Need to catch up

Sorry folks but I’ve been swamped.  I’ve had some new projects come online as of late that are just taking up an incredible amount of time.  I’ve had to build a dedicated vm server for my house along with NAS storage to accomodate these updates.  Tonight I’m recovering from a two day crippled environment – UGH!

We’ll get something going soon!  Until then, stay thirsty my friends!

Posted in Notices | Leave a comment

Yay! We defeated SOPA/PIPA!!! Hey….what the hell is SOPA/PIPA?

Sorry folks, I know this is a few days behind the awesomeness that took place a few days ago (I’m referring to the demise of SOPA/PIPA) but I wanted to say something after I had some time to cool off. I’ll keep this short so I don’t offend too many people but I want to say something about this.

To start, let me get this right out there; I do not, have never and will never support blind, poorly constructed and obviously big business backed legislation such as this. It’s garbage, in poor taste and demonstrates allot of what is wrong with our leadership today. Too many people trying to make decisions on things they don’t understand and don’t take the time to understand. More importantly, I think this clearly demonstrates how far some entities will go to get their way. But enough about that, let’s talk about the real issue; the blind following….

First off, if you don’t know what SOPA/PIPA is/were, you can go to wikipedia, google, etc… to learn more. I’m not going to link to them because, frankly, that is part of the issue. The problem I have with this whole situation is that very few people (and I am generalizing based on my experience) seem to understand exactly what SOPA/PIPA mean. The people, in their blind rage, saw a few news reports, read some facebook posts and decided that was good enough to rally behind. That’s a problem, as you can imagine. Need proof? What if SOPA/PIPA would have been marketed better? What if they would have been sold as a means of better protecting the internet from hackers instead of pirates (or whatever horrible, evil lies in wait on the internet)? What if, those same people wouldn’t have been convinced by the likes of Google, Wikipedia, friends in the know, etc…? See, my problem isn’t the outcome; it’s how it came about. Granted, the big players on the internet really are the heroes here but without them and their voice, I believe that less than 3 in 10 of the people who were against these acts of domestic abuse would have even known what to do, what to say and what to think about them. I know that’s harsh but it’s the truth, so far as I can tell.

So, what is my point? My point is to stop being lazy people. Educate yourselves and your friends and family. Learn about these things and take action to prevent them. We can’t always rely on others to fix these types of problems. Take the time to read and understand why these bills, should they have passed, would have crippled the internet. I know, the stuff is boring and long winded and full of FUD but that’s the point; that’s how the lawmakers write them to get them to pass. They are depending on you to be too busy with everything else and not have enough interest or care enough to do anything. Prove them wrong! Don’t just change your facebook icon and call it good; write your congressman/woman, post information on your blogs, rss feeds, facebook, whatever means of getting information out there that you use. Don’t blindly follow the pack, because all too often the results always cost you in the end.

And with that I’ll wrap up this rant. Sorry for complaining but this situation is serious and I foresee it happening more and more in the near future. So let me bring this to a close and I’ll leave you with this; Folks, we have to change. I’m guilty as much as the next guy with being lazy and not knowing as much as I should about certain political things but I will say this much about myself; I don’t follow the pack. I don’t make uninformed decisions and I sure don’t sit by while garbage like this happens. So do yourself, your friends and family, your children, all of us, a favor; get informed, get involved and be apart of the solution. One voice doesn’t matter, but as the internet demonstrated this past Wednesday, our voice united can change anything!

Posted in News | Leave a comment

Quick Tips Introduction and first entry

So I thought about it and this is going to be a nice place to store quick tips.  Little tidbits of information that I run across and/or have needed that are:

  1. Obscure enough that Google might take a little too long to find your answer, or….
  2. I don’t use it enough to remember, and thus I need a place to write it down and store it where I know I can find it quickly and not dig through my notes….and maybe you will find it useful

I have always done something like this at my jobs, be it a wiki, sharepoint site, my own apache box, notepad up glorious spiral bound notepad, whatever…. and now I am going to start posting them here.

So let it be that this shall be my first quick tips entry!

