#!/usr/bin/env bash
# This script was auto generated using the code-cleanup package http://forumubuntusoftware.info/viewtopic.php?f=23&t=9480
# ==============================================================================
# title			:uno
# description	:Ultimate Network Optimizer
# author		:theemahn <theemahn@ultimateedition.info>
# date			:7/21/2019
# version		:1.0.0
# usage			:uno --help
# manual		:man uno
# notes			:See change-log below for further information.
# ==============================================================================
# Change-log:

# 1.0	initial public release
# 1.0.1	internal tweaking
# 1.0.2 integration into Operating Systems.
# 1.0.3 Internal Tweaking. Will I release it?  We now have a very powerful tool.
#		Added ULtimate Edition Tweaker (ue-tweaker).
#		Added support for 10 Gigabit Networking
#		Added support for 20 Gigabit Networking
# 1.0.4	Integrated into Ultimate Edition Ultimate Optimizer
#		Massive code re-write.
# =============== End Change-log ===================== #
# set -x <<- Enable for Debugging purposes

# Modify the below information to correlate with the software you are designing.
PROGNAME="uno"
PROGRAMMER="theemahn"
BUILDDATE="06/15/2025"
VERSION="2.1.4"
WEBSITE="os-builder.com"
AUTHOR="TheeMahn"
EMAIL="<$AUTHOR@$WEBSITE>"
APPNAME="Ultimate Network Optimizer"

DEBCONF_FRONTEND=noninteractive;

if [[ -f "ultimate-common" ]]; then
	source ultimate-common
elif [[ -f "/usr/share/ultimate_edition/ultimate-common" ]]; then
	source /usr/share/ultimate_edition/ultimate-common
else
	echo "No Ultimate Edition common source. Please install ultimate-edition-common."
	exit 1;
fi

# Begin programming here.
Analyze () {
	Center "Security"
	declare -a SERVICES=();
	declare -a RESULTS=();
	declare -a ACCESSMENT=();
	shopt -s nullglob
	OIFS=$IFS
	IFS=$'\n'
	SERVICES=$(systemd-analyze security | awk '(NR>1)' | cut -d "." -f1)
	RESULTS=$(systemd-analyze security | awk '(NR>1)' | awk -F ' ' '{print $2}')
	ACCESSMENT=$(systemd-analyze security | awk '(NR>1)' | awk -F ' ' '{print $3}')
	RESULTS=($RESULTS)
	SERVICES=($SERVICES)
	ACCESSMENT=($ACCESSMENT)
	NOSERVICES="${#SERVICES[@]}"
	IFS=$OIFS
	declare -i INDEX
	INDEX=0
	GREPIT=$(echo "$*" | grep -i "list")
	if [[ "${GREPIT}" ]]; then
		for EACH in "${SERVICES[@]}"
		do
			INDEX=$((INDEX +1))
			Encapsulate "Service #${INDEX} of ${NOSERVICES}: ${EACH} Security level: ${RESULTS[${INDEX}]} Accessment: ${ACCESSMENT[$INDEX]}"
			Timer "Stop" "Security"
			exit 0;
		done
	fi
	for EACH in "${SERVICES[@]}"
	do
		INDEX=$((INDEX +1))
		Center "Service #${INDEX} of ${NOSERVICES}: ${EACH} Security level: ${RESULTS[${INDEX}]} Accessment: ${ACCESSMENT[$INDEX]}"
		systemd-analyze security "${EACH}"
	done
	Timer "Stop" "Security"
	exit 0;
}

Security () {
	Timer "Start" "Security"
	GREPIT=$(echo "$*" | grep -i "analyze")
	if [[ "${GREPIT}" ]]; then
		Analyze "$@"
	fi
	CheckRoot
	Encapsulate "Updating Sources List."
	FullBar
	if ! [[ "${ISARCH}" ]]; then
		Encapsulate "Upgrading apt database."
		sudo apt-get update 2>/dev/null
		FullBar
	else
		Encapsulate "Upgrading Packages."
		sudo pacman -Syuu --noconfirm
	fi

	# upgrade packages
	if ! [[ "${ISARCH}" ]]; then
		Encapsulate "Upgrading Packages."
		sudo apt upgrade -y 2>/dev/null
	else
		sudo pacman -Syuu --no-confirm 2>/dev/null
	fi

	# Apt full upgrade
	if ! [[ "${ISARCH}" ]]; then
		sudo apt full-upgrade -y 2>/dev/null
	fi
	Encapsulate "Setting up IP TABLES."
	# iptables
	if ! [[ "${ISARCH}" ]]; then
		sudo apt install iptables-persistent -y
	else
		sudo pacman -S --noconfirm iptables
	fi
	# Flush existing rules
	iptables -F

	# Defaults
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT

	# Accept loopback input
	iptables -A INPUT -i lo -p all -j ACCEPT

	# Allow three-way Handshake
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Stop Masked Attacks
	iptables -A INPUT -p icmp --icmp-type 13 -j DROP
	iptables -A INPUT -p icmp --icmp-type 17 -j DROP
	iptables -A INPUT -p icmp --icmp-type 14 -j DROP
	iptables -A INPUT -p icmp -m limit --limit 1/second -j ACCEPT

	# Discard invalid Packets
	iptables -A INPUT -m state --state INVALID -j DROP
	iptables -A FORWARD -m state --state INVALID -j DROP
	iptables -A OUTPUT -m state --state INVALID -j DROP

	# Drop Spoofing attacks
	iptables -A INPUT -s 10.0.0.0/8 -j DROP
	iptables -A INPUT -s 169.254.0.0/16 -j DROP
	iptables -A INPUT -s 172.16.0.0/12 -j DROP
	iptables -A INPUT -s 127.0.0.0/8 -j DROP
	iptables -A INPUT -s 192.168.0.0/24 -j DROP
	iptables -A INPUT -s 224.0.0.0/4 -j DROP
	iptables -A INPUT -d 224.0.0.0/4 -j DROP
	iptables -A INPUT -s 240.0.0.0/5 -j DROP
	iptables -A INPUT -d 240.0.0.0/5 -j DROP
	iptables -A INPUT -s 0.0.0.0/8 -j DROP
	iptables -A INPUT -d 0.0.0.0/8 -j DROP
	iptables -A INPUT -d 239.255.255.0/24 -j DROP
	iptables -A INPUT -d 255.255.255.255 -j DROP

