Database tables

Table argos

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('argos_id_seq'::regclass)
sensorid      integer
imageid       integer
templateid    integer
timespan      character varying
  • id - Unique identifier.
  • sensorid - Identifier of the sensor.
  • imageid - Identifier of the image.
  • templateid - Identifier of the template.
  • timespan - Timespan chosen.

Table argos_images

Column          Type                Not Null    Default
id              integer             NOT NULL    nextval('argos_images_id_seq'::regclass)
name            character varying
serverip        inet
macaddr         macaddr
imagename       character varying
osname          character varying
oslang          character varying
organisationid  integer                         0
  • id - Unique identifier.
  • name - Name of the image.
  • serverip - IP address of the Argos server that is hosting this image.
  • macaddr - MAC address used on the Argos server by this image.
  • imagename - Filename of the image.
  • osname - Name of the operating system of this image.
  • oslang - Language of the operating system.
  • organisationid - Identifier of the organisation that owns this image.

Table argos_ranges

Column          Type                Not Null    Default
id              integer             NOT NULL    nextval('argos_ranges_id_seq'::regclass)
sensorid        integer
range           inet
  • id - Unique identifier.
  • sensorid - Identifier of the sensor.
  • range - IP address (single IP or range) that is redirected to the Argos server.

Table argos_templates

Column          Type                Not Null    Default
id              integer             NOT NULL    nextval('argos_templates_id_seq'::regclass)
name            character varying
abbr            character varying
  • id - Unique identifier.
  • name - Name of the template.
  • abbr - Shorter version of the name of the template.

Table arp_cache

Column          Type                Not Null    Default
id              integer             NOT NULL    nextval('arp_cache_id_seq'::regclass)
mac             macaddr             NOT NULL
ip              inet                NOT NULL
sensorid        integer             NOT NULL
last_seen       integer             NOT NULL
manufacturer    character varying
flags           character varying
  • id - Unique identifier.
  • mac - MAC address that is detected by the ARP script.
  • ip - IP address that is paired with the detected MAC address.
  • sensorid - Identifier of the sensor.
  • last_seen - Timestamp of the time this MAC address/IP pair was last changed.
  • manufacturer - Manufacturer of the NIC based on the OUI from the MAC address.
  • flags - Detected flags (router, dhcp, etc).

Table arp_excl

Column          Type                Not Null    Default
id              serial              NOT NULL
mac             macaddr             NOT NULL
  • id - Unique identifier.
  • mac - MAC address that is excluded from the ARP results.

Table arp_static

Column          Type                Not Null    Default
id              integer             NOT NULL    nextval('arp_static_id_seq'::regclass)
mac             macaddr             NOT NULL
ip              inet                NOT NULL
sensorid        integer             NOT NULL
  • id - Unique identifier.
  • mac - MAC address.
  • ip - IP address that is paired with the entered MAC address.
  • sensorid - Identifier of the sensor.

Table attacks

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.attacks_id_seq'::text)
timestamp     integer             NOT NULL
severity      integer             NOT NULL
source        inet                NOT NULL
sport         integer             NOT NULL
dest          inet                NOT NULL
dport         integer             NOT NULL
sensorid      integer             NOT NULL
src_mac       macaddr
dst_mac       macaddr
atype         integer             NOT NULL    0
  • id - Unique identifier.
  • timestamp - Timestamp in epoch format.
  • severity - Severity of the attack (Nepenthes defines possible values: 0, 1, 16, 32).
  • source - Source IP address.
  • sport - Source port.
  • dest - Destination IP address.
  • dport - Destination port.
  • sensorid - Identifier of the sensor that logged the attack.
  • src_mac - The MAC address of the attacker if known.
  • dst_mac - The MAC address of the destination.
  • atype - Type of malicious attack.

Table binaries

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.binaries_id_seq'::text)
timestamp     integer
bin           integer
info          integer
scanner       integer
  • id - Unique identifier.
  • timestamp - Timestamp in epoch format.
  • bin - ID of the binary linking to uniq_binaries.
  • info - Result of the virus scan linking to stats_virus.
  • scanner - ID of the scanner used linking to scanners.

Table binaries_details

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.binaries_detail_id_seq'::text)
bin           integer
fileinfo      character varying
filesize      integer
last_scanned  integer
upx           character varying
  • id - Unique identifier.
  • bin - ID of the binary.
  • fileinfo - Result of the linux command: file.
  • filesize - Size of the file in bytes.
  • last_scanned - Timestamp of the last scan time.
  • upx - UPX scan result.

Table cwsandbox

Column        Type                Not Null    Default
binid         integer             NOT NULL
xml           text
result        text
  • binid - Identifier of the binary that was scanned.
  • xml - XML result of the CWsandbox scan.
  • result - HTML result converted from the XML.

Table deactivated_attacks

This table is to archive attacks from deactivated sensors. The layout is the same as the normal attack table.

Table deactivated_details

This table is to archive details from archived attacks. The layout is the same as the normal detail table.

Table deactivated_sensors

This table is to archive sensors which are known to be never coming online again. This is a way to remove them from all the logging but not delete the information altogether. The layout is the same as the normal sensors table.

Table details

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.details_id_seq'::text)
attackid      integer             NOT NULL
sensorid      integer             NOT NULL
type          integer             NOT NULL
text          text                NOT NULL
  • id - Unique identifier.
  • attackid - Identifier of the related attack.
  • sensorid - Identifier of the sensor that logged the related attack.
  • type - Type of attack (Nepenthes defines possible values: 1, 2, 4, 8).
  • text - Detailed info.

Table dhcp_static

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('dhcp_static_id_seq'::regclass)
ip            inet                NOT NULL
sensorid      integer             NOT NULL
  • id - Unique identifier
  • ip - IP address of the DHCP server
  • sensorid - Identifier of the corresponding sensor

Table groupmembers

Column        Type                Not Null    Default
id            integer             NOT NULL
sensorid      integer             NOT NULL
groupid       integer             NOT NULL
  • id - Unique identifier.
  • sensorid - ID of the sensor.
  • groupid - ID of the group.

Table groups

Column        Type                Not Null    Default
id            integer             NOT NULL
name          character varying   NOT NULL
owner         integer             NOT NULL
  • id - Unique identifier.
  • name - Name of the group.
  • owner - Owner of the group. Points to a login ID.

Table honeypots

Column        Type                Not Null    Default
id            integer             NOT NULL
name          character varying   NOT NULL
desc          character varying
  • id - Unique identifier.
  • name - Name of the honeypot
  • desc - Description of the honeypot

Table indexmods

Column        Type                Not Null    Default
id            serial              NOT NULL
phppage       character varying
  • id - Unique identifier.
  • phppage - Name of the php module.

Table indexmods_selected

Column        Type                Not Null    Default
login_id      integer
indexmod_id   integer
  • login_id - ID of the user.
  • indexmod_id - ID of the php module.

Table ipv6_static

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('ipv6_static_id_seq'::regclass)
ip            inet                NOT NULL
sensorid      integer             NOT NULL
  • id - Unique identifier
  • ip - IPv6 address
  • sensorid - Identifier of the corresponding sensor

Table login

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.login_id_seq'::text)
username      character varying   NOT NULL
password      character varying   NOT NULL
email         character varying
lastlogin     integer
organisation  integer             NOT NULL    0
access        character varying   NOT NULL    '000'::character varying
serverhash    character varying
gpg           integer                         0
d_plotter     integer             NOT NULL    0
d_plottype    integer             NOT NULL    0
d_utc         integer             NOT NULL    0
d_censor      integer             NOT NULL    0
  • id - Unique identifier.
  • uername - Username.
  • password - Password of the user as a md5 hash.
  • email - Email address of the user.
  • lastlogin - Last time the user logged in. Timestamp in epoch format.
  • organisation - Organisation of the user.
  • access - Access of the user. 3 digits 0-9.
  • serverhash - A token used when login method 2 is enabled in the webinterface.
  • gpg - Enables(1)/disables(0) the use of GPG signing of the email alerts.
  • d_plotter - Default plotter used for the graphs (PHPlot, OpenFlash).
  • d_plottype - Default graph type (pie, line, area, bars).
  • d_utc - Default timestamp notation (UTC or regular)
  • d_censor - Default value for the IP address censor setting.

