From 22b545a8b2dc71c0f536fa85e61f2a431e224264 Mon Sep 17 00:00:00 2001 From: Benedikt Filip Date: Thu, 29 Apr 2021 12:15:02 +0200 Subject: [PATCH] Add privacy function, modified readme --- README.md | 45 +++++++++++++++++--- check_mk_telegram-notify.sh | 33 ++++++++++++++ images/notification_rule_modify_privacy.png | Bin 0 -> 13344 bytes 3 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 images/notification_rule_modify_privacy.png diff --git a/README.md b/README.md index ae119c0..0b05df3 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,18 @@ The following Script is for Check_MK, I have used it exclusively with the RAW ve - [Check_MK Telegram notification](#check_mk-telegram-notification) - - [LATEST UPDATE](#latest-update) - [EXAMPLE](#example) - [REQUIREMENTS](#requirements) - [INSTALLATION](#installation) - [CHECK_MK CONFIGURATION](#check_mk-configuration) + - [PRIVACY ANONYMIZATION / MASQUERADING](#privacy-anonymization--masquerading) + - [PAGER ADDRESS CHAT-ID INSTEAD OF TELEGRAM GROUP-ID](#pager-address-chat-id-instead-of-telegram-group-id) + - [TROUBLESHOOTING](#troubleshooting) + - [CONTRIBUTION](#contribution) - [LICENSE](#license) -## LATEST UPDATE -The Telegram token (API key) and the chat/group ID are no longer stored in a separate XML file and instead are passed directly by Check_MK as parameters. This offers the possibility to create several notification groups and to use the script universally. - ## EXAMPLE Notifications are usually sent via a Telegram group. Here is an example of how a Telegram notification is structured. @@ -87,11 +87,46 @@ omd stop omd start ``` +## PRIVACY ANONYMIZATION / MASQUERADING +The current version of this script allows you to optionally enable IP anonymization. This gives you the option to comply with your own privacy policy or the recommendations of data protection authorities in certain countries if they prohibit the transmission of the full IP address. This masks IPv4 and IPv6 IP addresses before they are transmitted in a message to the Telegram service. + +The activation of the privacy settings is realized directly in the Notification Rules in Check_MK by NOTIFY_PARAMETER_3, here the value "privacy" has to be entered: + +Enable privacy settings + +There are certainly different requirements for privacy and masquerading of IP addresses. In the script, the IPv4 IP address is split into the 4 octets, the IPv6 address into the 8 columns. This allows to control __very individually__ which parts of the addresses are sent via Telegram and which are not. Both, placeholders and manipulations are basically possible here. + +The adjustment is done exclusively in the following two lines of the script. +``` +# Adjust the output to your privacy needs here (Details in the readme.md) +NOTIFY_HOST_ADDRESS_4="${sec1}.${sec2}.2.${sec4}" +NOTIFY_HOST_ADDRESS_6="${sec1}:${sec2}:${sec3}:${sec4}:ffff:ffff:ffff:${sec8}" +``` + +Explanation for the example configuration above: +* 192.168.__143__.104 --> 192.168.__2__.104 +* 2001:db8:85a3:8d3:__1319__:__8a2e__:__370__:7348 --> 2001:db8:85a3:8d3:__ffff__:__ffff__:__ffff__:7348 + +## PAGER ADDRESS (CHAT-ID) INSTEAD OF TELEGRAM GROUP-ID +A different approach is to use the 'Pager address' field in Check_MK's user properties. This gets exported as $NOTIFY_CONTACTPAGER variable to the script and as such all that's needed is: +``` +if [ -z ${NOTIFY_CONTACTPAGER} ]; then + echo "No pager address provided to be used as Chat-ID. Exiting" >&2 + exit 2 +else + CHAT_ID="${NOTIFY_CONTACTPAGER}" +fi +``` + +## TROUBLESHOOTING For more details and troubleshooting with parameters please check: [Check_MK Manual > Notifications > Chapter: 11.3. A simple example](https://docs.checkmk.com/latest/en/notifications.html#H1:Real) [[Feature-Request] Multiple Alert Profiles](https://github.com/filipnet/checkmk-telegram-notify/issues/3) +## CONTRIBUTION +Thank you for the excellent contributions and additional information @ThomasKaiser, which I have integrated into the README. + ## LICENSE -checkmk-telegram-notify and all individual scripts are under the BSD 3-Clause license unless explicitly noted otherwise. Please refer to the LICENSE +checkmk-telegram-notify and all individual scripts are under the BSD 3-Clause license unless explicitly noted otherwise. Please refer to the LICENSE \ No newline at end of file diff --git a/check_mk_telegram-notify.sh b/check_mk_telegram-notify.sh index 9d649d9..982602c 100755 --- a/check_mk_telegram-notify.sh +++ b/check_mk_telegram-notify.sh @@ -25,6 +25,39 @@ else CHAT_ID="${NOTIFY_PARAMETER_2}" fi +# Privacy settings to anonymize/masking IP addresses +if [ ${NOTIFY_PARAMETER_3} = "privacy" ]; then + # IPv4 IP addresses + if [ ${NOTIFY_HOST_ADDRESS_4} ]; then + slice="${NOTIFY_HOST_ADDRESS_4}" + count=1 + while [ "$count" -le 4 ] + do + declare sec"$count"="${slice%%.*}" + slice="${slice#*.}" + count=$((count+1)) + done + # Adjust the output to your privacy needs here (Details in the readme.md) + NOTIFY_HOST_ADDRESS_4="${sec1}.${sec2}.2.${sec4}" + fi + + # IPv6 IP addresses + if [ ${NOTIFY_HOST_ADDRESS_6} ]; then + slice="${NOTIFY_HOST_ADDRESS_6}" + count=1 + while [ "$count" -le 8 ] + do + declare sec"$count"="${slice%%:*}" + slice="${slice#*:}" + count=$((count+1)) + done + # Adjust the output to your privacy needs here (Details in the readme.md) + NOTIFY_HOST_ADDRESS_6="${sec1}:${sec2}:${sec3}:${sec4}:ffff:ffff:ffff:${sec8}" + fi +else + echo "Invalid privacy parameter, check your Check_MK settings." >&2 +fi + # Create a MESSAGE variable to send to your Telegram bot MESSAGE="${NOTIFY_HOSTNAME} (${NOTIFY_HOSTALIAS})%0A" MESSAGE+="${NOTIFY_WHAT} ${NOTIFY_NOTIFICATIONTYPE}%0A%0A" diff --git a/images/notification_rule_modify_privacy.png b/images/notification_rule_modify_privacy.png new file mode 100644 index 0000000000000000000000000000000000000000..4cb9b74d6d649a4435f0a3dbbb2aab24b8955121 GIT binary patch literal 13344 zcmb_@1ymf*_GX6&36_K)!INOY-8Hxb2<{Tx-3gWi_rX254DK$$J-7@K7$kUbXSU(@ zfA8!$`*zRT9GGspYkI0~Ro(Bq-@OEVk`+fs!AAiA09{f-L;(OE*@EZ!PoIGAfl7EG z;Nh9Agt`L&V07I5KIpN@Hv|9_IWuA5PoGR}9Bmv-ZEW923JbrnwYM=gvorz#*SS9KN%~VL_QiYpYIRa9HTg;pZZ_{g6`o$xqzV91E16c3Ps?@BS3G!Kpzf#q673Oz1PP9pVae2 zj|YHe%vuwK>%2G^cuaTWvImW;d$a?b(=}P_sCQS^@r10h;hYp!D`^g=A7!0?VW8zGa~C} zXV+F&XQVoXG(Y#NdfuA+)NNC}vApo&y*@kn-LgXF%dG7y{^i*;y=g%A7e>~9RTQvkkKpk zR|@nz1ptvBzSLzO2#(ud)3!Y!Y=1o8j(V-f{#}Ty^QX`YArwO&LVG=`qOU^l{fEkk zsPz~o1c_MNt&r!N zK&uw6&*#AZE|!V<%g~W2DFWw5@-O=;e7;cjjE!GV)8}&${K7qqZGT=PvvgWA(sy?V zm2=WQi#8Z2e^-PC?Zz)tDSFr#bYd`4?(zuJSG4UJ`y&^jH=l_=NT_{Olbw;se?v&d z`f~0W$Fqmu<$qGXi_Vv>qG)(|(fL}RnJGX`f|hg&GvXD)3y(nIP7X56AYo?8`bZ?n z@@%Cs%rUVsYX#Cx+Ja1gmckHBnOa1?{rW z6<6LX^qWiJt-V-dU3+4b!2CfuD@kD?KSSvyTZD#CaYl_oseC~GD^{l@uAy%@lF~WF znX%*ernshOW~F}|8(uEN63fQ_QXL!E6#oV3wBgLN~}~YMJxd|gHl0ZZsB4fs`8QYfKo(( zj-qFYm@TS$DWNa4$RWsR6me;_&f7~!YtivZ`)HH5=+?Y( zN$AONqjY0+nRg_A>vyF*Yo=X31m_~q|W^`pF5 zlVV|F&qK|+wcuoMt8T0AEQ%)-Zz-f@wq*8_6lCgisd9Nf@_g(W8XU?Tno49#=3|;> z-bmg^o=#q>)zfg*psmTTsWXzSSk=f?->Ye|_S4`}&rws>(5@6KPAw*%YAkNddzn`+ z8!Zb>n=^hFyWH3=1c`-7>0BK-FoMs+c@3Zh~u4@9^y?FeFI& z>i~T`KYcPm_d;*;s+8l2o%XW(*hy+~W%AG6d|2ro`<~fez8=HCe<6H3Rb~wK*<@XP@_R`A_-n)8YJZUXDfPMRnal zj<(v~+5x!^n>1a&C1Gz;gdxHmF$(1QkUuba807oGR}<;#-2Kbj)^GuCn9*s)?Cyuq zAN3!wKSX>j{<_v){MNL0C$jkM*+#-})UX+b-zTp>Q@@ZuuYV5d@Is^X3-D9*7YMfv zRKp)-if3~fofmdk61fzK6Io0)VUpu2rITW#<}ai-=bhtdU~LfSrZ-j}oK#CyleCm3 z9L4|wZCNT7B+qz{8|2+1~!zrN0q~(qi{1_<98T0qU3+jBF zQ1Zi9F67}TZa;~Bn!IBeWgiWk5!Rw6mOYf9mT`ydL^ZLwk#(`;(5}^gr!0tU`iTB< zA(=Z3C&~GZ6*C`qGt)OnRHU6y;ai#L8j~%Pbz|p&A|tf8R(`bfv2P^wwksK-e>4;s-pP0*#njC*=RXQTI z_2wdTt_of|Hy8>W`!S8b%9A4Ay5JgWt4TTNu4;UVS2KmXjD@dGd;iz=>IW9vsLCj7 zexBR&)4SSoY7FX2)t@i@QwjL7gMv%2V7T$v-ZSs#UDpT#Z2DUh=VPi0pq=%GBgSLK zo9l~oX_^>uh4Jh07}n^sb5-a|Dpk8Dr=l>1_@Vc(#&0#k^;xaFbxlTjeZxaM0!rCR z$4ZwaGDMU=sY>Q*`khI*U?z_;Tv!g4ArF5^5+KRZX zZk|0`IwMBso^uZMC|X7yCvhe+A!0BWN;*suOIA#}($v>%kQ?M5o!VM-zZQp)JWpZe zRd5wgM4#51gQ zSm$_H0b6^eTBn*+%B^d)<+#Or8$B-9)0onjR8p^HQNQQjTo2F}!fx>~?^I zn3_!E;#+7wa<@6_Iy+gyS@5!_ycr&7oOPkxD{hi&(mfX3{V*%M5HKmAc{@L|Kksec z=JMlcbYA@IiQl)8+o+R>=faO85+eru(fzm6IQhA_Rs`&CHm~!9M+`?O(r|AxZwE?n zaTvVLC%31EM-xUf;t%7aTdlt2+-$XNYSbTs18!-S)20~R_M$TuIEe31D70OjFduH>V^zuy>0D98YS zJ2?ROd;@?B1bEy804GKO*wO<4?gRk9wSnk%i2(o=kEF;4CD*x~1-Xx!CM}4Ah__}m zPa|WL`bxVJS3;j0zIr+KG%*+&)!SRpAlUHMKGxLPH*}Sn4E1MtzL4^aJkB%a2v*;n zOtI=D+NQeN59kU`St|o8_6Fo{upMj$k8zc59|a~l;{UZ-Hn>KH={@XfyCN4w;qMu7 z8$RP@=UU=j+EBaw8zAsqr`4HnKd%t12ModkV4hcvf3H-@T5OCEWF~IoS>5)ndu&?r$F!9@`wjY0ZkDR4(}kz+ zdeF@O964;czIF&D8+z2N&3%?QDs(S=R2fx4WuU8UZ(Pe0Ef}v2r{zc1mr*WoCBlt>MyAwLz4+WwdUzIh!=o z##qtT;cDaMe%_wT>9k?B?V&L<{mVG&z2!#=*X4X1qL}xlFC#V55;7`RtMW#8H6L^n zP$71fT6Nvrwyow$-v&8@A3{Y8uWzACc6Mvq<~X2NhA_ZBp#t_7Kms@6OG z-<1q(SdwF%3}>qhh)+a$=fCcaMi!`Hu9aZ1S*9%oE7quxUw+B>Ze5dA0kC-s-Dr z<(?7jS&g0(XS+{wtt1i+##`Bzj!8>nRiFk;G^cy zB>P3czT_H-^?+b8V*DBQu)w4sBvGWf!;9^`F}3xx^`MG`_yO?|xRvEMaRrLLnhwLM*Wvf#3`d9po?SH=4yymfMWZ<4^g#fjYP zE9v=>+E#76hB8A=y_>FdhIxtmYCXOuxsm!WDrmSwlDb@F-j-A5OsS2H-^jtHE)26j zzamhN$JHKj8_{^JTix!v3IL`O8>-pqd3|i^&ihPe4fAm2qrzXvB(q;2M z`I#TPPP}%rdu5DjL>R)RpR85t-@|8&r(A6b?`U|pDF)#iFZQk6qxmh<5@?s=7}Riq z7nakCUlAu2-SP0t*1ad-kyVL!>3y)`ce~wsD~&i3KvW)Tfb;(I=hqg*t%r<^jG3Do z7u?x{A$dEdDf#bZnYWSrLTB>fWxvoxfcJo(Sw{{h<*ibyx%81t#9m2Jm;ULl*Ef9p zL4ow=R0+qt%z^T8Tn~dHTytbjmyE3?|wS9+83b{$*D54k{T*b<}xu%2CYkW zmhJ%JyD2U^GK_7zn^45}-oc+M&~5&}#jUhl-b&4Z;0ATq<-$X@|Np1@7vwH7`$sL{a;L zBJRoR|X-*pb>FP1Om;sfu{1h;&OAD z)Lndc5wNFND1J|$0+Ns}eR(ghmczqC!*Vt7!kdjd^xM$@L9_Mt5{f~>UzC~o&Uy^! z^c0|_r8PA-m%2LJ-?(}JL>}FB%effbu0;G_)VjL59z7H!4C$&kTwvtkfnHyK`HBSe zniYYgn5hQ8P)SKi55#+Nkm#E0Y#UPy;8#@1z_6c#!@B)RqS_ z0eTS*g$uU5N#}jRxF?KDlI#rzXJ%Ksvu&`ffxKEDb;L&&a?{_Ce0(^=)&_E`kVrSv_ zGoyjjd6OfB^rh>L;%48GdBKUbWp`N9mf4YUIi2)3K69e^qy)}Vu51!5f(DemZF+x4 zu?HS+yr+#rg~9Eg$ez|#?<$^ zj;4_UjD=>6ETIdh(&b=x7CtelldZb(Tzsn^h*`o?H9IDYduDQNk=RAs=VqB5pT4M^ z?8!`M!A}XC66R6&XK%hNO%!2NV!}*SUv4tax2};Z)^&|l`&xa@dDu{ptKI$BVOxXz zV>I8T)PgzpZp@Pf$*b67wP9zrRNBbZNIMyOZEqa9rHb5H_V?s*54%nUw5G7RPBXt4 zQ^nsXxSXFk$))A*N=-0lY?%pa_cL=G8?|}d#;7w61t?!;W+8OA0<`I zn-4OQVcPB17BFcH?dQ6{P)WQJ8<9py*W}cJP#~eiNM@Dn^ariXDd@Xt?HF0bFPD`B zAN6zT<}3Klis}8NPTbIMohUvE$jxDf8g_F|vW0XGBQm9wjf}mmM+)f2oadeX_Vak@ zY*_4!{csWYw5Oq=QC3ljbA)wveisuHJ9mEw?5HKH3Mp%4RpN3$%XPHPOam!w$R-h+ zBCKwtlC>rI8J}q|X*K7awFVcb>{tp6=!_VV+MFx6(eT7pBZPAzuBMbx;7vG-918Ai zo`+vPx+(Y;VuW?a7)=(dH>}>Q&|F|p&@5Fzb7)T0JP+eJ{LUO)3il864-F+6tc=Gx z*weBR)pUh4sQF8@s9PSi%Bjvto|ei85s2ZW#?2rj#VLL=>z?-X4#8EhLUE=A;E_aeSq=OaQUyz~SBS)v461LK*}T6qlqf7D;2Z zOygNF2O^-X%?fF3)a0uaC>X<=H1RZFh{m*7B*%QIV?)2!p2(@K)qTnoH!Bft&oJQG zbKqrW&P+^9R4yGE9E@xNJ&J3xhL91DgYZx-WMt;)$e;JD-YEZ&*8IPNNi6I~H!hP* z&ay<$;U>RDmMj#rHvD7spUBQLVH#I-lIYUxTeO%B`^$&TS+iUGwznC><$-snEEQ8&Grsa#9T0W7e!Nc zg8IjGb=OA6y-MHMtl~i=g-^G3{Di=192;($OgkTDWXC8Oe2%HUq;YaH*ve481vx4` z-E1#Mm|R8DY(SxD>teYIO}sH>Z#03xv(XY6$-N4~$aDsEl$xdIXe=C>x$TJ)oi$=$ zh}1D0H?|Z=H^PcG2tdi6JxL9A=`B6NC1h?0FDxyl^h})T%!QJ8 zVY+U!ep^w%MDc{9WGdhGIt?Emf5LXDRLCRQS}Qcoz@UE6;aY(u$L|X_pr?(OBI{5i z=Evn>0!Mu`uuyRO47x>6w9s;7U(+)v!OakcT$4jE9=%PwjJG2X9Uz~c9&@W)YQ1?k zae$+0{8scf`+Y{zAGsNZfxK|56}C!}*?PrquU@f(78-@BmY$a&0g-J%Taz4%KTvkl z^Wh8MMMSD)Ai5pvp)re}Tge9*7tx8p50lZ;?-quY5!2 z(60%VmU()V5qmGqxPP2`8z&kmcd?ltxvn0t_EQx6O@(g~qd&kAE&YBqm9%a{3j0e+l%Fhk?7g1Ny5p44Omg0D zIv2X#{5kz4anFlTLM?wsi9_cc3l}~L&PK#^li_HbTt~7Euyag}#MX%uzL(D~>v7|* zVE;I%ST`sly9Do=+}HjFF43+Tg?A>RQ{+l}Q9dZLX>ly<^^olE=95eoniEzDL?+VBhEV;YzoY=h1n=z&c;+xI{yj(mBNY3oRUH9+LXGORKOslXg!&j zZN1H#HtdF#Y8L9G;)im}OVJ!{m^b5>@&JJSylKm8K$T$*rI37ZLCnw}=a~GH<5%+G zYqMHn-V(*}zF1AqlPV&`#+Q6kD{%hmq@F`rS?H#rW5$Y8E-j>Hmg~JFn8i>>!gAdi zUy%%$OSN`t=pg3|kB$-zowlxI3rXNj)>hKqLH)+(?l>3O!MGY(bv~0Ps4jV)ugg1T zMmne4d|bdVo@a%Anm;*55C8fW{`F_bYZK24?n#$yO&Md|4pbDE5}gssg9McLqx$G> z<{xb$Nl>ns^&}(5ch0i|2;kL4Fz4NoleXlbfY%Huhl7_h6 z5O6yFBj43Fwb#h)`uB%UlWRtOJy-MDq6Z|q6>+mqO+}?XU6by083f-i zhwsB`Z5DcdpVxa{gO{kL$5@_iPi5DYlMFg)uD~0{1zLD!vr3wEt0?CG=50b7S?KMs zJc`bpF|VRBhuDbG(`JmXTM8}{)ju`~d!-^~=o>S)o9ap%6^hQIx!LW?om~23sjWfI zJ{v}1#Ys0*`_^s)1gsuSFB*2INMZUmn~!|&iNxJ z$O*bg>s`NtOpS}&W?Zw$N%X8+wRLI@z2CXpAdc}d+p*iA2Dka&%@;c!J+R@7J}kLs#Czlya&+yTSBTmO8b6xx6xK^QbbA0L#jDVox^f zakC8@*QTBvdy%OqyO{nnr-&LG;$T%i-7BT7Ku_*D)!E{RN^9rpFKu3o3!p!1Z-gZf4XP z0DSK5QfvC%{cyp14U9*KY!eb6FFy7dDBFnqPf^3UkM`e09W^yD(!*jg0RRt-yMB~Z zH#HS?1U!e<)g|ZwjXqua>KD8t!^0KljDVip=PvfUCRJ70VBCT9V24>$R8&Jl;~i)L zK0h!v(wj!{6N*s-8Y8>(Kg-(#ZE3>)6Gbl4uyum2gHh$yQMaP>EY*B-OGVo1oN|Lr zcz2j?E4xy=yLtzIsmW`0a?Gfgac*reyOrP%4;Xyi#WioPa;(`>Q&d_9$m78usNC&g z?ye+fCk3~;=0tOvh$J(Co6Vf_ZUxcP{G~~%Gj^RyI+>W=A9m6TXn;>Mn237_oYu_Y zqzX`7Soctnft+EkWDgbFUaHk9^XCE;uBy>4qc)`!0O;Agy$g|GMdZ}3oAEA;%O~x` z)!i-YmUp!Ey6(L0j%rVP|99*cB!y5(WroYOhP}8|rAGM-d5{u=J1I8HUORpcOy~(h zI!xnLjGG9RrQ*1qsqU|wL2vMv=Op{@luL82O)J>XG4wX0*SP4^~s+ZHeqa1deFaC z+EE*OQu8HV&!bS$rhL~6pYo7BtF&p=Ox&}G>9$eqhjOL34>s={V<9z#ajNM+M5 zU8D6=|F$v6-E-}|wa{u6jEr)?9R#sXPDuFG+xv7$5iFg!TcN}z0tyXj%@c>d%D!He zom(|>+-}^JhuI%WuNkDBs#J{eAlVgv(MY&x3{zjrNF>xvy20|gIt`@~WiGkrBU*YC zCN~Y6C2n;r>W^d9->oagsw{3;H4e5luUmb~ZVGD%7jF4p1S_)ijVuFPv#lawSg ze;Wpgk=p%m*ktqtAn8_jnp>U1Gn7YN}IG-E#Y1!H(Ot z>LTn62Eh22dq{L;)qZm{BiD8_p;6H@0@nbO!R$0F1=h~xxn^H*f?B#0Kis2L%YT8v zt#W$eHA+2g6Vnux9ToL*XmGH|-P73Ee-#}7m=f+5;doQ@xH+}11H(y`sEx@k8#}fs z_c&?ae}zJZLC1BvEr;Ah#jz=|Dv!mur>6(+=qtx^3rVcD#`KW$?|@#JdesqK);?#l zYgv;VW$Ma)M#6HB?U|%qZe{rza2=X%_1z(T#BRkv@?kS*6cqho;d@B_zV6Pz@AX0^u3jA5R_QzZ1qbN> zy@#9c@w*aa{II^Z`qIYC-Gre0`s`_@`6bB9O2oGjHqUk(+2cNXm@g8x7Nen7;3nJ> zLZj1o+7iOl$FLu%yTQO|=t!ijt0^~szK8+RK6x3LutoQ6I>|AR{~d$Ox#b7AxITcs zrmXhydext@J{{2eF1<-tVtgB~eH8x%C!qM#;J<=N+-h zZt7hRA)I^b$ShI$KoYX>GH+*XY(7$Rgc41eGeYukyZtx26LtCOww)k%jQK`q1#|ir z2I)$oA9%E{Q`=jjzAJ%?3td*d1BxYW zX&WtjW0lei=FBGVB!YDvoqy3FdSvWh`x8RAvNEN@EoAFUO(5=flFD1?;EDB<=0k5S za?Qf;J-;1fbn~UuI$fJN5C{7*OU1G$M9jKT?TVSc%QgL;qXPc&~idEO8{`PZfT zqTJGad-&ZvpIJrW1d@(2_oVeD z-0`Z!{31l0+e&1FvgxmbV>^7w{w2KbuiVGKevbe_l>a~tPAls2G!pxQgd-sQR5T0h zt7+xsOwAYT$&ZkLG84v!U=n3VXHWJ-6`!dRnptTMLYXtBF$iYPbl`gdg_vs=i(z&I$|u5WB4 z20h$C0#(AJqobsxBn2H}MCfB+hmKYs4V3$6aY9b_mr7@6)j@4Ms`G(!y9u{|fG(&U z=6y%`7h4D-;P0mc`&bsubcO{ULD2nwNWJ}UX6XJ?vt80hfX@Og77D21t4m8ug9PKz zBUrb7IY^(t^pjhK8f~Z|qsoJBs?)!mLr?ClgpJ~Nyj|M5^>?`gOs~wv=%%!Zb;H4g z07$05{MBvjK`-ZH18lt%eVedx%YQW0fq?<;FXv^!AtBG6)TDy62QQ?uvJ$kgNy^u9 z6h_%{wu8~ovAQ?Sl9#|AElZQGy7L9>uoxOg zFTDGu7)emXubBn8N9xTZ} z$KW(z_bZP-Ub^JgOj+9$_w3jCuG{4Jx#m(Tjj42pQw)6L_YeZj8wnyhHPE=lAbA%`#q_(tK$@D<(i2kQ^@0wyN_Q(x_{P3o%YNasU}BU$ zujw$Hp<4u}5!+4aPr~(THsoH*zA{VHtJ8Fb6TKy) zBMFcD5eIIw7C8p@T%?{IaDIH3MIkG!9&r94_!t)r5BD7dH%KB6E3oyTbv$eRhP~+g z)5niB>kQ35t%s)c4kDMPwVFb91GSkIqsfu=r3-z~xj$tZtpAY`AfUBN0hdpH^a53E z%klOH!`$#n?eL1uYR7jrQt^?;|LDUSN(wl?{y5R2`z-i^#1l|icyyLOiLK-Cwkhsg zc90i@qxTnL*581Ce0~6F*8C^*J7_zFj~Bg_v!d8Bu&f+%eXAFixqmd+gA5q>YQ-o~ zl-BYg@75HdGn0oOcI*!ia#X=QM(t>EoQA`8q%OC*=mnOK_FW(ZwBelp$wD-ui=Pzc z6@&6mvf=CHyrPpXGGZ`1_a~vVe$7k>^3lE3b)4i4Bf-ly3GUOW72;$!vJ=W{s%Z}+1x!n zJA0*7w0U#3G`;VQxXOlgcXuDJC)-$WavEvb5C?RWn~Zoa7)*W%b=6%_%&n2OT7mbq zb3V2=Nihz&OSb@;zq2Cv-#u+}wyjBKv6ol`X0+8hUjsg9yK9KBp3A!(|LB2-crL2- zeryZSM)B@GnFOK>m~ErQL2VZtmLQC-XO@-xsGk?A>|+<4$}d|f`V1S45<#~*{qrZ1 zub`~Dn%XBXFMc@IeG5Kru*DsVvjB7XW}s360vL*)S|tgL1_S^vFC9fi#r}Z-ga2~L z;-E`*MY($*Vnqu~wvLTqA|g9#Ku7?;KvhR)vCwSdU*IqWf`i4KPwZqE9!jVIJ$k#E zQPEdB6iZyG|K91|`Cp&^bs@=rf~o)evXuXar`==YM=Tti!t87juoUA;zz0nD4Gj%Z zy+*_21qbp*dJqi#4YR@9I3Y$it)_>EN(u@>pcw!kbiF4Sz#G!-RJY1eu=W__&lenQ zZ|_b(@x$uh#WnNYuQ+jSdf^AX4tc^S&q^2S64VJsZ<3ul;87dK4vy)HL=D>qz3}>s zb<6N51u(U2S%$y^>r|fg(C$UJ>12jBmpZJ+t4ZATbdn^2XE4 zzE8fEeY4tn*ImQHG4X{45)-J3*whA<@uBpu_?Ooy+{DzpmFuBHUl7_(p{a^J9mWfP z!KAmB9D2Nm!Qy=iW5QOn8628JHwEJ6iFSSL>gyxn`(hvn@qJ2THaAIMvQQp2WQ?x0 zhd$CKIqhtTP_2=?wd+&Sc|Co5NjMGbg5;`Z=7jTD70Ry?uE3+xE*4iLNHAf+*E{jL z?6bi+=Y|lKVO_{qxL3h^ZeQr|eK8GSnJc6Du*Vybc3rXAA-An+)8r~_bt-hR&yk;z z@!_l+RoP*Z7SDYq!{O}4m|!$pqR4k-xL|-_qEJM*-(Wtvl`|#snZ=a4N5$S5AgoGCoIxtc+V0{y@%;vw`fOGR`A8wn)o#MHQl`RT7LI>)%&-D2H4R?mD2S zX|<(zFIWp7`4yJK?6+y)N$n?$7ihw zZE|w*?YYx&Ie|@=)~i$$6ckoAwjA%F~_0!HnNFB0vCVs5;|o`=I^Cwl~h#xpFYeSoRyBsb0v3shwIZ^Tvql89CH7F<`Uuo*xbU}TDJYorXDz! zH=1O&Wg3G9o#dceJ61pPBoGz63IMS0|1Pc=06G8tt3K@C*Z%(&T>Ni7?F#V_kWAvd UFxO-Lc-J9GQCX1^A-%8v4IAV$OaK4? literal 0 HcmV?d00001