chore: fix typos everywhere

2025-09-04 20:14:22 +08:00 · 2020-11-05 17:36:17 +00:00 · 2020-11-05 17:36:17 +00:00 · 5c72c92bdd
commit 5c72c92bdd
parent 0627c6a20c
60 changed files with 90 additions and 90 deletions
--- a/bin/admin/install
+++ b/bin/admin/install
@ -151,7 +151,7 @@ Usage:
    $0 --nothing
        Don't do anything at all, not even what we normally do when all below options are disabled (as
        in the minimal mode). Can be useful if you want to do only one precise modification that you
-        can explicitely specify using the options below.
+        can explicitly specify using the options below.

    OPTIONS:

--- a/bin/admin/setup-gpg.sh
+++ b/bin/admin/setup-gpg.sh
@ -136,6 +136,6 @@ fi

 echo "Usage: $0 <--import|--generate>"
 echo
-echo "Use --generate to generate a new GPG keypair for bastion signing"
+echo "Use --generate to generate a new GPG key pair for bastion signing"
 echo "Use --import to import the administrator GPG key you've generated on your desk (ttyrecs, keys and acls backups will be encrypted to it)"
 exit 0
--- a/bin/plugin/open/info
+++ b/bin/plugin/open/info
@ -139,7 +139,7 @@ osh_info "The networks I'm able to connect you to on the egress side are: " . co
 $ret{'allowed_networks_list'} = \@allowedNets;

 my @forbiddenNets = @{$config->{'forbiddenNetworks'}};
-osh_info "The networks that are explicitely forbidden on the egress side are: " . colored(@forbiddenNets ? join(", ", @forbiddenNets) : "none", "magenta");
+osh_info "The networks that are explicitly forbidden on the egress side are: " . colored(@forbiddenNets ? join(", ", @forbiddenNets) : "none", "magenta");
 $ret{'forbidden_networks_list'} = \@forbiddenNets;

 $fnret = OVH::Bastion::get_bastion_ips();
--- a/bin/plugin/open/nc
+++ b/bin/plugin/open/nc
@ -62,7 +62,7 @@ push @command, ($timeout and $timeout > 0 and $timeout <= 3600) ? $timeout : 3;
 push @command, $host;
 push @command, $port;

-osh_info "Checking wether TCP port $port of $host is reachable...";
+osh_info "Checking whether TCP port $port of $host is reachable...";

 $fnret = OVH::Bastion::execute(cmd => \@command, noisy_stdout => 1, noisy_stderr => 1);
 $fnret or osh_exit $fnret;
--- a/bin/plugin/open/selfListSessions
+++ b/bin/plugin/open/selfListSessions
@ -32,7 +32,7 @@ List the few past sessions of your account

 Usage: --osh SCRIPT_NAME [OPTIONS]

-  --detailed             Display more informations about each session
+  --detailed             Display more information about each session
  --limit LIMIT          Limit to LIMIT results
  --id ID                Only sessions having this ID
  --type TYPE            Only sessions of specified type (ssh, osh, ...)
--- a/bin/plugin/restricted/accountUnexpire
+++ b/bin/plugin/restricted/accountUnexpire
@ -22,7 +22,7 @@ Usage: --osh SCRIPT_NAME --account ACCOUNT

  --account ACCOUNT  Account to work on

-When the bastion is configued to expire accounts that haven't been seen in a while,
+When the bastion is configured to expire accounts that haven't been seen in a while,
 this command can be used to activate them back.
 EOF
 );
--- a/bin/plugin/restricted/realmInfo
+++ b/bin/plugin/restricted/realmInfo
@ -13,7 +13,7 @@ OVH::Bastion::Plugin::begin(
    header   => "realm information",
    options  => {'realm=s' => \my $pRealm},
    helptext => <<'EOF',
-Display informations about a bastion realm
+Display information about a bastion realm

 Usage: --osh SCRIPT_NAME --realm REALM

--- a/bin/proxy/osh-http-proxy-worker
+++ b/bin/proxy/osh-http-proxy-worker
@ -175,8 +175,8 @@ undef $storedhash;