Table logmessages

Column        Type                Not Null    Default
id            integer             NOT NULL
type          integer             NOT NULL
log           character varying   NOT NULL
  • id - Unique identifier.
  • type - Type of message.
  • log - Info text.

Table norman

Column        Type                Not Null    Default
binid         integer             NOT NULL
result        text
  • binid - Unique binary id linking to the uniq_binaries table.
  • text - Norman sandbox result.

Table org_excl

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('org_excl_id_seq'::regclass)
orgid         integer             NOT NULL
exclusion     inet                NOT NULL
  • id - Unique identifier.
  • orgid - Identifier of the organisation.
  • exclusion - IP address excluded from the logging.

Table org_id

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('org_id_id_seq'::regclass)
orgid         integer             NOT NULL
identifier    character varying   NOT NULL
type          integer
  • id - Unique identifier.
  • orgid - Organisation identifier.
  • identifier - Name of the identifier.
  • type - Type of identifier (WHOIS netname, domain name, ris, SURFnet SOAP).

Table organisations

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.organisations_id_seq'::text)
organisation  character varying   NOT NULL
ranges        text
  • id - Unique identifier.
  • organisation - Name of the organisation.
  • ranges - A ”;” separated list of IP ranges that are owned by the organisation of the user.

Table ostypes

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.organisations_id_seq'::text)
os            character varying   NOT NULL
  • id - Unique identifier.
  • os - Unique operating system name. Filled by rule on system.name.

Table pageconf

Column            Type                      Not Null     Default
userid            integer                   NOT NULL     0
pageid            integer                   NOT NULL     0
config            character varying
  • userid - ID of the user this page configuration belongs to.
  • pageid - ID of the page this configuration is for.
  • config - The actual configuration as a csv list.

Table report_content

Column            Type                      Not Null     Default
id                integer                   NOT NULL     nextval('report_content_id_seq'::regclass)
user_id           integer
template          integer
last_sent         integer
active            boolean                   NOT NULL     true
sensor_id         integer
frequency         integer
interval          integer                   NOT NULL     -1
priority          integer
subject           character varying
operator          integer                   NOT NULL     -1
threshold         integer                   NOT NULL     -1
severity          integer                   NOT NULL     -1
detail            integer                   NOT NULL     0
qs                character varying
from_ts           integer                   NOT NULL     -1
to_ts             integer                   NOT NULL     -1
always            integer                   NOT NULL     0
utc               integer                   NOT NULL     0
public            boolean                   NOT NULL     false
orgid             integer                   NOT NULL     0
  • id - Unique identifier.
  • user_id - User identifier.
  • template - Type of template used (threshold, sensor status, own attacks, all attacks).
  • last_sent - Timestamp of the last sent alert in epoch format.
  • active - Boolean defining the current status of the alert.
  • sensor_id - Sensor identifier.
  • frequency - Frequency of the report when not threshold (hourly, daily, weekly).
  • interval - Interval of the threshold report (last hour, last day, last week).
  • priority - Priority level of the email.
  • subject - Subject of the email.
  • operator - Operator of the report threshold (if applicable).
  • threshold - Threshold of the report (if applicable).
  • severity - Severity filter of the report (if applicable).
  • detail - Detail level of the report.
  • qs - Saved query string in case of a searchtemplate.
  • from_ts - Start timestamp in case of a searchtemplate.
  • to_ts - End timestamp in case of a searchtemplate.
  • always - Value to determine if the report always needs to be send regardless of content or threshold.
  • utc - Format of the timestamps used (1=UTC, 0=regular).
  • public - Boolean value to make an RSS feed publicly available (ie, without logging in) or not.
  • orgid - Organisation identifier. This is used for public RSS feeds to determine the organisation.