	# Drop packets with excessive RST to avoid Masked attacks
	iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT

	# Block ips doing portscan for 24 hours
	iptables -A INPUT   -m recent --name portscan --rcheck --seconds 86400 -j DROP
	iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP

	# After 24 hours remove IP from block list
	iptables -A INPUT   -m recent --name portscan --remove
	iptables -A FORWARD -m recent --name portscan --remove

	# Allow ssh
	iptables -A INPUT -p tcp -m tcp --dport 141 -j ACCEPT

	# Allow Ping
	iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT

	# Allow one ssh connection at a time
	iptables -A INPUT -p tcp --syn --dport 141 -m connlimit --connlimit-above 2 -j REJECT

	# Allow Ultimate Media network access.
	iptables -A TCP -m tcp --dport 8200 -m comment --comment ultimate-media -j ACCEPT
	iptables -A UDP -d 239.255.255.250/32 -m udp --dport 1900 -m comment --comment "upnp dlna" -j ACCEPT
	iptables -A IGMP -d 224.0.0.1/32 -m comment --comment "igmp membership queries, upnp/dlna" -j ACCEPT
	iptables -A IGMP -d 239.0.0.0/8 -m comment --comment "igmp multicast, upnp/dlna" -j ACCEPT

	# Allow Local NFSv4
	iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports 111,2049,20048 -j ACCEPT
	iptables -A INPUT -p udp -m state --state NEW,ESTABLISHED -m multiport --dports 111,2049,20048 -j ACCEPT

	# Allow local Samba
	iptables -A INPUT -p tcp --dport 139 -j ACCEPT
	iptables -A INPUT -p tcp --dport 445 -j ACCEPT
	iptables -A INPUT -p udp --dport 137 -j ACCEPT
	iptables -A INPUT -p udp --dport 138 -j ACCEPT

	if ! [[ "/etc/sysconfig/iptables" ]]; then
	echo "*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT" > /etc/sysconfig/iptables
	fi
	if [[ -f "/etc/sysconfig/iptables" ]]; then
		iptables-save > "/etc/iptables/rules.v4"
		ip6tables-save > "/etc/iptables/rules.v6"
	fi
	if ! [[ "${ISARCH}" ]]; then
		Encapsulate "Installing Security based packages."
		sudo apt-get install -y auditd fail2ban apt-listchanges apt-show-versions needrestart debsecan debsums libpam-cracklib usbguard clamtk chkrootkit acct apparmor aide unattended-upgrades 2>/dev/null
		FullBar
	else
		Encapsulate "Installing Security based packages."
		sudo pacman -Syuu --noconfirm fail2ban usbguard clamtk chkrootkit apparmor 2>/dev/null
		FullBar
	fi
	Encapsulate "Applying Kernel Security."
	# Configure Kernel
	declare -a SYSCTL=();
	declare -a FILEZ=();
	INDEX=1
	FILEZ=( "/etc/sysctl.d/10-network-security.conf" "/etc/sysctl.conf" "/etc/sysctl.d/80-lockdown.conf" )
	declare -a LOCKDOWN=();
	LOCKDOWN=( 'dev.tty.ldisc_autoload = 0' 'fs.protected_symlinks = 1' 'fs.suid_dumpable = 0' 'kernel.core_uses_pid = 1' 'kernel.dmesg_restrict = 1' 'kernel.kptr_restrict = 2' 'kernel.panic = 60' 'kernel.panic_on_oops = 60' 'kernel.randomize_va_space = 2' 'kernel.sysrq = 0' 'kernel.unprivileged_bpf_disabled = 1' 'net.core.bpf_jit_harden = 2' 'net.ipv4.conf.all.accept_redirects = 0' 'net.ipv4.conf.all.accept_source_route = 0' 'net.ipv4.conf.all.rp_filter = 1' 'net.ipv4.conf.all.secure_redirects = 0' 'net.ipv4.conf.all.shared_media = 0' 'net.ipv4.conf.default.accept_redirects = 0' 'net.ipv4.conf.default.accept_source_route = 0' 'net.ipv4.conf.default.log_martians = 1' 'net.ipv4.conf.default.rp_filter = 1' 'net.ipv4.conf.default.send_redirects = 0' 'net.ipv4.conf.default.shared_media = 0' 'net.ipv4.icmp_ignore_bogus_error_responses = 1' 'net.ipv4.ip_forward = 0' 'net.ipv4.tcp_challenge_ack_limit = 1000000' 'net.ipv4.tcp_invalid_ratelimit = 500' 'net.ipv4.tcp_max_syn_backlog = 20480' 'net.ipv4.tcp_rfc1337 = 1' 'net.ipv4.tcp_syn_retries = 5' 'net.ipv4.tcp_synack_retries = 2' 'net.ipv4.tcp_timestamps = 0' 'net.ipv6.conf.all.accept_ra = 0' 'net.ipv6.conf.all.accept_redirects = 0' 'net.ipv6.conf.all.accept_source_route = 0' 'net.ipv6.conf.all.forwarding = 0' 'net.ipv6.conf.all.use_tempaddr = 2' 'net.ipv6.conf.default.accept_ra = 0' 'net.ipv6.conf.default.accept_ra_defrtr = 0' 'net.ipv6.conf.default.accept_ra_pinfo = 0' 'net.ipv6.conf.default.accept_ra_rtr_pref = 0' 'net.ipv6.conf.default.accept_redirects = 0' 'net.ipv6.conf.default.accept_source_route = 0' 'net.ipv6.conf.default.autoconf = 0' 'net.ipv6.conf.default.dad_transmits = 0' 'net.ipv6.conf.default.max_addresses = 1' 'net.ipv6.conf.default.router_solicitations = 0' 'net.ipv6.conf.default.use_tempaddr = 2' 'net.ipv6.conf.eth0.accept_ra_rtr_pref = 0' 'net.netfilter.nf_conntrack_max = 2000000' 'net.netfilter.nf_conntrack_tcp_loose = 0' 'fs.protected_fifos = 2' 'kernel.perf_event_paranoid = 3' 'net.ipv4.tcp_syncookies = 1' 'net.ipv4.icmp_echo_ignore_all = 0' 'fs.protected_hardlinks = 1' 'kernel.yama.ptrace_scope = 2' 'net.ipv4.conf.all.log_martians = 1' 'net.ipv4.conf.all.send_redirects = 0' 'net.ipv4.conf.default.secure_redirects = 0' 'net.ipv4.conf.all.forwarding = 0' 'net.ipv4.conf.default.shared_media = 0' 'net.ipv4.icmp_echo_ignore_broadcasts = 1' 'net.ipv6.conf.all.accept_ra = 0' ) # 'kernel.modules_disabled = 1'
	if ! [[ -f "/etc/sysctl.d/80-lockdown.conf" ]]; then
		sudo touch "/etc/sysctl.d/80-lockdown.conf"
	fi
	for FILE in "${FILEZ[@]}"
	do
	Encapsulate "Scanning file #${INDEX} of ${#FILEZ[@]} File = ${FILE} for ${#LOCKDOWN[@]} security parameters."
	HASBEENSET=0
	FOUNDKEY=0
		for EACH in "${LOCKDOWN[@]}"
		do
			FOUNDKEY=$((FOUNDKEY + 1))
			SETTING=$(echo "${EACH}" | sed "s/ .*//")
			Encapsulate "Scaning for key ${SETTING} in ${FILE}"
			if ! [[ -f "${FILE}" ]]; then
				sudo touch "${FILE}"
			fi
			GREPPED=$(grep -i "${SETTING}" "${FILE}")
			if [[ "${GREPPED}" ]]; then
				VALUE=$(echo "${EACH}" | sed "s/${SETTING}//g" | sed "s/\=//g" | sed "s/ //g")
				SETTINGFOUND=$(grep -i "${SETTING}" "${FILE}")
				SETTINGFOUNDVALUE=$(echo "${SETTINGFOUND}" | sed "s/${SETTING}//g" | sed "s/\=//g" | sed "s/ //g")
				if [[ "${SETTINGFOUNDVALUE}" != "${VALUE}" ]]; then
					Encapsulate "Setting: ${SETTING} has been found in ${FILE}."
					Encapsulate "Replacing with ${SETTING} = ${VALUE}"
					REPLACEMENT="${SETTING} = ${VALUE}"
					sed -i "s/*${SETTING}*/${REPLACEMENT}/g" "${FILE}"
					SYSCTL[${FOUNDKEY}]=1
				fi
			else
				if [[ "${#FILEZ[@]}" == "${INDEX}" ]]; then
					if [[ "${SYSCTL[${FOUNDKEY}]}" == 0 ]]; then
						Encapsulate "Inserting: ${EACH} into ${FILE}"
						echo "${EACH}" >> "${FILE}"
					fi
				else
					SYSCTL[${FOUNDKEY}]=0
				fi
			fi
			if [[ "${#FILEZ[@]}" == "${INDEX}" ]]; then
				if [[ "${SYSCTL[${FOUNDKEY}]}" == 0 ]]; then
					Encapsulate "Inserting: ${EACH} into ${FILE}"
					echo "${EACH}" >> "${FILE}"
				fi
				else
					SYSCTL[${FOUNDKEY}]=0
			fi
		done
			if [[ "${GREPPED}" ]]; then
				if [[ "${SETTINGFOUNDVALUE}" != "${VALUE}" ]]; then
					Encapsulate "Setting: ${SETTING} has been found in ${FILE}."
					Encapsulate "Replacing with ${SETTING} = ${VALUE}"
					REPLACEMENT="${SETTING} = ${VALUE}"
					sed -i "s/*${SETTING}*/${REPLACEMENT}/g" "${FILE}"
					SYSCTL[${FOUNDKEY}]=1
				fi
			else
				if [[ "${#FILEZ[@]}" == "${INDEX}" ]]; then
					if [[ "${SYSCTL[${FOUNDKEY}]}" == 0 ]]; then
						Encapsulate "Inserting: ${EACH} into ${FILE}"
						echo "${EACH}" >> "${FILE}"
					fi
				else
					SYSCTL[${FOUNDKEY}]=0
				fi
			fi
		INDEX=$((INDEX + 1))
	done
	sysctl --system -f 2>/dev/null
	if ! [[ "${ISARCH}" ]]; then
		if [[ -f "/etc/needrestart/notify.conf" ]]; then
			GREPIT=$(grep -i "#NR_NOTIFYD_DISABLE_NOTIFY_SEND=1" "/etc/needrestart/notify.conf")
			if ! [[ "${GREPIT}" ]]; then
				Encapsulate "Setting up attended upgrades."
				sed -i "s/*.NR_NOTIFYD_DISABLE_NOTIFY_SEND*/NR_NOTIFYD_DISABLE_NOTIFY_SEND=1/g" "/etc/needrestart/notify.conf"
				dpkg-reconfigure -plow unattended-upgrades
			else
				Encapsulate "Unattended upgrades are already set-up"
			fi
		fi
	fi
	if [[ -f "/etc/audit/rules.d/audit.rules" ]]; then
		Encapsulate "Setting up Audit Demon."
		echo "
# Remove any existing rules
-D

# Buffer Size
# Might need to be increased, depending on the load of your system.
-b 8192

# Failure Mode
# 0=Silent
# 1=printk, print failure message
# 2=panic, halt system
-f 1

# Audit the audit logs.
-w /var/log/audit/ -k auditlog

## Auditd configuration
## Modifications to audit configuration that occur while the audit (check your paths)
-w /etc/audit/ -p wa -k auditconfig
-w /etc/libaudit.conf -p wa -k auditconfig
-w /etc/audisp/ -p wa -k audispconfig

# Schedule jobs
-w /etc/cron.allow -p wa -k cron
-w /etc/cron.deny -p wa -k cron
-w /etc/cron.d/ -p wa -k cron
-w /etc/cron.daily/ -p wa -k cron
-w /etc/cron.hourly/ -p wa -k cron
-w /etc/cron.monthly/ -p wa -k cron
-w /etc/cron.weekly/ -p wa -k cron
-w /etc/crontab -p wa -k cron
-w /var/spool/cron/crontabs/ -k cron

## user, group, password databases
-w /etc/group -p wa -k etcgroup
-w /etc/passwd -p wa -k etcpasswd
-w /etc/gshadow -k etcgroup
-w /etc/shadow -k etcpasswd
-w /etc/security/opasswd -k opasswd

# Monitor usage of passwd command
-w /usr/bin/passwd -p x -k passwd_modification

# Monitor user/group tools
-w /usr/sbin/groupadd -p x -k group_modification
-w /usr/sbin/groupmod -p x -k group_modification
-w /usr/sbin/addgroup -p x -k group_modification
-w /usr/sbin/useradd -p x -k user_modification
-w /usr/sbin/usermod -p x -k user_modification
-w /usr/sbin/adduser -p x -k user_modification

# Login configuration and stored info
-w /etc/login.defs -p wa -k login
-w /etc/securetty -p wa -k login
-w /var/log/faillog -p wa -k login
-w /var/log/lastlog -p wa -k login
-w /var/log/tallylog -p wa -k login

# Network configuration
-w /etc/hosts -p wa -k hosts
-w /etc/network/ -p wa -k network

## system startup scripts
-w /etc/inittab -p wa -k init
-w /etc/init.d/ -p wa -k init
-w /etc/init/ -p wa -k init

# Library search paths
-w /etc/ld.so.conf -p wa -k libpath

# Kernel parameters and modules
-w /etc/sysctl.conf -p wa -k sysctl
-w /etc/modprobe.conf -p wa -k modprobe

# SSH configuration
-w /etc/ssh/sshd_config -k sshd

# Hostname
-a exit,always -F arch=b32 -S sethostname -k hostname
-a exit,always -F arch=b64 -S sethostname -k hostname

# Log all commands executed by root
-a exit,always -F arch=b64 -F euid=0 -S execve -k rootcmd
-a exit,always -F arch=b32 -F euid=0 -S execve -k rootcmd

## Capture all failures to access on critical elements
-a exit,always -F arch=b64 -S open -F dir=/etc -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/bin -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/home -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/sbin -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/srv -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/usr/bin -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/usr/local/bin -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/usr/sbin -F success=0 -k unauthedfileacess
-a exit,always -F arch=b64 -S open -F dir=/var -F success=0 -k unauthedfileacess

## su/sudo
-w /bin/su -p x -k priv_esc
-w /usr/bin/sudo -p x -k priv_esc
-w /etc/sudoers -p rw -k priv_esc

# Poweroff/reboot tools
-w /sbin/halt -p x -k power
-w /sbin/poweroff -p x -k power
-w /sbin/reboot -p x -k power
-w /sbin/shutdown -p x -k power

# Make the configuration immutable
-e 2" > "/etc/audit/rules.d/audit.rules"
	declare -a SERVICES=( "uno.service" "fail2ban.service" "firewalld.service" "iptables.service" "auditd.service" )
	declare -a PACKAGENAMES=( "ultimate-edition-optimizer" "fail2ban" "firewalld" "iptables" "auditd.service" )
	declare -a LONGNAME=( "Ultimate Network Optimizer (UNO)" "Fail2Ban" "Firewall daemon" "IP TABLES" "auditd.service")
	for EACH in "${SERVICES[@]}"
	do
		STATUS="Disabled"
		for SERVICE in "${SERVICES[@]}"
		do
			INSTALLED=$(LC_ALL=C.UTF-8 pacman -Qi | awk '/^Name/{name=$3} /^Installed Size/{print $4$5, name}' | LC_ALL=C.UTF-8 sort -h | grep "${PACKAGENAMES[${INDEX}]}" 2>/dev/null)
			#echo "Comparing :${EACH} to ${SERVICE} | ${INSTALLED} | ${STATUS}"
			if [[ "${EACH}" == "${SERVICE}" ]]; then
				STATUS="Enabled"
				#if [[ "${INSTALLED}" ]]; then
				#	APPINSTALLED = "${PACKAGENAMES[${INDEX}]}"
				#fi
				if [[ "${INSTALLED}" ]]; then
					Encapsulate "Enabling Service: ${SERVICE}"
					sudo systemctl enable "${SERVICE}"
					if [[ "${ISCHROOT}" ]]; then
						Encapsulate "Chroot detected, not starting service."
					else
						Encapsulate "Starting Service: ${SERVICE}"
						sudo systemctl start "${SERVICE}"
					fi
				else
					Encapsulate "Service: ${SERVICE} not installed."
				fi
			fi
		done
		INDEX=$(( INDEX + 1 ))
		#ENABLEDSERVICE=$(grep -i "${SERVICEOUT}"
	done
	Encapsulate "Enabling Audit Demon service."
	systemctl enable auditd.service 2>/dev/null
	Encapsulate "Restarting Audit Demon service."
	service auditd restart 2>/dev/null
	fi
	# Disable core dumps
	if [[ -f "/etc/security/limits.conf" ]]; then
		GREPIT=$(grep -i "hard core 0" "/etc/security/limits.conf")
		if ! [[ "${GREPIT}" ]]; then
			Encapsulate "Disabling core dumps."
			echo "* hard core 0" >> "/etc/security/limits.conf"
		else
			Encapsulate "Core dumps already disabled."
		fi
	else
		Encapsulate "No /etc/security/limits.conf file coredumps can not be disabled."
	fi
	if [[ -f "/etc/systemd/coredump.conf" ]]; then
		GREPIT=$(grep -i "ProcessSizeMax=0" "/etc/systemd/coredump.conf")
		if ! [[ "${GREPIT}" ]]; then
			Encapsulate "Disabling coredump's via Systemd."
			echo "ProcessSizeMax=0" > "/etc/systemd/coredump.conf"
			echo "Storage=none" >> "/etc/systemd/coredump.conf"
		else
			Encapsulate "Coredumps already disabled in Systemd."
		fi
	else
		Encapsulate "No /etc/systemd/coredump.conf file. Coredumps can not be disabled by Systemd."
	fi
	if [[ -f "/etc/profile" ]]; then
		GREPIT=$(grep -i "ulimit -c 0" "/etc/profile")
		if ! [[ "${GREPIT}" ]]; then
			Encapsulate "Setting Ulimit."
			echo "ulimit -c 0" >> "/etc/profile"
		else
			Encapsulate "Ulimit already set."
		fi
	else
		Encapsulate "No /etc/profile file.  Ulmit will not be set."
	fi
	# Set login.defs
	if [[ -f "/etc/login.defs" ]]; then
		GREPIT=$(grep -i "SHA_CRYPT_MIN_ROUNDS" "/etc/login.defs")
		if ! [[ "${GREPIT}" ]]; then
			Encapsulate "Restricting logins."
			sed -i s/UMASK.*/UMASK\ 027/ "/etc/login.defs"
			sed -i s/PASS_MAX_DAYS.*/PASS_MAX_DAYS\ 90/ "/etc/login.defs"
			sed -i s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\ 7/ "/etc/login.defs"
			echo "SHA_CRYPT_MIN_ROUNDS 1000000" | sudo tee --append "/etc/login.defs"
			echo " SHA_CRYPT_MAX_ROUNDS 100000000" | sudo tee --append "/etc/login.defs"
		else
			Encapsulate "Login restrictions already set."
		fi
	else
		Encapsulate "File: /etc/login.defs not found.  Not setting up restricted logins."
	fi
	# Secure ssh
	if [[ -f "/etc/ssh/sshd_config" ]]; then
		GREPIT=$(grep -i "VERBOSE" "/etc/ssh/sshd_config")
		if ! [[ "${GREPIT}" ]]; then
			Encapsulate "Securing SSH: logins."
			echo "
ClientAliveCountMax 2
Compression no
LogLevel VERBOSE
MaxAuthTries 3
MaxSessions 2
TCPKeepAlive no
AllowAgentForwarding no
AllowTcpForwarding no
PasswordAuthentication yes" >> "/etc/ssh/sshd_config"
			sed -i "s/^X11Forwarding.*/X11Forwarding\ no/" "/etc/ssh/sshd_config"
			sed -i "s/^UsePAM.*/UsePAM\ no/" "/etc/ssh/sshd_config"
		else
			Encapsulate "SSH has already been secured."
		fi
	else
		Encapsulate "SSH is not installed, no need to secure it."
	fi
	# Add legal banner
	GREPIT=$(grep -i " Disconnect now." "/etc/issue")
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Securing SSH: banner."
		echo "Unauthorized access to this server is prohibited.
Legal action will be taken. Disconnect now." > "/etc/issue"
	echo "Unauthorized access to this server is prohibited.
Legal action will be taken. Disconnect now." > "/etc/issue.net"
	else
		Encapsulate "SSH: banner has already been set."
	fi
	# Setup aide

	AIDEINSTALLED=$(type -p aide)
	if ! [[ "${ISARCH}" ]]; then
		if ! [[ "${AIDEINSTALLED}" ]]; then
			Encapsulate "Installing aide."
			apt-get install aide -y
		fi
	else
		sudo pacman -Syuu --noconfirm aide
	fi
	AIDEINSTALLED=$(type -p aide)
	if [[ "${AIDEINSTALLED}" ]]; then
		Encapsulate "Touching Aide database."
		sudo touch "/var/lib/aide/aide.db"
		Encapsulate "Chmoding Aide database."
		sudo chmod 755 "/var/lib/aide/aide.db"
		#if [[ -f "/var/lib/aide/aide.conf.autogenerated" ]]; then
		#	Encapsulate "Copying Aide configuration file."
		#	cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf
		#fi
		#echo '!/home/
#!/var/lib/
#!/proc' >> /etc/aide/aide.conf
		sudo aide -D
		Encapsulate "Generating Aide Database file. Please wait. This will take a long time depending on the ammout of data you have and speed of the drive(s)."
		RESULTS=$((sudo aide --init 2>/dev/null) & Spinner "Building Database...")
		#aide -c /etc/aide/aide.conf  --init
		#if [[ -f "/var/lib/aide/aide.db.new" ]]; then
		#	Encapsulate "Moving Aide Database."
		#	mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
		#fi
	fi
	if [[ -f "/var/lib/aide/aide.db.new.gz" ]]; then
		Encapsulate "Moving Aide database."
	mv "/var/lib/aide/aide.db.new.gz" "/var/lib/aide/aide.db.gz"
fi
	# Enable process accounting
	Encapsulate "Enabling process accounting."
	systemctl enable acct.service 2>/dev/null
	Encapsulate "Starting process accounting."
	systemctl start acct.service 2>/dev/null
	# Secure Postfix (Mail server) if the user has it installed.
	if [[ -f "/etc/postfix/main.cf" ]]; then
		Encapsulate "Postfix (Mail) detected, hardening security."
		sed -i.org "s/*.smtpd_banner*/\$myhostname ESMTP/" "/etc/postfix/main.cf"
		# Check if incoming address is legit.
	    postconf -e disable_vrfy_command=yes
		# Set a Single interface, some servers have multiple (get it under control)
		postconf -e inet_interfaces=loopback-only
	    postconf -e mynetworks="127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
		# Stop incoming Spam
	    postconf -e smtpd_helo_required=yes
	fi
	# Disable uncommon filesystems
	GREPIT=""
	if ! [[ -f "/etc/modprobe.d/blacklist.conf" ]]; then
		sudo touch "/etc/modprobe.d/blacklist.conf"
	fi
	if ! [[ -f "/etc/modprobe.d/filesystems.conf" ]]; then
		sudo touch "/etc/modprobe.d/filesystems.conf"
	fi
	if [[ -f "/etc/modprobe.d/filesystems.conf" ]]; then
		GREPIT=$(grep -i "install hfs /bin/true" "/etc/modprobe.d/filesystems.conf")
	fi
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Injecting to remove un-used filesystems."
		echo "install cramfs /bin/true
install freevxfs /bin/true
install hfs /bin/true
install hfsplus /bin/true
install jffs2 /bin/true
install squashfs /bin/true" >> "/etc/modprobe.d/filesystems.conf"
	else
		Encapsulate "Un-used filesystem(s) already banned."
	fi
	GREPIT=$(grep -i "install udf /bin/true" "/etc/modprobe.d/blacklist.conf")
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Disabling Firewire."
		echo "install udf /bin/true
blacklist firewire-core
blacklist firewire-ohci
blacklist firewire-sbp2" >> "/etc/modprobe.d/blacklist.conf"
	else
		Encapsulate "Firewire is already disabled."
	fi
	GREPIT=""
	if [[ -f "/etc/modprobe.d/blacklist.conf" ]]; then
		GREPIT=$(grep -i "blacklist usb-storage" "/etc/modprobe.d/blacklist.conf")
	else
		sudo touch "/etc/modprobe.d/blacklist.conf"
	fi
	if ! [[ "${GREPIT}" ]]; then
		echo "blacklist usb-storage" >> "/etc/modprobe.d/blacklist.conf"
		if [[ -f "/etc/usbguard/usbguard-daemon.conf" ]]; then
			Encapsulate "Adjusting secure USB policy: apply-policy"
			sed -i "s/keep/apply-policy/g" "/etc/usbguard/usbguard-daemon.conf"
		else
			Encapsulate "USB Policy already in place."
		fi
	fi
	# Uncommon Protocols
	GREPIT=""
	if [[ -f "/etc/modprobe.d/protocols.conf" ]]; then
		GREPIT=$(grep -i "install sctp /bin/true" "/etc/modprobe.d/protocols.conf")
	fi
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Disabling uncommon protocols."
		echo "install sctp /bin/true
install dccp /bin/true
install rds /bin/true
install tipc /bin/true" >> "/etc/modprobe.d/protocols.conf"
	else
		Encapsulate "Uncommon protocols already disabled."
	fi
	# Change /root permissions
	Encapsulate "Changing Root permissions."
	FullBar
	declare -a USERNAMES=();
	HOMEDIR="/home/"
	USERNAMES=(/home/*)
	Encapsulate "${USERNAMES[@]}"
	for EACH in "${USERNAMES[@]}"
	do
		if [[ -d "${EACH:?}" ]]; then
			Encapsulate "Securing: ${EACH:?}"
			chmod 750 "${EACH:?}"
		fi
	done
	if [[ -d "/root" ]]; then
		Encapsulate "Chmoding: /root"
		chmod 700 /root
	fi
	if [[ -d "/home/ultimate" ]]; then
		Encapsulate "Chmoding: /home/ultimate"
		chmod 750 /home/ultimate
	fi
	if [[ -d "/etc/sudoers.d/" ]]; then
		Encapsulate "Processing: /etc/sudoers.d/"
		chmod 750 /etc/sudoers.d/
	fi
	if [[ -d "/etc/sudoers.d/README" ]]; then
		Encapsulate "Processing: /etc/sudoers.d/README to root"
		chown root:root /etc/sudoers.d/README
		chmod 440 /etc/sudoers.d/README
	fi
	if [[ -f "/etc/sudoers.d/casper" ]]; then
		Encapsulate " Processing: /etc/sudoers.d/casper"
		chmod root:root "/etc/sudoers.d/casper"
		chmod 440 "/etc/sudoers.d/casper"
	fi
	# Restrict access to compilers
	declare -a COMPILERS=();
	COMPILERS=( '/usr/bin/as' '/usr/bin/g++' '/usr/bin/gcc' '/usr/bin/cc' '/usr/bin/x86_64-linux-gnu-as' )
	for EACH in "${COMPILERS[@]}"
	do
		if [[ -f "${EACH}" ]]; then
			Encapsulate "Restricting access to compiler(s)"
			Encapsulate "Found compiler: ${EACH} chmodding."
			chmod o-rx "${EACH}"
		fi
	done
	# Move tmp to tmpfs
	GREPIT=$(grep -i "tmpfs rw,nosuid,nodev" "/etc/fstab")
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Raising the security bar on the Temp Filesystem."
		echo "tmpfs /tmp tmpfs rw,nosuid,nodev" >> "/etc/fstab"
	else
		Encapsulate "Temp security has already been put in place."
	fi
	# Mount tmp with noexec
	Encapsulate "Remounting tmp fs with no exec privilages."
	mount -o remount,noexec /tmp

	# Mount /proc with hidepid=2
	Encapsulate "Hiding processe(s) in tmp."
	mount -o remount,rw,hidepid=2 /proc

	# Mount /dev with noexec
	Encapsulate "Setting /dev and /dev/shm as no exec permissions."
	mount -o remount,noexec /dev
	mount -o remount,noexec /dev/shm

	# Mount /run as nodev
	Encapsulate "Setting /run as no exec permissions."
	mount -o remount,nodev /run

	GREPIT=$(grep -i "defaults,hidepid=1" "/etc/fstab")
	if ! [[ "${GREPIT}" ]]; then
		Encapsulate "Setting setting permenant."
		echo 'proc            /proc           proc    defaults,hidepid=1   0    0' >> "/etc/fstab"
		echo 'tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0' >> "/etc/fstab"
		echo 'tmpfs /tmp tmpfs defaults,nodev,nosuid,noexec 0 0' >> "/etc/fstab"
	else
		Encapsulate "Settings are in the /etc/fstab, not doing anything."
	fi
	# Purge old/removed packages
	if ! [[ "${ISARCH}" ]]; then
		Encapsulate "Purging unsed software."
		FullBar
		apt autoremove -y 2>/dev/null
		apt purge "$(dpkg -l | grep '^rc' | awk '{print $2}')" -y 2>/dev/null
		FullBar
	fi
	INSTALLED=$(type -p systemctl)
	if [[ "${INSTALLED}" ]]; then
		if ! [[ "${ISCHROOT}" ]]; then
			Encapsulate "Reloading daemon."
			sudo systemctl daemon-reload
		else
			Encapsulate "Running in Chroot, not reloading the daemon"
		fi
	fi
	Timer "Stop" "Security"
}


create_admin_user () {
	# Create admin user
	FullBar
	echo "Enter admin username"; read -r username
	FullBar
	adduser "$username"
	mkdir "/home/$username/.ssh"
	cp /root/.ssh/authorized_keys "/home/$username/.ssh/authorized_keys"
	chown -R "$username" "/home/$username/.ssh"
	usermod -aG sudo "$username"

	# Restrict ssh to admin user
	echo "AllowUsers $username
PermitRootLogin no" >> "/etc/ssh/sshd_config"
}

run () {
	typeset -f "${1}" | tail -n +2
	FullBar
	echo "Run the above commands? [y/N]"
	read -r answer
	FullBar
	if [ "$answer" != "${answer#[Yy]}" ] ;then
		${1}
	fi
}

# Help system - I have re-wrote this section to work with code-cleanup.
Help () {

	if [[ "${2}" == "" ]]; then
		VersionDump
		PRAM="ALL"
	else
		if ! [[ "${3}" ]]; then
			VersionDump
			PRAM="${2}"
		else
			PRAM="${2}"
		fi
	fi

	case "${PRAM}" in
		ALL)
			Encapsulate "Usage: ${PROGNAME} -<-COMMAND> [OPTION]"
			FullBar
			Encapsulate "Mandatory arguments to long options are identical for short options."
			Encapsulate "  possible commands..."
			Encapsulate " "
			Encapsulate "  -a       --auto-optimize automatically detect and optimize network."
			Encapsulate "  -C       --compilers     permission rights on compilers."
			Encapsulate "  -h       --help          this help message."
			Encapsulate "  -i       --info          displays information about network controller(s)."
			Encapsulate "  -m       --modify        modify an exiting network controller(s)."
			Encapsulate "  -s       --service       set ${PROGNAME} as a service and auto optimize network devices on boot."
			Encapsulate "  -S       --security      set security level on network devices on boot."
			Encapsulate "  -t       --test          test internet & network speed and exit."
			Encapsulate "  -v       --version       dump version info and exit."
			Encapsulate " "
			FullBar
			Encapsulate "${PROGNAME} --help [COMMAND] for further information."
		FullBar;;
		# Version Help
		ALL|v|version)
			Encapsulate "Usage version;"
			FullBar
			Encapsulate "${PROGNAME} -v"
			FullBar
			Encapsulate "Displays ${PROGNAME}'s version number and exits."
		FullBar;;
		# Version Help
			ALL|C|compilers)
			Encapsulate "Usage compilers; <on/off>"
			FullBar
			Encapsulate "${PROGNAME} -C <on/off>"
			FullBar
			FormatText "While the entire drive or scope of ${PROGNAME} is security and network speed. ${APPNAME} does by default close out the ability of a hacker to compile a program on your computer. By the same token ${PROGNAME} removes your ability to compile a program as well. Like a switch you can turn it on and off. Just dont forget to turn it back on after you have compiled your software, sorry for the inconvenience."
		FullBar;;
		ALL|a|auto-optimize)
			Encapsulate "Usage auto-optimize;"
			FullBar
			Encapsulate "${PROGNAME} -a"
			FullBar
			FormatText "Automatically detects and optimize network and exits. Network adapter and line speed is detected and optimised based on findings. Currently supports 100 megabit, 1 Gigabit, 2.5 Gigabit, 10 Gigabit and 20 Gigabit.  Because of this tool I have seen 1.1 Gigabytes per second across the network which is the maximum thoughput of 10 Gigabit."
		FullBar;;
		ALL|i|info)
			Encapsulate "Usage info;"
			FullBar
			Encapsulate "${PROGNAME} -i"
			FullBar
			FormatText "Displays various information about network controller(s). Device, connection speed, status and type of connection."
		FullBar;;
		ALL|S|security)
			Encapsulate "Usage security;"
			FullBar
			Encapsulate "${PROGNAME} -S"
			FullBar
			FormatText "Sets set security level on network devices on boot.  This is a very complex section of software.  I have security audited an Operating System prior to the tool running a 57% strength, after the tool 87% this is increasing with each literation of this tool."
			FullBar;;
		ALL|s|service)
			Encapsulate "Usage service; <on/off>"
			FullBar
			Encapsulate "${PROGNAME} -s <on/off>"
			FullBar
			FormatText "Sets uno as a service and auto optimize network devices on boot."
			FullBar;;
		ALL|t|test)
			Encapsulate "Usage test; [IP ADDRESS]"
			FullBar
			Encapsulate "${PROGNAME} -t [IP ADDRESS]"
			FullBar
			FormatText "Tests Internet speed if no IP address is specified.  If an IP address is specified IPerf3 must be running on the server.  It will test network speed.  Latency and thoughput."
			Encapsulate "Example: uno --test 192.168.1.189"
			FullBar;;
		# Help Help
		ALL|h|help|\?)
			Encapsulate "Usage Help [COMMAND]"
			FullBar
			Encapsulate "${PROGNAME} -h [COMMAND]"
			FullBar
			Encapsulate "Displays this message. For futher information ${PROGNAME} help [COMMAND]"
			Encapsulate "or refer to the manpages."
			Encapsulate " "
			Encapsulate "man ${PROGNAME}"
			Encapsulate " "
			Encapsulate "Example: ${PROGNAME} -h version"
			Encapsulate "Will display help about the command switch version"
			FullBar
	esac
	exit 0
}

Timer "Start" "${APPNAME}"

SpeedTest () {
	Timer "Start" "Speed Test"
	shopt -u nullglob
	declare -a FULLTEST=();
	WASIFS="$IFS"
	IFS=$'\n'
	LANIP=$(echo "$@" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
	Center "Testing Internet speed - Wide Access Networking (WAN)"
	FullBar
	MASSDATA=$((curl -s  https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -) & Spinner "Testing Internet speed")
	MASSDATA=($MASSDATA)
	for EACH in "${MASSDATA[@]}"
	do
		Encapsulate "${EACH}"
	done
	FullBar
	if [[ "${LANIP}" ]]; then
		Center "Testing Local Network Speed (LAN) - iperf3"
		FullBar
		FULLTEST=$(iperf3 -c "${LANIP}")
		FULLTEST=($FULLTEST)
		IFS="${WASIFS}"
		for EACH in "${FULLTEST[@]}"
		do
			TESTCOND=$(echo "${EACH}" | grep -i "perf")
			if ! [[ "${TESTCOND}" ]]; then
				Encapsulate "${EACH}"
			fi
		done
		FullBar
	else
		Error "You did not specify an IP to test:"
		Encapsulate "Example: ${PROGNAME} --test 192.168.1.7"
		FullBar
		exit 1;
	fi
	Encapsulate "Based on findings:"
	Timer "Stop" "Speed Test"
}

Main () {
	NetInfo "$@"
}

Optimize () {
	if [[ -f "/etc/sysctl.conf" ]]; then
		GREPIT=$(grep -i "gbe" "/etc/sysctl.d/99-sysctl.conf")
		if [[ "${GREPIT}" ]]; then
			Encapsulate "Networking has already been Optimised."
			OPTIMIZED=1
		else
			Encapsulate "Optimizing LAN"
			CSPEED=$(echo "${SPEED}" | cut -d "M" -f1)
			if [[ "${CSPEED}" ]]; then
				BYTES=$(( ${CSPEED} * 1000 / 8))
				echo "# Assume RTT in data center with ${SPEED} network = 1~100ms,  BDP=0.1sec * ${SPEED} / 8 = ${BYTES} Byte
# Increase the maximum amount of option memory buffers 256M
net.core.optmem_max = 268435456
# Maximum Socket Send and Read Buffer: close to 128M
net.core.rmem_default = 212992
net.core.wmem_default = 212992
net.core.rmem_max = ${BYTES}
net.core.wmem_max = ${BYTES}
net.ipv4.tcp_rmem = 4096 87380 ${BYTES}
net.ipv4.tcp_wmem = 4096 65536 ${BYTES}

# To increase backlog for 20G NICS : reference to Oracle white paper
net.core.netdev_max_backlog = ${BYTES}
net.core.somaxconn = 8192
fs.inotify.max_user_watches=1048576" | sudo tee -a "/etc/sysctl.d/99-sysctl.conf"
				sudo sysctl -p
			fi
		fi
	fi
}

AutoOptimise () {
	CheckRoot
	Timer "Start" "Auto-Optimise"
	Encapsulate "Active Network speed detected at: ${SPEED}"
	Optimize "$@"
	if ! [[ "${OPTIMIZED}" ]]; then
		sysctl --system
	fi
	Timer "Stop" "Auto-Optimise"
	FullBar
}

Service () {
	CheckRoot
	INSTALLED=$(type -p systemctl)
	if [[ "${INSTALLED}" ]]; then
		case "${2}" in
			on) Encapsulate "Enabling UNO service"; systemctl enable uno;systemctl start uno;systemctl status uno.service;;
			off) Encapsulate "Disabling UNO service"; systemctl disable uno;systemctl stop uno;systemctl status uno.service;;
			*) Error "No swich provided. $@"; uno --help service ;;
		esac
	else
		Error "Systemctl is not installed."
	fi
}

Compilers () {
	case "${2}" in
		on) Center "Restricting access to compiler(s)";;
		off) Center "Un-Restricting access to compiler(s)";;
		*) Error "No swich provided. $@"; uno --help compilers  ; exit 1;;
	esac

	declare -a COMPILERS=();
	COMPILERS=( '/usr/bin/as' '/usr/bin/g++' '/usr/bin/gcc' '/usr/bin/cc' '/usr/bin/x86_64-linux-gnu-as' )
	if [[ "${2}" == "on" ]]; then
		for EACH in "${COMPILERS[@]}"
		do
			if [[ -f "${EACH}" ]]; then
				Encapsulate "Un Restricting access to compiler(s)"
				Encapsulate "Found compiler: ${EACH} chmodding."
				chmod 755 "${EACH}"
			fi
		done
	else
		# Restrict access to compilers
		for EACH in "${COMPILERS[@]}"
		do
			if [[ -f "${EACH}" ]]; then
				Encapsulate "Restricting access to compiler(s)"
				Encapsulate "Found compiler: ${EACH} chmodding."
				chmod o-rx "${EACH}"
			fi
		done
	fi
}
if ! [[ "${SUPPRESS}" ]]; then
	VersionDump "$@"
fi
case "${1}" in
	-a|--auto-optimize) NetInfo "$@" --suppress; AutoOptimise; exit 0;;
	-A|--analyze) analyze "$@"; exit 0;;
	-C|--compilers) CheckRoot; Compilers "$@"; exit 0;;
	-m|--modify) echo "Feature currently not implemented."; exit 0;;
	-s|--service) Service "$@"; exit 0;;
	-S|--security) Security "$@"; exit 0;;
	-i|--info) NetInfo "$@"; exit 0;;
	-t|--test) NetInfo "$@"; SpeedTest "$@"; exit 0;;
	-h|--help|-\?) Help "$@"; exit 0;;
	-v|--version) exit 0;;
	*) Help "$@"; Main "$@"; exit 0;;
esac


# ==============================================================================
# This code was automatically cleaned up using code-cleanup
# title			:code-cleanup
# description		:Bash code cleanup script
# Author		:root
# date			:10/23/2013
# version		:1.7.2-1
# http://ultimateedition.info/
# ==============================================================================