 # read the password we must use
 # pseudoalgo:
-# if mode was explicitely specified to group, we look for a group password
-# elif mode was explicitely specified to self, we look for a self account password
+# if mode was explicitly specified to group, we look for a group password
+# elif mode was explicitly specified to self, we look for a self account password
 # elif the legacy file with the same name as $user exists in /home/passkeeper, use it
 # elif the specified $user happens to be a group name, look for this group password
 # else look for a self account password
--- a/bin/shell/osh.pl
+++ b/bin/shell/osh.pl
@ -324,7 +324,7 @@ if ($realOptions =~ /^(.*?) -- (.*)$/) {
 }
 else {
    # we have no -- delimiter, either there was no remote command (that's fine),
-    # or it's indistiguishable from the bastion options, in that case GetOptionsFromString
+    # or it's indistinguishable from the bastion options, in that case GetOptionsFromString
    # will leave what it doesn't recognize, will also fuck up "" and '', but users are warned
    # to always use -- anyway, and we'll use that as a remote command
    $beforeOptions = $realOptions;
@ -790,7 +790,7 @@ if ($osh_command) {
        $log_db_name   = $logret->value->{'db_name'};
    }
    else {
-        warn_syslog("Failed to insert accesss log: " . $logret->msg);
+        warn_syslog("Failed to insert access log: " . $logret->msg);
        if ($ip eq '127.0.0.1') {
            osh_warn("Would deny access on out of space condition but you're root\@127.0.0.1, I hope you're here to fix me!");
        }
@ -802,10 +802,10 @@ if ($osh_command) {
    if ($fnret) {
        my @cmd = ($fnret->value->{'fullpath'}, $user, $ip, $host, $optPort, @$remainingOptions);

-        # is plugin explicitely disabled?
+        # is plugin explicitly disabled?
        my $isDisabled = OVH::Bastion::plugin_config(plugin => $osh_command, key => "disabled");

-        # plugin is enabled by default if not explicitely disabled
+        # plugin is enabled by default if not explicitly disabled
        if ($isDisabled and $isDisabled->value() =~ /yes/) {
            main_exit OVH::Bastion::EXIT_RESTRICTED_COMMAND, "plugin_disabled", "Sorry, this plugin has been disabled by policy.";
        }
@ -1160,7 +1160,7 @@ else {
    if (not $quiet) {
        $fnret = OVH::Bastion::account_config(account => $self, key => OVH::Bastion::OPT_ACCOUNT_IDLE_IGNORE, public => 1);
        if ($fnret && $fnret->value =~ /yes/) {
-            osh_debug("Acccount is immune to idle");
+            osh_debug("Account is immune to idle");
        }
        else {
            if ($config->{'idleLockTimeout'}) {
@ -1441,7 +1441,7 @@ Usage (osh cmd): $bastionName --osh [OSH_COMMAND] [OSH_OPTIONS]
    --verbose,  -v       Enable verbose ssh
    --tty,      -t       Force tty allocation
    --no-tty,   -T       Prevent tty allocation
-    --use-key      FP    Explicitely specify the fingerprint of the egress key you want to use
+    --use-key      FP    Explicitly specify the fingerprint of the egress key you want to use
    --kbd-interactive    Enable the keyboard-interactive authentication scheme on egress connection
    --netconf            Request to use netconf subsystem

--- a/bin/sudogen/generate-sudoers.sh
+++ b/bin/sudogen/generate-sudoers.sh
@ -49,7 +49,7 @@ generate_account_sudoers()
            perl -pe "s!%ACCOUNT%!$account!g;s!%NORMACCOUNT%!$normalized_account!g;s!%BASEPATH%!$basedir!g" "$template"
        done
    } > "${dst}.tmp"
-    # then move the file to its final name (potentially overwritting a previous file of the same name)
+    # then move the file to its final name (potentially overwriting a previous file of the same name)
    mv -f "${dst}.tmp" "$dst"
    return 0
 }
@ -84,7 +84,7 @@ generate_group_sudoers()
            perl -pe "s!%GROUP%!$group!g;s!%BASEPATH%!$basedir!g" "$template"
        done
    } > "${dst}.tmp"
-    # then move the file to its final name (potentially overwritting a previous file of the same name)
+    # then move the file to its final name (potentially overwriting a previous file of the same name)
    mv -f "${dst}.tmp" "$dst"
    return 0
 }
--- a/doc/HIERARCHY.md
+++ b/doc/HIERARCHY.md
@ -15,12 +15,12 @@ The OVH::Bastion directory hierarchy is organized as follows:
    - bin/plugin/group-gatekeeper: plugins that can only be launched by group gatekeepers
    - bin/plugin/group-owner: plugins that can only be launched by group owners
    - bin/plugin/open: plugins that can be launched by any user
-    - bin/plugin/restricted: plugins that can be launched only by users that are explicitely granted on said plugins
+    - bin/plugin/restricted: plugins that can be launched only by users that are explicitly granted on said plugins
  - bin/shell: where resides the main script that is declared as the shell of the bastion users, with some of its helpers
  - bin/sudogen: where resides the helper script that generate group and account sudoers files
  - bin/other: other helper scripts for various tasks
 - contrib: placeholder directory with a readme file that references other repositories of interest when integrating the bastion in your company
- doc: sysadmin-proof documentation folder, the main Markdown files you need are there, just one `view` appart
+- doc: sysadmin-proof documentation folder, the main Markdown files you need are there, just one `view` apart
  - doc/sphinx: more complete documentation using the `sphinx` documentation system, the built version is viewable on https://ovh.github.io/the-bastion/
 - docker: where the Dockerfiles reside
 - etc: contains all the template configuration files that will be installed on your system (depending on your `install` options)
--- a/doc/VERSIONING.md
+++ b/doc/VERSIONING.md
@ -9,7 +9,7 @@ Update between a previous `ZZ` version is supposed to be frictionless.
 - The `YY` part is considered a major update, potentially with new features (and new bugs!).
 Be sure to read the UPGRADE.md documentation which might contain instructions for a smoother update.
 If no specific instruction can be found, it means there's no specific action to be taken,
-appart from following the usual update process.
+apart from following the usual update process.
 If the change introduces an incompatibility between a `master` and its `slave`s,
 it'll be detailed in the UPGRADE.md file.

