hhf/diagnostics_cheat_sheets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
hhftechnologies 2024-10-01 11:45:28 +05:30
parent e32b89b119
commit ccdfb79a59
82 changed files with 174885 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
cheat-sheets/7zip-command-line-cookbook-of-examples.adoc Normal file
View file

@ -0,0 +1,25 @@
= 7z Linux Command Line Cookbook of Examples
:homepage: https://github.com/yuriskinfo/cheat-sheets
:toc:
Author: https://www.linkedin.com/in/yurislobodyanyuk/
== Important facts about 7-zip
* 7-zip does NOT store the owner/group of the files/folders being archived, which is good for privacy, but may not suite your specifc use case, especially as a back up tool.
* 7-zip is a name of the compression tool created by Igor Pavlov.
* While Igor Pavlov provides Linux/macOS versions as well, another implementation by independent developer (Mohammed Adnene Trojette) has become wide used in the Linux realm - `p7zip`. This cookbook relates to this, independent version, so options and switches may differ a bit from 7-zip Windows canonical version.
== Install p7zip package on Linux
This tool is already in all the major repositories, so you should have no problems installing it.
`Ubuntu`: `sudo apt install p7zip-full`
`CentOS/Fedora`: `sudo yum install p7zip p7zip-plugins`
== Create an archive adding all the files in the current folder
We first indicate to `7-zip` that we want to _add_ to an archive with `a` command, then we specify the archive name, and finally, we use `*` as wildcard to include all files in the current folder.
`7z a folder.7z *`
The result - _folder.7z_ will be placed in the same folder where it run.

1349
cheat-sheets/7zip-command-line-cookbook-of-examples.pdf Normal file
View file

File diff suppressed because it is too large Load diff

47
cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.adoc Normal file
View file

@ -0,0 +1,47 @@
= Aruba HP switches configuration examples cookbook
Yuri SLobodyanyuk, admin@yurisk.info
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Reset/wipe switch configuration to the factory defaults
WARNING: This will erase all the configuration and cannot be undone.
If you don't have priveleged EXEC access to the switch:
. Push and hold the _Reset_ button with sharp object like pen/pencil.
. Now also push and hold _Clear_ button with another sharp object.
. When LEDs are turned on - release _Reset_ button, while holding the _Clear_.
. When LEDs start to blink, release the _Clear_ button as well.
If you have privileged EXEC access to the switch, just run *(config)# erase startup* and reboot.
== Restrict management access to specific IP addresses
To limit access to the switch, use *ip authorized-managers* command. Example - limit access to a single IP of 192.168.13.127:
----
ip authorized-managers 192.168.13.127 255.255.255.255 access operator
ip authorized-managers 192.168.13.127 255.255.255.255 access manager
----
== Add default gateway on Layer 2 switch for management
We have to set default gateway on a switch for the management VLAN we choose to be reachable and managed remotely. The command does not mention explicitly the VLAN number, just make sure the network is the network configured on the management VLAN.
----
ip default-gateway 10.13.13.127
----
It is, for example, when VLAN 200 is configured as management VLAN:
----
vlan 200
name "MgmtVlan"
tagged Trk1
ip address 10.13.13.250 255.255.255.0
exit
----

1588
cheat-sheets/Aruba-HP-switches-configuration-examples-cookbook.pdf Normal file
View file

File diff suppressed because it is too large Load diff

517
cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,517 @@
= Aruba and HP switches debug and diagnostics commands cheat sheet
Yuri SLobodyanyuk, admin@yurisk.info
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
NOTE: All commands were tested on HP/Aruba 5400 switches (specifically 5406Rzl2), but will work on any model with recent firmware versions (16.x or newer), except for the hardware features unavailable on smaller models, like VSF .
== General Health
[cols=2, options="header"]
|===
|Command
|Description
|*show system*
|Show general info: current CPU load, uptime, memory used/free, software version.
|*show cpu [_seconds_]*
|Show CPU stats of average load for 1 second, 5 seconds, and 1 minute, optionally setting period in _seconds_ (300 is max).
|*show uptime*
|Show uptime of the switch since reboot, for VSF stacked switches shows uptime for each member.
|*show time*
|Show switch time and date, for log correlation.
|*show flash*
| Show what firmware images are stored in the flash, and which one is the primary/secondary for the next boot.
|*show boot-history*
|Show log of previous boots with their reason (user reboot/cold reboot), crashes and what process crashed with its memory dump, and timestamps.
|*boot system flash primary\|secondary*
|Set the image to boot from on the next reboot.
|*show redundancy [detail]*
|In module management redundancy standalone/stack topology, shows firmware image version of each module, as well as the number of failovers.
|*show system power-supply [detail]*
|Show statistics of the power supplies: power consumed, power supplied, fan speed,inlet and internal temperature.
|*show system fans*
|Show fans state: OK/Failed, and number of failures if any. For VSF shows info
for both members.
|*show config _option_*
a| Display part of saved configuration given by _option_:
`status`: Tell if the running config differs from the startup config.
`interface` _port-id_: Show startup config for the specified interface.
`router bgp\|ospf\|pim`: Show startup configuration section for this routing protocol.
`vlan` _vlan-id_: Startup configuration for VLAN(s).
|*show modules*
|Show installed modules and their state and serial numbers.
|*show tech [all]*
|WARNING: I bring this command for completeness sake, but this command will run dozens/hundreds of debug commands, printing lots of info, hundreds of pages, which in turn will load the switch as well. Run it with caution, most probably at the HPE support request only.
|*show environment*
|Show the chassis' sensors temperature
|===
== Logs
[cols=2, options="header"]
|===
|Command
|Description
a| Logs severity:
* W=Warning
* I=Information
* M=Major
* D=Debug
* E=Error
| All logs are categorized into severities when written, and the severity is presented in the 1st column of each log. This also
allows filtering logs for display by their severity, see below.
| *show logging -r*
| Show system logs and events in reverse chronological order, i.e. newest logs first.
|*show log -a*
|Show logs from previous boot cycles. HP/Aruba will display only logs since the last boot, by default, but you can add `-a` to any of the log display commands below to work on previous logs as well.
|*show log _string-to-search_*
|Search and display only logs containing the specified string. The search is *case sensitive*, and no regex - just plain strings with exact match. E.g. to search for logs containing the interface _1/B2_: `show log 1/B2`; to search for all bgp-related logs like peer up/down: `show log -r bgp`.
|*show log command [-a]*
|Show log of commands issued by users on CLI. This log is NOT hidden even by
the `clear log` and records all commands - both configuration and not. So, it will record commands like `ping 8.8.8.8`, `clear log`, `no router bgp`. Adding `-a` will show logs from previous boot cycles.
|*show running-config changes-history [detail]*
|Display history of up to 32 last changes to the configuration, including time of change, IP address if any, event id. This will NOT show what the changes were themselves though.
|*show log -m/-e/-p/-w/-i/-d*
|Show only logs of the specified severity, see above for the available severities.
|*clear log*
|Hides, not deletes, (almost) all logs for the current session. Applying `-a` will still display all logs.
|*show log -s*
|Display logs from the Standby commander/management module in a VSF stack or in standalone switch with management module redundancy.
|*show log -b*
|Show logs with time since boot instead of an absolute date/time format.
|===
== Interfaces
[cols=2,options="header"]
|===
|Command
|Description
|*show interface [_port-id_]*
|Show as a table (if _port-id_ is not given) all ports with the total bytes/frames, Rx/Tx errors, and Broadcast limit if set for each port.
|*clear statistics global*
|Clear counters on all interfaces.
|*show interface status*
| Show list of all interfaces with info for each: state (Up/Down), Actual Speed, Tagged or not, VLANs configured for the interface (single VLAN for Untagged, `multiple` for Tagged). NOTE: In Cisco world Tagged interface is called *trunk*.
|*display interface [_name_]*
|Show detailed information of an interface: media type, speed/duplex state, MAC address, up/down, max frame size, VLAN id if any untagged set and `.` (dot) for
multiple tagged VLANs, input/output erros, buffer failures, CRC errors, runts.
|*show interface display*
|Present TUI dialog window with real-time information for all interfaces, including total bytes/frames, Rx/Tx errors, and drops. The information is updated every 3 seconds dynamically. Use arrows/tab to navigate, CTRL + C to exit the menu.
|*show interfaces custom _start-port_[-_end-port_] <port / type / status / speed / mode / name / vlan / enabled>*
|Show selected ports with only specified fields: `port`, `type`, `status` etc. E.g. `show interface custom 1/B1 port status speed vlan`.
|*show interface port-utilization*
|Show one time as a table the current traffic rates passing each interface.
|*show interface trunk-utilization*
|Show current traffic rates of all trunks.
|*show int queue _port-name_*
| Show statistics of all queue buffers of a given interface, including _drops_ for each.
|*conf t*
*int _name_*
*disable/enable*
|Disable/enable a specific interface (in Cisco world `shut`/`no shut`)
|*show interface transceiver [_name_] [detail]*
|Info on installed optical transceivers: Port number where installed, Type/Speed, Serial Number. If _detail_ is added, will also show temperature, voltage, Transmit (TX) and Receive (RX) power in mW and dBm.
|*show ip*
| Show all configured IP addresses on a switch.
|*show arp vlan _vlan-id_*
|List all IP addresses (provided Layer 3 features are enabled) learned on the VLAN _vlan-id_.
|*show name*
|Lists all interfaces with their names if set. In Cisco it would be `show int description`
|*show trunks*
| Show trunk interfaces with their state and type. NOTE: In HP/Aruba world *trunk* means aggregated interfaces (LAG), what in Cisco world is called port/ether-channel.
|*show trunk-statistics _trunk-name_*
| Show cumulative statistics for the trunk interface: packets passed, bytes received, drops if any.
|*show lacp*
|Show LACP state on the trunking interfaces.
|*show lacp counters*
|show stats for received/sent LACP PDUs per trunk (should be increasing).
|*show port-security _port-id_*
|Show port security state for all/specified interfaces.
|*test cable-diagnostics _port-list_*
*show cable-diagnostics*
|Initiate and show results of Time-domain reflectometer cable diagnostics test to check Ethernet cables for faults. This will *shut down* temporarily all the tested ports!
|===
== VLANs
[cols=2,options="header"]
|===
|Command
|Description
|*show vlans*
|Show a list of all VLANs configured on this switch.
|*show vlans ports _port-name_[_,port2-name_...]*
|Show vlans enabled on the specified physical port.
|*show vlans _vlan-id_*
|Show ports where the specified _vlan-id_ is enabled, either as `tagged` or `untagged`
|*conf t*
*(config)# no vlan _vlan-id_*
| Deletes VLAN _vlan-id_ from configuration and un-assigns all ports from it, if some ports have no other VLAN association, they will be auto-assigned to default VLAN 1. WARNING: this command deletes the VLAN specified no matter from which sub-config mode you issue it. That is, even under interface config mode, this will remove all configuration for this VLAN from everywhere.
|===
== Daemons Real-Time Debug
[cols=2,options="header"]
|===
|Command
|Description
|*show debug*
|Show currently enabled debug
|*debug destination logging/session/buffer*
|Set location to output the debug to (default `none`), run before enabling the debug:
`logging` - send the debug to the configured (if any) syslog server.
`session` - send to the terminal (Cisco analog of `term mon`).
`buffer` - send to the switch memory buffer.
|*show debug buffer*
|Show log buffer with the collected debug output if the destination was set to `buffer`.
|*[no] debug _daemon-name_*
a|enable real-time debug of the specified daemon. Use `no` option to disable the debug. The daemons are:
* `acl` Displays debug messages for access control lists.
* `all` Display all debug messages.
* `aruba-central` Display Aruba Central server debug information.
* `bfd` Enable BFD debug logging.
* `cdp` Display CDP information.
* `cfg-restore` Display cfg-restore debug messages.
* `dhcp-server` Display DHCP server debug messages.
* `distributed-trunking` Display DT debug messages.
* `est` Display EST debug messages.
* `event` Display event log messages.
* `ip` Display debug messages for IPv4.
* `ip-sla` Enable debug logs for IP SLA.
* `ipv6` Enable debug messages for IPv6.
* `lacp` Display LACP information.
* `lldp` Display LLDP information.
* `mdns` Display mDNS debug messages.
* `mstp` Display MSTP debug messages.
* `mvrp` Enable MVRP debug messages.
* `ntp` Display debug messages for NTP.
* `openflow` Display all OpenFlow packets.
* `rest-interface` Display REST debug information.
* `rpvst` Display RPVST debug messages.
* `security` Display all Security messages.
* `services` Display debug messages on services module.
* `smart-link` Display Smart link debug messages.
* `snmp` Display SNMP debug messages.
* `time-stamp` Enable/disable system-time to be associated with debug messages.
* `tunnel` Display tunnel debug messages.
* `udld` Display UDLD debug messages.
* `uplink-failure-detection` Display UFD debug messages.
* `usertn` Displays authentication module log messages for user-based tunneled node
* `vrrp` Display VRRP debug messages.
* `ztp` Display ZTP debug messages.
|*debug ip _routing-process_*
a|Debug various routing processes. The _routing-process_ is one of the:
* `bgp` Display all BGP routing messages.
* `client-tracker` Displays debug messages for IP client tracker.
* `fib` Display IP Forwarding Information Base messages & events.
* `forwarding` Display IPv4 forwarding messages.
* `iface` Display interface management messages.
* `igmp` Display all IGMP messages.
* `ospf` Display all OSPF routing messages.
* `ospfv3` [Deprecated] Enable debug messages for OSPFv3.
* `packet` Display IPv4 packet messages.
* `pbr` Enable debug messages for PBR.
* `pim` Enable/disable tracing of PIM messages.
* `rip` Display all RIP routing messages.
|*show ip ssh*, *kill _session-number_*
|HP Aruba allows up to 5 SSH sessions at the same time, additional users will
not be able to connect. To disconnect existing SSH sessions, run `show ip ssh`
and notice session number in the leftmose column, then disconnect it with `kill
<number>`
|===
== Spanning Tree Protocol (STP)
[cols=2,options="header"]
|===
|Command
|Description
|*display stp root*
| Show root switch for each VLAN.
|*display stp brief*
| Show STP state for each port/VLAN - Forwarding/Blocking, STP role.
|===
== Routing Info
=== Static
[cols=2,options="header"]
|===
|Command
|Description
|*show ip*
| Show IP routing state: disabled/enabled. It is disabled by default, to enable: *(config)# ip routing* on platforms that support Layer 3 routing. Also displays list of all the interfaces/VLANs with IP address set.
|*show ip route*
| Show static and connected routes on the switch.
|===
=== BGP
[cols=2,options="header"]
|===
|Command
|Description
|*show ip bgp summary*
|Show in short format all BGP peers with their IP address, AS number, and state. The first command to try for BGP.
|*show ip bgp _prefix/mask_*
|Show BGP info for the specified prefix.
|*show ip bgp*
|Display routes learned via BGP.
|*show ip bgp neighbor [_ip-address-of-peer_]*
|Show detailed information about the BGP session with all or the specified peer(s), including hold time, weight, prefixes advertised/received, etc.
|*show ip bgp neighbor _ip-address_ advertised-routes*
|Display routes we advertise via BGP to the _ip-address_ neighbor.
|*show ip bgp neighbor _ip-address_ received-routes*
|Display routes we learned from the given BGP peer.
|*show log bgp*
|Show logs that include the word `bgp`. It will include BGP peering establishment/tear up.
|===
=== OSPF
[cols=2,options="header"]
|===
|Command
|Description
|*show ip ospf*
|Show if the OSPF process is running and router id.
|*show ip ospf area*
|Show all areas configured on this device.
|*show ip ospf statistics*
|List OSPF packet statistics (OSPF sent,recieved and error packet count) of all OSPF enabled interfaces.
|*show ip ospf interface*
|Show OSPF interfaces' information.
|*show ip ospf neighbor*
|List all established neighborships on this device.
|*show ip ospf link-state*
|Show all Link State Advertisements.
|===
== LLDP & MAC & CDP
[cols=2,options="header"]
|===
|Command
|Description
|*show lldp info remote-device [detail]*
|Display LLDP neighbors. The info includes: local port name, chassis id of the peer, remote system name, remote port. If _detail_ is added, will also show exact firmware version used, and management IP address if configured. Useful for
topology discovery, which switch is connected to which.
|*show lldp info local-device [detail]*
|Show info about the device you are connected to: chassis id, system name, firmware image version, IP addresses configured.
|*show lldp stats*
|Show LLDP packets sent/received per port.
|*show mac-address [detail]*
|Show complete MAC addresses table with port names, MAC addresses, and VLANs. If _detail_ is added, will also show age of
each entry.
|*show mac-address vlan _vlanid_*
| Show MAC addresses learned on the specified VLAN.
|*show mac-address _port1_[,_port2_...]*
|Show MAC addresses learned on specified ports.
|*show cdp neighbors [detail]*
|Show list of CDP neighhbors with info on their MAC address, model, local port where it was seen. Adding `detail` also shows IP address of the CDP neighbor, if configured.
|===
== PoE
[cols=2,options="header"]
|===
|Command
|Description
|*show power-over-ethernet brief [_port name_]*
|Show detailed information about PoE-enabled interfaces, including information on drawn/available
power per port, state. Optionally, limit information to a specific port.
|*show power-over-ethernet brief vsf member _member id_*
|Show PoE detailed info per VSF member.
|*show power-over-ethernet*
| Display PoE general information for the whole switch: total available/used power, PoE redundancy status,
internal power.
|===
== DHCP
[cols=2,options="header"]
|===
|Command
|Description
|*show dhcp-server statistics*
|Show DHCP server stats for Discover/Offer/Ack/NAK messages received/sent, number of pools configured.
|*clear dhcp-server statistics*
|Clear DHCP server stats.
|*show dhcp-server binding\|conflict\|database\|pool*
|Show variouis operational parameters of the DHCP server.
|===
== NTP
[cols=2,options="header"]
|===
|Command
|Description
|*show ntp status*
|Show current status of NTP
|*show ntp servers*
|Display configured NTP servers
|*show ntp statistics*
|Show stats for NTP - number of NTP packets sent/received, and errors.
|*show ntp associations [detail]*
|Show state of associations with the configured NTP servers, together with stats: delay, offset, dispersion, and stratum.
|*show run \| i ntp*
|Show NTP-related configs.
|===
== VSF (Virtual Switching Framework)
[cols=2,options="header"]
|===
|Command
|Description
|*show vsf [detail]*
|Show general VSF status: who is active, priority, software versions.
|*show vsf member _member-id_*
|Show general info on a specific member: serial number, uptime, cpu usage, memory usage, status: Commander/Standby, priority.
|*show vsf link [detail\|utilization]*
|Show info on VSF link (VPC peer link in the Cisco world). Problems with VSF link may cause split-brain situation, when each member acts independently.
|*show redundancy*
|Shows firmware image version of each member, as well as the number of failovers.
|*boot vsf member _member-id_*
|Reboot the specified VSF member.
|===

16559
cheat-sheets/Aruba-HP-switches-debug-and-diagnostics-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

381
cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,381 @@
= Check Point `cpstat` diagnostics and information tool cheat sheet
NOTE: The tool is to be run in Expert mode. It is available on both Management Server and Gateway. The available *flavor* options depend on the blades enabled and their subscription status, also on platform used. To know what options are available on your specific Checkpoint - run `cpstat` without any switches.
Example of using: `cpstat os -f ifconfig`
:toc:
== blades
[cols=2, options="header"]
|===
|Flavor
|Description
|*fw*
|Statistics: Packets accepted, packets dropped, Peak number of connections, current Number of connections, Top Rule Hits (shows rules with IDs with the most hits),
|===
== os
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
| Product Name, SVN Foundation Version String, SVN Foundation Build Number, SVN Foundation Status (`OK`), OS Name (e.g. `Gaia`), OS Major Version (`3`), OS Minor Version (`10`), OS Build Number/SP Major/SP Minor/Version Level, Appliance SN (Serial Number), Appliance Name, Appliance Manufacturer.
|*ifconfig*
|Interface information: Name, IP Address, MTU, State, MAC address, RX Bytes (Received), TX Bytes (Transmitted), RX/TX Errors, RX/TX Drops, TX/RX Packets.
|*routing*
| Routing info - IPv4 routing table.
|*routing6*
|IPv6 routing table.
|*memory*
|Physical/virtual memory specs: Total/Active Virtual Memory, Total/Active/Free Real Memory, Memory Swaps/sec, Memory to Disk Transfers/sec.
|*cpu*
|CPU load stats (analog of Linux `top`): CPU User Time (%), CPU System Time (%), CPU Idle Time (%), CPU Usage (%), CPU Queue Length, CPU Interrupts/Sec, CPUs Number.
|*disk*
|Local hard disk stats: Disk Servicing Read\Write Requests Time, Disk Requests Queue, Disk Free Space (%), Disk Total Free Space (Bytes), Disk Available Free Space (Bytes), Disk Total Space (Bytes).
|*perf*
|Combined output of flavors `memory`, `cpu`, and `disk` above.
|*multi_cpu*
| CPU load as in `cpu`, but per processor/core.
|*multi_disk*
|Disk partitioning info, analog of `df -h`: Partition Name, Size, Used (%/bytes), Free Total (%/bytes), Free Available.
|*raidInfo*
|RAID disks and volumes info: Volume id, Volume type, Number of disks, Max LBA, Volume state, Volume flags, Volume size (GB), Volume id, Disk id, Disk number, Disk vendor, Disk product id, Disk revision, Disk max LBA, Disk state, Disk flags, Disk sync state, Disk size (GB).
|*sensors*
|Shows appliance hardware sensors stats: Temperature Sensors, Fan Speed Sensors, Voltage Sensors. Not relevant for Open Servers.
|*power_supply*
|Status of the power supply, appliances only.
|*hw_info*
| List appliance hardware info: Serial Number (SN), Appliance Model and name.
|*average_cpu*
| Average CPU load sharing (User, System, Idle), over unclear what period.
|*average_cpu*
|Average memory stats (time period unclear): Active Virtual Memory, Active Real Memory, Free Real Memory, Memory Swaps/Sec, Memory To Disk Transfers/Sec.
|*updates*
|All applied and available updates to this Check Point: Deployment agent build, Deployment agent status, Cloud connection status, number of Available packages, number of Available recommended packages, list of Recommended packages, Available Packages, Installed packages.
|*licensing*
|All about licenses: applied licenses and their status, expiration date, and quota used. Also UserCenter Account ID, CK Signature, Container SKU, Support level, Support expiration date, Activation status.
|*connectivity*
|Connectivity to the User Center status.
|*vsx*
|For VSX systems: Device name/type/context ID.
|*all*
|Combination os some, but not all flavors above: cpu, memory, ifconfig, routing, disk.
|===
== cpsemd - logging into the SmartEvent GUI
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
| Status and stats of `cpsemd` service, responsible for logging into the SmartEvent GUI: Process Status, number of New events handled/Updates handled, Current database size, Database capacity, Events in database, Available database disk space, Is database full, Total database disk space.
|===
== vsec - cloud Controller
[cols=2,options="header"]
|===
|Flavor
|Description
|*default*
|Status of vSEC Controller (Check Point firewall for virtualized environments like VMware ESXi, Microsoft Hyper-V and KVM): vSEC Controller Status (on/off), Number of disconnected Data Centers, Number of Data Centers, Number of imported Data Center objects, Number of gateways enforcing Data Center objects, for each Data Center: Controller, Type, Status, Imported Objects, Controller Updates. For Gateways Enforcing Data Center objects: Name, IP, Version, Update status.
|===
== cpsead - Correlation Unit
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|Stats of `cpsead` daemon responsible for Correlation Unit functionality: Process is alive, Connected to SEM, Logs Processed, No Free Disk Space.
|===
== cvpn - Mobile Access
[cols=2, options="header"]
|===
|Flavor
|Description
|*cvpnd*
|Number of active sessions
|*sysinfo*
|OS name (Gaia), OS build, Product string.
|*products*
|IPS/SWS/ESOD versions.
|*overall*
| Overall status code/description.
|===
== fw - Firewall module
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|Installed Security Policy name, Total number of accepted/denied packets per interface, ISP links table (if any)
|===
== thresholds - Alert Thresholds
NOTE: Thresholds and their actions are configured via `threshold_config` CLI tool. The tresholds are saved (by default) to `$FWDIR/conf/thresholds.conf`.
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
| Active Profile Name, State, Number of thresholds, Number of active thresholds, Number of events since startup.
|*active_thresholds*
|Active Thresholds name, Category, Severity, Subject, State.
|*destinations*
| Alert destinations: name (`Check Point log server`), Type (`Check Point Log Server`), State (`OK`), number of alerts.
|*error*
|Threshold errors: Threshold name, its OID, Error description, Time of error occurrence.
|===
== polsrv - Policy Server
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
| Policy server status - enabled/up, number of licensed/connected users.
|*all*
|Policy server status, versions major/minor, licensed/connected users.
|===
== svr - SmartReporter/SmartEvent
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
| SmartEvent/SmartReporter server info: Product Name, SmartReporter Status, SmartReporter Version, SmartReporter Server State, Number of generations in queue, Enevtia Reporter Log Consolidator sessions (yes there is a typo in the tool "Enevtia" -> "Eventia"): Log Server, Customer, State, pid, Started since, Last startup, Database queue length, Memory occupied, Current log file name, Log records processed since startup, Log records stored, Log records ignored, Log records read per second, Is part of sequence, Currently open consolidated records, Consolidation rate (X100), Size allocated for database [KB], Current database size [KB], Database target table name, Temporary records loaded into database, Committed recors per second, Permanent records loaded into database, Records added into database, DNS items in cache, DNS cache size, DNS cache hits, DNS cache misses, DNS cache hit rate (X100), DNS open requests.
|===
== ha - ClusterXL
[cols=2,options="header"]
|===
|Flavor
|Description
|*default*
|Shows clusterXL version, Status (`OK`), Wokring Mode (Load SHaring/High Availability), State (Up/Down/Active), HA module state (`started`).
|*all*
|CLusterXL info includes: Product Name, Major/Minor ClusterXL versions, Status, HA protocol version (`2`), Working Mode, HA State, Monitored Interfaces table with their IPs and status, CLuster IPs table, Sync table listing Sync interface name and IP address.
|===
== mg
[cols=2,options="header"]
|===
|Flavor
|Description
|*default*
|Show management sessions info: administrator username currently connected, Windows domain name of the administrator PC or its IP address, and general Checkpoint Management server info like Product Name, Major/Minor versions, Build number, whether started or not, status (`OK`).
|*log_server*
|Log server stats and info: Log Receive Rate, Log Receive Rate Peak, Log Receive Rate Last 10 Minutes, Log Receive Rate Last Hour, Log Server Connected Gateways, their state (`connected`/`not connected`), Last Login Time, Log Receive Rate.
|*indexer*
|Log Indexer stats: Total Read Logs, Total Updates and Logs Indexed, Total Read Logs Errors, Total Updates and Logs Indexed Errors, Updates and Logs Indexed Rate, Read Logs Rate, Updates and Logs Indexed Rate (10min), Read Logs Rate (10min), Updates and Logs Indexed Rate (60min), Read Logs Rate (60min), Updates and Logs Indexed Rate Peak, Read Logs Rate Peak, Read Logs Delay.
|===
== fg
[cols=2, options="header"]
|===
|Flavor
|Description
|*all*
| QOS version, kernel build, QOS Policy name, QOS Policy install time, interface table with statistics for average Bps/conns/packets, per interface limits.
|===
== https_inspection
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|State of HTTPS Inspection: On/Off.
|*hsm_status*
|Status of Hardware Security Module (HSM): Enabled/Disabled, HSM partition access, status for outbound HTTPS Inspection: HSM on/HSM off/HSM error.
|*all*
| Combined output from `default` and `hsm_status` flavors.
|===
== antimalware
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|Status of the antimalware blade (0 - disabled, 1 - enabled).
|*subscription_status*
| Subscription status for each Anti-Bot/Anti-Virus/Anti-Spam component. Info includes status, expiration date, description.
|*update_status*
|Antimalware blade updates status for Anti-Bot/Anti-Virus/Anti-Spam. The info includes status (`up to date`), Database version, package date, whether the next update is scheduled to run.
|*ab_prm_contracts*
| Anti-Malware premium contracts information: contract state, update status, DB version.
|*av_prm_contracts*
| Anti-Virus premium contracts information: contract state, update status, DB version.
|*scanned_hosts*
|Statistics for number of Scanned Hosts for Hour/Day/Week. Stats for number of Infected Hosts for Hour/Day/Week.
|*scanned_mails*
| Number of scanned mails.
|===
== ci - Content Inspection (Anti-virus)
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|Shows stats about Content Inspection/AV blade work: AV State code, AV Engine name (`KSS` - Kaspersky (?)) table version/signature version/date, name and count of top ever viruses, URL Filtering top blocked sites and categories, top blocked sources by AV/UF/File-Type, total scanned.
|===
== dlp - DLP
[cols=2, options="header"]
|===
|Flavor
|Description
|*default*
|DLP status code.
|*dlp*
|Version, License status, LDAP Status, Traffic scans, DLP incidents, Scanned e-mails, E-mail incidents, Last E-mail scan, Quarantined messages, Size of quarantined messages, Sent e-mails, Expired e-mails, Discarded e-mails, Postfix queue length, Postfix errors, E-mails in queue older than 1 hour, Size of messages in queue, Free space in queue, Free space for quarantine, Quarantine status, HTTP scans, HTTP incidents, HTTP last scan, FTP scans, FTP incidents, FTP last scan, Bypass status, UserCheck clients, Last policy install status, Last scan time.
|*fingerprint*
|Fingerprint Current/Completed Tables DB info: Repository Id, Data Type Uid,Repository Root Path, Scan Id, Start Time, Repository Total Size, Repository Files, Repository Total Files Scanned, Duration,Status, Status Description, Repository Total Directories, Repository Unreach Total Directories, Fingerprinted Total Files, Total Skipped Files, Total Scanned Directories, Total Errors, Description, Data type name, Next Scheduled Scan Date.
|*exchange_agents*
|Status of Exchange agents: Name, Status, Total messages, Total scanned, Dropped, Uptime, Time since last message, Agent queue length, Exchange queue length, Avg. time per message, Avg. time per scanned message, Version, CPU usage, Memory usage, Policy timestamp.
|===
== ctnt - Content Awareness
[cols=2, options="headers"]
|===
|Flavor
|Description
|*default*
|Is Content Awareness blade active: True/False. Total files scanned, total data types detected.
|===
== scrub - Threat Extraction process
[cols = 2, options="headers"]
|===
|Flavor
|Description
|*subscription_status*
|License/subscription status and expiration date.
|===

