From mboxrd@z Thu Jan  1 00:00:00 1970
From: Shinoj Gangadharan <sgangadharan@wavecrest.gi>
Subject: RE: auditd configuration for PCI DSS 10.2.x Compliance
Date: Tue, 16 Jan 2018 14:19:20 +0530
Message-ID: <c30a43ce1ddf602cd860f0748fea9073@mail.gmail.com>
References: <DM3P100MB0140C09748B350F3F80FFE31F2EB0@DM3P100MB0140.NAMP100.PROD.OUTLOOK.COM>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3826503841321470750=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
	[10.5.110.32])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 285F05D970
	for <linux-audit@redhat.com>; Tue, 16 Jan 2018 08:49:52 +0000 (UTC)
Received: from mail-oi0-f42.google.com (mail-oi0-f42.google.com
	[209.85.218.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 08D4BC050CE5
	for <linux-audit@redhat.com>; Tue, 16 Jan 2018 08:49:29 +0000 (UTC)
Received: by mail-oi0-f42.google.com with SMTP id o64so10094095oia.9
	for <linux-audit@redhat.com>; Tue, 16 Jan 2018 00:49:28 -0800 (PST)
In-Reply-To: <DM3P100MB0140C09748B350F3F80FFE31F2EB0@DM3P100MB0140.NAMP100.PROD.OUTLOOK.COM>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Joshua Ammons <Joshua.Ammons@walmart.com>, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

--===============3826503841321470750==
Content-Type: multipart/related; boundary="001a113dbd12a912fc0562e0ce36"

--001a113dbd12a912fc0562e0ce36
Content-Type: multipart/alternative; boundary="001a113dbd12a912f90562e0ce35"

--001a113dbd12a912f90562e0ce35
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Joshua,



A few minor things for your consideration :



10.2.3    Access to all audit trails

=C2=B7         I=E2=80=99m not sure the best route to cover this one.  If I=
 add a rule
to watch /var/log/* for =E2=80=98wa=E2=80=99 actions, those logs are consta=
ntly being
written to so that would be too noisy I believe. Does anyone know how I
would form a rule that would fire when a file within /var/log is accessed
directly by a user?  Also, if the user makes any manual changes, such as
deleting a file or modifying its contents?



Ensure that only root users have access to /var/log and you are already
monitoring actions of users using pam_tty_audit etc. Additionally you are
sending logs to remote servers which will ensure that logs are present on
the remote server even if they are deleted locally. And since user actions
are being monitored, you will also be able to know that logs were
modified/deleted.



10.2.7



In addition to what you have mentioned, I am sure you are already
monitoring these using a FIM like OSSEC.



Regards,

Shinoj.



*From:* linux-audit-bounces@redhat.com [mailto:
linux-audit-bounces@redhat.com] *On Behalf Of *Joshua Ammons
*Sent:* 15 January 2018 20:22
*To:* linux-audit@redhat.com
*Subject:* RE: auditd configuration for PCI DSS 10.2.x Compliance



Hello All,



Just thought I=E2=80=99d give this one more shot to see if anyone had any c=
omments
on my prior message (see below)?  Any input you have would be greatly
appreciated.  I won=E2=80=99t bother the group any more on this topic.



Thank you!



*Joshua Ammons* *Advanced SIEM Engineer, Cybersecurity *

Global Business Services

Office 479.204.4472 | Mobile 479.595.2291

*Joshua.Ammons@walmart.com <Joshua.Ammons@walmart.com>*



Walmart

805 Moberly Ln

Bentonville, AR  72716

*Save money. Live better.*



<https://walmart.facebook.com/groups/435932993428953/?fref=3Dnf>



*From:* Joshua Ammons
*Sent:* Thursday, January 11, 2018 4:33 PM
*To:* 'linux-audit@redhat.com' <linux-audit@redhat.com>
*Subject:* auditd configuration for PCI DSS 10.2.x Compliance



Hello,



I was wondering if anyone had any experience putting together an auditd
configuration to meet PCI DSS 10.2.x requirements?  Below are the
requirements and my thoughts for each one=E2=80=A6if anyone has anything th=
at they
have done I=E2=80=99d love to hear it!



10.2.2    All actions taken by any individual with root or administrative
privileges

=C2=B7         Enable the pam_tty_audit.so shared library in
/etc/pam.d/[su/sudo/sudo-i/su-l] files.

o   USER_TTY event type will contain all commands from privileged user.

=C2=B7         Add following lines to /etc/audit/rules.d/audit.rules file:

o   # Audit all actions by any individual with root or administrative
privileges

o   -a exit,always -F arch=3Db64 -F euid=3D0 -S execve -k root-commands

o   -a exit,always -F arch=3Db32 -F euid=3D0 -S execve -k root-commands

=C2=A7  EXECVE event type will contain all commands from user with elevated
privileges.

=C2=A7  Question: with the pam_tty_audit.so enabled, and those commands bei=
ng
logged to USER_TTY events=E2=80=A6is this rule needed also?

10.2.3    Access to all audit trails

=C2=B7         I=E2=80=99m not sure the best route to cover this one.  If I=
 add a rule
to watch /var/log/* for =E2=80=98wa=E2=80=99 actions, those logs are consta=
ntly being
written to so that would be too noisy I believe. Does anyone know how I
would form a rule that would fire when a file within /var/log is accessed
directly by a user?  Also, if the user makes any manual changes, such as
deleting a file or modifying its contents?

10.2.4    Invalid logical access attempts

=C2=B7         Based on my understanding, this wouldn=E2=80=99t really be c=
overed by
auditd, but by the standard authpriv facility.  Anybody configure anything
in auditd to cover this requirement?

10.2.5    Use of and changes to identification and authentication
mechanisms=E2=80=94including but not limited to creation of new accounts an=
d
elevation of privileges=E2=80=94and all changes, additions, or deletions to
accounts with root or administrative privileges

=C2=B7         CRED_ACQ (sudo) and USER_AUTH (su) events should contain whe=
n a
user sudo=E2=80=99s or su=E2=80=99s to privileged account.  My understandin=
g is that these
would not require any extra rules to be written.  However, I=E2=80=99m not =
quite
sure how to handle the requirements to log creation of new accounts, and
all changes, or deletions to accounts with root/admin privileges=E2=80=A6an=
y ideas?

10.2.6.   Initialization, stopping, or pausing of the audit logs

=C2=B7         Auditd:

o   DAEMON_END events would indicate auditd was stopped.

o   DAEMON_START and SERVICE_START events would indicate when auditd
initialized.

o   Anything else anybody would add here?

=C2=B7         Rsyslog:

o   SERVICE_START event (unit=3Drsyslog) when rsyslog is initialized

o   SERVICE_STOP event (unit=3Drsyslog) when rsyslog is stopped

o   Anything else anybody would add here?

10.2.7    Creation and deletion of system- level objects

=C2=B7         -w [DIRECTORY] =E2=80=93p wa rules for the directories below=
:

o   /bin

o   /sbin

o   /usr/bin

o   /usr/sbin

o   /var/lib

o   /usr/lib

o   /usr/libexec

o   /lib64

o   /usr/lib64

=C2=A7  Would the above cover this requirement?  Any other suggestions here=
?



*Joshua Ammons* *Advanced SIEM Engineer, Cybersecurity *

Global Business Services

Office 479.204.4472 | Mobile 479.595.2291

*Joshua.Ammons@walmart.com <Joshua.Ammons@walmart.com>*



Walmart

805 Moberly Ln

Bentonville, AR  72716

*Save money. Live better.*



<https://walmart.facebook.com/groups/435932993428953/?fref=3Dnf>

--=20


*DISCLAIMER* *: **The information and the attachments in this email may be=
=20
confidential and legally privileged. Access to the contents of this message=
=20
by anyone other than the intended recipient is unauthorized. If you are not=
=20
the intended recipient, any disclosure , copying, or distribution of the=20
message, or any action or omission taken by you in reliance on it, is=20
prohibited and may be unlawful. If you have received this email message in=
=20
error, please notify the sender immediately by email, facsimile, or=20
telephone, and then delete/destroy the original message and all copies of=
=20
it from your systems.*

=20

*Wave Crest cannot guarantee this email communication and associated=20
attachments to be free of malicious code and assumes no liability for any=
=20
loss or injury resulting from the contents of the message. **The views=20
expressed may not necessarily be those of *Wave Crest*, and unless=20
otherwise noted in the text of the message, the message may not reflect=20
official policy.*

