CIS-CAT benchmarks

1,710 views
Skip to first unread message

Issam Beik

unread,
Nov 7, 2018, 11:36:41 AM11/7/18
to Wazuh mailing list
I am testing out the CIS features as we are going to be applying the benchmarks in my environment. As the documentation states here: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-ciscat.html, an example configuration is given which is below. Running cis-cat pro natively, it finds the OS version and selects the appropriate benchmark, what I am wondering is if we have to call out in the ossec.conf the specific benchmark to be ran against the system or can we use the native feature in the cis-cat-centralized.bat/.sh? Thank you.  
<wodle name="cis-cat">

  <disabled>no</disabled>
  <timeout>1800</timeout>
  <wday>monday</wday>
  <time>04:00</time>
  <interval>2w</interval>
  <scan-on-start>yes</scan-on-start>

  <java_path>/usr/bin</java_path>
  <ciscat_path>wodles/ciscat</ciscat_path>

  <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
    <profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
  </content>

</wodle>

Issam Beik

unread,
Nov 7, 2018, 12:46:46 PM11/7/18
to Wazuh mailing list
Another question, what file is it looking for for the cis-cat tool?

Chema Martinez

unread,
Nov 14, 2018, 6:26:06 AM11/14/18
to Issam Beik, wa...@googlegroups.com
Hi Issam,

The integration with the CIS-CAT tool doesn't use the cis-cat-centralized.sh script for now. This is why it is necessary to set up the specific benchmark you want to run against your system manually in the ossec.conf. You can run several benchmarks against the same host by setting more than one <content> block in the configuration.

I am not sure if understood your second question, what do you mean about the file which cis-cat tool is looking for? If you are meaning about the script which is being launched, it is the CIS-CAT.sh for Linux and CIS-CAT.BAT for Windows hosts.

Regards.

 
Chema Martinez | IT Engineer — Wazuh, Inc.


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Issam Beik

unread,
Nov 14, 2018, 10:47:38 AM11/14/18
to Wazuh mailing list
Chema, 

Thanks for the response. I planned on using the centralized script since it takes away having to select what benchmark to run. Is this something that will be supported in the future? Also, I have tried a network and local path to the cis-cat.bat file in the ossec.conf on the Windows host and I keep getting the same error, "CIS-CAT tool not found @ blah". This is where I was asking what file it is looking for so I know what to put in the config. Can you tell me what next I should be looking for since I am still getting the same error? Thank you.  
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Chema Martinez

unread,
Nov 15, 2018, 7:05:51 AM11/15/18
to Issam Beik, wa...@googlegroups.com
Hi Issam,

It is not a priority to modify the operation of the module in the near future due to it is not worth the effort compared to its advantages. However, feel free to propose it on GitHub by a new issue or Pull Request if you consider it an interesting request. That way we could evaluate it.

Referred to your Windows issue, could you share us the CIS-CAT configuration of the "ossec.conf" for that agent and log errors you are obtaining? 

Regards.

Chema Martinez | IT Engineer — Wazuh, Inc.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.

Issam Beik

unread,
Nov 15, 2018, 9:05:57 AM11/15/18
to Wazuh mailing list
Chema, 

The config is below: 


  <!-- CIS policies evaluation -->
  <wodle name="cis-cat">
    <disabled>no</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>\\<IP>\CIS\Java64\bin\java.exe</java_path>
    <ciscat_path>C:\CIS-CAT.BAT</ciscat_path>

    <content type="xccdf" path="\\<IP>\CIS\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml">
    <profile>xccdf_org.cissecurity>benchmarks_profile_Level_1_-Member_Server</profile>
    </content>
  </wodle>
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Chema Martinez

unread,
Nov 16, 2018, 9:30:04 AM11/16/18
to Issam Beik, wa...@googlegroups.com
Issam,

Is the script CIS-CAT.BAT in the same folder as the rest of the tool? 

I see that you are pointing the <ciscat_path> to C:\ directly but the benchmark file to \\<IP>\CIS\cis-cat-full\
The script should be into the cis-cat-full folder as well in order to make it work.

Best regards.

Chema Martinez | IT Engineer — Wazuh, Inc.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/98661171-737b-4925-b612-09ba3b2f26ed%40googlegroups.com.

Issam Beik

unread,
Nov 16, 2018, 12:25:22 PM11/16/18
to Wazuh mailing list
Chema, 

Thank you for the guidance. I have performed the steps listed below and I am still getting the same results. Can you tell me what is wrong, if anything? Thanks. The config and error message are below: 

  <!-- CIS policies evaluation -->
  <wodle name="cis-cat">
    <disabled>no</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>

    <java_path>\\IP\CIS\Java64\bin\java.exe</java_path>
    <ciscat_path>\\IP\CIS\cis-cat-full\CIS-CAT.BAT</ciscat_path>

    <content type="xccdf" path="\\IP\CIS\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml">
    <profile>xccdf_org.cissecurity>benchmarks_profile_Level_1_-Member_Server</profile>
    </content>
  </wodle>

2018/11/16 07:57:46 wazuh-modulesd:ciscat: ERROR: CIS-CAT tool not found at '\\10.32.30.25\CIS\cis-cat-full\CIS-CAT.BAT'.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Issam Beik

unread,
Nov 16, 2018, 11:58:11 PM11/16/18
to Wazuh mailing list
Chema, 

I was being an idiot. As per the documentation, https://documentation.wazuh.com/current/user-manual/capabilities/policy-monitoring/ciscat/ciscat.html#use-case-running-a-cis-evaluation, it states: "For running this integration, the CIS-CAT tool must reside on the local agent that runs the scans. However, the JRE can be located on a removable disk or network drive for the purpose of sharing between multiple agents." That problem is solved however now a new one cropped up. Where do I go from here? Thanks.  