--- a/doc/sphinx-plugins-override/groupCreate.override.rst
+++ b/doc/sphinx-plugins-override/groupCreate.override.rst
@ -35,7 +35,7 @@ Create a new bastion group

 .. option:: --no-key

-   No egress keypair will be generated. In that case, omit ``--algo`` and ``--size``.
+   No egress key pair will be generated. In that case, omit ``--algo`` and ``--size``.

 Algorithms guideline
 ====================
--- a/doc/sphinx-plugins-override/groupInfo.rst
+++ b/doc/sphinx-plugins-override/groupInfo.rst
@ -15,7 +15,7 @@ Output example
  ~ keyline follows, please copy the *whole* line:
  from="203.0.113.4/32,192.0.2.0/26" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdD60bA3NgaOpRLgcACWfKcAMRQQRyFMppwp5GpHLTB mygroup@testbastion:1523886640

-The first paragraph of the output lists the differents roles along with the people having these roles.
+The first paragraph of the output lists the different roles along with the people having these roles.

 You can also see the public egress key of this group, i.e. the key that needs to be added to the remote servers' ``authorized_keys`` files, so that ``members`` of this group can access these servers.

--- a/doc/sphinx-plugins-override/help.rst
+++ b/doc/sphinx-plugins-override/help.rst
@ -7,7 +7,7 @@ Note that if you want some help about the bastion (and not specifically about th
 Colors
 ======

-You'll notice that plugins are hilighted in different colors, these indicate the access level needed to run the plugin. Note that plugins you don't have access to are simply omitted.
+You'll notice that plugins are highlighted in different colors, these indicate the access level needed to run the plugin. Note that plugins you don't have access to are simply omitted.

 - green (``open``): these plugins can be called by anybody
 - blue (``restricted``): these plugins can only be called by users having the specific right to call them. This right is granted per plugin by the ``accountGrantCommand`` plugin
--- a/doc/sphinx-plugins-override/info.rst
+++ b/doc/sphinx-plugins-override/info.rst
@ -22,7 +22,7 @@ Output example
  ~ I have 42 registered accounts and 46 groups
  ~ I am a MASTER, which means I accept modifications
  ~ The networks I'm able to connect you to on the egress side are: all
-  ~ The networks that are explicitely forbidden on the egress side are: none
+  ~ The networks that are explicitly forbidden on the egress side are: none
  ~ My egress connection IP to remote servers is 192.0.2.45/32
  ~ ...don't forget to whitelist me in your firewalls!
  ~ 
--- a/doc/sphinx/installation/basic.rst
+++ b/doc/sphinx/installation/basic.rst
@ -9,7 +9,7 @@ If you are just upgrading from a previous version, please read :doc:`upgrading<u

 .. warning::

-   The Bastion expects to be the only main service runnning on the server, please see :ref:`this FAQ entry <faq_existing_server>` for more information.
+   The Bastion expects to be the only main service running on the server, please see :ref:`this FAQ entry <faq_existing_server>` for more information.

 The following Linux distros are tested with each release, but as this is a security product, you are *warmly* advised to run it on the latest up-to-date stable version of your favorite OS:

--- a/doc/sphinx/installation/tests.rst
+++ b/doc/sphinx/installation/tests.rst
@ -27,7 +27,7 @@ Then, from another machine, run:

    ``test/functional/launch_tests_on_instance.sh <IP> <port> <remote_user_name> <ssh_key_path> [outdir]``

-Where ``IP`` and ``port`` are the informations needed to connect to the remote server to test, ``remote_user_name`` is the name of the account created on the remote bastion to use for the tests, and ``ssh_key_path`` is the private SSH key path used to connect to the account. The ``outdir`` parameter is optional, if you want to keep the raw output of each test.
+Where ``IP`` and ``port`` are the information needed to connect to the remote server to test, ``remote_user_name`` is the name of the account created on the remote bastion to use for the tests, and ``ssh_key_path`` is the private SSH key path used to connect to the account. The ``outdir`` parameter is optional, if you want to keep the raw output of each test.

 This script is also the script used by the Docker client instance, so you're sure to get the proper results even without using Docker.

--- a/doc/sphinx/plugins/open/groupInfo.rst
+++ b/doc/sphinx/plugins/open/groupInfo.rst
@ -37,7 +37,7 @@ Output example
  ~ keyline follows, please copy the *whole* line:
  from="203.0.113.4/32,192.0.2.0/26" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdD60bA3NgaOpRLgcACWfKcAMRQQRyFMppwp5GpHLTB mygroup@testbastion:1523886640

-The first paragraph of the output lists the differents roles along with the people having these roles.
+The first paragraph of the output lists the different roles along with the people having these roles.

 You can also see the public egress key of this group, i.e. the key that needs to be added to the remote servers' ``authorized_keys`` files, so that ``members`` of this group can access these servers.

--- a/doc/sphinx/plugins/open/help.rst
+++ b/doc/sphinx/plugins/open/help.rst
@ -24,7 +24,7 @@ Note that if you want some help about the bastion (and not specifically about th
 Colors
 ======

-You'll notice that plugins are hilighted in different colors, these indicate the access level needed to run the plugin. Note that plugins you don't have access to are simply omitted.
+You'll notice that plugins are highlighted in different colors, these indicate the access level needed to run the plugin. Note that plugins you don't have access to are simply omitted.

 - green (``open``): these plugins can be called by anybody
 - blue (``restricted``): these plugins can only be called by users having the specific right to call them. This right is granted per plugin by the ``accountGrantCommand`` plugin
--- a/doc/sphinx/plugins/open/info.rst
+++ b/doc/sphinx/plugins/open/info.rst
@ -39,7 +39,7 @@ Output example
  ~ I have 42 registered accounts and 46 groups
  ~ I am a MASTER, which means I accept modifications
  ~ The networks I'm able to connect you to on the egress side are: all
-  ~ The networks that are explicitely forbidden on the egress side are: none
+  ~ The networks that are explicitly forbidden on the egress side are: none
  ~ My egress connection IP to remote servers is 192.0.2.45/32
  ~ ...don't forget to whitelist me in your firewalls!
  ~ 
--- a/doc/sphinx/plugins/open/selfListSessions.rst
+++ b/doc/sphinx/plugins/open/selfListSessions.rst
@ -16,7 +16,7 @@ List the few past sessions of your account

 .. option:: --detailed           

-   Display more informations about each session
+   Display more information about each session

 .. option:: --limit LIMIT        

--- a/doc/sphinx/plugins/restricted/accountUnexpire.rst
+++ b/doc/sphinx/plugins/restricted/accountUnexpire.rst
@ -19,7 +19,7 @@ Unexpire an inactivity-expired account
   Account to work on


-When the bastion is configued to expire accounts that haven't been seen in a while,
+When the bastion is configured to expire accounts that haven't been seen in a while,
 this command can be used to activate them back.


--- a/doc/sphinx/plugins/restricted/groupCreate.rst
+++ b/doc/sphinx/plugins/restricted/groupCreate.rst
@ -39,7 +39,7 @@ Create a new bastion group

 .. option:: --no-key

-   No egress keypair will be generated. In that case, omit ``--algo`` and ``--size``.
+   No egress key pair will be generated. In that case, omit ``--algo`` and ``--size``.

 Algorithms guideline
 ====================
--- a/doc/sphinx/plugins/restricted/realmInfo.rst
+++ b/doc/sphinx/plugins/restricted/realmInfo.rst
@ -2,7 +2,7 @@
 realmInfo
 ==========

-Display informations about a bastion realm
+Display information about a bastion realm
 ==========================================


--- a/doc/sphinx/using/basics.rst
+++ b/doc/sphinx/using/basics.rst
@ -27,7 +27,7 @@ For the remaining of this documentation, we'll assume your bastion alias is `bss

 You can do to categories of things on the bastion:

- Connect to infrastructures throught it
+- Connect to infrastructures through it
 - Interact with the bastion itself, for example to manage your account, and/or groups, through so-called *plugins*, also named *osh commands*

 Plugins
@ -156,7 +156,7 @@ Now that you have it, you can push this public key (the line starting with the *
   --------------------------------------------------------------------------------
   ~ Testing connection to root@198.51.100.42, please wait...
   Warning: Permanently added '198.51.100.42' (ECDSA) to the list of known hosts.
-   ~ Access to root@198.51.100.42:22 succesfully added
+   ~ Access to root@198.51.100.42:22 successfully added
   -----------------------------------------------------</selfAddPersonalAccess>---
   bssh(master)> 

--- a/docker/Dockerfile.centos7
+++ b/docker/Dockerfile.centos7
@ -7,7 +7,7 @@ COPY lib/shell                                               /opt/bastion/lib/sh
 RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
 RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.centos8
+++ b/docker/Dockerfile.centos8
@ -7,7 +7,7 @@ COPY lib/shell                                               /opt/bastion/lib/sh
 RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
 RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.debian10
+++ b/docker/Dockerfile.debian10
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.debian8
+++ b/docker/Dockerfile.debian8
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.debian9
+++ b/docker/Dockerfile.debian9
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.opensuse150
+++ b/docker/Dockerfile.opensuse150
@ -7,7 +7,7 @@ COPY lib/shell                                               /opt/bastion/lib/sh
 RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
 RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.opensuse151
+++ b/docker/Dockerfile.opensuse151
@ -7,7 +7,7 @@ COPY lib/shell                                               /opt/bastion/lib/sh
 RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
 RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.sandbox
+++ b/docker/Dockerfile.sandbox
@ -17,7 +17,7 @@ RUN \
    rm -rf /var/cache/apt && \
    # handle locales \
    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen && \
-    # disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log \
+    # disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf && \
    # accountUidMax & ttyrecGroupIdOffset change: fixes https://github.com/ovh/the-bastion/issues/24 \
    sed -i -re 's/^"accountUidMax":.+/"accountUidMax": 9999,/;s/^"ttyrecGroupIdOffset":.+/"ttyrecGroupIdOffset": 10000,/' /opt/bastion/etc/bastion/bastion.conf.dist && \
--- a/docker/Dockerfile.ubuntu1404
+++ b/docker/Dockerfile.ubuntu1404
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.ubuntu1604
+++ b/docker/Dockerfile.ubuntu1604
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.ubuntu1804
+++ b/docker/Dockerfile.ubuntu1804
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/docker/Dockerfile.ubuntu2004
+++ b/docker/Dockerfile.ubuntu2004
@ -10,7 +10,7 @@ RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-d"]
 # handle locales
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen

-# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log
+# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
 RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

--- a/etc/bastion/bastion.conf.dist
+++ b/etc/bastion/bastion.conf.dist
@ -30,13 +30,13 @@
 "defaultLogin": "",
 #
 # adminAccounts (list of accounts names), deprecated alias: adminLogins
-#     DESC: The list of accounts that are Admins of the bastion. Admins can't be deleted or have their ingress keys resetted by non-admins. They also gain access to special dangerous/sensitive --osh commands. Note that an admin is also always considered as a Super Owner, which means they can override allchecks of group administrative commands. Don't forget to add them to the osh-admin group too, or they won't really be considered as admins (additional security measure). Tule of thumb: only add here people that have root@localhost access to the bastion
+#     DESC: The list of accounts that are Admins of the bastion. Admins can't be deleted or have their ingress keys reset by non-admins. They also gain access to special dangerous/sensitive --osh commands. Note that an admin is also always considered as a Super Owner, which means they can override allchecks of group administrative commands. Don't forget to add them to the osh-admin group too, or they won't really be considered as admins (additional security measure). Tule of thumb: only add here people that have root@localhost access to the bastion
 #  DEFAULT: []
 "adminAccounts": [],
 #
 # superOwnerAccounts (list of account names)
 #    VALUE: list of accounts that are considered as super group owners
-#     DESC: The list of accounts that are considered as "Super Group Owners". They can run all group administrative commands, exactly as if they were owners of all the groups. Super Owners are only here as a last resort when the owners/gatekeepers/aclkeepers of a group are not available. Every command run by a Super Owner that would have failed if the account was not a Super Owner is logged explicitely as "Super Owner Override". You can see it as a "sudo" for group management. Don't add here accounts that are bastion Admins, they already inherit the Super Owner role.
+#     DESC: The list of accounts that are considered as "Super Group Owners". They can run all group administrative commands, exactly as if they were owners of all the groups. Super Owners are only here as a last resort when the owners/gatekeepers/aclkeepers of a group are not available. Every command run by a Super Owner that would have failed if the account was not a Super Owner is logged explicitly as "Super Owner Override". You can see it as a "sudo" for group management. Don't add here accounts that are bastion Admins, they already inherit the Super Owner role.
 #  DEFAULT: []
 "superOwnerAccounts": [],
 #
@ -51,7 +51,7 @@
 "forbiddenNetworks": [],
 #
 # ingressToEgressRules (array of arrays of rules, a rule being a 3-uple of {array, array, string})
-#     DESC: Fine-grained rules (a la netfilter) to apply global restrictions to possible egress destinations given ingress IPs. Rules here are enforced at all times and can NOT be overriden by users or admins.
+#     DESC: Fine-grained rules (a la netfilter) to apply global restrictions to possible egress destinations given ingress IPs. Rules here are enforced at all times and can NOT be overridden by users or admins.
 #  DEFAULT: [], which means no restriction
 #  DETAILS: A rule is a 3-uple of {array of ingress networks, array of egress networks, policy to apply}.
 #           Each rule will be processed IN ORDER. The first rule to match will be applied and no other rule will be checked.
@ -70,7 +70,7 @@
 #                but not any other machine from the wider 192.168.0.0/16 network (rule #3). It can however
 #                access any other machine outside of this block (implicit allow catch-all rule, as there is
 #                no corresponding DENY rule, and rule #2 is ALLOW and not ALLOW-EXCLUSIVE)
-#          - The 192.168.0.0/16 network (except 192.168.42.0/16) can accesss any machine except one from its own network (rule #3)
+#          - The 192.168.0.0/16 network (except 192.168.42.0/16) can access any machine except one from its own network (rule #3)
 #          - All the other networks can access any other network (including egress 10.20.0.0/16 or egress 192.168.0.0/16)
 #          In any case, all the personal and group accesses still apply in addition to these global rules
 "ingressToEgressRules": [],
@ -113,7 +113,7 @@
 "accountExternalValidationProgram": "",
 #
 # accountExternalValidationDenyOnFailure (boolean-int, aka 0 or 1)
-#    DESC: If we can't validate an account using the above configured program, for example because the path doesn't exist, the file is not executable, or because the program returns the exit code 4 (see above for more informaton), this configuration option indicates whether we should deny or allow access. Note that the bastion admins will always be allowed if the accountExternalValidationProgram doesn't work correctly, because they're expected to be able to fix it. They would be denied, as any other account, if accountExternalValidationProgram works correctly and denies them access, however. If you're still testing your account validation procedure, and don't want to break your users workflow while you're not 100% sure it works correctly, you can say 0 ("false") here, and return 4 instead of 1 in your accountExternalValidationProgram when you would want to deny access.
+#    DESC: If we can't validate an account using the above configured program, for example because the path doesn't exist, the file is not executable, or because the program returns the exit code 4 (see above for more information), this configuration option indicates whether we should deny or allow access. Note that the bastion admins will always be allowed if the accountExternalValidationProgram doesn't work correctly, because they're expected to be able to fix it. They would be denied, as any other account, if accountExternalValidationProgram works correctly and denies them access, however. If you're still testing your account validation procedure, and don't want to break your users workflow while you're not 100% sure it works correctly, you can say 0 ("false") here, and return 4 instead of 1 in your accountExternalValidationProgram when you would want to deny access.
 # DEFAULT: 1
 "accountExternalValidationDenyOnFailure": 1,
 #
@ -238,7 +238,7 @@
 "MFAPostCommand": [],
 #
 # remoteCommandEscapeByDefault (boolean-int, i.e. 0 or 1)
-#     DESC: If set to 0, will not escape simple quotes in remote commands by default. Leave it to 0 if possible. Will escape simple quotes otherwise (legacy "broken" behavior). Can be overriden at runtime with --never-escape and --always-escape
+#     DESC: If set to 0, will not escape simple quotes in remote commands by default. Leave it to 0 if possible. Will escape simple quotes otherwise (legacy "broken" behavior). Can be overridden at runtime with --never-escape and --always-escape
 #  DEFAULT: 0
 "remoteCommandEscapeByDefault": 0,
 #
--- a/etc/ssh/ssh_config.centos7
+++ b/etc/ssh/ssh_config.centos7
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.centos8
+++ b/etc/ssh/ssh_config.centos8
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.debian10
+++ b/etc/ssh/ssh_config.debian10
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.debian7
+++ b/etc/ssh/ssh_config.debian7
@ -75,10 +75,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.debian8
+++ b/etc/ssh/ssh_config.debian8
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.debian9
+++ b/etc/ssh/ssh_config.debian9
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/ssh_config.default
+++ b/etc/ssh/ssh_config.default
@ -76,10 +76,10 @@ HostbasedAuthentication no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey

 # === LOGIN ###
--- a/etc/ssh/ssh_config.opensuse15
+++ b/etc/ssh/ssh_config.opensuse15
@ -80,10 +80,10 @@ GSSAPIDelegateCredentials no
 # NOTE1: as per the ssh source code, an auth method omitted hereafter
 # will not be used, even if set to "yes" above.
 # NOTE2: the bastion code (namely, ttyrec), will always set the proper
-# value explicitely on command-line (pubkey OR sshpass), so the value
+# value explicitly on command-line (pubkey OR sshpass), so the value
 # specified hereafter will be ignored. if you want to force-disable
 # a method, set it to "no" in the list above, as those will never be
-# overriden by the code.
+# overridden by the code.
 PreferredAuthentications publickey,keyboard-interactive

 # === LOGIN ###
--- a/etc/ssh/sshd_config.centos7
+++ b/etc/ssh/sshd_config.centos7
@ -84,7 +84,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.centos8
+++ b/etc/ssh/sshd_config.centos8
@ -84,7 +84,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.debian10
+++ b/etc/ssh/sshd_config.debian10
@ -88,7 +88,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.debian7
+++ b/etc/ssh/sshd_config.debian7
@ -76,7 +76,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.debian8
+++ b/etc/ssh/sshd_config.debian8
@ -88,7 +88,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.debian9
+++ b/etc/ssh/sshd_config.debian9
@ -88,7 +88,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/etc/ssh/sshd_config.default
+++ b/etc/ssh/sshd_config.default
@ -79,7 +79,7 @@ ChallengeResponseAuthentication no
 # ... not host-based
 HostbasedAuthentication no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # root login is allowed only with public keys, not passwords
--- a/etc/ssh/sshd_config.opensuse15
+++ b/etc/ssh/sshd_config.opensuse15
@ -84,7 +84,7 @@ HostbasedAuthentication no
 GSSAPIAuthentication no
 GSSAPIKeyExchange no

-# just in case, we also explicitely deny empty passwords
+# just in case, we also explicitly deny empty passwords
 PermitEmptyPasswords no

 # this needs to be set at "yes" to allow PAM keyboard-interactive authentication,
--- a/lib/perl/OVH/Bastion.pm
+++ b/lib/perl/OVH/Bastion.pm
@ -26,7 +26,7 @@ BEGIN {
        my $criticity = ($type eq 'die' ? 'err' : 'warning');

        # Net::Server can be noisy if the client fails to establish the SSL connection,
-        # transform thoses die into info to avoid triggering SIEM alerts
+        # transform those die into info to avoid triggering SIEM alerts
        $criticity = 'info' if (defined $msg and $msg =~ m{^Could not finalize SSL connection with client handle});

        require Carp;
@ -156,7 +156,7 @@ sub AUTOLOAD {    ## no critic (AutoLoading)
    die "AUTOLOAD FAILED: $AUTOLOAD";
 }

-# checks wether an account is expired (inactivity) if that's configured on this bastion
+# checks whether an account is expired (inactivity) if that's configured on this bastion
 sub is_account_nonexpired {
    my %params        = @_;
    my $sysaccount    = $params{'sysaccount'};
@ -499,7 +499,7 @@ sub is_valid_ip {
    my %params        = @_;
    my $ip            = $params{'ip'};
    my $allowPrefixes = $params{'allowPrefixes'};    # if not, a /24 or /32 notation is rejected
-    my $fast          = $params{'fast'};             # fast mode: avoid instanciating Net::IP... except if ipv6
+    my $fast          = $params{'fast'};             # fast mode: avoid instantiating Net::IP... except if ipv6