--001a113dbd12a912f90562e0ce35
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3Diso-8859-1"><meta name=3D"Generator" content=3D"Microsoft Word 14 (filte=
red medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0cm;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0cm;
	margin-right:0cm;
	margin-bottom:0cm;
	margin-left:36.0pt;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle19
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle20
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
span.EmailStyle23
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style></head><body lang=3D"EN-IN" link=3D"#0563C1" vlink=3D"#954F72"><=
div class=3D"WordSection1"><p class=3D"MsoNormal"><span style=3D"color:#1f4=
97d">Hi Joshua,</span></p><p class=3D"MsoNormal"><span style=3D"color:#1f49=
7d">=C2=A0</span></p><p class=3D"MsoNormal"><span style=3D"color:#1f497d">A=
 few minor things for your consideration :</span></p><p class=3D"MsoNormal"=
><span style=3D"color:#1f497d">=C2=A0</span></p><p class=3D"MsoNormal"><spa=
n lang=3D"EN-US">10.2.3=C2=A0=C2=A0=C2=A0 Access to all audit trails</span>=
</p><p class=3D"MsoListParagraph" style=3D"text-indent:-18.0pt"><span lang=
=3D"EN-US" style=3D"font-family:Symbol">=C2=B7</span><span lang=3D"EN-US" s=
tyle=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif=
&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=
=3D"EN-US">I=E2=80=99m not sure the best route to cover this one.=C2=A0 If =
I add a rule to watch /var/log/* for =E2=80=98wa=E2=80=99 actions, those lo=
gs are constantly being written to so that would be too noisy I believe. Do=
es anyone know how I would form a rule that would fire when a file within /=
var/log is accessed directly by a user?=C2=A0 Also, if the user makes any m=
anual changes, such as deleting a file or modifying its contents?</span></p=
><p class=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span></p><p c=
lass=3D"MsoNormal"><span style=3D"color:#1f497d">Ensure that only root user=
s have access to /var/log and you are already monitoring actions of users u=
sing pam_tty_audit etc. Additionally you are sending logs to remote servers=
 which will ensure that logs are present on the remote server even if they =
are deleted locally. And since user actions are being monitored, you will a=
lso be able to know that logs were modified/deleted.</span></p><p class=3D"=
MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span></p><p class=3D"MsoNo=
rmal"><span lang=3D"EN-US">10.2.7=C2=A0=C2=A0=C2=A0</span><span style=3D"co=
lor:#1f497d"></span></p><p class=3D"MsoNormal"><span style=3D"color:#1f497d=
">=C2=A0</span></p><p class=3D"MsoNormal"><span style=3D"color:#1f497d">In =
addition to what you have mentioned, I am sure you are already monitoring t=
hese using a FIM like OSSEC.</span></p><p class=3D"MsoNormal"><span style=
=3D"color:#1f497d">=C2=A0</span></p><p class=3D"MsoNormal"><span style=3D"c=
olor:#1f497d">Regards,</span></p><p class=3D"MsoNormal"><span style=3D"colo=
r:#1f497d">Shinoj.</span><span style=3D"color:#1f497d"> </span></p><p class=
=3D"MsoNormal"><span style=3D"color:#1f497d">=C2=A0</span></p><div><div sty=
le=3D"border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"=
><p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;f=
ont-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span=
 lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Tahoma&quot;,&q=
uot;sans-serif&quot;"> <a href=3D"mailto:linux-audit-bounces@redhat.com">li=
nux-audit-bounces@redhat.com</a> [mailto:<a href=3D"mailto:linux-audit-boun=
ces@redhat.com">linux-audit-bounces@redhat.com</a>] <b>On Behalf Of </b>Jos=
hua Ammons<br><b>Sent:</b> 15 January 2018 20:22<br><b>To:</b> <a href=3D"m=
ailto:linux-audit@redhat.com">linux-audit@redhat.com</a><br><b>Subject:</b>=
 RE: auditd configuration for PCI DSS 10.2.x Compliance</span></p></div></d=
iv><p class=3D"MsoNormal">=C2=A0</p><p class=3D"MsoNormal"><a name=3D"_Mail=
EndCompose"><span lang=3D"EN-US">Hello All,</span></a><span lang=3D"EN-US">=
</span></p><p class=3D"MsoNormal"><span lang=3D"EN-US">=C2=A0</span></p><p =
class=3D"MsoNormal"><span lang=3D"EN-US">Just thought I=E2=80=99d give this=
 one more shot to see if anyone had any comments on my prior message (see b=
elow)?=C2=A0 Any input you have would be greatly appreciated.=C2=A0 I won=
=E2=80=99t bother the group any more on this topic.</span></p><p class=3D"M=
soNormal"><span lang=3D"EN-US">=C2=A0</span></p><p class=3D"MsoNormal"><spa=
n lang=3D"EN-US">Thank you!</span></p><p class=3D"MsoNormal"><span lang=3D"=
EN-US">=C2=A0</span></p><div><p class=3D"MsoNormal"><b><span lang=3D"EN-US"=
 style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&q=
uot;;color:#0071ce">Joshua Ammons</span></b><b><span lang=3D"EN-US" style=
=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;c=
olor:black"> </span></b><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;f=
ont-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Advanced SIEM Engineer=
, Cybersecurity </span></b></p><p class=3D"MsoNormal"><span lang=3D"EN-US" =
style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&qu=
ot;">Global Business Services</span></p><p class=3D"MsoNormal"><span lang=
=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sa=
ns-serif&quot;">Office 479.204.4472 | Mobile 479.595.2291</span></p><p clas=
s=3D"MsoNormal"><u><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-fami=
ly:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0071ce"><a href=3D"mailt=
o:Joshua.Ammons@walmart.com">Joshua.Ammons@walmart.com</a></span></u></p><p=
 class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-fa=
mily:&quot;Arial&quot;,&quot;sans-serif&quot;">=C2=A0</span></p><p class=3D=
"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quo=
t;Arial&quot;,&quot;sans-serif&quot;">Walmart=C2=A0 </span></p><p class=3D"=
MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot=
;Arial&quot;,&quot;sans-serif&quot;">805 Moberly Ln</span></p><p class=3D"M=
soNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;=
Arial&quot;,&quot;sans-serif&quot;">Bentonville, AR=C2=A0 72716</span></p><=
p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;fon=
t-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#0071ce">Save money=
. Live better.</span></b></p><p class=3D"MsoNormal"><b><span lang=3D"EN-US"=
 style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&q=
uot;;color:black">=C2=A0</span></b></p><p class=3D"MsoNormal"><span lang=3D=
"EN-US"><a href=3D"https://walmart.facebook.com/groups/435932993428953/?fre=
f=3Dnf"><span style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot=
;sans-serif&quot;;color:#e7e6e6;text-decoration:none"><img border=3D"0" wid=
th=3D"156" height=3D"37" id=3D"_x0000_i1025" src=3D"cid:image005.png@01D38E=
D4.3FFE2EB0"></span></a></span></p></div><p class=3D"MsoNormal"><span lang=
=3D"EN-US">=C2=A0</span></p><div><div style=3D"border:none;border-top:solid=
 #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class=3D"MsoNormal"><b><span l=
ang=3D"EN-US">From:</span></b><span lang=3D"EN-US"> Joshua Ammons <br><b>Se=
nt:</b> Thursday, January 11, 2018 4:33 PM<br><b>To:</b> &#39;<a href=3D"ma=
ilto:linux-audit@redhat.com">linux-audit@redhat.com</a>&#39; &lt;<a href=3D=
"mailto:linux-audit@redhat.com">linux-audit@redhat.com</a>&gt;<br><b>Subjec=
t:</b> auditd configuration for PCI DSS 10.2.x Compliance</span></p></div><=
/div><p class=3D"MsoNormal"><span lang=3D"EN-US">=C2=A0</span></p><p class=
=3D"MsoNormal"><span lang=3D"EN-US">Hello,</span></p><p class=3D"MsoNormal"=
><span lang=3D"EN-US">=C2=A0</span></p><p class=3D"MsoNormal"><span lang=3D=
"EN-US">I was wondering if anyone had any experience putting together an au=
ditd configuration to meet PCI DSS 10.2.x requirements?=C2=A0 Below are the=
 requirements and my thoughts for each one=E2=80=A6if anyone has anything t=
hat they have done I=E2=80=99d love to hear it!</span></p><p class=3D"MsoNo=
rmal"><span lang=3D"EN-US">=C2=A0</span></p><p class=3D"MsoNormal"><span la=
ng=3D"EN-US">10.2.2=C2=A0=C2=A0=C2=A0 All actions taken by any individual w=
ith root or administrative privileges</span></p><p class=3D"MsoListParagrap=
h" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US" style=3D"font-family:=
Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"font-size:7.0pt;font-fam=
ily:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US">Enable the pam_tty_aud=
it.so shared library in /etc/pam.d/[su/sudo/sudo-i/su-l] files.</span></p><=
p class=3D"MsoListParagraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-=
US" style=3D"font-family:&quot;Courier New&quot;">o</span><span lang=3D"EN-=
US" style=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;=
serif&quot;">=C2=A0=C2=A0 </span><span lang=3D"EN-US">USER_TTY event type w=
ill contain all commands from privileged user.</span></p><p class=3D"MsoLis=
tParagraph" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US" style=3D"fon=
t-family:Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"font-size:7.0pt=
;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US">Add following=
 lines to /etc/audit/rules.d/audit.rules file:</span></p><p class=3D"MsoLis=
tParagraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font=
-family:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font=
-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=
=A0=C2=A0 </span><span lang=3D"EN-US"># Audit all actions by any individual=
 with root or administrative privileges</span></p><p class=3D"MsoListParagr=
aph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-family=
:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-size:7=
.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=
=A0 </span><span lang=3D"EN-US">-a exit,always -F arch=3Db64 -F euid=3D0 -S=
 execve -k root-commands</span></p><p class=3D"MsoListParagraph" style=3D"m=
argin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-family:&quot;Courier =
New&quot;">o</span><span lang=3D"EN-US" style=3D"font-size:7.0pt;font-famil=
y:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0 </span><span =
lang=3D"EN-US">-a exit,always -F arch=3Db32 -F euid=3D0 -S execve -k root-c=
ommands</span></p><p class=3D"MsoListParagraph" style=3D"margin-left:108.0p=
t"><span lang=3D"EN-US" style=3D"font-family:Wingdings">=C2=A7</span><span =
lang=3D"EN-US" style=3D"font-size:7.0pt;font-family:&quot;Times New Roman&q=
uot;,&quot;serif&quot;">=C2=A0 </span><span lang=3D"EN-US">EXECVE event typ=
e will contain all commands from user with elevated privileges.</span></p><=
p class=3D"MsoListParagraph" style=3D"margin-left:108.0pt"><span lang=3D"EN=
-US" style=3D"font-family:Wingdings">=C2=A7</span><span lang=3D"EN-US" styl=
