Inital commitHEADmaster

1 files changed, 19980 insertions, 0 deletions

diff --git a/hw9/mail.cogarr.com-CIS_Ubuntu_Linux_14.04_LTS_Benchmark-20191119T233003Z.html b/hw9/mail.cogarr.com-CIS_Ubuntu_Linux_14.04_LTS_Benchmark-20191119T233003Z.html
new file mode 100644
index 0000000..73ce4de
--- /dev/null
+++ b/hw9/mail.cogarr.com-CIS_Ubuntu_Linux_14.04_LTS_Benchmark-20191119T233003Z.html
@@ -0,0 +1,19980 @@
+<!DOCTYPE html
+  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:cce="http://benchmarks.cisecurity.org/cce/1.0" xmlns:cc6="http://cisecurity.org/20-cc/v6.1" xmlns:cc7="http://cisecurity.org/20-cc/v7.0" xmlns:cve="http://benchmarks.cisecurity.org/cve/1.1" xmlns:check="local:check" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1" xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2" xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.3" xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0" xmlns:fn="stylesheet-function" xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2" xmlns:oval-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-res="http://oval.mitre.org/XMLSchema/oval-results-5" xmlns:ccpd="http://benchmarks.cisecurity.org/ccpd" xmlns:output="http://www.w3.org/2010/xslt-xquery-serialization" xml:lang="en" lang="en">
+   <!-- This XHTML page was generated by the Configuration Assessment Tool (CIS-CAT) from the Center for Internet Security -->
+   <!-- For further information, please visit the Center for Internet Security web site at http://benchmarks.cisecurity.org/ -->
+   <!-- transformation performed 2019-11-19T23:30:10.478-05:00 using Saxonica version HE 9.9.0.2-->
+   
+   <head>
+      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></meta>
+      <meta name="date" content="2019-11-19T23:30:10.478-05:00"></meta>
+      <title>Benchmark Result xccdf_org.cisecurity.benchmarks_testresult_2.0.0_CIS_Ubuntu_Linux_14.04_LTS_Benchmark</title>
+      <style type="text/css">/* Copyright © 2010 — Center for Internet Security */ /**************** GENERAL FORMATTING AND LAYOUT STYLES ******************/ body { /*font-family: "Verdana","Arial", "Arial Unicode MS", "Lucida Grande", "Lucida Sans Unicode", "Lucida Sans", sans-serif;*/ font-family: "Arial", "Arial Unicode MS", sans-serif; font-style: normal; font-weight: normal; font-size: 12pt; background-color: #505050; } p { font-size: 12pt; font-weight: normal; font-style: normal; } p.explanation, p.rationale, p.check { font-weight: bold; } h1 { font-size: 18pt; } h2 { font-size: 16pt; } h3 { font-size: 14pt; } h4 { font-size: 13pt; } h5 { font-size: 12pt; } h6 { font-size: 12pt; } ol, ul, li { font-weight: normal; font-style: normal; font-size: 10pt; } div, span { font-weight: normal; font-style: normal; font-size: 12pt; } pre { white-space:pre; font-weight: normal; font-size: 10pt; } #reportContainer{ width: 892px; margin: 0 auto; background-color: #ffffff; } #footerContainer { width: 892px; margin-left: -10px; margin-bottom: -10px; } #detailsContainer { page-break-before: always; padding: 10px; } .ruleTitle { color: #1F497D; width: 90%; margin-top: 10px; } .ruleResultArea { float: right; margin-top: 10px } /**************** END GENERAL FORMATTING AND LAYOUT STYLES ******************/ /**************** STYLES USED FOR HIDING AND DISPLAYING OF RULES ************/ /******* DO NOT CHANGE THE NAMES AS THEY ARE USED IN JavaScript *************/ .hidden, .tableHidden { display:none; } .visible { display:block; } .tableVisible { display:table-row; } /************ END STYLES USED FOR HIDING AND DISPLAYING OF RULES ************/ /**************** TABLE SPECIFIC FORMATTING STYLES ******************/ table { empty-cells: show; font-weight: normal; font-style: normal; font-size: smaller; } table.profile { table-layout: fixed; } thead { /*color:rgb(254,189,59);*/ color: rgb(255,255,255); /*#72a94e;*/ background-color:rgb(0, 59, 92); } tbody { color: inherit; background-color: #f0f0f0; } tbody.tbe { color: inherit; background-color: #ffffff; } tbody td.group { color: inherit; } .ruleGroupTitle { color: #1f497d; } tfoot { color: inherit; background-color: #f0f0f0; } tfoot th { color: inherit; background-color: #d0d0d0; } table.result { font-size: 12px; font-family: courier, fixed, monospace; } table.enum { font-size: 11px; border-collapse: collapse; } table.enum td.enum_name { font-weight: bold; vertical-align: middle; } table.evidence { font-size: 12px; border-collapse: collapse; } table.evidence-sep { font-size: 12px; border-collapse: collapse; border-bottom: 2px solid black; } tr.evidence_check_header { border-top: solid black 1px; } td.evidence { color:rgb(255,255,255); background-color:rgb(0, 59, 92); } td.evidence_bold { font-weight: bold; color:rgb(255,255,255); background-color:rgb(0, 59, 92); } .bu { font-size: 12px; font-weight: bold; } .but { font-size: 12px; font-weight: bold; text-decoration:underline; } .logop { font-weight: bold; font-style: italic; font-size: 12px; } /**************** END TABLE SPECIFIC FORMATTING STYLES ******************/ /**************** RULE AND ASSESSMENT DETAILS FORMATTING STYLES ********/ div.Rule { margin-top: 1em; padding-left: 1em; padding-right: 1em; padding-bottom: 1em; border-style: double; border-width: thin; } div.warning:before { color: red; background-color: inherit; font-weight: bold; content: "⚠ Warning ⚠"; display: block; } div.warning { margin-left: 1in; margin-right: 1in; margin-top: 1em; margin-bottom: 1em; color: inherit; background-color: #ffc6c6; text-align: center; border-style: double; border-color: red; } div.question:before { font-weight: bold; content: "Question:"; display: block; } div.question { margin-top: 1em; } .question { font-style:italic; } div.rationale:before { font-weight: bold; content: "Rationale:"; display: block; } div.rationale { margin-top: 1em; } div.check:before { font-weight: bold; /*content: "Test(s)";*/ content: "Assessment:"; display: block; } div.check { margin-top: 1em; /*border-style: dotted;*/ /*border-width: thin;*/ overflow-x:auto; /*background-color: #eee;*/ } div.fixtext:before { font-weight: bold; content: "Remediation:"; display: block; } div.fixtext { margin-top: 1em; } div.message:before { font-weight: bold; content: "Note(s):"; display: block; } div.message { margin-top: 1em; } div.fix:before { font-weight: bold; content: "Remediation command(s):"; display: block; } div.fix { margin-top: 1em; } div.platform { margin-top: 1em; } li.operator { list-style-type: none; } samp { display: block; color: inherit; background-color: #f0f0f0; } span.outcome { float: right; clear: right; } div.backtop { text-align: right; clear: both; margin-top: 1em; font-size: 11px; } .code_block { background-color: rgb(221,217,195); border: 1px solid black; font-family: courier, fixed, monospace; font-size: 10pt; display: block; } code { color: inherit; background-color: rgb(221,217,195); font-size: 10pt; /*WKM 07.01.2013 - Commented out as it was causing some whack formatting*/ /*white-space:pre-wrap;*/ } .registry_key { color: inherit; background-color: inherit; font-family: courier, fixed, monospace; } code.sh.root:first-child:before { content: "# "; } code.sh.user:first-child:before { content: "$ "; } code.sh { display: block; } code.shell:before { content: "# "; } code.SQL:before { content: "SQL: "; } code.path:before { content: "path: "; } code.oracle-parameter:before { content: "test: "; } div.xml { margin-top: 0em; border-style: dashed; border-width: thin; display: none; height:25em; overflow:scroll; background-color: #eee; } div.cmd { margin-top: 0em; border-style: dashed; border-width: thin; display: none; height:5em; overflow:scroll; background-color: #eee; resize: vertical; } div.evtest { margin-top: 0em; border-style: dashed; border-width: thin; display: none; height:10em; overflow:scroll; background-color: #ffffff; resize: vertical; } div.cveevidence { margin-top: 0em; border-style: dashed; border-width: thin; display: none; height:11em; overflow:scroll; background-color: #eee; } div.cceevidence { margin-top: 0em; border-style: dashed; border-width: thin; display: none; height: 13em; overflow:scroll; background-color: #eee; } div.profile-action { text-align:right; } .pathname, .code, .command, .configtext, span.pathname, span.command, span.inline_block { font-family: courier, fixed, monospace; } span.command { font-weight: bold; } span.test_title { font-size: 11pt; font-weight: bold; } .referenceList li, .referenceList li .bold { font-size: 11px; } .listing { margin:+2em; color: inherit; background-color: #e0e0e0; border-width:thin; border-style:solid; overflow:auto; } .binary:before { content: "[ "; } .binary:after { content: " ]"; } .result-outcome:before { content: "«"; } .result-outcome:after { content: "»"; } div pre { font-size: smaller; } /************ END RULE AND ASSESSMENT DETAILS FORMATTING STYLES ********/ /************************* GENERAL TEXT STYLES *************************/ .highlight { color: inherit; background-color: #FFFFCC; } .weight { text-align: right; } td.numeric { text-align: right; } .underline { text-decoration: underline; } .italic { font-style: italic; } .serif { font-family: cursive; font-style: italic; } .bold { font-weight: bold; } td p:first-child { margin-top: 0; } .pass, .fail, .error { background-color: inherit; } .fail, .false, .vf, .high { color: red; } .pass, .true, .vnf, .low { color: #33CC33; } .error, .medium { color: #FF8000; } .unknown { color: rgb(0, 134, 191); } .notapplicable, .notchecked, .notselected { text-decoration: line-through; color: gray; background-color: inherit; } .informational { color: gray; background-color: inherit; } .hint, .caption, .action { font-size: smaller; } .action { text-decoration: underline; } .action:hover { border-style: dashed; border-width: thin; cursor: pointer; } .cce-action { text-decoration: underline; font-size: inherit; } .cce-action:hover { border-style: dashed; border-width: thin; cursor: pointer; } .evidence-action { text-decoration: underline; font-size: inherit; } .evidence-action:hover { border-style: dashed; border-width: thin; cursor: pointer; } .block { display:block; border-style: dashed; border-width: thin; } .inline { display:inline; border-bottom:dotted; border-width:thin; } .extends { font-size: 10pt; font-style: italic; } /******************** END GENERAL TEXT STYLES *************************/ /* This style specifies a selected row like you see in the profile area */ .selected-row {background-color:#72a94e; } /********************** STYLES USED IN THE FIRST PAGE OF THE REPORT ***********/ .subBar { background-color: #9cbac7; height: 40px; border-bottom: 1px solid black; border-top: 1px solid white; } div.introFooter { text-align:center; border-bottom: 1px solid black; font-size:8pt; padding-left: 100px; } div.introFooter p { font-size: 8pt; line-height:4pt; } #coverPageTitle { padding-top:200px; height:300px; } #coverPageTitle h1 { text-align:center; padding-left: 100px; font-size:20pt; } #coverPageTitle h2 { text-align:center; padding-left: 100px; font-size: 18pt; } #coverPageTitle h3 { text-align:center; padding-left: 100px; font-size: 16pt; } #coverPageTitle ul li { text-align:center; padding-left: 60px; list-style-type: none; font-size: 12pt; font-weight: normal; font-style: normal; } #coverPageSubTitle { /*background:url is customizable*/ color: rgb(255,255,255); padding-top: 30px; padding-left: 10px; height:376px; } #coverPageSubTitle ul li { list-style-type: none; font-size: 11pt; font-weight: normal; font-style: normal; } .sectionTitle { color: #000; font-size: 16pt; } .subsectionTitle { color: #000; font-size: 12pt; font-style:italic; text-decoration:underline; } /****************** END STYLES USED IN THE FIRST PAGE OF THE REPORT ***********/ /****************** STYLES TO SPECIFY THE INDENTATION IN THE SUMMARY TABLE *********/ .sub0 { background-color: #d0d0d0; font-weight:bold;} /*.sub1 { padding-left: 10px; font-weight:normal;} .sub2 { padding-left: 20px; font-weight:normal;} .sub3 { padding-left: 30px; font-weight:normal;} .sub4 { padding-left: 40px; font-weight:normal;} .sub5 { padding-left: 50px; font-weight:normal;} .sub6 { padding-left: 60px; font-weight:normal;} .sub7 { padding-left: 70px; font-weight:normal;} .sub8 { padding-left: 80px; font-weight:normal;} */ .sub1 { padding-left: 5px; font-weight:normal;} .sub2 { padding-left: 10px; font-weight:normal;} .sub3 { padding-left: 15px; font-weight:normal;} .sub4 { padding-left: 20px; font-weight:normal;} .sub5 { padding-left: 25px; font-weight:normal;} .sub6 { padding-left: 30px; font-weight:normal;} .sub7 { padding-left: 35px; font-weight:normal;} .sub8 { padding-left: 40px; font-weight:normal;} /************* END STYLES TO SPECIFY THE INDENTATION IN THE SUMMARY TABLE *********/ /****************** STYLES TO SPECIFY THE STYLES IN THE ASSESSMENT RESULTS TABLE *********/ .sect { background-color: #d0d0d0;} /***************END STYLES TO SPECIFY THE STYLES IN THE ASSESSMENT RESULTS TABLE *********/ /********************* STYLES FOR THE FOOTER ****************************/ .footerBar { background: rgb(255,170,51); /* Old browsers */ background-image: linear-gradient(left , rgb(239,121,47) 33%, rgb(255,170,51) 67%); background-image: -o-linear-gradient(left , rgb(239,121,47) 33%, rgb(255,170,51) 67%); background-image: -moz-linear-gradient(left , rgb(239,121,47) 33%, rgb(255,170,51) 67%); background-image: -webkit-linear-gradient(left , rgb(239,121,47) 33%, rgb(255,170,51) 67%); background-image: -ms-linear-gradient(left , rgb(239,121,47) 33%, rgb(255,170,51) 67%); filter: progid:DXImageTransform.Microsoft.gradient(gradientType=1, startColorstr='#EF792F', endColorstr='#FFFFAA33'); /* for IE */ background-image: -webkit-gradient( linear, left top, right top, color-stop(0.33, rgb(239,121,47)), color-stop(0.67, rgb(255,170,51)) ); height:75px; border-bottom:1px solid black; border-top:1px solid black; } /********************** END STYLES FOR THE FOOTER ***********************/ /******************** STYLE TO SPECIFY THE HEADER BACKGROUND *******************/ .coverPage { /*background:url is customizable*/ } .logoContainer { position:relative; width:887px; height:100px; } .logoBar { background-color:#ffffff; align:right; position:absolute; top:10px; right:10px; } .outerDiv { width: 100%; text-align: right; // center the content of the container } .innerDiv { display: inline-block; // display inline with abality to provide width/height }​ #toggleUncheckedItemsArea { text-align: right; clear: both; } #toggleUncheckedItemsArea a { color: gray; font-size: 10pt; } #toggleFailuresOnlyArea { text-align: right; clear: both; } #toggleFailuresOnlyArea a { color: gray; font-size: 10pt; }</style><script type="text/javascript">
+<!-- 
+/**
+* Can get the ID of the button controlling
+* a collapseable box by concatenating
+* this string onto the ID of the box itself.
+*/
+var B_SFIX = "_button";
+
+/**
+* Returns an element in the current HTML document.
+*
+* @param elementID Identifier of HTML element
+* @return               HTML element object
+*/
+function getElementObject(elementID) {
+    var elemObj = null;
+    if (document.getElementById) {
+        elemObj = document.getElementById(elementID);
+    }
+    return elemObj;
+}
+
+/**
+* Closes a collapseable box.
+*
+* @param boxObj       Collapseable box
+* @param buttonObj Button controlling box
+*/
+function closeBox(boxObj, buttonObj) {
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else {
+        // Change 'display' CSS property of box
+        boxObj.style.display = "none";
+        
+        // Change text of button
+        if (boxObj.style.display == "none") {
+            buttonObj.value = "+";
+            buttonObj.innerHTML = "Show";
+        }
+    }
+}
+
+/**
+* Closes a collapseable box.
+*
+* @param boxObj       Collapseable box
+* @param buttonObj Button controlling box
+*/
+function closeBoxML(boxObj, buttonObj) {
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else {
+        // Change 'display' CSS property of box
+        boxObj.style.display = "none";
+        
+        // Change text of button
+        if (boxObj.style.display == "none") {
+            buttonObj.value = "+";
+            buttonObj.innerHTML = "More";
+        }
+    }
+}
+
+/**
+* Opens a collapseable box.
+*
+* @param boxObj       Collapseable box
+* @param buttonObj Button controlling box
+*/
+function openBox(boxObj, buttonObj) {
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else {
+        // Change 'display' CSS property of box
+        boxObj.style.display = "block";
+        
+        // Change text of button
+        if (boxObj.style.display == "block") {
+            buttonObj.value = "-";
+            buttonObj.innerHTML = "Hide";
+        }
+    }
+}
+
+/**
+* Opens a collapseable box.
+*
+* @param boxObj       Collapseable box
+* @param buttonObj Button controlling box
+*/
+function openBoxML(boxObj, buttonObj) {
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else {
+        // Change 'display' CSS property of box
+        boxObj.style.display = "block";
+        
+        // Change text of button
+        if (boxObj.style.display == "block") {
+            buttonObj.value = "-";
+            buttonObj.innerHTML = "Less";
+        }
+    }
+}
+
+/**
+* Sets the state of a collapseable box.
+*
+* @param boxID Identifier of box
+* @param open If true, box is "opened",
+*             Otherwise, box is "closed".
+*/
+function setState(boxID, open) {
+    var boxObj = getElementObject(boxID);
+    var buttonObj = getElementObject(boxID + B_SFIX);
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else if (open) {
+        openBox(boxObj, buttonObj);
+        // Make button visible
+        buttonObj.style.display = "inline";
+    } else {
+        closeBox(boxObj, buttonObj);
+        // Make button visible
+        buttonObj.style.display = "inline";
+    }
+}
+
+/**
+* Sets the state of a collapseable box.
+*
+* @param boxID Identifier of box
+* @param open If true, box is "opened",
+*             Otherwise, box is "closed".
+*/
+function setStateML(boxID, open) {
+    var boxObj = getElementObject(boxID);
+    var buttonObj = getElementObject(boxID + B_SFIX);
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else if (open) {
+        openBoxML(boxObj, buttonObj);
+        // Make button visible
+        buttonObj.style.display = "inline";
+    } else {
+        closeBoxML(boxObj, buttonObj);
+        // Make button visible
+        buttonObj.style.display = "inline";
+    }
+}
+
+/**
+* Switches the state of a collapseable box, e.g.
+* if it's opened, it'll be closed, and vice versa.
+*
+* @param boxID Identifier of box
+*/
+function switchState(boxID) {
+    var boxObj = getElementObject(boxID);
+    var buttonObj = getElementObject(boxID + B_SFIX);
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else if (boxObj.style.display == "none" || boxObj.style.display == "") {
+        // Box is closed, so open it
+        openBox(boxObj, buttonObj);
+    } else if (boxObj.style.display == "block") {
+        // Box is opened, so close it
+        closeBox(boxObj, buttonObj);
+    }
+}
+
+/**
+* Switches the state of a collapseable box, e.g.
+* if it's opened, it'll be closed, and vice versa.
+*
+* @param boxID Identifier of box
+*/
+function switchStateML(boxID) {
+    var boxObj = getElementObject(boxID);
+    var buttonObj = getElementObject(boxID + B_SFIX);
+    if (boxObj == null || buttonObj == null) {
+        // Box or button not found
+    } else if (boxObj.style.display == "none" || boxObj.style.display == "") {
+        // Box is closed, so open it
+        openBoxML(boxObj, buttonObj);
+    } else if (boxObj.style.display == "block") {
+        // Box is opened, so close it
+        closeBoxML(boxObj, buttonObj);
+    }
+}
+
+/**
+* Closes all boxes in a given list.
+*
+* @param boxList Array of box IDs
+*/
+function collapseAll(boxList) {
+    var idx;
+    for (idx = 0; idx < boxList.length; idx++) {
+        var boxObj = getElementObject(boxList[idx]);
+        var buttonObj = getElementObject(boxList[idx] + B_SFIX);
+        closeBox(boxObj, buttonObj);
+    }
+}
+
+/**
+* Open all boxes in a given list.
+*
+* @param boxList Array of box IDs
+*/
+function expandAll(boxList) {
+    var idx;
+    for (idx = 0; idx < boxList.length; idx++) {
+        var boxObj = getElementObject(boxList[idx]);
+        var buttonObj = getElementObject(boxList[idx] + B_SFIX);
+        openBox(boxObj, buttonObj);
+    }
+}
+
+/**
+* Makes all the control buttons of boxes appear.
+*
+* @param boxList Array of box IDs
+*/
+function viewControlButtons(boxList) {
+    var idx;
+    for (idx = 0; idx < boxList.length; idx++) {
+        buttonObj = getElementObject(boxList[idx] + B_SFIX);
+        if (buttonObj != null) {
+            buttonObj.style.display = "inline";
+        }
+    }
+}
+
+/**
+* Makes all the control buttons of boxes disappear.
+*
+* @param boxList Array of box IDs
+*/
+function hideControlButtons(boxList) {
+    var idx;
+    for (idx = 0; idx < boxList.length; idx++) {
+        buttonObj = getElementObject(boxList[idx] + B_SFIX);
+        if (buttonObj != null) {
+            buttonObj.style.display = "none";
+        }
+    }
+}
+
+/******** WKM *************/
+/**
+* Makes all of the pass results disappear -- effectively shows only failures
+*/
+function hidePassAreas() {
+    handleUncheckedDisplay("failuresOnlyArea", "visible", "hidden");
+    handleUncheckedDisplay("failuresOnlyArea", "tableVisible", "tableHidden");
+    for (i = 0; i < document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a").length; i++) {
+        if (document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].href != "") {
+            document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].onclick = displayPassAreas;
+            document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].innerHTML = "Display All Test Results";
+        }
+    }
+    return false;
+}
+
+/**
+* Makes all of the pass results show up -- effectively shows all results
+*/
+function displayPassAreas() {
+    handleUncheckedDisplay("failuresOnlyArea", "hidden", "visible");
+    handleUncheckedDisplay("failuresOnlyArea", "tableHidden", "tableVisible");
+    for (i = 0; i < document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a").length; i++) {
+        if (document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].href != "") {
+            document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].onclick = hidePassAreas;
+            document.getElementById("toggleFailuresOnlyArea").getElementsByTagName("a")[i].innerHTML = "Display Failures Only";
+        }
+    }
+    return false;
+}
+/******** WKM *************/
+
+
+/**
+* Makes all of the not selected results disappear
+*/
+function hideUncheckedAreas() {
+    handleUncheckedDisplay("notSelectedArea", "visible", "hidden");
+    handleUncheckedDisplay("notSelectedArea", "tableVisible", "tableHidden");
+    for (i = 0; i < document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a").length; i++) {
+        if (document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].href != "") {
+            document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].onclick = displayUncheckedAreas;
+            document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].innerHTML = "Display All Defined Tests";
+        }
+    }
+    return false;
+}
+
+/**
+* Makes all of the not selected results show up
+*/
+function displayUncheckedAreas() {
+    handleUncheckedDisplay("notSelectedArea", "hidden", "visible");
+    handleUncheckedDisplay("notSelectedArea", "tableHidden", "tableVisible");
+    for (i = 0; i < document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a").length; i++) {
+        if (document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].href != "") {
+            document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].onclick = hideUncheckedAreas;
+            document.getElementById("toggleUncheckedItemsArea").getElementsByTagName("a")[i].innerHTML = "Show Applicable Tests Only";
+        }
+    }
+    return false;
+}
+
+/**
+* This function handles the work of displaying or hiding all of the not selected rules.
+*
+* @param displayArea - The class denoting the display area
+* @param valueToLookFor - The class we want to look for (hidden or visible)
+* @param valueToSetTo - The class we want to swap out
+*/
+function handleUncheckedDisplay(displayArea, valueToLookFor, valueToSetTo) {
+    var checklistTable = document.getElementById("assessmentResultTable");
+    for (i = 0; i < checklistTable.rows.length; i++) {
+        var classValue = checklistTable.rows[i].className;
+        if ((classValue.indexOf(displayArea) >= 0) &&
+        (classValue.indexOf(valueToLookFor) >= 0)) {
+            
+            classValue = classValue.replace(valueToLookFor, valueToSetTo);
+            
+            checklistTable.rows[i].className = classValue;
+        }
+    }
+    
+    var results = document.getElementById("assessmentDetailsArea").getElementsByTagName('div');
+    for (i = 0; i < results.length; i++) {
+        var classValue = results[i].className;
+        if ((classValue.indexOf(displayArea) >= 0) &&
+        (classValue.indexOf(valueToLookFor) >= 0)) {
+            
+            classValue = classValue.replace(valueToLookFor, valueToSetTo);
+            
+            results[i].className = classValue;
+        }
+    }
+}
+// -->
+</script></head>
+   <body>
+      <div id="reportContainer">
+         <div class="coverPage" id="top" style="background: url(data:image/gif;base64,R0lGODlh0QADBfcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBVZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDVmQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMrzDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YrAGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaqM2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmAmZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9VM/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//VZv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADRAAMFAAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3MiRoYUKFT6GBClS5EiSIFGmBPkg5QNQQFhWCFWhZU0jyoy03FmzJhw4PIP2fLCzaE2iRB0kXaq06YOmUJ86mEq1qlUEVLE6wMp1q4MDW8EeQNAAwdizaA+oXcu27YEAauG+nQvgrYEAd+/WBRAAAF+/gP3W/PiAsIWWEAYj7pk48eLEHw9/hKMz5c+eIJfBccn5x2ahoCm0VCq69APRFRykPs30qeupUl/H1tp1aleyW8vqRkAW69iyYoF/PWvWrFu5ctXePWBg7oG6cKHnxft8OmAxJVWmzD7SpHaZLC8T//7Z8nAFZUAx86wASibo1EeHEo2v9GnNpqtFw4561WpWr7YFeNtXYX1lloFoFceWcca5FdeDcC23l114VciXXnsFkElINiXW3XbgFVYBZI+NJKIR6bWEonrRaKLeUBYo855q843Gmmk0suaafq/xx1+PCQRYlW9egbVbWb0hCVySZjWg1nAOPujcWs0t91xc0+l1pV/PAeaiSuY5Zp6IkXG2EksiPfBDeykB8WVPmoCSpnkstffeaEPFV6NqpOmo32p8xraff1Q9VZtWXg3Y21gG6pbgowyqJYCD0c0VoVx1Tbdll5z6tY9kYIYaYpkknkQmKI2BRJOHFsCxzIs8af9SWZ5BoeanfUjd55psTvnYVJBK0TZkgGARuGiRjSrYaFpRspXcWshRKG2GBlz4FwAG4LDPSh56CBKrZJrIGWGY1RTKDzJpgm5PP+S0nk0PGPFGaEIpBd+egN6Xn329CiqVkP0lKqCxufWGIIEJOqmggtA6yxxyzdW16YQU47UXAJN8etJJkIE3Yk+RiQgiuRVQZlOrlZW3TBHwumeEizvZWpNoQeFpb5838/oUBb0W2jOwiAadW6K78SYWgk1G2myDbUUoJXVwVbilhX35FQA0+3TIIUonb0wyt3mOB0eaK5KrGZovgvIurXnmqG+ur+0L2789EooogFw1IDBYRIr/VdxuvxmHILNNO0yddIdPneVeMQhUJkqsfjzYSR+lyp23KPJEHmbotbzeMnf21OdOgeaHn84/+gysA6uzjrcDeufdFaN8I6zsWkwT7lxyz0JcaYXWYVu1AY1vW57k2pW5E52cLTbUZRwWsZlMZ+c5FJu14lmUaTauZmOgPPK4379QEfrfgEf3RtZYB4pFnMKE5y5lc1DTz9y0m/alpeNngiqiTR8iSbi8EzL2ANBNk6uAJkLRsjyBIgdsu1PM5pMzGvUKUOUblG0M9YABCaksAjMY7ZDmN7UwTX6U2t1y7gK8Fl6sSwGQhEC6IzLKcYhkkXvXmFLyKsech1wPgEM0/9RDpyCyLIIzIwpq6rOafMkGUKijWwb9cyivHMk3fWPSb9ACHNwVzi5skdiDrESx51jMYsqYYQ099L+VPE5ypAJRYV4Sk/DMqgJAgMYc3QOSzd3rXjVbIumOAj5ekaZnhhqWwAQEwhCK8G8MG47SCDep41yJQppCXMWqhZeBmCg7oJSc817EtZVQZnLQ20k06thANcGMbTRKop4seCvZiI98dMNK3RaZFRCmj0nJ6qLgTOjFL/YOQmCckAsxJAZPUg5eJAvlh7oFso/Fa3otAcJneDivEPWEgUjUkb7shSso8smc/RqfIu+WqNuAEJhnIeFwoITCZsmFflWKWpYspP+XvGhiIIZBSSjLw5Mdes1jfnxAEVxkNmyyDXvh/GP34qajfunHVz7zWRWn0kiDYdF2jmJYg0RqSbVAB0L5xGQLMZQJT4qEjeQyj0kIuLWgvLQCa4Kj2q4HM5LtREaiS+IEu5czQu6IX4b01386SMWp1M6jCDNQsgJ3AGHaU0pTuuRJW6g4/XXSkyJ73ExBRtCvBbBl4GTJq0z5qrXVxA7oopee6GMj05iTNeosHwJ26UFhuZMrfAvsoki6JGI2q2FkvJKEzKglv8iAIByTCTUDSKeQ+bSAFoAJZuAQkzkaIRqee16KIihImunKe/W5ZVMuKqiABQwrINxNgbSIoJD/Okl3hlUh70z6oDLuRUstBWjyREVQlQDwhh4rWWUOk0qQGI+UCt1m6Gq0L+/hSG49au1TgCUVoA1MUb4My7FKuLC25O5Z0FqhPqWGuMYCII1gDej/YurG5d0QgCJzjKw2m56a/AC0KWHjTTQxQVne7G1GRW1rcNbaKb72P+El0oHG+7cFEbOeT3PYwx62zwwJryA25M7jUlXKlYQVgCtiyYrgtY+U0WpNoZXrUgRZyEClzsGJFBZVivXXqFK1fcWZp4PMgt57JhOM653Y/iCLvDYWcazZ6ZjHHPMy56mtodCtiZ1oxZpZyse09bEoIn+EKPItMm+OnO3RTGhVw6Lw/5jRosuGN2mxjEH2ptyhrGTLpZgCpoQmLlmrTeK0tkHHNagFJuefKLrEu2rQzEx93euEtWZjkVeYt53kYdsisUxVyrdmfC+INyY5ASuG1JUj9cl+ak32sLJkgoaVySJYL3zhNYo4K992CRVpIfHtnQVjkhYXdZbbujnD9ctwpylErboYJKCR+5BJqMm85R3vZJx1ySlF9F/rae4NiEZ0l/Gqq7oilbXpzGgi/yNpYD6ysIMrL4Y1PJcs4Y9afWkmiC/3LbIeFHKoXrWr+csTI4CueSoerfaE2kSiukbBYx7Uv9hZRb8ia4SB6yLChrzpDFtKsezdFBoMUtw8j7WNPv80cWXhdUrCZM4lz/XhTn7wStAM9bQHjhuD063uqbQOQMaKHbDVJ9gSxpM4xURAtJIjsRVuOOQeDu6dBbg1+dpQoHP0jsCrzK4ttyQah+ajAWFJK1vlDKm8Ml3qhDYwIc2uYErCYmG7mNuOYxVT6+1wdQJwEFFVHUxa4/Mnt5aSN7UEdGmqXqGV0bah0AzMRC33n268S0GxM4Swu03fQDrYEsJPd3G2n5XUOzEz3qDvk/WWTKE5slZfG20VaCthIKrAnb4HDoeWYMNpeSNcVx4qd2NqbQjm460MFt65rWc99WmpxULdYlJn8livPuKatp7132yZZuFEE/ym64g8KWr/LHFlM6bI7cbBB9j51i+7uCfp6MQuL72LfL9LcXilAbBzQQK6esJ3zY3+FyrHIysENWvMBVS3lx7jx2Vm5z38oisX5COGJDQUGHQSxnnwl3Qp1DBPh1JJtkkAEA19Jy4gIlCt5j9oYxj2pWXgcRk24SolthNwUARIZEG6Amb3gh87p12uRT5doTd4805IElggRVVVVXfz1hyKhSX501gBQA+oh3VWNzIA9DjrwRmJsV89oU1DYQR6dCcLlT3hZCO7YmNJJYH8sVEhBGy/JmFIR1InVFJRMyXMhymlBwCndxDZUUOg1EbItYIq6B0r9hEwBnNmAk011zbmVjo0QjM2/7ha2TUolwd0Fic7UuU3VwQ4dDdvDrJsn3YlLpQGCCGAdKJ63/Exc3ImixEvidh9PbEMQBBjNcF4gaR7YYZU6SRFutYUe6VRH2RFf9V58XZsI5Vbu7U7vAWKdwhfz1ZyJlhqaOMtCbSK3jETIvMSP0Au6MFH8AIKhzZ+Q8WIQvWIt9YzDtZ2kzZ0EdaGGZc0a/F5HIhVG6ZVR1ZGCXF1fkhAfFhDNSQuHkKLI6EJJKMZrQQnNRh+dHUruWhjY9aLGmRxRCNCcNc+w2iExUQpoxctiKM4xTOCMHV9qbYdx3ViBlUnaVIyDhUn3iSDRlB28EJO4nR2OINBDZZRbqd+aP+mecIBZBcGj5rmcRo2IaC4T/rWdyKWj2BzPFJ2XCMhJgrUWTfRX0F0cEJRE2+ggLQSSzkSKEflaDxYN73GbkQSkbL1Ue1YWLh1VXWYXk2IF/+EEDLVbyDykQHkEqm2R943ayBBczLxX6HFLonoNuEnTtqjg7cmPhmkFd0FdJP2XYAzVQyzRUozSeglelzVXn2hEFRXEnw4eNZWjQclMggkOd0nEs8VQbbneGQ4mBa1YJGoVOZzZpkXYUNYIBlnkfN2TFaCjFB3Jdpyj/wmkrBXlyWyip2xZVoGlQ+wDC1ZaOcxhhVwXQsXgfxijri0Fet2N5VIMOwoXkZHT0h3VUz/CDxHZiHRZxAJFDmRk4oAJGUliFwjsgGbAB6GVwFgJ4svIToICTfm9nBmqFoRx06RpoZP5UtYtGbuGJkWFo9AqYy+dZ77lzxV2DIztUZy6ZzsQU3bZi5fUpDqoohBVTpIgSNKpDM8o4s+wnbEgiyPZIFvmBaZ9kUapl6LlUnPsQyaGZdRZoJZZ5cB1m949i3eSHCFl5pCsTn1Mld9QjO4+JrWqZ1NBVtV1IYHc5vDUVjFaEx3V29zSDG/mRDRFnjiUo0WeibIIxOUkSYIJIOx9mLbBI5DwURIgXaTh1e7KEWz0W7/8VSb92PhyYkOooTJdimZJIqa+Xd7aCqWNZyp/9IyKYekqtKXAOZWhbif52RuNOaaN7Yfk3iTF0hbvLEkmtg+f0pMcTaHXDqUKsWMcMmj9BUuxzVt/XM8IlmIdRKLLLFK3HgUXkdrggRF8FFj5ZhXheJBlAggT2U7tlNVkZmlHaeEVmKHK8UQohRiwyUZYmpqY0InXCg5tHeaVQlUNlhLFZVEtxhxu/QrVSEVtVEs6RNVPCmMxASPG7h0vGWjUkOtz/iRxSWNsjo5ZoUZbcUSBKhWo6Ue2GhzqjmY/kluPGdIAAOlisKd6gM4xCZJC0pkJZWMc1g/eFGUCRGSnTlcosQ8J9mU0whoNvFyLQEK0kUrs5ZoesIjOViGOlFnjgGSS+x2k2x4ceNVqmkZj7uZOIsFHRCKnq46OalXgiJLdUyZGLQoNgL7SmyDe+G2PTpSUb1Xp3kFsa51KLFTMMlSsUAGP5tYdzIKNR4oIUf/u3+xeor6yDwCFE2n9oIuNpotoZLOeZW1mLXjxnsLiaJVESRhKWkFaomYWF5thltKJ49qmxf0uBcNAXDQiIJye1/X1z8+MT3f1IUAFkF8uYC1coMlGqwOi4s8t646VnGWpmY+VmEVhrbzh0yeuBwNIWJw+0wh6bRkVZJcCECGhxNZ1hLg1GXjWro2e664lkHZKZa99Kmt+6IYu6CbtptNl3d2YagLMV+TozUCJo3+9kwASGVf4hgwMXOf8h4saBQ1YldLEazjNKwoGpbs2h9TaoFxBzhoUZHMEmeXNIfOdxcjp6+4S1OcaYVAxJmCN3aF15yZkXu0goAGZhR9AnHo/0STXRss9utUtjF0BkJbxcaTbtEg6IVVmZKqE0IMt3tt8uVn3oJ9MVhKjrEMQPRyNRENDkUrcCVLoJEjjmiuqJO6UXqTr5M+BlqlCip/chiPv1O0DnF1NkSr0vZJYdW908ge3fsyPIWfcNBNg/SAJWq8SZFEAOozu+YVPuh2ESa2tAPCwrE0zSJGEmN/EvKlC3GhVleh1cqU9vV/LJfDOwUSCyR2OyE91FUzYeyITUqdOGuTA+q8LPpu8pYwJMWgyRGt+IRJ2nvHuKsSJGaCqWZyYTMYenl412OkecKXYgy/FFS6YYZOX5mYjIl5a0yEtvwVGmd3juscJ4WZbftscv/Jr3FLSnVrPT7VXBUwn+HRpkFRqVxmruOIi+dXk7DhkOvHwWu4eWV7Oy/arDKqQliiTyo8uVUMxdXYMbs7xSlnHqo8e7iKR9CAq4XmdY1WTu8LuL43Ppf3c/f7dqFKYViqyyasHOCcOA8RxS3cZ/2IX0AkeMelsptLPRAcFN7Ivn+LK4osrDu3i7w4LBLbwR5Vm+UFJZB5kSX8cfiaLQdNeJ18zqi4MeFiTSeZGMiJU/0Ve9tUtXElM8hrXeVnmD2HY7P8g9BLkYkLP8Q2wpY8RspGIb+MntFGTcX10qoIKmbiHmmyXz7kig+gDIEMGnyLaD6M0UuxK6oViaqzwY3/OZHu98bueGFBa8kRQ493wap3PHh+ZxIi8slostdwlCd6iUepGQqJmCcoIpjihlqmKz4YjFE5u047hnlkS1XypNQbq4xT0ssHYNc5yjUJTW1mCp98RqF95FDLuVkDW2CuxIC5wkRbCYFpJ3HV3Fob1a7FdyzxyqxelDuc6DsgdwAQkUCiXIJldaZSlkMuI5XscWhwwHhINHaXynBcSUumq0486FpqzLr/TGHBESlQ0r8NAzHzqLYAMMBPfFOEJ8x/t2c/aibUlFMslzJFsAxhVzO0GBSN6Ldc+0Sy7WCr07xAVztG/Ejk5T4XiWHH9L/+FNwbE21vVE2LIaveq4rf/yIj5OKCeOQu3ra+iT2i5TqTqaNd1oyTbmeJZsndZ9vbbGE/ais1X/UQoB1ZvftvU01qMo0ZrlgTYZgSnYNEH0qYTQSTTGqz4XPdVtE6OkYgSi5hbc2TtQW0aREtgsphvNWR561ywg3T8HmSO5RyMmEe2PMRvxsSZ+M5qDGD+K2acrPYZxjLqwOlki2EbjhVGAuoUXKM7GXHtzu3w8V6WkfV3xFQmFGwnXsU0PCyQcG3PYxzrWyGju7YVgHgq2uBdP6iui1/xnGqvJU4UGPeT1zFZXU8J+nXdomXBvV6mgCVIAFUmYHoz9NNRVUjuJJaY5xuDdZB/+JdPMvkvDFbbv/tJMuqFsYm0BwoNQawyXs+eDQFpAFXjS5tUKfEEg+gsl391XzkGTPCyr1H5DcruGZG4hDZnZD0KJaO4B+3bHQxzgcdlzM+SjfO0DbFj1S3OR6iLoOW2hJVqY/Hn9N9upSXhgESJBXIwcIWd5dGqt9tXshIJUG5YRLBtAd1wABo1cQ52ntJYGjqwM29qzvRHgv4iPQRv4xMzTa5s8nqz++EoGg5yeJZKcoIF3kIEf4TU0yp1wErYM6TatSGnEGUIjih6kLxQEdhWlnb70fFkNZpjhCpY0bC6+kjmZeuywkORpuifytNspYV4QD3wg8+kjIhJzJhw29wLuHUoQsr3az/nIt4ym4/R8Q9BlgF46fGoTArLykyOseZjex7vnpTaFyEx+cw0kbXmBlBsVBbqOH7qUAsQ5jklrxHnxqQeKeRjhVv3sGY9/RG/X4KummXbIebstkPH20R/280ZCZ6rR0EVdFpAtHbWJBBpJyLNvTTCdu2PkXr5ry27VFNj8TvU+7fzIGYzHcP75l/yBjvDsowwrsCtqEtweoxkojht+O1iM9OUeT9vR/8rEgrysbGh/nATu4cVzgJPsee/hAF3HrTx7taPypmgswFO+2ozBOeYboSpZX3Yv1ozVe0vaffZXwA4eCAQAcIDiBoYFDhgYEMEx6EyFDiRIkADgQwcPGA/0UAmfZ9BBlSZMgKECpUsPDg5AMLFVSeNInypcmWKE/WdFkS5smcMR/AMfJS5aaVFZSByvmAgkqmRTQxdcnUgdQHDqJOrZp1qtWtWh18rfq14FcEZMeOLduQ4ECEBte2bdAQokGKEgMwvIt34t2MdwN4HBlY5M2XLWu2jJmSJ06mLaHWjJmUp0sjmiTDgcMU1LKckjVHdbnU6gOlTKtW4Fo6dVexrLe+Piu2rFm0Yw8WfNh2bkSJdH1TzIu378WMAKIJRv7Rps2ZNycjdpnS8MrpL3caVhnzh2XFFYzAyakJ1A/PSZWpHJ106enRXVFrDQu/NYKwZ8OWnd2WIFz9B//5N0TooNzqIlA4vQzw64AYkktuJ5sOa647nHhiiUKeTLJOqKJC6eyB7VaCAxQgPFvKpfGYWi9F01J7ryvRlAIrxvroo222s2zED62EdkRgoQB/OyCuiOjSqEi9jkQQDQaRg1Cm5SZ0TCboqJNysc66qxCpzioI5SU4NMmsPJXgII+00MzMar2pXmxRvvhaq2++GslKaC2B8FMrT4Ue2q3AvSoiTiMAQFlSMJ2edJAmlaabLLqiqHtMqCg1AYIlppRZ6QdQwOswqTfAQw+0qd5D7ao2X4wRtvrqS6C1OXOsTcAeAYSIT956w9VIXYULoFBDmXPyMCslrRAy5qDcckv/TYrosEvKNoUKxTHTMK1U9KhKjT2tUH3zq1YLmrE2gnArKE/b7uRxLj4X8rPIvhDcCC9fAxN2Qp+ifNDCyDLUqbDsigJKw2VV2g6pUKP9AQ4VXRqVtBKzOtVNsbp11UY5c2RLR93uhGgtiQTKla7g/jwwgBvmHenQRSt07sHHlnNuyskwpNAxzLYM+KRlQIlWMk2jTW9N0trT1jX5XosPR3HnVKvHhNqCa0jeiCQwr+AwsvqANFAeLObnHC0M2Apptg7D7hxk6rudfgrzAVAw1TBang9m2FQXh9bqPdFSDXdiVzXe71y3ABwQXalvLdAiQAFQhuuQZFYU0bMZXdQ5/+sYq8m6kyyDCghQK9hkPMnSczup0q4VleHSuPU7Thq3yjH2G+nsr9zBBz+cQIOuPpK44BwniTCcjL3S0qIci7I6sDszW5mzfz7py6DErECTMkc7XbT3ToNv76Nd+1tOBxoAPC3zx3d6YwE77rPd3jfCAXiQpFusQpYZ9bpR+6/kX0Mui1IJh1QinhH1bDQDy0nQqIKqNhktVRMrywPyM7vZZMyCuLkd+xhCtXZlTXHwskgAxCA/5eQPZj6pUmMsNTzCbMlfK4FbTj40Jji8oWdQIRP3riUV0KgGb9pDmozC17faTNCCUMvTbgYEJA6STCMGiB8JxZY8K00oX5MxHv/LpOS/mBDlQhXgjEtCFCZrJaWG0pJWe7qyuqN55T6vmaBsZlenI6JLN4PjmPvs0jus4QUw8lMMoyCUvBVqiH76O1tOsFS96WnmBzTk3OhcUoTPcW89dWMja960Kr+BCzawolMR91OnOw5og7QC0q4YorhVHqBxUhSW/ZDVKMpBKpFme5SXyCjG6WmKZ9TbTrQgthXVDVM1LXLgA+MoLvzwiI6lVJ9u9LhHI/XxACQsIfKGFayxFYUmMDuW5iS1ErVB5VMvEQ/1SGMwrqxEgZmUmBs76ao3miUtRdTPf6RJF475KFcFCs4IsXkobV6RheBU4fG+6CSfWSYp5QTjiXL/8rCTnKeH2BsV0VKDKq4EkSxVWWZtyJcfOmLwNrJiCMiaWLUj3SWE7/qj/FoWTrRpc2X4+yZUJEPQkwjQMU7JCSgcWq3T8axEDSvN9jKKtzUl0yudBCWsmnlPt2Swn3HZE7sQx9KLbG2ggQwbzDI300cxxmUwixsYDfnLBywjZ2l12yOTwqKMbo91m/xbVkKqNISIki08gmatmtjErD1RI68kobCedFNHRckk31RM5ZJlPHyVLlphdFsN1QmHIpgJqVF5kQ+XwjohgjSvFDTLX/PJFpRyTKW4WimBhrMRbCpHlo4CZ+bwJ5mxxoRmAIxSKMjTmUiCqW0PKxEc0oDJkdHqsIHyaWAnk0ab2PR1gvds2kMMx67YFilrwbFIFLGp2FimEJw6EaQWL4dboQClQ5owQvS+pM6EmS4q2CrVaEjbRjlW7GKxCtxJM7gQrAqJibLVSF68+tXKrSy3TnqshXZarAnXrAJwUMNl5IoZtpYnmM1t51KZmiaKlfg137KnHHmEFtWyNkCvTSVAe/euSdT/dh+W2+2UwnodCi+nMTUVyjkBBqpPGUySHjKYMFHXzqLlrcQWE1+Ki7hiAacLj6fEcnepGQDEwrJl3QwbvqwIXMm60Kze+dwkwwQE8UCFdCqZGxBJhRVNroaTsIGdaU1LUiMCDqUZxBVWufpdhsDLxvuw6YOpqBhF0W9CPz4Ubz00VJcAwchC7SwAk0IMAJpGTdYCcZODGKcoU/eefq4d+/J4YCzXZTgns3HLtLmvsT4ai47aV6dUhhIj52QZL3Frmdyckxwe9XTWyorEPMpJkLoOtediS39ut0RB67GwVlswNm8rVi3i1GXKu06icgm6H0TJspklowHPeGzPMlVv/0VDJsUsFtVQWheDz3StYLPcJy0XKaZSXI5vue1YH98aWI8ad2d6DecRVe+MCbxMph2mLVAnu85P7dadZzfl2JlLXfx0SHevHa8DIKjLiZ2pFSOD0G8Da0oRVlnm4Bstzg7wZgZ0SRpAhT1TwefdHWW2bJy9cdTyZz8nBVk/p9ZqP+UFAIe+scDBOkhcHxy4LpTwri88PRCFqYaRFGYFggnxhuk3nnUWorceuPGBBG6q+hyQrbZKtcLiRby1tdLXIn3emPW4hbpFOFNulhRKijFE6qyAUZ1LNO5tNG9pDx8zU4yxo98J7r55yLqmqTglHXpK9Lvf/hqt06ScDdL7s//fDHPCZjWz9ajmAZpdTyc01nC0tGqfZxzbnrF8Fm43INsqNb1rF01AvX6KffDej4Uov/vvSr+MzC/VEKIyHRkp7bnvekJF5+dCPjbP3jjl1WdSgWj+lAceWcnz8u/Eam7qjA04Q8097n8trzMCTApnHuAUOFRKTHFFEyazM1HDq4tbO5Gaqv2QtqvyJ7lzn5GxCKi7selIDL1jHlrakkDiqU4BK+hROJXwHOvRNKiIJNIhGhVhDdRIpiiTHSmLHVJirbcgHKmJsUE7OYAbngipnBxctMvhF5ZBofvrFInalMwwO2sZmIkrO9V5EdZRQbyiGBYcF9UapcA6HOCbCJH/aSmJgDXPg7/dOpRcqzWGopKEe6+GYwr4cgllMII3GEGG0Syem7jGczeniryy+JbrSjFSeqanIZwfqbb28RN4EahDy61xigwNxI6Cu6lxijkNqbnO6L+TEJGnsK+myIztyx4S269lc4BvIbV5exUF7MOs2o0aBI73OYDiM76quyIHKbir47uxSpZDubmVAKoHsB4jkxaX+DDSqBasUCp4W0HY6a8aGamSSkBZsbL1kYvDEQCWuosbRLkcpBKqK5YeMx6ziRQn0akHqIxoYb0HsIMQGTa5IbtNpL3u80TpcsGiAywYJLAf+aemm4iMWBAJLJv8KSjLQSQMrJ/AGyvP/5Ewg+k/izIglTgP56LDYaS9dvwkTzpGDEIfVHMmf6ILU1qpwpJARFusmqKSHbytLIoOzRG4nfqZ/fm1CigyxONFutohIHo8E4sg/9JDjnsa7TJFkDEleySQQjTEfkS+esmQMcOf+tO1yOIQyXCohFmWM4FKXSyTS1oqxzPAAtSz78OROrGTt7vIUwwSsCQSIvku9huo0LOpRMufQpKMlWswb1wJiQqPoNgOzLih0qg5ESMVizsmvjmt8OGrybs38/m4uFC6aSIQavQysZK150A9KxpKB3M+dEJDl/iUnkqYc4yKc0pIbVET/vqeTyIiWKHC9CmpUxQSVKrH4bumjv8Ut5LkJmQBPKggGwmrrCjJGWKrFE2pL5zbPziwM7PzTGL0qE80Cwl6x8ChSAAxqf8QxH9Kv5JjiI6cwMZElOPrkEXDwMToRklsm0ninGXIRTEJphvCitC6Sr88QP+aHd6DNuecNrCsC0IDSkMcSUIiQ0fbpn/5rckaN4iqtF/imV97PZ1SPMeTPTujgOJ8sjmhDd67SCS6srFEzLowy/Gyzuu0iVzrl1fEIuRxMLAZuw+sHk3xjB2CG9TBm+5jxyi0GOQcRbcriNq5oyDBHUCLMatRTFhyMNDjsSr6GtosSVosnufzDIOsjOqjG7dR0RCbuBZlUNhAsTmSqovULlX/O5zUlDGKoM4by1APXcQhXS+Ww88f1L+ioJQL+5T4Sio3E8ElA8bn4hbv8ZvZGLo4qiCOs6Mlkgt/Cj67uDuoOySp+zEUAsPIKj1+SaT6K50OORHMUC7zdAk7eCQFQg0UbJF4i1KimxNSeoucJMzyo8fu2h29yItANURYnCUg1UGvebTKgs2iEBGai6+EoaRoeZifsKGriEm+dKCMmyc5wlOKfMFQlU/V7LeO6NL0qhL0Mh5/9MdoOSQftBDBY9OcaEMkG0cS+U32UB3Zk0k7xD3jJFcH5TPAkpU9xZ0KnYgdlaKwwpxG2aINVSQN3ZLfCtHqybSVmL4KYLNbLVCm/1ADNySqOTs7TV1P9vQzv/oK9jkwP/0NQmPFjlzEqROe80KWbgRCCQtCGtKpGRqPDntSBwim1RjGunlIYE2VPIxRnLSqP0yXQETMLvXS6yQeb2KoyPFHIs3XuPmOnvmlX0NIMTEFTwNGEPtMcUVOUqun1Kq3hTVF7rLRfUvFA0BVL1RLqstYx6zXfwErTcMSE40WAUIKXnyY0fild0q24QxOPIuRZZIqAGNOh10feswdJ+oqms27fFEves1GRazFhKu1l3CWosCUEhWuG4qKGEq25sqvsxs1Y8QzUSQIT6UqUL3Suq0LCqWIzqPO2OQfvt1bg/NbDUS9cVtJHHqk8f8gE/WQFlDIgYb5TAb61YStJ5YdVqOrqtzgU86NreAgBppFPnrt0Ffkz3nVnITzn88AILsEipsxwc0MCjbBqNkjTrya0lKjKrejsv+wo6l1QC20C5qNuovNu0VcIb4bFkZrmZNEIUrRkDa8sDS4VcXVVTe7ltn1obQjtamIIFEMzHzaGB8JxFQSuQPows9NuZE0IUXqpv60teV9FPdKip9JmLFT0aXozbJboLMzsf6F2xsZqa7USd4FtKUrkGyj2DDc2zB1xaxDXg20P5r7TpfokiIgCl48E3RKqqpUnY1SFch7HaU5i78qnxb7XiJxQFwprIlV4Pb90S9iIf1MpFv/W16bulXJOI+fMRiKYgroOc+hyVSJYRi3ZVrx4StPRWKU+rPz+1OGuFAbO6ThhY7eCrwixSUW1jUQ/KWkWMouGdpNfICF3OFPm8kgZg07vUnBpDwXs50r3ZNasbYDWAbyDcju0FmF6rvp6EflZSgN0eESHeTEkys0OROkCC0VITFiWkGMs0k5WbH0sZM2fi03lprfIV9BIitO5ib6y07KuuPibatOCRikmMQ2NY0cSiAl7D6s/JsJglGnbU/B+cNnBLl+Y4j67MjmABsdo6Jw0+Uxq79FehQR9BTwsB7NwlX0UOe6ojO2VY3IjcJ3pNHKqzJ+Mgi5S6WreQPy9Ujy/8rQb54wRM1jTdM6kwAFRAXHzOg/zkQ2YqMWxuvhEYPI4+TUolvOcrE8SKZaimiiGrPkvwtRmjFd9GpWsvqXtxSTSPxinsGM3oS4rMhis3NC2gNNMxZWB1Wty61RkFs6wmIIJ/7cCrROXUarDxXSD8W6yrLLR+GZy7RExc2BucGbiQu1dgThPfOvOrHct2DAZqxl9/Fnj1w+WeKXmGu5vYW57KwwtTEdzviQGMIe7VG8AsWKVV5leX5myWtkjWmxhQC+fD4cDhprBwHoKpEQhIOUnjA4cvYM6BEKpODidYY90FrRr4gYyGvacq2nCVLjKoTZwfbJAxiDsVask7yfIPSl12+aqe68lzJ7APwTvMzoEvgiHcu2HjrUHg/WbGUytafNpzs5uhrNXH77kzg2RKK+ztuqwORNaZPe42rtDIuSRPLAFGW2JDMxMqRyDwV9qsmFk/B7x6ap5hplunZB7ljzsbQ8oVvDjkNCqERDVM9YStM4J5feVfPMS5Q9k7vxSyj0JCjTQ3PpEXuWpu/VyH8KXn8OlpQLXehOXtgkPedrIQCSS5X42eueXh5KQ7mqSjFOT7e9QyoVzD/83lU776p1VzmG4li1WHDuJiAlaoVebEZCGJ4Zj4G9xPegJA7WxEN+Qhl5nc0m4rJQRjWOppRqNakd/9/C3rZ6mSm3NLjahKtPzqW34gnL6D+n6MWG+UWzC2OOkqe/QTHTkjIIPZ8N8sPvdcZ+u1rXJK+3xGTngCy/s1mVDlGmuEyhaKsHgGox0eAka5P9VTYA196L6erVksEbFW2KUOEuhUXuZEzFFicJ3ymsi26CNNALywyL+iztFhpNtMogn+cAp2c5InCwntp11dJTWr+xrk4NxYl7Qez0nWIcY+yDBk/PsJ5b1WHHW0htmcMQf5NWiZM7Vc5iHeC4o1A/3QuhhvT7tCWyUuxELY965cC1ihug+BCJussuPtqZRBU6FXFOVRoq3GlI9j1sZogVZ/HrZG2RdrRugsyyjv/ub8SslfiUn2ldQV6KN6WrYrLp3vZft13kBNzd9KGV1xI0VmvNwi5pHgxIee2UCCO9hVrUpNDhhe7zhwtGlXgDI+Bg/1a2BwpF5MzdiuTpwEpwN4d1L4VyWGzwOqYwo2whFGoO/0lTuSmd+o3KnDNC7rEWVnajMQ/W3+be7SXvq2pzqr2LR4d01GaUtcb2H+wXGqf06GbpnMAU2FWb6K2KbF1mku8oFfQoYyfi/mo7I+844f6zBA/L2IJ66hzK0nPMMK1je42/q2fr2f5GDrEeDH4zsXuKbDE2Qkc7EH5b8e5r04zaAhNEDoJ2SNfjcKb4jJfWnsE6ySwKiHKkYpb/pPRgq+DkbZMXIgG3p2RsZPPJ3BjjICJ5+Vhvkk+mH5jLe9GtDoLzZCTbds+xIca9qEEO9YMBMRUkdb9E/ZuUnd6DGhOWizzaqtjHLRkG05m5tSC8dJbBc6fumX3PjBMRzvCw7Hcm9oStyYk0YqO7Z9VEHMKae7r/O+EZpzmX4rKCbg79xlxK3UwhE5cGiCIPKgx88IDCwQeaflRwMNBBw4YPEzp0UPFixQQVH1hE4MBjx48hPZJsgACBSZMoERxY2aClyZYyD9BkSTPNvpw6d/Ls6fPnvgoWKggl+mAo0aFIByolCoGo0aIWBkalSrXCU4JCC07VCkprwSKagMCp/wDnR0GIBQeencjR4MaNCONitGgX5Mi8BxzsLXkyJt+VNWceeDmYJuJMQBcz9un0MdKtRpsWTIq1qFbJRY8+zlw5KkFQDCv/EA3qARw4CcHOhfNG4mqIsilyxFj74gO8Iu2KbLDbpce+KmMCL8zyOGKbNDU1bt4Yc+SnSJtqpQy1eubLV60m3Q6W6NiqFUI9OP1GtVaHld+oMYjwrfq48OnetssRQW2SefUH7y848Ew2KUcYYs4ZCNRQnBG0lGacLdWUdNh1ZRlnFUb1lHdnffeAMhV0+ENZHLHGERCvORSRQ3NJNNds9tmH324h5cWXAybRuBKNe8mUI0owHYZYTf8HCskThdNBh9mCUF2V5HddcefZdZUVlJqUFWhSwWmlVaZWQT9o4p5BIsI3Jm646XYXmvt9ZGN/AOYoE3KECUgTGkPaGVRW01GV1Z6bKXWUgpch2VlWgmIIFZ9FhBjVWOGdJuVsWKqVIlwUSVSmRbfVdl9+efnmEZs3ptQfnC/1yFJMQB4QgGJ3CmmZZkZGBlWC1zGpnaCgPVklVUBcKaUdpTGkzEQbeinRpZfOp6xtvDmbpkj8jboSS4GNmqpycw7GnKsH6ilVkn1ONeGfD1LFYJ5MPckgQYpWudBC5Uk5V0KnwfbepMw2q+lH90WLpn6hCocjTMihGmdyiXV7oKD/DMqqpJFLFlpVZN4JulZVRlz5HRxGdMwhQe+BNRCxJ1bELG2Z1pXbs7fpV6O0+rXk5o40AZiwqgcos7CBsDrY2UARTlZUoV0JzVW4EFs80FdSuuZaeQQ9RNBsTSM7Jr3yuVifv/+mCarMawZnbbVypkpYADz33JXDTA169HVFRzXrrkou+NkyVYJI5UIjS93QQuqpKCJdl9ZV0ZkAR8vmtMSRXWrZOMuEg9rO5WlZxN1VDCGtSHOlLqHZcRc1d16CaJZACIW8WlvIap1ymfOZGeOavy0+drXHpUQgwojhVPlzkk2o4FCFBlqZk7bS3Z2uUGrV92eg+IqaasWG6QDU/5TGRiamaPqr28sgASfSzDoKhhxxqg7ILfCLHQlurvBHOCvnQTNZt2RSfrWhMj/Y8cB5uJQegsBBIFJ7XdYMx71ngW9GfrmR+XZHs4LhrFXtA0q4agUdC+WqT4daUpQuliANgs5KQKiS9K4EoqmdSERpgAOlUJQylD3LITBygEYc+Ckb9UVUfzGYnNQHpGVccDFGAhegrkMdotmqSEk0XvM+YxXXbMg0D3DXd1p4ukrFB0zd01oNaSc+vXwkgj+UoI96R5Miuo9t2MEcByc2LlwNamgNstvoPDY6TRQhb1qiWno44iXZDPB1KpPdDXEoo389sId9+Q+cIkmgAFGOjf8/oRBmIrQkyhQPNH/SCoZqZZURuk1KWKwMHNTQtK+0UGRMOyCZkgVG2eVQZYv0je0GxiYd5YgvOqIgkN5gyUse0Xj1o5USm1cxJS7JO0/y1YbeYARieUhKUxsIMcSkOpPF0kW8qQ9/RhI2mZHEfJGM04AGNIlh+gR0D6tjJ++WJE1iJ4ny3JCuxCIeEImGdCtKi7yy1s3YHdJZ9bGdjMY3Nl7qKCYORZhN2MdOnWRuQnz6pOZgZTeMOq+UdjsUlvSmibaAIgd+a2E/Y0ND2XHNIyyj3W8+9S/zBYZaNevdgA4w0Z4ID0myctuEMONO0BiKeZ5JHliWgU9QhKdv3Ez/T+Co9hZLpYg+X1TZyxi5w7CZMX2D8WXCdkokoW5lhJkhV5PmVsplZoZPUfSK85RRQNQYoUonm6vJVgrGGr60geKT6cAeOSofvWkwyqmkWHPiJ58iMzJuRIrQiIq0O16sefEaGSioFEBAthA1b/AiXP7ZPTK9lDdZDdU4yaY7IJozYcJMrGKJV0K3zpGyoGTi8TraVl1Jr4pQoxLGKNIWkW0Ea5uqC1445azwjYp8vWSoYAJUE8McYJ2w3ccR37nEszKRrXh8UGfwOSUDVmakZQHRNldnkPNcj3Ci5R5pl+s1hOKujB9Bji/Lll+cSVSsi7Vf0i5jnWbW9imXc6Yd/3dFpYgQkEpegtTUQETILtKHAocz7YUZ2RHG5e5aqz3MfhETjesGJVCObax4mlJbo9rttnjULRb/5hp7Wa2FUjvWW0QrWkMetyMsG+OGH+gXmpozxDkjcVAgm1EOqth58gRdupS2GfEURGPRhMOvShZIFYGCm/GFr2k7xcCQ9NC5NC2b7kp1zpYgFrbFTCZu5yaVQE05hJr5TnVKt6gqa2KVgfybQTr0FoRsM2U9lp0tgUxfNvllOOfDVs4O0ObEMknJbsTclCVW6ctkBaR1G10F/hjhPpNsXpY6zaTiW9Ue2zKHeAEySHoIHEdDbro2udkBfnfdDTIWwPfkHJI+k/+dPEvGraO0V2XIImhkc2ktxCLcRFQ0y6tiBNa3i9asH50tILGkTiTujFndllGjOvPSFnLrsEFd6u+UhjzlQYvUCC2iK6nH0FZFLlbnG+sN325aRQ4QpBHTX7FertfbvVy56mihtlG5o1YDC1MZclm1AFIhDGkRZ8Esn+RiWE0K5aF9ZTLYIOoMyf+NZ61WDNLvKshi2UG3p0Mzmsoo41dzBSgg3wCELg5UgWEUs6JRotXcmdGct/6RTk3+Po3OKn7j+hnEQsfBEoL6shDnIwDRQ/GEeDYh8m7RfI7LPZAAPaZii1ZgHwdpU+0FyXgKndEgI9ume06yG8WfFDsGaLP/aKKu7noPvRqywqlSisdhfLV8Ndxo/6QvTmBVzhjcfkTG1jF+9sNolM2qWzyz5bNEUQscQJGGCrxw72thb3rlwyJ+hb3aCN2LmWNfMDRqyyY+cHvocnXR+M2PqNFp8WfcelFU1pVjfX/Ag6VNuEGOiaqDpouPofU1fseswydZc8BbYsHrZnfc2c2tbO9J7AaRUFdbBEtpyhJS8TKtIIW2ausPaheNIH6mZw9sttn+S4HjPsrBDvfv0U3TcZpaNY94EQU0fUZpfAnIcN1sIETJcBENfZFylZbXwBrIEQyAANG2sYTbBUVPpZxG2VGeoUv8DMrS2N0rSYmX0FhaAJpBRbCSDEGbQBVUhjXQ/Q2dtqFRa60R7lWU8KgLJ9UZnR0glE2GuoXar3zHMoSI1bBQQjybXGjcytxF1yyStZkRtQCGJCkHYP984KVN2YlFnZzNSigdCQfhGT4RhKBFBMnYS1SJyVpMnFQVHrTRhUsZ1BiBTZDZHwVt4EMRxqTBFvM8VgbxXqY53Ro6jygxSEGEwlI9G9athbQFSxfVIKuxmkXUEhY610LdzqNJF87o2rd136YxE3htEFIpWYWI0hpSBfSAhSbkDQV8zD9NxFzJkI5hSo/VUlbRFxmVT3HwCKRt36614hsh48QIlQYhk7AZIIJxRy6iUtMEkKkdhBp8luHdW4Zh2B5uFWCMT62JIk0QkeTByieNodwFGCklSTtWlvhtSGpE0zIwxAoFEtcNXr7YoQ1yDVZdYW+EEzmV0YfhF858YJL/edR/lRWcYRKdCdt2hBvnaUXrsE4/aUykcB0FDFIdktbqzQ5M7aGM6NInpp1x2FqBfCAyoSOmreMcQR24SZ0BPoaUnIexLINA4Jh6vUdpFN7qgN2FtR4O2g5qqcTjbOCPsMQguhky2hNtNSSU2BNEds5b7YoesZsynFBIyWG8yUuOTdteQUtpCWTs/ceHDdbZ5BpCruQ7ZVL+CBj8uKM8IZWFSBFYiMXo/ABOVkAOgILqeJHUoBqz6AtL2dBx1R9IZCC28RAksRZyLGVixZP/SYe4xWXwkZWtpGAistsS0hx6UBPXcdYypFoCFZ4NJl6MWNtziQ2tCUaqGAYCGOOu/6HjuSRTn4zSnN2ddrTj8IgOlCDbX0YDDD0AJHLJ4ESN9hieP1Ib4tWXX2whmrGdV4HCWhZcypnYkbBLIQ5buiHhheCTUlWJXBFEvARXisTLybQIL9rGq/2Yp/TbcxJH44kiAiAkCLINUEVJrRhbuSjk0+VP+S1iQSDb1ckcFP5l4ADUFFIgb3BiQjkQ+ZQkzfBFwO0MGDKduCwddYCQQnrSbjmZFInGAJUHqt3cyKSIhqSnoX1kfhzUmXwj7jBmTUHXTICVA9in7rFln4zf3LXcdoLo0PCKlYwGWMCBoEENvRRaanjZvR3aN7lIVsGeSA5McRyddEEmpclPeJ1YGP8uozuCWtLUZVQShS2iUt5UgLtAWEMUgRosqF4tp2o+6Gr2x2DxSBrVhGzuWioaye5V5sScISMGGJhynmcZCzQQxBYNDk+WRarFRUPsy5Pim0gKJIedz53+0sAd4xBip+bNnTNaml3C40T2itZphV6iRfIZhFQdBPP5pCE9qS/C1G7YiA85GiQh5YBYqEqO4e8l47cgyss1EX6CxqGg25S8BgtGw0DopDYZxLGk2qA5KaI1S/gMnR9aKoWiCpzo6g8unLhZRyquXFAlUTPZWRJ2CXp8Bj3Am2CuxWo8Cj9G62h1opzyYUnijtEZFk00gH3ugxxpFLod0VVgVDw5EU3/BiiolcaIPEA0jAZoutdbKAPG8SMvkp0tpaZFSGnGop3YRCd0mQqWUppk2pGKARhGnYsUIZXdbV5lkMeGQAN6NM1fyiG8diQ3spr4lJ3icdjHotNgkCLuaSi5IcmhzBFaneB1NsnncF6H/CUbDmd5Do5sOBV8XErWYIrFTp/X8NLHHQcgRs4B5OmuZZ7JkpU6nhWBSYkGscunhQavZJbMARqXOIBoCM6XzauYjdnGKl7BaFsQxWa/Ktn7PCUAfikSmiHwvaJ4ieg1MRUBCUSkUMpw3aHVZqJYahjmzlrIQRIX0gS3Bu23dF9QCSBU+lrd3Y9uDcRYvIu9sAekHBDU/xhXk67niz4o194XBD1O7SWdfWqeRAYVgNJZKPlaw3wo8ozp48qjoJ1ORqqFhImJcoaRN36NTN1rY5pKIN5ovzJjQ3bS5BGg8oiHb1blmC7YavyAsl4RA1oPRKSqo16s2CkSy4CT4jhnL9kUrvpOv5YYdbyk5t2TlxpYWg0rHUFRw5UIr+jD88hbxklKtJZm/B6eIo2k7d4IMa7W7rAE0P4gGS6d0OjJisGRbwaVsSmuohhL+oqaHArSl8DGNvZjDVmbYqJZYx6GTbxW70IGsIpQCAEvWKjsDmvmbVbFg60OQZTYVrohIcmLHX7kaSZUXz0opcYonbpEzRDD/gLs+/+AsBj+zIkByrgGaQGKlz5Byj5EIdelMUREYLzCH/RpLR8qpjBSkMHAJnX2a6dxbxKZ2wiO0jMGafkJ6W/ySsOGRld6XQwu8YI6MUwBJDCmVvlMqCR9Lgfv8AiGYAluabFtngGfa3g6rVzFILy5hUT0U/TGbxTbEMbyoSPdL0OJnIDsLwjCJRMJWG2OX664YtwMraAublSohVxBRLwEnpgkKKVcLb+0jAQ/MqOF4zgqpSyrHEti0gcHq7gBKvKAKd4NqTU5LmoIxJZMhDTdISoTlCrbzl/JXsiJDY2C1Q/I8hYHWMFhUsG2mD0Ha8O9LZEO6KNoCG1cyllQGFU1y8X/ZkrtKt613dSdooQYwHMQsqTgglTTCTBlFlUJH2/bwgEQjEjoHUTsup+qZh0iz+5h5huE0ghrQucF12hL4DCOWudacRcSgW9m3nMJvdiYdp3TGimiMuq9vMXzquhe+WPiaK3GNtL1kc3ZZKrS+e4bgdctd86luVG5YoWQCukpFcQbnOmDgfTyfQm+3OHVFjTiKFK1chUEDeOaHYA5Bq4Wa5SD1KYQDqzaFiC63Yo2n1+XRINX/LMAoRo5u/EEO7I3Vi986u5JxoQsv52W0jJQdejoftf4ShHV3WULr8YD6IOqPhs+yoaWkbQ3LRL9zZcnyih0vrJNhCz3Mc+3Do3D/0jIVRQrJhXwbFcJWAABgRZEIQdUGtNLKIT1AxYmDB9eqHjiBVvqfyx2TA4r/fRakdQ0CN2RbQtybiPEPqCFA4QnmBDXZ4NZ6+ktWRo37lxvdHWbck+ewHaSHz/3XHNSqE7lp1HT1u0lb78HtEVtYMNpbThoJ/4VwQAHtvrIBqukgtBWZeYmi9kZUSWNufXm224IBTThQVwWmABSQPcc9Mmfe77nFN9XneorAjC1yTn194lgxDxd6AJY22rzd2AdZvUzOLsOXJxFki6Qk5Z1x+3HVqX0h1mL5yo3rxFbcy+twnlXgUOj+OqPVlJczXn06LVQDLkuUFLhJoYZOlNf7v9mGzAdByWrpHWi4SGOYVMySSdrxgfhNFvsM0KQGvVE21pgzxtQ2KN+N6LJH15orKzxSA2/yWLfpzu1dubgSirW2T3hjxFqBXtxTIc4gKJ0VnquECZa2HfnoUh6XFniK2J7RJ+b4n6KMeVpWkRulPGGqbGkq1aHZxHHkHq0an6HtoZr7V0YtlqX90uo9tgCDXojUx4bLsr2pi637Zjq09b1UV9TYoUL5rRF8AQHXUfkOUN5eFLT8QG4tFtvsdsMn8+wC0c5ZK++d8MtofP2DxveYtaMprweBDcSdMfB6EyRdxqJbdBmnlH17y3H9S6TK5on4lWHWm6HWj223wuqqkOanAYmzusqb/gYAZYFUykXRtSm/6jcoCywHjjxKo/Ef0eZc0duXxFOBtottkg0qJ53F5T8mZasc2x01jFLwPuIZztE12bmRBYY2w+YToxdWkVBnClpZCVCIJtbvIe9qCe61zm0TOpIeFhz/eFJtkSXf+CO1tnKwWNlgnFN/yiLCzJyGnEovxu0uY4xq1pc6MamFLW1xUxf5CtLjP/YYlMHwmEaF7/2R5E58nr74o5yzsMBQvjzz3PE5E45pEpfOKE0STrSrRoHv/a5nEF9iy3j0Uy1k6FVy7kiqPkzWEADvS2pRk6VNaoe/H5THmIsQpv95kaSra926KqiTx3P6H6GRF596lJkqXJEKDxbonNl+w5njZtzyeftq4HjaSs1cgw4Qh55FxOt5Q25M46xg+e0PO5zaDSNEWhjxjnEG3zWyOMsfPzivpElFQOijgi/SqKhmNOPvT/l8SYuXr/Vd9T+8zxbms4t1UjYe9kS6y3SSbPywl9flWpfn2MXQDyoYEGghQoDHxgsWCFhBQgHGUJ0OJChQYUTGxYUGPH/YUWBGz9GfPADzgMKD0w+0ATqx0hNDhjChPnAwUhQKGvmpLnTgc6eP4E+QAB0qIOiCBoMHXrAwQGkTZsicMr0wAFQ+7Bm1bqVa1evX7tSpLjwoMWyEs12PLgxoti1Y9+KhBhSLsMimuQ+gMPy4E2GKGnGrPAyZc2TDg7n/EkTwc6iPZVChlqUaWSpS5FmngqWc2fPYQ+qNVix7caHBNuGptjxYUi1IC++BZk3Iqi8b5YVQamsguGUhZcd5slTsWKaRCVLPmqUudOkSaFSlZr0wGfr172aRUhxtNnRpA2ejuv2+8fYIdHLzqtM4EwHRjTBqXmzPcqTO2/KNOnz+PHi/0UZS04y6CozKinNEJAqKqdwwM5BB2E7i7SMVBuNLdK2Syi9i2KbaLvS1KNPJDg0eUMg9u67Tz/ehjOup/4kIw4o5RpgTqnnljJQs+gafNBHz7RjDaLuPjyLoPK+g0g8tkJCjbb0QlomopmKAKWkB2yzr76U8PLNJxeLU85G5saELjKnoqJuQafS+NFNsLYjUqyOFgovNQzNYzJDiejS88nBZLOppMF+mGmn3mjSpKUvC4PxRQcSmFHS5YbCkcCo0lTwgDfe7JQrCT1sTc7ULNJwLe08fEshJ//sUySWPjqpAmU0MQmOllJCtLcKbtVPuEfBXMyoACODaswbE8Rxqv8FlfHUWawa8vA7CxEqtUNUBaITz7joLC+uWAVS9D6GfliJIU2MMNS9RHXj71FHhzruscd+OurSyjJLdkenmn3WUwlROxJU1Yb00Dw+vf1wtrqgfJU2UGp14Nb2Yqqv10YTAzZM/+o9lswzo1tQM6eg8fffVUHNyM6yTG3LQoE9UljmPFvlFYgpGQqFRTjeQPTQmh54w0RGgX730cciXY7MyXCcLNNMqzO5UwylFWtaUrk7eLy5CDaNaxBBDNpEuZTx6w01tERUJiDkC+zLMF2k92MHoPMYzbsRZFDqTonsbuHT6gQbSY8CXng2w9X7CA44/opJZ3LlYyhFnNKI3F3/nL6UO7l5m9PRTOnUpMqHvd9UuG+3WDaSwmgHZqvbtlqrGaYiSpI1XEUfuAunLU8qV6fDEnPU0UhnLJbSzjOD2ilOSf/x9A9fVyt2tERCTWttv/3a1Y8qBxdLWEmaSdecKvDL3WAVk7tYySqzNEdNL2uqzeZ9nPDDqwsmEvCBvY3Qa9oAKBAjDCokEPtBBX5An8mlxHeXA5aM5AUp5CjNMvmSTnT4RT8fPW80+xOYRr7mJFNlK3XZC2DiyFWrcalEE7op129qojYs7Q54xPHPcjhmPGMxJWSZORB1NKUJDT7IdFRDHesENi0kfi12IjxLw9BDO5xhCQ5AEIgCeWeT/57I0GhdRE7xxGSZe0FNKiUbInaMBLBQTeQ7ajnVhWIHQj6pJj0ME0kC00OinmFJXVtyAH0c+DadxKtjFPQcspQCOqmc0UHS8tpGkoQa6aUKI0OajSTH46qa+SUweuHZidJGvpqwRz9E6yLn6EWZnhQIM9HZ1wF6xEjrdBBU2lniwFJlJ0iC7XBcc5X4HsAeuWSCRCjJEgwrlqWc1NCLGgOjx5BHoH1J5QeyvA7AFnIwlIEQcLR02Tf/1xHrXUSTV5Sc4t5wEwooyj0VOwk7WySjF9GLeI1RGmQu9b7K7BMq87OmZ6oWJ7HcMknZo5b1uobC7a0HPUErJpYEsxMV4f+ulC6yIdw25zQbfc6VQDyAP//JmRLKiXUPmZ5JufNESnZoYalZaAGnuDh14i5tbruYKTkWIMjodG46Qp5R9ulDBGQipEBKo8rSKBE3Vo8uqXskwbTVSygpqnG52wtDbrWreMKhCL5yG4w4JsFnkqlATqPKIacixKKKVFtXaxkbWYYq1bnsQk58qXpmYoeWnPMNcCCGQOCQBpycE1FvEOz5wirP9enwfZhallOEasa1fiV/IFRiG+fYkDiqlI4mjFnYZEPVj4zkqg6VVdF20lfEuktuOZwgjRor1M1MFiwrs5oR79eQhJnlYH87FS9rxlWK5U4TuHuDFWM4k/sc11f/pnwX5+ZWKZ+2bymQdQ5SokZbr1APqRUK3LdsGREO/U+qdoRSX6tKEljxbEq7owlJ4qkxefqHeB0bk90M5EqnaPcrMMMf/pq0GtkQSU/UKpKeEIdO9JRrYuHr5Ekg7LtGyUSQEXxtmYSqprxBJZb83YqSvLud14X3thT6rR3lgtCawZewVtKN7gSD2nJx8Xzpg5H66OYxMeprQTnwcFe0E0k1loa3RtTsXPymKvPmxXYwRgkC42Oicq0QmaD4naMEKaD7WoZuOVLkvpj3Y63QFaq/1e1AJdRbS6rHYCZMcG2GG0wWY/HKfIzvfMF0T1X6VCmJhJpaxZyVIN+WPHIR/484yUMXVpUXirSZcawqEIrKwUSFoQwMKWmc58259njIcp8iiRrorMSJvONNaSaZWjDYdY3A5zEvKKisDJIwhEXI3AkpefIrizpzfWTK53SByixRj/q2cgryLq2FukpGC3FVZTMUlzHc8r1wVp0sJU3y0xvnhnVphRQT8vIlzaT0a9hjeZn9KLlZhLUsSUJC97NLY7vyoccBy8CjA0KxwOQGk4sXzSkhJUhBM5k12FPRzDKGjRWq/deSV7PTUjO06OzdFYosehUesZSD30AYJ/lxW4XhhuOP1QhZTJOtAxKOFf29kdQN31pcWwoiDnUWuOixzb5BkYN8Q3TfElVJof/67UUAjdWQBaKuBZuS8n3ABVXGTs2hixRXwqG7nLIjlFzwwp6fV4yLE/MJBcDEk6LUM6M/xReOENRhUYNHyUg9s4GR3LIL+amXNc8LrHSlKBbBqp31aaEDsawxzamy5O/blwPUHmi3LKmg1EK2hhrf2Q5hj2ZLDleg9KrOifnsdxNjJpblmRMu99TLOpIOU0C69mqpOtl1MrFEYsaW2Jw0oX8CJhyMEBKJAQF3wk3urmoy6Rbt+mM8/WKlYvtDfX1U6YkmJ/UiLzCUqtRPbob39lQbEp5NrK9+3F0Rhjb8xDoTmsnb8Vn3BehywzV/Aq5eJe+0p1Vxc+KgfRJ6PyL/sb5KuW0PTonwKczfyK8x7EuH0M8oEIQ6yK3czk2c/keuvOOz0GyOVMV1ri8vaKeTKiANjEANTKT7Tmt3HOCFvg70jsK1BCRHNkqoOgrhUo7tRqpgNMKu2o0jzE2O6q68CIu0RMKhui98uE4/BmPChCcovm1ueMjkbARBokKyGPC3ksxJog9hvmlryGtPGi2KakWrjCANgEDKaqVRJErCjKYIjTAFw6hzrku2EEDplu7UMCQKIc8G9wfN6A+48LBhHo17uGpQYE0D9WOGDkNtwk7wLOx4nKb0NCXxFC96YlDZIDHiJtB+nMju6sh87EJR8CIHREQnJEoZiAbL4kXkYeYmn5pmWS5jdJoPDpWoiESFNJpowGqPl56vT2xnhkZrxqyM33bCbRAFkMSvmXgKurgMZPYl9dbOSUYMm4SMdZjua1btqaoOSvBIq0ji0bINhnACRSRKviZFWAQuv05umpD/MdAQ7dRaxo1eT/Lez1RYxaV8qWYeABq0cN54UW0Q5Z0IMb7mSUaIMaO4DG+aIswSLnWUUdUEbOWckSwuJBrNzP7QQ1bwoj7mjTf+6FB68TBYosYCT8tQSQ1Dhp/Syg0JjdDqEN1q8CIcsM06a6FaxeIEghNV4lwOyDdk6Ka07aKOpj9S6SdITscyJTMWsNyixYPIghUjrvqs8Pnq74Q+AlZshz1gRa9E8KsMix/9g9s+EgHJyvRMjjqigSRHhcBkRsWuBupU5pJMKKrk4vYO6MkgqldaKFe08Q3SJSfBDqyYA16eCfn4DAEPhCrc8A3dLVocrtie6uXmbsDezPZ4/0U3BIM95nJifM49Agsrz5BeiAUg2aej8mUwCU0Onw97lipgpm6NXAqh6miqcs92bIP7Ikcbg69tcGpjeio5jE4JqQuWQNPt8Acpa1Ad3QJxVAwes/AN9urJ2OOTKBNoBtEBaIf4xg8cv+0jwy1B7oYRFc/poIdbGDNJ5pAu3M04L3AjZmJx2usmuk+1zmldALAwiE+sNCe6fo26qKOaSDJV3O10aAk8bUu8aNF/UAyKMlB8FOULScvaenEE2yYv0ae+Xms56sYYk8c5ynE7CabVQMSNtmnNZq+E1lKhtCoiukckFCUDp2ywUqJ3PK4Qs3KewqTTesgzhwo0j431WP8xwODiEV1let6svB5NIn9gxl5IRURwMFZLWDwSDVdJTM5OX9Qv4T40dQpToFztSCBJR9ex0WjDQG/RNqhtIlfUbWQyMfaxOAKPcwbu6E4RKaL0CVcOdZru8WAv/rQGNuhORD/CyU7iVvAogXxjQU1iF+NT9OyrvhCx5EQyKoaSKJNs8UwnS7/pFUWFdRKThEALirLkLzIh96wMUGioUXAtFMuwLzNq4BBJMG00DnFrZQ6zruoUxepvNVFI62Tlk7SOGzmvPTwueMjvNnuKlULykNoQNK0mm+xECsVrYbDUBtnNfuTIEneQkyAHoqzVORuFosywJggwbjjzL5cPqLT/sxGHLPLSzDtgtU6nB1rlcQdrA1dOQrVwJ+c4rkU2crXC6p7QkIcyzM8OAD/d0JvkyChNM8WcinDgyLOyaVZNtAJsB7428phUVCZwEn0eyNs6ByinCQ0G8w05iHrQ4rswtchYjsjaFUpkBe8EIgMnhp2Abzi8zkUNNUbsC8Pc530a4ELJldVg8bfOEUDj8cRWLS4qMQtp8i9cwgFaiFdq8qsKK/y6iNvy9QiLUQ2l4k3Xb9BqCXVeUSWP1fFcjVabLY/2ikX1QrA+Kf+G42y8BPRmttc68yvzZTKuYjCLrHCqZTYg7ijfiiETKmxRSHzOc48E4oWi85M8keN+YGhk//Yx+JKxnBStGpUoT21UKvfITI2OYmPRXM0paeO46uMH7MChggYIZEKrciL7ti19ajZY/3INx61jS6WEXgc154hVlqoxfUtPe3Bx5O0m4MsDkZY/4EuULBZGC7DLjqVplq9j3/AZ5UQ0VEM81mx6DXJh2ZXRCAs6rySFXIICihd1Y6KBzJAnIFSsSE95c7N9UK5jqwazcklo8RTEKHAxixbenuTREIUe5813fEY4TkKdglFSprbsdqzgEGBcMXSS1AhT00g0mM00V6cpKU4u4Ms1QQnjiHAECUM6WbfbOId9zY+fEEAV7bb93A4xi+QdhZN+7WpmmGzBNnU3GCJLdv/RSNWGHg3DNvfygRI1De0TAXRW8UxsLFESQJEVxOaPzV5jQGO4hlU0P5YBJgDpZYGGUDEzeb8R2NhUKghS6Z5HSAr2GcmCKZtqWz5Le6mRk06CRXiDEwMRWx2AlJzrYiO0OvnMTIZYzLqTf1gOwL4JZfaE6i4wU6G4cfxiIrXuZYWjRUm1+JbGXqLJz6YDAbB2/VTYYMhynFLqTp/O+kBIe8VHmLikJeZVhrhImLzEGzHKkAgP2KRicocNZqTX2L7L8dKsk+EOewxZ2kZrhq9uYnKuPbVEaQtFL1nXwhAVDRvrbpoiLN1XaJvIsob27QJsoYpWNXn3KY+5Twvlk5T/abCKJmZ1kocNuD5NbpGc99iMWNV2SeaIlmAMSncTxzWT8zEdypjXxTco4KaK8Ia0TIv9svSYwnmX7mf9xtTObI28qTjT0fq2OSI2j10ewAN/TpwrRv8+riMvavReGZEwxaCvV54r9y2kNzWrV3sYtpeAqU91Q3FagmV1w0h1AjlXVyi0OHn90uiWQoEx1CSLaKFZEmbkDiOmFFONNiSoimJNZNK4qmhi7AEAsFB/1XgmlKPOao/5uCj92K249sCUagJDGZTr+SO67y9+UD3RhuN+x8FATpmXVMfW1IsNuqGX9UPJYvo8FP6GFh49V6pmLTC+sIYdYLBRSz9IED6J/2PolFSH1NdqjeKSn9DcCo2kYO+DQDRz+6RzGyaGQiID/wK02UN3ckXGXqIQ38axo2sFPecAZHn9TrrU2K4OJZXmmCTJKk93badydEXCbgJB+WMQNcFXOxLgji9jczN5JDsZM7SkKbD9pFD2KIQtV7pVCncLTYL3aM0mSluGfKBF3XZqoesnKTQwDXrpDHNZJU+3jkzRdkktUW1sI1qAtQhLDmgXh0NtQsGOQw+n/yMNCU5TzltDk8qI31niLLUdaemunpi7P4LFNlGAgw7XfHUxuhXAi4WVTLF9nZeys4ZoE/NRYZBVIXrZGlwkWCRle2NeqzIfVULXkPkMvwgJ8/8YAXxMpI8VQGfX4ZqKqNPYiZ0Yiu6Dk1wCJahSV90l5+pY9HQqHAfaKw/AhDt2P0vsa2XP/ZQMycxsiQ25l2cFZ24OnFXExfVRJx1DUmZ2tQsPAbWaj1sxoIyoEivEpLmG8rT8R6foL4g8mFBCtUIhB9ZlOO4VfcQurgnPTNwn1Drc/R6Veh0pLXxpcMg6qZ9YXFLCIhGUptopdRdFAGfkEA24SRMkTZZ77Ti0jONuVMRzOEVIDnfU7oBJJKgSzoiL54LubNvWCP07kgGSvJnXtc+7wMusGdkOPHMpB6u7grcOMFgkfLTVJmviDdolpzCKL/FpTDQ8M+q2wzFp4aCbENmIbKHdG0RXfdJDEJ9lwi9mTLhQlycCq8aeq3UZC9H7LOnOG9XP7SjfbSEDGWxiEdmT+pP0vCV8Zy4PG1GmOp4ctyePm+CowgW5PQZbbaGTdUJmd9zJU42fxJuVelfUU7DYmiei05zhJmm+jV8neSjOex+8aUd/9t20vAoPygK3hZ6BCf/e6S3ZY4BQ62UXlx//Qyu9jbrMyqf/184wv+vRCwalzo027By0ajHPRwuBSiKGaIo9Lji+yNDMG/6+1Pysblyko5fOSfqtoJH9CgoHI7pLGQL/sOoHAlhs/A+xI0bbgqUIe3I5DpCug12gnDshpQ7q4pGEVgdwk/0v/BcmhAuiEvuwBzVqf4LsQHjkVFARFX2dk9iR/B6N72Q/F5OJMssx95SAJEYNKG1I4SAE2XrrWZnXGn7Nl2flCY2rWX2gkg3+eHmaGYbSdQ/KRKL7/igHEpsIhxDyDfE2JRlkKqPUVc80hWzE9X2lWC9PDWwaR/TBzecBjGBsqGoihYMnOFHX8ozb7EtY974BXrsgG/0ZbXB2lwql/xqGJdOjiZcMmEQkn/WiCLYe+BAFFAHigQMHAgUSHGjQAQIHCRQ6fLjQ4cKFBxA0QLAvo8aNHDt6/AgyZEgLFR6QrFDhpMmUD1K6RNkSJUoLJmPOvOkyJoSZMW22/FkyKNChFUC1JPgDTklNPx6AquCg5MGCDoxORTgwa9aEWiNGPODgogOwFhFgFIk2rVq1OHe+lElSp0uSO22yFIoXpl65QPP+pDD05w+rJYtoIvjGSA6jBQFfXYb14FQEAiNCvDzRIVmxONZ6/vz57km3O2nePKl37t2XpkfzlNkTdlC8QwFDLflUMJwHD+C8cSoQKm/AjhlTkMx1a1bKXQeCVf8oNjNY0NSrf8SJ+iRJ0yVpbp9ts24Ft35R1o1bnqj6kg+UHa2QBg7gN3AcuD8ofCooHFcNUiVo2UCZXabZWA6lYV2CCbbWknfdzfadXnS5RB5q4920kl0+oZcebSUpw94DRezmABC/hWIbVVTlJlmLLgLYnETQSTcWggreGJp2MrGWE08qyWaeUNz1FVtL4hHlYVQP2BaVUbf9oElJ9NlHVUmOQcUUVv7BqFBly30ZllcGmnVRJjieyRaGosU24WmqkfdWW0FemBp4HnrIW24lQYnUbnr2R1CWCSX3omViehVddKCgyehIK/GomoXi5RXkT6ZNaqedRe6FJ245CDf/YmGHgZIDfsEdBMcPVwGqHJiHijXmRQco02itHe1IWqUSPvpdrzZZuOODPaHnFpFBKWnlUU4JNVifD0SpJKBM/UfoZQ1dBiuNE9Fqa7f7tJmdmztm6OGERl5YE2wc+sTppupN2xKU8UZJ6qnCOZaqlvr+p5WrAkY3YwPReNstpLnSuVNpO/Y6W5wbxtapu8eyZ5smRSz5wA92IHVYlIAVpOIbFyPXomUPHAomWc6NecAyBNsqLKQ6ylYaxOidmxNqMXGX6XrrVRWivCgZBUpTURHkmEBwpEGycgYF+KWYM0p00cu26sggTOg5CGybK+msKYfnxWysz0zdVgG0iz2r/yrISCs9MsnJDTqgjJlR5JDVtcaJNVy4BgknnZY2WCfE62kqFJMtwXFxvIwV5UCqySaNGNMqanVy1DFCx7nKYHWmN6NyZS1sm3EmHKyFlq5ZZ2o/47k0e2kL5960gAqkxm8u8rulgP7ePSbooZ8ZIY/hvtagXd4BpTCnsx25acSJwwHE0UIDJ7Kytx2U2L6YPwQ+8JyXdZFFOQyPpoQxX8idWxFuZ5fDdM7PrvNIvodxb28I9RRBtY/Mm/7Ep2mralHm+pUtGdUIfcTLmbjEVSx0+Yh5D3LdkG7WrgwOhT4BHMxwnrI0jF3pICNaVUIW4qXwKRBvZSHLGxiIo6DMLP95YlvYwn4VJ7zwLFOT8hleogIE+fwEFErSRA6M8JvLFYRPTeNXZAgkvolc5IUwVFCE3PeW4qFufhg8F6+K1EX7TQx/PxkRbz4UwKK9QQ3Rkopw+NQ7rhwQamISy0UAhgBNVFFB6pJJBCP4qCwCpXhgU5+xEOfDnwzwNqFQUqpMlB+MHcQHJCLgoLLSEEP5TkZgAYuZ9mid9/HKeFoLChYxKJ5ckes1PXPdD4OSlDO2ZzhMScrb+gPHJ6Zwk5qzGx5nBUrrZKhrOxsddjIFrNZFL12JTBaznOQ/4aSKgwQZzqmccrTLIYQ5koHaQzw3Jm4FEzRyctBqwBZBCt0lXe7/60s6DSe9nygJSrcBTkkYx6dITsUHh5HjE8Fkt5Vh5iIDGydo4jIzOn3nazbcYQ77UkMJlueVSIoSbx4AjYLQZ23WHCFwTNiqazEkRncTC1kOYFDq8IhwcyIcDSHqxQthsS+ZkmHZ2pUiD9rGPVCJ3WH0SRVlgPRF/dLkQDOTUtC49Ip+O95pWBosTiEUnjRtJv6cJJBG8mZEHqxmG/1HraL6Z0BkDdOYDITSpHpmpQoFj4NWSTN0tQZIpUyeBsdYT8EQZlm4+41RiKNEU+irgOBLDsrsJjy1psU12CGczsKFOgsBC2c9dOX94olVp3xKRHBYDKDy455LXtJFwAOY/0kNlFjFiqSCx9vaS+CqlyMtD0jkgiciKRoVnkYFWhmj1xlvWRAiEvZpTysqL6WYmR+oVi06qgnpfuTaCUk2dXZNjWnShbh4LuNjTmlKBeQFoqk0RiC2G+2LriU15BboADZa7moRakN1BvJHD7vudWUzpIZZlUmJs+du37gxyIjwclYZ7AFJS9J/yai97gUJa1mDQ/Y5liXJtOEqcVbT/f5kWewp2pLWZpUAXtMB5bWk1HyHKOB1kooNdrB2BqcanFR3XMu7lH5LacrsSmzDQbHd7M54GMgIJ5KAES5UdPm9Lm3OIlMzyydbfJ1z4iTHO7uhOePbR/oBCZDxTJaeuv8rEA+awprSMhrvWqXJw6pYj1C+zswY9D6EraZS990iu6jayr/oucOfCpR3gSOoo0UyS5FJCHr/WdayoJXEbY5yOyE15Ry2NdJ/c6lEd3zXlljsjKlyDGT+JGLHvMHMhU4yirvSAIfgUZyN3siL1STTHOfKnDBm5g6rmmfpvc2iRW5KS4wSaEkWJF9xfGLdTq1iA7G61Rlp61y7FtX6VVh19OPZfQ2XohR1+Afs6bRA3OPhaP3HN6U2bslUKFApuozZG4k0dOdCw0itc7aDe6xsDmlVoaQKYx7WdNradkvhjLrYJ+MXHVWtLYWwmyOumbWuBOk8yUL1poK77euWtOn/pXCbvElpG1AdkLuw9muTXkozJ8ey8HZXyG+jfC5DYXzvnC0zg0kSyk8YN2yj/Rvn+LnKGptIwINb5jkqc0DKNeKmYbJ8ynCqMobm2jAZcuqdFrdNfKyE855CSecqAswPdGdJ350QfHicUWrZncXGPpW1L+8OTe2bYx12qOYbnhJvfMy4fXuUhPXpHZcOcmLxqWwhZ2f2VFlnLjnRmG+rqZ9lLV5PmxdmN/csglSWRu6uFyQNYPf7SAGKbhodQLlH38cxsQzvl2xRSFVVyc3WFfN4psjuFAjh4r6uhvzhsu+lntupvzm+A5X+Wyx1kMMtHSyGshw1EYxovvesm25zlxsxuev7NR2TS88PBL1cUTNaGbxwB/rtteHi2r0xOFHb3jnTGPuuJjDmmwAyLuTZVBETCT7yFS6n7E9O+fiVDlXppDVt92rwVXFu1SHQxywW9QBTsiepohRTMUJVUWzLMXa/QzVlwWZHZ04JBV9YE0jWFXc3VjqHQyTa1n5LEkuAsW9LEh8DpCxXkUsG1BUX6DupthAJ1H//4edHczI2bvUrztUji8c6JIhpiURPvOGAGQOBlxNJBbYlKFQyFwg8yLVs7BZnp8cwcwYksyVGiHNfXaY9GfNX+hNAhgEle4cx/AR0+fd7Q7cy2zJ8ckaHc8UmFPY1yvNFq3Ew65dnKPhjTDhPqfJ+wiFsBBFivRcRmZRgyXYABXV0WtiDpbRQ0YY8ztNKd+IzKGgbRQF/SeQAg2FLIxZUhGVqvKRCeDR8pmeHBqgawxIkXFNlWCQ4sIdn8bRhocVZBIEbwEE5wtY/3mNYVBh8eLOKatJcHFI8r4VfGtIwcFIhM3dx9ZQbFKAGlBeKpEJEAaRPDiBgRIVCAVJWJxcR/8dIi64VY861OuxTac0lRhSEJ4CILA+wXVulO/5mHCKmH3IzXOL4L+lVNXOoeg8CX+s4ZY+CYeuEgDYVe3gWGIARWu4nT8vQHhIoSVBBKv90iuATPnc0EYVneHNib+MHPxSmPgNoYT9yW7KnHmWYFEmTUYRxO5rgGLdzKMXlfZ9zjG82kKQTVZUIjemBfuuXSEpiGx4GH5SHcRVwH2S2IqViXhrpj/qHAOAXfgBYQVM2IagzSOpSZVAHIXyRa+rxEwxoRtVkFAKmT0dWYmPFFSK1SXizaAfAYpHIkwXZeKmDjMl3Y2I5lnilZ0viYRQABJngZTo1XlMBLf3yls0ReP8BVZcpl4xSF2MMg5f2JYS6EoZ/6S4oeDaCmEYVSYoHEWz+xJhxSSBkMQnHOEo9ckF+iWMPNT9R50NV15LsYRjJwhQsQmZHli/8iEkEAhGnlYMbyIGstHKV2VSBdCRZ6XbzJpIO2Sl+5nXv9zGpkpEf9wCZEDeEApdLhpoLYZz+92wtVUOwNV/MGDjqx5I/BBQtqDHW5BsWFXCoAnCsAni7JDWbYRFXiHYy1jenB2/MRxtgQy7X9nidWRvPcjHu9zGRs3W6pyKc53nelGAAIxHrVnodWFcm6Zdy0VReOYRh6UqQFxgV8AZAEGaFGBX0QWzZJBkhxI+VUXL+sl4Kd4z/TwdpMWaSjzUUt4aSK6lh9RR/KMFbD5A7gqJ5JfIGNOiGgBeem5RWwwcuz7M+ypdjTkVnrdN8mhgxG1Z7SeRBGJMYejeaUwJSBWFUYJIoE7GKpjd+MvOKBLl457KeDzdzd2KUQKEkJjJE+fN1m3aIS3SPaKYVIpVoZzUdq/hWbdKH4hJvsfmc6ZRfQpKAFCUlJDKmSwIEmjBwPZcfTDRURIWacekDb4plCaVOUtd06MSXKjljz0cbnDVE2ZQUIfeLB5F9I6ef+ndy58OodKh0cFKJsZilPYiQVpqnmwim8xIVFUAMvwUldjeooch7+CkghvWPZoUAaICqPJlDNSN1/2BDbc5YQQ9TojuWIrT6a8oCJX7aH9j3fogmdqWaXgZilVfJWA43XZb6R69IOvjWnupRnVBBT7xYFLRHij+QCTNKqvdKVpEpmSJ5ei81p3FqkOHxGpUlhuu6J1gVkQ6QA0xBIvroH1Dohgd0aDc4NQcwnuSJjLA4XV9pa+MykBCTrgmKqZoWHGX4a4sEo/fST97DkY5JlS+rr3FaiW91sQCarOZqLAiKbUSBFLnRHuwRFcRQQiZ7EGvTNBERhUWbFZvhADsIs8N6kjLGqmmLMzYmrJwpeSmYNhhzH1IRCvKihv7TKgUkdApRhfbxpuCadOayhZSZsTZrQRLTKXn1sf8dRjHtoTG3cxzYtCW+F44xki0X4Z9oB4Cmw3ixoTDn4npbekh/OY98ehvWOUvRcrfzuj0q0pRJ9p1vWCAOsbnMBmmQ1aGFKz+UQplcprioqx4gwhsZJRXddaTARSUGlmRTiTKPiKoKNUw45I4UtDrK57b4NpQwcXE/4R5FFhwCUTTbCKMnuzsqtKZfEYdG961zckyv6Sbh8rRRRx4gelNHqCxWyyIax6JLuphOxC+IGqWLmqMvtjVfuXRWSoSuAbrveFfZhj9F0Wekcrzj61VAlZGihYr2GpcgiXZgGWewyFARkpnNSVe2dak+w1fLwosk9gNalTSU87/nixX3Giv/hPemcIqXpcOjd9J04zc2CHmeYog/RbZZFDxsRRC72pTBmGMyFmrDo5fDULeFsMqO8DOSmymk6bcX/MVjgtI/R5Eq3+uUjkFovCOONUqODpCv4cdYBxq/tJVlEPWcHCLHdzWPQqEkfPVvyuIbWmWR9umkUgmeZSGx/kdKTweiCrOFI4xrfJG9JlpznykoUJE7xOBGJvSpwMkcJhd8CnHI4deHnutU60FfipeXNHe/9YSC3bPCBDEivKW8DWg5GvmkyDYmSLtwHvg3eMnIc7qHw3KLkkyWwkHJ0/eARdPCl0M9SJY5xCU+HanL/3kwzUOZ1AYhsDaiPEwUVKeu79kU/xQAL1ERH21Zkw3YpNontthiFgJyu8zWmvY2mb9sYxrrWDiLQ0cYeXkcOUlkB6ryRpqwb7PsAD9HMswxVsd1GWDxzq32GnDmg1Hluz5is/ZrUyaoQc3aEtQ0LVKhMVlCZITqd9UinOqFAJA4h4I7Q3jIMOLKesxouIg7sI/rpxXAc3viqQAEKAMUdDDCTSiWat+Uw6YnxDFTnn9zYwm1jrWVwhHTyrvBNu4q0DoHo7B8rer8e7h8FoErLrxspa7VPNdWSDazuLGRx2REH/NhBC2cNkvzoIk5BvVBQMjRtwjXAEPdeAfsmm8BVRGnJo96X/kljZzYG94VQm8ECgNdrf8l9EQr20tSJCN4rZwFKHNMdUp3krPsaVV1RyKMc8GaYDHlOxUUGnbEtTky4sFo96hcFGEKrCvK94NwhdFUO0ZKYkY2nQbaM9WhtiW2hGSomKhMhgCnmsPvm7sSRMqtTVM8RCn67DPxoTRA8DEUsBiZF8ObV6gauUvg8xwT0ca7fK6Ipzw3JL1xx8Cwd4npgYIR7ABI1BKZ4F28CNqkdjm+TRXhqK20O0V47RoqvSZgGWFIgoBI0pz3myLzRJO9sdZHUd0AnZgCAYOn6BU2aDff/Z/ZIcLKSF1vMq7iV6nsSXceYka0rD3KoNiU43VyfWbGNlCcE8pubFdZWJISVtEcavLINiu1YuhGvLFI1MNd9hE7txOKQ7u3FB6lef8k2e4Y2FWGQ2GdzRuLrHYMtwoIRFDNndbkFD93kZJxf92UQiiznwqxKDmsdInsQDP+cMRCmznrzXpx1jZnGCwo3aeyDPHx1lcxt+XWKvmdGQ1ADEleV6M7cXAxX8t9FwdDzOWBLGwdSyia2/k70B/X5T0dUMXojfxdsQHKUPVrbXjIlwxJdSaqHnCUdWhpd4E85OrcECRdRwvR0A7duQ40YXZBrAJ+HiJ8x/m2p46zOLkdLYmd23lr31jxnZebqCiH6aoqv+Na1BPGhVeqwAIbwTzWrhD6uAJtfYDCsFHZffmHMkMNp0tVi5BKhD0CU+EtdZc1pBzT67qX2LqTH0f/BppB1+1khYMBWdwlmcUIKF2XuNKFxGWQx8+yMy891ThFdOrVWmA0vH0jd1jgPmlhPWFS3raxhUjonYn6vMfxuZ3hnEYhlKsr2tg1qDn3mtoX7m4sRdbWbKk9aIeJS2WZJo8O2huWZ00CDYpVchAoW7mgpznPAfFZw6EjPJsrYc3YRVcHuMXussc43e6/Hn/ZdM4zqBzeJD44qBAnH5LHDVXWBlurB3eXht7OjamM0T3H66klezvCZYqdrK0DQnrFHesqP1fE+uxc1NxTt8V7ShvZqDSPXkRR340PwE9nVi1RtDJiAO7gKuN6iSmR3HqxWuO6tuO9aNNzLnBwkO33/xJclF5c5pYZFv7BDNk+EY0p8pV24gfzsqPjC8qUSnOPSwIHnlqtIg+cIqXGnyz6uFt8JElp0hXgMf+F+KyzPNb09gQvH+OieH4VKLu3x1ZWF7H7rbZQlymzIVhdWHro0bkrtSm3zfpdVoFzDzr7SUQ5ukrkarq3HCk+099oSquV28yOJvnS9eNOOUv5geEk45ypQgQQDh4IdFCBIKiBBB0sVLgQQUIEDiIyjIjgzT6MGTVu5NjR40eQITtaeGChQgUIJ0tWWPngpEmSMVWepLmSZgWTKF+6nMlyJsmZLoX6LOiyaMEfmgaC+vGAwoOBmuBkGui0KsEHyhpeldhwov9DiQ3CwhFZ1uxZtBlr5mT7EufJlDffxrSpM+XQnjp97h2Kt6/Pvi5BsYTzg6XVN3DgCKz6VOGyhVwZJuwKdmJFiZnSbubMGeZOnC7jusypEyjPm3Xd6iTNszXgnn2fwoY620FSp5p+CHz64I1Uq1gjO0DIkGACisYrV8asqfNz6CBVtl39VvRbmiZTyhx6dy9QvtODhpdtFLBgwk0PO4Cj6U1j+AK1St66EDnYrg0iNnAe3f//z1oyaaW4SrsOvL3myi6vlmIjjzYIzYNKmdyaKkigxDQRzqCrKByOMgfu+2pE5hzo7z8UO/OpNOpWW6m00Ob66zrWehoNtgcjFMr/Kmig0qQIo6DK0LarEgplOONAxG/JsBBQJkUoNwtwwBi5M1C77FCjDjXQ9OLSL/JsY2k2qCpAqILCBhpTMaUI4nA4D7H6aqCHkrvsMgeejHLPshZUELubZApUy+uEysm7BF8rybUIGy3KQ916E+iH9oKL74HiKLvqq+Xw008iPfkU1SO9bgRKprjg8jJGuQwUr0Ecx2tUqN4Oo2AZlzQhiqXf7HBTuKVwSEhJEOkscT8Hlhl1WY5W+ww7GLejSVq3UvIurlQZxbHMGQ0CjMxdMX3qx6oGSqrNIhXKdLIQJ8MsOeYQgIZZejEakEov78WOtLXw8tO1nHgqMFEHu5VQ/ygKK9BNwiI08TW4N5fKAUnlOF0Oz4jqqZfeup5lca19P8YWtoBXZNRQbcEMzFaoenygMEkfaBhdrBzDVKF0NcXYoU8b2JjenagEarRnDRXvplSptAm8lMfrtigyo97EIKZqg+oHUODozebhQJm4IfwesHjJin5m9llo3VL6T1dTRdTV8JjO0WDaMG0qTUmx1jBi4dZFUsmu3n3X7GVXLFVVta1T9cWasgRM6LkffJrlp85c2KoKklqXbxN3E+6r+yrmOSwcCB8VJp5avKvktGeSFl/FSU7dcJWd9nZHZahuKm9NQOHtKoME8vvD5JDDM/CFTBf13yoXfNGvoh+vkf9Vybf9VsLzvNUVU6GK0hyqX68CBQfilTO/RIdKV35PLNl+rTos11aQy7xuDA/CWQ+uOner1OxdTeEQRDdgS8h9xIafnf1gfXuq1k+cJTBAGU5+91oUq97XNLpBbSjEgUqmvJUDUPguZwLk3NiYtJ+IHECBC4SSXtSGmoGxjlqGixH97sco79SOblDJCkuqxhKBKEyEAAxO54h1HIdQ5ngRSQMLWyijBbnNgVeyyWsoeLh83TBCZOre7Sz3JpbozVLA0oQPgHU+y6TRAQdoohNRdKgG+ulPi4LR+xLUOAdpEYPXO4wPm+K128kHIUTkmh2+pqTQHdA4nIrICt3on7T/2WQ7inKhqtB2KtaU7EYnq94GaeOYMw1STS5Rxt4CmJABDqshoUNe4D7VxkdGB4KAos4lK4myfTWuLqkDU5gMBq4B6iaQmBrk74yZpuGYkJHwskgs/eOx99nPNLxEm/RuabLvcHKHXDxM1QbDmEeJ8IxR8Zwqi2UfO4FFM86EjuPa8k7V1FF6cMPil3ySwxtys4uFUZh6ghMKChFyWG+wENgickASUeSV7ISOoPQ1y2nV6HW5rKDcbESwgjnqdnbj3u+cogzI8O0qcEjD38DGTPSdiKGbcd7HWKQaQHESRj8x2g5tVx7YsOeP/mSMMtY1Rt8U9IjtOiHPVLpStLAK/44mK80k9RU/1+kFdlyS219m1ceieBNiA1lGcfjmGJL+7Xjmw8xljopUsyRuaTGNoFzopxp/Ec2qqJmRmGjFrYVVrXuYWgbX0kVQVZoUnWP9FCjQKiWqsgRyqAsNXT5jrX6FrGnTmeusigJENP3RUlQL6IXeJJCw4myRRUXeAUJ12LRC8WPTmykekZYaF/LrgrC16V0JA6QfXugBmgjpOB0AWIqJFqXIOy1qRdI8xUrVLQcikHUEVVEGza2yOYWQQDJhBA4yxiqg8NClQFtSnC1RdBeLhnHP4qwIvq2tIGMvHleXR7retG61ehmQhNk/E0UjfLr97W7OKRnjIfBT9Mswr1lOBTBaZhGy2UIQHW3ISwueBkLguizmSNpRCXF3hAIUKhrJisBkFbhPaRNaPAOVGpHJRbE02iMnr8ot9gCJfxwaCBwSRkSspOENoi3gYC8GlgOIuE8HTpwlr0M0ye7lvYnCl7Y6OSbbCuXC3fXiT/mrUySZcLRkE/JxSazkE7fKmo5zb9xmWdst1hi3RAGfjQ3D32GlYTHm/JxAEoqAT3U5JFKFIFsahKrq0DFLmMSjNvV4Oyj3jzDvofKF/ndGDr0BvErSsnjVp/9nj7ToSmGWp6Aias+KutjQL4YyHNZsqd1Wbb/mmjPxIGIs8SYP06TCYtHaNzIZsja5GN1lk2cFLm75Bg5ZqUqpKeTX4YQWcCcFcUQuPeuNtI5KM4woyFrr6ypi23YvtspTngIHRgOGIDYGIsQIIuf6iAjEzBFLDqDdkeQKCFBOjWjJKugdfeXxvbWjrsGEBARi/84gNsZxkQgaQHYlc8sR8cG7m1XL17J105om2MgIJupO0nfg7xkMfl+mjKZsWA3vSdJJSXQ8dztcI4g7XMk+Q2jyQC5VCbIfgm1aYTGBm9hWG/ixjfmmIqghy0mUiBKTs1CVZ8TPW3oWou7Z2Fz/1m9xNN02moMNhPf01ePkBidXHqBjOgNumYFreNIxEkHwuHxB1ewJY31d6FfJilb93pqwuWe1p7wBV04xZkIoFdzIzKmVX4Fl0vU1MMbFG1/0xic2p424ydauwrTRuTK8zUMHGEEZRfDt11tdPoWMvSKFVzn8dp3ctsBVzO0LCusM/frz2DXGO++2by5nMwoQ5O91Rt+P1/hbs58d8U0NWYKgOslY8Qu+FrV6H8tEKUwlGrQgH+FA0H3OrdzZIWd9N2jeWW0o2pCGD5VddJ8cZbs2LOBW8w1TdMs1BxRhxwiHyMLxs06zSxvM80ucY3Npqi6hpApqsfyBvoQ5iq8L/4WQG6c0ELpzmghjIRsH0A/ug7Z4Uy64kRYna72I8xdYubhPKo/+ybthMwXMG5MfALmfG47do49i0T4TCb59+D7FkYmJg7qBeToHWhUd7KWTAbbzUD+EIJIH+IFlsJARSgqvCD3Sag4ZpB6LcyfXuqiYsjf4sh40C6KiKILC2BynMMLd4BDcK0INQTiTQx/9KC6HKzKXUr7XETQrzLYukaKMuqoKEwo5UxguEogiUMENU5j6iECiarY8eUKLay4XYR3Yerno2iNswp8MwixKASG8u5ojBCrdK0PAEUTRK8TgQ69oORoZgSoIGRrvoyG60ShuAYyGURgas4oUBBKBWv+IH6AK4mElEHmXA1gIZQm+fGsN1bkjFCsy5cO4Ksoo8+AjLSRDM7EaxkhBJOSxFjSf+usUPCGwTwwYWzKNBvK/GkJFyIkdHyS1laGUpKg7b1kGIHEMvlFCTSGIEak/jCmvT5yj9lG7MCMZxaGrtZktRNkjnDOPpGhGj4PGDSvCxTBDsYOXNZLBGbzAl0K95LqWP/kOltMiXiO1otgRM6HEcjMIIwQS/noTH9CQXFQiTkwjhyQx5ZM4OYINDeQLImsyCdMhYIuygWyTRDPIVbsNTTQoSkMph4QoClqsR5yoavO0+JoeAtwhWOxCBFSTI4SzDxEndkGkLdtFB3DIppP/I8ZSLV26JgdiMbjDQmXMnoEcJLuChjQAn5yhgDZhNmtEn2dLOj9hPQSZnnqjKLfzQLkjR9rQoI48kvUYiBxQBuyaRQcAIdG6D+SANfvjSnkLmiJ7C8iKjQCBrW/EpA/spckrR13RycuqgKkUKd74yZI7H8FxgLosvX9xldNgPfGgFhxaLtssRR3KKQl5CqyJvjLBCmUguYJbTKukD6KzmEbiSgyUyOqwzLbil+iBoMgDzJXhoX4SIXRchvdIF3ZETYZwTNF5FzEYSudpnQL5wJZrFOqRSeuRL8y5rAvBGldkP/loNc5hTDpTTQl0JLP7SvJbqlGsNuVLvaiyoEJr/5rP5BDA8BqvGqVbEc6+Ex6KOSiwUKQ0YqOV9LMEUw2nqyS5wbdivJ/Go84+AqH5RMBkITnTdMfyoVD7WwjSK721QsSniqOL9LQcucLsUUUomw2m0MlRcoBoaMtTigzfIaAXLZGLkMGlgpHVsqPnajDHA41D/MsdusOk6M1yswrtFEMcY9Hg6jGUQgCyeEIN5Q4XSrH2wiRtm5t+DAog/E2fYIo5IxIhJdLqEycxtdDBm0AEwL/8G1BOOxxCiUj5qcENHEfJg7LDyNIzAR8g0k5zG5aSfEe5ZMiIqEBom5KJ7BJ4eq34gqOaQhwIMMY0y56swg2PKghJBRabOVKxM/8WVnoXTZ01ryQzbbTIpOFGvJippawgSLTDRh0MTSAT3VKGOcNEME2XDyMRQDU8eesYUfzKFVtE0MCl+2lPnJJT29INpRglqeyw4KkKWGWSQRQ9NVxD9IK6tXqbeHJDmhtGWGlKHRnWcwyS3tCHNys3hVhWhQidkwOLdO0+zkywam3OaZIVliNLCMEnbTJWBUXIH7ADt3yTaIjGnClXNFq2yxhYC3QuRE0wOJo5CYI8sVzK89OoLC3WILGKeuA8xQRTJKo/hGK3XvTFlky8gm1Jb7SqtiHVR1zUKOsjSgGCb607IcVYYCnXoJTAyqDHbFy7pCxZOxKPl7OqyKksm5T/kKTgwrqriiF9P1WS2YTLRWbCxnpEUwRBvETkxm0LP/NzxG3lyNugU/ZzjIs9yOySky1Lp65wyBnk2cqEImpbMeoY0ZGZV/c8VYSUs68ViJdljDH0Sfpz0YdYJv0AXOxAPvBAvkCzC7cSxnzLSK0Fwo30lqQwgmE7CiDK25q5CiW8Sg/zPc01vYp0TuZcLkYcQCu9wCdL0KuxA7CjsQvRzghNCIUxTjtbXvSJCMC1kqOkngzMplgJWSmFvRmREO+RimSNGddNwkxwNTSytNpdV7TLIk9DkJF9RPbEOMnRp8zRjWFDRweIXHPLRGaz3KbdSuW0OM6lKpj6M39xLbz40cfFnRw1oRSda1mByNvqm0ax2ZTREpzWVLnZsd3HkouYPNwaMcXYebpfDZc4DSP3wC4ac4x98K8Ipdxlcxf95F8mrZIzg52etUK0AzWFbb4g2SguvDDtfYBoyIHLCx8IFq50uowKVtd1vaQAdqlv9Mss6l2rg0WpMIxyKQpoWECvc4CSPClFqoj9fV5Jmjq35UZtBBNGTNiq01FPGtqk0DkNEogUjgxkK+KEO+L00VyIq8gQPT3kmi6joSyTvTnnkxnF4Kkgob5y4xpVrQ+FG6+U/3vCLBJgt6tC6o0kkDXLrc0efCXDhYlKCrhY8Z2U8KUMdauMmgWLsothtnnJRFyrtPsLCTMzzcxNzAkMLrQDK47jSzze20jILZbLd4nkTzSVWaK3ljxYpZrCzl1jq4saYUsl4q2AOQaefjXJ1OyKVE6OVa7HivSYEwPGQYEtDWS+iwLkk/jMjaSUhTnhCQk5+GM1SwU85JkIYu5PF/JcJMtBoG0slI07342v7A0X2KCUjotjIFZhay7CUg4vhly4bs6/qbVd24xC+jlPHjRnTb6pIMkQ9QAnlsjiSdU9kqMYVbrcH+NPfCbQA7uiZLYkNUZZW8ZCaMYelzDoYkPAff+oPoFAN0eutPwYg9qVtxb5smlyvbEsSg4MaMD8HTmrmpgRCJF+v379PEGMwHfpihhVOXB+Dc9lGkXcY5l2kaxlXKIluCjbSp6WmfDlsWxmyK12OAQz2FN00ieOzWrVNlPF3grjwmO74oHYaS/lrx9Qg8Bil53Bk7h+N1vbtRnCawC0a1B7O7kV4b9gjMQIKEYtiGgQljPq6R17x7ExW4lYUklu5V674LGMKpubXkJN2aFFyG/yuK2EMqqEPpOiE6wukcXeVAFeDWo5vASbuejJ68mizh2xDcUghuQOks5+Sz5s6xbu28vobVu9y0zObhQDYBzJy+n8bj7akcQABXb/vGLB9uXCDkQXBVj8sG5Mu8e5TlPDdVu6eKDGYbBgrSubjtgM+U3zEFLP9i6froqxGy88c28929y7nNH1yosnluE6pCSN3CA1gIODDhI5vivR+jtLDaysngiVtst2DTRCczAb7NVaBmhzxl7drID+JpLW9QGejl3sQ2UJfFa7LOpwzNXnfKH5nkwC1EhGhQrFGCIU3enwsZkfKGnJqJNWYo4ylWRcg04tiR16uyN6Go9Z3qRtuUnKGbntkZQxCWJkI4g3EDqvaOHVxPHS0/Eqn2VFdM4R9eAddF/9rpsi1y6d7jr4GzlHDjzmtRPT/kR5G5jIxkAaOTHI4kc7h+3L/0OMShmmp9iH43WMNwCC8lHzi2Fzh9tj4m4rAFycWS5PZITtWcmQQFoPJK8+sHtrJ1+miIjyqJXWmE7fHQwz3sVr2VpcwYSxw1CM7iUiSveWK/MNNEdJJhTErhj0QF061a4mU9QkiSpLyZmqUr/lvMuaHca8nZ5xJmdC/TQrPTa9KsXRW5ejMZ5kuNum6swQBMw9g6D0MbKZMzdphfvwsKjVWdNQ+R5ceotN3q25K+wWbiOS9tjOPXyAVT9eHROuoWISfce0XeN3fa6kthMz8ItlNq6uem0/I8jp/hn2z/YNTAc89v4xBDAs5VTw2wV1MwYYbAVW6LlArbVsYjcC9/+QPqOQ9+H8utB2F2S3P04n2JaUq1vr8S7BeBrCyMquTpdoj2QdJnmf3IGod+WVx5QC3AGl9Xxsrkp2rJpfldz8zDZmjwV259r2LQfAOuxjpSXsiohP8NEVlMsUtGzdQImU8KY/y7/QBHJ5XGpeNUsvKckwurlcI4/d1OrA78pknPgZ42NEz2giUdZlD3Jp2d7QL7d0jHErKMDb34hQ+SecTGiaIoXVTAcHM8U9tIHeEQtHwhN2N1+uMcKHR+YF451xAGIYd0xm028M0PeCKkGjV4Jv40SjgIPvouCIhnSJGOC6Y+MkkcS/7sR9UpYM3X00P4u6e44XQZ94/SB9vqn/Z1bfqP15Ji1Qed4l/jMVhzoali35mXxtJUcTYQrMMooGfl3hQKaEGyuAcIDAgcCCoPYhTKhwIcOGDh9CjBixAoQKFSxYvJgRI8YHGC1irPgg48iLHjNWKJny48mRLlNafAnz5UgHKW0+oOASDqgfD2o+cOByn9CgQSsIJQgnTdKgBI0+HUhQakFlEq9izaq1IciRFjyWrAizo0mUHMvGXLlSZUm2JGHOjEszrtA3oX7YFJpSpwOiSJFCreuT4FPCBaMSlorA6tbGjh8j1ChZ48ezkkOmVfn1rEqKar2CHhuXrlzAMOEo8/mT788f0Zo25bu0cFAETp1SVUyQMeTe/74fftUY+nPa4BYrnjVe/DjKtpmfzy2d86VQOJp+7P35ty/U6U3fDHZqePzhwwiW/U6vPvJlkO05f3yrUiRZ52I9w4XrfK5LnSlduvTGMoAdVVQFRHkX2AOZ4EWbUAM9QNVUEzoAzXoX9lZWcMa1FFN8FSGnkVhkdTWZc8GBNdp+0m1XAWr9/TQdDq/9lBRSScERHnmG2abbVPVgGGRj7r3nnmX3paWfe/e9JJZzb7FY00z+AfgAajdld9Q+BXZXF1O3wQYhjxMeEI2QZ2IlXEdkbfhkcp69uWJ8Xin55Ir8ZVkBBZooA1NROP0ATXesKTVYUhSKV95hvKHZKFcnEf8ZX2XCjQadmpTKGd2KSuJE3U+gLGMgTkK5JhShgDlwXWGwUaibYo7C2tCka67FnFpvhshZc3Bt9habeAKb3Wl95rVaUD9saSNsD4AHpmEJ7Dgmo7HCSulkkxJpp3xdbcjcpt8+h5Of/2WnSTQxEpjTD6EmuKqqh0ZoWLzxDvQqtffeqpZY+zL3JmaVdZbkrvXVyaK4MI6EWrHbPZBDNASaChUoOTi7KoWt9nUvte2ZtVG2xPkaGn0wiSQwftpGSaVOoISi3Z8pBdpld5pQcGiY4+U2lcYbq3kSvydbtiRaRJJEonElRymdTgCmxOfCoyJbIGB8pWqozatCezECDez/HCt+khL98WYBl+WSckqqmGSw/C1NAcvaGXXUusvCq4kPrGat9YRSdV3ttWF56NlJ8ZmEGZ0f4ge0pWjvpzJNfHqXnQOuJUh1UHbkYDFBWScqoUB9O0rriEZ2bHZ+JRHcWYpKsoRiaQfPBFQFoGhCblHH0rgsX6qCmWhB4tX7OehoEv2Rk/2ibuTgy4l4OqZpF4znwZqA8vRfOSTL5aE5VpyUbXubl/HwQuLn5KwdH78rpDK5J6fzSUt5lMuza+Jyja0JWuyydq/qe7RUje9M2MIWv5TDEbAEbXQla8mcLAWutT2AeqaZDlJKdb+IKYViFuOcQGoTPhwEkHxfCw22I0qUn8wgjmx3QssKYUQanNAOKHoRShHqUSxCBaUn/RsTeXQT/8IgcYxwx+tWcpZXK5SAyFZ0SptMgEUll9BuaX5qzbno5hRNZM53FQveYUD4wwsRp03nK5vAAJcRpJ2OYB7SFtvgZhplwAEobWMWu/hyI8CAwnIOyJtU8oaxL15ojNeCy338lbihHe19mnqddMTlgFCAQn7TOdYycAib+rGKMInyoGG8CMj0sBAzgqOMEis1SjISznQdKhj8YgdHOcqvhjNslwMmJq+r+Sh4A/mkegQpyEKSUpTtG2aKSNRCB/6FgkeB4wTvZ0G6CaV6gdGkmC5GGE/yMkPrI9Hx7oM09o0NZM5z3wrHRRNlwnGW/nGAgCKnrAfYEjZ+VJQukZVN3/8Yr0ikLNJZ0Gg0kTWHJaVpJdMe8Mr/LE0oQMifzAgSyavtcHMXw+Y9HTOZk9mqVhwSGIms5bzjsTFl8fNPOie5TmRhEFVB4V8mw5eYCdmzoo/JVzADd9F/USqckBqRW1AW0nNOcRlvAFBCH0C5PynooeJRUGFy5gDsyXSmtBpO0BA4TsKpL0lIS2T0kjmlgkLDCEaZYwXSQCPWECqewGsqzhLjg6g+ZoCkAw3hDLmW4Ixufdsi6FdJY1A1UGlUD0gDQ/WXFGk6iJPggylcLcrAMKIETptCEjGLJhroNRGZellNNFQjWKTAgV1WrGUWo+XBtQokpo3Nilzbh1PLCnP/TS8BmNp49UClUSclQp0iqtQgKJ2g1SgPHW0PKUTR1UpEQ/oKm88kg7rZekwmbfJWcRapTLnUpLNGwdJIBIRUPb6Lh9/jonnSgFytuNYs87koTbPlOjKibaBJ69TUfrKMIrhEsA7w7QW7hNiGahJjDjDvedNEQI8hKVdpQQ77JJPgM9aWiQaji3ZHlR3vAldmyugeD8X7hgJjhYRC2wik4iLQSS0QwrVV5eKOOcl9+GSCRYGDoPpbs6AoY4dGqSYXpUJgEE+EtsYRJpwos8SRICmfbTEaK4MFO7hRYECzLJZ3Mdid4R7Kc997qUB+DOSHZFRSycvnCS9bq4AtGbOM/6OSsHCytH3kYIL/ccCLUKVSB+R4mvBq62G8/GWuCLk9yVOeKIfTvJ3W9r1rw67tHma/vLhow6M16FJt5iouI+DDfwYzpAhGRMC5CZEN9ql+Ngq/daZkHwyDWGhjM9ZotnTP3qOQnzetEDK/CS2WKaJ6ozvdzwi0pxMG6gMQJDsYStOSOdHEDv3oOfNo2tYMETTiTDic9XrzhGlm3HNKw+b8ZkfVk4QY9ZCqvxwg9mocLEjONCHtR4GtxKMD2wEDSuJu+VSNmZ3Lky0IFApST3u3+QGzbeY/Hicm2u9OCIrTa60ksi9ESNZ2Tq/dZOmcUydb4m5CQaFUK9sEk6xyiv+zwZeJhS9kaF9TC3vtusRLqXnJi74upI161vstLYaWFIoPmK3F4rYVDihXiMdaW76hzaWB9iExlCgu4fiR6wd9mp+xyl2j+k6u4F36ncW4OImhM/yxZgSb0Kpa5EOubmRA5SuUH1DDSbYrGvVT9uTgANEthy9nCke5x/bZuruiuXBILJrqtqWcfQsrtz/hb/w2q4yhujopBE9s/7Q8FXeDfR+iNF97EVxkmdt0wd2+uBP5/aKESm4Zdr+zUYpgd//tKGu6wTzY+y7owDE4sodTsbcEWqL0ZXbYOKGxsSD2AGjEkUtUS4PdrQihZ0ulAbQf+ghptc9InR26RwzZOIn/M/PYuSiSMXLzT5APzWM1H6KWLk+9DpJ5Mjv3V78aGHypO8SYW4r8CK3JlZT5J6Eq3/2kAeRVmv+gVqpknqpNyu7dVOD0Sn4YTt+RUymRGn+MhCbMXfHhhPltXVC8gRoEWLz8zqWx2/TxXaehBeeNTH4oWGe4jhk9HTLxW7mAAnchFQBOGWD8AAEGmMF1GAJmHswNUsfU1HMU2u0lzuq4mDnNRQzt319InRGAnFF8YA+uio+YXAIOEF0tF8hAlzE5F7e5xUC5kOJNR8A9TY3g4FjdxgDuWaVRk6KY4MIBW/FgX77UG8uhCK49F7exnRSBQhztHwWVlBW9ARBk0nhZ/xO7ASHYyRUJTdzZqQht7cqKbUs50cS3pURJLc0k/UAgzhDWcc94GKBLEcQcvlsK3iERNpfZMQdPKY5G4V8b/cVBcYm6pAaAMcuXjJzm5N0nJCDpaAjg7GFkiR6RjVrTIR5ugd9PKIMR2JH9rItPBFdShNfBLdZLoaK0JWFrHRiDpZKKKVl9KBpGrU1gpYR2YcmfFAEx4JfACUXtvOH3wCF57d3CnY8Z/QxlqRgsvld16Z4lysTB8Fs9vKMUAcoy6AgbOgCDcJh4jcnXBWHiBA1W5dMDltJyrI6SAF+EuZEjkYt2zVHr5eLOwVPmvKFE4dJhCN37jVhzNRfLvQUw4f9bZHGV2Swa/DiAdsHNDAGBMuDXDUFFjsja3bkUApxcECaZTRbdGiUQBPbhN5URlLgYWVVAPTDMOjFLKJTW1g3XUlGFCOLGhNxjKjaPZM2fHhJSZEllGgXObc2gBeoDuRhLUKhBapiGldlS94gglx0GJQRjCdFb8SQPMSZPXokh28lF2xxI5Fwds/REQ+WQrG0SPSWcFrJcAZnR6tCK73WUdIHMkPnUt2miQhIVUNgFXriTNTZIxVTmpSVl7cEc2fld4VGi9ZWjmhGU7MRMgmxXGuSiZH7cocieNeVGS9be6KgiRg3Z5x3e+7BQEv4hf0RNX1VHZFoZX0iaL27RmMTgJvVNhnJyjEedUK9gRvqgnR9WJVAUgWgNIgVYB16wHkGEig92jkpyUa2lIq51Ib8czuCsUplZ3JOAlLdZYEqYFbjNUv9BhUr9l1HC3uUFIwqGzSMaI/KUTR7SiRKSXl8p05XQ159QT+bMZwXkmH2uny4VRFlKGx+K0Ux0pmckUSX6XmisVwXqJPHZj5T0X0odVu/wCByy33fyHSU2YLxdaJGpEUaN3sRZl4emxOnJT0KNqEkaFETNk1OxpBYu0a6t0lYJXoEepjIqnUB6KLjVWX5dHYhe3Z/sCZD2olMNhET/yuZ0RaLf1R8DRqBocKhedVVcNo0pPGYy1dIywKNQoFtR+qViSQWL2loQISF6vpaTGuM/Ih6eJJ5fRZGaEggo5FnlHIvWUV6W+SUC6Cc3ltjfGZGRpZJFUirTIZp6MlJBeZwGAgWowIZK/cDrdR1bYRpBnKqtNVyXDt4h9QpdBQxeCWi3fZ/iBdxNgFsE5c989pxrzlpi3GewbhoiXYoRwWLpQBgajUXwndKlmhNMKEMGQisesQs87mpK3hKpUoW2/tkYpSpHjaly8KP1RWKKLCOgwg081c5jsoYyhALI6WAmPOR9SshA0OuXQRaG5qHKvZzg5OZUMmsM1lw0rN6//+2FMnxcu7heSoog3i3WwwIZx4RIdI3Ya4XThfqnKprrdfHHK01SsQhsXnYH8zkIKf7qhKAsiNkKk4iSrmSUKYUTk1gin/6pVx2FicKBFIHbJ2LSoJAK5IXg+nVYpgUm9onZcohZEZkaQCKdDDoQ7NhscP0EMeSRO9XIAG5dztzGpQVtgenhtgUTi5lMibysnVxss/6H1HVsllDA7GyCLs5GAa5kqdbteQXaRYbavRVOMQXkrxVe8GVi5v5AKAwVtAIFwbWthUkeD8LefdJa1+ZU3/VTvzSdfHQL2jhJRz7pdX1iHJFfUVCtZNIZU+jY86lk+DQucv1MPg2RZhhh7/+ZSKl5JHzNHKBwLqfWBNUWhR3hCA/6INBRhWrx3WW8XEWajq6U6cp209Ii3pPNRDsepAwZlc41FFE6yyZZXkEE72o5GNGo4McwLYVGmFYp0rA90brg15zNBOi+E2s0iy8+iLw41fw2lky+rkXmy/2tkSyeUvf91GKORBEoAyI2nrpoQhyZ5BvwojwpMEQyMFzNZhh1SEeR0p0GpOoQjFTO7EyoQU8kU10WgdVN71AuJHn4DhaecFQRCTANEthIariqJYd61Mw9kU7wBBDMz58YwQe3i3eEV8+aIvAGo3LuY3RmW71t5OKYY4vJIJWghnwayHS8wQe/zCX1cM/Obav/aC8d6toqXp/SEubZdWRuSg/GwWdkTlFRvAEcrJ4VVc/1yimfHdd+RgqoHR1FHhqMVqLFsU5IQamV3IWxHMwa8+pqXkcHRhQjFsQcp2LuCaYdlmsRRuJGmRrgKt6eAPKjMQsbQytsYNn7hg9qIcBbuaSvidiZIU6NyiQMppkSl28zQk6GORIh267bVo2iWiEWPlXXEnGgNSDYwnA27+8F0yLL/IeaVkcmkK4t4/K8GOfekDKqCtkvJ5Ky+t5ZTjDZBsuw/QftxFjE7IV1FPI65pBqWoxiJTCX8XLteaOvEM2RRTIxQkkrmynNjgvIxk9dWsc7WlGehXIc6w1U1enQ/zogybAu0w6x4WVWImEqf3RKKEzdey4IHBAg9eYQU/VqW0nFQFOfeLbwNd+0bNlb/+pmH9MEREfMzQbiON+GRRdl5/RlQWg0eN4vryjPKG2oECVOFzMpN7OIp85Ep+jEB3euUOIYTO/RsxTXQKTzo5ZQ3p6S0YkTT59IScPFwfgHwR2sp+TcUgDY7MBxHL5Uw9L09gLMVBUxQKrSONahJS/hOYGuDNkOBgYlLD2Vz1nhD/8wQSw1yikrpHpfYAfkJL8lGM7uuTrAFIvfFNU1NcrM7ExTZa5Vj/U1HR5YHRbhN43NAU1XA73lVCpeM4Ku5HxzLbH0oBgFDqQbmPBRtP+McjCm7hDux6yo0Gb3ayWToYf6Rw5noIIK7GColH+IaikGNLRw0SK3KE11ca6lj+EQtrWU2JPG4E8YAU/0JHfBUWPfGcExFVQ0bLRUtmsbNMesMIR11H8vkkcvb+ntRRp8sIxBKxwtJNVMHgJ3j4ruMnIvj9ihsp96lLjya8YqppVYx1fJjz1PYTTpLpdlKWFg5lk33CjRG+Um2SJtVIrVCWn+xCAj1nuqnmlb2Q9kwvXGmigPBHg/qj4OI1OS9GYfUaehTEN7OEwMcv0MIh598pQdy1daIdfdt4m7JIqXnfEq0JDz3mw5MlxiHDNnWIJArT8z5LvCKQdJRV/WC5D/byuZmbILLvF+w3NNcpuYdlXIDfKTQ9F1zFFTvGusRag1TShttscC+YteyTDGFnNijhQUEXKIGsVuAzdBDDKKEkZx9phAwHm9PnU4GVAYOk84wh9Vm2umPs5vw9JfYGB44NCgpzZEHSBBBKbxqu7QKNgDTtw7G7OSr41NDHVE62Ct6hcVpgEuH8ZYjslA5LdZ1tsDlnd6l7q9hbFhUyUzRlCfx0g0Epw8XjrPKvtYjqXnbLEdomCr1hRZiCt1ATawn6ukJ/sT6SBPYLf+MIuO8Di5g8+nf9kCWh9zIjl0xNvLeqSy/qt0wNFQWbfbYSBrdAlLU6belKqtT6RyypVU/3OLiZwN4akNGK43oc4OHABBNErJrm6YM+f7uC8u+/k7kAE8sLV1te30BBdvdEK6qsPMB78jPxsVm0Ye74RyB/lqeZz7EAqSHn+eJG7mgJMxptozsduECM/1fI4iHJruYiHAywutrlGVzNm2nYO5kRdoyMcPwcGBFH5zQqmBd8UNoUg8FlcTs18M6gomA3Z07o2rtVy2bGcsLWrHt99zXrqIBk9HNWLRrB9gcU7Is6uzEr0uF35mqNvWNj+HnkdJ7RbBZv3bB0pT+xqKnj0kedn9HQaNaJhn4HXUzzT93zstlbjeJ9cX/62xytfSjd2S6UKf8DgiR4/QuBptr61sHzpyX4fCD/PVIF0ChSYAgVI1aDR1pcHNPWL40ES2lk2v3IwS08T+upjHJSGnvEsvWw4ffpdsp5CSqmXy//7QUXU1UyTZgClHUiU3ma2qF0EahILUxs91PGiCAASoBw4GFnRwcKADBAcZKnSosME+iRMpVrR4EWNGjRs5VrBQAeRHkB4rPKgAoaRICyY9PlgpsmVJki5HmvzIEqfMnDp5mnxgEg4cZT8pPChK0KgmI5oGlnRQgeBBZVERVrX6YGHDhwg4dvX6FSzGkCdBolxJEi3ZsSNTspxZ86zMm2VB5vRZt2dRqHDShNL7UyZBUD80FTXY9MHQqAkTJtB60PHCrAvDVrZ8maLatWhhwkRpk+bIzyHd0uUpE7VdnX91PoBThClUowVLgkoDp+lighRAUU14Nevjg1kxFzfOUf/l27NnXZpESVIky+ek6Y5GbVo6XtV3TT4NCqp1yaPLisA5OvtoDoFXqTIsKNnh5OPz6U+ka5Pz5uh1P358/hw/ttSybjvtDJytpAc0eYOp3Qr6yQFl1HgDwgoJIky339oL7jHi6vuwuOTiAvAmkcxKqzSy9nMOr9TuO7CnGDWBLcbZyIPDwaei+gHH9nRbKCEg4cvqABCNtEyztGB6q6aW+gsNr+f2iykut3biTry7nlJKk6dyQ3BBNZBarCgMD9NKww6Hc+DINr8aSyWaaJLSSc1K+2zJu+ZCDcAaYeQOlDfgcCrBBNV7A4iiFDWIRx19a28gBCLdajg3Ld0opun/khNtpCX7I4uluTS9y0Wf9lSNJy8TAwLHBI+CijA4fjizoDcofNS9h4SbjM1LfbVo0//kCm3EmEqLzrPr1IqrRSx9Yu0uUOB4o9DZTOJRkx9kk+0oIN7A1aBcIaNUoV/NtY/YtZZctsknmWvSLQJTu9JPLGOdddvcysuWVoLeSCNcDSVdk0OGPDz31+TknMm/Tk1lkq2G43SYLdBOK3U1wBYctDtrH/CWX710HEhQcCGtilciETaXYTgDVA4t/FCy7mJS8XTxXWeh/UHaWb109QFBNZFNt71+YE/cgnU9eGVLU1orQDk/xWtPl9G6ucpmYcT4Lh5lrdZLB/gaLGyi/xU8OmCTxzV4OGWavpSzl6fe70TosIypYhcx/jMvk4Se9VXE3ljKqQej4lc39zhcnNJo3naaSrqKfbozUvPLDkopLe6zQGdZzTa8gmRV7MujZD1ZQ6yoYlwheh538/LOIm5RU7ybo87A06zcu7u8XgOPKGuNXibsM9dLHPk1J13TAcdfP9I0JUErUfphK+e0Za1J7TzLkuBQI9ufv8wWmgoXFcyHtNP0keC2n4feRP5CnZ3FpwW8PfrdhUUt53pl+t0nBCmUAwYjEMOQSUG58dFAHEMp1rntfSCy36emZpb5Se8lbJnO5vLGO71xpyjZGoqWrJWt9XDLINAwWZoYw/+2yUAwgvW5Wt6gRJL9TQcufGpS7ixGLxBiCTzLQJCqijIYphjuQetpYa5+w6uGSAaGMZzPplQ0Q2ZtxoJ7Shbe9re77cVIVaBQT5aC9xMjLupVDlBPVc70RPbB5yCgkKIMQ0MnuUTsdi9zy1y+qBZ6cc5/PlFGBQQCGCImhkdIjEoFGnQyggzMYKpzIwKiOMfiZI96yZLdu57EronpTV70AmMFQkGY7iHGAaXsTcegAhX19It9aYLjQjRhyfmo64LN2U/VOimg0ZTGYtfhnrMSNMhCEip4ykjkeRbDSKs88z3MY15WKmlLJC1nLXWzWp3uBKqx3K5KfNSan35GSML/sBIxDzCihYjGs90gb30ICc5kamnNS7ashhbsFIoalqIrApNqX7wStB5AGCDYAUGoJKS3WnmmRrUxSI2R5jwdUE97XgabGJxdn7QJHW+2xVinggv3eEKYIlCIlQJUz20MgsI03MqR6wtS+xyQiYtiZoZVxN78YFI/y1XtjsPSXSD14jXchM4BhDHCrQoXlaXCkjGQVNqaLHrTsOiHdnBSTtQqyD+fflCkXNMJbBg6m5GBRBN8MZtZbwPPZ6IpPg+pqlXfpDmPxo8n11vRFneYPx4GsgI8EhRtDPmA8pTMrETjy6NYqJBJse4Ac6VrV/A6l4x6NJgt4is4QepB1fzF/zBBmdYPS/JSNRRBkQN5TRsXM1WaLuQNk71q3KqX0cp9ynL1q5ntPBujN/AIXwJ8kKD40jvdLNZR4UpcA9VUU9mCJXK03dTCcMhT+/HnRTIhkVidBYelaCuAgTHCbVDbTB2djrUCa0hkKKWG575pq7G7bpw+9UtR9dVO3DXQz7KFuMA0hS/h69hiBNyQtK1OK/OM7Xu7wq746iezPxVQVlE11HqFkEeoJWOCXvO1lh4ObcmDphsJtmAGYyqnc8sODiX2FhbdLF47RBUxAcVIfAXvvGkQ8AFno0TGPnKaDmRIGk6MHNPsEj/rohnV0rLDsN4ulKmBVgHroqoEmbBjX/+q6PmSt8Q3KoTIRdaIfGWXHRHp0kA3+2hmhalfQT4gFMFr5W6GJkYtF0QxblVvXAsWZjFjZDl6xNvUFuZLdV3Mj8YaKjF/JpCptMYn6kyMtUZWlKmo7zFedqED/PxnixyaJtej3Fj0+aIAyUtvFqYxISsgRBS+SoymgJBsDBIKXLFxYE6cpUJ84GmxUI86GbTbX6OHIorZjo/iXPWkQUHQBAmEeERDIemYGc/f7Dmpvr6I/erWU0/dFW/eBGcffdjba9W5sGkcCunM9pTe3PrAKaMUDrT9aSpu976JviOLO4jdHrZZNV4qihFkJZBqRdqYxTPrOTN0suCsbzI/qHf/RXAnojtWNtycepiwRCluwBq2v+hJLCMZWZBqm+mtqXst2xxA74nbh0740+O6kkyW2u3ONICUMXeBi9CDl0Q9r+TxUX6AUAccxa3PZC6vJP5yiRwa3JmrE6I/ik2cLwwwYuVJUM5prVeZ84g8vlAmGv4jabKcSE13Oj5PZfGKUbDYVQtmhZfdu6DJimMNTZApC2Py3CQycSpvIUXX5PK158ej8nta3bgTv4eFxmLMQnW5XfODpVjZQYQ553nMChukKZflS1uT058eaC4qaTOhNvZmxlmgC3PnNRMaYKTLw6PCme2hSMsVJBH8EMO/HKvSVXxP5ddJFkmtWcTvEzlt1rxave/GpDgacK0ANrIfa4W9Qe7V2vdnekxqd+pO7qCe6P5xgYw20qri0W2qbboilF1DjoE4y38/8cTb0bKanTDWdGL1mPHtg3oCPGTF7rJkWrxFzhajuMRF08glrhyC9PYh/+ILWahkTr5Jh94u+e6I8k5pKEZr9lTrNm7FQlTr/SCKjdijYJjG/mAG9ZosT9qFSWgmO9zMf4YCdIRnNmKPQhaFaAoMKhyJ8DYNAkkvXSywRKbHzHSKfzToaUQJCjFGIOzgxnTEKfAOtc4EKgrs+pAGjgj/JgJzbp/G8NsmjEWSDaAyECeUDUb47sYSxCeypbgMg/N8DPTMbjia6CEigvQQb7uWT59mhgmDKlP8LaCIyifKQ53ICI3kcFbMCkIICBJTUJLkKcFcKAwRb12mZnbu5yx0Loc8yAbVYFCG4r/gEDwELDdkI88OjH1Cb5ac5+U+UQwzSAktC81g8D6yBvz+qnMUEXi4Q0eGJlsW5TBIJ7neSv4cK/QcwnXWjopkRxebLM36736KTaBeb7RMUYCsTIyCMUegwsdWaFccqAEcYBlIb2ICbU/0iTlokRP/7/FM7cn+BA6AgJCe5Sc6BgfRhvMEIxk17dqmajKgoQ+PcJPo/+cF7+KXhi3VYqRGWGNGXiljvEQgDA4pXuWVAi8FmZEh2CtlqsnX5OvfvGmLjhCzlGWDmIWk7gJ0jkm4ZMLRtkU3GE5tyvESHUIkPS16NgXuYuYkaVFPqIPyeFFnFtGUhGtkCIMCiKdC5iz32q21JIqmtmIn/0y6Im8Ng6p2Joz4QqUGr057dEKIeEYfgeYijYtRhgbehENcHnAh5GjtUNInL2eGXownYg5j+mfZSkLWCC7S8uWcSIfSDOtbMC1DnCgnEUCyRpJ6kC+YRmNKqJETH8avAnDVBIL95Gw2TKnZIPEoWIoS3+oth2Q4GqAxeVITxxD1VG8NnSUGOeoQRf/pZ15JEXUCKQKLGPfR+gxL+pLRN3gvK5hLmlLzzzJKWLYL+QKqDMWpusbPBk3i/FBqW5yiPDaS1gzjpVDQR7JClijFOMUse1CvLlWPUxrSIckP0bKxa4YmKBJKuIBrlSYxaMSkhZboTBRzTQ7AuZxuuvJv7phEt/bpXdplJ5hjmErC854KmWSDRpiCxxy0Bw8sntREwQ6yLi9L2MDN5lqEOjbIEAMQY1il8lLFJwSF4dqt8hBoxCLFRb8QPsKzyNiuCbGRDQ30o0IUSxqS0aalAtSqjK7wB3jkgLJEbNLgJiv0EifDxFowQ3uxxcCto5JlYeRu50jLNVBrRgADnab/ZZlKkIB8Bj+pooGWRzGzotPqLbr6pC51NPnuhnfECTNlQhPwkQCN0XR+ALHmrDsIEP4MzCGiisQQIE21DQMtDusI7Sc3FLcmc/n6UicGQ51uDEvkEGAO4yjWg5kcKSdfqwEK1dewCa+gBLeCylS6KRufrB6xhACBhxEHIlsYSuAqpMCMghy/jOVAlSd3CcJmp1EF5IpMT07JzReLqDYe8RQXcbAypIgwbYl4pRJ3Te0mDlGF1YYestQEMUUOFD/6kjsGadKSFcNOKyMHbJDKLqY6lXnqz1AhTxoLFO6ecxM7y/uI1fXirAK4MTDNyDUARkXRkSMFknkeK66mVU2B/+1Xteo0ovRUr8MotaZAncWUFlFL5mwZKOBrFgkx3m0gNvXalOfs5oldR5K2uCpKUlIGPWV72m5OKxbkCqqQDAMO85Ff6HPzlOs+VxAWHYA/t8/+hO1XM0kDGRb8wFKzWnJvhobkfsjSKgpw9hHWGq4BXfELW64PsQdq+Cm/XnNejVZvsoZ7SNQsUShaFnGRFgPl0DVc5G2SDkIdiQX5NMlXE+88ORB3Cq0DTxQ3bjMwL4QpxAg3u+Oh0qgjAbVt46oP47ECvS2PqlFZVA0A2fNHKQQ2EIM1GsUOz8PzEDMqlg7IdpYrDo80hPZhvu1EeJUWLRA7coiYdMK7XINa9v/VX3ADXI2RILbzTxtr96rybaXx4pgMh5pQTj30Suqxb2ys8vTxZwSl5MYEPfyUI5mIXBiHP0MX+NbRPLdpdF0sbqzuMSMXY15DbAZFfJzCW9RDZJpqtAj3PjNtSZ/IIIHPwT5UMyTmQHOn3+hFpFaNX1YrvAAsDUruMGTjtyjUwITz7PjMCBWmYSjTn6615vBEKw1xxg5EUp3PkBJksD5TZEQnxPpFlj7WNHXy8OKiDEvtJXaCKCfsa32IDWsMeRuqd2Sl6z7sbDAVdbrTLReiAayXWq3GFr/NdAdtF5czClu21czoDT0mW4hU5KKCbIDzDh/FNHnlKmeU38ZQn6b/p80mZ/zacXVb9ynycWnzpZXcEzeQApUKCV3xkCDb54pPbHsvMEl6Sav4il6j0F51YmJdVR9Noomlj08FYxLb+FnNlHlklMEQTxOPxeNqsEP9ihfntKQMzhQ9RjbAY7A47yiQkWi6sLnWpIcjxOnsSlhlhojrC7+62GiLpS9tT9Kq5S+GYkKecjHG0RWjIteilVwU+b2gbl4VUlkyKHUftoK56z3z1e7oUNLeoLxu7ykuDek4FyeDzJefC6/+ELsk025Y8hqXRSwp2SdeQzd7wifMkl9QyG+l9q2AZHX0MD5Qk/sOze1Qdo8oJxd3wq78pycIsOjKiA7PSVK7sSC+//SdfmymDneerlm2simr1PCOrwug6jU1/M9P6rScnUU6xSa4aCOpVsk3GhBQWQc+bOp66ZlACRROJ+hlxklZ7uaHJJXgZnVRBBptjNQ321Jqz5RtzhEBmrRdcbE6tvl33SW7ju8xTU9ycQJ4mJdLaQ83MBKJcJdsceXhPhLtHMKkfxalWW/10hBiXhpeiA0nTMIUi+v5gIJCYLKhjjS92KNCCW8hdFXMsvkQM0hY4nXYUDmkdMebiQl4yPmPS8sIAJbWDEJ8oeqZJmN5tI+uZxQhGTn1ditr84rJvEiszulHKdVI1UqJzid5ezNd42nX+POx5ThYDDGIVc+otZWIId43LKWwJECnGwsFdPouQboRcRiDAgrXcCWFdRTCYEnWhIMPGz3UK412j7YyG3uichlJwyJNL5r4iI5uwMhGsd34fX1vnlV3tROytTuLeCcnt/iGVWpjgP4LPJIytwtCqqf51nRPZxFguFUzGjvRSVRY/yLZm5EbAlZNJgYrlve1NgrqqBwkU0cTXKRqouJZIUb2OI8M+aYjeN3FPFOkok+DBscyS01iGU7pPIZiWWkNKUZomj3WfS1R