018/11/16 15:20:20 wazuh-modulesd:ciscat: ERROR: Unable to read file tmp\ciscat-report.txt: No such file or directory



To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Chema Martinez

unread,
Nov 19, 2018, 8:44:23 AM11/19/18
to Issam Beik, wa...@googlegroups.com
Hi Issam,

That log means that any error happened while running the CIS-CAT tool. Unfortunately, you have to enable the debug mode for logs to get the CIS-CAT output of the execution and obtain more information about the particular error.

For doing that, insert the following line to the file "local_internal_options.conf" of your Windows agent:

windows.debug=2

After that, restart the agent and, when the CIS-CAT scan finish, look for the next logs:

2018/11/19 14:38:32 wazuh-modulesd:ciscat: DEBUG: OUTPUT: This is CIS-CAT-Pro Assessor version 3.0.43
An error occurred configuring the profile testing selected for assessment.  Ensure the profile is valid for the selected benchmark.
CIS-CAT will now exit -- Error Code: ERR-CLI-0012

2018/11/19 14:38:32 wazuh-modulesd:ciscat: INFO: Scan finished. File: C:\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.1-xccdf.xml
2018/11/19 14:38:32 wazuh-modulesd:ciscat: ERROR: Unable to read file tmp\ciscat-report.txt: No such file or directory

That debug message should discover the source of the error.

Best regards.

Chema Martinez | IT Engineer — Wazuh, Inc.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/98661171-737b-4925-b612-09ba3b2f26ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2a819bc5-c751-4289-b62f-315f8700da17%40googlegroups.com.

Issam Beik

unread,
Nov 19, 2018, 4:09:52 PM11/19/18
to Wazuh mailing list
Chema, 

Below are the relevant log entries for the CIS-CAT error: 


2018/11/19 09:54:02 wazuh-modulesd:ciscat: DEBUG: Launching command: "C:\cis-cat-full\CIS-CAT.BAT" -a -b "C:\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml" -p xccdf_org.cissecurity>benchmarks_profile_Level_1_-Member_Server -r tmp -rn ciscat-report -x -t -n -y
09:54:02 wazuh-modulesd:ciscat: DEBUG: OUTPUT: The process cannot access the file because it is being used by another process.

2018/11/19 09:54:02 wazuh-modulesd:ciscat: INFO: Scan finished. File: C:\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml
2018/11/19 09:54:03 wazuh-modulesd:ciscat: ERROR: Unable to read file tmp\ciscat-report.txt: No such file or directory
2018/11/19 09:54:03 ossec-agent: DEBUG: Attempting to send message to server.
2018/11/19 09:54:03 ossec-agent: DEBUG: Sending message to server: 'Ending CIS-CAT scan. File: C:\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml. '
2018/11/19 09:54:03 wazuh-modulesd:ciscat: INFO: Evaluation finished.
2018/11/19 09:54:03 wazuh-modulesd:ciscat: DEBUG: Sleeping for 86399 seconds

Thanks for the help. 
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/98661171-737b-4925-b612-09ba3b2f26ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

Chema Martinez

unread,
Nov 22, 2018, 6:53:53 AM11/22/18
to Issam Beik, wa...@googlegroups.com
Issam,

It seems an internal error is happening when running the CIS-CAT tool. Unfortunately, the CIS-CAT tool doesn't provide any debug mode to reach the cause of the problem. I suggest to try to run the command manually in a Powershell terminal:

"C:\cis-cat-full\CIS-CAT.BAT" -a -b "C:\cis-cat-full\benchmarks\CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.3.0-xccdf.xml" -p xccdf_org.cissecurity>benchmarks_profile_Level_1_-Member_Server -r tmp -rn ciscat-report -x -t -n -y

The "tmp" folder should exist in the directory where you execute the command, or set another destination for reports with the -r parameter. That way we can check if the problem is being provoked by Wazuh or by the tool.

In addition, check if any service or process is looking any necessary file to run it, in the Wazuh agent folder or CIS-CAT folder.

Best regards,
Chema.

Chema Martinez | IT Engineer — Wazuh, Inc.

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/98661171-737b-4925-b612-09ba3b2f26ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2a819bc5-c751-4289-b62f-315f8700da17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d26cc0a2-8992-4693-bb37-c9e60661238e%40googlegroups.com.

Issam Beik

unread,
Nov 22, 2018, 12:58:54 PM11/22/18
to Wazuh mailing list
Chema, 

Thanks, the issue was right there in the logs, it wasn't able to write to the tmp directory, I created the the directory in the local path and now it works with no issues. Thanks for the help. 
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e3e04752-99f0-4628-a12e-2e6d04f0af3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/3ed2e913-49ba-4345-b475-71dd5993d1bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/98661171-737b-4925-b612-09ba3b2f26ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.

To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2a819bc5-c751-4289-b62f-315f8700da17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages