rules/Azure.MariaDB.Rule.ps1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # Validation rules for Azure Database for MariaDB # #region Rules # Synopsis: Enable Microsoft Defender for Cloud for Azure Database for MariaDB. Rule 'Azure.MariaDB.DefenderCloud' -Ref 'AZR-000330' -Type 'Microsoft.DBforMariaDB/servers', 'Microsoft.DBforMariaDB/servers/securityAlertPolicies' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { if ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers') { $defenderConfigs = @(GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/securityAlertPolicies') if ($defenderConfigs.Length -eq 0) { $Assert.Fail($LocalizedData.SubResourceNotFound, 'Microsoft.DBforMariaDB/servers/securityAlertPolicies') } foreach ($defenderConfig in $defenderConfigs) { $Assert.HasFieldValue($defenderConfig, 'properties.state', 'Enabled'). PathPrefix('resources') } } elseif ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers/securityAlertPolicies') { $Assert.HasFieldValue($TargetObject, 'properties.state', 'Enabled') } } # Synopsis: Azure Database for MariaDB servers should only accept encrypted connections. Rule 'Azure.MariaDB.UseSSL' -Ref 'AZR-000334' -Type 'Microsoft.DBforMariaDB/servers' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { $Assert.HasFieldValue($TargetObject, 'properties.sslEnforcement', 'Enabled').Reason($LocalizedData.MariaDBEncryptedConnection) } # Synopsis: Azure Database for MariaDB servers should reject TLS versions older than 1.2. Rule 'Azure.MariaDB.MinTLS' -Ref 'AZR-000335' -Type 'Microsoft.DBforMariaDB/servers' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { $Assert.HasFieldValue($TargetObject, 'properties.minimalTlsVersion', 'TLS1_2') } # Synopsis: Azure Database for MariaDB servers should meet naming requirements. Rule 'Azure.MariaDB.ServerName' -Ref 'AZR-000336' -Type 'Microsoft.DBforMariaDB/servers' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Operational Excellence'; } -Labels @{ 'Azure.CAF' = 'naming' } { # https://learn.microsoft.com/nb-no/azure/azure-resource-manager/management/resource-name-rules#microsoftdbformariadb # Between 3 and 63 characters long $Assert.GreaterOrEqual($PSRule, 'TargetName', 3) $Assert.LessOrEqual($PSRule, 'TargetName', 63) # Lowercase letters, numbers, and hyphens # Can't start or end with a hyphen $Assert.Match($PSRule, 'TargetName', '^[a-z0-9]([a-z0-9-]*[a-z0-9]){2,62}$', $True) } # Synopsis: Azure Database for MariaDB databases should meet naming requirements. Rule 'Azure.MariaDB.DatabaseName' -Ref 'AZR-000337' -Type 'Microsoft.DBforMariaDB/servers', 'Microsoft.DBforMariaDB/servers/databases' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Operational Excellence'; } -Labels @{ 'Azure.CAF' = 'naming' } { # https://learn.microsoft.com/nb-no/azure/azure-resource-manager/management/resource-name-rules#microsoftdbformariadb $databases = @(GetMariaDBDatabaseName) if ($databases.Length -eq 0) { $Assert.Pass() } foreach ($database in $databases) { # Between 1 and 63 characters long $Assert.GreaterOrEqual($database, '.', 1) $Assert.LessOrEqual($database, '.', 63) # Alphanumerics and hyphens $Assert.Match($database, '.', '^[A-Za-z0-9-]{1,63}$', $True) } } # Synopsis: Azure Database for MariaDB firewall rules should meet naming requirements. Rule 'Azure.MariaDB.FirewallRuleName' -Ref 'AZR-000338' -Type 'Microsoft.DBforMariaDB/servers', 