Merge pull request #56 from ansible-lockdown/devel

2023 August Typo Fixes Update part 2

ChangeLog.md

@@ -11,7 +11,7 @@ August 2023 Update
   - Updated Tags in tasks/main.
 
 June / July 2023 Update
-  - Updated tags on controls based Version 2 Release 7
+  - Updated tags on controls based on Version 2 Release 7
   - Updated win_skip_for_test var to true
   - Updated Readme
   - Updated Changelog
@@ -24,8 +24,8 @@ June / July 2023 Update
     - Added Control WN19-AU-000100
     - Added Control WN19-AU-000110
     - Added Control WN19-SO-000070
-  - Rule IDs updated due to changes in content management system.
-  - Updated all tags to proper format.
+  - Rule IDs updated due to changes in the content management system.
+  - Updated all tags to the proper format.
   - Major updates to all controls
     - Updated Misc Controls to have additional data in warning messages.
     - Fixed Misc Controls Registry entry errors.

README.md

@@ -46,37 +46,37 @@ Join us on our [Discord Server](https://discord.io/ansible-lockdown) to ask ques
 
 ## Caution(s)
 
-This role **will make changes to the system** which may have unintended consequences. This is not an auditing tool but rather a remediation tool to be used after an audit has been conducted.
+This role **will make changes to the system** which may have unintended consequences. This is not an auditing tool but a remediation tool to be used after an audit.
 
-Check Mode is not supported! The role will complete in check mode without errors, but it is not supported and should be used with caution.
+Check Mode is not supported! The role will be completed in check mode without errors, but it is not supported and should be used with caution.
 
-This role was developed against a clean install of the Windows 2019 operating system. If you are implementing to an existing system please review this role for any site specific changes that are needed.
+This role was developed against a clean install of the Windows 2019 operating system. If you are implementing an existing system please review this role for any site-specific changes that are needed.
 
-To use release version please point to main branch and relevant release for the STIG benchmark you wish to work with.
+To use the release version please point to the main branch and relevant release for the STIG benchmark you wish to work with.
 
 ---
 
 ## Matching a security Level for STIG
 
-It is possible to to only run controls that are based on a particular for security level for STIG.
+It is possible to only run controls that are based on a particular security level for STIG.
 This is managed using tags:
 
 - CAT1
 - CAT2
 - CAT3
 
-The control found in defaults main also need to reflect true so as this will allow the controls to run when the playbook is launched.
+The control found in defaults/main.yml also needs to reflect true as this will allow the controls to run when the playbook is launched.
 
 ## Coming from a previous release
 
-STIG releases always contain changes, it is highly recommended to review the new references and available variables. This has changed significantly since the initial release of ansible-lockdown.
-This is now compatible with python3 if it is found to be the default interpreter. This does come with pre-requisites which it configures the system accordingly.
+STIG releases always contain changes, so it is highly recommended to review the new references and available variables. This has changed significantly since the initial release of ansible-lockdown.
+This is now compatible with python3 if it is found to be the default interpreter. This does come with prerequisites that configure the system accordingly.
 
 Further details can be seen in the [Changelog](./ChangeLog.md)
 
 ## Auditing (new)
 
-Currently this release does not have a auditing tool.
+Currently, this release does not have an auditing tool.
 
 ## Documentation
 
@@ -97,7 +97,7 @@ Currently this release does not have a auditing tool.
   - [Tower User Guide](https://docs.ansible.com/ansible-tower/latest/html/userguide/index.html)
   - [Ansible Community Info](https://docs.ansible.com/ansible/latest/community/index.html)
 - Functioning Ansible and/or Tower Installed, configured, and running. This includes all of the base Ansible/Tower configurations, needed packages installed, and infrastructure setup.
-- Please read through the tasks in this role to gain an understanding of what each control is doing. Some of the tasks are disruptive and can have unintended consequences in a live production system. Also familiarize yourself with the variables in the defaults/main.yml file.
+- Please read through the tasks in this role to gain an understanding of what each control is doing. Some of the tasks are disruptive and can have unintended consequences in a live production system. Also, familiarize yourself with the variables in the defaults/main.yml file.
 
 **Technical Dependencies:**
 
@@ -114,11 +114,11 @@ Package 'python-xmltodict' is required if you enable the OpenSCAP tool installat
 
 ## Role Variables
 
-This role is designed that the end user should not have to edit the tasks themselves. All customizing should be done via the defaults/main.yml file or with extra vars within the project, job, workflow, etc. Non-disruptive CAT I, CAT II, and CAT III findings will be corrected by default. Disruptive finding remediation can be enabled by setting `win19stig_disruption_high` to `yes`.
+This role is designed so that the end user should not have to edit the tasks themselves. All customizing should be done via the defaults/main.yml file or with extra vars within the project, job, workflow, etc. Non-disruptive CAT I, CAT II, and CAT III findings will be corrected by default. Disruptive finding remediation can be enabled by setting `win19stig_disruption_high` to `true`.
 
 ## Tags
 
-There are many tags available for added control precision. Each control may have it's own set of tags noting what category, what OS element it relates to, if it's a patch or audit, and the rule number.
+There are many tags available for added control precision. Each control may have its own set of tags noting what category, what OS element it relates to if it's a patch or audit, and the rule number.
 
 Below is an example of the tag section from a control within this role. Using this example if you set your run to skip all controls with the tag CCI-000185, this task will be skipped. The opposite can also happen where you run only controls tagged with CCI-000185.
 

defaults/main.yml

@@ -25,13 +25,13 @@ win2019stig_disruption_high: false
 # setting to make them stand out.
 win2019stig_audit_disruptive: true
 
-# This parameter disables controls that could have a very lengthy find. For example
+# This parameter disables controls that could have a very lengthy find. For example,
 # removing all files of a specific file type that search the entire drive.
 # If there is an action tied to the lengthy search the action task will be disabled as well.
 # WN19-00-000240 - CAT2
 win19stig_lengthy_search: false
 
-# win19stig_cloud_based_system is a setting built into the playbook for testing locally vs azure.
+# win19stig_cloud_based_system is a setting built into the playbook for testing locally vs. Azure.
 # We have found certain controls that need to be set in a different order when being applied in the
 # different environments. By Default This is set to false.
 win19stig_cloud_based_system: false
@@ -47,7 +47,7 @@ win19stig_cloud_based_system: false
 # WN19-SO-000030 - CAT2
 win_skip_for_test: true
 
-# These variables correspond with the STIG IDs defined in the STIG and allows you to enable/disable specific rules.
+# These variables correspond with the STIG IDs defined in the STIG and allow you to enable/disable specific rules.
 # PLEASE NOTE: These work in coordination with the cat1, cat2, cat3 group variables. You must enable an entire group
 # in order for the variables below to take effect.
 
@@ -364,12 +364,12 @@ wn19stig_secreatetokenprivilege: ""
 wn19stig_sedebugprivilege: Administrators
 
 # WN19-00-000110
-# Windows Server 2019 must use an anti-virus program. We are using powershell here to check the status of
-# a user defined anti-virus program installed.
-# Option Examples: defnder | mcafee | symantec | etc
-# NOTE: If the results of the powershell check come back empty Windows Defender will automatically be installed
-# and enabled. If the results of the powershell check come back with outout for 3rd party antivirus,
-# Windows defender will be disbaled and the results will be manually audited to verify the 3rd part program is
+# Windows Server 2019 must use an anti-virus program. We are using Powershell here to check the status of
+# a user-defined anti-virus program installed.
+# Option Examples: defender | mcafee | symantec | etc
+# NOTE: If the results of the Powershell check come back empty Windows Defender will automatically be installed
+# and enabled. If the results of the Powershell check come back with output for 3rd party antivirus,
+# Windows Defender will be disabled and the results will be manually audited to verify the 3rd part program is
 # currently running.
 # Default: defender
 wn19stig_antivirus_program: defender
@@ -394,14 +394,14 @@ wn19stig_lockoutbadcount: 3
 
 # WN19-AC-000030
 # Windows Server 2019 must have the period of time before the bad logon counter is reset configured to 15 minutes or greater.
-# wn19stig_resetlockoutcount is the Reset account lockout counter after value in mintues.
+# wn19stig_resetlockoutcount is the Reset account lockout counter after value in minutes.
 wn19stig_resetlockoutcount: 15
 
