saving uncommitted changes in /etc prior to dnf run

.etckeeper

@@ -293,10 +293,14 @@ maybe chmod 0644 'clamav-unofficial-sigs/user.conf'
 maybe chown 'amavis' 'clamd.conf'
 maybe chgrp 'amavis' 'clamd.conf'
 maybe chmod 0640 'clamd.conf'
+maybe chown 'amavis' 'clamd.d'
+maybe chgrp 'amavis' 'clamd.d'
 maybe chmod 0755 'clamd.d'
 maybe chown 'amavis' 'clamd.d/amavisd.conf'
 maybe chgrp 'amavis' 'clamd.d/amavisd.conf'
 maybe chmod 0644 'clamd.d/amavisd.conf'
+maybe chown 'amavis' 'clamd.d/scan.conf'
+maybe chgrp 'amavis' 'clamd.d/scan.conf'
 maybe chmod 0644 'clamd.d/scan.conf'
 maybe chmod 0755 'cloud'
 maybe chmod 0755 'cockpit'
@@ -378,6 +382,7 @@ maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41697.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/CVE-2022-42889.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/CVE-2022-44877.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/CVE-2022-46169.yaml'
+maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml'
 maybe chmod 0644 'crowdsec/hub/scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml'
@@ -1018,7 +1023,6 @@ maybe chmod 0644 'httpd/conf.d/perl.conf'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
 maybe chmod 0644 'httpd/conf.d/squid.conf'
-maybe chmod 0644 'httpd/conf.d/ssl.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -1187,7 +1191,6 @@ maybe chmod 0755 'kernel'
 maybe chmod 0755 'kernel/install.d'
 maybe chmod 0644 'kernel/install.d/20-grubby.install'
 maybe chmod 0644 'kernel/install.d/90-loaderentry.install'
-maybe chmod 0755 'kernel/install.d/dkms'
 maybe chmod 0755 'kernel/postinst.d'
 maybe chmod 0755 'kernel/postinst.d/dkms'
 maybe chmod 0755 'kernel/prerm.d'
@@ -1786,6 +1789,11 @@ maybe chmod 0640 'letsencrypt/archive/mail.club3d.ro/privkey6.pem'
 maybe chmod 0640 'letsencrypt/archive/mail.club3d.ro/privkey7.pem'
 maybe chmod 0640 'letsencrypt/archive/mail.club3d.ro/privkey8.pem'
 maybe chmod 0640 'letsencrypt/archive/mail.club3d.ro/privkey9.pem'
+maybe chmod 0750 'letsencrypt/archive/mully.898.ro'
+maybe chmod 0640 'letsencrypt/archive/mully.898.ro/cert1.pem'
+maybe chmod 0640 'letsencrypt/archive/mully.898.ro/chain1.pem'
+maybe chmod 0640 'letsencrypt/archive/mully.898.ro/fullchain1.pem'
+maybe chmod 0600 'letsencrypt/archive/mully.898.ro/privkey1.pem'
 maybe chmod 0750 'letsencrypt/archive/rspamd.club3d.ro'
 maybe chmod 0640 'letsencrypt/archive/rspamd.club3d.ro/cert1.pem'
 maybe chmod 0640 'letsencrypt/archive/rspamd.club3d.ro/cert10.pem'
@@ -2799,6 +2807,7 @@ maybe chmod 0640 'letsencrypt/csr/0541_csr-certbot.pem'
 maybe chmod 0640 'letsencrypt/csr/0542_csr-certbot.pem'
 maybe chmod 0640 'letsencrypt/csr/0543_csr-certbot.pem'
 maybe chmod 0640 'letsencrypt/csr/0544_csr-certbot.pem'
+maybe chmod 0640 'letsencrypt/csr/0545_csr-certbot.pem'
 maybe chown 'setroubleshoot' 'letsencrypt/keys'
 maybe chgrp 'setroubleshoot' 'letsencrypt/keys'
 maybe chmod 0700 'letsencrypt/keys'
@@ -3379,6 +3388,7 @@ maybe chmod 0600 'letsencrypt/keys/0541_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/0542_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/0543_key-certbot.pem'
 maybe chmod 0600 'letsencrypt/keys/0544_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/0545_key-certbot.pem'
 maybe chown 'setroubleshoot' 'letsencrypt/live'
 maybe chgrp 'setroubleshoot' 'letsencrypt/live'
 maybe chmod 0700 'letsencrypt/live'
@@ -3405,6 +3415,8 @@ maybe chmod 0750 'letsencrypt/live/mail.anywhere.ro'
 maybe chmod 0640 'letsencrypt/live/mail.anywhere.ro/README'
 maybe chmod 0750 'letsencrypt/live/mail.club3d.ro'
 maybe chmod 0640 'letsencrypt/live/mail.club3d.ro/README'
+maybe chmod 0750 'letsencrypt/live/mully.898.ro'
+maybe chmod 0640 'letsencrypt/live/mully.898.ro/README'
 maybe chmod 0750 'letsencrypt/live/rspamd.club3d.ro'
 maybe chmod 0640 'letsencrypt/live/rspamd.club3d.ro/README'
 maybe chmod 0750 'letsencrypt/live/secure.898.ro'
@@ -3456,6 +3468,7 @@ maybe chmod 0640 'letsencrypt/renewal/git.898.ro.conf'
 maybe chmod 0644 'letsencrypt/renewal/mail.898.ro.conf'
 maybe chmod 0640 'letsencrypt/renewal/mail.anywhere.ro.conf'
 maybe chmod 0640 'letsencrypt/renewal/mail.club3d.ro.conf'
+maybe chmod 0640 'letsencrypt/renewal/mully.898.ro.conf'
 maybe chmod 0640 'letsencrypt/renewal/rspamd.club3d.ro.conf'
 maybe chmod 0640 'letsencrypt/renewal/secure.898.ro.conf'
 maybe chmod 0640 'letsencrypt/renewal/trace.898.ro.conf'
@@ -4491,9 +4504,6 @@ maybe chown 'nginx' 'nginx/allowed_clients.config'
 maybe chgrp 'nginx' 'nginx/allowed_clients.config'
 maybe chmod 0640 'nginx/allowed_clients.config'
 maybe chmod 0755 'nginx/conf.d'
-maybe chown 'nginx' 'nginx/conf.d/_zira.go.ro.conf'
-maybe chgrp 'nginx' 'nginx/conf.d/_zira.go.ro.conf'
-maybe chmod 0640 'nginx/conf.d/_zira.go.ro.conf'
 maybe chown 'nginx' 'nginx/conf.d/anywhere.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/anywhere.ro.conf'
 maybe chmod 0640 'nginx/conf.d/anywhere.ro.conf'
@@ -4954,6 +4964,9 @@ maybe chmod 0640 'nginx/conf.d/maintenance.898.ro.conf'
 maybe chown 'nginx' 'nginx/conf.d/mtr.898.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/mtr.898.ro.conf'
 maybe chmod 0640 'nginx/conf.d/mtr.898.ro.conf'
+maybe chown 'nginx' 'nginx/conf.d/mully.go.ro.conf'
+maybe chgrp 'nginx' 'nginx/conf.d/mully.go.ro.conf'
+maybe chmod 0640 'nginx/conf.d/mully.go.ro.conf'
 maybe chown 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
 maybe chmod 0640 'nginx/conf.d/padmin.club3d.ro.conf'
@@ -4992,12 +5005,6 @@ maybe chmod 0640 'nginx/conf.d/webmail.vrem.ro.conf'
 maybe chown 'nginx' 'nginx/conf.d/wordpress.club3d.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/wordpress.club3d.ro.conf'
 maybe chmod 0640 'nginx/conf.d/wordpress.club3d.ro.conf'
-maybe chown 'nginx' 'nginx/conf.d/zira.898.ro.conf'
-maybe chgrp 'nginx' 'nginx/conf.d/zira.898.ro.conf'
-maybe chmod 0640 'nginx/conf.d/zira.898.ro.conf'
-maybe chown 'nginx' 'nginx/conf.d/zira.go.ro.conf'
-maybe chgrp 'nginx' 'nginx/conf.d/zira.go.ro.conf'
-maybe chmod 0640 'nginx/conf.d/zira.go.ro.conf'
 maybe chown 'nginx' 'nginx/default.d'
 maybe chgrp 'nginx' 'nginx/default.d'
 maybe chmod 0750 'nginx/default.d'
@@ -5774,6 +5781,7 @@ maybe chmod 0644 'rspamd/modules.d/greylist.conf'
 maybe chmod 0644 'rspamd/modules.d/hfilter.conf'
 maybe chmod 0644 'rspamd/modules.d/history_redis.conf'
 maybe chmod 0644 'rspamd/modules.d/http_headers.conf'
+maybe chmod 0644 'rspamd/modules.d/known_senders.conf'
 maybe chmod 0644 'rspamd/modules.d/maillist.conf'
 maybe chmod 0644 'rspamd/modules.d/metadata_exporter.conf'
 maybe chmod 0644 'rspamd/modules.d/metric_exporter.conf'

crowdsec/hub/collections/crowdsecurity/http-cve.yaml

@@ -22,7 +22,9 @@ scenarios:
   - crowdsecurity/CVE-2022-44877
   - crowdsecurity/CVE-2019-18935
   - crowdsecurity/netgear_rce
+  - crowdsecurity/CVE-2023-22515
 author: crowdsecurity
+description: "Detect CVE exploitation in http logs"
 tags:
   - web
   - exploit

crowdsec/hub/parsers/s02-enrich/crowdsecurity/http-logs.yaml

@@ -30,4 +30,4 @@ nodes:
         - parsed: file_name
           expression: evt.Parsed.file_frag + evt.Parsed.file_ext
         - parsed: static_ressource
-          expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP', '.WAV', '.GZ', '.BROTLI', '.BVR', '.TS', '.BMP'] ? 'true' : 'false'"
+          expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP', '.WAV', '.GZ', '.BROTLI', '.BVR', '.TS', '.BMP', '.AVIF'] ? 'true' : 'false'"

crowdsec/hub/scenarios/crowdsecurity/CVE-2019-18935.yaml

@@ -9,3 +9,12 @@ blackhole: 2m
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2019-18935
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Telerik CVE-2019-18935"
+  service: telerik

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-26134.yaml

@@ -8,3 +8,12 @@ groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-26134
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  service: atlassian-confluence
+  label: "Confluence CVE-2022-26134"

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-35914.yaml

@@ -8,3 +8,12 @@ groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-35914
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  service: glpi
+  label: "GLPI CVE-2022-35914"

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-37042.yaml

@@ -3,16 +3,24 @@ type: trigger
 name: crowdsecurity/CVE-2022-37042
 description: "Detect CVE-2022-37042 exploits"
 filter: |
-    (
+  (
-    Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1') ||
+  Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1') ||
-    Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd') 
+  Upper(evt.Meta.http_path) contains Upper('/service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd') 
-    )
+  )
-    and evt.Meta.http_status startsWith ('40') and
+  and evt.Meta.http_status startsWith ('40') and
-    Upper(evt.Meta.http_verb) == 'POST'
+  Upper(evt.Meta.http_verb) == 'POST'
-
 
 blackhole: 2m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-37042
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "ZCS CVE-2022-37042"
+  service: zimbra

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-40684.yaml

@@ -8,4 +8,12 @@ groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
   type: exploit
-  remediation: true
+  remediation: true
+  classification:
+    - attack.T1548
+    - cve.CVE-2022-40684
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Fortinet CVE-2022-40684"
+  service: fortinet

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41082.yaml

@@ -3,11 +3,20 @@ type: trigger
 name: crowdsecurity/CVE-2022-41082
 description: "Detect CVE-2022-41082 exploits"
 filter: |
-    Upper(evt.Meta.http_path) contains Upper('/autodiscover/autodiscover.json') &&
+  Upper(evt.Meta.http_path) contains Upper('/autodiscover/autodiscover.json') &&
-    Upper(evt.Parsed.http_args) contains Upper('powershell')
+  Upper(evt.Parsed.http_args) contains Upper('powershell')
 
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-41082
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  service: exchange
+  label: "Microsoft Exchange CVE-2022-41082"

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-41697.yaml

@@ -2,13 +2,21 @@ type: leaky
 name: crowdsecurity/CVE-2022-41697
 description: "Detect CVE-2022-41697 enumeration"
 filter: |
-    Upper(evt.Meta.http_path) contains Upper('/ghost/api/admin/session') &&
+  Upper(evt.Meta.http_path) contains Upper('/ghost/api/admin/session') &&
-    Upper(evt.Parsed.verb) == 'POST' &&
+  Upper(evt.Parsed.verb) == 'POST' &&
-    evt.Meta.http_status == '404'
+  evt.Meta.http_status == '404'
 leakspeed: "10s"
 capacity: 5
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
-  remediation: true
+  remediation: true
+  classification:
+    - attack.T1589
+    - cve.CVE-2022-41697
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Ghost CVE-2022-41697"
+  service: ghost

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-42889.yaml

@@ -9,9 +9,18 @@ filter: |
   or
   Upper(PathUnescape(evt.Meta.http_path)) contains Upper('${url:UTF-8:') 
   or
-  Upper(PathUnescape(evt.Meta.http_path)) contains Upper('${dns:address|') 
+  Upper(PathUnescape(evt.Meta.http_path)) contains Upper('${dns:address|')
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-42889
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Text4Shell CVE-2022-42889"
+  service: apache

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-44877.yaml

@@ -3,13 +3,22 @@ type: trigger
 name: crowdsecurity/CVE-2022-44877
 description: "Detect CVE-2022-44877 exploits"
 filter: |
-    Lower(evt.Meta.http_path) contains '/index.php' &&
+  Lower(evt.Meta.http_path) contains '/index.php' &&
-    Upper(evt.Parsed.verb) == 'POST' &&
+  Upper(evt.Parsed.verb) == 'POST' &&
-    evt.Meta.http_status == '302' &&
+  evt.Meta.http_status == '302' &&
-    Lower(evt.Parsed.http_args) matches 'login=.*[$|%24][\\(|%28].*[\\)|%29]'
+  Lower(evt.Parsed.http_args) matches 'login=.*[$|%24][\\(|%28].*[\\)|%29]'
 
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-44877
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Centos Webpanel CVE-2022-44877"
+  service: centos

crowdsec/hub/scenarios/crowdsecurity/CVE-2022-46169.yaml

@@ -2,10 +2,10 @@ type: leaky
 name: crowdsecurity/CVE-2022-46169-bf
 description: "Detect CVE-2022-46169 brute forcing"
 filter: |
-    Upper(evt.Meta.http_path) contains Upper('/remote_agent.php') &&
+  Upper(evt.Meta.http_path) contains Upper('/remote_agent.php') &&
-    Upper(evt.Parsed.verb) == 'GET' &&
+  Upper(evt.Parsed.verb) == 'GET' &&
-    Lower(evt.Parsed.http_args) contains 'host_id' &&
+  Lower(evt.Parsed.http_args) contains 'host_id' &&
-    Lower(evt.Parsed.http_args) contains 'local_data_ids'
+  Lower(evt.Parsed.http_args) contains 'local_data_ids'
 leakspeed: "10s"
 capacity: 5
 blackhole: 1m
@@ -13,17 +13,34 @@ groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
   remediation: true
+  classification:
+    - attack.T1592
+    - cve.CVE-2022-46169
+  spoofable: 0
+  confidence: 3
+  behavior: "http:bruteforce"
+  label: "Cacti CVE-2022-46169"
+  service: cacti
 ---
 type: trigger
 name: crowdsecurity/CVE-2022-46169-cmd
 description: "Detect CVE-2022-46169 cmd injection"
 filter: |
-    Upper(evt.Meta.http_path) contains Upper('/remote_agent.php') &&
+  Upper(evt.Meta.http_path) contains Upper('/remote_agent.php') &&
-    Upper(evt.Parsed.verb) == 'GET' &&
+  Upper(evt.Parsed.verb) == 'GET' &&
-    Lower(evt.Parsed.http_args) contains 'action=polldata' &&
+  Lower(evt.Parsed.http_args) contains 'action=polldata' &&
-    Lower(evt.Parsed.http_args) matches 'poller_id=.*(;|%3b)'
+  Lower(evt.Parsed.http_args) matches 'poller_id=.*(;|%3b)'
 blackhole: 1m
 groupby: "evt.Meta.source_ip"
 labels:
   type: exploit
-  remediation: true
+  remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2022-46169
+  spoofable: 0
+  confidence: 3
+  behavior: "http:exploit"
+  label: "Cacti CVE-2022-46169"
+  service: cacti

crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml

@@ -0,0 +1,22 @@
+## CVE-2023-22515
+type: trigger
+name: crowdsecurity/CVE-2023-22515
+description: "Detect CVE-2023-22515 exploitation"
+filter: |
+  Lower(evt.Parsed.file_ext) == '.action' &&
+  (Lower(evt.Parsed.file_dir) contains '/setup' || Lower(evt.Parsed.file_frag) == 'server-info') &&
+  evt.Parsed.file_frag != nil
+blackhole: 1m
+groupby: "evt.Meta.source_ip"
+labels:
+  type: exploit
+  remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2023-22515
+  spoofable: 0
+  confidence: 1
+  behavior: "http:exploit"
+  label: "Confluence CVE-2023-22515"
+  service: confluence

crowdsec/hub/scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml

@@ -19,5 +19,13 @@ data:
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  service: apache
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2021-44228
+  behavior: "http:exploit"
+  label: "Log4j CVE-2021-44228"
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml

@@ -12,5 +12,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2020-5902
+  behavior: "http:exploit"
+  label: "CVE-2020-5902"
   remediation: true
+  service: f5

crowdsec/hub/scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml

@@ -8,5 +8,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2018-13379
+  behavior: "http:exploit"
+  label: "CVE-2018-13379"
   remediation: true
+  service: fortinet

crowdsec/hub/scenarios/crowdsecurity/grafana-cve-2021-43798.yaml

@@ -10,5 +10,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  service: grafana
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2021-43798
+  behavior: "http:exploit"
+  label: "CVE-2021-43798"
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-backdoors-attempts.yaml

@@ -13,6 +13,11 @@ capacity: 1
 leakspeed: 5s
 blackhole: 5m
 labels:
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1595
+  behavior: "http:exploit"
+  label: "scanning for backdoors"
   service: http
-  type: discovery
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-bad-user-agent.yaml

@@ -16,5 +16,11 @@ leakspeed: 1m
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: scan
+  confidence: 1
+  spoofable: 0
+  classification:
+    - attack.T1595
+  behavior: "http:scan"
+  label: "detection of bad user-agents"
+  service: http
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-crawl-non_statics.yaml

@@ -11,6 +11,11 @@ cache_size: 5
 groupby: "evt.Meta.source_ip + '/' + evt.Parsed.target_fqdn"
 blackhole: 1m
 labels:
- service: http
+  confidence: 1
- type: crawl
+  spoofable: 0
- remediation: true
+  classification:
+    - attack.T1595
+  behavior: "http:crawl"
+  service: http
+  label: "detection of aggressive crawl"
+  remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-cve-2021-41773.yaml

@@ -11,5 +11,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: scan
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2021-41773
+  behavior: "http:exploit"
+  label: "CVE-2021-41773"
+  service: apache
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-cve-2021-42013.yaml

@@ -10,5 +10,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: scan
+  service: apache
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2021-42013
+  behavior: "http:exploit"
+  label: "CVE-2021-42013"
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-generic-bf.yaml

@@ -9,9 +9,14 @@ capacity: 5
 leakspeed: "10s"
 blackhole: 1m
 labels:
- service: http
+  confidence: 3
- type: bf
+  spoofable: 0
- remediation: true
+  classification:
+    - attack.T1110
+  behavior: "http:bruteforce"
+  label: "http bruteforce"
+  service: http
+  remediation: true
 ---
 # Generic 401 Authorization Errors
 type: leaky
@@ -24,9 +29,14 @@ capacity: 5
 leakspeed: "10s"
 blackhole: 1m
 labels:
- service: http
+  confidence: 3
- type: bf
+  spoofable: 0
- remediation: true
+  classification:
+    - attack.T1110
+  behavior: "http:bruteforce"
+  label: "http bruteforce"
+  service: http
+  remediation: true
 ---
 # Generic 403 Forbidden (Authorization) Errors
 type: leaky
@@ -39,6 +49,11 @@ capacity: 5
 leakspeed: "10s"
 blackhole: 1m
 labels:
- service: http
+  confidence: 3
- type: bf
+  spoofable: 0
- remediation: true
+  classification:
+    - attack.T1110
+  behavior: "http:bruteforce"
+  label: "http bruteforce"
+  service: http
+  remediation: true

crowdsec/hub/scenarios/crowdsecurity/http-open-proxy.yaml

@@ -5,6 +5,12 @@ description: "Detect scan for open proxy"
 filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_status in ['400','405'] && (evt.Parsed.verb == 'CONNECT' || evt.Parsed.request matches '^http[s]?://')"
 blackhole: 2m
 labels:
- service: http
+  service: http
- type: scan
+  type: scan
- remediation: true
+  remediation: true
+  classification:
+    - attack.T1595
+  behavior: "http:scan"
+  label: "HTTP Open Proxy Probing"
+  spoofable: 0
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/http-path-traversal-probing.yaml

@@ -15,6 +15,11 @@ reprocess: true
 leakspeed: 10s
 blackhole: 2m
 labels:
- service: http
+  remediation: true
- type: scan
+  classification:
- remediation: true
+    - attack.T1595.002
+  behavior: "http:exploit"
+  label: "HTTP Path Traversal Exploit"
+  service: http
+  spoofable: 0
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/http-probing.yaml

@@ -11,6 +11,11 @@ reprocess: true
 leakspeed: "10s"
 blackhole: 5m
 labels:
- service: http
+  remediation: true
- type: scan
+  classification:
- remediation: true
+    - attack.T1595.003
+  behavior: "http:scan"
+  label: "HTTP Probing"
+  spoofable: 0
+  service: http
+  confidence: 1

crowdsec/hub/scenarios/crowdsecurity/http-sensitive-files.yaml

@@ -14,6 +14,11 @@ capacity: 4
 leakspeed: 5s
 blackhole: 5m
 labels:
-  service: http
-  type: discovery
   remediation: true
+  classification:
+    - attack.T1595.003
+  behavior: "http:scan"
+  label: "Access to sensitive files over HTTP"
+  spoofable: 0
+  service: http
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/http-sqli-probing.yaml

@@ -15,6 +15,11 @@ blackhole: 5m
 #low false positives approach : we require distinct payloads to avoid false positives
 distinct: evt.Parsed.http_args
 labels:
-  service: http
-  type: sqli_probing
   remediation: true
+  classification:
+    - attack.T1595.002
+  behavior: "http:exploit"
+  label: "SQL Injection Attempt"
+  spoofable: 0
+  service: http
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/http-xss-probing.yaml

@@ -15,6 +15,11 @@ blackhole: 5m
 #low false positives approach : we require distinct payloads to avoid false positives
 distinct: evt.Parsed.http_args
 labels:
-  service: http
-  type: xss_probing
   remediation: true
+  classification:
+    - attack.T1595.002
+  behavior: "http:exploit"
+  label: "XSS Attempt"
+  spoofable: 0
+  service: http
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/jira_cve-2021-26086.yaml

@@ -12,5 +12,13 @@ data:
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
   remediation: true
+  classification:
+    - attack.T1595.001
+    - attack.T1190
+    - cve.CVE-2021-26086
+  behavior: "http:exploit"
+  label: "Jira CVE-2021-26086 exploitation"
+  spoofable: 0
+  service: jira
+  confidence: 3

crowdsec/hub/scenarios/crowdsecurity/mysql-bf.yaml

@@ -9,6 +9,11 @@ capacity: 5
 groupby: evt.Meta.source_ip
 blackhole: 5m
 labels:
- service: mysql
+  remediation: true
- type: bruteforce
+  confidence: 3
- remediation: true
+  spoofable: 0
+  classification:
+    - attack.T1110
+  behavior: "database:bruteforce"
+  label: "MySQL Bruteforce"
+  service: mysql

crowdsec/hub/scenarios/crowdsecurity/netgear_rce.yaml

@@ -6,8 +6,15 @@ filter: |
   evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Lower(QueryUnescape(evt.Meta.http_path)) startsWith Lower('/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=')
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
-references: 
+references:
   - "https://www.exploit-db.com/exploits/25978"
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1595
+    - attack.T1190
+  behavior: "http:exploit"
+  label: "Netgear RCE"
+  service: netgear
   remediation: true

crowdsec/hub/scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml

@@ -8,6 +8,11 @@ capacity: 5
 groupby: evt.Meta.source_ip
 blackhole: 5m
 labels:
- service: nginx
+  remediation: true
- type: bruteforce
+  confidence: 2
- remediation: true
+  spoofable: 2
+  classification:
+    - attack.T1498
+  behavior: "http:dos"
+  label: "Nginx request limit exceeded"
+  service: http

crowdsec/hub/scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml

@@ -10,5 +10,12 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
   remediation: true
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - cve.CVE-2019-11510
+  behavior: "http:exploit"
+  label: "Pulse Secure CVE-2019-11510"
+  service: pulse-secure

crowdsec/hub/scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml

@@ -8,5 +8,12 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
   remediation: true
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - cve.CVE-2022-22965
+  behavior: "http:exploit"
+  label: "Spring4shell CVE-2022-22965"
+  service: spring

crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml

@@ -11,9 +11,14 @@ groupby: evt.Meta.source_ip
 blackhole: 1m
 reprocess: true
 labels:
- service: ssh
+  service: ssh
- type: bruteforce
+  confidence: 3
- remediation: true
+  spoofable: 0
+  classification:
+    - attack.T1110
+  label: "SSH Bruteforce"
+  behavior: "ssh:bruteforce"
+  remediation: true
 ---
 # ssh user-enum
 type: leaky
@@ -26,7 +31,11 @@ leakspeed: 10s
 capacity: 5
 blackhole: 1m
 labels:
- service: ssh
+  service: ssh
- type: bruteforce
+  remediation: true
- remediation: true
+  confidence: 3
-
+  spoofable: 0
+  classification:
+    - attack.T1589
+  behavior: "ssh:bruteforce"
+  label: "SSH Bruteforce"

crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml

@@ -11,9 +11,14 @@ groupby: evt.Meta.source_ip
 blackhole: 1m
 reprocess: true
 labels:
- service: ssh
+  service: ssh
- type: bruteforce
+  remediation: true
- remediation: true
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1110
+  behavior: "ssh:bruteforce"
+  label: "SSH Bruteforce"
 ---
 # ssh user-enum
 type: leaky
@@ -26,7 +31,11 @@ leakspeed: 60s
 capacity: 10
 blackhole: 1m
 labels:
- service: ssh
+  service: ssh
- type: bruteforce
+  remediation: true
- remediation: true
+  confidence: 3
-
+  spoofable: 0
+  classification:
+    - attack.T1110
+  behavior: "ssh:bruteforce"
+  label: "SSH Bruteforce"

crowdsec/hub/scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml

@@ -12,5 +12,13 @@ data:
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2018-20062
+  behavior: "http:exploit"
+  label: "ThinkPHP CVE-2018-20062"
   remediation: true
+  service: thinkphp

crowdsec/hub/scenarios/crowdsecurity/vmware-cve-2022-22954.yaml

@@ -7,5 +7,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2022-22954
+  behavior: "vm-management:exploit"
+  label: "VMWARE CVE-2022-22954"
   remediation: true
+  service: vmware

crowdsec/hub/scenarios/crowdsecurity/vmware-vcenter-vmsa-2021-0027.yaml

@@ -7,5 +7,13 @@ filter: |
 groupby: "evt.Meta.source_ip"
 blackhole: 2m
 labels:
-  type: exploit
+  confidence: 3
+  spoofable: 0
+  classification:
+    - attack.T1190
+    - attack.T1595
+    - cve.CVE-2021-0027
+  behavior: "vm-management:exploit"
+  label: "VMWARE VCenter VMSA CVE-2021-0027"
   remediation: true
+  service: vmware

crowdsec/hub/scenarios/ltsich/http-w00tw00t.yaml

@@ -7,6 +7,11 @@ filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name contains
 groupby: evt.Meta.source_ip
 blackhole: 5m
 labels:
- service: http
+  service: http
- type: scan
+  classification:
- remediation: true
+    - attack.T1595
+  spoofable: 0
+  confidence: 3
+  behavior: "http:scan"
+  label: "w00t w00t Scanner"
+  remediation: true

crowdsec/scenarios/CVE-2023-22515.yaml

@@ -0,0 +1 @@
+/etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml

csf/changelog.txt

@@ -1,5 +1,15 @@
 ChangeLog:
 
+14.20 - Modified MaxMind URLs to use https
+
+        Fixed DCOTYPE print order for integrated UI login
+
+        Added "Require all granted" to Messenger v3 .htaccess generation
+
+	Normalise source IP during connection tracking for IPv6 comparisons
+
+	Fixed regression for some IMAP logon failure detections
+
 14.19 - Switch to using iptables-nft if it exists in /usr/sbin/iptables-nft
 
         Added IO::Handle::clearerr() call before reading data from a log file

csf/csf.ignore

@@ -12,6 +12,7 @@
 # local network
 127.0.0.1
 192.168.1.0/24
+10.208.1.0/24
 
 # GZD
 85.121.136.12/32
@@ -25,26 +26,12 @@
 # Madrivo
 208.68.37.110/32
 
-# Vodafone
-46.97.176.82
-
-# Digi
-86.126.37.205
-
 # RND
 82.76.35.226
 82.76.35.228
 86.120.251.224
 
-# CyberGhost VPN
+# Digi
-191.101.61.25
+188.26.53.107
-185.44.147.225
-185.44.147.129
-94.69.148.225
-94.70.109.113
-94.68.45.238
 
-# TEMP
+188.25.217.58
-80.106.207.66 # Halkidiki
-
-5.12.34.98

csf/version.txt

@@ -1 +1 @@
-14.19
+14.20

httpd/conf.d/ssl.conf

@@ -1,203 +0,0 @@
-#
-# When we also provide SSL we have to listen to the 
-# standard HTTPS port in addition.
-#
-Listen 443 https
-
-##
-##  SSL Global Context
-##
-##  All SSL configuration in this context applies both to
-##  the main server and all SSL-enabled virtual hosts.
-##
-
-#   Pass Phrase Dialog:
-#   Configure the pass phrase gathering process.
-#   The filtering dialog program (`builtin' is a internal
-#   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
-
-#   Inter-Process Session Cache:
-#   Configure the SSL Session Cache: First the mechanism 
-#   to use and second the expiring timeout (in seconds).
-SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
-SSLSessionCacheTimeout  300
-
-#
-# Use "SSLCryptoDevice" to enable any supported hardware
-# accelerators. Use "openssl engine -v" to list supported
-# engine names.  NOTE: If you enable an accelerator and the
-# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly. 
-#
-SSLCryptoDevice builtin
-#SSLCryptoDevice ubsec
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:443>
-
-# General setup for the virtual host, inherited from global configuration
-#DocumentRoot "/var/www/html"
-#ServerName www.example.com:443
-
-# Use separate log files for the SSL virtual host; note that LogLevel
-# is not inherited from httpd.conf.
-ErrorLog logs/ssl_error_log
-TransferLog logs/ssl_access_log
-LogLevel warn
-
-#   SSL Engine Switch:
-#   Enable/Disable SSL for this virtual host.
-SSLEngine on
-
-#   List the protocol versions which clients are allowed to connect with.
-#   The OpenSSL system profile is used by default.  See
-#   update-crypto-policies(8) for more details.
-#SSLProtocol all -SSLv3
-#SSLProxyProtocol all -SSLv3
-
-#   User agents such as web browsers are not configured for the user's
-#   own preference of either security or performance, therefore this
-#   must be the prerogative of the web server administrator who manages
-#   cpu load versus confidentiality, so enforce the server's cipher order.
-SSLHonorCipherOrder on
-
-#   SSL Cipher Suite:
-#   List the ciphers that the client is permitted to negotiate.
-#   See the mod_ssl documentation for a complete list.
-#   The OpenSSL system profile is configured by default.  See
-#   update-crypto-policies(8) for more details.
-SSLCipherSuite PROFILE=SYSTEM
-SSLProxyCipherSuite PROFILE=SYSTEM
-
-#   Point SSLCertificateFile at a PEM encoded certificate.  If
-#   the certificate is encrypted, then you will be prompted for a
-#   pass phrase.  Note that restarting httpd will prompt again.  Keep
-#   in mind that if you have both an RSA and a DSA certificate you
-#   can configure both in parallel (to also allow the use of DSA
-#   ciphers, etc.)
-#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
-#   require an ECC certificate which can also be configured in
-#   parallel.
-SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-
-#   Server Private Key:
-#   If the key is not combined with the certificate, use this
-#   directive to point at the key file.  Keep in mind that if
-#   you've both a RSA and a DSA private key you can configure
-#   both in parallel (to also allow the use of DSA ciphers, etc.)
-#   ECC keys, when in use, can also be configured in parallel
-SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-
-#   Server Certificate Chain:
-#   Point SSLCertificateChainFile at a file containing the
-#   concatenation of PEM encoded CA certificates which form the
-#   certificate chain for the server certificate. Alternatively
-#   the referenced file can be the same as SSLCertificateFile
-#   when the CA certificates are directly appended to the server
-#   certificate for convenience.
-#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
-
-#   Certificate Authority (CA):
-#   Set the CA certificate verification path where to find CA
-#   certificates for client authentication or alternatively one
-#   huge file containing all of them (file must be PEM encoded)
-#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
-
-#   Client Authentication (Type):
-#   Client certificate verification type and depth.  Types are
-#   none, optional, require and optional_no_ca.  Depth is a
-#   number which specifies how deeply to verify the certificate
-#   issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth  10
-
-#   Access Control:
-#   With SSLRequire you can do per-directory access control based
-#   on arbitrary complex boolean expressions containing server
-#   variable checks and other lookup directives.  The syntax is a
-#   mixture between C and Perl.  See the mod_ssl documentation
-#   for more details.
-#<Location />
-#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-#</Location>
-
-#   SSL Engine Options:
-#   Set various options for the SSL engine.
-#   o FakeBasicAuth:
-#     Translate the client X.509 into a Basic Authorisation.  This means that
-#     the standard Auth/DBMAuth methods can be used for access control.  The
-#     user name is the `one line' version of the client's X.509 certificate.
-#     Note that no password is obtained from the user. Every entry in the user
-#     file needs this password: `xxj31ZMTZzkVA'.
-#   o ExportCertData:
-#     This exports two additional environment variables: SSL_CLIENT_CERT and
-#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-#     server (always existing) and the client (only existing when client
-#     authentication is used). This can be used to import the certificates
-#     into CGI scripts.
-#   o StdEnvVars:
-#     This exports the standard SSL/TLS related `SSL_*' environment variables.
-#     Per default this exportation is switched off for performance reasons,
-#     because the extraction step is an expensive operation and is usually
-#     useless for serving static content. So one usually enables the
-#     exportation for CGI and SSI requests only.
-#   o StrictRequire:
-#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-#     under a "Satisfy any" situation, i.e. when it applies access is denied
-#     and no other module can change it.
-#   o OptRenegotiate:
-#     This enables optimized SSL connection renegotiation handling when SSL
-#     directives are used in per-directory context. 
-#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
-    SSLOptions +StdEnvVars
-</FilesMatch>
-<Directory "/var/www/cgi-bin">
-    SSLOptions +StdEnvVars
-</Directory>
-
-#   SSL Protocol Adjustments:
-#   The safe and default but still SSL/TLS standard compliant shutdown
-#   approach is that mod_ssl sends the close notify alert but doesn't wait for
-#   the close notify alert from client. When you need a different shutdown
-#   approach you can use one of the following variables:
-#   o ssl-unclean-shutdown:
-#     This forces an unclean shutdown when the connection is closed, i.e. no
-#     SSL close notify alert is sent or allowed to be received.  This violates
-#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
-#     this when you receive I/O errors because of the standard approach where
-#     mod_ssl sends the close notify alert.
-#   o ssl-accurate-shutdown:
-#     This forces an accurate shutdown when the connection is closed, i.e. a
-#     SSL close notify alert is sent and mod_ssl waits for the close notify
-#     alert of the client. This is 100% SSL/TLS standard compliant, but in
-#     practice often causes hanging connections with brain-dead browsers. Use
-#     this only for browsers where you know that their SSL implementation
-#     works correctly. 
-#   Notice: Most problems of broken clients are also related to the HTTP
-#   keep-alive facility, so you usually additionally want to disable
-#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
-#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
-#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-#   "force-response-1.0" for this.
-BrowserMatch "MSIE [2-5]" \
-         nokeepalive ssl-unclean-shutdown \
-         downgrade-1.0 force-response-1.0
-
-#   Per-Server Logging:
-#   The home of a custom SSL log file. Use this when you want a
-#   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>
-

kernel/install.d/dkms

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "add" ]; then
-	/etc/kernel/postinst.d/dkms "$2"
-fi
-
-if [ "$1" = "remove" ]; then
-	/etc/kernel/prerm.d/dkms "$2"
-fi

letsencrypt/archive/mully.898.ro/cert1.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE8jCCA9qgAwIBAgISA0IxtFv7M2B7/oA8bcz3gs6uMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMzEwMTIwNzIyMzdaFw0yNDAxMTAwNzIyMzZaMBcxFTATBgNVBAMT
+DG11bGx5Ljg5OC5ybzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlC
+q1iS5CuJ24y/VhV8NzMxdaMuZKR5guthODPuqBJB8pzM9gvYJRBJB1S61rHaDdES
+uyuznstUk+4pHgnJZjdTCAt+szH+UOnUl9zXKQuHJeT13ubPRUwpkMM5Q1A94mVg
+WdODYRyIPzIzjGmgs+tXq+Y55eQ20kdOj/A+5TI/clEvE56kDDnuwWT1oL8Pmdm6
+CuTsrAgxKngXIcrnptHntm2H985bLSLa5pqAktqaZX69PckUTsdauDA7IzdDe3/y
+XEGLCn8eZBKYQGBhsZ+1ZCg3FJZxqgZ4WanatJJpgFGPl+zCSMXuqjsXPmvktYLv
+wb/uxZHz4+D1qYByXXcCAwEAAaOCAhswggIXMA4GA1UdDwEB/wQEAwIFoDAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
+FgQUFOIPOI5oTkyYdv2skijY/4y3zHAwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
+5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
+by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
+JAYDVR0RBB0wG4IMbXVsbHkuODk4LnJvggttdWxseS5nby5ybzATBgNVHSAEDDAK
+MAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ADtTd3U+LbmATosw
+Wwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABiyL7AXcAAAQDAEYwRAIgBcyus3MXawdM
+3q7J5uqLGrhTgKxfkiMhWuf0b8cI58ACIBWVO5W7yOT1BdAkB3YlYEGZQmS/b9gi
+3EOZQEiN8Ee4AHcA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGL
+IvsBoQAABAMASDBGAiEAwmtz0nzjW0qPH0pJTU7sju7iHtD9xb/3xCrOcU0A3ZoC
+IQDQHNQWMUK0pntk+JwzdgDcBcKRvTGEoZqHZVpK7DFlBjANBgkqhkiG9w0BAQsF
+AAOCAQEAckgayucapcYCHsLb+EGEgCzM8ow9mB510nfuByckqcnIDxLQSGQuNmZg
+wISZUJRqZkbJ3VBDf8uFAKcdcIFiCKa+LIp/kuz/HzImtMPF8LsK/iONYy/rqEs3
+KuLNIuWxRWhiwXwMEK52kZRYG4WQmFg1rkcSSRwvRsyrQDCf4eZkLUQXxkF1r+Pe
+F5Ogi1yRblnUz6J28c9gnvDbN2LX3XoQQ9O8FkZNBbuZmBkn3g8QP/ddL5d9Km5H
+3FRMzLmT0sAGNA+UiYNX2lxGqdvw4pJCsNz8PrE7HqNJUwJ2VnTSaJTJqxG0aIs+
+nrIEVJuJPDBaOy0cxL1ufEEYMQ3idQ==
+-----END CERTIFICATE-----

letsencrypt/archive/mully.898.ro/chain1.pem

@@ -0,0 +1,61 @@
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----

letsencrypt/archive/mully.898.ro/fullchain1.pem

@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIE8jCCA9qgAwIBAgISA0IxtFv7M2B7/oA8bcz3gs6uMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMzEwMTIwNzIyMzdaFw0yNDAxMTAwNzIyMzZaMBcxFTATBgNVBAMT
+DG11bGx5Ljg5OC5ybzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlC
+q1iS5CuJ24y/VhV8NzMxdaMuZKR5guthODPuqBJB8pzM9gvYJRBJB1S61rHaDdES
+uyuznstUk+4pHgnJZjdTCAt+szH+UOnUl9zXKQuHJeT13ubPRUwpkMM5Q1A94mVg
+WdODYRyIPzIzjGmgs+tXq+Y55eQ20kdOj/A+5TI/clEvE56kDDnuwWT1oL8Pmdm6
+CuTsrAgxKngXIcrnptHntm2H985bLSLa5pqAktqaZX69PckUTsdauDA7IzdDe3/y
+XEGLCn8eZBKYQGBhsZ+1ZCg3FJZxqgZ4WanatJJpgFGPl+zCSMXuqjsXPmvktYLv
+wb/uxZHz4+D1qYByXXcCAwEAAaOCAhswggIXMA4GA1UdDwEB/wQEAwIFoDAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
+FgQUFOIPOI5oTkyYdv2skijY/4y3zHAwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
+5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
+by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
+JAYDVR0RBB0wG4IMbXVsbHkuODk4LnJvggttdWxseS5nby5ybzATBgNVHSAEDDAK
+MAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ADtTd3U+LbmATosw
+Wwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABiyL7AXcAAAQDAEYwRAIgBcyus3MXawdM
+3q7J5uqLGrhTgKxfkiMhWuf0b8cI58ACIBWVO5W7yOT1BdAkB3YlYEGZQmS/b9gi
+3EOZQEiN8Ee4AHcA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGL
+IvsBoQAABAMASDBGAiEAwmtz0nzjW0qPH0pJTU7sju7iHtD9xb/3xCrOcU0A3ZoC
+IQDQHNQWMUK0pntk+JwzdgDcBcKRvTGEoZqHZVpK7DFlBjANBgkqhkiG9w0BAQsF
+AAOCAQEAckgayucapcYCHsLb+EGEgCzM8ow9mB510nfuByckqcnIDxLQSGQuNmZg
+wISZUJRqZkbJ3VBDf8uFAKcdcIFiCKa+LIp/kuz/HzImtMPF8LsK/iONYy/rqEs3
+KuLNIuWxRWhiwXwMEK52kZRYG4WQmFg1rkcSSRwvRsyrQDCf4eZkLUQXxkF1r+Pe
+F5Ogi1yRblnUz6J28c9gnvDbN2LX3XoQQ9O8FkZNBbuZmBkn3g8QP/ddL5d9Km5H
+3FRMzLmT0sAGNA+UiYNX2lxGqdvw4pJCsNz8PrE7HqNJUwJ2VnTSaJTJqxG0aIs+
+nrIEVJuJPDBaOy0cxL1ufEEYMQ3idQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----

letsencrypt/archive/mully.898.ro/privkey1.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpQqtYkuQriduM
+v1YVfDczMXWjLmSkeYLrYTgz7qgSQfKczPYL2CUQSQdUutax2g3RErsrs57LVJPu
+KR4JyWY3UwgLfrMx/lDp1Jfc1ykLhyXk9d7mz0VMKZDDOUNQPeJlYFnTg2EciD8y
+M4xpoLPrV6vmOeXkNtJHTo/wPuUyP3JRLxOepAw57sFk9aC/D5nZugrk7KwIMSp4
+FyHK56bR57Zth/fOWy0i2uaagJLammV+vT3JFE7HWrgwOyM3Q3t/8lxBiwp/HmQS
+mEBgYbGftWQoNxSWcaoGeFmp2rSSaYBRj5fswkjF7qo7Fz5r5LWC78G/7sWR8+Pg
+9amAcl13AgMBAAECggEAJL+x3hA+c+mBfoSIVy/Z+EZzyRMojMFJGHvKLRRS72vc
+Fgk2Hoo2OdvxOIc8V+8E8vDDLJDaGEFrwNiyieNtSvO/GmfO1jrmLG6Y7jzUz4jv
+RE/RroEwBYI8yPYk1EYrYmFR/2dV7VDzj527ja9zgNRPITRO4oa4jvzSqZGuR4M+
+lDBz5eA6/RBo6nd86ih1Gu4jgldL/Z2lRCOYjhfmKbF467im5su3rbmx49EFqfsZ
+rVFuMR3M1JjNblJN8vpQDeDSpFb77bwGzogJsZtGnZegH1DPU0sS8KsovLLfxdZy
+RIVUOokCN8DCknZmO1LCY+/SKEZqmZNKv9QidIb1WQKBgQDSoXobLsVBx4AFoHMN
+O/cp4IQhMFn7YOhwQ/xNKbtvqcK6EslwiWKs4QpHl136OyWalhY6VjFLFcR5hs7i
+mvfH0lXPgbVzulxbMdZIfCMbq1qZcm7Z6BsfAdDfn7O7xZ5rX2cO8jLN4+DEFx8K
+sFfwS4Na62C4hGdK7YIE/Xk/gwKBgQDNt/bjtHgiWQobl5igeOfWe01dpsbuYjQc
+fpwav20WgnxpvSWk4BBLjV9INmBViGU8dpEb1db6p6Ts3ty2QFrVA0n1tVogf33k
+M46ZR/QY5gLa2XXaWmIEcmsJRZ7yvfbjmJYW4SuYl1YXvSYoXfVp5cGt6aYEj6Wr
+8qBPaxKz/QKBgQCWh8rRZHKbGS3YV5wB6EozBn7HjVuxeMeFfEDzEJEhM2y0OLr4
+D2eS79293mLOc7jjKsJF/NWLuMnKpFp0vpW4nAyxmRyJ0bUxg4OGGBmrK6I7Kfop
+B2VimpShTOxRlOEsEWmA1/0RAfvfiDqqE+81D3KX5sIf/Jgph2Y1lMUzawKBgCU4
+AFoIH6gPNe3yCnIWDdPXMRMdhmZArC7vlSydr43gA8RZrULcKvaQWEnHVLyE1dQP
+m4dOs/tbc1JLq+DpWcWqN6pVqj2w80TjMwx2YSpUCvYvW8wqiAtH7CecSfqe9dkN
+lTIEgQ+1aaUX2px5C1qib90YJaozlwS5+9kChTq9AoGBAIlO8jMh9OMCzeE6Kol0
+GpWqEtx21H7LebJNFZO+LVYvVo1z7RNc4tzESqKSzEB9nAz99kWu1bAzW0ju9Wz4
+y+1a5mN9BuaWyHWRz/s6XaP2Psbgcoh+DWobpY6Wgos5HrRrs/0jNScY8fi76dWK
+XV1ZaatHcaZw0qHSdN4z35ee
+-----END PRIVATE KEY-----

letsencrypt/csr/0545_csr-certbot.pem

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICfDCCAWQCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlC
+q1iS5CuJ24y/VhV8NzMxdaMuZKR5guthODPuqBJB8pzM9gvYJRBJB1S61rHaDdES
+uyuznstUk+4pHgnJZjdTCAt+szH+UOnUl9zXKQuHJeT13ubPRUwpkMM5Q1A94mVg
+WdODYRyIPzIzjGmgs+tXq+Y55eQ20kdOj/A+5TI/clEvE56kDDnuwWT1oL8Pmdm6
+CuTsrAgxKngXIcrnptHntm2H985bLSLa5pqAktqaZX69PckUTsdauDA7IzdDe3/y
+XEGLCn8eZBKYQGBhsZ+1ZCg3FJZxqgZ4WanatJJpgFGPl+zCSMXuqjsXPmvktYLv
+wb/uxZHz4+D1qYByXXcCAwEAAaA3MDUGCSqGSIb3DQEJDjEoMCYwJAYDVR0RBB0w
+G4IMbXVsbHkuODk4LnJvggttdWxseS5nby5ybzANBgkqhkiG9w0BAQsFAAOCAQEA
+eReIFF8uErBmrF8USEziXHRueJ6un8dYeW3RuPHde3zrGc0ej4WrFSH1S+IY+52K
+tboPtNkzzH6YkexQ9/plSlqlRxXoDLTVsEJk8xycGmxG8T1EjG91PBdekNJf8MH6
+Wq+iCW2lj2c6sxWF9L39vvQHnr7oU3VRGgnz8+k2xC9gWiXu1EpbJ9aNTKvRZGAp
+so5BRY6yAEFfj6gvZZUNCj7qCbhQf+8O8m6Ntd+1HPiwtMAT5wW+RIjJPxOea8MA
+IYLqKA+nPa7QbYpFFpG5prb4yWAEPUY996LAHkdFgmoMdK4E3qur8BGd3o8kBky2
+IIH2W/1K/K6VXgFXojl8sQ==
+-----END CERTIFICATE REQUEST-----

letsencrypt/keys/0545_key-certbot.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpQqtYkuQriduM
+v1YVfDczMXWjLmSkeYLrYTgz7qgSQfKczPYL2CUQSQdUutax2g3RErsrs57LVJPu
+KR4JyWY3UwgLfrMx/lDp1Jfc1ykLhyXk9d7mz0VMKZDDOUNQPeJlYFnTg2EciD8y
+M4xpoLPrV6vmOeXkNtJHTo/wPuUyP3JRLxOepAw57sFk9aC/D5nZugrk7KwIMSp4
+FyHK56bR57Zth/fOWy0i2uaagJLammV+vT3JFE7HWrgwOyM3Q3t/8lxBiwp/HmQS
+mEBgYbGftWQoNxSWcaoGeFmp2rSSaYBRj5fswkjF7qo7Fz5r5LWC78G/7sWR8+Pg
+9amAcl13AgMBAAECggEAJL+x3hA+c+mBfoSIVy/Z+EZzyRMojMFJGHvKLRRS72vc
+Fgk2Hoo2OdvxOIc8V+8E8vDDLJDaGEFrwNiyieNtSvO/GmfO1jrmLG6Y7jzUz4jv
+RE/RroEwBYI8yPYk1EYrYmFR/2dV7VDzj527ja9zgNRPITRO4oa4jvzSqZGuR4M+
+lDBz5eA6/RBo6nd86ih1Gu4jgldL/Z2lRCOYjhfmKbF467im5su3rbmx49EFqfsZ
+rVFuMR3M1JjNblJN8vpQDeDSpFb77bwGzogJsZtGnZegH1DPU0sS8KsovLLfxdZy
+RIVUOokCN8DCknZmO1LCY+/SKEZqmZNKv9QidIb1WQKBgQDSoXobLsVBx4AFoHMN
+O/cp4IQhMFn7YOhwQ/xNKbtvqcK6EslwiWKs4QpHl136OyWalhY6VjFLFcR5hs7i
+mvfH0lXPgbVzulxbMdZIfCMbq1qZcm7Z6BsfAdDfn7O7xZ5rX2cO8jLN4+DEFx8K
+sFfwS4Na62C4hGdK7YIE/Xk/gwKBgQDNt/bjtHgiWQobl5igeOfWe01dpsbuYjQc
+fpwav20WgnxpvSWk4BBLjV9INmBViGU8dpEb1db6p6Ts3ty2QFrVA0n1tVogf33k
+M46ZR/QY5gLa2XXaWmIEcmsJRZ7yvfbjmJYW4SuYl1YXvSYoXfVp5cGt6aYEj6Wr
+8qBPaxKz/QKBgQCWh8rRZHKbGS3YV5wB6EozBn7HjVuxeMeFfEDzEJEhM2y0OLr4
+D2eS79293mLOc7jjKsJF/NWLuMnKpFp0vpW4nAyxmRyJ0bUxg4OGGBmrK6I7Kfop
+B2VimpShTOxRlOEsEWmA1/0RAfvfiDqqE+81D3KX5sIf/Jgph2Y1lMUzawKBgCU4
+AFoIH6gPNe3yCnIWDdPXMRMdhmZArC7vlSydr43gA8RZrULcKvaQWEnHVLyE1dQP
+m4dOs/tbc1JLq+DpWcWqN6pVqj2w80TjMwx2YSpUCvYvW8wqiAtH7CecSfqe9dkN
+lTIEgQ+1aaUX2px5C1qib90YJaozlwS5+9kChTq9AoGBAIlO8jMh9OMCzeE6Kol0
+GpWqEtx21H7LebJNFZO+LVYvVo1z7RNc4tzESqKSzEB9nAz99kWu1bAzW0ju9Wz4
+y+1a5mN9BuaWyHWRz/s6XaP2Psbgcoh+DWobpY6Wgos5HrRrs/0jNScY8fi76dWK
+XV1ZaatHcaZw0qHSdN4z35ee
+-----END PRIVATE KEY-----

letsencrypt/live/mully.898.ro/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

letsencrypt/live/mully.898.ro/cert.pem

@@ -0,0 +1 @@
+../../archive/mully.898.ro/cert1.pem

letsencrypt/live/mully.898.ro/chain.pem

@@ -0,0 +1 @@
+../../archive/mully.898.ro/chain1.pem

letsencrypt/live/mully.898.ro/fullchain.pem

@@ -0,0 +1 @@
+../../archive/mully.898.ro/fullchain1.pem

letsencrypt/live/mully.898.ro/privkey.pem

@@ -0,0 +1 @@
+../../archive/mully.898.ro/privkey1.pem

letsencrypt/renewal/mully.898.ro.conf

@@ -0,0 +1,14 @@
+# renew_before_expiry = 30 days
+version = 1.22.0
+archive_dir = /etc/letsencrypt/archive/mully.898.ro
+cert = /etc/letsencrypt/live/mully.898.ro/cert.pem
+privkey = /etc/letsencrypt/live/mully.898.ro/privkey.pem
+chain = /etc/letsencrypt/live/mully.898.ro/chain.pem
+fullchain = /etc/letsencrypt/live/mully.898.ro/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = 995d0d90943dc1603856ca5d83fcd7e0
+authenticator = nginx
+installer = nginx
+server = https://acme-v02.api.letsencrypt.org/directory

nagios/nrpe.cfg

@@ -47,9 +47,9 @@ command[check_redis]=/usr/lib64/nagios/plugins/check_redis $ARG1$
 command[check_varnish]=/usr/lib64/nagios/plugins/check_varnish $ARG1$
 command[check_haproxy_stats]=/usr/lib64/nagios/plugins/check_haproxy $ARG1$ -U admin -P d8z4a80 --http-error-critical
 
-command[check_linux_ftp]=/usr/lib64/nagios/plugins/check_ftp -H zira.go.ro $ARG1$
+command[check_linux_ftp]=/usr/lib64/nagios/plugins/check_ftp -H mully.go.ro $ARG1$
-command[check_linux_smtp]=/usr/lib64/nagios/plugins/check_smtp -H zira.go.ro $ARG1$
+command[check_linux_smtp]=/usr/lib64/nagios/plugins/check_smtp -H mully.go.ro $ARG1$
-command[check_linux_pop]=/usr/lib64/nagios/plugins/check_pop -H zira.go.ro $ARG1$
+command[check_linux_pop]=/usr/lib64/nagios/plugins/check_pop -H mully.go.ro $ARG1$
-command[check_linux_imap]=/usr/lib64/nagios/plugins/check_imap -H zira.go.ro $ARG1$
+command[check_linux_imap]=/usr/lib64/nagios/plugins/check_imap -H mully.go.ro $ARG1$
 
 include_dir=/etc/nrpe.d/

nginx/conf.d/_zira.go.ro.conf

@@ -1,44 +0,0 @@
-server {
-    listen 192.168.1.2:80;
-    server_name	zira.go.ro;
-    charset	utf-8;
-    root /var/www/html/vhosts/club3d.ro/;
-    index index.php index.html index.htm; 
-
-    access_log /var/log/nginx/club3d.ro.access.log;
-    error_log /var/log/nginx/club3d.ro.error.log;
-
-    location ~* \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        include       fastcgi_params;
-        fastcgi_pass  unix:/var/run/php-fpm.sock;
-        fastcgi_index index.php;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-    }
-
-   
-   location /madalin {
-	  autoindex on;
-   }
-
-   # gzip should not be used with SSL
-   gzip off;
-   
-   location /sgwi {
-        auth_basic "Private Zone";
-        auth_basic_user_file /etc/nginx/.htpasswd;
-   }
-
-   listen 192.168.1.2:443 ssl http2; # managed by Certbot
-   ssl_certificate /etc/letsencrypt/live/zira.go.ro/fullchain.pem;
-   ssl_certificate_key /etc/letsencrypt/live/zira.go.ro/privkey.pem;
-   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-
-   ### redirect
-   if ($scheme != "https") {
-	 return 301 https://$host$request_uri;
-   } # managed by Certbot
-
-}

nginx/conf.d/mully.go.ro.conf

@@ -0,0 +1,33 @@
+server {
+    server_name mully.go.ro mully.898.ro;
+    charset	utf-8;
+
+    listen 192.168.1.2:443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/mully.898.ro/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mully.898.ro/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+	location / {
+		allow 192.168.1.0/24;
+		allow 10.208.1.0/24;
+		allow 85.121.136.12/32;
+	    allow 188.26.53.107/32;
+		deny all;
+		proxy_pass http://192.168.1.5:80;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header Host $http_host;
+	}
+
+}
+
+server {
+    if ($host = mully.go.ro) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 192.168.1.2:80;
+    server_name mully.go.ro mully.898.ro;
+    return 404; # managed by Certbot
+}
+

nginx/conf.d/zira.898.ro.conf

@@ -1,12 +0,0 @@
-server {
-	listen 192.168.1.2:80;
-    server_name zira.898.ro;
-    charset utf-8;
-    root /var/www/html/zira.898.ro;
-    index index.php index.html index.htm;
-
-    access_log /var/log/nginx/zira.898.ro.access.log;
-    error_log /var/log/nginx/zira.898.ro.error.log;
-
-    #location / { rewrite ^ https://zira.898.ro$request_uri permanent; }
-}

nginx/conf.d/zira.go.ro.conf

@@ -1,12 +0,0 @@
-server {
-    listen 192.168.1.2:80;
-    server_name zira.go.ro;
-    charset	utf-8;
-
-	location / {
-		proxy_pass  http://192.168.1.5:80;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header Host $http_host;
-	}
-}
-

pki/ca-trust/extracted/pem/email-ca-bundle.pem

@@ -260,6 +260,56 @@ ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK
 GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV
 -----END CERTIFICATE-----
 
+# BJCA Global Root CA1
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU
+MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI
+T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz
+MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF
+SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh
+bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z
+xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ
+spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5
+58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR
+at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll
+5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq
+nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK
+V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/
+pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO
+z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn
+jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+
+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF
+7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
+YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli
+awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u
++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88
+X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN
+SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo
+P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI
++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz
+znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9
+eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2
+YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy
+r/6zcCwupvI=
+-----END CERTIFICATE-----
+
+# BJCA Global Root CA2
+-----BEGIN CERTIFICATE-----
+MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw
+CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ
+VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy
+MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ
+TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS
+b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B
+IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+
++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK
+sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA
+94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B
+43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
+-----END CERTIFICATE-----
+
 # Baltimore CyberTrust Root
 -----BEGIN CERTIFICATE-----
 MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
@@ -427,36 +477,6 @@ eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
 tGWaIZDgqtCYvDi1czyL+Nw=
 -----END CERTIFICATE-----
 
-# Camerfirma Global Chambersign Root
------BEGIN CERTIFICATE-----
-MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
-MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
-ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
-YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
-MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
-NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
-A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
-A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
-Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
-QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
-eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
-B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
-z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
-AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
-ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
-TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
-MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
-VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
-VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
-bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
-AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
-bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
-ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
-VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
-ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
-AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
------END CERTIFICATE-----
-
 # Certigna
 -----BEGIN CERTIFICATE-----
 MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
@@ -749,6 +769,58 @@ h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln
 tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA==
 -----END CERTIFICATE-----
 
+# DIGITALSIGN GLOBAL ROOT ECDSA CA
+-----BEGIN CERTIFICATE-----
+MIICajCCAfCgAwIBAgIUNi2PcoiiKCfkAP8kxi3k6/qdtuEwCgYIKoZIzj0EAwMw
+ZDELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRv
+cmEgRGlnaXRhbDEpMCcGA1UEAwwgRElHSVRBTFNJR04gR0xPQkFMIFJPT1QgRUNE
+U0EgQ0EwHhcNMjEwMTIxMTEwNzUwWhcNNDYwMTE1MTEwNzUwWjBkMQswCQYDVQQG
+EwJQVDEqMCgGA1UECgwhRGlnaXRhbFNpZ24gQ2VydGlmaWNhZG9yYSBEaWdpdGFs
+MSkwJwYDVQQDDCBESUdJVEFMU0lHTiBHTE9CQUwgUk9PVCBFQ0RTQSBDQTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABG4Lo6szTRzqSuj8BI0UoH3wCCxfg6uT0dJ7utdJ
+fY/sElBf1LnL5fD5M2MfyVfsQNgRC5foUhbMKY70BoYeONw9V8Tuqr3IVAQmWicT
+UUc9Hx8ajqiVpDPQzEfMbbj8SKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
+GDAWgBTOr0qLGnXi8TjnAvAWrV7qZNV7tDAdBgNVHQ4EFgQUzq9Kixp14vE45wLw
+Fq1e6mTVe7QwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMAqIxHGc
+RANNjbTHvKiu2TAnNWprFmPX/OdZ4aeJG0wxmiNVRObzQyHVRydvbVcBqgIxAPuy
+6uKXf1G1n0jrvG81iahkcKtXds3AxhRgyn/iggBz98w16o4km+UIWccEjHN4/g==
+-----END CERTIFICATE-----
+
+# DIGITALSIGN GLOBAL ROOT RSA CA
+-----BEGIN CERTIFICATE-----
+MIIFtTCCA52gAwIBAgIUXVnIyqsJV/XmtdoplARq/8XUlYcwDQYJKoZIhvcNAQEN
+BQAwYjELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmlj
+YWRvcmEgRGlnaXRhbDEnMCUGA1UEAwweRElHSVRBTFNJR04gR0xPQkFMIFJPT1Qg
+UlNBIENBMB4XDTIxMDEyMTEwNTAzNFoXDTQ2MDExNTEwNTAzNFowYjELMAkGA1UE
+BhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRvcmEgRGlnaXRh
+bDEnMCUGA1UEAwweRElHSVRBTFNJR04gR0xPQkFMIFJPT1QgUlNBIENBMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIe2ONMc8N4S+IPHxIriibi0Inp4
++AxmUWh2NwrVT8JaCLgWXPdyAQk3hIEqVGvXktBs+qinQxI06w7bNw8p/ooxUULo
+S5yQqMgsEdP9oCl+zt6U9oLgWLRORSXxIvI90w97VBrcMrbWUU5+QbRXuCzGuQ4u
+ylfx1cjTWOel6UIRrtMgJZRp14/Kog3D058HaD8V0mcuU/12gpsLc6kpDZ4RkxQI
+mOyeVBJKVqIGFexrbC6SYC6GDa6CH1FN47IH1xAZVyL2qWlEhPPZPaAGv8yIfn/1
+zlulwipqdELqb6b/+Wix0F+9kdJVbzNXTB6d5OKLwYVloOBqnAAAiJLdWAgW8nAx
+qBzh3r1OcenWvn61oVrDTfe/m72UpP31qlOTRskmAQRwxKBxus4lZvuRflVw7kkK
+TWJ/wlCacvIYZ53pRag0hOj4gfbRWiIeB087s3/dEaVz3L6pGTppqW0bMuKJqqUn
+C1p+dOIPZDldfly5wRf8x41eyewk7dLyP3qERTcCvj5rWcTmWxZtwKqeqrVZLixw
+VZzMmZaYJFTRjtrKtBG0t3BDH2+QCyCgqHYTZdvbI1p1S6ELMXcK7n1oYRoTjOpR
+flxWo1dMXaHrE2W/VBTM8+7c1+w8l/J4Vrjfclxw/M4G3Z/SBzHv51KRns2618AY
+RAcxZUkyaRNK648CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW
+gBS1Nrw8jBqrLPZZGS2DFNqTJRXWhjAdBgNVHQ4EFgQUtTa8PIwaqyz2WRktgxTa
+kyUV1oYwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4ICAQAU+zElODH4
+ygiyI3Y4rfjTWfXMtFcl4US+fvwW7K76Jp9PZxZKVvD97ccZATSOkFot1oBc7HHS
+gSWCHgBx35rR1R0iu9Gl82IPtOvcJHP+plbNmhTFBDUWMaIH66UA4rb4X3L9P2FJ
+jt5+TTjXeh50N2xR3L4ABLg4FPMgwe2bpyP9DUKEHX/yc8PQeGPxn+zXW+nxvmyg
+SwOejWnhFNqIEIEjU//aVCsLxrmWlQQYRvN7qJfYW2ik5DgcDkXlmNMJrppe7LN5
+DTly8vSUnQ6eYCLmqPZMhc0HgjpoOc09X+M49LavO2tKn2BRRaJAAuWqDOM+0XjU
+onScJroFmihwSj6mC9AdSfC6+K5BEH6kBxK9qM8pPVe7x/FDRwA+rnAYWiB7Ccs6
+OnCA5UxgmMEVwR1K98jwm+FyreddaFgLBLGMvJ+3+26LWwRV++sjVdd4UNoly74n
+NrskGnkcUdH+E7v/eCzcpL4v9sVLU8+nTJlecKxZiASuZAS/e6Z6TdPod72hflAV
+8+9JMIVNIVeq2yx1l62BAYeisXCdHgZaA2CxP6ZtgizUFLGBpeg9iB20cixYN4qO
+OJS4c92p4Lj2d6KzfFjermk6tYulGrvy2HQGnP1icyAhdrF+cJ4Z1OsXYhk4mc02
+K0f+McvfueSsCNPYpuvUnn5LZKRVXSsXyQ==
+-----END CERTIFICATE-----
+
 # DigiCert Assured ID Root CA
 -----BEGIN CERTIFICATE-----
 MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
@@ -904,6 +976,55 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
 +OkuE6N36B9K
 -----END CERTIFICATE-----
 
+# DigiCert SMIME ECC P384 Root G5
+-----BEGIN CERTIFICATE-----
+MIICHDCCAaOgAwIBAgIQBT9uoAYBcn3tP8OjtqPW7zAKBggqhkjOPQQDAzBQMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKDAmBgNVBAMTH0Rp
+Z2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN
+NDYwMTE0MjM1OTU5WjBQMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs
+IEluYy4xKDAmBgNVBAMTH0RpZ2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQWnVXlttT7+2drGtShqtJ3lT6I5QeftnBm
+ICikiOxwNa+zMv83E0qevAED3oTBuMbmZUeJ8hNVv82lHghgf61/6GGSKc8JR14L
+HMAfpL/yW7yY75lMzHBrtrrQKB2/vgSjQjBAMB0GA1UdDgQWBBRzemuW20IHi1Jm
+wmQyF/7gZ5AurTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
+hkjOPQQDAwNnADBkAjA3RPUygONx6/Rtz3zMkZrDbnHY0iNdkk2CQm1cYZX2kfWn
+CPZql+mclC2YcP0ztgkCMAc8L7lYgl4Po2Kok2fwIMNpvwMsO1CnO69BOMlSSJHW
+Dvu8YDB8ZD8SHkV/UT70pg==
+-----END CERTIFICATE-----
+
+# DigiCert SMIME RSA4096 Root G5
+-----BEGIN CERTIFICATE-----
+MIIFajCCA1KgAwIBAgIQBfa6BCODRst9XOa5W7ocVTANBgkqhkiG9w0BAQwFADBP
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJzAlBgNVBAMT
+HkRpZ2lDZXJ0IFNNSU1FIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBa
+Fw00NjAxMTQyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy
+dCwgSW5jLjEnMCUGA1UEAxMeRGlnaUNlcnQgU01JTUUgUlNBNDA5NiBSb290IEc1
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Gpb2fj5fey1e+9f3Vw0
+2Npd0ctldashfFsA1IJvRYVBiqkSAnIy8BT1A3W7Y5dJD0CZCxoeVqfS0OGr3eUE
+G+MfFBICiPWggAn2J5pQ8LrjouCsahSRtWs4EHqiMeGRG7e58CtbyHcJdrdRxDYK
+mVNURCW3CTWGFwVWkz1BtwLXYh+KkhGH6hFt6ggR3LF4SEmS9rRRgHgj2P7hVho6
+kBNWNInV4pWLX96yzPs/OLeF9+qevy6hLi9NfWoRLjag/xEIBJVV4Bs7Z5OplFXq
+Mu0GOn/Cf+OtEyfRNEGzMMO/tIj4A4Kk3z6reHegWZNx593rAAR7zEg5KOAeoxVp
+yDayoQuX31XW75GcpPYW91EK7gMjkdwE/+DdOPYiAwDCB3EaEsnXRiqUG83Wuxvu
+v75NUFiwC80wdin1z+W2ai92sLBpatBtZRg1fpO8chfBVULNL8Ilu/T9HaFkIlRd
+4p5yQYRucZbqRQe2XnpKhp1zZHc4A9IPU6VVIMRN/2hvVanq3XHkT9mFo3xOKQKe
+CwnyGlPMAKbd0TT2DcEwsZwCZKw17aWwKbHSlTMP0iAzvewjS/IZ+dqYZOQsMR8u
+4Y0cBJUoTYxYzUvlc4KGjOyo1nlc+2S73AxMKPYXr+Jo1haGmNv8AdwxuvicDvko
+Rkrh/ZYGRXkRaBdlXIsmh1sCAwEAAaNCMEAwHQYDVR0OBBYEFNGj1FcdT1XbdUxc
+Qp5jFs60xjsfMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBDAUAA4ICAQAHpwreU7ua63C/sjaQzeSnuPEM5F1aHXhl/Mm4HiMRV3xp
+NW0B/1NQvwcOuscBP1gqlHUDqxwLI9wbih43PR1Yj3PZsypv3xCgWwynyrB/uSSi
+ATUy5V5GQevYf3PnQumkUSZ3gQqo6w8KUJ1+iiBn/AuOOhHTxYxgGNlLsfzU8bRJ
+Tq6H4dH7dqFf8wbPl5YM6Z51gVxTDSL8NuZJbnTbAIWNfCKgjvsQTNRiE1vvS3Im
+i/xOio/+lxBTxXiLQmQbX+CJ/bsJf1DgVIUmEWodZflJKdx8Nt/7PffSrO4yjW6m
+fTmcRcTKDfU7tHlTpS9Wx1HFikxkXZBDI45rTBd4zOi/9TvkqEjPrZsM3zJK09kS
+jiN4DS2vn6+ePAnClwDtOmkccT8539OPxGb17zaUD/PdkraWX5Cm3XOqpiCUlCVq
+CQxy5BMjYEyjyhcue2cA29DN6nofOSZXiTB3y07llUVPX/s2XD35ILU6ECVPkzJa
+7sGW6OlWBLBJYU3seKidGMH/2OovVu+VK3sEXmfjVUDtOQT5C3n1aoxcD4makMfN
+i97bJjWhbs2zQvKiDzsMjpP/FM/895P35EEIbhlSEQ9TGXN4DM/YhYH4rVXIsJ5G
+Y6+cUu5cv/DAWzceCSDSPiPGoRVKDjZ+MMV5arwiiNkMUkAf3U4PZyYW0q0XHA==
+-----END CERTIFICATE-----
+
 # DigiCert Trusted Root G4
 -----BEGIN CERTIFICATE-----
 MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
@@ -1466,33 +1587,6 @@ lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof
 TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
 -----END CERTIFICATE-----
 
-# Hellenic Academic and Research Institutions RootCA 2011
------BEGIN CERTIFICATE-----
-MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix
-RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
-dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p
-YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw
-NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK
-EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl
-cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
-c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz
-dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ
-fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns
-bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD
-75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP
-FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp
-5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu
-b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
-A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p
-6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
-TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7
-dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys
-Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI
-l7WdmplNsDz4SgCbZN2fOUvRJ9e4
------END CERTIFICATE-----
-
 # Hellenic Academic and Research Institutions RootCA 2015
 -----BEGIN CERTIFICATE-----
 MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix
@@ -1957,6 +2051,22 @@ iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
 f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
 -----END CERTIFICATE-----
 
+# Security Communication ECC RootCA1
+-----BEGIN CERTIFICATE-----
+MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT
+AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD
+VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx
+NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT
+HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5
+IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl
+dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK
+ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu
+9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O
+be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=
+-----END CERTIFICATE-----
+
 # Security Communication RootCA2
 -----BEGIN CERTIFICATE-----
 MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
@@ -1980,6 +2090,40 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
 SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
 -----END CERTIFICATE-----
 
+# Security Communication RootCA3
+-----BEGIN CERTIFICATE-----
+MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV
+BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw
+JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2
+MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg
+Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r
+CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA
+lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG
+TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7
+9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7
+8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4
+g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we
+GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst
++3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M
+0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ
+T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw
+HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
+YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA
+FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd
+9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI
+UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+
+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke
+gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf
+iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV
+nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD
+2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//
+1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad
+TdJ0MN1kURXbg4NR16/9M51NZg==
+-----END CERTIFICATE-----
+
 # Security Communication Root CA
 -----BEGIN CERTIFICATE-----
 MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
@@ -2097,41 +2241,6 @@ ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
 Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
 -----END CERTIFICATE-----
 
-# SwissSign Platinum CA - G2
------BEGIN CERTIFICATE-----
-MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
-BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
-IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
-WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
-ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
-IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
-IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
-6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
-jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
-izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
-+zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
-zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
-pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
-KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
-ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
-AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
-ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
-IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
-A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
-uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
-FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
-jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
-u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
-YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
-puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
-icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
-DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
-kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
-Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
------END CERTIFICATE-----
-
 # SwissSign Silver CA - G2
 -----BEGIN CERTIFICATE-----
 MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE

pki/ca-trust/extracted/pem/tls-ca-bundle.pem

@@ -440,6 +440,56 @@ ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK
 GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV
 -----END CERTIFICATE-----
 
+# BJCA Global Root CA1
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU
+MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI
+T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz
+MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF
+SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh
+bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z
+xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ
+spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5
+58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR
+at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll
+5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq
+nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK
+V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/
+pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO
+z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn
+jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+
+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF
+7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
+YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli
+awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u
++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88
+X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN
+SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo
+P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI
++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz
+znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9
+eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2
+YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy
+r/6zcCwupvI=
+-----END CERTIFICATE-----
+
+# BJCA Global Root CA2
+-----BEGIN CERTIFICATE-----
+MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw
+CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ
+VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy
+MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ
+TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS
+b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B
+IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+
++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK
+sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA
+94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B
+43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
+-----END CERTIFICATE-----
+
 # Baltimore CyberTrust Root
 -----BEGIN CERTIFICATE-----
 MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
@@ -677,6 +727,54 @@ QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
 NVOFBkpdn627G190
 -----END CERTIFICATE-----
 
+# Certainly Root E1
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw
+CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu
+bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ
+BgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s
+eSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK
++IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2
+QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4
+hevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm
+ut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG
+BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR
+-----END CERTIFICATE-----
+
+# Certainly Root R1
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw
+PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy
+dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0
+YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2
+1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT
+vqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed
+aFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0
+1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5
+r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5
+cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ
+wHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ
+6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA
+2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH
+Wyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR
+eiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u
+d0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr
+PbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d
+8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi
+1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd
+rRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di
+taY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7
+lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj
+yTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn
+Kx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy
+yCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n
+wXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6
+OV+KmalBWQewLK8=
+-----END CERTIFICATE-----
+
 # Certigna
 -----BEGIN CERTIFICATE-----
 MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
@@ -1127,6 +1225,55 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
 +OkuE6N36B9K
 -----END CERTIFICATE-----
 
+# DigiCert TLS ECC P384 Root G5
+-----BEGIN CERTIFICATE-----
+MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp
+Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2
+MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ
+bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS
+7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp
+0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS
+B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49
+BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ
+LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4
+DXZDjC5Ty3zfDBeWUA==
+-----END CERTIFICATE-----
+
+# DigiCert TLS RSA4096 Root G5
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT
+HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN
+NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs
+IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+
+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0
+2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp
+wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM
+pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD
+nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po
+sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx
+Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd
+Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX
+KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe
+XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL
+tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv
+TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw
+GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H
+PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF
+O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ
+REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik
+AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv
+/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+
+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw
+MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF
+qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK
+ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+
+-----END CERTIFICATE-----
+
 # DigiCert Trusted Root G4
 -----BEGIN CERTIFICATE-----
 MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
@@ -1199,37 +1346,59 @@ y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
 NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
 -----END CERTIFICATE-----
 
-# EC-ACC
+# E-Tugra Global Root CA ECC v3
 -----BEGIN CERTIFICATE-----
-MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB
+MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw
-8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy
+gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn
-dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1
+cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD
-YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3
+VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2
-dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh
+NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r
-IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD
+YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh
-LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG
+IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF
-EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g
+Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ
-KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD
+KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK
-ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu
+fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB
-bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg
+Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C
-ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN
+MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R
+ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6
-85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm
+7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx
-4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV
+vmjkI6TZraE3
-HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd
+-----END CERTIFICATE-----
-QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t
+
-lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB
+# E-Tugra Global Root CA RSA v3
-o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+-----BEGIN CERTIFICATE-----
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4
+MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL
-opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo
+BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt
-dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW
+VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw
-ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN
+JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw
-AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y
+OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG
-/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k
+QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1
-SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy
+Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD
-Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS
+QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7
-Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl
+7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx
-nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI=
+uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8
+7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/
+rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL
+l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG
+wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4
+znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO
+M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK
+5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH
+nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo
+DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy
+tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ
+6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18
+Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ
+3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk
+vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9
+9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ
+mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA
+VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF
+9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM
+moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8
+bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ
 -----END CERTIFICATE-----
 
 # Entrust.net Premium 2048 Secure Server CA
@@ -1837,33 +2006,6 @@ lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof
 TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
 -----END CERTIFICATE-----
 
-# Hellenic Academic and Research Institutions RootCA 2011
------BEGIN CERTIFICATE-----
-MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix
-RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
-dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p
-YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw
-NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK
-EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl
-cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
-c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz
-dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ
-fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns
-bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD
-75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP
-FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp
-5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu
-b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
-A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p
-6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
-TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7
-dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys
-Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI
-l7WdmplNsDz4SgCbZN2fOUvRJ9e4
------END CERTIFICATE-----
-
 # Hellenic Academic and Research Institutions RootCA 2015
 -----BEGIN CERTIFICATE-----
 MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix
@@ -2282,31 +2424,6 @@ uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
 XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
 -----END CERTIFICATE-----
 
-# Network Solutions Certificate Authority
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
-MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
-MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
-UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
-ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
-c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
-OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
-mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
-BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
-qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
-gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
-BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
-bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
-dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
-6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
-h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
-/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
-wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
-pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
------END CERTIFICATE-----
-
 # OISTE WISeKey Global Root GB CA
 -----BEGIN CERTIFICATE-----
 MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt
@@ -2724,6 +2841,22 @@ iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
 f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
 -----END CERTIFICATE-----
 
+# Security Communication ECC RootCA1
+-----BEGIN CERTIFICATE-----
+MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT
+AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD
+VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx
+NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT
+HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5
+IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl
+dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK
+ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu
+9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O
+be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=
+-----END CERTIFICATE-----
+
 # Security Communication RootCA2
 -----BEGIN CERTIFICATE-----
 MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
@@ -2747,6 +2880,40 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
 SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
 -----END CERTIFICATE-----
 
+# Security Communication RootCA3
+-----BEGIN CERTIFICATE-----
+MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV
+BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw
+JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2
+MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg
+Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r
+CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA
+lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG
+TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7
+9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7
+8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4
+g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we
+GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst
++3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M
+0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ
+T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw
+HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS
+YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA
+FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd
+9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI
+UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+
+OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke
+gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf
+iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV
+nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD
+2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI//
+1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad
+TdJ0MN1kURXbg4NR16/9M51NZg==
+-----END CERTIFICATE-----
+
 # Security Communication Root CA
 -----BEGIN CERTIFICATE-----
 MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
@@ -2769,40 +2936,6 @@ JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
 RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
 -----END CERTIFICATE-----
 
-# Staat der Nederlanden EV Root CA
------BEGIN CERTIFICATE-----
-MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO
-TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh
-dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y
-MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg
-TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS
-b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS
-M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC
-UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d
-Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p
-rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l
-pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb
-j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC
-KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS
-/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X
-cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH
-1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP
-px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7
-MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
-eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u
-2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS
-v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC
-wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy
-CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e
-vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6
-Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa
-Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL
-eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8
-FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc
-7uzXLg==
------END CERTIFICATE-----
-
 # Starfield Class 2 CA
 -----BEGIN CERTIFICATE-----
 MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl

resolv.conf

@@ -1 +1,2 @@
-nameserver 192.168.1.2
+# Generated by NetworkManager
+search 898.ro

rspamd/modules.d/aws_s3.conf

@@ -1,16 +1,16 @@
 # Please don't modify this file as your changes might be overwritten with
 # the next update.
 #
-# You can modify 'local.d/asn.conf' to add and merge
+# You can modify 'local.d/aws_s3.conf' to add and merge
 # parameters defined inside this section
 #
-# You can modify 'override.d/asn.conf' to strictly override all
+# You can modify 'override.d/aws_s3.conf' to strictly override all
 # parameters defined inside this section
 #
 # See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
 # for details
 #
-# Module documentation can be found at  https://rspamd.com/doc/modules/asn.html
+# Module documentation can be found at  https://rspamd.com/doc/modules/aws_s3.html
 
 aws_s3 {
   # Required attributes

rspamd/modules.d/known_senders.conf

@@ -0,0 +1,31 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/known_senders.conf' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/known_senders.conf' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+#
+# Module documentation can be found at  https://rspamd.com/doc/modules/known_senders.html
+
+known_senders {
+  # This module is default-disabled
+  enabled = false;
+
+  # Domains to track senders
+  domains = "https://maps.rspamd.com/freemail/free.txt.zst";
+  # Maximum number of elements
+  max_senders = 100000;
+  # Maximum time to live (when not using bloom filters)
+  max_ttl = 30d;
+  # Use bloom filters (must be enabled in Redis as a plugin)
+  use_bloom = false;
+
+  .include(try=true,priority=5) "${DBDIR}/dynamic/known_senders.conf"
+  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/known_senders.conf"
+  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/known_senders.conf"
+}

rspamd/modules.d/phishing.conf

@@ -21,6 +21,12 @@ phishing {
   # Phishtank is disabled by default in the module, so let's enable it here explicitly
   phishtank_enabled = true;
 
+  # List of excluded hosts from checks over openphish, phishtank and generic_service
+  phishing_feed_exclusion_symbol = "PHISHED_EXCLUDED";
+  # Disabled by default
+  phishing_feed_exclusion_enabled = false;
+  phishing_feed_exclusion_map = "$LOCAL_CONFDIR/local.d/maps.d/phishing_feed_exclusion.inc";
+
   # Make exclusions for known redirectors and domains
   exceptions = {
     REDIRECTOR_FALSE = [

rspamd/modules.d/rbl.conf

@@ -110,11 +110,11 @@ rbl {
       whitelist_exception = "RCVD_IN_DNSWL_LOW";
       whitelist_exception = "DNSWL_BLOCKED";
       returncodes {
-        RCVD_IN_DNSWL_NONE = "127.0.%d+.0";
+        RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
-        RCVD_IN_DNSWL_LOW = "127.0.%d+.1";
+        RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
-        RCVD_IN_DNSWL_MED = "127.0.%d+.2";
+        RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
-        RCVD_IN_DNSWL_HI = "127.0.%d+.3";
+        RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
-        DNSWL_BLOCKED = "127.0.0.255";
+        DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
       }
     }
 
@@ -155,11 +155,11 @@ rbl {
       unknown = false;
 
       returncodes {
-        DWL_DNSWL_NONE = "127.0.%d+.0";
+        DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
-        DWL_DNSWL_LOW = "127.0.%d+.1";
+        DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
-        DWL_DNSWL_MED = "127.0.%d+.2";
+        DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
-        DWL_DNSWL_HI = "127.0.%d+.3";
+        DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
-        DWL_DNSWL_BLOCKED = "127.0.0.255";
+        DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
       }
     }
 

rspamd/modules.d/redis.conf

@@ -19,6 +19,7 @@ redis {
   #disabled_modules = ["ratelimit"]; # List of modules that should not use redis from this section
   #timeout = 1s;
   #db = "0";
+  #username = "some_username";
   #password = "some_password";
   .include(try=true,priority=5) "${DBDIR}/dynamic/redis.conf"
   .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/redis.conf"

rspamd/scores.d/phishing_group.conf

@@ -25,6 +25,10 @@ symbols = {
         description = "Phished URL";
         one_shot = true;
     }
+    "PHISHED_EXCLUDED" {
+        weight = 0.0;
+        description = "Phished URL found in exclusions list";
+    }
     "PHISHED_OPENPHISH" {
         weight = 7.0;
         description = "Phished URL found in openphish.com";

rspamd/scores.d/surbl_group.conf

@@ -27,25 +27,25 @@ symbols = {
         groups = ["surblorg", "blocked"];
     }
     "PH_SURBL_MULTI" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in SURBL as phishing";
         one_shot = true;
         groups = ["surblorg", "phishing"];
     }
     "MW_SURBL_MULTI" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in SURBL as malware";
         one_shot = true;
         groups = ["surblorg"];
     }
     "ABUSE_SURBL" {
-        weight = 5.5;
+        weight = 5.0;
         description = "A domain in the message is listed in SURBL as abused";
         one_shot = true;
         groups = ["surblorg"];
     }
     "CRACKED_SURBL" {
-        weight = 4.0;
+        weight = 5.0;
         description = "A domain in the message is listed in SURBL as cracked";
         one_shot = true;
         groups = ["surblorg"];
@@ -117,49 +117,49 @@ symbols = {
         groups = ["spamhaus"];
     }
     "DBL_PHISH" {
-        weight = 6.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as phishing";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_MALWARE" {
-        weight = 6.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as malware";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_BOTNET" {
-        weight = 5.5;
+        weight = 7.5;
         description = "A domain in the message is listed in Spamhaus DBL as botnet C&C";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE" {
-        weight = 6.5;
+        weight = 5.0;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit spam";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_REDIR" {
-        weight = 1.5;
+        weight = 5.0;
         description = "A domain in the message is listed in Spamhaus DBL as spammed redirector domain";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_PHISH" {
-        weight = 7.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit phish";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_MALWARE" {
-        weight = 7.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit malware";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "DBL_ABUSE_BOTNET" {
-        weight = 5.5;
+        weight = 6.5;
         description = "A domain in the message is listed in Spamhaus DBL as abused legit botnet C&C";
         one_shot = true;
         groups = ["spamhaus"];
@@ -230,14 +230,14 @@ symbols = {
     }
     "URIBL_SBL_CSS" {
         ignore = true;
-        weight = 6.5;
+        weight = 5.0;
         description = "A domain in the message body resolves to an IP listed in Spamhaus CSS";
         one_shot = true;
         groups = ["spamhaus"];
     }
     "URIBL_XBL" {
         ignore = true;
-        weight = 1.5;
+        weight = 3.0;
         description = "A domain in the message body resolves to an IP listed in Spamhaus XBL";
         one_shot = true;
         groups = ["spamhaus"];

selinux/targeted/.policy.sha512

@@ -1 +1 @@
-eb52538d47da4b07c0733e93ff344e205e23bb41782be1bde94efec39d91143e7468927c7cbaaa70046bcab4eb2313932c7b65067c2682d9156c789a46b2e39e
+9371168ea4ca64ad6610f35f6ad045755662c50b03f2a034c0705449e59bdd39ba6b52bd0cb7ebf705b7ea311ba43d91f55544775215fa5ef1d1b04d9e21fff2

ssh/sshrc

@@ -19,12 +19,9 @@ pagerduty() {
 	/usr/bin/curl -s -X POST -H "content-type: application/json" -d '{"routing_key":"1969ec3d30b74608d0135d6321275bb7","event_action":"trigger","payload":{"summary":"User '"$USER"' has logged in via SSH!!","source":"/etc/ssh/sshrc","severity":"critical","component":"exploratory-stats","group":"prod-datapipe","class":"deploy"}}' "$PAGERDUTY_URL" >/dev/null 2>&1
 }
 
-#if [[ "$USER" == "laser" || "$USER" == "madalin" || "$USER" == "smiti" ]]
 if [[ "$USER" == "laser" ]]
 then
 	pagerduty
-	log_ssh_login
 else
 	log_ssh_login
-	exit 0
 fi

tor/torrc

@@ -10,7 +10,7 @@
 ## for more options you can use in this file.
 ##
 ## Tor will look for this file in various places based on your platform:
-## https://www.torproject.org/docs/faq#torrc
+## https://support.torproject.org/tbb/tbb-editing-torrc/
 
 ControlSocket /run/tor/control
 ControlSocketsGroupWritable 1
@@ -84,7 +84,7 @@ CookieAuthFileGroupReadable 1
 
 ################ This section is just for relays #####################
 #
-## See https://www.torproject.org/docs/tor-doc-relay for details.
+## See https://community.torproject.org/relay for details.
 
 ## Required: what port to advertise for incoming Tor connections.
 #ORPort 9001
@@ -172,7 +172,7 @@ CookieAuthFileGroupReadable 1
 ## key fingerprint of each Tor relay you control, even if they're on
 ## different networks. You declare it here so Tor clients can avoid
 ## using more than one of your relays in a single circuit. See
-## https://www.torproject.org/docs/faq#MultipleRelays
+## https://support.torproject.org/relay-operators/multiple-relays/
 ## However, you should never include a bridge's fingerprint here, as it would
 ## break its concealability and potentially reveal its IP/TCP address.
 ##
@@ -210,9 +210,9 @@ CookieAuthFileGroupReadable 1
 ## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
 ## the default exit policy. Leave commented to just use the default, which is
 ## described in the man page or at
-## https://www.torproject.org/documentation.html
+## https://support.torproject.org/relay-operators
 ##
-## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## Look at https://support.torproject.org/abuse/exit-relay-expectations/
 ## for issues you might encounter if you use the default exit policy.
 ##
 ## If certain IPs and ports are blocked externally, e.g. by your firewall,
@@ -248,11 +248,11 @@ CookieAuthFileGroupReadable 1
 #BridgeDistribution none
 
 ## Configuration options can be imported from files or folders using the %include
-## option with the value being a path. This path can have wildcards. Wildcards are 
+## option with the value being a path. This path can have wildcards. Wildcards are
-## expanded first, using lexical order. Then, for each matching file or folder, the following 
+## expanded first, using lexical order. Then, for each matching file or folder, the following
-## rules are followed: if the path is a file, the options from the file will be parsed as if 
+## rules are followed: if the path is a file, the options from the file will be parsed as if
-## they were written where the %include option is. If the path is a folder, all files on that 
+## they were written where the %include option is. If the path is a folder, all files on that
-## folder will be parsed following lexical order. Files starting with a dot are ignored. Files 
+## folder will be parsed following lexical order. Files starting with a dot are ignored. Files
 ## on subfolders are ignored.
 ## The %include option can be used recursively.
 #%include /etc/torrc.d/*.conf