e=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&qu=
ot;">=C2=A0 </span><span lang=3D"EN-US">Question: with the pam_tty_audit.so=
 enabled, and those commands being logged to USER_TTY events=E2=80=A6is thi=
s rule needed also?</span></p><p class=3D"MsoNormal"><span lang=3D"EN-US">1=
0.2.3=C2=A0=C2=A0=C2=A0 Access to all audit trails</span></p><p class=3D"Ms=
oListParagraph" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US" style=3D=
"font-family:Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"font-size:7=
.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US">I=E2=80=
=99m not sure the best route to cover this one.=C2=A0 If I add a rule to wa=
tch /var/log/* for =E2=80=98wa=E2=80=99 actions, those logs are constantly =
being written to so that would be too noisy I believe. Does anyone know how=
 I would form a rule that would fire when a file within /var/log is accesse=
d directly by a user?=C2=A0 Also, if the user makes any manual changes, suc=
h as deleting a file or modifying its contents?</span></p><p class=3D"MsoNo=
rmal"><span lang=3D"EN-US">10.2.4=C2=A0=C2=A0=C2=A0 Invalid logical access =
attempts</span></p><p class=3D"MsoListParagraph" style=3D"text-indent:-18.0=
pt"><span lang=3D"EN-US" style=3D"font-family:Symbol">=C2=B7</span><span la=
ng=3D"EN-US" style=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quo=
t;,&quot;serif&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </sp=
an><span lang=3D"EN-US">Based on my understanding, this wouldn=E2=80=99t re=
ally be covered by auditd, but by the standard authpriv facility.=C2=A0 Any=
body configure anything in auditd to cover this requirement?</span></p><p c=
lass=3D"MsoNormal"><span lang=3D"EN-US">10.2.5=C2=A0=C2=A0=C2=A0 Use of and=
 changes to identification and authentication mechanisms=E2=80=94including =
but not limited to creation of new accounts and elevation of privileges=E2=
=80=94and all changes, additions, or deletions to accounts with root or adm=
inistrative privileges</span></p><p class=3D"MsoListParagraph" style=3D"tex=
t-indent:-18.0pt"><span lang=3D"EN-US" style=3D"font-family:Symbol">=C2=B7<=
/span><span lang=3D"EN-US" style=3D"font-size:7.0pt;font-family:&quot;Times=
 New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0 </span><span lang=3D"EN-US">CRED_ACQ (sudo) and USER_AUTH (su) ev=
ents should contain when a user sudo=E2=80=99s or su=E2=80=99s to privilege=
d account.=C2=A0 My understanding is that these would not require any extra=
 rules to be written.=C2=A0 However, I=E2=80=99m not quite sure how to hand=
le the requirements to log creation of new accounts, and all changes, or de=
letions to accounts with root/admin privileges=E2=80=A6any ideas? </span></=
p><p class=3D"MsoNormal"><span lang=3D"EN-US">10.2.6.=C2=A0=C2=A0 Initializ=
ation, stopping, or pausing of the audit logs</span></p><p class=3D"MsoList=
Paragraph" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US" style=3D"font=
-family:Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"font-size:7.0pt;=
font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US">Auditd:</span=
></p><p class=3D"MsoListParagraph" style=3D"margin-left:72.0pt"><span lang=
=3D"EN-US" style=3D"font-family:&quot;Courier New&quot;">o</span><span lang=
=3D"EN-US" style=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quot;=
,&quot;serif&quot;">=C2=A0=C2=A0 </span><span lang=3D"EN-US">DAEMON_END eve=
nts would indicate auditd was stopped.</span></p><p class=3D"MsoListParagra=
ph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-family:=
&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-size:7.=
0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=
 </span><span lang=3D"EN-US">DAEMON_START and SERVICE_START events would in=
dicate when auditd initialized.</span></p><p class=3D"MsoListParagraph" sty=
le=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-family:&quot;C=
ourier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-size:7.0pt;fon=
t-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0 </span=
><span lang=3D"EN-US">Anything else anybody would add here?</span></p><p cl=
ass=3D"MsoListParagraph" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US"=
 style=3D"font-family:Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"fo=
nt-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US=
">Rsyslog:</span></p><p class=3D"MsoListParagraph" style=3D"margin-left:72.=
0pt"><span lang=3D"EN-US" style=3D"font-family:&quot;Courier New&quot;">o</=
span><span lang=3D"EN-US" style=3D"font-size:7.0pt;font-family:&quot;Times =
New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0 </span><span lang=3D"EN-US"=
>SERVICE_START event (unit=3Drsyslog) when rsyslog is initialized</span></p=
><p class=3D"MsoListParagraph" style=3D"margin-left:72.0pt"><span lang=3D"E=
N-US" style=3D"font-family:&quot;Courier New&quot;">o</span><span lang=3D"E=
N-US" style=3D"font-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quo=
t;serif&quot;">=C2=A0=C2=A0 </span><span lang=3D"EN-US">SERVICE_STOP event =
(unit=3Drsyslog) when rsyslog is stopped</span></p><p class=3D"MsoListParag=
raph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-famil=
y:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-size:=
7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=
=A0 </span><span lang=3D"EN-US">Anything else anybody would add here?</span=
></p><p class=3D"MsoNormal"><span lang=3D"EN-US">10.2.7=C2=A0=C2=A0=C2=A0 C=
reation and deletion of system- level objects</span></p><p class=3D"MsoList=
Paragraph" style=3D"text-indent:-18.0pt"><span lang=3D"EN-US" style=3D"font=
-family:Symbol">=C2=B7</span><span lang=3D"EN-US" style=3D"font-size:7.0pt;=
font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span><span lang=3D"EN-US">-w [DIRECTORY=
] =E2=80=93p wa rules for the directories below:</span></p><p class=3D"MsoL=
istParagraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"fo=
nt-family:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"fo=
nt-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=
=C2=A0=C2=A0 </span><span lang=3D"EN-US">/bin</span></p><p class=3D"MsoList=
Paragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-=
family:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-=
size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=
=A0=C2=A0 </span><span lang=3D"EN-US">/sbin</span></p><p class=3D"MsoListPa=
ragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-fa=
mily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-si=
ze:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/usr/bin</span></p><p class=3D"MsoListPa=
ragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-fa=
mily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-si=
ze:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/usr/sbin</span></p><p class=3D"MsoListP=
aragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-f=
amily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-s=
ize:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/var/lib</span></p><p class=3D"MsoListPa=
ragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-fa=
mily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-si=
ze:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/usr/lib</span></p><p class=3D"MsoListPa=
ragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-fa=
mily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-si=
ze:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/usr/libexec</span></p><p class=3D"MsoLi=
stParagraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"fon=
t-family:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"fon=
t-size:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=
=A0=C2=A0 </span><span lang=3D"EN-US">/lib64</span></p><p class=3D"MsoListP=
aragraph" style=3D"margin-left:72.0pt"><span lang=3D"EN-US" style=3D"font-f=
amily:&quot;Courier New&quot;">o</span><span lang=3D"EN-US" style=3D"font-s=
ize:7.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0=
=C2=A0 </span><span lang=3D"EN-US">/usr/lib64</span></p><p class=3D"MsoList=
Paragraph" style=3D"margin-left:108.0pt"><span lang=3D"EN-US" style=3D"font=
-family:Wingdings">=C2=A7</span><span lang=3D"EN-US" style=3D"font-size:7.0=
pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">=C2=A0 </span=
><span lang=3D"EN-US">Would the above cover this requirement?=C2=A0 Any oth=
er suggestions here?</span></p><p class=3D"MsoNormal"><span lang=3D"EN-US">=
=C2=A0</span></p><p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"fo=
nt-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#=
0071ce">Joshua Ammons</span></b><b><span lang=3D"EN-US" style=3D"font-size:=
10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:black"> <=
/span></b><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&qu=
ot;Arial&quot;,&quot;sans-serif&quot;">Advanced SIEM Engineer, Cybersecurit=
y </span></b></p><p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-=
size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Global Bu=
siness Services</span></p><p class=3D"MsoNormal"><span lang=3D"EN-US" style=
=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">=
Office 479.204.4472 | Mobile 479.595.2291</span></p><p class=3D"MsoNormal">=
<u><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial&q=
uot;,&quot;sans-serif&quot;;color:#0071ce"><a href=3D"mailto:Joshua.Ammons@=
walmart.com">Joshua.Ammons@walmart.com</a></span></u></p><p class=3D"MsoNor=
mal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial=
&quot;,&quot;sans-serif&quot;">=C2=A0</span></p><p class=3D"MsoNormal"><spa=
n lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&q=
uot;sans-serif&quot;">Walmart=C2=A0 </span></p><p class=3D"MsoNormal"><span=
 lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&qu=
ot;sans-serif&quot;">805 Moberly Ln</span></p><p class=3D"MsoNormal"><span =
lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quo=
t;sans-serif&quot;">Bentonville, AR=C2=A0 72716</span></p><p class=3D"MsoNo=
rmal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;A=
rial&quot;,&quot;sans-serif&quot;;color:#0071ce">Save money. Live better.</=
span></b></p><p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-s=
ize:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:black=
">=C2=A0</span></b></p><p class=3D"MsoNormal"><span lang=3D"EN-US"><a href=
=3D"https://walmart.facebook.com/groups/435932993428953/?fref=3Dnf"><span s=
tyle=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quo=
t;;color:#e7e6e6;text-decoration:none"><img border=3D"0" width=3D"156" heig=
ht=3D"37" id=3D"Picture_x0020_2" src=3D"cid:image006.png@01D38ED4.3FFE2EB0"=
></span></a></span></p><p class=3D"MsoNormal"><span lang=3D"EN-US">=C2=A0</=
span></p></div></body></html>