Quick Tips #1 – Don’t discard old usb cd/dvd drives

I had a situation where I had to build out a oracle machine and had to use an old version of Redhat (4.x,x86) on a newer piece of hardware.  I’ve seen this before on allot of *nix builds (linux, bsd, debian, etc…)  and maybe you have to; You burn your iso(s) (side note, this distro required multiple isos and to make it easy I recompiled them to one dvd; this didn’t cause the issue I’m about to describe), boot with it, get to the initial install screen and it complains about not being able to find the media.  You re-burn the media and run into the same issue……Frustrating.  You test it on another machine and it works fine!  You use the same images to build a vm…and it works fine!

So here’s the tip; I kid you not, plug in an old, crusty usb based cd/dvd rom and boot from that (if your machine supports it).  This is what I’ve had to do on more then one occasion and it works nearly every time!  Awesome right?  Kinda makes sense too, in a weird sort of way.  We use old technology (at least in my case; the cd/dvd drive I’m using is an old external hp writer….remember those?) on new technology to shoe-horn it to work!

These will be shorter in the future to keep them quick and easy to read, I promise.  Until next time, take care and thanks for reading!

Posted in Quick Tips | Leave a comment

I’ve been published – I’m just as surprised as you are!

Okay, so those of you that know me are aware that I enjoy to write.  I think allot of techie people do (that’s based purely on my own observations, not what I hear in meetings talking about documentation) and I am certainly no exception.

Without a doubt, I have written more then my share of tech manuals, instructions, blog entries, evil emails, secret messages only to be decrypted by using the Little Orphan Annie decoder ring (Hey, it’s only a few days past Christmas….this joke works) but I have never been published at this level!

I am excited to announce that Linux Journal published my article!

I know, right?











My article is a introduction to a couple of security tools (you might have heard of them, Nmap, Nessus and Metasploit!) and how I use them to secure my network!  It’s a descent article and definitely worth a few minutes if you can spare them!  You do need a subscription to Linux Journal to read it but it’s worth it so head over there and support a great group of people!  And while you’re there, check my article out and let me know what you think!

Posted in News | Leave a comment

CISSP – I passed it, now here’s the review!

So, I posted back in October that I sat for my CISSP exam. As I stated in the subject line, I passed! I’ll share some thoughts on the exam but again, this will not be a NDA violating post, sorry. I worked too hard to pass that exam to throw it away with a blog post! So keep that in mind when reading this; allot of opinion, allot of suggestions, no NDA violating stuff! At any rate, let’s get to it!

First, let’s get this out of the way; the exam is difficult! With a failure rate of 70% (gathered from the web; I can’t vouch for the accuracy of that number), I was really nervous going in and by the time I was done, I was completely whipped. I don’t really have a comparison for this test in terms of the feel for it, because of all my IT certifications, I can honestly say this exam is unique in it’s format, test environment, etc…. The exam itself is very long and covers a broad range of topics within the CBK (CBK=common body of Knowledge) which is comprised of 10 domains. You can gleam all of this by going to the ISC2 site and reviewing the information for the CISSP. Please note that the domains are changing in January of 2012 (next week) so make sure if you are prepping that you cover the new requirements! Check out the ISC2 site or the wikipedia site for more information!

For me, I am going to cover a couple of things; my experience and my study suggestions. First, let’s talk about my experience. I studied for a period of time before taking this test, 1 to 2 hours every night without fail. I also took allot of practice tests from the study material and the ISC2 site. On the day before the exam, I rented a hotel not too far from the test site, took all of my study material, locked myself in the room and studied! I read, tested myself, reviewed the ISC2 site, googled for answers to questions I didn’t understand, etc….. basically nothing new here that you haven’t read about from any other test taker. The next day, I studied for a whopping 30minutes in the morning while enjoying the hotel breakfast. All of the books I bought had study sheets which took all of the key points of the domains and condensed them to a nice, easy to read format. That’s what I did; read those and ate breakfast. And that’s what everyone else did that was there for the exam (I was surprised as I thought I was the only one that would be studying at breakfast, HA)! The exam lasts 6hrs and I was there for 5 of those hours. Pack a lunch folks, you don’t want to get hungry in the middle of this beast because once you are in, you CANNOT leave! I had allot of anxiety during the test but afterwords, I felt fairly confident I had passed. About four weeks later, my confirmation letter arrived and about four weeks after my submission of my endorsement material, my final confirmation/congratulations letter arrived!