10103
cheat-sheets/Checkpoint-cpstat-complete-reference-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

45
cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,45 @@
= Checkpoint Firewalls Debug Cheat Sheet
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Status: Work in progress.
== Cluster XL (ClusterXL) debug
[cols=2,"options="header"]
|===
|command
|Description
|*cphaprob state*
|Show status of the cluster and its members, if down - show the descriptive reason and when the state change happened,type of clustering - HA/Load Sharing/VRRP, IP address of each member's sync interface, problematic _pnote_ that causes failover, number of failovers since last restart.
|*cphaprob -ia list*
|Show detailed information on the failed __pnote__/Critical Device of this member. List of pnotes enabled by default (differs by version/model so not a reference): _Interface Active Check_, _Recovery Delay_ , _CoreXL Configuration_, _Fullsync_, _Policy/filter_, _routed_, _fwd_, _cphad_, _init_, _cvpnd_.
|*cphaprob -l list*
|List ALL _pnotes_ of the member, including in _OK_ state.
|*cphaprob -a if*
|Show all the interfaces seen by the cluster on this member. _Monitored_ are interfaces monitored by the cluster and if failed would cause fail over. _Secured_ is/are interface(s) the cluster uses to synchronize members. In Checkpoint appliances it is usually named `Sync`. Also show cluster synchronization mode - broadcast/multicast,
|*cphaprob -m if*
|Show the monitored interfaces but also add ClusterXL VLAN monitoring info - which VLANs on which interface are being monitored.
|*cphaprob syncstat*
|Show detailed synchronization states and traffic statistics: sync traffic drops/sent/received/queue szie/delta interval. Good at showing network/communication problems between cluster members.
|*cphaprob show_failover*
|Show detailed history log of failover events with their dates and reasons. Checkpoint records last 20 failovers by default.
|*cphaprob mmagic*
|Show the cluster magic number, relevant if multiple clusters are present in the same network.
|*cphaprob show_bond*
|Show bond interfaces.
|*cpview -> Advanced -> ClusterXL*
|Partial output of the above commands in TUI interface.
|===

2078
cheat-sheets/Checkpoint-firewalls-debug-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

85
cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,85 @@
= Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2021-02-22
:homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"]
|===
|Command
|Descritption
|*show status*
|General health info, first to run on unusual CPU/IO load. Shows uptime, CPU load, memory usage, CUCM/Unity version.
|*utils ntp status*
|Show NTP status - NTP source, synchronization, stratum. Note: this is not necessarily time source for the phones.
|*utils network ping <dest> [count VALUE] [size VALUE]*
| Ping to test network quality and connectivity. E.g. `utils network ping 8.8.8.8 count 10 size 1300`
|*utils network traceroute <IP address>*
|Network trace.
|*show tech network routes*
|Show routing table.
|*show network status [process nodns search [search term]]*
|Show established connections with the process using the port. E.g. to show established connections to port 5060 (SIP phones and SIP trunks): `show network status process nodns search 5060`.
|*utils network arp list*
*utils network arp delete*
*utils network arp set*
|Working with ARP table.
|*show network ipprefs public*
*show open ports*
*show open ports all*
*show open ports regexp*
|Show open and accessible over the network ports with listening daemons.
|*show network ip_conntrack*
|Show number of open connections . While the number of connections does NOT equal number of registered phones, if there is some network connectivity issue this number will be unusually low. E.g. on CUCM with 52 registered SIP phones this commands shows 301 connections.
|*show process list*
|Show list of running processes (Linux style).
|*utils iostat*
|Show I/O stats - writes/reads per second, averages
|*show hardware*
|Show the hardware server on which the CUCM is installed.
|*utils service list*
*utils service <stop/restart/start>*
|List running CUCM/Unity services (not previously mentioned Linux ones) and then stop/restart any of them by their name. Copy & paste service name exactly as shown in the listing.
|*utils system restart*
|Last resort - restart the whole CUCM/Unity.
|*show diskusage activelog*
|Get the disk usage.
|*show logins*
|Show logged in admins
|*show password expiry user list*
|Show user password expiration, by default it is set to 99999 days, if not changed by the administrator.
|*set password { age / complexity / expiry / inactivity / user }*
|Changing password for yourself/another user . Be very careful with changing password of course.
|===

2459
cheat-sheets/Cisco-CUCM-CLI-useful-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

60
cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,60 @@
= Cisco Nexus 9000 9k debug and diagnostic commands complete cheat sheet (work in progress)
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-09-01
:homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Status: Work in progress.
[cols=2,options="header"]
|===
|Command
|Descritption
|*show run interface <port-channel number> membership*
|List physical interfaces included in the given Port-Channel, e.g. `show run int po1 membership`
|*show port-channel usage*
|Show port-channel numbers already in use.
|*show port-channel summary*
|Display list of all configured Port-Channels with their state, protocol (LACP or None), physical interface members.
|*show vpc role*
|Role of this peer in vPC, also vPC MAC address, vPC and system priority, local Nexus switch MAC.
|*show vpc brief*
|Gives verbose info about the vPC (vPC domain stats, vPC peer-link stats, port-channels with active VLANs etc.).
|*show vpc peer-keepalive*
| Display real-time stats on peering keepalives: last send/receive time, IP of the peer, port and protocol used, vrf for communicaiton.
|*show feature*
|Show enabled features, make sure FEX is on.
|*show fex [_fex-num_] [detail]*
| Show FEX, optionally with details - FEX associated number, state
(Online/Offline/Connecting), model, serial number (of the module). If _detail_,
then also show log of the last registration/offline/online of the FEX.
|*show interface fex*
| In addition to above, show physical interface names (uplinks) where FEX is connected on
Nexus and its state.
|*reload fex _fex-num_*
| Reload the specified FEX (it should be online for this).
|*show inventory fex _fex-num_*
|Show hardware info and serial numbers of the FEX chassis, network module, fans,
power supplies.
|*show environment fex _fex-num_/all*
|Show power consumed, temperature.
|*show int port-channel _n_ fex*
|Show physical interfaces pinned to a given port-channel.
|===

2168
cheat-sheets/Cisco-Nexus-9000-9k-debug-and-diagnostic-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

117
cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.adoc Normal file
View file

@ -0,0 +1,117 @@
= FAR manager cheat sheet of keyboard shortcuts
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-11-09
:homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2, options="header"]
|===
|Shortcut
|Description
|*Ctrl + \*
|Change working directory to the root folder, i.e. root of the drive.
|*Ctrl + PgUp*
|Move up to the parent directory.
|*Alt + F1*
|Set the working drive for the left panel.
|*Alt + F2*
|Set the working drive for the right panel.
|*Ctrl + u*
|Swap panels (left becomes right and vice versa).
|*Ctrl + Left/Right Arrow*
|Move the separating bar between panels left/right, changing the occupied space.
|*Ctrl + Up/Down Arrow*
|Move the bottom border of the panels up/down.
|*Alt + F7*
|Open File Search dialog box
|*Alt + F12*
|Open history of the visited folders.
|*Alt + F8*
|Open history of the viewed files.
|*F9 + c + c* or *F11 + Advanced Compare*
|Compare files/directories open in Panels. Standard compare (F9 + c + c) compares by name,size and time stamp. Advanced Compare allows to choose what to compare on. The files that differ are highlighted in blue.
|*Ctrl + 1*
|Set panel view to 3-column layout showing just names.
|*Ctrl + 2*
|Return to the standard 2-column view of names only.
|*Ctrl + 3*
|Full panel view - shows name, size, date, time columns.
|*Ctrl + 5*
|Full screen view - name, size, allocated, write, created, accessed, attributes columns.
2+|_Sort displayed items_
|*Ctrl + F3*
| Sort by file/folder name.
|*Ctrl + F4*
|Sort by extension.
|*Ctrl + F5*
|Sort by modified date.
|*Ctrl + F6*
|Sort by size.
|*Ctrl + F8*
|Sort by creation time
|*Ctrl + F9*
|Sort by access time
2+|_Selecting files and folders_
|*Insert*
|Select the item under the cursor. Press again to deselect.
|*Shift + move up/down*
|Select single/multiple items. To deselect, hold Shift and move in the opposite direction.
|* (asterisk)
|Select all files/folders in the panel. Press again to invert the selection.
|COLORS fix later
| Fix me
|*F9 -> o -> l*
|Open color selection dialog box.
|*F11 + Temporary Panel*
| Create and switch to a Temporary Panel. You can copy/drag files and folders from the visible Panel to it. This allows to work on multiple items from different locations at the same time.
2+|_Filter what is shown in the Panel_
|*Ctrl + i*
a|Open Filter dialog menu. It contains all file types/extensions seen in the current folder. By moving with _Arrow Up/Down_ you can select/deselect any single or combination of multiple extensions to include or exclude in the display. Highlight the extension in question and press:
- *<space>* or *+* or *i*: Include files with such extension in the display, exclude from display anything else. Pressing the same key again clears the selection.
- *Shift + Backspace*: Clear all selections made so far.
- *x*: Exclude the selected extensions from showing, display what is left.
- *Insert*: Open a dialog menu to create Custom filter. This allows to include/exclude files by their name/extension, size, attributes, and modification date. You can use relative operators `>=, <=`. All operands in a Custom filter are ANDed. Make sure to activate this Custom filter with Space or `+` in the filter list later.
|*Enter*
|Activate the filter.
|===

4206
cheat-sheets/FAR-manager-cheat-sheet-of-keyboard-shortcuts.pdf Normal file
View file

File diff suppressed because it is too large Load diff

184
cheat-sheets/Fortianalyzer-SQL-tables-reference-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,184 @@
= Fortianalyzer SQL tables list
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
:homepage: https://yurisk.info
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-log-message-reference/384955/traffic
.Table columns for Traffic Log
[cols=2, options="header"]
|===
|Column Name
|Description
|id
|Numerical, 28 number, differ per row e.g. 1612273830 epoch time, the rest unclear
|bid
|Numerical, 9 numbers, same for the table for all rows
|dvid
| Numerical, 4 numbers,
|itime
|Numerical, epoch time, e.g. 1612273830, stays the same for all rows (?)
|dtime
|Numerical, epoch, e.g. 1612281024, changes but not with each row, every few rows, probably end time
|euid
|Numerical, 1 number
|epid
|Numerical, varies
|dsteuid
|Numerical, all = 0
|dstepid
| Numerical, the same for all rows
|logflag
|Numerical, differes but not each row, some rows are missing it
|logver
|Numerical, the same for all rows, e.g. 60
|proto
|Numerical, IP/TCP protocol number
|vrf
|Empty
|logid
|Numerical, log type, e.g. 0000000015, 000000013
|type
|String, e.g. traffic
|subtype
|String, e.g. forward
|level
|String, e.g. notice
|action
|String, e.g `deny`, `start`, `close`
|policyid
|Numerical, e.g. 2
|sentbyte
|Numerical, variable
|rcvdbyte
|Numerical
|sessionid
|Numerical
|srcport
|Numerical
|dstport
|Numerical
|transport
|EMpty
|trandisp
|String, `snat`
|duration
|Numerical
|sentpkt
|Numerical
|rcvdpkt
|Numerical
|utmaction
|String, `block`
|slot
|Empty
|srcip
|IP address
|dstip
|IP address
|srcname
|Empry
|dstname
|Empty
|service
|String, `HTTP`
|user
|empty
|poluuid
|Hex long number
|app
|String, `HTTP`, `HTTPS`, `DNS`, `TeamViewer`
|appcat
|String, `unknown`, `Remote.Access`
|tranip
|{}
|unauthuser
|{}
|unauthusersource
|{}
|vpn
|{}
|srcintf
|String, `bla_INT`
|dstintf
|String, `bla_EXT`
|group
|{}
|custom_field1
|{}
|srcintfrole
|`undefined`
|dstintfrole
|`undefined`
|fctuid
|{}
|wanoptapptype
|{}
|wanin
|Numerical, `3317`, `0`
|wanout
|Numerical, differs from _wanin_
|lanin\
|Numerical, `164`
|lanout
|Numerical, equals to _lanin_
|===

5519
cheat-sheets/Fortianalyzer-SQL-tables-reference-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

183
cheat-sheets/Fortianalyzer-debug-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,183 @@
= Fortianalyzer diagnose and debug cheat sheet
:toc: auto
== General Health
[cols=2, options="header"]
|===
|Command
|Description
|*get sys status*
|Get general information: firmware version, serial number, ADOMs enabled or not, time and time zone, general license status (Valid or not).
|*get sys performance*
|Detailed performance statistics: CPU load, memory usage, hard disk/flash disk used space and input/output (`iostat`) statistics.
|*exe top*
|Display real time list of running processes with their CPU load.
|*diag log device*
|Shows how much space is used by each device logging to the Fortianalyzer, including quotas.
|*exe iotop -b -n 1*
|Display and update every 1 second READ/WRITE statistics for all the processes.
|*dia sys process list*
|list running processes, like `ps aux` in Linux.
|*dia sys process kill <kill signal> <process id>*
|Kill a process by its pid. Kill signal can be word or numeric, e.g. `dia sys process kill 9 27034`.
|*diagnose system print cpuinfo*
|Display hardware CPU information - vendor, number of CPUs etc.
|*diagnose hardware info*
|Even more hardware-related info.
|*diagnose system print df*
|Show disk partitions and space used. Analog of the Linux `df`.
|*exe lvm info*
|Shows disks status and size
|*diagnose system print loadavg*
|Show average system load, analog to the Linux `uptime` command.
|*dia sys print uptime*
|Show FAZ uptime.
|*dia sys admin-session <list/status/kill>*
|List, kill admin session(s).
|*dia sys ntp status*
|Show NTP status: IP of the NTP server synchronized to, its startum, etc.
|*dia dvm check-integrity*
|Check objects db integrity.
|===
== Communication debug
[cols=2, options="header"]
|===
|Command
|Description
|*diagnose system print netstat*
|Show established connections to the Fortianalyzer, as well as listening ports. Every logging device can (and usually does) have multiple connections established.
|*diagnose system route list*, *diagnose sys route6 list*
|Show routing table
|*diagnose test application oftpd 3*
|List all devices sending logs to the Fortianalyzer with their IP addresses, serial numbers, _uptime_ meaning connection establishment uptime, not remote device uptime, and packets received (should be growing).
|*diagnose debug application oftpd 8 <__Device name__>*
*diagnose debug enable*
|Real time debug of communicating with the __Device name__ device.
|*diagnose sniffer packet any "host __IP of remote device__"*
|Sniff packets from/to remote device, to make sure they are sending each other packets. The communication is encrypted.
|*diagnose sniffer packet any "port 514"*
|Sniff all packets to/from port 514 used by Fortianalyzer to receive logs from remote devices.
|===
== Logs from devices
[cols=2, options="header"]
|===
|Command
|Description
|*diagnose test application oftpd 50*
|Show log types received and stored for each device.
|*diag log device*
|Shows how much space is used by each device logging to the Fortianalyzer, including quotas.
|*diagnose fortilogd lograte*
|Show in one line last 5/30/60 seconds rate of receiving logs.
|*diagnose fortilogd lograte-adom all*
|Show as table log receiving rates for all ADOMs aggregated per device type (i.e. rate for all Fortigates will be as one data per ADOM).
|*diagnose fortilogd lograte-device*
|Show average logs receive rate per device for the last hour, day, and week.
|*diagnose fortilogd lograte-total*
|Show summary log receive rate for all devices on this Fortianalyzer.
|===
== Disk and RAID health
[cols=2, options="header"]
|===
|Command
|Description
|*diagnose sys raid status*
|General health of the RAID: RAID level used, RAID status, RAID size, health status of
each physical disk in the RAID.
|*dia sys raid hwinfo*
|Detailed RAID controller info: IDs, slot numbers, link speed, media type, temperature,
error counters, and more.
|*dia sys disk info*
|General physical disks info: model and maker for each physical disk, s/n, speed (RPM), media
type, ATA/SATA versions supported.
|*dia sys disk health*
|Health state of the disks as read from S.M.A.R.T. info, greatly depends on the S.M.A.R.T.
level support by the disk.
|*dia sys disk error*
|History of all errors along with the time of occurrence.
|*dia sys disk usage*
|Lists all folders (a lot) of the filesystem with their sizes on disk. Also available on
VM FAZ.
|*dia sys flash list*
|List FAZ image stored in the flash, e.g.
|===
== Licensing
[cols=2, options="header"]
|===
|Command
|Description
|*diagnose dvm device list*
|Look for the line _There are currently N devices/vdoms count for license_.
|*diagnose debug vminfo*
|Show report on Virtual Machine license: whether valid or not, type, licensed storage volume, licensed log receive rate, licensed maximum device count.
|*dia license list*
|List all applied lcienses on this FAZ.
|===

5399
cheat-sheets/Fortianalyzer-debug-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

1069
cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc Normal file
View file

File diff suppressed because it is too large Load diff

28978
cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

63
cheat-sheets/FreeBSD-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,63 @@
= FreeBSD cheat sheet
:homepage: https://yurisk.info
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Working with disks and partitions
[cols=2, options="header"]
|===
|Command
|Description
|*camcontrol devlist*
|Show list of attached storage devices
|*geom <disk/label/part/raid> list*
|Display detailed information for the given GEOM class `disk` - physical disk, `label` - device labels, `part` - partitions. Other classes are available, but not mentioned for irrelevance here.
|*mount*
|Show mounted in fact partitions and their properties (journaled or not, type).
|*glabel list*
|Show labels, same as `geom label list`.
|*gpart show*
|Show partitions, similar to `geom part list` minus labels information, so is shorter. Add `-r` to show GPT partition types, see for the complete list at https://en.wikipedia.org/wiki/GUID_Partition_Table .
|*gpart recover <device name>*
|Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: `gpart recover da0`.
|*swapoff <device name>*
|Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: `swapoff /dev/da0p3`
|*gpart delete -i <n> <device name>*
|Delete partition number `n` (as shown by `gpart show`) on the device `device name`. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: `gpart delete -i 3 /dev/da0`.
|*gpart create -s <partition scheme> <device name>*
|Set type of partition to be added on device `device name`. E.g. to set up device _da1_ for GPT partitioning: `gpart create -s gpt da1`.
|*sysctl kern.geom.debugflags=16*
|Resizing a live partition may require turning off this protection.
|*gpart resize -i <n> [ -s <new size K/M/G>] [-a <alignment size>] <device name>*
|Resize existing partition number `n` to `new size`, optionally setting alighnment, on device `device name`. If `-s` size is not given, use up all available _free_ space. E.g. to increase the _2nd_ partition on device _da0_ to 47 Gigabyte with 4k alignment: `gpart resize -i 2 -s 47G -a 4k da0`.
|*growfs <partition name>*
|After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.`growfs /dev/da0p2`.
|*gpart add -t <partition type> [-a <alignment>] [-l <label name>] <dev name>*
|Add a new partition to the disk `dev name`, setting its type and optionally alignment and label. E.g. to add _freebsd-ufs_ type partition to disk _da1_ aligned on 4k border setting the label to _data_: `gpart add -t freebsd-ufs -a 4k -l data da1` . After that, this partition will be available as _/dev/gpt/data_
|*newfs [-U] [-j] <partition name/label>*
|Add filesystem to the named partition. Switches depend on the filesystem type, here `-U` is for *freebsd-ufs* with soft updates but without journaling, while `-j` adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled _/data_ of type GPT: `newfs -U /dev/gpt/data`.
|===

107
cheat-sheets/FreeBSD-cheat-sheet.html Normal file
View file

@ -0,0 +1,107 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.18">
<title>FreeBSD cheat sheet</title>
<style>
</style>
</head>
<body class="article">
<div id="header">
<h1>FreeBSD cheat sheet</h1>
</div>
<div id="content">
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>Author: Yuri Slobodyanyuk, <a href="https://www.linkedin.com/in/yurislobodyanyuk/" class="bare">https://www.linkedin.com/in/yurislobodyanyuk/</a></p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_working_with_disks_and_partitions">Working with disks and partitions</h2>
<div class="sectionbody">
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Command</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>camcontrol devlist</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show list of attached storage devices</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>geom &lt;disk/label/part/raid&gt; list</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Display detailed information for the given GEOM class <code>disk</code> - physical disk, <code>label</code> - device labels, <code>part</code> - partitions. Other classes are available, but not mentioned for irrelevance here.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>mount</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show mounted in fact partitions and their properties (journaled or not, type).</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>glabel list</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show labels, same as <code>geom label list</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart show</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Show partitions, similar to <code>geom part list</code> minus labels information, so is shorter. Add <code>-r</code> to show GPT partition types, see for the complete list at <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table" class="bare">https://en.wikipedia.org/wiki/GUID_Partition_Table</a> .</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart recover &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Recover partition information, e.g. when increasing the size of already partitioned disk in Virtual Machine, the last sector holding the partition info is lost, so to put the needed info in the last sector of now increased disk: <code>gpart recover da0</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>swapoff &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Turn off temporarily the swap file, e.g. to move its partition to the end of the increased virtual disk: <code>swapoff /dev/da0p3</code></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart delete -i &lt;n&gt; &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Delete partition number <code>n</code> (as shown by <code>gpart show</code>) on the device <code>device name</code>. E.g. If the swap partition was number 3 on disk /dev/da0, to delete it: <code>gpart delete -i 3 /dev/da0</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart create -s &lt;partition scheme&gt; &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Set type of partition to be added on device <code>device name</code>. E.g. to set up device <em>da1</em> for GPT partitioning: <code>gpart create -s gpt da1</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>sysctl kern.geom.debugflags=16</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Resizing a live partition may require turning off this protection.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart resize -i &lt;n&gt; [ -s &lt;new size K/M/G&gt;] [-a &lt;alignment size&gt;] &lt;device name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Resize existing partition number <code>n</code> to <code>new size</code>, optionally setting alighnment, on device <code>device name</code>. If <code>-s</code> size is not given, use up all available <em>free</em> space. E.g. to increase the <em>2nd</em> partition on device <em>da0</em> to 47 Gigabyte with 4k alignment: <code>gpart resize -i 2 -s 47G -a 4k da0</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>growfs &lt;partition name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">After resizing a partition, grow the existing file system on it to encompass the new free space. E.g.<code>growfs /dev/da0p2</code>.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>gpart add -t &lt;partition type&gt; [-a &lt;alignment&gt;] [-l &lt;label name&gt;] &lt;dev name&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Add a new partition to the disk <code>dev name</code>, setting its type and optionally alignment and label. E.g. to add <em>freebsd-ufs</em> type partition to disk <em>da1</em> aligned on 4k border setting the label to <em>data</em>: <code>gpart add -t freebsd-ufs -a 4k -l data da1</code> . After that, this partition will be available as <em>/dev/gpt/data</em></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>newfs [-U] [-j] &lt;partition name/label&gt;</strong></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Add filesystem to the named partition. Switches depend on the filesystem type, here <code>-U</code> is for <strong>freebsd-ufs</strong> with soft updates but without journaling, while <code>-j</code> adds journaling. E.g. to create UFS filesystem with soft updates but without the journaling on partition labeled <em>/data</em> of type GPT: <code>newfs -U /dev/gpt/data</code>.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div id="footer">
<div id="footer-text">
Last updated 2021-12-03 08:42:05 +0200
</div>
</div>
</body>
</html>

2813
cheat-sheets/FreeBSD-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

70
cheat-sheets/HIEW-hexadecimal-editor-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,70 @@
= HIEW hexadecimal editor and disassembler cheat sheet
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"]
|===
|Command
|Description
|*hiew8.ini*
|Configuration file usually located in the same directory as the hiew32.exe binary itself.
|*F1*
|Conext-aware help.
|*ESC*
| Exit any window in any mode without saving the changes.
|*F3*
|Enter the Edit mode.
|*ENTER*
| In the Read mode, switch between Hex/Decode/Text modes in turn.
|*F7*
|Open a search window.
|*Ctrl+Enter*
|Continue searching.
|*Alt+F1*
|Change location addressing mode.
|*F9*
|Save the changes made so far.
|*F6*
|In Decode/Disassembled mode, find cross-references.
|*
| In Read mode, select block(s) of bytes.
|*F8*
|Show the file headers.
|*F8 -> F6 -> F3*
| In Hex/Decode modes, show then edit file header sections.
|*Alt+F6*
|Show all strings in a file.
|*+/-*
|Increase/decrease minimal string length.
|*F5*
| Go to offset.
|*Alt+F7*
| Change the search direction: top-down/down-top.
|===

1942
cheat-sheets/HIEW-hexadecimal-editor-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

24
cheat-sheets/ImageMagick-command-line-examples.adoc Normal file
View file

@ -0,0 +1,24 @@
= ImageMagick Command Line Examples
:toc:
== Rotate images 90 degrees
Use `convert` tools in a bash script to rotate all .jpg images in the current folder, naming the rotated images as _current-name_-rotated.jpg
[source,bash]
----
for ii in *.jpg
do
convert ${ii} -rotate 90 ${ii}-rotated.jpg
done
----
== Combine images in the current folder into a PDF file
Let's combine images with extension .jpg (using shell wildcards) into one
PDF file.
----
magick *.jpg pics-2022-1.pdf
----