9Nz2pDPutiRHv0sXL/1oRXzRQNLZ4IJUOnMaatHDDhdIevWzfVj/kGTpxBbreG6JeZX7KkDzdjBKAlxTpcBZynZ/4tJyZExEbEMckDJafF4/ybUBDq9Balijh0d5Ymh2XAdN4pUQq3QkTbRTDoEdwHMhgsg9LamNmG7vKnsf1zKNufWOFWaxxAoFoqxkliDWCISTZ2D2TNdKGOqqaOOQ2xoLUR4pmMNlsiQmtoM3vTAWsHQYLiE+WfeakVz4s5QlPPz2/FpPl8ly51HHmsY+3De5A6pLNP1+YnAR82PhWa4VIo5/2Xcdhm5W3XF1ayUruuPKtgKAgC2X+e6c1u+Oojwa7pO9zJ0/V9d81lCHbcyxi+ZS+D9Hapxi3U8mtjxqxMAntYML/4LKFWhMA5XE0M6ng/25kDw/GDcehw+7nHBOI3as0hwEvU6tFaS9RWZa2Dne16Yq4cjeG/paaVyHYpCLoVPm7nash+q8g8YIdPAKUYtsyMhfgICdddrUde3hJ+u15yYtXL3tVC94Oc7U+MZvjgqt0emG2RjH+lXLojeirGLXeFYh5LLeUtsatxJijQ1VkdtKytx1wSsHpTx8oo3StvAHPBa+fzsPQVee7S+yLU5o94q2WOw1XZrGqFA6AwOZFjEfE8u9bZgBgXzed42h6Yq2JD4nlK0yryi7vLl/PmhGZhu8ZFnSkjL9rP5fvYyB1JWiFmKru93IURrstUPyctSvXf8kygAZX4JRhgVd50dGnYrmTw8YwXjFpx0AqHc1aynaKOMxeAtxSlS4c0KhLlyN0CcNQ14VYHv+Y+NbV4JsISYB+OKWDGGG0KKrceFlVRdNmXe8rVFDIG5TY92tX659d+Nveg/itIX9UKt0frDu7vkNfzaw0IbK4Mb2h15pM1Ul0XuDW6L3Fat2nkZ5++99foEYq4YXcwytyQMJIH6AelDhh6YKBB0gJPigCJwHbx4mfECB4o+HDh5k3MhRo0YHCTo6GIlgpIOSJU86+LGvpcuXMGPKnEmzps2ZFipUyFkBws4HOQnq7IlQp8+iO3/m5GkUoQWhSI8KhToV6UGCBzP/LqyQ0eADI288cvXoVeHGsRs/miRpMqTJlCodHEhzs67du3hfEk2qk+dSvkuFBh6qk+FTwoUPI60KlGFhhEauGnlYVCFDhw7gpJk4sUjYtCM/igbN8W3clClx5F3NurVfp7CBFpWaNOhQn0dfN1a8NzZPxoUjIoQTtqjjzGHh/BhL0WMaOBUzRvcYei1H1GuxHzjJsrX37zWbAibM9K/hn4h9OkZMdbFx9wzhFCEYsXlzrcoraPqRcCxX5dRRN111ao0WF1tsqQbeggzuM95esslGG18E5eQTb34RdJR6fa0Hn3FwSCSfYyQS98B+zFFnonQBlqbWgQeixFZKDdbo/11sDzJVG3o6PnaYh1TZNtR6RA43XwWavXcfgKAsVFFF//0AGlciiYaAlaHBpVIDKClo45d3vcbThk0pJphQuPHVV1IRmvmYhm/GCQp/+tHZ3wNYLbefVhl5tJ9GaIFWoHWEqoRdAyOBqWhd6MGmZnlElQfVbEoiFpV4H051EEJNTlRZnQ90WlFzFe3Z4ouoZlTSAzJmZ2hJi8ZK05pjlokmYRVWWCZ5a6p3mJuVxvmAMoXNSSJDoXK1TJ/TadSkWfehNdqLhbYa1wGyZgvTXjp2e5uaPD7GoYdDlruYbYydgmcFAxkXHULKENRun1xxiqeg1ZU2UkgarQoXdnFpK//wPrpZmFiuTF1YlaM7/vbrehxWypBADC3zKYlN5gBKn9BmpMxZVYZcKILanaTMwNmKB+lrHfI6mFMk4liUkO99aFBR7ZII5UA3M8QnuwEOKFK+bml5mmnRoCzrgxGyGe5TwIK7pnuPvSdkke1qDCWeo1agsbweQZmRxiyCFl1Hq5r0UUgAb4cSPUrH6tt4urZMnoSUjlurmejWvN5kQmkSc3M3e8WcdGWdShq1Ix99EqInx60o00H91RvUvQ3VI4Xl8k01Y88hJJC7yGIGxBv+WfbARe9KR5qLqsZuLXYlaSL55Jdr7iOmmjeGXprnfV71rTGPWAHg9a5L0HMQSTT/qlkOKT5tvo3HOCMot4MJGMIzd29r75ZOfauj48dcFIoPqIG68ghVZKJ8lsX/wHPQTkfB4m1V569pj5fUgO3Zs5GjvFWwRyFFKb7j0NV8tDDghOow9akMst5ghAdo5l4IsQyA8JUq6rGKUAAzVCYCKMDKwcw2v6qaAhsVviFlaHh+qxr6jGeZ9lkwLG8AwtY4RpwpEWh6+voIwGS0HTiQsEZT89aadAUpwRBlN3ACTtQGV5RQxGczpMtTqPjDouj8aUDUoZ7++Ecy0yBghEdkELdg87BeMXCJUwtfCqmmQODEi1PLQZZxroK+hQBKOWkZUKDCqDa1/YskiCoJXdK4/6CW/YZuukPhmfL2xHJBZULC65l+SFcvBxhrICDL4EDuEzZ8ZUmICLKe/xCwSEZ+J0fb29F5XhjH9DCMNlR0DBDswJAmSWxYyqohx4DJLMUVci0Got2MHOADV4IHR1JRDArVVLcfPZE34qraApUUwQdEY12qwxnY7LM1UFJnkPgrY7VmlANnvpJllhPTpSoHlc1dU3jlWwzygBkzy4zyYxmUVrzK1qKhGbRfhpLLSLbTTHe2Jim5mSSGqHm3wwCPKVVxUwORYiKdjNJJE2vXKFW3M1MWdDSH1FJKVeJQ1zjRkb2z5oUg2kJchSujwYpPHjVZQzxRzCAkvZdXSAUo1/8ddGizS2VLWbPEeNZNd5b81kXh9Lm+CQ8OFSxIzi52Ea1yDYOr0wQYRWYgGLkKNVxygJeWehdI5iYx3JLNX47CK8RIEoYzixn6utqcrTTkIV39mUYwc06TkvE6H1TpjNialwES5q3gw6tFjWNNXeWzkkrq1PEEx0nkNERw9ulTRAiaTmMaLaFbQkADGIuXWkVqagprWG2eakCMDs+qC1tGfNanpBvODzpgrchFhhnIdJrmRYp120mWwVq7PAhHTaRaufRGRWC1J2bEog8Q+moZ9/FnRKGlyAVbRxHjEhK1rTpU0pp7E0zNFI7S3FGalGg3aW50ozkjTm+N5Fut2Af/fqQs7XU8aB1lIiBy7A0PPHMVx6jhCmrm6w3EPmScyMRnu1mkwJ8AlMF7nYiLYTupddRi4NMkkksITvBMxAPZwaQwMBC258vIFSQGX4YyW7QhxnSCvu5S5E8BFjEhy+oq1AJQxTiJI5mSSNnwQdGa4fJVzT4UovNVSivEwNOzOJORjRVWI2djHEKPll5E1g7JNLEsy3jExMcqpaa82WjfiNTRLR7HOL78U+rs1Ukhv27IRU7r446M5m0VUDZxvBVdFX3CS1Ytp8LCai+FVZSBdkp+CvlY0ApL4CIPEb1oLPS2wpXEW1kOrvT91qUQba729DFed/LPVe741YWYU1qGC0XoBwcMo1U64A2i/47JHKNJW99ZzjCOiVj3rusr8yVLKFtln+FuHTav2C+MBSXwacusyGAbWmUPeq/T5FpXmDr6gJMikcVEF+3kRY+nnYEDBx0gtGMyDr0z4lIrve2gR02SQkIyz+9gRsdzUdgxOdvn1ugjb2t/VSMmihb+znsSXXs6kSRpKL/3QaaEwXY8AactrXgnPIILhdbdVFLogBZarpzucEXFNoH0tcwyprWdG++3w/ii7Eoiuj3NjqGUiffoBwAhv7yNNYBGC1I8vUENpA2xQQ2pL24vtDsbb9TO5Tty2a4ZfD0CDnyiN5yshjMjmpjPRR4eHQCDTOawc4sZC7zMtXqbVnVjtf/dHBgn4FlSMXSVGJLgUJT8UHHDn+EMqAJMJQOdt4PpPTGscj7HORKFrn/J/Gs3N1l8Nio+R7LzxSrSKcOD1AFXebthkZm/ECrzJDl30DRJTdMY2jSK2LTswa4KBCvvd1g/5s+7uLas8KoeiKd1HFr9F3uWvRVvLpst5qTmQqsdkNJp76WdMouQ7PtsLFsuGzphpxG5yx1Byj0JAmLvWKh2CHPkciGcgs6exTjGTJLmlASTVwFYX9pneDJQuCYa90NkrFdztJNI7PdCEPZm5gJju1FTTcVge4FLeFQxv7RJoZIDYtMfIzURYyVzYWQt1qMS25FiwYYp9KV52PRgCWT/cnFycIVhMdDWT+zmLAshPwYRggKWSsg1d2mFEtBAee+3KzbGQgYzfbXEHjsHJI+RMzz1HnylWzt0g+IHMn+WFv9CYmaEccSQc+CyaPG0PXG2e/NHcOh2e0hxdEKhScfRPArxUXzyV3M4bzNXPWWWUFyCPRtnQvIEV5TiZqcGLkGChkNXGH91Y7kUIquzMamDJ2kQFl8WZq9DNLHjactEaCnoNCbUG+KmhMj2Iyn0c632OZFRFEBAeNxVFG/AH0PVYf8hb8ZXSoNCcXN3LQt1EqF2d8/nWoOYOeRWU2K3UdyEY3W2FRkhaQ4RUPbxBvPxdjz4gyDxFlxYRtuhiaLG/2Sl9n6I9l7E04C+ODdTIST5hyShl1n8UQSaoDo8RCerV4v6IncrlV7AlnW+OD6Zk2gGAy5WVXKHZyd9FGtXUR+1phB/coUxly8dBEKp5Gv7loKI9mIN1jRK+CbWREsT0jSLEQpPuH0MURGwlh9BlSzElZDZhkoIpVgKZSgN8JDZ2IlCsmSWl1en9kjEmJFvMidW9pEYI155BC1cYSrkZV7HdIArpVwuWWgN1nX3+FrwIYqO9G/3VxW6hTPCwhDQgCfeh4wPkJUeEWBYiG0psWtWt0wHgHXeFlH0JB56pyMz9Yt4RSS2hXDGUZU6AzagQl4PEApmgWsZlIViVI23WP8SdveSdUVf0SRh73FR4AZDRQIEV+FRdzYxgkMBOeMpQOVhHRMyZXUlZtUq27EdLJV1b9aNbPZ1bLSEmEIi2zQVZNeIuRQ9/OQfGrF2w+dDgFaUmGg92wGGkMUwbgkb3tgUL7g7pAgh5KiKBaGcxVMct8Yi6igoY3VUKrVrZNY/sNeHTaUmiVlLplluumd7g1Nn6jiZFRE6wMeMPkV4PnZ8Cjlznsk/KSGaaAWGkDR9ewMnWzcuEJJXe+eY+fcVzPkeHDZKo/IkF7RpgQR3I6OSy6cSzMVvbTSInUiInAdwcKRCbIkzdqJffYUs2ScQ4eQRI3KbIuYi8Tkoh5RQqnX/YPYYWbHFc6h2MFBGikQnngjBkYXnkWLTKWvXZ0EJYlLXeO/5g65ncyiBgkrpgPDEO+jSIxX6nXZDWVBBa3Xye9kVIqPycAfZZ3ZILQz6aUHoAP+TdYG3ZIEHf9zZn7hFaf1pHGxYLIIXKk7nPN83EGMlLUJji702mCqBjWj2h93iO10XeHm3jZ1YJFZhHKGQRxfTfwTBOiCoZclTh+M3KG4hd9Y5RIiyHbuYjZ/nh7oTMab5SIPRHjH4OXGKl1TULgnqRx7jYdH4ng06mGOKEoCKZGsUXW0po50zZW2EeQzGIcvIEMTyqLBpQUfCIsFkfOgkgvhjNJ+2HfV4d2xi/0LBGKOT8pZ1o2zXFZeDNxVWpCTClRV6Rk50em3QOHXqVHMmOCOfWmhrNq92JX3mooKOkpj3hVWFMTqD81d4xByjIqLg9FXvaFznNztcom9m+j3Bih4Lw0ZURajoFpMwxGGfdZfDIYkf9X1rt6ATJ0bSelgygh0aF2yo+VxeR4qP5GaYdV/nYwRFwVeVwlfHCpSrI282hJsFyJmxM2aoRZ8KhXPW2nFtIjMa+XmzlYZKeynnYycWxn+7pWV4UrCexTFjMZ0GWKvyOaaFiWYRuYQrE0lO1LIu5h5r+R46urFXBioUA6S+tbOaeaIb4Ra7Jo/XqVBfq6tsVpp+q2xzZv+T2iR2VANr/CUxPpoVPJkZXFRMHeNneOinMvKiz/WLryFlp9ZichmDQgGZjxGQycNPstlheSJMLRIdlGhvFZe3udiiXJJ1P4ettlKhpbhoB5SoEFthlMEplYUUo+QQwwd+czurU3d+6/Rp6yehuwJy9Tq7TmlqLytdUlGsAfuvd8Q8EgSSNvQ8XgpEtnglJdu6CtWiQ3h3wWlyBoOPlsJEEcswwxiuVcSTyUMxcKhHWkZcAxiYx7W6dKd8KgE33iaqzBtJMRWBNPOkNbNk8SGzNSgxxUpD90G/TzK39aOZldiuaNU/e8hv8HWoagp99dc0h5q7n2MsN+jAOgtkIAX/VB1WwUNDZNapTiXmoryojcHYdUX4mwJ3nAvEEBzJEKfYTxYkEcYywXiyjMUkPbQaRGmzokQ0aBx8ranJPeN4fcRZM4JrNe1xRwjxmkpieJfZSQmqrvkLO2lTZEcjaP2TqwnWpEgBpVIMgSPXu651LkLxw8OBYzpRQ96XXfaBJy93Fi1CJc8amA5KMsoVr7oaUVwXKVU8Zbn7UjX6pgThuYV3jsdhwngKTv8hidNRxhS3Nv1bRqrFFgdgRNY6bOU2hg1TTy3jIbn3JtT7YTb0Hlfxtui6QZqZtX52b2dcMuo3vkmpYpBUmghMdJOEUyRMqo/BiMXiqPJblWWxf18UXGQgC8OqwoVHmm/D3MaOBSk7gsNn+7zLdlu6axx24JF4BiWRSS+oVxh9gq4vfIfUeLwk4TZcgpZLKruec4QU+Kve02Q3ShDHqKNUdEe2yZPAxyd5Os/1jImHJLSE/ymh1TTAzOtxM1UkI3x9gYNh8MI+jjFUHsocXBEKRoy10gmtRWm8nKq3HOxx4nhXTfaAtQdlpFoVmrABjrFu8rs6vFQBsqnQsNaXj0vPqRJC+MaiJ7G3CVaEBjSqczw+vftoGJLMa8uqpDMZ7qMGE9w1m+xhQzrPg8Jr/IPPJSGaL+2yRuuyrtyYncjMG2W4BRGZMfN0TjcfVUs460hURT09Y+2DSa1M2BLA3KOy4SxL+ajRD2aGOoHHAqrRyspjdBK6xQpW1wyY07gRSN3SbhPFkkKc6RuItDVfNX0eTvgVnMW2/0ipYgEo9PO4zyN1d/jXZ2VmLNoAESpql6uNf//4Xmmihveahq7JnPt0McbTR/HjoQ/nwqLx16gkO7Z61idRvtmYphT4fBRVUd2ar047Wc68sblkLHTqVwqxQWgByvdjXJqNxvh21rm9z2vEZHk3V5hlWzaltFTBrztaGFujfwSRXcP3YVj7le451vuDxjKCcaEpF2zcXKQGffMd3JwTgcamqLa8faCAYYPDxZz1fZ6kY12kxAuZJRB9nWeUyuIcx7uyjzc8KRV7xfqHZ4LXMxSDsw9ADMg4gHs624Z8WGatUNWqlGRCgR4cVRNOhufmhBVQlUXB5EJhGWT3o98HNGkBKAl5qfnyaXmrTN3s4E+teUtLbls3Wdv6aKL/bdCSKTE9ExEdOBZ35GPGBJYdxDiCrcGsFMBGeFeufDWeczdoGzwhFdLtpohDDFaBY6kdg2tFGcMpwTZkFL6q1eWsBZzuB2Nv3KvjWE8auVGTAaebMp7rQ0E9Va4Cu8vz5ng/y5DvukppxdQO7lqx1YIv48hutHtv5DdVVhTF3VMcxmH+5QBkh9IUTJR0p+VKPdGbiJpiopEC5zSACIgSVXi9t1uZopO0XLD91R8gy8tLbFAjCxc/TtinebQVfbtvTD6K6Zg8diSHe5eaJSrH4eselr+ozhFFQz2giZ3ju1op6MZfPkuEKmXPzmgNFKD6Me2Vgj4qbOUo8jPQ6NdT//fcKnnsyQuq3anA4Ny82QSIgbehFdCoU2HtlWK4b/59QBbb+Rsoi/7oCGjnC/veSCZPksyJjAZ41NSmm5uekxbeODPqrK2usgqtyURi0uhrLKqkTZ2mjaL0h+09gB5L1tXYVYPHtQybc61jooQs3NvXlShmt4heaRWa67XPR+tvawm98a17C6PAmvTRMaRJV/F9C13qKT0SRAqPSI2LLCkjX2iYa5qPY1t0oyg+LVsVne4Yjv0eUc5ZfTlOcyhxcT5GIuu/QhuaDc5Yo9ikMYpLlt45yVaKILK7GSsx6pPHIxpW3BUtShzx2VH0+SYjisxe8k274Xxs1cf0gbhkx/9D3J/+xRXkAGCh7RaRessdcz17VHGBt1r+xCeu2zDVwU9axc0Og6jKGM4cqQP6kTNUHMrzFWHRgSaJmzx+b0eDz/uOAEG+yGD3UuIsRU5ae3GZfYVx/RXQ33rm6zZEkA5vsFhulADhwAGCgQINEhRIUGFBBGn2PYQYUeJEihUtXsS4r8JGCBsteKzw8cHHjhUecAT58WOFkihPntw48qSFmSdBrTwJp0hMkz0fgIoJ6ofJBxQeHIXzo+hJBw+aPnUa9elUqQgFOn26kKGDBgq7dvWRUexYsmJVeqwJcmNItitLvlwrc21cmnF5mlx2tKcmIHDhVlCmV5NPphU0KY3/urSCg8VLGUOlenWqVcoJCzo4sBVHWc6dy8ZcuRIly5B+15ZUOXJt3Y4tT77lCbRnhaSz/YJ6qWyxSaOLaz82CVWq1MhTC2K1eplgg60EM2/2HF36xLOqVYde3Zb0aJjW5/YUnbYCENyxlfrs+aP8T73tfzY+ythxY6hGJRs0fl/rQucCMxOEbjoBowMvO5NE2s47tVRjCyaa6qrrr+6MgMOvUHjy64fBHlDvpfkCK0w4yBaDDDKsmkIoucssw4yhrgaEsTO2EjxrRtFSAy3HBr9zULyc4JgNMAl7o/AkDXe7bSm9gHtsOMlONAjKq1K07L+CMjuAoBi3HEutGq3D/wnB0m7EsEEIbbPrATiM6I48017S6agiKgyuMfWa2q2pxJ6ij74ns5KMSuUK6qo5ZbhE1CIIuyPzwJRgOhAm1IIMEraWDvOpyDJPwlTNN96cMz6n8nTMSSfxAxTVQS1D4KtWETg0UVkjstFG79wK8ssFcSVN0rk4ZTOmOdGDq7YH3gBy1KjSAFI+ovRsyj4/T5QqgfscsHZFVgvlz4FYZ511tO2yw44t2Nr6K0hI0VRtPZPgoPNNoXI6r70K3lBDT2lLJW7Ua1VFlcrlUmQOS8y+BTfRGSftqK5eS5uLpFwhftBM8Lq7kCed7irKpPUOe8koo4ylbzhpS8TKyWytVf9R0G4V0iThcGudycAZx1wXQUgdlpBjIzTxi683NwrMY97cmxfPwkrl808pVXVqvyr9azGzN2SWFUwvb/V1tVtxtms02B4YdjbZhl5Pt5CZwq03E6EtucS3J8OvsuYYcghrRNUqqSXtbBXN0XW3E3M21ODtroK8Nq3gSJs8rHMZuBWL1tT7nhZ0xYUya/HVrg7IW+8tRSrXXJ5Y+65hr8d9iVcMEfcJqJ7Jjlc3POVjD8nJK2/Svrf7vdZugQv6QXQubR2TXANbs6sl0kGaPaaNrVuG2PQ2rMDdo4wCsTFS5z617oC3uvs/V7sK3fgBn79ZcLFTv7mjxNMlHCZNgoX/SfZN4TWpw5ecbdv29sQUplHrd9gCmFUKdTcAqS9G0HsedhpVsdMZCDtyUVf2MOQm6x3LCE0JFZL6BzQlHc0+UombAQH2gMx163yvCpADp3OmhXHHhmiZkVxaly6ecUQZsBnW0EBWAWahB4RwMEoBUVgiEhFnKtliEasOwsAGyHBA8fNSSk6zI4hF7Ds6u6H2YDcb+ZwNDp8qoacEGKKjgQ8/TmRR1DTHrUJhSUtWnA5acNLFt1AQXV6L0MNqZjiT/Mwu07Pe4tRUBNM4AA5AwB18THQyyx0kZVGU4mWs9CqE4ZEzN6tRKOciv+yQUi2O8knhHqApmMBBDewyGqfO/1O5B2iCkbR0GwHdOLcpZtIy3OocZqLhSQKRBkE8OyaDJJYziDFoUpCCU7JE0inrFU1N9SIKBTqVxBOekHdFKY6qssVC8XXLSgYjBjE9A8panXKLjwKjKgkJqTUlLmM9c1z2sFlGUZWQT6cCKFRUFMXlDOo/zomZOj9pTEZFKnktOdfOLka4XMkSQ2rbVAgfYM0k4qU3ShJRY7wJvBVqblD9cRFBMqHQT5KpXIF7qXYc1r4yoacCF7Ln0NSExMcRxXu4UZp8RGY5El0ORVWZkvia4yrMIOBqLCWLoxzWxxzJZWyVSuVrcMizUAwlPfqbXxA7dLQRtjE4R/FXWkWUH2yAKRWlwLRS+qCKkR25FJWBk6np3HkXNAlJLkAYTAfhkAYjYa8wP6hQUEkVFW8a55IpIwg5pSbF/vRHrnNVVBapmkOJ2XRnO9yO/I5ZgU38KoibEkr/koU7R36qTnvSnZOmFaW2EnRbmxtIDDH/axFUOm+UqNSjXv3Go1/xBLDogV3P9AcvZ8GJkUkUqqiaxjTHHscycpQi5660Xd3uliLtfN6kHOU3B9FFJhQkpcP455M1Me4BiiSZv0CmmKiQaqTFUWGglKocOiLASt6lK41O2Sgt6gyvfe1iThjJkyHOL3svmRexIsxY6Uq3ibtE4PhcpsmUHgDAF5GgQ2lUk0CWF2Ki3WLiTHI/U9bTemO9pllrWYF9sXEp983PJVmEgBO5DJivatGHeeu3ELNTeSVuH4MqaJMy6Y9YiO3JvPxCgbz8T5KWm4/cHrtfhHCustzy7zCFPBGQ9I0u40VJD7WYSmKJ6b3qUiSakAXh/w6Coknw+Wg3SarjgdrtpLftSifHrJHS+RGmpUywVGdTnRythyYbKI/14mSSojWJQ7ixshLvu+fJXHJ4XR5IHa8EikFLRHCd1at3THnm8ECvr6vUxB6PO7tOwRguiCWgJOs0SU7T1rYaTghcEZDQUj+knVz8G5lUZ2CXnHk7rNwI/xz8HiPFC0nIUmyp+oQy/KIKOVNEKZD7g6WVFtvYAr5OgqdaXBNTyjvdQZZtNCrhodCOrEhxrbL0VDIKX8V3UMJKtpIjvNsqxKnmfkiRC1cjwGlnh+wr70s01RNps0t/arD2Y+KEu1wyqZJbHig5Mwnkc1aN2MXGobg6m5aZqv/4wPUL0nrhhL8ywfcNSILTLEFKwH47JpwoG3g5OeyVhiBcI5PiFdK3ii4Da1XFzXSyRa33YJO8gU1waYqUs8nzkW76T720bXI26apWFQ/hF6RoDrsIRi+Cske2qV6C7smxfDb4o7Lb13S/qXe26jhVoCYYf7rS3TFncauD5CzTdZpyMEUaJtYkFivPBrnuxccnt7N8t0tE8B2nNNQkJ7yQQ7v0wwN3YqJUc08MiZ5QTJs2+a40WTcEnOFsO6DVJalJB/Xj/xh9azW0YJoV5JeZjt4kw4JN9VR8kjmbxBT2Kmwao4v5vee+l0H/pTk7lxmj8yqmZh4Xov/WE9fEZYz/I4ExsUgGeflAeUkCpH4KHxMZFvpd5FIzH2796/tnJnqC51004vuVMMkJI7ANCoGlnziPfFqSM5oPfxqgk+E2VckccLPAkjuAZUC4LCoyMBmcvdoj15ip+0mc87ONs9GojzIWD9E2j6O/a7m9bsmkc3IOWNnA5+kahgsN1SAl5ukaEfOJuXuXBXOwKqONCvmoogAZStIlLOu2HgO7chK1L0OoDVSyUIKLdfsiLxJB4vqICNuLYLGe9TCCfGMvIty623mt3rG+cJKjCqTCgciMckM5XsnBY/PBRBMXp0OQxXmL1MIn7MGXrfOYHOiTNTog4NmyzvMzGSS6rkAAOiw1/w5sp7RQsptxJgjywsAKQs8qpHihJgKCBuiTD9obqiYRiNmKo+CZovyrmoGwrA0EP625QotBMXlKnBZLFp4oGuuJNyYzDcPIstcaoAN6wW/7tcrALfMxu2KLKZqqGMTDxDL7PfMLFofBqf0hQoxSEsdhQei6MbVSxacBFOwanlfcHAQIPQB7n4s5MAQxJdWBpkASMVv6i1nrqyESRu85iTlhQzUcjn6bQKRqK0HZpM+ro3X0LvESJR5cu+AKQDJRspwAArsAAjuAptipN6rzC2Zxj6NBIbW6PYDTD90Dtc6BxEK5wYkal/87pevIyJhciWxsJWvLqf5xFzyJk1Nckv826jkHaCzIuj5kZKDtIrkNTLbgUjXG2yPS67+N4o72mh1rgraXsEfIacIl+jgY/Be70S5XRIAa9DBzYx32MTzkcbgeejoL+IHWwxAw9IsiEEQkDBFQMETe4ceOE0k3NAiBc6sZRMj+ELQPw5XSmUXSMTGtOrJms4DAoqeKZBcLWA81uDmsdEyfgj8KY5qiWkQpwa6T+rGUskGUw6K7shlqvERSCkbVwx75mTB528VJu41d48fo+ji/S6rc7Dz+8hz/+rzBZEcaqo5kSp4PdJhCExypnIvFYZeKmy+yqrz3A8d/pA8KeMG+HJ85+rP8O4CTKzyLMTEshKdxUU2HKkH/OvGpbCSW5nsAO9hIuAggSxOpCvsd+6NA/QLNymqqV5HEwmNI8OyiAM1IvoGfaINM1RgrelwkCKuXJPJGI0KrocoyJ7JPPru+7TTKp5rEumq3G1EmmMSRQcKgKNvIT/REBcyNRqKQfwwRUfG6PeO8VXHF/PscB7gswlwz1NHCAC0uV5Oomfih19lFYpm79VBBNMJMcPwexoqWCayu3VwV/QzLwSPLLmyfGnEeAAzRP2qdxtEfkZDNMukeBgwOY5FQyhGV+RzIa/FLZKSSKWyqhCTL5KmrBClNdlsQm1kl9LSfinQww4iJqvSYH8CdcKwvVHRC3EygHQtNkvs8ByBL/7TDEYcDnHRrJsREDyAAEuRCwzbBtHtJlo8C1J6MUJ77pqCEQR7Tzb8Mta34j/9QSMwajUn1PyA0L1fbwiM8k5+AzLEpGzXKNN3AudjKuyZMRa6MIsmK0pTqL8wYy1LbQeXJq1phntUxE9OYtNmIM+SqEHoZw/awtCTay3E1KnK80AVKx5QkCODcrZa004hyny96O0hBDV5tsj+NMYvKEKDhR386q3DcpacRuM80yEcluixhV1kdP9RbWNIwpeNEJbhQpJXAR5uiJv1xlnnjuJDkta/bMszZzZdhKizxThyNEBwME9sovkmVJ9HImEzZ1J6xR7x4kyJSljW6PIBdov+fswqRM8kWQcemapGSZccc1USjPRf0WLmeqNho41PWg0+/YAwHjC5uSpnp3Epua8RgK8osEdrudEZ3FQ8uLRzTYbQCMdFeURMDfDX9GavmSgq/QESQxMv5yz1yNMeRG9nPOwAN/U6wkaAspFZ305GTPcLBGaLy5CDakRfEqLErK8WtzC9r+Uwo9TKjTMkb9S5DuyGG4yGKmUgeUU4ISz3GfZeMM5pIesCPwiWTyS/PJB8MFTd1jVWoWrNaEZNl08PwiEaHiTAIEVYHS64w1QuOwlnYepsL09ooJCh0fVSvtaPaZSl1Y7maaUrrfdceDQpVUk+/cMB3qcwT9JCOqpzrxeLJgP2TyFLG2/I8r4XUDRWlLMLePaLX3zqxkOhFiTOs18GfCMMduRQgkPzX6lvTN6qtoEPXkXUO7is1BnFgHGQ8Yxo/1vmOtiwQe5som9jI/a02UUUrPNu5Cf23r0MIvzxHomtfOazDGoqpHWw18iPP+30ATS0TfJwfsAKr3YCdpvEePdFZYyRJtrpQgSE7dX3WMdsjD7WhS5QYvCq/uUBAJZO5mpNYYgFWK7baE5pQo5IbFmGZziuUH1PXQJtE1XHX222YddGaWS2Wp13b5dsIdzHSnOvhmwXHAoKMEbakfxliV0XJKQ3LhP+1XfAiMXckFwXZwxy5HzSZWcXFHjLV145KKzTVOxwLnz9jkQU6yHHDDKJt10U5tiRTsy2V4O6Ik+eJtVeTS2Hh17WRnbXxqciNLUT9OvwYp+zs2qoRSwfwZIV9qUJ2SLtatGk8C2W43rhjF1bSlOYyXgJS0hFxIwPCHJ9tIeYwJ4Xo2zJux7Y7M9jAFdCCWjTRHo3JtzP61lgeX65LVAMmyT7LvmAyGPPBEs315QErzia2C0x1p5Y4rhyx4JikDT+ljfcsq6UhFRDWN5GipVR9kg0ryhr8WnWcRJQ1vcDB3pyBC7/piChGEBoWMQ1mUKyrgFBRXXDVpbMCYl8TYof/bhE4fdXcmkRlItB1W9o/2hVTjtlA5eC9YLBNsdmewMsHnC5UdVKGgJITbtYs+Yr3Lbyk20LefZQApJTtcLHZGCOOUT68kDQ0kuRneT9adkLaiixgmxrBg+gs8U34fcmV41yJgtgHgZROwYn28kQnm+N3waZhVBKrFWFpFutUudBgQ2Eg+xxtppgr/S3rVRB63KKXhYvEvQvAeon0C+l9QWd9+8lF5GOyRmqiexWl1sDv3NXwSrM8leoLchjdQLHsaTWJi1lBpTbCuLNSrGNu0+yASwgofOdN4s6m6k/vAi93SuL5zaB02dOMhABufJ18+0XofD+cu+NTpS4KzbD7/6QsP6bCV+ll2/3Q0/kaOywQ3a2O1QuS7rVq/DFn0xiM5iJGt/Fq152/LqYK7ANaoO3Nr8WM3/5k0zw0lb1d91I9IIGNfn43w9jIRzLoB1Wa2mQKFwxrVhS6PxO3iG4qvy1aJWYoCZZIlPhPkCDBi5k3aKJJQPSJ0xIgq6VttKoPTvvY3GbVy3VUOwKdQYM5HTwzDCrb8iQlvgib9aqm7hhnNSGsJMRMY6UkzcNPbZks/TNKksuBQYuphhokiTyLlf2ObHyLelLQ1TsJ5eYUNJw+EF5DcbxOhr5PGFfgGmVg0Us71MtCKY9I0JLMHgXDZtKo9OMnYnQW6oPvBycOVf+1wOERYxRWaiiHoOqNaoaz6ZfskHVLZc+K4pDgYKj0CdbNNLLqWL8uyEWlrDr67M+mcfEi5Ozo0sUWwI8w75vKa6Z95HF+MKy0dPlz5haPEkCHImUNvKDVv0IX7bcDZb2iGVdjNFjTkTcj3OZ2P8JQG/e2vBb0yUkq86O+zw3rTTv6nND+sOA+y+IkdR+dCxN8AA7YEAV1sZ2CZQ2RW6ldmz5H8pKEQq0YumZ9FU4as3rlI++28lvsUtN5JB35AYxME6OhOIK2t71+QMhFaTVVRAOuQPZNxzgFZLBl82dU9JoOG/oNiqGAjYoTjzh7zZxAUrmFDyQ5IVmv5cqlG3j/B7wptPZIbGpE9+aJrHJL7e6but6qFufY2Z8GnfXF0hd2zzGPhdJgGpj2/WwLb1dtV3QzNu6I3cFepGo6GRsbjjPnwkqisGNTjRuwVumGlxq42j6+tdF6Lz07paD5pfkalg3YoCb0OC0N6g6jeM3KYd2zOl/5+zmudOjBxm/ofXLRa+H/ptWwMeOVmLiacWwhneydjr2rx7wrK5kR1rH6s8CQNSijtHbp9aSy95FlAiSHDPidstP36MG1UE7YBqulefxDtb0V52KBuOVVadX7jnGI9k9KnODUeLmKwQ5O3A4OQq16Se8Sb2VJTsJiLcaFz3ttuRvsfmml3j8hk9Su/9Gq4gtm13uArmo5Q2r6TdhI9kyPZME6K1Msuk8r66RuXxO5NzzXwe7tIwbu4C4ys+Ur3F0L2UAPBBSkOD5DWAYIOHAcVHhQgaDBBwkfUHjgQOFBhxIfUnRY0QFFBwgwctTYcePGAx5DehSJwKTIAwig7Wvp8iXMmDJn0qzZsgKECjh15ixYwYJBn0B16gwKdGjOhDtDPRhqoaBAn0WLhpK66YfPhHCwMlTqMGJDiBQLEnzY0OzEjBcfbuTYti1GkiAbkFRJVyUxm3r38pWp8+lPok8BDxbcNDBgon8VA9FENGiFrUENDm2cFVRWn5p+LIyY+evDiKEvWiyN0aLbjv8JUo90QFcj3dcqHaCkDaov7tw0nx4+3JPy5KNTMx9NODRqb6CgeA9N+AaOVFBeC2L2arDs1+wPr08UnRb1944e47oGSR6kSbonaSNIo/s9/MDyFxOej3gnYMiJH9gBMlznMopJFZkRCf3AVGYVKJNQQwcVpNRo153VVUUUrIVaWw+YN95b5KUEW0h1IUCXe/CZ2NdfRvX2k1LCKUVUToUZV4EmBcJIXWdZCRTUD45NhuNnDGrHnUJhkZaRaWlxZBFcHY4kW0ns3YXGiVXqtZN9MS6mWGHCTUXZVJhhWZAR0uU3lWM+GQHddQX9IJ1nCCGUkJwUgubdaXmKlydc5EX/2eFc6wkqEg5WGjpTfU0dlmJgMf74WKJYLvObT0BAJ1VSFQSo1RufFQGHdVlhF2eRCl10EHZ5TuRQkxz6KVdsCIh4lwOH2vrSlokNxahgiC1aUGJEASHmrzsOFxScUHGWGRxvCOlgZ9qRBRq1SO7ZJ3ivxvXaiIHWZhcCt4rbU09eetlogizyBqyia0KmlRFFrVuBZQmBwpWO+HqF1pxhNTThhKoeadFq2pLH7XlQrgfuAcqIa6t8u2bJIn0UcylgZNCVa9C9jxq0plQIZtZxQf5Gi5ZEKQ+8pJ5qbcSqwSAinJ6s6onk8MOGykufQVoq1tOAOWUqNFTxJqjJYD8+/5AGmwUp82VBaUIU7b8LIVQ1wNWqhVpGfboKKG0adZvS2DjnXGVhFhMG3NqFAW3fT8YClhMoQARHlLtUTUfjslcTOW2D2526sloOFCzehm2lB2LYszl+EgJmn22iilsCHWywkGFpnEGbJfhAgFArFJVPcHpFbFb7itpdhBfqqeTLfbbaWrfmfUubJpOjHTGwvDrae9KJ+axTVWvrZPpjOm2WkBE+ZvXm1IF3NS1CJZu6qoWrtiwwa60xblLj3d7V7Ru6n7jzouXaF+mNx1qAfFBA2BHcZFUV9ZzSn7Y5tairR3gWns5iLZi5hUkG6xDN2EO2A5TIfO/h3ZbuRi6hjP8JPztp3nyAEhWgKWVBPoGDjZRirGeNhTvSa532TFM4AvppPOBTWNgERasDFMqB7wHTYZxyny3xiicYewDpFKUTOPgnXRXYBJrwhRA4FKF60bJeV7ITMNGIxlrbY+HszBMojdCMbDW0YW7qQ8EVNecp6vNZUgADwncVxA6gkhfznMcffH1wWVIkUhQjkjIjUch1FHnZtc6zLbnIbGEhakCtwJibwOSQh/XR1YCksp8a7WRRnovkA/JWkFDoizqdnJpBwhInB41lZSpUS8EQwDXWIJBxNTPkARS5yF8lZ3PoWwzRsgKY6iimKctR2hA7FRQPeoWY1oNWhKK4xxRm73X/e0Ic7QYZQ/bQxmYKXIksUfRIHlaMZwKSUUGWkZ9diWmCnbMbsORYuunQKTN1kh7rwpMticTuIxwB35MCJaKU5CWbe/GhUNi2ORehqzmLydt+mvcon9ivIEVwnk965BMnTlQiZKEeWJg5z/EEUpB/+p6UDNmA3PlTL9uE4A7BlDzjZVJqUqmX6J7GvKYlRH+pM9lk+kWneDZzLSxTZVwwlJrXuFI9IU3JAUha0ppgyZwANQoj1TWV+oAsfRUAmQ6DIjIgvlGEoGpQqLaDU7TgSXsDhKZHndQtEInvkOsp31KZmsFe+WpeFYxqQjRRxOGsEWr0cikTlRZYdx5Tp0P6D18Kt2ctr4FtizQT6UnGEP9XpjoFTGkcUPB8eLnFYAYpRbnXgGaqFM+dzo6ijFYUpRcw7QkwSRxdUuIwsjjHrlUltnXAFycbEzFKDJJ2xZhnDbIpAYGOUUAzVkGiwU5eTodfF5WIkS7KLxVyjWAt5Gir1qrdkN4lt7rF1aLqM0EKCud3mrOARM3YO+R9SRNFUAr8dGLM6bFTTg9KVWLNqiQ9ZfejckEqF6UUy+/GJGJB2ex9NCdJdD1gA0iMZAWqwkGf9Cc6UrHXMblDqgcB7noAdCbLCtg9Jz0phgoj2/gIXGAspW1Xv3Gbr/5jAeRQrKVT4WBV4jidHqHWnSYcEh8r5FruMfYjRNViSfa5sGj/qBhXkdKhGHsn494BMV4S42poh+JBqLxRRzSdKBRXNy0qTtd1q8zI4VzlESg5jj1tPcAB+tnkfVAZc3cbk5YMui6SWayvocXgB9/LLEHTl8N2st47E2tFjhSMhd7bIiFvtzDczfkmvP3VOLkJJrsi8UwabJpBaeTlz8AhDZ8JnGeIFN1lpqqK4SlyzMAHK7faFgGZqDSd8XwjHbJLqphdCgVLR+XHBJFvFxZ1kAydUT1OqKxWrO5P7fm1QnKR1o2D65whmDbeRdmyUnlTjYuijHkJsa8GsZ9XoOEVsPrNaqWy04eHvF/xaKiF222NSKjJsJM0sMl1nir90AdOXwG6/6C8DC2NH8DcdX4mdT+GYim15+qOOGQ19cauvRH55gA/LlZUqrQYfbbtbasteWsKNceYw1c6DvcyFQVzV8CqaiKVmbqFC7Fap207EC3wJN4lMEpfPGz8VG5RXFWpTmAa0Ah/W50PeOiLspO6jEZRrNgjXMtSiVbHNi7AkH0NrlUeXm1Hda7r3WvPMrYiqWw5k1/G8hPFomFp4Xe1LUsLUClub9dEEz0cH9tJBpxt3q19vDis5FPRfSYQArwgw/KyYAldAbCCFZljFhz1WOfTVYJt2mw28SvtYttlgBw4cw3WDk/6F8wIXeF0hEzeDLKVo+mrvoZud92rpSQVWryjgP/SeD7JFr4DjLTShF9XZclN7p3kBHoy1utTuTwVc2vGjlCUOQCvV3Vn+1HvMXsL8OsiNtlAboGSAzrFIMlNC/owc0aIQ8XOfayiMN5ey8pKQykqFmW3e0IUwtORpFlQaUtsBQr5xQrZYJuKsdi/TdB+zEctjdCAmMktLQ9RhM6PSAc7VZ6d1ElqJVbAPFO9CdXefch2gQvg2Va/oZ/6tSDwCNSvQJ+BYVDUEQ+jyJFBOB+E+Fiy4df/bd6RoNWrHNk0jQ3PNQ5dfJy/iR1z3BnyYcx6iU7GLEZwGJNCfYkEdkZo/BjK6J4phRifhCGJ/Z6gHFX5+ZzxjR23USEEFkf/fgRIl5DJl2EJ6vzApUyGETgLzMHcnPTPqGAHwAThH4VhIM1aPqlHrMTKz+mW8bDYgQXb8EBKBcTXEL0RuV0hl03HYK0bak1RyuSXTwEhNMWWq5igKY6NXRiftkGV5QiIowBG84QcjRSR0sQegUANaTXc/lHUaJCSdDHEWYGh1m0d6I2ESUzabcEZ6fnbeBnPrrSNgn1QVw1IjgFUJV6G9TlNVnCgzP1i1YGifg2i920IbHxNrHRdMpbf+elWrqRdrvRar7jhLd6HcvgOdVwYukmF0z3X9UWPqfRj7ikW7HBNzpkgWyHiwsSGUgEdr6WIyvUKpRBXNXrFFXoMBsrX/3QMS3NNnYZVhB594bN1zd4VZMK0FeCNj0rcWpM5o9kRXcXI47jt0FVBh10JFz4emx3qIphtoerEXJtEHIiFmKNNWz6BhFuNz10o4He147BJDF5B2PtMR07QmGdNYtrBlFa8kf6dFin9n8pgDyiGoj05CfiUJTpWG1Lx25w95BomWBwmzV+xDxH9hxxOBf6sXMP1oTKlmkXZVxBCm5+kEkGO5MycpGEuYlzJh5YU3s7MH5hU1RjVSMD9lVRApv0RFoQISTvhVxByn1mNpbbkmwGOZjKqhA9km0oh3Uk1Utpg2cCB1pjIXpdV2bG51EY+UTIJicmE4CmxxsW1kKx1Hf+tvRJKIuZStVj6mR7wfE5gbCKjVGOCOKcFToZysRNhoYzJnEZY2tx3zI73uJIrdVHg0QacDZ5yRtnAFVRRwCGv/MCD8VpxvWHycIzSYB//SIvUAaLELZrX8BcBegjHHSGKncQyEhhymt6ubNqvSNkvSdIDcAB7wdeLxJdEWacTOdH2rQq8yRP3aF0WlUcxWlutjeicWRXZpaevCZd+xI9jzEtPXOQD5GNdPot1/uMWZhRnDtndPZOaPRq1vVJbxUZS+ZuB1ZhdBQ9kxAhWsRFVvhRENYZg6WFz/Vg3eqTK4KiibY1GcN4QEpKIoiLkqKSBApTqqZeC7QfpVNJT+Nn/hWkSlg1ajSZbqbQOou1nMF4XOZKEOdbW36EYAzEjG7pYyZWXlPVV5oBWpkijVDin09wmZo5KR8aTH3FN77EFIXqPQYZe+KCkWi6gI9EVFaLemcAofoDC2/QGnz2AZGbGVj0qP3KHfR0WKYXkmY3Yf4pf7TwO8Y2ISKxkU7XfecLREzKdGNmklAXFJmxApszehcmUTlqHyUwLdE0r4UBb3n2oiYFnmw1orRmnP12M2YGTnfGETIXa4/3IUKCOgqxLDiKP/j0Iu92X9QSZRjnTYBJQ52nROaJECpKn4H2XiyDfIwbb2j0FyPTKx4DK8llA20Xll9gizFUpvCrEldKp/71eS632KJ8aJVJCjpAuDJG2pW9JWWsaS6Z8moMmHU22a9QVGzvRqE51JZll6WcOYpHF1ockUM/Z1pCO6cYAVESO090wHsLOY8vOppve431GLG6O2fXUSaqIpTj6p+JIk6zlqhGmxF0s5GQZxjvSo5Sxn3sRDWRA38/O5KhlxiXt4MtWTV/eycpMXMWxzMXlXN+dJbeOqJgyYpGW0bF1208sB5cchpjMn3tBBvVt0rN25IPsjwc6V0hqKY+q2YjI1jQdY8f6KQIoZWIGm/ql3owMxTJwjmKMblMqnH8kRS4ynIVyJLS0k0+CY1Diq8b2HbeYIEqS54iIgYrJiMpVFv/FqE9lXorQys9KMdSPTGTSyREH8uEoJVMp4WjUZgsg3VzivAa3xIphoqRKeKssee5Ufa0kfprfVqI7RpS6tl1BPMex7c/iyl3sgmS2+B5H4dPOaWoKztC/TlbaCC8ZCZSAEC3UCHCLuClkflAI6eJuwi2pUGsHdh89SVsJFtU+DZ/HeioDNlJLqldOrGqeqR18FptlIF4uxmmPbcfldRhFhOBi/ZQBdZ6sPZYFi54yAh2CuagPKadiELCOGM1nGHDTIDAnQgsRR4gKa+hfSi4JdlRwmmL4BCmJjqliktenSlVOmK7wvs+yjBf7JgX7vkgJiw7VLIT0VFTV5GhQ5p2gII1h+MUQMp4hz65jSTHSI90NGa1U4QqR/PUSTxwcgSiNcj0rqk0NdmgHCpGGhSwaQQ4mvv3JiSFjNUEO1y4VyS6YC6adwSLNgtILnFyW05xJGItaULzrDvIku+2UpE4qXAzmh+qr3+Vs4JUfnHHuHM8NG7okA06fDysKUBzsfHKA8wAFdGbiqYUK/+iUfp6xAytxjwoSUcFQbXjsxsHZCv8eZyvKJASpjwcHsMYcK6C16wAXgSD/5HPlkdzJLxjS22mQ492GSAxxa+DZlveCUSUP1IokKpZQ0o3IJhslbHB0sjSasC5+IHbOqbNxqAG91oYsjlk6MbjcRfdKMa+RHOZEVTVu1lymn/SpiSY8ynRKYWZCy2nxkbOhis19xJnZ7c7FcNbGstYyZOU8Yy0l6E9Aj/AIW2gNkX9k5bHlIwm96kLYie51pZA5kwAClUq3cYiIJ8Po7v5SsviOiafdhy875eja8k44q05DjQaC9NSVxetaXgf20UmDGKzJWiKK37aCKZzJcTZ5iQPyyplMhkD0VlOAGxvZYCWBFh7aZvv/ZhgZZ6jgjPWkSrBH6dxHdZxLO/UkfytdBctmsWbgCm1RHCzwQmnIfMYX6yQvljOQUQtYzu5icSmHaBxCwjMC8uzeWnPr9W8EfUndmN2O0DQnJ4/pToUtFpoxT8+Fyiu1AqAKyU5qXG8rufIMlR950gYcLGU3ZVrwgm0+phFtNqbbzUh1NMfh/rUTDbK8IlbNXazAqDH9aqu+aequwlng8S4jMqZ8bLIQUSbcHBEd9U79Le+xLJyFnkzqzInVASVo0O0zrQaSlTak7asZpiUNMXdzh62vBcbJXdhQ2I96fdb9wd1UmC4w1egpqxasdjiSzJvUDhXOunHmwtJJ0AXA/zqiRrOfLa3qhHNyDe7xcXSSRnp19fThhe4U1HqhwEQwh8AMSWqR8H3LeKJ3ebIjVkcQZFcM0Sbp8WA1YLQc6v6HX7uvFt5eRRE0ngCgOncUUeIqm0kzRPsrk3Ut76hPE8514P7AYgoLRGVFjQub6UkgZ18nrELc08qtIFLEUftJAt2vSrzZiNaaWytSLTEKK8aj4l7MVBoN8B4sZSgDpdDm3uS3oWXmtCozBEebtGFrW0mJGaY1nB3Aajt2kosrLluAQhWHYkBfXsvNA+gghcfpu/plX9appLYWkmTIAB4QiNqOUQ4oRBd5eyC5Sj0kWzJSmkJKjE7xUMhgwh5bsv9k+DYGNg8O9jJ/5vwKYWMJ51meIafCmRJCNZSTqbASxRqpV2IYk4BA59FNVXzpNofhuDn3ImfqORgidafzXdVynZiXXwOMOhry77Gbe6LvBCVpzmEUTw4DxdPo8pfgtVfTF416pf/5N/fsHr3l3EYgzMaidqBD9DybDx17roKqTbrHJsO+yFQwxa4gF2WoUzEPtH1uodsOzkkfzjBSbj6xlXhyL88iwMjrzmPLNbhG+Q89xadAY20n0YvEeaXbuczR+2DrZ2FP7hhuiyOLiAKhI1KtNxOG6v8Grm9EFY0JiKXMiOLJnpQ+60CDNbV0pd1FLp+vcyGGTWJ7HTwHPXr/s2MVM3gEnT0Fpbwe1/Vj+HGVxTjl7Y+V5xHmDXbA6LpiUVyerjFCHpWA8Wo89yxrA62BmWlzWllsRhhW/Fp2f0xHD8e0//UYayZO8ZHdhaNp6Ltwg19jkV/XjyhKlvr3Fn37xCPH7PTPkH1WKS5dw4FBFZfba/i7rRrKQG54dA/OYVzV5uzfIeCJy/IB0LIiwXX74dI3HdEG5NCvhE74TqLFQDpRROjM659+vy1nBmNi9WeJIdn9hrsCiV6nQjVKFSxAPLAg8EEFZRUsVChYgeEDIKAIIiz44EcohQ01/bio8OHEjR5BKnRQwcEDCg9GliT5wCRKkS1LljzpgCZKwZQ0aSLA6UBnT5w6eTbQecAB0QNDEQgtWtRo0qMHjorZN5VqVatXsWbVui8hBIZeEYYNm5AhQwsdzVYAW8EInLILEf7Q9JUhqIQe4cBZGPJiSL8FVY60GdPmzME3a8ZUnGBnTp6OH/dUShRBU8uVKxvFsZVzZ89lxaq9OLBhQtJtTcMdqMmIQrJeH7T9uOxjBThAGva9KJikwpMTfwdn6bJlb8KJj+NE3NjnTweTlyJIKl2o0aKVmVaHesBzd+9VAwIAOw==) no-repeat;">
+            <div class="logoContainer"><span class="logoBar"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbEAAAA+CAYAAAClQSUIAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAXEgAAFxIBZ5/SUgAAQABJREFUeAHtXQeAVNXVPtt7Ywu7sAu79N4VBAQBexd7icbYMLZYYtfwRxONscbEWKLBDqKioCAggkhRQHovyxbY3nvf//vuzNt98+bN7C7MApp3dNiZ9+675bx77+nnejUDxMPQ0FAn9U0iNY3ecqCkWjblVMiOgnJJL6mT1NIqKa1tlvKaBvH2EgkN8JUugb7SMzxQhsSFSP/oIBkSGyI9IwIk0KtJ/Hy9xcfHz8M9tKqzMGBhwMKAhYFfAwa8PEnEyusapaC6XubuypOlqSWyIadMSqvqpZkUDQRLASmXtze+arQTv5twvwm/7Ze8/H0kNsRfxnUPl/P6RsuFfaIlHMQu2I/PWWBhwMKAhQELAxYGbBjwABFrkkPlNbKnsEY+3p4nn+zOl/LKOhFfHxAurxba1VGEK3pGwtbUKAkRQXLtoK5y8YBo6R3lL/GhwR2tzipvYcDCgIUBCwO/QgwcFRHLg5S1KqNUXlp3SFalFYnUQaIK8BYvH0pMmuh1tFhrluYG1Kvq9pGzIZU9NrGnjEkIk0CoGi2wMGBhwMKAhYH/XQwcERGjGW19dpm8+lOWfLQzF8JSk3gpyQuItKsEOwOlqmqoJmPD/OT3YxLlor5RMjIhojOasuq0MGBhwMKAhYFfAAY6TMQq6hvlkx158szqDNmfWy7i5wPJi1KXpySvtrHWjD7Qjjase4TMnJwiF/SLFl/V/LHrQ9u9tEpYGLAwYGHAwkBnY6BDROzHQ2Xyx6X75aesMqnXpK/O7qGb+psbG5Wzx2kpXeQfp/eR3tGWrcwNuqxbFgYsDFgY+NVhoJ1ErFEWwdvwviUHZHe2Xfqil+HxBnRB2cug3pwEQvb8tF5yUrfw490rq30LAxYGLAxYGDhGGGgXEft4R6489M0+yYQjh81pw9Y7T5u/joYskpgNjwmWF87tJ9OSo44R+qxmLAxYGLAwYGHgeGKgDSLWJB/vKJAHlqVKVlmNeOmkL3jPSxjiuXxwzRPx0vSmr21ohhNikzTRGxHqSmnERcaU+cNV36sNT0QUbcazg7qGygvTUuTs3jHHE69W2xYGLAxYGLAwcAww4JKIUcpanFost83bKRkIYNYTsGZQnO7IsDHnkn4yNC5MauFncbTA9kjEakC8SqrrJL+6QfYXVsn2/EpZfLBYcivrpQFEirSNBNQVNDc0QiILkU+vHiZ9ooJcFbOuWxiwMGBhwMLArwADvuZjaJINWeVyP5w4MqrqHFSIWnmGgoVBQmImDY97JkYF2prp3UV57NdDIluVUSL/3ZYtazPLJa2oSpDRylQ6o6v/loIqeXpVujx7Wk+JD2NdbqieNiDrr4UBCwMWBiwM/OIwYErEsisa5M7F+2QnYsG8/E2LOA20BLkQqf07cmgWH4hYvlBP+sFl3x9qREpcJD/QWsrUlDB8IqUQEtoflx2QuTvzpAIioN5Gp7XthSDodxGAnRgWIDMnJaNO7Y7118KAhYGjwUATtCG5RaVSUFxmTx/nWBvXcI+EGAkNsjOijretXycwBqpr6yQtp0AaGMJkwvf7+vhIt5hIiTjBMiY5UahaqOP+tjZDNkMSU6mj2oF0phB+emW6HC6vVUl92/GIUxHk5ZAQ5EakZBcXEoCPnyRBZRkb4i1dg/0gUdnc56OD/OSd8wfIQCQJfml1uuRA1Qldp1N9grpeW58pY7qFyfl9uoCQmZRxfsq6YmHAwoAbDFRU18hTb30m/35zrkgkEg3o84eDwPli/X756qNy7rjhbmqxbp2IGNh5MFOm3PWclGflIf7XQBrwboNjI+U/D/9Orj5jwgnVfUNPRTYjae97m7NVlidbEHNb/QX5AdX+DJk70vIqwZ2ZkPC2qtDuqwXB50EVSZiCvCUB0tSkpEg5D4RoCrwOKV3x/h/HJqnvt87fIxWMWTM0S7ViMbwpH4VTyrDYIOkVFaK1ckL8raypldKKaimrqpaqmjqpqQMxtm8I3iC4gf5+EhToL13CQsD5BIm/r9OrUsXbcqpR0qwROW1goKSySkrKcdpARZVUo1+NxC+e8UI9AehXACZ4aFCARLJvIZ6zO3IsdPAxvEr3vUVh7w6Oz32F1l13GOAcCAzAqRLkxvnuDUSMTCg5dgt+eRjwwb4TFhwo5Xy3zMCkBxCxsOAg0DbDdX2Z4/TdYWeshBg5d1ehFCOBb3vViNhCxAsbTyAkJEQeOziAmI7JbIfC8wp4T/tu/5pdVidztubIHGQJubRfjPx2RLycjwwdhKsHxcq3qUXy36256rfxHy9strugEv10d5HcPy5YqSuNZY7l77TsPNmTkSOH8opld2qGZGQXSFZhiRSWgWCAmGkEiZtABCZTdHiwpCTESY9uMdK3R3e5eNIY7B0k4jY4nF8k7y9eIwz6NoMAqILPOGmIDOvb0+y2w7Wi8nLZui8D/cuVbXsPSlpWvhwqKJGiikqpx7zg5kXiGo5+hYGAdY0Mk+T4WEnsHie9E7vKWWOHKcLmUGkHf8xbsUF2Hci0pTBr57OkX/4B/sBXkEQpgo++RYXLkN49VZ/bWY1VzMKAhYFfKAZaiFhzMwKa9xfJa7AlqTyInTQgejaqw8Y0A5ofdiEYrVS+ex0BY/OK3lGy8/ZRG/xn23PgMVkkH182GCrCSFXipTP6yI9Qfe5ECiwvEw6QxPiplQfl1KQIHO0Sgo3t2HMSa7fvl9fmLZNNew7KvkN5UgdJR+obbBimmlP7qCs2JGQST+B+vm/abiPsSO91cP4/QcRibc/h34M5+fLovz7CwW04NcAojYBD9gFHFf5gkHsihmb+u3ClvPn5t7IDBLYc9g6IXrb66L1DiVi9CPWPHEafFPfNv+wj3o9veIjs/vA5CU2Ma+nbkXx5++vvZeGClWCGWgl1u+phHzlPwLQEgcDGRYbL0L5Jct4pw+XGcydDesQ0J1ptQ2hXlVYhCwMWBn4ZGGghYtkVdfLy+sNSDeJCx4jOgGb6x+P/AXGhkoxDL+vQ1taCSilADFozxFS9G7+xfUoCEugnzN34x+8OSO/IQTIwJhQ2NG/57bCu8uAi2PDM6BM2twpkwKedb+70AUz1eMwgI6dQnnjrU/lx0w7Zmwk9M3dRqgX9/W0fjfDoVTL63mn36+slGtKFv8HJhuJ/ICSjGhB5MyIW0ob4X15ZIzf/7T+yfO0WyS+CoR6qQuiKbD1g2676xRJa30DwqILw9cCcCYREpVRUIERHBOhvdXWtpFfmSnpmlqz+cYt8+f3P8uRN02Xc4F7AfufM6yPqq/WQhQELAx7BQAsR24XzwNbiOJXOkMKUmgzZ50f1iJA/TUwG8QlWThxk5EvrGmQZ4tGeBZHJLq4WL1IZbYM0GSK9EXcfLpO1WRXSH/FglOEm94BU5oY40ba3aH+hZJTV4zyyliGb1O65S0vWbZPHQcDW79yPY2Qg2fiBQBjH5Y5IsCva/YYGiesSgROu3QyyQ11vlgYElP/+hXflE6gjlZSiES+tHq1t7bfxr+5+CJ71WNeM7XTkN/HLDyVbTIhixBt+s3qz7IcadwWcDbrHdulIbVZZCwMWBn4BGFCsKU9k/ng7jlThmV3YAzwJ1OJQ7fTk1BRZcNlAubBflPTtEiTd4KCRGB4gg0GIbh+dIEsRnDwyMRz2HfTBHbB/CIpen1EmZfYo654RsNPAHqfacvFsHUIA3nNhO3PxyBFffmvB93Lrn16T9Vv32Oqg5GUkYO2tnc/BY7RbdKQHDeZe8od/fCCfLF1tkwyNnkjt7RvLgZhFQm3pY+Yh2pF6PF4WeCPjgLHt35Mm9/7jI+Wg4vFmrAotDFgYOK4YUESsANkw5iDuSgLA6bujBEfQVS9swDeOTJA7RsdLNzgqgE12qsUPbPxgqBgfmdBDEiODXToqqAfZP3DaGVBBVkO6I4RCegujx5S7vsPl/iPkgKxhSqtOhPe/WSkz3/5c0qme80WfXImI9IZpbBCf2lrxa6jnWaLQ5PlKcLA/vP+8xR+D8atDyALuQ2yS2MhQqEKdcXckQ9l/OFcWfr9e6hgP4gpworZvfR2mhLfERoVKUlwX6Rodrhw7AkgfcM8b/WMKlbAQEDEl/biqzBPXm6GyRHA9VJfhsJnxE4i++QM33nWwCeokQ6fWgoJk/g+bZOO+NNxyN0mcnrQuWBiwMHCCY8C3oQHefwwcZmopDxuMmJQ3MTRA7hrTHXFfbbtiXzawq2zIqZSXoVqsw6ak7GBmCMReXgbpsYH6SACFFdt5YmaFbdcoKBwC4ftkV55cP5TOEZ5SzbW2mZZbKM+/M0+yMrIRHuAi2JObLT7BsD/16ZMk544dLqeNHiiJsTEgBgEYhzfc2uukDO7tGfBiXAy15BdL10jPhFio7DxDxN756nvJyi9xKR16o3+9k7vLg9ecK5OGD1BSoA9slgx0rYQTSW5xqRzIzJH5azbLkp+2IgAywiM2sVZMmnyD2vms8aNl1uO3oR8I60BfSiur4d1ZLB8tXSuzl/0k5fDytKkSDc9jgtSD2M37foOcNCDFcNP66UkMYCniFXhmnnqyX1Zdv14M+FKYWQJbmM2owSnoQcBmMwBByQOgMmwPsPWL+8XKnM05kl4BLh+2LFOAQ0hssK8E2ClXI9qpg+TgHrwFZFq+TSsGETs6LzqzdmoRT/UR7EtbD5KAuXBMIGGGI0QfuMz/4fqL5LfnnCrBiAVzBSP7p8hFp46SZ2+7UorKyyChUbI7OmjE5v/j9n3Id4kXbxJ7JiCgQ7HRvzfz9zKsd5JTYyH0/osKk6G9EuXiyWPglFMh6QgVoF2sUwG44/hjIsJamukKFWu/Hgly2shBcsaYIXLD469KNfkak2nDyxm5xeY3W2p0/FJWWSllIJRVUEUXI9SAMX2sJyQgAPF7ofBB8ZXIEEiGoa19cqyh9VcdnHNKEMZgxphhaBIVEQ5J25GxygOzQOebgtIKhGBUYb77qnYjkEotEtJveGj71lVrLxy/VWI8FdXVYJqQbQfTwRbi0QwixMw53tDEMqQC9ms4CLUXSMBCqBXRQTnwyDCSovJq/EUWIDAVUcBfVGgg4gwDJCo8HM6lrglfExBUUVUpVcgowYwgRgjw81faAA23TJyQg/CQErRXVF4BxqsGSzIAISuhilGMBa6VE5GxIvvvJuwlOUUleN+1CvdsN9g/AHMvFN7BSLzQhar9jtnWK6urgOsaOBI3SA3MIJWosxJOSNXQZhDvIYHUMASi/kAJgjDBrBjB0CC0BVUYWwXmhjZ2rTznqT80QZHAswaVeNf5JRV4B5VSVFaumA2upx5do1V4ilbuSP8WlpTCcuRa08W9JybSlVmkGXO9Ukow36truVaq1XurA/PJkCOuOe49/AT5M54tGLiiZg/bWEWDt2zMrgD75Dw5jnQwLc+hzjjYvYI64Lk2IDoIcUiYICRiZsBuAk9D40KQu9E2kYpqsckgHZXJ/HaogcRuI85Da0R0tiv66PBAB35s2J0qr8xZBD0bNiJ2hLNID2jbBy9x4slD5MW7rpFR/ZL1d91+D8di58cTwI2xsAQSi1MH7bVjcV059WQZAiLVHojBxsDP8YYzThook8ePkG9WblR2MKf+YKPgZtYeyC8plx2ph+TT5T/Jqm37Zf/hHKmklEf1K9XA2KgDEJOWFBsF4jlYLkL83rghfdwGfm89cEgee/0TeJg6bvDsTwPCLV6851oZCOmXUIHNbe22ffLyJ9/IaoRnlDLFE4ggGU1vMD19uneV0xH/d+tF0/BMvGkgvKrIxT85CKM4cChXvly1UTbuSVPjK8eGXYd+0FGKXrCRyJCTgM2a47pyylgZPTAZtXV8j1gL/M1Ztla++GEjmJ18ZPnGOLiA4YkaGxUhp40YIJdNOxnM2hgVRG/W5YqqGnnjixWyCJJ/KIi3fmmxR+OH9JWHr79APVoCDcZ3P++Qlz7+RjbsTZMaMB+0KRN3/iDGfZK6yrVnjJcrp41DfKMzM5uRVyjL1m+X179cLjsOHpJKzAWGujDMJwgEoX+PeLn9kqly/sRRSkNh1l/tGpmT9NwCFVazbN1W2YQ4zH1Q5ecWlkoVCIrqF8NZOCD0zws46YK11A99nDpqoFyJfg7s2Q2buDmBZ/2Lf0JfP1+GWEnHecUEBcP69JBnb79CdaewtFL+/tHX8tGS1ZKJ1FLqPaDaYBCxp265VO676lyt20f0d3daljz5n3mKKJtV0ATmuDtiXv8y43KJ1TGiLEvtzspNu2QRvKSXbUTC+dwiqQChxXEmylyhaBPw7421E4P41D6ISz1lUG+58vRTZDQYbt/9RZVSikq86KbdCdBR2oiDXexrxcWCwXwKDvWT0Tj8UiOOu/KrpRbcMoOb3QLeehHyQmaBQCapxMBuS7f7Zj0m4obdaZKHjUFCsaFzdhkBC2FY727yyj3XyXBMruMFVeAGGxS3ZL4wuJj2QFXIzYDZQn4p4I34v8QYeB+a4Z6DAGMRhwVg2zHM5xalpXU7D8qbny2VOStgM+QGCC6fREvIeesk11qsmf3pObJ/X6a8Nf97mXHhZPntBaepRWWGs1LUtWT5entohaEE7J73XXWOImK70g/LrPkrQcAWSx3elXJO0bXdBC3E3oNZsndfusxHHx/B5n3zxdMQHdHG3EeTOdg81+zYIx8tXCWfg6g0M2UbMzBwfAolGl6apaCwTPanZskPP26Vgwh8n/vU7SjTdhscmR8kAGagWQAiee/L78thBNCr0A1uBprEjiXCsI65i1bJlys3yJM3Xyq3YRyUdozA9bUDBGA51MYSBU9kwzuub6yXh+UCEOYcefHDr4XxhrUgyiqUhe/Pvr+TSO9EPY/tTJV5YFCeu/tamTxyAIbOcTfLT7g+E+m0Fq/ajPdtf+eQwDSoRpadzbtS5bYd++WyqWPlr3ddLX0T47XbTn+Zied3f3lLlsMkoOJCOX+Ia7UpAu9keHW0hzG0hWBY1hYUy9p12+UD4OZuzIvL0VZSHM9I1N6PrSnyymRIlnz7oy00Rd8DSDBZ+fD6BhHLRkKFJ5Aq7O05i8E8oEHu9UH4AI/NYOgbKIYfBXCvuPel9+QbECFjH1W12Pv8wLj88/FbIX077il7QPxmwRHuBTBs9aiHzI2KTcU+pOamrl80I+RhDufBFLIGoTNrwOAte/UR8eVRJ1KPGdX6rnSPHeVX4KYcojO3dEf0u663tLZZZYgw22xUoDRsYdPHJCJwuXWyz0bKK9WI62pb7tRBattVUO1RIlYAbm0pYpJgqLEN1EjDcD0YqaNuB7dzPAkYkRAOwmSmkmlBEDaZudgcE+Ki5fbpp0sPOHT8EsALElIagr9NxXGs9mY40Ywf2gdDMZ+NVFm9/sVyeebd+ZKTdkilVfKCHdeldoQ7CMV5qDcaQPz+OesLWb55l3z53APSG1lMjBDExYk4R0UMDYvBC33jMUM70e4tf3lT1mADE6hP1II2VsR2GVMJlcohbNoPvfSBJCBzygXjh+GyayJTCJXkI/+eLbMQ2C5IKQYdoWu1t7ZauZGjrR7xtgw5xq6Y/fbBRk015PvfrJa7EINYWwNCaWYPJw6oQoR0ROLyOMI9yqG6nQlixpRreqA6KRzrR8UxkljriBir8camXAS19n3wQJ2/YLkIOX0SS+M6VLjD86hvw6bdcuPTb8q32AQp2X6GTfEebMSHIYFD3EOlqJj59PTA50l4mnzk00U/SCWI638fvUW6IvzFDGrh/LRqy25FEL38MJd0/TYrr+Yu2yCRgzScDtv6/X97B3XslTceuhHOXc6n1ocTt8SXkYlB/2lDp5njmQ++shEwmi5IRHVAh6yjS9bcLK/MXSJLEcqi+sH+6wE4YoKJu2E+ueHcUzGdtPabZXdattzx/Cz5bhmIMN9ZW2pr1s0P1x2c4EjYmXLO++dsEDFDu/o+HNV3bCy7cmEzKW2fGodtfbo7Vw6VO2ag4LtvhvGOG9UNY7rJ36elwFGE6rVm+XxPnny+O18t6rb76iXV2Cy2oE+ehHSI5yvWg9sKweQ3TlT89ganc/roQXL92RPbnsie7JhJXbQH9O8Zr3Dp1FeWx6SuwsbzLDwsz7/nGbn5mf/Ilz9sAGeNd3Kcwaj313eH6qbVUANx03UCqBFPGdpXLpo4Bre0RdRaqrC0XO548V2576V3lS1FJbYFQXAgYHyv5Fj5Mb5jco3YYHbsTZfpj74iu9OzWiu3fwuAdOKlJDnjzooC6DMdeK547J+y5mdsepTm27B/Njdh0WK+MW/onX97W9ZuP+DUpnZh+8HDctFDL0LC+w59x3OYA9zITUHbKHQ3aTNp1yaBZ6uBm+c//Eruf3EWzgcErjTJS1efw1fiEn0hw/DSe1/Kv7AhUuLRAzda5uw0BbRJCfNGEP/5cO6RLpBYSMxN0NzyPMcI1WA6CNYbny6VN+YvlzuffVsOZxeSy7NtlEYCpj3M6/bnF63eIg/9+xPtjtPfQITWxCBJAYm1ImB8jsAxYx9yOZ+4IbMd2sSwsc8D43Hbc/+Frch5DapchjTXGOck2qwFc/Dpd+vlLUj1yk5vIGDsCu2fzIN6pDDznS/kGTBwjSAqCi/GiqDKfRLqyqduuhTvsLWdTKgMr/jTv+S7tSB+sG2bzkdIXip7ENcc8aWNkXjEtX5JCei/t/imlpCI2ZFr7MBR/mbmj4MIYP4a6axuHxUHqsmF47qtvVBtztmZL5WY/NoRK/RCI/U+DQmAbx3VTSb3jJQ4GFcxKnWI5jOrM6QcxlJ3G5x+GPWoL6PUeTLoy3TkO43A+6B+qyyDjpuJM00gABPlnAkjXS9Ek2c689LZSMe0ePk6KefkMNvMOB+wiW7bmyHboFJaAuIwIDlBrjtrAlI5jVAG8s7sn2nd6FIVCGleSZnaEGrxzvMgARP3n2Esy3/ehZAL2Bd0HCnnRDM3RPz9v1suU3Yes7r/DQL41pcr1HpR5/Y4LBbUCQnBr0s4bGBdYE9tUmqaetqpdEZzNa8hPW0Frj5btk7uu+48GKBbN14vLDamReOhrUZoBnF7Fyq+Eqb8cuXVanyIv9lPjDcL9rYVG7bLSQN7OUkxxbAtPPPul7Ia9iSbhAFEauPT10mKDVucDQm4QUJA6RFLlrYxd+u2pRrguQwqtE+wcdYh0JzShFti0vIgigE3ddDavA7V7FVnjZfuOuLH0+ODtFhLQ99JHHZCvUrbnuqvrk63X1kP2pi1eLXqYiFtX5QSDPW7rQNSxmrgnTacHl2dNRbstx8ZFzQlcL6AyKnely8Ynggw4UykzVuFpVVSV1wCZgZldeNuaZuEDHlFF565RabDmUq/1ylPULSj+s11qwG+0yHo8+/XSQ3mr5K8tXu6v5Rk3Dm56Io6fV2KsZMJqOW80a27loI11XLRmRPljkunqWTm2nU6eKyGdLltww6oh0HkiQQ9kGBh3YbGRMGJJhz0qhkOVlXAE4SPUqw77lkoEx8doYiwbzoS7JL77hQAguqB16dWpEo32LEu6R/rshl6yz3xXapsRjYOjYCx8KCuofL+BQMkNtBbkiLBmdjkfCmGWvDeJamyCU4pXm48m/QN8h3DVCiZ8HzxFFD3vwtisd5eYqw7EBNzLAyRJwpcPuVkeeuzZfLTroOuu0RkcUFhgmUezscnWzZt3iOvQPVy1sSR8rvzJys1jOsKPHwHRHXVpj0ybcafVZ+aMF9qYEui0T8PpwGoOaxfSJj4zTVVkgjvxWd+f5VMGT3AtENr4Kn54ZfLpBH1OG2CsCsEYyO+6sqz5NaLpyiPMW6a1ZBU34JU8zryYYoPCJW28XExgpF5GQ4+F542Rnlwao36Qw0VgI8itLq9xnbfS0qgDlPqGF4gcwEuWnGf/M1x6cfGaxqozdhf5sGh5dqzT5VeOlUmJZr/wEHh829+EC/0q5nv1LhhsB6Mk4R+2JDeylONnoKZeUWyNTVTGuEtloDNxA3vqfVE/aXKvw7qUSVJcjPixs3xEEgkSNjZDyOwXyBUB5B8mk41DO7XNmv+bVVDGR/kfkemFHWyWnLvxB0IjPpNidZMOmc12AwLikG8CNoeSCaD+GA9JA58vkUFZiva8i/uF8CLcSFMCTMumtJyWftCdZ6y8SMOdCwcgM44abCM6JciiZBsgyG5sHrigvNpJ5jFp977QvbDRuS0l7BvwOWbYLSmTx6FhygM2MAfY2O6PidVJeotgIZhyXoQCo0x4lzhu1DvA9/xf0NI0xF5Fq9CIodHXv0YTip24quQrfUKfzH3BvbuIX+7HY4ccODRAyXK+bCX2vBKJKAjOqDJ7sVHblH2ykAcJsmxNcAWzJCa7fszYGvdJAsRdsR6SYR9i+DVpzyujJ3QVXo0X4ngXByJctuiPZJX1SA3DI2RQKhW9JBdUSN/XpUp8/YUKqLHYWkQh+z4o+Ih4usgtbhG7lqyX5YcKBLytfryumKmX7mQS5SHlOntDl9k/FE+uQPU6wp8wNF2hVv6iQLh4OxmzrhMrnr8n1KKiW4LynbROw5LbQLeUlAJl2OozHaA8124epO8fO8NcG/vjwKux+6i1o5fBn7pbr6dXkstgMlPvJMza8E/vECxeSQlRCPGrb/cDQI0sk9P7FHmjNq7MJ7vo0OOkUhg4XijnqvPnSgv3Hmt00GAf+l+FQSXBnn386WOamRsegVw7/4aNoJ+ICgBlGYASnff0seWAbR+Uf0j8WqUsfDYu/vyM2Rk32R1TA8TNL/95XdSo7wjTXANZmMrnBKoVtMTMbpT/2v+Mqmh6lGpnFqbU98wRi/M3zPhaffANefIIHhH2hxEvJSdqgpMwldwcuifFI/i5vgz1Nj6E3bCeNjSnvztxTJxeD9c94LKc688Ag/NInjKtb6v1kd4rRnS9vb9h8B0DHIKOdCVdPxKvHKDBgHqjnjKuy87Ax6jo9Xhna9AlbYADjX1LGOGf/28wMZ7zmmj5aYLp8qQlO6yB447T82aJxvgKWqq3sWzpSBAP8HRw4yI8Z3TC3LCsP5y8qBeQvtVsH0+OA5AZBTCafr1TJDfzPyXjZAZy6GtzfvTVDxvWHArEXO39OihSCZPEWgQ9lAwMmedMkzGDExBlp0QuLFXyAE47cQhkUJ7QVtHr376rWzccUCajUwJpyfmVBTq/P1VZ8Obs5tT1bSB7kjLtBFrR/qlCOykMYOQuHs87KDO/Ro3uA+8WcfKlqvPlV5271JfvgSqOjoTmLswv6RWtuVVgEmKciJiueU1siK9BP4lWFSKPXHfG2au8CeXw25zgXYE0EZlrZ0z7MhzLspSnah0+G664Q01QXu8x1w04fHL5GzoGv7V8w/IpY++LHnFkAK4CZgt8pbWMUA7R1sL1dMWeMdddOdf5eEZV8g92HCDzdQgLc966AvnhjekEldgXxCMY7vrsrPkqtNPhsrBZvw1e2QfkgSvgBqykRPJuAbAyY+D59pLd12rYpCMz9Nz8w/wHHtv4Q/OXDAI4pc//Cw3XzCphYgZn3f6DfwHgCOdcc15UH1eKmFwAvG2O2oMSukGL7g4eeSVD5XNyek9YX01kptPy5Kxg1NAxH3BuDfL2h37JANMh81j1qlFRaRvOG+KvHLv9Yi7ob3CeRLfMX0qBAM3OHeuVklB40C4Ppg5Q3rC6YSOGYSByV3h2NRTzr7vOWygUK+ZzTe8hx04nJEbnTFuzqyplmt4X0MH9IQX5d2S0i1WhR30hxQ+qn+ynAdGbeXmvS1FTb+AAN546eny/B1XwLwZCqbDBzaXeEnqGiWXP/iSCklwktTRf6bJS4emgmtKkxy1+rnhz/zdJVBowB7ahraItqmTkaT63qvPkTtmvuasFUClZVB5HsLxS3S7bzcQx5B8RsAV/YM/34mkCTHADZwh0B/GdDVg3P704GwHcHyMt/sGHqvz4CnaTMbI+A5RH49FeuLWK+TWC6aY1konqiK+f7WfGKgY6uPJ4agG/QMjaaifEjlj26YhpIZ2YfbJu0mJcp7b1E17zYvo0OiEcKWeMZbhac0DGRCtuuG4kGohRheDQ6oEV8jjYghJiD2bO32Q/OW0XtIFC9hJlDY20Km/gcg2CC/7zWwXJwrwxftAZp84tJ8sfOGPMg0ZQ0JUTAakcryntgHvCMSkDGN6/LXZ8hK43ep2xmC1XXcbJdg/9TEpx6mDseXAPfyhf82Wgdc+Ik+88QnikwrVgjU+wZigQ/hgpTjewrhCQYgumDACDLgfxobDQY2f2mq4CyPwm6o2qp70gA3iwOE8GNZt81V/y+V3VJGETXfmzZeoeDONgLE8PRuvO3uCRCIziikoZwMfuFIXg0m0tVkLSWgVYm9ULlLDRqDqgMqP8TZ/v/MadQqBGQFjOY7fuDmb9kG7CFx0gZrnVqjXenePbyFgvO0L1etJkEgYwC+u5gs2KcZRkQi3GzAfQsBU3ADHKRIu/QGy9Ly7BFKZWyZSxTBBavzddOkSQRWVjehy3PQmHtKvB96xi3eJMtXAdXG5XkPQ2vMgMHcaAauprYFtB8HGIKqZPFMQTMfGvWnyM45o2nIgQ83TUDqsIfDZDGhPpY2zQ4B1HQf15d2QtAf36q6cOEi0yJjwLwOqfe3Mqdt68TqIw637M+VpOODU8/3YmayW5+B4Ry3IhVPGyD1XnOkS5ySgMbQnU+1sZJywFncjPm/a3c+ouNtNwE8eiFpZRQU0lJAqW4BCjG3d+kZigRQipgL1dho0Q5/pB85yOAKUfZw46WZJCA+Uk7qFyjycF2aEdYfLZcw7W+TkhDC5dkhXGds9DNk6/KAd8ZI/jusmUYE+cv+yVClHnBg3sLbBC4TUc4Ol55TKaOBm82+EkTsfKpQ4g2647b52bglmNhgNNcbilx+UuVC5/Btnim3bk4ZDUTFZaFMgB22UUPRdwj1yS48jFmhMv2Q5EwdjtusV6OvowHeVScK+cMgUcKNTzAE3bjZsX4x8FYyFK8OC/yu8x15DMOjHT98lZ5881KG1nMJyqSJHaFQlYmE1Yn6tRqDuofyPzBkQtMfDQpkizLgOSRTzsfDysVl1R0B0e8AXun8STap5zCAaXnMDwIFnF0B1bQboD4NGaQQnMDPEKqrBwDk7MSbEFRjDey4/0/NOOsB7/5QEuRE2UzMgZ332uGHyLrwQ1TszrhtsRDwglvOq3YCy3YDnm1xw/mecNFSefGueku6c6iQu0N5tiPFLgBOBEShN9WIsmIZHltcDfjPOSp3Mrr+u+07b1C6o4L9aswlzai8YnHwQvQrlPahEDgoSaMcXZhZlR4O9zGz4xIiyN+rqdvuV1WLvPXPsEKjnJrkt2uZNzOkCqKd5LmIG+q+tNf1z3mjvAjievPnQTU4SlL4cQyioXt2MoHQJgjMcB6YHSHibdx2QzQhZIUGPjomE9JmggtqpnqWkzQNwNfCNCPQFEcNC7ExA1vkROJAyEgTHGZjixkf6R9lOXqbNUU9QuSZTi6sktbBKZm/LkTPgpfjctBQZEhuqnrt5RDfZV1Qtz61Kb9cxMpyC4TqvMef+dOwKOdV4Eif75mH2dD02uj3pWTI4uQNqALOKPHxN47AplV2FyUHPJ3r60U6UBpXOwbwS28IncTAuXq0vJHIYO7NLTBzR/4iMxFpVbv+CE+4DLvu88SNVMca/MLNFEQhVZlaeZCNvZR65VL3qi30Dx1eCTeTGp9+QL565F+q23i3NkCNWxNo4H7Bgea7eV4gdMt1NWmrAF1e4Qf/KOuBA5AfizMwT7qAr5hnfmbnmAQtF944awIQcRDowZwKNFrhDYt4OheHdiQC760Bb91CvPxbYODiIuAOOQ/XLbKfmg67c211U6gXC2QsbG09TMAOqNMkAmQL7gDkzAGvTlbQWgewlfpgj9WAMXOHLrPYKEMel8MD7L1z4FyzfgGcxHzlfVF/wBN+XYsr4NJ0XoN7jBuiiEZaCG4fpMEwvwjbVBQfWThvjyLyZlm3rIvpahfWWQRsbpC0nAB6jkEzg1T/8Bh6y7tWTJGI8Cf6dOd+o+Ej9vGW9KnyEKk665KPeQjjfrIJ2ZdW6HfLc+wuwV41FYoEpcPzor9ryTQ73l9QC2EToEtJZgAU1Mi4MUpOjQ4e+uSQckhkNCSsPGfWN3L/abNk9zLeliAmbXlgp7140UE7tYeNyn5zYUz5EEuMselq6ATVfMQcSMWZPAU8NHojNtcU12aTiakgKX6z8WREJk9snzCWqYa5Gqht+9sJ1/R2csrwICX637ktTDgemLtNEKgJnv4Gjx36cWj28TyLG04GF1t7RQ+oZ078XUnZd6/QEVSyL1m0Bt/2ZHKCnKCUrdEsB+ueFRZOTUyh3v/K+rPn3k4rbJSGogjTilkjZJTunBttzAZJiDdRM7QXq+hVRcfNAF2ymxKw2NDdFwVcgQTI9Ho0qH/tDPPE8OrKVm3VXV7vvoWMBUO8PTk5y+4iKS7LbydwWbM9NvEdftDvYnrLL7JFQ2Pv81JxAQR2hbymLIOBuCJ/QmLqW6/YvzAVJAldPT8t2zm3m3Pz7Rwvl6Tfn2M4TZHC5sW3MEbVvkHBxHRHIeEE75go0xwpX9x2uYw7Ewr43ekCyw+Uj/gF1IdQS6Cv6aBwLKwWjSZtdYhsJEshQTIWn5qUXTZU5sCkrb0kzm7qGE7aFeSU+wAvamA2P29kIpn/+gRugTThbvFPotu5GijjiAesfRPu9ugRJCFQmriA+xF/iGf+lddysIAbjBUJ4MK9Snl6ZjiBqm6t8oE+TXDco3qb/N3tOd80PdfD8MU8B9ee94XYexnQ5SsdrqBntNeCzYuMu2c5sAL8QoFH72d9fIR8+eZvcgskWA28jZpZwCWCCqCpx+/5cPty+G65UNlHgNq85fbw8d8dVEhGEiQ4OVA9Yy4rb3rU/3SEQuc2TnrkuuGiP5APGjapO+9ak747pd26gZimXWgtjsyZBIhVrB2ClgH5hvblaT5B2qOb3LMAmgnEwBsodUHthk0bclWr/Pe5vevWS2ZMhsLub4gL48UJ/jFlC9HUciePbi7MXy9OzPldhAyqeEHhpAb6TWltMHnNUpsDZoh9yMvZDEoLusYzJcwGow10/zZ4KgkekLd2a2d0OXEOXAyBhxav0VybPoW9FkJgeePUjqEvh7dsGUG3+N6TEuvni0xBOAcmc+IAzT8s70uNLXxeFLQbrg6l47N9zVMoy7zHdwvCgDsH6BzzwXa0h6HgH4DRnf1ciPdpJCPOXOEhj6EybrXpho1qyt0Be35Stoth9YDC+aWQ8MpEgMp4bjktolkBwOkOhivQkJCLQcRrtLYxXMkM+2jwE1c59r8K7jDaUXxAMQSb7Nx/6nbx4/w3umQSM+zCcJMxVXcdmwBOG9JOT4KwCEcv0PdTD1vfdzztVZ0g0VMoecr5GwKTlZhwNL8c4OFPEYpF19BMJbpQZt9u1sjDl2R9/bu4eAtpqmeXfSNC16pvhWJHDGB8PAyWFYBeOCS1N0XjSjnXeUr6tL0ByWwG7VJm7AvZZc75wVaYj19fC5f4fH84H7vkUOqc2QXsNdHXHvLgONriP/3K3LHj5YVnwz0fV56tXH5O/3/9bFAR+9M/YH+UfzZlBd8n1V8wpP+yV4W0wFa4r0N0BJ9gVgcm0dTLjj2LYDZO7GUzTajDrdyH7TQ3CT9qCnl1j5K1Hb5MF/3pMHrzxEhmDZNNU29JGicBJBN9jHZsBcQNJvhYpCB9+fa74Do6FmNvWYVxmFbX3GhqMCUXGan1sg8mzvkB4UgSkQhIi3Dfgx/kJqEMWIhPIvWPilfcWPRwHwXFkU2YpuB+TjcleQwDuDUSmfE8COejTxw6VL75d66JacL34bxU20Eden4PYmUtUtmoXhU/Iy2ci+34oOKAKRv/jXTkBXppN1cG3d3yAaXZK6CVGwuS0CXgp59ccZtqwQxwO+QTlsJXVjwkSWAiEHnpYTUMogmP+Ke1p938b0b7ZUTbunvIkA8BMEYNg58mCLVYlwnXCh8g8JAGehmz4ngQSY5UKyV2lnTBFjgZ3R/Os2TA/XrJG2WttZhHdWsE78IOq8Klbp0NlP8E05+LB7DzlEq8cScwq78g1vAseX+Qp5oj2upMH9sbZh13kjr++iXUGxkC/brhrg7gsR+7PZ0HEZ8Lbsz0wqm9P6Q9t1vXnTJDDSO7LNH6b4bG5CpqdrYhFU7ig+lk/hzmHsM7JOPv2gUNFKDIaV9RBrG5Pix0tg8aovotwQ1i0KhPDmDzUB/GeeKitzgB5GcjJWNNoI1jknFNABDelgYi5BC+JhMqyhwfViWyKcTAj+idLV7gs5xagfTPDJ67x3KbX5y6FZ1KVvPXgTUrP7rKrnXiDEfM8EsRtImBD+4zbqaFbtMOkdSykPOvc3Hcs7elfzTjqIl22701rzVDg0IRt59Sfd8QjZEKhbnEizNAYVGG8mcgC3pazhUMTJ9APZgihDfHbpT+a9wo2iNnIfn7zBZNlBDYRTwGx7Gmi4Km+Hat6tsANXe1hfoZNDLbxXvAwnT7pJFMCxiTQ+2nTpQRCaVa/aR9J5/EyKJF3yI7mpp1G2KNw6DxCFkbJi7PicDAu1IZaNhDtObRHz9jX532n7JTMwN8eCME5aoN7JakPy5dUjFWu9UuQ2urv738lGUxIYOIwUge1vXcETAjD4XTRaXYxvIihsSH2fIfuh9OvS7BQomrvy6tBjkUVr4BqlV6cSSj54g1zR2uVucyGI/sHY/Q8DWMQTHgXgn6V+sbV5KMIjD5//PUqGX/Ln+SFjxfiKIVWycBVn5hQ9sWPF6njUVyV6cj1H6HuGH/bn+UWJI79fvPuNl89HSfuhyq0gY4QrgALcAICXGGJcVXiqK+7eK3Ko+sdHL8x49m3pIaqcUpiJkCiTfulBgORD5Ju6+qcMO0i/6JcA6qZjdQ2L8ODqiPAgw7r6MV2nIF5+Wg8V4lfzeYjPOWYL/BaJGFlrJI7YOYHC9rAgH1y8tiYauUAYlIe74GHx7qKy8pC7NirzABDJwezd2ZS5bG+xETgPBT0ktPHiS+Cmk03D2gBchEn+TI8CXN1mg99X5uVoVp/xfE7PU154O0MZE+5H0kFGLBtCsC7LwWkaclRsjoN+nE3NivTCtq8CIIC6j0YRCymTb1sswxCORKxnDI3m6WuTV9QLp5AS6D6ppyThx40+N8MSLymIYEwOoWPZzdbZtm+BskuZ8OjTzlwGDkUrUPoLzOT/LwnQ3Zm5MizHyxQBw+OQk61FLgCB4IQM9anCGqxNNjRVuCQuDTEZVQj/9oVODzQlRuxVn17/mbDXXUPDvHcuCNV5iJZa0xUqEwdMRB53XqqTT46gvF8Piooc3vqYeRsWyZ74XmoztYyawATbEDfJBlAL037YjYrdlTXIMnmwiWeiUMZ+E4nj1zozfelZ8tXyISdkVMklVR1uiBgbDsAm8PJA3q1dCM2MgLpjQbKpp374CTWiCmhmxNw2CnHQZhPv/O5ZCPm6+Hrzlc2NESQYYi2QVJFzAE34H1lQQJfjEwGH+LQwZdxZhzTCB1PoFqPhyv265cse+lQxCNEjLZvlGHy3PMeeEEumTxaLp18kjrug1JcPoz0+3AY6PtIkPvI9RfKmUgFBOQezyGd2G3b9xxqZfxczUHc4yGZVBkyHyVP5SBQcmVKtYffmI1AX6h/27IpHkdMqBmPeXPrJdNkBXKZqpRcVMkbAWrTn7C/fIj5c9dlp0PD1lqGTBFzJ76BlGh3XnomjkjqC2cget4i8Tvr0cVYMWg/n/YxF0Sd8xyB2/5yzeCu8uyaDKlj9ngPEjISW29whIOjQ/DC2loAXsiRGC6JYQGyI4dJOdvYDTGo7siYEOCNzQfAjSSDR7i4mECcKDFwteVYkTK7zepVpR38JxleRn+44UJ5HK7eOchsbRP5TMYBxHN4PIa7GgGqX3+3QRZ9+5PS1PGlEJhItQnfm8DVqDGBUJTAccTkMNoO9lKwKRcrok/1RSmIJT8HkQndGzhS2daVVxuqtXvYNbAP3ODtfXNsENMaE+1+nJUWBpVApwHm0RpIjVNv+z/MZ0ws9J3vlErwRtxD1miX717r0zgQrKG9E7WfGI6X3It+r0W9qzbudiRiLAU8FOEwyxfemScfIH/hgJQkZWeiRxnbZpxaKk4rTgXXeRDqjjpIrCFwAmkA43YiAI9QeRrZ+697/B9qbTsQaa2DWC85yPX4xuxF8jY86hhGwT2gGSENTWCcGnD/lvOnYELiAdvU1J60/ppggCgajgwf67bsQsA9kKZfM2DECnHg5e3PzZLfIPh4AjZvX3DW3+Nss9lI47QZhzwyfk9t2PrntHZQXxVPBzgBgIeBzrx5utz21OtymNok7hF6wLxpxBgefm2OShR+AZKGa3sbixUgK8sSHP76HXJzBoOZHN4nSXlost44BJ0HAg/ZTK68ZgtSwyEo2uHEiNaGeLSUajkBjhfT+0XL7E05OL8GlzhhPQGguLFwnSdkUrpqQ4QkBU5AtnvSUUbs6wft2B10EPrlST0i0V1sXgAex7KDB3yS4zQDLMorBsZISICL+2bPdPAaJ/BN8DricS9/hftnZjHsY6p/btrEi2YSTWib3beGcnmQoKQXpci2GAL3VeVAaqhDH9WuZF8sTdA380oLcDAuGAKtDIs0w3Y0DDkGz0cqIerfOw3wypsw7jqFSjf4NOsAiGwigmGf/N3FDnsKizJLw4xLz5CMrALJwAbjsNGjTfgpSiNCQ7KKyiWrcId8x+Mj9OuDSODuzr/AITUC4D9OCCDjeAayNdyBhLj/fG+B1DNWyQwwB5oQWNqyPXIikGnhB+OpdKXKMavLuiYXThgln329EgnPsecRh3rA5szjjR6EK3rLPOLcIZOP+cOMJoFgJHimn5FpIONUh1OsTxQ4b/wImTRuuMyBI4vD3qF1EGOpB4P83HvzkeIsTp1czj2de3sZ7H7NiL+rR1BzKU50XglCzo8i4Nrz/IvyLR/dddbTDCb7dGgIFBELx8b+m2HxMnsriJgnFyC4jCIQjxu+2q0cINuqmv2t4inToGKuCRi6CNfK+MhAuXNMdwmHu2pzU70sTS3GgbV1iPkwTBr7wJnW5+YRUHcdA5iBuKqe4IKffPsz2bDzgE2fS2nhaDZ5IIecCSfA0QrLmchuUUc7hxu34zbRhOeZcXwo3GI/fOJ26Mkj2nzkmBYgkQaBpWSRjBic2Uh+yuNwuBFwnunhWpyTxpQ/DyJ9VgYkK8V4GDcfPqA9aHi+pS5cr8N8Z1LVEwUiQbgeuP58KcCG+sH8FRg/8KLUP64G4dzzcp6FZUG7McC0WhOxwX9OpxrMt5Z5o9VA1Bs1UyyHeTN25EBkH4mRD2GWsL0n7SH8RZlKEsYTCJ6CNLYFSaZ34ogUJ2mM/YTjFA+rfeSNuTILp2BHwZlKETG60XPMGrSsrXbMSzzXDCLYD+aPv9x2ZStLPzQuSIYnRbiPBdIabOdfEiJknJL8yjrJrqiTnDY+2VAHliIHojr3yEUb3ITCscE8dWoykgbbOMtKbBzvboNXj5J6nJHAoM5JsPv1jYLB9BjBOeBQPnv6brnxvNPAgYB4MsEuj4Ah8TC+PO0F6vvGa4brebAJdSgxqr4+3ffDBVB1AmcOoLVnaFP1QX+NYgY4c9oXp+BYh7cfvVmG6FR0DnUeqx/EJz8kXCQg6B8dfXrHd5FrzhgrnzxlI2Dsjivm6ErYG5+562oZP2oAFgXqoX1VL1Jp+NGPyXgN7dchRu1EcOzQd7NbTDSy8V8jV591isRBFYrTJ214MpuH+nfNSoADpk/CF32V1vc2MPAEzAqTR8GOWA/5lmteA23O6PFMeyy0BVMw95747YU40y3GNpe1Z+x/mcy5HCrsEwnoKHU/Mu8HKZsr1qAReAmM1PzFa+Sz75F6C0AiVsIUcRy32RxUpez/aPjiT9bFRAZQ1w9CLsXX7rtBkhB8rSQx3qdK8Q8nJcqtX+521uWywFGAq42jI1WSeEF8QDotH7lvSi+5ckgsDKg2grUotUxWHyw1l8KwCP2xoz04LqlDLuUd6ZurspyM74D7YJbq/yxYAansoDq7ijYoFZCrib2U0DgUbWJz8+R4tRfMcULnzFQ2Cg/2BknQamBTg5dD67NaZ/BsNaQ/Wy427aLtb4/YGOkC200RHSHoNt+yyNAO21ITB2U5adgHpXrEdzAJAYi07w+iNW3cUPkzjhw/mqPNbb1p/ZdGXCamNapRWksYvmk4I/6AH7rpMnNDIoJ8JyCP4/nQw5+Gs7kUcCws7wauOXO8ipt69v35smzDTnW0iTosU2UAMeKGeLF/iC9QdX8sVhL0KBwVYQQu3Cr1rjA+E1Ga76otqEM/mogftmsEXOfZdq4gGrGM7zwxQz5BbswPkOpnC2yguVSfkrHi+zXDDfDqC066mWmG7AXYci3b4WYagI82R9kw6qmEpKclIeYlMyAu1Jy127NbyhCPGAcTAuir5f06Mid0PYfKzQFQsAanRNAr0B0wrETNLaM2BM83gSl2xxxSsq5mRgni3vg8Q0/A8Oj7yzU6om+yfDDz93IPUp2twGGyRYh9allH+o6i7WgExp+KPIBMqdY9JhxOD5tt+NGXw/d6rNU8mih0QCcJdXo5nXaM2gN733TF3X5l+EkLnuxmmpYH8G55j6cyG4EH5L6/eJWsWLPVeMv2m3MLOLzz+VmKQJ8KL2au1SCccF3N+ohXDYEt+w8e4mSj5kDth/gODUICjsZhYon7rj4P5+31UPV7AeEtK6IcROKBbw/Im+sOId+cuVqOT9HpoAfUeQsu7y/DUClrGPTmetkNm5RHHUPYGAfATRaE6JK+MXLV0Di5bGAc9gFiRmTurnz5wzd7JRvSntMEw/3m6np5/PTe8qdJyVBp2p5RDx6Hf/JwBDnd5elWnwpHgGycnpsPN2dmO6eDBz8k+MHI5cZ8b8xcnhgXLXFIRZME9SSDZ/uA89HiPngI4nwErNKRwMgo8LUy0HHisL7Sv2c3h9Hm4MgOpoYpBDd0ELagPNjIcgoKlUdkKZxH6LDQgI2KsWQh6AsTtnYDx9O7RzeoOuLg3JCA/oBb9DAs/mmb7M3IAj1qe0Nn0xxzIDZ/9pPENBTZCXjOV494EGng7mggA15k23CycUZ2kRxAn9KQZLgAuQjpQs8pGQS8RMLFmIeddkXwZwpiBOlIMRxemnGRkXhHjnONiYo/W4HDGYFXp3eFjgZgzAz2VMfZu+j4D1v3yo4DmRrr41CKG+3Jg/rgVIKewJ/rtcuHOIadSPDMAxEzcExNVl4+jrqoVkSW/Q7FBhOL7AzxsdHIGB4jQxC/0xM4Zb/Z/58QgLpp90G4NjvacTnn/KGiPmv8cHDIXRz6p//BxMtzltGRyRFHLNOAjbcb8HgB1HFaQl4yYpvACP6I8fsa8gqyTTr5nTKsHwiHbVPTt6V9fx+SAI+41/YN7bp6Hqq9y6bQM9N8zmyBqmz9rlSVDNvYZzpHJcDl/NxThqt1q9Wr/W2As9xP8H7dgoM+D2RkS3Y+Dv7FNT8wPd2A397w6GW+UR5RQw8+Jm7euCdNHbRpXAdNwP1YjHOMzvM1HR7M9M7ljs8jTvRAgsP3oI6+MeVS9KXhbIH38jUcKSh5a3uMVoJ44oGek8Ac9tKFqWj3mWt1ORwwuDZcAQluCg4tPQcaHB4btAuexYU43SMDBD4THpsM+WAfyqEyJUPLeUx1ODOF9IBNm2uM75hnxOlTxjkQMTa+PK1ILpi9Qyq52NRCdJ5oRiIGEiMpL6+WjFwkHDVyKq5G5PI6sYCXwfeBDPtMRzUpKVLO6d1FpiZjM8exLXxh5AzXZ5fJb+btlD2F1XBOYz/1fYXeFJOFgc1Lrh0q/WPMJygeOi7ASVEOzpLHZ8bU4ecAAAUESURBVFSSi8biVbYULGwGfDPOhwdN8hTmIBhAOxNq0DZPgK0Cp0WukoHNzPvHYyGYFJhnMoUhRCKU8Sv/g1CB98NMIHxXfE94dXAi81EeVCFgNsKAn47mtDuR0FiGTasWjlE8i4x0hcSD8Uy/5DGdSPjV+kLmsBzrjMSFMathWNue1GRo7ZzIf21Mg36ftvWWc5Dri0m5mXmnEXORJ6tzDnL/YWgR90QzcLo6rnuEXDEkTmZtzlKL1YRZMtRDJ2cveWB8Dxxfj1OinftnKO/+Jz3cwhErFRXkq9zto4ORAw5ZNuKpy28BL3lrc7a8tDZT9uAYFi8M1ggktIEIL396am/pFeXhbN3Gxo7gNzk6Eih+jjdQmgmEuskCcwyQeP+aCbiag/rlZY4G6+pRYsCmLfjfZAQ11BklWe360eyFTkSMBrrHJvSUzZByNmUhXosGuzaAdOuWUd1N1RxtPGp6mwde8tNKDyl5Ud/vI8XVDfLIioPyyY5c9R0sjWkdUtsoM05NlksHxGEIrTWZF7auWhiwMGBhwMLALxEDTkSMg+gd5S9/m9ZLZizajwMpIekotaL74QXSXa0TgOSrFi6OKzPKZNa2XFmHBL/pOCSTx5uYSWDsAtWIFyNk4K7R8RJszF/WCX20qrQwYGHAwoCFgeODAVMiRoPU6SnR8ufJDXL/wr2SC4cPIyGrg9v6oYomnBEGu069PV3I0Y4BFloSrCrUVwSHjP0goNvzK+TbgyWIc4HNSHk+wfIF47ErtSUzDfSB08nMSSnSC5lCLLAwYGHAwoCFgV8vBpwcOxyH2iSvbciWP/2QDnsXPOcMEhmNdDYnC8enjvgX3URZJ11cYPxUoSkqkh1SVzscRhhHkYwkwn+dnCxXD0F6KQssDFgYsDBgYeBXjYE2iJht7K/C5f7p5amSR4nLQMhOFOwwoLkvPBmfOrOvXDko9kTpltUPCwMWBiwMWBjoRAy0i4hRJHpvW5488X0a8sshBQ28/lx5mXRiX02rphci48hGJkbIX6ekyNm9XMenmFZgXbQwYGHAwoCFgV8sBtpJxGzj+3pfvsxcflA25CLjBMCVY4WtdOf/28x4CxjHJiNd1rNwRDkJ4QEWWBiwMGBhwMLA/w4GOkTEiJZ8OFzM2pIjz63OQAYDpIGBC/6xVjHS9sUUVImxwXA+SZErBnWVEB45aoGFAQsDFgYsDPxPYaDDRIzY4bljP2QWy3NrMmXJAeRfgz/GsZLKSMB8ERt2+6hucvmgaDm1RxR6ZMWB/U/NWmuwFgYsDFgYsGPgiIiYhr300hpZlFokL687LHsO2xNTItuGp+1lVBsyeJmJU0fhDLGZ8D5kKqqITjwbTBuj9dfCgIUBCwMWBk5cDBwVEeOwGnDESGZZvWxG3sT/bMyShSBqyjUeBOdoiZly4YfXoT+SEV/aP1p+MzRBBkOF2COCqVss6evEnVZWzywMWBiwMHBsMHDUREzrJiPGSnAWWGpJtfx3SzbUjWWyG56MdbVIF0UPQkYn0z0fKaCMxE15GGqxYawI5YKC/GREfKhM7RkpNwyJl6448Zk5FS2wMGBhwMKAhQELAxoGPEbEtAqZQLEOB8HV4W9+dRMyzFfK2sNlyLxRJQeQgSMNziDlNY0teRZJ27ogW32P8AAZ0TVUBkDSGoW/fbuESEwgMrrjvp/KXmw5brTg2PpiYcDCgIUBCwMKA/8Pu8vDX0nt32oAAAAASUVORK5CYII="></img></span></div>
