "c"(shift)); return result; } #endif #endif #ifdef __cplusplus } #endif #endif LZO_PUBLIC(lzo_bool) lzo_assert(int expr) { return (expr) ? 1 : 0; } /* If you use the LZO library in a product, you *must* keep this * copyright string in the executable of your product. */ const lzo_byte __lzo_copyright[] = #if !defined(__LZO_IN_MINLZO) LZO_VERSION_STRING; #else "\n\n\n" "LZO real-time data compression library.\n" "Copyright (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer\n" "\n" "http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html\n" "\n" "LZO version: v" LZO_VERSION_STRING ", " LZO_VERSION_DATE "\n" "LZO build date: " __DATE__ " " __TIME__ "\n\n" "LZO special compilation options:\n" #ifdef __cplusplus " __cplusplus\n" #endif #if defined(__PIC__) " __PIC__\n" #elif defined(__pic__) " __pic__\n" #endif #if (UINT_MAX < LZO_0xffffffffL) " 16BIT\n" #endif #if defined(__LZO_STRICT_16BIT) " __LZO_STRICT_16BIT\n" #endif #if (UINT_MAX > LZO_0xffffffffL) " UINT_MAX=" _LZO_MEXPAND(UINT_MAX) "\n" #endif #if (ULONG_MAX > LZO_0xffffffffL) " ULONG_MAX=" _LZO_MEXPAND(ULONG_MAX) "\n" #endif #if defined(LZO_BYTE_ORDER) " LZO_BYTE_ORDER=" _LZO_MEXPAND(LZO_BYTE_ORDER) "\n" #endif #if defined(LZO_UNALIGNED_OK_2) " LZO_UNALIGNED_OK_2\n" #endif #if defined(LZO_UNALIGNED_OK_4) " LZO_UNALIGNED_OK_4\n" #endif #if defined(LZO_ALIGNED_OK_4) " LZO_ALIGNED_OK_4\n" #endif #if defined(LZO_DICT_USE_PTR) " LZO_DICT_USE_PTR\n" #endif #if defined(__LZO_QUERY_COMPRESS) " __LZO_QUERY_COMPRESS\n" #endif #if defined(__LZO_QUERY_DECOMPRESS) " __LZO_QUERY_DECOMPRESS\n" #endif #if defined(__LZO_IN_MINILZO) " __LZO_IN_MINILZO\n" #endif "\n\n" "$Id: LZO " LZO_VERSION_STRING " built " __DATE__ " " __TIME__ #if defined(__GNUC__) && defined(__VERSION__) " by gcc " __VERSION__ #elif defined(__BORLANDC__) " by Borland C " _LZO_MEXPAND(__BORLANDC__) #elif defined(_MSC_VER) " by Microsoft C " _LZO_MEXPAND(_MSC_VER) #elif defined(__PUREC__) " by Pure C " _LZO_MEXPAND(__PUREC__) #elif defined(__SC__) " by Symantec C " _LZO_MEXPAND(__SC__) #elif defined(__TURBOC__) " by Turbo C " _LZO_MEXPAND(__TURBOC__) #elif defined(__WATCOMC__) " by Watcom C " _LZO_MEXPAND(__WATCOMC__) #endif " $\n" "$Copyright: LZO (C) 1996, 1997, 1998, 1999 Markus Franz Xaver Johannes Oberhumer $\n"; #endif LZO_PUBLIC(const lzo_byte *) lzo_copyright(void) { return __lzo_copyright; } LZO_PUBLIC(unsigned) lzo_version(void) { return LZO_VERSION; } LZO_PUBLIC(const char *) lzo_version_string(void) { return LZO_VERSION_STRING; } LZO_PUBLIC(const char *) lzo_version_date(void) { return LZO_VERSION_DATE; } LZO_PUBLIC(const lzo_charp) _lzo_version_string(void) { return LZO_VERSION_STRING; } LZO_PUBLIC(const lzo_charp) _lzo_version_date(void) { return LZO_VERSION_DATE; } #define LZO_BASE 65521u #define LZO_NMAX 5552 #define LZO_DO1(buf,i) {s1 += buf[i]; s2 += s1;} #define LZO_DO2(buf,i) LZO_DO1(buf,i); LZO_DO1(buf,i+1); #define LZO_DO4(buf,i) LZO_DO2(buf,i); LZO_DO2(buf,i+2); #define LZO_DO8(buf,i) LZO_DO4(buf,i); LZO_DO4(buf,i+4); #define LZO_DO16(buf,i) LZO_DO8(buf,i); LZO_DO8(buf,i+8); LZO_PUBLIC(lzo_uint32) lzo_adler32(lzo_uint32 adler, const lzo_byte *buf, lzo_uint len) { lzo_uint32 s1 = adler & 0xffff; lzo_uint32 s2 = (adler >> 16) & 0xffff; int k; if (buf == NULL) return 1; while (len > 0) { k = len < LZO_NMAX ? (int) len : LZO_NMAX; len -= k; if (k >= 16) do { LZO_DO16(buf,0); buf += 16; k -= 16; } while (k >= 16); if (k != 0) do { s1 += *buf++; s2 += s1; } while (--k > 0); s1 %= LZO_BASE; s2 %= LZO_BASE; } return (s2 << 16) | s1; } LZO_PUBLIC(int) lzo_memcmp(const lzo_voidp s1, const lzo_voidp s2, lzo_uint len) { #if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCMP) return memcmp(s1,s2,len); #else const lzo_byte *p1 = (const lzo_byte *) s1; const lzo_byte *p2 = (const lzo_byte *) s2; int d; if (len > 0) do { d = *p1 - *p2; if (d != 0) return d; p1++; p2++; } while (--len > 0); return 0; #endif } LZO_PUBLIC(lzo_voidp) lzo_memcpy(lzo_voidp dest, const lzo_voidp src, lzo_uint len) { #if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMCPY) return memcpy(dest,src,len); #else lzo_byte *p1 = (lzo_byte *) dest; const lzo_byte *p2 = (const lzo_byte *) src; if (len <= 0 || p1 == p2) return dest; do *p1++ = *p2++; while (--len > 0); return dest; #endif } LZO_PUBLIC(lzo_voidp) lzo_memmove(lzo_voidp dest, const lzo_voidp src, lzo_uint len) { #if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMMOVE) return memmove(dest,src,len); #else lzo_byte *p1 = (lzo_byte *) dest; const lzo_byte *p2 = (const lzo_byte *) src; if (len <= 0 || p1 == p2) return dest; if (p1 < p2) { do *p1++ = *p2++; while (--len > 0); } else { p1 += len; p2 += len; do *--p1 = *--p2; while (--len > 0); } return dest; #endif } LZO_PUBLIC(lzo_voidp) lzo_memset(lzo_voidp s, int c, lzo_uint len) { #if (LZO_UINT_MAX <= SIZE_T_MAX) && defined(HAVE_MEMSET) return memset(s,c,len); #else lzo_byte *p = (lzo_byte *) s; if (len > 0) do *p++ = LZO_BYTE(c); while (--len > 0); return s; #endif } #include #if 0 # define IS_SIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) < 0) # define IS_UNSIGNED(type) (((type) (1ul << (8 * sizeof(type) - 1))) > 0) #else # define IS_SIGNED(type) (((type) (-1)) < ((type) 0)) # define IS_UNSIGNED(type) (((type) (-1)) > ((type) 0)) #endif static lzo_bool schedule_insns_bug(void); static lzo_bool strength_reduce_bug(int *); #if 0 || defined(LZO_DEBUG) static lzo_bool __lzo_assert_fail(const char *s, unsigned line) { #if defined(__palmos__) printf("LZO assertion failed in line %u: '%s'\n",line,s); #else fprintf(stderr,"LZO assertion failed in line %u: '%s'\n",line,s); #endif return 0; } # define __lzo_assert(x) ((x) ? 1 : __lzo_assert_fail(#x,__LINE__)) #else # define __lzo_assert(x) ((x) ? 1 : 0) #endif static lzo_bool basic_integral_check(void) { lzo_bool r = 1; lzo_bool sanity; r &= __lzo_assert(CHAR_BIT == 8); r &= __lzo_assert(sizeof(char) == 1); r &= __lzo_assert(sizeof(short) >= 2); r &= __lzo_assert(sizeof(long) >= 4); r &= __lzo_assert(sizeof(int) >= sizeof(short)); r &= __lzo_assert(sizeof(long) >= sizeof(int)); r &= __lzo_assert(sizeof(lzo_uint32) >= 4); r &= __lzo_assert(sizeof(lzo_uint32) >= sizeof(unsigned)); #if defined(__LZO_STRICT_16BIT) r &= __lzo_assert(sizeof(lzo_uint) == 2); #else r &= __lzo_assert(sizeof(lzo_uint) >= 4); r &= __lzo_assert(sizeof(lzo_uint) >= sizeof(unsigned)); #endif #if defined(SIZEOF_UNSIGNED) r &= __lzo_assert(SIZEOF_UNSIGNED == sizeof(unsigned)); #endif #if defined(SIZEOF_UNSIGNED_LONG) r &= __lzo_assert(SIZEOF_UNSIGNED_LONG == sizeof(unsigned long)); #endif #if defined(SIZEOF_UNSIGNED_SHORT) r &= __lzo_assert(SIZEOF_UNSIGNED_SHORT == sizeof(unsigned short)); #endif #if !defined(__LZO_IN_MINILZO) #if defined(SIZEOF_SIZE_T) r &= __lzo_assert(SIZEOF_SIZE_T == sizeof(size_t)); #endif #endif sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && IS_UNSIGNED(unsigned long) && IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); if (sanity) { r &= __lzo_assert(IS_UNSIGNED(lzo_uint32)); r &= __lzo_assert(IS_UNSIGNED(lzo_uint)); r &= __lzo_assert(IS_SIGNED(lzo_int32)); r &= __lzo_assert(IS_SIGNED(lzo_int)); r &= __lzo_assert(INT_MAX == LZO_STYPE_MAX(sizeof(int))); r &= __lzo_assert(UINT_MAX == LZO_UTYPE_MAX(sizeof(unsigned))); r &= __lzo_assert(LONG_MAX == LZO_STYPE_MAX(sizeof(long))); r &= __lzo_assert(ULONG_MAX == LZO_UTYPE_MAX(sizeof(unsigned long))); r &= __lzo_assert(SHRT_MAX == LZO_STYPE_MAX(sizeof(short))); r &= __lzo_assert(USHRT_MAX == LZO_UTYPE_MAX(sizeof(unsigned short))); r &= __lzo_assert(LZO_UINT32_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint32))); r &= __lzo_assert(LZO_UINT_MAX == LZO_UTYPE_MAX(sizeof(lzo_uint))); #if !defined(__LZO_IN_MINILZO) r &= __lzo_assert(SIZE_T_MAX == LZO_UTYPE_MAX(sizeof(size_t))); #endif } #if 0 r &= __lzo_assert(LZO_BYTE(257) == 1); r &= __lzo_assert(LZO_USHORT(65537L) == 1); #endif return r; } static lzo_bool basic_ptr_check(void) { lzo_bool r = 1; lzo_bool sanity; r &= __lzo_assert(sizeof(char *) >= sizeof(int)); r &= __lzo_assert(sizeof(lzo_byte *) >= sizeof(char *)); r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_byte *)); r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_voidpp)); r &= __lzo_assert(sizeof(lzo_voidp) == sizeof(lzo_bytepp)); r &= __lzo_assert(sizeof(lzo_voidp) >= sizeof(lzo_uint)); r &= __lzo_assert(sizeof(lzo_ptr_t) == sizeof(lzo_voidp)); r &= __lzo_assert(sizeof(lzo_ptr_t) >= sizeof(lzo_uint)); r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= 4); r &= __lzo_assert(sizeof(lzo_ptrdiff_t) >= sizeof(ptrdiff_t)); #if defined(SIZEOF_CHAR_P) r &= __lzo_assert(SIZEOF_CHAR_P == sizeof(char *)); #endif #if defined(SIZEOF_PTRDIFF_T) r &= __lzo_assert(SIZEOF_PTRDIFF_T == sizeof(ptrdiff_t)); #endif sanity = IS_UNSIGNED(unsigned short) && IS_UNSIGNED(unsigned) && IS_UNSIGNED(unsigned long) && IS_SIGNED(short) && IS_SIGNED(int) && IS_SIGNED(long); if (sanity) { r &= __lzo_assert(IS_UNSIGNED(lzo_ptr_t)); r &= __lzo_assert(IS_UNSIGNED(lzo_moff_t)); r &= __lzo_assert(IS_SIGNED(lzo_ptrdiff_t)); r &= __lzo_assert(IS_SIGNED(lzo_sptr_t)); } return r; } static lzo_bool ptr_check(void) { lzo_bool r = 1; int i; char _wrkmem[10 * sizeof(lzo_byte *) + sizeof(lzo_align_t)]; lzo_byte *wrkmem; const lzo_bytepp dict; unsigned char x[4 * sizeof(lzo_align_t)]; long d; lzo_align_t a; for (i = 0; i < (int) sizeof(x); i++) x[i] = LZO_BYTE(i); wrkmem = (lzo_byte *) LZO_PTR_ALIGN_UP(_wrkmem,sizeof(lzo_align_t)); dict = (const lzo_bytepp) wrkmem; d = (long) ((const lzo_bytep) dict - (const lzo_bytep) _wrkmem); r &= __lzo_assert(d >= 0); r &= __lzo_assert(d < (long) sizeof(lzo_align_t)); memset(&a,0xff,sizeof(a)); r &= __lzo_assert(a.a_ushort == USHRT_MAX); r &= __lzo_assert(a.a_uint == UINT_MAX); r &= __lzo_assert(a.a_ulong == ULONG_MAX); r &= __lzo_assert(a.a_lzo_uint == LZO_UINT_MAX); if (r == 1) { for (i = 0; i < 8; i++) r &= __lzo_assert((const lzo_voidp) (&dict[i]) == (const lzo_voidp) (&wrkmem[i * sizeof(lzo_byte *)])); } memset(&a,0,sizeof(a)); r &= __lzo_assert(a.a_charp == NULL); r &= __lzo_assert(a.a_lzo_bytep == NULL); r &= __lzo_assert(NULL == 0); if (r == 1) { for (i = 0; i < 10; i++) dict[i] = wrkmem; BZERO8_PTR(dict+1,sizeof(dict[0]),8); r &= __lzo_assert(dict[0] == wrkmem); for (i = 1; i < 9; i++) r &= __lzo_assert(dict[i] == NULL); r &= __lzo_assert(dict[9] == wrkmem); } if (r == 1) { unsigned k = 1; const unsigned n = (unsigned) sizeof(lzo_uint32); lzo_byte *p0; lzo_byte *p1; k += __lzo_align_gap(&x[k],n); p0 = (lzo_bytep) &x[k]; #if defined(PTR_LINEAR) r &= __lzo_assert((PTR_LINEAR(p0) & (n-1)) == 0); #else r &= __lzo_assert(n == 4); r &= __lzo_assert(PTR_ALIGNED_4(p0)); #endif r &= __lzo_assert(k >= 1); p1 = (lzo_bytep) &x[1]; r &= __lzo_assert(PTR_GE(p0,p1)); r &= __lzo_assert(k < 1+n); p1 = (lzo_bytep) &x[1+n]; r &= __lzo_assert(PTR_LT(p0,p1)); if (r == 1) { lzo_uint32 v0 = * (lzo_uint32 *) &x[k]; lzo_uint32 v1 = * (lzo_uint32 *) &x[k+n]; r &= __lzo_assert(v0 > 0); r &= __lzo_assert(v1 > 0); } } return r; } LZO_PUBLIC(int) _lzo_config_check(void) { lzo_bool r = 1; int i; union { lzo_uint32 a; unsigned short b; lzo_uint32 aa[4]; unsigned char x[4*sizeof(lzo_align_t)]; } u; #if 0 r &= __lzo_assert((const void *)&u == (const void *)&u.a); r &= __lzo_assert((const void *)&u == (const void *)&u.b); r &= __lzo_assert((const void *)&u == (const void *)&u.x[0]); r &= __lzo_assert((const void *)&u == (const void *)&u.aa[0]); #endif r &= basic_integral_check(); r &= basic_ptr_check(); if (r != 1) return LZO_E_ERROR; for (i = 0; i < (int) sizeof(u.x); i++) u.x[i] = LZO_BYTE(i); #if 0 r &= __lzo_assert( (int) (unsigned char) ((char) -1) == 255); #endif #if defined(LZO_BYTE_ORDER) if (r == 1) { # if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) lzo_uint32 a = (lzo_uint32) (u.a & LZO_0xffffffffL); unsigned short b = (unsigned short) (u.b & 0xffff); r &= __lzo_assert(a == 0x03020100L); r &= __lzo_assert(b == 0x0100); # elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) lzo_uint32 a = u.a >> (8 * sizeof(u.a) - 32); unsigned short b = u.b >> (8 * sizeof(u.b) - 16); r &= __lzo_assert(a == 0x00010203L); r &= __lzo_assert(b == 0x0001); # else # error invalid LZO_BYTE_ORDER # endif } #endif #if defined(LZO_UNALIGNED_OK_2) r &= __lzo_assert(sizeof(short) == 2); if (r == 1) { unsigned short b[4]; for (i = 0; i < 4; i++) b[i] = * (const unsigned short *) &u.x[i]; # if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) r &= __lzo_assert(b[0] == 0x0100); r &= __lzo_assert(b[1] == 0x0201); r &= __lzo_assert(b[2] == 0x0302); r &= __lzo_assert(b[3] == 0x0403); # elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) r &= __lzo_assert(b[0] == 0x0001); r &= __lzo_assert(b[1] == 0x0102); r &= __lzo_assert(b[2] == 0x0203); r &= __lzo_assert(b[3] == 0x0304); # endif } #endif #if defined(LZO_UNALIGNED_OK_4) r &= __lzo_assert(sizeof(lzo_uint32) == 4); if (r == 1) { lzo_uint32 a[4]; for (i = 0; i < 4; i++) a[i] = * (const lzo_uint32 *) &u.x[i]; # if (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) r &= __lzo_assert(a[0] == 0x03020100L); r &= __lzo_assert(a[1] == 0x04030201L); r &= __lzo_assert(a[2] == 0x05040302L); r &= __lzo_assert(a[3] == 0x06050403L); # elif (LZO_BYTE_ORDER == LZO_BIG_ENDIAN) r &= __lzo_assert(a[0] == 0x00010203L); r &= __lzo_assert(a[1] == 0x01020304L); r &= __lzo_assert(a[2] == 0x02030405L); r &= __lzo_assert(a[3] == 0x03040506L); # endif } #endif #if defined(LZO_ALIGNED_OK_4) r &= __lzo_assert(sizeof(lzo_uint32) == 4); #endif r &= __lzo_assert(lzo_sizeof_dict_t == sizeof(lzo_dict_t)); #if defined(__LZO_IN_MINLZO) if (r == 1) { lzo_uint32 adler; adler = lzo_adler32(0, NULL, 0); adler = lzo_adler32(adler, lzo_copyright(), 200); r &= __lzo_assert(adler == 0x7ea34377L); } #endif if (r == 1) { r &= __lzo_assert(!schedule_insns_bug()); } if (r == 1) { static int x[3]; static unsigned xn = 3; register unsigned j; for (j = 0; j < xn; j++) x[j] = (int)j - 3; r &= __lzo_assert(!strength_reduce_bug(x)); } if (r == 1) { r &= ptr_check(); } return r == 1 ? LZO_E_OK : LZO_E_ERROR; } static lzo_bool schedule_insns_bug(void) { #if defined(__BOUNDS_CHECKING_ON) || defined(__CHECKER__) return 0; #else const int clone[] = {1, 2, 0}; const int *q; q = clone; return (*q) ? 0 : 1; #endif } static lzo_bool strength_reduce_bug(int *x) { return x[0] != -3 || x[1] != -2 || x[2] != -1; } int __lzo_init_done = 0; LZO_PUBLIC(int) __lzo_init2(unsigned v, int s1, int s2, int s3, int s4, int s5, int s6, int s7, int s8, int s9) { int r; __lzo_init_done = 1; if (v == 0) return LZO_E_ERROR; r = (s1 == -1 || s1 == (int) sizeof(short)) && (s2 == -1 || s2 == (int) sizeof(int)) && (s3 == -1 || s3 == (int) sizeof(long)) && (s4 == -1 || s4 == (int) sizeof(lzo_uint32)) && (s5 == -1 || s5 == (int) sizeof(lzo_uint)) && (s6 == -1 || s6 == (int) lzo_sizeof_dict_t) && (s7 == -1 || s7 == (int) sizeof(char *)) && (s8 == -1 || s8 == (int) sizeof(lzo_voidp)) && (s9 == -1 || s9 == (int) sizeof(lzo_compress_t)); if (!r) return LZO_E_ERROR; r = _lzo_config_check(); if (r != LZO_E_OK) return r; return r; } #if !defined(__LZO_IN_MINILZO) LZO_EXTERN(int) __lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7); LZO_PUBLIC(int) __lzo_init(unsigned v,int s1,int s2,int s3,int s4,int s5,int s6,int s7) { if (v == 0 || v > 0x1010) return LZO_E_ERROR; return __lzo_init2(v,s1,s2,s3,s4,s5,-1,-1,s6,s7); } #endif #define do_compress _lzo1x_1_do_compress #define LZO_NEED_DICT_H #define D_BITS 14 #define D_INDEX1(d,p) d = DM((0x21*DX3(p,5,5,6)) >> 5) #define D_INDEX2(d,p) d = (d & (D_MASK & 0x7ff)) ^ (D_HIGH | 0x1f) #ifndef __LZO_CONFIG1X_H #define __LZO_CONFIG1X_H #if !defined(LZO1X) && !defined(LZO1Y) && !defined(LZO1Z) # define LZO1X #endif #if !defined(__LZO_IN_MINILZO) #include #endif #define LZO_EOF_CODE #undef LZO_DETERMINISTIC #define M1_MAX_OFFSET 0x0400 #ifndef M2_MAX_OFFSET #define M2_MAX_OFFSET 0x0800 #endif #define M3_MAX_OFFSET 0x4000 #define M4_MAX_OFFSET 0xbfff #define MX_MAX_OFFSET (M1_MAX_OFFSET + M2_MAX_OFFSET) #define M1_MIN_LEN 2 #define M1_MAX_LEN 2 #define M2_MIN_LEN 3 #ifndef M2_MAX_LEN #define M2_MAX_LEN 8 #endif #define M3_MIN_LEN 3 #define M3_MAX_LEN 33 #define M4_MIN_LEN 3 #define M4_MAX_LEN 9 #define M1_MARKER 0 #define M2_MARKER 64 #define M3_MARKER 32 #define M4_MARKER 16 #ifndef MIN_LOOKAHEAD #define MIN_LOOKAHEAD (M2_MAX_LEN + 1) #endif #if defined(LZO_NEED_DICT_H) #ifndef LZO_HASH #define LZO_HASH LZO_HASH_LZO_INCREMENTAL_B #endif #define DL_MIN_LEN M2_MIN_LEN #ifndef __LZO_DICT_H #define __LZO_DICT_H #ifdef __cplusplus extern "C" { #endif #if !defined(D_BITS) && defined(DBITS) # define D_BITS DBITS #endif #if !defined(D_BITS) # error D_BITS is not defined #endif #if (D_BITS < 16) # define D_SIZE LZO_SIZE(D_BITS) # define D_MASK LZO_MASK(D_BITS) #else # define D_SIZE LZO_USIZE(D_BITS) # define D_MASK LZO_UMASK(D_BITS) #endif #define D_HIGH ((D_MASK >> 1) + 1) #if !defined(DD_BITS) # define DD_BITS 0 #endif #define DD_SIZE LZO_SIZE(DD_BITS) #define DD_MASK LZO_MASK(DD_BITS) #if !defined(DL_BITS) # define DL_BITS (D_BITS - DD_BITS) #endif #if (DL_BITS < 16) # define DL_SIZE LZO_SIZE(DL_BITS) # define DL_MASK LZO_MASK(DL_BITS) #else # define DL_SIZE LZO_USIZE(DL_BITS) # define DL_MASK LZO_UMASK(DL_BITS) #endif #if (D_BITS != DL_BITS + DD_BITS) # error D_BITS does not match #endif #if (D_BITS < 8 || D_BITS > 18) # error invalid D_BITS #endif #if (DL_BITS < 8 || DL_BITS > 20) # error invalid DL_BITS #endif #if (DD_BITS < 0 || DD_BITS > 6) # error invalid DD_BITS #endif #if !defined(DL_MIN_LEN) # define DL_MIN_LEN 3 #endif #if !defined(DL_SHIFT) # define DL_SHIFT ((DL_BITS + (DL_MIN_LEN - 1)) / DL_MIN_LEN) #endif #define LZO_HASH_GZIP 1 #define LZO_HASH_GZIP_INCREMENTAL 2 #define LZO_HASH_LZO_INCREMENTAL_A 3 #define LZO_HASH_LZO_INCREMENTAL_B 4 #if !defined(LZO_HASH) # error choose a hashing strategy #endif #if (DL_MIN_LEN == 3) # define _DV2_A(p,shift1,shift2) \ (((( (lzo_uint32)((p)[0]) << shift1) ^ (p)[1]) << shift2) ^ (p)[2]) # define _DV2_B(p,shift1,shift2) \ (((( (lzo_uint32)((p)[2]) << shift1) ^ (p)[1]) << shift2) ^ (p)[0]) # define _DV3_B(p,shift1,shift2,shift3) \ ((_DV2_B((p)+1,shift1,shift2) << (shift3)) ^ (p)[0]) #elif (DL_MIN_LEN == 2) # define _DV2_A(p,shift1,shift2) \ (( (lzo_uint32)(p[0]) << shift1) ^ p[1]) # define _DV2_B(p,shift1,shift2) \ (( (lzo_uint32)(p[1]) << shift1) ^ p[2]) #else # error invalid DL_MIN_LEN #endif #define _DV_A(p,shift) _DV2_A(p,shift,shift) #define _DV_B(p,shift) _DV2_B(p,shift,shift) #define DA2(p,s1,s2) \ (((((lzo_uint32)((p)[2]) << (s2)) + (p)[1]) << (s1)) + (p)[0]) #define DS2(p,s1,s2) \ (((((lzo_uint32)((p)[2]) << (s2)) - (p)[1]) << (s1)) - (p)[0]) #define DX2(p,s1,s2) \ (((((lzo_uint32)((p)[2]) << (s2)) ^ (p)[1]) << (s1)) ^ (p)[0]) #define DA3(p,s1,s2,s3) ((DA2((p)+1,s2,s3) << (s1)) + (p)[0]) #define DS3(p,s1,s2,s3) ((DS2((p)+1,s2,s3) << (s1)) - (p)[0]) #define DX3(p,s1,s2,s3) ((DX2((p)+1,s2,s3) << (s1)) ^ (p)[0]) #define DMS(v,s) ((lzo_uint) (((v) & (D_MASK >> (s))) << (s))) #define DM(v) DMS(v,0) #if (LZO_HASH == LZO_HASH_GZIP) # define _DINDEX(dv,p) (_DV_A((p),DL_SHIFT)) #elif (LZO_HASH == LZO_HASH_GZIP_INCREMENTAL) # define __LZO_HASH_INCREMENTAL # define DVAL_FIRST(dv,p) dv = _DV_A((p),DL_SHIFT) # define DVAL_NEXT(dv,p) dv = (((dv) << DL_SHIFT) ^ p[2]) # define _DINDEX(dv,p) (dv) # define DVAL_LOOKAHEAD DL_MIN_LEN #elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_A) # define __LZO_HASH_INCREMENTAL # define DVAL_FIRST(dv,p) dv = _DV_A((p),5) # define DVAL_NEXT(dv,p) \ dv ^= (lzo_uint32)(p[-1]) << (2*5); dv = (((dv) << 5) ^ p[2]) # define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) # define DVAL_LOOKAHEAD DL_MIN_LEN #elif (LZO_HASH == LZO_HASH_LZO_INCREMENTAL_B) # define __LZO_HASH_INCREMENTAL # define DVAL_FIRST(dv,p) dv = _DV_B((p),5) # define DVAL_NEXT(dv,p) \ dv ^= p[-1]; dv = (((dv) >> 5) ^ ((lzo_uint32)(p[2]) << (2*5))) # define _DINDEX(dv,p) ((0x9f5f * (dv)) >> 5) # define DVAL_LOOKAHEAD DL_MIN_LEN #else # error choose a hashing strategy #endif #ifndef DINDEX #define DINDEX(dv,p) ((lzo_uint)((_DINDEX(dv,p)) & DL_MASK) << DD_BITS) #endif #if !defined(DINDEX1) && defined(D_INDEX1) #define DINDEX1 D_INDEX1 #endif #if !defined(DINDEX2) && defined(D_INDEX2) #define DINDEX2 D_INDEX2 #endif #if !defined(__LZO_HASH_INCREMENTAL) # define DVAL_FIRST(dv,p) ((void) 0) # define DVAL_NEXT(dv,p) ((void) 0) # define DVAL_LOOKAHEAD 0 #endif #if !defined(DVAL_ASSERT) #if defined(__LZO_HASH_INCREMENTAL) && !defined(NDEBUG) static void DVAL_ASSERT(lzo_uint32 dv, const lzo_byte *p) { lzo_uint32 df; DVAL_FIRST(df,(p)); assert(DINDEX(dv,p) == DINDEX(df,p)); } #else # define DVAL_ASSERT(dv,p) ((void) 0) #endif #endif #if defined(LZO_DICT_USE_PTR) # define DENTRY(p,in) (p) # define GINDEX(m_pos,m_off,dict,dindex,in) m_pos = dict[dindex] #else # define DENTRY(p,in) ((lzo_uint) ((p)-(in))) # define GINDEX(m_pos,m_off,dict,dindex,in) m_off = dict[dindex] #endif #if (DD_BITS == 0) # define UPDATE_D(dict,drun,dv,p,in) dict[ DINDEX(dv,p) ] = DENTRY(p,in) # define UPDATE_I(dict,drun,index,p,in) dict[index] = DENTRY(p,in) # define UPDATE_P(ptr,drun,p,in) (ptr)[0] = DENTRY(p,in) #else # define UPDATE_D(dict,drun,dv,p,in) \ dict[ DINDEX(dv,p) + drun++ ] = DENTRY(p,in); drun &= DD_MASK # define UPDATE_I(dict,drun,index,p,in) \ dict[ (index) + drun++ ] = DENTRY(p,in); drun &= DD_MASK # define UPDATE_P(ptr,drun,p,in) \ (ptr) [ drun++ ] = DENTRY(p,in); drun &= DD_MASK #endif #if defined(LZO_DICT_USE_PTR) #define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ (m_pos == NULL || (m_off = (lzo_moff_t) (ip - m_pos)) > max_offset) #define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ (BOUNDS_CHECKING_OFF_IN_EXPR( \ (PTR_LT(m_pos,in) || \ (m_off = (lzo_moff_t) PTR_DIFF(ip,m_pos)) <= 0 || \ m_off > max_offset) )) #else #define LZO_CHECK_MPOS_DET(m_pos,m_off,in,ip,max_offset) \ (m_off == 0 || \ ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ (m_pos = (ip) - (m_off), 0) ) #define LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,max_offset) \ ((lzo_moff_t) ((ip)-(in)) <= m_off || \ ((m_off = (lzo_moff_t) ((ip)-(in)) - m_off) > max_offset) || \ (m_pos = (ip) - (m_off), 0) ) #endif #if defined(LZO_DETERMINISTIC) # define LZO_CHECK_MPOS LZO_CHECK_MPOS_DET #else # define LZO_CHECK_MPOS LZO_CHECK_MPOS_NON_DET #endif #ifdef __cplusplus } #endif #endif #endif #endif #define DO_COMPRESS lzo1x_1_compress static lzo_uint do_compress ( const lzo_byte *in , lzo_uint in_len, lzo_byte *out, lzo_uint *out_len, lzo_voidp wrkmem ) { #if 0 && defined(__GNUC__) && defined(__i386__) register const lzo_byte *ip __asm__("%esi"); #else register const lzo_byte *ip; #endif lzo_byte *op; const lzo_byte * const in_end = in + in_len; const lzo_byte * const ip_end = in + in_len - M2_MAX_LEN - 5; const lzo_byte *ii; lzo_dict_p const dict = (lzo_dict_p) wrkmem; op = out; ip = in; ii = ip; ip += 4; for (;;) { #if 0 && defined(__GNUC__) && defined(__i386__) register const lzo_byte *m_pos __asm__("%edi"); #else register const lzo_byte *m_pos; #endif lzo_moff_t m_off; lzo_uint m_len; lzo_uint dindex; DINDEX1(dindex,ip); GINDEX(m_pos,m_off,dict,dindex,in); if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) goto literal; #if 1 if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) goto try_match; DINDEX2(dindex,ip); #endif GINDEX(m_pos,m_off,dict,dindex,in); if (LZO_CHECK_MPOS_NON_DET(m_pos,m_off,in,ip,M4_MAX_OFFSET)) goto literal; if (m_off <= M2_MAX_OFFSET || m_pos[3] == ip[3]) goto try_match; goto literal; try_match: #if 1 && defined(LZO_UNALIGNED_OK_2) if (* (const lzo_ushortp) m_pos != * (const lzo_ushortp) ip) #else if (m_pos[0] != ip[0] || m_pos[1] != ip[1]) #endif { } else { if (m_pos[2] == ip[2]) { #if 0 if (m_off <= M2_MAX_OFFSET) goto match; if (lit <= 3) goto match; if (lit == 3) { assert(op - 2 > out); op[-2] |= LZO_BYTE(3); *op++ = *ii++; *op++ = *ii++; *op++ = *ii++; goto code_match; } if (m_pos[3] == ip[3]) #endif goto match; } else { #if 0 #if 0 if (m_off <= M1_MAX_OFFSET && lit > 0 && lit <= 3) #else if (m_off <= M1_MAX_OFFSET && lit == 3) #endif { register lzo_uint t; t = lit; assert(op - 2 > out); op[-2] |= LZO_BYTE(t); do *op++ = *ii++; while (--t > 0); assert(ii == ip); m_off -= 1; *op++ = LZO_BYTE(M1_MARKER | ((m_off & 3) << 2)); *op++ = LZO_BYTE(m_off >> 2); ip += 2; goto match_done; } #endif } } literal: UPDATE_I(dict,0,dindex,ip,in); ++ip; if (ip >= ip_end) break; continue; match: UPDATE_I(dict,0,dindex,ip,in); if (ip - ii > 0) { register lzo_uint t = ip - ii; if (t <= 3) { assert(op - 2 > out); op[-2] |= LZO_BYTE(t); } else if (t <= 18) *op++ = LZO_BYTE(t - 3); else { register lzo_uint tt = t - 18; *op++ = 0; while (tt > 255) { tt -= 255; *op++ = 0; } assert(tt > 0); *op++ = LZO_BYTE(tt); } do *op++ = *ii++; while (--t > 0); } assert(ii == ip); ip += 3; if (m_pos[3] != *ip++ || m_pos[4] != *ip++ || m_pos[5] != *ip++ || m_pos[6] != *ip++ || m_pos[7] != *ip++ || m_pos[8] != *ip++ #ifdef LZO1Y || m_pos[ 9] != *ip++ || m_pos[10] != *ip++ || m_pos[11] != *ip++ || m_pos[12] != *ip++ || m_pos[13] != *ip++ || m_pos[14] != *ip++ #endif ) { --ip; m_len = ip - ii; assert(m_len >= 3); assert(m_len <= M2_MAX_LEN); if (m_off <= M2_MAX_OFFSET) { m_off -= 1; #if defined(LZO1X) *op++ = LZO_BYTE(((m_len - 1) << 5) | ((m_off & 7) << 2)); *op++ = LZO_BYTE(m_off >> 3); #elif defined(LZO1Y) *op++ = LZO_BYTE(((m_len + 1) << 4) | ((m_off & 3) << 2)); *op++ = LZO_BYTE(m_off >> 2); #endif } else if (m_off <= M3_MAX_OFFSET) { m_off -= 1; *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); goto m3_m4_offset; } else #if defined(LZO1X) { m_off -= 0x4000; assert(m_off > 0); assert(m_off <= 0x7fff); *op++ = LZO_BYTE(M4_MARKER | ((m_off & 0x4000) >> 11) | (m_len - 2)); goto m3_m4_offset; } #elif defined(LZO1Y) goto m4_match; #endif } else { { const lzo_byte *end = in_end; const lzo_byte *m = m_pos + M2_MAX_LEN + 1; while (ip < end && *m == *ip) m++, ip++; m_len = (ip - ii); } assert(m_len > M2_MAX_LEN); if (m_off <= M3_MAX_OFFSET) { m_off -= 1; if (m_len <= 33) *op++ = LZO_BYTE(M3_MARKER | (m_len - 2)); else { m_len -= 33; *op++ = M3_MARKER | 0; goto m3_m4_len; } } else { #if defined(LZO1Y) m4_match: #endif m_off -= 0x4000; assert(m_off > 0); assert(m_off <= 0x7fff); if (m_len <= M4_MAX_LEN) *op++ = LZO_BYTE(M4_MARKER | ((m_off & 0x4000) >> 11) | (m_len - 2)); else { m_len -= M4_MAX_LEN; *op++ = LZO_BYTE(M4_MARKER | ((m_off & 0x4000) >> 11)); m3_m4_len: while (m_len > 255) { m_len -= 255; *op++ = 0; } assert(m_len > 0); *op++ = LZO_BYTE(m_len); } } m3_m4_offset: *op++ = LZO_BYTE((m_off & 63) << 2); *op++ = LZO_BYTE(m_off >> 6); } #if 0 match_done: #endif ii = ip; if (ip >= ip_end) break; } *out_len = op - out; return (lzo_uint) (in_end - ii); } LZO_PUBLIC(int) DO_COMPRESS ( const lzo_byte *in , lzo_uint in_len, lzo_byte *out, lzo_uint *out_len, lzo_voidp wrkmem ) { lzo_byte *op = out; lzo_uint t; #if defined(__LZO_QUERY_COMPRESS) if (__LZO_IS_COMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) return __LZO_QUERY_COMPRESS(in,in_len,out,out_len,wrkmem,D_SIZE,lzo_sizeof(lzo_dict_t)); #endif if (in_len <= M2_MAX_LEN + 5) t = in_len; else { t = do_compress(in,in_len,op,out_len,wrkmem); op += *out_len; } if (t > 0) { const lzo_byte *ii = in + in_len - t; if (op == out && t <= 238) *op++ = LZO_BYTE(17 + t); else if (t <= 3) op[-2] |= LZO_BYTE(t); else if (t <= 18) *op++ = LZO_BYTE(t - 3); else { lzo_uint tt = t - 18; *op++ = 0; while (tt > 255) { tt -= 255; *op++ = 0; } assert(tt > 0); *op++ = LZO_BYTE(tt); } do *op++ = *ii++; while (--t > 0); } *op++ = M4_MARKER | 1; *op++ = 0; *op++ = 0; *out_len = op - out; return LZO_E_OK; } #undef do_compress #undef DO_COMPRESS #undef LZO_HASH #undef LZO_TEST_DECOMPRESS_OVERRUN #undef LZO_TEST_DECOMPRESS_OVERRUN_INPUT #undef LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT #undef LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND #undef DO_DECOMPRESS #define DO_DECOMPRESS lzo1x_decompress #if defined(LZO_TEST_DECOMPRESS_OVERRUN) # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) # define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 # endif # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) # define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 # endif # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) # define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND # endif #endif #undef TEST_IP #undef TEST_OP #undef TEST_LOOKBEHIND #undef NEED_IP #undef NEED_OP #undef HAVE_TEST_IP #undef HAVE_TEST_OP #undef HAVE_NEED_IP #undef HAVE_NEED_OP #undef HAVE_ANY_IP #undef HAVE_ANY_OP #if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) # if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) # define TEST_IP (ip < ip_end) # endif # if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) # define NEED_IP(x) \ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun # endif #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) # if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) # define TEST_OP (op <= op_end) # endif # if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) # undef TEST_OP # define NEED_OP(x) \ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun # endif #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) # define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun #else # define TEST_LOOKBEHIND(m_pos,op) ((void) 0) #endif #if !defined(LZO_EOF_CODE) && !defined(TEST_IP) # define TEST_IP (ip < ip_end) #endif #if defined(TEST_IP) # define HAVE_TEST_IP #else # define TEST_IP 1 #endif #if defined(TEST_OP) # define HAVE_TEST_OP #else # define TEST_OP 1 #endif #if defined(NEED_IP) # define HAVE_NEED_IP #else # define NEED_IP(x) ((void) 0) #endif #if defined(NEED_OP) # define HAVE_NEED_OP #else # define NEED_OP(x) ((void) 0) #endif #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) # define HAVE_ANY_IP #endif #if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) # define HAVE_ANY_OP #endif #if defined(DO_DECOMPRESS) LZO_PUBLIC(int) DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, lzo_byte *out, lzo_uint *out_len, lzo_voidp wrkmem ) #endif { register lzo_byte *op; register const lzo_byte *ip; register lzo_uint t; #if defined(COPY_DICT) lzo_uint m_off; const lzo_byte *dict_end; #else register const lzo_byte *m_pos; #endif const lzo_byte * const ip_end = in + in_len; #if defined(HAVE_ANY_OP) lzo_byte * const op_end = out + *out_len; #endif #if defined(LZO1Z) lzo_uint last_m_off = 0; #endif LZO_UNUSED(wrkmem); #if defined(__LZO_QUERY_DECOMPRESS) if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); #endif #if defined(COPY_DICT) if (dict) { if (dict_len > M4_MAX_OFFSET) { dict += dict_len - M4_MAX_OFFSET; dict_len = M4_MAX_OFFSET; } dict_end = dict + dict_len; } else { dict_len = 0; dict_end = NULL; } #endif *out_len = 0; op = out; ip = in; if (*ip > 17) { t = *ip++ - 17; if (t < 4) goto match_next; assert(t > 0); NEED_OP(t); NEED_IP(t+1); do *op++ = *ip++; while (--t > 0); goto first_literal_run; } while (TEST_IP && TEST_OP) { t = *ip++; if (t >= 16) goto match; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 15 + *ip++; } assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); #if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) #if !defined(LZO_UNALIGNED_OK_4) if (PTR_ALIGNED2_4(op,ip)) { #endif * (lzo_uint32p) op = * (const lzo_uint32p) ip; op += 4; ip += 4; if (--t > 0) { if (t >= 4) { do { * (lzo_uint32p) op = * (const lzo_uint32p) ip; op += 4; ip += 4; t -= 4; } while (t >= 4); if (t > 0) do *op++ = *ip++; while (--t > 0); } else do *op++ = *ip++; while (--t > 0); } #if !defined(LZO_UNALIGNED_OK_4) } else #endif #endif #if !defined(LZO_UNALIGNED_OK_4) { *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; do *op++ = *ip++; while (--t > 0); } #endif first_literal_run: t = *ip++; if (t >= 16) goto match; #if defined(COPY_DICT) #if defined(LZO1Z) m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); last_m_off = m_off; #else m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); #endif NEED_OP(3); t = 3; COPY_DICT(t,m_off) #else #if defined(LZO1Z) t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); m_pos = op - t; last_m_off = t; #else m_pos = op - (1 + M2_MAX_OFFSET); m_pos -= t >> 2; m_pos -= *ip++ << 2; #endif TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; #endif goto match_done; while (TEST_IP && TEST_OP) { match: if (t >= 64) { #if defined(COPY_DICT) #if defined(LZO1X) m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); t = (t >> 5) - 1; #elif defined(LZO1Y) m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); t = (t >> 4) - 3; #elif defined(LZO1Z) m_off = t & 0x1f; if (m_off >= 0x1c) m_off = last_m_off; else { m_off = 1 + (m_off << 6) + (*ip++ >> 2); last_m_off = m_off; } t = (t >> 5) - 1; #endif #else #if defined(LZO1X) m_pos = op - 1; m_pos -= (t >> 2) & 7; m_pos -= *ip++ << 3; t = (t >> 5) - 1; #elif defined(LZO1Y) m_pos = op - 1; m_pos -= (t >> 2) & 3; m_pos -= *ip++ << 2; t = (t >> 4) - 3; #elif defined(LZO1Z) { lzo_uint off = t & 0x1f; m_pos = op; if (off >= 0x1c) { assert(last_m_off > 0); m_pos -= last_m_off; } else { off = 1 + (off << 6) + (*ip++ >> 2); m_pos -= off; last_m_off = off; } } t = (t >> 5) - 1; #endif TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); goto copy_match; #endif } else if (t >= 32) { t &= 31; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 31 + *ip++; } #if defined(COPY_DICT) #if defined(LZO1Z) m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); last_m_off = m_off; #else m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); #endif #else #if defined(LZO1Z) { lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); m_pos = op - off; last_m_off = off; } #elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) m_pos = op - 1; m_pos -= (* (const lzo_ushortp) ip) >> 2; #else m_pos = op - 1; m_pos -= (ip[0] >> 2) + (ip[1] << 6); #endif #endif ip += 2; } else if (t >= 16) { #if defined(COPY_DICT) m_off = (t & 8) << 11; #else m_pos = op; m_pos -= (t & 8) << 11; #endif t &= 7; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 7 + *ip++; } #if defined(COPY_DICT) #if defined(LZO1Z) m_off += (ip[0] << 6) + (ip[1] >> 2); #else m_off += (ip[0] >> 2) + (ip[1] << 6); #endif ip += 2; if (m_off == 0) goto eof_found; m_off += 0x4000; #if defined(LZO1Z) last_m_off = m_off; #endif #else #if defined(LZO1Z) m_pos -= (ip[0] << 6) + (ip[1] >> 2); #elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) m_pos -= (* (const lzo_ushortp) ip) >> 2; #else m_pos -= (ip[0] >> 2) + (ip[1] << 6); #endif ip += 2; if (m_pos == op) goto eof_found; m_pos -= 0x4000; #if defined(LZO1Z) last_m_off = op - m_pos; #endif #endif } else { #if defined(COPY_DICT) #if defined(LZO1Z) m_off = 1 + (t << 6) + (*ip++ >> 2); last_m_off = m_off; #else m_off = 1 + (t >> 2) + (*ip++ << 2); #endif NEED_OP(2); t = 2; COPY_DICT(t,m_off) #else #if defined(LZO1Z) t = 1 + (t << 6) + (*ip++ >> 2); m_pos = op - t; last_m_off = t; #else m_pos = op - 1; m_pos -= t >> 2; m_pos -= *ip++ << 2; #endif TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); *op++ = *m_pos++; *op++ = *m_pos; #endif goto match_done; } #if defined(COPY_DICT) NEED_OP(t+3-1); t += 3-1; COPY_DICT(t,m_off) #else TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); #if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) #if !defined(LZO_UNALIGNED_OK_4) if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) { assert((op - m_pos) >= 4); #else if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) { #endif * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; op += 4; m_pos += 4; t -= 4 - (3 - 1); do { * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; op += 4; m_pos += 4; t -= 4; } while (t >= 4); if (t > 0) do *op++ = *m_pos++; while (--t > 0); } else #endif { copy_match: *op++ = *m_pos++; *op++ = *m_pos++; do *op++ = *m_pos++; while (--t > 0); } #endif match_done: #if defined(LZO1Z) t = ip[-1] & 3; #else t = ip[-2] & 3; #endif if (t == 0) break; match_next: assert(t > 0); NEED_OP(t); NEED_IP(t+1); do *op++ = *ip++; while (--t > 0); t = *ip++; } } #if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) *out_len = op - out; return LZO_E_EOF_NOT_FOUND; #endif eof_found: assert(t == 1); *out_len = op - out; return (ip == ip_end ? LZO_E_OK : (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); #if defined(HAVE_NEED_IP) input_overrun: *out_len = op - out; return LZO_E_INPUT_OVERRUN; #endif #if defined(HAVE_NEED_OP) output_overrun: *out_len = op - out; return LZO_E_OUTPUT_OVERRUN; #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) lookbehind_overrun: *out_len = op - out; return LZO_E_LOOKBEHIND_OVERRUN; #endif } #define LZO_TEST_DECOMPRESS_OVERRUN #undef DO_DECOMPRESS #define DO_DECOMPRESS lzo1x_decompress_safe #if defined(LZO_TEST_DECOMPRESS_OVERRUN) # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) # define LZO_TEST_DECOMPRESS_OVERRUN_INPUT 2 # endif # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) # define LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT 2 # endif # if !defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) # define LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND # endif #endif #undef TEST_IP #undef TEST_OP #undef TEST_LOOKBEHIND #undef NEED_IP #undef NEED_OP #undef HAVE_TEST_IP #undef HAVE_TEST_OP #undef HAVE_NEED_IP #undef HAVE_NEED_OP #undef HAVE_ANY_IP #undef HAVE_ANY_OP #if defined(LZO_TEST_DECOMPRESS_OVERRUN_INPUT) # if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 1) # define TEST_IP (ip < ip_end) # endif # if (LZO_TEST_DECOMPRESS_OVERRUN_INPUT >= 2) # define NEED_IP(x) \ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun # endif #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT) # if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 1) # define TEST_OP (op <= op_end) # endif # if (LZO_TEST_DECOMPRESS_OVERRUN_OUTPUT >= 2) # undef TEST_OP # define NEED_OP(x) \ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun # endif #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) # define TEST_LOOKBEHIND(m_pos,out) if (m_pos < out) goto lookbehind_overrun #else # define TEST_LOOKBEHIND(m_pos,op) ((void) 0) #endif #if !defined(LZO_EOF_CODE) && !defined(TEST_IP) # define TEST_IP (ip < ip_end) #endif #if defined(TEST_IP) # define HAVE_TEST_IP #else # define TEST_IP 1 #endif #if defined(TEST_OP) # define HAVE_TEST_OP #else # define TEST_OP 1 #endif #if defined(NEED_IP) # define HAVE_NEED_IP #else # define NEED_IP(x) ((void) 0) #endif #if defined(NEED_OP) # define HAVE_NEED_OP #else # define NEED_OP(x) ((void) 0) #endif #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) # define HAVE_ANY_IP #endif #if defined(HAVE_TEST_OP) || defined(HAVE_NEED_OP) # define HAVE_ANY_OP #endif #if defined(DO_DECOMPRESS) LZO_PUBLIC(int) DO_DECOMPRESS ( const lzo_byte *in , lzo_uint in_len, lzo_byte *out, lzo_uint *out_len, lzo_voidp wrkmem ) #endif { register lzo_byte *op; register const lzo_byte *ip; register lzo_uint t; #if defined(COPY_DICT) lzo_uint m_off; const lzo_byte *dict_end; #else register const lzo_byte *m_pos; #endif const lzo_byte * const ip_end = in + in_len; #if defined(HAVE_ANY_OP) lzo_byte * const op_end = out + *out_len; #endif #if defined(LZO1Z) lzo_uint last_m_off = 0; #endif LZO_UNUSED(wrkmem); #if defined(__LZO_QUERY_DECOMPRESS) if (__LZO_IS_DECOMPRESS_QUERY(in,in_len,out,out_len,wrkmem)) return __LZO_QUERY_DECOMPRESS(in,in_len,out,out_len,wrkmem,0,0); #endif #if defined(COPY_DICT) if (dict) { if (dict_len > M4_MAX_OFFSET) { dict += dict_len - M4_MAX_OFFSET; dict_len = M4_MAX_OFFSET; } dict_end = dict + dict_len; } else { dict_len = 0; dict_end = NULL; } #endif *out_len = 0; op = out; ip = in; if (*ip > 17) { t = *ip++ - 17; if (t < 4) goto match_next; assert(t > 0); NEED_OP(t); NEED_IP(t+1); do *op++ = *ip++; while (--t > 0); goto first_literal_run; } while (TEST_IP && TEST_OP) { t = *ip++; if (t >= 16) goto match; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 15 + *ip++; } assert(t > 0); NEED_OP(t+3); NEED_IP(t+4); #if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) #if !defined(LZO_UNALIGNED_OK_4) if (PTR_ALIGNED2_4(op,ip)) { #endif * (lzo_uint32p) op = * (const lzo_uint32p) ip; op += 4; ip += 4; if (--t > 0) { if (t >= 4) { do { * (lzo_uint32p) op = * (const lzo_uint32p) ip; op += 4; ip += 4; t -= 4; } while (t >= 4); if (t > 0) do *op++ = *ip++; while (--t > 0); } else do *op++ = *ip++; while (--t > 0); } #if !defined(LZO_UNALIGNED_OK_4) } else #endif #endif #if !defined(LZO_UNALIGNED_OK_4) { *op++ = *ip++; *op++ = *ip++; *op++ = *ip++; do *op++ = *ip++; while (--t > 0); } #endif first_literal_run: t = *ip++; if (t >= 16) goto match; #if defined(COPY_DICT) #if defined(LZO1Z) m_off = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); last_m_off = m_off; #else m_off = (1 + M2_MAX_OFFSET) + (t >> 2) + (*ip++ << 2); #endif NEED_OP(3); t = 3; COPY_DICT(t,m_off) #else #if defined(LZO1Z) t = (1 + M2_MAX_OFFSET) + (t << 6) + (*ip++ >> 2); m_pos = op - t; last_m_off = t; #else m_pos = op - (1 + M2_MAX_OFFSET); m_pos -= t >> 2; m_pos -= *ip++ << 2; #endif TEST_LOOKBEHIND(m_pos,out); NEED_OP(3); *op++ = *m_pos++; *op++ = *m_pos++; *op++ = *m_pos; #endif goto match_done; while (TEST_IP && TEST_OP) { match: if (t >= 64) { #if defined(COPY_DICT) #if defined(LZO1X) m_off = 1 + ((t >> 2) & 7) + (*ip++ << 3); t = (t >> 5) - 1; #elif defined(LZO1Y) m_off = 1 + ((t >> 2) & 3) + (*ip++ << 2); t = (t >> 4) - 3; #elif defined(LZO1Z) m_off = t & 0x1f; if (m_off >= 0x1c) m_off = last_m_off; else { m_off = 1 + (m_off << 6) + (*ip++ >> 2); last_m_off = m_off; } t = (t >> 5) - 1; #endif #else #if defined(LZO1X) m_pos = op - 1; m_pos -= (t >> 2) & 7; m_pos -= *ip++ << 3; t = (t >> 5) - 1; #elif defined(LZO1Y) m_pos = op - 1; m_pos -= (t >> 2) & 3; m_pos -= *ip++ << 2; t = (t >> 4) - 3; #elif defined(LZO1Z) { lzo_uint off = t & 0x1f; m_pos = op; if (off >= 0x1c) { assert(last_m_off > 0); m_pos -= last_m_off; } else { off = 1 + (off << 6) + (*ip++ >> 2); m_pos -= off; last_m_off = off; } } t = (t >> 5) - 1; #endif TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); goto copy_match; #endif } else if (t >= 32) { t &= 31; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 31 + *ip++; } #if defined(COPY_DICT) #if defined(LZO1Z) m_off = 1 + (ip[0] << 6) + (ip[1] >> 2); last_m_off = m_off; #else m_off = 1 + (ip[0] >> 2) + (ip[1] << 6); #endif #else #if defined(LZO1Z) { lzo_uint off = 1 + (ip[0] << 6) + (ip[1] >> 2); m_pos = op - off; last_m_off = off; } #elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) m_pos = op - 1; m_pos -= (* (const lzo_ushortp) ip) >> 2; #else m_pos = op - 1; m_pos -= (ip[0] >> 2) + (ip[1] << 6); #endif #endif ip += 2; } else if (t >= 16) { #if defined(COPY_DICT) m_off = (t & 8) << 11; #else m_pos = op; m_pos -= (t & 8) << 11; #endif t &= 7; if (t == 0) { NEED_IP(1); while (*ip == 0) { t += 255; ip++; NEED_IP(1); } t += 7 + *ip++; } #if defined(COPY_DICT) #if defined(LZO1Z) m_off += (ip[0] << 6) + (ip[1] >> 2); #else m_off += (ip[0] >> 2) + (ip[1] << 6); #endif ip += 2; if (m_off == 0) goto eof_found; m_off += 0x4000; #if defined(LZO1Z) last_m_off = m_off; #endif #else #if defined(LZO1Z) m_pos -= (ip[0] << 6) + (ip[1] >> 2); #elif defined(LZO_UNALIGNED_OK_2) && (LZO_BYTE_ORDER == LZO_LITTLE_ENDIAN) m_pos -= (* (const lzo_ushortp) ip) >> 2; #else m_pos -= (ip[0] >> 2) + (ip[1] << 6); #endif ip += 2; if (m_pos == op) goto eof_found; m_pos -= 0x4000; #if defined(LZO1Z) last_m_off = op - m_pos; #endif #endif } else { #if defined(COPY_DICT) #if defined(LZO1Z) m_off = 1 + (t << 6) + (*ip++ >> 2); last_m_off = m_off; #else m_off = 1 + (t >> 2) + (*ip++ << 2); #endif NEED_OP(2); t = 2; COPY_DICT(t,m_off) #else #if defined(LZO1Z) t = 1 + (t << 6) + (*ip++ >> 2); m_pos = op - t; last_m_off = t; #else m_pos = op - 1; m_pos -= t >> 2; m_pos -= *ip++ << 2; #endif TEST_LOOKBEHIND(m_pos,out); NEED_OP(2); *op++ = *m_pos++; *op++ = *m_pos; #endif goto match_done; } #if defined(COPY_DICT) NEED_OP(t+3-1); t += 3-1; COPY_DICT(t,m_off) #else TEST_LOOKBEHIND(m_pos,out); assert(t > 0); NEED_OP(t+3-1); #if defined(LZO_UNALIGNED_OK_4) || defined(LZO_ALIGNED_OK_4) #if !defined(LZO_UNALIGNED_OK_4) if (t >= 2 * 4 - (3 - 1) && PTR_ALIGNED2_4(op,m_pos)) { assert((op - m_pos) >= 4); #else if (t >= 2 * 4 - (3 - 1) && (op - m_pos) >= 4) { #endif * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; op += 4; m_pos += 4; t -= 4 - (3 - 1); do { * (lzo_uint32p) op = * (const lzo_uint32p) m_pos; op += 4; m_pos += 4; t -= 4; } while (t >= 4); if (t > 0) do *op++ = *m_pos++; while (--t > 0); } else #endif { copy_match: *op++ = *m_pos++; *op++ = *m_pos++; do *op++ = *m_pos++; while (--t > 0); } #endif match_done: #if defined(LZO1Z) t = ip[-1] & 3; #else t = ip[-2] & 3; #endif if (t == 0) break; match_next: assert(t > 0); NEED_OP(t); NEED_IP(t+1); do *op++ = *ip++; while (--t > 0); t = *ip++; } } #if defined(HAVE_TEST_IP) || defined(HAVE_TEST_OP) *out_len = op - out; return LZO_E_EOF_NOT_FOUND; #endif eof_found: assert(t == 1); *out_len = op - out; return (ip == ip_end ? LZO_E_OK : (ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN)); #if defined(HAVE_NEED_IP) input_overrun: *out_len = op - out; return LZO_E_INPUT_OVERRUN; #endif #if defined(HAVE_NEED_OP) output_overrun: *out_len = op - out; return LZO_E_OUTPUT_OVERRUN; #endif #if defined(LZO_TEST_DECOMPRESS_OVERRUN_LOOKBEHIND) lookbehind_overrun: *out_len = op - out; return LZO_E_LOOKBEHIND_OVERRUN; #endif } /***** End of minilzo.c *****/ samhain-3.1.0/src/sh_utmp.c0000644000175000017500000007006311667110521012474 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 1999 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include #include #ifdef HAVE_UTADDR #include #include #ifndef S_SPLINT_S #include #else #define AF_INET 2 #endif #endif #ifdef SH_USE_UTMP #ifdef HAVE_UTMPX_H #ifdef S_SPLINT_S typedef pid_t __pid_t; #endif #include #define SH_UTMP_S utmpx #undef ut_name #define ut_name ut_user #ifdef HAVE_UTXTIME #undef ut_time #define ut_time ut_xtime #else #undef ut_time #define ut_time ut_tv.tv_sec #endif #else #include #define SH_UTMP_S utmp #endif #ifdef HAVE_PATHS_H #include #endif #undef FIL__ #define FIL__ _("sh_utmp.c") #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) #include "samhain.h" #include "sh_utils.h" #include "sh_error.h" #include "sh_modules.h" #include "sh_utmp.h" #include "sh_pthread.h" #include "sh_inotify.h" SH_MUTEX_EXTERN(mutex_thread_nolog); #ifdef TM_IN_SYS_TIME #include #else #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_DIRENT_H #include #define NAMLEN(dirent) sl_strlen((dirent)->d_name) #else #define dirent direct #define NAMLEN(dirent) (dirent)->d_namlen #ifdef HAVE_SYS_NDIR_H #include #endif #ifdef HAVE_SYS_DIR_H #include #endif #ifdef HAVE_NDIR_H #include #endif #endif #ifndef HAVE_LSTAT #define lstat stat #endif #ifndef UT_LINESIZE #ifndef __UT_LINESIZE #define UT_LINESIZE 12 #else #define UT_LINESIZE __UT_LINESIZE #endif #endif #ifndef UT_NAMESIZE #ifndef __UT_NAMESIZE #define UT_NAMESIZE 8 #else #define UT_NAMESIZE __UT_NAMESIZE #endif #endif #ifndef UT_HOSTSIZE #ifndef __UT_HOSTSIZE #define UT_HOSTSIZE 16 #else #define UT_HOSTSIZE __UT_HOSTSIZE #endif #endif #ifdef HAVE_UTMPX_H #ifndef _PATH_UTMP #ifdef UTMPX_FILE #define _PATH_UTMP UTMPX_FILE #else #error You must define UTMPX_FILE in the file config.h #endif #endif #ifndef _PATH_WTMP #ifdef WTMPX_FILE #define _PATH_WTMP WTMPX_FILE #else #error You must define WTMPX_FILE in the file config.h #endif #endif #else #ifndef _PATH_UTMP #ifdef UTMP_FILE #define _PATH_UTMP UTMP_FILE #else #error You must define UTMP_FILE in the file config.h #endif #endif #ifndef _PATH_WTMP #ifdef WTMP_FILE #define _PATH_WTMP WTMP_FILE #else #error You must define WTMP_FILE in the file config.h #endif #endif #endif typedef struct log_user { char ut_tty[UT_LINESIZE+1]; char name[UT_NAMESIZE+1]; char ut_host[UT_HOSTSIZE+1]; char ut_ship[SH_IP_BUF]; /* IP address */ time_t time; struct log_user * next; } blah_utmp; #ifdef HAVE_UTTYPE static char terminated_line[UT_HOSTSIZE]; #endif static char * mode_path[] = { _PATH_WTMP, _PATH_WTMP, _PATH_UTMP }; static struct SH_UTMP_S save_utmp; static void sh_utmp_logout_morechecks(struct log_user * user); static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut); static void sh_utmp_addlogin (struct SH_UTMP_S * ut); static void sh_utmp_check_internal(int mode); static int ShUtmpLoginSolo = SH_ERR_INFO; static int ShUtmpLoginMulti = SH_ERR_WARN; static int ShUtmpLogout = SH_ERR_INFO; static int ShUtmpActive = S_TRUE; static time_t ShUtmpInterval = 300; sh_rconf sh_utmp_table[] = { { N_("severityloginmulti"), sh_utmp_set_login_multi }, { N_("severitylogin"), sh_utmp_set_login_solo }, { N_("severitylogout"), sh_utmp_set_logout_good }, { N_("logincheckactive"), sh_utmp_set_login_activate }, { N_("logincheckinterval"), sh_utmp_set_login_timer }, { N_("logincheckfirst"), sh_login_set_checklevel }, { N_("logincheckoutlier"), sh_login_set_siglevel }, { N_("logincheckdate"), sh_login_set_def_allow }, { N_("logincheckuserdate"), sh_login_set_user_allow }, { NULL, NULL }, }; static void set_defaults(void) { ShUtmpLoginSolo = SH_ERR_INFO; ShUtmpLoginMulti = SH_ERR_WARN; ShUtmpLogout = SH_ERR_INFO; ShUtmpActive = S_TRUE; ShUtmpInterval = 300; sh_login_reset(); return; } #if defined (HAVE_SETUTENT) && defined (USE_SETUTENT) #ifdef HAVE_UTMPX_H #define sh_utmp_utmpname utmpxname #define sh_utmp_setutent setutxent #define sh_utmp_endutent endutxent #define sh_utmp_getutent getutxent #define sh_utmp_getutid getutxid #define sh_utmp_getutline getutxline #else #define sh_utmp_utmpname utmpname #define sh_utmp_setutent setutent #define sh_utmp_endutent endutent #define sh_utmp_getutent getutent #define sh_utmp_getutid getutid #define sh_utmp_getutline getutline #endif #else /* BSD lacks getutent() etc. * utmpname(), setutent(), and endutent() return void, * so we do not perform much error handling. * Errors must be recognized by getutent() returning NULL. * Apparently, the application cannot check whether wtmp is empty, * or whether there was an fopen() error. */ static FILE * sh_utmpfile = NULL; static char sh_utmppath[80] = _PATH_UTMP; /* sh_utmp_feed_forward is for optimizing * (fseek instead of getutent loop) */ static long sh_utmp_feed_forward = 0; static void sh_utmp_utmpname(const char * str) { SL_ENTER(_("sh_utmp_utmpname")); if (sh_utmpfile != NULL) { (void) sl_fclose (FIL__, __LINE__, sh_utmpfile); sh_utmpfile = NULL; } (void) sl_strlcpy (sh_utmppath, str, 80); SL_RET0(_("sh_utmp_utmpname")); } static void sh_utmp_setutent(void) { int error; int fd; SL_ENTER(_("sh_utmp_setutent")); ASSERT((sh_utmppath != NULL), _("sh_utmppath != NULL")); if (sh_utmppath == NULL) SL_RET0(_("sh_utmp_setutent")); if (sh_utmpfile == NULL) { SH_MUTEX_LOCK(mutex_thread_nolog); fd = (int) aud_open (FIL__, __LINE__, SL_NOPRIV, sh_utmppath, O_RDONLY, 0); SH_MUTEX_UNLOCK(mutex_thread_nolog); if (fd >= 0) { sh_utmpfile = fdopen(fd, "r"); } /* -- If (sh_utmpfile == NULL) then either the open() or the fdopen() * has failed. */ if (sh_utmpfile == NULL) { error = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_ACCESS, (long) sh.real.uid, sh_utmppath); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RET0(_("sh_utmp_setutent")); } } (void) fseek (sh_utmpfile, 0L, SEEK_SET); if (-1 == fseek (sh_utmpfile, sh_utmp_feed_forward, SEEK_CUR)) { sh_utmp_feed_forward = 0; /* modified Apr 4, 2004 */ (void) fseek (sh_utmpfile, 0L, SEEK_SET); } clearerr (sh_utmpfile); SL_RET0(_("sh_utmp_setutent")); } static void sh_utmp_endutent(void) { SL_ENTER(_("sh_utmp_endutent")); if (NULL != sh_utmpfile) (void) sl_fclose(FIL__, __LINE__, sh_utmpfile); sh_utmpfile = NULL; SL_RET0(_("sh_utmp_endutent")); } static struct SH_UTMP_S * sh_utmp_getutent(void) { size_t in; static struct SH_UTMP_S out; SL_ENTER(_("sh_utmp_getutent")); ASSERT_RET((sh_utmpfile != NULL), _("sh_utmpfile != NULL"), (NULL)) in = fread (&out, sizeof(struct SH_UTMP_S), 1, sh_utmpfile); if (in != 1) { if (ferror (sh_utmpfile) != 0) { clearerr (sh_utmpfile); SL_RETURN(NULL, _("sh_utmp_getutent")); } else { SL_RETURN(NULL, _("sh_utmp_getutent")); } } SL_RETURN(&out, _("sh_utmp_getutent")); } #ifdef USE_UNUSED static struct SH_UTMP_S * sh_utmp_getutline(struct SH_UTMP_S * ut) { struct SH_UTMP_S * out; while (1) { if ((out = sh_utmp_getutent()) == NULL) { return NULL; } #ifdef HAVE_UTTYPE if (out->ut_type == USER_PROCESS || out->ut_type == LOGIN_PROCESS) if (sl_strcmp(ut->ut_line, out->ut_line) == 0) return out; #else if ( 0 != sl_strncmp (out->ut_name, "reboot", 6) && 0 != sl_strncmp (out->ut_name, "shutdown", 8) && 0 != sl_strncmp (out->ut_name, "date", 4) ) return out; #endif } return NULL; } static struct SH_UTMP_S * sh_utmp_getutid(struct SH_UTMP_S * ut) { #ifdef HAVE_UTTYPE struct SH_UTMP_S * out; if (ut->ut_type == RUN_LVL || ut->ut_type == BOOT_TIME || ut->ut_type == NEW_TIME || ut->ut_type == OLD_TIME) { while (1) { if ((out = sh_utmp_getutent()) == NULL) { return NULL; } if (out->ut_type == ut->ut_type) return out; } } else if (ut->ut_type == INIT_PROCESS || ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS || ut->ut_type == DEAD_PROCESS ) { while (1) { if ((out = sh_utmp_getutent()) == NULL) { return NULL; } if (sl_strcmp(ut->ut_id, out->ut_id) == 0) return out; } } #endif return NULL; } /* #ifdef USE_UNUSED */ #endif /* #ifdef HAVE_SETUTENT */ #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 static char * my_inet_ntoa(SINT32 * ut_addr_v6, char * buf, size_t buflen) { struct in_addr in; buf[0] = '\0'; if (0 == (ut_addr_v6[1] + ut_addr_v6[2] + ut_addr_v6[3])) { memcpy(&in, ut_addr_v6, sizeof(struct in_addr)); sl_strlcpy(buf, inet_ntoa(in), buflen); } else { inet_ntop(AF_INET6, ut_addr_v6, buf, buflen); } return buf; } #else static char * my_inet_ntoa(SINT32 ut_addr, char * buf, size_t buflen) { struct in_addr in; buf[0] = '\0'; memcpy(&in, ut_addr, sizeof(struct in_addr)); sl_strlcpy(buf, inet_ntoa(in), buflen); return buf; } #endif /* #ifdef HAVE_UTADDR */ #endif #if defined(__linux__) && !defined(ut_addr) #define ut_addr ut_addr_v6[0] #endif static struct log_user * userlist = NULL; static time_t lastcheck; static int init_done = 0; /************* * * module init * *************/ static int sh_utmp_init_internal (void) { SL_ENTER(_("sh_utmp_init")); if (ShUtmpActive == BAD) SL_RETURN( (-1), _("sh_utmp_init")); /* do not re-initialize after a re-configuration */ if (init_done == 1) { SL_RETURN( (0), _("sh_utmp_init")); } lastcheck = time (NULL); userlist = NULL; memset (&save_utmp, 0, sizeof(struct SH_UTMP_S)); sh_utmp_check_internal (2); /* current logins */ sh_utmp_check_internal (0); init_done = 1; SL_RETURN( (0), _("sh_utmp_init")); } int sh_utmp_init (struct mod_type * arg) { #if !defined(HAVE_PTHREAD) (void) arg; #endif if (ShUtmpActive == BAD) return SH_MOD_FAILED; #ifdef HAVE_PTHREAD if (arg != NULL && arg->initval < 0 && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) return SH_MOD_THREAD; else return SH_MOD_FAILED; } else if (arg != NULL && arg->initval == SH_MOD_THREAD && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { return SH_MOD_THREAD; } #endif return sh_utmp_init_internal(); } /************* * * module cleanup * *************/ #ifdef HAVE_UTTYPE static int sh_utmp_login_clean(void); #endif #if defined(HAVE_PTHREAD) static sh_watches inotify_watch = SH_INOTIFY_INITIALIZER; #endif int sh_utmp_end () { struct log_user * user = userlist; struct log_user * userold; SL_ENTER(_("sh_utmp_end")); while (user) { userold = user; user = user->next; SH_FREE(userold); } userlist = NULL; #ifdef HAVE_UTTYPE (void) sh_utmp_login_clean(); #endif /* Reset the flag, such that the module * can be re-enabled. */ set_defaults(); init_done = 0; #if defined(HAVE_PTHREAD) sh_inotify_remove(&inotify_watch); #endif SL_RETURN( (0), _("sh_utmp_end")); } int sh_utmp_reconf() { set_defaults(); #if defined(HAVE_PTHREAD) sh_inotify_remove(&inotify_watch); #endif return 0; } /************* * * module timer * *************/ int sh_utmp_timer (time_t tcurrent) { #if !defined(HAVE_PTHREAD) retry_msleep(1, 0); if ((time_t) (tcurrent - lastcheck) >= ShUtmpInterval) { lastcheck = tcurrent; return (-1); } return 0; #else int errnum = 0; if ( (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE) && sh.flag.checkSum != SH_CHECK_INIT ) { sh_inotify_wait_for_change(mode_path[1], &inotify_watch, &errnum, ShUtmpInterval); } lastcheck = tcurrent; if (SH_INOTIFY_ERROR(errnum)) { char ebuf[SH_ERRBUF_SIZE]; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_message(errnum, ebuf, sizeof(ebuf)); sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, errnum, MSG_E_SUBGEN, ebuf, _("sh_utmp_timer") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } return -1; #endif } /************* * * module check * *************/ int sh_utmp_check () { SL_ENTER(_("sh_utmp_check")); if (ShUtmpActive == BAD) { #if defined(HAVE_PTHREAD) sh_inotify_remove(&inotify_watch); #endif SL_RETURN( (-1), _("sh_utmp_check")); } SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_UT_CHECK); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_check_internal (1); SL_RETURN(0, _("sh_utmp_check")); } /************* * * module setup * *************/ int sh_utmp_set_login_solo (const char * c) { int retval; char tmp[32]; SL_ENTER(_("sh_utmp_set_login_solo")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, c, 32); SH_MUTEX_LOCK(mutex_thread_nolog); retval = sh_error_set_level (tmp, &ShUtmpLoginSolo); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN(retval, _("sh_utmp_set_login_solo")); } int sh_utmp_set_login_multi (const char * c) { int retval; char tmp[32]; SL_ENTER(_("sh_utmp_set_login_multi")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, c, 32); SH_MUTEX_LOCK(mutex_thread_nolog); retval = sh_error_set_level (tmp, &ShUtmpLoginMulti); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN(retval, _("sh_utmp_set_login_multi")); } int sh_utmp_set_logout_good (const char * c) { int retval; char tmp[32]; SL_ENTER(_("sh_utmp_set_logout_good")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, c, 32); SH_MUTEX_LOCK(mutex_thread_nolog); retval = sh_error_set_level (tmp, &ShUtmpLogout); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN(retval, _("sh_utmp_set_logout_good")); } int sh_utmp_set_login_timer (const char * c) { long val; SL_ENTER(_("sh_utmp_set_login_timer")); val = strtol (c, (char **)NULL, 10); if (val <= 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("utmp timer"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN((-1), _("sh_utmp_set_login_timer")); } ShUtmpInterval = (time_t) val; SL_RETURN(0, _("sh_utmp_set_login_timer")); } int sh_utmp_set_login_activate (const char * c) { int i; SL_ENTER(_("sh_utmp_set_login_activate")); i = sh_util_flagval(c, &ShUtmpActive); SL_RETURN(i, _("sh_utmp_set_login_activate")); } #ifdef HAVE_UTTYPE struct login_ct { char name[UT_NAMESIZE+1]; int nlogin; struct login_ct * next; }; static struct login_ct * login_ct_list = NULL; static int sh_utmp_login_clean(void) { struct login_ct * list = login_ct_list; struct login_ct * old; login_ct_list = NULL; while (list) { old = list; list = list->next; SH_FREE(old); } return 0; } /* add a username to the list of logged-in users */ static int sh_utmp_login_a(char * str) { struct login_ct * list = login_ct_list; while (list) { if (0 == sl_strcmp(list->name, str)) { ++(list->nlogin); return list->nlogin; } list = list->next; } list = SH_ALLOC(sizeof(struct login_ct)); (void) sl_strlcpy(list->name, str, UT_NAMESIZE+1); list->nlogin = 1; list->next = login_ct_list; login_ct_list = list; return 1; } static int sh_utmp_login_r(char * str) { struct login_ct * list = login_ct_list; struct login_ct * old = login_ct_list; while (list) { if (0 == sl_strcmp(list->name, str)) { list->nlogin -= 1; if (list->nlogin > 0) { return list->nlogin; } if (login_ct_list == list) /* modified Apr 4, 2004 */ { login_ct_list = list->next; SH_FREE(list); } else { old->next = list->next; SH_FREE(list); } return 0; } old = list; list = list->next; } return 0; } #endif /* for each login: * - allocate a log record * - link device.ut_record -> log_record * - link user.ut_record -> log_record */ #ifdef HAVE_UTTYPE static int sh_utmp_is_virtual (char * in_utline, char * in_uthost) { if (in_uthost != NULL && in_utline != NULL && in_uthost[0] == ':' && in_uthost[1] == '0' && 0 == sl_strncmp(in_utline, _("pts/"), 4)) { return 1; } return 0; } #endif /* These variables are not used anywhere. They only exist * to assign &userold, &user to them, which keeps gcc from * putting them into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_userold = NULL; static void * sh_dummy_user = NULL; static void sh_utmp_addlogin (struct SH_UTMP_S * ut) { struct log_user * user = userlist; struct log_user * userold = userlist; #ifdef HAVE_UTTYPE struct log_user * username = userlist; #endif char ttt[TIM_MAX]; #ifdef HAVE_UTTYPE volatile int status; #endif SL_ENTER(_("sh_utmp_addlogin")); if (ut->ut_line[0] == '\0') SL_RET0(_("sh_utmp_addlogin")); /* for some stupid reason, AIX repeats the wtmp entry for logouts * with ssh */ if (memcmp (&save_utmp, ut, sizeof(struct SH_UTMP_S)) == 0) { memset(&save_utmp, (int) '\0', sizeof(struct SH_UTMP_S)); SL_RET0(_("sh_utmp_addlogin")); } memcpy (&save_utmp, ut, sizeof(struct SH_UTMP_S)); /* Take the address to keep gcc from putting them into registers. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_userold = (void*) &userold; sh_dummy_user = (void*) &user; /* ------- find user -------- */ while (user != NULL) { if (0 == sl_strncmp((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE) ) break; userold = user; user = user->next; } #ifdef HAVE_UTTYPE while (username != NULL) { if (0 == sl_strncmp(username->name, ut->ut_name, UT_NAMESIZE) ) break; username = username->next; } #endif #ifdef HAVE_UTTYPE /* ---------- LOGIN -------------- */ if (ut->ut_type == USER_PROCESS) { if (user == NULL) { user = SH_ALLOC(sizeof(struct log_user)); user->next = userlist; userlist = (struct log_user *) user; } (void) sl_strlcpy((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE+1); (void) sl_strlcpy((char*)(user->name), ut->ut_name, UT_NAMESIZE+1); #ifdef HAVE_UTHOST (void) sl_strlcpy((char*)(user->ut_host), ut->ut_host, UT_HOSTSIZE+1); #else user->ut_host[0] = '\0'; #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); #else my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); #endif #endif user->time = ut->ut_time; if (username == NULL /* not yet logged in */ || 0 == sl_strncmp(ut->ut_line, _("ttyp"), 4) /* in virt. console */ || 0 == sl_strncmp(ut->ut_line, _("ttyq"), 4) /* in virt. console */ ) { status = sh_utmp_login_a((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG1X, #elif defined(HAVE_UTHOST) MSG_UT_LG1A, #else MSG_UT_LG1B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } else if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) { status = sh_utmp_login_a((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginMulti, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG2X, #elif defined(HAVE_UTHOST) MSG_UT_LG2A, #else MSG_UT_LG2B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } sh_utmp_login_morechecks(ut); goto out; } /* --------- LOGOUT ---------------- */ else if (ut->ut_name[0] == '\0' || ut->ut_type == DEAD_PROCESS /* solaris does not clear ut_name */ ) { if (user != NULL) { #if defined(__linux__) if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) { #endif status = sh_utmp_login_r((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG3X, #elif defined(HAVE_UTHOST) MSG_UT_LG3A, #else MSG_UT_LG3B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); userold->next = user->next; if (user == userlist) userlist = user->next; sh_utmp_logout_morechecks((struct log_user *)user); SH_FREE((struct log_user *)user); user = NULL; #if defined(__linux__) } #endif } else { (void) sl_strlcpy(terminated_line, ut->ut_line, UT_HOSTSIZE); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, MSG_UT_LG3C, terminated_line, ttt, 0 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } goto out; } /* default */ goto out; /* #ifdef HAVE_UTTYPE */ #else if (user == NULL) /* probably a login */ { user = SH_ALLOC(sizeof(struct log_user)); sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); #ifdef HAVE_UTHOST sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); #else my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); #endif #endif user->time = ut->ut_time; user->next = userlist; userlist = user; SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG1X, #elif defined(HAVE_UTHOST) MSG_UT_LG1A, #else MSG_UT_LG1B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, 1 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_login_morechecks(ut); } else /* probably a logout */ { SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG2X, #elif defined(HAVE_UTHOST) MSG_UT_LG2A, #else MSG_UT_LG2B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, 1 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_logout_morechecks(user); userold->next = user->next; if (user == userlist) /* inserted Apr 4, 2004 */ userlist = user->next; SH_FREE(user); user = NULL; } #endif out: sh_dummy_user = NULL; sh_dummy_userold = NULL; SL_RET0(_("sh_utmp_addlogin")); } static time_t lastmod = 0; static off_t lastsize = 0; static unsigned long lastread = 0; static void sh_utmp_check_internal (int mode) { struct stat buf; int error; struct SH_UTMP_S * ut; unsigned long this_read; int val_retry; SL_ENTER(_("sh_utmp_check_internal")); /* error if no access */ do { val_retry = /*@-unrecog@*/lstat ( mode_path[mode], &buf)/*@+unrecog@*/; } while (val_retry < 0 && errno == EINTR); if (0 != val_retry) { error = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, error, MSG_E_ACCESS, (long) sh.real.uid, mode_path[mode]); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RET0(_("sh_utmp_check_internal")); } /* modification time */ if (mode < 2) { if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) { SL_RET0(_("sh_utmp_check_internal")); } else lastmod = buf.st_mtime; } /* file size */ if (/*@-usedef@*/buf.st_size < lastsize/*@+usedef@*/ && mode < 2) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_UT_ROT, mode_path[mode]); SH_MUTEX_UNLOCK(mutex_thread_nolog); lastread = 0; #ifndef USE_SETUTENT sh_utmp_feed_forward = 0L; #endif } if (mode < 2) lastsize = buf.st_size; if (buf.st_size == 0) SL_RET0(_("sh_utmp_check_internal")); sh_utmp_utmpname(mode_path[mode]); sh_utmp_setutent(); /* * feed forward if initializing * we need to do this here */ this_read = 0; if (mode < 2) { while (this_read < lastread) { (void) sh_utmp_getutent(); ++this_read; } } /* start reading */ this_read = 0; while (1 == 1) { ut = sh_utmp_getutent(); if (ut == NULL) break; /* modified: ut_user --> ut_name */ if (mode == 1 || (mode == 2 && ut->ut_name[0] != '\0' #ifdef HAVE_UTTYPE && ut->ut_type != DEAD_PROCESS #endif )) sh_utmp_addlogin (ut); ++this_read; } sh_utmp_endutent(); if (mode < 2) { lastread += this_read; #ifndef USE_SETUTENT sh_utmp_feed_forward += (long) (this_read * sizeof(struct SH_UTMP_S)); lastread = 0; #endif } SL_RET0(_("sh_utmp_check_internal")); } extern void sh_ltrack_check(struct SH_UTMP_S * ut); static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut) { sh_ltrack_check(ut); return; } static void sh_utmp_logout_morechecks(struct log_user * user) { (void) user; return; } #endif /* #ifdef SH_USE_UTMP */ #endif samhain-3.1.0/src/exepack_fill.c0000644000175000017500000002121210232774202013432 00000000000000/* +++Date last modified: 05-Jul-1997 */ /* ** Case-sensitive Boyer-Moore-Horspool pattern match ** ** public domain by Raymond Gardner 7/92 ** ** limitation: pattern length + string length must be less than 32767 ** ** 10/21/93 rdg Fixed bug found by Jeff Dunlop ** ** limitation lifted Rainer Wichmann 07/2000 */ #include "config.h" #ifdef HAVE_BROKEN_INCLUDES #define _ANSI_C_SOURCE #define _POSIX_SOURCE #endif #include /* rdg 10/93 */ #include #include typedef unsigned char uchar; #define LARGE 2147483647 /* rw 7/2000 */ static long patlen; /* rw 7/2000 */ static long skip[UCHAR_MAX+1]; /* rw 7/2000 */ /* rdg 10/93 */ static long skip2; /* rw 7/2000 */ static uchar *pat; /* rw 7/2000 */ void bmh_init(const char *pattern) { long i, lastpatchar; pat = (uchar *)pattern; patlen = strlen(pattern); for (i = 0; i <= UCHAR_MAX; ++i) /* rdg 10/93 */ skip[i] = patlen; for (i = 0; i < patlen; ++i) skip[pat[i]] = patlen - i - 1; lastpatchar = pat[patlen - 1]; skip[lastpatchar] = LARGE; skip2 = patlen; /* Horspool's fixed second shift */ for (i = 0; i < patlen - 1; ++i) { if (pat[i] == lastpatchar) skip2 = patlen - i - 1; } } char * bmh_search(const char * string, const long stringlen) { long i, j; /* rw 7/2000 */ char *s; i = patlen - 1 - stringlen; if (i >= 0) return NULL; string += stringlen; for ( ;; ) { while ( (i += skip[((uchar *)string)[i]]) < 0 ) ; /* mighty fast inner loop */ if (i < (LARGE - stringlen)) return NULL; i -= LARGE; j = patlen - 1; s = (char *)string + (i - j); while (--j >= 0 && s[j] == pat[j]) ; if ( j < 0 ) /* rdg 10/93 */ return s; /* rdg 10/93 */ if ( (i += skip2) >= 0 ) /* rdg 10/93 */ return NULL; /* rdg 10/93 */ } } /* Everything below: Copyright 2000, Rainer Wichmann */ char * my_locate (const char * pattern, const char * data, const long datalen) { bmh_init (pattern); return (bmh_search (data, datalen) ); } #include #include #include #include #include "config.h" #include "minilzo.h" /* integer data type that is _exactly_ 32 bit */ #if defined(HAVE_INT_32) #define UINT32 unsigned int #elif defined(HAVE_LONG_32) #define UINT32 unsigned long #elif defined(HAVE_SHORT_32) #define UINT32 unsigned short #endif static UINT32 cstate[3], astate[3]; static UINT32 taus_get_long (UINT32 * state) { #define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) state[0] = TAUSWORTHE (state[0], 13, 19, 4294967294UL, 12); state[1] = TAUSWORTHE (state[1], 2, 25, 4294967288UL, 4); state[2] = TAUSWORTHE (state[2], 3, 11, 4294967280UL, 17); return (state[0] ^ state[1] ^ state[2]); } void taus_set_from_state (UINT32 * state, UINT32 * state0) { state[0] = state0[0] | (UINT32) 0x03; state[1] = state0[1] | (UINT32) 0x09; state[2] = state0[2] | (UINT32) 0x17; /* 'warm up' */ taus_get_long (state); taus_get_long (state); taus_get_long (state); taus_get_long (state); taus_get_long (state); taus_get_long (state); return; } int replaceData (char * data, long len, char * in, char * out, long size) { char * pos; int i; pos = my_locate (in, data, len); if (pos == NULL) return (-1); for (i = 0; i < size; ++i) { pos[i] = out[i]; } return 0; } /* Work-memory needed for compression. Allocate memory in units * of `long' (instead of `char') to make sure it is properly aligned. */ #define HEAP_ALLOC(var,size) long __LZO_MMODEL var [ ((size) + (sizeof(long) - 1)) / sizeof(long) ] static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); #include #include #include int main(int argc, char * argv[]) { FILE * fd; long clen; char * data; struct stat sbuf; char * ptest; unsigned long i; int status; unsigned long len = 0; unsigned long have = 0; /* For compression. */ lzo_byte * inbuf; lzo_byte * outbuf; int r; lzo_uint in_len; lzo_uint out_len; UINT32 len_raw; UINT32 len_cmp; astate[0] = EXEPACK_STATE_0; astate[1] = EXEPACK_STATE_1; astate[2] = EXEPACK_STATE_2; if (argc < 4) { fprintf(stderr, "Usage: exepack_fill \n"); exit (EXIT_FAILURE); } if (0 != stat (argv[1], &sbuf)) { fprintf(stderr, "exepack_fill: could not access file %s\n", argv[1]); return (-1); } clen = sbuf.st_size; data = (char *) malloc (clen * sizeof(char)); if (data == NULL) return (-1); fd = fopen (argv[1], "r"); if (fd == NULL) return (-1); fread (data, 1, clen, fd); fclose (fd); /******************* * * THE DATA * *******************/ if (stat (argv[2], &sbuf) < 0) { perror ("exepack_fill"); exit (EXIT_FAILURE); } len = (unsigned long) sbuf.st_size; /* Because the input block may be incompressible, * we must provide a little more output space in case that compression * is not possible. */ inbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * len); outbuf = (lzo_byte *) malloc (sizeof(lzo_byte) * (len + len / 64 + 16 + 3)); in_len = len; if (NULL == inbuf || NULL == outbuf) { fprintf(stderr, "exepack_fill: Out of memory."); exit (EXIT_FAILURE); } if (NULL == (fd = fopen(argv[2], "r"))) { perror ("exepack_fill"); exit (EXIT_FAILURE); } have = fread (inbuf, 1, len, fd); fclose (fd); if (have != len) { fprintf (stderr, "exepack_mkdata: Error reading %s", argv[2]); exit (EXIT_FAILURE); } /* * Step 1: initialize the LZO library */ if (lzo_init() != LZO_E_OK) { fprintf(stderr, "exepack_fill: lzo_init() failed\n"); return 3; } /* * Step 3: compress from `in' to `out' with LZO1X-1 */ r = lzo1x_1_compress(inbuf, in_len, outbuf, &out_len, wrkmem); if (r == LZO_E_OK) printf("exepack_fill: compressed %lu bytes into %lu bytes\n", (long) in_len, (long) out_len); else { /* this should NEVER happen */ printf("exepack_fill: internal error - compression failed: %d\n", r); return 2; } /* check for an incompressible block */ if (out_len >= in_len) { printf("exepack_fill: Incompressible data.\n"); } taus_set_from_state (cstate, astate); for (i = 0; i < out_len; ++i) { outbuf[i] ^= (taus_get_long (cstate) & 0xff); } len_raw = in_len; len_cmp = out_len; if ( (unsigned long) len_cmp > (unsigned long) clen) { printf("exepack_fill: Compressed length (%ld) exceeds container length (%ld).\n", (long) len_cmp, (long) clen); return (8); } /*********** * * Fill program * **********/ status = replaceData (data, clen, "LLLL", (char *) &len_raw, sizeof(UINT32)); if (status < 0) { printf("exepack_fill: Could not write raw lenght %d.\n", len_raw); return (8); } status = replaceData (data, clen, "CCCC", (char *) &len_cmp, sizeof(UINT32)); if (status < 0) { printf("exepack_fill: Could not write compressed lenght %d.\n", len_cmp); return (8); } status = replaceData (data, clen, "CONTAINER", outbuf, out_len); if (status < 0) { printf("exepack_fill: Could not write program data.\n"); return (8); } /*********** * * Write program * **********/ if ( NULL == (fd = fopen(argv[3], "w" ))) { perror ("exepack_fill"); exit (EXIT_FAILURE); } fwrite (data, 1, clen, fd); fclose (fd); ptest = my_locate("LLLL", data, clen); if (ptest != NULL) { printf("exepack_fill: ERROR: program length not updated.\n"); return (8); } ptest = my_locate("CCCC", data, clen); if (ptest != NULL) { printf("exepack_fill: ERROR: compressed program length not updated.\n"); return (8); } ptest = my_locate("CONTAINER", data, clen); if (ptest != NULL) { printf("exepack_fill: ERROR: program data not updated.\n"); return (8); } return 0; } samhain-3.1.0/src/sh_static.c0000644000175000017500000014023012117613030012762 00000000000000/* Copyright (C) 2003 Manuel Novoa III * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library General Public License for more details. * * You should have received a copy of the GNU Library General Public * License along with this library; if not, write to the Free * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* Nov 6, 2003 Initial version. * * NOTE: This implementation is quite strict about requiring all * field seperators. It also does not allow leading whitespace * except when processing the numeric fields. glibc is more * lenient. See the various glibc difference comments below. * * TODO: * Move to dynamic allocation of (currently staticly allocated) * buffers; especially for the group-related functions since * large group member lists will cause error returns. * */ /* Jul 20, 2004 Adapted for samhain. Rainer Wichmann. * * Stripped all unneeded code. */ #include "config_xor.h" #if defined(SH_COMPILE_STATIC) && defined(__linux__) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "sh_pthread.h" extern int sl_close_fd (const char * file, int line, int fd); extern int sl_fclose (const char * file, int line, FILE * fp); #ifndef _PATH_PASSWD #define _PATH_PASSWD "/etc/passwd" #endif #ifndef _PATH_GROUP #define _PATH_GROUP "/etc/group" #endif #undef FIL__ #define FIL__ _("sh_static.c") extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); /**********************************************************************/ /* Sizes for staticly allocated buffers. */ #define PWD_BUFFER_SIZE 256 #define GRP_BUFFER_SIZE 3584 #define GRP_BUFFER_SIZE_MALLOC 32768 /**********************************************************************/ /* Prototypes for internal functions. */ static int __parsepwent(void *pw, char *line); static int __parsegrent(void *gr, char *line); static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, char *__restrict line_buff, size_t buflen, FILE *f); #undef GETXXKEY_R_FUNC #undef GETXXKEY_R_PARSER #undef GETXXKEY_R_ENTTYPE #undef GETXXKEY_R_TEST #undef DO_GETXXKEY_R_KEYTYPE #undef DO_GETXXKEY_R_PATHNAME #define GETXXKEY_R_FUNC sh_getpwnam_r #define GETXXKEY_R_PARSER __parsepwent #define GETXXKEY_R_ENTTYPE struct passwd #define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->pw_name, key)) #define DO_GETXXKEY_R_KEYTYPE const char *__restrict #define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, GETXXKEY_R_ENTTYPE *__restrict resultbuf, char *__restrict buffer, size_t buflen, GETXXKEY_R_ENTTYPE **__restrict result) { FILE *stream; int rv; *result = NULL; if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { rv = errno; } else { /* __STDIO_SET_USER_LOCKING(stream); */ do { if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, buffer, buflen, stream)) ) { if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ *result = resultbuf; break; } } else { if (rv == ENOENT) { /* end-of-file encountered. */ rv = 0; } break; } } while (1); sl_fclose(FIL__, __LINE__, stream); } return rv; } #undef GETXXKEY_R_FUNC #undef GETXXKEY_R_PARSER #undef GETXXKEY_R_ENTTYPE #undef GETXXKEY_R_TEST #undef DO_GETXXKEY_R_KEYTYPE #undef DO_GETXXKEY_R_PATHNAME #define GETXXKEY_R_FUNC sh_getgrnam_r #define GETXXKEY_R_PARSER __parsegrent #define GETXXKEY_R_ENTTYPE struct group #define GETXXKEY_R_TEST(ENT) (!strcmp((ENT)->gr_name, key)) #define DO_GETXXKEY_R_KEYTYPE const char *__restrict #define DO_GETXXKEY_R_PATHNAME _PATH_GROUP int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, GETXXKEY_R_ENTTYPE *__restrict resultbuf, char *__restrict buffer, size_t buflen, GETXXKEY_R_ENTTYPE **__restrict result) { FILE *stream; int rv; *result = NULL; if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { rv = errno; } else { /* __STDIO_SET_USER_LOCKING(stream); */ do { if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, buffer, buflen, stream)) ) { if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ *result = resultbuf; break; } } else { if (rv == ENOENT) { /* end-of-file encountered. */ rv = 0; } break; } } while (1); sl_fclose(FIL__, __LINE__, stream); } return rv; } #undef GETXXKEY_R_FUNC #undef GETXXKEY_R_PARSER #undef GETXXKEY_R_ENTTYPE #undef GETXXKEY_R_TEST #undef DO_GETXXKEY_R_KEYTYPE #undef DO_GETXXKEY_R_PATHNAME #define GETXXKEY_R_FUNC sh_getpwuid_r #define GETXXKEY_R_PARSER __parsepwent #define GETXXKEY_R_ENTTYPE struct passwd #define GETXXKEY_R_TEST(ENT) ((ENT)->pw_uid == key) #define DO_GETXXKEY_R_KEYTYPE uid_t #define DO_GETXXKEY_R_PATHNAME _PATH_PASSWD int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, GETXXKEY_R_ENTTYPE *__restrict resultbuf, char *__restrict buffer, size_t buflen, GETXXKEY_R_ENTTYPE **__restrict result) { FILE *stream; int rv; *result = NULL; if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { rv = errno; } else { /* __STDIO_SET_USER_LOCKING(stream); */ do { if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, buffer, buflen, stream)) ) { if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ *result = resultbuf; break; } } else { if (rv == ENOENT) { /* end-of-file encountered. */ rv = 0; } break; } } while (1); sl_fclose(FIL__, __LINE__, stream); } return rv; } #undef GETXXKEY_R_FUNC #undef GETXXKEY_R_PARSER #undef GETXXKEY_R_ENTTYPE #undef GETXXKEY_R_TEST #undef DO_GETXXKEY_R_KEYTYPE #undef DO_GETXXKEY_R_PATHNAME #define GETXXKEY_R_FUNC sh_getgrgid_r #define GETXXKEY_R_PARSER __parsegrent #define GETXXKEY_R_ENTTYPE struct group #define GETXXKEY_R_TEST(ENT) ((ENT)->gr_gid == key) #define DO_GETXXKEY_R_KEYTYPE gid_t #define DO_GETXXKEY_R_PATHNAME _PATH_GROUP int GETXXKEY_R_FUNC(DO_GETXXKEY_R_KEYTYPE key, GETXXKEY_R_ENTTYPE *__restrict resultbuf, char *__restrict buffer, size_t buflen, GETXXKEY_R_ENTTYPE **__restrict result) { FILE *stream; int rv; *result = NULL; if (!(stream = fopen(DO_GETXXKEY_R_PATHNAME, "r"))) { rv = errno; } else { /* __STDIO_SET_USER_LOCKING(stream); */ do { if (!(rv = __pgsreader(GETXXKEY_R_PARSER, resultbuf, buffer, buflen, stream)) ) { if (GETXXKEY_R_TEST(resultbuf)) { /* Found key? */ *result = resultbuf; break; } } else { if (rv == ENOENT) { /* end-of-file encountered. */ rv = 0; } break; } } while (1); sl_fclose(FIL__, __LINE__, stream); } return rv; } struct passwd * sh_getpwuid(uid_t uid) { static char buffer[PWD_BUFFER_SIZE]; static struct passwd resultbuf; struct passwd *result; sh_getpwuid_r(uid, &resultbuf, buffer, sizeof(buffer), &result); return result; } struct passwd * getpwuid(uid_t uid) { return sh_getpwuid(uid); } struct group * sh_getgrgid(gid_t gid) { static char buffer[GRP_BUFFER_SIZE]; static struct group resultbuf; struct group *result; sh_getgrgid_r(gid, &resultbuf, buffer, sizeof(buffer), &result); return result; } struct group * getgrgid(gid_t gid) { return sh_getgrgid(gid); } struct passwd * sh_getpwnam(const char *name) { static char buffer[PWD_BUFFER_SIZE]; static struct passwd resultbuf; struct passwd *result; sh_getpwnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); return result; } struct group * sh_getgrnam(const char *name) { static char buffer[GRP_BUFFER_SIZE]; static struct group resultbuf; struct group *result; sh_getgrnam_r(name, &resultbuf, buffer, sizeof(buffer), &result); return result; } SH_MUTEX_STATIC(pwf_lock, PTHREAD_MUTEX_INITIALIZER); static FILE *pwf = NULL; void sh_setpwent(void) { SH_MUTEX_LOCK(pwf_lock); if (pwf) { rewind(pwf); } SH_MUTEX_UNLOCK(pwf_lock); } void sh_endpwent(void) { SH_MUTEX_LOCK(pwf_lock); if (pwf) { sl_fclose(FIL__, __LINE__, pwf); pwf = NULL; } SH_MUTEX_UNLOCK(pwf_lock); } static int sh_getpwent_r(struct passwd *__restrict resultbuf, char *__restrict buffer, size_t buflen, struct passwd **__restrict result) { int rv; SH_MUTEX_LOCK(pwf_lock); *result = NULL; /* In case of error... */ if (!pwf) { if (!(pwf = fopen(_PATH_PASSWD, "r"))) { rv = errno; goto ERR; } /* __STDIO_SET_USER_LOCKING(pwf); */ } if (!(rv = __pgsreader(__parsepwent, resultbuf, buffer, buflen, pwf))) { *result = resultbuf; } ERR: ; /* 'label at end of compound statement' */ SH_MUTEX_UNLOCK(pwf_lock); return rv; } SH_MUTEX_STATIC(grf_lock, PTHREAD_MUTEX_INITIALIZER); static FILE *grf = NULL; void sh_setgrent(void) { SH_MUTEX_LOCK(grf_lock); if (grf) { rewind(grf); } SH_MUTEX_UNLOCK(grf_lock); } void sh_endgrent(void) { SH_MUTEX_LOCK(grf_lock); if (grf) { sl_fclose(FIL__, __LINE__, grf); grf = NULL; } SH_MUTEX_UNLOCK(grf_lock); } static int sh_getgrent_r(struct group *__restrict resultbuf, char *__restrict buffer, size_t buflen, struct group **__restrict result) { int rv; SH_MUTEX_LOCK(grf_lock); *result = NULL; /* In case of error... */ if (!grf) { if (!(grf = fopen(_PATH_GROUP, "r"))) { rv = errno; goto ERR; } /* __STDIO_SET_USER_LOCKING(grf); */ } if (!(rv = __pgsreader(__parsegrent, resultbuf, buffer, buflen, grf))) { *result = resultbuf; } ERR: ; /* 'label at end of compound statement' */ SH_MUTEX_UNLOCK(grf_lock); return rv; } struct passwd * sh_getpwent(void) { static char line_buff[PWD_BUFFER_SIZE]; static struct passwd pwd; struct passwd *result; sh_getpwent_r(&pwd, line_buff, sizeof(line_buff), &result); return result; } struct group * sh_getgrent(void) { static char line_buff[GRP_BUFFER_SIZE]; static struct group gr; struct group *result; sh_getgrent_r(&gr, line_buff, sizeof(line_buff), &result); return result; } int sh_initgroups(const char *user, gid_t gid) { FILE *grf; gid_t *group_list; int num_groups, rv; char **m; struct group group; char * buff = malloc(GRP_BUFFER_SIZE_MALLOC); rv = -1; /* We alloc space for 8 gids at a time. */ if (((group_list = (gid_t *) malloc(8*sizeof(gid_t *))) != NULL) && ((grf = fopen(_PATH_GROUP, "r")) != NULL) ) { /* __STDIO_SET_USER_LOCKING(grf); */ *group_list = gid; num_groups = 1; while (!__pgsreader(__parsegrent, &group, buff, GRP_BUFFER_SIZE_MALLOC, grf)) { assert(group.gr_mem); /* Must have at least a NULL terminator. */ if (group.gr_gid != gid) { for (m=group.gr_mem ; *m ; m++) { if (!strcmp(*m, user)) { if (!(num_groups & 7)) { gid_t *tmp = (gid_t *) realloc(group_list, (num_groups+8) * sizeof(gid_t *)); if (!tmp) { rv = -1; goto DO_CLOSE; } group_list = tmp; } group_list[num_groups++] = group.gr_gid; break; } } } } rv = setgroups(num_groups, group_list); DO_CLOSE: sl_fclose(FIL__, __LINE__, grf); } /* group_list will be NULL if initial malloc failed, which may trigger * warnings from various malloc debuggers. */ free(group_list); free(buff); return rv; } /**********************************************************************/ /* Internal uClibc functions. */ /**********************************************************************/ static const unsigned char pw_off[] = { offsetof(struct passwd, pw_name), /* 0 */ offsetof(struct passwd, pw_passwd), /* 1 */ offsetof(struct passwd, pw_uid), /* 2 - not a char ptr */ offsetof(struct passwd, pw_gid), /* 3 - not a char ptr */ offsetof(struct passwd, pw_gecos), /* 4 */ offsetof(struct passwd, pw_dir), /* 5 */ offsetof(struct passwd, pw_shell) /* 6 */ }; static int __parsepwent(void *data, char *line) { char *endptr; char *p; int i; i = 0; do { p = ((char *) ((struct passwd *) data)) + pw_off[i]; if ((i & 6) ^ 2) { /* i!=2 and i!=3 */ *((char **) p) = line; if (i==6) { return 0; } /* NOTE: glibc difference - glibc allows omission of * ':' seperators after the gid field if all remaining * entries are empty. We require all separators. */ if (!(line = strchr(line, ':'))) { break; } } else { unsigned long t = strtoul(line, &endptr, 10); /* Make sure we had at least one digit, and that the * failing char is the next field seperator ':'. See * glibc difference note above. */ /* TODO: Also check for leading whitespace? */ if ((endptr == line) || (*endptr != ':')) { break; } line = endptr; if (i & 1) { /* i == 3 -- gid */ *((gid_t *) p) = t; } else { /* i == 2 -- uid */ *((uid_t *) p) = t; } } *line++ = 0; ++i; } while (1); return -1; } static const unsigned char gr_off[] = { offsetof(struct group, gr_name), /* 0 */ offsetof(struct group, gr_passwd), /* 1 */ offsetof(struct group, gr_gid) /* 2 - not a char ptr */ }; static int __parsegrent(void *data, char *line) { char *endptr; char *p; int i; char **members; char *end_of_buf; end_of_buf = ((struct group *) data)->gr_name; /* Evil hack! */ i = 0; do { p = ((char *) ((struct group *) data)) + gr_off[i]; if (i < 2) { *((char **) p) = line; if (!(line = strchr(line, ':'))) { break; } *line++ = 0; ++i; } else { *((gid_t *) p) = strtoul(line, &endptr, 10); /* NOTE: glibc difference - glibc allows omission of the * trailing colon when there is no member list. We treat * this as an error. */ /* Make sure we had at least one digit, and that the * failing char is the next field seperator ':'. See * glibc difference note above. */ if ((endptr == line) || (*endptr != ':')) { break; } i = 1; /* Count terminating NULL ptr. */ p = endptr; if (p[1]) { /* We have a member list to process. */ /* Overwrite the last ':' with a ',' before counting. * This allows us to test for initial ',' and adds * one ',' so that the ',' count equals the member * count. */ *p = ','; do { /* NOTE: glibc difference - glibc allows and trims leading * (but not trailing) space. We treat this as an error. */ /* NOTE: glibc difference - glibc allows consecutive and * trailing commas, and ignores "empty string" users. We * treat this as an error. */ if (*p == ',') { ++i; *p = 0; /* nul-terminate each member string. */ if (!*++p || (*p == ',') || isspace(*p)) { goto ERR; } } } while (*++p); } /* Now align (p+1), rounding up. */ /* Assumes sizeof(char **) is a power of 2. */ members = (char **)( (((intptr_t) p) + sizeof(char **)) & ~((intptr_t)(sizeof(char **) - 1)) ); if (((char *)(members + i)) > end_of_buf) { /* No space. */ break; } ((struct group *) data)->gr_mem = members; if (--i) { p = endptr; /* Pointing to char prior to first member. */ do { *members++ = ++p; if (!--i) break; while (*++p) {} } while (1); } *members = NULL; return 0; } } while (1); ERR: return -1; } /* Reads until if EOF, or until if finds a line which fits in the buffer * and for which the parser function succeeds. * * Returns 0 on success and ENOENT for end-of-file (glibc concession). */ static int __pgsreader(int (*__parserfunc)(void *d, char *line), void *data, char *__restrict line_buff, size_t buflen, FILE *f) { size_t line_len; /* int -> size_t R.W. */ int skip; int rv = ERANGE; if (buflen < PWD_BUFFER_SIZE) { errno = rv; } else { /* __STDIO_THREADLOCK(f); */ skip = 0; do { if (!fgets(line_buff, buflen, f)) { if (feof(f)) { rv = ENOENT; } break; } line_len = strlen(line_buff) - 1; /* strlen() must be > 0. */ if (line_buff[line_len] == '\n') { line_buff[line_len] = 0; } else if (line_len + 2 == buflen) { /* line too long */ rv = ERANGE; break; /* ++skip; continue; */ } if (skip) { --skip; continue; } /* NOTE: glibc difference - glibc strips leading whitespace from * records. We do not allow leading whitespace. */ /* Skip empty lines, comment lines, and lines with leading * whitespace. */ if (*line_buff && (*line_buff != '#') && !isspace(*line_buff)) { if (__parserfunc == __parsegrent) { /* Do evil group hack. */ /* The group entry parsing function needs to know where * the end of the buffer is so that it can construct the * group member ptr table. */ ((struct group *) data)->gr_name = line_buff + buflen; } if (!__parserfunc(data, line_buff)) { rv = 0; break; } } } while (1); /* __STDIO_THREADUNLOCK(f); */ } return rv; } /* resolv.c: DNS Resolver * * Copyright (C) 1998 Kenneth Albanowski , * The Silver Hammer Group, Ltd. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Library General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. */ /* * Portions Copyright (c) 1985, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Portions Copyright (c) 1993 by Digital Equipment Corporation. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ /* * Portions Copyright (c) 1996-1999 by Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ /* * * 5-Oct-2000 W. Greathouse wgreathouse@smva.com * Fix memory leak and memory corruption. * -- Every name resolution resulted in * a new parse of resolv.conf and new * copy of nameservers allocated by * strdup. * -- Every name resolution resulted in * a new read of resolv.conf without * resetting index from prior read... * resulting in exceeding array bounds. * * Limit nameservers read from resolv.conf * * Add "search" domains from resolv.conf * * Some systems will return a security * signature along with query answer for * dynamic DNS entries. * -- skip/ignore this answer * * Include arpa/nameser.h for defines. * * General cleanup * * 20-Jun-2001 Michal Moskal * partial IPv6 support (i.e. gethostbyname2() and resolve_address2() * functions added), IPv6 nameservers are also supported. * * 6-Oct-2001 Jari Korva * more IPv6 support (IPv6 support for gethostbyaddr(); * address family parameter and improved IPv6 support for get_hosts_byname * and read_etc_hosts; getnameinfo() port from glibc; defined * defined ip6addr_any and in6addr_loopback) * * 2-Feb-2002 Erik Andersen * Added gethostent(), sethostent(), and endhostent() * * 17-Aug-2002 Manuel Novoa III * Fixed __read_etc_hosts_r to return alias list, and modified buffer * allocation accordingly. See MAX_ALIASES and ALIAS_DIM below. * This fixes the segfault in the Python 2.2.1 socket test. * * 04-Jan-2003 Jay Kulpinski * Fixed __decode_dotted to count the terminating null character * in a host name. * * 02-Oct-2003 Tony J. White * Lifted dn_expand() and dependent ns_name_uncompress(), ns_name_unpack(), * and ns_name_ntop() from glibc 2.3.2 for compatibility with ipsec-tools * and openldap. * */ #include #include #include /* sl_close_fd(FIL__, __LINE__, ) */ #include /* 'struct hostent' */ #include /* constanst like HFIXEDSZ */ #include SH_MUTEX_STATIC(resolv_lock, PTHREAD_MUTEX_INITIALIZER); #define __UCLIBC_HAS_IPV6__ #define MAX_RECURSE 5 #define REPLY_TIMEOUT 10 #define MAX_RETRIES 3 #define MAX_SERVERS 3 #define MAX_SEARCH 4 #define MAX_ALIASES 5 /* 1:ip + 1:full + MAX_ALIASES:aliases + 1:NULL */ #define ALIAS_DIM (2 + MAX_ALIASES + 1) static int __nameservers; static char * __nameserver[MAX_SERVERS]; static int __searchdomains; static char * __searchdomain[MAX_SEARCH]; #undef DEBUG /*#define DEBUG*/ #ifdef DEBUG /* flawfinder: ignore *//* definition of debug macro */ #define DPRINTF(X,args...) fprintf(stderr, X, ##args) #else #define DPRINTF(X,args...) #endif /* DEBUG */ struct resolv_header { int id; int qr,opcode,aa,tc,rd,ra,rcode; int qdcount; int ancount; int nscount; int arcount; }; struct resolv_question { char * dotted; int qtype; int qclass; }; struct resolv_answer { char * dotted; int atype; int aclass; int ttl; int rdlength; unsigned char * rdata; int rdoffset; }; enum etc_hosts_action { GET_HOSTS_BYNAME = 0, GETHOSTENT, GET_HOSTS_BYADDR, }; static int __encode_header(struct resolv_header *h, unsigned char *dest, int maxlen) { if (maxlen < HFIXEDSZ) return -1; dest[0] = (h->id & 0xff00) >> 8; dest[1] = (h->id & 0x00ff) >> 0; dest[2] = (h->qr ? 0x80 : 0) | ((h->opcode & 0x0f) << 3) | (h->aa ? 0x04 : 0) | (h->tc ? 0x02 : 0) | (h->rd ? 0x01 : 0); dest[3] = (h->ra ? 0x80 : 0) | (h->rcode & 0x0f); dest[4] = (h->qdcount & 0xff00) >> 8; dest[5] = (h->qdcount & 0x00ff) >> 0; dest[6] = (h->ancount & 0xff00) >> 8; dest[7] = (h->ancount & 0x00ff) >> 0; dest[8] = (h->nscount & 0xff00) >> 8; dest[9] = (h->nscount & 0x00ff) >> 0; dest[10] = (h->arcount & 0xff00) >> 8; dest[11] = (h->arcount & 0x00ff) >> 0; return HFIXEDSZ; } static int __decode_header(unsigned char *data, struct resolv_header *h) { h->id = (data[0] << 8) | data[1]; h->qr = (data[2] & 0x80) ? 1 : 0; h->opcode = (data[2] >> 3) & 0x0f; h->aa = (data[2] & 0x04) ? 1 : 0; h->tc = (data[2] & 0x02) ? 1 : 0; h->rd = (data[2] & 0x01) ? 1 : 0; h->ra = (data[3] & 0x80) ? 1 : 0; h->rcode = data[3] & 0x0f; h->qdcount = (data[4] << 8) | data[5]; h->ancount = (data[6] << 8) | data[7]; h->nscount = (data[8] << 8) | data[9]; h->arcount = (data[10] << 8) | data[11]; return HFIXEDSZ; } static int __length_dotted(const unsigned char *data, int offset) { int orig_offset = offset; int l; if (!data) return -1; while ((l = data[offset++])) { if ((l & 0xc0) == (0xc0)) { offset++; break; } offset += l; } return offset - orig_offset; } static int __length_question(unsigned char *message, int offset) { int i; i = __length_dotted(message, offset); if (i < 0) return i; return i + 4; } /* Decode a dotted string from nameserver transport-level encoding. This routine understands compressed data. */ static int __decode_dotted(const unsigned char *data, int offset, char *dest, int maxlen) { int l; int measure = 1; int total = 0; int used = 0; if (!data) return -1; while ((l=data[offset++])) { if (measure) total++; if ((l & 0xc0) == (0xc0)) { if (measure) total++; /* compressed item, redirect */ offset = ((l & 0x3f) << 8) | data[offset]; measure = 0; continue; } if ((used + l + 1) >= maxlen) return -1; memcpy(dest + used, data + offset, l); offset += l; used += l; if (measure) total += l; if (data[offset] != 0) dest[used++] = '.'; else dest[used++] = '\0'; } /* The null byte must be counted too */ if (measure) { total++; } DPRINTF("Total decode len = %d\n", total); return total; } static int __decode_answer(unsigned char *message, int offset, struct resolv_answer *a) { char temp[256]; int i; i = __decode_dotted(message, offset, temp, sizeof(temp)); if (i < 0) return i; message += offset + i; a->dotted = strdup(temp); a->atype = (message[0] << 8) | message[1]; message += 2; a->aclass = (message[0] << 8) | message[1]; message += 2; a->ttl = (message[0] << 24) | (message[1] << 16) | (message[2] << 8) | (message[3] << 0); message += 4; a->rdlength = (message[0] << 8) | message[1]; message += 2; a->rdata = message; a->rdoffset = offset + i + RRFIXEDSZ; DPRINTF("i=%d,rdlength=%d\n", i, a->rdlength); return i + RRFIXEDSZ + a->rdlength; } /* Encode a dotted string into nameserver transport-level encoding. This routine is fairly dumb, and doesn't attempt to compress the data */ static int __encode_dotted(const char *dotted, unsigned char *dest, int maxlen) { unsigned int used = 0; while (dotted && *dotted) { char *c = strchr(dotted, '.'); unsigned int l = c ? (unsigned int)(c - dotted) : strlen(dotted); if (l >= ((unsigned int)maxlen - used - 1)) return -1; dest[used++] = l; memcpy(dest + used, dotted, l); used += l; if (c) dotted = c + 1; else break; } if (maxlen < 1) return -1; dest[used++] = 0; return used; } static int __encode_question(struct resolv_question *q, unsigned char *dest, int maxlen) { int i; i = __encode_dotted(q->dotted, dest, maxlen); if (i < 0) return i; dest += i; maxlen -= i; if (maxlen < 4) return -1; dest[0] = (q->qtype & 0xff00) >> 8; dest[1] = (q->qtype & 0x00ff) >> 0; dest[2] = (q->qclass & 0xff00) >> 8; dest[3] = (q->qclass & 0x00ff) >> 0; return i + 4; } /* Just for the record, having to lock __dns_lookup() just for these two globals * is pretty lame. I think these two variables can probably be de-global-ized, * which should eliminate the need for doing locking here... Needs a closer * look anyways. */ static int ns=0, id=1; static int __dns_lookup(const char *name, int type, int nscount, char **nsip, unsigned char **outpacket, struct resolv_answer *a) { int i, j, len, fd, pos, rc; struct timeval tv; fd_set fds; struct resolv_header h; struct resolv_question q; int retries = 0; unsigned char * packet = malloc(PACKETSZ); char *dns, *lookup = malloc(MAXDNAME); int variant = 0; struct sockaddr_in sa; #ifdef __UCLIBC_HAS_IPV6__ int v6; struct sockaddr_in6 sa6; #endif fd = -1; if (!packet || !lookup || !nscount) goto fail; DPRINTF("Looking up type %d answer for '%s'\n", type, name); SH_MUTEX_LOCK_UNSAFE(resolv_lock); ns %= nscount; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); while (retries++ < MAX_RETRIES) { if (fd != -1) sl_close_fd(FIL__, __LINE__, fd); memset(packet, 0, PACKETSZ); memset(&h, 0, sizeof(h)); /* Mess with globals while under lock */ SH_MUTEX_LOCK_UNSAFE(resolv_lock); ++id; id &= 0xffff; h.id = id; dns = nsip[ns]; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); h.qdcount = 1; h.rd = 1; DPRINTF("encoding header\n", h.rd); i = __encode_header(&h, packet, PACKETSZ); if (i < 0) goto fail; sl_strlcpy(lookup,name,MAXDNAME); SH_MUTEX_LOCK_UNSAFE(resolv_lock); if (variant < __searchdomains && strchr(lookup, '.') == NULL) { sl_strlcat(lookup,".", MAXDNAME); sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); } SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); DPRINTF("lookup name: %s\n", lookup); q.dotted = (char *)lookup; q.qtype = type; q.qclass = C_IN; /* CLASS_IN */ j = __encode_question(&q, packet+i, PACKETSZ-i); if (j < 0) goto fail; len = i + j; DPRINTF("On try %d, sending query to port %d of machine %s\n", retries, NAMESERVER_PORT, dns); #ifdef __UCLIBC_HAS_IPV6__ v6 = inet_pton(AF_INET6, dns, &sa6.sin6_addr) > 0; fd = socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM, IPPROTO_UDP); #else fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); #endif if (fd < 0) { continue; } /* Connect to the UDP socket so that asyncronous errors are returned */ #ifdef __UCLIBC_HAS_IPV6__ if (v6) { sa6.sin6_family = AF_INET6; sa6.sin6_port = htons(NAMESERVER_PORT); /* sa6.sin6_addr is already here */ rc = connect(fd, (struct sockaddr *) &sa6, sizeof(sa6)); } else { #endif sa.sin_family = AF_INET; sa.sin_port = htons(NAMESERVER_PORT); sa.sin_addr.s_addr = inet_addr(dns); rc = connect(fd, (struct sockaddr *) &sa, sizeof(sa)); #ifdef __UCLIBC_HAS_IPV6__ } #endif if (rc < 0) { if (errno == ENETUNREACH) { /* routing error, presume not transient */ goto tryall; } else /* retry */ continue; } DPRINTF("Transmitting packet of length %d, id=%d, qr=%d\n", len, h.id, h.qr); send(fd, packet, len, 0); FD_ZERO(&fds); FD_SET(fd, &fds); tv.tv_sec = REPLY_TIMEOUT; tv.tv_usec = 0; if (select(fd + 1, &fds, NULL, NULL, &tv) <= 0) { DPRINTF("Timeout\n"); /* timed out, so retry send and receive, * to next nameserver on queue */ goto again; } i = recv(fd, packet, 512, 0); if (i < HFIXEDSZ) { /* too short ! */ goto again; } __decode_header(packet, &h); DPRINTF("id = %d, qr = %d\n", h.id, h.qr); SH_MUTEX_LOCK_UNSAFE(resolv_lock); if ((h.id != id) || (!h.qr)) { SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); /* unsolicited */ goto again; } SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); DPRINTF("Got response %s\n", "(i think)!"); DPRINTF("qrcount=%d,ancount=%d,nscount=%d,arcount=%d\n", h.qdcount, h.ancount, h.nscount, h.arcount); DPRINTF("opcode=%d,aa=%d,tc=%d,rd=%d,ra=%d,rcode=%d\n", h.opcode, h.aa, h.tc, h.rd, h.ra, h.rcode); if ((h.rcode) || (h.ancount < 1)) { /* negative result, not present */ goto again; } pos = HFIXEDSZ; for (j = 0; j < h.qdcount; j++) { DPRINTF("Skipping question %d at %d\n", j, pos); i = __length_question(packet, pos); DPRINTF("Length of question %d is %d\n", j, i); if (i < 0) goto again; pos += i; } DPRINTF("Decoding answer at pos %d\n", pos); for (j=0;jatype != T_SIG) break; DPRINTF("skipping T_SIG %d\n", i); free(a->dotted); pos += i; } DPRINTF("Answer name = |%s|\n", a->dotted); DPRINTF("Answer type = |%d|\n", a->atype); sl_close_fd(FIL__, __LINE__, fd); if (outpacket) *outpacket = packet; else free(packet); free(lookup); return (0); /* success! */ tryall: /* if there are other nameservers, give them a go, otherwise return with error */ { int sdomains; SH_MUTEX_LOCK_UNSAFE(resolv_lock); sdomains=__searchdomains; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); variant = 0; if (retries >= nscount*(sdomains+1)) goto fail; } again: /* if there are searchdomains, try them or fallback as passed */ { int sdomains; SH_MUTEX_LOCK_UNSAFE(resolv_lock); sdomains=__searchdomains; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); if (variant < sdomains) { /* next search */ variant++; } else { /* next server, first search */ SH_MUTEX_LOCK_UNSAFE(resolv_lock); ns = (ns + 1) % nscount; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); variant = 0; } } } fail: if (fd != -1) sl_close_fd(FIL__, __LINE__, fd); if (lookup) free(lookup); if (packet) free(packet); return -1; } static void __open_etc_hosts(FILE **fp) { if ((*fp = fopen("/etc/hosts", "r")) == NULL) { *fp = fopen("/etc/config/hosts", "r"); } return; } static int __read_etc_hosts_r(FILE * fp, const char * name, int type, enum etc_hosts_action action, struct hostent * result_buf, char * buf, size_t buflen, struct hostent ** result, int * h_errnop) { struct in_addr *in=NULL; struct in_addr **addr_list=NULL; #ifdef __UCLIBC_HAS_IPV6__ struct in6_addr *in6=NULL; struct in6_addr **addr_list6=NULL; #endif /* __UCLIBC_HAS_IPV6__ */ char *cp; char **alias; int aliases, i; int ret=HOST_NOT_FOUND; if (buflen < sizeof(char *)*(ALIAS_DIM)) return ERANGE; alias=(char **)buf; buf+=sizeof(char **)*(ALIAS_DIM); buflen-=sizeof(char **)*(ALIAS_DIM); if (action!