Table rrd

Column            Type                      Not Null     Default
id                integer                   NOT NULL     nextval('rrd_id_seq'::regclass)
orgid             integer                   NOT NULL
type              character varying         NOT NULL
label             character varying         NOT NULL
image             character varying         NOT NULL
timestamp         integer
  • id - Unique identifier.
  • orgid - Unique identifier of the organisation.
  • type - The type of the image. (day, week, month, year)
  • label - Label of the image (sensor name).
  • image - Base64 encoded image (result from rrd_traffic.pl script).
  • timestamp - Timestamp in epoch format.

Table scanners

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('scanners_id_seq'::regclass)
name          character varying
status        integer             NOT NULL    0
version       character varying
getvirus      character varying
matchvirus    character varying
getbin        character varying
matchclean    character varying
  • id - Unique identifier.
  • name - Name of the scanner.
  • status - Enable(1)/disable(0) the scanner.
  • version - The version info obtained with the vercommand (by the scanbinaries.pl script).
  • getvirus - Check out Antivirus support for more info.
  • matchvirus - Check out Antivirus support for more info.
  • getbin - Check out Antivirus support for more info.
  • matchclean - Check out Antivirus support for more info.

Table scheme

Column        Type                      Not Null    Default
version       integer                   NOT NULL
created       timestamp with time zone  NOT NULL
  • version - Version info for the p0f SQL tables.
  • created - Date when the p0f SQL tables were created.

NOTE: These is a p0f specific table.

Table sensor_notes

Column        Type                      Not Null    Default
id            integer                   NOT NULL
keyname       character varying         NOT NULL
ts            integer                   NOT NULL    date_part('epoch'::text, now())
note          text
vlanid        integer
admin         integer                   NOT NULL    0
type          integer                   NOT NULL    1
  • id - Unique identifier.
  • keyname - Name of the sensor this note belongs to.
  • ts - Epoch timestamp of note creation.
  • note - Actual note text.
  • vlanid - Vlan ID of the sensor this note belongs to. Can be NULL, then it belongs to all VLAN's.
  • admin - Admin only note (1=Yes, 0=No).
  • type - Type of note.

Table sensors

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('public.sensors_id_seq'::text)
keyname       character varying   NOT NULL
laststart     integer
status        integer
uptime        integer
laststop      integer
tap           character varying
tapip         inet
mac           macaddr
organisation  integer             NOT NULL    0
vlanid        integer             NOT NULL    0
arp           boolean             NOT NULL    false
label         character varying
networkconfig character varying
dhcp          boolean             NOT NULL    false
ipv6          boolean             NOT NULL    false
protos        boolean             NOT NULL    false
  • id - Unique identifier.
  • keyname - Name of the sensor.
  • laststart - Epoch timestamp of the last time the sensor was started.
  • status - Current status of the sensor.
  • uptime - Actual uptime of the sensor in seconds.
  • laststop - Last time the sensor was stopped with stopclient. Epoch timestamp.
  • tap - Interface of the virtual end point on the tunnel server.
  • tapip - IP address of the tap interface.
  • mac - MAC address of the tap interface.
  • organisation - Unique identifier of the organisation.
  • netconfdetail - The IP configuration if netconf = vlans or static.
  • vlanid - The VLAN id of the sensor, defaults to 0 (meaning no VLAN).
  • arp - Boolean indicating if the ARP ethernet module is enabled/disabled.
  • label - User configured label for the sensor.
  • networkconfig - Type of IP configuration (dhcp or the actual static config).
  • dhcp - Boolean indicating if the DHCP ethernet module is enabled/disabled.
  • ipv6 - Boolean indicating if the IPv6 ethernet module is enabled/disabled.
  • protos - Boolean indicating if the protocol ethernet module is enabled/disabled.

