Fix Spelling and Delete Trailing Whitespace (#37)

* Speling!

* Delete trailing whitespace

* Spleling

.travis.yml

@@ -15,9 +15,9 @@ services:
 install:
 - make init
 - make docker:login
-# Travis has a default umask of 0002 before executing `git clone`. 
+# Travis has a default umask of 0002 before executing `git clone`.
 # There is no workaround. Even git does not track directory modes.
-# This has the unforunate consequance of granting g+rw to any directory we `ADD`. 
+# This has the unforunate consequance of granting g+rw to any directory we `ADD`.
 - find rootfs/ -type d -exec chmod 755 {} \;
 
 script:

Dockerfile

@@ -128,7 +128,7 @@ ENV ENFORCER_ENABLED="true" \
 ## Enable Rate Limiting
 ENV RATE_LIMIT_ENABLED="true"
 
-## Tolerate 5 consecutive fairues    
+## Tolerate 5 consecutive fairues
 ENV RATE_LIMIT_MAX_FAILURES="5"
 ## Lock accounts out for 300 seconds (5 minutes) after repeated failures
 ENV RATE_LIMIT_LOCKOUT_TIME="300"

Makefile

@@ -1,7 +1,7 @@
 export DOCKER_IMAGE ?= cloudposse/$(APP)
 export DOCKER_TAG ?= dev
 export DOCKER_IMAGE_NAME ?= $(DOCKER_IMAGE):$(DOCKER_TAG)
-export DOCKER_BUILD_FLAGS = 
+export DOCKER_BUILD_FLAGS =
 COPYRIGHT_SOFTWARE_DESCRIPTION := A secure Bastion host implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support
 
 include $(shell curl --silent -O "https://raw.githubusercontent.com/cloudposse/build-harness/master/templates/Makefile.build-harness"; echo Makefile.build-harness)

README.md

@@ -1,6 +1,7 @@
 <!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
+[![README Header][readme_header_img]][readme_header_link]
 
-[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+[![Cloud Posse][logo]](https://cpco.io/homepage)
 
 # bastion [![Build Status](https://travis-ci.org/cloudposse/bastion.svg?branch=master)](https://travis-ci.org/cloudposse/bastion) [![Latest Release](https://img.shields.io/github/release/cloudposse/bastion.svg)](https://github.com/cloudposse/bastion/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com)
 
@@ -31,7 +32,15 @@ We recommend using Slack notifications for self-reporting.
 
 ---
 
-This project is part of our comprehensive ["SweetOps"](https://docs.cloudposse.com) approach towards DevOps. 
+This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. 
+[<img align="right" title="Share via Email" src="https://docs.cloudposse.com/images/ionicons/ios-email-outline-2.0.1-16x16-999999.svg"/>][share_email]
+[<img align="right" title="Share on Google+" src="https://docs.cloudposse.com/images/ionicons/social-googleplus-outline-2.0.1-16x16-999999.svg" />][share_googleplus]
+[<img align="right" title="Share on Facebook" src="https://docs.cloudposse.com/images/ionicons/social-facebook-outline-2.0.1-16x16-999999.svg" />][share_facebook]
+[<img align="right" title="Share on Reddit" src="https://docs.cloudposse.com/images/ionicons/social-reddit-outline-2.0.1-16x16-999999.svg" />][share_reddit]
+[<img align="right" title="Share on LinkedIn" src="https://docs.cloudposse.com/images/ionicons/social-linkedin-outline-2.0.1-16x16-999999.svg" />][share_linkedin]
+[<img align="right" title="Share on Twitter" src="https://docs.cloudposse.com/images/ionicons/social-twitter-outline-2.0.1-16x16-999999.svg" />][share_twitter]
+
+
 
 
 It's 100% Open Source and licensed under the [APACHE2](LICENSE).
@@ -40,6 +49,14 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE).
 
 
 
+
+
+
+
+
+
+
+
 ## Usage
 
 ### Running
@@ -121,7 +138,7 @@ The enforcer is able to send notifications to a slack channel anytime there is a
 | `SLACK_WEBHOOK_URL`        | Webhook URL                                         |           |
 | `SLACK_USERNAME`           | Slack handle of bot (defaults to short-dns name)    |           |
 | `SLACK_TIMEOUT`            | Request timeout                                     | `2`       |
-| `SLACK_FATAL_ERRORS`       | Deny logins if slack notificaiton fails             | `true`    |
+| `SLACK_FATAL_ERRORS`       | Deny logins if slack notification fails             | `true`    |
 
 
 ##### SSH Auditor
@@ -188,26 +205,34 @@ The first time you connect, you'll be asked to setup your MFA device. Subsequent
 
 File a GitHub [issue](https://github.com/cloudposse/bastion/issues), send us an [email][email] or join our [Slack Community][slack].
 
-## Commerical Support
+[![README Commercial Support][readme_commercial_support_img]][readme_commercial_support_link]
+
+## Commercial Support
 
 Work directly with our team of DevOps experts via email, slack, and video conferencing. 
 
-We provide *commercial support* for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a fulltime engineer. 
+We provide [*commercial support*][commercial_support] for all of our [Open Source][github] projects. As a *Dedicated Support* customer, you have access to our team of subject matter experts at a fraction of the cost of a full-time engineer. 
 
-[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)](mailto:hello@cloudposse.com)
+[![E-Mail](https://img.shields.io/badge/email-hello@cloudposse.com-blue.svg)][email]
 
 - **Questions.** We'll use a Shared Slack channel between your team and ours.
 - **Troubleshooting.** We'll help you triage why things aren't working.
 - **Code Reviews.** We'll review your Pull Requests and provide constructive feedback.
 - **Bug Fixes.** We'll rapidly work to fix any bugs in our projects.
-- **Build New Terraform Modules.** We'll develop original modules to provision infrastructure.
+- **Build New Terraform Modules.** We'll [develop original modules][module_development] to provision infrastructure.
 - **Cloud Architecture.** We'll assist with your cloud strategy and design.
-- **Implementation.** We'll provide hands on support to implement our reference architectures. 
+- **Implementation.** We'll provide hands-on support to implement our reference architectures. 
+
 
 
-## Community Forum
 
-Get access to our [Open Source Community Forum][slack] on Slack. It's **FREE** to join for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build *sweet* infrastructure.
+## Slack Community
+
+Join our [Open Source Community][slack] on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure.
+
+## Newsletter
+
+Signup for [our newsletter][newsletter] that covers everything on our technology radar.  Receive updates on what we're up to on GitHub as well as awesome new projects we discover. 
 
 ## Contributing
 
@@ -217,7 +242,7 @@ Please use the [issue tracker](https://github.com/cloudposse/bastion/issues) to
 
 ### Developing
 
-If you are interested in being a contributor and want to get involved in developing this project or [help out](https://github.com/orgs/cloudposse/projects/3) with our other projects, we would love to hear from you! Shoot us an [email](mailto:hello@cloudposse.com).
+If you are interested in being a contributor and want to get involved in developing this project or [help out](https://cpco.io/help-out) with our other projects, we would love to hear from you! Shoot us an [email][email].
 
 In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
@@ -232,7 +257,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2018 [Cloud Posse, LLC](https://cloudposse.com)
+Copyright © 2017-2018 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
@@ -260,31 +285,29 @@ See [LICENSE](LICENSE) for full details.
     under the License.
 
 
+
+
+
+
+
+
+
 ## Trademarks
 
 All other trademarks referenced herein are the property of their respective owners.
 
 ## About
 
-This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know at <hello@cloudposse.com>
+This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? Please let us know by [leaving a testimonial][testimonial]!
 
-[![Cloud Posse](https://cloudposse.com/logo-300x69.svg)](https://cloudposse.com)
+[![Cloud Posse][logo]][website]
 
-We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We love [Open Source Software](https://github.com/cloudposse/)!
+We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️  [Open Source Software][we_love_open_source].
 
-We offer paid support on all of our projects.  
+We offer [paid support][commercial_support] on all of our projects.  
 
-Check out [our other projects][github], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
+Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
 
-  [docs]: https://docs.cloudposse.com/
-  [website]: https://cloudposse.com/
-  [github]: https://github.com/cloudposse/
-  [jobs]: https://cloudposse.com/jobs/
-  [hire]: https://cloudposse.com/contact/
-  [slack]: https://slack.cloudposse.com/
-  [linkedin]: https://www.linkedin.com/company/cloudposse
-  [twitter]: https://twitter.com/cloudposse/
-  [email]: mailto:hello@cloudposse.com
 
 
 ### Contributors
@@ -298,3 +321,36 @@ Check out [our other projects][github], [apply for a job][jobs], or [hire us][hi
   [marji_avatar]: https://github.com/marji.png?size=150
 
 
+
+[![README Footer][readme_footer_img]][readme_footer_link]
+[![Beacon][beacon]][website]
+
+  [logo]: https://cloudposse.com/logo-300x69.svg
+  [docs]: https://cpco.io/docs
+  [website]: https://cpco.io/homepage
+  [github]: https://cpco.io/github
+  [jobs]: https://cpco.io/jobs
+  [hire]: https://cpco.io/hire
+  [slack]: https://cpco.io/slack
+  [linkedin]: https://cpco.io/linkedin
+  [twitter]: https://cpco.io/twitter
+  [testimonial]: https://cpco.io/leave-testimonial
+  [newsletter]: https://cpco.io/newsletter
+  [email]: https://cpco.io/email
+  [commercial_support]: https://cpco.io/commercial-support
+  [we_love_open_source]: https://cpco.io/we-love-open-source
+  [module_development]: https://cpco.io/module-development
+  [terraform_modules]: https://cpco.io/terraform-modules
+  [readme_header_img]: https://cloudposse.com/readme/header/img?repo=cloudposse/bastion
+  [readme_header_link]: https://cloudposse.com/readme/header/link?repo=cloudposse/bastion
+  [readme_footer_img]: https://cloudposse.com/readme/footer/img?repo=cloudposse/bastion
+  [readme_footer_link]: https://cloudposse.com/readme/footer/link?repo=cloudposse/bastion
+  [readme_commercial_support_img]: https://cloudposse.com/readme/commercial-support/img?repo=cloudposse/bastion
+  [readme_commercial_support_link]: https://cloudposse.com/readme/commercial-support/link?repo=cloudposse/bastion
+  [share_twitter]: https://twitter.com/intent/tweet/?text=bastion&url=https://github.com/cloudposse/bastion
+  [share_linkedin]: https://www.linkedin.com/shareArticle?mini=true&title=bastion&url=https://github.com/cloudposse/bastion
+  [share_reddit]: https://reddit.com/submit/?url=https://github.com/cloudposse/bastion
+  [share_facebook]: https://facebook.com/sharer/sharer.php?u=https://github.com/cloudposse/bastion
+  [share_googleplus]: https://plus.google.com/share?url=https://github.com/cloudposse/bastion
+  [share_email]: mailto:?subject=bastion&body=https://github.com/cloudposse/bastion
+  [beacon]: https://ga-beacon.cloudposse.com/UA-76589703-4/cloudposse/bastion?pixel&cs=github&cm=readme&an=bastion

README.yaml

@@ -153,7 +153,7 @@ usage: |-
   | `SLACK_WEBHOOK_URL`        | Webhook URL                                         |           |
   | `SLACK_USERNAME`           | Slack handle of bot (defaults to short-dns name)    |           |
   | `SLACK_TIMEOUT`            | Request timeout                                     | `2`       |
-  | `SLACK_FATAL_ERRORS`       | Deny logins if slack notificaiton fails             | `true`    |
+  | `SLACK_FATAL_ERRORS`       | Deny logins if slack notification fails             | `true`    |
 
 
   ##### SSH Auditor
@@ -188,10 +188,10 @@ usage: |-
   - [@aws](https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/), for providing detailed instructions on how to do SSH session logging.
   - [@duo](https://duo.com/docs/duounix), for providing excellent documentation
   - [@google](https://github.com/google/google-authenticator-libpam) for contributing Google Authenticator to the Open Source community
-  
+
 # Contributors to this project
 contributors:
   - name: "Erik Osterman"
     github: "osterman"
   - name: "Marji Cermak"
-    github: "marji"
+    github: "marji"

patches/README.md

@@ -4,15 +4,15 @@ OpenSSH will not compile out-of-the-box on alpine. For this reason, we use the o
 
 - [https://git.alpinelinux.org/cgit/aports/tree/main/openssh](https://git.alpinelinux.org/cgit/aports/tree/main/openssh)
 
-We also add a couple of our own patches. 
+We also add a couple of our own patches.
 