<br>
<p style=3D"margin:0px;color:rgb(34,34,34);font-family:arial,sans-serif;fon=
t-size:12.8px;text-align:justify;background-color:rgb(255,255,255)"><b><u><=
span style=3D"font-size:7.5pt;font-family:Verdana,sans-serif;color:black">D=
ISCLAIMER</span></u></b><u><span style=3D"color:black">=C2=A0</span></u><u>=
<span lang=3D"EN-IN" style=3D"color:black">:=C2=A0</span></u><u><span style=
=3D"font-size:7.5pt;font-family:Verdana,sans-serif;color:black">The informa=
tion and the attachments in this email may be confidential and legally priv=
ileged. Access to the contents of this message by anyone other than the int=
ended recipient is unauthorized. If you are not the intended recipient, any=
 disclosure , copying, or distribution of the message, or any action or omi=
ssion taken by you in reliance on it, is prohibited and may be unlawful. If=
 you have received this email message in error, please notify the sender im=
mediately by email, facsimile, or telephone, and then delete/destroy the or=
iginal message and all copies of it from your systems.</span></u><span lang=
=3D"EN-IN" style=3D"color:black"></span></p><p style=3D"margin:0px;color:rg=
b(34,34,34);font-family:arial,sans-serif;font-size:12.8px;text-align:justif=
y;background-color:rgb(255,255,255)"><span style=3D"font-size:7.5pt;font-fa=
mily:Verdana,sans-serif;color:black">=C2=A0</span><span lang=3D"EN-IN" styl=
e=3D"color:black"></span></p><p style=3D"margin:0px;color:rgb(34,34,34);fon=
t-family:arial,sans-serif;font-size:12.8px;text-align:justify;background-co=
lor:rgb(255,255,255)"><u><span style=3D"font-size:7.5pt;font-family:Verdana=
,sans-serif;color:black">Wave Crest cannot guarantee this email communicati=
on and associated attachments to be free of malicious code and assumes no l=
iability for any loss or injury resulting from the contents of the message.=
=C2=A0</span></u><u style=3D"font-size:12.8px"><span style=3D"font-size:7.5=
pt;font-family:Verdana,sans-serif;color:black">The views expressed may not =
necessarily be those of=C2=A0</span></u><span style=3D"font-family:Verdana,=
sans-serif;font-size:10px;text-decoration:underline">Wave Crest</span><u st=
yle=3D"font-size:12.8px"><span style=3D"font-size:7.5pt;font-family:Verdana=
,sans-serif;color:black">, and unless otherwise noted in the text of the me=
ssage, the message may not reflect official policy.</span></u></p>
--001a113dbd12a912f90562e0ce35--

