public/Invoke-VPASAuditSafeTest.ps1
|
<#
.Synopsis RUN AUDIT SAFE TESTS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RUN AUDIT TESTS FOR SAFES .LINK https://vpasmodule.com/commands/Invoke-VPASAuditSafeTest .NOTES SelfHosted: TRUE PrivCloudStandard: TRUE SharedServices: TRUE .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .EXAMPLE $RunAuditSafeTests = Invoke-VPASAuditSafeTest .OUTPUTS $true if successful --- $false if failed #> function Invoke-VPASAuditSafeTest{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ $OutputResultsToFile = $true $ErrorInAudit = $false $AuditFailCount = 0 $curUser = $env:UserName $ConfigFilePath = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits" $ConfigFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits\AuditSafeTestConfigs.txt" if($OutputResultsToFile){ $OutputFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits\AuditSafesResults.txt" $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : BEGINNING AUDIT TEST" | Set-Content $OutputFile } Write-Verbose "CONSTRUCTING FILEPATHS FOR AuditSafeTestConfigs" #FILE CREATION try{ if(Test-Path -Path $ConfigFilePath){ #DO NOTHING Write-Verbose "AuditSafeTestConfigs DIRECTORY EXISTS" if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : SAFE AUDIT PRECHECK 1 PASSED" | Add-Content $OutputFile } } else{ Write-Verbose "AuditSafeTestConfigs DIRECTORY DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTest COMMAND TO INITIATE TEST CASES" Write-Verbose "Returning False" Write-VPASOutput -str "AuditSafeTestConfigs DIRECTORY DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } if(Test-Path -Path $ConfigFile){ if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : SAFE AUDIT PRECHECK 2 PASSED" | Add-Content $OutputFile } #START PARSING FILE HERE $AllLines = Get-Content -Path $ConfigFile $AuditSafeNameConvention = "" $AuditNumberOfSafeMembers = 0 $AuditSafeMembers = @{} $AuditSafeMember = "" $AuditPermissions = @() $AuditCPMName = "" $AuditIgnoreSafes = @() foreach($line in $AllLines){ #SafeNamingConvention if($line -match "SafeNamingConvention="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditSafeNameConvention = $tempValSplit[1] Write-Verbose "SafeNamingConvention = $AuditSafeNameConvention" } #NumberOfSafeMembers if($line -match "NumberOfSafeMembers="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditNumberOfSafeMembers = [int]$tempValSplit[1] Write-Verbose "NumberOfSafeMembers = $AuditNumberOfSafeMembers" } #SafeMember if($line -match "SafeMember="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditSafeMember = $tempValSplit[1] Write-Verbose "SafeMember = $AuditSafeMember" } #Permissions if($line -match "Permissions="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditPermissionsTemp = $tempValSplit[1] Write-Verbose "Permissions = $AuditPermissionsTemp" $pUseAccounts = $false $pRetrieveAccounts = $false $pListAccounts = $false $pAddAccounts = $false $pUpdateAccountContent = $false $pUpdateAccountProperties = $false $pInitiateCPMAccountManagementOperations = $false $pSpecifyNextAccountContent = $false $pRenameAccounts = $false $pDeleteAccounts = $false $pUnlockAccounts = $false $pManageSafe = $false $pManageSafeMembers = $false $pBackupSafe = $false $pViewAuditLog = $false $pViewSafeMembers = $false $pAccessWithoutConfirmation = $false $pCreateFolders = $false $pDeleteFolders = $false $pMoveAccountsAndFolders = $false $pRequestsAuthorizationLevel1 = $false $pRequestsAuthorizationLevel2 = $false $AuditPermissions = $AuditPermissionsTemp -split ";" foreach($perm in $AuditPermissions){ if($perm -eq "UseAccounts"){ $pUseAccounts = $true } if($perm -eq "RetrieveAccounts"){ $pRetrieveAccounts = $true } if($perm -eq "ListAccounts"){ $pListAccounts = $true } if($perm -eq "AddAccounts"){ $pAddAccounts = $true } if($perm -eq "UpdateAccountContent"){ $pUpdateAccountContent = $true } if($perm -eq "UpdateAccountProperties"){ $pUpdateAccountProperties = $true } if($perm -eq "InitiateCPMAccountManagementOperations"){ $pInitiateCPMAccountManagementOperations = $true } if($perm -eq "SpecifyNextAccountContent"){ $pSpecifyNextAccountContent = $true } if($perm -eq "RenameAccounts"){ $pRenameAccounts = $true } if($perm -eq "DeleteAccounts"){ $pDeleteAccounts = $true } if($perm -eq "UnlockAccounts"){ $pUnlockAccounts = $true } if($perm -eq "ManageSafe"){ $pManageSafe = $true } if($perm -eq "ManageSafeMembers"){ $pManageSafeMembers = $true } if($perm -eq "BackupSafe"){ $pBackupSafe = $true } if($perm -eq "ViewAuditLog"){ $pViewAuditLog = $true } if($perm -eq "ViewSafeMembers"){ $pViewSafeMembers = $true } if($perm -eq "AccessWithoutConfirmation"){ $pAccessWithoutConfirmation = $true } if($perm -eq "CreateFolders"){ $pCreateFolders = $true } if($perm -eq "DeleteFolders"){ $pDeleteFolders = $true } if($perm -eq "MoveAccountsAndFolders"){ $pMoveAccountsAndFolders = $true } if($perm -eq "RequestsAuthorizationLevel1"){ $pRequestsAuthorizationLevel1 = $true } if($perm -eq "RequestsAuthorizationLevel2"){ $pRequestsAuthorizationLevel2 = $true } } $Perms = @{ UseAccounts = $pUseAccounts RetrieveAccounts = $pRetrieveAccounts ListAccounts = $pListAccounts AddAccounts = $pAddAccounts UpdateAccountContent = $pUpdateAccountContent UpdateAccountProperties = $pUpdateAccountProperties InitiateCPMAccountManagementOperations = $pInitiateCPMAccountManagementOperations SpecifyNextAccountContent = $pSpecifyNextAccountContent RenameAccounts = $pRenameAccounts DeleteAccounts = $pDeleteAccounts UnlockAccounts = $pUnlockAccounts ManageSafe = $pManageSafe ManageSafeMembers = $pManageSafeMembers BackupSafe = $pBackupSafe ViewAuditLog = $pViewAuditLog ViewSafeMembers = $pViewSafeMembers AccessWithoutConfirmation = $pAccessWithoutConfirmation CreateFolders = $pCreateFolders DeleteFolders = $pDeleteFolders MoveAccountsAndFolders = $pMoveAccountsAndFolders RequestsAuthorizationLevel1 = $pRequestsAuthorizationLevel1 RequestsAuthorizationLevel2 = $pRequestsAuthorizationLevel2 } $AuditSafeMembers += @{ $AuditSafeMember = $Perms } $AuditSafeMember = "" $AuditPermissions = @() } #CPMName if($line -match "CPMName="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditCPMName = $tempValSplit[1] Write-Verbose "CPMName = $AuditCPMName" } #IgnoreSafes if($line -match "IgnoreSafes="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditIgnoreSafesTemp = $tempValSplit[1] Write-Verbose "IgnoreSafes = $AuditIgnoreSafesTemp" $AuditIgnoreSafes = $AuditIgnoreSafesTemp -split ";" } } } else{ Write-Verbose "AuditSafeTestConfigs.txt DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" Write-Verbose "Returning False" Write-VPASOutput -str "AuditSafeTestConfigs.txt DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } }catch{ Write-VPASOutput -str "ERROR READING AuditSafeTestConfigs FILE" -type E Write-VPASOutput -str $_ -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile write-output "$_" | Add-Content $OutputFile } return $false } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDITING SAFES AGAINST THE FOLLOWING PARAMETERS:" | Add-Content $OutputFile write-output "$timestamp : `tSafeNameConvention = $AuditSafeNameConvention" | Add-Content $OutputFile write-output "$timestamp : `tCPMName = $AuditCPMName" | Add-Content $OutputFile write-output "$timestamp : `tIgnoreSafes = $AuditIgnoreSafes" | Add-Content $OutputFile write-output "$timestamp : `tNumberOfSafeMembers = $AuditNumberOfSafeMembers" | Add-Content $OutputFile $AllKeys = $AuditSafeMembers.Keys $targetMembers = @() $MemberCheckArr = @{} foreach($rec in $AllKeys){ $targetUser = $rec $str = "" $pUseAccounts = $AuditSafeMembers.$rec.UseAccounts $pRetrieveAccounts = $AuditSafeMembers.$rec.RetrieveAccounts $pListAccounts = $AuditSafeMembers.$rec.ListAccounts $pAddAccounts = $AuditSafeMembers.$rec.AddAccounts $pUpdateAccountContent = $AuditSafeMembers.$rec.UpdateAccountContent $pUpdateAccountProperties = $AuditSafeMembers.$rec.UpdateAccountProperties $pInitiateCPMAccountManagementOperations = $AuditSafeMembers.$rec.InitiateCPMAccountManagementOperations $pSpecifyNextAccountContent = $AuditSafeMembers.$rec.SpecifyNextAccountContent $pRenameAccounts = $AuditSafeMembers.$rec.RenameAccounts $pDeleteAccounts = $AuditSafeMembers.$rec.DeleteAccounts $pUnlockAccounts = $AuditSafeMembers.$rec.UnlockAccounts $pManageSafe = $AuditSafeMembers.$rec.ManageSafe $pManageSafeMembers = $AuditSafeMembers.$rec.ManageSafeMembers $pBackupSafe = $AuditSafeMembers.$rec.BackupSafe $pViewAuditLog = $AuditSafeMembers.$rec.ViewAuditLog $pViewSafeMembers = $AuditSafeMembers.$rec.ViewSafeMembers $pAccessWithoutConfirmation = $AuditSafeMembers.$rec.AccessWithoutConfirmation $pCreateFolders = $AuditSafeMembers.$rec.CreateFolders $pDeleteFolders = $AuditSafeMembers.$rec.DeleteFolders $pMoveAccountsAndFolders = $AuditSafeMembers.$rec.MoveAccountsAndFolders $pRequestsAuthorizationLevel1 = $AuditSafeMembers.$rec.RequestsAuthorizationLevel1 $pRequestsAuthorizationLevel2 = $AuditSafeMembers.