    if ($fast and $ip !~ m{:}) {

--- a/lib/perl/OVH/Bastion/Plugin/generatePassword.pm
+++ b/lib/perl/OVH/Bastion/Plugin/generatePassword.pm
@ -146,19 +146,19 @@ sub act {
            if (-e "$base.$n") {
                osh_debug "renaming $base.$n to $base.$next";
                if (!rename "$base.$n", "$base.$next") {
-                    HEXIT('ERR_INTERNAL', msg => "Coudn't rename '$base.$n' to '$base.$next' ($!)");
+                    HEXIT('ERR_INTERNAL', msg => "Couldn't rename '$base.$n' to '$base.$next' ($!)");
                }
                if (-e "$base.$n.metadata" && !rename "$base.$n.metadata", "$base.$next.metadata") {
-                    HEXIT('ERR_INTERNAL', msg => "Coudn't rename '$base.$n.metadata' to '$base.$next.metadata' ($!)");
+                    HEXIT('ERR_INTERNAL', msg => "Couldn't rename '$base.$n.metadata' to '$base.$next.metadata' ($!)");
                }
            }
        }
        osh_debug "renaming $base to $base.1";
        if (!rename "$base", "$base.1") {
-            HEXIT('ERR_INTERNAL', msg => "Coudn't rename '$base' to '$base.1' ($!)");
+            HEXIT('ERR_INTERNAL', msg => "Couldn't rename '$base' to '$base.1' ($!)");
        }
        if (-e "$base.metadata" && !rename "$base.metadata", "$base.1.metadata") {
-            HEXIT('ERR_INTERNAL', msg => "Coudn't rename '$base.metadata' to '$base.1.metadata' ($!)");
+            HEXIT('ERR_INTERNAL', msg => "Couldn't rename '$base.metadata' to '$base.1.metadata' ($!)");
        }
    }
    if (open(my $fdout, '>', $base)) {
--- a/lib/perl/OVH/Bastion/allowdeny.inc
+++ b/lib/perl/OVH/Bastion/allowdeny.inc
@ -68,9 +68,9 @@ sub get_group_keys {
 sub is_access_way_granted {
    my %params = @_;

-    my $exactIpMatch   = $params{'exactIpMatch'};      # $ip must be explicitely allowed (not given through a wider slash or a 0.0.0.0/0 in grantfile)
-    my $exactPortMatch = $params{'exactPortMatch'};    # $port must be explicitely allowed (port wildcards in grantfile will be ignored)
-    my $exactUserMatch = $params{'exactUserMatch'};    # $user must be explicitely allowed (user wildcards in grantfile will be ignored)
+    my $exactIpMatch   = $params{'exactIpMatch'};      # $ip must be explicitly allowed (not given through a wider slash or a 0.0.0.0/0 in grantfile)
+    my $exactPortMatch = $params{'exactPortMatch'};    # $port must be explicitly allowed (port wildcards in grantfile will be ignored)
+    my $exactUserMatch = $params{'exactUserMatch'};    # $user must be explicitly allowed (user wildcards in grantfile will be ignored)
    my $exactMatch     = $params{'exactMatch'};        # sets exactIpMatch exactPortMatch and exactUserMatch

    my $ignoreUser = $params{'ignoreUser'};            # ignore remote user COMPLETELY (plop@, or root@, or <nil>@ will all match)
@ -332,7 +332,7 @@ sub ip2host {
    return R('OK', value => $host);
 }

-# Return an array containings the groups for which user is a member of
+# Return an array containing the groups for which user is a member of
 my %_cache_get_user_groups;

 sub get_user_groups {
--- a/lib/perl/OVH/Bastion/configuration.inc
+++ b/lib/perl/OVH/Bastion/configuration.inc
@ -504,7 +504,7 @@ sub json_load {

    #   Clean file content

-    # Remove bloc comment
+    # Remove block comment
    $rawConf =~ s/\/\*\*.+?\*\///sgm;

    # Add {} if needed
--- a/tests/functional/launch_tests_on_instance.sh
+++ b/tests/functional/launch_tests_on_instance.sh
@ -164,7 +164,7 @@ run()
        printf "%b%b%b\\n" "$WHITE_ON_BLUE" "[INFO] returned json follows" "$NOC"
        grep "^JSON_OUTPUT=" -- $outdir/$basename.log | cut -d= -f2- | $jq .
        if [ "$nocc" != 1 ]; then
-            printf "%b%b%b\\n" "$WHITE_ON_BLUE" "[INFO] consistency check folows" "$NOC"
+            printf "%b%b%b\\n" "$WHITE_ON_BLUE" "[INFO] consistency check follows" "$NOC"
            cat "$outdir/$basename.cc"
        fi
        if test -t 0 && [ "$nowait" != 1 ]; then