Table sensors_details

Column        Type                Not Null    Default
id            integer             NOT NULL
keyname       character varying   NOT NULL
remoteip      inet
localip       inet
sensormac     macaddr
mainif        character varying
trunkif       character varying
ssh           integer             NOT NULL    0
action        character varying
lastupdate    integer             NOT NULL    0
rev           integer             NOT NULL    0
sensortype    character varying
mainconf      character varying
osversion     character varying
dns1          inet
dns2          inet
permanent     integer             NOT NULL    0
  • id - Unique identifier.
  • keyname - Name of the sensor.
  • remoteip - IP address of the sensor or organisation gateway (in case of NAT).
  • localip - IP address of the local interface of the sensor (actual IP address).
  • sensormac - MAC address of mainIf interface of the sensor.
  • mainif - Main interface for network connections. The tunnel is going out this interface.
  • trunkif - The trunk interface (if any, in VLAN config).
  • ssh - Current status of the SSH daemon on the sensor.
  • action - Type of action the sensor will do at the next update.
  • lastupdate - Epoch timestamp of the last update.
  • rev - Sensor network configuration revision.
  • sensortype - Type of sensor (normal or vlan).
  • mainconf - Network configuration of the mainIf.
  • osversion - Version of the operating system of the sensor.
  • dns1 - Primary DNS server, if configured.
  • dns2 - Secondary DNS server, if configured.
  • permanent - Marks the sensor a permanent sensor (ie, a sensor that never goes offline, usually used for sensors running on the tunnel server).

Table serverstats

Column        Type                Not Null    Default
id            integer             NOT NULL    nextval('serverstats_id_seq'::regclass)
timestamp     integer             NOT NULL
type          character varying   NOT NULL
label         character varying   NOT NULL
interval      character varying   NOT NULL
image         character varying   NOT NULL
server        character varying   NOT NULL
  • id - Unique identifier.
  • timestamp - Timestamp in epoch format.
  • type - Type of picture (traffic, memory, hdd, cpu).
  • label - Label of the picture.
  • interval - Interval of the picture (day, week, month, year).
  • image - The image encoded in base64 format.
  • server - Tunnel server or logging server.

Table sessions

Column            Type                      Not Null     Default
id                integer                   NOT NULL     nextval('sessions_id_seq'::regclass)
sid               character varying         NOT NULL
ip                inet                      NOT NULL
ts                integer                   NOT NULL
username          character varying
useragent         character varying
  • id - Unique identifier.
  • sid - Session identifier.
  • ip - IP of the user with this session identifier.
  • ts - Timestamp in epoch format.
  • username - Username of the user with this session identifier.
  • useragent - User-agent information of the user (hashed md5).

Table severity

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('public.severity_id_seq'::text)
val           integer                   NOT NULL
txt           character varying         NOT NULL
  • id - Unique identifier.
  • val - Nepenthes severity value.
  • txt - Text field with the name of the severity.

Table sniff_hosttypes

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('sniff_hosttypes_id_seq'::regclass)
staticid      integer                   NOT NULL
type          integer                   NOT NULL
  • id - Unique identifier.
  • staticid - Identifier pointing to the arp_static entry.
  • type - Type of host (dhcp, router, server).

Table sniff_protos

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('sniff_protos_id_seq'::regclass)
sensorid      integer                   NOT NULL
parent        integer                   NOT NULL
number        integer                   NOT NULL
subtype       integer                   NOT NULL
  • id - Unique identifier.
  • sensorid - Sensor identifier.
  • parent - Type of parent protocol.
  • number - Protocol number.
  • subtype - Subtype number (if any).