932
cheat-sheets/ImageMagick-command-line-examples.pdf Normal file
View file

@ -0,0 +1,932 @@
%PDF-1.4
%ÿÿÿÿ
1 0 obj
<< /Title (ImageMagick Command Line Examples)
/Creator (Asciidoctor PDF 2.3.10, based on Prawn 2.4.0)
/Producer (Asciidoctor PDF 2.3.10, based on Prawn 2.4.0)
/ModDate (D:20231214121921+02'00')
/CreationDate (D:20231217151828+02'00')
>>
endobj
2 0 obj
<< /Type /Catalog
/Pages 3 0 R
/Names 10 0 R
/Outlines 21 0 R
/PageLabels 26 0 R
/PageMode /UseOutlines
/OpenAction [7 0 R /FitH 841.89]
/ViewerPreferences << /DisplayDocTitle true
>>
>>
endobj
3 0 obj
<< /Type /Pages
/Count 1
/Kids [7 0 R]
>>
endobj
4 0 obj
<< /Length 2
>>
stream
q
endstream
endobj
5 0 obj
<< /Type /Page
/Parent 3 0 R
/MediaBox [0 0 595.28 841.89]
/CropBox [0 0 595.28 841.89]
/BleedBox [0 0 595.28 841.89]
/TrimBox [0 0 595.28 841.89]
/ArtBox [0 0 595.28 841.89]
/Contents 4 0 R
/Resources << /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
>>
>>
endobj
6 0 obj
<< /Length 5812
>>
stream
q
/DeviceRGB cs
0.2 0.2 0.2 scn
/DeviceRGB CS
0.2 0.2 0.2 SCN
BT
99.73 777.054 Td
/F2.0 27 Tf
<496d6167654d616769636b20436f6d6d616e64204c696e65> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
231.0175 740.334 Td
/F2.0 27 Tf
<4578616d706c6573> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 598.874 Td
/F2.0 22 Tf
<526f7461746520696d616765732039302064656772656573> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
0.60361 Tw
BT
48.24 569.686 Td
/F1.0 10.5 Tf
<55736520> Tj
ET
0.0 Tw
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.69412 0.12941 0.27451 scn
0.69412 0.12941 0.27451 SCN
0.60361 Tw
BT
69.43411 569.686 Td
/F3.0 10.5 Tf
<636f6e76657274> Tj
ET
0.0 Tw
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
0.60361 Tw
BT
106.18411 569.686 Td
/F1.0 10.5 Tf
<20746f6f6c7320696e206120626173682073637269707420746f20726f7461746520616c6c202e6a706720696d6167657320696e207468652063757272656e7420666f6c6465722c206e616d696e672074686520726f7461746564> Tj
ET
0.0 Tw
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 553.906 Td
/F1.0 10.5 Tf
<696d6167657320617320> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
99.48 553.906 Td
/F4.0 10.5 Tf
<63757272656e742d6e616d65> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
166.2075 553.906 Td
/F1.0 10.5 Tf
<2d726f74617465642e6a7067> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
q
0.96078 0.96078 0.96078 scn
52.24 538.09 m
543.04 538.09 l
545.24914 538.09 547.04 536.29914 547.04 534.09 c
547.04 461.13 l
547.04 458.92086 545.24914 457.13 543.04 457.13 c
52.24 457.13 l
50.03086 457.13 48.24 458.92086 48.24 461.13 c
48.24 534.09 l
48.24 536.29914 50.03086 538.09 52.24 538.09 c
h
f
0.8 0.8 0.8 SCN
0.75 w
52.24 538.09 m
543.04 538.09 l
545.24914 538.09 547.04 536.29914 547.04 534.09 c
547.04 461.13 l
547.04 458.92086 545.24914 457.13 543.04 457.13 c
52.24 457.13 l
50.03086 457.13 48.24 458.92086 48.24 461.13 c
48.24 534.09 l
48.24 536.29914 50.03086 538.09 52.24 538.09 c
h
S
Q
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
59.24 515.265 Td
/F3.0 11 Tf
<666f7220696920696e202a2e6a7067> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
59.24 500.525 Td
/F3.0 11 Tf
<646f> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
59.24 485.785 Td
/F3.0 11 Tf
<636f6e7665727420247b69697d20202d726f746174652020393020247b69697d2d726f74617465642e6a7067> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
59.24 471.045 Td
/F3.0 11 Tf
<646f6e65> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 416.834 Td
/F2.0 22 Tf
<436f6d62696e6520696d6167657320696e207468652063757272656e7420666f6c64657220696e746f2061> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 386.914 Td
/F2.0 22 Tf
<5044462066696c65> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 357.726 Td
/F1.0 10.5 Tf
<4c6574d57320636f6d62696e6520696d61676573207769746820657874656e73696f6e202e6a706720287573696e67207368656c6c2077696c6463617264732920696e746f206f6e65205044462066696c652e> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
q
0.96078 0.96078 0.96078 scn
52.24 341.91 m
543.04 341.91 l
545.24914 341.91 547.04 340.11914 547.04 337.91 c
547.04 309.17 l
547.04 306.96086 545.24914 305.17 543.04 305.17 c
52.24 305.17 l
50.03086 305.17 48.24 306.96086 48.24 309.17 c
48.24 337.91 l
48.24 340.11914 50.03086 341.91 52.24 341.91 c
h
f
0.8 0.8 0.8 SCN
0.75 w
52.24 341.91 m
543.04 341.91 l
545.24914 341.91 547.04 340.11914 547.04 337.91 c
547.04 309.17 l
547.04 306.96086 545.24914 305.17 543.04 305.17 c
52.24 305.17 l
50.03086 305.17 48.24 306.96086 48.24 309.17 c
48.24 337.91 l
48.24 340.11914 50.03086 341.91 52.24 341.91 c
h
S
Q
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
59.24 319.085 Td
/F3.0 11 Tf
<6d616769636b202a2e6a70672020706963732d323032322d312e706466> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 693.354 Td
/F2.0 22 Tf
[<54> 29.78516 <61626c65206f6620436f6e74656e7473>] TJ
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
BT
48.24 662.816 Td
ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 662.816 Td
/F1.0 10.5 Tf
<526f7461746520696d616765732039302064656772656573> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.66275 0.66275 0.66275 scn
0.66275 0.66275 0.66275 SCN
BT
177.06462 662.816 Td
/F1.0 10.5 Tf
<2e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e20> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
BT
540.49062 662.816 Td
/F1.0 2.625 Tf
<ca> Tj
ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
541.1705 662.816 Td
/F1.0 10.5 Tf
<31> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
BT
48.24 644.336 Td
ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
48.24 644.336 Td
/F1.0 10.5 Tf
<436f6d62696e6520696d6167657320696e207468652063757272656e7420666f6c64657220696e746f2061205044462066696c65> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
0.66275 0.66275 0.66275 scn
0.66275 0.66275 0.66275 SCN
BT
310.67712 644.336 Td
/F1.0 10.5 Tf
<2e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e202e20> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
BT
540.49062 644.336 Td
/F1.0 2.625 Tf
<ca> Tj
ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
541.1705 644.336 Td
/F1.0 10.5 Tf
<31> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
q
0.0 0.0 0.0 scn
0.0 0.0 0.0 SCN
1 w
0 J
0 j
[] 0 d
/Stamp1 Do
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
BT
541.009 14.263 Td
/F1.0 9 Tf
<31> Tj
ET
0.0 0.0 0.0 SCN
0.0 0.0 0.0 scn
Q
Q
endstream
endobj
7 0 obj
<< /Type /Page
/Parent 3 0 R
/MediaBox [0 0 595.28 841.89]
/CropBox [0 0 595.28 841.89]
/BleedBox [0 0 595.28 841.89]
/TrimBox [0 0 595.28 841.89]
/ArtBox [0 0 595.28 841.89]
/Contents 6 0 R
/Resources << /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
/Font << /F2.0 8 0 R
/F1.0 13 0 R
/F3.0 14 0 R
/F4.0 15 0 R
>>
/XObject << /Stamp1 28 0 R
>>
>>
/Annots [17 0 R 18 0 R 19 0 R 20 0 R]
>>
endobj
8 0 obj
<< /Type /Font
/BaseFont /c39c18+NotoSerif-Bold
/Subtype /TrueType
/FontDescriptor 31 0 R
/FirstChar 32
/LastChar 255
/Widths 33 0 R
/ToUnicode 32 0 R
>>
endobj
9 0 obj
[7 0 R /XYZ 0 721.65 null]
endobj
10 0 obj
<< /Type /Names
/Dests 11 0 R
>>
endobj
11 0 obj
<< /Names [(__anchor-top) 27 0 R (_combine_images_in_the_current_folder_into_a_pdf_file) 16 0 R (_rotate_images_90_degrees) 12 0 R (toc) 9 0 R]
>>
endobj
12 0 obj
[7 0 R /XYZ 0 627.17 null]
endobj
13 0 obj
<< /Type /Font
/BaseFont /6b92b1+NotoSerif
/Subtype /TrueType
/FontDescriptor 35 0 R
/FirstChar 32
/LastChar 255
/Widths 37 0 R
/ToUnicode 36 0 R
>>
endobj
14 0 obj
<< /Type /Font
/BaseFont /a78ad9+mplus1mn-regular
/Subtype /TrueType
/FontDescriptor 39 0 R
/FirstChar 32
/LastChar 255
/Widths 41 0 R
/ToUnicode 40 0 R
>>
endobj
15 0 obj
<< /Type /Font
/BaseFont /14d347+NotoSerif-Italic
/Subtype /TrueType
/FontDescriptor 43 0 R
/FirstChar 32
/LastChar 255
/Widths 45 0 R
/ToUnicode 44 0 R
>>
endobj
16 0 obj
[7 0 R /XYZ 0 445.13 null]
endobj
17 0 obj
<< /Border [0 0 0]
/Dest (_rotate_images_90_degrees)
/Subtype /Link
/Rect [48.24 659.75 173.7675 674.03]
/Type /Annot
>>
endobj
18 0 obj
<< /Border [0 0 0]
/Dest (_rotate_images_90_degrees)
/Subtype /Link
/Rect [541.1705 659.75 547.04 674.03]
/Type /Annot
>>
endobj
19 0 obj
<< /Border [0 0 0]
/Dest (_combine_images_in_the_current_folder_into_a_pdf_file)
/Subtype /Link
/Rect [48.24 641.27 308.577 655.55]
/Type /Annot
>>
endobj
20 0 obj
<< /Border [0 0 0]
/Dest (_combine_images_in_the_current_folder_into_a_pdf_file)
/Subtype /Link
/Rect [541.1705 641.27 547.04 655.55]
/Type /Annot
>>
endobj
21 0 obj
<< /Type /Outlines
/Count 4
/First 22 0 R
/Last 25 0 R
>>
endobj
22 0 obj
<< /Title <feff0049006d006100670065004d0061006700690063006b00200043006f006d006d0061006e00640020004c0069006e00650020004500780061006d0070006c00650073>
/Parent 21 0 R
/Count 0
/Next 23 0 R
/Dest [7 0 R /XYZ 0 841.89 null]
>>
endobj
23 0 obj
<< /Title <feff005400610062006c00650020006f006600200043006f006e00740065006e00740073>
/Parent 21 0 R
/Count 0
/Next 24 0 R
/Prev 22 0 R
/Dest [7 0 R /XYZ 0 841.89 null]
>>
endobj
24 0 obj
<< /Title <feff0052006f007400610074006500200069006d006100670065007300200039003000200064006500670072006500650073>
/Parent 21 0 R
/Count 0
/Next 25 0 R
/Prev 23 0 R
/Dest [7 0 R /XYZ 0 627.17 null]
>>
endobj
25 0 obj
<< /Title <feff0043006f006d00620069006e006500200069006d006100670065007300200069006e0020007400680065002000630075007200720065006e007400200066006f006c00640065007200200069006e0074006f002000610020005000440046002000660069006c0065>
/Parent 21 0 R
/Count 0
/Prev 24 0 R
/Dest [7 0 R /XYZ 0 445.13 null]
>>
endobj
26 0 obj
<< /Nums [0 << /P (1)
>>]
>>
endobj
27 0 obj
[7 0 R /XYZ 0 841.89 null]
endobj
28 0 obj
<< /Type /XObject
/Subtype /Form
/BBox [0 0 595.28 841.89]
/Length 165
>>
stream
q
/DeviceRGB cs
0.0 0.0 0.0 scn
/DeviceRGB CS
0.0 0.0 0.0 SCN
1 w
0 J
0 j
[] 0 d
q
/DeviceRGB CS
0.86667 0.86667 0.86667 SCN
0.25 w
48.24 30.0 m
547.04 30.0 l
S
Q
Q
endstream
endobj
29 0 obj
<< /Type /XObject
/Subtype /Form
/BBox [0 0 595.28 841.89]
/Length 165
>>
stream
q
/DeviceRGB cs
0.0 0.0 0.0 scn
/DeviceRGB CS
0.0 0.0 0.0 SCN
1 w
0 J
0 j
[] 0 d
q
/DeviceRGB CS
0.86667 0.86667 0.86667 SCN
0.25 w
48.24 30.0 m
547.04 30.0 l
S
Q
Q
endstream
endobj
30 0 obj
<< /Length1 11468
/Length 7075
/Filter [/FlateDecode]
>>
stream
xœ½z X[וîÞç=ƒHâ!G:H I€@â<> #có`aG2!Œ„ò¨<C3B2>¤ñ?ìÜÔ;¾ù2ž$ó]Gx<ŽÓéL6Ÿ;3mÇqç´Ç™™6½Óë\·<>i>_bÄ]ûHÂà8Mo¿ûÝ#ï³×^{íµ×ú×Ú<C397>ca„PÚ‡häér™*žh8<38>®g8à<38>š˜ BT7ð2†÷„Ù ;Ž!”zxµ#S£<53>ÚïÝ~ !Ú‡<C39A>¨|ÔšB"ø¡Òw`üºÑ‰Ù‘‹žÿñ=„¤ûÊ87æ÷úèéK¿<4B>¾[P,cÀ<63>6
2Aw´‹ÆáG_<15>†ößBûàDpØ»éçíC0¾Úmï£SÔ<> ýíÐf'½ï0Ç"”d™
†ÂôkŒæwCÿÈÔ´*prïß#”ü"ظ_±dèÎw>L}XRÿ;”"Fäy÷tå¤þH¨ó &*]–€¬Q(öÀ8ñÑ¥WÁÇChÙ/ºÀkZý¨yŽ]@Rôð­,´†.EAadÔw¡ N ÌÀ/ˆÕôûhÿBTŠ˜b E1÷iFºº6 ~<7E>Æl¥Ül¼<6C>Ù(¸L<C2B8>êÇè]Jõ,jƒÒ.p£ÝBÕjP sÕÐU@סÑY¨•P^åûdÌÑ<> y ÞÎ<‡<t Ò1<C392>#F0€8ê:â¼/^ óK<C3B3>-AJÆ„Jè_¢ºé<>_%ЃÏ­:ë€ÞïÍ—Ÿû¡L€™x<18> ÁJJF(§®<1E>&¦gdÊä
”•<EFBFBD>“«ÌCù…€ˆêë§þÿô؃îþ>WoOwWçæM<1B>íÚöÖf[ScC}]mMµÕRU^f2JuZM§VfËÒ¥´Ô”ä$±H(`h
£R×æa#ZO„ÑrííÒæ¼Àð®bx",°ÚÖÊDX/Æ®•´<E280A2>äÈ}˜¤mEKÙzTo(eù±<C3B9>c¯à­=n <6E>Ú¹A6òOoæiFË7R¡¡RÁÖ‘=fg#ØÃ:"m{Ææ;è[HInåZýɆR´<52>œd
Pbnj7bž Šµ §i#´ÆáõEº{Ü»R¥4”:#iœ<69>ïB­¼Êˆ°5"âU²ãÄtt˜](}gîÈ)Úáѯóq>ï<>;B{aì혛;I×GJ8{¤ä±ŸgƒçþH)gwDôDkGïÊ<÷¦Ä<11>Fʱs¿Cà÷Ù­µoœ#ÔHÙðÎ͵qlÛœgÎ{eyߎ•rs ëÖÍM9aÔí†QW¿sXi;2zÆpmÜÙ¶ÞŽHfÏ6w„Ò´±c^àÀŸ&NU­&dº¿ª`ªRÇ_±¡ЈìëqÇÚ,Ú¡¼ˆl&ý`„ò<E2809E>žw=ò~Ò³/ѳ2ÜÃA4;\î¹£qú8`|ØÙ·òi' '<27>¤}®Tqsél<C3A9>i<EFBFBD>—eÁ*§oœ<6F>´ ŒZ=2… ™“ò<E2809C>´ÏcÕgJ˜@žÁÖp †èqpOüÏž±lPÀJ#íúXèûÜ7#ÇB™ Fx=¢q;¾ˆŠÈ¸•x³ã.7?$>,"k<>Àa19ìdfÖ1Grë<0F>ä>ˆäSGÇ Š\<5C>û-d^þd¡Uþ…U¢A;Q¬h…Ô:æܾH¡GéƒU9º•ªˆmT rnÿ IJ@³ä0MÅ[¡ZûÜ.®£g«»:nt¬ƒ¨c4ŽûÔpneL ¤gD¬³nJI l\K=¼#"<22>ŠÃsIZ·Ô³n¬D i0#RÂ:üö¸i¯Q* ©×ÚžÐ&$MÐÓÚ®T ªb<C2AA>¡”n6>1Œ´'ºh ìÀ£@ Ï"¸gTY7çç¹16bëvß<|Dâ`ðñ‰ÇµoMkXRAw¢AÀŒ´é•«Á<C2AB>làÛ+Íöûº<C3BB>‰nvNÌu¸æˆr.®<10>åéPœ;Áf$¤çA<1D>‡6o¼ƒ<C2BC>㜾9Îå®WòÆöºŸT>FæÊ@¸£¯ÅP
ö,ØðA×V÷[R8àö¹/R˜´ .AŸû-ΞK.aKDS/4ļ¼ò-Bûø^†gðíá+ñ<q‡Ñð*Æ“&xð˜ÏÆóÈŒa¯w°>Ÿ'Çæ<ƒ$Ç‘œ†?8¹F<00>k\À”p]$™ó·DR¸Âo"ü¦_Hø"È ¬À†ÒÇæ¤îwÙ835XŽº± õ#¼#P(œ œ à¼oŒŽ“7¦€‡<E282AC>'<27>· JÊ^(o@¹ Eˆ­°{¹?²Œ÷.cé2Žv/õKö.-/Ñ¥ãKÔÍ%Ül<C39C>´ïƹüd¹ 4<1D>(´¤ðÆX}i¨¯ƒ:êd¨“ø)“`ª$˜& .+IX |Ï¡B(ŒOc¨i¾<69>¾ˆkÞiÖBë(j÷K<õkxPhÄò¼„Ì5(·¡08ôeƒÞ,¨¶âþ;h¹ÐtûáÛ”ç3ü…y±ÿ¦ùFÿÇfºß³¸oñÄbdñýÅO½(º²üÎ¥ÅäÔ¶÷Sp(~›—ÁÛ…Ây¶eL÷¿qÛnগ mozÞÜ÷æ‰7#oþúMáÞËo\¾y™þ%^ò\:qé<71>KÌ«œBÉùÂó¦óô™oùíà·¯}›–¼|áÚ t:…ëß>uíå9…_:uûÔò)Úv
_;…ÙS¸kþáyªiþøüKóôÛó×æ©îy|õ(<2~„J=„ºú4ÎÅÙý9™Ë…"f¹PÖ¼=zmôæ(]6bé¡™ÜäÛO!ŸÍ×í{Ç÷¾O<C2BE>iÎè x.¡÷Ò·iZ²¥p å˜Ø7@·÷cÔ'íóôMõíë䙕ý
³¼?Kú¥fI?\±úñ[!êIrSB5I®InKè Ú‹Þ@·™°O<C2B0>ø
>±ÐçÒë;®ˆ–á¨uoàƒ<11>¼m=[#ƒÔ¿u{ãcƒÏ=ŠZò;"°9xò;">²KbÒüj …Ba=ÿ` C(” B(ÆD|#<%<3³=„·¡.=ÿ‡´õ„„W8&¦×CÙÎsÈ/<£ÍÌð¼²Ê<>Dš\üxí­•ÙˆrÑqøÞ!ßj«ÞQYŒþõˆ¿¦ëÐ<C3AB>áç<C3A1>ßW=wà·~Ì󟘱Eïµ¢jÊ­ÃÝ+½¨il½ 5 ˆ =hZCݦþ…ºL[%ü£l<C2A3>?ËÔF$_þ<5F>¯Àð M•ÜÏÊ¢tÇü¹CÉ(¡P&T
 ¼A=IDU";dÁ5ê,u”|í£ElÆ•ÌGÌ-ªŠÒQ¯Sï.ï^Þ!ø7ÁçwOòêð@çÑ-\ŒwàñUü9e§æ¨¥³é)ú*#d<Ì9æÁ7?fG„G„¢6Ñ>Ñ?Yñ£âWÅ¿J"˜Rè]°'²<>&s<7F>©JWY¡¼K;ï¾9FÍ.\^Ü8Æ|ÊÆÚo1fÁQ&Ò<><C392>2* sj#¦ª*3±¹¢gd”¹¢8FŠS§QŒ¹ú±¿Ùä<7F>G*+y÷è³3[½Ô--i¯©i/HŠÛ«kœë¥Ô<C2A5>×¢¿º:1qg½þ:½·sç{ÑÿùçóŸ¾Ô×÷Ò§óó¿8ër<C3AB>ýElþv˜?æ/FˆƒÚóX¬´¹"#3<>æøv#Å"'ÆÑ«øB¹L<C2B9>¯?´¯›+«”¬¯ë2Ï<32>JήÛ8XåžßUg½0üî¡M-Go6nÜYˆU5Ýen<65>G¦kv•RŒÝuj¼ë
*´rë®—Fƒ—Ÿiï~5z÷ÒkÑnì£>êh|滳µÿí±ça'ß½|K ûLik–ËÒˆ"-ÁÈR¦Q<'<0E>à¢G:f†¹ÒLãÄÅg.F?<3F>¸·.ठתš=<3D>ŠªwOQéŽ3ǹê6õºŠ\ýÃÝ•€âµóXvuRcÛR¡m.Sšý½æÞ³¿<yòãy'ÁªºqÍE>VB†SUñ±I‡Ùõ¸JUÁ(2R Ó [pqèÍèoþbih K'•ækÔ+¯ãÔ¿ŽžÿàúLhüÜ. õù«ÑÿÛ` )¯²”þ¨¤<7ibp!zçÖà‚/Ú¶¼òï€ÌËÜ<C38B>yaV<61>
ô6a3}ßÄ™œÎˆ9H3¹ŠjÀ§ KÙL<C399>ô˜äî…6_*ÍÓf 0»ÅÇ“ÅõMÑ?ßFsŸÌZ_£öDÄ9åÅôÇ¥•yIÑÞŽî(zÅç$¾rd¿J¨Npë°üþ¹.9¹«)ú¢7=¯X±wI“™†ážö¥ë³Q/™&òSÞ×è<C397>Ø\Ô]˜«!óZÕr>¤ñikb0_¨ï(t„Ö)bÐý$¦šÐw<C390><Ío+Ø}¥nU……à¹V¹\——ŽŸlïÎP…$1ýÿÈ#4”[^òEdÛÓQëŠ~ôÃêIÀ9ü` ðZ‡˜±å¬4:|8Ú%×U­2÷p£:qn£Z<C2A3>ÃÛŽŠ³  së®ðKHÞåè¼û†˜û|¾27ø|M#yù@Ã` áÄ£ÇÌ Û‰OÏ·eËŸ„HÞËÝ™c?9l_Ú^±igk¡²îaG7à ½þôæè•âòq`u
×ï>mÐö>=Ô;Û¥C‰µ[ÊPBÖ5³³ YÀ¢Ì,#[ŽŽæv®2«f@®ÍOOÏ×ʨ“X<E2809C>%e]¾ÊÿÌ-/¯Ì·í`ÿã éu/5PThÃÃ59yõ{p5Fß{«çÛ›åÑ¡Ò¦’Ì@ìšøûÑ Þzê·ÚŽÝ<1D>ŽÂX\e`¯&–ÿšµ˜‘J0—ɯ9Z<39>é&<1E>¥©WŒ<57>ºL&m.…¹›|HÂdê<1A>¯üö^n2dz/> íU[42!؃1>”†šHœ,J£3I²¨µñ-x%oT:.±7CîtðéêúÒ fåPC_…â²®ŠM<C5A0>úÖ‰ÿºËšW¦GŸÑg¨ëíýµö™-¿øôUq®—»Ý»·þ´<C3BE>VÕöQßPÕõ”5vTwWdizŸõ,}¾¾Z•8ZÒPœYìz²ÿÏΉ„»Í<03>j°—{¯Ã]K<>êbyÅ<07>Ý—Ué2¡H(2óç…ã{³¹ÂRU©e®[wž©ól®SdÖDO˯.UæÖ©Äø_4ä•Î‡}ß·D™†î2™¬¬·Á¿u+Urêã­¹e-ÅçÉÕ&†+­*Hžˆ¾Ìh ¦MîÖÃà4óØ™<C398>þ3»¬?ûÑõk|=Ë·è[€­!qºÅ¡\sdðˆÇ<CB86>jh÷_í߸ùÀ•<C380>Ã/ŽTeÕ<65>˜uwú©ª‡6Õdäd½/Èj÷xæüÇûkTµ]USYA•§]¯»ðÌûÿ<C3BB>chà$æ<]ws `µÎ/`eBÍ÷2é^übÖd™µ<E284A2>J 8^u܃qÌŽ<S„0T“™U·ÙSïû“]VëÎÓõuÔÊÓÓ4VêÕRüÙÒç =å2YyOƒÙi<C399>o¹kª.Hœ[ßbÊi=üßçOþô¨#G__TS!/Õ$í^oÎO,îN`f<>83¨Q0£õ¡Z(R<>1ô*{ó±Š\3™gÀ/À;2t 9Oÿ`¿Ýþô_Ï/>Ѳä¥uŽa[ÕV§5ÃZæû/ôÍ×_é|bÀx7uÓ‰ëûOüìygÓW=é1Ì
ÚJ»êHÌ`Ç ouäÌOìÙ\•ù^脉È<E280B0>+‡Î 0ëó/_.=;1üÍNÕ“{“³uù9EYÉ87úi¾Þ¬ðð+<2B>úÑMŸµd•XX‡-§¶B¥¬ÛnŸ:²T?5hò/&ÌnæEäB;Оx†ó3
E´<ïi@*êp"™È2%w#b&_YÌŠ¬FšO~a$ïõd£Û<C2A3>¦ªYŸªÈ“¤ëRäEJiùÈŸìJQ« Å©Jyj•þÎÈI¯±}þæ¿ýìØ<C3AC><Ëú\eYk±a³•½þóIczI¥M§±j2ï>ûøžK¯ôºþW¡­J}H¢¶ƒ‡©i*KI±E•ÆpYz6SÎ*RÒÄYuv§vó3 Æ4ÉsÙ 5«ïžq,ÖçŽLΤ¤°†Ú"um•)KZÓ=ÒxéšÜŒµ"“]¿¸Øß3æo®LQ7ÐO[¶4ªUMƒÖš‡Z4Zûv~½Á~)PA¾Ã.¯JOäðƒO<C692>Äþ@¯ÞÛè­éº&ƒÙ^!×ZÕ¥à W«ÏÎ/5+²c{CF¡£sKY×ÓÕ•œ<E280A2>z¹e´MS¹%Ô<14>ÕWæ“m¶ ÚÈ”—”+ÅÑ7Š‡tÆÒÚUÑsj,ª)«<>õÀï¹`'EþU,•Â}õ®±¥×š7>¢45i8[Y~~™<>Ó4™”3Y<33>qqÓòõ•Šì¥Á ºj.=<3D>«Öi«22Šª—ø¤›$öî¾; â8eNµ€SìÌÉJ¸öy-·µPq®Ã‚¬ü©'»‹/÷ÆçÎ^e¦Ôr«™b6êy
K-“å¢ä"g.l8¿ê<ªá<C2AA>ºû«<§JWŒUZƒ$7tÔµm>º³§3f'à$Cðum} *u_aµæÅ<C3A6>ã.ƒ.ø~]€}Åõõ¹‘ŧ…"ë¾ì€aÚÕ£œ-r<>E-Ä”É|ªì>§É(tº¶%rF-ŒÖ8·Ùõ²ß“@”<>УÏ×Ú{¶‘÷ª¢^þæ S÷®ºh O¼oøVý‡úöu)¿Ö‰¯Éwj;O?Ÿ¡ñ½üØ%áoòR¤"Û8T0ÿ—¾,Dýß<C3BD>¿wȉ%Xüø÷9—²²Ì½uu=f_÷V(¨èÍèÏ7ûðVáܶcœœŸª©™:˜üÓI«uòOÉÚRÂþùwÌvT<76>Z`m=ÐõØŽ©ãY8'`Âü&™øŒ3“ÌkÌùiø9MŽ¾º3;­ñoùfž/…ƒ<E280A6><16>mÝ°ä¥.ŽúzÉ]¡;úŸ~í±³¯¸¥,·õ臧N~p¤u°ÃdаGc‰£×®ÿègÖ]gü;ÏŒ™ã1d¤ÌTŽP ~`>Þ;{˜xô¨rµë³bñ:[,+kÝÖ4;}ð‰¤,]~QeQV*£ÐV´ k˨^ƒµ )pÎè0fõ÷l[o[¯(ªiw¶dGϬyI|.5À<EFBFBD>å°£yÕ<79>eU¬t±Cfå,\,+v:áŸÏ tu-J¶¶§¢jsyvN­·Ýµw¡)üò°÷à@±wjÛ ªÁ Ìišè³‡\ƺéó²"›Û\Ñ <4E>lÐ*tæ<u•É<E280A2>“ßìÚåè}¬§Xe±sŽöÝRÖĪ*MeùÙ ]þæþýCå`¯ì• ÚQùF·XåñË ÚвXÍrþ”VPÏ;Y©Õ9dqLu®?Ý2VØTø:FžK?+Î<>$«6?¾•:>^©n9´ÿ¡<C3BF>Ø]¼
îP³‘ÜâW'íš}Èü€<C3BC>‰>lH.lïÝVvîÏ¥ê* ƒ )ª7”o0ȳ-B|]^TQ<54>þ\U3·îê5üCC5».°4Õ²³£DßjLJ •JQàî+ˆß»² ù`C4È9ÿ~Ñü^Ì/q\Û1/ˆ¯zk6â{Ÿ2E!¶6búñš2!þiF<69>ÉT¡úGl0ui•Ká”Ç…ÒÂœ™ã™ÙµáÒ<C3A1> MuyE!¦¢Qý€II}SÄr“9ÓÞl%}N“¤ä£ÑèSuå<75>@ëºlV_pìbNe®š R *´ØŠ7Z,°AHë%…Gf
«cm<EFBFBD>w¬ü'Jü‡Œ’¡£)ÄÀ[Œ¦‘ÍÀ>òpœ uh2N =§E <N<4E>¿§“àêjœNFFô³8<C2B3>
±xåX`]œNÅاÓP.u Y!Û©×ã4|§Ñâ8M!1<>§id§â4ƒ
è±8-@Ùôþ8-™³qnºô¿Æé$T̬ÓÉhˆ©ŒÓ)¨IØ°Õ3ÿ§S©Éq: UŠÎµ§f§ÇGÇÂlEYy»!<1C>ð³ÎÉa#Û<1Áö®Ûëù§÷ø}ÆÎ`8ȺüÓã#-Á ßæàd0<;òïèøä(k`ï °Dâ¾æ€:4œdË<64>easÍpyµžHðùñëeÃÓ^Ÿ?à<>ÞÅGVõ¥9×0íþÐøè$Ûç÷ìÞ°—Ÿ ƒÙq¾ßÇî˜eW„}1á0ÇÂá©Z“éG1Žò“‡ƒÓ¨?lá iUw >œ…g|ãÁ¾10¹-8f]Á‘ð#Þi?ñab|Ø?9g&}þi6<æg]ÎMl×2&¼)&PÊÞƒ¥ÜÈ>X™o<žß1Þ° é<>dÕÍ.ÖéR³-Í.§«”Ýâìkïêïc·4÷ö6wö9.¶«—míê´;ûœ]<5D>Ðjc;Ùg§½”õ<E2809D>ƒ9Ó¬ÿÑ©i§ÙñÀÔÄ8<C384>Êå÷µ­ìH0æIhÊ?<>2>ÌNx'Gg¼£àÅ”:0"Ž@ü&}à`<ì óíÑàÿô$ ×lpfš<66>MÖð—\MÄ!4<=>Æàô¨©«mjEA4…fÑ4G£h  §vœ€@m€Þ ð'<27>ZNXíðnY8—&àÇ¢Þ•Q!¾å‡ÚºöÀÛ<>0: ……ŸŸŸcnAëC¡žäûgÁ˜þò¾qà<71>åAØ¿¿w€ç…€KfbÁ'#xfY5jœ·Û % ^ãçm˜F»€äµ=ƒ¯·þ«%í<N9bU´¼0Öï0o˯#Çp­<á±ðU: ï/kö­ÑŽk6ò
ƒL-ìï&ôÿ3Ô=ÏŒ`kdMÐöƒ¬)®9ÔƒGî›ýž†ðfÀ{ï A¹<41>ó±"ȆA AÚ¿‡ ¨‡¡=ÉgñshEâÍd7AÝÅÏ:¹Fó¦5J<>ó (çQý¿±ÌÇ×a>Ãv€Uá¸}1<>­†Uáâãîšda3o«·c P}¨¬î‡š´a½ô»ÚNäàÇv‡…5Ù\;?ÂÉÓ±¾6~åu¢A¨; ‡ÈÝ~°*†Î4ßz<14>™æ3!ÄÛ8Íû.A8UdÅøÿ(\YÀ(¸&&!~Ì0¿þˆ$‰¥—_3üšˆÅbŠ·0Àc™ˆH(ŽŸ/ÿï Y ÷úIžîáÇN®¬®YàÍð6ÌÄmŠ­ÖðÕû×C,&<>â÷1#oÛÔÄÇQè'ÈoB+ÿ<>sy´=èQów¥L”‡´H‡Šák¢F—!3ªBVˆôl€<70>¿M¿.Ô<>z æ.ÈŠÈ 7Ú¿}‰µ¼Œèÿ™%æ
endstream
endobj
31 0 obj
<< /Type /FontDescriptor
/FontName /c39c18+NotoSerif-Bold
/FontFile2 30 0 R
/FontBBox [-212 -250 1306 1058]
/Flags 6
/StemV 0
/ItalicAngle 0
/Ascent 1068
/Descent -292
/CapHeight 1462
/XHeight 1098
>>
endobj
32 0 obj
<< /Length 1278
/Filter [/FlateDecode]
>>
stream
xœe×ËnÛF†á½®BËtHs&Ã@n¼èu{stÔ’ + ß}ù½¤ikÀÆ/‰œy¾_Ã!}øôôÓÓùtß~»]ês¿ïÇéÜnýíòåVû¾ô—Óygì¾<C3AC>êýë+þÖ×|ݶ“Ÿßßîýõé<.û‡‡Ýá÷í÷ûí}ÿáÇv)ý‡Ýá×[ë·ÓùeÿáÏOÏÛëç/×ë_ýµŸïûãîñqßúØú9_ɯ}à´<C3A0>Omûütÿ¸<C3BF>óϼ_ûÞòÚLL½´þv͵ßòù¥ïŽÇLJ1wýÜþó9ç)eÔÏù6=n?<3F>[i(<28>JKiU:J§ÒSz•<7A>2¨Œ”Qe¢L*ÊEåJ¹ªÌ”Ye¡,*+eUÙ(ÊNÙUÊ-уÁkä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Ákä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÄå<>x£¼o”7âÝþj·ùº«üo—‰$‰JI•$$*I$ITH¨$$QI"I¢DD%‰$‰JI•$$*I$ITD¤$‰$III$$u>áMò&¼IÞ„7Éð&yÞ$oÂäMx“¼ o7áMò&¼IÞ„7Éð&y¼U†o•aÁ[5ñ·j¶oS orÁÛ4Û·sÞ®>,x»Â/x;³áíê÷31ÞÎÄx;ãí
¿âíJ¼âíJ¼â특âíâ¬x»¯x»¯x‡<78>+Þ!Êw¹âB®x‡b®x‡<78><>ïrÅ;àà2äÍkçÎœñJ¼Y³e¼Y†Œ7+|œÆx oSŠŒ7+[ÆךyÞ¢oVûòæµ -ã­Œ‹·é€"¯åþR¦W<C2A6>*Ó4Xq”êC™^Jú[(£à®^ƒ1»¢y]•¡Èk¹}¼YM-x e#<23><>ÊÙ_y+ë¡hÜŠ7k¶:û«/ âåæZå5«dUýµl¼uz5n¥¿[ç¾ÛeBø÷&Si|y»(ô%q& %+S%ñ*Aª¾ÛÊBijPUÃ6\¥h,ž(¶+L¥ºÝ,¥4G©5Þ<¥ô<C2A5>…ÂcD [˧©ñ¡*t [ jj¼aijü¼IµÙxʪw¹g¶FÉwžØ¶¥§Rô>¶Þís¡hâ>½:­O¯VRÇËí¾³P*#àÙi|e0¼Uýí,ì*o§¿Uáûì/ãÎþ*[§¿U<C2BF>ê,”¦Nö¹°•m€lšx°:š&\}M³<4D>¹»)üÒðL2„´\%CHËF7æÕ§‰ÇÊ»BŽLÉ…’)æjæ€Æ»J1:%¦H߯:=Së©ÿÛ³zýr»m<C2BB>éükÀó¹žÌOçþí¿‡ë媳ôû7±Ùð
endstream
endobj
33 0 obj
[259 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 559 600 600 600 600 600 600 600 600 559 600 600 600 600 600 600 600 600 600 667 767 652 621 600 600 400 600 600 653 952 600 600 638 600 707 600 652 600 600 600 600 600 600 600 600 600 600 600 600 599 648 526 648 570 407 560 666 352 600 636 352 985 666 612 645 600 522 487 404 666 600 600 645 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600]
endobj
34 0 obj
<< /Length1 11856
/Length 7440
/Filter [/FlateDecode]
>>
stream
<EFBFBD>z X[וÿ½ï= ±˜U,F =ñ,ƒb_HìfH˜`  ;Žíº±Çî¸nÜ$ã¸Y<žL¾DN= NûeÒoLúõËxüŸºí´õ8žiÿM'ΤI¾~ ˆ9÷ê q¦Óyâ½wî¹çžsî !ŒŠF‡œíÝúýqÇÂãÀuO¹fÞ>ó7b Œã‡÷øx_ÃØw¡¼’Ñ™±©~tü±÷!?æòΠ<20>ÚG<C39A><4D>ž¸žt¡Ø“ÉÓÆÝ®féÒûPw î¢q`ļË]Ý[ ¼e|Ê·÷™ˆF(¿ås“ža׎É~ÚW@¹kʵw†9Š<39>@=È ~Ú5åv<÷æ@Ó
Oñx}—Ò+SÒöûffÝ3÷ŸjÖ!á»é+ŽØ¢.LÙŠ”!rýèñÂOÈûWÒ,çÊïò°^ieˆ ÚÉŽ/_€>žXùÝÊî°^ªií•M9ÙèE~ˆ$´”Œú¡)é)eŽý> 5Hò¸Ä|eðÍþ ÅŸ0ˆ‰”0œ„cnƒfÔÐÞހ̈G×>ÈŽ3v^¬ãš%¯$€Bh”ƒ©·Ðܵàz%³á}<7D>Gpƒ{œû=š“\EmÜ"ÜKp_Cmj¸ˆTÜa4
õöc´Þ»¹F´ùsmH/# sé™Ñ•ß<E280A2>^EØ T*ÉA¥ÜY*«`ßBöI4À\EY «—þ1Ü9A}_(ŠAÔ¢€”nìåW¯Ä ½“HQ˜Ld„¯ŠDDepm¢I‰²FA\|<1)9es*R¤¥+UˆWghæÏþ ¯Ì;dÖ_ÒÎluØm=Ý]<5D>ímÛZ[š›ê­–ºÚsuUeEyYiIq ×ió²³25[„ µ*E½)2"\&•p,ƒQžU¨wòþL§ŸËµ¤,¸€áZÃpúy`Õ¯—ñóN*Ư—4ƒäèIsPÒ¼*‰cù
T¡Íã­ï×"ð‹¸¿ÓôqààýRz¥¹LZصZðÖ”q ïÇNÞê¯ß3¾`uZ@ßÅȈ:¡Î¡ÍC#"<22>ŒÊŸ-Ì\ÄÙU˜L¶µì"ƒdˆY?«±ºFü<1D>v«E¡V;´yMþhÁB«PUé—ÖùèJ~‚¸Žæ/æ½±ðÈb,ræF<C3A6>»ŸuAÛÖº°pÌ—ëÏ,þœ}¿I<C2BF>ž»ýyÅêÏ%Z[ºVí´Ü1‰ýM¬À/|† ;‡·Ös\"Gª‰ý ²à]X¨øúçkqåÐ<C3A5>ÀÇ
