Doc updates

This commit fixes some RST-related errors, spelling/typos, and updates some variable values which are incorrect. Change-Id: Ibc78dffc6246f8df2c0d5d42ca2d831c4c335720
2016-04-07 14:58:04 +01:00
parent 72cbd94064
commit e44efd0fe7
10 changed files with 12 additions and 13 deletions
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -124,7 +124,7 @@ disabled on the next boot.
 sysctl settings
 ^^^^^^^^^^^^^^^
-The STIG requires that TCP SYNcookes are enabled by default to protect against
+The STIG requires that TCP SYN cookies enabled by default to protect against
 certain types of attacks, like SYN floods.  This can cause issues in some
 environments with busy load balancers.  Deployers should review the notes for
 V-38539 for more details.
--- a/doc/source/developer-notes/V-38464.rst
+++ b/doc/source/developer-notes/V-38464.rst
@@ -1,6 +1,6 @@
 Ubuntu's default for ``disk_error_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
-is recommended and is set by default be openstack-ansible-security.  There
+is recommended and is set by default by openstack-ansible-security.  There
 are additional options available, like ``EXEC``, ``SINGLE`` or ``HALT``.
 To configure a different ``disk_error_action``, set the following Ansible
--- a/doc/source/developer-notes/V-38468.rst
+++ b/doc/source/developer-notes/V-38468.rst
@@ -1,6 +1,6 @@
 Ubuntu's default for ``disk_full_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
-is recommended and is set by default be openstack-ansible-security. If syslog
+is recommended and is set by default by openstack-ansible-security. If syslog
 messages are being sent to remote servers, these log messages should alert
 an administrator about the disk being full. There are additional options
 available, like ``EXEC``, ``SINGLE`` or ``HALT``.
--- a/doc/source/developer-notes/V-38470.rst
+++ b/doc/source/developer-notes/V-38470.rst
@@ -1,6 +1,6 @@
 Ubuntu's default for ``space_left_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
-is recommended and is set by default be openstack-ansible-security. If syslog
+is recommended and is set by default by openstack-ansible-security. If syslog
 messages are being sent to remote servers, these log messages should alert
 an administrator about the disk being almost full. There are additional options
 available, like ``EXEC``, ``SINGLE`` or ``HALT``.
--- a/doc/source/developer-notes/V-38481.rst
+++ b/doc/source/developer-notes/V-38481.rst
@@ -7,4 +7,4 @@ updates in Ubuntu can be done with changes to the apt configuration.
 Ubuntu's documentation on `automatic updates`_ covers a few options for
 configuring apt.
-.. _automatic_updates: https://help.ubuntu.com/lts/serverguide/automatic-updates.html
+.. _automatic updates: https://help.ubuntu.com/lts/serverguide/automatic-updates.html
--- a/doc/source/developer-notes/V-38497.rst
+++ b/doc/source/developer-notes/V-38497.rst
@@ -10,7 +10,7 @@ However, deployers can opt-out of this change by adjusting an Ansible variable:
 .. code-block:: yaml
-    pam_remove_nullok: yes
+    pam_remove_nullok: no
 Setting the variable to ``yes`` (the default) will cause the Ansible tasks to
 remove the ``nullok_secure`` parameter while setting the variable to ``no``
--- a/doc/source/developer-notes/V-38575.rst
+++ b/doc/source/developer-notes/V-38575.rst
@@ -10,4 +10,4 @@ following Ansible variable:
 .. code-block:: yaml
-    auditd_rules['deletions'] = no
+    auditd_rules['deletions'] = yes
--- a/doc/source/developer-notes/V-38619.rst
+++ b/doc/source/developer-notes/V-38619.rst
@@ -1,2 +1,2 @@
-The Ansible tasks will check for ``.netrc`` files on the system and print
+The Ansible tasks will check for ``.netrc`` files in ``/root`` and
-a failure warning if any are found.
+``/home`` on the system and print a failure warning if any are found.
--- a/doc/source/developer-notes/V-51369.rst
+++ b/doc/source/developer-notes/V-51369.rst
@@ -1,6 +1,6 @@
 Although SELinux is available on Ubuntu 14.04, the policies aren't maintained
-as well as they are on Red Hat-based systems.  The openstack-ansible has
+as well as they are on Red Hat-based systems.  The openstack-ansible project
-chosen to use the more Ubuntu-compatible Linux security module, AppArmor.
+has chosen to use the more Ubuntu-compatible Linux security module, AppArmor.
 AppArmor roles are configured in openstack-ansible to limit the chances of
 container breakout and the potential damage done in case it does occur.
--- a/doc/source/stig-notes/V-38690.rst
+++ b/doc/source/stig-notes/V-38690.rst
@@ -1,6 +1,5 @@
 V-38690: Emergency accounts must be provisioned with an expiration date.
-
+------------------------------------------------------------------------
 -------------------------------------------------------------------------
 When emergency accounts are created, there is a risk they may remain in place
 and active after the need for them no longer exists. Account expiration
`@@ -10,4 +10,4 @@ following Ansible variable:`

	`.. code-block:: yaml`	`.. code-block:: yaml`

	`auditd_rules['deletions'] = no`	`auditd_rules['deletions'] = yes`
`@@ -1,2 +1,2 @@`
	The Ansible tasks will check for ``.netrc`` files on the system and print	The Ansible tasks will check for ``.netrc`` files in ``/root`` and
	`a failure warning if any are found.`	``/home`` on the system and print a failure warning if any are found.