Table ssh_command

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('ssh_command_id_seq'::regclass)
attackid      integer                   NOT NULL
command       character varying         NOT NULL
  • id - Unique identifier
  • attackid - Identifier of the associated attack
  • command - Command entered by the attacker

Table ssh_logins

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('ssh_logins_id_seq'::regclass)
attackid      integer                   NOT NULL
type          boolean                   NOT NULL    false
sshuser       character varying         NOT NULL
sshpass       character varying         NOT NULL
  • id - Unique identifier
  • attackid - Identifier of the associated attack
  • type - Boolean value indicating succesful or unsuccesful login
  • sshuser - SSH username
  • sshpass - SSH password

Table ssh_version

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('ssh_command_id_seq'::regclass)
attackid      integer                   NOT NULL
version       integer                   NOT NULL
  • id - Unique identifier
  • attackid - Identifier of the associated attack
  • version - Identifier of the SSH version (links with uniq_sshversion.id)

Table stats_dialogue

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('public.stats_dialogue_id_seq'::text)
desc          character varying
url           character varying
name          character varying 	
  • id - Unique identifier.
  • desc - Description of the exploit/vulnerability.
  • url - URL to a description of the exploit/vulnerability.
  • name - Dialogue name as used by Nepenthes.

Table stats_virus

Column            Type                      Not Null    Default
id                integer                   NOT NULL    nextval('public.stats_virus_id_seq'::text)
name              character varying
  • id - Unique identifier.
  • name - Name of the virus.

Table syslog

Column            Type                      Not Null    Default
id                integer                   NOT NULL
source            character varying         NOT NULL
error             character varying         NOT NULL
args              character varying
level             integer                   NOT NULL    0
keyname           character varying
device            character varying
pid               integer                   NOT NULL    0
vlanid            integer                   NOT NULL    0
timestamp         timestamp without time zone DEFAULT ('now'::text)::timestamp(4) without time zone NOT NULL
  • id - Unique identifier.
  • source - Source of the log message (script name).
  • error - Abbreviated error identifier (a sort of classification of the log message).
  • args - The actual log message.
  • level - Severity level of the log message (CRIT - 4, ERROR - 3, WARN - 2, INFO - 1, DEBUG - 0)
  • keyname - Name of the sensor this log message is related to (if known).
  • device - Name of the device (interface) this log message is related to (if applicable).
  • pid - Process ID of the script running that produced this log message (if applicable).
  • vlanid - VLAN ID of the sensor this log message is related to (if applicable).
  • timestamp - Timestamp of the log message.

Table system

Column        Type                      Not Null    Default
sid           bigint                    NOT NULL    nextval('system_sid_seq'::regclass) 	
ip_addr       inet                      NOT NULL
name          character(128)            NOT NULL
first_tstamp  timestamp with time zone
last_tstamp   timestamp with time zone  NOT NULL
  • sid - Unique identifier.
  • ip_addr - IP address of the detected system.
  • name - Type of system as detected by p0f.
  • first_tstamp - First time the system has been seen.
  • last_tstamp - Last time the system has been seen.

NOTE: This is a p0f specific table.

Table system_details

Column        Type                      Not Null    Default
sid           integer                   NOT NULL
ip_addr       inet                      NOT NULL
nat           character varying(64)     NOT NULL    'no/unknown'::character varying
ecn           character varying(64)     NOT NULL    'no/unknown'::character varying
firewall      character varying(64)     NOT NULL    'no/unknown'::character varying
lookup_link   character varying(128)    NOT NULL    'unknown'::character varying
distance      smallint                  NOT NULL    0
  • sid - Unique identifier.
  • ip_addr - IP address.
  • nat - Detected NAT'ed address.
  • ecn - Unkown.
  • firewall - If the host is firewalled or not.
  • lookup_link - Unkown.
  • distance - The distance of the host (amount of hops).

NOTE: This is a p0f specific table. We don't use this in the webinterface, but it's required for p0f-db.

Table uniq_binaries

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('uniq_binaries_id_seq'::regclass)
name          character varying
  • id - Unique identifier.
  • name - Name of the binary.

Table uniq_sshversion

Column        Type                      Not Null    Default
id            integer                   NOT NULL    nextval('uniq_sshversion_id_seq'::regclass)
version       character varying
  • id - Unique identifier.
  • version - Version of the SSH client used by attackers.

Table version

Column        Type                      Not Null    Default
version       integer                   NOT NULL
  • version - Version of the currently installed database model. Should be 30000 for this release.
 
latest_docs/database.txt · Last modified: 2012/07/12 11:27 (external edit)
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki