fix some spelling errors and typos

Help-AWS.txt

@@ -28,7 +28,7 @@ openssl genrsa 1024 > private-key.pem
 8. Create the user signing certificate:
 openssl req -new -x509 -nodes -sha1 -days 365 -key private-key.pem -outform PEM > certificate.pem
 
-9. Uplodae the user signing certificate by going to IAM->Users and the
+9. Upload the user signing certificate by going to IAM->Users and the
 specific user for the signing certificate.
 
 10.  Click "Manage Signing Certificates" then "Upload Singing Certificate"/
@@ -40,7 +40,7 @@ the text field and upload the certificate.
 CONFIG_AWS file at the top-level.
 
 13. Build you AWS AMI which will automatically be uploaded to AWS as an
-iimage (AMI):
+image (AMI):
 make clip-vpn-aws-ami 
 or
 make clip-sftp-dropbox-aws-ami

Help-Known-Issues.txt

@@ -4,16 +4,16 @@ issues:
 =============================================================================
 CLIP for RHEL 6.6 Final Release - Aprilish 2015:
 
-- Build-system specific (probably) - kernl 2.6.32-504.12.2.el6.x86_64 causes
+- Build-system specific (probably) - kernel 2.6.32-504.12.2.el6.x86_64 causes
   panics when building CLIP.  It appears to come from problems in chroot 
   environments and typically happens when mock is running. We recommend using
   2.6.32-358.el6.x86_64.  Do this by setting the default= in
-  /boot/grub/grub.conf to the number of the 358 kernel.  Remeber it is
+  /boot/grub/grub.conf to the number of the 358 kernel.  Remember it is
   zero-based so if 358 is is the second entry, set default=1.
 
 - There appears to be a bug causing anaconda not to include the correct kernel
   modules in the initrd.  This appears to be an issue in CLIP.  The
-  maniestation is that you will see messages during boot stating kernel
+  manifestation is that you will see messages during boot stating kernel
   modules were not found.  Then, you will be prompted for the path to the
   kickstart.  That will continually fail as no kernel module is available for
   the CDROM device.  The current work-around is to run "make bare" and then
@@ -23,11 +23,11 @@ CLIP for RHEL 6.6 Final Release - Aprilish 2015:
   anaconda-13.21.229-1.el6.centos.x86_64.  anaconda contains a static list
   of files to include in the initrd.  nss-softokn, in the version above,
   introduces a new library that should have been included via an update to
-  anaconda.  This caues RPM signature validation to fail and no packages are
+  anaconda.  This causes RPM signature validation to fail and no packages are
   actually installed.  Of course the anaconda UI doesn't tell you this... and
   it fails when it tries to set the root password as /etc/passwd isn;t
   present. And of course the traceback isn't helpful.  It tells you there was
-  a problem in setUserPasswd() and leavess you to track it down by trawling
+  a problem in setUserPasswd() and leaves you to track it down by trawling
   through /tmp/log and /mnt/sysimg/root/install.log.  But I digress and there
   will likely be an updated anaconda as no one can roll an installable ISO
   without patching anaconda.  Our work-around is to use anaconda's update

Help-Package-Dependencies.txt

@@ -7,7 +7,7 @@ dependent package is built first, edit the
 Makefile for the other package, that is
 the one with the relevant BuildRequires:
 block, and add the other package to 
-the srpm Makefil target dependency list.
+the srpm Makefile target dependency list.
 
 E.g. this line:
 srpm: $(PKGNAME)-srpm

Help-clip-vpn.txt

@@ -1,5 +1,5 @@
 Once the VPN system has booted, sftp in as "client" using the
 password you specified in the kickstart ("neutronbass" by
 default).  Then, download the key material from android_certs
-and remove them. Use these certificates to connect to the VPB
+and remove them. Use these certificates to connect to the VPN
 endpoint.

conf/README.txt

@@ -7,15 +7,15 @@ int time.
 It is these files that are used to populate CLIP's own
 yum repos with packages.  Your yum repos can continue to 
 evolve and update over time, adding newer and new packages.
-But, as long as these pkstlist files are here, and your
-yum repos contain a superset of all of the packages, which
+But, as long as these pkglist files are here, and your
+yum repos contain a super-set of all of the packages, which
 is typically for everything except EPEL, you can easily
 re-create a specific image later.
 
 E.g., let's say you produce a product's Gold Master/RTM
 ISO.  Following good CM procedures, you tag the source
 code used when it is released.  Two years later you want 
-to reprorduce that ISO from that tag.  Had we not stored
+to reproduce that ISO from that tag.  Had we not stored
 these pkglist files in revision control, and used these
 package lists to populate CLIP's yum repo, you would be
 stuck trying to figure out what you included in the ISO.

kickstart/Makefile

@@ -63,7 +63,7 @@ DEBUG ?= y
 # This will only be set here if we are running setup-ks by hand.
 CONFIG_BUILD_BASH_VARS ?= export CONFIG_BUILD_PRODUCTION=n CONFIG_BUILD_ENFORCING_MODE=y CONFIG_BUILD_UNCONFINED_TOOR=y CONFIG_BUILD_SECSTATE_REMEDIATE=y ISO_VERSION=debug
 
-# The differences vetween live and installable are addressed via these vars
+# The differences between live and installable are addressed via these vars
 LIVE_CONFIG_BUILD_BASH_VARS := $(CONFIG_BUILD_BASH_VARS) CONFIG_BUILD_LIVE_MEDIA=y
 LIVE_CONFIG_BUILD_ADDTL_PACKAGES += $(CONFIG_BUILD_ADDTL_PACKAGES) eject
 AWS_CONFIG_BUILD_BASH_VARS := $(CONFIG_BUILD_BASH_VARS) CONFIG_BUILD_AWS=y CONFIG_BUILD_VPN_ENABLE_TOOR=$(CONFIG_BUILD_VPN_ENABLE_TOOR)

kickstart/clip-apache/clip-apache.ks

@@ -272,7 +272,6 @@ fi
 echo "Installation timestamp: `date`" > /root/clip-info.txt
 echo "#CONFIG-BUILD-PLACEHOLDER" >> /root/clip-info.txt
 
-
 export POLNAME=$(awk -F= '/^SELINUXTYPE/ { print $2; }' /etc/selinux/config)
 
 #NOTE: while the following lines allow the SCAP content to be interprested on
@@ -298,14 +297,15 @@ oscap xccdf generate fix \
 chmod +x /root/scap/pre/remediation-script.sh
 if [ x"$CONFIG_BUILD_REMEDIATE" == "xy" ]; then
 	/root/scap/pre/remediation-script.sh
-	# Un-remeidate things SSG broke...
+	# Un-remediate things SSG broke...
 	sed -i -e "s/targeted/${POLNAME}/" /etc/selinux/config
 
 	cat /etc/issue | sed 's/\[\\s\\n\][+*]/ /g;s/\\//g;s/[^-]- /\n\n-/g' \
 	| fold -sw 80 > /etc/issue.net
 	cp /etc/issue.net /etc/issue
 fi
 
+
 # FIXME: Change the username and password.
 #        If a hashed password is specified it will be used
 #        and the PASSWORD field will be ignored.

kickstart/clip-minimal/clip-minimal.ks

@@ -264,7 +264,7 @@ oscap xccdf generate fix \
 chmod +x /root/scap/pre/remediation-script.sh
 if [ x"$CONFIG_BUILD_REMEDIATE" == "xy" ]; then
         /root/scap/pre/remediation-script.sh
-        # Un-remeidate things SSG broke...
+        # Un-remediate things SSG broke...
         sed -i -e "s/targeted/${POLNAME}/" /etc/selinux/config
 
         cat /etc/issue | sed 's/\[\\s\\n\][+*]/ /g;s/\\//g;s/[^-]- /\n\n-/g' \

kickstart/clip-sftp-dropbox/clip-sftp-dropbox.ks

@@ -238,7 +238,6 @@ echo "#CONFIG-BUILD-PLACEHOLDER" >> /root/clip-info.txt
 
 export POLNAME=$(awk -F= '/^SELINUXTYPE/ { print $2; }' /etc/selinux/config)
 
-
 #NOTE: while the following lines allow the SCAP content to be interprested on
 # CentOS, the results might be wrong in a few places, like FIPS compliance and
 # gpgp keys etc.

packages/cacti/Makefile

@@ -1,5 +1,5 @@
 # Copyright (C) 2011 Tresys Technology, LLC
-# Copyright (C) 2014 QuarkSecurity, Inc
+# Copyright (C) 2014 Quark Security, Inc
 #
 # Authors: Spencer Shimko <sshimko@tresys.com>
 # Authors: Spencer Shimko <spencer@quarksecurity.com>
@@ -86,7 +86,7 @@ $(RPM_SPEC): $(SRC_SRPM)
 clean:
 	$(RM) -r $(RPM_TMPDIR)
 
-# This is slightly undesirable, but in order to cleanup *all& RONs peroperly we need
+# This is slightly undesirable, but in order to cleanup *all& RONs properly we need
 # to query the spec file, so in the bare target we have to extract the spec file :(
 bare: $(RPM_SPEC) FORCE
 	$(foreach f,$(shell rpm $(RPMQ_DEFS) --specfile $(RPM_SPEC)),export GLOBIGNORE='$(SRC_SRPM)'; $(RM) $(OUTPUT_DIR)/$(f)*.rpm;)

packages/cacti/Makefile.tmpl

@@ -1,5 +1,5 @@
 # Copyright (C) 2011 Tresys Technology, LLC
-# Copyright (C) 2014 QuarkSecurity, Inc
+# Copyright (C) 2014 Quark Security, Inc
 #
 # Authors: Spencer Shimko <sshimko@tresys.com>
 # Authors: Spencer Shimko <spencer@quarksecurity.com>
@@ -86,7 +86,7 @@ $(RPM_SPEC): $(SRC_SRPM)
 clean:
 	$(RM) -r $(RPM_TMPDIR)
 
-# This is slightly undesirable, but in order to cleanup *all& RONs peroperly we need
+# This is slightly undesirable, but in order to cleanup *all& RONs properly we need
 # to query the spec file, so in the bare target we have to extract the spec file :(
 bare: $(RPM_SPEC) FORCE
 	$(foreach f,$(shell rpm $(RPMQ_DEFS) --specfile $(RPM_SPEC)),export GLOBIGNORE='$(SRC_SRPM)'; $(RM) $(OUTPUT_DIR)/$(f)*.rpm;)

packages/clip-dracut-module/clip-dracut-module/clip.sh

@@ -9,13 +9,13 @@
 getarg "selinux=0" > /dev/null && return 0
 
 # If we are booting after a rescue mode boot "/" is mnt_t.
-# This is less than ideal, but it happens all too aften not to try to address it somewhat.
+# This is less than ideal, but it happens all too often not to try to address it somewhat.
 ls -Zd /sysroot | grep -q root_t || /sysroot/usr/bin/chcon -t root_t /sysroot
 
 
 getarg "liveimg" > /dev/null
 if [ $? -eq 0 ]; then
-	# TODO: something about live media environments necessitated this.  Unforunately 
+	# TODO: something about live media environments necessitated this.  Unfortunately 
 	# it has been a year and I have forgot what the problem actually is.  But IIRC
 	# it was livecd creator looking at the enforcing mode in the ks and ignoring
 	# it elsewhere and we got "stuck" in either or state.

packages/clip-miscfiles/clip-miscfiles/usr/sbin/add_sftp_user.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
-# Copyright (C) 2014-2015, Quark Securityyyp, Inc.
+# Copyright (C) 2014-2015, Quark Security, Inc.
 #
-# Aurhor: Brandon Whalen <brandon@quarksecurity.com>
+# Author: Brandon Whalen <brandon@quarksecurity.com>
 #	  Spencer Shimko <spencer@quarksecurity.com>
 
 add_user() {

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/kernel/filesystem.if

@@ -2025,7 +2025,7 @@ interface(`fs_read_fusefs_symlinks',`
 #
 ########################################
 ## <summary>
-##	Dont audit list hugetlbfs.
+##	Don't audit list hugetlbfs.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/kernel/kernel.if

@@ -2986,7 +2986,7 @@ interface(`kernel_stream_connect',`
 
 ########################################
 ## <summary>
-##     Dont audit the specified domain 
+##     Don't audit the specified domain 
 #      getattr on kernel unix socket.
 ## </summary>
 ## <param name="domain">

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/kernel/terminal.if

@@ -601,7 +601,7 @@ interface(`term_use_generic_ptys',`
 
 ########################################
 ## <summary>
-##	Write tto he generic pty
+##	Write to the generic pty
 ##	type. 
 ## </summary>
 ## <param name="domain">

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/cron.if

@@ -523,7 +523,7 @@ interface(`cron_use_system_job_fds',`
 
 ########################################
 ## <summary>
-##	Dont audit searh on system cron job keys.
+##	Don't audit search on system cron job keys.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.if

@@ -235,7 +235,7 @@ template(`ssh_server_template', `
 
 	domain_interactive_fd($1_t)
 
-	# Allows ssh privelege separation to work
+	# Allows ssh privilege separation to work
 	# where ssh brackets down in privileges
 	# in the child process.
 	domain_subj_id_change_exemption($1_t)
@@ -808,7 +808,7 @@ interface(`ssh_delete_tmp',`
 interface(`ssh_priv_sep_user',`
         # If ssh priv sep is on,
         # userdom needs to write to ssh tcp sockets
-        # Also, if ssh is anabled and a user logs in
+        # Also, if ssh is enabled and a user logs in
         # and needs to change their password in priv sep
         #
         tunable_policy(ssh_enable_priv_sep,`

packages/clip-selinux-policy/clip-selinux-policy/policy/modules/system/userdomain.if

@@ -687,7 +687,7 @@ template(`userdom_common_user_template',`
 
 	# If ssh is enabled, and priv sep is on,
 	# userdom needs to write to ssh tcp sockets
-	# Also, if ssh is anabled and a user logs in
+	# Also, if ssh is enabled and a user logs in
 	# and needs to change their password in priv sep
 	#
 	optional_policy(`

packages/examples/srcrpm/Makefile.tmpl

@@ -86,7 +86,7 @@ $(RPM_SPEC): $(SRC_SRPM)
 clean:
 	$(RM) -r $(RPM_TMPDIR)
 
-# This is slightly undesirable, but in order to cleanup *all& RONs peroperly we need
+# This is slightly undesirable, but in order to cleanup *all& RONs properly we need
 # to query the spec file, so in the bare target we have to extract the spec file :(
 bare: $(RPM_SPEC) FORCE
 	$(foreach f,$(shell rpm $(RPMQ_DEFS) --specfile $(RPM_SPEC)),export GLOBIGNORE='$(SRC_SRPM)'; $(RM) $(OUTPUT_DIR)/$(f)*.rpm;)

support/mk-anaconda-update-img.sh

@@ -72,6 +72,6 @@ fi
 
 cd $STAGING_DIR
 #this is really just so we don't end up with an empty update
-echo "CLIP UPDPATES TO ANACONDA" > ./description.txt
+echo "CLIP UPDATES TO ANACONDA" > ./description.txt
 find . -type f | xargs $UPD_UPDATES $OUTPUT