=GETHOSTENT) { #ifdef __UCLIBC_HAS_IPV6__ char *p=buf; size_t len=buflen; #endif /* __UCLIBC_HAS_IPV6__ */ *h_errnop=NETDB_INTERNAL; if (buflen < sizeof(*in)) return ERANGE; in=(struct in_addr*)buf; buf+=sizeof(*in); buflen-=sizeof(*in); if (buflen < sizeof(*addr_list)*2) return ERANGE; addr_list=(struct in_addr **)buf; buf+=sizeof(*addr_list)*2; buflen-=sizeof(*addr_list)*2; #ifdef __UCLIBC_HAS_IPV6__ if (len < sizeof(*in6)) return ERANGE; in6=(struct in6_addr*)p; p+=sizeof(*in6); len-=sizeof(*in6); if (len < sizeof(*addr_list6)*2) return ERANGE; addr_list6=(struct in6_addr**)p; p+=sizeof(*addr_list6)*2; len-=sizeof(*addr_list6)*2; if (len < buflen) { buflen=len; buf=p; } #endif /* __UCLIBC_HAS_IPV6__ */ if (buflen < 80) return ERANGE; __open_etc_hosts(&fp); if (fp == NULL) { result=NULL; return errno; } } *h_errnop=HOST_NOT_FOUND; while (fgets(buf, buflen, fp)) { if ((cp = strchr(buf, '#'))) *cp = '\0'; DPRINTF("Looking at: %s\n", buf); aliases = 0; cp = buf; while (*cp) { while (*cp && isspace(*cp)) *cp++ = '\0'; if (!*cp) continue; if (aliases < (2+MAX_ALIASES)) alias[aliases++] = cp; while (*cp && !isspace(*cp)) cp++; } alias[aliases] = 0; if (aliases < 2) continue; /* syntax error really */ if (action==GETHOSTENT) { /* Return whatever the next entry happens to be. */ break; } else if (action==GET_HOSTS_BYADDR) { if (strcmp(name, alias[0]) != 0) continue; } else { /* GET_HOSTS_BYNAME */ for (i = 1; i < aliases; i++) if (strcasecmp(name, alias[i]) == 0) break; if (i >= aliases) continue; } if (type == AF_INET && inet_pton(AF_INET, alias[0], in) > 0) { DPRINTF("Found INET\n"); addr_list[0] = in; addr_list[1] = 0; result_buf->h_name = alias[1]; result_buf->h_addrtype = AF_INET; result_buf->h_length = sizeof(*in); result_buf->h_addr_list = (char**) addr_list; result_buf->h_aliases = alias + 2; *result=result_buf; ret=NETDB_SUCCESS; #ifdef __UCLIBC_HAS_IPV6__ } else if (type == AF_INET6 && inet_pton(AF_INET6, alias[0], in6) > 0) { DPRINTF("Found INET6\n"); addr_list6[0] = in6; addr_list6[1] = 0; result_buf->h_name = alias[1]; result_buf->h_addrtype = AF_INET6; result_buf->h_length = sizeof(*in6); result_buf->h_addr_list = (char**) addr_list6; result_buf->h_aliases = alias + 2; *result=result_buf; ret=NETDB_SUCCESS; #endif /* __UCLIBC_HAS_IPV6__ */ } else { DPRINTF("Error\n"); ret=TRY_AGAIN; break; /* bad ip address */ } if (action!=GETHOSTENT) { sl_fclose(FIL__, __LINE__, fp); } return ret; } if (action!=GETHOSTENT) { sl_fclose(FIL__, __LINE__, fp); } return ret; } /* * we currently read formats not quite the same as that on normal * unix systems, we can have a list of nameservers after the keyword. */ int __get_hosts_byname_r(const char * name, int type, struct hostent * result_buf, char * buf, size_t buflen, struct hostent ** result, int * h_errnop) { return(__read_etc_hosts_r(NULL, name, type, GET_HOSTS_BYNAME, result_buf, buf, buflen, result, h_errnop)); } static int __open_nameservers(void) { FILE *fp; int i; #define RESOLV_ARGS 5 char szBuffer[128], *p, *argv[RESOLV_ARGS]; int argc; SH_MUTEX_LOCK(resolv_lock); if (__nameservers > 0) { goto the_end; } if ((fp = fopen("/etc/resolv.conf", "r")) || (fp = fopen("/etc/config/resolv.conf", "r"))) { while (fgets(szBuffer, sizeof(szBuffer), fp) != NULL) { for (p = szBuffer; *p && isspace(*p); p++) /* skip white space */; if (*p == '\0' || *p == '\n' || *p == '#') /* skip comments etc */ continue; argc = 0; while (*p && argc < RESOLV_ARGS) { argv[argc++] = p; while (*p && !isspace(*p) && *p != '\n') p++; while (*p && (isspace(*p) || *p == '\n')) /* remove spaces */ *p++ = '\0'; } if (strcmp(argv[0], "nameserver") == 0) { for (i = 1; i < argc && __nameservers < MAX_SERVERS; i++) { __nameserver[__nameservers++] = strdup(argv[i]); DPRINTF("adding nameserver %s\n", argv[i]); } } /* domain and search are mutually exclusive, the last one wins */ if (strcmp(argv[0],"domain")==0 || strcmp(argv[0],"search")==0) { while (__searchdomains > 0) { free(__searchdomain[--__searchdomains]); __searchdomain[__searchdomains] = NULL; } for (i=1; i < argc && __searchdomains < MAX_SEARCH; i++) { __searchdomain[__searchdomains++] = strdup(argv[i]); DPRINTF("adding search %s\n", argv[i]); } } } sl_fclose(FIL__, __LINE__, fp); } else { DPRINTF("failed to open %s\n", "resolv.conf"); } DPRINTF("nameservers = %d\n", __nameservers); the_end: ; /* 'label at end of compound statement' */ SH_MUTEX_UNLOCK(resolv_lock); return 0; } static int sh_gethostbyname_r(const char * name, struct hostent * result_buf, char * buf, size_t buflen, struct hostent ** result, int * h_errnop) { struct in_addr *in; struct in_addr **addr_list; unsigned char *packet; struct resolv_answer a; int i; int nest = 0; int __nameserversXX; char ** __nameserverXX; __open_nameservers(); *result=NULL; if (!name) return EINVAL; /* do /etc/hosts first */ if ((i=__get_hosts_byname_r(name, AF_INET, result_buf, buf, buflen, result, h_errnop))==0) return i; switch (*h_errnop) { case HOST_NOT_FOUND: case NO_ADDRESS: break; case NETDB_INTERNAL: if (errno == ENOENT) { break; } /* else fall through */ default: return i; } DPRINTF("Nothing found in /etc/hosts\n"); *h_errnop = NETDB_INTERNAL; if (buflen < sizeof(*in)) return ERANGE; in=(struct in_addr*)buf; buf+=sizeof(*in); buflen-=sizeof(*in); if (buflen < sizeof(*addr_list)*2) return ERANGE; addr_list=(struct in_addr**)buf; buf+=sizeof(*addr_list)*2; buflen-=sizeof(*addr_list)*2; addr_list[0] = in; addr_list[1] = 0; if (buflen<256) return ERANGE; strncpy(buf, name, buflen); /* First check if this is already an address */ if (inet_aton(name, in)) { result_buf->h_name = buf; result_buf->h_addrtype = AF_INET; result_buf->h_length = sizeof(*in); result_buf->h_addr_list = (char **) addr_list; *result=result_buf; *h_errnop = NETDB_SUCCESS; return NETDB_SUCCESS; } for (;;) { SH_MUTEX_LOCK_UNSAFE(resolv_lock); __nameserversXX=__nameservers; __nameserverXX=__nameserver; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); i = __dns_lookup(buf, T_A, __nameserversXX, __nameserverXX, &packet, &a); if (i < 0) { *h_errnop = HOST_NOT_FOUND; DPRINTF("__dns_lookup\n"); return TRY_AGAIN; } strncpy(buf, a.dotted, buflen); free(a.dotted); if (a.atype == T_CNAME) { /* CNAME */ DPRINTF("Got a CNAME in gethostbyname()\n"); i = __decode_dotted(packet, a.rdoffset, buf, buflen); free(packet); if (i < 0) { *h_errnop = NO_RECOVERY; DPRINTF("__decode_dotted\n"); return -1; } if (++nest > MAX_RECURSE) { *h_errnop = NO_RECOVERY; DPRINTF("recursion\n"); return -1; } continue; } else if (a.atype == T_A) { /* ADDRESS */ memcpy(in, a.rdata, sizeof(*in)); result_buf->h_name = buf; result_buf->h_addrtype = AF_INET; result_buf->h_length = sizeof(*in); result_buf->h_addr_list = (char **) addr_list; free(packet); break; } else { free(packet); *h_errnop=HOST_NOT_FOUND; return TRY_AGAIN; } } *result=result_buf; *h_errnop = NETDB_SUCCESS; return NETDB_SUCCESS; } struct hostent * sh_gethostbyname(const char *name) { static struct hostent h; static char buf[sizeof(struct in_addr) + sizeof(struct in_addr *)*2 + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; struct hostent *hp; sh_gethostbyname_r(name, &h, buf, sizeof(buf), &hp, &h_errno); return hp; } static int __get_hosts_byaddr_r(const char * addr, int len, int type, struct hostent * result_buf, char * buf, size_t buflen, struct hostent ** result, int * h_errnop) { #ifndef __UCLIBC_HAS_IPV6__ char ipaddr[INET_ADDRSTRLEN]; #else char ipaddr[INET6_ADDRSTRLEN]; #endif /* __UCLIBC_HAS_IPV6__ */ switch (type) { case AF_INET: if (len != sizeof(struct in_addr)) return 0; break; #ifdef __UCLIBC_HAS_IPV6__ case AF_INET6: if (len != sizeof(struct in6_addr)) return 0; break; #endif /* __UCLIBC_HAS_IPV6__ */ default: return 0; } inet_ntop(type, addr, ipaddr, sizeof(ipaddr)); return(__read_etc_hosts_r(NULL, ipaddr, type, GET_HOSTS_BYADDR, result_buf, buf, buflen, result, h_errnop)); } static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type, struct hostent * result_buf, char * buf, size_t buflen, struct hostent ** result, int * h_errnop) { struct in_addr *in; struct in_addr **addr_list; #ifdef __UCLIBC_HAS_IPV6__ char *qp; size_t plen; struct in6_addr *in6; struct in6_addr **addr_list6; #endif /* __UCLIBC_HAS_IPV6__ */ unsigned char *packet; struct resolv_answer a; int i; int nest = 0; int __nameserversXX; char ** __nameserverXX; *result=NULL; if (!addr) return EINVAL; switch (type) { case AF_INET: if (len != sizeof(struct in_addr)) return EINVAL; break; #ifdef __UCLIBC_HAS_IPV6__ case AF_INET6: if (len != sizeof(struct in6_addr)) return EINVAL; break; #endif /* __UCLIBC_HAS_IPV6__ */ default: return EINVAL; } /* do /etc/hosts first */ if ((i=__get_hosts_byaddr_r(addr, len, type, result_buf, buf, buflen, result, h_errnop))==0) return i; switch (*h_errnop) { case HOST_NOT_FOUND: case NO_ADDRESS: break; default: return i; } __open_nameservers(); #ifdef __UCLIBC_HAS_IPV6__ qp=buf; plen=buflen; #endif /* __UCLIBC_HAS_IPV6__ */ *h_errnop = NETDB_INTERNAL; if (buflen < sizeof(*in)) return ERANGE; in=(struct in_addr*)buf; buf+=sizeof(*in); buflen-=sizeof(*in); if (buflen < sizeof(*addr_list)*2) return ERANGE; addr_list=(struct in_addr**)buf; buf+=sizeof(*addr_list)*2; buflen-=sizeof(*addr_list)*2; #ifdef __UCLIBC_HAS_IPV6__ if (plen < sizeof(*in6)) return ERANGE; in6=(struct in6_addr*)qp; qp+=sizeof(*in6); plen-=sizeof(*in6); if (plen < sizeof(*addr_list6)*2) return ERANGE; addr_list6=(struct in6_addr**)qp; qp+=sizeof(*addr_list6)*2; plen-=sizeof(*addr_list6)*2; if (plen < buflen) { buflen=plen; buf=qp; } #endif /* __UCLIBC_HAS_IPV6__ */ if (buflen<256) return ERANGE; if(type == AF_INET) { const unsigned char *tmp_addr = (const unsigned char *)addr; memcpy(&in->s_addr, addr, len); addr_list[0] = in; sprintf(buf, "%u.%u.%u.%u.in-addr.arpa", tmp_addr[3], tmp_addr[2], tmp_addr[1], tmp_addr[0]); #ifdef __UCLIBC_HAS_IPV6__ } else { memcpy(in6->s6_addr, addr, len); addr_list6[0] = in6; qp = buf; for (i = len - 1; i >= 0; i--) { qp += sprintf(qp, "%x.%x.", in6->s6_addr[i] & 0xf, (in6->s6_addr[i] >> 4) & 0xf); } strcpy(qp, "ip6.int"); #endif /* __UCLIBC_HAS_IPV6__ */ } addr_list[1] = 0; for (;;) { SH_MUTEX_LOCK_UNSAFE(resolv_lock); __nameserversXX=__nameservers; __nameserverXX=__nameserver; SH_MUTEX_UNLOCK_UNSAFE(resolv_lock); i = __dns_lookup(buf, T_PTR, __nameserversXX, __nameserverXX, &packet, &a); if (i < 0) { *h_errnop = HOST_NOT_FOUND; return TRY_AGAIN; } strncpy(buf, a.dotted, buflen); free(a.dotted); if (a.atype == T_CNAME) { /* CNAME */ DPRINTF("Got a CNAME in gethostbyaddr()\n"); i = __decode_dotted(packet, a.rdoffset, buf, buflen); free(packet); if (i < 0) { *h_errnop = NO_RECOVERY; return -1; } if (++nest > MAX_RECURSE) { *h_errnop = NO_RECOVERY; return -1; } continue; } else if (a.atype == T_PTR) { /* ADDRESS */ i = __decode_dotted(packet, a.rdoffset, buf, buflen); free(packet); result_buf->h_name = buf; result_buf->h_addrtype = type; if(type == AF_INET) { result_buf->h_length = sizeof(*in); #ifdef __UCLIBC_HAS_IPV6__ } else { result_buf->h_length = sizeof(*in6); #endif /* __UCLIBC_HAS_IPV6__ */ } result_buf->h_addr_list = (char **) addr_list; break; } else { free(packet); *h_errnop = NO_ADDRESS; return TRY_AGAIN; } } *result=result_buf; *h_errnop = NETDB_SUCCESS; return NETDB_SUCCESS; } struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type) { static struct hostent h; static char buf[ #ifndef __UCLIBC_HAS_IPV6__ sizeof(struct in_addr) + sizeof(struct in_addr *)*2 + #else sizeof(struct in6_addr) + sizeof(struct in6_addr *)*2 + #endif /* __UCLIBC_HAS_IPV6__ */ sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; struct hostent *hp; sh_gethostbyaddr_r(addr, len, type, &h, buf, sizeof(buf), &hp, &h_errno); return hp; } /* NEED_STATIC_LIBS */ #else /* include something to avoid empty compilation unit */ #include #endif samhain-3.1.0/src/sh_suidchk.c0000644000175000017500000017660712210052103013136 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2001 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include #include #include #include #ifdef HAVE_SCHED_H #include #endif #ifdef SH_USE_SUIDCHK #undef FIL__ #define FIL__ _("sh_suidchk.c") #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) #if TIME_WITH_SYS_TIME #include #include #else #if HAVE_SYS_TIME_H #include #else #include #endif #endif #ifdef HAVE_DIRENT_H #include #define NAMLEN(dirent) sl_strlen((dirent)->d_name) #else #define dirent direct #define NAMLEN(dirent) (dirent)->d_namlen #ifdef HAVE_SYS_NDIR_H #include #endif #ifdef HAVE_SYS_DIR_H #include #endif #ifdef HAVE_NDIR_H #include #endif #endif #define NEED_ADD_DIRENT #include "samhain.h" #include "sh_pthread.h" #include "sh_utils.h" #include "sh_error.h" #include "sh_modules.h" #include "sh_suidchk.h" #include "sh_hash.h" #include "sh_unix.h" #include "sh_files.h" #include "sh_schedule.h" #include "sh_calls.h" sh_rconf sh_suidchk_table[] = { { N_("severitysuidcheck"), sh_suidchk_set_severity }, { N_("suidcheckactive"), sh_suidchk_set_activate }, { N_("suidcheckinterval"), sh_suidchk_set_timer }, { N_("suidcheckschedule"), sh_suidchk_set_schedule }, { N_("suidcheckexclude"), sh_suidchk_set_exclude }, { N_("suidcheckfps"), sh_suidchk_set_fps }, { N_("suidcheckyield"), sh_suidchk_set_yield }, { N_("suidchecknosuid"), sh_suidchk_set_nosuid }, { N_("suidcheckquarantinefiles"), sh_suidchk_set_quarantine }, { N_("suidcheckquarantinemethod"), sh_suidchk_set_qmethod }, { N_("suidcheckquarantinedelete"), sh_suidchk_set_qdelete }, { NULL, NULL }, }; static time_t lastcheck = (time_t) 0; static int ShSuidchkActive = S_TRUE; static time_t ShSuidchkInterval = 7200; static long ShSuidchkFps = 0; static int ShSuidchkNosuid = S_FALSE; static int ShSuidchkYield = S_FALSE; static int ShSuidchkQEnable = S_FALSE; static int ShSuidchkQMethod = SH_Q_CHANGEPERM; static int ShSuidchkQDelete = S_FALSE; static int ShSuidchkSeverity = SH_ERR_SEVERE; static char * ShSuidchkExclude = NULL; static size_t ExcludeLen = 0; static time_t FileLimNow = 0; static time_t FileLimStart = 0; static long FileLimNum = 0; static long FileLimTotal = 0; static sh_schedule_t * ShSuidchkSched = NULL; static char * filesystem_type (char * path, char * relpath, struct stat * statp); #ifndef PATH_MAX #define PATH_MAX 1024 #endif SH_MUTEX_STATIC(mutex_suid_check, PTHREAD_MUTEX_INITIALIZER); extern unsigned long sh_files_maskof (int class); static void set_defaults (void) { ShSuidchkActive = S_TRUE; ShSuidchkInterval = 7200; ShSuidchkFps = 0; ShSuidchkNosuid = S_FALSE; ShSuidchkYield = S_FALSE; ShSuidchkQEnable = S_FALSE; ShSuidchkQMethod = SH_Q_CHANGEPERM; ShSuidchkQDelete = S_FALSE; ShSuidchkSeverity = SH_ERR_SEVERE; if (ShSuidchkExclude != NULL) SH_FREE(ShSuidchkExclude); ShSuidchkExclude = NULL; ExcludeLen = 0; FileLimNow = 0; FileLimStart = 0; FileLimNum = 0; FileLimTotal = 0; return; } /* Recursively descend into the directory to make sure that * there is no symlink in the path. * * Use retry_lstat_ns() here because we cannot chdir the subprocess * that does the lstat(). */ static int do_truncate_int (char * path, int depth) { char * q; struct stat one; struct stat two; int fd; char errbuf[SH_ERRBUF_SIZE]; if (depth > 99) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("do_truncate: max depth 99 exceeded")); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } ++depth; if (path[0] != '/') { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("do_truncate: not an absolute path")); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } ++path; q = strchr(path, '/'); if (q) { *q = '\0'; if (0 != retry_lstat_ns(FIL__, __LINE__, path, &one)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); *q = '/'; return -1; } if (/*@-usedef@*/!S_ISDIR(one.st_mode)/*@+usedef@*/) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Possible race: not a directory")); SH_MUTEX_UNLOCK(mutex_thread_nolog); *q = '/'; return -1; } if (0 != chdir(path)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); *q = '/'; return -1; } *q = '/'; if (0 != retry_lstat_ns(FIL__, __LINE__, ".", &two)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } if (/*@-usedef@*/(one.st_dev != two.st_dev) || (one.st_ino != two.st_ino) || (!S_ISDIR(two.st_mode))/*@+usedef@*/) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Possible race: lstat(dir) != lstat(.)")); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } return (do_truncate_int(q, depth)); } else { /* no more '/', so this is the file */ if (*path == '\0') return -1; if (0 != retry_lstat_ns(FIL__, __LINE__, path, &one)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } fd = open(path, O_RDWR); if (-1 == fd) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); return -1; } if (0 != retry_fstat(FIL__, __LINE__, fd, &two)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } if (/*@-usedef@*/(one.st_dev != two.st_dev) || (one.st_ino != two.st_ino)/*@+usedef@*/) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Possible race: lstat != fstat")); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } if (!S_ISREG(two.st_mode)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Possible race: not a regular file")); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } if ((0 == (two.st_mode & S_ISUID)) && (0 == (two.st_mode & S_ISGID))) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Possible race: not a suid/sgid file")); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } if (ShSuidchkQDelete == S_FALSE) { if ((two.st_mode & S_ISUID) > 0) two.st_mode -= S_ISUID; if ((two.st_mode & S_ISGID) > 0) two.st_mode -= S_ISGID; #ifdef HAVE_FCHMOD if (-1 == /*@-unrecog@*/fchmod(fd, two.st_mode)/*@+unrecog@*/) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } #else SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, _("The fchmod() function is not available")); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; #endif if (two.st_nlink > 1) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SUID_ERROR, _("Not truncated because hardlink count gt 1")); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } /* The man page says: 'POSIX has ftruncate' */ if (-1 == /*@-unrecog@*/ftruncate(fd, 0)/*@+unrecog@*/) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } } else { if (-1 == retry_aud_unlink(FIL__, __LINE__, path)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); (void) sl_close_fd(FIL__, __LINE__, fd); return -1; } } (void) sl_close_fd (FIL__, __LINE__, fd); return (0); } } static int do_truncate (const char * path_in) { volatile int caperr; int result; char * path; char errbuf[SH_ERRBUF_SIZE]; if (0 != chdir("/")) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); } if (0 != (caperr = sl_get_cap_qdel())) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_get_cap_qdel")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } path = sh_util_strdup (path_in); result = do_truncate_int (path, 0); SH_FREE(path); if (0 != (caperr = sl_drop_cap_qdel())) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_drop_cap_qdel")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } if (0 != chdir("/")) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_SUID_ERROR, sh_error_message(errno, errbuf, sizeof(errbuf))); SH_MUTEX_UNLOCK(mutex_thread_nolog); } return result; } /* This variable is not used anywhere. It only exists * to assign &dirlist to it, which keeps gcc from * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_tmp = NULL; static void sh_q_delete(const char * fullpath) { int status; char * msg; char * tmp; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_tmp = (void*) &tmp; if (do_truncate (fullpath) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { tmp = sh_util_safe_name(fullpath); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 0, MSG_SUID_QREPORT, _("Quarantine method applied"), tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); } return; } /* This variable is not used anywhere. It only exists * to assign &dirlist to it, which keeps gcc from * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_mtmp = NULL; static void * sh_dummy_mmsg = NULL; static void sh_q_move(const char * fullpath, file_type * theFile, const char * timestrc, const char * timestra, const char * timestrm) { volatile int status; int readFile = -1; volatile int writeFile = -1; struct stat fileInfo; ssize_t count; char * msg; char * tmp; char * basetmp; char * filetmp; char buffer[1024]; char * dir = SH_ALLOC(PATH_MAX+1); mode_t umask_old; FILE * filePtr = NULL; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_mtmp = (void*) &tmp; sh_dummy_mmsg = (void*) &msg; (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) { /* Quarantine directory does not exist, */ status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { if (retry_lstat (FIL__, __LINE__, fullpath, &fileInfo) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { basetmp = sh_util_strdup(fullpath); filetmp = SH_ALLOC(PATH_MAX+1); tmp = sh_util_basename(basetmp); (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s", DEFAULT_QDIR, tmp); SH_FREE(tmp); SH_FREE(basetmp); readFile = open (fullpath, O_RDONLY); if (readFile != -1) writeFile = open (filetmp, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR|S_IXUSR); if ((readFile == -1) || (writeFile == -1)) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { /* sizeof(buffer) is 1024 */ while ((count = (int) read (readFile, buffer, sizeof (buffer))) > 0) { if ((int) write (writeFile, buffer, (size_t) count) != count) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld (write)"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } } } (void) sl_close_fd (FIL__, __LINE__, readFile); (void) fchmod(writeFile, S_IRUSR | S_IWUSR | S_IXUSR); (void) sl_close_fd (FIL__, __LINE__, writeFile); if (do_truncate (fullpath) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { tmp = sh_util_basename(fullpath); (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s.info", DEFAULT_QDIR, tmp); SH_FREE(tmp); /* * avoid chmod by setting umask */ umask_old = umask (0077); filePtr = fopen (filetmp, "w+"); /*@-usedef@*/ if (filePtr) { fprintf(filePtr, _("File Info:\n filename=%s\n size=%lu\n owner=%s(%d)\n group=%s(%d)\n ctime=%s\n atime=%s\n mtime=%s\n"), fullpath, (unsigned long) theFile->size, theFile->c_owner, (int) theFile->owner, theFile->c_group, (int) theFile->group, timestrc, timestra, timestrm); (void) sl_fclose (FIL__, __LINE__, filePtr); } /*@+usedef@*/ umask (umask_old); tmp = sh_util_safe_name(fullpath); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__,__LINE__, 0, MSG_SUID_QREPORT, _("Quarantine method applied"), tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); } SH_FREE(filetmp); } } SH_FREE(dir); return; } /* This variable is not used anywhere. It only exists * to assign &dirlist to it, which keeps gcc from * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_ctmp = NULL; static void * sh_dummy_cmsg = NULL; static void sh_q_changeperm(const char * fullpath) { volatile int caperr; volatile int status; char * msg; char * tmp; struct stat fileInfo; struct stat fileInfo_F; int cperm_status = 0; volatile int file_d = -1; char errbuf[SH_ERRBUF_SIZE]; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_ctmp = (void*) &tmp; sh_dummy_cmsg = (void*) &msg; if (retry_lstat(FIL__, __LINE__, fullpath, &fileInfo) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); cperm_status = -1; } if (cperm_status == 0) { if (0 != (caperr = sl_get_cap_qdel())) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_get_cap_qdel")); SH_MUTEX_UNLOCK(mutex_thread_nolog); cperm_status = -1; } } if (cperm_status == 0) { file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, fullpath, O_RDONLY, 0); if (-1 == file_d) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); cperm_status = -1; } } if (cperm_status == 0) { if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); cperm_status = -1; } } if (cperm_status == 0) { if (fileInfo_F.st_ino != fileInfo.st_ino || fileInfo_F.st_dev != fileInfo.st_dev || fileInfo_F.st_mode != fileInfo.st_mode) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Race detected. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); cperm_status = -1; } } if ((fileInfo.st_mode & S_ISUID) > 0) fileInfo.st_mode -= S_ISUID; if ((fileInfo.st_mode & S_ISGID) > 0) fileInfo.st_mode -= S_ISGID; if (cperm_status == 0) { if (fchmod(file_d, fileInfo.st_mode) == -1) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } else { tmp = sh_util_safe_name(fullpath); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 0, MSG_SUID_QREPORT, _("Quarantine method applied"), tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); } } if (0 != (caperr = sl_drop_cap_qdel())) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, sh_error_message (caperr, errbuf, sizeof(errbuf)), _("sl_drop_cap_qdel")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } if (file_d != -1) { do { status = sl_close_fd (FIL__, __LINE__, file_d); } while (status == -1 && errno == EINTR); if (-1 == status) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); tmp = sh_util_safe_name(fullpath); (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, status, MSG_SUID_QREPORT, msg, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); } } return; } static void report_file (const char * tmpcat, file_type * theFile, char * timestrc, char * timestra, char * timestrm) { char * msg = SH_ALLOC(SH_BUFSIZE); char * tmp = sh_util_safe_name(tmpcat); msg[0] = '\0'; /*@-usedef@*/ #ifdef SH_USE_XML (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=\"%s\" iowner_new=\"%ld\" group_new=\"%s\" igroup_new=\"%ld\" size_new=\"%lu\" ctime_new=\"%s\" atime_new=\"%s\" mtime_new=\"%s\""), theFile->c_owner, theFile->owner, theFile->c_group, theFile->group, (unsigned long) theFile->size, timestrc, timestra, timestrm); #else (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=<%s>, iowner_new=<%ld>, group_new=<%s>, igroup_new=<%ld>, filesize=<%lu>, ctime=<%s>, atime=<%s>, mtime=<%s>"), theFile->c_owner, theFile->owner, theFile->c_group, theFile->group, (unsigned long) theFile->size, timestrc, timestra, timestrm); #endif /*@+usedef@*/ SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 0, MSG_SUID_POLICY, _("suid/sgid file not in database"), tmp, msg ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(msg); return; } /* This variable is not used anywhere. It only exists * to assign &dirlist to it, which keeps gcc from * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_dirlist = NULL; static void * sh_dummy_itmp = NULL; static int sh_suidchk_check_internal (char * iname) { DIR * thisDir = NULL; struct dirent * thisEntry; char * tmpcat; char * tmp; char timestrc[32]; char timestra[32]; char timestrm[32]; struct stat buf; volatile int status; int fflags; char * fs; volatile long sl_status; file_type * theFile = NULL; char fileHash[2*(KEY_LEN + 1)]; struct sh_dirent * dirlist; struct sh_dirent * dirlist_orig; char errbuf[SH_ERRBUF_SIZE]; SL_ENTER(_("sh_suidchk_check_internal")); /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_dirlist = (void*) &dirlist; sh_dummy_itmp = (void*) &tmp; if (iname == NULL) { TPT((0, FIL__, __LINE__ , _("msg=\n"))); SL_RETURN( (-1), _("sh_suidchk_check_internal")); } if (sig_urgent > 0) { SL_RETURN( (0), _("sh_suidchk_check_internal")); } thisDir = opendir (iname); if (thisDir == NULL) { status = errno; tmp = sh_util_safe_name(iname); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, status, MSG_E_OPENDIR, sh_error_message (status, errbuf, sizeof(errbuf)), tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SL_RETURN( (-1), _("sh_suidchk_check_internal")); } /* Loop over directory entries */ SH_MUTEX_LOCK(mutex_readdir); dirlist = NULL; dirlist_orig = NULL; do { thisEntry = readdir (thisDir); if (thisEntry != NULL) { if (sl_strcmp (thisEntry->d_name, ".") == 0) continue; if (sl_strcmp (thisEntry->d_name, "..") == 0) continue; dirlist = addto_sh_dirlist (thisEntry, dirlist); } } while (thisEntry != NULL); SH_MUTEX_UNLOCK(mutex_readdir); closedir(thisDir); dirlist_orig = dirlist; sl_status = SL_ENONE; do { /* If the directory is empty, dirlist = NULL */ if (!dirlist) break; if (sig_urgent > 0) { SL_RETURN( (0), _("sh_suidchk_check_internal")); } tmpcat = SH_ALLOC(PATH_MAX); (void) sl_strlcpy(tmpcat, iname, PATH_MAX); if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) { sl_status = SL_ETRUNC; } else { if (tmpcat[1] != '\0') sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); } if (! SL_ISERROR(sl_status)) sl_status = sl_strlcat(tmpcat, dirlist->sh_d_name, PATH_MAX); if (SL_ISERROR(sl_status)) { tmp = sh_util_safe_name(tmpcat); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, MSG_E_SUBGPATH, _("path too long"), _("sh_suidchk_check_internal"), tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); SH_FREE(tmpcat); dirlist = dirlist->next; continue; } ++FileLimNum; ++FileLimTotal; /* Rate limit (Fps == Files per second) */ if ((ShSuidchkFps > 0 && FileLimNum > ShSuidchkFps && FileLimTotal > 0)&& (ShSuidchkYield == S_FALSE)) { FileLimNum = 0; FileLimNow = time(NULL); if ( (FileLimNow - FileLimStart) > 0 && FileLimTotal/(FileLimNow - FileLimStart) > ShSuidchkFps ) (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ ShSuidchkFps) , 0); } status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf); if (status != 0) { volatile int elevel = SH_ERR_ERR; size_t tlen; status = errno; tmp = sh_util_safe_name(tmpcat); tlen = strlen(tmp); if (tlen >= 6 && 0 == strcmp(&tmp[tlen-6], _("/.gvfs"))) elevel = SH_ERR_NOTICE; /* If we are scanning a temporary directory where dirs and files * can be created/deleted, an lstat() error is something which * may occur frequently. As a missing dir/file is not an important * problem for the suidcheck, the error level is only SH_ERR_NOTICE. */ if (status == ENOENT) elevel = SH_ERR_NOTICE; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (elevel, FIL__, __LINE__, status, MSG_ERR_LSTAT, sh_error_message(status, errbuf, sizeof(errbuf)), tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(tmp); } else { if (/*@-usedef@*/S_ISDIR(buf.st_mode)/*@+usedef@*/ && (ShSuidchkExclude == NULL || 0 != strcmp(tmpcat, ShSuidchkExclude))) { /* fs is a STATIC string or NULL */ fs = filesystem_type (tmpcat, tmpcat, &buf); if (fs != NULL #ifndef SH_SUIDTESTDIR && 0 != strncmp (_("afs"), fs, 3) && 0 != strncmp (_("devfs"), fs, 5) && 0 != strncmp (_("fdesc"), fs, 5) && 0 != strncmp (_("iso9660"), fs, 7) && 0 != strncmp (_("cd9660"), fs, 6) && 0 != strncmp (_("lustre"), fs, 6) && 0 != strncmp (_("mmfs"), fs, 4) && 0 != strncmp (_("msdos"), fs, 5) && 0 != strncmp (_("nfs"), fs, 3) && 0 != strncmp (_("proc"), fs, 4) && 0 != strncmp (_("sysfs"), fs, 5) && 0 != strncmp (_("vfat"), fs, 4) #endif ) { if ((ShSuidchkNosuid == S_TRUE) || (0 != strncmp (_("nosuid"), fs, 6))) /* fprintf(stderr, "%s: %s\n", fs, tmpcat); */ (void) sh_suidchk_check_internal(tmpcat); } } else if (S_ISREG(buf.st_mode) && (0 !=(S_ISUID & buf.st_mode) || #if defined(HOST_IS_LINUX) (0 !=(S_ISGID & buf.st_mode) && 0 !=(S_IXGRP & buf.st_mode)) #else 0 !=(S_ISGID & buf.st_mode) #endif ) ) { int dummy; int class; unsigned long check_mask = 0; theFile = SH_ALLOC(sizeof(file_type)); (void) sl_strlcpy (theFile->fullpath, tmpcat, PATH_MAX); theFile->check_mask = sh_files_maskof(SH_LEVEL_READONLY); CLEAR_SH_FFLAG_REPORTED(theFile->file_reported); theFile->attr_string = NULL; theFile->link_path = NULL; sh_files_search_file(tmpcat, &class, &check_mask, &dummy); if ((check_mask & MODI_PREL) != 0) { theFile->check_mask |= MODI_PREL; } status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], dirlist->sh_d_name, theFile, fileHash, 0); tmp = sh_util_safe_name(tmpcat); if (status != 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 0, MSG_E_SUBGPATH, _("Could not check suid/sgid file"), _("sh_suidchk_check_internal"), tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); } else { if ( sh.flag.update == S_TRUE && (sh.flag.checkSum == SH_CHECK_INIT || sh.flag.checkSum == SH_CHECK_CHECK)) { int compret; /* Updating database. Report new files that * are not in database already. Then compare * to database and report changes. */ if (-1 == sh_hash_have_it (tmpcat)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SUID_FOUND, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } else { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_SUID_FOUND, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } SH_MUTEX_LOCK(mutex_thread_nolog); compret = sh_hash_compdata (SH_LEVEL_READONLY, theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity); SH_MUTEX_UNLOCK(mutex_thread_nolog); if (compret == 0) { sh_hash_pushdata_memory (theFile, fileHash); /* no call to sh_error_handle */ } sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ } else if (sh.flag.checkSum == SH_CHECK_INIT && sh.flag.update == S_FALSE ) { /* Running init. Report on files detected. */ sh_hash_pushdata (theFile, fileHash); /* no call to sh_error_handle */ SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SUID_FOUND, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } else if (sh.flag.checkSum == SH_CHECK_CHECK ) { /* Running file check. Report on new files * detected, and quarantine them. */ SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_SUID_FOUND, tmp ); SH_MUTEX_UNLOCK(mutex_thread_nolog); fflags = sh_hash_getflags(tmpcat); /* no call to sh_error_handle */ if ( (-1 == fflags) || (!SH_FFLAG_SUIDCHK_SET(fflags))) { if (-1 == fflags) { (void) sh_unix_gmttime (theFile->ctime, timestrc, sizeof(timestrc)); (void) sh_unix_gmttime (theFile->atime, timestra, sizeof(timestra)); (void) sh_unix_gmttime (theFile->mtime, timestrm, sizeof(timestrm)); report_file(tmpcat, theFile, timestrc, timestra, timestrm); } /* Quarantine file according to configured method */ if (ShSuidchkQEnable == S_TRUE) { switch (ShSuidchkQMethod) { case SH_Q_DELETE: sh_q_delete(theFile->fullpath); break; case SH_Q_CHANGEPERM: sh_q_changeperm(theFile->fullpath); break; case SH_Q_MOVE: sh_q_move(theFile->fullpath, theFile, timestrc, timestra, timestrm); break; default: SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 0, MSG_SUID_QREPORT, _("Bad quarantine method"), tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); break; } } else { /* 1.8.1 push file to in-memory database */ SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_hash_compdata (SH_LEVEL_READONLY, theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ } } else { /* File exists. Check for modifications. */ SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_hash_compdata (SH_LEVEL_READONLY, theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ } } } SH_FREE(tmp); if (theFile->attr_string) SH_FREE(theFile->attr_string); if (theFile->link_path) SH_FREE(theFile->link_path); SH_FREE(theFile); } } SH_FREE(tmpcat); #ifdef HAVE_SCHED_YIELD if (ShSuidchkYield == S_TRUE) { if (sched_yield() == -1) { status = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, _("Failed to release time slice"), _("sh_suidchk_check_internal") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } } #endif dirlist = dirlist->next; } while (dirlist != NULL); kill_sh_dirlist (dirlist_orig); SL_RETURN( (0), _("sh_suidchk_check_internal")); } /************* * * module init * *************/ int sh_suidchk_init (struct mod_type * arg) { #ifndef HAVE_PTHREAD (void) arg; #endif if (ShSuidchkActive == S_FALSE) return SH_MOD_FAILED; #ifdef HAVE_PTHREAD if (arg != NULL && arg->initval < 0 && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) return SH_MOD_THREAD; else return SH_MOD_FAILED; } else if (arg != NULL && arg->initval == SH_MOD_THREAD && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { return SH_MOD_THREAD; } #endif return (0); } /************* * * module cleanup * *************/ int sh_suidchk_end () { return (0); } /************* * * module timer * *************/ int sh_suidchk_timer (time_t tcurrent) { if (sh.flag.checkSum == SH_CHECK_INIT) return -1; /* One-shot (not daemon and not loop forever) */ if (sh.flag.isdaemon != S_TRUE && sh.flag.loop == S_FALSE) return -1; if (ShSuidchkSched != NULL) { return test_sched(ShSuidchkSched); } if ((time_t) (tcurrent - lastcheck) >= ShSuidchkInterval) { lastcheck = tcurrent; return (-1); } return 0; } /************* * * module check * *************/ int sh_suidchk_check () { volatile int status; SL_ENTER(_("sh_suidchk_check")); if (ShSuidchkActive == S_FALSE) SL_RETURN(-1, _("sh_suidchk_check")); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (SH_ERR_INFO, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, _("Checking for SUID programs"), _("sh_suidchk_check") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); FileLimNow = time(NULL); FileLimStart = FileLimNow; FileLimNum = 0; FileLimTotal = 0; #ifdef SH_SUIDTESTDIR status = sh_suidchk_check_internal (SH_SUIDTESTDIR); #else status = sh_suidchk_check_internal ("/"); #endif SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, FileLimTotal, (long) (time(NULL) - FileLimStart) ); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN(status, _("sh_suidchk_check")); } /************* * * module setup * *************/ int sh_suidchk_set_severity (const char * c) { int retval; char tmp[32]; SL_ENTER(_("sh_suidchk_set_severity")); tmp[0] = '='; tmp[1] = '\0'; (void) sl_strlcat (tmp, c, 32); retval = sh_error_set_level (tmp, &ShSuidchkSeverity); SL_RETURN(retval, _("sh_suidchk_set_severity")); } int sh_suidchk_set_exclude (const char * c) { SL_ENTER(_("sh_suidchk_set_exclude")); if (c == NULL || c[0] == '\0') { SL_RETURN(-1, _("sh_suidchk_set_exclude")); } if (0 == sl_strncmp(c, _("NULL"), 4)) { if (ShSuidchkExclude != NULL) SH_FREE(ShSuidchkExclude); ShSuidchkExclude = NULL; SL_RETURN(0, _("sh_suidchk_set_exclude")); } if (ShSuidchkExclude != NULL) SH_FREE(ShSuidchkExclude); ShSuidchkExclude = sh_util_strdup (c); ExcludeLen = sl_strlen (ShSuidchkExclude); if (ShSuidchkExclude && ShSuidchkExclude[ExcludeLen-1] == '/') { ShSuidchkExclude[ExcludeLen-1] = '\0'; ExcludeLen--; } SL_RETURN(0, _("sh_suidchk_set_exclude")); } int sh_suidchk_set_timer (const char * c) { volatile long val; SL_ENTER(_("sh_suidchk_set_timer")); val = strtol (c, (char **)NULL, 10); if (val <= 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("suidchk timer"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); } val = (val <= 0 ? 7200 : val); ShSuidchkInterval = (time_t) val; SL_RETURN( 0, _("sh_suidchk_set_timer")); } static void sh_suidchk_free_schedule (void) { sh_schedule_t * current = ShSuidchkSched; sh_schedule_t * next = NULL; while (current != NULL) { next = current->next; SH_FREE(current); current = next; } ShSuidchkSched = NULL; return; } int sh_suidchk_reconf () { SH_MUTEX_LOCK(mutex_suid_check); sh_suidchk_free_schedule(); set_defaults(); SH_MUTEX_UNLOCK(mutex_suid_check); return 0; } int sh_suidchk_set_schedule (const char * str) { int status; sh_schedule_t * newSched = NULL; SL_ENTER(_("sh_suidchk_set_schedule")); /* if (ShSuidchkSched != NULL) { SH_FREE(ShSuidchkSched); ShSuidchkSched = NULL; } */ if (0 == sl_strncmp(str, _("NULL"), 4)) { (void) sh_suidchk_free_schedule (); return 0; } newSched = SH_ALLOC(sizeof(sh_schedule_t)); status = create_sched(str, newSched); if (status != 0) { SH_FREE(newSched); newSched = NULL; } else { newSched->next = ShSuidchkSched; ShSuidchkSched = newSched; } SL_RETURN( status, _("sh_suidchk_set_schedule")); } int sh_suidchk_set_fps (const char * c) { volatile long val; SL_ENTER(_("sh_suidchk_set_fps")); val = strtol (c, (char **)NULL, 10); if (val < 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("suidchk fps"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); } val = (val < 0 ? 0 : val); ShSuidchkFps = val; SL_RETURN( 0, _("sh_suidchk_set_fps")); } int sh_suidchk_set_yield (const char * c) { int i; SL_ENTER(_("sh_suidchk_set_yield")); #ifdef HAVE_SCHED_YIELD i = sh_util_flagval(c, &ShSuidchkYield); #else (void) c; /* cast to void to avoid compiler warning */ i = -1; #endif SL_RETURN(i, _("sh_suidchk_set_yield")); } int sh_suidchk_set_activate (const char * c) { int i; SL_ENTER(_("sh_suidchk_set_activate")); i = sh_util_flagval(c, &ShSuidchkActive); SL_RETURN(i, _("sh_suidchk_set_activate")); } int sh_suidchk_set_nosuid (const char * c) { int i; SL_ENTER(_("sh_suidchk_set_nosuid")); i = sh_util_flagval(c, &ShSuidchkNosuid); SL_RETURN(i, _("sh_suidchk_set_nosuid")); } int sh_suidchk_set_quarantine (const char * c) { int i; SL_ENTER(_("sh_suidchk_set_quarantine")); i = sh_util_flagval(c, &ShSuidchkQEnable); SL_RETURN(i, _("sh_suidchk_set_quarantine")); } int sh_suidchk_set_qdelete (const char * c) { int i; SL_ENTER(_("sh_suidchk_set_qdelete")); i = sh_util_flagval(c, &ShSuidchkQDelete); SL_RETURN(i, _("sh_suidchk_set_qdelete")); } int sh_suidchk_set_qmethod (const char * c) { volatile long val; volatile int ret = 0; struct stat buf; SL_ENTER(_("sh_suidchk_set_qmethod")); val = strtol (c, (char **)NULL, 10); if (val < 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("suidchk qmethod"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); ret = -1; } else { switch (val) { case SH_Q_DELETE: ShSuidchkQMethod = SH_Q_DELETE; break; case SH_Q_CHANGEPERM: ShSuidchkQMethod = SH_Q_CHANGEPERM; break; case SH_Q_MOVE: if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) { if (mkdir (DEFAULT_QDIR, 0750) == -1) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_ERROR, _("Unable to create quarantine directory")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } } ShSuidchkQMethod = SH_Q_MOVE; break; default: SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("suidchk qmethod"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); ShSuidchkQMethod = -1; ret = -1; break; } } SL_RETURN( ret, _("sh_suidchk_set_qmethod")); } #if defined(FSTYPE_STATFS) || defined(FSTYPE_AIX_STATFS) /* dirname.c -- return all but the last element in a path Copyright (C) 1990 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Return the leading directories part of PATH, allocated with malloc. If out of memory, return 0. Assumes that trailing slashes have already been removed. */ char * sh_dirname (const char * path) { char *newpath; char *slash; int length; /* Length of result, not including NUL. */ slash = strrchr (path, '/'); if (slash == NULL) { /* File is in the current directory. */ path = "."; length = 1; } else { /* Remove any trailing slashes from the result. */ while (slash > path && *slash == '/') --slash; length = slash - path + 1; } newpath = (char *) SH_ALLOC (length + 1); if (newpath == NULL) return NULL; strncpy (newpath, path, length); newpath[length] = '\0'; return newpath; } /* #ifdef FSTYPE_STATFS */ #endif /* fstype.c -- determine type of filesystems that files are on Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* Written by David MacKenzie . */ /* Modified by R. Wichmann: - replaced error() by sh_error_handle() - replaced xstrdup() by sl_strdup() - replaced strstr() by sl_strstr() - some additions to recognize nosuid fs */ /* modetype.h -- file type bits definitions for POSIX systems Requires sys/types.h sys/stat.h. Copyright (C) 1990 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* POSIX.1 doesn't mention the S_IFMT bits; instead, it uses S_IStype test macros. To make storing file types more convenient, define them; the values don't need to correspond to what the kernel uses, because of the way we use them. */ #ifndef S_IFMT /* Doesn't have traditional Unix macros. */ #define S_IFBLK 1 #define S_IFCHR 2 #define S_IFDIR 4 #define S_IFREG 8 #ifdef S_ISLNK #define S_IFLNK 16 #endif #ifdef S_ISFIFO #define S_IFIFO 32 #endif #ifdef S_ISSOCK #define S_IFSOCK 64 #endif #endif /* !S_IFMT */ #ifdef STAT_MACROS_BROKEN #undef S_ISBLK #undef S_ISCHR #undef S_ISDIR #undef S_ISREG #undef S_ISFIFO #undef S_ISLNK #undef S_ISSOCK #undef S_ISMPB #undef S_ISMPC #undef S_ISNWK #endif /* Do the reverse: define the POSIX.1 macros for traditional Unix systems that don't have them. */ #if !defined(S_ISBLK) && defined(S_IFBLK) #define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) #endif #if !defined(S_ISCHR) && defined(S_IFCHR) #define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) #endif #if !defined(S_ISDIR) && defined(S_IFDIR) #define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) #endif #if !defined(S_ISREG) && defined(S_IFREG) #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) #endif #if !defined(S_ISFIFO) && defined(S_IFIFO) #define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) #endif #if !defined(S_ISLNK) && defined(S_IFLNK) #define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) #endif #if !defined(S_ISSOCK) && defined(S_IFSOCK) #define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) #endif #if !defined(S_ISMPB) && defined(S_IFMPB) /* V7 */ #define S_ISMPB(m) (((m) & S_IFMT) == S_IFMPB) #define S_ISMPC(m) (((m) & S_IFMT) == S_IFMPC) #endif #if !defined(S_ISNWK) && defined(S_IFNWK) /* HP/UX */ #define S_ISNWK(m) (((m) & S_IFMT) == S_IFNWK) #endif static char *filesystem_type_uncached (char *path, char *relpath, struct stat *statp); #ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ static int xatoi (const char *cp); #endif #ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ #include #if !defined(MOUNTED) # if defined(MNT_MNTTAB) /* HP-UX. */ # define MOUNTED MNT_MNTTAB # endif # if defined(MNTTABNAME) /* Dynix. */ # define MOUNTED MNTTABNAME # endif #endif #endif #ifdef FSTYPE_GETMNT /* Ultrix. */ #include #include #include #endif #ifdef FSTYPE_USG_STATFS /* SVR3. */ #include #include #endif #ifdef FSTYPE_STATVFS /* SVR4. */ #include #include #endif #ifdef FSTYPE_STATFS /* 4.4BSD. */ #include /* NetBSD needs this. */ #include #ifndef MFSNAMELEN /* NetBSD defines this. */ static char * fstype_to_string (t) short t; { #ifdef INITMOUNTNAMES /* Defined in 4.4BSD, not in NET/2. */ static char *mn[] = INITMOUNTNAMES; if (t >= 0 && t <= MOUNT_MAXTYPE) return mn[t]; else return "?"; #else /* !INITMOUNTNAMES */ switch (t) { #ifdef MOUNT_UFS case MOUNT_UFS: return _("ufs"); #endif #ifdef MOUNT_ISO9660 case MOUNT_ISO9660: return _("iso9660fs"); #endif #ifdef MOUNT_CD9660 case MOUNT_CD9660: return _("cd9660"); #endif #ifdef MOUNT_NFS case MOUNT_NFS: return _("nfs"); #endif #ifdef MOUNT_PC case MOUNT_PC: return _("pc"); #endif #ifdef MOUNT_MFS case MOUNT_MFS: return _("mfs"); #endif #ifdef MOUNT_LO case MOUNT_LO: return _("lofs"); #endif #ifdef MOUNT_TFS case MOUNT_TFS: return _("tfs"); #endif #ifdef MOUNT_TMP case MOUNT_TMP: return _("tmp"); #endif #ifdef MOUNT_MSDOS case MOUNT_MSDOS: return _("msdos"); #endif #ifdef MOUNT_LFS case MOUNT_LFS: return _("lfs"); #endif #ifdef MOUNT_LOFS case MOUNT_LOFS: return _("lofs"); #endif #ifdef MOUNT_FDESC case MOUNT_FDESC: return _("fdesc"); #endif #ifdef MOUNT_PORTAL case MOUNT_PORTAL: return _("portal"); #endif #ifdef MOUNT_NULL case MOUNT_NULL: return _("null"); #endif #ifdef MOUNT_UMAP case MOUNT_UMAP: return _("umap"); #endif #ifdef MOUNT_KERNFS case MOUNT_KERNFS: return _("kernfs"); #endif #ifdef MOUNT_PROCFS case MOUNT_PROCFS: return _("procfs"); #endif #ifdef MOUNT_DEVFS case MOUNT_DEVFS: return _("devfs"); #endif #ifdef MOUNT_EXT2FS case MOUNT_EXT2FS: return _("ext2fs"); #endif #ifdef MOUNT_UNION case MOUNT_UNION: return _("union"); #endif default: return "?"; } #endif /* !INITMOUNTNAMES */ } #endif /* !MFSNAMELEN */ #endif /* FSTYPE_STATFS */ #ifdef FSTYPE_AIX_STATFS /* AIX. */ #include #include #define FSTYPE_STATFS /* Otherwise like 4.4BSD. */ #define f_type f_vfstype static char * fstype_to_string (t) short t; { switch (t) { case MNT_AIX: return _("aix"); /* AIX 4.3: NFS filesystems are actually MNT_AIX. */ #ifdef MNT_NAMEFS case MNT_NAMEFS: return _("namefs"); #endif case MNT_NFS: return _("nfs"); case MNT_JFS: return _("jfs"); case MNT_CDROM: return _("cdrom"); #ifdef MNT_PROCFS case MNT_PROCFS: return _("procfs"); #endif #ifdef MNT_SFS case MNT_SFS: return _("sfs"); #endif #ifdef MNT_CACHEFS case MNT_CACHEFS: return _("cachefs"); #endif #ifdef MNT_NFS3 case MNT_NFS3: return _("nfs3"); #endif #ifdef MNT_AUTOFS case MNT_AUTOFS: return _("autofs"); #endif #ifdef MNT_VXFS case MNT_VXFS: return _("vxfs"); #endif #ifdef MNT_VXODM case MNT_VXODM: return _("veritasfs"); #endif #ifdef MNT_UDF case MNT_UDF: return _("udfs"); #endif #ifdef MNT_NFS4 case MNT_NFS4: return _("nfs4"); #endif #ifdef MNT_RFS4 case MNT_RFS4: return _("nfs4"); #endif #ifdef MNT_CIFS case MNT_CIFS: return _("cifs"); #endif default: return "?"; } } #endif /* FSTYPE_AIX_STATFS */ #ifdef AFS #include #include #if __STDC__ /* On SunOS 4, afs/vice.h defines this to rely on a pre-ANSI cpp. */ #undef _VICEIOCTL #define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) #endif #ifndef _IOW /* AFS on Solaris 2.3 doesn't get this definition. */ #include #endif static int in_afs (path) char *path; { static char space[2048]; struct ViceIoctl vi; vi.in_size = 0; vi.out_size = sizeof (space); vi.out = space; if (pioctl (path, VIOC_FILE_CELL_NAME, &vi, 1) && (errno == EINVAL || errno == ENOENT)) return 0; return 1; } #endif /* AFS */ /* Nonzero if the current filesystem's type is known. */ static int fstype_known = 0; /* Return a static string naming the type of filesystem that the file PATH, described by STATP, is on. RELPATH is the file name relative to the current directory. Return "unknown" if its filesystem type is unknown. */ static char * filesystem_type (char * path, char * relpath, struct stat * statp) { static char *current_fstype = NULL; static dev_t current_dev; if (current_fstype != NULL) { if ((0 != fstype_known) && statp->st_dev == current_dev) return current_fstype; /* Cached value. */ SH_FREE (current_fstype); } current_dev = statp->st_dev; current_fstype = filesystem_type_uncached (path, relpath, statp); return current_fstype; } /* This variable is not used anywhere. It only exists * to assign &dirlist to it, which keeps gcc from * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ static void * sh_dummy_type = NULL; /* Return a newly allocated string naming the type of filesystem that the file PATH, described by STATP, is on. RELPATH is the file name relative to the current directory. Return "unknown" if its filesystem type is unknown. */ static char * filesystem_type_uncached (path, relpath, statp) char *path; char *relpath; struct stat *statp; { char * type = NULL; #ifdef MFSNAMELEN /* NetBSD. */ static char my_tmp_type[64]; #endif #ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ char *table = MOUNTED; FILE *mfp; struct mntent *mnt; if (path == NULL || relpath == NULL) return NULL; mfp = setmntent (table, "r"); if (mfp == NULL) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("setmntent() failed"), _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); return NULL; } /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_type = (void*) &type; /* Find the entry with the same device number as STATP, and return that entry's fstype. */ while (type == NULL && (mnt = getmntent (mfp)) != NULL) { const char *devopt; dev_t dev; struct stat disk_stats; #ifdef MNTTYPE_IGNORE if (0 == strcmp (mnt->mnt_type, MNTTYPE_IGNORE)) continue; #endif /* Newer systems like SunOS 4.1 keep the dev number in the mtab, in the options string. For older systems, we need to stat the directory that the filesystem is mounted on to get it. Unfortunately, the HPUX 9.x mnttab entries created by automountq contain a dev= option but the option value does not match the st_dev value of the file (maybe the lower 16 bits match?). */ #if !defined(hpux) && !defined(__hpux__) devopt = sl_strstr (mnt->mnt_opts, "dev="); if (devopt) { if (devopt[4] == '0' && (devopt[5] == 'x' || devopt[5] == 'X')) dev = (dev_t) xatoi (devopt + 6); else dev = (dev_t) xatoi (devopt + 4); } else #endif /* not hpux */ { if (stat (mnt->mnt_dir, &disk_stats) == -1) { char errmsg[256]; volatile int elevel = SH_ERR_ERR; size_t tlen = strlen(mnt->mnt_dir); if (tlen >= 6 && 0 == strcmp(&((mnt->mnt_dir)[tlen-6]), _("/.gvfs"))) elevel = SH_ERR_NOTICE; else if (tlen >= 5 && 0 == strcmp(&((mnt->mnt_dir)[tlen-5]), _("/gvfs"))) elevel = SH_ERR_NOTICE; sl_snprintf(errmsg, sizeof(errmsg), _("stat(%s) failed"), mnt->mnt_dir); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle (elevel, FIL__, __LINE__, 0, MSG_E_SUBGEN, errmsg, _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); return NULL; } dev = disk_stats.st_dev; } if (dev == statp->st_dev) { /* check for the "nosuid" option */ #ifdef HAVE_HASMNTOPT if (NULL == hasmntopt(mnt, "nosuid") || (ShSuidchkNosuid == S_TRUE)) type = mnt->mnt_type; else type = _("nosuid"); /* hasmntopt (nosuid) */ #else type = mnt->mnt_type; #endif } } if (endmntent (mfp) == 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("endmntent() failed"), _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } #endif #ifdef FSTYPE_GETMNT /* Ultrix. */ int offset = 0; struct fs_data fsd; if (path == NULL || relpath == NULL) return NULL; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_type = (void*) &type; while (type == NULL && getmnt (&offset, &fsd, sizeof (fsd), NOSTAT_MANY, 0) > 0) { if (fsd.fd_req.dev == statp->st_dev) type = gt_names[fsd.fd_req.fstype]; } #endif #ifdef FSTYPE_USG_STATFS /* SVR3. */ struct statfs fss; char typebuf[FSTYPSZ]; if (path == NULL || relpath == NULL) return NULL; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_type = (void*) &type; if (statfs (relpath, &fss, sizeof (struct statfs), 0) == -1) { /* Don't die if a file was just removed. */ if (errno != ENOENT) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, _("statfs() failed"), _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); return NULL; } } else if (!sysfs (GETFSTYP, fss.f_fstyp, typebuf)) type = typebuf; #endif #ifdef FSTYPE_STATVFS /* SVR4. */ struct statvfs fss; if (path == NULL || relpath == NULL) return NULL; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_type = (void*) &type; if (statvfs (relpath, &fss) == -1) { /* Don't die if a file was just removed. */ if (errno != ENOENT) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, _("statvfs() failed"), _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); return NULL; } } else { type = fss.f_basetype; /* patch by Konstantin Khrooschev */ if( (fss.f_flag & ST_NOSUID) && (ShSuidchkNosuid == S_FALSE)) type = _("nosuid"); } (void) statp; /* fix compiler warning */ #endif #ifdef FSTYPE_STATFS /* 4.4BSD. */ struct statfs fss; char *p; #if defined(MNT_VISFLAGMASK) && defined(HAVE_STRUCT_STATFS_F_FLAGS) int flags; #endif /* char * sh_dirname(const char *path); */ if (path == NULL || relpath == NULL) return NULL; /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_type = (void*) &type; if (S_ISLNK (statp->st_mode)) p = sh_dirname (relpath); else p = relpath; if (statfs (p, &fss) == -1) { /* Don't die if symlink to nonexisting file, or a file that was just removed. */ if (errno != ENOENT) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, _("statfs() failed"), _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); return NULL; } } else { #ifdef MFSNAMELEN /* NetBSD. */ /* MEMORY LEAK !!! * type = sh_util_strdup (fss.f_fstypename); */ sl_strlcpy (my_tmp_type, fss.f_fstypename, 64); type = my_tmp_type; #else type = fstype_to_string (fss.f_type); #endif #ifdef HAVE_STRUCT_STATFS_F_FLAGS #ifdef MNT_VISFLAGMASK flags = fss.f_flags & MNT_VISFLAGMASK; if ((flags & MNT_NOSUID) && (ShSuidchkNosuid == S_FALSE)) #else if ((fss.f_flags & MNT_NOSUID) && (ShSuidchkNosuid == S_FALSE)) #endif type = _("nosuid"); #endif } if (p != relpath) SH_FREE (p); #endif #ifdef AFS if ((!type || !strcmp (type, "xx")) && in_afs (relpath)) type = "afs"; #endif /* An unknown value can be caused by an ENOENT error condition. Don't cache those values. */ fstype_known = (int)(type != NULL); return sh_util_strdup (type ? type : "unknown"); } #ifdef FSTYPE_MNTENT /* 4.3BSD etc. */ /* Return the value of the hexadecimal number represented by CP. No prefix (like '0x') or suffix (like 'h') is expected to be part of CP. */ static int xatoi (cp) const char *cp; { int val; val = 0; while (*cp != '\0') { /*@+charint@*/ if (*cp >= 'a' && *cp <= 'f') val = val * 16 + *cp - 'a' + 10; else if (*cp >= 'A' && *cp <= 'F') val = val * 16 + *cp - 'A' + 10; else if (*cp >= '0' && *cp <= '9') val = val * 16 + *cp - '0'; else break; /*@-charint@*/ cp++; } return val; } #endif #endif /* #ifdef SH_USE_UTMP */ #endif samhain-3.1.0/src/sh_getopt.c0000644000175000017500000006173112064547763013031 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 1999, 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include "samhain.h" #include "sh_error.h" #include "sh_getopt.h" #include "sh_unix.h" #include "sh_files.h" #include "sh_utils.h" #include "sh_mail.h" #include "sh_forward.h" #include "sh_hash.h" #if defined(WITH_EXTERNAL) #include "sh_extern.h" #endif extern int sh_calls_set_bind_addr (const char *); #undef FIL__ #define FIL__ _("sh_getopt.c") #define HAS_ARG_NO 0 #define HAS_ARG_YES 1 #define DROP_PRIV_NO 0 #define DROP_PRIV_YES 1 typedef struct options { const char * longopt; const char shortopt; const char * usage; int hasArg; int (*func)(const char * opt); } opttable_t; /*@noreturn@*/ static int sh_getopt_usage (const char * dummy); #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) static int sh_getopt_forever (const char * dummy); #endif static int sh_getopt_copyright (const char * dummy); static int sh_getopt_version (const char * dummy); static opttable_t op_table[] = { #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) { N_("set-checksum-test"), 't', N_("Set checksum testing to 'init', 'update', or 'check'"), HAS_ARG_YES, sh_util_setchecksum }, { N_("interactive"), 'i', N_("Run update in interactive mode"), HAS_ARG_NO, sh_util_set_interactive }, { N_("listfile"), '-', N_("Run update with listfile"), HAS_ARG_YES, sh_util_update_file }, #endif #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT) { N_("server-port"), '-', N_("Set the server port to connect to"), HAS_ARG_YES, sh_forward_server_port }, #endif #ifdef SH_WITH_SERVER { N_("server"), 'S', N_("Run as log server (obsolete)"), HAS_ARG_NO, sh_util_setserver }, { N_("qualified"), 'q', N_("Log fully qualified name of client host"), HAS_ARG_NO, sh_forward_set_strip }, { N_("chroot"), '-', N_("Chroot to specified directory"), HAS_ARG_YES, sh_unix_set_chroot }, #endif { N_("daemon"), 'D', N_("Run as daemon"), HAS_ARG_NO, sh_unix_setdeamon }, { N_("foreground"), '-', N_("Stay in the foreground"), HAS_ARG_NO, sh_unix_setnodeamon }, { N_("bind-address"), '-', N_("Bind to this address (interface) for outgoing connections"), HAS_ARG_YES, sh_calls_set_bind_addr }, #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT) { N_("set-export-severity"), 'e', N_("Set severity threshold for export to remote log server"), HAS_ARG_YES, sh_error_setexport }, #endif { N_("set-syslog-severity"), 's', N_("Set severity threshold for syslog"), HAS_ARG_YES, sh_error_set_syslog }, #ifdef WITH_EXTERNAL { N_("set-extern-severity"), 'x', N_("Set severity threshold for logging by external program(s)"), HAS_ARG_YES, sh_error_set_external }, #endif #ifdef HAVE_LIBPRELUDE { N_("set-prelude-severity"), '-', N_("Set severity threshold for logging to prelude"), HAS_ARG_YES, sh_error_set_prelude }, #endif #if defined(WITH_DATABASE) { N_("set-database-severity"), '-', N_("Set severity threshold for logging to RDBMS"), HAS_ARG_YES, sh_error_set_database }, #endif { N_("set-log-severity"), 'l', N_("Set severity threshold for logfile"), HAS_ARG_YES, sh_error_setlog }, #if defined(SH_WITH_MAIL) { N_("set-mail-severity"), 'm', N_("Set severitythreshold for e-mail"), HAS_ARG_YES, sh_error_setseverity }, #endif { N_("set-print-severity"), 'p', N_("Set the severity threshold for terminal/console log"), HAS_ARG_YES, sh_error_setprint }, #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) { N_("recursion"), 'r', N_("Set recursion level for directories"), HAS_ARG_YES, sh_files_setrecursion }, #endif { N_("verify-log"), 'L', N_("Verify the audit trail"), HAS_ARG_YES, sh_error_logverify }, { N_("just-list"), 'j', N_("Modify -L to just list the audit trail"), HAS_ARG_NO, sh_error_logverify_mod }, #if defined(SH_WITH_MAIL) { N_("verify-mail"), 'M', N_("Verify the mailbox"), HAS_ARG_YES, sh_mail_sigverify }, #endif { N_("add-key"), 'V', N_("Add key for the mail/log signature"), HAS_ARG_YES, sh_util_set_newkey }, { N_("hash-string"), 'H', N_("Print the hash of a string"), HAS_ARG_YES, sh_error_verify }, #if defined (SH_WITH_SERVER) { N_("password"), 'P', N_("Compute a client registry entry for password"), HAS_ARG_YES, sh_forward_make_client }, { N_("gen-password"), 'G', N_("Generate a random password"), HAS_ARG_NO, sh_forward_create_password }, #endif #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) { N_("forever"), 'f', N_("Loop forever, even if not daemon"), HAS_ARG_NO, sh_getopt_forever}, { N_("list-file"), '-', N_("Modify -d to list content of a single file"), HAS_ARG_YES, set_list_file}, { N_("full-detail"), 'a', N_("Modify -d to list full details"), HAS_ARG_NO, set_full_detail}, { N_("delimited"), '-', N_("Modify -d to list full details, comma delimited"), HAS_ARG_NO, set_list_delimited}, { N_("list-database"), 'd', N_("List database content (like ls -l)"), HAS_ARG_YES, sh_hash_list_db}, { N_("init2stdout"), '-', N_("Write database to stdout on init"), HAS_ARG_NO, sh_hash_pushdata_stdout}, #endif { N_("trace-logfile"), '-', N_("Logfile for trace"), HAS_ARG_YES, sl_trace_file }, { N_("trace-enable"), '-', N_("Enable tracing"), HAS_ARG_NO, sl_trace_use }, { N_("copyright"), 'c', N_("Print copyright information"), HAS_ARG_NO, sh_getopt_copyright }, { N_("help"), 'h', N_("Print usage information"), HAS_ARG_NO, sh_getopt_usage }, { N_("version"), 'v', N_("Show version and compiled-in options"), HAS_ARG_NO, sh_getopt_version }, #if defined(HAVE_LIBPRELUDE) /* need to skip over these */ { N_("prelude"), '-', N_("Prelude generic options"), HAS_ARG_NO, NULL }, { N_("profile"), '-', N_("Profile to use for this analyzer"), HAS_ARG_YES, NULL }, { N_("heartbeat-interval"), '-', N_("Number of seconds between two heartbeats"), HAS_ARG_YES, NULL }, { N_("server-addr"), '-', N_("Address where this sensor should report to"), HAS_ARG_YES, NULL }, { N_("analyzer-name"), '-', N_("Name for this analyzer"), HAS_ARG_YES, NULL }, #endif /* last entry -- required !! -- */ { NULL, '\0', NULL, HAS_ARG_NO, NULL } }; static void sh_getopt_print_log_facilities (void) { int num = 0; fputs (_("Compiled-in log facilities:\n"), stdout); #ifndef DEFAULT_CONSOLE if (num > 0) fputc ('\n', stdout); printf ("%s", _(" console (/dev/console)")); ++num; #else if (num > 0) fputc ('\n', stdout); if (0 == strcmp (DEFAULT_CONSOLE, _("NULL"))) { printf ("%s", _("console (/dev/console)")); ++num; } else { printf (_("console (%s)"), DEFAULT_CONSOLE); ++num; } #endif if (num > 0) fputc ('\n', stdout); fputs (_(" syslog"), stdout); ++num; if (num > 0) fputc ('\n', stdout); printf (_(" logfile (%s)"), DEFAULT_ERRFILE); ++num; #if defined(WITH_EXTERNAL) if (num > 0) fputc ('\n', stdout); fputs (_(" external program"), stdout); ++num; #endif #if defined(WITH_MESSAGE_QUEUE) if (num > 0) fputc ('\n', stdout); fputs (_(" message queue"), stdout); ++num; #endif #if defined(WITH_DATABASE) if (num > 0) fputc ('\n', stdout); fputs (_(" database"), stdout); ++num; #ifdef WITH_ODBC fputs (_(" (odbc)"), stdout); #endif #ifdef WITH_ORACLE fputs (_(" (Oracle)"), stdout); #endif #ifdef WITH_POSTGRES fputs (_(" (PostgreSQL)"), stdout); #endif #ifdef WITH_MYSQL fputs (_(" (MySQL)"), stdout); #endif #endif #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) if (num > 0) fputc ('\n', stdout); fputs (_(" server"), stdout); ++num; #endif #if defined(SH_WITH_MAIL) if (num > 0) fputc ('\n', stdout); fputs (_(" email"), stdout); ++num; #endif #ifdef HAVE_LIBPRELUDE if (num > 0) fputc ('\n', stdout); ++num; fputs (_(" prelude (0.9.6+)"), stdout); #endif if (num == 0) fputs (_(" none"), stdout); fputc ('\n', stdout); return; } static void sh_getopt_print_options (void) { int num = 0; #if defined(SH_STANDALONE) if (num > 0) fputc ('\n', stdout); fputs (_("Standalone executable"), stdout); ++num; #endif #if defined(SH_WITH_CLIENT) if (num > 0) fputc ('\n', stdout); printf (_("Client executable (port %d)"), SH_DEFAULT_PORT); ++num; #endif #if defined(SH_WITH_SERVER) if (num > 0) fputc ('\n', stdout); printf (_("Server executable (port %d, user %s)"), SH_DEFAULT_PORT, DEFAULT_IDENT); ++num; #endif #if defined(USE_IPVX) fputs (_(", IPv6 supported"), stdout); #endif fputs (_(", compiled-in options:"), stdout); #if defined(USE_SYSTEM_MALLOC) if (num > 0) fputc ('\n', stdout); fputs (_(" using system malloc"), stdout); ++num; #else if (num > 0) fputc ('\n', stdout); fputs (_(" using dnmalloc"), stdout); ++num; #endif #if defined(HAVE_EGD_RANDOM) if (num > 0) fputc ('\n', stdout); printf (_(" using entropy gathering daemon (%s)"), EGD_SOCKET_NAME); ++num; #endif #if defined(HAVE_UNIX_RANDOM) if (num > 0) fputc ('\n', stdout); fputs (_(" using unix entropy gatherer"), stdout); ++num; #endif #if defined(HAVE_URANDOM) if (num > 0) fputc ('\n', stdout); printf (_(" using entropy device (%s)"), NAME_OF_DEV_RANDOM); ++num; #endif #ifdef WITH_GPG if (num > 0) fputc ('\n', stdout); printf (_(" GnuPG signatures (%s)"), DEFAULT_GPG_PATH); ++num; #ifdef HAVE_GPG_CHECKSUM if (num > 0) fputc ('\n', stdout); printf (_(" -- GnuPG checksum: %s"), GPG_HASH); ++num; #endif #ifdef USE_FINGERPRINT if (num > 0) fputc ('\n', stdout); printf (_(" -- Key fingerprint: %s"), SH_GPG_FP); ++num; #endif #endif #if defined(SH_SHELL_EVAL) if (num > 0) fputc ('\n', stdout); fputs (_(" shell expansion in configuration file supported"), stdout); ++num; #endif #if defined(SL_DEBUG) if (num > 0) fputc ('\n', stdout); fputs (_(" debug build (do not use for production)"), stdout); ++num; #endif #if defined(SCREW_IT_UP) if (num > 0) fputc ('\n', stdout); fputs (_(" anti-debugger"), stdout); ++num; #endif #if defined(SH_USE_XML) if (num > 0) fputc ('\n', stdout); fputs (_(" xml log format"), stdout); ++num; #endif #if defined(HAVE_NTIME) if (num > 0) fputc ('\n', stdout); fputs (_(" using time server"), stdout); ++num; #endif #if defined(HAVE_REGEX_H) if (num > 0) fputc ('\n', stdout); fputs (_(" posix regex support"), stdout); ++num; #endif #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) #if defined(HAVE_LIBZ) if (num > 0) fputc ('\n', stdout); fputs (_(" optionally store full text for files"), stdout); ++num; #endif #if !defined(SH_COMPILE_STATIC) && defined(__linux__) && defined(HAVE_AUPARSE_H) && defined(HAVE_AUPARSE_LIB) if (num > 0) fputc ('\n', stdout); fputs (_(" optionally report auditd record of changed file"), stdout); ++num; #endif #if defined(USE_XATTR) if (num > 0) fputc ('\n', stdout); fputs (_(" check SELinux attributes"), stdout); ++num; #endif #if defined(USE_ACL) if (num > 0) fputc ('\n', stdout); fputs (_(" check Posix ACLs"), stdout); ++num; #endif #if defined(RELOAD_DATABASE) if (num > 0) fputc ('\n', stdout); fputs (_(" fetch database on reload"), stdout); ++num; #endif #endif #if defined(SH_WITH_SERVER) #if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) if (num > 0) fputc ('\n', stdout); fputs (_(" command socket authentication: use SetSocketPassword"), stdout); ++num; #else if (num > 0) fputc ('\n', stdout); fputs (_(" command socket authentication: use SetSocketAllowUID"), stdout); ++num; #endif #if defined(SH_USE_LIBWRAP) if (num > 0) fputc ('\n', stdout); fputs (_(" support tcp wrapper"), stdout); ++num; #endif #if defined(INET_SYSLOG) if (num > 0) fputc ('\n', stdout); fputs (_(" support listening on 514/udp (syslog)"), stdout); ++num; #endif #endif if (num == 0) fputs (_(" none"), stdout); fputc ('\n', stdout); return; } static void sh_getopt_print_modules (void) { #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) int num = 0; fputs (_("Compiled-in modules:\n"), stdout); #ifdef SH_USE_UTMP if (num > 0) fputc (',', stdout); fputs (_(" login/logout"), stdout); ++num; #endif #ifdef SH_USE_MOUNTS if (num > 0) fputc (',', stdout); fputs (_(" mount options"), stdout); ++num; #endif #ifdef SH_USE_USERFILES if (num > 0) fputc (',', stdout); fputs (_(" userfiles"), stdout); ++num; #endif #ifdef SH_USE_KERN if (num > 0) fputc (',', stdout); fputs (_(" kernel"), stdout); ++num; #endif #ifdef SH_USE_SUIDCHK if (num > 0) fputc (',', stdout); fputs (_(" suid"), stdout); ++num; #endif #ifdef SH_USE_PROCESSCHECK if (num > 0) fputc (',', stdout); fputs (_(" processes"), stdout); ++num; #endif #ifdef SH_USE_PORTCHECK if (num > 0) fputc (',', stdout); fputs (_(" ports"), stdout); ++num; #endif #ifdef USE_LOGFILE_MONITOR if (num > 0) fputc (',', stdout); fputs (_(" logfile monitor"), stdout); ++num; #endif #if defined(USE_REGISTRY_CHECK) if (num > 0) fputc ('\n', stdout); fputs (_(" Windows registry"), stdout); ++num; #endif if (num == 0) fputs (_(" none"), stdout); fputc ('\n', stdout); #endif return; } static int sh_getopt_version (const char * dummy) { (void) dummy; fprintf (stdout, _("This is samhain (%s), "\ "(c) 1999-2008 Rainer Wichmann (http://la-samhna.de).\n"), VERSION); fprintf (stdout, "%s",_("This software comes with ABSOLUTELY NO WARRANTY. ")); fprintf (stdout, "%s",_("Use at own risk.\n\n")); sh_getopt_print_log_facilities (); sh_getopt_print_modules (); sh_getopt_print_options (); _exit (EXIT_SUCCESS); /*@notreached@*/ return 0; /* make compilers happy */ } static int sh_getopt_copyright (const char * dummy) { fprintf (stdout, "%s", _("Copyright (C) 1999-2008 Rainer Wichmann"\ " (http://la-samhna.de).\n\n")); fprintf (stdout, "%s", _("This program is free software; "\ "you can redistribute it and/or modify\n")); fprintf (stdout, "%s",_("it under the terms of the GNU General "\ "Public License as published by\n")); fprintf (stdout, "%s",_("the Free Software Foundation; either version 2 "\ "of the License, or\n")); fprintf (stdout, "%s",_("(at your option) any later version.\n\n")); fprintf (stdout, "%s",_("This program is distributed in the hope "\ "that it will be useful,\n")); fprintf (stdout, "%s",_("but WITHOUT ANY WARRANTY; "\ "without even the implied warranty of\n")); fprintf (stdout, "%s",_("MERCHANTABILITY or FITNESS FOR A PARTICULAR "\ "PURPOSE. See the\n")); fprintf (stdout, "%s",_("GNU General Public License for more details.\n\n")); fprintf (stdout, "%s",_("You should have received a copy of the "\ "GNU General Public License\n")); fprintf (stdout, "%s",_("along with this program; "\ "if not, write to the Free Software\n")); fprintf (stdout, "%s",_("Foundation, Inc., 59 Temple Place - Suite 330, "\ "Boston, MA 02111-1307, USA.\n\n")); fprintf (stdout, "%s",_("This product makes use of the reference "\ "implementation of the TIGER message\n")); fprintf (stdout, "%s",_("digest algorithm. This code is copyright Eli Biham "\ "(biham@cs.technion.ac.il)\n")); fprintf (stdout, "%s",_("and Ross Anderson (rja14@cl.cam.ac.uk). It can be used "\ "freely without any\n")); fprintf (stdout, "%s",_("restrictions.\n")); #if defined(USE_SRP_PROTOCOL) && !defined(SH_STANDALONE) #if (!defined(HAVE_LIBGMP) || !defined(HAVE_GMP_H)) fprintf (stdout, "%s",_("This product makes use of the 'bignum' library by "\ "Henrik Johansson\n")); fprintf (stdout, "%s",_("(Henrik.Johansson@Nexus.Comm.SE). If you are "\ "including this library in a\n")); fprintf (stdout, "%s",_("commercial product, be sure to distribute ALL of"\ " it with the product.\n")); #endif fprintf (stdout, "%s",_("This product uses the 'Secure Remote Password' "\ "cryptographic\n")); fprintf (stdout, "%s",_("authentication system developed by Tom Wu "\ "(tjw@CS.Stanford.EDU).\n")); #endif fprintf (stdout, "%s",_("\nPlease refer to the file COPYING in the source "\ "distribution for a")); fprintf (stdout, "%s",_("\nfull list of incorporated code and associated "\ "licenses.\n")); if (dummy) _exit (EXIT_SUCCESS); else _exit (EXIT_SUCCESS); /*@notreached@*/ return 0; /* make compilers happy */ } /*@noreturn@*/ static int sh_getopt_usage (const char * dummy) { int i; char fmt[64]; char opts[64]; for (i = 0; i < 64; ++i) /* splint does not grok char opts[64] = { '\0' }; */ opts[i] = '\0'; fprintf (stdout, _("This is samhain (%s), "\ "(c) 1999-2006 Rainer Wichmann (http://la-samhna.de).\n"), VERSION); fprintf (stdout, "%s",_("This software comes with ABSOLUTELY NO WARRANTY. ")); fprintf (stdout, "%s",_("Use at own risk.\n")); fprintf (stdout, "%s",_("Usage:\n\n")); for (i = 0; op_table[i].longopt != NULL; ++i) { if (i == 63) break; if (op_table[i].shortopt != '-' && strchr(opts, op_table[i].shortopt) != NULL) fprintf (stdout, "%s",_("Short option char collision !\n")); opts[i] = op_table[i].shortopt; if (op_table[i].hasArg == HAS_ARG_NO) { if (sl_strlen(op_table[i].longopt) < 10) sl_strlcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"), sizeof(fmt)); else if (sl_strlen(op_table[i].longopt) < 17) sl_strlcpy(fmt, _("%c%c%c --%-s,\t\t %s\n"), sizeof(fmt)); else sl_strlcpy(fmt, _("%c%c%c --%-s,\t %s\n"), sizeof(fmt)); /* flawfinder: ignore */ fprintf (stdout, fmt, (op_table[i].shortopt == '-') ? ' ' : '-', (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, (op_table[i].shortopt == '-') ? ' ' : ',', _(op_table[i].longopt), _(op_table[i].usage)); } else { if (sl_strlen(op_table[i].longopt) < 12) sl_strlcpy(fmt, _("%c%c %s --%-s=,\t\t %s\n"), sizeof(fmt)); else sl_strlcpy(fmt, _("%c%c %s --%-s=,\t %s\n"), sizeof(fmt)); /* flawfinder: ignore */ fprintf (stdout, fmt, (op_table[i].shortopt == '-') ? ' ' : '-', (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, (op_table[i].shortopt == '-') ? _(" ") : _(","), _(op_table[i].longopt), _(op_table[i].usage)); } } fprintf (stdout, "%s", _("\nPlease report bugs to support@la-samhna.de.\n")); (void) fflush(stdout); if ( dummy != NULL) { if (sl_strcmp( dummy, _("fail")) == 0 ) _exit (EXIT_FAILURE); } _exit (EXIT_SUCCESS); /*@notreached@*/ return 0; /* make compilers happy */ } #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) static int sh_getopt_forever (const char * dummy) { (void) dummy; SL_ENTER(_("sh_getopt_forever")); sh.flag.loop = S_TRUE; SL_RETURN(0, _("sh_getopt_forever")); } #endif int sh_getopt_get (int argc, char * argv[]) { int count = 0; size_t len = 0; int foundit = 0; int i; size_t k; char * theequal; SL_ENTER(_("sh_getopt_get")); /* -- Return if no args. -- */ if (argc < 2) SL_RETURN(0, _("sh_getopt_get")); while (argc > 1 && argv[1][0] == '-') { /* Initialize */ foundit = 0; len = sl_strlen (argv[1]); /* a '-' with no argument: error */ if (len == 1) (void) sh_getopt_usage(_("fail")); /* a '--' with no argument: stop argument processing */ if (len == 2 && argv[1][1] == '-') SL_RETURN( count, _("sh_getopt_get")); /* a short option: process it */ if (len >= 2 && argv[1][1] != '-') { for (k = 1; k < len; ++k) { for (i = 0; op_table[i].shortopt != '\0'; ++i) { if ( op_table[i].shortopt == argv[1][k] ) { foundit = 1; if ( op_table[i].hasArg == HAS_ARG_YES ) { if (k != (len - 1)) { /* not last option */ fprintf (stderr, "%s", _("Error: short option with argument is not last in option string\n")); (void) sh_getopt_usage(_("fail")); } if (argc < 3) { /* argument required, but no avail */ fprintf (stderr, "%s", _("Error: missing argument\n")); (void) sh_getopt_usage(_("fail")); } else { /* call function with argument */ --argc; ++argv; if (NULL != op_table[i].func && 0 != (* op_table[i].func )(argv[1])) fprintf (stderr, _("Error processing option -%c\n"), op_table[i].shortopt); break; } } else { if (NULL != op_table[i].func && 0 != (* op_table[i].func )(NULL)) fprintf (stderr, _("Error processing option -%c\n"), op_table[i].shortopt); break; } } } } /* 'break' should get here */ if (foundit == 1) { --argc; ++argv; continue; } else { /* unrecognized short option */ fprintf (stderr, "%s",_("Error: unrecognized short option\n")); (void) sh_getopt_usage(_("fail")); } } /* a long option: process it */ if (len > 2) { for (i = 0; op_table[i].longopt != NULL; ++i) { if (sl_strncmp(_(op_table[i].longopt), &argv[1][2], sl_strlen(op_table[i].longopt)) == 0 ) { foundit = 1; if ( op_table[i].hasArg == HAS_ARG_YES ) { theequal = strchr(argv[1], '='); if (theequal == NULL) { if (argc < 3) { /* argument required, but no avail */ fprintf (stderr, "%s", _("Error: missing argument\n")); (void) sh_getopt_usage(_("fail")); } else { /* call function with argument */ --argc; ++argv; if (NULL != op_table[i].func && 0 != (* op_table[i].func )(argv[1])) fprintf (stderr, _("Error processing option -%s\n"), op_table[i].longopt); break; } } else { if (sl_strlen (theequal) > 1) { ++theequal; /* call function with argument */ if (NULL != op_table[i].func && 0 != (* op_table[i].func )(theequal)) fprintf (stderr, _("Error processing option -%s\n"), op_table[i].longopt); break; } else { fprintf (stderr, "%s", _("Error: invalid argument\n")); /* argument required, but no avail */ (void) sh_getopt_usage(_("fail")); } } } else { if (NULL != op_table[i].func && 0 != (* op_table[i].func )(NULL)) fprintf (stderr, _("Error processing option -%s\n"), op_table[i].longopt); break; } } } /* 'break' should get here */ if (foundit == 1) { ++count; --argc; ++argv; continue; } else { /* unrecognized long option */ fprintf (stderr, "%s",_("Error: unrecognized long option\n")); (void) sh_getopt_usage(_("fail")); } } } SL_RETURN( count, _("sh_getopt_get")); } samhain-3.1.0/src/slib.c0000644000175000017500000021604712017770400011750 00000000000000#include "config_xor.h" #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) #define _XOPEN_SOURCE 600 #define _BSD_SOURCE #endif #include #include #include #include #include #ifdef HAVE_STDINT_H /* for SIZE_MAX */ #include #endif #include #include #include #include #include #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) #include #endif #if TIME_WITH_SYS_TIME #include #include #else #if HAVE_SYS_TIME_H #include #else #include #endif #endif #ifdef HAVE_MEMORY_H #include #endif #ifdef HAVE_SYS_SELECT_H #include #endif #ifndef FD_SET #define NFDBITS 32 #define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) #define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) #define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) #endif /* !FD_SET */ #ifndef FD_SETSIZE #define FD_SETSIZE 32 #endif #ifndef FD_ZERO #define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) #endif #define SH_REAL_SET #include "slib.h" #include "sh_calls.h" #define SH_NEED_PWD_GRP 1 #include "sh_static.h" #include "sh_pthread.h" #include "sh_string.h" #undef FIL__ #define FIL__ _("slib.c") const uid_t sh_uid_neg = ((uid_t) -1); const gid_t sh_gid_neg = ((gid_t) -1); #undef BREAKEXIT #if defined(SCREW_IT_UP) && defined(__linux__) && defined(__i386__) #ifdef SH_DEBUG #define BREAKEXIT(expr) \ do { \ int ixi; \ for (ixi = 0; ixi < 8; ++ixi) { \ if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ { dlog(0, FIL__, __LINE__, _("BREAKEXIT")); _exit(EXIT_FAILURE); } \ } \ } \ while (1 == 0) #else #define BREAKEXIT(expr) \ do { \ int ixi; \ for (ixi = 0; ixi < 8; ++ixi) { \ if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ _exit(EXIT_FAILURE); \ } \ } \ while (1 == 0) #endif #else #define BREAKEXIT(expr) #endif /**************************************************************** * * The debug/trace subsystem * ****************************************************************/ int slib_do_trace = 0; int slib_trace_fd = -1; static char trace_log[256] = { '\0' }; static int trace_level = 0; static FILE * trace_fp = NULL; int sl_trace_use (const char * dummy) { (void) dummy; slib_do_trace = 1; return 0; } int sl_trace_file (const char * str) { if (!str) return -1; if (str[0] != '/') return -1; sl_strlcpy(trace_log, str, 256); return 0; } FILE * sl_tracefile_open(const char * file, const char * mode) { FILE * xp = NULL; slib_trace_fd = open(file, O_WRONLY|O_CREAT|O_APPEND, 0600); if (slib_trace_fd >= 0) xp = fdopen(slib_trace_fd, mode); return xp; } void sl_trace_in(const char * str, const char * file, int line) { int i; if (trace_log[0] == '\0') { fprintf(stderr, "++ "); for (i = 0; i < trace_level; ++i) fprintf(stderr, ". "); fprintf(stderr, "[%2d] %s \t - File %c%s%c at line %d\n", trace_level, str, 0x22, file, 0x22, line); } else if (!sl_is_suid()) { if (!trace_fp) trace_fp = sl_tracefile_open(trace_log, "a"); if (trace_fp) { fprintf(trace_fp, "++ "); for (i = 0; i < trace_level; ++i) fprintf(trace_fp, ". "); fprintf(trace_fp, "[%2d] %s \t - File %c%s%c at line %d\n", trace_level, str, 0x22, file, 0x22, line); fflush(trace_fp); } else { perror(_("sl_trace_in: fopen")); _exit(1); } } ++trace_level; } void sl_trace_out(const char * str, const char * file, int line) { int i; --trace_level; if (trace_level < 0) trace_level = 0; if (trace_log[0] == '\0') { fprintf(stderr, "-- "); for (i = 0; i < trace_level; ++i) fprintf(stderr, ". "); fprintf(stderr, _("[%2d] %s \t - File %c%s%c at line %d\n"), trace_level, str, 0x22, file, 0x22, line); } else if (!sl_is_suid()) { if (!trace_fp) trace_fp = sl_tracefile_open(trace_log, "a"); if (trace_fp) { fprintf(trace_fp, "-- "); for (i = 0; i < trace_level; ++i) fprintf(trace_fp, ". "); fprintf(trace_fp, _("[%2d] %s \t - File %c%s%c at line %d\n"), trace_level, str, 0x22, file, 0x22, line); fflush(trace_fp); } else { perror(_("sl_trace_out: fopen")); _exit(1); } } } extern int sh_log_console (const char * msg); static int dlogActive = 0; /* this is called from sh_error_setprint() */ void dlog_set_active(int flag) { dlogActive = flag; } /* flag = 0 debug messages * = 1 descriptive error messages * = 3 backtrace */ int dlog (int flag, const char * file, int line, const char *fmt, ...) { va_list ap; char val[81]; char msg[512]; char tmp[512]; int retval = 0; int i; #ifdef SH_STEALTH /* * do not even print descriptive failure messages in stealth mode */ if (dlogActive == 0) return 0; if (dlogActive == 1 && flag == 0) /* debug requires debug level */ return 0; #else if (dlogActive <= 1 && flag == 0) /* debug requires debug level */ return 0; #endif if (flag == 1) { sl_snprintf (val, 81, _("\n--------- %10s "), file); sl_strlcpy (msg, val, 80); sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); sl_strlcat (msg, val, 80); sh_log_console (msg); } va_start (ap, fmt); if (flag == 1) sl_strlcpy(tmp, fmt, 512); else sl_strlcpy(tmp, fmt, 256); retval = strlen(tmp); if (retval > 0 && tmp[retval-1] == '\n') tmp[retval-1] = '\0'; retval = 0; if (flag == 1) { sl_vsnprintf (msg, 511, tmp, ap); } else { sl_strlcpy (msg, "## ", 256); for (i = 0; i < trace_level; ++i) sl_strlcat (msg, ". ", 256); sprintf (val, _("[%2d] "), trace_level); sl_strlcat (msg, val, 256); sl_vsnprintf (&msg[strlen(msg)], 255, tmp, ap); sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"), 0x22, file, 0x22, line); sl_strlcat (msg, tmp, 512); } va_end (ap); if (flag != 0 || sl_is_suid()) retval = sh_log_console (msg); else { if (trace_log[0] == '\0') { /* sh_log_console (msg); */ fprintf(stderr, "%s\n", msg); } else { if (!trace_fp) trace_fp = sl_tracefile_open(trace_log, "a"); if (trace_fp) { fprintf(trace_fp, "%s\n", msg); } else { perror(_("dlog: fopen")); _exit(1); } } } if (flag == 1) sh_log_console (_("\n----------------------------------------------\n")); return retval; } extern char aud_err_message[64]; static char alt_err_message[64]; char * sl_get_errmsg() { if (aud_err_message[0] == '\0') { sl_strlcpy(alt_err_message, sl_error_string(sl_errno), 64); return &alt_err_message[0]; } return &aud_err_message[0]; } #if defined(SL_DEBUG) #define SL_MAX_MYSTACK 128 static char sl_mystack[SL_MAX_MYSTACK][32]; static int sl_mystack_count = 0; void sl_stack_push(char * c, char * file, int line ) { if (slib_do_trace) sl_trace_in(c, file, line); if (c && sl_mystack_count < SL_MAX_MYSTACK) { strncpy(sl_mystack[sl_mystack_count], c, 31); sl_mystack[sl_mystack_count][31] = '\0'; ++sl_mystack_count; /* fprintf(stderr, "#%03d %s\n", sl_mystack_count, sl_mystack[sl_mystack_count-1]); */ } return; } void sl_stack_pop(char * c, char * file, int line) { if (slib_do_trace) sl_trace_out(c, file, line); if (sl_mystack_count > 0) { /* fprintf(stderr, " <- #%03d %s\n", sl_mystack_count, sl_mystack[sl_mystack_count-1]); */ --sl_mystack_count; } return; } void sl_stack_print() { int i; /* FILE * dfile; */ if (sl_mystack_count > 0) { sh_log_console(_("\nBacktrace:\n")); /* dlog(3, FIL__, __LINE__, _("\nBacktrace:\n")); */ for (i = 0; i < sl_mystack_count; ++i) sh_log_console(sl_mystack[i]); /* dlog(3, FIL__, __LINE__, _("#%03d %s\n"), i, sl_mystack[i]); */ } return; } #endif /* * The global errno. * On error, this is set to the return value of the function. */ long int sl_errno; /* ---------------------------------------------------------------- * * Capability routines * * ---------------------------------------------------------------- */ int sl_useCaps = 0; #ifdef FANCY_LIBCAP #include /* * While these routines are tested and work, we don't use POSIX * capabilities, as they don't seem to be useful (root can write * to root-owned files anyway). Things would be more interesting * if we could switch to a non-root UID with just a few capabilities * enabled. */ int sl_drop_cap () { int error; cap_t caps; cap_flag_t capflag; cap_flag_value_t capfval = CAP_CLEAR; cap_value_t capvals_e[] = { CAP_CHOWN, CAP_FOWNER, CAP_FSETID, CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, CAP_SETGID, CAP_SETUID, CAP_KILL, CAP_DAC_OVERRIDE, #if !defined(WITH_MESSAGE_QUEUE) CAP_IPC_OWNER, #endif CAP_SYS_MODULE, CAP_LEASE }; cap_value_t capvals_p[] = { CAP_CHOWN, CAP_LEASE, CAP_FSETID, CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, #if !defined(WITH_EXTERNAL) && !defined(HAVE_UNIX_RANDOM) CAP_SETGID, CAP_SETUID, CAP_KILL, #endif #if !defined(SH_USE_SUIDCHK) CAP_DAC_OVERRIDE, CAP_FOWNER, #endif #if !defined(WITH_MESSAGE_QUEUE) CAP_IPC_OWNER, #endif CAP_SYS_MODULE }; if (0 == sl_useCaps) /* 0 = S_FALSE */ { return 0; } if(NULL == (caps = cap_get_proc())) { return errno; } capflag = CAP_EFFECTIVE; if (0 != cap_set_flag(caps, capflag, sizeof(capvals_e)/sizeof(cap_value_t), capvals_e, capfval)) { error = errno; cap_free(caps); return error; } if (0 != cap_set_proc(caps)) { error = errno; cap_free(caps); return error; } capflag = CAP_PERMITTED; if (0 != cap_set_flag(caps, capflag, sizeof(capvals_p)/sizeof(cap_value_t), capvals_p, capfval)) { error = errno; cap_free(caps); return error; } if (0 != cap_set_proc(caps)) { error = errno; cap_free(caps); return error; } cap_free(caps); return 0; } int sl_drop_cap_int(int what) { #if defined(SL_DEBUG) char * captext; #endif cap_flag_t capflag = CAP_EFFECTIVE; cap_flag_value_t capfval = CAP_CLEAR; cap_value_t capvals_a[] = { CAP_SETGID, CAP_SETUID, CAP_KILL }; cap_value_t capvals_b[] = { CAP_DAC_OVERRIDE, CAP_FOWNER }; cap_value_t * capvals; int nvals; int error = 0; cap_t caps = cap_get_proc(); if (0 == sl_useCaps) /* 0 = S_FALSE */ { return 0; } if (caps == NULL) { return errno; } switch (what) { case 1: capvals = capvals_a; nvals = 3; capfval = CAP_CLEAR; break; case 2: capvals = capvals_a; nvals = 3; capfval = CAP_SET; break; case 3: capvals = capvals_b; nvals = 2; capfval = CAP_CLEAR; break; case 4: capvals = capvals_b; nvals = 2; capfval = CAP_SET; break; default: return (0); } if (0 != cap_set_flag(caps, capflag, nvals, capvals, capfval)) { error = errno; cap_free(caps); return error; } if (0 != cap_set_proc(caps)) { error = errno; cap_free(caps); return error; } #if defined(SL_DEBUG) captext = cap_to_text(caps, NULL); TPT(( 0, FIL__, __LINE__, _("msg=\n"), what, captext)); cap_free(captext); #endif cap_free(caps); return 0; } int sl_drop_cap_sub() { return sl_drop_cap_int(1); } int sl_get_cap_sub() { return sl_drop_cap_int(2); } int sl_drop_cap_qdel() { return sl_drop_cap_int(3); } int sl_get_cap_qdel() { return sl_drop_cap_int(4); } #else int sl_drop_cap () { return 0; } int sl_drop_cap_sub() { return 0; } int sl_get_cap_sub() { return 0; } int sl_drop_cap_qdel() { return 0; } int sl_get_cap_qdel() { return 0; } #endif /* ---------------------------------------------------------------- * * String handling routines * * ---------------------------------------------------------------- */ /* * Have memset in a different translation unit (i.e. this) to prevent * it to get optimized away */ void *sl_memset(void *s, int c, size_t n) { return memset(s, c,n); } #if !defined (VA_COPY) #if defined (__GNUC__) && defined (__PPC__) && (defined (_CALL_SYSV) || defined (_WIN32)) #define VA_COPY(ap1, ap2) (*(ap1) = *(ap2)) #elif defined (VA_COPY_AS_ARRAY) #define VA_COPY(ap1, ap2) memmove ((ap1), (ap2), sizeof (va_list)) #else /* va_list is a pointer */ #define VA_COPY(ap1, ap2) ((ap1) = (ap2)) #endif #endif #if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) static size_t sl_printf_count (const char * fmt, va_list vl) { size_t length = 1; int fini = 0; int islong = 0; int islonglong = 0; int islongdouble = 0; char * string_arg; SL_ENTER(_("sl_printf_count")); if (fmt == NULL) SL_IRETURN(SL_ENULL, _("sl_printf_count")); while (*fmt) { if ( (*fmt) == '%' ) { /* a format specifier */ fmt++; /* point to first char after '%' */ fini = 0; islong = 0; islongdouble = 0; while (*fmt && (fini == 0) ) { switch (*fmt) { case '*': /* field width supplied by an integer */ length = length + va_arg (vl, int); ++fmt; break; case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': length = length + strtol (fmt, (char**) &fmt, 10); /* strtol makes FastForward to first invalid char */ break; case 'l': /* 'long' modifier */ if (islong == 0) islong = 1; else { islonglong = 1; islong = 0; } ++fmt; break; case 'L': /* 'long double' modifier */ #ifdef HAVE_LONG_DOUBLE islongdouble = 1; #else islong = 1; #endif ++fmt; break; case 'd': case 'i': case 'o': case 'u': case 'x': case 'X': if (islonglong == 1) #ifdef HAVE_LONG_LONG (void) va_arg (vl, long long); #else (void) va_arg (vl, long); #endif else if (islong == 1) (void) va_arg (vl, long); else (void) va_arg (vl, int); islong = 0; islonglong = 0; length = length + 24; ++fmt; fini = 1; break; case 'D': case 'O': case 'U': (void) va_arg (vl, long); length = length + 24; fmt++; fini = 1; break; case 'e': case 'E': case 'f': case 'g': #ifdef HAVE_LONG_DOUBLE if (islongdouble == 1) { (void) va_arg (vl, long double); islongdouble = 0; length = length + 20; } else #endif (void) va_arg (vl, double); length = length + 20; fini = 1; ++fmt; break; case 's': string_arg = va_arg (vl, char *); if (string_arg != NULL) length = length + sl_strlen (string_arg); else length = length + 16; fini = 1; ++fmt; break; case 'c': (void) va_arg (vl, int); length = length + 1; fini = 1; ++fmt; break; case 'p': case 'n': (void) va_arg (vl, void * ); length = length + 32; fini = 1; ++fmt; break; case '%': /* %% will print '%' */ length = length + 1; fini = 1; ++fmt; break; default: length = length + 1; ++fmt; break; } /* end switch */ } /* end parsing a single format specifier */ } else { length = length + 1; fmt++; } } SL_IRETURN(length, _("sl_printf_count")); } #endif /* #ifndef HAVE_VSNPRINTF */ /* * An implementation of vsnprintf. va_start/va_end are in the caller * function. * Returns C99 (#bytes that would heve been written) on success. */ int sl_vsnprintf(char *str, size_t n, const char *format, va_list vl ) { int len = 0; #if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) size_t total; va_list vl2; #endif SL_ENTER(_("sl_vsnprintf")); if (str == NULL || format == NULL) SL_IRETURN(0, _("sl_vsnprintf")); #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ str[n-1] = '\0'; #else VA_COPY (vl2, vl); /* save the argument list */ total = sl_printf_count (format, vl); len = (int) total; if (total < n) { /* flawfinder: ignore */ vsprintf (str, format, vl2); /* program has checked that it fits */ str[n-1] = '\0'; } else { sl_strlcpy (str, format, n); va_end(vl2); SL_IRETURN(len, _("sl_vsnprintf")); } va_end(vl2); #endif SL_IRETURN(len, _("sl_vsnprintf")); } /* * An implementation of snprintf. * Returns SL_ENONE on success. * ENULL: src || format == NULL * ERANGE: n out of range * ETRUNC: truncated (unimplemented) */ int sl_snprintf(char *str, size_t n, const char *format, ... ) { va_list vl; #if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF) size_t total = 0; va_list vl2; #endif SL_ENTER(_("sl_snprintf")); if (str == NULL || format == NULL) SL_IRETURN(SL_ENULL, _("sl_snprintf")); va_start (vl, format); #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) /* flawfinder: ignore */ vsnprintf (str, n, format, vl); str[n-1] = '\0'; #else VA_COPY (vl2, vl); /* save the argument list */ total = sl_printf_count (format, vl); if (total < n) { /* flawfinder: ignore */ vsprintf (str, format, vl2); /* program has checked that it fits */ str[n-1] = '\0'; } else { sl_strlcpy (str, format, n); va_end(vl2); va_end(vl); SL_IRETURN(SL_ETRUNC, _("sl_snprintf")); } va_end(vl2); #endif va_end(vl); SL_IRETURN(SL_ENONE, _("sl_snprintf")); } /* * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns SL_NONE on success, errcode on failure. * * ENULL: dst == NULL * ERANGE: siz out of range * ETRUNC: src truncated */ int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz) { register size_t dst_end; register size_t dst_free; register char * p; register const char * q; if (!(dst == NULL || src == NULL || *src == '\0')) { if (siz > 0) { /* How much free space do we have ? */ dst_end = strlen(dst); dst_free = siz - dst_end - 1; p = &dst[dst_end]; q = src; while (dst_free > 0 && *q != '\0') { *p++ = *q++; --dst_free; } /* NULL terminate dst. */ *p = '\0'; if (*q == '\0') return SL_ENONE; else return SL_ETRUNC; } } return SL_ENONE; } /* * An alternative implementation of the OpenBSD strlcpy() function. * * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns SL_NONE on success, errcode on failure. * * ENULL: dst == NULL * ERANGE: siz out of range * ETRUNC: src truncated */ int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz) { /* SL_ENTER(_("sl_strlcpy")); */ if (!((dst == NULL) || (src == NULL))) { if (siz > 0) { /* copy siz-1 characters */ (void) strncpy(dst, src, siz-1); /* NULL terminate */ dst[siz-1] = '\0'; } return SL_ENONE; } else if (src == NULL) { if (dst && siz > 0) dst[0] = '\0'; return SL_ENONE; } else { return SL_ENULL; } } /* * A robust drop-in replacement of strncpy. strlcpy is preferable. */ char * sl_strncpy(char *dst, const char *src, size_t size) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE(dst != NULL, _("dst != NULL")); SL_REQUIRE(src != NULL, _("src != NULL")); SL_REQUIRE(size > 0, _("size > 0")); #endif if (dst == NULL) { sl_errno = SL_ENULL; return (NULL); } if (size < 1) { sl_errno = SL_ERANGE; return (dst); } if (!src) { sl_errno = SL_ENULL; dst[0] = '\0'; } else if (src[0] == '\0') dst[0] = '\0'; else strncpy(dst, src, size); if (sl_strlen(src) >= size) { errno = ENOSPC; dst[size-1] = '\0'; } return (dst); } /* * A robust drop-in replacement of strncat. strlcat is preferable. */ char * sl_strncat(char *dst, const char *src, size_t n) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE(dst != NULL, _("dst != NULL")); SL_REQUIRE(src != NULL, _("src != NULL")); SL_REQUIRE(n > 0, _("n > 0")); #endif if (dst == NULL) { sl_errno = SL_ENULL; return (NULL); } if (n < 1) { sl_errno = SL_ERANGE; return (dst); } if (!src) { sl_errno = SL_ENULL; return (dst); } else if (src[0] == '\0') dst[0] = '\0'; else strncat(dst, src, n); return (dst); } #include int sl_strcasecmp(const char * one, const char * two) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE (one != NULL, _("one != NULL")); SL_REQUIRE (two != NULL, _("two != NULL")); #endif if (one && two) { do { if (*one && *two) { if (tolower((int) *one) == tolower((int) *two)) { ++one; ++two; } else if (tolower((int) *one) < tolower((int) *two)) return -1; else return 1; } else if (*one == '\0' && *two == '\0') return 0; else if (*one == '\0') return -1; else return 1; } while (1 == 1); } else if (one == NULL && two != NULL) return -1; else if (one != NULL && two == NULL) return 1; else return -7; /* default to not equal */ } int sl_strcmp(const char * a, const char * b) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE (a != NULL, _("a != NULL")); SL_REQUIRE (b != NULL, _("b != NULL")); #endif if (a != NULL && b != NULL) return (strcmp(a, b)); else if (a == NULL && b != NULL) return (-1); else if (a != NULL && b == NULL) return (1); else return (-7); /* default to not equal */ } int sl_strncmp(const char * a, const char * b, size_t n) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE (a != NULL, _("a != NULL")); SL_REQUIRE (b != NULL, _("b != NULL")); SL_REQUIRE (n > 0, _("n > 0")); #endif if (a != NULL && b != NULL) return (strncmp(a, b, n)); else if (a == NULL && b != NULL) return (-1); else if (a != NULL && b == NULL) return (1); else return (-7); /* default to not equal */ } int sl_strncasecmp(const char * a, const char * b, size_t n) { #ifdef SL_FAIL_ON_ERROR SL_REQUIRE (a != NULL, _("a != NULL")); SL_REQUIRE (b != NULL, _("b != NULL")); SL_REQUIRE (n > 0, _("n > 0")); #endif if (a != NULL && b != NULL) return (strncasecmp(a, b, n)); else if (a == NULL && b != NULL) return (-1); else if (a != NULL && b == NULL) return (1); else return (-7); /* default to not equal */ } /* string searching */ char * sl_strstr (const char * haystack, const char * needle) { #ifndef HAVE_STRSTR unsigned int i; size_t needle_len; size_t haystack_len; #endif if (haystack == NULL || needle == NULL) return NULL; if (*needle == '\0' || *haystack == '\0') return NULL; #if defined(HAVE_STRSTR) return (strstr(haystack, needle)); #else needle_len = strlen(needle); haystack_len = strlen(haystack); for (i = 0; i <= (haystack_len-needle_len); ++i) if (0 == sl_strncmp(&haystack[i], needle, needle_len)) return (needle); return NULL; #endif } /* ---------------------------------------------------------------- * * Privilege handling routines * * ---------------------------------------------------------------- */ static uid_t euid; static uid_t ruid; static uid_t ruid_orig; static gid_t egid; static gid_t rgid; static gid_t rgid_orig; static int uids_are_stored = SL_FALSE; static int suid_is_set = SL_TRUE; #ifdef HAVE_SETRESUID extern int setresuid (uid_t truid, uid_t teuid, uid_t tsuid); extern int setresgid (gid_t trgid, gid_t tegid, gid_t tsgid); #endif /* * This function returns true if the program is SUID. * It calls abort() if the uid's are not saved already. */ int sl_is_suid() { if (uids_are_stored == SL_FALSE) { if (getuid() == geteuid() && getgid() == getegid()) return (0); /* FALSE */ else return (1); /* TRUE */ } else { if (euid == ruid && egid == rgid) return (0); /* FALSE */ else return (1); /* TRUE */ } } /* * This function returns the saved euid. * It calls abort() if the uid's are not saved already. */ int sl_get_euid(uid_t * ret) { SL_ENTER(_("sl_get_euid")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = euid; else *ret = geteuid(); SL_IRETURN (SL_ENONE, _("sl_get_euid")); } uid_t sl_ret_euid() { /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) return (euid); else return (geteuid()); } /* * This function returns the saved egid. * It calls abort() if the uid's are not saved already. */ int sl_get_egid(gid_t * ret) { SL_ENTER(_("sl_get_egid")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = egid; else *ret = getegid(); SL_IRETURN (SL_ENONE, _("sl_get_egid")); } /* * This function returns the saved ruid. * It calls abort() if the uid's are not saved already. */ int sl_get_ruid(uid_t * ret) { SL_ENTER(_("sl_get_ruid")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = ruid; else *ret = getuid(); SL_IRETURN (SL_ENONE, _("sl_get_ruid")); } /* * This function returns the saved rgid. * It calls abort() if the uid's are not saved already. */ int sl_get_rgid(gid_t * ret) { SL_ENTER(_("sl_get_rgid")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = rgid; else *ret = getgid(); SL_IRETURN (SL_ENONE, _("sl_get_rgid")); } /* * This function returns the saved original ruid. * It calls abort() if the uid's are not saved already. */ int sl_get_ruid_orig(uid_t * ret) { SL_ENTER(_("sl_get_ruid_orig")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = ruid_orig; else *ret = getuid(); SL_IRETURN (SL_ENONE, _("sl_get_ruid_orig")); } /* * This function returns the saved original rgid. * It calls abort() if the uid's are not saved already. */ int sl_get_rgid_orig(gid_t * ret) { SL_ENTER(_("sl_get_rgid_orig")); /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/ if (uids_are_stored == SL_TRUE) *ret = rgid_orig; else *ret = getgid(); SL_IRETURN (SL_ENONE, _("sl_get_rgid_orig")); } static int suid_warn_flag = 1; static void suid_warn(int a) { fprintf(stderr, _("ERROR: open set/unset suid !!! %d\n"), a); return; } /* * This function sets the effective uid * to the saved effective uid. * It will abort on failure. */ int sl_set_suid () { int retval; SL_ENTER(_("sl_set_suid")); if (uids_are_stored == SL_FALSE) { SL_IRETURN(SL_ENONE, _("sl_set_suid")); } SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); if (ruid == euid && rgid == egid) { suid_is_set = SL_TRUE; SL_IRETURN(SL_ENONE, _("sl_set_suid")); } SL_REQUIRE(suid_is_set == SL_FALSE, _("suid_is_set == SL_FALSE")); #if defined(HAVE_SETRESUID) retval = setresuid (sh_uid_neg, euid, sh_uid_neg); if (retval == 0) retval = setresgid (sh_gid_neg, egid, sh_gid_neg); #elif defined(HAVE_SETEUID) retval = seteuid (egid); if (retval == 0) retval = setegid (euid); /* on AIX, setreuid does not behave well for non-root users. */ #elif defined(HAVE_SETREUID) retval = setreuid (ruid, euid); if (retval == 0) retval = setregid (rgid, egid); #else retval = setuid (euid); if (retval == 0) retval = setgid (egid); #endif if (suid_warn_flag == 1) suid_warn(1); suid_warn_flag = 1; SL_REQUIRE(retval == 0, _("retval == 0")); suid_is_set = SL_TRUE; SL_IRETURN(SL_ENONE, _("sl_set_suid")); } /* * This function sets the effective uid to the real uid. * It will abort on failure. */ int sl_unset_suid () { register int retval; SL_ENTER(_("sl_unset_suid")); if (uids_are_stored == SL_FALSE) { SL_IRETURN(SL_ENONE, _("sl_unset_suid")); } SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); if (ruid == euid && rgid == egid) { suid_is_set = SL_FALSE; SL_IRETURN(SL_ENONE, _("sl_unset_suid")); } SL_REQUIRE(suid_is_set == SL_TRUE, _("suid_is_set == SL_TRUE")); #if defined(HAVE_SETRESUID) retval = setresgid (sh_gid_neg, rgid, sh_gid_neg); if (retval == 0) retval = setresuid (sh_uid_neg, ruid, sh_uid_neg); #elif defined(HAVE_SETEUID) retval = setegid (rgid); if (retval == 0) retval = seteuid (ruid); #elif defined(HAVE_SETREUID) retval = setregid (egid, rgid); if (retval == 0) retval = setreuid (euid, ruid); #else retval = setgid (rgid); if (retval == 0) retval = setuid (ruid); #endif if (suid_warn_flag == 0) suid_warn(0); suid_warn_flag = 0; SL_REQUIRE(retval == 0, _("retval == 0")); suid_is_set = SL_FALSE; SL_IRETURN(SL_ENONE, _("sl_unset_suid")); } /* * This function saves the uid's. */ int sl_save_uids() { SL_ENTER(_("sl_save_uids")); if (uids_are_stored == SL_TRUE) SL_IRETURN(SL_EREPEAT, _("sl_save_uids")); ruid_orig = getuid(); rgid_orig = getgid(); egid = getegid(); euid = geteuid(); ruid = ruid_orig; rgid = rgid_orig; uids_are_stored = SL_TRUE; SL_IRETURN(SL_ENONE, _("sl_save_uids")); } /* * This function drops SUID privileges irrevocably. * It set the effective uid to the original real uid. */ extern int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid); int sl_drop_privileges() { SL_ENTER(_("sl_drop_privileges")); SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE")); SL_REQUIRE(setgid(rgid_orig) == 0, _("setgid(rgid_orig) == 0")); SL_REQUIRE(sh_unix_initgroups2(ruid_orig, rgid_orig) == 0, _("sh_unix_initgroups2(ruid_orig,rgid_orig) == 0")); SL_REQUIRE(setuid(ruid_orig) == 0, _("setuid(ruid_orig) == 0")); /* make sure that setuid(0) fails */ SL_REQUIRE(setuid(0) < 0, _("setuid(0) < 0")); euid = ruid_orig; egid = rgid_orig; ruid = ruid_orig; rgid = rgid_orig; SL_IRETURN(SL_ENONE, _("sl_drop_privileges")); } /* * Define a policy: Stay root. * Do nothing if not SUID. */ int sl_policy_get_root() { SL_ENTER(_("sl_policy_get_root")); SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); if (euid != ruid || egid != rgid) { SL_REQUIRE(setgid(egid) == 0, _("setgid(egid) == 0")); SL_REQUIRE(setuid(euid) == 0, _("setuid(euid) == 0")); SL_REQUIRE(ruid == getuid() && rgid == getgid(), _("ruid == getuid() && rgid == getgid()")); ruid = euid; rgid = egid; } suid_is_set = SL_TRUE; if (euid == 0) { SL_REQUIRE(sh_unix_initgroups2(euid, egid) == 0, _("sh_unix_initgroups2(euid,egid) == 0")); } SL_IRETURN(SL_ENONE, _("sl_policy_get_root")); } #include /* * Define a policy: Get real (irrevocably). * This function drops SUID privileges irrevocably. * Do nothing if not SUID (? not true - drops if root). */ int sl_policy_get_real(char * user) { SL_ENTER(_("sl_policy_get_real")); SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); if (euid == 0 || ruid == 0) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; char * buffer; struct passwd * tempres; buffer = malloc(SH_PWBUF_SIZE); SL_REQUIRE (buffer != NULL, _("buffer != NULL")); sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(user); #endif SL_REQUIRE (NULL != tempres, _("tempres != NULL")); rgid_orig = tempres->pw_gid; ruid_orig = tempres->pw_uid; #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) free(buffer); #endif } else { rgid_orig = rgid; ruid_orig = ruid; } SL_REQUIRE (sl_drop_privileges() == SL_ENONE, _("sl_drop_privileges() == SL_ENONE")); suid_is_set = SL_TRUE; SL_IRETURN(SL_ENONE, _("sl_policy_get_real")); } /* * Define a policy: Get user. * Drops privileges. * Do nothing if not SUID. */ int sl_policy_get_user(const char * user) { SL_ENTER(_("sl_policy_get_user")); SL_REQUIRE(user != NULL, _("user != NULL")); SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE")); SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE")); #ifndef SH_ALLOW_SUID if (euid != ruid || egid != rgid) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; char * buffer; struct passwd * tempres; buffer = malloc(SH_PWBUF_SIZE); SL_REQUIRE (buffer != NULL, _("buffer != NULL")); sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(user); #endif SL_REQUIRE (NULL != tempres, _("tempres != NULL")); SL_REQUIRE (sl_drop_privileges() == SL_ENONE, _("sl_drop_privileges() == SL_ENONE")); #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) free(buffer); #endif } #endif SL_IRETURN(SL_ENONE, _("sl_policy_get_user")); } /* ---------------------------------------------------------------- * * File access routines * * ---------------------------------------------------------------- */ #define TOFFSET 0x1234 /* this would prevent opening files if the first 16 fds are open :( */ /* #define MAXFD FOPEN_MAX */ #define MAXFD 1024 typedef struct openfiles { SL_TICKET ticket; /* The unique ID. */ int fd; /* The file descriptor. */ FILE * stream; /* The file descriptor. */ char * path; /* The file path. */ int flush; /* Whether we want to flush the cache */ char ofile[SL_OFILE_SIZE]; /* origin file */ int oline; /* origin line */ sh_string * content; /* The file content */ } SL_OFILE; static SL_OFILE * ofiles[MAXFD]; static char stale_orig_file[64] = { '\0' }; static int stale_orig_line = -1; static char stale_orig_mesg[128]; static char badfd_orig_file[64] = { '\0' }; static int badfd_orig_line = -1; static char badfd_orig_mesg[128]; char * sl_check_stale() { if (stale_orig_line == -1) return NULL; sl_snprintf(stale_orig_mesg, sizeof(stale_orig_mesg), _("stale handle, %s, %d"), stale_orig_file, stale_orig_line); stale_orig_file[0] = '\0'; stale_orig_line = -1; return stale_orig_mesg; } char * sl_check_badfd() { if (badfd_orig_line == -1) return NULL; sl_snprintf(badfd_orig_mesg, sizeof(badfd_orig_mesg), _("close on file descriptor with allocated handle, %s, %d"), badfd_orig_file, badfd_orig_line); badfd_orig_file[0] = '\0'; badfd_orig_line = -1; return badfd_orig_mesg; } typedef struct { volatile unsigned int atom; } atomic_t; static atomic_t nonce_counter = { TOFFSET }; #if defined(__GNUC__) && (defined(__i486__) || defined(__x86_64__)) /* from linux/include/asm-i386/atomic.h */ static unsigned int atomic_add ( unsigned int i, atomic_t *var) { unsigned int j = i; __asm__ __volatile__ ("lock; xaddl %0, %1" : "+r" (i), "+m" (var->atom) : : "memory"); return j+i; } #else SH_MUTEX_STATIC(mutex_ticket, PTHREAD_MUTEX_INITIALIZER); static unsigned int atomic_add ( unsigned int i, atomic_t *var) { volatile unsigned int j; SH_MUTEX_LOCK_UNSAFE(mutex_ticket); var->atom += i; j = var->atom; SH_MUTEX_UNLOCK_UNSAFE(mutex_ticket); return j; } #endif static SL_TICKET sl_create_ticket (unsigned int myindex) { unsigned int high; /* index */ unsigned int low; /* nonce */ SL_TICKET retval = SL_EINTERNAL; unsigned int nonce;/* nonce */ SL_ENTER(_("sl_create_ticket")); if (myindex >= MAXFD) { retval = SL_EINTERNAL01; goto out_ticket; } /* mask out the high bit and check that it is not used * -> verify that it fits into 16 bits as positive */ high = (myindex + TOFFSET) & 0x7fff; if (high != myindex + TOFFSET) { retval = SL_EINTERNAL02; goto out_ticket; } nonce = atomic_add(1, &nonce_counter); /* Wrap around the nonce counter. * This is a dirty trick. */ if (nonce > 0x7fff) { nonce_counter.atom = TOFFSET; nonce = atomic_add(1, &nonce_counter); } low = nonce & 0xffff; /* Overflow -> nonce too big. */ if ((low != nonce) || low == 0) { retval = SL_EINTERNAL03; goto out_ticket; } retval = (SL_TICKET) ((high << 16) | low); out_ticket: SL_RETURN (retval, _("sl_create_ticket")); } static int sl_read_ticket (SL_TICKET fno) { register unsigned myindex; register SL_OFILE *of; myindex = ((fno >> 16) & 0xffff) - TOFFSET; if (myindex >= MAXFD) return (SL_ETICKET); if (ofiles[myindex] == NULL) return (SL_ETICKET); if (ofiles[myindex]->ticket != fno) return (SL_ETICKET); if ((of = ofiles[myindex])->fd < 0 || of->fd >= MAXFD ) return (SL_EINTERNAL04); if (((of->ticket) & 0xffff) == 0) return (SL_EINTERNAL05); return (myindex); } SL_TICKET sl_make_ticket (const char * ofile, int oline, int fd, const char * filename, FILE * stream) { size_t len; SL_TICKET ticket; SL_ENTER(_("sl_make_ticket")); /* Make entry. */ if (fd >= MAXFD || fd < 0) { SL_IRETURN(SL_TOOMANY, _("sl_make_ticket")); } if (ofiles[fd] != NULL) /* stale entry */ { /* SL_IRETURN(SL_EINTERNAL06, _("sl_make_ticket")); */ sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file)); stale_orig_line = ofiles[fd]->oline; if (ofiles[fd]->content) sh_string_destroy(&(ofiles[fd]->content)); (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; } if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) { SL_IRETURN(SL_EMEM, _("sl_make_ticket")); } len = sl_strlen(filename)+1; if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) { free (ofiles[fd]); ofiles[fd] = NULL; SL_IRETURN(SL_EMEM, _("sl_make_ticket")); } /* Get a ticket. */ ticket = sl_create_ticket((unsigned int)fd); if (SL_ISERROR(ticket)) { (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; SL_IRETURN(ticket, _("sl_make_ticket")); } sl_strlcpy (ofiles[fd]->path, filename, len); ofiles[fd]->ticket = ticket; ofiles[fd]->fd = fd; ofiles[fd]->content = NULL; ofiles[fd]->stream = stream; ofiles[fd]->flush = SL_FALSE; sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE); ofiles[fd]->oline = oline; SL_IRETURN(ticket, _("sl_make_ticket")); } #define SL_OPEN_MIN 113 #define SL_OPEN_FOR_READ 113 #define SL_OPEN_FOR_WRITE 114 #define SL_OPEN_FOR_RDWR 115 #define SL_OPEN_FOR_WTRUNC 116 #define SL_OPEN_FOR_RWTRUNC 117 #define SL_OPEN_SAFE_RDWR 118 #define SL_OPEN_FOR_FASTREAD 119 #define SL_OPEN_MAX 119 #if !defined(O_NOATIME) #if defined(__linux__) && (defined(__i386__) || defined(__x86_64__) || defined(__PPC__)) #define O_NOATIME 01000000 #else /* * bitwise 'or' with zero does not modify any bit */ #define O_NOATIME 0 #endif #endif static int o_noatime = O_NOATIME; static mode_t open_mode = (S_IWUSR|S_IRUSR|S_IRGRP); static int sl_open_file (const char * ofile, int oline, const char *filename, int mode, int priv) { struct stat lbuf; struct stat buf; int errval = 0; int lstat_return; int stat_return; int fd; int sflags; size_t len; SL_TICKET ticket; #if !defined(O_NONBLOCK) #if defined(O_NDELAY) #define O_NONBLOCK O_NDELAY #else #define O_NONBLOCK 0 #endif #endif SL_ENTER(_("sl_open_file")); if (filename == NULL) SL_IRETURN(SL_ENULL, _("sl_open_file")); if (mode < SL_OPEN_MIN || mode > SL_OPEN_MAX) SL_IRETURN(SL_EINTERNAL07, _("sl_open_file")); /* "This system call always succeeds and the previous value of * the mask is returned." */ (void) umask (0); if (mode == SL_OPEN_FOR_FASTREAD) { fd = aud_open_noatime (FIL__, __LINE__, priv, filename, O_RDONLY|O_NONBLOCK, 0, &o_noatime); /* if (fd >= 0) { sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); } */ if (fd < 0) SL_IRETURN(SL_EBADFILE, _("sl_open_file")); goto createTicket; } #ifdef USE_SUID if (priv == SL_YESPRIV) sl_set_suid(); #endif if (mode == SL_OPEN_FOR_READ) lstat_return = retry_stat (FIL__, __LINE__, filename, &lbuf); else lstat_return = retry_lstat(FIL__, __LINE__, filename, &lbuf); errval = errno; #ifdef USE_SUID if (priv == SL_YESPRIV) sl_unset_suid(); #endif if (lstat_return == -1) { lstat_return = ENOENT; if ( (mode == SL_OPEN_FOR_READ && lstat_return == ENOENT) || (errval != ENOENT)) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), filename, errval)); errno = errval; SL_IRETURN(SL_ESTAT, _("sl_open_file")); } } if ( (mode != SL_OPEN_FOR_READ) && (lstat_return != ENOENT) && ( S_ISDIR(lbuf.st_mode) || (S_IWOTH & lbuf.st_mode) ) ) { int retval = S_ISDIR(lbuf.st_mode) ? SL_EISDIR : SL_EBADOTH; errno = 0; SL_IRETURN(retval, _("sl_open_file")); } /* O_NOATIME has an effect for read(). But write() ?. */ switch (mode) { case SL_OPEN_FOR_READ: fd = aud_open_noatime (FIL__, __LINE__, priv, filename, O_RDONLY|O_NONBLOCK, 0, &o_noatime); errval = errno; if (fd >= 0) { sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK); } break; case SL_OPEN_FOR_WRITE: if (lstat_return == ENOENT) fd = aud_open (FIL__, __LINE__, priv, filename, O_WRONLY|O_CREAT|O_EXCL, open_mode); else fd = aud_open (FIL__, __LINE__, priv, filename, O_WRONLY, open_mode); errval = errno; break; case SL_OPEN_SAFE_RDWR: if (lstat_return == ENOENT) { fd = aud_open (FIL__, __LINE__, priv, filename, O_RDWR|O_CREAT|O_EXCL, open_mode); errval = errno; } else { errno = errval; SL_IRETURN(SL_EBADFILE, _("sl_open_file")); } break; case SL_OPEN_FOR_RDWR: if (lstat_return == ENOENT) fd = aud_open (FIL__, __LINE__, priv, filename, O_RDWR|O_CREAT|O_EXCL, open_mode); else fd = aud_open (FIL__, __LINE__, priv, filename, O_RDWR, open_mode); errval = errno; break; case SL_OPEN_FOR_WTRUNC: if (lstat_return == ENOENT) fd = aud_open (FIL__, __LINE__, priv, filename, O_WRONLY|O_CREAT|O_EXCL, open_mode); else fd = aud_open (FIL__, __LINE__, priv, filename, O_WRONLY|O_TRUNC, open_mode); errval = errno; break; case SL_OPEN_FOR_RWTRUNC: if (lstat_return == ENOENT) fd = aud_open (FIL__, __LINE__, priv, filename, O_RDWR|O_CREAT|O_EXCL, open_mode); else fd = aud_open (FIL__, __LINE__, priv, filename, O_RDWR|O_TRUNC, open_mode); errval = errno; break; default: errno = 0; SL_IRETURN(SL_EINTERNAL08, _("sl_open_file")); } if (fd < 0) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), filename, errval)); errno = errval; SL_IRETURN(SL_EBADFILE, _("sl_open_file")); } #ifdef USE_SUID if (priv == SL_YESPRIV) sl_set_suid(); #endif stat_return = retry_fstat(FIL__, __LINE__, fd, &buf); errval = errno; #ifdef USE_SUID if (priv == SL_YESPRIV) sl_unset_suid(); #endif if (stat_return < 0) { sl_close_fd (FIL__, __LINE__, fd); errno = errval; SL_IRETURN(SL_EFSTAT, _("sl_open_file")); } errno = 0; if (lstat_return != ENOENT && buf.st_ino != lbuf.st_ino) { sl_close_fd (FIL__, __LINE__, fd); SL_IRETURN(SL_EBOGUS, _("sl_open_file")); } createTicket: /* Make entry. */ if (fd >= MAXFD) { sl_close_fd(FIL__, __LINE__, fd); SL_IRETURN(SL_TOOMANY, _("sl_open_file")); } if (ofiles[fd] != NULL) /* stale entry */ { /* sl_close_fd(FIL__, __LINE__, fd); SL_IRETURN(SL_EINTERNAL09, _("sl_open_file")); */ sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file)); stale_orig_line = ofiles[fd]->oline; if (ofiles[fd]->content) sh_string_destroy(&(ofiles[fd]->content)); (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; } if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL) { sl_close_fd(FIL__, __LINE__, fd); SL_IRETURN(SL_EMEM, _("sl_open_file")); } len = sl_strlen(filename)+1; if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) { free (ofiles[fd]); ofiles[fd] = NULL; sl_close_fd(FIL__, __LINE__, fd); SL_IRETURN(SL_EMEM, _("sl_open_file")); } /* Get a ticket. */ ticket = sl_create_ticket(fd); if (SL_ISERROR(ticket)) { (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; sl_close_fd(FIL__, __LINE__, fd); SL_IRETURN(ticket, _("sl_open_file")); } sl_strlcpy (ofiles[fd]->path, filename, len); ofiles[fd]->ticket = ticket; ofiles[fd]->fd = fd; ofiles[fd]->content = NULL; ofiles[fd]->stream = NULL; ofiles[fd]->flush = SL_FALSE; sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE); ofiles[fd]->oline = oline; SL_IRETURN(ticket, _("sl_open_file")); } FILE * sl_stream (SL_TICKET ticket, char * mode) { int fd; if (SL_ISERROR(fd = sl_read_ticket(ticket))) return (NULL); if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || ticket != ofiles[fd]->ticket || fd < 0) return (NULL); if (!ofiles[fd]->stream) ofiles[fd]->stream = fdopen(fd, mode); return ofiles[fd]->stream; } int get_the_fd (SL_TICKET ticket) { int fd; if (SL_ISERROR(fd = sl_read_ticket(ticket))) return (fd); if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || ticket != ofiles[fd]->ticket || fd < 0) return (SL_EINTERNAL10); return (fd); } static int check_fname_priv (const char * fname, int priv) { SL_ENTER(_("check_fname_priv")); if (fname == NULL) SL_IRETURN(SL_ENULL, _("check_fname_priv")); if (priv != SL_YESPRIV && priv != SL_NOPRIV) SL_IRETURN(SL_EINTERNAL11, _("check_fname_priv")); SL_IRETURN(SL_ENONE, _("check_fname_priv")); } SL_TICKET sl_open_write (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_write")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_write")); status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WRITE, priv); SL_IRETURN(status, _("sl_open_write")); } SL_TICKET sl_open_read (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_read")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) { TPT(( 0, FIL__, __LINE__, _("msg= status=<%ld>\n"), status)); SL_IRETURN(status, _("sl_open_read")); } status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_READ, priv); SL_IRETURN(status, _("sl_open_read")); } #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED) static int sl_check_mincore(int fd) { /* Idea from Tobias Oetiker (http://insights.oetiker.ch/linux/fadvise.html) */ struct stat fbuf; int retval = -1; if (0 == fstat(fd, &fbuf)) { void *f_map; f_map = mmap((void *)0, fbuf.st_size, PROT_NONE, MAP_SHARED, fd, 0); if (MAP_FAILED != f_map) { extern int sh_unix_pagesize(void); size_t i; size_t page_size = sh_unix_pagesize(); size_t vec_size = (fbuf.st_size+page_size-1)/page_size; unsigned char * vec = calloc(1, vec_size); if (vec) { mincore(f_map, fbuf.st_size, vec); /* imax = fbuf.st_size/page_size; */ for (i = 0; i <= vec_size; ++i) { if (vec[i]&1) { goto incore; } } retval = 0; incore: free(vec); } munmap(f_map, fbuf.st_size); } } return retval; } #endif static int sl_drop_cache = SL_FALSE; int sl_set_drop_cache(const char * str) { extern int sh_util_flagval(const char * c, int * fval); return sh_util_flagval(str, &sl_drop_cache); } SL_TICKET sl_open_fastread (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_fastread")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_read")); status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_FASTREAD, priv); #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED) if (SL_FALSE != sl_drop_cache && !SL_ISERROR(status)) { int fd = get_the_fd(status); if (fd >= 0) { if (0 == sl_check_mincore(fd)) ofiles[fd]->flush = SL_TRUE; } } #endif SL_IRETURN(status, _("sl_open_fastread")); } SL_TICKET sl_open_rdwr (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_rdwr")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_rdwr")); status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RDWR, priv); SL_IRETURN(status, _("sl_open_rdwr")); } SL_TICKET sl_open_safe_rdwr (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_safe_rdwr")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_safe_rdwr")); status = sl_open_file(ofile, oline, fname, SL_OPEN_SAFE_RDWR, priv); SL_IRETURN(status, _("sl_open_safe_rdwr")); } SL_TICKET sl_open_write_trunc (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_write_trunc")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_write_trunc")); status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WTRUNC, priv); SL_IRETURN(status, _("sl_open_write_trunc")); } SL_TICKET sl_open_rdwr_trunc (const char * ofile, int oline, const char * fname, int priv) { long status; SL_ENTER(_("sl_open_rdwr_trunc")); if (SL_ENONE != (status = check_fname_priv (fname, priv))) SL_IRETURN(status, _("sl_open_rdwr_trunc")); status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RWTRUNC, priv); SL_IRETURN(status, _("sl_open_rdwr_trunc")); } int sl_init_content (SL_TICKET ticket, size_t size) { int fd; if (SL_ISERROR(fd = sl_read_ticket(ticket))) return (fd); if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || ticket != ofiles[fd]->ticket || fd < 0) return (SL_EINTERNAL12); if (ofiles[fd]->content) sh_string_destroy(&(ofiles[fd]->content)); ofiles[fd]->content = sh_string_new(size); return SL_ENONE; } sh_string * sl_get_content (SL_TICKET ticket) { int fd; if (SL_ISERROR(fd = sl_read_ticket(ticket))) return (NULL); if (ofiles[fd] == NULL || fd != ofiles[fd]->fd || ticket != ofiles[fd]->ticket || fd < 0) return (NULL); return (ofiles[fd]->content); } int sl_lock (SL_TICKET ticket) { int fd; struct flock lock; int retval; SL_ENTER(_("sl_lock")); if (SL_ISERROR(fd = get_the_fd (ticket))) SL_IRETURN(fd, _("sl_lock")); lock.l_type = F_WRLCK; lock.l_whence = SEEK_SET; lock.l_start = 0; lock.l_len = 0; /* F_SETLK returns if the lock cannot be obtained */ do { retval = fcntl(fd, F_SETLK, &lock); } while (retval < 0 && errno == EINTR); if (retval < 0 && errno == EBADF) SL_IRETURN(SL_ETICKET, _("sl_lock")); else if (retval < 0) SL_IRETURN(SL_EBADFILE, _("sl_lock")); else SL_IRETURN(SL_ENONE, _("sl_lock")); } int sl_close (SL_TICKET ticket) { register int fd; FILE * fp = NULL; SL_ENTER(_("sl_close")); if (SL_ISERROR(fd = get_the_fd (ticket))) SL_IRETURN(fd, _("sl_close")); if (ofiles[fd] != NULL) { #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED) if (ofiles[fd]->flush == SL_TRUE) { posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED); } #endif if (ofiles[fd]->content) sh_string_destroy(&(ofiles[fd]->content)); (void) free (ofiles[fd]->path); fp = ofiles[fd]->stream; (void) free (ofiles[fd]); ofiles[fd] = NULL; } /* This may fail, but what to do then ? */ if (fp) { if (0 != fclose (fp)) /* within sl_close */ { TPT((0, FIL__, __LINE__, _("msg=, fd=<%d>, err=<%s>\n"), fd, strerror(errno))); } } else { if (0 != close(fd)) /* within sl_close */ { TPT((0, FIL__, __LINE__, _("msg=, fd=<%d>, err=<%s>\n"), fd, strerror(errno))); } } SL_IRETURN(SL_ENONE, _("sl_close")); } int sl_close_fd (const char * file, int line, int fd) { int ret = -1; SL_ENTER(_("sl_close_fd")); if (fd >= 0 && fd < MAXFD && ofiles[fd] != NULL) /* stale ofiles[fd] handle */ { sl_strlcpy(badfd_orig_file, file, sizeof(badfd_orig_file)); badfd_orig_line = line; } ret = close(fd); /* within sl_close_fd wrapper */ SL_IRETURN(ret, _("sl_close_fd")); } int sl_fclose (const char * file, int line, FILE * fp) { int ret = -1; int fd; SL_ENTER(_("sl_fclose")); fd = fileno(fp); if (fd >= 0 && fd < MAXFD && ofiles[fd] != NULL) /* stale ofiles[fd] handle */ { sl_strlcpy(badfd_orig_file, file, sizeof(badfd_orig_file)); badfd_orig_line = line; } ret = fclose(fp); /* within sl_fclose wrapper */ SL_IRETURN(ret, _("sl_fclose")); } int sl_dropall(int fd, int except) { while (fd < MAXFD) { if (ofiles[fd] != NULL && fd != except) { if (ofiles[fd]->content) sh_string_destroy(&(ofiles[fd]->content)); if (ofiles[fd]->path != NULL) (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; } ++fd; } return 0; } int sl_dropall_dirty(int fd, int except) { while (fd < MAXFD) { if (ofiles[fd] != NULL && fd != except) { ofiles[fd] = NULL; } ++fd; } return 0; } int sl_unlink (SL_TICKET ticket) { register int fd; SL_ENTER(_("sl_unlink")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_unlink")); if (retry_aud_unlink(FIL__, __LINE__, ofiles[fd]->path) < 0) SL_IRETURN(SL_EUNLINK, _("sl_unlink")); SL_IRETURN(SL_ENONE, _("sl_unlink")); } int sl_seek (SL_TICKET ticket, off_t off_data) { register int fd; SL_ENTER(_("sl_seek")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_seek")); if (lseek(fd, off_data, SEEK_SET) == (off_t)-1) SL_IRETURN(SL_EREWIND, _("sl_seek")); SL_IRETURN(SL_ENONE, _("sl_seek")); } int sl_rewind (SL_TICKET ticket) { register int fd; SL_ENTER(_("sl_rewind")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_rewind")); if (lseek (fd, 0L, SEEK_SET) == (off_t)-1) SL_IRETURN(SL_EREWIND, _("sl_rewind")); SL_IRETURN(SL_ENONE, _("sl_rewind")); } int sl_forward (SL_TICKET ticket) { register int fd; SL_ENTER(_("sl_forward")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_forward")); if (lseek (fd, 0L, SEEK_END) == (off_t)-1) SL_IRETURN(SL_EFORWARD, _("sl_forward")); SL_IRETURN(SL_ENONE, _("sl_forward")); } int sl_sync (SL_TICKET ticket) { register int fd; SL_ENTER(_("sl_sync")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_sync")); if (fsync (fd) == -1) SL_IRETURN(SL_ESYNC, _("sl_sync")); SL_IRETURN(SL_ENONE, _("sl_sync")); } int sl_read_timeout_prep (SL_TICKET ticket) { int fd; int sflags; SL_ENTER(_("sl_read_timeout_prep")); if (SL_ISERROR(fd = get_the_fd(ticket))) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); SL_IRETURN(fd, _("sl_read_timeout_prep")); } /* set to non-blocking mode */ sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep")); } int sl_read_timeout_fd (int fd, void * buf_in, size_t count, int timeout, int is_nonblocking) { int sflags = 0; fd_set readfds; struct timeval tv; /* int sflags; */ int retval; int error; int byteread = 0; int bytes = 0; char * buf; time_t tnow; time_t tstart; time_t tdiff; extern volatile int sig_termfast; if (is_nonblocking == SL_FALSE) { /* set to non-blocking mode */ sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0); retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK); } buf = (char *) buf_in; tstart = time(NULL); tdiff = 0; while (count > 0) { FD_ZERO(&readfds); FD_SET(fd, &readfds); tv.tv_sec = timeout - tdiff; tv.tv_usec = 0; retval = select (fd+1, &readfds, NULL, NULL, &tv); if (retval > 0) { byteread = read (fd, buf, count); if (byteread > 0) { bytes += byteread; count -= byteread; buf += byteread; if (count == 0) break; } else if (byteread == 0) { /* zero indicates end of file */ break; } else { if (errno == EINTR || errno == EAGAIN) { retry_msleep(1, 0); tnow = time(NULL); tdiff = tnow - tstart; continue; } else { error = errno; if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); TPT(( 0, FIL__, __LINE__, _("msg="))); errno = error; return (SL_EREAD); } } } else if ((retval == -1) && (errno == EINTR || errno == EAGAIN)) { retry_msleep(1, 0); tnow = time(NULL); tdiff = tnow - tstart; continue; } else if (retval == 0) { if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); TPT(( 0, FIL__, __LINE__, _("msg="))); errno = 0; if (bytes > 0) return ((int) bytes); return (SL_TIMEOUT); } else { error = errno; if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); TPT(( 0, FIL__, __LINE__, _("msg="))); errno = error; return (SL_EREAD); } if (sig_termfast == 1) { if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); TPT(( 0, FIL__, __LINE__, _("msg="))); errno = 0; return (SL_EREAD); } tnow = time(NULL); tdiff = tnow - tstart; if (tdiff > timeout) { if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); TPT(( 0, FIL__, __LINE__, _("msg="))); errno = 0; if (bytes > 0) return ((int) bytes); return (SL_TIMEOUT); } } if (is_nonblocking == SL_FALSE) retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags); return ((int) bytes); } int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, int timeout, int is_nonblocking) { int fd, retval; SL_ENTER(_("sl_read_timeout")); if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket))) { if (buf_in == NULL) { TPT(( 0, FIL__, __LINE__, _("msg="))); SL_IRETURN((SL_ENULL), _("sl_read_timeout")); } if (SL_ISERROR(fd = get_the_fd(ticket))) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); SL_IRETURN((fd), _("sl_read_timeout")); } } retval = sl_read_timeout_fd (fd, buf_in, count, timeout, is_nonblocking); SL_IRETURN((retval), _("sl_read_timeout")); } int sl_read (SL_TICKET ticket, void * buf_in, size_t count) { int fd; int byteread = 0; int bytes = 0; char * buf; SL_ENTER(_("sl_read")); if (count < 1) { TPT(( 0, FIL__, __LINE__, _("msg="))); SL_IRETURN((SL_ERANGE), _("sl_read")); } if (buf_in == NULL) { TPT(( 0, FIL__, __LINE__, _("msg="))); SL_IRETURN((SL_ENULL), _("sl_read")); } if (SL_ISERROR(fd = get_the_fd(ticket))) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); SL_IRETURN((fd), _("sl_read")); } buf = (char *) buf_in; do { byteread = read (fd, buf, count); if (byteread > 0) { bytes += byteread; count -= byteread; buf += byteread; } } while ( byteread > 0 || ( byteread == -1 && (errno == EINTR || errno == EAGAIN)) ); if (byteread == (-1)) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); SL_IRETURN((SL_EREAD), _("sl_read")); } SL_IRETURN((bytes), _("sl_read")); } int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count) { int fd; int byteread = 0; char * buf; SL_ENTER(_("sl_read_fast")); if (count < 1) { TPT(( 0, FIL__, __LINE__, _("msg="))); SL_IRETURN((SL_ERANGE), _("sl_read_fast")); } if (buf_in == NULL) { TPT(( 0, FIL__, __LINE__, _("msg="))); SL_IRETURN((SL_ENULL), _("sl_read_fast")); } if (SL_ISERROR(fd = get_the_fd(ticket))) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>"), fd)); SL_IRETURN((fd), _("sl_read_fast")); } buf = (char *) buf_in; do { byteread = read (fd, buf, count); if (byteread >= 0) { SL_IRETURN((byteread), _("sl_read_fast")); } } while ( byteread == -1 && (errno == EINTR || errno == EAGAIN)); if (byteread == (-1)) { TPT(( 0, FIL__, __LINE__, _("msg= errno=<%d>\n"), errno)); SL_IRETURN((SL_EREAD), _("sl_read_fast")); } SL_IRETURN((0), _("sl_read_fast")); } int sl_write (SL_TICKET ticket, const void * msg_in, long nbytes) { long bytewritten; long bytecount; int fd; const char * msg; SL_ENTER(_("sl_write")); if (nbytes < 1) SL_IRETURN(SL_ERANGE, _("sl_write")); if (msg_in == NULL) SL_IRETURN(SL_ENULL, _("sl_write")); if (SL_ISERROR(fd = get_the_fd(ticket))) SL_IRETURN(fd, _("sl_write")); msg = (const char *) msg_in; /* write */ bytecount = 0; while (bytecount < nbytes) { bytewritten = write (fd, msg, nbytes-bytecount); if (bytewritten > 0) { bytecount += bytewritten; msg += bytewritten; /* move buffer pointer forward */ } else if (bytewritten <= 0) { if ( errno == EINTR || errno == EAGAIN) /* try again */ continue; else SL_IRETURN(SL_EWRITE, _("sl_write")); } } SL_IRETURN(SL_ENONE, _("sl_write")); } int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes) { int status; SL_ENTER(_("sl_write_line")); status = sl_write(ticket, msg, nbytes); if (!SL_ISERROR(status)) status = sl_write(ticket, "\n", 1); SL_IRETURN(status, _("sl_write_line")); } int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes) { int status; char * p = (char *) msg; SL_ENTER(_("sl_write_line_fast")); /* Here nbytes is strlen(msg), so p[nbytes] is the terminating '\0' * Overwrite the terminator, write out, then write back the terminator. */ p[nbytes] = '\n'; status = sl_write(ticket, msg, nbytes+1); p[nbytes] = '\0'; SL_IRETURN(status, _("sl_write_line_fast")); } /* ---------------------------------------------------------------- * * Trustfile interface * * ---------------------------------------------------------------- */ extern uid_t rootonly[]; extern int EUIDSLOT; extern int ORIG_EUIDSLOT; extern char tf_path[MAXFILENAME]; /* Error path for trust function. */ extern uid_t tf_euid; /* Space for EUID of process. */ char * sl_error_string(int errorcode) { switch (errorcode) { case SL_EBOGUS: return _("Bogus file, modified during access"); case SL_EWRITE: return _("Write error"); case SL_EREAD: return _("Read error"); case SL_ESYNC: return _("Error in fsync()"); case SL_EFORWARD: return _("Error in lseek()"); case SL_EREWIND: return _("Error in lseek()"); case SL_EUNLINK: return _("Error in unlink()"); case SL_EMEM: return _("Out of memory"); case SL_EINTERNAL: return _("Internal error"); case SL_EINTERNAL01: return _("Internal error 01"); case SL_EINTERNAL02: return _("Internal error 02"); case SL_EINTERNAL03: return _("Internal error 03"); case SL_EINTERNAL04: return _("Internal error 04"); case SL_EINTERNAL05: return _("Internal error 05"); case SL_EINTERNAL06: return _("Internal error 06"); case SL_EINTERNAL07: return _("Internal error 07"); case SL_EINTERNAL08: return _("Internal error 08"); case SL_EINTERNAL09: return _("Internal error 09"); case SL_EINTERNAL10: return _("Internal error 10"); case SL_EINTERNAL11: return _("Internal error 11"); case SL_EINTERNAL12: return _("Internal error 12"); case SL_ETICKET: return _("Bad ticket"); case SL_EREPEAT: return _("Illegal repeated use of function"); case SL_ERANGE: return _("Argument out of range"); case SL_ENULL: return _("Dereferenced NULL pointer"); case SL_EBADUID: return _("Owner not trustworthy"); case SL_EBADGID: return _("Group writeable and member not trustworthy"); case SL_EBADOTH: return _("World writeable"); case SL_EISDIR: return _("Is a directory"); case SL_EBADFILE: return _("File access error"); case SL_EBADNAME: return _("Invalid filename (prob. too long or null)"); case SL_ETRUNC: return _("Truncation occured"); case SL_ESTAT: return _("stat() failed"); case SL_EFSTAT: return _("fstat() failed"); default: return _("Unknown error"); } } char * sl_trust_errfile(void) { return &tf_path[0]; } extern uid_t tf_baduid; uid_t sl_trust_baduid(void) { return tf_baduid; } extern gid_t tf_badgid; gid_t sl_trust_badgid(void) { return tf_badgid; } static int trust_count = 0; int sl_trust_purge_user (void) { int i; EUIDSLOT = ORIG_EUIDSLOT; trust_count = 0; for (i = EUIDSLOT; i < (EUIDSLOT + 15); ++i) rootonly[i] = sh_uid_neg; return 0; } int sl_trust_add_user (uid_t pwid) { SL_ENTER(_("sl_trust_add_user")); if (trust_count == 15) SL_IRETURN(SL_ERANGE, _("sl_trust_add_user")); rootonly[EUIDSLOT] = pwid; ++EUIDSLOT; ++trust_count; SL_IRETURN(SL_ENONE, _("sl_trust_add_user")); } #include "sh_mem.h" extern char * sh_util_strdup (const char * str); struct sl_trustfile_store { char * filename; uid_t teuid; struct sl_trustfile_store * next; }; static struct sl_trustfile_store * sl_trusted_files = NULL; static void sl_add_trusted_file(const char * filename, uid_t teuid) { struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store)); new->filename = sh_util_strdup (filename); new->teuid = teuid; new->next = sl_trusted_files; sl_trusted_files = new; return; } static const char * sl_check_trusted_file(const char * filename, uid_t teuid) { struct sl_trustfile_store *new = sl_trusted_files; while (new) { if ((new->teuid == teuid) && (0 == strcmp(new->filename, filename))) return filename; new = new->next; } return NULL; } static void sl_clear_trusted_file(struct sl_trustfile_store * file) { if (file) { if (file->next != NULL) sl_clear_trusted_file(file->next); SH_FREE(file->filename); SH_FREE(file); } return; } int sl_trustfile_euid(const char * filename, uid_t teuid) { long status; static time_t old = 0; static time_t now; SL_ENTER(_("sl_trustfile_euid")); tf_path[0] = '\0'; if (filename == NULL || filename[0] == '\0') SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid")); now = time(NULL); if (now < (old + 300)) { if (NULL != sl_check_trusted_file(filename, teuid)) { sl_strlcpy(tf_path, filename, sizeof(tf_path)); SL_IRETURN(SL_ENONE, _("sl_trustfile_euid")); } } else { sl_clear_trusted_file(sl_trusted_files); sl_trusted_files = NULL; old = now; } tf_euid = teuid; status = sl_trustfile(filename, NULL, NULL); if (status == SL_ENONE) sl_add_trusted_file(filename, teuid); SL_IRETURN(status, _("sl_trustfile_euid")); } /* ---------------------------------------------------------------- * * Overflow tests * * ---------------------------------------------------------------- */ #ifndef SIZE_MAX #define SIZE_MAX (4294967295U) #endif int sl_ok_muli (int a, int b) /* a*b */ { if ((b == 0) || (a >= (INT_MIN / b) && a <= (INT_MAX / b))) return SL_TRUE; /* no overflow */ return SL_FALSE; } int sl_ok_muls (size_t a, size_t b) /* a*b */ { if ((b == 0) || (a <= (SIZE_MAX / b))) return SL_TRUE; /* no overflow */ return SL_FALSE; } int sl_ok_divi (int a, int b) /* a/b */ { (void) a; if (b != 0) return SL_TRUE; /* no overflow */ return SL_FALSE; } int sl_ok_addi (int a, int b) /* a+b */ { if (a >= 0 && b >= 0) { if (a <= (INT_MAX - b)) return SL_TRUE; /* no overflow */ else return SL_FALSE; } else if (a < 0 && b < 0) { if (a >= (INT_MIN - b)) return SL_TRUE; /* no overflow */ else return SL_FALSE; } return SL_TRUE; } int sl_ok_adds (size_t a, size_t b) /* a+b */ { if (a <= (SIZE_MAX - b)) return SL_TRUE; /* no overflow */ else return SL_FALSE; } int sl_ok_subi (int a, int b) /* a-b */ { if (a >= 0 && b < 0) { if (a <= (INT_MAX + b)) return SL_TRUE; /* no overflow */ else return SL_FALSE; } else if (a < 0 && b >= 0) { if (a >= (INT_MIN + b)) return SL_TRUE; /* no overflow */ else return SL_FALSE; } return SL_TRUE; } samhain-3.1.0/src/sh_log_parse_syslog.c0000644000175000017500000000775211635615106015073 00000000000000/************************************** ** ** PARSER RULES ** ** (a) must set record->host ** (eventually to dummy value) ** ** (b) must set record->prefix ** (eventually to dummy value) ** ** **************************************/ /* for strptime */ #define _XOPEN_SOURCE #include "config_xor.h" #include #include #include #if defined(HOST_IS_SOLARIS) /* For 'struct timeval' in */ #define __EXTENSIONS__ #endif #include #include #ifdef USE_LOGFILE_MONITOR #include "samhain.h" #include "sh_pthread.h" #include "sh_log_check.h" #include "sh_utils.h" #include "sh_string.h" #undef FIL__ #define FIL__ _("sh_log_parse_syslog.c") static int hidepid = 0; extern int flag_err_debug; int sh_get_hidepid() { return hidepid; } int sh_set_hidepid(const char *s) { return sh_util_flagval(s, &hidepid); } struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo) { static const char * format0_1 = N_("%b %d %T"); static const char * format0_2 = N_("%Y-%m-%dT%T"); static char format_1[16]; static char format_2[16]; static int format_init = 0; static struct tm old_tm; static time_t old_time; const unsigned int Tpos = 10; volatile unsigned int tlen = 16; (void) fileinfo; if (!format_init) { sl_strlcpy(format_1, _(format0_1), sizeof(format_1)); sl_strlcpy(format_2, _(format0_2), sizeof(format_2)); format_init = 1; } if (flag_err_debug == SL_TRUE && sh_string_len(logline) > 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, logline->str, _("sh_parse_syslog")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } if (logline && sh_string_len(logline) > tlen) { struct tm btime; char * ptr; int flag; size_t lengths[3]; memset(&btime, '\0', sizeof(struct tm)); btime.tm_isdst = -1; /* This is RFC 3164. */ if (logline->str[Tpos] != 'T') { logline->str[tlen-1] = '\0'; ptr = /*@i@*/strptime(logline->str, format_1, &btime); } /* RFC 3339 describes an alternative timestamp format. * Unfortunately, POSIX strptime() does not support reading * the TZ offset. */ else { ptr = strptime(logline->str, format_2, &btime); if (ptr) { tlen = 20; if (*ptr && *ptr != ' ') { do { ++ptr; ++tlen; } while (*ptr && *ptr != ' '); if (*ptr == ' ') *ptr = '\0'; } } } if (ptr && *ptr == '\0') /* no error, whole string consumed */ { unsigned int fields = 3; /* host program(\[pid\])+: message */ char ** array = split_array_ws(&(logline->str[tlen]), &fields, lengths); if (fields == 3) { struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord)); record->timestamp = conv_timestamp(&btime, &old_tm, &old_time); record->timestr = sh_string_new_from_lchar(logline->str, (tlen-1)); /* host */ record->host = sh_string_new_from_lchar(array[0], lengths[0]); /* program and pid */ if (NULL != (ptr = strchr(array[1], '['))) { *ptr = '\0'; ++ptr; record->pid = (pid_t) atoi(ptr); if (hidepid == 0 || !*ptr) { --ptr; *ptr = '['; } else { *ptr = '\0'; /* overwrite first digit */ --ptr; *ptr = ':'; /* overwrite ex-':' */ lengths[1] = strlen(array[1]); } } else { flag = 0; ptr = array[1]; if (ptr[lengths[1]] == ':') { ptr[lengths[1]] = '\0'; flag = 1; } record->pid = PID_INVALID; if (flag == 1) { ptr[lengths[1]] = ':'; } } /* message */ record->message = sh_string_new_from_lchar3(array[1], lengths[1], " ", 1, array[2], lengths[2]); SH_FREE(array); return record; } SH_FREE(array); } } /* corrupted logline */ return NULL; } /* USE_LOGFILE_MONITOR */ #endif samhain-3.1.0/src/sh_tiger2.c0000644000175000017500000012236111263370661012707 00000000000000/* Tiger: A Fast New Hash Function * * Ross Anderson and Eli Biham * * From the homepage (http://www.cs.technion.ac.il/~biham/Reports/Tiger/): * * Tiger has no usage restrictions nor patents. It can be used freely, * with the reference implementation, with other implementations or with * a modification to the reference implementation (as long as it still * implements Tiger). We only ask you to let us know about your * implementation and to cite the origin of Tiger and of the reference * implementation. * * * The authors' home pages can be found both in * http://www.cs.technion.ac.il/~biham/ and in * http://www.cl.cam.ac.uk/users/rja14/. * The authors' email addresses are biham@cs.technion.ac.il * and rja14@cl.cam.ac.uk. */ #include "config_xor.h" #if !defined(TIGER_64_BIT) /* #if !defined(HAVE_LONG_64) && !defined(HAVE_LONG_LONG_64) */ /* sboxes32.c: Tiger S boxes for 32-bit-only compilers */ #if defined(HAVE_INT_32) typedef unsigned int sh_word32; #elif defined(HAVE_LONG_32) typedef unsigned long sh_word32; #elif defined(HAVE_SHORT_32) typedef unsigned short sh_word32; #else #error No 32 bit type found ! #endif sh_word32 tiger_table[4*256][2] = { { 0xF7E90C5E, 0x02AAB17C /* 0 */}, { 0xE243A8EC, 0xAC424B03 /* 1 */}, { 0x0DD5FCD3, 0x72CD5BE3 /* 2 */}, { 0xF6F97F3A, 0x6D019B93 /* 3 */}, { 0xD21F9193, 0xCD9978FF /* 4 */}, { 0x708029E2, 0x7573A1C9 /* 5 */}, { 0x922A83C3, 0xB164326B /* 6 */}, { 0x04915870, 0x46883EEE /* 7 */}, { 0x7103ECE6, 0xEAACE305 /* 8 */}, { 0x08A3535C, 0xC54169B8 /* 9 */}, { 0x8DDEC47C, 0x4CE75491 /* 10 */}, { 0xDC0DF40C, 0x0AA2F4DF /* 11 */}, { 0xA74DBEFA, 0x10B76F18 /* 12 */}, { 0x5AD1AB6A, 0xC6CCB623 /* 13 */}, { 0x572FE2FF, 0x13726121 /* 14 */}, { 0x199D921E, 0x1A488C6F /* 15 */}, { 0xDA0007CA, 0x4BC9F9F4 /* 16 */}, { 0xE85241C7, 0x26F5E6F6 /* 17 */}, { 0xEA5947B6, 0x859079DB /* 18 */}, { 0xC99E8C92, 0x4F1885C5 /* 19 */}, { 0xA96F864B, 0xD78E761E /* 20 */}, { 0x52B5C17D, 0x8E36428C /* 21 */}, { 0x373063C1, 0x69CF6827 /* 22 */}, { 0x9BB4C56E, 0xB607C93D /* 23 */}, { 0x0E76B5EA, 0x7D820E76 /* 24 */}, { 0xF07FDC42, 0x645C9CC6 /* 25 */}, { 0x243342E0, 0xBF38A078 /* 26 */}, { 0x9D2E7D04, 0x5F6B343C /* 27 */}, { 0x600B0EC6, 0xF2C28AEB /* 28 */}, { 0x7254BCAC, 0x6C0ED85F /* 29 */}, { 0xA4DB4FE5, 0x71592281 /* 30 */}, { 0xCE0FED9F, 0x1967FA69 /* 31 */}, { 0xB96545DB, 0xFD5293F8 /* 32 */}, { 0xF2A7600B, 0xC879E9D7 /* 33 */}, { 0x0193194E, 0x86024892 /* 34 */}, { 0x2D9CC0B3, 0xA4F9533B /* 35 */}, { 0x15957613, 0x9053836C /* 36 */}, { 0xFC357BF1, 0xDB6DCF8A /* 37 */}, { 0x7A370F57, 0x18BEEA7A /* 38 */}, { 0x50B99066, 0x037117CA /* 39 */}, { 0x74424A35, 0x6AB30A97 /* 40 */}, { 0xE325249B, 0xF4E92F02 /* 41 */}, { 0x061CCAE1, 0x7739DB07 /* 42 */}, { 0xECA42A05, 0xD8F3B49C /* 43 */}, { 0x51382F73, 0xBD56BE3F /* 44 */}, { 0x43B0BB28, 0x45FAED58 /* 45 */}, { 0x11BF1F83, 0x1C813D5C /* 46 */}, { 0xD75FA169, 0x8AF0E4B6 /* 47 */}, { 0x87AD9999, 0x33EE18A4 /* 48 */}, { 0xB1C94410, 0x3C26E8EA /* 49 */}, { 0xC0A822F9, 0xB510102B /* 50 */}, { 0x0CE6123B, 0x141EEF31 /* 51 */}, { 0x59DDB154, 0xFC65B900 /* 52 */}, { 0xC5E0E607, 0xE0158640 /* 53 */}, { 0x26C3A3CF, 0x884E0798 /* 54 */}, { 0x23C535FD, 0x930D0D95 /* 55 */}, { 0x4E9A2B00, 0x35638D75 /* 56 */}, { 0x40469DD5, 0x4085FCCF /* 57 */}, { 0x8BE23A4C, 0xC4B17AD2 /* 58 */}, { 0x6A3E6A2E, 0xCAB2F0FC /* 59 */}, { 0x6B943FCD, 0x2860971A /* 60 */}, { 0x12E30446, 0x3DDE6EE2 /* 61 */}, { 0xE01765AE, 0x6222F32A /* 62 */}, { 0x478308FE, 0x5D550BB5 /* 63 */}, { 0xA0EDA22A, 0xA9EFA98D /* 64 */}, { 0x86C40DA7, 0xC351A716 /* 65 */}, { 0x9C867C84, 0x1105586D /* 66 */}, { 0xFDA22853, 0xDCFFEE85 /* 67 */}, { 0x2C5EEF76, 0xCCFBD026 /* 68 */}, { 0x8990D201, 0xBAF294CB /* 69 */}, { 0x2AFAD975, 0xE69464F5 /* 70 */}, { 0xDF133E14, 0x94B013AF /* 71 */}, { 0x2823C958, 0x06A7D1A3 /* 72 */}, { 0x30F61119, 0x6F95FE51 /* 73 */}, { 0x462C06C0, 0xD92AB34E /* 74 */}, { 0x887C71D2, 0xED7BDE33 /* 75 */}, { 0x6518393E, 0x79746D6E /* 76 */}, { 0x5D713329, 0x5BA41938 /* 77 */}, { 0x48A97564, 0x7C1BA6B9 /* 78 */}, { 0x7BFDAC67, 0x31987C19 /* 79 */}, { 0x4B053D02, 0xDE6C23C4 /* 80 */}, { 0xD002D64D, 0x581C49FE /* 81 */}, { 0x38261571, 0xDD474D63 /* 82 */}, { 0xE473D062, 0xAA4546C3 /* 83 */}, { 0x9455F860, 0x928FCE34 /* 84 */}, { 0xCAAB94D9, 0x48161BBA /* 85 */}, { 0x770E6F68, 0x63912430 /* 86 */}, { 0x02C6641C, 0x6EC8A5E6 /* 87 */}, { 0x337DDD2B, 0x87282515 /* 88 */}, { 0x034B701B, 0x2CDA6B42 /* 89 */}, { 0x81CB096D, 0xB03D37C1 /* 90 */}, { 0x66C71C6F, 0xE1084382 /* 91 */}, { 0xEB51B255, 0x2B3180C7 /* 92 */}, { 0x96C08BBC, 0xDF92B82F /* 93 */}, { 0xA632F3BA, 0x5C68C8C0 /* 94 */}, { 0x1C3D0556, 0x5504CC86 /* 95 */}, { 0x5FB26B8F, 0xABBFA4E5 /* 96 */}, { 0xB3BACEB4, 0x41848B0A /* 97 */}, { 0xAA445D32, 0xB334A273 /* 98 */}, { 0xA85AD881, 0xBCA696F0 /* 99 */}, { 0xB528D56C, 0x24F6EC65 /* 100 */}, { 0x90F4524A, 0x0CE1512E /* 101 */}, { 0x5506D35A, 0x4E9DD79D /* 102 */}, { 0xC6CE9779, 0x258905FA /* 103 */}, { 0x3E109B33, 0x2019295B /* 104 */}, { 0x73A054CC, 0xF8A9478B /* 105 */}, { 0x34417EB0, 0x2924F2F9 /* 106 */}, { 0x536D1BC4, 0x3993357D /* 107 */}, { 0x1DB6FF8B, 0x38A81AC2 /* 108 */}, { 0x7D6016BF, 0x47C4FBF1 /* 109 */}, { 0x7667E3F5, 0x1E0FAADD /* 110 */}, { 0x938BEB96, 0x7ABCFF62 /* 111 */}, { 0x8FC179C9, 0xA78DAD94 /* 112 */}, { 0x2911E50D, 0x8F1F98B7 /* 113 */}, { 0x27121A91, 0x61E48EAE /* 114 */}, { 0x31859808, 0x4D62F7AD /* 115 */}, { 0xEF5CEAEB, 0xECEBA345 /* 116 */}, { 0xBC9684CE, 0xF5CEB25E /* 117 */}, { 0xB7F76221, 0xF633E20C /* 118 */}, { 0xAB8293E4, 0xA32CDF06 /* 119 */}, { 0xA5EE2CA4, 0x985A202C /* 120 */}, { 0xCC8A8FB1, 0xCF0B8447 /* 121 */}, { 0x979859A3, 0x9F765244 /* 122 */}, { 0xA1240017, 0xA8D516B1 /* 123 */}, { 0xBB5DC726, 0x0BD7BA3E /* 124 */}, { 0xB86ADB39, 0xE54BCA55 /* 125 */}, { 0x6C478063, 0x1D7A3AFD /* 126 */}, { 0xE7669EDD, 0x519EC608 /* 127 */}, { 0xD149AA23, 0x0E5715A2 /* 128 */}, { 0x848FF194, 0x177D4571 /* 129 */}, { 0x41014C22, 0xEEB55F32 /* 130 */}, { 0x3A6E2EC2, 0x0F5E5CA1 /* 131 */}, { 0x75F5C361, 0x8029927B /* 132 */}, { 0xC3D6E436, 0xAD139FAB /* 133 */}, { 0x4CCF402F, 0x0D5DF1A9 /* 134 */}, { 0xBEA5DFC8, 0x3E8BD948 /* 135 */}, { 0xBD3FF77E, 0xA5A0D357 /* 136 */}, { 0x1F74F645, 0xA2D12E25 /* 137 */}, { 0x5E81A082, 0x66FD9E52 /* 138 */}, { 0x7F687A49, 0x2E0C90CE /* 139 */}, { 0xBA973BC5, 0xC2E8BCBE /* 140 */}, { 0xE509745F, 0x000001BC /* 141 */}, { 0xE6DAB3D6, 0x423777BB /* 142 */}, { 0xAEF06EB5, 0xD1661C7E /* 143 */}, { 0x4DAACFD8, 0xA1781F35 /* 144 */}, { 0x2B16AFFC, 0x2D11284A /* 145 */}, { 0xFA891D1F, 0xF1FC4F67 /* 146 */}, { 0xCB920ADA, 0x73ECC25D /* 147 */}, { 0xC2A12651, 0xAE610C22 /* 148 */}, { 0xD356B78A, 0x96E0A810 /* 149 */}, { 0x2FE7870F, 0x5A9A381F /* 150 */}, { 0xE94E5530, 0xD5AD62ED /* 151 */}, { 0x368D1427, 0xD225E5E8 /* 152 */}, { 0xC7AF4631, 0x65977B70 /* 153 */}, { 0xDE39D74F, 0x99F889B2 /* 154 */}, { 0x54E1D143, 0x233F30BF /* 155 */}, { 0xD9A63C97, 0x9A9675D3 /* 156 */}, { 0xF334F9A8, 0x5470554F /* 157 */}, { 0x4A4F5688, 0x166ACB74 /* 158 */}, { 0xB2E4AEAD, 0x70C74CAA /* 159 */}, { 0x6F294D12, 0xF0D09164 /* 160 */}, { 0x684031D1, 0x57B82A89 /* 161 */}, { 0x61BE0B6B, 0xEFD95A5A /* 162 */}, { 0x69F2F29A, 0x2FBD12E9 /* 163 */}, { 0xFEFF9FE8, 0x9BD37013 /* 164 */}, { 0xD6085A06, 0x3F9B0404 /* 165 */}, { 0x166CFE15, 0x4940C1F3 /* 166 */}, { 0xCDF3DEFB, 0x09542C4D /* 167 */}, { 0x85CD5CE3, 0xB4C52183 /* 168 */}, { 0x4462A641, 0xC935B7DC /* 169 */}, { 0x8ED3B63F, 0x3417F8A6 /* 170 */}, { 0x5B215B40, 0xB8095929 /* 171 */}, { 0x3B8C8572, 0xF99CDAEF /* 172 */}, { 0xF8FCB95D, 0x018C0614 /* 173 */}, { 0x1A3ACDF3, 0x1B14ACCD /* 174 */}, { 0x00BB732D, 0x84D471F2 /* 175 */}, { 0x95E8DA16, 0xC1A3110E /* 176 */}, { 0xBF1A82B8, 0x430A7220 /* 177 */}, { 0x39DF210E, 0xB77E090D /* 178 */}, { 0x3CD05E9D, 0x5EF4BD9F /* 179 */}, { 0x7E57A444, 0x9D4FF6DA /* 180 */}, { 0x83D4A5F8, 0xDA1D60E1 /* 181 */}, { 0x17998E47, 0xB287C384 /* 182 */}, { 0x1BB31886, 0xFE3EDC12 /* 183 */}, { 0x980CCBEF, 0xC7FE3CCC /* 184 */}, { 0x189BFD03, 0xE46FB590 /* 185 */}, { 0x9A4C57DC, 0x3732FD46 /* 186 */}, { 0x7CF1AD65, 0x7EF700A0 /* 187 */}, { 0xA31D8859, 0x59C64468 /* 188 */}, { 0xD45B61F6, 0x762FB0B4 /* 189 */}, { 0x99047718, 0x155BAED0 /* 190 */}, { 0x3D50BAA6, 0x68755E4C /* 191 */}, { 0x22D8B4DF, 0xE9214E7F /* 192 */}, { 0x2EAC95F4, 0x2ADDBF53 /* 193 */}, { 0xB4BD0109, 0x32AE3909 /* 194 */}, { 0xB08E3450, 0x834DF537 /* 195 */}, { 0x4220728D, 0xFA209DA8 /* 196 */}, { 0x9EFE23F7, 0x9E691D9B /* 197 */}, { 0xC4AE8D7F, 0x0446D288 /* 198 */}, { 0xE169785B, 0x7B4CC524 /* 199 */}, { 0x35CA1385, 0x21D87F01 /* 200 */}, { 0x137B8AA5, 0xCEBB400F /* 201 */}, { 0x580796BE, 0x272E2B66 /* 202 */}, { 0x25C2B0DE, 0x36122641 /* 203 */}, { 0xAD1EFBB2, 0x057702BD /* 204 */}, { 0xACF84BE9, 0xD4BABB8E /* 205 */}, { 0x641BC67B, 0x91583139 /* 206 */}, { 0x8036E024, 0x8BDC2DE0 /* 207 */}, { 0xF49F68ED, 0x603C8156 /* 208 */}, { 0xDBEF5111, 0xF7D236F7 /* 209 */}, { 0x8AD21E80, 0x9727C459 /* 210 */}, { 0x670A5FD7, 0xA08A0896 /* 211 */}, { 0x09EBA9CB, 0xCB4A8F43 /* 212 */}, { 0x0F7036A1, 0x81AF564B /* 213 */}, { 0x78199ABD, 0xC0B99AA7 /* 214 */}, { 0x3FC8E952, 0x959F1EC8 /* 215 */}, { 0x794A81B9, 0x8C505077 /* 216 */}, { 0x056338F0, 0x3ACAAF8F /* 217 */}, { 0x627A6778, 0x07B43F50 /* 218 */}, { 0xF5ECCC77, 0x4A44AB49 /* 219 */}, { 0xB679EE98, 0x3BC3D6E4 /* 220 */}, { 0xCF14108C, 0x9CC0D4D1 /* 221 */}, { 0x206BC8A0, 0x4406C00B /* 222 */}, { 0xC8D72D89, 0x82A18854 /* 223 */}, { 0x5C3C432C, 0x67E366B3 /* 224 */}, { 0x102B37F2, 0xB923DD61 /* 225 */}, { 0xD884271D, 0x56AB2779 /* 226 */}, { 0xFF1525AF, 0xBE83E1B0 /* 227 */}, { 0x217E49A9, 0xFB7C65D4 /* 228 */}, { 0x6D48E7D4, 0x6BDBE0E7 /* 229 */}, { 0x45D9179E, 0x08DF8287 /* 230 */}, { 0xDD53BD34, 0x22EA6A9A /* 231 */}, { 0x5622200A, 0xE36E141C /* 232 */}, { 0x8CB750EE, 0x7F805D1B /* 233 */}, { 0x9F58E837, 0xAFE5C7A5 /* 234 */}, { 0x4FB1C23C, 0xE27F996A /* 235 */}, { 0x0775F0D0, 0xD3867DFB /* 236 */}, { 0x6E88891A, 0xD0E673DE /* 237 */}, { 0xAFB86C25, 0x123AEB9E /* 238 */}, { 0xC145B895, 0x30F1D5D5 /* 239 */}, { 0xEE7269E7, 0xBB434A2D /* 240 */}, { 0xF931FA38, 0x78CB67EC /* 241 */}, { 0x323BBF9C, 0xF33B0372 /* 242 */}, { 0xFB279C74, 0x52D66336 /* 243 */}, { 0x0AFB4EAA, 0x505F33AC /* 244 */}, { 0xA2CCE187, 0xE8A5CD99 /* 245 */}, { 0x1E2D30BB, 0x53497480 /* 246 */}, { 0xD5876D90, 0x8D2D5711 /* 247 */}, { 0x91BC038E, 0x1F1A4128 /* 248 */}, { 0x82E56648, 0xD6E2E71D /* 249 */}, { 0x497732B7, 0x74036C3A /* 250 */}, { 0x6361F5AB, 0x89B67ED9 /* 251 */}, { 0xF1EA02A2, 0xFFED95D8 /* 252 */}, { 0x1464D43D, 0xE72B3BD6 /* 253 */}, { 0x0BDC4820, 0xA6300F17 /* 254 */}, { 0xED78A77A, 0xEBC18760 /* 255 */}, { 0x05A12138, 0xE6A6BE5A /* 256 */}, { 0xB4F87C98, 0xB5A122A5 /* 257 */}, { 0x140B6990, 0x563C6089 /* 258 */}, { 0x391F5DD5, 0x4C46CB2E /* 259 */}, { 0xC9B79434, 0xD932ADDB /* 260 */}, { 0x2015AFF5, 0x08EA70E4 /* 261 */}, { 0x3E478CF1, 0xD765A667 /* 262 */}, { 0xAB278D99, 0xC4FB757E /* 263 */}, { 0x2D6E0692, 0xDF11C686 /* 264 */}, { 0x0D7F3B16, 0xDDEB84F1 /* 265 */}, { 0xA665EA04, 0x6F2EF604 /* 266 */}, { 0xF0E0DFB3, 0x4A8E0F0F /* 267 */}, { 0x3DBCBA51, 0xA5EDEEF8 /* 268 */}, { 0x0EA4371E, 0xFC4F0A2A /* 269 */}, { 0x5CB38429, 0xE83E1DA8 /* 270 */}, { 0xBA1B1CE2, 0xDC8FF882 /* 271 */}, { 0x8353E80D, 0xCD45505E /* 272 */}, { 0xD4DB0717, 0x18D19A00 /* 273 */}, { 0xA5F38101, 0x34A0CFED /* 274 */}, { 0x8887CAF2, 0x0BE77E51 /* 275 */}, { 0xB3C45136, 0x1E341438 /* 276 */}, { 0x9089CCF9, 0xE05797F4 /* 277 */}, { 0xF2591D14, 0xFFD23F9D /* 278 */}, { 0x8595C5CD, 0x543DDA22 /* 279 */}, { 0x99052A33, 0x661F81FD /* 280 */}, { 0xDB0F7B76, 0x8736E641 /* 281 */}, { 0x418E5307, 0x15227725 /* 282 */}, { 0x162EB2FA, 0xE25F7F46 /* 283 */}, { 0x6C13D9FE, 0x48A8B212 /* 284 */}, { 0x92E76EEA, 0xAFDC5417 /* 285 */}, { 0xC6D1898F, 0x03D912BF /* 286 */}, { 0x1B83F51B, 0x31B1AAFA /* 287 */}, { 0xE42AB7D9, 0xF1AC2796 /* 288 */}, { 0xFCD2EBAC, 0x40A3A7D7 /* 289 */}, { 0x0AFBBCC5, 0x1056136D /* 290 */}, { 0x9A6D0C85, 0x7889E1DD /* 291 */}, { 0x2A7974AA, 0xD3352578 /* 292 */}, { 0x078AC09B, 0xA7E25D09 /* 293 */}, { 0xEAC6EDD0, 0xBD4138B3 /* 294 */}, { 0x71EB9E70, 0x920ABFBE /* 295 */}, { 0x4FC2625C, 0xA2A5D0F5 /* 296 */}, { 0x0B1290A3, 0xC054E36B /* 297 */}, { 0x62FE932B, 0xF6DD59FF /* 298 */}, { 0x11A8AC7D, 0x35373545 /* 299 */}, { 0x72FADCD4, 0xCA845E91 /* 300 */}, { 0x329D20DC, 0x84F82B60 /* 301 */}, { 0xCD672F18, 0x79C62CE1 /* 302 */}, { 0xD124642C, 0x8B09A2AD /* 303 */}, { 0x19D9E726, 0xD0C1E96A /* 304 */}, { 0x4BA9500C, 0x5A786A9B /* 305 */}, { 0x634C43F3, 0x0E020336 /* 306 */}, { 0xEB66D822, 0xC17B474A /* 307 */}, { 0xEC9BAAC2, 0x6A731AE3 /* 308 */}, { 0xE0840258, 0x8226667A /* 309 */}, { 0x91CAECA5, 0x67D45676 /* 310 */}, { 0x4875ADB5, 0x1D94155C /* 311 */}, { 0x5B813FDF, 0x6D00FD98 /* 312 */}, { 0xB774CD06, 0x51286EFC /* 313 */}, { 0x1FA744AF, 0x5E883447 /* 314 */}, { 0xE761AE2E, 0xF72CA0AE /* 315 */}, { 0xAEE8E09A, 0xBE40E4CD /* 316 */}, { 0x5118F665, 0xE9970BBB /* 317 */}, { 0x33DF1964, 0x726E4BEB /* 318 */}, { 0x29199762, 0x703B0007 /* 319 */}, { 0xF5EF30A7, 0x4631D816 /* 320 */}, { 0x1504A6BE, 0xB880B5B5 /* 321 */}, { 0x7ED84B6C, 0x641793C3 /* 322 */}, { 0xF6E97D96, 0x7B21ED77 /* 323 */}, { 0x2EF96B73, 0x77630631 /* 324 */}, { 0xE86FF3F4, 0xAE528948 /* 325 */}, { 0x86A3F8F8, 0x53DBD7F2 /* 326 */}, { 0x4CFC1063, 0x16CADCE7 /* 327 */}, { 0xFA52C6DD, 0x005C19BD /* 328 */}, { 0x64D46AD3, 0x68868F5D /* 329 */}, { 0xCF1E186A, 0x3A9D512C /* 330 */}, { 0x385660AE, 0x367E62C2 /* 331 */}, { 0x77DCB1D7, 0xE359E7EA /* 332 */}, { 0x749ABE6E, 0x526C0773 /* 333 */}, { 0xD09F734B, 0x735AE5F9 /* 334 */}, { 0x8A558BA8, 0x493FC7CC /* 335 */}, { 0x3041AB45, 0xB0B9C153 /* 336 */}, { 0x470A59BD, 0x321958BA /* 337 */}, { 0x5F46C393, 0x852DB00B /* 338 */}, { 0xD336B0E5, 0x91209B2B /* 339 */}, { 0x659EF19F, 0x6E604F7D /* 340 */}, { 0x782CCB24, 0xB99A8AE2 /* 341 */}, { 0xC814C4C7, 0xCCF52AB6 /* 342 */}, { 0xBE11727B, 0x4727D9AF /* 343 */}, { 0x0121B34D, 0x7E950D0C /* 344 */}, { 0x70AD471F, 0x756F4356 /* 345 */}, { 0x615A6849, 0xF5ADD442 /* 346 */}, { 0x80B9957A, 0x4E87E099 /* 347 */}, { 0x50AEE355, 0x2ACFA1DF /* 348 */}, { 0xFD2FD556, 0xD898263A /* 349 */}, { 0xD80C8FD6, 0xC8F4924D /* 350 */}, { 0x754A173A, 0xCF99CA3D /* 351 */}, { 0xAF91BF3C, 0xFE477BAC /* 352 */}, { 0xD690C12D, 0xED5371F6 /* 353 */}, { 0x5E687094, 0x831A5C28 /* 354 */}, { 0x3708A0A4, 0xC5D3C90A /* 355 */}, { 0x17D06580, 0x0F7F9037 /* 356 */}, { 0xB8FDF27F, 0x19F9BB13 /* 357 */}, { 0x4D502843, 0xB1BD6F1B /* 358 */}, { 0x8FFF4012, 0x1C761BA3 /* 359 */}, { 0xE2E21F3B, 0x0D1530C4 /* 360 */}, { 0xA7372C8A, 0x8943CE69 /* 361 */}, { 0xFEB5CE66, 0xE5184E11 /* 362 */}, { 0xBD736621, 0x618BDB80 /* 363 */}, { 0x8B574D0B, 0x7D29BAD6 /* 364 */}, { 0x25E6FE5B, 0x81BB613E /* 365 */}, { 0xBC07913F, 0x071C9C10 /* 366 */}, { 0x09AC2D97, 0xC7BEEB79 /* 367 */}, { 0x3BC5D757, 0xC3E58D35 /* 368 */}, { 0xF38F61E8, 0xEB017892 /* 369 */}, { 0x9B1CC21A, 0xD4EFFB9C /* 370 */}, { 0xF494F7AB, 0x99727D26 /* 371 */}, { 0x956B3E03, 0xA3E063A2 /* 372 */}, { 0x4AA09C30, 0x9D4A8B9A /* 373 */}, { 0x00090FB4, 0x3F6AB7D5 /* 374 */}, { 0x57268AC0, 0x9CC0F2A0 /* 375 */}, { 0xEDBF42D1, 0x3DEE9D2D /* 376 */}, { 0x7960A972, 0x330F49C8 /* 377 */}, { 0x87421B41, 0xC6B27202 /* 378 */}, { 0x7C00369C, 0x0AC59EC0 /* 379 */}, { 0xCB353425, 0xEF4EAC49 /* 380 */}, { 0xEF0129D8, 0xF450244E /* 381 */}, { 0xCAF4DEB6, 0x8ACC46E5 /* 382 */}, { 0x989263F7, 0x2FFEAB63 /* 383 */}, { 0x5D7A4578, 0x8F7CB9FE /* 384 */}, { 0x4E634635, 0x5BD8F764 /* 385 */}, { 0xBF2DC900, 0x427A7315 /* 386 */}, { 0x2125261C, 0x17D0C4AA /* 387 */}, { 0x93518E50, 0x3992486C /* 388 */}, { 0xA2D7D4C3, 0xB4CBFEE0 /* 389 */}, { 0x2C5DDD8D, 0x7C75D620 /* 390 */}, { 0xE35B6C61, 0xDBC295D8 /* 391 */}, { 0x02032B19, 0x60B369D3 /* 392 */}, { 0xDCE44132, 0xCE42685F /* 393 */}, { 0xDDF65610, 0x06F3DDB9 /* 394 */}, { 0xB5E148F0, 0x8EA4D21D /* 395 */}, { 0x2FCD496F, 0x20B0FCE6 /* 396 */}, { 0x58B0EE31, 0x2C1B9123 /* 397 */}, { 0x18F5A308, 0xB28317B8 /* 398 */}, { 0x9CA6D2CF, 0xA89C1E18 /* 399 */}, { 0x6AAADBC8, 0x0C6B1857 /* 400 */}, { 0x1299FAE3, 0xB65DEAA9 /* 401 */}, { 0x7F1027E7, 0xFB2B794B /* 402 */}, { 0x443B5BEB, 0x04E4317F /* 403 */}, { 0x5939D0A6, 0x4B852D32 /* 404 */}, { 0xFB207FFC, 0xD5AE6BEE /* 405 */}, { 0x81C7D374, 0x309682B2 /* 406 */}, { 0x94C3B475, 0xBAE309A1 /* 407 */}, { 0x13B49F05, 0x8CC3F97B /* 408 */}, { 0xF8293967, 0x98A9422F /* 409 */}, { 0x1076FF7C, 0x244B16B0 /* 410 */}, { 0x663D67EE, 0xF8BF571C /* 411 */}, { 0xEEE30DA1, 0x1F0D6758 /* 412 */}, { 0x7ADEB9B7, 0xC9B611D9 /* 413 */}, { 0x7B6C57A2, 0xB7AFD588 /* 414 */}, { 0x6B984FE1, 0x6290AE84 /* 415 */}, { 0xACC1A5FD, 0x94DF4CDE /* 416 */}, { 0xC5483AFF, 0x058A5BD1 /* 417 */}, { 0x42BA3C37, 0x63166CC1 /* 418 */}, { 0xB2F76F40, 0x8DB8526E /* 419 */}, { 0x6F0D6D4E, 0xE1088003 /* 420 */}, { 0x971D311D, 0x9E0523C9 /* 421 */}, { 0xCC7CD691, 0x45EC2824 /* 422 */}, { 0xE62382C9, 0x575B8359 /* 423 */}, { 0xC4889995, 0xFA9E400D /* 424 */}, { 0x45721568, 0xD1823ECB /* 425 */}, { 0x8206082F, 0xDAFD983B /* 426 */}, { 0x2386A8CB, 0xAA7D2908 /* 427 */}, { 0x03B87588, 0x269FCD44 /* 428 */}, { 0x28BDD1E0, 0x1B91F5F7 /* 429 */}, { 0x040201F6, 0xE4669F39 /* 430 */}, { 0x8CF04ADE, 0x7A1D7C21 /* 431 */}, { 0xD79CE5CE, 0x65623C29 /* 432 */}, { 0x96C00BB1, 0x23684490 /* 433 */}, { 0x9DA503BA, 0xAB9BF187 /* 434 */}, { 0xA458058E, 0xBC23ECB1 /* 435 */}, { 0xBB401ECC, 0x9A58DF01 /* 436 */}, { 0xA85F143D, 0xA070E868 /* 437 */}, { 0x7DF2239E, 0x4FF18830 /* 438 */}, { 0x1A641183, 0x14D565B4 /* 439 */}, { 0x52701602, 0xEE133374 /* 440 */}, { 0x3F285E09, 0x950E3DCF /* 441 */}, { 0xB9C80953, 0x59930254 /* 442 */}, { 0x8930DA6D, 0x3BF29940 /* 443 */}, { 0x53691387, 0xA955943F /* 444 */}, { 0xA9CB8784, 0xA15EDECA /* 445 */}, { 0x352BE9A0, 0x29142127 /* 446 */}, { 0xFF4E7AFB, 0x76F0371F /* 447 */}, { 0x274F2228, 0x0239F450 /* 448 */}, { 0x1D5E868B, 0xBB073AF0 /* 449 */}, { 0xC10E96C1, 0xBFC80571 /* 450 */}, { 0x68222E23, 0xD2670885 /* 451 */}, { 0x8E80B5B0, 0x9671A3D4 /* 452 */}, { 0xE193BB81, 0x55B5D38A /* 453 */}, { 0xA18B04B8, 0x693AE2D0 /* 454 */}, { 0xADD5335F, 0x5C48B4EC /* 455 */}, { 0x4916A1CA, 0xFD743B19 /* 456 */}, { 0x34BE98C4, 0x25770181 /* 457 */}, { 0x3C54A4AD, 0xE77987E8 /* 458 */}, { 0xDA33E1B9, 0x28E11014 /* 459 */}, { 0x226AA213, 0x270CC59E /* 460 */}, { 0x6D1A5F60, 0x71495F75 /* 461 */}, { 0x60AFEF77, 0x9BE853FB /* 462 */}, { 0xF7443DBF, 0xADC786A7 /* 463 */}, { 0x73B29A82, 0x09044561 /* 464 */}, { 0xC232BD5E, 0x58BC7A66 /* 465 */}, { 0x673AC8B2, 0xF306558C /* 466 */}, { 0xB6C9772A, 0x41F639C6 /* 467 */}, { 0x9FDA35DA, 0x216DEFE9 /* 468 */}, { 0x1C7BE615, 0x11640CC7 /* 469 */}, { 0x565C5527, 0x93C43694 /* 470 */}, { 0x46777839, 0xEA038E62 /* 471 */}, { 0x5A3E2469, 0xF9ABF3CE /* 472 */}, { 0x0FD312D2, 0x741E768D /* 473 */}, { 0xCED652C6, 0x0144B883 /* 474 */}, { 0xA33F8552, 0xC20B5A5B /* 475 */}, { 0xC3435A9D, 0x1AE69633 /* 476 */}, { 0x088CFDEC, 0x97A28CA4 /* 477 */}, { 0x1E96F420, 0x8824A43C /* 478 */}, { 0x6EEEA746, 0x37612FA6 /* 479 */}, { 0xF9CF0E5A, 0x6B4CB165 /* 480 */}, { 0xA0ABFB4A, 0x43AA1C06 /* 481 */}, { 0xF162796B, 0x7F4DC26F /* 482 */}, { 0x54ED9B0F, 0x6CBACC8E /* 483 */}, { 0xD2BB253E, 0xA6B7FFEF /* 484 */}, { 0xB0A29D4F, 0x2E25BC95 /* 485 */}, { 0xDEF1388C, 0x86D6A58B /* 486 */}, { 0x76B6F054, 0xDED74AC5 /* 487 */}, { 0x2B45805D, 0x8030BDBC /* 488 */}, { 0xE94D9289, 0x3C81AF70 /* 489 */}, { 0x9E3100DB, 0x3EFF6DDA /* 490 */}, { 0xDFCC8847, 0xB38DC39F /* 491 */}, { 0x8D17B87E, 0x12388552 /* 492 */}, { 0x40B1B642, 0xF2DA0ED2 /* 493 */}, { 0xD54BF9A9, 0x44CEFADC /* 494 */}, { 0x433C7EE6, 0x1312200E /* 495 */}, { 0x3A78C748, 0x9FFCC84F /* 496 */}, { 0x248576BB, 0xF0CD1F72 /* 497 */}, { 0x3638CFE4, 0xEC697405 /* 498 */}, { 0x0CEC4E4C, 0x2BA7B67C /* 499 */}, { 0xE5CE32ED, 0xAC2F4DF3 /* 500 */}, { 0x26EA4C11, 0xCB33D143 /* 501 */}, { 0xC77E58BC, 0xA4E9044C /* 502 */}, { 0xD934FCEF, 0x5F513293 /* 503 */}, { 0x06E55444, 0x5DC96455 /* 504 */}, { 0x317DE40A, 0x50DE418F /* 505 */}, { 0x69DDE259, 0x388CB31A /* 506 */}, { 0x55820A86, 0x2DB4A834 /* 507 */}, { 0x84711AE9, 0x9010A91E /* 508 */}, { 0xB1498371, 0x4DF7F0B7 /* 509 */}, { 0xC0977179, 0xD62A2EAB /* 510 */}, { 0xAA8D5C0E, 0x22FAC097 /* 511 */}, { 0xF1DAF39B, 0xF49FCC2F /* 512 */}, { 0x6FF29281, 0x487FD5C6 /* 513 */}, { 0xFCDCA83F, 0xE8A30667 /* 514 */}, { 0xD2FCCE63, 0x2C9B4BE3 /* 515 */}, { 0x93FBBBC2, 0xDA3FF74B /* 516 */}, { 0xFE70BA66, 0x2FA165D2 /* 517 */}, { 0x970E93D4, 0xA103E279 /* 518 */}, { 0xB0E45E71, 0xBECDEC77 /* 519 */}, { 0x3985E497, 0xCFB41E72 /* 520 */}, { 0x5EF75017, 0xB70AAA02 /* 521 */}, { 0x3840B8E0, 0xD42309F0 /* 522 */}, { 0x35898579, 0x8EFC1AD0 /* 523 */}, { 0xE2B2ABC5, 0x96C6920B /* 524 */}, { 0x375A9172, 0x66AF4163 /* 525 */}, { 0xCA7127FB, 0x2174ABDC /* 526 */}, { 0x4A72FF41, 0xB33CCEA6 /* 527 */}, { 0x083066A5, 0xF04A4933 /* 528 */}, { 0xD7289AF5, 0x8D970ACD /* 529 */}, { 0x31C8C25E, 0x8F96E8E0 /* 530 */}, { 0x76875D47, 0xF3FEC022 /* 531 */}, { 0x056190DD, 0xEC7BF310 /* 532 */}, { 0xBB0F1491, 0xF5ADB0AE /* 533 */}, { 0x0FD58892, 0x9B50F885 /* 534 */}, { 0x58B74DE8, 0x49754883 /* 535 */}, { 0x91531C61, 0xA3354FF6 /* 536 */}, { 0x81D2C6EE, 0x0702BBE4 /* 537 */}, { 0x7DEDED98, 0x89FB2405 /* 538 */}, { 0x8596E902, 0xAC307513 /* 539 */}, { 0x172772ED, 0x1D2D3580 /* 540 */}, { 0x8E6BC30D, 0xEB738FC2 /* 541 */}, { 0x63044326, 0x5854EF8F /* 542 */}, { 0x5ADD3BBE, 0x9E5C5232 /* 543 */}, { 0x325C4623, 0x90AA53CF /* 544 */}, { 0x349DD067, 0xC1D24D51 /* 545 */}, { 0xA69EA624, 0x2051CFEE /* 546 */}, { 0x862E7E4F, 0x13220F0A /* 547 */}, { 0x04E04864, 0xCE393994 /* 548 */}, { 0x7086FCB7, 0xD9C42CA4 /* 549 */}, { 0x8A03E7CC, 0x685AD223 /* 550 */}, { 0xAB2FF1DB, 0x066484B2 /* 551 */}, { 0xEFBF79EC, 0xFE9D5D70 /* 552 */}, { 0x9C481854, 0x5B13B9DD /* 553 */}, { 0xED1509AD, 0x15F0D475 /* 554 */}, { 0x0EC79851, 0x0BEBCD06 /* 555 */}, { 0x183AB7F8, 0xD58C6791 /* 556 */}, { 0x52F3EEE4, 0xD1187C50 /* 557 */}, { 0xE54E82FF, 0xC95D1192 /* 558 */}, { 0xB9AC6CA2, 0x86EEA14C /* 559 */}, { 0x53677D5D, 0x3485BEB1 /* 560 */}, { 0x1F8C492A, 0xDD191D78 /* 561 */}, { 0xA784EBF9, 0xF60866BA /* 562 */}, { 0xA2D08C74, 0x518F643B /* 563 */}, { 0xE1087C22, 0x8852E956 /* 564 */}, { 0xC410AE8D, 0xA768CB8D /* 565 */}, { 0xBFEC8E1A, 0x38047726 /* 566 */}, { 0xCD3B45AA, 0xA67738B4 /* 567 */}, { 0xEC0DDE19, 0xAD16691C /* 568 */}, { 0x80462E07, 0xC6D43193 /* 569 */}, { 0x0BA61938, 0xC5A5876D /* 570 */}, { 0xA58FD840, 0x16B9FA1F /* 571 */}, { 0x3CA74F18, 0x188AB117 /* 572 */}, { 0xC99C021F, 0xABDA2F98 /* 573 */}, { 0x134AE816, 0x3E0580AB /* 574 */}, { 0x73645ABB, 0x5F3B05B7 /* 575 */}, { 0x5575F2F6, 0x2501A2BE /* 576 */}, { 0x4E7E8BA9, 0x1B2F7400 /* 577 */}, { 0x71E8D953, 0x1CD75803 /* 578 */}, { 0x62764E30, 0x7F6ED895 /* 579 */}, { 0x596F003D, 0xB15926FF /* 580 */}, { 0xA8C5D6B9, 0x9F65293D /* 581 */}, { 0xD690F84C, 0x6ECEF04D /* 582 */}, { 0xFF33AF88, 0x4782275F /* 583 */}, { 0x3F820801, 0xE4143308 /* 584 */}, { 0x9A1AF9B5, 0xFD0DFE40 /* 585 */}, { 0x2CDB396B, 0x4325A334 /* 586 */}, { 0xB301B252, 0x8AE77E62 /* 587 */}, { 0x6655615A, 0xC36F9E9F /* 588 */}, { 0x92D32C09, 0x85455A2D /* 589 */}, { 0x49477485, 0xF2C7DEA9 /* 590 */}, { 0x33A39EBA, 0x63CFB4C1 /* 591 */}, { 0x6EBC5462, 0x83B040CC /* 592 */}, { 0xFDB326B0, 0x3B9454C8 /* 593 */}, { 0x87FFD78C, 0x56F56A9E /* 594 */}, { 0x99F42BC6, 0x2DC2940D /* 595 */}, { 0x6B096E2D, 0x98F7DF09 /* 596 */}, { 0x3AD852BF, 0x19A6E01E /* 597 */}, { 0xDBD4B40B, 0x42A99CCB /* 598 */}, { 0x45E9C559, 0xA59998AF /* 599 */}, { 0x07D93186, 0x366295E8 /* 600 */}, { 0xFAA1F773, 0x6B48181B /* 601 */}, { 0x157A0A1D, 0x1FEC57E2 /* 602 */}, { 0xF6201AD5, 0x4667446A /* 603 */}, { 0xCFB0F075, 0xE615EBCA /* 604 */}, { 0x68290778, 0xB8F31F4F /* 605 */}, { 0xCE22D11E, 0x22713ED6 /* 606 */}, { 0x2EC3C93B, 0x3057C1A7 /* 607 */}, { 0x7C3F1F2F, 0xCB46ACC3 /* 608 */}, { 0x02AAF50E, 0xDBB893FD /* 609 */}, { 0x600B9FCF, 0x331FD92E /* 610 */}, { 0x48EA3AD6, 0xA498F961 /* 611 */}, { 0x8B6A83EA, 0xA8D8426E /* 612 */}, { 0xB7735CDC, 0xA089B274 /* 613 */}, { 0x1E524A11, 0x87F6B373 /* 614 */}, { 0xCBC96749, 0x118808E5 /* 615 */}, { 0xB19BD394, 0x9906E4C7 /* 616 */}, { 0x9B24A20C, 0xAFED7F7E /* 617 */}, { 0xEB3644A7, 0x6509EADE /* 618 */}, { 0xE8EF0EDE, 0x6C1EF1D3 /* 619 */}, { 0xE9798FB4, 0xB9C97D43 /* 620 */}, { 0x740C28A3, 0xA2F2D784 /* 621 */}, { 0x6197566F, 0x7B849647 /* 622 */}, { 0xB65F069D, 0x7A5BE3E6 /* 623 */}, { 0x78BE6F10, 0xF96330ED /* 624 */}, { 0x7A076A15, 0xEEE60DE7 /* 625 */}, { 0xA08B9BD0, 0x2B4BEE4A /* 626 */}, { 0xC7B8894E, 0x6A56A63E /* 627 */}, { 0xBA34FEF4, 0x02121359 /* 628 */}, { 0x283703FC, 0x4CBF99F8 /* 629 */}, { 0x0CAF30C8, 0x39807135 /* 630 */}, { 0xF017687A, 0xD0A77A89 /* 631 */}, { 0x9E423569, 0xF1C1A9EB /* 632 */}, { 0x2DEE8199, 0x8C797628 /* 633 */}, { 0xDD1F7ABD, 0x5D1737A5 /* 634 */}, { 0x09A9FA80, 0x4F53433C /* 635 */}, { 0xDF7CA1D9, 0xFA8B0C53 /* 636 */}, { 0x886CCB77, 0x3FD9DCBC /* 637 */}, { 0xA91B4720, 0xC040917C /* 638 */}, { 0xF9D1DCDF, 0x7DD00142 /* 639 */}, { 0x4F387B58, 0x8476FC1D /* 640 */}, { 0xF3316503, 0x23F8E7C5 /* 641 */}, { 0xE7E37339, 0x032A2244 /* 642 */}, { 0x50F5A74B, 0x5C87A5D7 /* 643 */}, { 0x3698992E, 0x082B4CC4 /* 644 */}, { 0xB858F63C, 0xDF917BEC /* 645 */}, { 0x5BF86DDA, 0x3270B8FC /* 646 */}, { 0x29B5DD76, 0x10AE72BB /* 647 */}, { 0x7700362B, 0x576AC94E /* 648 */}, { 0xC61EFB8F, 0x1AD112DA /* 649 */}, { 0xC5FAA427, 0x691BC30E /* 650 */}, { 0xCC327143, 0xFF246311 /* 651 */}, { 0x30E53206, 0x3142368E /* 652 */}, { 0xE02CA396, 0x71380E31 /* 653 */}, { 0x0AAD76F1, 0x958D5C96 /* 654 */}, { 0xC16DA536, 0xF8D6F430 /* 655 */}, { 0x1BE7E1D2, 0xC8FFD13F /* 656 */}, { 0x004DDBE1, 0x7578AE66 /* 657 */}, { 0x067BE646, 0x05833F01 /* 658 */}, { 0x3BFE586D, 0xBB34B5AD /* 659 */}, { 0xA12B97F0, 0x095F34C9 /* 660 */}, { 0x25D60CA8, 0x247AB645 /* 661 */}, { 0x017477D1, 0xDCDBC6F3 /* 662 */}, { 0xDECAD24D, 0x4A2E14D4 /* 663 */}, { 0xBE0A1EEB, 0xBDB5E6D9 /* 664 */}, { 0x794301AB, 0x2A7E70F7 /* 665 */}, { 0x270540FD, 0xDEF42D8A /* 666 */}, { 0xA34C22C1, 0x01078EC0 /* 667 */}, { 0xF4C16387, 0xE5DE511A /* 668 */}, { 0xBD9A330A, 0x7EBB3A52 /* 669 */}, { 0xAA7D6435, 0x77697857 /* 670 */}, { 0x03AE4C32, 0x004E8316 /* 671 */}, { 0xAD78E312, 0xE7A21020 /* 672 */}, { 0x6AB420F2, 0x9D41A70C /* 673 */}, { 0xEA1141E6, 0x28E06C18 /* 674 */}, { 0x984F6B28, 0xD2B28CBD /* 675 */}, { 0x446E9D83, 0x26B75F6C /* 676 */}, { 0x4D418D7F, 0xBA47568C /* 677 */}, { 0xE6183D8E, 0xD80BADBF /* 678 */}, { 0x5F166044, 0x0E206D7F /* 679 */}, { 0x11CBCA3E, 0xE258A439 /* 680 */}, { 0xB21DC0BC, 0x723A1746 /* 681 */}, { 0xF5D7CDD3, 0xC7CAA854 /* 682 */}, { 0x3D261D9C, 0x7CAC3288 /* 683 */}, { 0x23BA942C, 0x7690C264 /* 684 */}, { 0x478042B8, 0x17E55524 /* 685 */}, { 0x56A2389F, 0xE0BE4776 /* 686 */}, { 0x67AB2DA0, 0x4D289B5E /* 687 */}, { 0x8FBBFD31, 0x44862B9C /* 688 */}, { 0x9D141365, 0xB47CC804 /* 689 */}, { 0x2B91C793, 0x822C1B36 /* 690 */}, { 0xFB13DFD8, 0x4EB14655 /* 691 */}, { 0x14E2A97B, 0x1ECBBA07 /* 692 */}, { 0x5CDE5F14, 0x6143459D /* 693 */}, { 0xD5F0AC89, 0x53A8FBF1 /* 694 */}, { 0x1C5E5B00, 0x97EA04D8 /* 695 */}, { 0xD4FDB3F3, 0x622181A8 /* 696 */}, { 0x572A1208, 0xE9BCD341 /* 697 */}, { 0x43CCE58A, 0x14112586 /* 698 */}, { 0xA4C6E0A4, 0x9144C5FE /* 699 */}, { 0x65CF620F, 0x0D33D065 /* 700 */}, { 0x9F219CA1, 0x54A48D48 /* 701 */}, { 0x6D63C821, 0xC43E5EAC /* 702 */}, { 0x72770DAF, 0xA9728B3A /* 703 */}, { 0x20DF87EF, 0xD7934E7B /* 704 */}, { 0x1A3E86E5, 0xE35503B6 /* 705 */}, { 0xC819D504, 0xCAE321FB /* 706 */}, { 0xAC60BFA6, 0x129A50B3 /* 707 */}, { 0x7E9FB6C3, 0xCD5E68EA /* 708 */}, { 0x9483B1C7, 0xB01C9019 /* 709 */}, { 0xC295376C, 0x3DE93CD5 /* 710 */}, { 0x2AB9AD13, 0xAED52EDF /* 711 */}, { 0xC0A07884, 0x2E60F512 /* 712 */}, { 0xE36210C9, 0xBC3D86A3 /* 713 */}, { 0x163951CE, 0x35269D9B /* 714 */}, { 0xD0CDB5FA, 0x0C7D6E2A /* 715 */}, { 0xD87F5733, 0x59E86297 /* 716 */}, { 0x898DB0E7, 0x298EF221 /* 717 */}, { 0xD1A5AA7E, 0x55000029 /* 718 */}, { 0xB5061B45, 0x8BC08AE1 /* 719 */}, { 0x6C92703A, 0xC2C31C2B /* 720 */}, { 0xAF25EF42, 0x94CC596B /* 721 */}, { 0x22540456, 0x0A1D73DB /* 722 */}, { 0xD9C4179A, 0x04B6A0F9 /* 723 */}, { 0xAE3D3C60, 0xEFFDAFA2 /* 724 */}, { 0xB49496C4, 0xF7C8075B /* 725 */}, { 0x1D1CD4E3, 0x9CC5C714 /* 726 */}, { 0x218E5534, 0x78BD1638 /* 727 */}, { 0xF850246A, 0xB2F11568 /* 728 */}, { 0x9502BC29, 0xEDFABCFA /* 729 */}, { 0xDA23051B, 0x796CE5F2 /* 730 */}, { 0xDC93537C, 0xAAE128B0 /* 731 */}, { 0xEE4B29AE, 0x3A493DA0 /* 732 */}, { 0x416895D7, 0xB5DF6B2C /* 733 */}, { 0x122D7F37, 0xFCABBD25 /* 734 */}, { 0x105DC4B1, 0x70810B58 /* 735 */}, { 0xF7882A90, 0xE10FDD37 /* 736 */}, { 0x518A3F5C, 0x524DCAB5 /* 737 */}, { 0x8451255B, 0x3C9E8587 /* 738 */}, { 0x19BD34E2, 0x40298281 /* 739 */}, { 0x5D3CECCB, 0x74A05B6F /* 740 */}, { 0x42E13ECA, 0xB6100215 /* 741 */}, { 0x2F59E2AC, 0x0FF979D1 /* 742 */}, { 0xE4F9CC50, 0x6037DA27 /* 743 */}, { 0x0DF1847D, 0x5E92975A /* 744 */}, { 0xD3E623FE, 0xD66DE190 /* 745 */}, { 0x7B568048, 0x5032D6B8 /* 746 */}, { 0x8235216E, 0x9A36B7CE /* 747 */}, { 0x24F64B4A, 0x80272A7A /* 748 */}, { 0x8C6916F7, 0x93EFED8B /* 749 */}, { 0x4CCE1555, 0x37DDBFF4 /* 750 */}, { 0x4B99BD25, 0x4B95DB5D /* 751 */}, { 0x69812FC0, 0x92D3FDA1 /* 752 */}, { 0x90660BB6, 0xFB1A4A9A /* 753 */}, { 0x46A4B9B2, 0x730C1969 /* 754 */}, { 0x7F49DA68, 0x81E289AA /* 755 */}, { 0x83B1A05F, 0x64669A0F /* 756 */}, { 0x9644F48B, 0x27B3FF7D /* 757 */}, { 0x8DB675B3, 0xCC6B615C /* 758 */}, { 0xBCEBBE95, 0x674F20B9 /* 759 */}, { 0x75655982, 0x6F312382 /* 760 */}, { 0x3E45CF05, 0x5AE48871 /* 761 */}, { 0x54C21157, 0xBF619F99 /* 762 */}, { 0x40A8EAE9, 0xEABAC460 /* 763 */}, { 0xF2C0C1CD, 0x454C6FE9 /* 764 */}, { 0x6412691C, 0x419CF649 /* 765 */}, { 0x265B0F70, 0xD3DC3BEF /* 766 */}, { 0xC3578A9E, 0x6D0E60F5 /* 767 */}, { 0x26323C55, 0x5B0E6085 /* 768 */}, { 0xFA1B59F5, 0x1A46C1A9 /* 769 */}, { 0x7C4C8FFA, 0xA9E245A1 /* 770 */}, { 0xDB2955D7, 0x65CA5159 /* 771 */}, { 0xCE35AFC2, 0x05DB0A76 /* 772 */}, { 0xA9113D45, 0x81EAC77E /* 773 */}, { 0xB6AC0A0D, 0x528EF88A /* 774 */}, { 0x597BE3FF, 0xA09EA253 /* 775 */}, { 0xAC48CD56, 0x430DDFB3 /* 776 */}, { 0xF45CE46F, 0xC4B3A67A /* 777 */}, { 0xFBE2D05E, 0x4ECECFD8 /* 778 */}, { 0xB39935F0, 0x3EF56F10 /* 779 */}, { 0x9CD619C6, 0x0B22D682 /* 780 */}, { 0x74DF2069, 0x17FD460A /* 781 */}, { 0x8510ED40, 0x6CF8CC8E /* 782 */}, { 0x3A6ECAA7, 0xD6C824BF /* 783 */}, { 0x1A817049, 0x61243D58 /* 784 */}, { 0xBBC163A2, 0x048BACB6 /* 785 */}, { 0x7D44CC32, 0xD9A38AC2 /* 786 */}, { 0xAAF410AB, 0x7FDDFF5B /* 787 */}, { 0xA804824B, 0xAD6D495A /* 788 */}, { 0x2D8C9F94, 0xE1A6A74F /* 789 */}, { 0x35DEE8E3, 0xD4F78512 /* 790 */}, { 0x6540D893, 0xFD4B7F88 /* 791 */}, { 0x2AA4BFDA, 0x247C2004 /* 792 */}, { 0x17D1327C, 0x096EA1C5 /* 793 */}, { 0x361A6685, 0xD56966B4 /* 794 */}, { 0x1221057D, 0x277DA5C3 /* 795 */}, { 0xA43ACFF7, 0x94D59893 /* 796 */}, { 0xCDC02281, 0x64F0C51C /* 797 */}, { 0xFF6189DB, 0x3D33BCC4 /* 798 */}, { 0x4CE66AF1, 0xE005CB18 /* 799 */}, { 0x1DB99BEA, 0xFF5CCD1D /* 800 */}, { 0xFE42980F, 0xB0B854A7 /* 801 */}, { 0x718D4B9F, 0x7BD46A6A /* 802 */}, { 0x22A5FD8C, 0xD10FA8CC /* 803 */}, { 0x2BE4BD31, 0xD3148495 /* 804 */}, { 0xCB243847, 0xC7FA975F /* 805 */}, { 0x5846C407, 0x4886ED1E /* 806 */}, { 0x1EB70B04, 0x28CDDB79 /* 807 */}, { 0xF573417F, 0xC2B00BE2 /* 808 */}, { 0x2180F877, 0x5C959045 /* 809 */}, { 0xF370EB00, 0x7A6BDDFF /* 810 */}, { 0xD6D9D6A4, 0xCE509E38 /* 811 */}, { 0x647FA702, 0xEBEB0F00 /* 812 */}, { 0x76606F06, 0x1DCC06CF /* 813 */}, { 0xA286FF0A, 0xE4D9F28B /* 814 */}, { 0xC918C262, 0xD85A305D /* 815 */}, { 0x32225F54, 0x475B1D87 /* 816 */}, { 0x68CCB5FE, 0x2D4FB516 /* 817 */}, { 0xD72BBA20, 0xA679B9D9 /* 818 */}, { 0x912D43A5, 0x53841C0D /* 819 */}, { 0xBF12A4E8, 0x3B7EAA48 /* 820 */}, { 0xF22F1DDF, 0x781E0E47 /* 821 */}, { 0x0AB50973, 0xEFF20CE6 /* 822 */}, { 0x9DFFB742, 0x20D261D1 /* 823 */}, { 0x062A2E39, 0x16A12B03 /* 824 */}, { 0x39650495, 0x1960EB22 /* 825 */}, { 0xD50EB8B8, 0x251C16FE /* 826 */}, { 0xF826016E, 0x9AC0C330 /* 827 */}, { 0x953E7671, 0xED152665 /* 828 */}, { 0xA6369570, 0x02D63194 /* 829 */}, { 0x94B1C987, 0x5074F083 /* 830 */}, { 0x90B25CE1, 0x70BA598C /* 831 */}, { 0x0B9742F6, 0x794A1581 /* 832 */}, { 0xFCAF8C6C, 0x0D5925E9 /* 833 */}, { 0xD868744E, 0x3067716C /* 834 */}, { 0xE8D7731B, 0x910AB077 /* 835 */}, { 0x5AC42F61, 0x6A61BBDB /* 836 */}, { 0xF0851567, 0x93513EFB /* 837 */}, { 0x9E83E9D5, 0xF494724B /* 838 */}, { 0x5C09648D, 0xE887E198 /* 839 */}, { 0x75370CFD, 0x34B1D3C6 /* 840 */}, { 0xBC0D255D, 0xDC35E433 /* 841 */}, { 0x34131BE0, 0xD0AAB842 /* 842 */}, { 0xB48B7EAF, 0x08042A50 /* 843 */}, { 0x44A3AB35, 0x9997C4EE /* 844 */}, { 0x201799D0, 0x829A7B49 /* 845 */}, { 0xB7C54441, 0x263B8307 /* 846 */}, { 0xFD6A6CA6, 0x752F95F4 /* 847 */}, { 0x2C08C6E5, 0x92721740 /* 848 */}, { 0xA795D9EE, 0x2A8AB754 /* 849 */}, { 0x2F72943D, 0xA442F755 /* 850 */}, { 0x19781208, 0x2C31334E /* 851 */}, { 0xEAEE6291, 0x4FA98D7C /* 852 */}, { 0x665DB309, 0x55C3862F /* 853 */}, { 0x5D53B1F3, 0xBD061017 /* 854 */}, { 0x40413F27, 0x46FE6CB8 /* 855 */}, { 0xDF0CFA59, 0x3FE03792 /* 856 */}, { 0x2EB85E8F, 0xCFE70037 /* 857 */}, { 0xADBCE118, 0xA7BE29E7 /* 858 */}, { 0xDE8431DD, 0xE544EE5C /* 859 */}, { 0x41F1873E, 0x8A781B1B /* 860 */}, { 0xA0D2F0E7, 0xA5C94C78 /* 861 */}, { 0x77B60728, 0x39412E28 /* 862 */}, { 0xAFC9A62C, 0xA1265EF3 /* 863 */}, { 0x6A2506C5, 0xBCC2770C /* 864 */}, { 0xDCE1CE12, 0x3AB66DD5 /* 865 */}, { 0x4A675B37, 0xE65499D0 /* 866 */}, { 0x81BFD216, 0x7D8F5234 /* 867 */}, { 0xEC15F389, 0x0F6F64FC /* 868 */}, { 0x8B5B13C8, 0x74EFBE61 /* 869 */}, { 0x14273E1D, 0xACDC82B7 /* 870 */}, { 0x03199D17, 0xDD40BFE0 /* 871 */}, { 0xE7E061F8, 0x37E99257 /* 872 */}, { 0x04775AAA, 0xFA526269 /* 873 */}, { 0x463D56F9, 0x8BBBF63A /* 874 */}, { 0x43A26E64, 0xF0013F15 /* 875 */}, { 0x879EC898, 0xA8307E9F /* 876 */}, { 0x150177CC, 0xCC4C27A4 /* 877 */}, { 0xCA1D3348, 0x1B432F2C /* 878 */}, { 0x9F6FA013, 0xDE1D1F8F /* 879 */}, { 0x47A7DDD6, 0x606602A0 /* 880 */}, { 0xCC1CB2C7, 0xD237AB64 /* 881 */}, { 0x25FCD1D3, 0x9B938E72 /* 882 */}, { 0x8E0FF476, 0xEC4E0370 /* 883 */}, { 0x3D03C12D, 0xFEB2FBDA /* 884 */}, { 0xEE43889A, 0xAE0BCED2 /* 885 */}, { 0xEBFB4F43, 0x22CB8923 /* 886 */}, { 0x3CF7396D, 0x69360D01 /* 887 */}, { 0xD2D4E022, 0x855E3602 /* 888 */}, { 0xD01F784C, 0x073805BA /* 889 */}, { 0x3852F546, 0x33E17A13 /* 890 */}, { 0x8AC7B638, 0xDF487405 /* 891 */}, { 0x678AA14A, 0xBA92B29C /* 892 */}, { 0x6CFAADCD, 0x0CE89FC7 /* 893 */}, { 0x08339E34, 0x5F9D4E09 /* 894 */}, { 0x1F5923B9, 0xF1AFE929 /* 895 */}, { 0x0F4A265F, 0x6E3480F6 /* 896 */}, { 0xB29B841C, 0xEEBF3A2A /* 897 */}, { 0x8F91B4AD, 0xE21938A8 /* 898 */}, { 0x45C6D3C3, 0x57DFEFF8 /* 899 */}, { 0xF62CAAF2, 0x2F006B0B /* 900 */}, { 0x6F75EE78, 0x62F479EF /* 901 */}, { 0x1C8916A9, 0x11A55AD4 /* 902 */}, { 0x84FED453, 0xF229D290 /* 903 */}, { 0x16B000E6, 0x42F1C27B /* 904 */}, { 0x9823C074, 0x2B1F7674 /* 905 */}, { 0xC2745360, 0x4B76ECA3 /* 906 */}, { 0xB91691BD, 0x8C98F463 /* 907 */}, { 0xF1ADE66A, 0x14BCC93C /* 908 */}, { 0x6D458397, 0x8885213E /* 909 */}, { 0x274D4711, 0x8E177DF0 /* 910 */}, { 0x503F2951, 0xB49B73B5 /* 911 */}, { 0xC3F96B6B, 0x10168168 /* 912 */}, { 0x63CAB0AE, 0x0E3D963B /* 913 */}, { 0x55A1DB14, 0x8DFC4B56 /* 914 */}, { 0x6E14DE5C, 0xF789F135 /* 915 */}, { 0x4E51DAC1, 0x683E68AF /* 916 */}, { 0x8D4B0FD9, 0xC9A84F9D /* 917 */}, { 0x52A0F9D1, 0x3691E03F /* 918 */}, { 0xE1878E80, 0x5ED86E46 /* 919 */}, { 0x99D07150, 0x3C711A0E /* 920 */}, { 0x0C4E9310, 0x5A0865B2 /* 921 */}, { 0xE4F0682E, 0x56FBFC1F /* 922 */}, { 0x105EDF9B, 0xEA8D5DE3 /* 923 */}, { 0x2379187A, 0x71ABFDB1 /* 924 */}, { 0xBEE77B9C, 0x2EB99DE1 /* 925 */}, { 0x33CF4523, 0x21ECC0EA /* 926 */}, { 0x1805C7A1, 0x59A4D752 /* 927 */}, { 0x56AE7C72, 0x3896F5EB /* 928 */}, { 0xB18F75DC, 0xAA638F3D /* 929 */}, { 0xABE9808E, 0x9F39358D /* 930 */}, { 0xC00B72AC, 0xB7DEFA91 /* 931 */}, { 0x62492D92, 0x6B5541FD /* 932 */}, { 0xF92E4D5B, 0x6DC6DEE8 /* 933 */}, { 0xC4BEEA7E, 0x353F57AB /* 934 */}, { 0xDA5690CE, 0x735769D6 /* 935 */}, { 0x42391484, 0x0A234AA6 /* 936 */}, { 0x28F80D9D, 0xF6F95080 /* 937 */}, { 0x7AB3F215, 0xB8E319A2 /* 938 */}, { 0x51341A4D, 0x31AD9C11 /* 939 */}, { 0x7BEF5805, 0x773C22A5 /* 940 */}, { 0x07968633, 0x45C7561A /* 941 */}, { 0x249DBE36, 0xF913DA9E /* 942 */}, { 0x78A64C68, 0xDA652D9B /* 943 */}, { 0x3BC334EF, 0x4C27A97F /* 944 */}, { 0xE66B17F4, 0x76621220 /* 945 */}, { 0x9ACD7D0B, 0x96774389 /* 946 */}, { 0xE0ED6782, 0xF3EE5BCA /* 947 */}, { 0x00C879FC, 0x409F7536 /* 948 */}, { 0xB5926DB6, 0x06D09A39 /* 949 */}, { 0x317AC588, 0x6F83AEB0 /* 950 */}, { 0x86381F21, 0x01E6CA4A /* 951 */}, { 0xD19F3025, 0x66FF3462 /* 952 */}, { 0xDDFD3BFB, 0x72207C24 /* 953 */}, { 0xE2ECE2EB, 0x4AF6B6D3 /* 954 */}, { 0xC7EA08DE, 0x9C994DBE /* 955 */}, { 0xB09A8BC4, 0x49ACE597 /* 956 */}, { 0xCF0797BA, 0xB38C4766 /* 957 */}, { 0xC57C2A75, 0x131B9373 /* 958 */}, { 0x61931E58, 0xB1822CCE /* 959 */}, { 0x09BA1C0C, 0x9D7555B9 /* 960 */}, { 0x937D11D2, 0x127FAFDD /* 961 */}, { 0xC66D92E4, 0x29DA3BAD /* 962 */}, { 0x54C2ECBC, 0xA2C1D571 /* 963 */}, { 0x82F6FE24, 0x58C5134D /* 964 */}, { 0x5B62274F, 0x1C3AE351 /* 965 */}, { 0x01CB8126, 0xE907C82E /* 966 */}, { 0x13E37FCB, 0xF8ED0919 /* 967 */}, { 0xC80046C9, 0x3249D8F9 /* 968 */}, { 0xE388FB63, 0x80CF9BED /* 969 */}, { 0x116CF19E, 0x1881539A /* 970 */}, { 0x6BD52457, 0x5103F3F7 /* 971 */}, { 0xAE47F7A8, 0x15B7E6F5 /* 972 */}, { 0xD47E9CCF, 0xDBD7C6DE /* 973 */}, { 0x0228BB1A, 0x44E55C41 /* 974 */}, { 0x5EDB4E99, 0xB647D425 /* 975 */}, { 0xB8AAFC30, 0x5D11882B /* 976 */}, { 0x29D3212A, 0xF5098BBB /* 977 */}, { 0xE90296B3, 0x8FB5EA14 /* 978 */}, { 0x57DD025A, 0x677B9421 /* 979 */}, { 0xA390ACB5, 0xFB58E7C0 /* 980 */}, { 0x83BD4A01, 0x89D3674C /* 981 */}, { 0x4BF3B93B, 0x9E2DA4DF /* 982 */}, { 0x8CAB4829, 0xFCC41E32 /* 983 */}, { 0xBA582C52, 0x03F38C96 /* 984 */}, { 0x7FD85DB2, 0xCAD1BDBD /* 985 */}, { 0x6082AE83, 0xBBB442C1 /* 986 */}, { 0xA5DA9AB0, 0xB95FE86B /* 987 */}, { 0x3771A93F, 0xB22E0467 /* 988 */}, { 0x493152D8, 0x845358C9 /* 989 */}, { 0x97B4541E, 0xBE2A4886 /* 990 */}, { 0xD38E6966, 0x95A2DC2D /* 991 */}, { 0x923C852B, 0xC02C11AC /* 992 */}, { 0x0DF2A87B, 0x2388B199 /* 993 */}, { 0x1B4F37BE, 0x7C8008FA /* 994 */}, { 0x4D54E503, 0x1F70D0C8 /* 995 */}, { 0x7ECE57D4, 0x5490ADEC /* 996 */}, { 0xD9063A3A, 0x002B3C27 /* 997 */}, { 0x8030A2BF, 0x7EAEA384 /* 998 */}, { 0xED2003C0, 0xC602326D /* 999 */}, { 0x69A94086, 0x83A7287D /* 1000 */}, { 0x30F57A8A, 0xC57A5FCB /* 1001 */}, { 0x79EBE779, 0xB56844E4 /* 1002 */}, { 0x05DCBCE9, 0xA373B40F /* 1003 */}, { 0x88570EE2, 0xD71A786E /* 1004 */}, { 0xBDE8F6A0, 0x879CBACD /* 1005 */}, { 0xC164A32F, 0x976AD1BC /* 1006 */}, { 0x9666D78B, 0xAB21E25E /* 1007 */}, { 0xE5E5C33C, 0x901063AA /* 1008 */}, { 0x48698D90, 0x9818B344 /* 1009 */}, { 0x3E1E8ABB, 0xE36487AE /* 1010 */}, { 0x893BDCB4, 0xAFBDF931 /* 1011 */}, { 0x5FBBD519, 0x6345A0DC /* 1012 */}, { 0x9B9465CA, 0x8628FE26 /* 1013 */}, { 0x3F9C51EC, 0x1E5D0160 /* 1014 */}, { 0xA15049B7, 0x4DE44006 /* 1015 */}, { 0xF776CBB1, 0xBF6C70E5 /* 1016 */}, { 0xEF552BED, 0x411218F2 /* 1017 */}, { 0x705A36A3, 0xCB0C0708 /* 1018 */}, { 0x4F986044, 0xE74D1475 /* 1019 */}, { 0x0EA8280E, 0xCD56D943 /* 1020 */}, { 0x535F5065, 0xC12591D7 /* 1021 */}, { 0x720AEF96, 0xC83223F1 /* 1022 */}, { 0x7363A51F, 0xC3A0396F /* 1023 */} }; #else void dummy_2 (int a) { (void) a; return; } #endif samhain-3.1.0/src/sh_html.c0000644000175000017500000003152712024077630012456 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 1999, 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #if TIME_WITH_SYS_TIME #include #include #else #if HAVE_SYS_TIME_H #include #else #include #endif #endif #include #ifdef SH_WITH_SERVER #include "samhain.h" #include "sh_forward.h" #include "sh_error.h" #include "sh_unix.h" #include "sh_utils.h" #include "sh_html.h" #undef FIL__ #define FIL__ _("sh_html.c") s_stat server_status; static char * replace_stat (char * line) { st_format rep_serv_tab[] = { { 'T', S_FMT_TIME, 0, 0, NULL}, { 'S', S_FMT_TIME, 0, 0, NULL}, { 'L', S_FMT_TIME, 0, 0, NULL}, { 'O', S_FMT_ULONG, 0, 0, NULL}, { 'A', S_FMT_ULONG, 0, 0, NULL}, { 'M', S_FMT_ULONG, 0, 0, NULL}, {'\0', S_FMT_ULONG, 0, 0, NULL}, }; rep_serv_tab[0].data_ulong = (unsigned long) time(NULL); rep_serv_tab[1].data_ulong = server_status.start; rep_serv_tab[2].data_ulong = server_status.last; rep_serv_tab[3].data_ulong = server_status.conn_open; rep_serv_tab[4].data_ulong = server_status.conn_total; rep_serv_tab[5].data_ulong = server_status.conn_max; return (sh_util_formatted(line, rep_serv_tab)); } static int sh_html_head(SL_TICKET ticket) { long status = SL_ENONE; SL_TICKET fd = (-1); char line[512]; char endhead[512]; char outline[1024]; char ts1[81]; char ts2[81]; time_t now; struct tm * time_ptr; #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) struct tm time_tm; #endif char * formatted; char * qstr; char * p; SL_ENTER(_("sh_html_head")); p = sh_util_strconcat(DEFAULT_DATAROOT, _("/head.html"), NULL); if (p) { fd = sl_open_read (FIL__, __LINE__, p, SL_YESPRIV); SH_FREE(p); } if (!SL_ISERROR(fd)) { while (!SL_ISERROR(status) && sh_unix_getline (fd, line, sizeof(line)) > 0) { formatted = replace_stat (line); if (formatted) { status = sl_write_line (ticket, formatted, sl_strlen(formatted)); SH_FREE(formatted); } } sl_close(fd); } else { qstr = sh_util_basename(DEFAULT_HTML_FILE); if (qstr != NULL) { sl_snprintf(endhead, 511, _(""), 34, 34, 34, qstr, 34); SH_FREE(qstr); } else { sl_snprintf(endhead, 511, _("")); } status = sl_write_line (ticket, _("Report"), sizeof("Report")-1); if (!SL_ISERROR(status)) status = sl_write_line (ticket, endhead, strlen(endhead)); if (!SL_ISERROR(status)) status = sl_write_line (ticket, _("

Samhain Server Report

"), sizeof("

Samhain Server Report

")-1); if (!SL_ISERROR(status)) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) time_ptr = localtime_r (&(server_status.start), &time_tm); #else time_ptr = localtime (&(server_status.start)); #endif if (time_ptr != NULL) strftime (ts1, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); now = time(NULL); #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) time_ptr = localtime_r (&now, &time_tm); #else time_ptr = localtime (&now); #endif if (time_ptr != NULL) strftime (ts2, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); sl_snprintf(outline, 1023, _("

Time:
Now: %s
Start: %s

"), ts2, ts1); status = sl_write_line (ticket, outline, sl_strlen(outline)); } if (!SL_ISERROR(status)) { sl_snprintf(outline, 1023, _("

Connections (max. %d simultaneous):"\ "
Now: %d
Total: %ld

"), server_status.conn_max, server_status.conn_open, server_status.conn_total); status = sl_write_line (ticket, outline, sl_strlen(outline)); if (server_status.last > (time_t) 0) { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) time_ptr = localtime_r (&(server_status.last), &time_tm); #else time_ptr = localtime (&(server_status.last)); #endif if (time_ptr != NULL) strftime (ts1, 80, _("%d-%m-%Y %H:%M:%S"), time_ptr); sl_snprintf(outline, 1023, _("

Last connection at %s

"), ts1); status = sl_write_line (ticket, outline, sl_strlen(outline)); } } if (!SL_ISERROR(status)) status = sl_write_line (ticket, _("
"), sizeof("
")-1); } if (SL_ISERROR(status)) SL_RETURN((-1), _("sh_html_head")); SL_RETURN((0), _("sh_html_head")); } static int sh_html_foot(SL_TICKET ticket) { long status = SL_ENONE; SL_TICKET fd = (-1); char line[512]; char * p; SL_ENTER(_("sh_html_foot")); p = sh_util_strconcat(DEFAULT_DATAROOT, _("/foot.html"), NULL); if (p) { fd = sl_open_read (FIL__, __LINE__, p, SL_YESPRIV); SH_FREE(p); } if (!SL_ISERROR(fd)) { while (!SL_ISERROR(status) && sh_unix_getline (fd, line, sizeof(line)) > 0) { status = sl_write_line (ticket, line, sl_strlen(line)); } sl_close(fd); } else { status = sl_write_line (ticket, _("
"), sizeof("")-1); } if (SL_ISERROR(status)) SL_RETURN((-1), _("sh_html_foot")); SL_RETURN((0), _("sh_html_foot")); } static char * replace_tab (const char * line, char * host, char * status, char * timestamp) { st_format rep_serv_tab[] = { { 'H', S_FMT_STRING, 0, 0, NULL}, { 'S', S_FMT_STRING, 0, 0, NULL}, { 'T', S_FMT_STRING, 0, 0, NULL}, {'\0', S_FMT_ULONG, 0, 0, NULL}, }; char * p; SL_ENTER(_("replace_tab")); rep_serv_tab[0].data_str = host; rep_serv_tab[1].data_str = status; rep_serv_tab[2].data_str = timestamp; p = sh_util_formatted(line, rep_serv_tab); SL_RETURN(p, _("replace_tab")); } static char * entry_orig = NULL; static size_t entry_size = 0; static int sh_html_get_entry (void) { long retval = SL_ENONE; SL_TICKET fd = (-1); char line[512]; size_t line_size; size_t add_size = 0; char * p; SL_ENTER(_("sh_html_get_entry")); p = sh_util_strconcat(DEFAULT_DATAROOT, _("/entry.html"), NULL); entry_size = 0; if (entry_orig != NULL) { free (entry_orig); entry_orig = NULL; entry_size = 0; } if (p) { fd = sl_open_read (FIL__, __LINE__, p, SL_YESPRIV); SH_FREE(p); } if (!SL_ISERROR(fd)) { while (!SL_ISERROR(retval) && sh_unix_getline (fd, line, sizeof(line)) > 0) { line_size = sl_strlen(line); add_size = 0; if (entry_orig != NULL) { entry_orig = realloc(entry_orig, /* free() ok */ entry_size + line_size + 1); if (entry_orig) { add_size = line_size; } } else { entry_orig = malloc(line_size + 1); /* free() ok */ if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } } if (!entry_orig) { entry_size = 0; /* add_size = 0; *//* never read */ SL_RETURN( 0, _("sh_html_get_entry")); } sl_strlcat(&entry_orig[entry_size], line, line_size + 1); entry_size += add_size; SH_VALIDATE_EQ(entry_orig[entry_size], '\0'); } sl_close(fd); } SL_RETURN( entry_size, _("sh_html_get_entry")); } static int sh_html_entry (SL_TICKET ticket, char * host, char * status, char * timestamp, int flag) { char outline[1024]; long retval = SL_ENONE; char * formatted; SL_ENTER(_("sh_html_entry")); if (entry_size > 0 && entry_orig != NULL) { formatted = replace_tab(entry_orig, host, status, timestamp); if (formatted) { retval = sl_write_line (ticket, formatted, sl_strlen(formatted)); SH_FREE(formatted); } } else { sl_snprintf(outline, 1023, _("%s%s%s"), host, status, timestamp); retval = sl_write_line (ticket, outline, sl_strlen(outline)); } /* write a status line */ if ((flag == 1) && (!SL_ISERROR(retval))) { sl_snprintf(outline, 1023, _(""), host, status, timestamp); retval = sl_write_line (ticket, outline, sl_strlen(outline)); } if (SL_ISERROR(retval)) SL_RETURN((-1), _("sh_html_entry")); SL_RETURN((0), _("sh_html_entry")); } typedef struct _sort_arr { char msg[TIM_MAX]; char tim[TIM_MAX]; } sort_arr; static sort_arr sort_stat[CLT_MAX]; static int comp_arr (const void * ao, const void * bo) { const sort_arr * a; const sort_arr * b; if (ao == NULL && bo == NULL) return 0; else if (ao == NULL && bo != NULL) return (-1); else if (ao != NULL && bo == NULL) return (1); a = (const sort_arr *) ao; b = (const sort_arr *) bo; return ((-1) * sl_strcmp(a->tim, b->tim)); } static int sh_html_print_one (SL_TICKET ticket, client_t * top) { int status; int clt_status; int i, n; SL_ENTER(_("sh_html_print_one")); if (top == NULL) SL_RETURN((0), _("sh_html_print_one")); clt_status = top->status_now; status = sh_html_entry (ticket, top->hostname, _(clt_stat[clt_status]), top->timestamp[clt_status], 1); n = 0; if (clt_status != CLT_INACTIVE) { for (i = 1; i < CLT_MAX; ++i) { if (top->status_arr[i] != CLT_INACTIVE) { clt_status = top->status_arr[i]; sl_strlcpy(sort_stat[n].msg, _(clt_stat[clt_status]), TIM_MAX); sl_strlcpy(sort_stat[n].tim, top->timestamp[clt_status],TIM_MAX); ++n; } } } if (n > 0) { qsort(&(sort_stat[0]), n, sizeof(sort_arr), comp_arr); for (i = 1; i < n; ++i) { status = sh_html_entry (ticket, " ", sort_stat[i].msg, sort_stat[i].tim, 0); } } if (SL_ISERROR(status)) SL_RETURN((-1), _("sh_html_print_one")); SL_RETURN((0), _("sh_html_print_one")); } #include "zAVLTree.h" int sh_html_write(void * inptr) { long fd; zAVLCursor avlcursor; client_t * item; zAVLTree * top = (zAVLTree *) inptr; SL_ENTER(_("sh_html_write")); if (0 != (fd = tf_trust_check (DEFAULT_HTML_FILE, SL_YESPRIV))) { sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_TRUST, (long) sh.effective.uid, DEFAULT_HTML_FILE); SL_RETURN((-1), _("sh_html_write")); } fd = sl_open_write_trunc (FIL__, __LINE__, DEFAULT_HTML_FILE, SL_YESPRIV); if (SL_ISERROR(fd)) { sh_error_handle((-1), FIL__, __LINE__, fd, MSG_E_ACCESS, (long) sh.effective.uid, DEFAULT_HTML_FILE); SL_RETURN((-1), _("sh_html_write")); } sh_html_get_entry(); sh_html_head(fd); for (item = (client_t *) zAVLFirst(&avlcursor, top); item; item = (client_t *) zAVLNext(&avlcursor)) sh_html_print_one (fd, item); sh_html_foot(fd); sl_close(fd); SL_RETURN((0), _("sh_html_write")); } int sh_html_zero() { long fd; SL_ENTER(_("sh_html_zero")); if (0 != (fd = tf_trust_check (DEFAULT_HTML_FILE, SL_YESPRIV))) { SL_RETURN((-1), _("sh_html_zero")); } fd = sl_open_write_trunc (FIL__, __LINE__, DEFAULT_HTML_FILE, SL_YESPRIV); if (SL_ISERROR(fd)) { SL_RETURN((-1), _("sh_html_zero")); } sh_html_head(fd); sh_html_foot(fd); sl_close(fd); SL_RETURN((0), _("sh_html_zero")); } /* SH_WITH_SERVER */ #endif samhain-3.1.0/src/make-tests.sh0000755000175000017500000000337611440375650013275 00000000000000#!/bin/sh # Auto generate single AllTests file for CuTest. # Searches through all *.c files in the current directory. # Prints to stdout. # Author: Asim Jalis # Date: 01/08/2003 # Modified to return non-zero if any test has failed # Rainer Wichmann, 29. Jan 2006 # ...and to print to stderr if any test has failed # Rainer Wichmann, 31. Jan 2006 if test $# -eq 0 ; then FILES=*.c ; else FILES=$* ; fi echo ' /* This is auto-generated code. Edit at your own peril. */ #include "config.h" #include #include "CuTest.h" ' cat $FILES | grep '^void Test' | sed -e 's/(.*$//' \ -e 's/$/(CuTest*);/' \ -e 's/^/extern /' echo \ ' int RunAllTests(void) { CuString *output = CuStringNew(); CuSuite* suite = CuSuiteNew(); ' cat $FILES | grep '^void Test' | sed -e 's/^void //' \ -e 's/(.*$//' \ -e 's/^/ SUITE_ADD_TEST(suite, /' \ -e 's/$/);/' echo \ ' CuSuiteRun(suite); CuSuiteSummary(suite, output); CuSuiteDetails(suite, output); if (suite->failCount > 0) fprintf(stderr, "%s%c", output->buffer, 0x0A); else fprintf(stdout, "%s%c", output->buffer, 0x0A); return suite->failCount; } int main(void) { #if !defined(USE_SYSTEM_MALLOC) typedef void assert_handler_tp(const char * error, const char *file, int line); extern assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new); extern void safe_fatal (const char * details, const char *f, int l); #endif #if !defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK) extern int dnmalloc_pthread_init(void); dnmalloc_pthread_init(); #endif #if !defined(USE_SYSTEM_MALLOC) (void) dnmalloc_set_handler(safe_fatal); #endif int retval; retval = RunAllTests(); return (retval == 0) ? 0 : 1; } ' samhain-3.1.0/src/sh_log_evalrule.c0000644000175000017500000007251611667112432014177 00000000000000 #include "config_xor.h" #include #include #include #include #include #include #include #ifdef USE_LOGFILE_MONITOR #undef FIL__ #define FIL__ _("sh_log_evalrule.c") /* Debian/Ubuntu: libpcre3-dev */ #ifdef HAVE_PCRE_PCRE_H #include #else #include #endif #ifndef PCRE_NO_AUTO_CAPTURE #define PCRE_NO_AUTO_CAPTURE 0 #endif #include "samhain.h" #include "sh_pthread.h" #include "sh_utils.h" #include "sh_string.h" #include "sh_log_check.h" #include "sh_log_evalrule.h" #include "sh_log_correlate.h" #include "sh_log_mark.h" #include "sh_log_repeat.h" #include "zAVLTree.h" extern int flag_err_debug; /* #define DEBUG_EVALRULES */ #ifdef DEBUG_EVALRULES static void DEBUG(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); /* flawfinder: ignore *//* we control fmt string */ va_end(ap); return; } #else static void DEBUG(const char *fmt, ...) { (void) fmt; return; } #endif struct sh_ceval /* Counter for summarizing */ { sh_string * hostname; sh_string * counted_str; sh_string * filename; unsigned long count; time_t start; time_t interval; }; void sh_ceval_free(void * item) { struct sh_ceval * counter = (struct sh_ceval *) item; if (!counter) return; sh_string_destroy(&(counter->hostname)); sh_string_destroy(&(counter->counted_str)); sh_string_destroy(&(counter->filename)); SH_FREE(counter); } enum { RFL_ISRULE = 1 << 0, RFL_ISGROUP = 1 << 1, RFL_KEEP = 1 << 2, RFL_MARK = 1 << 3 }; /*-------------------------------------------------------------- * * Adding rules/groups/hosts * *--------------------------------------------------------------*/ struct sh_geval /* Group of rules (may be a single rule) */ { sh_string * label; /* label for this group */ pcre * rule; /* compiled regex for rule */ pcre_extra * rule_extra; int * ovector; /* captured substrings */ int ovecnum; /* how many captured */ int captures; /* (captures+1)*3 required */ int flags; /* bit flags */ unsigned long delay; /* delay for keep rules */ zAVLTree * counterlist; /* counters if EVAL_SUM */ struct sh_qeval * queue; /* queue for this rule */ struct sh_geval * nextrule; /* next rule in this group */ struct sh_geval * next; /* next group of rules */ struct sh_geval * gnext; /* grouplist next */ }; struct sh_heval /* host-specific rules */ { pcre * hostname; /* compiled regex for hostname */ pcre_extra * hostname_extra; struct sh_geval * rulegroups; /* list of group of rules */ struct sh_heval * next; }; static struct sh_heval * hostlist = NULL; static struct sh_qeval * queuelist = NULL; static struct sh_geval * grouplist = NULL; /* These flags are set if we are within * the define of a host/rule group. */ static struct sh_heval * host_open = NULL; static struct sh_geval * group_open = NULL; int sh_eval_gend (const char * str) { (void) str; if (group_open) { group_open = NULL; return 0; } return -1; } int sh_eval_gadd (const char * str) { struct sh_geval * ng; struct sh_geval * tmp; pcre * group; pcre_extra * group_extra; const char * error; int erroffset; unsigned int nfields = 2; size_t lengths[2]; char * new = sh_util_strdup(str); char ** splits = split_array(new, &nfields, ':', lengths); /* group is label:regex */ if (group_open) group_open = NULL; if (nfields != 2) { SH_FREE(splits); SH_FREE(new); return -1; } group = pcre_compile(splits[1], PCRE_NO_AUTO_CAPTURE, &error, &erroffset, NULL); if (!group) { sh_string * msg = sh_string_new(0); sh_string_add_from_char(msg, _("Bad regex: ")); sh_string_add_from_char(msg, splits[1]); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, sh_string_str(msg), _("sh_eval_gadd")); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_string_destroy(&msg); SH_FREE(splits); SH_FREE(new); return -1; } group_extra = NULL; /* pcre_study(group, 0, &error); */ ng = SH_ALLOC(sizeof(struct sh_geval)); memset(ng, '\0', sizeof(struct sh_geval)); ng->label = sh_string_new_from_lchar(splits[0], lengths[0]); ng->flags = RFL_ISGROUP; ng->rule = group; ng->rule_extra = group_extra; ng->ovector = NULL; ng->ovecnum = 0; ng->captures = 0; ng->counterlist = NULL; ng->queue = NULL; ng->nextrule = NULL; ng->next = NULL; ng->gnext = NULL; if (!host_open) { if (0 != sh_eval_hadd("^.*")) { pcre_free(group); sh_string_destroy(&(ng->label)); SH_FREE(splits); SH_FREE(new); SH_FREE(ng); return -1; } } /* * Insert at end, to keep user-defined order */ if (host_open) { if (grouplist) { tmp = grouplist; while (tmp->gnext != NULL) { tmp = tmp->gnext; } tmp->gnext = ng; } else { grouplist = ng; } /* * If there is an open host group, add it to its * rulegroups */ if (host_open->rulegroups) { tmp = host_open->rulegroups; while (tmp->next != NULL) { tmp = tmp->next; } tmp->next = ng; } else { host_open->rulegroups = ng; } } group_open = ng; SH_FREE(splits); SH_FREE(new); return 0; } int sh_eval_hend (const char * str) { (void) str; if (host_open) { host_open = NULL; return 0; } return -1; } int sh_eval_hadd (const char * str) { struct sh_heval * nh; struct sh_heval * tmp; pcre * host; pcre_extra * host_extra; const char * error; int erroffset; if (host_open) host_open = NULL; host = pcre_compile(str, PCRE_NO_AUTO_CAPTURE, &error, &erroffset, NULL); if (!host) { sh_string * msg = sh_string_new(0); sh_string_add_from_char(msg, _("Bad regex: ")); sh_string_add_from_char(msg, str); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, sh_string_str(msg), _("sh_eval_hadd")); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_string_destroy(&msg); return -1; } host_extra = NULL; /* pcre_study(host, 0, &error); */ nh = SH_ALLOC(sizeof(struct sh_heval)); memset(nh, '\0', sizeof(struct sh_heval)); nh->hostname = host; nh->hostname_extra = host_extra; nh->rulegroups = NULL; /* * Insert at end, to keep user-defined order */ nh->next = NULL; if (hostlist) { tmp = hostlist; while (tmp->next != NULL) { tmp = tmp->next; } tmp->next = nh; } else { hostlist = nh; } host_open = nh; return 0; } int sh_eval_qadd (const char * str) { struct sh_qeval * nq; int severity; unsigned int nfields = 5; /* label:interval:(report|sum):severity[:alias] */ size_t lengths[5]; char * new = sh_util_strdup(str); char ** splits = split_array(new, &nfields, ':', lengths); if (nfields < 4) { SH_FREE(splits); SH_FREE(new); return -1; } if (strcmp(splits[2], _("sum")) && strcmp(splits[2], _("report"))) { SH_FREE(splits); SH_FREE(new); return -1; } if (!strcmp(splits[2], _("sum")) && atoi(splits[1]) < 0) { SH_FREE(splits); SH_FREE(new); return -1; } if (!strcmp(splits[1], _("trash"))) /* predefined, reserved */ { SH_FREE(splits); SH_FREE(new); return -1; } severity = sh_error_convert_level (splits[3]); if (severity < 0) { SH_FREE(splits); SH_FREE(new); return -1; } nq = SH_ALLOC(sizeof(struct sh_qeval)); memset(nq, '\0', sizeof(struct sh_qeval)); nq->label = sh_string_new_from_lchar(splits[0], lengths[0]); nq->alias = NULL; DEBUG("debug: splits[2] = %s, policy = %d\n",splits[2],nq->policy); if (0 == strcmp(splits[2], _("report"))) { nq->policy = EVAL_REPORT; nq->interval = 0; } else { nq->policy = EVAL_SUM; nq->interval = (time_t) atoi(splits[1]); } nq->severity = severity; if (nfields == 5) { nq->alias = sh_string_new_from_lchar(splits[4], lengths[4]); } nq->next = queuelist; queuelist = nq; SH_FREE(splits); SH_FREE(new); return 0; } struct sh_qeval * sh_log_find_queue(const char * str) { struct sh_qeval * retval = queuelist; if (!str) return NULL; while (retval) { if (0 == strcmp(str, sh_string_str(retval->label))) break; retval = retval->next; } return retval; } int sh_log_lookup_severity(const char * str) { struct sh_qeval * queue; if (str) { if (0 != strcmp(str, _("trash"))) { queue = sh_log_find_queue(str); if (queue) return queue->severity; } } return SH_ERR_SEVERE; } sh_string * sh_log_lookup_alias(const char * str) { struct sh_qeval * queue; if (str) { if (0 != strcmp(str, _("trash"))) { queue = sh_log_find_queue(str); if (queue) return queue->alias; } } return NULL; } static char * get_label_and_time(const char * inprefix, char * str, unsigned long * seconds) { char * res = NULL; char * endptr = NULL; unsigned int nfields = 2; /* seconds:label */ size_t lengths[2]; char * prefix = sh_util_strdup(inprefix); char * new = sh_util_strdup(str); char ** splits = split_array_braced(new, prefix, &nfields, lengths); if (splits && nfields == 2 && lengths[0] > 0 && lengths[1] > 0) { *seconds = strtoul(splits[0], &endptr, 10); if ((endptr == '\0' || endptr != splits[0]) && (*seconds != ULONG_MAX)) { res = sh_util_strdup(splits[1]); } } if (splits) SH_FREE(splits); SH_FREE(new); SH_FREE(prefix); return res; } static struct sh_qeval ** dummy_queue; static char ** dummy_dstr; int sh_eval_radd (const char * str) { struct sh_geval * nr; struct sh_geval * tmp; struct sh_qeval * queue = NULL; pcre * rule; pcre_extra * rule_extra; const char * error; int erroffset; int captures = 0; unsigned int nfields = 2; /* queue:regex */ size_t lengths[3]; char * new = sh_util_strdup(str); char ** splits; int qpos = 0; volatile int rpos = 1; unsigned long dsec = 0; char * dstr = NULL; char * s = new; volatile char pflag = '-'; while ( *s && isspace((int)*s) ) ++s; if (0 == strncmp(s, _("KEEP"), 4) || 0 == strncmp(s, _("CORRELATE"), 9) || 0 == strncmp(s, _("MARK"), 4)) { pflag = s[0]; nfields = 3; } splits = split_array(new, &nfields, ':', lengths); dummy_queue = &queue; dummy_dstr = &dstr; if (nfields < 2 || nfields > 3) { SH_FREE(splits); SH_FREE(new); return -1; } if (nfields == 3) { if (pflag == 'K') { /* KEEP(nsec,label):queue:regex */ dstr = get_label_and_time(_("KEEP"), splits[0], &dsec); if (!dstr) { SH_FREE(splits); SH_FREE(new); return -1; } } else if (pflag == 'C') { /* CORRELATE(description):queue:regex */ int retval = sh_keep_match_add(splits[0], splits[1], splits[2]); SH_FREE(splits); SH_FREE(new); return retval; } else if (pflag == 'M') { /* MARK(description, interval):queue:regex */ int retval = -1; dstr = get_label_and_time(_("MARK"), splits[0], &dsec); if (dstr) { retval = sh_log_mark_add(dstr, dsec, splits[1]); } if (retval != 0) { SH_FREE(splits); SH_FREE(new); return retval; } } ++qpos; ++rpos; } if (0 != strcmp(splits[qpos], _("trash"))) { queue = sh_log_find_queue(splits[qpos]); if (!queue) { SH_FREE(splits); SH_FREE(new); return -1; } } rule = pcre_compile(splits[rpos], 0, &error, &erroffset, NULL); if (!rule) { sh_string * msg = sh_string_new(0); sh_string_add_from_char(msg, _("Bad regex: ")); sh_string_add_from_char(msg, splits[rpos]); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, sh_string_str(msg), _("sh_eval_radd")); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_string_destroy(&msg); SH_FREE(splits); SH_FREE(new); return -1; } rule_extra = NULL; /* pcre_study(rule, 0, &error); */ pcre_fullinfo(rule, rule_extra, PCRE_INFO_CAPTURECOUNT, &captures); if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); if (dstr) sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with %d captures, keep(%lu,%s)"), splits[rpos], captures, dsec, dstr); else sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule: |%s| with %d captures"), splits[rpos], captures); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("sh_eval_radd")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("adding rule: |%s| with %d captures\n", splits[rpos], captures); SH_FREE(splits); SH_FREE(new); nr = SH_ALLOC(sizeof(struct sh_geval)); memset(nr, '\0', sizeof(struct sh_geval)); nr->label = NULL; nr->flags = RFL_ISRULE; nr->delay = 0; nr->rule = rule; nr->rule_extra = rule_extra; nr->captures = captures; nr->ovector = SH_ALLOC(sizeof(int) * (captures+1) * 3); nr->ovecnum = 0; nr->counterlist = NULL; nr->queue = queue; nr->nextrule = NULL; nr->next = NULL; nr->gnext = NULL; if (pflag == 'K') { nr->label = sh_string_new_from_lchar(dstr, sl_strlen(dstr)); nr->flags |= RFL_KEEP; nr->delay = dsec; SH_FREE(dstr); } else if (pflag == 'M') { nr->label = sh_string_new_from_lchar(dstr, sl_strlen(dstr)); nr->flags |= RFL_MARK; nr->delay = dsec; SH_FREE(dstr); } /* * If there is an open group, add it to its * rules */ if (group_open) { if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Adding rule to group |%s|"), sh_string_str(group_open->label)); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("sh_eval_radd")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("adding rule to group |%s|\n", sh_string_str(group_open->label)); if (group_open->nextrule) { tmp = group_open->nextrule; while (tmp->nextrule != NULL) { tmp = tmp->nextrule; } /* next -> nextrule */ tmp->nextrule = nr; /* next -> nextrule */ } else { group_open->nextrule = nr; } } /* * ..else, add it to the currently open host (open the * default host, if there is no open one) */ else { if (!host_open) { if (0 != sh_eval_hadd("^.*")) { if (nr->label) sh_string_destroy(&(nr->label)); SH_FREE(nr->ovector); SH_FREE(nr); return -1; } } if (host_open) { /* * Add rule as member to grouplist, to facilitate cleanup */ DEBUG("adding solitary rule to grouplist\n"); if (grouplist) { tmp = grouplist; while (tmp->gnext != NULL) { tmp = tmp->gnext; } tmp->gnext = nr; } else { grouplist = nr; } /* * Add rule to host rulegroups */ DEBUG("adding solitary rule to host rulegroups\n"); if (host_open->rulegroups) { /* Second, third, ... rule go to host_open->rulegroups->next, * since test_grules() iterates over nextrules */ tmp = host_open->rulegroups; while (tmp->next != NULL) { tmp = tmp->next; } tmp->next = nr; } else { /* First rule goes to host_open->rulegroups */ host_open->rulegroups = nr; } } else { if (nr->label) sh_string_destroy(&(nr->label)); SH_FREE(nr->ovector); SH_FREE(nr); return -1; } } return 0; } void sh_eval_cleanup() { struct sh_geval * gtmp; struct sh_qeval * qtmp; struct sh_heval * htmp; while (grouplist) { gtmp = grouplist; grouplist = gtmp->gnext; if (gtmp->label) sh_string_destroy(&(gtmp->label)); if (gtmp->rule_extra) (*pcre_free)(gtmp->rule_extra); if (gtmp->rule) (*pcre_free)(gtmp->rule); if (gtmp->counterlist) zAVLFreeTree(gtmp->counterlist, sh_ceval_free); if (gtmp->ovector) SH_FREE(gtmp->ovector); #if 0 while (gtmp->nextrule) { tmp = gtmp->nextrule; gtmp->nextrule = tmp->nextrule; if (tmp->rule_extra) (*pcre_free)(tmp->rule_extra); if (tmp->rule) (*pcre_free)(tmp->rule); if (tmp->counterlist) zAVLFreeTree(tmp->counterlist, sh_ceval_free); if (tmp->ovector) SH_FREE(tmp->ovector); SH_FREE(tmp); } #endif SH_FREE(gtmp); } qtmp = queuelist; while (qtmp) { if (qtmp->label) sh_string_destroy(&(qtmp->label)); queuelist = qtmp->next; SH_FREE(qtmp); qtmp = queuelist; } htmp = hostlist; while (htmp) { if (htmp->hostname_extra) (*pcre_free)(htmp->hostname_extra); if (htmp->hostname) (*pcre_free)(htmp->hostname); if (htmp->rulegroups) htmp->rulegroups = NULL; hostlist = htmp->next; htmp->next = NULL; SH_FREE(htmp); htmp = hostlist; } hostlist = NULL; queuelist = NULL; grouplist = NULL; host_open = NULL; group_open = NULL; sh_keep_destroy(); sh_keep_match_del(); return; } /********************************************************************** * * Actual rule processing * **********************************************************************/ /* Test a list of rules against msg; return matched rule, with ovector * filled in */ static struct sh_geval ** dummy1; static struct sh_geval * test_rule (struct sh_geval * rule, sh_string *msg, time_t tstamp) { int res; volatile int count; volatile time_t timestamp = tstamp; dummy1 = &rule; if (!rule) DEBUG("debug: (NULL) rule\n"); if (rule && sh_string_len(msg) < (size_t)INT_MAX) { count = 1; do { if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Check rule %d for |%s|"), count, sh_string_str(msg)); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("test_rule")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("debug: check rule %d for <%s>\n", count, msg->str); res = pcre_exec(rule->rule, rule->rule_extra, sh_string_str(msg), (int)sh_string_len(msg), 0, 0, rule->ovector, (3*(1+rule->captures))); if (res >= 0) { rule->ovecnum = res; if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); if ( rule->flags & RFL_KEEP ) sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d matches, result = %d (keep)"), count, res); else if ( rule->flags & RFL_MARK ) sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d matches, result = %d (mark)"), count, res); else sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d matches, result = %d"), count, res); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("test_rule")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } if ( rule->flags & RFL_KEEP ) { DEBUG("debug: rule %d matches (keep), timestamp = %lu\n", count, timestamp); sh_keep_add(rule->label, rule->delay, timestamp == 0 ? time(NULL) : timestamp); } else if ( rule->flags & RFL_MARK ) { DEBUG("debug: rule %d matches (mark)\n", count); sh_log_mark_update(rule->label, timestamp == 0 ? time(NULL) : timestamp); } break; /* return the matching rule; ovector is filled in */ } if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Rule %d did not match"), count); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("test_rule")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("debug: rule %d did not match\n", count); rule = rule->nextrule; ++count; } while (rule); } if (!rule) DEBUG("debug: no match found\n"); /* If there was no match, this is NULL */ dummy1 = NULL; return rule; } /* Test a (struct sh_geval *), which may be single rule or a group of rules, * against msg */ static struct sh_geval ** dummy2; static struct sh_geval ** dummy3; static struct sh_geval * test_grules (struct sh_heval * host, sh_string * msg, time_t timestamp) { struct sh_geval * result = NULL; struct sh_geval * group = host->rulegroups; dummy2 = &result; dummy3 = &group; if (group && sh_string_len(msg) < (size_t)INT_MAX) { DEBUG("debug: if group\n"); do { if( (group->label != NULL) && (0 != (group->flags & RFL_ISGROUP))) { /* this is a rule group */ if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Checking group |%s| of rules against |%s|"), sh_string_str(group->label), sh_string_str(msg)); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("test_rule")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("debug: if group->label %s\n", sh_string_str(group->label)); if (pcre_exec(group->rule, group->rule_extra, sh_string_str(msg), (int) sh_string_len(msg), 0, 0, NULL, 0) >= 0) { result = test_rule(group->nextrule, msg, timestamp); if (result) break; } } else { /* If there is no group label, the 'group' is actually a solitary * rule (not within any group). */ if (flag_err_debug == SL_TRUE) { char * emsg = SH_ALLOC(SH_ERRBUF_SIZE); sl_snprintf(emsg, SH_ERRBUF_SIZE, _("Checking solitary rules")); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, emsg, _("test_rule")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(emsg); } DEBUG("debug: else (single rule)\n"); result = test_rule(group, msg, timestamp); if (result) break; } group = group->next; /* next group of rules */ } while (group); } dummy2 = NULL; dummy3 = NULL; return result; } /* Top-level find_rule() function */ static struct sh_geval * find_rule (sh_string *host, sh_string *msg, time_t timestamp) { struct sh_geval * result = NULL; struct sh_heval * hlist = hostlist; if (hlist && sh_string_len(host) < (size_t)INT_MAX) { do { if (pcre_exec(hlist->hostname, hlist->hostname_extra, sh_string_str(host), (int) sh_string_len(host), 0, 0, NULL, 0) >= 0) { /* matching host, check rules/groups of rules */ result = test_grules(hlist, msg, timestamp); if (result) break; } hlist = hlist->next; } while (hlist); } return result; } /* copy the message and replace captured substrings with '___' */ static sh_string * replace_captures(const sh_string * message, int * ovector, int ovecnum) { sh_string * retval = sh_string_new_from_lchar(sh_string_str(message), sh_string_len(message)); if (ovecnum > 1) { retval = sh_string_replace(retval, &(ovector[2]), (ovecnum-1), "___", 3); } return retval; } static void msg_report(int severity, const sh_string * alias, struct sh_geval * rule, struct sh_logrecord * record) { char * tmp; char * msg; sh_string * mmm = NULL; char * ttt; SH_MUTEX_LOCK(mutex_thread_nolog); if (rule) { mmm = replace_captures(record->message, rule->ovector, rule->ovecnum); rule->ovecnum = 0; msg = sh_util_safe_name_keepspace (sh_string_str(mmm)); } else { msg = sh_util_safe_name_keepspace (sh_string_str(record->message)); } tmp = sh_util_safe_name_keepspace (record->filename); ttt = sh_util_safe_name_keepspace (sh_string_str(record->timestr)); sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_REP, msg, ttt, sh_string_str(record->host), tmp); if (alias) { sh_error_mail (sh_string_str(alias), severity, FIL__, __LINE__, 0, MSG_LOGMON_REP, msg, ttt, sh_string_str(record->host), tmp); } SH_FREE(ttt); SH_FREE(msg); SH_FREE(tmp); if (mmm) sh_string_destroy(&mmm); SH_MUTEX_UNLOCK(mutex_thread_nolog); } static void sum_report(int severity, const sh_string * alias, sh_string * host, sh_string * message, sh_string * path) { char * tmp; char * msg; SH_MUTEX_LOCK(mutex_thread_nolog); tmp = sh_util_safe_name_keepspace (sh_string_str(path)); msg = sh_util_safe_name_keepspace (sh_string_str(message)); sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_SUM, msg, sh_string_str(host), tmp); if (alias) { sh_error_mail (sh_string_str(alias), severity, FIL__, __LINE__, 0, MSG_LOGMON_SUM, msg, sh_string_str(host), tmp); } SH_FREE(msg); SH_FREE(tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); } static zAVLKey sh_eval_getkey(void const *item) { return ((struct sh_ceval *)item)->hostname->str; } /* Find the counter, or initialize one if there is none already */ static struct sh_ceval * find_counter(struct sh_geval * rule, sh_string * host, time_t interval) { struct sh_ceval * counter; if (!(rule->counterlist)) { DEBUG("debug: allocate new counterlist AVL tree\n"); rule->counterlist = zAVLAllocTree(sh_eval_getkey, zAVL_KEY_STRING); } counter = (struct sh_ceval *) zAVLSearch (rule->counterlist, sh_string_str(host)); if (!counter) { DEBUG("debug: no counter found\n"); counter = SH_ALLOC(sizeof(struct sh_ceval)); memset(counter, '\0', sizeof(struct sh_ceval)); counter->hostname = sh_string_new_from_lchar(sh_string_str(host), sh_string_len(host)); counter->counted_str = NULL; counter->filename = NULL; counter->count = 0; counter->start = time(NULL); counter->interval = interval; zAVLInsert(rule->counterlist, counter); } return counter; } /* process the counter for a SUM rule */ static int process_counter(struct sh_ceval * counter, struct sh_geval * rule, struct sh_logrecord * record) { int retval = -1; time_t now; if (!(counter->counted_str)) { counter->counted_str = replace_captures(record->message, rule->ovector, rule->ovecnum); rule->ovecnum = 0; counter->filename = sh_string_new_from_lchar(record->filename, strlen(record->filename)); DEBUG("debug: counted_str after replace: %s\n", sh_string_str(counter->counted_str)); } ++(counter->count); now = time(NULL); now -= counter->start; DEBUG("debug: count %lu, interval %lu, time %lu\n", counter->count, counter->interval, now); if (now >= counter->interval) { DEBUG("debug: report count\n"); sum_report(rule->queue->severity, rule->queue->alias, counter->hostname, counter->counted_str, counter->filename); counter->start = time(NULL); counter->count = 0; } return retval; } /* Process a rule */ static int process_rule(struct sh_geval * rule, struct sh_logrecord * record) { int retval = -1; struct sh_qeval * queue = rule->queue; if (queue) { DEBUG("debug: queue policy = %d found\n", queue->policy); if (queue->policy == EVAL_REPORT) { DEBUG("debug: EVAL_REPORT host: %s, message: %s\n", sh_string_str(record->host), sh_string_str(record->message)); msg_report(queue->severity, queue->alias, rule, record); retval = 0; } else if (queue->policy == EVAL_SUM) { struct sh_ceval * counter = find_counter(rule, record->host, queue->interval); DEBUG("debug: EVAL_SUM host: %s, message: %s\n", sh_string_str(record->host), sh_string_str(record->message)); if (counter) { DEBUG("debug: counter found\n"); retval = process_counter(counter, rule, record); } } } else { DEBUG("debug: no queue found -- trash\n"); /* No queue means 'trash' */ retval = 0; } return retval; } #define DEFAULT_SEVERITY (-1) int sh_eval_process_msg(struct sh_logrecord * record) { static unsigned long i = 0; if (record) { struct sh_geval * rule = find_rule (record->host, record->message, record->timestamp); if (rule) { DEBUG("debug: (%lu) rule found\n", i); ++i; return process_rule(rule, record); } else { DEBUG("debug: (%lu) no rule found\n", i); ++i; msg_report(DEFAULT_SEVERITY, NULL, NULL, record); } sh_repeat_message_check(record->host, record->message, record->timestamp); return 0; } return -1; } #endif samhain-3.1.0/src/sh_err_log.c0000644000175000017500000007760712017136665013162 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2000 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include "samhain.h" #include "sh_error.h" #include "sh_utils.h" #include "sh_tiger.h" #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) #include #endif #undef FIL__ #define FIL__ _("sh_err_log.c") #undef FIX_XML #define FIX_XML 1 #define MYSIGLEN (2*KEY_LEN + 32) typedef struct _sh_log_buf { char signature[KEY_LEN+1]; char timestamp[KEY_LEN+1]; #ifdef SH_USE_XML char sig[MYSIGLEN]; #endif char * msg; } sh_sh_log_buf; extern struct _errFlags errFlags; #define CHK_KEY 0 #define CHK_FIL 1 #define CHK_NON 2 static int get_key_from_file(char * path, char * keyid, char * key) { SL_TICKET fd; char * buf; char * bufc; if (path[strlen(path)-1] == '\n') path[strlen(path)-1] = '\0'; /* open the file, then check it */ if ( SL_ISERROR(fd = sl_open_read (FIL__, __LINE__, path, SL_NOPRIV))) { fprintf(stderr, _("Could not open file <%s>\n"), path); _exit (EXIT_FAILURE); } buf = SH_ALLOC( (size_t)(SH_BUFSIZE+1)); bufc = SH_ALLOC( (size_t)(SH_MAXBUF+1)); while (1 == 1) { buf[0] = '\0'; bufc[0] = '\0'; /* find start of next key */ while (0 != sl_strncmp(buf, _("-----BEGIN LOGKEY-----"), sizeof("-----BEGIN LOGKEY-----")-1)) { (void) sh_unix_getline (fd, buf, SH_BUFSIZE); if (buf[0] == '\0') { /* End of file reached, return. */ (void) fflush(stdout); (void) sl_close(fd); return -1; } } /* read key */ (void) sh_unix_getline (fd, buf, SH_BUFSIZE); if (0 == sl_strncmp(keyid, &buf[KEY_LEN], strlen(keyid))) { (void) sl_strlcpy(key, buf, KEY_LEN+1); (void) sl_close(fd); return 0; } } /*@notreached@*/ } static int just_list = S_FALSE; int sh_error_logverify_mod (const char * s) { just_list = S_TRUE; if (s) /* compiler warning (unused var) fix */ return 0; else return 0; } int sh_error_logverify (const char * s) { SL_TICKET fd; int len; int status; int count = 0; int start = -1; char * buf; char * bufc; #ifdef SH_USE_XML char * ptr; int fixed_xml = S_TRUE; char c_start; #endif char signature[64]; char key[KEY_LEN+2]; char path[KEY_LEN+1]; char timestamp[64]; char c_cont; int chk_mode = CHK_KEY; char hashbuf[KEYBUF_SIZE]; sh_error_logoff(); if (s == NULL || sl_strlen(s) >= PATH_MAX) { fprintf(stderr, _("FAIL: msg=\"Invalid input\", path=\"%s\"\n"), s); _exit (EXIT_FAILURE); } /* Open the file, then check it. */ if (0 != sl_is_suid()) { fprintf(stderr, _("Cannot open file %s in suid mode\n"), s); _exit (EXIT_FAILURE); } if ( SL_ISERROR(fd = sl_open_read (FIL__, __LINE__, s, SL_NOPRIV)) ) { fprintf(stderr, _("FAIL: msg=\"File not accessible\", error=\"%ld\", path=\"%s\"\n"), fd, s); _exit (EXIT_FAILURE); } /* Find space value. */ c_cont = ' '; #ifdef SH_STEALTH c_cont ^= XOR_CODE; #endif #ifdef SH_USE_XML c_start = '<'; #ifdef SH_STEALTH c_start ^= XOR_CODE; #endif #endif buf = (char *) SH_ALLOC( 2*SH_MSG_BUF+1 ); bufc = (char *) SH_ALLOC( 2*SH_MSG_BUF+1 ); while (1 == 1) { /* get the log message */ if (sh_unix_getline (fd, buf, (2*SH_MSG_BUF)) < 0) break; len = (int) sl_strlen(buf); #ifdef SH_USE_XML #ifdef SH_STEALTH if (0 == sl_strncmp (buf, N_(""), 7)) #else if (0 == sl_strncmp (buf, _(""), 7)) #endif #else #ifdef SH_STEALTH if (0 == sl_strncmp (buf, N_("[SOF]"), 5)) #else if (0 == sl_strncmp (buf, _("[SOF]"), 5)) #endif #endif { if (just_list == S_TRUE) { #ifdef SH_STEALTH sh_do_decode (buf, sl_strlen(buf)); #endif fprintf (stdout, _("%s\n"), buf); } /* Found start of audit trail, read first line. */ start = 1; do { if ( sh_unix_getline (fd, buf, (2*SH_MSG_BUF)) < 0) break; } while (buf[0] == '\0' || buf[0] == '\n'); len = (int) sl_strlen(buf); if (just_list == S_TRUE) { #ifdef SH_STEALTH if (buf[0] != '\n') sh_do_decode (buf, sl_strlen(buf)); #endif fprintf (stdout, _("%s\n"), buf); start = 0; } ++count; } else if (buf[0] == '\n' #ifdef SH_USE_XML || #ifdef SH_STEALTH 0 == sl_strncmp(buf, N_(""), 7) #else 0 == sl_strncmp(buf, _(""), 7) #endif #endif ) { if (just_list == S_TRUE) { #ifdef SH_STEALTH if (buf[0] != '\n') sh_do_decode (buf, sl_strlen(buf)); #endif fprintf (stdout, _("%s\n"), buf); } /* A newline. */ ++count; continue; } else if (start == 0) { /* We are inside an audit trail. */ ++count; if (just_list == S_TRUE) { #ifdef SH_STEALTH sh_do_decode (buf, sl_strlen(buf)); #endif fprintf (stdout, _("%s\n"), buf); continue; } } else { /* No start-of-file found yet. */ continue; } if (just_list == S_TRUE) continue; /* Check for a continuation line. */ while (1 == 1) { do { if ( sh_unix_getline (fd, bufc, (2*SH_MSG_BUF)) < 0) break; } while (bufc[0] == '\0' || bufc[0] == '\n'); ++count; if (bufc[0] == c_cont) { /* A continuation line. Add the newline. */ (void) sl_strlcat(buf, "\n", 2*SH_MSG_BUF+1); ++len; (void) sl_strlcat(buf, bufc, 2*SH_MSG_BUF+1); len += (int) sl_strlen(bufc); } else { /* No continuation line. Use it as signature. * A48014C05604EF7C9472330E85453E704024943E556163C2 */ #ifdef SH_USE_XML #ifdef SH_STEALTH if (bufc[0] == c_start) /* FIX XML */ #else if (bufc[0] == c_start) #endif { (void) sl_strlcpy(signature, &bufc[5], KEY_LEN+1); fixed_xml = S_TRUE; } else { (void) sl_strlcpy(signature, &bufc[4], KEY_LEN+1); fixed_xml = S_FALSE; } if (sl_strlen(bufc) > (KEY_LEN+18)) { #ifdef SH_STEALTH if (bufc[0] == c_start) /* FIX XML */ #else if (bufc[0] == c_start) #endif (void) sl_strlcpy(timestamp, &bufc[KEY_LEN+5], 64); else (void) sl_strlcpy(timestamp, &bufc[KEY_LEN+4], 64); #ifdef SH_STEALTH ptr = strchr(timestamp, c_start); #else ptr = strchr(timestamp, c_start); #endif if (ptr) *ptr = '\0'; } break; #else sl_strlcpy(signature, bufc, KEY_LEN+1); if (sl_strlen(bufc) > KEY_LEN) sl_strlcpy(timestamp, &bufc[KEY_LEN], 64); break; #endif } } /* Get starting key from command line. */ if (start == 1) { /* Get the timestamp. */ #ifdef SH_STEALTH sh_do_decode (timestamp, sl_strlen(timestamp)); #endif key[0] = '\0'; findKey: if (chk_mode != CHK_FIL) { /* Ask for the key. */ chk_mode = CHK_KEY; fprintf(stdout, _("\nNew audit trail (%s), enter key|keyfile: "), /*@-usedef@*/timestamp/*@+usedef@*/); key[0] = '\0'; while (strlen(key) < KEY_LEN ) { if (key[0] != '\n' && key[0] != '\0') fprintf(stdout, "%s",_("New audit trail, enter key: ")); else if (key[0] == '\n') { (void) sl_strlcpy(key, sh_tiger_hash(NULL, TIGER_DATA, 0, hashbuf, sizeof(hashbuf)), KEY_LEN+1); chk_mode = CHK_NON; break; } (void) fflush(stdout); key[0] = '\0'; if (NULL != fgets(key, sizeof(key), stdin)) { if (key[0] != '\n') { if (key[strlen(key) - 1] == '\n') key[strlen(key) - 1] = '\0'; } if (key[0] == '/') { chk_mode = CHK_FIL; (void) sl_strlcpy(path, key, KEY_LEN+1); break; } } } } /* we now have either a key (chk_mode == CHK_NON|CHK_KEY) * or a file (chk_mode == CHK_FIL) */ if (chk_mode == CHK_FIL) { fprintf(stdout, _("\nAudit trail (%s), searching file %s\n"), /*@-usedef@*/timestamp, path/*@+usedef@*/); if (-1 == get_key_from_file(path, timestamp, key)) { chk_mode = CHK_KEY; fprintf(stdout, "%s",_("Key not found in file\n")); goto findKey; } } sh_util_encode(key, buf, 1, 'B'); start = 0; } else { /* Iterate the key. */ (void) sl_strlcpy (key, sh_tiger_hash (key, TIGER_DATA, KEY_LEN, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } (void) sl_strlcat ( buf, key, 2*SH_MSG_BUF + 1); #ifdef SH_STEALTH sh_do_decode (signature, sl_strlen(signature)); #endif status = sl_strncmp (signature, sh_tiger_hash (buf, TIGER_DATA, (unsigned long) sl_strlen(buf), hashbuf, sizeof(hashbuf)), KEY_LEN); buf[len] = '\0'; /* do not print out the key */ #ifdef SH_STEALTH sh_do_decode (buf, sl_strlen(buf)); #endif if (status != 0) { #ifdef SH_USE_XML if (chk_mode == CHK_NON) { if (fixed_xml == S_FALSE) fprintf (stdout, _("XFAIL: line=%05d %s/log>\n"), count-1, buf); else fprintf (stdout, _("XFAIL: line=%05d %s\n"), count-1, buf); } else { if (fixed_xml == S_FALSE) fprintf (stdout, _("FAIL: line=%05d %s/log>\n"), count-1, buf); else fprintf (stdout, _("FAIL: line=%05d %s\n"), count-1, buf); } #else if (chk_mode == CHK_NON) fprintf (stdout, _("XFAIL: line=%5d %s\n"), count-1, buf); else fprintf (stdout, _("FAIL: line=%5d %s\n"), count-1, buf); #endif } else { #ifdef SH_USE_XML if (fixed_xml == S_FALSE) fprintf (stdout, _("PASS: line=%05d %s/log>\n"), count-1, buf); else fprintf (stdout, _("PASS: line=%05d %s\n"), count-1, buf); #else fprintf (stdout, _("PASS: line=%5d %s\n"), count-1, buf); #endif } } /* Cleanup and exit. */ (void) sl_close (fd); SH_FREE (buf); SH_FREE (bufc); (void) fflush (stdout); _exit (EXIT_SUCCESS); /* Make compilers happy. */ /*@notreached@*/ return 0; } /******************************************************************** * * Runtime code * ********************************************************************/ static int sh_log_open (char * inet_peer, char * logfile, int * service_failure, SL_TICKET * fildesc) { SL_TICKET fd = -1; long int status; char * tmp = NULL; uid_t uid; size_t len; char * lockfile = NULL; SL_ENTER(_("sh_log_open")); /* open/create the file, then check it */ if ( 0 != (status = tf_trust_check (logfile, SL_YESPRIV)) && (*service_failure) == 0) { tmp = sh_util_safe_name (logfile); sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST, (long) sh.effective.uid, tmp); } if (status == 0) { fd = sl_open_write (FIL__, __LINE__, logfile, SL_YESPRIV); if (SL_ISERROR(fd)) { tmp = sh_util_safe_name (logfile); (void) sl_get_euid(&uid); if ((*service_failure) == 0) sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_E_ACCESS, (long) uid, tmp); status = -1; } } if (status == 0 && inet_peer == NULL ) { status = sh_unix_write_lock_file(logfile); if (status < 0) { tmp = sh_util_safe_name (logfile); len = sl_strlen(tmp); if (sl_ok_adds (6, len)) len += 6; lockfile = SH_ALLOC(len); (void) sl_strlcpy(lockfile, tmp, len); (void) sl_strlcat(lockfile, _(".lock"), len); (void) sl_get_euid(&uid); if ((*service_failure) == 0) sh_error_handle ((-1), FIL__, __LINE__, status, MSG_LOCKED, (long) uid, tmp, lockfile); status = -1; SH_FREE(lockfile); (void) sl_close(fd); } } if (status == 0) { status = sl_forward(fd); if (SL_ISERROR(status)) { tmp = sh_util_safe_name (logfile); (void) sl_get_euid(&uid); if ((*service_failure) == 0) sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_ACCESS, (long) uid, tmp); status = -1; (void) sl_close(fd); } } if (status < 0) { if ((*service_failure) == 0) { sh_error_handle ((-1), FIL__, __LINE__, status, MSG_SRV_FAIL, _("logfile"), tmp); (*service_failure) = 1; } SH_FREE(tmp); SL_RETURN(-1, _("sh_log_open")); } *fildesc = fd; *service_failure = 0; SL_RETURN(0, _("sh_log_open")); } typedef struct lfstc { char * logfile; int service_failure; int log_start; char sigkey_old[KEY_LEN+1]; char sigkey_new[KEY_LEN+1]; char crypto[KEY_LEN+1]; struct lfstc * next; } open_logfile; static open_logfile * logfile_list = NULL; static int flag_sep_log = S_FALSE; #ifdef SH_WITH_SERVER int set_flag_sep_log (const char * str) { return sh_util_flagval(str, &flag_sep_log); } #endif /* * --- Log error message to log file. --- */ int sh_log_file (/*@null@*/char *errmsg, /*@null@*/char * inet_peer) { int store1; int store2; int store3; int store4; int store5; int store6; int store7; int store8; SL_TICKET fd = -1; size_t status; struct _sh_log_buf log_msg; char logfile[SH_PATHBUF+SH_MINIBUF+2]; open_logfile * current = logfile_list; open_logfile * next = NULL; char * sigkey_new; char * sigkey_old; char * crypto; char hashbuf[KEYBUF_SIZE]; SL_ENTER(_("sh_log_file")); if (errFlags.HaveLog == BAD) /* paranoia */ SL_RETURN((-1), _("sh_log_file")); #ifdef SH_USE_XML if (NULL == errmsg) { while (current != NULL) { /* don't write second EOF mark */ if (current->log_start != S_TRUE && sh.flag.islocked == GOOD) { /* Don't use inet_peer == NULL, userwise a lock file will * be created. */ (void) sh_log_open ("\0", current->logfile, &(current->service_failure), &fd); #ifdef SH_STEALTH (void) sl_write_line (fd, N_(""), 7); (void) sl_write (fd, "\n", 1); (void) sl_sync(fd); #else (void) sl_write_line (fd, _("\n"), 8); (void) sl_sync(fd); #endif (void) sl_close(fd); /* sh_unix_rm_lock_file (current->logfile); */ } next = current->next; SH_FREE(current->logfile); SH_FREE(current); current = next; } logfile_list = NULL; SL_RETURN( 0, _("sh_log_file")); } #else if (NULL == errmsg) { while (current != NULL) { /* sh_unix_rm_lock_file (current->logfile); */ next = current->next; SH_FREE(current->logfile); SH_FREE(current); current = next; } logfile_list = NULL; SL_RETURN( 0, _("sh_log_file")); } #endif (void) sl_strlcpy (logfile, sh.srvlog.name, sizeof(logfile)); if (inet_peer != NULL && flag_sep_log == S_TRUE) { (void) sl_strlcat (logfile, ".", sizeof(logfile)); (void) sl_strlcat (logfile, inet_peer, sizeof(logfile)); } if (sh.flag.log_start == S_TRUE) { while (current != NULL) { current->log_start = S_TRUE; current = current->next; } sh.flag.log_start = S_FALSE; current = logfile_list; } while (current != NULL) { if (strcmp(logfile, current->logfile) == 0) break; current = current->next; } if (current == NULL) { current = SH_ALLOC(sizeof(open_logfile)); current->logfile = SH_ALLOC(strlen(logfile) + 1); (void) sl_strlcpy(current->logfile, logfile, strlen(logfile) + 1); current->service_failure = 0; current->log_start = S_TRUE; memset(current->sigkey_old, (int)'\0', KEY_LEN+1); memset(current->sigkey_new, (int)'\0', KEY_LEN+1); memset(current->crypto, (int)'\0', KEY_LEN+1); current->next = logfile_list; logfile_list = current; } if (0 != sh_log_open (inet_peer, current->logfile, &(current->service_failure), &fd)) { SL_RETURN ((-1), _("sh_log_file")); } /* --- Allocate storage and mlock it. --- */ status = sl_strlen (errmsg); if (!sl_ok_adds(status, (2*KEY_LEN)) || !sl_ok_adds((2*KEY_LEN + status),32)) { sl_close(fd); SL_RETURN ((-1), _("sh_log_file")); } log_msg.msg = (char *) SH_ALLOC ((size_t) (2*KEY_LEN + status + 32)); #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) if (skey->mlock_failed == SL_FALSE) { if ( (-1) == sh_unix_mlock( FIL__, __LINE__, log_msg.msg, (size_t)(2*KEY_LEN + status + 32) ) ) { skey->mlock_failed = SL_TRUE; #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK); #endif } } #else if (skey->mlock_failed == SL_FALSE) { skey->mlock_failed = SL_TRUE; #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK); #endif } #endif /* --- Write the start marker. --- */ if (current->log_start == S_TRUE) { #ifdef SH_USE_XML #ifdef SH_STEALTH (void) sl_write (fd, "\n", 1); (void) sl_write_line (fd, N_(""), 7); (void) sl_sync(fd); #else (void) sl_write_line (fd, _("\n"), 8); (void) sl_sync(fd); #endif #else #ifdef SH_STEALTH (void) sl_write (fd, "\n", 1); (void) sl_write_line (fd, N_("[SOF]"), 5); (void) sl_sync(fd); #else (void) sl_write_line (fd, _("\n[SOF]"), 6); (void) sl_sync(fd); #endif #endif } /* reserve KEY_LEN chars at end for key */ (void) sl_strlcpy (log_msg.msg, errmsg, (size_t) status+1 ); #ifdef SH_USE_XML /* cut the trailing "/>" */ if (log_msg.msg[status-2] == '/') { #ifdef FIX_XML log_msg.msg[status-2] = ' '; /* ' ' FIX XML */ log_msg.msg[status-1] = '>'; /* '>' FIX XML */ #else log_msg.msg[status-2] = '>'; /* ' ' FIX XML */ log_msg.msg[status-1] = '<'; /* '>' FIX XML */ #endif log_msg.msg[status] = '\0'; } else if (status >= 6 && log_msg.msg[status-5] == '/' && log_msg.msg[status-6] == '<') { #ifdef FIX_XML log_msg.msg[status-6] = '\0'; status -= 6; #else log_msg.msg[status-5] = '\0'; status -= 5; #endif } #endif #ifdef SH_STEALTH sh_do_encode (log_msg.msg, status); #endif if (flag_sep_log == S_TRUE && inet_peer != NULL) { sigkey_old = current->sigkey_old; sigkey_new = current->sigkey_new; crypto = current->crypto; } else { sigkey_old = skey->sigkey_old; sigkey_new = skey->sigkey_new; crypto = skey->crypt; /* flawfinder: ignore */ } /* write the signature */ if (current->log_start == S_TRUE) { if (sh.real.user[0] == '\0') (void) sh_unix_getUser(); /* Initialize the key. */ (void) sh_util_keyinit(sigkey_old, KEY_LEN+1); /* Hash the key to make sure it has the correct format. */ (void) sl_strlcpy(sigkey_new, sh_tiger_hash (sigkey_old, TIGER_DATA, KEY_LEN, hashbuf, sizeof(hashbuf)), KEY_LEN+1); /* Copy it to 'crypt' for encryption. */ (void) sl_strlcpy(crypto, sigkey_new, KEY_LEN+1); /* Use message and compiled-in key to encrypt. */ BREAKEXIT(sh_util_encode); sh_util_encode(crypto, log_msg.msg, 0, 'B'); /* Send out the key. */ (void) sh_unix_time(0, log_msg.timestamp, KEY_LEN+1); store1 = errFlags.loglevel; store2 = errFlags.sysloglevel; store3 = errFlags.printlevel; store4 = errFlags.exportlevel; store5 = errFlags.maillevel; store6 = errFlags.externallevel; store7 = errFlags.databaselevel; store8 = errFlags.preludelevel; /* mail the key */ errFlags.loglevel = SH_ERR_NOT; errFlags.sysloglevel = SH_ERR_NOT; errFlags.printlevel = SH_ERR_NOT; errFlags.exportlevel = SH_ERR_NOT; errFlags.externallevel = SH_ERR_NOT; errFlags.databaselevel = SH_ERR_NOT; errFlags.preludelevel = SH_ERR_NOT; sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL, sh.prg_name, crypto, crypto, log_msg.timestamp); /* send to other allowed channels */ errFlags.maillevel = SH_ERR_NOT; /* errFlags.printlevel = store3; */ errFlags.exportlevel = store4; errFlags.externallevel = store6; errFlags.databaselevel = store7; errFlags.preludelevel = store8; sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY, sh.prg_name, crypto); /* Cleanup. */ errFlags.loglevel = store1; errFlags.sysloglevel = store2; errFlags.printlevel = store3; errFlags.exportlevel = store4; errFlags.maillevel = store5; errFlags.externallevel = store6; errFlags.databaselevel = store7; memset (crypto, (int) '\0', KEY_LEN); sh.flag.log_start = S_FALSE; current->log_start = S_FALSE; } else { log_msg.timestamp[0] = '\0'; (void) sl_strlcpy (sigkey_new, sh_tiger_hash (sigkey_old, TIGER_DATA, KEY_LEN, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } /* --- Sign the message with the signature key. --- */ sh_tiger_hash (log_msg.msg, TIGER_DATA, (unsigned long)(status + KEY_LEN), (char *) hashbuf, (size_t) sizeof(hashbuf)); (void) sl_strlcat (log_msg.msg, sigkey_new, (size_t)(status + KEY_LEN + 2)); (void) sl_strlcpy (log_msg.signature, sh_tiger_hash (log_msg.msg, (TigerType) TIGER_DATA, (unsigned long)(status + KEY_LEN), hashbuf, sizeof(hashbuf)), KEY_LEN+1); (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1); /*@-usedef@*/ #ifdef SH_USE_XML if (log_msg.timestamp[0] != '\0') sl_snprintf(log_msg.sig, sizeof(log_msg.sig), #ifdef FIX_XML _("\n%s%s\n"), /* FIX XML */ #else _("\nsig>%s%s\n"), /* FIX XML */ #endif log_msg.signature, log_msg.timestamp); else sl_snprintf(log_msg.sig, sizeof(log_msg.sig), #ifdef FIX_XML _("\n%s\n"), /* FIX XML */ #else _("\nsig>%s\n"), /* FIX XML */ #endif log_msg.signature); /*@+usedef@*/ #ifdef SH_STEALTH /* don't encode the line breaks (0 + last char) */ sh_do_encode (&log_msg.sig[1], (sl_strlen(log_msg.sig)-2) ); #endif #else #ifdef SH_STEALTH sh_do_encode (log_msg.signature, KEY_LEN); sh_do_encode (log_msg.timestamp, sl_strlen(log_msg.timestamp)); #endif #endif #ifdef SH_USE_XML log_msg.msg[status] = '\0'; (void) sl_strlcat (log_msg.msg, log_msg.sig, (size_t)(status + 2*KEY_LEN + 32)); #ifdef SH_STEALTH if (NULL != sl_strstr(log_msg.msg, N_("EXIT")) && NULL == sl_strstr(log_msg.msg, N_("remote_host"))) { (void) sl_strlcat (log_msg.msg, N_(""), (size_t)(status + 2*KEY_LEN + 32)); #else if (NULL != sl_strstr(log_msg.msg, _("msg=\"EXIT\"")) && NULL == sl_strstr(log_msg.msg, _("remote_host"))) { (void) sl_strlcat (log_msg.msg, _(""), (size_t)(status + 2*KEY_LEN + 32)); #endif (void) sl_strlcat (log_msg.msg, _("\n"), (size_t)(status + 2*KEY_LEN + 32)); current->log_start = S_TRUE; } #else log_msg.msg[status] = '\0'; (void) sl_strlcat (log_msg.msg, "\n", (size_t)(status + KEY_LEN + 2)); (void) sl_strlcat (log_msg.msg, log_msg.signature, (size_t)(status + KEY_LEN + 2)); if (log_msg.timestamp[0] != '\0') (void) sl_strlcat (log_msg.msg, log_msg.timestamp, (size_t)(status + 2*KEY_LEN + 2)); (void) sl_strlcat (log_msg.msg, "\n", (size_t)(status + 2*KEY_LEN + 3)); #endif /* --- Write out the record. --- */ (void) sl_write (fd, log_msg.msg, (long) strlen(log_msg.msg)); (void) sl_sync (fd); (void) sl_close (fd); /* --- Clean up and free record. --- */ memset (log_msg.msg, (int)'\0', (size_t)(status + 2*KEY_LEN + 32)); memset (log_msg.signature, (int)'\0', KEY_LEN); (void) sh_unix_munlock (log_msg.msg, (size_t)(status + 2*KEY_LEN + 32)); SH_FREE(log_msg.msg); SL_RETURN (0, _("sh_log_file")); } /* >>>>>>>>>>>>>>>>>>>>>>>>>>>> efile <<<<<<<<<<<<<<<<<< */ static char * gEfile = NULL; static int gFail = 0; static long gGid = 0; int sh_efile_group(const char * str) { int fail; long gid = sh_group_to_gid(str, &fail); if (fail < 0) { return -1; } gGid = gid; return 0; } int sh_efile_path(const char * str) { if (!str || !strcmp(str, _("none"))) { if (gEfile) SH_FREE(gEfile); gEfile = NULL; } else if (str[0] != '/') { return -1; } else { if (gEfile) SH_FREE(gEfile); gEfile = sh_util_strdup(str); } gFail = 0; return 0; } /* write lock for filename */ static int sh_efile_lock (char * filename, int flag) { extern int get_the_fd (SL_TICKET ticket); size_t len; int res = -1; char myPid[64]; SL_TICKET fd; char * lockfile; int status; sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ if (filename == NULL) return res; len = sl_strlen(filename); if (sl_ok_adds(len, 6)) len += 6; lockfile = SH_ALLOC(len); sl_strlcpy(lockfile, filename, len); sl_strlcat(lockfile, _(".lock"), len); if ( 0 != (status = tf_trust_check (lockfile, SL_YESPRIV)) && gFail == 0) { char * tmp = sh_util_safe_name (lockfile); sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST, (long) sh.effective.uid, tmp); ++gFail; SH_FREE(tmp); } if (status == 0) { if (flag == 0) { /* --- Delete the lock file. --- */ res = retry_aud_unlink (FIL__, __LINE__, lockfile); } else { unsigned int count = 0; /* fails if file exists */ do { fd = sl_open_safe_rdwr (FIL__, __LINE__, lockfile, SL_YESPRIV); if (SL_ISERROR(fd)) { retry_msleep(0, 100); ++count; } } while (SL_ISERROR(fd) && count < 3); if (!SL_ISERROR(fd)) { int filed; res = sl_write (fd, myPid, sl_strlen(myPid)); filed = get_the_fd(fd); fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); sl_close (fd); } else { static int nFail = 0; if (nFail == 0) { char errmsg[1024]; char * tmp = sh_util_safe_name (lockfile); sl_snprintf(errmsg, sizeof(errmsg), _("Error creating lockfile %s"), tmp); sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, errmsg, _("sh_efile_lock")); ++nFail; SH_FREE(tmp); } } } } SH_FREE(lockfile); return res; } static size_t gSave[6] = { 0 }; static void sh_efile_clear() { int i; for (i = 0; i < 6; ++i) gSave[i] = 0; return; } static void sh_efile_load(size_t * tmp) { int i; if (SL_TRUE == sl_ok_adds (gSave[0], sh.statistics.bytes_hashed)) gSave[0] += sh.statistics.bytes_hashed; if (SL_TRUE == sl_ok_adds (gSave[1], sh.statistics.dirs_checked)) gSave[1] += sh.statistics.dirs_checked; if (SL_TRUE == sl_ok_adds (gSave[2], sh.statistics.files_checked)) gSave[2] += sh.statistics.files_checked; if (SL_TRUE == sl_ok_adds (gSave[3], sh.statistics.files_report)) gSave[3] += sh.statistics.files_report; if (SL_TRUE == sl_ok_adds (gSave[4], sh.statistics.files_error)) gSave[4] += sh.statistics.files_error; if (SL_TRUE == sl_ok_adds (gSave[5], sh.statistics.files_nodir)) gSave[5] += sh.statistics.files_nodir; for (i = 0; i < 6; ++i) tmp[i] = gSave[i]; return; } void sh_efile_report() { extern int get_the_fd (SL_TICKET ticket); SL_TICKET fd; char *efile; int status = -1; if (gEfile) { size_t tmp[6]; sh_efile_load(tmp); efile = sh_util_strdup(gEfile); if (sh_efile_lock (efile, 1) < 0) goto end; if ( 0 != (status = tf_trust_check (efile, SL_YESPRIV)) && gFail == 0) { char * tmp = sh_util_safe_name (efile); sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST, (long) sh.effective.uid, tmp); ++gFail; SH_FREE(tmp); } if (status == 0) { fd = sl_open_write (FIL__, __LINE__, efile, SL_YESPRIV); if (!SL_ISERROR(fd)) { char report[511]; char tstamp[TIM_MAX]; time_t now = time(NULL); int filed = get_the_fd(fd); (void) sh_unix_time (now, tstamp, sizeof(tstamp)); #ifdef HAVE_LONG_LONG sl_snprintf(report, sizeof(report), _("%s %lld %ld %ld %ld %ld %ld %ld\n"), tstamp, (long long) now, (long) tmp[0], (long) tmp[1], (long) tmp[2], (long) tmp[3], (long) tmp[4], (long) tmp[5]); #else sl_snprintf(report, sizeof(report), _("%s %ld %ld %ld %ld %ld %ld %ld\n"), tstamp, (long) now, (long) tmp[0], (long) tmp[1], (long) tmp[2], (long) tmp[3], (long) tmp[4], (long) tmp[5]); #endif status = sl_forward(fd); if (!SL_ISERROR(status)) status = sl_write (fd, report, strlen(report)); (void) sl_sync(fd); /* make group writeable, such that nagios can truncate */ fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); status = fchown (filed, -1, gGid); if (status < 0) { int errnum = errno; static int nFail = 0; if (nFail == 0) { char errmsg[1024]; char buf[256]; char * tmp = sh_util_safe_name (efile); sl_snprintf(errmsg, sizeof(errmsg), _("Error changing group of %s to %ld: %s"), tmp, gGid, sh_error_message (errnum, buf, sizeof(buf))); sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, errnum, MSG_E_SUBGEN, errmsg, _("sh_efile_report")); ++nFail; SH_FREE(tmp); } } (void) sl_close(fd); } else { status = -1; } } (void) sh_efile_lock (efile, 0); end: SH_FREE(efile); if (!SL_ISERROR(status)) { sh_efile_clear(); } } return; } samhain-3.1.0/src/sh_port2proc.c0000644000175000017500000007037311667526101013452 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2008 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #include #include #include #include #ifdef HAVE_DIRENT_H #include #define NAMLEN(dirent) sl_strlen((dirent)->d_name) #else #define dirent direct #define NAMLEN(dirent) (dirent)->d_namlen #ifdef HAVE_SYS_NDIR_H #include #endif #ifdef HAVE_SYS_DIR_H #include #endif #ifdef HAVE_NDIR_H #include #endif #endif #define NEED_ADD_DIRENT #if defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)) /* #define DEBUG_P2P 1 */ #include "samhain.h" #include "sh_utils.h" /**************************************************************************** * * >>> COMMON CODE <<< * ****************************************************************************/ #if defined(__linux__) || defined(__FreeBSD__) #include "sh_error_min.h" #include "sh_pthread.h" #include "sh_ipvx.h" #define FIL__ _("sh_port2proc.c") struct sock_store { unsigned long sock; size_t pid; char * path; char * user; struct sock_store * next; }; /* /proc: * linux: /proc/pid/exe * freebsd: /proc/pid/file * solaris10: /proc/pid/path/a.out */ static void get_user_and_path (struct sock_store * add) { extern char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); char path[128]; char * buf; struct stat sbuf; int len; char * tmp; sl_snprintf (path, sizeof(path), "/proc/%ld/exe", (unsigned long) add->pid); if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) { goto linkread; } sl_snprintf (path, sizeof(path), "/proc/%ld/file", (unsigned long) add->pid); if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) { goto linkread; } sl_snprintf (path, sizeof(path), "/proc/%ld/path/a.out", (unsigned long) add->pid); if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode)) { goto linkread; } return; linkread: buf = SH_ALLOC(PATH_MAX); len = readlink(path, buf, PATH_MAX); /* flawfinder: ignore */ len = (len >= PATH_MAX) ? (PATH_MAX-1) : len; if (len > 0) { buf[len] = '\0'; add->path = buf; } else { SH_FREE(buf); } add->user = SH_ALLOC(USER_MAX); tmp = sh_unix_getUIDname (SH_ERR_ALL, sbuf.st_uid, add->user, USER_MAX); if (!tmp) sl_snprintf (add->user, USER_MAX, "%ld", (unsigned long) sbuf.st_uid); return; } #endif /**************************************************************************** * * >>> LINUX CODE <<< * ****************************************************************************/ #if defined(__linux__) static size_t sh_minpid = 0x0001; static size_t sh_maxpid = 0x8000; #ifndef HAVE_LSTAT #define lstat(x,y) stat(x,y) #endif /* HAVE_LSTAT */ #if defined(S_IFLNK) && !defined(S_ISLNK) # define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) #else # if !defined(S_ISLNK) # define S_ISLNK(mode) (0) # endif #endif #if defined(__linux__) #define PROC_PID_MAX _("/proc/sys/kernel/pid_max") static int proc_max_pid (size_t * procpid) { char * ret; unsigned long pid; FILE * fd; char str[128]; char * ptr; SL_ENTER(_("proc_max_pid")); if (0 == access(PROC_PID_MAX, R_OK)) /* flawfinder: ignore */ { if (NULL != (fd = fopen(PROC_PID_MAX, "r"))) { str[0] = '\0'; ret = fgets(str, 128, fd); if (ret && *str != '\0') { pid = strtoul(str, &ptr, 0); if (*ptr == '\0' || *ptr == '\n') { sl_fclose(FIL__, __LINE__, fd); *procpid = (size_t) pid; SL_RETURN(0, _("proc_max_pid")); } } sl_fclose(FIL__, __LINE__, fd); } } SL_RETURN((-1), _("proc_max_pid")); } #else static int proc_max_pid(size_t * procpid) { *procpid = sh_maxpid; return 0; } #endif static struct sock_store * socklist = NULL; static void del_sock_all() { struct sock_store * del = socklist; while (del) { socklist = del->next; if (del->path) SH_FREE(del->path); if (del->user) SH_FREE(del->user); SH_FREE(del); del = socklist; } socklist = NULL; return; } static void add_sock(unsigned long sock, size_t pid) { struct sock_store * add = SH_ALLOC(sizeof(struct sock_store)); add->sock = sock; add->pid = pid; add->path = NULL; add->user = NULL; SH_MUTEX_LOCK(mutex_thread_nolog); get_user_and_path(add); SH_MUTEX_UNLOCK(mutex_thread_nolog); add->next = socklist; socklist = add; return; } static void check_and_add_sock(char * fbuf, size_t pid) { if (0 == strncmp(_("socket:["), fbuf, 8)) { char * end; unsigned long sock; size_t len = strlen(fbuf); if (fbuf[len-1] == ']') fbuf[len-1] = '\0'; sock = strtoul(&fbuf[8], &end, 0); if (*end == '\0' && fbuf[8] != '\0') { add_sock(sock, pid); } } } static void fetch_socks(size_t pid) { char path[128]; DIR * dir; sl_snprintf(path, sizeof(path), _("/proc/%lu/fd"), (unsigned long) pid); dir = opendir(path); if (dir) { struct dirent *entry; while (NULL != (entry = readdir(dir))) { char fpath[384]; char fbuf[64]; int ret; /* /proc/PID/fd/N-> socket:[15713] */ sl_snprintf(fpath, sizeof(fpath), _("%s/%s"), path, entry->d_name); ret = readlink(fpath, fbuf, sizeof(fbuf)-1); /* flawfinder: ignore */ if (ret > 0) { fbuf[ret] = '\0'; check_and_add_sock(fbuf, pid); } } closedir(dir); } } int sh_port2proc_prepare() { size_t i; if (0 != proc_max_pid(&sh_maxpid)) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("Failed to detect max_pid"), _("sh_port2proc")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN ((-1), _("sh_port2proc")); } /* Delete old socket list and re-create it */ del_sock_all(); for (i = sh_minpid; i < sh_maxpid; ++i) { fetch_socks(i); } return 0; } void sh_port2proc_finish() { /* Delete old socket list */ del_sock_all(); return; } #include #include #include /* returns the command and fills the 'user' array */ static char * port2proc_query(char * file, int proto, int domain, struct sh_sockaddr * saddr, int sport, unsigned long * pid, char * user, size_t userlen) { FILE * fd; fd = fopen(file, "r"); *pid = 0; #ifdef DEBUG_P2P { char errmsg[256]; char siface[SH_IP_BUF]; sh_ipvx_ntoa(siface, sizeof(siface), saddr); sl_snprintf(errmsg, sizeof(errmsg), "query, file=%s, proto=%d, port=%d, iface=%s\n", file, proto, sport, siface); fprintf(stderr, "%s", errmsg); } #endif if (fd) { unsigned int n, i, port, niface, inode, istatus; char line[512]; char ip_port[128]; char iface[SH_IP_BUF]; while (NULL != fgets(line, sizeof(line), fd)) { #ifdef DEBUG_P2P { fprintf(stderr, "%s", line); } #endif if (4 == sscanf(line, "%u: %127s %*X:%*X %X %*X:%*X %*X:%*X %*X %*d %*d %u %*s", &n, ip_port, &istatus, &inode)) { struct sockaddr_in addr4; struct sockaddr_in6 addr6; struct sh_sockaddr ss; char * p; ip_port[127] = '\0'; p = strchr(ip_port, ':'); if (p) { *p = '\0'; ++p; port = (unsigned int) strtoul(p, NULL, 16); sl_strlcpy(iface, ip_port, sizeof(iface)); } else { continue; } niface = 0; switch (domain) { case AF_INET: addr4.sin_addr.s_addr = (int) strtol(iface, NULL, 16); niface = (unsigned int) addr4.sin_addr.s_addr; sh_ipvx_save(&ss, AF_INET, (struct sockaddr *)&addr4); break; case AF_INET6: sscanf(iface, "%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", &addr6.sin6_addr.s6_addr[3], &addr6.sin6_addr.s6_addr[2], &addr6.sin6_addr.s6_addr[1], &addr6.sin6_addr.s6_addr[0], &addr6.sin6_addr.s6_addr[7], &addr6.sin6_addr.s6_addr[6], &addr6.sin6_addr.s6_addr[5], &addr6.sin6_addr.s6_addr[4], &addr6.sin6_addr.s6_addr[11], &addr6.sin6_addr.s6_addr[10], &addr6.sin6_addr.s6_addr[9], &addr6.sin6_addr.s6_addr[8], &addr6.sin6_addr.s6_addr[15], &addr6.sin6_addr.s6_addr[14], &addr6.sin6_addr.s6_addr[13], &addr6.sin6_addr.s6_addr[12]); for (i = 0; i < 16; ++i) { if (0 != (unsigned int) addr6.sin6_addr.s6_addr[i]) ++niface; } sh_ipvx_save(&ss, AF_INET6, (struct sockaddr *)&addr6); break; } #ifdef DEBUG_P2P { char a[SH_IP_BUF]; char b[SH_IP_BUF]; sh_ipvx_ntoa(a, sizeof(a), &ss); sh_ipvx_ntoa(b, sizeof(b), saddr); fprintf(stderr, " -> inode %u, iface/port %s,%u, status %u, searching %s,%u, %u\n", inode, a, port, istatus, b, sport, proto == IPPROTO_TCP ? 0x0a : 0x07); } #endif if (proto == IPPROTO_TCP && istatus != 0x0a) continue; if (proto == IPPROTO_UDP && istatus == 0x01) continue; #ifdef DEBUG_P2P { fprintf(stderr, "check iface %u..\n", iface); } #endif if ((proto == IPPROTO_UDP || niface == 0 || 0 == sh_ipvx_cmp(&ss, saddr)) && port == (unsigned int)sport) { struct sock_store * new = socklist; #ifdef DEBUG_P2P { fprintf(stderr, "found it\n"); } #endif while (new) { #ifdef DEBUG_P2P { fprintf(stderr, "searching inode %u: %lu\n", inode, new->sock); } #endif if (inode == new->sock) { #ifdef DEBUG_P2P { fprintf(stderr, "found it: path=(%s), user=(%s)\n", new->path == NULL ? "NULL" : new->path, new->user == NULL ? "NULL" : new->user); } #endif sl_fclose(FIL__, __LINE__, fd); *pid = (unsigned long) new->pid; if (new->path) { if (new->user) sl_strlcpy(user, new->user, userlen); else sl_strlcpy(user, "-", userlen); return sh_util_strdup(new->path); } goto err_out; } new = new->next; } } } } sl_fclose(FIL__, __LINE__, fd); } err_out: sl_strlcpy(user, "-", userlen); return sh_util_strdup("-"); } /* returns the command and fills the 'user' array */ char * sh_port2proc_query(int proto, struct sh_sockaddr * saddr, int sport, unsigned long * pid, char * user, size_t userlen) { char file[32]; char * ret; if (proto == IPPROTO_TCP) { sl_strlcpy(file, _("/proc/net/tcp"), sizeof(file)); ret = port2proc_query(file, proto, AF_INET, saddr, sport, pid, user, userlen); if (ret[0] == '-' && ret[1] == '\0') { SH_FREE(ret); sl_strlcpy(file, _("/proc/net/tcp6"), sizeof(file)); ret = port2proc_query(file, proto, AF_INET6, saddr, sport, pid, user, userlen); } return ret; } else { char * ret; sl_strlcpy(file, _("/proc/net/udp"), sizeof(file)); ret = port2proc_query(file, proto, AF_INET, saddr, sport, pid, user, userlen); if (ret[0] == '-' && ret[1] == '\0') { SH_FREE(ret); sl_strlcpy(file, _("/proc/net/udp6"), sizeof(file)); ret = port2proc_query(file, proto, AF_INET6, saddr, sport, pid, user, userlen); } return ret; } } /**************************************************************************** * * >>> FREEBSD CODE <<< * ****************************************************************************/ #elif defined(__FreeBSD__) /* Uses code from sockstat.c. Error and memory handling modified. * Only required functions from sockstat.c are included. */ /*- * Copyright (c) 2002 Dag-Erling Codan Smrgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer * in this position and unchanged. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include __FBSDID("$FreeBSD: src/usr.bin/sockstat/sockstat.c,v 1.13.2.1.4.1 2008/10/02 02:57:24 kensmith Exp $"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static int opt_4 = 1; /* Show IPv4 sockets */ static int opt_6 = 1; /* Show IPv6 sockets */ static int opt_c = 0; /* Show connected sockets */ static int opt_l = 1; /* Show listening sockets */ static int opt_v = 0; /* Verbose mode */ struct sock { void *socket; void *pcb; int vflag; int family; int proto; struct sockaddr_storage laddr; struct sockaddr_storage faddr; struct sock *next; }; #define HASHSIZE 1009 static struct sock *sockhash[HASHSIZE]; static struct xfile *xfiles; static int nxfiles; static void * xrealloc(void * buf, size_t len0, size_t len) { if (len > 0) { void * xbuf = SH_ALLOC(len); if (buf) { if (len0 <= len) memcpy(xbuf, buf, len0); else memset(xbuf, '\0', len); SH_FREE(buf); } return xbuf; } SH_FREE(buf); return NULL; } /* Sets address and port in struct sockaddr_storage *sa */ static void sockaddr(struct sockaddr_storage *sa, int af, void *addr, int port) { struct sockaddr_in *sin4; struct sockaddr_in6 *sin6; bzero(sa, sizeof *sa); switch (af) { case AF_INET: sin4 = (struct sockaddr_in *)sa; sin4->sin_len = sizeof *sin4; sin4->sin_family = af; sin4->sin_port = port; sin4->sin_addr = *(struct in_addr *)addr; break; case AF_INET6: sin6 = (struct sockaddr_in6 *)sa; sin6->sin6_len = sizeof *sin6; sin6->sin6_family = af; sin6->sin6_port = port; sin6->sin6_addr = *(struct in6_addr *)addr; break; default: return; } } /* Get socket information from the kernel. */ static void gather_inet(int proto) { struct xinpgen *xig, *exig; struct xinpcb *xip; struct xtcpcb *xtp; struct inpcb *inp; struct xsocket *so; struct sock *sock; char varname[32]; size_t len, bufsize, bufsize0; void *buf; int hash, retry, vflag; vflag = 0; if (opt_4) vflag |= INP_IPV4; if (opt_6) vflag |= INP_IPV6; switch (proto) { case IPPROTO_TCP: sl_strlcpy(varname, _("net.inet.tcp.pcblist"), sizeof(varname)); break; case IPPROTO_UDP: sl_strlcpy(varname, _("net.inet.udp.pcblist"), sizeof(varname)); break; case IPPROTO_DIVERT: sl_strlcpy(varname, _("net.inet.divert.pcblist"), sizeof(varname)); break; default: return; } buf = NULL; bufsize = 8192; bufsize0 = bufsize; retry = 5; do { for (;;) { buf = xrealloc(buf, bufsize0, bufsize); bufsize0 = bufsize; len = bufsize; if (sysctlbyname(varname, buf, &len, NULL, 0) == 0) break; if (errno == ENOENT) goto out; if (errno != ENOMEM) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("sysctlbyname()"), _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); SH_FREE(buf); return; } bufsize *= 2; } xig = (struct xinpgen *)buf; exig = (struct xinpgen *)(void *) ((char *)buf + len - sizeof *exig); if (xig->xig_len != sizeof *xig || exig->xig_len != sizeof *exig) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("struct xinpgen size mismatch"), _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); goto out; } } while (xig->xig_gen != exig->xig_gen && retry--); if (xig->xig_gen != exig->xig_gen && opt_v) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("data may be inconsistent"), _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } for (;;) { xig = (struct xinpgen *)(void *)((char *)xig + xig->xig_len); if (xig >= exig) break; switch (proto) { case IPPROTO_TCP: xtp = (struct xtcpcb *)xig; if (xtp->xt_len != sizeof *xtp) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("struct xtcpcb size mismatch"), _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); goto out; } inp = &xtp->xt_inp; so = &xtp->xt_socket; break; case IPPROTO_UDP: case IPPROTO_DIVERT: xip = (struct xinpcb *)xig; if (xip->xi_len != sizeof *xip) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, _("struct xinpcb size mismatch"), _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); goto out; } inp = &xip->xi_inp; so = &xip->xi_socket; break; default: return; } if ((inp->inp_vflag & vflag) == 0) continue; if (inp->inp_vflag & INP_IPV4) { if ((inp->inp_fport == 0 && !opt_l) || (inp->inp_fport != 0 && !opt_c)) continue; } else if (inp->inp_vflag & INP_IPV6) { #ifndef in6p_fport #define in6p_fport inp_fport #endif if ((inp->in6p_fport == 0 && !opt_l) || (inp->in6p_fport != 0 && !opt_c)) continue; } else { if (opt_v) { char errmsg[64]; sl_snprintf(errmsg, sizeof(errmsg), _("invalid vflag 0x%x"), inp->inp_vflag); SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, errmsg, _("gather_inet")); SH_MUTEX_UNLOCK(mutex_thread_nolog); continue; } } sock = SH_ALLOC(sizeof *sock); memset(sock, '\0', sizeof (*sock)); #ifndef in6p_lport #define in6p_lport inp_lport #endif sock->socket = so->xso_so; sock->proto = proto; if (inp->inp_vflag & INP_IPV4) { sock->family = AF_INET; sockaddr(&sock->laddr, sock->family, &inp->inp_laddr, inp->inp_lport); sockaddr(&sock->faddr, sock->family, &inp->inp_faddr, inp->inp_fport); } else if (inp->inp_vflag & INP_IPV6) { sock->family = AF_INET6; sockaddr(&sock->laddr, sock->family, &inp->in6p_laddr, inp->in6p_lport); sockaddr(&sock->faddr, sock->family, &inp->in6p_faddr, inp->in6p_fport); } sock->vflag = inp->inp_vflag; hash = (int)((uintptr_t)sock->socket % HASHSIZE); sock->next = sockhash[hash]; sockhash[hash] = sock; } out: if (buf) SH_FREE(buf); } static void getfiles(void) { size_t len; size_t len0; xfiles = SH_ALLOC(len = sizeof *xfiles); len0 = len; while (sysctlbyname(_("kern.file"), xfiles, &len, 0, 0) == -1) { if (errno != ENOMEM) { volatile int status = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, _("sysctlbyname()"), _("getfiles")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } len *= 2; xfiles = xrealloc(xfiles, len0, len); len0 = len; } if (len > 0 && xfiles->xf_size != sizeof *xfiles) if (errno != ENOMEM) { volatile int status = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, _("struct xfile size mismatch"), _("getfiles")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } nxfiles = len / sizeof *xfiles; } static const char * getprocname(pid_t pid) { static struct kinfo_proc proc; size_t len; int mib[4]; mib[0] = CTL_KERN; mib[1] = KERN_PROC; mib[2] = KERN_PROC_PID; mib[3] = (int)pid; len = sizeof proc; if (sysctl(mib, 4, &proc, &len, NULL, 0) == -1) { /* Do not warn if the process exits before we get its name. */ if (errno != ESRCH) { volatile int status = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, status, MSG_E_SUBGEN, _("sysctl()"), _("getfiles")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } return ("-"); } return (proc.ki_ocomm); } char * sh_port2proc_query(int proto, struct sh_sockaddr * saddr, int sport, unsigned long * pid, char * user, size_t userlen) { int n, hash; struct xfile *xf; struct in_addr * haddr = NULL; struct in6_addr * haddr6 = NULL; struct sock * s; struct in6_addr anyaddr = IN6ADDR_ANY_INIT; *pid = 0; for (xf = xfiles, n = 0; n < nxfiles; ++n, ++xf) { if (xf->xf_data == NULL) continue; /* Find the socket in sockhash[] that corresponds to it */ hash = (int)((uintptr_t)xf->xf_data % HASHSIZE); for (s = sockhash[hash]; s != NULL; s = s->next) if ((void *)s->socket == xf->xf_data) break; if (!s) continue; /* fprintf(stderr, "FIXME: %d %d, %d %d, %d %d, %d, %d\n", s->proto, proto, s->family, AF_INET, sport, ntohs(((struct sockaddr_in *)(&s->laddr))->sin_port), (int) xf->xf_uid, (int)xf->xf_pid); */ if (s->proto != proto) continue; if (s->family != AF_INET && s->family != AF_INET6) continue; if (s->family == AF_INET && (sport != ntohs(((struct sockaddr_in *)(&s->laddr))->sin_port))) continue; if (s->family == AF_INET6 && (sport != ntohs(((struct sockaddr_in6 *)(&s->laddr))->sin6_port))) continue; if (s->family == AF_INET) haddr = &((struct sockaddr_in *)(&s->laddr))->sin_addr; if (s->family == AF_INET6) haddr6 = &((struct sockaddr_in6 *)(&s->laddr))->sin6_addr; /* fprintf(stderr, "FIXME: %s\n", inet_ntoa(*haddr)); */ /* fprintf(stderr, "FIXME: %s\n", inet_ntoa(*saddr)); */ if ( (s->family == AF_INET && (haddr->s_addr == (saddr->sin).sin_addr.s_addr || sh_ipvx_isany(saddr) || inet_lnaof(*haddr) == INADDR_ANY)) || (s->family == AF_INET6 && (0 == memcmp(haddr6->s6_addr, &((saddr->sin6).sin6_addr.s6_addr), 16) || 0 == memcmp(haddr6->s6_addr, &(anyaddr.s6_addr), 16) || sh_ipvx_isany(saddr) )) ) { struct sock_store try; *pid = xf->xf_pid; try.pid = xf->xf_pid; try.path = NULL; try.user = NULL; get_user_and_path (&try); /* Try to get info from /proc */ if (try.path == NULL) { extern char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); char * tmp = sh_unix_getUIDname (SH_ERR_ALL, xf->xf_uid, user, userlen); if (!tmp) sl_snprintf (user, userlen, "%ld", (unsigned long) xf->xf_uid); return sh_util_strdup(getprocname(xf->xf_pid)); } else { sl_strlcpy(user, try.user, userlen); SH_FREE(try.user); return try.path; } } } sl_strlcpy(user, "-", userlen); return sh_util_strdup("-"); } static void sockdel(struct sock * sock) { if (sock) { if (sock->next) sockdel(sock->next); SH_FREE(sock); } return; } int sh_port2proc_prepare() { int i; if (xfiles) { SH_FREE(xfiles); xfiles = NULL; } for (i = 0; i < HASHSIZE; ++i) { sockdel(sockhash[i]); sockhash[i] = NULL; } /* Inet connections */ gather_inet(IPPROTO_TCP); gather_inet(IPPROTO_UDP); gather_inet(IPPROTO_DIVERT); getfiles(); return 0; } void sh_port2proc_finish() { return; } #else /* !defined(__linux__) && !defined(__FreeBSD__) */ #include "samhain.h" #include "sh_utils.h" #include "sh_ipvx.h" char * sh_port2proc_query(int proto, struct sh_sockaddr * saddr, int sport, unsigned long * pid, char * user, size_t userlen) { (void) proto; (void) saddr; (void) sport; *pid = 0; sl_strlcpy(user, "-", userlen); return sh_util_strdup("-"); } int sh_port2proc_prepare() { return 0; } void sh_port2proc_finish() { return; } #endif #endif /* defined(SH_USE_PORTCHECK) */ samhain-3.1.0/src/sh_prelink.c0000644000175000017500000001704311664727262013167 00000000000000/* SAMHAIN file system integrity testing */ /* Copyright (C) 2004 Rainer Wichmann */ /* */ /* This program is free software; you can redistribute it */ /* and/or modify */ /* it under the terms of the GNU General Public License as */ /* published by */ /* the Free Software Foundation; either version 2 of the License, or */ /* (at your option) any later version. */ /* */ /* This program is distributed in the hope that it will be useful, */ /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ /* GNU General Public License for more details. */ /* */ /* You should have received a copy of the GNU General Public License */ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config_xor.h" #include #include #include #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) #include "samhain.h" #include "sh_tiger.h" #include "sh_extern.h" #include "sh_utils.h" #include "sh_unix.h" #undef FIL__ #define FIL__ _("sh_prelink.c") static char * prelink_path = NULL; static char * prelink_hash = NULL; int sh_prelink_set_path (const char * str) { SL_ENTER(_("sh_prelink_set_path")); if (prelink_path != NULL) SH_FREE(prelink_path); if (str[0] != '/') { prelink_path = NULL; SL_RETURN((-1), _("sh_prelink_set_path")); } #ifdef SH_EVAL_SHELL prelink_path = sh_util_strdup(str); SL_RETURN(0, _("sh_prelink_set_path")); #else prelink_path = NULL; SL_RETURN((-1), _("sh_prelink_set_path")); #endif } int sh_prelink_set_hash (const char * str) { size_t len; SL_ENTER(_("sh_prelink_set_hash")); if (prelink_hash != NULL) SH_FREE(prelink_hash); len = sl_strlen (str); if (len != KEY_LEN) { prelink_hash = NULL; SL_RETURN((-1), _("sh_prelink_set_hash")); } prelink_hash = SH_ALLOC(len+1); (void) sl_strlcpy(prelink_hash, str, len+1); SL_RETURN(0, _("sh_prelink_set_hash")); } int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout, char * path) { long status; char magic[4]; char * tmp; /* 42 bytes is about the minimum an ELF binary might have * (with plenty of hacks to reduce the size, such as interleaving * the code with the header...) */ if (size < 42) return S_FALSE; status = sl_read_timeout (fd, magic, 4, alert_timeout, SL_FALSE); (void) sl_rewind(fd); if (status == 4) { /*@-usedef@*/ if (magic[0] == (char) 0x7f && magic[1] == 'E' && magic[2] == 'L' && magic[3] == 'F') return S_TRUE; /*@+usedef@*/ } else { tmp = sh_util_safe_name (path); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGPATH, _("Error reading file"), _("sh_prelink_iself"), tmp); SH_FREE(path); } return S_FALSE; } extern int get_the_fd (SL_TICKET ticket); static void sh_prelink_fd(sh_tas_t * task) { SL_TICKET ticket; char * tmp; char hashbuf[KEYBUF_SIZE]; if (task->com_ti != (-1)) { (void) sl_close(task->com_ti); task->com_fd = -1; task->com_ti = -1; } ticket = sl_open_read(FIL__, __LINE__, task->command, task->privileged == 0 ? SL_NOPRIV : SL_YESPRIV); if (SL_ISERROR(ticket)) { char errbuf[SH_ERRBUF_SIZE]; char errbuf2[SH_ERRBUF_SIZE]; sh_error_message(errno, errbuf2, sizeof(errbuf2)); sl_strlcpy(errbuf, sl_error_string(ticket), sizeof(errbuf)); tmp = sh_util_safe_name (task->command); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_READ, errbuf, errbuf2, tmp); SH_FREE(tmp); return; } if (*(task->checksum) == '\0' || 0 == sl_strcmp(task->checksum, sh_tiger_hash (task->command, ticket, TIGER_NOLIM, hashbuf, sizeof(hashbuf)))) { task->com_fd = get_the_fd(ticket); task->com_ti = ticket; } else { tmp = sh_util_safe_name (task->command); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_HASH, tmp); SH_FREE(tmp); (void) sl_close(ticket); } return; } /* returns static storage */ int sh_prelink_run (char * path, char * file_hash, int alert_timeout) { static int init = S_FALSE; static int args_filled = 0; static sh_tas_t task; int status = 0; char * p; SL_ENTER(_("sh_prelink_run")); /* reset if path == NULL */ if (path == NULL) { if (init == S_FALSE) { SL_RETURN (0, _("sh_prelink_run")); } sh_ext_tas_free(&task); init = S_FALSE; args_filled = 0; SL_RETURN (0, _("sh_prelink_run")); } /* initialize task structure */ if (init == S_FALSE) { char dir[SH_PATHBUF]; sh_ext_tas_init(&task); p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid, dir, sizeof(dir)); if (p) { (void) sh_ext_tas_add_envv (&task, _("HOME"), p); } (void) sh_ext_tas_add_envv (&task, _("SHELL"), _("/bin/sh")); (void) sh_ext_tas_add_envv (&task, _("PATH"), _("/sbin:/usr/sbin:/bin:/usr/bin")); if (sh.timezone != NULL) { (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone); } if (prelink_path == NULL) { sh_ext_tas_command(&task, _("/usr/sbin/prelink")); (void) sh_ext_tas_add_argv(&task, _("/usr/sbin/prelink")); } else { sh_ext_tas_command(&task, prelink_path); (void) sh_ext_tas_add_argv(&task, prelink_path); } args_filled = sh_ext_tas_add_argv(&task, _("--verify")); if (prelink_hash != NULL) { (void) sl_strlcpy(task.checksum, prelink_hash, KEY_LEN+1); } task.rw = 'r'; task.fork_twice = S_FALSE; sh_prelink_fd(&task); init = S_TRUE; } /* rm filename arg if set; fill in filename */ if (args_filled == 3) args_filled = sh_ext_tas_rm_argv(&task); if (args_filled == 2) args_filled = sh_ext_tas_add_argv(&task, path); else { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, args_filled, MSG_E_SUBGEN, _("Bad argument count"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } /* open pipe */ status = sh_ext_popen(&task); if (status != 0) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, _("Could not open pipe"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } if (SL_ISERROR(task.pipeTI)) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task.pipeTI, MSG_E_SUBGEN, _("No valid ticket"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } /* read from pipe */ sl_read_timeout_prep (task.pipeTI); { char hashbuf[KEYBUF_SIZE]; UINT64 length_nolim = TIGER_NOLIM; sl_strlcpy(file_hash, sh_tiger_generic_hash (path, task.pipeTI, &length_nolim, alert_timeout, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } /* close pipe and return exit status */ status = sh_ext_pclose(&task); SL_RETURN ((status), _("sh_prelink_run")); } /* defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) */ #endif samhain-3.1.0/src/sh_cat.c0000644000175000017500000014532111776105627012272 00000000000000#include "config_xor.h" #include "samhain.h" #include "sh_error.h" #include "sh_cat.h" /*@-nullassign@*/ const char * class_cat[] = { N_("AUD"), /* 0 */ N_("PANIC"), /* 1 */ N_("RUN_OLD"), /* 2 */ N_("FIL_OLD"), /* 3 */ N_("TCP"), /* 4 */ N_("ERR"), /* 5 */ N_("STAMP"), /* 6 */ N_("ENET"), /* 7 */ N_("EINPUT"), /* 8 */ /* new simplified classes */ N_("EVENT"), /* 9 */ N_("START"), /* 10 */ N_("LOGKEY"), /* 11 */ N_("OTHER"), /* 12 */ /* end simplified classes */ N_("RUN"), /* 13 */ N_("FIL"), /* 14 */ N_("ERROR"), /* 15 */ NULL }; #ifdef SH_USE_XML cat_entry msg_cat[] = { #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking %16s\" path=\"%s\"")}, #endif { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC %s\" program=\"%s\" subroutine=\"%s\"")}, { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=\"Server up, simultaneous connections: %d\" socket_id=\"%d\"")}, { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC Error initializing the application\" program=\"%s\"")}, { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" status=\"%s\"")}, { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=\"LOGKEY\" program=\"%s\" hash=\"%s\"")}, { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\"")}, { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\"")}, { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" hash=\"%s\" path_data=\"%s\" hash_data=\"%s\"")}, { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=\"START\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\"")}, { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=\"EXIT\" program=\"%s\" userid=\"%ld\" path=\"%s\" key_uid=\"%s\" key_id=\"%s\" path_data=\"%s\" key_uid_data=\"%s\" key_id_data=\"%s\"")}, { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg=\"SUSPEND\" program=\"%s\"")}, { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=\"Using insecure memory\"")}, { MSG_W_SIG, SH_ERR_WARN, RUN, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=\"Module not initialized\" module=\"%s\" return_code=\"%ld\"")}, { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=\"Module initialized\" module=\"%s\"")}, { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=\"Module execution error\" module=\"%s\" return_code=\"%ld\"")}, { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=\"Runtime configuration reloaded\"")}, { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=\"No files or directories defined for checking\"")}, { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=\"File check completed.\" time=\"%ld\" kBps=\"%f\"")}, { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=\"---- TIMESTAMP ----\"")}, { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=\"Downloading configuration file\"")}, { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=\"Downloading database file\"")}, { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=\"No file from server, trying local file\"")}, #ifndef HAVE_URANDOM { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=\"Found entropy source\" path=\"%s\"")}, { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=\"Execute entropy source\" path=\"%s\" rd_file_id=\"%ld\"")}, { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=\"Could not execute entropy source\" path=\"%s\"")}, { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=\"Timeout in entropy collector\" time=\"%ld\"")}, { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=\"End of data, closing entropy source\" rd_file_id=\"%ld\"")}, { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=\"Close entropy source\" rd_file_id=\"%ld\"")}, { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=\"Data from entropy source\" rd_file_id=\"%ld\" bytes=\"%ld\"")}, #endif #ifdef SH_USE_SUIDCHK { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [SuidCheck] %s\" path=\"%s\" %s") }, { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg=\"Found suid/sgid file\" path=\"%s\"") }, { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for SUID programs: %ld files, %ld seconds\"") }, { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine report: %s\" path=\"%s\"") }, { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=\"Quarantine error: %s\"") }, #endif #ifdef SH_USE_KERN /* FreeBSD */ { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] BSD syscall table: new: %#lx old: %#lx\" syscall=\"%03d %s\"") }, { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] BSD syscall code: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\"") }, /* Linux */ { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYSCALL modified syscall\" syscall=\"%03d %s\" %s") }, { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] PROC modified proc filesystem: %s\"") }, { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] IDT modified interrupt %03d: new: 0x%-8.8lx %-9s %3d %c old: 0x%-8.8lx %-9s %3d %c\" %s") }, { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Kernel] SYS_GATE modified system_call: new: %#x,%#x old: %#x,%#x\" syscall=\"%03d %s\" %s") }, #endif #ifdef SH_USE_UTMP { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking logins\"")}, { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=\"Login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=\"Multiple login\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" ip=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" host=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" userid=\"%s\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=\"Logout\" tty=\"%s\" time=\"%s\" status=\"%d\"")}, { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=\"Logfile size decreased\" path=\"%s\"")}, { MSG_UT_BAD, SH_ERR_SEVERE, EVENT, N_("msg=\"Login at disallowed time\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, { MSG_UT_FIRST, SH_ERR_SEVERE, EVENT, N_("msg=\"First login from this host\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, { MSG_UT_OUTLIER, SH_ERR_SEVERE, EVENT, N_("msg=\"Login time outlier\" userid=\"%s\" host=\"%s\" time=\"%s\"")}, #endif #ifdef SH_USE_PROCESSCHECK { MSG_PCK_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking processes in pid interval [%ld,%ld]\"")}, { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=\"PID %ld found with tests %s\"")}, { MSG_PCK_P_HIDDEN,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Hidden pid: %ld tests: %s\" path=\"%s\" userid=\"%s\"")}, { MSG_PCK_HIDDEN, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Hidden pid: %ld tests: %s\"")}, { MSG_PCK_FAKE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Fake pid: %ld tests: %s\"")}, { MSG_PCK_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Missing: %s\"")}, #endif #ifdef SH_USE_PORTCHECK { MSG_PORT_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceMissing] %s\"")}, { MSG_PORT_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceNew] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, { MSG_PORT_RESTART,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServiceRestarted] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, { MSG_PORT_NEWPORT,SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [ServicePortSwitch] %s\" path=\"%s\" pid=\"%lu\" userid=\"%s\"")}, #endif #ifdef SH_USE_MOUNTS { MSG_MNT_CHECK, SH_ERR_INFO, RUN, N_("msg=\"Checking mounts\"")}, { MSG_MNT_MEMLIST, SH_ERR_ERR, RUN, N_("msg=\"Cannot read mount list from memory\"")}, { MSG_MNT_MNTMISS, SH_ERR_WARN, EVENT, N_("msg=\"POLICY [Mounts] Mount missing\" path=\"%s\"")}, { MSG_MNT_OPTMISS, SH_ERR_WARN, EVENT, N_("msg=\"POLICY [Mounts] Mount option missing\" path=\"%s\" option=\"%s\"")}, #endif #ifdef SH_USE_USERFILES { MSG_USERFILES_SUMMARY,SH_ERR_INFO, RUN, N_("msg=\"Checked for users files\"") }, #endif #ifdef USE_LOGFILE_MONITOR { MSG_LOGMON_CHKS, SH_ERR_INFO, RUN, N_("msg=\"Checking logfile %s\"") }, { MSG_LOGMON_CHKE, SH_ERR_INFO, RUN, N_("msg=\"Finished logfile %s, %lu new records processed\"") }, { MSG_LOGMON_MISS, SH_ERR_ERR, RUN, N_("msg=\"Missing logfile %s\"") }, { MSG_LOGMON_EOPEN,SH_ERR_ERR, RUN, N_("msg=\"Cannot open logfile %s\"") }, { MSG_LOGMON_EREAD,SH_ERR_ERR, RUN, N_("msg=\"Error while reading logfile %s\"") }, { MSG_LOGMON_REP, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] %s\" time=\"%s\" host=\"%s\" path=\"%s\"") }, { MSG_LOGMON_SUM, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] %s\" host=\"%s\" path=\"%s\"") }, { MSG_LOGMON_COR, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] Correlation event %s occured %d time(s)\"") }, { MSG_LOGMON_MARK, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] Event %s missing for %lu seconds\"") }, { MSG_LOGMON_BURST, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] Repeated %d times: %s\" host=\"%s\"") }, #endif #ifdef USE_REGISTRY_CHECK { MSG_REG_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyMissing] %s\" path=\"%s\" %s")}, { MSG_REG_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyNew] %s\" path=\"%s\" %s")}, { MSG_REG_CHANGE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyChanged] %s\" path=\"%s\" %s")}, #endif #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) { MSG_FI_TOOLATE, SH_ERR_ERR, FIL, N_("msg=\"Large lstat/open overhead: %ld sec\" path=\"%s\"")}, #if 0 { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=\"Checksum\" chk=\"%s\" path=\"%s\"")}, { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=\"d: %3ld, -: %3ld, l: %3ld, |: %3ld, s: %3ld, c: %3ld, b: %3ld\"")}, { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=\"Checking %16s\" path=\"%s\"")}, #endif { MSG_FI_NULL, SH_ERR_ERR, FIL, N_("msg=\"Path is NULL\"")}, { MSG_FI_FAIL, SH_ERR_ERR, FIL, N_("msg=\"Check failed\" path=\"%s\"")}, { MSG_FI_GLOB, SH_ERR_ERR, FIL, N_("interface=\"glob\" msg=\"%s\" path=\"%s\"")}, { MSG_FI_COLL, SH_ERR_WARN, FIL, N_("msg=\"Writeable file with timestamps of parent directory fixed\" dir=\"%s\" path=\"%s\"")}, { MSG_FI_DOUBLE, SH_ERR_WARN, FIL, N_("msg=\"File or directory appears twice in configuration\" path=\"%s\"")}, { MSG_FI_2LONG, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s\"")}, { MSG_FI_2LONG2, SH_ERR_ERR, FIL, N_("msg=\"Filename too long\" path=\"%s/%s\"")}, { MSG_FI_NOPATH, SH_ERR_ERR, FIL, N_("msg=\"Filename not an absolute path\" path=\"%s\"")}, { MSG_FI_DLNK, SH_ERR_INFO, FIL, N_("msg=\"Dangling link\" path=\"%s\" linked_path=\"%s\"")}, { MSG_FI_RDLNK, SH_ERR_ERR, FIL, N_("interface=\"readlink\" msg=\"%s\" path=\"%s\"")}, { MSG_FI_NOGRP, SH_ERR_ERR, FIL, N_("interface=\"getgrgid\" msg=\"No such group\" group=\"%ld\" path=\"%s\"")}, { MSG_FI_NOUSR, SH_ERR_ERR, FIL, N_("interface=\"getpwuid\" msg=\"No such user\" userid=\"%ld\" path=\"%s\"")}, { MSG_FI_STAT, SH_ERR_ERR, FIL, N_("interface=\"%s\" msg=\"%s\" userid=\"%ld\" path=\"%s\"")}, { MSG_FI_OBSC, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s\"")}, { MSG_FI_OBSC2, SH_ERR_ERR, FIL, N_("msg=\"Weird filename\" path=\"%s/%s\"")}, { MSG_FI_LIST, SH_ERR_ALL, FIL, N_("msg=\"%10s %2d %8s %8s %14ld %21s %s\"")}, { MSG_FI_LLNK, SH_ERR_ALL, FIL, N_("msg=\" >>> %10s %s\"")}, { MSG_FI_MISS, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\"")}, { MSG_FI_MISS2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY MISSING\" path=\"%s\" %s")}, { MSG_FI_ADD, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\"")}, { MSG_FI_ADD2, SH_ERR_ERR, EVENT, N_("msg=\"POLICY ADDED\" path=\"%s\" %s")}, { MSG_FI_CHAN, SH_ERR_ERR, EVENT, N_("msg=\"POLICY %s %s\" path=\"%s\" %s")}, { MSG_FI_NODIR, SH_ERR_ERR, EVENT, N_("msg=\"POLICY NODIRECTORY\" path=\"%s\"")}, { MSG_FI_DBEX, SH_ERR_WARN, FIL, N_("msg=\"Signature database exists\" path=\"%s\"")}, #endif { MSG_TCP_NETRP, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\" port=\"%ld\" subroutine=\"%s\"")}, #ifndef SH_STANDALONE #ifdef INET_SYSLOG { MSG_INET_SYSLOG, SH_ERR_INET, TCP, N_("ip=\"%s\" facility=\"%s\" priority=\"%s\" syslog_msg=\"%s\"")}, { MSG_ERR_SYSLOG, SH_ERR_ERR, TCP, N_("msg=\"syslog socket: %s\" ip=\"%s\"")}, #endif { MSG_TCP_MISMATCH,SH_ERR_ERR, TCP, N_("msg=\"Protocol mismatch\"")}, { MSG_TCP_MISENC, SH_ERR_ERR, TCP, N_("msg=\"Encryption mismatch in %s: server: %s client: %s\"")}, { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=\"No server name known\"")}, { MSG_TCP_UNEXP, SH_ERR_ERR, TCP, N_("msg=\"Unexpected reply\"")}, { MSG_TCP_EFIL, SH_ERR_ERR, TCP, N_("msg=\"Could not open temporary file\"")}, { MSG_TCP_NOCONF, SH_ERR_ERR, TCP, N_("msg=\"Message delivery not confirmed\"")}, { MSG_TCP_NOAUTH, SH_ERR_ERR, TCP, N_("msg=\"Session key negotiation failed\"")}, { MSG_TCP_CONF, SH_ERR_ALL, TCP, N_("msg=\"Message delivery confirmed\"")}, { MSG_TCP_AUTH, SH_ERR_INFO, TCP, N_("msg=\"Session key negotiated\"")}, { MSG_TCP_FOK, SH_ERR_INFO, TCP, N_("msg=\"File download completed\"")}, { MSG_TCP_FBAD, SH_ERR_ERR, TCP, N_("msg=\"File download failed\"")}, { MSG_TCP_ECONN, SH_ERR_ERR, TCP, N_("msg=\"Connection error: %s\"")}, { MSG_TCP_EZERO, SH_ERR_ERR, TCP, N_("msg=\"Illegal zero reply\"")}, { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=\"Error in big integer library\"")}, { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=\"Registered %s, salt %s, verifier %s\"")}, { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=\"Force authentication\" host=\"%s\"")}, { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve client name\" host=\"%s\"")}, { MSG_TCP_RESPEER, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve socket peer IP for client\" host=\"%s\" peer=\"%s\"")}, { MSG_TCP_LOOKERS, SH_ERR_SEVERE, TCP, N_("msg=\"Reverse lookup of socket peer failed\" host=\"%s\" peer=\"%s\" obj=\"%s\"")}, { MSG_TCP_LOOKUP, SH_ERR_SEVERE, TCP, N_("msg=\"No socket peer alias matches client name\" host=\"%s\" peer=\"%s\"")}, { MSG_TCP_TIMOUT, SH_ERR_SEVERE, TCP, N_("msg=\"Connection timeout\" host=\"%s\"")}, { MSG_TCP_TIMEXC, SH_ERR_SEVERE, TCP, N_("msg=\"Time limit exceeded\" host=\"%s\"")}, { MSG_TCP_NOCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Hostname is NULL\"")}, { MSG_TCP_BADCONN, SH_ERR_SEVERE, TCP, N_("msg=\"Invalid connection attempt: %s\" host=\"%s\"")}, { MSG_TCP_FFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Unknown file request\" host=\"%s\" path=\"%s\"")}, { MSG_TCP_NFILE , SH_ERR_SEVERE, TCP, N_("msg=\"Requested file not found\" host=\"%s\" path=\"%s\"")}, { MSG_TCP_FINV , SH_ERR_SEVERE, TCP, N_("msg=\"Invalid request (%d) in pass %d\" host=\"%s\" request=\"%c%03o%c%03o%c%03o%c%03o\"")}, { MSG_TCP_OKFILE, SH_ERR_INFO, TCP, N_("msg=\"File transfer completed\" host=\"%s\"")}, { MSG_TCP_OKMSG, SH_ERR_ALL, TCP, N_("msg=\"Message transfer completed\" host=\"%s\"")}, { MSG_TCP_MSG, SH_ERR_INET, TCP, N_("remote_host=\"%s\" > %s ")}, { MSG_TCP_NEW, SH_ERR_NOTICE, TCP, N_("msg=\"NEW CLIENT\" host=\"%s\"")}, { MSG_TCP_ILL, SH_ERR_SEVERE, TCP, N_("msg=\"Restart without prior exit\" host=\"%s\"")}, { MSG_TCP_SYNC, SH_ERR_SEVERE, TCP, N_("msg=\"Out of sync\" host=\"%s\"")}, { MSG_TCP_RESET, SH_ERR_NOTICE, TCP, N_("msg=\"Connection reset by peer\" host=\"%s\"")}, { MSG_TCP_CNEW, SH_ERR_INFO, TCP, N_("msg=\"New connection\" socket_id=\"%d\"")}, { MSG_E_HTML, SH_ERR_ERR, ERR, N_("msg=\"Error writing HTML status\"")}, #endif { MSG_E_AUTH, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File modified\" path=\"%s\"")}, { MSG_ACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Access violation\" userid=\"%ld\" path=\"%s\"")}, { MSG_TRUST, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - Untrusted path\" userid=\"%ld\" path=\"%s\"")}, { MSG_NOACCESS, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - File not accessible\" userid=\"%ld\" path=\"%s\"")}, { MSG_P_NODATA, SH_ERR_FATAL, PANIC, N_("msg=\"PANIC - No data in file\" path=\"%s\"")}, #ifndef MEM_DEBUG { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer\"")}, { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\"")}, #else { MSG_MSTAMP, SH_ERR_STAMP, STAMP, N_("msg=\"Memory used: max.=%lu, current=%lu\"")}, { MSG_MSTAMP2, SH_ERR_STAMP, STAMP, N_("msg=\"Blocks: %d allocated, %d freed, %d maximum\"")}, { MSG_E_MNULL, SH_ERR_ERR, ERR, N_("msg=\"Dereferenced NULL pointer allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, { MSG_E_MMEM, SH_ERR_ERR, ERR, N_("msg=\"Out of memory\" source_file=\"%s\" source_line=\"%d\"")}, { MSG_E_MREC, SH_ERR_ERR, ERR, N_("msg=\"Free() on unrecorded block\" source_file=\"%s\" source_line=\"%d\"")}, { MSG_E_MOVER, SH_ERR_ERR, ERR, N_("msg=\"Memory overrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, { MSG_E_MUNDER, SH_ERR_ERR, ERR, N_("msg=\"Memory underrun on block allocated in %s, line %d\" source_file=\"%s\" source_line=\"%d\"")}, { MSG_E_NOTFREE, SH_ERR_ERR, ERR, N_("msg=\"Block not deallocated\" size=\"%14ld\" source_file=\"%19s\" source_line=\"%d\"")}, #endif { MSG_E_TRUST, SH_ERR_ERR, ERR, N_("msg=\"Untrusted path\" userid=\"%ld\" path=\"%s\"")}, { MSG_E_HASH, SH_ERR_ERR, ERR, N_("msg=\"Incorrect checksum\" path=\"%s\"")}, { MSG_E_ACCESS, SH_ERR_ERR, ERR, N_("msg=\"File not accessible\" userid=\"%ld\" path=\"%s\"")}, { MSG_E_READ, SH_ERR_ERR, ERR, N_("msg=\"Not accessible or not a regular file (%s / %s)\" path=\"%s\"")}, { MSG_E_NOTREG, SH_ERR_ERR, ERR, N_("msg=\"Not a regular file\" path=\"%s\"")}, { MSG_E_TIMEOUT, SH_ERR_ERR, ERR, N_("msg=\"Timeout (%d sec) while checksumming file\" path=\"%s\"")}, { MSG_NODEV, SH_ERR_ERR, ERR, N_("msg=\"Device not available or timeout during read attempt\" userid=\"%ld\" path=\"%s\"")}, { MSG_LOCKED, SH_ERR_ERR, ERR, N_("msg=\"File lock error\" userid=\"%ld\" path=\"%s\" obj=\"%s\"")}, { MSG_PIDFILE, SH_ERR_ERR, ERR, N_("msg=\"Could not write PID file\" userid=\"%ld\" path=\"%s\"")}, { MSG_NOEXEC, SH_ERR_ERR, ERR, N_("msg=\"Could not execute file\" userid=\"%ld\" path=\"%s\"")}, { MSG_ES_ENT, SH_ERR_ERR, ERR, N_("msg=\"No entropy collected\" subroutine=\"%s\"")}, { MSG_ES_KEY1, SH_ERR_ERR, ERR, N_("msg=\"Insecure key generation\" subroutine=\"%s\"")}, { MSG_ES_KEY2, SH_ERR_ERR, ERR, N_("msg=\"Error copying key\" subroutine=\"%s\"")}, { MSG_E_GPG, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in gpg checksum does not match: need %s got %s\"")}, { MSG_E_GPG_FP, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in fingerprint modified: one %s two %s\"")}, { MSG_E_GPG_CHK, SH_ERR_ERR, ERR, N_("msg=\"Compiled-in checksum modified: one %s two %s\"")}, { MSG_E_SUBGEN, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\"")}, { MSG_E_SUBGPATH, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"%s\" path=\"%s\"")}, { MSG_E_UNLNK, SH_ERR_ERR, FIL, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, { MSG_E_REGEX, SH_ERR_ERR, ERR, N_("interface=\"regcomp\" msg=\"%s\" obj=\"%s\"")}, { MSG_E_OPENDIR, SH_ERR_ERR, FIL, N_("interface=\"opendir\" msg=\"%s\" path=\"%s\"")}, { MSG_E_TRUST1, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\"")}, { MSG_E_TRUST2, SH_ERR_ERR, ERR, N_("msg=\"%s\" subroutine=\"trustfile\" path=\"%s\" obj=\"%s\"")}, { MSG_E_PWNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty password file entry: %s\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, { MSG_E_PWLONG, SH_ERR_ERR, ERR, N_("msg=\"Password file entry too long\" subroutine=\"%s\" userid=\"%ld\" obj=\"%s\"")}, { MSG_E_GRNULL, SH_ERR_ERR, ERR, N_("msg=\"Empty groups file entry: %s\" subroutine=\"%s\" group=\"%ld\" obj=\"%s\"")}, { MSG_E_NET, SH_ERR_ERR, ENET, N_("msg=\"%s\" subroutine=\"%s\" service=\"%s\" host=\"%s\"")}, { MSG_E_NETST, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\"")}, { MSG_E_NETST1, SH_ERR_ERR, ENET, N_("msg=\"Invalid connection state\" expect=\"%4s\" received=\"%4s\" host=\"%s\"")}, { MSG_E_NLOST, SH_ERR_ERR, ENET, N_("msg=\"Connection failure\" service=\"%s\" host=\"%s\"")}, { MSG_E_NEST, SH_ERR_ERR, ENET, N_("msg=\"Connection reestablished\" service=\"%s\" host=\"%s\"")}, { MSG_EINVALHEAD, SH_ERR_WARN, EINPUT,N_("msg=\"Unrecognized section heading in line %ld of configuration file\"")}, { MSG_EINVALCONF, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid line %ld in configuration file: incorrect format, unrecognized option, or missing section header\"")}, { MSG_EINVALS, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%s\"")}, { MSG_EINVALL, SH_ERR_WARN, EINPUT,N_("msg=\"Invalid input\" option=\"%s\" obj=\"%ld\"")}, { MSG_EINVALD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: unmatched @end\" option=\"%s\" obj=\"%ld\"")}, { MSG_EINVALDD, SH_ERR_WARN, EINPUT,N_("msg=\"Configuration file: missing @end\" option=\"%s\" obj=\"%ld\"")}, { MSG_SRV_FAIL, SH_ERR_ERR, ERR, N_("msg=\"Service failure\" service=\"%s\" obj=\"%s\"")}, { MSG_QUEUE_FULL, SH_ERR_ERR, ERR, N_("msg=\"Queue full, messages may get lost\" service=\"%s\"")}, { MSG_AUD_OPEN, SH_ERR_NOTICE, AUD, N_("interface=\"open\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, { MSG_AUD_DUP, SH_ERR_NOTICE, AUD, N_("interface=\"dup\" file_id=\"%ld\" return_id=\"%ld\"")}, { MSG_AUD_PIPE, SH_ERR_NOTICE, AUD, N_("interface=\"pipe\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, { MSG_AUD_FORK, SH_ERR_NOTICE, AUD, N_("interface=\"fork\" return_id=\"%ld\"")}, { MSG_AUD_EXIT, SH_ERR_NOTICE, AUD, N_("interface=\"exit\" exit_code=\"%ld\"")}, { MSG_AUD_SETUID, SH_ERR_NOTICE, AUD, N_("interface=\"setuid\" uid=\"%ld\"")}, { MSG_AUD_SETGID, SH_ERR_NOTICE, AUD, N_("interface=\"setgid\" gid=\"%ld\"")}, { MSG_AUD_UTIME, SH_ERR_NOTICE, AUD, N_("interface=\"utime\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, { MSG_AUD_EXEC, SH_ERR_NOTICE, AUD, N_("interface=\"exec\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, { MSG_AUD_CHDIR, SH_ERR_NOTICE, AUD, N_("interface=\"chdir\" path=\"%s\"")}, { MSG_AUD_UNLINK, SH_ERR_NOTICE, AUD, N_("interface=\"unlink\" path=\"%s\"")}, { MSG_AUD_KILL, SH_ERR_NOTICE, AUD, N_("interface=\"kill\" pid=\"%ld\" sig=\"%ld\"")}, { MSG_ERR_OPEN, SH_ERR_ALL, ERR, N_("interface=\"open\" msg=\"%s\" path=\"%s\" oflag=\"%ld\" mode=\"%ld\" return_id=\"%ld\"")}, { MSG_ERR_DUP, SH_ERR_ALL, ERR, N_("interface=\"dup\" msg=\"%s\" file_id=\"%ld\" return_id=\"%ld\"")}, { MSG_ERR_PIPE, SH_ERR_ALL, ERR, N_("interface=\"pipe\" msg=\"%s\" rd_file_id=\"%ld\" wr_file_id=\"%ld\"")}, { MSG_ERR_FORK, SH_ERR_ALL, ERR, N_("interface=\"fork\" msg=\"%s\" return_id=\"%ld\"")}, { MSG_ERR_SETUID, SH_ERR_ALL, ERR, N_("interface=\"setuid\" msg=\"%s\" uid=\"%ld\"")}, { MSG_ERR_SETGID, SH_ERR_ALL, ERR, N_("interface=\"setgid\" msg=\"%s\" gid=\"%ld\"")}, { MSG_ERR_UTIME, SH_ERR_ALL, ERR, N_("interface=\"utime\" msg=\"%s\" path=\"%s\" atime=\"%ld\" mtime=\"%ld\"")}, { MSG_ERR_EXEC, SH_ERR_ALL, ERR, N_("interface=\"exec\" msg=\"%s\" path=\"%s\" uid=\"%ld\" gid=\"%ld\"")}, { MSG_ERR_CHDIR, SH_ERR_ALL, ERR, N_("interface=\"chdir\" msg=\"%s\" path=\"%s\"")}, { MSG_ERR_UNLINK, SH_ERR_ALL, ERR, N_("interface=\"unlink\" msg=\"%s\" path=\"%s\"")}, { MSG_ERR_KILL, SH_ERR_ALL, ERR, N_("interface=\"kill\" msg=\"%s\" pid=\"%ld\" sig=\"%ld\"")}, { MSG_ERR_SIGACT, SH_ERR_ALL, ERR, N_("interface=\"sigaction\" msg=\"%s\" sig=\"%ld\"")}, { MSG_ERR_CONNECT, SH_ERR_ALL, ERR, N_("interface=\"connect\" msg=\"%s\" socket_id=\"%ld\" port=\"%ld\" host=\"%s\"")}, { MSG_ERR_ACCEPT, SH_ERR_ALL, ERR, N_("interface=\"accept\" msg=\"%s\" socket_id=\"%ld\"")}, { MSG_ERR_LSTAT, SH_ERR_ALL, ERR, N_("interface=\"lstat\" msg=\"%s\" path=\"%s\"")}, { MSG_ERR_STAT, SH_ERR_ALL, ERR, N_("interface=\"stat\" msg=\"%s\" path=\"%s\"")}, { MSG_ERR_FSTAT, SH_ERR_ALL, ERR, N_("interface=\"fstat\" msg=\"%s\" file_id=\"%ld\"")}, { MSG_ERR_FCNTL, SH_ERR_ALL, ERR, N_("interface=\"fcntl\" msg=\"%s\" file_id=\"%ld\" cmd=\"%ld\" arg=\"%ld\"")}, { 0, 0, 0, NULL} }; /******************************************************************** * * * NO XML * * ********************************************************************/ /* #ifdef (SH_USE_XML) */ #else cat_entry msg_cat[] = { #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) { MSG_FI_CSUM, SH_ERR_ALL, FIL, N_("msg=, chk=<%s>, path=<%s>")}, { MSG_FI_DSUM, SH_ERR_INFO, FIL, N_("msg=")}, { MSG_FI_CHK, SH_ERR_INFO, FIL, N_("msg=, path=<%s>")}, #endif { MSG_EXIT_ABORTS, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>, subroutine=<%s>")}, { MSG_START_SRV, SH_ERR_STAMP, START, N_("msg=, socket_id=<%d>")}, { MSG_EXIT_ABORT1, SH_ERR_FATAL, PANIC, N_("msg=, program=<%s>")}, { MSG_EXIT_NORMAL, SH_ERR_FATAL, START, N_("msg=, program=<%s>, status=<%s>")}, { MSG_START_KEY_MAIL, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>\r\n-----BEGIN LOGKEY-----\r\n%s%s")}, { MSG_START_KEY, SH_ERR_FATAL, LOGKEY, N_("msg=, program=<%s>, hash=<%s>")}, { MSG_START_0H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>")}, { MSG_START_1H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>")}, { MSG_START_2H, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, hash=<%s>, path=<%s>, hash=<%s>")}, { MSG_START_GH, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, { MSG_START_GH2, SH_ERR_FATAL, START, N_("msg=, program=<%s>, userid=<%ld>, path=<%s>, key_uid=<%s>, key_id=<%s>, path=<%s>, key_uid=<%s>, key_id=<%s>")}, { MSG_SUSPEND, SH_ERR_STAMP, START, N_("msg= program=<%s>")}, { MSG_MLOCK, SH_ERR_WARN, RUN, N_("msg=")}, { MSG_W_SIG, SH_ERR_WARN, RUN, N_("msg=<%s>, interface=, signal=<%ld>")}, { MSG_W_CHDIR, SH_ERR_ERR, RUN, N_("msg=<%s>, interface=, path=<%s>")}, { MSG_MOD_FAIL, SH_ERR_WARN, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, { MSG_MOD_OK, SH_ERR_INFO, RUN, N_("msg=, module=<%s>")}, { MSG_MOD_EXEC, SH_ERR_ERR, RUN, N_("msg=, module=<%s>, return_code=<%ld>")}, { MSG_RECONF, SH_ERR_SEVERE, START, N_("msg=")}, { MSG_CHECK_0, SH_ERR_WARN, RUN, N_("msg=")}, { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=, time=<%ld>, kBps=<%f>")}, { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=<---- TIMESTAMP ---->")}, { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=")}, { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=")}, { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=")}, #ifndef HAVE_URANDOM { MSG_ENSTART, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, { MSG_ENEXEC, SH_ERR_ALL, RUN, N_("msg=, path=<%s>, rd_file_id=<%ld>")}, { MSG_ENFAIL, SH_ERR_ALL, RUN, N_("msg=, path=<%s>")}, { MSG_ENTOUT, SH_ERR_ALL, RUN, N_("msg=, time=<%ld>")}, { MSG_ENCLOS, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, { MSG_ENCLOS1, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>")}, { MSG_ENREAD, SH_ERR_ALL, RUN, N_("msg=, rd_file_id=<%ld>, bytes=<%ld>")}, #endif #ifdef SH_USE_SUIDCHK { MSG_SUID_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>, %s") }, { MSG_SUID_FOUND, SH_ERR_INFO, RUN, N_("msg= path=<%s>") }, { MSG_SUID_SUMMARY,SH_ERR_INFO, RUN, N_("msg=") }, { MSG_SUID_QREPORT,SH_ERR_SEVERE, EVENT, N_("msg=, path=<%s>") }, { MSG_SUID_ERROR, SH_ERR_SEVERE, EVENT, N_("msg=") }, #endif #ifdef SH_USE_KERN { MSG_KERN_POLICY, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, { MSG_KERN_POL_CO, SH_ERR_SEVERE, EVENT, N_("msg=, syscall=<%03d %s>") }, { MSG_KERN_SYSCALL,SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, { MSG_KERN_PROC, SH_ERR_SEVERE, EVENT, N_("msg=") }, { MSG_KERN_IDT, SH_ERR_SEVERE, EVENT, N_("msg=, %s") }, { MSG_KERN_GATE, SH_ERR_SEVERE, EVENT, N_("msg= syscall=<%03d %s>, %s") }, #endif #ifdef SH_USE_UTMP { MSG_UT_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, { MSG_UT_LG1X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG1A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG1B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG2X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG2A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG2B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG3X, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, ip=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG3A, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, host=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG3B, SH_ERR_INFO, EVENT, N_("msg=, name=<%s>, tty=<%s>, time=<%s>, status=<%d>")}, { MSG_UT_LG3C, SH_ERR_INFO, EVENT, N_("msg=, tty=<%s>, time=<%s>")}, { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=, path=<%s>")}, { MSG_UT_BAD, SH_ERR_SEVERE, EVENT, N_("msg= userid=<%s> host=<%s> time=<%s>")}, { MSG_UT_FIRST, SH_ERR_SEVERE, EVENT, N_("msg= userid=<%s> host=<%s> time=<%s>")}, { MSG_UT_OUTLIER, SH_ERR_SEVERE, EVENT, N_("msg= userid=<%s> host=<%s> time=<%s>")}, #endif #ifdef SH_USE_PROCESSCHECK { MSG_PCK_CHECK, SH_ERR_INFO, RUN, N_("msg=")}, { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=")}, { MSG_PCK_P_HIDDEN,SH_ERR_SEVERE, EVENT, N_("msg=