$rec.RequestsAuthorizationLevel2 if($pUseAccounts){ $str += "UseAccounts;" } if($pRetrieveAccounts){ $str += "RetrieveAccounts;" } if($pListAccounts){ $str += "ListAccounts;" } if($pAddAccounts){ $str += "AddAccounts;" } if($pUpdateAccountContent){ $str += "UpdateAccountContent;" } if($pUpdateAccountProperties){ $str += "UpdateAccountProperties;" } if($pInitiateCPMAccountManagementOperations){ $str += "InitiateCPMAccountManagementOperations;" } if($pSpecifyNextAccountContent){ $str += "SpecifyNextAccountContent;" } if($pRenameAccounts){ $str += "RenameAccounts;" } if($pDeleteAccounts){ $str += "DeleteAccounts;" } if($pUnlockAccounts){ $str += "UnlockAccounts;" } if($pManageSafe){ $str += "ManageSafe;" } if($pManageSafeMembers){ $str += "ManageSafeMembers;" } if($pBackupSafe){ $str += "BackupSafe;" } if($pViewAuditLog){ $str += "ViewAuditLog;" } if($pViewSafeMembers){ $str += "ViewSafeMembers;" } if($pAccessWithoutConfirmation){ $str += "AccessWithoutConfirmation;" } if($pCreateFolders){ $str += "CreateFolders;" } if($pDeleteFolders){ $str += "DeleteFolders;" } if($pMoveAccountsAndFolders){ $str += "MoveAccountsAndFolders;" } if($pRequestsAuthorizationLevel1){ $str += "RequestsAuthorizationLevel1;" } if($pRequestsAuthorizationLevel2){ $str += "RequestsAuthorizationLevel2;" } $targetPermissions = $AuditSafeMembers.$rec write-output "$timestamp : `tTargetSafeMember = $targetUser" | Add-Content $OutputFile write-output "$timestamp : `tTargetPermissions = $str" | Add-Content $OutputFile $targetMembers += $targetUser.ToLower() $MemberCheckArr += @{ $targetUser = $false } } } $AllSafes = Get-VPASSafes -token $token -searchQuery "$AuditSafeNameConvention" if($AllSafes){ #WE HAVE A BUNCH OF SAFES NOW $counter = $AllSafes.count if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : $counter SAFES FOUND CONTAINING *$AuditSafeNameConvention* " | Add-Content $OutputFile Write-Verbose "FOUND $counter SAFES CONTAINING *$AuditSafeNameConvention* " } foreach($saferes in $AllSafes.value){ $safe = $saferes.safename $CPM = $saferes.managingCPM write-verbose "ANALYZING SAFE: $safe" if($AuditIgnoreSafes.Contains($safe)){ #DO NOTHING...SKIPPING SAFE Write-Verbose "SKIPPING $safe...PART OF IGNORE SAFE SET" } else{ #CONTINUE QUERYING CYBERARK FOR MEMBERS AND OTHER CHECKS if($AuditCPMName -eq "NULL"){ #SKIPPING CPM AUDIT } else{ if($CPM -ne $AuditCPMName){ if([String]::IsNullOrEmpty($CPM)){ $CPM = "None" } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (CPM) - $safe - CURRENT CPM ASSIGNED $CPM...SHOULD BE $AuditCPMName" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 Write-Verbose "CPM USER IS INCORRECT ON SAFE: $safe" } } } if($AuditNumberOfSafeMembers -eq "0"){ #SKIPPING SAFE MEMBERS CHECK } else{ $AllSafemembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers foreach($foundMember in $AllSafemembers.value){ $MemberName = $foundMember.memberName $permissions = $foundMember.permissions Write-Verbose "ANALYZING SAFE MEMBER: $MemberName ON SAFE: $safe" $MemberName = $MemberName.ToLower() if($targetMembers.Contains($MemberName)){ #FOUND TARGET MEMBER $MemberCheckArr.$MemberName = $true Write-Verbose "FOUND TARGET MEMBER: $MemberName ON SAFE: $safe" #CURRENT PERMS $pUseAccounts = $permissions.UseAccounts $pRetrieveAccounts = $permissions.RetrieveAccounts $pListAccounts = $permissions.ListAccounts $pAddAccounts = $permissions.AddAccounts $pUpdateAccountContent = $permissions.UpdateAccountContent $pUpdateAccountProperties = $permissions.UpdateAccountProperties $pInitiateCPMAccountManagementOperations = $permissions.InitiateCPMAccountManagementOperations $pSpecifyNextAccountContent = $permissions.SpecifyNextAccountContent $pRenameAccounts = $permissions.RenameAccounts $pDeleteAccounts = $permissions.DeleteAccounts $pUnlockAccounts = $permissions.UnlockAccounts $pManageSafe = $permissions.ManageSafe $pManageSafeMembers = $permissions.ManageSafeMembers $pBackupSafe = $permissions.BackupSafe $pViewAuditLog = $permissions.ViewAuditLog $pViewSafeMembers = $permissions.ViewSafeMembers $pAccessWithoutConfirmation = $permissions.AccessWithoutConfirmation $pCreateFolders = $permissions.CreateFolders $pDeleteFolders = $permissions.DeleteFolders $pMoveAccountsAndFolders = $permissions.MoveAccountsAndFolders $pRequestsAuthorizationLevel1 = $permissions.RequestsAuthorizationLevel1 $pRequestsAuthorizationLevel2 = $permissions.RequestsAuthorizationLevel2 #AUDIT PERMS $cUseAccounts = $AuditSafeMembers.$MemberName.UseAccounts $cRetrieveAccounts = $AuditSafeMembers.$MemberName.RetrieveAccounts $cListAccounts = $AuditSafeMembers.$MemberName.ListAccounts $cAddAccounts = $AuditSafeMembers.$MemberName.AddAccounts $cUpdateAccountContent = $AuditSafeMembers.$MemberName.UpdateAccountContent $cUpdateAccountProperties = $AuditSafeMembers.$MemberName.UpdateAccountProperties $cInitiateCPMAccountManagementOperations = $AuditSafeMembers.$MemberName.InitiateCPMAccountManagementOperations $cSpecifyNextAccountContent = $AuditSafeMembers.$MemberName.SpecifyNextAccountContent $cRenameAccounts = $AuditSafeMembers.$MemberName.RenameAccounts $cDeleteAccounts = $AuditSafeMembers.$MemberName.DeleteAccounts $cUnlockAccounts = $AuditSafeMembers.$MemberName.UnlockAccounts $cManageSafe = $AuditSafeMembers.$MemberName.ManageSafe $cManageSafeMembers = $AuditSafeMembers.$MemberName.ManageSafeMembers $cBackupSafe = $AuditSafeMembers.$MemberName.BackupSafe $cViewAuditLog = $AuditSafeMembers.$MemberName.ViewAuditLog $cViewSafeMembers = $AuditSafeMembers.$MemberName.ViewSafeMembers $cAccessWithoutConfirmation = $AuditSafeMembers.$MemberName.AccessWithoutConfirmation $cCreateFolders = $AuditSafeMembers.$MemberName.CreateFolders $cDeleteFolders = $AuditSafeMembers.$MemberName.DeleteFolders $cMoveAccountsAndFolders = $AuditSafeMembers.$MemberName.MoveAccountsAndFolders $cRequestsAuthorizationLevel1 = $AuditSafeMembers.$MemberName.RequestsAuthorizationLevel1 $cRequestsAuthorizationLevel2 = $AuditSafeMembers.$MemberName.RequestsAuthorizationLevel2 if($pUseAccounts -ne $cUseAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UseAccounts IS SET TO $pUseAccounts...SHOULD BE SET TO $cUseAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UseAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRetrieveAccounts -ne $cRetrieveAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RetrieveAccounts IS SET TO $pRetrieveAccounts...SHOULD BE SET TO $cRetrieveAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RetrieveAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pListAccounts -ne $cListAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ListAccounts IS SET TO $pListAccounts...SHOULD BE SET TO $cListAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ListAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pAddAccounts -ne $cAddAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName AddAccounts IS SET TO $pAddAccounts...SHOULD BE SET TO $cAddAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "AddAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUpdateAccountContent -ne $cUpdateAccountContent){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UpdateAccountContent IS SET TO $pUpdateAccountContent...SHOULD BE SET TO $cUpdateAccountContent" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UpdateAccountContent PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUpdateAccountProperties -ne $cUpdateAccountProperties){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UpdateAccountProperties IS SET TO $pUpdateAccountProperties...SHOULD BE SET TO $cUpdateAccountProperties" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UpdateAccountProperties PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pInitiateCPMAccountManagementOperations -ne $cInitiateCPMAccountManagementOperations){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName InitiateCPMAccountManagementOperations IS SET TO $pInitiateCPMAccountManagementOperations...SHOULD BE SET TO $cInitiateCPMAccountManagementOperations" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "InitiateCPMAccountManagementOperations PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pSpecifyNextAccountContent -ne $cSpecifyNextAccountContent){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName SpecifyNextAccountContent IS SET TO $pSpecifyNextAccountContent...SHOULD BE SET TO $cSpecifyNextAccountContent" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "SpecifyNextAccountContent PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRenameAccounts -ne $cRenameAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RenameAccounts IS SET TO $pRenameAccounts...SHOULD BE SET TO $cRenameAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RenameAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pDeleteAccounts -ne $cDeleteAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName DeleteAccounts IS SET TO $pDeleteAccounts...SHOULD BE SET TO $cDeleteAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "DeleteAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUnlockAccounts -ne $cUnlockAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UnlockAccounts IS SET TO $pUnlockAccounts...SHOULD BE SET TO $cUnlockAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UnlockAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pManageSafe -ne $cManageSafe){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ManageSafe IS SET TO $pManageSafe...SHOULD BE SET TO $cManageSafe" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ManageSafe PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pManageSafeMembers -ne $cManageSafeMembers){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ManageSafeMembers IS SET TO $pManageSafeMembers...SHOULD BE SET TO $cManageSafeMembers" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ManageSafeMembers PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pBackupSafe -ne $cBackupSafe){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName BackupSafe IS SET TO $pBackupSafe...SHOULD BE SET TO $cBackupSafe" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "BackupSafe PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pViewAuditLog -ne $cViewAuditLog){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ViewAuditLog IS SET TO $pViewAuditLog...SHOULD BE SET TO $cViewAuditLog" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ViewAuditLog PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pViewSafeMembers -ne $cViewSafeMembers){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ViewSafeMembers IS SET TO $pViewSafeMembers...SHOULD BE SET TO $cViewSafeMembers" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ViewSafeMembers PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pAccessWithoutConfirmation -ne $cAccessWithoutConfirmation){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName AccessWithoutConfirmation IS SET TO $pAccessWithoutConfirmation...SHOULD BE SET TO $cAccessWithoutConfirmation" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "AccessWithoutConfirmation PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pCreateFolders -ne $cCreateFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName CreateFolders IS SET TO $pCreateFolders...SHOULD BE SET TO $cCreateFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "CreateFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pDeleteFolders -ne $cDeleteFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName DeleteFolders IS SET TO $pDeleteFolders...SHOULD BE SET TO $cDeleteFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "DeleteFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pMoveAccountsAndFolders -ne $cMoveAccountsAndFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName MoveAccountsAndFolders IS SET TO $pMoveAccountsAndFolders...SHOULD BE SET TO $cMoveAccountsAndFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "MoveAccountsAndFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRequestsAuthorizationLevel1 -ne $cRequestsAuthorizationLevel1){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RequestsAuthorizationLevel1 IS SET TO $pRequestsAuthorizationLevel1...SHOULD BE SET TO $cRequestsAuthorizationLevel1" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RequestsAuthorizationLevel1 PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRequestsAuthorizationLevel2 -ne $cRequestsAuthorizationLevel2){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RequestsAuthorizationLevel2 IS SET TO $pRequestsAuthorizationLevel2...SHOULD BE SET TO $cRequestsAuthorizationLevel2" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RequestsAuthorizationLevel2 PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } } } $AllCheckKeys = $MemberCheckArr.Keys foreach($CheckKey in $AllCheckKeys){ if($MemberCheckArr.$CheckKey -eq $false){ if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER) - $safe - MISSING SAFE MEMBER: $CheckKey" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } } } } } } } else{ Write-Verbose "FAILED TO QUERY CYBERARK FOR SAFES" Write-Verbose "Returning False" Write-VPASOutput -str "FAILED TO QUERY CYBERARK FOR SAFES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : $AuditFailCount FAILED AUDIT TESTS" | Add-Content $OutputFile } if($ErrorInAudit){ Write-Verbose "SOME AUDIT CHECKS FAILED...RETURNING FALSE" Write-VPASOutput -str "AuditSafeTest RAN SUCCESSFULLY, BUT SOME ERRORS WERE DISCOVERED" -type M Write-VPASOutput -str "VIEW AUDIT LOG LOCATED HERE TO VIEW MORE DETAILS: $OutputFile" -type M return $false } else{ Write-Verbose "ALL AUDIT CHECKS PASSED...RETURNING TRUE" Write-VPASOutput -str "ALL AUDIT CHECKS PASSED!!!" -type G return $true } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } # SIG # Begin signature block # MIIroAYJKoZIhvcNAQcCoIIrkTCCK40CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUIj42Ba+CpN8uP6z7TTg4HsJ0 # rYaggiTbMIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw # MFoXDTI4MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp # Z28gTGltaXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n # IFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIE # JHQu/xYjApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7 # fbu2ir29BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGr # YbNzszwLDO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTH # qi0Eq8Nq6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv # 64IplXCN/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2J # mRCxrds+LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0P # OM1nqFOI+rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXy # bGWfv1VbHJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyhe # Be6QTHrnxvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXyc # uu7D1fkKdvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7id # FT/+IAx1yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQY # MBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJw # IDaRXBeF5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE # DDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1Ud # HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmlj # YXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3Sa # mES4aUa1qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+ # BtlcY2fUQBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8 # ZsBRNraJAlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx # 2jLsFeSmTD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyo # XZ3JHFuu2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p # 1FiAhORFe1rYMIIGFDCCA/ygAwIBAgIQeiOu2lNplg+RyD5c9MfjPzANBgkqhkiG # 9w0BAQwFADBXMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MS4wLAYDVQQDEyVTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFJvb3QgUjQ2 # MB4XDTIxMDMyMjAwMDAwMFoXDTM2MDMyMTIzNTk1OVowVTELMAkGA1UEBhMCR0Ix # GDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoGA1UEAxMjU2VjdGlnbyBQdWJs # aWMgVGltZSBTdGFtcGluZyBDQSBSMzYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw # ggGKAoIBgQDNmNhDQatugivs9jN+JjTkiYzT7yISgFQ+7yavjA6Bg+OiIjPm/N/t # 3nC7wYUrUlY3mFyI32t2o6Ft3EtxJXCc5MmZQZ8AxCbh5c6WzeJDB9qkQVa46xiY # Epc81KnBkAWgsaXnLURoYZzksHIzzCNxtIXnb9njZholGw9djnjkTdAA83abEOHQ # 4ujOGIaBhPXG2NdV8TNgFWZ9BojlAvflxNMCOwkCnzlH4oCw5+4v1nssWeN1y4+R # laOywwRMUi54fr2vFsU5QPrgb6tSjvEUh1EC4M29YGy/SIYM8ZpHadmVjbi3Pl8h # JiTWw9jiCKv31pcAaeijS9fc6R7DgyyLIGflmdQMwrNRxCulVq8ZpysiSYNi79tw # 5RHWZUEhnRfs/hsp/fwkXsynu1jcsUX+HuG8FLa2BNheUPtOcgw+vHJcJ8HnJCrc # UWhdFczf8O+pDiyGhVYX+bDDP3GhGS7TmKmGnbZ9N+MpEhWmbiAVPbgkqykSkzyY # Vr15OApZYK8CAwEAAaOCAVwwggFYMB8GA1UdIwQYMBaAFPZ3at0//QET/xahbIIC # L9AKPRQlMB0GA1UdDgQWBBRfWO1MMXqiYUKNUoC6s2GXGaIymzAOBgNVHQ8BAf8E # BAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDCDAR # BgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5z # ZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nUm9vdFI0Ni5jcmww # fAYIKwYBBQUHAQEEcDBuMEcGCCsGAQUFBzAChjtodHRwOi8vY3J0LnNlY3RpZ28u # Y29tL1NlY3RpZ29QdWJsaWNUaW1lU3RhbXBpbmdSb290UjQ2LnA3YzAjBggrBgEF # BQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggIB # ABLXeyCtDjVYDJ6BHSVY/UwtZ3Svx2ImIfZVVGnGoUaGdltoX4hDskBMZx5NY5L6 # SCcwDMZhHOmbyMhyOVJDwm1yrKYqGDHWzpwVkFJ+996jKKAXyIIaUf5JVKjccev3 # w16mNIUlNTkpJEor7edVJZiRJVCAmWAaHcw9zP0hY3gj+fWp8MbOocI9Zn78xvm9 # XKGBp6rEs9sEiq/pwzvg2/KjXE2yWUQIkms6+yslCRqNXPjEnBnxuUB1fm6bPAV+ # Tsr/Qrd+mOCJemo06ldon4pJFbQd0TQVIMLv5koklInHvyaf6vATJP4DfPtKzSBP # kKlOtyaFTAjD2Nu+di5hErEVVaMqSVbfPzd6kNXOhYm23EWm6N2s2ZHCHVhlUgHa # C4ACMRCgXjYfQEDtYEK54dUwPJXV7icz0rgCzs9VI29DwsjVZFpO4ZIVR33LwXyP # DbYFkLqYmgHjR3tKVkhh9qKV2WCmBuC27pIOx6TYvyqiYbntinmpOqh/QPAnhDge # xKG9GX/n1PggkGi9HCapZp8fRwg8RftwS21Ln61euBG0yONM6noD2XQPrFwpm3Gc # uqJMf0o8LLrFkSLRQNwxPDDkWXhW+gZswbaiie5fd/W2ygcto78XCSPfFWveUOSZ # 5SqK95tBO8aTHmEa4lpJVD7HrTEn9jb1EGvxOb1cnn0CMIIGGjCCBAKgAwIBAgIQ # Yh1tDFIBnjuQeRUgiSEcCjANBgkqhkiG9w0BAQwFADBWMQswCQYDVQQGEwJHQjEY # MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdvIFB1Ymxp # YyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIx # MjM1OTU5WjBUMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2MIIB # ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmyudU/o1P45gBkNqwM/1f/bI # U1MYyM7TbH78WAeVF3llMwsRHgBGRmxDeEDIArCS2VCoVk4Y/8j6stIkmYV5Gej4 # NgNjVQ4BYoDjGMwdjioXan1hlaGFt4Wk9vT0k2oWJMJjL9G//N523hAm4jF4UjrW # 2pvv9+hdPX8tbbAfI3v0VdJiJPFy/7XwiunD7mBxNtecM6ytIdUlh08T2z7mJEXZ # D9OWcJkZk5wDuf2q52PN43jc4T9OkoXZ0arWZVeffvMr/iiIROSCzKoDmWABDRzV # /UiQ5vqsaeFaqQdzFf4ed8peNWh1OaZXnYvZQgWx/SXiJDRSAolRzZEZquE6cbcH # 747FHncs/Kzcn0Ccv2jrOW+LPmnOyB+tAfiWu01TPhCr9VrkxsHC5qFNxaThTG5j # 4/Kc+ODD2dX/fmBECELcvzUHf9shoFvrn35XGf2RPaNTO2uSZ6n9otv7jElspkfK # 9qEATHZcodp+R4q2OIypxR//YEb3fkDn3UayWW9bAgMBAAGjggFkMIIBYDAfBgNV # HSMEGDAWgBQy65Ka/zWWSC8oQEJwIDaRXBeF5jAdBgNVHQ4EFgQUDyrLIIcouOxv # SK4rVKYpqhekzQwwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAEE # ATBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3Rp # Z29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYuY3JsMHsGCCsGAQUFBwEBBG8wbTBG # BggrBgEFBQcwAoY6aHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGlj # Q29kZVNpZ25pbmdSb290UjQ2LnA3YzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au # c2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggIBAAb/guF3YzZue6EVIJsT/wT+ # mHVEYcNWlXHRkT+FoetAQLHI1uBy/YXKZDk8+Y1LoNqHrp22AKMGxQtgCivnDHFy # AQ9GXTmlk7MjcgQbDCx6mn7yIawsppWkvfPkKaAQsiqaT9DnMWBHVNIabGqgQSGT # rQWo43MOfsPynhbz2Hyxf5XWKZpRvr3dMapandPfYgoZ8iDL2OR3sYztgJrbG6VZ # 9DoTXFm1g0Rf97Aaen1l4c+w3DC+IkwFkvjFV3jS49ZSc4lShKK6BrPTJYs4NG1D # GzmpToTnwoqZ8fAmi2XlZnuchC4NPSZaPATHvNIzt+z1PHo35D/f7j2pO1S8BCys # QDHCbM5Mnomnq5aYcKCsdbh0czchOm8bkinLrYrKpii+Tk7pwL7TjRKLXkomm5D1 # Umds++pip8wH2cQpf93at3VDcOK4N7EwoIJB0kak6pSzEu4I64U6gZs7tS/dGNSl # jf2OSSnRr7KWzq03zl8l75jy+hOds9TWSenLbjBQUGR96cFr6lEUfAIEHVC1L68Y # 1GGxx4/eRI82ut83axHMViw1+sVpbPxg51Tbnio1lB93079WPFnYaOvfGAA0e0zc # fF/M9gXr+korwQTh2Prqooq2bYNMvUoUKD85gnJ+t0smrWrb8dee2CvYZXD5laGt # aAxOfy/VKNmwuWuAh9kcMIIGRzCCBK+gAwIBAgIQacs5SDkvNuif0aEmZmr03jAN # BgkqhkiG9w0BAQwFADBUMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBM # aW1pdGVkMSswKQYDVQQDEyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0Eg # UjM2MB4XDTI1MDEyOTAwMDAwMFoXDTI4MDEyOTIzNTk1OVowXjELMAkGA1UEBhMC # VVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxHDAaBgNVBAoME0N5YmVyTWVsIENvbnN1 # bHRpbmcxHDAaBgNVBAMME0N5YmVyTWVsIENvbnN1bHRpbmcwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQDBQmSvdfamF8o0CJr4vbHCcJ4rwx6T1HR3d32u # 4aIf9v9p/GV4nFdG4PP9SMjWw7Nx9CLFqGPpkw7aDU2IxwpfPYExDzkCj2pgiyeV # KlL0itTlPocb6i1cZLe/WHV7aUkGkVlfvyYIqdJ9uw711dhNWmMhlqo+/qyp+gpK # qaiFHm6mWNVg2KLTH5Pu38cBoGhS1tn7mlQbtALNjehkpFw2AAntEIBzM3ZEg9WB # xQlgYY0yAPkydYbJfTEOEFJqHUPTSV46jx22Jb9dl0cEIPsGrCp+Jo5Ugusp9oZE # CZ8bGt7Vc9jYoIWGpqcRDq1JZFNCSVvNE4N3ECGjq6W3kYW7ot0CP1DkpJ93a5wr # ksQ6bvYGUy3lghkMvzjkkq/NVUDEVcdNR7PsUFf654vSw+iLINZ+9kYg+Znplfnd # T/JSMJDAaWkM5oLu6+ao0774QWrsHOttz7M8EDU+3PntYHglwWoej6qXIFRurgXd # wAXXyXYcSmkOTbPqrjSwsbs8CuSwGqebbRSDKfjRzDqQ9D1AZ/JHHaaUkBbAYBsV # MrvypDSrP/1o37mt4Zky28BnEp5ztEGp0HJ44X4rFVWWz+BfeuZWcVUcGKW2YFHo # bNwGmJ/OanLvlnmtpZIRLF9ZkbzCHHomi+RId4g3fc3FsGxKqEW9Vj8PCumwKc6L # UwZU4wIDAQABo4IBiTCCAYUwHwYDVR0jBBgwFoAUDyrLIIcouOxvSK4rVKYpqhek # zQwwHQYDVR0OBBYEFCiCHmEfvPkU1uIc2sPugFDBq88SMA4GA1UdDwEB/wQEAwIH # gDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEoGA1UdIARDMEEw # NQYMKwYBBAGyMQECAQMCMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j # b20vQ1BTMAgGBmeBDAEEATBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLnNl # Y3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ0NBUjM2LmNybDB5Bggr # BgEFBQcBAQRtMGswRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQuc2VjdGlnby5jb20v # U2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3J0MCMGCCsGAQUFBzABhhdo # dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAYEAmLUUP/C5 # nHN/qX27dIrfNezHdUul/uhOA5CwNkD7P4pvLJButR/S1OmvozuzJJTce6824Iyl # nXkRwUFj04XLbodkBL7+YwQ5ml7CjdDSVo+sI/38jcEQ6FgosV/TTJSiFAgqMNwk # x/kSzvQ1/Ufp5YVKggCXGJ4VitIzl5nMbzzu35G/uy4vmCQfh0KPYUTJYiRsF6Z3 # XJiIVtYrEwN/ikif/WFGrzsFj1OOWHNn5qDOP80xExmRS09z/wdZE9RdjPv5fYLn # KWy1+GQ/w1vzg/l2vUXIgBV0MxalUfTP4V9Spsodrb+noPXiCy5n+6hy9yCf3EQb # 3G1n8rT/a454fLSijMm6bhrgBRqhPUUtn6ZIBdEJzJUI6ftuXrQnB/U7zf32xcTT # AW7WPem7DFK/4JrSaxiXcSkxQ4kXJDVoDPUJdpb0c5XdWVJO0DCkB35ONEIoqT6V # jEIjLPSw9UXE420r1OIpV8FRJqrW4Fr5RUveEUlyF+FyygVOYZECNsjRMIIGXTCC # BMWgAwIBAgIQOlJqLITOVeYdZfzMEtjpiTANBgkqhkiG9w0BAQwFADBVMQswCQYD # VQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSwwKgYDVQQDEyNTZWN0 # aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIzNjAeFw0yNDAxMTUwMDAwMDBa # Fw0zNTA0MTQyMzU5NTlaMG4xCzAJBgNVBAYTAkdCMRMwEQYDVQQIEwpNYW5jaGVz # dGVyMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxMDAuBgNVBAMTJ1NlY3RpZ28g # UHVibGljIFRpbWUgU3RhbXBpbmcgU2lnbmVyIFIzNTCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAI3RZ/TBSJu9/ThJOk1hgZvD2NxFpWEENo0GnuOYloD1 # 1BlbmKCGtcY0xiMrsN7LlEgcyoshtP3P2J/vneZhuiMmspY7hk/Q3l0FPZPBllo9 # vwT6GpoNnxXLZz7HU2ITBsTNOs9fhbdAWr/Mm8MNtYov32osvjYYlDNfefnBajrQ # qSV8Wf5ZvbaY5lZhKqQJUaXxpi4TXZKohLgxU7g9RrFd477j7jxilCU2ptz+d1OC # zNFAsXgyPEM+NEMPUz2q+ktNlxMZXPF9WLIhOhE3E8/oNSJkNTqhcBGsbDI/1qCU # 9fBhuSojZ0u5/1+IjMG6AINyI6XLxM8OAGQmaMB8gs2IZxUTOD7jTFR2HE1xoL7q # vSO4+JHtvNceHu//dGeVm5Pdkay3Et+YTt9EwAXBsd0PPmC0cuqNJNcOI0XnwjE+ # 2+Zk8bauVz5ir7YHz7mlj5Bmf7W8SJ8jQwO2IDoHHFC46ePg+eoNors0QrC0PWnO # gDeMkW6gmLBtq3CEOSDU8iNicwNsNb7ABz0W1E3qlSw7jTmNoGCKCgVkLD2FaMs2 # qAVVOjuUxvmtWMn1pIFVUvZ1yrPIVbYt1aTld2nrmh544Auh3tgggy/WluoLXlHt # AJgvFwrVsKXj8ekFt0TmaPL0lHvQEe5jHbufhc05lvCtdwbfBl/2ARSTuy1s8CgF # AgMBAAGjggGOMIIBijAfBgNVHSMEGDAWgBRfWO1MMXqiYUKNUoC6s2GXGaIymzAd # BgNVHQ4EFgQUaO+kMklptlI4HepDOSz0FGqeDIUwDgYDVR0PAQH/BAQDAgbAMAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwSgYDVR0gBEMwQTA1 # BgwrBgEEAbIxAQIBAwgwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv # bS9DUFMwCAYGZ4EMAQQCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9jcmwuc2Vj # dGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFtcGluZ0NBUjM2LmNybDB6Bggr # BgEFBQcBAQRuMGwwRQYIKwYBBQUHMAKGOWh0dHA6Ly9jcnQuc2VjdGlnby5jb20v # U2VjdGlnb1B1YmxpY1RpbWVTdGFtcGluZ0NBUjM2LmNydDAjBggrBgEFBQcwAYYX # aHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggGBALDcLsn6 # TzZMii/2yU/V7xhPH58Oxr/+EnrZjpIyvYTz2u/zbL+fzB7lbrPml8ERajOVbuda # n6x08J1RMXD9hByq+yEfpv1G+z2pmnln5XucfA9MfzLMrCArNNMbUjVcRcsAr18e # eZeloN5V4jwrovDeLOdZl0tB7fOX5F6N2rmXaNTuJR8yS2F+EWaL5VVg+RH8FelX # tRvVDLJZ5uqSNIckdGa/eUFhtDKTTz9LtOUh46v2JD5Q3nt8mDhAjTKp2fo/KJ6F # LWdKAvApGzjpPwDqFeJKf+kJdoBKd2zQuwzk5Wgph9uA46VYK8p/BTJJahKCuGdy # KFIFfEfakC4NXa+vwY4IRp49lzQPLo7WticqMaaqb8hE2QmCFIyLOvWIg4837bd+ # 60FcCGbHwmL/g1ObIf0rRS9ceK4DY9rfBnHFH2v1d4hRVvZXyCVlrL7ZQuVzjjkL # MK9VJlXTVkHpuC8K5S4HHTv2AJx6mOdkMJwS4gLlJ7gXrIVpnxG+aIniGDCCBoIw # ggRqoAMCAQICEDbCsL18Gzrno7PdNsvJdWgwDQYJKoZIhvcNAQEMBQAwgYgxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg # Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV # U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIxMDMyMjAw # MDAwMFoXDTM4MDExODIzNTk1OVowVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1Nl # Y3RpZ28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFt # cGluZyBSb290IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIid # 2LlFZ50d3ei5JoGaVFTAfEkFm8xaFQ/ZlBBEtEFAgXcUmanU5HYsyAhTXiDQkiUv # pVdYqZ1uYoZEMgtHES1l1Cc6HaqZzEbOOp6YiTx63ywTon434aXVydmhx7Dx4IBr # Aou7hNGsKioIBPy5GMN7KmgYmuu4f92sKKjbxqohUSfjk1mJlAjthgF7Hjx4vvyV # DQGsd5KarLW5d73E3ThobSkob2SL48LpUR/O627pDchxll+bTSv1gASn/hp6IuHJ # orEu6EopoB1CNFp/+HpTXeNARXUmdRMKbnXWflq+/g36NJXB35ZvxQw6zid61qmr # lD/IbKJA6COw/8lFSPQwBP1ityZdwuCysCKZ9ZjczMqbUcLFyq6KdOpuzVDR3ZUw # xDKL1wCAxgL2Mpz7eZbrb/JWXiOcNzDpQsmwGQ6Stw8tTCqPumhLRPb7YkzM8/6N # nWH3T9ClmcGSF22LEyJYNWCHrQqYubNeKolzqUbCqhSqmr/UdUeb49zYHr7ALL8b # AJyPDmubNqMtuaobKASBqP84uhqcRY/pjnYd+V5/dcu9ieERjiRKKsxCG1t6tG9o # j7liwPddXEcYGOUiWLm742st50jGwTzxbMpepmOP1mLnJskvZaN5e45NuzAHteOR # lsSuDt5t4BBRCJL+5EZnnw0ezntk9R8QJyAkL6/bAgMBAAGjggEWMIIBEjAfBgNV # HSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU9ndq3T/9ARP/ # FqFsggIv0Ao9FCUwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEwYD # VR0lBAwwCgYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcw # RaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0 # aWZpY2F0aW9uQXV0aG9yaXR5LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUH # MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIB # AA6+ZUHtaES45aHF1BGH5Lc7JYzrftrIF5Ht2PFDxKKFOct/awAEWgHQMVHol9ZL # Syd/pYMbaC0IZ+XBW9xhdkkmUV/KbUOiL7g98M/yzRyqUOZ1/IY7Ay0YbMniIibJ # rPcgFp73WDnRDKtVutShPSZQZAdtFwXnuiWl8eFARK3PmLqEm9UsVX+55DbVIz33 # Mbhba0HUTEYv3yJ1fwKGxPBsP/MgTECimh7eXomvMm0/GPxX2uhwCcs/YLxDnBdV # VlxvDjHjO1cuwbOpkiJGHmLXXVNbsdXUC2xBrq9fLrfe8IBsA4hopwsCj8hTuwKX # JlSTrZcPRVSccP5i9U28gZ7OMzoJGlxZ5384OKm0r568Mo9TYrqzKeKZgFo0fj2/ # 0iHbj55hc20jfxvK3mQi+H7xpbzxZOFGm/yVQkpo+ffv5gdhp+hv1GDsvJOtJinJ # mgGbBFZIThbqI+MHvAmMmkfb3fTxmSkop2mSJL1Y2x/955S29Gu0gSJIkc3z30vU # /iXrMpWx2tS7UVfVP+5tKuzGtgkP7d/doqDrLF1u6Ci3TpjAZdeLLlRQZm867eVe # XED58LXd1Dk6UvaAhvmWYXoiLz4JA5gPBcz7J311uahxCweNxE+xxxR3kT0WKzAS # o5G/PyDez6NHdIUKBeE3jDPs2ACc6CkJ1Sji4PKWVT0/MYIGLzCCBisCAQEwaDBU # MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSswKQYDVQQD # EyJTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgQ0EgUjM2AhBpyzlIOS826J/R # oSZmavTeMAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkG # CSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEE # AYI3AgEVMCMGCSqGSIb3DQEJBDEWBBTCzdnr4KZBEnHeU48H8UUDeNbZvjANBgkq # hkiG9w0BAQEFAASCAgBoullbIUTmwlY+unjiuFBllZWA5LPUnfDbgWnScIjpbOuN # YNBszDGw531ctwpM/APvvFo0cagIfdOmwBjIktCKQua4MncSvlEdyTGa0HWRE1sf # b6wlHC7joBLNkiUFh/DpAIdCAEhQ/Etc6+DfImyoudZDfP1DrZcPdUChTXovbFB8 # V0yZyEsMlZUJ0wMTwTbTACMT2jKrwFA1MruKR0Wk6n3a3CTFmcJvkwWGF1V743PO # As/RsXJg0vg4U5Iki5dpjlGKI+/4uojoz5S0PP/9PN6Hf1ITd2ge7gMdMJ05ymya # 5PSHnvMG8fmrhgDNVfXowMllNGTl0uWYzmrTuKXC9h2EejRVFJ+dKxg8DOGWYZYM # 55oewn5/uxeJ2o9Jio14qQaCBoBb+uENa0gkXMLEt92vMf/PKVp/h5d+t9hKoB6K # TGJT+/ItvLDsi047saJ7tsCZHjinbp+hERa9MBkCVJckWbwdel0NCKqjanPBKn4p # pt6nL/JU+bpLC7vXlr6t2QY48OHD+xo2lHHZTzRRBT5xE2+nZjalCgU4v9aPhHWd # 5kjrelS6QieSd5CA5bq79VgjUyEzv3mPaw2AlRjs1cvP1y/EUlafyygH2s9HFKpf # L0n9g5GlJMZZARPb+k8j/NLO9DSFkD+gHUjv+fo/3ePcOEvtNEOu5yACmBLjw6GC # AyIwggMeBgkqhkiG9w0BCQYxggMPMIIDCwIBATBpMFUxCzAJBgNVBAYTAkdCMRgw # FgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAqBgNVBAMTI1NlY3RpZ28gUHVibGlj # IFRpbWUgU3RhbXBpbmcgQ0EgUjM2AhA6UmoshM5V5h1l/MwS2OmJMA0GCWCGSAFl # AwQCAgUAoHkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx # DxcNMjUwMjA1MTQxNTUxWjA/BgkqhkiG9w0BCQQxMgQwDC6eCzCFDS1brNbXJSxx # kOUMTun3C+ud70ZsyQlGnJqUkgfMb9mbARUpDv5KJx5dMA0GCSqGSIb3DQEBAQUA # BIICAAngSOvJFPeP+2nMla0JtRUzuyJkUwTak5Ht3lNdsWYqE2ze/3tJ314smqu1 # xhWBnEfKIENHnMKZIa9Z6kUnaFGBCPYpFaFJoO106It5rLJo9O1a5KmfvEpqDBWT # KKtaGZxQKNp4eVBuumM+wTry7W/3tb1hVZUVDNNTSN0wnenn7RVxDxttZbVdK5mV # P/xcta502kUMSiFASF7GR6kuWqsge9+9+58iAbzlA7iTGocBjN3DGwb4QDFPXnfQ # 1Y5l9zG1cNxFfJJSwvYvqay4ol4MXC/7yV6/I+YUx6hpLvydq4MUKYc7hYHloDRQ # SiPji1dcKq48F3PX4ghkK5LGXUgJxmWW7B5NvEvYLOxOpdPm2bQs7LmHF9shoPj0 # ZLTxgKeiARGNy7EFSnzz6ei3eLZBn3IOftB42h20DWsGnDh1Xgle9lU+8ka6DvEq # 60GTSSplQCYY91ljH1DU3l3e9YM0r+PbW92v5IZGyVxKGhDL6oRR9gm3xwZAZP8B # WUCOZagi686MCJgDFq2T02HKWEzMlx1h5A5I32RcTYqLvHZpRmNt8VsDIhz1zLgx # J8gDrnDxkV3CnESX+Ja2ZSTC7piCR4miRvK32fDxri18KUue2tyWVQWI5Xkfns0+ # Ze6XcnoXlk5OF0lpHISTw5f9NHvGbrC1yqgKeYYXjqDRrjPX # SIG # End signature block |