Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Suse Seccheck

News

Softpanorama Laws of Computer Security

Recommended Books

Recommended Links

Security issues

Potemkin Villages of Computer Security

Man Pages

Reference

Seccheck Protective partitioning Vulnerabilities In Linux Environment Linux PAM Suse Hardening Warning banners    

Red Hat Security

SUSE Security

NFS Security Solaris Hardening Sysadmin Horror Stories

 History

Humor Etc

Seccheck is a very simple (actually weak in comparison with JASS and Titan) security checker for Suse and Red Hat.  It consists three monolithic bash scripts

/usr/lib/secchk/security-daily.sh 
/usr/lib/secchk/security-monthly.sh 
/usr/lib/secchk/security-weekly.sh

and one driver script that invokes them and is responsible for emailing reports: 

/usr/lib/secchk/security-control.sh

Seccheck is installed, it automatically adds a crontab, /etc/cron.d/seccheck, to run daily, weekly and monthly security checks.

# rpm -ql seccheck
/etc/cron.d/seccheck
/usr/lib/secchk
/usr/lib/secchk/checkneverlogin
/usr/lib/secchk/security-control.sh
/usr/lib/secchk/security-daily.sh
/usr/lib/secchk/security-monthly.sh
/usr/lib/secchk/security-weekly.sh
/usr/share/doc/packages/seccheck
/usr/share/doc/packages/seccheck/CHANGES
/usr/share/doc/packages/seccheck/LICENCE
/usr/share/doc/packages/seccheck/README
/usr/share/doc/packages/seccheck/TODO
/var/adm/fillup-templates/sysconfig.seccheck
/var/lib/secchk
/var/lib/secchk/data

The Seccheck daily, run at midnight, checks for user security vulnerabilities, system abnormalities, modules changes and port changes. It also checks for changes in user and group information and for common weaknesses that may indicate an intrusion. The changes from the last daily Seccheck run are then mailed to root.

Here is the content of  cron jobs that are created during installation of the package

RUN_FROM_CRON=yes
#
# SuSE Security Checks
#
0 0 * * *       root  test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh daily &
0 1 * * 1       root  test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh weekly &
0 4 1 * *       root  test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh monthly &

Library  /usr/lib/secchk contains the following entries

-rwxr----- 1 root root   865 Jun 16  2006 checkneverlogin
-rwxr----- 1 root root  3415 Jun 16  2006 security-control.sh
-rwxr----- 1 root root 16459 Jun 16  2006 security-daily.sh
-rwxr----- 1 root root  1815 Jun 16  2006 security-monthly.sh
-rwxr----- 1 root root  4988 Jun 16  2006 security-weekly.sh
Scripts can be run individually from this directory.

Daily report is not that helpful:

/usr/lib/secchk # ./security-daily.sh

Checking the /etc/group file:
Group bin(1) has got the following members: daemon

The following loadable kernel modules are currently installed:
af_packet
ata_generic
ata_piix
bnx2
bridge
button
cdrom
crc_t10dif
dcdbas
dm_mod
e1000e
edac_core
edd
ehci_hcd
enclosure
ext3
fan
fat
fuse
hid
hwmon
i5000_edac
i5k_amb
ide_cd_mod
ide_core
ipv6_lib
iTCO_vendor_support
iTCO_wdt
jbd
joydev
libata
llc
loop
lp
mbcache
megaraid_sas
microcode
mperf
nls_utf8
parport
parport_pc
pciehp
pci_hotplug
pcspkr
ppdev
processor
rtc_cmos
scsi_dh
scsi_dh_alua
scsi_dh_emc
scsi_dh_hp_sw
scsi_dh_rdac
scsi_mod
sd_mod
serio_raw
ses
sg
shpchp
sr_mod
st
stp
thermal_sys
uhci_hcd
usb_common
usbcore
usbhid
usb_storage
vfat

The following programs have got bound sockets:
apxgw         root   0t0  TCP *:5135 (LISTEN)
coda          root   0t0  TCP 127.0.0.1:37649 (LISTEN)
gdm           root   0t0  UDP *:177
httpd2-pr     root   0t0  TCP *:80 (LISTEN)
httpd2-pr   wwwrun   0t0  TCP *:80 (LISTEN)
master        root   0t0  TCP *:25 (LISTEN)
ntpd           ntp   0t0  UDP 10.201.101.53:123
ntpd           ntp   0t0  UDP 10.201.54.53:123
ntpd           ntp   0t0  UDP *:123
ntpd           ntp   0t0  UDP 127.0.0.1:123
ntpd           ntp   0t0  UDP 127.0.0.2:123
opcacta       root   0t0  TCP 127.0.0.1:33429 (LISTEN)
opcmsga       root   0t0  TCP 127.0.0.1:42010 (LISTEN)
opcmsga       root   0t0  UDP *:35456
ovbbccb       root   0t0  TCP *:383 (LISTEN)
ovcd          root   0t0  TCP 127.0.0.1:59688 (LISTEN)
ovcd          root   0t0  TCP 127.0.0.1:59994 (LISTEN)
ovconfd       root   0t0  TCP 127.0.0.1:37722 (LISTEN)
ovtrcd        root   0t0  TCP *:5053 (LISTEN)
rpcbind       root   0t0  TCP *:111 (LISTEN)
rpcbind       root   0t0  UDP *:111
rpcbind       root   0t0  UDP *:668
sshd          root   0t0  TCP *:22 (LISTEN)
xinetd        root   0t0  TCP *:21 (LISTEN)
xinetd        root   0t0  TCP *:23 (LISTEN)
xinetd        root   0t0  TCP *:5555 (LISTEN)
xinetd        root   0t0  TCP *:5801 (LISTEN)
xinetd        root   0t0  TCP *:5901 (LISTEN)
xinetd        root   0t0  UDP *:69
X             root   0t0  TCP *:6000 (LISTEN)
Weekly report is more helpful
/usr/lib/secchk # ./security-weekly.sh

Password security checking not possible, package john not installed.

Please check and perhaps disable the following unused accounts:
Warning: user mcevoyg has got a password and a valid shell but never logged in.
Warning: user burragjl has got a password and a valid shell but never logged in.

The following files are suid/sgid:
+ -rwsr-xr-x 1 root       audio        23880 2012-03-06 20:48 /bin/eject
+ -rwsr-xr-x 1 root       root         94776 2012-03-06 20:15 /bin/mount
+ -rwsr-xr-x 1 root       root         40048 2012-03-06 20:08 /bin/ping
+ -rwsr-xr-x 1 root       root         35792 2012-03-06 20:08 /bin/ping6
+ -rwsr-xr-x 1 root       root         40016 2012-04-09 17:22 /bin/su
+ -rwsr-xr-x 1 root       root         69208 2012-03-06 20:15 /bin/umount
+ -rwsr-x--- 1 root       messagebus   47880 2012-03-06 20:15 /lib64/dbus-1/dbus-daemon-launch-helper
+ -r-sr-sr-x 1 root       root        585384 2011-06-09 09:25 /opt/omni/lbin/cat_d
+ -r-s------ 1 root       root        503552 2011-06-09 09:25 /opt/omni/lbin/inet
+ -rwsr-xr-x 1 root       root        111272 2012-03-06 20:48 /sbin/mount.nfs
+ -rwsr-xr-x 1 root       shadow       10736 2012-03-06 20:13 /sbin/unix2_chkpwd
+ -rwsr-xr-x 1 root       shadow       35688 2012-03-06 19:59 /sbin/unix_chkpwd
+ -rwsr-xr-x 1 root       trusted      52360 2012-03-06 20:48 /usr/bin/at
+ -rwsr-xr-x 1 root       shadow       86200 2012-03-06 20:13 /usr/bin/chage
+ -rwsr-xr-x 1 root       shadow       82472 2012-03-06 20:13 /usr/bin/chfn
+ -rwsr-xr-x 1 root       shadow       77848 2012-03-06 20:13 /usr/bin/chsh
+ -rwsr-xr-x 1 root       trusted      40432 2012-03-06 20:48 /usr/bin/crontab
+ -rwsr-xr-x 1 root       shadow       19320 2012-03-06 20:13 /usr/bin/expiry
+ -rwsr-xr-x 1 root       trusted      31552 2012-03-06 20:48 /usr/bin/fusermount
+ -rwsr-x--- 1 root       lp           10624 2012-03-06 20:23 /usr/bin/get_printing_ticket
+ -rwsr-xr-x 1 root       shadow       85952 2012-03-06 20:13 /usr/bin/gpasswd
+ -rwxr-sr-x 1 lp         lp           14904 2012-03-06 20:13 /usr/bin/lppasswd
+ -rwsr-xr-x 1 root       root         19416 2012-03-06 20:13 /usr/bin/newgrp
+ -rwsr-xr-x 1 root       root         44304 2012-03-06 20:22 /usr/bin/opiepasswd
+ -rwsr-xr-x 1 root       root         44752 2012-03-06 20:22 /usr/bin/opiesu
+ -rwsr-xr-x 1 root       shadow       81856 2012-03-06 20:13 /usr/bin/passwd
+ -rwsr-xr-x 1 root       root         23408 2012-03-06 20:23 /usr/bin/rcp
+ -rwsr-xr-x 1 root       root         19248 2012-03-06 20:23 /usr/bin/rlogin
+ -rwsr-xr-x 1 root       root         15088 2012-03-06 20:23 /usr/bin/rsh
+ -rwsr-xr-x 1 root       root        225800 2012-03-06 20:10 /usr/bin/sudo
+ -rwxr-sr-x 1 root       shadow       15128 2011-04-06 03:20 /usr/bin/vlock
+ -rwxr-sr-x 1 root       tty          15000 2012-03-06 20:48 /usr/bin/wall
+ -rwxr-sr-x 1 root       tty          14896 2012-03-06 20:48 /usr/bin/write
+ -rws--x--x 1 root       root       1910344 2012-03-06 20:48 /usr/bin/Xorg
+ -rwsr-xr-x 1 root       root         26897 2012-03-06 19:57 /usr/lib64/pt_chown
+ -rwsr-xr-x 1 root       root         19192 2012-03-06 20:31 /usr/lib/libgnomesu/gnomesu-pam-backend
+ -rwxr-sr-x 1 root       polkituser   19008 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-explicit-grant-helper
+ -rwxr-sr-x 1 root       polkituser   19208 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-grant-helper
+ -rwsr-x--- 1 root       polkituser   10744 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-grant-helper-pam
+ -rwxr-sr-x 1 root       polkituser   14856 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-read-auth-helper
+ -rwxr-sr-x 1 root       polkituser   23160 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-revoke-helper
+ -rwsr-xr-x 1 polkituser root         23176 2012-03-06 20:16 /usr/lib/PolicyKit/polkit-set-default-helper
+ -rwxr-sr-x 1 root       tty          15096 2012-03-06 20:21 /usr/lib/vte/gnome-pty-helper
+ -rwxr-sr-x 1 root       maildrop     15136 2012-03-06 20:23 /usr/sbin/postdrop
+ -rwxr-sr-x 1 root       maildrop     19176 2012-03-06 20:23 /usr/sbin/postqueue
+ -rwxr-sr-x 1 root       tty          10680 2012-03-06 20:02 /usr/sbin/utempter
+ -rwsr-xr-x 1 root       root         10632 2012-04-09 16:43 /usr/sbin/zypp-refresh-wrapper

The following program executables are group/world writeable:
+ -rwxrwxr-x 1 lotusmes bezroun  1240 2011-05-02 18:29 /home/lotusmes/close_mes.sh
+ -rwxrwxr-x 1 lotusmes bezroun    81 2011-05-02 18:29 /home/lotusmes/etalon.forward
+ -rwxrwxr-x 1 lotusmes bezroun  1328 2011-05-02 18:29 /home/lotusmes/etalon.pipe
+ -rwxrwxr-x 1 lotusmes bezroun 88583 2011-05-02 18:29 /home/lotusmes/lotusmes
+ -rwxrwxr-x 1 lotusmes bezroun   123 2011-05-02 18:29 /home/lotusmes/lotusmes.log
+ -rwxrwxr-x 1 lotusmes bezroun   147 2011-05-02 18:29 /home/lotusmes/mailtest.sh
+ -rwxrwxr-x 1 lotusmes bezroun   612 2011-05-02 18:29 /home/lotusmes/pmake
+ -rwxrwxr-x 1 lotusmes bezroun   112 2011-05-02 18:29 /home/lotusmes/run.sh
+ -rwxrwxr-x 1 lotusmes bezroun   142 2011-05-02 18:29 /home/lotusmes/test2
+ -rwxrwxr-x 1 lotusmes bezroun    76 2011-05-02 18:29 /home/lotusmes/testbacbridge.sh
+ -rwxrwxr-x 1 lotusmes bezroun  3113 2011-05-02 18:29 /home/lotusmes/testmes
+ -rwxrwxr-x 1 lotusmes bezroun  3113 2011-05-02 18:29 /home/lotusmes/testmes.bac
+ -rwxrwxr-x 1 lotusmes bezroun   119 2011-05-02 18:29 /home/lotusmes/test_of_close.sh
+ -rwxrwxr-x 1 lotusmes bezroun   142 2011-05-02 18:29 /home/lotusmes/test_of_post2171.sh
+ -rwxrwxr-x 1 lotusmes bezroun   141 2011-05-02 18:29 /home/lotusmes/test_of_post.sh
+ -rwxrwxr-x 1 lotusmes bezroun   160 2011-05-02 18:29 /home/lotusmes/test_of_postz.sh
+ -rwxrwxr-- 1 root     root     1836 2012-09-04 13:00 /tmp/deact_users.sh
+ -rwxrwxr-- 1 root     root     1727 2012-09-04 13:00 /tmp/delete_users.sh
+ -rwxrwxr-- 1 root     root       28 2012-09-04 13:00 /tmp/run_usermaint.sh
+ -rwxrwxr-- 1 root     root      544 2011-11-30 10:53 /tmp/tivoli_cleanup_lnx
+ -rwxrwxr-- 1 root     root     5978 2012-05-29 13:12 /usr/BASFBIN/addusers/add_users
+ -rwxrwxr-- 1 root     root       40 2012-05-29 13:12 /usr/BASFBIN/addusers/run_add_users
+ -rwxrwxr-- 1 root     root     4525 2012-05-21 09:55 /usr/BASFBIN/fs_warn.sh

The following files/directories are world writeable and not sticky:
+ /opt/apxpccu
+ /opt/apxpccu/bin
+ /opt/apxpccu/log
+ /opt/apxpccu/log/pccUcmdlog.txt
+ /opt/apxpccu/var
+ /opt/apxpccu/var/apxlog
+ /opt/apxpccu/var/APXRD.FLAG
+ /opt/apxpccu/var/APXWR.FLAG
+ /opt/apxpccu/var/OUTPUT
+ /opt/omni/newconfig/var/opt/omni/enhincrdb
+ /opt/omni/newconfig/var/opt/omni/log
+ /opt/omni/newconfig/var/opt/omni/tmp
+ /var/opt/omni/enhincrdb
+ /var/opt/omni/log
+ /var/opt/omni/log/debug.log
+ /var/opt/omni/log/inet.log
+ /var/opt/omni/server/log
+ /var/opt/omni/tmp
+ /var/opt/omni/tmp/usr_omni
+ /var/opt/omni/tmp/usr_omni/log
+ /var/opt/omni/tmp/usr_omni/log/debug.log
+ /var/opt/omni/tmp/usr_omni/log/inet.log
+ /var/opt/omni/tmp/usr_omni/tmp
+ /var/opt/omni/windu
+ /var/opt/OV/tmp/public/OpC/monagtq
+ /var/opt/OV/tmp/public/OpC/msgiq

Checks performed

Check Explanation
/etc/passwd check Length/number/contents of fields, accounts with same uid accounts with uid/gid of 0 or 1 beside root and bin
/etc/shadow check Length/number/contents of fields, accounts with no password
/etc/group check Length/number/contents of fields
User root checks Secure umask and PATH
/etc/ftpusers Checks if important system users are put there
/etc/aliases Checks for mail aliases which execute programs
.rhosts check Checks if users' .rhosts file contain + signs
Home directory Checks if home directories are writable or owned by someone else
dot-files check Checks many dot-files in the home directories if they are writable or owned by someone else
Mailbox check Checks if user mailboxes are owned by user and unreadable
NFS export check Exports should not be exported globally
NFS import check NFS mounts should have the "nosuid" option set
Promisc check Checks if network cards are in promiscuous mode
list modules Lists loaded modules
list sockets Lists open ports

The weekly security check is a more exhaustive user and file system check, checks that are important but too intensive to run daily. The weekly scripts are run every Monday at 1:00am. They include checks for weak passwords, changes in the system files, files and executables that are group or world writable and all system devices. Again, only the differences from the previous weekly security scan are mailed to root. See Table 3 for a list of checks in the weekly scan.

Check Explanation
Password check Runs john to crack the password file, user will get an email notice to change his password
rpm md5 check Checks for changed files via rpm's md5 checksum feature
suid/sgid check Lists all suid and sgid files
exec group write Lists all executables which are group/world writable
Writable check Lists all files which are world writable (incl. Above)
Device check Lists all devices

The monthly security check is run on the first day of every month at 4:00am, and it sends a complete set of information in both daily and weekly checks to root. One pitfall of using Seccheck is that one has to pay attention to when changes are reported. Since only changes to the system from the last Seccheck analysis are e-mailed, anomalies appear only once. If you miss a change, you may not catch suspicious activity for a week or even a month.

Seccheck is a good set of security auditing tools that monitor many of the user-related vulnerabilities. It is surprising that is it not enabled by default.

Even though Seccheck has a filesystem integrity check, it is always better to install a separate system integrity checker with control of the file signature database.


Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September 12, 2017