Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2022-01-20 00:12:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Thu Jan 20 00:12:20 2022 rev:49 rq:947380 version:3.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2021-10-13 18:11:25.287776339 +0200 +++ /work/SRC/openSUSE:Factory/.lynis.new.1892/lynis.changes 2022-01-20 00:13:14.114622796 +0100 @@ -1,0 +2,20 @@ +Tue Jan 18 13:29:42 UTC 2022 - Robert Frohl <[email protected]> + +- Update to 3.0.7: + * Added + - MALW-3290 - Show status of malware components + - OS detection for RHEL 6 and Funtoo Linux + - Added service manager openrc + * Changed + - DBS-1804 - Added alias for MariaDB + - FINT-4316 - Support for newer Ubuntu versions + - MALW-3280 - Added Trend Micro malware agent + - NETW-3200 - Allow unknown number of spaces in modprobe blacklists + - PKGS-7320 - Support for Garuda Linux and arch-audit + - Several improvements for busybox shell + - Russian translation of Lynis extended +- replace 0x429A566FD5B79251 with 0x9DE922F1C2FDE6C4 in lynis.keyring + according to https://packages.cisofy.com/ +- update additional_module_blacklist_locations.patch + +------------------------------------------------------------------- Old: ---- lynis-3.0.6.tar.gz New: ---- lynis-3.0.7.tar.gz lynis-3.0.7.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.mty1dQ/_old 2022-01-20 00:13:14.766623323 +0100 +++ /var/tmp/diff_new_pack.mty1dQ/_new 2022-01-20 00:13:14.770623326 +0100 @@ -1,7 +1,7 @@ # # spec file for package lynis # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2009-2013 Sascha Manns <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -23,7 +23,7 @@ %define _pluginsdir %{_datadir}/lynis/plugins %define _dbdir %{_datadir}/lynis/db Name: lynis -Version: 3.0.6 +Version: 3.0.7 Release: 0 Summary: Security and System auditing tool License: GPL-3.0-only @@ -41,8 +41,7 @@ Source10: prepare_for_suse.sh Source11: dbus-whitelist.db.openSUSE_12.2_x86_64 Source12: fileperms.db.openSUSE_12.2_x86_64 -# there's no signature available for 3.0.6 (https://github.com/CISOfy/lynis/issues/1211) -#Source13: https://downloads.cisofy.com/lynis/%{name}-%{version}.tar.gz.asc +Source13: https://downloads.cisofy.com/lynis/%{name}-%{version}.tar.gz.asc Source14: https://cisofy.com/files/cisofy-software.pub#/%{name}.keyring Source15: %{name}-rpmlintrc # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE @@ -116,9 +115,6 @@ install -pm 644 db/languages/* %{buildroot}%{_dbdir}/languages install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db -#rm %%{buildroot}%%{_dbdir}/fileperms.db -#ln -s $(basename %%{SOURCE11}) %%{_dbdir}/dbus-whitelist.db -#ln -s $(basename %%{SOURCE12}) %%{_dbdir}/fileperms.db # pacify rpmlint chmod +x %{buildroot}%{_pluginsdir}/custom_plugin.template ++++++ additional_module_blacklist_locations.patch ++++++ --- /var/tmp/diff_new_pack.mty1dQ/_old 2022-01-20 00:13:14.814623362 +0100 +++ /var/tmp/diff_new_pack.mty1dQ/_new 2022-01-20 00:13:14.818623365 +0100 @@ -2,29 +2,29 @@ =================================================================== --- lynis.orig/include/tests_filesystems +++ lynis/include/tests_filesystems -@@ -836,15 +836,18 @@ +@@ -835,15 +835,17 @@ AddHP 3 3 if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi fi - FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) - if [ -n "${FIND}" ]; then -- FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") -- FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") -- if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then -- Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN -- LogText "Result: module ${FS} is blacklisted" +- FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") +- FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") +- if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then +- Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN +- LogText "Result: module ${FS} is blacklisted" +- fi +- fi + for SUBDIR in "${ROOTDIR}etc" "/usr/lib"; do -+ FIND=$(${LSBINARY} ${SUBDIR}/modprobe.d/* 2> /dev/null) ++ FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) + if [ -n "${FIND}" ]; then -+ FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#") -+ FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#") -+ if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then -+ Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN -+ LogText "Result: module ${FS} is blacklisted" -+ break -+ fi - fi -- fi ++ FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") ++ FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") ++ if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then ++ Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN ++ LogText "Result: module ${FS} is blacklisted" ++ fi ++ fi + done done if [ ${FOUND} -eq 1 ]; then ++++++ lynis-3.0.6.tar.gz -> lynis-3.0.7.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/CHANGELOG.md new/lynis/CHANGELOG.md --- old/lynis/CHANGELOG.md 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/CHANGELOG.md 2022-01-18 01:00:00.000000000 +0100 @@ -1,5 +1,23 @@ # Lynis Changelog +## Lynis 3.0.7 (2022-01-18) + +### Added +- MALW-3290 - Show status of malware components +- OS detection for RHEL 6 and Funtoo Linux +- Added service manager openrc + +### Changed +- DBS-1804 - Added alias for MariaDB +- FINT-4316 - Support for newer Ubuntu versions +- MALW-3280 - Added Trend Micro malware agent +- NETW-3200 - Allow unknown number of spaces in modprobe blacklists +- PKGS-7320 - Support for Garuda Linux and arch-audit +- Several improvements for busybox shell +- Russian translation of Lynis extended + +--------------------------------------------------------------------------------- + ## Lynis 3.0.6 (2021-07-22) ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/CONTRIBUTORS.md new/lynis/CONTRIBUTORS.md --- old/lynis/CONTRIBUTORS.md 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/CONTRIBUTORS.md 2022-01-18 01:00:00.000000000 +0100 @@ -46,6 +46,7 @@ * Mikko Lehtisalo, Finland * Steve Bosek, France * Thomas Siebel, Germany +* Thomas Sj??gren, Sweden * Topi Miettinen, Finland * Zach Crownover diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/HAPPY_USERS.md new/lynis/HAPPY_USERS.md --- old/lynis/HAPPY_USERS.md 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/HAPPY_USERS.md 2022-01-18 01:00:00.000000000 +0100 @@ -36,3 +36,5 @@ * Catalyst.net IT - January 2020 Lynis gave us great insight in to the security state of our systems, as well as where we can improve. +* David Osipov - October 2021 +Lynis opened my eyes on Linux security hardening best practices. As a newbie, I learn a lot about Linux system architecture while trying to harden my system. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/db/languages/ru new/lynis/db/languages/ru --- old/lynis/db/languages/ru 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/db/languages/ru 2022-01-18 01:00:00.000000000 +0100 @@ -4,7 +4,7 @@ GEN_CURRENT_VERSION="?????????????? ????????????" GEN_DEBUG_MODE="?????????? ??????????????" GEN_INITIALIZE_PROGRAM="?????????????????????????? ??????????????????" -#GEN_LATEST_VERSION="Latest version" +GEN_LATEST_VERSION="?????????????????? ????????????" GEN_PHASE="????????????" GEN_PLUGINS_ENABLED="?????????????? ????????????????" GEN_UPDATE_AVAILABLE="???????????????? ????????????????????" @@ -14,94 +14,94 @@ NOTE_EXCEPTIONS_FOUND="?????????????? ????????????????????" NOTE_PLUGINS_TAKE_TIME="????????????????????: ?????????????? ?????????? ?????????? ???????????????? ?????????? ?? ?????????? ???????????? ?????????????????? ?????????? ???? ????????????????????" NOTE_SKIPPED_TESTS_NON_PRIVILEGED="?????????? ?????????????????? ????-???? ?????????????????????????? ???????????????????????????????????????? ????????????" -#SECTION_ACCOUNTING="Accounting" -#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" -#SECTION_BASICS="Basics" -#SECTION_BOOT_AND_SERVICES="Boot and services" -#SECTION_CONTAINERS="Containers" -#SECTION_CRYPTOGRAPHY="Cryptography" +SECTION_ACCOUNTING="????????" +SECTION_BANNERS_AND_IDENTIFICATION="?????????????? ?? ????????????????????????????" +SECTION_BASICS="????????????????" +SECTION_BOOT_AND_SERVICES="???????????????? ?? ??????????????" +SECTION_CONTAINERS="????????????????????" +SECTION_CRYPTOGRAPHY="????????????????????????" SECTION_CUSTOM_TESTS="???????????????????????????????? ??????????" -#SECTION_DATABASES="Databases" -#SECTION_DATA_UPLOAD="Data upload" -#SECTION_DOWNLOADS="Downloads" -#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" -#SECTION_FILE_INTEGRITY="Software: file integrity" -#SECTION_FILE_PERMISSIONS="File Permissions" -#SECTION_FILE_SYSTEMS="File systems" -#SECTION_FIREWALLS="Software: firewalls" -#SECTION_GENERAL="General" -#SECTION_HARDENING="Hardening" -#SECTION_HOME_DIRECTORIES="Home