Now, let’s talk about study suggestions. I firmly believe that experience and the proper application of studying/worrying got me through this. A thought on worrying; Let’s face facts, if you pay damn near $600 bones for this test, on top of what you spend on the study material, you would be silly to not worry. For me, worrying is a great motivator that drives me to do my best! At any rate, my study material included the following:

  • X number of years experience – Seriously, the exam requires at least 5 and I highly recommend allot more (or at the very minimum 5 INTENSE years; not 3 years of meetings and 1 year of lab work and 1 year of actual production work!) Don’t sit for this thing fresh out of college (you would be wasting your money as you don’t meet the requirements anyway) because this test requires real world experience!

  • Exam Cram 2 CISSP guide – Amazon – Awesome resource; direct, to the point. That’s what you need; forget the fluff!

  • 11th Hour CISSP study Guide – Amazon – Worth it’s weight in gold, this book is great for the final day before prep. Hits every domain and allot of the key points! Don’t miss this book and if you need more endorsement, while at the hotel I must have seen this book being carried by at least 10 to 15 people!

  • ISC2 site – ISC2 – Make sure you hit this site; it has allot of good pointers and prep material.

  • Google – site – For all of those last minute questions you might have, like the difference in encryption various algorithms.
A note on my material – you might have noticed a lack of the famous Shon Harris AIO CISSP 3rd/4th/5th/6th/etc…. books…..I bought one and used it for about 2hrs. Then I realized that the book is great for about two things; one is a life long reference manual. The kind you break out when you need to gleam a piece of obscure knowledge about a protocol (in the paper/mgt sense, not the techie sense). The second use of this book is an excellent weight lifting/get into shape device. Seriously, this book is HUGE and weighs a TON! Curl and bench press this beast for impressive pecs and to get those guns in shape for the show!
But in all seriousness, the book is a descent well of knowledge; I personally didn’t care for the way it read and the layout (I found allot of repeating was done in this book and after chapter 2 I really felt like there was too much filler and I could do without the attempt at humor in this book) but I am sure one day, maybe, I will need to open it again for…..something…maybe?

At any rate, here is the best advice I can give; rest up, relax, study hard and stay calm! You will survive the test and the experience will be worth it when you get the confirmation letter! And with that, I will bring this to a close. Good luck to you all!

Posted in certifications | Leave a comment

Happy Holidays!

Happy Holidays to all!  I’ll be back after the new year with some good stuff, I promise!

Posted in Notices | Leave a comment

PFSense – An Awesome Firewall – Part 2

Okay, I’m finally coming back to this, the last part in a overdue, really extended, highly anticipated(?) article on PFSense. In this second part, I am going to cover some of the features I use in PFSense, the ways I have them configured, some uses for PFSense (outside of just a firewall) and some final comments, opinions, wish list, etc… So, let’s stop wasting time and get to it!

So the first feature I want to go over, because outside of setting up the firewall itself it’s the one I use the most, is the vpn (ipsec) capabilities. Just in case you wondering, I will go over the firewall itself (configuring and such) but it’s going to be brief, as this is a pretty easy to figure out firewall. I mean, if you have EVER configured a firewall, you can configure PFSense. At any rate, let’s talk about the IPSEC/VPN tunnel. Most of the time I find myself working on projects for customers that require some sort of firewall/vpn endpoint (so they want a tunnel and often time the tunnel endpoint is a edge device or on the external perimeter). Often times, these customers do not want to spring for a firewall/vpn device the likes of a checkpoint/Cisco/juniper/etc simply due to price (not to take away from these products, they are great and I’ve used them but they are expensive, not something that jives in this economy) and that’s understandable. I’ve found that PFSense is great for this purpose and it’s super easy to setup the tunnel and have it running in a matter of moments. Go to the vpn tab and select IPSEC, and you will be presented with the configuration screen below:

If you click the plus next to the blank configuration you are launched into the first configuration screen (phase1).  Take a look at this example I worked up:

Sorry, I had to break it into two different screen shots but as you can see, configuring the initial tunnel connection (hereafter known as phase1) is quite easy.  You can modify various settings but it’s pretty straightforward.  Your endpoint will be the wan device and your destination external IP, make sure your pre-shared key is allot more secure then mine and the rest is pretty explanatory.  The encryption will depend on your corporate standard (or personal preference, whichever trumps) and whatever your connecting endpoint will be.  Hit save at the end and then you are back to the IPSEC landing page.  Click the plus under the phase1 tunnel, click the plus again and then finally click the next plus to configure the phase2 portion of the tunnel.