 # WN19-AC-000040
 # Windows Server 2019 password history must be configured to 24 passwords remembered.
-# wn19stig_passwordhistorysize is the number of passwords windows will remember before you may
+# wn19stig_passwordhistorysize is the number of passwords Windows will remember before you may
 # be able to reuse that same password. The default value is "24" for Windows domain systems.
-# DoD determined appropriate value for all Windows systems.
+# DoD determined the appropriate value for all Windows systems.
 wn19stig_passwordhistorysize: 24
 
 # WN19-AC-000050
@@ -416,13 +416,13 @@ wn19stig_minimumpasswordage: 1
 
 # WN19-AC-000070
 # Windows Server 2019 minimum password length must be configured to 14 characters or more.
-# wn19stig_minimumpasswordlength is the Minimum password characters length value.
+# wn19stig_minimumpasswordlength is the Minimum password character length value.
 wn19stig_minimumpasswordlength: 14
 
 # WN19-CC-000110
 # Windows Server 2019 virtualization-based security must be enabled with the platform security
 # level configured to Secure Boot or Secure Boot with DMA Protection.
-# win19stig_dma_protection is the level that they would like to setup.
+# win19stig_dma_protection is the level that they would like to set up.
 # Valid settings are as follows.
 # 1 (Secure Boot only)
 # 3 (Secure Boot and DMA Protection)
@@ -436,7 +436,7 @@ wn19stig_dma_protection: 3
 # Approved values are below:
 # 8 - Good only
 # 1 - Good and unknown
-# 3 - Good, unknown and bad but critical
+# 3 - Good, unknown, and bad but critical
 wn19stig_driver_load_policy: 1
 
 # WN19-CC-000270
@@ -467,7 +467,7 @@ wn19stig_senetworklogonright_dc: Administrators,Authenticated Users,Enterprise D
 # WN19-DC-000430
 # The password for the krbtgt account on a domain must be reset at least every 180 days.
 # The default setting here matches the STIG requirements. If you would like to
-# enforce a more strcit policy you may do so for auditing purposes.
+# enforce a more strict policy you may do so for auditing purposes.
 # NOTE: Valid Days are 180 or less.
 wn19stig_krbtgt_account_pass_age: 180
 
@@ -483,8 +483,8 @@ wn19stig_senetworklogonright: Administrators,Authenticated Users
 
 # WN19-SO-000030
 # Windows Server 2019 built-in administrator account must be renamed.
-# wn19stig_newadministratorname is the non-default name for the Administror Account.
-# This rule can be skipped during testing, conseqently to not break the box's connection by using
+# wn19stig_newadministratorname is the non-default name for the Administrator Account.
+# This rule can be skipped during testing, consequently not breaking the box's connection by using
 # the toggle win_skip_for_test.
 wn19stig_newadministratorname: adminchangethis
 
@@ -504,7 +504,7 @@ wn19stig_machineaccountpsswd_max_age: 30
 # WN19-SO-000120
 # The machine inactivity limit must be set to 15 minutes, locking the system with the screen saver.
 # wn19stig_inactivitytimeoutsecs is the time in seconds that will be set in the registry that
-# enagages the screen saver. Default setting is "900" seconds or less excluding "0"
+# enagages the screen saver. The default setting is "900" seconds or less excluding "0"
 wn19stig_inactivitytimeoutsecs: 900
 
 # WN19-SO-000130
@@ -527,14 +527,14 @@ wn19stig_legalnoticetext: |
 
 # WN19-SO-000400
 # User Account Control must, at a minimum, prompt administrators for consent on the secure desktop.
-# The more secure option for this setting, "Prompt for credenti
+# The more secure option for this setting, "Prompt for credentials on the secure desktop"
 # Default setting is 2
 # 2 -(Prompt for consent on the secure desktop)
 # 1 -(Prompt for credentials on the secure desktop)
 wn19stig_consentprompt: 2
 
 # WN19-UR-000030
-# The Allow log on locally user right must only be assigned to the Administrators group.
+# The Allow log on local user rights must only be assigned to the Administrators group.
 # If any SIDs other than the following are granted the "SeInteractiveLogonRight" user right, this is a finding.
 # If an application requires this user right, this would not be a finding. Vendor documentation must support the
 # requirement for having the user right. The requirement must be documented with the ISSO.