directories" -#SECTION_IMAGE="Image" -#SECTION_INITIALIZING_PROGRAM="Initializing program" -#SECTION_INSECURE_SERVICES="Insecure services" -#SECTION_KERNEL_HARDENING="Kernel Hardening" -#SECTION_KERNEL="Kernel" -#SECTION_LDAP_SERVICES="LDAP Services" -#SECTION_LOGGING_AND_FILES="Logging and files" +SECTION_DATABASES="???????? ????????????" +SECTION_DATA_UPLOAD="???????????????? ????????????" +SECTION_DOWNLOADS="????????????????" +SECTION_EMAIL_AND_MESSAGING="?????????????????????? ??????????????????????: e-mail ?? ???????????????? ??????????????????" +SECTION_FILE_INTEGRITY="?????????????????????? ??????????????????????: ?????????????????????? ????????????" +SECTION_FILE_PERMISSIONS="?????????? ?????????????? ?? ????????????" +SECTION_FILE_SYSTEMS="???????????????? ??????????????" +SECTION_FIREWALLS="?????????????????????? ??????????????????????: firewall" +SECTION_GENERAL="??????????" +SECTION_HARDENING="????????????????" +SECTION_HOME_DIRECTORIES="???????????????? ????????????????????" +SECTION_IMAGE="????????????" +SECTION_INITIALIZING_PROGRAM="?????????????????????????? ??????????????????" +SECTION_INSECURE_SERVICES="???????????????????????? ??????????????" +SECTION_KERNEL_HARDENING="???????????????? ????????" +SECTION_KERNEL="????????" +SECTION_LDAP_SERVICES="?????????????? LDAP" +SECTION_LOGGING_AND_FILES="?????????????????????? ?? ??????????" SECTION_MALWARE="?????????????????????? ????" SECTION_MEMORY_AND_PROCESSES="???????????? ?? ????????????????" -#SECTION_NAME_SERVICES="Name services" -#SECTION_NETWORKING="Networking" -#SECTION_PERMISSIONS="Permissions" -#SECTION_PORTS_AND_PACKAGES="Ports and packages" -#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" -#SECTION_PROGRAM_DETAILS="Program Details" -#SECTION_SCHEDULED_TASKS="Scheduled tasks" -#SECTION_SECURITY_FRAMEWORKS="Security frameworks" -#SECTION_SHELLS="Shells" -#SECTION_SNMP_SUPPORT="SNMP Support" -#SECTION_SOFTWARE="Software" -#SECTION_SQUID_SUPPORT="Squid Support" -#SECTION_SSH_SUPPORT="SSH Support" -#SECTION_STORAGE="Storage" -#SECTION_SYSTEM_INTEGRITY="Software: System integrity" -#SECTION_SYSTEM_TOOLING="Software: System tooling" -#SECTION_SYSTEM_TOOLS="System tools" -#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" -#SECTION_USB_DEVICES="USB Devices" -#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" -#SECTION_VIRTUALIZATION="Virtualization" -#SECTION_WEBSERVER="Software: webserver" -#STATUS_ACTIVE="ACTIVE" -#STATUS_CHECK_NEEDED="CHECK NEEDED" -#STATUS_DEBUG="DEBUG" -#STATUS_DEFAULT="DEFAULT" -#STATUS_DIFFERENT="DIFFERENT" +SECTION_NAME_SERVICES="?????????????? ????????" +SECTION_NETWORKING="????????" +SECTION_PERMISSIONS="?????????? ??????????????" +SECTION_PORTS_AND_PACKAGES="????????????" +SECTION_PRINTERS_AND_SPOOLS="???????????????? ?? ??????????????" +SECTION_PROGRAM_DETAILS="?????????????????????? ?? ??????????????????" +SECTION_SCHEDULED_TASKS="?????????????????????????????? ????????????" +SECTION_SECURITY_FRAMEWORKS="????????????????????" +SECTION_SHELLS="?????????????????? ????????????????" +SECTION_SNMP_SUPPORT="?????????????????? SNMP" +SECTION_SOFTWARE="?????????????????????? ??????????????????????" +SECTION_SQUID_SUPPORT="?????????????????? Squid" +SECTION_SSH_SUPPORT="?????????????????? SSH" +SECTION_STORAGE="??????????????????" +SECTION_SYSTEM_INTEGRITY="?????????????????????? ??????????????????????: ?????????????????????? ??????????????" +SECTION_SYSTEM_TOOLING="S?????????????????????? ??????????????????????: ?????????????????? ??????????????????????" +SECTION_SYSTEM_TOOLS="?????????????????? ??????????????" +SECTION_TIME_AND_SYNCHRONIZATION="?????????? ?? ?????? ??????????????????????????" +SECTION_USB_DEVICES="USB ????????????????????" +SECTION_USERS_GROUPS_AND_AUTHENTICATION="????????????????????????, ???????????? ?? ????????????????????????????" +SECTION_VIRTUALIZATION="??????????????????????????" +SECTION_WEBSERVER="?????????????????????? ??????????????????????: ??????