Configuring phase2 is allot like configuring phase1. It’s as easy as configuring your local and remote LAN subnet that will be connected via this tunnel, setting the encryption to match and hitting save! Check the box next to enable ipsec and hit save and you are all set!


I know I blitzed through that pretty quickly but here’s a few things to consider while configure this:

  1. If you are using two PFSense devices, it really is as simple as making sure your settings match. The real trick comes into play with other devices like Checkpoint (pain) and Cisco (not so bad). These devices have these settings in different places, different formats, etc… and can be tricky enough when setting up a site to site tunnel between two of themselves, let alone trying to achieve interoperability between non similar devices
  2. Make sure you understand the references for phase1 and phase2 between checkpoint, Cisco, juniper, pfsense, etc… This will trip you up everytime if you don’t.
  3. I have had great success configuring pfsense to connect to Cisco, checkpoint, juniper, etc….The trick is to start out with basic encryption and turn off the extra junk (pfs, groups, etc…), make sure it connects, send traffic (you did configure the firewall rules to allow traffic on each endpoint, didn’t you?) and then add your complexity from there. Don’t start out with complex encryption, groups, pfs, different timings, etc….It will only lead to heartache and possibly a broken keyboard.
  4. Make sure you allow traffic for the subnet on the ipsec interface (see below) in the firewall portion. Otherwise, well, the firewall does it’s default job.
  5. Finally, once you have this all working, BACKUP THE CONFIG!!!! DO NOT PROCEED WITHOUT BACKING UP THE CONFIG! If you don’t here is what will happen; you will change something, you won’t keep track of it and you will get a phone call. The phone call will consist of, “the tunnel isn’t working, fix it.” and you will proceed to pull your hair out trying to figure out what happened. It’s how I ended up bald (well that and genetics), don’t let it happen to you.

Okay, so let’s talk about firewall configuration for just a moment.  See the following screenshots:

Once you are in the screen, take a look at the tabs. You will have a floating, WAN, LAN, and ipsec. I’ll make this super easy:

floating = A rule that applies to all interfaces. Usually I use this very, very sparingly, like a initial ICMP rule for testing. It just makes like easier.
WAN = your wan (internet) interface
LAN = your local interface
ipsec = Tunnel interface (tunnel/ipsec traffic)

Configure as needed! Pretty straightforward and easy to use. You can setup groups of IPs, subnet, ports, etc… using the aliases tab under the firewall settings. This is pretty handy for helping to organize your rules, segregate traffic, etc… You can also group the groups under the same setting (just type the name of the alias in the field below type after you set the type of alias you are creating. Finally, PFSense does support NAT (as any descent firewall should) in a couple of forms like 1 to 1, forwarding and outbound. I won’t go over this because it’s pretty straightforward and the documentation on the pfsense site is pretty spot on.

Another feature I want to drop a mention about is OpenVPN. I use this everywhere! I use it in my home lab, I use it at work, I use it for clients running the range of 5 users to 300 users! It simply works and takes nothing to configure. Use the wizard and the client export tool and you will be off and running. Since this configuration can be pretty detailed, I’ll simply say this; follow the wizard and the pfsense docs site and it will work. Make sure you download and install the openvpn client export package (under system, packages, available packages) to ensure you get the client portion right (and make your life easier; export the installer bundle and tell the user where to download it from, run it to install, accept the defaults, done!). If the need arises I will write how to do this but for right now, I’m going to leave it to the good folks at pfsense and their docs.

Finally, a couple of features I use that function great, depending on what you are looking for (I’ll explain in a moment):

Squid = It simply works, period. It does a great job filtering, it’s fast and it’s easy to work with. RAM will be an issue; don’t do this with 512mb of ram, it will S…U…C…K!

HAVP = If you need a antivirus that also filters web traffic, here it is. And don’t get me wrong, it can be buggy; my suggestion is to test it on your hardware and make sure you do a good load test on it before deploying. I’ve seen this package cripple a box under enough stress (30 users doing random surfing, streaming, downloading, etc….) so test, test, test. Reference this doc

Snort = It works well in SOHO settings and doing some traffic logging. I wouldn’t replace your IDS environment with this, unless your pfsense box is pretty kick ass (mine are built to be mini-appliances; minimal processor, ram and storage so it’s not too ideal for this) but it gets the job done and it’s easy to work with

The biggest advice I can give with packages like this are to keep in mind that they are:

Memory intensive
Processor heavy
Storage hogs

Sooooo running these on that old crummy atx P4 with a gig of ram…..will just piss you off. Running these on a dual core with 4gb of ram and a SSD drive and/or some sort of solid state based storage, will make you happy and simply your life (if you manage two of three devices to get all of this done).

Finally, at the end here, let me give you a few examples of how I use pfsense:

  1. Redundant/failover for two WAN drops (ex. comcast business lines) in a clustered config
  2. Gateway device acting as a antivirus/proxy/IDS filter
  3. VPN Endpoint devices (both as perimeter devices and 2nd/3rd network layer devices)
  4. Quick firewalls for layered designs (ex. internet–>primary firewall–>int network (web app)–>pfsense fw–>int network (db))
  5. IDS sniffers

All of these functions work well for me. I’ve used them in simple environments, all the way up to complex environments connecting businesses on different continents. I simply can’t sing the praise of pfsense enough. That being said, I have seen some issues:

  1. Use good hardware – do not expect killer speeds if you are running REALTEK cards…..this is not possible, no matter how many sacrifices you make.
  2. Try to avoid mechancial storage – this is a given. Mechancial storage is slow, no matter what the spin speeds are. Your firewall needs to be able to read traffic and move it, FAST. It needs to be able to filter objects, store a descent amount of info, etc… Stick with CF/SD cards and/or SSD drives, you won’t regret it (personally, I’ve had great luck with CF cards).
  3. Don’t skimp on the RAM – RAM is critical, especially on certain packages like squid. Don’t be frugle here; ram is cheap and if you are using allot of packages, run at least 4gb.

And with that, I will bring this article to a close. I hope you enjoyed it and although it was a little rushed I might elaborate and/or write another article on the different features at some point in the future (especially if there is feedback on it). Thanks for reading and until next time, take care!

Posted in security | Leave a comment

I know, I know….

So lately, I’ve been very lax on updating this site.  There are numerous reasons and all of them…kinda?…..justify the delay in updates.  Some of them are:

  1. Family:  My son turned one!  As you can imagine this only happens once, so we were focused on that!  He enjoyed it, thanks for asking.
  2. Certification:  I sat for my CISSP this month.  I don’t know if I passed or not so we’ll have to wait and see how that goes.  I’ll post my thoughts on that later (nothing that violates the NDA so don’t get too excited)
  3. Work:  It’s been crazy!  We are at year end so changes have to get done SOON or forever be denied (…until next year).
  4. Article submission:  I’ve been given an opportunity to write for Linux Journal!  Just a couple of articles but we’ll see what happens (don’t know if they will even accept it but I am really excited about it).
  5. Personal life:  What hasn’t happened lately?  It’s been crazy to say the least and that’s outside of work
So that’s it in a nutshell.  I’ll be writing stuff again on the weekends and throughout the week but don’t expect too much too soon.  I wouldn’t expect an update here until November probably.  I’ll see you soon!
Posted in Uncategorized | Leave a comment

What the Hell?

Sorry but I’ve been incredibly busy on quite a few things. I am working on finishing up a few posts including some setup posts on bacula, finishing up my pfsense posting, adding some stuff for snort, the magic of mailcleaner, etc, etc, etc!!!!! Another thing I am going to write up is a post of setting up a RoR/Passenger/Apache server (simply because I found it to be a complete pain…).

On top of that I would like to send a special message to the fine folks at SEO plugins:


Thanks and check back soon!

Posted in Uncategorized | Leave a comment

CentOS vs Scientific Linux 6 – Part 2

In my last writeup on this subject, I left off talking about my feelings with the CentOS project and that I was slowly going to test Scientific Linux 6 (hereafter known as SL) and see how that works out. Well, here is my review of SL 6 and what my thoughts are and the current condition of CentOS.

Let me preface everything with the following disclaimer: I’m not passing judgment but providing my opinion and view on this situation. Take it for what it’s worth. Same rules apply as the first article in this series.