'Microsoft.DBforMariaDB/servers/firewallRules' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Operational Excellence'; } -Labels @{ 'Azure.CAF' = 'naming' } { $firewallRules = @(GetMariaDBFirewallRuleName) if ($firewallRules.Length -eq 0) { return $Assert.Pass() } foreach ($firewallRule in $firewallRules) { # Between 1 and 128 characters long $Assert.GreaterOrEqual($firewallRule, '.', 1) $Assert.LessOrEqual($firewallRule, '.', 128) # Alphanumerics, hyphens and underscores $Assert.Match($firewallRule, '.', '^[A-Za-z0-9-_]{1,128}$', $True) } } # Synopsis: Azure Database for MariaDB VNET rules should meet naming requirements. Rule 'Azure.MariaDB.VNETRuleName' -Ref 'AZR-000339' -Type 'Microsoft.DBforMariaDB/servers', 'Microsoft.DBforMariaDB/servers/virtualNetworkRules' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Operational Excellence'; } -Labels @{ 'Azure.CAF' = 'naming' } { $virtualNetworkRules = @(GetMariaDBVNETRuleName) if ($virtualNetworkRules.Length -eq 0) { return $Assert.Pass() } foreach ($virtualNetworkRule in $virtualNetworkRules) { # Between 1 and 128 characters long $Assert.GreaterOrEqual($virtualNetworkRule, '.', 1) $Assert.LessOrEqual($virtualNetworkRule, '.', 128) # Alphanumerics and hyphens $Assert.Match($virtualNetworkRule, '.', '^[A-Za-z0-9-]{1,128}$', $True) } } # Synopsis: Determine if access from Azure services is required. Rule 'Azure.MariaDB.AllowAzureAccess' -Ref 'AZR-000342' -Type 'Microsoft.DBforMariaDB/servers', 'Microsoft.DBforMariaDB/servers/firewallRules' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { $firewallAllowAzureServices = @(GetMariaDBFirewallRule | Where-Object { $_.properties.startIpAddress -eq '0.0.0.0' -and $_.properties.endIpAddress -eq '0.0.0.0' }) $Assert.Less($firewallAllowAzureServices, '.', 1).Reason($LocalizedData.MariaDBFirewallAllowAzureServices) } # Synopsis: Determine if there is an excessive number of firewall rules. Rule 'Azure.MariaDB.FirewallRuleCount'-Ref 'AZR-000343' -Type 'Microsoft.DBforMariaDB/servers' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { $firewallRules = @(GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/firewallRules') $Assert.LessOrEqual($firewallRules, '.', 10). Reason($LocalizedData.ExceededFirewallRuleCount, $firewallRules.Length, 10).PathPrefix('resources') } # Synopsis: Determine if there is an excessive number of permitted IP addresses. Rule 'Azure.MariaDB.FirewallIPRange' -Ref 'AZR-000344' -Type 'Microsoft.DBforMariaDB/servers' -Tag @{ release = 'GA'; ruleSet = '2022_12'; 'Azure.WAF/pillar' = 'Security'; } { $summary = GetIPAddressSummary [int]$public = [int]$summary.Public $Assert.LessOrEqual($public, '.', 10). Reason($LocalizedData.DBServerFirewallPublicIPRange, $summary.Public, 10).PathPrefix('resources') } #endregion Rules #region Helper functions function global:GetMariaDBDatabaseName { [CmdletBinding()] [OutputType([string])] param () process { if ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers') { GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/databases' | ForEach-Object { ($_.name -split '/')[-1] } } elseif ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers/databases') { ($PSRule.TargetName -split '/')[-1] } } } function global:GetMariaDBFirewallRuleName { [CmdletBinding()] [OutputType([string])] param () process { if ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers') { GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/firewallRules' | ForEach-Object { ($_.name -split '/')[-1] } } elseif ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers/firewallRules') { ($PSRule.TargetName -split '/')[-1] } } } function global:GetMariaDBVNETRuleName { [CmdletBinding()] [OutputType([string])] param () process { if ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers') { GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/virtualNetworkRules' | ForEach-Object { ($_.name -split '/')[-1] } } elseif ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers/virtualNetworkRules') { ($PSRule.TargetName -split '/')[-1] } } } function global:GetMariaDBFirewallRule { [CmdletBinding()] [OutputType([PSObject])] param () process { if ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers') { GetSubResources -ResourceType 'Microsoft.DBforMariaDB/servers/firewallRules' } elseif ($PSRule.TargetType -eq 'Microsoft.DBforMariaDB/servers/firewallRules') { $TargetObject } } } #endregion Helper functions # SIG # Begin signature block # MIIoUQYJKoZIhvcNAQcCoIIoQjCCKD4CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDOHF6WmGMfZpg6 # IGs1LEFRmJ9O90fH5r7DcJFVS/Kwp6CCDYUwggYDMIID66ADAgECAhMzAAAEA73V # lV0POxitAAAAAAQDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTEzWhcNMjUwOTExMjAxMTEzWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCfdGddwIOnbRYUyg03O3iz19XXZPmuhEmW/5uyEN+8mgxl+HJGeLGBR8YButGV # LVK38RxcVcPYyFGQXcKcxgih4w4y4zJi3GvawLYHlsNExQwz+v0jgY/aejBS2EJY # oUhLVE+UzRihV8ooxoftsmKLb2xb7BoFS6UAo3Zz4afnOdqI7FGoi7g4vx/0MIdi # kwTn5N56TdIv3mwfkZCFmrsKpN0zR8HD8WYsvH3xKkG7u/xdqmhPPqMmnI2jOFw/ # /n2aL8W7i1Pasja8PnRXH/QaVH0M1nanL+LI9TsMb/enWfXOW65Gne5cqMN9Uofv # ENtdwwEmJ3bZrcI9u4LZAkujAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU6m4qAkpz4641iK2irF8eWsSBcBkw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMjkyNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AFFo/6E4LX51IqFuoKvUsi80QytGI5ASQ9zsPpBa0z78hutiJd6w154JkcIx/f7r # EBK4NhD4DIFNfRiVdI7EacEs7OAS6QHF7Nt+eFRNOTtgHb9PExRy4EI/jnMwzQJV # NokTxu2WgHr/fBsWs6G9AcIgvHjWNN3qRSrhsgEdqHc0bRDUf8UILAdEZOMBvKLC # rmf+kJPEvPldgK7hFO/L9kmcVe67BnKejDKO73Sa56AJOhM7CkeATrJFxO9GLXos # oKvrwBvynxAg18W+pagTAkJefzneuWSmniTurPCUE2JnvW7DalvONDOtG01sIVAB # +ahO2wcUPa2Zm9AiDVBWTMz9XUoKMcvngi2oqbsDLhbK+pYrRUgRpNt0y1sxZsXO # raGRF8lM2cWvtEkV5UL+TQM1ppv5unDHkW8JS+QnfPbB8dZVRyRmMQ4aY/tx5x5+ # sX6semJ//FbiclSMxSI+zINu1jYerdUwuCi+P6p7SmQmClhDM+6Q+btE2FtpsU0W # +r6RdYFf/P+nK6j2otl9Nvr3tWLu+WXmz8MGM+18ynJ+lYbSmFWcAj7SYziAfT0s # IwlQRFkyC71tsIZUhBHtxPliGUu362lIO0Lpe0DOrg8lspnEWOkHnCT5JEnWCbzu # iVt8RX1IV07uIveNZuOBWLVCzWJjEGa+HhaEtavjy6i7MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGiIwghoeAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAQDvdWVXQ87GK0AAAAA # BAMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIEjy # 1qXct6pwZ7RY6y5Ur5J042rSSJ/3nVWr2Wo1yUggMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAfZk1S9HoqQ1UF+/Y7BwjHmm0TiMvWspB0+Yt # IsRjev/KCs6Q6szVaDmA/X9709F45DAT1FG9Jva4PhhBxhB3J5tpLZ9JMtKVGFvH # gh+8SQTz4j1yxBP0oNeI0DyfMTnIYpOmFIPtnUondRo/KGyHDbOOy8nayFhWgR+z # ETjm5hOgzyfjqZujbeXEWUgklkBQ+YOw/MBOoyzO5VgjlZIz3eKYSORof9p40mbV # yLNNDN2xtSqyCdV1Guvcrn+13RuzUDWdtfGwY7nTIGmqov8yxgVbcwGK0u3ybHSR # yc5qJdiKzvPd6pnVsDD0dN9s1EX2hfV5BgDyT5j6IJ9IVG7TiqGCF6wwgheoBgor # BgEEAYI3AwMBMYIXmDCCF5QGCSqGSIb3DQEHAqCCF4UwgheBAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCAJc1Q/aeTxyeYjaiGBUWXzgfJOcWu7M/5s # IF+HfbVAlwIGaFL2JyEzGBIyMDI1MDcwNzE2MTcxOS4yMlowBIACAfSggdmkgdYw # gdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsT # JE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMe # blNoaWVsZCBUU1MgRVNOOjUyMUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIR+zCCBygwggUQoAMCAQICEzMAAAIAC9eq # fxsqF1YAAQAAAgAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwHhcNMjQwNzI1MTgzMTIxWhcNMjUxMDIyMTgzMTIxWjCB0zELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z # b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046NTIxQS0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv # Vdpp0qQ/ZOS6ehMXnvf+0Xsokz0OiK/dxy/bqaqdSGa/YMzn2KQRPhadF+jluIUg # dzouqsh6oKBP19P8aSzlUo73RlBbZq+H88weeXSRl9f8jnN1Wihcdt1RSQ+Jl81e # zNazCYv1SVajybPK/0un1MC3D+hc5hMDF1hKo4HlTPPVDcDy4Kk2W6ZA0MkYNjpx # KfQyVi6ReSUCsKGrqX4piuXqv9ac6pdKScAGmCBKwnfegveieYOI31hQClnCOc2H # 0zqQNqd5LPvz9i0P/akanH38tcQuhrMRQXGHKDgp2ahYY1jB1Hv+J3zWB44RHr2X # l0m/vVL+Yf4vFvovr3afy4SYBXDp9W8T5zzCOBhluVkI08DKcKcN25Et2TWOzAKq # Oo1zdf9YjMDsYazgdRLhgisBTHwfYD3i8M2IDwBZrtn8dLBMLIiB5VuV1dgzYG3E # wqreSd5GhPbs1DtjufxlNoCN7sGV+O7zeykY/9BZg1nXBjNhUZHI6l0DxabGrlXx # /mvgdob3M9zKQ7ImlFnL5XdEaKCEWawIlcBwzOI7voeKfAIiMiacIUoYn8hsuMfo # nt8lepE9uD4fqtgtnxcGmZcEUfg9NqRlVjEH8/4RBsvks3DRkgz565/EKWNXg76c # eQz7OBLHz7TsFVk8EqyWih5uyaEhwE7Tvv2R6FyJgwIDAQABo4IBSTCCAUUwHQYD # VR0OBBYEFIAlJNq+CSMqqB7nFA5effl9d3c6MB8GA1UdIwQYMBaAFJ+nFV0AXmJd # g/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9z # b2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6 # Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGlt # ZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0l # AQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA # A4ICAQAo8Ib2eNG0ipD5+4QKDHNYyxA4jce9buxX0+YRYII5aVO4YIjM2LeJt0tl # LRvYgMeDTIuu11W4GLcXFV16whe7NjKh8h79qVMF1XgOGKMtNe0Hs2A6ejsbXaI7 # e3qPLWE9Kq7MYuvL/aYRkHAixKhLYP4f7ccInE8PKHMwWo/6mWW08AIH9A3Bnur4 # cbJm/e/x636tBiDywXc9O5Z4ODd1H/OTU1rAn918UINiVY14IEIu809AFx4xhcVE # UqFxJTCzuYV0gMOFmnGrIgoPZYPAXI0gYR7Of6d3iRdG6l40TH55KklfKVEP7V3j # mFvo/M4gXsGRw+1G0VbbBeCSMuq1NZaUGS/OXa419gncI9lVoPIwNppeA74foOKu # wnggb2KQh33jX6ZYN6OSPlpif1A3pE5+j8c0eDW2KbCkWhSK+oAW7qKtZkXDlX7I # uvwUtzudsxraUVKLHO73rN2cOw8ibPRzpK1tjKEpKUze4NGL1RbJ1IqqcRu0noyT # 5i7G/OmuS5ZAlhZ+k++6D7BOeKjKRXBzTJFVyx3jEzOeedG1kMYxJQSX20xWd5th # GyHBkjIlOwGAtmYczurZMUr9f33jhKQirJjbYBy4t7Qaqg18BIIhxm3Ntn/M/iVP # b83SkNufZ98DONmSEj5Cuqv3zeZBlbBl2vdOTUxgSUNOHPYPQzCCB3EwggVZoAMC # AQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29m # dCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIy # NVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9 # DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2 # Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N # 7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXc # ag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJ # j361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjk # lqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37Zy # L9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M # 269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLX # pyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLU # HMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode # 2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEA # ATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYE # FJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEB # MEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # RG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEE # AYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB # /zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEug # SaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9N # aWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsG # AQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jv # b0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt # 4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsP # MeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++ # Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9 # QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2 # wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aR # AfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5z # bcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nx # t67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3 # Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+AN # uOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/Z # cGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNWMIICPgIBATCCAQGhgdmkgdYw # gdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsT # JE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMe # blNoaWVsZCBUU1MgRVNOOjUyMUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQCMk58tlveK+Kkv # exIuVYVsutaOZKCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MA0GCSqGSIb3DQEBCwUAAgUA7BXXIjAiGA8yMDI1MDcwNzA1MTgyNloYDzIwMjUw # NzA4MDUxODI2WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDsFdciAgEAMAcCAQAC # AhW3MAcCAQACAhIGMAoCBQDsFyiiAgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisG # AQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJKoZIhvcNAQELBQAD # ggEBACkP9ruPdQak6Uec0lhLx8cfYs8k1hyBM+DT65FXajM5HTQ43YjWXkQBUVwG # UedejAXTaTSkNvWRwd9ojWIHGUSFx0EYjP6WFWH7PK58o5j+5T4ggl1PD2dgfgeX # nPi/LhCB/Xr/UzP1lTdj3ci6/dn1Pt2XFD1mFpld182QgErIHKtOpx4NfqSYrNn2 # ZQfCPtuyRApiDuKRiFsDMPM0xKzYwyKPHwwCeOS7BUz2/auS60DoHI+UgSAtZpva # CtHkryr3PNe09tX81PuD6hq4dHqMJigD9HnZWw6tbVfZOs88BGAEtNnU57m3q1lT # OhzwY0I+h2zcf7Uqh6lVgfImTxwxggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMAITMwAAAgAL16p/GyoXVgABAAACADANBglghkgBZQME # AgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJ # BDEiBCA+vyPvFB8w4wJletmvHAKq+rTVroD0mIGm71rHeMl+NTCB+gYLKoZIhvcN # AQkQAi8xgeowgecwgeQwgb0EINTI7ew1ndu6sE0MZQJXg18zaAfhpa5G50iT/0oC # T9knMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAIA # C9eqfxsqF1YAAQAAAgAwIgQgoCmaTS2wjVlMRaMxx7wZwfGP9w+ik53thuwxEHq4 # zyswDQYJKoZIhvcNAQELBQAEggIAXvSVL5GcuBqz9sCRw30memMlkR/jcODs+c0j # iyTmvY6JxwzQmj82+XlQRo1bw4B6K9Uo/LeDxz1pG0KGCW9QbvdJEKBIXzb+RTHM # wVcV/3U/GPsxcu6oft6IvtOGnat92c3bkXWhVTggoN+svKWKhNAiDyoF9HhLTEjz # L5vlhSG2Y+IaAbYPlNDSf9ryKghn+NjkHaaXG169y2205akMDuOzSd3DMhM50pNb # W1nYMw/09rv+OF3hzcLy3DE2dXDwBc6lh2E0jfjhDzX0wQ8eYkEfszZ8NQB+g1V5 # vBDBlx2vbKg8PEsoMIsaFQuDg1lEUG0YjKPJO5KHSLLmf3CO2iMilwaM895qxRRk # nEl51/FKi52OBvR/vJUxw5h2XPiEYQttecKb8r5LKJvv/sj38dMjsv0jvHTv6+av # cs+pBLMVY/AwJSQ0Xs4bScUcwF0f7jpFxDqQ3TbCTQbJDqbfrW+1lD58t2XxOfxp # rqv1mxOlkhQj1RVEQvmiN8KqorKdphW89DkLqiXjE60HExhC7hQB/RVe8UBGWk5r # PRbupaDmaEOFnx0ZEUY/Pd1OAnFziP9n6c8Ji+XuomHA9u5e9ieRUHZcud8P4pqp # MInwrMnSjhDOWJ8eW3ubOzM80NprRyoUYmASR7hA4gvhzSmqSOeroaLE/rY5T3Ke # SlsWGPc= # SIG # End signature block |