From cdda4dbfdf738e35688691165e9d9da07c877574 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Tue, 8 Aug 2017 11:29:25 -0600 Subject: [PATCH 1/5] Fix typo in debian 8 dockerfile --- pkg/debian8/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index fa88227ee..0e2ef9e84 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -124,7 +124,7 @@ CMD [ "pyinstaller --onedir --noconfirm --log-level ${_BINARY_LOG_LEVEL} --addit && tar -xzvf /data/hubblestack-${HUBBLE_VERSION}.tar.gz -C /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION} \ && mkdir -p /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/init.d \ && cp /hubble_build/pkg/hubble /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/init.d/ \ - && mkdir -p /hubble_build/debbuild/hubblestack-${HUBBLE_VERSIOHUBBLE_VERSION}/usr/lib/systemd/system \ + && mkdir -p /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/usr/lib/systemd/system \ && cp /hubble_build/pkg/hubble.service /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/usr/lib/systemd/system/ \ && cp -f /hubble_build/conf/hubble /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/hubble/ \ #during container run, if a configuration file exists in a /data copy it over the existing one so it would be From 41dd1cf913d0cb11ebe7890b3ce11b5a7236b4a2 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Tue, 8 Aug 2017 11:48:39 -0600 Subject: [PATCH 2/5] Fix grep module match_output_regex Default to re.search with multiline Set `match_output_multiline: False` and add ^ to front of regex to get old behavior --- hubblestack/files/hubblestack_nova/grep.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hubblestack/files/hubblestack_nova/grep.py b/hubblestack/files/hubblestack_nova/grep.py index f757cf67e..eda782fa3 100644 --- a/hubblestack/files/hubblestack_nova/grep.py +++ b/hubblestack/files/hubblestack_nova/grep.py @@ -122,8 +122,12 @@ def audit(data_list, tags, debug=False, **kwargs): if tag_data['match_output'] not in grep_ret: found = False else: # match with regex - if not re.match(tag_data['match_output'], grep_ret): - found = False + if tag_data.get('match_output_multiline', True): + if not re.search(tag_data['match_output'], grep_ret, re.MULTILINE): + found = False + else: + if not re.search(tag_data['match_output'], grep_ret): + found = False if not os.path.exists(name) and 'match_on_file_missing' in tag_data: if tag_data['match_on_file_missing']: From eb8edc8f52c362b750278f65b1dc0cc6ebbe6a05 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Tue, 8 Aug 2017 11:50:14 -0600 Subject: [PATCH 3/5] Add match_output_multiline to grep docs --- hubblestack/files/hubblestack_nova/grep.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hubblestack/files/hubblestack_nova/grep.py b/hubblestack/files/hubblestack_nova/grep.py index eda782fa3..63d3e035c 100644 --- a/hubblestack/files/hubblestack_nova/grep.py +++ b/hubblestack/files/hubblestack_nova/grep.py @@ -28,6 +28,7 @@ pattern: '/tmp' # grep pattern match_output: 'nodev' # string to check for in output of grep command (optional) match_output_regex: True # whether to use regex when matching output (default: False) + match_output_multiline: False # whether to use multiline flag for regex matching (default: True) grep_args: # extra args to grep - '-E' - '-i' From 404d40626fb85c06dd1590bd770ce89ed111c5e4 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Tue, 8 Aug 2017 14:53:49 -0600 Subject: [PATCH 4/5] Fix old cffi version in debian8 --- pkg/debian8/pyinstaller-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/debian8/pyinstaller-requirements.txt b/pkg/debian8/pyinstaller-requirements.txt index 3010621f1..8a51dfda2 100644 --- a/pkg/debian8/pyinstaller-requirements.txt +++ b/pkg/debian8/pyinstaller-requirements.txt @@ -12,5 +12,5 @@ pygit2 salt-ssh gitpython pyinotify -cffi +cffi>=1.10.0 azure From 0ef0409c08ac3bc9fae15ab28b377d3eadc58241 Mon Sep 17 00:00:00 2001 From: Andres Martinson Date: Tue, 8 Aug 2017 16:29:24 -0600 Subject: [PATCH 5/5] augeas lenses default now in /opt/osquery/lenses, also systemd service file removed for centos6 --- pkg/amazonlinux2016.09/Dockerfile | 6 +++++- pkg/amazonlinux2017.03/Dockerfile | 6 +++++- pkg/centos6/Dockerfile | 6 +++--- pkg/centos7/Dockerfile | 6 +++++- pkg/coreos/Dockerfile | 6 +++++- pkg/debian8/Dockerfile | 6 +++++- pkg/debian9/Dockerfile | 6 +++++- 7 files changed, 33 insertions(+), 9 deletions(-) diff --git a/pkg/amazonlinux2016.09/Dockerfile b/pkg/amazonlinux2016.09/Dockerfile index 4e2ba2a30..ae4b6ad14 100644 --- a/pkg/amazonlinux2016.09/Dockerfile +++ b/pkg/amazonlinux2016.09/Dockerfile @@ -37,6 +37,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -44,6 +46,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -63,7 +66,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ diff --git a/pkg/amazonlinux2017.03/Dockerfile b/pkg/amazonlinux2017.03/Dockerfile index ddff94759..67b9df278 100644 --- a/pkg/amazonlinux2017.03/Dockerfile +++ b/pkg/amazonlinux2017.03/Dockerfile @@ -37,6 +37,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -44,6 +46,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -63,7 +66,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ diff --git a/pkg/centos6/Dockerfile b/pkg/centos6/Dockerfile index 96cea6b1f..fb375ee1f 100644 --- a/pkg/centos6/Dockerfile +++ b/pkg/centos6/Dockerfile @@ -37,6 +37,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -44,6 +46,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -65,7 +68,6 @@ ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp RUN mkdir -p "$LIBGIT2TEMP" \ && cd "$LIBGIT2TEMP" \ - && echo "$LIBGIT2_SRC_URL" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ @@ -124,8 +126,6 @@ CMD [ "scl enable python27 'pyinstaller --onedir --noconfirm --log-level ${_BINA && tar -xzvf /data/hubblestack-${HUBBLE_VERSION}.tar.gz -C /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION} \ && mkdir -p /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/init.d \ && cp /hubble_build/pkg/hubble /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/init.d/ \ - && mkdir -p /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/usr/lib/systemd/system \ - && cp /hubble_build/pkg/hubble.service /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/usr/lib/systemd/system/ \ && cp -f /hubble_build/conf/hubble /hubble_build/debbuild/hubblestack-${HUBBLE_VERSION}/etc/hubble/ \ #during container run, if a configuration file exists in a /data copy it over the existing one so it would be #possile to optionally include a custom one with the package diff --git a/pkg/centos7/Dockerfile b/pkg/centos7/Dockerfile index 2aec9ada4..45e7d60be 100644 --- a/pkg/centos7/Dockerfile +++ b/pkg/centos7/Dockerfile @@ -37,6 +37,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep +&& sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -44,6 +46,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -63,7 +66,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ diff --git a/pkg/coreos/Dockerfile b/pkg/coreos/Dockerfile index 1cedbafbb..582614730 100644 --- a/pkg/coreos/Dockerfile +++ b/pkg/coreos/Dockerfile @@ -38,6 +38,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -45,6 +47,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -64,7 +67,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ diff --git a/pkg/debian8/Dockerfile b/pkg/debian8/Dockerfile index 0e2ef9e84..17e79cf67 100644 --- a/pkg/debian8/Dockerfile +++ b/pkg/debian8/Dockerfile @@ -41,6 +41,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -48,6 +50,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -67,7 +70,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \ diff --git a/pkg/debian9/Dockerfile b/pkg/debian9/Dockerfile index 3403e3042..694d66b62 100644 --- a/pkg/debian9/Dockerfile +++ b/pkg/debian9/Dockerfile @@ -38,6 +38,8 @@ RUN cd /home/"$OSQUERY_BUILD_USER" \ && sed -i 's,^\(HOMEBREW_BREW=\).*,\1'ac2cbd2137006ebfe84d8584ccdcb5d78c1130d9',' tools/provision.sh \ && sed -i 's,^\(LINUXBREW_BREW=\).*,\1'20bcce2c176469cec271b46d523eef1510217436',' tools/provision.sh \ && make sysprep \ +#have the default augeas lenses directory point to /opt/osquery/lenses, must be done after sysprep + && sed -i '/augeas_lenses,/,/\"Directory\ that\ contains\ augeas\ lenses\ files\"\\)\;/ s/\/usr\/share\/osquery\/lenses/\/opt\/osquery\/lenses/' osquery/tables/system/posix/augeas.cpp \ && make deps \ && make \ && make strip @@ -45,6 +47,7 @@ USER root RUN cp -pr /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryi /home/"$OSQUERY_BUILD_USER"/osquery/build/linux/osquery/osqueryd /opt/osquery \ && chown -R root. /opt/osquery \ && chmod -R 500 /opt/osquery/* \ +#put augeas lenses into the default directory that we changed earlier && mkdir -p /opt/osquery/lenses \ && cp -r /usr/local/osquery/share/augeas/lenses/dist/* /opt/osquery/lenses \ && chmod -R 400 /opt/osquery/lenses/* @@ -64,7 +67,8 @@ ENV LIBGIT2_SRC_URL=https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz ENV LIBGIT2_SRC_SHA256=4ac70a2bbdf7a304ad2a9fb2c53ad3c8694be0dbec4f1fce0f3cd0cda14fb3b9 ENV LIBGIT2_SRC_VERSION=0.26.0 ENV LIBGIT2TEMP=/tmp/libgit2temp -RUN mkdir -p "$LIBGIT2TEMP" && cd "$LIBGIT2TEMP" \ +RUN mkdir -p "$LIBGIT2TEMP" \ + && cd "$LIBGIT2TEMP" \ && wget -q "$LIBGIT2_SRC_URL" -O libgit2.tar.gz \ && echo "$LIBGIT2_SRC_SHA256 libgit2.tar.gz" | sha256sum -c - \ && tar xzf libgit2.tar.gz \