Let’s start with the current condition of the CentOS project. As of July 10th, Centos 6 is now in the wild. I have not had a chance to download/install/test Centos 6 but the buglist for it appears to be sizable. I am sure allot of this will be fixed soon, if not already but the list doesn’t give me a good feeling per say. That being said, you can’t exactly say CentOS is guilty of rushing this out the door either….so again, the buglist does give me a little apprehension. Of course the CentOS 6 release forum has been shut down in favor of moving to a fresh new forum, admittedly, in part because of the ilk that tainted this long rolling forum. Don’t get me wrong, I thoroughly believe that the CentOS team, with their poor responses and broken time lines/extensions/excuses/arguments/etc brought allot of this on themselves. People can only take you for your word, written or otherwise, and when your word is devalued by arguments, bitter responses and constant replies that only indicate that you could care less, well, the result is in the forum. Go read it for yourself and pass your own judgement.

Okay, that’s enough about CentOS. Again, I don’t want people to think I am completely down on CentOS or the team; that’s not the case. That being said, I will give my final thoughts and such on this matter at the end of this article; the results will probably not be surprising.

Now, let’s talk about SL6. As I stated in my previous article, I had downloaded and installed and was in the process of testing SL6. Thus far, I am happy to report that SL6 is a great OS and excellent clone/substitute for Redhat Linux/CentOS. The installation is a little different, as is the case with each OS, in that the menus and options are a little shifted about. Documentation on their website is great, offering allot of good answers and solutions to different issues. I would like to see a few more walk-through documentation/how to documentation but isn’t that the case with everything these days? Pretty much, other then the installation menus and some modifications that the SL team has made, I would say that if you really need a binary compatible distro of Redhat, SL is the way to go.

A couple of features that really stand out to me:

  • SL: Security – SL has gone out of the way to add features, packages, etc…. to the install menu focusing on security. I’m glad to see it.
  • Monitoring – SL has also added monitoring tool options, web based and otherwise, that are refreshing to see in a linux distro (and least those that are Redhat based)
  • Storage support – Right from the get-go SL wants to know about your storage (iscsi, attached/local, etc…) which is pretty nice. I haven’t played with it yet but it’s there and that’s nice to have right from installation
  • Community support – I’ve seen a few flame threads but for the most part, their team seems much more welcoming and interested in fixing problems/answering questions more then anything; refreshing from what the CentOS team has become

So how have I used SL6? Well, that’s a good question. I’ve used it mostly as a DB server and web server at this point. I’ve setup some Mysql and Oracle database servers (works fine, pretty much like any other linux distro), I’ve setup a couple of apache servers, a couple of SVN repositories and a couple of RoR/passenger servers. I’ve also used it as a lab server to test software deployments such as SNORT, some HIDS products, code (of course) and a few other pieces of software. So far, no complaints. Installs, package additions, repositories, all of it seems to work very well with SL6. Upgrades to the OS, patching, etc…. seem very much on schedule at this point. Check out their road map here.

So with that said, let’s bring this article to a close with a summary and what this means to me and my customers. To bring this full circle, I am very happy with SL6, the team and community and right now, as it stands, I plan to begin a migration to SL6 (I’ve already migrated a Nagios server to it from 32bit CentOS and the migration was very smooth; very promising) from every CentOS box I have (a little under 100 at my last count, not including labs). Believe it or not, this is actually a fairly sad decision for me, since I’ve been using CentOS for quite some time. While I’ve enjoyed my time with CentOS and the community, I have to admit that I have been unhappy with the team for awhile. Their constant bickering and lack of “team player” attitude, not to mention their one off stance with regards to assistance and allowing others into the sacred circle of development really is allot of the driving point behind this. The final straw was the late release of security patches and of version 6. Regardless of what I could have done to patch and move on myself from CentOS 5.x to a safer, closer to 6 version, is irrelevant in my opinion. If you are a community supporting a project then you have a responsibility to support that project in it’s entirety and not a your whim. You have a responsibility to communicate issues/delays/etc….to the community, not belittle and complain at the community. It does not work that way. Certainly you don’t throw your weight around with statements such as “we have the largest release pool”,etc….(I’m paraphrasing there; I saw that quote on the forum but don’t remember where so you will have to do a little fact checking for the exact wording).

At any rate, that is enough on this subject for now. In the future, I’ll be writing up some articles on SL and some of the things I have done with this OS. Let me know what you think! Take care and thanks for reading!

Posted in Uncategorized | Leave a comment