+            <div id="coverPageTitle">
+               <h1>Security Configuration Assessment Report</h1>
+               <h1>for mail.cogarr.com</h1>
+               <ul>
+                  <li>Target IP Address: 127.0.0.1</li>
+               </ul>
+            </div>
+            <div id="coverPageSubTitle" style="background:url(data:image/gif;base64,R0lGODlhdQO7AHAAACH5BAEAAP8ALAAAAAB1A7sAhzExQik6QikxQgAAACE6MSkxOik6OiFCMRlCKSE6OilCQjE6QhlKKToxKTopKRBCMWNrWhnmhBmM5hm1hBla5hmEUhnmUhmMtRm1UhlatRm95hlahBm9tRkZUik6KTohGVLOnLWMGRlSUhnv5hmMhBnvtUJjWrWt3kIpUnuMWuZrWuYpWkprlOZKWuYIWrXOnOZr3ubvWnta74Tv3nvvWuZarYSt3uat3uatWnutWuYZrXsZ7+bvnOYp3ubvGYTvnOatGXsplHutGXvvGbXv3kpa70oZ70qtWrXvnErvWkoplEqtGUrvGXtKlLWM3kpKlOZK3ubOWoTO3nvOWoSM3uaM3uaMWubOnOYI3ubOGYTOnOaMGXsIlHuMGXvOGUqMWkrOWkoIlEqMGUrOGSkhMWtKWoSMjBmMKRm9Ka2MnBmMCBm9CEJKGQgZ5ggZhAgZtSkxKXMpUnNrGUprGUoIUnMIUnNKGTpCSt7Ozq2ttebv7xkpMTExOoStrRlaKRnvKbVrjLUpjBljCBnvCLVKjLUIjFIpGXtrhLVrGbUpGZRrGZQpGbVKGbUIGZRKGZQIGSkZ5hkZCCkZhCkZtRAQKXtrnISMrXtrzuZrjOYpjHspzkprzkopzrXO73tKzuZKjOYIjHsIzkpKzkoIzrXOxToxGXMpGbVrWrUpWuatrVKtreZrKeYpKbVrrbUprbVr77Xva1Lv71Kt77Wta7Up77XvKVLvrbWtKZRrWpQpWuaMrVKMreZKKeYIKbVK77XOa1LO71KM77WMa7UI77XOKVIIGXMIGbVKWrUIWuatjFKtjOZrCOYpCLVKrbUIrbVrzrXvSlLvzlKtzrWtSrUpzrXvCFLvjLWtCJRKWpQIWuaMjFKMjOZKCOYICLVKzrXOSlLOzlKMzrWMSrUIzrXOCObO7+bvzkJKWq2tlIStjCE6SjE6Ohk6tRk65hk6eyFCGRA6GQhCEBAQQilCMRk6QjoQKQAZCBkxQjEQQghCKQg6MSFKMQg6OgAACCFCOgAAAAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKdKhHj7lyeFKmJIUnj0uXadBZ6tPHkpmbh3LmhMACAs9zQO8IvQMAgICjSJMqXcq0qVOnRgVEfUq1qtWrWLNq3YoVwFCgh0xAMJPTzMyXeUixLKdnpNu3cOPKnUu3rt27ePPSLVnu5EpSJ9D2SZPHJk6dYSE8CTq0KFUCR/fwmXqUzAcAfI4SOHBAAGQCZIxOLko0qgIABAgUTa0adeujqA+slh3bsVQ+B1rnXv1a6uaiABAAR6AaNoDdrnnbxvxgNILRyGGnVu56snHkyKdHTV7dde/jrbVr/5dOYDIf8d9/c09t/XZ22uqlYsYs9eiB05NDA6cs9Y6JcxDoJeCABBZo4IEIJqggQiahtJJghfVx02GHQHAIUOcMRVRSkHnmIWqo1SfAB+0JoMBm+hTFBx9CAXdbaiIyhZoCvnV2B2zy2ZYjcDfWuF9tPzr2o3pGAXfaj9HttyNmwhV1JABPApekkUG+I9+TNA5J245RFjWlV0vG92OYrykZ5JdF7kfkfl1yt6OJAtxYGlJCetkZcL/JRwZQC/bp55+ABiroXnrg4SBgL9U0YSU7/YfhnFxB9ZiZoZXo2T2QHdkjnS4mNaZRDyCFnJJ3FCcAZ0GyBmVuno4pn32QGf/VI5T20XbkmkEeCeeoP+p6Im1BQunYr8EKa9RpvLJpGm7F5khjslQeu1lrrhZHbLA3Hnsqtb06uW2xvp4KbLfaQgvkVJvJFx2XROp6TjqDxivvvPTW61ahKpGCVhoSHsaTTxluKB8B+nRIxnkC6GcbAQqg4FVpRfrW5HW6VbycAO841mRwmXm625L83Smss1Gx6plq6R7Z5nFS5UZjfU+aaGywYnIms5PdvlqskuO6jOPKv2Up1co2Cz2zi8IZnSWSnSkdrM9FAg21cak2He2Z99EpNZzb0XzArDdryTWnQZa6pZWnYenisGkOmTQAedgr99x0162XHn2Vw5K+Lkn/aBOjFYoVsI5I6WOcp54VfDDV9bV91MoNdEzn0LSuHKW63OKseXBGiri2ApEXd6yZODe3c9XuZY4ktVGqt2mOqI6pAB8NZKwkjSs2QGyeR/en7JGx5xq2uZXPRhqXVBOf9mz9UZ025uDOPG6vsKvuWKlSWk8r9qce3yn2doIbp8U6nj7z88HfDPIcJ9jt/vvwu98gHiwJZphOEDxKuIdktFokwwJw2PW6prMYLQli2tKZaZByo6KpDE4qUxFtknalYqXMcztzmbCeRIDSbGY05wOZBo3lmXNFyWelGdXSzmWUDspKSeqy1dCM8ySRkctbm5qVl6hVwRViLEci0uG5/2DzvP2MinJdGyLlVgietcWpTkY54vaoRqQg4miHTiTK0lo2mqRsCk/Aqo8Wd4SdW8lwQwjgGq2etqXjyIZGRDlHW+JHxzracSR4e1Ci7meh/AVlf5WBDBkGaR0CPEA1KLjDZLKFI9+8hgyRExqnkoIqVNWKN42LinbCt8TavMlEtLPO6HDlLZh9K1cRu1a2gmRKsqknXUX5wDxkdkSQBatLsFLW0Wj1MZPFqWXjyqS4mnifJpJQZrqSmWfMtTwvfQB8GyQh6BrApWg6SZZLaiaUQkkyGsUsdPu5kQJOU595RK6bx2zAPH4kp3EWaR4retPz6kO7dV5pfCODp+7MVP9EzJwzWE/U3OM697hTtq1ZUrmjQhfap/nR7yX8SschyFIhxvDHKttZymdyVClLIVCSR1llQKuoFKhBMWg9jOLXwtYsVjrOjS4i5y0dl6XgUW+LLFUTsLQpsJv5TACRw1nrwvismdqJpSal3I4QOBsmulRLshraAUBovqDtBzeqYZbxQCamB+xyh7CxZKqEcxQUoI2NmXFjTsHaMoZBUa12civWYmi0gSEHN1ZjGoi2JbX/vfGW9hnoC0WkK2PxYWPvKAVVg4esN84QQAyNrGQ7Yo6VBCYPisIfY3qKlP5N8igpgiEW17OlIxGnKM8hHEwdk6eXKRO1phKVDaMIQcD/bs54YHyVdUqFMltlD5mOSRYHZTM0IpmzY21TjzaPUzvgYPW2a1ImcG+6Wl1+1XSwm97oCPpUcZHSp9dr6y5PRL3dJOlawyLlXNErAK/yDE7V02smg0M1ADTnZWCEqkxHm72I4daIsYovgOdrTCn91a5iM1qBjcfe1X5stWuKmW9PqL0jscESk81wZP2SEoj2ayc9yZCO7kFizxyMRKtxKo4MiZR0IYUPXk0hANVkPZBtDDwYtNnTrGuboZ7OvBbjnU6rdlCoYi28Qy6KOdmElCwtz5YEoKBz7wQxm6rIvYIdjhrT9JsqApipazwoZ7oI4MbyF7fAU83SbPpEMsq1/6VG5ucvb0s6zZmOSk/KFq60eaQ7RzVm/xUqj87cOxn/jsj8jJZwSeUlVEZLvZsjo3ancrX5npC4zDFKIuOm4U7/KY/0u6yiyAIBR4mYkoZTiiYx0z/+dOpUPnISUbi3Sq98ykVTBfDOfBXlG56ue6ucFs5yIyfRvTptwna0smxW6/0WeHy08aBjw/mqLmmKSF2G1u6md+OptAm9s3tmlJGIRVt2zyhW6pSZZQfELSnvdCvbMrHqk6ybZcubw5yZcuu0pNiJ1HIGDTOb9oxKXs154LxytpOsrPAGZq7WpNHx1RDOTksn+62dkw0sWcguW9HOm51DVqwwPrrD3uEcRMPwtMrfAmq+9SEdN6mEhc5hghZpEkaCHGSIAqgiITEOcZw6UQeBuNbgdgiDeXqVAMg6Xq/RiojKHjamgaS1zt3acQFlZ7QCasvbjrC6F/uU0TYT7C0xDsyoaeCkmbS6Im9ZmveMlorPd+jVrftomvISMBU92yiKbmVRc9VLzef2X75Dnbns1MgyhjE+dMmkMH2TlIvih13+lJN2h11Oi2bXoZeZYoXFDOSJvaMLzka7RQMjxJPMNqezbFi2jGRUZ6ikQ5T/Y+W4Zwi+WtI3CTHqJyKOSv8wtaQffrLOd7iValokzmHWF1WblN0ms02aTu0G3F8NeaVtPbpw39tYpx2TOPOrNmuyig/rDB70wyhgn5pdOsSrbpZ/NRptlhBLYirZaHg7pvyTxpA8Il5mNGRLklpMc3BjMlunBXixgyvkRmgwtSYiZSLjYSyxAzyccX1WNUz4ZzXfQXGA13ptp27BEn4iaETTU3R+tl1xthxnkjn11V/lg2hrw0Yu0lrC8lHB9UbRpx4b8ytqti0FFVIfp0x+QAa5Fy8lkS+FIRNm0Uc0x1mRAlr11UErkj3FESr+5TgIxBqIE2n+oyVWNi2S1IJP/1d0LWVab2dMYsU4LwN4MyREvZNu6XZm6jdpPoMdM0Yq8adwe+ctuMYtA1hkZsRDZlJN3FVn+bWIq/E2FvhmtZEy7UJf3PeIMcNUz8I6Lwh45BRW0VZ6pdV1hHduI0h6TgdH9hU2aTZkarN0dleDBpdXabKCpshl05MaS7OKuVV+vGJVaZIsTRMmwaQsCqSHhHdVN5YjEPNK9QVZSXgXu+dyfKQ/StE/oaEaofEh3pNuxoEe1CEVaXRm06FIOyNe5ohvzbJC8+RN/lc2qORkL7VKvgImrAhpQPiLmghTnUhOpxGOQDYVZjNx++Fn+BSAy6FwxVJJ8gEdRtJ3PhQ+dP/2YC8EkdXGI7BEewJHisYictdnVMLSbRMXgic4g31nG2YDgw94S70VG6pTUDZ1GtGFHNsWRb+jXk1Gk71zOwDVO9/Gkzt5OT15OWuVkpwoOwBVa1n2OTqZKw4oALTzV7d1SrriWwlpKjWkcX+lAOfAac94EUvIe5j1YSF2av1jME5JCfnhO+XmRUKCXzjGY4EGlzSmk1kXgggUUlGFM1jlVEamAMQ1gTUIJQ3QALpEb40zlVBZNR3Ua4pohhFkPmJ1LrAUJT42SUe5kUWWdmuIgnD1dmMDcTeCbbe4dg52eNKGJ+G4YCOTmV13SOoIdZ4ElW+oOcmCi96BJBWERb3/JIqPVpLZtFSEB2lqNVLaBWNj00Eksi2r906XcVjZdxRB9XVDcgcoNlXxNjuEmTIABTqTEYy3RDuxETZApEiEGZljwk2csXpmBpMlCXik1GuwRpkKhC2HwJVdKRC7lyg4AXwtMkieVR/+iRnWEXpDaDvfQm6cl4t1JhV39o+spF10MioSSlwV2URJITRuKXG3c33AGEzwpVIWSoHwgZXcdXHhs28/YqBTdHdQQiSWUSqd1CVrsibuFTN8SSwZ2BnPlZRbeICduJwYmGQFtJROIprB1XWasVP7cWOPRxvrZxRN0o8ghE1A5QE8hHYVtIbL6WvGaIMjI4+BWWBWdkqc/6Id2tRlrYFLvUJKNno4qEIs5DR+bNeP+SQ9PGg1tQVbfvc/MxOfsPY6a0ZcbdhMm+FNH2Mq2cIZz2IjQZhMMcRKN4Ibu6IbWWqRiTmC1TWTAHAIeMBQHOYSluCEFXIhg/OfGKQiK/JRm1lgyCaL1SeQZ+JV9fE21lZVIwpAjmhB45KJYqZmxzKYk/FKPhNKrlc1mVEqaFdFaKdkQWWGA7k5McObSKNGIkSasDpCy8OXT6MbshE8sDSjOiRkObJxpxcnBxBJcdIArZZNgchjBIYzECOp3iKTpNmTErlaMqOd/tis1zeeDFRmAvmjBikk2KGkjAhPjmdgT+Rvx/hly/8EcXlioGgTg9tJscIjraVkPr9ksXjydFX1RYTnlvDmPBBJj0LWsCFVX48pRSXbfwSCL2rhEjDXKEABSFdxdCW0FKUEK591PMSVTL+iLiSznYCILDPkLBFWgv2WpiwYsnLXmHDZVmqXQWa3esV0qtz0SxAHRNZUWOSFcb9Uq9tlSbzypLezdDKzgriGaUWFM0srfsjTd/0Wgsl0ZA1LaYiar7vKTsK2K0rqqHg3slSJWm4rg4zYLCe5Nsx2T+QKrQc1OTDzuC0rTywUphfaLt3TuGZij+VlKmQbcq5IK00SfrwKopNII6klcqyqXNQnaMhxB710PZskdMakTLEzTO3/YqKEo2c/myccmpgo2rRgMobBZDsg0XIvcRghJjCm2kg3IkCWNDDTcR6msoUshmaClbJMRm82tI++ll/nRk7cuGsW64pqSCV9OFtQ2a8uqCVupbpfxbF9+kt5gpRyylfSUSQjZLaxkRkiS4DjmpjaKiTqtVystLEQo5HCBnJtY16d8ahTxlJ8hlt6uJfj5Rkp1HffOnTGZnVTBJlhtE2puZFWlJmNKDxMRbyak0byuxrctK0Ze1SoyJKC5qXkpF2FKr2rxGZrtxu4GGuC1iYfs6VJRGfWRcRORbfOYktMNGdhokPa+r8a2ys2xKZ3a2WZxpLOhoAG5iIk4SAPlVkz/xd8qkZJ5ZFR8EUGAWZKlGnCYNTBtxVB8aG7rIeiMilw35tGD+TAXhdMT9JtLQO/WwVvLGNmWGxEkZskf3gi9NYaXaSLQxsViao9jHgqk/GGuzEn4hRdCnAZz5KSiVZFy3Na6xK5I9mWd7unt3NO85nKendrU1s2r/KmGwSeA/N8g+uLw1EmLXuBrjM6G/OvUtTGqARMd9KJXIM+VAWBCxYdkQky+YoyqlNYzZZkIkltY/IAd6DHD9pGwtK6HBNNShd44UvDyGE6pyFEgHYcbdelJOS4r6e/3eqkYQQ2JclYRpqDPlUc94aDL8iawqMAAxFROxGFLcTIe5Aw8+HCs/+hGodEGaSzcUtLQ0zmaBB6cBL9I1plJx7gAY7nY1/Vi1h5M8Ypn8HJbVdjwLmFiX6ni4TXI91rS8FTzdlTQ9RiekYMVcLZUhiZM6E7Wjmakz2WQR3UAB5A0Z5kaEAWepvBGS70tGp0u+DBj7rkwzJkSTcqLgHsXJcBe7VxlXEZU9IDQGXrzYUbJNxssUJGhqjFm6nHmzY9iFlnhyMKdozGqv+KZ64ya5yJYLPjXss81cJDeCO8bmx2jA+2bhGGscRbHEe0rLc2XcpxOTuzowf8VKJHKtVzu5c6EK9RYzo7mWnYRNMxiaos1hDJbBIH1jJFRYwqQ9jcc7BKSvGXU8P/pYlY3CUg6dX1NqmRpjZDHEO5SUKVxC0ba4baG8cDtcB5uWsLpxrEJmzvkSYIVpWstF/IchnhGKUw9H0cJ5KjwlQHZ4wqNNfhCWvHGCe0w89I1ZLj1F6mwW4Pml7To8RGOSzOaXmtgQKLet+KtnzilWC+y6CB7T3+pZ6nI4GBKaGOXd8SfaH+nTNnZSaxQ8vkBJIGWKwb+Mq6lpDAgldIBIyUbExNnZf5FrT9a+A2vK33SiOcnIBpCjLRSk4DQWl4+ZZUV30hjpnH+EGwyLTmM8DbMcOYjePaUrnKxcWRt5pLisotGz5Hclib51YdSYx4F8nEI6wxbsREIXGpMc9y/7fVVPJcxayPEVPXJ93FHGc2aEjSWjiRjlZTaO7BG0RgNtNu5AMtd9Cs1V3Vr1Wo/4PeEOwiG8JIRiadW4zD3eaqW6UrTKrXr/aOFR3hh+vcGBhr0yJeew5C6/cmxjMtCGQuutzSSJVXVvWYsLglQMo2FHbprJfSRwM1tplbN6RwikrrUuLpV/deTDtQDTiiA5yewqgi4RitowXS/jEQ4Ohz9VV88a2WR/66c0ZwZVsmpby2yMSB7UvVSSmi8w1nv+btkN7hxedeeCaKf3i4j664dKzRdzyf0QdQBBA546JegmrOD0e3PUrIRQotzXMsT0mMMlN5TC7S1IYfIAk8b28LtbVbK6ojp9kX6cEV2OsS39ccz5bnpHUHewlnQqid60WU7qOTbv0Y4CwKkWlD5iSX07Iliiodpv3+VhrZ4a/ObzbEUtWWtLDqkbzEYxd/5ekjlzy/KhkIrb4Kmgyk5CzUpAQ7dfD88d88PXdwCH3/oOwbX12ct1MUs5NPTVu1mmfOo71CruadjnkyCub/9S25UUwD6JfaBZPUeclfFbyA2M57+Ol7S+dPHrCJuEN5hidT6XnhubmMXo6DP69kw67B1TY9GWZiNDmnMQ+ePLTLVW8PXNWboVhCD3iYqLIzMnIea2CW1OXE1q69GMsLl5X8hV8mgnYq7e8JHqUBzmPgTNQA+73A8QCtI/hY9ECH2EDqkzUFb9Zvdbr81ecnXLqqe3AsVYRRIx/cTEye94Dm9MAY6eUaN2MpiXjPL1U4Yl6vFW/IDyIktBn6hNQevpMNSXeBF9zfqc1mwJVtDfV2zTx1L6bZn44ANei5AUIA/6GAwAEAAwkAOHAQgAAADR0+VPDQYUKJEB0KiFhRYsaHAxtmFPCAT0iJDA8QvPgRQMaICAjcYaiRY0WOCgS4RGgypkOYCFEuFEDR4Yd5Pnc+FJB040WhDU9qXBn1qMqVDD0utfn06cSfC0Fm/EkxK8qgPxnaBIBAIoKdUx3WHOi2atOkIBtiDKqw6VaKTZ0eFCpQocOrSGc+vFO4oeKlDWGeBQoUY1SkbGcK7blVIMHDH2NGFNBgJFqZk9lSnjiYK9OXk4ViPNBWQE+oYlMS7noXNd/BCrJCnalg61vUUJF65dNgstXEUVmW1Hj1alKUHOVWlG5W7M6ZtJEK9QvAe//U5AvvzsQbeaXZyX+Z5r4I2qBE8Ac3PzzXx9w//twR6o2NJtT4qI+q6BJ67q+IwDMrpeGMw402t4RTqKc7FuuqJvfM2ytAiQhAgA/6CCANu5/4UEtAsPRqTaq3rusILcYOS2i81CIyiCX/LMItIpumemo5GwuqDqrZymqMjweoygsqAgaDLK0RXyTOq9swBIxE8xTEEEse1YMwTMqmku2uxy7cko+RPiQoLtJA2/Cpw9ys6KizYnIrygcUAosggo5UKaLyZCruIigPEFEjNNk8aKcam7SOMsaCSq8xzw4kEU8B7SzSR0prYghJIpOa7YOGXHIUyrtiUgxUp8Ly8MD/LzkaLqHenEp0picfk3PVyea7KNSoWi20yi49VSC5y9oz7qo7+IM2yish+mnSOtHy8KgCJRqvs5Rotc82yZJt4J246iS1I7M0vKupzu778sUDfEStMAKWlFI3O3XTLSv7Aq0Kve+4o/Q8kzgzjqIm3XsSquTeOUkuhTXDjUiAVbQ4zIW5bc8/nOIk6+CKjYTRJ54Y6oneqNw1eaHE2oy1ZZFd8wvYggzsLLk1n1QtuKs4Gmikdz6Tyk5PU0wrURtNUmi6un4GYOjjNLKzSU0Dewg+dG3qDFCIbDYzVHgPS3fj+FDztt1b+a0qU+JoRelBpjT1Kqa9+qxNITyBVu0n/4GLm8ojeFMLVFTHjKb0sZPrPLfYBbMsaZ9zoOXvNPPYjXhkY3lkd1G2sybAP8hOCl1LMS+6sMWGCNQ7Ll4VQGHkxlvecku5q6Iq5pIWTfs/A7tkzCGp6xyPYL/Q0rXRTD2fkk1WH2Qdb8A/x7CtR4EDAMWFECztMatiUxl7wl5Sdym7+ZR0XhNDP6pE2tUm3uwwYS4/8+FYzTQopLxzX3PCVxKNyW6nofOFT0U7KpxnSOc56/BvcVTrS6MoUx/vGIR1W7PKoLiFkIa8owFFuUu4mAU0tSRrO6/qkoHS1bvL/Gk2q1OLAF7yAT4chneO4swLFTSbBpChawarUqgyc/+QJ/VuI0qhWqgG0r+T/EhTs7PSBFVjqXOYgXL/OFXozkMoiNzEIZYBgEg29BeRGStVvhOABnFDndFBzmoZQ4zRVlWcjFywJGPBCmWQRrjZeASKzonKx3piuPIFMiYieRyDqMSx25RsKp0Z0tTqpCixVWlRDyLV2Obnp7YUqyD4agnOjkMmDjoEX+LZl4D4+BkguSVmSHxLkEwWvNpBB47iA4BofpScp+XGgKGC5ci6FqJJLkhrw6uUZwIHPgwlamNKqZQxK6I7361mmga7g2jqshI/ulCVstoiJSeZsRGeypB/K8kjK6Uwug0pmEChFWQs1CilcA1MMunmjhrggYT/kCVgJnJl3Hx5Ecu5R4iKOUcernjHAP4HaLF55OlAMp6JTYaFrnnX6Wr3qdrNaHu11MhJmAenaXFJkm/LF4QiBROEadSaLTuJiBLCNE/h6UIZeRLp/OUyYRnlLyl7YYCYFRdo4vRPf0qi18a0kBQRk5otE9xC3sFF3HGImdIyZaJ0gyBYus+XGOnhj7pHH6SOUYeEItp6ruMplprOKFpEIVMcl7UDnGkq2ksaeu60zD5mq0AzvYNNbEQslQRJR3kCXTXHt7sdZbKkwBMpMHsyO4bMw1QeEYDUEkJDAwYrhHcwFYSChKaI0SuzPQ2PWJEYqsytyHa5MUhlP1iV5Mzj/3uoSWbzmHUgoybWeuUDEdpwi6b2ieeK/2BIiob2MtUoZremkSlSw/M7d05Qa4c7G3GSwtKfVPApaIrqRgJEseNgUn+a3N1rIFTCfEVwZfDZDGQyMrxx3lIjRDFZT2EUmGBKyFcxuYOaahjHeuIzQGLF3fN2yzyYSHNzlAnl2Yiy2xTqb8Fmewy2YoYerKlPPFvZbuhumEQ42pN6BrtdMJ/5Mv+heG9T84+3MvKAojBENHfQxxQR6EkaInGADy4VH2rcYG4WCULW8+eYeoWR6bioJJn719cIEknsiqxWCMPLaU7zuDnisn8tIxczcWkjCtUXq2RtV9gSq577sJCuVP/9JpN2aiYTHPeHheSc/Ip1rvl47UcOvozbcNcaRfKUU03rilsER+EnW+VQc82d3mgTMauw16Vn0x+cubcluZw1J8x7yhKnecb0PY9IOIqNFvVmkwY0ACEe+ECUgrMl0hzAA8opydCQCBrEdhEqJdyuouHbvLBhRI10MqlinYiU1ZaoiQU8clW4u93vjEplbRkk9hK0w6IBYB7KGeAMB3ycKR4rXjnhmoxQcpUCIQ+Yu2yocV5YxmJdcGMeRZ1KtKWaZLK2cLyCqImOGGfQoTqaxInZTGX2KPARbXTXVeABAkgd0xWma5u2krems+EjRjIjKZoPf+UqgHMc4rgJpCb/ChqM2eJWtWNDogiw9qI3NnUpjbcp9G+/JsG0QS0raz1ie8BWzW0+uCX/0klOUthFqVlOxlUVj9Osk1uC11IoKrfvNcOJF5bAJDsPeVijAkzrVp22g+15jbLOcpU93mVP/5Hb4LRHG3rRRc/vtNSv4tY6rbmvr0Rq3DtJxTw8O+hPcHroXeiby5HYraxetEmKDk7eSOJFaohMp5jGg18klYV120RSmYG07uqUbOlRTQot3SMoV0uLJJ6NY/AQD8gt0hug5jz3RhPGoo6gj+pl4fdgr7q79+h76VCGq+FXdZjOsOwiJujDcbvKSmVGVGXbUYAug6l6wscV465Ej+Ii/4MyxDSLfoXpdERYWsjr6K7svn7wmkMIcZNS+kX7blKHq4XUutwvPukyI0/jDQRbOrLyNBlqOEu5lAX0iZcgAD4IrYpIESMqFLMDqWl6JTRZFpVpmAcxItdituuIni4xLAMpu2Bjm8TLm5t5n7RhiztZMzxhJhMTLT8RKp5wsv/olpLyFq3wMEY6NZd5laNQPX3DuGM5kgIrOLQLPk4rqBsBugIMFnBhPudgQpeaDTWxraogE1i6LZSyGBkStF3bH4cgkIKDoxfCrD0KOAYMlOPCIgL8ivgoQpxDH8AKp+NYkF6rE4VBobZ4DlJJwif5jNs5IvTqskmRk0x7rK+LvP/fYa/Ocq6jOhVSiqUkY7T/MZbbiRXrsAuqubO3UD290jN6AY0J3JwDDLEiobvDeQ2QQKCjayvfcb7qyTonaS6yaDAgiTIQa8XTUYzJKjQgijsveq4qzJiMAgD8SixvgcAMiwrMQytBDLlVeybxoB3M6h2mmT8zVK/yk5c86Y5r+cKVUJJpWhursoiPIZzxGihzMsWGECMUy420Qjdl8wlbgaeJQJnOY7HcExNDRMANMrBfS5iWAoBzgAA4JBqFWxHvKJgcyYvwCY+e2p6JjCgiPCrSkTdWc7UHbICX4EjMKp6WCq+gc6izOi9PsiexokAJBI5O6763sccUChohpL2nl2KUy8CbjXu2MqO9JCwel8EsP0y8c7Gs37lIWgy4dxOdKHknvji8mrxAgMo0YnkcwRI23Ei+zCkk68AakwGN1FkXtwA1hPwoGUu6uJoUS0sLQJHEefme9Gg7bsMtqBs4mgDArPtExnCul0pCixzCnQKU25IO8KrLMRK4zfk4gmPEl4y/uLAjZbydm8yLJLQlJVSKHBlCDJkT9QkehSOSpbkYquAydan/IoYkG3RRKjE5I7roQQm6G5Uyyin0o3JTl3LTSKDYP347M317OqgEjeEsCFTMImUTGV5rSdPAIcVUskahC6XLiZ0gM2a7I3kzjzLSH9g0S2yjGvF7RHmrzuX7IgcMD3yLIqkRltkLkzmzJaXsFr9ozTxUrPoij5BkxINqmLhCD08ZHulJQfSsi31Jrc/ZsmsxilnjqTG6n4oEShRMMwBAAQAzjkHyjT80IsfaTVUiqeIbHPL4gBJ5DoExxM2oxpXhvf3EHryrys/kk/2kl8KYSVRCnSL0u5RglqJTof6BlzIgBTj8oiuMOaQCCZSwtH6CuJiaSH5pvnq8EE8zKNuD/xAZJRqtNJIPAYz9C0PJC5E5Q4vcsiyVVErnJE+VSsVIQpRFAsVgwj577IyB8JARbDG5OReaAql84lHICLZ6yhzTcAg/uNLSsEUCMhIN7JdRS8lZig0LhVK29JDG+cznQbXqYRcudM0xna4tcSfJixNBK7wlTUE35AoCXbViMxSNOyrVUQ9BFA7SGEg/ZBIWEzWl3E1Z25EMLU4//bK4WqNkOSUF9KScFJf6e6rbYLA8Ec3tsQ9YgqLEobWqCstzTErAk0eQTJTUOgQ8YEjT45FMrMDxcKcHSTEQK9M3+0QaVavf8Kwb/ahuorI6lLFyUYhWOwmU8B4DWhJQEyKLAv+8R1mO+HmVOmyZXUyZKAopgbKYrlnNkRmkRY0JO+Ij4RCfObwIAkk0ZDS+urOpNGo9jKUxK/sTqKFPOOOX58HNCRmVWxySSDEquimyW9K7iiCyryiqW6LB8NtKOorGa4WcuUAx3FxV4QtUzxAsrSSTH+utkILOlsJVkvIxIjKyk5KS0xzTxtArqvJExKkNDWOyRCM60ik3MduQD3W9HOXVST2ZXz2b6GyIkoNDLEoR99LTxUiODJEqBNqbrtoerSqOI+TKFemsneCz69IhwVUfQzRYnLSIePwWMOGqYEkKvPoiZ/KpzmxPVuKq89HLanoNWNqKwGurEuHWV9o2yaj/OY4grhYTlCWZDzvSiila3expuye8TnUk2kPi25p7MhYxMbaNlNDUHYk1U0ttsaCZCg/awgMRgGlFqb2USib9HQV9XqrM1DgC1taCqYYRtYx609LTjRa5SYhQE1eruXl7MK+EDDfh2NioLTEJr6ZiLG1BmJP0kOsxJoK5C53pl6QTi8GgJfdSzJOMv6rbDbfqSBjZ1ac4hxd424OEjiNBtv8pC+9JWAHxELIBQY0hMtoxXOzKqZzkmIzoCYtFpY3lFwg00S6TzkM1ILeEtFEZSBr9mMVjPB0TP2OpO9iVQhyGLK8hEJvQGaXwwDrU0di7rmJtF8IFtkpEtyjplSsR/1EBOtrcaI4vgSaauZaEQ0jZs50X1dLisosBRVecBaP4gNhbLM5TcaYONRNQbBzbUC/HajFFOTJYDT0VBQ3/45xV6adCieITQ6c5ciI8UiCJspI2mtILJraOqS2roVpD5lbjQDURgVS/UBY3yafdfdn0MST6EpYfLDltZUiAARefULe12K1I2TO/lU6SQt01cgq8aE77nEsstRiiMly98THSWwjXOYoulR/M0kO9dGKg1ZesSSvAsrAkc6j58dTveFRvCh4lPNTjMZ8d6hBsZESRTSxW9gjteUnM1IhzfMTflFqDsJFkNWUMzESysR6u+UaNgiIA7iiE6R9Q1USLIf/n0si+6FotsTlHkn2RACNf5yItblwmmBUO08MTnVkiXlzZekY0FMrjCvZP6ktklYhEGKxPUytHdNwfNfmzTsozulPkTVQdBbM5uXJgFs1L8xMfQ+SZt0WuL700lsxOLCbKehzWmZsjlC0sHfNBog26GfWR//Vf+JBjOnafNmuPlnC42mkK50qWtnPn0x2RWUy/+Mtg1OHXj7BMcHpJ+Ww5ParaHCSULg2kWwk1sW2MK/yw7qrdu0SXpRnO1/jHYO0VeCnMwVG9es3SOzK2uozkxX3L5ZMjgz1DwPEXxZGhe0phpe2L7qQRvRlqi9o+ss7jrrCWs7bPdhMV65gqqvn/gNFWzPkEJJxoSOXJnra+E9gs2SD6Ug6LWs+ei5M95TF+1mr60A0OKRjcCZpW42Y+MHXxQqkZnkxFMFLDJamEa/kcYOLhNIxR2kBGKfasqZmpiHeIteYJyzYezGuhISlqFBddFF6EkyAGbau9YvgDQ9iADs5MWcMwNc+eKGa1Z1FVWlm5yVKGG8cDQCDWPnTsk+/Jku6tHVfNnj8yjOw0v2dWKTKRGpe0WdpLTIXDaA+sbqQIoHMprRHJykIVwmAay/a8HKdASecRmPBRsBiNDQ8KnxIXOGR0iV98s4qBTDJyqb/CMkvtGBFdLc6eFznFLrGkI7wjwHvqtru9xzEV/wCadmmpvliNmEcA3jFX1JKYM73YnMKPetJFJcTzSA5+YjeygFdOU9d6Zi1VmWuDwVjnuw5U5Bqqc6AHHlbtokBVdpmZuo8gJk7ADJkZhdUnUzzPoGEkoVOy+Dg/VSyqnAgaol3XpNm5qCtL3D2quXG9pOe9/qgVHRn4TkZkLhS5kRakQV3ew7OuVVVaTD7AieRfolagJE9uLBoZy+a5OgptWhXPea4do/V38SIDQYA51JWo7Vqd2EOagNG8gIlZPDGgIGjb+rZxg95aQ0tvtGyvtReYgRzu0q4U6iwmWUQFEG7aw7gHyY6vvlIPIBAZXHWAHR8CdOt1dp71wUtGvP9TuQQZZeelzeENK1HflEoLA9ZErxSU75bqjmmmTv8yd7yUwvBKy0Xcuhmjv/x2jqrPfJyyNm/i6rW4NBYT0vA5xbVCByepPnW3YcakJ+V18dtY9EO768jZdmGlmrTEN1Faz3Gd4KqIt7NeW2wx5i7NpXNlZTJspE7UA3EmVh6TDfWUzM0voPeMl9FcPIzQppaYwdB3N+TW37R0bBzm5QBAUvnwpIi3QGXbkcPCeJkOIK8pvLyDOnvbsuZVsK/aeKQI/kE/Pxx0MQ5hSUpsxDgXXp+ux8R3nQ2U6WgOBRUlS2m7yZhHs4KkShKjmRuqBjEZKpNf+TNB30P5fIaw0Kb/TR1bu3XRPEdfR4ARekDUTGnLk4IlEhHpapNJDi06GNGp+8RdHQ/hn7kden07kprQGkg1q8/ZCeM8O/eMs9GOsHOTpSTOrrxfmIiqyoiDI8ZQLw16/hMjpMH50Og2HHtk9KGMSQ+JxLRAS1/UUzv2iWzjEuKkkT+h+oItYpmVC5VR1/HiN9VrVgcHCAACFAC4A8HSv4QKFQJAMFCAAAASCUqUGDEiAIoZJwJ4gLEiSAAHDoSsKOBOyYoHCFA8KZIkAZAjJc6sqAAjgQMPPwrEyDMnR4E3Sw7daLKkAJJ8HoDkozOkRo4QU1KM6jLkx5wDBQpNidRo0JQzKQIdGTXk/8qhWr1WzBkzJcaiWDc63Qp3Ik+8etOCzLuRIAKwYVW+tdj2acapIkvxUXmA4MifJGUWjnz4JQCgIIvWtBnSLdk7ilcSuMOnwdazRleebMBnqtyBS40KeBdR7tCxmUlqFBB4sE2elm/HhWpcs0mUKrcq/npTtF6jBC/eBVk6b+SbZ28LXPkyL3isthtupoyWJOyPN2HTjKn2MU/VhNv3XT+XvmPM981bzDpZc1IscbXTbokVhRxbafnEm0QIisRSRAcw5tMdh+SxEIbleZfcRQoAlZRFUdkGWYSFaebhZN25p19w1sXkVkkjEfCWXUet1VVB8UGlFUHTbVjTTQ5WFN8YRU7FdBFEKB6W2pBNJibSRaLVGCIfv/W40YbbQZcTehsexdZN3slnEopCPvjXTD9OpmSBnkUEHU1rCsSURQ4hpcBpSk7nFQKFPdTZZilK9FtDbxH0gKCbOTgmWzt651pL+mVXEnQQwdmTRjwKCVGAJibaqJd9EQWSH41t9NEHHoz0qWcCjUcRa3PVxB1aR54Z6lTEUccVAHnyatOnV36pn0byCQsokOKFN6yr0m025ZlYRVWmYIh1lyKbg/llUnZaGRnokWNapYACYoaU50cgGihYeV7dNJ60qxaUjh4Y/y5EHGX2PUkURn40+u+ZV7UKJ19e6aSlfwIp59QBlXKqXIFyGQbXpe0y2qpxnxGK8bMNKnXwV8ldtpaZEaYIFIDbSuTaVYBODHDIL0fX00WCIqhRwWI2hxeRg+bbbpweg1XszmeWjJGXe/YooEAQYlVpzDOKJiVOrhn9H6uJzWrdyei9IxFTsBaGmU8tCmZnj0mOGmCKdO4rE8hQFRetwPlxudtpfEBGklkRAbV3X5HtqrAAJ0o028QrQf0sxOURnRR6cP7dlB8fDLUnfkJvBBpPcwPXZqsFx2mpyhlrG7FFjXvlFkphAg1X192xS5jEAEBghr0L8Wqno5rX5xlkK/9KHKqoG5ZIa0WXquxd0b8exiCnvxOkFeT4VZ8RgFX5ZlfcW3OX7UYbP+AekhUf/sEdBEDUZ/AWEQ+WlKq5zNGlHnI6VPNoYhtgZjT+pXlVgqObaW2mSu4ySWrUdsBa5QdmvZmd5na1ISkxC3S/Yg33EmUVhc3oNmOTmZKSIhxBQexiSLHWQLKltJR84Gs5ct5ZCHgm1WxFMzdqlQIBVrthde45I8Qeq9QFQf5tR087K1ZfTtLDufTpVI1SzZWEVa1PneSDQeucXZBjP25VJojTE8A8+PCaGSLniB6DUbkYhCPxcMRaLyzIOcxwodwlhH2hs6JNllKaD5iKKvXpXMH/1KPDXD0mI9OpXUtgsirmsMosHiNDA2A2owUWzUvEm9/nKAKxgTQgkh7kjW+eWBIHTckjECshAmtmKK4cAFK8cpllGlW2oKhnW3ahTgxXcyTRxIYPH+AIARyCxGgRc0BrCpBc5oc84M0FcLF8GjERpMTOoMxLftEimGLkxij+hTgalFmvHuDLQxpFmDTrykNeB6+wmKtN2GEaJ/vYEog9hTMrUtvNKtLH901MSDxqkKea5sZujkeE7TnQMeu0zHcwBiyKS9dV3vHLGL2Fmtcxj+goc4DToDJ1fsnLWvwmIAG8hlHsCc2/zjKpNVJGb1M5hyXqRcd/vI4+k3SeULYn/0wFplOJGmncQ0PEP+b1xCukyxIAIJk+gClxW8opytSi9NEaTc6E17pMbYKCNoiehDWbctJ0OhdN6GFpMkgaYRUvtaV6+gShn0kRL//2T7KA7H7U8QAf5lE4ObEUY80ZyN9YxbsxKTEoi2oI0q5TSEUphWVYwiOL4LQ8WyXMj+ALWpuml6J6XialpsOsFPHn124GbXI57Egfm0M8QTIwTGO7n2dgBE7MylWDk9zUZSlly9mCSlA+AlpL2grR03xtVzcRJ2p5258dtsd85/RYRPiwlqi0c1PGyxZELei+10IrLEzK5R0MMtOEzEwnfnHr9kbFzpsSiG4Pko8AXNOYNP+SZaQSkeyTVGOk4AqtvbtR32uMhBP0PMd38+Cjq7h30f0w+Fb2bSZHxqQggL2vM4DrlRjHSNckKsBqfnxW6XrlyZK8w2qRUV1nBRKY2hSHOy5TzNeIhjGccTYkG9uP4HxLUmvewWqYy+l/RTfPyrZreQ2rYN0+d0adpM8hKx4PUvmZ1egSSZDJxGM+CdPdE66ImB/hi4VlubfeZE1cmJGhd+KGSzVmZClb8YiDf8xbGb+SaSHCkbrcRjGx0pVWbuTLQ0pjQZxVNGthxuzv5hFJBOXEKqKpyYkBFDeKZoQNh0DIeDHCO5BUTIgWS6Vj9dkA0ZiJgWXdFqENoxu7lKv/Q2TSzX33akHhjO0OkCSlEm+MP1Y/K2zk+Z9YDFXG3vhBsWPzYf1M/cftgBFGQhQWRPhmq1z2JH27lLWsu1Oj3sCW0Y3ESAPeceyuQJEjyNVP0Xit4pjwMnPGGRzzOJWXB8aobCajCmLKdW3ElC1tG+WgJSkbM4N9kE0tiWEo+VOeZysGik2NXxr/xU/ogq7VXGHudif2V3CWWuEphllfpDTA7EWkyqbO3qiulGa+mXWZq92tjjDmpfR9ykzGYyV6EIg1d0PQKraJVUhMkA5SjJemG0uz+r6jOmFRZHw9lm6716Ovl2mHJiqr4lOaV6Il/Sonppp4iPHSm0qROcLY/4lPqFlEpg9bk2s+uXHHBvSda6XrqW8VKsgZCReLq11mrM14BrHi20Gls6+iOhydfoOAPkprSWJT8k+/bK32CYZENbnhfBKDL4+CDvN+weTbkLzJikf4s0Xd0R0QzB8ahuQDoCx9WPvDBwc8TYRjp7WxOBTGSPLqn0lczZEl5ulGB+Xml8NqjP/XPsswKphiYZLm8hkpiY8kb0lhvJikpBzih9Gh5mVL2AOE4oGg2Kof6iy1z/Omc0Cg6DTlWOYsJc3txIR4YR1X3J3pP2BO+rOnNbWPkIZUaI1Y/VdRwUmmsFWvEFWYfNOvEd7iwRd0BJBgRARyGY9rrETWxBqQpf9JYciQ2bEGFLXalkULQaCLFDnRy+SFcwFHWDFPZ5SgzwRMAwWbuTWGTyBN7IQEwZTZ6LQgup0eg+kbDTqGp/WPxj3F5SVKVmnbUSBGDOrJkKRTE50HiygJAjZHuCkWy7mEzY3NYvHgsHERbQjMiXxVV01abkVF+pxGw4FcdQAWXw3KfBkVis2f1kyb34UKs6FTjGDKs1gSkugHnCyVYcCJG1bPwWkcDQkMc6DI3KjGE6RBH7gfe5TeW0lGYSze2ySJfO0LMqWHkjUIEK5cxdye+8jHYRkZTchN9CBeWKgUGGJLTRHG6GlXr2wa3IReZ8XK4yWIEjoN0IwEEPrNMy3/V9HI1oVNyTFij655jtutEEX4wbzFBUhllAt5BqRBFuskVhsx2W5xSJi5RHZsW2/ZkpC82Gap0ZRMnVVQ0cZQIIkMHFfYiYIUxbZ4m53FH8WRofXcmzEaVSw1Y7AVBebI2mmUXigthUsFYw8u0Nsc3zPVDWjIzdqFo9VRhKI1RsGE1E3RDQVxmg4mCXbUk3Zco9mIXVcc2OBYpPsQh0H0AdEV3S1tkPmAz7npEs5FW/0lind8wDywEo3g14ldHd2AUagZok0IycF9SBoVRhZSYHex2OdIBsdQRBMtCFlNhINw4nYE4bbwE6xsHZfRTXDBRhk1jhySSTXBH6SBY8SU/1HPVKD2qVcs3uW/ABJkrR3H8A9cqA1i0FwDWhEfTR1fppOHsNsSLQrmpSC79Aa84IrkzCEd+h/hGBxOcQtZFha3fBO/qR2AZB4H1lS5VOXIsON98I/ktSPMXE9XhCZYbJpclNH/+QYY4gz+tA58KGV/8CZPACGHNKDKJKYE+QlmtslwIMVDTIeiuVBLrJNREID7MYRQIBjgUMh51SIcoqLxICDofN1FkWVmGaPkpQRyYFN1dJba0Aqdic5M1JJCiWQ2aWK5LdOdpU2tgCAPeiODlQzQqR3oRQobFiBT/Qj5yF1m/EZ6mVo8fYfrvCF1Mc2E/R6z7AlStUVI3kWjXf/ibuAJy+RN8ljhY9olZ06fXBCKLPqN6iRcVJjc6SDFq2Ai3IxRSyKQKFkVf83aMIaLcg0PfyaGWobTRzDke6lg19EiocQjNDoo7C1HhHpU/hyUSGUWTtHKVLyPVqzVv3Rc6sRWl7wekBXeYBHTHUxnQjAHzVVGuLwGczgL2LDpS9xfaGKm/akIUdwQNBKQOYrmfWVml2ZcYp5LKRDYnSlb4Y2Sjq0QUY2GD+qi1fXdfv5RcrAXqhGOX2IGU37k3QnGafCoRXxLw51IEz7pfAAKNlUhfcAW7MRcBQnnHawUqFSUnzziUP6OiI2LbJ3VVqiO7zGq9eAjOumZeaQLr7z/C79oSKF5x4cc4UDwkaouCdkZBnFUHXMpSFHeCptpkX9ApStdJmM1isPkyLRwqYi6oGc00Y9cU7BgBbGmCXpAjgxmnhwyx0NcyoUe0FNSmkD9in3e6c4NxpPijplOYaMQAEftByfyolWlXDIK4+H9J+flDyD513k+BfEh6qmky4hcnEHxaaQNnsIhURkxmeYV36V6lL4piAQVRzNW5Fkw3uoojliY1QkVnkH65YV9mH2+T/r5DP7tIrtYyaOaXazqS0Zt6l/6ECs13M5EW+TMkgUZzsv8TXpQW5jUHXcIyU7pJPwZ1cby5MJtqkFtJEUFDz8lHaKu5oZ9BqdQk3mxOJbKHcnKDdiIio3Zllm8+p1grAXcvSdwZoxDzhtSgGgo8itWDZTGvc5MeIvOdNO2II5A7ENLhpeZ/56pjVJeIiXJXNmgge5GU6VN7JUqeGjWKk2ENY2FW+jEdPlr4ADNj7IlPJreizGTb2CfmjIYNB5q6wRIpb6TcUSctMArEapg42BeDV6WANDJt7DFGaZI7bqJqJRbZgjrN86QxRjvL17kKyob0JJZ/X2vqKST/R1hf8AgyJpeSCjaCTbAc3iqVOTG+Urca/mV9NIHj7Fq+2rgXroPFc0WSgYK1LpMVJCr7zATXwKjRECSXpEHYFRodsHFxmbeewrNYclvgeTEo73PcuZjl1jjxX0c+G2Ia8SVoBiQABXGOVQuTTWw6bSlKEFnMXlMY4AoqbaKh9puguzvzHJN5dmlwv8UqpvomkqMidTmp8c5i9fdbNJs7+E9SAMEZUZxJsHJh3L8VenAB7C82zBl4tA0XkpK8USgyw9jopS9b8xVWE/6VZohja4kD4XEqgb60mQeavGFoR9xx6WuWoFMhdeBjdkQFiwGkL+YEw+7k0GCzffsnYqeLDjJbGbImRWSyw+BMAG1LNZsKxj/mAfbaZYgD+a4WSne7plpjYwW6cxA0ITuRSGBnpFtkGuNHz1NRgxiIhVnm8iQJgDsg8CaaXPYo6ze3fXdhKOOifmsJ5DJp6XukJhMkpYc4o6BKS7iyD95zvW48FLeXO+UBwH4WoE6b4w88eu0j2bMLrLalNwKHvj/3pu+2Ae1xGyKIdGS/g7DoSv4vmeHYNuIGkb20m27EJU2IRrBvdAkvefkvNGx8gu09dDWlPIQgbA+IdfyvhhrHlDSaA7o2SJmvRPN1SiYqBK+sRtAf7AQzkWSgd9OnDFlHl6OepdmoGpIZ1PXfsSjfeDeGY8tzYT2/V1+GGZmnta8Oa9m7diRZMUqKRDphoQK/4NXwuG/eEQAkU70rK49/eCAqc+AQZ87+47xGszBQC1JPbGvepZILkgu/dg4Qd9FZ1uueKeUYuxysCcWwXQZe4aioYTgnpnKaKtouitX6HXeadaXYOUmV15AgoSjFh9uME43qc5FN/HjmHIfA+1I/3fMVU/1WFCk1+gT4q5FDFrJ5k1cyD203jyJIHIIE0Pv483IdY4efjax7FDb4iZUX5NslvYEiBKjfpBSKTMPSsBqz8EPBSvSLZUsrBxTNXIvruzj1BbSVafcvgrvEgqeQ3PxuTAFHZdHUk/M8mklMxWx3gLR3vVl0WCca3HlW1RsIPJGxzUnLfkIZC3Nv07H8haw2rDwEuGctGpmWC1oqPBTsgkFyyQTSUTVb5/e+gYa1jmQgwCF9W0QUzGdTg6EAKvgA2myc0lRE1GeKPldv7rYmnBJf//yn/oesMzhe7rh/F1dqVXyXqqG8zkUjShTgbvLG+bhATMVsIGtnYKHcP9zNbEcsDXGhrtsLt7xnFCIqmNSB3B6C/pU0v4t4fDMIruiBDNjkSyq3cWMM5tR1WS02w5DkWbMtERkt5F32g4Nk2vl7JJsZL86kRQjHcaJdUcX0rJy2FRlMNLK3DtGMwMjllEBgPr2MKNIJoJOCxPPsrM54RO+K4GcdvUYIw01Tnkjmg4CqfN99ZVtuEAc2JXdhIkpEupgDGNLqICQzEoYCV/sd0hf8f4dxVSVjqd11zBJjS0XBIlL7wCJNNyZUOom8oMQK/w6Btr+DJSEFX6B+LjFtJcHTunuBzYNlcAZk5/2IwpNhRv+y9aWLA9fhXasiHtCs470rLsy8SM6j1j/CgdHbmBBu6IOrm1vJmjcFUSZqnCNtB2Wp64+ZSURe9FelQjgkFnWKFFc0fRaRpCR83CrXYkyugxTUqV3eS1WGwdfT8d/n5FoxGhwVMpK3cjyza9LMsy906xpQEp27iKIWKkbDzEEaYi7DS+bAMhSFVGI1Tn1dAQ9wmF34QqZDefo/HiPbIgYH7lZ/ZbnMhjNYcVvrG5KuCG5GEfCYgnFs3IX56StNlD4uWat5Fup0myo86lL8jnAGYpkfXiiwAuNGdIeB4bimdq9et7C4mVNhdj83E2gRlDeKC3AqKWxRxdoAwAKXM5dt+khkHkFZk6poWjZsp0Oe9iEQ0lteFjX/7rPZwXVrlrHyDPeuHzU7FxSXRX4+DTf97VlGUkSE6ZkDvesax+G+gxHArVuIaORYvz05jBI6CqXY8tbIgP+6Tni0a9NhlKPvaqPcmggY2j4NP/Z0P/rKIFoi9Q2Xw76i4CSX/jL53QkmF4E3Mmmdv+wMTa7NkJIfMFsaNv40ZKvQNBwdjrI0VpYqVVV7dX4ALOZZNv+6uVH3Zyg2zDg/8TSzaomQAAAcEAAAAUC7hREOPCAQAAEDhAQ0NBhxYoKDRYEwEejAoEHKApQ0FBASQAiT57U6DDiw4YHCZoUKOCdwAcsCQhUoCDNP58/gQb1WRKBwIQePVqcSVGn0ogJW/9aBOkwacWkBGcq4DNVIESqFgXkLOgxLNaoDu9AzKl0YsiSZFUq8OpQ5keKHpkilSpW6VeRAoo2zWowpcWqfcd+FDt16sq5TbfmhAsg4cDDf7sSrEy4AR8+MNdePHB5JNOUh9mC1LjSKli9N3FW5Pq1YuDCihnmZl0xIQI+fnVT5dNgHuvdk/tWjCybKUKNc0WulUsg9Oy5VTtSnRja8MmGm2UTAD+zcvSXDgNXffBbpdLHuAfmPAu8rU6vBedfzC248N+oZPMbLyus9suMvPe8iyg06kwzUCnQwGopsaQ8QiCx5C56j8LYkhNgHs8OGo69+ARcaTcMUeNKNfPK2s3/Ooqm8mq4mlDry6N5GjhIufVmMkqoH4O6zKrVkINoJbzWOq6ujPZiUrEl6dKRLqwOuvBB50zU0bmKvKrKyNYeQ1C7KZdMCiK8GuIDtq78EIiPhATobEjw4DLysBqHTG6+/6DUqaB35JzpPvwaxJM6KVvr7qLjGPqrLjUBmOeDB0+6wy7mTgrMNtzyc8grtYpCzkk8XXprodNObdRSozIj4LJV/byNth7D04/WjPgEa7OCoDuSptUIcymlEzF0rdVCZ6WNq5JOZbQ1jWYTrSpEOyyvRUuJvbVA0Ub0dC0j02qwVOayTbSviJA00zRqz83JTjfHeivYk3REEiSPHrtK/zwToSJVT1dtpSw5ag/jKimMCENNARTYMAPIh/9BryAeoUUWPaWg4s7P8hq1kVK0OlKLMtaiQghB6pwy7USU6IKPP4NOFnfemZXalDCFGnqgoZJZRoysxEa7tUuYo9pzrca27LHnZx30DiXUsLzZvCgnGvllixJ6z+S79DMx2u4Q0LhYn/n7Lzc85T2YWboc7euo/maKestPZTZWrgYJTKq8ryl7tzuFnqPouqEPCvttFTUW8yMrcTp4SrCsXly7tzPTaDmCkGxPXrYr04tQ/lhOeuyW+Zv23LtiFDxUAHzzV2DBRAaM5U7plaks6aIsVswWtzPMq3CFpRnT7Igel/9fx0L6OvOSIH6YdUoJtAujwyxk109gEd1qdvnkM01BJz1lSXCSWv7Szz13vgullVSbFWFPz8v0M/yYZfc6yBUT0EE7q75ZgQ+KcxEtjc5cbOtKXFKFLvil6mVH+kgp2FMSWJUKOxw5S+oww6WYXE8xVRpYU9AmPuklC0BHq47YHrKv+DTOgQQDmJPQZRKkcUVMB+tc+j7IIcaNhFm7sdAKV+g6AiZLW5DyyDsY1z6LnOlgMWzPtgwoK+0lB1YgieCTPvaxqlVHZQmB1X0c8gDiCQY7OfRYEE0iE8XRTF3wEw9L2JekL75wKSpEUbloFhY0GVBxiIpI4BIFGPAZ5A7sEGgekEBWo8ydMXcDmd3OviWzbJlPNEd7H5dwxxtKwkxs2KlbHS8lPIUJZmpEaoptwlZAWdmIDx+AE5XYl5f7rMuR5DnLIhFYq/3JEnMiy8r6GOcg7BDrfqZz03z2WBh8uWVDLcHOBEdCFyQWkDX4kgjpXBYr8VmvdrwhVqqSJi9i3iVftVqNgJaJGLA4524nGZymBJLKE3myWEvrEd+apDCE/DFcoQEPnLLGl1sOxi7cO1/8WIYgxoSEbKR8QHWM87OafCUpP+yQ2r7CI7hFr2nt4hDtoKaXFa4GS6jx5R0fdyUO2Udm7zmHJQ7/+aMexhFq2IqIhHwTLCE6S0obGmXwPpgt1YyHgRgKE0k2YzaPCVI7cTwjHuGzNLptxJkFyalUmMI30eGmmlYREX4kk5zH9MkoJXnMATzQAIVYSkzi6cyWfkrKQYL0RKisZ9PsGVdtOWQrHI0NLmnVFhdxR4Gr9A4dvfK1rr4shmkMHqNSdAD9DXF4gARhRkTaEswZSoEpcpWJsOlItcCpK9whFjfJcyLFOXGJmvHKPNaUFABiSDV4QlRko1jOvbCrsKJ5mrnygxQTlQRQv6HWbJbUv67YVAAoCJ7WTKKvw0x2Q4dFAQRIEVOh/DaVUezRdLMDwHg9pU8HWWaSslkl/9S87W4Wk0trEbY5mAGIlto5E1tAkxeWGnedBZpaRtqUMBFCkS11yVjkIDdMkdLlwCs0EskG6zaNgGfCT6SXhYsXn97pSiFwMW8WP9e0aWUHSQ1uZEZQec0LBy1hgvUm7abENan0TEJs2449L9xQlHzVJWLDJ0tl48GlNGSqzyOLXoqCLasgM2BkhY+/FpwVlJmMiCcNZYLG1c6JAOtCXiKfjVAWMNqYb4/sKmVFa2PH3AzHmCy709XgrErfMth8nQOt+Kb2njtgJTS3paiAEcMsOLUTqA5hgyG1G5QzGowhI6pRTLh5r45xGH2Pc5WKW3u256hZSsuZmV5rBE4b4f+xsKzRkJyJ6B0Ktpi0GXGgrSKjzyx250710WAGw1LaKsnkyCkBY7HIu6KTvGNSVbrDByTDQ0yJeIxD/Jk2G6iAQLl6YFCSbkTrAuOyVio13Ntqz857kMdMUIPCotaGmwJVOU+Ikb9iHUoUmJhXSzCFuWkAGVB92DgfpIqfBPb4QntZqBkoMZIK1pa9q9Ox2WxmGXRIcZ8nmKJJZzWd7V37ettUXyFMRV+up3FI+2baJik71qZoSSqBh0QHBSUWvc18xno3H4vFyYTea1RWa6StjM1xwaIkgc7Sq3ae7LVqLd1cbmLl4Jy4ZyapXoIJWD9dCvYoWuORZiF5ES9qjFT/KBiPepd6kr6ebsjaWiyT/tJqqu6mq2QgDlEIY6HtAZEq98udhNCt1Kpo9s7avIOICPbHS9WnLIV2zedEMpyxsZ3cBPVsYFfI3pvVTlNcpAqR/c2WTBvWOTc1ISchh3AgmlwkmB9yTtRe8bo3CGcFmWxqS7fswrd4da3RKNqnImTwuBx0Wcu8nrjGY5ay/W/Bs7kAizY+FtV5nwxNy15ZYoJzrFzRhmn2bfzWGmS+lbRnZ221DEubXCOIm8ZMTfiXAloaZl5fYGIKAQIDf1HqhsTB8rznPi3mVLtHM2vroEyWxf/mAq0awCWeLVLeToT4jTycIpJ8jiQg5SHqws90/8LjgGfk4ItaPsC40M3sNo/uBmyFRuOafOnRGEp3JuhQ7qjigOmPQEKJ9MIjIGU59q57jAO/hCeqLkrh9CWGkmm04ijCRs78pueSdGWdJitaLo6OUiL3JOjBmOrgwEfdWIcJn4z/euwwkMh0VIsgPC1RYI5/RkJjnKlScG1VlKS2qLBDJnAg4CBHCiICfekQ+oD6gIJlruqZJIhYKIL3PkdLhiPrQIkl4MKL1oc2qqsv/IbMtEp3QmIMrU+AhIkwKGzbDuPUagOsMCVaFEe86mWkguNu6m/ywIJuSKbS1uo2UANH5kfU9ONnokxWdGvnDEJN2MODzq1t4imeGCeYNv/i7TBnscjLdPQqj4SoljYpn4YEK0QHM7RsaIZIa8zIY7pELdLkAz4xEeNmMpQrCnOMsubl+i6u/zoEwQav58Qt+DqjNBrO30qvk+ZtmjYsmYoHD40lHNuvXEIKZ66JVDQLbV5vIECnZQSAzVKRwNKtMaKpwyqlJfpJaUjHtu7ADFTODn2idETireLl1UBKrDLuakZsWApDZHRk4mDCr2KJwwbwBQljjcjrAwuIf4Clo66G4aCPJm1Chd4KHOnu2U4l55xi7zwuDvlpbaDQz6BDVmwNJ+el1sxw8NhKxhpQ5O7j3ArLBLWiAB1rCKeNXPylxhTKNJbjjQzvNraj/Yb/yjj47Dwi8P8McXS25OwYsCrpwmamabeeEoFIJpOSgyNYqDEUgxNh6XSErICuAgD9qSMsZ02AS2MU7yJso/1wcaWEpX+EjEIEYLYoRXtIJZ1WqUWyaKFIcC1b4yBYkedIZ5woaCWMyCEs8g5XpiSPRmaQLEnab/OqojJKhqt+LOC0rq0YyvIw5AIX5SThRxbFJXP4RqRsRi/yw7Iuy8YE0dbqQ6FsEwRBRirU6Tj5bWVm4/nGqnOk7IJYL5qUaSbuEojmA3n+jDQ478KIikeEa1E6zj/25SxKis0y7Yb6LEL6UzbeR6m2s1qgqi3pAvAm7H4sJCeerrtuygi/EcWy/4McYa0BaqIDa6lAriJvGjCPxkNGTrAJ3eURFaWBFAJHJspNai9ZxsK87K5Ew9FZFMWiKEY8kUvkSsJoEJJobHM31uibCM3OPMRC62LDltIqEAQlXvMnWOcz4kPwsOnBXDKs8AwxoBTaphJLPrIp6+K+rFSdwAV5AKYX78C5+Oomqqkgu/IVZSZUQC6UQi1P5pORZs1lrnIkJ6sNlwhaDGqJFmQoAYW2aJOpvLGndCVJRSVu1vFsBMzp4mykymhAXW0jBbA58Oc4DXMvVmVXVhM8nkIllvJ+foXcKibXHK5O4QyDshFGheYFcSzV6MSNWoZUZtLwBk6ltuaERKw9oP/xK/JjN0lIAAKMU1xl2ngNszrUkY4UqGiQ8WwEJGyqSfIy07zsPlkvuswyXCKo8Wy1Ke7gDpb0IjFkKbdq2GZHCCuz9PxzwCBx8RoD68gIVyX1YHoOvyg1yryxZERlfUjCZlrOx/Kif/4iPWplJPSw/r7QN7tJmahuvPoszIglLVBoPFfvUfHpzeTknMhqMhSgFIrj6XLwiUTOI66uP5NmJCzIoJyqAsWmLfqUUUGQRfLonuInfDrFy1RpLDytYIKzZk9psY5RTNYj7TDUSAbQgWqsN4lHs2Yzw7YtM0BCjtgT/WRPfwpHU1c2SzARCXXmytwJc0anxlJNOWVoIRj/jw81Rn8mglbpbjgko4YIkj+0piocJlzbowyxClMKRmoJpLmKRZEetSnMR92Si0Ml6w+DsdykYiS6EsdoQprYJ5ZOVVEejQnZhVTS0y8IYDjUDi8zDSI48CNNhcHmiTCYsXJWJRaFR+ouhFd8FgCS7vnoUV4iULi26o8q1XVbJZsCLTO6hZG+xkuBb1xHY2VcDU5i5iN2K1uSojUJxldI9xUjDkBj9kBuSvtwxy81b9QKE4hQBjqOoiODCleupGIWKHUJxUcP4DeqZnLDEc5kkDGl0HEQJQX96k618YxQKzy0hDoK8o/wVbBMoldtzASdNAMVt3vr8mLCdSjwJHj9/0rCAqnzTvBLSkTkHpOqhIsrfC8EO2pZz0da1sm8qtP0iEgoac34JAbQPPLCNof3bnOk3vZBye60No/GmoOdDEttAWlQVAJsp3E8r2hJck/zWgnsGi4gzc+nZmY9KbHz+m4lJqgbvy7MXoZu+GIjkisHPYLCtOzgSlday+7Cokx1gyguHsQWs5Npv+JtKOc0Qrb4Vsqp7idJf7O+4sajFLcl+3UZueP4BBc2aLRbuAydYDR09sxVq4TMeBOFjhGu/kw0OPQb1QYmuq0/OodwEgXR7DY+6nVs1GQhfggXK0aBgSqNzjIztMRU8IiIm+NTH8LEoNPcpsSgtG1WbLdE0bNqUsbMJmtJgV5UUg743T4xSjcohTPUOQwxK4c5VgigKw+lDVOZeMAFbh/4JZSoJW1yTvmPu/5CRywqUukmVpN12Uz05YC4SmPPLFWKKQ1kqGitSHmXO2+mKH5lkaKmay5iWPl0ZpEDcJk3j0G1g/j3PCmjb2WFxaAooDVOzFz3szLu116HUpQLS2k5iBdqXG7mlmhKc+oJ8DBG14iYLBWEJK4UEfeS4KRkdzzUfMGCRtACpv8auEhjcD90OFJ1iiG9aVlvpDO49VJsCCWs2OaKcYguFthwR8vQlDH3iF9+qY3Q4zdur550JE/j9kvb2XHiC3BSpNfQWaPZ5nvKkVNNcXyNSaQsNGpvUv8A4C5fUFx0uiSIA3bZQ/BmQy/sRGR+Vc0wcTvKY0NPbI1RqCRwBFHGAnR1iR1xsBwdUnc/AhvrYpT7+cLcFqjsDjD4oga3Jld1CX8wwkhwZB4SWmWGZIvCDDDBE+DQAhzh5L8AdzChBhrfDMZ06z92UiDequfKCdzoD2sQ9VK1TKcfj87068O+Vt868PjkpW4b+GIGAoLK8aVDR4da+9ZqDTETtcdUrdr/IJJMeNODlQZvhURhpXtWAJOS5LKpCI5y1CtHuYeEDWKZAJt/5wms0CQmeGyYIhQxsIVbSwq+Fu3LdMuwWSOpTE/+ZFBTXk3rDBpS1GxcyTtZt9LG3reIYa9XT4osNmOqQNeTIrjc5I+U0pnpjI3dVElF1PdjxgO5pjGzitcAC4xjkqW29JivlOu6GfAhANtRnAxXNCZQhoZYWof4tkpMYCSNoEK1R2jXujeGZDx0VkZA7ivb/MqURXhs1iiW9yEPGtiBrS9pWZKAL6y7AiuRPYqN+XuNIMScLZy2aipbQueuXTtYnm+l1o9p8i+nBNR8KjvVZitOfhfPZ2KuHwoA/zoj0EdGZm+mzu8ai20syZ/IGiVsV+5Ev9xumgIjR4GlN0ESDJPkzhspswhLIo6iomu6gKLi+XS6nO+RDUenjyB2osUvRV2YyUplaSqkrrkDOhJRK1yuIIhULUlONwcb5BzoLZQK6EyqbhT7/IRFovOyup5G5zYF77TiZuOOcilzj1sm3iY7ZFUdzgTtT8cLJRoADkUFQbHGcuDwsK8XY1BCbdWHMaevyyMmPNI7NYJpxDDN/P5t0rgNwslTP9RCuKa4m0wGAZKqaS3aRFLUZ/3FRODp3TqUWtSi4jKp//bwAVvaO7a1nx+MjSbca8FiOAKIwQoNUWJnkKynqK4GP/+VDM0qwg+c6hItVZcENJREhK2nNZQuXvh0I3ocGyPSlABzI8i3+3XGjeij00Dtj9wLTVLcF36B6vHwd5JOBF6n1ZfQdiCrvlzA5bnEJdZqdSR/D4TYTiSILTQZHqgpJcr4CatDJGOZpP1iB6p0EWbVWr0F4uQVcX1LSFAWlWoNAgXq0N7/dVGi6l0TZTKm4gM8gH2tdO5u2XUxh++2N8LXxqsV61WtVxIJyruVpoM53Yw5b2+Ls3e60Dw+z3QlokY8LWr66h0xCWQe7DYhFMhcZjoyBPPkxULUWOYc+uBWlMwjfMFWlkKFmGjgzZZZ8qJAky2IM/HWcbMVfxqxVT//Ugf0LRrLkSqsfoj3YC+lQlYT4fQ9zEJsWluR6JV2egZWlmksgBX9XC/tYfE9BscL16PxosVgAEKAAgAAEBAAMJCgQoICDhxYqFABgQMCICYkeOAgQYkPIzJUULHBvIoQSw50uHHiwTsHBTTUqNDlQooJG1KUCRJlyZIZGQJwqSAhx40A+DQ4Z+6f0qVMmzptuhMjgYtRESpEIIDAnQZ8Yiq4o9ChS4cHuhKFmPFORQFqXaqtKvViwokgFaQlSECrzZ9vF04EoDWm1YogSTJ8OJCwx4aGAehs7DHxQKpWE+ocjPlixsloaUK2CHchW7SApYbm+3ktwbeB+U4UGNUl/+TLok8zfCvwMmWqFAF3vPx6IeWShlWSHG6bb0S3Hh1PVd187M/ZiPE+rPjXb2+I2RW+Ntrc+WbhlSGuTQ12s+zDXg1zTjwTJk/5PkFOL9vg51n9O9VbPw8RWDvVJJRV1k1lXYLebbefaOv1tGBtAX5gFlyv2RcfhrsRt9xLaiX0wFx6FVUhcsFFWBlj8c3UUYTwqUSVbBB+RgACd0CQx1M67riUTFYx6JNOnPkmX0POOQdUVTEa6JNRY7WYm0ZsNSYQSZ9NJ5iCjx1mpXkEecCHW/IRWJJaEPJn137dFVQRVlk61mJM71xpmklCrvljS0iut1ZfeMI3I24CZceZTP8v/UQbomdZJiV57xH6I3kuzfMBigYiEB55iLp3okFv9XTSSjtB2tOMPr1pIHTmSfZRhGypFFuLeMKJ0JlDcjknovQJxFVFTh7HpJtCNdZWYxfBGhVlhzIJwIe1KcAVkjW9ZNRIhC3b6lkQ2kdYd7D9VFOcp6JF31mwvcesflSBhKkCfGAKrgAP8PHASHdsqSlkhvnY05SWAYnltzyVdZFbgxYpYIOZNiswnTv52+xHhPLR4h08XvzUVZoWhiqeAEaV3ZTLOSYXRp4t2BhKiiGkUaLXmhtTX59RjGBOiK2MIr0xqQfZSeL6tpBB88G3M9CO1nkkf+OGheCKLBKpdIP/mnVEF2QUt5iodhahl9XPoHF4apru9UzemV8nq6l+PiqarnkCOuRzlYheZ6ZGiVk5kEpgiaxdbhGjjRzgaUvqmGw+8ycAvCN3qLWCUo13JtnTER3XWmbj/NOsYcXJN5pUwmnUXC1aBixcWyo7T6+dW7p1asSx1hGjcT3cJdNHmi26gwJ3BnRxZVlF85SfAXcy08VJHhMEZmDMfI/CWUmSzIPGOZDiJ432pEct1WT70manC2HkH9EW3EQdDV9daDMO1dyfRA231+DVex3187+D3WrkBTqt0L1e3x+uh3xvNCia2tcoxzKqoaQtSnsNTdYEqySJhSVXGpTiwDUfr9yH/yDtYoiqkhY/85BkOwSiU4xY0r0GNIB+HnQYTv5yK4nBZC/Q2Z1VzDRCKCmNctUzi6cqghIPNAB2EoqNfg6AIQzm7XtJ21zMqGQXmEAoLywjwLU4spIKds0kBKGZyZi1Lj58gF2pwiBQhuKen1ywINrSU9aW1sRvbStkgTtMufiDEmRVBVt4KtVB2Me25TCoVN0zWrMOgYfmNY9N3PsXECmSsEwlsX4DUheWvtggAkaFiemy4cCyp8Ep4XBdyDsa0mDTGBgODiOqQYkraQKRB1RkTgXingaRFqgsYU9m/eIkfEjiLToBU4dLEoy/PGlKWlVlgjUqCQL4gKG7RERDm/98TiGpUjUD7c85SfzLoZZlqJjITSXXQVBefvMQAZ3rShdCn2gmc5zE1Y5JKEHX+87mJY5tzEC9QeJGUjkRo1SISwWL5IHWYhd9JYdDeSzeciapsI+UTm7xGWHTRrVGeG2oJBeyCowOuDjrlOiI9PlLXg63TCmtzkELjZiR8PmwhdDLJYpcpAaHUzBIYfCfsutJOwcixnngM3KCmh7mNvKYPgmgWnaiH/u+o1CS/lOVWZoXK91GnIH4gYP7eeNMXPi0JTouVudDVWj0dbCsoulH50udffBUN6OskDwe66obH+ItjTGrYeOiI2xOhEknMow737tcX2Zilm09UXM7Uef/2sDlzZ/lBIhj60jodpeTO3I0Ts2MZVe2hZ3rFLOaRLkcbBhYG1Ct7rAUA9a+1EIok7ZMs99a16z6+RCjKFA/Gl2lEl+6nDXGESRmEhdw2zgq43LSq3CpEpn6JbO2HBZp8bqkThFyKMVmsqbMw653pTLdqMCrIdFqYlRm+iHYmEo7VgRA6gZ6G7MeQIif7U1DgsLOA0z3c1er7mhj9tGB0SqcMYRpyVYmgHdAczSy5Iz4TBcYyt6mlf4kiyYl6l2vwk00fACP28imz+ngjWxYKbBBCatNR/lObSjDi0HXFVNL+bEzqinwuFTmJf50dDrSzeZmqbuw1/joqBl55DDp/8hGjzzzifP8T7Ve8p7oPfafXRrSG4mLUOZIrawtJaBJy+o+Ju42ooWrE56omkHwChOACrPPeIpWsjfvVUAn3RcS4ZfcrMAufU9rFU6vpCHZ3OFGy+PuxYD1gZHsDK+jO26oKjlY2ky5zKus0pct9xs9pUSHi9l04zq9EA+AqWyx8yZo6hibhPQ2k8jMsZIGZMP7ihDVRiWICrnMpCjarp7LSkx3bGvfhno6Ni+LX0XCGzTDJPq7tfoZeEpXJ7kVmSUAQ5tv66IQ1TmI2oENJTCPFjjtdhuy58tVS7nopvflMDJymrQ461Qsai9V3HVLmlHesbjEXEYn0+7OfiEa0jgE9ixQxiL3RaOpEc3VVmDKkg3EduImCFXqwzBtIhI/dsv/2Exd2KKkfoorWOGcCJy56905zJBIQ//ziE0AyJWc31nKGu9rysOqG28uTmNIp4tbXJxleUWo8Rxac3OSRjGzDeRNn83jAZm7oFwMI2f1wjIhCr6dkdXm0O0UdirRuvQ/WeRm4zqsiO92L9MbEiZZnbgkOktwgkXS5BWjy3rqtVtM7cMtCJn7SIGjGFFE+TledaVKkZP6lCQdydHcTaBdotTzpEsjBhFwo85RC1j+hRm8dHBrRaSoJEs7dGoaDNb7Is56kAVRd4sGtTa5m+Wp7CST2JCIea04F/dG9/AA8SDzbQCGEvxP4ZJMbsT/j1QubFjFD8armpvWL0PMpFfx2ZA51qQCzmEClV8MfzixSNJ9oxirSr3/VkWaC0yjBJqVAjjTqwmn2rANR9+ikDLe+plFzWubCwrNvEWODdNP0zmMlynp5UGbZCWS9zT1ZB79xHt2c1zJ8SpGcl0fNm1y5DUFd2OzpTAIFRbQ5n3lIjtAEUKEFyewFFU7ZUmqcW9kgRocdz7FwUrwA1sSyEIs1h8/s2oF0YAmQU7hYVXCIRIoxnu9cRG9Uio1hEIr0mumoTK/ZD4lwRXttWKq9Fjr4XGqhG8AIH5jQR/T4lKKs3+tFloZx1WUJCT9MxsacVh2cR38IYB29GNz8xOpg29sYRQe0IaIE16nZT8VoyrnkAY5on07Ek/aJHgmk0bXxk7lw36gMlZw/4JKLAYSQuYjDacepYI16DQa2ZEd/WJWajJ9XAQ0v4Y56bYwKJMYWXhP8PQppcAH9gI1lCFu2JYX0/UYb1Nt7+SIrzZgi0JRVlhEQPV/0LdurtIu3xJ+UPc5qUMkdcQo0Ldjz8J5Y0cUv9Y3gYZ4hhJi3uRAY/JF8yZ7JcZPzyFWLzWBZUgu0Mc2iTMyRUY0jPVcFxhinJNmspdBJ+UTPSiKw1SNN+FScIEcOgFDj8UbdkcrIxIdZIZSCyIftqJUmwUjUNdn7bd6LOZ5/ZggQjYuskgRwqYAg3hoF/GDgmErGgSGXfF0yHZW3GFCegMZ4eWOK+lbqzEg4RM7RTFEu/8jjkTDSdYIRhZXMmfzX4ZiMA25g93DXJh1SYKBeVXRFjOmVvXHaQVzEerUcooxQG3THlRxWCDXgjdlFSOZL+ylRACwbCHRYdgmfSipR0mTNYAVNU94T2c1aTAGkC1VIPuXJ+RybuKka93jK99TN3szGNBxLJDUGCgwiZbVAKqYagMSMtGIf0sJfzGSEIfFN9MzVHdkMGRyEQbxaCRZgrR1HrLDRahmky2kMqH1R9Q4YGJRFJykEOcgiCCpI3rFNPhleq1WSHLGfsyBlRdlehLiU5kGQWUBeJBXQwmynLJYJHiFgQV4dDb2Dh8QnYC5VA2wiaOTIXniM1IISf2RiBH/8mUzhDIEaEhwCZu0I284JVj8pkDrgZp3lBjtohUUUhRJaEtUBh39hxZ/dopPBIkhFiZmVZDS6TGZKUWcJUB0ExF7M4Yo0kypeJFvdoZeKH8XZiSK4XahMh6ollIIBDfZKVTYAiU4UYV1hij2FE24BkdyRioOhY0auDo00lsFKToFWiWU4kMmFGOZol1ilhULiDWcGX3IlhZjeC1rZyJ0cwcsYJs8UnBmMzFBOIawcjdA1lhNthDFBSijQ0XcQR/TBRI6ihedyJ0HCSWpJz2AlECfNUOp8XTHuFNUMn+XpCLyAl8QiIx7NJmAmUSFiCr0l05ppCxLRJ/hEZTYlaRN/5QmPtke6RY+jUJ93GOKMRg/McKAurIqCWRIL7VeE+Z9UCKXKPZnjFio1Oc+/5SVxNFBQyJHUniXzYVKXjlZlHZL+vIWprmXfMFcYPNIWMVYOqc9H6AWlwp1LXEZ33JB13kqwXSswLKpymQYn9JPyYo/K+IQMFEwRwJKmWeaHlhAuiguA0GbUbojWiichQR+7pUfomhjHaWWVueJbEpm6udwOHQgZqKoabqAetKt1Pd19uhdL9EispRBScQo8plr6Xgot1IlFDVB2CWCr6Nl3ZM7GlkrqbKep5JUHuF3EymKuUYlDwZzMUGn9RhYwwpPIMNoe5qbR0dYMDsuRhZJpf8achwCokYHEeMFJES4NlR1n8mWLjFKUdtkoXkYf3wJiRnpNRypY1NnOVaUpHSxen/FnbBaeVX2Ui/zVXH4E+CxP5whLKZxYSlCjT97Zxc7OP7BVrwJGOt6tjJnQ8EkViqbeTeCrul6SzIoTndKlWVjpB2HhhJVXL4DjqfycJk3rMS2il06YrRxt2vVZ5NUlcgUmoSzE7SkPrLyMyVZHoUSNvxTJlVIGfXmIgqnP9/EaAqyTYUboZ7asxy0K5LbbvbkEQQ3qsHqJcVZSfAEn8o0OVERSXPEoNSXVlfiLBDhRRjrPlUifGbDRMHxLWKJsZOzrYPVp6GRGH7SqmBrGzT/10Wqs19VUr7syCT91TMmNV3Ct49qYRQtkYXVc2yfQxVkAHeK0ZacJ3s1uKxY+yqd5yJ9BUufaBPnurdPQRKKAyHlGzDiMqnFxJoG5YgOxxUFKhr/8xxQJ1qUtEVZ+n05kSVl2itz5jjsKADvlVkUqahrA5oUi2IuAR7ttHcxizRroiJIqVnm44g3N3okeiDP4x65CH7IcbbZymwFAxmreqmfuFY1cQf4eTsNySA2Fl/cFCu8+UYh83rDtzb7xW0EqyRUsnlOfLIf1KuZBBaQah4/J7J48aehgmU2SCw8+6l01jRoKn1MYhz9NyzuMnEJQhU0454cshYZ9TgCk3Tu/zecNuYhYxEmFFxQx/GCC6ibXSuwvDNgJ/YO+ZGGPRWeKAAACawjDIeUDzRm7LioV4WCn2itA7bK8ERKTMQ3EgFfCySuXmdwmLRFLYx2veu5SgYRy0Y6ixE4zvKz8pEwt2KLs7XHfflFYRpyhIsar/trVPSwyFuHwoKi9SRpTlUer7QfBRexKovDLLqUrnGTMHeE1WcpUDQjSbI0aZJie4FSExgcu6rOnqbKVtHEWQZqomEQPZFexma7Hdh+SUojX5Z2ARtCp8uBVxt9ftkfGkhuzNJ8suZBYuWmfuBCaKWAIJErMTSin/NuqBvPLboofSkWHFF61IpaSaiVjWUG5f9AyhlDZr7Ei71JQnVighUELowXbruiHxFEnOYpw6HjcTLLOjNtPzCxJsOBFX3xdM/auurYILApvpQFovgYHzXjtA9DweVCPCsGgJpc0bFBmLcxoclxafKGJW7WXhZiX/kmVYTVmkZ8WGd4plQrt0YzhvNpRMx2zq75auImkNUh0vw7diljd/siunFL13LIO/AxSbNSO9OSHjSLQCesUVTCHPB4al90mGPnhbn0e9gFT8LUYTkpxmFHi/6UyezWKobzwdCGW/HCBwRw0wrMH3opmqOdedZrQExblmwBXXmx2y8oFs07WAPbfs4YfY42N1zqQs/EdI9WbXYJGMMYE9b/y1Mz/X/AHYcNlaj3N7IQqDJtGDhBS4/LvCz67ERPp2oVol2S0xg/9M9ZYxiY4nakBYesChPgHarPPXqY8atpVrz2p28ZgTvn6D7mBpVsA0/uW+AgehGcCyr25ZUlYW7UgYbLW0erI5XYui2TS5nmBRRfBrnNAcWxlmJEQd4ULSm98X9lqbjdVnqWTdpDajDHAZd7hBvns4e4sUeT+pi97RT+nE+EBYxZqhm8KZkeVV7HQ6w5RhdOQmcHuK0c+S3txL8t3SdRaxuNmnmz7Zw4NsJkVmYvV0eqVdFYdoD9aU4IidfVjYtM7a66KlHFmCmmSKj5SDWvqiR4VsSiuBnFfX2KKX2kDynDJZyaEdKxa9wSjnXEhbGzZafmaGY6Neid/WOlm1W9ClHDtvGMuTl+tSGoaubkO9OFpidGMaHU8JfB6/o85XF8jtF1Sgt8gKE4AoACLtc0xNPKc5k0b8Wgz8FcPBeJmRwy1EqQ2BG2HTZkkMhttSeqtHIH2afk/0wxpYEre6EFG8tm3GiDmZkaJAeBLIj5aJbpEpF1P7uGMApxb6shUFBL2SALL4hpTOtWlQSAb093OSrELag00jGerYxFEg+gX8gkfdxKy/JMa56kmUVdwNNBAFzRqmtx43sVfUOiOfAiNLm0Ech2K4b+lZm8vEyW2FdjfwKawXDEhZJojc9+GOUqWc9TF9+0KjAE8LS7m1inadfGhEOYVgFKEFL8NL6i8aa1cctUs+wTFCIsEN1aGCuFY1qLYd66K4GzZIa95pShl7T8RqolvQk3fVbsFeABHMpaFuK8UAGbECd3At3OFKqd1ilWctki1wuibwO7ewA302E6uM0Ozf/rOSJXf/U3HCc60zYvcxeryr+qjuxO7aj81Lp5T3Z1NmXJZy5rYesqQ2f61eqEFei5s6g8szCQIfKnobFGY7nG8lpknn5hoW2HOZz8/bcMCcWd2tTG7WMWP5Zpk1AtBTlEuIDU12DQ3VxncjJpoU83J5zCs1+IeCutwUnY4b1N00haqj0vZ9WGBCI7h/m5C7QQsmTp5pxvzq0s8tJMm10NuteeLtYRGmV+fCiDdgi1aff/ABACAAwUoEDgAQIDASBUqFCgQgUAEAAQ+IBPQwARIW4kcADjQIYCDnhcmBDAnY8iKTJk2HDkxjsFRT40eICmwo4EH3ZMKJLkx4ERNTr/NCiU4lGCDSMWpDgxowCBRQmiXPiT6FOnFkGafAi05oGhJWOWPNg149mTZilCrboRY0EFLY9GPZpTqV2XVh3q1cjHKUiPIZke1LtxIsqIclf+VNlRIAK6LV+uDbv4YcEGfHp6FJCZj9maQfNmfIkX6tirkUnipWiwoM3KXt++I/juoEmFk0UvdWo0ttvXhWPfXDrQ7m+3a1ueNstWwB0CXFsDxagRatiCdi+zzW1S8cbQR8N+mCeeOmulErvaJFg8OXWXak8nRY3x+3OBMXWXhA+VqU6DYoKOvZOiW+yjoeT7CLp/GnTwQQgjlHDCBhWCjL+kGsrpuOrA07Aw+xL6/646/+aDTzTdFOAjM7X2M47AoARSSTSHqDqRp9gmw49GtYj64KKnotrJo4jQgy8xAoxCyqUk0wOKp+6WHAm/rgY7S8mPXCSIyLcQQs3LFxvi4wELT/ywMt/eUssgBM18b7IpcxTRxKKu2zEltKgrDaHnKIppxc9qbOimlOjMjaSXhvoNSaK6UrTNkoZCTyO5KL2NOu7OEikh1xzC6YCYQBt0q7bOQmgp/TbrycYO6VoJUwBy6rGgMWucyT4uxSRTo79IzTPWXMNkkyFGaXSsNedYXc5PgQgI9S1Bd1oV2EzXyqvHun4yaMXySH3pHDPSoXBccicUoFdbTQVRANtgrf9pyIy0A0o/jwx0krKkrKuvves4TGlftIzsEjbKVMJOAShJ5UO3FREmaSJUz/UOtzbtQuAOkowaETAa72U2x/VMSpBKAFZ0blCa8BIY2I6BUgtgD4sr1mPxzt0NpIeWvdkoBHp6Tz6NhiKpxKSe62mwOGs0cGWkBOBJSE+Drjdj0y5js+U8NabYLNasg3jJRqcSdSEge7bPp/o2HutUhVDzL0Gb/vtIYIrbftvhD5NbytXRjFwY7JBcRtNulzEMs8OB9r3MRkAd3gzbkPj4gM1qRxW67kQ7uqg5jlm7dTqRKrtjmzzKKff0093CDtuIakURR8OPhEhGmI96aVMMXWz/FixsEUd2vaGtotxLnyyHVMHEQfOPuqtPuvZwaAdqF1OohIsxZwKwDxA+GBdqoIGzmhwJNj746NbMRHsM3OmfciqSSwIgRv7JqY2GDLkRKW/+RPamZBUtYqUHSULhTp+8sjw8oYQxmaLU1KCHtaekCk9PUcgDWOexMdGkK/Jjz+Jk9CK19ApLDpFbR4rCpyxlD4DBoxiU7jSXMH1uKQtrgAMworLCzCMzHIuN+/JktO6FhEjEucnb+qSlaqlIKxTk0bPY0inZmGprccmMsw5UEj7Vp3JOuhNywiIrufQJBedAXRnLhRGzjaRYfENOCptYJevwyzxuWuFLFJOdemXP/3EcK5XswAYa3TAFL05ZG1c+WEACGuU6nuody67UMa0IiXd3IRB3wjiceAkHd3bK0KdU9S8jzehQanKbx/AokgbYRm50lMhAzOapMK7GJjqcx7nKch6b/GmHg2ojAL5HkRVBaWjYs9XeXhQRqvQyetba42hkxhkyKaRdicnZT/ZzgA9AkGMM+d7+gkYz67zwf6RyT+wcWSC+RE1GBgQhsAwZRWoV5zW4uUntmqlNZnXFLxYCkpSIM52w/OWVSGMMqlZCsftgBzom2lil8oNAd17xKPTC54fucAgzZnRCZ0FXQxQnPPUAsEkxuiHBNiXBPpZqewtpJIlY6bxPxTNPzv/6z+1w9ZFemeVLiCIYUBAApFNVCTCOUkoSsUXTEMWmMkuznkKz9UJt8ZJ31SJMTONDwX8272v/quZY3NM6P7RpUZ2EoVh14hA9as9bI3XMsBoptLhxTS8J211M6bIhELFNgB+hzZvaB9KmEGqEOtndYKaHFkr1xD2O+eAfYxQWvfqRLbqxqZ/0xKUDPECLH5KJy7YjGlvKhi746VSRnLLKmoy0NTsUwIrewyTR8cED/fScYsIiFUeqECjf6ZQVz+nSWNWNLok1jrPMoFHkQkhUxK2qVWnWya+IaZcl6yTx+LjIhdGuWbiRjM/wxlJrtZRaS8rUf9jpMtswipMtI8D/rlr5Wh1hi11dcS+/7rjKvfgspUxqmXkF8ACrNHdQAPPqdDzaFcXxkZfoYU9qfdWcjg72dvV51CKNcljKMuZYJ6pSS+xCr7q1jbGoed9Vnku//gxkRUMbHGFH5amWWad5cANRbTbYo8T8FTD99BWMKcm+0QYudsXLj8DU0jU8JeaE1kznQtKyEqGWrBQ1xgpXq4pHD6Hrdk5LC2oxop9qktC536wOXrbVAIo5eJSfYspYFZJcODfINZDFjaTitiUReZePWuLJWJ7IPPmI93/26o+MaTfTjF2GsqtiS1tt9iuHAEohrsXn/uSynxLzE7Z9s8qxhFYZ/CCmpNkLSe08/xck7QaXRYtjrCI3FUfOzqolt5VrSu9HoriVEk4ZI2uUFGwi/rKEMT9rUZJ2VESwkfVOYT7OeY3FmSIh67F7IVRbKEWmWg0FAT8i5/zaei+2QdFNkVXwA196HkLbba46zhKVz6mkcBrOjnd2pPwQh5CjCQ7H6SJIwqTUJKIWd4C7DXOLVhQqvkGke8lOyrcHFWc40+hCPmZlTNq4oa31WUZqzhlRp0Sa9e0XbzNKkA754GearNt3lYriUoJGq5GAkdcTEUBYp7NEBHnutgSfW/cAFpIqNracc2t3cqLiwipBZ7+8ZLqaVQcpGA39tT2T+tuYruIG1NIgF9ofKJlVu/9fF/UAn1nXC+1yn3k0rHqc6bnSFt7HsbAmmmSGdN0NHJNX0oiAgMZ5iEgaFH9thOV5gwhPZj1rfJ2NsRpssSNjjrPWrExyV5vvgb0iMLozKVTfLbxt5+KZq9lrkSZmpdNv2jQuv6Z6PKZk57EcJQXcgYwQRy7DV0gtBXJJkUUb6rljNyVHbdGN5zZvcMHyW3iCDS+JslaehOxcP+7WzZVXD3F9t6VYTVsplEspO5G0657jN3P1EiUITW/3FzXMPF0nmfFu5ncsHWse2cxWFPfTrPIFyp0yS7b+LsiQY6kry1KKBlunaFk4ylsbGJEJ9sGJv3gIk4Oi9kMs88Ic77D/CubrOiW5I4u7oCE7lJ1LPuNxtuuzqVCbCkgZlPaBDD/7C0WKI8z7j5/ij56in87qjqsZnsIQAFrir6ewicj6rLbZEvFjjw1zvwlkouQTAHChPeRiit6wvfbAkzQSmQSKCgJxOgFZEw45Qti4jFKZDKHwNy1JjY/TiFYzMfSQiYnzJhTjkIggD9XoCjAiPeSwuCXBkvJ7nSk8FCvBlFIqJ6bJOSozJtypO6joGtwpjnnTCfRwigckIRtxjaGxMU2xj6vZE81wtzVDQ2jjMKV7C8cYiYugK2ZJPDwzFjMZm0danktZCtNIEHjzQR9CnKF7CIr6Hgc6vzzcN2TRi9NoQUSTKSCv6i7PMo+AMzBIQ4nRK5yFabLBWsU9wQhueYtU2pzuMKC9cTr5Ygrm86S3eBaXUTrUoCsbaTNHUhSRaEIn/9Qo2ZgZM6OI9EIQQvk4iiC0wWmscksJz7uX2rkkZOyPn2ic3nE5v2u7cQIt5oC05qHDqEqqppG2/XMIk6Oq6+FH2Ogg46gdA3qhS6w7lHC4tpAv+BEeyMGcXBqUCIMlD6C/38KSbyK3MuwQtuEzTbKuO5EV5EuJiJg/kWMk4umqBoSefIwdHNrIyckS4XOLuQuZhiShRsKPqCOMIak2KRJHDyHFQ/Q1hGmgwwlAt+AQBswTmkuvVxOqkGQ7FbM3rtvHQaGN/3i54GMVuxjELAItl8nC62mOPtkkePHDc1rDlhijdnxCNsm7q9tJFAFDGNMdYnrMBNON+kC4cnOO7P8IMdubRkgrnpD4rr+sDIRgCXr6J+M4LeoLCwozMZlQDOJpHfDpus68lKgAvc5jHtBZzcAAkSO8weUAmobIOms7En+5j19pwEehs7GgKBEDrP9iPfXZms/hKlAjxWXayicjHMhiMaJAD0nbEt20CoHKsxRMHIeguTl7rwmKLxI5LAfrzQGhEdasMU98rVQsoJNcRQKbnY1ZiwJrRg6rLMCjssOKHTwkobkjp7N6MUdCKZSRrQjyiefkIR1BkzUkyi7xqDuAgDwoTHdEz2FRraUyKfbciq7LGrs7NnN7GrTwz70wNyUhLZ9gGtgpvVFTpsEwCxGqIO1BIIeLzkdiJCX/hJV86r0bDDYLRLdMs6p4pIuFmaJaK7HfkIta7DX6vLTsEarymp4QRFFoabGgWgvWGifRND2ho9L08NGkiBNi4iyqOK8oVS2d/DN1Up0czJvWmThf2y0EvD4kwcoXmRhYs6zCSpMvyxCdLLGEs52E8CHt6KsfRaGU0knE2aqPzKcO861w3I4Bki+/61HbzJ0Q66y+3MFxYsWNeI7Z41AzMlWd8DPrqbRVmhQpyq8dmUkDu47nQ78DKR5c+0E3IhaZq81WeaT9mNKIwFOsQSJtezGqnDMwypkAyTspHbYjHCWHDK4TUYC4wI2ETI71GZFViksOsxIxNDCzwVOd8iCD/xwInDM0rBoeE8ufTeEyeXGTqtoTvLJHwOG15qjW6HQVuWEXuwM1EnlAWVQwWYUghvAzxYEiNZsZnAG79mCRUBnEvTHVEG0n3/MyBb3OPnTBbPXOgd0nAJgeLwnV8FCRhWWdOAk81rGXbxIuPGTRQFKSjsjQDVVVMyqTtagmAdwNq9SrYjXJ7/jSJwHRee3BolNBmjLGZeIezAQKn1Qd8UK+Fms8O5ONoKq1AxJBhUi78kkmU2K4L6rB6JGkePRH5sjH0xrRAHGt8sOv6zM/7ihR57vA20tF0NRH7Nu+OwGTU6TRSJHbs8NUCDrKpogP63uV9EGXv3gA1YI+7Xg5mP/kUcoc0tk5xsw8pGjznLTsFANSo2SBvnYLFYsrnwYokvparz2rxHQkCJCNFFAtKahxE9H7Fey4GVvVIA8BCskJLqTRrZSKi0lLXas6B4zS2VWtU93pXXatINbzNapgMGwZEP06MRlBPGEpvbOjGiojLXtxmwKFvK8AQLW8Ht64OtEMx+1tubxhjSadI01xRSdzyKTjQEW7IeHqzRSMrrLaOMzLjSOLivkszUeCqyFbqBhpsIFIpah9mQh9utvyV7fBjNRtLFx8KPQJFqizypeMvv18LTornLgjCW5hxdLAW+NYUV/j1UwioW+yTrHpP6sbDag4OLfrGDCEUPJkGa//6Z1BRJm62zlRORau26R7KSECGRHR27yEATX8kJXY6534XBJZYQ3ZS17lLaPXSlT3A4B2xRkoHk+h3Rob6aDA0VeNJRH/oEtOBBZtvZWldLSQoSPizTx+urgvTNRjdRXtpR/piJITZFonmx2PY7IBo0me+lFPrLUnYg33ob5g44yChFobJF0wxlTmsra69RWh7Z6w+BsVLRoo0hGdgWOWMY36WQrWvMA1EaBXbJX3jJ+N8IPoVSmKs0SWWFP+Ec9kXDMfbLvRiiGnLS7wKBFxu5yRXGM0chKzHS6n2apiWV9c+lQz2TAjC1KcgDrxobcn27CT0hCZjbJXARdz2OJV/yW9UXIYmajGMw3SL/TDR3laIgPJ5SrO9zwcq5RKImGa9twMEkFNT8vlMAm8KdzPJZ2xgyQcyfRG4aqKAPFAcxrej2utELYqUYqNBMOUW7PNDFy/kNKyupHV1fllQnypuJAlQDTGfpwJuT23xe21+axWlLEa6nBcPhi6JeaMIIY0AFzUt+vAKaRQGLHeE+0MD5DYXMWX/6gaZWIZq4RYfgnBPoRaispavkFH4hlasauzA5uS/KvasEnBWZGo9RoKdM6okh2pmoxKThrhHtvHTs6dThvIrQ3cBYGoGdk4saZGcoMPlbG3s+GYn20TVIreAs4v4PBpjZwgtwjNBaIP/v/Yyr9OtiPcsKzVpu0puODMtoCe395hF5e0V8FBo4tQRxsO0iNMLGWKI/fYGKUKy2DxId+QaD4yMlUCCa98XTSJsuyUjV2JjKhtO6RYmFLIaajYJY/E6yPLzSCRKc1GPlXuHqbiyPnLaaj7qxs8zzIhVOV7OxJ17L8Wnc+6v89wjcKStzxKxzr2H2XTGOFJ650dN5HxIULB0zDCGJDiwVRizIVW2M0ITWydLCsUsVBJFPNVtiAyif7MbDErWZOOnq0S1V2+PAzkCgX4gGnCFSBa4FA1Hv9ZyubItBEBuzIcOWk5XzdZVykJHgGPEUhcYG0pnjGcmjRj14tgkZ2rRu//s2RJfZ+HiF+csEJc/auotdU5kgwOVhTXQRd9IWjAiyaO0q812UP46uane2zGdGhfsbg5yVMj5SwZbzskC2Yfe70oDqDmli5LyrqXTtOoPdZCwR3Y1pTetK58KZUpBWZhxh/d28mcQF75LqM2/gBE4ZQBNCuMVTaS4uWqKGtHqmNrnrEbnq4jcW5/JFvbXO2bYsScYmFnjlyssTenVNDYThFcIrUmk9TdQirLIqC6LtJYAbPSrSvTIoiKDJI2/Yha8UXdfinaCFQHy0nOuLNwYpR0y9z/Jlhl0iv0OBZON+b2lcKL7DVbx9E2mbA1F1hX8mJlfK7GgtQwus8T810m/z4+wKaK/K7KUMY2Kefwagb1bh/cASO5CO2l6OA+WC6p8YwaJKVGA0mQG/G5bRh0QmfxB1ukuhy7H81zDBH4EaKmLwO/inqOUx4vd6JxA9nreQlY5SASFwkNyZlEn13xgtDwx0D0ee5bc5sOcL2/3WvhpXYm7hkMLeLfpwUthFGxQ7nohqA59kkIB+Zzu6m5ElSNV0mJeQScQM4QGTMThVqZpJNUQSIJAoMjEHGPljKvNNlAFSKWZIyNKPTByRgnTLLSLMIrIckx2XEcXkse3SnHvCrwd27RdFW6xsvr/sFMF7aYSq33SHtdf1PUazZboDXGF+K8GtnP3+BVhlA/N/9NHIPnYiayIExSQYd4h+MmFSCOZwBRH7Vs/KYWeNEwIcKjIx1BtUaHGbyaHXEzSl6b0mr5n+aBZMACZXPjYWrbUnUfmv8x37/091J/dOsYIkqDvcLRyT3v2EC6kmZ8B2P7O7uFssEaOFjK9xWVDHTMzrHEs31B7+c528sd2KZG9+1dJG9H/e4RWAkLV750fhx8ZaiXr9ztWopT00MDEPRjDlYDKYBQAEDAwIEEAQAQSOBAQgB8HjQ8iHCiQAAHDgi4M1HiRIQCK74jeIAAwosLK3ZE2bAjgDsVL1Zc2JHAHQEX+TTgw3LnyZ0jFQgIipBgTIYL+djkuHIoAJkHgSIMNJHmH9WqVq9izap1/2vWpztFMsQJdedQoBUFjiyYduJCAR/Lul1asGNcBTjnzbVolCQBkiw5Zizp9y3KuGVXLvTrVibZigQRJDTskS7Dv3b9IISsliRByR4ZN1Qpt+NawAdyAs5r0S/dgTXJuiYoEzTZiyxFJz2gszXpyhR9exQQUiBR1bBhA/UqmOnoyaKXw/astCTwyaqDKlBge7X13osxUrRZebZvnO96tyQrtrOCxBgf6gS6vb1v+shHr/3MsHDI2yVTR8QSH2ml9dp2F4nEmkNpaacgRQUV95x2GFWWVlxKqZQYADmNVB1ZdY1WGIhnDfWUUvmllNRkBO5nkGcp0TYQWqzN+NVrLP9ZWNN03uG430GgLXTHOVwRWaSRWRmUWXxK8aEQRoQlCNt2xzH13EQI6kXXax/tOBNDgTk2nUTFJYkSkMBJJF9KvKHnmEAPNQcdd021uCZpBLwE3k/HgedWnm7llGWKPwk1FEY1vSbmSDbRtONYDcW4VHI7vdURnJR2tiV1cAqEQGAAQHSlX1NSx9aThZKZX0/UTQdVjQnhyVZbLI6pEUKM/ehhcGx66dZBgBEVlG12iXUflcdBNumdG1l5qUUE9ffosOBBxaiVPfK5I3jkoeWbtUplxBEB7zRAnIU47dYdhLe2+Fahzz5K518DJRvZg9fGG+9G1v2q676PvtiWoXz/6angryTK6F9fG934IAAQaHGkxBNrJZRmK7FoXJUbMWrcR1PSlxEBH5xHYJeLLvbuZkNpuq/A5vpqG3YyymTesR4BB1pdAxIQbpeiQfZaw1S+ePHN+kk2oL/KylsbePvmF+7QX9nX9GR1XbiWzILqt+arUXc51MUIpJuXeKbehlq1R8OVn74c28qng+xO9FrNWnsYIV0ohfl0iW0JMKBzh3Hn1XpAGd0pSShqJKxR/lJ6rGiEgTo3eDURh9AdAmvMU3U7Fpfmssn1GW6lx/FBdrzfoX06Qh/M82JBr3pW6ZMF5SQagomWZi9xQQ29ueQM+kymoWWzLIBiVZ9TCcXP/0MfZ3QlzvPBjbglPz2zKNQW60D1/QXWmkotRKr0DnNcUolxW71SXDx/ZZ1M8V7s63Sk4kpnv4t7f3v76K/mJYv70kwWhqJGzQl4QfkRogSTr72JyT8AXKAEKzis0DQlWbJTV/ysAxGajCpWVjrJQVAknAaQ4WoG0ZGWRNUr74RtUOYz1MBW6DVJ8SlQKakM0wAowRmmSCNmEUyw7HaqK12IJexjWc9SFLkV/kplnBuWbMbTorbojjWcQxunAucpF6LoOArxVMNuN8NCwSc8dEkiTHgVwF1JkHMqcZ2M+PAB4MnLJumyDWMWFiMBQC+QE/MKAjhTmgNVxn7VessBav/ER9ZMiT1RullfQGQnRolsbuIx0XwcUi7aNCxM+iqKT0giH85kj3UA9BRaJOK3/12LLNc7SkeG1qrY+OQ4PuMfsHCkIJCRB1afu5HPMOiYL76SbfdayrQG40PuhLGRZ6sg5urmq500oAEd+te8nnm9812JQnJBiYXs9URhCjOKv6Nb01BSSAySJX9qKtFEHrCbMZ0zPAQalYfachSBFXM7MwulDzfosc6tZn6Neeac+BYpGQngi76UH3ASh8FJMvFLtizhfsKIq1euxU3XzKcbZ9cSQaK0SACQaAW7IzPDAAp5xwFSTRYVN9vdbp53IqZKMiXG6QDuV5tblPuq6Jr/PvqGAKx0jRKnGSmVsJRNW7MT5d6ov/Z9K021+tVcPhU+oNBmYUyxnwtlhTYqESpXCaveWK2EIKMy6lADOY9SVRPG27iSJnJ7olAQGJ5C2QZBACMULlNEply9Sz4HqMlDz+rLROmvUG9zoFABxDemIrFbHLHSEI22qz0hlX+6NJD3iDZSsN4BXVx7zpnkxZixDBGeC02dD093veloJqplJSb7CpOfA5SiSSxxykwwC1yZrs9OkTngEfPYRih2JylxuwME8pDS62plIprpaSwbQlsADMdXAmSKLcE2mrC9qQF4cRGqNqdFalUncz11374Shj0OfkUyO3ot4SaDgDo1/0c+XO1IqKj01I41RKCKHWtG9RVGRBHgLiESa/wSNbWQtgYoEPkuHVsSthchLl1RCuyXwOUVcAk0nOxC5Sk/ZKVExcw3KHpUyHh12aq1xZZKqyVnLHkevEYSN571LNHso6Ebbgi5FL6STkrIGpWJzDeY61IlW0snLDGUnfNtqkKts0gE03NmTiHySifTnzUShzZbNkh88uKUqs0sLvs0cBgz59iJdjWMMzuHCbDr56vcb5JYtMn5Nis6yT6RQaXKUmJElFhWSaSxOmPOlLocEXI1wEAE9FJJdELUUhk1v+5MFzkN9qijvMWeO03IKz+l5wJmqJGRaVCPSm0rVCbJWv9/idukM2zNSPsIrSJ8VxLNid/uSnC7eY2ldqSkoMaVqi9j8eOelhVO5dipyzObaWzCxen2wVZO7JzN2MxJvLko5AFTW+a1p11azHpZVJ7ZIoNnVCMAiZFd3j4foRSrMojSZR46hKZG7bjQDrfmpQzTEPxA/W9nF2YnGrkIaOMbz0QyjCNKi6RGGHOONJDizyL/h3h1GR2g9EfVAjkzLi+YMA+r6+GPHfQZmYNOZpJER/v+4zrZa5nGMgtDMGLIAT5QZgBGcjtA11wv5UTv2W1wifPqrvK+tLv7KehMwzoyPY+as3ZxfW8oEug7UOCmiFzIMbN76EFUzawE+0tFTGf/Dr72ujcaWa0zZgORmmkYOJs3Z+lzKinRrsZaHtp8pBB9DjHxfBvzKZYk6Fovpt6+mCyvEXNPd1o787d5lA01uil6Z4fvMmCcL7ONu8wbl8xGpdB/j+i6yo5aDiUmcZnAuiMX+USrnZ7JOMuJ1mbu95o49q8THlvECXcHPQwW46EbjHzRdIhmHReBI2XR39u1E403ufGlRXUJkq9xHJWRgV+b01vc9oWojOUZtxCtlSEX8oDuPxPCHu1CUQmGAe+yPc0RfgHOcjlTmejF6TGfNcEcbOCElACHlSQF1q1GTXnL5xAgRuSVplDOGDkQs+iQ2vGLj2iNKXmOZHWM27AT/8tAHGC92wFey/w4xSa1XilBhQFBjhqNzxoxR1111m4sER+NxK09Tr59CLiokIo5yZjECkfcleZwTa9pydkICS7s3sjFxTtZxgJ5xqUUhqtoD1rVztNIBlEph8ZlGvtVEY2k4ULVEWp0kLgwBAqczN8thWHwl/IUmPi51Pcpk10pCJesxTspXgoKyAVtG3oQGttYUrg4BeLBiFihhObpilBw1If8WLVg4ZxcBAVun8aM15yxTRBSkMOclqEonvgQh865F51IS2XgBEbEiIB9oewgTh/aogA8AF4IBd5QhkyVGnfw2g06xq0phkFUDWU4SLGVxZvBxrotBsG0VHAMIf8uLtP3SccNGmPnyNxS3Vs3BlN0tZiz7U33yBshFl/QaUmfVSHvPRE5WZFkXJacEJb+2E4LThbOdNOUdMi7OEVvxZDSJRJs7VvSbQQPrpRw5BUcGQt+FKO+TVu7LMc+QcWU3AGWoQ+iqYqsYdFw3UGgkJj8rYRZfE4MGaPM/Yy46RnsAc8HxCN0nKRF+A7RDGFi2MohBYorSRPd4SRGRcb+vSQSsSF1eI9CQGNwxJZy5SR3uEdCwEm9VFV/kY9uEA7LFeFwAeCz9KTG4BFVLdSFIEqXIFb6NVZ76R2V6EtxkMo0ZUYG2Uu1TYooBUh33aNyLURw+RIpbQSGPUeKec7cDw1hda2jyD2GdYwgERoGS0XT7BmWk2lOLJKQ8HANzXwOaKDLWUgaBh7ZIY7TsbBQXiiasChXFkXHDM2lCakV6gGRWapIUMxNyyVT4qmSQn0E57BHbDSbc3HQa6qlc/QMPH6FzMxmddhR7HDQvn1I47VE+RiHYB1NZ4hP0xSTiXSMjgBkKV3cWcFZE9rimmxNKlbd2zne0wDFuoGkhyGIwEFi18HlpEkYmHlma65JGT2ZFz4lynUMEyom1Vhb193HO6XFwnAizBlRrcBnLY3hfKqg4w1da6LAORxCYP+KXEvO1OPshrkUIHMkIjK6kGjoHFPECFI0EeE5iaGcysPBVYKW1QNtH3EoWyUaG1lI1FgsFYP9z1BEC46AGAr43n4uB65MTbzMWV8QlJ2I4o7iF0eqF5t41V/saCeNY0dcTLjhxhJdCBmJRLCETsY1To6UCEnqW/k4WaLYRQOwiZ0doFxA2YOwj48q105YVACVZagdHWSQzeA1n7o8QO3AhkwcSAdqYoj6X6nQWPhcmWaKRzXVV7OJxmCMCV+qxmStjaCOxnbx6EeC1alQ5Z1y1aeo3WreSLWFDd5wVVr6j1XKyB2YQTlA6J/9hdvxqI3+pMQ55y+qWGkwFprMXRT/1lRRmtxpNNkxKldGRE2WxEXftZTbvJZvZsYfhiR2Zmg9OWOH5qVfeZhbJVJdlNOxYAcldmZ9LRopLSVWUqJJoAnrPNU4NuKXDFk9iRjAnGuS5GC3eGi5ngZevIRbVOTTkCeaeR2zXpnrDQ4fnmMOTkSxRErc/BtphqIprYf7/NixNop2BiVXYpKEnA1OkOSzvmeuluQ2PZN92Mc8lMJ5yF2bmupSfNF9TewypYpiyMwrjkk4AhEQ+kx74F1TzI3ruNJmAcA8sMGq/tljHGh23BJUtZm0yKAxqtaJwGeXsBC1wusLpdLZnaxAlh+VOIuFnqn2vag7Od5b3kxatBmx/6rVpFHrvkWcRXKMaD4knvjktmwaZYTtaw5EY9EqsrEbQ1LWws2YeHlkP32ORjGmzalouGSr2poTuNQkxtHNoLYpUQwazyZHKXKNyzkHWj6Z3SgLaNhTRUhU7xSWbRYVN3Uplc6FCWWJYBEagu0YRhFAgQUOme5NZSqQLgWavBJrOxUUYRoGUDTgroCgakhd4hpprbbgrSzs0CBMYdzIOZjBCQCtn+WTRKxbAMLOILaGpT1H2uljxP5nj7UYpB6KgyiYE/pdUTzZfHwjb+AtsDXFw7ZpWtykPgXHm/Zea2aOFkqsiuHM8oBLTpQN0G1J33nFeFKv3qVld6TRcshZAf9y1oPQLTotG0sMhwsZ54sKy7M1Uey+A4WhCySVq6BgWWo1wDsAKa9K5lhZyILxhnD4R7D0l5sZRYGtFCT90mDYbVkNbN5Na3GGTqZoCJhNVXPyr/nKi+WuWBJ3UnGECpllTxFeViEhHKswX1xABO3YYYmB2JFqqB8pxioehBzWXon0XItlxDlAQPT62Tupjgc2SSXK4kG+3OC4VnVojUEtGhO2KR9grBfOi1usBVJhWwpCX76JzJuKYld1Tl3hkAri7hyjz4x46W/9EtG57W1+bLQhXmrWrgC44eP6jYjJHFuUWyRfJ1vWYmbEkMrQEUb0xyA7ZOB85kXeytR8S3P/CAV5osxO7ml84Rvp4sopxS7loeCxYMZCSSyUHA1jACEtQUcQpu5bUa8DEiWdNMp40rFl0Bkef9t9TCRghF6lRBRIvgrdCIDAXUuUmEmTitbmXqtZ2tXTZGQI6QsfsEAe6IEaYxc5ugiwog9kEISqxZD9ReyTDRez0u59JtDmaOYTBbPgTVNV0QaZ9UtlaCCoOEyUrgYcvp077QgL/Q4T2vCxpGUqaiex8VBmLl9fFGVY7SN98FNoxMjFNMz+RFd+xuRHxklZKmA5pWZyUo0na1PdOmL6nKBisEeMlM6u7V9ednNDEeE4gtnv2BkdPSXUFPXokWCBeKm6iGEz6h1a/3a1Dt7GwuCn820vrc2rU3sYotrcLGszQvgBE5cN/KWG3kjPkgreowooQdQ0zCgkQh2V5jhvMugzdrXsiuRNjeKQZjWO1GFJxBXxiw5MDw0evTHKY8dqxtlGkqbPnfEfBT3XrdCwyRqbt8Fh+tpwnkTOUS5pCcnGuykPSdAfAtpmIS/LT98KAgyvadMNZLstDD81pJDZ/lbdNXEJrXYT/FDyq0QqUyeYg7xFLBZspS3WKHYiK2ILtrjcOEe36LDM4XBEvXRPOtPjND+IWo1JYPBsNILXJ49SXmDzignWPFbJd9JTjv1H6+ypp4zit8TLm8UuspVq4oXGtuJg4WwtSf9RSCKx0Kb2sMVuiVwNBbpkyiHo3mFf1+mx4aIWuJ3Wl5xa59hNjq9A5mA/WOO2cO52odRCcu62qcA+cVuU9hUqBy+6lL9mXJaY6UXW9BdyzFkb+M19oblYoA736GJvjqtGd2M+IJRqlwhx0yNHI5OzGjbS7QIVprQCefa+ZiTxuGlPjsS68IdMFIJb2mHMKDriyr6lEUaRCu4eTMfIuXT4bu6YuFiNFE9Hh9CsLBlLjsbKtFS+MD5t3zhnjhN7G6lImDUDAMm8i6zlJeKxNo44hsC5YI4lY0UWKPtVyx2oo4bvMzcSETEh1hKVc7X1RGhBk4NAm9h1OdowyfeyMIb//q5OEZHhIl/MmsjqjCm8PYhnKZpP6Mp53BglEnuUjR9gyRgP+VRTVATPmAn/UPlYcGpZTGJgO2ETho5uZbu3erd1Ym25dAZNfIBfMPld0dwW1yddkIdJ7OUQwlv5DC9tFPLLBN5Mfk4Fr4hfEBdLUOpe4lqcQznS3exOSPtxEkQDNjPAeat1m86yIFZfXTfdJCuPXJWKQ6CFn9iBHx0bptWLPgQFRWIBJx85rrO2Xxw/wu1hWchNiDqr2i4Ugbld6NZYF1niTYiptMWAjBhJoIARgVOKgGxuRKPQ/dyXzBGY/XdqzbS2NOSKuinTMkUCN8aZyefV9K4tnskarlYj/07GuhsagOHQ014Ogh0MkpVakYJvGQqEq4Z2oA6KQe+4bkPUDP07ZZzkdMcdzRSoUWZhVAfgo/cHy0Geigz+kW7rf4KUaJGoOHIdR3srFycZxtGiNSvvE5c1pV+enmHId9UpP6tSfz0ACQbrWcTV4nDEhcn7reI2iIc9+AxFzEvvQZ4S/2VT5Yl7q+PsfMfNh7vgdv7ab7ptTaLwzUjoR0kqP7cJM2YzYbq6+fHNJGFvYj/Qs+PVk75Vw2weQgiO8Bfh1MxPGS4Q+zjKXMmFEzdGZzTgIBKP1IFJSFJ9yNv7fsNy6Opb4nGi++r9VwLEAQIACN4RQBAhAAUKEwJ4AP9AwIGDAAQqEGAQIsIDBwgKWAjRYsOPDUl2ZIjwwUCIBieOLElxYkOBHQ8KuPgSJEKXBDce7KlxI0eLHicS4EhwYUScCo+KZBgS6dKNFCXeIYDgZMmKPFVmbDjvIcGwGgfOpHqAT4OlC5NGjZkw5kWbSH12ZWgU58V5T/719fsXcGDBgwkXNuz3LdykAghEPPrR4ruDCLpOXWpzrsyFZk0e3NxVrlGVi4lGJZk54cypeIkqwJsTomXYp98RRMDHo0mqS7NGva2V40G8rxOO3EkxKUbTqUF/bmlZNNXEED2TdDnSIwGVjqOyfe366MXGu0m+/p7xImWkxBvmRoigJln/itsVbORD/Dh1hdz1w46Oc6f63mJJouW8Mkg24/oDCqHzCLJrvo5kQ0gpAWpzCi6fmgLAPKxyGisjlohaTaKPcjORusXIM8ggl1icDsHwbBrJoLT42AhC1BJSTqYNH2xqIda4imkq8BLi44MLJSwLwsssWgi+00iyLD+epuMsu/B6i4+zjGYS8sfpCnoLL+/QImidw9Rck802TfvIrPz4ABGuOygc0zSjRiSKR5HETIg45aAqLUwOm7oJJ/Z08iwuH+/yESqa7hxOKOE8VE+nCAH1UU8AotR0vpE6/S+/iiaSizeeCvws0v0kFNNOuBzt7bKbFH2Tw5WcsuwhBWWaig5RuCTbL1ZTXTIqSO28AiBWCuWKCzW2/pxqo6FegoqtH3kzMaKulKWrvlufmlKoQkvysEcvZ6XwnVL4KC4r6Ap8K0ivTF2Wuli7dWzQFg39CFnhuoyJ0gZnrbKkJ6vz9Nrqqss2Pzi72gxSAG7kI9vU3IPrpa26rAhhfEPdby7tEBbgHAjaXJnllv//mQhd+RSGbc7uXKVwUF1fEuDG8czi2YM7ZvKswPa6VRXphO9cjsfz0lLSpSJ13A9gieZpYJ6bAbROa1ARYqmkuKTUVreIGsBtyu0ym8iqddurLzjl9PSXuglF2zAzgWyK804TL6zarhnjOm5jKCfOiFv+jH7gXcVwwnvEoz7I2rI+DcVxvy47ggyvn049LU6lOrIc3oTd+6jnvZt0KmaGmSXS28cUMqpxi4YGYHJatQVvO6+9ynjGsL3681rdlN58uaNvL1jS4DP3KbEJLf7AKg8/+pR024kftj2G6spSTM2JPSjGw0+zCkIjlb3jDpfdf58wT2HHblOuuTarJxX/T5K4PYMIAHslb5nIVoxHMNmNBEcHsBZNEIUqzMiHVuIp19IyNcBytcVBfpAJAXbiQPJZjHHS8pX0jAaTE3GlThThAx/mES3oSSdpBvtfg5jDsfLIriH6Ipv3ULRBipztZqf73we6pjvyUKhYHEQiCmnlkm5FjVDSCZ64TnORtExtUghSog0NxqGFmaYoOCSIH2AmJlR9JzHBqsvJSPIQeuWGeMfLFFUWSBXzzSUkQ4GKyTrCQSJVhTXNquKPGlc6ri2ETuQylLauEsUA1Y9MlcKKhWBHMgY9botZWZvItrIwMDmLJHeAQB/gV0pTFkeADOGMg3LDuI0Zb3hB6pKd/7gVoZ/RzihW6R6e3maudA2ui5iDYJaWJYBJQq1uf/rT9YBFnuBhESWFhAyoFJCWrMkRacrrXarE1p6jiI+XGatfdLhjIh/lxkPTGYhN0lK1zVXHelyZUGiC80rsdPMn6zmTRgaXmLaE8mixUUlj3IMRCWrpksjLio32hsDgZIqKR4TleaAUoijiy4HH8de8KIYqnbymKeDUp8YUmq/cGSiAS1IaUcqEOPzQ6mcim91MQhY2J2JqPn165UtIp0CnLKRneQnJVDwCzoCeCiNwG5NS7nAOM5gSqu9jIpx8JEgEmi+GVduptPBIPEV9zlpoaUDJqrJDJ1amRGEkV0xaZf8zWbWELBjRk7RqY0wMDStYi6TLBG/zG7oUDySlMRU4EaYaJVL1khXaZxdxJjAK+ZSEu3yrr5w3KrAlhg/wYStw4IjKRSU0hkVs4ugYtbScaWUgnVoQQq6GG8tRCa4X9d1xrpock1AsVUN5C7XSWp2Wym+3Tcpf+CD0JUc1CqyCk46gcpXX3ai1PWnJS4z8VD0jjkyvJPHQVXoToJr4appkPFH0MmmgApXId5F0j1kAmF2DNY59UZVvy2LCPQiiR677xE7UZBQrccUncwhtFt36JtCLyIYxnBrPWogTx6nWz4eSpWBCWgeUtSXVfpmiqaZM9M9SDaSH7N1pDZdzq7b/OlNU69rvt/6qqI8k6b6LsYxdDQkRxu2spOgy3OgeUDG9XkeT+KqWq/QUVKGtbm56YrF4+Lml+OAlqKkkKg7/IysV381PUBLT2dCGoSKuKo2rHRMJHdQ0Bdpoxhm62kpWRxPmGkmWe2USKg/FWCYaCLc1FuftdmMet6kqP0SBq1TsEugMSfRbO2nffBndJueiV1UCgybJgHgstERyqCD2CBD9hM/GCOQODSCDE7nYsXJVZx5EJMmN2IoZyznWrVwZKiA50lJxXuqi82RUq2pq2pvBKS4A/OADSXvnUo+LLB51D3skjTDqRjBK6wUWvToCn9oypy0aGrTXAn0Ucent/7a5uRdBbIRj3lwJM1j20zvUIjrr1IR0O1xU0YjKlIRxF7A/IZFst7ITNC6nk6gUpFHOtuAZljRPtZZIs+eiVgDDa7Pm7qJFmnWcoWWvu8G9rfAyFaXPePZzhooPxWUNr9/+eI4ib0inKN5ol6sJM70uznnQ1RpYWqzdvNnwKhdOwoCy+aF03tFmZYOgWMNmxnDemaFTlduVpxZSqhUsHI8c6cemjyY9ERHQ1balendNtUszaMWXHpGPF88lF9rs1lPeyxovHbUkzkv+ElLwhXC5020T6OsCeFEj8b3tI0UiaAz72b7/fUwIKuRppvmS32RLpCKp8q4CxwcPZO3n6f/VXJzvpLq9l6RP/7yk9Jjdlv1ue+M5iZpKfH4pukznbA9fFLXlnhvLKwlfkzf2F+cV+fycIw0vF378rg1DQ8W7b9GrinJXb6eBgbZOea0joFu1r5QqZpMW7mBiCmaRTwF79k/hWQOGYm1k46+8CEnLgueouVNFspAEJCCg7MR+7Ho0NbIjzo1CGpzpi5yWrousiI1DWmdmcmIe2ulUsAJiKkmrOsqcDsspgiUkPgnioELfymJeUI9k8ChFwkycJkzSasK5mEjQROaBpiNbdqpmKgoyzAh5lMLEZG1qhkKQbGj1vKnVsCUvsoI4tONs4KZZGiy75oqCYItCUg0qPsX/e0pirmjskGjQmdpmfnTDJbDGAzNFWoomtI4NtRSEj2LjDg5h+MowMLJwwpylq4Zlx2xptzhiQnoIVELvNd5vb1riqCDsqtxsYdxjRpiNM6hkWxQJpUojYr4mjWYMIy6ECU2i8LJtQIinLiRFdxruhAzIyySqAcYqf4gQZ7RjNEJJInAvJMai4bIJ8RointJQ2Q7RaKCCR9aLPmajYXjEdrribDDiasAmyZzl7wiLhgpEkCxDXt6EkjIHFxtA4ZrOU+bsdSLrRlDKCjVFbyonjU5MsmxEAaZpvdwmJmIRdDbkBvkk7MiN/FgD9xxi8bykzRgC1wzpj5alg27x9VCE/zX+jKSoq1rkIs+i73ziywwDsi9so9Xyb5Ee6e3srLFIKtkoTp367b76ZAZNrmj8LO6kcYnsavX20NWGo3UogwcLEpXKseR0LjwujgYFgNM2p9xg4iBtIvSaSaZELmREg93WMdL0rnTcDSmSaCkIQIMqzGvqbfwKSTIixbAUYBPbi39MgzNCArpyxWuekKD8R2cAJf2+ZjdkaRIlBBudy8HGrYu46yPIKND8CdmWRTJgEgu90FqGShZvYrgiMGdQxd+CYmP05oFOrnueqZpWcuKm5oReBRsPktC6Y8RkSQI9CygKa4uKhn5eokncCbuG4xDyQCAFMiYwZTP+pPRwpf/xHiQUP08aa0LEwkaXQEV6HGNiFEdkKJMOR+MHOWXDXkIBtWs57klTShBcGG+q2GMPFQkjtJE1SSL2oiMOQUpGqgisYgNywM8JN2QnzCIlZu6AuMYAfTA8UnE/bixDBCeyCOKkVHNDbkV8uirBGMn+Cm8mcygxG8zWLETOuiemsClbtAg9VBDh9KOtBqYpx8bt9g4qg+1WXukGcYZj6sObQie/UC4TAyw2fHNchLJ+EEY9Kul8nKd0+gXcAGY8wmUaeQoAzoEMM1Mge2PzOuM6BOBqWkgl4w80cJAsrq0rG8SP7CTzQIlDslK0LEgAMVJWELRUVuX1JOU40GX+TmL/VCZoRveHfPSzY2p0PvwIWFiCwPzksZylWJYxJ4inNrWls1DCNq5ysTpIJqQxBJ3IiS7iA9ZxYfIpTF7w/y4ur55oR0LrG6dlMpWC87hq5RwlomgkhTDkeh7kDj4g6FLIVtLqPfDw4zymPM/E4qg04TJJ+TYNN6CprTQEPSaIAB5AbhSObVBDmUjmN9jzhvKEQgViKxQl7Cps9fixuQLLkjYOLdeCTKCu4Uw0M1HvS1FMAMIiPojCO7nNOW2Kwf7sZ2xxQ83nNGnCOI7mu6zk+qSxV0ytpCAjsw7zJ4OjdWBMDVGEOElz6KCFWRdjndajJq7IOshpOoEEOC/Svc5yfWOelDwxxOMwtCVY42FGBMS4KOKWZjCbyV7DJh4RbJGYbOi2ZkEZY8nuDdJqyTFIkJgi9ALFAmNcDTOmw5rElBln536KC6Ei8hqTwzQHqkR0L4i2ymCVx9uOgsCqJHSAzHUAwA/+NWRyFF4CMZV2VGFhBz9tSTp5CDJ1tkx4//VEazYyyWMGpSXlEGsC70w1fKpjPg2tQAuaWEzeKNOHfMUIXw/3IiJvmiNFZlLLQMWxHCTLsI1s/DXIHHIvy+q73hAiSDJuR2x4sNQt4G2AuuIGeXCa/Gpp27YAtatxioZTzy3ljGX82kp7+MtGudJQNI1WjQjWMuxHKrApnlAq4JBJye0BRg5trwvZYKZ0/kdD3nIiihW7JObE9AdXZjSvfIqgWoVfG2VbPke65M174HSJQKjhdCzWLEfmjCdJP+ts5S5CGqwodzPwwqR5DS8j7QQFWMASkDYgM0N4K1cPMVd3qGhwGZIZea4gwOOLfKcYJQRIy9asEjLFzIrGav9KTCiqPUC1zcJzHg3W9FS2O4rEbmA2b0wW585VzG4mfdkXjOiRtihsOXDqT/XpCe1rxHriIKwp86KIC88tdDrj2bqjU2ZEfOSQaQo2VXujwvjRR5nNJrITd66pTe+gkCildgaJEG0xL+OIuIxN9Qix5x6jJXhwbs73dRwoEzsM5Cq2YtviHTEKjoCEgbMiBLWQe3fPiGxnn4LqJE5lHiBAZbDXDFF0NH3lXAJKLJHFT8RyUfxrQ3CEVW5uWcKO1LjCzN6Of4ziANzFdDw2qAqzQYTS/EJQEOcu/c6rvO5RiaqDb2ZMrHBSV+6OkVPD8EivQD7VYk8C1KKl1KDQgNv/rLSyuEo2LWvCV2lq8ym5F1X4Zo4abFbwR8XklVl4l1HKbZMcaFZczA/d+C4Y8D3iBXp0y73SJlQGjTEyRCBu8s5OUDTZ2AQLjAB293lLmOW4LzP+s/t2cmgcqYSeOaEW9bE40HLNjGeOV106T1QNRoj1ZJQw04vN0FcDx57+6zsfGKBU4/2KQ6TO6z/tLEvOCf+6iyRlBTjJgPwClqZyFMgsQoOAY78aK2UXS5XaEZOU15PJuPPcFop38jqY7U+BZV4USatK6hEhrGbN76HR14ndI5Gmpg5HwrW6Mji107xYD3ENSmfreXfqFTyseJvOGF6qKXeOBmu69GMdmFap/+0Y/SrCrIyGY6i9uIi5/qhi61CXXgRrRe95RQqJvyaa+QaoGkA50AmljAp1vBORGmcuEAxvkQaQ21Fm/3VEn2qdA/LXygN1U6/a3iUHndbdkNP+Pqufm0xeHRJAH1hHONdgVvDVKtBfZG4qUm1956NLcoaPdbjiNiufnUg5KLjtOipPXxOCZPY6zdkrUFdPXDNYsFgyuXQQleZ996d0/tdc6JHEzjPCQPtyf7duRItSiMuKp3hLdEpxFPS3GHAyXttRkqKVAU86EDKPAE7hMoaD1kk5brJvsWlS4E2e45SMMxhxmrCnHaxQGuNJIrm8LEJtG5U58lKBhMOP0jKNmg1lH6n6tSGERONaIAMCADs=) no-repeat;">
+               <h2>CIS Ubuntu Linux 14.04 LTS Benchmark v2.0.0</h2>
+               <ul>
+                  <li>Level 1 - Server</li>
+                  <li>Tuesday, November 19 2019 23:28:14</li>
+                  <li>
+                     Assessment Duration: 
+                     1 minute, 49 seconds</li>
+               </ul>
+            </div>
+            <div class="introFooter">
+               <p>Report generated by the Center for Internet Security's Configuration Assessment Tool
+                  (CIS-CAT Pro Assessor)  v4.0.12. </p>
+               <p> For further information, please visit <a href="http://benchmarks.cisecurity.org">The Center for Internet Security</a> or send an e-mail to <a href="mailto:feedback@cisecurity.org">feedback@cisecurity.org</a>. </p>
+               <p>Copyright ©2019, The Center for Internet Security</p>
+               <p>Content generated on 11/19/2019 23:30 P.M.. Content last obtained on 10/31/2019 02:02 AM</p>
+            </div>
+         </div>
+         <div id="detailsContainer">
+            <div id="summary">
+               <h2 class="sectionTitle">Summary</h2>
+               <table width="100%">
+                  <col align="left"></col>
+                  <col align="center"></col>
+                  <thead>
+                     <tr>
+                        <th rowspan="2">Description</th>
+                        <th colspan="4">Tests</th>
+                        <th colspan="3" title="urn:xccdf:scoring:flat">Scoring</th>
+                     </tr>
+                     <tr>
+                        <th class="pass fixed" title="Pass">Pass</th>
+                        <th class="fail" title="Fail">Fail</th>
+                        <th class="error" title="Error">Error</th>
+                        <th class="unknown" title="Unknown">Unkn.</th>
+                        <th>Score</th>
+                        <th>Max</th>
+                        <th>Percent</th>
+                     </tr>
+                  </thead>
+                  <tbody>
+                     <tr>
+                        <td id="summary-d1e1436" class="group  sub0">1 <a href="#checklist-d1e1436">Initial Setup</a></td>
+                        <td class="numeric  sub0">16</td>
+                        <td class="numeric  sub0">13</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">16.0</td>
+                        <td class="numeric  sub0">29.0</td>
+                        <td class="numeric  sub0">55%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e1442" class="group  sub1">1.1 <a href="#checklist-d1e1442">Filesystem Configuration</a></td>
+                        <td class="numeric  sub1">11</td>
+                        <td class="numeric  sub1">8</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">11.0</td>
+                        <td class="numeric  sub1">19.0</td>
+                        <td class="numeric  sub1">58%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e1463" class="group  sub2">1.1.1 <a href="#checklist-d1e1463">Disable unused filesystems</a></td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">8</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">8.0</td>
+                        <td class="numeric  sub2">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2577" class="group  sub1">1.2 <a href="#checklist-d1e2577">Configure Software Updates</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2613" class="group  sub1">1.3 <a href="#checklist-d1e2613">Filesystem Integrity Checking</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">2.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2698" class="group  sub1">1.4 <a href="#checklist-d1e2698">Secure Boot Settings</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">2.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2820" class="group  sub1">1.5 <a href="#checklist-d1e2820">Additional Process Hardening</a></td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">2.0</td>
+                        <td class="numeric  sub1">3.0</td>
+                        <td class="numeric  sub1">67%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2957" class="group  sub1">1.6 <a href="#checklist-d1e2957">Mandatory Access Control</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e2967" class="group  sub2">1.6.1 <a href="#checklist-d1e2967">Configure SELinux</a></td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e3194" class="group  sub2">1.6.2 <a href="#checklist-d1e3194">Configure AppArmor</a></td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e3309" class="group  sub1">1.7 <a href="#checklist-d1e3309">Warning Banners</a></td>
+                        <td class="numeric  sub1">3</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">3.0</td>
+                        <td class="numeric  sub1">3.0</td>
+                        <td class="numeric  sub1">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e3322" class="group  sub2">1.7.1 <a href="#checklist-d1e3322">Command Line Warning Banners</a></td>
+                        <td class="numeric  sub2">2</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e3729" class="group  sub0">2 <a href="#checklist-d1e3729">Services</a></td>
+                        <td class="numeric  sub0">29</td>
+                        <td class="numeric  sub0">4</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">29.0</td>
+                        <td class="numeric  sub0">33.0</td>
+                        <td class="numeric  sub0">88%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e3735" class="group  sub1">2.1 <a href="#checklist-d1e3735">inetd Services</a></td>
+                        <td class="numeric  sub1">10</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">10.0</td>
+                        <td class="numeric  sub1">10.0</td>
+                        <td class="numeric  sub1">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e4221" class="group  sub1">2.2 <a href="#checklist-d1e4221">Special Purpose Services</a></td>
+                        <td class="numeric  sub1">15</td>
+                        <td class="numeric  sub1">3</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">15.0</td>
+                        <td class="numeric  sub1">18.0</td>
+                        <td class="numeric  sub1">83%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e4227" class="group  sub2">2.2.1 <a href="#checklist-d1e4227">Time Synchronization</a></td>
+                        <td class="numeric  sub2">2</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e4796" class="group  sub1">2.3 <a href="#checklist-d1e4796">Service Clients</a></td>
+                        <td class="numeric  sub1">4</td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">4.0</td>
+                        <td class="numeric  sub1">5.0</td>
+                        <td class="numeric  sub1">80%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e4974" class="group  sub0">3 <a href="#checklist-d1e4974">Network Configuration</a></td>
+                        <td class="numeric  sub0">12</td>
+                        <td class="numeric  sub0">7</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">12.0</td>
+                        <td class="numeric  sub0">19.0</td>
+                        <td class="numeric  sub0">63%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e4980" class="group  sub1">3.1 <a href="#checklist-d1e4980">Network Parameters (Host Only)</a></td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">1.0</td>
+                        <td class="numeric  sub1">2.0</td>
+                        <td class="numeric  sub1">50%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e5055" class="group  sub1">3.2 <a href="#checklist-d1e5055">Network Parameters (Host and Router)</a></td>
+                        <td class="numeric  sub1">6</td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">6.0</td>
+                        <td class="numeric  sub1">8.0</td>
+                        <td class="numeric  sub1">75%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e5360" class="group  sub1">3.3 <a href="#checklist-d1e5360">IPv6</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e5482" class="group  sub1">3.4 <a href="#checklist-d1e5482">TCP Wrappers</a></td>
+                        <td class="numeric  sub1">4</td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">4.0</td>
+                        <td class="numeric  sub1">5.0</td>
+                        <td class="numeric  sub1">80%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e5684" class="group  sub1">3.5 <a href="#checklist-d1e5684">Uncommon Network Protocols</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e5796" class="group  sub1">3.6 <a href="#checklist-d1e5796">Firewall Configuration</a></td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">3</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">1.0</td>
+                        <td class="numeric  sub1">4.0</td>
+                        <td class="numeric  sub1">25%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e6045" class="group  sub0">4 <a href="#checklist-d1e6045">Logging and Auditing</a></td>
+                        <td class="numeric  sub0">5</td>
+                        <td class="numeric  sub0">2</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">5.0</td>
+                        <td class="numeric  sub0">7.0</td>
+                        <td class="numeric  sub0">71%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e6089" class="group  sub1">4.1 <a href="#checklist-d1e6089">Configure System Accounting (auditd)</a></td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0.0</td>
+                        <td class="numeric  sub1">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e6117" class="group  sub2">4.1.1 <a href="#checklist-d1e6117">Configure Data Retention</a></td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0.0</td>
+                        <td class="numeric  sub2">0%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e7242" class="group  sub1">4.2 <a href="#checklist-d1e7242">Configure Logging</a></td>
+                        <td class="numeric  sub1">5</td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">5.0</td>
+                        <td class="numeric  sub1">7.0</td>
+                        <td class="numeric  sub1">71%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e7248" class="group  sub2">4.2.1 <a href="#checklist-d1e7248">Configure rsyslog</a></td>
+                        <td class="numeric  sub2">2</td>
+                        <td class="numeric  sub2">1</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">3.0</td>
+                        <td class="numeric  sub2">67%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e7519" class="group  sub2">4.2.2 <a href="#checklist-d1e7519">Configure syslog-ng</a></td>
+                        <td class="numeric  sub2">2</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">2.0</td>
+                        <td class="numeric  sub2">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e7854" class="group  sub0">5 <a href="#checklist-d1e7854">Access, Authentication and Authorization</a></td>
+                        <td class="numeric  sub0">9</td>
+                        <td class="numeric  sub0">25</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">9.0</td>
+                        <td class="numeric  sub0">34.0</td>
+                        <td class="numeric  sub0">26%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e7859" class="group  sub1">5.1 <a href="#checklist-d1e7859">Configure cron</a></td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">7</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">1.0</td>
+                        <td class="numeric  sub1">8.0</td>
+                        <td class="numeric  sub1">12%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e8180" class="group  sub1">5.2 <a href="#checklist-d1e8180">SSH Server Configuration</a></td>
+                        <td class="numeric  sub1">5</td>
+                        <td class="numeric  sub1">10</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">5.0</td>
+                        <td class="numeric  sub1">15.0</td>
+                        <td class="numeric  sub1">33%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e8770" class="group  sub1">5.3 <a href="#checklist-d1e8770">Configure PAM</a></td>
+                        <td class="numeric  sub1">1</td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">1.0</td>
+                        <td class="numeric  sub1">3.0</td>
+                        <td class="numeric  sub1">33%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e9021" class="group  sub1">5.4 <a href="#checklist-d1e9021">User Accounts and Environment</a></td>
+                        <td class="numeric  sub1">2</td>
+                        <td class="numeric  sub1">5</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">2.0</td>
+                        <td class="numeric  sub1">7.0</td>
+                        <td class="numeric  sub1">29%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e9027" class="group  sub2">5.4.1 <a href="#checklist-d1e9027">Set Shadow Password Suite Parameters</a></td>
+                        <td class="numeric  sub2">1</td>
+                        <td class="numeric  sub2">3</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">0</td>
+                        <td class="numeric  sub2">1.0</td>
+                        <td class="numeric  sub2">4.0</td>
+                        <td class="numeric  sub2">25%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e9482" class="group  sub0">6 <a href="#checklist-d1e9482">System Maintenance</a></td>
+                        <td class="numeric  sub0">28</td>
+                        <td class="numeric  sub0">3</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">0</td>
+                        <td class="numeric  sub0">28.0</td>
+                        <td class="numeric  sub0">31.0</td>
+                        <td class="numeric  sub0">90%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e9488" class="group  sub1">6.1 <a href="#checklist-d1e9488">System File Permissions</a></td>
+                        <td class="numeric  sub1">11</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">11.0</td>
+                        <td class="numeric  sub1">11.0</td>
+                        <td class="numeric  sub1">100%</td>
+                     </tr>
+                     <tr>
+                        <td id="summary-d1e9901" class="group  sub1">6.2 <a href="#checklist-d1e9901">User and Group Settings</a></td>
+                        <td class="numeric  sub1">17</td>
+                        <td class="numeric  sub1">3</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">0</td>
+                        <td class="numeric  sub1">17.0</td>
+                        <td class="numeric  sub1">20.0</td>
+                        <td class="numeric  sub1">85%</td>
+                     </tr>
+                     <tr>
+                        <th class="group" align="right">Total</th>
+                        <td class="numeric bold">99</td>
+                        <td class="numeric bold">54</td>
+                        <td class="numeric bold">0</td>
+                        <td class="numeric bold">0</td>
+                        <td class="numeric bold">99.0</td>
+                        <td class="numeric bold">153.0</td>
+                        <td class="numeric bold">65%</td>
+                     </tr>
+                  </tbody>
+               </table>
+               <p class="caption"><b>Note</b>: Actual scores are subject to rounding errors. The sum of these values may not result
+                  in the exact overall score.</p>
+            </div>
+            <div id="profiles" class="profiles">
+               <h2 class="sectionTitle">Profiles</h2>
+               <p>This benchmark contains 4 profiles.The <span class="bold">Level 1 - Server</span> profile  was used for this assessment.</p>
+               <table class="profile" width="100%">
+                  <thead>
+                     <tr>
+                        <th width="20%">Title</th>
+                        <th width="80%">Description</th>
+                     </tr>
+                  </thead>
+                  <tbody>
+                     <tr valign="top" class=" selected-row">
+                        <td>Level 1 - Server</td>
+                        <td>
+                           <p>Items in this profile intend to:</p>
+                           <ul>
+                              <li>be practical and prudent;</li>
+                              <li>provide a clear security benefit; and</li>
+                              <li>not inhibit the utility of the technology beyond acceptable means.</li>
+                           </ul>
+                           <p>This profile is intended for servers.</p>
+                           <div class="profile-action"><span class="action" id="d1e64_xml_button" onclick="switchState('d1e64_xml'); return false;">Show</span><span class="caption"> Profile XML</span></div>
+                           <div class="xml" id="d1e64_xml">
+                              <pre>&lt;Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:sce="http://open-scap.org/page/SCE_xccdf_stream"
+         xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog"
+         xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+         xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+         xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+         id="xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server"&gt;
+   &lt;title xml:lang="en"&gt;Level 1 - Server&lt;/title&gt;
+   &lt;description xml:lang="en"&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;Items in this profile intend to:&lt;/p&gt;
+      &lt;ul xmlns="http://www.w3.org/1999/xhtml"&gt;
+         &lt;li&gt;be practical and prudent;&lt;/li&gt;
+         &lt;li&gt;provide a clear security benefit; and&lt;/li&gt;
+         &lt;li&gt;not inhibit the utility of the technology beyond acceptable means.&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile is intended for servers.&lt;/p&gt;
+   &lt;/description&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.8_Ensure_mounting_of_FAT_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.17_Ensure_nodev_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.18_Ensure_nosuid_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.19_Ensure_noexec_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.21_Disable_Automounting"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_Ensure_package_manager_repositories_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_Ensure_GPG_keys_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.3_Ensure_authentication_required_for_single_user_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.8_Ensure_updates_patches_and_additional_security_software_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_Ensure_X_Window_System_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_Ensure_CUPS_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.4_Ensure_outbound_and_established_connections_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.7_Ensure_wireless_interfaces_are_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.5_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts."