--001a113dbd12a912fc0562e0ce36
Content-Type: image/png; name="image005.png"
Content-Disposition: inline; filename="image005.png"
Content-Transfer-Encoding: base64
Content-ID: <image005.png@01D38ED4.3FFE2EB0>
X-Attachment-Id: 7d077a0b3a4d0642_0.1

iVBORw0KGgoAAAANSUhEUgAAAJwAAAAlCAYAAAC3fYDwAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO
xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAABokSURBVHhe
7ZwJfFTVvcf/d5klCdkIbqCggNjgHjFAnltp3LdW9KFipbYVtVof1uVVQK43ILXutu5WrfJwQ2uf
rZVVBTWBqHFDo6gIKLshe2Yyc+fe9z13JisJhFZ97/OS8/kMkzn33LP8z+/894Np27b0lT4KfF8U
ML+vgfrG6aOAokAf4PpwsMsUmFHwQG5C63eTkWHkuw3uk/ppq/5UUmJ7PemoD3A9oVJfmw4UcCVz
rNHfvEx0TbyGxMjqeUOfokFDT8jUB7ieUKmvTUfAmWaNXp8QCQA4TbbkyupIT0nUB7ieUqqvXRsF
HGdbQpO4EdYDmqZXlVTaoK9npQ9wPaNTX6t2FDDDTl2i2awTQ/LEdb/ZFeL0CsBZdUWXiRk+0ydM
pOkJO2/5ky1EsqoKD5FAaLZwVMWJbZMm/VJ7UKmvj1hV5wbEXHufGOG9Jd5cKyG5xE4vrd0Rgf3+
gqHfiREwxIm+YGeVPrgrG/JdtbVCRWHZ7N0jofR9JBb52M4uvaq7saaPmnuulmFM0CLe3SXl573W
Rbs66gCclie6vrW7fqaOmnOtmW4WOg2x62dXTPpctesVgOMUmhLOOlHAlMSaoqy7FXASCBZLvwGn
Shw1xAjwqb+L528nibhuX9GMX0q//iI1Gz6S1TUNctBOIBHQ95Bw5ikSSOOd9V/T+v8E4GR1bkAy
qs+U9P4DJLp+CPPqEnAzCucOdV15XAtpQS/mnjq9cM5Mvf7z2R3EZvHqRu/vI5p8Hc7ztnWmyHX5
jw8JZQb+oKUHzpAMaN5g5syYYZ2gLNneAbiE/qrUb3UkmMZ6teFWTqFp15Q7PqHcxGiJNYo0w9SC
Gfw2D24FnAG8zCDPeK7J3+2DKnuiqzh+e1c11XqsTH9XnK2139xqV2JePXMbIOLV7GC8PD1ND0qz
K5oHpDICJZ424tipBXOvnF0x8WP1ngLO1CPmfgWHO1A8+bJ9X9ML556j6YG7tLA+UKKuSEhTtBso
8wTkSaJ3AE6cz8TVv2DlB7DoIbLBHCTpstYXM17iCEQpe+Al4ICGeO6RtHnMJ6KWOFwMAOc081x7
xcqfocuKxQX0VYBs2I0WjuhGpbwfmW+PLaeTToXjr2oQ6WPEDOWJk9hqZy0rt2rGFPN7lLgeHTt/
Q+z64oZ2h4noxfRpiht/k/rX2/dobS4cIWlBNb99EGW6uPK1xBsW2nkVm/z31xdlSYYwVsAUPV4u
NxdXyW9f/5nEmkMSlKdZo0u/PgCsujFXMhaqv7xg55Wuax2nflWF6ww/RwsYV2qGHM0Ygnj9kd7g
voGIvGbx558/UV5jO2bImSxb5ID6yNY31bvXFTw+wNCNmXrAuFRMH2ScOa/Zq3GeNQ3z1hYO2SsA
Z+eVN1u1RW8DqAPQ1/qhW42ARmulWoYjRvcDUOrEf8ImjkGXO7SV+J5xOHWCuN0iQf09KV00T9Iy
zxK6EB3Sqc2Lws0Oct+x6grPt7PKV3WEnMZ2qXPtPSAZWYdKbPNHVvXY1yQj+3IfyAmYbHP9dIB2
BiA+VAKBeyUtCwzSLyLeqimaZueUzvbBVDPWlsz06Yhr3X8X7Pic2dA20u5i2r0kmbI/E1sgwXSR
pupr5KpFRZIz8CyJbdgskfS/iNGU8A+XbuyDinE334i7KgX2VsClgPEcdc9NHzP3ZC3q/lrzvJP1
vECu3qg/Ujxi5Fvl5fJhSemkr2ijPn4xdfMyc0joUqlxxK13t9H1HFeTh2avSHLF1nYdCfT/+Jfn
lrJLE/3NikcPY6WLJCajJCNHh+ifIj8Ws4ljaDPSasrPkdVSL3t7I9kdxd3exVjYYsXG9gNkG9Hn
FsEcNiFORgPYYyUt+wj6uI8+i0FhEmQdCtxTgUP0kRLOOFCa6tbBbTLhRLnoiP0B3t/FNHN8o6Vu
SwN9Dgb4cAntJqup6EXGXqnYLeBvlNpNS0T3Vomno19qZwHAvQDoE7QbBlIj4gIipR54cgXg3ZfD
pWbC4C3SnX4V41VcWwEuoXerJsxaPvFl3n0ZcXqsUetMcZs9F87WQYS2AsmV+d7G+Kle3Fuqa8b9
JWUT1nSFpl7B4fyF6/oK9BePk628lUpPo6C/BcJ8ex/RYAkbPx1AsvG5w2WobJSYuy8iV3GRpGgL
apNFNm2xcytbdTM4z2ts+LEA4ods+l606kJvg9MpjhRM0yTW8KA0atdIZmIgXG0hwB0CaHKYWyl4
GS9p4Yg0x+diTZ7qGx7NdafS50oJRu9DvD1s5y7f2LKRcLaZgGc6HLe/ROuKURPeliZJUGfQ574S
rS1HdN/GGGsRqTGJIyQDIcAWW8UBIFJgepLmvr8zNoPutpQ26tNtKamY+BYPObA7Lr0HcPVSKenu
OnSLIXAzpctREJ9KLBp6ucTT3keMRSUtJyzRmh8Atiw2UseqpZ25TLWG06wFVLtbDUedK3F0PV0w
X2Vf38INhHGrRAfxO2mMdC46FnC0vkGCzTPtQRXK7bLKqh7zooT7/VoSgNpL/LFVF3OOegDQKKDB
MGVwcuyKbyxrpWFdfemP0f2OAsADWcv+cGvGBpi6PkzqWYcB91LWdiyyGTXgdDt96Rb1vtV0QYZ4
X+hwVH55NXbO8ld2Bo7v4nmvARy+tSarevQ7iCFcAtog9KZD2bQRElEuJbPCzltSjX71pRhmPpt8
CJV7+RsZbdwgTdr7gmqFsv8rntuI0AGSwaaqzY7WwygBrRJPcUyJAJykq6JEpOch2sLIslTRtRpf
u/Z8jCqZmyputSToRlnIvkxXPsGio+XqY+6H8x3IR3GppPUcU2Bnnm47F5d6Lx5daaeX+WDzS/Vq
DYNCgU39o1DX4zIj3zLczBHniONqsyp+quKm25UZRY9n432a5MZkORyxvLvOew3gfAIYxpuoWGdB
9Cy4xOmAJ0+am1CosTQBFOU9AJDP8wL2ucb322neW/agsjrAdhIc716fQzRUrWaHb4erVNDPZAll
XJR0gyR3s9uiga4Imw1e/OJ12Pg2EMQdDf9gqpEbgav2p+ULiMk8xGS9RGrvREwuhMseIcHg3b6+
13lsTcnwbkuPMjsAUVgcc0LCO+ByI0M/En1PphbOfW92+cTKzj07MYyGwTi8v44500fPnad7cl9J
+cQ3OrfrXYATWZ70qemZcLezk5zBAVDJyALgeQtudR5/4d5lTxTnEnx4/nZqF/kGR3ODB8+50M5a
7rsDrNrRpyQt1p646HYIx24eYig4cqKkZ+f5XM91b7ZzylKWa2GAQ9P1e55inR2K+p2q83yu2V1R
6UeOnnmh55iT8aeNNJSbg5JocP9hRsxWrjnDsowSOxVHdaXM2xhbq2cZQ7DKz5Mm97xpRz65QENV
mPX2T19qGat3Aa4e5Tsjtokw154YCIemOAPWa6oE4FjKwtONPfy9idR6qOCpU6pl+waED8ykcELM
7YE/4Ce+xadKACW8GxXun4Fay2BMKKeNd7qcEsa2ZmjymyW/SFrRDKvDUxI7YGrhwcj/tY7vitGM
4VZN4XG4YeFUTo1yG7XMb+rBc4d6RuZCs58xDEexspTFbUw0c55uQFTe2truiCdnecvyz5la//il
s9+e9KoyLK4reKAokMi600jT/l354gyDg6IFTpxWMHeOcdqqSb0n0pCiEpxMica3iSichlWX1IN0
5S5JlXj1SjGy6/BjZfkbHI/gAkjgkvBB9iocDgJGldI1B4V/BQp6IUr/Hr7LQxkF4gQk7iQkjCXo
i+N2HEX99ivbFfXcb8cngRO2rbTV46vHZfJmyr2hWlzH2IfiY8OXln2Yr8MpLucqf4hfjNQwHcay
856O895K9MLh6HcoEAFcO24tceITeeed1qEDMgBH7zAVaZCQLl6T+w521RUAanmHuXvej7X+5gi9
NoGFDm0ot1RcuoGvCdMLn3pF073fa6ae7TuBRf5NgU390bs4nFpxwr0NsXocin8/dLEqROoHLYS0
8yqrcDXcBgJKABL4aSprPf1RuVf0b4pQ2IkP9tsdS/B0qd+8ViI1xCS1aZJBjLKuaQBcDkvY96Ep
MZwEkfr2/1SirB2uWurVsw5qvIrApfoQLdNOX/aBtW10CW6VaZKWG5RgmLG3Jhj7ejo9XdL2KOIA
7c7YIERxMH+MziJVWeOzMHLQ+9L2Yf4mIjpPYrUtyqI/VXO1vBvfLzEnkG2Mdxuch/XAN9Nmr5jS
zqARId4achJaQBrg+JqX3QGI/JhVft6DUwufedNoTjwgrnYI52n29IK5Z+ph59VeBzgAtJSMjlFs
zsH4wb7CFVHdnmB47GciKpfAMgbCAVutrZSedybPTsRfNgKn7Xpp0JZgUNQSZVgAOA+GS70le8g2
2eocKSZSKiSbk7uoTQQIGXDBuCQGEuxOMdWg3EP98+KhKwbFD2/5JSrvSiB+pA+eoOZnY9j9V1hY