-??????????????" +STATUS_ACTIVE="??????????????" +STATUS_CHECK_NEEDED="?????????????????? ????????????????" +STATUS_DEBUG="??????????????" +STATUS_DEFAULT="???? ??????????????????" +STATUS_DIFFERENT="????????????????????" STATUS_DISABLED="??????????????????" STATUS_DONE="??????????????????" STATUS_ENABLED="????????????????" STATUS_ERROR="????????????" -#STATUS_EXPOSED="EXPOSED" -#STATUS_FAILED="FAILED" -#STATUS_FILES_FOUND="FILES FOUND" +STATUS_EXPOSED="??????????????" +STATUS_FAILED="??????????????????" +STATUS_FILES_FOUND="?????????? ??????????????" STATUS_FOUND="??????????????" -#STATUS_HARDENED="HARDENED" -#STATUS_INSTALLED="INSTALLED" -#STATUS_LOCAL_ONLY="LOCAL ONLY" -#STATUS_MEDIUM="MEDIUM" -#STATUS_NON_DEFAULT="NON DEFAULT" +STATUS_HARDENED="??????????????" +STATUS_INSTALLED="??????????????????????" +STATUS_LOCAL_ONLY="???????????? ????????????????" +STATUS_MEDIUM="??????????????" +STATUS_NON_DEFAULT="???? ???? ??????????????????" STATUS_NONE="??????????????????????" -#STATUS_NOT_CONFIGURED="NOT CONFIGURED" -#STATUS_NOT_DISABLED="NOT DISABLED" -#STATUS_NOT_ENABLED="NOT ENABLED" +STATUS_NOT_CONFIGURED="???? ????????????????????????????????" +STATUS_NOT_DISABLED="???? ??????????????????" +STATUS_NOT_ENABLED="???? ????????????????" STATUS_NOT_FOUND="???? ??????????????" STATUS_NOT_RUNNING="???? ????????????????" -#STATUS_NO_UPDATE="NO UPDATE" +STATUS_NO_UPDATE="???????????????????? ??????" STATUS_NO="??????" STATUS_OFF="??????????????????" STATUS_OK="????" STATUS_ON="????????????????" -#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" -#STATUS_PROTECTED="PROTECTED" +STATUS_PARTIALLY_HARDENED="???????????????? ??????????????" +STATUS_PROTECTED="????????????????" STATUS_RUNNING="????????????????" STATUS_SKIPPED="??????????????????" STATUS_SUGGESTION="??????????????????????" STATUS_UNKNOWN="????????????????????" -#STATUS_UNSAFE="UNSAFE" -#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" +STATUS_UNSAFE="??????????????????????" +STATUS_UPDATE_AVAILABLE="???????????????? ????????????????????" STATUS_WARNING="????????????????????????????" -#STATUS_WEAK="WEAK" +STATUS_WEAK="????????????" STATUS_YES="????" TEXT_UPDATE_AVAILABLE="???????????????? ????????????????????" -TEXT_YOU_CAN_HELP_LOGFILE="???? ???????????? ???????????? ?????????????????????? ?????? ??????-????????" +TEXT_YOU_CAN_HELP_LOGFILE="???? ???????????? ????????????, ?????????????????????? ?????? ??????-????????" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/db/tests.db new/lynis/db/tests.db --- old/lynis/db/tests.db 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/db/tests.db 2022-01-18 01:00:00.000000000 +0100 @@ -273,6 +273,7 @@ MALW-3284:test:security:malware::Check for clamd: MALW-3286:test:security:malware::Check for freshclam: MALW-3288:test:security:malware::Check for ClamXav: +MALW-3290:test:security:malware::Presence of malware scanner: NAME-4016:test:security:nameservices::Check /etc/resolv.conf default domain: NAME-4018:test:security:nameservices::Check /etc/resolv.conf search domains: NAME-4020:test:security:nameservices::Check non default options: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/osdetection new/lynis/include/osdetection --- old/lynis/include/osdetection 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/osdetection 2022-01-18 01:00:00.000000000 +0100 @@ -244,6 +244,11 @@ OS_NAME="Flatcar Linux" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "funtoo") + LINUX_VERSION="Funtoo" + OS_FULLNAME="Funtoo Linux" + OS_VERSION="Rolling release" + ;; "garuda") LINUX_VERSION="Garuda" OS_FULLNAME="Garuda Linux" @@ -346,7 +351,7 @@ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Raspbian" ;; - "rhel") + "redhat" | "rhel") LINUX_VERSION="RHEL" OS_NAME="RHEL" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_authentication new/lynis/include/tests_authentication --- old/lynis/include/tests_authentication 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_authentication 2022-01-18 01:00:00.000000000 +0100 @@ -916,7 +916,7 @@ LogText "Result: found one or more accounts without password" for I in ${FIND2}; do LogText "Account without password: ${I}" - Report "account_without_password=${I}" + Report "account_without_password[]=${I}" done Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED ReportWarning "${TEST_NO}" "Found accounts without password" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_boot_services new/lynis/include/tests_boot_services --- old/lynis/include/tests_boot_services 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_boot_services 2022-01-18 01:00:00.000000000 +0100 @@ -112,6 +112,9 @@ runit) SERVICE_MANAGER="runit" ;; + openrc-init) + SERVICE_MANAGER="openrc" + ;; *) CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd") if [ -n "${CONTAINS_SYSTEMD}" ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_crypto new/lynis/include/tests_crypto --- old/lynis/include/tests_crypto 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_crypto 2022-01-18 01:00:00.000000000 +0100 @@ -80,7 +80,7 @@ if [ ${CANREAD} -eq 1 ]; then # Only check the files that are not installed by a package, unless enabled by profile if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then - echo ${FILE} | ${EGREPBINARY} --quiet ".cer$|.der$" + echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$" CER_DER=$? OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}") if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then @@ -200,7 +200,7 @@ LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},LUKS" - elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} --quiet "cipher:"; then + elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} -q "cipher:"; then LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},other" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_databases new/lynis/include/tests_databases --- old/lynis/include/tests_databases 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_databases 2022-01-18 01:00:00.000000000 +0100 @@ -45,7 +45,7 @@ # Description : Check if MySQL is being used Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi LogText "Result: MySQL process not active" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_file_integrity new/lynis/include/tests_file_integrity --- old/lynis/include/tests_file_integrity 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_file_integrity 2022-01-18 01:00:00.000000000 +0100 @@ -104,7 +104,7 @@ if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check" if [ ${SKIPTEST} -eq 0 ]; then - AIDE_DB=$(${GREPBINARY} ^database= ${AIDECONFIG} | ${SEDBINARY} "s/.*://") + AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") if case ${AIDE_DB} in @@*) ;; *) false;; esac; then I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}') AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_filesystems new/lynis/include/tests_filesystems --- old/lynis/include/tests_filesystems 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_filesystems 2022-01-18 01:00:00.000000000 +0100 @@ -619,7 +619,6 @@ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW AddHP 4 5 else - # if if ContainsString "defaults" "${FOUND_FLAGS}"; then LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW @@ -838,13 +837,13 @@ fi FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then - Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN - LogText "Result: module ${FS} is blacklisted" - fi - fi + FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then + Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN + LogText "Result: module ${FS} is blacklisted" + fi + fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_malware new/lynis/include/tests_malware --- old/lynis/include/tests_malware 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_malware 2022-01-18 01:00:00.000000000 +0100 @@ -37,9 +37,12 @@ KASPERSKY_SCANNER_RUNNING=0 MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 + MALWARE_DAEMON_RUNNING=0 + ROOTKIT_SCANNER_FOUND=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 + TRENDMICRO_DSA_DAEMON_RUNNING=0 # ################################################################################# # @@ -52,6 +55,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${CHKROOTKITBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=chkrootkit" else @@ -70,6 +74,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${RKHUNTERBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=rkhunter" else @@ -108,6 +113,7 @@ if IsRunning "com.avast.daemon"; then FOUND=1 AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avast security product" @@ -119,6 +125,7 @@ if IsRunning "avqmd"; then FOUND=1 AVIRA_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avira security product" @@ -130,6 +137,7 @@ if IsRunning "bdagentd" || IsRunning "epagd"; then FOUND=1 BITDEFENDER_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Bitdefender security product" @@ -154,6 +162,7 @@ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found CylancePROTECT service" AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=cylance-protect" fi @@ -163,6 +172,7 @@ if IsRunning "esets_daemon"; then FOUND=1 ESET_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found ESET security product" @@ -181,6 +191,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Kaspersky" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=kaspersky" fi @@ -197,6 +208,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found McAfee" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=mcafee" fi @@ -215,6 +227,7 @@ if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Sophos" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=sophos" fi @@ -235,6 +248,7 @@ if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found one or more Symantec components" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 FOUND=1 Report "malware_scanner[]=symantec" @@ -245,18 +259,33 @@ if IsRunning "synoavd"; then FOUND=1 SYNOLOGY_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Synology Antivirus Essential" Report "malware_scanner[]=synoavd" fi + # Trend Micro Anti Malware for Linux + # Typically ds_agent is running as well, the Deep Security Agent + LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component" + if IsRunning "ds_am"; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Trend Micro Anti Malware component" + FOUND=1 + MALWARE_SCANNER_INSTALLED=1 + MALWARE_DAEMON_RUNNING=1 + TRENDMICRO_DSA_DAEMON_RUNNING=1 + Report "malware_scanner[]=trend-micro-am" + fi + # TrendMicro (macOS) LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" if IsRunning "TmccMac"; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Trend Micro component" FOUND=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=trend-micro-av" fi @@ -298,6 +327,7 @@ if IsRunning "clamd"; then Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found running clamd process" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 CLAMD_RUNNING=1 else @@ -354,6 +384,31 @@ # ################################################################################# # + # Test : MALW-3290 + # Description : Presence of malware scanners + Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then + Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW + else + Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN + if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then + Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN + fi + if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN + fi + fi + fi +# +################################################################################# +# + + Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_networking new/lynis/include/tests_networking --- old/lynis/include/tests_networking 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_networking 2022-01-18 01:00:00.000000000 +0100 @@ -750,7 +750,7 @@ UNCOMMON_PROTOCOL_DISABLED=0 # First check modprobe.conf if [ -f ${ROOTDIR}etc/modprobe.conf ]; then - DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) + DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf) if [ -n "${DATA}" ]; then LogText "Result: found ${P} module disabled via modprobe.conf" UNCOMMON_PROTOCOL_DISABLED=1 @@ -758,7 +758,8 @@ fi # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then - DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + # Return file names (-l) and suppress errors (-s) + DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_ports_packages new/lynis/include/tests_ports_packages --- old/lynis/include/tests_ports_packages 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/include/tests_ports_packages 2022-01-18 01:00:00.000000000 +0100 @@ -296,7 +296,7 @@ # # Test : PKGS-7320 # Description : Check available of arch-audit - if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi + if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ] || [ "${OS_FULLNAME}" = "Garuda Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux and Garuda Linux"; fi Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling" if [ ${SKIPTEST} -eq 0 ]; then if [ -z "${ARCH_AUDIT_BINARY}" ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/lynis new/lynis/lynis --- old/lynis/lynis 2021-07-22 02:00:00.000000000 +0200 +++ new/lynis/lynis 2022-01-18 01:00:00.000000000 +0100 @@ -43,10 +43,10 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/"; # Version details - PROGRAM_RELEASE_DATE="2021-07-22" - PROGRAM_RELEASE_TIMESTAMP=1626945158 + PROGRAM_RELEASE_DATE="2022-01-18" + PROGRAM_RELEASE_TIMESTAMP=1642512096 PROGRAM_RELEASE_TYPE="release" # pre-release or release - PROGRAM_VERSION="3.0.6" + PROGRAM_VERSION="3.0.7" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis"; ++++++ lynis.keyring ++++++ --- /var/tmp/diff_new_pack.mty1dQ/_old 2022-01-20 00:13:15.030623536 +0100 +++ /var/tmp/diff_new_pack.mty1dQ/_new 2022-01-20 00:13:15.030623536 +0100 @@ -1,54 +1,86 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 -mQINBFRZVLABEACsVZ8ieubM0BMhQespYUST0aKijnzTnHvusQV/18a5iwQCtGga -0lP5LZi92FpiXv8TFxxjFuneJkYSFdEFu0vYh8zLZ9m1av+XrFL3um4CiKH+c82r -06YlMq7+0Dn5yVh7nvlgPZPeD5pl+8phr1Tkl60XGFOysUSmNqf+3vBb/KVIT4HT -fTOY5jKCykM88AxuEFJBUg4PCV6QiCyNimFrBO2PLsQ78Nz6lQO3oqtosO7SuDHk -SGVU2wa0W+Ddj9EHlLtDTfnsBUKyZqvIHxba9NnynG+hxTOI2iHoLYUfqq6DwxCY -nN/QUzp4z3dpWgRLR2pONoQKzsxnOf26lZ56HXa8nmez7l3w1REWr0jxuvl9V2Ts -8AYLAXJTOmosMgDmo8gSeG26lZcUBGH+gu01ui1uxFJKjqve2zLuBpOqVyjIgBXQ -5QHF3U5ynWtsHL72dZJMYOlJ/wSLN44GjZ6mS9K2B6Zkxq9++O0NrbKhj01+Qvg4 -4goKUiLg/ErSVd9TQeOju3UcBQ6RhtOLaBkdOdHouT/iKhwWW1020Kae+OzzeQj8 -MhxTzKZejNFBFcak1azdqJcmpEpPLViw72V2vayImTr1/N3c4KwkoeBFFPc6Zt7X -CdgYrrvkC7e5c7DKEpa5xObjNk2BbEgqcqBRiM5/WmcUeExw/dMod4qhRQARAQAB -tDNDSVNPZnkgKFNvZnR3YXJlIFNpZ25pbmcgS2V5KSA8c2VjdXJpdHlAY2lzb2Z5 -LmNvbT6JAj4EEwECACgFAlRZVLACGwMFCR4TOAAGCwkIBwMCBhUIAgkKCwQWAgMB -Ah4BAheAAAoJEEKaVm/Vt5JR9LwP/R4l5AjM/dbLUUgqufkx6BNfC38IUNwPc94Q -0y2ePRAf6FDGSrHc3f2iQ4TwchOe8bQMirxsFAzJ6CYSAx2haw07R60DqvGae5OX -2CgttuY7NEzeE1t0OtNAASd+i8MuDEg2zOy7R6I+cWuBvrRLbydPcCh94fi7tAWv -iZNF4im1W4oSkBEvBR4AO5Wv4BLyUrz2D501XMwonDt6jgFTZs8TN+mLC7iJkCGL -PIRgcZ/1gLjfzXa5VgLJhr3tBw9z+jl7SasNlmrvl8jlE0hC75tg0k0dn9Z/VmMr -/7qTRr9c3RrExUYd5SstjhwNqYt1FSq228wM07/0dMj9gmPkgHP7eElrrIS5ZR8u -2GN7bYdzOQLbE+hYsXqS2GgI7p9y8eC8Yq9ybNJEuQAhveEwyq+V7n3gTQz2YZAw -MzoEJH455lwoHmjxGtntIaxcNblHLO6vTuuz9+BTjyayiq5itox9V1gbqon0IB8F -bGVcKxqsx4d01zfPEMfkGdA13qpkxkJEARTXFOmVMEdXp7WUSv7gF4JX/Jdk162U -Pqukn4V0UuWS6/9jKUOn/QUwZGkA3WGfIXj2ku6FZdoAgoKWvqTBzdoGBPfRclj+ -hRX8YGQgm6WuwBJgw+JC/hHDB1G6PlhUCBXm28gw1sO3qTkTxvPkFhNdO1fd3Jn6 -PZLTcDRTuQINBFRZVLABEADE/16arIO3nAbyltJaV313fXHFq3cffWeT+u+mPXbu -/JM7LZVjRcNASQmnSZHIdj5jgDmLSWMJ8Wb0dQF+hhMenrv351lSXhpeygzqHpHK -pHJ9R8rAFFauwYYmmfkkSSIwCJHb4oizq+e3R2MjFUzyA7YSTFT9GTk4P82aYL7B -FKGUrus739QCC09dFKbmKR34ELYYNqX/VaTzGRu3Yt/nDOZ/usvsIZn6wKKDZTBk -FsXJwB4gkHoEXjd7VnkOLEOII2p7dt8dib1vVHQg10BHWHrPtMANGNePItAiLEV7 -Irgakqhb2ioV4RF37Zp9xU3PriizVxNqUc/MQUm9jx1i9QDHI4Q86pVlpMhWAF04 -/VnVO+JvxmVPGdB/m9daU9xs8wHVPV9R93fbT+RS6WFN2fqN+6pmq1sLulUQMuoE -21D2W8GprLX9k9cASS5Nb4w/B5zk1jUxzOeseIhuyK+xlVr/9DmSOJqOzxi7HRxk -VYX7zZ9cAT7ReoGs+IcC/K/rPY/54JRZq9R1RrxAjcinOBj4KV/cJ8PnilFuuVbq -lNrrcR3GWVqYTbGFbK2MkbHgfl869aO7bB2tWqOsdL2uVWGkD1BeIbyBkEILygPp -2csg80P1tvEFCi51ZXwmtpdcEGzciGvTZWSTKJJ9NBfjIMqAbKc8c0UXygS7M49G -OQARAQABiQIlBBgBAgAPBQJUWVSwAhsMBQkeEzgAAAoJEEKaVm/Vt5JR4lsP/0C1 -hTruxiAyGWAokbhHSQVzulkq/BGVuBQ2v9BBgeTvud4WjetgOSH7bqUBtl9cUiIN -Bt0Qdka6eSRymvrLE3RvYfXErBrE64PzmoOz8i+cJ70NNuD0WexWzbfKjaMrHztY -V8SBxbCXp0yP0XMLwKJDq2xhXjGBjJPAGYPMKtxlzZATB9rPzeN+sexw3GNljIT3 -FrFlAqg8MklUEZ3tG22jh218CJsL0Khwjc5H6H/u6YIqn6J70DZfzE5D5xaANCyZ -q/CmAGVAtzT1SukZlZLArZl/SWKSbS205/7PDzi381Ow2ryOATsEglF07Qqmx0MF -fwkxZbH04cQnUPgea72sNA379ADjnUsX7QYFM5qRb/IF5t+3qdU6yanXJ/ljK6ZY -2Jga9y+CcnZFzJzAXpxAXsC6/UmZ/AItr6pVVVu+w/hVCFUSqqN6crtCFj6ToOy9 -sSffsS6VqNWXA91Yi1ICrz9nKXCTCvGy2bd0UwWuZbMIp/4eaaMR0saaUNaRaZz4 -hxKlQuG91K5mfLS+gwKNpymOiruc2tX05UliP9tnIzD7zrXCG6eM3Tihk1XQjKWD -K+kJazRzGpFKX3ll+GvbwuECOXF3HZ53WOak+B1Rt3DqPdy2K4Wj34vjQ6JfQDgd -o/DD0RXrmQVG+n4te2uVV1FNLKfq3kZeYayAAJZA -=tRyA +mQINBGDRds0BEAC4XJX2CtSzyZWmVTn5waHSpu/Bfzs8qb9K4IALEtds5LKnvoGV +7gK1fC8gbN2mY9dfuhcTxuLg8G37MROWjY2KAANfjmFUT/MTOE13/uhggg3/Q23U +nHmKjV1FjOrq/Cz7bYO2ErbkxAXqT0/aCgE7b91kKDguX2N6hMyG8BqloyjeDzDu +MJfCbNPbvkJHoOQ7i/0Pq72jTIqgx86EXJdjLvC6Q1P4TfPckW2E+YWxhwnA8Z0w +oF60v1c08uGK2/h2nWcfiLtAkvyuPdtLTKYUZOllcQuV8m/1Ad93pWlKVTNBM4Bn +lp4UyoEbvXMg1yTiEhv+6cezvCJG5LbEQgPKU71VPV7sthAiWjhbn3Mj8HhxnzU0 +BBY+DRaCiWYanVoIkCoospIy4jfmflzWYpAiaezOtaLelyhssuqmxIEvlTeyFBfc +4jm+iuyCLA7Fvue7lN8u5CJJx7FLtg5OmiyNibISs25abGiwX01pNFc+Wu0N8dgw +IdzNQnUWtbIQa2byObzDd8ihQq5sEY03OINlIAFlQTXiKfcav9E5MX/L0ggwRtgB +GKo2A8FfifBzehkjRkeu828xPx2Lff56bkjtpMwPZjlzZfs159zHcfXFS3e+zmU3 +Wvs4FLutsjkVOkmwihitV2fn1VuMfKidpDBd6PmC9bNNrm1zRAS2tgRxqwARAQAB +tC1DSVNPZnkgc29mdHdhcmUgc2lnbmluZyA8c29mdHdhcmVAY2lzb2Z5LmNvbT6J +Aj4EEwECACgFAmDRds0CGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA +AAoJEP67fRgSV2SCuFYP/A2vVOb/XUVlOgQGrfkOMSEDBxKBVcftBmmHG9osIa9t +0JxRcT4lZoHubQdcoPi0DrXBaxQ6huss2uLO8qA7GktjIRq71XPNkWE35i9obH/H +fd4zVifM0154JdTpGV1Ah4ZkJ0uS9+8q+PSehiztuZLFQvAoPwnS4QFve3i6zgdY +Gb3zVyT7QlwVSPI7JZg3Hp8FBEylkvrmPu29ISTMT8C0NmEKvzLtxqYFAi5sD4mj +ldD3tK0eIRe8ksCLTTMaUzgFubqA1Ik+JtjDR/Y+2+SbBkFQdokf5gTg2ysuSxM3 +vNFIyX3TPXlSYVAapLZpC/fvH/wFrTwfyEcHTEzvFx+2qU/BSfeeZ3eTSc0XO29c +eNYTBObR+WrPdVEPHizlAfRDj0m8NWzbBWfCdFWiZOfNQAp/cunETPv6Oj2uuoiT +h7/Z09WPrvvDmtHNyD6fvUL90dGK9/x8An2zoJz4jk/qIotDXL34ZsXPD23O2zxd +ASOmI0nXqYEElAONpB8K/GPVmNVatEqu7fTXtfFz4buiaxCZdrzY8QkBtY/tA6H/ +O7Ln2Oz5DBBeGWvd4wT0lajrQtE7Qx8dQEt185MztKNrP/2gbZzgbKNWN06lN9V8 +Of59oIBycPsFrYhmAMdNp6FaZt9+ndAhCjVmze59Vo3b0JN/eqjV/YeDoWNOefFn +uQINBGDRdy0BEACywPYrQsu7xn4VhI8tF3sEmyWB6S5n2SlVMoc8/PUALboNJJ7m +siga30jERUm1wNvTt2Cb5vJU+O8yLi8hF44MeNoDX1rvqTO81sFJbadM59hqTCBN +0LUhndcyJo8aKxxaRDhtVs07OwhDvWMWEd87qOP5LZe+onFUQMMfwzr+PhYBum1B +g3YjFd0C13UsTvpGE+Rk5dZxUCojpyON7KfrNtKEdSLGgzxTEOi1a44OuyN0fLda +t4T7tCpJAvXgp7N6XXy7QqKNMWEUXwTvMIZ2UXVj5SB92Op/scMJLVqaB1RBmsd8 +2okT0fQDKnWfFYGwBoYBBh7h/LpYTAR3Kik3fFqZygtn9tliZmt1C4h4KpD6t+QL +t6/Rq64q65WgS+YKAR0S92xCPSMek81PMPReQFMT/lNLJdwrO3bxQv6oTd5PGg6m +Yo7O3djpBT7EpdRQhS+iqcWMGoL24D0mMle3J4gaMhDIYy9vxi3oaODu270PTyW3 +o2gHw8x1smdPclyDT4gYTu+a97kVMhMcyohBRC/TqjYTKXPX1YjREg1ChhJ5DkWN +FuyK36YH9Dby6SlqtHyT8GHHpE1WQF2TzxkfZvl4g4nDLZkaYBvYl8w5evaRN0wc +gIYknFHAq1ew+bE8jtrkd7j3+XRuEK4PKCjkK2502EUuqnrTuNHVM6roPQARAQAB +iQREBBgBAgAPBQJg0XctAhsCBQkSzAMAAikJEP67fRgSV2SCwV0gBBkBAgAGBQJg +0XctAAoJEJ3pIvHC/ebEigwP/0VR8Dkm522ZbR2ipAoEz/GNFRfJQ+an4GOOVs2D +EubKyUFmTzxs6TAxncATwFWoSPgd+xtKNMJbmL9NeHAR7nfrgHrw+fn/HAaGIjBL +XZAjqZidOg9+wvqNuTTz7UCYmezvZZqk55+dIT8gTXekRlS5vZk2bH+kUxK7v2tF +fWY38nvDDL7qeUuJDoIXGHZeYHDsDMcIkFtxYmFEI1f4abP1RnkC6IwbKsIo8vqD +3eIJFO2oPPrgDg+zF/0KNF4RQlUqgng4iZ5FakqsqSh8uGplzMjzTRjNc1dNXmsI +3n7G9O973/ZmpPyhHFVpI9J39IkAWmXgd2en/mxGKkXh6XOOWVvgSwZ/2aWFLYsK +WBukCiN5KaS/HpO8zCf3LkvqzyvcW9JOILK45e4r8gVMefp1NmCdE0Ww9khzpimq +osQHu4jt/Pc9l/2ImKDoX5hvPHkjuw71jhJCDSoAe5jWkjIdzS61pB3SQUmjIfWb +Vrmc/LsxzVncKGzMisrUNVH7t8U4wn0Q+x0R4NvIiK/Ws5FxiYTaCf7oIoZX9nKt +Gz5SD/WE04QDmoXymweyr1qoxa5H/YPppTZSFrSEHCxIlL07/RDC8alA6EhBa+Wu +P/9fRlFf04mOLIYmmMfKAg9t8RGvqwFmoMHUTikoJkEgOlaiZyLpV+beXCC4w7G/ +xKdWGmwP/igj3rCx0IOzfrMuyGxILBPdZrHTQ+FMjI9m+bQ2ci7eBH0fuxgM5FDD +wu4+0XutbXkhruVPSxRPt3yC3ouQsSi8GDi43AxEfHoWliFs5kLlqCArJdIMugiK +ICEjrUKYLIEcJnkdcPr+vt/0YXLNTEWZdmK/dU5Qm52BjK92zuO3H2+Heh5XHbJC +NUE75hd0I4GLjJR+CBCAK1OqvS8m6Lq5PCWfrAWyTf6AxEXdIAcwAp2igJXE3NR9 +vpi3mWwXkAvT3dkGkvIoyp6qUdBxglT7ifl0EFl8l2ehy7QwTHMF6X2Y3LYTOdn3 +9rQIF789HMW1iolB0CNyULDnEA3cawQgpuTke/XlZpIMhVLL44UpEhMVZ9/20OgK +xwP/1q2/iirZVdzqQCYRxKluPyAb0FOUIbQUOA5QdK8EEwPwAH2HGRk4LsF7xdXP +lep2OQObIAjMs9WPbveexdFGiUG/xSPrNaDpFc+DXX94/hJO9NsUwdI8gN1H+r9f +xBZ4a8UHzceMD12Wct4N2wLPZX4MCHYDbGMmGF0SC2eFOFK7Nn2/emJjjnr15VAg +DOKknzFo16lvY7LV6pywNsUsSnPB1bGHbisG6mkdkW7nPsL0d2w4yz+lL9R7yQjv +S1Z8hMeTxbzr6OZdgF4rMxpPclTOaAj94qEb1toWkgrwUmMepzoGuQINBGDRds0B +EADNjOgAEz4azwlpR+lC5T5b3xVGclct0S1BxfZw4scj/7hIjPlJtX288Kj8fs8L +0vIKUY7IW2Y2bePKAkjnIdOsV86DTHDOGW99um61trHGP2Y1KLYP6/amDPSOTELn +5+U88B2RpXr7xXD14fqdnM46GOM+7FORxOe3pdmeCuoyDDfXZ43ZgmYl6R0Ioo3+ +LsFrn74vlVGSzjBW+F6alZpACW6ZET3iM5wDhrxBP9GybIMkpLKoNVNu9WdHv9Wt +J1cnqgyM70EAKbAKddRqGwOf80reFzP+TcdmGzXUWbWt2T+bs34LnczLjJNB7sl3 +k8ArLZtrKxRsoAD7vvCh981mHCLGU8kS7Tf6tALJYcVgFVLjX4N1ASF3525AKfOE +4yOGWvbKDNQP0rJe8nFrDLtikAhmPt346D4tArZGzwuuzzOAca76WB9w45wS5w6l +IejRft961FeHvqm6r8OE+rS5w6J/NH5vFMm425cwHY1O3u7x1y0Ik3VrOZ6OJ1WU +3WTqkCGKtBWBU2hkx4BbwZD6l/f523iS9tgxlUVoNud08fQQTwRYs4T7oSZ1xbZs +HHe/LzwhdQojTc2uMETcTDX9GUDePoVohELzVlMAeQm5mvWFUQ87rsgbo3/iEH2u +/jeqaM4Q6QeNcEtw1VJ6I0LiSb39TlBpZsw9atC0DOxHXQARAQABiQIlBBgBAgAP +BQJg0XbNAhsMBQkSzAMAAAoJEP67fRgSV2SC/EQQAKmvxewbYCtN5kQ6BadCeE2I +rtV/yyaz2r0vIMI0jtA1F5n/IYbR/5gVUWLphBL7hKw+Jn9oMqV4yymCvY0N4faq +qIW0QElp1seTCCFzbVhYC9Hv9vWgfHZhXUDTm6WE/vAwl3BYS/p8KSyMIdkmParx +WbHV0k6tzyVuV3hYMQD8GsHq4i4/TjJtfh2fNKh4lAaxuUoifpBFte+3YI5GSKXS +STm2fxAIXoWPnpFTh+VTcTu5Sv7pbR6YT0vFM04V3DPVhNO1l72oUEA6ubSf1gys +03CQ4/yK1k9kBJ3RAGK0nLZbB4cSQD2Lu7KCG3jakpzUiu38Gn/XNz7aU78Qnj0V +zSL7Ko3Eg0g3TURG+UE4JYE3qUnU/++V43HkGaoh9Cq+ytE6wPAEGC2j660sI5+T +N+hZURUqmyU8sFdviskXQnlJztnEY5tVsoh6JuKEykcBj9jgyvNgTaA7HAC/Qh2z +uEJ4OA0al+IDhMLfWwhhop2+ghy7yF4zHC/VnCaQ+O7+ZIfnIsRWgpBHTkl70uTl +G64crM7RDxGVIgO5O6HIZ+Fu3HIAM6AWtPjkv8XQ/g8x3NnSor40E8DeW45fjk/O +nh/bs0zyGN6XuZPU2L7aogTF3gP0wxkU0r96r8z+BOqmT6lD4mOLuSeVcIqCYWRC +7bhk2ySSo/oC9QhN3CBl +=30Fa -----END PGP PUBLIC KEY BLOCK----- -