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.4_Ensure_syslog-ng_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.5_Ensure_remote_syslog-ng_messages_are_only_accepted_on_designated_log_hosts"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.3_Ensure_logrotate_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.5_Ensure_root_login_is_restricted_to_system_console"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.13_Audit_SUID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.14_Audit_SGID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty"
+           selected="true"/&gt;
+&lt;/Profile&gt;
+</pre>
+                           </div><script type="text/javascript">setState('d1e64_xml', false);</script></td>
+                     </tr>
+                     <tr valign="top" class="">
+                        <td>Level 2 - Server</td>
+                        <td>
+                           <p>This profile extends the "Level 1 - Server" profile. Items in this profile exhibit
+                              one or more of the following characteristics:</p>
+                           <ul>
+                              <li>are intended for environments or use cases where security is paramount.</li>
+                              <li>acts as defense in depth measure.</li>
+                              <li>may negatively inhibit the utility or performance of the technology.</li>
+                           </ul>
+                           <p>This profile is intended for servers.</p>
+                           <div class="profile-action"><span class="action" id="d1e277_xml_button" onclick="switchState('d1e277_xml'); return false;">Show</span><span class="caption"> Profile XML</span></div>
+                           <div class="xml" id="d1e277_xml">
+                              <pre>&lt;Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:sce="http://open-scap.org/page/SCE_xccdf_stream"
+         xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog"
+         xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+         xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+         xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+         id="xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server"&gt;
+   &lt;title xml:lang="en"&gt;Level 2 - Server&lt;/title&gt;
+   &lt;description xml:lang="en"&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile extends the "Level 1 - Server" profile. Items in this profile exhibit one or more of the following characteristics:&lt;/p&gt;
+      &lt;ul xmlns="http://www.w3.org/1999/xhtml"&gt;
+         &lt;li&gt;are intended for environments or use cases where security is paramount.&lt;/li&gt;
+         &lt;li&gt;acts as defense in depth measure.&lt;/li&gt;
+         &lt;li&gt;may negatively inhibit the utility or performance of the technology.&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile is intended for servers.&lt;/p&gt;
+   &lt;/description&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.8_Ensure_mounting_of_FAT_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_Ensure_separate_partition_exists_for_tmp"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_Ensure_separate_partition_exists_for_var"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_Ensure_separate_partition_exists_for_vartmp"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.10_Ensure_separate_partition_exists_for_varlog"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.11_Ensure_separate_partition_exists_for_varlogaudit"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.12_Ensure_separate_partition_exists_for_home"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.17_Ensure_nodev_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.18_Ensure_nosuid_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.19_Ensure_noexec_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.21_Disable_Automounting"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_Ensure_package_manager_repositories_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_Ensure_GPG_keys_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.3_Ensure_authentication_required_for_single_user_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.1_Ensure_SELinux_is_not_disabled_in_bootloader_configuration"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.2_Ensure_the_SELinux_state_is_enforcing"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.3_Ensure_SELinux_policy_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.4_Ensure_no_unconfined_daemons_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.2.1_Ensure_AppArmor_is_not_disabled_in_bootloader_configuration"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.2.2_Ensure_all_AppArmor_Profiles_are_enforcing"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.3_Ensure_SELinux_or_AppArmor_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.8_Ensure_updates_patches_and_additional_security_software_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_Ensure_X_Window_System_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_Ensure_CUPS_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.4_Ensure_outbound_and_established_connections_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.7_Ensure_wireless_interfaces_are_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.1_Ensure_audit_log_storage_size_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.2_Ensure_system_is_disabled_when_audit_logs_are_full"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.3_Ensure_audit_logs_are_not_automatically_deleted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.2_Ensure_auditd_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.4_Ensure_events_that_modify_date_and_time_information_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.5_Ensure_events_that_modify_usergroup_information_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.6_Ensure_events_that_modify_the_systems_network_environment_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.7_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.8_Ensure_login_and_logout_events_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.9_Ensure_session_initiation_information_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.10_Ensure_discretionary_access_control_permission_modification_events_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.11_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.12_Ensure_use_of_privileged_commands_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.13_Ensure_successful_file_system_mounts_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.14_Ensure_file_deletion_events_by_users_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.15_Ensure_changes_to_system_administration_scope_sudoers_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.16_Ensure_system_administrator_actions_sudolog_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.17_Ensure_kernel_module_loading_and_unloading_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.18_Ensure_the_audit_configuration_is_immutable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.5_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts."
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.4_Ensure_syslog-ng_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.5_Ensure_remote_syslog-ng_messages_are_only_accepted_on_designated_log_hosts"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.3_Ensure_logrotate_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.5_Ensure_root_login_is_restricted_to_system_console"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.1_Audit_system_file_permissions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.13_Audit_SUID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.14_Audit_SGID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty"
+           selected="true"/&gt;
+&lt;/Profile&gt;
+</pre>
+                           </div><script type="text/javascript">setState('d1e277_xml', false);</script></td>
+                     </tr>
+                     <tr valign="top" class="">
+                        <td>Level 1 - Workstation</td>
+                        <td>
+                           <p>Items in this profile intend to:</p>
+                           <ul>
+                              <li>be practical and prudent;</li>
+                              <li>provide a clear security benefit; and</li>
+                              <li>not inhibit the utility of the technology beyond acceptable means.</li>
+                           </ul>
+                           <p>This profile is intended for workstations.</p>
+                           <div class="profile-action"><span class="action" id="d1e528_xml_button" onclick="switchState('d1e528_xml'); return false;">Show</span><span class="caption"> Profile XML</span></div>
+                           <div class="xml" id="d1e528_xml">
+                              <pre>&lt;Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:sce="http://open-scap.org/page/SCE_xccdf_stream"
+         xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog"
+         xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+         xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+         xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+         id="xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Workstation"&gt;
+   &lt;title xml:lang="en"&gt;Level 1 - Workstation&lt;/title&gt;
+   &lt;description xml:lang="en"&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;Items in this profile intend to:&lt;/p&gt;
+      &lt;ul xmlns="http://www.w3.org/1999/xhtml"&gt;
+         &lt;li&gt;be practical and prudent;&lt;/li&gt;
+         &lt;li&gt;provide a clear security benefit; and&lt;/li&gt;
+         &lt;li&gt;not inhibit the utility of the technology beyond acceptable means.&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile is intended for workstations.&lt;/p&gt;
+   &lt;/description&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.17_Ensure_nodev_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.18_Ensure_nosuid_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.19_Ensure_noexec_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_Ensure_package_manager_repositories_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_Ensure_GPG_keys_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.3_Ensure_authentication_required_for_single_user_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.8_Ensure_updates_patches_and_additional_security_software_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.4_Ensure_outbound_and_established_connections_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.5_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts."
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.4_Ensure_syslog-ng_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.5_Ensure_remote_syslog-ng_messages_are_only_accepted_on_designated_log_hosts"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.3_Ensure_logrotate_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.5_Ensure_root_login_is_restricted_to_system_console"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.13_Audit_SUID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.14_Audit_SGID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty"
+           selected="true"/&gt;
+&lt;/Profile&gt;
+</pre>
+                           </div><script type="text/javascript">setState('d1e528_xml', false);</script></td>
+                     </tr>
+                     <tr valign="top" class="">
+                        <td>Level 2 - Workstation</td>
+                        <td>
+                           <p>This profile extends the "Level 1 - Workstation" profile. Items in this profile exhibit
+                              one or more of the following characteristics:</p>
+                           <ul>
+                              <li>are intended for environments or use cases where security is paramount.</li>
+                              <li>acts as defense in depth measure.</li>
+                              <li>may negatively inhibit the utility or performance of the technology.</li>
+                           </ul>
+                           <p>This profile is intended for workstations.</p>
+                           <div class="profile-action"><span class="action" id="d1e736_xml_button" onclick="switchState('d1e736_xml'); return false;">Show</span><span class="caption"> Profile XML</span></div>
+                           <div class="xml" id="d1e736_xml">
+                              <pre>&lt;Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns:sce="http://open-scap.org/page/SCE_xccdf_stream"
+         xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog"
+         xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+         xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+         xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+         xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+         id="xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Workstation"&gt;
+   &lt;title xml:lang="en"&gt;Level 2 - Workstation&lt;/title&gt;
+   &lt;description xml:lang="en"&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile extends the "Level 1 - Workstation" profile. Items in this profile exhibit one or more of the following characteristics:&lt;/p&gt;
+      &lt;ul xmlns="http://www.w3.org/1999/xhtml"&gt;
+         &lt;li&gt;are intended for environments or use cases where security is paramount.&lt;/li&gt;
+         &lt;li&gt;acts as defense in depth measure.&lt;/li&gt;
+         &lt;li&gt;may negatively inhibit the utility or performance of the technology.&lt;/li&gt;
+      &lt;/ul&gt;
+      &lt;p xmlns="http://www.w3.org/1999/xhtml"&gt;This profile is intended for workstations.&lt;/p&gt;
+   &lt;/description&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.8_Ensure_mounting_of_FAT_filesystems_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_Ensure_separate_partition_exists_for_tmp"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_Ensure_separate_partition_exists_for_var"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_Ensure_separate_partition_exists_for_vartmp"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.10_Ensure_separate_partition_exists_for_varlog"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.11_Ensure_separate_partition_exists_for_varlogaudit"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.12_Ensure_separate_partition_exists_for_home"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.17_Ensure_nodev_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.18_Ensure_nosuid_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.19_Ensure_noexec_option_set_on_removable_media_partitions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.21_Disable_Automounting"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_Ensure_package_manager_repositories_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_Ensure_GPG_keys_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.4.3_Ensure_authentication_required_for_single_user_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.1_Ensure_SELinux_is_not_disabled_in_bootloader_configuration"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.2_Ensure_the_SELinux_state_is_enforcing"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.3_Ensure_SELinux_policy_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.1.4_Ensure_no_unconfined_daemons_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.2.1_Ensure_AppArmor_is_not_disabled_in_bootloader_configuration"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.2.2_Ensure_all_AppArmor_Profiles_are_enforcing"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.6.3_Ensure_SELinux_or_AppArmor_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_1.8_Ensure_updates_patches_and_additional_security_software_are_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_Ensure_CUPS_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.4_Ensure_outbound_and_established_connections_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_3.7_Ensure_wireless_interfaces_are_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.1_Ensure_audit_log_storage_size_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.2_Ensure_system_is_disabled_when_audit_logs_are_full"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.1.3_Ensure_audit_logs_are_not_automatically_deleted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.2_Ensure_auditd_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.3_Ensure_auditing_for_processes_that_start_prior_to_auditd_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.4_Ensure_events_that_modify_date_and_time_information_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.5_Ensure_events_that_modify_usergroup_information_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.6_Ensure_events_that_modify_the_systems_network_environment_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.7_Ensure_events_that_modify_the_systems_Mandatory_Access_Controls_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.8_Ensure_login_and_logout_events_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.9_Ensure_session_initiation_information_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.10_Ensure_discretionary_access_control_permission_modification_events_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.11_Ensure_unsuccessful_unauthorized_file_access_attempts_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.12_Ensure_use_of_privileged_commands_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.13_Ensure_successful_file_system_mounts_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.14_Ensure_file_deletion_events_by_users_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.15_Ensure_changes_to_system_administration_scope_sudoers_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.16_Ensure_system_administrator_actions_sudolog_are_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.17_Ensure_kernel_module_loading_and_unloading_is_collected"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.1.18_Ensure_the_audit_configuration_is_immutable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.5_Ensure_remote_rsyslog_messages_are_only_accepted_on_designated_log_hosts."
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.2_Ensure_logging_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.4_Ensure_syslog-ng_is_configured_to_send_logs_to_a_remote_log_host"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.5_Ensure_remote_syslog-ng_messages_are_only_accepted_on_designated_log_hosts"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_4.3_Ensure_logrotate_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.2_Ensure_lockout_for_failed_password_attempts_is_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.5_Ensure_root_login_is_restricted_to_system_console"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.1_Audit_system_file_permissions"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.13_Audit_SUID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.1.14_Audit_SGID_executables"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist"
+           selected="true"/&gt;
+   &lt;select idref="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty"
+           selected="true"/&gt;
+&lt;/Profile&gt;
+</pre>
+                           </div><script type="text/javascript">setState('d1e736_xml', false);</script></td>
+                     </tr>
+                  </tbody>
+               </table>
+               <div class="backtop"><a href="#top" title="back to top">⇧</a></div>
+            </div>
+            <div id="checklist">
+               <h2 class="sectionTitle">Assessment Results</h2>
+               <div class="outerDiv">
+                  <div class="innerDiv" id="toggleFailuresOnlyArea"><a href="#" onclick="hidePassAreas();return false;">Display Failures Only</a></div>
+               </div>
+               <table id="assessmentResultTable" width="100%">
+                  <thead>
+                     <tr>
+                        <th title="weight" class="serif">w</th>
+                        <th>Benchmark Item</th>
+                        <th>Result</th>
+                     </tr>
+                  </thead>
+                  <tbody>
+                     <tr>
+                        <td id="checklist-d1e1436" class="group sect" colspan="3"><a href="#detail-d1e1436">1 Initial Setup</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e1442" class="group sect" colspan="3"><a href="#detail-d1e1442">1.1 Filesystem Configuration</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e1463" class="group sect" colspan="3"><a href="#detail-d1e1463">1.1.1 Disable unused filesystems</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17785">1.1.1.1 Ensure mounting of cramfs filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17785"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17792">1.1.1.2 Ensure mounting of freevxfs filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17792"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17800">1.1.1.3 Ensure mounting of jffs2 filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17800"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17807">1.1.1.4 Ensure mounting of hfs filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17807"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17814">1.1.1.5 Ensure mounting of hfsplus filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17814"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17821">1.1.1.6 Ensure mounting of squashfs filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17821"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17828">1.1.1.7 Ensure mounting of udf filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17828"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17835">1.1.1.8 Ensure mounting of FAT filesystems is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17835"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17847">1.1.3 Ensure nodev option set on /tmp partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17847"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17852">1.1.4 Ensure nosuid option set on /tmp partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17852"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17868">1.1.7 Ensure nodev option set on /var/tmp partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17868"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17873">1.1.8 Ensure nosuid option set on /var/tmp partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17873"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17878">1.1.9 Ensure noexec option set on /var/tmp partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17878"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17898">1.1.13 Ensure nodev option set on /home partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17898"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17903">1.1.14 Ensure nodev option set on /run/shm partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17903"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17908">1.1.15 Ensure nosuid option set on /run/shm partitionrun</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17908"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17913">1.1.16 Ensure noexec option set on /run/shm partition</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17913"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17925">1.1.20 Ensure sticky bit is set on all world-writable directories</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17925"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17934">1.1.21 Disable Automounting</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17934"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2577" class="group sect" colspan="3"><a href="#detail-d1e2577">1.2 Configure Software Updates</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2613" class="group sect" colspan="3"><a href="#detail-d1e2613">1.3 Filesystem Integrity Checking</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17943">1.3.1 Ensure AIDE is installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17943"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17948">1.3.2 Ensure filesystem integrity is regularly checked</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17948"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2698" class="group sect" colspan="3"><a href="#detail-d1e2698">1.4 Secure Boot Settings</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17977">1.4.1 Ensure permissions on bootloader config are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17977"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17982">1.4.2 Ensure bootloader password is set</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17982"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2820" class="group sect" colspan="3"><a href="#detail-d1e2820">1.5 Additional Process Hardening</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e17995">1.5.1 Ensure core dumps are restricted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e17995"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18008">1.5.2 Ensure XD/NX support is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18008"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18014">1.5.3 Ensure address space layout randomization (ASLR) is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18014"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18020">1.5.4 Ensure prelink is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18020"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2957" class="group sect" colspan="3"><a href="#detail-d1e2957">1.6 Mandatory Access Control</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e2967" class="group sect" colspan="3"><a href="#detail-d1e2967">1.6.1 Configure SELinux</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e3194" class="group sect" colspan="3"><a href="#detail-d1e3194">1.6.2 Configure AppArmor</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e3309" class="group sect" colspan="3"><a href="#detail-d1e3309">1.7 Warning Banners</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e3322" class="group sect" colspan="3"><a href="#detail-d1e3322">1.7.1 Command Line Warning Banners</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18102">1.7.1.1 Ensure message of the day is configured properly</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18102"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18107">1.7.1.2 Ensure local login warning banner is configured properly</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18107"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18112">1.7.1.3 Ensure remote login warning banner is configured properly</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18112"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18117">1.7.1.4 Ensure permissions on /etc/motd are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18117"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18122">1.7.1.5 Ensure permissions on /etc/issue are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18122"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18127">1.7.1.6 Ensure permissions on /etc/issue.net are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18127"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18132">1.7.2 Ensure GDM login banner is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18132"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e3729" class="group sect" colspan="3"><a href="#detail-d1e3729">2 Services</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e3735" class="group sect" colspan="3"><a href="#detail-d1e3735">2.1 inetd Services</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18158">2.1.1 Ensure chargen services are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18158"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18163">2.1.2 Ensure daytime services are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18163"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18168">2.1.3 Ensure discard services are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18168"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18174">2.1.4 Ensure echo services are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18174"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18179">2.1.5 Ensure time services are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18179"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18184">2.1.6 Ensure rsh server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18184"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18203">2.1.7 Ensure talk server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18203"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18210">2.1.8 Ensure telnet server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18210"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18215">2.1.9 Ensure tftp server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18215"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18220">2.1.10 Ensure xinetd is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18220"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e4221" class="group sect" colspan="3"><a href="#detail-d1e4221">2.2 Special Purpose Services</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e4227" class="group sect" colspan="3"><a href="#detail-d1e4227">2.2.1 Time Synchronization</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18225">2.2.1.1 Ensure time synchronization is in use</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18225"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18232">2.2.1.2 Ensure ntp is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18232"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18252">2.2.1.3 Ensure chrony is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18252"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18260">2.2.2 Ensure X Window System is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18260"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18265">2.2.3 Ensure Avahi Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18265"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18270">2.2.4 Ensure CUPS is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18270"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18275">2.2.5 Ensure DHCP Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18275"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18282">2.2.6 Ensure LDAP server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18282"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18287">2.2.7 Ensure NFS and RPC are not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18287"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18294">2.2.8 Ensure DNS Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18294"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18299">2.2.9 Ensure FTP Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18299"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18304">2.2.10 Ensure HTTP server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18304"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18309">2.2.11 Ensure IMAP and POP3 server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18309"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18314">2.2.12 Ensure Samba is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18314"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18319">2.2.13 Ensure HTTP Proxy Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18319"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18325">2.2.14 Ensure SNMP Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18325"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18330">2.2.15 Ensure mail transfer agent is configured for local-only mode</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18330"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18335">2.2.16 Ensure rsync service is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18335"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18341">2.2.17 Ensure NIS Server is not enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18341"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e4796" class="group sect" colspan="3"><a href="#detail-d1e4796">2.3 Service Clients</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18346">2.3.1 Ensure NIS Client is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18346"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18351">2.3.2 Ensure rsh client is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18351"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18358">2.3.3 Ensure talk client is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18358"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18363">2.3.4 Ensure telnet client is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18363"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18368">2.3.5 Ensure LDAP client is not installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18368"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e4974" class="group sect" colspan="3"><a href="#detail-d1e4974">3 Network Configuration</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e4980" class="group sect" colspan="3"><a href="#detail-d1e4980">3.1 Network Parameters (Host Only)</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18373">3.1.1 Ensure IP forwarding is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18373"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18379">3.1.2 Ensure packet redirect sending is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18379"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e5055" class="group sect" colspan="3"><a href="#detail-d1e5055">3.2 Network Parameters (Host and Router)</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18389">3.2.1 Ensure source routed packets are not accepted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18389"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18398">3.2.2 Ensure ICMP redirects are not accepted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18398"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18407">3.2.3 Ensure secure ICMP redirects are not accepted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18407"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18416">3.2.4 Ensure suspicious packets are logged</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18416"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18425">3.2.5 Ensure broadcast ICMP requests are ignored</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18425"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18431">3.2.6 Ensure bogus ICMP responses are ignored</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18431"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18437">3.2.7 Ensure Reverse Path Filtering is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18437"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18446">3.2.8 Ensure TCP SYN Cookies is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18446"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e5360" class="group sect" colspan="3"><a href="#detail-d1e5360">3.3 IPv6</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18452">3.3.1 Ensure IPv6 router advertisements are not accepted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18452"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18465">3.3.2 Ensure IPv6 redirects are not accepted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18465"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18478">3.3.3 Ensure IPv6 is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18478"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e5482" class="group sect" colspan="3"><a href="#detail-d1e5482">3.4 TCP Wrappers</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18485">3.4.1 Ensure TCP Wrappers is installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18485"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18490">3.4.2 Ensure /etc/hosts.allow is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18490"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18495">3.4.3 Ensure /etc/hosts.deny is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18495"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18501">3.4.4 Ensure permissions on /etc/hosts.allow are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18501"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18506">3.4.5 Ensure permissions on /etc/hosts.deny are 644</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18506"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e5684" class="group sect" colspan="3"><a href="#detail-d1e5684">3.5 Uncommon Network Protocols</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18511">3.5.1 Ensure DCCP is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18511"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18518">3.5.2 Ensure SCTP is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18518"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18525">3.5.3 Ensure RDS is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18525"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><br></br></td>
+                        <td><a href="#detail-d1e18532">3.5.4 Ensure TIPC is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18532"><span class="informational">Informational</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e5796" class="group sect" colspan="3"><a href="#detail-d1e5796">3.6 Firewall Configuration</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18539">3.6.1 Ensure iptables is installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18539"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18544">3.6.2 Ensure default deny firewall policy</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18544"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18558">3.6.3 Ensure loopback traffic is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18558"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18573">3.6.5 Ensure firewall rules exist for all open ports</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18573"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e6045" class="group sect" colspan="3"><a href="#detail-d1e6045">4 Logging and Auditing</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e6089" class="group sect" colspan="3"><a href="#detail-d1e6089">4.1 Configure System Accounting (auditd)</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e6117" class="group sect" colspan="3"><a href="#detail-d1e6117">4.1.1 Configure Data Retention</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e7242" class="group sect" colspan="3"><a href="#detail-d1e7242">4.2 Configure Logging</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e7248" class="group sect" colspan="3"><a href="#detail-d1e7248">4.2.1 Configure rsyslog</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18817">4.2.1.1 Ensure rsyslog Service is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18817"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18826">4.2.1.3 Ensure rsyslog default file permissions configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18826"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18834">4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18834"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e7519" class="group sect" colspan="3"><a href="#detail-d1e7519">4.2.2 Configure syslog-ng</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18844">4.2.2.1 Ensure syslog-ng service is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18844"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18853">4.2.2.3 Ensure syslog-ng default file permissions configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18853"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18866">4.2.3 Ensure rsyslog or syslog-ng is installed</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18866"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18873">4.2.4 Ensure permissions on all logfiles are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18873"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e7854" class="group sect" colspan="3"><a href="#detail-d1e7854">5 Access, Authentication and Authorization</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e7859" class="group sect" colspan="3"><a href="#detail-d1e7859">5.1 Configure cron</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18880">5.1.1 Ensure cron daemon is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18880"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18885">5.1.2 Ensure permissions on /etc/crontab are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18885"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18890">5.1.3 Ensure permissions on /etc/cron.hourly are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18890"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18895">5.1.4 Ensure permissions on /etc/cron.daily are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18895"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18900">5.1.5 Ensure permissions on /etc/cron.weekly are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18900"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18905">5.1.6 Ensure permissions on /etc/cron.monthly are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18905"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18910">5.1.7 Ensure permissions on /etc/cron.d are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18910"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18916">5.1.8 Ensure at/cron is restricted to authorized users</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18916"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e8180" class="group sect" colspan="3"><a href="#detail-d1e8180">5.2 SSH Server Configuration</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18929">5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18929"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18934">5.2.2 Ensure SSH Protocol is set to 2</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18934"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18940">5.2.3 Ensure SSH LogLevel is set to INFO</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18940"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18946">5.2.4 Ensure SSH X11 forwarding is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18946"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18952">5.2.5 Ensure SSH MaxAuthTries is set to 4 or less</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18952"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18958">5.2.6 Ensure SSH IgnoreRhosts is enabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18958"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18964">5.2.7 Ensure SSH HostbasedAuthentication is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18964"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18970">5.2.8 Ensure SSH root login is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18970"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18976">5.2.9 Ensure SSH PermitEmptyPasswords is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18976"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18982">5.2.10 Ensure SSH PermitUserEnvironment is disabled</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18982"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18989">5.2.11 Ensure only approved MAC algorithms are used</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18989"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e18995">5.2.12 Ensure SSH Idle Timeout Interval is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e18995"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19004">5.2.13 Ensure SSH LoginGraceTime is set to one minute or less</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19004"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19010">5.2.14 Ensure SSH access is limited</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19010"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19016">5.2.15 Ensure SSH warning banner is configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19016"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e8770" class="group sect" colspan="3"><a href="#detail-d1e8770">5.3 Configure PAM</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19022">5.3.1 Ensure password creation requirements are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19022"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19053">5.3.3 Ensure password reuse is limited</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19053"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19059">5.3.4 Ensure password hashing algorithm is SHA-512</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19059"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e9021" class="group sect" colspan="3"><a href="#detail-d1e9021">5.4 User Accounts and Environment</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e9027" class="group sect" colspan="3"><a href="#detail-d1e9027">5.4.1 Set Shadow Password Suite Parameters</a></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19065">5.4.1.1 Ensure password expiration is 90 days or less</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19065"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19073">5.4.1.2 Ensure minimum days between password changes is 7 or more</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19073"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19082">5.4.1.3 Ensure password expiration warning days is 7 or more</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19082"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19090">5.4.1.4 Ensure inactive password lock is 30 days or less</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19090"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19098">5.4.2 Ensure system accounts are non-login</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19098"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19103">5.4.3 Ensure default group for the root account is GID 0</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19103"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19108">5.4.4 Ensure default user umask is 027 or more restrictive</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19108"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19125">5.6 Ensure access to the su command is restricted</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19125"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e9482" class="group sect" colspan="3"><a href="#detail-d1e9482">6 System Maintenance</a></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e9488" class="group sect" colspan="3"><a href="#detail-d1e9488">6.1 System File Permissions</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19133">6.1.2 Ensure permissions on /etc/passwd are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19133"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19138">6.1.3 Ensure permissions on /etc/shadow are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19138"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19142">6.1.4 Ensure permissions on /etc/group are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19142"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19148">6.1.5 Ensure permissions on /etc/gshadow are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19148"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19152">6.1.6 Ensure permissions on /etc/passwd- are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19152"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19157">6.1.7 Ensure permissions on /etc/shadow- are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19157"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19162">6.1.8 Ensure permissions on /etc/group- are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19162"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19167">6.1.9 Ensure permissions on /etc/gshadow- are configured</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19167"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19172">6.1.10 Ensure no world writable files exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19172"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19181">6.1.11 Ensure no unowned files or directories exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19181"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19190">6.1.12 Ensure no ungrouped files or directories exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19190"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr>
+                        <td id="checklist-d1e9901" class="group sect" colspan="3"><a href="#detail-d1e9901">6.2 User and Group Settings</a></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19203">6.2.1 Ensure password fields are not empty</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19203"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19210">6.2.2 Ensure no legacy "+" entries exist in /etc/passwd</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19210"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19215">6.2.3 Ensure no legacy "+" entries exist in /etc/shadow</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19215"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19220">6.2.4 Ensure no legacy "+" entries exist in /etc/group</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19220"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19225">6.2.5 Ensure root is the only UID 0 account</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19225"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19230">6.2.6 Ensure root PATH Integrity</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19230"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19240">6.2.7 Ensure all users' home directories exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19240"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19245">6.2.8 Ensure users' home directories permissions are 750 or more restrictive</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19245"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19250">6.2.9 Ensure users own their home directories</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19250"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19255">6.2.10 Ensure users' dot files are not group or world writable</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19255"><span class="fail">Fail</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19260">6.2.11 Ensure no users have .forward files</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19260"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19265">6.2.12 Ensure no users have .netrc files</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19265"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19271">6.2.13 Ensure users' .netrc Files are not group or world accessible</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19271"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19276">6.2.14 Ensure no users have .rhosts files</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19276"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19281">6.2.15 Ensure all groups in /etc/passwd exist in /etc/group</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19281"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19286">6.2.16 Ensure no duplicate UIDs exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19286"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19291">6.2.17 Ensure no duplicate GIDs exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19291"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19296">6.2.18 Ensure no duplicate user names exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19296"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19301">6.2.19 Ensure no duplicate group names exist</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19301"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                     <tr class="failuresOnlyArea tableVisible">
+                        <td><span class="weight">1.0</span></td>
+                        <td><a href="#detail-d1e19306">6.2.20 Ensure shadow group is empty</a></td>
+                        <td class="numeric"><span><a href="#detail-d1e19306"><span class="pass">Pass</span></a></span></td>
+                     </tr>
+                  </tbody>
+               </table>
+               <div class="backtop"><a href="#top" title="back to top">⇧</a></div>
+            </div>
+            <div id="assessmentDetailsArea">
+               <h2 class="sectionTitle">Assessment Details</h2>
+               <div id="front-matter"></div>
+               <div id="detail-d1e1436" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1_Initial_Setup">1 Initial Setup</h2>
+                  <div class="description">
+                     <p>Items in this section are advised for all systems, but may be difficult or require
+                        extensive preparation after the initial setup of the system.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e1442" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.1_Filesystem_Configuration">1.1 Filesystem Configuration</h2>
+                  <div class="description">
+                     <p>Directories that are used for system-wide functions can be further protected by placing
+                        them on separate partitions. This provides protection for resource exhaustion and
+                        enables the use of mounting options that are applicable to the directory's intended
+                        use. Users' data can be stored on separate partitions and have stricter mount options.
+                        A user partition is a filesystem that has been established for use by the users and
+                        does not contain software for system operations.</p>
+                     <p>The recommendations in this section are easier to perform during initial system installation.
+                        If the system is already installed, it is recommended that a full backup be performed
+                        before repartitioning the system.</p>
+                     <p></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        If you are repartitioning a system that has already been installed, make sure the
+                        data has been copied over to the new partition, unmount it and then remove the data
+                        from the directory that was in the old partition. Otherwise it will still consume
+                        space in the old partition that will be masked when the new filesystem is mounted.
+                        For example, if a system is in single-user mode with no filesystems mounted and the
+                        administrator adds a lot of data to the                                          
+                        <span class="inline_block">/tmp</span>
+                        
+                        
+                        
+                        directory, this data will still consume space in                                 
+                        <span class="inline_block">/</span>
+                        
+                        
+                        
+                        once the                                                         <span class="inline_block">/tmp</span>
+                        
+                        
+                        
+                        filesystem is mounted unless it is removed first.                                
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e1463" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.1.1_Disable_unused_filesystems">1.1.1 Disable unused filesystems</h2>
+                  <div class="description">
+                     <p>A number of uncommon filesystem types are supported under Linux. Removing support
+                        for unneeded filesystem types reduces the local attack surface of the system. If a
+                        filesystem type is not needed it should be disabled. Native Linux file systems are
+                        designed to ensure that built-in security controls function as expected. Non-native
+                        filesystems can lead to unexpected consequences to both the security and functionality
+                        of the system and should be used with caution. Many filesystems are created for niche
+                        use cases and are not maintained and supported as the operating systems are updated
+                        and patched. Users of non-native filesystems should ensure that there is attention
+                        and ongoing support for them, especially in light of frequent operating system changes.</p>
+                     <p>Standard network connectivity and Internet access to cloud storage may make the use
+                        of non-standard filesystem formats to directly attach heterogeneous devices much less
+                        attractive.</p>
+                     <p></p>
+                     <p><strong>Note</strong>
+                        
+                        
+                        
+                        : This should not be considered a comprehensive list of filesystems. You may wish
+                        to consider additions to those listed here for your environment.                 
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e17785" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled">1.1.1.1 Ensure mounting of cramfs filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">cramfs </span>
+                        
+                        
+                        
+                        filesystem type is a compressed read-only Linux filesystem embedded in small footprint
+                        systems. A                                                                       
+                        <span class="inline_block">cramfs </span>
+                        
+                        
+                        
+                        image can be used without having to first decompress the image.                  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the server. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install cramfs /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17785" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of cramfs filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of cramfs filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17785_xml_result_button" onclick="switchState('d1e17785_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17785_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.1_Ensure_mounting_of_cramfs_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.424-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1002"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1003"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17785_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17792" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled">1.1.1.2 Ensure mounting of freevxfs filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">freevxfs </span>
+                        
+                        
+                        
+                        filesystem type is a free version of the Veritas type filesystem. This is the primary
+                        filesystem type for HP-UX operating systems.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install freevxfs /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17792" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of freevxfs filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of freevxfs filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17792_xml_result_button" onclick="switchState('d1e17792_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17792_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.2_Ensure_mounting_of_freevxfs_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.425-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1004"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1005"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17792_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17800" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled">1.1.1.3 Ensure mounting of jffs2 filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">jffs2 </span>
+                        
+                        
+                        
+                        (journaling flash filesystem 2) filesystem type is a log-structured filesystem used
+                        in flash memory devices.                                                         
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install jffs2 /bin/true </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17800" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of jffs2 filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of jffs2 filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17800_xml_result_button" onclick="switchState('d1e17800_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17800_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.3_Ensure_mounting_of_jffs2_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.427-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1006"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1007"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17800_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17807" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled">1.1.1.4 Ensure mounting of hfs filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">hfs </span>
+                        
+                        
+                        
+                        filesystem type is a hierarchical filesystem that allows you to mount Mac OS filesystems.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install hfs /bin/true </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17807" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of hfs filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of hfs filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17807_xml_result_button" onclick="switchState('d1e17807_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17807_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.4_Ensure_mounting_of_hfs_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.430-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1008"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1009"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17807_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17814" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled">1.1.1.5 Ensure mounting of hfsplus filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">hfsplus </span>
+                        
+                        
+                        
+                        filesystem type is a hierarchical filesystem designed to replace                 
+                        <span class="inline_block">hfs </span>
+                        
+                        
+                        
+                        that allows you to mount Mac OS filesystems.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install hfsplus /bin/true </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17814" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of hfsplus filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of hfsplus filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17814_xml_result_button" onclick="switchState('d1e17814_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17814_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.5_Ensure_mounting_of_hfsplus_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.432-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1010"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1011"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17814_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17821" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled">1.1.1.6 Ensure mounting of squashfs filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">squashfs </span>
+                        
+                        
+                        
+                        filesystem type is a compressed read-only Linux filesystem embedded in small footprint
+                        systems (similar to                                                              
+                        <span class="inline_block">cramfs</span>
+                        
+                        
+                        
+                        ). A                                                                         <span class="inline_block">squashfs </span>
+                        
+                        
+                        
+                        image can be used without having to first decompress the image.                  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install squashfs /bin/true </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17821" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of squashfs filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of squashfs filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17821_xml_result_button" onclick="switchState('d1e17821_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17821_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.6_Ensure_mounting_of_squashfs_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.433-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1012"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1013"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17821_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17828" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled">1.1.1.7 Ensure mounting of udf filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">udf </span>
+                        
+                        
+                        
+                        filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167
+                        specifications. This is an open vendor filesystem type for data storage on a broad
+                        range of media. This filesystem type is necessary to support writing DVDs and newer
+                        optical disc formats.                                                            
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install udf /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17828" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of udf filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of udf filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17828_xml_result_button" onclick="switchState('d1e17828_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17828_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.7_Ensure_mounting_of_udf_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.434-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1014"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1015"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17828_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17835" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.1.8_Ensure_mounting_of_FAT_filesystems_is_disabled">1.1.1.8 Ensure mounting of FAT filesystems is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">FAT </span>
+                        
+                        
+                        
+                        filesystem format is primarily used on older windows systems and portable USB drives
+                        or flash modules. It comes in three types                                        
+                        <span class="inline_block">FAT12</span>
+                        
+                        
+                        
+                        ,                                                                         <span class="inline_block">FAT16</span>
+                        
+                        
+                        
+                        , and                                                                         <span class="inline_block">FAT32</span>
+                        
+                        
+                        
+                        all of which are supported by the                                                
+                        <span class="inline_block">vfat</span>
+                        
+                        
+                        
+                        kernel module.                                                                </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Removing support for unneeded filesystem types reduces the local attack surface of
+                        the system. If this filesystem type is not needed, disable it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install vfat /bin/true</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>FAT filesystems are often used on portable USB sticks and other flash media are commonly
+                                 used to transfer files between workstations, removing VFAT support may prevent the
+                                 ability to transfer files in this way.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17835" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of FAT filesystems is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mounting of FAT filesystems is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17835_xml_result_button" onclick="switchState('d1e17835_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17835_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1.8_Ensure_mounting_of_FAT_filesystems_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.435-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1016"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1017"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17835_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1463" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17847" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition">1.1.3 Ensure nodev option set on /tmp partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nodev </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain special devices.       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/tmp </span>
+                        
+                        
+                        
+                        filesystem is not intended to support devices, set this option to ensure that users
+                        cannot attempt to create block or character special devices in                   
+                        <span class="inline_block">/tmp</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nodev </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/tmp</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/tmp</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nodev /tmp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17847" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nodev option set on /tmp partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17847_xml_result_button" onclick="switchState('d1e17847_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17847_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_Ensure_nodev_option_set_on_tmp_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.436-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1019"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17847_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17852" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition">1.1.4 Ensure nosuid option set on /tmp partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nosuid </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain                        
+                        <span class="inline_block">setuid</span>
+                        
+                        
+                        
+                        files.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/tmp </span>
+                        
+                        
+                        
+                        filesystem is only intended for temporary file storage, set this option to ensure
+                        that users cannot create                                                         
+                        <span class="inline_block">setuid</span>
+                        
+                        
+                        
+                        files in                                                                 <span class="inline_block">/tmp</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab</span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nosuid </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/tmp</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/tmp</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nosuid /tmp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17852" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nosuid option set on /tmp partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17852_xml_result_button" onclick="switchState('d1e17852_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17852_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_Ensure_nosuid_option_set_on_tmp_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.436-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1020"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17852_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17868" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition">1.1.7 Ensure nodev option set on /var/tmp partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nodev </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain special devices.       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/var/tmp </span>
+                        
+                        
+                        
+                        filesystem is not intended to support devices, set this option to ensure that users
+                        cannot attempt to create block or character special devices in                   
+                        <span class="inline_block">/var/tmp</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nodev </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nodev /var/tmp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17868" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nodev option set on /var/tmp partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17868_xml_result_button" onclick="switchState('d1e17868_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17868_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.7_Ensure_nodev_option_set_on_vartmp_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.437-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1023"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17868_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17873" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition">1.1.8 Ensure nosuid option set on /var/tmp partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nosuid </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain                        
+                        <span class="inline_block">setuid</span>
+                        
+                        
+                        
+                        files.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/var/tmp </span>
+                        
+                        
+                        
+                        filesystem is only intended for temporary file storage, set this option to ensure
+                        that users cannot create                                                         
+                        <span class="inline_block">setuid</span>
+                        
+                        
+                        
+                        files in                                                                 <span class="inline_block">/var/tmp</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab</span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nosuid </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nosuid /var/tmp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17873" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nosuid option set on /var/tmp partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17873_xml_result_button" onclick="switchState('d1e17873_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17873_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.8_Ensure_nosuid_option_set_on_vartmp_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.438-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1024"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17873_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17878" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition">1.1.9 Ensure noexec option set on /var/tmp partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">noexec </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain executable binaries.   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/var/tmp</span>
+                        
+                        
+                        
+                        filesystem is only intended for temporary file storage, set this option to ensure
+                        that users cannot run executable binaries from                                   
+                        <span class="inline_block">/var/tmp</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">noexec </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/var/tmp</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,noexec /var/tmp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17878" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure noexec option set on /var/tmp partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17878_xml_result_button" onclick="switchState('d1e17878_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17878_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.9_Ensure_noexec_option_set_on_vartmp_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.438-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1025"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17878_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17898" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition">1.1.13 Ensure nodev option set on /home partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nodev </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain special devices.       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Since the user partitions are not intended to support devices, set this option to
+                        ensure that users cannot attempt to create block or character special devices.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nodev </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/home</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p><code class="code_block"># mount -o remount,nodev /home </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17898" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nodev option set on /home partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17898_xml_result_button" onclick="switchState('d1e17898_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17898_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.13_Ensure_nodev_option_set_on_home_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.439-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1029"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17898_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17903" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition">1.1.14 Ensure nodev option set on /run/shm partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nodev </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain special devices.       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Since the                                                                 <span class="inline_block">/run/shm </span>
+                        
+                        
+                        
+                        filesystem is not intended to support devices, set this option to ensure that users
+                        cannot attempt to create special devices in                                      
+                        <span class="inline_block">/run/shm </span>
+                        
+                        
+                        
+                        partitions.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nodev </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nodev /run/shm</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17903" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nodev option set on /run/shm partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17903_xml_result_button" onclick="switchState('d1e17903_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17903_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.14_Ensure_nodev_option_set_on_runshm_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.439-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1030"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17903_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17908" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun">1.1.15 Ensure nosuid option set on /run/shm partitionrun</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">nosuid </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain                        
+                        <span class="inline_block">setuid</span>
+                        
+                        
+                        
+                        files.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting this option on a file system prevents users from introducing privileged programs
+                        onto the system and allowing non-root users to execute them.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">nosuid </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,nosuid /run/shm</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17908" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure nosuid option set on /run/shm partitionrun</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17908_xml_result_button" onclick="switchState('d1e17908_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17908_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.15_Ensure_nosuid_option_set_on_runshm_partitionrun"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.440-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1031"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17908_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17913" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition">1.1.16 Ensure noexec option set on /run/shm partition</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">noexec </span>
+                        
+                        
+                        
+                        mount option specifies that the filesystem cannot contain executable binaries.   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting this option on a file system prevents users from executing programs from shared
+                        memory. This deters users from introducing potentially malicious software on the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/fstab </span>
+                              
+                              
+                              
+                              file and add                                                                     
+                              <span class="inline_block">noexec </span>
+                              
+                              
+                              
+                              to the fourth field (mounting options) for the                                   
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              partition. See the                                                               
+                              <span class="inline_block">fstab(5) </span>
+                              
+                              
+                              
+                              manual page for more information.                                                
+                              </p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to remount                                             
+                              <span class="inline_block">/run/shm</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># mount -o remount,noexec /run/shm</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17913" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure noexec option set on /run/shm partition</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17913_xml_result_button" onclick="switchState('d1e17913_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17913_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.16_Ensure_noexec_option_set_on_runshm_partition"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.440-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1032"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17913_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17925" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories">1.1.20 Ensure sticky bit is set on all world-writable directories</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Setting the sticky bit on world writable directories prevents users from deleting
+                        or renaming files in that directory that are not owned by them.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        This feature prevents the ability to delete or rename files in world writable directories
+                        (such as                                                                 <span class="inline_block">/tmp</span>
+                        
+                        
+                        
+                        ) that are owned by another user.                                                
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to set the sticky bit on all world writable directories:</p><code class="code_block"># df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type
+                              d -perm -0002 2&gt;/dev/null | chmod a+t</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17925" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Script: sce/world_writable_dirs_sticky.sh</td>
+                           <td>Exit Code: 101</td>
+                           <td class="Rule pass">pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17925_xml_result_button" onclick="switchState('d1e17925_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17925_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.20_Ensure_sticky_bit_is_set_on_all_world-writable_directories"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.441-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://open-scap.org/page/SCE"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="sce/world_writable_dirs_sticky.sh"/&gt;
+      &lt;check-content&gt;
+         &lt;command_result script="C:\CIS\Assessor-CLI\sce\world_writable_dirs_sticky.sh"
+                         href="sce/world_writable_dirs_sticky.sh"
+                         xccdf="pass"
+                         exit-value="101"&gt;
+            &lt;out/&gt;
+            &lt;err/&gt;
+            &lt;env/&gt;
+         &lt;/command_result&gt;
+      &lt;/check-content&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17925_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17934" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.1.21_Disable_Automounting">1.1.21 Disable Automounting</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">autofs</span>
+                        
+                        
+                        
+                        allows automatic mounting of devices, typically including CD/DVDs and USB drives.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>With automounting enabled anyone with physical access could attach a USB drive or
+                        disc and have its contents available in system even if they lacked permissions to
+                        mount it themselves.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/autofs.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>The use portable hard drives is very common for workstation users. If your organization
+                                 allows the use of portable storage or media on workstations and physical access controls
+                                 to workstations is considered adequate there is little value add in turning off automounting.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17934" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Disable Automounting</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17934_xml_result_button" onclick="switchState('d1e17934_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17934_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.21_Disable_Automounting"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.441-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1034"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17934_xml_result', false);</script><div class="backtop"><a href="#summary-d1e1442" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e2577" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.2_Configure_Software_Updates">1.2 Configure Software Updates</h2>
+                  <div class="description">
+                     <p>Ubuntu Linux uses apt to install and update software packages. Patch management procedures
+                        may vary widely between enterprises. Large enterprises may choose to install a local
+                        updates server that can be used in place of Ubuntu's servers, whereas a single deployment
+                        of a system may prefer to get updates directly. Updates can be performed automatically
+                        or manually, depending on the site's policy for patch management. Many large enterprises
+                        prefer to test patches on a non-production system before rolling out to production.</p>
+                     <p>For the purpose of this benchmark, the requirement is to ensure that a patch management
+                        system is configured and maintained. The specifics on patch update procedures are
+                        left to the organization.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e2613" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.3_Filesystem_Integrity_Checking">1.3 Filesystem Integrity Checking</h2>
+                  <div class="description">
+                     <p>AIDE is a file integrity checking tool, similar in nature to Tripwire. While it cannot
+                        prevent intrusions, it can detect unauthorized changes to configuration files by alerting
+                        when the files are changed. When setting up AIDE, decide internally what the site
+                        policy will be concerning integrity checking. Review the AIDE quick start guide and
+                        AIDE documentation before proceeding.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e17943" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed">1.3.1 Ensure AIDE is installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>AIDE takes a snapshot of filesystem state including modification times, permissions,
+                        and file hashes which can then be used to compare against the current state of the
+                        filesystem to detect modifications to the system.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>By monitoring the filesystem state compromised files can be detected to prevent or
+                        limit the exposure of accidental or malicious misconfigurations or modified binaries.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to install AIDE:</p><code class="code_block"># apt-get install aide</code><p>Configure AIDE as appropriate for your environment. Consult the AIDE documentation
+                              for options.</p>
+                           <p>Initialize AIDE:</p><code class="code_block"># aide --init</code><p></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17943" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure AIDE is installed</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17943_xml_result_button" onclick="switchState('d1e17943_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17943_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.3.1_Ensure_AIDE_is_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.441-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1035"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17943_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2613" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17948" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked">1.3.2 Ensure filesystem integrity is regularly checked</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Periodic checking of the filesystem integrity is needed to detect changes to the filesystem.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Periodic file checking allows the system administrator to determine on a regular basis
+                        if critical files have been changed in an unauthorized fashion.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command:</p><code class="code_block"># crontab -u root -e</code><p>Add the following line to the crontab:</p><code class="code_block">0 5 * * * /usr/bin/aide --check</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17948" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure filesystem integrity is regularly checked</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17948_xml_result_button" onclick="switchState('d1e17948_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17948_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.3.2_Ensure_filesystem_integrity_is_regularly_checked"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="OR" negate="false"&gt;
+         &lt;complex-check operator="OR" negate="false"&gt;
+            &lt;complex-check operator="OR" negate="false"&gt;
+               &lt;complex-check operator="OR" negate="false"&gt;
+                  &lt;complex-check operator="OR" negate="false"&gt;
+                     &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                            negate="false"
+                            multi-check="false"&gt;
+                        &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1036"
+                                      value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.1_var"/&gt;
+                        &lt;check-content-ref href="#OVAL-Results-1"
+                                           name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1036"/&gt;
+                     &lt;/check&gt;
+                     &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                            negate="false"
+                            multi-check="false"&gt;
+                        &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1037"
+                                      value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.2_var"/&gt;
+                        &lt;check-content-ref href="#OVAL-Results-1"
+                                           name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1037"/&gt;
+                     &lt;/check&gt;
+                  &lt;/complex-check&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1038"
+                                   value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.3_var"/&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1038"/&gt;
+                  &lt;/check&gt;
+               &lt;/complex-check&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1039"
+                                value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.4_var"/&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1039"/&gt;
+               &lt;/check&gt;
+            &lt;/complex-check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1040"
+                             value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.5_var"/&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1040"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1041"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.6_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1041"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1042"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_1.3.2.7_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1042"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17948_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2613" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e2698" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.4_Secure_Boot_Settings">1.4 Secure Boot Settings</h2>
+                  <div class="description">
+                     <p>The recommendations in this section focus on securing the bootloader and settings
+                        involved in the boot process directly.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e17977" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured">1.4.1 Ensure permissions on bootloader config are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The grub configuration file contains information on boot settings and passwords for
+                        unlocking boot options. The grub configuration is usually                        
+                        <span class="inline_block">grub.cfg</span>
+                        
+                        
+                        
+                        stored in                                                                 <span class="inline_block">/boot/grub.</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting the permissions to read and write for root only prevents non-root users from
+                        seeing the boot parameters or changing them. Non-root users who read the boot parameters
+                        may be able to identify weaknesses in security upon boot and be able to exploit them.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following commands to set permissions on your grub configuration:</p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /boot/grub/grub.cfg                                            
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /boot/grub/grub.cfg                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17977" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on bootloader config are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17977_xml_result_button" onclick="switchState('d1e17977_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17977_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.4.1_Ensure_permissions_on_bootloader_config_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1043"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17977_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2698" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e17982" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set">1.4.2 Ensure bootloader password is set</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Setting the boot loader password will require that anyone rebooting the system must
+                        enter a password before being able to set command line boot parameters</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Requiring a boot password upon execution of the boot loader will prevent an unauthorized
+                        user from entering boot parameters or changing the boot partition. This prevents users
+                        from weakening security (e.g. turning off SELinux at boot time).</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Create an encrypted password with                                                
+                              <span class="inline_block">grub-mkpasswd-pbkdf2</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # grub-mkpasswd-pbkdf2                                                           
+                              <br></br>
+                              
+                              
+                              
+                              Enter password:                                                                  
+                              <em>&lt;password&gt;</em><br></br>
+                              
+                              
+                              
+                              Reenter password:                                                                
+                              <em>&lt;password&gt;</em><br></br>
+                              
+                              
+                              
+                              Your PBKDF2 is                                                                   
+                              <em>&lt;encrypted-password&gt;</em></code><p>
+                              
+                              
+                              
+                              Add the following into                                                           
+                              <span class="inline_block">/etc/grub.d/00_header</span>
+                              
+                              
+                              
+                              or a custom                                                                      
+                              <span class="inline_block">/etc/grub.d</span>
+                              
+                              
+                              
+                              configuration file:                                                              
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              cat &lt;&lt;EOF                                                                        
+                              <br></br>
+                              
+                              
+                              
+                              set superusers="                                                                 
+                              <em>&lt;username&gt;</em>
+                              
+                              
+                              
+                              "                                                                                <br></br>
+                              
+                              
+                              
+                              password_pbkdf2                                                                  
+                              <em>&lt;username&gt;</em><em>&lt;encrypted-password&gt;</em><br></br>
+                              
+                              
+                              
+                              EOF                                                                        </code><p>
+                              
+                              
+                              
+                              Run the following command to update the                                          
+                              <span class="inline_block">grub2</span>
+                              
+                              
+                              
+                              configuration:                                                                   
+                              </p><code class="code_block"># update-grub</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17982" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure bootloader password is set</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure bootloader password is set</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17982_xml_result_button" onclick="switchState('d1e17982_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17982_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.4.2_Ensure_bootloader_password_is_set"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1045"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_1.4.2.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1045"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1044"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_1.4.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1044"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17982_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2698" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e2820" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.5_Additional_Process_Hardening">1.5 Additional Process Hardening</h2>
+                  <div class="description">
+                     <p></p>
+                  </div>
+               </div>
+               <div id="detail-d1e17995" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted">1.5.1 Ensure core dumps are restricted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>A core dump is the memory of an executable program. It is generally used to determine
+                        why a program aborted. It can also be used to glean confidential information from
+                        a core file. The system provides the ability to set a soft limit for core dumps, but
+                        this can be overridden by the user.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Setting a hard limit on core dumps prevents users from overriding the soft variable.
+                        If core dumps are required, consider setting limits for user groups (see         
+                        <span class="inline_block">limits.conf(5)</span>
+                        
+                        
+                        
+                        ). In addition, setting the                                                      
+                        <span class="inline_block">fs.suid_dumpable</span>
+                        
+                        
+                        
+                        variable to 0 will prevent setuid programs from dumping core.                    
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Add the following line to the                                                    
+                              <span class="inline_block">/etc/security/limits.conf </span>
+                              
+                              
+                              
+                              file or a                                                                        
+                              <span class="inline_block">/etc/security/limits.d/*</span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">* hard core 0</code><p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">fs.suid_dumpable = 0</code><p>Run the following command to set the active kernel parameter:</p><code class="code_block"># sysctl -w fs.suid_dumpable=0</code><p><br></br><br></br></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e17995" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure core dumps are restricted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure core dumps are restricted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure core dumps are restricted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e17995_xml_result_button" onclick="switchState('d1e17995_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e17995_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.5.1_Ensure_core_dumps_are_restricted"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="OR" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1046"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_1.5.1.1_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1046"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1047"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_1.5.1.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1047"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1048"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_1.5.1.3_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1048"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e17995_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2820" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18008" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled">1.5.2 Ensure XD/NX support is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Recent processors in the x86 family support the ability to prevent code execution
+                        on a per memory page basis. Generically and on AMD processors, this ability is called
+                        No Execute (NX), while on Intel processors it is called Execute Disable (XD). This
+                        ability can help prevent exploitation of buffer overflow vulnerabilities and should
+                        be activated whenever possible. Extra steps must be taken to ensure that this protection
+                        is enabled, particularly on 32-bit x86 systems. Other processors, such as Itanium
+                        and POWER, have included such support since inception and the standard kernel for
+                        those platforms supports the feature.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Enabling any feature that can protect against buffer overflow attacks enhances the
+                        security of the system.</p>
+                     <p></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>On 32 bit systems install a kernel with PAE support, no installation is required on
+                              64 bit systems:</p>
+                           <p>If necessary configure your bootloader to load the new kernel and reboot the system.</p>
+                           <p>You may need to enable NX or XD support in your bios.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18008" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure XD/NX support is enabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18008_xml_result_button" onclick="switchState('d1e18008_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18008_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.5.2_Ensure_XDNX_support_is_enabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1049"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_1.5.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1049"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18008_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2820" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18014" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled">1.5.3 Ensure address space layout randomization (ASLR) is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Address space layout randomization (ASLR) is an exploit mitigation technique which
+                        randomly arranges the address space of key data areas of a process.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Randomly placing virtual memory regions will make it difficult to write memory page
+                        exploits as the memory placement will be consistently shifting.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">kernel.randomize_va_space = 2</code><p>Run the following command to set the active kernel parameter:</p><code class="code_block"># sysctl -w kernel.randomize_va_space=2</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18014" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure address space layout randomization (ASLR) is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18014_xml_result_button" onclick="switchState('d1e18014_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18014_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.5.3_Ensure_address_space_layout_randomization_ASLR_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.443-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1050"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_1.5.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1050"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18014_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2820" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18020" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled">1.5.4 Ensure prelink is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">prelink </span>
+                        
+                        
+                        
+                        is a program that modifies ELF shared libraries and ELF dynamically linked binaries
+                        in such a way that the time needed for the dynamic linker to perform relocations at
+                        startup significantly decreases.                                                 
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>The prelinking feature can interfere with the operation of AIDE, because it changes
+                        binaries. Prelinking can also increase the vulnerability of the system if a malicious
+                        user is able to compromise a common library such as libc.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to restore binaries to normal:</p><code class="code_block"># prelink -ua</code><p>
+                              
+                              
+                              
+                              Run the following command to uninstall                                           
+                              <span class="inline_block">prelink</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># apt-get remove prelink</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18020" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure prelink is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18020_xml_result_button" onclick="switchState('d1e18020_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18020_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.5.4_Ensure_prelink_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1051"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18020_xml_result', false);</script><div class="backtop"><a href="#summary-d1e2820" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e2957" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.6_Mandatory_Access_Control">1.6 Mandatory Access Control</h2>
+                  <div class="description">
+                     <p>Mandatory Access Control (MAC) provides an additional layer of access restrictions
+                        to processes on top of the base Discretionary Access Controls. By restricting how
+                        processes can access files and resources on a system the potential impact from vulnerabilities
+                        in the processes can be reduced.</p>
+                     <p></p>
+                     <p><strong>Impact:</strong>
+                        
+                        
+                        
+                        Mandatory Access Control limits the capabilities of applications and daemons on a
+                        system, while this can prevent unauthorized access the configuration of MAC can be
+                        complex and difficult to implement correctly preventing legitimate access from occurring.
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e2967" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.6.1_Configure_SELinux">1.6.1 Configure SELinux</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        SELinux provides a Mandatory Access Control (MAC) system that greatly augments the
+                        default Discretionary Access Control (DAC) model. Under SELinux, every process and
+                        every object (files, sockets, pipes) on the system is assigned a security context,
+                        a label that includes detailed type information about the object. The kernel allows
+                        processes to access objects only if that access is explicitly allowed by the policy
+                        in effect. The policy defines transitions, so that a user can be allowed to run software,
+                        but the software can run under a different context than the user's default. This automatically
+                        limits the damage that the software can do to files accessible by the calling user.
+                        The user does not need to take any action to gain this benefit. For an action to occur,
+                        both the traditional DAC permissions must be satisfied as well as the SELinux MAC
+                        rules. The action will not be allowed if either one of these models does not permit
+                        the action. In this way, SELinux rules can only make a system's permissions more restrictive
+                        and secure. SELinux requires a complex policy to allow all the actions required of
+                        a system under normal operation. Three such policies have been available for use with
+                        Ubuntu and are included with the system:                                         
+                        <span class="inline_block">ubuntu</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">default</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">strict</span>
+                        
+                        
+                        
+                        , and                                                                 <span class="inline_block">mls</span>
+                        
+                        
+                        
+                        . These are described as follows:                                                
+                        </p>
+                     <ul>
+                        <li><span class="inline_block">ubuntu</span>
+                           
+                           
+                           
+                           : targeted rules developed for ubuntu specifically                               
+                           </li>
+                        <li><span class="inline_block">default</span>
+                           
+                           
+                           
+                           : targeted rules developed and maintained by Debian. Consists mostly of Type Enforcement
+                           (TE) rules, and a small number of Role-Based Access Control (RBAC) rules. Targeted
+                           restricts the actions of many types of programs, but leaves interactive users largely
+                           unaffected.                                                                </li>
+                        <li><span class="inline_block">strict</span>
+                           
+                           
+                           
+                           : also uses TE and RBAC rules, but on more programs and more aggressively.       
+                           </li>
+                        <li><span class="inline_block">mls</span>
+                           
+                           
+                           
+                           : implements Multi-Level Security (MLS), which introduces even more kinds of labels
+                           (sensitivity and category) and rules that govern access based on these.          
+                           </li>
+                     </ul>
+                     <p>
+                        
+                        
+                        
+                        This section provides guidance for the configuration of the                      
+                        <span class="inline_block">targeted </span>
+                        
+                        
+                        
+                        policy.                                                        </p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        This section only applies if SELinux is in use on the system. Recommendations for
+                        AppArmor are also included, and additional Mandatory Access Control systems exist
+                        beyond these two. AppArmor is the standard MAC system for Ubuntu systems.        
+                        </p>
+                     <p><strong>References:</strong></p>
+                     <ol>
+                        <li>
+                           
+                           
+                           
+                           NSA SELinux resources:                                                           
+                           
+                           <ol>
+                              <li><a href="http://www.nsa.gov/research/selinux ">http://www.nsa.gov/research/selinux </a></li>
+                              <li><a href="http://www.nsa.gov/research/selinux/list.shtml ">http://www.nsa.gov/research/selinux/list.shtml </a></li>
+                           </ol>
+                        </li>
+                        <li>
+                           
+                           
+                           
+                           Fedora SELinux resources:                                                        
+                           
+                           <ol>
+                              <li>
+                                 
+                                 
+                                 
+                                 FAQ:                                                                             
+                                 <a href="http://docs.fedoraproject.org/selinux-faq ">http://docs.fedoraproject.org/selinux-faq </a></li>
+                              <li>
+                                 
+                                 
+                                 
+                                 User Guide:                                                                      
+                                 <a href="http://docs.fedoraproject.org/selinux-user-guide">http://docs.fedoraproject.org/selinux-user-guide</a></li>
+                              <li>
+                                 
+                                 
+                                 
+                                 Managing Services Guide:                                                         
+                                 <a href="http://docs.fedoraproject.org/selinux-managing-confined-services-guide ">http://docs.fedoraproject.org/selinux-managing-confined-services-guide </a></li>
+                           </ol>
+                        </li>
+                        <li>
+                           
+                           
+                           
+                           SELinux Project web page and wiki:                                               
+                           
+                           <ol>
+                              <li><a href="http://www.selinuxproject.org">http://www.selinuxproject.org</a></li>
+                           </ol>
+                        </li>
+                        <li>Chapters 43-45 of Red Hat Enterprise Linux 5: Deployment Guide (Frank Mayer, Karl
+                           MacMillan and David Caplan),</li>
+                        <li>SELinux by Example: Using Security Enhanced Linux (Prentice Hall, August 6, 2006)</li>
+                     </ol>
+                     <p></p>
+                  </div>
+               </div>
+               <div id="detail-d1e3194" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.6.2_Configure_AppArmor">1.6.2 Configure AppArmor</h2>
+                  <div class="description">
+                     <p>AppArmor provides a Mandatory Access Control (MAC) system that greatly augments the
+                        default Discretionary Access Control (DAC) model. Under AppArmor MAC rules are applied
+                        by file paths instead of by security contexts as in other MAC systems. As such it
+                        does not require support in the filesystem and can be applied to network mounted filesystems
+                        for example. AppArmor security policies define what system resources applications
+                        can access and what privileges they can do so with. This automatically limits the
+                        damage that the software can do to files accessible by the calling user. The user
+                        does not need to take any action to gain this benefit. For an action to occur, both
+                        the traditional DAC permissions must be satisfied as well as the AppArmor MAC rules.
+                        The action will not be allowed if either one of these models does not permit the action.
+                        In this way, AppArmor rules can only make a system's permissions more restrictive
+                        and secure.</p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        This section only applies if AppArmor is in use on the system. Recommendations for
+                        SELinux are also included, and additional Mandatory Access Control systems exist beyond
+                        these two.                                                        </p>
+                     <p><strong>References:</strong></p>
+                     <ol>
+                        <li>
+                           
+                           
+                           
+                           AppArmor Documentation:                                                          
+                           <a href="http://wiki.apparmor.net/index.php/Documentation">http://wiki.apparmor.net/index.php/Documentation</a></li>
+                        <li>
+                           
+                           
+                           
+                           Ubuntu AppArmor Documentation:                                                   
+                           <a href="https://help.ubuntu.com/community/AppArmor">https://help.ubuntu.com/community/AppArmor</a></li>
+                        <li>
+                           
+                           
+                           
+                           SUSE AppArmor Documentation:                                                     
+                           <a href="https://www.suse.com/documentation/apparmor/">https://www.suse.com/documentation/apparmor/</a></li>
+                     </ol>
+                  </div>
+               </div>
+               <div id="detail-d1e3309" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.7_Warning_Banners">1.7 Warning Banners</h2>
+                  <div class="description">
+                     <p>Presenting a warning message prior to the normal user login may assist in the prosecution
+                        of trespassers on the computer system. Changing some of these login banners also has
+                        the side effect of hiding OS version information and other detailed system information
+                        from attackers attempting to target specific exploits at a system.</p>
+                     <p>
+                        
+                        
+                        
+                        Guidelines published by the US Department of Defense require that warning messages
+                        include at least the name of the organization that owns the system, the fact that
+                        the system is subject to monitoring and that such monitoring is in compliance with
+                        local statutes, and that use of the system implies consent to such monitoring. It
+                        is important that the organization's legal counsel review the content of all messages
+                        before any system modifications are made, as these warning messages are inherently
+                        site-specific. More information (including citations of relevant case law) can be
+                        found at                                                         <a href="http://www.justice.gov/criminal/cybercrime/ ">http://www.justice.gov/criminal/cybercrime/ </a></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        The text provided in the remediation actions for these items is intended as an example
+                        only. Please edit to include the specific text for your organization as approved by
+                        your legal department.                                                </p>
+                  </div>
+               </div>
+               <div id="detail-d1e3322" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_1.7.1_Command_Line_Warning_Banners">1.7.1 Command Line Warning Banners</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/motd</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">/etc/issue</span>
+                        
+                        
+                        
+                        , and                                                                 <span class="inline_block">/etc/issue.net</span>
+                        
+                        
+                        
+                        files govern warning banners for standard command line logins for both local and remote
+                        users.                                                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e18102" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly">1.7.1.1 Ensure message of the day is configured properly</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The contents of the                                                              
+                        <span class="inline_block">/etc/motd</span>
+                        
+                        
+                        
+                        file are displayed to users after login and function as a message of the day for authenticated
+                        users.                                                                </p>
+                     <p></p>
+                     <p>
+                        
+                        
+                        
+                        Unix-based systems have typically displayed information about the OS release and patch
+                        level upon logging in to the system. This information can be useful to developers
+                        who are developing software for a particular OS platform. If                     
+                        <span class="inline_block">mingetty(8) </span>
+                        
+                        
+                        
+                        supports the following options, they display operating system information:       
+                        <br></br><br></br><span class="inline_block">\m</span>
+                        
+                        
+                        
+                        - machine architecture                                                           
+                        <br></br><span class="inline_block">\r</span>
+                        
+                        
+                        
+                        - operating system release                                                       
+                        <br></br><span class="inline_block">\s</span>
+                        
+                        
+                        
+                        - operating system name                                                          
+                        <br></br><span class="inline_block">\v</span>
+                        
+                        
+                        
+                        - operating system version                                                       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Warning messages inform users who are attempting to login to the system of their legal
+                        status regarding the system and must include the name of the organization that owns
+                        the system and any monitoring policies that are in place. Displaying OS and patch
+                        level information in login banners also has the side effect of providing detailed
+                        system information to attackers attempting to target specific exploits of a system.
+                        Authorized users can easily get this information by running the "                
+                        <span class="inline_block">uname -a</span>
+                        
+                        
+                        
+                        " command once they have logged in.                                              
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/motd</span>
+                              
+                              
+                              
+                              file with the appropriate contents according to your site policy, remove any instances
+                              of                                                                               
+                              <span class="inline_block">\m</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\r</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\s</span>
+                              
+                              
+                              
+                              , or                                                                             
+                              <span class="inline_block">\v.</span></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18102" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure message of the day is configured properly</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18102_xml_result_button" onclick="switchState('d1e18102_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18102_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.1_Ensure_message_of_the_day_is_configured_properly"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1073"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18102_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18107" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly">1.7.1.2 Ensure local login warning banner is configured properly</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span>The contents of the </span><span class="inline_block">/etc/issue</span><span> file are displayed to users prior to login for local terminals.</span></p>
+                     <p><span><br></br></span></p>
+                     <p><span>Unix-based systems have typically displayed information about the OS release and patch
+                           level upon logging in to the system. This information can be useful to developers
+                           who are developing software for a particular OS platform. If </span><span class="inline_block">mingetty(8) </span><span>supports the following options, they display operating system information:</span><span></span></p>
+                     <p></p>
+                     <p><span class="inline_block">\m</span><span></span><span>- machine architecture</span><br></br><span class="inline_block">\r</span><span></span><span>- operating system release</span><br></br><span class="inline_block">\s</span><span></span><span>- operating system name</span><br></br><span class="inline_block">\v</span><span></span><span>- operating system version</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p><span>Warning messages inform users who are attempting to login to the system of their legal
+                           status regarding the system and must include the name of the organization that owns
+                           the system and any monitoring policies that are in place. </span><span>Displaying OS and patch level information in login banners also has the side effect
+                           of providing detailed system information to attackers attempting to target specific
+                           exploits of a system. Authorized users can easily get this information by running
+                           the "</span><span class="inline_block">uname -a</span><span>" command once they have logged in.</span></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/issue</span>
+                              
+                              
+                              
+                              file with the appropriate contents according to your site policy, remove any instances
+                              of                                                                               
+                              <span class="inline_block">\m</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\r</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\s</span>
+                              
+                              
+                              
+                              , or                                                                             
+                              <span class="inline_block">\v</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block"># echo "Authorized uses only. All activity may be monitored and reported." &gt; /etc/issue</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18107" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure local login warning banner is configured properly</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18107_xml_result_button" onclick="switchState('d1e18107_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18107_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.2_Ensure_local_login_warning_banner_is_configured_properly"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1074"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18107_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18112" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly">1.7.1.3 Ensure remote login warning banner is configured properly</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The contents of the                                                              
+                        <span class="inline_block">/etc/issue.net</span>
+                        
+                        
+                        
+                        file are displayed to users prior to login for remote connections from configured
+                        services.                                                                </p>
+                     <p><span>Unix-based systems have typically displayed information about the OS release and patch
+                           level upon logging in to the system. This information can be useful to developers
+                           who are developing software for a particular OS platform. If </span><span class="inline_block">mingetty(8) </span><span>supports the following options, they display operating system information:</span><span></span><br></br><br></br><span class="inline_block">\m</span><span></span><span>- machine architecture</span><br></br><span class="inline_block">\r</span><span></span><span>- operating system release</span><br></br><span class="inline_block">\s</span><span></span><span>- operating system name</span><br></br><span class="inline_block">\v</span><span></span><span>- operating system version</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p><span>Warning messages inform users who are attempting to login to the system of their legal
+                           status regarding the system and must include the name of the organization that owns
+                           the system and any monitoring policies that are in place. Displaying OS and patch
+                           level information in login banners also has the side effect of providing detailed
+                           system information to attackers attempting to target specific exploits of a system.
+                           Authorized users can easily get this information by running the "</span><span class="inline_block">uname -a</span><span>" command once they have logged in.</span></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/issue.net</span>
+                              
+                              
+                              
+                              file with the appropriate contents according to your site policy, remove any instances
+                              of                                                                               
+                              <span class="inline_block">\m</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\r</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">\s</span>
+                              
+                              
+                              
+                              , or                                                                             
+                              <span class="inline_block">\v</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block"># echo "Authorized uses only. All activity may be monitored and reported." &gt; /etc/issue.net</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18112" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure remote login warning banner is configured properly</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18112_xml_result_button" onclick="switchState('d1e18112_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18112_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.3_Ensure_remote_login_warning_banner_is_configured_properly"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1075"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18112_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18117" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured">1.7.1.4 Ensure permissions on /etc/motd are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The contents of the                                                              
+                        <span class="inline_block">/etc/motd</span>
+                        
+                        
+                        
+                        file are displayed to users after login and function as a message of the day for authenticated
+                        users.                                                                </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the                                                                         <span class="inline_block">/etc/motd</span>
+                        
+                        
+                        
+                        file does not have the correct ownership it could be modified by unauthorized users
+                        with incorrect or misleading information.                                        
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set permissions on                                 
+                              <span class="inline_block">/etc/motd</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/motd                                                      
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/motd                                                            
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18117" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/motd are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18117_xml_result_button" onclick="switchState('d1e18117_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18117_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.4_Ensure_permissions_on_etcmotd_are_configured"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1076"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18117_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18122" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured">1.7.1.5 Ensure permissions on /etc/issue are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The contents of the                                                              
+                        <span class="inline_block">/etc/issue</span>
+                        
+                        
+                        
+                        file are displayed to users prior to login for local terminals.                  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the                                                                         <span class="inline_block">/etc/issue</span>
+                        
+                        
+                        
+                        file does not have the correct ownership it could be modified by unauthorized users
+                        with incorrect or misleading information.                                        
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set permissions on                                 
+                              <span class="inline_block">/etc/issue</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/issue                                                     
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/issue                                                           
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18122" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/issue are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18122_xml_result_button" onclick="switchState('d1e18122_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18122_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.5_Ensure_permissions_on_etcissue_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.444-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1077"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18122_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18127" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured">1.7.1.6 Ensure permissions on /etc/issue.net are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The contents of the                                                              
+                        <span class="inline_block">/etc/issue.net</span>
+                        
+                        
+                        
+                        file are displayed to users prior to login for remote connections from configured
+                        services.                                                                </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the                                                                         <span class="inline_block">/etc/issue.net</span>
+                        
+                        
+                        
+                        file does not have the correct ownership it could be modified by unauthorized users
+                        with incorrect or misleading information.                                        
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set permissions on                                 
+                              <span class="inline_block">/etc/issue.net</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/issue.net                                                 
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/issue.net                                                       
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18127" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/issue.net are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18127_xml_result_button" onclick="switchState('d1e18127_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18127_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.1.6_Ensure_permissions_on_etcissue.net_are_configured"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1078"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18127_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3322" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18132" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured">1.7.2 Ensure GDM login banner is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>GDM is the GNOME Display Manager which handles graphical login for GNOME based systems.</p>
+                  </div>
+                  <div class="rationale">
+                     <p><span>Warning messages inform users who are attempting to login to the system of their legal
+                           status regarding the system and must include the name of the organization that owns
+                           the system and any monitoring policies that are in place.</span></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Create the                                                                       
+                              <span class="inline_block">/etc/dconf/profile/gdm</span>
+                              
+                              
+                              
+                              file with the following contents:                                                
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              user-db:user                                                                     
+                              <br></br>
+                              
+                              
+                              
+                              system-db:gdm                                                                    
+                              <br></br>
+                              
+                              
+                              
+                              file-db:/usr/share/gdm/greeter-dconf-defaults                                    
+                              </code><p>
+                              
+                              
+                              
+                              Create or edit the                                                               
+                              <span class="inline_block">banner-message-enable</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">banner-message-text</span>
+                              
+                              
+                              
+                              options in                                                                       
+                              <span class="inline_block">/etc/dconf/db/gdm.d/01-banner-message</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              [org/gnome/login-screen]                                                         
+                              <br></br>
+                              
+                              
+                              
+                              banner-message-enable=true                                                       
+                              <br></br>
+                              
+                              
+                              
+                              banner-message-text='Authorized uses only. All activity may be monitored and reported.'
+                              </code><p>Run the following command to update the system databases:</p><code class="code_block"># dconf update</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18132" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure GDM login banner is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18132_xml_result_button" onclick="switchState('d1e18132_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18132_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_1.7.2_Ensure_GDM_login_banner_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;complex-check operator="AND" negate="false"&gt;
+               &lt;complex-check operator="AND" negate="false"&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1079"
+                                   value-id="xccdf_org.cisecurity.benchmarks_value_1.7.2.1_var"/&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1079"/&gt;
+                  &lt;/check&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1080"
+                                   value-id="xccdf_org.cisecurity.benchmarks_value_1.7.2.2_var"/&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1080"/&gt;
+                  &lt;/check&gt;
+               &lt;/complex-check&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1081"
+                                value-id="xccdf_org.cisecurity.benchmarks_value_1.7.2.3_var"/&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1081"/&gt;
+               &lt;/check&gt;
+            &lt;/complex-check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1082"
+                             value-id="xccdf_org.cisecurity.benchmarks_value_1.7.2.4_var"/&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1082"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1083"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_1.7.2.5_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1083"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1084"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18132_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3309" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e3729" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_2_Services">2 Services</h2>
+                  <div class="description">
+                     <p>While applying system updates and patches helps correct known vulnerabilities, one
+                        of the best ways to protect the system against as yet unreported vulnerabilities is
+                        to disable all services that are not required for normal system operation. This prevents
+                        the exploitation of vulnerabilities discovered at a later date. If a service is not
+                        enabled, it cannot be exploited. The actions in this section of the document provide
+                        guidance on some services which can be safely disabled and under which circumstances,
+                        greatly reducing the number of possible threats to the resulting system. Additionally
+                        some services which should remain enabled but with secure configuration are covered
+                        as well as insecure service clients.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e3735" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_2.1_inetd_Services">2.1 inetd Services</h2>
+                  <div class="description">
+                     <p class="MsoNormal">inetd is a super-server daemon that provides internet services and passes connections
+                        to configured services. While not commonly used inetd and any unneeded inetd based
+                        services should be disabled if possible.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e18158" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled">2.1.1 Ensure chargen services are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">chargen </span>
+                        
+                        
+                        
+                        is a network service that responds with 0 to 512 ASCII characters for each connection
+                        it receives. This service is intended for debugging and testing purposes. It is recommended
+                        that this service be disabled.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disabling this service will reduce the remote attack surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">chargen</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">chargen</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18158" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure chargen services are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18158_xml_result_button" onclick="switchState('d1e18158_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18158_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.1_Ensure_chargen_services_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1085"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18158_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18163" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled">2.1.2 Ensure daytime services are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">daytime</span>
+                        
+                        
+                        
+                        is a network service that responds with the server's current date and time. This service
+                        is intended for debugging and testing purposes. It is recommended that this service
+                        be disabled.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disabling this service will reduce the remote attack surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">daytime</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">daytime</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18163" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure daytime services are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18163_xml_result_button" onclick="switchState('d1e18163_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18163_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.2_Ensure_daytime_services_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1086"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18163_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18168" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled">2.1.3 Ensure discard services are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">discard </span>
+                        
+                        
+                        
+                        is a network service that simply discards all data it receives. This service is intended
+                        for debugging and testing purposes. It is recommended that this service be disabled.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disabling this service will reduce the remote attack surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">discard</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">discard</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18168" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure discard services are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18168_xml_result_button" onclick="switchState('d1e18168_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18168_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.3_Ensure_discard_services_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1087"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18168_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18174" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled">2.1.4 Ensure echo services are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">echo </span>
+                        
+                        
+                        
+                        is a network service that responds to clients with the data sent to it by the client.
+                        This service is intended for debugging and testing purposes. It is recommended that
+                        this service be disabled.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disabling this service will reduce the remote attack surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">echo</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">echo</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18174" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure echo services are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18174_xml_result_button" onclick="switchState('d1e18174_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18174_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.4_Ensure_echo_services_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.445-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1088"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18174_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18179" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled">2.1.5 Ensure time services are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">time </span>
+                        
+                        
+                        
+                        is a network service that responds with the server's current date and time as a 32
+                        bit integer. This service is intended for debugging and testing purposes. It is recommended
+                        that this service be disabled.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disabling this service will reduce the remote attack surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">time</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">time</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18179" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure time services are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18179_xml_result_button" onclick="switchState('d1e18179_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18179_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.5_Ensure_time_services_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.446-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1089"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18179_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18184" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled">2.1.6 Ensure rsh server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The Berkeley                                                                 <span class="inline_block">rsh-server </span>
+                        
+                        
+                        
+                        (                                                                <span class="inline_block">rsh</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">rlogin</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">rexec</span>
+                        
+                        
+                        
+                        ) package contains legacy services that exchange credentials in clear-text.      
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>These legacy services contain numerous security exposures and have been replaced with
+                        the more secure SSH package.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">shell</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">login</span>
+                              
+                              
+                              
+                              , or                                                                             
+                              <span class="inline_block">exec</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">rsh</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">rlogin</span>
+                              
+                              
+                              
+                              , and                                                                            
+                              <span class="inline_block">rexec</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18184" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18184_xml_result_button" onclick="switchState('d1e18184_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18184_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.6_Ensure_rsh_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.446-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;complex-check operator="AND" negate="false"&gt;
+               &lt;complex-check operator="AND" negate="false"&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1090"/&gt;
+                  &lt;/check&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1091"/&gt;
+                  &lt;/check&gt;
+               &lt;/complex-check&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1092"/&gt;
+               &lt;/check&gt;
+            &lt;/complex-check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1093"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1094"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1095"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18184_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18203" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled">2.1.7 Ensure talk server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The talk software makes it possible for users to send and receive messages across
+                        systems through a terminal session. The talk client (allows initiate of talk sessions)
+                        is installed by default.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>The software presents a security risk as it uses unencrypted protocols for communication.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">talk</span>
+                              
+                              
+                              
+                              or                                                                               
+                              <span class="inline_block">ntalk</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">talk</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18203" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure talk server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure talk server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18203_xml_result_button" onclick="switchState('d1e18203_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18203_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.7_Ensure_talk_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.446-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1096"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1097"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18203_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18210" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled">2.1.8 Ensure telnet server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">telnet-server </span>
+                        
+                        
+                        
+                        package contains the                                                             
+                        <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        daemon, which accepts connections from users from other systems via the          
+                        <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        protocol.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        protocol is insecure and unencrypted. The use of an unencrypted transmission medium
+                        could allow a user with access to sniff network traffic the ability to steal credentials.
+                        The                                                                 <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        package provides an encrypted session and stronger security.                     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">telnet</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">telnet</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18210" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure telnet server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18210_xml_result_button" onclick="switchState('d1e18210_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18210_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.8_Ensure_telnet_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.446-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1098"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18210_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18215" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled">2.1.9 Ensure tftp server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically
+                        used to automatically transfer configuration or boot machines from a boot server.
+                        The packages                                                                 <span class="inline_block">tftp </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">atftp </span>
+                        
+                        
+                        
+                        are both used to define and support a TFTP server.                               
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>TFTP does not support authentication nor does it ensure the confidentiality or integrity
+                        of data. It is recommended that TFTP be removed, unless there is a specific need for
+                        TFTP. In that case, extreme caution must be used when configuring the services.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Comment out or remove any lines starting with                                    
+                              <span class="inline_block">tftp</span>
+                              
+                              
+                              
+                              from                                                                             
+                              <span class="inline_block">/etc/inetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/inetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p>
+                              
+                              
+                              
+                              Set                                                                              
+                              <span class="inline_block">disable = yes</span>
+                              
+                              
+                              
+                              on all                                                                           
+                              <span class="inline_block">tftp</span>
+                              
+                              
+                              
+                              services in                                                                      
+                              <span class="inline_block">/etc/xinetd.conf</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/xinetd.d/*</span>
+                              
+                              
+                              
+                              .                                                                        </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18215" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure tftp server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18215_xml_result_button" onclick="switchState('d1e18215_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18215_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.9_Ensure_tftp_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.446-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1099"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18215_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18220" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled">2.1.10 Ensure xinetd is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The eXtended InterNET Daemon (                                                   
+                        <span class="inline_block">xinetd</span>
+                        
+                        
+                        
+                        ) is an open source super daemon that replaced the original                      
+                        <span class="inline_block">inetd</span>
+                        
+                        
+                        
+                        daemon. The                                                                 <span class="inline_block">xinetd </span>
+                        
+                        
+                        
+                        daemon listens for well known services and dispatches the appropriate daemon to properly
+                        respond to service requests.                                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If there are no                                                                 <span class="inline_block">xinetd </span>
+                        
+                        
+                        
+                        services required, it is recommended that the daemon be disabled.                
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/xinetd.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18220" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure xinetd is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18220_xml_result_button" onclick="switchState('d1e18220_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18220_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.1.10_Ensure_xinetd_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.447-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1100"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18220_xml_result', false);</script><div class="backtop"><a href="#summary-d1e3735" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e4221" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_2.2_Special_Purpose_Services">2.2 Special Purpose Services</h2>
+                  <div class="description">
+                     <p>This section describes services that are installed on systems that specifically need
+                        to run these services. If any of these services are not required, it is recommended
+                        that they be disabled or deleted from the system to reduce the potential attack surface.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e4227" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_2.2.1_Time_Synchronization">2.2.1 Time Synchronization</h2>
+                  <div class="description">
+                     <p><span>It is recommended that physical systems and virtual guests lacking direct access to
+                           the physical host's clock be configured to synchronize their time using a service
+                           such as NTP or chrony.</span></p>
+                  </div>
+               </div>
+               <div id="detail-d1e18225" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use">2.2.1.1 Ensure time synchronization is in use</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>System time should be synchronized between all systems in an environment. This is
+                        typically done by establishing an authoritative time server or set of servers and
+                        having all systems synchronize their clocks to them.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Time synchronization is important to support time sensitive security mechanisms like
+                        Kerberos and also ensures log files have consistent time records across the enterprise,
+                        which aids in forensic investigations.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>On physical systems or virtual systems where host based time synchronization is not
+                              available install NTP or chrony using one of the following commands:</p><code class="code_block">
+                              
+                              
+                              
+                              # apt-get install ntp                                                            
+                              <br></br>
+                              
+                              
+                              
+                              # apt-get install chrony                                                         
+                              </code><p>On virtual systems where host based time synchronization is available consult your
+                              virtualization software documentation and setup host based synchronization.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18225" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure time synchronization is in use</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure time synchronization is in use</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18225_xml_result_button" onclick="switchState('d1e18225_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18225_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.1_Ensure_time_synchronization_is_in_use"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.447-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1101"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1102"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18225_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4227" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18232" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured">2.2.1.2 Ensure ntp is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span><span class="inline_block">ntp</span>
+                           
+                           
+                           
+                           is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize
+                           system clocks across a variety of systems and use a source that is highly accurate.
+                           More information on NTP can be found at                                          
+                           </span><a href="http://www.ntp.org/">http://www.ntp.org</a><span>
+                           
+                           
+                           
+                           .                                                                                
+                           <span class="inline_block">ntp</span>
+                           
+                           
+                           
+                           can be configured to be a client and/or a server.                                
+                           </span></p>
+                     <p><span><br></br></span></p>
+                     <p><span>This recommendation only applies if ntp is in use on the system.</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p>If ntp is in use on the system proper configuration is vital to ensuring time synchronization
+                        is working properly.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Add or edit restrict lines in                                                    
+                              <span class="inline_block">/etc/ntp.conf</span>
+                              
+                              
+                              
+                              to match the following:                                                          
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              restrict -4 default kod nomodify notrap nopeer noquery                           
+                              <br></br>
+                              
+                              
+                              
+                              restrict -6 default kod nomodify notrap nopeer noquery                           
+                              </code><p>
+                              
+                              
+                              
+                              Add or edit server lines to                                                      
+                              <span class="inline_block">/etc/ntp.conf</span>
+                              
+                              
+                              
+                              as appropriate:                                                                  
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              server                                                                           
+                              <em>&lt;remote-server&gt;</em></code><p>
+                              
+                              
+                              
+                              Configure                                                                        
+                              <span class="inline_block">ntp</span>
+                              
+                              
+                              
+                              to run as the                                                                    
+                              <span class="inline_block">ntp</span>
+                              
+                              
+                              
+                              user by adding or editing the following file:                                    
+                              </p>
+                           <p><span class="inline_block">/etc/init.d/ntp</span>
+                              
+                              
+                              
+                              :                                                                                
+                              </p><code class="code_block">RUNASUSER=ntp</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18232" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ntp is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ntp is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ntp is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ntp is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ntp is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18232_xml_result_button" onclick="switchState('d1e18232_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18232_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.2_Ensure_ntp_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.447-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;complex-check operator="AND" negate="false"&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1103"
+                                value-id="xccdf_org.cisecurity.benchmarks_value_2.2.1.2.1_var"/&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1103"/&gt;
+               &lt;/check&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1104"
+                                value-id="xccdf_org.cisecurity.benchmarks_value_2.2.1.2.2_var"/&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1104"/&gt;
+               &lt;/check&gt;
+            &lt;/complex-check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1105"
+                             value-id="xccdf_org.cisecurity.benchmarks_value_2.2.1.2.3_var"/&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1105"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1106"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_2.2.1.2.4_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1106"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1107"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18232_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4227" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18252" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured">2.2.1.3 Ensure chrony is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span><span class="inline_block">chrony</span>
+                           
+                           
+                           
+                           is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize
+                           system clocks across a variety of systems and use a source that is highly accurate.
+                           </span><span>
+                           
+                           
+                           
+                           More information on                                                              
+                           <span class="inline_block">chrony</span>
+                           
+                           
+                           
+                           can be found at                                                                  
+                           <a href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org/</a></span><span>
+                           
+                           
+                           
+                           .                                                                                
+                           <span class="inline_block">chrony</span>
+                           
+                           
+                           
+                           can be configured to be a client and/or a server.                                
+                           </span></p>
+                  </div>
+                  <div class="rationale">
+                     <p>If chrony is in use on the system proper configuration is vital to ensuring time synchronization
+                        is working properly.</p>
+                     <p></p>
+                     <p>This recommendation only applies if chrony is in use on the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Add or edit server lines to                                                      
+                              <span class="inline_block">/etc/chrony/chrony.conf</span>
+                              
+                              
+                              
+                              as appropriate:                                                                  
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              server                                                                           
+                              <em>&lt;remote-server&gt;</em></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18252" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure chrony is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure chrony is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18252_xml_result_button" onclick="switchState('d1e18252_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18252_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1.3_Ensure_chrony_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.447-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1108"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_2.2.1.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1108"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1109"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18252_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4227" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18260" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.2_Ensure_X_Window_System_is_not_installed">2.2.2 Ensure X Window System is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The X Window System provides a Graphical User Interface (GUI) where users can have
+                        multiple windows in which to run programs and various add on. The X Windows system
+                        is typically used on workstations where users login, but not on servers where users
+                        typically do not login.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Unless your organization specifically requires graphical login access via X Windows,
+                        remove it to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to remove the X Windows System packages:</p><code class="code_block">apt-get remove xserver-xorg*</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18260" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure X Window System is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18260_xml_result_button" onclick="switchState('d1e18260_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18260_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_Ensure_X_Window_System_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.448-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="#OVAL-Results-1"
+                         name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1110"/&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18260_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18265" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled">2.2.3 Ensure Avahi Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD
+                        service discovery. Avahi allows programs to publish and discover services and hosts
+                        running on a local network with no specific configuration. For example, a user can
+                        plug a computer into a network and Avahi automatically finds printers to print to,
+                        files to look at and people to talk to, as well as network services running on the
+                        machine.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Automatic discovery of network services is not normally required for system functionality.
+                        It is recommended to disable the service to reduce the potential attach surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/avahi-daemon.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18265" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure Avahi Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18265_xml_result_button" onclick="switchState('d1e18265_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18265_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_Ensure_Avahi_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.448-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1111"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18265_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18270" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.4_Ensure_CUPS_is_not_enabled">2.2.4 Ensure CUPS is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Common Unix Print System (CUPS) provides the ability to print to both local and
+                        network printers. A system running CUPS can also accept print jobs from remote systems
+                        and print them to local printers. It also provides a web based remote administration
+                        capability.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the system does not need to print jobs or accept print jobs from other systems,
+                        it is recommended that CUPS be disabled to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/cups.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Disabling CUPS will prevent printing from the system, a common task for workstation
+                                 systems.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18270" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure CUPS is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18270_xml_result_button" onclick="switchState('d1e18270_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18270_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_Ensure_CUPS_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.448-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1112"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18270_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18275" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled">2.2.5 Ensure DHCP Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to
+                        be dynamically assigned IP addresses.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Unless a system is specifically set up to act as a DHCP server, it is recommended
+                        that this service be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/isc-dhcp-server.conf </span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/init/isc-dhcp-server6.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18275" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure DHCP Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure DHCP Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18275_xml_result_button" onclick="switchState('d1e18275_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18275_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_Ensure_DHCP_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.448-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1113"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1114"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18275_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18282" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled">2.2.6 Ensure LDAP server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for
+                        NIS/YP. It is a service that provides a method for looking up information from a central
+                        database.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the system will not need to act as an LDAP server, it is recommended that the software
+                        be disabled to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to disable                                             
+                              <span class="inline_block">slapd</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># update-rc.d slapd disable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18282" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure LDAP server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18282_xml_result_button" onclick="switchState('d1e18282_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18282_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_Ensure_LDAP_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.449-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1115"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18282_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18287" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled">2.2.7 Ensure NFS and RPC are not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Network File System (NFS) is one of the first and most widely distributed file
+                        systems in the UNIX environment. It provides the ability for systems to mount file
+                        systems of other servers through the network.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the system does not export NFS shares or act as an NFS client, it is recommended
+                        that these services be disabled to reduce remote attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/rpcbind.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on start-rpcbind</code><p>
+                              
+                              
+                              
+                              Run the following command to disable                                             
+                              <span>nfs-kernel-server</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># update-rc.d nfs-kernel-server disable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18287" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure NFS and RPC are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure NFS and RPC are not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18287_xml_result_button" onclick="switchState('d1e18287_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18287_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_Ensure_NFS_and_RPC_are_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.449-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1116"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1117"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18287_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18294" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled">2.2.8 Ensure DNS Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Domain Name System (DNS) is a hierarchical naming system that maps names to IP
+                        addresses for computers, services and other resources connected to a network.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Unless a system is specifically designated to act as a DNS server, it is recommended
+                        that the package be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to disable                                             
+                              <span class="inline_block">bind9</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># update-rc.d bind9 disable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18294" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure DNS Server is not enabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18294_xml_result_button" onclick="switchState('d1e18294_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18294_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_Ensure_DNS_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.449-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1118"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18294_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18299" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled">2.2.9 Ensure FTP Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The File Transfer Protocol (FTP) provides networked computers with the ability to
+                        transfer files.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>FTP does not protect the confidentiality of data or authentication credentials. It
+                        is recommended sftp be used if file transfer is required. Unless there is a need to
+                        run the system as a FTP server (for example, to allow anonymous downloads), it is
+                        recommended that the package be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/vsftpd.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345] or net-device-up IFACE!=lo</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18299" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure FTP Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18299_xml_result_button" onclick="switchState('d1e18299_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18299_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_Ensure_FTP_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.449-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1119"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18299_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18304" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled">2.2.10 Ensure HTTP server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>HTTP or web servers provide the ability to host web site content.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Unless there is a need to run the system as a web server, it is recommended that the
+                        package be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to disable                                             
+                              <span class="inline_block">apache2</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># update-rc.d apache2 disable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18304" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure HTTP server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18304_xml_result_button" onclick="switchState('d1e18304_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18304_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_Ensure_HTTP_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.450-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1120"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18304_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18309" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled">2.2.11 Ensure IMAP and POP3 server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">dovecot</span>
+                        
+                        
+                        
+                        is an open source IMAP and POP3 server for Linux based systems.                  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Unless POP3 and/or IMAP servers are to be provided by this system, it is recommended
+                        that the service be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/dovecot.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18309" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IMAP and POP3 server is not enabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18309_xml_result_button" onclick="switchState('d1e18309_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18309_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_Ensure_IMAP_and_POP3_server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.450-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1121"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18309_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18314" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled">2.2.12 Ensure Samba is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Samba daemon allows system administrators to configure their Linux systems to
+                        share file systems and directories with Windows desktops. Samba will advertise the
+                        file systems and directories via the Small Message Block (SMB) protocol. Windows desktop
+                        users will be able to mount these directories and file systems as letter drives on
+                        their systems.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If there is no need to mount directories and file systems to Windows systems, then
+                        this service can be deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/smbd.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on (local-filesystems and net-device-up)</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18314" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure Samba is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18314_xml_result_button" onclick="switchState('d1e18314_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18314_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_Ensure_Samba_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.450-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1122"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18314_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18319" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled">2.2.13 Ensure HTTP Proxy Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Squid is a standard proxy server used in many distributions and environments.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If there is no need for a proxy server, it is recommended that the squid proxy be
+                        deleted to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/squid3.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">#start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18319" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure HTTP Proxy Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18319_xml_result_button" onclick="switchState('d1e18319_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18319_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_Ensure_HTTP_Proxy_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.450-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1123"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18319_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18325" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled">2.2.14 Ensure SNMP Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Simple Network Management Protocol (SNMP) server is used to listen for SNMP commands
+                        from an SNMP management system, execute the commands or collect the information and
+                        then send results back to the requesting system.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>The SNMP server communicates using SNMP v1, which transmits data in the clear and
+                        does not require authentication to execute commands. Unless absolutely necessary,
+                        it is recommended that the SNMP service not be used.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to disable                                             
+                              <span class="inline_block">snmpd</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># update-rc.d snmpd disable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18325" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SNMP Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18325_xml_result_button" onclick="switchState('d1e18325_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18325_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_Ensure_SNMP_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.450-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1124"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18325_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18330" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode">2.2.15 Ensure mail transfer agent is configured for local-only mode</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming
+                        mail and transfer the messages to the appropriate user or mail server. If the system
+                        is not intended to be a mail server, it is recommended that the MTA be configured
+                        to only process local mail.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>The software for all Mail Transfer Agents is complex and most have a long history
+                        of security issues. While it is important to ensure that the system can process local
+                        mail messages, it is not necessary to have the MTA's daemon listening on a port unless
+                        the server is intended to be a mail server that receives and processes mail from other
+                        systems.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit                                                                             
+                              <span class="inline_block">/etc/postfix/main.cf </span>
+                              
+                              
+                              
+                              and add the following line to the RECEIVING MAIL section. If the line already exists,
+                              change it to look like the line below:                                           
+                              </p><code class="code_block">inet_interfaces = localhost</code><p>Restart postfix:</p><code class="code_block"># service postfix restart</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18330" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure mail transfer agent is configured for local-only mode</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18330_xml_result_button" onclick="switchState('d1e18330_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18330_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_Ensure_mail_transfer_agent_is_configured_for_local-only_mode"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.451-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1125"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18330_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18335" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled">2.2.16 Ensure rsync service is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">rsyncd</span>
+                        
+                        
+                        
+                        service can be used to synchronize files between systems over network links.     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">rsyncd</span>
+                        
+                        
+                        
+                        service presents a security risk as it uses unencrypted protocols for communication.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/default/rsync</span>
+                              
+                              
+                              
+                              file and set                                                                     
+                              <span class="inline_block">RSYNC_ENABLE </span>
+                              
+                              
+                              
+                              to                                                                               
+                              <span class="inline_block">false</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">RSYNC_ENABLE=false</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18335" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsync service is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18335_xml_result_button" onclick="switchState('d1e18335_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18335_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_Ensure_rsync_service_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.451-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1126"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_2.2.16.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1126"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18335_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18341" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled">2.2.17 Ensure NIS Server is not enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Network Information Service (NIS) (formally known as Yellow Pages) is a client-server
+                        directory service protocol for distributing system configuration files. The NIS server
+                        is a collection of programs that allow for the distribution of configuration files.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>The NIS service is inherently an insecure system that has been vulnerable to DOS attacks,
+                        buffer overflows and has poor authentication for querying NIS maps. NIS generally
+                        been replaced by such protocols as Lightweight Directory Access Protocol (LDAP). It
+                        is recommended that the service be disabled and other, more secure services be used</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove or comment out start lines in                                             
+                              <span class="inline_block">/etc/init/ypserv.conf</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              #start on (started portmap ON_BOOT=                                              
+                              <br></br>
+                              
+                              
+                              
+                              # or (started portmap ON_BOOT=y                                                  
+                              <br></br>
+                              
+                              
+                              
+                              # and ((filesystem and static-network-up) or failsafe-boot)))                    
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18341" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure NIS Server is not enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18341_xml_result_button" onclick="switchState('d1e18341_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18341_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_Ensure_NIS_Server_is_not_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.451-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1127"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18341_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4221" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e4796" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_2.3_Service_Clients">2.3 Service Clients</h2>
+                  <div class="description">
+                     <p>A number of insecure services exist. While disabling the servers prevents a local
+                        attack against these services, it is advised to remove their clients unless they are
+                        required.</p>
+                     <p></p>
+                     <p><strong>Note</strong><span>: This should not be considered a comprehensive list of insecure service clients.
+                           You may wish to consider additions to those listed here for your environment.</span></p>
+                  </div>
+               </div>
+               <div id="detail-d1e18346" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed">2.3.1 Ensure NIS Client is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server
+                        directory service protocol used to distribute system configuration files. The NIS
+                        client (                                                                <span class="inline_block">ypbind</span>
+                        
+                        
+                        
+                        ) was used to bind a machine to an NIS server and receive the distributed configuration
+                        files.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>The NIS service is inherently an insecure system that has been vulnerable to DOS attacks,
+                        buffer overflows and has poor authentication for querying NIS maps. NIS generally
+                        has been replaced by such protocols as Lightweight Directory Access Protocol (LDAP).
+                        It is recommended that the service be removed.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to uninstall                                           
+                              <span><span>nis</span></span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">apt-get remove nis</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Many insecure service clients are used as troubleshooting tools and in testing environments.
+                                 Uninstalling them can inhibit capability to test and troubleshoot. If they are required
+                                 it is advisable to remove the clients after use to prevent accidental or intentional
+                                 misuse.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18346" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure NIS Client is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18346_xml_result_button" onclick="switchState('d1e18346_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18346_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1_Ensure_NIS_Client_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.451-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1128"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18346_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18351" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed">2.3.2 Ensure rsh client is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">rsh </span>
+                        
+                        
+                        
+                        package contains the client commands for the rsh services.                       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        These legacy clients contain numerous security exposures and have been replaced with
+                        the more secure SSH package. Even if the server is removed, it is best to ensure the
+                        clients are also removed to prevent users from inadvertently attempting to use these
+                        commands and therefore exposing their credentials. Note that removing the        
+                        <span class="inline_block">rsh </span>
+                        
+                        
+                        
+                        package removes the clients for                                                  
+                        <span class="inline_block">rsh</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">rcp </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">rlogin</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to uninstall                                           
+                              <span class="inline_block">rsh</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">apt-get remove rsh-client rsh-redone-client</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Many insecure service clients are used as troubleshooting tools and in testing environments.
+                                 Uninstalling them can inhibit capability to test and troubleshoot. If they are required
+                                 it is advisable to remove the clients after use to prevent accidental or intentional
+                                 misuse.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18351" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh client is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsh client is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18351_xml_result_button" onclick="switchState('d1e18351_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18351_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2_Ensure_rsh_client_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1129"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1130"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18351_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18358" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed">2.3.3 Ensure talk client is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">talk </span>
+                        
+                        
+                        
+                        software makes it possible for users to send and receive messages across systems through
+                        a terminal session. The                                                          
+                        <span class="inline_block">talk </span>
+                        
+                        
+                        
+                        client, which allows initialization of talk sessions, is installed by default.   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>The software presents a security risk as it uses unencrypted protocols for communication.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to uninstall                                           
+                              <span class="inline_block">talk</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">apt-get remove talk</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Many insecure service clients are used as troubleshooting tools and in testing environments.
+                                 Uninstalling them can inhibit capability to test and troubleshoot. If they are required
+                                 it is advisable to remove the clients after use to prevent accidental or intentional
+                                 misuse.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18358" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure talk client is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18358_xml_result_button" onclick="switchState('d1e18358_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18358_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.3.3_Ensure_talk_client_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1131"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18358_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18363" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed">2.3.4 Ensure telnet client is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        package contains the                                                             
+                        <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        client, which allows users to start connections to other systems via the telnet protocol.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">telnet </span>
+                        
+                        
+                        
+                        protocol is insecure and unencrypted. The use of an unencrypted transmission medium
+                        could allow an unauthorized user to steal credentials. The                       
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        package provides an encrypted session and stronger security and is included in most
+                        Linux distributions.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to uninstall                                           
+                              <span class="inline_block">telnet</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># apt-get remove telnet</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Many insecure service clients are used as troubleshooting tools and in testing environments.
+                                 Uninstalling them can inhibit capability to test and troubleshoot. If they are required
+                                 it is advisable to remove the clients after use to prevent accidental or intentional
+                                 misuse.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18363" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure telnet client is not installed</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18363_xml_result_button" onclick="switchState('d1e18363_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18363_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4_Ensure_telnet_client_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1132"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18363_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18368" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed">2.3.5 Ensure LDAP client is not installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for
+                        NIS/YP. It is a service that provides a method for looking up information from a central
+                        database.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the system will not need to act as an LDAP client, it is recommended that the software
+                        be removed to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Uninstall                                                                        
+                              <span class="inline_block">ldap-utils</span>
+                              
+                              
+                              
+                              using the appropriate package manager or manual installation:                    
+                              </p><code class="code_block"># apt-get remove ldap-utils</code><p class="bold">Impact:</p>
+                           <p>
+                              <p>Removing the LDAP client will prevent or inhibit using LDAP for authentication in
+                                 your environment.</p>
+                           </p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18368" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure LDAP client is not installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18368_xml_result_button" onclick="switchState('d1e18368_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18368_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5_Ensure_LDAP_client_is_not_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1133"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18368_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e4974" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3_Network_Configuration">3 Network Configuration</h2>
+                  <div class="description">
+                     <p>This section provides guidance on for securing the network configuration of the system
+                        through kernel parameters, access list control, and firewall settings.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e4980" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.1_Network_Parameters_Host_Only">3.1 Network Parameters (Host Only)</h2>
+                  <div class="description">
+                     <p>The following network parameters are intended for use if the system is to act as a
+                        host only. A system is considered host only if the system has a single interface,
+                        or has multiple interfaces but will not be configured as a router.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e18373" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled">3.1.1 Ensure IP forwarding is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">net.ipv4.ip_forward </span>
+                        
+                        
+                        
+                        flag is used to tell the system whether it can forward packets or not.           
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting the flag to 0 ensures that a system with multiple interfaces (for example,
+                        a hard proxy), will never be able to forward packets, and therefore, never serve as
+                        a router.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">net.ipv4.ip_forward = 0</code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.ip_forward=0                                                
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18373" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IP forwarding is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18373_xml_result_button" onclick="switchState('d1e18373_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18373_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.1.1_Ensure_IP_forwarding_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1134"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.1.1.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1134"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18373_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4980" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18379" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled">3.1.2 Ensure packet redirect sending is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>ICMP Redirects are used to send routing information to other hosts. As a host itself
+                        does not act as a router (in a host only configuration), there is no need to send
+                        redirects.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>An attacker could use a compromised host to send invalid ICMP redirects to other router
+                        devices in an attempt to corrupt routing and have users access a system set up by
+                        the attacker as opposed to a valid system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.send_redirects = 0                                             
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.conf.default.send_redirects = 0                                         
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.send_redirects=0                                   
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.send_redirects                                 
+                              <span>=0</span><br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18379" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure packet redirect sending is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure packet redirect sending is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18379_xml_result_button" onclick="switchState('d1e18379_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18379_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.1.2_Ensure_packet_redirect_sending_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.452-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1135"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.1.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1135"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1136"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.1.2.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1136"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18379_xml_result', false);</script><div class="backtop"><a href="#summary-d1e4980" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e5055" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.2_Network_Parameters_Host_and_Router">3.2 Network Parameters (Host and Router)</h2>
+                  <div class="description">
+                     <p><span>The following network parameters are intended for use on both host only and router
+                           systems. </span>
+                        
+                        
+                        
+                        A system acts as a router if it has at least two interfaces and is configured to perform
+                        routing functions.                                                </p>
+                  </div>
+               </div>
+               <div id="detail-d1e18389" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted">3.2.1 Ensure source routed packets are not accepted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>In networking, source routing allows a sender to partially or fully specify the route
+                        packets take through a network. In contrast, non-source routed packets travel a path
+                        determined by routers in the network. In some cases, systems may not be routable or
+                        reachable from some locations (e.g. private addresses vs. Internet routable), and
+                        so source routed packets would need to be used.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Setting                                                                 <span class="inline_block">net.ipv4.conf.all.accept_source_route </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">net.ipv4.conf.default.accept_source_route </span>
+                        
+                        
+                        
+                        to 0 disables the system from accepting source routed packets. Assume this system
+                        was capable of routing packets to Internet routable addresses on one interface and
+                        private addresses on another interface. Assume that the private addresses were not
+                        routable to the Internet routable addresses and vice versa. Under normal routing circumstances,
+                        an attacker from the Internet routable addresses could not use the system as a way
+                        to reach the private address systems. If, however, source routed packets were allowed,
+                        they could be used to gain access to the private address systems as the route could
+                        be specified, rather than rely on routing protocols that did not allow this routing.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.accept_source_route = 0                                        
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.                                                                        
+                              <span>conf.default.accept_source_route = 0</span></code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.accept_source_route=0                              
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.accept_source_route=0                          
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18389" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure source routed packets are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure source routed packets are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18389_xml_result_button" onclick="switchState('d1e18389_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18389_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.1_Ensure_source_routed_packets_are_not_accepted"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1137"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.1.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1137"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1138"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.1.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1138"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18389_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18398" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted">3.2.2 Ensure ICMP redirects are not accepted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        ICMP redirect messages are packets that convey routing information and tell your host
+                        (acting as a router) to send packets via an alternate path. It is a way of allowing
+                        an outside routing device to update your system routing tables. By setting       
+                        <span class="inline_block">net.ipv4.conf.all.accept_redirects </span>
+                        
+                        
+                        
+                        to 0, the system will not accept any ICMP redirect messages, and therefore, won't
+                        allow outsiders to update the system's routing tables.                           
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Attackers could use bogus ICMP redirect messages to maliciously alter the system routing
+                        tables and get them to send packets to incorrect networks and allow your system packets
+                        to be captured.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.accept_redirects = 0                                           
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.conf.default.accept_redirects = 0                                       
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.accept_redirects=0                                 
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.accept_redirects=0                             
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18398" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ICMP redirects are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure ICMP redirects are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18398_xml_result_button" onclick="switchState('d1e18398_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18398_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.2_Ensure_ICMP_redirects_are_not_accepted"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1139"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1139"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1140"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.2.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1140"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18398_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18407" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted">3.2.3 Ensure secure ICMP redirects are not accepted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Secure ICMP redirects are the same as ICMP redirects, except they come from gateways
+                        listed on the default gateway list. It is assumed that these gateways are known to
+                        your system, and that they are likely to be secure.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is still possible for even known gateways to be compromised. Setting          
+                        <span class="inline_block">net.ipv4.conf.all.secure_redirects </span>
+                        
+                        
+                        
+                        to 0 protects the system from routing table updates by possibly compromised known
+                        gateways.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.secure_redirects = 0                                           
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.conf.default.secure_redirects = 0                                       
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.secure_redirects=0                                 
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.secure_redirects=0                             
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18407" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure secure ICMP redirects are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure secure ICMP redirects are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18407_xml_result_button" onclick="switchState('d1e18407_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18407_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.3_Ensure_secure_ICMP_redirects_are_not_accepted"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1141"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1141"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1142"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.3.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1142"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18407_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18416" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged">3.2.4 Ensure suspicious packets are logged</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>When enabled, this feature logs packets with un-routable source addresses to the kernel
+                        log.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Enabling this feature and logging these packets allows an administrator to investigate
+                        the possibility that an attacker is sending spoofed packets to their system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.log_martians = 1                                               
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.conf.default.log_martians = 1                                           
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.log_martians=1                                     
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.log_martians=1                                 
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18416" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure suspicious packets are logged</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure suspicious packets are logged</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18416_xml_result_button" onclick="switchState('d1e18416_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18416_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.4_Ensure_suspicious_packets_are_logged"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1143"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.4.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1143"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1144"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.4.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1144"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18416_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18425" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored">3.2.5 Ensure broadcast ICMP requests are ignored</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Setting                                                                 <span class="inline_block">net.ipv4.icmp_echo_ignore_broadcasts </span>
+                        
+                        
+                        
+                        to 1 will cause the system to ignore all ICMP echo and timestamp requests to broadcast
+                        and multicast addresses.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Accepting ICMP echo and timestamp requests with broadcast or multicast destinations
+                        for your network could be used to trick your host into starting (or participating)
+                        in a Smurf attack. A Smurf attack relies on an attacker sending large amounts of ICMP
+                        broadcast messages with a spoofed source address. All hosts receiving this message
+                        and responding would send echo-reply messages back to the spoofed address, which is
+                        probably not routable. If many hosts respond to the packets, the amount of traffic
+                        on the network could be significantly multiplied.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">net.ipv4.icmp_echo_ignore_broadcasts = 1</code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1                               
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18425" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure broadcast ICMP requests are ignored</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18425_xml_result_button" onclick="switchState('d1e18425_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18425_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.5_Ensure_broadcast_ICMP_requests_are_ignored"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1145"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.5.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1145"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18425_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18431" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored">3.2.6 Ensure bogus ICMP responses are ignored</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Setting                                                                 <span class="inline_block">icmp_ignore_bogus_error_responses </span>
+                        
+                        
+                        
+                        to 1 prevents the kernel from logging bogus responses (RFC-1122 non-compliant) from
+                        broadcast reframes, keeping file systems from filling up with useless log messages.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Some routers (and some attackers) will send responses that violate RFC-1122 and attempt
+                        to fill up a log file system with many useless error messages.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">net.ipv4.icmp_ignore_bogus_error_responses = 1</code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1                         
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18431" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure bogus ICMP responses are ignored</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18431_xml_result_button" onclick="switchState('d1e18431_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18431_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.6_Ensure_bogus_ICMP_responses_are_ignored"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.453-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1146"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.6.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1146"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18431_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18437" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled">3.2.7 Ensure Reverse Path Filtering is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Setting                                                                 <span class="inline_block">net.ipv4.conf.all.rp_filter </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">net.ipv4.conf.default.rp_filter </span>
+                        
+                        
+                        
+                        to 1 forces the Linux kernel to utilize reverse path filtering on a received packet
+                        to determine if the packet was valid. Essentially, with reverse path filtering, if
+                        the return packet does not go out the same interface that the corresponding source
+                        packet came from, the packet is dropped (and logged if                           
+                        <span class="inline_block">log_martians </span>
+                        
+                        
+                        
+                        is set).                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting these flags is a good way to deter attackers from sending your system bogus
+                        packets that cannot be responded to. One instance where this feature breaks down is
+                        if asymmetrical routing is employed. This would occur when using dynamic routing protocols
+                        (bgp, ospf, etc) on your system. If you are using asymmetrical routing on your system,
+                        you will not be able to enable this feature without breaking the routing.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv4.conf.all.rp_filter = 1                                                  
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv4.conf.default.rp_filter = 1                                              
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.all.rp_filter=1                                        
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.conf.default.rp_filter=1                                    
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18437" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure Reverse Path Filtering is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure Reverse Path Filtering is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18437_xml_result_button" onclick="switchState('d1e18437_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18437_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.7_Ensure_Reverse_Path_Filtering_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.454-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1147"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.7.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1147"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1148"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.7.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1148"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18437_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18446" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled">3.2.8 Ensure TCP SYN Cookies is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        When                                                                 <span class="inline_block">tcp_syncookies </span>
+                        
+                        
+                        
+                        is set, the kernel will handle TCP SYN packets normally until the half-open connection
+                        queue is full, at which time, the SYN cookie functionality kicks in. SYN cookies work
+                        by not using the SYN queue at all. Instead, the kernel simply replies to the SYN with
+                        a SYN|ACK, but will include a specially crafted TCP sequence number that encodes the
+                        source and destination IP address and port number and the time the packet was sent.
+                        A legitimate connection would send the ACK packet of the three way handshake with
+                        the specially crafted sequence number. This allows the system to verify that it has
+                        received a valid response to a SYN cookie and allow the connection, even though there
+                        is no corresponding SYN in the queue.                                            
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Attackers use SYN flood attacks to perform a denial of service attacked on a system
+                        by sending many SYN packets without completing the three way handshake. This will
+                        quickly use up slots in the kernel's half-open connection queue and prevent legitimate
+                        connections from succeeding. SYN cookies allow the system to keep accepting valid
+                        connections, even if under a denial of service attack.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameter in the                                               
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">net.ipv4.tcp_syncookies = 1</code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.tcp_syncookies=1                                            
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv4.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18446" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure TCP SYN Cookies is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18446_xml_result_button" onclick="switchState('d1e18446_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18446_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.2.8_Ensure_TCP_SYN_Cookies_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.454-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1149"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.2.8.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1149"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18446_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5055" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e5360" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.3_IPv6">3.3 IPv6</h2>
+                  <div class="description">
+                     <p>IPv6 is a networking protocol that supersedes IPv4. It has more routable addresses
+                        and has built in security. If IPv6 is to be used, follow this section of the benchmark
+                        to configure IPv6, otherwise disable IPv6.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e18452" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted">3.3.1 Ensure IPv6 router advertisements are not accepted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>This setting disables the system's ability to accept IPv6 router advertisements.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>It is recommended that systems not accept router advertisements as they could be tricked
+                        into routing traffic to compromised machines. Setting hard routes within the system
+                        (usually a single default route to a trusted router) protects the system from bad
+                        routes.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv6.conf.all.accept_ra = 0                                                  
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv6.conf.default.accept_ra = 0                                              
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.conf.all.accept_ra=0                                        
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.conf.default.accept_ra=0                                    
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18452" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 router advertisements are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 router advertisements are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 router advertisements are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18452_xml_result_button" onclick="switchState('d1e18452_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18452_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.3.1_Ensure_IPv6_router_advertisements_are_not_accepted"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.455-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1150"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.3.1.1_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1150"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1151"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.3.1.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1151"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1152"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.3.1.3_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1152"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18452_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5360" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18465" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted">3.3.2 Ensure IPv6 redirects are not accepted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>This setting prevents the system from accepting ICMP redirects. ICMP redirects tell
+                        the system about alternate routes for sending traffic.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>It is recommended that systems not accept ICMP redirects as they could be tricked
+                        into routing traffic to compromised machines. Setting hard routes within the system
+                        (usually a single default route to a trusted router) protects the system from bad
+                        routes.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the following parameters in the                                              
+                              <span class="inline_block">/etc/sysctl.conf </span>
+                              
+                              
+                              
+                              file:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              net.ipv6.conf.all.accept_redirects = 0                                           
+                              <br></br>
+                              
+                              
+                              
+                              net.ipv6.conf.default.accept_redirects = 0                                       
+                              </code><p>Run the following commands to set the active kernel parameters:</p><code class="code_block">
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.conf.all.accept_redirects=0                                 
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.conf.default.accept_redirects=0                             
+                              <br></br>
+                              
+                              
+                              
+                              # sysctl -w net.ipv6.route.flush=1                                               
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18465" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 redirects are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 redirects are not accepted</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 redirects are not accepted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18465_xml_result_button" onclick="switchState('d1e18465_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18465_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.3.2_Ensure_IPv6_redirects_are_not_accepted"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.455-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1153"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.3.2.1_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1153"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1154"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.3.2.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1154"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1155"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.3.2.3_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1155"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18465_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5360" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18478" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled">3.3.3 Ensure IPv6 is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Although IPv6 has many advantages over IPv4, few organizations have implemented IPv6.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If IPv6 is not to be used, it is recommended that it be disabled to reduce the attack
+                        surface of the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit                                                                             
+                              <span class="inline_block">/etc/default/grub</span>
+                              
+                              
+                              
+                              and add                                                                          
+                              <span class="inline_block">'</span><span class="inline_block">ipv6.disable=1'</span>
+                              
+                              
+                              
+                              to GRUB_CMDLINE_LINUX:                                                           
+                              </p><code class="code_block">GRUB_CMDLINE_LINUX="ipv6.disable=1"</code><p>
+                              
+                              
+                              
+                              Run the following command to update the                                          
+                              <span class="inline_block">grub2</span>
+                              
+                              
+                              
+                              configuration:                                                                   
+                              </p><code class="code_block"># update-grub</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18478" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure IPv6 is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18478_xml_result_button" onclick="switchState('d1e18478_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18478_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.3.3_Ensure_IPv6_is_disabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.455-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1156"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.3.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1156"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18478_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5360" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e5482" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.4_TCP_Wrappers">3.4 TCP Wrappers</h2>
+                  <div class="description">
+                     <p></p>
+                  </div>
+               </div>
+               <div id="detail-d1e18485" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed">3.4.1 Ensure TCP Wrappers is installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        TCP Wrappers provides a simple access list and standardized logging method for services
+                        capable of supporting it. In the past, services that were called from            
+                        <span class="inline_block">inetd </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">xinetd </span>
+                        
+                        
+                        
+                        supported the use of tcp wrappers. As                                            
+                        <span class="inline_block">inetd </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">xinetd </span>
+                        
+                        
+                        
+                        have been falling in disuse, any service that can support tcp wrappers will have the
+                        <span class="inline_block">libwrap.so </span>
+                        
+                        
+                        
+                        library attached to it.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>TCP Wrappers provide a good simple access list mechanism to services that may not
+                        have that support built in. It is recommended that all services that can support TCP
+                        Wrappers, use it.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to install TCP Wrappers:</p><code class="code_block">apt-get install tcpd</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18485" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure TCP Wrappers is installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18485_xml_result_button" onclick="switchState('d1e18485_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18485_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.4.1_Ensure_TCP_Wrappers_is_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.455-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1157"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18485_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5482" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18490" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured">3.4.2 Ensure /etc/hosts.allow is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        file specifies which IP addresses are permitted to connect to the host. It is intended
+                        to be used in conjunction with the                                               
+                        <span class="inline_block">/etc/hosts.deny </span>
+                        
+                        
+                        
+                        file.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        file supports access control by IP and helps ensure that only authorized systems can
+                        connect to the system.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to create                                              
+                              <span class="inline_block">/etc/hosts.allow</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # echo "ALL:                                                                     
+                              <em>&lt;net&gt;</em>
+                              
+                              
+                              
+                              /                                                                                <em>&lt;mask&gt;</em>
+                              
+                              
+                              
+                              ,                                                                                
+                              <em>&lt;net&gt;</em>
+                              
+                              
+                              
+                              /                                                                                <em>&lt;mask&gt;</em>
+                              
+                              
+                              
+                              , ..." &gt;/etc/hosts.allow                                                         
+                              </code><p>
+                              
+                              
+                              
+                              where each                                                                       
+                              <em>&lt;net&gt;/&lt;mask&gt;</em>
+                              
+                              
+                              
+                              combination (for example, "192.168.1.0/255.255.255.0") represents one network block
+                              in use by your organization that requires access to this system.                 
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18490" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure /etc/hosts.allow is configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18490_xml_result_button" onclick="switchState('d1e18490_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18490_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.4.2_Ensure_etchosts.allow_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.455-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1158"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18490_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5482" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18495" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured">3.4.3 Ensure /etc/hosts.deny is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.deny </span>
+                        
+                        
+                        
+                        file specifies which IP addresses are                                            
+                        <strong>not</strong>
+                        
+                        
+                        
+                        permitted to connect to the host. It is intended to be used in conjunction with the
+                        <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        file.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.deny </span>
+                        
+                        
+                        
+                        file serves as a failsafe so that any host not specified in                      
+                        <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        is denied access to the system.                                                  
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to create                                              
+                              <span class="inline_block">/etc/hosts.deny</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># echo "ALL: ALL" &gt;&gt; /etc/hosts.deny</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18495" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure /etc/hosts.deny is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18495_xml_result_button" onclick="switchState('d1e18495_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18495_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.4.3_Ensure_etchosts.deny_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.456-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1159"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.4.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1159"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18495_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5482" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18501" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured">3.4.4 Ensure permissions on /etc/hosts.allow are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        file contains networking information that is used by many applications and therefore
+                        must be readable for these applications to operate.                              
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/hosts.allow </span>
+                        
+                        
+                        
+                        file is protected from unauthorized write access. Although it is protected by default,
+                        the file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set permissions on                                 
+                              <span class="inline_block">/etc/hosts.allow</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/hosts.allow                                               
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/hosts.allow                                                     
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18501" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/hosts.allow are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18501_xml_result_button" onclick="switchState('d1e18501_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18501_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.4.4_Ensure_permissions_on_etchosts.allow_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.456-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1160"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18501_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5482" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18506" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644">3.4.5 Ensure permissions on /etc/hosts.deny are 644</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/hosts.deny </span>
+                        
+                        
+                        
+                        file contains network information that is used by many system applications and therefore
+                        must be readable for these applications to operate.                              
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/hosts.deny </span>
+                        
+                        
+                        
+                        file is protected from unauthorized write access. Although it is protected by default,
+                        the file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set permissions on                                 
+                              <span class="inline_block">/etc/hosts.deny</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/hosts.deny                                                
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/hosts.deny                                                      
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18506" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/hosts.deny are 644</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18506_xml_result_button" onclick="switchState('d1e18506_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18506_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.4.5_Ensure_permissions_on_etchosts.deny_are_644"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.456-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1161"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18506_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5482" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e5684" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.5_Uncommon_Network_Protocols">3.5 Uncommon Network Protocols</h2>
+                  <div class="description">
+                     <p>The Linux kernel modules support several network protocols that are not commonly used.
+                        If these protocols are not needed, it is recommended that they be disabled in the
+                        kernel.</p>
+                     <p></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        This should not be considered a comprehensive list of uncommon network protocols,
+                        you may wish to consider additions to those listed here for your environment.    
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e18511" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled">3.5.1 Ensure DCCP is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol that
+                        supports streaming media and telephony. DCCP provides a way to gain access to congestion
+                        control, without having to do it at the application layer, but does not provide in-sequence
+                        delivery.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the protocol is not required, it is recommended that the drivers not be installed
+                        <br></br>
+                        
+                        
+                        
+                        to reduce the potential attack surface.                                          
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install dccp /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18511" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure DCCP is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure DCCP is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18511_xml_result_button" onclick="switchState('d1e18511_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18511_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.5.1_Ensure_DCCP_is_disabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.456-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1162"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1163"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18511_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5684" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18518" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled">3.5.2 Ensure SCTP is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Stream Control Transmission Protocol (SCTP) is a transport layer protocol used
+                        to support message oriented communication, with several streams of messages in one
+                        connection. It serves a similar function as TCP and UDP, incorporating features of
+                        both. It is message-oriented like UDP, and ensures reliable in-sequence transport
+                        of messages with congestion control like TCP.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the protocol is not being used, it is recommended that kernel module not be loaded,
+                        disabling the service to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install sctp /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18518" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SCTP is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SCTP is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18518_xml_result_button" onclick="switchState('d1e18518_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18518_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.5.2_Ensure_SCTP_is_disabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.456-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1164"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1165"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18518_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5684" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18525" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled">3.5.3 Ensure RDS is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed
+                        to provide low-latency, high-bandwidth communications between cluster nodes. It was
+                        developed by the Oracle Corporation.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the protocol is not being used, it is recommended that kernel module not be loaded,
+                        disabling the service to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install rds /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18525" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure RDS is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure RDS is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18525_xml_result_button" onclick="switchState('d1e18525_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18525_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.5.3_Ensure_RDS_is_disabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.457-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1166"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1167"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18525_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5684" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18532" class="Rule "><span class="outcome informational ruleResultArea">Informational</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled">3.5.4 Ensure TIPC is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The Transparent Inter-Process Communication (TIPC) protocol is designed to provide
+                        communication between cluster nodes.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the protocol is not being used, it is recommended that kernel module not be loaded,
+                        disabling the service to reduce the potential attack surface.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit or create the file                                                          
+                              <span class="inline_block">/etc/modprobe.d/CIS.conf </span>
+                              
+                              
+                              
+                              and add the following line:                                                      
+                              </p><code class="code_block">install tipc /bin/true</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18532" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure TIPC is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure TIPC is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18532_xml_result_button" onclick="switchState('d1e18532_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18532_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.5.4_Ensure_TIPC_is_disabled"
+             role="unscored"
+             severity="unknown"
+             time="2019-11-19T23:30:03.457-05:00"
+             version="1"
+             weight="0.0"&gt;
+   &lt;result&gt;informational&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1168"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1169"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18532_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5684" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e5796" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_3.6_Firewall_Configuration">3.6 Firewall Configuration</h2>
+                  <div class="description">
+                     <p>IPtables is an application that allows a system administrator to configure the IPv4
+                        tables, chains and rules provided by the Linux kernel firewall. While several methods
+                        of configuration exist this section is intended only to ensure the resulting IPtables
+                        rules are in place, not how they are configured. If IPv6 is in use in your environment,
+                        similar settings should be applied to the IP6tables as well.</p>
+                     <p></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        This section broadly assumes starting with an empty IPtables firewall ruleset (established
+                        by flushing the rules with                                                       
+                        <span class="inline_block">iptables -F</span>
+                        
+                        
+                        
+                        ). Remediation steps included only affect the live system, you will also need to configure
+                        your default firewall configuration to apply on boot. Configuration of a live systems
+                        firewall directly over a remote connection will often result in being locked out.
+                        It is advised to have a known good firewall configuration set to run on boot and to
+                        configure an entire firewall structure in a script that is then run and tested before
+                        saving to boot. The following script will implement the firewall rules of this section
+                        and open port 22(ssh) from anywhere:                                             
+                        </p><code class="pre_0.7988003959968388">
+                        
+                        
+                        
+                        #!/bin/bash                                                        <br></br><br></br>
+                        
+                        
+                        
+                        # Flush IPtables rules                                                        <br></br>
+                        
+                        
+                        
+                        iptables -F                                                        <br></br><br></br>
+                        
+                        
+                        
+                        # Ensure default deny firewall policy                                            
+                        <br></br>
+                        
+                        
+                        
+                        iptables -P INPUT DROP                                                        <br></br>
+                        
+                        
+                        
+                        iptables -P OUTPUT DROP                                                        <br></br>
+                        
+                        
+                        
+                        iptables -P FORWARD DROP                                                        <br></br><br></br>
+                        
+                        
+                        
+                        # Ensure loopback traffic is configured                                          
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -i lo -j ACCEPT                                                
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A OUTPUT -o lo -j ACCEPT                                               
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -s 127.0.0.0/8 -j DROP                                         
+                        <br></br><br></br>
+                        
+                        
+                        
+                        # Ensure outbound and established connections are configured                     
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT             
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT             
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT            
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT                  
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT                  
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT                 
+                        <br></br><br></br>
+                        
+                        
+                        
+                        # Open inbound ssh(tcp port 22) connections                                      
+                        <br></br>
+                        
+                        
+                        
+                        iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT               
+                        </code><p></p>
+                     <p>Ubuntu is distributed with the UFW service which acts as a front end to iptables.
+                        The default configuration of UFW implements a configuration very similar to that recommended
+                        here. IPTables configuration allows for far more complex implementations than those
+                        listed here which may satisfy the intent of these recommendations without strictly
+                        matching the examples provided. Note: UFW may interfere with sysctl settings.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e18539" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed">3.6.1 Ensure iptables is installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span class="inline_block">iptables</span>
+                        
+                        
+                        
+                        allows configuration of the IPv4 tables in the linux kernel and the rules stored within
+                        them. Most firewall configuration utilities operate as a front end to            
+                        <span class="inline_block">iptables</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>iptables is required for firewall management and configuration.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to install                                             
+                              <span class="inline_block">iptables</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"><span># apt-get install iptables</span></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18539" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure iptables is installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18539_xml_result_button" onclick="switchState('d1e18539_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18539_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.6.1_Ensure_iptables_is_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.457-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1170"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18539_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18544" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy">3.6.2 Ensure default deny firewall policy</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>A default deny all policy on connections ensures that any unconfigured network usage
+                        will be rejected.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>With a default accept policy the firewall will accept any packet that is not configured
+                        to be denied. It is easier to white list acceptable usage than to black list unacceptable
+                        usage.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following commands to implement a default DROP policy:</p><code class="code_block">
+                              
+                              
+                              
+                              # iptables -P INPUT DROP                                                         
+                              <br></br>
+                              
+                              
+                              
+                              # iptables -P OUTPUT DROP                                                        
+                              <br></br>
+                              
+                              
+                              
+                              # iptables -P FORWARD DROP                                                       
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18544" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default deny firewall policy</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default deny firewall policy</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default deny firewall policy</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18544_xml_result_button" onclick="switchState('d1e18544_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18544_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.6.2_Ensure_default_deny_firewall_policy"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.457-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1171"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.6.2.1_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1171"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1172"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.6.2.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1172"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1173"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.6.2.3_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1173"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18544_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18558" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured">3.6.3 Ensure loopback traffic is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Configure the loopback interface to accept traffic. Configure all other interfaces
+                        to deny traffic to the loopback network (127.0.0.0/8).</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Loopback traffic is generated between processes on machine and is typically critical
+                        to operation of the system. The loopback interface is the only place that loopback
+                        network (127.0.0.0/8) traffic should be seen, all other interfaces should ignore traffic
+                        on this network as an anti-spoofing measure.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following commands to implement the loopback rules:</p><code class="code_block">
+                              
+                              
+                              
+                              # iptables -A INPUT -i lo -j ACCEPT                                              
+                              <br></br>
+                              
+                              
+                              
+                              # iptables -A OUTPUT -o lo -j ACCEPT                                             
+                              <br></br>
+                              
+                              
+                              
+                              # iptables -A INPUT -s 127.0.0.0/8 -j DROP                                       
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18558" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure loopback traffic is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure loopback traffic is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure loopback traffic is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18558_xml_result_button" onclick="switchState('d1e18558_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18558_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.6.3_Ensure_loopback_traffic_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.458-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1174"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.6.3.1_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1174"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1175"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_3.6.3.2_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1175"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1176"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_3.6.3.3_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1176"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18558_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18573" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports">3.6.5 Ensure firewall rules exist for all open ports</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Any ports that have been opened on non-loopback addresses need firewall rules to govern
+                        traffic.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Without a firewall rule configured for open ports default firewall policy will drop
+                        all packets to these ports.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>For each port identified in the audit which does not have a firewall rule establish
+                              a proper rule for accepting inbound connections:</p><code class="code_block">
+                              
+                              
+                              
+                              # iptables -A INPUT -p                                                           
+                              <em>&lt;protocol&gt;</em>
+                              
+                              
+                              
+                              --dport                                                                          
+                              <em>&lt;port&gt;</em>
+                              
+                              
+                              
+                              -m state --state NEW -j ACCEPT                                                   
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18573" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure firewall rules exist for all open ports</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18573_xml_result_button" onclick="switchState('d1e18573_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18573_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_3.6.5_Ensure_firewall_rules_exist_for_all_open_ports"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.458-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1177"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18573_xml_result', false);</script><div class="backtop"><a href="#summary-d1e5796" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e6045" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4_Logging_and_Auditing">4 Logging and Auditing</h2>
+                  <div class="description">
+                     <p>The items in this section describe how to configure logging, log monitoring, and auditing,
+                        using tools included in Ubuntu.</p>
+                     <p>
+                        
+                        
+                        
+                        It is recommended that                                                 <span class="inline_block">rsyslog </span>
+                        
+                        
+                        
+                        be used for logging (with                                                 <span class="inline_block">logwatch </span>
+                        
+                        
+                        
+                        providing summarization) and                                                 <span class="inline_block">auditd</span>
+                        
+                        
+                        
+                        be used for auditing (with                                                 <span class="inline_block">aureport </span>
+                        
+                        
+                        
+                        providing summarization) to automatically monitor logs for intrusion attempts and
+                        other suspicious system behavior.                                        </p>
+                     <p>In addition to the local log files created by the steps in this section, it is also
+                        recommended that sites collect copies of their system logs on a secure, centralized
+                        log server via an encrypted connection. Not only does centralized logging help sites
+                        correlate events that may be occurring on multiple systems, but having a second copy
+                        of the system log information may be critical after a system compromise where the
+                        attacker has modified the local log files on the affected system(s). If a log correlation
+                        system is deployed, configure it to process the logs described in this section.</p>
+                     <p>
+                        
+                        
+                        
+                        Because it is often necessary to correlate log information from many different systems
+                        (particularly after a security incident) it is recommended that the time be synchronized
+                        among systems and devices connected to the local network. The standard Internet protocol
+                        for time synchronization is the Network Time Protocol (NTP), which is supported by
+                        most network-ready devices. See the                                              
+                        <span class="inline_block">ntpd(8)</span>
+                        
+                        
+                        
+                        manual page for more information on configuring NTP.                             
+                        </p>
+                     <p>It is important that all logs described in this section be monitored on a regular
+                        basis and correlated to determine trends. A seemingly innocuous entry in one log could
+                        be more significant when compared to an entry in another log.</p>
+                     <p><strong>Note on log file permissions:</strong>
+                        
+                        
+                        
+                        There really isn't a "one size fits all" solution to the permissions on log files.
+                        Many sites utilize group permissions so that administrators who are in a defined security
+                        group, such as "wheel" do not have to elevate privileges to root in order to read
+                        log files. Also, if a third party log aggregation tool is used, it may need to have
+                        group permissions to read the log files, which is preferable to having it run setuid
+                        to root. Therefore, there are two remediation and audit steps for log file permissions.
+                        One is for systems that do not have a secured group method implemented that only permits
+                        root to read the log files (                                                <span class="inline_block">root:root 600</span>
+                        
+                        
+                        
+                        ). The other is for sites that do have such a setup and are designated as        
+                        <span class="inline_block">root:securegrp 640 </span>
+                        
+                        
+                        
+                        where                                                 <span class="inline_block">securegrp </span>
+                        
+                        
+                        
+                        is the defined security group (in some cases                                     
+                        <span class="inline_block">wheel</span>
+                        
+                        
+                        
+                        ).                                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e6089" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4.1_Configure_System_Accounting_auditd">4.1 Configure System Accounting (auditd)</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        System auditing, through                                                         <span class="inline_block">auditd</span>
+                        
+                        
+                        
+                        , allows system administrators to monitor their systems such that they can detect
+                        unauthorized access or modification of data. By default, auditd will audit SELinux
+                        AVC denials, system logins, account modifications, and authentication events. Events
+                        will be logged to                                                         <span class="inline_block">/var/log/audit/audit.log</span>
+                        
+                        
+                        
+                        . The recording of these events will use a modest amount of disk space on a system.
+                        If significantly more events are captured, additional on system or off system storage
+                        may need to be allocated.                                                </p>
+                     <p></p>
+                     <p>
+                        
+                        
+                        
+                        The recommendations in this section implement an audit policy that produces large
+                        quantities of logged data. In some environments it can be challenging to store or
+                        process these logs and as such they are marked as Level 2 for both Servers and Workstations.
+                        <br></br><br></br><strong>Note:</strong>
+                        
+                        
+                        
+                        For 64 bit systems that have arch as a rule parameter, you will need two rules: one
+                        for 64 bit and one for 32 bit systems. For 32 bit systems, only one rule is needed.
+                        </p>
+                     <p></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        Once all configuration changes have been made to                                 
+                        <span class="inline_block">/etc/audit/audit.rules</span>
+                        
+                        
+                        
+                        , the auditd configuration must be reloaded:                                     
+                        </p><code class="pre_0.0372954777912593"># service auditd reload</code></div>
+               </div>
+               <div id="detail-d1e6117" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4.1.1_Configure_Data_Retention">4.1.1 Configure Data Retention</h2>
+                  <div class="description">
+                     <p>When auditing, it is important to carefully configure the storage requirements for
+                        audit logs. By default, auditd will max out the log files at 5MB and retain only 4
+                        copies of them. Older versions will be deleted. It is possible on a system that the
+                        20 MBs of audit logs may fill up the system causing loss of audit data. While the
+                        recommendations here provide guidance, check your site policy for audit storage requirements.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e7242" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4.2_Configure_Logging">4.2 Configure Logging</h2>
+                  <div class="description">
+                     <p>Logging services should be configured to prevent information leaks and to aggregate
+                        logs on a remote server so that they can be reviewed in the event of a system compromise
+                        and ease log analysis.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e7248" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4.2.1_Configure_rsyslog">4.2.1 Configure rsyslog</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">rsyslog</span>
+                        
+                        
+                        
+                        software is recommended as a replacement for the                                 
+                        <span class="inline_block"> syslogd</span>
+                        
+                        
+                        
+                        daemon and provides improvements over                                            
+                        <span class="inline_block">syslogd</span>
+                        
+                        
+                        
+                        , such as connection-oriented (i.e. TCP) transmission of logs, the option to log to
+                        database formats, and the encryption of log data en route to a central logging server.
+                        <br></br><br></br><strong>Note:</strong>
+                        
+                        
+                        
+                        This section only applies if                                                     
+                        <span class="inline_block">rsyslog</span>
+                        
+                        
+                        
+                        is installed on the system.                                                      
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e18817" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled">4.2.1.1 Ensure rsyslog Service is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Once the                                                                         <span class="inline_block">rsyslog</span>
+                        
+                        
+                        
+                        package is installed it needs to be activated.                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the                                                                         <span class="inline_block">rsyslog</span>
+                        
+                        
+                        
+                        service is not activated the system may default to the                           
+                        <span class="inline_block">syslogd</span>
+                        
+                        
+                        
+                        service or lack logging instead.                                                 
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the proper start conditions in                                               
+                              <span class="inline_block">/etc/init/rsyslog.conf</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">start on filesystem</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18817" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog Service is enabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog Service is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18817_xml_result_button" onclick="switchState('d1e18817_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18817_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.1_Ensure_rsyslog_Service_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.458-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1243"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1244"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18817_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7248" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18826" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured">4.2.1.3 Ensure rsyslog default file permissions configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>rsyslog will create logfiles that do not already exist on the system. This setting
+                        controls what permissions will be applied to these newly created files.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>It is important to ensure that log files have the correct permissions to ensure that
+                        sensitive data is archived and protected.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the /etc/rsyslog.conf and set                                               
+                              <span class="inline_block">$FileCreateMode</span>
+                              
+                              
+                              
+                              to                                                                               
+                              <span class="inline_block">0640</span>
+                              
+                              
+                              
+                              or more restrictive:                                                             
+                              </p><code class="code_block">$FileCreateMode 0640</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18826" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog default file permissions configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog default file permissions configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18826_xml_result_button" onclick="switchState('d1e18826_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18826_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.3_Ensure_rsyslog_default_file_permissions_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.458-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1245"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_4.2.1.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1245"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1246"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18826_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7248" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18834" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host">4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">rsyslog </span>
+                        
+                        
+                        
+                        utility supports the ability to send logs it gathers to a remote log host running
+                        <span class="inline_block">syslogd(8) </span>
+                        
+                        
+                        
+                        or to receive messages from remote hosts, reducing administrative overhead.      
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Storing log data on a remote host protects log integrity from local attacks. If an
+                        attacker gains root access on the local system, they could tamper with or remove log
+                        data that is stored on the local system</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/rsyslog.conf </span>
+                              
+                              
+                              
+                              file and add the following line (where                                           
+                              <span class="inline_block"><em>loghost.example.com</em></span>
+                              
+                              
+                              
+                              is the name of your central log host).                                           
+                              </p><code class="code_block">*.* @@loghost.example.com</code><p>
+                              
+                              
+                              
+                              Run the following command to restart                                             
+                              <span class="inline_block">rsyslog</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block"># pkill -HUP rsyslogd</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18834" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog is configured to send logs to a remote log host</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog is configured to send logs to a remote log host</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18834_xml_result_button" onclick="switchState('d1e18834_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18834_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_is_configured_to_send_logs_to_a_remote_log_host"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.459-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1247"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_4.2.1.4.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1247"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1248"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18834_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7248" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e7519" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_4.2.2_Configure_syslog-ng">4.2.2 Configure syslog-ng</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        software is recommended as a replacement for the                                 
+                        <span class="inline_block"> syslogd</span>
+                        
+                        
+                        
+                        daemon and provides improvements over                                            
+                        <span class="inline_block">syslogd</span>
+                        
+                        
+                        
+                        , such as connection-oriented (i.e. TCP) transmission of logs, the option to log to
+                        database formats, and the encryption of log data en route to a central logging server.
+                        <br></br><br></br><strong>Note:</strong>
+                        
+                        
+                        
+                        This section only applies if                                                     
+                        <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        is installed on the system.                                                      
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e18844" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled">4.2.2.1 Ensure syslog-ng service is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Once the                                                                         <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        package is installed it needs to be activated.                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If the                                                                         <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        service is not activated the system may default to the                           
+                        <span class="inline_block">syslogd</span>
+                        
+                        
+                        
+                        service or lack logging instead.                                                 
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to enable                                              
+                              <span class="inline_block">syslog-ng</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block"># update-rc.d syslog-ng enable</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18844" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure syslog-ng service is enabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure syslog-ng service is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18844_xml_result_button" onclick="switchState('d1e18844_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18844_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.1_Ensure_syslog-ng_service_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.459-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1249"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1250"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18844_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7519" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18853" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured">4.2.2.3 Ensure syslog-ng default file permissions configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>syslog-ng will create logfiles that do not already exist on the system. This setting
+                        controls what permissions will be applied to these newly created files.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is important to ensure that log files exist and have the correct permissions to
+                        ensure that sensitive                                                            
+                        <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        data is archived and protected.                                                  
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/syslog-ng/syslog-ng.conf</span>
+                              
+                              
+                              
+                              and set                                                                          
+                              <span class="inline_block">perm</span>
+                              
+                              
+                              
+                              option to                                                                        
+                              <span class="inline_block">0640</span>
+                              
+                              
+                              
+                              or more restrictive:                                                             
+                              </p><code class="code_block">options { chain_hostnames(off); flush_lines(0); perm(0640); stats_freq(3600); threaded(yes);
+                              };</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18853" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure syslog-ng default file permissions configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure syslog-ng default file permissions configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18853_xml_result_button" onclick="switchState('d1e18853_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18853_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.2.3_Ensure_syslog-ng_default_file_permissions_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.459-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1251"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_4.2.2.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1251"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1252"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18853_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7519" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18866" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed">4.2.3 Ensure rsyslog or syslog-ng is installed</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">rsyslog</span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">syslog-ng</span>
+                        
+                        
+                        
+                        software are recommended replacements to the original                            
+                        <span class="inline_block"> syslogd</span>
+                        
+                        
+                        
+                        daemon which provide improvements over                                           
+                        <span class="inline_block">syslogd</span>
+                        
+                        
+                        
+                        ,                                                                 <span>such as connection-oriented (i.e. TCP) transmission of logs, the option to log to
+                           database formats, and the encryption of log data en route to a central logging server.</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p><span>
+                           
+                           
+                           
+                           The security enhancements of                                                     
+                           <span class="inline_block">rsyslog</span>
+                           
+                           
+                           
+                           and                                                                         <span class="inline_block">syslog-ng</span>
+                           
+                           
+                           
+                           such as connection-oriented (i.e. TCP) transmission of logs, the option to log to
+                           database formats, and the encryption of log data en route to a central logging server)
+                           justify installing and configuring the package.                                  
+                           </span></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Install rsyslog or                                                               
+                              <span class="inline_block">syslog-ng</span>
+                              
+                              
+                              
+                              using one of the following commands:                                             
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              # apt-get install rsyslog                                                        
+                              <br></br>
+                              
+                              
+                              
+                              # apt-get install syslog-ng                                                      
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18866" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog or syslog-ng is installed</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure rsyslog or syslog-ng is installed</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18866_xml_result_button" onclick="switchState('d1e18866_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18866_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.3_Ensure_rsyslog_or_syslog-ng_is_installed"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.459-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="OR" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1253"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1254"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18866_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7242" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18873" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured">4.2.4 Ensure permissions on all logfiles are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Log files stored in /var/log/ contain logged information from many services on the
+                        system, or on log hosts others as well.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>It is important to ensure that log files have the correct permissions to ensure that
+                        sensitive data is archived and protected.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to set permissions on all existing log files:</p><code class="code_block"># chmod -R g-wx,o-rwx /var/log/*</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18873" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on all logfiles are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18873_xml_result_button" onclick="switchState('d1e18873_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18873_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_4.2.4_Ensure_permissions_on_all_logfiles_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.459-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1255"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18873_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7242" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e7854" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5_Access_Authentication_and_Authorization">5 Access, Authentication and Authorization</h2>
+                  <div class="description">
+                     <p></p>
+                  </div>
+               </div>
+               <div id="detail-d1e7859" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5.1_Configure_cron">5.1 Configure cron</h2>
+                  <div class="description">
+                     <p></p>
+                  </div>
+               </div>
+               <div id="detail-d1e18880" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled">5.1.1 Ensure cron daemon is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        daemon is used to execute batch jobs on the system.                              
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        While there may not be user jobs that need to be run on the system, the system does
+                        have maintenance jobs that may include security monitoring that have to run, and 
+                        <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        is used to execute them.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit start lines in                                                              
+                              <span class="inline_block">/etc/init/cron.conf </span>
+                              
+                              
+                              
+                              to match the following:                                                          
+                              </p><code class="code_block">start on runlevel [2345]</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18880" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure cron daemon is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18880_xml_result_button" onclick="switchState('d1e18880_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18880_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.1_Ensure_cron_daemon_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1256"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18880_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18885" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured">5.1.2 Ensure permissions on /etc/crontab are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/crontab </span>
+                        
+                        
+                        
+                        file is used by                                                                 <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        to control its own jobs. The commands in this item make sure that root is the user
+                        and group owner of the file and that only the owner can access the file.         
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>This file contains information on what system jobs are run by cron. Write access to
+                        these files could provide unprivileged users with the ability to elevate their privileges.
+                        Read access to these files could provide users with the ability to gain insight on
+                        system jobs that run on the system and could provide them a way to gain unauthorized
+                        privileged access.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/crontab</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/crontab                                                   
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/crontab                                                      
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18885" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/crontab are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18885_xml_result_button" onclick="switchState('d1e18885_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18885_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.2_Ensure_permissions_on_etccrontab_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1257"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18885_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18890" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured">5.1.3 Ensure permissions on /etc/cron.hourly are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        This directory contains system                                                   
+                        <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        jobs that need to run on an hourly basis. The files in this directory cannot be manipulated
+                        by the                                                                 <span class="inline_block">crontab </span>
+                        
+                        
+                        
+                        command, but are instead edited by system administrators using a text editor. The
+                        commands below restrict read/write and search access to user and group root, preventing
+                        regular users from accessing this directory.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Granting write access to this directory for non-privileged users could provide them
+                        the means for gaining unauthorized elevated privileges. Granting read access to this
+                        directory could give an unprivileged user insight in how to gain elevated privileges
+                        or circumvent auditing controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/cron.hourly</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/cron.hourly                                               
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.hourly                                                  
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18890" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/cron.hourly are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18890_xml_result_button" onclick="switchState('d1e18890_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18890_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.3_Ensure_permissions_on_etccron.hourly_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1258"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18890_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18895" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured">5.1.4 Ensure permissions on /etc/cron.daily are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/cron.daily </span>
+                        
+                        
+                        
+                        directory contains system cron jobs that need to run on a daily basis. The files in
+                        this directory cannot be manipulated by the                                      
+                        <span class="inline_block">crontab </span>
+                        
+                        
+                        
+                        command, but are instead edited by system administrators using a text editor. The
+                        commands below restrict read/write and search access to user and group root, preventing
+                        regular users from accessing this directory.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Granting write access to this directory for non-privileged users could provide them
+                        the means for gaining unauthorized elevated privileges. Granting read access to this
+                        directory could give an unprivileged user insight in how to gain elevated privileges
+                        or circumvent auditing controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/cron.daily</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/cron.daily                                                
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.daily                                                   
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18895" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/cron.daily are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18895_xml_result_button" onclick="switchState('d1e18895_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18895_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.4_Ensure_permissions_on_etccron.daily_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1259"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18895_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18900" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured">5.1.5 Ensure permissions on /etc/cron.weekly are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/cron.weekly </span>
+                        
+                        
+                        
+                        directory contains system cron jobs that need to run on a weekly basis. The files
+                        in this directory cannot be manipulated by the                                   
+                        <span class="inline_block">crontab </span>
+                        
+                        
+                        
+                        command, but are instead edited by system administrators using a text editor. The
+                        commands below restrict read/write and search access to user and group root, preventing
+                        regular users from accessing this directory.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Granting write access to this directory for non-privileged users could provide them
+                        the means for gaining unauthorized elevated privileges. Granting read access to this
+                        directory could give an unprivileged user insight in how to gain elevated privileges
+                        or circumvent auditing controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/cron.weekly</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/cron.weekly                                               
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.weekly                                                  
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18900" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/cron.weekly are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18900_xml_result_button" onclick="switchState('d1e18900_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18900_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.5_Ensure_permissions_on_etccron.weekly_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1260"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18900_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18905" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured">5.1.6 Ensure permissions on /etc/cron.monthly are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/cron.monthly </span>
+                        
+                        
+                        
+                        directory contains system cron jobs that need to run on a monthly basis. The files
+                        in this directory cannot be manipulated by the                                   
+                        <span class="inline_block">crontab </span>
+                        
+                        
+                        
+                        command, but are instead edited by system administrators using a text editor. The
+                        commands below restrict read/write and search access to user and group root, preventing
+                        regular users from accessing this directory.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Granting write access to this directory for non-privileged users could provide them
+                        the means for gaining unauthorized elevated privileges. Granting read access to this
+                        directory could give an unprivileged user insight in how to gain elevated privileges
+                        or circumvent auditing controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/cron.monthly</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/cron.monthly                                              
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.monthly                                                 
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18905" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/cron.monthly are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18905_xml_result_button" onclick="switchState('d1e18905_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18905_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.6_Ensure_permissions_on_etccron.monthly_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.460-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1261"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18905_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18910" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured">5.1.7 Ensure permissions on /etc/cron.d are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/cron.d</span>
+                        
+                        
+                        
+                        directory contains system                                                        
+                        <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        jobs that need to run in a similar manner to the hourly, daily weekly and monthly
+                        jobs from                                                                 <span class="inline_block">/etc/crontab</span>
+                        
+                        
+                        
+                        , but require more granular control as to when they run. The files in this directory
+                        cannot be manipulated by the                                                     
+                        <span class="inline_block">crontab </span>
+                        
+                        
+                        
+                        command, but are instead edited by system administrators using a text editor. The
+                        commands below restrict read/write and search access to user and group root, preventing
+                        regular users from accessing this directory.                                     
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Granting write access to this directory for non-privileged users could provide them
+                        the means for gaining unauthorized elevated privileges. Granting read access to this
+                        directory could give an unprivileged user insight in how to gain elevated privileges
+                        or circumvent auditing controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/cron.d</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/cron.d                                                    
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.d                                                       
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18910" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/cron.d are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18910_xml_result_button" onclick="switchState('d1e18910_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18910_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.7_Ensure_permissions_on_etccron.d_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.461-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1262"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18910_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18916" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users">5.1.8 Ensure at/cron is restricted to authorized users</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Configure                                                                 <span class="inline_block">/etc/cron.allow </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">/etc/at.allow </span>
+                        
+                        
+                        
+                        to allow specific users to use these services. If                                
+                        <span class="inline_block">/etc/cron.allow </span>
+                        
+                        
+                        
+                        or                                                                 <span class="inline_block">/etc/at.allow </span>
+                        
+                        
+                        
+                        do not exist, then                                                               
+                        <span class="inline_block">/etc/at.deny </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">/etc/cron.deny </span>
+                        
+                        
+                        
+                        are checked. Any user not specifically defined in those files is allowed to use at
+                        and cron. By removing the files, only users in                                   
+                        <span class="inline_block">/etc/cron.allow </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">/etc/at.allow </span>
+                        
+                        
+                        
+                        are allowed to use at and cron. Note that even though a given user is not listed in
+                        <span class="inline_block">cron.allow</span>
+                        
+                        
+                        
+                        , cron jobs can still be run as that user. The                                   
+                        <span class="inline_block">cron.allow </span>
+                        
+                        
+                        
+                        file only controls administrative access to the crontab command for scheduling and
+                        modifying cron jobs.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        On many systems, only the system administrator is authorized to schedule         
+                        <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        jobs. Using the                                                                 <span class="inline_block">cron.allow </span>
+                        
+                        
+                        
+                        file to control who can run                                                      
+                        <span class="inline_block">cron </span>
+                        
+                        
+                        
+                        jobs enforces this policy. It is easier to manage an allow list than a deny list.
+                        In a deny list, you could potentially add a user ID to the system and forget to add
+                        it to the deny files.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to remove                                             
+                              <span class="inline_block">/etc/cron.deny</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/at.deny</span>
+                              
+                              
+                              
+                              and create and set permissions and ownership for                                 
+                              <span class="inline_block">/etc/cron.allow</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/at.allow</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # rm /etc/cron.deny                                                              
+                              <br></br>
+                              
+                              
+                              
+                              # rm /etc/at.deny                                                                
+                              <br></br>
+                              
+                              
+                              
+                              # touch /etc/cron.allow                                                          
+                              <br></br>
+                              
+                              
+                              
+                              # touch /etc/at.allow                                                            
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/cron.allow                                                   
+                              <br></br>
+                              
+                              
+                              
+                              # chmod og-rwx /etc/at.allow                                                     
+                              <br></br>
+                              
+                              
+                              
+                              # chown root:root /etc/cron.allow                                                
+                              <br></br>
+                              
+                              
+                              
+                              # chown root:root /etc/at.allow                                                  
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18916" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure at/cron is restricted to authorized users</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure at/cron is restricted to authorized users</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure at/cron is restricted to authorized users</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure at/cron is restricted to authorized users</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18916_xml_result_button" onclick="switchState('d1e18916_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18916_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.1.8_Ensure_atcron_is_restricted_to_authorized_users"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.461-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1263"/&gt;
+            &lt;/check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1264"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1265"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1266"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18916_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7859" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e8180" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5.2_SSH_Server_Configuration">5.2 SSH Server Configuration</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        SSH is a secure, encrypted replacement for common login services such as         
+                        <span class="inline_block">telnet</span>
+                        
+                        
+                        
+                        ,                                                         <span class="inline_block">ftp</span>
+                        
+                        
+                        
+                        ,                                                         <span class="inline_block">rlogin</span>
+                        
+                        
+                        
+                        ,                                                         <span class="inline_block">rsh</span>
+                        
+                        
+                        
+                        , and                                                         <span class="inline_block">rcp</span>
+                        
+                        
+                        
+                        . It is strongly recommended that sites abandon older clear-text login protocols and
+                        use SSH to prevent session hijacking and sniffing of sensitive data off the network.
+                        </p>
+                     <p></p>
+                     <p><strong>Note: </strong>
+                        
+                        
+                        
+                        The recommendations in this section only apply if the SSH daemon is installed on the
+                        system, if remote access is not required the SSH daemon can be removed and this section
+                        skipped.                                                </p>
+                     <p></p>
+                     <p><strong>Note:</strong>
+                        
+                        
+                        
+                        Once all configuration changes have been made to                                 
+                        <span class="inline_block">/etc/ssh/sshd_config</span>
+                        
+                        
+                        
+                        , the sshd configuration must be reloaded:                                       
+                        </p><code class="pre_0.0372954777912593"># service sshd reload</code></div>
+               </div>
+               <div id="detail-d1e18929" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured">5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/ssh/sshd_config </span>
+                        
+                        
+                        
+                        file contains configuration specifications for                                   
+                        <span class="inline_block">sshd</span>
+                        
+                        
+                        
+                        . The command below sets the owner and group of the file to root.                
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/ssh/sshd_config </span>
+                        
+                        
+                        
+                        file needs to be protected from unauthorized changes by non-privileged users.    
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following commands to set ownership and permissions on                   
+                              <span class="inline_block">/etc/ssh/sshd_config</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/ssh/sshd_config                                           
+                              <br></br><span># chmod og-rwx /etc/ssh/sshd_config</span></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18929" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/ssh/sshd_config are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18929_xml_result_button" onclick="switchState('d1e18929_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18929_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.1_Ensure_permissions_on_etcsshsshd_config_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.462-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1267"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18929_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18934" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2">5.2.2 Ensure SSH Protocol is set to 2</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>SSH supports two different and incompatible protocols: SSH1 and SSH2. SSH1 was the
+                        original protocol and was subject to security issues. SSH2 is more advanced and secure.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>SSH v1 suffers from insecurities that do not affect SSH v2.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">Protocol 2</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18934" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH Protocol is set to 2</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18934_xml_result_button" onclick="switchState('d1e18934_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18934_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.2_Ensure_SSH_Protocol_is_set_to_2"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.462-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1268"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1268"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18934_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18940" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO">5.2.3 Ensure SSH LogLevel is set to INFO</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">INFO </span>
+                        
+                        
+                        
+                        parameter specifies that login and logout activity will be logged.               
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        SSH provides several logging levels with varying amounts of verbosity.           
+                        <span class="inline_block">DEBUG </span>
+                        
+                        
+                        
+                        is specifically                                                                 <em>not</em>
+                        
+                        
+                        
+                        recommended other than strictly for debugging SSH communications since it provides
+                        so much data that it is difficult to identify important security information.    
+                        <span class="inline_block">INFO </span>
+                        
+                        
+                        
+                        level is the basic level that only records login activity of SSH users. In many situations,
+                        such as Incident Response, it is important to determine when a particular user was
+                        active on a system. The logout record can eliminate those users who disconnected,
+                        which helps narrow the field.                                                    
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">LogLevel INFO</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18940" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH LogLevel is set to INFO</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18940_xml_result_button" onclick="switchState('d1e18940_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18940_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.3_Ensure_SSH_LogLevel_is_set_to_INFO"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.462-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1269"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1269"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18940_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18946" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled">5.2.4 Ensure SSH X11 forwarding is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The X11Forwarding parameter provides the ability to tunnel X11 traffic through the
+                        connection to enable remote graphic connections.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disable X11 forwarding unless there is an operational requirement to use X11 applications
+                        directly. There is a small risk that the remote X11 servers of users who are logged
+                        in via SSH with X11 forwarding could be compromised by other users on the X11 server.
+                        Note that even if X11 forwarding is disabled, users can always install their own forwarders.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">X11Forwarding no</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18946" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH X11 forwarding is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18946_xml_result_button" onclick="switchState('d1e18946_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18946_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.4_Ensure_SSH_X11_forwarding_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.462-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1270"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.4.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1270"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18946_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18952" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less">5.2.5 Ensure SSH MaxAuthTries is set to 4 or less</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">MaxAuthTries </span>
+                        
+                        
+                        
+                        parameter specifies the maximum number of authentication attempts permitted per connection.
+                        When the login failure count reaches half the number, error messages will be written
+                        to the                                                                 <span class="inline_block">syslog</span>
+                        
+                        
+                        
+                        file detailing the login failure.                                                
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Setting the                                                                 <span class="inline_block">MaxAuthTries </span>
+                        
+                        
+                        
+                        parameter to a low number will minimize the risk of successful brute force attacks
+                        to the SSH server. While the recommended setting is 4, set the number based on site
+                        policy.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">MaxAuthTries 4</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18952" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH MaxAuthTries is set to 4 or less</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18952_xml_result_button" onclick="switchState('d1e18952_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18952_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.5_Ensure_SSH_MaxAuthTries_is_set_to_4_or_less"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.463-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1271"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.5.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1271"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18952_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18958" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled">5.2.6 Ensure SSH IgnoreRhosts is enabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">IgnoreRhosts </span>
+                        
+                        
+                        
+                        parameter specifies that                                                         
+                        <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">.shosts </span>
+                        
+                        
+                        
+                        files will not be used in                                                        
+                        <span class="inline_block">RhostsRSAAuthentication </span>
+                        
+                        
+                        
+                        or                                                                 <span class="inline_block">HostbasedAuthentication</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Setting this parameter forces users to enter a password when authenticating with ssh.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">IgnoreRhosts yes</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18958" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH IgnoreRhosts is enabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18958_xml_result_button" onclick="switchState('d1e18958_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18958_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.6_Ensure_SSH_IgnoreRhosts_is_enabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.463-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1272"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.6.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1272"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18958_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18964" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled">5.2.7 Ensure SSH HostbasedAuthentication is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">HostbasedAuthentication </span>
+                        
+                        
+                        
+                        parameter specifies if authentication is allowed through trusted hosts via the user
+                        of                                                                 <span class="inline_block">.rhosts</span>
+                        
+                        
+                        
+                        , or                                                                 <span class="inline_block">/etc/hosts.equiv</span>
+                        
+                        
+                        
+                        , along with successful public key client host authentication. This option only applies
+                        to SSH Protocol Version 2.                                                       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Even though the                                                                 <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        files are ineffective if support is disabled in                                  
+                        <span class="inline_block">/etc/pam.conf</span>
+                        
+                        
+                        
+                        , disabling the ability to use                                                   
+                        <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        files in SSH provides an additional layer of protection .                        
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">HostbasedAuthentication no</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18964" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH HostbasedAuthentication is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18964_xml_result_button" onclick="switchState('d1e18964_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18964_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.7_Ensure_SSH_HostbasedAuthentication_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.463-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1273"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.7.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1273"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18964_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18970" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled">5.2.8 Ensure SSH root login is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">PermitRootLogin </span>
+                        
+                        
+                        
+                        parameter specifies if the root user can log in using ssh(1). The default is no. 
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Disallowing root logins over SSH requires system admins to authenticate using their
+                        own individual account, then escalating to root via                              
+                        <span class="inline_block">sudo </span>
+                        
+                        
+                        
+                        or                                                                 <span class="inline_block">su</span>
+                        
+                        
+                        
+                        . This in turn limits opportunity for non-repudiation and provides a clear audit trail
+                        in the event of a security incident                                              
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">PermitRootLogin no</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18970" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH root login is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18970_xml_result_button" onclick="switchState('d1e18970_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18970_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.8_Ensure_SSH_root_login_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.463-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1274"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.8.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1274"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18970_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18976" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled">5.2.9 Ensure SSH PermitEmptyPasswords is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">PermitEmptyPasswords </span>
+                        
+                        
+                        
+                        parameter specifies if the SSH server allows login to accounts with empty password
+                        strings.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Disallowing remote shell access to accounts that have an empty password reduces the
+                        probability of unauthorized access to the system</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">PermitEmptyPasswords no</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18976" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH PermitEmptyPasswords is disabled</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18976_xml_result_button" onclick="switchState('d1e18976_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18976_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.9_Ensure_SSH_PermitEmptyPasswords_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.463-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1275"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.9.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1275"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18976_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18982" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled">5.2.10 Ensure SSH PermitUserEnvironment is disabled</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">PermitUserEnvironment </span>
+                        
+                        
+                        
+                        option allows users to present environment options to the                        
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        daemon.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Permitting users the ability to set environment variables through the SSH daemon could
+                        potentially allow users to bypass security controls (e.g. setting an execution path
+                        that has                                                                 <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        executing trojan'd programs)                                                     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">PermitUserEnvironment no</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18982" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH PermitUserEnvironment is disabled</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18982_xml_result_button" onclick="switchState('d1e18982_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18982_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1276"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.10.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1276"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18982_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18989" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used">5.2.11 Ensure only approved MAC algorithms are used</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>This variable limits the types of MAC algorithms that SSH can use during communication.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>MD5 and 96-bit MAC algorithms are considered weak and have been shown to increase
+                        exploitability in SSH downgrade attacks. Weak algorithms continue to have a great
+                        deal of attention as a weak spot that can be exploited with expanded computing power.
+                        An attacker that breaks the algorithm could take advantage of a MiTM position to decrypt
+                        the SSH tunnel and capture credentials and information</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18989" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure only approved MAC algorithms are used</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18989_xml_result_button" onclick="switchState('d1e18989_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18989_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1277"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.11.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1277"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18989_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e18995" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured">5.2.12 Ensure SSH Idle Timeout Interval is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The two options                                                                 <span class="inline_block">ClientAliveInterval </span>
+                        
+                        
+                        
+                        and                                                                 <span class="inline_block">ClientAliveCountMax </span>
+                        
+                        
+                        
+                        control the timeout of ssh sessions. When the                                    
+                        <span class="inline_block">ClientAliveInterval </span>
+                        
+                        
+                        
+                        variable is set, ssh sessions that have no activity for the specified length of time
+                        are terminated. When the                                                         
+                        <span class="inline_block">ClientAliveCountMax </span>
+                        
+                        
+                        
+                        variable is set,                                                                 <span class="inline_block">sshd </span>
+                        
+                        
+                        
+                        will send client alive messages at every                                         
+                        <span class="inline_block">ClientAliveInterval </span>
+                        
+                        
+                        
+                        interval. When the number of consecutive client alive messages are sent with no response
+                        from the client, the                                                             
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        session is terminated. For example, if the                                       
+                        <span class="inline_block">ClientAliveInterval </span>
+                        
+                        
+                        
+                        is set to 15 seconds and the                                                     
+                        <span class="inline_block">ClientAliveCountMax </span>
+                        
+                        
+                        
+                        is set to 3, the client                                                          
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        session will be terminated after 45 seconds of idle time.                        
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Having no timeout value associated with a connection could allow an unauthorized user
+                        access to another user's                                                         
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        session (e.g. user walks away from their computer and doesn't lock the screen). Setting
+                        a timeout value at least reduces the risk of this happening..                    
+                        </p>
+                     <p>
+                        
+                        
+                        
+                        While the recommended setting is 300 seconds (5 minutes), set this timeout value based
+                        on site policy. The recommended setting for                                      
+                        <span class="inline_block">ClientAliveCountMax </span>
+                        
+                        
+                        
+                        is 0. In this case, the client session will be terminated after 5 minutes of idle
+                        time and no keepalive messages will be sent.                                     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameters as follows:                                           
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              ClientAliveInterval 300                                                          
+                              <br></br>
+                              
+                              
+                              
+                              ClientAliveCountMax 0                                                            
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e18995" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH Idle Timeout Interval is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH Idle Timeout Interval is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e18995_xml_result_button" onclick="switchState('d1e18995_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e18995_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.12_Ensure_SSH_Idle_Timeout_Interval_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1278"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.12.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1278"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1279"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.12.2_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1279"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e18995_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19004" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less">5.2.13 Ensure SSH LoginGraceTime is set to one minute or less</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">LoginGraceTime </span>
+                        
+                        
+                        
+                        parameter specifies the time allowed for successful authentication to the SSH server.
+                        The longer the Grace period is the more open unauthenticated connections can exist.
+                        Like other session controls in this session the Grace Period should be limited to
+                        appropriate organizational limits to ensure the service is available for needed access.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Setting the                                                                 <span class="inline_block">LoginGraceTime </span>
+                        
+                        
+                        
+                        parameter to a low number will minimize the risk of successful brute force attacks
+                        to the SSH server. It will also limit the number of concurrent unauthenticated connections
+                        While the recommended setting is 60 seconds (1 Minute), set the number based on site
+                        policy.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">LoginGraceTime 60</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19004" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH LoginGraceTime is set to one minute or less</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19004_xml_result_button" onclick="switchState('d1e19004_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19004_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.13_Ensure_SSH_LoginGraceTime_is_set_to_one_minute_or_less"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1280"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.13.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1280"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19004_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19010" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited">5.2.14 Ensure SSH access is limited</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>There are several options available to limit which users and group can access the
+                        system via SSH. It is recommended that at least one of the following options be leveraged:</p>
+                     <p><span class="inline_block"><span>AllowUsers</span></span></p>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">AllowUsers </span>
+                        
+                        
+                        
+                        variable gives the system administrator the option of allowing specific users to 
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        into the system. The list consists of comma separated user names. Numeric user IDs
+                        are not recognized with this variable. If a system administrator wants to restrict
+                        user access further by only allowing the allowed users to log in from a particular
+                        host, the entry can be specified in the form of user@host.                       
+                        </p>
+                     <p><span class="inline_block"><span>AllowGroups</span></span></p>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">AllowGroups </span>
+                        
+                        
+                        
+                        variable gives the system administrator the option of allowing specific groups of
+                        users to                                                                 <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        into the system. The list consists of comma separated group names. Numeric group IDs
+                        are not recognized with this variable.                                           
+                        </p>
+                     <p><span class="inline_block"><span>DenyUsers</span></span></p>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">DenyUsers </span>
+                        
+                        
+                        
+                        variable gives the system administrator the option of denying specific users to  
+                        <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        into the system. The list consists of comma separated user names. Numeric user IDs
+                        are not recognized with this variable. If a system administrator wants to restrict
+                        user access further by specifically denying a user's access from a particular host,
+                        the entry can be specified in the form of user@host.                             
+                        </p>
+                     <p><span class="inline_block"><span>DenyGroups</span></span></p>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">DenyGroups </span>
+                        
+                        
+                        
+                        variable gives the system administrator the option of denying specific groups of users
+                        to                                                                 <span class="inline_block">ssh </span>
+                        
+                        
+                        
+                        into the system. The list consists of comma separated group names. Numeric group IDs
+                        are not recognized with this variable.                                           
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Restricting which users can remotely access the system via SSH will help ensure that
+                        only authorized users access the system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set one or more of the parameter as follows:                             
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              AllowUsers                                                                       
+                              <em>&lt;userlist&gt;</em><br></br>
+                              
+                              
+                              
+                              AllowGroups                                                                      
+                              <em>&lt;grouplist&gt;</em><br></br>
+                              
+                              
+                              
+                              DenyUsers                                                                        
+                              <em>&lt;userlist&gt;</em><br></br>
+                              
+                              
+                              
+                              DenyGroups                                                                       
+                              <em>&lt;grouplist&gt;</em></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19010" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH access is limited</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19010_xml_result_button" onclick="switchState('d1e19010_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19010_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.14_Ensure_SSH_access_is_limited"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1281"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.14.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1281"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19010_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19016" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured">5.2.15 Ensure SSH warning banner is configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">Banner </span>
+                        
+                        
+                        
+                        parameter specifies a file whose contents must be sent to the remote user before authentication
+                        is permitted. By default, no banner is displayed.                                
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Banners are used to warn connecting users of the particular site's policy regarding
+                        connection.                                                                 <span>Presenting a warning message prior to the normal user login may assist the prosecution
+                           of trespassers on the computer system.</span></p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/ssh/sshd_config </span>
+                              
+                              
+                              
+                              file to set the parameter as follows:                                            
+                              </p><code class="code_block">Banner /etc/issue.net</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19016" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure SSH warning banner is configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19016_xml_result_button" onclick="switchState('d1e19016_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19016_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.2.15_Ensure_SSH_warning_banner_is_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.464-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1282"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.2.15.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1282"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19016_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8180" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e8770" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5.3_Configure_PAM">5.3 Configure PAM</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        PAM (Pluggable Authentication Modules) is a service that implements modular authentication
+                        modules on UNIX systems. PAM is implemented as a set of shared objects that are loaded
+                        and executed when a program needs to authenticate a user. Files for PAM are typically
+                        located in the                                                         <span class="inline_block">/etc/pam.d</span>
+                        
+                        
+                        
+                        directory. PAM must be carefully configured to secure system authentication. While
+                        this section covers some of PAM, please consult other PAM resources to fully understand
+                        the configuration capabilities.                                                </p>
+                  </div>
+               </div>
+               <div id="detail-d1e19022" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured">5.3.1 Ensure password creation requirements are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">pam_pwquality.so </span>
+                        
+                        
+                        
+                        module checks the strength of passwords. It performs checks such as making sure a
+                        password is not a dictionary word, it is a certain length, contains a mix of characters
+                        (e.g. alphabet, numeric, other) and more. The following are definitions of the   
+                        <span class="inline_block"><span>pam_pwquality</span>
+                           
+                           
+                           
+                           .so                                                                </span>
+                        
+                        
+                        
+                        options.                                                        </p>
+                     <ul>
+                        <li><span class="inline_block"><span class="inline_block">try_first_pass</span></span>
+                           
+                           
+                           
+                           - retrieve the password from a previous stacked PAM module. If not available, then
+                           prompt the user for a password.                                                  
+                           <span class="inline_block"><span class="inline_block"><br></br></span></span></li>
+                        <li><span class="inline_block"><span class="inline_block">retry=3</span></span>
+                           
+                           
+                           
+                           - Allow 3 tries before sending back a failure.                                   
+                           </li>
+                     </ul>
+                     <p>
+                        
+                        
+                        
+                        The following options are set in the                                             
+                        <span class="inline_block">/etc/security/pwquality.conf</span>
+                        
+                        
+                        
+                        file:                                                        </p>
+                     <ul>
+                        <li><span class="inline_block">minlen=14 </span>
+                           
+                           
+                           
+                           - password must be 14 characters or more                                         
+                           </li>
+                        <li><span class="inline_block">dcredit=-1 </span>
+                           
+                           
+                           
+                           - provide at least one digit                                                     
+                           </li>
+                        <li><span class="inline_block">ucredit=-1 </span>
+                           
+                           
+                           
+                           - provide at least one uppercase character                                       
+                           </li>
+                        <li><span class="inline_block">ocredit=-1 </span>
+                           
+                           
+                           
+                           - provide at least one special character                                         
+                           </li>
+                        <li><span class="inline_block">lcredit=-1 </span>
+                           
+                           
+                           
+                           - provide at least one lowercase character                                       
+                           </li>
+                     </ul>
+                     <p></p>
+                     <p>The settings shown above are one possible policy. Alter these values to conform to
+                        your own organization's password policies.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Strong passwords protect systems from being hacked through brute force methods.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to install the pam_pwquality module:</p><code class="code_block">apt-get install libpam-pwquality</code><p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/pam.d/common-passwd</span>
+                              
+                              
+                              
+                              file to include the appropriate options for                                      
+                              <span class="inline_block">pam_pwquality.so</span>
+                              
+                              
+                              
+                              and to conform to site policy:                                                   
+                              </p><code class="code_block">password requisite pam_pwquality.so try_first_pass retry=3</code><p>
+                              
+                              
+                              
+                              Edit                                                                             
+                              <span class="inline_block">/etc/security/pwquality.conf</span>
+                              
+                              
+                              
+                              to add or update the following settings to conform to site policy:               
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              minlen=14                                                                        
+                              <br></br>
+                              
+                              
+                              
+                              dcredit=-1                                                                       
+                              <br></br>
+                              
+                              
+                              
+                              ucredit=-1                                                                       
+                              <br></br>
+                              
+                              
+                              
+                              ocredit=-1                                                                       
+                              <br></br>
+                              
+                              
+                              
+                              lcredit=-1                                                                       
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19022" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password creation requirements are configured</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19022_xml_result_button" onclick="switchState('d1e19022_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19022_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.3.1_Ensure_password_creation_requirements_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.465-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;complex-check operator="AND" negate="false"&gt;
+               &lt;complex-check operator="AND" negate="false"&gt;
+                  &lt;complex-check operator="AND" negate="false"&gt;
+                     &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                            negate="false"
+                            multi-check="false"&gt;
+                        &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1283"
+                                      value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.1_var"/&gt;
+                        &lt;check-content-ref href="#OVAL-Results-1"
+                                           name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1283"/&gt;
+                     &lt;/check&gt;
+                     &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                            negate="false"
+                            multi-check="false"&gt;
+                        &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1284"
+                                      value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.2_var"/&gt;
+                        &lt;check-content-ref href="#OVAL-Results-1"
+                                           name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1284"/&gt;
+                     &lt;/check&gt;
+                  &lt;/complex-check&gt;
+                  &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                         negate="false"
+                         multi-check="false"&gt;
+                     &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1285"
+                                   value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.3_var"/&gt;
+                     &lt;check-content-ref href="#OVAL-Results-1"
+                                        name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1285"/&gt;
+                  &lt;/check&gt;
+               &lt;/complex-check&gt;
+               &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                      negate="false"
+                      multi-check="false"&gt;
+                  &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1286"
+                                value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.4_var"/&gt;
+                  &lt;check-content-ref href="#OVAL-Results-1"
+                                     name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1286"/&gt;
+               &lt;/check&gt;
+            &lt;/complex-check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1287"
+                             value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.5_var"/&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1287"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1288"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.6_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1288"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1289"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.3.1.7_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1289"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19022_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8770" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19053" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited">5.3.3 Ensure password reuse is limited</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/security/opasswd </span>
+                        
+                        
+                        
+                        file stores the users' old passwords and can be checked to ensure that users are not
+                        recycling recent passwords.                                                      
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Forcing users not to reuse their past 5 passwords make it less likely that an attacker
+                        will be able to guess the password.</p>
+                     <p>Note that these change only apply to accounts configured on the local system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/pam.d/common-password</span>
+                              
+                              
+                              
+                              file to include the                                                              
+                              <span class="inline_block">remember</span>
+                              
+                              
+                              
+                              option and conform to site policy as shown:                                      
+                              </p><code class="code_block"><span class="inline_block">password sufficient pam_unix.so remember=5</span></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19053" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password reuse is limited</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19053_xml_result_button" onclick="switchState('d1e19053_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19053_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.3.3_Ensure_password_reuse_is_limited"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.465-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1290"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.3.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1290"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19053_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8770" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19059" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512">5.3.4 Ensure password hashing algorithm is SHA-512</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The commands below change password encryption from                               
+                        <span class="inline_block">md5 </span>
+                        
+                        
+                        
+                        to                                                                 <span class="inline_block">sha512 </span>
+                        
+                        
+                        
+                        (a much stronger hashing algorithm). All existing accounts will need to perform a
+                        password change to upgrade the stored hashes to the new algorithm.               
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>The SHA-512 algorithm provides much stronger hashing than MD5, thus providing additional
+                        protection to the system by increasing the level of effort for an attacker to successfully
+                        determine passwords.</p>
+                     <p>Note that these change only apply to accounts configured on the local system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/pam.d/common-password</span>
+                              
+                              
+                              
+                              file to include the                                                              
+                              <span class="inline_block">sha512</span>
+                              
+                              
+                              
+                              option for                                                                       
+                              <span class="inline_block">pam_unix.so</span>
+                              
+                              
+                              
+                              as shown:                                                                        </p><code class="code_block">password [success=1 default=ignore] pam_unix.so sha512</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19059" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password hashing algorithm is SHA-512</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19059_xml_result_button" onclick="switchState('d1e19059_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19059_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.3.4_Ensure_password_hashing_algorithm_is_SHA-512"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.465-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1291"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.3.4.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1291"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19059_xml_result', false);</script><div class="backtop"><a href="#summary-d1e8770" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e9021" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5.4_User_Accounts_and_Environment">5.4 User Accounts and Environment</h2>
+                  <div class="description">
+                     <p>This section provides guidance on setting up secure defaults for system and user accounts
+                        and their environment.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e9027" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_5.4.1_Set_Shadow_Password_Suite_Parameters">5.4.1 Set Shadow Password Suite Parameters</h2>
+                  <div class="description">
+                     <p>
+                        
+                        
+                        
+                        While a majority of the password control parameters have been moved to PAM, some parameters
+                        are still available through the shadow password suite. Any changes made to       
+                        <span class="inline_block">/etc/login.defs </span>
+                        
+                        
+                        
+                        will only be applied if the                                                      
+                        <span class="inline_block">usermod </span>
+                        
+                        
+                        
+                        command is used. If user IDs are added a different way, use the                  
+                        <span class="inline_block">chage </span>
+                        
+                        
+                        
+                        command to effect changes to individual user IDs.                                
+                        </p>
+                  </div>
+               </div>
+               <div id="detail-d1e19065" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less">5.4.1.1 Ensure password expiration is 90 days or less</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">PASS_MAX_DAYS </span>
+                        
+                        
+                        
+                        parameter in                                                                     
+                        <span class="inline_block">/etc/login.defs </span>
+                        
+                        
+                        
+                        allows an administrator to force passwords to expire once they reach a defined age.
+                        It is recommended that the                                                       
+                        <span class="inline_block">PASS_MAX_DAYS </span>
+                        
+                        
+                        
+                        parameter be set to less than or equal to 90 days.                               
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>The window of opportunity for an attacker to leverage compromised credentials or successfully
+                        compromise credentials via an online brute force attack is limited by the age of the
+                        password. Therefore, reducing the maximum age of a password also reduces an attacker's
+                        window of opportunity.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the                                                                          
+                              <span class="inline_block">PASS_MAX_DAYS</span>
+                              
+                              
+                              
+                              parameter to                                                                     
+                              <span class="inline_block">90</span>
+                              
+                              
+                              
+                              in                                                                               
+                              <span class="inline_block">/etc/login.defs</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">PASS_MAX_DAYS 90</code><p>Modify user parameters for all users with a password set to match:</p><code class="code_block">
+                              
+                              
+                              
+                              # chage --maxdays 90                                                             
+                              <em>&lt;user&gt;</em></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19065" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password expiration is 90 days or less</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password expiration is 90 days or less</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19065_xml_result_button" onclick="switchState('d1e19065_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19065_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.1_Ensure_password_expiration_is_90_days_or_less"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.465-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1292"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.4.1.1.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1292"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1293"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19065_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9027" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19073" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more">5.4.1.2 Ensure minimum days between password changes is 7 or more</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">PASS_MIN_DAYS </span>
+                        
+                        
+                        
+                        parameter in                                                                     
+                        <span class="inline_block">/etc/login.defs </span>
+                        
+                        
+                        
+                        allows an administrator to prevent users from changing their password until a minimum
+                        number of days have passed since the last time the user changed their password. It
+                        is recommended that                                                              
+                        <span class="inline_block">PASS_MIN_DAYS </span>
+                        
+                        
+                        
+                        parameter be set to 7 or more days.                                              
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>By restricting the frequency of password changes, an administrator can prevent users
+                        from repeatedly changing their password in an attempt to circumvent password reuse
+                        controls.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the                                                                          
+                              <span class="inline_block">PASS_MIN_DAYS</span>
+                              
+                              
+                              
+                              parameter to                                                                     
+                              <span>7</span>
+                              
+                              
+                              
+                              in                                                                               
+                              <span class="inline_block">/etc/login.defs</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">PASS_MIN_DAYS 7</code><p>Modify user parameters for all users with a password set to match:</p><code class="code_block"><span>
+                                 
+                                 
+                                 
+                                 # chage --mindays 7                                                              
+                                 <em>&lt;user&gt;</em></span></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19073" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure minimum days between password changes is 7 or more</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure minimum days between password changes is 7 or more</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19073_xml_result_button" onclick="switchState('d1e19073_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19073_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.2_Ensure_minimum_days_between_password_changes_is_7_or_more"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1294"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.4.1.2.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1294"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1295"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19073_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9027" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19082" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more">5.4.1.3 Ensure password expiration warning days is 7 or more</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                         <span class="inline_block">PASS_WARN_AGE </span>
+                        
+                        
+                        
+                        parameter in                                                                     
+                        <span class="inline_block">/etc/login.defs</span>
+                        
+                        
+                        
+                        allows an administrator to notify users that their password will expire in a defined
+                        number of days. It is recommended that the                                       
+                        <span class="inline_block">PASS_WARN_AGE </span>
+                        
+                        
+                        
+                        parameter be set to 7 or more days.                                              
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Providing an advance warning that a password will be expiring gives users time to
+                        think of a secure password. Users caught unaware may choose a simple password or write
+                        it down where it may be discovered.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the                                                                          
+                              <span class="inline_block">PASS_WARN_AGE</span>
+                              
+                              
+                              
+                              parameter to                                                                     
+                              <span>7</span>
+                              
+                              
+                              
+                              in                                                                               
+                              <span class="inline_block">/etc/login.defs</span>
+                              
+                              
+                              
+                              :                                                                                </p><code class="code_block">PASS_WARN_AGE 7</code><p>Modify user parameters for all users with a password set to match:</p><code class="code_block"><span>
+                                 
+                                 
+                                 
+                                 # chage --warndays 7                                                             
+                                 <em>&lt;user&gt;</em></span></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19082" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password expiration warning days is 7 or more</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password expiration warning days is 7 or more</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19082_xml_result_button" onclick="switchState('d1e19082_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19082_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.3_Ensure_password_expiration_warning_days_is_7_or_more"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1296"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.4.1.3.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1296"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1297"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19082_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9027" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19090" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less">5.4.1.4 Ensure inactive password lock is 30 days or less</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>User accounts that have been inactive for over a given period of time can be automatically
+                        disabled. It is recommended that accounts that are inactive for 30 days after password
+                        expiration be disabled.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Inactive accounts pose a threat to system security since the users are not logging
+                        in to notice failed login attempts or other anomalies.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Run the following command to set the default password inactivity period to 30 days:</p><code class="code_block"># useradd -D -f 30</code><p>Modify user parameters for all users with a password set to match:</p>
+                           <div><code class="code_block">
+                                 
+                                 
+                                 
+                                 # chage --inactive 30                                                            
+                                 <em>&lt;user&gt;</em></code></div>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19090" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure inactive password lock is 30 days or less</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure inactive password lock is 30 days or less</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19090_xml_result_button" onclick="switchState('d1e19090_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19090_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.1.4_Ensure_inactive_password_lock_is_30_days_or_less"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1298"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.4.1.4.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1298"/&gt;
+      &lt;/check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1299"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19090_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9027" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19098" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login">5.4.2 Ensure system accounts are non-login</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>There are a number of accounts provided with Ubuntu that are used to manage applications
+                        and are not intended to provide an interactive shell.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is important to make sure that accounts that are not being used by regular users
+                        are prevented from being used to provide an interactive shell. By default, Ubuntu
+                        sets the password field for these accounts to an invalid string, but it is also recommended
+                        that the shell field in the password file be set to                              
+                        <span class="inline_block">/sbin/nologin</span>
+                        
+                        
+                        
+                        . This prevents the account from potentially being used to run any commands.     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Set the shell for any accounts returned by the audit script to                   
+                              <span class="inline_block">/usr/sbin/nologin</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # usermod -s /usr/sbin/nologin                                                   
+                              <em>&lt;user&gt;</em></code><p>
+                              
+                              
+                              
+                              The following script will automatically set all user shells required to          
+                              <span class="inline_block">/usr/sbin/nologin</span>
+                              
+                              
+                              
+                              and lock the                                                                     
+                              <span class="inline_block">sync</span>
+                              
+                              
+                              
+                              ,                                                                                
+                              <span class="inline_block">shutdown</span>
+                              
+                              
+                              
+                              , and                                                                            
+                              <span class="inline_block">halt</span>
+                              
+                              
+                              
+                              users:                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              #!/bin/bash                                                                      
+                              <br></br><br></br>
+                              
+                              
+                              
+                              for user in `awk -F: '($3 &lt; 1000) {print $1 }' /etc/passwd`; do                  
+                              <br></br>
+                              
+                              
+                              
+                              if [ $user != "root" ]; then                                                     
+                              <br></br>
+                              
+                              
+                              
+                              usermod -L $user                                                                 
+                              <br></br>
+                              
+                              
+                              
+                              if [ $user != "sync" ] &amp;&amp; [ $user != "shutdown" ] &amp;&amp; [ $user != "halt" ]; then   
+                              <br></br>
+                              
+                              
+                              
+                              usermod -s /usr/sbin/nologin $user                                               
+                              <br></br>
+                              
+                              
+                              
+                              fi                                                                               
+                              <br></br>
+                              
+                              
+                              
+                              fi                                                                               
+                              <br></br>
+                              
+                              
+                              
+                              done                                                                        </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19098" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure system accounts are non-login</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19098_xml_result_button" onclick="switchState('d1e19098_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19098_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.2_Ensure_system_accounts_are_non-login"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1300"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19098_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9021" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19103" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0">5.4.3 Ensure default group for the root account is GID 0</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The usermod command can be used to specify which group the root user belongs to. This
+                        affects permissions of files that are created by the root user.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Using GID 0 for the                                                              
+                        <span class="inline_block"><em>root</em></span>
+                        
+                        
+                        
+                        account helps prevent                                                            
+                        <span class="inline_block"><em>root</em></span>
+                        
+                        
+                        
+                        -owned files from accidentally becoming accessible to non-privileged users.      
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set the                                             
+                              <span class="inline_block">root</span>
+                              
+                              
+                              
+                              user default group to GID                                                        
+                              <span class="inline_block">0</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block"># usermod -g 0 root</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19103" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default group for the root account is GID 0</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19103_xml_result_button" onclick="switchState('d1e19103_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19103_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.3_Ensure_default_group_for_the_root_account_is_GID_0"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1301"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19103_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9021" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19108" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive">5.4.4 Ensure default user umask is 027 or more restrictive</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The default                                                                 <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        determines the permissions of files created by users. The user creating the file has
+                        the discretion of making their files and directories readable by others via the chmod
+                        command. Users who wish to allow their files and directories to be readable by others
+                        by default may choose a different default umask by inserting the                 
+                        <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        command into the standard shell configuration files (                            
+                        <span class="inline_block">.profile</span>
+                        
+                        
+                        
+                        ,                                                                 <span class="inline_block">.bashrc</span>
+                        
+                        
+                        
+                        , etc.) in their home directories.                                               
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Setting a very secure default value for                                          
+                        <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        ensures that users make a conscious choice about their file permissions. A default
+                        <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        setting of                                                                 <span class="inline_block">077 </span>
+                        
+                        
+                        
+                        causes files and directories created by users to not be readable by any other user
+                        on the system. A                                                                 <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        of                                                                 <span class="inline_block">027 </span>
+                        
+                        
+                        
+                        would make files and directories readable by users in the same Unix group, while a
+                        <span class="inline_block">umask </span>
+                        
+                        
+                        
+                        of                                                                 <span class="inline_block">022 </span>
+                        
+                        
+                        
+                        would make files readable by every user on the system.                           
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Edit the                                                                         
+                              <span class="inline_block">/etc/bash.bashrc</span>
+                              
+                              
+                              
+                              and                                                                              
+                              <span class="inline_block">/etc/profile </span>
+                              
+                              
+                              
+                              files (and the appropriate files for any other shell supported on your system) and
+                              add or edit any umask parameters as follows:                                     
+                              </p><code class="code_block">umask 027</code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19108" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default user umask is 027 or more restrictive</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default user umask is 027 or more restrictive</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default user umask is 027 or more restrictive</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure default user umask is 027 or more restrictive</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19108_xml_result_button" onclick="switchState('d1e19108_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19108_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.4.4_Ensure_default_user_umask_is_027_or_more_restrictive"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.466-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;complex-check operator="AND" negate="false"&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1302"
+                             value-id="xccdf_org.cisecurity.benchmarks_value_5.4.4.1_var"/&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1302"/&gt;
+            &lt;/check&gt;
+            &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                   negate="false"
+                   multi-check="false"&gt;
+               &lt;check-content-ref href="#OVAL-Results-1"
+                                  name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1303"/&gt;
+            &lt;/check&gt;
+         &lt;/complex-check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1304"
+                          value-id="xccdf_org.cisecurity.benchmarks_value_5.4.4.3_var"/&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1304"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1305"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19108_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9021" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19125" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted">5.6 Ensure access to the su command is restricted</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                         <span class="inline_block">su </span>
+                        
+                        
+                        
+                        command allows a user to run a command or shell as another user. The program has been
+                        superseded by                                                         <span class="inline_block">sudo</span>
+                        
+                        
+                        
+                        , which allows for more granular control over privileged access. Normally, the   
+                        <span class="inline_block">su </span>
+                        
+                        
+                        
+                        command can be executed by any user. By uncommenting the                         
+                        <span class="inline_block">pam_wheel.so </span>
+                        
+                        
+                        
+                        statement in                                                         <span class="inline_block">/etc/pam.d/su</span>
+                        
+                        
+                        
+                        , the                                                         <span class="inline_block">su </span>
+                        
+                        
+                        
+                        command will only allow users in the wheel group to execute                      
+                        <span class="inline_block">su</span>
+                        
+                        
+                        
+                        .                                                </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Restricting the use of                                                         <span class="inline_block">su</span>
+                        
+                        
+                        
+                        , and using                                                         <span class="inline_block">sudo </span>
+                        
+                        
+                        
+                        in its place, provides system administrators better control of the escalation of user
+                        privileges to execute privileged commands. The sudo utility also provides a better
+                        logging and audit mechanism, as it can log each command executed via             
+                        <span class="inline_block">sudo</span>
+                        
+                        
+                        
+                        , whereas                                                         <span class="inline_block">su </span>
+                        
+                        
+                        
+                        can only record that a user executed the                                         
+                        <span class="inline_block">su </span>
+                        
+                        
+                        
+                        program.                                                </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Add the following line to the                                                    
+                              <span class="inline_block">/etc/pam.d/su </span>
+                              
+                              
+                              
+                              file:                                                                </p><code class="code_block">auth required pam_wheel.so use_uid</code><p>
+                              
+                              
+                              
+                              Create a comma separated list of users in the wheel statement in the             
+                              <span class="inline_block">/etc/group </span>
+                              
+                              
+                              
+                              file:                                                                </p><code class="code_block">
+                              
+                              
+                              
+                              wheel:x:10:root,                                                                 
+                              <em>&lt;user list&gt;</em></code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19125" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure access to the su command is restricted</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19125_xml_result_button" onclick="switchState('d1e19125_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19125_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_5.6_Ensure_access_to_the_su_command_is_restricted"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1306"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_5.6.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1306"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19125_xml_result', false);</script><div class="backtop"><a href="#summary-d1e7854" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e9482" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_6_System_Maintenance">6 System Maintenance</h2>
+                  <div class="description">
+                     <p>Recommendations in this section are intended as maintenance and are intended to be
+                        checked on a frequent basis to ensure system stability. Many recommendations do not
+                        have quick remediations and require investigation into the cause and best fix available
+                        and may indicate an attempted breach of system security.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e9488" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_6.1_System_File_Permissions">6.1 System File Permissions</h2>
+                  <div class="description">
+                     <p>This section provides guidance on securing aspects of system files and directories.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e19133" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured">6.1.2 Ensure permissions on /etc/passwd are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        file contains user account information that is used by many system utilities and therefore
+                        must be readable for these utilities to operate.                                 
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        file is protected from unauthorized write access. Although it is protected by default,
+                        the file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/passwd</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/passwd                                                    
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/passwd                                                          
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19133" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/passwd are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19133_xml_result_button" onclick="switchState('d1e19133_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19133_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.2_Ensure_permissions_on_etcpasswd_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1307"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19133_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19138" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured">6.1.3 Ensure permissions on /etc/shadow are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/shadow </span>
+                        
+                        
+                        
+                        file is used to store the information about user accounts that is critical to the
+                        security of those accounts, such as the hashed password and other security information.
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If attackers can gain read access to the                                         
+                        <span class="inline_block">/etc/shadow </span>
+                        
+                        
+                        
+                        file, they can easily run a password cracking program against the hashed password
+                        to break it. Other security information that is stored in the                    
+                        <span class="inline_block">/etc/shadow </span>
+                        
+                        
+                        
+                        file (such as expiration) could also be useful to subvert the user accounts.     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the one following commands to set permissions on                             
+                              <span class="inline_block">/etc/shadow</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:shadow /etc/shadow                                                  
+                              <br></br>
+                              
+                              
+                              
+                              # chmod o-rwx,g-wx /etc/shadow                                                   
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19138" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/shadow are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19138_xml_result_button" onclick="switchState('d1e19138_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19138_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.3_Ensure_permissions_on_etcshadow_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="#OVAL-Results-1"
+                         name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1308"/&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19138_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19142" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured">6.1.4 Ensure permissions on /etc/group are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/group </span>
+                        
+                        
+                        
+                        file contains a list of all the valid groups defined in the system. The command below
+                        allows read/write access for root and read access for everyone else.             
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/group </span>
+                        
+                        
+                        
+                        file needs to be protected from unauthorized changes by non-privileged users, but
+                        needs to be readable as this information is used with many non-privileged programs.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/group</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/group                                                     
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 644 /etc/group                                                           
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19142" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/group are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19142_xml_result_button" onclick="switchState('d1e19142_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19142_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.4_Ensure_permissions_on_etcgroup_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1309"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19142_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19148" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured">6.1.5 Ensure permissions on /etc/gshadow are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/gshadow </span>
+                        
+                        
+                        
+                        file is used to store the information about groups that is critical to the security
+                        of those accounts, such as the hashed password and other security information.   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If attackers can gain read access to the                                         
+                        <span class="inline_block">/etc/gshadow </span>
+                        
+                        
+                        
+                        file, they can easily run a password cracking program against the hashed password
+                        to break it. Other security information that is stored in the                    
+                        <span class="inline_block">/etc/gshadow </span>
+                        
+                        
+                        
+                        file (such as group administrators) could also be useful to subvert the group.   
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the the following commands to set permissions on                             
+                              <span class="inline_block">/etc/gshadow</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:shadow /etc/gshadow                                                 
+                              <br></br>
+                              
+                              
+                              
+                              # chmod o-rwx,g-rw /etc/gshadow                                                  
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19148" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/gshadow are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19148_xml_result_button" onclick="switchState('d1e19148_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19148_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.5_Ensure_permissions_on_etcgshadow_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="#OVAL-Results-1"
+                         name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1310"/&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19148_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19152" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured">6.1.6 Ensure permissions on /etc/passwd- are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/passwd- </span>
+                        
+                        
+                        
+                        file contains backup user account information.                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/passwd- </span>
+                        
+                        
+                        
+                        file is protected from unauthorized access. Although it is protected by default, the
+                        file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/passwd-</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/passwd-                                                   
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 600 /etc/passwd-                                                         
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19152" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/passwd- are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19152_xml_result_button" onclick="switchState('d1e19152_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19152_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.6_Ensure_permissions_on_etcpasswd-_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.467-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1311"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19152_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19157" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured">6.1.7 Ensure permissions on /etc/shadow- are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p><span>The </span><span class="inline_block">/etc/shadow- </span><span>file is used to store backup information about user accounts that is critical to the
+                           security of those accounts, such as the hashed password and other security information.</span></p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/shadow- </span>
+                        
+                        
+                        
+                        file is protected from unauthorized access. Although it is protected by default, the
+                        file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/shadow-</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/shadow-                                                   
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 600 /etc/shadow-                                                         
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19157" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/shadow- are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19157_xml_result_button" onclick="switchState('d1e19157_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19157_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.7_Ensure_permissions_on_etcshadow-_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.468-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1312"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19157_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19162" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured">6.1.8 Ensure permissions on /etc/group- are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/group- </span>
+                        
+                        
+                        
+                        file contains a backup list of all the valid groups defined in the system.       
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/group- </span>
+                        
+                        
+                        
+                        file is protected from unauthorized access. Although it is protected by default, the
+                        file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/group-</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/group-                                                    
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 600 /etc/group-                                                          
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19162" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/group- are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19162_xml_result_button" onclick="switchState('d1e19162_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19162_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.8_Ensure_permissions_on_etcgroup-_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.468-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1313"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19162_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19167" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured">6.1.9 Ensure permissions on /etc/gshadow- are configured</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">/etc/gshadow- </span>
+                        
+                        
+                        
+                        file is used to store backup information about groups that is critical to the security
+                        of those accounts, such as the hashed password and other security information.   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        It is critical to ensure that the                                                
+                        <span class="inline_block">/etc/gshadow- </span>
+                        
+                        
+                        
+                        file is protected from unauthorized access. Although it is protected by default, the
+                        file permissions could be changed either inadvertently or through malicious actions.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Run the following command to set permissions on                                  
+                              <span class="inline_block">/etc/gshadow-</span>
+                              
+                              
+                              
+                              :                                                                        </p><code class="code_block">
+                              
+                              
+                              
+                              # chown root:root /etc/gshadow-                                                  
+                              <br></br>
+                              
+                              
+                              
+                              # chmod 600 /etc/gshadow-                                                        
+                              </code><p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19167" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure permissions on /etc/gshadow- are configured</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19167_xml_result_button" onclick="switchState('d1e19167_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19167_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.468-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1314"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19167_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19172" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist">6.1.10 Ensure no world writable files exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Unix-based systems support variable settings to control access to files. World writable
+                        files are the least secure. See the                                              
+                        <span class="inline_block">chmod(2)</span>
+                        
+                        
+                        
+                        man page for more information.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Data in world-writable files can be modified and compromised by any user on the system.
+                        World writable files may also indicate an incorrectly written script or program that
+                        could potentially be the cause of a larger compromise to the system's integrity.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Removing write access for the "other" category (                                 
+                              <span class="inline_block">
+                                 
+                                 
+                                 
+                                 chmod o-w                                                                        
+                                 <em>&lt;filename&gt;</em></span><em>)</em>
+                              
+                              
+                              
+                              is advisable, but always consult relevant vendor documentation to avoid breaking any
+                              application dependencies on a given file.                                        
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19172" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Script: sce/world_writable_files.sh</td>
+                           <td>Exit Code: 101</td>
+                           <td class="Rule pass">pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19172_xml_result_button" onclick="switchState('d1e19172_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19172_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.468-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://open-scap.org/page/SCE"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="sce/world_writable_files.sh"/&gt;
+      &lt;check-content&gt;
+         &lt;command_result script="C:\CIS\Assessor-CLI\sce\world_writable_files.sh"
+                         href="sce/world_writable_files.sh"
+                         xccdf="pass"
+                         exit-value="101"&gt;
+            &lt;out/&gt;
+            &lt;err/&gt;
+            &lt;env/&gt;
+         &lt;/command_result&gt;
+      &lt;/check-content&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19172_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19181" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist">6.1.11 Ensure no unowned files or directories exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Sometimes when administrators delete users from the password file they neglect to
+                        remove all files owned by those users from the system.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>A new user who is assigned the deleted user's user ID or group ID may then end up
+                        "owning" these files, and thus have more access on the system than was intended.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Locate files that are owned by users or groups not listed in the system configuration
+                              files, and reset the ownership of these files to some active user on the system as
+                              appropriate.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19181" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Script: sce/no_unowned_files_and_directories.sh</td>
+                           <td>Exit Code: 101</td>
+                           <td class="Rule pass">pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19181_xml_result_button" onclick="switchState('d1e19181_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19181_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.11_Ensure_no_unowned_files_or_directories_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://open-scap.org/page/SCE"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="sce/no_unowned_files_and_directories.sh"/&gt;
+      &lt;check-content&gt;
+         &lt;command_result script="C:\CIS\Assessor-CLI\sce\no_unowned_files_and_directories.sh"
+                         href="sce/no_unowned_files_and_directories.sh"
+                         xccdf="pass"
+                         exit-value="101"&gt;
+            &lt;out/&gt;
+            &lt;err/&gt;
+            &lt;env/&gt;
+         &lt;/command_result&gt;
+      &lt;/check-content&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19181_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19190" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist">6.1.12 Ensure no ungrouped files or directories exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Sometimes when administrators delete users or groups from the system they neglect
+                        to remove all files owned by those users or groups.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>A new user who is assigned the deleted user's user ID or group ID may then end up
+                        "owning" these files, and thus have more access on the system than was intended.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Locate files that are owned by users or groups not listed in the system configuration
+                              files, and reset the ownership of these files to some active user on the system as
+                              appropriate.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19190" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Script: sce/no_ungrouped_files_and_directories.sh</td>
+                           <td>Exit Code: 101</td>
+                           <td class="Rule pass">pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19190_xml_result_button" onclick="switchState('d1e19190_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19190_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.1.12_Ensure_no_ungrouped_files_or_directories_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;check system="http://open-scap.org/page/SCE"
+          negate="false"
+          multi-check="false"&gt;
+      &lt;check-content-ref href="sce/no_ungrouped_files_and_directories.sh"/&gt;
+      &lt;check-content&gt;
+         &lt;command_result script="C:\CIS\Assessor-CLI\sce\no_ungrouped_files_and_directories.sh"
+                         href="sce/no_ungrouped_files_and_directories.sh"
+                         xccdf="pass"
+                         exit-value="101"&gt;
+            &lt;out/&gt;
+            &lt;err/&gt;
+            &lt;env/&gt;
+         &lt;/command_result&gt;
+      &lt;/check-content&gt;
+   &lt;/check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19190_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9488" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e9901" class="group">
+                  <h2 class="ruleGroupTitle" title="xccdf_org.cisecurity.benchmarks_group_6.2_User_and_Group_Settings">6.2 User and Group Settings</h2>
+                  <div class="description">
+                     <p>This section provides guidance on securing aspects of the users and groups.</p>
+                  </div>
+               </div>
+               <div id="detail-d1e19203" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty">6.2.1 Ensure password fields are not empty</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>An account with an empty password field means that anybody may log in as that user
+                        without providing a password.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>All accounts must have passwords or be locked to prevent the account from being used
+                        by an unauthorized user.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              If any accounts in the                                                           
+                              <span class="inline_block">/etc/shadow </span>
+                              
+                              
+                              
+                              file do not have a password, run the following command to lock the account until it
+                              can be determined why it does not have a password:                               
+                              </p><code class="code_block">
+                              
+                              
+                              
+                              # passwd -l                                                                      
+                              <em>&lt;username&gt;</em></code><p>Also, check to see if the account is logged in and investigate what it is being used
+                              for to determine if it needs to be forced off.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19203" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure password fields are not empty</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19203_xml_result_button" onclick="switchState('d1e19203_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19203_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.1_Ensure_password_fields_are_not_empty"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-export export-name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:var:1318"
+                       value-id="xccdf_org.cisecurity.benchmarks_value_6.2.1.1_var"/&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1318"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19203_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19210" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd">6.2.2 Ensure no legacy "+" entries exist in /etc/passwd</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The character + in various files used to be markers for systems to insert data from
+                        NIS maps at a certain point in a system configuration file. These entries are no longer
+                        required on most systems, but may exist in files that have been imported from other
+                        platforms.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>These entries may provide an avenue for attackers to gain privileged access on the
+                        system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Remove any legacy '+' entries from                                               
+                              <span class="inline_block">/etc/passwd</span>
+                              
+                              
+                              
+                              if they exist.                                                                   
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19210" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no legacy "+" entries exist in /etc/passwd</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19210_xml_result_button" onclick="switchState('d1e19210_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19210_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.2_Ensure_no_legacy__entries_exist_in_etcpasswd"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1319"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19210_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19215" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow">6.2.3 Ensure no legacy "+" entries exist in /etc/shadow</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The character + in various files used to be markers for systems to insert data from
+                        NIS maps at a certain point in a system configuration file. These entries are no longer
+                        required on most systems, but may exist in files that have been imported from other
+                        platforms.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>These entries may provide an avenue for attackers to gain privileged access on the
+                        system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p><span>Remove any legacy '+' entries from </span><span class="inline_block">/etc/shadow</span><span> if they exist.</span></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19215" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no legacy "+" entries exist in /etc/shadow</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19215_xml_result_button" onclick="switchState('d1e19215_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19215_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.3_Ensure_no_legacy__entries_exist_in_etcshadow"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1320"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19215_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19220" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup">6.2.4 Ensure no legacy "+" entries exist in /etc/group</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The character + in various files used to be markers for systems to insert data from
+                        NIS maps at a certain point in a system configuration file. These entries are no longer
+                        required on most systems, but may exist in files that have been imported from other
+                        platforms.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>These entries may provide an avenue for attackers to gain privileged access on the
+                        system.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p><span>Remove any legacy '+' entries from </span><span class="inline_block">/etc/group</span><span> if they exist.</span></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19220" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no legacy "+" entries exist in /etc/group</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19220_xml_result_button" onclick="switchState('d1e19220_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19220_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.4_Ensure_no_legacy__entries_exist_in_etcgroup"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1321"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19220_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19225" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account">6.2.5 Ensure root is the only UID 0 account</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>Any account with UID 0 has superuser privileges on the system.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        This access must be limited to only the default                                  
+                        <span class="inline_block">root </span>
+                        
+                        
+                        
+                        account and only from the system console. Administrative access must be through an
+                        unprivileged account using an approved mechanism as noted in Item 5.6 Ensure access
+                        to the su command is restricted.                                                 
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p><span>
+                                 
+                                 
+                                 
+                                 Remove any users other than                                                      
+                                 <span class="inline_block">root</span>
+                                 
+                                 
+                                 
+                                 with UID                                                                         
+                                 <span class="inline_block">0</span>
+                                 
+                                 
+                                 
+                                 or assign them a new UID if appropriate.                                         
+                                 </span></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19225" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure root is the only UID 0 account</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19225_xml_result_button" onclick="switchState('d1e19225_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19225_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.5_Ensure_root_is_the_only_UID_0_account"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1322"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19225_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19230" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity">6.2.6 Ensure root PATH Integrity</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">root </span>
+                        
+                        
+                        
+                        user can execute any command on the system and could be fooled into executing programs
+                        unintentionally if the                                                           
+                        <span class="inline_block">PATH </span>
+                        
+                        
+                        
+                        is not set correctly.                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Including the current working directory (.) or other writable directory in       
+                        <span class="inline_block">root</span>
+                        
+                        
+                        
+                        's executable path makes it likely that an attacker can gain superuser access by forcing
+                        an administrator operating as                                                    
+                        <span class="inline_block">root </span>
+                        
+                        
+                        
+                        to execute a Trojan horse program.                                               
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Correct or justify any items discovered in the Audit step.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19230" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure root PATH Integrity</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure root PATH Integrity</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure root PATH Integrity</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19230_xml_result_button" onclick="switchState('d1e19230_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19230_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.6_Ensure_root_PATH_Integrity"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.469-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;complex-check operator="AND" negate="false"&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1323"/&gt;
+         &lt;/check&gt;
+         &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+                negate="false"
+                multi-check="false"&gt;
+            &lt;check-content-ref href="#OVAL-Results-1"
+                               name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1324"/&gt;
+         &lt;/check&gt;
+      &lt;/complex-check&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1325"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19230_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19240" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist">6.2.7 Ensure all users' home directories exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Users can be defined in                                                          
+                        <span class="inline_block">/etc/passwd</span>
+                        
+                        
+                        
+                        without a home directory or with a home directory that does not actually exist.  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>If the user's home directory does not exist or is unassigned, the user will be placed
+                        in "/" and will not be able to write any files or have local environment variables
+                        set.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>If any users' home directories do not exist, create them and make sure the respective
+                              user owns the directory. Users without an assigned home directory should be removed
+                              or assigned a home directory as appropriate.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19240" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure all users' home directories exist</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19240_xml_result_button" onclick="switchState('d1e19240_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19240_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.7_Ensure_all_users_home_directories_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1326"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19240_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19245" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive">6.2.8 Ensure users' home directories permissions are 750 or more restrictive</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>While the system administrator can establish secure permissions for users' home directories,
+                        the users can easily override these.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Group or world-writable user home directories may enable malicious users to steal
+                        or modify other users' data or to gain another user's system privileges.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Making global modifications to user home directories without alerting the user community
+                              can result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user file permissions and determine the
+                              action to be taken in accordance with site policy.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19245" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure users' home directories permissions are 750 or more restrictive</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19245_xml_result_button" onclick="switchState('d1e19245_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19245_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.8_Ensure_users_home_directories_permissions_are_750_or_more_restrictive"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1327"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19245_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19250" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories">6.2.9 Ensure users own their home directories</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The user home directory is space defined for the particular user to set local environment
+                        variables and to store personal files.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Since the user is accountable for files stored in the user home directory, the user
+                        must be the owner of the directory.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Change the ownership of any home directories that are not owned by the defined user
+                              to the correct user.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19250" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure users own their home directories</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19250_xml_result_button" onclick="switchState('d1e19250_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19250_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.9_Ensure_users_own_their_home_directories"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1328"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19250_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19255" class="Rule "><span class="outcome fail ruleResultArea">Fail</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable">6.2.10 Ensure users' dot files are not group or world writable</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>While the system administrator can establish secure permissions for users' "dot" files,
+                        the users can easily override these.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>Group or world-writable user configuration files may enable malicious users to steal
+                        or modify other users' data or to gain another user's system privileges.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Making global modifications to users' files without alerting the user community can
+                              result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user dot file permissions and determine
+                              the action to be taken in accordance with site policy.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19255" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure users' dot files are not group or world writable</td>
+                           <td class="Rule fail">Fail</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19255_xml_result_button" onclick="switchState('d1e19255_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19255_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.10_Ensure_users_dot_files_are_not_group_or_world_writable"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;fail&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1329"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19255_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19260" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files">6.2.11 Ensure no users have .forward files</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">.forward </span>
+                        
+                        
+                        
+                        file specifies an email address to forward the user's mail to.                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Use of the                                                                 <span class="inline_block">.forward </span>
+                        
+                        
+                        
+                        file poses a security risk in that sensitive data may be inadvertently transferred
+                        outside the organization. The                                                    
+                        <span class="inline_block">.forward </span>
+                        
+                        
+                        
+                        file also poses a risk as it can be used to execute commands that may perform unintended
+                        actions.                                                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Making global modifications to users' files without alerting the user community can
+                              result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user                                
+                              <span class="inline_block">.forward </span>
+                              
+                              
+                              
+                              files and determine the action to be taken in accordance with site policy.       
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19260" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no users have .forward files</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19260_xml_result_button" onclick="switchState('d1e19260_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19260_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.11_Ensure_no_users_have_.forward_files"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1330"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19260_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19265" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files">6.2.12 Ensure no users have .netrc files</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">.netrc </span>
+                        
+                        
+                        
+                        file contains data for logging into a remote host for file transfers via FTP.    
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        The                                                                 <span class="inline_block">.netrc </span>
+                        
+                        
+                        
+                        file presents a significant security risk since it stores passwords in unencrypted
+                        form. Even if FTP is disabled, user accounts may have brought over               
+                        <span class="inline_block">.netrc </span>
+                        
+                        
+                        
+                        files from other systems which could pose a risk to those systems.               
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Making global modifications to users' files without alerting the user community can
+                              result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user                                
+                              <span class="inline_block">.netrc </span>
+                              
+                              
+                              
+                              files and determine the action to be taken in accordance with site policy.       
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19265" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no users have .netrc files</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19265_xml_result_button" onclick="switchState('d1e19265_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19265_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.12_Ensure_no_users_have_.netrc_files"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.470-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1331"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19265_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19271" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible">6.2.13 Ensure users' .netrc Files are not group or world accessible</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        While the system administrator can establish secure permissions for users'       
+                        <span class="inline_block">.netrc </span>
+                        
+                        
+                        
+                        files, the users can easily override these.                                      
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p><span class="inline_block">.netrc </span>
+                        
+                        
+                        
+                        files may contain unencrypted passwords that may be used to attack other systems.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Making global modifications to users' files without alerting the user community can
+                              result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user                                
+                              <span class="inline_block">.netrc </span>
+                              
+                              
+                              
+                              file permissions and determine the action to be taken in accordance with site policy.
+                              </p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19271" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure users' .netrc Files are not group or world accessible</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19271_xml_result_button" onclick="switchState('d1e19271_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19271_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.13_Ensure_users_.netrc_Files_are_not_group_or_world_accessible"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1332"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19271_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19276" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files">6.2.14 Ensure no users have .rhosts files</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        While no                                                                 <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        files are shipped by default, users can easily create them.                      
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        This action is only meaningful if                                                
+                        <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        support is permitted in the file                                                 
+                        <span class="inline_block">/etc/pam.conf</span>
+                        
+                        
+                        
+                        . Even though the                                                                
+                        <span class="inline_block">.rhosts </span>
+                        
+                        
+                        
+                        files are ineffective if support is disabled in                                  
+                        <span class="inline_block">/etc/pam.conf</span>
+                        
+                        
+                        
+                        , they may have been brought over from other systems and could contain information
+                        useful to an attacker for those other systems.                                   
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>
+                              
+                              
+                              
+                              Making global modifications to users' files without alerting the user community can
+                              result in unexpected outages and unhappy users. Therefore, it is recommended that
+                              a monitoring policy be established to report user                                
+                              <span class="inline_block">.rhosts </span><span>files and determine the action to be taken in accordance with site policy.</span></p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19276" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no users have .rhosts files</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19276_xml_result_button" onclick="switchState('d1e19276_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19276_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.14_Ensure_no_users_have_.rhosts_files"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1333"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19276_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19281" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup">6.2.15 Ensure all groups in /etc/passwd exist in /etc/group</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Over time, system administration errors and changes can lead to groups being defined
+                        in                                                                 <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        but not in                                                                 <span class="inline_block">/etc/group</span>
+                        
+                        
+                        
+                        .                                                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Groups defined in the                                                            
+                        <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        file but not in the                                                              
+                        <span class="inline_block">/etc/group </span>
+                        
+                        
+                        
+                        file pose a threat to system security since group permissions are not properly managed.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Analyze the output of the Audit step above and perform the appropriate action to correct
+                              any discrepancies found.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19281" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure all groups in /etc/passwd exist in /etc/group</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19281_xml_result_button" onclick="switchState('d1e19281_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19281_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.15_Ensure_all_groups_in_etcpasswd_exist_in_etcgroup"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1334"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19281_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19286" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist">6.2.16 Ensure no duplicate UIDs exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Although the                                                                 <span class="inline_block">useradd </span>
+                        
+                        
+                        
+                        program will not let you create a duplicate User ID (UID), it is possible for an administrator
+                        to manually edit the                                                             
+                        <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        file and change the UID field.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>Users must be assigned unique UIDs for accountability and to ensure appropriate access
+                        protections.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Based on the results of the audit script, establish unique UIDs and review all files
+                              owned by the shared UIDs to determine which UID they are supposed to belong to.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19286" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no duplicate UIDs exist</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19286_xml_result_button" onclick="switchState('d1e19286_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19286_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.16_Ensure_no_duplicate_UIDs_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1335"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19286_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19291" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist">6.2.17 Ensure no duplicate GIDs exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Although the                                                                 <span class="inline_block">groupadd </span>
+                        
+                        
+                        
+                        program will not let you create a duplicate Group ID (GID), it is possible for an
+                        administrator to manually edit the                                               
+                        <span class="inline_block">/etc/group </span>
+                        
+                        
+                        
+                        file and change the GID field.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>User groups must be assigned unique GIDs for accountability and to ensure appropriate
+                        access protections.</p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Based on the results of the audit script, establish unique GIDs and review all files
+                              owned by the shared GID to determine which group they are supposed to belong to.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19291" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no duplicate GIDs exist</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19291_xml_result_button" onclick="switchState('d1e19291_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19291_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.17_Ensure_no_duplicate_GIDs_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1336"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19291_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19296" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist">6.2.18 Ensure no duplicate user names exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Although the                                                                 <span class="inline_block">useradd </span>
+                        
+                        
+                        
+                        program will not let you create a duplicate user name, it is possible for an administrator
+                        to manually edit the                                                             
+                        <span class="inline_block">/etc/passwd </span>
+                        
+                        
+                        
+                        file and change the user name.                                                   
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If a user is assigned a duplicate user name, it will create and have access to files
+                        with the first UID for that username in                                          
+                        <span class="inline_block">/etc/passwd</span>
+                        
+                        
+                        
+                        . For example, if "test4" has a UID of 1000 and a subsequent "test4" entry has a UID
+                        of 2000, logging in as "test4" will use UID 1000. Effectively, the UID is shared,
+                        which is a security problem.                                                     
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Based on the results of the audit script, establish unique user names for the users.
+                              File ownerships will automatically reflect the change as long as the users have unique
+                              UIDs.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19296" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no duplicate user names exist</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19296_xml_result_button" onclick="switchState('d1e19296_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19296_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.18_Ensure_no_duplicate_user_names_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1337"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19296_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19301" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist">6.2.19 Ensure no duplicate group names exist</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>
+                        
+                        
+                        
+                        Although the                                                                 <span class="inline_block">groupadd </span>
+                        
+                        
+                        
+                        program will not let you create a duplicate group name, it is possible for an administrator
+                        to manually edit the                                                             
+                        <span class="inline_block">/etc/group </span>
+                        
+                        
+                        
+                        file and change the group name.                                                  
+                        </p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        If a group is assigned a duplicate group name, it will create and have access to files
+                        with the first GID for that group in                                             
+                        <span class="inline_block">/etc/group</span>
+                        
+                        
+                        
+                        . Effectively, the GID is shared, which is a security problem.                   
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Based on the results of the audit script, establish unique names for the user groups.
+                              File group ownerships will automatically reflect the change as long as the groups
+                              have unique GIDs.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19301" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure no duplicate group names exist</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19301_xml_result_button" onclick="switchState('d1e19301_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19301_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.19_Ensure_no_duplicate_group_names_exist"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1338"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19301_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+               <div id="detail-d1e19306" class="Rule failuresOnlyArea visible"><span class="outcome pass ruleResultArea">Pass</span><h3 class="ruleTitle" title="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty">6.2.20 Ensure shadow group is empty</h3>
+                  <div class="description">
+                     <div class="bold">Description:</div>
+                     <p>The shadow group allows system programs which require access the ability to read the
+                        /etc/shadow file. No users should be assigned to the shadow group.</p>
+                  </div>
+                  <div class="rationale">
+                     <p>
+                        
+                        
+                        
+                        Any users assigned to the shadow group would be granted read access to the /etc/shadow
+                        file. If attackers can gain read access to the                                   
+                        <span class="inline_block">/etc/shadow </span>
+                        
+                        
+                        
+                        file, they can easily run a password cracking program against the hashed passwords
+                        to break them. Other security information that is stored in the                  
+                        <span class="inline_block">/etc/shadow </span>
+                        
+                        
+                        
+                        file (such as expiration) could also be useful to subvert additional user accounts.
+                        </p>
+                  </div>
+                  <div class="fixtext">
+                     <div>
+                        <p>
+                           <p>Remove all users from the shadow group, and change the primary group of any users
+                              with shadow as their primary group.</p>
+                           <p></p>
+                        </p>
+                     </div>
+                  </div>
+                  <div id="detail-d1e19306" class="check">
+                     <table width="100%" class="evidence">
+                        <tr>
+                           <td>Ensure shadow group is empty</td>
+                           <td class="Rule pass">Pass</td>
+                        </tr>
+                     </table>
+                  </div><br></br><div><span class="action" id="d1e19306_xml_result_button" onclick="switchState('d1e19306_xml_result'); return false;">Show</span><span class="caption"> Rule Result XML</span></div>
+                  <div class="xml" id="d1e19306_xml_result">
+                     <pre>&lt;rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
+             xmlns="http://checklists.nist.gov/xccdf/1.2"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
+             xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
+             xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
+             xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
+             idref="xccdf_org.cisecurity.benchmarks_rule_6.2.20_Ensure_shadow_group_is_empty"
+             role="full"
+             severity="unknown"
+             time="2019-11-19T23:30:03.471-05:00"
+             version="1"
+             weight="1.0"&gt;
+   &lt;result&gt;pass&lt;/result&gt;
+   &lt;complex-check operator="AND" negate="false"&gt;
+      &lt;check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+             negate="false"
+             multi-check="false"&gt;
+         &lt;check-content-ref href="#OVAL-Results-1"
+                            name="oval:org.cisecurity.benchmarks.o_canonical_ubuntu_linux:def:1339"/&gt;
+      &lt;/check&gt;
+   &lt;/complex-check&gt;
+&lt;/rule-result&gt;
+</pre>
+                  </div><script type="text/javascript">setState('d1e19306_xml_result', false);</script><div class="backtop"><a href="#summary-d1e9901" title="back to summary">Back to Summary</a></div>
+               </div>
+            </div>
+            <div id="rear-matter">
+               <div class="backtop"><a href="#top" title="back to top">⇧</a></div>
+            </div>
+            <div id="footerContainer">
+               <div class="footerBar"><br></br></div>
+            </div>
+         </div>
+      </div>
+   </body>
+</html>
\ No newline at end of file