1i9Ks1PIgcFXE3vdzilfjUHxkDTVjhPN/EwGD9wgX6wbJV6zBvdS5neHQqjsHauq4Ej8isUSbcil
zRqpN30LvKWU1EyMzzjdmuTMH2HPfusCwoFdFMfJ0jQTw0sFUfTdu2oyu3zCSoA5ThqNvWZWnLcW
Y+MA3TGjvQ5w/ubllX/K16eifL5dFGKLSUS0WJPt2vBsAT/Vp/U5IS1ltVWSHYZRwScrlW2S4h1s
dNKq68BLfL/eemrXb1efNGKSGSvt3lGAoaZN/Km1pJeqbI3n/LXU8MlLPe80VssSOGDqEMxtXVs7
sLW0SYm/rsFGI8cEbA6czVH2k0syQNcFK1W5iNaqp1i2iua9UKR2R52++p5TwJFsw9DSYG9KW1DH
rMelV3K4HlOnr2GXFEAR3RPDQrmRlKK416/z78r4Y2VHPa870nUAHPJ9fwmkn42ZTfjH+Bpl4vmU
uCB1pnAsDLEBtv5hd52hT8Bm5d9kdPF8u7JkR47H1i5Ik/khroU1iIYOQWH0lQMJdI+TaKQfbooE
i/uE1J4XdxUDKvdN1pmk7Aie91IldL6XAi3IQtF/jlaNUo1/z3RVEL722xjcqjtmKIIth72o+Db6
29U+SGddI02Jr/ycN3ybuRt36zq60kXHrYDDOrtCgoHfoMC+gVldiWP0YDHSLqd+For0vfhsLgfS
Ko2lW8Ah3PfFz3OnrF6s4nR+msJOi6tNB6RzadcxCyGRuFBizngU5xcAW7rKvCVQfo6MPX5ST8Hs
j/2FiUXpvYRP6Vz0FpX98J0XDucI5vzf0OsV/GNfQs+JEnHCjP/wtzK4G78SWVZEX4XfSn+72An6
2MfX5T9zuBmWPRd/8cmnKj+up134gANUP+EU3oRpfjynsNUy4ySxKDdl9noRCLdjEMXxXmlevd1c
1jOwJWfZiLWjXPqdi0ng/K9YZ9f6c6wq2Buf0cckQBailHf0Ce1otUdVb5I3csl/S9T0lCj/cruE
cQmypoyDyiH1y23W+j27MVH+idEatRkYCcrx979WbqmcUIWZVLWrEzCtGcpjvfhGAHc9mQUdgq6I
sDanaKeerbqjEIWhYlJz1kr8g8fsvJo4JED0SdjnloHAQLIg3rWz3pjnA8b9Ua40NI/HeTock7wU
S3HH4hHPoZ/S01LSwrVwqSgpNnHEVQZccZSMrn7drqx0cVUMlIAzBPFf5gMzlI0oi8fgLvPsymVf
WFI4WKLrav30IUd2x0k6GOduEc7UCsSSPz9/jnXHFPDOT/DN1Uq/pkdsvaLaWplvyN55F3IxZjju
kGVye/FCuXJ+kFjnJcks3shCuf34Uv6Plrb4pOttwRVytFVWGGzJBLYHbWo9hMx3tISDpzPFKo7b
I75DuqlgiDjhXFw1BzLWSPp9nlgph91VtPIjAX5kQ2QYYFMWpMo49jcc9aMAj/6PSZlrxGE7B0ta
OWDFaig6TvS044mEkBkce9RPRG06NU2c6l+KmTYgOfdi5l7So9jqroKrq/am/HYxOVyYuEH9bzvv
MAkAvPW/hWNMQtyRqU4ajfGDc6wq9zRJc5rIldgdx+MROFgRv9qNiMFxxP4uk+pIvgQM0mpinxDz
uA1Q9ocD/LnbMV04qhkYR7tLAQGpNe4E2j4JMcmuPeYw0oru42LIEdRFxXB/iIPxIjb4FMk3nkEH
rcAvlY4f7QRCQA/IlEWPym4jxkt9bBCbCdCbF3AYPsYPewtrGUCqzv1s2nj6vFn04LPM/2CpC863
gkXFJAf9CvqcSayUfDk5X54lcbNUv9PPOkk4HzHWefLss2VSWdm2aVGdDF93nBySUW41HPOw6Fsf
tdOTOXSs53xE/I3Q5xmcrySAxsaT6n6C1JC2bhh/Fi32EmtVuh66K5zM1VW6+xM+nUzvBmQIINNQ
P7yzqTmN+ePjc2/m2dPQYBB9P0l/J8lWYX+8Keh6T6GOHI/T9wxuoZ0hxjry48z9mPvK5NyFue8k
6WDnwOhxC1Mi0ZAYIT+Q0/KWr2ivMa/x03Aite8DjDmIShVXJHOhYBDEnsxpGmdnLF2TAuDLLOgK
/n6Gzzo7+82L/PqmonsBYIVVdQyna1kpvz+UiDkQ4qT7wXORP7PU7cPM6mWyyxDh5Js5h6MPGRBJ
5dxkWlU5AbiZCmq2JTomiPQZekQOHWBIbNs+kojeCoj+6s/hbseUL42oODiNDOJPbrySZ2psdXDW
MsbZcLGHZBCJjBoRhluP+y+5++WArNFJrNTJAnHy2LAtdr/XbvDpU1kqlowhlVtbaWcuvS5Z15He
cCwFmBORAj8F+JeLt/tlVlXuRLm7+AO5etH14mikji+bR2YxroWcUtnsXoATdgMghNZl57fuQ13h
I4xNvFSegLvlAaajcASPI01oPHvRgAM7BJ1sxPfFduay+Sma70/qPPdFvasxti6x+y19NXXX4R3A
djptBhAT/szOejM197Ieg+XbaIgONwJrdC2JhlKEUvuX1k5VjRsnUdE7ibo5KKkuC46SG8/FksQn
dna5D7ZUmZdKGHxWAcjKOTdo1zwdS6Zlj/lQjNgwNlfdYZwN2FbDuUhabPYvfvhA7iIKQ5W6e/CC
nVs+1Sdkfr4updkfizFyEhbnIhysLhzV8x2thk5GrRew01+KWLGiXwKiO6z64yYD6im2LFtlydgU
93EJ/bTXO/Rqdc9NhuZmI4oG8N6ZctWCM2WNWmuAQHeMm155M8Wpe9hqOHYl6sPtHL7HUAsuBpxw
xaPfg1vOQJR3qR6gTsxRtIMj3wbtHpNrFp/P+NnoymfD6eDY6AxmiGwQAruuCsb6nK2tDIb/rJEp
cN/hVKp9qFCOXmgZhpZQgIxkTasDpD7YVOH5Zxgth0OU/nR/MTl+V0gGWQdGcCvrcfn8h4QyH/Pn
Hk/MQGLssuX/rwDP9IO6NUXcnfTusary3yCeuMW/Qpcld1ibCxZLKKxYeqpAlIC7FoffPh0HVRdP
tK/QLVwAwBW8p9ubyXsR8tkKwWdB0OlcwP0Hp5WUHpmyw4kr6d0a/IaQSleTsRtFc/eG/cH9JMw8
U1kOpP35t11ol1O6kK+DrLrjZnJgXuB0j4XgbUZJ+xw0rqPAKXgvF25ZFcFzfoescsvlZPqpKWtv
eZ3Lph/DEM9AK7Jll73AGCfzN7l1xqNqPWxcm7HVVIRk+LjW12tVMbfOknj2RDY4DbFZz4i/l8HE
cF9eJfZYbp1Q6P9niMSOAfea8hjc9GnmNZN31IH9z3Y0wxFmcuvdy1U6bKvetj6/n2SqJM94HTJi
GpfUvpaN77udrjiezHhnoQ49yvcp6LHdJkz+K+Dq6t2kW+TO4t9hOBwogQHliIE/Ika4wWTuJhnG
hZzqZEzOzxf18uyssg/JOvick/M8Mbk72OhR6HMkMwZUfM4ULXQYz//AiXqGDf8FHKxWhjmv+2JN
9KM57Y1wyKs56angi6euQHURiCHQrQXH4qcb74NJ0wsR4yMloE8me7VK0vfLRj/iqpu7ks2Yik7W
yDU+Q0oXzpRQiEwI51PESpqECTJ73GfC2Ye6BxfRGa+luIyr5fqcsXnsc9zCvEcODF/FHSbTSpDn
FjJmsGlY8CbKu/aGuLE69CqMoqMmI64aJeh9yv0DNtf105VaS8Q9X4KHXGg1yC0cQURl/Fpltcof
Tn5PpixYiO54v2wIXyP5B6VZNYkTJDHkegmsgftq7eaW6q1Rf4gDQzhKWwAw3k3VhuDM/e28siqr
duxijs1fMBDQq1FX0mNc02vgplboNQ75nyS4YboM3W03qzp7jBTV3iAruDEmwW1IiU+Y1/Zz/7YR
1qk/H3ApK2UiGziBUzYRvQEl2VXcYymweMR/J+EtIuCt4nYqbeUCafZKCEbfyMJr0T/OwqIlkPwj
OF8jxCWga5o3cqI3SyAywa6piFlG0ZXU/x7lWyU3zodTJfvSDbiFyyWWTkXTFtN+MPNRjmgTq6+a
zS5WIkPFAa26oZcBpGsB2kl+H5q3Sc5he1dwW9Jxp4FRuIv7c/5bB5UB8jS6IGnbJink7rNtI+mf
AASld4rcdfw0uWpxE6f+Rt5DXGlLZCCJbl8QFA9418GZsF69ORy4pxBp8ED9V7TJ4NDNsnPLkkma
rcV9kH6bmPckqoL8/b4E+2PI2qgb7rWyTrtBHAPdS2umzULFgWTwbitFc9T1vA7Ft2DrxlzPWO+1
PtCJl7paMml0SOIyWRNAv9QxKDRcTO5N/v0HOfVyad42iznPYowotFRc2YNCn3FAk3PXvJtIJO00
9+124lut6BBpsPstU8RPbkDnhectT1pKFDa9kU2/ers26Uu+op70ni7eT0YoTtnunSycyl21z1nu
X1HrbrWc9n/wTH3aSgnuuSy5iwr1aS0tdzuZm8pWTea3qXW0C4anDh1iX9QnWWr45AFhEbhs+/52
MrekG+NPqU/7VxHVvrpidajMUb8qlVjrUrQBirs6jJ8EiQ8Uv7+cTv2perj2dnukjJscn6bfiwO8
wxpTP/piqV1Rpa/uO6PA/wDRx+aJFPOAswAAAABJRU5ErkJggg==
--001a113dbd12a912fc0562e0ce36
Content-Type: image/png; name="image006.png"
Content-Disposition: inline; filename="image006.png"
Content-Transfer-Encoding: base64
Content-ID: <image006.png@01D38ED4.3FFE2EB0>
X-Attachment-Id: 7d077a0b3a4d0642_0.2

