fix: small typos and table formatting

Signed-off-by: grantseltzer <grantseltzer@gmail.com>
aquasecurity · Mar 30, 2021 · 2e288fd · 2e288fd
1 parent 50a6940
commit 2e288fd
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 10 deletions.
diff --git a/docs/faq.md b/docs/faq.md
@@ -2,4 +2,4 @@
 
 ## Secure tracing
 
-When Tracee-eBPF reads information from user programs it is subject to a race condition where the user program might be able to change the arguments after Tracee has read them. For example, a program invoked `execve("/bin/ls", NULL, 0)`, Tracee picked that up and will report that, then the program changed the first argument from `/bin/ls` to `/bin/bash`, and this is what the kernel will execute. To mitigate this, Tracee also provide "LSM" (Linux Security Module) based events, for example, the `bprm_check` event which can be reported by Tracee and cross-referenced with the reported regular syscall event.
+When Tracee-eBPF reads information from user programs it is subject to a race condition where the user program might be able to change the arguments after Tracee has read them. For example, a program invoked `execve("/bin/ls", NULL, 0)`, Tracee picked that up and will report that, then the program changed the first argument from `/bin/ls` to `/bin/bash`, and this is what the kernel will execute. To mitigate this, Tracee also provides "LSM" (Linux Security Module) based events, for example, the `bprm_check` event which can be reported by Tracee and cross-referenced with the reported regular syscall event.
diff --git a/docs/index.md b/docs/index.md
@@ -7,7 +7,7 @@
 
 # Tracee: Runtime Security and Forensics using eBPF
 
-Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns. It is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a pre-defined set of behavioral patterns.
+Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns. It is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a predefined set of behavioral patterns.
 
 ## Quickstart
 

diff --git a/docs/install/headers.md b/docs/install/headers.md
@@ -7,6 +7,6 @@ In order to compile the eBPF program, Tracee needs some of the Linux kernel head
 
 Normally the files will be installed in `/lib/modules/${kernel_version}/build` which is where Tracee expects them. If you have the headers elsewhere, you can set the `KERN_HEADERS` environment variable with the correct location.
 
-> Note that it's important that the kernel headers match the exact version of kernel you are running. To check the current kernel version, run the command `uname -r`. To install a specific kernel headers version append the version to the package name: `linux-headers-$(uname -r)`.
+> Note that it's important that the kernel headers match the exact version of the kernel you are running. To check the current kernel version, run the command `uname -r`. To install a specific kernel headers version append the version to the package name: `linux-headers-$(uname -r)`.
 
 > Note that more often than not the kernel headers files contains filesystem links to other files in other directories. Therefore, when passing the kernel headers to Tracee docker container, make sure all the necessary directories are mounted. This is why the quickstart example mounts `/usr/src` in addition to `/lib/modules`.
diff --git a/docs/install/prerequisites.md b/docs/install/prerequisites.md
@@ -13,7 +13,7 @@ Exceptions:
 
 # Permissions
 
-For using the eBPF Linux sub-system, Tracee needs to run with sufficient capabilities: 
+For using the eBPF Linux subsystem, Tracee needs to run with sufficient capabilities: 
 - `CAP_SYS_RESOURCE` (to manage eBPF maps limits)
 - `CAP_BPF`+`CAP_TRACING` which are available on recent kernels (>=5.8), or `SYS_ADMIN` on older kernels (to load and attach the eBPF programs).
 

diff --git a/docs/integrations.md b/docs/integrations.md
@@ -1,6 +1,6 @@
 # Integrations
 
-When a detection is made by any of the signatures, it will always be printed to stdout. You can customize the output format using gotemplate:
+When a detection is made by any of the signatures, it will always be printed to stdout. You can customize the output format using a [go template](https://golang.org/pkg/text/template/):
 
 ```bash
 tracee-rules --output-template /path/to/my.tmpl
@@ -25,6 +25,6 @@ type Finding struct {
 }
 ```
 
-Additionally, the Go template can use utility functions from [Sprig ](http://masterminds.github.io/sprig/).
+Additionally, the Go template can use utility functions from [Sprig](http://masterminds.github.io/sprig/).
 
 For example templates, see [tracee/tracee-rules/templates](https://github.com/aquasecurity/tracee/tree/main/tracee-rules/templates).
diff --git a/docs/rules-authoring.md b/docs/rules-authoring.md
@@ -7,7 +7,7 @@ Create a `.rego` file in the rules directory that has the following Rego Rules (
 
 1. `__rego_metadoc__`: A *document* rule that defines the rule's metadata.
 2. `tracee_selected_events`: A *set* rule that defines the event selectors.
-3. `tracee_match`: A *boolean* or a *document* rule that defines the logic of the signature. If bool is "returned", a true evaluation will generate a Finding with no data if document is "returned", any non-empty evaluation will generate a Finding with the returned document as the Finding's "Data".
+3. `tracee_match`: A *boolean* or a *document* rule that defines the logic of the signature. If bool is "returned", a true evaluation will generate a Finding with no data. If a document is "returned", any non-empty evaluation will generate a Finding with the returned document as the Finding's "Data".
 
 See [tracee/tracee-rules/signatures/rego/examples](https://github.com/aquasecurity/tracee/tree/main/tracee-rules/signatures/rego/examples) for example Rego signatures.
 

diff --git a/docs/rules-index.md b/docs/rules-index.md
@@ -2,12 +2,12 @@ To view the list of available rules, run Tracee with the `--list` flag.
 
 We are currently working on creating a library of behavioral signature detections. Currently, the following are available:
 
-Name | Description | Tags
- --- | --- | --- |
+| Name | Description | Tags
+| --- | --- | --- |
 Standard Input/Output Over Socket | Redirection of process's standard input/output to socket | "linux", "container"
 Anti-Debugging | Process uses anti-debugging technique to block debugger | "linux", "container"
 Code injection | Possible code injection into another process | "linux", "container"
 Dynamic Code Loading | Writing to executable allocated memory region | "linux", "container"
-Fileless Execution | Executing a precess from memory, without a file in the disk | "linux", "container"
+Fileless Execution | Executing a process from memory, without a file in the disk | "linux", "container"
 kernel module loading | Attempt to load a kernel module detection | "linux", "container"
 LD_PRELOAD | Usage of LD_PRELOAD to allow hooks on process | "linux", "container"