£¢f¬€0ê°C«Å•×Vøëqøc<C3B8>ã¸Lìl}W?¡s»ÝÏhêùqpà¯ZP—(ÔqŽ<71>×U#àLÕjÒñ‡Íh
þC<EFBFBD>ö`™GCŠ—YŸëð3NRóF¨&ÑFj…jV;ˆfK·}ÁÏišF+`ü°Ëhòi' …ë<>þ\¡âãøR½ƒÊòàUÓÈï—d,ÐjmÈÒd!¢?¾>T€<54≯x¾T5D<35>U°:Å¿=ã) €×æùsƒ¡ï±ûÍ Ì.1FÖ‹=´p9!D>¿^˜ñË…ÚÕx·¬ÝvÚDlæ—×ùa[ùõV ±Ì[Hnýo#y"yøÇ8D±Eè´_FÆ•÷.òŠïQ!rXˆâ¤:ÈÁLë}dÔ¯r*F`TŽòv…Úov€
‡`w;HRš9ï<39>kjê<6A>Ÿ©ë±·t -<2D>ýöÑé`QÇi¬ÔvEP ¤§_¦ñvFÁ:@0|=Bm<ýaܱÊ%i][ÁÛ±…¤Á ou[D9R^§TBR¯®1¤MJŠ §®Q¡v¨ƒ—6<E28094><36>j^4 -d$<00>¡*V³ðPCY÷*oÜCçýæ<1B>‡FDƒÆGŒkϺÒ°&¤†êP<C3AA>€é¯ÏU¬×ß@Ë«ÅÆ ÕM¡j~A&´t/储<10>çM~DÒÝ\§ 3É¡Þi9C3fá¢ÙL²…$¿ 4<>,Ýö
* ³ÍÅ>b+µàžZmL|µü`çE3~°»ß~Ö:þÁûË fꜵŽ[ Î~™‡u…rÂ%LRàI<C3A0>ŒÊ+.:Dk9Ê åáEŒ(Oâa4¼Èy±!<.È3S¹ J)ã€1ÌõV~„Äç>ÇøÓAr%"ð‡ýX¨t„ª˜Fù#w­?R¨%üj¯ò¥„<>“°6oßB¬Uø,E kf<6B>,G6d†§n''8/Á£䉙—W<E28094>mãà ™Ó:Vlþ|pÇ®à@Dz­cÇ,ãËøÐ2®©€üîÀ©Tk*´ŽC ¥xb¥hdÃQ Ie"ÁOž8xáT2„û6Ü,ø ¼0tn…î§K@o¶a_Æ¥oÔdAé=¸T ϧ(õ1<1òˆåp³`ðB2Wྠ7‡X¼4¦€ædx'™lB+*çMÜ}Kênââ¸ò¡ùÂ{1 <0A>ïa‰ù=\øÞ0^·ý»‘µ]Ǭí×ìŠê­77«½Šù¥CKŒù©ð¨úsOà˜'TO0áœÁ½gFÏì9âÇbyìÐc\$úàq:ö4Sqå4vžÆ·O¯œf̧1”øÓxÇ©—Nýé+§¸§ž:uãÔíS+§$¤Ì´Åsm *ÜYžbOƒ‡MÅ)¶Í +ª0nE%7^Ë+o˜<19>ØT¯rëÝŒaÄ<rn„uB“pÂ<>`Œ·IÀmÜ<>a²·YÖÜ—˜Roè5÷vô²Õ¶vÛÛ Ûm¤£çã†mlˆPå4`©¬§¶$c¢-ÇØb<C398>16ØAÙp²=s#†©Ž¹s;†õ ƒè%tqýCIXñÉ‹=ݹ¹-a+°‡ul÷ãýšnò4wöû¥ú‘­»ý"Æ<>:8~Õ¦·ø ºí~gº£Å?„™‡€ˆM¿˜„j×—K/ìÝáÍÝå\ä q¼¹^¤}x}s ï››ôâAï #x`<60>GP4õÀáìyÚ 7—Èçs^òî\Âòæ¦ ©% à8±ÌI^‘¼»~—Ê5#9:<3A>Ð
9ɬyä<>ÿÃ^ùë¯ÐöýýêE¿§t/Es襗Ñuø솹® ÿD?¦õÓ蜹à±0Zçà³öº®¡±U]»Ñ³_c~tý?ºÊÞ<z‡óær`+S¨Ä Ðqj-‰©<03>pØܨ
øÚ]¥Ïk*^ƒ1ÿ –èj×[0‡e€¶4Ü ”7ƒúPÇ¥¯£§Ñ´ õ 
S#yeéÛ(qå6z=<3D>En:,RWÑ6R? ÈÕ‡î!/©<ðÚ‰¸Ï%ˆ32©\š(ý'éÏ™Œ'Lf<>,xy<E280B9><79>“;†ù[°•»ÁÝbLLó<³¸²{eHò[ɧ JŸ2äDGÑ·Ñ%ô)ÎÀûðx‰)dFA2À6²çØ%®„;ÉýD.Y”FH¥J_ Ë » uÉž—ý2œ?þ~øûÑ<ˆb‡ldÉ7 Æ8uœF§e —õÌôò_I^ù¢yˆûæÁ¹ÀÌš»à¥INÔ1Œ©0¾
'F³¸9Á|`âø;Ëʾs|â€9<E282AC>yhßG×.™KÎ]ÇêË—±ê×O• ˜¿ÿÓ<C3BF>ÈQ³tuˆº
uLIÉÄ'Ê™hfªbñþ„šû@×ýåå÷ƒ®ûj¨®Ÿ~ß<PòÔ¯7/_ܸ~®dÐ|éÕUx ‡ù?!<21> ØT¨ãL…EÆ<>oé<8àLÊÈÌHÚVÊ—ämî­Ù7Þ­èå*äŠDyZŽª¼*YKr##¾É4ÂyÎÀ &u¢IÄ7œ¦:¸ò > v*.¬bˆòD°'d蘃rA¯HÕ ‰‰‚>U¡ä²M|t4oÊÎ*"ï"‚óÀÊ-.]òhŸE„ÎBS”áx  j,¨Ž´F3\zùÞKó÷¿2WR2÷êÁ½ßß[¾,O«kn­V(ªÝÍ-cæ4æúßþðöääÛ8ùùç±üÍ<C3BC> |ðwgn?××÷Üí3g>zÖf{ö£ ÿÇ ÎW%¯#DÙDíÄE³BF& ^<5E><>q`¼'¾õ<C2BE>P©UdÕ+•Ú2UuC·ñäT]¥0Ò¡*3p…†¶Ue¾,YcÒìü2×P¦Šè%}_ù=»}ÛJ¾yÐÄ'Í:è Å Cl£¹ £¨XÉ&T±Å&HHÁ*þ×矎H*oÙ^ä8½«¼b÷3cã/jP”:öŸîóÖ¥e&Gç”·-è6룙ìzWùÔ½Ê
G?6àBEAVráø“ãžË´t\,]Úõî+g<•ª3ŸY(ã˵©LVh+Ôܱ¼¿âõ¿ïÙÛ*P,æ Ï¿z(„â(¢ž(F¡X‰ÅðŠ1b¥†šÌÍ¥Ûë|O<>ê ãßÛÝâµ×¥Æ%™&ÏÏ~÷ý¿îèyîsÉO„ªž|µI#7 ¶èmÏÜ~ü¡ß<ÓŸn¨ÎˆÌTeuÖæB°þö<–¿=MÇ_B©HÊ µp)›ÔAL±PŒ“ ôœÿâo<6F>§
•ºT…®2#•ñžýÓßõ/ö½º¯ò<C2AF>¼Ä\¿ø¯£coi•á½®×/]ï>÷‡38×~™B0»œì«qêDµ˜l'Y)|ˆWh«2,ËGR3*u
j˜“EìŒàR´ƒ¤cÙ?ØF¢7<­XË~N ·“„
Ù;öÔwòO´Hq<48>S2m£=#Y—Êô(ˆ1üm]ÍÖdN¾+:ة߈v”ÅÚ/¿¥6Õª¿h aÉ=6døŠ1΀`°£lh¬åâ¶5XV~ý¾ÊÒoü¿3‡IÙrkêžoöde´Î÷=¼ÐrÏÙío œ×§…÷2<C3B7>gõ=äê=Ø“ƒVcÚ
~èP9Œ%s$ý³°pw”yŽ¸¦¹ãç)ª‘¦;÷÷V
<EFBFBD>ž'¾(_¸=èŠÀœ©w²(ðÐÉþ½<C3BE>*êâ]]½ÑÙ<C391>eøÝ@?ulm,Þz»kE¼>»coG—·I 1Q­Üœ?Mà/ž"š<>6²£æ·óo<PôbT¥U·hq¶åy åÕü¡Üèyé« P—n:´m1ØæêYýîµÑgvW×#9Ü ŠFÕd<$*qX4@ŒÃ|š|CPf ¡Ù¦¨šLý ÖvÚªÜ ™GúæU*oʉ¶9ÊÜG[ÔG+ó3¤<33>ø8¾¢q»Ù2g3¼ÿÁóQÙ-8ǹ#»ygÍy)'T0§Ô]†²S³>IÓslhùÃÜŒè^ncazVçþžgΆI÷ßS§5àï<¬eZTCü ®YB؆ÇÉ¥°Ô«Xº*­™hˆÇÜ|ñÎ'ÝåÎmåI˜!@Æây8X2²ä²Vg…ûÉ<C3BB>Å<EFBFBD>òŽ]f…¢fW§eGeZZ¥Éúö/©K5ÔfŸ NÑÍÁq÷ °}«Á¨o5¥×=ü3¬6M>ëÙõìLiéÌs“SÏLAìw¯ÜbÏÎ9bìW×<34>©À/'BÆ2úÂ}Vëþ¿q™Žš¶ÇfÕï°lùÖs;bäy}ß<>W?xí±g¯-Ù\Ønj(3ôÖhò&_yè—?먎ÊNêK_°Ë½Eñª&+öƽH6ffép%ÁÃkEðŠ"àÄžK%—)*
XŲ Gëñ| §cW À5ÙYç¬LÛs“b³¨o¡¨œ
!W<>—Ù<>Ö}±=ˆ”§¬læ¹]¿üEÐ_ö&à$#Há i˜a‰¯±ñÄÕt¬V²kV Æ8»?ÿ<¥Ð¦ñ\ÜWsë—Ãg§Ë—{™œm3M¦íÍ¥ñÑóú<C3B3>±_~¹ó¨³ðË¥“WÀ*œQµÿÕùÁ™ï<E284A2>ç§dÓ¤™©ª†Šl2oú}Dšƒò­ÕyC0Mk7!"6àKp"72þåc
F?øAÁàÑžŽé:åfm¥f“ª0+¯|K Vn<>é¼78üXäxÄ™Ÿ˜Yȧå¦Ç¨ÊuiuC5ó®eDæZpérÎÄ=»ÚI´OÌtjV¶ºT2YÑl" éê×bKã+Žƒ5c — Š„àx7f^δ)5'M“š˜ºU.huÛ¾'J©L•É·(b2ôŠ÷ujjŽ¾ûðÏ~ºµaÀ˜˜ÍËÍõyVýfƒó¤KÓX™“]Pž¡Ò*cÎ¥TŒ¶MŸèÉP˜ÚŒ?Îí¬Î¼·o¸Àš—Ð32lãTIYéqQ)‰¢6åÎÙ[š0fqDŠ23y³2N¢ëÜ]kt¸èìñŠ~svx¸rkºÒ±5¾ºÓit<2T<>²)6K<36>—žõeŠ¶­×Ôn/ÒW
Ñ1[[Yç}Ê*WÝÂ7<C382>÷a°Þr¿}üšx®Ÿ$ŠÖÍoq¡Ä¶uùß6ÎWûŽ ÁÜödŠ©·Ê|O¥ˆñ Í
Ui•©Êô×ô®3<13>ˆ2ÿX7Þ¨Ñ÷ío t<>#¸~Á¾ˆ™SPìv×{(®_ öÀÍ¡¥IŠ§If)_;ÏoÝœ²U•<55> Úš²y+OW#æ!ð%¢wé©à".1o1(£¢”†-ðÞ´I 7Cþ+ˆŸûI°£„Ý ]¶×!µÑ:>[1yÚ¡Ž)î-WQ'þ*^•KlÓw<×üåù…W§t.Mß·&Ù}ÔÜúÛÁf…qÒ¾MÏM!ôS1ݧ.ÿ`-È_\ vŒè*E(¬掾»Ä:Y\ Bï»Çû. à\þ7…P¶5™†×("Tm6CAÿ¶Ê„8Uc§ÃÐv_¯NÌ…dcW¹¹¯(yM±n{IÊšÔ`R(Η6åÀ,Þ`$ï¯äG~ÏtU z £h`oíjÂÐ~rC?Kþ‡~þ݉ !*Å-Š¾¡ÝßyСO§ÃO<>|®ßQ¶ùkœþŠ³ë| ®7Zð-v…ÇÒt§î¯œ¸´ŸÝòø÷×üñ#ò\ŽPÖíÚ¶mgmº²¾•LVàFàÿ×?úó“0a§X<C2A7>_;9ûâ\EÅܳ³/xËʼ/{
˜'çÁ^j&ëÅú…þÎþ )Yɦã»îCˆ1—6,öøðê6AÆ0.
Úš !<15>&ÞÙ-°¿Ú¸îZCžI—<49>³%]ö¦¶8<C2B6>îÁÊ ÜN
êeqÓ@âj<C3A2>‰ÿ<ôÖž|7'“‚«ÌÖÑœ`æÔòEé<45>gEÈ·Vö[f¦u<>…†ŠÌ
­*AFêJ׆ò'ºÎJ¡­<C2A1>/ÊJ´µä6 ¸œY<C593>× ÎÎl-7@vX«{•5¨fÝYXèö%3t<33>Œ‰ƒøÅmìE6>©ÐVUÜSªL.jnŸkÍ,}´¯i¦5s[ƒm{!lödK§¯eKÙÎÓrEqgQN1¿©h°!GoÍÉ,6ðBM««®~²)Si´fÔ<E28093>ͦäUlÉ*5hÓ2jÛ†Ì{;Éo²Vn1OKêÉY[;¨DqsË6”ªp±1®ÓIŒJSÅoÚš_”Ò6Ó(<©qd¹±ƒ8*ð©Í.“öK£Â%êæ}væ….¥<>9Ѿ4·Ü61úõ<C3BA>Ó¿åšéž`ãjí|µ.b\1<>0c´ô tÞß« ÆÈ“˜ß]eqU+ÚJæïôìp¾¬1'F7tf@C´\IF—¡o_3>o(§'!é‚/d·ž d!/pqù&sõÈÎ>XÇŠ,8ø'%…ÙâöÊ»QŠ¹Dž­•EÖY£ñ+©Ê<AøÓ³ŸjÿþtàÓ¨ÔŒ<¥¡¨¬Š”:#b%RI\rê¦kœeù{[wsªñô0nN-<2D>3z{£„*ãÒ ÌÕcKØc°
Á|¼¥ Î<>¸ ±÷µ¦¦ZÛ»4Ì.ê?ln¸ï€ÿäw0k}f1=·±IrLOŽ àöêp-Ç:|çT$ORa-_­—â7â•ùúÕ¿b­¶3S±|;b¿4^™òЉpylD™UHIДÀ±ž ´6<C2B4>I]jÄæäc;“ÓØEM2 È´ÂœÀï»*ò{{-‘ɪ<~ñ<>(>CˆÒ¡wJc&nÃNS ðâ’¢søÅï
UÁxT²^|œ~»L÷hþû0 ÷u_ˆ¡t<´úÃ=
ýH„`¦i…Áì¤Y”ŽÌ"Í<>Ì="-AQhL¤¥(yE: e #"-C‰è9GrôšHGÀúŸE:ÆÓÒê¯Z”X!Òp ù<10>R™o'˜#3Ç sV¤13K"Í h6V¤YTÆ*EšCrÖ.Ò”ÂNŠt²°!<21>2´•}G¤ÃQ6û‰HG .U¤#Q·G¤£PwI¤71ßá>éhTv´Î33?;16îã ù|ƒÇ36é榇u|Íä$ßEª¼|—ÛëžÝãѵy|¾Û=;1ÚåtÍnóL{|ó3ÐdÊ561=Ækù;2w¨^÷¬wÂ3Íçë EEC¥Cù¹¤òŽÔ„—wñ¾Y׈{Ê5»÷Œ®uå+FÖ1-nïÄØ4ßãvMY\>?>1íWE¾{„šçW…GÂ>Ö<>û|3ezý½÷Þ«£ÆtÞ)ý˜Û§a<>~Mõ”Øœ
x}s#žžqp¹Þ3íã»=£¾{]³n҇ɉa÷´lÎM<C38E>¸gy߸ïnjåÛgÜÓAáÖ @|we#^ßìÄÐô†I×4ŸQÓÍ7ugðµ5ÝMÝy|_SOc»­‡ï«éêªiëi²vóí]|]{›¥©§©½ Jõ|Mƒoij³äñî pg<77>™u{½¼gŸ˜š™œ Pu»Ý_ï+?ê öÄ;ãž<18>æ']Ócs®1èÅŒ{vjÂK:ñ›<1E>þOMø\>ZóìqÏN“pÍ{æfù9Ðaõ}¥«¡8x‡g'f|^<5E>wbRç™Ó·×·¢:äA3hÍ¢ ¿ãȇxT€ °êÕµàO"7”šÐ4†±ÊÃ= u­¶òÒÞnеž# Ù­}pó¨ò'Ð(•CsÐÞœmP;M¥æÁ<C3A6> •)¨ÙixòH ÷ÝôÜ<C3B4>×K)/ÐD+½ÐA_ŠÖÈNPO]pû@Ò^º©½Y´ xÐñu½þóž~½¤…"C°"^õ@Ém-ðôQ_Æ©ŸˆÚzyÂãÑèâï¢yd<79>fŸ¨YGcâ™2˜Åõè^úÑ<C3BA>Ô<EFBFBD>žéÀWÈê¡ìY½¨ÙÔÝ[Om°~Gƒxsà Á½‡ö† \Oå}4BYh!H»Wã0 ïa(OÓ¼!ýœz„FôfœÊv²­ðn§V§×in]§!8wË<77>|Šê_âÙ}ûh^ <0A>W>Ñ¿ N}fÀ8è¦qïšGµ´LJÄ<4A>> z`ÇÑŽlð&åÈý.x¶A¹ YiÛvàð0
Û<EFBFBD>k¡-š(¬«§c­ 9àÝ5D†èvƒWAtfii/ 3K3ÁK}œ¥ý˜.A8”Udœ¸ÿO¸ò€g]L¼´Í0uD§ãyšŽlÍ(âç õpŠbŠˆWÄoDŒÿí  wêIžî¡m§WG×<ðæ¨s¢OÁÑêû_DuãxðÇ$²3tæÒQß&áMú8õùÖÐo•WFÉÿOïreÓýùÁl ìxâà4(Gi(ÐaD&8+[ Îõ0£4ÖÍÃVÃí¨uBÜ»!3z!/쨽67=a0ÔÄ]— 1++ˆýoÚAF
endstream
endobj
35 0 obj
<< /Type /FontDescriptor
/FontName /6b92b1+NotoSerif
/FontFile2 34 0 R
/FontBBox [-212 -250 1246 1047]
/Flags 6
/StemV 0
/ItalicAngle 0
/Ascent 1068
/Descent -292
/CapHeight 1462
/XHeight 1098
>>
endobj
36 0 obj
<< /Length 1278
/Filter [/FlateDecode]
>>
stream
xœe×ËnÛF†á½®BËtHs&Ã@n¼èu{stÔ’ + ß}ù½¤ikÀÆ/‰œy¾_Ã!}øôôÓÓùtß~»]ês¿ïÇéÜnýíòåVû¾ô—Óygì¾<C3AC>êýë+þÖ×|ݶ“Ÿßßîýõé<.û‡‡Ýá÷í÷ûí}ÿáÇv)ý‡Ýá×[ë·ÓùeÿáÏOÏÛëç/×ë_ýµŸïûãîñqßúØú9_ɯ}à´<C3A0>Omûütÿ¸<C3BF>óϼ_ûÞòÚLL½´þv͵ßòù¥ïŽÇLJ1wýÜþó9ç)eÔÏù6=n?<3F>[i(<28>JKiU:J§ÒSz•<7A>2¨Œ”Qe¢L*ÊEåJ¹ªÌ”Ye¡,*+eUÙ(ÊNÙUÊ-уÁkä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Ákä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÄå<>x£¼o”7âÝþj·ùº«üo—‰$‰JI•$$*I$ITH¨$$QI"I¢DD%‰$‰JI•$$*I$ITD¤$‰$III$$u>áMò&¼IÞ„7Éð&yÞ$oÂäMx“¼ o7áMò&¼IÞ„7Éð&y¼U†o•aÁ[5ñ·j¶oS orÁÛ4Û·sÞ®>,x»Â/x;³áíê÷31ÞÎÄx;ãí
¿âíJ¼âíJ¼â특âíâ¬x»¯x»¯x‡<78>+Þ!Êw¹âB®x‡b®x‡<78><>ïrÅ;àà2äÍkçÎœñJ¼Y³e¼Y†Œ7+|œÆx oSŠŒ7+[ÆךyÞ¢oVûòæµ -ã­Œ‹·é€"¯åþR¦W<C2A6>*Ó4Xq”êC™^Jú[(£à®^ƒ1»¢y]•¡Èk¹}¼YM-x e#<23><>ÊÙ_y+ë¡hÜŠ7k¶:û«/ âåæZå5«dUýµl¼uz5n¥¿[ç¾ÛeBø÷&Si|y»(ô%q& %+S%ñ*Aª¾ÛÊBijPUÃ6\¥h,ž(¶+L¥ºÝ,¥4G©5Þ<¥ô<C2A5>…ÂcD [˧©ñ¡*t [ jj¼aijü¼IµÙxʪw¹g¶FÉwžØ¶¥§Rô>¶Þís¡hâ>½:­O¯VRÇËí¾³P*#àÙi|e0¼Uýí,ì*o§¿Uáûì/ãÎþ*[§¿U<C2BF>ê,”¦Nö¹°•m€lšx°:š&\}M³<4D>¹»)üÒðL2„´\%CHËF7æÕ§‰ÇÊ»BŽLÉ…’)æjæ€Æ»J1:%¦H߯:=Së©ÿÛ³zýr»m<C2BB>éükÀó¹žÌOçþí¿‡ë媳ôû7±Ùð
endstream
endobj
37 0 obj
[259 500 500 500 500 500 500 500 346 346 500 500 250 310 250 500 559 559 500 500 500 500 500 500 500 559 500 500 500 500 500 500 500 500 500 613 727 500 589 500 500 500 500 500 623 500 500 500 604 500 655 500 500 716 500 500 500 500 500 500 500 500 500 500 500 562 613 492 613 535 369 538 634 319 299 500 310 944 645 577 613 500 471 451 352 634 500 861 578 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 259 500 500 500 500 500 500 500 500 500 500 250 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500 500]
endobj
38 0 obj
<< /Length1 5192
/Length 3486
/Filter [/FlateDecode]
>>
stream
xœµX{p[Õ™ÿΕ-Ù‰c[ò•íDŽr¥kKN,É×z:ñ#~ÈOá²ìHvˆ£H²¤`IŽ,çAmÙ&J㥙63ü±]º4åÑKÂt²e)-S&¥ ÛmÓ(3°Ãdví°…RXËû<C38B>«k“aËìþ³rÎ=ßù¿ïq¾s•p(ààÄT«Ýõ<C39D> äÎDRá¥ÜÊÀ)Ɖ<MähŽcv”N”¾<E2809D>òŠ…¥xªê¹Ö'苇——ÖÖ Ø”—ÅO,¤~¸ lP=œˆ…£Êo<ýÊþ‡;<3B> e þˆØ<CB86>¸nL¤rÇÛToâúE\ç3ðVQ‡t)ÕïL…<4C>/8€rô\:œŠÅŸî.€-WÑGËRf9Çü\ñ €šwQ¾)[?haÑ^ĵ h®¤š»O?<_Õù!lV¼‡¸~¡¤óJóAЯm#7­4~` øC»GáE˜%•žÜ<C5BE><C39C>nÿm—8Ûa$$´$8já3EBþD†Rå™Àõ×3yÚSVÎl.-g˜ü÷9dká8èN)ö¯å`¶ÄAz¸ )Y<03>
ÇNI×ptâð㘔é^yxäá“ùIy¦zzƒ8ì²<-ó{e<1E>}REŠ‰U ©ü|ÄÿóG¤Ð6GI)(UeEAùÿn+ý6ÁæŠ-•UP­Ö@ «­…ºú­°<C2AD>JtÐðÄøý‰`¡Æ'îš Š£GC"ð{ëEeK°+$ñN…¸ßˆ¤ÆVo‰…{C¬h±ŠŒÅçð!ƒUTXõœØ34ˆ=!«Xb¡¦ÞpOð-ݯB:Ô ®êþÒñ±´%( IPñJ-[öÏZE¥åY#9ƒÞ¹3û÷ëD@•åÙF‰Õ³Á*³hÔÜîV«XnáNQ'?GNT4<54>ðœXba2˜<32>åÃ%ÚuCH——VþâŠ:ÜTŒ®ZWm@ÄÍî×R:®UTµì?¹è¡"ÕÛB=£k.Ï åÃ|žËó’;ž‚‹=¨‰ùQ†Ø£ ´©”<uݨ7<74><<01>F0ši96ƒ¤Veá¹²sž ú¦tyLh„Ïó\~$χ©AÑ„NV±šnƒãVÓ(¡ù\y:ñáÃoÏ„šÖX0‰ü×hÙF£|^%r“ÁNÝ(a-W ‡ôôõßÕjˆ€t¥ÊÓAzõùC=ߧÉð}Xùð2žíþHßeÂœD."n<>5¬ûÒZDäb]ðbÅ>»JÖÉyð‰e“Ág y0ôì Ý ±<1B>õ#q_h;Vm0$²-káÉ+cÞsÍYüóÃÜ yx^‡[ÄH&IŽ\$/Œ†if¼Ì~æ ó8ós“ùD±Kq‡â âQÅ+x| xŽw1ñ«jƒÚìPóRþÞ/~Á\\]00Azà[{\Á;hÁŒ6j=Ѳ*-ï2™]µujq9Ý—C[[§5™•ZvQ¸]N3ñµ W‡m.{[»0nkn:¹pWyÙÂó•Â§Û§÷>¯ˆ.Û6i¨$ìöÉî™Ñd™z”eGfõŠÂåñyo3;É<¹ÎüŸh@Tu*³Êì1{êÌ•‡\ÿÁ±Ñ©Àȱ'«<>«}Œqîuç;î{ û|O?íCÛ$Qsd„Þ¢j\mK£ìï§9¸†—¸@e4ôk_¾pAʵsí#r•yª vhìz†­dŒ6ÆÙMjj˜ªÆÄ1Ïë½öúz»·8ÕmëooWÞxyÛÞövæÝÆÀ7ÿå<C3A5>Æâ´úÆ¡³OMx>%ÓÓgŸüûñ2…»ˆ•Çº«\Ö˜'èg¾FbãÉUêL¢ÎãÀ£uh .<2E>ËÉU.·Ã®e•O¬žúË<C3BA><C38B>™ÉÙïe½ vhÍ?<3F>Ü3j½5Ó<žAÛ:Ü3¨3âFaìM.§ÃNw°(h(p9M¿ër;]C}eŒ«70sÍ;n¶ÏY<`?ܶ‰Þ=g?úÕÛ¹ÿoŸ[ˆM=“ õÓ‹~.1ìB=@S¾Â$Z«Uñ²¹4t`.ñ¡¡q÷¸ß?žòöÝÑålmdõûÆŸÛÚ»ÓЯÍõvtµ¹«¤ˆMŸºØl8ZÉMµÃ^G.NV±cãÞÝ®öŽÅ•w¼N:ªˆÇ‰†Þ­œ%ø€Á=RŒ·ðÙ„HMv<4D>¡ÉŒ]k¯s9ÔŽ”´66µÙûÈ¡°­Õ?t`!î¬"iÃk™ðëçïgÿ¸jÒŸ†u¬+êqWôDGí”reUMç¹<C2B9>½<EFBFBD>¾Ñ¾ßE£s!¦ðæoóíž[‡‚©<ÿÉó*¶û‰Qš#>{1¶wid5.‡K
I•d;qhy5¯öï·YšL¼nó£<C3B3>úÉ<C3BA>ºç}ú·T»ûš» £äGÅýÞ†û­5>?¡Îewwõ°êÔ¬RÁ:Šy+O%ŽY…Ÿ%ÓSÃßûÒö¦Æ¦¾þ=ñ` kÜÚîyˆüå§;ȬjNÂMb|ÌÇøžSNO>äòày!<03>S¶ú1¹Þ}üøñ<C3B8>FQw=­Ôt¨Y†¢@ƒ<>Îü¾ðÁìA6Ñ@žé.T|Òf^–Ìä>÷g=ã5¼Óv¨=äÕé÷¿Ê”}RøàÖ-æV¡ë-I;<3B>ÜÀ\uôìH<C3AC>†q­Ï4ai/Ô䌶ÁÀŽÓËäîñöí;Ý£ò°Y§.ì]ŸþƒßºÕ5VX*Æ1ˆZCl„ 2ð·ýÃwñO:zÚŒäýæpáÛ$ÑѪ+ÖÞŽ=ñÚ©¨¥Æ^[­4šª5v·ÓdT²ßº‰\<5C>äOºÝ'ÝŒætá_OŸ&úÂß;7;ûÚúÖÉOж´¸o²W·Îì¡g]<5D>ýþ˜ß7ˆëk_šô÷Ìëúû|è4ûÉk…ó;¤ØÓÒ½‚ÆD[,yüÄÝþMïŽÂ8yÛ.×Zº/hè½<C3A8>ÐCP§'7WñÞf2ïæ´ Iy¼ÙŽÌ†&úº<»:æFçBc#ãä7㜩ªaøë>}?ßÜb¶¨· íñ³½uò™½Ä\¦ÙÔÐþ½íÀÒ†p9þ|ù²^hm±¹}Ñ(¾ÍvÞÞcÚÒ¿©wšìê~AŠCÅzÑ\<ŽW8>eý¢fÉK«3e ß<E28099>&ô¥Õã<C395>ak;ˆ]u§©…¸ôO‰RåϬ͆nûØÈ@‹Õ岶 ŒŒÙ» ͤ“a½]ç‡M }<1D>}&†Ü¦áó]Þ¢ú¹RôCld¼váþ™Ciû«Ž¬¤ó±ÔS=1m|^aýSƒàˆ¬I³L+<2B>Û*Ó%¨s§L—âéÛ'ÓJ¼ÿÇdz3¾^Ÿ”é-ðk|öéjPâ×aVƒŠ¤™”Ð÷x/YiäšL3PI^iêü³L—@S'Ó¥ÐÀð2½œÌ^™Þ‚=º,ÓÕPQ²®¯†Ê¢¾cûqILS<4C>“iªóçþÌÒ‰l2žÈ5Gvrv¡m7‡_Sƒã<>)nÒ?1:ÐÀu[*í<>ÅWÃÙÁL:7˜ÉÆcœÝ&p{¸¢ »Ãê´Rû"g&]NfÒ\Mp;ÂaO{8º»%µ´¸²ŒBk¶Èåö´¶Jlë"/Û2ËÑ´íðR \æ(‡£s6ã3 ¹cálÌÆM§“©d.åbÙTrYòƒjñl8M¹¹ ·²³pÌÌÂ…ÓQ.š\Îe“‡Vr1.™³pǹ—ÉJsf%Ç¥2ÑäB2Î!<21>!7EëT*<>$Ë‹'¨r:“¾<E2809C>Ã#SR¡¸©T3#Þ/gì<67>µÛ7ž˜pûzýþÞñ@ÈV,œ8ôC_1O@qH@0;ñ5×´Án¤Æ ¯ƒ0ã€)¤'ñ%gFaí²¼ Rx«òcSÆa˜ƒˆžFL:g“pmˆÌÁž ä¢ecXÁ‰cÝÿí:3ˆ<33>…eŒ5#Y´IXn´ K±ç0—=xtZQ{ cXA]+,ÈQ,£v¯Q\Ùà0jÐ*‰nC‡ÛXgÑ<17>w% (9&eCK¦Qw5S8rÈ"oIŠ-%Ùa°„_ÔÍ¡”“¢<C2A2>©ˆ¼ ”¦zT'*Ùæ¤<C3A6>9„º9)ê<>j“¨R´²Ÿ­3&‡qd$„ÄÌɘ¬“,©ïþÑU%aÌlcYGNKv_¤E«€aúb½G8y]ì“\y±W¼È1B¯$¡r#Îû<C38E>¢öXÓ€´îE?^)NñoßÿìíÝ%L iá·Â%á?…W„ ÿµVvÿû+mÂáµrá'ÈyEø{áûÂw…¸¡O8+ü<>p.¶;T.¤ãåG ÂÝßú®ðrg"Ü+ÌO&SG¿*öï\iF>!",_ˆ„y·<10>øä¬ê̪@î<ÿÈØâžÃ8¨?†!¤È<C2A4>ˆ­|'J¦…9Dñ
óÂAYƒùâœÖÿëÖ¾ö¿úŸÛ¥çƒ
ï¥Õx߬Á·s-~½y±ôCÒ6ŒÂ?Ž¥¿Ë8…e<E280A6>Á¢†à¤Oœµ5`þ}JOÎ
endstream
endobj
39 0 obj
<< /Type /FontDescriptor
/FontName /a78ad9+mplus1mn-regular
/FontFile2 38 0 R
/FontBBox [0 -270 1000 1025]
/Flags 4
/StemV 0
/ItalicAngle 0
/Ascent 860
/Descent -140
/CapHeight 860
/XHeight 0
>>
endobj
40 0 obj
<< /Length 1278
/Filter [/FlateDecode]
>>
stream
xœe×ËnÛF†á½®BËtHs&Ã@n¼èu{stÔ’ + ß}ù½¤ikÀÆ/‰œy¾_Ã!}øôôÓÓùtß~»]ês¿ïÇéÜnýíòåVû¾ô—Óygì¾<C3AC>êýë+þÖ×|ݶ“Ÿßßîýõé<.û‡‡Ýá÷í÷ûí}ÿáÇv)ý‡Ýá×[ë·ÓùeÿáÏOÏÛëç/×ë_ýµŸïûãîñqßúØú9_ɯ}à´<C3A0>Omûütÿ¸<C3BF>óϼ_ûÞòÚLL½´þv͵ßòù¥ïŽÇLJ1wýÜþó9ç)eÔÏù6=n?<3F>[i(<28>JKiU:J§ÒSz•<7A>2¨Œ”Qe¢L*ÊEåJ¹ªÌ”Ye¡,*+eUÙ(ÊNÙUÊ-уÁkä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Ákä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÄå<>x£¼o”7âÝþj·ùº«üo—‰$‰JI•$$*I$ITH¨$$QI"I¢DD%‰$‰JI•$$*I$ITD¤$‰$III$$u>áMò&¼IÞ„7Éð&yÞ$oÂäMx“¼ o7áMò&¼IÞ„7Éð&y¼U†o•aÁ[5ñ·j¶oS orÁÛ4Û·sÞ®>,x»Â/x;³áíê÷31ÞÎÄx;ãí
¿âíJ¼âíJ¼â특âíâ¬x»¯x»¯x‡<78>+Þ!Êw¹âB®x‡b®x‡<78><>ïrÅ;àà2äÍkçÎœñJ¼Y³e¼Y†Œ7+|œÆx oSŠŒ7+[ÆךyÞ¢oVûòæµ -ã­Œ‹·é€"¯åþR¦W<C2A6>*Ó4Xq”êC™^Jú[(£à®^ƒ1»¢y]•¡Èk¹}¼YM-x e#<23><>ÊÙ_y+ë¡hÜŠ7k¶:û«/ âåæZå5«dUýµl¼uz5n¥¿[ç¾ÛeBø÷&Si|y»(ô%q& %+S%ñ*Aª¾ÛÊBijPUÃ6\¥h,ž(¶+L¥ºÝ,¥4G©5Þ<¥ô<C2A5>…ÂcD [˧©ñ¡*t [ jj¼aijü¼IµÙxʪw¹g¶FÉwžØ¶¥§Rô>¶Þís¡hâ>½:­O¯VRÇËí¾³P*#àÙi|e0¼Uýí,ì*o§¿Uáûì/ãÎþ*[§¿U<C2BF>ê,”¦Nö¹°•m€lšx°:š&\}M³<4D>¹»)üÒðL2„´\%CHËF7æÕ§‰ÇÊ»BŽLÉ…’)æjæ€Æ»J1:%¦H߯:=Së©ÿÛ³zýr»m<C2BB>éükÀó¹žÌOçþí¿‡ë媳ôû7±Ùð
endstream
endobj
41 0 obj
[500 364 364 364 500 364 364 364 364 364 500 364 364 500 500 364 500 500 500 364 364 364 364 364 364 500 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 500 364 500 500 500 500 500 364 500 500 500 364 500 500 500 500 364 500 500 500 364 500 364 364 364 364 500 364 500 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364 364]
endobj
42 0 obj
<< /Length1 7300
/Length 4250
/Filter [/FlateDecode]
>>
stream
xœµ9kpSWzß¹Wc,¿Àà€<C3A0>|<>ÚÀ<E28093>˶$[6ø% $‡ÉÖµ%bKŠ$aâeš²M'IÉÎ.“f&M‡k“Î&¡¶Iwóè¤ùÑɦ!i·ÝfIIó`²™ØêwŽ®<C5BD>Í£Ûî´Wœs¾÷óœ«#VÀ$ˆàïqYjçŸx€„<E282AC>ê Äò´ˆ<CB86>£`è@’îÿÅþ‡‡c#c‰÷%ÐkGèñwBýÜщáï~ºÿ"@Þz”y/$âÝÍ<C39D>È»ãÎòþBÛ€¶ëCcÉCÕñâo"^5
´Ý¨ŸxÉXàPLh'Zäw N#<23>1y¦±óY€ŒoYg,šHÂ<48>ÉôoEþÖX\Žé¬Z <09>mÀx
,WÅüÎé™}yMß@<>ÏÅ/þª‡­ê6øamúŠ>Kû
<08>…#ó ^ÖÔì̱ ý<>> P ‹Ÿn;ëh€QÐrl  ê[ˆ ä1ä€ö”¶éë2«ø “/r´F«Y&hà†§½§§õ)ŒgbÈš¼Tåi:1R¬BoÃE¡³< k5Ï€WüŽ/Á‹h~âk0 | S<08>óŒ7€u%º=Þü<C39E>ňp;©ÿæAÃrç<72>7wYöïaçÿí±Ú}^<5E>ÛÕß×ÛÓ½sGW§³£Ýa·µµ¶X·ßÝtW㶭 wÖoÙl1WWmÜPaZ/•ËJŠò y+çd/ËÒë´Q Pe—~ªTøM…ÔÑQÍp)€„À"_¡Hr,•Q¨ŸÑ¥V”¾AÒš´.Hm¦ê*j—¨ò¶M¢3d Ïð”MòQåsïä°¦‚#Ë1QƒÚKB6ª?µ+Ž¡”ÝoC{Ó9ÙmRœ]]ÓÙ9æ ¤l”bÓdãvÂa£½qÉræVMö@PéíóÚm¥F£¯ºÊ©¬<C2A9>mܤ¢kSôÜ$ ³Ðá8<C3A1>®z#ubƃþÊÜ  ìñ*buS¢=•:¦äW*$›²éþ)ÁÌe¥J²Ù•Jfµ«ÁO×u—DÑš M}˜Žôù•¥”€JÑ™ ßXÞTÊ!QGÊŸ
̤'%j<>RÓ¹¹©˜+ ½^ÔšI¿z¼Tqœð)ˆ4ªÉ:ú»”¾{¼Š`rÐP)ø¯Y2n-5æûæezoÇ,kj4²Ä<C2B2>ÏXae²ÏÁ) –ž«¥Ò§~ÆycžSìaœÉyκ_Ânv¹¼)Ecr%;Öøx@™Äý´ŸµB2(+®•¥TA>ÝfñqYŠQ9ƒaªh+°,¨µXw
SI8²âZfù¼Ðmšavìݯþ;*A´ºJé¨Ì´ÞíU¬6¬µGöéÍÔø±EaoŸbbJÔºÐO=ìòrUM)jSð IÕR,vóLí)¿-³%õy/@múòt-}©êÀgcÂ+Ûp_UØSÞà°Ræ/ âI¦ÞR£bõaƒ}Wö±<C3B6>ÚtݹGEhs{»\RW߀w«H†ÁÌiLöÌHÞÒŒÜrJ)z…Rч$PRkΊޔ…ÀçT¶U[¨—”¼4†¡l¢vÙ¦Ê1|‰Q-ÛNmóÖt E;m¥FŸ1óTW ȦªcÔÈbEí˜g‰&| M@3œÄjYÂö<õJ²ä“BT±özYn¬<¼Êj1xÍÕ^¹—`Š…e#²çVLÅQYº¸¸J;ÇÐŽØÎy6MeI]®3.©#w*À¶°uk~)?ýì<KŽb<Ñü<§¦­VvCìئ$g0%¹¼M\ß GJïg¾
 t¹[««ðeÖ:-‡û¦­äa×€÷ÞèÃnï9<C3AF>mþVßôzäy/Pü®àT<C3A0>Q!”!ÌR?"Y\¾ô‚`s5œÀñ¡œ5O#04#dh†yš€4M†få4ö`—JBXc|Ûi<C39B>õç_(å÷±=+±"ø<>(DÚŽÕ¶OA—«dKr«#µ2z3£7gè:F×ãÎ +IuÕý)ƒ]ú¦/zвzI xÈ*\WâZŒkxÀ†óË8Rˆ¤ü9ÎŽ³™çÒà™!$³€µº7íy9M§Éú41¤‰i2×;ëé<C3AB>%y³ää,™œ%ͳf ³tVl©&w ÑR4jÅ™<C385>|7 ‡3!yˆ­ÀPrQ&©l&$×e\f<ˆC€ex<65>éÅ+¢‡hp9O<G¶½Ñ²±Ë8hÆù'ú°«YTÅ?Æ!å´y™wq\%¢u·æ[H—}\ûçŸjEÏGDôüRL—Mžÿâ¼<C3A2>w¦ùŒpúi÷tÙÓÂcOž~RØüéùc÷C2Þ]Xı!Úm<>ŠkH‰guaºL¯I—éPýì™I¿a-Î^î(“-²°9h žŠE¤+¸Æz ]ê)¬-ðhÑ<68>Ý扊WE ¦¸Ä±y—uWï.±ÙÓãy×ó±çªGÛëþÂ-(.òf'éhÏ.Ëj'«H±gem±'Ÿäy µy¼ xH;x~÷qžÐœ÷nÞÕ<±¢ð œ…« Å:O®$Z2Cv»*+»fôiü¢Ó÷Þ£<C39E>“‹ÍÖ¾E÷°ž<>{¼Ó„<ê{hj
Z×v)5.¯â_ëëRX0‰€aíôJhõ%‰d%H¢2 „JH¨FÊ@¸$L€=‰d29>¾8³‰Y¯LìK$pa2ŒSY²÷¯®oæÝx+^ãÚW´o/½åi:¡þJúøõ`®hnøÿò6™5\„Kð>ü‡wÁáíûü>ý~îÃË8vÁ0Äà¡Œ"1à¶çwõëÏ»ðü F¸­aÔ}ö6î÷bOÏÀßÃgäÑZih}
;ýZõ¡#epŠCk¸M÷<>¦„-8M -6Ï ¯ƒ[|¡SÈÉ<—ðžUŽÖº0<C2BA>S{b°zo0ú<GàÞÅÞ´¯|ÿ'Pœþ
ÎÁ 0sSFï“ïÄÌï…ð˜%°~Ï}—Ñ\Ó
B Ó™t[t—tï ‡…ýú»ô<C2BB>Ú×´+¼(<ËkZLZ‰]óæß…zaƒð"ä§ïK_<4B>+Òþ›ö[nd%~ÖƒNÀ_“ud€%/<2F>Ãj²qW‰ì×m¡1ßØ€ã¢èüþ|H˜˜=¦}å»Î<C2BB>æ_y)a-ùDèÇßaX­Â£~-Š<>ä“S§Ø/'oúŠæ)Í^X&©¼¢ÞÆšU µ¢®¸¨¶¦a•N*¯¯+¬<>Ê4W?~åÈq²<71>ˆÇå<C387>ÖëÚL<>?zúËèÙÏ0|y=©Ÿ;iš¬!ŸvÖÍƦv…êî¡Eø¤s®í7ŸóK,&ô+þŠû²²¸H7ï—ÃuÜ™¡¶F¬/¾øÌK¿Ä¼³¦~<ärwžüà“—,¯è?ùé%K^<5E>¹·÷<C2B7>=4ç~{î3¾9¸ÝŸ£ÝÕP~³eM%)ß c†ImÍ<6D>õuR¹n‡£'çžÿ­TP¨ùäìܱ¢¿üÍÁ¡»z úÜ5áŽÆ¹ÏÈß)'ù-æ0À~™kö@3€Qª+h&ܤ ¥B„*IƒQ¬-¨­).Òg<r½¢õuóòHħþ¦®À²noü?iäõsO
ÈᆢçÞýPSôü;šê×´ßÕa:zÈ=¼AªÜ¾\m\n6“<36>ýÿð@ÛÄÜ[OÌ~-6l“»ææHÑ?¯.Á©åô—ýƒ¦ddïÞó§/™'æ¾züñ­s¯òý€qkÎ`ÜYÜ7„zõdõ°Lõ¥Ñ%=òöÕòE óÃ{æ<>óñ§Ü/þì~
µ<EFBFBD>0÷bYÿ¾jw¢¯?Ë/$û+ûOï?#Ö?3—º2w\uñ<75>çÿpêGÌÞTúŠð<C5A0>ÖÁì™2»´¡Pj¨)¬Õ×ê¥ÌîBR*õqѾyßÞúoWûÀê1שƒWwîºûIÙ÷ã³3c™s2ŽuyßÈÙ‰Êè4.>Xiɸâ¡#GŽm
†¿2Ýû³©2[£ÓtôèÎ}Ù†èÙȇ¦Þ‚“MçìÓ¯Þ}„X^$s³ö‡ª›âw½íüQ,éÛȼ,Ö’Á…?jX`þ²ËÀè`
øNhVa äÃ<C3A4>
k!*¬ÃºLª°OÓ*œ…ßGTx~û¼£ÂÙ`†OU8ÊØ%‡Ã¹°ŽÌÇ°œt<74>ÖO±¿$i!¶W8§ÂŠDƒ
<0B>+®Wa:ÄÍ*¬<><72>
k¡D<¥Âz°‰óv²àÄk*¼ 6j¨
M‡
çÀvͳ*œ MšOUx¹ð„v<E2809E>
¯€:ýËmÑØD<<JÒšÍ[jh{4:2*SgdÈL[FGi?c%h¿œ<C2BF>ãä ¹;šŒR—;“<>ÑðÐÎh$šœˆ¡ÆX`$¡ÕôºÍÈÜDØ%Çáh„n1onØR¬­k¨d2\¤zN8A4å±@ü^^ÞMž—mr"<¡n90f $4Ž$1|•.éà]f„“(l%“±FåàÁƒæîÌ<³ŒÈI
G-Øcª:ÀkN0u‡0dG4¤®èpò` .³09@Ÿã‘ §É<C2A7>L]δ'&G2Â;2Uôza¶˜é­<C3A9>Éd<<8ŽÙP” Dhy:]å´µÅåtUÑÝNwG<77>ÇMw·ô÷·t»<74>víé§m=Ý6§ÛÙÓ<C399>˜ƒ¶tûh—³ÛVEå0†§ò¡X\N$h4NÃc±Ñ0+•Ko+Žf2IÄä¡ðpxˆŽ"#ã<>Ì"&ÇÇ ö/ÄüÇÂÉ@’ã#Ñr<ÂÚ5<1D>Óq´„mMÞ”ê|Cñp,™0'£æh|ÄÒãØmx?ŠáM&a¼a…ð\S¨<53>Í°g
íÈ<EFBFBD>"}dÄœÁw€¡¤ŒâÚ¿ •à˜Œ«Œ¶àDÉnÔNâ àâô0ÞßœH  vmíD^„ËL`Ang
Õ8ne….±ó»%vqzb~f̲af˜çÀÆ/óXâxc£(1|Ûzüî,n/iã5cUdQ¹  ® ç$<24>%Äm$Õz.•g4
ƒhÞÂrp‰å¤jÙÌ»•D™F|ç[à ÿ˜QêzffŒ5Š²Äe”µ¨£ÝZ{ìï×-$<24>6Ž±°º»y6¬Ê.Ÿäýb•M¢Viy¡™®É(•PóG8ȻȲ qYVv®=Ükd‰åK,T!åV{` ¯êÿ&² _“|— bTI5¾ŒÍŸËñ„¸xß]Shå8ÃX»rCFíÁ•á-xvúqîFÜ v®ÛƒŠç³©6®áäp†çৰ|¸v!‡É0Û2F•©Nœc‡°2q¾<Æ8Ïc ©¬Âó»Š<C2BB>ù÷ª+ÅE—ô$Áu†ød¬—~Æù™Èô"Æ#㵜ïHB­_PíÿÏ…<C38F>„ë|¶OpÝÈÂéš@Ú8<C39A>a\<5C>)sZ“ÿƒ®Þx1ëlŒ¿ÓÌ<¶Q\YŽ#Èg•ßÁïI<C3AF>þÇ0Üút¿?°+ìt/ôa¯wã¯7Èü[: â•Ék
endstream
endobj
43 0 obj
<< /Type /FontDescriptor
/FontName /14d347+NotoSerif-Italic
/FontFile2 42 0 R
/FontBBox [-254 -250 1238 1047]
/Flags 70
/StemV 0
/ItalicAngle -12
/Ascent 1068
/Descent -292
/CapHeight 1462
/XHeight 1098
>>
endobj
44 0 obj
<< /Length 1278
/Filter [/FlateDecode]
>>
stream
xœe×ËnÛF†á½®BËtHs&Ã@n¼èu{stÔ’ + ß}ù½¤ikÀÆ/‰œy¾_Ã!}øôôÓÓùtß~»]ês¿ïÇéÜnýíòåVû¾ô—Óygì¾<C3AC>êýë+þÖ×|ݶ“Ÿßßîýõé<.û‡‡Ýá÷í÷ûí}ÿáÇv)ý‡Ýá×[ë·ÓùeÿáÏOÏÛëç/×ë_ýµŸïûãîñqßúØú9_ɯ}à´<C3A0>Omûütÿ¸<C3BF>óϼ_ûÞòÚLL½´þv͵ßòù¥ïŽÇLJ1wýÜþó9ç)eÔÏù6=n?<3F>[i(<28>JKiU:J§ÒSz•<7A>2¨Œ”Qe¢L*ÊEåJ¹ªÌ”Ye¡,*+eUÙ(ÊNÙUÊ-уÁkä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Ákä5x<35>¼¯×à5ò¼F^ƒ×Èkðy ^#¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Åkåµx­¼¯•×âµòZ¼V^×ÊkñZy-^+¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Ãëäux<75>¼¯“×áuò:¼N^‡×Éëð:y^'¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/¯Çëåõx½¼¯—×ãõòz¼^^<5E>×Ëëñzy=^/oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÀä xƒ¼o<>7à ò¼AÞ€7ÈðyÞ oÄå<>x£¼o”7âÝþj·ùº«üo—‰$‰JI•$$*I$ITH¨$$QI"I¢DD%‰$‰JI•$$*I$ITD¤$‰$III$$u>áMò&¼IÞ„7Éð&yÞ$oÂäMx“¼ o7áMò&¼IÞ„7Éð&y¼U†o•aÁ[5ñ·j¶oS orÁÛ4Û·sÞ®>,x»Â/x;³áíê÷31ÞÎÄx;ãí
¿âíJ¼âíJ¼â특âíâ¬x»¯x»¯x‡<78>+Þ!Êw¹âB®x‡b®x‡<78><>ïrÅ;àà2äÍkçÎœñJ¼Y³e¼Y†Œ7+|œÆx oSŠŒ7+[ÆךyÞ¢oVûòæµ -ã­Œ‹·é€"¯åþR¦W<C2A6>*Ó4Xq”êC™^Jú[(£à®^ƒ1»¢y]•¡Èk¹}¼YM-x e#<23><>ÊÙ_y+ë¡hÜŠ7k¶:û«/ âåæZå5«dUýµl¼uz5n¥¿[ç¾ÛeBø÷&Si|y»(ô%q& %+S%ñ*Aª¾ÛÊBijPUÃ6\¥h,ž(¶+L¥ºÝ,¥4G©5Þ<¥ô<C2A5>…ÂcD [˧©ñ¡*t [ jj¼aijü¼IµÙxʪw¹g¶FÉwžØ¶¥§Rô>¶Þís¡hâ>½:­O¯VRÇËí¾³P*#àÙi|e0¼Uýí,ì*o§¿Uáûì/ãÎþ*[§¿U<C2BF>ê,”¦Nö¹°•m€lšx°:š&\}M³<4D>¹»)üÒðL2„´\%CHËF7æÕ§‰ÇÊ»BŽLÉ…’)æjæ€Æ»J1:%¦H߯:=Së©ÿÛ³zýr»m<C2BB>éükÀó¹žÌOçþí¿‡ë媳ôû7±Ùð
endstream
endobj
45 0 obj
[259 600 600 600 600 600 600 600 600 600 600 600 600 310 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 579 600 486 600 493 600 600 600 600 600 600 600 895 599 600 600 600 467 600 368 599 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600]
endobj
xref
0 46
0000000000 65535 f
0000000015 00000 n
0000000267 00000 n
0000000469 00000 n
0000000526 00000 n
0000000577 00000 n
0000000849 00000 n
0000006713 00000 n
0000007116 00000 n
0000007285 00000 n
0000007327 00000 n
0000007376 00000 n
0000007539 00000 n
0000007582 00000 n
0000007747 00000 n
0000007919 00000 n
0000008091 00000 n
0000008134 00000 n
0000008271 00000 n
0000008409 00000 n
0000008573 00000 n
0000008739 00000 n
0000008813 00000 n
0000009051 00000 n
0000009238 00000 n
0000009453 00000 n
0000009767 00000 n
0000009812 00000 n
0000009855 00000 n
0000010128 00000 n
0000010401 00000 n
0000017567 00000 n
0000017784 00000 n
0000019138 00000 n
0000020052 00000 n
0000027583 00000 n
0000027795 00000 n
0000029149 00000 n
0000030063 00000 n
0000033639 00000 n
0000033850 00000 n
0000035204 00000 n
0000036118 00000 n
0000040458 00000 n
0000040680 00000 n
0000042034 00000 n
trailer
<< /Size 46
/Root 2 0 R
/Info 1 0 R
>>
startxref
42948
%%EOF

141
cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,141 @@
= Linux and PF firewalls commands cheat sheet
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Firewalld daemon management (Red Hat based distributions)
=== Enable, disable, reload the daemon
[cols=2, options="header"]
|===
|Command
|Description
|*systemctl disable/enable firewalld*
|Disable/enable firewalld, survives reboot.
|*systemctl stop firewalld*
|Stop firewalld until started manually or reboot.
|*firewall-cmd --reload*
|Reload firewall rules to make your changes active, keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
|*systemctl restart firewalld*
|Restart the daemon, without resetting the active connections. Use in case of
problems with the daemon.
|*firewall-cmd --complete-reload*
|Reload firewall completely, disconnecting the active connections. When nothing
else helps.
|===
=== List rules, status, additional info
[cols=2, options="header"]
|===
|Command
|Description
|*firewall-cmd --state*
|Show firewall daemon status
|*firewall-cmd --list-all*
|List currently active rules
|*firewall-cmd --get-default-zone*
| Show the default zone for interfaces.
|*firewall-cmd --get-zones*
|List all available zones
|*firewall-cmd --get-active-zones*
| Show active zones, including to which zone each interface belongs.
|*firewall-cmd --list-all-zones*
|List all zones with their rules and associated interfaces.
|*firewall-cmd --add-service <service name>*
|Add predefined service by name to the default zone, with action ACCEPT, e.g. `firewall-cmd -add-service ftp` .
|===
=== Open, close ports
[cols=2, options="header"]
|===
|Command
|Description
|*firewall-cmd --add-port=_port-number_/_protocol_*
|Open in incoming _port-number_ of the _protocol_. E.g. open incoming to TCP port
5900 from any: `firewall-cmd --add-port=5900/tcp`
|*firewall-cmd --remove-port=_port-number_/_protocol_*
|Close the open _port-number_. E.g. close the open port 5900/tcp: `firewall-cmd --remove-port=5900/tcp`
|*firewall-cmd --runtime-to-permanent*
|Make the changed rules permanent to survive reboot.
|===
== Ubuntu Uncomplicated Firewall (ufw)
.ufw management commands
[cols=2, options="header"]
|===
|Command
|Description
|*ufw status*
|Show whether the firewall is on and if on, list the active rules.
|*ufw enable*
|Enable firewall.
|*ufw disable*
|Disable firewall
|*ufw reload*
|Reload firewall and rules.
|*ufw allow <predefined service name>*
| Allow some service in any direction from/to any IP address using so called `simple` rule syntax. The service names are as per `/etc/services`. E.g. to allow ssh from any: `ufw allow ssh`.
|*/etc/ufw/before.rules*
|Some rules are pre-allowed by default, to change them edit this file and reload the firewall.
|===
== PF (Packet Filter) management for FreeBSD & OpenBSD
[cols=2, options="header"]
|===
|Command
|Description
|*pfct -d*
|Disable PF in place, does not survive reboot.
|*pfctl -ef /etc/pf.conf*
|Enable PF and load the rule set from file `/etc/pf.conf` in one go.
|*pfctl -nf /etc/pf.conf*
|Parse security rules stored in a file without installing them (dry run).
|*pass in quick on egress from 62.13.77.141 to any*
| 'Quick' rule (means allows this traffic on all interfaces, otherwise we would need 2nd rule allowing this traffic in _outgoing_ direction on egress interface) to allow incoming ANY port/protocol with the source being `62.13.77.141` and destination being ANY IP address behind the PF firewall. NOTE: here, `egress` is not a direction, but a group name to which the interface in question (`em0`) belongs to. In OpenBSD you set it in a file `/etc/hostname.em0: group egress` or in real-time with the command: `ifconfig em0 group egress`.
|===