iVBORw0KGgoAAAANSUhEUgAAAJwAAAAlCAYAAAC3fYDwAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO
xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAABoaSURBVHhe
7ZwJfBXVvcf/s9wle0JQBBSsUiy4RwyQp2JpXBFpRZ8oKt1cqNZipT6FyDgBqa17W1utVas83Kvd
rMiigppg1FgVjaJGggIChqzcm9w7d+Z9z9yblQRDrb73ecn/87nc3Jkz55z5n9/57wfTtm0ZoAEO
fFUcML+qgQbGGeCA4sAA4AZwsMccWFBwZ15Cy7zeyDDGuM3ug/pp6/9QWmp7feloAHB94dJAmy4c
cCVrojHInC26Jl5zYmzdYwc8RIPmvrBpAHB94dJAm66AM816vSkhEgBwmmzLk+poX1k0ALi+cmqg
XQcHHGdHQpO4EdYDmqbXllbZoK9vNAC4vvFpoFUnDphhpzHRajaKIfniup/tCXP6BeCsxqLZYoan
+YyJRh6w89c+2MYkq7bwMAmEFgtbVZzYDonol9jDy3x7xKqdERCz5rdihPeVeGuDhORiO72sYXcM
9vsLhn4uRsAQp+VJO7vsrj1ZkC+rrRUqCstW7zcSSt9PYtF37JyyK3obq2Tc0hlahnG2FvVuL604
5/ke2jVyDcBp+aLr23vrZ964JT8z081Cpzl2zeLKWR+odv0CcOxCU8LZJwmYklikhfduB5wEgsWS
OXiKxDFDjACfptu4/2qSiRv3F834oWQOEqnf/LZU1zfLIZ8DiYA+RMJZp0ogjWc2fULr/xOAk+q8
gGTUTZP0QYOlZdNI5tUj4BYULj3AdeV+LaQFvZg7paRwyUK96YPFXdRmcfVO7++jI74N53k7unPk
qjH3jwxlBX6lpQdOlwx43mzmLlhgnag82f4BuIT+nDRtdySYxvtqo6zcQtOur3B8RrmJ8RLbKdKK
UAtm8Ns8tB1wBvAyg9zjviZ/tw+p6out4vjtXdVU67Mx/WVJtvZ+8+pciXlNzG2wiFe/m/Hy9TQ9
KK2uaB6QygiUetroSfMKll6+uHLmO+o5BZx5Ry39GAl3sHjyUee+SgqXnqXpgdu0sD5MWlyRkKZ4
N0weE5Anif4BOHHeF1f/kDc/iJceKZvN4ZIuNb6a8RJHoUpZAy+BBDTEc4+mzX0+E7XEkWIAOKeV
+9qz1pgFury8soC+CtANe9HCEd2okjeiy+yJFXTSjdj+6goqfYKYoXxxEtvt7DUVVv2EYn6PE9ej
Y+dvqF1f3dDuCBG9mD5NceMvcf2Fzj1aWwtHS1pQzW8/VJkurnwi8ebldn7lp/7zm4qyJUMYK2CK
Hq+QG4pr5eoXviux1pAE5WHe0aVfHwBW44TLGQvTX56088s2to/TtL7SdUadpQWMyzVDjmUMQb1+
S292X0RFzl35wQcPVNTbjhlyLpJtclBTdPtL6tmrCu4fbOjGQj1gXCKmDzL2nNfq1TuPmoZ5Y5uE
7BeAs/MrWq2GolcB1EHYa5nYVqPhUY3UySjU6NcAlNrx77KIE7DlDm9nvmccyTVB3W6ToP5PKVvx
mKRlnSF0ITqsU4vXgjQ7xH3Naiw8186uWN8VchrLpfa1d6dkZB8usa1vW3UTn5eMnEt9ICcQsq1N
JQDtdEB8uAQCd0haNhikX1S8VV80384tW+yDqX6iLVnpJahr3X8W7PiS2dC20O5C2j0lWfJ1JvaM
BNNFInVz5YoVRZI77AyJbd4q0fQnxIgk/M2lG/thYtzON+quVoG9HXApYDzOtcdLJiw9RWtxf6x5
3il6fiBP36nfUzx67CsVFfJWadmsj2mjPj6ZujnbHBm6ROodcZvcHXS9xNXk94tfTkrF9nZdGfT/
+JfnlrFKM/3FirccwZuukJiMk4xcHaa/h/5YySJOoM1YKzImV6qlSfb1xrI6Srq9jrOwzYpNzARk
W7DnViAcPkWdjAewkyQt5yj6+C19FoPCJMi6ENJTgUP0sRLOOFgijRuRNllIojxsxEEA7+9imrm+
09K4rZk+RwB8pIR2vRUp+itjr1PiFvDvlIZPV4nurRdPx77UzgCAQwHoA7Q7EKRGxQVEyjzw5DLA
uz+bS82Ewdu0O/0qwauktgJcQu/VTFi0dubTPPs06nSS0eDMcVs9F8nWRYW2A8mVZd6W+BQv7q3W
NeN3peVnb+gJTf1CwvkvrusvY7947GwVrVR2GoT9Fgjz7b1Ng1UsfAmAZOHzRskBskVi7v6oXCVF
kqotqF0k1Z9uw5Zrt82QPM+z4JMAxDdZ9KG06sFuQ9IpiRRM0yTWfJfs1OZKVmIYUm05wB0JaHKZ
Wxl4mS5p4ai0xpfiTU7xHY/Wxin0uU6y5Q6k6d123totbQuJZFsIeEqQuIOkpbEYM+FViUiCawZ9
7i8tDRWo7psYowaVGpM4SjIQAmyx9WwAMgWmJ2nuG58nZrDdVtNGfXql0sqZr3CTDbt76j+Aa5Iq
SXc3YluMRJopWw5CfSq1aOgVEk97AzXWImm5YWmp/waCKpuF1PFqVcM16h8kTY01tGCI1XzMDIlj
6+mC+yr7+x5uIExYpWU4v5POSHfS8YBbmpol2LrQHl6pwi7rAetfJBi+XBKA2kv8ut0Wc465E9Ao
oCEwZYQ/tl5Wa1WvM6wRl3wb2+8YADwMSTc6OTYqVNcPlCbew0B6KW87Ft2K9Jpq567epp63Iudl
iPehjkTll1dv56599vPA8WXc7zeAI7YWserGv4YaIiSgDcduOpxFGy1RFVIyK+38VXVIjGoxzLEs
8mF8hkoYCdOyc7NEtDeQMNhREy6VYNCWcE6+ZLCocdRVSxOCEtAq9RTHlQggSXoipSI9D9UWRpel
SBNieuq6j1Glc1Pk1kmCbpSH7Ot036E4Vvaf9Duk3sFIP8bivlKdag5Mhfl2rKV6Lt6yzs4v98Hm
U121hkOhwKb+UajrMy3ILTfd0dVnsgm1Ra+er/Kmu9CCovtziD7NcnVZu7hsZkVvnfcbwPkM0IyX
YNoZMD0bKTEVcOVLawSDGk8TQAEI1IuG3eYVoHYb/Lid5r1iDy9vBGynIPF+40uI5tpq0d2b0JGv
IZkullDG95NhkORq9koa6Iqy2ODFJ6/LwneAIO5oxAdTjdwoqnoQ8/0z9p9SnU0SbbhV9MAycWPj
AOWvfHuv+9ia0uG9Up8qOwBRWBzz7ISnXUZlyDgkphCn+2dpxcyq7j27MXO2PoKA96aYg7PxuO7K
HbR7sXu7/gU4dl8ypqZnId3O9G0k1wFQycwCi/oK0uoc/jpECR5fcgkxPH85te/6Dkdrs4fMucDO
XuuHA6yGiaclPda+hOh2C8debuIoOHKSpOfiXDAf173Bzi1Pea6FITZNz895/ht0JvU7dc3zpWZv
pMqPHD3rAs8xLyKeNtYwkmGORLP7DyNqtkvNBZZllNrJPCquUrm2JVajZ+kjsSJnSMSdMf/oB5/R
MBWQik+1jdW/ANeE8Z0R+5Q01z44CIenJAPea4oCeqWvpnRjiM/haIMH81K7VMvxHQifu0nlZNUW
DSEe8B3f41MUwAjvxYT7V6DWNhgTyu2QnS67hLGtBZr8dNUPkl40w+o6c92NUAuPQPfWOH4oRjNG
WfWFxxOGRVI59Sps1Da/eYcuPcAzspabmcaBBIqVpyxuJNHKfroW5+HG9nZHPbjIWzPmrHlN91+y
+NVZzynH4qqCO4sCiexbjTTtP1UszjDYKFrgpPkFS5cYp62f1X8yDSkuIcmUanyVjMJpqCblrbFQ
KlySonjdOjFyGoljZfsLHI8SAkgQkvBB9hwSDga2KKNriVU34WUM9EIJZw7xQx7KKRAnIHEnIWE8
QV8dd5Io6rd/sROp+347PgmCsB3UcZ1YPSGTl1LhDdXiKsY+nBgbsbScI3AOsMiUhFXxEJ+M1DBd
xrLzH47z3DpU8CjsOwyIAKEdt4E88Uk881r70AEZTKD3QJVpkJAuXsR9Db/qMgC1tsvcPe/b2iBz
tN6QwEOHN9AvKy/ZzNfZJYUPPavp3i80U8/xg8Ai/6HApv7oXxJOvXEC26t15/HEzjKxxWpRqW+2
MdLOr6rFccA200oBEviJlLfv/hbCEvpnRRjs5Acz98YTnCpNW2skWk9OUpsvGeQoGyODkXJ4wn4M
TanhJIjUt/+nUmWdcNV2Xd3rYsarDFyqD9Gy7PQ1b1o7xpcSVpkvaXlBPFvG3p5g7GvodKqkDSli
A+3N2CBESTB/jO4qVXnji3ByjqKf/Zi/iWOSL7GGNmPRn6pZLa/Hv5ZYEsgxprvNzt164LP5i1+e
08mhEWXHhZyEFpBmJL7m5XQBIj8WVZxz17zCR14yWhN3iqsdxn5aXFKwdJoedp7rd4ADQKup6BjH
4hxKHOxjQhF1nRlGxH4hqnIVImMYErDd20rZedO4dxLxstEEbTdJs7YKh6KBLMMzgPNQpNQrMkR2
yHbnaDHRUiHZmlxFbSZAyEAKxiUxjGR3SqgG5Tdc/5N42GZB8dNbPrXI6xKIH+2DJ6j51Rj2oJct
PNW/SqtTyIYhVhN7wc6tqMah+L1EGiaLZr4vI4Ztlg83jhOvVUN6Kfe7C5Eqe82qLTiauGKxtDTn
0WaDNJm+B95GpfUz4wumWrOcZaPtxa+cRzqwB3KcbE0zcbxUEkXfu6cmiyvOXgcwJ8tOY+jCynNq
5hUuPUh3zJZ+Bzh/8fIr3uPrPVEx3x6I3GISEW3eZKc23HuGn+rTfp+UlvLaqqgOw6ngk52qNknJ
DhY66dV1kSV+XG8TVzftcj3pxCQrVjo9owDDlQ71p94lvUxVazzuv0s9n/zU/W5jtb0CG0xtgqXt
79YJbG1tUuqvZ7DRyDEBm4Nkc5T/5FIM0DPhpaoQUY26u7hipuJ5P1SpvXFn4HrfOeBIDp5rGuJN
WQtqm/WZ+qWE6zN3Bhr2yAEM0X1wLFQYSRmKQ3885raMX1d1tfN6Y10XwKHfv06a5EzcbNI/xicY
E39KqQsi3YUTEYjNiPW3eusMewIxK/8h44uX2VWluws8tndBmcw3CS1sQDV0SQpjrxxMoHOytEQz
CVMkeLl3Ke35655iQNW+yUaTkh1ZxxhK6XwlBC+oQtG/j1WNUU18z3RVEp7Mwhcnq/G4A1BsuaxF
5Rfvbc97oJx1g0QSH/s1byJr87bs1XN2pYeu2wGHd3aZBAM/xYB9Ebe6isDooWKkXcr1RRjSdxCz
uRRIqzKWXgGHct+fOM+tUr1S5en8MoXPJVcrAaRLade1CiGRuEBiznQM5ycBW7qqvCX3eJZMPGFW
X8Hsj/2hiUfpPUVMaQZ2i6p++NKJzTmaOf8Ffj1LfOwj+DlTok6Y8e/+twzuxi9HlxXRV+G/pb89
7AR77J2rxjxypBmWfVZ++O57qj6ur134gANU32EXXo9rfgK7sN0zYyfxUm7K7fWiMG73IIoTvdK8
Jru1vG9gS85yJ96OCul3J5PE+Z/xzn7mz7G2YF9iRu9QAFmIUd41JrS7tz2m7lN5MY/6t0R9X5ny
hdsljIvRNeVsVDapTzdZm/bpxUX5F0bbqS3ASVCBv/81+mXV2bW4SbV7OgHTWqAi1iuvA3DX2Omr
uyRdUWEdQdFuPVuNx6AKQ8WU5tRI/M377Pz6OCxA9UnYl5aBwDCqIF63s198zAeM+608aW6dTvB0
FC55GZ7i7tUjkUO/pKeN0sINSKkWSmziqKsMpOI4GV/3gl1V5RKqGCYBZyTqv9wHZigHVUZ2W9cf
s6vWfGhJ4Qhp2djglw85sjdB0hEEd4sIplailvz5+XNsPK6AZ75DbK5BMiP32HplnbVujCH75l/A
wZhRhEPWyM3Fy+XyZUFynRcnq3ijy+XmE8r4P1o68pOut41QyLFWeWGwrRLYHv5p+yZkvuMlHJzK
FGvZbvf4AelIwUhxwnmEag5mrLH0+ycqUtjsruKVnwnwMxsiBwI25UGqimN/wTE/Cojof5uSuZ0E
bJfgSasArFjNRceLnnYCmRAqg2P3+oWokSlp4tT9UMy0wcm5FzP30j7lVvcUXD21N+XqldRw4eIG
9b99fodJABCtvxqJMQt1R6U6ZTTGN86yat3TJM2JUCuxN4HHowiwon6161CDk8n9zZa66BgJGJTV
xN4l53EToByEBPhjr2O6SFQzMJl2lwACSmvcs2n7IMykuva4Iygr+i0HQ47iWosY7jcJMH6PBT5V
xhiPYINWEpdKJ452IimgO2XOintlr9HTpSk2nMUE6K3PsBneIQ77S95lMKU6v2PRptPnDaIHH2X+
h0pjcJkVLCqmOOhH8GcauVLq5eRceZTCzTL9Vr/qJOG8zVjnyKOPlktVVceitehU+LqT5bCMCqv5
uLtF336vnZ6soeN9zkXFXwd/HiH4SgFobDql7idKPWXrhvFH0WJP8a7K1sN2RZK5uip3f8Dnk+ld
iw4BZBrmh3cmV05j/sT43Bu49zA8GE7fD9LfybJdWB9vDrbeQ5gjJxD0PZ1TaKeLsZH6OPNrzH1d
cu7C3D+n6ODzgdHnFqZEW0gAh/xETttTvqG9wZxLNH4w+cQ3AMYSVKXKK1K5UDAcZl/EbppsZ6ze
kALg07zQZfz9CJ+Nds5L3/OvR4ruAICVVu1x7K41Zfx+S6LmMJiT7ifPRf7Iq+6aZlYPU12GCqfe
zDkSe8iASarmJsuqzQ0gzVRSs6PQMUGmz9CjcvhgQ2I79pNEy42A6M/+HG53TPnIaBGHoJFB/smN
V3FPja02Tg1jnIkU+70Mp5BRI8Nw4/H/Lbc/HZANOoWV+veQdvks2DY78/lrff5UlYklEyjl1tbZ
WauvSl7rym8klgLMSWiB8wH+peLtPduqzZsptxe/KVeuuEYcjdLxNY9RWUxoIbdMtrrnEYTdDAjh
dfm57evQWHgPY5MvlQeQbvmA6RgCwZPFcaezFs0EsEPwyUZ9X2hnrVmW4vnXKZ3nvKh3Jc7WxXbm
6udSZx1eA2xTaTOYnPD7dvZLqbmX9xks/46G2HCjPxGvhkJDKcKofaK9U3XFjVOo6J3MtSUYqS4v
3EJtPAdLEu/aORU+2FL0WKpg8FEFICt3RtCufziWLMue8JYYsQNZXHWGcTFgq0ZyUbTY6h/88IHc
QxaGS+rswZN2XsU8n5FjxuhSlvOOGGNn4XGuIMDqIlE9P9BqUAzjeQE7/amoFSv6ISC6xWo6/iJA
PceWNestmZiSPlRr+RKijfQ6dc5NDsjLQRUN5rlpcsUz02SDetcAie4YJ73yF4rTeLfVPGkd5sPN
bL77MAsuBJxIxWP/ibRcgCrv0TzAnFiieIdEvgne3SdzV57L+DnYymci6ZDY2AxmiGoQEruuSsb6
kq2DRiB/NsgcpO8oLqp1qFSBXngZhpdwgIpkTWsEpD7YFHH/fZyWI2HKILq/kDMUl0kGVQdGcDvv
4/L5iYSy7vPnHk8sQGPssef/RYBn+knd+qK7WOA72EUvMoFt/hG6bLnF2lqwUkJhJdJTBFMCsRpS
OPt1HVQdPNE+xrZwAQBH8B7u7CYPpf12GL4IhpZwAPcf7MxT2X1zdjtxpb3bk98wUtlqMnGLaO6+
pHWQfqEw80xVObgqC+8nqwHEcr4OsZomlbJhnmR3T4ThHU5J5xo0jqMgKXguD2m5I0rk/BZZ71bI
KfRTX97Z85oBaI5FxT0KrxqQTmpjnpJ0tox7AcSp2IIdzlakCM3wToNv1yoyty+SeM5MXkg5Dk2M
+AsZQQ736fViT+TUCUQf30Uldk2411fELCl6CIm2kGfUhv2vTjwjEGZy6t3LUzZsu922aUymZFHk
qcUb0RHzEb+fyJahbrcjjsm5694uc/8iYOrLs8mwyC3FP5e5q8ZKQOcIG2pQd6vYcXtLeuB8arCS
OTm/XtTLZze/hV32Pp8nCKPcDDM4tuZMlVDoWySGTYBwBPd+zeI8QiT6BzxXLwc6L6Cio9hMx2HI
RjCo5yLyU16Wpo5A9ZCIIdGtB4vYzag/wKRp4wEbxrR+EeGXz1iAHOyjn6Dy1qF25mNPNidNAX0h
UmOFUhvMOix5nEVtjWSpc0WYe4ypM14buYyr5fmSsXXC45zCvEMONa+QT0zTciacil17LXL+DKo1
qHqgTCnmNTJuCHBcTLVFhL/fRWK0Ytz75UrtFHXPleARF1iN7o08t1liceVpl8ktJ7whc55ZDh/u
lI3huXLwYWlWQ/xEcUZeLYENSF/Fi260k1BKBu8k7nJA/XrqbgjJPIiK3lrq8Vaybk+gvknkExdL
j+HMNHNSK/Q82+ke0Q8roQh+L6s+Z4JMbCiR8rzLyOnu8OfuMXe9pwReX6Dzr7XxAWeX4qVky3ks
IGLeQOzrU1iwGJ/nyeXdk+xaU5Ijeco6qJ0P8212pMVLNoCHM/BwP8JGU5JvLswZgl24gJjeVglE
Z9j1lTFLL/oJoLkBaTcGUY/N16bavCdEj3GIpRtp2gqAtC9tz0Dtmqi4OiRWMRJMAUlJhNks0JXI
1BPYqU/Q9xa5/OSE/HT5VlTNNajHOBvn+3b6qh2odcqinTrswGraKzszRcQbNc5rKrrtxPly5UpC
NAa2mquOND0rwyh0+9Bcj3QGMOY00Z0HWPSHrPpjTubajxgjHR4sYuGTRZrt5KIx3AigYMPiu2ve
mxLIp1bRxtxwfyY1egljwDv0geetkC1vcHIhj43DceFulCypKgJMnQ67JMiXBjRq26GRidmo3WvZ
FEgzjfnri+z0ys8smXIp9qySjKyTqzxk4oLKOXDX88UBGoCm5p5Z9vwuvP8SL3TJNNiZa9RidFqQ
jpF9xyFF2Ak7mS7A6kpc/5jrN/c031SGInkwpBNhwKvjdbsQ15Vd0m6b7PJcdtk/uKY+HVRKFCdX
buOC+rQTff089UNVq7aDOxWp96P1qdDA9fypPkmq55MvL/Ov72S0kZ374u7nlgxj/CH16fwoqhpz
JUeu63Ix1/+lVHKPZwHg/e1dxs9fqwDug9zvLxc/phspqb3LGinnJtcPfn8lAfDuc1K/B3KpPXFl
4NqXxoH/AYxv4sD7IIFVAAAAAElFTkSuQmCC
--001a113dbd12a912fc0562e0ce36--


--===============3826503841321470750==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============3826503841321470750==--