-One patch ensures we have `SSH_ORIGINAL_COMMAND` available during pam auth so we can send slack notifications.  
+One patch ensures we have `SSH_ORIGINAL_COMMAND` available during pam auth so we can send slack notifications.
 [original-command.diff](openssh/cloudposse/original-command.diff)
 
-The other patch obscures the version of OpenSSH. We use this to hide the SSH version so it's not announced to port-scanners.  
+The other patch obscures the version of OpenSSH. We use this to hide the SSH version so it's not announced to port-scanners.
 [obfuscate-version.diff](openssh/cloudposse/obfuscate-version.diff)
 
-Also we modified one alpine patch related to realpath, because it is outdated.  
+Also we modified one alpine patch related to realpath, because it is outdated.
 [bsd-compatible-realpath.diff](openssh/cloudposse/bsd-compatible-realpath.diff)
 
 When upgrading version of OpenSSH, the patches might need to be regenerated.

patches/openssh/alpine/disable-forwarding-by-default.diff

@@ -2,7 +2,7 @@
 +++ openssh-7.7p1/sshd_config	2018-07-29 03:08:16.340000000 -0500
 @@ -82,9 +82,10 @@
  #UsePAM no
- 
+
  #AllowAgentForwarding yes
 -#AllowTcpForwarding yes
 -#GatewayPorts no

patches/openssh/alpine/openssh7.4-peaktput.diff

@@ -14,12 +14,12 @@
  	int i, len;
  	int file_len;
 +	off_t delta_pos;
- 
+
  	transferred = *counter - (cur_pos ? cur_pos : start_pos);
  	cur_pos = *counter;
  	now = monotime_double();
  	bytes_left = end_pos - cur_pos;
- 
+
 +	delta_pos = cur_pos - last_pos;
 +	if (delta_pos > max_delta_pos)
 +		max_delta_pos = delta_pos;
@@ -28,7 +28,7 @@
  		elapsed = now - last_update;
  	else {
 @@ -158,7 +165,7 @@
- 
+
  	/* filename */
  	buf[0] = '\0';
 -	file_len = win_size - 35;
@@ -39,7 +39,7 @@
 @@ -188,6 +195,15 @@
  	    (off_t)bytes_per_second);
  	strlcat(buf, "/s ", win_size);
- 
+
 +	/* instantaneous rate */
 +	if (bytes_left > 0)
 +		format_rate(buf + strlen(buf), win_size - strlen(buf),
@@ -53,10 +53,10 @@
  	if (!transferred)
  		stalled += elapsed;
 @@ -224,6 +240,7 @@
- 
+
  	atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
  	last_update = now;
 +	last_pos = cur_pos;
  }
- 
+
  /*ARGSUSED*/

patches/openssh/alpine/sftp-interactive.diff

@@ -2,7 +2,7 @@
 +++ b/sftp.c	2014-10-24 10:35:22.329199875 +0500
 @@ -2076,8 +2076,10 @@
  		signal(SIGINT, SIG_IGN);
- 
+
  		if (el == NULL) {
 -			if (interactive)
 +			if (interactive) {

rootfs/etc/init.d/enforcer

@@ -1,4 +1,4 @@
-#!/bin/bash 
+#!/bin/bash
 umask 0066
 
 if [ "${ENFORCER_ENABLED}" == "true" ]; then

rootfs/etc/init.d/ssh-audit

@@ -1,4 +1,4 @@
-#!/bin/bash 
+#!/bin/bash
 
 if [ "${SSH_AUDIT_ENABLED}" == "true" ]; then
 	echo "- Enabling SSH Audit Logs"

rootfs/etc/slack/pam-open_session-notification.json

@@ -1,21 +1,21 @@
-{ "mrkdwn": true, 
-  "username": "${SLACK_USERNAME}", 
-  "attachments": [ 
-    { "mrkdwn_in": ["pretext", "fallback", "title"], 
-      "title": "SSH login on ${HOSTNAME}", 
+{ "mrkdwn": true,
+  "username": "${SLACK_USERNAME}",
+  "attachments": [
+    { "mrkdwn_in": ["pretext", "fallback", "title"],
+      "title": "SSH login on ${HOSTNAME}",
       "fallback": "login by ${PAM_USER}@${HOSTNAME} from ${PAM_RHOST}",
-      "fields": [ 
-        { "title": "User", 
-          "value": "${PAM_USER}@${PAM_TTY}", 
-          "short": true 
-        }, 
-        { "title": "IP Address", 
-          "value": "${PAM_RHOST}", 
-          "short": true 
-        } 
-      ], 
-      "color": "#F35A00" 
-    } 
+      "fields": [
+        { "title": "User",
+          "value": "${PAM_USER}@${PAM_TTY}",
+          "short": true
+        },
+        { "title": "IP Address",
+          "value": "${PAM_RHOST}",
+          "short": true
+        }
+      ],
+      "color": "#F35A00"
+    }
   ],
   "icon_emoji": ":computer:"
 }