4327
cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

285
cheat-sheets/Linux-ip-route-reference-by-examples.adoc Normal file
View file

@ -0,0 +1,285 @@
= Linux ip route command reference by example
NOTE: All the commands below take effect immediately after you hit Enter, and do NOT survive reboot. You may shorten the commands to the shortest but unique, e.g. `sh ip ad` instead of `show ip address`. All the commands come as part of the pre-installed package `iproute2`.
Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
<<ip address - Manage IP address(es) on interfaces>> +
<<ip route - Manage routing table>> +
<<ip link - Link Management>> +
<<ip neighbor - Manage ARP and neighbors table>> +
<<Network bridge with ip route2 - manage a network bridge using the ip command>> +
<<Reference>>
== ip address - Manage IP address(es) on interfaces
[cols=2, options="header"]
|===
|Command
|Description
|*ip address show / ip ad sh*
|Show all IP addresses of all interfaces, also their MTU, MAC addresses.
|*ip address show ens36*
|Show IPs of a given interface (ens36).
|*ip address show up*
|Only show IPs of the interfaces that are configured as UP.
|*ip address show dynamic/permanent*
|Show only dynamic (DHCP) or static IPv4/IPv6 addresses.
|*ip address add 192.0.2.1/27 dev ens36*
|Add a new IP address (192.0.2.1) to the named (ens36) interface.
|*ip address add 192.0.2.1/27 dev ens36 label ens36:external*
|Add IP address to the interface, AND label it (external). The label is any string. The label will show in show ip address as: inet 192.0.2.1/27 scope global ens33:external
|*ip address delete 192.0.2.1/27 dev ens36*
|Delete the specified IP address from the interface
|*ip address flush dev ens36*
|Delete ALL IP addresses from the given interface.
|===
== ip route - Manage routing table
[cols=2, options="header"]
|===
|Command
|Description
|*ip route [show]* / *ip ro* +
*ip -6 route* +
*ip -4 route*
|Show the routing table for both IPv4 and IPv6. +
Show the routing table for IPv6 only. +
Show the routing table for IPv4 only.
|*ip route show table all*
|Show ALL routing tables of the server, helpful when there is Policy Based Routing (PBR) in place.
|*ip route add default via 10.10.10.1* +
*ip route add default dev ens36* +
*ip route add 0.0.0.0/0 dev ens36* +
*ip -6 route add default dev ens36*
|Add default route/default gateway via next hop +
… via outgoing interface (ens36) +
… via outgoing interface using 0.0.0.0/0 notation +
Add default IPv6 route.
|*ip route delete default dev ens36*
|Delete default route via given interface
|*ip route show root 192.0.2.0/24*
|Show routes not shorter than the given. Here, 192.0.2.0/29 will match, but 192.0.2.0/23 will not.
|*ip route show match 192.0.2.0/29*
|Show routes not longer than the given network/mask. Here, 192.0.2.0/30 will match, but 192.0.2.0/27 will not.
|*ip route show exact 192.0.2.0/29*
|Show route(s) matching EXACTLY inside the network and its given mask. Here, 192.0.2.7 will match, but 192.0.2.8 will not.
|*ip route get 192.123.123.1/24*
|Simulate resolving of a route in real time by kernel.
|*ip route add 192.192.13.0/24 via 10.13.77.1* +
*ip route add 192.192.13.0/24 dev ens36*
|Add new route to 192.192.13.1/24 via nexthop. +
Add new route to 192.192.13.1/24 via interface.
|*ip route delete 192.192.13.0/24 via 10.13.77.1* +
*ip route delete 192.192.13.0/24*
|Delete specific route
|*ip route change 192.192.13.0/24 dev ens32*
|Change some parameter of the existing route.
|*ip route replace 192.192.13.0/24 dev ens36*
|Replace a route if exists add if not.
|*ip route add blackhole 192.1.1.0/24*
|Black hole some route. The traffic sent to this route will be dropped without any feedback.
|*ip route add unreachable 192.1.1.0/24*
|Block destination route, replies to sender “Host unreachable”.
|*ip route add prohibit 192.1.1.0/24*
|Block destination route, replies to sender with ICMP “Administratively prohibited”.
|*ip route add throw 192.1.1.0/24*
|Block destination route, sends in reply ICMP “net unreachable”.
|*ip route add 10.10.10.0/24 via 10.1.1.1 metric 5*
|Add a route with a custom metric.
|*ip route add default nexthop via 10.10.10.1 weight 1 nexthop dev ens33 weight 10*
|Add 2 (default) routes with different weights (higher weight is preferred) first with the weight of 1, second with the weight of 10.
|===
== ip link - Link Management
[cols=2, options="header"]
|===
|Command
|Description
|*ip link show / ip link / ip link list* +
*ip link show ens36*
|Show info on all available interfaces. +
Show info on a specific interface.
|*ip link set dev eth36 down* +
*ip link set dev ens36 up*
|Set interface state to down. +
Set interface state to up.
|*ip link set ens33 name eth33*
|Rename interface, here from ens33 to eth33. First, you have to set interface to down state. This adds this name as an alternative name, keeping the old name as well. Use with care some distributions (RHEL/CentOS) expect certain names for each interface type.
|*ip link set dev eth0 address 02:42:c2:7c:39:b3*
|Change MAC address of the interface.
|*ip link set dev tun0 mtu 1480*
|Set MTU size for the interface.
|*ip link delete <dev>*
|Delete interface, relevant for virtual interfaces only (VLAN, bridge, VXLAN, etc.).
|*ip link set dev ens36 arp off/on*
|Turn ARP resolution protocol on the interface ens36 on/off. NOTE: disabling ARP will clear the current ARP table and will prevent this interface from learning MAC addresses, and so will disconnect any remote sessions to the host.
|*ip link set dev ens36 multicast off/on*
|Turn multicast on the interface ens36 on or off.
|*ip link add name eth0.110 link eth0 type vlan id 110*
|Add VLAN 110 on the fly to the interface eth0, naming it eth1.110.
|*ip link add name eth0.120 link eth0 type vlan proto 802.1ad id 120* +
*ip link add name eth0.120.200 link eth0.120 type vlan proto 802.1q id 200*
|*QinQ (kernel >= 3.10)*. Add VLAN 120 as external VLAN on interface eth0 naming it eth0.120, setting protocol to 802.1ad.
Add internal VLAN 200 to the eth0.120, naming it eth0.120.200 and setting protocol to the 802.1Q.
|*ip link add dummy0 type dummy* +
*ip addr add 172.17.1.1/24 dev dummy0* +
*ip link set dummy0 up*
|Create virtual software interface of type dummy, assign it IP address, and bring it up. Useful for testing.
|*ip link add vx0 type vxlan id 100 local 172.16.13.1 remote 192.168.12.12 dev eth0 dstport 4789*
|Create VXLAN tunnel with id of 100 and local and remote addresses of 172.16.13.1/192.168.12.12 using destination port of 4789 UDP.
|*ip link add bond13-14 type bond mode active-backup* +
*ip link set eth13 master bond13-14* +
*ip link set eth14 master bond13-14*
|Create logical interface bond13-14 of type bond in active-backup mode for failover (only 1 physical interface is active at any time).
Add 2 physical interfaces to this bond (eth13 & eth14). All further configurations are to be done on the bond13-14 interface.
|===
== ip neighbor - Manage ARP and neighbors table
[cols=2, options="header"]
|===
|Command
|Description
|*ip neighbor show* +
*ip neighbor show dev eth0*
*ip -6 neighbor show*
|Show all MAC addresses of the IPv4 neighbors. +
Show MAC addresses of the neighbors on ens36 interface only. +
Show IPv6 neighbors.
|*ip neighbor flush dev eth0*
|Delete all cached dynamically learned MAC addresses on the interface eth0.
|*ip neighbor add 192.1.1.1 lladdr 01:22:33:44:55:f1 dev eth0*
|Add static IP address to MAC address mapping for a neighbor on the interface eth0.
|*ip neighbor delete 192.1.1.1 lladdr 01:33:44:55:ff:11 dev eth0*
|Delete a static mapping of IP address to the MAC address on the interface.
|===
== Network bridge with ip route2 - manage a network bridge using the ip command
[cols=2, options="header"]
|===
|Command
|Description
|*ip link add name bridge_name type bridge* +
*ip link set bridge_name up*
|Create a new bridge and change its state to up.
|*ip link set eth0 up*
|To add an interface (e.g. eth0) into the bridge, its state must be up
|*ip link set eth0 master bridge_name*
|Adding the interface into the bridge
|*bridge link*
|To show the existing bridges and associated interfaces, use the bridge command
|*ip link set eth0 nomaster*
|to remove an interface from a bridge
|*ip link delete bridge_name type bridge*
|To delete a bridge
|*bridge fdb show*
|Shows a list of MACs in FDB(Forwarding Database entry)
|*bridge fdb add 00:01:02:03:04:05 dev eth0 master*
|add a new fdb entry
|*bridge fdb append to 00:00:00:00:00:00 dst 10.0.0.2 dev vxlan0*
|append a forwarding database entry
|*bridge fdb del 00:01:02:03:04:05 dev eth0 master*
|Deletes FDB entry
|*bridge vlan add dev bond0 vid 2 master*
|Create a new vlan
|*bridge vlan delete dev eth0 vid 2*
|Delete a vlan
|*bridge vlan show*
|List all vlans
|*bridge link set dev eth0 guard on*
|Disable/Enable BPDU proccessing on specific port
|*bridge link set dev eth1 cost 4*
|Setting STP Cost to a port
|*bridge link set dev eth1 root_block on*
|To set root guard on eth1
|===
== Reference
* https://manpages.debian.org/jessie/iproute2/ip-route.8.en.html

7371
cheat-sheets/Linux-ip-route-reference-by-examples.pdf Normal file
View file

File diff suppressed because it is too large Load diff

103
cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.adoc Normal file
View file

@ -0,0 +1,103 @@
= MRV Optiswitch OS904 OS906 OS912 debug and diagnostic commands
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
*MRV Communications* (acquired in 2017 by ADVA Optical Networking) is an Israeli company known for their optical network equipment, most notably their Optiswitch Carrier Ethernet Switch series. The switches (OS904, OS906G, OS912) are not available for purchase from them anymore, but if you work for a telco company, you surely still have these boxes around doing their work.
Unfortunately, with the merger and the end of sale, all the documentation disappeared as well. To help you a bit I bring below some debug and diagnostic commands to be run on the CLI. You can still find the datasheet here https://www.cornet-solutions.co.jp/pdf/mrv_os_900_sdb_a4_hi.pdf
You can see how output of the commands below looks like when run on the real MRV in my blog post: https://yurisk.info/2020/01/13/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands/.
[cols=2*,options="header"]
|===
|Command
|Description
|*no cli-paging/cli-paging*
|Enable/disable paging the output.
|*show <smth> \| <include/begin/end/exclude> <search term>*
|Pipe output of some `show` command, e.g. find specific MAC address: `show lt \| include B1:12` (search terms are case sensitive). Also can pipe to few Linux commands, e.g. count number of learned/dynamic MACs: `show lt \| grep -c "DYNAMIC"`
|*show run*
|Show the running configuration
|*show port*
| Show port summary: state (on/off), speed, media (copper/sfp), duplex state
|*show interface*
|List of logical/vlan interfaces, MAC addresses, IP address (if any)
|*show port detail _n_*
| Show details of the port number _n_: media type, speed/duplex configured and actual, state, shaping applied.
|*show port statistics _n_*
|Show real-time statistics: packets/bytes received/sent, CRC and other error count
|*show l2cntrl-protocol-counters*
|Show counters of received/transmitted Layer 2 control protocols - LACP, MSTP, RSTP, OAM.
|*show run ports*
| Show running configuration for all ports
|*show port tag*
|Show tagging/vlans configured on each port
|*show port sfp-diag _n_*
| Show real-time diagnostic data for the interface: TX/RX power in dBm, voltage, temperature
|*show port sfp-params*
|Physical parameters of the SFP interface
|*show port rate _portnumber_ time _seconds_*
|Show the rate of the traffic passing the interface real-time
|*monitor port statistics _portnumber_*
|Show the same data as `show port statistics` but refresh every other second
|*(config)# port state disable/enable <n>*
|Disable/enable MRV port number `n` (shut/no shut in Cisco terminology). Make sure you don't disable th eport you are connected through.
|*(config)# port media-select <sfp/sfp100/copper/auto/sgmii>*
| Set manually type of physical interface installed in MRV.
|*(config)# port speed <10/100/1000/auto> <n/all>*
|Force specific speed settting for a port.
|*show lt [port <port number> all]*
|Show MAC address table - static and learned dynamic. Output also gives timestamp when MAC address displayed was last changed. Optionally, specify port to show only MACs on this port.
|*(config)# clear lt*
|Delete all learned MAC addresses from Learning Table.
|*show syslog <all/debug/info/warning/error/fatal> [start-date] [end-date]*
|Show logs per their severity. Optional start/end dates are in format `mm-dd-ff:mm:ss` . If remote syslog is configured in the MRV, there will be NO local logs, to verify - look in configuration `show run \| i rsyslog`.
|*clear syslog*
|Delete all local log entries.
|*show ver*
| Show the device model, hardware, fan status, OS installed, MAC address, serial number and uptime.
|*show time*
|Show system time. Important for checking alarms and logs
|*show cpu*
|CPU properties
|===
Additionally see https://github.com/yuriskinfo/cheat-sheets/blob/master/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc

3478
cheat-sheets/MRV-Optiswitch-OS904-OS906-OS912-debug-and-diagnostic-commands.pdf Normal file
View file

File diff suppressed because it is too large Load diff

111
cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,111 @@
= RAD ETX 203, 205, 220 debug and information commands
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
Carrier Ethernet Devices by RAD (ETX-203AX, ETX-203AM, ETX-203AX-T, ETX-205A, ETX-220A) are quite popular with telco companies around the world for connecting end clients to the backbone at layer 2. And while reference documentation is available, I couldn't find the debug/information commands digest on the Internet at all. This post, I hope, comes to fill the gap.
The commands below are meant to be run on the device CLI itself, not on provisioning system like RADview. You can see how output looks like when run on the real ETX on my blog post https://yurisk.info/2020/03/21/rad-etx-203-203-220-debug-and-information-commands-examples/.
[cols=2*,options="header"]
|===
|Command
|Description
|*show configure port summary*
| Show port summary: state (up/down), speed
|*show config port _name_ status*
| Show port status: administrative and operational states, speed/duplex, connector type, MAC address, and most important (for fiber) - RX/TX signal power (dBm)
|*show config port _name_ statistics*
| Statistics of the port: total bits/frames passed, maximum/minimum bits/sec seen, and most
interesting - CRC errors, error frames, oversize frames, discards, CV/ES/SES/FC stats for
E1 lines.
|*config port ethernet _number_*
*clear-statistics*
|Clear all statistics/counters for this port.
|*config flow*
*flow _flow-name_*
*show statistics running*
|Show detailed counters for the given flow, will include `bps`, max/min `bps` seen after reboot, `drops` if any.
|*config port _name_*
*rate-measure interval _seconds_*
*show rate*
| Show port utilization in bits/sec in real-time
|_Responder:_
*config flow*
*service-ping-response local-ip 13.13.13.2/30 next-hop 13.13.13.1 egress-port ethernet 4/2 vlan 777*
_Ping sender:_
*config flow*
service-ping local-ip 13.13.13.1/30 dst-ip 13.13.13.2 next-hop 13.13.13.2 egress-port ethernet 4/1 vlan 777 number-of-packets 10 payload-size 1450
|Send ping over the client vlan in Service Provider network (here 777) from ETX
to ETX to measure latency and packet loss. You configure one ETX as a responder
and another one as a sender.
|*show configure flows summary brief*
|List all flows configured on this ETX briefly
|*show configure flows summary details*
|List all flows configured on this ETX with details
|*config flow _name_*
*mac-learning*
*show mac-table*
*no mac-learning*
|Enable MAC address learning inside a flow and show the MAC table. The _flow_ should be the one where
those MAC addresses are supposed to be learned, and in the appropriate
direction. E.g. if the equipment of the end client is connected to ETX port
`ethernet 0/10`, then you should run this command under the flow that has
`ingress port 0/10`, to see if the ETX can see client's equipment. WARNING:
after showing the results, make sure to disable the MAC learning, as it may
interfere with the client's traffic.
|*show config system system-date*
| Show system time of the appliance, important for logs/alarms correlation.
|*show config reporting brief-alarm-log*
|Show alarms log, their severity/state/last raised time
|*exit all*
|Exit all sub-configuration modes to the top level.
|*show file startup*
|Show startup configuration.
|*save*
|Save the configuration.
|*clear-statistics*
|Clear all statistics (at the highest config level) - errors on interfaces, bytes sent/received, etc.
|*admin*
*reboot*
|Reboot the device.
|===

2807
cheat-sheets/RAD-ETX-203-205-220-debug-and-information-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

143
cheat-sheets/Route53-AWS-CLI-examples.adoc Normal file
View file

@ -0,0 +1,143 @@
= Route53 AWS CLI examples cookbook
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Short Introduction
* AWS Route53 is the only service with 100% SLA.
* Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the
rest are registered via _Gandi SAS_
== List all hosted zones (private and public)
[source, bash]
----
aws route53 list-hosted-zones
----
If you are using configuration profiles:
[source, bash]
----
aws route53 list-hosted-zones --profile <profile-name>
----
This command returns _zone-id_ you will need in future queries.
== Show all records of a zone
[source, bash]
----
aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT
----
=== Filter output for specific records
Show all and only A records from a zone:
----
aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \
--query "ResourceRecordSets[?Type == 'A'] "
----
Show only records matching the given record value (here _www.yurisk.info_):
----
aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \
--query "ResourceRecordSets[?Name == 'www.yurisk.info.'] "
----
NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken`
if you expect to get more results.
== Create a new public zone
Create a new public zone named _example334455.com_:
----
aws route53 create-hosted-zone --name example334455.com \
--caller-reference some-text-for-me-for-reference
----
On success returns zone's ID, request status (e.g. `Pending`), allocated name
servers. The `caller-reference` you set is used for identifying this request in
logs etc. and can be arbitrary string.
== Add A record to a zone
While mainly expected to store the record in JSON format in a local file, we
can specify the record(s) to add explicitly with `--change-batch`. Let's add A
record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_:
----
aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
--change-batch '
{
"Comment": "Adding A record",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example334455.com",
"Type": "A",
"TTL": 600,
"ResourceRecords": [
{
"Value": "1.2.3.4"
}
]
}
}
]
}
'
----
== Delete a record from a zone
Let's delete the A record just created _www.example334455.com_ (we use
`Action:DELETE`):
----
aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
--change-batch '
{
"Comment": "Adding A record",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {
"Name": "www.example334455.com",
"Type": "A",
"TTL": 600,
"ResourceRecords": [
{
"Value": "1.2.3.4"
}
]
}
}
]
}
'
----
== Delete a zone completely
NOTE: You cannot delete a non-empty zone, have to 1st delete all records except
NS.
Trying to delete a zone with other than NS records gives this error:
----
An error occurred (HostedZoneNotEmpty) when calling the DeleteHostedZone
operation: The specified hosted zone contains non-required resource record
sets and so cannot be deleted
----
We delete the empty zone _example334455.com_:
----
aws route53 delete-hosted-zone --id Z0967968IADGHN5TI3WW
----

3042
cheat-sheets/Route53-AWS-CLI-examples.pdf Normal file
View file

File diff suppressed because it is too large Load diff

59
cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,59 @@
= Ruckus ICX switches 7150, 7250, 7450, 7650, 7750, 7850 diagnostics commands
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
:homepage: https://yurisk.info
NOTE: When in doubt, use Cisco IOS-like commands, as most are equivalent.
.Ruckus ICX switch (former Brocade) diagnostics commands
[cols=2, options="header"]
|===
|Command
|Description
|*show version*
|Show the switch hardware version, whether stack or not, uptime, serial number, firmware version.
|*show flash*
|Show boot images stored in the flash - primary and secondary boot images and thier versions, flash free space.
|*show dir* OR *show files*
|List contents of the flash - in addition to boot images, also startup configuration file and anything else stored in the flash.
|*show boot*
|Show in what sequence boot images will be tried on reload, usually Primary then Secondary.
|*show cpu tasks*
|Show last 1 second CPU load per task in percents.
|*show cpu histogram waittime* AND *show cpu histogram holdtime*
|Shows the task CPU usage in each bucket. This includes how many times a task run time or hold time falls in each bucket, and the maximum run time and total run time for each bucket. Hold time - The time that the task is holding the CPU without yield. Wait time - The time that the task is waiting for execution.
|*show fdp neighbor* AND *show fdp neighbor detail*
| Show CDP or/and LLDP neighbors, provided any of these protocols are enabled on the switch.
|*show run*
|Show the running configuration.
|*show statistics brief*
|Show stats for all interfaces - cumulative packets in/out, error in/outs.
|*show statistics ethernet <port number>*
|Show detailed statistics for the interface _<port number>_ - packets/bytes in/out, bad packets/frames, CRC count, Collisions, Interface bandwidth utilization in percents, current interface utilization in bits/sec.
|*show spanvlan <vlan number>*
|Show spanning tree status (optionally) for a given VLAN - who is root, interface cost, state (forwarding, disabled) of each interface.
|*show vlan <vlan number>*
|Show VLAN information - spanning tree status (on/off), SPT priority, which ports are tagged and which are not, Uplink ports if any.
|*show inline power*
|Show power over the Ethernet status for each interface, if enabled/supported.
|*show int <interface name>*
|Detailed interface statistics like `show int` in Cisco equipment - port uptime, MAC address, configured vs actual speed/duplex, MDI mode, STP state, input/output rate in bits/sec,
|===

2226
cheat-sheets/Ruckus-Brocade-ICX-FastIron-switch-debug-nad-diagnostics-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

85
cheat-sheets/Ubuntu-ufw-firewall-cookbook.adoc Normal file
View file

@ -0,0 +1,85 @@
= Ubuntu Uncomplicated Firewall (ufw) cookbook of configuration examples
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
<<Disable/unload the firewall>> +
<<Verify status of the ufw firewall>> +
<<Enable ufw firewall>> +
<<Allow SSH access to this server from Any IP source>> +
<<Delete a rule by its number>> +
== Disable/unload the firewall
Beware: after running this command all access restrictions imposed by ufw rules will be gone.
`*ufw disable*`
== Verify status of the ufw firewall
`*# ufw status*` - Show short status. +
....
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
Anywhere ALLOW 10.10.10.0/24
22 (v6) ALLOW Anywhere (v6)
....
`*ufw status verbose*`- Show all rules, including the default ones, and logging level.
----
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
Anywhere ALLOW IN 10.10.10.0/24
22 (v6) ALLOW IN Anywhere (v6)
----
`*ufw status numbered*` - Show rules with their sequence numbers, that we can later use to delete some specific rule.
----
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] Anywhere ALLOW IN 10.10.10.0/24
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
----
== Enable ufw firewall
*ufw enable* - Enable _ufw_ firewall and load the default rules, as well as user created if any in the `/etc/ufw/user.rules`.
== Allow SSH access to this server from Any IP source
`*ufw allow 22*` - Add port 22 to the `filter` table with action of `allow`. The rule will be added to the `/etc/ufw/user.rules` file and will survive reboot.
== Delete a rule by its number
`*ufw delete <rule number>*` +
First, see the rule numbers with `*ufw status numbered*`. Let's say I want to delete rule number 2:
----
# ufw delete 2
Deleting:
allow from 10.10.10.0/24
Proceed with operation (y|n)? y
Rule deleted
----
On deleting a rule, the ufw moves rules up, taking place of the removed rule in sequencing. That is, the rule that was numbered 3 before the deletion of rule 2, will become new rule number 2.

1796
cheat-sheets/Ubuntu-ufw-firewall-cookbook.pdf Normal file
View file

File diff suppressed because it is too large Load diff

63
cheat-sheets/Windows-cmd-shell-batch-scripting-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,63 @@
= Windows cmd shell batch scripting cheat sheet
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2022-08-31
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== Controlling scripts themselves
[cols=2, options="header"]
|===
|Command
|Description
|*rem*
|Start a comment, till the end of line. It can be used to comment out a whole line or part of it.
|*cls*
|Clear the screen buffer.
|*echo _text to display_*
*echo off/on*
*echo.*
|Print text on line, or, with `off/on` switch without text, turn off/on echoing the commands being run.
Usually, you set `echo off` as the 1st line in a batch script, and the `echo on` as the last line. Turning
echoing off does not hide _output_ of the commands run, just the commands themselves. The 3rd option is `echo` followed immediately
by _dot_ and it causes echo to print a blank line (an dthis is the only way to do so).
|*@*
|Turn off echoing only for the command preceded by this @. E.g. `@echo off` to prevent the _echo off_
being printed itself.
|*title _Title bar text_*
|Change the title of the cmd.exe window for this session. As a rule of a good style, change _title_ on each stage of the
script, to let users know what the script is doing.
|===
== Script arguments
[cols=2, options="header"]
|===
|Command
|Description
|%_n_
|Positional argument to the script from the command line. _n_ can be from 0 to 9.
|%0
|The script name. The actual arguments to the script start with %1.
E.g. `echo The script was called as %0, with the %1 as the first argument`
|%*
|The rest of the positional arguments after the 9th altogether. The individual args are not accessible directly, use `SHIFT`-ing.
|*shift [/_n_]*
|Shift positional arguments by one. If `/n` is given, will shift starting with n+1. E.g. `shift /4` will shift 5th to become 4th,
6th will become 5th, and so on, while arguments before 4 will stay untouched.
|===

2320
cheat-sheets/Windows-cmd-shell-batch-scripting-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

68
cheat-sheets/Windows-cmd-shell-tips.adoc Normal file
View file

@ -0,0 +1,68 @@
= Windows cmd.exe shell tips for productivity
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2023-03-07
:homepage: https://yurisk.info
:toc:
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
== doskey
[cols=2, options="headers"]
|===
|Command
|Description
|Up Arrow
|Recall previous command.
|Down Arrow
|Recall next command
|Page Up
|Recall the 1st/oldest command in the current session.
|Page Down
|Recall the most recent command in this session.
|Ctrl + Left Arrow
|Move cursor back one word.
|Ctrl + Right Arrow
|Move cursor right one word.
|Home
|Move cursor to the beginning of the line.
|End
|Move cursor to the end of the line.
|Esc
|Clear the command from the display.
|Right Click on title -> Properties -> Options -> Buffer size
|Increase/decrease the commands history buffer size. Note: `doskey
/listsize=<n>` stopped working on Windows 10 somewhere in 2021.
|*doskey /history*
|Show all commands in the buffer.
|*doskey _macroName_ = _command to run_*
|Record a macro for this session. E.g. to save some typing:
`doskey ro = route print`, now we can use `ro` to run `route print`.
The macros are not saved, and disappear after closing the cmd.exe,
unless saved in a batch file.
|*doskey /macros*
|Show all macros defined for this session.
|===
== References
* https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/doskey

2108
cheat-sheets/Windows-cmd-shell-tips.pdf Normal file
View file

File diff suppressed because it is too large Load diff

515
cheat-sheets/curl-cookbook-of-examples.adoc Normal file
View file

@ -0,0 +1,515 @@
= curl examples cookbook
:homepage:
:toc:
== Force curl not to show the progress bar
Use `-s` option to make it silent:
----
curl -o index.html -s https://yurisk.info
----
== Download a web page via GET request setting Chrome version 74 as the User-Agent.
Use `-A` to set User-Agent.
----
curl -o Index.html -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" http://example.com
----
Resources: https://developers.whatismybrowser.com/useragents/explore/
== Download a page via https ignoring ceritficate errors
Add `-k` to ignore any SSL certificate warnings/errors.
----
curl -k -o Index.html https://example.com
----
== Download a page using SOCKS5 proxy listening on 127.0.0.1 port 10443
Useful when you have set up an SSH tunnel to remote server listening on local
port, say 10443.
----
curl -x socks5://localhost:10443 https://yurisk.info
----
== Download a page using SOCKS5 proxy listening on 127.0.0.1 port 10443 and use remote host to resolve the hostname
----
curl -x socks5h://localhost:10443 https://yurisk.info
----
The idea here is to tunnel DNS requests to the remote end of the tunnel as well,
for example for privacy concerns to prevent
https://en.wikipedia.org/wiki/DNS_leak.
== Download a page and report time spent in every step starting with resolving:
Source:
https://stackoverflow.com/questions/18215389/how-do-i-measure-request-and-response-times-at-once-using-curl.
- Step 1: Put the parameters to write into a file called say _curl-params_ (just for the convenience instead of CLI):
----
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n
----
- Step 2: Run the curl supplying this file _curl-params_:
----
curl -w "@curl-params" -o /dev/null -s https://example.com
----
----
time_namelookup: 0.062
time_connect: 0.062
time_appconnect: 0.239
time_pretransfer: 0.239
time_redirect: 0.000
time_starttransfer: 0.240
----------
time_total: 0.241
----
== Resolve IP address to the owner's Autonomous System Number
Do so by sending POST query with form fields to the Team Cymru whois server.
When sending any POST data with form fields, the first task is to know the
fields. The esiest way to do it is to browse the form page, fill the form, open
the HTML code and write down fields and their values. I did it for the page at
https://asn.cymru.com/ and noted 5 fields to fill with values, the field to
place IP address to query for is `bulk_paste`. In curl you specify field values
with `-F 'name=value'` option:
----
curl -s -X POST -F 'action=do_whois' -F 'family=ipv4' -F 'method_whois=whois' \
-F 'bulk_paste=35.1.33.192' -F 'submit_paste=Submit' https://asn.cymru.com/cgi-bin/whois.cgi | grep "|"
----
Output:
----
AS | IP | AS Name
36375 | 35.1.33.192 | UMICH-AS-5, US
----
== Make sure curl follows redirections (`Location:`) automatically, using the correct `Referer` on each redirection
Use `-L` option to tell curl to follow the _Location_ header.
----
curl -L -e ';auto' -o index.html https://example.com
----
NOTE: All the downloaded pages will be appended to the same output file, here _index.html_.
== Send GET request with digest authentication
----
curl --digest http://user:pass@example.com/login
----
== Download a remote file only if it's newer than the local copy
----
curl -z index.html -o index.html https://example.com/index.html
----
NOTE: file to compare/download, here _index.html_, is compared for timestamp only, no content hashing or anything else.
== Enable support for compressed encoding in response, as a real browser would do
----
curl -compressed -o w3.css https://yurisk.info/theme/css/w3.css
----
Note: this option causes curl to sent `Accept-Encoding: gzip` in the request.
== Verify CORS settings of a website
----
curl -H "Access-Control-Request-Method: GET" -H "Origin: http://localhost" \
--head https://yurisk.info/2020/03/05/fortiweb-cookbook-content-routing-based-on-url-in-request-configuration/pic1.png
----
Output:
----
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
----
== Convert curl command into ready to be compiled C source file
----
curl -o index.html https://yurisk.info --libcurl index.c
----
The output file index.c will contain the source code to implement the same command using curl C library:
[source,c]
----
/********* Sample code generated by the curl command line tool **********
* All curl_easy_setopt() options are documented at:
* https://curl.haxx.se/libcurl/c/curl_easy_setopt.html
************************************************************************/
#include <curl/curl.h>
int main(int argc, char *argv[])
{
CURLcode ret;
CURL *hnd;
hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_BUFFERSIZE, 102400L);
curl_easy_setopt(hnd, CURLOPT_URL, "https://yurisk.info");
curl_easy_setopt(hnd, CURLOPT_USERAGENT, "curl/7.66.0");
curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, (long)CURL_HTTP_VERSION_2TLS);
curl_easy_setopt(hnd, CURLOPT_SSH_KNOWNHOSTS, "/home/yuri/.ssh/known_hosts");
curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
/* Here is a list of options the curl code used that cannot get generated
as source easily. You may select to either not use them or implement
them yourself.
CURLOPT_WRITEDATA set to a objectpointer
CURLOPT_INTERLEAVEDATA set to a objectpointer
CURLOPT_WRITEFUNCTION set to a functionpointer
CURLOPT_READDATA set to a objectpointer
CURLOPT_READFUNCTION set to a functionpointer
CURLOPT_SEEKDATA set to a objectpointer
CURLOPT_SEEKFUNCTION set to a functionpointer
CURLOPT_ERRORBUFFER set to a objectpointer
CURLOPT_STDERR set to a objectpointer
CURLOPT_HEADERFUNCTION set to a functionpointer
CURLOPT_HEADERDATA set to a objectpointer
*/
ret = curl_easy_perform(hnd);
curl_easy_cleanup(hnd);
hnd = NULL;
return (int)ret;
}
/**** End of sample code ****/
----
You can now compile it to executable, provided you have `libcurl` library and its headers installed: `gcc index.c -lcurl -o index`
== Display just the HTTP response code
----
curl -w '%{http_code}' --silent -o /dev/null https://yurisk.info
----
Output:
----
200
----
== Get a page using specific version of HTTP protocol
----
curl --http2 -s -O https://yurisk.info
----
== Download file with SCP protocol
----
curl scp://99.23.5.18:/root/pdf.pdf -o pdf.pdf -u root
----
Note: curl checks `~/.ssh/known_hosts` file to verify authenticity of the
remote server. If the remote server is not already in the `known_hosts`, curl
will refuse to connect. To prevent it - forst connect to the remote server via SSH,
this will add it to the known hosts. Also, curl should be compiled with support for `libssh2` library.
== Get external IP address of the machine where the curl is installed
----
curl -s http://whatismyip.akamai.com/
----
.Output:
----
87.123.255.103
----
== Send e-mail via SMTP
First, put the message body and From/To/Subject fields in a file:
----
# cat message.txt
From: Joe Dow <joedow@example.com>
To: Yuri <yuri@yurisk.info>
Subject: Testing curl SMTP sending
Hi, curl can now send e-mails as well!
----
Now, send the e-mail using the created file and setting e-mail envelope on the CLI:
----
curl -v smtp://aspmx.l.google.com/smtp.example.com --mail-from Joedow@example.com \
--mail-rcpt yuri@yurisk.info --upload-file message.txt
----
.Here:
* `aspmx.l.google.com` - the mail server for the recipient domain (`curl` does NOT look for the MX record itself).
* `smtp.example.com` (Optional) - domain the `curl` will use in greeting the mail server (HELO/EHLO).
* `--mail-from` - sender address set in the envelope.
* `--mail-rcpt` - recipient for the mail set in the envelope.
NOTE: the mail sending is subject to all the anti-spam checks by the receiving mail server, so I recommend to run this with the `-v` option set to see what is going on in real-time.
== Make curl resolve a hostname to the custom IP address you specify without modifying hosts file or using DNS server hacks
Useful to test local copy of a website.
Problem: You want curl to reach a website "example.com" at IP address 127.0.0.1 without changing local `hosts` file or setting up fake DNS server.
Solution: Use `--resolve` to specify IP address for a hostname, so curl uses it without querying real DNS servers.
----
curl -v --resolve "example.com:80:127.0.0.1" http://example.com
----
----
* Added example.com:80:127.0.0.1 to DNS cache
* Hostname example.com was found in DNS cache
* Trying 127.0.0.1:80...
* Connected to example.com (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.67.0
> Accept: */*
----
== Show how many redirects were followed fetching the URL
Use `num_redirects` variable for that:
----
curl -w '%{num_redirects}' -L -o /dev/null https://cnn.com -s
2
----
== Use your browser to prepare the complete curl command via "copy as curl" feature
We can use a regular browser to prepare the complete curl command by just browsing to the target site. For that:
. Open Developer Tools - **F12** (works in Chrome and Firefox)
. Browse to the target site/page.
. In the "Network" tab of the Developer Tools find the item you want to GET with curl, right click on it, find menu "Copy as cURL", click on it - this copies to the clipboard ready-to-run curl command to that asset.
== Test if a website supports the given cipher suite, e.g. obsolete sslv3 & DES
Helps to monitor servers for obsolete or not yet widely supported cipher suites.
Check if site supports sslv3 (old and dangerously broken):
----
curl -k https://yurisk.info:443 -v --sslv3
----
Output:
----
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
----
Check if the newest (experimental as of 2020) TLS v1.3 is enabled:
----
curl -k https://yurisk.info:443 -v --tlsv1.3
----
Output:
----
* OpenSSL SSL_connect: SSL_ERROR_ZERO_RETURN in connection to yurisk.info:443
* Marked for [closure]: Failed HTTPS connection
----
Check if your version of curl supports easily breakable DES algorithm:
----
curl -k -o /dev/null https://yurisk.info:443 --ciphers DES
----
Output:
----
curl: (59) failed setting cipher list: DES
----
== Fetch multiple pages with predictable pattern in their URLs
If a website has a repeating pattern in naming its resources, we can use **URL globbing**. curl understands ranges `[start-end]` and lists `{item1,item2,...}`. Ranges can be alphanumeric and are inclusive, i.e. [0-100] starts at 0 and includes up to 100. Ranges optionally accept step/increment value: `[10-100:2]`, here 2 is added on each step. We can use both, ranges and lists, in the same URL.
_Output files_: curl remembers the matched glob patterns and we can use them with `-o` to specify custom output filenames.
* Fetch all pages in
`https://yurisk.info/category/checkpoint-ngngx<i>NNN</i>.html` where _NNN_ goes from 2 to 9. Pay attention to the single quotes - when using on the Bash command line, the range `[]` and list `{}` operators would be otherwise interpreted by the Bash itself instead of curl.
----
curl -s -O 'https://yurisk.info/category/checkpoint-ngngx[2-9].html'
----
Output directory:
----
checkpoint-ngngx2.html
checkpoint-ngngx3.html
checkpoint-ngngx4.html
checkpoint-ngngx5.html
checkpoint-ngngx6.html
checkpoint-ngngx7.html
checkpoint-ngngx8.html
checkpoint-ngngx9.html
----
* Fetch all pages _cisco.html,fortinet.html,linux.html,checkpoint-ngngx.html_ inside the _category_ folder:
----
curl -O 'https://yurisk.info/category/{cisco,fortinet,linux,checkpoint-ngngx}.html'
----
Output:
----
checkpoint-ngngx.html
cisco.html
fortinet.html
linux.html
----
* Download pages with alphabetical ranges.
----
curl-O -s https://yurisk.info/test[a-z]
----
== How to prevent errors on URLs that contain brackets
If the curl uses brackets (square and curly) for ranges (<a name="ee22">see above</a>), how do we work with URLs containing such symbols? By using the `-g` option to curl which turns off globbing. It also means we can't use ranges with URLs that contain brackets.
----
curl -g https://example.com/{ids}?site=example.gov
----
== Github: list names of all public repositories for a given user
To query the user's repositories, the URL should have the form of `https://api.github.com/users/<username>/repos`. For example, let's get all the repositories for `curl` project:
----
curl -s https://api.github.com/users/curl/repos | awk '/\wname/'
----
Output:
----
"full_name": "curl/build-images",
"full_name": "curl/curl",
"full_name": "curl/curl-cheat-sheet",
"full_name": "curl/curl-docker",
"full_name": "curl/curl-for-win",
"full_name": "curl/curl-fuzzer",
"full_name": "curl/curl-up",
"full_name": "curl/curl-www",
"full_name": "curl/doh",
"full_name": "curl/fcurl",
"full_name": "curl/h2c",
"full_name": "curl/stats",
----
_Note:_ Github imposes rate limits on the unauthorized requests, currently 60 requests/hour is the maximum. You can check how many queries are left with the _X-Ratelimit-Remaining_ header:
----
curl -s -i https://api.github.com/users/curl/repos | grep X-Ratelimit-Remaining
X-Ratelimit-Remaining: 54`
----
== Display weather report for a given city
There are many websites to query for weather information on the CLI, most popular seems to be wttr.in, so let's use it to get the weather in Milan:
----
curl wttr.in/Milan
----
Output:
----
Weather report: Milan
\ / Partly cloudy
_ /"".-. 17 °C
\_( ). ↓ 6 km/h
/(___(__) 10 km
0.0 mm
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Mon 04 May ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light rain │ .-. Light rain │ Overcast │ Cloudy │
│ ( ). 17 °C │ ( ). 18 °C │ .--. 17 °C │ .--. 12 °C │
│ (___(__) ↖ 26-36 km/h │ (___(__) ↖ 20-28 km/h │ .-( ). ↗ 15-24 km/h │ .-( ). ↗ 13-21 km/h │
9 km │ 9 km │ (___.__)__) 10 km │ (___.__)__) 10 km │
1.4 mm | 66% │ 1.9 mm | 65% │ 0.0 mm | 0% │ 0.0 mm | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Tue 05 May ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ Overcast │
│ _ /"".-. 19 °C │ _ /"".-. 20 °C │ _ /"".-. 20 °C │ .--. 19 °C │
│ \_( ). ↘ 9-14 km/h │ \_( ). ↙ 9-13 km/h │ \_( ). ↙ 14-21 km/h │ .-( ). ↙ 23-34 km/h │
│ /(___(__) 10 km │ /(___(__) 10 km │ /(___(__) 10 km │ (___.__)__) 10 km │
│ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
----

10700
cheat-sheets/curl-cookbook-of-examples.pdf Normal file
View file

File diff suppressed because it is too large Load diff

5
cheat-sheets/custom-theme.yml Normal file
View file

@ -0,0 +1,5 @@
extends: default
footer:
verso:
center:
content: ' https://www.linkedin.com/in/yurislobodyanyuk/ {doctitle}'

104
cheat-sheets/ed-text-editor-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,104 @@
= Ed text editor cheat sheet
:author: Yuri Slobodyanyuk
Author: Yuri Slobodyanyuk, https://linkedin.com/in/yurislobodyanyuk/ .
STATUS: Work in progress.
NOTE: The cheat sheet is for GNU version of `ed`. All values in [] are optional. `ed` fully supports Unicode.
.Command mode
[cols=2,options="header"]
|===
|Command
|Description
|*[_n_]a*
| Append - append a new line after the current , or, if _n_ is given, after the _nth_ line, then enter input mode. Use 0 (zero) for _n_ to append at the top of the buffer.
|*[_n_]i*
|Insert - insert a new line before the current or the _nth_ line, if given, then enter the input mode. Use 0 as _n_ to insert at the top of the buffer
|*[_n_]c*
|Change - change the current, or the _nth_ line if given, then enter the input mode. The current (or specified) line gets deleted before you start typing a new one.
|*[_start,end_]m[_dest_]*
|Move lines, including, from _start_ up to the _end_ after the _dest_ destination line.
|*[_start,end_]t[_dest_]*
| Transfer - copy lines _start_ through _end_ after the _dest_ line. If no line numbers are given, copies the current line and pastes underneath.
|*e [_filename_]*
|Edit a file - _filename_ if given, default if not.
WARNING: Current buffer and all of its changes are discarded.
|*[_start,end_]w [_filename_]*
| Write the current buffer (whole or just lines between _start_ and _end_) to a _filename_ if given or the currently set with the `file` command. The contents of the _filename_ is overwritten! Ed reports number of characters written on success.
|*[_start, end_]W [_filename_]*
|Write by appending the buffer to the file _filename_, the current contents of the _filename_ are not overwritten. Ed reports number of characters written on success.
|*[.]=*
| Show number of lines in the buffer, or, if `.` (dot) is given `.=`, show the line number of the current line.
|*P*
|Show/hide prompt, * (asterisk) is the default.
|*H*
|Turn on/off verbose error indication mode. With this mode off, `ed` only outputs `?` for any error without additional info.
|*! _shell command(s)_*
| Run the given _shell command(s)_ displaying their output without leaving the `ed`. Hitting <Enter> returns to the `ed` buffer. The shell's output is not kept or redirected to the buffer in any way.
|*r*
|Read
|*r !_shell command(s)_*
|Run the shell command
|*[_start_,_end_]p*
| Print lines from _start_ to _end_ or current if not set. Sets current line to the last line printed.
|*q*
|Quit the `ed`, warns if there are unsaved changes, if repeated 2nd time, quits discarding any unsaved changes.
|*Q*
|Quit `ed` unconditionally, discarding any unsaved changes.
|*u*
|Undo the last change. `ed` has only one level of uno, entering `u` the second time redoes the change undone before.
|*_n_*
|Go to the line _n_.
|*[_starting_address_]z[_lines-to-scroll_]*
| Scroll default 24 lines down, if _lines-to-scroll_ is not given. Optionally, start scrolling not from the current line (default), but from the line number _starting_address_. Resets current line to the last line after scrolling position.
|*[_start_,_end_]n*
|Print _start_,_end_ lines prefixed by their line number, analog of *p* but prints line numbers as well. Use `,n` to print the whole buffer with line numbers.
|*[_start_, _end_]s/_regex_/_replacement_/[g]*
|Substitute - on lines _start_ to _end_, find 1st occurrence of _regex_ from the left (or all the occurrences if `g` for Global prefix is added) and replace with the _replacement_.
|===
.Input mode
[cols=2, options="header"]
|===
|Command
|Description
|*.* (dot on a line by itself)
|Switch from input to the command mode. The . (dot) should be entered on a new line by itself, then <Enter>.
|*CTRL + C*
|Discard the changes done in the current input mode sequence, and return to the command mode. Only changes since entering last input mode are discarded, not the whole session.
|===

4473
cheat-sheets/ed-text-editor-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

377
cheat-sheets/fortigate-ssl-vpn-hardening-guide.adoc Normal file
View file

@ -0,0 +1,377 @@
= Fortigate VPN SSL Hardening Guide
:source-highlighter: rouge
:title: Fortigate VPN SSL Hardening Guide
:date: 2023-03-15 09:55:25+00:00
:toc:
Last updated: 19.03.2023
== Introduction
This guide is the result of closely following Fortigate VPN SSL vulnerabilities
over the years, actual cases of compromised firewalls, operational manuals and
reports of multiple gangs (e.g. _Conti manuals_) and my experience with Fortigates
of 15+ years and counting. By implementing all/some of the measures below you
will make your SSL VPN on Fortigate substantially harder to break in and thus less
attractive to the attackers.
== Change the default SSL VPN port 10443/443 to anything else
This security by obscurity actually works. In most cases, the attackers do
not target specific companies, but are looking for low hanging fruit. And the
easiest way to do so is to scan for known ports/services. And both, 443 and 10443, are
well known Fortigate listening ports. It is even easier - just search
Shodan/Censys for "Fortigate" and currently Shodan has 185K results for port
10443, and Censys 317K. That was what happened with a large VPN
credentials leak 2 years ago
https://www.linkedin.com/pulse/50000-vpn-usernames-passwords-from-fortigates-around-we-slobodyanyuk/
- all of the affected Fortigates were listening on either 443 or 10443 ports.
The possible downside can be that VPN users connecting via WiFi in hotels/caffe
may have outgoing ports blocked except 443, but with cellular packages being so
cheap today, it is viable for them to use their phone as hotspot for VPN
connectionis and avoid using public WiFi altogether.
image::x-fortigate-ssl-vpn-change-port.png[]
On the CLI:
----
config vpn ssl settings
set port 13123
----
== Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA
In general, keeping all the security info in one box (Fortigate here) is a bad
practice. The mentioned vulnerability CVE-2018-13379 affected only Fortigates
with local VPN users having local authentication. Additionally, you give up
password policies, centralized system to expire/change passwords,
non-repeatability of the passwords etc. with such locally authenticated on the
Fortigate users. Integrating user authentication with existing user database
(LDAP/Active Directory/Cloud AD) is a breeze in Fortigate.
== Enable Multi-Factor Authentication for VPN users
ANY form of MFA will be better than none. Hardware Fortigate come with 2 mobile
application FortiTokens for free. Additionally, you can use SMS as MFA, but will
cost you money, or email that is completely free.
The email as MFA is not visible nor enabled by default, so I wrote a short guide
how to use it
https://yurisk.info/2020/03/01/fortigate-enable-e-mail-as-mfa-and-increase-token-validity-time/[enable e-mail as a two-factor authentication for a user and increase token timeout]
And of course, any 3rd party providing MFA can be used via RADIUS protocol
(Okta/Azure/Duo/etc.)
There is also option of _client_ PKI certificates as MFA, which is quite secure,
but also is most complex in setting up of all. Client certificates do not work
together with SAML authentication (Azure/etc.), which is also a disadvantage.
== Limit access to VPN SSL portal to specific IP addresses
If your users happen to have static IP addresses assigned by their ISP, it is an excellent way to
limit exposure of VPN SSL portal.
image::x-fortigate-vpn-ssl-allow-specific-ips.png[]
== Move VPN SSL listening interface to a Loopback interface
This step will give an additional security control - Security Rule.
The benefits of which are:
* The rule is highly visible, not hidden in CLI as Local-in Policy.
* It will have detailed traffic & security logs.
* It enables to turn SSL VPN access on and off on a time schedule.
* Allows us to disable SSL VPN access in one click (just disable this security
rule) without deleting anything.
* Makes possible to use ISDB address objects (See below on blocking Tor Exit
Nodes).
* And finally, as SSL VPN is NOT hardware-accelerated on any Fortigate, no matter where it
is set, on physical or Loopback interface, no reason to avoid Loopback here.
To set it up:
* Create a Loopback interface (here _Loop33_ with IP of _13.13.13.13_, not shown)
* Enable VPN SSL on this Loopback in VPN SSL Settings:
image::x-fortigate-ssl-vpn-loopback-vpn-setings.png[]
* Allow access to the Loopback on the listening port from the Internet. I use _all_ as a
source (rule id _2_)
here, but see other recommendations on limiting source IP for finer control:
image::x-fortigate-ssl-vpn-loopback-security-rule.png[]
== (Less preferred than above) Limit access to SSL VPN portal in Local-in Policy
The idea here is that unlike limits in the VPN SSL Settings, limits in the
Local-in Policy come before any traffic reaches VPN SSL daemon. Starting with
FortiOS 7.2 we can also use in Local-in Policies GeoIP objects, external feeds (I
haven't seen much benefit in them though). As I mentioned above, due to CLI-only
nature of the Local-in Policy, it is more manageable to use rather Loopback for
SSL VPN connections. But Local-in policy can do the job as well, see some
examples of using it here
https://yurisk.info/2022/07/04/fortigate-local-in-policy-configuration-examples-for-vpn-ipsec-vpn-ssl-bgp-and-more/[Fortigate Local-in policy configuration examples for VPN IPSec, VPN SSL, BGP and more] and https://yurisk.info/2020/06/07/fortigate-local-in-policy/[Fortigate Local in Policy what it does and how to change/configure it]
== Limit access to portal by GeoIP location
When your users are located in a specific country(s), it is advisable to at
least limit access to the VPN to those countries. E.g. for users coming from
Israel:
* Create an address of type _Geography_:
image::x-fortigate-ssl-vpn-geography.png[]
* Use it in VPN SSL Settings:
image::x-fortigate-ssl-vpn-geoip-vpn-settings.png[]
The option to use Geo objects appeared in newer FortiOS, so if you have an older
version, moving SSL VPN to loopback interface will give you this option.
== Block access to/from Tor Exit Nodes and Relays to anything
Attackers using Tor are pretty much untraceable, so this motivates them to
brute-force from Tor network a lot. Again, it is possible to implement only when your SSL VPN is listening on the Loopback
interface - neither VPN Settings, nor Local-in Policy accept ISDB addresses so
far. Just use the ISDB objects for Tor Exit Nodes and Relays, and VPN
Anonymizers in the
security rule that is above the VPN SSL rule to block them.
image::x-fortigate-ssl-vpn-tor-exit-nodes.png[]
Security Rule to block access from Tor to the Loopback interface where SSL VPN
is listening:
image::x-fortigate-ssl-vpn-block-tor-to-loopback.png[]
== Install trusted CA-issued certificate, but don't issue Let's Encrypt certificates directly on the Fortigate
Users, and people in general, are suspicious of anything strange/new/unknown. If
they get used to a valid TLS certificate from a trusted CA Authority on each
login into VPN SSL, they will immediately catch the browser error when being
exposed to Man-in-the-middle attack. Users are your friends, just teach them
good habits and they will be your allies.
_Let's encrypt_ certificates - yes, they are free and trusted. But, issuing them
directly on the Fortigate has 2 disadvantages:
. It enables _Acme_ protocol daemon to listen on port 80, and it HAS to be open
from ANY for auto-renewal to work, and exposing any additional daemon to the
Internet is a bad idea. To be exact - you need to have port 80 open only for the
period of issuing/renewing the certificate. So, you may, if you want to, enable
incoming port 80 from any when requesting certificate, then close the port until
time comes to renew it. But then it is no different from manually requesting and
importing.
. It does not support requesting _wildcard_ certificates, only a specific
subdomain one. And this has additional downside - your VPN subdomain gets logged
on the Internet for everyone to see. Just search here
https://crt.sh/?q=yurisk.com
I do use Let's Encrypt certificates, but on a separate
Linux server from which I export then import the certificates to the Fortigate
manually.
== Configure email alert on each successful VPN SSL connection
Why on successful and not failed? The real-life experience proves that
after _nth_ alert on failed login in a day, people stop looking at them
at all. And in my opinion, the successful log in is more important than the
failed one.
I am working on a collection of automation stitches that will include also this
email alert, follow me for updates on this.
== Prevent re-using the same user account to connect in parallel
You can, by default, connect with the same VPN user from different locations at
the same time. To somewhat improve on this, disable simultaneous logins for
users. This way, the connected user will be disconnected when someone else logs
in with his/her credentials - this would alert the user that something fishy is
going on. You set this feature per Portal.
image::x-fortigate-ssl-vpn-limit-logins-per-user.png[]
On CLI:
----
config vpn ssl web portal
edit "full-access"
set limit-user-logins enable
end
----
== In security rules, allow access only to specific destinations and services, not _all_
I see it many times - to save few clicks, admins put in the _Destination_ column
of the SSL VPN security rule _all_/whole LAN, instead of specific host(s) with
specific services. If attackers get hold of VPN connection to the Fortigate,
they will mass scan internal LAN for AD Domain Controllers, SMB shares,
enumerate all hosts and none of this will happen if you harden the VPN Remote
Access rules to specific services and hosts.
image::x-fortigate-ssl-rule-to-specific-services.png[]
== If not using VPN SSL, disable it, or assign to a dummy interface
The VPN SSL setting is *on* by default, which is ok - as long as there is no
listening interface assigned to it and no security rules using `ssl.root`
exist, the service will NOT listen actually. On some FortiOS versions you have
to do it on CLI. If you want to disable temporarily SSL VPN without deleting
anything, you could, besides clicking on _Disable_, assign it a Loopback
interface which you also put in a _Down_ state.
image::x-fortigate-ssl-vpn-assign-loopback-which-is-disabled.png[]
On CLI:
----
config vpn ssl settings
set status disable
set source-interface Loop1
end
----
== Create a no-access portal and set it as default in the VPN settings
Once you have VPN SSL enabled, you *have* to specify the default portal
to which all unmapped to portals users will be assigned. To prevent unintended
users/groups connecting via this default portal, create the one disabling all
the access inside it and then set it as the default.
* Create a portal with no factual access:
----
config vpn ssl web portal
edit DefaultNoAccess
set tunnel-mode disable
set web-mode disable
set ipv6-tunnel-mode disable
next
end
----
* Make it the default portal:
----
config vpn ssl setting
set default-portal DefaultNoAccess
end
----
IMPORTANT: Make sure you have the relevant users/groups mapped to other, working portals, before doing this.
== Block offending IP after _n_ failed attempts
This slows down brute-force and scanning attacks on VPN SSL. This feature is on
by default, but the block duration is just 60 seconds. You will want to
tune it to your environment and users. I usually set number of failed login
attempts to 3, then block the offender for 10 minutes. In many cases it was
enough for accidental attackers to give up and move to another target.
This can be configured in CLI:
----
config vpn ssl settings
set login-attempt-limit 3
set login-block-time 600
end
----
Here I block the IP for 10 minutes after 3 unsuccessful authentication attempts.
The maximum duration of blocking is 86400 seconds, or 24 hours.
== Disable weak and outdated TLS protocols for SSL VPN
Even with newer FortiOS versions VPN SSL by default supports TLS 1.1, and TLS
1.2 versions that are outdated and recommended against usage everywhere. You can
set SSL VPN to use only TLS 1.2 & 1.3 (on CLI only) with this command ( I
thought of recommending to leave just TLS 1.3, but Forticlient is currently having
problems with using it on Windows 10 & 11, so not for now):
----
config vpn ssl settings
set ssl-min-proto-ver tls1-2
end
----
And make sure it worked:
----
curl -v https://vpn.yurisk.com:13123 --tlsv1.1 -o /dev/null
* Connected to vpn.yurisk.com (52.58.153.81) port 13123 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
} [140 bytes data]
* TLSv1.1 (IN), TLS alert, Server hello (2):
{ [2 bytes data]
* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol
version
----
NOTE: This will prevent older browsers/Forticlients from connecting, but we talk
about _very_ old versions, like Internet Explorer 11, or Chrome version 50
(current one is 110). So it should not be a problem.
== Consider switching from VPN SSL to VPN IPSec for clients
A bit drastic, but in all those years of VPN SSL vulnerabilities happening, I
remember of no single critical CVE for the IPSec daemon in Fortigate. Yes, it is more
involved in configuring it, but it may well be worth the effort. You use on the
client side the same Forticlient.
== Consider moving VPN SSL into its own VDOM
This is a measure against the worst case scenario - remotely executable 0-day
happens in the SSL VPN daemon, and attackers break into your Fortigate. In this
scenario the attackers will most probably create their own admin users for
persistence, set up VPN for remote access with rules permitting _Any_ to the
internal LAN, and if not trying to hide - will delete/remove your admin user to
block you access to the Fortigate. If this happens with the Fortigate that all
your DMZ/LAN/Storage/Backup networks are connected to, the game is over. But if
the same happens to the Internet-facing VDOM that has only SSL VPN configs and
rules, well, maximum they will have access to is anything you explicitly allowed
in rules between VDOMs. And if you implemented specific rules to allow specific
protocols to specific hosts, that would be not much of a gain to the attackers.
And all Fortigate models except the smallest ones, have hardware acceleration on
their inter-VDOM links, so perfomance-wise you lose nothing as well.
And price-wise, every Fortigate (even the smallest 40F) includes 10 VDOMs for free.
== Additional Resources to follow
* https://www.fortiguard.com/psirt Fortinet announcements on new vulnerabilities.
* https://yurisk.info/category/fortigate.html My blog's Fortigate category, has RSS feed
* https://t.me/fortichat Fortinet-related Telegram group with experts (Russian language)
* https://community.fortinet.com/ Fortinet Community Forum, a lot of Fortinet TAC folks hang out there.
* https://www.reddit.com/r/fortinet/ Well, Reddit is Reddit.

11249
cheat-sheets/fortigate-ssl-vpn-hardening-guide.pdf Normal file
View file

File diff suppressed because it is too large Load diff

53
cheat-sheets/git-and-github-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,53 @@
= Git and github.com cheat sheet
:author: Yuri Slobodyanyuk
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
[cols=2,options="header"]
|===
|command
|Description
|*git clone <URL of the remote repository> [local repo name]*
| Clone remote repository, optionally renaming the local copy of it.
|*git config --system <params>*
|Set configuration parameters for all users at the local host, requires root permissions, saves <params> in the `/etc/gitconfig`. Some params (when setting on the terminal, separate paramater value from name with whitespace):
- `core.editor` Editor to use to enter comments when committing. E.g. `git config --system core.editor vim`.
- `diff.tool` Diff tool to use, e.g. `vimdiff`,`vimdiff2`,`xxdiff`,`gvimdiff`
- `user.email` Email to be incldued in each commit.
- `user.name` Full name to be included in each commit.
|*git config --global <params>*
|Set <params> for ALL repositories of a user on the local host, saves <params> in the `~/.gitconfig` or `~/.config/git/config`.
|*git config --local <params>*
|(default) Set <params> for a specific repository only, should be run when inside this repository, saves <params> in the `.git/config` inside the repository.
|*git config --list --show-origin*
|View all the settings with their origins.
|*Contribute to a project (pull request/PR) on Github.com*
a| Steps to contribute to some project on the github:
. Fork the project you want to contribute to.
. Clone the fork to your local system.
. Make a new custom (non-master) branch inside it.
. Make your changes.
. Push this branch to your Github account.
. Open a Pull Request on the Github.com for the project owner to review & merge.
|===

1854
cheat-sheets/git-and-github-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

139
cheat-sheets/gnu-screen-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,139 @@
= GNU screen terminal commands cheat sheet
:author: Yuri Slobodyanyuk
Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
NOTE: `C-a` below stands for `Ctrl + a` keyboard sequence.
[cols=2,options="header"]
|===
|Command
|Description
|*~/.screenrc* & */etc/screenrc*
| Commands that the `screen` runs on start up.
|*screen -ls*
|List active screen sessions
|*screen -Q windows*
|List windows' names inside screen session
|*screen -S <session name>*
|Create a new screen session with the name <session name>
|*screen -x*
*screen -r <session name>*
|Attach to the running session, also by its name
|*screen -dRR*
|Attach to the screen session, detach on other display if attached. If no session exists, will create a new one.
|*C-a d*
| Detach from the session, session keeps running. Here, and further *C* means Ctrl.
|*C-a c*
|Create new window in the session.
|*C-a C-a*
|Switch to the previous window.
|*C-a "*
|List all windows with option to navigate and enter any of them.
|*C-w*
|Show a list of active windows with their numbers.
|*C-a <number>*
|Switch to the window number _number_.
|*C-a '*
|Switch to the window by its name.
|*C-a n*
|Switch to the next window.
|*C-a p*
|Switch to the previous window.
|*exit*
|Exit and close current window. If it was the last window in a session, exits `screen` terminating the session.
|*C-a k*
|Kill the current window forcefully (not recommended).
|*C-a : quit*
| Quit screen session completely terminating it. Alternatively - exit all screen windows.
|*C-a A*
|Rename current window.
|*C-a S*
|Split windows display horizontally. Use *C-a c* to create a new window inside the new split or *C-X* to close this part of split.
|*C-a \|*
|Split windows display vertically. Available starting screen 4.01, i.e. not available on Mac 2020 which still uses screen 4.00.
|*C-a tab*
|Jump to the next region in a split window display.
|*C-a Q*
| Unsplit the window, leaving the current window active.
|*C-a [* or *C-a <esc>*
|Enter buffer navigation mode to scroll output buffer, copy, edit and paste later. Navigation commands as per `vim` if Vim is set as editor.*<esc>* to leave the buffer mode.
|*<space>*
|Start/stop selection while in the buffer mode to select the text. Press `<space>` or `<Enter>` to copy the selected text. E.g. to select/copy the whole buffer: `C-a [ gg <space> G <space> <esc>`
|*C-a ]*
|Paste the selected text at the cursor of the terminal, or create a new window and say start Vim there and paste into it while in Insert mode.
|*C-a h*
|Dump the contents of the currently visible terminal to `hardcopy.<n>` file, where _n_ is auto-incrementing number of your window.
|*C-a H*
|Start/end logging all output of the curent window into a file `screenlog.N` where `N` is the window number. The data is appended, not overwritten if the file exists. Output printed before that is not logged.
|*C-a a*
| Send `Ctrl-a` sequence to the shell in the window, useful to jump to the beginning of the line.
|*C-a M*
|Monitor window for activity. When enabled, will notify you of any acitvity while you work in other window.
|*C-a _*
| Monitor window for 30 seconds of silence, will notify you in any other window as `Window 0: silence for 30 seconds`
|*C-a ?*
|Show all key bindings help.
|*Save session state*
|This is not possible. If you use the same layout each session, you can put start up commands to re-create it in `.screenrc` file in your home directory, but still - you cannot save the current session state, i.e. contents of the windows and their layout.
2+|*Sharing session (e.g. for pair programming/tutoring)*
a|Original session (say _user1_):
. Set suid root bit on `screen` binary: `sudo chmod +s /usr/bin/screen`
. Inside session you want to share: `C-a :` then `multiuser on` to enable sharing session.
. Add usernames to share the session with: `C-a :` `acladd <username>`
Connecting user (say _user2_):
. Run in shell: `screen -x <sharing username>/`, in our example `screen -x user1/`
|Sets up sharing the session. Another user connecting to the session views real-time its output, can enter and run commands himself. Also see *aclchg*, *acldel*, *aclgrp* for controlling what the connecting user can and cannot do. E.g. to remove _write_ permissions from all users on all windows: `:aclchg * -w #`
|*C-a **
| See who is connected to your shared screen session.
|===
Follow me on https://linkedin.com/in/yurislobodyanyuk/ for updates.

5035
cheat-sheets/gnu-screen-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

321
cheat-sheets/gnu-tar-example-reference.adoc Normal file
View file

@ -0,0 +1,321 @@
= GNU tar archive tool reference by example
Yuri Slobodyanyuk <yuri@yurisk.info>
:toc: auto
:source-highlighter: rouge
by Yuri Slobodyanyuk https://www.linkedin.com/in/yurislobodyanyuk/
NOTE: All the examples below are for the Linux GNU tar, not for Solaris, FreeBSD, or Mac OS operating systems native versions of tar.
== Archive and gzip-compress the current folder with tar
----
tar -czf gzipped-folder.tar.gz .
----
Here:
* `c` For _create_
* `z` For _gzip_ compress
* `f` Filename of the archive to create
* `.` (dot) for the current folder
The file `gzipped-folder.tar.gz` will contain all the files (including dot files) and subfolders of the current folder.
== Archive and gzip-compress the current folder using maximal compression possible
There are few ways to do it. The older versions of `tar` do not accept compression level for the `gzip`, so we have to hint to the `gzip` in other way.
=== Set compression level as the `GZIP` environmental variable for `gzip`
Let's set the maximum compression level of 9:
----
GZIP=-9 tar -cvzf maxcompression.tar.gz .
----
NOTE: Disadvantage of this method is that it depends on the shell you are using. It works for Bash, but may fail to work in other shells.
=== Set compression level by piping `tar` output to the `gzip`
Most starightforward way to do it:
----
tar -cvf - . | gzip -9 - > maxcompression.tar.gz
----
Variation of the above:
----
tar -cvf maxcompression.tar ; gzip -9 maxcompression.tar
----
=== Use `-I` option for modern versions of tar
This option `I` or `--use-compress-program` appeared somewhere in version 1.22 or earlier, year of 2009. So, if your tar is newer than that (most probably is), you can change compression level:
----
tar -I 'gzip -9' -cvf maxcompression.tar.gz .
----
`I` sends its arguments in quotes as options to the compression program of choice as is.
== Archive and bzip2-compress the current folder with tar
Same as the above, but use `bzip2` compression instead of the `gzip`. In the past the bzip2 compression produced smaller size archives compared to the gzip, but today they perform pretty much the same.
----
tar -cjf gzipped-folder.tar.bz2 .
----
Here:
* `c` For _create_
* `j` For _bzip2_ compress
* `f` Filename of the archive to create
The file `gzipped-folder.tar.bz2` will contain all the files (including dot files) and subfolders of the current folder.
== Archive the current folder but exlude specific file and/or subfolder
WARNING: Even though not explicitly mentioned in the tar's man - except for the newest versions, you HAVE to put the folder/path to work on as the LAST argument on the line, or `--exclude` will be ignored.
E.g. create an archive named `tared-folder.tar` to include all files/subfolders of the current folder except the file named `cookbook.gzip` and subfolder and its contents named `.git`:
----
tar -cvf tared-folder.tar --exclude=cookbook.gzip --exclude=.git .
----
`v` is for verbose output during the operation.
== List contents of a tar archive (gzipped or not) without actually extracting it
Use `-t` option before the `f`:
----
tar -tf gzipped-folder.tar.gz
----
== Create a tar archive embedding the current day, month, and year in the name
When running tar as scheduled/cron-ed job, it is benefitial to include date of the archive creation in the name.
E.g.: create a tar archive named _backup-<current date>.tar_ from files in the current folder ending in `*.md`:
----
tar -cf backup-`date +%d-%m-%Y`.tar *.md
----
Result:
----
ls *.tar
backup-13-07-2021.tar
----
NOTE: Look at the `man date` for more options, like hour, second etc.
== Append file(s) to the existing archive
The file(s) will be appended at the end of the archive, just so you know.
E.g. let's append to the existing _backup-13-07-2021.tar_ archive the file named _missfont.log_:
----
tar -rf backup-13-07-2021.tar missfont.log
----
== Move the current directory and all of its contents as a whole, keeping file permissions
An old trick to compensate for various deficiencies of `cp` and `mv`.
----
tar -cf - . | (cd new-location; tar xvpf -)
----
== Encrypt/Decrypt the resulting archive with OpenSSL and password
We just pipe the tar output to the OpenSSL, provided it is already installed. The password is given interactively in the CLI, so this is not very secure way to do so.
E.g. tar the current folder into tar archive and the encrypt it:
----
tar -cvf - * | openssl enc -e -aes256 -out encrypted-dolder.tar.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
----
Now, decrypt it:
----
openssl enc -d -aes256 -in encrypted-folder.tar.enc | tar -xf -
enter aes-256-cbc decryption password:
----
== Extract only specific file(s) from the tar archive
We may specify a specific filename to extrtact or use shell globbing patterns for file name matching.
E.g.: extract only file named _README.md_ from the archive tar _cookbooks.tar.bz2_:
----
tar -xjvf cookbooks.tar.bz2 ./README.md
----
E.g.: extract all Markdown files from the archive:
----
tar -xjvf cookbooks.tar.bz2 ./*.md
----
NOTE: `-j` is to extract from bzip2-compressed archive, if extracting from plain tar archive just remove -j
== Archive directory on the remote server and download to the local host via SSH in one command
Task: add to tar archive and compress contents of the directory _ASM_ on the remote server 19.23.55.158 and download it to the local host as file _ASM.tar.gz_
----
ssh root@19.23.55.158 'cd ASM && tar -czf - *' > ASM.tar.gz
root@19.23.55.158's password:
----
Result:
----
ls -l
-rw-r--r-- 1 root root 505 Jul 14 08:39 ASM.tar.gz
----
Here:
* `ASM` - relative path of the directory on the remote server, using absolute path is recommended.
* `tar -czf -` - creates gzip-compressed tar archive with stdout being the output device so we can redirect output on local server to the file _ASM.tar.gz_
== Remove / do not preserve / anonymize username and group name of the files owner when adding files to tar archive
By default tar will add files/directories to the archive along with their owner user/group. The only reliable way to prevent this is to replace actual data with fake user/group when adding to the archive.
E.g. Add file _README.md_ to the archive, but change the owner's username/group to the fictitious _Doe_ with numeric id of _1002_. If we supply just username/group name, then depending on version/implementation, the tar may change them as asked but leave the real numeric IDs. To force tar not to do it, specify both - alphanumeric name and numeric ID or add beyond numeric IDs the option `--numeric-owner`, which forces tar to keep only numeric IDs.
NOTE: tar does not check if the given user and group name actually exist on the system.
----
tar -cvf perms.tar README.md --owner=Doe:1002 --group=Doe:1002
----
Verify:
----
tar -vtf perms.tar
-rw-r--r-- Doe/Doe 542 2020-08-22 09:50 README.md
----
== Delete only specific file(s) or folder(s) from the archive
Not really possible. There is `--delete` option that seemingly does this, but under the surface this option just combines extracting the whole archive to the temporary directory, deleting the file(s) in question, and creating the archive again from scratch into one command.
== How can I run tar in parallel on multi-core CPU when creating an archive?
The short answer - you can't. The extended answer - you can't archive in parallel to the same archive (it was never the goal of `tar`, which originally wrote archives to the physical tapes that could not be accessed in parallel), but you have options (if you need at all) to parallelize compression of the archive. The options for parallel execution depend on the compressing utility used. There are `xz`, `7zip`, and `pigz` tools which can compress an archive in parallel, given the correct options. But they cannot decompress in parallel way though, only to compress.
== Find all tar archives even those NOT having .tar extension
In situation where you are presented with a bunch of files with random names, finding which ones are proper tar archive can be done in few ways. The idea behind all of them is to look for the tar's *magic number* inside the file. On systems with `file` utility installed, it is really easy:
----
# file * | awk -F: '/POSIX tar archive/ {print $1}'
damaged.tar
deleteme-13-07-2021.tar
maxwithI.tar.gz
perms.tar
permstar
permstar2
----
As you can see, it found tar archives without any extension _permstar_ and _permstar2_.
When the `file` tool is not available (highly unprobable), we can go more old school way looking at the magic number:
----
find . -type f -exec xxd -g 6 -s 257 -l 6 \{\} \; -print | sed -n '/757374617220/{n;p}'
./perms.tar
./maxwithI.tar.gz
./damaged.tar
./deleteme-13-07-2021.tar
./test/deleteme-13-07-2021.tar
./permstar2
./permstar
----
Here:
* 757374617220 is the magic number for the tar filetype
* `xxd` is hex dumper to show contents of a file in hexadecimal
* `-g 6` tells xxd to group the found bytes into a group of 6 bytes (size of the magic number) when printing
* `-l 6` limits output to just 6 bytes
* `-s 257` skips first 256 bytes to start printing from byte 257 forward
== tar archives symlinks instead of the objects they point to, how to fix?
Use `-h` switch to tell tar to dereference symlinks and add to archive objects (directories/files) that those symlinks point to.
----
tar -hcf .
----
This will dereference all symlinks found in the current directory.
== Archive only those objects modified last 24 hours
Tar itself does not have option to search by timestamps, but `find` does.
----
find . -mtime 0 -print0 | tar -cvf modified.tar --null -T -
----
Here:
* `-mtime` tells `find` what modification timestamps of the objects we are looking for, in days. The `0` means "0 days ago", i.e. last 24 hours. This option accepts relative values as well. E.g. `-2` means modified less than 2 days ago. And `-mtime +2` will find objects modified earlier than 2 days ago. See below for another example.
=== Archive only those objects modified between 24 and 48 hours ago
The extension of the above. In general, `find` is such an essential tool, that you can't do much without it in any Linux/BSD/Unix system.
----
find . -mtime 1 -print0 | tar -cvf modified.tar --null -T -
----
NOTE: To search for modified times in minute resolution, use `-mmin` instead of `-mtime`.
== Verify tar archive integrity in a Bash script, i.e. non interactively
Tar itself does not calculate/save checksum in the archive it creates. The rudimentary "integrity" check can be done
with `-t` switch, which produces an error and exits if the archive is severely damaged - cannot be read, headers are mangled and such. The change in the **contents** of a file this `-t` check will NOT notice. When gzip-ing tar archive, though, the CRC checksum is autosaved, but of the final tar archive, not individual files inside this archive. This way, if there is a CRC checksum mismatch on unzipping tar archive, the `gzip` will issue an error on the standard output.
So, to try and read the archive, verifying that it is readable:
----
#!/bin/bash
if ! tar tf /path/to/archive.tar &> /dev/null; then # Here we check the EXIT status of reading a tar archive, also redirecting stdout to the /dev/null, as no need to see the contents of archive
do_something_if_exit_status_is_error
fi
----

8659
cheat-sheets/gnu-tar-example-reference.pdf Normal file
View file

File diff suppressed because it is too large Load diff

65
cheat-sheets/links-text-browser-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,65 @@
= Links Text and Graphical Browser Cheat Sheet
:homepage: https://github.com/yuriskinfo/cheat-sheets
:toc:
NOTE: All the below relates to the Text Mode browsing. The keyboard shortcuts
work in GUI Mode as well, but no mention of it is attempted. The keyboard
shortcuts work when the Main Menu is not visible.
== Keyboard Shortcuts and Menus
[cols=2, options="header"]
|===
|Command
|Description
|*g*
|Brings up dialog window to enter URL to jump to. The default protocol is HTTP,
specify explicitly any other one, e.g. `ftp://ftp.hp.com`.
|*ESC*
|Show Main menu, press again to hide. The Main menu contains submenus with
access to all the browser functionality: _File_, _View_, _Download_, _Setup_, etc.
|*<-*, *z*
| Go back to the previous page.
|*->*, *x*
|Go forward one page.
|*q*
|Quit browser with confirmation. Use *Q* to quit immediately.
|*l*, *CTRL + N*
|Scroll page down.
|*p*, *CTRL + P*
|Scroll page up.
|*CTRL + R*
|Refresh/reload the current page.
|*/*
|Search forward for text on the current page starting at the top and finishing at the
bottom of the page. The searched text will be background-highlighted. The search
is case insensitive.
|*?*
|Search text backward - from the bottom to the top.
|*s*
|Show Bookmarks dialog menu with options to Add, Delete, Create Folder, Edit,
and Move bookmarks.
|===
== References
* http://links.twibright.com[Browser Homepage - http://links.twibright.com]

2184
cheat-sheets/links-text-browser-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

222
cheat-sheets/macos-mdfind-examples-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,222 @@
= macOS `mdfind` examples cheat sheet
:source-highlighter: rouge
:date: 2023-03-28 09:55:25+00:00
:slug: mdfind-macos-examples-cheat-sheet
:category: macOS
:tags: macOS, Apple
:toc:
== Introduction
`mdfind` is a command-line interface to the SpotLight search tool on every
Apple macOS system. Being a CLI tool, it saves time when searching for stuff in
your Mac. Unfortunately, there is a lot of documentation on the topic which is
out of date - the examples either do not work or give an error. Otherwise, the
tool is not well-documented. Below are few examples for every day usage, tested
on the newest versions - Catalina, Big Sur, Monterrey, Ventura.
== Find files with a given word in it
Just give the `mdfind` a word to search for, and it will find it in
file/media/applications
names, as well as in their contents.
----
mdfind mysearchword
----
== Search for a word in file names only, not their contents
Add `-name` qualifier before the search word.
----
mdfind -name October
----
Will find files named: _OctoberFest.pdf_, _inoctober.txt_, _Red October.mp4_
== Find a file with multiple keywords in its name
We can specify more than 1 word to look for in the file/app name - the `mdfind`
uses logical AND by default for multiple keywords.
----
mdfind -name red october
----
Will find: _Red October.mp4_, _red octoberfest.jpg_, but NOT _red.pdf_ or
_October.mp4_.
== Limit search to specific file format(s)
You can use ``kind:``__file-format__ to additionally limit results to this file
format. Be aware that _kind_ is not always the file extension though. I list the
most popular file formats below.
Find file with the _red_ in its name, but only in _mp4_, _.mov_ etc. files:
----
mdfind -name red kind:movie
----
|===
|*File format* |*kind term* |*File format* |*kind term*
|jpeg/jpg, png, gif, tiff
|image
|Application
|app
|mp3, ogg
|music
|mp4, mov, mpeg
|movie
|Bookmarks
|bookmark
|Email messages
|email
|Folders
|folder
|MS Word docs (docx, dot)
|word
|===
The other way to look for file extensions is with the _kMDItemFSName_ metadata
value and listing the desired extension after the asterisk.
----
mdfind "kMDItemFSName == '*.pdf'"
----
But if you want to look for a specific file name as well, you will have to pipe the
command above to _grep_ or alike.
== Look up folder names
Using (see table above) `kind:folder` we can search in folder names only.
Find all folders with the name _document_ in them:
`mdfind -name documents kind:folder`
== Search for an exact match
We can do it in 2 ways.
First, wrapping search terms in double and then single quotes:
----
mdfind -name '"red carpet"'
----
This will match _red carpet.txt_, but not _red 2 carpet.txt_.
The other way to look for an exact match is with the `-literal` qualifier, which prohibits any other qualifier though.
Find everything having _Hat, Red_ in the name:
`mdfind -literal "kMDItemDisplayName == 'Hat, Red'"`
Here, *kMDItemDisplayName* is a metadata field holding the item name for files/folders/etc. Any additional options will be ignored.
== Search in specific folder(s) only
We can use *-onlyin* option to limit the search:
`mdfind -name red.txt -onlyin ~/Documents`
This will only search in the folder _Documents_ and its subfoldes.
== Search by created, modified dates
IMPORTANT: The date format is your current locale. So, I put dates in the
_19/1/2023_ format, but if your Mac is set to use _1/19/2023_, do so.
Find file named _red_ and created on 19th of January 2023:
`mdfind -name red AND created:19/1/2023`
NOTE: The _AND_ is not explicitly needed here, but I put it for reminder yet.
Find file named _red_ modified on 19th of January 2023:
`mdfind -name red AND modified:19/1/2023`
The date-related searches also understand ranges.
Find files with _red_ in their name modified in the period from the 1st of January
2023, and up to (including) 19th of January 2023:
`mdfind -name red modified:01/01/2023-19/1/2023`
Same, but _created_ in that period:
`mdfind -name red created:01/01/2023-19/1/2023`
== Find file by their size
We can specify file size as additional search term.
This will find files with the _red_ in their names AND of size 0 bytes.
`mdfind name:red AND size:0`
`mdfind name:red AND NOT size:0` will find files named _red_ that are NOT 0
bytes in size.
We can provide ranges for sizes as well. To find files named _red_ of size
between 10 and 25 bytes:
`mdfind -interpret name:red AND size:\<25 AND size:\>10`
NOTE: The '\' escapes '<' and '>' from the shell interpretation.
== Disable Spotlight/mdfind indexing for a specific volume
* Spotlight (and thus mdfind) stores its index for each hard drive in a hidden
directory named `.Spotlight-V100` located at the root of each disk. You can list this directory contents with
sudo mdutil -L _path-to-the-disk_* , e.g.
----
sudo mdutil -L /Volumes/exFAT1Tb
/Volumes/exFAT1Tb/.Spotlight-V100:
drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 Store-V2
-rwxrwxrwx 1 99 99 4246 Jun 13 2022 11:09
VolumeConfiguration.plist
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2:
drwxrwxrwx 1 99 99 262144 Jun 27 2021 07:46 B332121F-C8CA-4FF1-924A-67FC321C3FFCC/
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_post:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.assisted_import_pre:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.corespotlight:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.health_check:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_priority:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_system:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.live_user:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.migration_secondchance:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.repair:
/Volumes/exFAT1Tb/.Spotlight-V100/Store-V2/B332121F-C8CA-4FF1-924A-67FC321C3FFCC/journals.scan:
----
* For space savings or privacy concerns, you can turn off indexing of a given volume by running
*sudo mdutil -i off /Volumes/__volume-name__*, and even
erase the existing index with *sudo mdutil -E /Volumes/__volume-name__*.
== Resources
* For additional cheat sheets, see Github: https://github.com/yuriskinfo/cheat-sheets
_Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I
publish on Linkedin, Github, blog, and more._

5572
cheat-sheets/macos-mdfind-examples-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

36
cheat-sheets/ncftp-commands-reference-by-example-cookbook.adoc Normal file
View file

@ -0,0 +1,36 @@
= ncftp Ftp Client Commands example cookbook
:source-highlighter: rouge
:date: 2022-02-09 07:55:25+00:00
:toc: auto
== Connect to remote FTP server specifying username and password on the command line
WARNING: This means that username/password can be seen by other users logged in on the machine (if any)
[source,bash]
----
ncftp -u ftpuser -p qwe123 ftp.slackware.com
----
.Here:
* -u _user_: specify username on the FTP server
* -p _password_: specify password of FTP user
* ftp.slackware.com: FTP server domain name or IP address to connect to.
After connecting we can issue FTP client commands on the prompt.
== Upload a file renaming it at the destination
`ncftp` will not upload a file if a file with the same name exists in the destination server. To still upload such file, we can rename it using `-z` option.
Upload file named _manifesto-1.pdf_ to the FTP server renaming it to _manifesto-2.pdf_
[source,bash]
----
ncftp / > put -z manifesto-1.pdf manifesto-2.pdf
manifesto-1.pdf: 11.40 kB 2.49 MB/s
----

1336
cheat-sheets/ncftp-commands-reference-by-example-cookbook.pdf Normal file
View file

File diff suppressed because it is too large Load diff

78
cheat-sheets/nslookup-commands-cheat-sheet.adoc Normal file
View file

@ -0,0 +1,78 @@
= nslookup commands cheat sheet
:homepage: https://github.com/yuriskinfo/cheat-sheets
:toc:
NOTE: All the commands below are for the Interactive mode.
[cols=2, options="headers"]
|===
|Command
|Description
|*nslookup*
|Enter the interactive mode. The nslookup prompt `>` opens.
|*set all*
|Show current settings for the session, useful to show what the `nslookup` is actually going to do on the next query.
|*set ty=_Record-type-to-query-for_*
|Sets the record `type` you want to query. E.g. `set ty=MX` - all following queries will ask for MX record only, until changed again with `set ty=...`. Available types A, AAAA, MX, TXT, SOA, CNAME, etc. as per DNS protocol.
|*_domain_*
|Query the domain _domain_ for the value of the record type set previously via `set ty=...` or A record by default.
|*server [_IP-address-of-alternative-DNS-server_]*
a|Run by itself, `server` prints DNS server(s) currently set and used for resolving. Change the DNS server to query by specifying IP address of the server, e.g.
----
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
----
|*set debug/nodebug*
|Enable verbose output of what the `nslookup` is actually doing (*debug*), or disable *nodebug* (default). Shows what server is being queried, additional records, whether the server is authoritative or not.
|*IDN_DISABLE*
a|Environment variable, if not set (default) enables querying IDN names, e.g.:
----
> set ty=A
> рег.рф
Server: 8.8.8.8
Address: 8.8.8.8#53
------------
QUESTIONS:
рег.рф, type = A, class = IN
ANSWERS:
-> рег.рф
internet address = 194.58.116.37
ttl = 21600
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: рег.рф
Address: 194.58.116.37
----
|*set port=_N_*
|Set port different from 53 on the remote DNS server. NOTE: `nslookup` does NOT support DOT/DOH protocols, only plain old clear text DNS.
|*exit*
|Leave `nslookup` interactive mode to the command line of terminal.
|WINDOWS only:
*ls -d* _domain-name_
|Try to do AXFR zone transfer from the configured DNS server. If works and unintended - serious security risk. Linux version of nslookup does NOT have this option. E.g. `ls -d yurisk.info`.
|===

2305
cheat-sheets/nslookup-commands-cheat-sheet.pdf Normal file
View file

File diff suppressed because it is too large Load diff

BIN
cheat-sheets/x-fortigate-ssl-rule-to-specific-services.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-assign-loopback-which-is-disabled.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-block-tor-from-lan.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-block-tor-to-loopback.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-change-port.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 105 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-geography.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 91 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-geoip-vpn-settings.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-limit-logins-per-user.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-loopback-security-rule.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 109 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-loopback-vpn-setings.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-rule-toloopback.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-tor-exit-nodes.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 130 KiB

BIN
cheat-sheets/x-fortigate-ssl-vpn-tor-rule.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
cheat-sheets/x-fortigate-vpn-ssl-allow-specific-ips.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 67 KiB